;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 1FAD8069B972EC97BA1C67ADAC74C758
; File Name : u:\work\1fad8069b972ec97ba1c67adac74c758_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000648A ( 25738.)
; Section size in file : 00006600 ( 26112.)
; Offset to raw data for section: 00000400
; Flags 60000020: Text Executable Readable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401000(HWND hWnd,UINT hDC,WPARAM wParam,LPARAM ho)
sub_401000 proc near ; DATA XREF: sub_405A5A+12B�o
Paint = tagPAINTSTRUCT ptr -5Ch
rc = tagRECT ptr -1Ch
plbrush = LOGBRUSH ptr -0Ch
hWnd = dword ptr 8
hDC = dword ptr 0Ch
wParam = dword ptr 10h
ho = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 5Ch
cmp [ebp+hDC], 0Fh
jz short loc_401037
cmp [ebp+hDC], 46h
mov eax, [ebp+ho]
jnz short loc_401022
or dword ptr [eax+18h], 10h
mov ecx, dword_4263E0
mov [eax+4], ecx
loc_401022: ; CODE XREF: sub_401000+13�j
push eax ; lParam
push [ebp+wParam] ; wParam
push [ebp+hDC] ; Msg
push [ebp+hWnd] ; hWnd
call ds:DefWindowProcA ; DefWindowProcA
jmp locret_401179
; ---------------------------------------------------------------------------
loc_401037: ; CODE XREF: sub_401000+A�j
push ebx
push esi
mov esi, dword_4263E8
push edi
lea eax, [ebp+Paint]
push eax ; lpPaint
push [ebp+hWnd] ; hWnd
call ds:BeginPaint ; BeginPaint
and [ebp+plbrush.lbStyle], 0
mov [ebp+hDC], eax
lea eax, [ebp+rc]
push eax ; lpRect
push [ebp+hWnd] ; hWnd
call ds:GetClientRect ; GetClientRect
mov edi, [ebp+rc.bottom]
and [ebp+rc.bottom], 0
mov ebx, ds:DeleteObject
jmp loc_4010F3
; ---------------------------------------------------------------------------
loc_401073: ; CODE XREF: sub_401000+F6�j
movzx eax, byte ptr [esi+52h]
movzx edx, byte ptr [esi+56h]
imul edx, [ebp+rc.top]
mov ecx, edi
sub ecx, [ebp+rc.top]
imul eax, ecx
add eax, edx
cdq
idiv edi
xor edx, edx
mov [ebp+wParam], ecx
mov dh, al
movzx eax, byte ptr [esi+51h]
imul eax, ecx
movzx ecx, byte ptr [esi+55h]
imul ecx, [ebp+rc.top]
add eax, ecx
mov ecx, edx
cdq
idiv edi
movzx edx, byte ptr [esi+54h]
imul edx, [ebp+rc.top]
mov cl, al
movzx eax, byte ptr [esi+50h]
imul eax, [ebp+wParam]
add eax, edx
cdq
idiv edi
shl ecx, 8
movzx eax, al
or ecx, eax
lea eax, [ebp+plbrush]
push eax ; plbrush
mov [ebp+plbrush.lbColor], ecx
call ds:CreateBrushIndirect ; CreateBrushIndirect
add [ebp+rc.bottom], 4
push eax ; hbr
mov [ebp+ho], eax
lea eax, [ebp+rc]
push eax ; lprc
push [ebp+hDC] ; hDC
call ds:FillRect ; FillRect
push [ebp+ho] ; ho
call ebx ; DeleteObject
add [ebp+rc.top], 4
loc_4010F3: ; CODE XREF: sub_401000+6E�j
cmp [ebp+rc.top], edi
jl loc_401073
cmp dword ptr [esi+58h], 0FFFFFFFFh
jz short loc_401167
push dword ptr [esi+34h] ; lplf
call ds:CreateFontIndirectA ; CreateFontIndirectA
test eax, eax
mov [ebp+ho], eax
jz short loc_401167
mov edi, [ebp+hDC]
push 1 ; mode
push edi ; hdc
mov [ebp+rc.left], 10h
mov [ebp+rc.top], 8
call ds:SetBkMode ; SetBkMode
push dword ptr [esi+58h] ; color
push edi ; hdc
call ds:SetTextColor ; SetTextColor
push [ebp+ho] ; h
mov esi, ds:SelectObject
push edi ; hdc
call esi ; SelectObject
push 820h ; format
mov [ebp+hDC], eax
lea eax, [ebp+rc]
push eax ; lprc
push 0FFFFFFFFh ; cchText
push offset Caption ; lpchText
push edi ; hdc
call ds:DrawTextA ; DrawTextA
push [ebp+hDC] ; h
push edi ; hdc
call esi ; SelectObject
push [ebp+ho] ; ho
call ebx ; DeleteObject
loc_401167: ; CODE XREF: sub_401000+100�j
; sub_401000+110�j
lea eax, [ebp+Paint]
push eax ; lpPaint
push [ebp+hWnd] ; hWnd
call ds:EndPaint ; EndPaint
pop edi
pop esi
xor eax, eax
pop ebx
locret_401179: ; CODE XREF: sub_401000+32�j
leave
retn 10h
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_40117D proc near ; CODE XREF: sub_401610+1B1D�p
; sub_404A94+33D�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_426408
mov edx, ecx
imul edx, 418h
mov edx, [edx+eax+8]
test dl, 2
jz short locret_4011EC
push esi
push edi
lea esi, [ecx+1]
xor edi, edi
cmp esi, dword_42640C
jnb short loc_4011EA
mov ecx, esi
imul ecx, 418h
lea eax, [ecx+eax+8]
push ebx
loc_4011B3: ; CODE XREF: sub_40117D+6A�j
mov ecx, [eax]
test cl, 2
jz short loc_4011BD
inc edi
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011BD: ; CODE XREF: sub_40117D+3B�j
test cl, 4
jz short loc_4011CB
mov ecx, edi
dec edi
test ecx, ecx
jz short loc_4011E9
jmp short loc_4011DB
; ---------------------------------------------------------------------------
loc_4011CB: ; CODE XREF: sub_40117D+43�j
test cl, 10h
jnz short loc_4011DB
mov ebx, ecx
xor ebx, edx
and ebx, 1
xor ebx, ecx
mov [eax], ebx
loc_4011DB: ; CODE XREF: sub_40117D+3E�j
; sub_40117D+4C�j ...
inc esi
add eax, 418h
cmp esi, dword_42640C
jb short loc_4011B3
loc_4011E9: ; CODE XREF: sub_40117D+4A�j
pop ebx
loc_4011EA: ; CODE XREF: sub_40117D+27�j
pop edi
pop esi
locret_4011EC: ; CODE XREF: sub_40117D+18�j
retn 4
sub_40117D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4011EF proc near ; CODE XREF: sub_4011EF+57�p
; sub_40129E+4�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push ebx
push esi
mov esi, edx
imul esi, 418h
push edi
mov edi, dword_426408
mov eax, [esi+edi+8]
xor ecx, ecx
test al, 2
mov [ebp+var_4], ecx
mov [ebp+var_8], ecx
jz short loc_401225
cmp [ebp+arg_4], ecx
jnz short loc_401225
and eax, 0FFFFFFBEh
mov [esi+edi+8], eax
inc edx
loc_401225: ; CODE XREF: sub_4011EF+27�j
; sub_4011EF+2C�j
cmp edx, dword_42640C
jnb short loc_401271
loc_40122D: ; CODE XREF: sub_4011EF+80�j
mov eax, edx
imul eax, 418h
lea ebx, [eax+edi+8]
mov ecx, [ebx]
test cl, 2
lea eax, [edx+1]
jz short loc_40124D
push 0
push edx
call sub_4011EF
mov ecx, [ebx]
loc_40124D: ; CODE XREF: sub_4011EF+52�j
test cl, 4
jnz short loc_40127A
test cl, 40h
jz short loc_40125A
inc [ebp+var_4]
loc_40125A: ; CODE XREF: sub_4011EF+66�j
test cl, 1
jz short loc_401264
inc [ebp+var_4]
jmp short loc_401267
; ---------------------------------------------------------------------------
loc_401264: ; CODE XREF: sub_4011EF+6E�j
inc [ebp+var_8]
loc_401267: ; CODE XREF: sub_4011EF+73�j
cmp eax, dword_42640C
mov edx, eax
jb short loc_40122D
loc_401271: ; CODE XREF: sub_4011EF+3C�j
xor eax, eax
loc_401273: ; CODE XREF: sub_4011EF+8F�j
; sub_4011EF+9E�j ...
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_40127A: ; CODE XREF: sub_4011EF+61�j
cmp [ebp+var_4], 0
jz short loc_401273
cmp [ebp+var_8], 0
lea ecx, [esi+edi+8]
jz short loc_40128F
or dword ptr [ecx], 40h
jmp short loc_401273
; ---------------------------------------------------------------------------
loc_40128F: ; CODE XREF: sub_4011EF+99�j
mov edx, [ecx]
and edx, 0FFFFFF7Fh
or edx, 1
mov [ecx], edx
jmp short loc_401273
sub_4011EF endp
; =============== S U B R O U T I N E =======================================
sub_40129E proc near ; CODE XREF: sub_401610+1B49�p
; sub_404A94+478�p ...
push 1
push 0
call sub_4011EF
retn
sub_40129E endp
; =============== S U B R O U T I N E =======================================
sub_4012A8 proc near ; CODE XREF: sub_401610+1B44�p
; sub_404A94+3F9�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov eax, dword_426408
push esi
xor esi, esi
cmp ecx, 20h
jnb short loc_4012EF
cmp dword_42640C, esi
jbe short loc_4012EF
lea edx, [eax+8]
push edi
loc_4012C5: ; CODE XREF: sub_4012A8+44�j
mov eax, [edx]
test al, 6
jnz short loc_4012DF
xor edi, edi
inc edi
shl edi, cl
test [edx-4], edi
jz short loc_4012DA
or eax, 1
jmp short loc_4012DD
; ---------------------------------------------------------------------------
loc_4012DA: ; CODE XREF: sub_4012A8+2B�j
and eax, 0FFFFFFFEh
loc_4012DD: ; CODE XREF: sub_4012A8+30�j
mov [edx], eax
loc_4012DF: ; CODE XREF: sub_4012A8+21�j
inc esi
add edx, 418h
cmp esi, dword_42640C
jb short loc_4012C5
pop edi
loc_4012EF: ; CODE XREF: sub_4012A8+F�j
; sub_4012A8+17�j
pop esi
retn 4
sub_4012A8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012F3 proc near ; CODE XREF: sub_401610+1B51�p
; sub_404A94+494�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_4263E8
and [ebp+var_4], 0
push ebx
push esi
add eax, 94h
push edi
mov edi, dword_42640C
mov [ebp+var_8], eax
loc_401313: ; CODE XREF: sub_4012F3+7F�j
mov eax, [ebp+var_8]
xor ebx, ebx
cmp [eax], ebx
jz short loc_401367
cmp ebx, edi
jnb short loc_401365
mov esi, dword_426408
add esi, 8
loc_401329: ; CODE XREF: sub_4012F3+6E�j
mov edx, [esi]
test dl, 6
jnz short loc_401358
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_40133D
cmp dword ptr [eax+ebx*4], 0
jz short loc_401358
loc_40133D: ; CODE XREF: sub_4012F3+42�j
mov ecx, [ebp+var_4]
xor eax, eax
inc eax
shl eax, cl
mov ecx, [esi-4]
and edx, 1
and ecx, eax
mov eax, ecx
mov ecx, [ebp+var_4]
shl edx, cl
cmp eax, edx
jnz short loc_401363
loc_401358: ; CODE XREF: sub_4012F3+3B�j
; sub_4012F3+48�j
inc ebx
add esi, 418h
cmp ebx, edi
jb short loc_401329
loc_401363: ; CODE XREF: sub_4012F3+63�j
cmp ebx, edi
loc_401365: ; CODE XREF: sub_4012F3+2B�j
jz short loc_401374
loc_401367: ; CODE XREF: sub_4012F3+27�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 20h
jb short loc_401313
loc_401374: ; CODE XREF: sub_4012F3:loc_401365�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn 4
sub_4012F3 endp
; =============== S U B R O U T I N E =======================================
sub_40137E proc near ; CODE XREF: sub_403756+175�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp dword_40A084, 0
push esi
jnz short loc_4013B5
xor ecx, ecx
loc_40138A: ; CODE XREF: sub_40137E+35�j
push 8
mov eax, ecx
pop esi
loc_40138F: ; CODE XREF: sub_40137E+25�j
mov edx, eax
and dl, 1
neg dl
sbb edx, edx
and edx, 0EDB88320h
shr eax, 1
xor eax, edx
dec esi
jnz short loc_40138F
mov dword_40A080[ecx*4], eax
inc ecx
cmp ecx, 100h
jl short loc_40138A
loc_4013B5: ; CODE XREF: sub_40137E+8�j
mov esi, [esp+4+arg_8]
test esi, esi
mov eax, [esp+4+arg_0]
not eax
jbe short loc_4013E1
mov ecx, [esp+4+arg_4]
loc_4013C7: ; CODE XREF: sub_40137E+61�j
xor edx, edx
mov dl, [ecx]
xor edx, eax
and edx, 0FFh
shr eax, 8
xor eax, dword_40A080[edx*4]
inc ecx
dec esi
jnz short loc_4013C7
loc_4013E1: ; CODE XREF: sub_40137E+43�j
not eax
pop esi
retn 0Ch
sub_40137E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4013E7(int,HWND hWnd)
sub_4013E7 proc near ; CODE XREF: sub_4014C9+10�p
; sub_401610+E4�p ...
arg_0 = dword ptr 8
hWnd = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
test edi, edi
jl loc_4014B9
mov esi, [ebp+hWnd]
mov ebx, 400h
loc_401400: ; CODE XREF: sub_4013E7+CC�j
mov ecx, dword_426410
mov eax, edi
shl eax, 5
add eax, ecx
mov ecx, [eax]
cmp ecx, 1
jz loc_4014B9
test dword_426444, ebx
jz short loc_40142A
cmp ecx, 14h
jz short loc_40142A
cmp ecx, 3Eh
jnz short loc_40145D
loc_40142A: ; CODE XREF: sub_4013E7+37�j
; sub_4013E7+3C�j
push eax ; FilePart
call sub_401610
mov esi, eax
cmp esi, 7FFFFFFFh
jz loc_4014C2
test dword_426444, ebx
jnz short loc_40145D
test esi, esi
jge short loc_40145F
inc esi
shl esi, 0Ah
mov eax, offset dword_427000
sub eax, esi
push eax
call sub_405F74
mov esi, eax
loc_40145D: ; CODE XREF: sub_4013E7+41�j
; sub_4013E7+5D�j
test esi, esi
loc_40145F: ; CODE XREF: sub_4013E7+61�j
jz short loc_401472
test dword_426444, ebx
jnz short loc_401472
dec esi
mov eax, edi
mov edi, esi
sub esi, eax
jmp short loc_401474
; ---------------------------------------------------------------------------
loc_401472: ; CODE XREF: sub_4013E7:loc_40145F�j
; sub_4013E7+80�j
inc esi
inc edi
loc_401474: ; CODE XREF: sub_4013E7+89�j
cmp [ebp+hWnd], 0
jz short loc_4014B1
mov eax, dword_425BC4
add nNumber, esi
xor ecx, ecx
test eax, eax
setz cl
push 0 ; lParam
add ecx, eax
push ecx ; nDenominator
push 7530h ; nNumerator
push nNumber ; nNumber
call ds:MulDiv ; MulDiv
push eax ; wParam
push 402h ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
loc_4014B1: ; CODE XREF: sub_4013E7+91�j
test edi, edi
jge loc_401400
loc_4014B9: ; CODE XREF: sub_4013E7+B�j
; sub_4013E7+2B�j
xor eax, eax
loc_4014BB: ; CODE XREF: sub_4013E7+E0�j
pop edi
pop esi
pop ebx
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_4014C2: ; CODE XREF: sub_4013E7+51�j
mov eax, 7FFFFFFFh
jmp short loc_4014BB
sub_4013E7 endp
; =============== S U B R O U T I N E =======================================
sub_4014C9 proc near ; CODE XREF: start+485�p sub_4041F2+44�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, dword_4263E8
push 0 ; hWnd
push dword ptr [ecx+eax*4+6Ch] ; int
call sub_4013E7
retn 4
sub_4014C9 endp
; =============== S U B R O U T I N E =======================================
sub_4014E1 proc near ; CODE XREF: sub_401610+26B�p
; sub_401610+35E�p ...
arg_0 = dword ptr 4
push offset byte_40A888 ; lpString2
push [esp+4+arg_0] ; int
call sub_40509F
retn 4
sub_4014E1 endp
; =============== S U B R O U T I N E =======================================
sub_4014F2 proc near ; CODE XREF: sub_401610+13F�p
; sub_401610+183�p ...
mov eax, dword_40C0C4
push dword ptr [eax+ecx*4] ; lpString2
push 0 ; lpString1
call sub_4065B7
push eax
call sub_405F74
retn
sub_4014F2 endp
; =============== S U B R O U T I N E =======================================
sub_401508 proc near ; CODE XREF: sub_4015C7+2D�p
; sub_401610+79�p ...
test esi, esi
mov eax, esi
jge short loc_401510
neg eax
loc_401510: ; CODE XREF: sub_401508+4�j
mov edx, dword_40C0C4
mov ecx, eax
sar eax, 4
push edi
and ecx, 0Fh
push dword ptr [edx+ecx*4] ; lpString2
shl eax, 0Ah
add eax, offset Text
push eax ; lpString1
call sub_4065B7
test esi, esi
mov edi, eax
jge short loc_40153C
push edi ; lpszCurrent
call sub_406009
loc_40153C: ; CODE XREF: sub_401508+2C�j
mov eax, edi
pop edi
retn
sub_401508 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401540(HKEY hKey,LPCSTR lpSubKey,int)
sub_401540 proc near ; CODE XREF: sub_401540+42�p
; sub_401610+137C�p
SubKey = byte ptr -10Ch
phkResult = dword ptr -4
hKey = dword ptr 8
lpSubKey = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
lea eax, [ebp+phkResult]
push eax ; phkResult
push 8 ; samDesired
xor ebx, ebx
push ebx ; ulOptions
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
cmp eax, ebx
jnz short loc_4015B2
mov esi, ds:RegEnumKeyA
mov edi, 105h
jmp short loc_40158B
; ---------------------------------------------------------------------------
loc_401572: ; CODE XREF: sub_401540+5B�j
cmp [ebp+arg_8], ebx
jnz short loc_4015B9
push ebx ; int
lea eax, [ebp+SubKey]
push eax ; lpSubKey
push [ebp+phkResult] ; hKey
call sub_401540
test eax, eax
jnz short loc_40159D
loc_40158B: ; CODE XREF: sub_401540+30�j
push edi ; cchName
lea eax, [ebp+SubKey]
push eax ; lpName
push ebx ; dwIndex
push [ebp+phkResult] ; hKey
call esi ; RegEnumKeyA
test eax, eax
jz short loc_401572
loc_40159D: ; CODE XREF: sub_401540+49�j
push [ebp+phkResult] ; hKey
call ds:RegCloseKey ; RegCloseKey
push [ebp+lpSubKey] ; lpSubKey
push [ebp+hKey] ; hKey
call ds:RegDeleteKeyA ; RegDeleteKeyA
loc_4015B2: ; CODE XREF: sub_401540+23�j
; sub_401540+85�j
pop edi
pop esi
pop ebx
leave
retn 0Ch
; ---------------------------------------------------------------------------
loc_4015B9: ; CODE XREF: sub_401540+35�j
push [ebp+phkResult] ; hKey
call ds:RegCloseKey ; RegCloseKey
xor eax, eax
inc eax
jmp short loc_4015B2
sub_401540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4015C7(REGSAM phkResult)
sub_4015C7 proc near ; CODE XREF: sub_401610+1305�p
; sub_401610+14BC�p ...
phkResult = dword ptr 8
push ebp
mov ebp, esp
mov eax, dword_40C0C4
mov eax, [eax+4]
test eax, eax
push esi
push edi
jz short loc_4015DC
mov edi, eax
jmp short loc_4015E8
; ---------------------------------------------------------------------------
loc_4015DC: ; CODE XREF: sub_4015C7+F�j
mov edi, dword_426464
add edi, 80000001h
loc_4015E8: ; CODE XREF: sub_4015C7+13�j
lea eax, [ebp+phkResult]
push eax ; phkResult
push [ebp+phkResult] ; samDesired
push 0 ; ulOptions
push 22h
pop esi
call sub_401508
push eax ; lpSubKey
push edi ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
neg eax
sbb eax, eax
not eax
and eax, [ebp+phkResult]
pop edi
pop esi
pop ebp
retn 4
sub_4015C7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_401610(LPCSTR FilePart)
sub_401610 proc near ; CODE XREF: sub_4013E7+44�p
FindFileData = _WIN32_FIND_DATAA ptr -1A4h
NumberOfBytesWritten= dword ptr -64h
FileOp = MSG ptr -60h
lpAppName = dword ptr -40h
var_3C = dword ptr -3Ch
arglist = dword ptr -38h
dwFileAttributes= dword ptr -34h
dwBytes = dword ptr -30h
nShowCmd = FILETIME ptr -2Ch
var_24 = dword ptr -24h
Buffer = byte ptr -19h
pBlock = dword ptr -18h
puLen = dword ptr -14h
lpString2 = dword ptr -10h
hWndParent = dword ptr -0Ch
dwResult = dword ptr -8
var_4 = dword ptr -4
FilePart = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov eax, dword_4263E0
and [ebp+hWndParent], 0
and [ebp+var_4], 0
push ebx
push esi
mov esi, [ebp+FilePart]
push edi
push 8
pop ecx
lea edi, [ebp+var_3C]
rep movsd
mov edx, [ebp+dwFileAttributes]
mov esi, [ebp+arglist]
lea ecx, [ebp+arglist]
mov dword_40C0C4, ecx
mov ecx, [ebp+var_3C]
mov [ebp+lpString2], eax
mov ebx, edx
shl ebx, 0Ah
mov eax, esi
shl eax, 0Ah
add ecx, 0FFFFFFFEh
add ebx, offset dword_427000
cmp ecx, 42h ; switch 67 cases
lea edi, dword_427000[eax]
ja loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jmp ds:off_4031E4[ecx*4] ; switch jump
loc_401672: ; DATA XREF: .text:off_4031E4�o
push esi ; jumptable 0040166B case 0
push offset aJumpD ; "Jump: %d"
call sub_40614C
mov eax, [ebp+arglist]
pop ecx
pop ecx
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401687: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 1
call sub_401508
push eax ; arglist
push offset aAbortingS ; "Aborting: \"%s\""
call sub_40614C
pop ecx
pop ecx
push esi ; lpString2
push [ebp+arglist] ; int
loc_40169F: ; CODE XREF: sub_401610+63C�j
call sub_40509F
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_4016A9: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
inc dword_425BB4 ; jumptable 0040166B case 2
cmp [ebp+lpString2], 0
jz loc_402E4D
push 0 ; nExitCode
call ds:PostQuitMessage ; PostQuitMessage
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_4016C6: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
test esi, esi ; jumptable 0040166B case 3
jge short loc_4016DF
mov ecx, offset dword_427000
sub ecx, eax
sub ecx, 400h
push ecx
call sub_405F74
jmp short loc_4016E1
; ---------------------------------------------------------------------------
loc_4016DF: ; CODE XREF: sub_401610+B8�j
mov eax, esi
loc_4016E1: ; CODE XREF: sub_401610+CD�j
lea esi, [eax-1]
push esi ; arglist
push offset aCallD ; "Call: %d"
call sub_40614C
pop ecx
pop ecx
push 0 ; hWnd
push esi ; int
call sub_4013E7
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_4016FE: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
test edx, edx ; jumptable 0040166B case 4
jz short loc_40172B
test dl, 8
jz short loc_401716
mov eax, dword_40A008
mov dword_40A040, eax
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401716: ; CODE XREF: sub_401610+F5�j
mov eax, dword_40A040
mov dword_40A008, eax
mov dword_40A040, edx
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40172B: ; CODE XREF: sub_401610+F0�j
xor esi, esi
call sub_401508
push eax ; arglist
push offset aDetailprintS ; "detailprint: %s"
call sub_40614C
pop ecx
pop ecx
push esi ; lpString2
push [ebp+arglist] ; int
call sub_40509F
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40174D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 5
call sub_4014F2
mov esi, eax
push esi ; arglist
push offset aSleepD ; "Sleep(%d)"
call sub_40614C
cmp esi, 1
pop ecx
pop ecx
jg short loc_40176B
xor esi, esi
inc esi
loc_40176B: ; CODE XREF: sub_401610+156�j
push esi ; dwMilliseconds
call ds:Sleep ; Sleep
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401777: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push offset aBringtofront ; jumptable 0040166B case 6
call sub_40614C
pop ecx
push [ebp+lpString2] ; hWnd
call ds:SetForegroundWindow ; SetForegroundWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401790: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 11
inc ecx
call sub_4014F2
mov ecx, [ebp+arglist]
mov dword_426460[ecx*4], eax
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4017A7: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov ecx, [ebp+dwBytes] ; jumptable 0040166B case 12
mov edx, [ebp+nShowCmd.dwLowDateTime]
xor eax, eax
lea ecx, ds:426460h[ecx*4]
cmp [ecx], eax
setz al
and [ecx], edx
mov eax, [ebp+eax*4+arglist]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_4017C6: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push dword_426460[edx*4] ; jumptable 0040166B case 13
loc_4017CD: ; CODE XREF: sub_401610+7AE�j
; sub_401610+958�j ...
push edi
jmp loc_403168
; ---------------------------------------------------------------------------
loc_4017D3: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, hWnd ; jumptable 0040166B case 7
test eax, eax
mov edi, ds:ShowWindow
jz short loc_4017E9
push edx ; nCmdShow
push eax ; hWnd
call edi ; ShowWindow
mov esi, [ebp+arglist]
loc_4017E9: ; CODE XREF: sub_401610+1D0�j
mov eax, dword_425BAC
test eax, eax
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push esi ; nCmdShow
push eax ; hWnd
call edi ; ShowWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4017FF: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 8
pop esi
call sub_401508
push [ebp+dwFileAttributes]
mov esi, eax
push esi ; arglist
push offset aSetfileattribu ; "SetFileAttributes: \"%s\":%08X"
call sub_40614C
add esp, 0Ch
push [ebp+dwFileAttributes] ; dwFileAttributes
push esi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
test eax, eax
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push offset aSetfileattri_0 ; "SetFileAttributes failed."
mov [ebp+var_4], 1
call sub_40614C
jmp loc_4030AB
; ---------------------------------------------------------------------------
loc_401842: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 9
pop esi
call sub_401508
push [ebp+dwFileAttributes]
mov esi, eax
push esi ; arglist
push offset aCreatedirector ; "CreateDirectory: \"%s\" (%d)"
call sub_40614C
add esp, 0Ch
cmp byte ptr [esi], 0
jz short loc_401873
push esi ; lpFileName
call sub_406301
test eax, eax
jnz short loc_401873
mov [ebp+var_4], 1
loc_401873: ; CODE XREF: sub_401610+250�j
; sub_401610+25A�j
cmp [ebp+dwFileAttributes], 0
jz short loc_401897
push 0FFFFFFE6h
call sub_4014E1
push esi ; lpString2
push offset CurrentDirectory ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpPathName
call ds:SetCurrentDirectoryA ; SetCurrentDirectoryA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401897: ; CODE XREF: sub_401610+267�j
push 0FFFFFFF5h
jmp loc_40277C
; ---------------------------------------------------------------------------
loc_40189E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 10
call sub_401508
mov esi, eax
push esi ; lpFileName
call sub_406168
test eax, eax
jz short loc_4018C7
push [ebp+dwFileAttributes]
push esi ; arglist
push offset aIffileexistsFi ; "IfFileExists: file \"%s\" exists, jumping"...
call sub_40614C
add esp, 0Ch
jmp loc_402124
; ---------------------------------------------------------------------------
loc_4018C7: ; CODE XREF: sub_401610+29F�j
push [ebp+dwBytes]
push esi ; arglist
push offset aIffileexists_0 ; "IfFileExists: file \"%s\" does not exist,"...
call sub_40614C
add esp, 0Ch
loc_4018D8: ; CODE XREF: sub_401610+857�j
; sub_401610+8AF�j ...
mov eax, [ebp+dwBytes]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_4018E0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFD0h ; jumptable 0040166B case 14
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+FilePart], eax
call sub_401508
push [ebp+FilePart] ; lpString2
mov ebx, offset byte_40A888
push ebx ; lpString1
mov edi, eax
call lstrcpyA ; lstrcpyA
push edi ; lpString
call lstrlenA ; lstrlenA
push [ebp+FilePart] ; lpString
mov esi, eax
call lstrlenA ; lstrlenA
add esi, eax
cmp esi, 3FDh
jge short loc_40192F
mov esi, ds:lstrcatA
push offset String2 ; "->"
push ebx ; lpString1
call esi ; lstrcatA
push edi ; lpString2
push ebx ; lpString1
call esi ; lstrcatA
loc_40192F: ; CODE XREF: sub_401610+30B�j
push ebx ; arglist
push offset aRenameS ; "Rename: %s"
call sub_40614C
pop ecx
pop ecx
push edi ; lpNewFileName
push [ebp+FilePart] ; lpExistingFileName
call ds:MoveFileA ; MoveFileA
test eax, eax
jz short loc_401951
push 0FFFFFFE3h
jmp loc_40277C
; ---------------------------------------------------------------------------
loc_401951: ; CODE XREF: sub_401610+338�j
cmp [ebp+dwBytes], 0
jz short loc_40197E
push [ebp+FilePart] ; lpFileName
call sub_406168
test eax, eax
jz short loc_40197E
push edi ; hObject
push [ebp+FilePart] ; int
call sub_406357
push 0FFFFFFE4h
call sub_4014E1
push ebx
push offset aRenameOnReboot ; "Rename on reboot: %s"
jmp loc_4030A5
; ---------------------------------------------------------------------------
loc_40197E: ; CODE XREF: sub_401610+345�j
; sub_401610+351�j
push ebx
mov [ebp+var_4], 1
push offset aRenameFailedS ; "Rename failed: %s"
jmp loc_4030A5
; ---------------------------------------------------------------------------
loc_401990: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 15
call sub_401508
mov esi, eax
lea eax, [ebp+FilePart]
push eax ; lpFilePart
push ebx ; lpBuffer
mov edi, 400h
push edi ; nBufferLength
push esi ; lpFileName
call ds:GetFullPathNameA ; GetFullPathNameA
test eax, eax
jz short loc_4019D3
mov eax, [ebp+FilePart]
cmp eax, esi
jbe short loc_4019DD
cmp byte ptr [eax], 0
jz short loc_4019DD
push esi ; lpFileName
call sub_406168
test eax, eax
jz short loc_4019D3
add eax, 2Ch
push eax ; lpString2
push [ebp+FilePart] ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_4019DD
; ---------------------------------------------------------------------------
loc_4019D3: ; CODE XREF: sub_401610+39D�j
; sub_401610+3B3�j
mov [ebp+var_4], 1
mov byte ptr [ebx], 0
loc_4019DD: ; CODE XREF: sub_401610+3A4�j
; sub_401610+3A9�j ...
cmp [ebp+dwBytes], 0
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi ; cchBuffer
push ebx ; lpszShortPath
push ebx ; lpszLongPath
call ds:GetShortPathNameA ; GetShortPathNameA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4019F5: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
or esi, 0FFFFFFFFh ; jumptable 0040166B case 16
call sub_401508
lea ecx, [ebp+FilePart]
push ecx ; lpFilePart
push edi ; lpBuffer
push 400h ; nBufferLength
push 0 ; lpExtension
push eax ; lpFileName
push 0 ; lpPath
call ds:SearchPathA ; SearchPathA
test eax, eax
loc_401A14: ; CODE XREF: sub_401610+12F8�j
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401A1A: ; CODE XREF: sub_401610+172A�j
; sub_401610+1746�j
mov [ebp+var_4], 1
mov byte ptr [edi], 0
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401A29: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFEFh ; jumptable 0040166B case 17
pop esi
call sub_401508
push eax ; lpPathName
push edi ; lpTempFileName
call sub_405EA9
loc_401A38: ; CODE XREF: sub_401610+12B5�j
; sub_401610+1615�j
test eax, eax
loc_401A3A: ; CODE XREF: sub_401610+16D4�j
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401A40: ; CODE XREF: sub_401610+75A�j
; sub_401610+9ED�j ...
mov [ebp+var_4], 1
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401A4C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
and esi, 7 ; jumptable 0040166B case 18
test byte ptr dword_426444+1, 4
mov [ebp+FilePart], esi
jnz short loc_401A73
push 31h
pop esi
call sub_401508
mov ebx, eax
push ebx ; lpString
mov [ebp+lpString2], ebx
call lstrlenA ; lstrlenA
jmp loc_401B10
; ---------------------------------------------------------------------------
loc_401A73: ; CODE XREF: sub_401610+449�j
push 36h
pop esi
call sub_401508
mov ebx, eax
push ebx ; lpString
mov [ebp+lpString2], ebx
call lstrlenA ; lstrlenA
push lpString ; lpString
mov esi, eax
call lstrlenA ; lstrlenA
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_401AAF
push lpString ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+esi+1]
loc_401AAF: ; CODE XREF: sub_401610+48E�j
push eax ; dwBytes
call sub_405DBB
mov edi, eax
test edi, edi
mov [ebp+hWndParent], edi
jz loc_402E4D
push lpString ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
push ebx ; lpString2
push edi ; lpString1
call ds:lstrcatA ; lstrcatA
push edi ; lpString
call lstrlenA ; lstrlenA
lea esi, [eax+edi-1]
jmp short loc_401AF1
; ---------------------------------------------------------------------------
loc_401AE2: ; CODE XREF: sub_401610+4E3�j
cmp byte ptr [esi], 5Ch
jz short loc_401AF5
push esi ; lpszCurrent
push edi ; lpszStart
call ds:CharPrevA ; CharPrevA
mov esi, eax
loc_401AF1: ; CODE XREF: sub_401610+4D0�j
cmp esi, edi
ja short loc_401AE2
loc_401AF5: ; CODE XREF: sub_401610+4D5�j
push edi ; lpFileName
mov byte ptr [esi], 0
call sub_406301
test eax, eax
jz loc_402E4D
push edi ; lpString2
push ebx ; lpString1
mov byte ptr [esi], 5Ch
call lstrcpyA ; lstrcpyA
loc_401B10: ; CODE XREF: sub_401610+45E�j
mov eax, [ebp+arglist]
sar eax, 3
push ebx
and eax, 2
push eax
push [ebp+FilePart] ; arglist
push offset aFileOverwritef ; "File: overwriteflag=%d, allowskipfilesf"...
call sub_40614C
add esp, 10h
push ebx
call sub_405DE6
test eax, eax
mov esi, offset Text
push ebx ; lpString2
jz short loc_401B43
push esi ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_401B5B
; ---------------------------------------------------------------------------
loc_401B43: ; CODE XREF: sub_401610+529�j
push offset CurrentDirectory ; lpString2
push esi ; lpString1
call lstrcpyA ; lstrcpyA
push eax ; lpString1
call sub_4061A6
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_401B5B: ; CODE XREF: sub_401610+531�j
push esi ; lpszCurrent
call sub_406009
mov ebx, offset byte_40A888
mov edi, offset Data
loc_401B6B: ; CODE XREF: sub_401610+626�j
cmp [ebp+FilePart], 3
jl short loc_401BA2
push esi ; lpFileName
call sub_406168
xor ecx, ecx
test eax, eax
jz short loc_401B8D
lea ecx, [ebp+nShowCmd]
push ecx ; lpFileTime2
add eax, 14h
push eax ; lpFileTime1
call ds:CompareFileTime ; CompareFileTime
mov ecx, eax
loc_401B8D: ; CODE XREF: sub_401610+56B�j
mov eax, [ebp+FilePart]
add eax, 0FFFFFFFDh
or eax, 80000000h
and eax, ecx
neg eax
sbb eax, eax
inc eax
mov [ebp+FilePart], eax
loc_401BA2: ; CODE XREF: sub_401610+55F�j
cmp [ebp+FilePart], 0
jnz short loc_401BBA
push esi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
and eax, 0FFFFFFFEh
push eax ; dwFileAttributes
push esi ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
loc_401BBA: ; CODE XREF: sub_401610+596�j
xor eax, eax
cmp [ebp+FilePart], 1
setnz al
inc eax
push eax ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_405E7A
cmp eax, 0FFFFFFFFh
mov [ebp+dwResult], eax
jnz loc_401C93
cmp [ebp+FilePart], 0
jnz short loc_401C51
push esi ; arglist
push offset aFileErrorCreat ; "File: error creating \"%s\""
call sub_40614C
pop ecx
pop ecx
push offset dword_427000 ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpString2
push offset dword_427000 ; lpString1
call lstrcpyA ; lstrcpyA
push [ebp+var_24] ; lpString2
push ebx ; lpString1
call sub_4065B7
push edi ; lpString2
push offset dword_427000 ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, [ebp+arglist]
sar eax, 3
push eax ; int
push ebx ; lpText
call sub_405D79
sub eax, 4
jnz short loc_401C3B
push offset aFileErrorUserR ; "File: error, user retry"
call sub_40614C
pop ecx
jmp loc_401B6B
; ---------------------------------------------------------------------------
loc_401C3B: ; CODE XREF: sub_401610+619�j
dec eax
jz short loc_401C7D
push offset aFileErrorUserA ; "File: error, user abort"
call sub_40614C
pop ecx
push esi
push 0FFFFFFFAh
jmp loc_40169F
; ---------------------------------------------------------------------------
loc_401C51: ; CODE XREF: sub_401610+5D0�j
push [ebp+lpString2] ; lpString2
push 0FFFFFFE2h ; int
call sub_40509F
cmp [ebp+FilePart], 2
jnz short loc_401C67
inc dword_426468
loc_401C67: ; CODE XREF: sub_401610+64F�j
push [ebp+FilePart]
push esi ; arglist
push offset aFileSkippedSOv ; "File: skipped: \"%s\" (overwriteflag=%d)"
call sub_40614C
add esp, 0Ch
jmp loc_4031C3
; ---------------------------------------------------------------------------
loc_401C7D: ; CODE XREF: sub_401610+62C�j
push offset aFileErrorUserC ; "File: error, user cancel"
call sub_40614C
inc dword_426468
pop ecx
jmp loc_4031DB
; ---------------------------------------------------------------------------
loc_401C93: ; CODE XREF: sub_401610+5C6�j
push [ebp+lpString2] ; lpString2
push 0FFFFFFEAh ; int
call sub_40509F
inc dword_40A040
xor ebx, ebx
push ebx ; NumberOfBytesWritten
push ebx ; lpBuffer
push [ebp+dwResult] ; hFile
push [ebp+dwBytes] ; Buffer
call sub_40362B
dec dword_40A040
mov edi, eax
push esi
push edi ; arglist
push offset aFileWroteDToS ; "File: wrote %d to \"%s\""
call sub_40614C
add esp, 0Ch
cmp [ebp+nShowCmd.dwLowDateTime], 0FFFFFFFFh
jnz short loc_401CD5
cmp [ebp+nShowCmd.dwHighDateTime], 0FFFFFFFFh
jz short loc_401CE4
loc_401CD5: ; CODE XREF: sub_401610+6BD�j
lea eax, [ebp+nShowCmd]
push eax ; lpLastWriteTime
push ebx ; lpLastAccessTime
push eax ; lpCreationTime
push [ebp+dwResult] ; hFile
call ds:SetFileTime ; SetFileTime
loc_401CE4: ; CODE XREF: sub_401610+6C3�j
push [ebp+dwResult] ; hObject
call ds:CloseHandle ; CloseHandle
cmp edi, ebx
jge loc_4031C3
cmp edi, 0FFFFFFFEh
jnz short loc_401D0E
push 0FFFFFFE9h ; lpString2
push esi ; lpString1
call sub_4065B7
push [ebp+lpString2] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_401D16
; ---------------------------------------------------------------------------
loc_401D0E: ; CODE XREF: sub_401610+6E8�j
push 0FFFFFFEEh ; lpString2
push esi ; lpString1
call sub_4065B7
loc_401D16: ; CODE XREF: sub_401610+6FC�j
push esi ; arglist
push offset aS ; "%s"
call sub_40614C
pop ecx
pop ecx
push 200010h ; int
push esi ; lpText
loc_401D29: ; CODE XREF: sub_401610+1220�j
call sub_405D79
jmp loc_402E4D
; ---------------------------------------------------------------------------
loc_401D33: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 19
call sub_401508
mov esi, eax
push esi
push offset aDeleteS ; "Delete: \"%s\""
jmp short loc_401D9A
; ---------------------------------------------------------------------------
loc_401D44: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 31h ; jumptable 0040166B case 20
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+arglist] ; arglist
push offset aMessageboxDS ; "MessageBox: %d,\"%s\""
call sub_40614C
add esp, 0Ch
push [ebp+arglist] ; int
push esi ; lpText
call sub_405D79
test eax, eax
jz loc_401A40
cmp eax, [ebp+dwBytes]
jz loc_401ECB
cmp eax, [ebp+nShowCmd.dwHighDateTime]
jnz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
mov eax, [ebp+var_24]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401D8A: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 21
pop esi
call sub_401508
mov esi, eax
push esi ; arglist
push offset aRmdirS ; "RMDir: \"%s\""
loc_401D9A: ; CODE XREF: sub_401610+732�j
call sub_40614C
pop ecx
pop ecx
push [ebp+dwFileAttributes] ; int
push esi ; lpString1
call sub_4067E6
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401DAF: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 22
inc esi
call sub_401508
push eax ; lpString
call lstrlenA ; lstrlenA
loc_401DBD: ; CODE XREF: sub_401610+B34�j
; sub_401610+C2A�j ...
push eax
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_401DC3: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 23
pop ecx
call sub_4014F2
push 3
pop ecx
mov [ebp+FilePart], eax
call sub_4014F2
xor esi, esi
inc esi
mov ebx, eax
call sub_401508
cmp [ebp+dwBytes], 0
mov esi, eax
mov byte ptr [edi], 0
jz short loc_401DF5
cmp [ebp+FilePart], 0
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401DF5: ; CODE XREF: sub_401610+7D9�j
push esi ; lpString
call lstrlenA ; lstrlenA
test ebx, ebx
jge short loc_401E07
add ebx, eax
js loc_4031D2 ; default
; jumptable 0040166B cases 64,65
loc_401E07: ; CODE XREF: sub_401610+7ED�j
cmp ebx, eax
jle short loc_401E0D
mov ebx, eax
loc_401E0D: ; CODE XREF: sub_401610+7F9�j
add esi, ebx
push esi ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
mov esi, [ebp+FilePart]
test esi, esi
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jge short loc_401E34
push edi ; lpString
call lstrlenA ; lstrlenA
add esi, eax
jns short loc_401E34
and [ebp+FilePart], 0
mov esi, [ebp+FilePart]
loc_401E34: ; CODE XREF: sub_401610+811�j
; sub_401610+81B�j
cmp esi, 400h
jge loc_4031D2 ; default
; jumptable 0040166B cases 64,65
mov byte ptr [esi+edi], 0
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401E49: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 20h ; jumptable 0040166B case 24
pop esi
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push eax ; lpString2
push edi ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_401ECB
jmp loc_4018D8
; ---------------------------------------------------------------------------
loc_401E6C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 25
inc esi
call sub_401508
cmp [ebp+dwBytes], 0
push 400h ; nSize
push edi ; lpBuffer
push eax ; lpName
jz short loc_401E92
call ds:GetEnvironmentVariableA ; GetEnvironmentVariableA
test eax, eax
jnz short loc_401E98
mov [ebp+var_4], esi
mov [edi], al
jmp short loc_401E98
; ---------------------------------------------------------------------------
loc_401E92: ; CODE XREF: sub_401610+86F�j
call ds:ExpandEnvironmentStringsA ; ExpandEnvironmentStringsA
loc_401E98: ; CODE XREF: sub_401610+879�j
; sub_401610+880�j
mov byte ptr [edi+3FFh], 0
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_401EA4: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 26
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+var_24], 0
jnz short loc_401EC7
cmp esi, eax
jl short loc_401ECB
jle loc_4018D8
jmp short loc_401ED9
; ---------------------------------------------------------------------------
loc_401EC7: ; CODE XREF: sub_401610+8A9�j
cmp esi, eax
jnb short loc_401ED3
loc_401ECB: ; CODE XREF: sub_401610+763�j
; sub_401610+855�j ...
mov eax, [ebp+nShowCmd.dwLowDateTime]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401ED3: ; CODE XREF: sub_401610+8B9�j
jbe loc_4018D8
loc_401ED9: ; CODE XREF: sub_401610+8B5�j
mov eax, [ebp+nShowCmd.dwHighDateTime]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_401EE1: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ebx, ebx ; jumptable 0040166B case 27
inc ebx
mov ecx, ebx
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, eax
mov eax, [ebp+nShowCmd.dwLowDateTime]
cmp eax, 0Ch ; switch 13 cases
ja short loc_401F67 ; default
jmp ds:off_4032F0[eax*4] ; switch jump
loc_401F06: ; DATA XREF: .text:off_4032F0�o
add esi, ecx ; jumptable 00401EFF case 0
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F0A: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
sub esi, ecx ; jumptable 00401EFF case 1
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F0E: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
imul ecx, esi ; jumptable 00401EFF case 2
mov esi, ecx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F15: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test ecx, ecx ; jumptable 00401EFF case 3
jz short loc_401F5A
mov eax, esi
cdq
idiv ecx
loc_401F1E: ; CODE XREF: sub_401610+925�j
mov esi, eax
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F22: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
or esi, ecx ; jumptable 00401EFF case 4
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F26: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
and esi, ecx ; jumptable 00401EFF case 5
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F2A: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
xor esi, ecx ; jumptable 00401EFF case 6
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F2E: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
xor eax, eax ; jumptable 00401EFF case 7
test esi, esi
setz al
jmp short loc_401F1E
; ---------------------------------------------------------------------------
loc_401F37: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test esi, esi ; jumptable 00401EFF case 8
jnz short loc_401F49
jmp short loc_401F45
; ---------------------------------------------------------------------------
loc_401F3D: ; CODE XREF: sub_401610+933�j
; sub_401610+937�j
xor esi, esi
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F41: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test esi, esi ; jumptable 00401EFF case 9
jz short loc_401F3D
loc_401F45: ; CODE XREF: sub_401610+92B�j
test ecx, ecx
jz short loc_401F3D
loc_401F49: ; CODE XREF: sub_401610+929�j
mov esi, ebx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F4D: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
test ecx, ecx ; jumptable 00401EFF case 10
jz short loc_401F5A
mov eax, esi
cdq
idiv ecx
mov esi, edx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_401610+907�j
; sub_401610+93F�j
xor esi, esi
mov [ebp+var_4], ebx
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F61: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
shl esi, cl ; jumptable 00401EFF case 11
jmp short loc_401F67 ; default
; ---------------------------------------------------------------------------
loc_401F65: ; CODE XREF: sub_401610+8EF�j
; DATA XREF: .text:off_4032F0�o
sar esi, cl ; jumptable 00401EFF case 12
loc_401F67: ; CODE XREF: sub_401610+8ED�j
; sub_401610+8F8�j ...
push esi ; default
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_401F6D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 28
inc esi
call sub_401508
push 2
pop ecx
mov esi, eax
call sub_4014F2
push eax
push esi ; LPCSTR
push edi ; LPSTR
call ds:wsprintfA ; wsprintfA
jmp loc_402ABF
; ---------------------------------------------------------------------------
loc_401F8D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, [ebp+dwBytes] ; jumptable 0040166B case 29
test eax, eax
mov esi, dword_40A480
jz short loc_401FEA
loc_401F9A: ; CODE XREF: sub_401610+993�j
dec eax
test esi, esi
jz short loc_401FA9
test eax, eax
mov esi, [esi]
jnz short loc_401F9A
test esi, esi
jnz short loc_401FBD
loc_401FA9: ; CODE XREF: sub_401610+98D�j
push [ebp+dwBytes] ; arglist
push offset aExchStackDElem ; "Exch: stack < %d elements"
call sub_40614C
pop ecx
pop ecx
jmp loc_402821
; ---------------------------------------------------------------------------
loc_401FBD: ; CODE XREF: sub_401610+997�j
lea edi, [esi+4]
push edi ; lpString2
mov esi, offset Text
push esi ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, dword_40A480
add eax, 4
push eax ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, dword_40A480
push esi
add eax, 4
push eax
jmp loc_4030E5
; ---------------------------------------------------------------------------
loc_401FEA: ; CODE XREF: sub_401610+988�j
test edx, edx
jz short loc_402019
test esi, esi
jnz short loc_402002
push offset aPopStackEmpty ; "Pop: stack empty"
call sub_40614C
pop ecx
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402002: ; CODE XREF: sub_401610+9E0�j
lea eax, [esi+4]
push eax ; lpString2
push edi ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, [esi]
mov dword_40A480, eax
push esi
jmp loc_4031CC
; ---------------------------------------------------------------------------
loc_402019: ; CODE XREF: sub_401610+9DC�j
push 404h ; dwBytes
call sub_405DBB
push [ebp+arglist] ; lpString2
mov esi, eax
lea eax, [esi+4]
push eax ; lpString1
call sub_4065B7
mov eax, dword_40A480
mov [esi], eax
mov dword_40A480, esi
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402043: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 33h ; jumptable 0040166B cases 30,31
pop esi
call sub_401508
push 44h
pop esi
mov [ebp+hWndParent], eax
call sub_401508
xor esi, esi
inc esi
test byte ptr [ebp+var_24], 1
mov [ebp+FilePart], eax
jnz short loc_40206D
push [ebp+hWndParent]
call sub_405F74
mov [ebp+hWndParent], eax
loc_40206D: ; CODE XREF: sub_401610+A50�j
test byte ptr [ebp+var_24], 2
jnz short loc_40207E
push [ebp+FilePart]
call sub_405F74
mov [ebp+FilePart], eax
loc_40207E: ; CODE XREF: sub_401610+A61�j
cmp [ebp+var_3C], 21h
jnz short loc_4020CC
mov ecx, esi
call sub_4014F2
push 2
pop ecx
mov esi, eax
call sub_4014F2
mov ecx, [ebp+var_24]
sar ecx, 2
jz short loc_4020BC
lea edx, [ebp+dwResult]
push edx ; lpdwResult
push ecx ; uTimeout
push 0 ; fuFlags
push [ebp+FilePart] ; lParam
push [ebp+hWndParent] ; wParam
push eax ; Msg
push esi ; hWnd
call ds:SendMessageTimeoutA ; SendMessageTimeoutA
neg eax
sbb eax, eax
inc eax
mov [ebp+var_4], eax
jmp short loc_4020FC
; ---------------------------------------------------------------------------
loc_4020BC: ; CODE XREF: sub_401610+A8B�j
push [ebp+FilePart] ; lParam
push [ebp+hWndParent] ; wParam
push eax ; Msg
push esi ; hWnd
call ds:SendMessageA ; SendMessageA
jmp short loc_4020F9
; ---------------------------------------------------------------------------
loc_4020CC: ; CODE XREF: sub_401610+A72�j
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
mov cl, [eax]
neg cl
sbb ecx, ecx
and ecx, eax
mov al, [ebx]
neg al
push ecx ; lpszWindow
sbb eax, eax
and eax, ebx
push eax ; lpszClass
push [ebp+FilePart] ; hWndChildAfter
push [ebp+hWndParent] ; hWndParent
call ds:FindWindowExA ; FindWindowExA
loc_4020F9: ; CODE XREF: sub_401610+ABA�j
mov [ebp+dwResult], eax
loc_4020FC: ; CODE XREF: sub_401610+AAA�j
cmp [ebp+arglist], 0
jl loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push [ebp+dwResult]
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_40210E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 32
call sub_4014F2
push eax ; hWnd
call ds:IsWindow ; IsWindow
test eax, eax
jz loc_4018D8
loc_402124: ; CODE XREF: sub_401610+2B2�j
mov eax, [ebp+dwFileAttributes]
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_40212C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 33
pop ecx
call sub_4014F2
xor ecx, ecx
push eax ; nIDDlgItem
inc ecx
call sub_4014F2
push eax ; hDlg
call ds:GetDlgItem ; GetDlgItem
jmp loc_401DBD
; ---------------------------------------------------------------------------
loc_402149: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, dword_426428 ; jumptable 0040166B case 34
add eax, edx
push eax ; dwNewLong
push 0FFFFFFEBh ; nIndex
xor ecx, ecx
call sub_4014F2
push eax ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402166: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push edx ; jumptable 0040166B case 35
push [ebp+lpString2] ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov edi, eax
lea eax, [ebp+FileOp.lParam]
push eax ; lpRect
push edi ; hWnd
call ds:GetClientRect ; GetClientRect
mov eax, [ebp+FileOp.pt.y]
imul eax, [ebp+dwBytes]
push 10h ; fuLoad
push eax ; cy
mov eax, [ebp+FileOp.pt.x]
imul eax, [ebp+dwBytes]
push eax ; cx
xor ebx, ebx
push ebx ; type
xor esi, esi
call sub_401508
push eax ; name
push ebx ; hInst
call ds:LoadImageA ; LoadImageA
push eax ; lParam
push ebx ; wParam
push 172h ; Msg
push edi ; hWnd
call ds:SendMessageA ; SendMessageA
cmp eax, ebx
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push eax ; ho
call ds:DeleteObject ; DeleteObject
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4021C3: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 48h ; jumptable 0040166B case 36
push 5Ah ; index
push [ebp+lpString2] ; hWnd
call ds:GetDC ; GetDC
push eax ; hdc
call ds:GetDeviceCaps ; GetDeviceCaps
push eax ; nNumerator
push 2
pop ecx
call sub_4014F2
push eax ; nNumber
call ds:MulDiv ; MulDiv
push 3
neg eax
pop ecx
mov lf.lfHeight, eax
call sub_4014F2
push [ebp+dwFileAttributes] ; lpString2
mov lf.lfWeight, eax
mov al, byte ptr [ebp+nShowCmd.dwHighDateTime]
mov cl, al
and cl, 1
mov lf.lfItalic, cl
mov cl, al
and cl, 2
and al, 4
push offset lf.lfFaceName ; lpString1
mov lf.lfUnderline, cl
mov lf.lfStrikeOut, al
mov lf.lfCharSet, 1
call sub_4065B7
push offset lf ; lplf
call ds:CreateFontIndirectA ; CreateFontIndirectA
jmp loc_401DBD
; ---------------------------------------------------------------------------
loc_40223F: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 37
call sub_4014F2
xor ecx, ecx
inc ecx
mov esi, eax
call sub_4014F2
cmp [ebp+dwBytes], 0
mov edi, eax
jz short loc_402263
push offset aHidewindow ; "HideWindow"
call sub_40614C
pop ecx
loc_402263: ; CODE XREF: sub_401610+C46�j
cmp [ebp+nShowCmd.dwLowDateTime], 0
push edi ; nCmdShow
push esi ; hWnd
jnz short loc_402276
call ds:ShowWindow ; ShowWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402276: ; CODE XREF: sub_401610+C59�j
call ds:EnableWindow ; EnableWindow
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 38
call sub_401508
push 31h
pop esi
mov edi, eax
call sub_401508
push 22h
pop esi
mov ebx, eax
call sub_401508
push ebx
push edi
push offset aSS ; "%s %s"
push offset byte_40A888 ; LPSTR
mov esi, eax
call ds:wsprintfA ; wsprintfA
add esp, 10h
push 0FFFFFFECh
call sub_4014E1
mov al, [esi]
push [ebp+nShowCmd.dwLowDateTime] ; nShowCmd
neg al
push offset CurrentDirectory ; lpDirectory
sbb eax, eax
and eax, esi
push eax ; lpParameters
mov al, [edi]
neg al
push ebx ; lpFile
sbb eax, eax
and eax, edi
push eax ; lpOperation
push [ebp+lpString2] ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
cmp eax, 21h
jge short loc_4022F9
push eax
push esi
push ebx
push edi ; arglist
push offset aExecshellWarni ; "ExecShell: warning: error (\"%s\": file:\""...
call sub_40614C
add esp, 14h
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_4022F9: ; CODE XREF: sub_401610+CD1�j
push esi
push ebx
push edi ; arglist
push offset aExecshellSucce ; "ExecShell: success (\"%s\": file:\"%s\" par"...
call sub_40614C
add esp, 10h
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40230E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 39
call sub_401508
mov esi, eax
push esi ; arglist
push offset aExecCommandS ; "Exec: command=\"%s\""
call sub_40614C
pop ecx
pop ecx
push esi ; lpString2
push 0FFFFFFEBh ; int
call sub_40509F
push offset CurrentDirectory ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405D01
test eax, eax
mov [ebp+FilePart], eax
push esi ; arglist
jz loc_4023CF
push offset aExecSuccessS ; "Exec: success (\"%s\")"
call sub_40614C
cmp [ebp+dwBytes], 0
pop ecx
pop ecx
jz short loc_4023C7
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_40239C
mov edi, ds:PeekMessageA
jmp short loc_40237B
; ---------------------------------------------------------------------------
loc_402371: ; CODE XREF: sub_401610+D7B�j
lea eax, [ebp+FileOp]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_40237B: ; CODE XREF: sub_401610+D5F�j
; sub_401610+D8A�j
push 1 ; wRemoveMsg
push 0Fh ; wMsgFilterMax
push 0Fh ; wMsgFilterMin
lea eax, [ebp+FileOp]
push 0 ; hWnd
push eax ; lpMsg
call edi ; PeekMessageA
test eax, eax
jnz short loc_402371
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call ds:WaitForSingleObject ; WaitForSingleObject
cmp eax, esi
jz short loc_40237B
loc_40239C: ; CODE XREF: sub_401610+D57�j
lea eax, [ebp+pBlock]
push eax ; lpExitCode
push [ebp+FilePart] ; hProcess
call ds:GetExitCodeProcess ; GetExitCodeProcess
cmp [ebp+dwFileAttributes], 0
jl short loc_4023BA
push [ebp+pBlock] ; int
push ebx ; LPSTR
call sub_405F5B
jmp short loc_4023C7
; ---------------------------------------------------------------------------
loc_4023BA: ; CODE XREF: sub_401610+D9D�j
cmp [ebp+pBlock], 0
jz short loc_4023C7
mov [ebp+var_4], 1
loc_4023C7: ; CODE XREF: sub_401610+D43�j
; sub_401610+DA8�j ...
push [ebp+FilePart]
jmp loc_402BAD
; ---------------------------------------------------------------------------
loc_4023CF: ; CODE XREF: sub_401610+D2D�j
mov [ebp+var_4], 1
push offset aExecFailedCrea ; "Exec: failed createprocess (\"%s\")"
jmp loc_4030A5
; ---------------------------------------------------------------------------
loc_4023E0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 40
pop esi
call sub_401508
push eax ; lpFileName
call sub_406168
mov esi, eax
test esi, esi
jz short loc_402405
push dword ptr [esi+14h] ; int
push ebx ; LPSTR
call sub_405F5B
push dword ptr [esi+18h]
jmp loc_4017CD
; ---------------------------------------------------------------------------
loc_402405: ; CODE XREF: sub_401610+DE2�j
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402410: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFEEh ; jumptable 0040166B case 41
lea eax, [ebp+FileOp.lParam]
pop esi
mov [ebp+FilePart], eax
call sub_401508
lea ecx, [ebp+lpAppName]
push ecx ; lpdwHandle
push eax ; lptstrFilename
mov [ebp+puLen], eax
call GetFileVersionInfoSizeA
mov esi, eax
test esi, esi
mov byte ptr [edi], 0
mov byte ptr [ebx], 0
mov [ebp+var_4], 1
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push esi ; dwBytes
call sub_405DBB
test eax, eax
mov [ebp+pBlock], eax
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push eax ; lpData
push esi ; dwLen
push 0 ; dwHandle
push [ebp+puLen] ; lptstrFilename
call GetFileVersionInfoA
test eax, eax
jz short loc_402498
lea eax, [ebp+puLen]
push eax ; puLen
lea eax, [ebp+FilePart]
push eax ; lplpBuffer
push offset SubBlock ; "\\"
push [ebp+pBlock] ; pBlock
call VerQueryValueA
test eax, eax
jz short loc_402498
mov eax, [ebp+FilePart]
push dword ptr [eax+8] ; int
push edi ; LPSTR
call sub_405F5B
mov eax, [ebp+FilePart]
push dword ptr [eax+0Ch] ; int
push ebx ; LPSTR
call sub_405F5B
and [ebp+var_4], 0
loc_402498: ; CODE XREF: sub_401610+E51�j
; sub_401610+E6A�j
push [ebp+pBlock]
jmp loc_4031CC
; ---------------------------------------------------------------------------
loc_4024A0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor edi, edi ; jumptable 0040166B case 42
inc edi
push 8001h ; uMode
mov [ebp+var_4], edi
call ds:SetErrorMode ; SetErrorMode
cmp dword_426490, 0
jl loc_4025E9
push 0FFFFFFF0h
pop esi
call sub_401508
mov esi, edi
mov [ebp+FilePart], eax
call sub_401508
cmp [ebp+nShowCmd.dwHighDateTime], 0
mov [ebp+dwResult], eax
jz short loc_4024E9
push [ebp+FilePart] ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
mov [ebp+hWndParent], eax
jnz short loc_40253E
loc_4024E9: ; CODE XREF: sub_401610+EC7�j
mov esi, ds:GetLastError
xor edi, edi
push edi ; Arguments
push edi ; nSize
lea eax, [ebp+puLen]
push eax ; lpBuffer
push 400h ; dwLanguageId
call esi ; GetLastError
mov ebx, ds:FormatMessageA
push eax ; dwMessageId
push edi ; lpSource
mov edi, 1300h
push edi ; dwFlags
call ebx ; FormatMessageA
push [ebp+FilePart] ; lpString2
push 0FFFFFFF6h ; int
call sub_40509F
push [ebp+puLen]
push [ebp+FilePart] ; arglist
push offset aRegdllCouldNot ; "RegDLL: Could not load '%s' -> '%s'"
call sub_40614C
add esp, 0Ch
push [ebp+FilePart] ; lpLibFileName
call ds:LoadLibraryA ; LoadLibraryA
test eax, eax
mov [ebp+hWndParent], eax
jz short loc_4025B8
xor edi, edi
inc edi
loc_40253E: ; CODE XREF: sub_401610+ED7�j
push [ebp+dwResult] ; lpProcName
push [ebp+hWndParent] ; hModule
call ds:GetProcAddress ; GetProcAddress
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz short loc_40258B
cmp [ebp+dwBytes], ebx
mov [ebp+var_4], ebx
jz short loc_40256D
push [ebp+dwBytes]
call sub_4014E1
call esi
test eax, eax
jz short loc_4025A8
mov [ebp+var_4], edi
jmp short loc_4025A8
; ---------------------------------------------------------------------------
loc_40256D: ; CODE XREF: sub_401610+F48�j
push offset off_40A000
push offset dword_40A480
push offset dword_427000
push 400h
push [ebp+lpString2]
call esi
add esp, 14h
jmp short loc_4025A8
; ---------------------------------------------------------------------------
loc_40258B: ; CODE XREF: sub_401610+F40�j
push [ebp+dwResult] ; lpString2
push 0FFFFFFF7h ; int
call sub_40509F
push [ebp+FilePart]
push [ebp+dwResult] ; arglist
push offset aErrorRegisteri ; "Error registering DLL: %s not found in "...
call sub_40614C
add esp, 0Ch
loc_4025A8: ; CODE XREF: sub_401610+F56�j
; sub_401610+F5B�j ...
cmp [ebp+nShowCmd.dwLowDateTime], ebx
jnz short loc_4025FB
push [ebp+hWndParent] ; hLibModule
call ds:FreeLibrary ; FreeLibrary
jmp short loc_4025FB
; ---------------------------------------------------------------------------
loc_4025B8: ; CODE XREF: sub_401610+F29�j
push 0 ; Arguments
push 0 ; nSize
lea eax, [ebp+puLen]
push eax ; lpBuffer
push 400h ; dwLanguageId
call esi ; GetLastError
push eax ; dwMessageId
push 0 ; lpSource
push edi ; dwFlags
call ebx ; FormatMessageA
push 0FFFFFFF6h
call sub_4014E1
push [ebp+puLen]
push [ebp+FilePart] ; arglist
push offset aErrorRegiste_0 ; "Error registering DLL: Could not load '"...
call sub_40614C
add esp, 0Ch
jmp short loc_4025FB
; ---------------------------------------------------------------------------
loc_4025E9: ; CODE XREF: sub_401610+EA8�j
push 0FFFFFFE7h
call sub_4014E1
push offset aErrorRegiste_1 ; "Error registering DLL: Could not initia"...
call sub_40614C
pop ecx
loc_4025FB: ; CODE XREF: sub_401610+F9B�j
; sub_401610+FA6�j ...
push 0 ; uMode
call ds:SetErrorMode ; SetErrorMode
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402608: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFF0h ; jumptable 0040166B case 43
pop esi
call sub_401508
push 0FFFFFFDFh
pop esi
mov [ebp+dwResult], eax
call sub_401508
push 2
pop esi
mov edi, eax
call sub_401508
push 0FFFFFFCDh
pop esi
mov [ebp+lpAppName], eax
call sub_401508
push 45h
pop esi
mov [ebp+pBlock], eax
call sub_401508
push edi
mov [ebp+puLen], eax
call sub_405DE6
test eax, eax
jnz short loc_402650
push 21h
pop esi
call sub_401508
loc_402650: ; CODE XREF: sub_401610+1036�j
mov eax, [ebp+nShowCmd.dwHighDateTime]
mov ecx, eax
sar ecx, 10h
push ecx
movzx ecx, ah
push ecx
mov esi, 0FFh
and eax, esi
push eax
push [ebp+pBlock]
push [ebp+lpAppName]
push edi
push [ebp+dwResult] ; arglist
push offset aCreateshortcut ; "CreateShortCut: out: \"%s\", in: \"%s %s\","...
call sub_40614C
add esp, 20h
lea eax, [ebp+FilePart]
push eax ; ppv
push offset riid ; riid
push 1 ; dwClsContext
push 0 ; pUnkOuter
push offset rclsid ; rclsid
call ds:CoCreateInstance
test eax, eax
jl loc_40276F
mov eax, [ebp+FilePart]
mov ecx, [eax]
lea edx, [ebp+hWndParent]
push edx
push offset dword_408DFC
push eax
call dword ptr [ecx]
mov ebx, eax
test ebx, ebx
jl loc_402762
mov eax, [ebp+FilePart]
mov ecx, [eax]
push edi
push eax
call dword ptr [ecx+50h]
mov ebx, eax
mov eax, [ebp+FilePart]
mov ecx, [eax]
push offset CurrentDirectory
push eax
call dword ptr [ecx+24h]
mov ecx, [ebp+nShowCmd.dwHighDateTime]
mov eax, ecx
sar eax, 8
and eax, esi
jz short loc_4026EA
mov ecx, [ebp+FilePart]
mov edx, [ecx]
push eax
push ecx
call dword ptr [edx+3Ch]
mov ecx, [ebp+nShowCmd.dwHighDateTime]
loc_4026EA: ; CODE XREF: sub_401610+10CB�j
mov eax, [ebp+FilePart]
mov edx, [eax]
sar ecx, 10h
push ecx
push eax
call dword ptr [edx+34h]
mov ecx, [ebp+pBlock]
cmp byte ptr [ecx], 0
jz short loc_40270F
mov edi, [ebp+nShowCmd.dwHighDateTime]
mov eax, [ebp+FilePart]
mov edx, [eax]
and edi, esi
push edi
push ecx
push eax
call dword ptr [edx+44h]
loc_40270F: ; CODE XREF: sub_401610+10ED�j
mov eax, [ebp+FilePart]
push [ebp+lpAppName]
mov ecx, [eax]
push eax
call dword ptr [ecx+2Ch]
mov eax, [ebp+FilePart]
push [ebp+puLen]
mov ecx, [eax]
push eax
call dword ptr [ecx+1Ch]
xor eax, eax
cmp ebx, eax
jl short loc_402759
push 400h ; cchWideChar
mov esi, offset WideCharStr
push esi ; lpWideCharStr
push 0FFFFFFFFh ; cbMultiByte
push [ebp+dwResult] ; lpMultiByteStr
mov WideCharStr, ax
push eax ; dwFlags
push eax ; CodePage
call ds:MultiByteToWideChar ; MultiByteToWideChar
mov eax, [ebp+hWndParent]
mov ecx, [eax]
push 1
push esi
push eax
call dword ptr [ecx+18h]
mov ebx, eax
loc_402759: ; CODE XREF: sub_401610+111B�j
mov eax, [ebp+hWndParent]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
loc_402762: ; CODE XREF: sub_401610+10A1�j
mov eax, [ebp+FilePart]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
test ebx, ebx
jge short loc_40277A
loc_40276F: ; CODE XREF: sub_401610+1086�j
mov [ebp+var_4], 1
push 0FFFFFFF0h
jmp short loc_40277C
; ---------------------------------------------------------------------------
loc_40277A: ; CODE XREF: sub_401610+115D�j
push 0FFFFFFF4h
loc_40277C: ; CODE XREF: sub_401610+289�j
; sub_401610+33C�j ...
call sub_4014E1
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402786: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 44
call sub_401508
push 11h
pop esi
mov ebx, eax
call sub_401508
mov esi, eax
push esi
push ebx ; arglist
push offset aCopyfilesSS ; "CopyFiles \"%s\"->\"%s\""
call sub_40614C
mov eax, [ebp+lpString2]
add esp, 0Ch
push ebx ; lpString
mov [ebp+FileOp.hwnd], eax
mov [ebp+FileOp.message], 2
call lstrlenA ; lstrlenA
push esi ; lpString
mov byte ptr [eax+ebx+1], 0
call lstrlenA ; lstrlenA
push 0FFFFFFF8h ; lpString2
mov edi, offset Data
push edi ; lpString1
mov byte ptr [eax+esi+1], 0
call sub_4065B7
push esi ; lpString2
push edi ; lpString1
call ds:lstrcatA ; lstrcatA
mov ax, word ptr [ebp+dwBytes]
push edi ; lpString2
push 0 ; int
mov [ebp+FileOp.wParam], ebx
mov [ebp+FileOp.lParam], esi
mov [ebp+FileOp.pt.y+2], edi
mov word ptr [ebp+FileOp.time], ax
call sub_40509F
lea eax, [ebp+FileOp]
push eax ; lpFileOp
call ds:SHFileOperationA ; SHFileOperationA
test eax, eax
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push 0 ; lpString2
push 0FFFFFFF9h ; int
call sub_40509F
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402819: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp esi, 0BADF00Dh ; jumptable 0040166B case 45
jz short loc_402835
loc_402821: ; CODE XREF: sub_401610+9A8�j
push 200010h
push 0FFFFFFE8h ; lpString2
push 0 ; lpString1
call sub_4065B7
push eax
jmp loc_401D29
; ---------------------------------------------------------------------------
loc_402835: ; CODE XREF: sub_401610+120F�j
inc dword_426474
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402840: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 46
push offset aRm ; "<RM>"
mov ebx, offset byte_40A888
push ebx ; lpString1
mov [ebp+lpAppName], esi
mov [ebp+pBlock], esi
mov [ebp+FilePart], esi
call lstrcpyA ; lstrcpyA
push ebx ; lpString2
mov edi, offset Data
push edi ; lpString1
call lstrcpyA ; lstrcpyA
cmp [ebp+arglist], esi
jz short loc_402874
call sub_401508
mov [ebp+lpAppName], eax
loc_402874: ; CODE XREF: sub_401610+125A�j
cmp [ebp+dwFileAttributes], 0
jz short loc_402885
push 11h
pop esi
call sub_401508
mov [ebp+pBlock], eax
loc_402885: ; CODE XREF: sub_401610+1268�j
cmp [ebp+nShowCmd.dwHighDateTime], 0
jz short loc_402896
push 22h
pop esi
call sub_401508
mov [ebp+FilePart], eax
loc_402896: ; CODE XREF: sub_401610+1279�j
push 0FFFFFFCDh
pop esi
call sub_401508
mov esi, eax
push esi
push edi
push ebx
push offset Text ; arglist
push offset aWriteinistrWro ; "WriteINIStr: wrote [%s] %s=%s in %s"
call sub_40614C
add esp, 14h
push esi ; lpFileName
push [ebp+FilePart] ; lpString
push [ebp+pBlock] ; lpKeyName
push [ebp+lpAppName] ; lpAppName
call ds:WritePrivateProfileStringA ; WritePrivateProfileStringA
jmp loc_401A38
; ---------------------------------------------------------------------------
loc_4028CA: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 47
inc esi
mov [ebp+FilePart], 7E4E21h
call sub_401508
push 12h
pop esi
mov ebx, eax
call sub_401508
push 0FFFFFFDDh
pop esi
mov [ebp+puLen], eax
call sub_401508
push eax ; lpFileName
push 3FFh ; nSize
push edi ; lpReturnedString
lea eax, [ebp+FilePart]
push eax ; lpDefault
push [ebp+puLen] ; lpKeyName
push ebx ; lpAppName
call ds:GetPrivateProfileStringA ; GetPrivateProfileStringA
mov eax, [edi]
cmp eax, [ebp+FilePart]
jmp loc_401A14
; ---------------------------------------------------------------------------
loc_40290D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp [ebp+nShowCmd.dwHighDateTime], 0 ; jumptable 0040166B case 48
jnz short loc_402957
push 2 ; phkResult
call sub_4015C7
mov edi, eax
test edi, edi
jz loc_401A40
push 33h
pop esi
call sub_401508
mov esi, eax
push esi ; lpValueName
push edi ; hKey
call ds:RegDeleteValueA ; RegDeleteValueA
push esi
push offset Data
push [ebp+dwFileAttributes] ; arglist
mov ebx, eax
push offset aDeleteregvalue ; "DeleteRegValue: %d\\%s\\%s"
call sub_40614C
add esp, 10h
push edi ; hKey
call ds:RegCloseKey ; RegCloseKey
jmp short loc_402993
; ---------------------------------------------------------------------------
loc_402957: ; CODE XREF: sub_401610+1301�j
push 22h
pop esi
call sub_401508
mov esi, eax
push esi
push [ebp+dwFileAttributes] ; arglist
push offset aDeleteregkeyDS ; "DeleteRegKey: %d\\%s"
call sub_40614C
mov eax, [ebp+dwFileAttributes]
add esp, 0Ch
test eax, eax
jnz short loc_402983
mov eax, dword_426464
add eax, 80000001h
loc_402983: ; CODE XREF: sub_401610+1367�j
mov ecx, [ebp+nShowCmd.dwHighDateTime]
and ecx, 2
push ecx ; int
push esi ; lpSubKey
push eax ; hKey
call sub_401540
mov ebx, eax
loc_402993: ; CODE XREF: sub_401610+1345�j
test ebx, ebx
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_4029A0: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ebx, ebx ; jumptable 0040166B case 49
cmp esi, ebx
jz short loc_4029AB
mov [ebp+FilePart], esi
jmp short loc_4029B8
; ---------------------------------------------------------------------------
loc_4029AB: ; CODE XREF: sub_401610+1394�j
mov eax, dword_426464
add eax, 80000001h
mov [ebp+FilePart], eax
loc_4029B8: ; CODE XREF: sub_401610+1399�j
mov eax, [ebp+nShowCmd.dwHighDateTime]
mov [ebp+dwResult], eax
mov eax, [ebp+var_24]
push 2
pop esi
mov [ebp+puLen], eax
call sub_401508
push 11h
pop esi
mov [ebp+hWndParent], eax
call sub_401508
push ebx ; lpdwDisposition
lea ecx, [ebp+pBlock]
push ecx ; phkResult
push ebx ; lpSecurityAttributes
push 2 ; samDesired
push ebx ; dwOptions
push ebx ; lpClass
push ebx ; Reserved
push eax ; lpSubKey
push [ebp+FilePart] ; hKey
mov [ebp+lpString2], eax
mov [ebp+var_4], 1
call ds:RegCreateKeyExA ; RegCreateKeyExA
test eax, eax
jnz loc_402AAF
xor esi, esi
cmp [ebp+dwResult], 1
mov edi, offset Data
jnz short loc_402A33
push 23h
pop esi
call sub_401508
push edi ; lpString
call lstrlenA ; lstrlenA
push edi
push [ebp+hWndParent]
mov esi, eax
push [ebp+lpString2]
inc esi
push [ebp+FilePart] ; arglist
push offset aWriteregstrSet ; "WriteRegStr: set %d\\%s\\%s to %s"
call sub_40614C
add esp, 14h
loc_402A33: ; CODE XREF: sub_401610+13F9�j
cmp [ebp+dwResult], 4
jnz short loc_402A60
push 3
pop ecx
call sub_4014F2
push 4
pop esi
push eax
push [ebp+hWndParent]
mov Data, eax
push [ebp+lpString2]
push [ebp+FilePart] ; arglist
push offset aWriteregdwordS ; "WriteRegDWORD: set %d\\%s\\%s to %d"
call sub_40614C
add esp, 14h
loc_402A60: ; CODE XREF: sub_401610+1427�j
cmp [ebp+dwResult], 3
jnz short loc_402A8E
push 0C00h ; NumberOfBytesWritten
push edi ; lpBuffer
push ebx ; hFile
push [ebp+nShowCmd.dwLowDateTime] ; Buffer
call sub_40362B
mov esi, eax
push esi
push [ebp+hWndParent]
push [ebp+lpString2]
push [ebp+FilePart] ; arglist
push offset aWriteregbinSet ; "WriteRegBin: set %d\\%s\\%s with %d bytes"...
call sub_40614C
add esp, 14h
loc_402A8E: ; CODE XREF: sub_401610+1454�j
push esi ; cbData
push edi ; lpData
push [ebp+puLen] ; dwType
push ebx ; Reserved
push [ebp+hWndParent] ; lpValueName
push [ebp+pBlock] ; hKey
call ds:RegSetValueExA ; RegSetValueExA
test eax, eax
jnz short loc_402AA7
mov [ebp+var_4], ebx
loc_402AA7: ; CODE XREF: sub_401610+1492�j
push [ebp+pBlock]
jmp loc_402B92
; ---------------------------------------------------------------------------
loc_402AAF: ; CODE XREF: sub_401610+13E8�j
push [ebp+lpString2]
push [ebp+FilePart] ; arglist
push offset aWriteregErrorC ; "WriteReg: error creating key %d\\%s"
call sub_40614C
loc_402ABF: ; CODE XREF: sub_401610+978�j
add esp, 0Ch
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402AC7: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 20019h ; jumptable 0040166B case 50
call sub_4015C7
push 33h
pop esi
mov ebx, eax
call sub_401508
xor esi, esi
cmp ebx, esi
mov byte ptr [edi], 0
jz loc_401A40
lea ecx, [ebp+puLen]
push ecx ; lpcbData
push edi ; lpData
lea ecx, [ebp+FilePart]
push ecx ; lpType
push esi ; lpReserved
push eax ; lpValueName
push ebx ; hKey
mov [ebp+puLen], 400h
call ds:RegQueryValueExA ; RegQueryValueExA
xor ecx, ecx
inc ecx
test eax, eax
jnz short loc_402B36
cmp [ebp+FilePart], 4
jz short loc_402B20
cmp [ebp+FilePart], ecx
jz short loc_402B19
cmp [ebp+FilePart], 2
jnz short loc_402B36
loc_402B19: ; CODE XREF: sub_401610+1501�j
cmp [ebp+nShowCmd.dwHighDateTime], esi
jz short loc_402B3C
jmp short loc_402B39
; ---------------------------------------------------------------------------
loc_402B20: ; CODE XREF: sub_401610+14FC�j
cmp [ebp+nShowCmd.dwHighDateTime], esi
jnz short loc_402B2C
mov [ebp+var_4], 1
loc_402B2C: ; CODE XREF: sub_401610+1513�j
push dword ptr [edi] ; int
push edi ; LPSTR
call sub_405F5B
jmp short loc_402B3C
; ---------------------------------------------------------------------------
loc_402B36: ; CODE XREF: sub_401610+14F6�j
; sub_401610+1507�j
mov byte ptr [edi], 0
loc_402B39: ; CODE XREF: sub_401610+150E�j
mov [ebp+var_4], ecx
loc_402B3C: ; CODE XREF: sub_401610+150C�j
; sub_401610+1524�j
push ebx
jmp short loc_402B92
; ---------------------------------------------------------------------------
loc_402B3F: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 20019h ; jumptable 0040166B case 51
call sub_4015C7
push 3
pop ecx
mov esi, eax
call sub_4014F2
xor edx, edx
cmp esi, edx
mov byte ptr [edi], 0
jz loc_401A40
cmp [ebp+nShowCmd.dwHighDateTime], edx
mov ecx, 3FFh
mov [ebp+FilePart], ecx
jz short loc_402B79
push ecx ; cchName
push edi ; lpName
push eax ; dwIndex
push esi ; hKey
call ds:RegEnumKeyA ; RegEnumKeyA
jmp short loc_402B8A
; ---------------------------------------------------------------------------
loc_402B79: ; CODE XREF: sub_401610+155B�j
push edx ; lpcbData
push edx ; lpData
push edx ; lpType
push edx ; lpReserved
lea ecx, [ebp+FilePart]
push ecx ; lpcchValueName
push edi ; lpValueName
push eax ; dwIndex
push esi ; hKey
call ds:RegEnumValueA ; RegEnumValueA
loc_402B8A: ; CODE XREF: sub_401610+1567�j
mov byte ptr [edi+3FFh], 0
push esi ; hKey
loc_402B92: ; CODE XREF: sub_401610+149A�j
; sub_401610+152D�j
call ds:RegCloseKey ; RegCloseKey
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402B9D: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [edi], 0 ; jumptable 0040166B case 52
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
call sub_405F74
push eax ; hObject
loc_402BAD: ; CODE XREF: sub_401610+DBA�j
call ds:CloseHandle ; CloseHandle
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402BB8: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 0FFFFFFEDh ; jumptable 0040166B case 53
pop esi
call sub_401508
push [ebp+dwBytes] ; dwCreationDisposition
push [ebp+dwFileAttributes] ; dwDesiredAccess
push eax ; lpFileName
call sub_405E7A
cmp eax, 0FFFFFFFFh
jnz loc_401DBD
loc_402BD5: ; CODE XREF: sub_401610+1777�j
mov byte ptr [edi], 0
jmp loc_401A40
; ---------------------------------------------------------------------------
loc_402BDD: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp [ebp+dwBytes], 0 ; jumptable 0040166B case 54
jz short loc_402BF5
xor ecx, ecx
inc ecx
call sub_4014F2
mov byte_40A888, al
xor eax, eax
inc eax
jmp short loc_402C03
; ---------------------------------------------------------------------------
loc_402BF5: ; CODE XREF: sub_401610+15D1�j
push 11h
pop esi
call sub_401508
push eax ; lpString
call lstrlenA ; lstrlenA
loc_402C03: ; CODE XREF: sub_401610+15E3�j
cmp byte ptr [edi], 0
jz loc_401A40
push 0 ; lpOverlapped
lea ecx, [ebp+FilePart]
push ecx ; lpNumberOfBytesWritten
push eax ; nNumberOfBytesToWrite
push offset byte_40A888 ; lpBuffer
push edi
call sub_405F74
push eax ; hFile
call ds:WriteFile ; WriteFile
jmp loc_401A38
; ---------------------------------------------------------------------------
loc_402C2A: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 55
pop ecx
xor esi, esi
call sub_4014F2
cmp eax, 1
mov [ebp+dwResult], eax
jl loc_4031D2 ; default
; jumptable 0040166B cases 64,65
mov ecx, 3FFh
cmp eax, ecx
jle short loc_402C4C
mov [ebp+dwResult], ecx
loc_402C4C: ; CODE XREF: sub_401610+1637�j
cmp byte ptr [edi], 0
jz loc_402CDE
push edi
mov byte ptr [ebp+FilePart+3], 0
call sub_405F74
cmp [ebp+dwResult], 0
mov edi, eax
jle short loc_402CDE
loc_402C67: ; CODE XREF: sub_401610+1697�j
push 0 ; lpOverlapped
lea eax, [ebp+puLen]
push eax ; lpNumberOfBytesRead
push 1 ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push edi ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_402CDE
cmp [ebp+puLen], 1
jnz short loc_402CDE
cmp [ebp+nShowCmd.dwLowDateTime], 0
jnz short loc_402CAB
cmp byte ptr [ebp+FilePart+3], 0Dh
jz short loc_402CBB
cmp byte ptr [ebp+FilePart+3], 0Ah
jz short loc_402CBB
mov al, [ebp+Buffer]
mov [esi+ebx], al
inc esi
test al, al
mov byte ptr [ebp+FilePart+3], al
jz short loc_402CDE
cmp esi, [ebp+dwResult]
jl short loc_402C67
jmp short loc_402CDE
; ---------------------------------------------------------------------------
loc_402CAB: ; CODE XREF: sub_401610+1678�j
movzx eax, [ebp+Buffer]
push eax ; int
push ebx ; LPSTR
call sub_405F5B
jmp loc_4031DB
; ---------------------------------------------------------------------------
loc_402CBB: ; CODE XREF: sub_401610+167E�j
; sub_401610+1684�j
mov al, [ebp+Buffer]
cmp byte ptr [ebp+FilePart+3], al
jz short loc_402CD1
cmp al, 0Dh
jz short loc_402CCB
cmp al, 0Ah
jnz short loc_402CD1
loc_402CCB: ; CODE XREF: sub_401610+16B5�j
mov [esi+ebx], al
inc esi
jmp short loc_402CDE
; ---------------------------------------------------------------------------
loc_402CD1: ; CODE XREF: sub_401610+16B1�j
; sub_401610+16B9�j
push 1 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 0FFFFFFFFh ; lDistanceToMove
push edi ; hFile
call ds:SetFilePointer ; SetFilePointer
loc_402CDE: ; CODE XREF: sub_401610+163F�j
; sub_401610+1655�j ...
mov byte ptr [esi+ebx], 0
test esi, esi
jmp loc_401A3A
; ---------------------------------------------------------------------------
loc_402CE9: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [edi], 0 ; jumptable 0040166B case 56
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push [ebp+nShowCmd.dwLowDateTime] ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push 2
pop ecx
call sub_4014F2
push eax ; lDistanceToMove
push edi
call sub_405F74
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
cmp [ebp+dwFileAttributes], 0
jl loc_4031D2 ; default
; jumptable 0040166B cases 64,65
jmp loc_403166
; ---------------------------------------------------------------------------
loc_402D1C: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [edi], 0 ; jumptable 0040166B case 57
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
call sub_405F74
push eax ; hFindFile
call ds:FindClose ; FindClose
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_402D37: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
cmp byte ptr [ebx], 0 ; jumptable 0040166B case 58
jz loc_401A1A
lea eax, [ebp+FindFileData]
push eax ; lpFindFileData
push ebx
call sub_405F74
push eax ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jz loc_401A1A
loc_402D5C: ; CODE XREF: sub_401610+1783�j
lea eax, [ebp+FindFileData.cFileName]
push eax
push edi
jmp loc_4030E5
; ---------------------------------------------------------------------------
loc_402D69: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
push 2 ; jumptable 0040166B case 59
pop esi
call sub_401508
lea ecx, [ebp+FindFileData]
push ecx ; lpFindFileData
push eax ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
cmp eax, 0FFFFFFFFh
jnz short loc_402D8C
mov byte ptr [ebx], 0
jmp loc_402BD5
; ---------------------------------------------------------------------------
loc_402D8C: ; CODE XREF: sub_401610+1772�j
push eax ; int
push ebx ; LPSTR
call sub_405F5B
jmp short loc_402D5C
; ---------------------------------------------------------------------------
loc_402D95: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor esi, esi ; jumptable 0040166B case 60
mov [ebp+lpAppName], 0FFFFFD66h
call sub_401508
and [ebp+pBlock], esi
test byte ptr dword_426444+1, 4
mov edi, ds:lstrcatA
mov [ebp+FilePart], eax
jz loc_402E63
push eax ; lpString
call lstrlenA ; lstrlenA
push lpString ; lpString
mov esi, eax
call lstrlenA ; lstrlenA
lea ecx, [eax+esi+1]
mov eax, 105h
cmp ecx, eax
jb short loc_402DEB
push lpString ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+esi+1]
loc_402DEB: ; CODE XREF: sub_401610+17CA�j
push eax ; dwBytes
call sub_405DBB
mov ebx, eax
test ebx, ebx
mov [ebp+hWndParent], ebx
jz short loc_402E4D
push lpString ; lpString2
push ebx ; lpString1
call lstrcpyA ; lstrcpyA
push 5Ch ; char
push [ebp+FilePart] ; lpszStart
call sub_4061D3
test eax, eax
jz short loc_402E18
inc eax
push eax
jmp short loc_402E1B
; ---------------------------------------------------------------------------
loc_402E18: ; CODE XREF: sub_401610+1802�j
push [ebp+FilePart] ; lpString2
loc_402E1B: ; CODE XREF: sub_401610+1806�j
push ebx ; lpString1
call edi ; lstrcatA
push ebx ; lpString
call lstrlenA ; lstrlenA
lea esi, [eax+ebx-1]
jmp short loc_402E39
; ---------------------------------------------------------------------------
loc_402E2A: ; CODE XREF: sub_401610+182E�j
cmp byte ptr [esi], 5Ch
jz short loc_402E40
push esi ; lpszCurrent
push ebx ; lpszStart
call ds:CharPrevA ; CharPrevA
mov esi, eax
loc_402E39: ; CODE XREF: sub_401610+1818�j
cmp esi, ebx
mov [ebp+pBlock], esi
ja short loc_402E2A
loc_402E40: ; CODE XREF: sub_401610+181D�j
push ebx ; lpFileName
mov byte ptr [esi], 0
call sub_406301
test eax, eax
jnz short loc_402E57
loc_402E4D: ; CODE XREF: sub_401610+94�j
; sub_401610+A3�j ...
mov eax, 7FFFFFFFh
jmp loc_4031DD
; ---------------------------------------------------------------------------
loc_402E57: ; CODE XREF: sub_401610+183B�j
push ebx ; lpString2
push [ebp+FilePart] ; lpString1
mov byte ptr [esi], 5Ch
call lstrcpyA ; lstrcpyA
loc_402E63: ; CODE XREF: sub_401610+17A6�j
push [ebp+FilePart]
call sub_405DE6
test eax, eax
push [ebp+FilePart] ; lpString2
mov ebx, offset byte_40A888
jz short loc_402E7F
push ebx ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_402E93
; ---------------------------------------------------------------------------
loc_402E7F: ; CODE XREF: sub_401610+1865�j
push offset byte_42C400 ; lpString2
push ebx ; lpString1
call lstrcpyA ; lstrcpyA
push eax ; lpString1
call sub_4061A6
push eax ; lpString1
call edi ; lstrcatA
loc_402E93: ; CODE XREF: sub_401610+186D�j
push ebx ; lpszCurrent
call sub_406009
push 2 ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push ebx ; lpFileName
call sub_405E7A
cmp eax, 0FFFFFFFFh
mov [ebp+dwResult], eax
jz loc_402F5E
mov eax, dwBytes
push eax ; dwBytes
mov [ebp+puLen], eax
call sub_405DBB
test eax, eax
mov [ebp+lpString2], eax
jz loc_402F55
push 0 ; lDistanceToMove
call sub_403409
push [ebp+puLen] ; NumberOfBytesRead
push [ebp+lpString2] ; lpBuffer
call sub_4033D7
push [ebp+dwBytes] ; dwBytes
call sub_405DBB
mov esi, eax
test esi, esi
mov [ebp+lpAppName], esi
jz short loc_402F27
push [ebp+dwBytes] ; NumberOfBytesWritten
push esi ; lpBuffer
push 0 ; hFile
push [ebp+dwFileAttributes] ; Buffer
call sub_40362B
jmp short loc_402F19
; ---------------------------------------------------------------------------
loc_402EFE: ; CODE XREF: sub_401610+190C�j
mov ecx, [esi]
mov eax, [esi+4]
push ecx
mov [ebp+FileOp.pt.x], ecx
mov ecx, [ebp+lpString2]
add esi, 8
push esi
add eax, ecx
push eax
call sub_405E5A
add esi, [ebp+FileOp.pt.x]
loc_402F19: ; CODE XREF: sub_401610+18EC�j
cmp byte ptr [esi], 0
jnz short loc_402EFE
push [ebp+lpAppName] ; hMem
call ds:GlobalFree ; GlobalFree
loc_402F27: ; CODE XREF: sub_401610+18DC�j
xor esi, esi
push esi ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push [ebp+puLen] ; nNumberOfBytesToWrite
push [ebp+lpString2] ; lpBuffer
push [ebp+dwResult] ; hFile
call ds:WriteFile ; WriteFile
push [ebp+lpString2] ; hMem
call ds:GlobalFree ; GlobalFree
push esi ; NumberOfBytesWritten
push esi ; lpBuffer
push [ebp+dwResult] ; hFile
push 0FFFFFFFFh ; Buffer
call sub_40362B
mov [ebp+lpAppName], eax
loc_402F55: ; CODE XREF: sub_401610+18B5�j
push [ebp+dwResult] ; hObject
call ds:CloseHandle ; CloseHandle
loc_402F5E: ; CODE XREF: sub_401610+189C�j
push ebx
push [ebp+lpAppName] ; arglist
push offset aCreatedUninsta ; "created uninstaller: %d, \"%s\""
call sub_40614C
add esp, 0Ch
cmp [ebp+lpAppName], 0
push 0FFFFFFF3h
pop esi
jge short loc_402F89
push 0FFFFFFEFh
pop esi
push ebx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
mov [ebp+var_4], 1
loc_402F89: ; CODE XREF: sub_401610+1966�j
push esi
call sub_4014E1
test byte ptr dword_426444+1, 4
jz loc_4031C3
mov eax, [ebp+pBlock]
mov esi, [ebp+FilePart]
push offset asc_408330 ; " /x \""
push esi ; lpString1
mov byte ptr [eax], 0
call edi ; lstrcatA
push lpString ; lpString2
push esi ; lpString1
call edi ; lstrcatA
push offset a_? ; "\" _?="
push esi ; lpString1
call edi ; lstrcatA
push [ebp+hWndParent] ; lpString2
push esi ; lpString1
call edi ; lstrcatA
push [ebp+hWndParent] ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405D01
test eax, eax
mov [ebp+FilePart], eax
push esi ; arglist
jz short loc_40304A
push offset aFileExtraction ; "File Extraction: success (\"%s\")"
call sub_40614C
mov edi, ds:WaitForSingleObject
pop ecx
pop ecx
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call edi ; WaitForSingleObject
mov esi, 102h
cmp eax, esi
jnz short loc_403026
mov ebx, ds:PeekMessageA
jmp short loc_403009
; ---------------------------------------------------------------------------
loc_402FFF: ; CODE XREF: sub_401610+1A09�j
lea eax, [ebp+FileOp]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_403009: ; CODE XREF: sub_401610+19ED�j
; sub_401610+1A14�j
push 1 ; wRemoveMsg
push 0Fh ; wMsgFilterMax
push 0Fh ; wMsgFilterMin
lea eax, [ebp+FileOp]
push 0 ; hWnd
push eax ; lpMsg
call ebx ; PeekMessageA
test eax, eax
jnz short loc_402FFF
push 64h ; dwMilliseconds
push [ebp+FilePart] ; hHandle
call edi ; WaitForSingleObject
cmp eax, esi
jz short loc_403009
loc_403026: ; CODE XREF: sub_401610+19E5�j
lea eax, [ebp+puLen]
push eax ; lpExitCode
push [ebp+FilePart] ; hProcess
call ds:GetExitCodeProcess ; GetExitCodeProcess
cmp [ebp+puLen], 0
jz short loc_40303C
inc [ebp+var_4]
loc_40303C: ; CODE XREF: sub_401610+1A27�j
push [ebp+FilePart] ; hObject
call ds:CloseHandle ; CloseHandle
jmp loc_4031C3
; ---------------------------------------------------------------------------
loc_40304A: ; CODE XREF: sub_401610+19C3�j
inc [ebp+var_4]
push offset aFileExtracti_0 ; "File Extraction: failed createprocess o"...
call sub_40614C
pop ecx
pop ecx
jmp loc_4031C3
; ---------------------------------------------------------------------------
loc_40305E: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
test esi, esi ; jumptable 0040166B case 61
jz short loc_403097
push edx ; arglist
push offset aSettingsLoggin ; "settings logging to %d"
call sub_40614C
mov eax, [ebp+dwFileAttributes]
push eax ; arglist
push offset aLoggingSetToD ; "logging set to %d"
mov dword_423F78, eax
call sub_40614C
add esp, 10h
cmp [ebp+dwFileAttributes], 0
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
call sub_4040E9
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403097: ; CODE XREF: sub_401610+1A50�j
xor esi, esi
inc esi
call sub_401508
push eax ; arglist
push offset aS ; "%s"
loc_4030A5: ; CODE XREF: sub_401610+369�j
; sub_401610+37B�j ...
call sub_40614C
pop ecx
loc_4030AB: ; CODE XREF: sub_401610+22D�j
pop ecx
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4030B1: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 62
call sub_4014F2
mov edi, eax
cmp edi, dword_42640C
jnb loc_401A40
mov eax, [ebp+dwBytes]
mov esi, edi
imul esi, 418h
add esi, dword_426408
test eax, eax
jl short loc_4030F2
mov ecx, [esi+eax*4]
jnz short loc_4030EF
add esi, 18h
push esi ; lpString2
push ebx ; lpString1
loc_4030E5: ; CODE XREF: sub_401610+9D5�j
; sub_401610+1754�j
call lstrcpyA ; lstrcpyA
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_4030EF: ; CODE XREF: sub_401610+1ACE�j
push ecx
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_4030F2: ; CODE XREF: sub_401610+1AC9�j
or ecx, 0FFFFFFFFh
sub ecx, eax
mov [ebp+dwBytes], ecx
jz short loc_403109
xor ecx, ecx
inc ecx
call sub_4014F2
mov [ebp+dwFileAttributes], eax
jmp short loc_403119
; ---------------------------------------------------------------------------
loc_403109: ; CODE XREF: sub_401610+1AEA�j
push [ebp+nShowCmd.dwHighDateTime] ; lpString2
lea eax, [esi+18h]
push eax ; lpString1
call sub_4065B7
or byte ptr [esi+9], 1
loc_403119: ; CODE XREF: sub_401610+1AF7�j
mov eax, [ebp+dwBytes]
mov ecx, [ebp+dwFileAttributes]
mov [esi+eax*4], ecx
cmp [ebp+nShowCmd.dwLowDateTime], 0
jz loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push edi
call sub_40117D
jmp loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403137: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
xor ecx, ecx ; jumptable 0040166B case 63
call sub_4014F2
cmp eax, 20h
jnb loc_401A40
xor ecx, ecx
cmp [ebp+nShowCmd.dwLowDateTime], ecx
jz short loc_40316F
cmp [ebp+dwBytes], ecx
jz short loc_403160
push eax
call sub_4012A8
call sub_40129E
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403160: ; CODE XREF: sub_401610+1B41�j
push ecx
call sub_4012F3
loc_403166: ; CODE XREF: sub_401610+1707�j
push eax ; int
loc_403167: ; CODE XREF: sub_401610+1AE0�j
push ebx ; LPSTR
loc_403168: ; CODE XREF: sub_401610+1BE�j
call sub_405F5B
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40316F: ; CODE XREF: sub_401610+1B3C�j
cmp [ebp+dwBytes], ecx
jz short loc_403186
mov ecx, [ebp+dwFileAttributes]
mov edx, dword_4263E8
mov [edx+eax*4+94h], ecx
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_403186: ; CODE XREF: sub_401610+1B62�j
mov ecx, dword_4263E8
push dword ptr [ecx+eax*4+94h] ; lpString2
push ebx ; lpString1
call sub_4065B7
jmp short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
; ---------------------------------------------------------------------------
loc_40319B: ; CODE XREF: sub_401610+5B�j
; DATA XREF: .text:off_4031E4�o
mov eax, dword_4229E8 ; jumptable 0040166B case 66
push 0 ; lParam
and eax, esi
push eax ; wParam
push 0Bh ; Msg
push [ebp+lpString2] ; hWnd
call ds:SendMessageA ; SendMessageA
cmp [ebp+arglist], 0
jz short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push 0 ; bErase
push 0 ; lpRect
push [ebp+lpString2] ; hWnd
call ds:InvalidateRect ; InvalidateRect
loc_4031C3: ; CODE XREF: sub_401610+668�j
; sub_401610+6DF�j ...
cmp [ebp+hWndParent], 0
jz short loc_4031D2 ; default
; jumptable 0040166B cases 64,65
push [ebp+hWndParent] ; hMem
loc_4031CC: ; CODE XREF: sub_401610+A04�j
; sub_401610+E8B�j
call ds:GlobalFree ; GlobalFree
loc_4031D2: ; CODE XREF: sub_401610+55�j
; sub_401610+5B�j ...
mov eax, [ebp+var_4] ; default
; jumptable 0040166B cases 64,65
add dword_426468, eax
loc_4031DB: ; CODE XREF: sub_401610+67E�j
; sub_401610+16A6�j
xor eax, eax
loc_4031DD: ; CODE XREF: sub_401610+72�j
; sub_401610+E9�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_401610 endp
; ---------------------------------------------------------------------------
off_4031E4 dd offset loc_401672, offset loc_401687, offset loc_4016A9
; DATA XREF: sub_401610+5B�r
dd offset loc_4016C6, offset loc_4016FE, offset loc_40174D ; jump table for switch statement
dd offset loc_401777, offset loc_4017D3, offset loc_4017FF
dd offset loc_401842, offset loc_40189E, offset loc_401790
dd offset loc_4017A7, offset loc_4017C6, offset loc_4018E0
dd offset loc_401990, offset loc_4019F5, offset loc_401A29
dd offset loc_401A4C, offset loc_401D33, offset loc_401D44
dd offset loc_401D8A, offset loc_401DAF, offset loc_401DC3
dd offset loc_401E49, offset loc_401E6C, offset loc_401EA4
dd offset loc_401EE1, offset loc_401F6D, offset loc_401F8D
dd offset loc_402043, offset loc_402043, offset loc_40210E
dd offset loc_40212C, offset loc_402149, offset loc_402166
dd offset loc_4021C3, offset loc_40223F, offset loc_402281
dd offset loc_40230E, offset loc_4023E0, offset loc_402410
dd offset loc_4024A0, offset loc_402608, offset loc_402786
dd offset loc_402819, offset loc_402840, offset loc_4028CA
dd offset loc_40290D, offset loc_4029A0, offset loc_402AC7
dd offset loc_402B3F, offset loc_402B9D, offset loc_402BB8
dd offset loc_402BDD, offset loc_402C2A, offset loc_402CE9
dd offset loc_402D1C, offset loc_402D37, offset loc_402D69
dd offset loc_402D95, offset loc_40305E, offset loc_4030B1
dd offset loc_403137, offset loc_4031D2, offset loc_4031D2
dd offset loc_40319B
off_4032F0 dd offset loc_401F06 ; DATA XREF: sub_401610+8EF�r
dd offset loc_401F0A ; jump table for switch statement
dd offset loc_401F0E
dd offset loc_401F15
dd offset loc_401F22
dd offset loc_401F26
dd offset loc_401F2A
dd offset loc_401F2E
dd offset loc_401F37
dd offset loc_401F41
dd offset loc_401F4D
dd offset loc_401F61
dd offset loc_401F65
; =============== S U B R O U T I N E =======================================
; INT_PTR __stdcall DialogFunc(HWND,UINT,WPARAM,LPARAM)
DialogFunc proc near ; DATA XREF: sub_403420+10E�o
; sub_403756+14D�o
hWnd = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
cmp eax, 110h
push ebp
mov ebp, [esp+4+hWnd]
push esi
mov esi, 113h
jnz short loc_403355
push 0 ; lpTimerFunc
push 0FAh ; uElapse
push 1 ; nIDEvent
push ebp ; hWnd
call ds:SetTimer ; SetTimer
mov eax, [esp+8+arg_C]
mov dword_41C194, eax
mov eax, esi
loc_403355: ; CODE XREF: DialogFunc+14�j
cmp eax, esi
jnz short loc_4033D0
mov ecx, dword_41C190
mov eax, nDenominator
cmp ecx, eax
jl short loc_40336A
mov ecx, eax
loc_40336A: ; CODE XREF: DialogFunc+42�j
push ebx
push edi
push eax ; nDenominator
push 64h ; nNumerator
push ecx ; nNumber
call ds:MulDiv ; MulDiv
mov edi, ds:wsprintfA
mov ebx, eax
mov eax, dword_41C194
test eax, eax
mov esi, offset String
jz short loc_4033B1
push ebx
push eax ; LPCSTR
push esi ; LPSTR
call edi ; wsprintfA
add esp, 0Ch
push esi ; lpString
push ebp ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
push esi ; lpString
push 406h ; nIDDlgItem
push ebp ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
push 5 ; nCmdShow
push ebp ; hWnd
call ds:ShowWindow ; ShowWindow
loc_4033B1: ; CODE XREF: DialogFunc+66�j
test byte ptr dword_40A040, 1
jz short loc_4033CE
push ebx
push offset a___D ; "... %d%%"
push esi ; LPSTR
call edi ; wsprintfA
add esp, 0Ch
push esi ; lpString2
push 0 ; int
call sub_40509F
loc_4033CE: ; CODE XREF: DialogFunc+94�j
pop edi
pop ebx
loc_4033D0: ; CODE XREF: DialogFunc+33�j
pop esi
xor eax, eax
pop ebp
retn 10h
DialogFunc endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4033D7(LPVOID lpBuffer,DWORD NumberOfBytesRead)
sub_4033D7 proc near ; CODE XREF: sub_401610+18C8�p
; sub_403420+7B�p ...
lpBuffer = dword ptr 8
NumberOfBytesRead= dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+NumberOfBytesRead]
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push esi ; nNumberOfBytesToRead
push [ebp+lpBuffer] ; lpBuffer
push hFile ; hFile
call ds:ReadFile ; ReadFile
test eax, eax
jz short loc_403402
cmp [ebp+NumberOfBytesRead], esi
jnz short loc_403402
xor eax, eax
inc eax
jmp short loc_403404
; ---------------------------------------------------------------------------
loc_403402: ; CODE XREF: sub_4033D7+1F�j
; sub_4033D7+24�j
xor eax, eax
loc_403404: ; CODE XREF: sub_4033D7+29�j
pop esi
pop ebp
retn 8
sub_4033D7 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403409(LONG lDistanceToMove)
sub_403409 proc near ; CODE XREF: sub_401610+18BD�p
; sub_403420+39�p ...
lDistanceToMove = dword ptr 4
push 0 ; dwMoveMethod
push 0 ; lpDistanceToMoveHigh
push [esp+8+lDistanceToMove] ; lDistanceToMove
push hFile ; hFile
call ds:SetFilePointer ; SetFilePointer
retn 4
sub_403409 endp
; =============== S U B R O U T I N E =======================================
sub_403420 proc near ; CODE XREF: sub_40362B+30�p
; sub_40362B+70�p
hWnd = dword ptr -24h
NumberOfBytesWritten= dword ptr -20h
Msg = MSG ptr -1Ch
arg_0 = dword ptr 4
sub esp, 24h
push ebx
push ebp
push esi
push edi
xor edi, edi
mov [esp+34h+hWnd], edi
call ds:GetTickCount ; GetTickCount
mov esi, dword_4201A0
sub esi, lDistanceToMove
mov ebx, eax
add esi, [esp+34h+arg_0]
add ebx, 1F4h
cmp esi, edi
jle loc_403611
push dword_4201A8 ; lDistanceToMove
call sub_403409
push edi ; dwMoveMethod
push edi ; lpDistanceToMoveHigh
push lDistanceToMove ; lDistanceToMove
push dword_40A010 ; hFile
call ds:SetFilePointer ; SetFilePointer
mov nDenominator, esi
mov dword_41C190, edi
loc_40347E: ; CODE XREF: sub_403420+1B5�j
mov eax, dword_4201A4
sub eax, dword_4201A8
mov ebp, 4000h
cmp eax, ebp
jg short loc_403494
mov ebp, eax
loc_403494: ; CODE XREF: sub_403420+70�j
push ebp ; NumberOfBytesRead
mov esi, offset dword_41C1A0
push esi ; lpBuffer
call sub_4033D7
test eax, eax
jz loc_40361D
add dword_4201A8, ebp
mov dword_414120, esi
mov dword_414124, ebp
loc_4034BA: ; CODE XREF: sub_403420+18E�j
cmp dword_4263E8, edi
jz loc_403546
cmp dword_426480, edi
jnz short loc_403546
cmp [esp+34h+hWnd], edi
jz short loc_403513
mov eax, nDenominator
sub eax, dword_4201A0
mov esi, ds:PeekMessageA
sub eax, [esp+34h+arg_0]
add eax, lDistanceToMove
mov dword_41C190, eax
jmp short loc_403501
; ---------------------------------------------------------------------------
loc_4034F6: ; CODE XREF: sub_403420+EF�j
lea eax, [esp+34h+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_403501: ; CODE XREF: sub_403420+D4�j
push 1 ; wRemoveMsg
push edi ; wMsgFilterMax
push edi ; wMsgFilterMin
lea eax, [esp+40h+Msg]
push edi ; hWnd
push eax ; lpMsg
call esi ; PeekMessageA
test eax, eax
jnz short loc_4034F6
jmp short loc_403546
; ---------------------------------------------------------------------------
loc_403513: ; CODE XREF: sub_403420+B2�j
call ds:GetTickCount ; GetTickCount
cmp eax, ebx
jbe short loc_403546
mov eax, dword_4263E0
neg eax
sbb eax, eax
not eax
and eax, offset aUnpackingDataD ; "unpacking data: %d%%"
push eax ; dwInitParam
push offset DialogFunc ; lpDialogFunc
push edi ; hWndParent
push 6Fh ; lpTemplateName
push hInstance ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
mov [esp+34h+hWnd], eax
loc_403546: ; CODE XREF: sub_403420+A0�j
; sub_403420+AC�j ...
push offset PathName
mov dword_414128, offset dword_414190
mov dword_41412C, 8000h
call sub_4069FF
test eax, eax
pop ecx
jl loc_403626
mov esi, dword_414128
mov eax, offset dword_414190
sub esi, eax
jz short loc_4035B6
push edi ; lpOverlapped
lea ecx, [esp+38h+NumberOfBytesWritten]
push ecx ; lpNumberOfBytesWritten
push esi ; nNumberOfBytesToWrite
push eax ; lpBuffer
push dword_40A010 ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jz loc_403622
cmp esi, [esp+34h+NumberOfBytesWritten]
jnz loc_403622
add lDistanceToMove, esi
cmp dword_414124, edi
jnz loc_4034BA
jmp short loc_4035C2
; ---------------------------------------------------------------------------
loc_4035B6: ; CODE XREF: sub_403420+15A�j
cmp dword_414124, edi
jnz short loc_403626
cmp ebp, edi
jz short loc_403626
loc_4035C2: ; CODE XREF: sub_403420+194�j
mov eax, dword_4201A0
mov ecx, eax
sub ecx, lDistanceToMove
add ecx, [esp+34h+arg_0]
test ecx, ecx
jg loc_40347E
push edi ; dwMoveMethod
push edi ; lpDistanceToMoveHigh
push eax ; lDistanceToMove
push dword_40A010 ; hFile
call ds:SetFilePointer ; SetFilePointer
mov esi, [esp+34h+hWnd]
cmp esi, edi
jz short loc_403611
mov eax, nDenominator
push edi ; lParam
push edi ; wParam
push 113h ; Msg
push esi ; hWnd
mov dword_41C190, eax
call ds:SendMessageA ; SendMessageA
push esi ; hWnd
call ds:DestroyWindow ; DestroyWindow
loc_403611: ; CODE XREF: sub_403420+2D�j
; sub_403420+1D0�j
xor eax, eax
loc_403613: ; CODE XREF: sub_403420+200�j
; sub_403420+209�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 24h
retn 4
; ---------------------------------------------------------------------------
loc_40361D: ; CODE XREF: sub_403420+82�j
or eax, 0FFFFFFFFh
jmp short loc_403613
; ---------------------------------------------------------------------------
loc_403622: ; CODE XREF: sub_403420+172�j
; sub_403420+17C�j
push 0FFFFFFFEh
jmp short loc_403628
; ---------------------------------------------------------------------------
loc_403626: ; CODE XREF: sub_403420+147�j
; sub_403420+19C�j ...
push 0FFFFFFFDh
loc_403628: ; CODE XREF: sub_403420+204�j
pop eax
jmp short loc_403613
sub_403420 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40362B(int Buffer,HANDLE hFile,LPVOID lpBuffer,DWORD NumberOfBytesWritten)
sub_40362B proc near ; CODE XREF: sub_401610+69D�p
; sub_401610+1460�p ...
var_8 = dword ptr -8
NumberOfBytesRead= dword ptr -4
Buffer = dword ptr 8
hFile = dword ptr 0Ch
lpBuffer = dword ptr 10h
NumberOfBytesWritten= dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+Buffer]
push esi
push edi
xor edi, edi
cmp eax, edi
jl short loc_403657
mov ecx, dword_426438
push edi ; dwMoveMethod
add eax, ecx
push edi ; lpDistanceToMoveHigh
push eax ; lDistanceToMove
push dword_40A010 ; hFile
mov dword_4201A0, eax
call ds:SetFilePointer ; SetFilePointer
loc_403657: ; CODE XREF: sub_40362B+E�j
push 4
pop esi
push esi
call sub_403420
cmp eax, edi
jl loc_403750
push ebx
mov ebx, ds:ReadFile
push edi ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push esi ; nNumberOfBytesToRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
push dword_40A010 ; hFile
call ebx ; ReadFile
test eax, eax
jz loc_40374C
cmp [ebp+NumberOfBytesRead], esi
jnz loc_40374C
push [ebp+Buffer]
add dword_4201A0, esi
call sub_403420
cmp eax, edi
mov [ebp+var_8], eax
jl loc_40374F
cmp [ebp+lpBuffer], edi
jnz short loc_40371B
cmp [ebp+Buffer], edi
jle loc_403747
mov esi, offset dword_41C1A0
loc_4036BE: ; CODE XREF: sub_40362B+E8�j
mov edi, 4000h
cmp [ebp+Buffer], edi
jge short loc_4036CB
mov edi, [ebp+Buffer]
loc_4036CB: ; CODE XREF: sub_40362B+9B�j
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesRead]
push eax ; lpNumberOfBytesRead
push edi ; nNumberOfBytesToRead
push esi ; lpBuffer
push dword_40A010 ; hFile
call ebx ; ReadFile
test eax, eax
jz short loc_40374C
cmp edi, [ebp+NumberOfBytesRead]
jnz short loc_40374C
push 0 ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push [ebp+NumberOfBytesRead] ; nNumberOfBytesToWrite
push esi ; lpBuffer
push [ebp+hFile] ; hFile
call ds:WriteFile ; WriteFile
test eax, eax
jz short loc_403717
cmp [ebp+NumberOfBytesWritten], edi
jnz short loc_403717
mov eax, [ebp+NumberOfBytesRead]
add [ebp+var_8], eax
sub [ebp+Buffer], eax
add dword_4201A0, eax
cmp [ebp+Buffer], 0
jg short loc_4036BE
jmp short loc_403747
; ---------------------------------------------------------------------------
loc_403717: ; CODE XREF: sub_40362B+CE�j
; sub_40362B+D3�j
push 0FFFFFFFEh
jmp short loc_40374E
; ---------------------------------------------------------------------------
loc_40371B: ; CODE XREF: sub_40362B+83�j
mov eax, [ebp+Buffer]
cmp eax, [ebp+NumberOfBytesWritten]
jl short loc_403726
mov eax, [ebp+NumberOfBytesWritten]
loc_403726: ; CODE XREF: sub_40362B+F6�j
push edi ; lpOverlapped
lea ecx, [ebp+NumberOfBytesRead]
push ecx ; lpNumberOfBytesRead
push eax ; nNumberOfBytesToRead
push [ebp+lpBuffer] ; lpBuffer
push dword_40A010 ; hFile
call ebx ; ReadFile
test eax, eax
jz short loc_40374C
mov eax, [ebp+NumberOfBytesRead]
add dword_4201A0, eax
mov [ebp+var_8], eax
loc_403747: ; CODE XREF: sub_40362B+88�j
; sub_40362B+EA�j
mov eax, [ebp+var_8]
jmp short loc_40374F
; ---------------------------------------------------------------------------
loc_40374C: ; CODE XREF: sub_40362B+58�j
; sub_40362B+61�j ...
push 0FFFFFFFDh
loc_40374E: ; CODE XREF: sub_40362B+EE�j
pop eax
loc_40374F: ; CODE XREF: sub_40362B+7A�j
; sub_40362B+11F�j
pop ebx
loc_403750: ; CODE XREF: sub_40362B+37�j
pop edi
pop esi
leave
retn 10h
sub_40362B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403756 proc near ; CODE XREF: start+1ED�p
var_15C = dword ptr -15Ch
lpTempFileName = byte ptr -14Ch
Msg = MSG ptr -48h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
NumberOfBytesWritten= dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
Buffer = dword ptr -8
hWnd = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14Ch
push ebx
push esi
xor ebx, ebx
push edi
mov [ebp+hWnd], ebx
call ds:GetTickCount ; GetTickCount
push 400h ; nSize
mov esi, offset szStart
push esi ; lpFilename
push hInstance ; hModule
add eax, 3E8h
mov [ebp+Buffer], eax
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
call ds:GetModuleFileNameA ; GetModuleFileNameA
push 3 ; dwCreationDisposition
push 80000000h ; dwDesiredAccess
push esi ; lpFileName
call sub_405E7A
mov edi, eax
cmp edi, 0FFFFFFFFh
mov hFile, edi
jnz short loc_4037B6
mov eax, offset aErrorLaunching ; "Error launching installer"
jmp loc_403A5B
; ---------------------------------------------------------------------------
loc_4037B6: ; CODE XREF: sub_403756+54�j
push esi ; lpszStart
call sub_406207
push ebx ; lpFileSizeHigh
push edi ; hFile
call ds:GetFileSize ; GetFileSize
cmp eax, ebx
mov nDenominator, eax
mov esi, eax
jle loc_4038F1
loc_4037D3: ; CODE XREF: sub_403756+187�j
mov eax, dwBytes
neg eax
sbb eax, eax
and eax, 7E00h
add eax, 200h
cmp esi, eax
mov edi, esi
jl short loc_4037EE
mov edi, eax
loc_4037EE: ; CODE XREF: sub_403756+94�j
push edi ; NumberOfBytesRead
push offset dword_40C108 ; lpBuffer
call sub_4033D7
test eax, eax
jz loc_4039A5
cmp dwBytes, ebx
jnz short loc_403884
push 1Ch
push offset dword_40C108
lea eax, [ebp+var_2C]
push eax
call sub_405E5A
mov ecx, [ebp+var_2C]
test ecx, 0FFFFFFE0h
jnz loc_4038BA
cmp [ebp+var_28], 0DEADBEEFh
jnz loc_4038BA
cmp [ebp+var_1C], 74736E49h
jnz short loc_4038BA
cmp [ebp+var_20], 74666F73h
jnz short loc_4038BA
cmp [ebp+var_24], 6C6C754Eh
jnz short loc_4038BA
mov eax, [ebp+var_14]
cmp eax, esi
jg loc_4039F6
or [ebp+arg_0], ecx
test byte ptr [ebp+arg_0], 8
mov edx, dword_41C190
mov dwBytes, edx
jnz short loc_403876
test byte ptr [ebp+arg_0], 4
jnz short loc_4038E3
loc_403876: ; CODE XREF: sub_403756+118�j
inc [ebp+var_10]
lea esi, [eax-4]
cmp edi, esi
jbe short loc_4038BA
mov edi, esi
jmp short loc_4038BA
; ---------------------------------------------------------------------------
loc_403884: ; CODE XREF: sub_403756+B1�j
test byte ptr [ebp+arg_0], 2
jnz short loc_4038BA
cmp [ebp+hWnd], ebx
jnz loc_40398D
call ds:GetTickCount ; GetTickCount
cmp eax, [ebp+Buffer]
jbe short loc_4038BA
push offset aVerifyingInsta ; "verifying installer: %d%%"
push offset DialogFunc ; lpDialogFunc
push ebx ; hWndParent
push 6Fh ; lpTemplateName
push hInstance ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
mov [ebp+hWnd], eax
loc_4038BA: ; CODE XREF: sub_403756+CC�j
; sub_403756+D9�j ...
cmp esi, nDenominator
jge short loc_4038D3
push edi
push offset dword_40C108
push [ebp+var_C]
call sub_40137E
mov [ebp+var_C], eax
loc_4038D3: ; CODE XREF: sub_403756+16A�j
add dword_41C190, edi
sub esi, edi
cmp esi, ebx
jg loc_4037D3
loc_4038E3: ; CODE XREF: sub_403756+11E�j
cmp [ebp+hWnd], ebx
jz short loc_4038F1
push [ebp+hWnd] ; hWnd
call ds:DestroyWindow ; DestroyWindow
loc_4038F1: ; CODE XREF: sub_403756+77�j
; sub_403756+190�j
cmp dwBytes, ebx
jz loc_4039F6
cmp [ebp+var_10], ebx
jz short loc_40392C
push dword_41C190 ; lDistanceToMove
call sub_403409
push 4 ; NumberOfBytesRead
lea eax, [ebp+Buffer]
push eax ; lpBuffer
call sub_4033D7
test eax, eax
jz loc_4039F6
mov eax, [ebp+var_C]
cmp eax, [ebp+Buffer]
jnz loc_4039F6
loc_40392C: ; CODE XREF: sub_403756+1AA�j
push [ebp+NumberOfBytesWritten] ; dwBytes
call sub_405DBB
push offset PathName ; lpPathName
mov esi, eax
call sub_4069DB
lea eax, [ebp+lpTempFileName]
mov [esp+15Ch+var_15C], offset szCurrent
push eax ; lpTempFileName
call sub_405EA9
push ebx ; hTemplateFile
push 4000100h ; dwFlagsAndAttributes
push 2 ; dwCreationDisposition
push ebx ; lpSecurityAttributes
push ebx ; dwShareMode
push 0C0000000h ; dwDesiredAccess
lea eax, [ebp+lpTempFileName]
push eax ; lpFileName
call ds:CreateFileA ; CreateFileA
cmp eax, 0FFFFFFFFh
mov dword_40A010, eax
jnz short loc_4039B5
mov eax, offset aErrorWritingTe ; "Error writing temporary file. Make sure"...
jmp loc_403A5B
; ---------------------------------------------------------------------------
loc_403983: ; CODE XREF: sub_403756+248�j
lea eax, [ebp+Msg]
push eax ; lpMsg
call ds:DispatchMessageA ; DispatchMessageA
loc_40398D: ; CODE XREF: sub_403756+137�j
push 1 ; wRemoveMsg
push ebx ; wMsgFilterMax
push ebx ; wMsgFilterMin
lea eax, [ebp+Msg]
push ebx ; hWnd
push eax ; lpMsg
call ds:PeekMessageA ; PeekMessageA
test eax, eax
jnz short loc_403983
jmp loc_4038BA
; ---------------------------------------------------------------------------
loc_4039A5: ; CODE XREF: sub_403756+A5�j
cmp [ebp+hWnd], ebx
jz short loc_4039F6
push [ebp+hWnd] ; hWnd
call ds:DestroyWindow ; DestroyWindow
jmp short loc_4039F6
; ---------------------------------------------------------------------------
loc_4039B5: ; CODE XREF: sub_403756+221�j
mov eax, dwBytes
add eax, 1Ch
push eax ; lDistanceToMove
call sub_403409
mov ecx, [ebp+var_2C]
push [ebp+NumberOfBytesWritten] ; NumberOfBytesWritten
not ecx
and ecx, 4
mov dword_4201A8, eax
sub eax, ecx
mov ecx, [ebp+var_14]
push esi ; lpBuffer
push ebx ; hFile
lea eax, [eax+ecx-1Ch]
push 0FFFFFFFFh ; Buffer
mov dword_4201A4, eax
call sub_40362B
cmp eax, [ebp+NumberOfBytesWritten]
jz short loc_4039FD
push esi ; hMem
call ds:GlobalFree ; GlobalFree
loc_4039F6: ; CODE XREF: sub_403756+FF�j
; sub_403756+1A1�j ...
mov eax, offset aTheInstallerYo ; "The installer you are trying to use is "...
jmp short loc_403A5B
; ---------------------------------------------------------------------------
loc_4039FD: ; CODE XREF: sub_403756+297�j
test byte ptr [ebp+arg_0], 2
mov dword_4263E8, esi
jz short loc_403A0C
or dword ptr [esi], 8
loc_403A0C: ; CODE XREF: sub_403756+2B1�j
mov eax, [esi]
and eax, 18h
test byte ptr [ebp+arg_0], 10h
mov dword_426480, eax
jz short loc_403A20
or byte ptr [esi+1], 4
loc_403A20: ; CODE XREF: sub_403756+2C4�j
test byte ptr [ebp+var_2C], 1
mov eax, [esi]
mov dword_426444, eax
jz short loc_403A33
inc dword_426440
loc_403A33: ; CODE XREF: sub_403756+2D5�j
push 8
lea eax, [esi+44h]
pop ecx
loc_403A39: ; CODE XREF: sub_403756+2E9�j
sub eax, 8
add [eax], esi
dec ecx
jnz short loc_403A39
mov eax, dword_4201A0
mov [esi+3Ch], eax
push 40h
add esi, 4
push esi
push offset dword_426400
call sub_405E5A
xor eax, eax
loc_403A5B: ; CODE XREF: sub_403756+5B�j
; sub_403756+228�j ...
pop edi
pop esi
pop ebx
leave
retn 4
sub_403756 endp
; =============== S U B R O U T I N E =======================================
sub_403A62 proc near ; CODE XREF: start+4A�p start+6B�p
push esi
mov esi, offset szCurrent
push esi ; lpszCurrent
call sub_406009
push esi
call sub_405DE6
test eax, eax
jnz short loc_403A7A
pop esi
retn
; ---------------------------------------------------------------------------
loc_403A7A: ; CODE XREF: sub_403A62+14�j
push esi ; lpString1
call sub_4061A6
push 0 ; lpSecurityAttributes
push esi ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
push esi ; lpPathName
push offset byte_42C000 ; lpTempFileName
call sub_405EA9
pop esi
retn
sub_403A62 endp
; =============== S U B R O U T I N E =======================================
sub_403A96 proc near ; CODE XREF: start:loc_403DA4�p
mov eax, hFile
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:CloseHandle
jz short loc_403AB1
push eax ; hObject
call esi ; CloseHandle
or hFile, 0FFFFFFFFh
loc_403AB1: ; CODE XREF: sub_403A96+F�j
mov eax, dword_40A010
cmp eax, 0FFFFFFFFh
jz short loc_403AC5
push eax ; hObject
call esi ; CloseHandle
or dword_40A010, 0FFFFFFFFh
loc_403AC5: ; CODE XREF: sub_403A96+23�j
push 7 ; int
push offset dword_42D800 ; lpString1
call sub_4067E6
mov eax, lpString
test eax, eax
pop esi
jz short locret_403AE9
push eax ; hMem
call ds:GlobalFree ; GlobalFree
and lpString, 0
locret_403AE9: ; CODE XREF: sub_403A96+43�j
retn
sub_403A96 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
public start
start proc near
var_20 = byte ptr -20h
uExitCode = dword ptr -1Ch
lpsz = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
sub esp, 20h
push ebx
push ebp
push esi
push edi
xor edi, edi
mov [esp+30h+uExitCode], edi
mov ebx, offset aErrorWritingTe ; "Error writing temporary file. Make sure"...
mov [esp+30h+var_20], 20h
call ds:InitCommonControls ; InitCommonControls
push edi ; pvReserved
call ds:OleInitialize
push offset aNsisError ; "NSIS Error"
push offset Caption ; lpString1
mov dword_426490, eax
call lstrcpyA ; lstrcpyA
mov esi, offset szCurrent
push esi ; lpBuffer
mov ebp, 400h
push ebp ; nBufferLength
call ds:GetTempPathA ; GetTempPathA
call sub_403A62
test eax, eax
jnz short loc_403B62
push 3FBh ; uSize
push esi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push offset aTemp ; "\\Temp"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
call sub_403A62
test eax, eax
jz loc_403DA4
loc_403B62: ; CODE XREF: start+51�j
mov esi, offset byte_42C000
push esi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
push ebp ; iMaxLength
call ds:GetCommandLineA ; GetCommandLineA
mov ebx, ds:lstrcpynA
push eax ; lpString2
push esi ; lpString1
call ebx ; lstrcpynA
push 0 ; lpModuleName
call ds:GetModuleHandleA ; GetModuleHandleA
cmp ds:byte_42C000, 22h
mov hInstance, eax
jnz short loc_403B9F
mov [esp+30h+var_20], 22h
mov esi, offset byte_42C001
loc_403B9F: ; CODE XREF: start+A9�j
push dword ptr [esp+30h+var_20] ; char
push esi ; lpsz
call sub_405DCA
push eax ; lpsz
call ds:CharNextA ; CharNextA
mov esi, eax
mov [esp+30h+lpsz], esi
jmp loc_403CCC
; ---------------------------------------------------------------------------
loc_403BBB: ; CODE XREF: start+1E6�j
cmp al, 20h
jnz short loc_403BC5
loc_403BBF: ; CODE XREF: start+D9�j
inc esi
cmp byte ptr [esi], 20h
jz short loc_403BBF
loc_403BC5: ; CODE XREF: start+D3�j
cmp byte ptr [esi], 22h
mov [esp+30h+var_20], 20h
jnz short loc_403BD5
inc esi
mov [esp+30h+var_20], 22h
loc_403BD5: ; CODE XREF: start+E3�j
cmp byte ptr [esi], 2Fh
jnz loc_403CBA
inc esi
mov al, [esi]
cmp al, 53h
jnz short loc_403BF3
mov cl, [esi+1]
or cl, 20h
cmp cl, 20h
jnz short loc_403BF3
or edi, 2
loc_403BF3: ; CODE XREF: start+F9�j start+104�j
cmp dword ptr [esi], 4352434Eh
jnz short loc_403C09
mov cl, [esi+4]
or cl, 20h
cmp cl, 20h
jnz short loc_403C09
or edi, 4
loc_403C09: ; CODE XREF: start+10F�j start+11A�j
cmp dword ptr [esi-2], 3D442F20h
jz loc_403D2D
cmp al, 58h
jz short loc_403C22
cmp al, 78h
jnz loc_403CBA
loc_403C22: ; CODE XREF: start+12E�j
mov al, [esi+1]
or al, 20h
cmp al, 20h
jnz loc_403CBA
lea eax, [esi+2]
mov cl, [eax]
or edi, 12h
cmp cl, 22h
mov [esp+30h+var_14], edi
jnz short loc_403C49
mov [esp+30h+var_20], cl
add esi, 3
jmp short loc_403C61
; ---------------------------------------------------------------------------
loc_403C49: ; CODE XREF: start+154�j
cmp cl, 20h
jz loc_403D03
test cl, cl
jz loc_403D03
mov [esp+30h+var_20], 20h
mov esi, eax
loc_403C61: ; CODE XREF: start+15D�j
push dword ptr [esp+30h+var_20] ; char
push esi ; lpsz
call sub_405DCA
test eax, eax
jz loc_403D41
sub eax, esi
inc eax
inc eax
push ebp ; dwBytes
mov edi, eax
call sub_405DBB
test eax, eax
mov lpString, eax
jz loc_403D48
cmp edi, ebp
jbe short loc_403C92
mov edi, ebp
loc_403C92: ; CODE XREF: start+1A4�j
dec edi
push edi ; iMaxLength
push esi ; lpString2
push eax ; lpString1
call ebx ; lstrcpynA
push lpString ; lpString1
call sub_4061A6
push 0 ; lpSecurityAttributes
push lpString ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
mov edi, [esp+30h+var_14]
mov [esp+30h+var_20], 2Fh
loc_403CBA: ; CODE XREF: start+EE�j start+132�j ...
push dword ptr [esp+30h+var_20] ; char
push esi ; lpsz
call sub_405DCA
mov esi, eax
cmp byte ptr [esi], 22h
jnz short loc_403CCC
inc esi
loc_403CCC: ; CODE XREF: start+CC�j start+1DF�j ...
mov al, [esi]
test al, al
jnz loc_403BBB
loc_403CD6: ; CODE XREF: start+255�j
push edi
call sub_403756
mov ebx, eax
xor ebp, ebp
cmp ebx, ebp
jnz loc_403DA4
cmp dword_426440, ebp
jz loc_403D8D
mov edi, [esp+30h+lpsz]
push ebp ; char
push edi ; lpsz
call sub_405DCA
mov esi, eax
jmp short loc_403D58
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: start+162�j start+16A�j
push ebp ; dwBytes
call sub_405DBB
test eax, eax
mov lpString, eax
jz short loc_403D22
push offset aCNsis_extractf ; "C:\\NSIS_ExtractFiles\\"
push eax ; lpString1
call lstrcpyA ; lstrcpyA
mov eax, lpString
loc_403D22: ; CODE XREF: start+226�j
push 0 ; lpSecurityAttributes
push eax ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
jmp short loc_403CCC
; ---------------------------------------------------------------------------
loc_403D2D: ; CODE XREF: start+126�j
mov byte ptr [esi-2], 0
add esi, 2
push esi ; lpString2
push offset byte_42C400 ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_403CD6
; ---------------------------------------------------------------------------
loc_403D41: ; CODE XREF: start+183�j
mov ebx, offset aExtractionPath ; "Extraction pathname not properly delimi"...
jmp short loc_403DA4
; ---------------------------------------------------------------------------
loc_403D48: ; CODE XREF: start+19C�j
mov ebx, offset aOutOfMemory ; "Out of Memory"
jmp short loc_403DA4
; ---------------------------------------------------------------------------
loc_403D4F: ; CODE XREF: start+270�j
cmp dword ptr [esi], 3D3F5F20h
jz short loc_403D5C
dec esi
loc_403D58: ; CODE XREF: start+217�j
cmp esi, edi
jnb short loc_403D4F
loc_403D5C: ; CODE XREF: start+26B�j
cmp esi, edi
mov ebx, offset aErrorLaunching ; "Error launching installer"
jb short loc_403DC9
mov byte ptr [esi], 0
add esi, 4
push esi ; lpString2
call sub_40622D
test eax, eax
jz short loc_403DA4
push esi ; lpString2
push offset byte_42C400 ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpString2
push offset CurrentDirectory ; lpString1
call lstrcpyA ; lstrcpyA
xor ebx, ebx
loc_403D8D: ; CODE XREF: start+204�j
or dword_42648C, 0FFFFFFFFh
call sub_405A5A
push 1 ; NumberOfBytesWritten
mov [esp+34h+uExitCode], eax
call sub_4060AD
loc_403DA4: ; CODE XREF: start+72�j start+1F8�j ...
call sub_403A96
call ds:OleUninitialize
test ebx, ebx
jz loc_403ECA
push 200010h ; int
push ebx ; lpText
call sub_405D79
push 2
jmp loc_403F86
; ---------------------------------------------------------------------------
loc_403DC9: ; CODE XREF: start+279�j
mov dword ptr [esp+30h+var_20], ebp
mov edi, offset NewFileName
mov esi, offset byte_4201B8
mov ebp, offset ExistingFileName
loc_403DDC: ; CODE XREF: start+3D5�j
push offset szCurrent ; lpString2
push edi ; lpString1
mov byte_4201B8, 22h
call lstrcpyA ; lstrcpyA
push offset aANsisu__exe ; "A~NSISu_.exe"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push edi ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test ebx, ebx
jz loc_403EB0
push 400h ; nSize
push ebp ; lpFilename
push hInstance ; hModule
call ds:GetModuleFileNameA ; GetModuleFileNameA
push (offset aANsisu__exe+1) ; lpString2
lea eax, dword_4209AD[eax]
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz loc_403DA4
push 0 ; bFailIfExists
push edi ; lpNewFileName
push ebp ; lpExistingFileName
call ds:CopyFileA ; CopyFileA
test eax, eax
jz short loc_403EB0
push 0 ; hObject
push edi ; int
call sub_406357
cmp ds:byte_42C400, 0
jz short loc_403E61
push offset byte_42C400 ; lpString2
push ebp ; lpString1
call lstrcpyA ; lstrcpyA
jmp short loc_403E67
; ---------------------------------------------------------------------------
loc_403E61: ; CODE XREF: start+368�j
push ebp ; lpszStart
call sub_406207
loc_403E67: ; CODE XREF: start+375�j
push offset asc_408B0C ; "\" "
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push [esp+30h+lpsz] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push offset a_?_0 ; " _?="
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push ebp ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push esi ; lpString1
call sub_4061A6
push offset szCurrent ; lpCurrentDirectory
push esi ; lpCommandLine
call sub_405D01
test eax, eax
jz short loc_403EB0
push eax ; hObject
call ds:CloseHandle ; CloseHandle
xor ebx, ebx
loc_403EB0: ; CODE XREF: start+319�j start+357�j ...
inc byte ptr aANsisu__exe ; "A~NSISu_.exe"
inc dword ptr [esp+30h+var_20]
cmp dword ptr [esp+30h+var_20], 1Ah
jl loc_403DDC
jmp loc_403DA4
; ---------------------------------------------------------------------------
loc_403ECA: ; CODE XREF: start+2C7�j
cmp dword_426474, 0
jz loc_403F74
push offset ModuleName ; "ADVAPI32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz short loc_403F60
mov esi, ds:GetProcAddress
push offset ProcName ; "OpenProcessToken"
push edi ; hModule
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi ; hModule
mov [esp+38h+lpsz], eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi ; hModule
mov ebp, eax
call esi ; GetProcAddress
cmp [esp+30h+lpsz], ebx
mov esi, eax
jz short loc_403F60
cmp ebp, ebx
jz short loc_403F60
cmp esi, ebx
jz short loc_403F60
lea eax, [esp+30h+var_14]
push eax
push 28h
call ds:GetCurrentProcess ; GetCurrentProcess
push eax
call [esp+3Ch+lpsz]
test eax, eax
jz short loc_403F60
lea eax, [esp+30h+var_C]
push eax
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
push ebx
call ebp
push ebx
push ebx
push ebx
lea eax, [esp+3Ch+var_10]
push eax
push ebx
push [esp+44h+var_14]
mov [esp+48h+var_10], 1
mov [esp+48h+var_4], 2
call esi
loc_403F60: ; CODE XREF: start+3FE�j start+42A�j ...
push ebx ; dwReason
push 2 ; uFlags
call ds:ExitWindowsEx ; ExitWindowsEx
test eax, eax
jnz short loc_403F74
push 9
call sub_4014C9
loc_403F74: ; CODE XREF: start+3E7�j start+481�j
mov eax, dword_42648C
cmp eax, 0FFFFFFFFh
jz short loc_403F82
mov [esp+30h+uExitCode], eax
loc_403F82: ; CODE XREF: start+492�j
push [esp+30h+uExitCode] ; uExitCode
loc_403F86: ; CODE XREF: start+2DA�j
call ds:ExitProcess ; ExitProcess
start endp
; ---------------------------------------------------------------------------
db 0CCh
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403F8D(WPARAM wParam)
sub_403F8D proc near ; CODE XREF: sub_405202+234�p
; sub_405202+270�p ...
wParam = dword ptr 4
cmp [esp+wParam], 78h
jnz short loc_403F9A
inc dword_425BB4
loc_403F9A: ; CODE XREF: sub_403F8D+5�j
push 0 ; lParam
push [esp+4+wParam] ; wParam
push 408h ; Msg
push dword_4263E0 ; hWnd
call ds:SendMessageA ; SendMessageA
retn 4
sub_403F8D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403FB4(HWND hDlg,int,LPCSTR lpString2)
sub_403FB4 proc near ; CODE XREF: sub_40428C+64�p
; sub_40428C+71�p ...
hDlg = dword ptr 4
arg_4 = dword ptr 8
lpString2 = dword ptr 0Ch
push [esp+lpString2] ; lpString2
push 0 ; lpString1
call sub_4065B7
push eax ; lpString
mov eax, [esp+4+arg_4]
add eax, 3E8h
push eax ; nIDDlgItem
push [esp+8+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
retn 0Ch
sub_403FB4 endp
; =============== S U B R O U T I N E =======================================
sub_403FD6 proc near ; CODE XREF: sub_40428C+18A�p
; sub_40463C+305�p ...
cmp dword_42646C, 0
mov eax, dword_4211C8
jnz short loc_403FE9
mov eax, dword_4229D8
loc_403FE9: ; CODE XREF: sub_403FD6+C�j
push 1 ; lParam
push 1 ; wParam
push 0F4h ; Msg
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
retn
sub_403FD6 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_403FFA(BOOL bEnable)
sub_403FFA proc near ; CODE XREF: sub_40428C+8F�p
; sub_40428C+185�p ...
bEnable = dword ptr 4
push [esp+bEnable] ; bEnable
push dword_4229D8 ; hWnd
call ds:EnableWindow ; EnableWindow
retn 4
sub_403FFA endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40400D(WPARAM wParam)
sub_40400D proc near ; CODE XREF: sub_40428C+A5�p
; sub_40463C+E4�p ...
wParam = dword ptr 4
push 1 ; lParam
push [esp+4+wParam] ; wParam
push 28h ; Msg
push dword_4263E0 ; hWnd
call ds:SendMessageA ; SendMessageA
retn 4
sub_40400D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_404024(UINT Msg)
sub_404024 proc near ; CODE XREF: sub_4049AD+20�p
; StartAddress+76�p ...
Msg = dword ptr 4
mov eax, dword_425BA8
test eax, eax
jz short locret_40403C
push 0 ; lParam
push 0 ; wParam
push [esp+8+Msg] ; Msg
push eax ; hWnd
call ds:SendMessageA ; SendMessageA
locret_40403C: ; CODE XREF: sub_404024+7�j
retn 4
sub_404024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40403F(HDC hdc,HWND hWnd)
sub_40403F proc near ; CODE XREF: sub_40428C+299�p
; sub_404531+3D�p ...
plbrush = LOGBRUSH ptr -0Ch
hdc = dword ptr 8
hWnd = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
add eax, 0FFFFFECDh
cmp eax, 5
push esi
ja loc_4040E2
push 0FFFFFFEBh ; nIndex
push [ebp+hWnd] ; hWnd
call ds:GetWindowLongA ; GetWindowLongA
mov esi, eax
test esi, esi
jz short loc_4040E2
test byte ptr [esi+14h], 2
mov eax, [esi]
push edi
mov edi, ds:GetSysColor
jz short loc_404077
push eax ; nIndex
call edi ; GetSysColor
loc_404077: ; CODE XREF: sub_40403F+33�j
test byte ptr [esi+14h], 1
jz short loc_404087
push eax ; color
push [ebp+hdc] ; hdc
call ds:SetTextColor ; SetTextColor
loc_404087: ; CODE XREF: sub_40403F+3C�j
push dword ptr [esi+10h] ; mode
push [ebp+hdc] ; hdc
call ds:SetBkMode ; SetBkMode
test byte ptr [esi+14h], 8
mov eax, [esi+4]
mov [ebp+plbrush.lbColor], eax
jz short loc_4040A5
push eax ; nIndex
call edi ; GetSysColor
mov [ebp+plbrush.lbColor], eax
loc_4040A5: ; CODE XREF: sub_40403F+5E�j
test byte ptr [esi+14h], 4
pop edi
jz short loc_4040B6
push eax ; color
push [ebp+hdc] ; hdc
call ds:SetBkColor ; SetBkColor
loc_4040B6: ; CODE XREF: sub_40403F+6B�j
test byte ptr [esi+14h], 10h
jz short loc_4040DD
mov eax, [esi+8]
mov [ebp+plbrush.lbStyle], eax
mov eax, [esi+0Ch]
test eax, eax
jz short loc_4040D0
push eax ; ho
call ds:DeleteObject ; DeleteObject
loc_4040D0: ; CODE XREF: sub_40403F+88�j
lea eax, [ebp+plbrush]
push eax ; plbrush
call ds:CreateBrushIndirect ; CreateBrushIndirect
mov [esi+0Ch], eax
loc_4040DD: ; CODE XREF: sub_40403F+7B�j
mov eax, [esi+0Ch]
jmp short loc_4040E4
; ---------------------------------------------------------------------------
loc_4040E2: ; CODE XREF: sub_40403F+F�j
; sub_40403F+24�j
xor eax, eax
loc_4040E4: ; CODE XREF: sub_40403F+A1�j
pop esi
leave
retn 8
sub_40403F endp
; =============== S U B R O U T I N E =======================================
sub_4040E9 proc near ; CODE XREF: sub_401610+1A7D�p
; sub_40463C+3E�p ...
push offset aInstall_log ; "install.log"
push offset byte_42C400 ; lpString2
push offset byte_425780 ; lpString1
call lstrcpyA ; lstrcpyA
push eax ; lpString1
call sub_4061A6
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
retn
sub_4040E9 endp
; =============== S U B R O U T I N E =======================================
sub_40410B proc near ; CODE XREF: sub_405A5A+1A�p
; sub_405A5A:loc_405C08�p
cmp ds:byte_42D000, 0
push ebx
push ebp
push esi
push edi
mov edi, 0FFFFh
mov ebx, offset byte_42D000
jz short loc_40412A
push ebx
call sub_405F74
jmp short loc_404130
; ---------------------------------------------------------------------------
loc_40412A: ; CODE XREF: sub_40410B+15�j
call ds:GetUserDefaultLangID ; GetUserDefaultLangID
loc_404130: ; CODE XREF: sub_40410B+1D�j
xor ecx, ecx
loc_404132: ; CODE XREF: sub_40410B+8F�j
; sub_40410B+93�j
mov esi, dword_426424
test esi, esi
jz short loc_404185
mov ecx, dword_4263E8
mov ecx, [ecx+64h]
mov edx, ecx
imul ecx, esi
neg edx
add ecx, dword_426420
loc_404152: ; CODE XREF: sub_40410B+5B�j
xor ebp, ebp
add ecx, edx
mov bp, [ecx]
xor bp, ax
dec esi
and ebp, edi
test bp, bp
jz short loc_40416A
test esi, esi
jnz short loc_404152
jmp short loc_404185
; ---------------------------------------------------------------------------
loc_40416A: ; CODE XREF: sub_40410B+57�j
mov edx, [ecx+2]
mov dword_425BBC, edx
mov edx, [ecx+6]
mov dword_426488, edx
lea edx, [ecx+0Ah]
mov dword_425BC8, edx
loc_404185: ; CODE XREF: sub_40410B+2F�j
; sub_40410B+5D�j
cmp dword_425BC8, 0
jnz short loc_4041A0
cmp di, 0FFFFh
jnz short loc_40419C
mov edi, 3FFh
jmp short loc_404132
; ---------------------------------------------------------------------------
loc_40419C: ; CODE XREF: sub_40410B+88�j
xor edi, edi
jmp short loc_404132
; ---------------------------------------------------------------------------
loc_4041A0: ; CODE XREF: sub_40410B+81�j
movzx eax, word ptr [ecx]
push eax ; int
push ebx ; LPSTR
call sub_405F5B
push 0FFFFFFFEh ; lpString2
push offset Caption ; lpString1
call sub_4065B7
push eax ; lpString
push dword_4211D4 ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
mov eax, dword_42640C
test eax, eax
mov esi, dword_426408
jz short loc_4041ED
mov edi, eax
loc_4041D4: ; CODE XREF: sub_40410B+E0�j
mov eax, [esi]
test eax, eax
jz short loc_4041E4
push eax ; lpString2
lea eax, [esi+18h]
push eax ; lpString1
call sub_4065B7
loc_4041E4: ; CODE XREF: sub_40410B+CD�j
add esi, 418h
dec edi
jnz short loc_4041D4
loc_4041ED: ; CODE XREF: sub_40410B+C5�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40410B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4041F2(HWND hWnd,int,LPCITEMIDLIST pidl,LPARAM pszPath)
sub_4041F2 proc near ; DATA XREF: sub_40463C+13E�o
hWnd = dword ptr 8
arg_4 = dword ptr 0Ch
pidl = dword ptr 10h
pszPath = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push esi
mov esi, ds:SendMessageA
jnz short loc_40421E
push [ebp+pszPath] ; lpString
push 3FBh ; nIDDlgItem
call sub_405D5D
push [ebp+pszPath] ; lParam
push 1 ; wParam
push 466h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_40421E: ; CODE XREF: sub_4041F2+E�j
cmp [ebp+arg_4], 2
jnz short loc_404251
push [ebp+pszPath] ; pszPath
push [ebp+pidl] ; pidl
call ds:SHGetPathFromIDListA ; SHGetPathFromIDListA
test eax, eax
jz short loc_404242
push 7
call sub_4014C9
test eax, eax
jnz short loc_404242
inc eax
jmp short loc_404244
; ---------------------------------------------------------------------------
loc_404242: ; CODE XREF: sub_4041F2+40�j
; sub_4041F2+4B�j
xor eax, eax
loc_404244: ; CODE XREF: sub_4041F2+4E�j
push eax ; lParam
push 0 ; wParam
push 465h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404251: ; CODE XREF: sub_4041F2+30�j
xor eax, eax
pop esi
pop ebp
retn 10h
sub_4041F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404258(int,LPSTR lpString,int iMaxLength,int)
sub_404258 proc near ; DATA XREF: sub_40428C+5A�o
arg_0 = dword ptr 8
lpString = dword ptr 0Ch
iMaxLength = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+iMaxLength] ; iMaxLength
mov eax, [ebp+arg_0]
mov ecx, dword_420DB8
add ecx, eax
push ecx ; lpString2
push [ebp+lpString] ; lpString1
call ds:lstrcpynA ; lstrcpynA
push [ebp+lpString] ; lpString
call lstrlenA ; lstrlenA
mov ecx, [ebp+arg_C]
add dword_420DB8, eax
mov [ecx], eax
xor eax, eax
pop ebp
retn 10h
sub_404258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40428C(HWND hDlg,int,HDC hdc,WPARAM hWnd)
sub_40428C proc near ; DATA XREF: .data:lpDialogFunc�o
lParam = dword ptr -0Ch
var_8 = dword ptr -8
lpFile = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_4], 110h
push ebx
push esi
push edi
jnz loc_4043AC
mov ebx, [ebp+hWnd]
mov edi, [ebx+30h]
test edi, edi
jge short loc_4042BD
mov ecx, dword_425BC8
lea eax, ds:4[edi*4]
sub ecx, eax
mov edi, [ecx]
loc_4042BD: ; CODE XREF: sub_40428C+1E�j
mov eax, dword_426418
push dword ptr [ebx+34h] ; lpString2
add edi, eax
movsx eax, byte ptr [edi]
and [ebp+var_8], 0
mov [ebp+hWnd], eax
mov eax, [ebx+14h]
mov esi, eax
shr esi, 5
not esi
push 22h ; int
push [ebp+hDlg] ; hDlg
or esi, eax
inc edi
mov [ebp+lParam], edi
mov [ebp+lpFile], offset sub_404258
and esi, 1
call sub_403FB4
push dword ptr [ebx+38h] ; lpString2
push 23h ; int
push [ebp+hDlg] ; hDlg
call sub_403FB4
xor eax, eax
test esi, esi
setz al
push 1 ; uCheck
add eax, 40Ah
push eax ; nIDButton
push [ebp+hDlg] ; hDlg
call ds:CheckDlgButton ; CheckDlgButton
push esi ; bEnable
call sub_403FFA
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov ebx, eax
push ebx ; wParam
call sub_40400D
mov esi, ds:SendMessageA
push 0 ; lParam
push 1 ; wParam
push 45Bh ; Msg
push ebx ; hWnd
call esi ; SendMessageA
mov eax, dword_4263E8
mov eax, [eax+68h]
test eax, eax
jge short loc_40435D
neg eax
push eax ; nIndex
call ds:GetSysColor ; GetSysColor
loc_40435D: ; CODE XREF: sub_40428C+C6�j
push eax ; lParam
push 0 ; wParam
push 443h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
push 4010000h ; lParam
push 0 ; wParam
push 445h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
and dword_420DB8, 0
push edi ; lpString
call lstrlenA ; lstrlenA
push eax ; lParam
push 0 ; wParam
push 435h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
lea eax, [ebp+lParam]
push eax ; lParam
push [ebp+hWnd] ; wParam
push 449h ; Msg
push ebx ; hWnd
call esi ; SendMessageA
and dword_4229E4, 0
xor eax, eax
jmp loc_40452A
; ---------------------------------------------------------------------------
loc_4043AC: ; CODE XREF: sub_40428C+10�j
cmp [ebp+arg_4], 111h
mov edi, ds:GetDlgItem
mov ebx, ds:SendMessageA
jnz short loc_40441B
mov eax, [ebp+hdc]
shr eax, 10h
test ax, ax
jnz loc_40451B
xor eax, eax
cmp dword_4229E4, eax
jnz loc_40451B
mov esi, dword_4229DC
add esi, 14h
test byte ptr [esi], 20h
jz loc_40451B
push eax ; lParam
push eax ; wParam
push 0F0h ; Msg
push 40Ah ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
push eax ; hWnd
call ebx ; SendMessageA
mov ecx, [esi]
and eax, 1
and ecx, 0FFFFFFFEh
or ecx, eax
push eax ; bEnable
mov [esi], ecx
call sub_403FFA
call sub_403FD6
loc_40441B: ; CODE XREF: sub_40428C+133�j
cmp [ebp+arg_4], 4Eh
jnz loc_40450C
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
mov ecx, [ebp+hWnd]
cmp dword ptr [ecx+8], 70Bh
jnz loc_4044C7
cmp dword ptr [ecx+0Ch], 201h
mov esi, ds:SetCursor
mov edi, ds:LoadCursorA
jnz short loc_4044B2
mov edx, [ecx+18h]
mov [ebp+lParam], edx
mov edx, [ecx+1Ch]
mov [ebp+var_8], edx
sub edx, [ebp+lParam]
mov [ebp+lpFile], offset byte_424F80
cmp edx, 800h
jnb short loc_4044B2
lea ecx, [ebp+lParam]
push ecx ; lParam
push 0 ; wParam
push 44Bh ; Msg
push eax ; hWnd
call ebx ; SendMessageA
push 7F02h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call esi ; SetCursor
push 1 ; nShowCmd
push 0 ; lpDirectory
push 0 ; lpParameters
push [ebp+lpFile] ; lpFile
push offset Operation ; "open"
push [ebp+hDlg] ; hwnd
call ds:ShellExecuteA ; ShellExecuteA
push 7F00h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call esi ; SetCursor
mov ecx, [ebp+hWnd]
loc_4044B2: ; CODE XREF: sub_40428C+1C6�j
; sub_40428C+1E4�j
cmp dword ptr [ecx+0Ch], 20h
jnz short loc_4044C7
push 7F89h ; lpCursorName
push 0 ; hInstance
call edi ; LoadCursorA
push eax ; hCursor
call esi ; SetCursor
mov ecx, [ebp+hWnd]
loc_4044C7: ; CODE XREF: sub_40428C+1AD�j
; sub_40428C+22A�j
cmp dword ptr [ecx+8], 700h
jnz short loc_40451E
cmp dword ptr [ecx+0Ch], 100h
jnz short loc_40451E
cmp dword ptr [ecx+10h], 0Dh
jnz short loc_4044F3
push 0 ; lParam
push 1 ; wParam
push 111h ; Msg
push dword_4263E0 ; hWnd
call ebx ; SendMessageA
mov ecx, [ebp+hWnd]
loc_4044F3: ; CODE XREF: sub_40428C+251�j
cmp dword ptr [ecx+10h], 1Bh
jnz short loc_404507
push 0 ; lParam
push 0 ; wParam
push 10h ; Msg
push dword_4263E0 ; hWnd
call ebx ; SendMessageA
loc_404507: ; CODE XREF: sub_40428C+26B�j
xor eax, eax
inc eax
jmp short loc_40452A
; ---------------------------------------------------------------------------
loc_40450C: ; CODE XREF: sub_40428C+193�j
cmp [ebp+arg_4], 40Bh
jnz short loc_40451B
inc dword_4229E4
loc_40451B: ; CODE XREF: sub_40428C+13E�j
; sub_40428C+14C�j ...
mov ecx, [ebp+hWnd]
loc_40451E: ; CODE XREF: sub_40428C+242�j
; sub_40428C+24B�j
mov eax, [ebp+arg_4]
push ecx ; hWnd
push [ebp+hdc] ; hdc
call sub_40403F
loc_40452A: ; CODE XREF: sub_40428C+11B�j
; sub_40428C+27E�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40428C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404531(HWND hDlg,int,HDC hdc,HWND hWnd)
sub_404531 proc near ; DATA XREF: .data:0040A038�o
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
hWnd = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 110h
push esi
mov esi, [ebp+hWnd]
jnz short loc_404567
push dword ptr [esi+30h] ; lpString2
push 1Dh ; int
push [ebp+hDlg] ; hDlg
call sub_403FB4
mov eax, [esi+3Ch]
shl eax, 0Ah
add eax, offset dword_427000
push eax ; lpString
push 3E8h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_404567: ; CODE XREF: sub_404531+E�j
mov eax, [ebp+arg_4]
push esi ; hWnd
push [ebp+hdc] ; hdc
call sub_40403F
pop esi
pop ebp
retn 10h
sub_404531 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404578(int nIDDlgItem,LPCSTR lpString2)
sub_404578 proc near ; CODE XREF: sub_40463C+2A5�p
; sub_40463C+2B4�p ...
var_40 = byte ptr -40h
String1 = byte ptr -20h
nIDDlgItem = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 40h
push ebx
push esi
push edi
push 14h
pop edi
mov esi, eax
cmp esi, 400h
push 0FFFFFFDCh
pop ebx
jnb short loc_404597
xor edi, edi
push 0FFFFFFDEh
jmp short loc_4045A4
; ---------------------------------------------------------------------------
loc_404597: ; CODE XREF: sub_404578+17�j
cmp esi, 100000h
jnb short loc_4045A5
push 0Ah
pop edi
push 0FFFFFFDDh
loc_4045A4: ; CODE XREF: sub_404578+1D�j
pop ebx
loc_4045A5: ; CODE XREF: sub_404578+25�j
push 0FFFFFFDFh ; lpString2
lea eax, [ebp+String1]
push eax ; lpString1
call sub_4065B7
push eax
push ebx ; lpString2
lea eax, [ebp+var_40]
push eax ; lpString1
call sub_4065B7
push eax
lea eax, [esi+esi*4]
push 0Ah
shl eax, 1
mov ecx, edi
shr eax, cl
pop ecx
xor edx, edx
div ecx
mov ecx, edi
shr esi, cl
push edx
push esi
push offset aU_USS ; "%u.%u%s%s"
push [ebp+lpString2] ; lpString2
mov esi, offset byte_4219D8
push esi ; lpString1
call sub_4065B7
push esi ; lpString
mov edi, eax
call lstrlenA ; lstrlenA
add edi, eax
push edi ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 18h
push esi ; lpString
push [ebp+nIDDlgItem] ; nIDDlgItem
push dword_425BA8 ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
pop edi
pop esi
pop ebx
leave
retn 8
sub_404578 endp
; =============== S U B R O U T I N E =======================================
sub_40460F proc near ; CODE XREF: sub_40463C+281�p
; sub_404A94+5A7�p ...
arg_0 = dword ptr 4
mov edx, dword_42640C
mov ecx, dword_426408
xor eax, eax
test edx, edx
jz short locret_404639
push esi
loc_404622: ; CODE XREF: sub_40460F+27�j
test byte ptr [ecx+8], 1
jz short loc_40462F
mov esi, [esp+4+arg_0]
add eax, [ecx+esi*4]
loc_40462F: ; CODE XREF: sub_40460F+17�j
add ecx, 418h
dec edx
jnz short loc_404622
pop esi
locret_404639: ; CODE XREF: sub_40460F+10�j
retn 4
sub_40460F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40463C(HWND hDlg,int,HDC hdc,int)
sub_40463C proc near ; DATA XREF: .data:0040A030�o
bi = _browseinfoA ptr -48h
var_28 = dword ptr -28h
TotalNumberOfClusters= dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
BytesPerSector = dword ptr -18h
var_14 = byte ptr -14h
SectorsPerCluster= dword ptr -10h
nNumerator = dword ptr -0Ch
hWnd = dword ptr -8
lpString2 = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_4229DC
push ebx
push esi
mov esi, [eax+3Ch]
shl esi, 0Ah
mov [ebp+var_20], eax
mov eax, [eax+38h]
add esi, offset dword_427000
cmp [ebp+arg_4], 40Bh
push edi
mov [ebp+lpString2], eax
mov ebx, 3FBh
jnz short loc_404692
push esi ; lpString
push ebx ; nIDDlgItem
call sub_405D5D
push esi ; lpszCurrent
call sub_406009
call sub_4040E9
push 3F0h ; nIDButton
push [ebp+hDlg] ; hDlg
call ds:IsDlgButtonChecked ; IsDlgButtonChecked
mov dword_423F78, eax
loc_404692: ; CODE XREF: sub_40463C+2F�j
cmp [ebp+arg_4], 110h
jnz loc_404725
push 10h ; vKey
call ds:GetAsyncKeyState ; GetAsyncKeyState
test ah, ah
mov edi, ds:GetDlgItem
jns short loc_4046D5
push 3F0h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
push 0FFFFFFE0h ; lpString2
push 8 ; int
push [ebp+hDlg] ; hDlg
mov [ebp+hWnd], eax
call sub_403FB4
push 8 ; nCmdShow
push [ebp+hWnd] ; hWnd
call ds:ShowWindow ; ShowWindow
loc_4046D5: ; CODE XREF: sub_40463C+73�j
push esi
call sub_405DE6
test eax, eax
jz short loc_4046EF
push esi ; lpsz
call sub_405E0D
test eax, eax
jnz short loc_4046EF
push esi ; lpString1
call sub_4061A6
loc_4046EF: ; CODE XREF: sub_40463C+A1�j
; sub_40463C+AB�j
push esi ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
mov eax, [ebp+arg_C]
push dword ptr [eax+34h] ; lpString2
push 1 ; int
push [ebp+hDlg] ; hDlg
call sub_403FB4
mov eax, [ebp+arg_C]
push dword ptr [eax+30h] ; lpString2
push 14h ; int
push [ebp+hDlg] ; hDlg
call sub_403FB4
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call edi ; GetDlgItem
push eax ; wParam
call sub_40400D
loc_404725: ; CODE XREF: sub_40463C+5D�j
cmp [ebp+arg_4], 111h
jnz loc_4047ED
movzx eax, word ptr [ebp+hdc]
cmp eax, ebx
jnz short loc_404752
mov ecx, [ebp+hdc]
shr ecx, 10h
cmp cx, 300h
jnz loc_40494C
mov [ebp+arg_4], 40Fh
loc_404752: ; CODE XREF: sub_40463C+FC�j
cmp eax, 3E9h
jnz loc_4047ED
push 7
pop ecx
push [ebp+lpString2] ; lpString2
xor eax, eax
lea edi, [ebp+bi.pidlRoot]
rep stosd
mov eax, [ebp+hDlg]
mov edi, offset byte_4219D8
push 0 ; lpString1
mov [ebp+bi.hwndOwner], eax
mov [ebp+bi.pszDisplayName], edi
mov [ebp+bi.lpfn], offset sub_4041F2
mov [ebp+bi.lParam], esi
call sub_4065B7
mov [ebp+bi.lpszTitle], eax
lea eax, [ebp+bi]
push eax ; lpbi
mov [ebp+bi.ulFlags], 41h
call ds:SHBrowseForFolderA ; SHBrowseForFolderA
test eax, eax
jz short loc_4047ED
push eax
call sub_405CD6
mov eax, dword_4263E8
mov eax, [eax+11Ch]
test eax, eax
jz short loc_4047DD
push eax ; lpString2
push 0 ; lpString1
call sub_4065B7
push edi ; lpString2
mov edi, offset byte_424F80
push edi ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jz short loc_4047DD
push edi ; lpString2
push esi ; lpString1
call sub_4061A6
push eax ; lpString1
call ds:lstrcatA ; lstrcatA
loc_4047DD: ; CODE XREF: sub_40463C+178�j
; sub_40463C+191�j
inc dword_420DC4
push esi ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_4047ED: ; CODE XREF: sub_40463C+F0�j
; sub_40463C+11B�j ...
cmp [ebp+arg_4], 40Fh
jz short loc_404803
cmp [ebp+arg_4], 405h
jnz loc_40494C
loc_404803: ; CODE XREF: sub_40463C+1B8�j
and [ebp+lpString2], 0
and [ebp+hWnd], 0
push esi ; lpString
push ebx ; nIDDlgItem
or edi, 0FFFFFFFFh
call sub_405D5D
push esi ; lpString2
call sub_40622D
test eax, eax
jnz short loc_404826
mov [ebp+lpString2], 1
loc_404826: ; CODE XREF: sub_40463C+1E1�j
push esi ; lpString2
mov esi, offset RootPathName
push esi ; lpString1
call lstrcpyA ; lstrcpyA
push esi ; lpsz
call sub_405E0D
test eax, eax
jz short loc_40483F
mov byte ptr [eax], 0
loc_40483F: ; CODE XREF: sub_40463C+1FE�j
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
mov ebx, 400h
jz short loc_404885
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
test eax, eax
jz short loc_404885
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_14]
push ecx
lea ecx, [ebp+var_28]
push ecx
push esi
call eax
test eax, eax
jz short loc_404885
mov edi, [ebp+var_28]
mov eax, [ebp+TotalNumberOfClusters]
shrd edi, eax, 0Ah
shr eax, 0Ah
jmp short loc_4048B4
; ---------------------------------------------------------------------------
loc_404885: ; CODE XREF: sub_40463C+215�j
; sub_40463C+225�j ...
lea eax, [ebp+TotalNumberOfClusters]
push eax ; lpTotalNumberOfClusters
lea eax, [ebp+nNumerator]
push eax ; lpNumberOfFreeClusters
lea eax, [ebp+BytesPerSector]
push eax ; lpBytesPerSector
lea eax, [ebp+SectorsPerCluster]
push eax ; lpSectorsPerCluster
push esi ; lpRootPathName
call ds:GetDiskFreeSpaceA ; GetDiskFreeSpaceA
test eax, eax
jz short loc_4048BB
mov eax, [ebp+SectorsPerCluster]
imul eax, [ebp+BytesPerSector]
push ebx ; nDenominator
push [ebp+nNumerator] ; nNumerator
push eax ; nNumber
call ds:MulDiv ; MulDiv
mov edi, eax
loc_4048B4: ; CODE XREF: sub_40463C+247�j
mov [ebp+hWnd], 1
loc_4048BB: ; CODE XREF: sub_40463C+262�j
push 5
call sub_40460F
cmp edi, eax
jnb short loc_4048CD
mov [ebp+lpString2], 2
loc_4048CD: ; CODE XREF: sub_40463C+288�j
mov ecx, dword_425BC8
xor esi, esi
cmp [ecx+10h], esi
jz short loc_404905
push 0FFFFFFFBh ; lpString2
push 3FFh ; nIDDlgItem
call sub_404578
cmp [ebp+hWnd], esi
jz short loc_4048F7
push 0FFFFFFFCh ; lpString2
push ebx ; nIDDlgItem
mov eax, edi
call sub_404578
jmp short loc_404905
; ---------------------------------------------------------------------------
loc_4048F7: ; CODE XREF: sub_40463C+2AD�j
push offset word_408BBE ; lpString
push ebx ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call SetDlgItemTextA ; SetDlgItemTextA
loc_404905: ; CODE XREF: sub_40463C+29C�j
; sub_40463C+2B9�j
mov eax, [ebp+lpString2]
cmp eax, esi
mov dword_426484, eax
jnz short loc_40491B
push 7
call sub_4014C9
mov [ebp+lpString2], eax
loc_40491B: ; CODE XREF: sub_40463C+2D3�j
mov eax, [ebp+var_20]
test [eax+14h], ebx
jz short loc_404926
mov [ebp+lpString2], esi
loc_404926: ; CODE XREF: sub_40463C+2E5�j
xor eax, eax
cmp [ebp+lpString2], esi
setz al
push eax ; bEnable
call sub_403FFA
cmp [ebp+lpString2], esi
jnz short loc_404946
cmp dword_420DC4, esi
jnz short loc_404946
call sub_403FD6
loc_404946: ; CODE XREF: sub_40463C+2FB�j
; sub_40463C+303�j
mov dword_420DC4, esi
loc_40494C: ; CODE XREF: sub_40463C+109�j
; sub_40463C+1C1�j
push [ebp+arg_C] ; hWnd
mov eax, [ebp+arg_4]
push [ebp+hdc] ; hdc
call sub_40403F
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40463C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404961(HWND hWnd)
sub_404961 proc near ; CODE XREF: sub_4049AD+59�p
; sub_404A94+2D3�p
lParam = tagPOINT ptr -10h
var_8 = byte ptr -8
var_4 = dword ptr -4
hWnd = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
call ds:GetMessagePos ; GetMessagePos
movsx ecx, ax
shr eax, 10h
movsx eax, ax
mov [ebp+lParam.y], eax
lea eax, [ebp+lParam]
push eax ; lpPoint
push [ebp+hWnd] ; hWnd
mov [ebp+lParam.x], ecx
call ds:ScreenToClient ; ScreenToClient
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 1111h ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
mov al, [ebp+var_8]
and al, 66h
neg al
sbb eax, eax
and eax, [ebp+var_4]
leave
retn 4
sub_404961 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4049AD(HWND hWnd,UINT Msg,WPARAM wParam,int)
sub_4049AD proc near ; DATA XREF: sub_404A94+89�o
lParam = dword ptr -28h
var_24 = dword ptr -24h
var_4 = dword ptr -4
hWnd = dword ptr 8
Msg = dword ptr 0Ch
wParam = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
cmp [ebp+Msg], 102h
push esi
push edi
jnz short loc_4049D9
cmp [ebp+wParam], 20h
jnz loc_404A75
push 413h ; Msg
call sub_404024
xor eax, eax
jmp loc_404A8E
; ---------------------------------------------------------------------------
loc_4049D9: ; CODE XREF: sub_4049AD+F�j
or edi, 0FFFFFFFFh
cmp [ebp+Msg], 2
jnz short loc_4049E8
mov dword_40A03C, edi
loc_4049E8: ; CODE XREF: sub_4049AD+33�j
cmp [ebp+Msg], 200h
mov esi, 419h
jnz short loc_404A35
push [ebp+hWnd] ; hWnd
call ds:IsWindowVisible ; IsWindowVisible
test eax, eax
jz short loc_404A75
push [ebp+hWnd] ; hWnd
call sub_404961
test eax, eax
mov [ebp+var_24], eax
jz short loc_404A30
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push 110Ch ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+lParam], 4
call ds:SendMessageA ; SendMessageA
mov edi, [ebp+var_4]
loc_404A30: ; CODE XREF: sub_4049AD+63�j
mov [ebp+Msg], esi
jmp short loc_404A38
; ---------------------------------------------------------------------------
loc_404A35: ; CODE XREF: sub_4049AD+47�j
mov edi, [ebp+arg_C]
loc_404A38: ; CODE XREF: sub_4049AD+86�j
cmp [ebp+Msg], esi
jnz short loc_404A78
cmp dword_40A03C, edi
jz short loc_404A78
push ebx
mov esi, offset dword_427000
push esi ; lpString2
mov ebx, offset byte_4219D8
push ebx ; lpString1
mov dword_40A03C, edi
call lstrcpyA ; lstrcpyA
push edi ; int
push esi ; LPSTR
call sub_405F5B
push 6
call sub_4014C9
push ebx ; lpString2
push esi ; lpString1
call lstrcpyA ; lstrcpyA
pop ebx
jmp short loc_404A78
; ---------------------------------------------------------------------------
loc_404A75: ; CODE XREF: sub_4049AD+15�j
; sub_4049AD+54�j
mov edi, [ebp+arg_C]
loc_404A78: ; CODE XREF: sub_4049AD+8E�j
; sub_4049AD+96�j ...
push edi ; lParam
push [ebp+wParam] ; wParam
push [ebp+Msg] ; Msg
push [ebp+hWnd] ; hWnd
push lpPrevWndFunc ; lpPrevWndFunc
call ds:CallWindowProcA ; CallWindowProcA
loc_404A8E: ; CODE XREF: sub_4049AD+27�j
pop edi
pop esi
leave
retn 10h
sub_4049AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_404A94(HWND hDlg,int,HDC hdc,int)
sub_404A94 proc near ; DATA XREF: .data:0040A02C�o
lParam = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
ho = dword ptr -10h
var_C = dword ptr -0Ch
wParam = dword ptr -8
hWnd = dword ptr -4
hDlg = dword ptr 8
arg_4 = dword ptr 0Ch
hdc = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 54h
push ebx
push esi
mov esi, ds:GetDlgItem
push edi
push 3F9h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call esi ; GetDlgItem
push 408h ; nIDDlgItem
push [ebp+hDlg] ; hDlg
mov [ebp+wParam], eax
call esi ; GetDlgItem
mov esi, ds:SendMessageA
mov [ebp+hWnd], eax
mov eax, dword_426408
mov [ebp+var_18], eax
mov eax, dword_4263E8
add eax, 94h
xor ebx, ebx
cmp [ebp+arg_4], 110h
push 10h
mov [ebp+var_1C], eax
pop edi
jnz loc_404D04
mov eax, [ebp+hDlg]
mov dword_42644C, eax
mov eax, dword_42640C
shl eax, 2
push eax ; dwBytes
mov [ebp+var_20], ebx
mov [ebp+var_14], 2
call sub_405DBB
push 6Eh ; lpBitmapName
push hInstance ; hInstance
mov hMem, eax
call ds:LoadBitmapA ; LoadBitmapA
push offset sub_4049AD ; dwNewLong
push 0FFFFFFFCh ; nIndex
push [ebp+hWnd] ; hWnd
mov [ebp+ho], eax
call ds:SetWindowLongA ; SetWindowLongA
push ebx ; cGrow
push 6 ; cInitial
push 21h ; flags
push edi ; cy
push edi ; cx
mov lpPrevWndFunc, eax
call ds:ImageList_Create ; ImageList_Create
push 0FF00FFh ; crMask
push [ebp+ho] ; hbmImage
mov lParam, eax
push eax ; himl
call ds:ImageList_AddMasked ; ImageList_AddMasked
push lParam ; lParam
push 2 ; wParam
push 1109h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push ebx ; lParam
push ebx ; wParam
push 111Ch ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp eax, edi
jge short loc_404B84
push ebx ; lParam
push edi ; wParam
push 111Bh ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404B84: ; CODE XREF: sub_404A94+E2�j
push [ebp+ho] ; ho
call ds:DeleteObject ; DeleteObject
xor edi, edi
loc_404B8F: ; CODE XREF: sub_404A94+130�j
mov eax, [ebp+var_1C]
mov eax, [eax+edi*4]
cmp eax, ebx
jz short loc_404BC0
cmp edi, 20h
jz short loc_404BA1
mov [ebp+var_14], ebx
loc_404BA1: ; CODE XREF: sub_404A94+108�j
push eax ; lpString2
push ebx ; lpString1
call sub_4065B7
push eax ; lParam
push ebx ; wParam
push 143h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
push edi ; lParam
push eax ; wParam
push 151h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
loc_404BC0: ; CODE XREF: sub_404A94+103�j
inc edi
cmp edi, 21h
jl short loc_404B8F
mov eax, [ebp+var_14]
mov edi, [ebp+arg_C]
push dword ptr [edi+eax*4+30h] ; lpString2
push 15h ; int
push [ebp+hDlg] ; hDlg
call sub_403FB4
mov eax, [ebp+var_14]
push dword ptr [edi+eax*4+34h] ; lpString2
push 16h ; int
push [ebp+hDlg] ; hDlg
call sub_403FB4
xor edi, edi
cmp dword_42640C, ebx
mov [ebp+var_C], ebx
jle loc_404CB8
mov eax, [ebp+var_18]
add eax, 8
mov [ebp+ho], eax
mov ebx, 1100h
loc_404C0A: ; CODE XREF: sub_404A94+217�j
mov edx, [ebp+ho]
lea eax, [edx+10h]
cmp byte ptr [eax], 0
jz loc_404C9D
mov ecx, [ebp+var_C]
mov [ebp+var_3C], eax
mov eax, [edx]
push 20h
mov [ebp+lParam], ecx
pop ecx
mov edx, eax
and edx, ecx
test al, 2
mov [ebp+var_50], 0FFFF0002h
mov [ebp+var_4C], 0Dh
mov [ebp+var_40], ecx
mov [ebp+var_28], edi
mov [ebp+var_44], edx
jz short loc_404C6C
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push ebx ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_4C], 4Dh
mov [ebp+var_2C], 1
call esi ; SendMessageA
mov [ebp+var_C], eax
mov [ebp+var_20], 1
jmp short loc_404C94
; ---------------------------------------------------------------------------
loc_404C6C: ; CODE XREF: sub_404A94+1B0�j
mov eax, [ebp+ho]
test byte ptr [eax], 4
jz short loc_404C88
push [ebp+var_C] ; lParam
push 3 ; wParam
push 110Ah ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
mov [ebp+var_C], eax
jmp short loc_404C9D
; ---------------------------------------------------------------------------
loc_404C88: ; CODE XREF: sub_404A94+1DE�j
lea eax, [ebp+lParam]
push eax ; lParam
push 0 ; wParam
push ebx ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404C94: ; CODE XREF: sub_404A94+1D6�j
mov ecx, hMem
mov [ecx+edi*4], eax
loc_404C9D: ; CODE XREF: sub_404A94+17F�j
; sub_404A94+1F2�j
add [ebp+ho], 418h
inc edi
cmp edi, dword_42640C
jl loc_404C0A
xor ebx, ebx
cmp [ebp+var_20], ebx
jnz short loc_404CD2
loc_404CB8: ; CODE XREF: sub_404A94+162�j
push 0FFFFFFF0h ; nIndex
push [ebp+hWnd] ; hWnd
call ds:GetWindowLongA ; GetWindowLongA
and eax, 0FFFFFFFBh
push eax ; dwNewLong
push 0FFFFFFF0h ; nIndex
push [ebp+hWnd] ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
loc_404CD2: ; CODE XREF: sub_404A94+222�j
push ebx ; lParam
push 6 ; wParam
push 115h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp [ebp+var_14], ebx
jnz short loc_404CFC
push 5 ; nCmdShow
push [ebp+wParam] ; hWnd
call ds:ShowWindow ; ShowWindow
push [ebp+wParam] ; wParam
call sub_40400D
jmp loc_40508A
; ---------------------------------------------------------------------------
loc_404CFC: ; CODE XREF: sub_404A94+24E�j
push [ebp+hWnd] ; wParam
call sub_40400D
loc_404D04: ; CODE XREF: sub_404A94+50�j
cmp [ebp+arg_4], 405h
jnz short loc_404D1F
xor edi, edi
inc edi
mov [ebp+hdc], ebx
mov [ebp+arg_C], edi
mov [ebp+arg_4], 40Fh
jmp short loc_404D22
; ---------------------------------------------------------------------------
loc_404D1F: ; CODE XREF: sub_404A94+277�j
mov edi, [ebp+arg_C]
loc_404D22: ; CODE XREF: sub_404A94+289�j
cmp [ebp+arg_4], 4Eh
mov eax, 413h
jz short loc_404D36
cmp [ebp+arg_4], eax
jnz loc_404E34
loc_404D36: ; CODE XREF: sub_404A94+297�j
cmp [ebp+arg_4], eax
jz short loc_404D48
cmp dword ptr [edi+4], 408h
jnz loc_404E34
loc_404D48: ; CODE XREF: sub_404A94+2A5�j
test byte ptr dword_426444+1, 2
jnz loc_404DF2
cmp [ebp+arg_4], eax
jz short loc_404D6E
cmp dword ptr [edi+8], 0FFFFFFFEh
jnz loc_404DF2
push [ebp+hWnd] ; hWnd
call sub_404961
jmp short loc_404D7B
; ---------------------------------------------------------------------------
loc_404D6E: ; CODE XREF: sub_404A94+2C4�j
push ebx ; lParam
push 9 ; wParam
push 110Ah ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404D7B: ; CODE XREF: sub_404A94+2D8�j
cmp eax, ebx
mov [ebp+var_44], eax
jz short loc_404DF2
lea eax, [ebp+var_48]
push eax ; lParam
push ebx ; wParam
push 110Ch ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_48], 4
call esi ; SendMessageA
test eax, eax
jz short loc_404DF2
mov eax, [ebp+var_24]
mov ecx, [ebp+var_18]
imul eax, 418h
lea ecx, [eax+ecx+8]
mov eax, [ecx]
test al, 10h
jnz short loc_404DF2
test al, 40h
jz short loc_404DC9
xor eax, 80h
test al, al
jns short loc_404DC4
or eax, 1
jmp short loc_404DCC
; ---------------------------------------------------------------------------
loc_404DC4: ; CODE XREF: sub_404A94+329�j
and eax, 0FFFFFFFEh
jmp short loc_404DCC
; ---------------------------------------------------------------------------
loc_404DC9: ; CODE XREF: sub_404A94+320�j
xor eax, 1
loc_404DCC: ; CODE XREF: sub_404A94+32E�j
; sub_404A94+333�j
mov [ecx], eax
push [ebp+var_24]
call sub_40117D
mov eax, dword_426444
xor ecx, ecx
shr eax, 8
inc ecx
not eax
and eax, ecx
mov [ebp+hdc], ecx
mov [ebp+arg_C], eax
mov [ebp+arg_4], 40Fh
loc_404DF2: ; CODE XREF: sub_404A94+2BB�j
; sub_404A94+2CA�j ...
cmp edi, ebx
jz short loc_404E34
cmp dword ptr [edi+8], 0FFFFFE6Eh
jnz short loc_404E0D
push dword ptr [edi+5Ch] ; lParam
push ebx ; wParam
push 419h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404E0D: ; CODE XREF: sub_404A94+369�j
cmp dword ptr [edi+8], 0FFFFFE6Ah
jnz short loc_404E34
mov eax, [edi+5Ch]
mov ecx, [ebp+var_18]
imul eax, 418h
cmp dword ptr [edi+0Ch], 2
lea eax, [eax+ecx+8]
jnz short loc_404E31
or dword ptr [eax], 20h
jmp short loc_404E34
; ---------------------------------------------------------------------------
loc_404E31: ; CODE XREF: sub_404A94+396�j
and dword ptr [eax], 0FFFFFFDFh
loc_404E34: ; CODE XREF: sub_404A94+29C�j
; sub_404A94+2AE�j ...
cmp [ebp+arg_4], 111h
jnz short loc_404EAF
cmp word ptr [ebp+hdc], 3F9h
jnz loc_40508A
mov eax, [ebp+hdc]
shr eax, 10h
cmp ax, 1
jnz loc_40508A
push ebx ; lParam
push ebx ; wParam
push 147h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
cmp eax, 0FFFFFFFFh
jz loc_40508A
push ebx ; lParam
push eax ; wParam
push 150h ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_404E89
mov eax, [ebp+var_1C]
cmp [eax+edi*4], ebx
jnz short loc_404E8C
loc_404E89: ; CODE XREF: sub_404A94+3EB�j
push 20h
pop edi
loc_404E8C: ; CODE XREF: sub_404A94+3F3�j
push edi
call sub_4012A8
push edi ; lParam
push ebx ; wParam
push 420h ; Msg
push [ebp+hDlg] ; hWnd
call esi ; SendMessageA
mov [ebp+hdc], 1
mov [ebp+arg_C], ebx
mov [ebp+arg_4], 40Fh
loc_404EAF: ; CODE XREF: sub_404A94+3A7�j
cmp [ebp+arg_4], 200h
jnz short loc_404EC4
push ebx ; lParam
push ebx ; wParam
push 200h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_404EC4: ; CODE XREF: sub_404A94+422�j
cmp [ebp+arg_4], 40Bh
jnz short loc_404EFF
mov eax, lParam
cmp eax, ebx
jz short loc_404EDD
push eax ; himl
call ds:ImageList_Destroy ; ImageList_Destroy
loc_404EDD: ; CODE XREF: sub_404A94+440�j
mov eax, hMem
cmp eax, ebx
jz short loc_404EED
push eax ; hMem
call ds:GlobalFree ; GlobalFree
loc_404EED: ; CODE XREF: sub_404A94+450�j
mov lParam, ebx
mov hMem, ebx
mov dword_42644C, ebx
loc_404EFF: ; CODE XREF: sub_404A94+437�j
cmp [ebp+arg_4], 40Fh
jnz loc_40504C
call sub_40129E
cmp [ebp+hdc], ebx
jz short loc_404F1D
push 8
call sub_4014C9
loc_404F1D: ; CODE XREF: sub_404A94+480�j
cmp [ebp+arg_C], ebx
jz short loc_404F61
push hMem
call sub_4012F3
mov edi, eax
push edi
call sub_4012A8
xor eax, eax
xor ecx, ecx
cmp edi, ebx
jle short loc_404F4B
loc_404F3D: ; CODE XREF: sub_404A94+4B5�j
mov edx, [ebp+var_1C]
cmp [edx+eax*4], ebx
jz short loc_404F46
inc ecx
loc_404F46: ; CODE XREF: sub_404A94+4AF�j
inc eax
cmp eax, edi
jl short loc_404F3D
loc_404F4B: ; CODE XREF: sub_404A94+4A7�j
push ebx ; lParam
push ecx ; wParam
push 14Eh ; Msg
push [ebp+wParam] ; hWnd
call esi ; SendMessageA
mov [ebp+arg_C], edi
mov [ebp+arg_4], 420h
loc_404F61: ; CODE XREF: sub_404A94+48C�j
call sub_40129E
cmp dword_42640C, ebx
mov eax, hMem
mov edi, dword_426408
mov [ebp+var_20], eax
mov [ebp+var_3C], 0F030h
mov [ebp+var_14], ebx
jle loc_40502F
add edi, 8
loc_404F8D: ; CODE XREF: sub_404A94+595�j
mov eax, [ebp+var_20]
mov ecx, [ebp+var_14]
mov eax, [eax+ecx*4]
cmp eax, ebx
jz short loc_405017
mov edx, [edi]
push 8
mov [ebp+var_44], eax
pop eax
mov ecx, edx
and ecx, eax
mov [ebp+var_18], edx
and [ebp+var_18], 20h
shl ecx, 1
or ecx, [ebp+var_18]
test dh, 1
mov [ebp+var_48], eax
mov [ebp+var_40], ecx
jz short loc_404FD1
lea eax, [edi+10h]
mov [ebp+var_48], 9
mov [ebp+var_38], eax
and byte ptr [edi+1], 0FEh
mov ecx, [ebp+var_40]
loc_404FD1: ; CODE XREF: sub_404A94+527�j
test dl, 40h
jz short loc_404FDB
push 3
pop eax
jmp short loc_404FE9
; ---------------------------------------------------------------------------
loc_404FDB: ; CODE XREF: sub_404A94+540�j
mov eax, edx
and eax, 1
inc eax
test dl, 10h
jz short loc_404FE9
add eax, 3
loc_404FE9: ; CODE XREF: sub_404A94+545�j
; sub_404A94+550�j
push [ebp+var_44] ; lParam
shl eax, 0Ch
or ecx, eax
xor eax, eax
cmp [ebp+var_18], ebx
mov [ebp+var_40], ecx
setnz al
inc eax
push eax ; wParam
push 1102h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
lea eax, [ebp+var_48]
push eax ; lParam
push ebx ; wParam
push 110Dh ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_405017: ; CODE XREF: sub_404A94+504�j
inc [ebp+var_14]
mov eax, [ebp+var_14]
add edi, 418h
cmp eax, dword_42640C
jl loc_404F8D
loc_40502F: ; CODE XREF: sub_404A94+4F0�j
mov eax, dword_425BC8
cmp [eax+10h], ebx
jz short loc_40504C
push 5
call sub_40460F
push 0FFFFFFFBh ; lpString2
push 3FFh ; nIDDlgItem
call sub_404578
loc_40504C: ; CODE XREF: sub_404A94+472�j
; sub_404A94+5A3�j
cmp [ebp+arg_4], 420h
jnz short loc_40508A
test byte ptr dword_426444+1, 1
jz short loc_40508A
mov esi, ds:ShowWindow
xor eax, eax
cmp [ebp+arg_C], 20h
setz al
shl eax, 3
mov edi, eax
push edi ; nCmdShow
push [ebp+hWnd] ; hWnd
call esi ; ShowWindow
push edi ; nCmdShow
push 3FEh ; nIDDlgItem
push [ebp+hDlg] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; hWnd
call esi ; ShowWindow
loc_40508A: ; CODE XREF: sub_404A94+263�j
; sub_404A94+3AF�j ...
push [ebp+arg_C] ; hWnd
mov eax, [ebp+arg_4]
push [ebp+hdc] ; hdc
call sub_40403F
pop edi
pop esi
pop ebx
leave
retn 10h
sub_404A94 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_40509F(int,LPCSTR lpString2)
sub_40509F proc near ; CODE XREF: sub_4014E1+9�p
; sub_401610:loc_40169F�p ...
lParam = dword ptr -30h
wParam = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
hWnd = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, dword_425BAC
push edi
xor edi, edi
cmp eax, edi
mov [ebp+hWnd], eax
jz loc_405172
push ebx
mov ebx, dword_40A040
mov [ebp+var_4], ebx
and [ebp+var_4], 1
push esi
mov esi, offset byte_4211D8
jnz short loc_4050D7
push [ebp+arg_0] ; lpString2
push esi ; lpString1
call sub_4065B7
loc_4050D7: ; CODE XREF: sub_40509F+2D�j
push esi ; lpString
call lstrlenA ; lstrlenA
cmp [ebp+lpString2], edi
mov [ebp+arg_0], eax
jz short loc_405101
push [ebp+lpString2] ; lpString
call lstrlenA ; lstrlenA
add eax, [ebp+arg_0]
cmp eax, 800h
jnb short loc_405170
push [ebp+lpString2] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
loc_405101: ; CODE XREF: sub_40509F+44�j
test bl, 4
jz short loc_405113
push esi ; lpString
push dword_425BB8 ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
loc_405113: ; CODE XREF: sub_40509F+65�j
test bl, 2
jz short loc_405161
push edi ; lParam
push edi ; wParam
push 1004h ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_1C], esi
mov esi, ds:SendMessageA
mov [ebp+lParam], 1
call esi ; SendMessageA
sub eax, [ebp+var_4]
not ebx
mov [ebp+wParam], eax
lea eax, [ebp+lParam]
push eax ; lParam
push edi ; wParam
and ebx, 1
or ebx, 1006h
push ebx ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_28], edi
call esi ; SendMessageA
push edi ; lParam
push [ebp+wParam] ; wParam
push 1013h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_405161: ; CODE XREF: sub_40509F+77�j
cmp [ebp+var_4], edi
jz short loc_405170
mov eax, [ebp+arg_0]
mov byte_4211D8[eax], 0
loc_405170: ; CODE XREF: sub_40509F+56�j
; sub_40509F+C5�j
pop esi
pop ebx
loc_405172: ; CODE XREF: sub_40509F+13�j
pop edi
leave
retn 8
sub_40509F endp
; =============== S U B R O U T I N E =======================================
; DWORD __stdcall StartAddress(LPVOID)
StartAddress proc near ; CODE XREF: sub_405A5A+24B�p
; DATA XREF: sub_405202+1D9�o
hWnd = dword ptr 4
push esi
mov esi, dword_426408
push edi
mov edi, dword_42640C
push 0 ; pvReserved
call ds:OleInitialize
or dword_426490, eax
test edi, edi
jz short loc_4051E8
add esi, 18h
loc_40519A: ; CODE XREF: StartAddress+67�j
dec edi
test byte ptr [esi-10h], 1
jnz short loc_4051B9
test byte ptr dword_426444+1, 4
jnz short loc_4051B9
push esi ; arglist
push offset aSkippingSectio ; "Skipping section: \"%s\""
call sub_40614C
pop ecx
pop ecx
jmp short loc_4051D6
; ---------------------------------------------------------------------------
loc_4051B9: ; CODE XREF: StartAddress+28�j
; StartAddress+31�j
push esi ; arglist
push offset aSectionS ; "Section: \"%s\""
call sub_40614C
pop ecx
pop ecx
push [esp+8+hWnd] ; hWnd
push dword ptr [esi-0Ch] ; int
call sub_4013E7
test eax, eax
jnz short loc_4051E2
loc_4051D6: ; CODE XREF: StartAddress+40�j
add esi, 418h
test edi, edi
jnz short loc_40519A
jmp short loc_4051E8
; ---------------------------------------------------------------------------
loc_4051E2: ; CODE XREF: StartAddress+5D�j
inc dword_42646C
loc_4051E8: ; CODE XREF: StartAddress+1E�j
; StartAddress+69�j
push 404h ; Msg
call sub_404024
call ds:OleUninitialize
mov eax, dword_42646C
pop edi
pop esi
retn 4
StartAddress endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405202(HWND ThreadId,HGLOBAL hMem,HDC hdc,int)
sub_405202 proc near ; DATA XREF: .data:0040A034�o
var_3C = byte ptr -3Ch
lParam = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
x = tagRECT ptr -14h
hWnd = dword ptr -4
ThreadId = dword ptr 8
hMem = dword ptr 0Ch
hdc = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
mov esi, dword_425BAC
xor ebx, ebx
cmp [ebp+hMem], 110h
push edi
mov [ebp+hWnd], esi
jnz loc_4053BE
or [ebp+var_2C], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
mov [ebp+lParam], 2
mov [ebp+var_30], ebx
mov [ebp+var_28], ebx
mov [ebp+var_24], ebx
xor eax, eax
lea edi, [ebp+var_1C]
stosd
stosd
mov eax, dword_4263E8
mov ecx, [eax+5Ch]
mov eax, [eax+60h]
mov edi, ds:GetDlgItem
push 403h ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
mov [ebp+hMem], ecx
mov [ebp+hdc], eax
call edi ; GetDlgItem
push 3EEh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
mov hWnd, eax
call edi ; GetDlgItem
push 3F8h ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
mov dword_425BB8, eax
call edi ; GetDlgItem
push hWnd ; wParam
mov dword_425BAC, eax
mov [ebp+hWnd], eax
call sub_40400D
push 4
call sub_40460F
push offset byte_42C400
push 0FFFFFFFDh ; lpString2
push ebx ; lpString1
mov dword_425BC4, eax
mov nNumber, ebx
call sub_4065B7
push eax ; arglist
push offset aNewInstallOfST ; "New install of \"%s\" to \"%s\""
call sub_40614C
add esp, 0Ch
lea eax, [ebp+x]
push eax ; lpRect
push [ebp+hWnd] ; hWnd
call ds:GetClientRect ; GetClientRect
push 15h ; nIndex
call ds:GetSystemMetrics ; GetSystemMetrics
mov ecx, [ebp+x.right]
mov esi, ds:SendMessageA
sub ecx, eax
lea eax, [ebp+lParam]
push eax ; lParam
push ebx ; wParam
push 101Bh ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_2C], ecx
call esi ; SendMessageA
mov eax, 4000h
push eax ; lParam
push eax ; wParam
push 1036h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
cmp [ebp+hMem], ebx
jl short loc_405325
push [ebp+hMem] ; lParam
push ebx ; wParam
push 1001h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
push [ebp+hMem] ; lParam
push ebx ; wParam
push 1026h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_405325: ; CODE XREF: sub_405202+105�j
cmp [ebp+hdc], ebx
jl short loc_405338
push [ebp+hdc] ; lParam
push ebx ; wParam
push 1024h ; Msg
push [ebp+hWnd] ; hWnd
call esi ; SendMessageA
loc_405338: ; CODE XREF: sub_405202+126�j
mov eax, [ebp+arg_C]
push dword ptr [eax+30h] ; lpString2
push 1Bh ; int
push [ebp+ThreadId] ; hDlg
call sub_403FB4
test byte ptr dword_426444, 3
jz short loc_40537A
push ebx ; nCmdShow
push hWnd ; hWnd
call ds:ShowWindow ; ShowWindow
test byte ptr dword_426444, 2
jnz short loc_405374
push 8 ; nCmdShow
push [ebp+hWnd] ; hWnd
call ds:ShowWindow ; ShowWindow
jmp short loc_40537A
; ---------------------------------------------------------------------------
loc_405374: ; CODE XREF: sub_405202+163�j
mov hWnd, ebx
loc_40537A: ; CODE XREF: sub_405202+14D�j
; sub_405202+170�j
push 3ECh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
call edi ; GetDlgItem
push 75300000h ; lParam
push ebx ; wParam
mov edi, eax
push 401h ; Msg
push edi ; hWnd
call esi ; SendMessageA
test byte ptr dword_426444, 4
jz loc_405590
push [ebp+hdc] ; lParam
push ebx ; wParam
push 409h ; Msg
push edi ; hWnd
call esi ; SendMessageA
push [ebp+hMem] ; lParam
push ebx ; wParam
push 2001h ; Msg
push edi ; hWnd
call esi ; SendMessageA
jmp loc_405590
; ---------------------------------------------------------------------------
loc_4053BE: ; CODE XREF: sub_405202+1B�j
cmp [ebp+hMem], 405h
jnz short loc_4053EF
lea eax, [ebp+ThreadId]
push eax ; lpThreadId
push ebx ; dwCreationFlags
push 3ECh ; nIDDlgItem
push [ebp+ThreadId] ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; lpParameter
push offset StartAddress ; lpStartAddress
push ebx ; dwStackSize
push ebx ; lpThreadAttributes
call ds:CreateThread ; CreateThread
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_4053EF: ; CODE XREF: sub_405202+1C3�j
cmp [ebp+hMem], 111h
mov edi, ds:ShowWindow
jnz short loc_405419
cmp word ptr [ebp+hdc], 403h
jnz short loc_40543B
push ebx ; nCmdShow
push hWnd ; hWnd
call edi ; ShowWindow
push 8 ; nCmdShow
push esi ; hWnd
call edi ; ShowWindow
call sub_403FD6
loc_405419: ; CODE XREF: sub_405202+1FA�j
cmp [ebp+hMem], 404h
jnz short loc_405477
cmp dword_425BB4, ebx
jz short loc_405450
push 78h ; wParam
mov nResult, 2
call sub_403F8D
loc_40543B: ; CODE XREF: sub_405202+202�j
; sub_405202+279�j ...
push [ebp+arg_C] ; hWnd
mov eax, [ebp+hMem]
push [ebp+hdc] ; hdc
call sub_40403F
loc_405449: ; CODE XREF: sub_405202+390�j
pop edi
pop esi
pop ebx
leave
retn 10h
; ---------------------------------------------------------------------------
loc_405450: ; CODE XREF: sub_405202+226�j
push 8 ; nCmdShow
push dword_4263E0 ; hWnd
call edi ; ShowWindow
cmp dword_42646C, ebx
jnz short loc_405470
mov eax, dword_4229DC
push ebx ; lpString2
push dword ptr [eax+34h] ; int
call sub_40509F
loc_405470: ; CODE XREF: sub_405202+25E�j
push 1 ; wParam
call sub_403F8D
loc_405477: ; CODE XREF: sub_405202+21E�j
cmp [ebp+hMem], 7Bh
jnz short loc_40543B
cmp [ebp+hdc], esi
jnz short loc_40543B
push ebx ; lParam
push ebx ; wParam
push 1004h ; Msg
push esi ; hWnd
call ds:SendMessageA ; SendMessageA
cmp eax, ebx
mov [ebp+ThreadId], eax
jle loc_405590
call ds:CreatePopupMenu ; CreatePopupMenu
push 0FFFFFFE1h ; lpString2
push ebx ; lpString1
mov edi, eax
call sub_4065B7
push eax ; lpNewItem
push 1 ; uIDNewItem
push ebx ; uFlags
push edi ; hMenu
call ds:AppendMenuA ; AppendMenuA
mov eax, [ebp+arg_C]
cmp eax, 0FFFFFFFFh
jnz short loc_4054D1
lea eax, [ebp+x]
push eax ; lpRect
push esi ; hWnd
call ds:GetWindowRect ; GetWindowRect
mov ecx, [ebp+x.left]
mov eax, [ebp+x.top]
jmp short loc_4054DA
; ---------------------------------------------------------------------------
loc_4054D1: ; CODE XREF: sub_405202+2BA�j
movsx ecx, ax
shr eax, 10h
movsx eax, ax
loc_4054DA: ; CODE XREF: sub_405202+2CD�j
push ebx ; prcRect
push esi ; hWnd
push ebx ; nReserved
push eax ; y
push ecx ; x
push 180h ; uFlags
push edi ; hMenu
call ds:TrackPopupMenu ; TrackPopupMenu
xor edi, edi
inc edi
cmp eax, edi
jnz loc_405590
mov esi, [ebp+ThreadId]
mov [ebp+lParam], ebx
mov [ebp+var_28], offset byte_4219D8
mov [ebp+var_24], 0FFFh
loc_40550A: ; CODE XREF: sub_405202+322�j
lea eax, [ebp+var_3C]
push eax ; lParam
dec esi
push esi ; wParam
push 102Dh ; Msg
push [ebp+hWnd] ; hWnd
call ds:SendMessageA ; SendMessageA
cmp esi, ebx
lea edi, [edi+eax+2]
jnz short loc_40550A
push ebx ; hWndNewOwner
call ds:OpenClipboard ; OpenClipboard
call ds:EmptyClipboard ; EmptyClipboard
push edi ; dwBytes
push 42h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
push eax ; hMem
mov [ebp+hMem], eax
call ds:GlobalLock ; GlobalLock
mov esi, eax
loc_405548: ; CODE XREF: sub_405202+372�j
lea eax, [ebp+var_3C]
push eax ; lParam
push ebx ; wParam
push 102Dh ; Msg
push [ebp+hWnd] ; hWnd
mov [ebp+var_28], esi
mov [ebp+var_24], edi
call ds:SendMessageA ; SendMessageA
push esi ; lpString
call lstrlenA ; lstrlenA
add esi, eax
mov word ptr [esi], 0A0Dh
inc esi
inc esi
inc ebx
cmp ebx, [ebp+ThreadId]
jl short loc_405548
push [ebp+hMem] ; hMem
call ds:GlobalUnlock ; GlobalUnlock
push [ebp+hMem] ; hMem
push 1 ; uFormat
call ds:SetClipboardData ; SetClipboardData
call ds:CloseClipboard ; CloseClipboard
loc_405590: ; CODE XREF: sub_405202+199�j
; sub_405202+1B7�j ...
xor eax, eax
jmp loc_405449
sub_405202 endp
; =============== S U B R O U T I N E =======================================
; INT_PTR __stdcall sub_405597(HWND,UINT,WPARAM,LPARAM)
sub_405597 proc near ; DATA XREF: sub_405A5A+224�o
Point = tagRECT ptr -10h
hDlg = dword ptr 4
arg_4 = dword ptr 8
hdc = dword ptr 0Ch
hWnd = dword ptr 10h
sub esp, 10h
push ebx
push ebp
mov ebp, [esp+18h+arg_4]
mov ecx, 110h
cmp ebp, ecx
push esi
push edi
jz loc_405723
cmp ebp, 408h
jz loc_405723
cmp ebp, 47h
mov ebx, [esp+20h+hDlg]
jnz short loc_4055D9
push 13h ; uFlags
xor eax, eax
push eax ; cy
push eax ; cx
push eax ; Y
push eax ; X
push ebx ; hWndInsertAfter
push dword_4211D4 ; hWnd
call ds:SetWindowPos ; SetWindowPos
loc_4055D9: ; CODE XREF: sub_405597+2B�j
cmp ebp, 5
jnz short loc_4055F6
mov eax, [esp+20h+hdc]
dec eax
neg eax
sbb eax, eax
and eax, ebp
push eax ; nCmdShow
push dword_4211D4 ; hWnd
call ds:ShowWindow ; ShowWindow
loc_4055F6: ; CODE XREF: sub_405597+45�j
cmp ebp, 40Dh
jnz short loc_405618
push dword_425BA8 ; hWnd
call ds:DestroyWindow ; DestroyWindow
mov eax, [esp+20h+hdc]
mov dword_425BA8, eax
jmp loc_405A29
; ---------------------------------------------------------------------------
loc_405618: ; CODE XREF: sub_405597+65�j
cmp ebp, 11h
jnz short loc_405630
push 0 ; dwNewLong
push 0 ; nIndex
push ebx ; hWnd
call ds:SetWindowLongA ; SetWindowLongA
xor eax, eax
inc eax
jmp loc_405A50
; ---------------------------------------------------------------------------
loc_405630: ; CODE XREF: sub_405597+84�j
cmp ebp, 10h
jnz short loc_405668
mov eax, dword_426404
dec eax
cmp dword_40A024, eax
jnz loc_40570F
push dword_4211C8 ; hWnd
call ds:IsWindowEnabled ; IsWindowEnabled
test eax, eax
jnz loc_40570F
mov ebp, 111h
mov [esp+20h+hdc], 1
loc_405668: ; CODE XREF: sub_405597+9C�j
cmp ebp, 111h
jnz loc_40570F
movzx esi, word ptr [esp+20h+hdc]
push esi ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
mov ebx, ds:SendMessageA
mov edi, eax
test edi, edi
jz short loc_4056A8
push 0 ; lParam
push 0 ; wParam
push 0F3h ; Msg
push edi ; hWnd
call ebx ; SendMessageA
push edi ; hWnd
call ds:IsWindowEnabled ; IsWindowEnabled
test eax, eax
jz loc_405A4E
loc_4056A8: ; CODE XREF: sub_405597+F4�j
xor edi, edi
inc edi
cmp esi, edi
jnz short loc_4056B2
push edi
jmp short loc_4056F3
; ---------------------------------------------------------------------------
loc_4056B2: ; CODE XREF: sub_405597+116�j
cmp esi, 3
jnz short loc_4056C4
cmp dword_40A024, 0
jle short loc_4056FA
push 0FFFFFFFFh
jmp short loc_4056F3
; ---------------------------------------------------------------------------
loc_4056C4: ; CODE XREF: sub_405597+11E�j
cmp esi, 2
jnz short loc_4056FA
cmp dword_42646C, 0
jz short loc_4056E0
push esi
call sub_4014C9
mov nResult, esi
jmp short loc_4056F1
; ---------------------------------------------------------------------------
loc_4056E0: ; CODE XREF: sub_405597+139�j
push 3
call sub_4014C9
test eax, eax
jnz short loc_40570F
mov nResult, edi
loc_4056F1: ; CODE XREF: sub_405597+147�j
push 78h ; wParam
loc_4056F3: ; CODE XREF: sub_405597+119�j
; sub_405597+12B�j
call sub_403F8D
jmp short loc_40570F
; ---------------------------------------------------------------------------
loc_4056FA: ; CODE XREF: sub_405597+127�j
; sub_405597+130�j
push [esp+20h+hWnd] ; lParam
push [esp+24h+hdc] ; wParam
push 111h ; Msg
push dword_425BA8 ; hWnd
call ebx ; SendMessageA
loc_40570F: ; CODE XREF: sub_405597+AA�j
; sub_405597+BE�j ...
push [esp+20h+hWnd] ; hWnd
mov eax, ebp
push [esp+24h+hdc] ; hdc
call sub_40403F
jmp loc_405A50
; ---------------------------------------------------------------------------
loc_405723: ; CODE XREF: sub_405597+12�j
; sub_405597+1E�j
cmp ebp, ecx
mov eax, [esp+20h+hdc]
mov ebx, [esp+20h+hDlg]
mov dword_420DBC, eax
jnz short loc_405781
mov esi, ds:GetDlgItem
push 1 ; nIDDlgItem
push ebx ; hDlg
mov dword_4263E0, ebx
call esi ; GetDlgItem
push 2 ; nIDDlgItem
push ebx ; hDlg
mov dword_4229D8, eax
call esi ; GetDlgItem
push 0FFFFFFFFh ; lpString2
push 1Ch ; int
push ebx ; hDlg
mov dword_4211C8, eax
call sub_403FB4
push dwNewLong ; dwNewLong
push 0FFFFFFF2h ; nIndex
push ebx ; hWnd
call ds:SetClassLongA ; SetClassLongA
push 4
call sub_4014C9
mov dword_425BB4, eax
xor eax, eax
inc eax
mov dword_420DBC, eax
loc_405781: ; CODE XREF: sub_405597+19B�j
mov ecx, dword_40A024
mov esi, ecx
shl esi, 6
add esi, dword_426400
xor edi, edi
cmp ecx, edi
jl short loc_4057D6
cmp eax, 1
jnz short loc_4057CE
push edi ; hWnd
push dword ptr [esi+10h] ; int
call sub_4013E7
test eax, eax
jz short loc_4057CE
push 1 ; lParam
push edi ; wParam
push 40Fh ; Msg
push dword_425BA8 ; hWnd
call ds:SendMessageA ; SendMessageA
xor eax, eax
cmp dword_425BB4, edi
setz al
jmp loc_405A50
; ---------------------------------------------------------------------------
loc_4057CE: ; CODE XREF: sub_405597+204�j
; sub_405597+211�j
cmp [esi], edi
jz loc_405A4E
loc_4057D6: ; CODE XREF: sub_405597+1FF�j
push 40Bh ; Msg
call sub_404024
loc_4057E0: ; CODE XREF: sub_405597+386�j
; sub_405597+38E�j ...
mov eax, dword_420DBC
add dword_40A024, eax
shl eax, 6
add esi, eax
mov eax, dword_40A024
cmp eax, dword_426404
jnz short loc_405804
push 1
call sub_4014C9
loc_405804: ; CODE XREF: sub_405597+264�j
cmp dword_425BB4, 0
jnz loc_405A09
mov eax, dword_426404
cmp dword_40A024, eax
jnb loc_405A09
push dword ptr [esi+24h] ; lpString2
mov edi, [esi+14h]
push offset dword_42E000 ; lpString1
call sub_4065B7
push dword ptr [esi+20h] ; lpString2
push 0FFFFFC19h ; int
push ebx ; hDlg
call sub_403FB4
push dword ptr [esi+1Ch] ; lpString2
push 0FFFFFC1Bh ; int
push ebx ; hDlg
call sub_403FB4
push dword ptr [esi+28h] ; lpString2
push 0FFFFFC1Ah ; int
push ebx ; hDlg
call sub_403FB4
push 3 ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
cmp dword_42646C, 0
mov ebp, eax
jz short loc_405879
and edi, 0FFFFFEFDh
or edi, 4
loc_405879: ; CODE XREF: sub_405597+2D7�j
mov eax, edi
and eax, 8
push eax ; nCmdShow
push ebp ; hWnd
call ds:ShowWindow ; ShowWindow
mov eax, edi
and eax, 100h
push eax ; bEnable
push ebp ; hWnd
call ds:EnableWindow ; EnableWindow
mov eax, edi
and eax, 2
push eax ; bEnable
call sub_403FFA
and edi, 4
push edi ; bEnable
push dword_4211C8 ; hWnd
call ds:EnableWindow ; EnableWindow
push 1 ; lParam
xor edi, edi
push edi ; wParam
push 0F4h ; Msg
push ebp ; hWnd
mov ebp, ds:SendMessageA
call ebp ; SendMessageA
cmp dword_42646C, edi
jz short loc_4058DE
push edi ; lParam
push 2 ; wParam
push 401h ; Msg
push ebx ; hWnd
call ebp ; SendMessageA
push dword_4211C8
jmp short loc_4058E4
; ---------------------------------------------------------------------------
loc_4058DE: ; CODE XREF: sub_405597+332�j
push dword_4229D8 ; wParam
loc_4058E4: ; CODE XREF: sub_405597+345�j
call sub_40400D
push offset Caption ; lpString2
mov ebp, offset byte_4219D8
push ebp ; lpString1
call lstrcpyA ; lstrcpyA
push dword ptr [esi+18h] ; lpString2
push ebp ; lpString
call lstrlenA ; lstrlenA
add eax, ebp
push eax ; lpString1
call sub_4065B7
push ebp ; lpString
push ebx ; hWnd
call ds:SetWindowTextA ; SetWindowTextA
push edi ; hWnd
push dword ptr [esi+8] ; int
call sub_4013E7
test eax, eax
jnz loc_4057E0
cmp [esi], eax
jz loc_4057E0
cmp dword ptr [esi+4], 5
jnz short loc_40594E
cmp dword_42646C, eax
jnz loc_405A4E
cmp dword_426460, eax
jnz loc_4057E0
jmp loc_405A4E
; ---------------------------------------------------------------------------
loc_40594E: ; CODE XREF: sub_405597+398�j
push dword_425BA8 ; hWnd
call ds:DestroyWindow ; DestroyWindow
cmp dword ptr [esi], 0
mov dword_4229DC, esi
jle loc_405A29
mov eax, [esi+4]
push esi ; dwInitParam
push lpDialogFunc[eax*4] ; lpDialogFunc
mov ax, [esi]
add ax, word ptr dword_425BBC
push ebx ; hWndParent
movzx eax, ax
push eax ; lpTemplateName
push hInstance ; hInstance
call ds:CreateDialogParamA ; CreateDialogParamA
test eax, eax
mov dword_425BA8, eax
jz loc_405A29
push dword ptr [esi+2Ch] ; lpString2
push 6 ; int
push eax ; hDlg
call sub_403FB4
lea eax, [esp+20h+Point]
push eax ; lpRect
push 3FAh ; nIDDlgItem
push ebx ; hDlg
call ds:GetDlgItem ; GetDlgItem
push eax ; hWnd
call ds:GetWindowRect ; GetWindowRect
lea eax, [esp+20h+Point]
push eax ; lpPoint
push ebx ; hWnd
call ds:ScreenToClient ; ScreenToClient
push 15h ; uFlags
xor edi, edi
push edi ; cy
push edi ; cx
push [esp+2Ch+Point.top] ; Y
push [esp+30h+Point.left] ; X
push edi ; hWndInsertAfter
push dword_425BA8 ; hWnd
call ds:SetWindowPos ; SetWindowPos
push edi ; hWnd
push dword ptr [esi+0Ch] ; int
call sub_4013E7
push 8 ; nCmdShow
push dword_425BA8 ; hWnd
call ds:ShowWindow ; ShowWindow
push 405h ; Msg
call sub_404024
jmp short loc_405A29
; ---------------------------------------------------------------------------
loc_405A09: ; CODE XREF: sub_405597+274�j
; sub_405597+285�j
push dword_425BA8 ; hWnd
call ds:DestroyWindow ; DestroyWindow
push nResult ; nResult
and dword_4263E0, 0
push ebx ; hDlg
call ds:EndDialog ; EndDialog
loc_405A29: ; CODE XREF: sub_405597+7C�j
; sub_405597+3CC�j ...
cmp dword_4229E8, 0
jnz short loc_405A4E
cmp dword_425BA8, 0
jz short loc_405A4E
push 0Ah ; nCmdShow
push ebx ; hWnd
call ds:ShowWindow ; ShowWindow
mov dword_4229E8, 1
loc_405A4E: ; CODE XREF: sub_405597+10B�j
; sub_405597+239�j ...
xor eax, eax
loc_405A50: ; CODE XREF: sub_405597+94�j
; sub_405597+187�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 10h
sub_405597 endp
; =============== S U B R O U T I N E =======================================
sub_405A5A proc near ; CODE XREF: start+2AA�p
ClassName = byte ptr -14h
pvParam = dword ptr -10h
Y = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
mov eax, dword_426444
sub esp, 14h
push ebx
push ebp
push esi
mov esi, dword_4263E8
and eax, 20h
push edi
mov dword_426460, eax
call sub_40410B
mov ebp, offset byte_42C400
push ebp ; lpString2
call sub_40622D
xor ebx, ebx
test eax, eax
jnz loc_405B0E
mov ecx, [esi+48h]
cmp ecx, ebx
jz short loc_405B0E
mov eax, dword_426418
mov edx, [esi+4Ch]
mov edi, offset byte_424F80
push edi ; lpData
add edx, eax
push edx ; lpValueName
add ecx, eax
push ecx ; phkResult
push dword ptr [esi+44h] ; cbData
call sub_405EF1
mov al, byte_424F80
cmp al, bl
jz short loc_405B0E
cmp al, 22h
jnz short loc_405ACD
push 22h ; char
mov edi, offset sz
push edi ; lpsz
call sub_405DCA
mov [eax], bl
loc_405ACD: ; CODE XREF: sub_405A5A+62�j
push edi ; lpString
call lstrlenA ; lstrlenA
lea eax, [eax+edi-4]
cmp eax, edi
jbe short loc_405B01
push offset a_exe ; ".exe"
push eax ; lpString1
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
jnz short loc_405B01
push edi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_405AFB
test al, 10h
jnz short loc_405B01
loc_405AFB: ; CODE XREF: sub_405A5A+9B�j
push edi ; lpszStart
call sub_406207
loc_405B01: ; CODE XREF: sub_405A5A+7F�j
; sub_405A5A+8F�j ...
push edi ; lpString1
call sub_4061A6
push eax ; lpString2
push ebp ; lpString1
call lstrcpyA ; lstrcpyA
loc_405B0E: ; CODE XREF: sub_405A5A+2E�j
; sub_405A5A+39�j ...
push ebp ; lpString2
call sub_40622D
test eax, eax
jnz short loc_405B24
push dword ptr [esi+118h] ; lpString2
push ebp ; lpString1
call sub_4065B7
loc_405B24: ; CODE XREF: sub_405A5A+BC�j
xor ebp, ebp
inc ebp
test byte ptr dword_426444, 10h
jz short loc_405B43
cmp dword_426440, ebx
jnz short loc_405B43
call sub_4040E9
mov dword_423F78, ebp
loc_405B43: ; CODE XREF: sub_405A5A+D4�j
; sub_405A5A+DC�j
push 8040h ; fuLoad
push ebx ; cy
push ebx ; cx
push ebp ; type
push 67h ; name
push hInstance ; hInst
call ds:LoadImageA ; LoadImageA
mov dwNewLong, eax
cmp dword ptr [esi+50h], 0FFFFFFFFh
mov edi, offset WndClass
jz loc_405BF6
mov ecx, hInstance
mov WndClass.hIcon, eax
lea eax, [esp+24h+ClassName]
push edi ; lpWndClass
mov dword ptr [esp+28h+ClassName], 624E5Fh
mov WndClass.lpfnWndProc, offset sub_401000
mov WndClass.hInstance, ecx
mov WndClass.lpszClassName, eax
call ds:RegisterClassA ; RegisterClassA
test ax, ax
jz loc_405CCC
push ebx ; fWinIni
lea eax, [esp+28h+pvParam]
push eax ; pvParam
push ebx ; uiParam
push 30h ; uiAction
call ds:SystemParametersInfoA ; SystemParametersInfoA
mov eax, [esp+24h+var_4]
sub eax, [esp+24h+Y]
push ebx ; lpParam
push hInstance ; hInstance
push ebx ; hMenu
push ebx ; hWndParent
push eax ; nHeight
mov eax, [esp+38h+var_8]
sub eax, [esp+38h+pvParam]
push eax ; nWidth
push [esp+3Ch+Y] ; Y
lea eax, [esp+40h+ClassName]
push [esp+40h+pvParam] ; X
push 80000000h ; dwStyle
push ebx ; lpWindowName
push eax ; lpClassName
push 80h ; dwExStyle
call ds:CreateWindowExA ; CreateWindowExA
mov dword_4211D4, eax
loc_405BF6: ; CODE XREF: sub_405A5A+10D�j
push ebx
call sub_4014C9
test eax, eax
jz short loc_405C08
loc_405C00: ; CODE XREF: sub_405A5A+25A�j
; sub_405A5A+267�j
push 2
pop eax
jmp loc_405CCE
; ---------------------------------------------------------------------------
loc_405C08: ; CODE XREF: sub_405A5A+1A4�j
call sub_40410B
cmp dword_426480, ebx
jnz loc_405CA4
push 5 ; nCmdShow
push dword_4211D4 ; hWnd
call ds:ShowWindow ; ShowWindow
mov esi, ds:LoadLibraryA
mov ebp, offset LibFileName ; "RichEd20.dll"
push ebp ; lpLibFileName
call esi ; LoadLibraryA
test eax, eax
jnz short loc_405C45
push ebp ; lpLibFileName
mov word ptr LibFileName+6, 3233h
call esi ; LoadLibraryA
loc_405C45: ; CODE XREF: sub_405A5A+1DD�j
mov ebp, ds:GetClassInfoA
push edi ; lpWndClass
mov esi, offset ClassName ; "RichEdit20A"
push esi ; lpClassName
push ebx ; hInstance
call ebp ; GetClassInfoA
test eax, eax
jnz short loc_405C78
push edi ; lpWndClass
push esi ; lpClassName
push ebx ; hInstance
mov byte ptr ClassName+8, bl
call ebp ; GetClassInfoA
push edi ; lpWndClass
mov WndClass.lpszClassName, esi
mov byte ptr ClassName+8, 32h
call ds:RegisterClassA ; RegisterClassA
loc_405C78: ; CODE XREF: sub_405A5A+1FD�j
mov eax, dword_425BBC
push ebx ; dwInitParam
push offset sub_405597 ; lpDialogFunc
add eax, 69h
movzx eax, ax
push ebx ; hWndParent
push eax ; lpTemplateName
push hInstance ; hInstance
call ds:DialogBoxParamA ; DialogBoxParamA
push 5
mov esi, eax
call sub_4014C9
mov eax, esi
jmp short loc_405CCE
; ---------------------------------------------------------------------------
loc_405CA4: ; CODE XREF: sub_405A5A+1B9�j
push ebx ; LPVOID
call StartAddress
test eax, eax
jz short loc_405CC6
cmp dword_425BB4, ebx
jnz loc_405C00
push 2
call sub_4014C9
jmp loc_405C00
; ---------------------------------------------------------------------------
loc_405CC6: ; CODE XREF: sub_405A5A+252�j
push ebp
call sub_4014C9
loc_405CCC: ; CODE XREF: sub_405A5A+149�j
xor eax, eax
loc_405CCE: ; CODE XREF: sub_405A5A+1A9�j
; sub_405A5A+248�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
sub_405A5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405CD6 proc near ; CODE XREF: sub_40463C+166�p
; sub_4065B7+16C�p
ppMalloc = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+ppMalloc]
push eax ; ppMalloc
call ds:SHGetMalloc ; SHGetMalloc
mov eax, [ebp+ppMalloc]
test eax, eax
jz short locret_405CFD
push [ebp+arg_0]
mov ecx, [eax]
push eax
call dword ptr [ecx+14h]
mov eax, [ebp+ppMalloc]
mov ecx, [eax]
push eax
call dword ptr [ecx+8]
locret_405CFD: ; CODE XREF: sub_405CD6+13�j
leave
retn 4
sub_405CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405D01(LPSTR lpCommandLine,LPCSTR lpCurrentDirectory)
sub_405D01 proc near ; CODE XREF: sub_401610+D22�p
; sub_401610+19B8�p ...
hObject = _PROCESS_INFORMATION ptr -10h
lpCommandLine = dword ptr 8
lpCurrentDirectory= dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+lpCurrentDirectory] ; lpFileName
mov StartupInfo.cb, 44h
call ds:GetFileAttributesA ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
jz short loc_405D25
test al, 10h
jnz short loc_405D28
loc_405D25: ; CODE XREF: sub_405D01+1E�j
mov [ebp+lpCurrentDirectory], ecx
loc_405D28: ; CODE XREF: sub_405D01+22�j
lea eax, [ebp+hObject]
push eax ; lpProcessInformation
push offset StartupInfo ; lpStartupInfo
push [ebp+lpCurrentDirectory] ; lpCurrentDirectory
push ecx ; lpEnvironment
push ecx ; dwCreationFlags
push ecx ; bInheritHandles
push ecx ; lpThreadAttributes
push ecx ; lpProcessAttributes
push [ebp+lpCommandLine] ; lpCommandLine
push ecx ; lpApplicationName
call ds:CreateProcessA ; CreateProcessA
test eax, eax
jz short locret_405D53
push [ebp+hObject.hThread] ; hObject
call ds:CloseHandle ; CloseHandle
mov eax, [ebp+hObject.hProcess]
locret_405D53: ; CODE XREF: sub_405D01+44�j
leave
retn 8
sub_405D01 endp
; [00000006 BYTES: COLLAPSED FUNCTION SetDlgItemTextA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405D5D(int nIDDlgItem,LPSTR lpString)
sub_405D5D proc near ; CODE XREF: sub_4041F2+18�p
; sub_40463C+33�p ...
nIDDlgItem = dword ptr 4
lpString = dword ptr 8
push 400h ; cchMax
push [esp+4+lpString] ; lpString
push [esp+8+nIDDlgItem] ; nIDDlgItem
push dword_425BA8 ; hDlg
call ds:GetDlgItemTextA ; GetDlgItemTextA
retn 8
sub_405D5D endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405D79(LPCSTR lpText,int)
sub_405D79 proc near ; CODE XREF: sub_401610+611�p
; sub_401610:loc_401D29�p ...
lpText = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, eax
and ecx, 1FFFFFh
cmp dword_426480, 0
jz short loc_405D93
shr eax, 15h
jnz short locret_405DB8
loc_405D93: ; CODE XREF: sub_405D79+13�j
cmp dword_426488, 0
jz short loc_405DA2
xor ecx, 180000h
loc_405DA2: ; CODE XREF: sub_405D79+21�j
push ecx ; uType
push offset Caption ; lpCaption
push [esp+8+lpText] ; lpText
push dword_4263E0 ; hWnd
call ds:MessageBoxA ; MessageBoxA
locret_405DB8: ; CODE XREF: sub_405D79+18�j
retn 8
sub_405D79 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405DBB(SIZE_T dwBytes)
sub_405DBB proc near ; CODE XREF: sub_401610+4A0�p
; sub_401610+A0E�p ...
dwBytes = dword ptr 4
push [esp+dwBytes] ; dwBytes
push 40h ; uFlags
call ds:GlobalAlloc ; GlobalAlloc
retn 4
sub_405DBB endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405DCA(LPCSTR lpsz,char)
sub_405DCA proc near ; CODE XREF: start+BA�p start+17C�p ...
lpsz = dword ptr 4
arg_4 = byte ptr 8
mov eax, [esp+lpsz]
jmp short loc_405DDD
; ---------------------------------------------------------------------------
loc_405DD0: ; CODE XREF: sub_405DCA+17�j
cmp cl, [esp+arg_4]
jz short locret_405DE3
push eax ; lpsz
call ds:CharNextA ; CharNextA
loc_405DDD: ; CODE XREF: sub_405DCA+4�j
mov cl, [eax]
test cl, cl
jnz short loc_405DD0
locret_405DE3: ; CODE XREF: sub_405DCA+A�j
retn 8
sub_405DCA endp
; =============== S U B R O U T I N E =======================================
sub_405DE6 proc near ; CODE XREF: sub_401610+51C�p
; sub_401610+102F�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
mov al, [ecx]
or al, 20h
cmp word ptr [ecx], 5C5Ch
jz short loc_405E07
cmp al, 61h
jl short loc_405E03
cmp al, 7Ah
jg short loc_405E03
cmp byte ptr [ecx+1], 3Ah
jz short loc_405E07
loc_405E03: ; CODE XREF: sub_405DE6+11�j
; sub_405DE6+15�j
xor eax, eax
jmp short locret_405E0A
; ---------------------------------------------------------------------------
loc_405E07: ; CODE XREF: sub_405DE6+D�j
; sub_405DE6+1B�j
xor eax, eax
inc eax
locret_405E0A: ; CODE XREF: sub_405DE6+1F�j
retn 4
sub_405DE6 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405E0D(LPCSTR lpsz)
sub_405E0D proc near ; CODE XREF: sub_40463C+A4�p
; sub_40463C+1F7�p ...
lpsz = dword ptr 4
push ebx
push esi
mov esi, ds:CharNextA
push edi
mov edi, [esp+0Ch+lpsz]
push edi ; lpsz
call esi ; CharNextA
mov ebx, eax
push ebx ; lpsz
call esi ; CharNextA
cmp byte ptr [edi], 0
jz short loc_405E33
cmp word ptr [ebx], 5C3Ah
jnz short loc_405E33
push eax ; lpsz
call esi ; CharNextA
jmp short loc_405E54
; ---------------------------------------------------------------------------
loc_405E33: ; CODE XREF: sub_405E0D+18�j
; sub_405E0D+1F�j
cmp word ptr [edi], 5C5Ch
jnz short loc_405E52
push 2
pop esi
loc_405E3D: ; CODE XREF: sub_405E0D+41�j
push 5Ch ; char
push eax ; lpsz
dec esi
call sub_405DCA
cmp byte ptr [eax], 0
jz short loc_405E52
inc eax
test esi, esi
jnz short loc_405E3D
jmp short loc_405E54
; ---------------------------------------------------------------------------
loc_405E52: ; CODE XREF: sub_405E0D+2B�j
; sub_405E0D+3C�j
xor eax, eax
loc_405E54: ; CODE XREF: sub_405E0D+24�j
; sub_405E0D+43�j
pop edi
pop esi
pop ebx
retn 4
sub_405E0D endp
; =============== S U B R O U T I N E =======================================
sub_405E5A proc near ; CODE XREF: sub_401610+1901�p
; sub_403756+BE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_8]
test esi, esi
jle short loc_405E76
mov eax, [esp+4+arg_4]
sub eax, ecx
loc_405E6D: ; CODE XREF: sub_405E5A+1A�j
mov dl, [eax+ecx]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_405E6D
loc_405E76: ; CODE XREF: sub_405E5A+B�j
pop esi
retn 0Ch
sub_405E5A endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405E7A(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwCreationDisposition)
sub_405E7A proc near ; CODE XREF: sub_401610+5BB�p
; sub_401610+15B7�p ...
lpFileName = dword ptr 4
dwDesiredAccess = dword ptr 8
dwCreationDisposition= dword ptr 0Ch
push [esp+lpFileName] ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
mov ecx, eax
inc ecx
push 0 ; hTemplateFile
neg ecx
sbb ecx, ecx
and ecx, eax
push ecx ; dwFlagsAndAttributes
push [esp+8+dwCreationDisposition] ; dwCreationDisposition
push 0 ; lpSecurityAttributes
push 1 ; dwShareMode
push [esp+14h+dwDesiredAccess] ; dwDesiredAccess
push [esp+18h+lpFileName] ; lpFileName
call ds:CreateFileA ; CreateFileA
retn 0Ch
sub_405E7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405EA9(const CHAR lpTempFileName,LPCSTR lpPathName)
sub_405EA9 proc near ; CODE XREF: sub_401610+423�p
; sub_403756+1F8�p ...
lpTempFileName = byte ptr 8
lpPathName = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+lpTempFileName]
push edi
push 64h
pop edi
loc_405EB4: ; CODE XREF: sub_405EA9+39�j
dec edi
mov dword ptr [ebp+lpTempFileName], 61736Eh
call ds:GetTickCount ; GetTickCount
push 1Ah
pop ecx
xor edx, edx
div ecx
push esi ; lpTempFileName
push 0 ; uUnique
lea eax, [ebp+lpTempFileName]
push eax ; lpPrefixString
push [ebp+lpPathName] ; lpPathName
add [ebp+0Ah], dl
call ds:GetTempFileNameA ; GetTempFileNameA
test eax, eax
jnz short loc_405EED
test edi, edi
jnz short loc_405EB4
mov byte ptr [esi], 0
loc_405EE7: ; CODE XREF: sub_405EA9+46�j
pop edi
pop esi
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_405EED: ; CODE XREF: sub_405EA9+35�j
mov eax, esi
jmp short loc_405EE7
sub_405EA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_405EF1(HKEY cbData,LPCSTR phkResult,LPCSTR lpValueName,DWORD lpData)
sub_405EF1 proc near ; CODE XREF: sub_405A5A+52�p
; sub_4065B7+D9�p ...
cbData = dword ptr 8
phkResult = dword ptr 0Ch
lpValueName = dword ptr 10h
lpData = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+lpData]
lea eax, [ebp+phkResult]
push eax ; phkResult
push 20019h ; samDesired
xor ebx, ebx
push ebx ; ulOptions
push [ebp+phkResult] ; lpSubKey
mov [esi], bl
push [ebp+cbData] ; hKey
call ds:RegOpenKeyExA ; RegOpenKeyExA
test eax, eax
jnz short loc_405F55
lea eax, [ebp+cbData]
push eax ; lpcbData
push esi ; lpData
lea eax, [ebp+lpData]
push eax ; lpType
push ebx ; lpReserved
push [ebp+lpValueName] ; lpValueName
mov [ebp+cbData], 400h
push [ebp+phkResult] ; hKey
call ds:RegQueryValueExA ; RegQueryValueExA
test eax, eax
jnz short loc_405F44
cmp [ebp+lpData], 1
jz short loc_405F46
cmp [ebp+lpData], 2
jz short loc_405F46
loc_405F44: ; CODE XREF: sub_405EF1+45�j
mov [esi], bl
loc_405F46: ; CODE XREF: sub_405EF1+4B�j
; sub_405EF1+51�j
push [ebp+phkResult] ; hKey
mov [esi+3FFh], bl
call ds:RegCloseKey ; RegCloseKey
loc_405F55: ; CODE XREF: sub_405EF1+24�j
pop esi
pop ebx
pop ebp
retn 10h
sub_405EF1 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_405F5B(LPSTR,int)
sub_405F5B proc near ; CODE XREF: sub_401610+DA3�p
; sub_401610+DE8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push offset aD ; "%d"
push [esp+8+arg_0] ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 0Ch
retn 8
sub_405F5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F74 proc near ; CODE XREF: sub_4013E7+6F�p
; sub_4014F2+10�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
xor edi, edi
cmp byte ptr [ecx], 2Dh
mov [ebp+var_4], 1
mov al, 0Ah
mov bl, 39h
jnz short loc_405F95
inc ecx
or [ebp+var_4], 0FFFFFFFFh
loc_405F95: ; CODE XREF: sub_405F74+1A�j
cmp byte ptr [ecx], 30h
jnz short loc_405FB6
inc ecx
mov dl, [ecx]
cmp dl, 30h
jl short loc_405FAB
cmp dl, 37h
jg short loc_405FAB
mov al, 8
mov bl, 37h
loc_405FAB: ; CODE XREF: sub_405F74+2C�j
; sub_405F74+31�j
and dl, 0DFh
cmp dl, 58h
jnz short loc_405FB6
mov al, 10h
inc ecx
loc_405FB6: ; CODE XREF: sub_405F74+24�j
; sub_405F74+3D�j ...
movsx edx, byte ptr [ecx]
inc ecx
cmp edx, 30h
jl short loc_405FCB
movsx esi, bl
cmp edx, esi
jg short loc_405FCB
sub edx, 30h
jmp short loc_405FE4
; ---------------------------------------------------------------------------
loc_405FCB: ; CODE XREF: sub_405F74+49�j
; sub_405F74+50�j
cmp al, 10h
jnz short loc_405FF0
mov esi, edx
and esi, 0FFFFFFDFh
cmp esi, 41h
jl short loc_405FF0
cmp esi, 46h
jg short loc_405FF0
and edx, 7
add edx, 9
loc_405FE4: ; CODE XREF: sub_405F74+55�j
movsx esi, al
imul esi, edi
add esi, edx
mov edi, esi
jmp short loc_405FB6
; ---------------------------------------------------------------------------
loc_405FF0: ; CODE XREF: sub_405F74+59�j
; sub_405F74+63�j ...
mov eax, [ebp+var_4]
imul eax, edi
pop edi
pop esi
pop ebx
leave
retn 4
sub_405F74 endp
; [00000006 BYTES: COLLAPSED FUNCTION lstrcpyA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION lstrlenA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406009(LPCSTR lpszCurrent)
sub_406009 proc near ; CODE XREF: sub_401508+2F�p
; sub_401610+54C�p ...
lpszCurrent = dword ptr 4
push ebx
push ebp
mov ebp, ds:CharNextA
push esi
mov esi, [esp+0Ch+lpszCurrent]
push edi
jmp short loc_40601E
; ---------------------------------------------------------------------------
loc_406019: ; CODE XREF: sub_406009+18�j
push esi ; lpsz
call ebp ; CharNextA
mov esi, eax
loc_40601E: ; CODE XREF: sub_406009+E�j
cmp byte ptr [esi], 20h
jz short loc_406019
cmp byte ptr [esi], 5Ch
jnz short loc_40603D
cmp byte ptr [esi+1], 5Ch
jnz short loc_40603D
cmp byte ptr [esi+2], 3Fh
jnz short loc_40603D
cmp byte ptr [esi+3], 5Ch
jnz short loc_40603D
add esi, 4
loc_40603D: ; CODE XREF: sub_406009+1D�j
; sub_406009+23�j ...
cmp byte ptr [esi], 0
jz short loc_40604E
push esi
call sub_405DE6
test eax, eax
jz short loc_40604E
inc esi
inc esi
loc_40604E: ; CODE XREF: sub_406009+37�j
; sub_406009+41�j
mov ebx, esi
mov edi, esi
xor eax, eax
jmp short loc_406081
; ---------------------------------------------------------------------------
loc_406056: ; CODE XREF: sub_406009+7C�j
cmp al, 1Fh
jbe short loc_40607C
push eax ; char
push offset a? ; "*?|<>/\":"
call sub_405DCA
cmp byte ptr [eax], 0
jnz short loc_40607C
push esi ; lpsz
call ebp ; CharNextA
sub eax, esi
push eax
push esi
push edi
call sub_405E5A
push edi ; lpsz
call ebp ; CharNextA
mov edi, eax
loc_40607C: ; CODE XREF: sub_406009+4F�j
; sub_406009+5F�j
push esi ; lpsz
call ebp ; CharNextA
mov esi, eax
loc_406081: ; CODE XREF: sub_406009+4B�j
mov al, [esi]
test al, al
jnz short loc_406056
mov [edi], al
loc_406089: ; CODE XREF: sub_406009+99�j
push edi ; lpszCurrent
push ebx ; lpszStart
call ds:CharPrevA ; CharPrevA
mov edi, eax
mov al, [edi]
cmp al, 20h
jz short loc_40609D
cmp al, 5Ch
jnz short loc_4060A4
loc_40609D: ; CODE XREF: sub_406009+8E�j
cmp ebx, edi
mov byte ptr [edi], 0
jb short loc_406089
loc_4060A4: ; CODE XREF: sub_406009+92�j
pop edi
pop esi
pop ebp
mov eax, ebx
pop ebx
retn 4
sub_406009 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4060AD(DWORD NumberOfBytesWritten)
sub_4060AD proc near ; CODE XREF: start+2B5�p sub_40614C+16�p
NumberOfBytesWritten= dword ptr 8
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+NumberOfBytesWritten], ebx
jz short loc_4060D2
mov eax, hObject
cmp eax, 0FFFFFFFFh
jz short loc_4060C9
push eax ; hObject
call ds:CloseHandle ; CloseHandle
loc_4060C9: ; CODE XREF: sub_4060AD+13�j
or hObject, 0FFFFFFFFh
jmp short loc_406147
; ---------------------------------------------------------------------------
loc_4060D2: ; CODE XREF: sub_4060AD+9�j
cmp dword_423F78, ebx
jz short loc_406147
cmp byte_425780, bl
jz short loc_406111
cmp hObject, 0FFFFFFFFh
jnz short loc_40611A
push 4 ; dwCreationDisposition
push 40000000h ; dwDesiredAccess
push offset byte_425780 ; lpFileName
call sub_405E7A
cmp eax, 0FFFFFFFFh
mov hObject, eax
jz short loc_406147
push 2 ; dwMoveMethod
push ebx ; lpDistanceToMoveHigh
push ebx ; lDistanceToMove
push eax ; hFile
call ds:SetFilePointer ; SetFilePointer
loc_406111: ; CODE XREF: sub_4060AD+33�j
cmp hObject, 0FFFFFFFFh
jz short loc_406147
loc_40611A: ; CODE XREF: sub_4060AD+3C�j
push esi
push offset asc_408C40 ; "\r\n"
mov esi, offset String1
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push ebx ; lpOverlapped
lea eax, [ebp+NumberOfBytesWritten]
push eax ; lpNumberOfBytesWritten
push esi ; lpString
call ds:__imp_lstrlenA
push eax ; nNumberOfBytesToWrite
push esi ; lpBuffer
push hObject ; hFile
call ds:WriteFile ; WriteFile
pop esi
loc_406147: ; CODE XREF: sub_4060AD+23�j
; sub_4060AD+2B�j ...
pop ebx
pop ebp
retn 4
sub_4060AD endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40614C(LPCSTR,char arglist)
sub_40614C proc near ; CODE XREF: sub_401610+68�p
; sub_401610+84�p ...
arg_0 = dword ptr 4
arglist = byte ptr 8
lea eax, [esp+arglist]
push eax ; arglist
push [esp+4+arg_0] ; LPCSTR
push offset String1 ; LPSTR
call ds:wvsprintfA ; wvsprintfA
push 0 ; NumberOfBytesWritten
call sub_4060AD
retn
sub_40614C endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406168(LPCSTR lpFileName)
sub_406168 proc near ; CODE XREF: sub_401610+298�p
; sub_401610+34A�p ...
lpFileName = dword ptr 4
push ebx
push esi
mov esi, ds:SetErrorMode
push edi
push 8001h ; uMode
call esi ; SetErrorMode
mov edi, offset FindFileData
push edi ; lpFindFileData
push [esp+10h+lpFileName] ; lpFileName
call ds:FindFirstFileA ; FindFirstFileA
push 0 ; uMode
mov ebx, eax
call esi ; SetErrorMode
cmp ebx, 0FFFFFFFFh
jz short loc_40619E
push ebx ; hFindFile
call ds:FindClose ; FindClose
mov eax, edi
jmp short loc_4061A0
; ---------------------------------------------------------------------------
loc_40619E: ; CODE XREF: sub_406168+29�j
xor eax, eax
loc_4061A0: ; CODE XREF: sub_406168+34�j
pop edi
pop esi
pop ebx
retn 4
sub_406168 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4061A6(LPCSTR lpString1)
sub_4061A6 proc near ; CODE XREF: sub_401610+53F�p
; sub_401610+187B�p ...
lpString1 = dword ptr 4
push esi
mov esi, [esp+4+lpString1]
push esi ; lpString
call ds:__imp_lstrlenA
add eax, esi
push eax ; lpszCurrent
push esi ; lpszStart
call ds:CharPrevA ; CharPrevA
cmp byte ptr [eax], 5Ch
jz short loc_4061CD
push offset SubBlock ; "\\"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
loc_4061CD: ; CODE XREF: sub_4061A6+19�j
mov eax, esi
pop esi
retn 4
sub_4061A6 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4061D3(LPCSTR lpszStart,char)
sub_4061D3 proc near ; CODE XREF: sub_401610+17FB�p
lpszStart = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+lpszStart]
push edi ; lpString
call ds:__imp_lstrlenA
mov esi, ds:CharPrevA
add eax, edi
push eax ; lpszCurrent
push edi ; lpszStart
call esi ; CharPrevA
test edi, edi
jz short loc_406202
loc_4061F0: ; CODE XREF: sub_4061D3+2D�j
cmp eax, edi
jbe short loc_406202
mov cl, [eax]
cmp cl, [esp+8+arg_4]
jz short loc_406202
push eax ; lpszCurrent
push edi ; lpszStart
call esi ; CharPrevA
jmp short loc_4061F0
; ---------------------------------------------------------------------------
loc_406202: ; CODE XREF: sub_4061D3+1B�j
; sub_4061D3+1F�j ...
pop edi
pop esi
retn 8
sub_4061D3 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406207(LPCSTR lpszStart)
sub_406207 proc near ; CODE XREF: sub_403756+61�p start+378�p ...
lpszStart = dword ptr 4
push esi
mov esi, [esp+4+lpszStart]
push esi ; lpString
call ds:__imp_lstrlenA
add eax, esi
loc_406215: ; CODE XREF: sub_406207+1D�j
cmp byte ptr [eax], 5Ch
jz short loc_406226
push eax ; lpszCurrent
push esi ; lpszStart
call ds:CharPrevA ; CharPrevA
cmp eax, esi
ja short loc_406215
loc_406226: ; CODE XREF: sub_406207+11�j
mov byte ptr [eax], 0
pop esi
retn 4
sub_406207 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_40622D(LPCSTR lpString2)
sub_40622D proc near ; CODE XREF: start+282�p
; sub_40463C+1DA�p ...
lpString2 = dword ptr 4
push esi
push [esp+4+lpString2] ; lpString2
mov esi, offset FileName
push esi ; lpString1
call ds:__imp_lstrcpyA
push esi ; lpsz
call sub_405E0D
test eax, eax
jnz short loc_40624C
loc_406248: ; CODE XREF: sub_40622D+2C�j
; sub_40622D+31�j
xor eax, eax
jmp short loc_4062A3
; ---------------------------------------------------------------------------
loc_40624C: ; CODE XREF: sub_40622D+19�j
test byte ptr dword_426444, 80h
jz short loc_406260
mov cl, [eax]
test cl, cl
jz short loc_406248
cmp cl, 5Ch
jz short loc_406248
loc_406260: ; CODE XREF: sub_40622D+26�j
push ebx
mov ebx, ds:__imp_lstrlenA
push edi
mov edi, eax
sub edi, esi
jmp short loc_406283
; ---------------------------------------------------------------------------
loc_40626E: ; CODE XREF: sub_40622D+5B�j
push esi ; lpFileName
call sub_406168
test eax, eax
jz short loc_40627D
test byte ptr [eax], 10h
jz short loc_4062A7
loc_40627D: ; CODE XREF: sub_40622D+49�j
push esi ; lpszStart
call sub_406207
loc_406283: ; CODE XREF: sub_40622D+3F�j
push esi ; lpString
call ebx ; __imp_lstrlenA
cmp eax, edi
jg short loc_40626E
push esi ; lpString1
call sub_4061A6
push esi ; lpFileName
call ds:GetFileAttributesA ; GetFileAttributesA
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
loc_4062A1: ; CODE XREF: sub_40622D+7C�j
pop edi
pop ebx
loc_4062A3: ; CODE XREF: sub_40622D+1D�j
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4062A7: ; CODE XREF: sub_40622D+4E�j
xor eax, eax
jmp short loc_4062A1
sub_40622D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4062AB(LPCSTR lpString,LPCSTR lpString2)
sub_4062AB proc near ; CODE XREF: sub_406357+155�p
; sub_406357+18F�p
var_4 = dword ptr -4
lpString = dword ptr 8
lpString2 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
push [ebp+lpString2] ; lpString
mov edi, ds:__imp_lstrlenA
call edi ; __imp_lstrlenA
mov esi, [ebp+lpString]
mov [ebp+var_4], eax
jmp short loc_4062EC
; ---------------------------------------------------------------------------
loc_4062C5: ; CODE XREF: sub_4062AB+47�j
mov eax, [ebp+var_4]
push [ebp+lpString2] ; lpString2
mov bl, [eax+esi]
push esi ; lpString1
mov byte ptr [eax+esi], 0
call ds:lstrcmpiA ; lstrcmpiA
test eax, eax
mov eax, [ebp+var_4]
mov [eax+esi], bl
jz short loc_4062FD
push esi ; lpsz
call ds:CharNextA ; CharNextA
mov esi, eax
loc_4062EC: ; CODE XREF: sub_4062AB+18�j
push esi ; lpString
call edi ; __imp_lstrlenA
cmp eax, [ebp+var_4]
jge short loc_4062C5
xor eax, eax
loc_4062F6: ; CODE XREF: sub_4062AB+54�j
pop edi
pop esi
pop ebx
leave
retn 8
; ---------------------------------------------------------------------------
loc_4062FD: ; CODE XREF: sub_4062AB+36�j
mov eax, esi
jmp short loc_4062F6
sub_4062AB endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406301(LPCSTR lpFileName)
sub_406301 proc near ; CODE XREF: sub_401610+253�p
; sub_401610+4E9�p ...
lpFileName = dword ptr 4
push ebp
push esi
push edi
mov edi, [esp+0Ch+lpFileName]
push edi ; lpsz
call sub_405E0D
mov esi, eax
xor ebp, ebp
test esi, esi
jz short loc_40634A
push ebx
loc_406317: ; CODE XREF: sub_406301+46�j
push 5Ch ; char
push esi ; lpsz
call sub_405DCA
mov esi, eax
mov bl, [esi]
push edi ; lpFileName
mov byte ptr [esi], 0
call sub_406168
test eax, eax
jnz short loc_40633C
push eax ; lpSecurityAttributes
push edi ; lpPathName
call ds:CreateDirectoryA ; CreateDirectoryA
test eax, eax
jmp short loc_40633F
; ---------------------------------------------------------------------------
loc_40633C: ; CODE XREF: sub_406301+2D�j
test byte ptr [eax], 10h
loc_40633F: ; CODE XREF: sub_406301+39�j
jnz short loc_406342
inc ebp
loc_406342: ; CODE XREF: sub_406301:loc_40633F�j
mov [esi], bl
inc esi
test bl, bl
jnz short loc_406317
pop ebx
loc_40634A: ; CODE XREF: sub_406301+13�j
pop edi
xor eax, eax
test ebp, ebp
pop esi
setz al
pop ebp
retn 4
sub_406301 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_406357(int,LPCSTR hObject)
sub_406357 proc near ; CODE XREF: sub_401610+357�p
; start+35C�p ...
var_10 = dword ptr -10h
dwBytes = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
hObject = dword ptr 8
sub esp, 10h
push ebx
push ebp
push esi
push edi
push offset aKernel32_dll ; "KERNEL32.dll"
call ds:GetModuleHandleA ; GetModuleHandleA
test eax, eax
mov esi, [esp+20h+hObject]
jz short loc_406392
push offset aMovefileexa ; "MoveFileExA"
push eax ; hModule
call ds:GetProcAddress ; GetProcAddress
test eax, eax
jz short loc_406392
push 5
push esi
push [esp+28h+arg_0]
call eax
test eax, eax
jnz loc_4065A7
loc_406392: ; CODE XREF: sub_406357+18�j
; sub_406357+28�j
test esi, esi
mov ebp, ds:GetShortPathNameA
mov szShortPath, 4C554Eh
mov edi, 400h
jz short loc_4063D7
push 1 ; dwCreationDisposition
push 0 ; dwDesiredAccess
push esi ; lpFileName
call sub_405E7A
push eax ; hObject
call ds:CloseHandle ; CloseHandle
push edi ; cchBuffer
mov ebx, offset szShortPath
push ebx ; lpszShortPath
push esi ; lpszLongPath
call ebp ; GetShortPathNameA
test eax, eax
jz loc_4065AD
cmp eax, edi
jle short loc_4063E8
jmp loc_4065AD
; ---------------------------------------------------------------------------
loc_4063D7: ; CODE XREF: sub_406357+52�j
push offset aNul ; "NUL"
mov ebx, offset szShortPath
push ebx ; lpString1
call ds:__imp_lstrcpyA
loc_4063E8: ; CODE XREF: sub_406357+79�j
push edi ; cchBuffer
mov esi, offset byte_422DF0
push esi ; lpszShortPath
push [esp+28h+arg_0] ; lpszLongPath
call ebp ; GetShortPathNameA
xor ebp, ebp
cmp eax, ebp
jz loc_4065AD
cmp eax, edi
jg loc_4065AD
push esi
push ebx
push offset aSS_0 ; "%s=%s\r\n"
push offset byte_4229F0 ; LPSTR
call ds:wsprintfA ; wsprintfA
add esp, 10h
push 3F0h ; uSize
push esi ; lpBuffer
mov ebx, eax
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
push offset aWininit_ini ; "\\wininit.ini"
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
push ebp ; hTemplateFile
push 8000080h ; dwFlagsAndAttributes
push 4 ; dwCreationDisposition
push ebp ; lpSecurityAttributes
push ebp ; dwShareMode
push 0C0000000h ; dwDesiredAccess
push esi ; lpFileName
call ds:CreateFileA ; CreateFileA
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [esp+20h+var_10], edi
jz loc_4065A7
push ebp ; lpFileSizeHigh
push edi ; hFile
call ds:GetFileSize ; GetFileSize
mov esi, eax
xor ecx, ecx
push ecx ; lpName
lea ebp, [esi+ebx]
lea eax, [ebp+0Ah]
push eax ; dwMaximumSizeLow
push ecx ; dwMaximumSizeHigh
push 4 ; flProtect
push ecx ; lpFileMappingAttributes
push edi ; hFile
mov [esp+38h+var_4], ebp
mov [esp+38h+dwBytes], eax
call ds:CreateFileMappingA ; CreateFileMappingA
xor ecx, ecx
cmp eax, ecx
mov [esp+20h+hObject], eax
jz loc_40658F
push ecx ; dwNumberOfBytesToMap
push ecx ; dwFileOffsetLow
push ecx ; dwFileOffsetHigh
push 2 ; dwDesiredAccess
push eax ; hFileMappingObject
call ds:MapViewOfFile ; MapViewOfFile
mov edi, eax
test edi, edi
jz loc_40657F
push offset aRename ; "[Rename]\r\n"
push edi ; lpString
call sub_4062AB
test eax, eax
jnz short loc_4064DD
push offset aRename ; "[Rename]\r\n"
lea eax, [edi+esi]
push eax ; lpString1
call ds:__imp_lstrcpyA
push ebx
add esi, 0Ah
push offset byte_4229F0
lea eax, [edi+esi]
push eax
call sub_405E5A
add esi, ebx
jmp loc_406578
; ---------------------------------------------------------------------------
loc_4064DD: ; CODE XREF: sub_406357+15C�j
push offset asc_408C44 ; "\n["
add eax, 0Ah
push eax ; lpString
call sub_4062AB
test eax, eax
jz short loc_406567
push [esp+20h+dwBytes] ; dwBytes
inc eax
push 40h ; uFlags
mov [esp+28h+var_8], eax
mov [esp+28h+arg_0], eax
call ds:GlobalAlloc ; GlobalAlloc
mov ebp, eax
test ebp, ebp
jz short loc_40654C
push offset byte_4229F0 ; lpString2
push ebp ; lpString1
call ds:__imp_lstrcpyA
lea ecx, [edi+esi]
mov esi, [esp+20h+var_8]
add ebx, ebp
sub ebx, esi
loc_406521: ; CODE XREF: sub_406357+1DC�j
mov eax, [esp+20h+arg_0]
cmp eax, ecx
jnb short loc_406535
mov dl, [eax]
mov [ebx+eax], dl
inc eax
mov [esp+20h+arg_0], eax
jmp short loc_406521
; ---------------------------------------------------------------------------
loc_406535: ; CODE XREF: sub_406357+1D0�j
sub eax, esi
push eax
push ebp
push esi
call sub_405E5A
mov esi, [esp+20h+var_4]
push ebp ; hMem
call ds:GlobalFree ; GlobalFree
jmp short loc_406578
; ---------------------------------------------------------------------------
loc_40654C: ; CODE XREF: sub_406357+1B1�j
push edi ; lpBaseAddress
call ds:UnmapViewOfFile ; UnmapViewOfFile
push [esp+20h+hObject] ; hObject
mov esi, ds:CloseHandle
call esi ; CloseHandle
push [esp+20h+var_10] ; hObject
call esi ; CloseHandle
jmp short loc_4065AD
; ---------------------------------------------------------------------------
loc_406567: ; CODE XREF: sub_406357+196�j
push ebx
push offset byte_4229F0
lea eax, [edi+esi]
push eax
call sub_405E5A
mov esi, ebp
loc_406578: ; CODE XREF: sub_406357+181�j
; sub_406357+1F3�j
push edi ; lpBaseAddress
call ds:UnmapViewOfFile ; UnmapViewOfFile
loc_40657F: ; CODE XREF: sub_406357+149�j
push [esp+20h+hObject] ; hObject
call ds:CloseHandle ; CloseHandle
mov edi, [esp+20h+var_10]
xor ecx, ecx
loc_40658F: ; CODE XREF: sub_406357+133�j
push ecx ; dwMoveMethod
push ecx ; lpDistanceToMoveHigh
push esi ; lDistanceToMove
push edi ; hFile
call ds:SetFilePointer ; SetFilePointer
push edi ; hFile
call ds:SetEndOfFile ; SetEndOfFile
push edi ; hObject
call ds:CloseHandle ; CloseHandle
loc_4065A7: ; CODE XREF: sub_406357+35�j
; sub_406357+FE�j
inc dword_426470
loc_4065AD: ; CODE XREF: sub_406357+71�j
; sub_406357+7B�j ...
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn 8
sub_406357 endp
; =============== S U B R O U T I N E =======================================
; int __stdcall sub_4065B7(LPSTR lpString1,LPCSTR lpString2)
sub_4065B7 proc near ; CODE XREF: sub_4014F2+A�p
; sub_401508+23�p ...
ppidl = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
lpString1 = dword ptr 4
lpString2 = dword ptr 8
sub esp, 14h
push ebp
mov ebp, [esp+18h+lpString2]
test ebp, ebp
push esi
jge short loc_4065D5
mov ecx, dword_425BC8
lea eax, ds:4[ebp*4]
sub ecx, eax
mov ebp, [ecx]
loc_4065D5: ; CODE XREF: sub_4065B7+B�j
mov eax, dword_426418
mov ecx, [esp+1Ch+lpString1]
add ebp, eax
mov eax, offset byte_424F80
sub ecx, eax
cmp ecx, 800h
mov esi, eax
jnb short loc_4065FA
mov esi, [esp+1Ch+lpString1]
and [esp+1Ch+lpString1], 0
loc_4065FA: ; CODE XREF: sub_4065B7+38�j
mov dl, [ebp+0]
test dl, dl
jz loc_4067C4
push ebx
push edi
loc_406607: ; CODE XREF: sub_4065B7+205�j
mov ecx, esi
sub ecx, eax
cmp ecx, 400h
jge loc_4067C2
inc ebp
cmp dl, 0FCh
jbe loc_4067A4
movsx eax, byte ptr [ebp+1]
movsx ecx, byte ptr [ebp+0]
mov edi, eax
and edi, 7Fh
mov ebx, ecx
and ebx, 7Fh
shl edi, 7
or edi, ebx
mov ebx, 8000h
mov [esp+24h+var_10], ecx
or ecx, ebx
mov [esp+24h+var_8], eax
or eax, ebx
inc ebp
inc ebp
cmp dl, 0FEh
mov [esp+24h+var_C], ecx
mov [esp+24h+var_4], eax
jnz loc_40674E
xor edi, edi
cmp [esp+24h+var_8], 4
mov [esp+24h+lpString2], edi
mov byte ptr [esi], 0
jnz short loc_406677
push 2
mov [esp+28h+lpString2], offset aMicrosoftInter ; "\\Microsoft\\Internet Explorer\\Quick Laun"...
pop edi
loc_406677: ; CODE XREF: sub_4065B7+B3�j
mov ebx, [esp+24h+var_10]
cmp ebx, 2Bh
jnz short loc_406695
push esi ; lpData
push offset ValueName ; "CommonFilesDir"
push offset phkResult ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; cbData
call sub_405EF1
loc_406695: ; CODE XREF: sub_4065B7+C7�j
cmp ebx, 26h
jnz short loc_4066C0
push esi ; lpData
push offset aProgramfilesdi ; "ProgramFilesDir"
push offset phkResult ; "Software\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h ; cbData
call sub_405EF1
cmp byte ptr [esi], 0
jnz short loc_406731
push offset aCProgramFiles ; "C:\\Program Files"
push esi ; lpString1
call ds:__imp_lstrcpyA
loc_4066C0: ; CODE XREF: sub_4065B7+E1�j
cmp ebx, 25h
jnz short loc_4066D1
push 400h ; uSize
push esi ; lpBuffer
call ds:GetSystemDirectoryA ; GetSystemDirectoryA
loc_4066D1: ; CODE XREF: sub_4065B7+10C�j
cmp ebx, 24h
jnz short loc_4066E2
push 400h ; uSize
push esi ; lpBuffer
call ds:GetWindowsDirectoryA ; GetWindowsDirectoryA
loc_4066E2: ; CODE XREF: sub_4065B7+11D�j
cmp byte ptr [esi], 0
jnz short loc_406731
cmp dword_426464, 0
push 4
pop edi
jnz short loc_4066F8
push 2
pop edi
jmp short loc_406731
; ---------------------------------------------------------------------------
loc_4066F8: ; CODE XREF: sub_4065B7+13A�j
; sub_4065B7+17C�j
lea eax, [esp+24h+ppidl]
push eax ; ppidl
push [esp+edi*4+28h+ppidl] ; csidl
dec edi
push dword_4263E0 ; hwnd
call ds:SHGetSpecialFolderLocation ; SHGetSpecialFolderLocation
test eax, eax
jnz short loc_40672E
push esi ; pszPath
push [esp+28h+ppidl] ; pidl
call ds:SHGetPathFromIDListA ; SHGetPathFromIDListA
push [esp+24h+ppidl]
mov ebx, eax
call sub_405CD6
test ebx, ebx
jnz short loc_406735
jmp short loc_406731
; ---------------------------------------------------------------------------
loc_40672E: ; CODE XREF: sub_4065B7+159�j
mov byte ptr [esi], 0
loc_406731: ; CODE XREF: sub_4065B7+FB�j
; sub_4065B7+12E�j ...
test edi, edi
jnz short loc_4066F8
loc_406735: ; CODE XREF: sub_4065B7+173�j
cmp byte ptr [esi], 0
jz short loc_406780
cmp [esp+24h+lpString2], 0
jz short loc_406780
push [esp+24h+lpString2] ; lpString2
push esi ; lpString1
call ds:lstrcatA ; lstrcatA
jmp short loc_406780
; ---------------------------------------------------------------------------
loc_40674E: ; CODE XREF: sub_4065B7+9F�j
cmp dl, 0FDh
jnz short loc_406791
cmp edi, 1Bh
jnz short loc_406766
push dword_4263E0 ; int
push esi ; LPSTR
call sub_405F5B
jmp short loc_406778
; ---------------------------------------------------------------------------
loc_406766: ; CODE XREF: sub_4065B7+19F�j
mov eax, edi
shl eax, 0Ah
add eax, offset dword_427000
push eax ; lpString2
push esi ; lpString1
call ds:__imp_lstrcpyA
loc_406778: ; CODE XREF: sub_4065B7+1AD�j
add edi, 0FFFFFFEBh
cmp edi, 6
jnb short loc_406786
loc_406780: ; CODE XREF: sub_4065B7+181�j
; sub_4065B7+188�j ...
push esi ; lpszCurrent
call sub_406009
loc_406786: ; CODE XREF: sub_4065B7+1C7�j
; sub_4065B7+1EB�j
push esi ; lpString
call ds:__imp_lstrlenA
add esi, eax
jmp short loc_4067B2
; ---------------------------------------------------------------------------
loc_406791: ; CODE XREF: sub_4065B7+19A�j
cmp dl, 0FFh
jnz short loc_4067B2
or eax, 0FFFFFFFFh
sub eax, edi
push eax ; lpString2
push esi ; lpString1
call sub_4065B7
jmp short loc_406786
; ---------------------------------------------------------------------------
loc_4067A4: ; CODE XREF: sub_4065B7+64�j
jnz short loc_4067AF
mov al, [ebp+0]
mov [esi], al
inc esi
inc ebp
jmp short loc_4067B2
; ---------------------------------------------------------------------------
loc_4067AF: ; CODE XREF: sub_4065B7:loc_4067A4�j
mov [esi], dl
inc esi
loc_4067B2: ; CODE XREF: sub_4065B7+1D8�j
; sub_4065B7+1DD�j ...
mov dl, [ebp+0]
test dl, dl
mov eax, offset byte_424F80
jnz loc_406607
loc_4067C2: ; CODE XREF: sub_4065B7+5A�j
pop edi
pop ebx
loc_4067C4: ; CODE XREF: sub_4065B7+48�j
cmp [esp+1Ch+lpString1], 0
mov byte ptr [esi], 0
pop esi
pop ebp
jz short loc_4067E0
push 400h ; iMaxLength
push eax ; lpString2
push [esp+1Ch+lpString1] ; lpString1
call ds:lstrcpynA ; lstrcpynA
loc_4067E0: ; CODE XREF: sub_4065B7+217�j
add esp, 14h
retn 8
sub_4065B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_4067E6(LPCSTR lpString1,int)
sub_4067E6 proc near ; CODE XREF: sub_401610+795�p
; sub_403A96+36�p ...
String2 = _WIN32_FIND_DATAA ptr -144h
var_4 = dword ptr -4
lpString1 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 144h
push ebx
mov ebx, [ebp+lpString1]
push ebx ; lpString2
call sub_40622D
mov ecx, [ebp+arg_4]
test cl, 8
mov [ebp+var_4], eax
jz short loc_40681B
push ebx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
neg eax
sbb eax, eax
inc eax
add dword_426468, eax
jmp loc_4069D6
; ---------------------------------------------------------------------------
loc_40681B: ; CODE XREF: sub_4067E6+1C�j
mov [ebp+lpString1], ecx
and [ebp+lpString1], 1
push esi
jz short loc_406836
test eax, eax
jz loc_4069D5
test cl, 2
jz loc_40696C
loc_406836: ; CODE XREF: sub_4067E6+3D�j
push edi
push ebx ; lpString2
mov esi, offset byte_423B78
push esi ; lpString1
call ds:__imp_lstrcpyA
cmp [ebp+lpString1], 0
mov edi, ds:lstrcatA
jz short loc_40685A
push offset a_ ; "\\*.*"
push esi ; lpString1
call edi ; lstrcatA
jmp short loc_406860
; ---------------------------------------------------------------------------
loc_40685A: ; CODE XREF: sub_4067E6+68�j
push ebx ; lpszStart
call sub_406207
loc_406860: ; CODE XREF: sub_4067E6+72�j
push offset SubBlock ; "\\"
push ebx ; lpString1
call edi ; lstrcatA
push ebx ; lpString
call ds:__imp_lstrlenA
mov edi, eax
lea eax, [ebp+String2]
push eax ; lpFindFileData
push esi ; lpFileName
add edi, ebx
call ds:FindFirstFileA ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz loc_406961
loc_40688C: ; CODE XREF: sub_4067E6+16E�j
cmp [ebp+String2.cFileName], 2Eh
jnz short loc_4068AF
cmp [ebp+String2.cFileName+1], 2Eh
jz loc_406944
cmp [ebp+String2.cFileName+1], 0
jz loc_406944
loc_4068AF: ; CODE XREF: sub_4067E6+AD�j
lea eax, [ebp+String2.cFileName]
push eax ; lpString2
push edi ; lpString1
call ds:__imp_lstrcpyA
test byte ptr [ebp+String2.dwFileAttributes], 10h
jz short loc_4068DB
mov eax, [ebp+arg_4]
and eax, 3
cmp al, 3
jnz short loc_406944
push [ebp+arg_4] ; int
push ebx ; lpString1
call sub_4067E6
jmp short loc_406944
; ---------------------------------------------------------------------------
loc_4068DB: ; CODE XREF: sub_4067E6+DE�j
push ebx ; arglist
push offset aDeleteDeletefi ; "Delete: DeleteFile(\"%s\")"
call sub_40614C
mov eax, [ebp+String2.dwFileAttributes]
pop ecx
pop ecx
and eax, 0FFFFFFFEh
push eax ; dwFileAttributes
push ebx ; lpFileName
call ds:SetFileAttributesA ; SetFileAttributesA
push ebx ; lpFileName
call ds:DeleteFileA ; DeleteFileA
test eax, eax
push ebx ; arglist
jnz short loc_40693D
test byte ptr [ebp+arg_4], 4
jz short loc_406929
push offset aDeleteDelete_0 ; "Delete: DeleteFile on Reboot(\"%s\")"
call sub_40614C
pop ecx
pop ecx
push ebx ; lpString2
push 0FFFFFFF1h ; int
call sub_40509F
push 0 ; hObject
push ebx ; int
call sub_406357
jmp short loc_406944
; ---------------------------------------------------------------------------
loc_406929: ; CODE XREF: sub_4067E6+123�j
push offset aDeleteDelete_1 ; "Delete: DeleteFile failed(\"%s\")"
call sub_40614C
inc dword_426468
pop ecx
pop ecx
jmp short loc_406944
; ---------------------------------------------------------------------------
loc_40693D: ; CODE XREF: sub_4067E6+11D�j
push 0FFFFFFF2h ; int
call sub_40509F
loc_406944: ; CODE XREF: sub_4067E6+B6�j
; sub_4067E6+C3�j ...
lea eax, [ebp+String2]
push eax ; lpFindFileData
push esi ; hFindFile
call ds:FindNextFileA ; FindNextFileA
test eax, eax
jnz loc_40688C
push esi ; hFindFile
call ds:FindClose ; FindClose
loc_406961: ; CODE XREF: sub_4067E6+A0�j
cmp [ebp+lpString1], 0
jz short loc_40696B
mov byte ptr [edi-1], 0
loc_40696B: ; CODE XREF: sub_4067E6+17F�j
pop edi
loc_40696C: ; CODE XREF: sub_4067E6+4A�j
xor esi, esi
cmp [ebp+var_4], esi
jz short loc_4069D5
cmp [ebp+lpString1], esi
jz short loc_4069D5
push ebx ; lpString1
call sub_4061A6
push ebx ; arglist
push offset aRmdirRemovedir ; "RMDir: RemoveDirectory(\"%s\")"
call sub_40614C
pop ecx
pop ecx
push ebx ; lpPathName
call ds:RemoveDirectoryA ; RemoveDirectoryA
test eax, eax
push ebx ; arglist
jnz short loc_4069CE
test byte ptr [ebp+arg_4], 4
jz short loc_4069BA
push offset aRmdirRemoved_0 ; "RMDir: RemoveDirectory on Reboot(\"%s\")"
call sub_40614C
pop ecx
pop ecx
push ebx ; lpString2
push 0FFFFFFF1h ; int
call sub_40509F
push esi ; hObject
push ebx ; int
call sub_406357
jmp short loc_4069D5
; ---------------------------------------------------------------------------
loc_4069BA: ; CODE XREF: sub_4067E6+1B5�j
push offset aRmdirRemoved_1 ; "RMDir: RemoveDirectory failed(\"%s\")"
call sub_40614C
inc dword_426468
pop ecx
pop ecx
jmp short loc_4069D5
; ---------------------------------------------------------------------------
loc_4069CE: ; CODE XREF: sub_4067E6+1AF�j
push 0FFFFFFE5h ; int
call sub_40509F
loc_4069D5: ; CODE XREF: sub_4067E6+41�j
; sub_4067E6+18B�j ...
pop esi
loc_4069D6: ; CODE XREF: sub_4067E6+30�j
pop ebx
leave
retn 8
sub_4067E6 endp
; =============== S U B R O U T I N E =======================================
sub_4069DB proc near ; CODE XREF: sub_403756+1E5�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 80h
loc_4069E4: ; CODE XREF: sub_4069DB+E�j
dec ecx
mov byte ptr [ecx+eax], 0
jnz short loc_4069E4
or dword ptr [eax+78h], 0FFFFFFFFh
xor ecx, ecx
inc ecx
mov [eax+68h], ecx
mov [eax+64h], ecx
mov [eax+60h], ecx
mov [eax+5Ch], ecx
retn
sub_4069DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_4069FF proc near ; CODE XREF: sub_403420+13F�p
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
dwBytes = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
hMem = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 8Ch
push esi
mov esi, [ebp+74h+arg_0]
push edi
push 22h
pop ecx
lea edi, [ebp+74h+var_88]
rep movsd
cmp [ebp+74h+var_30], 0FFFFFFFFh
jnz short loc_406A25
xor eax, eax
inc eax
jmp loc_4073FD
; ---------------------------------------------------------------------------
loc_406A25: ; CODE XREF: sub_4069FF+1C�j
mov esi, [ebp+74h+var_54]
push ebx
mov ebx, [ebp+74h+var_44]
loc_406A2C: ; CODE XREF: sub_4069FF+54A�j
; sub_4069FF+879�j
mov eax, [ebp+74h+var_88]
cmp eax, 1Ch ; switch 29 cases
ja loc_4073F9 ; default
jmp ds:off_407404[eax*4] ; switch jump
loc_406A3F: ; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 0
jz loc_4073EA
mov eax, [ebp+74h+var_70]
dec [ebp+74h+var_6C]
mov al, [eax]
inc [ebp+74h+var_70]
cmp al, 0E1h
ja loc_4073F9 ; default
movzx eax, al
cdq
push 2Dh
pop ecx
idiv ecx
push 9
pop ecx
mov esi, eax
movzx eax, dl
cdq
idiv ecx
mov ecx, esi
movzx edi, dl
xor edx, edx
inc edx
shl edx, cl
mov ecx, eax
mov [ebp+74h+var_3C], edi
dec edx
mov [ebp+74h+var_1C], edx
xor edx, edx
inc edx
shl edx, cl
lea ecx, [edi+esi]
mov esi, 300h
shl esi, cl
dec edx
mov [ebp+74h+var_18], edx
add esi, 736h
lea edi, [esi+esi]
cmp edi, [ebp+74h+var_78]
jz short loc_406AC7
cmp [ebp+74h+hMem], 0
jz short loc_406AB3
push [ebp+74h+hMem] ; hMem
call ds:GlobalFree ; GlobalFree
loc_406AB3: ; CODE XREF: sub_4069FF+A9�j
push edi ; dwBytes
call sub_405DBB
test eax, eax
mov [ebp+74h+hMem], eax
jz loc_4073F9 ; default
mov [ebp+74h+var_78], edi
loc_406AC7: ; CODE XREF: sub_4069FF+A3�j
test esi, esi
jz short loc_406AD7
loc_406ACB: ; CODE XREF: sub_4069FF+D6�j
mov eax, [ebp+74h+hMem]
dec esi
mov word ptr [eax+esi*2], 400h
jnz short loc_406ACB
loc_406AD7: ; CODE XREF: sub_4069FF+CA�j
and [ebp+74h+var_48], 0
and [ebp+74h+dwBytes], 0
jmp short loc_406B05
; ---------------------------------------------------------------------------
loc_406AE1: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+10A�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 1
jz loc_40737A
mov eax, [ebp+74h+var_70]
mov ecx, [ebp+74h+var_48]
movzx eax, byte ptr [eax]
dec [ebp+74h+var_6C]
shl ecx, 3
shl eax, cl
or [ebp+74h+dwBytes], eax
inc [ebp+74h+var_70]
inc [ebp+74h+var_48]
loc_406B05: ; CODE XREF: sub_4069FF+E0�j
cmp [ebp+74h+var_48], 4
jl short loc_406AE1 ; jumptable 00406A38 case 1
mov eax, [ebp+74h+dwBytes]
cmp eax, [ebp+74h+var_74]
jz short loc_406B38
cmp [ebp+74h+var_8], 0
mov [ebp+74h+var_74], eax
jz short loc_406B25
push [ebp+74h+var_8] ; hMem
call ds:GlobalFree ; GlobalFree
loc_406B25: ; CODE XREF: sub_4069FF+11B�j
push [ebp+74h+dwBytes] ; dwBytes
call sub_405DBB
test eax, eax
mov [ebp+74h+var_8], eax
jz loc_4073F9 ; default
loc_406B38: ; CODE XREF: sub_4069FF+112�j
mov eax, [ebp+74h+var_8]
mov ecx, [ebp+74h+var_74]
mov byte ptr [eax+ecx-1], 0
mov [ebp+74h+var_48], 5
jmp short loc_406B6D
; ---------------------------------------------------------------------------
loc_406B4C: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+176�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 3
jz loc_407383
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406B6D: ; CODE XREF: sub_4069FF+14B�j
mov eax, [ebp+74h+var_48]
dec [ebp+74h+var_48]
test eax, eax
jnz short loc_406B4C ; jumptable 00406A38 case 3
loc_406B77: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
mov eax, [ebp+74h+var_60] ; jumptable 00406A38 case 2
and eax, [ebp+74h+var_1C]
mov ecx, [ebp+74h+var_38]
shl ecx, 4
add ecx, eax
mov [ebp+74h+var_4C], eax
mov eax, [ebp+74h+hMem]
lea esi, [eax+ecx*2]
mov [ebp+74h+var_84], 6
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406B9A: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
xor edx, edx ; jumptable 00406A38 case 6
cmp [ebp+74h+dwBytes], edx
jnz short loc_406C12
movzx eax, [ebp+74h+var_5C]
mov esi, [ebp+74h+var_60]
and esi, [ebp+74h+var_18]
xor ecx, ecx
mov cl, 8
sub cl, byte ptr [ebp+74h+var_3C]
shr eax, cl
mov ecx, [ebp+74h+var_3C]
shl esi, cl
mov ecx, [ebp+74h+hMem]
add eax, esi
lea eax, [eax+eax*2]
shl eax, 9
cmp [ebp+74h+var_38], 4
lea eax, [eax+ecx+0E6Ch]
mov [ebp+74h+var_58], eax
jge short loc_406BD9
mov [ebp+74h+var_38], edx
jmp short loc_406BE9
; ---------------------------------------------------------------------------
loc_406BD9: ; CODE XREF: sub_4069FF+1D3�j
cmp [ebp+74h+var_38], 0Ah
jge short loc_406BE5
sub [ebp+74h+var_38], 3
jmp short loc_406BE9
; ---------------------------------------------------------------------------
loc_406BE5: ; CODE XREF: sub_4069FF+1DE�j
sub [ebp+74h+var_38], 6
loc_406BE9: ; CODE XREF: sub_4069FF+1D8�j
; sub_4069FF+1E4�j
cmp [ebp+74h+var_34], edx
jz short loc_406C0A
mov eax, [ebp+74h+var_14]
sub eax, [ebp+74h+var_2C]
cmp eax, [ebp+74h+var_74]
jb short loc_406BFC
add eax, [ebp+74h+var_74]
loc_406BFC: ; CODE XREF: sub_4069FF+1F8�j
mov ecx, [ebp+74h+var_8]
mov al, [eax+ecx]
xor ebx, ebx
mov [ebp+74h+var_5B], al
inc ebx
jmp short loc_406C6F
; ---------------------------------------------------------------------------
loc_406C0A: ; CODE XREF: sub_4069FF+1ED�j
xor ebx, ebx
inc ebx
jmp loc_406DE0
; ---------------------------------------------------------------------------
loc_406C12: ; CODE XREF: sub_4069FF+1A0�j
mov eax, [ebp+74h+hMem]
mov ecx, [ebp+74h+var_38]
mov [ebp+74h+var_34], 1
lea esi, [eax+ecx*2+180h]
mov [ebp+74h+var_84], 7
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406C32: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+2E9�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 13
jz loc_40738C
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406C57: ; CODE XREF: sub_4069FF+2E3�j
mov eax, [ebp+74h+dwBytes]
cmp [ebp+74h+var_48], eax
jnz loc_406D12
cmp ebx, 100h
jge loc_406D78
loc_406C6F: ; CODE XREF: sub_4069FF+209�j
movzx eax, [ebp+74h+var_5B]
shl [ebp+74h+var_5B], 1
mov ecx, [ebp+74h+var_58]
shr eax, 7
mov [ebp+74h+var_48], eax
inc eax
shl eax, 8
add eax, ebx
lea esi, [ecx+eax*2]
mov ax, [esi]
mov ecx, [ebp+74h+var_10]
movzx edx, ax
shr ecx, 0Bh
imul ecx, edx
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_406CB9
and [ebp+74h+dwBytes], 0
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edx
sar ecx, 5
add ecx, eax
mov [esi], cx
shl ebx, 1
jmp short loc_406CD8
; ---------------------------------------------------------------------------
loc_406CB9: ; CODE XREF: sub_4069FF+29E�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
mov [ebp+74h+dwBytes], 1
lea ebx, [ebx+ebx+1]
sub eax, ecx
mov [esi], ax
loc_406CD8: ; CODE XREF: sub_4069FF+2B8�j
cmp [ebp+74h+var_10], 1000000h
mov [ebp+74h+var_44], ebx
jnb loc_406C57
jmp loc_406C32 ; jumptable 00406A38 case 13
; ---------------------------------------------------------------------------
loc_406CED: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+374�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 14
jz loc_407395
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406D12: ; CODE XREF: sub_4069FF+25E�j
; sub_4069FF+372�j
cmp ebx, 100h
jge short loc_406D78
mov eax, [ebp+74h+var_58]
mov ecx, [ebp+74h+var_10]
lea edx, [ebx+ebx]
lea esi, [edx+eax]
mov ax, [esi]
movzx edi, ax
shr ecx, 0Bh
imul ecx, edi
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_406D50
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edi
sar ecx, 5
add ecx, eax
mov [esi], cx
shl ebx, 1
jmp short loc_406D67
; ---------------------------------------------------------------------------
loc_406D50: ; CODE XREF: sub_4069FF+339�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
lea ebx, [edx+1]
sub eax, ecx
mov [esi], ax
loc_406D67: ; CODE XREF: sub_4069FF+34F�j
cmp [ebp+74h+var_10], 1000000h
mov [ebp+74h+var_44], ebx
jnb short loc_406D12
jmp loc_406CED ; jumptable 00406A38 case 14
; ---------------------------------------------------------------------------
loc_406D78: ; CODE XREF: sub_4069FF+26A�j
; sub_4069FF+319�j
and [ebp+74h+var_34], 0
loc_406D7C: ; CODE XREF: sub_4069FF+3DF�j
mov al, byte ptr [ebp+74h+var_44]
mov [ebp+74h+var_5C], al
loc_406D82: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_64], 0 ; jumptable 00406A38 case 26
jz loc_4073A7
mov al, [ebp+74h+var_5C]
mov ecx, [ebp+74h+var_68]
mov edx, [ebp+74h+var_8]
inc [ebp+74h+var_60]
inc [ebp+74h+var_68]
dec [ebp+74h+var_64]
mov [ecx], al
mov ecx, [ebp+74h+var_14]
mov [ecx+edx], al
lea eax, [ecx+1]
xor edx, edx
div [ebp+74h+var_74]
jmp loc_406F3F
; ---------------------------------------------------------------------------
loc_406DB3: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+43A�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 15
jz loc_40739E
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_406DD8: ; CODE XREF: sub_4069FF+438�j
cmp ebx, 100h
jge short loc_406D7C
loc_406DE0: ; CODE XREF: sub_4069FF+20E�j
mov eax, [ebp+74h+var_58]
mov ecx, [ebp+74h+var_10]
lea edx, [ebx+ebx]
lea esi, [edx+eax]
mov ax, [esi]
movzx edi, ax
shr ecx, 0Bh
imul ecx, edi
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_406E16
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edi
sar ecx, 5
add ecx, eax
mov [esi], cx
shl ebx, 1
jmp short loc_406E2D
; ---------------------------------------------------------------------------
loc_406E16: ; CODE XREF: sub_4069FF+3FF�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
lea ebx, [edx+1]
sub eax, ecx
mov [esi], ax
loc_406E2D: ; CODE XREF: sub_4069FF+415�j
cmp [ebp+74h+var_10], 1000000h
mov [ebp+74h+var_44], ebx
jnb short loc_406DD8
jmp loc_406DB3 ; jumptable 00406A38 case 15
; ---------------------------------------------------------------------------
loc_406E3E: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 1 ; jumptable 00406A38 case 7
jnz short loc_406E5D
mov eax, [ebp+74h+hMem]
mov ecx, [ebp+74h+var_38]
lea esi, [eax+ecx*2+198h]
mov [ebp+74h+var_84], 8
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406E5D: ; CODE XREF: sub_4069FF+443�j
mov eax, [ebp+74h+var_24]
mov [ebp+74h+var_20], eax
mov eax, [ebp+74h+var_28]
mov [ebp+74h+var_24], eax
mov eax, [ebp+74h+var_2C]
mov [ebp+74h+var_28], eax
xor eax, eax
cmp [ebp+74h+var_38], 7
mov [ebp+74h+var_80], 16h
setnl al
dec eax
and eax, 0FFFFFFFDh
add eax, 0Ah
mov [ebp+74h+var_38], eax
mov eax, [ebp+74h+hMem]
add eax, 664h
mov [ebp+74h+var_58], eax
loc_406E94: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+5A8�j
; DATA XREF: ...
mov esi, [ebp+74h+var_58] ; jumptable 00406A38 case 17
mov [ebp+74h+var_84], 12h
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406EA3: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 0 ; jumptable 00406A38 case 8
jnz short loc_406EC7
mov eax, [ebp+74h+var_38]
mov ecx, [ebp+74h+hMem]
add eax, 0Fh
shl eax, 4
add eax, [ebp+74h+var_4C]
mov [ebp+74h+var_84], 9
lea esi, [ecx+eax*2]
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406EC7: ; CODE XREF: sub_4069FF+4A8�j
mov eax, [ebp+74h+hMem]
mov ecx, [ebp+74h+var_38]
lea esi, [eax+ecx*2+1B0h]
mov [ebp+74h+var_84], 0Ah
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406EE0: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 0 ; jumptable 00406A38 case 9
jnz loc_406F95
cmp [ebp+74h+var_60], 0
jz loc_4073F9 ; default
xor eax, eax
cmp [ebp+74h+var_38], 7
setnl al
lea eax, [eax+eax+9]
mov [ebp+74h+var_38], eax
loc_406F04: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_64], 0 ; jumptable 00406A38 case 27
jz loc_4073B0
mov eax, [ebp+74h+var_14]
sub eax, [ebp+74h+var_2C]
cmp eax, [ebp+74h+var_74]
jb short loc_406F1C
add eax, [ebp+74h+var_74]
loc_406F1C: ; CODE XREF: sub_4069FF+518�j
mov edx, [ebp+74h+var_8]
mov cl, [eax+edx]
mov eax, [ebp+74h+var_14]
mov [eax+edx], cl
inc eax
xor edx, edx
div [ebp+74h+var_74]
inc [ebp+74h+var_60]
mov eax, [ebp+74h+var_68]
inc [ebp+74h+var_68]
dec [ebp+74h+var_64]
mov [ebp+74h+var_5C], cl
mov [eax], cl
loc_406F3F: ; CODE XREF: sub_4069FF+3AF�j
mov [ebp+74h+var_14], edx
loc_406F42: ; CODE XREF: sub_4069FF+7C3�j
mov [ebp+74h+var_88], 2
jmp loc_406A2C
; ---------------------------------------------------------------------------
loc_406F4E: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 0 ; jumptable 00406A38 case 10
jnz short loc_406F59
mov eax, [ebp+74h+var_28]
jmp short loc_406F8C
; ---------------------------------------------------------------------------
loc_406F59: ; CODE XREF: sub_4069FF+553�j
mov eax, [ebp+74h+hMem]
mov ecx, [ebp+74h+var_38]
lea esi, [eax+ecx*2+1C8h]
mov [ebp+74h+var_84], 0Bh
jmp loc_4071FA
; ---------------------------------------------------------------------------
loc_406F72: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 0 ; jumptable 00406A38 case 11
jnz short loc_406F7D
mov eax, [ebp+74h+var_24]
jmp short loc_406F86
; ---------------------------------------------------------------------------
loc_406F7D: ; CODE XREF: sub_4069FF+577�j
mov ecx, [ebp+74h+var_24]
mov eax, [ebp+74h+var_20]
mov [ebp+74h+var_20], ecx
loc_406F86: ; CODE XREF: sub_4069FF+57C�j
mov ecx, [ebp+74h+var_28]
mov [ebp+74h+var_24], ecx
loc_406F8C: ; CODE XREF: sub_4069FF+558�j
mov ecx, [ebp+74h+var_2C]
mov [ebp+74h+var_28], ecx
mov [ebp+74h+var_2C], eax
loc_406F95: ; CODE XREF: sub_4069FF+4E5�j
mov eax, [ebp+74h+hMem]
add eax, 0A68h
mov [ebp+74h+var_58], eax
mov [ebp+74h+var_80], 15h
jmp loc_406E94 ; jumptable 00406A38 case 17
; ---------------------------------------------------------------------------
loc_406FAC: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
xor eax, eax ; jumptable 00406A38 case 21
cmp [ebp+74h+var_38], 7
setnl al
dec eax
and eax, 0FFFFFFFDh
add eax, 0Bh
mov [ebp+74h+var_38], eax
jmp loc_407160
; ---------------------------------------------------------------------------
loc_406FC4: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
mov eax, [ebp+74h+var_30] ; jumptable 00406A38 case 22
cmp eax, 4
jl short loc_406FCF
push 3
pop eax
loc_406FCF: ; CODE XREF: sub_4069FF+5CB�j
mov ecx, [ebp+74h+hMem]
shl eax, 7
lea eax, [eax+ecx+360h]
mov [ebp+74h+var_58], eax
mov [ebp+74h+dwBytes], 6
mov [ebp+74h+var_7C], 19h
jmp loc_4072BB ; jumptable 00406A38 case 23
; ---------------------------------------------------------------------------
loc_406FF2: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp ebx, 4 ; jumptable 00406A38 case 25
jl short loc_40702C
mov ecx, ebx
mov eax, ebx
and eax, 1
sar ecx, 1
dec ecx
or eax, 2
shl eax, cl
cmp ebx, 0Eh
mov [ebp+74h+var_2C], eax
jge short loc_407022
mov edx, [ebp+74h+hMem]
sub eax, ebx
lea eax, [edx+eax*2+55Eh]
mov [ebp+74h+dwBytes], ecx
jmp loc_4070A3
; ---------------------------------------------------------------------------
loc_407022: ; CODE XREF: sub_4069FF+60D�j
xor ebx, ebx
add ecx, 0FFFFFFFCh
mov [ebp+74h+var_48], ecx
jmp short loc_40705F
; ---------------------------------------------------------------------------
loc_40702C: ; CODE XREF: sub_4069FF+5F6�j
mov [ebp+74h+var_2C], ebx
jmp loc_40715D
; ---------------------------------------------------------------------------
loc_407034: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+68B�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 12
jz loc_4073B9
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
mov eax, [ebp+74h+var_2C]
loc_40705C: ; CODE XREF: sub_4069FF+689�j
dec [ebp+74h+var_48]
loc_40705F: ; CODE XREF: sub_4069FF+62B�j
cmp [ebp+74h+var_48], 0
jle short loc_40708C
mov ecx, [ebp+74h+var_C]
shr [ebp+74h+var_10], 1
shl ebx, 1
cmp ecx, [ebp+74h+var_10]
mov [ebp+74h+var_44], ebx
jb short loc_407081
mov ecx, [ebp+74h+var_10]
sub [ebp+74h+var_C], ecx
or ebx, 1
mov [ebp+74h+var_44], ebx
loc_407081: ; CODE XREF: sub_4069FF+674�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_40705C
jmp short loc_407034 ; jumptable 00406A38 case 12
; ---------------------------------------------------------------------------
loc_40708C: ; CODE XREF: sub_4069FF+664�j
shl ebx, 4
add eax, ebx
mov [ebp+74h+var_2C], eax
mov eax, [ebp+74h+hMem]
add eax, 644h
mov [ebp+74h+dwBytes], 4
loc_4070A3: ; CODE XREF: sub_4069FF+61E�j
xor ebx, ebx
mov [ebp+74h+var_58], eax
mov [ebp+74h+var_50], 1
mov [ebp+74h+var_44], ebx
mov [ebp+74h+var_48], ebx
jmp short loc_4070DF
; ---------------------------------------------------------------------------
loc_4070B7: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+756�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 16
jz loc_4073C2
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_4070DC: ; CODE XREF: sub_4069FF+754�j
inc [ebp+74h+var_48]
loc_4070DF: ; CODE XREF: sub_4069FF+6B6�j
mov eax, [ebp+74h+dwBytes]
cmp [ebp+74h+var_48], eax
jge short loc_40715A
mov edi, [ebp+74h+var_50]
mov eax, [ebp+74h+var_58]
mov edx, [ebp+74h+var_10]
add edi, edi
lea esi, [edi+eax]
mov ax, [esi]
movzx ecx, ax
shr edx, 0Bh
imul edx, ecx
cmp [ebp+74h+var_C], edx
mov [ebp+74h+var_54], esi
jnb short loc_407120
mov [ebp+74h+var_10], edx
mov edx, 800h
sub edx, ecx
sar edx, 5
add edx, eax
shl [ebp+74h+var_50], 1
mov [esi], dx
jmp short loc_40714C
; ---------------------------------------------------------------------------
loc_407120: ; CODE XREF: sub_4069FF+708�j
xor ecx, ecx
inc ecx
sub [ebp+74h+var_10], edx
sub [ebp+74h+var_C], edx
mov ebx, ecx
mov ecx, [ebp+74h+var_48]
shl ebx, cl
mov ecx, ebx
mov ebx, [ebp+74h+var_44]
or ebx, ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
mov [ebp+74h+var_44], ebx
sub eax, ecx
inc edi
mov [esi], ax
mov [ebp+74h+var_50], edi
loc_40714C: ; CODE XREF: sub_4069FF+71F�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_4070DC
jmp loc_4070B7 ; jumptable 00406A38 case 16
; ---------------------------------------------------------------------------
loc_40715A: ; CODE XREF: sub_4069FF+6E6�j
add [ebp+74h+var_2C], ebx
loc_40715D: ; CODE XREF: sub_4069FF+630�j
inc [ebp+74h+var_2C]
loc_407160: ; CODE XREF: sub_4069FF+5C0�j
mov eax, [ebp+74h+var_2C]
test eax, eax
jz loc_4073CB
cmp eax, [ebp+74h+var_60]
ja loc_4073F9 ; default
add [ebp+74h+var_30], 2
mov eax, [ebp+74h+var_30]
add [ebp+74h+var_60], eax
loc_40717E: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+7C1�j
; DATA XREF: ...
cmp [ebp+74h+var_64], 0 ; jumptable 00406A38 case 28
jz loc_4073D1
mov eax, [ebp+74h+var_14]
sub eax, [ebp+74h+var_2C]
cmp eax, [ebp+74h+var_74]
jb short loc_407196
add eax, [ebp+74h+var_74]
loc_407196: ; CODE XREF: sub_4069FF+792�j
mov edx, [ebp+74h+var_8]
mov cl, [eax+edx]
mov eax, [ebp+74h+var_14]
mov [eax+edx], cl
inc eax
xor edx, edx
div [ebp+74h+var_74]
mov eax, [ebp+74h+var_68]
inc [ebp+74h+var_68]
dec [ebp+74h+var_64]
dec [ebp+74h+var_30]
cmp [ebp+74h+var_30], 0
mov [ebp+74h+var_5C], cl
mov [eax], cl
mov [ebp+74h+var_14], edx
jg short loc_40717E ; jumptable 00406A38 case 28
jmp loc_406F42
; ---------------------------------------------------------------------------
loc_4071C7: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 0 ; jumptable 00406A38 case 18
jnz short loc_4071ED
mov eax, [ebp+74h+var_4C]
and [ebp+74h+var_30], 0
mov ecx, [ebp+74h+var_58]
shl eax, 4
lea eax, [ecx+eax+4]
loc_4071DE: ; CODE XREF: sub_4069FF+89B�j
mov [ebp+74h+var_58], eax
mov [ebp+74h+dwBytes], 3
jmp loc_4072B4
; ---------------------------------------------------------------------------
loc_4071ED: ; CODE XREF: sub_4069FF+7CC�j
mov esi, [ebp+74h+var_58]
add esi, 2
mov [ebp+74h+var_84], 13h
loc_4071FA: ; CODE XREF: sub_4069FF+196�j
; sub_4069FF+22E�j ...
mov [ebp+74h+var_54], esi
loc_4071FD: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
mov ax, [esi] ; jumptable 00406A38 case 4
mov ecx, [ebp+74h+var_10]
movzx edx, ax
shr ecx, 0Bh
imul ecx, edx
cmp [ebp+74h+var_C], ecx
jnb short loc_407229
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edx
sar ecx, 5
add ecx, eax
and [ebp+74h+dwBytes], 0
mov [esi], cx
jmp short loc_407244
; ---------------------------------------------------------------------------
loc_407229: ; CODE XREF: sub_4069FF+810�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
mov [ebp+74h+dwBytes], 1
sub eax, ecx
mov [esi], ax
loc_407244: ; CODE XREF: sub_4069FF+828�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_407272
loc_40724D: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 5
jz loc_4073DA
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_407272: ; CODE XREF: sub_4069FF+84C�j
mov eax, [ebp+74h+var_84]
loc_407275: ; CODE XREF: sub_4069FF+96B�j
; sub_4069FF+976�j
mov [ebp+74h+var_88], eax
jmp loc_406A2C
; ---------------------------------------------------------------------------
loc_40727D: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
cmp [ebp+74h+dwBytes], 0 ; jumptable 00406A38 case 19
jnz short loc_40729F
mov eax, [ebp+74h+var_4C]
mov ecx, [ebp+74h+var_58]
shl eax, 4
mov [ebp+74h+var_30], 8
lea eax, [ecx+eax+104h]
jmp loc_4071DE
; ---------------------------------------------------------------------------
loc_40729F: ; CODE XREF: sub_4069FF+882�j
add [ebp+74h+var_58], 204h
mov [ebp+74h+var_30], 10h
mov [ebp+74h+dwBytes], 8
loc_4072B4: ; CODE XREF: sub_4069FF+7E9�j
mov [ebp+74h+var_7C], 14h
loc_4072BB: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+5EE�j
; DATA XREF: ...
mov eax, [ebp+74h+dwBytes] ; jumptable 00406A38 case 23
mov [ebp+74h+var_50], 1
mov [ebp+74h+var_48], eax
jmp short loc_4072F2
; ---------------------------------------------------------------------------
loc_4072CA: ; CODE XREF: sub_4069FF+39�j
; sub_4069FF+953�j
; DATA XREF: ...
cmp [ebp+74h+var_6C], 0 ; jumptable 00406A38 case 24
jz loc_4073E3
mov ecx, [ebp+74h+var_70]
mov eax, [ebp+74h+var_C]
movzx ecx, byte ptr [ecx]
shl [ebp+74h+var_10], 8
dec [ebp+74h+var_6C]
shl eax, 8
or eax, ecx
inc [ebp+74h+var_70]
mov [ebp+74h+var_C], eax
loc_4072EF: ; CODE XREF: sub_4069FF+951�j
dec [ebp+74h+var_48]
loc_4072F2: ; CODE XREF: sub_4069FF+8C9�j
cmp [ebp+74h+var_48], 0
jle short loc_407357
mov edx, [ebp+74h+var_50]
mov eax, [ebp+74h+var_58]
mov ecx, [ebp+74h+var_10]
add edx, edx
lea esi, [edx+eax]
mov ax, [esi]
movzx edi, ax
shr ecx, 0Bh
imul ecx, edi
cmp [ebp+74h+var_C], ecx
mov [ebp+74h+var_54], esi
jnb short loc_407331
mov [ebp+74h+var_10], ecx
mov ecx, 800h
sub ecx, edi
sar ecx, 5
add ecx, eax
shl [ebp+74h+var_50], 1
mov [esi], cx
jmp short loc_407349
; ---------------------------------------------------------------------------
loc_407331: ; CODE XREF: sub_4069FF+919�j
sub [ebp+74h+var_10], ecx
sub [ebp+74h+var_C], ecx
xor ecx, ecx
mov cx, ax
shr cx, 5
sub eax, ecx
inc edx
mov [esi], ax
mov [ebp+74h+var_50], edx
loc_407349: ; CODE XREF: sub_4069FF+930�j
cmp [ebp+74h+var_10], 1000000h
jnb short loc_4072EF
jmp loc_4072CA ; jumptable 00406A38 case 24
; ---------------------------------------------------------------------------
loc_407357: ; CODE XREF: sub_4069FF+8F7�j
mov ecx, [ebp+74h+dwBytes]
mov ebx, [ebp+74h+var_50]
xor eax, eax
inc eax
shl eax, cl
sub ebx, eax
mov eax, [ebp+74h+var_7C]
mov [ebp+74h+var_44], ebx
jmp loc_407275
; ---------------------------------------------------------------------------
loc_40736F: ; CODE XREF: sub_4069FF+39�j
; DATA XREF: .text:off_407404�o
add [ebp+74h+var_30], ebx ; jumptable 00406A38 case 20
mov eax, [ebp+74h+var_80]
jmp loc_407275
; ---------------------------------------------------------------------------
loc_40737A: ; CODE XREF: sub_4069FF+E6�j
mov [ebp+74h+var_88], 1
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_407383: ; CODE XREF: sub_4069FF+151�j
mov [ebp+74h+var_88], 3
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_40738C: ; CODE XREF: sub_4069FF+237�j
mov [ebp+74h+var_88], 0Dh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_407395: ; CODE XREF: sub_4069FF+2F2�j
mov [ebp+74h+var_88], 0Eh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_40739E: ; CODE XREF: sub_4069FF+3B8�j
mov [ebp+74h+var_88], 0Fh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073A7: ; CODE XREF: sub_4069FF+387�j
mov [ebp+74h+var_88], 1Ah
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073B0: ; CODE XREF: sub_4069FF+509�j
mov [ebp+74h+var_88], 1Bh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073B9: ; CODE XREF: sub_4069FF+639�j
mov [ebp+74h+var_88], 0Ch
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073C2: ; CODE XREF: sub_4069FF+6BC�j
mov [ebp+74h+var_88], 10h
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073CB: ; CODE XREF: sub_4069FF+766�j
or [ebp+74h+var_30], 0FFFFFFFFh
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073D1: ; CODE XREF: sub_4069FF+783�j
mov [ebp+74h+var_88], 1Ch
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073DA: ; CODE XREF: sub_4069FF+852�j
mov [ebp+74h+var_88], 5
jmp short loc_4073EA
; ---------------------------------------------------------------------------
loc_4073E3: ; CODE XREF: sub_4069FF+8CF�j
mov [ebp+74h+var_88], 18h
loc_4073EA: ; CODE XREF: sub_4069FF+44�j
; sub_4069FF+982�j ...
mov edi, [ebp+74h+arg_0]
push 22h
pop ecx
lea esi, [ebp+74h+var_88]
rep movsd
xor eax, eax
jmp short loc_4073FC
; ---------------------------------------------------------------------------
loc_4073F9: ; CODE XREF: sub_4069FF+33�j
; sub_4069FF+57�j ...
or eax, 0FFFFFFFFh ; default
loc_4073FC: ; CODE XREF: sub_4069FF+9F8�j
pop ebx
loc_4073FD: ; CODE XREF: sub_4069FF+21�j
pop edi
pop esi
add ebp, 74h
leave
retn
sub_4069FF endp
; ---------------------------------------------------------------------------
off_407404 dd offset loc_406A3F ; DATA XREF: sub_4069FF+39�r
dd offset loc_406AE1 ; jump table for switch statement
dd offset loc_406B77
dd offset loc_406B4C
dd offset loc_4071FD
dd offset loc_40724D
dd offset loc_406B9A
dd offset loc_406E3E
dd offset loc_406EA3
dd offset loc_406EE0
dd offset loc_406F4E
dd offset loc_406F72
dd offset loc_407034
dd offset loc_406C32
dd offset loc_406CED
dd offset loc_406DB3
dd offset loc_4070B7
dd offset loc_406E94
dd offset loc_4071C7
dd offset loc_40727D
dd offset loc_40736F
dd offset loc_406FAC
dd offset loc_406FC4
dd offset loc_4072BB
dd offset loc_4072CA
dd offset loc_406FF2
dd offset loc_406D82
dd offset loc_406F04
dd offset loc_40717E
; [00000006 BYTES: COLLAPSED FUNCTION VerQueryValueA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoA. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION GetFileVersionInfoSizeA. PRESS KEYPAD "+" TO EXPAND]
align 200h
_text ends
; Section 2. (virtual address 00008000)
; Virtual size : 00001C72 ( 7282.)
; Section size in file : 00001E00 ( 7680.)
; Offset to raw data for section: 00006A00
; Flags 40000040: Data Readable
; Alignment : default
;
; Imports from ADVAPI32.dll
;
; ===========================================================================
; Segment type: Externs
; _idata
; LSTATUS __stdcall RegDeleteKeyA(HKEY hKey,LPCSTR lpSubKey)
extrn RegDeleteKeyA:dword ; CODE XREF: sub_401540+6C�p
; DATA XREF: sub_401540+6C�r
; LSTATUS __stdcall RegEnumKeyA(HKEY hKey,DWORD dwIndex,LPSTR lpName,DWORD cchName)
extrn RegEnumKeyA:dword ; CODE XREF: sub_401540+57�p
; sub_401610+1561�p
; DATA XREF: ...
; LSTATUS __stdcall RegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,PHKEY phkResult)
extrn RegOpenKeyExA:dword ; CODE XREF: sub_401540+1B�p
; sub_4015C7+34�p ...
; LSTATUS __stdcall RegEnumValueA(HKEY hKey,DWORD dwIndex,LPSTR lpValueName,LPDWORD lpcchValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData)
extrn RegEnumValueA:dword ; CODE XREF: sub_401610+1574�p
; DATA XREF: sub_401610+1574�r
; LSTATUS __stdcall RegDeleteValueA(HKEY hKey,LPCSTR lpValueName)
extrn RegDeleteValueA:dword ; CODE XREF: sub_401610+1320�p
; DATA XREF: sub_401610+1320�r
; LSTATUS __stdcall RegCreateKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass,DWORD dwOptions,REGSAM samDesired,const LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult,LPDWORD lpdwDisposition)
extrn RegCreateKeyExA:dword ; CODE XREF: sub_401610+13E0�p
; DATA XREF: sub_401610+13E0�r
; LSTATUS __stdcall RegSetValueExA(HKEY hKey,LPCSTR lpValueName,DWORD Reserved,DWORD dwType,const BYTE *lpData,DWORD cbData)
extrn RegSetValueExA:dword ; CODE XREF: sub_401610+148A�p
; DATA XREF: sub_401610+148A�r
; LSTATUS __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData,LPDWORD lpcbData)
extrn RegQueryValueExA:dword ; CODE XREF: sub_401610+14EB�p
; sub_405EF1+3D�p
; DATA XREF: ...
; LSTATUS __stdcall RegCloseKey(HKEY hKey)
extrn RegCloseKey:dword ; CODE XREF: sub_401540+60�p
; sub_401540+7C�p ...
;
; Imports from COMCTL32.dll
;
; void __stdcall InitCommonControls()
extrn InitCommonControls:dword ; CODE XREF: start+17�p
; DATA XREF: start+17�r
; int __stdcall ImageList_AddMasked(HIMAGELIST himl,HBITMAP hbmImage,COLORREF crMask)
extrn ImageList_AddMasked:dword ; CODE XREF: sub_404A94+BC�p
; DATA XREF: sub_404A94+BC�r
; BOOL __stdcall ImageList_Destroy(HIMAGELIST himl)
extrn ImageList_Destroy:dword ; CODE XREF: sub_404A94+443�p
; DATA XREF: sub_404A94+443�r
; HIMAGELIST __stdcall ImageList_Create(int cx,int cy,UINT flags,int cInitial,int cGrow)
extrn ImageList_Create:dword ; CODE XREF: sub_404A94+A8�p
; DATA XREF: sub_404A94+A8�r
;
; Imports from GDI32.dll
;
; int __stdcall GetDeviceCaps(HDC hdc,int index)
extrn GetDeviceCaps:dword ; CODE XREF: sub_401610+BC1�p
; DATA XREF: sub_401610+BC1�r
; BOOL __stdcall DeleteObject(HGDIOBJ ho)
extrn DeleteObject:dword ; CODE XREF: sub_401000+ED�p
; sub_401000+165�p ...
; HBRUSH __stdcall CreateBrushIndirect(const LOGBRUSH *plbrush)
extrn CreateBrushIndirect:dword ; CODE XREF: sub_401000+CF�p
; sub_40403F+95�p
; DATA XREF: ...
; HFONT __stdcall CreateFontIndirectA(const LOGFONTA *lplf)
extrn CreateFontIndirectA:dword ; CODE XREF: sub_401000+105�p
; sub_401610+C24�p
; DATA XREF: ...
; int __stdcall SetBkMode(HDC hdc,int mode)
extrn SetBkMode:dword ; CODE XREF: sub_401000+126�p
; sub_40403F+4E�p
; DATA XREF: ...
; COLORREF __stdcall SetTextColor(HDC hdc,COLORREF color)
extrn SetTextColor:dword ; CODE XREF: sub_401000+130�p
; sub_40403F+42�p
; DATA XREF: ...
; COLORREF __stdcall SetBkColor(HDC hdc,COLORREF color)
extrn SetBkColor:dword ; CODE XREF: sub_40403F+71�p
; DATA XREF: sub_40403F+71�r
; HGDIOBJ __stdcall SelectObject(HDC hdc,HGDIOBJ h)
extrn SelectObject:dword ; CODE XREF: sub_401000+140�p
; sub_401000+160�p
; DATA XREF: ...
;
; Imports from KERNEL32.dll
;
; DWORD __stdcall FormatMessageA(DWORD dwFlags,LPCVOID lpSource,DWORD dwMessageId,DWORD dwLanguageId,LPSTR lpBuffer,DWORD nSize,va_list *Arguments)
extrn FormatMessageA:dword ; CODE XREF: sub_401610+EFC�p
; sub_401610+FBB�p
; DATA XREF: ...
; DWORD __stdcall GetLastError()
extrn GetLastError:dword ; CODE XREF: sub_401610+EEC�p
; sub_401610+FB5�p
; DATA XREF: ...
; HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)
extrn GetModuleHandleA:dword ; CODE XREF: sub_401610+ECC�p
; start+97�p ...
; UINT __stdcall SetErrorMode(UINT uMode)
extrn SetErrorMode:dword ; CODE XREF: sub_401610+E9B�p
; sub_401610+FED�p ...
; BOOL __stdcall GetExitCodeProcess(HANDLE hProcess,LPDWORD lpExitCode)
extrn GetExitCodeProcess:dword ; CODE XREF: sub_401610+D93�p
; sub_401610+1A1D�p
; DATA XREF: ...
; DWORD __stdcall WaitForSingleObject(HANDLE hHandle,DWORD dwMilliseconds)
extrn WaitForSingleObject:dword ; CODE XREF: sub_401610+D4A�p
; sub_401610+D82�p ...
; DWORD __stdcall ExpandEnvironmentStringsA(LPCSTR lpSrc,LPSTR lpDst,DWORD nSize)
extrn ExpandEnvironmentStringsA:dword ; CODE XREF: sub_401610:loc_401E92�p
; DATA XREF: sub_401610:loc_401E92�r
; DWORD __stdcall GetEnvironmentVariableA(LPCSTR lpName,LPSTR lpBuffer,DWORD nSize)
extrn GetEnvironmentVariableA:dword ; CODE XREF: sub_401610+871�p
; DATA XREF: sub_401610+871�r
; int __stdcall lstrcmpiA(LPCSTR lpString1,LPCSTR lpString2)
extrn lstrcmpiA:dword ; CODE XREF: sub_401610+84D�p
; start+33D�p ...
; BOOL __stdcall CloseHandle(HANDLE hObject)
extrn CloseHandle:dword ; CODE XREF: sub_401610+6D7�p
; sub_401610:loc_402BAD�p ...
; BOOL __stdcall SetFileTime(HANDLE hFile,const FILETIME *lpCreationTime,const FILETIME *lpLastAccessTime,const FILETIME *lpLastWriteTime)
extrn SetFileTime:dword ; CODE XREF: sub_401610+6CE�p
; DATA XREF: sub_401610+6CE�r
; DWORD __stdcall GetFileAttributesA(LPCSTR lpFileName)
extrn GetFileAttributesA:dword ; CODE XREF: sub_401610+599�p
; sub_405A5A+92�p ...
; LONG __stdcall CompareFileTime(const FILETIME *lpFileTime1,const FILETIME *lpFileTime2)
extrn CompareFileTime:dword ; CODE XREF: sub_401610+575�p
; DATA XREF: sub_401610+575�r
; DWORD __stdcall SearchPathA(LPCSTR lpPath,LPCSTR lpFileName,LPCSTR lpExtension,DWORD nBufferLength,LPSTR lpBuffer,LPSTR *lpFilePart)
extrn SearchPathA:dword ; CODE XREF: sub_401610+3FC�p
; DATA XREF: sub_401610+3FC�r
; DWORD __stdcall GetShortPathNameA(LPCSTR lpszLongPath,LPSTR lpszShortPath,DWORD cchBuffer)
extrn GetShortPathNameA:dword ; CODE XREF: sub_401610+3DA�p
; sub_406357+6D�p ...
; DWORD __stdcall GetFullPathNameA(LPCSTR lpFileName,DWORD nBufferLength,LPSTR lpBuffer,LPSTR *lpFilePart)
extrn GetFullPathNameA:dword ; CODE XREF: sub_401610+395�p
; DATA XREF: sub_401610+395�r
; BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName)
extrn MoveFileA:dword ; CODE XREF: sub_401610+330�p
; DATA XREF: sub_401610+330�r
; LPSTR __stdcall lstrcatA(LPSTR lpString1,LPCSTR lpString2)
extrn lstrcatA:dword ; CODE XREF: sub_401610+319�p
; sub_401610+31D�p ...
; BOOL __stdcall SetCurrentDirectoryA(LPCSTR lpPathName)
extrn SetCurrentDirectoryA:dword ; CODE XREF: sub_401610+27C�p
; DATA XREF: sub_401610+27C�r
; BOOL __stdcall SetFileAttributesA(LPCSTR lpFileName,DWORD dwFileAttributes)
extrn SetFileAttributesA:dword ; CODE XREF: sub_401610+20E�p
; sub_401610+5A4�p ...
; void __stdcall Sleep(DWORD dwMilliseconds)
extrn Sleep:dword ; CODE XREF: sub_401610+15C�p
; DATA XREF: sub_401610+15C�r
; DWORD __stdcall GetTickCount()
extrn GetTickCount:dword ; CODE XREF: sub_403420+D�p
; sub_403420:loc_403513�p ...
; HANDLE __stdcall CreateFileA(LPCSTR lpFileName,DWORD dwDesiredAccess,DWORD dwShareMode,LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition,DWORD dwFlagsAndAttributes,HANDLE hTemplateFile)
extrn CreateFileA:dword ; CODE XREF: sub_403756+213�p
; sub_405E7A+26�p ...
; DWORD __stdcall GetFileSize(HANDLE hFile,LPDWORD lpFileSizeHigh)
extrn GetFileSize:dword ; CODE XREF: sub_403756+68�p
; sub_406357+106�p
; DATA XREF: ...
; HMODULE __stdcall LoadLibraryA(LPCSTR lpLibFileName)
extrn LoadLibraryA:dword ; CODE XREF: sub_401610+F1E�p
; sub_405A5A+1D9�p ...
; BOOL __stdcall CreateDirectoryA(LPCSTR lpPathName,LPSECURITY_ATTRIBUTES lpSecurityAttributes)
extrn CreateDirectoryA:dword ; CODE XREF: sub_403A62+21�p
; start+1C1�p ...
; void __stdcall ExitProcess(UINT uExitCode)
extrn ExitProcess:dword ; CODE XREF: start:loc_403F86�p
; DATA XREF: start:loc_403F86�r
; HANDLE __stdcall GetCurrentProcess()
extrn GetCurrentProcess:dword ; CODE XREF: start+43B�p
; DATA XREF: start+43B�r
; BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName,LPCSTR lpNewFileName,BOOL bFailIfExists)
extrn CopyFileA:dword ; CODE XREF: start+34F�p
; DATA XREF: start+34F�r
; LPSTR __stdcall lstrcpynA(LPSTR lpString1,LPCSTR lpString2,int iMaxLength)
extrn lstrcpynA:dword ; CODE XREF: start+93�p start+1AC�p ...
; LPSTR __stdcall GetCommandLineA()
extrn GetCommandLineA:dword ; CODE XREF: start+85�p
; DATA XREF: start+85�r
; UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetWindowsDirectoryA:dword ; CODE XREF: start+59�p
; sub_406357+CD�p ...
; DWORD __stdcall GetTempPathA(DWORD nBufferLength,LPSTR lpBuffer)
extrn GetTempPathA:dword ; CODE XREF: start+44�p
; DATA XREF: start+44�r
; LANGID __stdcall GetUserDefaultLangID()
extrn GetUserDefaultLangID:dword ; CODE XREF: sub_40410B:loc_40412A�p
; DATA XREF: sub_40410B:loc_40412A�r
; BOOL __stdcall GetDiskFreeSpaceA(LPCSTR lpRootPathName,LPDWORD lpSectorsPerCluster,LPDWORD lpBytesPerSector,LPDWORD lpNumberOfFreeClusters,LPDWORD lpTotalNumberOfClusters)
extrn GetDiskFreeSpaceA:dword ; CODE XREF: sub_40463C+25A�p
; DATA XREF: sub_40463C+25A�r
; BOOL __stdcall GlobalUnlock(HGLOBAL hMem)
extrn GlobalUnlock:dword ; CODE XREF: sub_405202+377�p
; DATA XREF: sub_405202+377�r
; LPVOID __stdcall GlobalLock(HGLOBAL hMem)
extrn GlobalLock:dword ; CODE XREF: sub_405202+33E�p
; DATA XREF: sub_405202+33E�r
; HGLOBAL __stdcall GlobalAlloc(UINT uFlags,SIZE_T dwBytes)
extrn GlobalAlloc:dword ; CODE XREF: sub_405202+334�p
; sub_405DBB+6�p ...
; HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId)
extrn CreateThread:dword ; CODE XREF: sub_405202+1E0�p
; DATA XREF: sub_405202+1E0�r
; BOOL __stdcall CreateProcessA(LPCSTR lpApplicationName,LPSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCSTR lpCurrentDirectory,LPSTARTUPINFOA lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
extrn CreateProcessA:dword ; CODE XREF: sub_405D01+3C�p
; DATA XREF: sub_405D01+3C�r
; UINT __stdcall GetTempFileNameA(LPCSTR lpPathName,LPCSTR lpPrefixString,UINT uUnique,LPSTR lpTempFileName)
extrn GetTempFileNameA:dword ; CODE XREF: sub_405EA9+2D�p
; DATA XREF: sub_405EA9+2D�r
; LPSTR __stdcall lstrcpyA(LPSTR lpString1,LPCSTR lpString2)
extrn __imp_lstrcpyA:dword ; CODE XREF: sub_40622D+B�p
; sub_406357+8B�p ...
; int __stdcall lstrlenA(LPCSTR lpString)
extrn __imp_lstrlenA:dword ; CODE XREF: sub_4060AD+85�p
; sub_4061A6+6�p ...
; BOOL __stdcall SetEndOfFile(HANDLE hFile)
extrn SetEndOfFile:dword ; CODE XREF: sub_406357+243�p
; DATA XREF: sub_406357+243�r
; BOOL __stdcall UnmapViewOfFile(LPCVOID lpBaseAddress)
extrn UnmapViewOfFile:dword ; CODE XREF: sub_406357+1F6�p
; sub_406357+222�p
; DATA XREF: ...
; LPVOID __stdcall MapViewOfFile(HANDLE hFileMappingObject,DWORD dwDesiredAccess,DWORD dwFileOffsetHigh,DWORD dwFileOffsetLow,SIZE_T dwNumberOfBytesToMap)
extrn MapViewOfFile:dword ; CODE XREF: sub_406357+13F�p
; DATA XREF: sub_406357+13F�r
; HANDLE __stdcall CreateFileMappingA(HANDLE hFile,LPSECURITY_ATTRIBUTES lpFileMappingAttributes,DWORD flProtect,DWORD dwMaximumSizeHigh,DWORD dwMaximumSizeLow,LPCSTR lpName)
extrn CreateFileMappingA:dword ; CODE XREF: sub_406357+125�p
; DATA XREF: sub_406357+125�r
; UINT __stdcall GetSystemDirectoryA(LPSTR lpBuffer,UINT uSize)
extrn GetSystemDirectoryA:dword ; CODE XREF: sub_4065B7+114�p
; DATA XREF: sub_4065B7+114�r
; BOOL __stdcall RemoveDirectoryA(LPCSTR lpPathName)
extrn RemoveDirectoryA:dword ; CODE XREF: sub_4067E6+1A6�p
; DATA XREF: sub_4067E6+1A6�r
; int __stdcall MulDiv(int nNumber,int nNumerator,int nDenominator)
extrn MulDiv:dword ; CODE XREF: sub_4013E7+B5�p
; sub_401610+BD1�p ...
; BOOL __stdcall DeleteFileA(LPCSTR lpFileName)
extrn DeleteFileA:dword ; CODE XREF: sub_401610+196C�p
; start+7E�p ...
; FARPROC __stdcall GetProcAddress(HMODULE hModule,LPCSTR lpProcName)
extrn GetProcAddress:dword ; CODE XREF: sub_401610+F34�p
; start+40C�p ...
; BOOL __stdcall FreeLibrary(HMODULE hLibModule)
extrn FreeLibrary:dword ; CODE XREF: sub_401610+FA0�p
; DATA XREF: sub_401610+FA0�r
; int __stdcall MultiByteToWideChar(UINT CodePage,DWORD dwFlags,LPCSTR lpMultiByteStr,int cbMultiByte,LPWSTR lpWideCharStr,int cchWideChar)
extrn MultiByteToWideChar:dword ; CODE XREF: sub_401610+1135�p
; DATA XREF: sub_401610+1135�r
; BOOL __stdcall WritePrivateProfileStringA(LPCSTR lpAppName,LPCSTR lpKeyName,LPCSTR lpString,LPCSTR lpFileName)
extrn WritePrivateProfileStringA:dword ; CODE XREF: sub_401610+12AF�p
; DATA XREF: sub_401610+12AF�r
; HGLOBAL __stdcall GlobalFree(HGLOBAL hMem)
extrn GlobalFree:dword ; CODE XREF: sub_401610+1911�p
; sub_401610+1930�p ...
; DWORD __stdcall GetPrivateProfileStringA(LPCSTR lpAppName,LPCSTR lpKeyName,LPCSTR lpDefault,LPSTR lpReturnedString,DWORD nSize,LPCSTR lpFileName)
extrn GetPrivateProfileStringA:dword ; CODE XREF: sub_401610+12ED�p
; DATA XREF: sub_401610+12ED�r
; BOOL __stdcall WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
extrn WriteFile:dword ; CODE XREF: sub_401610+160F�p
; sub_401610+1927�p ...
; BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead,LPOVERLAPPED lpOverlapped)
extrn ReadFile:dword ; CODE XREF: sub_401610+1664�p
; sub_4033D7+17�p ...
; DWORD __stdcall SetFilePointer(HANDLE hFile,LONG lDistanceToMove,PLONG lpDistanceToMoveHigh,DWORD dwMoveMethod)
extrn SetFilePointer:dword ; CODE XREF: sub_401610+16C8�p
; sub_401610+16F7�p ...
; BOOL __stdcall FindClose(HANDLE hFindFile)
extrn FindClose:dword ; CODE XREF: sub_401610+171C�p
; sub_406168+2C�p ...
; BOOL __stdcall FindNextFileA(HANDLE hFindFile,LPWIN32_FIND_DATAA lpFindFileData)
extrn FindNextFileA:dword ; CODE XREF: sub_401610+173E�p
; sub_4067E6+166�p
; DATA XREF: ...
; HANDLE __stdcall FindFirstFileA(LPCSTR lpFileName,LPWIN32_FIND_DATAA lpFindFileData)
extrn FindFirstFileA:dword ; CODE XREF: sub_401610+1769�p
; sub_406168+1A�p ...
; DWORD __stdcall GetModuleFileNameA(HMODULE hModule,LPCH lpFilename,DWORD nSize)
extrn GetModuleFileNameA:dword ; CODE XREF: sub_403756+36�p
; start+32B�p
; DATA XREF: ...
;
; Imports from SHELL32.dll
;
; HINSTANCE __stdcall ShellExecuteA(HWND hwnd,LPCSTR lpOperation,LPCSTR lpFile,LPCSTR lpParameters,LPCSTR lpDirectory,INT nShowCmd)
extrn ShellExecuteA:dword ; CODE XREF: sub_401610+CC8�p
; sub_40428C+211�p
; DATA XREF: ...
; LPITEMIDLIST __stdcall SHBrowseForFolderA(LPBROWSEINFOA lpbi)
extrn SHBrowseForFolderA:dword ; CODE XREF: sub_40463C+15B�p
; DATA XREF: sub_40463C+15B�r
; HRESULT __stdcall SHGetMalloc(IMalloc **ppMalloc)
extrn SHGetMalloc:dword ; CODE XREF: sub_405CD6+8�p
; DATA XREF: sub_405CD6+8�r
; HRESULT __stdcall SHGetSpecialFolderLocation(HWND hwnd,int csidl,LPITEMIDLIST *ppidl)
extrn SHGetSpecialFolderLocation:dword ; CODE XREF: sub_4065B7+151�p
; DATA XREF: sub_4065B7+151�r
; int __stdcall SHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp)
extrn SHFileOperationA:dword ; CODE XREF: sub_401610+11ED�p
; DATA XREF: sub_401610+11ED�r
; BOOL __stdcall SHGetPathFromIDListA(LPCITEMIDLIST pidl,LPSTR pszPath)
extrn SHGetPathFromIDListA:dword ; CODE XREF: sub_4041F2+38�p
; sub_4065B7+160�p
; DATA XREF: ...
;
; Imports from USER32.dll
;
; void __stdcall PostQuitMessage(int nExitCode)
extrn PostQuitMessage:dword ; CODE XREF: sub_401610+AB�p
; DATA XREF: sub_401610+AB�r
; BOOL __stdcall SetWindowTextA(HWND hWnd,LPCSTR lpString)
extrn SetWindowTextA:dword ; CODE XREF: DialogFunc+72�p
; sub_40410B+B2�p ...
; UINT_PTR __stdcall SetTimer(HWND hWnd,UINT_PTR nIDEvent,UINT uElapse,TIMERPROC lpTimerFunc)
extrn SetTimer:dword ; CODE XREF: DialogFunc+20�p
; DATA XREF: DialogFunc+20�r
; BOOL __stdcall DestroyWindow(HWND hWnd)
extrn DestroyWindow:dword ; CODE XREF: sub_403420+1EB�p
; sub_403756+195�p ...
; HWND __stdcall CreateDialogParamA(HINSTANCE hInstance,LPCSTR lpTemplateName,HWND hWndParent,DLGPROC lpDialogFunc,LPARAM dwInitParam)
extrn CreateDialogParamA:dword ; CODE XREF: sub_403420+11C�p
; sub_403756+15B�p ...
; BOOL __stdcall ExitWindowsEx(UINT uFlags,DWORD dwReason)
extrn ExitWindowsEx:dword ; CODE XREF: start+479�p
; DATA XREF: start+479�r
; LPSTR __stdcall CharNextA(LPCSTR lpsz)
extrn CharNextA:dword ; CODE XREF: start+C0�p sub_405DCA+D�p ...
; DWORD __stdcall GetSysColor(int nIndex)
extrn GetSysColor:dword ; CODE XREF: sub_40403F+36�p
; sub_40403F+61�p ...
; LONG __stdcall GetWindowLongA(HWND hWnd,int nIndex)
extrn GetWindowLongA:dword ; CODE XREF: sub_40403F+1A�p
; sub_404A94+229�p
; DATA XREF: ...
; HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance,LPCSTR lpCursorName)
extrn LoadCursorA:dword ; CODE XREF: sub_40428C+1FB�p
; sub_40428C+21E�p ...
; HCURSOR __stdcall SetCursor(HCURSOR hCursor)
extrn SetCursor:dword ; CODE XREF: sub_40428C+1FE�p
; sub_40428C+221�p ...
; BOOL __stdcall CheckDlgButton(HWND hDlg,int nIDButton,UINT uCheck)
extrn CheckDlgButton:dword ; CODE XREF: sub_40428C+88�p
; DATA XREF: sub_40428C+88�r
; SHORT __stdcall GetAsyncKeyState(int vKey)
extrn GetAsyncKeyState:dword ; CODE XREF: sub_40463C+65�p
; DATA XREF: sub_40463C+65�r
; UINT __stdcall IsDlgButtonChecked(HWND hDlg,int nIDButton)
extrn IsDlgButtonChecked:dword ; CODE XREF: sub_40463C+4B�p
; DATA XREF: sub_40463C+4B�r
; BOOL __stdcall ScreenToClient(HWND hWnd,LPPOINT lpPoint)
extrn ScreenToClient:dword ; CODE XREF: sub_404961+22�p
; sub_405597+42E�p
; DATA XREF: ...
; DWORD __stdcall GetMessagePos()
extrn GetMessagePos:dword ; CODE XREF: sub_404961+6�p
; DATA XREF: sub_404961+6�r
; LRESULT __stdcall CallWindowProcA(WNDPROC lpPrevWndFunc,HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn CallWindowProcA:dword ; CODE XREF: sub_4049AD+DB�p
; DATA XREF: sub_4049AD+DB�r
; BOOL __stdcall IsWindowVisible(HWND hWnd)
extrn IsWindowVisible:dword ; CODE XREF: sub_4049AD+4C�p
; DATA XREF: sub_4049AD+4C�r
; HBITMAP __stdcall LoadBitmapA(HINSTANCE hInstance,LPCSTR lpBitmapName)
extrn LoadBitmapA:dword ; CODE XREF: sub_404A94+83�p
; DATA XREF: sub_404A94+83�r
; BOOL __stdcall CloseClipboard()
extrn CloseClipboard:dword ; CODE XREF: sub_405202+388�p
; DATA XREF: sub_405202+388�r
; HANDLE __stdcall SetClipboardData(UINT uFormat,HANDLE hMem)
extrn SetClipboardData:dword ; CODE XREF: sub_405202+382�p
; DATA XREF: sub_405202+382�r
; BOOL __stdcall EmptyClipboard()
extrn EmptyClipboard:dword ; CODE XREF: sub_405202+32B�p
; DATA XREF: sub_405202+32B�r
; BOOL __stdcall OpenClipboard(HWND hWndNewOwner)
extrn OpenClipboard:dword ; CODE XREF: sub_405202+325�p
; DATA XREF: sub_405202+325�r
; BOOL __stdcall TrackPopupMenu(HMENU hMenu,UINT uFlags,int x,int y,int nReserved,HWND hWnd,const RECT *prcRect)
extrn TrackPopupMenu:dword ; CODE XREF: sub_405202+2E3�p
; DATA XREF: sub_405202+2E3�r
; BOOL __stdcall GetWindowRect(HWND hWnd,LPRECT lpRect)
extrn GetWindowRect:dword ; CODE XREF: sub_405202+2C1�p
; sub_405597+422�p
; DATA XREF: ...
; BOOL __stdcall AppendMenuA(HMENU hMenu,UINT uFlags,UINT_PTR uIDNewItem,LPCSTR lpNewItem)
extrn AppendMenuA:dword ; CODE XREF: sub_405202+2AE�p
; DATA XREF: sub_405202+2AE�r
; HMENU __stdcall CreatePopupMenu()
extrn CreatePopupMenu:dword ; CODE XREF: sub_405202+299�p
; DATA XREF: sub_405202+299�r
; int __stdcall GetSystemMetrics(int nIndex)
extrn GetSystemMetrics:dword ; CODE XREF: sub_405202+CE�p
; DATA XREF: sub_405202+CE�r
; BOOL __stdcall EndDialog(HWND hDlg,INT_PTR nResult)
extrn EndDialog:dword ; CODE XREF: sub_405597+48C�p
; DATA XREF: sub_405597+48C�r
; DWORD __stdcall SetClassLongA(HWND hWnd,int nIndex,LONG dwNewLong)
extrn SetClassLongA:dword ; CODE XREF: sub_405597+1D0�p
; DATA XREF: sub_405597+1D0�r
; BOOL __stdcall IsWindowEnabled(HWND hWnd)
extrn IsWindowEnabled:dword ; CODE XREF: sub_405597+B6�p
; sub_405597+103�p
; DATA XREF: ...
; BOOL __stdcall SetWindowPos(HWND hWnd,HWND hWndInsertAfter,int X,int Y,int cx,int cy,UINT uFlags)
extrn SetWindowPos:dword ; CODE XREF: sub_405597+3C�p
; sub_405597+449�p
; DATA XREF: ...
; INT_PTR __stdcall DialogBoxParamA(HINSTANCE hInstance,LPCSTR lpTemplateName,HWND hWndParent,DLGPROC lpDialogFunc,LPARAM dwInitParam)
extrn DialogBoxParamA:dword ; CODE XREF: sub_405A5A+237�p
; DATA XREF: sub_405A5A+237�r
; BOOL __stdcall GetClassInfoA(HINSTANCE hInstance,LPCSTR lpClassName,LPWNDCLASSA lpWndClass)
extrn GetClassInfoA:dword ; CODE XREF: sub_405A5A+1F9�p
; sub_405A5A+208�p
; DATA XREF: ...
; HWND __stdcall CreateWindowExA(DWORD dwExStyle,LPCSTR lpClassName,LPCSTR lpWindowName,DWORD dwStyle,int X,int Y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE hInstance,LPVOID lpParam)
extrn CreateWindowExA:dword ; CODE XREF: sub_405A5A+191�p
; DATA XREF: sub_405A5A+191�r
; BOOL __stdcall SystemParametersInfoA(UINT uiAction,UINT uiParam,PVOID pvParam,UINT fWinIni)
extrn SystemParametersInfoA:dword ; CODE XREF: sub_405A5A+158�p
; DATA XREF: sub_405A5A+158�r
; ATOM __stdcall RegisterClassA(const WNDCLASSA *lpWndClass)
extrn RegisterClassA:dword ; CODE XREF: sub_405A5A+140�p
; sub_405A5A+218�p
; DATA XREF: ...
; BOOL __stdcall SetDlgItemTextA(HWND hDlg,int nIDDlgItem,LPCSTR lpString)
extrn __imp_SetDlgItemTextA:dword ; DATA XREF: SetDlgItemTextA�r
; UINT __stdcall GetDlgItemTextA(HWND hDlg,int nIDDlgItem,LPSTR lpString,int cchMax)
extrn GetDlgItemTextA:dword ; CODE XREF: sub_405D5D+13�p
; DATA XREF: sub_405D5D+13�r
; int __stdcall MessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
extrn MessageBoxA:dword ; CODE XREF: sub_405D79+39�p
; DATA XREF: sub_405D79+39�r
; int __stdcall wvsprintfA(LPSTR,LPCSTR,va_list arglist)
extrn wvsprintfA:dword ; CODE XREF: sub_40614C+E�p
; DATA XREF: sub_40614C+E�r
; BOOL __stdcall SetForegroundWindow(HWND hWnd)
extrn SetForegroundWindow:dword ; CODE XREF: sub_401610+175�p
; DATA XREF: sub_401610+175�r
; BOOL __stdcall ShowWindow(HWND hWnd,int nCmdShow)
extrn ShowWindow:dword ; CODE XREF: sub_401610+1D4�p
; sub_401610+1E8�p ...
; LPSTR __stdcall CharPrevA(LPCSTR lpszStart,LPCSTR lpszCurrent)
extrn CharPrevA:dword ; CODE XREF: sub_401610+4D9�p
; sub_401610+1821�p ...
; int wsprintfA(LPSTR,LPCSTR,...)
extrn wsprintfA:dword ; CODE XREF: sub_401610+972�p
; sub_401610+C9A�p ...
; LRESULT __stdcall SendMessageTimeoutA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam,UINT fuFlags,UINT uTimeout,PDWORD_PTR lpdwResult)
extrn SendMessageTimeoutA:dword ; CODE XREF: sub_401610+A9C�p
; DATA XREF: sub_401610+A9C�r
; HWND __stdcall FindWindowExA(HWND hWndParent,HWND hWndChildAfter,LPCSTR lpszClass,LPCSTR lpszWindow)
extrn FindWindowExA:dword ; CODE XREF: sub_401610+AE3�p
; DATA XREF: sub_401610+AE3�r
; BOOL __stdcall IsWindow(HWND hWnd)
extrn IsWindow:dword ; CODE XREF: sub_401610+B06�p
; DATA XREF: sub_401610+B06�r
; HWND __stdcall GetDlgItem(HWND hDlg,int nIDDlgItem)
extrn GetDlgItem:dword ; CODE XREF: sub_401610+B2E�p
; sub_401610+B5A�p ...
; LONG __stdcall SetWindowLongA(HWND hWnd,int nIndex,LONG dwNewLong)
extrn SetWindowLongA:dword ; CODE XREF: sub_401610+B4B�p
; sub_404A94+96�p ...
; HANDLE __stdcall LoadImageA(HINSTANCE hInst,LPCSTR name,UINT type,int cx,int cy,UINT fuLoad)
extrn LoadImageA:dword ; CODE XREF: sub_401610+B8B�p
; sub_405A5A+F9�p
; DATA XREF: ...
; HDC __stdcall GetDC(HWND hWnd)
extrn GetDC:dword ; CODE XREF: sub_401610+BBA�p
; DATA XREF: sub_401610+BBA�r
; BOOL __stdcall EnableWindow(HWND hWnd,BOOL bEnable)
extrn EnableWindow:dword ; CODE XREF: sub_401610:loc_402276�p
; sub_403FFA+A�p ...
; BOOL __stdcall PeekMessageA(LPMSG lpMsg,HWND hWnd,UINT wMsgFilterMin,UINT wMsgFilterMax,UINT wRemoveMsg)
extrn PeekMessageA:dword ; CODE XREF: sub_401610+D77�p
; sub_401610+1A05�p ...
; LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)
extrn DispatchMessageA:dword ; CODE XREF: sub_401610+D65�p
; sub_401610+19F3�p ...
; BOOL __stdcall InvalidateRect(HWND hWnd,const RECT *lpRect,BOOL bErase)
extrn InvalidateRect:dword ; CODE XREF: sub_401610+1BAD�p
; DATA XREF: sub_401610+1BAD�r
; LRESULT __stdcall DefWindowProcA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn DefWindowProcA:dword ; CODE XREF: sub_401000+2C�p
; DATA XREF: sub_401000+2C�r
; HDC __stdcall BeginPaint(HWND hWnd,LPPAINTSTRUCT lpPaint)
extrn BeginPaint:dword ; CODE XREF: sub_401000+47�p
; DATA XREF: sub_401000+47�r
; BOOL __stdcall GetClientRect(HWND hWnd,LPRECT lpRect)
extrn GetClientRect:dword ; CODE XREF: sub_401000+5B�p
; sub_401610+B67�p ...
; int __stdcall FillRect(HDC hDC,const RECT *lprc,HBRUSH hbr)
extrn FillRect:dword ; CODE XREF: sub_401000+E4�p
; DATA XREF: sub_401000+E4�r
; int __stdcall DrawTextA(HDC hdc,LPCSTR lpchText,int cchText,LPRECT lprc,UINT format)
extrn DrawTextA:dword ; CODE XREF: sub_401000+156�p
; DATA XREF: sub_401000+156�r
; BOOL __stdcall EndPaint(HWND hWnd,const PAINTSTRUCT *lpPaint)
extrn EndPaint:dword ; CODE XREF: sub_401000+16E�p
; DATA XREF: sub_401000+16E�r
; LRESULT __stdcall SendMessageA(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
extrn SendMessageA:dword ; CODE XREF: sub_4013E7+C4�p
; sub_401610+AB4�p ...
;
; Imports from VERSION.dll
;
; DWORD __stdcall GetFileVersionInfoSizeA(LPCSTR lptstrFilename,LPDWORD lpdwHandle)
extrn __imp_GetFileVersionInfoSizeA:dword
; DATA XREF: GetFileVersionInfoSizeA�r
; BOOL __stdcall GetFileVersionInfoA(LPCSTR lptstrFilename,DWORD dwHandle,DWORD dwLen,LPVOID lpData)
extrn __imp_GetFileVersionInfoA:dword ; DATA XREF: GetFileVersionInfoA�r
; BOOL __stdcall VerQueryValueA(LPCVOID pBlock,LPCSTR lpSubBlock,LPVOID *lplpBuffer,PUINT puLen)
extrn __imp_VerQueryValueA:dword ; DATA XREF: VerQueryValueA�r
;
; Imports from ole32.dll
;
; void __stdcall OleUninitialize()
extrn OleUninitialize:dword ; CODE XREF: start+2BF�p
; StartAddress+7B�p
; DATA XREF: ...
; HRESULT __stdcall OleInitialize(LPVOID pvReserved)
extrn OleInitialize:dword ; CODE XREF: start+1E�p
; StartAddress+10�p
; DATA XREF: ...
; HRESULT __stdcall CoCreateInstance(const IID *const rclsid,LPUNKNOWN pUnkOuter,DWORD dwClsContext,const IID *const riid,LPVOID *ppv)
extrn CoCreateInstance:dword ; CODE XREF: sub_401610+107E�p
; DATA XREF: sub_401610+107E�r
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 4082A0h
; char aLoggingSetToD[]
aLoggingSetToD db 'logging set to %d',0 ; DATA XREF: sub_401610+1A61�o
align 4
; char aSettingsLoggin[]
aSettingsLoggin db 'settings logging to %d',0 ; DATA XREF: sub_401610+1A53�o
align 4
; char aFileExtracti_0[]
aFileExtracti_0 db 'File Extraction: failed createprocess on uninstaller ("%s")',0
; DATA XREF: sub_401610+1A3D�o
; char aFileExtraction[]
aFileExtraction db 'File Extraction: success ("%s")',0 ; DATA XREF: sub_401610+19C5�o
; char a_?[]
a_? db '" _?=',0 ; DATA XREF: sub_401610+19A6�o
align 10h
; char asc_408330[]
asc_408330 db ' /x "',0 ; DATA XREF: sub_401610+1992�o
align 4
; char aCreatedUninsta[]
aCreatedUninsta db 'created uninstaller: %d, "%s"',0 ; DATA XREF: sub_401610+1952�o
align 4
; char aWriteregErrorC[]
aWriteregErrorC db 'WriteReg: error creating key %d\%s',0 ; DATA XREF: sub_401610+14A5�o
align 4
; char aWriteregbinSet[]
aWriteregbinSet db 'WriteRegBin: set %d\%s\%s with %d bytes',0 ; DATA XREF: sub_401610+1471�o
; char aWriteregdwordS[]
aWriteregdwordS db 'WriteRegDWORD: set %d\%s\%s to %d',0 ; DATA XREF: sub_401610+1443�o
align 4
; char aWriteregstrSet[]
aWriteregstrSet db 'WriteRegStr: set %d\%s\%s to %s',0 ; DATA XREF: sub_401610+1416�o
; char aDeleteregkeyDS[]
aDeleteregkeyDS db 'DeleteRegKey: %d\%s',0 ; DATA XREF: sub_401610+1355�o
; char aDeleteregvalue[]
aDeleteregvalue db 'DeleteRegValue: %d\%s\%s',0 ; DATA XREF: sub_401610+1331�o
align 4
; char aWriteinistrWro[]
aWriteinistrWro db 'WriteINIStr: wrote [%s] %s=%s in %s',0 ; DATA XREF: sub_401610+1298�o
; char aRm[]
aRm db '<RM>',0 ; DATA XREF: sub_401610+1232�o
align 4
; char aCopyfilesSS[]
aCopyfilesSS db 'CopyFiles "%s"->"%s"',0 ; DATA XREF: sub_401610+118B�o
align 10h
; char aCreateshortcut[]
aCreateshortcut db 'CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d'
; DATA XREF: sub_401610+105F�o
db 0
align 4
; char aErrorRegiste_1[]
aErrorRegiste_1 db 'Error registering DLL: Could not initialize OLE',0
; DATA XREF: sub_401610+FE0�o
; char aErrorRegiste_0[]
aErrorRegiste_0 db 'Error registering DLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_401610+FCA�o
align 4
; char aErrorRegisteri[]
aErrorRegisteri db 'Error registering DLL: %s not found in %s',0
; DATA XREF: sub_401610+F8B�o
align 4
; char aRegdllCouldNot[]
aRegdllCouldNot db 'RegDLL: Could not load ',27h,'%s',27h,' -> ',27h,'%s',27h,0
; DATA XREF: sub_401610+F0E�o
; char SubBlock[]
SubBlock: ; DATA XREF: sub_401610+E5B�o
; sub_4061A6+1B�o ...
unicode 0, <\>,0
aExecFailedCrea db 'Exec: failed createprocess ("%s")',0 ; DATA XREF: sub_401610+DC6�o
align 10h
; char aExecSuccessS[]
aExecSuccessS db 'Exec: success ("%s")',0 ; DATA XREF: sub_401610+D33�o
align 4
; char aExecCommandS[]
aExecCommandS db 'Exec: command="%s"',0 ; DATA XREF: sub_401610+D08�o
align 4
; char aExecshellSucce[]
aExecshellSucce db 'ExecShell: success ("%s": file:"%s" params:"%s")',0
; DATA XREF: sub_401610+CEC�o
align 10h
; char aExecshellWarni[]
aExecshellWarni db 'ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d',0
; DATA XREF: sub_401610+CD7�o
align 4
; char aSS[]
aSS db '%s %s',0 ; DATA XREF: sub_401610+C8E�o
align 4
; char aHidewindow[]
aHidewindow db 'HideWindow',0 ; DATA XREF: sub_401610+C48�o
align 10h
; char aPopStackEmpty[]
aPopStackEmpty db 'Pop: stack empty',0 ; DATA XREF: sub_401610+9E2�o
align 4
; char aExchStackDElem[]
aExchStackDElem db 'Exch: stack < %d elements',0 ; DATA XREF: sub_401610+99C�o
align 10h
; char aRmdirS[]
aRmdirS db 'RMDir: "%s"',0 ; DATA XREF: sub_401610+785�o
; char aMessageboxDS[]
aMessageboxDS db 'MessageBox: %d,"%s"',0 ; DATA XREF: sub_401610+742�o
aDeleteS db 'Delete: "%s"',0 ; DATA XREF: sub_401610+72D�o
align 10h
; char aS[]
aS db '%s',0 ; DATA XREF: sub_401610+707�o
; sub_401610+1A90�o
align 4
; char aFileWroteDToS[]
aFileWroteDToS db 'File: wrote %d to "%s"',0 ; DATA XREF: sub_401610+6AC�o
align 4
; char aFileErrorUserC[]
aFileErrorUserC db 'File: error, user cancel',0 ; DATA XREF: sub_401610:loc_401C7D�o
align 4
; char aFileSkippedSOv[]
aFileSkippedSOv db 'File: skipped: "%s" (overwriteflag=%d)',0 ; DATA XREF: sub_401610+65B�o
align 10h
; char aFileErrorUserA[]
aFileErrorUserA db 'File: error, user abort',0 ; DATA XREF: sub_401610+62E�o
; char aFileErrorUserR[]
aFileErrorUserR db 'File: error, user retry',0 ; DATA XREF: sub_401610+61B�o
; char aFileErrorCreat[]
aFileErrorCreat db 'File: error creating "%s"',0 ; DATA XREF: sub_401610+5D3�o
align 4
; char aFileOverwritef[]
aFileOverwritef db 'File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"',0
; DATA XREF: sub_401610+50E�o
align 4
aRenameFailedS db 'Rename failed: %s',0 ; DATA XREF: sub_401610+376�o
align 4
aRenameOnReboot db 'Rename on reboot: %s',0 ; DATA XREF: sub_401610+364�o
align 4
; char aRenameS[]
aRenameS db 'Rename: %s',0 ; DATA XREF: sub_401610+320�o
align 10h
; char String2[]
String2 db '->',0 ; DATA XREF: sub_401610+313�o
align 4
; char aIffileexists_0[]
aIffileexists_0 db 'IfFileExists: file "%s" does not exist, jumping %d',0
; DATA XREF: sub_401610+2BB�o
align 4
; char aIffileexistsFi[]
aIffileexistsFi db 'IfFileExists: file "%s" exists, jumping %d',0
; DATA XREF: sub_401610+2A5�o
align 4
; char aCreatedirector[]
aCreatedirector db 'CreateDirectory: "%s" (%d)',0 ; DATA XREF: sub_401610+240�o
align 10h
; char aSetfileattri_0[]
aSetfileattri_0 db 'SetFileAttributes failed.',0 ; DATA XREF: sub_401610+21C�o
align 4
; char aSetfileattribu[]
aSetfileattribu db 'SetFileAttributes: "%s":%08X',0 ; DATA XREF: sub_401610+1FD�o
align 4
; char aBringtofront[]
aBringtofront db 'BringToFront',0 ; DATA XREF: sub_401610:loc_401777�o
align 4
; char aSleepD[]
aSleepD db 'Sleep(%d)',0 ; DATA XREF: sub_401610+147�o
align 4
; char aDetailprintS[]
aDetailprintS db 'detailprint: %s',0 ; DATA XREF: sub_401610+123�o
; char aCallD[]
aCallD db 'Call: %d',0 ; DATA XREF: sub_401610+D5�o
align 4
; char aAbortingS[]
aAbortingS db 'Aborting: "%s"',0 ; DATA XREF: sub_401610+7F�o
align 4
; char aJumpD[]
aJumpD db 'Jump: %d',0 ; DATA XREF: sub_401610+63�o
align 10h
; char a___D[]
a___D db '... %d%%',0 ; DATA XREF: DialogFunc+97�o
align 4
aUnpackingDataD db 'unpacking data: %d%%',0 ; DATA XREF: sub_403420+108�o
align 8
aTheInstallerYo db 'The installer you are trying to use is corrupted or incomplete.',0Ah
; DATA XREF: sub_403756:loc_4039F6�o
db 'This could be the result of a damaged disk, a failed download or '
db 'a virus.',0Ah
db 0Ah
db 'You may want to contact the author of this installer to obtain a '
db 'new copy.',0Ah
db 0Ah
db 'It may be possible to skip this check using the /NCRC command lin'
db 'e switch',0Ah
db '(NOT RECOMMENDED).',0
align 10h
; char aErrorWritingTe[]
aErrorWritingTe db 'Error writing temporary file. Make sure your temp folder is valid'
; DATA XREF: sub_403756+223�o start+D�o
db '.',0
align 4
aVerifyingInsta db 'verifying installer: %d%%',0 ; DATA XREF: sub_403756+148�o
align 10h
aErrorLaunching db 'Error launching installer',0 ; DATA XREF: sub_403756+56�o
; start+274�o
align 4
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: start+44F�o
; char aAdjusttokenpri[]
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: start+41A�o
align 4
; char aLookupprivileg[]
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: start+40E�o
align 10h
; char ProcName[]
ProcName db 'OpenProcessToken',0 ; DATA XREF: start+406�o
align 4
; char ModuleName[]
ModuleName db 'ADVAPI32.dll',0 ; DATA XREF: start+3ED�o
align 4
; char a_?_0[]
a_?_0 db ' _?=',0 ; DATA XREF: start+394�o
align 4
; char asc_408B0C[]
asc_408B0C db '" ',0 ; DATA XREF: start:loc_403E67�o
align 10h
aOutOfMemory db 'Out of Memory',0 ; DATA XREF: start:loc_403D48�o
align 10h
aExtractionPath db 'Extraction pathname not properly delimited.',0Ah
; DATA XREF: start:loc_403D41�o
db 0Ah
db 'Try using quotes or a shorter path.',0
align 4
; char aCNsis_extractf[]
aCNsis_extractf db 'C:\NSIS_ExtractFiles\',0 ; DATA XREF: start+228�o
align 4
; char aTemp[]
aTemp db '\Temp',0 ; DATA XREF: start+5F�o
align 4
; char aNsisError[]
aNsisError db 'NSIS Error',0 ; DATA XREF: start+24�o
align 10h
; char aInstall_log[]
aInstall_log db 'install.log',0 ; DATA XREF: sub_4040E9�o
; char Operation[]
Operation db 'open',0 ; DATA XREF: sub_40428C+209�o
align 4
; char aU_USS[]
aU_USS db '%u.%u%s%s',0 ; DATA XREF: sub_404578+5A�o
; char word_408BBE[]
word_408BBE dw 0 ; DATA XREF: sub_40463C:loc_4048F7�o
; char aGetdiskfreespa[]
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_40463C+217�o
; char aKernel32_dll[]
aKernel32_dll db 'KERNEL32.dll',0 ; DATA XREF: sub_40463C:loc_40483F�o
; sub_406357+7�o
align 4
; char aSectionS[]
aSectionS db 'Section: "%s"',0 ; DATA XREF: StartAddress+43�o
align 4
; char aSkippingSectio[]
aSkippingSectio db 'Skipping section: "%s"',0 ; DATA XREF: StartAddress+34�o
align 4
; char aNewInstallOfST[]
aNewInstallOfST db 'New install of "%s" to "%s"',0 ; DATA XREF: sub_405202+B2�o
; char a_exe[]
a_exe db '.exe',0 ; DATA XREF: sub_405A5A+81�o
align 10h
; char aD[]
aD db '%d',0 ; DATA XREF: sub_405F5B+4�o
align 4
; char a?[]
a? db '*?|<>/":',0 ; DATA XREF: sub_406009+52�o
align 10h
; char asc_408C40[]
asc_408C40 db 0Dh,0Ah,0 ; DATA XREF: sub_4060AD+6E�o
align 4
; char asc_408C44[]
asc_408C44 db 0Ah ; DATA XREF: sub_406357:loc_4064DD�o
db '[',0
align 4
; char aRename[]
aRename db '[Rename]',0Dh,0Ah,0 ; DATA XREF: sub_406357+14F�o
; sub_406357+15E�o
align 4
; char aWininit_ini[]
aWininit_ini db '\wininit.ini',0 ; DATA XREF: sub_406357+D3�o
align 4
; char aSS_0[]
aSS_0 db '%s=%s',0Dh,0Ah,0 ; DATA XREF: sub_406357+B2�o
; char aNul[]
aNul db 'NUL',0 ; DATA XREF: sub_406357:loc_4063D7�o
; char aMovefileexa[]
aMovefileexa db 'MoveFileExA',0 ; DATA XREF: sub_406357+1A�o
; char aCProgramFiles[]
aCProgramFiles db 'C:\Program Files',0 ; DATA XREF: sub_4065B7+FD�o
align 10h
; char aProgramfilesdi[]
aProgramfilesdi db 'ProgramFilesDir',0 ; DATA XREF: sub_4065B7+E4�o
; char phkResult[]
phkResult db 'Software\Microsoft\Windows\CurrentVersion',0 ; DATA XREF: sub_4065B7+CF�o
; sub_4065B7+E9�o
align 4
; char ValueName[]
ValueName db 'CommonFilesDir',0 ; DATA XREF: sub_4065B7+CA�o
align 4
aMicrosoftInter db '\Microsoft\Internet Explorer\Quick Launch',0 ; DATA XREF: sub_4065B7+B7�o
align 4
; char aRmdirRemoved_1[]
aRmdirRemoved_1 db 'RMDir: RemoveDirectory failed("%s")',0
; DATA XREF: sub_4067E6:loc_4069BA�o
; char aRmdirRemoved_0[]
aRmdirRemoved_0 db 'RMDir: RemoveDirectory on Reboot("%s")',0 ; DATA XREF: sub_4067E6+1B7�o
align 4
; char aRmdirRemovedir[]
aRmdirRemovedir db 'RMDir: RemoveDirectory("%s")',0 ; DATA XREF: sub_4067E6+199�o
align 4
; char aDeleteDelete_1[]
aDeleteDelete_1 db 'Delete: DeleteFile failed("%s")',0 ; DATA XREF: sub_4067E6:loc_406929�o
; char aDeleteDelete_0[]
aDeleteDelete_0 db 'Delete: DeleteFile on Reboot("%s")',0 ; DATA XREF: sub_4067E6+125�o
align 4
; char aDeleteDeletefi[]
aDeleteDeletefi db 'Delete: DeleteFile("%s")',0 ; DATA XREF: sub_4067E6+F6�o
align 4
; char a_[]
a_ db '\*.*',0 ; DATA XREF: sub_4067E6+6A�o
align 4
; IID riid
riid dd 214EEh ; Data1 ; DATA XREF: sub_401610+1070�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
; IID rclsid
rclsid dd 21401h ; Data1 ; DATA XREF: sub_401610+1079�o
dw 0 ; Data2
dw 0 ; Data3
db 0C0h, 6 dup(0), 46h ; Data4
dword_408DFC dd 10Bh, 0 ; DATA XREF: sub_401610+1095�o
dd 0C0h, 46000000h, 8EE8h, 2 dup(0)
dd 919Eh, 8028h, 9140h, 2 dup(0)
dd 91EEh, 8280h, 8F20h, 2 dup(0)
dd 9656h, 8060h, 9040h, 2 dup(0)
dd 9A68h, 8180h, 8EFCh, 2 dup(0)
dd 9AFAh, 803Ch, 8EC0h, 2 dup(0)
dd 9B9Ah, 8000h, 9024h, 2 dup(0)
dd 9C26h, 8164h, 9150h, 2 dup(0)
dd 9C68h, 8290h, 5 dup(0)
dd 9B04h, 9B22h, 9B30h, 9B40h, 9B88h, 9B76h, 9B64h, 9B50h
dd 9B14h, 0
dd 80000011h, 9174h, 9160h, 918Ah, 0
dd 9ADCh, 9ACCh, 9AB6h, 9AA0h, 9A94h, 9A84h, 9AECh, 9A74h
dd 0
dd 92F8h, 930Ah, 931Ah, 932Eh, 933Eh, 9354h, 936Ah, 9386h
dd 93A0h, 93ACh, 93BAh, 93C8h, 93DEh, 93F0h, 93FEh, 9412h
dd 9426h, 9432h, 943Eh, 9456h, 946Ch, 9474h, 9484h, 9492h
dd 92E8h, 94B6h, 94CAh, 94D8h, 94ECh, 94F8h, 9504h, 9516h
dd 952Eh, 953Eh, 9556h, 956Ah, 957Ah, 9588h, 9596h, 95A6h
dd 95B8h, 95CCh, 95D8h, 95E4h, 95F4h, 9606h, 9616h, 962Ch
dd 9642h, 91FAh, 9204h, 92D6h, 92C8h, 92B2h, 9294h, 9212h
dd 9278h, 926Ch, 9260h, 924Eh, 9242h, 9232h, 9220h, 94A0h
dd 0
dd 9BBCh, 9BE4h, 9BFAh, 9C08h, 9BA8h, 9BCCh, 0
dd 97B2h, 97C4h, 97D6h, 97E2h, 97F2h, 9808h, 9818h, 9824h
dd 9832h, 9844h, 9852h, 985Eh, 9870h, 9884h, 989Ah, 98ACh
dd 98BCh, 98CEh, 98E0h, 98EEh, 9900h, 9914h, 9926h, 9936h
dd 9948h, 9958h, 9966h, 9978h, 998Ch, 9998h, 99A8h, 99BAh
dd 99CAh, 99DCh, 99ECh, 99FEh, 9A16h, 9A28h, 9A3Ah, 9A4Ch
dd 9A5Ah, 979Ch, 978Eh, 9782h, 9776h, 9760h, 9750h, 9744h
dd 9736h, 9724h, 9716h, 970Eh, 96FEh, 96EEh, 96DAh, 96C8h
dd 96A6h, 9698h, 9688h, 967Ch, 9670h, 9664h, 96B8h, 0
dd 91D4h, 91BEh, 91ACh, 0
dd 9C46h, 9C58h, 9C32h, 0
dd 6D490038h, 4C656761h, 5F747369h, 74736544h, 796F72h
dd 6D490034h, 4C656761h, 5F747369h, 4D646441h, 656B7361h
dd 370064h, 67616D49h, 73694C65h, 72435F74h, 65746165h
dd 4F430000h, 4C54434Dh, 642E3233h, 6C6Ch, 6556000Ah, 65755172h
dd 61567972h, 4165756Ch, 0
aGetfileversion db 'GetFileVersionInfoA',0
db 1
align 2
aGetfileversi_0 db 'GetFileVersionInfoSizeA',0
aVersion_dll db 'VERSION.dll',0
dw 26Ah
aMuldiv db 'MulDiv',0
align 4
db '|',0
aDeletefilea db 'DeleteFileA',0
dw 1F5h
aGlobalfree db 'GlobalFree',0
align 10h
db '',0
aFindfirstfilea db 'FindFirstFileA',0
align 2
db '',0
aFindnextfilea db 'FindNextFileA',0
db '',0
aFindclose db 'FindClose',0
dw 30Eh
aSetfilepointer db 'SetFilePointer',0
align 10h
db 0A9h ;
db 2, 52h, 65h
aAdfile db 'adFile',0
align 4
db 94h ;
db 3, 57h, 72h
aItefile db 'iteFile',0
db 94h ;
db 1, 47h, 65h
aTprivateprofil db 'tPrivateProfileStringA',0
align 4
db 99h ;
db 3, 57h, 72h
aIteprivateprof db 'itePrivateProfileStringA',0
align 2
dw 26Bh
aMultibytetowid db 'MultiByteToWideChar',0
aQ db '',0
aFreelibrary db 'FreeLibrary',0
dw 198h
aGetprocaddress db 'GetProcAddress',0
align 4
dd 6F4C0248h, 694C6461h, 72617262h, 4179h, 6F4600EAh, 74616D72h
dd 7373654Dh, 41656761h, 1690000h, 4C746547h, 45747361h
dd 726F7272h, 1770000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 3080000h, 45746553h, 726F7272h, 65646F4Dh
dd 1520000h
aGetexitcodepro db 'GetExitCodeProcess',0
align 4
db 83h ;
db 3, 57h, 61h
aItforsingleobj db 'itForSingleObject',0
db '',0
aExpandenvironm db 'ExpandEnvironmentStringsA',0
dw 150h
aGetenvironment db 'GetEnvironmentVariableA',0
db 0B3h ;
db 3, 6Ch, 73h
aTrcmpia db 'trcmpiA',0
a__0 db '.',0
aClosehandle db 'CloseHandle',0
dw 312h
aSetfiletime db 'SetFileTime',0
db 56h ; V
db 1, 47h, 65h
aTfileattribute db 'tFileAttributesA',0
align 2
a3 db '3',0
aComparefiletim db 'CompareFileTime',0
dd 655302CEh, 68637261h, 68746150h, 1AD0041h
aGetshortpathna db 'GetShortPathNameA',0
dw 161h
aGetfullpathnam db 'GetFullPathNameA',0
align 2
dw 264h
aMovefilea db 'MoveFileA',0
dw 3ADh
aLstrcata db 'lstrcatA',0
align 2
dw 2FDh
aSetcurrentdire db 'SetCurrentDirectoryA',0
align 2
dw 30Ch
aSetfileattri_1 db 'SetFileAttributesA',0
align 4
db 47h ; G
db 3, 53h, 6Ch
db 65h ; e
db 65h, 70h, 0
db 0D5h ;
db 1, 47h, 65h
aTtickcount db 'tTickCount',0
align 4
aM db 'M',0
aCreatefilea db 'CreateFileA',0
dw 15Bh
aGetfilesize db 'GetFileSize',0
db 75h ; u
db 1, 47h, 65h
aTmodulefilenam db 'tModuleFileNameA',0
align 2
aE db 'E',0
aCreatedirect_0 db 'CreateDirectoryA',0
align 2
aP db '',0
aExitprocess db 'ExitProcess',0
db 3Ah ; :
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
db '=',0
aCopyfilea db 'CopyFileA',0
dd 736C03B9h, 70637274h, 416E79h, 65470108h, 6D6F4374h
dd 646E616Dh, 656E694Ch, 1E90041h
aGetwindowsdire db 'GetWindowsDirectoryA',0
align 2
dw 1CBh
aGettemppatha db 'GetTempPathA',0
align 2
dw 1DAh
aGetuserdefault db 'GetUserDefaultLangID',0
align 2
dw 145h
aGetdiskfrees_0 db 'GetDiskFreeSpaceA',0
dw 200h
aGlobalunlock db 'GlobalUnlock',0
align 2
dw 1F9h
aGloballock db 'GlobalLock',0
align 4
dd 6C4701EEh, 6C61626Fh, 6F6C6C41h, 690063h, 61657243h
dd 68546574h, 64616572h, 600000h, 61657243h, 72506574h
dd 7365636Fh, 4173h, 654701C9h, 6D655474h, 6C694670h, 6D614E65h
dd 4165h, 736C03B6h, 70637274h, 4179h, 736C03BCh, 656C7274h
dd 416Eh, 65530303h, 646E4574h, 6946664Fh, 656Ch, 6E550363h
dd 5670616Dh, 4F776569h, 6C694666h, 25E0065h, 5670614Dh
dd 4F776569h, 6C694666h, 4E0065h
aCreatefilemapp db 'CreateFileMappingA',0
align 4
db 0B9h ;
db 1, 47h, 65h
aTsystemdirecto db 'tSystemDirectoryA',0
dw 2B8h
aRemovedirector db 'RemoveDirectoryA',0
align 2
aKernel32_dll_0 db 'KERNEL32.dll',0
align 4
db '',0
aEndpaint db 'EndPaint',0
align 10h
db '',0
aDrawtexta db 'DrawTextA',0
aT db '',0
aFillrect db 'FillRect',0
align 4
db 0FFh
align 2
aGetclientrect db 'GetClientRect',0
db 0Dh,0
aBeginpaint db 'BeginPaint',0
align 2
aO db '',0
aDefwindowproca db 'DefWindowProcA',0
align 4
db 3Bh ; ;
db 2, 53h, 65h
aNdmessagea db 'ndMessageA',0
align 4
db 93h ;
db 1, 49h, 6Eh
aValidaterect db 'validateRect',0
align 2
aB db '',0
aDispatchmessag db 'DispatchMessageA',0
align 2
dw 1FFh
aPeekmessagea db 'PeekMessageA',0
align 2
db '',0
aEnablewindow db 'EnableWindow',0
align 2
dw 10Ch
aGetdc db 'GetDC',0
dw 1BFh
aLoadimagea db 'LoadImageA',0
align 4
db 80h ;
db 2, 53h, 65h
aTwindowlonga db 'tWindowLongA',0
align 2
dw 111h
aGetdlgitem db 'GetDlgItem',0
align 4
db 0ADh ;
db 1, 49h, 73h
aWindow db 'Window',0
align 10h
aF db '',0
aFindwindowexa db 'FindWindowExA',0
db 3Eh ; >
db 2, 53h, 65h
aNdmessagetimeo db 'ndMessageTimeoutA',0
dw 2D6h
aWsprintfa db 'wsprintfA',0
db '-',0
aCharpreva db 'CharPrevA',0
dw 292h
aShowwindow db 'ShowWindow',0
align 4
db 57h ; W
db 2, 53h, 65h
aTforegroundwin db 'tForegroundWindow',0
dw 203h
aPostquitmessag db 'PostQuitMessage',0
dd 65530286h, 6E695774h, 54776F64h, 41747865h, 27A0000h
dd 54746553h, 72656D69h, 990000h, 74736544h, 57796F72h
dd 6F646E69h, 550077h
aCreatedialogpa db 'CreateDialogParamA',0
align 4
aS_0 db '',0
aExitwindowsex db 'ExitWindowsEx',0
db '*',0
aCharnexta db 'CharNextA',0
db 5Ah ; Z
db 1, 47h, 65h
aTsyscolor db 'tSysColor',0
dw 16Eh
aGetwindowlonga db 'GetWindowLongA',0
align 4
db 0B9h ;
db 1, 4Ch, 6Fh
aAdcursora db 'adCursorA',0
dw 24Dh
aSetcursor db 'SetCursor',0
a8 db '8',0
aCheckdlgbutton db 'CheckDlgButton',0
align 10h
db 0F2h ;
align 2
aGetasynckeysta db 'GetAsyncKeyState',0
align 4
db 0A3h ;
db 1, 49h, 73h
aDlgbuttoncheck db 'DlgButtonChecked',0
align 2
dw 231h
aScreentoclient db 'ScreenToClient',0
align 4
dd 6547013Ch, 73654D74h, 65676173h, 736F50h, 6143001Bh
dd 69576C6Ch, 776F646Eh, 636F7250h, 1B10041h, 69577349h
dd 776F646Eh, 69736956h, 656C62h, 6F4C01B7h, 69426461h
dd 70616D74h, 420041h, 736F6C43h, 696C4365h, 616F6270h
dd 6472h, 6553024Ah, 696C4374h, 616F6270h, 61446472h, 6174h
dd 6D4500C1h, 43797470h, 6270696Ch, 6472616Fh, 1F50000h
dd 6E65704Fh, 70696C43h, 72616F62h, 2A40064h, 63617254h
dd 706F506Bh, 654D7075h, 756Eh, 65470174h, 6E695774h, 52776F64h
dd 746365h, 70410008h, 646E6570h, 756E654Dh, 5E0041h, 61657243h
dd 6F506574h, 4D707570h, 756E65h, 6547015Dh, 73795374h
dd 4D6D6574h, 69727465h, 7363h, 6E4500C6h, 61694464h, 676F6Ch
dd 65530247h, 616C4374h, 6F4C7373h, 41676Eh, 734901AEh
dd 646E6957h, 6E45776Fh, 656C6261h, 2830064h, 57746553h
dd 6F646E69h, 736F5077h, 9E0000h, 6C616944h, 6F42676Fh
dd 72615078h, 416D61h, 654700F6h, 616C4374h, 6E497373h
dd 416F66h, 72430060h, 65746165h, 646E6957h, 7845776Fh
dd 2990041h
aSystemparamete db 'SystemParametersInfoA',0
dw 216h
aRegisterclassa db 'RegisterClassA',0
align 4
db 53h ; S
db 2, 53h, 65h
aTdlgitemtexta db 'tDlgItemTextA',0
dw 113h
aGetdlgitemtext db 'GetDlgItemTextA',0
db 0DEh ;
db 1, 4Dh, 65h
aSsageboxa db 'ssageBoxA',0
dw 2D8h
aWvsprintfa db 'wvsprintfA',0
align 4
aUser32_dll db 'USER32.dll',0
align 4
db 0Eh
db 2, 53h, 65h
aLectobject db 'lectObject',0
align 4
db 3Ch ; <
db 2, 53h, 65h
aTtextcolor db 'tTextColor',0
align 4
db 16h
db 2, 53h, 65h
aTbkmode db 'tBkMode',0
db ':',0
aCreatefontindi db 'CreateFontIndirectA',0
db ')',0
aCreatebrushind db 'CreateBrushIndirect',0
aP_0 db '',0
aDeleteobject db 'DeleteObject',0
align 4
db 6Bh ; k
db 1, 47h, 65h
aTdevicecaps db 'tDeviceCaps',0
db 15h
db 2, 53h, 65h
aTbkcolor db 'tBkColor',0
align 2
aGdi32_dll db 'GDI32.dll',0
db 0D0h ;
db 1, 52h, 65h
aGdeletekeya db 'gDeleteKeyA',0
db 0C9h ;
db 1, 52h, 65h
aGclosekey db 'gCloseKey',0
dw 1D5h
aRegenumkeya db 'RegEnumKeyA',0
db 0E2h ;
db 1, 52h, 65h
aGopenkeyexa db 'gOpenKeyExA',0
db 0D9h ;
db 1, 52h, 65h
aGenumvaluea db 'gEnumValueA',0
db 0ECh ;
db 1, 52h, 65h
aGqueryvalueexa db 'gQueryValueExA',0
align 4
db 0F9h ;
db 1, 52h, 65h
aGsetvalueexa db 'gSetValueExA',0
align 2
dw 1CDh
aRegcreatekeyex db 'RegCreateKeyExA',0
db 0D2h ;
db 1, 52h, 65h
aGdeletevaluea db 'gDeleteValueA',0
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
db '',0
aShfileoperatio db 'SHFileOperationA',0
align 4
db 6
db 1, 53h, 68h
aEllexecutea db 'ellExecuteA',0
db '',0
aShgetpathfromi db 'SHGetPathFromIDListA',0
align 4
aY db 'y',0
aShbrowseforfol db 'SHBrowseForFolderA',0
align 2
db '',0
aShgetmalloc db 'SHGetMalloc',0
db '',0
aShgetspecialfo db 'SHGetSpecialFolderLocation',0
align 2
aShell32_dll db 'SHELL32.dll',0
dw 10h
aCocreateinstan db 'CoCreateInstance',0
align 2
dw 104h
aOleuninitializ db 'OleUninitialize',0
aA db '',0
aOleinitialize db 'OleInitialize',0
aOle32_dll db 'ole32.dll',0
align 200h
_rdata ends
; Section 3. (virtual address 0000A000)
; Virtual size : 0001C494 ( 115860.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00008800
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 40A000h
off_40A000 dd offset dword_426460 ; DATA XREF: sub_401610:loc_40256D�o
dd offset sub_4013E7
dword_40A008 dd 6 ; DATA XREF: sub_401610+F7�r
; sub_401610+10B�w
; HANDLE hFile
hFile dd 0FFFFFFFFh ; DATA XREF: sub_4033D7+11�r
; sub_403409+8�r ...
; HANDLE dword_40A010
dword_40A010 dd 0FFFFFFFFh ; DATA XREF: sub_403420+46�r
; sub_403420+164�r ...
; char aANsisu__exe[]
aANsisu__exe db 'A~NSISu_.exe',0 ; DATA XREF: start+304�o
; start:loc_403EB0�w ...
align 4
dword_40A024 dd 0FFFFFFFFh ; DATA XREF: sub_405597+A4�r
; sub_405597+120�r ...
; DLGPROC lpDialogFunc
lpDialogFunc dd offset sub_40428C ; DATA XREF: sub_405597+3D6�r
dd offset sub_404A94
dd offset sub_40463C
dd offset sub_405202
dd offset sub_404531
dword_40A03C dd 0FFFFFFFFh ; DATA XREF: sub_4049AD+35�w
; sub_4049AD+90�r ...
dword_40A040 dd 6 ; DATA XREF: sub_401610+FC�w
; sub_401610:loc_401716�r ...
; char ClassName[]
ClassName db 'RichEdit20A',0 ; DATA XREF: sub_405A5A+1F2�o
; sub_405A5A+202�w ...
; char LibFileName[]
LibFileName db 'RichEd20.dll',0 ; DATA XREF: sub_405A5A+1D3�o
; sub_405A5A+1E0�w
align 10h
; HANDLE hObject
hObject dd 0FFFFFFFFh ; DATA XREF: sub_4060AD+B�r
; sub_4060AD:loc_4060C9�w ...
dd 7 dup(0)
dword_40A080 dd 0 ; DATA XREF: sub_40137E+27�w
; sub_40137E+58�r
dword_40A084 dd 0 ; DATA XREF: sub_40137E�r
dd 5Eh dup(0)
dd 0A0h dup(?)
dword_40A480 dd ? ; DATA XREF: sub_401610+982�r
; sub_401610+9BC�r ...
align 8
; char Text[]
Text db 400h dup(?) ; DATA XREF: sub_401508+1D�o
; sub_401610+523�o ...
; CHAR byte_40A888
byte_40A888 db ? ; DATA XREF: sub_4014E1�o
; sub_401610+2E6�o ...
align 4
dd 0FFh dup(?)
; BYTE Data
Data dd ? ; DATA XREF: sub_401610+556�o
; sub_401610+11B8�o ...
dd 2FFh dup(?)
; WCHAR WideCharStr
WideCharStr dw ? ; DATA XREF: sub_401610+1122�o
; sub_401610+112D�w
align 4
dd 1FFh dup(?)
; LOGFONTA lf
lf LOGFONTA <?> ; DATA XREF: sub_401610+BDC�w
; sub_401610+C1F�o
dword_40C0C4 dd ? ; DATA XREF: sub_4014F2�r
; sub_401508:loc_401510�r ...
; char String[]
String db 40h dup(?) ; DATA XREF: DialogFunc+61�o
dword_40C108 dd 2000h dup(?) ; DATA XREF: sub_403756+99�o
; sub_403756+B5�o ...
; char PathName[]
PathName dd 6 dup(?) ; DATA XREF: sub_403420:loc_403546�o
; sub_403756+1DE�o
dword_414120 dd ? ; DATA XREF: sub_403420+8E�w
dword_414124 dd ? ; DATA XREF: sub_403420+94�w
; sub_403420+188�r ...
dword_414128 dd ? ; DATA XREF: sub_403420+12B�w
; sub_403420+14D�r
dword_41412C dd ? ; DATA XREF: sub_403420+135�w
dd 18h dup(?)
dword_414190 dd 2000h dup(?) ; DATA XREF: sub_403420+12B�o
; sub_403420+153�o
; LONG dword_41C190
dword_41C190 dd ? ; DATA XREF: DialogFunc+35�r
; sub_403420+58�w ...
; LPCSTR dword_41C194
dword_41C194 dd ? ; DATA XREF: DialogFunc+2A�w
; DialogFunc+5A�r
; int nDenominator
nDenominator dd ? ; DATA XREF: DialogFunc+3B�r
; sub_403420+52�w ...
align 10h
dword_41C1A0 dd 1000h dup(?) ; DATA XREF: sub_403420+75�o
; sub_40362B+8E�o
; LONG dword_4201A0
dword_4201A0 dd ? ; DATA XREF: sub_403420+13�r
; sub_403420+B9�r ...
dword_4201A4 dd ? ; DATA XREF: sub_403420:loc_40347E�r
; sub_403756+28A�w
; LONG dword_4201A8
dword_4201A8 dd ? ; DATA XREF: sub_403420+33�r
; sub_403420+63�r ...
; LONG lDistanceToMove
lDistanceToMove dd ? ; DATA XREF: sub_403420+19�r
; sub_403420+40�r ...
; LPCSTR lpString
lpString dd ? ; DATA XREF: sub_401610+476�r
; sub_401610+490�r ...
align 8
; CHAR byte_4201B8
byte_4201B8 db ? ; DATA XREF: start+2E8�o start+2F8�w
; char NewFileName[]
NewFileName db 7F4h dup(?) ; DATA XREF: start+2E3�o
dword_4209AD dd ? ; DATA XREF: start+336�r
align 8
; char ExistingFileName[]
ExistingFileName db 400h dup(?) ; DATA XREF: start+2ED�o
dword_420DB8 dd ? ; DATA XREF: sub_404258+9�r
; sub_404258+26�w ...
dword_420DBC dd ? ; DATA XREF: sub_405597+196�w
; sub_405597+1E5�w ...
; WNDPROC lpPrevWndFunc
lpPrevWndFunc dd ? ; DATA XREF: sub_4049AD+D5�r
; sub_404A94+A3�w
dword_420DC4 dd ? ; DATA XREF: sub_40463C:loc_4047DD�w
; sub_40463C+2FD�r ...
; char RootPathName[]
RootPathName db 400h dup(?) ; DATA XREF: sub_40463C+1EB�o
; HWND dword_4211C8
dword_4211C8 dd ? ; DATA XREF: sub_403FD6+7�r
; sub_405597+B0�r ...
; LPARAM lParam
lParam dd ? ; DATA XREF: sub_404A94+B6�w
; sub_404A94+C2�r ...
; HGLOBAL hMem
hMem dd ? ; DATA XREF: sub_404A94+7E�w
; sub_404A94:loc_404C94�r ...
; HWND dword_4211D4
dword_4211D4 dd ? ; DATA XREF: sub_40410B+AC�r
; sub_405597+36�r ...
; const CHAR byte_4211D8
byte_4211D8 db ? ; DATA XREF: sub_40509F+28�o
; sub_40509F+CA�w
align 4
dd 1FFh dup(?)
; char byte_4219D8[]
byte_4219D8 db 1000h dup(?) ; DATA XREF: sub_404578+62�o
; sub_40463C+131�o ...
; HWND dword_4229D8
dword_4229D8 dd ? ; DATA XREF: sub_403FD6+E�r
; sub_403FFA+4�r ...
dword_4229DC dd ? ; DATA XREF: sub_40428C+152�r
; sub_40463C+6�r ...
; INT_PTR nResult
nResult dd ? ; DATA XREF: sub_405202+22A�w
; sub_405597+141�w ...
dword_4229E4 dd ? ; DATA XREF: sub_40428C+112�w
; sub_40428C+146�r ...
dword_4229E8 dd ? ; DATA XREF: sub_401610:loc_40319B�r
; sub_405597:loc_405A29�r ...
align 10h
; char byte_4229F0[]
byte_4229F0 db 400h dup(?) ; DATA XREF: sub_406357+B7�o
; sub_406357+171�o ...
; char byte_422DF0[]
byte_422DF0 db 400h dup(?) ; DATA XREF: sub_406357+92�o
; struct _STARTUPINFOA StartupInfo
StartupInfo _STARTUPINFOA <?> ; DATA XREF: sub_405D01+9�w
; sub_405D01+2B�o
align 8
; char FileName[]
FileName db 400h dup(?) ; DATA XREF: sub_40622D+5�o
; char szShortPath[]
szShortPath dd ? ; DATA XREF: sub_406357+43�w
; sub_406357+66�o ...
dd 0FFh dup(?)
; struct _WIN32_FIND_DATAA FindFileData
FindFileData _WIN32_FIND_DATAA <?> ; DATA XREF: sub_406168+10�o
; char byte_423B78[]
byte_423B78 db 400h dup(?) ; DATA XREF: sub_4067E6+52�o
dword_423F78 dd ? ; DATA XREF: sub_401610+1A66�w
; sub_40463C+51�w ...
align 10h
; char String1[]
String1 db 1000h dup(?) ; DATA XREF: sub_4060AD+73�o
; sub_40614C+9�o
; const CHAR byte_424F80
byte_424F80 db ? ; DATA XREF: sub_40428C+1D7�o
; sub_40463C+183�o ...
; char sz[]
sz db 3 dup(?) ; DATA XREF: sub_405A5A+66�o
dd 1FFh dup(?)
; CHAR byte_425780
byte_425780 db ? ; DATA XREF: sub_4040E9+A�o
; sub_4060AD+2D�r ...
align 4
dd 0FFh dup(?)
; WNDCLASSA WndClass
WndClass WNDCLASSA <?> ; DATA XREF: sub_405A5A+108�o
; sub_405A5A+12B�w
; HWND dword_425BA8
dword_425BA8 dd ? ; DATA XREF: sub_404024�r
; sub_404578+85�r ...
; HWND dword_425BAC
dword_425BAC dd ? ; DATA XREF: sub_401610:loc_4017E9�r
; sub_40509F+6�r ...
; LONG dwNewLong
dwNewLong dd ? ; DATA XREF: sub_405597+1C7�r
; sub_405A5A+FF�w
dword_425BB4 dd ? ; DATA XREF: sub_401610:loc_4016A9�w
; sub_403F8D+7�w ...
; HWND dword_425BB8
dword_425BB8 dd ? ; DATA XREF: sub_40509F+68�r
; sub_405202+78�w
dword_425BBC dd ? ; DATA XREF: sub_40410B+62�w
; sub_405597+3E0�r ...
; HWND hWnd
hWnd dd ? ; DATA XREF: sub_401610:loc_4017D3�r
; sub_405202+69�w ...
dword_425BC4 dd ? ; DATA XREF: sub_4013E7+93�r
; sub_405202+A1�w
dword_425BC8 dd ? ; DATA XREF: sub_40410B+74�w
; sub_40410B:loc_404185�r ...
; int nNumber
nNumber dd ? ; DATA XREF: sub_4013E7+98�w
; sub_4013E7+AF�r ...
dd 4 dup(?)
; char Caption[]
Caption db 800h dup(?) ; DATA XREF: sub_401000+150�o start+29�o ...
; HWND dword_4263E0
dword_4263E0 dd ? ; DATA XREF: sub_401000+19�r
; sub_401610+9�r ...
; HINSTANCE hInstance
hInstance dd ? ; DATA XREF: sub_403420+116�r
; sub_403756+22�r ...
dword_4263E8 dd ? ; DATA XREF: sub_401000+39�r
; sub_4012F3+6�r ...
dd 5 dup(?)
dword_426400 dd ? ; DATA XREF: sub_403756+2F9�o
; sub_405597+1F5�r
dword_426404 dd ? ; DATA XREF: sub_405597+9E�r
; sub_405597+25E�r ...
dword_426408 dd ? ; DATA XREF: sub_40117D+4�r
; sub_4011EF+13�r ...
dword_42640C dd ? ; DATA XREF: sub_40117D+21�r
; sub_40117D+64�r ...
dword_426410 dd ? ; DATA XREF: sub_4013E7:loc_401400�r
align 8
dword_426418 dd ? ; DATA XREF: sub_40428C:loc_4042BD�r
; sub_405A5A+3B�r ...
align 10h
dword_426420 dd ? ; DATA XREF: sub_40410B+41�r
dword_426424 dd ? ; DATA XREF: sub_40410B:loc_404132�r
dword_426428 dd ? ; DATA XREF: sub_401610:loc_402149�r
dd 3 dup(?)
dword_426438 dd ? ; DATA XREF: sub_40362B+10�r
align 10h
dword_426440 dd ? ; DATA XREF: sub_403756+2D7�w
; start+1FE�r ...
dword_426444 dd ? ; DATA XREF: sub_4013E7+31�r
; sub_4013E7+57�r ...
; SIZE_T dwBytes
dwBytes dd ? ; DATA XREF: sub_401610+18A2�r
; sub_403756:loc_4037D3�r ...
dword_42644C dd ? ; DATA XREF: sub_404A94+59�w
; sub_404A94+465�w
dd 4 dup(?)
dword_426460 dd ? ; DATA XREF: sub_401610+18B�w
; sub_401610:loc_4017C6�r ...
dword_426464 dd ? ; DATA XREF: sub_4015C7:loc_4015DC�r
; sub_401610+1369�r ...
dword_426468 dd ? ; DATA XREF: sub_401610+651�w
; sub_401610+677�w ...
dword_42646C dd ? ; DATA XREF: sub_403FD6�r
; StartAddress:loc_4051E2�w ...
dword_426470 dd ? ; DATA XREF: sub_406357:loc_4065A7�w
dword_426474 dd ? ; DATA XREF: sub_401610:loc_402835�w
; start:loc_403ECA�r
align 10h
dword_426480 dd ? ; DATA XREF: sub_403420+A6�r
; sub_403756+2BF�w ...
dword_426484 dd ? ; DATA XREF: sub_40463C+2CE�w
dword_426488 dd ? ; DATA XREF: sub_40410B+6B�w
; sub_405D79:loc_405D93�r
dword_42648C dd ? ; DATA XREF: start:loc_403D8D�w
; start:loc_403F74�r
dword_426490 dd ? ; DATA XREF: sub_401610+EA1�r start+2E�w ...
_data ends
; Section 4. (virtual address 00027000)
; Virtual size : 00008000 ( 32768.)
; Section size in file : 00000000 ( 0.)
; Offset to raw data for section: 00000000
; Flags C0000080: Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
_ndata segment para public 'BSS' use32
assume cs:_ndata
;org 427000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; char dword_427000[]
dword_427000 dd ? ; DATA XREF: sub_4013E7+67�o
; sub_401610+46�o ...
dd 13FFh dup(?)
; const CHAR byte_42C000
byte_42C000 db ? ; DATA XREF: sub_403A62+28�o
; start:loc_403B62�o ...
byte_42C001 db 3 dup(?) ; DATA XREF: start+B0�o
dd 0FFh dup(?)
; const CHAR byte_42C400
byte_42C400 db ? ; DATA XREF: sub_401610:loc_402E7F�o
; start+24B�o ...
align 4
dd 0FFh dup(?)
; char CurrentDirectory[]
CurrentDirectory db 400h dup(?) ; DATA XREF: sub_401610+271�o
; sub_401610:loc_401B43�o ...
; char szStart[]
szStart db 400h dup(?) ; DATA XREF: sub_403756+1C�o
; CHAR byte_42D000
byte_42D000 db ? ; DATA XREF: sub_40410B�r
; sub_40410B+10�o
align 4
dd 0FFh dup(?)
; char szCurrent[]
szCurrent db 400h dup(?) ; DATA XREF: sub_403756+1F0�o
; sub_403A62+1�o ...
; char dword_42D800[]
dword_42D800 dd 200h dup(?) ; DATA XREF: sub_403A96+31�o
; char dword_42E000[]
dword_42E000 dd 400h dup(?) ; DATA XREF: sub_405597+291�o
_ndata ends
end start